From 0ed9a14f11b424dfa526e59b2d66f737704bc7eae7826a34dc09de5153122434 Mon Sep 17 00:00:00 2001
From: Sascha Peilicke <null@suse.de>
Date: Wed, 5 Feb 2014 08:50:22 +0000
Subject: [PATCH] Accepting request 220853 from
 home:vitezslav_cizek:branches:devel:libraries:c_c++

- update to 7.35.0
  * security fix:
    CVE-2014-0015: re-use of wrong HTTP NTLM connection (bnc#858673)
  * changes:
    imap/pop3/smtp: Added support for SASL authentication downgrades
    imap/pop3/smtp: Extended the login options to support multiple auth mechanisms
    TheArtOfHttpScripting: major update, converted layout and more
    mprintf: Added support for I, I32 and I64 size specifiers
    makefile: Added support for VC7, VC11 and VC12
    SSL: protocol version can be specified more precisely
    imap/pop3/smtp: Added graceful cancellation of SASL authentication
    Add "Happy Eyeballs" for IPv4/IPv6 dual connect attempts
    base64: Added validation of base64 input strings when decoding
    curl_easy_setopt: Added the ability to set the login options separately
    smtp: Added support for additional SMTP commands
    curl_easy_getinfo: Added CURLINFO_TLS_SESSION for accessing TLS internals
    nss: allow to use TLS > 1.0 if built against recent NSS
    SECURITY: added this document to describe our security processes
    parseconfig: warn if unquoted white spaces are detected
 * and many bugfixes
- fix test failure because of an expired cookie (bnc#862144)
  * added curl-test172_cookie_expiration.patch
- refresh libcurl-ocloexec.patch

OBS-URL: https://build.opensuse.org/request/show/220853
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=102
---
 curl-7.33.0.tar.lzma                 |  3 -
 curl-7.33.0.tar.lzma.asc             |  7 ---
 curl-7.35.0.tar.lzma                 |  3 +
 curl-7.35.0.tar.lzma.asc             |  7 +++
 curl-test172_cookie_expiration.patch | 13 ++++
 curl.changes                         | 27 +++++++++
 curl.spec                            |  6 +-
 libcurl-ocloexec.patch               | 88 +++++++++++++---------------
 8 files changed, 96 insertions(+), 58 deletions(-)
 delete mode 100644 curl-7.33.0.tar.lzma
 delete mode 100644 curl-7.33.0.tar.lzma.asc
 create mode 100644 curl-7.35.0.tar.lzma
 create mode 100644 curl-7.35.0.tar.lzma.asc
 create mode 100644 curl-test172_cookie_expiration.patch

diff --git a/curl-7.33.0.tar.lzma b/curl-7.33.0.tar.lzma
deleted file mode 100644
index d78b5de..0000000
--- a/curl-7.33.0.tar.lzma
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:17eaa3503d84b1aebc2fbf25b9649246f5cbd7c859a497c2aa42f04d0f83a046
-size 2244539
diff --git a/curl-7.33.0.tar.lzma.asc b/curl-7.33.0.tar.lzma.asc
deleted file mode 100644
index 8e0a8a8..0000000
--- a/curl-7.33.0.tar.lzma.asc
+++ /dev/null
@@ -1,7 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.15 (GNU/Linux)
-
-iEYEABECAAYFAlJcAyIACgkQeOEcayedXJGmzgCgiGvAZ1jUvbBw/ywZSday3J9j
-KucAn2xv4XLijiR4cDH6z8bnN0zH+lpk
-=o6A/
------END PGP SIGNATURE-----
diff --git a/curl-7.35.0.tar.lzma b/curl-7.35.0.tar.lzma
new file mode 100644
index 0000000..3a6be0b
--- /dev/null
+++ b/curl-7.35.0.tar.lzma
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:6929640f1e22901cbc853c67c78f25d9e7be0934771a3c3b3582846520678593
+size 2271674
diff --git a/curl-7.35.0.tar.lzma.asc b/curl-7.35.0.tar.lzma.asc
new file mode 100644
index 0000000..8b8bda6
--- /dev/null
+++ b/curl-7.35.0.tar.lzma.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1
+
+iEYEABECAAYFAlLoqVAACgkQeOEcayedXJHXgACfXucGEK+4gBtUjRNJlPdBThPs
+lQkAoJRfmKWAlAvMtBuXofIEog9D2y9z
+=Wgsv
+-----END PGP SIGNATURE-----
diff --git a/curl-test172_cookie_expiration.patch b/curl-test172_cookie_expiration.patch
new file mode 100644
index 0000000..9135cc9
--- /dev/null
+++ b/curl-test172_cookie_expiration.patch
@@ -0,0 +1,13 @@
+Index: curl-7.19.7/tests/data/test172
+===================================================================
+--- curl-7.19.7.orig/tests/data/test172	2008-11-19 22:12:35.000000000 +0100
++++ curl-7.19.7/tests/data/test172	2014-02-04 15:05:46.817554144 +0100
+@@ -36,7 +36,7 @@ http://%HOSTIP:%HTTPPORT/we/want/172 -b
+ 
+ .%HOSTIP	TRUE	/silly/	FALSE	0	ismatch	this
+ .%HOSTIP	TRUE	/	FALSE	0	partmatch	present
+-%HOSTIP	FALSE	/we/want/	FALSE	1391252187	nodomain	value
++%HOSTIP	FALSE	/we/want/	FALSE	2139150993	nodomain	value
+ </file>
+ </client>
+ 
diff --git a/curl.changes b/curl.changes
index a3fff19..2d21556 100644
--- a/curl.changes
+++ b/curl.changes
@@ -1,3 +1,30 @@
+-------------------------------------------------------------------
+Tue Feb  4 15:17:18 UTC 2014 - vcizek@suse.com
+
+- update to 7.35.0
+  * security fix:
+    CVE-2014-0015: re-use of wrong HTTP NTLM connection (bnc#858673)
+  * changes:
+    imap/pop3/smtp: Added support for SASL authentication downgrades
+    imap/pop3/smtp: Extended the login options to support multiple auth mechanisms
+    TheArtOfHttpScripting: major update, converted layout and more
+    mprintf: Added support for I, I32 and I64 size specifiers
+    makefile: Added support for VC7, VC11 and VC12
+    SSL: protocol version can be specified more precisely
+    imap/pop3/smtp: Added graceful cancellation of SASL authentication
+    Add "Happy Eyeballs" for IPv4/IPv6 dual connect attempts
+    base64: Added validation of base64 input strings when decoding
+    curl_easy_setopt: Added the ability to set the login options separately
+    smtp: Added support for additional SMTP commands
+    curl_easy_getinfo: Added CURLINFO_TLS_SESSION for accessing TLS internals
+    nss: allow to use TLS > 1.0 if built against recent NSS
+    SECURITY: added this document to describe our security processes
+    parseconfig: warn if unquoted white spaces are detected
+ * and many bugfixes
+- fix test failure because of an expired cookie (bnc#862144)
+  * added curl-test172_cookie_expiration.patch
+- refresh libcurl-ocloexec.patch
+
 -------------------------------------------------------------------
 Fri Nov 29 15:30:23 UTC 2013 - vcizek@suse.com
 
diff --git a/curl.spec b/curl.spec
index cfc5113..5d773b8 100644
--- a/curl.spec
+++ b/curl.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package curl
 #
-# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -21,7 +21,7 @@
 %bcond_without testsuite
 
 Name:           curl
-Version:        7.33.0
+Version:        7.35.0
 Release:        0
 Summary:        A Tool for Transferring Data from URLs
 License:        BSD-3-Clause and MIT
@@ -34,6 +34,7 @@ Source4:        %{name}.keyring
 Patch:          libcurl-ocloexec.patch
 Patch1:         dont-mess-with-rpmoptflags.diff
 Patch3:         curl-secure-getenv.patch
+Patch4:         curl-test172_cookie_expiration.patch
 # Use rpmbuild -D 'VERIFY_SIG 1' to verify signature during build or run one-shot check by "gpg-offline --verify --package=curl curl-*.asc".
 %if 0%{?VERIFY_SIG}
 BuildRequires:  gpg-offline
@@ -100,6 +101,7 @@ user interaction or any kind of interactivity.
 %patch
 %patch1
 %patch3
+%patch4 -p1
 %build
 # curl complains if macro definition is contained in CFLAGS
 # see m4/xc-val-flgs.m4
diff --git a/libcurl-ocloexec.patch b/libcurl-ocloexec.patch
index 5fd082f..da5e0ba 100644
--- a/libcurl-ocloexec.patch
+++ b/libcurl-ocloexec.patch
@@ -7,9 +7,11 @@ To make it portable you have to test O_CLOEXEC support at *runtime*
 compile time is not enough.
 
 
---- lib/cookie.c.orig
-+++ lib/cookie.c
-@@ -841,7 +841,7 @@ struct CookieInfo *Curl_cookie_init(stru
+Index: lib/cookie.c
+===================================================================
+--- lib/cookie.c.orig	2014-02-04 16:25:31.256657224 +0100
++++ lib/cookie.c	2014-02-04 16:25:32.638671791 +0100
+@@ -882,7 +882,7 @@ struct CookieInfo *Curl_cookie_init(stru
      fp = NULL;
    }
    else
@@ -18,7 +20,7 @@ compile time is not enough.
  
    c->newsession = newsession; /* new session? */
  
-@@ -1179,7 +1179,7 @@ static int cookie_output(struct CookieIn
+@@ -1226,7 +1226,7 @@ static int cookie_output(struct CookieIn
      use_stdout=TRUE;
    }
    else {
@@ -27,9 +29,11 @@ compile time is not enough.
      if(!out)
        return 1; /* failure */
    }
---- lib/file.c.orig
-+++ lib/file.c
-@@ -243,7 +243,7 @@ static CURLcode file_connect(struct conn
+Index: lib/file.c
+===================================================================
+--- lib/file.c.orig	2014-02-04 16:25:31.257657234 +0100
++++ lib/file.c	2014-02-04 16:25:32.638671791 +0100
+@@ -232,7 +232,7 @@ static CURLcode file_connect(struct conn
    fd = open_readonly(actual_path, O_RDONLY|O_BINARY);
    file->path = actual_path;
  #else
@@ -38,7 +42,7 @@ compile time is not enough.
    file->path = real_path;
  #endif
    file->freepath = real_path; /* free this when done */
-@@ -341,7 +341,7 @@ static CURLcode file_upload(struct conne
+@@ -330,7 +330,7 @@ static CURLcode file_upload(struct conne
    else
      mode = MODE_DEFAULT|O_TRUNC;
  
@@ -47,8 +51,10 @@ compile time is not enough.
    if(fd < 0) {
      failf(data, "Can't open %s for writing", file->path);
      return CURLE_WRITE_ERROR;
---- lib/formdata.c.orig
-+++ lib/formdata.c
+Index: lib/formdata.c
+===================================================================
+--- lib/formdata.c.orig	2014-02-04 16:25:31.257657234 +0100
++++ lib/formdata.c	2014-02-04 16:25:32.639671801 +0100
 @@ -1297,7 +1297,7 @@ CURLcode Curl_getformdata(struct Session
          FILE *fileread;
  
@@ -67,8 +73,10 @@ compile time is not enough.
        if(!form->fp)
          return (size_t)-1; /* failure */
      }
---- lib/hostip6.c.orig
-+++ lib/hostip6.c
+Index: lib/hostip6.c
+===================================================================
+--- lib/hostip6.c.orig	2014-02-04 16:25:31.277657445 +0100
++++ lib/hostip6.c	2014-02-04 16:25:32.639671801 +0100
 @@ -39,7 +39,7 @@
  #ifdef HAVE_PROCESS_H
  #include <process.h>
@@ -87,8 +95,10 @@ compile time is not enough.
      if(s == CURL_SOCKET_BAD)
        /* an ipv6 address was requested but we can't get/use one */
        ipv6_works = 0;
---- lib/if2ip.c.orig
-+++ lib/if2ip.c
+Index: lib/if2ip.c
+===================================================================
+--- lib/if2ip.c.orig	2014-02-04 16:25:31.277657445 +0100
++++ lib/if2ip.c	2014-02-04 16:25:32.639671801 +0100
 @@ -171,7 +171,7 @@ if2ip_result_t Curl_if2ip(int af, unsign
    if(len >= sizeof(req.ifr_name))
      return IF2IP_NOT_FOUND;
@@ -98,40 +108,24 @@ compile time is not enough.
    if(CURL_SOCKET_BAD == dummy)
      return IF2IP_NOT_FOUND;
  
---- lib/netrc.c.orig
-+++ lib/netrc.c
-@@ -97,7 +97,7 @@ int Curl_parsenetrc(const char *host,
+Index: lib/netrc.c
+===================================================================
+--- lib/netrc.c.orig	2014-02-04 16:25:32.639671801 +0100
++++ lib/netrc.c	2014-02-04 16:26:01.737978525 +0100
+@@ -99,7 +99,7 @@ int Curl_parsenetrc(const char *host,
      netrc_alloc = TRUE;
    }
  
 -  file = fopen(netrcfile, "r");
 +  file = fopen(netrcfile, "re");
+   if(netrc_alloc)
+     Curl_safefree(netrcfile);
    if(file) {
-     char *tok;
-     char *tok_buf;
---- lib/ssluse.c.orig
-+++ lib/ssluse.c
-@@ -420,7 +420,7 @@ int cert_stuff(struct connectdata *conn,
-       STACK_OF(X509) *ca = NULL;
-       int i;
- 
--      f = fopen(cert_file,"rb");
-+      f = fopen(cert_file,"rbe");
-       if(!f) {
-         failf(data, "could not open PKCS12 file '%s'", cert_file);
-         return 0;
-@@ -2168,7 +2168,7 @@ static CURLcode servercert(struct connec
- 
-     /* e.g. match issuer name with provided issuer certificate */
-     if(data->set.str[STRING_SSL_ISSUERCERT]) {
--      fp=fopen(data->set.str[STRING_SSL_ISSUERCERT],"r");
-+      fp=fopen(data->set.str[STRING_SSL_ISSUERCERT],"re");
-       if(!fp) {
-         if(strict)
-           failf(data, "SSL: Unable to open issuer cert (%s)",
---- lib/connect.c.orig
-+++ lib/connect.c
-@@ -1313,7 +1313,7 @@ CURLcode Curl_socket(struct connectdata
+Index: lib/connect.c
+===================================================================
+--- lib/connect.c.orig	2014-02-04 16:25:31.277657445 +0100
++++ lib/connect.c	2014-02-04 16:25:32.761673087 +0100
+@@ -1298,7 +1298,7 @@ CURLcode Curl_socket(struct connectdata
                                      (struct curl_sockaddr *)addr);
    else
      /* opensocket callback not set, so simply create the socket now */
@@ -140,9 +134,11 @@ compile time is not enough.
  
    if(*sockfd == CURL_SOCKET_BAD)
      /* no socket, no connection */
---- configure.ac.orig
-+++ configure.ac
-@@ -183,6 +183,7 @@ AC_CANONICAL_HOST
+Index: configure.ac
+===================================================================
+--- configure.ac.orig	2014-02-04 16:25:31.278657455 +0100
++++ configure.ac	2014-02-04 16:25:32.762673098 +0100
+@@ -182,6 +182,7 @@ AC_CANONICAL_HOST
  dnl Get system canonical name
  AC_DEFINE_UNQUOTED(OS, "${host}", [cpu-machine-OS])
  
@@ -150,7 +146,7 @@ compile time is not enough.
  dnl Checks for programs.
  
  dnl Our curl_off_t internal and external configure settings
-@@ -195,6 +196,7 @@ dnl Our configure and build reentrant se
+@@ -194,6 +195,7 @@ dnl Our configure and build reentrant se
  CURL_CONFIGURE_THREAD_SAFE
  CURL_CONFIGURE_REENTRANT