From ad3a9fe2728cd5784ef8460185dcf125b1aa4633cfa6ecfe8dc52cc9235f63fd Mon Sep 17 00:00:00 2001
From: Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
Date: Wed, 31 Jul 2024 08:35:10 +0000
Subject: [PATCH 1/2] - Update to 8.9.1:   * Security fixes:     - curl: ASN.1
 date parser overread [bsc#1228535, CVE-2024-7264]   * Bugfixes:     - cmake:
 detect 'libssh' via 'pkg-config'     - cmake: detect 'nettle' when building
 with GnuTLS     - connect: fix connection shutdown for event based processing
     - curl: more defensive socket code for --ip-tos     -
 CURLOPT_SSL_CTX_FUNCTION.md: mention CA caching     - CURLSHOPT_SHARE.md:
 mention sessions/cookies as not thread-safe     - ftpserver.pl: make POP3
 LIST serve content from the test file     - lib: survive some NULL input args
     - os400: build cli manual.     - os400: workaround an IBM ASCII run-time
 library bug     - transfer: speed limiting fix for 32bit systems     - vtls:
 avoid forward declaration in MultiSSL builds     - x509asn1: unittests and
 fixes for gtime2str

OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=373
---
 curl-8.9.0.tar.xz     |  3 ---
 curl-8.9.0.tar.xz.asc | 11 -----------
 curl-8.9.1.tar.xz     |  3 +++
 curl-8.9.1.tar.xz.asc | 11 +++++++++++
 curl.changes          | 21 +++++++++++++++++++++
 curl.spec             |  2 +-
 6 files changed, 36 insertions(+), 15 deletions(-)
 delete mode 100644 curl-8.9.0.tar.xz
 delete mode 100644 curl-8.9.0.tar.xz.asc
 create mode 100644 curl-8.9.1.tar.xz
 create mode 100644 curl-8.9.1.tar.xz.asc

diff --git a/curl-8.9.0.tar.xz b/curl-8.9.0.tar.xz
deleted file mode 100644
index 2622342..0000000
--- a/curl-8.9.0.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:ff09b2791ca56d25fd5c3f3a4927dce7c8a9dc4182200c487ca889fba1fdd412
-size 2781828
diff --git a/curl-8.9.0.tar.xz.asc b/curl-8.9.0.tar.xz.asc
deleted file mode 100644
index 285ddbe..0000000
--- a/curl-8.9.0.tar.xz.asc
+++ /dev/null
@@ -1,11 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmagncYACgkQXMkI/bce
-EsIf4wf/RVl/4hrfHsntyMCoM/SnY/PZlWommcAnfmSff0OAKV6OvtINkPUAyBdg
-T1PGwkbPOLHB93NBFOm7bjSixbNgRL58gR3Rh+kvMKzx7G2Ug/gpWH3c8JHvwsHw
-S4TCjuVGYsAWDn9/3y3qQNypmUMV8tIWslXoya5F9GtrnJEFItQ1efPPIra9nTtx
-9XRrmB2/EUvPsdKmkztNP8NYaEyYDVPst+1HUv8+UdK5GL1wG8rAp2vPiofvHRDe
-l9AiGu+d9U+UuqO8vNhqc46ii+h4Uj8Sk51mNf88TKAhEdKvPUMEaaySQzu23CKr
-TCyqjvRyY12mEGT0bOX2xIsf0C665g==
-=GGbI
------END PGP SIGNATURE-----
diff --git a/curl-8.9.1.tar.xz b/curl-8.9.1.tar.xz
new file mode 100644
index 0000000..807d384
--- /dev/null
+++ b/curl-8.9.1.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:f292f6cc051d5bbabf725ef85d432dfeacc8711dd717ea97612ae590643801e5
+size 2782364
diff --git a/curl-8.9.1.tar.xz.asc b/curl-8.9.1.tar.xz.asc
new file mode 100644
index 0000000..bda8785
--- /dev/null
+++ b/curl-8.9.1.tar.xz.asc
@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmap30kACgkQXMkI/bce
+EsKX+wf/brccw5rGTAbmjj7WGBfbAmwrSsDexTXRiEBXT/+qhkWIplN6wdtsZ86I
+tUraaapoyvRKLa3Wxlv9fSF/xXji+5lhO/W9pfWxwZNeSZFiOgKcK/Li4Fx0c7t4
+WpxkAbRvbJreA40BR32qSgnNNjKU5QX/ivf67B1EFL71kgsCW/QczB6mcuxszlkN
+ro39Jb8hDtnAD3hHXrTEaW3lOEgf/Jo/a1Zii3+W3OkW+uZHwzUoqe+HLGHYM2vW
+Q3hBVQaEWmNIwArA73s/kOiFATLthUTvSJO56ebLQJFHJf61cwqSsg2o07i5SqEc
+QlKzV/h7ydbBWdHiSTpCMxue7tLUZw==
+=EiUG
+-----END PGP SIGNATURE-----
diff --git a/curl.changes b/curl.changes
index 26e4362..a7cb73b 100644
--- a/curl.changes
+++ b/curl.changes
@@ -1,3 +1,24 @@
+-------------------------------------------------------------------
+Wed Jul 31 08:20:44 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
+
+- Update to 8.9.1:
+  * Security fixes:
+    - curl: ASN.1 date parser overread [bsc#1228535, CVE-2024-7264]
+  * Bugfixes:
+    - cmake: detect 'libssh' via 'pkg-config'
+    - cmake: detect 'nettle' when building with GnuTLS
+    - connect: fix connection shutdown for event based processing
+    - curl: more defensive socket code for --ip-tos
+    - CURLOPT_SSL_CTX_FUNCTION.md: mention CA caching
+    - CURLSHOPT_SHARE.md: mention sessions/cookies as not thread-safe
+    - ftpserver.pl: make POP3 LIST serve content from the test file
+    - lib: survive some NULL input args
+    - os400: build cli manual.
+    - os400: workaround an IBM ASCII run-time library bug
+    - transfer: speed limiting fix for 32bit systems
+    - vtls: avoid forward declaration in MultiSSL builds
+    - x509asn1: unittests and fixes for gtime2str
+
 -------------------------------------------------------------------
 Wed Jul 24 07:07:57 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
 
diff --git a/curl.spec b/curl.spec
index 2334e3b..53c6dd8 100644
--- a/curl.spec
+++ b/curl.spec
@@ -29,7 +29,7 @@
 %endif
 
 Name:           curl%{?psuffix}
-Version:        8.9.0
+Version:        8.9.1
 Release:        0
 Summary:        A Tool for Transferring Data from URLs
 License:        curl

From 3016d19102ab5a4ad172a09c220a108d022939670c4ff511e0408e618e7a714b Mon Sep 17 00:00:00 2001
From: Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
Date: Mon, 12 Aug 2024 06:51:32 +0000
Subject: [PATCH 2/2] - Fix regression introduced in version 8.9.1:   *
 sigpipe: init the struct so that first apply ignores   * Add
 curl-sigpipe.patch

OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=374
---
 curl-sigpipe.patch | 32 ++++++++++++++++++++++++++++++++
 curl.changes       |  7 +++++++
 curl.spec          |  2 ++
 3 files changed, 41 insertions(+)
 create mode 100644 curl-sigpipe.patch

diff --git a/curl-sigpipe.patch b/curl-sigpipe.patch
new file mode 100644
index 0000000..ba0187a
--- /dev/null
+++ b/curl-sigpipe.patch
@@ -0,0 +1,32 @@
+From 3eec5afbd0b6377eca893c392569b2faf094d970 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Mon, 5 Aug 2024 00:17:17 +0200
+Subject: [PATCH] sigpipe: init the struct so that first apply ignores
+
+Initializes 'no_signal' to TRUE, so that a call to sigpipe_apply() after
+init ignores the signal (unless CURLOPT_NOSIGNAL) is set.
+
+I have read the existing code multiple times now and I think it gets the
+initial state reversed this missing to ignore.
+
+Regression from 17e6f06ea37136c36d27
+
+Reported-by: Rasmus Thomsen
+Fixes #14344
+Closes #14390
+---
+ lib/sigpipe.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/lib/sigpipe.h b/lib/sigpipe.h
+index b91a2f51333956..d78afd905d3414 100644
+--- a/lib/sigpipe.h
++++ b/lib/sigpipe.h
+@@ -39,6 +39,7 @@ struct sigpipe_ignore {
+ static void sigpipe_init(struct sigpipe_ignore *ig)
+ {
+   memset(ig, 0, sizeof(*ig));
++  ig->no_signal = TRUE;
+ }
+ 
+ /*
diff --git a/curl.changes b/curl.changes
index a7cb73b..036d04b 100644
--- a/curl.changes
+++ b/curl.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Mon Aug 12 08:41:26 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
+
+- Fix regression introduced in version 8.9.1:
+  * sigpipe: init the struct so that first apply ignores
+  * Add curl-sigpipe.patch
+
 -------------------------------------------------------------------
 Wed Jul 31 08:20:44 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
 
diff --git a/curl.spec b/curl.spec
index 53c6dd8..5ad327d 100644
--- a/curl.spec
+++ b/curl.spec
@@ -43,6 +43,8 @@ Patch1:         dont-mess-with-rpmoptflags.patch
 Patch2:         curl-secure-getenv.patch
 #PATCH-FIX-OPENSUSE bsc#1076446 protocol redirection not supported or disabled
 Patch3:         curl-disabled-redirect-protocol-message.patch
+#PATCH-FIX-UPSTREAM sigpipe: init the struct so that first apply ignores
+Patch4:         curl-sigpipe.patch
 BuildRequires:  groff
 BuildRequires:  libtool
 BuildRequires:  pkgconfig