From f76bbcb5328ea3a1c1df98849e055506c44f8d1c0ea1e19762a4d088d2f1f423 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ismail=20D=C3=B6nmez?= Date: Thu, 10 Apr 2014 09:06:38 +0000 Subject: [PATCH 1/2] Accepting request 229525 from home:vitezslav_cizek:branches:devel:libraries:c_c++ - update to 7.36 * fixes CVE-2014-0138 (bnc#868627) and CVE-2014-0139 (bnc#868629) * NEW FEATURES: ntlm: Added support for NTLMv2 tool: Added support for URL specific options openssl: add ALPN support gtls: add ALPN support nss: add ALPN and NPN support added CURLOPT_EXPECT_100_TIMEOUT_MS tool: add --no-alpn and --no-npn added CURLOPT_SSL_ENABLE_NPN and CURLOPT_SSL_ENABLE_ALPN http2: build with current nghttp2 version openssl: info message with SSL version used * dropped curl-test172_cookie_expiration.patch (upstream) * added patches to make it build: - curl-mkhelp.patch - curl-test815.patch OBS-URL: https://build.opensuse.org/request/show/229525 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=106 --- curl-7.35.0.tar.lzma | 3 -- curl-7.35.0.tar.lzma.asc | 7 ----- curl-7.36.0.tar.lzma | 3 ++ curl-7.36.0.tar.lzma.asc | 7 +++++ curl-mkhelp.patch | 34 ++++++++++++++++++++++ curl-test172_cookie_expiration.patch | 13 --------- curl-test815.patch | 43 ++++++++++++++++++++++++++++ curl.changes | 21 ++++++++++++++ curl.spec | 14 +++++++-- 9 files changed, 120 insertions(+), 25 deletions(-) delete mode 100644 curl-7.35.0.tar.lzma delete mode 100644 curl-7.35.0.tar.lzma.asc create mode 100644 curl-7.36.0.tar.lzma create mode 100644 curl-7.36.0.tar.lzma.asc create mode 100644 curl-mkhelp.patch delete mode 100644 curl-test172_cookie_expiration.patch create mode 100644 curl-test815.patch diff --git a/curl-7.35.0.tar.lzma b/curl-7.35.0.tar.lzma deleted file mode 100644 index 3a6be0b..0000000 --- a/curl-7.35.0.tar.lzma +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:6929640f1e22901cbc853c67c78f25d9e7be0934771a3c3b3582846520678593 -size 2271674 diff --git a/curl-7.35.0.tar.lzma.asc b/curl-7.35.0.tar.lzma.asc deleted file mode 100644 index 8b8bda6..0000000 --- a/curl-7.35.0.tar.lzma.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1 - -iEYEABECAAYFAlLoqVAACgkQeOEcayedXJHXgACfXucGEK+4gBtUjRNJlPdBThPs -lQkAoJRfmKWAlAvMtBuXofIEog9D2y9z -=Wgsv ------END PGP SIGNATURE----- diff --git a/curl-7.36.0.tar.lzma b/curl-7.36.0.tar.lzma new file mode 100644 index 0000000..ba285b4 --- /dev/null +++ b/curl-7.36.0.tar.lzma @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:94126649f4f12d3332ca1185559ec5faca6929227e794387b7b82b73714b388a +size 2276862 diff --git a/curl-7.36.0.tar.lzma.asc b/curl-7.36.0.tar.lzma.asc new file mode 100644 index 0000000..b0dad61 --- /dev/null +++ b/curl-7.36.0.tar.lzma.asc @@ -0,0 +1,7 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iEYEABECAAYFAlMyeZEACgkQeOEcayedXJFTpACfaOmp5/t6thzl/LLM4L6/AO70 +i5oAoJLzbaqGU31OhelQxcyrRX2gDubB +=++7u +-----END PGP SIGNATURE----- diff --git a/curl-mkhelp.patch b/curl-mkhelp.patch new file mode 100644 index 0000000..f291c26 --- /dev/null +++ b/curl-mkhelp.patch @@ -0,0 +1,34 @@ +From 38d582ff541353d738858299d4a2b78bafac03ed Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Wed, 26 Mar 2014 13:22:10 +0100 +Subject: [PATCH] mkhelp: generate code for --disable-manual as well + +This allows configure --disable-manual to run and build without having +to regenerate the src/tool_hugehelp.c file which otherwise is necessary +since we ship tarballs with that file present. + +Reported-by: Remi Gacogne +Bug: http://curl.haxx.se/bug/view.cgi?id=1350 +--- + src/mkhelp.pl | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/src/mkhelp.pl b/src/mkhelp.pl +index 444b669..7ed86f7 100644 +--- a/src/mkhelp.pl ++++ b/src/mkhelp.pl +@@ -256,6 +256,10 @@ + + sub foot { + print < - - diff --git a/curl-test815.patch b/curl-test815.patch new file mode 100644 index 0000000..2ad96b8 --- /dev/null +++ b/curl-test815.patch @@ -0,0 +1,43 @@ +From f82e0edc171b33528bc4f59036505d98ecf1d816 Mon Sep 17 00:00:00 2001 +From: Dan Fandrich +Date: Wed, 26 Mar 2014 22:02:31 +0100 +Subject: [PATCH] test815/816: Use authentication for both URLs + +The improved connection reuse logic would otherwise create a new +connection for each one, which isn't supported by the test +server, nor expected by the test. +--- + tests/data/test815 | 2 +- + tests/data/test816 | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/tests/data/test815 b/tests/data/test815 +index c006c6d..5c5ef79 100644 +--- a/tests/data/test815 ++++ b/tests/data/test815 +@@ -26,7 +26,7 @@ imap + IMAP STORE - delete message (CUSTOMREQUEST) + + +-imap://%HOSTIP:%IMAPPORT/815 -X 'STORE 123 +Flags \Deleted' -u user:secret -: imap://%HOSTIP:%IMAPPORT/815 -X CLOSE ++imap://%HOSTIP:%IMAPPORT/815 -X 'STORE 123 +Flags \Deleted' -u user:secret -: imap://%HOSTIP:%IMAPPORT/815 -X CLOSE -u user:secret + + + +diff --git a/tests/data/test816 b/tests/data/test816 +index 386f877..b8b1a9d 100644 +--- a/tests/data/test816 ++++ b/tests/data/test816 +@@ -29,7 +29,7 @@ imap + IMAP STORE - delete message with confirmation (CUSTOMREQUEST) + + +-imap://%HOSTIP:%IMAPPORT/816 -X 'STORE 123 +Flags \Deleted' -u user:secret -: imap://%HOSTIP:%IMAPPORT/816 -X EXPUNGE ++imap://%HOSTIP:%IMAPPORT/816 -X 'STORE 123 +Flags \Deleted' -u user:secret -: imap://%HOSTIP:%IMAPPORT/816 -X EXPUNGE -u user:secret + + + +-- +1.9.1 + + diff --git a/curl.changes b/curl.changes index d398d0c..73c1ec4 100644 --- a/curl.changes +++ b/curl.changes @@ -1,3 +1,24 @@ +------------------------------------------------------------------- +Wed Apr 9 11:40:19 UTC 2014 - vcizek@suse.com + +- update to 7.36 + * fixes CVE-2014-0138 (bnc#868627) and CVE-2014-0139 (bnc#868629) + * NEW FEATURES: + ntlm: Added support for NTLMv2 + tool: Added support for URL specific options + openssl: add ALPN support + gtls: add ALPN support + nss: add ALPN and NPN support + added CURLOPT_EXPECT_100_TIMEOUT_MS + tool: add --no-alpn and --no-npn + added CURLOPT_SSL_ENABLE_NPN and CURLOPT_SSL_ENABLE_ALPN + http2: build with current nghttp2 version + openssl: info message with SSL version used + * dropped curl-test172_cookie_expiration.patch (upstream) + * added patches to make it build: + - curl-mkhelp.patch + - curl-test815.patch + ------------------------------------------------------------------- Thu Mar 13 13:53:08 CET 2014 - kukuk@suse.de diff --git a/curl.spec b/curl.spec index c1aacc1..13b26a1 100644 --- a/curl.spec +++ b/curl.spec @@ -21,7 +21,7 @@ %bcond_without testsuite Name: curl -Version: 7.35.0 +Version: 7.36.0 Release: 0 Summary: A Tool for Transferring Data from URLs License: BSD-3-Clause and MIT @@ -34,7 +34,8 @@ Source4: %{name}.keyring Patch: libcurl-ocloexec.patch Patch1: dont-mess-with-rpmoptflags.diff Patch3: curl-secure-getenv.patch -Patch4: curl-test172_cookie_expiration.patch +Patch4: curl-mkhelp.patch +Patch5: curl-test815.patch # Use rpmbuild -D 'VERIFY_SIG 1' to verify signature during build or run one-shot check by "gpg-offline --verify --package=curl curl-*.asc". %if 0%{?VERIFY_SIG} BuildRequires: gpg-offline @@ -63,6 +64,9 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-build %ifarch ppc64 Obsoletes: curl-64bit %endif +BuildRequires: procps +BuildRequires: strace +BuildRequires: vim %description Curl is a client to get documents and files from or send documents to a @@ -102,6 +106,12 @@ user interaction or any kind of interactivity. %patch1 %patch3 %patch4 -p1 +%patch5 -p1 +# temporary workaround to fix build of 7.36.0 +# http://curl.haxx.se/mail/tracker-2014-03/0083.html +# removes tool_hugehelp.c to regenerate it later +rm src/tool_hugehelp.c + %build # curl complains if macro definition is contained in CFLAGS # see m4/xc-val-flgs.m4 From 72b5dc06cb05ae42c7192767409e08d344edc1442ec47f11326d9210f5be23ec Mon Sep 17 00:00:00 2001 From: Stefan Seyfried Date: Sat, 12 Apr 2014 21:38:35 +0000 Subject: [PATCH 2/2] Accepting request 229687 from home:vitezslav_cizek:branches:devel:libraries:c_c++ - remove the useless BuildRequires that were meant for debugging only OBS-URL: https://build.opensuse.org/request/show/229687 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=107 --- curl.changes | 5 +++++ curl.spec | 3 --- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/curl.changes b/curl.changes index 73c1ec4..1ffa40a 100644 --- a/curl.changes +++ b/curl.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Fri Apr 11 06:51:54 UTC 2014 - vcizek@suse.com + +- remove the useless BuildRequires that were meant for debugging only + ------------------------------------------------------------------- Wed Apr 9 11:40:19 UTC 2014 - vcizek@suse.com diff --git a/curl.spec b/curl.spec index 13b26a1..232972f 100644 --- a/curl.spec +++ b/curl.spec @@ -64,9 +64,6 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-build %ifarch ppc64 Obsoletes: curl-64bit %endif -BuildRequires: procps -BuildRequires: strace -BuildRequires: vim %description Curl is a client to get documents and files from or send documents to a