From 5e99168233b390feda347d74f327cf23f87d849f814d5f55111495c316b669be Mon Sep 17 00:00:00 2001 From: Pedro Monreal Gonzalez Date: Thu, 4 Feb 2021 14:43:03 +0000 Subject: [PATCH 1/2] Accepting request 869220 from home:pmonrealgonzalez:branches:devel:libraries:c_c++ MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Update to 7.75.0 * Changes: - curl: add --create-file-mode [mode] - curl: add new variables to --write-out - dns: extend CURLOPT_RESOLVE syntax for adding non-permanent entries - gopher: implement secure gopher protocol - http: add Hyper as new optional HTTP backend - http: introduce AWS HTTP v4 Signature support * Bugfixes: - cmake: Add an option to disable libidn2 - cmake: enable gophers correctly in curl-config - cmake: expose CURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG - digest_sspi: Show InitializeSecurityContext errors in verbose mode - getinfo: build with disabled HTTP support - http: get CURLOPT_REQUEST_TARGET working with a HTTP proxy - http_proxy: Fix CONNECT chunked encoding race condition - httpauth: make multi-request auth work with custom port - lib: pass in 'struct Curl_easy *' to most functions - lib: remove Curl_ prefix from many static functions - lib: save a bit of space with some structure packing - libssh: avoid plain free() of libssh-memory - mime: make sure setting MIMEPOST to NULL resets properly - multi_runsingle: bail out early on data->conn == NULL - ngtcp2: Fix http3 upload stall - ngtcp2: Fix stack buffer overflow - openssl: lowercase the hostname before using it for SNI - socks: use the download buffer instead - speedcheck: exclude paused transfers - tooĺ_writeout: fix the -w time output units - url: if IDNA conversion fails, fallback to Transitional OBS-URL: https://build.opensuse.org/request/show/869220 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=291 --- curl-7.74.0.tar.xz | 3 --- curl-7.74.0.tar.xz.asc | 11 ---------- curl-7.75.0.tar.xz | 3 +++ curl-7.75.0.tar.xz.asc | 11 ++++++++++ curl.changes | 35 ++++++++++++++++++++++++++++++++ curl.spec | 4 ++-- libcurl-ocloexec.patch | 46 +++++++++++++++++++++--------------------- 7 files changed, 74 insertions(+), 39 deletions(-) delete mode 100644 curl-7.74.0.tar.xz delete mode 100644 curl-7.74.0.tar.xz.asc create mode 100644 curl-7.75.0.tar.xz create mode 100644 curl-7.75.0.tar.xz.asc diff --git a/curl-7.74.0.tar.xz b/curl-7.74.0.tar.xz deleted file mode 100644 index 2ffb1d6..0000000 --- a/curl-7.74.0.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:999d5f2c403cf6e25d58319fdd596611e455dd195208746bc6e6d197a77e878b -size 2400972 diff --git a/curl-7.74.0.tar.xz.asc b/curl-7.74.0.tar.xz.asc deleted file mode 100644 index 7f48ca4..0000000 --- a/curl-7.74.0.tar.xz.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAl/QcZ8ACgkQXMkI/bce -EsJYnggAs5MbJByXsUEI3LzdRvjb2s/dNS/+ubJ98GL+ed8uVsLmGxdF0fS9EPVX -+KoaYbaZwjZJH43+UyqtoFr4GQKhxxhcyZi3477s9Ws9x60yEA21oIggkQLF6X+E -OEymG0YmNUn/6vvWizCWZtE7TkoWAXEzPLyVbBzoFzfmgzxiQ9//usKCaDh/nCWA -kouxubBJbpdjk8KTnVf5HMP5PJKs9LeiVh9B2F+Rq1cEvzLrxNlDYptEgH/ml5Sd -WsWeWttngs2pnZu0pMQNGhdXp6XC5lteN21C1/3hy3KVFUnkqaA+1IHm39wBE73j -Bmnoi36d+Ub6ZT3Va84Dp/tWJ65Xig== -=9ka/ ------END PGP SIGNATURE----- diff --git a/curl-7.75.0.tar.xz b/curl-7.75.0.tar.xz new file mode 100644 index 0000000..f7f995d --- /dev/null +++ b/curl-7.75.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:fe0c49d8468249000bda75bcfdf9e30ff7e9a86d35f1a21f428d79c389d55675 +size 2418816 diff --git a/curl-7.75.0.tar.xz.asc b/curl-7.75.0.tar.xz.asc new file mode 100644 index 0000000..f9b82dd --- /dev/null +++ b/curl-7.75.0.tar.xz.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- + +iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmAaSxEACgkQXMkI/bce +EsI36QgAlx+oYuWiaMytv/Ixfcm2gTq+9Qu60KsmvccyKLOq7OxAmX+gz1PYOsUc +eqAwq8dg9Mo+cuk7zWpxRMg1qBgvZpv5oeAhy8VUeWD/HE0Z2RoxC3tw87uNn5uN +2g0FJEXGzDaQQdI0hh2Kb4uNqiKiBCsSfHX4J+eWDUoHwzoFestct8PAcAG8lOzt +0nGj6Is1Rba3SrlkCtRdzEkrjfNe5KKNjE9F0ybhL7TPKSZZvlustZgU5OgdjDHu +uJzFQDK5eyjeYu7tyJQOOwercjOQrmp0YYvYt6CdALUflU2RNvnS83+e/syAYEZ4 +FvnYlZyp8WCKxOikGwX2m/JEOATXSw== +=HFSu +-----END PGP SIGNATURE----- diff --git a/curl.changes b/curl.changes index abd98fb..c528f35 100644 --- a/curl.changes +++ b/curl.changes @@ -1,3 +1,38 @@ +------------------------------------------------------------------- +Thu Feb 4 11:20:22 UTC 2021 - Pedro Monreal + +- Update to 7.75.0 + * Changes: + - curl: add --create-file-mode [mode] + - curl: add new variables to --write-out + - dns: extend CURLOPT_RESOLVE syntax for adding non-permanent entries + - gopher: implement secure gopher protocol + - http: add Hyper as new optional HTTP backend + - http: introduce AWS HTTP v4 Signature support + * Bugfixes: + - cmake: Add an option to disable libidn2 + - cmake: enable gophers correctly in curl-config + - cmake: expose CURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG + - digest_sspi: Show InitializeSecurityContext errors in verbose mode + - getinfo: build with disabled HTTP support + - http: get CURLOPT_REQUEST_TARGET working with a HTTP proxy + - http_proxy: Fix CONNECT chunked encoding race condition + - httpauth: make multi-request auth work with custom port + - lib: pass in 'struct Curl_easy *' to most functions + - lib: remove Curl_ prefix from many static functions + - lib: save a bit of space with some structure packing + - libssh: avoid plain free() of libssh-memory + - mime: make sure setting MIMEPOST to NULL resets properly + - multi_runsingle: bail out early on data->conn == NULL + - ngtcp2: Fix http3 upload stall + - ngtcp2: Fix stack buffer overflow + - openssl: lowercase the hostname before using it for SNI + - socks: use the download buffer instead + - speedcheck: exclude paused transfers + - tooĺ_writeout: fix the -w time output units + - url: if IDNA conversion fails, fallback to Transitional +- Refresh libcurl-ocloexec.patch + ------------------------------------------------------------------- Fri Dec 18 20:04:33 UTC 2020 - Cristian Rodríguez diff --git a/curl.spec b/curl.spec index 468cdd5..8c43ac5 100644 --- a/curl.spec +++ b/curl.spec @@ -1,7 +1,7 @@ # # spec file for package curl # -# Copyright (c) 2020 SUSE LLC +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -21,7 +21,7 @@ # need ssl always for python-pycurl %bcond_without openssl Name: curl -Version: 7.74.0 +Version: 7.75.0 Release: 0 Summary: A Tool for Transferring Data from URLs License: curl diff --git a/libcurl-ocloexec.patch b/libcurl-ocloexec.patch index 38abe6e..a9155d3 100644 --- a/libcurl-ocloexec.patch +++ b/libcurl-ocloexec.patch @@ -7,11 +7,11 @@ To make it portable you have to test O_CLOEXEC support at *runtime* compile time is not enough. -Index: curl-7.69.0/lib/file.c +Index: curl-7.75.0/lib/file.c =================================================================== ---- curl-7.69.0.orig/lib/file.c -+++ curl-7.69.0/lib/file.c -@@ -192,7 +192,7 @@ static CURLcode file_connect(struct conn +--- curl-7.75.0.orig/lib/file.c ++++ curl-7.75.0/lib/file.c +@@ -193,7 +193,7 @@ static CURLcode file_connect(struct Curl return CURLE_URL_MALFORMAT; } @@ -20,19 +20,19 @@ Index: curl-7.69.0/lib/file.c file->path = real_path; #endif file->freepath = real_path; /* free this when done */ -@@ -285,7 +285,7 @@ static CURLcode file_upload(struct conne +@@ -277,7 +277,7 @@ static CURLcode file_upload(struct Curl_ else mode = MODE_DEFAULT|O_TRUNC; -- fd = open(file->path, mode, conn->data->set.new_file_perms); -+ fd = open(file->path, mode | O_CLOEXEC, conn->data->set.new_file_perms); +- fd = open(file->path, mode, data->set.new_file_perms); ++ fd = open(file->path, mode | O_CLOEXEC, data->set.new_file_perms); if(fd < 0) { failf(data, "Can't open %s for writing", file->path); return CURLE_WRITE_ERROR; -Index: curl-7.69.0/lib/hostip6.c +Index: curl-7.75.0/lib/hostip6.c =================================================================== ---- curl-7.69.0.orig/lib/hostip6.c -+++ curl-7.69.0/lib/hostip6.c +--- curl-7.75.0.orig/lib/hostip6.c ++++ curl-7.75.0/lib/hostip6.c @@ -44,7 +44,7 @@ #ifdef HAVE_PROCESS_H #include @@ -42,7 +42,7 @@ Index: curl-7.69.0/lib/hostip6.c #include "urldata.h" #include "sendf.h" #include "hostip.h" -@@ -76,7 +76,7 @@ bool Curl_ipv6works(struct connectdata * +@@ -75,7 +75,7 @@ bool Curl_ipv6works(struct Curl_easy *da else { int ipv6_works = -1; /* probe to see if we have a working IPv6 stack */ @@ -51,11 +51,11 @@ Index: curl-7.69.0/lib/hostip6.c if(s == CURL_SOCKET_BAD) /* an IPv6 address was requested but we can't get/use one */ ipv6_works = 0; -Index: curl-7.69.0/lib/if2ip.c +Index: curl-7.75.0/lib/if2ip.c =================================================================== ---- curl-7.69.0.orig/lib/if2ip.c -+++ curl-7.69.0/lib/if2ip.c -@@ -201,7 +201,7 @@ if2ip_result_t Curl_if2ip(int af, unsign +--- curl-7.75.0.orig/lib/if2ip.c ++++ curl-7.75.0/lib/if2ip.c +@@ -202,7 +202,7 @@ if2ip_result_t Curl_if2ip(int af, unsign if(len >= sizeof(req.ifr_name)) return IF2IP_NOT_FOUND; @@ -64,11 +64,11 @@ Index: curl-7.69.0/lib/if2ip.c if(CURL_SOCKET_BAD == dummy) return IF2IP_NOT_FOUND; -Index: curl-7.69.0/lib/connect.c +Index: curl-7.75.0/lib/connect.c =================================================================== ---- curl-7.69.0.orig/lib/connect.c -+++ curl-7.69.0/lib/connect.c -@@ -1529,7 +1529,9 @@ CURLcode Curl_socket(struct connectdata +--- curl-7.75.0.orig/lib/connect.c ++++ curl-7.75.0/lib/connect.c +@@ -1575,7 +1575,9 @@ CURLcode Curl_socket(struct Curl_easy *d } else /* opensocket callback not set, so simply create the socket now */ @@ -79,11 +79,11 @@ Index: curl-7.69.0/lib/connect.c if(*sockfd == CURL_SOCKET_BAD) /* no socket, no connection */ -Index: curl-7.69.0/configure.ac +Index: curl-7.75.0/configure.ac =================================================================== ---- curl-7.69.0.orig/configure.ac -+++ curl-7.69.0/configure.ac -@@ -196,6 +196,8 @@ AC_DEFINE_UNQUOTED(OS, "${host}", [cpu-m +--- curl-7.75.0.orig/configure.ac ++++ curl-7.75.0/configure.ac +@@ -189,6 +189,8 @@ AC_DEFINE_UNQUOTED(OS, "${host}", [cpu-m # Silence warning: ar: 'u' modifier ignored since 'D' is the default AC_SUBST(AR_FLAGS, [cr]) From 98afeb4ad0f5c498d06f1f1de542d8387b0b6220cd07f610dfe4b9b1b790b0a5 Mon Sep 17 00:00:00 2001 From: Pedro Monreal Gonzalez Date: Fri, 5 Mar 2021 07:59:37 +0000 Subject: [PATCH 2/2] Accepting request 876802 from home:elvigia:branches:devel:libraries:c_c++ - Harden build, enable full RELRO - Never allow undefined symbols anywhere. OBS-URL: https://build.opensuse.org/request/show/876802 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=292 --- curl.changes | 6 ++++++ curl.spec | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/curl.changes b/curl.changes index c528f35..e993667 100644 --- a/curl.changes +++ b/curl.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Thu Mar 4 17:46:40 UTC 2021 - Cristian Rodríguez + +- Harden build, enable full RELRO +- Never allow undefined symbols anywhere. + ------------------------------------------------------------------- Thu Feb 4 11:20:22 UTC 2021 - Pedro Monreal diff --git a/curl.spec b/curl.spec index 8c43ac5..6952c35 100644 --- a/curl.spec +++ b/curl.spec @@ -102,7 +102,7 @@ CPPFLAGS="-D_FORTIFY_SOURCE=2" CFLAGS=$(echo "%{optflags}" | sed -e 's/-D_FORTIFY_SOURCE=2//') export CPPFLAGS export CFLAGS="$CFLAGS -fPIE" -export LDFLAGS="$LDFLAGS -pie" +export LDFLAGS="$LDFLAGS -Wl,-z,defs,-z,now,-z,relro -pie" autoreconf -fiv # local hack to make curl-config --libs stop printing libraries it depends on # (currently, libtool sets link_all_deplibs=(yes|unknown) everywhere,