Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package curl for openSUSE:Factory checked in
at 2025-02-14 19:19:45
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/curl (Old)
and /work/SRC/openSUSE:Factory/.curl.new.8181 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "curl"
Fri Feb 14 19:19:45 2025 rev:209 rq:1245678 version:8.12.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/curl/curl.changes 2025-02-08
09:32:56.897729914 +0100
+++ /work/SRC/openSUSE:Factory/.curl.new.8181/curl.changes 2025-02-14
19:19:47.823962150 +0100
@@ -1,0 +2,115 @@
+Thu Feb 13 13:34:05 UTC 2025 - Pedro Monreal <pmonr...@suse.com>
+
+- Update to 8.12.1:
+ * Bugfixes:
+ - asyn-thread: fix build with 'CURL_DISABLE_SOCKETPAIR'
+ - asyn-thread: fix HTTPS RR crash
+ - asyn-thread: fix the returned bitmask from Curl_resolver_getsock
+ - asyn-thread: survive a c-ares channel set to NULL
+ - cmake: always reference OpenSSL and ZLIB via imported targets
+ - cmake: respect 'GNUTLS_CFLAGS' when detected via 'pkg-config'
+ - cmake: respect 'GNUTLS_LIBRARY_DIRS' in 'libcurl.pc' and 'curl-config'
+ - content_encoding: #error on too old zlib
+ - imap: TLS upgrade fix
+ - ldap: drop support for legacy Novell LDAP SDK
+ - libssh2: comparison is always true because rc <= -1
+ - libssh2: raise lowest supported version to 1.2.8
+ - libssh: drop support for libssh older than 0.9.0
+ - openssl-quic: ignore ciphers for h3
+ - pop3: TLS upgrade fix
+ - runtests: fix the disabling of the memory tracking
+ - runtests: quote commands to support paths with spaces
+ - scache: add magic checks
+ - smb: silence '-Warray-bounds' with gcc 13+
+ - smtp: TLS upgrade fix
+ - tool_cfgable: sort struct fields by size, use bitfields for booleans
+ - tool_getparam: add "TLS required" flag for each such option
+ - vtls: fix multissl-init
+ - wakeup_write: make sure the eventfd write sends eight bytes
+
+-------------------------------------------------------------------
+Thu Feb 6 07:52:21 UTC 2025 - Pedro Monreal <pmonr...@suse.com>
+
+- Update to 8.12.0:
+ * Security fixes:
+ - [bsc#1234068, CVE-2024-11053] curl could leak the password used
+ for the first host to the followed-to host under certain circumstances.
+ - [bsc#1232528, CVE-2024-9681] HSTS subdomain overwrites parent cache entry
+ - [bsc#1236589, CVE-2025-0665] eventfd double close
+ * Changes:
+ - curl: add byte range support to --variable reading from file
+ - curl: make --etag-save acknowledge --create-dirs
+ - getinfo: fix CURLINFO_QUEUE_TIME_T and add 'time_queue' var
+ - getinfo: provide info which auth was used for HTTP and proxy
+ - hyper: drop support
+ - openssl: add support to use keys and certificates from PKCS#11 provider
+ - QUIC: 0RTT for gnutls via CURLSSLOPT_EARLYDATA
+ - vtls: feature ssls-export for SSL session im-/export
+ * Bugfixes:
+ - altsvc: avoid integer overflow in expire calculation
+ - asyn-ares: acknowledge CURLOPT_DNS_SERVERS set to NULL
+ - asyn-ares: fix memory leak
+ - asyn-ares: initial HTTPS resolve support
+ - asyn-thread: use c-ares to resolve HTTPS RR
+ - async-thread: avoid closing eventfd twice
+ - cd2nroff: do not insist on quoted <> within backticks
+ - cd2nroff: support "none" as a TLS backend
+ - conncache: count shutdowns against host and max limits
+ - content_encoding: drop support for zlib before 1.2.0.4
+ - content_encoding: namespace GZIP flag constants
+ - content_encoding: put the decomp buffers into the writer structs
+ - content_encoding: support use of custom libzstd memory functions
+ - cookie: cap expire times to 400 days
+ - cookie: parse only the exact expire date
+ - curl: return error if etag options are used with multiple URLs
+ - curl_multi_fdset: include the shutdown connections in the set
+ - curl_sha512_256: rename symbols to the curl namespace
+ - curl_url_set.md: adjust the added-in to 7.62.0
+ - doh: send HTTPS RR requests for all HTTP(S) transfers
+ - easy: allow connect-only handle reuse with easy_perform
+ - easy: make curl_easy_perform() return error if connection still there
+ - easy_lock: use Sleep(1) for thread yield on old Windows
+ - ECH: update APIs to those agreed with OpenSSL maintainers
+ - GnuTLS: fix 'time_appconnect' for early data
+ - HTTP/2: strip TE request header
+ - http2: fix data_pending check
+ - http2: fix value stored to 'result' is never read
+ - http: ignore invalid Retry-After times
+ - http_aws_sigv4: Fix invalid compare function handling zero-length pairs
+ - https-connect: start next immediately on failure
+ - lib: redirect handling by protocol handler
+ - multi: fix curl_multi_waitfds reporting of fd_count
+ - netrc: 'default' with no credentials is not a match
+ - netrc: fix password-only entries
+ - netrc: restore _netrc fallback logic
+ - ngtcp2: fix memory leak on connect failure
+ - openssl: define `HAVE_KEYLOG_CALLBACK` before use
+ - openssl: fix ECH logic
+ - osslq: use SSL_poll to determine writeability of QUIC streams
+ - sectransp: free certificate on error
+ - select: avoid a NULL deref in cwfds_add_sock
+ - src: omit hugehelp and ca-embed from libcurltool
+ - ssl session cache: change cache dimensions
+ - system.h: add 64-bit curl_off_t definitions for NonStop
+ - telnet: handle single-byte input option
+ - TLS: check connection for SSL use, not handler
+ - tool_formparse.c: make curlx_uztoso a static in here
+ - tool_formparse: accept digits in --form type= strings
+ - tool_getparam: ECH param parsing refix
+ - tool_getparam: fail --hostpubsha256 if libssh2 is not used
+ - tool_getparam: fix "Ignored Return Value"
+ - tool_getparam: fix memory leak on error in parse_ech
+ - tool_getparam: fix the ECH parser
+ - tool_operate: make --etag-compare always accept a non-existing file
+ - transfer: fix CURLOPT_CURLU override logic
+ - urlapi: fix redirect to a new fragment or query (only)
+ - vquic: make vquic_send_packets not return without setting psent
+ - vtls: fix default SSL backend as a fallback
+ - vtls: only remember the expiry timestamp in session cache
+ - websocket: fix message send corruption
+ - x509asn1: add parse recursion limit
+ * Rebase pathes:
+ - libcurl-ocloexec.patch
+ - dont-mess-with-rpmoptflags.patch
+
+-------------------------------------------------------------------
Old:
----
curl-8.11.1.tar.xz
curl-8.11.1.tar.xz.asc
New:
----
curl-8.12.1.tar.xz
curl-8.12.1.tar.xz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ curl.spec ++++++
--- /var/tmp/diff_new_pack.PfvsLc/_old 2025-02-14 19:19:49.168017790 +0100
+++ /var/tmp/diff_new_pack.PfvsLc/_new 2025-02-14 19:19:49.168017790 +0100
@@ -1,7 +1,7 @@
#
# spec file for package curl
#
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -29,7 +29,7 @@
%endif
Name: curl%{?psuffix}
-Version: 8.11.1
+Version: 8.12.1
Release: 0
Summary: A Tool for Transferring Data from URLs
License: curl
++++++ curl-8.11.1.tar.xz -> curl-8.12.1.tar.xz ++++++
++++ 86807 lines of diff (skipped)
++++++ dont-mess-with-rpmoptflags.patch ++++++
--- /var/tmp/diff_new_pack.PfvsLc/_old 2025-02-14 19:19:50.268063329 +0100
+++ /var/tmp/diff_new_pack.PfvsLc/_new 2025-02-14 19:19:50.272063494 +0100
@@ -1,16 +1,17 @@
-Index: curl-8.6.0/configure.ac
+Index: curl-8.12.0/configure.ac
===================================================================
---- curl-8.6.0.orig/configure.ac
-+++ curl-8.6.0/configure.ac
-@@ -506,10 +506,6 @@ dnl ************************************
+--- curl-8.12.0.orig/configure.ac
++++ curl-8.12.0/configure.ac
+@@ -502,11 +502,6 @@ if test "$curl_cv_native_windows" = "yes
+ esac
+ fi
- CURL_CHECK_COMPILER
- CURL_CHECK_NATIVE_WINDOWS
-CURL_SET_COMPILER_BASIC_OPTS
-CURL_SET_COMPILER_DEBUG_OPTS
-CURL_SET_COMPILER_OPTIMIZE_OPTS
-CURL_SET_COMPILER_WARNING_OPTS
-
+-
if test "$compiler_id" = "INTEL_UNIX_C"; then
#
+ if test "$compiler_num" -ge "1000"; then
++++++ libcurl-ocloexec.patch ++++++
--- /var/tmp/diff_new_pack.PfvsLc/_old 2025-02-14 19:19:50.284063991 +0100
+++ /var/tmp/diff_new_pack.PfvsLc/_new 2025-02-14 19:19:50.284063991 +0100
@@ -7,32 +7,35 @@
compile time is not enough.
-Index: curl-8.9.0/lib/file.c
+Index: curl-8.12.0/lib/file.c
===================================================================
---- curl-8.9.0.orig/lib/file.c
-+++ curl-8.9.0/lib/file.c
-@@ -242,7 +242,7 @@ static CURLcode file_connect(struct Curl
+--- curl-8.12.0.orig/lib/file.c
++++ curl-8.12.0/lib/file.c
+@@ -237,7 +237,7 @@ static CURLcode file_connect(struct Curl
}
}
#else
-- fd = open_readonly(real_path, O_RDONLY);
-+ fd = open_readonly(real_path, O_RDONLY|O_CLOEXEC);
+- fd = open(real_path, O_RDONLY);
++ fd = open(real_path, O_RDONLY|O_CLOEXEC);
file->path = real_path;
#endif
#endif
-@@ -329,7 +329,7 @@ static CURLcode file_upload(struct Curl_
- else
- mode = MODE_DEFAULT|O_TRUNC;
+@@ -321,9 +321,9 @@ static CURLcode file_upload(struct Curl_
+ #if (defined(ANDROID) || defined(__ANDROID__)) && \
+ (defined(__i386__) || defined(__arm__))
+- fd = open(file->path, mode, (mode_t)data->set.new_file_perms);
++ fd = open(file->path, mode|O_CLOEXEC, (mode_t)data->set.new_file_perms);
+ #else
- fd = open(file->path, mode, data->set.new_file_perms);
+ fd = open(file->path, mode|O_CLOEXEC, data->set.new_file_perms);
+ #endif
if(fd < 0) {
failf(data, "cannot open %s for writing", file->path);
- return CURLE_WRITE_ERROR;
-Index: curl-8.9.0/lib/if2ip.c
+Index: curl-8.12.0/lib/if2ip.c
===================================================================
---- curl-8.9.0.orig/lib/if2ip.c
-+++ curl-8.9.0/lib/if2ip.c
+--- curl-8.12.0.orig/lib/if2ip.c
++++ curl-8.12.0/lib/if2ip.c
@@ -208,7 +208,7 @@ if2ip_result_t Curl_if2ip(int af,
if(len >= sizeof(req.ifr_name))
return IF2IP_NOT_FOUND;
@@ -42,11 +45,11 @@
if(CURL_SOCKET_BAD == dummy)
return IF2IP_NOT_FOUND;
-Index: curl-8.9.0/configure.ac
+Index: curl-8.12.0/configure.ac
===================================================================
---- curl-8.9.0.orig/configure.ac
-+++ curl-8.9.0/configure.ac
-@@ -441,6 +441,8 @@ AC_DEFINE_UNQUOTED(OS, "${host}", [cpu-m
+--- curl-8.12.0.orig/configure.ac
++++ curl-8.12.0/configure.ac
+@@ -426,6 +426,8 @@ AC_DEFINE_UNQUOTED(CURL_OS, "${host}", [
# Silence warning: ar: 'u' modifier ignored since 'D' is the default
AC_SUBST(AR_FLAGS, [cr])
@@ -55,10 +58,10 @@
dnl This defines _ALL_SOURCE for AIX
CURL_CHECK_AIX_ALL_SOURCE
-Index: curl-8.9.0/lib/hostip.c
+Index: curl-8.12.0/lib/hostip.c
===================================================================
---- curl-8.9.0.orig/lib/hostip.c
-+++ curl-8.9.0/lib/hostip.c
+--- curl-8.12.0.orig/lib/hostip.c
++++ curl-8.12.0/lib/hostip.c
@@ -44,6 +44,7 @@
#include <setjmp.h>
#include <signal.h>
@@ -67,7 +70,7 @@
#include "urldata.h"
#include "sendf.h"
#include "hostip.h"
-@@ -616,7 +617,7 @@ bool Curl_ipv6works(struct Curl_easy *da
+@@ -624,7 +625,7 @@ bool Curl_ipv6works(struct Curl_easy *da
else {
int ipv6_works = -1;
/* probe to see if we have a working IPv6 stack */
@@ -76,11 +79,11 @@
if(s == CURL_SOCKET_BAD)
/* an IPv6 address was requested but we cannot get/use one */
ipv6_works = 0;
-Index: curl-8.9.0/lib/cf-socket.c
+Index: curl-8.12.0/lib/cf-socket.c
===================================================================
---- curl-8.9.0.orig/lib/cf-socket.c
-+++ curl-8.9.0/lib/cf-socket.c
-@@ -360,7 +360,9 @@ static CURLcode socket_open(struct Curl_
+--- curl-8.12.0.orig/lib/cf-socket.c
++++ curl-8.12.0/lib/cf-socket.c
+@@ -367,7 +367,9 @@ static CURLcode socket_open(struct Curl_
}
else {
/* opensocket callback not set, so simply create the socket now */
