Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package curl for openSUSE:Factory checked in at 2021-09-20 23:32:04 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/curl (Old) and /work/SRC/openSUSE:Factory/.curl.new.1899 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "curl" Mon Sep 20 23:32:04 2021 rev:169 rq:919263 version:7.79.0 Changes: -------- --- /work/SRC/openSUSE:Factory/curl/curl.changes 2021-07-22 22:43:20.279201561 +0200 +++ /work/SRC/openSUSE:Factory/.curl.new.1899/curl.changes 2021-09-20 23:32:31.583127116 +0200 @@ -1,0 +2,53 @@ +Wed Sep 15 15:08:18 UTC 2021 - Pedro Monreal <pmonr...@suse.com> + +- Temporarily disable flaky test 1184 + * See https://github.com/curl/curl/issues/7725 + +------------------------------------------------------------------- +Wed Sep 15 06:21:42 UTC 2021 - Pedro Monreal <pmonr...@suse.com> + +- Update to 7.79.0: [bsc#1190213, CVE-2021-22945] + [bsc#1190373, CVE-2021-22946] [bsc#1190374, CVE-2021-22947] + * Changes: + - bearssl: support CURLOPT_CAINFO_BLOB + - http: consider cookies over localhost to be secure + - secure transport: support CURLINFO_CERTINFO + * Bugfixes: + - CVE-2021-22945: clear the leftovers pointer when sending succeeds + - CVE-2021-22946: do not ignore --ssl-reqd + - CVE-2021-22947: reject STARTTLS server response pipelining + - auth: do not append zero-terminator to authorisation id in kerberos + - auth: properly handle byte order in kerberos security message + - auth: use sasl authzid option in kerberos + - auth: we do not support a security layer after kerberos authentication + - c-hyper: deal with Expect: 100-continue combined with POSTFIELDS + - c-hyper: handle HTTP/1.1 => HTTP/1.0 downgrade on reused connection + - c-hyper: initial step for 100-continue support + - c-hyper: initial support for "dumping" 1xx HTTP responses + - curl-openssl.m4: show correct output for OpenSSL v3 + - docs/MQTT: update state of username/password support + - docs: the security list is reached at security at curl.se now + - getparameter: fix the --local-port number parser + - hostip: Make Curl_ipv6works function independent of getaddrinfo + - http_proxy: fix the User-Agent inclusion in CONNECT + - http_proxy: fix user-agent and custom headers for CONNECT with hyper + - http_proxy: only wait for writable socket while sending request + - mailing lists: move from cool.haxx.se to lists.haxx.se + - mbedtls: avoid using a large buffer on the stack + - mbedTLS: initial 3.0.0 support + - ngtcp2: remove the acked_crypto_offset struct field init + - ngtcp2: replace deprecated functions with nghttp3_conn_shutdown_stream_read + - ngtcp2: reset the oustanding send buffer again when drained + - ngtcp2: rework the return value handling of ngtcp2_conn_writev_stream + - ngtcp2: stop buffering crypto data + - ngtcp2: utilize crypto API functions to simplify + - openssl: when creating a new context, there cannot be an old one + - scripts: invoke interpreters through /usr/bin/env + - tests/runtests.pl: cleanup copy&paste mistakes and unused code + - tests: be explicit about using 'python3' instead of 'python' + - tool/tests: fix potential year 2038 issues + - tool_operate: Fix --fail-early with parallel transfers + - x509asn1: fix heap over-read when parsing x509 certificates + * Rebase libcurl-ocloexec.patch + +------------------------------------------------------------------- Old: ---- curl-7.78.0.tar.xz curl-7.78.0.tar.xz.asc New: ---- curl-7.79.0.tar.xz curl-7.79.0.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ curl.spec ++++++ --- /var/tmp/diff_new_pack.zGraqj/_old 2021-09-20 23:32:32.207127887 +0200 +++ /var/tmp/diff_new_pack.zGraqj/_new 2021-09-20 23:32:32.207127887 +0200 @@ -21,7 +21,7 @@ # need ssl always for python-pycurl %bcond_without openssl Name: curl -Version: 7.78.0 +Version: 7.79.0 Release: 0 Summary: A Tool for Transferring Data from URLs License: curl @@ -142,6 +142,9 @@ find -type f -name "*.pl" -exec sed -i 's|#!.*/usr/bin/env perl|#!/usr/bin/perl|' "{}" + find -type f -name "*.py" -exec sed -i 's|#!.*/usr/bin/env python.*|#!/usr/bin/python3|' "{}" + +# temporarily disable flaky test 1184, see https://github.com/curl/curl/issues/7725 +printf "1184\n" >> data/DISABLED + perl ./runtests.pl -a -v -p '!flaky' || exit popd %endif ++++++ curl-7.78.0.tar.xz -> curl-7.79.0.tar.xz ++++++ ++++ 85052 lines of diff (skipped) ++++++ libcurl-ocloexec.patch ++++++ --- /var/tmp/diff_new_pack.zGraqj/_old 2021-09-20 23:32:33.367129320 +0200 +++ /var/tmp/diff_new_pack.zGraqj/_new 2021-09-20 23:32:33.367129320 +0200 @@ -7,11 +7,11 @@ compile time is not enough. -Index: curl-7.75.0/lib/file.c +Index: curl-7.79.0/lib/file.c =================================================================== ---- curl-7.75.0.orig/lib/file.c -+++ curl-7.75.0/lib/file.c -@@ -193,7 +193,7 @@ static CURLcode file_connect(struct Curl +--- curl-7.79.0.orig/lib/file.c ++++ curl-7.79.0/lib/file.c +@@ -194,7 +194,7 @@ static CURLcode file_connect(struct Curl return CURLE_URL_MALFORMAT; } @@ -20,70 +20,48 @@ file->path = real_path; #endif file->freepath = real_path; /* free this when done */ -@@ -277,7 +277,7 @@ static CURLcode file_upload(struct Curl_ +@@ -278,7 +278,7 @@ static CURLcode file_upload(struct Curl_ else mode = MODE_DEFAULT|O_TRUNC; - fd = open(file->path, mode, data->set.new_file_perms); -+ fd = open(file->path, mode | O_CLOEXEC, data->set.new_file_perms); ++ fd = open(file->path, mode|O_CLOEXEC, data->set.new_file_perms); if(fd < 0) { failf(data, "Can't open %s for writing", file->path); return CURLE_WRITE_ERROR; -Index: curl-7.75.0/lib/hostip6.c +Index: curl-7.79.0/lib/if2ip.c =================================================================== ---- curl-7.75.0.orig/lib/hostip6.c -+++ curl-7.75.0/lib/hostip6.c -@@ -44,7 +44,7 @@ - #ifdef HAVE_PROCESS_H - #include <process.h> - #endif -- -+#include <fcntl.h> - #include "urldata.h" - #include "sendf.h" - #include "hostip.h" -@@ -75,7 +75,7 @@ bool Curl_ipv6works(struct Curl_easy *da - else { - int ipv6_works = -1; - /* probe to see if we have a working IPv6 stack */ -- curl_socket_t s = socket(PF_INET6, SOCK_DGRAM, 0); -+ curl_socket_t s = socket(PF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, 0); - if(s == CURL_SOCKET_BAD) - /* an IPv6 address was requested but we can't get/use one */ - ipv6_works = 0; -Index: curl-7.75.0/lib/if2ip.c -=================================================================== ---- curl-7.75.0.orig/lib/if2ip.c -+++ curl-7.75.0/lib/if2ip.c +--- curl-7.79.0.orig/lib/if2ip.c ++++ curl-7.79.0/lib/if2ip.c @@ -202,7 +202,7 @@ if2ip_result_t Curl_if2ip(int af, unsign if(len >= sizeof(req.ifr_name)) return IF2IP_NOT_FOUND; - dummy = socket(AF_INET, SOCK_STREAM, 0); -+ dummy = socket(AF_INET, SOCK_STREAM | SOCK_CLOEXEC, 0); ++ dummy = socket(AF_INET, SOCK_STREAM|SOCK_CLOEXEC, 0); if(CURL_SOCKET_BAD == dummy) return IF2IP_NOT_FOUND; -Index: curl-7.75.0/lib/connect.c +Index: curl-7.79.0/lib/connect.c =================================================================== ---- curl-7.75.0.orig/lib/connect.c -+++ curl-7.75.0/lib/connect.c -@@ -1575,7 +1575,9 @@ CURLcode Curl_socket(struct Curl_easy *d +--- curl-7.79.0.orig/lib/connect.c ++++ curl-7.79.0/lib/connect.c +@@ -1598,7 +1598,9 @@ CURLcode Curl_socket(struct Curl_easy *d } else /* opensocket callback not set, so simply create the socket now */ - *sockfd = socket(addr->family, addr->socktype, addr->protocol); + *sockfd = socket(addr->family, -+ addr->socktype | SOCK_CLOEXEC, ++ addr->socktype|SOCK_CLOEXEC, + addr->protocol); if(*sockfd == CURL_SOCKET_BAD) /* no socket, no connection */ -Index: curl-7.75.0/configure.ac +Index: curl-7.79.0/configure.ac =================================================================== ---- curl-7.75.0.orig/configure.ac -+++ curl-7.75.0/configure.ac -@@ -189,6 +189,8 @@ AC_DEFINE_UNQUOTED(OS, "${host}", [cpu-m +--- curl-7.79.0.orig/configure.ac ++++ curl-7.79.0/configure.ac +@@ -297,6 +297,8 @@ AC_DEFINE_UNQUOTED(OS, "${host}", [cpu-m # Silence warning: ar: 'u' modifier ignored since 'D' is the default AC_SUBST(AR_FLAGS, [cr]) @@ -92,3 +70,25 @@ dnl This defines _ALL_SOURCE for AIX CURL_CHECK_AIX_ALL_SOURCE +Index: curl-7.79.0/lib/hostip.c +=================================================================== +--- curl-7.79.0.orig/lib/hostip.c ++++ curl-7.79.0/lib/hostip.c +@@ -49,7 +49,7 @@ + #ifdef HAVE_PROCESS_H + #include <process.h> + #endif +- ++#include <fcntl.h> + #include "urldata.h" + #include "sendf.h" + #include "hostip.h" +@@ -549,7 +549,7 @@ bool Curl_ipv6works(struct Curl_easy *da + else { + int ipv6_works = -1; + /* probe to see if we have a working IPv6 stack */ +- curl_socket_t s = socket(PF_INET6, SOCK_DGRAM, 0); ++ curl_socket_t s = socket(PF_INET6, SOCK_DGRAM|SOCK_CLOEXEC, 0); + if(s == CURL_SOCKET_BAD) + /* an IPv6 address was requested but we can't get/use one */ + ipv6_works = 0;
