Hello community,
here is the log from the commit of package curl for openSUSE:Factory checked in
at 2017-08-24 18:20:44
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/curl (Old)
and /work/SRC/openSUSE:Factory/.curl.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "curl"
Thu Aug 24 18:20:44 2017 rev:125 rq:515970 version:7.55.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/curl/curl-mini.changes 2017-06-29
15:00:46.218722736 +0200
+++ /work/SRC/openSUSE:Factory/.curl.new/curl-mini.changes 2017-08-24
18:21:04.378161026 +0200
@@ -1,0 +2,125 @@
+Thu Aug 10 11:08:46 UTC 2017 - pmonrealgonza...@suse.com
+
+- Upstream fix to build libcurl man3 pages
+ * Added patch curl-man3.patch
+
+-------------------------------------------------------------------
+Thu Aug 10 10:53:23 UTC 2017 - pmonrealgonza...@suse.com
+
+- Disabled test1425 that fails in i586 architecture
+ * Added patch curl-disable-test1427-i586.patch
+
+-------------------------------------------------------------------
+Wed Aug 9 09:34:25 UTC 2017 - pmonrealgonza...@suse.com
+
+- Update to 7.55.0
+ Changes:
+ * curl: allow --header and --proxy-header read from file
+ * getinfo: provide sizes as curl_off_t
+ * curl: prevent binary output spewed to terminal
+ * curl: added --request-target
+ * curl: added --socks5-{basic,gssapi}: control socks5 auth
+ * libcurl: added CURLOPT_REQUEST_TARGET
+ * libcurl: added CURLOPT_SOCKS5_AUTH
+ Bugfixes:
+ * Security Fixes:
+ - glob: do not parse after a strtoul() overflow range
+ (CVE-2017-1000101, bsc#1051643)
+ - tftp: reject file name lengths that don't fit
+ (CVE-2017-1000100, bsc#1051644)
+ - file: output the correct buffer to the user
+ (CVE-2017-1000099, bsc#1051645)
+ * includes: remove curl/curlbuild.h and curl/curlrules.h
+ * dist: make the hugehelp.c not get regenerated unnecessarily
+ * timers: store internal time stamps as time_t instead of doubles
+ * progress: let "current speed" be UL + DL speeds combined
+ * http-proxy: do the HTTP CONNECT process entirely non-blocking
+ * lib/curl_setup.h: remove CURL_WANTS_CA_BUNDLE_ENV
+ * fuzz: bring oss-fuzz initial code converted to C89
+ * configure: disable nghttp2 too if HTTP has been disabled
+ * mk-ca-bundle.pl: Check curl's exit code after certdata download
+ * test1148: verify the -# progressbar
+ * tests: stabilize test 2032 and 2033
+ * HTTPS-Proxy: don't offer h2 for https proxy connections
+ * http-proxy: only attempt FTP over HTTP proxy
+ * curl-compilers.m4: enable vla warning for clang
+ * curl-compilers.m4: enable double-promotion warning
+ * curl-compilers.m4: enable missing-variable-declarations clang
+ warning
+ * curl-compilers.m4: enable comma clang warning
+ * CURLOPT_PREQUOTE: not supported for SFTP
+ * http2: fix OOM crash
+ * PIPELINING_SERVER_BL: cleanup the internal list use
+ * mkhelp.pl: fix script name in usage text
+ * lib1521: add curl_easy_getinfo calls to the test set
+ * travis: do the distcheck test build out-of-tree as well
+ * if2ip: fix compiler warning in ISO C90 mode
+ * lib: fix the djgpp build
+ * typecheck-gcc: add support for CURLINFO_OFF_T
+ * travis: enable typecheck-gcc warnings
+ * maketgz: switch to xz instead of lzma
+ * CURLINFO_REDIRECT_URL.3: mention the CURLOPT_MAXREDIRS case
+ * curl/system.h: add check for XTENSA for 32bit gcc
+ * test1537: fixed memory leak on OOM
+ * test1521: fix compiler warnings
+ * curl: fix memory leak on test 1147 OOM
+ * libtest/make: generate lib1521.c dynamically at build-time
+ * curl_strequal.3: fix typo in SYNOPSIS
+ * progress: prevent resetting t_starttransfer
+ * openssl: improve fallback seed of PRNG with a time based hash
+ * http2: improved PING frame handling
+ * test1450: add simple testing for DICT
+ * make: build the docs subdir only from within src
+ * gtls: fix build when sizeof(long) < sizeof(void *)
+ * url: make the original string get used on subsequent transfers
+ * timeval.c: Use long long constant type for timeval assignment
+ * tool_sleep: typecast to avoid macos compiler warning
+ * travis.yml: use --enable-werror on debug builds
+ * test1451: add SMB support to the testbed
+ * configure: remove checks for 5 functions never used
+ * configure: try ldap/lber in reversed order first
+ * smb: fix build for djgpp/MSDOS
+ * travis: install nghttp2 on linux builds
+ * smb: add support for CURLOPT_FILETIME
+ * select.h: avoid macro redefinition harder
+ * runtests: support "threaded-resolver" as a feature
+ * test506: skip if threaded-resolver
+ * cmake: remove spurious "-l" from linker flags
+ * cmake: add CURL_WERROR for enabling "warning as errors"
+ * memdebug: don't setbuf() if the file open failed
+ * curl_easy_escape.3: mention the (lack of) encoding
+ * test1452: add telnet negotiation
+ * CURLOPT_POSTFIELDS.3: explain the 100-continue magic better
+ * cmake: offer CMAKE_DEBUG_POSTFIX when building with MSVC
+ * tests/valgrind.supp: supress OpenSSL false positive seen on
+ travis
+ * curl_setup_once: Remove ERRNO/SET_ERRNO macros
+ * rtspd: fix MSVC level 4 warning
+ * sockfilt: suppress conversion warning with explicit cast
+ * libtest: fix MSVC warning C4706
+ * tests/server/resolve.c: fix deprecation warning
+ * nss: fix a possible use-after-free in SelectClientCert()
+ * checksrc: escape open brace in regex
+ * multi: mention integer overflow risk if using > 500 million
+ sockets
+ * timeval: struct curltime is a struct timeval replacement
+ * curl_rtmp: fix a compiler warning
+ * include.d: clarify that it concerns the response headers
+ * cmake: support make uninstall
+ * include.d: clarify --include is only for response headers
+ * libcurl: Stop using error codes defined under CURL_NO_OLDIES
+ * http: fix response code parser to avoid integer overflow
+ * configure: fix the check for IdnToUnicode
+ * multi: fix request timer management
+ * curl_threads: fix MSVC compiler warning
+ * cmake: set MSVC warning level to 4
+ * netrc: skip lines starting with '#'
+ * FTP: skip unnecessary CWD when in nocwd mode
+ * gssapi: fix memory leak of output token in multi round context
+ * getparameter: avoid returning uninitialized 'usedarg'
+ * curl (debug build) easy_events: make event data static
+ * curl: detect and bail out early on parameter integer overflows
+
+- Removed patch curl-invalid-free.patch
+
+-------------------------------------------------------------------
curl.changes: same change
Old:
----
curl-7.54.1.tar.lzma
curl-7.54.1.tar.lzma.asc
curl-invalid-free.patch
New:
----
curl-7.55.0.tar.gz
curl-7.55.0.tar.gz.asc
curl-disable-test1427-i586.patch
curl-man3.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ curl-mini.spec ++++++
--- /var/tmp/diff_new_pack.pwd56e/_old 2017-08-24 18:21:08.769542705 +0200
+++ /var/tmp/diff_new_pack.pwd56e/_new 2017-08-24 18:21:08.777541578 +0200
@@ -32,20 +32,23 @@
%endif
Name: curl-mini
-Version: 7.54.1
+Version: 7.55.0
Release: 0
Summary: A Tool for Transferring Data from URLs
License: curl
Group: Productivity/Networking/Web/Utilities
Url: https://curl.haxx.se/
-Source: https://curl.haxx.se/download/curl-%{version}.tar.lzma
-Source2: https://curl.haxx.se/download/curl-%{version}.tar.lzma.asc
+Source: https://curl.haxx.se/download/curl-%{version}.tar.gz
+Source2: https://curl.haxx.se/download/curl-%{version}.tar.gz.asc
Source3: baselibs.conf
Source4: https://daniel.haxx.se/mykey.asc#/curl.keyring
Patch0: libcurl-ocloexec.patch
Patch1: dont-mess-with-rpmoptflags.diff
Patch2: curl-secure-getenv.patch
-Patch3: curl-invalid-free.patch
+# PATCH-FIX-OPENSUSE curl-disable-test1427-i586.patch - Disabled test1425 that
fails in i586 architecture
+Patch3: curl-disable-test1427-i586.patch
+# PATCH-FIX-UPSTREAM curl-man3.patch - Fix to build libcurl man3 pages
+Patch4: curl-man3.patch
BuildRequires: libtool
BuildRequires: pkgconfig
%if !0%{?bootstrap}
@@ -126,7 +129,8 @@
%patch0
%patch1
%patch2
-%patch3 -p1
+%patch3 -p1 -R
+%patch4 -p1
%build
# curl complains if macro definition is contained in CFLAGS
++++++ curl.spec ++++++
--- /var/tmp/diff_new_pack.pwd56e/_old 2017-08-24 18:21:08.813536510 +0200
+++ /var/tmp/diff_new_pack.pwd56e/_new 2017-08-24 18:21:08.817535947 +0200
@@ -30,20 +30,23 @@
%endif
Name: curl
-Version: 7.54.1
+Version: 7.55.0
Release: 0
Summary: A Tool for Transferring Data from URLs
License: curl
Group: Productivity/Networking/Web/Utilities
Url: https://curl.haxx.se/
-Source: https://curl.haxx.se/download/curl-%{version}.tar.lzma
-Source2: https://curl.haxx.se/download/curl-%{version}.tar.lzma.asc
+Source: https://curl.haxx.se/download/curl-%{version}.tar.gz
+Source2: https://curl.haxx.se/download/curl-%{version}.tar.gz.asc
Source3: baselibs.conf
Source4: https://daniel.haxx.se/mykey.asc#/curl.keyring
Patch0: libcurl-ocloexec.patch
Patch1: dont-mess-with-rpmoptflags.diff
Patch2: curl-secure-getenv.patch
-Patch3: curl-invalid-free.patch
+# PATCH-FIX-OPENSUSE curl-disable-test1427-i586.patch - Disabled test1425 that
fails in i586 architecture
+Patch3: curl-disable-test1427-i586.patch
+# PATCH-FIX-UPSTREAM curl-man3.patch - Fix to build libcurl man3 pages
+Patch4: curl-man3.patch
BuildRequires: libtool
BuildRequires: pkgconfig
%if !0%{?bootstrap}
@@ -124,7 +127,8 @@
%patch0
%patch1
%patch2
-%patch3 -p1
+%patch3 -p1 -R
+%patch4 -p1
%build
# curl complains if macro definition is contained in CFLAGS
++++++ curl-disable-test1427-i586.patch ++++++
>From 581011a3d2bb7d2c6f74e4f4dea9f8c12e7cc382 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <dan...@haxx.se>
Date: Sun, 6 Aug 2017 21:33:25 +0200
Subject: [PATCH] test1427: verify command line parser integer overflow
detection
---
tests/data/Makefile.inc | 2 +-
tests/data/test1427 | 29 +++++++++++++++++++++++++++++
2 files changed, 30 insertions(+), 1 deletion(-)
create mode 100644 tests/data/test1427
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
index 59f692e8f4..1c637f8f0e 100644
--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
@@ -151,7 +151,7 @@ test1396 test1397 test1398 test1399 \
test1400 test1401 test1402 test1403 test1404 test1405 test1406 test1407 \
test1408 test1409 test1410 test1411 test1412 test1413 test1414 test1415 \
test1416 test1417 test1418 test1419 test1420 test1421 test1422 test1423 \
-test1424 test1425 test1426 \
+test1424 test1425 test1426 test1427 \
test1428 test1429 test1430 test1431 test1432 test1433 test1434 test1435 \
test1436 test1437 test1438 test1439 test1440 test1441 test1442 test1443 \
test1444 test1445 test1446 test1450 test1451 \
diff --git a/tests/data/test1427 b/tests/data/test1427
new file mode 100644
index 0000000000..03cab4b93b
--- /dev/null
+++ b/tests/data/test1427
@@ -0,0 +1,29 @@
+<testcase>
+<info>
+<keywords>
+integer overflow
+</keywords>
+</info>
+
+#
+# Client-side
+<client>
+<server>
+none
+</server>
+ <name>
+too large -m timeout value
+ </name>
+ <command>
+http://%HOSTIP:%HTTPPORT/1427 -m 184467440737095510
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<errorcode>
+2
+</errorcode>
+</verify>
+</testcase>
++++++ curl-man3.patch ++++++
>From f864bd8c880d5a916379aa4f26f1c45fe370b282 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <dan...@haxx.se>
Date: Wed, 9 Aug 2017 10:28:06 +0200
Subject: [PATCH] build: fix 'make install' with configure, install
docs/libcurl/* too
Broken since d24838d4da9faa
Reported-by: Bernard Spil
---
Makefile.am | 2 ++
1 file changed, 2 insertions(+)
Index: curl-7.55.0/Makefile.am
===================================================================
--- curl-7.55.0.orig/Makefile.am
+++ curl-7.55.0/Makefile.am
@@ -276,11 +276,13 @@ cygwinbin:
install-data-hook:
cd include && $(MAKE) install
cd docs && $(MAKE) install
+ cd docs/libcurl && $(MAKE) install
# We extend the standard uninstall with a custom hook:
uninstall-hook:
cd include && $(MAKE) uninstall
cd docs && $(MAKE) uninstall
+ cd docs/libcurl && $(MAKE) uninstall
ca-bundle: lib/mk-ca-bundle.pl
@echo "generating a fresh ca-bundle.crt"
