Hello community,
here is the log from the commit of package curl for openSUSE:Factory checked in
at 2018-03-19 23:31:34
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/curl (Old)
and /work/SRC/openSUSE:Factory/.curl.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "curl"
Mon Mar 19 23:31:34 2018 rev:133 rq:587006 version:7.59.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/curl/curl-mini.changes 2018-02-25
12:19:01.826789479 +0100
+++ /work/SRC/openSUSE:Factory/.curl.new/curl-mini.changes 2018-03-19
23:31:36.180018084 +0100
@@ -1,0 +2,94 @@
+Wed Mar 14 14:23:22 UTC 2018 - pmonrealgonza...@suse.com
+
+- Added message about protocol redirection not supported or
+ disabled to the function findprotocol() [bsc#1076446]
+ * Added curl-disabled-redirect-protocol-message.patch
+
+-------------------------------------------------------------------
+Wed Mar 14 13:08:33 UTC 2018 - pmonrealgonza...@suse.com
+
+- Update to version 7.59.0
+ [bsc#1084521, CVE-2018-1000120][bsc#1084524, CVE-2018-1000121]
+ [bsc#1084532, CVE-2018-1000122]
+ Changes:
+ * curl: add --proxy-pinnedpubkey
+ * added: CURLOPT_TIMEVALUE_LARGE and CURLINFO_FILETIME_T
+ * CURLOPT_RESOLVE: Add support for multiple IP addresses per entry
+ * Add option CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS
+ * Add new tool option --happy-eyeballs-timeout-ms
+ * Add CURLOPT_RESOLVER_START_FUNCTION and CURLOPT_RESOLVER_START_DATA
+ Bugfixes:
+ * openldap: check ldap_get_attribute_ber() results for NULL before using
+ * FTP: reject path components with control codes
+ * readwrite: make sure excess reads don't go beyond buffer end
+ * lib555: drop text conversion and encode data as ascii codes
+ * lib517: make variable static to avoid compiler warning
+ * lib544: sync ascii code data with textual data
+ * GSKit: restore pinnedpubkey functionality
+ * darwinssl: Don't import client certificates into Keychain on macOS
+ * parsedate: fix date parsing for systems with 32 bit long
+ * openssl: fix pinned public key build error in FIPS mode
+ * SChannel/WinSSL: Implement public key pinning
+ * cookies: remove verbose "cookie size:" output
+ * progress-bar: don't use stderr explicitly, use bar->out
+ * build: open VC15 projects with VS 2017
+ * curl_ctype: private is*() type macros and functions
+ * configure: set PATH_SEPARATOR to colon for PATH w/o separator
+ * curl_easy_reset: clear digest auth state
+ * curl/curl.h: fix comment typo for CURLOPT_DNS_LOCAL_IP6
+ * range: commonize FTP and FILE range handling
+ * progress-bar docs: update to match implementation
+ * fnmatch: do not match the empty string with a character set
+ * fnmatch: accept an alphanum to be followed by a non-alphanum in char set
+ * build: fix termios issue on android cross-compile
+ * getdate: return -1 for out of range
+ * formdata: use the mime-content type function
+ * openssl: Don't add verify locations when verifypeer==0
+ * fnmatch: optimize processing of consecutive *s and ?s pattern characters
+ * schannel: fix compiler warnings
+ * content_encoding: Add "none" alias to "identity"
+ * get_posix_time: only check for overflows if they can happen
+ * http_chunks: don't write chunks twice with CURLOPT_HTTP_TRANSFER_DECODING
+ * README: language fix
+ * sha256: build with OpenSSL < 0.9.8
+ * smtp: fix processing of initial dot in data
+ * --tlsauthtype: works only if libcurl is built with TLS-SRP support
+ * tests: new tests for http raw mode
+ * libcurl-security.3: man page discussion security concerns when using
libcurl
+ * curl_gssapi: make sure this file too uses our *printf()
+ * BINDINGS: fix curb link (and remove ruby-curl-multi)
+ * nss: use PK11_CreateManagedGenericObject() if available
+ * travis: add build with iconv enabled
+ * ssh: add two missing state names
+ * CURLOPT_HEADERFUNCTION.3: mention folded headers
+ * http: fix the max header length detection logic
+ * header callback: don't chop headers into smaller pieces
+ * CURLOPT_HEADER.3: clarify problems with different data sizes
+ * curl --version: show PSL if the run-time lib has it enabled
+ * examples/sftpuploadresume: resume upload via CURLOPT_APPEND
+ * Return error if called recursively from within callbacks
+ * sasl: prefer PLAIN mechanism over LOGIN
+ * winbuild: Use CALL to run batch scripts
+ * curl_share_setopt.3: connection cache is shared within multi handles
+ * projects/README: remove reference to dead IDN link/package
+ * lib655: silence compiler warning
+ * configure: Fix version check for OpenSSL 1.1.1
+ * docs/MANUAL: formfind.pl is not accessible on the site anymore
+ * unit1307: proper cleanup on OOM to fix torture tests
+ * curl_ctype: fix macro redefinition warnings
+ * build: get CFLAGS (including -werror) used for examples and tests
+ * NO_PROXY: fix for IPv6 numericals in the URL
+ * krb5: use nondeprecated functions
+ * http2: mark the connection for close on GOAWAY
+ * limit-rate: kick in even before "limit" data has been received
+ * HTTP: allow "header;" to replace an internal header with a blank one
+ * http2: verbose output new MAX_CONCURRENT_STREAMS values
+ * SECURITY: distros' max embargo time is 14 days
+ * curl tool: accept --compressed also if Brotli is enabled and zlib is not
+ * WolfSSL: adding TLSv1.3
+ * checksrc.pl: add -i and -m options
+ * CURLOPT_COOKIEFILE.3: "-" as file name means stdin
+
+- Refreshed patch libcurl-ocloexec.patch
+
+-------------------------------------------------------------------
curl.changes: same change
Old:
----
curl-7.58.0.tar.gz
curl-7.58.0.tar.gz.asc
New:
----
curl-7.59.0.tar.gz
curl-7.59.0.tar.gz.asc
curl-disabled-redirect-protocol-message.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ curl-mini.spec ++++++
--- /var/tmp/diff_new_pack.0rZx90/_old 2018-03-19 23:31:37.831958490 +0100
+++ /var/tmp/diff_new_pack.0rZx90/_new 2018-03-19 23:31:37.835958347 +0100
@@ -29,7 +29,7 @@
# need ssl always for python-pycurl
%bcond_without openssl
Name: curl-mini
-Version: 7.58.0
+Version: 7.59.0
Release: 0
Summary: A Tool for Transferring Data from URLs
License: curl
@@ -43,6 +43,8 @@
Patch1: dont-mess-with-rpmoptflags.diff
Patch2: curl-secure-getenv.patch
Patch3: ignore_runtests_failure.patch
+# PATCH-FIX-OPENSUSE bsc#1076446 protocol redirection not supported or disabled
+Patch4: curl-disabled-redirect-protocol-message.patch
BuildRequires: libtool
BuildRequires: pkgconfig
Requires: libcurl4%{?mini} = %{version}
@@ -121,6 +123,7 @@
%ifarch ppc ppc64 ppc64le
%patch3 -p1
%endif
+%patch4 -p1
%build
# curl complains if macro definition is contained in CFLAGS
++++++ curl.spec ++++++
--- /var/tmp/diff_new_pack.0rZx90/_old 2018-03-19 23:31:37.871957048 +0100
+++ /var/tmp/diff_new_pack.0rZx90/_new 2018-03-19 23:31:37.875956903 +0100
@@ -27,7 +27,7 @@
# need ssl always for python-pycurl
%bcond_without openssl
Name: curl
-Version: 7.58.0
+Version: 7.59.0
Release: 0
Summary: A Tool for Transferring Data from URLs
License: curl
@@ -41,6 +41,8 @@
Patch1: dont-mess-with-rpmoptflags.diff
Patch2: curl-secure-getenv.patch
Patch3: ignore_runtests_failure.patch
+# PATCH-FIX-OPENSUSE bsc#1076446 protocol redirection not supported or disabled
+Patch4: curl-disabled-redirect-protocol-message.patch
BuildRequires: libtool
BuildRequires: pkgconfig
Requires: libcurl4%{?mini} = %{version}
@@ -119,6 +121,7 @@
%ifarch ppc ppc64 ppc64le
%patch3 -p1
%endif
+%patch4 -p1
%build
# curl complains if macro definition is contained in CFLAGS
++++++ curl-7.58.0.tar.gz -> curl-7.59.0.tar.gz ++++++
++++ 43989 lines of diff (skipped)
++++++ curl-disabled-redirect-protocol-message.patch ++++++
--- a/lib/url.c
+++ a/lib/url.c
@@ -1955,9 +1955,13 @@ static CURLcode findprotocol(struct Curl_easy *data,
/* it is allowed for "normal" request, now do an extra check if this is
the result of a redirect */
if(data->state.this_is_a_follow &&
- !(data->set.redir_protocols & p->protocol))
+ !(data->set.redir_protocols & p->protocol)) {
/* nope, get out */
- break;
+ failf(data, "Redirect to protocol \"%s\" not supported or disabled in
" LIBCURL_NAME,
+ protostr);
+
+ return CURLE_UNSUPPORTED_PROTOCOL;
+ }
/* Perform setup complement if some. */
conn->handler = conn->given = p;
++++++ libcurl-ocloexec.patch ++++++
--- /var/tmp/diff_new_pack.0rZx90/_old 2018-03-19 23:31:39.463899618 +0100
+++ /var/tmp/diff_new_pack.0rZx90/_new 2018-03-19 23:31:39.467899475 +0100
@@ -11,7 +11,7 @@
===================================================================
--- lib/file.c.orig
+++ lib/file.c
-@@ -248,7 +248,7 @@ static CURLcode file_connect(struct conn
+@@ -190,7 +190,7 @@ static CURLcode file_connect(struct conn
return CURLE_URL_MALFORMAT;
}
@@ -20,7 +20,7 @@
file->path = real_path;
#endif
file->freepath = real_path; /* free this when done */
-@@ -343,7 +343,7 @@ static CURLcode file_upload(struct conne
+@@ -285,7 +285,7 @@ static CURLcode file_upload(struct conne
else
mode = MODE_DEFAULT|O_TRUNC;
@@ -33,7 +33,7 @@
===================================================================
--- lib/hostip6.c.orig
+++ lib/hostip6.c
-@@ -39,7 +39,7 @@
+@@ -44,7 +44,7 @@
#ifdef HAVE_PROCESS_H
#include <process.h>
#endif
@@ -68,8 +68,8 @@
===================================================================
--- lib/connect.c.orig
+++ lib/connect.c
-@@ -1355,7 +1355,7 @@ CURLcode Curl_socket(struct connectdata
- (struct curl_sockaddr *)addr);
+@@ -1389,7 +1389,7 @@ CURLcode Curl_socket(struct connectdata
+ }
else
/* opensocket callback not set, so simply create the socket now */
- *sockfd = socket(addr->family, addr->socktype, addr->protocol);
@@ -81,7 +81,7 @@
===================================================================
--- configure.ac.orig
+++ configure.ac
-@@ -182,6 +182,7 @@ AC_CANONICAL_HOST
+@@ -188,6 +188,7 @@ AC_CANONICAL_HOST
dnl Get system canonical name
AC_DEFINE_UNQUOTED(OS, "${host}", [cpu-machine-OS])
