Hello community, here is the log from the commit of package curl for openSUSE:Factory checked in at 2018-07-27 10:51:39 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/curl (Old) and /work/SRC/openSUSE:Factory/.curl.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "curl" Fri Jul 27 10:51:39 2018 rev:135 rq:623486 version:7.61.0 Changes: -------- --- /work/SRC/openSUSE:Factory/curl/curl-mini.changes 2018-05-29 16:45:51.753976155 +0200 +++ /work/SRC/openSUSE:Factory/.curl.new/curl-mini.changes 2018-07-27 10:51:42.357125497 +0200 @@ -1,0 +2,109 @@ +Tue Jul 17 13:56:05 UTC 2018 - [email protected] + +- Update to version 7.62.0 + [bsc#1099793, CVE-2018-0500] + Changes: + * getinfo: add microsecond precise timers for seven intervals + * curl: show headers in bold, switch off with --no-styled-output + * httpauth: add support for Bearer tokens + * Add CURLOPT_TLS13_CIPHERS and CURLOPT_PROXY_TLS13_CIPHERS + * curl: --tls13-ciphers and --proxy-tls13-ciphers + * Add CURLOPT_DISALLOW_USERNAME_IN_URL + * curl: --disallow-username-in-url + Bugfixes: + * CVE-2018-0500: smtp: fix SMTP send buffer overflow + * schannel: disable client cert option if APIs not available + * schannel: disable manual verify if APIs not available + * tests/libtest/Makefile: Do not unconditionally add gcc-specific flags + * openssl: acknowledge --tls-max for default version too + * stub_gssapi: fix 'unused parameter' warnings + * examples/progressfunc: make it build on both new and old libcurls + * docs: mention it is HA Proxy protocol "version 1" + * curl_fnmatch: only allow two asterisks for matching + * docs: clarify CURLOPT_HTTPGET + * configure: replace a AC_TRY_RUN with CURL_RUN_IFELSE + * configure: do compile-time SIZEOF checks instead of run-time + * checksrc: make sure sizeof() is used *with* parentheses + * CURLOPT_ACCEPT_ENCODING.3: add brotli and clarify a bit + * schannel: make CAinfo parsing resilient to CR/LF + * tftp: make sure error is zero terminated before printfing it + * http resume: skip body if http code 416 (range error) is ignored + * configure: add basic test of --with-ssl prefix + * cmake: set -d postfix for debug builds + * multi: provide a socket to wait for in Curl_protocol_getsock + * content_encoding: handle zlib versions too old for Z_BLOCK + * winbuild: only delete OUTFILE if it exists + * winbuild: In MakefileBuild.vc fix typo DISTDIR->DIRDIST + * schannel: add failf calls for client certificate failures + * cmake: Fix the test for fsetxattr and strerror_r + * curl.1: Fix cmdline-opts reference errors + * cmdline-opts/gen.pl: warn if mutexes: or see-also: list non-existing options + * cmake: check for getpwuid_r + * configure: fix ssh2 linking when built with a static mbedtls + * psl: use latest psl and refresh it periodically + * fnmatch: insist on escaped bracket to match + * KNOWN_BUGS: restore text regarding #2101 + * INSTALL: LDFLAGS=-Wl,-R/usr/local/ssl/lib + * configure: override AR_FLAGS to silence warning + * os400: implement mime api EBCDIC wrappers + * curl.rc: embed manifest for correct Windows version detection + * strictness: correct {infof, failf} format specifiers + * tests: update .gitignore for libtests + * configure: check for declaration of getpwuid_r + * fnmatch: use the system one if available + * CURLOPT_RESOLVE: always purge old entry first + * multi: remove a potentially bad DEBUGF() + * curl_addrinfo: use same #ifdef conditions in source as header + * build: remove the Borland specific makefiles + * axTLS: not considered fit for use + * cmdline-opts/cert-type.d: mention "p12" as a recognized type + * system.h: add support for IBM xlc C compiler + * tests/libtest: Add lib1521 to nodist_SOURCES + * mk-ca-bundle.pl: leave certificate name untouched + * boringssl + schannel: undef X509_NAME in lib/schannel.h + * openssl: assume engine support in 1.0.1 or later + * cppcheck: fix warnings + * test 46: make test pass after year 2025 + * schannel: support selecting ciphers + * Curl_debug: remove dead printhost code + * test 1455: unflakified + * Curl_init_do: handle NULL connection pointer passed in + * progress: remove a set of unused defines + * mk-ca-bundle.pl: make -u delete certdata.txt if found not changed + * GOVERNANCE.md: explains how this project is run + * configure: use pkg-config for c-ares detection + * configure: enhance ability to build with static openssl + * maketgz: fix sed issues on OSX + * multi: fix memory leak when stopped during name resolve + * CURLOPT_INTERFACE.3: interface names not supported on Windows + * url: fix dangling conn->data pointer + * cmake: allow multiple SSL backends + * system.h: fix for gcc on 32 bit OpenServer + * ConnectionExists: make sure conn->data is set when "taking" a connection + * multi: fix crash due to dangling entry in connect-pending list + * CURLOPT_SSL_VERIFYPEER.3: Add performance note + * netrc: use a larger buffer to support longer passwords + * url: check Curl_conncache_add_conn return code + * configure: Add dependent libraries after crypto + * easy_perform: faster local name resolves by using *multi_timeout() + * getnameinfo: not used, removed all configure checks + * travis: add a build using the synchronous name resolver + * CURLINFO_TLS_SSL_PTR.3: improve the example + * openssl: allow TLS 1.3 by default + * openssl: make the requested TLS version the *minimum* wanted + * openssl: Remove some dead code + * telnet: fix clang warnings + * DEPRECATE: new doc describing planned item removals + * example/crawler.c: simple crawler based on libxml2 + * libssh: goto DISCONNECT state on error, not SESSION_FREE + * CMake: Remove unused functions + * darwinssl: allow High Sierra users to build the code using GCC + * scripts: include _curl as part of CLEANFILES + * examples: fix -Wformat warnings + * curl_setup: include <winerror.h> before <windows.h> + * schannel: make more cipher options conditional + * CMake: remove redundant and old end-of-block syntax + * post303.d: clarify that this is an RFC violation +- refreshed libcurl-ocloexec.patch + +------------------------------------------------------------------- curl.changes: same change Old: ---- curl-7.60.0.tar.gz curl-7.60.0.tar.gz.asc New: ---- curl-7.61.0.tar.gz curl-7.61.0.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ curl-mini.spec ++++++ --- /var/tmp/diff_new_pack.7VD4FW/_old 2018-07-27 10:51:45.505131525 +0200 +++ /var/tmp/diff_new_pack.7VD4FW/_new 2018-07-27 10:51:45.505131525 +0200 @@ -29,7 +29,7 @@ # need ssl always for python-pycurl %bcond_without openssl Name: curl-mini -Version: 7.60.0 +Version: 7.61.0 Release: 0 Summary: A Tool for Transferring Data from URLs License: curl @@ -45,6 +45,7 @@ Patch3: ignore_runtests_failure.patch # PATCH-FIX-OPENSUSE bsc#1076446 protocol redirection not supported or disabled Patch4: curl-disabled-redirect-protocol-message.patch +Patch5: curl-use_OPENSSL_config.patch BuildRequires: libtool BuildRequires: pkgconfig Requires: libcurl4%{?mini} = %{version} @@ -117,13 +118,14 @@ %prep %setup -q -n curl-%{version} -%patch0 +%patch0 -p1 %patch1 %patch2 %ifarch ppc ppc64 ppc64le %patch3 -p1 %endif %patch4 -p1 +%patch5 -p1 %build # curl complains if macro definition is contained in CFLAGS ++++++ curl.spec ++++++ --- /var/tmp/diff_new_pack.7VD4FW/_old 2018-07-27 10:51:45.521131556 +0200 +++ /var/tmp/diff_new_pack.7VD4FW/_new 2018-07-27 10:51:45.521131556 +0200 @@ -27,7 +27,7 @@ # need ssl always for python-pycurl %bcond_without openssl Name: curl -Version: 7.60.0 +Version: 7.61.0 Release: 0 Summary: A Tool for Transferring Data from URLs License: curl @@ -116,7 +116,7 @@ %prep %setup -q -n curl-%{version} -%patch0 +%patch0 -p1 %patch1 %patch2 %ifarch ppc ppc64 ppc64le ++++++ curl-7.60.0.tar.gz -> curl-7.61.0.tar.gz ++++++ ++++ 42090 lines of diff (skipped) ++++++ libcurl-ocloexec.patch ++++++ --- /var/tmp/diff_new_pack.7VD4FW/_old 2018-07-27 10:51:46.253132958 +0200 +++ /var/tmp/diff_new_pack.7VD4FW/_new 2018-07-27 10:51:46.253132958 +0200 @@ -7,10 +7,10 @@ compile time is not enough. -Index: lib/file.c +Index: curl-7.61.0/lib/file.c =================================================================== ---- lib/file.c.orig -+++ lib/file.c +--- curl-7.61.0.orig/lib/file.c 2018-07-09 08:42:12.000000000 +0200 ++++ curl-7.61.0/lib/file.c 2018-07-17 15:47:25.259601877 +0200 @@ -190,7 +190,7 @@ static CURLcode file_connect(struct conn return CURLE_URL_MALFORMAT; } @@ -20,7 +20,7 @@ file->path = real_path; #endif file->freepath = real_path; /* free this when done */ -@@ -285,7 +285,7 @@ static CURLcode file_upload(struct conne +@@ -283,7 +283,7 @@ static CURLcode file_upload(struct conne else mode = MODE_DEFAULT|O_TRUNC; @@ -29,10 +29,10 @@ if(fd < 0) { failf(data, "Can't open %s for writing", file->path); return CURLE_WRITE_ERROR; -Index: lib/hostip6.c +Index: curl-7.61.0/lib/hostip6.c =================================================================== ---- lib/hostip6.c.orig -+++ lib/hostip6.c +--- curl-7.61.0.orig/lib/hostip6.c 2018-07-09 08:42:12.000000000 +0200 ++++ curl-7.61.0/lib/hostip6.c 2018-07-17 15:47:25.259601877 +0200 @@ -44,7 +44,7 @@ #ifdef HAVE_PROCESS_H #include <process.h> @@ -42,7 +42,7 @@ #include "urldata.h" #include "sendf.h" #include "hostip.h" -@@ -103,7 +103,7 @@ bool Curl_ipv6works(void) +@@ -70,7 +70,7 @@ bool Curl_ipv6works(void) static int ipv6_works = -1; if(-1 == ipv6_works) { /* probe to see if we have a working IPv6 stack */ @@ -51,10 +51,10 @@ if(s == CURL_SOCKET_BAD) /* an IPv6 address was requested but we can't get/use one */ ipv6_works = 0; -Index: lib/if2ip.c +Index: curl-7.61.0/lib/if2ip.c =================================================================== ---- lib/if2ip.c.orig -+++ lib/if2ip.c +--- curl-7.61.0.orig/lib/if2ip.c 2018-05-07 10:20:04.000000000 +0200 ++++ curl-7.61.0/lib/if2ip.c 2018-07-17 15:47:25.259601877 +0200 @@ -225,7 +225,7 @@ if2ip_result_t Curl_if2ip(int af, unsign if(len >= sizeof(req.ifr_name)) return IF2IP_NOT_FOUND; @@ -64,11 +64,11 @@ if(CURL_SOCKET_BAD == dummy) return IF2IP_NOT_FOUND; -Index: lib/connect.c +Index: curl-7.61.0/lib/connect.c =================================================================== ---- lib/connect.c.orig -+++ lib/connect.c -@@ -1389,7 +1389,7 @@ CURLcode Curl_socket(struct connectdata +--- curl-7.61.0.orig/lib/connect.c 2018-07-09 08:42:12.000000000 +0200 ++++ curl-7.61.0/lib/connect.c 2018-07-17 15:47:25.259601877 +0200 +@@ -1387,7 +1387,7 @@ CURLcode Curl_socket(struct connectdata } else /* opensocket callback not set, so simply create the socket now */ @@ -77,15 +77,16 @@ if(*sockfd == CURL_SOCKET_BAD) /* no socket, no connection */ -Index: configure.ac +Index: curl-7.61.0/configure.ac =================================================================== ---- configure.ac.orig -+++ configure.ac -@@ -188,6 +188,7 @@ AC_CANONICAL_HOST - dnl Get system canonical name - AC_DEFINE_UNQUOTED(OS, "${host}", [cpu-machine-OS]) +--- curl-7.61.0.orig/configure.ac 2018-07-17 15:47:25.263601899 +0200 ++++ curl-7.61.0/configure.ac 2018-07-17 15:49:06.252122189 +0200 +@@ -191,6 +191,8 @@ AC_DEFINE_UNQUOTED(OS, "${host}", [cpu-m + # Silence warning: ar: 'u' modifier ignored since 'D' is the default + AC_SUBST(AR_FLAGS, [cr]) +AC_USE_SYSTEM_EXTENSIONS - dnl Checks for programs. - ++ dnl This defines _ALL_SOURCE for AIX + CURL_CHECK_AIX_ALL_SOURCE +
