Hello community, here is the log from the commit of package curl for openSUSE:Factory checked in at 2018-11-06 15:26:51 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/curl (Old) and /work/SRC/openSUSE:Factory/.curl.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "curl" Tue Nov 6 15:26:51 2018 rev:139 rq:645714 version:7.62.0 Changes: -------- --- /work/SRC/openSUSE:Factory/curl/curl-mini.changes 2018-09-07 15:34:40.282848438 +0200 +++ /work/SRC/openSUSE:Factory/.curl.new/curl-mini.changes 2018-11-06 15:27:37.252318361 +0100 @@ -1,0 +2,120 @@ +Wed Oct 31 09:23:37 UTC 2018 - Pedro Monreal Gonzalez <pmonrealgonza...@suse.com> + +- Update to version 7.62.0 + Changes: + * multiplex: enable by default + * url: default to CURL_HTTP_VERSION_2TLS if built h2-enabled + * setopt: add CURLOPT_DOH_URL + * curl: --doh-url added + * setopt: add CURLOPT_UPLOAD_BUFFERSIZE: set upload buffer size + * imap: change from "FETCH" to "UID FETCH" + * configure: add option to disable automatic OpenSSL config loading + * upkeep: add a connection upkeep API: curl_easy_upkeep() + * URL-API: added five new functions + * vtls: MesaLink is a new TLS backend + Bugfixes: + * CVE-2018-16839: SASL password overflow via integer overflow [bsc#1112758] + * CVE-2018-16840: use-after-free in handle close [bsc#1113029] + * CVE-2018-16842: warning message out-of-buffer read [bsc#1113660] + * CURLOPT_DNS_USE_GLOBAL_CACHE: deprecated + * Curl_dedotdotify(): always nul terminate returned string + * Curl_follow: Always free the passed new URL + * Curl_http2_done: fix memleak in error path + * Curl_retry_request: fix memory leak + * Curl_saferealloc: Fixed typo in docblock + * FILE: fix CURLOPT_NOBODY and CURLOPT_HEADER output + * GnutTLS: TLS 1.3 support + * SECURITY-PROCESS: mention the bountygraph program + * VS projects: add USE_IPV6: + * certs: generate tests certs with sha256 digest algorithm + * checksrc: enable strict mode and warnings + * checksrc: handle zero scoped ignore commands + * cmake: Backport to work with CMake 3.0 again + * cmake: Improve config installation + * cmake: add support for transitive ZLIB target + * cmake: disable -Wpedantic-ms-format + * cmake: don't require OpenSSL if USE_OPENSSL=OFF + * cmake: fixed path used in generation of docs/tests + * cmake: remove unused *SOCKLEN_T variables + * cmake: suppress MSVC warning C4127 for libtest + * cmake: test and set missed defines during configuration + * config: Remove unused SIZEOF_VOIDP + * configure: force-use -lpthreads on HPUX + * configure: remove CURL_CONFIGURE_CURL_SOCKLEN_T + * configure: s/AC_RUN_IFELSE/CURL_RUN_IFELSE + * cookies: Remove redundant expired check + * cookies: fix leak when writing cookies to file + * curl-config.in: remove dependency on bc + * curl.1: --ipv6 mutexes ipv4 (fixed typo) + * curl: update the documentation of --tlsv1.0 + * curl_multi_wait: call getsock before figuring out timeout + * curl_ntlm_wb: check aprintf() return codes + * data-binary.d: clarify default content-type is x-www-form-urlencoded + * docs/CIPHERS: Mention the options used to set TLS 1.3 ciphers + * docs/CIPHERS: fix the TLS 1.3 cipher names + * docs/CIPHERS: mention the colon separation for OpenSSL + * docs/examples: URL updates + * docs: add "see also" links for SSL options + * example/asiohiper: insert warning comment about its status + * example/htmltidy: fix include paths of tidy libraries + * examples/http2-pushinmemory: receive HTTP/2 pushed files in memory + * examples/parseurl.c: show off the URL API + * examples: Fix memory leaks from realloc errors + * examples: do not wait when no transfers are running + * ftp: include command in Curl_ftpsend sendbuffer + * gskit: make sure to terminate version string + * gtls: Values stored to but never read + * hostip: fix check on Curl_shuffle_addr return value + * http2: fix memory leaks on error-path + * http: fix memleak in rewind error path + * krb5: fix memory leak in krb_auth + * memory: add missing curl_printf header + * memory: ensure to check allocation results + * multi: Fix error handling in the SENDPROTOCONNECT state + * multi: fix memory leak in content encoding related error path + * multi: make the closure handle "inherit" CURLOPT_NOSIGNAL + * netrc: free temporary strings if memory allocation fails + * nss: try to connect even if libnssckbi.so fails to load + * ntlm_wb: Fix memory leaks in ntlm_wb_response + * ntlm_wb: bail out if the response gets overly large + * openssl: assume engine support in 0.9.8 or later + * openssl: enable TLS 1.3 post-handshake auth + * openssl: fix gcc8 warning + * openssl: load built-in engines too + * openssl: make 'done' a proper boolean + * openssl: output the correct cipher list on TLS 1.3 error + * openssl: return CURLE_PEER_FAILED_VERIFICATION on failure to parse issuer + * openssl: show "proper" version number for libressl builds + * pipelining: deprecated + * rand: add comment to skip a clang-tidy false positive + * rtmp: fix for compiling with lwIP + * runtests: ignore disabled even when ranges are given + * schannel: unified error code handling + * sendf: Fix whitespace in infof/failf concatenation + * ssh: free the session on init failures + * ssl: deprecate CURLE_SSL_CACERT in favour of a unified error code + * system.h: use proper setting with Sun C++ as well + * test1299: use single quotes around asterisk + * test1452: mark as flaky + * test1651: unit test Curl_extract_certinfo() + * test320: strip out more HTML when comparing + * tests/negtelnetserver.py: fix Python2-ism in neg TELNET server + * tests: add unit tests for url.c + * tool_cb_hdr: handle failure of rename() + * travis: add a "make tidy" build that runs clang-tidy + * travis: add build for "configure --disable-verbose" + * travis: bump the Secure Transport build to use xcode + * travis: make distcheck scan for BOM markers + * unit1300: fix stack-use-after-scope AddressSanitizer warning + * urldata: Fix "connecting" comment + * urlglob: improve error message on bad globs + * vtls: fix ssl version "or later" behavior change for many backends + * x509asn1: Fix SAN IP address verification + * x509asn1: always check return code from getASN1Element() + * x509asn1: return CURLE_PEER_FAILED_VERIFICATION on failure to parse cert + * x509asn1: suppress left shift on signed value +- Rebased patches after update: + * curl-disabled-redirect-protocol-message.patch + * curl-use_OPENSSL_config.patch + +------------------------------------------------------------------- curl.changes: same change Old: ---- curl-7.61.1.tar.gz curl-7.61.1.tar.gz.asc New: ---- curl-7.62.0.tar.gz curl-7.62.0.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ curl-mini.spec ++++++ --- /var/tmp/diff_new_pack.nnv1PA/_old 2018-11-06 15:27:40.016314164 +0100 +++ /var/tmp/diff_new_pack.nnv1PA/_new 2018-11-06 15:27:40.016314164 +0100 @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -29,7 +29,7 @@ # need ssl always for python-pycurl %bcond_without openssl Name: curl-mini -Version: 7.61.1 +Version: 7.62.0 Release: 0 Summary: A Tool for Transferring Data from URLs License: curl ++++++ curl.spec ++++++ --- /var/tmp/diff_new_pack.nnv1PA/_old 2018-11-06 15:27:40.036314133 +0100 +++ /var/tmp/diff_new_pack.nnv1PA/_new 2018-11-06 15:27:40.040314128 +0100 @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -27,7 +27,7 @@ # need ssl always for python-pycurl %bcond_without openssl Name: curl -Version: 7.61.1 +Version: 7.62.0 Release: 0 Summary: A Tool for Transferring Data from URLs License: curl ++++++ curl-7.61.1.tar.gz -> curl-7.62.0.tar.gz ++++++ ++++ 55487 lines of diff (skipped) ++++++ curl-disabled-redirect-protocol-message.patch ++++++ --- /var/tmp/diff_new_pack.nnv1PA/_old 2018-11-06 15:27:41.108312506 +0100 +++ /var/tmp/diff_new_pack.nnv1PA/_new 2018-11-06 15:27:41.108312506 +0100 @@ -1,18 +1,20 @@ ---- a/lib/url.c -+++ a/lib/url.c -@@ -1955,9 +1955,13 @@ static CURLcode findprotocol(struct Curl_easy *data, - /* it is allowed for "normal" request, now do an extra check if this is - the result of a redirect */ - if(data->state.this_is_a_follow && -- !(data->set.redir_protocols & p->protocol)) -+ !(data->set.redir_protocols & p->protocol)) { - /* nope, get out */ -- break; -+ failf(data, "Redirect to protocol \"%s\" not supported or disabled in " LIBCURL_NAME, -+ protostr); +Index: curl-7.62.0/lib/url.c +=================================================================== +--- curl-7.62.0.orig/lib/url.c ++++ curl-7.62.0/lib/url.c +@@ -1976,9 +1976,13 @@ static CURLcode findprotocol(struct Curl + /* it is allowed for "normal" request, now do an extra check if this is + the result of a redirect */ + if(data->state.this_is_a_follow && +- !(data->set.redir_protocols & p->protocol)) ++ !(data->set.redir_protocols & p->protocol)) { + /* nope, get out */ +- ; ++ failf(data, "Redirect to protocol \"%s\" not supported or disabled in " LIBCURL_NAME, ++ protostr); + -+ return CURLE_UNSUPPORTED_PROTOCOL; -+ } - ++ return CURLE_UNSUPPORTED_PROTOCOL; ++ } + else { /* Perform setup complement if some. */ conn->handler = conn->given = p; ++++++ curl-use_OPENSSL_config.patch ++++++ --- /var/tmp/diff_new_pack.nnv1PA/_old 2018-11-06 15:27:41.132312470 +0100 +++ /var/tmp/diff_new_pack.nnv1PA/_new 2018-11-06 15:27:41.132312470 +0100 @@ -1,10 +1,10 @@ This basically reverts https://github.com/curl/curl/commit/7d2f61f66ab4e047fc9aefc2effc1ac6d340a66a -diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c -index 80e9bf940..ba227891f 100644 ---- a/lib/vtls/openssl.c -+++ b/lib/vtls/openssl.c -@@ -925,26 +925,12 @@ static int Curl_ossl_init(void) +Index: curl-7.62.0/lib/vtls/openssl.c +=================================================================== +--- curl-7.62.0.orig/lib/vtls/openssl.c ++++ curl-7.62.0/lib/vtls/openssl.c +@@ -982,28 +982,12 @@ static int Curl_ossl_init(void) ENGINE_load_builtin_engines(); #endif @@ -20,9 +20,11 @@ -#define CONF_MFLAGS_DEFAULT_SECTION 0x0 -#endif - +-#ifndef CURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG - CONF_modules_load_file(NULL, NULL, - CONF_MFLAGS_DEFAULT_SECTION| - CONF_MFLAGS_IGNORE_MISSING_FILE); +-#endif - #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && \ !defined(LIBRESSL_VERSION_NUMBER)
