Hello community, here is the log from the commit of package curl for openSUSE:Factory checked in at 2013-04-14 10:13:27 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/curl (Old) and /work/SRC/openSUSE:Factory/.curl.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "curl", Maintainer is "[email protected]" Changes: -------- --- /work/SRC/openSUSE:Factory/curl/curl.changes 2013-02-18 13:46:24.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.curl.new/curl.changes 2013-04-14 10:13:29.000000000 +0200 @@ -1,0 +2,35 @@ +Fri Apr 12 11:36:47 UTC 2013 - [email protected] + +- update to 7.30.0 + includes security fixes for CVE-2013-0249 and CVE-2013-1944 + (bugs bnc#814655 and bnc#802411 respectively) + (dropped curl-CVE-2013-0249.patch) +- Changes: + imap: Changed response tag generation to be completely unique + imap: Added support for SASL-IR extension + imap: Added support for the list command + imap: Added support for the append command + imap: Added custom request parsing + imap: Added support to the fetch command for UID and SECTION properties + imap: Added parsing and verification of the UIDVALIDITY mailbox attribute + imap/pop3/smtp: Added support for the STARTTLS capability + checksrc: ban use of sprintf, vsprintf, strcat, strncat and gets + curl_global_init() now accepts the CURL_GLOBAL_ACK_EINTR flag + Added CURLMOPT_MAX_HOST_CONNECTIONS, CURLMOPT_MAX_TOTAL_CONNECTIONS + for new multi interface connection handling + Added CURLMOPT_MAX_PIPELINE_LENGTH, CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE, + CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE, CURLMOPT_PIPELINING_SITE_BL + and CURLMOPT_PIPELI NING_SERVER_BL for new pipelining control + test: offer "automake" output and check for perl better + always-multi: always use non-blocking internals + imap: Added support for sasl digest-md5 authentication + imap: Added support for sasl cram-md5 authentication + imap: Added support for sasl ntlm authentication + imap: Added support for sasl login authentication + imap: Added support for sasl plain text authentication + imap: Added support for login disabled server capability + mk-ca-bundle: add -f, support passing to stdout and more + writeout: -w now supports remote_ip/port and local_ip/port +- refreshed patches + +------------------------------------------------------------------- Old: ---- curl-7.28.1.tar.lzma curl-7.28.1.tar.lzma.asc curl-CVE-2013-0249.patch New: ---- curl-7.30.0.tar.lzma curl-7.30.0.tar.lzma.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ curl.spec ++++++ --- /var/tmp/diff_new_pack.KN6a2u/_old 2013-04-14 10:13:32.000000000 +0200 +++ /var/tmp/diff_new_pack.KN6a2u/_new 2013-04-14 10:13:32.000000000 +0200 @@ -21,7 +21,7 @@ %bcond_without testsuite Name: curl -Version: 7.28.1 +Version: 7.30.0 Release: 0 Summary: A Tool for Transferring Data from URLs License: BSD-3-Clause and MIT @@ -33,7 +33,6 @@ Source4: %{name}.keyring Patch: libcurl-ocloexec.patch Patch1: dont-mess-with-rpmoptflags.diff -Patch2: curl-CVE-2013-0249.patch Patch3: curl-secure-getenv.patch # Use rpmbuild -D 'VERIFY_SIG 1' to verify signature during build or run one-shot check by "gpg-offline --verify --package=curl curl-*.asc". %if 0%{?VERIFY_SIG} @@ -100,9 +99,13 @@ %setup -q %patch %patch1 -%patch2 -p1 %patch3 %build +# curl complains if macro definition is contained in CFLAGS +# see m4/xc-val-flgs.m4 +CPPFLAGS="-D_FORTIFY_SOURCE=2" +CFLAGS=$(echo $RPM_OPT_FLAGS | sed 's/-D_FORTIFY_SOURCE=2//') +export CPPFLAGS CFLAGS autoreconf -fi # local hack to make curl-config --libs stop printing libraries it depends on # (currently, libtool sets link_all_deplibs=(yes|unknown) everywhere, ++++++ curl-secure-getenv.patch ++++++ --- /var/tmp/diff_new_pack.KN6a2u/_old 2013-04-14 10:13:32.000000000 +0200 +++ /var/tmp/diff_new_pack.KN6a2u/_new 2013-04-14 10:13:32.000000000 +0200 @@ -1,6 +1,8 @@ ---- lib/getenv.c.orig -+++ lib/getenv.c -@@ -31,6 +31,14 @@ +Index: lib/getenv.c +=================================================================== +--- lib/getenv.c.orig 2013-04-12 13:31:59.056761437 +0200 ++++ lib/getenv.c 2013-04-12 13:36:25.654762399 +0200 +@@ -27,6 +27,14 @@ #include "memdebug.h" @@ -15,18 +17,20 @@ static char *GetEnv(const char *variable) { -@@ -45,7 +53,7 @@ char *GetEnv(const char *variable) +@@ -41,7 +49,7 @@ char *GetEnv(const char *variable) ExpandEnvironmentStringsA(temp, env, sizeof(env)); return (env[0] != '\0')?strdup(env):NULL; #else - char *env = getenv(variable); + char *env = secure_getenv(variable); - #ifdef __VMS - if(env && strcmp("HOME",variable) == 0) - env = decc_translate_vms(env); ---- configure.ac.orig -+++ configure.ac -@@ -3480,6 +3480,8 @@ if test "x$want_curldebug_assumed" = "xy + return (env && env[0])?strdup(env):NULL; + #endif + #endif +Index: configure.ac +=================================================================== +--- configure.ac.orig 2013-04-12 13:31:59.057761467 +0200 ++++ configure.ac 2013-04-12 13:32:00.823814454 +0200 +@@ -3475,6 +3475,8 @@ if test "x$want_curldebug_assumed" = "xy ac_configure_args="$ac_configure_args --enable-curldebug" fi ++++++ libcurl-ocloexec.patch ++++++ --- /var/tmp/diff_new_pack.KN6a2u/_old 2013-04-14 10:13:32.000000000 +0200 +++ /var/tmp/diff_new_pack.KN6a2u/_new 2013-04-14 10:13:32.000000000 +0200 @@ -9,9 +9,9 @@ Index: lib/cookie.c =================================================================== ---- lib/cookie.c.orig 2012-08-08 23:38:25.000000000 +0200 -+++ lib/cookie.c 2013-02-07 11:55:15.146276477 +0100 -@@ -736,7 +736,7 @@ struct CookieInfo *Curl_cookie_init(stru +--- lib/cookie.c.orig 2013-04-12 13:25:07.866367012 +0200 ++++ lib/cookie.c 2013-04-12 13:25:29.391017340 +0200 +@@ -750,7 +750,7 @@ struct CookieInfo *Curl_cookie_init(stru fp = NULL; } else @@ -20,7 +20,7 @@ c->newsession = newsession; /* new session? */ -@@ -1060,7 +1060,7 @@ static int cookie_output(struct CookieIn +@@ -1091,7 +1091,7 @@ static int cookie_output(struct CookieIn use_stdout=TRUE; } else { @@ -31,9 +31,9 @@ } Index: lib/file.c =================================================================== ---- lib/file.c.orig 2012-11-13 22:04:27.000000000 +0100 -+++ lib/file.c 2013-02-07 11:55:15.147276507 +0100 -@@ -249,7 +249,7 @@ static CURLcode file_connect(struct conn +--- lib/file.c.orig 2013-04-12 13:25:07.867367042 +0200 ++++ lib/file.c 2013-04-12 13:25:29.391017340 +0200 +@@ -243,7 +243,7 @@ static CURLcode file_connect(struct conn fd = open_readonly(actual_path, O_RDONLY|O_BINARY); file->path = actual_path; #else @@ -42,7 +42,7 @@ file->path = real_path; #endif file->freepath = real_path; /* free this when done */ -@@ -347,7 +347,7 @@ static CURLcode file_upload(struct conne +@@ -341,7 +341,7 @@ static CURLcode file_upload(struct conne else mode = MODE_DEFAULT|O_TRUNC; @@ -53,9 +53,9 @@ return CURLE_WRITE_ERROR; Index: lib/formdata.c =================================================================== ---- lib/formdata.c.orig 2012-08-08 22:45:18.000000000 +0200 -+++ lib/formdata.c 2013-02-07 11:55:15.147276507 +0100 -@@ -1207,7 +1207,7 @@ CURLcode Curl_getformdata(struct Session +--- lib/formdata.c.orig 2013-04-12 13:25:07.868367072 +0200 ++++ lib/formdata.c 2013-04-12 13:25:29.392017370 +0200 +@@ -1234,7 +1234,7 @@ CURLcode Curl_getformdata(struct Session FILE *fileread; fileread = strequal("-", file->contents)? @@ -64,7 +64,7 @@ /* * VMS: This only allows for stream files on VMS. Stream files are -@@ -1338,7 +1338,7 @@ static size_t readfromfile(struct Form * +@@ -1365,7 +1365,7 @@ static size_t readfromfile(struct Form * else { if(!form->fp) { /* this file hasn't yet been opened */ @@ -75,9 +75,9 @@ } Index: lib/hostip6.c =================================================================== ---- lib/hostip6.c.orig 2012-03-08 20:35:24.000000000 +0100 -+++ lib/hostip6.c 2013-02-07 11:55:15.147276507 +0100 -@@ -45,7 +45,7 @@ +--- lib/hostip6.c.orig 2013-04-12 13:25:07.868367072 +0200 ++++ lib/hostip6.c 2013-04-12 13:25:29.392017370 +0200 +@@ -39,7 +39,7 @@ #ifdef HAVE_PROCESS_H #include <process.h> #endif @@ -86,7 +86,7 @@ #include "urldata.h" #include "sendf.h" #include "hostip.h" -@@ -113,7 +113,7 @@ bool Curl_ipv6works(void) +@@ -107,7 +107,7 @@ bool Curl_ipv6works(void) static int ipv6_works = -1; if(-1 == ipv6_works) { /* probe to see if we have a working IPv6 stack */ @@ -97,22 +97,22 @@ ipv6_works = 0; Index: lib/if2ip.c =================================================================== ---- lib/if2ip.c.orig 2012-03-08 20:35:24.000000000 +0100 -+++ lib/if2ip.c 2013-02-07 11:55:15.148276537 +0100 -@@ -153,7 +153,7 @@ char *Curl_if2ip(int af, const char *int +--- lib/if2ip.c.orig 2013-04-12 13:25:07.869367102 +0200 ++++ lib/if2ip.c 2013-04-12 13:25:29.393017400 +0200 +@@ -171,7 +171,7 @@ if2ip_result_t Curl_if2ip(int af, unsign if(len >= sizeof(req.ifr_name)) - return NULL; + return IF2IP_NOT_FOUND; - dummy = socket(AF_INET, SOCK_STREAM, 0); + dummy = socket(AF_INET, SOCK_STREAM | SOCK_CLOEXEC, 0); if(CURL_SOCKET_BAD == dummy) - return NULL; + return IF2IP_NOT_FOUND; Index: lib/netrc.c =================================================================== ---- lib/netrc.c.orig 2012-08-08 22:45:18.000000000 +0200 -+++ lib/netrc.c 2013-02-07 11:55:15.148276537 +0100 -@@ -107,7 +107,7 @@ int Curl_parsenetrc(const char *host, +--- lib/netrc.c.orig 2013-04-12 13:25:07.869367102 +0200 ++++ lib/netrc.c 2013-04-12 13:25:29.393017400 +0200 +@@ -97,7 +97,7 @@ int Curl_parsenetrc(const char *host, netrc_alloc = TRUE; } @@ -123,9 +123,9 @@ char *tok_buf; Index: lib/ssluse.c =================================================================== ---- lib/ssluse.c.orig 2012-11-13 23:01:17.000000000 +0100 -+++ lib/ssluse.c 2013-02-07 11:55:15.149276568 +0100 -@@ -437,7 +437,7 @@ int cert_stuff(struct connectdata *conn, +--- lib/ssluse.c.orig 2013-04-12 13:25:07.870367132 +0200 ++++ lib/ssluse.c 2013-04-12 13:25:29.394017430 +0200 +@@ -419,7 +419,7 @@ int cert_stuff(struct connectdata *conn, STACK_OF(X509) *ca = NULL; int i; @@ -134,7 +134,7 @@ if(!f) { failf(data, "could not open PKCS12 file '%s'", cert_file); return 0; -@@ -2274,7 +2274,7 @@ static CURLcode servercert(struct connec +@@ -2246,7 +2246,7 @@ static CURLcode servercert(struct connec /* e.g. match issuer name with provided issuer certificate */ if(data->set.str[STRING_SSL_ISSUERCERT]) { @@ -145,9 +145,9 @@ failf(data, "SSL: Unable to open issuer cert (%s)", Index: lib/connect.c =================================================================== ---- lib/connect.c.orig 2012-11-13 22:02:15.000000000 +0100 -+++ lib/connect.c 2013-02-07 11:55:15.149276568 +0100 -@@ -1238,7 +1238,7 @@ CURLcode Curl_socket(struct connectdata +--- lib/connect.c.orig 2013-04-12 13:25:07.871367163 +0200 ++++ lib/connect.c 2013-04-12 13:25:29.394017430 +0200 +@@ -1308,7 +1308,7 @@ CURLcode Curl_socket(struct connectdata (struct curl_sockaddr *)addr); else /* opensocket callback not set, so simply create the socket now */ @@ -158,17 +158,17 @@ /* no socket, no connection */ Index: configure.ac =================================================================== ---- configure.ac.orig 2012-09-08 22:39:18.000000000 +0200 -+++ configure.ac 2013-02-07 11:58:27.875122101 +0100 -@@ -180,6 +180,7 @@ AC_CANONICAL_HOST +--- configure.ac.orig 2013-04-12 13:25:07.873367223 +0200 ++++ configure.ac 2013-04-12 13:25:29.396017491 +0200 +@@ -183,6 +183,7 @@ AC_CANONICAL_HOST dnl Get system canonical name AC_DEFINE_UNQUOTED(OS, "${host}", [cpu-machine-OS]) +AC_USE_SYSTEM_EXTENSIONS dnl Checks for programs. - CURL_CHECK_PROG_CC -@@ -193,6 +194,7 @@ dnl Our configure and build reentrant se + dnl Our curl_off_t internal and external configure settings +@@ -195,6 +196,7 @@ dnl Our configure and build reentrant se CURL_CONFIGURE_THREAD_SAFE CURL_CONFIGURE_REENTRANT @@ -176,16 +176,3 @@ dnl check for how to do large files AC_SYS_LARGEFILE -Index: m4/curl-compilers.m4 -=================================================================== ---- m4/curl-compilers.m4.orig 2012-11-16 13:02:23.000000000 +0100 -+++ m4/curl-compilers.m4 2013-02-07 11:55:15.151276630 +0100 -@@ -1272,7 +1272,7 @@ dnl CPPFLAGS from being unexpectedly cha - AC_DEFUN([CURL_CHECK_PROG_CC], [ - ac_save_CFLAGS="$CFLAGS" - ac_save_CPPFLAGS="$CPPFLAGS" -- AC_PROG_CC -+ AC_PROG_CC_STDC - CFLAGS="$ac_save_CFLAGS" - CPPFLAGS="$ac_save_CPPFLAGS" - ]) -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
