Hello community, here is the log from the commit of package curl.3486 for openSUSE:13.1:Update checked in at 2015-02-10 15:05:56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:13.1:Update/curl.3486 (Old) and /work/SRC/openSUSE:13.1:Update/.curl.3486.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "curl.3486" Changes: -------- New Changes file: --- /dev/null 2014-12-25 22:38:16.200041506 +0100 +++ /work/SRC/openSUSE:13.1:Update/.curl.3486.new/curl.changes 2015-02-10 15:05:58.000000000 +0100 @@ -0,0 +1,1211 @@ +------------------------------------------------------------------- +Thu Jan 8 09:55:11 UTC 2015 - vci...@suse.com + +- update to 7.40.0: + * fixes CVE-2014-8150 (bnc#911363) + * fixes CVE-2014-3707 (bnc#901924) + * Changes: + http_digest: Added support for Windows SSPI based authentication + version info: Added Kerberos V5 to the supported features + Makefile: Added VC targets for WinIDN + config-win32: Introduce build targets for VS2012+ + SSL: Add PEM format support for public key pinning + smtp: Added support for the conversion of Unix newlines during mail send + smb: Added initial support for the SMB/CIFS protocol + Added support for HTTP over unix domain sockets, + via CURLOPT_UNIX_SOCKET_PATH and --unix-socket + sasl: Added support for GSS-API based Kerberos V5 authentication +- dropped patches (upstream): + * curl-CVE-2014-0015-NTLM_connection_reuse.patch + * curl-CVE-2014-0138.patch + * curl-CVE-2014-0139.patch + * curl-CVE-2014-3613.patch + * curl-allow_multiple_handle_removes.patch + * curl-test172_cookie_expiration.patch +- refresh remaining patches + +------------------------------------------------------------------- +Tue Sep 30 13:42:26 UTC 2014 - vci...@suse.com + +- fix a crash in libcurl when removing an already removed handle + (bnc#897816) + * added curl-allow_multiple_handle_removes.patch + +------------------------------------------------------------------- +Tue Sep 2 15:56:05 UTC 2014 - vci...@suse.com + +- fix for CVE-2014-3613 (bnc#894575) and CVE-2014-3620 (bnc#895991) + * libcurl cookie leaks + * added curl-CVE-2014-3613.patch + +------------------------------------------------------------------- +Wed Apr 2 10:43:38 UTC 2014 - vci...@suse.com + +- fixes for two security vulnerabilities: + * CVE-2014-0138 (bnc#868627) + - curl: wrong re-use of connections + - added: curl-CVE-2014-0138.patch + - removed: curl-CVE-2014-138-bad-reuse.patch + * CVE-2014-0139 (bnc#868629) + - curl: IP address wildcard certificate validation + - added: curl-CVE-2014-0139.patch + - removed curl-CVE-2014-139-reject-cert-ip-wildcards.patch + +------------------------------------------------------------------- +Mon Mar 17 11:16:10 UTC 2014 - vci...@suse.com + +- fixes for two security vulnerabilities: + * CVE-2014-138 (bnc#868627) + - curl: wrong re-use of connections + - added curl-CVE-2014-138-bad-reuse.patch + * CVE-2014-139 (bnc#868629) + - curl: IP address wildcard certificate validation + - curl-CVE-2014-139-reject-cert-ip-wildcards.patch + +------------------------------------------------------------------- +Tue Jan 14 12:33:28 UTC 2014 - vci...@suse.com + +- fix for CVE-2014-0015 (bnc#858673) + * re-use of wrong HTTP NTLM connection in libcurl + * added curl-CVE-2014-0015-NTLM_connection_reuse.patch +- fix test failure because of an expired cookie (bnc#862144) + * added curl-test172_cookie_expiration.patch + +------------------------------------------------------------------- +Mon Dec 2 11:26:06 UTC 2013 - vci...@suse.com + +- fix CVE-2013-4545 (bnc#849596) + = acknowledge VERIFYHOST without VERIFYPEER + +------------------------------------------------------------------- +Mon Aug 12 05:29:34 UTC 2013 - crrodrig...@opensuse.org + +- curl 7.32.0 +* curl: allow timeouts to accept decimal values +* CURLOPT_XFERINFOFUNCTION: introducing a new progress callback +* SIGPIPE: ignored while inside the library +* OpenSSL: check for read errors +* configure: automake 1.14 compatibility tweak +* curl_multi_wait: set revents for extra fds +* global dns cache: didn't work (regression) +* mk-ca-bundle.1: don't install on make install + + +------------------------------------------------------------------- +Mon Jul 1 18:56:33 UTC 2013 - co...@suse.com + +- avoid cycle between curl and krb5 by using krb5-mini-devel + +------------------------------------------------------------------- +Mon Jun 24 14:00:11 UTC 2013 - vci...@suse.com + +- update to 7.31.0 + * includes fix for CVE-2013-2174 (bnc#824517) + * SECURITY VULNERABILITY: curl_easy_unescape() may parse data + beyond the end of the input buffer [26] + * Changes: + darwinssl: add TLS session resumption + darwinssl: add TLS crypto authentication + imap/pop3/smtp: Added support for ;auth= in the URL + imap/pop3/smtp: Added support for ;auth= to CURLOPT_USERPWD + usercertinmem.c: add example showing user cert in memory + url: Added smtp and pop3 hostnames to the protocol detection list + imap/pop3/smtp: Added support for enabling the SASL initial response + curl -E: allow to use ':' in certificate nicknames + +------------------------------------------------------------------- +Fri Apr 12 11:36:47 UTC 2013 - vci...@suse.com + +- update to 7.30.0 + includes security fixes for CVE-2013-0249 and CVE-2013-1944 + (bugs bnc#814655 and bnc#802411 respectively) + (dropped curl-CVE-2013-0249.patch) +- Changes: + imap: Changed response tag generation to be completely unique + imap: Added support for SASL-IR extension + imap: Added support for the list command + imap: Added support for the append command + imap: Added custom request parsing + imap: Added support to the fetch command for UID and SECTION properties + imap: Added parsing and verification of the UIDVALIDITY mailbox attribute + imap/pop3/smtp: Added support for the STARTTLS capability + checksrc: ban use of sprintf, vsprintf, strcat, strncat and gets + curl_global_init() now accepts the CURL_GLOBAL_ACK_EINTR flag + Added CURLMOPT_MAX_HOST_CONNECTIONS, CURLMOPT_MAX_TOTAL_CONNECTIONS + for new multi interface connection handling + Added CURLMOPT_MAX_PIPELINE_LENGTH, CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE, + CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE, CURLMOPT_PIPELINING_SITE_BL + and CURLMOPT_PIPELI NING_SERVER_BL for new pipelining control + test: offer "automake" output and check for perl better + always-multi: always use non-blocking internals + imap: Added support for sasl digest-md5 authentication + imap: Added support for sasl cram-md5 authentication + imap: Added support for sasl ntlm authentication + imap: Added support for sasl login authentication + imap: Added support for sasl plain text authentication + imap: Added support for login disabled server capability + mk-ca-bundle: add -f, support passing to stdout and more + writeout: -w now supports remote_ip/port and local_ip/port +- refreshed patches + +------------------------------------------------------------------- +Sun Feb 17 17:04:34 UTC 2013 - crrodrig...@opensuse.org + +- Add curl-secure-getenv.patch: Use secure_getenv if available. + libcurl might be linked to a program where "secure execution" is + required. + +------------------------------------------------------------------- +Thu Feb 7 10:54:15 UTC 2013 - vci...@suse.com + +- fixed CVE-2013-0249 (bnc#802411) +- refreshed patches + +------------------------------------------------------------------- +Fri Jan 11 21:34:38 CET 2013 - sbra...@suse.cz + +- Break build loop and make GPG signature verification optional. + +------------------------------------------------------------------- +Tue Nov 27 20:05:00 CET 2012 - sbra...@suse.cz + +- Verify GPG signature. + +------------------------------------------------------------------- +Tue Nov 20 23:43:24 UTC 2012 - crrodrig...@opensuse.org + +- Curl 7.28.1 +* FTP: prevent the multi interface from blocking Obsoletes + curl-ftp-prevent-the-multi-interface-from-blocking.patch +* don't send '#' fragments when using proxy +* OpenSSL: Disable SSL/TLS compression - avoid the "CRIME" attack +* TFTP: handle resend +* memory leak: CURLOPT_RESOLVE with multi interface +* SSL: Several SSL-backend related fixes + +------------------------------------------------------------------- +Sun Nov 4 19:57:33 UTC 2012 - g...@opensuse.org + +- added curl-ftp-prevent-the-multi-interface-from-blocking.patch in + order to prevent the multi interface from blocking when using ftp + and the remote end responds very slowly (sf#3579064) + +------------------------------------------------------------------- +Sun Jul 29 22:14:25 UTC 2012 - crrodrig...@opensuse.org + +- Curl 7.27.0 +* support metalinks ++++ 1014 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:13.1:Update/.curl.3486.new/curl.changes New: ---- baselibs.conf curl-7.40.0.tar.lzma curl-7.40.0.tar.lzma.asc curl-secure-getenv.patch curl.changes curl.keyring curl.spec dont-mess-with-rpmoptflags.diff libcurl-ocloexec.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ curl.spec ++++++ # # spec file for package curl # # Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # %bcond_without openssl %bcond_with mozilla_nss %bcond_without testsuite Name: curl Version: 7.40.0 Release: 0 Summary: A Tool for Transferring Data from URLs License: BSD-3-Clause and MIT Group: Productivity/Networking/Web/Utilities Url: http://curl.haxx.se/ Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma Source2: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma.asc Source3: baselibs.conf Source4: %{name}.keyring Patch: libcurl-ocloexec.patch Patch1: dont-mess-with-rpmoptflags.diff Patch3: curl-secure-getenv.patch # Use rpmbuild -D 'VERIFY_SIG 1' to verify signature during build or run one-shot check by "gpg-offline --verify --package=curl curl-*.asc". %if 0%{?VERIFY_SIG} BuildRequires: gpg-offline %endif BuildRequires: libidn-devel BuildRequires: libtool BuildRequires: lzma BuildRequires: openldap2-devel BuildRequires: pkg-config BuildRequires: zlib-devel %if %{with openssl} BuildRequires: openssl-devel %endif %if %{with mozilla_nss} BuildRequires: mozilla-nss-devel %endif BuildRequires: krb5-mini-devel BuildRequires: libssh2-devel BuildRequires: openssh %if 0%{?_with_stunnel:1} # used by the testsuite BuildRequires: stunnel %endif BuildRoot: %{_tmppath}/%{name}-%{version}-build # bug437293 %ifarch ppc64 Obsoletes: curl-64bit %endif %description Curl is a client to get documents and files from or send documents to a server using any of the supported protocols (HTTP, HTTPS, FTP, FTPS, TFTP, DICT, TELNET, LDAP, or FILE). The command is designed to work without user interaction or any kind of interactivity. %package -n libcurl4 Summary: Version 4 of cURL shared library Group: Productivity/Networking/Web/Utilities %description -n libcurl4 The cURL shared library version 4 for accessing data using different network protocols. %package -n libcurl-devel Summary: A Tool for Transferring Data from URLs Group: Development/Libraries/C and C++ Requires: glibc-devel Requires: libcurl4 = %{version} # curl-devel (v 7.15.5) was last used in 10.2 Provides: curl-devel <= 7.15.5 Obsoletes: curl-devel < 7.16.2 %description -n libcurl-devel Curl is a client to get documents and files from or send documents to a server using any of the supported protocols (HTTP, HTTPS, FTP, GOPHER, DICT, TELNET, LDAP, or FILE). The command is designed to work without user interaction or any kind of interactivity. %prep %if 0%{?VERIFY_SIG} %gpg_verify %{S:2} %endif %setup -q %patch %patch1 %patch3 %build # curl complains if macro definition is contained in CFLAGS # see m4/xc-val-flgs.m4 CPPFLAGS="-D_FORTIFY_SOURCE=2" CFLAGS=$(echo $RPM_OPT_FLAGS | sed 's/-D_FORTIFY_SOURCE=2//') export CPPFLAGS CFLAGS autoreconf -fi # local hack to make curl-config --libs stop printing libraries it depends on # (currently, libtool sets link_all_deplibs=(yes|unknown) everywhere, # will hopefully change in the future) sed -i 's/link_all_deplibs=unknown/link_all_deplibs=no/' configure %configure \ --enable-ipv6 \ %if %{with openssl} --with-ssl \ --with-ca-path=/etc/ssl/certs/ \ %else --without-ssl \ %if %{with mozilla_nss} --with-nss \ %endif %endif --with-gssapi=/usr/lib/mit \ --with-libssh2\ --enable-hidden-symbols \ --disable-static \ --enable-threaded-resolver : if this fails, the above sed hack did not work ./libtool --config | grep -q link_all_deplibs=no # enable-hidden-symbols needs gcc4 and causes that curl exports only its API make %{?_smp_mflags} %if %{with testsuite} %check cd tests make # make sure the testsuite runs don't race on MP machines in autobuild if test -z "$BUILD_INCARNATION" -a -r /.buildenv; then . /.buildenv fi if test -z "$BUILD_INCARNATION"; then BUILD_INCARNATION=0 fi base=$((8990 + $BUILD_INCARNATION * 20)) perl ./runtests.pl -a -b$base || { %if 0%{?curl_testsuite_fatal:1} exit %else echo "WARNING: runtests.pl failed with code $?, continuing nevertheless" %endif } %endif %install %{makeinstall} rm $RPM_BUILD_ROOT%_libdir/libcurl.la install -d $RPM_BUILD_ROOT/usr/share/aclocal install -m 644 docs/libcurl/libcurl.m4 $RPM_BUILD_ROOT/usr/share/aclocal/ %post -n libcurl4 -p /sbin/ldconfig %postun -n libcurl4 -p /sbin/ldconfig %files %defattr(-,root,root) %doc README RELEASE-NOTES %doc docs/{BUGS,FAQ,FEATURES,MANUAL,RESOURCES,TODO,TheArtOfHttpScripting} %doc lib/README.curl_off_t %{_prefix}/bin/curl %doc %{_mandir}/man1/curl.1%{ext_man} %files -n libcurl4 %defattr(-,root,root) %{_libdir}/libcurl.so.4* %files -n libcurl-devel %defattr(-,root,root) %{_prefix}/bin/curl-config %{_prefix}/include/curl %dir %{_prefix}/share/aclocal %{_prefix}/share/aclocal/libcurl.m4 %{_libdir}/libcurl.so %{_libdir}/pkgconfig/libcurl.pc %{_mandir}/man1/curl-config.1%{ext_man} %{_mandir}/man3/* %doc docs/libcurl/symbols-in-versions %changelog ++++++ baselibs.conf ++++++ libcurl4 obsoletes "curl-<targettype> <= <version>" provides "curl-<targettype> = <version>" curl-devel requires -curl-<targettype> requires "libcurl4-<targettype> = <version>" ++++++ curl-secure-getenv.patch ++++++ Index: lib/getenv.c =================================================================== --- lib/getenv.c.orig 2014-11-04 13:51:16.000000000 +0100 +++ lib/getenv.c 2015-02-03 09:57:17.414439765 +0100 @@ -27,6 +27,14 @@ #include "memdebug.h" +#ifndef HAVE_SECURE_GETENV +# ifdef HAVE__SECURE_GETENV +# define secure_getenv __secure_getenv +# else +# error neither secure_getenv nor __secure_getenv is available +# endif +#endif + static char *GetEnv(const char *variable) { @@ -41,7 +49,7 @@ char *GetEnv(const char *variable) ExpandEnvironmentStringsA(temp, env, sizeof(env)); return (env[0] != '\0')?strdup(env):NULL; #else - char *env = getenv(variable); + char *env = secure_getenv(variable); return (env && env[0])?strdup(env):NULL; #endif #endif Index: configure.ac =================================================================== --- configure.ac.orig 2015-02-03 09:57:11.597389601 +0100 +++ configure.ac 2015-02-03 09:57:17.415439774 +0100 @@ -3546,6 +3546,8 @@ if test "x$want_curldebug_assumed" = "xy ac_configure_args="$ac_configure_args --enable-curldebug" fi +AC_CHECK_FUNCS([__secure_getenv secure_getenv]) + AC_CONFIG_FILES([Makefile \ docs/Makefile \ docs/examples/Makefile \ ++++++ curl.keyring ++++++ pub 1024D/279D5C91 2003-04-28 uid Daniel Stenberg (Haxx) <dan...@haxx.se> sub 1024g/B70B3510 2003-04-28 -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v2.0.19 (GNU/Linux) mQGiBD6tnnoRBACRPnFBVoapBrTpPrCNZ2rq3DcmW6n/soQJW47+zP+vcrcxQ1WJ QiWSzLGO+QOIUZSYfnliR22r8HkFX9EUSW3IAcRMJMsaO3wMJ0a+78a9QqWLp6RV 0arcQkuuCvG79h+yJ6NnoAXe1geRt8vNGsaWtsS91CtYlTSs6JVtaRLnYwCg/Ly1 EFgvNZ6SJRc/8I5rRv0lrz8D/0goih2kZ5z4SI+r2hgABNcN7g565YwGKaQDbIch soh3OBzgETWc3wuAZqmCzQXPXMpMx+ziqX6XDzDKNiGL1CdrBJQd0II8UutWVDje f9UxLfo02YQ8diGYeq0u9k1RezC13w4TVUmQfg0Uqn4xM6DNzO1O6yCK8rlNwsvL gHNJA/9m1pfzjpvdxtmJNKRU3C4cRCjXhxNdM7laSEj0/wOGaR2QWWEge51orWwo SLQUIe4BDPvtRStQHC+tI7qr7d12rMMEBXviJC5EkGBOzlgWr9virjM/u/pkGMc2 m5r3pVuWH/JSsHsV952y2kWP64uP4zdLXOpVzX/xs0sYJ9nOPLQnRGFuaWVsIFN0 ZW5iZXJnIChIYXh4KSA8ZGFuaWVsQGhheHguc2U+iFkEExECABkFAj6tnnoECwcD AgMVAgMDFgIBAh4BAheAAAoJEHjhHGsnnVyRjngAn1gK6Q0qUTHwYJBAhIDmrRi0 ebfDAJ4qDSHd6UU2MEkkFCgGfYgEBXKbb7kBDQQ+rZ59EAQAmYsA8gPjJ75gOIPb XNg9Z31QzIz65qS9XdNsFNAdKxnY4b72nhc0oaS9/7Dcdf2Q+1mDa2p72DWk+9iz 7knmBL++csBP2z9eMe5h8oV53prqNOHDHyL3WLOa25ga9381gZnzWoQME74iSBBM wDw8vbLEgIZ34JaQ7Oe+9N3+6n8AAwcD/Av+Ms+3gCc5pLp4nx36qqi36fodaG9+ dwIcMbr9bivEtjmDHeuPsD6X1J9+Y/ikUBIDpMPv33lJxLoubOtpLhEuN2XN/ojT rueVPDKA1f+GyfHnyfpf/78IgX1hGVqu/3RBWKPpXFwSZA4q8vFR+FaPC5WbU68t FLJpYuC9ZO/LiEYEGBECAAYFAj6tnn0ACgkQeOEcayedXJGtPQCgxrbd59afemZ9 OIadZD8kUGC29dUAoJ94aGUkWCwoEiPyEZRGXv9XRlfx =yTQx -----END PGP PUBLIC KEY BLOCK----- ++++++ dont-mess-with-rpmoptflags.diff ++++++ Index: configure.ac =================================================================== --- configure.ac.orig 2015-02-03 09:55:01.831270398 +0100 +++ configure.ac 2015-02-03 09:57:11.597389601 +0100 @@ -262,10 +262,6 @@ dnl platform/compiler/architecture speci dnl ********************************************************************** CURL_CHECK_COMPILER -CURL_SET_COMPILER_BASIC_OPTS -CURL_SET_COMPILER_DEBUG_OPTS -CURL_SET_COMPILER_OPTIMIZE_OPTS -CURL_SET_COMPILER_WARNING_OPTS if test "$compiler_id" = "INTEL_UNIX_C"; then # ++++++ libcurl-ocloexec.patch ++++++ Open library file descriptors with O_CLOEXEC This patch is non-portable, it needs linux 2.6.23 and glibc 2.7 or later, different combinations (old linux, new glibc and vice-versa) will result in a crash. To make it portable you have to test O_CLOEXEC support at *runtime* compile time is not enough. Index: lib/cookie.c =================================================================== --- lib/cookie.c.orig 2015-02-03 09:54:29.421990828 +0100 +++ lib/cookie.c 2015-02-03 09:55:01.829270381 +0100 @@ -932,7 +932,7 @@ struct CookieInfo *Curl_cookie_init(stru fp = NULL; } else - fp = file?fopen(file, "r"):NULL; + fp = file?fopen(file, "re"):NULL; c->newsession = newsession; /* new session? */ @@ -1281,7 +1281,7 @@ static int cookie_output(struct CookieIn use_stdout=TRUE; } else { - out = fopen(dumphere, "w"); + out = fopen(dumphere, "we"); if(!out) return 1; /* failure */ } Index: lib/file.c =================================================================== --- lib/file.c.orig 2015-02-03 09:54:29.422990837 +0100 +++ lib/file.c 2015-02-03 09:56:28.377016869 +0100 @@ -240,7 +240,7 @@ static CURLcode file_connect(struct conn /* binary zeroes indicate foul play */ return CURLE_URL_MALFORMAT; - fd = open_readonly(real_path, O_RDONLY); + fd = open_readonly(real_path, O_RDONLY|O_CLOEXEC); file->path = real_path; #endif file->freepath = real_path; /* free this when done */ @@ -338,7 +338,7 @@ static CURLcode file_upload(struct conne else mode = MODE_DEFAULT|O_TRUNC; - fd = open(file->path, mode, conn->data->set.new_file_perms); + fd = open(file->path, mode | O_CLOEXEC, conn->data->set.new_file_perms); if(fd < 0) { failf(data, "Can't open %s for writing", file->path); return CURLE_WRITE_ERROR; Index: lib/formdata.c =================================================================== --- lib/formdata.c.orig 2015-02-03 09:54:29.423990845 +0100 +++ lib/formdata.c 2015-02-03 09:55:01.830270389 +0100 @@ -1261,7 +1261,7 @@ CURLcode Curl_getformdata(struct Session FILE *fileread; fileread = strequal("-", file->contents)? - stdin:fopen(file->contents, "rb"); /* binary read for win32 */ + stdin:fopen(file->contents, "rbe"); /* binary read for win32 */ /* * VMS: This only allows for stream files on VMS. Stream files are @@ -1420,7 +1420,7 @@ static size_t readfromfile(struct Form * else { if(!form->fp) { /* this file hasn't yet been opened */ - form->fp = fopen_read(form->data->line, "rb"); /* b is for binary */ + form->fp = fopen_read(form->data->line, "rbe"); /* b is for binary */ if(!form->fp) return (size_t)-1; /* failure */ } Index: lib/hostip6.c =================================================================== --- lib/hostip6.c.orig 2015-02-03 09:54:29.423990845 +0100 +++ lib/hostip6.c 2015-02-03 09:55:01.830270389 +0100 @@ -39,7 +39,7 @@ #ifdef HAVE_PROCESS_H #include <process.h> #endif - +#include <fcntl.h> #include "urldata.h" #include "sendf.h" #include "hostip.h" @@ -107,7 +107,7 @@ bool Curl_ipv6works(void) static int ipv6_works = -1; if(-1 == ipv6_works) { /* probe to see if we have a working IPv6 stack */ - curl_socket_t s = socket(PF_INET6, SOCK_DGRAM, 0); + curl_socket_t s = socket(PF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, 0); if(s == CURL_SOCKET_BAD) /* an IPv6 address was requested but we can't get/use one */ ipv6_works = 0; Index: lib/if2ip.c =================================================================== --- lib/if2ip.c.orig 2015-02-03 09:54:29.423990845 +0100 +++ lib/if2ip.c 2015-02-03 09:55:01.830270389 +0100 @@ -224,7 +224,7 @@ if2ip_result_t Curl_if2ip(int af, unsign if(len >= sizeof(req.ifr_name)) return IF2IP_NOT_FOUND; - dummy = socket(AF_INET, SOCK_STREAM, 0); + dummy = socket(AF_INET, SOCK_STREAM | SOCK_CLOEXEC, 0); if(CURL_SOCKET_BAD == dummy) return IF2IP_NOT_FOUND; Index: lib/netrc.c =================================================================== --- lib/netrc.c.orig 2015-02-03 09:54:29.423990845 +0100 +++ lib/netrc.c 2015-02-03 09:55:01.830270389 +0100 @@ -111,7 +111,7 @@ int Curl_parsenetrc(const char *host, netrc_alloc = TRUE; } - file = fopen(netrcfile, "r"); + file = fopen(netrcfile, "re"); if(netrc_alloc) Curl_safefree(netrcfile); if(file) { Index: lib/connect.c =================================================================== --- lib/connect.c.orig 2015-02-03 09:54:29.424990854 +0100 +++ lib/connect.c 2015-02-03 09:55:01.831270398 +0100 @@ -1314,7 +1314,7 @@ CURLcode Curl_socket(struct connectdata (struct curl_sockaddr *)addr); else /* opensocket callback not set, so simply create the socket now */ - *sockfd = socket(addr->family, addr->socktype, addr->protocol); + *sockfd = socket(addr->family, addr->socktype | SOCK_CLOEXEC, addr->protocol); if(*sockfd == CURL_SOCKET_BAD) /* no socket, no connection */ Index: configure.ac =================================================================== --- configure.ac.orig 2015-02-03 09:54:29.425990863 +0100 +++ configure.ac 2015-02-03 09:55:01.831270398 +0100 @@ -182,6 +182,7 @@ AC_CANONICAL_HOST dnl Get system canonical name AC_DEFINE_UNQUOTED(OS, "${host}", [cpu-machine-OS]) +AC_USE_SYSTEM_EXTENSIONS dnl Checks for programs. dnl Our curl_off_t internal and external configure settings @@ -194,6 +195,7 @@ dnl Our configure and build reentrant se CURL_CONFIGURE_THREAD_SAFE CURL_CONFIGURE_REENTRANT + dnl check for how to do large files AC_SYS_LARGEFILE -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
