Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package curl for openSUSE:Factory checked in
at 2024-07-30 11:53:10
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/curl (Old)
and /work/SRC/openSUSE:Factory/.curl.new.1882 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "curl"
Tue Jul 30 11:53:10 2024 rev:200 rq:1189336 version:8.9.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/curl/curl.changes 2024-06-22
13:23:27.154730915 +0200
+++ /work/SRC/openSUSE:Factory/.curl.new.1882/curl.changes 2024-07-30
11:53:12.322477102 +0200
@@ -1,0 +2,70 @@
+Wed Jul 24 07:07:57 UTC 2024 - Pedro Monreal <pmonr...@suse.com>
+
+- Update to 8.9.0:
+ * Security fixes:
+ - [bsc#1227888, CVE-2024-6197] curl: freeing stack buffer
+ in utf8asn1str
+ - [bsc#1228260, CVE-2024-6874] idn: tweak buffer use when
+ converting with macidn
+ * Changes:
+ - curl: add --ip-tos (IP Type of Service / Traffic Class)
+ - curl: add --mptcp
+ - curl: add --vlan-priority
+ - curl: add -w '%{num_retries}
+ - gnutls: support CA caching
+ - mbedtls: support CURLOPT_CERTINFO
+ - noproxy: patterns need to be comma separated
+ - socket: support binding to interface *AND* IP
+ - tcpkeepalive: add CURLOPT_TCP_KEEPCNT and --keepalive-cnt
+ - urlapi: add CURLU_NO_GUESS_SCHEME
+ - wolfssl: support CA caching
+ * Bugfixes:
+ - connection: shutdown TLS (for FTP) better
+ - curl-config: revert to backticks to support old target envs
+ - curl: allow etag and content-disposition for 3xx reply
+ - curl: bsearch the --write-out variable name
+ - curl: check for --disable case *sensitively*
+ - doh: fix leak and zero-length HTTPS RR crash
+ - file: separate fake headers and body with a stand-alone CRLF
+ - ftp: remove redundant null pointer check in loop condition
+ - gnutls: improve TLS shutdown
+ - gnutls: pass in SNI name, not hostname when checking cert
+ - hostip: skip error check for infallible function call
+ - http/3: add shutdown support
+ - http/3: resume upload on ack if we have more data to send
+ - lib: add a few DEBUGASSERT(data) to aid code analyzers
+ - lib: add failure reason on bind errors
+ - lib: graceful connection shutdown
+ - lib: xfer_setup and non-blocking shutdown
+ - multi: add multi->proto_hash, a key-value store for protocol data
+ - multi: do a final progress update on connect failure
+ - multi: fix multi_wait() timeout handling
+ - multi: fix pollset during RESOLVING phase
+ - ngtcp2+quictls: fix cert-status use
+ - noproxy: test bad ipv6 net size first
+ - openssl/gnutls: rectify the TLS version checks for QUIC
+ - openssl: fix hostname handling when using ECH
+ - openssl: stop duplicate ssl key logging for legacy OpenSSL
+ - quic: enable UDP GRO
+ - quic: openssl quic, cmake and doc version update to 3.3.0
+ - quic: require at least OpenSSL 3.3 for QUIC
+ - quic: update to quiche 0.22.0
+ - smtp: for starttls, do full upgrade
+ - tool_operate: avoid explicitly setting verifypeer to 1
+ - tool_writeout: get certinfo only when needing it
+ - transfer: avoid polling socket every transfer loop
+ - transfer: conn close on paused upload
+ - transfer: do not use EXPIRE_NOW while blocked
+ - transfer: remove curl_upload_refill_watermark, no longer used
+ - transfer: set CSELECT_IN if there is data pending
+ - url: allow DoH transfers to override max connection limit
+ - x509asn1: add some common ECDSA OIDs
+ - x509asn1: ASN1tostr() should fail when 'constructed' is set
+ - x509asn1: fallback to dotted OID representation
+ - x509asn1: prevent NULL dereference
+ - x509asn1: remove superfluous free()
+ - x509asn1: remove two static variables
+ * Rebase libcurl-ocloexec.patch
+ * Remove curl-make-install-curl-config.patch upstream
+
+-------------------------------------------------------------------
Old:
----
curl-8.8.0.tar.xz
curl-8.8.0.tar.xz.asc
curl-make-install-curl-config.patch
New:
----
curl-8.9.0.tar.xz
curl-8.9.0.tar.xz.asc
BETA DEBUG BEGIN:
Old: * Rebase libcurl-ocloexec.patch
* Remove curl-make-install-curl-config.patch upstream
BETA DEBUG END:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ curl.spec ++++++
--- /var/tmp/diff_new_pack.ughqjC/_old 2024-07-30 11:53:13.466523214 +0200
+++ /var/tmp/diff_new_pack.ughqjC/_new 2024-07-30 11:53:13.470523375 +0200
@@ -29,7 +29,7 @@
%endif
Name: curl%{?psuffix}
-Version: 8.8.0
+Version: 8.9.0
Release: 0
Summary: A Tool for Transferring Data from URLs
License: curl
@@ -43,8 +43,6 @@
Patch2: curl-secure-getenv.patch
#PATCH-FIX-OPENSUSE bsc#1076446 protocol redirection not supported or disabled
Patch3: curl-disabled-redirect-protocol-message.patch
-#PATCH-FIX-UPSTREAM Fix make install for curl-config.1
github.com/curl/curl/pull/13741
-Patch4: curl-make-install-curl-config.patch
BuildRequires: groff
BuildRequires: libtool
BuildRequires: pkgconfig
++++++ curl-8.8.0.tar.xz -> curl-8.9.0.tar.xz ++++++
++++ 109000 lines of diff (skipped)
++++++ libcurl-ocloexec.patch ++++++
--- /var/tmp/diff_new_pack.ughqjC/_old 2024-07-30 11:53:14.562567390 +0200
+++ /var/tmp/diff_new_pack.ughqjC/_new 2024-07-30 11:53:14.566567551 +0200
@@ -7,11 +7,11 @@
compile time is not enough.
-Index: curl-8.4.0/lib/file.c
+Index: curl-8.9.0/lib/file.c
===================================================================
---- curl-8.4.0.orig/lib/file.c
-+++ curl-8.4.0/lib/file.c
-@@ -232,7 +232,7 @@ static CURLcode file_connect(struct Curl
+--- curl-8.9.0.orig/lib/file.c
++++ curl-8.9.0/lib/file.c
+@@ -242,7 +242,7 @@ static CURLcode file_connect(struct Curl
}
}
#else
@@ -20,19 +20,19 @@
file->path = real_path;
#endif
#endif
-@@ -318,7 +318,7 @@ static CURLcode file_upload(struct Curl_
+@@ -329,7 +329,7 @@ static CURLcode file_upload(struct Curl_
else
mode = MODE_DEFAULT|O_TRUNC;
- fd = open(file->path, mode, data->set.new_file_perms);
+ fd = open(file->path, mode|O_CLOEXEC, data->set.new_file_perms);
if(fd < 0) {
- failf(data, "Can't open %s for writing", file->path);
+ failf(data, "cannot open %s for writing", file->path);
return CURLE_WRITE_ERROR;
-Index: curl-8.4.0/lib/if2ip.c
+Index: curl-8.9.0/lib/if2ip.c
===================================================================
---- curl-8.4.0.orig/lib/if2ip.c
-+++ curl-8.4.0/lib/if2ip.c
+--- curl-8.9.0.orig/lib/if2ip.c
++++ curl-8.9.0/lib/if2ip.c
@@ -208,7 +208,7 @@ if2ip_result_t Curl_if2ip(int af,
if(len >= sizeof(req.ifr_name))
return IF2IP_NOT_FOUND;
@@ -42,11 +42,11 @@
if(CURL_SOCKET_BAD == dummy)
return IF2IP_NOT_FOUND;
-Index: curl-8.4.0/configure.ac
+Index: curl-8.9.0/configure.ac
===================================================================
---- curl-8.4.0.orig/configure.ac
-+++ curl-8.4.0/configure.ac
-@@ -428,6 +428,8 @@ AC_DEFINE_UNQUOTED(OS, "${host}", [cpu-m
+--- curl-8.9.0.orig/configure.ac
++++ curl-8.9.0/configure.ac
+@@ -441,6 +441,8 @@ AC_DEFINE_UNQUOTED(OS, "${host}", [cpu-m
# Silence warning: ar: 'u' modifier ignored since 'D' is the default
AC_SUBST(AR_FLAGS, [cr])
@@ -55,10 +55,10 @@
dnl This defines _ALL_SOURCE for AIX
CURL_CHECK_AIX_ALL_SOURCE
-Index: curl-8.4.0/lib/hostip.c
+Index: curl-8.9.0/lib/hostip.c
===================================================================
---- curl-8.4.0.orig/lib/hostip.c
-+++ curl-8.4.0/lib/hostip.c
+--- curl-8.9.0.orig/lib/hostip.c
++++ curl-8.9.0/lib/hostip.c
@@ -44,6 +44,7 @@
#include <setjmp.h>
#include <signal.h>
@@ -67,20 +67,20 @@
#include "urldata.h"
#include "sendf.h"
#include "hostip.h"
-@@ -609,7 +610,7 @@ bool Curl_ipv6works(struct Curl_easy *da
+@@ -616,7 +617,7 @@ bool Curl_ipv6works(struct Curl_easy *da
else {
int ipv6_works = -1;
/* probe to see if we have a working IPv6 stack */
- curl_socket_t s = socket(PF_INET6, SOCK_DGRAM, 0);
+ curl_socket_t s = socket(PF_INET6, SOCK_DGRAM|SOCK_CLOEXEC, 0);
if(s == CURL_SOCKET_BAD)
- /* an IPv6 address was requested but we can't get/use one */
+ /* an IPv6 address was requested but we cannot get/use one */
ipv6_works = 0;
-Index: curl-8.4.0/lib/cf-socket.c
+Index: curl-8.9.0/lib/cf-socket.c
===================================================================
---- curl-8.4.0.orig/lib/cf-socket.c
-+++ curl-8.4.0/lib/cf-socket.c
-@@ -274,7 +274,9 @@ static CURLcode socket_open(struct Curl_
+--- curl-8.9.0.orig/lib/cf-socket.c
++++ curl-8.9.0/lib/cf-socket.c
+@@ -360,7 +360,9 @@ static CURLcode socket_open(struct Curl_
}
else {
/* opensocket callback not set, so simply create the socket now */
