Hello community,
here is the log from the commit of package curl for openSUSE:Factory checked in
at 2016-11-03 12:56:25
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/curl (Old)
and /work/SRC/openSUSE:Factory/.curl.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "curl"
Changes:
--------
--- /work/SRC/openSUSE:Factory/curl/curl.changes 2016-09-17
14:32:33.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.curl.new/curl.changes 2016-11-03
12:56:26.000000000 +0100
@@ -1,0 +2,71 @@
+Wed Nov 2 07:15:44 UTC 2016 - idon...@suse.com
+
+- Update to 7.51.0
+ Changes:
+ * nss: additional cipher suites are now accepted by
+ CURLOPT_SSL_CIPHER_LIST
+ * New option: CURLOPT_KEEP_SENDING_ON_ERROR
+ Bugfixes:
+ * CVE-2016-8615: cookie injection for other servers
+ * CVE-2016-8616: case insensitive password comparison
+ * CVE-2016-8617: OOB write via unchecked multiplication
+ * CVE-2016-8618: double-free in curl_maprintf
+ * CVE-2016-8619: double-free in krb5 code
+ * CVE-2016-8620: glob parser write/read out of bounds
+ * CVE-2016-8621: curl_getdate read out of bounds
+ * CVE-2016-8622: URL unescape heap overflow via integer truncation
+ * CVE-2016-8623: Use-after-free via shared cookies
+ * CVE-2016-8624: invalid URL parsing with '#'
+ * CVE-2016-8625: IDNA 2003 makes curl use wrong host
+ * openssl: fix per-thread memory leak using 1.0.1 or 1.0.2
+ * http: accept "Transfer-Encoding: chunked" for HTTP/2 as well
+ * LICENSE-MIXING.md: update with mbedTLS dual licensing
+ * examples/imap-append: Set size of data to be uploaded
+ * test2048: fix url
+ * darwinssl: disable RC4 cipher-suite support
+ * CURLOPT_PINNEDPUBLICKEY.3: fix the AVAILABILITY formatting
+ * openssl: don’t call CRYTPO_cleanup_all_ex_data
+ * libressl: fix version output
+ * easy: Reset all statistical session info in curl_easy_reset
+ * curl_global_cleanup.3: don't unload the lib with sub threads running
+ * dist: add CurlSymbolHiding.cmake to the tarball
+ * docs: Remove that --proto is just used for initial retrieval
+ * configure: Fixed builds with libssh2 in a custom location
+ * curl.1: --trace supports % for sending to stderr!
+ * cookies: same domain handling changed to match browser behavior
+ * formpost: trying to attach a directory no longer crashes
+ * CURLOPT_DEBUGFUNCTION.3: fixed unused argument warning
+ * formpost: avoid silent snprintf() truncation
+ * ftp: fix Curl_ftpsendf
+ * mprintf: return error on too many arguments
+ * smb: properly check incoming packet boundaries
+ * GIT-INFO: remove the Mac 10.1-specific details
+ * resolve: add error message when resolving using SIGALRM
+ * cmake: add nghttp2 support
+ * dist: remove PDF and HTML converted docs from the releases
+ * configure: disable poll() in macOS builds
+ * vtls: only re-use session-ids using the same scheme
+ * pipelining: skip to-be-closed connections when pipelining
+ * win: fix Universal Windows Platform build
+ * curl: do not set CURLOPT_SSLENGINE to DEFAULT automatically
+ * maketgz: make it support "only" generating version info
+ * Curl_socket_check: add extra check to avoid integer overflow
+ * gopher: properly return error for poll failures
+ * curl: set INTERLEAVEDATA too
+ * polarssl: clear thread array at init
+ * polarssl: fix unaligned SSL session-id lock
+ * polarssl: reduce #ifdef madness with a macro
+ * curl_multi_add_handle: set timeouts in closure handles
+ * configure: set min version flags for builds on mac
+ * INSTALL: converted to markdown => INSTALL.md
+ * curl_multi_remove_handle: fix a double-free
+ * multi: fix inifinte loop in curl_multi_cleanup()
+ * nss: fix tight loop in non-blocking TLS handhsake over proxy
+ * mk-ca-bundle: Change URL retrieval to HTTPS-only by default
+ * mbedtls: stop using deprecated include file
+ * docs: fix req->data in multi-uv example
+ * configure: Fix test syntax for monotonic clock_gettime
+ * CURLMOPT_MAX_PIPELINE_LENGTH.3: Clarify it's not for HTTP/2
+- Refresh libcurl-ocloexec.patch
+
+-------------------------------------------------------------------
Old:
----
curl-7.50.3.tar.lzma
curl-7.50.3.tar.lzma.asc
New:
----
curl-7.51.0.tar.lzma
curl-7.51.0.tar.lzma.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ curl.spec ++++++
--- /var/tmp/diff_new_pack.Afyekr/_old 2016-11-03 12:56:27.000000000 +0100
+++ /var/tmp/diff_new_pack.Afyekr/_new 2016-11-03 12:56:27.000000000 +0100
@@ -20,7 +20,7 @@
%bcond_with mozilla_nss
%bcond_without testsuite
Name: curl
-Version: 7.50.3
+Version: 7.51.0
Release: 0
Summary: A Tool for Transferring Data from URLs
License: BSD-3-Clause and MIT
++++++ libcurl-ocloexec.patch ++++++
--- /var/tmp/diff_new_pack.Afyekr/_old 2016-11-03 12:56:27.000000000 +0100
+++ /var/tmp/diff_new_pack.Afyekr/_new 2016-11-03 12:56:27.000000000 +0100
@@ -9,9 +9,9 @@
Index: lib/file.c
===================================================================
---- lib/file.c.orig 2016-07-21 00:31:36.000000000 +0200
-+++ lib/file.c 2016-07-21 11:39:54.121170539 +0200
-@@ -241,7 +241,7 @@ static CURLcode file_connect(struct conn
+--- lib/file.c.orig
++++ lib/file.c
+@@ -242,7 +242,7 @@ static CURLcode file_connect(struct conn
return CURLE_URL_MALFORMAT;
}
@@ -20,7 +20,7 @@
file->path = real_path;
#endif
file->freepath = real_path; /* free this when done */
-@@ -337,7 +337,7 @@ static CURLcode file_upload(struct conne
+@@ -338,7 +338,7 @@ static CURLcode file_upload(struct conne
else
mode = MODE_DEFAULT|O_TRUNC;
@@ -31,18 +31,18 @@
return CURLE_WRITE_ERROR;
Index: lib/formdata.c
===================================================================
---- lib/formdata.c.orig 2016-07-21 00:31:36.000000000 +0200
-+++ lib/formdata.c 2016-07-21 11:39:54.121170539 +0200
-@@ -1290,7 +1290,7 @@ CURLcode Curl_getformdata(struct Curl_ea
+--- lib/formdata.c.orig
++++ lib/formdata.c
+@@ -1306,7 +1306,7 @@ CURLcode Curl_getformdata(struct Curl_ea
FILE *fileread;
- fileread = strequal("-", file->contents)?
+ fileread = !strcmp("-", file->contents)?
- stdin:fopen(file->contents, "rb"); /* binary read for win32 */
+ stdin:fopen(file->contents, "rbe"); /* binary read for win32 */
/*
* VMS: This only allows for stream files on VMS. Stream files are
-@@ -1450,7 +1450,7 @@ static size_t readfromfile(struct Form *
+@@ -1466,7 +1466,7 @@ static size_t readfromfile(struct Form *
else {
if(!form->fp) {
/* this file hasn't yet been opened */
@@ -53,8 +53,8 @@
}
Index: lib/hostip6.c
===================================================================
---- lib/hostip6.c.orig 2016-07-21 00:31:36.000000000 +0200
-+++ lib/hostip6.c 2016-07-21 11:39:54.121170539 +0200
+--- lib/hostip6.c.orig
++++ lib/hostip6.c
@@ -39,7 +39,7 @@
#ifdef HAVE_PROCESS_H
#include <process.h>
@@ -75,8 +75,8 @@
ipv6_works = 0;
Index: lib/if2ip.c
===================================================================
---- lib/if2ip.c.orig 2016-06-27 16:11:14.000000000 +0200
-+++ lib/if2ip.c 2016-07-21 11:39:54.121170539 +0200
+--- lib/if2ip.c.orig
++++ lib/if2ip.c
@@ -223,7 +223,7 @@ if2ip_result_t Curl_if2ip(int af, unsign
if(len >= sizeof(req.ifr_name))
return IF2IP_NOT_FOUND;
@@ -88,8 +88,8 @@
Index: lib/connect.c
===================================================================
---- lib/connect.c.orig 2016-07-21 00:31:36.000000000 +0200
-+++ lib/connect.c 2016-07-21 11:39:54.121170539 +0200
+--- lib/connect.c.orig
++++ lib/connect.c
@@ -1351,7 +1351,7 @@ CURLcode Curl_socket(struct connectdata
(struct curl_sockaddr *)addr);
else
@@ -101,8 +101,8 @@
/* no socket, no connection */
Index: configure.ac
===================================================================
---- configure.ac.orig 2016-07-21 00:31:36.000000000 +0200
-+++ configure.ac 2016-07-21 11:39:54.125170603 +0200
+--- configure.ac.orig
++++ configure.ac
@@ -185,6 +185,7 @@ AC_CANONICAL_HOST
dnl Get system canonical name
AC_DEFINE_UNQUOTED(OS, "${host}", [cpu-machine-OS])
