Hello community, here is the log from the commit of package curl for openSUSE:12.1:Update:Test checked in at 2012-01-25 15:06:00 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.1:Update:Test/curl (Old) and /work/SRC/openSUSE:12.1:Update:Test/.curl.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "curl", Maintainer is "VCizek@suse.com" Changes: -------- New Changes file: --- /dev/null 2010-08-26 16:28:41.000000000 +0200 +++ /work/SRC/openSUSE:12.1:Update:Test/.curl.new/curl.changes 2012-01-25 15:06:03.000000000 +0100 @@ -0,0 +1,961 @@ +------------------------------------------------------------------- +Wed Jan 25 08:27:55 UTC 2012 - mmarek@suse.cz + +- Drop one mistakenly backported patch to fix build. + +------------------------------------------------------------------- +Sun Jan 22 14:18:58 UTC 2012 - mmarek@suse.cz + +- Fix IMAP, POP3 and SMTP URL sanitization (bnc#740452, + CVE-2012-0036) +- Disable SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option when built + against an older OpenSSL version (CVE-2010-4180). +- Don't enable SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS (bnc#742306, + CVE-2011-3389). + +------------------------------------------------------------------- +Mon Oct 3 15:44:17 UTC 2011 - dimstar@opensuse.org + +- Update to version 7.22.0: + + Added CURLOPT_GSSAPI_DELEGATION + + Added support for NTLM delegation to Samba's winbind daemon + helper ntlm_auth + + Display notes from setup file in testcurl.pl + + BSD-style lwIP TCP/IP stack experimental support on Windows + + OpenSSL: Use SSL_MODE_RELEASE_BUFFERS if available + + --delegation was added to set CURLOPT_GSSAPI_DELEGATION + + nss: start with no database if the selected database is broken + + telnet: allow programatic use on Windows + + for a list of bugfixes, see + http://curl.haxx.se/changes.html#7_22_0 +- Drop curl-openssl-release-buffers.patch: fixed upstream. +- Add curl-fix-m4.patch: Use 'x' in configure scripts. Fixes issues + when configure is run with -Werror -Wall. + +------------------------------------------------------------------- +Sun Sep 18 00:10:42 UTC 2011 - jengelh@medozas.de + +- Remove redundant tags/sections from specfile +- Use %_smp_mflags for parallel build + +------------------------------------------------------------------- +Fri Sep 16 17:22:44 UTC 2011 - jengelh@medozas.de + +- Add curl-devel to baselibs + +------------------------------------------------------------------- +Mon Aug 15 05:05:01 UTC 2011 - crrodriguez@opensuse.org + +- Use SSL_MODE_RELEASE_BUFFERS if available, accepted + in upstream as commit 3d919440c80333c496fb + +------------------------------------------------------------------- +Tue Jul 12 06:46:02 UTC 2011 - coolo@novell.com + +- remove support for old suse_versions + +------------------------------------------------------------------- +Mon Jul 11 11:40:17 CEST 2011 - pth@suse.de + +- Update to 7.21.7: + - Fix libcurl inappropriate GSSAPI delegation. Full details at + http://curl.haxx.se/docs/adv_20110623.html + - Some other minor fixes. + +- Use the lzma compressed tarball provided upstreams. + +------------------------------------------------------------------- +Fri May 20 16:25:34 UTC 2011 - crrodriguez@opensuse.org + +- remove unintented LDFLAGS from the spec file + +------------------------------------------------------------------- +Fri May 20 15:37:54 UTC 2011 - crrodriguez@opensuse.org + +- Update to 7.21.6 +* curl-config: fix --version +* use HTTPS properly after CONNECT +* SFTP: close file before post quote operations + +------------------------------------------------------------------- +Thu Apr 14 17:02:19 UTC 2011 - crrodriguez@opensuse.org + +- bnc#598574 has been fixed in upstream commit 8ab137b2bc9630ce20f4 + already, so enable c-ares support again. + +------------------------------------------------------------------- +Sat Apr 9 20:42:27 UTC 2011 - crrodriguez@opensuse.org + +- Support openSSL compiled without SSLv2 support +- Update to version 7.21.4 + * SMTP: add brackets for MAIL FROM + * multi: connect fail => use next IP address + * pubkey_show: allocate buffer to fit any-size result + * Curl_do: avoid using stale conn pointer + * tftpd test server: avoid buffer overflow report from glibc + * OpenSSL get_cert_chain: support larger data sets + * SCP/SFTP transfers: acknowledge speedcheck + * connect problem: use UDP correctly + * OpenSSL: improved error message on SSL_CTX_new failures + * HTTP: memory leak on multiple Location: + * curl.1: typo in -v description + * CURLOPT_SOCKOPTFUNCTION: return proper error code --keepalive-time + * file: add support for CURLOPT_TIMECONDITION + * multi: fix CURLM_STATE_TOOFAST for multi_socket +------------------------------------------------------------------- +Fri Oct 22 16:37:03 UTC 2010 - cristian.rodriguez@opensuse.org + +- Update to version 7.21.2 + * curl -T: ignore file size of special files + * Added GOPHER protocol support + * Added mk-ca-bundle.vbs script + * c-ares build now requires c-ares >= 1.6.0 + * --remote-header-name security vulnerability fixed + * multi: support the timeouts correctly, fixes known bug #62 + * multi: use timeouts properly for MAX_RECV/SEND_SPEED + * negotiation: Wrong proxy authorization + * multi: avoid sending multiple complete messages + * cmdline: make -F type= accept ;charset= + * RESUME_FROM: clarify what ftp uploads do + * http: handle trailer headers in all chunked responses + * Curl_is_connected: use correct errno + * progress: callback for POSTs less than MAX_INITIAL_POST_SIZE + * Link curl and the test apps with -lrt explicitly when necessary + * chunky parser: only rewind stream internally if needed + * remote-header-name: don't output filename when NULL + * Curl_timeleft: avoid returning "no timeout" by mistake + * timeout: use the correct start value as offset + * FTP: fix wrong timeout trigger + * rtsp: avoid SIGSEGV on malformed header + * LDAP: Support for tunnelling queries through HTTP proxy + * curl_easy_duphandle: clone the c-ares handle correctly + * support URL containing colon without trailing port number + * parsedate: allow time specified without seconds + * curl_easy_escape: don't escape "unreserved" characters + * SFTP: avoid downloading negative sizes + * Lots of GSS/KRB FTP fixes + * TFTP: Work around tftpd-hpa upload bug + * libcurl.m4: several fixes + * HTTP: remove special case for 416 + * globbing: fix crash on unballanced open brace + +------------------------------------------------------------------- +Wed Jun 2 14:12:54 UTC 2010 - lnussel@suse.de + +- allowing switching to nss instead of openssl via bcond + +------------------------------------------------------------------- +Mon May 10 01:12:22 UTC 2010 - crrodriguez@opensuse.org + +- disable c-ares support while bnc598574 is fixed. + +------------------------------------------------------------------- +Sat Apr 24 10:58:50 UTC 2010 - coolo@novell.com + +- buildrequire pkg-config to fix provides + +------------------------------------------------------------------- +Fri Apr 23 00:53:19 UTC 2010 - crrodriguez@opensuse.org + +- Update to libcurl 7.20.1 + * off-by-one in the chunked encoding trailer parser + * CURLOPT_CERTINFO memory leak + * threaded resolver double free when closing curl handle + * url_multi_remove_handle() caused use after free + * SSL possible double free when reusing curl handle + * alarm()-based DNS timeout bug + +------------------------------------------------------------------- +Wed Mar 24 18:39:57 UTC 2010 - crrodriguez@opensuse.org + +- enable libssh2 support unconditionally. + +------------------------------------------------------------------- +Wed Mar 10 13:46:45 UTC 2010 - crrodriguez@opensuse.org + +- enable libcares support unconditionally. + +------------------------------------------------------------------- +Sat Feb 13 21:39:56 CET 2010 - dimstar@opensuse.org + +- Update to version 7.20.0: + * support SSL_FILETYPE_ENGINE for client certificate + * curl-config can now show the arguments used when building curl + * non-blocking TFTP + * send Expect: 100-continue for POSTs with unknown sizes + * added support for IMAP(S), POP3(S), SMTP(S) and RTSP + * added new curl_easy_setopt() options for SMTP and RTSP + * added --mail-from and --mail-rcpt for SMTP + * VMS build system enhancements + * added support for the PRET ftp command + * curl supports --ssl and --ssl-reqd + * added -J/--remote-header-name for using server-provided + filename with -O + * enhanced asynchronous DNS lookups + * symbol CURL_FORMAT_OFF_T is obsoleted + * many bugfixes + ++++ 764 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:12.1:Update:Test/.curl.new/curl.changes New: ---- 0001-m4-Use-x-in-order-to-avoid-variable-x-set-but-not-us.patch 0002-URL-sanitize-reject-URLs-containing-bad-data.patch 0003-OpenSSL-SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG-opti.patch 0004-OpenSSL-don-t-disable-security-work-around.patch _link baselibs.conf curl-7.22.0.tar.lzma curl.changes curl.spec ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ curl.spec ++++++ # # spec file for package curl # # Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # %bcond_without openssl %bcond_with mozilla_nss %bcond_without testsuite Name: curl BuildRequires: libidn-devel lzma openldap2-devel pkg-config zlib-devel %if %{with openssl} BuildRequires: openssl-devel %endif %if %{with mozilla_nss} BuildRequires: mozilla-nss-devel %endif BuildRequires: krb5-devel BuildRequires: libssh2-devel openssh BuildRequires: libcares-devel %if 0%{?_with_stunnel:1} # used by the testsuite BuildRequires: stunnel %endif #define cvs_suffix -20090302 Version: 7.22.0 Release: 1 # bug437293 %ifarch ppc64 Obsoletes: curl-64bit %endif # License: BSD3c(or similar) ; MIT License (or similar) Group: Productivity/Networking/Web/Utilities Summary: A Tool for Transferring Data from URLs Url: http://curl.haxx.se/ Source: curl-%version%{?cvs_suffix}.tar.lzma Source2: baselibs.conf # PATCH-FIX-UPSTREAM curl-fix-m4.patch dimstar@opensuse.org -- Fix m4 to work with -Werror -Wall configure scripts. Simply 'use' x. Patch sent upstream. Patch1: 0001-m4-Use-x-in-order-to-avoid-variable-x-set-but-not-us.patch Patch2: 0002-URL-sanitize-reject-URLs-containing-bad-data.patch Patch3: 0003-OpenSSL-SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG-opti.patch Patch4: 0004-OpenSSL-don-t-disable-security-work-around.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description Curl is a client to get documents and files from or send documents to a server using any of the supported protocols (HTTP, HTTPS, FTP, FTPS, TFTP, DICT, TELNET, LDAP, or FILE). The command is designed to work without user interaction or any kind of interactivity. %package -n libcurl4 License: BSD3c(or similar) ; MIT License (or similar) Summary: cURL shared library version 4 Group: Productivity/Networking/Web/Utilities %description -n libcurl4 cURL shared library version 4. %package -n libcurl-devel License: BSD3c(or similar) ; MIT License (or similar) Summary: A Tool for Transferring Data from URLs Group: Development/Libraries/C and C++ Requires: libcurl4 = %{version} glibc-devel # curl-devel (v 7.15.5) was last used in 10.2 Provides: curl-devel <= 7.15.5 Obsoletes: curl-devel < 7.16.2 %description -n libcurl-devel Curl is a client to get documents and files from or send documents to a server using any of the supported protocols (HTTP, HTTPS, FTP, GOPHER, DICT, TELNET, LDAP, or FILE). The command is designed to work without user interaction or any kind of interactivity. %prep %setup -q -n curl-%version%{?cvs_suffix} %patch1 -p1 %patch2 -p1 %patch3 -p1 %patch4 -p1 %build # local hack to make curl-config --libs stop printing libraries it depends on # (currently, libtool sets link_all_deplibs=(yes|unknown) everywhere, # will hopefully change in the future) sed -i 's/link_all_deplibs=unknown/link_all_deplibs=no/' configure export CFLAGS="%{optflags}" ./configure \ --prefix=%{_prefix} \ --enable-ipv6 \ %if %{with openssl} --with-ssl \ --with-ca-path=/etc/ssl/certs/ \ %else --without-ssl \ %if %{with mozilla_nss} --with-nss \ %endif %endif --with-gssapi=/usr/lib/mit \ --with-libssh2\ --libdir=%{_libdir} \ --enable-hidden-symbols \ --disable-static \ --enable-ares : if this fails, the above sed hack did not work ./libtool --config | grep -q link_all_deplibs=no # enable-hidden-symbols needs gcc4 and causes that curl exports only its API make %{?_smp_mflags} %if %{with testsuite} %check cd tests make # make sure the testsuite runs don't race on MP machines in autobuild if test -z "$BUILD_INCARNATION" -a -r /.buildenv; then . /.buildenv fi if test -z "$BUILD_INCARNATION"; then BUILD_INCARNATION=0 fi base=$((8990 + $BUILD_INCARNATION * 20)) perl ./runtests.pl -a -b$base || { %if 0%{?curl_testsuite_fatal:1} exit %else echo "WARNING: runtests.pl failed with code $?, continuing nevertheless" %endif } %endif %install %{makeinstall} rm $RPM_BUILD_ROOT%_libdir/libcurl.la install -d $RPM_BUILD_ROOT/usr/share/aclocal install -m 644 docs/libcurl/libcurl.m4 $RPM_BUILD_ROOT/usr/share/aclocal/ %post -n libcurl4 -p /sbin/ldconfig %postun -n libcurl4 -p /sbin/ldconfig %files %defattr(-,root,root) %doc README RELEASE-NOTES %doc docs/{BUGS,FAQ,FEATURES,MANUAL,RESOURCES,TODO,TheArtOfHttpScripting} %doc lib/README.curl_off_t %{_prefix}/bin/curl %doc %{_mandir}/man1/curl.1.gz %files -n libcurl4 %defattr(-,root,root) %{_libdir}/libcurl.so.4* %files -n libcurl-devel %defattr(-,root,root) %{_prefix}/bin/curl-config %{_prefix}/include/curl %{_prefix}/share/aclocal/libcurl.m4 %{_libdir}/libcurl.so %{_libdir}/pkgconfig/libcurl.pc %doc %{_mandir}/man1/curl-config.1.gz %doc %{_mandir}/man3/* %doc docs/libcurl/symbols-in-versions %changelog ++++++ 0001-m4-Use-x-in-order-to-avoid-variable-x-set-but-not-us.patch ++++++
From bfa3e1b967382e4ba73076969177fc1ff2d757e3 Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger
Date: Mon, 3 Oct 2011 17:53:43 +0200 Subject: [PATCH] m4: Use x in order to avoid variable 'x' set but not used [-Werror=unused-but-set-variable]
This error could be caused by configure scripts being run with -Werror -Wall, which would lead to libcurl being detected as unusable. cherry picked from commit 381459fa65a37943417462b32cb312ea9b3c7a62 --- docs/libcurl/libcurl.m4 | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/docs/libcurl/libcurl.m4 b/docs/libcurl/libcurl.m4 index 01a0575..8cada05 100644 --- a/docs/libcurl/libcurl.m4 +++ b/docs/libcurl/libcurl.m4 @@ -157,6 +157,7 @@ x=CURLOPT_FILE; x=CURLOPT_ERRORBUFFER; x=CURLOPT_STDERR; x=CURLOPT_VERBOSE; +if (x) ; ])],libcurl_cv_lib_curl_usable=yes,libcurl_cv_lib_curl_usable=no) CPPFLAGS=$_libcurl_save_cppflags -- 1.7.7 ++++++ 0002-URL-sanitize-reject-URLs-containing-bad-data.patch ++++++
From 58900f2e834ee399646ba1a65bbd7d241cf67ccb Mon Sep 17 00:00:00 2001 From: Daniel Stenberg
Date: Fri, 23 Dec 2011 13:24:16 +0100 Subject: [PATCH] URL sanitize: reject URLs containing bad data
Protocols (IMAP, POP3 and SMTP) that use the path part of a URL in a
decoded manner now use the new Curl_urldecode() function to reject URLs
with embedded control codes (anything that is or decodes to a byte value
less than 32).
URLs containing such codes could easily otherwise be used to do harm and
allow users to do unintended actions with otherwise innocent tools and
applications. Like for example using a URL like
pop3://pop3.example.com/1%0d%0aDELE%201 when the app wants a URL to get
a mail and instead this would delete one.
This flaw is considered a security vulnerability: CVE-2012-0036
Security advisory at: http://curl.haxx.se/docs/adv_20120124.html
Reported by: Dan Fandrich
cherry-picked from commit 400055bfaaa1b13b3f3051f69df9630da793dc8b
---
lib/escape.c | 63 ++++++++++++++++++++++++++++++++++++++++++++++------------
lib/escape.h | 10 ++++++--
lib/imap.c | 7 +-----
lib/pop3.c | 6 +----
lib/smtp.c | 7 ++---
5 files changed, 62 insertions(+), 31 deletions(-)
diff --git a/lib/escape.c b/lib/escape.c
index b0922bc..0dd5a1d 100644
--- a/lib/escape.c
+++ b/lib/escape.c
@@ -31,6 +31,7 @@
#include "urldata.h"
#include "warnless.h"
#include "non-ascii.h"
+#include "escape.h"
#define _MPRINTF_REPLACE /* use our functions only */
#include
From 09195a8b9d10fc74c3e910f1eebd4e87a9defe14 Mon Sep 17 00:00:00 2001 From: Yang Tse
Date: Wed, 18 Jan 2012 04:33:49 +0100 Subject: [PATCH] OpenSSL: SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option is no longer enabled
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option enabling allowed successfull interoperability with web server Netscape Enterprise Server 2.0.1 released back in 1996 more than 15 years ago. Due to CVE-2010-4180, option SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG has become ineffective as of OpenSSL 0.9.8q and 1.0.0c. In order to mitigate CVE-2010-4180 when using previous OpenSSL versions we no longer enable this option regardless of OpenSSL version and SSL_OP_ALL definition. chery-picked from commit a20daf90e358c1476a325ea665d533f7a27e3364 --- lib/ssluse.c | 28 +++++++++++++++++++++------- 1 files changed, 21 insertions(+), 7 deletions(-) diff --git a/lib/ssluse.c b/lib/ssluse.c index e5b84f9..074fef8 100644 --- a/lib/ssluse.c +++ b/lib/ssluse.c @@ -1422,6 +1422,7 @@ ossl_connect_step1(struct connectdata *conn, X509_LOOKUP *lookup=NULL; curl_socket_t sockfd = conn->sock[sockindex]; struct ssl_connect_data *connssl = &conn->ssl[sockindex]; + long ctx_options; #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME bool sni; #ifdef ENABLE_IPV6 @@ -1527,20 +1528,33 @@ ossl_connect_step1(struct connectdata *conn, If someone writes an application with libcurl and openssl who wants to enable the feature, one can do this in the SSL callback. + SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option enabling allowed proper + interoperability with web server Netscape Enterprise Server 2.0.1 which + was released back in 1996. + + Due to CVE-2010-4180, option SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG has + become ineffective as of OpenSSL 0.9.8q and 1.0.0c. In order to mitigate + CVE-2010-4180 when using previous OpenSSL versions we no longer enable + this option regardless of OpenSSL version and SSL_OP_ALL definition. */ + + ctx_options = SSL_OP_ALL; + #ifdef SSL_OP_NO_TICKET - /* expect older openssl releases to not have this define so only use it if - present */ -#define CURL_CTX_OPTIONS SSL_OP_ALL|SSL_OP_NO_TICKET -#else -#define CURL_CTX_OPTIONS SSL_OP_ALL + ctx_options |= SSL_OP_NO_TICKET; #endif - SSL_CTX_set_options(connssl->ctx, CURL_CTX_OPTIONS); +#if defined(SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && \ + (SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG == 0x00000008L) + /* mitigate CVE-2010-4180 */ + ctx_options &= ~SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG; +#endif /* disable SSLv2 in the default case (i.e. allow SSLv3 and TLSv1) */ if(data->set.ssl.version == CURL_SSLVERSION_DEFAULT) - SSL_CTX_set_options(connssl->ctx, SSL_OP_NO_SSLv2); + ctx_options |= SSL_OP_NO_SSLv2; + + SSL_CTX_set_options(connssl->ctx, ctx_options); #if 0 /* -- 1.7.7 ++++++ 0004-OpenSSL-don-t-disable-security-work-around.patch ++++++
From 1be520787a3cfa12119594fdcbf99d132f70bdf7 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg
Date: Thu, 19 Jan 2012 10:38:14 +0100 Subject: [PATCH] OpenSSL: don't disable security work-around
OpenSSL added a work-around for a SSL 3.0/TLS 1.0 CBC vulnerability (http://www.openssl.org/~bodo/tls-cbc.txt). In 0.9.6e they added a bit to SSL_OP_ALL that _disables_ that work-around despite the fact that SSL_OP_ALL is documented to do "rather harmless" workarounds. The libcurl code uses the SSL_OP_ALL define and thus logically always disables the OpenSSL fix. In order to keep the secure work-around workding, the SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS bit must not be set and this change makes sure of this. Reported by: product-security at Apple cherry-picked from commit 0158c2bdd51af5a7b334b4dd7360bbd7e3858409 --- lib/ssluse.c | 11 +++++++++++ 1 files changed, 11 insertions(+), 0 deletions(-) diff --git a/lib/ssluse.c b/lib/ssluse.c index 074fef8..b9fb2a8 100644 --- a/lib/ssluse.c +++ b/lib/ssluse.c @@ -1536,6 +1536,13 @@ ossl_connect_step1(struct connectdata *conn, become ineffective as of OpenSSL 0.9.8q and 1.0.0c. In order to mitigate CVE-2010-4180 when using previous OpenSSL versions we no longer enable this option regardless of OpenSSL version and SSL_OP_ALL definition. + + OpenSSL added a work-around for a SSL 3.0/TLS 1.0 CBC vulnerability + (http://www.openssl.org/~bodo/tls-cbc.txt). In 0.9.6e they added a bit to + SSL_OP_ALL that _disables_ that work-around despite the fact that + SSL_OP_ALL is documented to do "rather harmless" workarounds. In order to + keep the secure work-around, the SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS bit + must not be set. */ ctx_options = SSL_OP_ALL; @@ -1550,6 +1557,10 @@ ossl_connect_step1(struct connectdata *conn, ctx_options &= ~SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG; #endif +#ifdef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS + ctx_options &= ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS; +#endif + /* disable SSLv2 in the default case (i.e. allow SSLv3 and TLSv1) */ if(data->set.ssl.version == CURL_SSLVERSION_DEFAULT) ctx_options |= SSL_OP_NO_SSLv2; -- 1.7.7 ++++++ _link ++++++ <link project="openSUSE:12.1" package="curl" baserev="5179950d88026cd78bfc8d5cd012996f"> <patches> <branch/> </patches> </link> ++++++ baselibs.conf ++++++ libcurl4 obsoletes "curl-<targettype> <= <version>" provides "curl-<targettype> = <version>" curl-devel requires -curl-<targettype> requires "libcurl4-<targettype> = <version>" -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org