Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package curl for openSUSE:Factory checked in at 2024-08-13 13:22:08 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/curl (Old) and /work/SRC/openSUSE:Factory/.curl.new.7232 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "curl" Tue Aug 13 13:22:08 2024 rev:201 rq:1193338 version:8.9.1 Changes: -------- --- /work/SRC/openSUSE:Factory/curl/curl.changes 2024-07-30 11:53:12.322477102 +0200 +++ /work/SRC/openSUSE:Factory/.curl.new.7232/curl.changes 2024-08-13 13:22:17.399861424 +0200 @@ -1,0 +2,28 @@ +Mon Aug 12 08:41:26 UTC 2024 - Pedro Monreal <pmonreal@suse.com> + +- Fix regression introduced in version 8.9.1: + * sigpipe: init the struct so that first apply ignores + * Add curl-sigpipe.patch + +------------------------------------------------------------------- +Wed Jul 31 08:20:44 UTC 2024 - Pedro Monreal <pmonreal@suse.com> + +- Update to 8.9.1: + * Security fixes: + - curl: ASN.1 date parser overread [bsc#1228535, CVE-2024-7264] + * Bugfixes: + - cmake: detect 'libssh' via 'pkg-config' + - cmake: detect 'nettle' when building with GnuTLS + - connect: fix connection shutdown for event based processing + - curl: more defensive socket code for --ip-tos + - CURLOPT_SSL_CTX_FUNCTION.md: mention CA caching + - CURLSHOPT_SHARE.md: mention sessions/cookies as not thread-safe + - ftpserver.pl: make POP3 LIST serve content from the test file + - lib: survive some NULL input args + - os400: build cli manual. + - os400: workaround an IBM ASCII run-time library bug + - transfer: speed limiting fix for 32bit systems + - vtls: avoid forward declaration in MultiSSL builds + - x509asn1: unittests and fixes for gtime2str + +------------------------------------------------------------------- Old: ---- curl-8.9.0.tar.xz curl-8.9.0.tar.xz.asc New: ---- curl-8.9.1.tar.xz curl-8.9.1.tar.xz.asc curl-sigpipe.patch BETA DEBUG BEGIN: New: * sigpipe: init the struct so that first apply ignores * Add curl-sigpipe.patch BETA DEBUG END: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ curl.spec ++++++ --- /var/tmp/diff_new_pack.vJwwLR/_old 2024-08-13 13:22:18.067889257 +0200 +++ /var/tmp/diff_new_pack.vJwwLR/_new 2024-08-13 13:22:18.067889257 +0200 @@ -29,7 +29,7 @@ %endif Name: curl%{?psuffix} -Version: 8.9.0 +Version: 8.9.1 Release: 0 Summary: A Tool for Transferring Data from URLs License: curl @@ -43,6 +43,8 @@ Patch2: curl-secure-getenv.patch #PATCH-FIX-OPENSUSE bsc#1076446 protocol redirection not supported or disabled Patch3: curl-disabled-redirect-protocol-message.patch +#PATCH-FIX-UPSTREAM sigpipe: init the struct so that first apply ignores +Patch4: curl-sigpipe.patch BuildRequires: groff BuildRequires: libtool BuildRequires: pkgconfig ++++++ curl-8.9.0.tar.xz -> curl-8.9.1.tar.xz ++++++ ++++ 16136 lines of diff (skipped) ++++++ curl-sigpipe.patch ++++++ From 3eec5afbd0b6377eca893c392569b2faf094d970 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg <daniel@haxx.se> Date: Mon, 5 Aug 2024 00:17:17 +0200 Subject: [PATCH] sigpipe: init the struct so that first apply ignores Initializes 'no_signal' to TRUE, so that a call to sigpipe_apply() after init ignores the signal (unless CURLOPT_NOSIGNAL) is set. I have read the existing code multiple times now and I think it gets the initial state reversed this missing to ignore. Regression from 17e6f06ea37136c36d27 Reported-by: Rasmus Thomsen Fixes #14344 Closes #14390 --- lib/sigpipe.h | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/sigpipe.h b/lib/sigpipe.h index b91a2f51333956..d78afd905d3414 100644 --- a/lib/sigpipe.h +++ b/lib/sigpipe.h @@ -39,6 +39,7 @@ struct sigpipe_ignore { static void sigpipe_init(struct sigpipe_ignore *ig) { memset(ig, 0, sizeof(*ig)); + ig->no_signal = TRUE; } /*