commit curl for openSUSE:Factory

30 Jul 2024

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package curl for openSUSE:Factory checked in at 2024-07-30 11:53:10
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/curl (Old)
 and      /work/SRC/openSUSE:Factory/.curl.new.1882 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "curl"

Tue Jul 30 11:53:10 2024 rev:200 rq:1189336 version:8.9.0

Changes:
--------

--- /work/SRC/openSUSE:Factory/curl/curl.changes	2024-06-22 13:23:27.154730915 +0200
+++ /work/SRC/openSUSE:Factory/.curl.new.1882/curl.changes	2024-07-30 11:53:12.322477102 +0200
@@ -1,0 +2,70 @@
+Wed Jul 24 07:07:57 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
+
+- Update to 8.9.0:
+  * Security fixes:
+    - [bsc#1227888, CVE-2024-6197] curl: freeing stack buffer
+      in utf8asn1str
+    - [bsc#1228260, CVE-2024-6874] idn: tweak buffer use when
+      converting with macidn
+  * Changes:
+    - curl: add --ip-tos (IP Type of Service / Traffic Class)
+    - curl: add --mptcp
+    - curl: add --vlan-priority
+    - curl: add -w '%{num_retries}
+    - gnutls: support CA caching
+    - mbedtls: support CURLOPT_CERTINFO
+    - noproxy: patterns need to be comma separated
+    - socket: support binding to interface *AND* IP
+    - tcpkeepalive: add CURLOPT_TCP_KEEPCNT and --keepalive-cnt
+    - urlapi: add CURLU_NO_GUESS_SCHEME
+    - wolfssl: support CA caching
+  * Bugfixes:
+    - connection: shutdown TLS (for FTP) better
+    - curl-config: revert to backticks to support old target envs
+    - curl: allow etag and content-disposition for 3xx reply
+    - curl: bsearch the --write-out variable name
+    - curl: check for --disable case *sensitively*
+    - doh: fix leak and zero-length HTTPS RR crash
+    - file: separate fake headers and body with a stand-alone CRLF
+    - ftp: remove redundant null pointer check in loop condition
+    - gnutls: improve TLS shutdown
+    - gnutls: pass in SNI name, not hostname when checking cert
+    - hostip: skip error check for infallible function call
+    - http/3: add shutdown support
+    - http/3: resume upload on ack if we have more data to send
+    - lib: add a few DEBUGASSERT(data) to aid code analyzers
+    - lib: add failure reason on bind errors
+    - lib: graceful connection shutdown
+    - lib: xfer_setup and non-blocking shutdown
+    - multi: add multi->proto_hash, a key-value store for protocol data
+    - multi: do a final progress update on connect failure
+    - multi: fix multi_wait() timeout handling
+    - multi: fix pollset during RESOLVING phase
+    - ngtcp2+quictls: fix cert-status use
+    - noproxy: test bad ipv6 net size first
+    - openssl/gnutls: rectify the TLS version checks for QUIC
+    - openssl: fix hostname handling when using ECH
+    - openssl: stop duplicate ssl key logging for legacy OpenSSL
+    - quic: enable UDP GRO
+    - quic: openssl quic, cmake and doc version update to 3.3.0
+    - quic: require at least OpenSSL 3.3 for QUIC
+    - quic: update to quiche 0.22.0
+    - smtp: for starttls, do full upgrade
+    - tool_operate: avoid explicitly setting verifypeer to 1
+    - tool_writeout: get certinfo only when needing it
+    - transfer: avoid polling socket every transfer loop
+    - transfer: conn close on paused upload
+    - transfer: do not use EXPIRE_NOW while blocked
+    - transfer: remove curl_upload_refill_watermark, no longer used
+    - transfer: set CSELECT_IN if there is data pending
+    - url: allow DoH transfers to override max connection limit
+    - x509asn1: add some common ECDSA OIDs
+    - x509asn1: ASN1tostr() should fail when 'constructed' is set
+    - x509asn1: fallback to dotted OID representation
+    - x509asn1: prevent NULL dereference
+    - x509asn1: remove superfluous free()
+    - x509asn1: remove two static variables
+  * Rebase libcurl-ocloexec.patch
+  * Remove curl-make-install-curl-config.patch upstream
+
+-------------------------------------------------------------------

Old:
----
  curl-8.8.0.tar.xz
  curl-8.8.0.tar.xz.asc
  curl-make-install-curl-config.patch

New:
----
  curl-8.9.0.tar.xz
  curl-8.9.0.tar.xz.asc

BETA DEBUG BEGIN:
  Old:  * Rebase libcurl-ocloexec.patch
  * Remove curl-make-install-curl-config.patch upstream
BETA DEBUG END:

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ curl.spec ++++++
--- /var/tmp/diff_new_pack.ughqjC/_old	2024-07-30 11:53:13.466523214 +0200
+++ /var/tmp/diff_new_pack.ughqjC/_new	2024-07-30 11:53:13.470523375 +0200
@@ -29,7 +29,7 @@
 %endif
 
 Name:           curl%{?psuffix}
-Version:        8.8.0
+Version:        8.9.0
 Release:        0
 Summary:        A Tool for Transferring Data from URLs
 License:        curl
@@ -43,8 +43,6 @@
 Patch2:         curl-secure-getenv.patch
 #PATCH-FIX-OPENSUSE bsc#1076446 protocol redirection not supported or disabled
 Patch3:         curl-disabled-redirect-protocol-message.patch
-#PATCH-FIX-UPSTREAM Fix make install for curl-config.1 github.com/curl/curl/pull/13741
-Patch4:         curl-make-install-curl-config.patch
 BuildRequires:  groff
 BuildRequires:  libtool
 BuildRequires:  pkgconfig

++++++ curl-8.8.0.tar.xz -> curl-8.9.0.tar.xz ++++++
++++ 109000 lines of diff (skipped)


++++++ libcurl-ocloexec.patch ++++++
--- /var/tmp/diff_new_pack.ughqjC/_old	2024-07-30 11:53:14.562567390 +0200
+++ /var/tmp/diff_new_pack.ughqjC/_new	2024-07-30 11:53:14.566567551 +0200
@@ -7,11 +7,11 @@
 compile time is not enough.
 
 
-Index: curl-8.4.0/lib/file.c
+Index: curl-8.9.0/lib/file.c
 ===================================================================
---- curl-8.4.0.orig/lib/file.c
-+++ curl-8.4.0/lib/file.c
-@@ -232,7 +232,7 @@ static CURLcode file_connect(struct Curl
+--- curl-8.9.0.orig/lib/file.c
++++ curl-8.9.0/lib/file.c
+@@ -242,7 +242,7 @@ static CURLcode file_connect(struct Curl
      }
    }
    #else
@@ -20,19 +20,19 @@
    file->path = real_path;
    #endif
  #endif
-@@ -318,7 +318,7 @@ static CURLcode file_upload(struct Curl_
+@@ -329,7 +329,7 @@ static CURLcode file_upload(struct Curl_
    else
      mode = MODE_DEFAULT|O_TRUNC;
  
 -  fd = open(file->path, mode, data->set.new_file_perms);
 +  fd = open(file->path, mode|O_CLOEXEC, data->set.new_file_perms);
    if(fd < 0) {
-     failf(data, "Can't open %s for writing", file->path);
+     failf(data, "cannot open %s for writing", file->path);
      return CURLE_WRITE_ERROR;
-Index: curl-8.4.0/lib/if2ip.c
+Index: curl-8.9.0/lib/if2ip.c
 ===================================================================
---- curl-8.4.0.orig/lib/if2ip.c
-+++ curl-8.4.0/lib/if2ip.c
+--- curl-8.9.0.orig/lib/if2ip.c
++++ curl-8.9.0/lib/if2ip.c
 @@ -208,7 +208,7 @@ if2ip_result_t Curl_if2ip(int af,
    if(len >= sizeof(req.ifr_name))
      return IF2IP_NOT_FOUND;
@@ -42,11 +42,11 @@
    if(CURL_SOCKET_BAD == dummy)
      return IF2IP_NOT_FOUND;
  
-Index: curl-8.4.0/configure.ac
+Index: curl-8.9.0/configure.ac
 ===================================================================
---- curl-8.4.0.orig/configure.ac
-+++ curl-8.4.0/configure.ac
-@@ -428,6 +428,8 @@ AC_DEFINE_UNQUOTED(OS, "${host}", [cpu-m
+--- curl-8.9.0.orig/configure.ac
++++ curl-8.9.0/configure.ac
+@@ -441,6 +441,8 @@ AC_DEFINE_UNQUOTED(OS, "${host}", [cpu-m
  # Silence warning: ar: 'u' modifier ignored since 'D' is the default
  AC_SUBST(AR_FLAGS, [cr])
  
@@ -55,10 +55,10 @@
  dnl This defines _ALL_SOURCE for AIX
  CURL_CHECK_AIX_ALL_SOURCE
  
-Index: curl-8.4.0/lib/hostip.c
+Index: curl-8.9.0/lib/hostip.c
 ===================================================================
---- curl-8.4.0.orig/lib/hostip.c
-+++ curl-8.4.0/lib/hostip.c
+--- curl-8.9.0.orig/lib/hostip.c
++++ curl-8.9.0/lib/hostip.c
 @@ -44,6 +44,7 @@
  #include <setjmp.h>
  #include <signal.h>
@@ -67,20 +67,20 @@
  #include "urldata.h"
  #include "sendf.h"
  #include "hostip.h"
-@@ -609,7 +610,7 @@ bool Curl_ipv6works(struct Curl_easy *da
+@@ -616,7 +617,7 @@ bool Curl_ipv6works(struct Curl_easy *da
    else {
      int ipv6_works = -1;
      /* probe to see if we have a working IPv6 stack */
 -    curl_socket_t s = socket(PF_INET6, SOCK_DGRAM, 0);
 +    curl_socket_t s = socket(PF_INET6, SOCK_DGRAM|SOCK_CLOEXEC, 0);
      if(s == CURL_SOCKET_BAD)
-       /* an IPv6 address was requested but we can't get/use one */
+       /* an IPv6 address was requested but we cannot get/use one */
        ipv6_works = 0;
-Index: curl-8.4.0/lib/cf-socket.c
+Index: curl-8.9.0/lib/cf-socket.c
 ===================================================================
---- curl-8.4.0.orig/lib/cf-socket.c
-+++ curl-8.4.0/lib/cf-socket.c
-@@ -274,7 +274,9 @@ static CURLcode socket_open(struct Curl_
+--- curl-8.9.0.orig/lib/cf-socket.c
++++ curl-8.9.0/lib/cf-socket.c
+@@ -360,7 +360,9 @@ static CURLcode socket_open(struct Curl_
    }
    else {
      /* opensocket callback not set, so simply create the socket now */

    

commit curl for openSUSE:Factory

Source-Sync