commit curl for openSUSE:Factory
Hello community, here is the log from the commit of package curl for openSUSE:Factory checked in at 2017-06-29 15:00:29 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/curl (Old) and /work/SRC/openSUSE:Factory/.curl.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "curl" Thu Jun 29 15:00:29 2017 rev:124 rq:506883 version:7.54.1 Changes: -------- New Changes file: --- /dev/null 2017-06-22 07:57:20.067658250 +0200 +++ /work/SRC/openSUSE:Factory/.curl.new/curl-mini.changes 2017-06-29 15:00:46.218722736 +0200 @@ -0,0 +1,2029 @@ +------------------------------------------------------------------- +Wed Jun 28 13:50:08 UTC 2017 - dimstar@opensuse.org + +- Update License to 'curl' as per review on OBS sr#505976. + +------------------------------------------------------------------- +Fri Jun 23 10:49:11 UTC 2017 - dimstar@opensuse.org + +- Have the -mini packages conflict the real ones. + +------------------------------------------------------------------- +Tue Jun 20 11:30:01 UTC 2017 - idonmez@suse.com + +- Add curl-invalid-free.patch to fix an invalid free in + curl_multi_setopt function. + +------------------------------------------------------------------- +Wed Jun 14 11:19:16 UTC 2017 - idonmez@suse.com + +- Update to 7.54.1 + Changes: + * curl now shows release date in --version output + Bugfixes: + * Fixes CVE-2017-9502: default protocol drive letter + buffer overflow bsc#1044243 + * openssl: fix memory leak in servercert + * curl: set a 100K buffer size by default + * nss: do not leak PKCS #11 slot while loading a key + * nss: load libnssckbi.so if no other trust is specified + * curl: use utimes instead of obsolescent utime when available + * url: fixed a memory leak on OOM while setting CURLOPT_BUFFERSIZE + * CURLOPT_BUFFERSIZE: 1024 bytes is now the minimum size + * curl: non-boolean command line args reject --no- prefixes + * telnet: Write full buffer instead of byte-by-byte + * curl: remove --environment and tool_writeenv.c + * curl: generate the --help output + * curl.1: clarify --config + * curl.1: mention --oauth2-bearer's argument + * ssh: fix memory leak in disconnect due to timeout + * redirect: store the "would redirect to" URL when max redirs is reached + * file: make speedcheck use current time for checks + * urlglob: fix division by zero + +------------------------------------------------------------------- +Tue Jun 13 13:08:21 UTC 2017 - lnussel@suse.de + +- Create curl-mini for bootstrapping (boo#1042919) + +------------------------------------------------------------------- +Wed Apr 19 08:17:17 UTC 2017 - idonmez@suse.com + +- Update to 7.54.0 + Changes: + * Add CURL_SSLVERSION_MAX_* constants to CURLOPT_SSLVERSION + * Add --max-tls + * Add CURLOPT_SUPPRESS_CONNECT_HEADERS + * Add --suppress-connect-headers + Bugfixes: + * CVE-2017-7468: switch off SSL session id when client cert is used + * bsc#1033413 + * tests: use consistent environment variables for setting charset + * proxy: fixed a memory leak on OOM + * ftp: removed an erroneous free in an OOM path + * ftp: fixed a NULL pointer dereference on OOM + * gopher: fixed detection of an error condition from Curl_urldecode + * url: fix unix-socket support for proxy-disabled builds + * fix potential use of uninitialized variables + * ares: return error at once if timed out before name resolve starts + * URL: return error on malformed URLs with junk after port number + * http2: Fix assertion error on redirect with CL=0 + * --insecure: clarify that this option is for server connections + * authneg: clear auth.multi flag at http_done + * curl_easy_reset: Also reset the authentication state + * proxy: skip SSL initialization for closed connections + * http_proxy: ignore TE and CL in CONNECT 2xx responses + * multi: fix streamclose() crash in debug mode + * openssl: fall back on SSL_ERROR_* string when no error detail + * asiohiper: make sure socket is open in event_cb + * curl: check for end of input in writeout backslash handling + * openssl: exclude DSA code when OPENSSL_NO_DSA is defined + * http: Fix proxy connection reuse with basic-auth + * pause: handle mixed types of data when paused + * http: do not treat FTPS over CONNECT as HTTPS + * conncache: make hashkey avoid malloc + * multi: fix queueing of pending easy handles + * low_speed_limit: improved function for longer time periods + * nss: load CA certificates even with --insecure + * Curl_expire_latest: ignore already expired timers + * http2: fix handle leak in error path + * openssl: make SSL_ERROR_to_str more future-proof + * openssl: fix thread-safety bugs in error-handling + * openssl: don't try to print nonexistant peer private keys + +------------------------------------------------------------------- +Fri Feb 24 11:42:10 UTC 2017 - idonmez@suse.com + +- Update to 7.53.1 + Bugfixes: + * url: Improve CURLOPT_PROXY_CAPATH error handling + * urldata: include curl_sspi.h when Windows SSPI is enabled + * formdata: check for EOF when reading from stdin + * tests: Set CHARSET & LANG to UTF-8 in 1035, 2046 and 2047 + * url: Default the proxy CA bundle location to CURL_CA_BUNDLE + * rand: added missing #ifdef HAVE_FCNTL_H around fcntl.h header + +------------------------------------------------------------------- +Wed Feb 22 09:49:12 UTC 2017 - idonmez@suse.com + +- Update to 7.53.0 + Changes: + * unix_socket: added --abstract-unix-socket and + CURLOPT_ABSTRACT_UNIX_SOCKET + * CURLOPT_BUFFERSIZE: support enlarging receive buffer + + Bugfixes: + * CVE-2017-2629: make SSL_VERIFYSTATUS work again + * gnutls-random: check return code for failed random + * openssl-random: check return code when asking for random + * http: remove "Curl_http_done: called premature" message + * cyassl: use time_t instead of long for timeout + * build-wolfssl: Sync config with wolfSSL 3.10 + * ftp-gss: check for init before use + * configure: accept --with-libidn2 instead + * ftp: failure to resolve proxy should return that error code + * curl.1: add three more exit codes + * docs/ciphers: link to our own new page about ciphers + * vtls: s/SSLEAY/OPENSSL - fixes multi_socket timeouts with openssl + * darwinssl: fix iOS build + * darwinssl: fix CFArrayRef leak + * cmake: use crypt32.lib when building with OpenSSL on windows + * curl_formadd.3: CURLFORM_CONTENTSLENGTH not needed when chunked + * digest_sspi: copy terminating NUL as well + * curl: fix --remote-time incorrect times on Windows + * curl.1: several updates and corrections + * content_encoding: change return code on a failure + * curl.h: CURLE_FUNCTION_NOT_FOUND is no longer in use + * docs: TCP_KEEPALIVE start and interval default to 60 + * darwinssl: --insecure overrides --cacert if both settings are in use + * TheArtOfHttpScripting: grammar + * CIPHERS.md: document GSKit ciphers + * wolfssl: support setting cipher list + * wolfssl: display negotiated SSL version and cipher + * lib506: fix build for Open Watcom + * asiohiper: improved socket handling + * examples: make the C++ examples follow our code style too + * tests/sws: retry send() on EWOULDBLOCK + * cmake: Fix passing _WINSOCKAPI_ macro to compiler + * smtp: Fix STARTTLS denied error message + * imap/pop3: don't print response character in STARTTLS denied messages + * rand: make it work without TLS backing + * url: fix parsing for when 'file' is the default protocol + * url: allow file://X:/path URLs on windows again + * gnutls: check for alpn and ocsp in configure + * IDN: Use TR46 'non-transitional' for toASCII translations + * url: Fix NO_PROXY env var to work properly with --proxy option + * CURLOPT_PREQUOTE.3: takes a struct curl_slist*, not a char* + * docs: Add note about libcurl copying strings to CURLOPT_* manpages + * curl: reset the easy handle at --next + * --next docs: --trace and --trace-ascii are also global + * --write-out docs: 'time_total' is not always shown with ms precision + * http: print correct HTTP string in verbose output when using HTTP/2 + * docs: improved language in README.md HISTORY.md CONTRIBUTE.md + * http2: disable server push if not requested + * nss: use the correct lock in nss_find_slot_by_name() + * usercertinmem.c: improve the short description + * CURLOPT_CONNECT_TO: Fix compile warnings + * docs: non-blocking SSL handshake is now supported with NSS + * *.rc: escape non-ASCII/non-UTF-8 character for clarity + * mbedTLS: fix multi interface non-blocking handshake + * PolarSSL: fix multi interface non-blocking handshake + * VC: remove the makefile.vc6 build infra + * telnet: fix windows compiler warnings + * cookies: do not assume a valid domain has a dot + * polarssl: fix hangs + * gnutls: disable TLS session tickets + * mbedtls: disable TLS session tickets + * mbedtls: implement CTR-DRBG and HAVEGE random generators + * openssl: Don't use certificate after transferring ownership + * cmake: Support curl --xattr when built with cmake + * OS400: Fix symbols + * docs: Add more HTTPS proxy documentation + * docs: use more HTTPS links + * cmdline-opts: Fixed build and test in out of source tree builds + * CHANGES.0: removed + * schannel: Remove incorrect SNI disabled message + * darwinssl: Avoid parsing certificates when not in verbose mode + * test552: Fix typos + * telnet: Fix typos + * transfer: only retry nobody-requests for HTTP + * http2: reset push header counter fixes crash + * nss: make FTPS work with --proxytunnel + * test1139: Added the --manual keyword since the manual is required + * polarssl, mbedtls: Fix detection of pending data + * http_proxy: Fix tiny memory leak upon edge case connecting to proxy + * URL: only accept ";options" in SMTP/POP3/IMAP URL schemes + * curl.1: ftp.sunet.se is no longer an FTP mirror + * tool_operate: Show HTTPS-Proxy options on CURLE_SSL_CACERT ++++ 1832 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:Factory/.curl.new/curl-mini.changes --- /work/SRC/openSUSE:Factory/curl/curl.changes 2017-05-03 15:51:44.586365046 +0200 +++ /work/SRC/openSUSE:Factory/.curl.new/curl.changes 2017-06-29 15:00:47.666518311 +0200 @@ -1,0 +2,48 @@ +Wed Jun 28 13:50:08 UTC 2017 - dimstar@opensuse.org + +- Update License to 'curl' as per review on OBS sr#505976. + +------------------------------------------------------------------- +Fri Jun 23 10:49:11 UTC 2017 - dimstar@opensuse.org + +- Have the -mini packages conflict the real ones. + +------------------------------------------------------------------- +Tue Jun 20 11:30:01 UTC 2017 - idonmez@suse.com + +- Add curl-invalid-free.patch to fix an invalid free in + curl_multi_setopt function. + +------------------------------------------------------------------- +Wed Jun 14 11:19:16 UTC 2017 - idonmez@suse.com + +- Update to 7.54.1 + Changes: + * curl now shows release date in --version output + Bugfixes: + * Fixes CVE-2017-9502: default protocol drive letter + buffer overflow bsc#1044243 + * openssl: fix memory leak in servercert + * curl: set a 100K buffer size by default + * nss: do not leak PKCS #11 slot while loading a key + * nss: load libnssckbi.so if no other trust is specified + * curl: use utimes instead of obsolescent utime when available + * url: fixed a memory leak on OOM while setting CURLOPT_BUFFERSIZE + * CURLOPT_BUFFERSIZE: 1024 bytes is now the minimum size + * curl: non-boolean command line args reject --no- prefixes + * telnet: Write full buffer instead of byte-by-byte + * curl: remove --environment and tool_writeenv.c + * curl: generate the --help output + * curl.1: clarify --config + * curl.1: mention --oauth2-bearer's argument + * ssh: fix memory leak in disconnect due to timeout + * redirect: store the "would redirect to" URL when max redirs is reached + * file: make speedcheck use current time for checks + * urlglob: fix division by zero + +------------------------------------------------------------------- +Tue Jun 13 13:08:21 UTC 2017 - lnussel@suse.de + +- Create curl-mini for bootstrapping (boo#1042919) + +------------------------------------------------------------------- Old: ---- curl-7.54.0.tar.lzma curl-7.54.0.tar.lzma.asc New: ---- curl-7.54.1.tar.lzma curl-7.54.1.tar.lzma.asc curl-invalid-free.patch curl-mini.changes curl-mini.spec pre_checkin.sh ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ curl-mini.spec ++++++ # # spec file for package curl-mini # # Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # ##### WARNING: please do not edit this auto generated spec file. Use the curl.spec! ##### %define bootstrap 1 ##### WARNING: please do not edit this auto generated spec file. Use the curl.spec! ##### %define mini -mini %bcond_with mozilla_nss # need ssl always for python-pycurl %bcond_without openssl %if 0%{?bootstrap} %bcond_with testsuite %else %bcond_without testsuite %endif Name: curl-mini Version: 7.54.1 Release: 0 Summary: A Tool for Transferring Data from URLs License: curl Group: Productivity/Networking/Web/Utilities Url: https://curl.haxx.se/ Source: https://curl.haxx.se/download/curl-%{version}.tar.lzma Source2: https://curl.haxx.se/download/curl-%{version}.tar.lzma.asc Source3: baselibs.conf Source4: https://daniel.haxx.se/mykey.asc#/curl.keyring Patch0: libcurl-ocloexec.patch Patch1: dont-mess-with-rpmoptflags.diff Patch2: curl-secure-getenv.patch Patch3: curl-invalid-free.patch BuildRequires: libtool BuildRequires: pkgconfig %if !0%{?bootstrap} BuildRequires: groff BuildRequires: krb5-mini-devel BuildRequires: libidn2-devel BuildRequires: lzma BuildRequires: openldap2-devel BuildRequires: pkgconfig(libmetalink) BuildRequires: pkgconfig(libnghttp2) BuildRequires: pkgconfig(libpsl) BuildRequires: pkgconfig(libssh2) BuildRequires: pkgconfig(zlib) %else Requires: this-is-only-for-build-envs Conflicts: curl # The -mini package is sufficient for the build hosts Provides: curl = %{version} %endif Requires: libcurl4%{?mini} = %{version} BuildRoot: %{_tmppath}/%{name}-%{version}-build %if %{with openssl} BuildRequires: pkgconfig(libssl) %endif %if %{with mozilla_nss} BuildRequires: mozilla-nss-devel %endif #BuildRequires: openssh %if 0%{?_with_stunnel:1} # used by the testsuite BuildRequires: stunnel %endif # bug437293 %ifarch ppc64 Obsoletes: curl-64bit %endif %description Curl is a client to get documents and files from or send documents to a server using any of the supported protocols (HTTP, HTTPS, FTP, FTPS, TFTP, DICT, TELNET, LDAP, or FILE). The command is designed to work without user interaction or any kind of interactivity. %package -n libcurl4%{?mini} Summary: Version 4 of cURL shared library Group: Productivity/Networking/Web/Utilities %if 0%{?bootstrap} Requires: this-is-only-for-build-envs Conflicts: libcurl4 %endif %description -n libcurl4%{?mini} The cURL shared library version 4 for accessing data using different network protocols. %package -n libcurl%{?mini}-devel Summary: A Tool for Transferring Data from URLs Group: Development/Libraries/C and C++ Requires: glibc-devel Requires: libcurl4%{?mini} = %{version} # curl-devel (v 7.15.5) was last used in 10.2 Provides: curl-devel <= 7.15.5 Obsoletes: curl-devel < 7.16.2 %if 0%{?bootstrap} Requires: this-is-only-for-build-envs Provides: libcurl-devel = %{version}-%{release} Conflicts: libcurl-devel %endif %description -n libcurl%{?mini}-devel Curl is a client to get documents and files from or send documents to a server using any of the supported protocols (HTTP, HTTPS, FTP, GOPHER, DICT, TELNET, LDAP, or FILE). The command is designed to work without user interaction or any kind of interactivity. %prep %setup -q -n curl-%version %patch0 %patch1 %patch2 %patch3 -p1 %build # curl complains if macro definition is contained in CFLAGS # see m4/xc-val-flgs.m4 CPPFLAGS="-D_FORTIFY_SOURCE=2" CFLAGS=$(echo "%{optflags}" | sed -e 's/-D_FORTIFY_SOURCE=2//') export CPPFLAGS CFLAGS export CFLAGS="$CFLAGS -fPIE" export LDFLAGS="$LDFLAGS -pie" autoreconf -fiv # local hack to make curl-config --libs stop printing libraries it depends on # (currently, libtool sets link_all_deplibs=(yes|unknown) everywhere, # will hopefully change in the future) sed -i 's/\(link_all_deplibs=\)unknown/\1no/' configure %configure \ --enable-ipv6 \ %if %{with openssl} --with-ssl \ --with-ca-fallback \ --without-ca-path \ --without-ca-bundle \ %else --without-ssl \ %if %{with mozilla_nss} --with-nss \ %endif %endif %if !0%{?bootstrap} --with-gssapi=%{_libexecdir}/mit \ --with-libidn2 \ --with-libssh2 \ --with-libmetalink \ %endif --enable-hidden-symbols \ --disable-static \ --enable-threaded-resolver # if this fails, the above sed hack did not work ./libtool --config | grep -q link_all_deplibs=no # enable-hidden-symbols needs gcc4 and causes that curl exports only its API make %{?_smp_mflags} V=1 %if %{with testsuite} %check pushd tests make %{?_smp_mflags} # make sure the testsuite runs don't race on MP machines in autobuild if test -z "$BUILD_INCARNATION" -a -r /.buildenv; then . /.buildenv fi if test -z "$BUILD_INCARNATION"; then BUILD_INCARNATION=0 fi base=$((8990 + $BUILD_INCARNATION * 20)) # bug940009 do not run flaky tests for any architecture # at least test 1510 do fail for i586 and ppc64le perl ./runtests.pl -a -b$base '!flaky' || exit popd %endif %install %make_install rm -f %{buildroot}%{_libdir}/libcurl.la install -Dm 0644 docs/libcurl/libcurl.m4 %{buildroot}%{_datadir}/aclocal/libcurl.m4 pushd scripts make %{?_smp_mflags} DESTDIR=%{buildroot} install popd %post -n libcurl4%{?mini} -p /sbin/ldconfig %postun -n libcurl4%{?mini} -p /sbin/ldconfig %files %defattr(-,root,root) %doc README RELEASE-NOTES %doc docs/{BUGS,FAQ,FEATURES,MANUAL,RESOURCES,TODO,TheArtOfHttpScripting} %{_bindir}/curl %{_datadir}/zsh/site-functions/_curl %{_mandir}/man1/curl.1%{ext_man} %dir %{_datadir}/zsh %dir %{_datadir}/zsh/site-functions %files -n libcurl4%{?mini} %defattr(-,root,root) %{_libdir}/libcurl.so.4* %files -n libcurl%{?mini}-devel %defattr(-,root,root) %{_bindir}/curl-config %{_includedir}/curl %dir %{_datadir}/aclocal/ %{_datadir}/aclocal/libcurl.m4 %{_libdir}/libcurl.so %{_libdir}/pkgconfig/libcurl.pc %{_mandir}/man1/curl-config.1%{ext_man} %{_mandir}/man3/* %doc docs/libcurl/symbols-in-versions %changelog ++++++ curl.spec ++++++ --- /var/tmp/diff_new_pack.t2dctC/_old 2017-06-29 15:00:50.110173274 +0200 +++ /var/tmp/diff_new_pack.t2dctC/_new 2017-06-29 15:00:50.110173274 +0200 @@ -16,36 +16,54 @@ # -%bcond_without openssl +%define bootstrap 0 +%define mini %nil + %bcond_with mozilla_nss +# need ssl always for python-pycurl +%bcond_without openssl + +%if 0%{?bootstrap} +%bcond_with testsuite +%else %bcond_without testsuite +%endif + Name: curl -Version: 7.54.0 +Version: 7.54.1 Release: 0 Summary: A Tool for Transferring Data from URLs -License: BSD-3-Clause and MIT +License: curl Group: Productivity/Networking/Web/Utilities Url: https://curl.haxx.se/ -Source: https://curl.haxx.se/download/%{name}-%{version}.tar.lzma -Source2: https://curl.haxx.se/download/%{name}-%{version}.tar.lzma.asc +Source: https://curl.haxx.se/download/curl-%{version}.tar.lzma +Source2: https://curl.haxx.se/download/curl-%{version}.tar.lzma.asc Source3: baselibs.conf -Source4: https://daniel.haxx.se/mykey.asc#/%{name}.keyring +Source4: https://daniel.haxx.se/mykey.asc#/curl.keyring Patch0: libcurl-ocloexec.patch Patch1: dont-mess-with-rpmoptflags.diff Patch2: curl-secure-getenv.patch +Patch3: curl-invalid-free.patch +BuildRequires: libtool +BuildRequires: pkgconfig +%if !0%{?bootstrap} BuildRequires: groff BuildRequires: krb5-mini-devel BuildRequires: libidn2-devel -BuildRequires: libtool BuildRequires: lzma BuildRequires: openldap2-devel -BuildRequires: pkgconfig BuildRequires: pkgconfig(libmetalink) BuildRequires: pkgconfig(libnghttp2) BuildRequires: pkgconfig(libpsl) BuildRequires: pkgconfig(libssh2) BuildRequires: pkgconfig(zlib) -Requires: libcurl4 = %{version} +%else +Requires: this-is-only-for-build-envs +Conflicts: curl +# The -mini package is sufficient for the build hosts +Provides: curl = %{version} +%endif +Requires: libcurl4%{?mini} = %{version} BuildRoot: %{_tmppath}/%{name}-%{version}-build %if %{with openssl} BuildRequires: pkgconfig(libssl) @@ -69,34 +87,44 @@ TFTP, DICT, TELNET, LDAP, or FILE). The command is designed to work without user interaction or any kind of interactivity. -%package -n libcurl4 +%package -n libcurl4%{?mini} Summary: Version 4 of cURL shared library Group: Productivity/Networking/Web/Utilities +%if 0%{?bootstrap} +Requires: this-is-only-for-build-envs +Conflicts: libcurl4 +%endif -%description -n libcurl4 +%description -n libcurl4%{?mini} The cURL shared library version 4 for accessing data using different network protocols. -%package -n libcurl-devel +%package -n libcurl%{?mini}-devel Summary: A Tool for Transferring Data from URLs Group: Development/Libraries/C and C++ Requires: glibc-devel -Requires: libcurl4 = %{version} +Requires: libcurl4%{?mini} = %{version} # curl-devel (v 7.15.5) was last used in 10.2 Provides: curl-devel <= 7.15.5 Obsoletes: curl-devel < 7.16.2 +%if 0%{?bootstrap} +Requires: this-is-only-for-build-envs +Provides: libcurl-devel = %{version}-%{release} +Conflicts: libcurl-devel +%endif -%description -n libcurl-devel +%description -n libcurl%{?mini}-devel Curl is a client to get documents and files from or send documents to a server using any of the supported protocols (HTTP, HTTPS, FTP, GOPHER, DICT, TELNET, LDAP, or FILE). The command is designed to work without user interaction or any kind of interactivity. %prep -%setup -q +%setup -q -n curl-%version %patch0 %patch1 %patch2 +%patch3 -p1 %build # curl complains if macro definition is contained in CFLAGS @@ -124,13 +152,15 @@ --with-nss \ %endif %endif +%if !0%{?bootstrap} --with-gssapi=%{_libexecdir}/mit \ --with-libidn2 \ --with-libssh2 \ + --with-libmetalink \ +%endif --enable-hidden-symbols \ --disable-static \ - --enable-threaded-resolver \ - --with-libmetalink + --enable-threaded-resolver # if this fails, the above sed hack did not work ./libtool --config | grep -q link_all_deplibs=no @@ -165,8 +195,8 @@ make %{?_smp_mflags} DESTDIR=%{buildroot} install popd -%post -n libcurl4 -p /sbin/ldconfig -%postun -n libcurl4 -p /sbin/ldconfig +%post -n libcurl4%{?mini} -p /sbin/ldconfig +%postun -n libcurl4%{?mini} -p /sbin/ldconfig %files %defattr(-,root,root) @@ -178,11 +208,11 @@ %dir %{_datadir}/zsh %dir %{_datadir}/zsh/site-functions -%files -n libcurl4 +%files -n libcurl4%{?mini} %defattr(-,root,root) %{_libdir}/libcurl.so.4* -%files -n libcurl-devel +%files -n libcurl%{?mini}-devel %defattr(-,root,root) %{_bindir}/curl-config %{_includedir}/curl ++++++ curl-invalid-free.patch ++++++
From 19e775b499c5c3cc7ec717af7c1e764f42817369 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg
Date: Sun, 18 Jun 2017 17:54:55 +0200 Subject: [PATCH] PIPELINING_SERVER_BL: cleanup the internal list use
The list was freed incorrectly since the llist refactor of cbae73e1dd959. Aded test 1550 to verify that it works and avoid future regressions. Reported-by: Pascal Terjan Fixes #1584 --- lib/pipeline.c | 37 +++++++++++++++---------------------- tests/data/Makefile.inc | 1 + tests/data/test1550 | 29 +++++++++++++++++++++++++++++ tests/libtest/Makefile.inc | 8 ++++++++ tests/libtest/lib1550.c | 39 +++++++++++++++++++++++++++++++++++++++ 5 files changed, 92 insertions(+), 22 deletions(-) create mode 100644 tests/data/test1550 create mode 100644 tests/libtest/lib1550.c diff --git a/lib/pipeline.c b/lib/pipeline.c index b8d2037452..4d41b04139 100644 --- a/lib/pipeline.c +++ b/lib/pipeline.c @@ -230,28 +230,27 @@ CURLMcode Curl_pipeline_set_site_blacklist(char **sites, return CURLM_OK; } +struct blacklist_node { + struct curl_llist_element list; + char server_name[1]; +}; + bool Curl_pipeline_server_blacklisted(struct Curl_easy *handle, char *server_name) { if(handle->multi && server_name) { - struct curl_llist *blacklist = + struct curl_llist *list = Curl_multi_pipelining_server_bl(handle->multi); - if(blacklist) { - struct curl_llist_element *curr; - - curr = blacklist->head; - while(curr) { - char *bl_server_name; - - bl_server_name = curr->ptr; - if(strncasecompare(bl_server_name, server_name, - strlen(bl_server_name))) { - infof(handle, "Server %s is blacklisted\n", server_name); - return TRUE; - } - curr = curr->next; + struct curl_llist_element *e = list->head; + while(e) { + struct blacklist_node *bl = (struct blacklist_node *)e; + if(strncasecompare(bl->server_name, server_name, + strlen(bl->server_name))) { + infof(handle, "Server %s is blacklisted\n", server_name); + return TRUE; } + e = e->next; } DEBUGF(infof(handle, "Server %s is not blacklisted\n", server_name)); @@ -259,11 +258,6 @@ bool Curl_pipeline_server_blacklisted(struct Curl_easy *handle, return FALSE; } -struct blacklist_node { - struct curl_llist_element list; - char server_name[1]; -}; - CURLMcode Curl_pipeline_set_server_blacklist(char **servers, struct curl_llist *list) { @@ -286,8 +280,7 @@ CURLMcode Curl_pipeline_set_server_blacklist(char **servers, } strcpy(n->server_name, *servers); - Curl_llist_insert_next(list, list->tail, n->server_name, - &n->list); + Curl_llist_insert_next(list, list->tail, n, &n->list); servers++; } } ++++++ pre_checkin.sh ++++++ #!/bin/sh # This script is based on libcdio_spec-prepare.sh (thanks to sbrabec@suse.cz) # create a -mini spec for systemd for bootstrapping ORIG_SPEC=curl EDIT_WARNING="##### WARNING: please do not edit this auto generated spec file. Use the ${ORIG_SPEC}.spec! #####\n" sed "s/^%define bootstrap .*$/${EDIT_WARNING}%define bootstrap 1/; s/^%define mini .*$/${EDIT_WARNING}%define mini -mini/; s/^Name:.*/&-mini/ " < ${ORIG_SPEC}.spec > ${ORIG_SPEC}-mini.spec cp ${ORIG_SPEC}.changes ${ORIG_SPEC}-mini.changes #cp ${ORIG_SPEC}-rpmlintrc ${ORIG_SPEC}-mini-rpmlintrc osc service localrun format_spec_file
participants (1)
-
root@hilbert.suse.de