diff --git a/.fmf/version b/.fmf/version deleted file mode 100644 index d00491f..0000000 --- a/.fmf/version +++ /dev/null @@ -1 +0,0 @@ -1 diff --git a/.gitignore b/.gitignore index 9bb4285..7dcfd8f 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,2 @@ /curl-[0-9.]*.tar.lzma -/curl-[0-9.]*.tar.lzma.asc /curl-[0-9.]*.tar.xz -/curl-[0-9.]*.tar.xz.asc -/curl-[0-9]*.[0-9]*.[0-9]*/ -/*.src.rpm diff --git a/0001-curl-7.66.0-metalink-memleak.patch b/0001-curl-7.66.0-metalink-memleak.patch new file mode 100644 index 0000000..16c8ae2 --- /dev/null +++ b/0001-curl-7.66.0-metalink-memleak.patch @@ -0,0 +1,71 @@ +From 855ebacdffbc421b121563ae1ecd9fde736bfaf2 Mon Sep 17 00:00:00 2001 +From: Kamil Dudka +Date: Wed, 11 Sep 2019 16:32:11 +0200 +Subject: [PATCH] curl: fix memory leaked by parse_metalink() + +This commit fixes a regression introduced by curl-7_65_3-5-gb88940850. +Detected by tests 2005, 2008, 2009, 2010, 2011, and 2012 with valgrind +and libmetalink enabled. + +Closes #4326 + +Upstream-commit: 1ca91bcdb588dc6c25d345f2411fdba314433732 +Signed-off-by: Kamil Dudka +--- + src/tool_metalink.c | 2 +- + src/tool_metalink.h | 3 +++ + src/tool_operate.c | 4 ++++ + 3 files changed, 8 insertions(+), 1 deletion(-) + +diff --git a/src/tool_metalink.c b/src/tool_metalink.c +index 0740407f9..cd5a7d650 100644 +--- a/src/tool_metalink.c ++++ b/src/tool_metalink.c +@@ -965,7 +965,7 @@ static void delete_metalink_resource(metalink_resource *res) + Curl_safefree(res); + } + +-static void delete_metalinkfile(metalinkfile *mlfile) ++void delete_metalinkfile(metalinkfile *mlfile) + { + metalink_resource *res; + if(mlfile == NULL) { +diff --git a/src/tool_metalink.h b/src/tool_metalink.h +index 1e367033c..f5ec306f7 100644 +--- a/src/tool_metalink.h ++++ b/src/tool_metalink.h +@@ -105,6 +105,8 @@ extern const digest_params SHA256_DIGEST_PARAMS[1]; + * Counts the resource in the metalinkfile. + */ + int count_next_metalink_resource(metalinkfile *mlfile); ++ ++void delete_metalinkfile(metalinkfile *mlfile); + void clean_metalink(struct OperationConfig *config); + + /* +@@ -158,6 +160,7 @@ void metalink_cleanup(void); + #else /* USE_METALINK */ + + #define count_next_metalink_resource(x) 0 ++#define delete_metalinkfile(x) (void)x + #define clean_metalink(x) (void)x + + /* metalink_cleanup() takes no arguments */ +diff --git a/src/tool_operate.c b/src/tool_operate.c +index d2ad9642d..09dfc0c84 100644 +--- a/src/tool_operate.c ++++ b/src/tool_operate.c +@@ -2073,6 +2073,10 @@ static CURLcode serial_transfers(struct GlobalConfig *global, + result = post_transfer(global, share, per, result, &retry); + if(retry) + continue; ++ ++ /* Release metalink related resources here */ ++ delete_metalinkfile(per->mlfile); ++ + per = del_transfer(per); + + /* Bail out upon critical errors or --fail-early */ +-- +2.20.1 + diff --git a/0002-curl-7.69.1-CVE-2020-8169.patch b/0002-curl-7.69.1-CVE-2020-8169.patch new file mode 100644 index 0000000..d555aa3 --- /dev/null +++ b/0002-curl-7.69.1-CVE-2020-8169.patch @@ -0,0 +1,140 @@ +From 64e66ff04479bf76940916e09cc5094580b06e18 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Thu, 14 May 2020 14:37:12 +0200 +Subject: [PATCH] url: make the updated credentials URL-encoded in the URL + +Found-by: Gregory Jefferis +Reported-by: Jeroen Ooms +Added test 1168 to verify. Bug spotted when doing a redirect. +Bug: https://github.com/jeroen/curl/issues/224 +Closes #5400 + +Upstream-commit: 600a8cded447cd7118ed50142c576567c0cf5158 +Signed-off-by: Kamil Dudka +--- + lib/url.c | 6 ++-- + tests/data/Makefile.inc | 1 + + tests/data/test1168 | 78 +++++++++++++++++++++++++++++++++++++++++ + 3 files changed, 83 insertions(+), 2 deletions(-) + create mode 100644 tests/data/test1168 + +diff --git a/lib/url.c b/lib/url.c +index 47fc66a..a826f8a 100644 +--- a/lib/url.c ++++ b/lib/url.c +@@ -2712,12 +2712,14 @@ static CURLcode override_login(struct Curl_easy *data, + + /* for updated strings, we update them in the URL */ + if(user_changed) { +- uc = curl_url_set(data->state.uh, CURLUPART_USER, *userp, 0); ++ uc = curl_url_set(data->state.uh, CURLUPART_USER, *userp, ++ CURLU_URLENCODE); + if(uc) + return Curl_uc_to_curlcode(uc); + } + if(passwd_changed) { +- uc = curl_url_set(data->state.uh, CURLUPART_PASSWORD, *passwdp, 0); ++ uc = curl_url_set(data->state.uh, CURLUPART_PASSWORD, *passwdp, ++ CURLU_URLENCODE); + if(uc) + return Curl_uc_to_curlcode(uc); + } +diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc +index 3d8565c..f9535a6 100644 +--- a/tests/data/Makefile.inc ++++ b/tests/data/Makefile.inc +@@ -130,6 +130,7 @@ test1136 test1137 test1138 test1139 test1140 test1141 test1142 test1143 \ + test1144 test1145 test1146 test1147 test1148 test1149 test1150 test1151 \ + test1152 test1153 test1154 test1155 test1156 test1157 test1158 test1159 \ + test1160 test1161 test1162 test1163 test1164 test1165 \ ++test1168 \ + test1170 test1171 test1172 test1173 test1174 \ + \ + test1200 test1201 test1202 test1203 test1204 test1205 test1206 test1207 \ +diff --git a/tests/data/test1168 b/tests/data/test1168 +new file mode 100644 +index 0000000..283e91e +--- /dev/null ++++ b/tests/data/test1168 +@@ -0,0 +1,78 @@ ++ ++ ++ ++HTTP ++HTTP GET ++followlocation ++ ++ ++# Server-side ++ ++ ++HTTP/1.1 301 This is a weirdo text message swsclose ++Date: Thu, 09 Nov 2010 14:49:00 GMT ++Server: test-server/fake ++Location: /data/11680002.txt ++Connection: close ++ ++This server reply is for testing a simple Location: following ++ ++ ++ ++HTTP/1.1 200 Followed here fine swsclose ++Date: Thu, 09 Nov 2010 14:49:00 GMT ++Server: test-server/fake ++Content-Length: 52 ++ ++If this is received, the location following worked ++ ++ ++ ++HTTP/1.1 301 This is a weirdo text message swsclose ++Date: Thu, 09 Nov 2010 14:49:00 GMT ++Server: test-server/fake ++Location: /data/11680002.txt ++Connection: close ++ ++HTTP/1.1 200 Followed here fine swsclose ++Date: Thu, 09 Nov 2010 14:49:00 GMT ++Server: test-server/fake ++Content-Length: 52 ++ ++If this is received, the location following worked ++ ++ ++ ++ ++# Client-side ++ ++ ++http ++ ++ ++HTTP redirect with credentials using # in user and password ++ ++ ++http://%HOSTIP:%HTTPPORT/want/1168 -L -u "catmai#d:#DZaRJYrixKE*gFY" ++ ++ ++ ++# Verify data after the test has been "shot" ++ ++ ++^User-Agent:.* ++ ++ ++GET /want/1168 HTTP/1.1 ++Host: %HOSTIP:%HTTPPORT ++Authorization: Basic Y2F0bWFpI2Q6I0RaYVJKWXJpeEtFKmdGWQ== ++Accept: */* ++ ++GET /data/11680002.txt HTTP/1.1 ++Host: %HOSTIP:%HTTPPORT ++Authorization: Basic Y2F0bWFpI2Q6I0RaYVJKWXJpeEtFKmdGWQ== ++Accept: */* ++ ++ ++ ++ +-- +2.21.3 + diff --git a/0003-curl-7.69.1-CVE-2020-8177.patch b/0003-curl-7.69.1-CVE-2020-8177.patch new file mode 100644 index 0000000..8061052 --- /dev/null +++ b/0003-curl-7.69.1-CVE-2020-8177.patch @@ -0,0 +1,68 @@ +From a6fcd8a32f3b1c5d80e524f8b2c1de32e6ecdb2b Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Sun, 31 May 2020 23:09:59 +0200 +Subject: [PATCH] tool_getparam: -i is not OK if -J is used + +Reported-by: sn on hackerone +Bug: https://curl.haxx.se/docs/CVE-2020-8177.html + +Upstream-commit: 8236aba58542c5f89f1d41ca09d84579efb05e22 +Signed-off-by: Kamil Dudka +--- + src/tool_cb_hdr.c | 22 ++++------------------ + src/tool_getparam.c | 5 +++++ + 2 files changed, 9 insertions(+), 18 deletions(-) + +diff --git a/src/tool_cb_hdr.c b/src/tool_cb_hdr.c +index 3b10238..b80707f 100644 +--- a/src/tool_cb_hdr.c ++++ b/src/tool_cb_hdr.c +@@ -134,25 +134,11 @@ size_t tool_header_cb(char *ptr, size_t size, size_t nmemb, void *userdata) + filename = parse_filename(p, len); + if(filename) { + if(outs->stream) { +- int rc; +- /* already opened and possibly written to */ +- if(outs->fopened) +- fclose(outs->stream); +- outs->stream = NULL; +- +- /* rename the initial file name to the new file name */ +- rc = rename(outs->filename, filename); +- if(rc != 0) { +- warnf(outs->config->global, "Failed to rename %s -> %s: %s\n", +- outs->filename, filename, strerror(errno)); +- } +- if(outs->alloc_filename) +- Curl_safefree(outs->filename); +- if(rc != 0) { +- free(filename); +- return failure; +- } ++ /* indication of problem, get out! */ ++ free(filename); ++ return failure; + } ++ + outs->is_cd_filename = TRUE; + outs->s_isreg = TRUE; + outs->fopened = FALSE; +diff --git a/src/tool_getparam.c b/src/tool_getparam.c +index 764caa2..c5c7429 100644 +--- a/src/tool_getparam.c ++++ b/src/tool_getparam.c +@@ -1784,6 +1784,11 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */ + } + break; + case 'i': ++ if(config->content_disposition) { ++ warnf(global, ++ "--include and --remote-header-name cannot be combined.\n"); ++ return PARAM_BAD_USE; ++ } + config->show_headers = toggle; /* show the headers as well in the + general output stream */ + break; +-- +2.21.3 + diff --git a/0004-curl-7.66.0-CVE-2020-8231.patch b/0004-curl-7.66.0-CVE-2020-8231.patch new file mode 100644 index 0000000..4c2431b --- /dev/null +++ b/0004-curl-7.66.0-CVE-2020-8231.patch @@ -0,0 +1,1450 @@ +From 29a1051e4901bca8a8b839455dcc1e9491486ef8 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Mon, 9 Dec 2019 11:53:54 +0100 +Subject: [PATCH 1/4] conncache: fix multi-thread use of shared connection + cache + +It could accidentally let the connection get used by more than one +thread, leading to double-free and more. + +Reported-by: Christopher Reid +Fixes #4544 +Closes #4557 + +Upstream-commit: ee263de7a378e701f15e58879f36fdcfe8742006 +Signed-off-by: Kamil Dudka +--- + lib/conncache.c | 30 ++++-------------------------- + lib/conncache.h | 24 +++++++++++++++++++++++- + lib/http.c | 2 +- + lib/http2.c | 5 ++--- + lib/http2.h | 2 +- + lib/multi.c | 20 +++++++++++++------- + lib/url.c | 21 ++++++++------------- + tests/data/test1554 | 6 ++++++ + 8 files changed, 58 insertions(+), 52 deletions(-) + +diff --git a/lib/conncache.c b/lib/conncache.c +index 2f4dd4b..6344b92 100644 +--- a/lib/conncache.c ++++ b/lib/conncache.c +@@ -40,27 +40,6 @@ + #include "curl_memory.h" + #include "memdebug.h" + +-#ifdef CURLDEBUG +-/* the debug versions of these macros make extra certain that the lock is +- never doubly locked or unlocked */ +-#define CONN_LOCK(x) if((x)->share) { \ +- Curl_share_lock((x), CURL_LOCK_DATA_CONNECT, CURL_LOCK_ACCESS_SINGLE); \ +- DEBUGASSERT(!(x)->state.conncache_lock); \ +- (x)->state.conncache_lock = TRUE; \ +- } +- +-#define CONN_UNLOCK(x) if((x)->share) { \ +- DEBUGASSERT((x)->state.conncache_lock); \ +- (x)->state.conncache_lock = FALSE; \ +- Curl_share_unlock((x), CURL_LOCK_DATA_CONNECT); \ +- } +-#else +-#define CONN_LOCK(x) if((x)->share) \ +- Curl_share_lock((x), CURL_LOCK_DATA_CONNECT, CURL_LOCK_ACCESS_SINGLE) +-#define CONN_UNLOCK(x) if((x)->share) \ +- Curl_share_unlock((x), CURL_LOCK_DATA_CONNECT) +-#endif +- + #define HASHKEY_SIZE 128 + + static void conn_llist_dtor(void *user, void *element) +@@ -122,6 +101,7 @@ static int bundle_remove_conn(struct connectbundle *cb_ptr, + } + curr = curr->next; + } ++ DEBUGASSERT(0); + return 0; + } + +@@ -430,17 +410,15 @@ conncache_find_first_connection(struct conncache *connc) + * + * Return TRUE if stored, FALSE if closed. + */ +-bool Curl_conncache_return_conn(struct connectdata *conn) ++bool Curl_conncache_return_conn(struct Curl_easy *data, ++ struct connectdata *conn) + { +- struct Curl_easy *data = conn->data; +- + /* data->multi->maxconnects can be negative, deal with it. */ + size_t maxconnects = + (data->multi->maxconnects < 0) ? data->multi->num_easy * 4: + data->multi->maxconnects; + struct connectdata *conn_candidate = NULL; + +- conn->data = NULL; /* no owner anymore */ + conn->lastused = Curl_now(); /* it was used up until now */ + if(maxconnects > 0 && + Curl_conncache_size(data) > maxconnects) { +@@ -543,7 +521,7 @@ Curl_conncache_extract_oldest(struct Curl_easy *data) + while(curr) { + conn = curr->ptr; + +- if(!CONN_INUSE(conn) && !conn->data) { ++ if(!CONN_INUSE(conn) && !conn->data && !conn->bits.close) { + /* Set higher score for the age passed since the connection was used */ + score = Curl_timediff(now, conn->lastused); + +diff --git a/lib/conncache.h b/lib/conncache.h +index 58f9024..5fe80b4 100644 +--- a/lib/conncache.h ++++ b/lib/conncache.h +@@ -42,6 +42,27 @@ struct conncache { + #define BUNDLE_UNKNOWN 0 /* initial value */ + #define BUNDLE_MULTIPLEX 2 + ++#ifdef CURLDEBUG ++/* the debug versions of these macros make extra certain that the lock is ++ never doubly locked or unlocked */ ++#define CONN_LOCK(x) if((x)->share) { \ ++ Curl_share_lock((x), CURL_LOCK_DATA_CONNECT, CURL_LOCK_ACCESS_SINGLE); \ ++ DEBUGASSERT(!(x)->state.conncache_lock); \ ++ (x)->state.conncache_lock = TRUE; \ ++ } ++ ++#define CONN_UNLOCK(x) if((x)->share) { \ ++ DEBUGASSERT((x)->state.conncache_lock); \ ++ (x)->state.conncache_lock = FALSE; \ ++ Curl_share_unlock((x), CURL_LOCK_DATA_CONNECT); \ ++ } ++#else ++#define CONN_LOCK(x) if((x)->share) \ ++ Curl_share_lock((x), CURL_LOCK_DATA_CONNECT, CURL_LOCK_ACCESS_SINGLE) ++#define CONN_UNLOCK(x) if((x)->share) \ ++ Curl_share_unlock((x), CURL_LOCK_DATA_CONNECT) ++#endif ++ + struct connectbundle { + int multiuse; /* supports multi-use */ + size_t num_connections; /* Number of connections in the bundle */ +@@ -61,7 +82,8 @@ void Curl_conncache_unlock(struct Curl_easy *data); + size_t Curl_conncache_size(struct Curl_easy *data); + size_t Curl_conncache_bundle_size(struct connectdata *conn); + +-bool Curl_conncache_return_conn(struct connectdata *conn); ++bool Curl_conncache_return_conn(struct Curl_easy *data, ++ struct connectdata *conn); + CURLcode Curl_conncache_add_conn(struct conncache *connc, + struct connectdata *conn) WARN_UNUSED_RESULT; + void Curl_conncache_remove_conn(struct Curl_easy *data, +diff --git a/lib/http.c b/lib/http.c +index 28d1fa6..4820e4f 100644 +--- a/lib/http.c ++++ b/lib/http.c +@@ -1620,7 +1620,7 @@ CURLcode Curl_http_done(struct connectdata *conn, + Curl_add_buffer_free(&http->send_buffer); + } + +- Curl_http2_done(conn, premature); ++ Curl_http2_done(data, premature); + + Curl_mime_cleanpart(&http->form); + +diff --git a/lib/http2.c b/lib/http2.c +index 31d2d69..3f3d7d6 100644 +--- a/lib/http2.c ++++ b/lib/http2.c +@@ -1168,11 +1168,10 @@ static void populate_settings(struct connectdata *conn, + httpc->local_settings_num = 3; + } + +-void Curl_http2_done(struct connectdata *conn, bool premature) ++void Curl_http2_done(struct Curl_easy *data, bool premature) + { +- struct Curl_easy *data = conn->data; + struct HTTP *http = data->req.protop; +- struct http_conn *httpc = &conn->proto.httpc; ++ struct http_conn *httpc = &data->conn->proto.httpc; + + /* there might be allocated resources done before this got the 'h2' pointer + setup */ +diff --git a/lib/http2.h b/lib/http2.h +index 93058cc..12d36ee 100644 +--- a/lib/http2.h ++++ b/lib/http2.h +@@ -50,7 +50,7 @@ CURLcode Curl_http2_switched(struct connectdata *conn, + /* called from http_setup_conn */ + void Curl_http2_setup_conn(struct connectdata *conn); + void Curl_http2_setup_req(struct Curl_easy *data); +-void Curl_http2_done(struct connectdata *conn, bool premature); ++void Curl_http2_done(struct Curl_easy *data, bool premature); + CURLcode Curl_http2_done_sending(struct connectdata *conn); + CURLcode Curl_http2_add_child(struct Curl_easy *parent, + struct Curl_easy *child, +diff --git a/lib/multi.c b/lib/multi.c +index 2e91e4f..4dd064b 100755 +--- a/lib/multi.c ++++ b/lib/multi.c +@@ -531,6 +531,8 @@ static CURLcode multi_done(struct Curl_easy *data, + /* Stop if multi_done() has already been called */ + return CURLE_OK; + ++ conn->data = data; /* ensure the connection uses this transfer now */ ++ + /* Stop the resolver and free its own resources (but not dns_entry yet). */ + Curl_resolver_kill(conn); + +@@ -567,15 +569,17 @@ static CURLcode multi_done(struct Curl_easy *data, + + process_pending_handles(data->multi); /* connection / multiplex */ + ++ CONN_LOCK(data); + detach_connnection(data); + if(CONN_INUSE(conn)) { + /* Stop if still used. */ ++ CONN_UNLOCK(data); + DEBUGF(infof(data, "Connection still in use %zu, " + "no more multi_done now!\n", + conn->easyq.size)); + return CURLE_OK; + } +- ++ conn->data = NULL; /* the connection now has no owner */ + data->state.done = TRUE; /* called just now! */ + + if(conn->dns_entry) { +@@ -618,7 +622,10 @@ static CURLcode multi_done(struct Curl_easy *data, + #endif + ) || conn->bits.close + || (premature && !(conn->handler->flags & PROTOPT_STREAM))) { +- CURLcode res2 = Curl_disconnect(data, conn, premature); ++ CURLcode res2; ++ conn->bits.close = TRUE; /* forcibly prevents reuse */ ++ CONN_UNLOCK(data); ++ res2 = Curl_disconnect(data, conn, premature); + + /* If we had an error already, make sure we return that one. But + if we got a new error, return that. */ +@@ -635,9 +642,9 @@ static CURLcode multi_done(struct Curl_easy *data, + conn->bits.httpproxy ? conn->http_proxy.host.dispname : + conn->bits.conn_to_host ? conn->conn_to_host.dispname : + conn->host.dispname); +- + /* the connection is no longer in use by this transfer */ +- if(Curl_conncache_return_conn(conn)) { ++ CONN_UNLOCK(data); ++ if(Curl_conncache_return_conn(data, conn)) { + /* remember the most recently used connection */ + data->state.lastconnect = conn; + infof(data, "%s\n", buffer); +@@ -744,10 +751,8 @@ CURLMcode curl_multi_remove_handle(struct Curl_multi *multi, + vanish with this handle */ + + /* Remove the association between the connection and the handle */ +- if(data->conn) { +- data->conn->data = NULL; ++ if(data->conn) + detach_connnection(data); +- } + + #ifdef USE_LIBPSL + /* Remove the PSL association. */ +@@ -1242,6 +1247,7 @@ static CURLcode multi_do(struct Curl_easy *data, bool *done) + + DEBUGASSERT(conn); + DEBUGASSERT(conn->handler); ++ DEBUGASSERT(conn->data == data); + + if(conn->handler->do_it) { + /* generic protocol-specific function pointer set in curl_connect() */ +diff --git a/lib/url.c b/lib/url.c +index 767ddec..91729b9 100644 +--- a/lib/url.c ++++ b/lib/url.c +@@ -1074,16 +1074,15 @@ ConnectionExists(struct Curl_easy *data, + check = curr->ptr; + curr = curr->next; + +- if(check->bits.connect_only) +- /* connect-only connections will not be reused */ ++ if(check->bits.connect_only || check->bits.close) ++ /* connect-only or to-be-closed connections will not be reused */ + continue; + + multiplexed = CONN_INUSE(check) && + (bundle->multiuse == BUNDLE_MULTIPLEX); + + if(canmultiplex) { +- if(check->bits.protoconnstart && check->bits.close) +- continue; ++ ; + } + else { + if(multiplexed) { +@@ -1103,12 +1102,9 @@ ConnectionExists(struct Curl_easy *data, + } + } + +- if((check->sock[FIRSTSOCKET] == CURL_SOCKET_BAD) || +- check->bits.close) { +- if(!check->bits.close) +- foundPendingCandidate = TRUE; +- /* Don't pick a connection that hasn't connected yet or that is going +- to get closed. */ ++ if(check->sock[FIRSTSOCKET] == CURL_SOCKET_BAD) { ++ foundPendingCandidate = TRUE; ++ /* Don't pick a connection that hasn't connected yet */ + infof(data, "Connection #%ld isn't open enough, can't reuse\n", + check->connection_id); + continue; +@@ -1186,8 +1182,7 @@ ConnectionExists(struct Curl_easy *data, + already in use so we skip it */ + continue; + +- if(CONN_INUSE(check) && check->data && +- (check->data->multi != needle->data->multi)) ++ if(check->data && (check->data->multi != needle->data->multi)) + /* this could be subject for multiplex use, but only if they belong to + * the same multi handle */ + continue; +@@ -1629,6 +1624,7 @@ static struct connectdata *allocate_conn(struct Curl_easy *data) + it may live on without (this specific) Curl_easy */ + conn->fclosesocket = data->set.fclosesocket; + conn->closesocket_client = data->set.closesocket_client; ++ conn->lastused = Curl_now(); /* used now */ + + return conn; + error: +@@ -3592,7 +3588,6 @@ static CURLcode create_conn(struct Curl_easy *data, + reuse = FALSE; + + infof(data, "We can reuse, but we want a new connection anyway\n"); +- Curl_conncache_return_conn(conn_temp); + } + } + } +diff --git a/tests/data/test1554 b/tests/data/test1554 +index be48e02..06f1897 100644 +--- a/tests/data/test1554 ++++ b/tests/data/test1554 +@@ -38,6 +38,8 @@ run 1: foobar and so on fun! + <- Mutex unlock + -> Mutex lock + <- Mutex unlock ++-> Mutex lock ++<- Mutex unlock + run 1: foobar and so on fun! + -> Mutex lock + <- Mutex unlock +@@ -47,6 +49,8 @@ run 1: foobar and so on fun! + <- Mutex unlock + -> Mutex lock + <- Mutex unlock ++-> Mutex lock ++<- Mutex unlock + run 1: foobar and so on fun! + -> Mutex lock + <- Mutex unlock +@@ -54,6 +58,8 @@ run 1: foobar and so on fun! + <- Mutex unlock + -> Mutex lock + <- Mutex unlock ++-> Mutex lock ++<- Mutex unlock + + + +-- +2.25.4 + + +From c3359693e17fccdf2a04f0b908bc8f51cdc38133 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Mon, 27 Apr 2020 00:33:21 +0200 +Subject: [PATCH 2/4] conncache: various concept cleanups + +More connection cache accesses are protected by locks. + +CONNCACHE_* is a beter prefix for the connection cache lock macros. + +Curl_attach_connnection: now called as soon as there's a connection +struct available and before the connection is added to the connection +cache. + +Curl_disconnect: now assumes that the connection is already removed from +the connection cache. + +Ref: #4915 +Closes #5009 + +Upstream-commit: c06902713998d68202c5a764de910ba8d0e8f54d +Signed-off-by: Kamil Dudka +--- + lib/conncache.c | 91 ++++++++++++++++++++----------------------- + lib/conncache.h | 9 ++--- + lib/hostip.c | 12 +++--- + lib/http_negotiate.h | 6 ++- + lib/http_ntlm.h | 6 ++- + lib/multi.c | 56 +++++++++++++------------- + lib/multiif.h | 1 + + lib/url.c | 69 +++++++++++++++++--------------- + tests/data/test1554 | 18 +++++++++ + tests/unit/unit1620.c | 4 -- + 10 files changed, 144 insertions(+), 128 deletions(-) + +diff --git a/lib/conncache.c b/lib/conncache.c +index cbd3bb1..95fcea6 100644 +--- a/lib/conncache.c ++++ b/lib/conncache.c +@@ -49,53 +49,51 @@ static void conn_llist_dtor(void *user, void *element) + conn->bundle = NULL; + } + +-static CURLcode bundle_create(struct Curl_easy *data, +- struct connectbundle **cb_ptr) ++static CURLcode bundle_create(struct connectbundle **bundlep) + { +- (void)data; +- DEBUGASSERT(*cb_ptr == NULL); +- *cb_ptr = malloc(sizeof(struct connectbundle)); +- if(!*cb_ptr) ++ DEBUGASSERT(*bundlep == NULL); ++ *bundlep = malloc(sizeof(struct connectbundle)); ++ if(!*bundlep) + return CURLE_OUT_OF_MEMORY; + +- (*cb_ptr)->num_connections = 0; +- (*cb_ptr)->multiuse = BUNDLE_UNKNOWN; ++ (*bundlep)->num_connections = 0; ++ (*bundlep)->multiuse = BUNDLE_UNKNOWN; + +- Curl_llist_init(&(*cb_ptr)->conn_list, (curl_llist_dtor) conn_llist_dtor); ++ Curl_llist_init(&(*bundlep)->conn_list, (curl_llist_dtor) conn_llist_dtor); + return CURLE_OK; + } + +-static void bundle_destroy(struct connectbundle *cb_ptr) ++static void bundle_destroy(struct connectbundle *bundle) + { +- if(!cb_ptr) ++ if(!bundle) + return; + +- Curl_llist_destroy(&cb_ptr->conn_list, NULL); ++ Curl_llist_destroy(&bundle->conn_list, NULL); + +- free(cb_ptr); ++ free(bundle); + } + + /* Add a connection to a bundle */ +-static void bundle_add_conn(struct connectbundle *cb_ptr, ++static void bundle_add_conn(struct connectbundle *bundle, + struct connectdata *conn) + { +- Curl_llist_insert_next(&cb_ptr->conn_list, cb_ptr->conn_list.tail, conn, ++ Curl_llist_insert_next(&bundle->conn_list, bundle->conn_list.tail, conn, + &conn->bundle_node); +- conn->bundle = cb_ptr; +- cb_ptr->num_connections++; ++ conn->bundle = bundle; ++ bundle->num_connections++; + } + + /* Remove a connection from a bundle */ +-static int bundle_remove_conn(struct connectbundle *cb_ptr, ++static int bundle_remove_conn(struct connectbundle *bundle, + struct connectdata *conn) + { + struct curl_llist_element *curr; + +- curr = cb_ptr->conn_list.head; ++ curr = bundle->conn_list.head; + while(curr) { + if(curr->ptr == conn) { +- Curl_llist_remove(&cb_ptr->conn_list, curr, NULL); +- cb_ptr->num_connections--; ++ Curl_llist_remove(&bundle->conn_list, curr, NULL); ++ bundle->num_connections--; + conn->bundle = NULL; + return 1; /* we removed a handle */ + } +@@ -164,20 +162,15 @@ static void hashkey(struct connectdata *conn, char *buf, + msnprintf(buf, len, "%ld%s", port, hostname); + } + +-void Curl_conncache_unlock(struct Curl_easy *data) +-{ +- CONN_UNLOCK(data); +-} +- + /* Returns number of connections currently held in the connection cache. + Locks/unlocks the cache itself! + */ + size_t Curl_conncache_size(struct Curl_easy *data) + { + size_t num; +- CONN_LOCK(data); ++ CONNCACHE_LOCK(data); + num = data->state.conn_cache->num_conn; +- CONN_UNLOCK(data); ++ CONNCACHE_UNLOCK(data); + return num; + } + +@@ -187,9 +180,9 @@ size_t Curl_conncache_size(struct Curl_easy *data) + size_t Curl_conncache_bundle_size(struct connectdata *conn) + { + size_t num; +- CONN_LOCK(conn->data); ++ CONNCACHE_LOCK(conn->data); + num = conn->bundle->num_connections; +- CONN_UNLOCK(conn->data); ++ CONNCACHE_UNLOCK(conn->data); + return num; + } + +@@ -202,7 +195,7 @@ struct connectbundle *Curl_conncache_find_bundle(struct connectdata *conn, + const char **hostp) + { + struct connectbundle *bundle = NULL; +- CONN_LOCK(conn->data); ++ CONNCACHE_LOCK(conn->data); + if(connc) { + char key[HASHKEY_SIZE]; + hashkey(conn, key, sizeof(key), hostp); +@@ -249,8 +242,7 @@ CURLcode Curl_conncache_add_conn(struct conncache *connc, + struct connectdata *conn) + { + CURLcode result = CURLE_OK; +- struct connectbundle *bundle; +- struct connectbundle *new_bundle = NULL; ++ struct connectbundle *bundle = NULL; + struct Curl_easy *data = conn->data; + + /* *find_bundle() locks the connection cache */ +@@ -259,20 +251,19 @@ CURLcode Curl_conncache_add_conn(struct conncache *connc, + int rc; + char key[HASHKEY_SIZE]; + +- result = bundle_create(data, &new_bundle); ++ result = bundle_create(&bundle); + if(result) { + goto unlock; + } + + hashkey(conn, key, sizeof(key), NULL); +- rc = conncache_add_bundle(data->state.conn_cache, key, new_bundle); ++ rc = conncache_add_bundle(data->state.conn_cache, key, bundle); + + if(!rc) { +- bundle_destroy(new_bundle); ++ bundle_destroy(bundle); + result = CURLE_OUT_OF_MEMORY; + goto unlock; + } +- bundle = new_bundle; + } + + bundle_add_conn(bundle, conn); +@@ -284,15 +275,17 @@ CURLcode Curl_conncache_add_conn(struct conncache *connc, + conn->connection_id, connc->num_conn)); + + unlock: +- CONN_UNLOCK(data); ++ CONNCACHE_UNLOCK(data); + + return result; + } + + /* +- * Removes the connectdata object from the connection cache *and* clears the +- * ->data pointer association. Pass TRUE/FALSE in the 'lock' argument +- * depending on if the parent function already holds the lock or not. ++ * Removes the connectdata object from the connection cache, but does *not* ++ * clear the conn->data association. The transfer still owns this connection. ++ * ++ * Pass TRUE/FALSE in the 'lock' argument depending on if the parent function ++ * already holds the lock or not. + */ + void Curl_conncache_remove_conn(struct Curl_easy *data, + struct connectdata *conn, bool lock) +@@ -304,7 +297,7 @@ void Curl_conncache_remove_conn(struct Curl_easy *data, + due to a failed connection attempt, before being added to a bundle */ + if(bundle) { + if(lock) { +- CONN_LOCK(data); ++ CONNCACHE_LOCK(data); + } + bundle_remove_conn(bundle, conn); + if(bundle->num_connections == 0) +@@ -315,9 +308,8 @@ void Curl_conncache_remove_conn(struct Curl_easy *data, + DEBUGF(infof(data, "The cache now contains %zu members\n", + connc->num_conn)); + } +- conn->data = NULL; /* clear the association */ + if(lock) { +- CONN_UNLOCK(data); ++ CONNCACHE_UNLOCK(data); + } + } + } +@@ -346,7 +338,7 @@ bool Curl_conncache_foreach(struct Curl_easy *data, + if(!connc) + return FALSE; + +- CONN_LOCK(data); ++ CONNCACHE_LOCK(data); + Curl_hash_start_iterate(&connc->hash, &iter); + + he = Curl_hash_next_element(&iter); +@@ -364,12 +356,12 @@ bool Curl_conncache_foreach(struct Curl_easy *data, + curr = curr->next; + + if(1 == func(conn, param)) { +- CONN_UNLOCK(data); ++ CONNCACHE_UNLOCK(data); + return TRUE; + } + } + } +- CONN_UNLOCK(data); ++ CONNCACHE_UNLOCK(data); + return FALSE; + } + +@@ -508,7 +500,7 @@ Curl_conncache_extract_oldest(struct Curl_easy *data) + + now = Curl_now(); + +- CONN_LOCK(data); ++ CONNCACHE_LOCK(data); + Curl_hash_start_iterate(&connc->hash, &iter); + + he = Curl_hash_next_element(&iter); +@@ -544,7 +536,7 @@ Curl_conncache_extract_oldest(struct Curl_easy *data) + connc->num_conn)); + conn_candidate->data = data; /* associate! */ + } +- CONN_UNLOCK(data); ++ CONNCACHE_UNLOCK(data); + + return conn_candidate; + } +@@ -561,6 +553,7 @@ void Curl_conncache_close_all_connections(struct conncache *connc) + sigpipe_ignore(conn->data, &pipe_st); + /* This will remove the connection from the cache */ + connclose(conn, "kill all"); ++ Curl_conncache_remove_conn(conn->data, conn, TRUE); + (void)Curl_disconnect(connc->closure_handle, conn, FALSE); + sigpipe_restore(&pipe_st); + +diff --git a/lib/conncache.h b/lib/conncache.h +index e3e4c9c..3dda21c 100644 +--- a/lib/conncache.h ++++ b/lib/conncache.h +@@ -45,21 +45,21 @@ struct conncache { + #ifdef CURLDEBUG + /* the debug versions of these macros make extra certain that the lock is + never doubly locked or unlocked */ +-#define CONN_LOCK(x) if((x)->share) { \ ++#define CONNCACHE_LOCK(x) if((x)->share) { \ + Curl_share_lock((x), CURL_LOCK_DATA_CONNECT, CURL_LOCK_ACCESS_SINGLE); \ + DEBUGASSERT(!(x)->state.conncache_lock); \ + (x)->state.conncache_lock = TRUE; \ + } + +-#define CONN_UNLOCK(x) if((x)->share) { \ ++#define CONNCACHE_UNLOCK(x) if((x)->share) { \ + DEBUGASSERT((x)->state.conncache_lock); \ + (x)->state.conncache_lock = FALSE; \ + Curl_share_unlock((x), CURL_LOCK_DATA_CONNECT); \ + } + #else +-#define CONN_LOCK(x) if((x)->share) \ ++#define CONNCACHE_LOCK(x) if((x)->share) \ + Curl_share_lock((x), CURL_LOCK_DATA_CONNECT, CURL_LOCK_ACCESS_SINGLE) +-#define CONN_UNLOCK(x) if((x)->share) \ ++#define CONNCACHE_UNLOCK(x) if((x)->share) \ + Curl_share_unlock((x), CURL_LOCK_DATA_CONNECT) + #endif + +@@ -77,7 +77,6 @@ void Curl_conncache_destroy(struct conncache *connc); + struct connectbundle *Curl_conncache_find_bundle(struct connectdata *conn, + struct conncache *connc, + const char **hostp); +-void Curl_conncache_unlock(struct Curl_easy *data); + /* returns number of connections currently held in the connection cache */ + size_t Curl_conncache_size(struct Curl_easy *data); + size_t Curl_conncache_bundle_size(struct connectdata *conn); +diff --git a/lib/hostip.c b/lib/hostip.c +index c0feb79..f5bb634 100644 +--- a/lib/hostip.c ++++ b/lib/hostip.c +@@ -1059,10 +1059,12 @@ CURLcode Curl_once_resolved(struct connectdata *conn, + + result = Curl_setup_conn(conn, protocol_done); + +- if(result) +- /* We're not allowed to return failure with memory left allocated +- in the connectdata struct, free those here */ +- Curl_disconnect(conn->data, conn, TRUE); /* close the connection */ +- ++ if(result) { ++ struct Curl_easy *data = conn->data; ++ DEBUGASSERT(data); ++ Curl_detach_connnection(data); ++ Curl_conncache_remove_conn(data, conn, TRUE); ++ Curl_disconnect(data, conn, TRUE); ++ } + return result; + } +diff --git a/lib/http_negotiate.h b/lib/http_negotiate.h +index 4f0ac16..a737f6f 100644 +--- a/lib/http_negotiate.h ++++ b/lib/http_negotiate.h +@@ -7,7 +7,7 @@ + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * +- * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. ++ * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms +@@ -33,6 +33,8 @@ CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy); + + void Curl_http_auth_cleanup_negotiate(struct connectdata *conn); + +-#endif /* !CURL_DISABLE_HTTP && USE_SPNEGO */ ++#else /* !CURL_DISABLE_HTTP && USE_SPNEGO */ ++#define Curl_http_auth_cleanup_negotiate(x) ++#endif + + #endif /* HEADER_CURL_HTTP_NEGOTIATE_H */ +diff --git a/lib/http_ntlm.h b/lib/http_ntlm.h +index 003714d..3ebdf97 100644 +--- a/lib/http_ntlm.h ++++ b/lib/http_ntlm.h +@@ -7,7 +7,7 @@ + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * +- * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. ++ * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms +@@ -35,6 +35,8 @@ CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy); + + void Curl_http_auth_cleanup_ntlm(struct connectdata *conn); + +-#endif /* !CURL_DISABLE_HTTP && USE_NTLM */ ++#else /* !CURL_DISABLE_HTTP && USE_NTLM */ ++#define Curl_http_auth_cleanup_ntlm(x) ++#endif + + #endif /* HEADER_CURL_HTTP_NTLM_H */ +diff --git a/lib/multi.c b/lib/multi.c +index e10e752..273653d 100644 +--- a/lib/multi.c ++++ b/lib/multi.c +@@ -77,7 +77,6 @@ static CURLMcode add_next_timeout(struct curltime now, + static CURLMcode multi_timeout(struct Curl_multi *multi, + long *timeout_ms); + static void process_pending_handles(struct Curl_multi *multi); +-static void detach_connnection(struct Curl_easy *data); + + #ifdef DEBUGBUILD + static const char * const statename[]={ +@@ -110,7 +109,7 @@ static void Curl_init_completed(struct Curl_easy *data) + + /* Important: reset the conn pointer so that we don't point to memory + that could be freed anytime */ +- detach_connnection(data); ++ Curl_detach_connnection(data); + Curl_expire_clear(data); /* stop all timers */ + } + +@@ -486,6 +485,7 @@ CURLMcode curl_multi_add_handle(struct Curl_multi *multi, + easy handle is added */ + memset(&multi->timer_lastcall, 0, sizeof(multi->timer_lastcall)); + ++ CONNCACHE_LOCK(data); + /* The closure handle only ever has default timeouts set. To improve the + state somewhat we clone the timeouts from each added handle so that the + closure handle always has the same timeouts as the most recently added +@@ -495,6 +495,7 @@ CURLMcode curl_multi_add_handle(struct Curl_multi *multi, + data->set.server_response_timeout; + data->state.conn_cache->closure_handle->set.no_signal = + data->set.no_signal; ++ CONNCACHE_UNLOCK(data); + + Curl_update_timer(multi); + return CURLM_OK; +@@ -569,11 +570,11 @@ static CURLcode multi_done(struct Curl_easy *data, + + process_pending_handles(data->multi); /* connection / multiplex */ + +- CONN_LOCK(data); +- detach_connnection(data); ++ CONNCACHE_LOCK(data); ++ Curl_detach_connnection(data); + if(CONN_INUSE(conn)) { + /* Stop if still used. */ +- CONN_UNLOCK(data); ++ CONNCACHE_UNLOCK(data); + DEBUGF(infof(data, "Connection still in use %zu, " + "no more multi_done now!\n", + conn->easyq.size)); +@@ -624,7 +625,8 @@ static CURLcode multi_done(struct Curl_easy *data, + || (premature && !(conn->handler->flags & PROTOPT_STREAM))) { + CURLcode res2; + conn->bits.close = TRUE; /* forcibly prevents reuse */ +- CONN_UNLOCK(data); ++ Curl_conncache_remove_conn(data, conn, FALSE); ++ CONNCACHE_UNLOCK(data); + res2 = Curl_disconnect(data, conn, premature); + + /* If we had an error already, make sure we return that one. But +@@ -643,7 +645,7 @@ static CURLcode multi_done(struct Curl_easy *data, + conn->bits.conn_to_host ? conn->conn_to_host.dispname : + conn->host.dispname); + /* the connection is no longer in use by this transfer */ +- CONN_UNLOCK(data); ++ CONNCACHE_UNLOCK(data); + if(Curl_conncache_return_conn(data, conn)) { + /* remember the most recently used connection */ + data->state.lastconnect = conn; +@@ -751,8 +753,7 @@ CURLMcode curl_multi_remove_handle(struct Curl_multi *multi, + vanish with this handle */ + + /* Remove the association between the connection and the handle */ +- if(data->conn) +- detach_connnection(data); ++ Curl_detach_connnection(data); + + #ifdef USE_LIBPSL + /* Remove the PSL association. */ +@@ -801,9 +802,13 @@ bool Curl_multiplex_wanted(const struct Curl_multi *multi) + return (multi && (multi->multiplexing)); + } + +-/* This is the only function that should clear data->conn. This will +- occasionally be called with the pointer already cleared. */ +-static void detach_connnection(struct Curl_easy *data) ++/* ++ * Curl_detach_connnection() removes the given transfer from the connection. ++ * ++ * This is the only function that should clear data->conn. This will ++ * occasionally be called with the data->conn pointer already cleared. ++ */ ++void Curl_detach_connnection(struct Curl_easy *data) + { + struct connectdata *conn = data->conn; + if(conn) +@@ -811,7 +816,11 @@ static void detach_connnection(struct Curl_easy *data) + data->conn = NULL; + } + +-/* This is the only function that should assign data->conn */ ++/* ++ * Curl_attach_connnection() attaches this transfer to this connection. ++ * ++ * This is the only function that should assign data->conn ++ */ + void Curl_attach_connnection(struct Curl_easy *data, + struct connectdata *conn) + { +@@ -1414,19 +1423,6 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, + bool stream_error = FALSE; + rc = CURLM_OK; + +- DEBUGASSERT((data->mstate <= CURLM_STATE_CONNECT) || +- (data->mstate >= CURLM_STATE_DONE) || +- data->conn); +- if(!data->conn && +- data->mstate > CURLM_STATE_CONNECT && +- data->mstate < CURLM_STATE_DONE) { +- /* In all these states, the code will blindly access 'data->conn' +- so this is precaution that it isn't NULL. And it silences static +- analyzers. */ +- failf(data, "In state %d with no conn, bail out!\n", data->mstate); +- return CURLM_INTERNAL_ERROR; +- } +- + if(multi_ischanged(multi, TRUE)) { + DEBUGF(infof(data, "multi changed, check CONNECT_PEND queue!\n")); + process_pending_handles(multi); /* multiplexed */ +@@ -2104,8 +2100,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, + * access free'd data, if the connection is free'd and the handle + * removed before we perform the processing in CURLM_STATE_COMPLETED + */ +- if(data->conn) +- detach_connnection(data); ++ Curl_detach_connnection(data); + } + + #ifndef CURL_DISABLE_FTP +@@ -2157,7 +2152,10 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, + /* This is where we make sure that the conn pointer is reset. + We don't have to do this in every case block above where a + failure is detected */ +- detach_connnection(data); ++ Curl_detach_connnection(data); ++ ++ /* remove connection from cache */ ++ Curl_conncache_remove_conn(data, conn, TRUE); + + /* disconnect properly */ + Curl_disconnect(data, conn, dead_connection); +diff --git a/lib/multiif.h b/lib/multiif.h +index bde755e..c07587b 100644 +--- a/lib/multiif.h ++++ b/lib/multiif.h +@@ -33,6 +33,7 @@ void Curl_expire_done(struct Curl_easy *data, expire_id id); + void Curl_update_timer(struct Curl_multi *multi); + void Curl_attach_connnection(struct Curl_easy *data, + struct connectdata *conn); ++void Curl_detach_connnection(struct Curl_easy *data); + bool Curl_multiplex_wanted(const struct Curl_multi *multi); + void Curl_set_in_callback(struct Curl_easy *data, bool value); + bool Curl_is_in_callback(struct Curl_easy *easy); +diff --git a/lib/url.c b/lib/url.c +index a826f8a..4ed0623 100644 +--- a/lib/url.c ++++ b/lib/url.c +@@ -672,9 +672,7 @@ static void conn_reset_all_postponed_data(struct connectdata *conn) + + static void conn_shutdown(struct connectdata *conn) + { +- if(!conn) +- return; +- ++ DEBUGASSERT(conn); + infof(conn->data, "Closing connection %ld\n", conn->connection_id); + DEBUGASSERT(conn->data); + +@@ -695,16 +693,11 @@ static void conn_shutdown(struct connectdata *conn) + Curl_closesocket(conn, conn->tempsock[0]); + if(CURL_SOCKET_BAD != conn->tempsock[1]) + Curl_closesocket(conn, conn->tempsock[1]); +- +- /* unlink ourselves. this should be called last since other shutdown +- procedures need a valid conn->data and this may clear it. */ +- Curl_conncache_remove_conn(conn->data, conn, TRUE); + } + + static void conn_free(struct connectdata *conn) + { +- if(!conn) +- return; ++ DEBUGASSERT(conn); + + free_idnconverted_hostname(&conn->host); + free_idnconverted_hostname(&conn->conn_to_host); +@@ -772,13 +765,17 @@ static void conn_free(struct connectdata *conn) + CURLcode Curl_disconnect(struct Curl_easy *data, + struct connectdata *conn, bool dead_connection) + { +- if(!conn) +- return CURLE_OK; /* this is closed and fine already */ ++ /* there must be a connection to close */ ++ DEBUGASSERT(conn); + +- if(!data) { +- DEBUGF(infof(data, "DISCONNECT without easy handle, ignoring\n")); +- return CURLE_OK; +- } ++ /* it must be removed from the connection cache */ ++ DEBUGASSERT(!conn->bundle); ++ ++ /* there must be an associated transfer */ ++ DEBUGASSERT(data); ++ ++ /* the transfer must be detached from the connection */ ++ DEBUGASSERT(!data->conn); + + /* + * If this connection isn't marked to force-close, leave it open if there +@@ -794,16 +791,11 @@ CURLcode Curl_disconnect(struct Curl_easy *data, + conn->dns_entry = NULL; + } + +- Curl_hostcache_prune(data); /* kill old DNS cache entries */ +- +-#if !defined(CURL_DISABLE_HTTP) && defined(USE_NTLM) + /* Cleanup NTLM connection-related data */ + Curl_http_auth_cleanup_ntlm(conn); +-#endif +-#if !defined(CURL_DISABLE_HTTP) && defined(USE_SPNEGO) ++ + /* Cleanup NEGOTIATE connection-related data */ + Curl_http_auth_cleanup_negotiate(conn); +-#endif + + /* the protocol specific disconnect handler and conn_shutdown need a transfer + for the connection! */ +@@ -972,8 +964,12 @@ static int call_extract_if_dead(struct connectdata *conn, void *param) + static void prune_dead_connections(struct Curl_easy *data) + { + struct curltime now = Curl_now(); +- timediff_t elapsed = ++ timediff_t elapsed; ++ ++ CONNCACHE_LOCK(data); ++ elapsed = + Curl_timediff(now, data->state.conn_cache->last_cleanup); ++ CONNCACHE_UNLOCK(data); + + if(elapsed >= 1000L) { + struct prunedead prune; +@@ -981,10 +977,17 @@ static void prune_dead_connections(struct Curl_easy *data) + prune.extracted = NULL; + while(Curl_conncache_foreach(data, data->state.conn_cache, &prune, + call_extract_if_dead)) { ++ /* unlocked */ ++ ++ /* remove connection from cache */ ++ Curl_conncache_remove_conn(data, prune.extracted, TRUE); ++ + /* disconnect it */ + (void)Curl_disconnect(data, prune.extracted, /* dead_connection */TRUE); + } ++ CONNCACHE_LOCK(data); + data->state.conn_cache->last_cleanup = now; ++ CONNCACHE_UNLOCK(data); + } + } + +@@ -1044,7 +1047,7 @@ ConnectionExists(struct Curl_easy *data, + if((bundle->multiuse == BUNDLE_UNKNOWN) && data->set.pipewait) { + infof(data, "Server doesn't support multiplex yet, wait\n"); + *waitpipe = TRUE; +- Curl_conncache_unlock(data); ++ CONNCACHE_UNLOCK(data); + return FALSE; /* no re-use */ + } + +@@ -1352,11 +1355,12 @@ ConnectionExists(struct Curl_easy *data, + if(chosen) { + /* mark it as used before releasing the lock */ + chosen->data = data; /* own it! */ +- Curl_conncache_unlock(data); ++ Curl_attach_connnection(data, chosen); ++ CONNCACHE_UNLOCK(data); + *usethis = chosen; + return TRUE; /* yes, we found one to use! */ + } +- Curl_conncache_unlock(data); ++ CONNCACHE_UNLOCK(data); + + if(foundPendingCandidate && data->set.pipewait) { + infof(data, +@@ -3466,6 +3470,7 @@ static CURLcode create_conn(struct Curl_easy *data, + if(!result) { + conn->bits.tcpconnect[FIRSTSOCKET] = TRUE; /* we are "connected */ + ++ Curl_attach_connnection(data, conn); + result = Curl_conncache_add_conn(data->state.conn_cache, conn); + if(result) + goto out; +@@ -3480,7 +3485,6 @@ static CURLcode create_conn(struct Curl_easy *data, + (void)conn->handler->done(conn, result, FALSE); + goto out; + } +- Curl_attach_connnection(data, conn); + Curl_setup_transfer(data, -1, -1, FALSE, -1); + } + +@@ -3644,7 +3648,7 @@ static CURLcode create_conn(struct Curl_easy *data, + + /* The bundle is full. Extract the oldest connection. */ + conn_candidate = Curl_conncache_extract_bundle(data, bundle); +- Curl_conncache_unlock(data); ++ CONNCACHE_UNLOCK(data); + + if(conn_candidate) + (void)Curl_disconnect(data, conn_candidate, +@@ -3656,7 +3660,7 @@ static CURLcode create_conn(struct Curl_easy *data, + } + } + else +- Curl_conncache_unlock(data); ++ CONNCACHE_UNLOCK(data); + + } + +@@ -3690,6 +3694,8 @@ static CURLcode create_conn(struct Curl_easy *data, + * This is a brand new connection, so let's store it in the connection + * cache of ours! + */ ++ Curl_attach_connnection(data, conn); ++ + result = Curl_conncache_add_conn(data->state.conn_cache, conn); + if(result) + goto out; +@@ -3842,7 +3848,7 @@ CURLcode Curl_connect(struct Curl_easy *data, + result = create_conn(data, &conn, asyncp); + + if(!result) { +- if(CONN_INUSE(conn)) ++ if(CONN_INUSE(conn) > 1) + /* multiplexed */ + *protocol_done = TRUE; + else if(!*asyncp) { +@@ -3859,11 +3865,10 @@ CURLcode Curl_connect(struct Curl_easy *data, + else if(result && conn) { + /* We're not allowed to return failure with memory left allocated in the + connectdata struct, free those here */ ++ Curl_detach_connnection(data); ++ Curl_conncache_remove_conn(data, conn, TRUE); + Curl_disconnect(data, conn, TRUE); + } +- else if(!result && !data->conn) +- /* FILE: transfers already have the connection attached */ +- Curl_attach_connnection(data, conn); + + return result; + } +diff --git a/tests/data/test1554 b/tests/data/test1554 +index 06f1897..d3926d9 100644 +--- a/tests/data/test1554 ++++ b/tests/data/test1554 +@@ -29,6 +29,12 @@ run 1: foobar and so on fun! + <- Mutex unlock + -> Mutex lock + <- Mutex unlock ++-> Mutex lock ++<- Mutex unlock ++-> Mutex lock ++<- Mutex unlock ++-> Mutex lock ++<- Mutex unlock + run 1: foobar and so on fun! + -> Mutex lock + <- Mutex unlock +@@ -40,6 +46,12 @@ run 1: foobar and so on fun! + <- Mutex unlock + -> Mutex lock + <- Mutex unlock ++-> Mutex lock ++<- Mutex unlock ++-> Mutex lock ++<- Mutex unlock ++-> Mutex lock ++<- Mutex unlock + run 1: foobar and so on fun! + -> Mutex lock + <- Mutex unlock +@@ -51,6 +63,12 @@ run 1: foobar and so on fun! + <- Mutex unlock + -> Mutex lock + <- Mutex unlock ++-> Mutex lock ++<- Mutex unlock ++-> Mutex lock ++<- Mutex unlock ++-> Mutex lock ++<- Mutex unlock + run 1: foobar and so on fun! + -> Mutex lock + <- Mutex unlock +diff --git a/tests/unit/unit1620.c b/tests/unit/unit1620.c +index 6e572c6..b23e5b9 100644 +--- a/tests/unit/unit1620.c ++++ b/tests/unit/unit1620.c +@@ -71,10 +71,6 @@ UNITTEST_START + fail_unless(rc == CURLE_OK, + "Curl_parse_login_details() failed"); + +- rc = Curl_disconnect(empty, empty->conn, FALSE); +- fail_unless(rc == CURLE_OK, +- "Curl_disconnect() with dead_connection set FALSE failed"); +- + Curl_freeset(empty); + for(i = (enum dupstring)0; i < STRING_LAST; i++) { + fail_unless(empty->set.str[i] == NULL, +-- +2.25.4 + + +From 6830828c9eecd9ab14404f2f49f19b56dec62130 Mon Sep 17 00:00:00 2001 +From: Marc Aldorasi +Date: Thu, 30 Jul 2020 14:16:17 -0400 +Subject: [PATCH 3/4] multi_remove_handle: close unused connect-only + connections + +Previously any connect-only connections in a multi handle would be kept +alive until the multi handle was closed. Since these connections cannot +be re-used, they can be marked for closure when the associated easy +handle is removed from the multi handle. + +Closes #5749 + +Upstream-commit: d5bb459ccf1fc5980ae4b95c05b4ecf6454a7599 +Signed-off-by: Kamil Dudka +--- + lib/multi.c | 34 ++++++++++++++++++++++++++++++---- + tests/data/test1554 | 6 ++++++ + 2 files changed, 36 insertions(+), 4 deletions(-) + +diff --git a/lib/multi.c b/lib/multi.c +index 249e360..f1371bd 100644 +--- a/lib/multi.c ++++ b/lib/multi.c +@@ -659,6 +659,26 @@ static CURLcode multi_done(struct Curl_easy *data, + return result; + } + ++static int close_connect_only(struct connectdata *conn, void *param) ++{ ++ struct Curl_easy *data = param; ++ ++ if(data->state.lastconnect != conn) ++ return 0; ++ ++ if(conn->data != data) ++ return 1; ++ conn->data = NULL; ++ ++ if(!conn->bits.connect_only) ++ return 1; ++ ++ connclose(conn, "Removing connect-only easy handle"); ++ conn->bits.connect_only = FALSE; ++ ++ return 1; ++} ++ + CURLMcode curl_multi_remove_handle(struct Curl_multi *multi, + struct Curl_easy *data) + { +@@ -742,10 +762,6 @@ CURLMcode curl_multi_remove_handle(struct Curl_multi *multi, + multi_done() as that may actually call Curl_expire that uses this */ + Curl_llist_destroy(&data->state.timeoutlist, NULL); + +- /* as this was using a shared connection cache we clear the pointer to that +- since we're not part of that multi handle anymore */ +- data->state.conn_cache = NULL; +- + /* change state without using multistate(), only to make singlesocket() do + what we want */ + data->mstate = CURLM_STATE_COMPLETED; +@@ -755,12 +771,22 @@ CURLMcode curl_multi_remove_handle(struct Curl_multi *multi, + /* Remove the association between the connection and the handle */ + Curl_detach_connnection(data); + ++ if(data->state.lastconnect) { ++ /* Mark any connect-only connection for closure */ ++ Curl_conncache_foreach(data, data->state.conn_cache, ++ data, &close_connect_only); ++ } ++ + #ifdef USE_LIBPSL + /* Remove the PSL association. */ + if(data->psl == &multi->psl) + data->psl = NULL; + #endif + ++ /* as this was using a shared connection cache we clear the pointer to that ++ since we're not part of that multi handle anymore */ ++ data->state.conn_cache = NULL; ++ + data->multi = NULL; /* clear the association to this multi handle */ + + /* make sure there's no pending message in the queue sent from this easy +diff --git a/tests/data/test1554 b/tests/data/test1554 +index d3926d9..fffa6ad 100644 +--- a/tests/data/test1554 ++++ b/tests/data/test1554 +@@ -52,6 +52,8 @@ run 1: foobar and so on fun! + <- Mutex unlock + -> Mutex lock + <- Mutex unlock ++-> Mutex lock ++<- Mutex unlock + run 1: foobar and so on fun! + -> Mutex lock + <- Mutex unlock +@@ -69,6 +71,8 @@ run 1: foobar and so on fun! + <- Mutex unlock + -> Mutex lock + <- Mutex unlock ++-> Mutex lock ++<- Mutex unlock + run 1: foobar and so on fun! + -> Mutex lock + <- Mutex unlock +@@ -78,6 +82,8 @@ run 1: foobar and so on fun! + <- Mutex unlock + -> Mutex lock + <- Mutex unlock ++-> Mutex lock ++<- Mutex unlock + + + +-- +2.25.4 + + +From 01148ee40dd913a169435b0f9ea90e6393821e70 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Sun, 16 Aug 2020 11:34:35 +0200 +Subject: [PATCH 4/4] Curl_easy: remember last connection by id, not by pointer + +CVE-2020-8231 + +Bug: https://curl.haxx.se/docs/CVE-2020-8231.html + +Reported-by: Marc Aldorasi +Closes #5824 + +Upstream-commit: 3c9e021f86872baae412a427e807fbfa2f3e8a22 +Signed-off-by: Kamil Dudka +--- + lib/connect.c | 19 ++++++++++--------- + lib/easy.c | 3 +-- + lib/multi.c | 9 +++++---- + lib/url.c | 2 +- + lib/urldata.h | 2 +- + 5 files changed, 18 insertions(+), 17 deletions(-) + +diff --git a/lib/connect.c b/lib/connect.c +index 29293f0..e1c5662 100644 +--- a/lib/connect.c ++++ b/lib/connect.c +@@ -1328,15 +1328,15 @@ CURLcode Curl_connecthost(struct connectdata *conn, /* context */ + } + + struct connfind { +- struct connectdata *tofind; +- bool found; ++ long id_tofind; ++ struct connectdata *found; + }; + + static int conn_is_conn(struct connectdata *conn, void *param) + { + struct connfind *f = (struct connfind *)param; +- if(conn == f->tofind) { +- f->found = TRUE; ++ if(conn->connection_id == f->id_tofind) { ++ f->found = conn; + return 1; + } + return 0; +@@ -1358,21 +1358,22 @@ curl_socket_t Curl_getconnectinfo(struct Curl_easy *data, + * - that is associated with a multi handle, and whose connection + * was detached with CURLOPT_CONNECT_ONLY + */ +- if(data->state.lastconnect && (data->multi_easy || data->multi)) { +- struct connectdata *c = data->state.lastconnect; ++ if((data->state.lastconnect_id != -1) && (data->multi_easy || data->multi)) { ++ struct connectdata *c; + struct connfind find; +- find.tofind = data->state.lastconnect; +- find.found = FALSE; ++ find.id_tofind = data->state.lastconnect_id; ++ find.found = NULL; + + Curl_conncache_foreach(data, data->multi_easy? + &data->multi_easy->conn_cache: + &data->multi->conn_cache, &find, conn_is_conn); + + if(!find.found) { +- data->state.lastconnect = NULL; ++ data->state.lastconnect_id = -1; + return CURL_SOCKET_BAD; + } + ++ c = find.found; + if(connp) { + /* only store this if the caller cares for it */ + *connp = c; +diff --git a/lib/easy.c b/lib/easy.c +index 292cca7..a69eb9e 100644 +--- a/lib/easy.c ++++ b/lib/easy.c +@@ -828,8 +828,7 @@ struct Curl_easy *curl_easy_duphandle(struct Curl_easy *data) + + /* the connection cache is setup on demand */ + outcurl->state.conn_cache = NULL; +- +- outcurl->state.lastconnect = NULL; ++ outcurl->state.lastconnect_id = -1; + + outcurl->progress.flags = data->progress.flags; + outcurl->progress.callback = data->progress.callback; +diff --git a/lib/multi.c b/lib/multi.c +index f1371bd..778c537 100644 +--- a/lib/multi.c ++++ b/lib/multi.c +@@ -433,6 +433,7 @@ CURLMcode curl_multi_add_handle(struct Curl_multi *multi, + data->state.conn_cache = &data->share->conn_cache; + else + data->state.conn_cache = &multi->conn_cache; ++ data->state.lastconnect_id = -1; + + #ifdef USE_LIBPSL + /* Do the same for PSL. */ +@@ -648,11 +649,11 @@ static CURLcode multi_done(struct Curl_easy *data, + CONNCACHE_UNLOCK(data); + if(Curl_conncache_return_conn(data, conn)) { + /* remember the most recently used connection */ +- data->state.lastconnect = conn; ++ data->state.lastconnect_id = conn->connection_id; + infof(data, "%s\n", buffer); + } + else +- data->state.lastconnect = NULL; ++ data->state.lastconnect_id = -1; + } + + Curl_free_request_state(data); +@@ -663,7 +664,7 @@ static int close_connect_only(struct connectdata *conn, void *param) + { + struct Curl_easy *data = param; + +- if(data->state.lastconnect != conn) ++ if(data->state.lastconnect_id != conn->connection_id) + return 0; + + if(conn->data != data) +@@ -771,7 +772,7 @@ CURLMcode curl_multi_remove_handle(struct Curl_multi *multi, + /* Remove the association between the connection and the handle */ + Curl_detach_connnection(data); + +- if(data->state.lastconnect) { ++ if(data->state.lastconnect_id != -1) { + /* Mark any connect-only connection for closure */ + Curl_conncache_foreach(data, data->state.conn_cache, + data, &close_connect_only); +diff --git a/lib/url.c b/lib/url.c +index a1a6b69..2919a3d 100644 +--- a/lib/url.c ++++ b/lib/url.c +@@ -608,7 +608,7 @@ CURLcode Curl_open(struct Curl_easy **curl) + Curl_initinfo(data); + + /* most recent connection is not yet defined */ +- data->state.lastconnect = NULL; ++ data->state.lastconnect_id = -1; + + data->progress.flags |= PGRS_HIDE; + data->state.current_speed = -1; /* init to negative == impossible */ +diff --git a/lib/urldata.h b/lib/urldata.h +index f80a02d..6d8eb69 100644 +--- a/lib/urldata.h ++++ b/lib/urldata.h +@@ -1274,7 +1274,7 @@ struct UrlState { + /* buffers to store authentication data in, as parsed from input options */ + struct curltime keeps_speed; /* for the progress meter really */ + +- struct connectdata *lastconnect; /* The last connection, NULL if undefined */ ++ long lastconnect_id; /* The last connection, -1 if undefined */ + + char *headerbuff; /* allocated buffer to store headers in */ + size_t headersize; /* size of the allocation */ +-- +2.25.4 + diff --git a/0101-curl-7.32.0-multilib.patch b/0101-curl-7.32.0-multilib.patch index f7f66e6..613106d 100644 --- a/0101-curl-7.32.0-multilib.patch +++ b/0101-curl-7.32.0-multilib.patch @@ -1,92 +1,89 @@ -From 6bb4e674cdc953f5c0048aa84172539900725166 Mon Sep 17 00:00:00 2001 -From: Jan Macku -Date: Tue, 16 Dec 2025 10:04:40 +0100 +From 2a4754a3a7cf60ecc36d83cbe50b8c337cb87632 Mon Sep 17 00:00:00 2001 +From: Kamil Dudka +Date: Fri, 12 Apr 2013 12:04:05 +0200 Subject: [PATCH] prevent multilib conflicts on the curl-config script --- - curl-config.in | 23 +++++------------------ - docs/curl-config.md | 4 +++- - libcurl.pc.in | 1 + - 3 files changed, 9 insertions(+), 19 deletions(-) + curl-config.in | 21 +++------------------ + docs/curl-config.1 | 4 +++- + libcurl.pc.in | 1 + + 3 files changed, 7 insertions(+), 19 deletions(-) diff --git a/curl-config.in b/curl-config.in -index a1c8185875..bb43ca8335 100644 +index 150004d..95d0759 100644 --- a/curl-config.in +++ b/curl-config.in -@@ -74,7 +74,7 @@ while test "$#" -gt 0; do - ;; +@@ -76,7 +76,7 @@ while test $# -gt 0; do + ;; - --cc) -- echo '@CC@' -+ echo 'gcc' - ;; + --cc) +- echo "@CC@" ++ echo "gcc" + ;; - --prefix) -@@ -149,16 +149,7 @@ while test "$#" -gt 0; do - ;; + --prefix) +@@ -155,32 +155,17 @@ while test $# -gt 0; do + ;; - --libs) -- if test "@libdir@" != '/usr/lib' && test "@libdir@" != '/usr/lib64'; then -- curllibdir="-L@libdir@ " -- else -- curllibdir='' -- fi -- if test '@ENABLE_SHARED@' = 'no'; then -- echo "${curllibdir}-lcurl @LIBCURL_PC_LIBS_PRIVATE@" -- else -- echo "${curllibdir}-lcurl" -- fi -+ echo '-lcurl' - ;; + --libs) +- if test "X@libdir@" != "X/usr/lib" -a "X@libdir@" != "X/usr/lib64"; then +- CURLLIBDIR="-L@libdir@ " +- else +- CURLLIBDIR="" +- fi +- if test "X@REQUIRE_LIB_DEPS@" = "Xyes"; then +- echo ${CURLLIBDIR}-lcurl @LIBCURL_LIBS@ +- else +- echo ${CURLLIBDIR}-lcurl +- fi ++ echo -lcurl + ;; + --ssl-backends) + echo "@SSL_BACKENDS@" + ;; - --ssl-backends) -@@ -166,16 +157,12 @@ while test "$#" -gt 0; do - ;; + --static-libs) +- if test "X@ENABLE_STATIC@" != "Xno" ; then +- echo @libdir@/libcurl.@libext@ @LDFLAGS@ @LIBCURL_LIBS@ +- else +- echo "curl was built with static libraries disabled" >&2 +- exit 1 +- fi + ;; - --static-libs) -- if test '@ENABLE_STATIC@' != 'no'; then -- echo "@libdir@/libcurl.@libext@ @LIBCURL_PC_LDFLAGS_PRIVATE@ @LIBCURL_PC_LIBS_PRIVATE@" -- else -- echo 'curl was built with static libraries disabled' >&2 -- exit 1 -- fi -+ echo 'curl was built with static libraries disabled' >&2 -+ exit 1 - ;; + --configure) +- echo @CONFIGURE_OPTIONS@ ++ pkg-config libcurl --variable=configure_options | sed 's/^"//;s/"$//' + ;; - --configure) -- echo @CONFIGURE_OPTIONS@ -+ pkg-config libcurl --variable=configure_options | sed 's/^"//;s/"$//' - ;; - - *) -diff --git a/docs/curl-config.md b/docs/curl-config.md -index 12ad245b79..fa0e03d273 100644 ---- a/docs/curl-config.md -+++ b/docs/curl-config.md -@@ -87,7 +87,9 @@ no, one or several names. If more than one name, they appear comma-separated. - ## `--static-libs` - - Shows the complete set of libs and other linker options you need in order to --link your application with libcurl statically. (Added in 7.17.1) -+link your application with libcurl statically. Note that Fedora/RHEL libcurl + *) +diff --git a/docs/curl-config.1 b/docs/curl-config.1 +index 14a9d2b..ffcc004 100644 +--- a/docs/curl-config.1 ++++ b/docs/curl-config.1 +@@ -70,7 +70,9 @@ no, one or several names. If more than one name, they will appear + comma-separated. (Added in 7.58.0) + .IP "--static-libs" + Shows the complete set of libs and other linker options you will need in order +-to link your application with libcurl statically. (Added in 7.17.1) ++to link your application with libcurl statically. Note that Fedora/RHEL libcurl +packages do not provide any static libraries, thus cannot be linked statically. +(Added in 7.17.1) - - ## `--version` - + .IP "--version" + Outputs version information about the installed libcurl. + .IP "--vernum" diff --git a/libcurl.pc.in b/libcurl.pc.in -index c0ba5244a8..f3645e1748 100644 +index 2ba9c39..f8f8b00 100644 --- a/libcurl.pc.in +++ b/libcurl.pc.in -@@ -28,6 +28,7 @@ libdir=@libdir@ +@@ -29,6 +29,7 @@ libdir=@libdir@ includedir=@includedir@ supported_protocols="@SUPPORT_PROTOCOLS@" supported_features="@SUPPORT_FEATURES@" +configure_options=@CONFIGURE_OPTIONS@ Name: libcurl - URL: https://curl.se/ + URL: https://curl.haxx.se/ -- -2.52.0 +2.5.0 diff --git a/0102-curl-7.36.0-debug.patch b/0102-curl-7.36.0-debug.patch new file mode 100644 index 0000000..affe9f0 --- /dev/null +++ b/0102-curl-7.36.0-debug.patch @@ -0,0 +1,65 @@ +From 6710648c2b270c9ce68a7d9f1bba1222c7be8b58 Mon Sep 17 00:00:00 2001 +From: Kamil Dudka +Date: Wed, 31 Oct 2012 11:38:30 +0100 +Subject: [PATCH] prevent configure script from discarding -g in CFLAGS (#496778) + +--- + configure | 13 +++---------- + m4/curl-compilers.m4 | 13 +++---------- + 2 files changed, 6 insertions(+), 20 deletions(-) + +diff --git a/configure b/configure +index 8f079a3..53b4774 100755 +--- a/configure ++++ b/configure +@@ -16301,18 +16301,11 @@ $as_echo "yes" >&6; } + gccvhi=`echo $gccver | cut -d . -f1` + gccvlo=`echo $gccver | cut -d . -f2` + compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null` +- flags_dbg_all="-g -g0 -g1 -g2 -g3" +- flags_dbg_all="$flags_dbg_all -ggdb" +- flags_dbg_all="$flags_dbg_all -gstabs" +- flags_dbg_all="$flags_dbg_all -gstabs+" +- flags_dbg_all="$flags_dbg_all -gcoff" +- flags_dbg_all="$flags_dbg_all -gxcoff" +- flags_dbg_all="$flags_dbg_all -gdwarf-2" +- flags_dbg_all="$flags_dbg_all -gvms" ++ flags_dbg_all="" + flags_dbg_yes="-g" + flags_dbg_off="" +- flags_opt_all="-O -O0 -O1 -O2 -O3 -Os -Og -Ofast" +- flags_opt_yes="-O2" ++ flags_opt_all="" ++ flags_opt_yes="" + flags_opt_off="-O0" + + OLDCPPFLAGS=$CPPFLAGS +diff --git a/m4/curl-compilers.m4 b/m4/curl-compilers.m4 +index 0cbba7a..9175b5b 100644 +--- a/m4/curl-compilers.m4 ++++ b/m4/curl-compilers.m4 +@@ -166,18 +166,11 @@ AC_DEFUN([CURL_CHECK_COMPILER_GNU_C], [ + gccvhi=`echo $gccver | cut -d . -f1` + gccvlo=`echo $gccver | cut -d . -f2` + compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null` +- flags_dbg_all="-g -g0 -g1 -g2 -g3" +- flags_dbg_all="$flags_dbg_all -ggdb" +- flags_dbg_all="$flags_dbg_all -gstabs" +- flags_dbg_all="$flags_dbg_all -gstabs+" +- flags_dbg_all="$flags_dbg_all -gcoff" +- flags_dbg_all="$flags_dbg_all -gxcoff" +- flags_dbg_all="$flags_dbg_all -gdwarf-2" +- flags_dbg_all="$flags_dbg_all -gvms" ++ flags_dbg_all="" + flags_dbg_yes="-g" + flags_dbg_off="" +- flags_opt_all="-O -O0 -O1 -O2 -O3 -Os -Og -Ofast" +- flags_opt_yes="-O2" ++ flags_opt_all="" ++ flags_opt_yes="" + flags_opt_off="-O0" + CURL_CHECK_DEF([_WIN32], [], [silent]) + else +-- +1.7.1 + diff --git a/0103-curl-7.59.0-python3.patch b/0103-curl-7.59.0-python3.patch new file mode 100644 index 0000000..56485fe --- /dev/null +++ b/0103-curl-7.59.0-python3.patch @@ -0,0 +1,57 @@ +From 3c4c7340e455b7256c0786759422f34ec3e2d440 Mon Sep 17 00:00:00 2001 +From: Kamil Dudka +Date: Thu, 15 Mar 2018 14:49:56 +0100 +Subject: [PATCH] tests/{negtelnet,smb}server.py: migrate to Python 3 + +Unfortunately, smbserver.py does not work with Python 3 because +there is no 'impacket' module available for Python 3: + +https://github.com/CoreSecurity/impacket/issues/61 +--- + tests/negtelnetserver.py | 4 ++-- + tests/smbserver.py | 4 ++-- + 2 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/tests/negtelnetserver.py b/tests/negtelnetserver.py +index 8cfd409..72ee771 100755 +--- a/tests/negtelnetserver.py ++++ b/tests/negtelnetserver.py +@@ -73,11 +73,11 @@ class NegotiatingTelnetHandler(socketserver.BaseRequestHandler): + response_data = response.encode('ascii') + else: + log.debug("Received normal request - echoing back") +- response_data = data.strip() ++ response_data = data.decode('utf8').strip() + + if response_data: + log.debug("Sending %r", response_data) +- self.request.sendall(response_data) ++ self.request.sendall(response_data.encode('utf8')) + + except IOError: + log.exception("IOError hit during request") +diff --git a/tests/smbserver.py b/tests/smbserver.py +index 195ae39..b09cd44 100755 +--- a/tests/smbserver.py ++++ b/tests/smbserver.py +@@ -24,7 +24,7 @@ + from __future__ import (absolute_import, division, print_function) + # unicode_literals) + import argparse +-import ConfigParser ++import configparser + import os + import sys + import logging +@@ -58,7 +58,7 @@ def smbserver(options): + f.write("{0}".format(pid)) + + # Here we write a mini config for the server +- smb_config = ConfigParser.ConfigParser() ++ smb_config = configparser.ConfigParser() + smb_config.add_section("global") + smb_config.set("global", "server_name", "SERVICE") + smb_config.set("global", "server_os", "UNIX") +-- +2.14.3 + diff --git a/0104-curl-7.19.7-localhost6.patch b/0104-curl-7.19.7-localhost6.patch new file mode 100644 index 0000000..caa8bc2 --- /dev/null +++ b/0104-curl-7.19.7-localhost6.patch @@ -0,0 +1,51 @@ +diff --git a/tests/data/test1083 b/tests/data/test1083 +index e441278..b0958b6 100644 +--- a/tests/data/test1083 ++++ b/tests/data/test1083 +@@ -33,13 +33,13 @@ ipv6 + http-ipv6 + + +-HTTP-IPv6 GET with ip6-localhost --interface ++HTTP-IPv6 GET with localhost6 --interface + + +--g "http://%HOST6IP:%HTTP6PORT/1083" --interface ip6-localhost ++-g "http://%HOST6IP:%HTTP6PORT/1083" --interface localhost6 + + +-perl -e "if ('%CLIENT6IP' ne '[::1]') {print 'Test requires default test client host address';} else {exec './server/resolve --ipv6 ip6-localhost'; print 'Cannot run precheck resolve';}" ++perl -e "if ('%CLIENT6IP' ne '[::1]') {print 'Test requires default test client host address';} else {exec './server/resolve --ipv6 localhost6'; print 'Cannot run precheck resolve';}" + + + +diff --git a/tests/data/test241 b/tests/data/test241 +index 46eae1f..4e1632c 100644 +--- a/tests/data/test241 ++++ b/tests/data/test241 +@@ -30,13 +30,13 @@ ipv6 + http-ipv6 + + +-HTTP-IPv6 GET (using ip6-localhost) ++HTTP-IPv6 GET (using localhost6) + + +--g "http://ip6-localhost:%HTTP6PORT/241" ++-g "http://localhost6:%HTTP6PORT/241" + + +-./server/resolve --ipv6 ip6-localhost ++./server/resolve --ipv6 localhost6 + + + +@@ -48,7 +48,7 @@ HTTP-IPv6 GET (using ip6-localhost) + + + GET /241 HTTP/1.1 +-Host: ip6-localhost:%HTTP6PORT ++Host: localhost6:%HTTP6PORT + Accept: */* + + diff --git a/0105-curl-7.63.0-lib1560-valgrind.patch b/0105-curl-7.63.0-lib1560-valgrind.patch new file mode 100644 index 0000000..6d05c67 --- /dev/null +++ b/0105-curl-7.63.0-lib1560-valgrind.patch @@ -0,0 +1,39 @@ +From f55cca0e86f59ec11ffafd5c0503c39ca3723e2e Mon Sep 17 00:00:00 2001 +From: Kamil Dudka +Date: Mon, 4 Feb 2019 17:32:56 +0100 +Subject: [PATCH] libtest: compile lib1560.c with -fno-builtin-strcmp + +... to prevent valgrind from reporting false positives on x86_64: + +Conditional jump or move depends on uninitialised value(s) + at 0x10BCAA: part2id (lib1560.c:489) + by 0x10BCAA: updateurl (lib1560.c:521) + by 0x10BCAA: set_parts (lib1560.c:630) + by 0x10BCAA: test (lib1560.c:802) + by 0x4923412: (below main) (in /usr/lib64/libc-2.28.9000.so) + +Conditional jump or move depends on uninitialised value(s) + at 0x10BCC3: part2id (lib1560.c:491) + by 0x10BCC3: updateurl (lib1560.c:521) + by 0x10BCC3: set_parts (lib1560.c:630) + by 0x10BCC3: test (lib1560.c:802) + by 0x4923412: (below main) (in /usr/lib64/libc-2.28.9000.so) +--- + tests/libtest/Makefile.inc | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/tests/libtest/Makefile.inc b/tests/libtest/Makefile.inc +index 080421b..ea3b806 100644 +--- a/tests/libtest/Makefile.inc ++++ b/tests/libtest/Makefile.inc +@@ -531,6 +531,7 @@ lib1559_SOURCES = lib1559.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS) + lib1559_LDADD = $(TESTUTIL_LIBS) + + lib1560_SOURCES = lib1560.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS) ++lib1560_CFLAGS = $(AM_CFLAGS) -fno-builtin-strcmp + lib1560_LDADD = $(TESTUTIL_LIBS) + + lib1591_SOURCES = lib1591.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS) +-- +2.17.2 + diff --git a/ci.fmf b/ci.fmf deleted file mode 100644 index d3546e9..0000000 --- a/ci.fmf +++ /dev/null @@ -1,9 +0,0 @@ -discover: - how: fmf -prepare: - how: install - exclude: - - libcurl-minimal - - curl-minimal -execute: - how: tmt diff --git a/curl-7.66.0.tar.xz.asc b/curl-7.66.0.tar.xz.asc new file mode 100644 index 0000000..83e8258 --- /dev/null +++ b/curl-7.66.0.tar.xz.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- + +iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAl14i4AACgkQXMkI/bce +EsJwgwf/WauX31s687pdOgpPE4ymPuxIrdVl+NovWdOBdQQfIA0c/4lu4onJYPAT +K6wq86me5y8fj/Q3ymqQ3H1EcJE2vTHPx/w+zEHNsEILtBMFHdm84CJzhdLlI1GC +9iBkjVKk/2s0tBOdC3HuskYLY2y02dHACvTvDJjx42nK4IbsdjoamVdMa7vep1TG +abmLRNHkOHKjioYWi0N04c5H5YDpdWOOjFY+EPO+m+YQuJlYkgw90nlmOaqiLcHL +3zGCMNXb209wxuNEVKenlhPQ/3FQZ9+8a4b6mMqBX7PDwhDiZLhqIJgVseWdw1r0 +Qm2suW4eUtlC2DTqTMtusG7EMN8pag== +=pFLb +-----END PGP SIGNATURE----- diff --git a/curl.rpmlintrc b/curl.rpmlintrc deleted file mode 100644 index 022a98e..0000000 --- a/curl.rpmlintrc +++ /dev/null @@ -1,15 +0,0 @@ -# Intentional stuff we're not concerned about -addFilter("unversioned-explicit-provides webclient") -addFilter("package-with-huge-docs") -addFilter("crypto-policy-non-compliance-openssl /usr/lib(64)?/libcurl.so.4") - -# This is just plain wrong (%_configure redefinition) -addFilter("configure-without-libdir-spec") - -# Technical term -addFilter("E: spelling-error \('kerberos',") - -# Artefacts of RemovePathPostfixes: .minimal -addFilter("W: dangling-relative-symlink /usr/lib/.build-id/.* ../../../../.*curl.*\.minimal") -#addFilter("W: dangling-relative-symlink /usr/lib.*/libcurl.so.4 libcurl.so.4.*.minimal") -#addFilter("E: invalid-ldconfig-symlink /usr/lib.*/libcurl.so.4.* libcurl.so.4.*.minimal") diff --git a/curl.spec b/curl.spec index c0ad4db..a64e63a 100644 --- a/curl.spec +++ b/curl.spec @@ -1,45 +1,40 @@ -# OpenSSL ENGINE support -# This is deprecated by OpenSSL since OpenSSL 3.0 and by Fedora since Fedora 41 -# https://fedoraproject.org/wiki/Changes/OpensslDeprecateEngine -# Change the bcond to 0 to turn off ENGINE support by default -%bcond openssl_engine_support %[%{defined fedora} || 0%{?rhel} < 10] - -# HTTP/3 support -# This is using ngtcp2 with OpenSSL 3.5 QUIC support instead of curl's -# experimental native OpenSSL 3.5 support. -%bcond http3 %[0%{?fedora} >= 43] - Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl -Version: 8.18.0 -Release: 1%{?dist} -License: curl -Source0: https://curl.se/download/%{name}-%{version_no_tilde}.tar.xz -Source1: https://curl.se/download/%{name}-%{version_no_tilde}.tar.xz.asc -# The curl download page ( https://curl.se/download.html ) links -# to Daniel's address page https://daniel.haxx.se/address.html for the GPG Key, -# which points to the GPG key as of April 7th 2016 of https://daniel.haxx.se/mykey.asc -Source2: mykey.asc +Version: 7.66.0 +Release: 3%{?dist} +License: MIT +Source: https://curl.haxx.se/download/%{name}-%{version}.tar.xz + +# fix memory leaked by parse_metalink() +Patch1: 0001-curl-7.66.0-metalink-memleak.patch + +# fix partial password leak over DNS on HTTP redirect (CVE-2020-8169) +Patch2: 0002-curl-7.69.1-CVE-2020-8169.patch + +# avoid overwriting a local file with -J (CVE-2020-8177) +Patch3: 0003-curl-7.69.1-CVE-2020-8177.patch + +# libcurl: wrong connect-only connection (CVE-2020-8231) +Patch4: 0004-curl-7.66.0-CVE-2020-8231.patch # patch making libcurl multilib ready Patch101: 0101-curl-7.32.0-multilib.patch +# prevent configure script from discarding -g in CFLAGS (#496778) +Patch102: 0102-curl-7.36.0-debug.patch + +# migrate tests/http_pipe.py to Python 3 +Patch103: 0103-curl-7.59.0-python3.patch + +# use localhost6 instead of ip6-localhost in the curl test-suite +Patch104: 0104-curl-7.19.7-localhost6.patch + +# prevent valgrind from reporting false positives on x86_64 +Patch105: 0105-curl-7.63.0-lib1560-valgrind.patch + Provides: curl-full = %{version}-%{release} -# do not fail when trying to install curl-minimal after drop -Provides: curl-minimal = %{version}-%{release} Provides: webclient -URL: https://curl.se/ - -%if 0%{?fedora} -# instead of bundled wcurl utility, recommend wcurl package -Recommends: wcurl -%endif - -# The reason for maintaining two separate packages for curl is no longer valid. -# The curl-minimal is currently almost identical to curl-full, so let's drop curl-minimal. -# For more details, see https://bugzilla.redhat.com/show_bug.cgi?id=2262096 -Obsoletes: curl-minimal < 8.6.0-4 - +URL: https://curl.haxx.se/ BuildRequires: automake BuildRequires: brotli-devel BuildRequires: coreutils @@ -47,35 +42,22 @@ BuildRequires: gcc BuildRequires: groff BuildRequires: krb5-devel BuildRequires: libidn2-devel +BuildRequires: libmetalink-devel BuildRequires: libnghttp2-devel -%if %{with http3} -BuildRequires: libnghttp3-devel -%endif BuildRequires: libpsl-devel BuildRequires: libssh-devel -BuildRequires: libtool BuildRequires: make -%if %{with http3} -BuildRequires: ngtcp2-crypto-ossl-devel -%endif BuildRequires: openldap-devel BuildRequires: openssh-clients BuildRequires: openssh-server -BuildRequires: openssl BuildRequires: openssl-devel -%if %{with openssl_engine_support} && 0%{?fedora} >= 41 -BuildRequires: openssl-devel-engine -%endif BuildRequires: perl-interpreter BuildRequires: pkgconfig -BuildRequires: python-unversioned-command BuildRequires: python3-devel BuildRequires: sed +BuildRequires: stunnel BuildRequires: zlib-devel -# For gpg verification of source tarball -BuildRequires: gnupg2 - # needed to compress content of tool_hugehelp.c after changing curl.1 man page BuildRequires: perl(IO::Compress::Gzip) @@ -85,77 +67,38 @@ BuildRequires: perl(Pod::Usage) BuildRequires: perl(strict) BuildRequires: perl(warnings) -# needed for test1560 to succeed -BuildRequires: glibc-langpack-en - # gnutls-serv is used by the upstream test-suite BuildRequires: gnutls-utils -# hostname(1) is used by the test-suite but it is missing in armv7hl buildroot -BuildRequires: hostname - # nghttpx (an HTTP/2 proxy) is used by the upstream test-suite BuildRequires: nghttp2 # perl modules used in the test suite -BuildRequires: perl(B) -BuildRequires: perl(base) -BuildRequires: perl(constant) BuildRequires: perl(Cwd) BuildRequires: perl(Digest::MD5) -BuildRequires: perl(Digest::SHA) BuildRequires: perl(Exporter) BuildRequires: perl(File::Basename) BuildRequires: perl(File::Copy) BuildRequires: perl(File::Spec) -BuildRequires: perl(I18N::Langinfo) BuildRequires: perl(IPC::Open2) -BuildRequires: perl(List::Util) -BuildRequires: perl(Memoize) BuildRequires: perl(MIME::Base64) -BuildRequires: perl(POSIX) -BuildRequires: perl(Storable) -BuildRequires: perl(Time::HiRes) BuildRequires: perl(Time::Local) +BuildRequires: perl(Time::HiRes) BuildRequires: perl(vars) -%if 0%{?fedora} -# needed for upstream test 1451 -BuildRequires: python3-impacket -%endif - # The test-suite runs automatically through valgrind if valgrind is available # on the system. By not installing valgrind into mock's chroot, we disable # this feature for production builds on architectures where valgrind is known # to be less reliable, in order to avoid unnecessary build failures (see RHBZ # #810992, #816175, and #886891). Nevertheless developers are free to install # valgrind manually to improve test coverage on any architecture. -%ifarch x86_64 +%ifarch x86_64 %{ix86} BuildRequires: valgrind %endif -# stunnel is used by upstream tests but it does not seem to work reliably -# on aarch64/s390x and occasionally breaks some tests (mainly 1561 and 1562) -%ifnarch aarch64 s390x -BuildRequires: stunnel -%endif - # using an older version of libcurl could result in CURLE_UNKNOWN_OPTION Requires: libcurl%{?_isa} >= %{version}-%{release} -# Define OPENSSL_NO_ENGINE to avoid inclusion of -%if %{without openssl_engine_support} -%global _preprocessor_defines %{?_preprocessor_defines} -DOPENSSL_NO_ENGINE -%endif - -# require at least the version of libnghttp2 that we were built against, -# to ensure that we have the necessary symbols available (#2144277) -%global libnghttp2_version %(pkg-config --modversion libnghttp2 2>/dev/null || echo 0) - -# require at least the version of libnghttp3 that we were built against, -# to ensure that we have the necessary symbols available -%global libnghttp3_version %(pkg-config --modversion libnghttp3 2>/dev/null || echo 0) - # require at least the version of libpsl that we were built against, # to ensure that we have the necessary symbols available (#1631804) %global libpsl_version %(pkg-config --modversion libpsl 2>/dev/null || echo 0) @@ -164,14 +107,9 @@ Requires: libcurl%{?_isa} >= %{version}-%{release} # to ensure that we have the necessary symbols available (#525002, #642796) %global libssh_version %(pkg-config --modversion libssh 2>/dev/null || echo 0) -# require at least the version of ngtcp2 that we were built against, -# to ensure that we have the necessary symbols available -%global ngtcp2_version %(pkg-config --modversion libngtcp2 2>/dev/null || echo 0) - # require at least the version of openssl-libs that we were built against, # to ensure that we have the necessary symbols available (#1462184, #1462211) -# (we need to translate 3.0.0-alpha16 -> 3.0.0-0.alpha16 and 3.0.0-beta1 -> 3.0.0-0.beta1 though) -%global openssl_version %({ pkg-config --modversion openssl 2>/dev/null || echo 0;} | sed 's|-|-0.|') +%global openssl_version %(pkg-config --modversion openssl 2>/dev/null || echo 0) %description curl is a command line tool for transferring data with URL syntax, supporting @@ -183,15 +121,8 @@ resume, proxy tunneling and a busload of other useful tricks. %package -n libcurl Summary: A library for getting files from web servers -Requires: libnghttp2%{?_isa} >= %{libnghttp2_version} -%if %{with http3} -Requires: libnghttp3%{?_isa} >= %{libnghttp3_version} -%endif Requires: libpsl%{?_isa} >= %{libpsl_version} Requires: libssh%{?_isa} >= %{libssh_version} -%if %{with http3} -Requires: ngtcp2%{?_isa} >= %{ngtcp2_version} -%endif Requires: openssl-libs%{?_isa} >= 1:%{openssl_version} Provides: libcurl-full = %{version}-%{release} Provides: libcurl-full%{?_isa} = %{version}-%{release} @@ -217,13 +148,27 @@ The libcurl-devel package includes header files and libraries necessary for developing programs which use the libcurl library. It contains the API documentation of the library, too. +%package -n curl-minimal +Summary: Conservatively configured build of curl for minimal installations +Provides: curl = %{version}-%{release} +Conflicts: curl +RemovePathPostfixes: .minimal + +# using an older version of libcurl could result in CURLE_UNKNOWN_OPTION +Requires: libcurl%{?_isa} >= %{version}-%{release} + +%description -n curl-minimal +This is a replacement of the 'curl' package for minimal installations. It +comes with a limited set of features compared to the 'curl' package. On the +other hand, the package is smaller and requires fewer run-time dependencies to +be installed. + %package -n libcurl-minimal Summary: Conservatively configured build of libcurl for minimal installations -Requires: libnghttp2%{?_isa} >= %{libnghttp2_version} Requires: openssl-libs%{?_isa} >= 1:%{openssl_version} Provides: libcurl = %{version}-%{release} Provides: libcurl%{?_isa} = %{version}-%{release} -Conflicts: libcurl%{?_isa} +Conflicts: libcurl RemovePathPostfixes: .minimal # needed for RemovePathPostfixes to work with shared libraries %undefine __brp_ldconfig @@ -235,107 +180,88 @@ other hand, the package is smaller and requires fewer run-time dependencies to be installed. %prep -%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}' -%autosetup -n %{name}-%{version_no_tilde} -p1 +%setup -q -# disable test 1801 +# upstream patches +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 + +# Fedora patches +%patch101 -p1 +%patch102 -p1 +%patch103 -p1 +%patch104 -p1 +%patch105 -p1 + +# make tests/*.py use Python 3 +sed -e '1 s|^#!/.*python|#!%{__python3}|' -i tests/*.py + +# regenerate Makefile.in files +aclocal -I m4 +automake + +# disable test 1112 (#565305), test 1455 (occasionally fails with 'bind failed +# with errno 98: Address already in use' in Koji environment), and test 1801 # -printf "1801\n" >>tests/data/DISABLED +# and test 1900, which is flaky and covers a deprecated feature of libcurl +# +printf "1112\n1455\n1801\n1900\n" >> tests/data/DISABLED -# test3026: avoid pthread_create() failure due to resource exhaustion on i386 -%ifarch %{ix86} -sed -e 's|NUM_THREADS 1000$|NUM_THREADS 256|' \ - -i tests/libtest/lib3026.c +# disable test 1319 on ppc64 (server times out) +%ifarch ppc64 +echo "1319" >> tests/data/DISABLED +%endif + +# temporarily disable test 582 on s390x (client times out) +%ifarch s390x +echo "582" >> tests/data/DISABLED %endif # adapt test 323 for updated OpenSSL -sed -e 's|^35$|35,52|' -i tests/data/test323 - -# use localhost6 instead of ip6-localhost in the curl test-suite -( - # avoid glob expansion in the trace output of `bash -x` - { set +x; } 2>/dev/null - cmd="sed -e 's|ip6-localhost|localhost6|' -i tests/data/test[0-9]*" - printf "+ %s\n" "$cmd" >&2 - eval "$cmd" -) - -# avoid unnecessary arch-dependent line in the processed file -sed -e '/# Used in @libdir@/d' \ - -i curl-config.in +sed -e 's/^35$/35,52/' -i tests/data/test323 %build -# regenerate the configure script and Makefile.in files -autoreconf -fiv - mkdir build-{full,minimal} -export common_configure_opts=" \ - --cache-file=../config.cache \ - --disable-manual \ - --disable-static \ - --enable-hsts \ - --enable-ipv6 \ - --enable-symbol-hiding \ - --enable-threaded-resolver \ - --without-zstd \ - --with-gssapi \ - --with-libidn2 \ - --with-nghttp2 \ - --with-ssl --with-ca-bundle=%{_sysconfdir}/pki/ca-trust/extracted/pem/tls-ca-bundle.pem \ - --with-zsh-functions-dir" +export common_configure_opts=" \ + --cache-file=../config.cache \ + --disable-static \ + --enable-symbol-hiding \ + --enable-ipv6 \ + --enable-threaded-resolver \ + --with-gssapi \ + --with-nghttp2 \ + --with-ssl --with-ca-bundle=%{_sysconfdir}/pki/tls/certs/ca-bundle.crt" %global _configure ../configure # configure minimal build ( cd build-minimal - %configure $common_configure_opts \ - --disable-dict \ - --disable-gopher \ - --disable-imap \ - --disable-ldap \ - --disable-ldaps \ - --disable-mqtt \ - --disable-ntlm \ - --disable-pop3 \ - --disable-rtsp \ - --disable-smb \ - --disable-smtp \ - --disable-telnet \ - --disable-tftp \ - --disable-tls-srp \ - --disable-websockets \ - --without-brotli \ - --without-libpsl \ + %configure $common_configure_opts \ + --disable-ldap \ + --disable-ldaps \ + --disable-manual \ + --without-brotli \ + --without-libidn2 \ + --without-libmetalink \ + --without-libpsl \ --without-libssh ) # configure full build ( cd build-full - %configure $common_configure_opts \ - --enable-dict \ - --enable-gopher \ - --enable-imap \ - --enable-ldap \ - --enable-ldaps \ - --enable-mqtt \ - --enable-ntlm \ - --enable-pop3 \ - --enable-rtsp \ - --enable-smb \ - --enable-smtp \ - --enable-telnet \ - --enable-tftp \ - --enable-tls-srp \ - --enable-websockets \ - --with-brotli \ - --with-libpsl \ - --with-libssh \ -%if %{with http3} - --with-nghttp3 \ - --with-ngtcp2 \ -%endif + %configure $common_configure_opts \ + --enable-ldap \ + --enable-ldaps \ + --enable-manual \ + --with-brotli \ + --with-libidn2 \ + --with-libmetalink \ + --with-libpsl \ + --with-libssh ) # avoid using rpath @@ -343,53 +269,49 @@ sed -e 's/^runpath_var=.*/runpath_var=/' \ -e 's/^hardcode_libdir_flag_spec=".*"$/hardcode_libdir_flag_spec=""/' \ -i build-{full,minimal}/libtool -%make_build V=1 -C build-minimal -%make_build V=1 -C build-full +make %{?_smp_mflags} V=1 -C build-minimal +make %{?_smp_mflags} V=1 -C build-full %check +# we have to override LD_LIBRARY_PATH because we eliminated rpath +LD_LIBRARY_PATH="$RPM_BUILD_ROOT%{_libdir}:$LD_LIBRARY_PATH" +export LD_LIBRARY_PATH + # compile upstream test-cases -%make_build V=1 -C build-minimal/tests -%make_build V=1 -C build-full/tests +cd build-full/tests +make %{?_smp_mflags} V=1 # relax crypto policy for the test-suite to make it pass again (#1610888) export OPENSSL_SYSTEM_CIPHERS_OVERRIDE=XXX export OPENSSL_CONF= -# make runtests.pl work for out-of-tree builds -export srcdir=../../tests - -# prevent valgrind from being extremely slow (#1662656) -# https://fedoraproject.org/wiki/Changes/DebuginfodByDefault -unset DEBUGINFOD_URLS - -# run the upstream test-suite for both curl-minimal and curl-full -for size in minimal full; do ( - cd build-${size} - - # we have to override LD_LIBRARY_PATH because we eliminated rpath - export LD_LIBRARY_PATH="${PWD}/lib/.libs" - - cd tests - perl -I../../tests ../../tests/runtests.pl -a -p -v '!flaky' -) -done - +# run the upstream test-suite +srcdir=../../tests perl -I../../tests ../../tests/runtests.pl -a -p -v '!flaky' %install # install and rename the library that will be packaged as libcurl-minimal -%make_install -C build-minimal/lib +make DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p" install -C build-minimal/lib rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.{la,so} for i in ${RPM_BUILD_ROOT}%{_libdir}/*; do mv -v $i $i.minimal done +# install and rename the executable that will be packaged as curl-minimal +make DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p" install -C build-minimal/src +mv -v ${RPM_BUILD_ROOT}%{_bindir}/curl{,.minimal} + # install libcurl.m4 install -d $RPM_BUILD_ROOT%{_datadir}/aclocal install -m 644 docs/libcurl/libcurl.m4 $RPM_BUILD_ROOT%{_datadir}/aclocal # install the executable and library that will be packaged as curl and libcurl cd build-full -%make_install +make DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p" install + +# install zsh completion for curl +# (we have to override LD_LIBRARY_PATH because we eliminated rpath) +LD_LIBRARY_PATH="$RPM_BUILD_ROOT%{_libdir}:$LD_LIBRARY_PATH" \ + make DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p" install -C scripts # do not install /usr/share/fish/completions/curl.fish which is also installed # by fish-3.0.2-1.module_f31+3716+57207597 and would trigger a conflict @@ -397,25 +319,19 @@ rm -rf ${RPM_BUILD_ROOT}%{_datadir}/fish rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la -# do not install bundled wcurl utility -# it is provided by the wcurl package -rm -f ${RPM_BUILD_ROOT}%{_bindir}/wcurl -rm -f ${RPM_BUILD_ROOT}%{_mandir}/man1/wcurl.1* - %ldconfig_scriptlets -n libcurl %ldconfig_scriptlets -n libcurl-minimal %files -%doc CHANGES.md +%doc CHANGES %doc README -%doc docs/BUGS.md -%doc docs/DISTROS.md -%doc docs/FAQ.md -%doc docs/FEATURES.md -%doc docs/KNOWN_BUGS.md -%doc docs/TODO.md -%doc docs/TheArtOfHttpScripting.md +%doc docs/BUGS +%doc docs/FAQ +%doc docs/FEATURES +%doc docs/RESOURCES +%doc docs/TODO +%doc docs/TheArtOfHttpScripting %{_bindir}/curl %{_mandir}/man1/curl.1* %{_datadir}/zsh @@ -427,7 +343,7 @@ rm -f ${RPM_BUILD_ROOT}%{_mandir}/man1/wcurl.1* %files -n libcurl-devel %doc docs/examples/*.c docs/examples/Makefile.example docs/INTERNALS.md -%doc docs/CONTRIBUTE.md docs/libcurl/ABI.md +%doc docs/CONTRIBUTE.md docs/libcurl/ABI %{_bindir}/curl-config* %{_includedir}/curl %{_libdir}/*.so @@ -436,511 +352,22 @@ rm -f ${RPM_BUILD_ROOT}%{_mandir}/man1/wcurl.1* %{_mandir}/man3/* %{_datadir}/aclocal/libcurl.m4 +%files -n curl-minimal +%{_bindir}/curl.minimal +%{_mandir}/man1/curl.1* + %files -n libcurl-minimal %license COPYING %{_libdir}/libcurl.so.4.minimal %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %changelog -* Wed Jan 07 2026 Jan Macku - 8.18.0-1 -- new upstream release +* Wed Aug 19 2020 Kamil Dudka - 7.66.0-3 +- libcurl: wrong connect-only connection (CVE-2020-8231) -* Mon Jan 05 2026 Jan Macku - 8.18.0~rc3-1 -- new upstream release candidate - -* Tue Dec 16 2025 Jan Macku - 8.18.0~rc2-1 -- new upstream release candidate -- reenable valgrind on test 616 - -* Tue Dec 09 2025 Jan Macku - 8.18.0~rc1-1 -- new upstream release candidate -- drop upstreamed patches - -* Sun Dec 07 2025 Aleksei Bavshin - 8.17.0-5 -- Enable HTTP/3 support with ngtcp2 - -* Thu Dec 04 2025 Jan Macku - 8.17.0-4 -- apply upstream patches for valgrind issues in HTTP/3 (#2408809) - -* Thu Nov 13 2025 Jan Macku - 8.17.0-3 -- recommend wcurl package instead of bundled wcurl utility - -* Thu Nov 13 2025 Jan Macku - 8.17.0-2 -- remove bundled wcurl utility that was added in 8.14.0~rc1, use wcurl package instead - -* Mon Nov 10 2025 Jan Macku - 8.17.0-1 -- new upstream release - -* Thu Oct 30 2025 Jan Macku - 8.17.0~rc3-1 -- new upstream release candidate - -* Tue Oct 21 2025 Jan Macku - 8.17.0~rc2-1 -- new upstream release candidate - -* Mon Oct 13 2025 Jan Macku - 8.17.0~rc1-1 -- new upstream release candidate - -* Wed Sep 10 2025 Jan Macku - 8.16.0-1 -- new upstream release - -* Wed Sep 03 2025 Jan Macku - 8.16.0~rc3-1 -- new upstream release candidate - -* Tue Aug 26 2025 Jan Macku - 8.16.0~rc2-1 -- new upstream release candidate - -* Wed Jul 23 2025 Fedora Release Engineering - 8.15.0-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild - -* Wed Jul 16 2025 Jan Macku - 8.15.0-1 -- new upstream release - -* Thu Jul 10 2025 Jan Macku - 8.15.0~rc3-1 -- new upstream release candidate - -* Mon Jun 30 2025 Jan Macku - 8.15.0~rc2-1 -- new upstream release candidate - -* Mon Jun 23 2025 Jan Macku - 8.15.0~rc1-1 -- new upstream release candidate - -* Wed Jun 04 2025 Jan Macku - 8.14.1-1 -- new upstream release -- drop: 0001-curl-8.14.0-multi-fix-add_handle-resizing.patch (no longer needed) - -* Wed May 28 2025 Jan Macku - 8.14.0-1 -- new upstream release, which fixes the following vulnerabilities - CVE-2025-5025 - No QUIC certificate pinning with wolfSSL - CVE-2025-4947 - QUIC certificate check skip with wolfSSL -- fix regression: curl_multi_add_handle() returning OOM when using more than 400 handles - -* Fri May 02 2025 Jan Macku - 8.14.0~rc1-1 -- new upstream release candidate -- new utility: wcurl which lets you download URLs without having to remember any parameters - -* Wed Apr 02 2025 Jan Macku - 8.13.0-1 -- new upstream release -- add build time dependency on openssl (required by tests) - -* Wed Mar 26 2025 Jan Macku - 8.13.0~rc3-1 -- new upstream release candidate -- drop: 0102-curl-7.84.0-test3026.patch (no longer needed) - -* Tue Mar 18 2025 Jan Macku - 8.13.0~rc2-1 -- new upstream release candidate - -* Thu Mar 13 2025 Jan Macku - 8.13.0~rc1-2 -- fix --cert parameter (#2351531) - -* Mon Mar 10 2025 Jan Macku - 8.13.0~rc1-1 -- new upstream release candidate - -* Wed Feb 05 2025 Jan Macku - 8.12.0-1 -- new upstream release, which fixes the following vulnerabilities - CVE-2025-0725 - gzip integer overflow - CVE-2025-0665 - eventfd double close - CVE-2025-0167 - netrc and default credential leak -- drop upstreamed patches - -* Fri Jan 31 2025 Jan Macku - 8.11.1-4 -- TLS: check connection for SSL use, not handler (#2324130#c7) - -* Thu Jan 16 2025 Fedora Release Engineering - 8.11.1-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild - -* Sun Dec 15 2024 Paul Howarth - 8.11.1-2 -- Fix crash with Unexpected error 9 on netlink descriptor 10 (rhbz#2332350) - - https://github.com/curl/curl/issues/15725 - - https://github.com/curl/curl/pull/15727 - -* Wed Dec 11 2024 Jan Macku - 8.11.1-1 -- new upstream release, which fixes the following vulnerabilities - CVE-2024-11053 - netrc and redirect credential leak - -* Wed Nov 06 2024 Yaakov Selkowitz - 8.11.0-2 -- Disable engine support on RHEL 10+ - -* Wed Nov 06 2024 Jan Macku - 8.11.0-1 -- new upstream release, which fixes the following vulnerabilities - CVE-2024-9681 - HSTS subdomain overwrites parent cache entry - -* Tue Sep 24 2024 Jan Macku - 8.10.1-2 -- Use tls-ca-bundle.pem instead of ca-bundle.crt (OpenSSL specific) (#2313564) - -* Wed Sep 18 2024 Jan Macku - 8.10.1-1 -- new upstream release - -* Wed Sep 11 2024 Jan Macku - 8.10.0-1 -- new upstream release - -* Wed Aug 21 2024 Jacek Migacz - 8.9.1-3 -- Retire deprecated ntlm-wb configure option - -* Mon Aug 5 2024 voidanix - 8.9.1-2 -- Apply SIGPIPE-related patch due to upstream regression - -* Wed Jul 24 2024 Jan Macku - 8.9.1-1 -- new upstream release - -* Wed Jul 24 2024 Jan Macku - 8.9.0-1 -- new upstream release, which fixes the following vulnerabilities - CVE-2024-6874 - macidn punycode buffer overread - CVE-2024-6197 - freeing stack buffer in utf8asn1str -- drop upstreamed patches - -* Wed Jul 17 2024 Fedora Release Engineering - 8.8.0-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild - -* Fri Jul 12 2024 Paul Howarth - 8.8.0-2 -- adapt for https://fedoraproject.org/wiki/Changes/OpensslDeprecateEngine -- added build condition for openssl_engine_support, true by default so as to - not change the resulting built package (yet) -- with openssl_engine_support true, BR: openssl-devel-engine -- with openssl_engine_support false, build with -DOPENSSL_NO_ENGINE - -* Wed May 22 2024 Jan Macku - 8.8.0-1 -- new upstream release -- drop upstreamed patches - -* Wed Mar 27 2024 Jan Macku - 8.7.1-1 -- new upstream release, which fixes the following vulnerabilities - CVE-2024-2004 - Usage of disabled protocol - CVE-2024-2379 - QUIC certificate check bypass with wolfSSL - CVE-2024-2398 - HTTP/2 push headers memory-leak - CVE-2024-2466 - TLS certificate check bypass with mbedTLS -- drop upstreamed patches -- reenable test 0313 -- fix zsh completions, use --with-zsh-functions-dir -- apply upstream patches for 8.7.1 issues and regressions - -* Mon Feb 19 2024 Jan Macku - 8.6.0-7 -- Fix: Leftovers after chunking should not be part of the curl buffer output (#2264220) - -* Mon Feb 12 2024 Jan Macku - 8.6.0-6 -- revert "receive max buffer" + add test case -- temporarily disable test 0313 -- remove suggests of libcurl-minimal in curl-full - -* Mon Feb 12 2024 Jan Macku - 8.6.0-5 -- add Provides to curl-minimal - -* Wed Feb 07 2024 Jan Macku - 8.6.0-4 -- drop curl-minimal subpackage in favor of curl-full (#2262096) - -* Mon Feb 05 2024 Jan Macku - 8.6.0-3 -- ignore response body to HEAD requests - -* Fri Feb 02 2024 Jan Macku - 8.6.0-2 -- don't build manual for curl-full - use man 1 curl instead (#2262373) - -* Thu Feb 01 2024 Jan Macku - 8.6.0-1 -- new upstream release, which fixes the following vulnerabilities - CVE-2024-0853 - OCSP verification bypass with TLS session reuse -- drop 001-dist-add-tests-errorcodes.pl-to-the-tarball.patch (replaced by upstream fix) -- remove accidentally included mk-ca-bundle.1 man page (upstream bug #12843) - -* Fri Jan 19 2024 Fedora Release Engineering - 8.5.0-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild - -* Wed Dec 06 2023 Jan Macku - 8.5.0-1 -- new upstream release, which fixes the following vulnerabilities - CVE-2023-46218 - cookie mixed case PSL bypass - CVE-2023-46219 - HSTS long file name clears contents - -* Wed Oct 11 2023 Jan Macku - 8.4.0-1 -- new upstream release, which fixes the following vulnerabilities - CVE-2023-38545 - SOCKS5 heap buffer overflow - CVE-2023-38546 - cookie injection with none file - -* Wed Sep 13 2023 Jan Macku - 8.3.0-1 -- new upstream release, which fixes the following vulnerabilities - CVE-2023-38039 - HTTP headers eat all memory - -* Wed Aug 02 2023 Jan Macku - 8.2.1-2 -- enable websockets (#2224651) - -* Wed Jul 26 2023 Lukáš Zaoral - 8.2.1-1 -- new upstream release (rhbz#2226659) - -* Wed Jul 19 2023 Jan Macku - 8.2.0-1 -- new upstream release, which fixes the following vulnerabilities - CVE-2023-32001 - fopen race condition - -* Tue May 30 2023 Jan Macku - 8.1.2-1 -- new upstream release, with small bugfixes and improvements - -* Tue May 23 2023 Jan Macku - 8.1.1-1 -- new upstream release, with small bugfixes and improvements - -* Wed May 17 2023 Kamil Dudka - 8.1.0-1 -- new upstream release, which fixes the following vulnerabilities - CVE-2023-28321 - IDN wildcard match - CVE-2023-28322 - more POST-after-PUT confusion - -* Fri Apr 21 2023 Kamil Dudka - 8.0.1-3 -- tests: re-enable temporarily disabled test-cases -- tests: attempt to fix a conflict on port numbers -- apply patches automatically - -* Tue Mar 21 2023 Lukáš Zaoral - 8.0.1-2 -- migrated to SPDX license - -* Mon Mar 20 2023 Kamil Dudka - 8.0.1-1 -- new upstream release - -* Mon Mar 20 2023 Kamil Dudka - 8.0.0-1 -- new upstream release, which fixes the following vulnerabilities - CVE-2023-27538 - SSH connection too eager reuse still - CVE-2023-27537 - HSTS double-free - CVE-2023-27536 - GSS delegation too eager connection re-use - CVE-2023-27535 - FTP too eager connection reuse - CVE-2023-27534 - SFTP path ~ resolving discrepancy - CVE-2023-27533 - TELNET option IAC injection - -* Mon Feb 20 2023 Kamil Dudka - 7.88.1-1 -- new upstream release - -* Fri Feb 17 2023 Kamil Dudka - 7.88.0-2 -- http2: set drain on stream end - -* Wed Feb 15 2023 Kamil Dudka - 7.88.0-1 -- new upstream release, which fixes the following vulnerabilities - CVE-2023-23916 - HTTP multi-header compression denial of service - CVE-2023-23915 - HSTS amnesia with --parallel - CVE-2023-23914 - HSTS ignored on multiple requests - -* Fri Jan 20 2023 Kamil Dudka - 7.87.0-4 -- fix regression in a public header file (#2162716) - -* Thu Jan 19 2023 Fedora Release Engineering - 7.87.0-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild - -* Wed Jan 11 2023 Kamil Dudka - 7.87.0-2 -- test3012: temporarily disable valgrind (#2143040) - -* Wed Dec 21 2022 Kamil Dudka - 7.87.0-1 -- new upstream release, which fixes the following vulnerabilities - CVE-2022-43552 - HTTP Proxy deny use-after-free - CVE-2022-43551 - Another HSTS bypass via IDN - -* Tue Nov 29 2022 Kamil Dudka - 7.86.0-4 -- noproxy: tailmatch like in 7.85.0 and earlier (#2149224) - -* Thu Nov 24 2022 Kamil Dudka - 7.86.0-3 -- enforce versioned libnghttp2 dependency for libcurl (#2144277) - -* Mon Oct 31 2022 Kamil Dudka - 7.86.0-2 -- fix regression in noproxy matching - -* Wed Oct 26 2022 Kamil Dudka - 7.86.0-1 -- new upstream release, which fixes the following vulnerabilities - CVE-2022-42916 - HSTS bypass via IDN - CVE-2022-42915 - HTTP proxy double-free - CVE-2022-35260 - .netrc parser out-of-bounds access - CVE-2022-32221 - POST following PUT confusion - -* Thu Sep 01 2022 Kamil Dudka - 7.85.0-1 -- new upstream release, which fixes the following vulnerability - CVE-2022-35252 - control code in cookie denial of service - -* Thu Aug 25 2022 Kamil Dudka - 7.84.0-3 -- tests: fix http2 tests to use CRLF headers to make it work with nghttp2-1.49.0 - -* Wed Jul 20 2022 Fedora Release Engineering - 7.84.0-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild - -* Mon Jun 27 2022 Kamil Dudka - 7.84.0-1 -- new upstream release, which fixes the following vulnerabilities - CVE-2022-32207 - Unpreserved file permissions - CVE-2022-32205 - Set-Cookie denial of service - CVE-2022-32206 - HTTP compression denial of service - CVE-2022-32208 - FTP-KRB bad message verification - -* Wed May 11 2022 Kamil Dudka - 7.83.1-1 -- new upstream release, which fixes the following vulnerabilities - CVE-2022-27782 - fix too eager reuse of TLS and SSH connections - CVE-2022-27779 - do not accept cookies for TLD with trailing dot - CVE-2022-27778 - do not remove wrong file on error - CVE-2022-30115 - hsts: ignore trailing dots when comparing hosts names - CVE-2022-27780 - reject percent-encoded path separator in URL host - -* Wed Apr 27 2022 Kamil Dudka - 7.83.0-1 -- new upstream release, which fixes the following vulnerabilities - CVE-2022-27774 - curl credential leak on redirect - CVE-2022-27776 - curl auth/cookie leak on redirect - CVE-2022-27775 - curl bad local IPv6 connection reuse - CVE-2022-22576 - curl OAUTH2 bearer bypass in connection re-use - -* Tue Mar 15 2022 Kamil Dudka - 7.82.0-2 -- openssl: fix incorrect CURLE_OUT_OF_MEMORY error on CN check failure - -* Sat Mar 05 2022 Kamil Dudka - 7.82.0-1 -- new upstream release - -* Thu Feb 24 2022 Kamil Dudka - 7.81.0-4 -- enable IDN support also in libcurl-minimal - -* Thu Feb 10 2022 Zbigniew Jędrzejewski-Szmek - 7.81.0-3 -- Suggest libcurl-minimal in curl-minimal - -* Thu Jan 20 2022 Fedora Release Engineering - 7.81.0-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild - -* Wed Jan 05 2022 Kamil Dudka - 7.81.0-1 -- new upstream release - -* Sun Nov 14 2021 Paul Howarth - 7.80.0-2 -- sshserver.pl (used in test suite) now requires the Digest::SHA perl module - -* Wed Nov 10 2021 Kamil Dudka - 7.80.0-1 -- new upstream release - -* Tue Oct 26 2021 Kamil Dudka - 7.79.1-3 -- re-enable HSTS in libcurl-minimal as a security feature (#2005874) - -* Mon Oct 04 2021 Kamil Dudka - 7.79.1-2 -- disable more protocols and features in libcurl-minimal (#2005874) - -* Wed Sep 22 2021 Kamil Dudka - 7.79.1-1 -- new upstream release - -* Thu Sep 16 2021 Kamil Dudka - 7.79.0-4 -- fix regression in http2 implementation introduced in the last release - -* Thu Sep 16 2021 Sahana Prasad - 7.79.0-3 -- Rebuilt with OpenSSL 3.0.0 - -* Thu Sep 16 2021 Kamil Dudka - 7.79.0-2 -- make SCP/SFTP tests work with openssh-8.7p1 - -* Wed Sep 15 2021 Kamil Dudka - 7.79.0-1 -- new upstream release, which fixes the following vulnerabilities - CVE-2021-22947 - STARTTLS protocol injection via MITM - CVE-2021-22946 - protocol downgrade required TLS bypassed - CVE-2021-22945 - use-after-free and double-free in MQTT sending - -* Tue Sep 14 2021 Sahana Prasad - 7.78.0-4 -- Rebuilt with OpenSSL 3.0.0 - -* Fri Jul 23 2021 Kamil Dudka - 7.78.0-3 -- make explicit dependency on openssl work with alpha/beta builds of openssl - -* Wed Jul 21 2021 Fedora Release Engineering - 7.78.0-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild - -* Wed Jul 21 2021 Kamil Dudka - 7.78.0-1 -- new upstream release, which fixes the following vulnerabilities - CVE-2021-22925 - TELNET stack contents disclosure again - CVE-2021-22924 - bad connection reuse due to flawed path name checks - CVE-2021-22923 - metalink download sends credentials - CVE-2021-22922 - wrong content via metalink not discarded - -* Wed Jun 02 2021 Kamil Dudka - 7.77.0-2 -- build the curl tool without metalink support (#1967213) - -* Wed May 26 2021 Kamil Dudka - 7.77.0-1 -- new upstream release, which fixes the following vulnerabilities - CVE-2021-22901 - TLS session caching disaster - CVE-2021-22898 - TELNET stack contents disclosure - -* Mon May 03 2021 Kamil Dudka - 7.76.1-2 -- http2: fix resource leaks detected by Coverity - -* Wed Apr 14 2021 Kamil Dudka - 7.76.1-1 -- new upstream release - -* Wed Mar 31 2021 Kamil Dudka - 7.76.0-1 -- new upstream release, which fixes the following vulnerabilities - CVE-2021-22890 - TLS 1.3 session ticket proxy host mixup - CVE-2021-22876 - Automatic referer leaks credentials - -* Wed Mar 24 2021 Kamil Dudka - 7.75.0-3 -- fix SIGSEGV upon disconnect of a ldaps:// transfer - -* Tue Feb 23 2021 Kamil Dudka - 7.75.0-2 -- build-require python3-impacket only on Fedora - -* Wed Feb 03 2021 Kamil Dudka - 7.75.0-1 -- new upstream release - -* Tue Jan 26 2021 Kamil Dudka - 7.74.0-4 -- do not use stunnel for tests on s390x builds to avoid spurious failures - -* Tue Jan 26 2021 Fedora Release Engineering - 7.74.0-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild - -* Wed Dec 09 2020 Kamil Dudka - 7.74.0-2 -- do not rewrite shebangs in test-suite to use python3 explicitly - -* Wed Dec 09 2020 Kamil Dudka - 7.74.0-1 -- new upstream release, which fixes the following vulnerabilities - CVE-2020-8286 - curl: Inferior OCSP verification - CVE-2020-8285 - libcurl: FTP wildcard stack overflow - CVE-2020-8284 - curl: trusting FTP PASV responses - -* Wed Oct 14 2020 Kamil Dudka - 7.73.0-2 -- prevent upstream test 1451 from being skipped - -* Wed Oct 14 2020 Kamil Dudka - 7.73.0-1 -- new upstream release - -* Thu Sep 10 2020 Jinoh Kang - 7.72.0-2 -- fix multiarch conflicts in libcurl-minimal (#1877671) - -* Wed Aug 19 2020 Kamil Dudka - 7.72.0-1 -- new upstream release, which fixes the following vulnerability - CVE-2020-8231 - libcurl: wrong connect-only connection - -* Thu Aug 06 2020 Kamil Dudka - 7.71.1-5 -- setopt: unset NOBODY switches to GET if still HEAD - -* Mon Jul 27 2020 Fedora Release Engineering - 7.71.1-4 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild - -* Mon Jul 13 2020 Tom Stellard - 7.71.1-3 -- Use make macros -- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro - -* Fri Jul 03 2020 Kamil Dudka - 7.71.1-2 -- curl: make the --krb option work again (#1833193) - -* Wed Jul 01 2020 Kamil Dudka - 7.71.1-1 -- new upstream release - -* Wed Jun 24 2020 Kamil Dudka - 7.71.0-1 -- new upstream release, which fixes the following vulnerabilities - CVE-2020-8169 - curl: Partial password leak over DNS on HTTP redirect - CVE-2020-8177 - curl: overwrite local file with -J - -* Wed Apr 29 2020 Kamil Dudka - 7.70.0-1 -- new upstream release - -* Mon Apr 20 2020 Kamil Dudka - 7.69.1-3 -- SSH: use new ECDSA key types to check known hosts (#1824926) - -* Fri Apr 17 2020 Tom Stellard - 7.69.1-2 -- Prevent discarding of -g when compiling with clang - -* Wed Mar 11 2020 Kamil Dudka - 7.69.1-1 -- new upstream release - -* Mon Mar 09 2020 Kamil Dudka - 7.69.0-2 -- make Flatpak work again (#1810989) - -* Wed Mar 04 2020 Kamil Dudka - 7.69.0-1 -- new upstream release - -* Tue Jan 28 2020 Fedora Release Engineering - 7.68.0-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild - -* Wed Jan 08 2020 Kamil Dudka - 7.68.0-1 -- new upstream release - -* Thu Nov 14 2019 Kamil Dudka - 7.67.0-2 -- fix infinite loop on upload using a glob (#1771025) - -* Wed Nov 06 2019 Kamil Dudka - 7.67.0-1 -- new upstream release +* Wed Jun 24 2020 Kamil Dudka - 7.66.0-2 +- avoid overwriting a local file with -J (CVE-2020-8177) +- fix partial password leak over DNS on HTTP redirect (CVE-2020-8169) * Wed Sep 11 2019 Kamil Dudka - 7.66.0-1 - new upstream release, which fixes the following vulnerabilities @@ -1482,3 +909,881 @@ rm -f ${RPM_BUILD_ROOT}%{_mandir}/man1/wcurl.1* * Wed Feb 06 2013 Kamil Dudka 7.29.0-1 - new upstream release (fixes CVE-2013-0249) + +* Tue Jan 15 2013 Kamil Dudka 7.28.1-3 +- require valgrind for build only on i386 and x86_64 (#886891) + +* Tue Jan 15 2013 Kamil Dudka 7.28.1-2 +- prevent NSS from crashing on client auth hook failure +- clear session cache if a client cert from file is used +- fix error messages for CURLE_SSL_{CACERT,CRL}_BADFILE + +* Tue Nov 20 2012 Kamil Dudka 7.28.1-1 +- new upstream release + +* Wed Oct 31 2012 Kamil Dudka 7.28.0-1 +- new upstream release + +* Mon Oct 01 2012 Kamil Dudka 7.27.0-3 +- use the upstream facility to disable problematic tests +- do not crash if MD5 fingerprint is not provided by libssh2 + +* Wed Aug 01 2012 Kamil Dudka 7.27.0-2 +- eliminate unnecessary inotify events on upload via file protocol (#844385) + +* Sat Jul 28 2012 Kamil Dudka 7.27.0-1 +- new upstream release + +* Mon Jul 23 2012 Kamil Dudka 7.26.0-6 +- print reason phrase from HTTP status line on error (#676596) + +* Wed Jul 18 2012 Fedora Release Engineering - 7.26.0-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Sat Jun 09 2012 Kamil Dudka 7.26.0-4 +- fix duplicated SSL handshake with multi interface and proxy (#788526) + +* Wed May 30 2012 Karsten Hopp 7.26.0-3 +- disable test 1319 on ppc64, server times out + +* Mon May 28 2012 Kamil Dudka 7.26.0-2 +- use human-readable error messages provided by NSS (upstream commit 72f4b534) + +* Fri May 25 2012 Kamil Dudka 7.26.0-1 +- new upstream release + +* Wed Apr 25 2012 Karsten Hopp 7.25.0-3 +- valgrind on ppc64 works fine, disable ppc32 only + +* Wed Apr 25 2012 Karsten Hopp 7.25.0-3 +- drop BR valgrind on PPC(64) until bugzilla #810992 gets fixed + +* Fri Apr 13 2012 Kamil Dudka 7.25.0-2 +- use NSS_InitContext() to initialize NSS if available (#738456) +- provide human-readable names for NSS errors (upstream commit a60edcc6) + +* Fri Mar 23 2012 Paul Howarth 7.25.0-1 +- new upstream release (#806264) +- fix character encoding of docs with a patch rather than just iconv +- update debug and multilib patches +- don't use macros for commands +- reduce size of %%prep output for readability + +* Tue Jan 24 2012 Kamil Dudka 7.24.0-1 +- new upstream release (fixes CVE-2012-0036) + +* Thu Jan 05 2012 Paul Howarth 7.23.0-6 +- rebuild for gcc 4.7 + +* Mon Jan 02 2012 Kamil Dudka 7.23.0-5 +- upstream patch that allows to run FTPS tests with nss-3.13 (#760060) + +* Tue Dec 27 2011 Kamil Dudka 7.23.0-4 +- allow to run FTPS tests with nss-3.13 (#760060) + +* Sun Dec 25 2011 Kamil Dudka 7.23.0-3 +- avoid unnecessary timeout event when waiting for 100-continue (#767490) + +* Mon Nov 21 2011 Kamil Dudka 7.23.0-2 +- curl -JO now uses -O name if no C-D header comes (upstream commit c532604) + +* Wed Nov 16 2011 Kamil Dudka 7.23.0-1 +- new upstream release (#754391) + +* Mon Sep 19 2011 Kamil Dudka 7.22.0-2 +- nss: select client certificates by DER (#733657) + +* Tue Sep 13 2011 Kamil Dudka 7.22.0-1 +- new upstream release +- curl-config now provides dummy --static-libs option (#733956) + +* Sun Aug 21 2011 Paul Howarth 7.21.7-4 +- actually fix SIGSEGV of curl -O -J given more than one URL (#723075) + +* Mon Aug 15 2011 Kamil Dudka 7.21.7-3 +- fix SIGSEGV of curl -O -J given more than one URL (#723075) +- introduce the --delegation option of curl (#730444) +- initialize NSS with no database if the selected database is broken (#728562) + +* Wed Aug 03 2011 Kamil Dudka 7.21.7-2 +- add a new option CURLOPT_GSSAPI_DELEGATION (#719939) + +* Thu Jun 23 2011 Kamil Dudka 7.21.7-1 +- new upstream release (fixes CVE-2011-2192) + +* Wed Jun 08 2011 Kamil Dudka 7.21.6-2 +- avoid an invalid timeout event on a reused handle (#679709) + +* Sat Apr 23 2011 Paul Howarth 7.21.6-1 +- new upstream release + +* Mon Apr 18 2011 Kamil Dudka 7.21.5-2 +- fix the output of curl-config --version (upstream commit 82ecc85) + +* Mon Apr 18 2011 Kamil Dudka 7.21.5-1 +- new upstream release + +* Sat Apr 16 2011 Peter Robinson 7.21.4-4 +- no valgrind on ARMv5 arches + +* Sat Mar 05 2011 Dennis Gilmore 7.21.4-3 +- no valgrind on sparc arches + +* Tue Feb 22 2011 Kamil Dudka 7.21.4-2 +- do not ignore failure of SSL handshake (upstream commit 7aa2d10) + +* Fri Feb 18 2011 Kamil Dudka 7.21.4-1 +- new upstream release +- avoid memory leak on SSL connection failure (upstream commit a40f58d) +- work around valgrind bug (#678518) + +* Tue Feb 08 2011 Fedora Release Engineering - 7.21.3-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Wed Jan 12 2011 Kamil Dudka 7.21.3-2 +- build libcurl with --enable-hidden-symbols + +* Thu Dec 16 2010 Paul Howarth 7.21.3-1 +- update to 7.21.3: + - added --noconfigure switch to testcurl.pl + - added --xattr option + - added CURLOPT_RESOLVE and --resolve + - added CURLAUTH_ONLY + - added version-check.pl to the examples dir + - check for libcurl features for some command line options + - Curl_setopt: disallow CURLOPT_USE_SSL without SSL support + - http_chunks: remove debug output + - URL-parsing: consider ? a divider + - SSH: avoid using the libssh2_ prefix + - SSH: use libssh2_session_handshake() to work on win64 + - ftp: prevent server from hanging on closed data connection when stopping + a transfer before the end of the full transfer (ranges) + - LDAP: detect non-binary attributes properly + - ftp: treat server's response 421 as CURLE_OPERATION_TIMEDOUT + - gnutls->handshake: improved timeout handling + - security: pass the right parameter to init + - krb5: use GSS_ERROR to check for error + - TFTP: resend the correct data + - configure: fix autoconf 2.68 warning: no AC_LANG_SOURCE call detected + - GnuTLS: now detects socket errors on Windows + - symbols-in-versions: updated en masse + - added a couple of examples that were missing from the tarball + - Curl_send/recv_plain: return errno on failure + - Curl_wait_for_resolv (for c-ares): correct timeout + - ossl_connect_common: detect connection re-use + - configure: prevent link errors with --librtmp + - openldap: use remote port in URL passed to ldap_init_fd() + - url: provide dead_connection flag in Curl_handler::disconnect + - lots of compiler warning fixes + - ssh: fix a download resume point calculation + - fix getinfo CURLINFO_LOCAL* for reused connections + - multi: the returned running handles counter could turn negative + - multi: only ever consider pipelining for connections doing HTTP(S) +- drop upstream patches now in tarball +- update bz650255 and disable-test1112 patches to apply against new codebase +- add workaround for false-positive glibc-detected buffer overflow in tftpd + test server with FORTIFY_SOURCE (similar to #515361) + +* Fri Nov 12 2010 Kamil Dudka 7.21.2-5 +- do not send QUIT to a dead FTP control connection (#650255) +- pull back glibc's implementation of str[n]casecmp(), #626470 appears fixed + +* Tue Nov 09 2010 Kamil Dudka 7.21.2-4 +- prevent FTP client from hanging on unrecognized ABOR response (#649347) +- return more appropriate error code in case FTP server session idle + timeout has exceeded (#650255) + +* Fri Oct 29 2010 Kamil Dudka 7.21.2-3 +- prevent FTP server from hanging on closed data connection (#643656) + +* Thu Oct 14 2010 Paul Howarth 7.21.2-2 +- enforce versioned libssh2 dependency for libcurl (#642796) + +* Wed Oct 13 2010 Kamil Dudka 7.21.2-1 +- new upstream release, drop applied patches +- make 0102-curl-7.21.2-debug.patch less intrusive + +* Wed Sep 29 2010 jkeating - 7.21.1-6 +- Rebuilt for gcc bug 634757 + +* Sat Sep 11 2010 Kamil Dudka 7.21.1-5 +- make it possible to run SCP/SFTP tests on x86_64 (#632914) + +* Tue Sep 07 2010 Kamil Dudka 7.21.1-4 +- work around glibc/valgrind problem on x86_64 (#631449) + +* Tue Aug 24 2010 Paul Howarth 7.21.1-3 +- fix up patches so there's no need to run autotools in the rpm build +- drop buildreq automake +- drop dependency on automake for devel package from F-14, where + %%{_datadir}/aclocal is included in the filesystem package +- drop dependency on pkgconfig for devel package from F-11, where + pkgconfig dependencies are auto-generated + +* Mon Aug 23 2010 Kamil Dudka 7.21.1-2 +- re-enable test575 on s390(x), already fixed (upstream commit d63bdba) +- modify system headers to work around gcc bug (#617757) +- curl -T now ignores file size of special files (#622520) +- fix kerberos proxy authentication for https (#625676) +- work around glibc/valgrind problem on x86_64 (#626470) + +* Thu Aug 12 2010 Kamil Dudka 7.21.1-1 +- new upstream release + +* Mon Jul 12 2010 Dan Horák 7.21.0-3 +- disable test 575 on s390(x) + +* Mon Jun 28 2010 Kamil Dudka 7.21.0-2 +- add support for NTLM authentication (#603783) + +* Wed Jun 16 2010 Kamil Dudka 7.21.0-1 +- new upstream release, drop applied patches +- update of %%description +- disable valgrind for certain test-cases (libssh2 problem) + +* Tue May 25 2010 Kamil Dudka 7.20.1-6 +- fix -J/--remote-header-name to strip CR-LF (upstream patch) + +* Wed Apr 28 2010 Kamil Dudka 7.20.1-5 +- CRL support now works again (#581926) +- make it possible to start a testing OpenSSH server when building with SELinux + in the enforcing mode (#521087) + +* Sat Apr 24 2010 Kamil Dudka 7.20.1-4 +- upstream patch preventing failure of test536 with threaded DNS resolver +- upstream patch preventing SSL handshake timeout underflow + +* Thu Apr 22 2010 Paul Howarth 7.20.1-3 +- replace Rawhide s390-sleep patch with a more targeted patch adding a + delay after tests 513 and 514 rather than after all tests + +* Wed Apr 21 2010 Kamil Dudka 7.20.1-2 +- experimentally enabled threaded DNS lookup +- make curl-config multilib ready again (#584107) + +* Mon Apr 19 2010 Kamil Dudka 7.20.1-1 +- new upstream release + +* Tue Mar 23 2010 Kamil Dudka 7.20.0-4 +- add missing quote in libcurl.m4 (#576252) + +* Fri Mar 19 2010 Kamil Dudka 7.20.0-3 +- throw CURLE_SSL_CERTPROBLEM in case peer rejects a certificate (#565972) +- valgrind temporarily disabled (#574889) +- kerberos installation prefix has been changed + +* Wed Feb 24 2010 Kamil Dudka 7.20.0-2 +- exclude test1112 from the test suite (#565305) + +* Thu Feb 11 2010 Kamil Dudka 7.20.0-1 +- new upstream release - added support for IMAP(S), POP3(S), SMTP(S) and RTSP +- dropped patches applied upstream +- dropped curl-7.16.0-privlibs.patch no longer useful +- a new patch forcing -lrt when linking the curl tool and test-cases + +* Fri Jan 29 2010 Kamil Dudka 7.19.7-11 +- upstream patch adding a new option -J/--remote-header-name +- dropped temporary workaround for #545779 + +* Thu Jan 14 2010 Chris Weyl 7.19.7-10 +- bump for libssh2 rebuild + +* Sun Dec 20 2009 Kamil Dudka 7.19.7-9 +- temporary workaround for #548269 + (restored behavior of 7.19.7-4) + +* Wed Dec 09 2009 Kamil Dudka 7.19.7-8 +- replace hard wired port numbers in the test suite + +* Wed Dec 09 2009 Kamil Dudka 7.19.7-7 +- use different port numbers for 32bit and 64bit builds +- temporary workaround for #545779 + +* Tue Dec 08 2009 Kamil Dudka 7.19.7-6 +- make it possible to run test241 +- re-enable SCP/SFTP tests (#539444) + +* Sat Dec 05 2009 Kamil Dudka 7.19.7-5 +- avoid use of uninitialized value in lib/nss.c +- suppress failure of test513 on s390 + +* Tue Dec 01 2009 Kamil Dudka 7.19.7-4 +- do not require valgrind on s390 and s390x +- temporarily disabled SCP/SFTP test-suite (#539444) + +* Thu Nov 12 2009 Kamil Dudka 7.19.7-3 +- fix crash on doubly closed NSPR descriptor, patch contributed + by Kevin Baughman (#534176) +- new version of patch for broken TLS servers (#525496, #527771) + +* Wed Nov 04 2009 Kamil Dudka 7.19.7-2 +- increased release number (CVS problem) + +* Wed Nov 04 2009 Kamil Dudka 7.19.7-1 +- new upstream release, dropped applied patches +- workaround for broken TLS servers (#525496, #527771) + +* Wed Oct 14 2009 Kamil Dudka 7.19.6-13 +- fix timeout issues and gcc warnings within lib/nss.c + +* Tue Oct 06 2009 Kamil Dudka 7.19.6-12 +- upstream patch for NSS support written by Guenter Knauf + +* Wed Sep 30 2009 Kamil Dudka 7.19.6-11 +- build libcurl with c-ares support (#514771) + +* Sun Sep 27 2009 Kamil Dudka 7.19.6-10 +- require libssh2>=1.2 properly (#525002) + +* Sat Sep 26 2009 Kamil Dudka 7.19.6-9 +- let curl test-suite use valgrind +- require libssh2>=1.2 (#525002) + +* Mon Sep 21 2009 Chris Weyl - 7.19.6-8 +- rebuild for libssh2 1.2 + +* Thu Sep 17 2009 Kamil Dudka 7.19.6-7 +- make curl test-suite more verbose + +* Wed Sep 16 2009 Kamil Dudka 7.19.6-6 +- update polling patch to the latest upstream version + +* Thu Sep 03 2009 Kamil Dudka 7.19.6-5 +- cover ssh and stunnel support by the test-suite + +* Wed Sep 02 2009 Kamil Dudka 7.19.6-4 +- use pkg-config to find nss and libssh2 if possible +- better patch (not only) for SCP/SFTP polling +- improve error message for not matching common name (#516056) + +* Fri Aug 21 2009 Kamil Dudka 7.19.6-3 +- avoid tight loop during a sftp upload +- http://permalink.gmane.org/gmane.comp.web.curl.library/24744 + +* Tue Aug 18 2009 Kamil Dudka 7.19.6-2 +- let curl package depend on the same version of libcurl + +* Fri Aug 14 2009 Kamil Dudka 7.19.6-1 +- new upstream release, dropped applied patches +- changed NSS code to not ignore the value of ssl.verifyhost and produce more + verbose error messages (#516056) + +* Wed Aug 12 2009 Ville Skyttä - 7.19.5-10 +- Use lzma compressed upstream tarball. + +* Fri Jul 24 2009 Fedora Release Engineering - 7.19.5-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Wed Jul 22 2009 Kamil Dudka 7.19.5-8 +- do not pre-login to all PKCS11 slots, it causes problems with HW tokens +- try to select client certificate automatically when not specified, thanks + to Claes Jakobsson + +* Fri Jul 10 2009 Kamil Dudka 7.19.5-7 +- fix SIGSEGV when using NSS client certificates, thanks to Claes Jakobsson + +* Sun Jul 05 2009 Kamil Dudka 7.19.5-6 +- force test suite to use the just built libcurl, thanks to Paul Howarth + +* Thu Jul 02 2009 Kamil Dudka 7.19.5-5 +- run test suite after build +- enable built-in manual + +* Wed Jun 24 2009 Kamil Dudka 7.19.5-4 +- fix bug introduced by the last build (#504857) + +* Wed Jun 24 2009 Kamil Dudka 7.19.5-3 +- exclude curlbuild.h content from spec (#504857) + +* Wed Jun 10 2009 Kamil Dudka 7.19.5-2 +- avoid unguarded comparison in the spec file, thanks to R P Herrold (#504857) + +* Tue May 19 2009 Kamil Dudka 7.19.5-1 +- update to 7.19.5, dropped applied patches + +* Mon May 11 2009 Kamil Dudka 7.19.4-11 +- fix infinite loop while loading a private key, thanks to Michael Cronenworth + (#453612) + +* Mon Apr 27 2009 Kamil Dudka 7.19.4-10 +- fix curl/nss memory leaks while using client certificate (#453612, accepted + by upstream) + +* Wed Apr 22 2009 Kamil Dudka 7.19.4-9 +- add missing BuildRequire for autoconf + +* Wed Apr 22 2009 Kamil Dudka 7.19.4-8 +- fix configure.ac to not discard -g in CFLAGS (#496778) + +* Tue Apr 21 2009 Debarshi Ray 7.19.4-7 +- Fixed configure to respect the environment's CFLAGS and CPPFLAGS settings. + +* Tue Apr 14 2009 Kamil Dudka 7.19.4-6 +- upstream patch fixing memory leak in lib/nss.c (#453612) +- remove redundant dependency of libcurl-devel on libssh2-devel + +* Wed Mar 18 2009 Kamil Dudka 7.19.4-5 +- enable 6 additional crypto algorithms by default (#436781, + accepted by upstream) + +* Thu Mar 12 2009 Kamil Dudka 7.19.4-4 +- fix memory leak in src/main.c (accepted by upstream) +- avoid using %%ifarch + +* Wed Mar 11 2009 Kamil Dudka 7.19.4-3 +- make libcurl-devel multilib-ready (bug #488922) + +* Fri Mar 06 2009 Jindrich Novy 7.19.4-2 +- drop .easy-leak patch, causes problems in pycurl (#488791) +- fix libcurl-devel dependencies (#488895) + +* Tue Mar 03 2009 Jindrich Novy 7.19.4-1 +- update to 7.19.4 (fixes CVE-2009-0037) +- fix leak in curl_easy* functions, thanks to Kamil Dudka +- drop nss-fix patch, applied upstream + +* Tue Feb 24 2009 Fedora Release Engineering - 7.19.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Tue Feb 17 2009 Kamil Dudka 7.19.3-1 +- update to 7.19.3, dropped applied nss patches +- add patch fixing 7.19.3 curl/nss bugs + +* Mon Dec 15 2008 Jindrich Novy 7.18.2-9 +- rebuild for f10/rawhide cvs tag clashes + +* Sat Dec 06 2008 Jindrich Novy 7.18.2-8 +- use improved NSS patch, thanks to Rob Crittenden (#472489) + +* Tue Sep 09 2008 Jindrich Novy 7.18.2-7 +- update the thread safety patch, thanks to Rob Crittenden (#462217) + +* Wed Sep 03 2008 Warren Togami 7.18.2-6 +- add thread safety to libcurl NSS cleanup() functions (#459297) + +* Fri Aug 22 2008 Tom "spot" Callaway 7.18.2-5 +- undo mini libcurl.so.3 + +* Mon Aug 11 2008 Tom "spot" Callaway 7.18.2-4 +- make miniature library for libcurl.so.3 + +* Fri Jul 4 2008 Jindrich Novy 7.18.2-3 +- enable support for libssh2 (#453958) + +* Wed Jun 18 2008 Jindrich Novy 7.18.2-2 +- fix curl_multi_perform() over a proxy (#450140), thanks to + Rob Crittenden + +* Wed Jun 4 2008 Jindrich Novy 7.18.2-1 +- update to 7.18.2 + +* Wed May 7 2008 Jindrich Novy 7.18.1-2 +- spec cleanup, thanks to Paul Howarth (#225671) + - drop BR: libtool + - convert CHANGES and README to UTF-8 + - _GNU_SOURCE in CFLAGS is no more needed + - remove bogus rpath + +* Mon Mar 31 2008 Jindrich Novy 7.18.1-1 +- update to curl 7.18.1 (fixes #397911) +- add ABI docs for libcurl +- remove --static-libs from curl-config +- drop curl-config patch, obsoleted by @SSL_ENABLED@ autoconf + substitution (#432667) + +* Fri Feb 15 2008 Jindrich Novy 7.18.0-2 +- define _GNU_SOURCE so that NI_MAXHOST gets defined from glibc + +* Mon Jan 28 2008 Jindrich Novy 7.18.0-1 +- update to curl-7.18.0 +- drop sslgen patch -> applied upstream +- fix typo in description + +* Tue Jan 22 2008 Jindrich Novy 7.17.1-6 +- fix curl-devel obsoletes so that we don't break F8->F9 upgrade + path (#429612) + +* Tue Jan 8 2008 Jindrich Novy 7.17.1-5 +- do not attempt to close a bad socket (#427966), + thanks to Caolan McNamara + +* Tue Dec 4 2007 Jindrich Novy 7.17.1-4 +- rebuild because of the openldap soname bump +- remove old nsspem patch + +* Fri Nov 30 2007 Jindrich Novy 7.17.1-3 +- drop useless ldap library detection since curl doesn't + dlopen()s it but links to it -> BR: openldap-devel +- enable LDAPS support (#225671), thanks to Paul Howarth +- BR: krb5-devel to reenable GSSAPI support +- simplify build process +- update description + +* Wed Nov 21 2007 Jindrich Novy 7.17.1-2 +- update description to contain complete supported servers list (#393861) + +* Sat Nov 17 2007 Jindrich Novy 7.17.1-1 +- update to curl 7.17.1 +- include patch to enable SSL usage in NSS when a socket is opened + nonblocking, thanks to Rob Crittenden (rcritten@redhat.com) + +* Wed Oct 24 2007 Jindrich Novy 7.16.4-10 +- correctly provide/obsolete curl-devel (#130251) + +* Wed Oct 24 2007 Jindrich Novy 7.16.4-9 +- create libcurl and libcurl-devel subpackages (#130251) + +* Thu Oct 11 2007 Jindrich Novy 7.16.4-8 +- list features correctly when curl is compiled against NSS (#316191) + +* Mon Sep 17 2007 Jindrich Novy 7.16.4-7 +- add zlib-devel BR to enable gzip compressed transfers in curl (#292211) + +* Mon Sep 10 2007 Jindrich Novy 7.16.4-6 +- provide webclient (#225671) + +* Thu Sep 6 2007 Jindrich Novy 7.16.4-5 +- add support for the NSS PKCS#11 pem reader so the command-line is the + same for both OpenSSL and NSS by Rob Crittenden (rcritten@redhat.com) +- switch to NSS again + +* Mon Sep 3 2007 Jindrich Novy 7.16.4-4 +- revert back to use OpenSSL (#266021) + +* Mon Aug 27 2007 Jindrich Novy 7.16.4-3 +- don't use openssl, use nss instead + +* Fri Aug 10 2007 Jindrich Novy 7.16.4-2 +- fix anonymous ftp login (#251570), thanks to David Cantrell + +* Wed Jul 11 2007 Jindrich Novy 7.16.4-1 +- update to 7.16.4 + +* Mon Jun 25 2007 Jindrich Novy 7.16.3-1 +- update to 7.16.3 +- drop .print patch, applied upstream +- next series of merge review fixes by Paul Howarth +- remove aclocal stuff, no more needed +- simplify makefile arguments +- don't reference standard library paths in libcurl.pc +- include docs/CONTRIBUTE + +* Mon Jun 18 2007 Jindrich Novy 7.16.2-5 +- don't print like crazy (#236981), backported from upstream CVS + +* Fri Jun 15 2007 Jindrich Novy 7.16.2-4 +- another series of review fixes (#225671), + thanks to Paul Howarth +- check version of ldap library automatically +- don't use %%makeinstall and preserve timestamps +- drop useless patches + +* Fri May 11 2007 Jindrich Novy 7.16.2-3 +- add automake BR to curl-devel to fix aclocal dir. ownership, + thanks to Patrice Dumas + +* Thu May 10 2007 Jindrich Novy 7.16.2-2 +- package libcurl.m4 in curl-devel (#239664), thanks to Quy Tonthat + +* Wed Apr 11 2007 Jindrich Novy 7.16.2-1 +- update to 7.16.2 + +* Mon Feb 19 2007 Jindrich Novy 7.16.1-3 +- don't create/ship static libraries (#225671) + +* Mon Feb 5 2007 Jindrich Novy 7.16.1-2 +- merge review related spec fixes (#225671) + +* Mon Jan 29 2007 Jindrich Novy 7.16.1-1 +- update to 7.16.1 + +* Tue Jan 16 2007 Jindrich Novy 7.16.0-5 +- don't package generated makefiles for docs/examples to avoid + multilib conflicts + +* Mon Dec 18 2006 Jindrich Novy 7.16.0-4 +- convert spec to UTF-8 +- don't delete BuildRoot in %%prep phase +- rpmlint fixes + +* Thu Nov 16 2006 Jindrich Novy -7.16.0-3 +- prevent curl from dlopen()ing missing ldap libraries so that + ldap:// requests work (#215928) + +* Tue Oct 31 2006 Jindrich Novy - 7.16.0-2 +- fix BuildRoot +- add Requires: pkgconfig for curl-devel +- move LDFLAGS and LIBS to Libs.private in libcurl.pc.in (#213278) + +* Mon Oct 30 2006 Jindrich Novy - 7.16.0-1 +- update to curl-7.16.0 + +* Thu Aug 24 2006 Jindrich Novy - 7.15.5-1.fc6 +- update to curl-7.15.5 +- use %%{?dist} + +* Fri Jun 30 2006 Ivana Varekova - 7.15.4-1 +- update to 7.15.4 + +* Mon Mar 20 2006 Ivana Varekova - 7.15.3-1 +- fix multilib problem using pkg-config +- update to 7.15.3 + +* Thu Feb 23 2006 Ivana Varekova - 7.15.1-2 +- fix multilib problem - #181290 - + curl-devel.i386 not installable together with curl-devel.x86-64 + +* Fri Feb 10 2006 Jesse Keating - 7.15.1-1.2.1 +- bump again for double-long bug on ppc(64) + +* Tue Feb 07 2006 Jesse Keating - 7.15.1-1.2 +- rebuilt for new gcc4.1 snapshot and glibc changes + +* Fri Dec 09 2005 Jesse Keating +- rebuilt + +* Thu Dec 8 2005 Ivana Varekova 7.15.1-1 +- update to 7.15.1 (bug 175191) + +* Wed Nov 30 2005 Ivana Varekova 7.15.0-3 +- fix curl-config bug 174556 - missing vernum value + +* Wed Nov 9 2005 Ivana Varekova 7.15.0-2 +- rebuilt + +* Tue Oct 18 2005 Ivana Varekova 7.15.0-1 +- update to 7.15.0 + +* Thu Oct 13 2005 Ivana Varekova 7.14.1-1 +- update to 7.14.1 + +* Thu Jun 16 2005 Ivana Varekova 7.14.0-1 +- rebuild new version + +* Tue May 03 2005 Ivana Varekova 7.13.1-3 +- fix bug 150768 - curl-7.12.3-2 breaks basic authentication + used Daniel Stenberg patch + +* Mon Apr 25 2005 Joe Orton 7.13.1-2 +- update to use ca-bundle in /etc/pki +- mark License as MIT not MPL + +* Wed Mar 9 2005 Ivana Varekova 7.13.1-1 +- rebuilt (7.13.1) + +* Tue Mar 1 2005 Tomas Mraz 7.13.0-2 +- rebuild with openssl-0.9.7e + +* Sun Feb 13 2005 Florian La Roche +- 7.13.0 + +* Wed Feb 9 2005 Joe Orton 7.12.3-3 +- don't pass /usr to --with-libidn to remove "-L/usr/lib" from + 'curl-config --libs' output on x86_64. + +* Fri Jan 28 2005 Adrian Havill 7.12.3-1 +- Upgrade to 7.12.3, which uses poll() for FDSETSIZE limit (#134794) +- require libidn-devel for devel subpkg (#141341) +- remove proftpd kludge; included upstream + +* Wed Oct 06 2004 Adrian Havill 7.12.1-1 +- upgrade to 7.12.1 +- enable GSSAPI auth (#129353) +- enable I18N domain names (#134595) +- workaround for broken ProFTPD SSL auth (#134133). Thanks to + Aleksandar Milivojevic + +* Wed Sep 29 2004 Adrian Havill 7.12.0-4 +- move new docs position so defattr gets applied + +* Mon Sep 27 2004 Warren Togami 7.12.0-3 +- remove INSTALL, move libcurl docs to -devel + +* Mon Jul 26 2004 Jindrich Novy +- updated to 7.12.0 +- updated nousr patch + +* Tue Jun 15 2004 Elliot Lee +- rebuilt + +* Wed Apr 07 2004 Adrian Havill 7.11.1-1 +- upgraded; updated nousr patch +- added COPYING (#115956) +- + +* Tue Mar 02 2004 Elliot Lee +- rebuilt + +* Fri Feb 13 2004 Elliot Lee +- rebuilt + +* Sat Jan 31 2004 Florian La Roche +- update to 7.10.8 +- remove patch2, already upstream + +* Wed Oct 15 2003 Adrian Havill 7.10.6-7 +- aclocal before libtoolize +- move OpenLDAP license so it's present as a doc file, present in + both the source and binary as per conditions + +* Mon Oct 13 2003 Adrian Havill 7.10.6-6 +- add OpenLDAP copyright notice for usage of code, add OpenLDAP + license for this code + +* Tue Oct 07 2003 Adrian Havill 7.10.6-5 +- match serverAltName certs with SSL (#106168) + +* Tue Sep 16 2003 Adrian Havill 7.10.6-4.1 +- bump n-v-r for RHEL + +* Tue Sep 16 2003 Adrian Havill 7.10.6-4 +- restore ca cert bundle (#104400) +- require openssl, we want to use its ca-cert bundle + +* Sun Sep 7 2003 Joe Orton 7.10.6-3 +- rebuild + +* Fri Sep 5 2003 Joe Orton 7.10.6-2.2 +- fix to include libcurl.so + +* Mon Aug 25 2003 Adrian Havill 7.10.6-2.1 +- bump n-v-r for RHEL + +* Mon Aug 25 2003 Adrian Havill 7.10.6-2 +- devel subpkg needs openssl-devel as a Require (#102963) + +* Mon Jul 28 2003 Adrian Havill 7.10.6-1 +- bumped version + +* Tue Jul 01 2003 Adrian Havill 7.10.5-1 +- bumped version + +* Wed Jun 04 2003 Elliot Lee +- rebuilt + +* Sat Apr 12 2003 Florian La Roche +- update to 7.10.4 +- adapt nousr patch + +* Wed Jan 22 2003 Tim Powers +- rebuilt + +* Tue Jan 21 2003 Joe Orton 7.9.8-4 +- don't add -L/usr/lib to 'curl-config --libs' output + +* Tue Jan 7 2003 Nalin Dahyabhai 7.9.8-3 +- rebuild + +* Wed Nov 6 2002 Joe Orton 7.9.8-2 +- fix `curl-config --libs` output for libdir!=/usr/lib +- remove docs/LIBCURL from docs list; remove unpackaged libcurl.la +- libtoolize and reconf + +* Mon Jul 22 2002 Trond Eivind Glomsrød 7.9.8-1 +- 7.9.8 (# 69473) + +* Fri Jun 21 2002 Tim Powers +- automated rebuild + +* Sun May 26 2002 Tim Powers +- automated rebuild + +* Thu May 16 2002 Trond Eivind Glomsrød 7.9.7-1 +- 7.9.7 + +* Wed Apr 24 2002 Trond Eivind Glomsrød 7.9.6-1 +- 7.9.6 + +* Thu Mar 21 2002 Trond Eivind Glomsrød 7.9.5-2 +- Stop the curl-config script from printing -I/usr/include + and -L/usr/lib (#59497) + +* Fri Mar 8 2002 Trond Eivind Glomsrød 7.9.5-1 +- 7.9.5 + +* Tue Feb 26 2002 Trond Eivind Glomsrød 7.9.3-2 +- Rebuild + +* Wed Jan 23 2002 Nalin Dahyabhai 7.9.3-1 +- update to 7.9.3 + +* Wed Jan 09 2002 Tim Powers 7.9.2-2 +- automated rebuild + +* Wed Jan 9 2002 Trond Eivind Glomsrød 7.9.2-1 +- 7.9.2 + +* Fri Aug 17 2001 Nalin Dahyabhai +- include curl-config in curl-devel +- update to 7.8 to fix memory leak and strlcat() symbol pollution from libcurl + +* Wed Jul 18 2001 Crutcher Dunnavant +- added openssl-devel build req + +* Mon May 21 2001 Tim Powers +- built for the distro + +* Tue Apr 24 2001 Jeff Johnson +- upgrade to curl-7.7.2. +- enable IPv6. + +* Fri Mar 2 2001 Tim Powers +- rebuilt against openssl-0.9.6-1 + +* Thu Jan 4 2001 Tim Powers +- fixed mising ldconfigs +- updated to 7.5.2, bug fixes + +* Mon Dec 11 2000 Tim Powers +- updated to 7.5.1 + +* Mon Nov 6 2000 Tim Powers +- update to 7.4.1 to fix bug #20337, problems with curl -c +- not using patch anymore, it's included in the new source. Keeping + for reference + +* Fri Oct 20 2000 Nalin Dahyabhai +- fix bogus req in -devel package + +* Fri Oct 20 2000 Tim Powers +- devel package needed defattr so that root owns the files + +* Mon Oct 16 2000 Nalin Dahyabhai +- update to 7.3 +- apply vsprintf/vsnprintf patch from Colin Phipps via Debian + +* Mon Aug 21 2000 Nalin Dahyabhai +- enable SSL support +- fix packager tag +- move buildroot to %%{_tmppath} + +* Tue Aug 1 2000 Tim Powers +- fixed vendor tag for bug #15028 + +* Mon Jul 24 2000 Prospector +- rebuilt + +* Tue Jul 11 2000 Tim Powers +- workaround alpha build problems with optimizations + +* Mon Jul 10 2000 Tim Powers +- rebuilt + +* Mon Jun 5 2000 Tim Powers +- put man pages in correct place +- use %%makeinstall + +* Mon Apr 24 2000 Tim Powers +- updated to 6.5.2 + +* Wed Nov 3 1999 Tim Powers +- updated sources to 6.2 +- gzip man page + +* Mon Aug 30 1999 Tim Powers +- changed group + +* Thu Aug 26 1999 Tim Powers +- changelog started +- general cleanups, changed prefix to /usr, added manpage to files section +- including in Powertools diff --git a/mykey.asc b/mykey.asc deleted file mode 100644 index 0c77721..0000000 --- a/mykey.asc +++ /dev/null @@ -1,77 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v2 - -mQGiBD6tnnoRBACRPnFBVoapBrTpPrCNZ2rq3DcmW6n/soQJW47+zP+vcrcxQ1WJ -QiWSzLGO+QOIUZSYfnliR22r8HkFX9EUSW3IAcRMJMsaO3wMJ0a+78a9QqWLp6RV -0arcQkuuCvG79h+yJ6NnoAXe1geRt8vNGsaWtsS91CtYlTSs6JVtaRLnYwCg/Ly1 -EFgvNZ6SJRc/8I5rRv0lrz8D/0goih2kZ5z4SI+r2hgABNcN7g565YwGKaQDbIch -soh3OBzgETWc3wuAZqmCzQXPXMpMx+ziqX6XDzDKNiGL1CdrBJQd0II8UutWVDje -f9UxLfo02YQ8diGYeq0u9k1RezC13w4TVUmQfg0Uqn4xM6DNzO1O6yCK8rlNwsvL -gHNJA/9m1pfzjpvdxtmJNKRU3C4cRCjXhxNdM7laSEj0/wOGaR2QWWEge51orWwo -SLQUIe4BDPvtRStQHC+tI7qr7d12rMMEBXviJC5EkGBOzlgWr9virjM/u/pkGMc2 -m5r3pVuWH/JSsHsV952y2kWP64uP4zdLXOpVzX/xs0sYJ9nOPLQnRGFuaWVsIFN0 -ZW5iZXJnIChIYXh4KSA8ZGFuaWVsQGhheHguc2U+iF4EExECAB4CHgECF4AFAlQU -ki4FCwkIBwMFFQoJCAsFFgIDAQAACgkQeOEcayedXJEOOwCggCsNHdAQPAlPte3w -i2IZEekkM0YAoOXXPFAWjUwIHjZY41l7WgzACbANiFkEExECABkFAj6tnnoECwcD -AgMVAgMDFgIBAh4BAheAAAoJEHjhHGsnnVyRjngAoO1y3LoSOEgD8vR062cdYDmv -jLvVAJ0dmp1UiuQp+oMyq2VbWyw8LXN1XLkBDQQ+rZ59EAQAmYsA8gPjJ75gOIPb -XNg9Z31QzIz65qS9XdNsFNAdKxnY4b72nhc0oaS9/7Dcdf2Q+1mDa2p72DWk+9iz -7knmBL++csBP2z9eMe5h8oV53prqNOHDHyL3WLOa25ga9381gZnzWoQME74iSBBM -wDw8vbLEgIZ34JaQ7Oe+9N3+6n8AAwcD/Av+Ms+3gCc5pLp4nx36qqi36fodaG9+ -dwIcMbr9bivEtjmDHeuPsD6X1J9+Y/ikUBIDpMPv33lJxLoubOtpLhEuN2XN/ojT -rueVPDKA1f+GyfHnyfpf/78IgX1hGVqu/3RBWKPpXFwSZA4q8vFR+FaPC5WbU68t -FLJpYuC9ZO/LiEYEGBECAAYFAj6tnn0ACgkQeOEcayedXJGtPQCgxrbd59afemZ9 -OIadZD8kUGC29dUAoJ94aGUkWCwoEiPyEZRGXv9XRlfxmQENBFcGhyIBCAC79AIx -5hHixKmNtqbryuZTDwlt9XXkEn/QSrQD3pzgbsbBiWyqOV4hfscvtmoqA7koOw4h -zZ/b8pJPA36eNzqMFIbkWpIit/BwA5bTKRkKXeD2kBFkjIN+iDuXawwhv7eNKH9O -poAUe0K/esK/kvbMO721q24IgkOjB1Vtr/Y4Xkg7+VWVP0LFh7C/2Nwq6n2bktsA -Ey9uCDD1hl8BdckN/XxpuUqSfxbF85GvYzzON67zOxxo6jqRXXcJ2PdPq0o9Ak0d -6Fe7g9ZxOAeuYEbFTCZHBBccx84K0Bhn5tpqoq8Mq3f3mZfGBoe4J6wr17cxEDC8 -tTHUpDqk0CoLERUxABEBAAG0IERhbmllbCBTdGVuYmVyZyA8ZGFuaWVsQGhheHgu -c2U+iQE3BBMBCgAhBQJXBociAhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJ -EPn+r/nTShvbHoAIAJDwb7dcAX4VGPa2oSuQqVnHsjDE7g8ATmcZq2IAzAG6bZg1 -svuhNyPQnL7kNrsz6Ew+yE4vH8mOjDUbc3feY4MzmtEMaB6VS0Xlna6cdtWkv4Y+ -Us4TuYSdftPZuZgI3nN/sXLlxWJCZgCPJJaGM6dXgyTFatk2P1LE98Qif7+ZMqfv -+BA5L6cy2cAwJ5qbvLtuT25rTxooN54JETfwdhUD1NEIqTQxeC4E5lFvwedjAjLh -Gswau8WMCdM/HzGbuQ9Gp3/RafYoAvMV6r6sskvUrWubCHj0u+uNgOpUHvlrwcFg -rBirzQdElumCWqbJVCH0V5NcP/zSz1U1W8wSRqS5AQ0EVwaHIgEIALyCqpnax0cL -y7EK3UiU2Kkryb7LPsZkia9hTcIZjNg0B8XAdqDYpHiquYtX0cz5I1sSZMBJ/xJP -BF2ce/bmOTJtyW3GaF9a+M2zboZSzx9nlv9xx0o3bXBrBlL2vaG2TW+x2G53GA0/ -0chbj35PR+fvJx8ob/fHwCkfzGb1qCzwovhwGVUNHqI5bxK/xVwXfiycbllE3Hmf -09BGeXKR7gQtaal8byKKlqCtayteEaPNQt6czYxZkVAOvY4ZDQKSZJUNwGFog3bG -6rHr1J/0un6nAvX+wMuvRkUDiQxZZCel7e0Qcg3gPrYh+adlr0Tn7wyCP7/BULz8 -67fQfzc2ENkAEQEAAYkBHwQYAQoACQUCVwaHIgIbDAAKCRD5/q/500ob27KaB/9H -a+iDip6mxFdoqy7TAefBy7KgbMQxxT926IcFqf70aJDzeVQI3lGCqN9GW03d+wPr -LoyeQBQKNxxfQ9fEOvp1AXGWFIYYtEZIvQBpIqaSaA7W5IzqfDuO9xG89DNn8zKK -nh/mbYJov/fywhBU6JH7bqdFSHbqoG9TY64s0BkV6shIVOubXLSG5G7LxXhw+xrb -0zl4ie2wCeCBOLdbGHc+o2sKo1rBEz6UBK2DesPfkzxBO7lfa9HTcN03UJPHXmzb -2mCbeFV8yPsTAoaGv4qZH1+FX+9Lv374xTSXa4CjQzSxd0dkZGG+YQjocoPftgsC -OVsiqW0WhRVIEJ+hBAMUmQENBFcGiPEBCAC7sCnaZqWxfXNgBC7P28BSDUs9w4y/ -PEFsOv9bpgbgZagX1FnhG0eV71nm0p8v9T8Bft1eXaBd977Dq9pgk5qKO0xZo8fC -8prFqB5db7fMUvPZCuJTTb6lGMz4OdfT6aHqUvJ+LFF1mKn8Eqt1Q4snHGSL1PI3 -/+435qDRQsU15GdYrj1waNJKk79aes9oguaI2/OTQqzIcOFK5tJjlSOD1ryOIH1e -8vD+5MMpGvsRxv3sQHeTZkfZbkzSLFg/LKpoiQkyql1+BLNhBYq8oaE/jlvQrTEk -bAyKpMScdyHwmkWWKjyZtXTrAtlComnki4yC2lAV9MXINHHvNJBcIXvVABEBAAG0 -IERhbmllbCBTdGVuYmVyZyA8ZGFuaWVsQGhheHguc2U+iQE3BBMBCgAhBQJXBojx -AhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEFzJCP23HhLCOKkH/1CyoKiN -2PCgTlWoYQspv/AAmsj+cFwZobI167KowA+o3zxQqxg0MV3ds8G+iig9OIuYurlQ -L5Jr3CbDltaiXdWtVteRh/VKp61EwyXq77vjJbx81hvOuaXWWLSlU0KB3w7Hj6aD -/mt16DpOcY9Aw90mKyvafRTqMF7TcT7J5HeGn2NL45dPkAhiMDEgEnw9yBTxK/x6 -UoQGPgiOWxSSN7Foj3mhUOflp8W0rnkLbJ4icpym6WuLKRMKAefDvk8GVlAWuXAb -9gloL1P6u3uNHllq/IODR2bZUBI0QNKhvt0iSj7WKsc/kaqscl+AE9jd/6kXd6vh -TNFWdzeco/2mGlaIRgQQEQoABgUCVwaJ/AAKCRB44RxrJ51ckWcaAKCJ6+arS/3k -IMcO14Jz8dVf2BH3OACgwTenVSsK66qi+VfGCoALpzpiLDO5AQ0EVwaI8QEIAOxQ -AEvF3idxcn80tbUhJg1J98fAS7Hx3WhlFG74uAikZQl1KZrprBu70RWTb7Nm1tvZ -eXW65IlY7kk42bhfYDs1JrIPWOWKvVwKWDxoEbYgW/yvy1TOuXH276zbxLl5OEE8 -sQuOfXZsFSX2IPF9hsgNGaNzor8Ke7Y5BuCQLcGZWW5dLFbbKRKjXG8CaWmsJVoI -c2nyXCAss2q9oCJ13X/5z+Ei392rwi1d3NxAYkSiDQan+fkWkCvZH+dHmFjQ1AND -KielxcW1VfilK1hu9ziBBDf8TCEud/q0woIAH7rvIft4i3CqjymonByE4/OjfH8j -4EteQ8qoknMCjjwNVqkAEQEAAYkBHwQYAQoACQUCVwaI8QIbDAAKCRBcyQj9tx4S -wupjB/9TV4anbZK58bN7QJ5qGnU3GNjlvWFZXMw1u1xVc7abDJyqmFeJcJ4qLUkv -BA0OsvlVnMWmeCmzsXhlQVM4Bv6IWyr7JBWgkK5q2CWVB59V7v7znf5kWnMGFhDF -PlLsGbxDWLMoZGH+Iy84whMJFgferwCJy1dND/bHXPztfhvFXi8NNlJUFJa8Xtmu -gm78C+nwNHcFpVC70HPr3oa8U1ODXMp7L8W/dL3eLYXmRCNd0urHgYrzDt6V/zf5 -ymvPk5w4HBocn2oRCJj/FXKhFAUptmpTE3g1yvYULmuFcNGAnPAExmAmd6NqsCmb -j/qx4ytjt5uxt6Jm6IXV9cry8i6x -=Phs/ ------END PGP PUBLIC KEY BLOCK----- diff --git a/sources b/sources index 002e494..aea53b9 100644 --- a/sources +++ b/sources @@ -1,2 +1 @@ -SHA512 (curl-8.18.0.tar.xz) = 50c7a7b0528e0019697b0c59b3e56abb2578c71d77e4c085b56797276094b5611718c0a9cb2b14db7f8ab502fcf8f42a364297a3387fae3870a4d281484ba21c -SHA512 (curl-8.18.0.tar.xz.asc) = 07e08d1bb3f8bf20b3d22f37fbc19c49c0d9ee4ea9d92da76fa8a9de343023e1b5d416ccc6535a4ff98b08b30eb9334fd856227e37564f6bcd542aa81bced152 +SHA512 (curl-7.66.0.tar.xz) = 81170e7e4fa9d99ee2038d96d7f2ab10dcf52435331c818c7565c1a733891720f845a08029915e52ba532c6a344c346e1678474624aac1cc333aea6d1eacde35 diff --git a/tests/non-root-user-download/Makefile b/tests/non-root-user-download/Makefile new file mode 100644 index 0000000..9746b63 --- /dev/null +++ b/tests/non-root-user-download/Makefile @@ -0,0 +1,63 @@ +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Makefile of /CoreOS/curl/Sanity/non-root-user-download +# Description: various download methods with non-root user +# Author: Karel Srot +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +export TEST=/CoreOS/curl/Sanity/non-root-user-download +export TESTVERSION=1.0 + +BUILT_FILES= + +FILES=$(METADATA) runtest.sh Makefile PURPOSE + +.PHONY: all install download clean + +run: $(FILES) build + ./runtest.sh + +build: $(BUILT_FILES) + test -x runtest.sh || chmod a+x runtest.sh + +clean: + rm -f *~ $(BUILT_FILES) + + +include /usr/share/rhts/lib/rhts-make.include + +$(METADATA): Makefile + @echo "Owner: Karel Srot " > $(METADATA) + @echo "Name: $(TEST)" >> $(METADATA) + @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) + @echo "Path: $(TEST_DIR)" >> $(METADATA) + @echo "Description: various download methods with non-root user" >> $(METADATA) + @echo "Type: Sanity" >> $(METADATA) + @echo "TestTime: 5m" >> $(METADATA) + @echo "RunFor: curl" >> $(METADATA) + @echo "Requires: curl" >> $(METADATA) + @echo "Priority: Normal" >> $(METADATA) + @echo "License: GPLv2" >> $(METADATA) + @echo "Confidential: no" >> $(METADATA) + @echo "Destructive: no" >> $(METADATA) + + rhts-lint $(METADATA) diff --git a/tests/non-root-user-download/PURPOSE b/tests/non-root-user-download/PURPOSE new file mode 100644 index 0000000..048ed68 --- /dev/null +++ b/tests/non-root-user-download/PURPOSE @@ -0,0 +1,3 @@ +PURPOSE of /CoreOS/curl/Sanity/non-root-user-download +Description: various download methods with non-root user +Author: Karel Srot diff --git a/tests/non-root-user-download/main.fmf b/tests/non-root-user-download/main.fmf deleted file mode 100644 index 2e3980f..0000000 --- a/tests/non-root-user-download/main.fmf +++ /dev/null @@ -1,18 +0,0 @@ -summary: various download methods with non-root user -description: '' -contact: Daniel Rusek -component: - - curl -require: - - findutils - - libselinux-utils - - openssh-clients - - openssh-server - - passwd -test: ./runtest.sh -framework: beakerlib -duration: 5m -enabled: true -tier: '1' -link: - - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1049921 diff --git a/tests/non-root-user-download/runtest.sh b/tests/non-root-user-download/runtest.sh old mode 100755 new mode 100644 index 0d72276..1b5f8f1 --- a/tests/non-root-user-download/runtest.sh +++ b/tests/non-root-user-download/runtest.sh @@ -27,13 +27,14 @@ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # Include Beaker environment +. /usr/bin/rhts-environment.sh || exit 1 . /usr/share/beakerlib/beakerlib.sh || exit 1 PACKAGE="curl" -FTP_URL=ftp://ftp.fi.muni.cz/pub/linux/fedora/linux/releases/42/Everything/x86_64/iso/Fedora-Everything-42-1.1-x86_64-CHECKSUM -HTTP_URL=https://archives.fedoraproject.org/pub/fedora/linux/releases/42/Everything/x86_64/iso/Fedora-Everything-42-1.1-x86_64-CHECKSUM -CONTENT=1bd6ab4798983c2fe4a210f9c4ca135fed453d6142ba852c1f8d5fba22e113ab +FTP_URL=ftp://ftp.scientificlinux.org/linux/fedora/releases/18/Live/x86_64/Fedora-18-x86_64-Live-CHECKSUM +HTTP_URL=https://archives.fedoraproject.org/pub/archive/fedora/linux/releases/18/Live/x86_64/Fedora-18-x86_64-Live-CHECKSUM +CONTENT=a276e06d244e04b765f0a35532d9036ad84f340b0bdcc32e0233a8fbc31d5bed PASSWORD=pAssw0rd OPTIONS="" rlIsRHEL 7 && OPTIONS="--insecure" @@ -46,11 +47,9 @@ rlJournalStart rlRun "useradd -m curltester" 0 "Adding the test user" rlRun "echo $PASSWORD | passwd --stdin curltester" 0 "Setting the password for the test user" rlRun "su - curltester -c 'echo $CONTENT > ~/testfile'" 0 "Creating ~curltester/testfile" - rlFileBackup --clean --missing-ok $HOME/.ssh /etc/hosts - rlRun "rm -f $HOME/.ssh/*" [ -d $HOME/.ssh ] || ( mkdir $HOME/.ssh && restorecon HOME/.ssh ) - rlRun "rlServiceStart sshd" - rlRun "ssh-keyscan localhost >> $HOME/.ssh/known_hosts" + rlFileBackup $HOME/.ssh/known_hosts /etc/hosts + ssh-keygen -F localhost -f $HOME/.ssh/known_hosts || rlRun "ssh-keyscan localhost >> $HOME/.ssh/known_hosts" rlPhaseEnd rlPhaseStartTest "http download" @@ -83,7 +82,7 @@ if ! rlIsRHEL 5; then fi rlPhaseStartCleanup - rlRun "rlServiceRestore" + rlRun "rm -f $HOME/.ssh/known_hosts" rlFileRestore rlRun "popd" rlRun "rm -r $TmpDir" 0 "Removing tmp directory" diff --git a/tests/non-root-user-download/runtest.yml b/tests/non-root-user-download/runtest.yml new file mode 100644 index 0000000..c03e729 --- /dev/null +++ b/tests/non-root-user-download/runtest.yml @@ -0,0 +1,64 @@ +- hosts: '{{ hosts | default("localhost") }}' + vars: + package: "curl" + tasks: + - name: "Set Content variables" + set_fact: + content: "a276e06d244e04b765f0a35532d9036ad84f340b0bdcc32e0233a8fbc31d5bed" + password: "pAssw0rd" + crypt_password: "$6$/5GE87XLYLLfB3qx$w84Kct34UZG/4buTSXWkaaVIsw2xGXSAdmnS2QYdG8TtRgTsBnHdFdSkhoy.tKIE6A6LKlxczIZjQbpB19k7B1" + - name: "Create user curltester" + user: + name: "curltester" + password: "{{ crypt_password }}" + - name: "Copy testfile" + copy: + dest: "/home/curltester/testfile" + content: "{{ content }}" + - block: + - name: "http download" + command: "curl https://archives.fedoraproject.org/pub/archive/fedora/linux/releases/18/Live/x86_64/Fedora-18-x86_64-Live-CHECKSUM" + args: + warn: false + register: http + become: yes + become_user: curltester + - name: "Compare http output" + fail: + msg: "{{ content }} not in {{ http.stdout }}" + when: content not in http.stdout + - name: "ftp download" + command: "curl ftp://ftp.scientificlinux.org/linux/fedora/releases/18/Live/x86_64/Fedora-18-x86_64-Live-CHECKSUM" + args: + warn: false + register: ftp + become: yes + become_user: curltester + - name: "Compare ftp output" + fail: + msg: "{{ content }} not in {{ ftp.stdout }}" + when: content not in ftp.stdout + - name: "scp download" + command: "curl -u curltester:{{ password }} --insecure scp://localhost/home/curltester/testfile" + args: + warn: false + register: scp + - name: "Compare scp output" + fail: + msg: "{{ content }} not in {{ scp.stdout }}" + when: content not in scp.stdout + - name: "sftp download" + command: "curl -u curltester:{{ password }} --insecure sftp://localhost/home/curltester/testfile" + args: + warn: false + register: sftp + - name: "Compare sftp output" + fail: + msg: "{{ content }} not in {{ sftp.stdout }}" + when: content not in sftp.stdout + always: + - name: "Remove user curltester" + user: + name: "curltester" + remove: yes + state: absent diff --git a/tests/scp-and-sftp-download-test/Makefile b/tests/scp-and-sftp-download-test/Makefile new file mode 100644 index 0000000..b4d1c52 --- /dev/null +++ b/tests/scp-and-sftp-download-test/Makefile @@ -0,0 +1,63 @@ +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Makefile of /CoreOS/curl/Sanity/scp-and-sftp-download-test +# Description: downloads test file through scp and sftp +# Author: Karel Srot +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2012 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +export TEST=/CoreOS/curl/Sanity/scp-and-sftp-download-test +export TESTVERSION=1.0 + +BUILT_FILES= + +FILES=$(METADATA) runtest.sh Makefile PURPOSE + +.PHONY: all install download clean + +run: $(FILES) build + ./runtest.sh + +build: $(BUILT_FILES) + test -x runtest.sh || chmod a+x runtest.sh + +clean: + rm -f *~ $(BUILT_FILES) + + +include /usr/share/rhts/lib/rhts-make.include + +$(METADATA): Makefile + @echo "Owner: Karel Srot " > $(METADATA) + @echo "Name: $(TEST)" >> $(METADATA) + @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) + @echo "Path: $(TEST_DIR)" >> $(METADATA) + @echo "Description: downloads test file through scp and sftp" >> $(METADATA) + @echo "Type: Sanity" >> $(METADATA) + @echo "TestTime: 10m" >> $(METADATA) + @echo "RunFor: curl" >> $(METADATA) + @echo "Requires: curl openssh" >> $(METADATA) + @echo "Priority: Normal" >> $(METADATA) + @echo "License: GPLv2" >> $(METADATA) + @echo "Confidential: no" >> $(METADATA) + @echo "Destructive: no" >> $(METADATA) + + rhts-lint $(METADATA) diff --git a/tests/scp-and-sftp-download-test/PURPOSE b/tests/scp-and-sftp-download-test/PURPOSE new file mode 100644 index 0000000..03adc4c --- /dev/null +++ b/tests/scp-and-sftp-download-test/PURPOSE @@ -0,0 +1,12 @@ +PURPOSE of /CoreOS/curl/Sanity/scp-and-sftp-download-test +Description: downloads test file through scp and sftp +Author: Karel Srot + +Test scenario: +- scp download +- sftp download +- scp upload +- sftp upload + +When PUBKEY_PARAM global variable is set to 'empty' or 'none', scenarios are executed +with empty --pubkey parameter (--pubkey "") or with the paramiter omitted diff --git a/tests/scp-and-sftp-download-test/main.fmf b/tests/scp-and-sftp-download-test/main.fmf deleted file mode 100644 index b69aff6..0000000 --- a/tests/scp-and-sftp-download-test/main.fmf +++ /dev/null @@ -1,20 +0,0 @@ -summary: downloads test file through scp and sftp -description: | - Test scenario: - - scp download - - sftp download - - scp upload - - sftp upload - - When PUBKEY_PARAM global variable is set to 'empty' or 'none', scenarios are executed - with empty --pubkey parameter (--pubkey "") or with the paramiter omitted -contact: Daniel Rusek -require: - - findutils -component: - - curl -test: ./runtest.sh -path: /tests/scp-and-sftp-download-test -framework: beakerlib -duration: 10m -enabled: true diff --git a/tests/scp-and-sftp-download-test/runtest.sh b/tests/scp-and-sftp-download-test/runtest.sh old mode 100755 new mode 100644 index 9cf9a2c..6e5d748 --- a/tests/scp-and-sftp-download-test/runtest.sh +++ b/tests/scp-and-sftp-download-test/runtest.sh @@ -27,7 +27,8 @@ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # Include Beaker environment -. /usr/share/beakerlib/beakerlib.sh || exit 1 +. /usr/bin/rhts-environment.sh +. /usr/lib/beakerlib/beakerlib.sh PACKAGE="curl" diff --git a/tests/tests.yml b/tests/tests.yml new file mode 100644 index 0000000..819d636 --- /dev/null +++ b/tests/tests.yml @@ -0,0 +1,26 @@ +--- +# Tests for Classic +- hosts: localhost + roles: + - role: standard-test-beakerlib + tags: + - classic + tests: + - scp-and-sftp-download-test + - non-root-user-download + required_packages: + - findutils # non-root-user-download needs find command + # scp-and-sftp-download-test needs find command + - passwd # non-root-user-download needs passwd command + - openssh-clients # non-root-user-download needs ssh-keyscan command + +# Tests for Atomic +- hosts: localhost + roles: + - role: standard-test-beakerlib + tags: + - atomic + tests: + - scp-and-sftp-download-test + - non-root-user-download +