diff --git a/.fmf/version b/.fmf/version new file mode 100644 index 0000000..d00491f --- /dev/null +++ b/.fmf/version @@ -0,0 +1 @@ +1 diff --git a/.gitignore b/.gitignore index 7dcfd8f..9bb4285 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,6 @@ /curl-[0-9.]*.tar.lzma +/curl-[0-9.]*.tar.lzma.asc /curl-[0-9.]*.tar.xz +/curl-[0-9.]*.tar.xz.asc +/curl-[0-9]*.[0-9]*.[0-9]*/ +/*.src.rpm diff --git a/0001-curl-7.58.0-ftp-typo-in-recursive-callback-detection.patch b/0001-curl-7.58.0-ftp-typo-in-recursive-callback-detection.patch deleted file mode 100644 index 224630c..0000000 --- a/0001-curl-7.58.0-ftp-typo-in-recursive-callback-detection.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 1b02cb2b51148915b2ba025bb262ef34f369fa4b Mon Sep 17 00:00:00 2001 -From: dasimx -Date: Wed, 14 Mar 2018 11:02:05 +0100 -Subject: [PATCH] FTP: fix typo in recursive callback detection for seeking - -Fixes #2380 - -Upstream-commit: 920f73a6906dce87c6ee87c32b109a287189965d -Signed-off-by: Kamil Dudka ---- - lib/ftp.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/lib/ftp.c b/lib/ftp.c -index e2cc38b..0cc583b 100644 ---- a/lib/ftp.c -+++ b/lib/ftp.c -@@ -1621,7 +1621,7 @@ static CURLcode ftp_state_ul_setup(struct connectdata *conn, - Curl_set_in_callback(data, true); - seekerr = conn->seek_func(conn->seek_client, data->state.resume_from, - SEEK_SET); -- Curl_set_in_callback(data, true); -+ Curl_set_in_callback(data, false); - } - - if(seekerr != CURL_SEEKFUNC_OK) { --- -2.14.3 - diff --git a/0002-curl-7.59.0-CVE-2018-1000301.patch b/0002-curl-7.59.0-CVE-2018-1000301.patch deleted file mode 100644 index b733979..0000000 --- a/0002-curl-7.59.0-CVE-2018-1000301.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 5815730864a2010872840bae24797983e892eb90 Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Sat, 24 Mar 2018 23:47:41 +0100 -Subject: [PATCH 1/2] http: restore buffer pointer when bad response-line is - parsed - -... leaving the k->str could lead to buffer over-reads later on. - -CVE: CVE-2018-1000301 -Assisted-by: Max Dymond - -Detected by OSS-Fuzz. -Bug: https://curl.haxx.se/docs/adv_2018-b138.html -Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7105 - -Upstream-commit: 8c7b3737d29ed5c0575bf592063de8a51450812d -Signed-off-by: Kamil Dudka ---- - lib/http.c | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/lib/http.c b/lib/http.c -index 841f6cc..dc10f5f 100644 ---- a/lib/http.c -+++ b/lib/http.c -@@ -2966,6 +2966,8 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data, - { - CURLcode result; - struct SingleRequest *k = &data->req; -+ ssize_t onread = *nread; -+ char *ostr = k->str; - - /* header line within buffer loop */ - do { -@@ -3030,7 +3032,9 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data, - else { - /* this was all we read so it's all a bad header */ - k->badheader = HEADER_ALLBAD; -- *nread = (ssize_t)rest_length; -+ *nread = onread; -+ k->str = ostr; -+ return CURLE_OK; - } - break; - } --- -2.14.3 - diff --git a/0003-curl-7.59.0-CVE-2018-1000300.patch b/0003-curl-7.59.0-CVE-2018-1000300.patch deleted file mode 100644 index fb4d15b..0000000 --- a/0003-curl-7.59.0-CVE-2018-1000300.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 9b757a9a431f6859807d9f6e697cc2d2a120098d Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Fri, 23 Mar 2018 23:30:04 +0100 -Subject: [PATCH 2/2] pingpong: fix response cache memcpy overflow - -Response data for a handle with a large buffer might be cached and then -used with the "closure" handle when it has a smaller buffer and then the -larger cache will be copied and overflow the new smaller heap based -buffer. - -Reported-by: Dario Weisser -CVE: CVE-2018-1000300 -Bug: https://curl.haxx.se/docs/adv_2018-82c2.html - -Upstream-commit: 583b42cb3b809b1bf597af160468ccba728c2248 -Signed-off-by: Kamil Dudka ---- - lib/pingpong.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/lib/pingpong.c b/lib/pingpong.c -index 438856a..ad370ee 100644 ---- a/lib/pingpong.c -+++ b/lib/pingpong.c -@@ -304,7 +304,10 @@ CURLcode Curl_pp_readresp(curl_socket_t sockfd, - * it would have been populated with something of size int to begin - * with, even though its datatype may be larger than an int. - */ -- DEBUGASSERT((ptr + pp->cache_size) <= (buf + data->set.buffer_size + 1)); -+ if((ptr + pp->cache_size) > (buf + data->set.buffer_size + 1)) { -+ failf(data, "cached response data too big to handle"); -+ return CURLE_RECV_ERROR; -+ } - memcpy(ptr, pp->cache, pp->cache_size); - gotbytes = (ssize_t)pp->cache_size; - free(pp->cache); /* free the cache */ --- -2.14.3 - diff --git a/0004-curl-7.59.0-http2-GOAWAY.patch b/0004-curl-7.59.0-http2-GOAWAY.patch deleted file mode 100644 index 0e76a6e..0000000 --- a/0004-curl-7.59.0-http2-GOAWAY.patch +++ /dev/null @@ -1,137 +0,0 @@ -From 84ddda3994c1f12d79946780dee9111b3cf1c308 Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Thu, 19 Apr 2018 20:03:30 +0200 -Subject: [PATCH] http2: handle GOAWAY properly - -When receiving REFUSED_STREAM, mark the connection for close and retry -streams accordingly on another/fresh connection. - -Reported-by: Terry Wu -Fixes #2416 -Fixes #1618 -Closes #2510 - -Upstream-commit: d122df5972fc01e39ae28e6bca705237d7e3318a -Signed-off-by: Kamil Dudka ---- - lib/http2.c | 17 ++++++++++++----- - lib/multi.c | 4 +++- - lib/transfer.c | 17 +++++++++++++++-- - lib/urldata.h | 2 +- - 4 files changed, 31 insertions(+), 9 deletions(-) - -diff --git a/lib/http2.c b/lib/http2.c -index b2c34e9..fba4d70 100644 ---- a/lib/http2.c -+++ b/lib/http2.c -@@ -1078,7 +1078,6 @@ void Curl_http2_done(struct connectdata *conn, bool premature) - struct http_conn *httpc = &conn->proto.httpc; - - if(http->header_recvbuf) { -- H2BUGF(infof(data, "free header_recvbuf!!\n")); - Curl_add_buffer_free(http->header_recvbuf); - http->header_recvbuf = NULL; /* clear the pointer */ - Curl_add_buffer_free(http->trailer_recvbuf); -@@ -1351,7 +1350,15 @@ static ssize_t http2_handle_stream_close(struct connectdata *conn, - - /* Reset to FALSE to prevent infinite loop in readwrite_data function. */ - stream->closed = FALSE; -- if(httpc->error_code != NGHTTP2_NO_ERROR) { -+ if(httpc->error_code == NGHTTP2_REFUSED_STREAM) { -+ H2BUGF(infof(data, "REFUSED_STREAM (%d), try again on a new connection!\n", -+ stream->stream_id)); -+ connclose(conn, "REFUSED_STREAM"); /* don't use this anymore */ -+ data->state.refused_stream = TRUE; -+ *err = CURLE_RECV_ERROR; /* trigger Curl_retry_request() later */ -+ return -1; -+ } -+ else if(httpc->error_code != NGHTTP2_NO_ERROR) { - failf(data, "HTTP/2 stream %u was not closed cleanly: %s (err %d)", - stream->stream_id, Curl_http2_strerror(httpc->error_code), - httpc->error_code); -@@ -1579,9 +1586,9 @@ static ssize_t http2_recv(struct connectdata *conn, int sockindex, - } - - if(nread == 0) { -- failf(data, "Unexpected EOF"); -- *err = CURLE_RECV_ERROR; -- return -1; -+ H2BUGF(infof(data, "end of stream\n")); -+ *err = CURLE_OK; -+ return 0; - } - - H2BUGF(infof(data, "nread=%zd\n", nread)); -diff --git a/lib/multi.c b/lib/multi.c -index 98e5fca..d69e5f9 100644 ---- a/lib/multi.c -+++ b/lib/multi.c -@@ -541,7 +541,9 @@ static CURLcode multi_done(struct connectdata **connp, - if(conn->send_pipe.size || conn->recv_pipe.size) { - /* Stop if pipeline is not empty . */ - data->easy_conn = NULL; -- DEBUGF(infof(data, "Connection still in use, no more multi_done now!\n")); -+ DEBUGF(infof(data, "Connection still in use %d/%d, " -+ "no more multi_done now!\n", -+ conn->send_pipe.size, conn->recv_pipe.size)); - return CURLE_OK; - } - -diff --git a/lib/transfer.c b/lib/transfer.c -index fd9af31..5c29cc9 100644 ---- a/lib/transfer.c -+++ b/lib/transfer.c -@@ -1926,7 +1926,7 @@ CURLcode Curl_retry_request(struct connectdata *conn, - char **url) - { - struct Curl_easy *data = conn->data; -- -+ bool retry = FALSE; - *url = NULL; - - /* if we're talking upload, we can't do the checks below, unless the protocol -@@ -1939,7 +1939,7 @@ CURLcode Curl_retry_request(struct connectdata *conn, - conn->bits.reuse && - (!data->set.opt_no_body - || (conn->handler->protocol & PROTO_FAMILY_HTTP)) && -- (data->set.rtspreq != RTSPREQ_RECEIVE)) { -+ (data->set.rtspreq != RTSPREQ_RECEIVE)) - /* We got no data, we attempted to re-use a connection. For HTTP this - can be a retry so we try again regardless if we expected a body. - For other protocols we only try again only if we expected a body. -@@ -1947,6 +1947,19 @@ CURLcode Curl_retry_request(struct connectdata *conn, - This might happen if the connection was left alive when we were - done using it before, but that was closed when we wanted to read from - it again. Bad luck. Retry the same request on a fresh connect! */ -+ retry = TRUE; -+ else if(data->state.refused_stream && -+ (data->req.bytecount + data->req.headerbytecount == 0) ) { -+ /* This was sent on a refused stream, safe to rerun. A refused stream -+ error can typically only happen on HTTP/2 level if the stream is safe -+ to issue again, but the nghttp2 API can deliver the message to other -+ streams as well, which is why this adds the check the data counters -+ too. */ -+ infof(conn->data, "REFUSED_STREAM, retrying a fresh connect\n"); -+ data->state.refused_stream = FALSE; /* clear again */ -+ retry = TRUE; -+ } -+ if(retry) { - infof(conn->data, "Connection died, retrying a fresh connect\n"); - *url = strdup(conn->data->change.url); - if(!*url) -diff --git a/lib/urldata.h b/lib/urldata.h -index 3d7b9e5..6a36ee9 100644 ---- a/lib/urldata.h -+++ b/lib/urldata.h -@@ -1225,7 +1225,7 @@ struct UrlState { - curl_off_t current_speed; /* the ProgressShow() function sets this, - bytes / second */ - bool this_is_a_follow; /* this is a followed Location: request */ -- -+ bool refused_stream; /* this was refused, try again */ - char *first_host; /* host name of the first (not followed) request. - if set, this should be the host name that we will - sent authorization to, no else. Used to make Location: --- -2.14.4 - diff --git a/0005-curl-7.59.0-CVE-2018-0500.patch b/0005-curl-7.59.0-CVE-2018-0500.patch deleted file mode 100644 index 221c05f..0000000 --- a/0005-curl-7.59.0-CVE-2018-0500.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 7a5d2b67b8bee753735d4b03f66c4054d9b812f9 Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Wed, 13 Jun 2018 12:24:40 +0200 -Subject: [PATCH] smtp: use the upload buffer size for scratch buffer malloc - -... not the read buffer size, as that can be set smaller and thus cause -a buffer overflow! CVE-2018-0500 - -Reported-by: Peter Wu -Bug: https://curl.haxx.se/docs/adv_2018-70a2.html - -Upstream-commit: ba1dbd78e5f1ed67c1b8d37ac89d90e5e330b628 -Signed-off-by: Kamil Dudka ---- - lib/smtp.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/lib/smtp.c b/lib/smtp.c -index 3f3b45a..400ad54 100644 ---- a/lib/smtp.c -+++ b/lib/smtp.c -@@ -1563,13 +1563,14 @@ CURLcode Curl_smtp_escape_eob(struct connectdata *conn, const ssize_t nread) - if(!scratch || data->set.crlf) { - oldscratch = scratch; - -- scratch = newscratch = malloc(2 * data->set.buffer_size); -+ scratch = newscratch = malloc(2 * UPLOAD_BUFSIZE); - if(!newscratch) { - failf(data, "Failed to alloc scratch buffer!"); - - return CURLE_OUT_OF_MEMORY; - } - } -+ DEBUGASSERT(UPLOAD_BUFSIZE >= nread); - - /* Have we already sent part of the EOB? */ - eob_sent = smtp->eob; --- -2.14.4 - diff --git a/0006-curl-7.59.0-pkcs11.patch b/0006-curl-7.59.0-pkcs11.patch deleted file mode 100644 index d0f8ff1..0000000 --- a/0006-curl-7.59.0-pkcs11.patch +++ /dev/null @@ -1,225 +0,0 @@ -From cf48e08b1a7c480e43d6e66154e94c5029c0d335 Mon Sep 17 00:00:00 2001 -From: Anderson Toshiyuki Sasaki -Date: Mon, 19 Feb 2018 14:31:06 +0100 -Subject: [PATCH] ssl: set engine implicitly when a PKCS#11 URI is provided - -This allows the use of PKCS#11 URI for certificates and keys without -setting the corresponding type as "ENG" and the engine as "pkcs11" -explicitly. If a PKCS#11 URI is provided for certificate, key, -proxy_certificate or proxy_key, the corresponding type is set as "ENG" -if not provided and the engine is set to "pkcs11" if not provided. - -Acked-by: Nikos Mavrogiannopoulos -Closes #2333 - -Upstream-commit: 298d2565e2a2f06a859b7f5a1cc24ba7c87a8ce2 -Signed-off-by: Kamil Dudka ---- - docs/cmdline-opts/cert.d | 7 ++++++ - docs/cmdline-opts/key.d | 7 ++++++ - lib/vtls/openssl.c | 38 ++++++++++++++++++++++++++++ - src/tool_getparam.c | 2 +- - src/tool_operate.c | 53 ++++++++++++++++++++++++++++++++++++++++ - tests/unit/unit1394.c | 3 +++ - 6 files changed, 109 insertions(+), 1 deletion(-) - -diff --git a/docs/cmdline-opts/cert.d b/docs/cmdline-opts/cert.d -index 0cd5d53..ae6fe2f 100644 ---- a/docs/cmdline-opts/cert.d -+++ b/docs/cmdline-opts/cert.d -@@ -23,6 +23,13 @@ nickname contains ":", it needs to be preceded by "\\" so that it is not - recognized as password delimiter. If the nickname contains "\\", it needs to - be escaped as "\\\\" so that it is not recognized as an escape character. - -+If curl is built against OpenSSL library, and the engine pkcs11 is available, -+then a PKCS#11 URI (RFC 7512) can be used to specify a certificate located in -+a PKCS#11 device. A string beginning with "pkcs11:" will be interpreted as a -+PKCS#11 URI. If a PKCS#11 URI is provided, then the --engine option will be set -+as "pkcs11" if none was provided and the --cert-type option will be set as -+"ENG" if none was provided. -+ - (iOS and macOS only) If curl is built against Secure Transport, then the - certificate string can either be the name of a certificate/private key in the - system or user keychain, or the path to a PKCS#12-encoded certificate and -diff --git a/docs/cmdline-opts/key.d b/docs/cmdline-opts/key.d -index fbf583a..4877b42 100644 ---- a/docs/cmdline-opts/key.d -+++ b/docs/cmdline-opts/key.d -@@ -7,4 +7,11 @@ Private key file name. Allows you to provide your private key in this separate - file. For SSH, if not specified, curl tries the following candidates in order: - '~/.ssh/id_rsa', '~/.ssh/id_dsa', './id_rsa', './id_dsa'. - -+If curl is built against OpenSSL library, and the engine pkcs11 is available, -+then a PKCS#11 URI (RFC 7512) can be used to specify a private key located in a -+PKCS#11 device. A string beginning with "pkcs11:" will be interpreted as a -+PKCS#11 URI. If a PKCS#11 URI is provided, then the --engine option will be set -+as "pkcs11" if none was provided and the --key-type option will be set as -+"ENG" if none was provided. -+ - If this option is used several times, the last one will be used. -diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c -index 2a6b3cf..5f16dbd 100644 ---- a/lib/vtls/openssl.c -+++ b/lib/vtls/openssl.c -@@ -532,8 +532,25 @@ static int ssl_ui_writer(UI *ui, UI_STRING *uis) - } - return (UI_method_get_writer(UI_OpenSSL()))(ui, uis); - } -+ -+/* -+ * Check if a given string is a PKCS#11 URI -+ */ -+static bool is_pkcs11_uri(const char *string) -+{ -+ if(strncasecompare(string, "pkcs11:", 7)) { -+ return TRUE; -+ } -+ else { -+ return FALSE; -+ } -+} -+ - #endif - -+static CURLcode Curl_ossl_set_engine(struct Curl_easy *data, -+ const char *engine); -+ - static - int cert_stuff(struct connectdata *conn, - SSL_CTX* ctx, -@@ -596,6 +613,16 @@ int cert_stuff(struct connectdata *conn, - case SSL_FILETYPE_ENGINE: - #if defined(HAVE_OPENSSL_ENGINE_H) && defined(ENGINE_CTRL_GET_CMD_FROM_NAME) - { -+ /* Implicitly use pkcs11 engine if none was provided and the -+ * cert_file is a PKCS#11 URI */ -+ if(!data->state.engine) { -+ if(is_pkcs11_uri(cert_file)) { -+ if(Curl_ossl_set_engine(data, "pkcs11") != CURLE_OK) { -+ return 0; -+ } -+ } -+ } -+ - if(data->state.engine) { - const char *cmd_name = "LOAD_CERT_CTRL"; - struct { -@@ -762,6 +789,17 @@ int cert_stuff(struct connectdata *conn, - #ifdef HAVE_OPENSSL_ENGINE_H - { /* XXXX still needs some work */ - EVP_PKEY *priv_key = NULL; -+ -+ /* Implicitly use pkcs11 engine if none was provided and the -+ * key_file is a PKCS#11 URI */ -+ if(!data->state.engine) { -+ if(is_pkcs11_uri(key_file)) { -+ if(Curl_ossl_set_engine(data, "pkcs11") != CURLE_OK) { -+ return 0; -+ } -+ } -+ } -+ - if(data->state.engine) { - UI_METHOD *ui_method = - UI_create_method((char *)"curl user interface"); -diff --git a/src/tool_getparam.c b/src/tool_getparam.c -index 7ce9c28..6628247 100644 ---- a/src/tool_getparam.c -+++ b/src/tool_getparam.c -@@ -337,7 +337,7 @@ void parse_cert_parameter(const char *cert_parameter, - * looks like a RFC7512 PKCS#11 URI which can be used as-is. - * Also if cert_parameter contains no colon nor backslash, this - * means no passphrase was given and no characters escaped */ -- if(!strncmp(cert_parameter, "pkcs11:", 7) || -+ if(curl_strnequal(cert_parameter, "pkcs11:", 7) || - !strpbrk(cert_parameter, ":\\")) { - *certname = strdup(cert_parameter); - return; -diff --git a/src/tool_operate.c b/src/tool_operate.c -index e8b434a..fa44c70 100644 ---- a/src/tool_operate.c -+++ b/src/tool_operate.c -@@ -113,6 +113,19 @@ static bool is_fatal_error(CURLcode code) - return FALSE; - } - -+/* -+ * Check if a given string is a PKCS#11 URI -+ */ -+static bool is_pkcs11_uri(const char *string) -+{ -+ if(curl_strnequal(string, "pkcs11:", 7)) { -+ return TRUE; -+ } -+ else { -+ return FALSE; -+ } -+} -+ - #ifdef __VMS - /* - * get_vms_file_size does what it takes to get the real size of the file -@@ -1057,6 +1070,46 @@ static CURLcode operate_do(struct GlobalConfig *global, - my_setopt_str(curl, CURLOPT_PINNEDPUBLICKEY, config->pinnedpubkey); - - if(curlinfo->features & CURL_VERSION_SSL) { -+ /* Check if config->cert is a PKCS#11 URI and set the -+ * config->cert_type if necessary */ -+ if(config->cert) { -+ if(!config->cert_type) { -+ if(is_pkcs11_uri(config->cert)) { -+ config->cert_type = strdup("ENG"); -+ } -+ } -+ } -+ -+ /* Check if config->key is a PKCS#11 URI and set the -+ * config->key_type if necessary */ -+ if(config->key) { -+ if(!config->key_type) { -+ if(is_pkcs11_uri(config->key)) { -+ config->key_type = strdup("ENG"); -+ } -+ } -+ } -+ -+ /* Check if config->proxy_cert is a PKCS#11 URI and set the -+ * config->proxy_type if necessary */ -+ if(config->proxy_cert) { -+ if(!config->proxy_cert_type) { -+ if(is_pkcs11_uri(config->proxy_cert)) { -+ config->proxy_cert_type = strdup("ENG"); -+ } -+ } -+ } -+ -+ /* Check if config->proxy_key is a PKCS#11 URI and set the -+ * config->proxy_key_type if necessary */ -+ if(config->proxy_key) { -+ if(!config->proxy_key_type) { -+ if(is_pkcs11_uri(config->proxy_key)) { -+ config->proxy_key_type = strdup("ENG"); -+ } -+ } -+ } -+ - my_setopt_str(curl, CURLOPT_SSLCERT, config->cert); - my_setopt_str(curl, CURLOPT_PROXY_SSLCERT, config->proxy_cert); - my_setopt_str(curl, CURLOPT_SSLCERTTYPE, config->cert_type); -diff --git a/tests/unit/unit1394.c b/tests/unit/unit1394.c -index 667991d..010f052 100644 ---- a/tests/unit/unit1394.c -+++ b/tests/unit/unit1394.c -@@ -56,6 +56,9 @@ UNITTEST_START - "foo:bar\\\\", "foo", "bar\\\\", - "foo:bar:", "foo", "bar:", - "foo\\::bar\\:", "foo:", "bar\\:", -+ "pkcs11:foobar", "pkcs11:foobar", NULL, -+ "PKCS11:foobar", "PKCS11:foobar", NULL, -+ "PkCs11:foobar", "PkCs11:foobar", NULL, - #ifdef WIN32 - "c:\\foo:bar:baz", "c:\\foo", "bar:baz", - "c:\\foo\\:bar:baz", "c:\\foo:bar", "baz", --- -2.17.1 - diff --git a/0007-curl-7.61.0-libssh.patch b/0007-curl-7.61.0-libssh.patch deleted file mode 100644 index 496e9b1..0000000 --- a/0007-curl-7.61.0-libssh.patch +++ /dev/null @@ -1,133 +0,0 @@ -From 155d4ffb7d40daf2afa0102f91f810675220ab6e Mon Sep 17 00:00:00 2001 -From: Kamil Dudka -Date: Tue, 14 Aug 2018 13:14:49 +0200 -Subject: [PATCH 1/2] ssh-libssh: reduce excessive verbose output about pubkey - auth - -The verbose message "Authentication using SSH public key file" was -printed each time the ssh_userauth_publickey_auto() was called, which -meant each time a packet was transferred over network because the API -operates in non-blocking mode. - -This patch makes sure that the verbose message is printed just once -(when the authentication state is entered by the SSH state machine). - -Upstream-commit: 1e843a31a49484aeddf8f358e71392205f5fd6b1 -Signed-off-by: Kamil Dudka ---- - lib/ssh-libssh.c | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/lib/ssh-libssh.c b/lib/ssh-libssh.c -index cecf477ac..f40f074b9 100644 ---- a/lib/ssh-libssh.c -+++ b/lib/ssh-libssh.c -@@ -607,6 +607,7 @@ static CURLcode myssh_statemach_act(struct connectdata *conn, bool *block) - sshc->auth_methods = ssh_userauth_list(sshc->ssh_session, NULL); - if(sshc->auth_methods & SSH_AUTH_METHOD_PUBLICKEY) { - state(conn, SSH_AUTH_PKEY_INIT); -+ infof(data, "Authentication using SSH public key file\n"); - } - else if(sshc->auth_methods & SSH_AUTH_METHOD_GSSAPI_MIC) { - state(conn, SSH_AUTH_GSSAPI); -@@ -659,8 +660,6 @@ static CURLcode myssh_statemach_act(struct connectdata *conn, bool *block) - - } - else { -- infof(data, "Authentication using SSH public key file\n"); -- - rc = ssh_userauth_publickey_auto(sshc->ssh_session, NULL, - data->set.ssl.key_passwd); - if(rc == SSH_AUTH_AGAIN) { --- -2.17.1 - - -From 4b445519694ab620bd6376066844a7076e8ce4ab Mon Sep 17 00:00:00 2001 -From: Kamil Dudka -Date: Tue, 14 Aug 2018 12:47:18 +0200 -Subject: [PATCH 2/2] ssh-libssh: fix infinite connect loop on invalid private - key - -Added test 656 (based on test 604) to verify the fix. - -Bug: https://bugzilla.redhat.com/1595135 - -Closes #2879 - -Upstream-commit: a4c7911a48dadb4f68ba6b38bb1bf3f061b747f6 -Signed-off-by: Kamil Dudka ---- - lib/ssh-libssh.c | 1 + - tests/data/Makefile.inc | 2 +- - tests/data/test656 | 33 +++++++++++++++++++++++++++++++++ - 3 files changed, 35 insertions(+), 1 deletion(-) - create mode 100644 tests/data/test656 - -diff --git a/lib/ssh-libssh.c b/lib/ssh-libssh.c -index f40f074b9..12d618cfe 100644 ---- a/lib/ssh-libssh.c -+++ b/lib/ssh-libssh.c -@@ -652,6 +652,7 @@ static CURLcode myssh_statemach_act(struct connectdata *conn, bool *block) - if(rc != SSH_OK) { - failf(data, "Could not load private key file %s", - data->set.str[STRING_SSH_PRIVATE_KEY]); -+ MOVE_TO_ERROR_STATE(CURLE_LOGIN_DENIED); - break; - } - -diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc -index 20274b37c..518a5a543 100644 ---- a/tests/data/Makefile.inc -+++ b/tests/data/Makefile.inc -@@ -83,7 +83,7 @@ test617 test618 test619 test620 test621 test622 test623 test624 test625 \ - test626 test627 test628 test629 test630 test631 test632 test633 test634 \ - test635 test636 test637 test638 test639 test640 test641 test642 \ - test643 test644 test645 test646 test647 test648 test649 test650 test651 \ --test652 test653 test654 test655 \ -+test652 test653 test654 test655 test656 \ - \ - test700 test701 test702 test703 test704 test705 test706 test707 test708 \ - test709 test710 test711 test712 test713 test714 test715 \ -diff --git a/tests/data/test656 b/tests/data/test656 -new file mode 100644 -index 000000000..4107d3d17 ---- /dev/null -+++ b/tests/data/test656 -@@ -0,0 +1,33 @@ -+ -+ -+ -+SFTP -+FAILURE -+ -+ -+ -+# -+# Client-side -+ -+ -+sftp -+ -+ -+SFTP retrieval with nonexistent private key file -+ -+ -+--key DOES_NOT_EXIST --pubkey curl_client_key.pub -u %USER: sftp://%HOSTIP:%SSHPORT%PWD/not-a-valid-file-moooo --insecure --connect-timeout 8 -+ -+ -+ -+# -+# Verify data after the test has been "shot" -+ -+ -+disable -+ -+ -+67 -+ -+ -+ --- -2.17.1 - diff --git a/0008-curl-7.59.0-CVE-2018-14618.patch b/0008-curl-7.59.0-CVE-2018-14618.patch deleted file mode 100644 index e9ed142..0000000 --- a/0008-curl-7.59.0-CVE-2018-14618.patch +++ /dev/null @@ -1,72 +0,0 @@ -From 114b31ab5b7e6965b629697020a7ce4b6cea340e Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Mon, 13 Aug 2018 10:35:52 +0200 -Subject: [PATCH] Curl_ntlm_core_mk_nt_hash: return error on too long password - -... since it would cause an integer overflow if longer than (max size_t -/ 2). - -This is CVE-2018-14618 - -Bug: https://curl.haxx.se/docs/CVE-2018-14618.html -Closes #2756 -Reported-by: Zhaoyang Wu - -Upstream-commit: 57d299a499155d4b327e341c6024e293b0418243 -Signed-off-by: Kamil Dudka ---- - lib/curl_ntlm_core.c | 23 +++++++++++++---------- - 1 file changed, 13 insertions(+), 10 deletions(-) - -diff --git a/lib/curl_ntlm_core.c b/lib/curl_ntlm_core.c -index e896276..e5c785d 100644 ---- a/lib/curl_ntlm_core.c -+++ b/lib/curl_ntlm_core.c -@@ -143,6 +143,15 @@ - #define NTLMv2_BLOB_SIGNATURE "\x01\x01\x00\x00" - #define NTLMv2_BLOB_LEN (44 -16 + ntlm->target_info_len + 4) - -+#ifndef SIZE_T_MAX -+/* some limits.h headers have this defined, some don't */ -+#if defined(SIZEOF_SIZE_T) && (SIZEOF_SIZE_T > 4) -+#define SIZE_T_MAX 18446744073709551615U -+#else -+#define SIZE_T_MAX 4294967295U -+#endif -+#endif -+ - /* - * Turns a 56-bit key into being 64-bit wide. - */ -@@ -557,8 +566,11 @@ CURLcode Curl_ntlm_core_mk_nt_hash(struct Curl_easy *data, - unsigned char *ntbuffer /* 21 bytes */) - { - size_t len = strlen(password); -- unsigned char *pw = len ? malloc(len * 2) : strdup(""); -+ unsigned char *pw; - CURLcode result; -+ if(len > SIZE_T_MAX/2) /* avoid integer overflow */ -+ return CURLE_OUT_OF_MEMORY; -+ pw = len ? malloc(len * 2) : strdup(""); - if(!pw) - return CURLE_OUT_OF_MEMORY; - -@@ -646,15 +658,6 @@ CURLcode Curl_hmac_md5(const unsigned char *key, unsigned int keylen, - return CURLE_OK; - } - --#ifndef SIZE_T_MAX --/* some limits.h headers have this defined, some don't */ --#if defined(SIZEOF_SIZE_T) && (SIZEOF_SIZE_T > 4) --#define SIZE_T_MAX 18446744073709551615U --#else --#define SIZE_T_MAX 4294967295U --#endif --#endif -- - /* This creates the NTLMv2 hash by using NTLM hash as the key and Unicode - * (uppercase UserName + Domain) as the data - */ --- -2.17.1 - diff --git a/0009-curl-7.59.0-test320-gnutls.patch b/0009-curl-7.59.0-test320-gnutls.patch deleted file mode 100644 index a9cbaac..0000000 --- a/0009-curl-7.59.0-test320-gnutls.patch +++ /dev/null @@ -1,63 +0,0 @@ -From 3cd5b375e31fb98e4782dc3a77e7316ad9eb26cf Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Thu, 4 Oct 2018 15:34:13 +0200 -Subject: [PATCH] test320: strip out more HTML when comparing - -To make the test case work with different gnutls-serv versions better. - -Reported-by: Kamil Dudka -Fixes #3093 -Closes #3094 - -Upstream-commit: 94ad57b0246b5658c2a9139dbe6a80efa4c4e2f3 -Signed-off-by: Kamil Dudka ---- - tests/data/test320 | 24 ++++-------------------- - 1 file changed, 4 insertions(+), 20 deletions(-) - -diff --git a/tests/data/test320 b/tests/data/test320 -index 457a11eb2..87311d4f2 100644 ---- a/tests/data/test320 -+++ b/tests/data/test320 -@@ -62,34 +62,18 @@ simple TLS-SRP HTTPS GET, check user in response - HTTP/1.0 200 OK - Content-type: text/html - -- -- --

This is GnuTLS

-- -- -- --
If your browser supports session resuming, then you should see the same session ID, when you press the reload button.
--

Connected as user 'jsmith'.

--

-- -- -- -- -- --

Key Exchange:SRP
CompressionNULL
CipherAES-NNN-CBC
MACSHA1
CiphersuiteSRP_SHA_AES_NNN_CBC_SHA1
--

Your HTTP header was:

Host: %HOSTIP:%HTTPTLSPORT
-+FINE
- User-Agent: curl-test-suite
- Accept: */*
- 
--

-- -- - - --s/^

Session ID:.*// -+s/^

Connected as user 'jsmith'.*/FINE/ - s/Protocol version:.*[0-9]// - s/GNUTLS/GnuTLS/ - s/(AES[-_])\d\d\d([-_]CBC)/$1NNN$2/ -+s/^<.*\n// -+s/^\n// - - - --- -2.17.1 - diff --git a/0010-curl-7.59.0-CVE-2018-16842.patch b/0010-curl-7.59.0-CVE-2018-16842.patch deleted file mode 100644 index 6903ad6..0000000 --- a/0010-curl-7.59.0-CVE-2018-16842.patch +++ /dev/null @@ -1,78 +0,0 @@ -From 27d6c92acdac671ddf8f77f72956b2181561f774 Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Sun, 28 Oct 2018 01:33:23 +0200 -Subject: [PATCH 1/2] voutf: fix bad arethmetic when outputting warnings to - stderr - -CVE-2018-16842 -Reported-by: Brian Carpenter -Bug: https://curl.haxx.se/docs/CVE-2018-16842.html - -Upstream-commit: d530e92f59ae9bb2d47066c3c460b25d2ffeb211 -Signed-off-by: Kamil Dudka ---- - src/tool_msgs.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/tool_msgs.c b/src/tool_msgs.c -index 9cce806..05bec39 100644 ---- a/src/tool_msgs.c -+++ b/src/tool_msgs.c -@@ -67,7 +67,7 @@ static void voutf(struct GlobalConfig *config, - (void)fwrite(ptr, cut + 1, 1, config->errors); - fputs("\n", config->errors); - ptr += cut + 1; /* skip the space too */ -- len -= cut; -+ len -= cut + 1; - } - else { - fputs(ptr, config->errors); --- -2.17.2 - - -From 23f8c641b02e6c302d0e8cc5a5ee225a33b01f28 Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Sun, 28 Oct 2018 10:43:57 +0100 -Subject: [PATCH 2/2] test2080: verify the fix for CVE-2018-16842 - -Upstream-commit: 350306e4726b71b5b386fc30e3fecc039a807157 -Signed-off-by: Kamil Dudka ---- - tests/data/Makefile.inc | 3 ++- - tests/data/test2080 | Bin 0 -> 20659 bytes - 2 files changed, 2 insertions(+), 1 deletion(-) - create mode 100644 tests/data/test2080 - -diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc -index e045748..aa5fff0 100644 ---- a/tests/data/Makefile.inc -+++ b/tests/data/Makefile.inc -@@ -194,4 +194,5 @@ test2048 test2049 test2050 test2051 test2052 test2053 test2054 test2055 \ - test2056 test2057 test2058 test2059 test2060 test2061 test2062 test2063 \ - test2064 test2065 test2066 test2067 test2068 test2069 \ - \ --test2070 test2071 test2072 test2073 -+test2070 test2071 test2072 test2073 \ -+test2080 -diff --git a/tests/data/test2080 b/tests/data/test2080 -new file mode 100644 -index 0000000000000000000000000000000000000000..47e376ecb5d7879c0a98e392bff48ccc52e9db0a -GIT binary patch -literal 20659 -zcmeI)Pj3@35QkyT{uI*`iBshYE(n>u@JB+F3kdG+t~asjwJY0gl}``eO+)FONU8ef -zl6Ca+%A4K8~qdz -zd{+G6l*#ToY+DU||F9%J1n*+KPxQ;7MapuoQ!&MMQSXmpqMh0_yS6g=;N;HNjilBk -zY$c?)mULZxib{;$g~jw~nrs|8b@sJI)_QmS_4(WLrNld}2Y0LEO$e>m->_NA&o$n! -z9^YDZ>cvMs2q1s}0tg_000PG)@a?$9VHyMwKmY**5I_I{1Q0m1z~!MEP#*yV5I_I{ -z1Q0*~0R#|0009ILKmY**4ldvh-hl=PAb-+Xw`j-8D -zzg+g?Rt8(G*s;1Sb>n1S94H%G -Date: Thu, 18 Oct 2018 15:07:15 +0200 -Subject: [PATCH] Curl_close: clear data->multi_easy on free to avoid - use-after-free - -Regression from b46cfbc068 (7.59.0) -CVE-2018-16840 -Reported-by: Brian Carpenter (Geeknik Labs) - -Bug: https://curl.haxx.se/docs/CVE-2018-16840.html - -Upstream-commit: 81d135d67155c5295b1033679c606165d4e28f3f -Signed-off-by: Kamil Dudka ---- - lib/url.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/lib/url.c b/lib/url.c -index f159008..dcc1ecc 100644 ---- a/lib/url.c -+++ b/lib/url.c -@@ -320,10 +320,12 @@ CURLcode Curl_close(struct Curl_easy *data) - and detach this handle from there. */ - curl_multi_remove_handle(data->multi, data); - -- if(data->multi_easy) -+ if(data->multi_easy) { - /* when curl_easy_perform() is used, it creates its own multi handle to - use and this is the one */ - curl_multi_cleanup(data->multi_easy); -+ data->multi_easy = NULL; -+ } - - /* Destroy the timeout list that is held in the easy handle. It is - /normally/ done by curl_multi_remove_handle() but this is "just in --- -2.17.2 - diff --git a/0012-curl-7.59.0-CVE-2018-16839.patch b/0012-curl-7.59.0-CVE-2018-16839.patch deleted file mode 100644 index 5570f44..0000000 --- a/0012-curl-7.59.0-CVE-2018-16839.patch +++ /dev/null @@ -1,136 +0,0 @@ -From 4df8ff21144236497fc92521d79fbca2dc079686 Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Tue, 20 Mar 2018 15:15:14 +0100 -Subject: [PATCH 1/2] vauth/cleartext: fix integer overflow check - -Make the integer overflow check not rely on the undefined behavior that -a size_t wraps around on overflow. - -Detected by lgtm.com -Closes #2408 - -Upstream-commit: c1366571b609407cf0d4d9f4a2769d29e1313151 -Signed-off-by: Kamil Dudka ---- - lib/curl_ntlm_core.c | 11 +---------- - lib/curl_setup.h | 9 +++++++++ - lib/vauth/cleartext.c | 14 ++++---------- - 3 files changed, 14 insertions(+), 20 deletions(-) - -diff --git a/lib/curl_ntlm_core.c b/lib/curl_ntlm_core.c -index e5c785d..b69c293 100644 ---- a/lib/curl_ntlm_core.c -+++ b/lib/curl_ntlm_core.c -@@ -5,7 +5,7 @@ - * | (__| |_| | _ <| |___ - * \___|\___/|_| \_\_____| - * -- * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. -+ * Copyright (C) 1998 - 2018, Daniel Stenberg, , et al. - * - * This software is licensed as described in the file COPYING, which - * you should have received as part of this distribution. The terms -@@ -143,15 +143,6 @@ - #define NTLMv2_BLOB_SIGNATURE "\x01\x01\x00\x00" - #define NTLMv2_BLOB_LEN (44 -16 + ntlm->target_info_len + 4) - --#ifndef SIZE_T_MAX --/* some limits.h headers have this defined, some don't */ --#if defined(SIZEOF_SIZE_T) && (SIZEOF_SIZE_T > 4) --#define SIZE_T_MAX 18446744073709551615U --#else --#define SIZE_T_MAX 4294967295U --#endif --#endif -- - /* - * Turns a 56-bit key into being 64-bit wide. - */ -diff --git a/lib/curl_setup.h b/lib/curl_setup.h -index f128696..e4503c6 100644 ---- a/lib/curl_setup.h -+++ b/lib/curl_setup.h -@@ -447,6 +447,15 @@ - # endif - #endif - -+#ifndef SIZE_T_MAX -+/* some limits.h headers have this defined, some don't */ -+#if defined(SIZEOF_SIZE_T) && (SIZEOF_SIZE_T > 4) -+#define SIZE_T_MAX 18446744073709551615U -+#else -+#define SIZE_T_MAX 4294967295U -+#endif -+#endif -+ - /* - * Arg 2 type for gethostname in case it hasn't been defined in config file. - */ -diff --git a/lib/vauth/cleartext.c b/lib/vauth/cleartext.c -index a761ae7..5d61ce6 100644 ---- a/lib/vauth/cleartext.c -+++ b/lib/vauth/cleartext.c -@@ -5,7 +5,7 @@ - * | (__| |_| | _ <| |___ - * \___|\___/|_| \_\_____| - * -- * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. -+ * Copyright (C) 1998 - 2018, Daniel Stenberg, , et al. - * - * This software is licensed as described in the file COPYING, which - * you should have received as part of this distribution. The terms -@@ -73,16 +73,10 @@ CURLcode Curl_auth_create_plain_message(struct Curl_easy *data, - ulen = strlen(userp); - plen = strlen(passwdp); - -- /* Compute binary message length, checking for overflows. */ -- plainlen = 2 * ulen; -- if(plainlen < ulen) -- return CURLE_OUT_OF_MEMORY; -- plainlen += plen; -- if(plainlen < plen) -- return CURLE_OUT_OF_MEMORY; -- plainlen += 2; -- if(plainlen < 2) -+ /* Compute binary message length. Check for overflows. */ -+ if((ulen > SIZE_T_MAX/2) || (plen > (SIZE_T_MAX/2 - 2))) - return CURLE_OUT_OF_MEMORY; -+ plainlen = 2 * ulen + plen + 2; - - plainauth = malloc(plainlen); - if(!plainauth) --- -2.17.2 - - -From ad9943254ded9a983af7d581e8a1f3317e8a8781 Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Fri, 28 Sep 2018 16:08:16 +0200 -Subject: [PATCH 2/2] Curl_auth_create_plain_message: fix too-large-input-check - -CVE-2018-16839 -Reported-by: Harry Sintonen -Bug: https://curl.haxx.se/docs/CVE-2018-16839.html - -Upstream-commit: f3a24d7916b9173c69a3e0ee790102993833d6c5 -Signed-off-by: Kamil Dudka ---- - lib/vauth/cleartext.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/lib/vauth/cleartext.c b/lib/vauth/cleartext.c -index 5d61ce6..1367143 100644 ---- a/lib/vauth/cleartext.c -+++ b/lib/vauth/cleartext.c -@@ -74,7 +74,7 @@ CURLcode Curl_auth_create_plain_message(struct Curl_easy *data, - plen = strlen(passwdp); - - /* Compute binary message length. Check for overflows. */ -- if((ulen > SIZE_T_MAX/2) || (plen > (SIZE_T_MAX/2 - 2))) -+ if((ulen > SIZE_T_MAX/4) || (plen > (SIZE_T_MAX/2 - 2))) - return CURLE_OUT_OF_MEMORY; - plainlen = 2 * ulen + plen + 2; - --- -2.17.2 - diff --git a/0013-curl-7.61.1-zsh-completion.patch b/0013-curl-7.61.1-zsh-completion.patch deleted file mode 100644 index 770a15b..0000000 --- a/0013-curl-7.61.1-zsh-completion.patch +++ /dev/null @@ -1,76 +0,0 @@ -From 082034e2334b2d0795b2b324ff3e0635bb7d2b86 Mon Sep 17 00:00:00 2001 -From: Alessandro Ghedini -Date: Tue, 5 Feb 2019 20:44:14 +0000 -Subject: [PATCH 1/2] zsh.pl: update regex to better match curl -h output - -The current regex fails to match '<...>' arguments properly (e.g. those -with spaces in them), which causes an completion script with wrong -descriptions for some options. - -The problem can be reproduced as follows: - -% curl --reso - -Upstream-commit: dbd32f3241b297b96ee11a51da1a661f528ca026 -Signed-off-by: Kamil Dudka ---- - scripts/zsh.pl | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/scripts/zsh.pl b/scripts/zsh.pl -index 1257190..941b322 100755 ---- a/scripts/zsh.pl -+++ b/scripts/zsh.pl -@@ -7,7 +7,7 @@ use warnings; - - my $curl = $ARGV[0] || 'curl'; - --my $regex = '\s+(?:(-[^\s]+),\s)?(--[^\s]+)\s([^\s.]+)?\s+(.*)'; -+my $regex = '\s+(?:(-[^\s]+),\s)?(--[^\s]+)\s*(\<.+?\>)?\s+(.*)'; - my @opts = parse_main_opts('--help', $regex); - - my $opts_str; --- -2.17.2 - - -From 45abc785e101346f19599aa5f9fa1617e525ec4d Mon Sep 17 00:00:00 2001 -From: Alessandro Ghedini -Date: Tue, 5 Feb 2019 21:06:26 +0000 -Subject: [PATCH 2/2] zsh.pl: escape ':' character - -':' is interpreted as separator by zsh, so if used as part of the argument -or option's description it needs to be escaped. - -The problem can be reproduced as follows: - -% curl -E - -Bug: https://bugs.debian.org/921452 - -Upstream-commit: b3cc8017b7364f588365be2b2629c49c142efdb7 -Signed-off-by: Kamil Dudka ---- - scripts/zsh.pl | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/scripts/zsh.pl b/scripts/zsh.pl -index 941b322..0f9cbec 100755 ---- a/scripts/zsh.pl -+++ b/scripts/zsh.pl -@@ -45,9 +45,12 @@ sub parse_main_opts { - - my $option = ''; - -+ $arg =~ s/\:/\\\:/g if defined $arg; -+ - $desc =~ s/'/'\\''/g if defined $desc; - $desc =~ s/\[/\\\[/g if defined $desc; - $desc =~ s/\]/\\\]/g if defined $desc; -+ $desc =~ s/\:/\\\:/g if defined $desc; - - $option .= '{' . trim($short) . ',' if defined $short; - $option .= trim($long) if defined $long; --- -2.17.2 - diff --git a/0101-curl-7.32.0-multilib.patch b/0101-curl-7.32.0-multilib.patch index 532980e..f7f66e6 100644 --- a/0101-curl-7.32.0-multilib.patch +++ b/0101-curl-7.32.0-multilib.patch @@ -1,89 +1,92 @@ -From 2a4754a3a7cf60ecc36d83cbe50b8c337cb87632 Mon Sep 17 00:00:00 2001 -From: Kamil Dudka -Date: Fri, 12 Apr 2013 12:04:05 +0200 +From 6bb4e674cdc953f5c0048aa84172539900725166 Mon Sep 17 00:00:00 2001 +From: Jan Macku +Date: Tue, 16 Dec 2025 10:04:40 +0100 Subject: [PATCH] prevent multilib conflicts on the curl-config script --- - curl-config.in | 21 +++------------------ - docs/curl-config.1 | 4 +++- - libcurl.pc.in | 1 + - 3 files changed, 7 insertions(+), 19 deletions(-) + curl-config.in | 23 +++++------------------ + docs/curl-config.md | 4 +++- + libcurl.pc.in | 1 + + 3 files changed, 9 insertions(+), 19 deletions(-) diff --git a/curl-config.in b/curl-config.in -index 150004d..95d0759 100644 +index a1c8185875..bb43ca8335 100644 --- a/curl-config.in +++ b/curl-config.in -@@ -76,7 +76,7 @@ while test $# -gt 0; do - ;; +@@ -74,7 +74,7 @@ while test "$#" -gt 0; do + ;; - --cc) -- echo "@CC@" -+ echo "gcc" - ;; + --cc) +- echo '@CC@' ++ echo 'gcc' + ;; - --prefix) -@@ -143,32 +143,17 @@ while test $# -gt 0; do - ;; + --prefix) +@@ -149,16 +149,7 @@ while test "$#" -gt 0; do + ;; - --libs) -- if test "X@libdir@" != "X/usr/lib" -a "X@libdir@" != "X/usr/lib64"; then -- CURLLIBDIR="-L@libdir@ " -- else -- CURLLIBDIR="" -- fi -- if test "X@REQUIRE_LIB_DEPS@" = "Xyes"; then -- echo ${CURLLIBDIR}-lcurl @LIBCURL_LIBS@ -- else -- echo ${CURLLIBDIR}-lcurl -- fi -+ echo -lcurl - ;; - --ssl-backends) - echo "@SSL_BACKENDS@" - ;; + --libs) +- if test "@libdir@" != '/usr/lib' && test "@libdir@" != '/usr/lib64'; then +- curllibdir="-L@libdir@ " +- else +- curllibdir='' +- fi +- if test '@ENABLE_SHARED@' = 'no'; then +- echo "${curllibdir}-lcurl @LIBCURL_PC_LIBS_PRIVATE@" +- else +- echo "${curllibdir}-lcurl" +- fi ++ echo '-lcurl' + ;; - --static-libs) -- if test "X@ENABLE_STATIC@" != "Xno" ; then -- echo @libdir@/libcurl.@libext@ @LDFLAGS@ @LIBCURL_LIBS@ -- else -- echo "curl was built with static libraries disabled" >&2 -- exit 1 -- fi - ;; + --ssl-backends) +@@ -166,16 +157,12 @@ while test "$#" -gt 0; do + ;; - --configure) -- echo @CONFIGURE_OPTIONS@ -+ pkg-config libcurl --variable=configure_options | sed 's/^"//;s/"$//' - ;; + --static-libs) +- if test '@ENABLE_STATIC@' != 'no'; then +- echo "@libdir@/libcurl.@libext@ @LIBCURL_PC_LDFLAGS_PRIVATE@ @LIBCURL_PC_LIBS_PRIVATE@" +- else +- echo 'curl was built with static libraries disabled' >&2 +- exit 1 +- fi ++ echo 'curl was built with static libraries disabled' >&2 ++ exit 1 + ;; - *) -diff --git a/docs/curl-config.1 b/docs/curl-config.1 -index 14a9d2b..ffcc004 100644 ---- a/docs/curl-config.1 -+++ b/docs/curl-config.1 -@@ -70,7 +70,9 @@ no, one or several names. If more than one name, they will appear - comma-separated. (Added in 7.58.0) - .IP "--static-libs" - Shows the complete set of libs and other linker options you will need in order --to link your application with libcurl statically. (Added in 7.17.1) -+to link your application with libcurl statically. Note that Fedora/RHEL libcurl + --configure) +- echo @CONFIGURE_OPTIONS@ ++ pkg-config libcurl --variable=configure_options | sed 's/^"//;s/"$//' + ;; + + *) +diff --git a/docs/curl-config.md b/docs/curl-config.md +index 12ad245b79..fa0e03d273 100644 +--- a/docs/curl-config.md ++++ b/docs/curl-config.md +@@ -87,7 +87,9 @@ no, one or several names. If more than one name, they appear comma-separated. + ## `--static-libs` + + Shows the complete set of libs and other linker options you need in order to +-link your application with libcurl statically. (Added in 7.17.1) ++link your application with libcurl statically. Note that Fedora/RHEL libcurl +packages do not provide any static libraries, thus cannot be linked statically. +(Added in 7.17.1) - .IP "--version" - Outputs version information about the installed libcurl. - .IP "--vernum" + + ## `--version` + diff --git a/libcurl.pc.in b/libcurl.pc.in -index 2ba9c39..f8f8b00 100644 +index c0ba5244a8..f3645e1748 100644 --- a/libcurl.pc.in +++ b/libcurl.pc.in -@@ -29,6 +29,7 @@ libdir=@libdir@ +@@ -28,6 +28,7 @@ libdir=@libdir@ includedir=@includedir@ supported_protocols="@SUPPORT_PROTOCOLS@" supported_features="@SUPPORT_FEATURES@" +configure_options=@CONFIGURE_OPTIONS@ Name: libcurl - URL: https://curl.haxx.se/ + URL: https://curl.se/ -- -2.5.0 +2.52.0 diff --git a/0102-curl-7.36.0-debug.patch b/0102-curl-7.36.0-debug.patch deleted file mode 100644 index 13f07df..0000000 --- a/0102-curl-7.36.0-debug.patch +++ /dev/null @@ -1,65 +0,0 @@ -From 6710648c2b270c9ce68a7d9f1bba1222c7be8b58 Mon Sep 17 00:00:00 2001 -From: Kamil Dudka -Date: Wed, 31 Oct 2012 11:38:30 +0100 -Subject: [PATCH] prevent configure script from discarding -g in CFLAGS (#496778) - ---- - configure | 13 +++---------- - m4/curl-compilers.m4 | 13 +++---------- - 2 files changed, 6 insertions(+), 20 deletions(-) - -diff --git a/configure b/configure -index 8f079a3..53b4774 100755 ---- a/configure -+++ b/configure -@@ -16524,18 +16524,11 @@ $as_echo "yes" >&6; } - gccvhi=`echo $gccver | cut -d . -f1` - gccvlo=`echo $gccver | cut -d . -f2` - compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null` -- flags_dbg_all="-g -g0 -g1 -g2 -g3" -- flags_dbg_all="$flags_dbg_all -ggdb" -- flags_dbg_all="$flags_dbg_all -gstabs" -- flags_dbg_all="$flags_dbg_all -gstabs+" -- flags_dbg_all="$flags_dbg_all -gcoff" -- flags_dbg_all="$flags_dbg_all -gxcoff" -- flags_dbg_all="$flags_dbg_all -gdwarf-2" -- flags_dbg_all="$flags_dbg_all -gvms" -+ flags_dbg_all="" - flags_dbg_yes="-g" - flags_dbg_off="" -- flags_opt_all="-O -O0 -O1 -O2 -O3 -Os -Og -Ofast" -- flags_opt_yes="-O2" -+ flags_opt_all="" -+ flags_opt_yes="" - flags_opt_off="-O0" - - OLDCPPFLAGS=$CPPFLAGS -diff --git a/m4/curl-compilers.m4 b/m4/curl-compilers.m4 -index 0cbba7a..9175b5b 100644 ---- a/m4/curl-compilers.m4 -+++ b/m4/curl-compilers.m4 -@@ -157,18 +157,11 @@ AC_DEFUN([CURL_CHECK_COMPILER_GNU_C], [ - gccvhi=`echo $gccver | cut -d . -f1` - gccvlo=`echo $gccver | cut -d . -f2` - compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null` -- flags_dbg_all="-g -g0 -g1 -g2 -g3" -- flags_dbg_all="$flags_dbg_all -ggdb" -- flags_dbg_all="$flags_dbg_all -gstabs" -- flags_dbg_all="$flags_dbg_all -gstabs+" -- flags_dbg_all="$flags_dbg_all -gcoff" -- flags_dbg_all="$flags_dbg_all -gxcoff" -- flags_dbg_all="$flags_dbg_all -gdwarf-2" -- flags_dbg_all="$flags_dbg_all -gvms" -+ flags_dbg_all="" - flags_dbg_yes="-g" - flags_dbg_off="" -- flags_opt_all="-O -O0 -O1 -O2 -O3 -Os -Og -Ofast" -- flags_opt_yes="-O2" -+ flags_opt_all="" -+ flags_opt_yes="" - flags_opt_off="-O0" - CURL_CHECK_DEF([_WIN32], [], [silent]) - else --- -1.7.1 - diff --git a/0104-curl-7.19.7-localhost6.patch b/0104-curl-7.19.7-localhost6.patch deleted file mode 100644 index 4f664d3..0000000 --- a/0104-curl-7.19.7-localhost6.patch +++ /dev/null @@ -1,51 +0,0 @@ -diff --git a/tests/data/test1083 b/tests/data/test1083 -index e441278..b0958b6 100644 ---- a/tests/data/test1083 -+++ b/tests/data/test1083 -@@ -33,13 +33,13 @@ ipv6 - http-ipv6 - - --HTTP-IPv6 GET with ip6-localhost --interface -+HTTP-IPv6 GET with localhost6 --interface - - ---g "http://%HOST6IP:%HTTP6PORT/1083" --interface ip6-localhost -+-g "http://%HOST6IP:%HTTP6PORT/1083" --interface localhost6 - - --perl -e "if ('%CLIENT6IP' ne '[::1]') {print 'Test requires default test server host address';} else {exec './server/resolve --ipv6 ip6-localhost'; print 'Cannot run precheck resolve';}" -+perl -e "if ('%CLIENT6IP' ne '[::1]') {print 'Test requires default test server host address';} else {exec './server/resolve --ipv6 localhost6'; print 'Cannot run precheck resolve';}" - - - -diff --git a/tests/data/test241 b/tests/data/test241 -index 46eae1f..4e1632c 100644 ---- a/tests/data/test241 -+++ b/tests/data/test241 -@@ -30,13 +30,13 @@ ipv6 - http-ipv6 - - --HTTP-IPv6 GET (using ip6-localhost) -+HTTP-IPv6 GET (using localhost6) - - ---g "http://ip6-localhost:%HTTP6PORT/241" -+-g "http://localhost6:%HTTP6PORT/241" - - --./server/resolve --ipv6 ip6-localhost -+./server/resolve --ipv6 localhost6 - - - -@@ -48,7 +48,7 @@ HTTP-IPv6 GET (using ip6-localhost) - - - GET /241 HTTP/1.1 --Host: ip6-localhost:%HTTP6PORT -+Host: localhost6:%HTTP6PORT - Accept: */* - - diff --git a/0105-curl-7.61.0-tests-ssh-keygen.patch b/0105-curl-7.61.0-tests-ssh-keygen.patch deleted file mode 100644 index b8b9ffb..0000000 --- a/0105-curl-7.61.0-tests-ssh-keygen.patch +++ /dev/null @@ -1,33 +0,0 @@ -From daded1aff280104d16e405fcd1be1a857c74b191 Mon Sep 17 00:00:00 2001 -From: Kamil Dudka -Date: Mon, 27 Aug 2018 15:53:35 +0200 -Subject: [PATCH] tests: make ssh-keygen always produce PEM format - -The default format produced by openssh-7.8p1 cannot be consumed -by currently available versions of libssh and libssh2. ---- - tests/sshserver.pl | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/tests/sshserver.pl b/tests/sshserver.pl -index 9b3d122..d477a02 100755 ---- a/tests/sshserver.pl -+++ b/tests/sshserver.pl -@@ -372,12 +372,12 @@ if((! -e $hstprvkeyf) || (! -s $hstprvkeyf) || - # Make sure all files are gone so ssh-keygen doesn't complain - unlink($hstprvkeyf, $hstpubkeyf, $cliprvkeyf, $clipubkeyf); - logmsg 'generating host keys...' if($verbose); -- if(system "\"$sshkeygen\" -q -t rsa -f $hstprvkeyf -C 'curl test server' -N ''") { -+ if(system "\"$sshkeygen\" -q -t rsa -f $hstprvkeyf -C 'curl test server' -N '' -m PEM") { - logmsg 'Could not generate host key'; - exit 1; - } - logmsg 'generating client keys...' if($verbose); -- if(system "\"$sshkeygen\" -q -t rsa -f $cliprvkeyf -C 'curl test client' -N ''") { -+ if(system "\"$sshkeygen\" -q -t rsa -f $cliprvkeyf -C 'curl test client' -N '' -m PEM") { - logmsg 'Could not generate client key'; - exit 1; - } --- -2.17.1 - diff --git a/ci.fmf b/ci.fmf new file mode 100644 index 0000000..d3546e9 --- /dev/null +++ b/ci.fmf @@ -0,0 +1,9 @@ +discover: + how: fmf +prepare: + how: install + exclude: + - libcurl-minimal + - curl-minimal +execute: + how: tmt diff --git a/curl-7.59.0.tar.xz.asc b/curl-7.59.0.tar.xz.asc deleted file mode 100644 index e74f7b2..0000000 --- a/curl-7.59.0.tar.xz.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAlqoxTwACgkQXMkI/bce -EsJrHQf7B0ik8F5dfGYumYWkXHc9poJU+dJ0o6pwzg4QsP+4mwVTw/gnrXDm1hVk -iFPIAdgTkxiIDZi+6mDfZA9dZ8Aq38XbYjRIwXTW4KrjTtEFQXtwlEClrHrJyXfl -+2YC52BcY0D2JVDqUAB9cVSSgaHHf1jd4h32a8YMrwco4jP5rSxbmZe4psU2m8TC -skaZEoSIRJzg5oV+AgDSQMrq+fLsc5lIDKTl+7v6sjnGlcYeRC1SiBePyrh5g/o5 -w4JJH839MyjrYvi6MyCBHeyCFYDrxKvQw8zRwivfZ1oipM2SaSVq8c60PdR85Zw5 -/SNOU/7Qpvhua0GhAfaI/CTwwewy6w== -=OcVv ------END PGP SIGNATURE----- diff --git a/curl.rpmlintrc b/curl.rpmlintrc new file mode 100644 index 0000000..022a98e --- /dev/null +++ b/curl.rpmlintrc @@ -0,0 +1,15 @@ +# Intentional stuff we're not concerned about +addFilter("unversioned-explicit-provides webclient") +addFilter("package-with-huge-docs") +addFilter("crypto-policy-non-compliance-openssl /usr/lib(64)?/libcurl.so.4") + +# This is just plain wrong (%_configure redefinition) +addFilter("configure-without-libdir-spec") + +# Technical term +addFilter("E: spelling-error \('kerberos',") + +# Artefacts of RemovePathPostfixes: .minimal +addFilter("W: dangling-relative-symlink /usr/lib/.build-id/.* ../../../../.*curl.*\.minimal") +#addFilter("W: dangling-relative-symlink /usr/lib.*/libcurl.so.4 libcurl.so.4.*.minimal") +#addFilter("E: invalid-ldconfig-symlink /usr/lib.*/libcurl.so.4.* libcurl.so.4.*.minimal") diff --git a/curl.spec b/curl.spec index ad34021..c0ad4db 100644 --- a/curl.spec +++ b/curl.spec @@ -1,129 +1,177 @@ +# OpenSSL ENGINE support +# This is deprecated by OpenSSL since OpenSSL 3.0 and by Fedora since Fedora 41 +# https://fedoraproject.org/wiki/Changes/OpensslDeprecateEngine +# Change the bcond to 0 to turn off ENGINE support by default +%bcond openssl_engine_support %[%{defined fedora} || 0%{?rhel} < 10] + +# HTTP/3 support +# This is using ngtcp2 with OpenSSL 3.5 QUIC support instead of curl's +# experimental native OpenSSL 3.5 support. +%bcond http3 %[0%{?fedora} >= 43] + Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl -Version: 7.59.0 -Release: 10%{?dist} -License: MIT -Source: https://curl.haxx.se/download/%{name}-%{version}.tar.xz - -# ftp: fix typo in recursive callback detection for seeking -Patch1: 0001-curl-7.58.0-ftp-typo-in-recursive-callback-detection.patch - -# fix RTSP bad headers buffer over-read (CVE-2018-1000301) -Patch2: 0002-curl-7.59.0-CVE-2018-1000301.patch - -# fix FTP shutdown response buffer overflow (CVE-2018-1000300) -Patch3: 0003-curl-7.59.0-CVE-2018-1000300.patch - -# http2: handle GOAWAY properly (#1585797) -Patch4: 0004-curl-7.59.0-http2-GOAWAY.patch - -# fix heap buffer overflow in SMTP send (CVE-2018-0500) -Patch5: 0005-curl-7.59.0-CVE-2018-0500.patch - -# ssl: set engine implicitly when a PKCS#11 URI is provided (#1219544) -Patch6: 0006-curl-7.59.0-pkcs11.patch - -# scp/sftp: fix infinite connect loop on invalid private key (#1595135) -Patch7: 0007-curl-7.61.0-libssh.patch - -# fix NTLM password overflow via integer overflow (CVE-2018-14618) -Patch8: 0008-curl-7.59.0-CVE-2018-14618.patch - -# test320: update expected output for gnutls-3.6.4 -Patch9: 0009-curl-7.59.0-test320-gnutls.patch - -# fix bad arethmetic when outputting warnings to stderr (CVE-2018-16842) -Patch10: 0010-curl-7.59.0-CVE-2018-16842.patch -# we need `git apply` to apply this patch -BuildRequires: git - -# fix use-after-free in handle close (CVE-2018-16840) -Patch11: 0011-curl-7.59.0-CVE-2018-16840.patch - -# SASL password overflow via integer overflow (CVE-2018-16839) -Patch12: 0012-curl-7.59.0-CVE-2018-16839.patch - -# make zsh completion work again -Patch13: 0013-curl-7.61.1-zsh-completion.patch +Version: 8.18.0 +Release: 1%{?dist} +License: curl +Source0: https://curl.se/download/%{name}-%{version_no_tilde}.tar.xz +Source1: https://curl.se/download/%{name}-%{version_no_tilde}.tar.xz.asc +# The curl download page ( https://curl.se/download.html ) links +# to Daniel's address page https://daniel.haxx.se/address.html for the GPG Key, +# which points to the GPG key as of April 7th 2016 of https://daniel.haxx.se/mykey.asc +Source2: mykey.asc # patch making libcurl multilib ready Patch101: 0101-curl-7.32.0-multilib.patch -# prevent configure script from discarding -g in CFLAGS (#496778) -Patch102: 0102-curl-7.36.0-debug.patch - -# use localhost6 instead of ip6-localhost in the curl test-suite -Patch104: 0104-curl-7.19.7-localhost6.patch - -# tests: make ssh-keygen always produce PEM format (#1622594) -Patch105: 0105-curl-7.61.0-tests-ssh-keygen.patch - Provides: curl-full = %{version}-%{release} +# do not fail when trying to install curl-minimal after drop +Provides: curl-minimal = %{version}-%{release} Provides: webclient -URL: https://curl.haxx.se/ +URL: https://curl.se/ + +%if 0%{?fedora} +# instead of bundled wcurl utility, recommend wcurl package +Recommends: wcurl +%endif + +# The reason for maintaining two separate packages for curl is no longer valid. +# The curl-minimal is currently almost identical to curl-full, so let's drop curl-minimal. +# For more details, see https://bugzilla.redhat.com/show_bug.cgi?id=2262096 +Obsoletes: curl-minimal < 8.6.0-4 BuildRequires: automake +BuildRequires: brotli-devel BuildRequires: coreutils BuildRequires: gcc BuildRequires: groff BuildRequires: krb5-devel BuildRequires: libidn2-devel -BuildRequires: libmetalink-devel BuildRequires: libnghttp2-devel +%if %{with http3} +BuildRequires: libnghttp3-devel +%endif BuildRequires: libpsl-devel BuildRequires: libssh-devel +BuildRequires: libtool BuildRequires: make +%if %{with http3} +BuildRequires: ngtcp2-crypto-ossl-devel +%endif BuildRequires: openldap-devel BuildRequires: openssh-clients BuildRequires: openssh-server +BuildRequires: openssl BuildRequires: openssl-devel +%if %{with openssl_engine_support} && 0%{?fedora} >= 41 +BuildRequires: openssl-devel-engine +%endif +BuildRequires: perl-interpreter BuildRequires: pkgconfig -BuildRequires: python +BuildRequires: python-unversioned-command +BuildRequires: python3-devel BuildRequires: sed -BuildRequires: stunnel BuildRequires: zlib-devel +# For gpg verification of source tarball +BuildRequires: gnupg2 + +# needed to compress content of tool_hugehelp.c after changing curl.1 man page +BuildRequires: perl(IO::Compress::Gzip) + +# needed for generation of shell completions +BuildRequires: perl(Getopt::Long) +BuildRequires: perl(Pod::Usage) +BuildRequires: perl(strict) +BuildRequires: perl(warnings) + +# needed for test1560 to succeed +BuildRequires: glibc-langpack-en + # gnutls-serv is used by the upstream test-suite BuildRequires: gnutls-utils +# hostname(1) is used by the test-suite but it is missing in armv7hl buildroot +BuildRequires: hostname + # nghttpx (an HTTP/2 proxy) is used by the upstream test-suite BuildRequires: nghttp2 # perl modules used in the test suite +BuildRequires: perl(B) +BuildRequires: perl(base) +BuildRequires: perl(constant) BuildRequires: perl(Cwd) BuildRequires: perl(Digest::MD5) +BuildRequires: perl(Digest::SHA) BuildRequires: perl(Exporter) BuildRequires: perl(File::Basename) BuildRequires: perl(File::Copy) BuildRequires: perl(File::Spec) +BuildRequires: perl(I18N::Langinfo) BuildRequires: perl(IPC::Open2) +BuildRequires: perl(List::Util) +BuildRequires: perl(Memoize) BuildRequires: perl(MIME::Base64) -BuildRequires: perl(strict) -BuildRequires: perl(Time::Local) +BuildRequires: perl(POSIX) +BuildRequires: perl(Storable) BuildRequires: perl(Time::HiRes) -BuildRequires: perl(warnings) +BuildRequires: perl(Time::Local) BuildRequires: perl(vars) +%if 0%{?fedora} +# needed for upstream test 1451 +BuildRequires: python3-impacket +%endif + # The test-suite runs automatically through valgrind if valgrind is available # on the system. By not installing valgrind into mock's chroot, we disable # this feature for production builds on architectures where valgrind is known # to be less reliable, in order to avoid unnecessary build failures (see RHBZ # #810992, #816175, and #886891). Nevertheless developers are free to install # valgrind manually to improve test coverage on any architecture. -%ifarch x86_64 %{ix86} +%ifarch x86_64 BuildRequires: valgrind %endif +# stunnel is used by upstream tests but it does not seem to work reliably +# on aarch64/s390x and occasionally breaks some tests (mainly 1561 and 1562) +%ifnarch aarch64 s390x +BuildRequires: stunnel +%endif + # using an older version of libcurl could result in CURLE_UNKNOWN_OPTION Requires: libcurl%{?_isa} >= %{version}-%{release} +# Define OPENSSL_NO_ENGINE to avoid inclusion of +%if %{without openssl_engine_support} +%global _preprocessor_defines %{?_preprocessor_defines} -DOPENSSL_NO_ENGINE +%endif + +# require at least the version of libnghttp2 that we were built against, +# to ensure that we have the necessary symbols available (#2144277) +%global libnghttp2_version %(pkg-config --modversion libnghttp2 2>/dev/null || echo 0) + +# require at least the version of libnghttp3 that we were built against, +# to ensure that we have the necessary symbols available +%global libnghttp3_version %(pkg-config --modversion libnghttp3 2>/dev/null || echo 0) + +# require at least the version of libpsl that we were built against, +# to ensure that we have the necessary symbols available (#1631804) +%global libpsl_version %(pkg-config --modversion libpsl 2>/dev/null || echo 0) + # require at least the version of libssh that we were built against, # to ensure that we have the necessary symbols available (#525002, #642796) %global libssh_version %(pkg-config --modversion libssh 2>/dev/null || echo 0) +# require at least the version of ngtcp2 that we were built against, +# to ensure that we have the necessary symbols available +%global ngtcp2_version %(pkg-config --modversion libngtcp2 2>/dev/null || echo 0) + # require at least the version of openssl-libs that we were built against, # to ensure that we have the necessary symbols available (#1462184, #1462211) -%global openssl_version %(pkg-config --modversion openssl 2>/dev/null || echo 0) +# (we need to translate 3.0.0-alpha16 -> 3.0.0-0.alpha16 and 3.0.0-beta1 -> 3.0.0-0.beta1 though) +%global openssl_version %({ pkg-config --modversion openssl 2>/dev/null || echo 0;} | sed 's|-|-0.|') %description curl is a command line tool for transferring data with URL syntax, supporting @@ -135,7 +183,15 @@ resume, proxy tunneling and a busload of other useful tricks. %package -n libcurl Summary: A library for getting files from web servers +Requires: libnghttp2%{?_isa} >= %{libnghttp2_version} +%if %{with http3} +Requires: libnghttp3%{?_isa} >= %{libnghttp3_version} +%endif +Requires: libpsl%{?_isa} >= %{libpsl_version} Requires: libssh%{?_isa} >= %{libssh_version} +%if %{with http3} +Requires: ngtcp2%{?_isa} >= %{ngtcp2_version} +%endif Requires: openssl-libs%{?_isa} >= 1:%{openssl_version} Provides: libcurl-full = %{version}-%{release} Provides: libcurl-full%{?_isa} = %{version}-%{release} @@ -161,27 +217,13 @@ The libcurl-devel package includes header files and libraries necessary for developing programs which use the libcurl library. It contains the API documentation of the library, too. -%package -n curl-minimal -Summary: Conservatively configured build of curl for minimal installations -Provides: curl = %{version}-%{release} -Conflicts: curl -RemovePathPostfixes: .minimal - -# using an older version of libcurl could result in CURLE_UNKNOWN_OPTION -Requires: libcurl%{?_isa} >= %{version}-%{release} - -%description -n curl-minimal -This is a replacement of the 'curl' package for minimal installations. It -comes with a limited set of features compared to the 'curl' package. On the -other hand, the package is smaller and requires fewer run-time dependencies to -be installed. - %package -n libcurl-minimal Summary: Conservatively configured build of libcurl for minimal installations +Requires: libnghttp2%{?_isa} >= %{libnghttp2_version} Requires: openssl-libs%{?_isa} >= 1:%{openssl_version} Provides: libcurl = %{version}-%{release} Provides: libcurl%{?_isa} = %{version}-%{release} -Conflicts: libcurl +Conflicts: libcurl%{?_isa} RemovePathPostfixes: .minimal # needed for RemovePathPostfixes to work with shared libraries %undefine __brp_ldconfig @@ -193,81 +235,107 @@ other hand, the package is smaller and requires fewer run-time dependencies to be installed. %prep -%setup -q +%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}' +%autosetup -n %{name}-%{version_no_tilde} -p1 -# upstream patches -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 -%patch6 -p1 -%patch7 -p1 -%patch8 -p1 -%patch9 -p1 -git init -git apply %{PATCH10} -%patch11 -p1 -%patch12 -p1 -%patch13 -p1 - -# Fedora patches -%patch101 -p1 -%patch102 -p1 -%patch104 -p1 -%patch105 -p1 - -# regenerate Makefile.in files -aclocal -I m4 -automake - -# disable test 1112 (#565305) and test 1801 +# disable test 1801 # -printf "1112\n1801\n" >> tests/data/DISABLED +printf "1801\n" >>tests/data/DISABLED -# disable test 1319 on ppc64 (server times out) -%ifarch ppc64 -echo "1319" >> tests/data/DISABLED +# test3026: avoid pthread_create() failure due to resource exhaustion on i386 +%ifarch %{ix86} +sed -e 's|NUM_THREADS 1000$|NUM_THREADS 256|' \ + -i tests/libtest/lib3026.c %endif +# adapt test 323 for updated OpenSSL +sed -e 's|^35$|35,52|' -i tests/data/test323 + +# use localhost6 instead of ip6-localhost in the curl test-suite +( + # avoid glob expansion in the trace output of `bash -x` + { set +x; } 2>/dev/null + cmd="sed -e 's|ip6-localhost|localhost6|' -i tests/data/test[0-9]*" + printf "+ %s\n" "$cmd" >&2 + eval "$cmd" +) + +# avoid unnecessary arch-dependent line in the processed file +sed -e '/# Used in @libdir@/d' \ + -i curl-config.in + %build +# regenerate the configure script and Makefile.in files +autoreconf -fiv + mkdir build-{full,minimal} -export common_configure_opts=" \ - --cache-file=../config.cache \ - --disable-static \ - --enable-symbol-hiding \ - --enable-ipv6 \ - --enable-threaded-resolver \ - --with-gssapi \ - --with-nghttp2 \ - --with-ssl --with-ca-bundle=%{_sysconfdir}/pki/tls/certs/ca-bundle.crt" +export common_configure_opts=" \ + --cache-file=../config.cache \ + --disable-manual \ + --disable-static \ + --enable-hsts \ + --enable-ipv6 \ + --enable-symbol-hiding \ + --enable-threaded-resolver \ + --without-zstd \ + --with-gssapi \ + --with-libidn2 \ + --with-nghttp2 \ + --with-ssl --with-ca-bundle=%{_sysconfdir}/pki/ca-trust/extracted/pem/tls-ca-bundle.pem \ + --with-zsh-functions-dir" %global _configure ../configure # configure minimal build ( cd build-minimal - %configure $common_configure_opts \ - --disable-ldap \ - --disable-ldaps \ - --disable-manual \ - --without-libidn2 \ - --without-libmetalink \ - --without-libpsl \ + %configure $common_configure_opts \ + --disable-dict \ + --disable-gopher \ + --disable-imap \ + --disable-ldap \ + --disable-ldaps \ + --disable-mqtt \ + --disable-ntlm \ + --disable-pop3 \ + --disable-rtsp \ + --disable-smb \ + --disable-smtp \ + --disable-telnet \ + --disable-tftp \ + --disable-tls-srp \ + --disable-websockets \ + --without-brotli \ + --without-libpsl \ --without-libssh ) # configure full build ( cd build-full - %configure $common_configure_opts \ - --enable-ldap \ - --enable-ldaps \ - --enable-manual \ - --with-libidn2 \ - --with-libmetalink \ - --with-libpsl \ - --with-libssh + %configure $common_configure_opts \ + --enable-dict \ + --enable-gopher \ + --enable-imap \ + --enable-ldap \ + --enable-ldaps \ + --enable-mqtt \ + --enable-ntlm \ + --enable-pop3 \ + --enable-rtsp \ + --enable-smb \ + --enable-smtp \ + --enable-telnet \ + --enable-tftp \ + --enable-tls-srp \ + --enable-websockets \ + --with-brotli \ + --with-libpsl \ + --with-libssh \ +%if %{with http3} + --with-nghttp3 \ + --with-ngtcp2 \ +%endif ) # avoid using rpath @@ -275,60 +343,82 @@ sed -e 's/^runpath_var=.*/runpath_var=/' \ -e 's/^hardcode_libdir_flag_spec=".*"$/hardcode_libdir_flag_spec=""/' \ -i build-{full,minimal}/libtool -make %{?_smp_mflags} V=1 -C build-minimal -make %{?_smp_mflags} V=1 -C build-full +%make_build V=1 -C build-minimal +%make_build V=1 -C build-full %check -# we have to override LD_LIBRARY_PATH because we eliminated rpath -LD_LIBRARY_PATH="$RPM_BUILD_ROOT%{_libdir}:$LD_LIBRARY_PATH" -export LD_LIBRARY_PATH - # compile upstream test-cases -cd build-full/tests -make %{?_smp_mflags} V=1 +%make_build V=1 -C build-minimal/tests +%make_build V=1 -C build-full/tests + +# relax crypto policy for the test-suite to make it pass again (#1610888) +export OPENSSL_SYSTEM_CIPHERS_OVERRIDE=XXX +export OPENSSL_CONF= + +# make runtests.pl work for out-of-tree builds +export srcdir=../../tests + +# prevent valgrind from being extremely slow (#1662656) +# https://fedoraproject.org/wiki/Changes/DebuginfodByDefault +unset DEBUGINFOD_URLS + +# run the upstream test-suite for both curl-minimal and curl-full +for size in minimal full; do ( + cd build-${size} + + # we have to override LD_LIBRARY_PATH because we eliminated rpath + export LD_LIBRARY_PATH="${PWD}/lib/.libs" + + cd tests + perl -I../../tests ../../tests/runtests.pl -a -p -v '!flaky' +) +done -# run the upstream test-suite -srcdir=../../tests perl -I../../tests ../../tests/runtests.pl -a -p -v '!flaky' %install # install and rename the library that will be packaged as libcurl-minimal -make DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p" install -C build-minimal/lib +%make_install -C build-minimal/lib rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.{la,so} for i in ${RPM_BUILD_ROOT}%{_libdir}/*; do mv -v $i $i.minimal done -# install and rename the executable that will be packaged as curl-minimal -make DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p" install -C build-minimal/src -mv -v ${RPM_BUILD_ROOT}%{_bindir}/curl{,.minimal} - # install libcurl.m4 install -d $RPM_BUILD_ROOT%{_datadir}/aclocal install -m 644 docs/libcurl/libcurl.m4 $RPM_BUILD_ROOT%{_datadir}/aclocal # install the executable and library that will be packaged as curl and libcurl cd build-full -make DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p" install +%make_install -# install zsh completion for curl -# (we have to override LD_LIBRARY_PATH because we eliminated rpath) -LD_LIBRARY_PATH="$RPM_BUILD_ROOT%{_libdir}:$LD_LIBRARY_PATH" \ - make DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p" install -C scripts +# do not install /usr/share/fish/completions/curl.fish which is also installed +# by fish-3.0.2-1.module_f31+3716+57207597 and would trigger a conflict +rm -rf ${RPM_BUILD_ROOT}%{_datadir}/fish rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la +# do not install bundled wcurl utility +# it is provided by the wcurl package +rm -f ${RPM_BUILD_ROOT}%{_bindir}/wcurl +rm -f ${RPM_BUILD_ROOT}%{_mandir}/man1/wcurl.1* + %ldconfig_scriptlets -n libcurl %ldconfig_scriptlets -n libcurl-minimal %files -%doc CHANGES README* -%doc docs/BUGS docs/FAQ docs/FEATURES -%doc docs/MANUAL docs/RESOURCES -%doc docs/TheArtOfHttpScripting docs/TODO +%doc CHANGES.md +%doc README +%doc docs/BUGS.md +%doc docs/DISTROS.md +%doc docs/FAQ.md +%doc docs/FEATURES.md +%doc docs/KNOWN_BUGS.md +%doc docs/TODO.md +%doc docs/TheArtOfHttpScripting.md %{_bindir}/curl %{_mandir}/man1/curl.1* -%{_datadir}/zsh/site-functions +%{_datadir}/zsh %files -n libcurl %license COPYING @@ -337,7 +427,7 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la %files -n libcurl-devel %doc docs/examples/*.c docs/examples/Makefile.example docs/INTERNALS.md -%doc docs/CONTRIBUTE.md docs/libcurl/ABI +%doc docs/CONTRIBUTE.md docs/libcurl/ABI.md %{_bindir}/curl-config* %{_includedir}/curl %{_libdir}/*.so @@ -346,45 +436,649 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la %{_mandir}/man3/* %{_datadir}/aclocal/libcurl.m4 -%files -n curl-minimal -%{_bindir}/curl.minimal -%{_mandir}/man1/curl.1* - %files -n libcurl-minimal %license COPYING %{_libdir}/libcurl.so.4.minimal %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %changelog -* Mon Feb 11 2019 Kamil Dudka - 7.61.1-10 +* Wed Jan 07 2026 Jan Macku - 8.18.0-1 +- new upstream release + +* Mon Jan 05 2026 Jan Macku - 8.18.0~rc3-1 +- new upstream release candidate + +* Tue Dec 16 2025 Jan Macku - 8.18.0~rc2-1 +- new upstream release candidate +- reenable valgrind on test 616 + +* Tue Dec 09 2025 Jan Macku - 8.18.0~rc1-1 +- new upstream release candidate +- drop upstreamed patches + +* Sun Dec 07 2025 Aleksei Bavshin - 8.17.0-5 +- Enable HTTP/3 support with ngtcp2 + +* Thu Dec 04 2025 Jan Macku - 8.17.0-4 +- apply upstream patches for valgrind issues in HTTP/3 (#2408809) + +* Thu Nov 13 2025 Jan Macku - 8.17.0-3 +- recommend wcurl package instead of bundled wcurl utility + +* Thu Nov 13 2025 Jan Macku - 8.17.0-2 +- remove bundled wcurl utility that was added in 8.14.0~rc1, use wcurl package instead + +* Mon Nov 10 2025 Jan Macku - 8.17.0-1 +- new upstream release + +* Thu Oct 30 2025 Jan Macku - 8.17.0~rc3-1 +- new upstream release candidate + +* Tue Oct 21 2025 Jan Macku - 8.17.0~rc2-1 +- new upstream release candidate + +* Mon Oct 13 2025 Jan Macku - 8.17.0~rc1-1 +- new upstream release candidate + +* Wed Sep 10 2025 Jan Macku - 8.16.0-1 +- new upstream release + +* Wed Sep 03 2025 Jan Macku - 8.16.0~rc3-1 +- new upstream release candidate + +* Tue Aug 26 2025 Jan Macku - 8.16.0~rc2-1 +- new upstream release candidate + +* Wed Jul 23 2025 Fedora Release Engineering - 8.15.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild + +* Wed Jul 16 2025 Jan Macku - 8.15.0-1 +- new upstream release + +* Thu Jul 10 2025 Jan Macku - 8.15.0~rc3-1 +- new upstream release candidate + +* Mon Jun 30 2025 Jan Macku - 8.15.0~rc2-1 +- new upstream release candidate + +* Mon Jun 23 2025 Jan Macku - 8.15.0~rc1-1 +- new upstream release candidate + +* Wed Jun 04 2025 Jan Macku - 8.14.1-1 +- new upstream release +- drop: 0001-curl-8.14.0-multi-fix-add_handle-resizing.patch (no longer needed) + +* Wed May 28 2025 Jan Macku - 8.14.0-1 +- new upstream release, which fixes the following vulnerabilities + CVE-2025-5025 - No QUIC certificate pinning with wolfSSL + CVE-2025-4947 - QUIC certificate check skip with wolfSSL +- fix regression: curl_multi_add_handle() returning OOM when using more than 400 handles + +* Fri May 02 2025 Jan Macku - 8.14.0~rc1-1 +- new upstream release candidate +- new utility: wcurl which lets you download URLs without having to remember any parameters + +* Wed Apr 02 2025 Jan Macku - 8.13.0-1 +- new upstream release +- add build time dependency on openssl (required by tests) + +* Wed Mar 26 2025 Jan Macku - 8.13.0~rc3-1 +- new upstream release candidate +- drop: 0102-curl-7.84.0-test3026.patch (no longer needed) + +* Tue Mar 18 2025 Jan Macku - 8.13.0~rc2-1 +- new upstream release candidate + +* Thu Mar 13 2025 Jan Macku - 8.13.0~rc1-2 +- fix --cert parameter (#2351531) + +* Mon Mar 10 2025 Jan Macku - 8.13.0~rc1-1 +- new upstream release candidate + +* Wed Feb 05 2025 Jan Macku - 8.12.0-1 +- new upstream release, which fixes the following vulnerabilities + CVE-2025-0725 - gzip integer overflow + CVE-2025-0665 - eventfd double close + CVE-2025-0167 - netrc and default credential leak +- drop upstreamed patches + +* Fri Jan 31 2025 Jan Macku - 8.11.1-4 +- TLS: check connection for SSL use, not handler (#2324130#c7) + +* Thu Jan 16 2025 Fedora Release Engineering - 8.11.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild + +* Sun Dec 15 2024 Paul Howarth - 8.11.1-2 +- Fix crash with Unexpected error 9 on netlink descriptor 10 (rhbz#2332350) + - https://github.com/curl/curl/issues/15725 + - https://github.com/curl/curl/pull/15727 + +* Wed Dec 11 2024 Jan Macku - 8.11.1-1 +- new upstream release, which fixes the following vulnerabilities + CVE-2024-11053 - netrc and redirect credential leak + +* Wed Nov 06 2024 Yaakov Selkowitz - 8.11.0-2 +- Disable engine support on RHEL 10+ + +* Wed Nov 06 2024 Jan Macku - 8.11.0-1 +- new upstream release, which fixes the following vulnerabilities + CVE-2024-9681 - HSTS subdomain overwrites parent cache entry + +* Tue Sep 24 2024 Jan Macku - 8.10.1-2 +- Use tls-ca-bundle.pem instead of ca-bundle.crt (OpenSSL specific) (#2313564) + +* Wed Sep 18 2024 Jan Macku - 8.10.1-1 +- new upstream release + +* Wed Sep 11 2024 Jan Macku - 8.10.0-1 +- new upstream release + +* Wed Aug 21 2024 Jacek Migacz - 8.9.1-3 +- Retire deprecated ntlm-wb configure option + +* Mon Aug 5 2024 voidanix - 8.9.1-2 +- Apply SIGPIPE-related patch due to upstream regression + +* Wed Jul 24 2024 Jan Macku - 8.9.1-1 +- new upstream release + +* Wed Jul 24 2024 Jan Macku - 8.9.0-1 +- new upstream release, which fixes the following vulnerabilities + CVE-2024-6874 - macidn punycode buffer overread + CVE-2024-6197 - freeing stack buffer in utf8asn1str +- drop upstreamed patches + +* Wed Jul 17 2024 Fedora Release Engineering - 8.8.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild + +* Fri Jul 12 2024 Paul Howarth - 8.8.0-2 +- adapt for https://fedoraproject.org/wiki/Changes/OpensslDeprecateEngine +- added build condition for openssl_engine_support, true by default so as to + not change the resulting built package (yet) +- with openssl_engine_support true, BR: openssl-devel-engine +- with openssl_engine_support false, build with -DOPENSSL_NO_ENGINE + +* Wed May 22 2024 Jan Macku - 8.8.0-1 +- new upstream release +- drop upstreamed patches + +* Wed Mar 27 2024 Jan Macku - 8.7.1-1 +- new upstream release, which fixes the following vulnerabilities + CVE-2024-2004 - Usage of disabled protocol + CVE-2024-2379 - QUIC certificate check bypass with wolfSSL + CVE-2024-2398 - HTTP/2 push headers memory-leak + CVE-2024-2466 - TLS certificate check bypass with mbedTLS +- drop upstreamed patches +- reenable test 0313 +- fix zsh completions, use --with-zsh-functions-dir +- apply upstream patches for 8.7.1 issues and regressions + +* Mon Feb 19 2024 Jan Macku - 8.6.0-7 +- Fix: Leftovers after chunking should not be part of the curl buffer output (#2264220) + +* Mon Feb 12 2024 Jan Macku - 8.6.0-6 +- revert "receive max buffer" + add test case +- temporarily disable test 0313 +- remove suggests of libcurl-minimal in curl-full + +* Mon Feb 12 2024 Jan Macku - 8.6.0-5 +- add Provides to curl-minimal + +* Wed Feb 07 2024 Jan Macku - 8.6.0-4 +- drop curl-minimal subpackage in favor of curl-full (#2262096) + +* Mon Feb 05 2024 Jan Macku - 8.6.0-3 +- ignore response body to HEAD requests + +* Fri Feb 02 2024 Jan Macku - 8.6.0-2 +- don't build manual for curl-full - use man 1 curl instead (#2262373) + +* Thu Feb 01 2024 Jan Macku - 8.6.0-1 +- new upstream release, which fixes the following vulnerabilities + CVE-2024-0853 - OCSP verification bypass with TLS session reuse +- drop 001-dist-add-tests-errorcodes.pl-to-the-tarball.patch (replaced by upstream fix) +- remove accidentally included mk-ca-bundle.1 man page (upstream bug #12843) + +* Fri Jan 19 2024 Fedora Release Engineering - 8.5.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Wed Dec 06 2023 Jan Macku - 8.5.0-1 +- new upstream release, which fixes the following vulnerabilities + CVE-2023-46218 - cookie mixed case PSL bypass + CVE-2023-46219 - HSTS long file name clears contents + +* Wed Oct 11 2023 Jan Macku - 8.4.0-1 +- new upstream release, which fixes the following vulnerabilities + CVE-2023-38545 - SOCKS5 heap buffer overflow + CVE-2023-38546 - cookie injection with none file + +* Wed Sep 13 2023 Jan Macku - 8.3.0-1 +- new upstream release, which fixes the following vulnerabilities + CVE-2023-38039 - HTTP headers eat all memory + +* Wed Aug 02 2023 Jan Macku - 8.2.1-2 +- enable websockets (#2224651) + +* Wed Jul 26 2023 Lukáš Zaoral - 8.2.1-1 +- new upstream release (rhbz#2226659) + +* Wed Jul 19 2023 Jan Macku - 8.2.0-1 +- new upstream release, which fixes the following vulnerabilities + CVE-2023-32001 - fopen race condition + +* Tue May 30 2023 Jan Macku - 8.1.2-1 +- new upstream release, with small bugfixes and improvements + +* Tue May 23 2023 Jan Macku - 8.1.1-1 +- new upstream release, with small bugfixes and improvements + +* Wed May 17 2023 Kamil Dudka - 8.1.0-1 +- new upstream release, which fixes the following vulnerabilities + CVE-2023-28321 - IDN wildcard match + CVE-2023-28322 - more POST-after-PUT confusion + +* Fri Apr 21 2023 Kamil Dudka - 8.0.1-3 +- tests: re-enable temporarily disabled test-cases +- tests: attempt to fix a conflict on port numbers +- apply patches automatically + +* Tue Mar 21 2023 Lukáš Zaoral - 8.0.1-2 +- migrated to SPDX license + +* Mon Mar 20 2023 Kamil Dudka - 8.0.1-1 +- new upstream release + +* Mon Mar 20 2023 Kamil Dudka - 8.0.0-1 +- new upstream release, which fixes the following vulnerabilities + CVE-2023-27538 - SSH connection too eager reuse still + CVE-2023-27537 - HSTS double-free + CVE-2023-27536 - GSS delegation too eager connection re-use + CVE-2023-27535 - FTP too eager connection reuse + CVE-2023-27534 - SFTP path ~ resolving discrepancy + CVE-2023-27533 - TELNET option IAC injection + +* Mon Feb 20 2023 Kamil Dudka - 7.88.1-1 +- new upstream release + +* Fri Feb 17 2023 Kamil Dudka - 7.88.0-2 +- http2: set drain on stream end + +* Wed Feb 15 2023 Kamil Dudka - 7.88.0-1 +- new upstream release, which fixes the following vulnerabilities + CVE-2023-23916 - HTTP multi-header compression denial of service + CVE-2023-23915 - HSTS amnesia with --parallel + CVE-2023-23914 - HSTS ignored on multiple requests + +* Fri Jan 20 2023 Kamil Dudka - 7.87.0-4 +- fix regression in a public header file (#2162716) + +* Thu Jan 19 2023 Fedora Release Engineering - 7.87.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Wed Jan 11 2023 Kamil Dudka - 7.87.0-2 +- test3012: temporarily disable valgrind (#2143040) + +* Wed Dec 21 2022 Kamil Dudka - 7.87.0-1 +- new upstream release, which fixes the following vulnerabilities + CVE-2022-43552 - HTTP Proxy deny use-after-free + CVE-2022-43551 - Another HSTS bypass via IDN + +* Tue Nov 29 2022 Kamil Dudka - 7.86.0-4 +- noproxy: tailmatch like in 7.85.0 and earlier (#2149224) + +* Thu Nov 24 2022 Kamil Dudka - 7.86.0-3 +- enforce versioned libnghttp2 dependency for libcurl (#2144277) + +* Mon Oct 31 2022 Kamil Dudka - 7.86.0-2 +- fix regression in noproxy matching + +* Wed Oct 26 2022 Kamil Dudka - 7.86.0-1 +- new upstream release, which fixes the following vulnerabilities + CVE-2022-42916 - HSTS bypass via IDN + CVE-2022-42915 - HTTP proxy double-free + CVE-2022-35260 - .netrc parser out-of-bounds access + CVE-2022-32221 - POST following PUT confusion + +* Thu Sep 01 2022 Kamil Dudka - 7.85.0-1 +- new upstream release, which fixes the following vulnerability + CVE-2022-35252 - control code in cookie denial of service + +* Thu Aug 25 2022 Kamil Dudka - 7.84.0-3 +- tests: fix http2 tests to use CRLF headers to make it work with nghttp2-1.49.0 + +* Wed Jul 20 2022 Fedora Release Engineering - 7.84.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Mon Jun 27 2022 Kamil Dudka - 7.84.0-1 +- new upstream release, which fixes the following vulnerabilities + CVE-2022-32207 - Unpreserved file permissions + CVE-2022-32205 - Set-Cookie denial of service + CVE-2022-32206 - HTTP compression denial of service + CVE-2022-32208 - FTP-KRB bad message verification + +* Wed May 11 2022 Kamil Dudka - 7.83.1-1 +- new upstream release, which fixes the following vulnerabilities + CVE-2022-27782 - fix too eager reuse of TLS and SSH connections + CVE-2022-27779 - do not accept cookies for TLD with trailing dot + CVE-2022-27778 - do not remove wrong file on error + CVE-2022-30115 - hsts: ignore trailing dots when comparing hosts names + CVE-2022-27780 - reject percent-encoded path separator in URL host + +* Wed Apr 27 2022 Kamil Dudka - 7.83.0-1 +- new upstream release, which fixes the following vulnerabilities + CVE-2022-27774 - curl credential leak on redirect + CVE-2022-27776 - curl auth/cookie leak on redirect + CVE-2022-27775 - curl bad local IPv6 connection reuse + CVE-2022-22576 - curl OAUTH2 bearer bypass in connection re-use + +* Tue Mar 15 2022 Kamil Dudka - 7.82.0-2 +- openssl: fix incorrect CURLE_OUT_OF_MEMORY error on CN check failure + +* Sat Mar 05 2022 Kamil Dudka - 7.82.0-1 +- new upstream release + +* Thu Feb 24 2022 Kamil Dudka - 7.81.0-4 +- enable IDN support also in libcurl-minimal + +* Thu Feb 10 2022 Zbigniew Jędrzejewski-Szmek - 7.81.0-3 +- Suggest libcurl-minimal in curl-minimal + +* Thu Jan 20 2022 Fedora Release Engineering - 7.81.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Wed Jan 05 2022 Kamil Dudka - 7.81.0-1 +- new upstream release + +* Sun Nov 14 2021 Paul Howarth - 7.80.0-2 +- sshserver.pl (used in test suite) now requires the Digest::SHA perl module + +* Wed Nov 10 2021 Kamil Dudka - 7.80.0-1 +- new upstream release + +* Tue Oct 26 2021 Kamil Dudka - 7.79.1-3 +- re-enable HSTS in libcurl-minimal as a security feature (#2005874) + +* Mon Oct 04 2021 Kamil Dudka - 7.79.1-2 +- disable more protocols and features in libcurl-minimal (#2005874) + +* Wed Sep 22 2021 Kamil Dudka - 7.79.1-1 +- new upstream release + +* Thu Sep 16 2021 Kamil Dudka - 7.79.0-4 +- fix regression in http2 implementation introduced in the last release + +* Thu Sep 16 2021 Sahana Prasad - 7.79.0-3 +- Rebuilt with OpenSSL 3.0.0 + +* Thu Sep 16 2021 Kamil Dudka - 7.79.0-2 +- make SCP/SFTP tests work with openssh-8.7p1 + +* Wed Sep 15 2021 Kamil Dudka - 7.79.0-1 +- new upstream release, which fixes the following vulnerabilities + CVE-2021-22947 - STARTTLS protocol injection via MITM + CVE-2021-22946 - protocol downgrade required TLS bypassed + CVE-2021-22945 - use-after-free and double-free in MQTT sending + +* Tue Sep 14 2021 Sahana Prasad - 7.78.0-4 +- Rebuilt with OpenSSL 3.0.0 + +* Fri Jul 23 2021 Kamil Dudka - 7.78.0-3 +- make explicit dependency on openssl work with alpha/beta builds of openssl + +* Wed Jul 21 2021 Fedora Release Engineering - 7.78.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Wed Jul 21 2021 Kamil Dudka - 7.78.0-1 +- new upstream release, which fixes the following vulnerabilities + CVE-2021-22925 - TELNET stack contents disclosure again + CVE-2021-22924 - bad connection reuse due to flawed path name checks + CVE-2021-22923 - metalink download sends credentials + CVE-2021-22922 - wrong content via metalink not discarded + +* Wed Jun 02 2021 Kamil Dudka - 7.77.0-2 +- build the curl tool without metalink support (#1967213) + +* Wed May 26 2021 Kamil Dudka - 7.77.0-1 +- new upstream release, which fixes the following vulnerabilities + CVE-2021-22901 - TLS session caching disaster + CVE-2021-22898 - TELNET stack contents disclosure + +* Mon May 03 2021 Kamil Dudka - 7.76.1-2 +- http2: fix resource leaks detected by Coverity + +* Wed Apr 14 2021 Kamil Dudka - 7.76.1-1 +- new upstream release + +* Wed Mar 31 2021 Kamil Dudka - 7.76.0-1 +- new upstream release, which fixes the following vulnerabilities + CVE-2021-22890 - TLS 1.3 session ticket proxy host mixup + CVE-2021-22876 - Automatic referer leaks credentials + +* Wed Mar 24 2021 Kamil Dudka - 7.75.0-3 +- fix SIGSEGV upon disconnect of a ldaps:// transfer + +* Tue Feb 23 2021 Kamil Dudka - 7.75.0-2 +- build-require python3-impacket only on Fedora + +* Wed Feb 03 2021 Kamil Dudka - 7.75.0-1 +- new upstream release + +* Tue Jan 26 2021 Kamil Dudka - 7.74.0-4 +- do not use stunnel for tests on s390x builds to avoid spurious failures + +* Tue Jan 26 2021 Fedora Release Engineering - 7.74.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Wed Dec 09 2020 Kamil Dudka - 7.74.0-2 +- do not rewrite shebangs in test-suite to use python3 explicitly + +* Wed Dec 09 2020 Kamil Dudka - 7.74.0-1 +- new upstream release, which fixes the following vulnerabilities + CVE-2020-8286 - curl: Inferior OCSP verification + CVE-2020-8285 - libcurl: FTP wildcard stack overflow + CVE-2020-8284 - curl: trusting FTP PASV responses + +* Wed Oct 14 2020 Kamil Dudka - 7.73.0-2 +- prevent upstream test 1451 from being skipped + +* Wed Oct 14 2020 Kamil Dudka - 7.73.0-1 +- new upstream release + +* Thu Sep 10 2020 Jinoh Kang - 7.72.0-2 +- fix multiarch conflicts in libcurl-minimal (#1877671) + +* Wed Aug 19 2020 Kamil Dudka - 7.72.0-1 +- new upstream release, which fixes the following vulnerability + CVE-2020-8231 - libcurl: wrong connect-only connection + +* Thu Aug 06 2020 Kamil Dudka - 7.71.1-5 +- setopt: unset NOBODY switches to GET if still HEAD + +* Mon Jul 27 2020 Fedora Release Engineering - 7.71.1-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Mon Jul 13 2020 Tom Stellard - 7.71.1-3 +- Use make macros +- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro + +* Fri Jul 03 2020 Kamil Dudka - 7.71.1-2 +- curl: make the --krb option work again (#1833193) + +* Wed Jul 01 2020 Kamil Dudka - 7.71.1-1 +- new upstream release + +* Wed Jun 24 2020 Kamil Dudka - 7.71.0-1 +- new upstream release, which fixes the following vulnerabilities + CVE-2020-8169 - curl: Partial password leak over DNS on HTTP redirect + CVE-2020-8177 - curl: overwrite local file with -J + +* Wed Apr 29 2020 Kamil Dudka - 7.70.0-1 +- new upstream release + +* Mon Apr 20 2020 Kamil Dudka - 7.69.1-3 +- SSH: use new ECDSA key types to check known hosts (#1824926) + +* Fri Apr 17 2020 Tom Stellard - 7.69.1-2 +- Prevent discarding of -g when compiling with clang + +* Wed Mar 11 2020 Kamil Dudka - 7.69.1-1 +- new upstream release + +* Mon Mar 09 2020 Kamil Dudka - 7.69.0-2 +- make Flatpak work again (#1810989) + +* Wed Mar 04 2020 Kamil Dudka - 7.69.0-1 +- new upstream release + +* Tue Jan 28 2020 Fedora Release Engineering - 7.68.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Wed Jan 08 2020 Kamil Dudka - 7.68.0-1 +- new upstream release + +* Thu Nov 14 2019 Kamil Dudka - 7.67.0-2 +- fix infinite loop on upload using a glob (#1771025) + +* Wed Nov 06 2019 Kamil Dudka - 7.67.0-1 +- new upstream release + +* Wed Sep 11 2019 Kamil Dudka - 7.66.0-1 +- new upstream release, which fixes the following vulnerabilities + CVE-2019-5481 - double free due to subsequent call of realloc() + CVE-2019-5482 - heap buffer overflow in function tftp_receive_packet() + +* Tue Aug 27 2019 Kamil Dudka - 7.65.3-4 +- avoid reporting spurious error in the HTTP2 framing layer (#1690971) + +* Thu Aug 01 2019 Kamil Dudka - 7.65.3-3 +- improve handling of gss_init_sec_context() failures + +* Wed Jul 24 2019 Fedora Release Engineering - 7.65.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Sat Jul 20 2019 Paul Howarth - 7.65.3-1 +- new upstream release + +* Wed Jul 17 2019 Kamil Dudka - 7.65.2-1 +- new upstream release + +* Wed Jun 05 2019 Kamil Dudka - 7.65.1-1 +- new upstream release + +* Thu May 30 2019 Kamil Dudka - 7.65.0-2 +- fix spurious timeout events with speed-limit (#1714893) + +* Wed May 22 2019 Kamil Dudka - 7.65.0-1 +- new upstream release, which fixes the following vulnerabilities + CVE-2019-5436 - TFTP receive buffer overflow + CVE-2019-5435 - integer overflows in curl_url_set() + +* Thu May 09 2019 Kamil Dudka - 7.64.1-2 +- do not treat failure of gss_init_sec_context() with --negotiate as fatal + +* Wed Mar 27 2019 Kamil Dudka - 7.64.1-1 +- new upstream release + +* Mon Mar 25 2019 Kamil Dudka - 7.64.0-6 +- remove verbose "Expire in" ... messages (#1690971) + +* Thu Mar 21 2019 Kamil Dudka - 7.64.0-5 +- avoid spurious "Could not resolve host: [host name]" error messages + +* Wed Feb 27 2019 Kamil Dudka - 7.64.0-4 +- fix NULL dereference if flushing cookies with no CookieInfo set (#1683676) + +* Mon Feb 25 2019 Kamil Dudka - 7.64.0-3 +- prevent NetworkManager from leaking file descriptors (#1680198) + +* Mon Feb 11 2019 Kamil Dudka - 7.64.0-2 - make zsh completion work again -* Thu Nov 15 2018 Kamil Dudka - 7.59.0-9 -- make the patch for CVE-2018-16842 apply properly (CVE-2018-16842) +* Wed Feb 06 2019 Kamil Dudka - 7.64.0-1 +- new upstream release, which fixes the following vulnerabilities + CVE-2019-3823 - SMTP end-of-response out-of-bounds read + CVE-2019-3822 - NTLMv2 type-3 header stack buffer overflow + CVE-2018-16890 - NTLM type-2 out-of-bounds buffer read -* Thu Nov 01 2018 Kamil Dudka - 7.59.0-8 -- SASL password overflow via integer overflow (CVE-2018-16839) -- fix use-after-free in handle close (CVE-2018-16840) -- fix bad arethmetic when outputting warnings to stderr (CVE-2018-16842) +* Mon Feb 04 2019 Kamil Dudka - 7.63.0-7 +- prevent valgrind from reporting false positives on x86_64 + +* Thu Jan 31 2019 Fedora Release Engineering - 7.63.0-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Mon Jan 21 2019 Kamil Dudka - 7.63.0-5 +- xattr: strip credentials from any URL that is stored (CVE-2018-20483) + +* Fri Jan 04 2019 Kamil Dudka - 7.63.0-4 +- replace 0105-curl-7.63.0-libstubgss-ldadd.patch by upstream patch + +* Wed Dec 19 2018 Kamil Dudka - 7.63.0-3 +- curl -J: do not append to the destination file (#1658574) + +* Fri Dec 14 2018 Kamil Dudka - 7.63.0-2 +- revert an upstream commit that broke `fedpkg new-sources` (#1659329) + +* Wed Dec 12 2018 Kamil Dudka - 7.63.0-1 +- new upstream release + +* Wed Oct 31 2018 Kamil Dudka - 7.62.0-1 +- new upstream release, which fixes the following vulnerabilities + CVE-2018-16839 - SASL password overflow via integer overflow + CVE-2018-16840 - use-after-free in handle close + CVE-2018-16842 - warning message out-of-buffer read + +* Thu Oct 11 2018 Kamil Dudka - 7.61.1-3 +- enable TLS 1.3 post-handshake auth in OpenSSL +- update the documentation of --tlsv1.0 in curl(1) man page + +* Thu Oct 04 2018 Kamil Dudka - 7.61.1-2 +- enforce versioned libpsl dependency for libcurl (#1631804) - test320: update expected output for gnutls-3.6.4 +- drop 0105-curl-7.61.0-tests-ssh-keygen.patch no longer needed (#1622594) -* Wed Sep 05 2018 Kamil Dudka - 7.59.0-7 -- fix NTLM password overflow via integer overflow (CVE-2018-14618) +* Wed Sep 05 2018 Kamil Dudka - 7.61.1-1 +- new upstream release, which fixes the following vulnerability + CVE-2018-14618 - NTLM password overflow via integer overflow + +* Tue Sep 04 2018 Kamil Dudka - 7.61.0-8 +- make the --tls13-ciphers option work + +* Mon Aug 27 2018 Kamil Dudka - 7.61.0-7 - tests: make ssh-keygen always produce PEM format (#1622594) + +* Wed Aug 15 2018 Kamil Dudka - 7.61.0-6 - scp/sftp: fix infinite connect loop on invalid private key (#1595135) -* Thu Aug 09 2018 Kamil Dudka - 7.59.0-6 +* Thu Aug 09 2018 Kamil Dudka - 7.61.0-5 - ssl: set engine implicitly when a PKCS#11 URI is provided (#1219544) -* Wed Jul 11 2018 Kamil Dudka - 7.59.0-5 -- fix heap buffer overflow in SMTP send (CVE-2018-0500) +* Tue Aug 07 2018 Kamil Dudka - 7.61.0-4 +- relax crypto policy for the test-suite to make it pass again (#1610888) -* Tue Jun 05 2018 Kamil Dudka - 7.59.0-4 -- http2: handle GOAWAY properly (#1585797) +* Tue Jul 31 2018 Kamil Dudka - 7.61.0-3 +- disable flaky test 1900, which covers deprecated HTTP pipelining +- adapt test 323 for updated OpenSSL -* Fri May 18 2018 Kamil Dudka - 7.59.0-3 -- fix FTP shutdown response buffer overflow (CVE-2018-1000300) -- fix RTSP bad headers buffer over-read (CVE-2018-1000301) +* Thu Jul 12 2018 Fedora Release Engineering - 7.61.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Wed Jul 11 2018 Kamil Dudka - 7.61.0-1 +- new upstream release, which fixes the following vulnerability + CVE-2018-0500 - SMTP send heap buffer overflow + +* Tue Jul 10 2018 Kamil Dudka - 7.60.0-3 +- enable support for brotli compression in libcurl-full + +* Wed Jul 04 2018 Kamil Dudka - 7.60.0-2 +- do not hard-wire path of the Python 3 interpreter + +* Wed May 16 2018 Kamil Dudka - 7.60.0-1 +- new upstream release, which fixes the following vulnerabilities + CVE-2018-1000300 - FTP shutdown response buffer overflow + CVE-2018-1000301 - RTSP bad headers buffer over-read + +* Thu Mar 15 2018 Kamil Dudka - 7.59.0-3 +- make the test-suite use Python 3 * Wed Mar 14 2018 Kamil Dudka - 7.59.0-2 - ftp: fix typo in recursive callback detection for seeking @@ -788,881 +1482,3 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la * Wed Feb 06 2013 Kamil Dudka 7.29.0-1 - new upstream release (fixes CVE-2013-0249) - -* Tue Jan 15 2013 Kamil Dudka 7.28.1-3 -- require valgrind for build only on i386 and x86_64 (#886891) - -* Tue Jan 15 2013 Kamil Dudka 7.28.1-2 -- prevent NSS from crashing on client auth hook failure -- clear session cache if a client cert from file is used -- fix error messages for CURLE_SSL_{CACERT,CRL}_BADFILE - -* Tue Nov 20 2012 Kamil Dudka 7.28.1-1 -- new upstream release - -* Wed Oct 31 2012 Kamil Dudka 7.28.0-1 -- new upstream release - -* Mon Oct 01 2012 Kamil Dudka 7.27.0-3 -- use the upstream facility to disable problematic tests -- do not crash if MD5 fingerprint is not provided by libssh2 - -* Wed Aug 01 2012 Kamil Dudka 7.27.0-2 -- eliminate unnecessary inotify events on upload via file protocol (#844385) - -* Sat Jul 28 2012 Kamil Dudka 7.27.0-1 -- new upstream release - -* Mon Jul 23 2012 Kamil Dudka 7.26.0-6 -- print reason phrase from HTTP status line on error (#676596) - -* Wed Jul 18 2012 Fedora Release Engineering - 7.26.0-5 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild - -* Sat Jun 09 2012 Kamil Dudka 7.26.0-4 -- fix duplicated SSL handshake with multi interface and proxy (#788526) - -* Wed May 30 2012 Karsten Hopp 7.26.0-3 -- disable test 1319 on ppc64, server times out - -* Mon May 28 2012 Kamil Dudka 7.26.0-2 -- use human-readable error messages provided by NSS (upstream commit 72f4b534) - -* Fri May 25 2012 Kamil Dudka 7.26.0-1 -- new upstream release - -* Wed Apr 25 2012 Karsten Hopp 7.25.0-3 -- valgrind on ppc64 works fine, disable ppc32 only - -* Wed Apr 25 2012 Karsten Hopp 7.25.0-3 -- drop BR valgrind on PPC(64) until bugzilla #810992 gets fixed - -* Fri Apr 13 2012 Kamil Dudka 7.25.0-2 -- use NSS_InitContext() to initialize NSS if available (#738456) -- provide human-readable names for NSS errors (upstream commit a60edcc6) - -* Fri Mar 23 2012 Paul Howarth 7.25.0-1 -- new upstream release (#806264) -- fix character encoding of docs with a patch rather than just iconv -- update debug and multilib patches -- don't use macros for commands -- reduce size of %%prep output for readability - -* Tue Jan 24 2012 Kamil Dudka 7.24.0-1 -- new upstream release (fixes CVE-2012-0036) - -* Thu Jan 05 2012 Paul Howarth 7.23.0-6 -- rebuild for gcc 4.7 - -* Mon Jan 02 2012 Kamil Dudka 7.23.0-5 -- upstream patch that allows to run FTPS tests with nss-3.13 (#760060) - -* Tue Dec 27 2011 Kamil Dudka 7.23.0-4 -- allow to run FTPS tests with nss-3.13 (#760060) - -* Sun Dec 25 2011 Kamil Dudka 7.23.0-3 -- avoid unnecessary timeout event when waiting for 100-continue (#767490) - -* Mon Nov 21 2011 Kamil Dudka 7.23.0-2 -- curl -JO now uses -O name if no C-D header comes (upstream commit c532604) - -* Wed Nov 16 2011 Kamil Dudka 7.23.0-1 -- new upstream release (#754391) - -* Mon Sep 19 2011 Kamil Dudka 7.22.0-2 -- nss: select client certificates by DER (#733657) - -* Tue Sep 13 2011 Kamil Dudka 7.22.0-1 -- new upstream release -- curl-config now provides dummy --static-libs option (#733956) - -* Sun Aug 21 2011 Paul Howarth 7.21.7-4 -- actually fix SIGSEGV of curl -O -J given more than one URL (#723075) - -* Mon Aug 15 2011 Kamil Dudka 7.21.7-3 -- fix SIGSEGV of curl -O -J given more than one URL (#723075) -- introduce the --delegation option of curl (#730444) -- initialize NSS with no database if the selected database is broken (#728562) - -* Wed Aug 03 2011 Kamil Dudka 7.21.7-2 -- add a new option CURLOPT_GSSAPI_DELEGATION (#719939) - -* Thu Jun 23 2011 Kamil Dudka 7.21.7-1 -- new upstream release (fixes CVE-2011-2192) - -* Wed Jun 08 2011 Kamil Dudka 7.21.6-2 -- avoid an invalid timeout event on a reused handle (#679709) - -* Sat Apr 23 2011 Paul Howarth 7.21.6-1 -- new upstream release - -* Mon Apr 18 2011 Kamil Dudka 7.21.5-2 -- fix the output of curl-config --version (upstream commit 82ecc85) - -* Mon Apr 18 2011 Kamil Dudka 7.21.5-1 -- new upstream release - -* Sat Apr 16 2011 Peter Robinson 7.21.4-4 -- no valgrind on ARMv5 arches - -* Sat Mar 05 2011 Dennis Gilmore 7.21.4-3 -- no valgrind on sparc arches - -* Tue Feb 22 2011 Kamil Dudka 7.21.4-2 -- do not ignore failure of SSL handshake (upstream commit 7aa2d10) - -* Fri Feb 18 2011 Kamil Dudka 7.21.4-1 -- new upstream release -- avoid memory leak on SSL connection failure (upstream commit a40f58d) -- work around valgrind bug (#678518) - -* Tue Feb 08 2011 Fedora Release Engineering - 7.21.3-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild - -* Wed Jan 12 2011 Kamil Dudka 7.21.3-2 -- build libcurl with --enable-hidden-symbols - -* Thu Dec 16 2010 Paul Howarth 7.21.3-1 -- update to 7.21.3: - - added --noconfigure switch to testcurl.pl - - added --xattr option - - added CURLOPT_RESOLVE and --resolve - - added CURLAUTH_ONLY - - added version-check.pl to the examples dir - - check for libcurl features for some command line options - - Curl_setopt: disallow CURLOPT_USE_SSL without SSL support - - http_chunks: remove debug output - - URL-parsing: consider ? a divider - - SSH: avoid using the libssh2_ prefix - - SSH: use libssh2_session_handshake() to work on win64 - - ftp: prevent server from hanging on closed data connection when stopping - a transfer before the end of the full transfer (ranges) - - LDAP: detect non-binary attributes properly - - ftp: treat server's response 421 as CURLE_OPERATION_TIMEDOUT - - gnutls->handshake: improved timeout handling - - security: pass the right parameter to init - - krb5: use GSS_ERROR to check for error - - TFTP: resend the correct data - - configure: fix autoconf 2.68 warning: no AC_LANG_SOURCE call detected - - GnuTLS: now detects socket errors on Windows - - symbols-in-versions: updated en masse - - added a couple of examples that were missing from the tarball - - Curl_send/recv_plain: return errno on failure - - Curl_wait_for_resolv (for c-ares): correct timeout - - ossl_connect_common: detect connection re-use - - configure: prevent link errors with --librtmp - - openldap: use remote port in URL passed to ldap_init_fd() - - url: provide dead_connection flag in Curl_handler::disconnect - - lots of compiler warning fixes - - ssh: fix a download resume point calculation - - fix getinfo CURLINFO_LOCAL* for reused connections - - multi: the returned running handles counter could turn negative - - multi: only ever consider pipelining for connections doing HTTP(S) -- drop upstream patches now in tarball -- update bz650255 and disable-test1112 patches to apply against new codebase -- add workaround for false-positive glibc-detected buffer overflow in tftpd - test server with FORTIFY_SOURCE (similar to #515361) - -* Fri Nov 12 2010 Kamil Dudka 7.21.2-5 -- do not send QUIT to a dead FTP control connection (#650255) -- pull back glibc's implementation of str[n]casecmp(), #626470 appears fixed - -* Tue Nov 09 2010 Kamil Dudka 7.21.2-4 -- prevent FTP client from hanging on unrecognized ABOR response (#649347) -- return more appropriate error code in case FTP server session idle - timeout has exceeded (#650255) - -* Fri Oct 29 2010 Kamil Dudka 7.21.2-3 -- prevent FTP server from hanging on closed data connection (#643656) - -* Thu Oct 14 2010 Paul Howarth 7.21.2-2 -- enforce versioned libssh2 dependency for libcurl (#642796) - -* Wed Oct 13 2010 Kamil Dudka 7.21.2-1 -- new upstream release, drop applied patches -- make 0102-curl-7.21.2-debug.patch less intrusive - -* Wed Sep 29 2010 jkeating - 7.21.1-6 -- Rebuilt for gcc bug 634757 - -* Sat Sep 11 2010 Kamil Dudka 7.21.1-5 -- make it possible to run SCP/SFTP tests on x86_64 (#632914) - -* Tue Sep 07 2010 Kamil Dudka 7.21.1-4 -- work around glibc/valgrind problem on x86_64 (#631449) - -* Tue Aug 24 2010 Paul Howarth 7.21.1-3 -- fix up patches so there's no need to run autotools in the rpm build -- drop buildreq automake -- drop dependency on automake for devel package from F-14, where - %%{_datadir}/aclocal is included in the filesystem package -- drop dependency on pkgconfig for devel package from F-11, where - pkgconfig dependencies are auto-generated - -* Mon Aug 23 2010 Kamil Dudka 7.21.1-2 -- re-enable test575 on s390(x), already fixed (upstream commit d63bdba) -- modify system headers to work around gcc bug (#617757) -- curl -T now ignores file size of special files (#622520) -- fix kerberos proxy authentication for https (#625676) -- work around glibc/valgrind problem on x86_64 (#626470) - -* Thu Aug 12 2010 Kamil Dudka 7.21.1-1 -- new upstream release - -* Mon Jul 12 2010 Dan Horák 7.21.0-3 -- disable test 575 on s390(x) - -* Mon Jun 28 2010 Kamil Dudka 7.21.0-2 -- add support for NTLM authentication (#603783) - -* Wed Jun 16 2010 Kamil Dudka 7.21.0-1 -- new upstream release, drop applied patches -- update of %%description -- disable valgrind for certain test-cases (libssh2 problem) - -* Tue May 25 2010 Kamil Dudka 7.20.1-6 -- fix -J/--remote-header-name to strip CR-LF (upstream patch) - -* Wed Apr 28 2010 Kamil Dudka 7.20.1-5 -- CRL support now works again (#581926) -- make it possible to start a testing OpenSSH server when building with SELinux - in the enforcing mode (#521087) - -* Sat Apr 24 2010 Kamil Dudka 7.20.1-4 -- upstream patch preventing failure of test536 with threaded DNS resolver -- upstream patch preventing SSL handshake timeout underflow - -* Thu Apr 22 2010 Paul Howarth 7.20.1-3 -- replace Rawhide s390-sleep patch with a more targeted patch adding a - delay after tests 513 and 514 rather than after all tests - -* Wed Apr 21 2010 Kamil Dudka 7.20.1-2 -- experimentally enabled threaded DNS lookup -- make curl-config multilib ready again (#584107) - -* Mon Apr 19 2010 Kamil Dudka 7.20.1-1 -- new upstream release - -* Tue Mar 23 2010 Kamil Dudka 7.20.0-4 -- add missing quote in libcurl.m4 (#576252) - -* Fri Mar 19 2010 Kamil Dudka 7.20.0-3 -- throw CURLE_SSL_CERTPROBLEM in case peer rejects a certificate (#565972) -- valgrind temporarily disabled (#574889) -- kerberos installation prefix has been changed - -* Wed Feb 24 2010 Kamil Dudka 7.20.0-2 -- exclude test1112 from the test suite (#565305) - -* Thu Feb 11 2010 Kamil Dudka 7.20.0-1 -- new upstream release - added support for IMAP(S), POP3(S), SMTP(S) and RTSP -- dropped patches applied upstream -- dropped curl-7.16.0-privlibs.patch no longer useful -- a new patch forcing -lrt when linking the curl tool and test-cases - -* Fri Jan 29 2010 Kamil Dudka 7.19.7-11 -- upstream patch adding a new option -J/--remote-header-name -- dropped temporary workaround for #545779 - -* Thu Jan 14 2010 Chris Weyl 7.19.7-10 -- bump for libssh2 rebuild - -* Sun Dec 20 2009 Kamil Dudka 7.19.7-9 -- temporary workaround for #548269 - (restored behavior of 7.19.7-4) - -* Wed Dec 09 2009 Kamil Dudka 7.19.7-8 -- replace hard wired port numbers in the test suite - -* Wed Dec 09 2009 Kamil Dudka 7.19.7-7 -- use different port numbers for 32bit and 64bit builds -- temporary workaround for #545779 - -* Tue Dec 08 2009 Kamil Dudka 7.19.7-6 -- make it possible to run test241 -- re-enable SCP/SFTP tests (#539444) - -* Sat Dec 05 2009 Kamil Dudka 7.19.7-5 -- avoid use of uninitialized value in lib/nss.c -- suppress failure of test513 on s390 - -* Tue Dec 01 2009 Kamil Dudka 7.19.7-4 -- do not require valgrind on s390 and s390x -- temporarily disabled SCP/SFTP test-suite (#539444) - -* Thu Nov 12 2009 Kamil Dudka 7.19.7-3 -- fix crash on doubly closed NSPR descriptor, patch contributed - by Kevin Baughman (#534176) -- new version of patch for broken TLS servers (#525496, #527771) - -* Wed Nov 04 2009 Kamil Dudka 7.19.7-2 -- increased release number (CVS problem) - -* Wed Nov 04 2009 Kamil Dudka 7.19.7-1 -- new upstream release, dropped applied patches -- workaround for broken TLS servers (#525496, #527771) - -* Wed Oct 14 2009 Kamil Dudka 7.19.6-13 -- fix timeout issues and gcc warnings within lib/nss.c - -* Tue Oct 06 2009 Kamil Dudka 7.19.6-12 -- upstream patch for NSS support written by Guenter Knauf - -* Wed Sep 30 2009 Kamil Dudka 7.19.6-11 -- build libcurl with c-ares support (#514771) - -* Sun Sep 27 2009 Kamil Dudka 7.19.6-10 -- require libssh2>=1.2 properly (#525002) - -* Sat Sep 26 2009 Kamil Dudka 7.19.6-9 -- let curl test-suite use valgrind -- require libssh2>=1.2 (#525002) - -* Mon Sep 21 2009 Chris Weyl - 7.19.6-8 -- rebuild for libssh2 1.2 - -* Thu Sep 17 2009 Kamil Dudka 7.19.6-7 -- make curl test-suite more verbose - -* Wed Sep 16 2009 Kamil Dudka 7.19.6-6 -- update polling patch to the latest upstream version - -* Thu Sep 03 2009 Kamil Dudka 7.19.6-5 -- cover ssh and stunnel support by the test-suite - -* Wed Sep 02 2009 Kamil Dudka 7.19.6-4 -- use pkg-config to find nss and libssh2 if possible -- better patch (not only) for SCP/SFTP polling -- improve error message for not matching common name (#516056) - -* Fri Aug 21 2009 Kamil Dudka 7.19.6-3 -- avoid tight loop during a sftp upload -- http://permalink.gmane.org/gmane.comp.web.curl.library/24744 - -* Tue Aug 18 2009 Kamil Dudka 7.19.6-2 -- let curl package depend on the same version of libcurl - -* Fri Aug 14 2009 Kamil Dudka 7.19.6-1 -- new upstream release, dropped applied patches -- changed NSS code to not ignore the value of ssl.verifyhost and produce more - verbose error messages (#516056) - -* Wed Aug 12 2009 Ville Skyttä - 7.19.5-10 -- Use lzma compressed upstream tarball. - -* Fri Jul 24 2009 Fedora Release Engineering - 7.19.5-9 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild - -* Wed Jul 22 2009 Kamil Dudka 7.19.5-8 -- do not pre-login to all PKCS11 slots, it causes problems with HW tokens -- try to select client certificate automatically when not specified, thanks - to Claes Jakobsson - -* Fri Jul 10 2009 Kamil Dudka 7.19.5-7 -- fix SIGSEGV when using NSS client certificates, thanks to Claes Jakobsson - -* Sun Jul 05 2009 Kamil Dudka 7.19.5-6 -- force test suite to use the just built libcurl, thanks to Paul Howarth - -* Thu Jul 02 2009 Kamil Dudka 7.19.5-5 -- run test suite after build -- enable built-in manual - -* Wed Jun 24 2009 Kamil Dudka 7.19.5-4 -- fix bug introduced by the last build (#504857) - -* Wed Jun 24 2009 Kamil Dudka 7.19.5-3 -- exclude curlbuild.h content from spec (#504857) - -* Wed Jun 10 2009 Kamil Dudka 7.19.5-2 -- avoid unguarded comparison in the spec file, thanks to R P Herrold (#504857) - -* Tue May 19 2009 Kamil Dudka 7.19.5-1 -- update to 7.19.5, dropped applied patches - -* Mon May 11 2009 Kamil Dudka 7.19.4-11 -- fix infinite loop while loading a private key, thanks to Michael Cronenworth - (#453612) - -* Mon Apr 27 2009 Kamil Dudka 7.19.4-10 -- fix curl/nss memory leaks while using client certificate (#453612, accepted - by upstream) - -* Wed Apr 22 2009 Kamil Dudka 7.19.4-9 -- add missing BuildRequire for autoconf - -* Wed Apr 22 2009 Kamil Dudka 7.19.4-8 -- fix configure.ac to not discard -g in CFLAGS (#496778) - -* Tue Apr 21 2009 Debarshi Ray 7.19.4-7 -- Fixed configure to respect the environment's CFLAGS and CPPFLAGS settings. - -* Tue Apr 14 2009 Kamil Dudka 7.19.4-6 -- upstream patch fixing memory leak in lib/nss.c (#453612) -- remove redundant dependency of libcurl-devel on libssh2-devel - -* Wed Mar 18 2009 Kamil Dudka 7.19.4-5 -- enable 6 additional crypto algorithms by default (#436781, - accepted by upstream) - -* Thu Mar 12 2009 Kamil Dudka 7.19.4-4 -- fix memory leak in src/main.c (accepted by upstream) -- avoid using %%ifarch - -* Wed Mar 11 2009 Kamil Dudka 7.19.4-3 -- make libcurl-devel multilib-ready (bug #488922) - -* Fri Mar 06 2009 Jindrich Novy 7.19.4-2 -- drop .easy-leak patch, causes problems in pycurl (#488791) -- fix libcurl-devel dependencies (#488895) - -* Tue Mar 03 2009 Jindrich Novy 7.19.4-1 -- update to 7.19.4 (fixes CVE-2009-0037) -- fix leak in curl_easy* functions, thanks to Kamil Dudka -- drop nss-fix patch, applied upstream - -* Tue Feb 24 2009 Fedora Release Engineering - 7.19.3-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild - -* Tue Feb 17 2009 Kamil Dudka 7.19.3-1 -- update to 7.19.3, dropped applied nss patches -- add patch fixing 7.19.3 curl/nss bugs - -* Mon Dec 15 2008 Jindrich Novy 7.18.2-9 -- rebuild for f10/rawhide cvs tag clashes - -* Sat Dec 06 2008 Jindrich Novy 7.18.2-8 -- use improved NSS patch, thanks to Rob Crittenden (#472489) - -* Tue Sep 09 2008 Jindrich Novy 7.18.2-7 -- update the thread safety patch, thanks to Rob Crittenden (#462217) - -* Wed Sep 03 2008 Warren Togami 7.18.2-6 -- add thread safety to libcurl NSS cleanup() functions (#459297) - -* Fri Aug 22 2008 Tom "spot" Callaway 7.18.2-5 -- undo mini libcurl.so.3 - -* Mon Aug 11 2008 Tom "spot" Callaway 7.18.2-4 -- make miniature library for libcurl.so.3 - -* Fri Jul 4 2008 Jindrich Novy 7.18.2-3 -- enable support for libssh2 (#453958) - -* Wed Jun 18 2008 Jindrich Novy 7.18.2-2 -- fix curl_multi_perform() over a proxy (#450140), thanks to - Rob Crittenden - -* Wed Jun 4 2008 Jindrich Novy 7.18.2-1 -- update to 7.18.2 - -* Wed May 7 2008 Jindrich Novy 7.18.1-2 -- spec cleanup, thanks to Paul Howarth (#225671) - - drop BR: libtool - - convert CHANGES and README to UTF-8 - - _GNU_SOURCE in CFLAGS is no more needed - - remove bogus rpath - -* Mon Mar 31 2008 Jindrich Novy 7.18.1-1 -- update to curl 7.18.1 (fixes #397911) -- add ABI docs for libcurl -- remove --static-libs from curl-config -- drop curl-config patch, obsoleted by @SSL_ENABLED@ autoconf - substitution (#432667) - -* Fri Feb 15 2008 Jindrich Novy 7.18.0-2 -- define _GNU_SOURCE so that NI_MAXHOST gets defined from glibc - -* Mon Jan 28 2008 Jindrich Novy 7.18.0-1 -- update to curl-7.18.0 -- drop sslgen patch -> applied upstream -- fix typo in description - -* Tue Jan 22 2008 Jindrich Novy 7.17.1-6 -- fix curl-devel obsoletes so that we don't break F8->F9 upgrade - path (#429612) - -* Tue Jan 8 2008 Jindrich Novy 7.17.1-5 -- do not attempt to close a bad socket (#427966), - thanks to Caolan McNamara - -* Tue Dec 4 2007 Jindrich Novy 7.17.1-4 -- rebuild because of the openldap soname bump -- remove old nsspem patch - -* Fri Nov 30 2007 Jindrich Novy 7.17.1-3 -- drop useless ldap library detection since curl doesn't - dlopen()s it but links to it -> BR: openldap-devel -- enable LDAPS support (#225671), thanks to Paul Howarth -- BR: krb5-devel to reenable GSSAPI support -- simplify build process -- update description - -* Wed Nov 21 2007 Jindrich Novy 7.17.1-2 -- update description to contain complete supported servers list (#393861) - -* Sat Nov 17 2007 Jindrich Novy 7.17.1-1 -- update to curl 7.17.1 -- include patch to enable SSL usage in NSS when a socket is opened - nonblocking, thanks to Rob Crittenden (rcritten@redhat.com) - -* Wed Oct 24 2007 Jindrich Novy 7.16.4-10 -- correctly provide/obsolete curl-devel (#130251) - -* Wed Oct 24 2007 Jindrich Novy 7.16.4-9 -- create libcurl and libcurl-devel subpackages (#130251) - -* Thu Oct 11 2007 Jindrich Novy 7.16.4-8 -- list features correctly when curl is compiled against NSS (#316191) - -* Mon Sep 17 2007 Jindrich Novy 7.16.4-7 -- add zlib-devel BR to enable gzip compressed transfers in curl (#292211) - -* Mon Sep 10 2007 Jindrich Novy 7.16.4-6 -- provide webclient (#225671) - -* Thu Sep 6 2007 Jindrich Novy 7.16.4-5 -- add support for the NSS PKCS#11 pem reader so the command-line is the - same for both OpenSSL and NSS by Rob Crittenden (rcritten@redhat.com) -- switch to NSS again - -* Mon Sep 3 2007 Jindrich Novy 7.16.4-4 -- revert back to use OpenSSL (#266021) - -* Mon Aug 27 2007 Jindrich Novy 7.16.4-3 -- don't use openssl, use nss instead - -* Fri Aug 10 2007 Jindrich Novy 7.16.4-2 -- fix anonymous ftp login (#251570), thanks to David Cantrell - -* Wed Jul 11 2007 Jindrich Novy 7.16.4-1 -- update to 7.16.4 - -* Mon Jun 25 2007 Jindrich Novy 7.16.3-1 -- update to 7.16.3 -- drop .print patch, applied upstream -- next series of merge review fixes by Paul Howarth -- remove aclocal stuff, no more needed -- simplify makefile arguments -- don't reference standard library paths in libcurl.pc -- include docs/CONTRIBUTE - -* Mon Jun 18 2007 Jindrich Novy 7.16.2-5 -- don't print like crazy (#236981), backported from upstream CVS - -* Fri Jun 15 2007 Jindrich Novy 7.16.2-4 -- another series of review fixes (#225671), - thanks to Paul Howarth -- check version of ldap library automatically -- don't use %%makeinstall and preserve timestamps -- drop useless patches - -* Fri May 11 2007 Jindrich Novy 7.16.2-3 -- add automake BR to curl-devel to fix aclocal dir. ownership, - thanks to Patrice Dumas - -* Thu May 10 2007 Jindrich Novy 7.16.2-2 -- package libcurl.m4 in curl-devel (#239664), thanks to Quy Tonthat - -* Wed Apr 11 2007 Jindrich Novy 7.16.2-1 -- update to 7.16.2 - -* Mon Feb 19 2007 Jindrich Novy 7.16.1-3 -- don't create/ship static libraries (#225671) - -* Mon Feb 5 2007 Jindrich Novy 7.16.1-2 -- merge review related spec fixes (#225671) - -* Mon Jan 29 2007 Jindrich Novy 7.16.1-1 -- update to 7.16.1 - -* Tue Jan 16 2007 Jindrich Novy 7.16.0-5 -- don't package generated makefiles for docs/examples to avoid - multilib conflicts - -* Mon Dec 18 2006 Jindrich Novy 7.16.0-4 -- convert spec to UTF-8 -- don't delete BuildRoot in %%prep phase -- rpmlint fixes - -* Thu Nov 16 2006 Jindrich Novy -7.16.0-3 -- prevent curl from dlopen()ing missing ldap libraries so that - ldap:// requests work (#215928) - -* Tue Oct 31 2006 Jindrich Novy - 7.16.0-2 -- fix BuildRoot -- add Requires: pkgconfig for curl-devel -- move LDFLAGS and LIBS to Libs.private in libcurl.pc.in (#213278) - -* Mon Oct 30 2006 Jindrich Novy - 7.16.0-1 -- update to curl-7.16.0 - -* Thu Aug 24 2006 Jindrich Novy - 7.15.5-1.fc6 -- update to curl-7.15.5 -- use %%{?dist} - -* Fri Jun 30 2006 Ivana Varekova - 7.15.4-1 -- update to 7.15.4 - -* Mon Mar 20 2006 Ivana Varekova - 7.15.3-1 -- fix multilib problem using pkg-config -- update to 7.15.3 - -* Thu Feb 23 2006 Ivana Varekova - 7.15.1-2 -- fix multilib problem - #181290 - - curl-devel.i386 not installable together with curl-devel.x86-64 - -* Fri Feb 10 2006 Jesse Keating - 7.15.1-1.2.1 -- bump again for double-long bug on ppc(64) - -* Tue Feb 07 2006 Jesse Keating - 7.15.1-1.2 -- rebuilt for new gcc4.1 snapshot and glibc changes - -* Fri Dec 09 2005 Jesse Keating -- rebuilt - -* Thu Dec 8 2005 Ivana Varekova 7.15.1-1 -- update to 7.15.1 (bug 175191) - -* Wed Nov 30 2005 Ivana Varekova 7.15.0-3 -- fix curl-config bug 174556 - missing vernum value - -* Wed Nov 9 2005 Ivana Varekova 7.15.0-2 -- rebuilt - -* Tue Oct 18 2005 Ivana Varekova 7.15.0-1 -- update to 7.15.0 - -* Thu Oct 13 2005 Ivana Varekova 7.14.1-1 -- update to 7.14.1 - -* Thu Jun 16 2005 Ivana Varekova 7.14.0-1 -- rebuild new version - -* Tue May 03 2005 Ivana Varekova 7.13.1-3 -- fix bug 150768 - curl-7.12.3-2 breaks basic authentication - used Daniel Stenberg patch - -* Mon Apr 25 2005 Joe Orton 7.13.1-2 -- update to use ca-bundle in /etc/pki -- mark License as MIT not MPL - -* Wed Mar 9 2005 Ivana Varekova 7.13.1-1 -- rebuilt (7.13.1) - -* Tue Mar 1 2005 Tomas Mraz 7.13.0-2 -- rebuild with openssl-0.9.7e - -* Sun Feb 13 2005 Florian La Roche -- 7.13.0 - -* Wed Feb 9 2005 Joe Orton 7.12.3-3 -- don't pass /usr to --with-libidn to remove "-L/usr/lib" from - 'curl-config --libs' output on x86_64. - -* Fri Jan 28 2005 Adrian Havill 7.12.3-1 -- Upgrade to 7.12.3, which uses poll() for FDSETSIZE limit (#134794) -- require libidn-devel for devel subpkg (#141341) -- remove proftpd kludge; included upstream - -* Wed Oct 06 2004 Adrian Havill 7.12.1-1 -- upgrade to 7.12.1 -- enable GSSAPI auth (#129353) -- enable I18N domain names (#134595) -- workaround for broken ProFTPD SSL auth (#134133). Thanks to - Aleksandar Milivojevic - -* Wed Sep 29 2004 Adrian Havill 7.12.0-4 -- move new docs position so defattr gets applied - -* Mon Sep 27 2004 Warren Togami 7.12.0-3 -- remove INSTALL, move libcurl docs to -devel - -* Mon Jul 26 2004 Jindrich Novy -- updated to 7.12.0 -- updated nousr patch - -* Tue Jun 15 2004 Elliot Lee -- rebuilt - -* Wed Apr 07 2004 Adrian Havill 7.11.1-1 -- upgraded; updated nousr patch -- added COPYING (#115956) -- - -* Tue Mar 02 2004 Elliot Lee -- rebuilt - -* Fri Feb 13 2004 Elliot Lee -- rebuilt - -* Sat Jan 31 2004 Florian La Roche -- update to 7.10.8 -- remove patch2, already upstream - -* Wed Oct 15 2003 Adrian Havill 7.10.6-7 -- aclocal before libtoolize -- move OpenLDAP license so it's present as a doc file, present in - both the source and binary as per conditions - -* Mon Oct 13 2003 Adrian Havill 7.10.6-6 -- add OpenLDAP copyright notice for usage of code, add OpenLDAP - license for this code - -* Tue Oct 07 2003 Adrian Havill 7.10.6-5 -- match serverAltName certs with SSL (#106168) - -* Tue Sep 16 2003 Adrian Havill 7.10.6-4.1 -- bump n-v-r for RHEL - -* Tue Sep 16 2003 Adrian Havill 7.10.6-4 -- restore ca cert bundle (#104400) -- require openssl, we want to use its ca-cert bundle - -* Sun Sep 7 2003 Joe Orton 7.10.6-3 -- rebuild - -* Fri Sep 5 2003 Joe Orton 7.10.6-2.2 -- fix to include libcurl.so - -* Mon Aug 25 2003 Adrian Havill 7.10.6-2.1 -- bump n-v-r for RHEL - -* Mon Aug 25 2003 Adrian Havill 7.10.6-2 -- devel subpkg needs openssl-devel as a Require (#102963) - -* Mon Jul 28 2003 Adrian Havill 7.10.6-1 -- bumped version - -* Tue Jul 01 2003 Adrian Havill 7.10.5-1 -- bumped version - -* Wed Jun 04 2003 Elliot Lee -- rebuilt - -* Sat Apr 12 2003 Florian La Roche -- update to 7.10.4 -- adapt nousr patch - -* Wed Jan 22 2003 Tim Powers -- rebuilt - -* Tue Jan 21 2003 Joe Orton 7.9.8-4 -- don't add -L/usr/lib to 'curl-config --libs' output - -* Tue Jan 7 2003 Nalin Dahyabhai 7.9.8-3 -- rebuild - -* Wed Nov 6 2002 Joe Orton 7.9.8-2 -- fix `curl-config --libs` output for libdir!=/usr/lib -- remove docs/LIBCURL from docs list; remove unpackaged libcurl.la -- libtoolize and reconf - -* Mon Jul 22 2002 Trond Eivind Glomsrød 7.9.8-1 -- 7.9.8 (# 69473) - -* Fri Jun 21 2002 Tim Powers -- automated rebuild - -* Sun May 26 2002 Tim Powers -- automated rebuild - -* Thu May 16 2002 Trond Eivind Glomsrød 7.9.7-1 -- 7.9.7 - -* Wed Apr 24 2002 Trond Eivind Glomsrød 7.9.6-1 -- 7.9.6 - -* Thu Mar 21 2002 Trond Eivind Glomsrød 7.9.5-2 -- Stop the curl-config script from printing -I/usr/include - and -L/usr/lib (#59497) - -* Fri Mar 8 2002 Trond Eivind Glomsrød 7.9.5-1 -- 7.9.5 - -* Tue Feb 26 2002 Trond Eivind Glomsrød 7.9.3-2 -- Rebuild - -* Wed Jan 23 2002 Nalin Dahyabhai 7.9.3-1 -- update to 7.9.3 - -* Wed Jan 09 2002 Tim Powers 7.9.2-2 -- automated rebuild - -* Wed Jan 9 2002 Trond Eivind Glomsrød 7.9.2-1 -- 7.9.2 - -* Fri Aug 17 2001 Nalin Dahyabhai -- include curl-config in curl-devel -- update to 7.8 to fix memory leak and strlcat() symbol pollution from libcurl - -* Wed Jul 18 2001 Crutcher Dunnavant -- added openssl-devel build req - -* Mon May 21 2001 Tim Powers -- built for the distro - -* Tue Apr 24 2001 Jeff Johnson -- upgrade to curl-7.7.2. -- enable IPv6. - -* Fri Mar 2 2001 Tim Powers -- rebuilt against openssl-0.9.6-1 - -* Thu Jan 4 2001 Tim Powers -- fixed mising ldconfigs -- updated to 7.5.2, bug fixes - -* Mon Dec 11 2000 Tim Powers -- updated to 7.5.1 - -* Mon Nov 6 2000 Tim Powers -- update to 7.4.1 to fix bug #20337, problems with curl -c -- not using patch anymore, it's included in the new source. Keeping - for reference - -* Fri Oct 20 2000 Nalin Dahyabhai -- fix bogus req in -devel package - -* Fri Oct 20 2000 Tim Powers -- devel package needed defattr so that root owns the files - -* Mon Oct 16 2000 Nalin Dahyabhai -- update to 7.3 -- apply vsprintf/vsnprintf patch from Colin Phipps via Debian - -* Mon Aug 21 2000 Nalin Dahyabhai -- enable SSL support -- fix packager tag -- move buildroot to %%{_tmppath} - -* Tue Aug 1 2000 Tim Powers -- fixed vendor tag for bug #15028 - -* Mon Jul 24 2000 Prospector -- rebuilt - -* Tue Jul 11 2000 Tim Powers -- workaround alpha build problems with optimizations - -* Mon Jul 10 2000 Tim Powers -- rebuilt - -* Mon Jun 5 2000 Tim Powers -- put man pages in correct place -- use %%makeinstall - -* Mon Apr 24 2000 Tim Powers -- updated to 6.5.2 - -* Wed Nov 3 1999 Tim Powers -- updated sources to 6.2 -- gzip man page - -* Mon Aug 30 1999 Tim Powers -- changed group - -* Thu Aug 26 1999 Tim Powers -- changelog started -- general cleanups, changed prefix to /usr, added manpage to files section -- including in Powertools diff --git a/mykey.asc b/mykey.asc new file mode 100644 index 0000000..0c77721 --- /dev/null +++ b/mykey.asc @@ -0,0 +1,77 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v2 + +mQGiBD6tnnoRBACRPnFBVoapBrTpPrCNZ2rq3DcmW6n/soQJW47+zP+vcrcxQ1WJ +QiWSzLGO+QOIUZSYfnliR22r8HkFX9EUSW3IAcRMJMsaO3wMJ0a+78a9QqWLp6RV +0arcQkuuCvG79h+yJ6NnoAXe1geRt8vNGsaWtsS91CtYlTSs6JVtaRLnYwCg/Ly1 +EFgvNZ6SJRc/8I5rRv0lrz8D/0goih2kZ5z4SI+r2hgABNcN7g565YwGKaQDbIch +soh3OBzgETWc3wuAZqmCzQXPXMpMx+ziqX6XDzDKNiGL1CdrBJQd0II8UutWVDje +f9UxLfo02YQ8diGYeq0u9k1RezC13w4TVUmQfg0Uqn4xM6DNzO1O6yCK8rlNwsvL +gHNJA/9m1pfzjpvdxtmJNKRU3C4cRCjXhxNdM7laSEj0/wOGaR2QWWEge51orWwo +SLQUIe4BDPvtRStQHC+tI7qr7d12rMMEBXviJC5EkGBOzlgWr9virjM/u/pkGMc2 +m5r3pVuWH/JSsHsV952y2kWP64uP4zdLXOpVzX/xs0sYJ9nOPLQnRGFuaWVsIFN0 +ZW5iZXJnIChIYXh4KSA8ZGFuaWVsQGhheHguc2U+iF4EExECAB4CHgECF4AFAlQU +ki4FCwkIBwMFFQoJCAsFFgIDAQAACgkQeOEcayedXJEOOwCggCsNHdAQPAlPte3w +i2IZEekkM0YAoOXXPFAWjUwIHjZY41l7WgzACbANiFkEExECABkFAj6tnnoECwcD +AgMVAgMDFgIBAh4BAheAAAoJEHjhHGsnnVyRjngAoO1y3LoSOEgD8vR062cdYDmv +jLvVAJ0dmp1UiuQp+oMyq2VbWyw8LXN1XLkBDQQ+rZ59EAQAmYsA8gPjJ75gOIPb +XNg9Z31QzIz65qS9XdNsFNAdKxnY4b72nhc0oaS9/7Dcdf2Q+1mDa2p72DWk+9iz +7knmBL++csBP2z9eMe5h8oV53prqNOHDHyL3WLOa25ga9381gZnzWoQME74iSBBM +wDw8vbLEgIZ34JaQ7Oe+9N3+6n8AAwcD/Av+Ms+3gCc5pLp4nx36qqi36fodaG9+ +dwIcMbr9bivEtjmDHeuPsD6X1J9+Y/ikUBIDpMPv33lJxLoubOtpLhEuN2XN/ojT +rueVPDKA1f+GyfHnyfpf/78IgX1hGVqu/3RBWKPpXFwSZA4q8vFR+FaPC5WbU68t +FLJpYuC9ZO/LiEYEGBECAAYFAj6tnn0ACgkQeOEcayedXJGtPQCgxrbd59afemZ9 +OIadZD8kUGC29dUAoJ94aGUkWCwoEiPyEZRGXv9XRlfxmQENBFcGhyIBCAC79AIx +5hHixKmNtqbryuZTDwlt9XXkEn/QSrQD3pzgbsbBiWyqOV4hfscvtmoqA7koOw4h +zZ/b8pJPA36eNzqMFIbkWpIit/BwA5bTKRkKXeD2kBFkjIN+iDuXawwhv7eNKH9O +poAUe0K/esK/kvbMO721q24IgkOjB1Vtr/Y4Xkg7+VWVP0LFh7C/2Nwq6n2bktsA +Ey9uCDD1hl8BdckN/XxpuUqSfxbF85GvYzzON67zOxxo6jqRXXcJ2PdPq0o9Ak0d +6Fe7g9ZxOAeuYEbFTCZHBBccx84K0Bhn5tpqoq8Mq3f3mZfGBoe4J6wr17cxEDC8 +tTHUpDqk0CoLERUxABEBAAG0IERhbmllbCBTdGVuYmVyZyA8ZGFuaWVsQGhheHgu +c2U+iQE3BBMBCgAhBQJXBociAhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJ +EPn+r/nTShvbHoAIAJDwb7dcAX4VGPa2oSuQqVnHsjDE7g8ATmcZq2IAzAG6bZg1 +svuhNyPQnL7kNrsz6Ew+yE4vH8mOjDUbc3feY4MzmtEMaB6VS0Xlna6cdtWkv4Y+ +Us4TuYSdftPZuZgI3nN/sXLlxWJCZgCPJJaGM6dXgyTFatk2P1LE98Qif7+ZMqfv ++BA5L6cy2cAwJ5qbvLtuT25rTxooN54JETfwdhUD1NEIqTQxeC4E5lFvwedjAjLh +Gswau8WMCdM/HzGbuQ9Gp3/RafYoAvMV6r6sskvUrWubCHj0u+uNgOpUHvlrwcFg +rBirzQdElumCWqbJVCH0V5NcP/zSz1U1W8wSRqS5AQ0EVwaHIgEIALyCqpnax0cL +y7EK3UiU2Kkryb7LPsZkia9hTcIZjNg0B8XAdqDYpHiquYtX0cz5I1sSZMBJ/xJP +BF2ce/bmOTJtyW3GaF9a+M2zboZSzx9nlv9xx0o3bXBrBlL2vaG2TW+x2G53GA0/ +0chbj35PR+fvJx8ob/fHwCkfzGb1qCzwovhwGVUNHqI5bxK/xVwXfiycbllE3Hmf +09BGeXKR7gQtaal8byKKlqCtayteEaPNQt6czYxZkVAOvY4ZDQKSZJUNwGFog3bG +6rHr1J/0un6nAvX+wMuvRkUDiQxZZCel7e0Qcg3gPrYh+adlr0Tn7wyCP7/BULz8 +67fQfzc2ENkAEQEAAYkBHwQYAQoACQUCVwaHIgIbDAAKCRD5/q/500ob27KaB/9H +a+iDip6mxFdoqy7TAefBy7KgbMQxxT926IcFqf70aJDzeVQI3lGCqN9GW03d+wPr +LoyeQBQKNxxfQ9fEOvp1AXGWFIYYtEZIvQBpIqaSaA7W5IzqfDuO9xG89DNn8zKK +nh/mbYJov/fywhBU6JH7bqdFSHbqoG9TY64s0BkV6shIVOubXLSG5G7LxXhw+xrb +0zl4ie2wCeCBOLdbGHc+o2sKo1rBEz6UBK2DesPfkzxBO7lfa9HTcN03UJPHXmzb +2mCbeFV8yPsTAoaGv4qZH1+FX+9Lv374xTSXa4CjQzSxd0dkZGG+YQjocoPftgsC +OVsiqW0WhRVIEJ+hBAMUmQENBFcGiPEBCAC7sCnaZqWxfXNgBC7P28BSDUs9w4y/ +PEFsOv9bpgbgZagX1FnhG0eV71nm0p8v9T8Bft1eXaBd977Dq9pgk5qKO0xZo8fC +8prFqB5db7fMUvPZCuJTTb6lGMz4OdfT6aHqUvJ+LFF1mKn8Eqt1Q4snHGSL1PI3 +/+435qDRQsU15GdYrj1waNJKk79aes9oguaI2/OTQqzIcOFK5tJjlSOD1ryOIH1e +8vD+5MMpGvsRxv3sQHeTZkfZbkzSLFg/LKpoiQkyql1+BLNhBYq8oaE/jlvQrTEk +bAyKpMScdyHwmkWWKjyZtXTrAtlComnki4yC2lAV9MXINHHvNJBcIXvVABEBAAG0 +IERhbmllbCBTdGVuYmVyZyA8ZGFuaWVsQGhheHguc2U+iQE3BBMBCgAhBQJXBojx +AhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEFzJCP23HhLCOKkH/1CyoKiN +2PCgTlWoYQspv/AAmsj+cFwZobI167KowA+o3zxQqxg0MV3ds8G+iig9OIuYurlQ +L5Jr3CbDltaiXdWtVteRh/VKp61EwyXq77vjJbx81hvOuaXWWLSlU0KB3w7Hj6aD +/mt16DpOcY9Aw90mKyvafRTqMF7TcT7J5HeGn2NL45dPkAhiMDEgEnw9yBTxK/x6 +UoQGPgiOWxSSN7Foj3mhUOflp8W0rnkLbJ4icpym6WuLKRMKAefDvk8GVlAWuXAb +9gloL1P6u3uNHllq/IODR2bZUBI0QNKhvt0iSj7WKsc/kaqscl+AE9jd/6kXd6vh +TNFWdzeco/2mGlaIRgQQEQoABgUCVwaJ/AAKCRB44RxrJ51ckWcaAKCJ6+arS/3k +IMcO14Jz8dVf2BH3OACgwTenVSsK66qi+VfGCoALpzpiLDO5AQ0EVwaI8QEIAOxQ +AEvF3idxcn80tbUhJg1J98fAS7Hx3WhlFG74uAikZQl1KZrprBu70RWTb7Nm1tvZ +eXW65IlY7kk42bhfYDs1JrIPWOWKvVwKWDxoEbYgW/yvy1TOuXH276zbxLl5OEE8 +sQuOfXZsFSX2IPF9hsgNGaNzor8Ke7Y5BuCQLcGZWW5dLFbbKRKjXG8CaWmsJVoI +c2nyXCAss2q9oCJ13X/5z+Ei392rwi1d3NxAYkSiDQan+fkWkCvZH+dHmFjQ1AND +KielxcW1VfilK1hu9ziBBDf8TCEud/q0woIAH7rvIft4i3CqjymonByE4/OjfH8j +4EteQ8qoknMCjjwNVqkAEQEAAYkBHwQYAQoACQUCVwaI8QIbDAAKCRBcyQj9tx4S +wupjB/9TV4anbZK58bN7QJ5qGnU3GNjlvWFZXMw1u1xVc7abDJyqmFeJcJ4qLUkv +BA0OsvlVnMWmeCmzsXhlQVM4Bv6IWyr7JBWgkK5q2CWVB59V7v7znf5kWnMGFhDF +PlLsGbxDWLMoZGH+Iy84whMJFgferwCJy1dND/bHXPztfhvFXi8NNlJUFJa8Xtmu +gm78C+nwNHcFpVC70HPr3oa8U1ODXMp7L8W/dL3eLYXmRCNd0urHgYrzDt6V/zf5 +ymvPk5w4HBocn2oRCJj/FXKhFAUptmpTE3g1yvYULmuFcNGAnPAExmAmd6NqsCmb +j/qx4ytjt5uxt6Jm6IXV9cry8i6x +=Phs/ +-----END PGP PUBLIC KEY BLOCK----- diff --git a/sources b/sources index f353b13..002e494 100644 --- a/sources +++ b/sources @@ -1 +1,2 @@ -SHA512 (curl-7.59.0.tar.xz) = 6982a5950b564d6b2a4f4b96296b6db3db24a096acc68aa96966821b57f66362f5a69d9f2da762b5d2b1011a4a47478ebacaf05e26604f78bb013098749dd8a6 +SHA512 (curl-8.18.0.tar.xz) = 50c7a7b0528e0019697b0c59b3e56abb2578c71d77e4c085b56797276094b5611718c0a9cb2b14db7f8ab502fcf8f42a364297a3387fae3870a4d281484ba21c +SHA512 (curl-8.18.0.tar.xz.asc) = 07e08d1bb3f8bf20b3d22f37fbc19c49c0d9ee4ea9d92da76fa8a9de343023e1b5d416ccc6535a4ff98b08b30eb9334fd856227e37564f6bcd542aa81bced152 diff --git a/tests/non-root-user-download/Makefile b/tests/non-root-user-download/Makefile deleted file mode 100644 index 9746b63..0000000 --- a/tests/non-root-user-download/Makefile +++ /dev/null @@ -1,63 +0,0 @@ -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Makefile of /CoreOS/curl/Sanity/non-root-user-download -# Description: various download methods with non-root user -# Author: Karel Srot -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Copyright (c) 2013 Red Hat, Inc. All rights reserved. -# -# This copyrighted material is made available to anyone wishing -# to use, modify, copy, or redistribute it subject to the terms -# and conditions of the GNU General Public License version 2. -# -# This program is distributed in the hope that it will be -# useful, but WITHOUT ANY WARRANTY; without even the implied -# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR -# PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public -# License along with this program; if not, write to the Free -# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, -# Boston, MA 02110-1301, USA. -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -export TEST=/CoreOS/curl/Sanity/non-root-user-download -export TESTVERSION=1.0 - -BUILT_FILES= - -FILES=$(METADATA) runtest.sh Makefile PURPOSE - -.PHONY: all install download clean - -run: $(FILES) build - ./runtest.sh - -build: $(BUILT_FILES) - test -x runtest.sh || chmod a+x runtest.sh - -clean: - rm -f *~ $(BUILT_FILES) - - -include /usr/share/rhts/lib/rhts-make.include - -$(METADATA): Makefile - @echo "Owner: Karel Srot " > $(METADATA) - @echo "Name: $(TEST)" >> $(METADATA) - @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) - @echo "Path: $(TEST_DIR)" >> $(METADATA) - @echo "Description: various download methods with non-root user" >> $(METADATA) - @echo "Type: Sanity" >> $(METADATA) - @echo "TestTime: 5m" >> $(METADATA) - @echo "RunFor: curl" >> $(METADATA) - @echo "Requires: curl" >> $(METADATA) - @echo "Priority: Normal" >> $(METADATA) - @echo "License: GPLv2" >> $(METADATA) - @echo "Confidential: no" >> $(METADATA) - @echo "Destructive: no" >> $(METADATA) - - rhts-lint $(METADATA) diff --git a/tests/non-root-user-download/PURPOSE b/tests/non-root-user-download/PURPOSE deleted file mode 100644 index 048ed68..0000000 --- a/tests/non-root-user-download/PURPOSE +++ /dev/null @@ -1,3 +0,0 @@ -PURPOSE of /CoreOS/curl/Sanity/non-root-user-download -Description: various download methods with non-root user -Author: Karel Srot diff --git a/tests/non-root-user-download/main.fmf b/tests/non-root-user-download/main.fmf new file mode 100644 index 0000000..2e3980f --- /dev/null +++ b/tests/non-root-user-download/main.fmf @@ -0,0 +1,18 @@ +summary: various download methods with non-root user +description: '' +contact: Daniel Rusek +component: + - curl +require: + - findutils + - libselinux-utils + - openssh-clients + - openssh-server + - passwd +test: ./runtest.sh +framework: beakerlib +duration: 5m +enabled: true +tier: '1' +link: + - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1049921 diff --git a/tests/non-root-user-download/runtest.sh b/tests/non-root-user-download/runtest.sh old mode 100644 new mode 100755 index 1b5f8f1..0d72276 --- a/tests/non-root-user-download/runtest.sh +++ b/tests/non-root-user-download/runtest.sh @@ -27,14 +27,13 @@ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # Include Beaker environment -. /usr/bin/rhts-environment.sh || exit 1 . /usr/share/beakerlib/beakerlib.sh || exit 1 PACKAGE="curl" -FTP_URL=ftp://ftp.scientificlinux.org/linux/fedora/releases/18/Live/x86_64/Fedora-18-x86_64-Live-CHECKSUM -HTTP_URL=https://archives.fedoraproject.org/pub/archive/fedora/linux/releases/18/Live/x86_64/Fedora-18-x86_64-Live-CHECKSUM -CONTENT=a276e06d244e04b765f0a35532d9036ad84f340b0bdcc32e0233a8fbc31d5bed +FTP_URL=ftp://ftp.fi.muni.cz/pub/linux/fedora/linux/releases/42/Everything/x86_64/iso/Fedora-Everything-42-1.1-x86_64-CHECKSUM +HTTP_URL=https://archives.fedoraproject.org/pub/fedora/linux/releases/42/Everything/x86_64/iso/Fedora-Everything-42-1.1-x86_64-CHECKSUM +CONTENT=1bd6ab4798983c2fe4a210f9c4ca135fed453d6142ba852c1f8d5fba22e113ab PASSWORD=pAssw0rd OPTIONS="" rlIsRHEL 7 && OPTIONS="--insecure" @@ -47,9 +46,11 @@ rlJournalStart rlRun "useradd -m curltester" 0 "Adding the test user" rlRun "echo $PASSWORD | passwd --stdin curltester" 0 "Setting the password for the test user" rlRun "su - curltester -c 'echo $CONTENT > ~/testfile'" 0 "Creating ~curltester/testfile" + rlFileBackup --clean --missing-ok $HOME/.ssh /etc/hosts + rlRun "rm -f $HOME/.ssh/*" [ -d $HOME/.ssh ] || ( mkdir $HOME/.ssh && restorecon HOME/.ssh ) - rlFileBackup $HOME/.ssh/known_hosts /etc/hosts - ssh-keygen -F localhost -f $HOME/.ssh/known_hosts || rlRun "ssh-keyscan localhost >> $HOME/.ssh/known_hosts" + rlRun "rlServiceStart sshd" + rlRun "ssh-keyscan localhost >> $HOME/.ssh/known_hosts" rlPhaseEnd rlPhaseStartTest "http download" @@ -82,7 +83,7 @@ if ! rlIsRHEL 5; then fi rlPhaseStartCleanup - rlRun "rm -f $HOME/.ssh/known_hosts" + rlRun "rlServiceRestore" rlFileRestore rlRun "popd" rlRun "rm -r $TmpDir" 0 "Removing tmp directory" diff --git a/tests/non-root-user-download/runtest.yml b/tests/non-root-user-download/runtest.yml deleted file mode 100644 index c03e729..0000000 --- a/tests/non-root-user-download/runtest.yml +++ /dev/null @@ -1,64 +0,0 @@ -- hosts: '{{ hosts | default("localhost") }}' - vars: - package: "curl" - tasks: - - name: "Set Content variables" - set_fact: - content: "a276e06d244e04b765f0a35532d9036ad84f340b0bdcc32e0233a8fbc31d5bed" - password: "pAssw0rd" - crypt_password: "$6$/5GE87XLYLLfB3qx$w84Kct34UZG/4buTSXWkaaVIsw2xGXSAdmnS2QYdG8TtRgTsBnHdFdSkhoy.tKIE6A6LKlxczIZjQbpB19k7B1" - - name: "Create user curltester" - user: - name: "curltester" - password: "{{ crypt_password }}" - - name: "Copy testfile" - copy: - dest: "/home/curltester/testfile" - content: "{{ content }}" - - block: - - name: "http download" - command: "curl https://archives.fedoraproject.org/pub/archive/fedora/linux/releases/18/Live/x86_64/Fedora-18-x86_64-Live-CHECKSUM" - args: - warn: false - register: http - become: yes - become_user: curltester - - name: "Compare http output" - fail: - msg: "{{ content }} not in {{ http.stdout }}" - when: content not in http.stdout - - name: "ftp download" - command: "curl ftp://ftp.scientificlinux.org/linux/fedora/releases/18/Live/x86_64/Fedora-18-x86_64-Live-CHECKSUM" - args: - warn: false - register: ftp - become: yes - become_user: curltester - - name: "Compare ftp output" - fail: - msg: "{{ content }} not in {{ ftp.stdout }}" - when: content not in ftp.stdout - - name: "scp download" - command: "curl -u curltester:{{ password }} --insecure scp://localhost/home/curltester/testfile" - args: - warn: false - register: scp - - name: "Compare scp output" - fail: - msg: "{{ content }} not in {{ scp.stdout }}" - when: content not in scp.stdout - - name: "sftp download" - command: "curl -u curltester:{{ password }} --insecure sftp://localhost/home/curltester/testfile" - args: - warn: false - register: sftp - - name: "Compare sftp output" - fail: - msg: "{{ content }} not in {{ sftp.stdout }}" - when: content not in sftp.stdout - always: - - name: "Remove user curltester" - user: - name: "curltester" - remove: yes - state: absent diff --git a/tests/scp-and-sftp-download-test/Makefile b/tests/scp-and-sftp-download-test/Makefile deleted file mode 100644 index b4d1c52..0000000 --- a/tests/scp-and-sftp-download-test/Makefile +++ /dev/null @@ -1,63 +0,0 @@ -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Makefile of /CoreOS/curl/Sanity/scp-and-sftp-download-test -# Description: downloads test file through scp and sftp -# Author: Karel Srot -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Copyright (c) 2012 Red Hat, Inc. All rights reserved. -# -# This copyrighted material is made available to anyone wishing -# to use, modify, copy, or redistribute it subject to the terms -# and conditions of the GNU General Public License version 2. -# -# This program is distributed in the hope that it will be -# useful, but WITHOUT ANY WARRANTY; without even the implied -# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR -# PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public -# License along with this program; if not, write to the Free -# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, -# Boston, MA 02110-1301, USA. -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -export TEST=/CoreOS/curl/Sanity/scp-and-sftp-download-test -export TESTVERSION=1.0 - -BUILT_FILES= - -FILES=$(METADATA) runtest.sh Makefile PURPOSE - -.PHONY: all install download clean - -run: $(FILES) build - ./runtest.sh - -build: $(BUILT_FILES) - test -x runtest.sh || chmod a+x runtest.sh - -clean: - rm -f *~ $(BUILT_FILES) - - -include /usr/share/rhts/lib/rhts-make.include - -$(METADATA): Makefile - @echo "Owner: Karel Srot " > $(METADATA) - @echo "Name: $(TEST)" >> $(METADATA) - @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) - @echo "Path: $(TEST_DIR)" >> $(METADATA) - @echo "Description: downloads test file through scp and sftp" >> $(METADATA) - @echo "Type: Sanity" >> $(METADATA) - @echo "TestTime: 10m" >> $(METADATA) - @echo "RunFor: curl" >> $(METADATA) - @echo "Requires: curl openssh" >> $(METADATA) - @echo "Priority: Normal" >> $(METADATA) - @echo "License: GPLv2" >> $(METADATA) - @echo "Confidential: no" >> $(METADATA) - @echo "Destructive: no" >> $(METADATA) - - rhts-lint $(METADATA) diff --git a/tests/scp-and-sftp-download-test/PURPOSE b/tests/scp-and-sftp-download-test/PURPOSE deleted file mode 100644 index 03adc4c..0000000 --- a/tests/scp-and-sftp-download-test/PURPOSE +++ /dev/null @@ -1,12 +0,0 @@ -PURPOSE of /CoreOS/curl/Sanity/scp-and-sftp-download-test -Description: downloads test file through scp and sftp -Author: Karel Srot - -Test scenario: -- scp download -- sftp download -- scp upload -- sftp upload - -When PUBKEY_PARAM global variable is set to 'empty' or 'none', scenarios are executed -with empty --pubkey parameter (--pubkey "") or with the paramiter omitted diff --git a/tests/scp-and-sftp-download-test/main.fmf b/tests/scp-and-sftp-download-test/main.fmf new file mode 100644 index 0000000..b69aff6 --- /dev/null +++ b/tests/scp-and-sftp-download-test/main.fmf @@ -0,0 +1,20 @@ +summary: downloads test file through scp and sftp +description: | + Test scenario: + - scp download + - sftp download + - scp upload + - sftp upload + + When PUBKEY_PARAM global variable is set to 'empty' or 'none', scenarios are executed + with empty --pubkey parameter (--pubkey "") or with the paramiter omitted +contact: Daniel Rusek +require: + - findutils +component: + - curl +test: ./runtest.sh +path: /tests/scp-and-sftp-download-test +framework: beakerlib +duration: 10m +enabled: true diff --git a/tests/scp-and-sftp-download-test/runtest.sh b/tests/scp-and-sftp-download-test/runtest.sh old mode 100644 new mode 100755 index 6e5d748..9cf9a2c --- a/tests/scp-and-sftp-download-test/runtest.sh +++ b/tests/scp-and-sftp-download-test/runtest.sh @@ -27,8 +27,7 @@ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # Include Beaker environment -. /usr/bin/rhts-environment.sh -. /usr/lib/beakerlib/beakerlib.sh +. /usr/share/beakerlib/beakerlib.sh || exit 1 PACKAGE="curl" diff --git a/tests/tests.yml b/tests/tests.yml deleted file mode 100644 index 819d636..0000000 --- a/tests/tests.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -# Tests for Classic -- hosts: localhost - roles: - - role: standard-test-beakerlib - tags: - - classic - tests: - - scp-and-sftp-download-test - - non-root-user-download - required_packages: - - findutils # non-root-user-download needs find command - # scp-and-sftp-download-test needs find command - - passwd # non-root-user-download needs passwd command - - openssh-clients # non-root-user-download needs ssh-keyscan command - -# Tests for Atomic -- hosts: localhost - roles: - - role: standard-test-beakerlib - tags: - - atomic - tests: - - scp-and-sftp-download-test - - non-root-user-download -