diff --git a/.gitignore b/.gitignore index cd6f067..9bb4285 100644 --- a/.gitignore +++ b/.gitignore @@ -2,5 +2,5 @@ /curl-[0-9.]*.tar.lzma.asc /curl-[0-9.]*.tar.xz /curl-[0-9.]*.tar.xz.asc -/curl-[0-9].[0-9].[0-9]/ +/curl-[0-9]*.[0-9]*.[0-9]*/ /*.src.rpm diff --git a/0001-curl-8.9.1-sigpipe.patch b/0001-curl-8.9.1-sigpipe.patch deleted file mode 100644 index f4f0346..0000000 --- a/0001-curl-8.9.1-sigpipe.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 3eec5afbd0b6377eca893c392569b2faf094d970 Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Mon, 5 Aug 2024 00:17:17 +0200 -Subject: [PATCH] sigpipe: init the struct so that first apply ignores - -Initializes 'no_signal' to TRUE, so that a call to sigpipe_apply() after -init ignores the signal (unless CURLOPT_NOSIGNAL) is set. - -I have read the existing code multiple times now and I think it gets the -initial state reversed this missing to ignore. - -Regression from 17e6f06ea37136c36d27 - -Reported-by: Rasmus Thomsen -Fixes #14344 -Closes #14390 ---- - lib/sigpipe.h | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/lib/sigpipe.h b/lib/sigpipe.h -index b91a2f51333956..d78afd905d3414 100644 ---- a/lib/sigpipe.h -+++ b/lib/sigpipe.h -@@ -39,6 +39,7 @@ struct sigpipe_ignore { - static void sigpipe_init(struct sigpipe_ignore *ig) - { - memset(ig, 0, sizeof(*ig)); -+ ig->no_signal = TRUE; - } - - /* diff --git a/0101-curl-7.32.0-multilib.patch b/0101-curl-7.32.0-multilib.patch index f3636dc..f7f66e6 100644 --- a/0101-curl-7.32.0-multilib.patch +++ b/0101-curl-7.32.0-multilib.patch @@ -1,7 +1,7 @@ -From f4e7b98fb25ff737af29908f3a2081cca9a73437 Mon Sep 17 00:00:00 2001 +From 6bb4e674cdc953f5c0048aa84172539900725166 Mon Sep 17 00:00:00 2001 From: Jan Macku -Date: Wed, 22 May 2024 13:00:08 +0200 -Subject: [PATCH 1/2] prevent multilib conflicts on the curl-config script +Date: Tue, 16 Dec 2025 10:04:40 +0100 +Subject: [PATCH] prevent multilib conflicts on the curl-config script --- curl-config.in | 23 +++++------------------ @@ -10,47 +10,47 @@ Subject: [PATCH 1/2] prevent multilib conflicts on the curl-config script 3 files changed, 9 insertions(+), 19 deletions(-) diff --git a/curl-config.in b/curl-config.in -index 085bb1ef5..e4700260e 100644 +index a1c8185875..bb43ca8335 100644 --- a/curl-config.in +++ b/curl-config.in -@@ -73,7 +73,7 @@ while test "$#" -gt 0; do +@@ -74,7 +74,7 @@ while test "$#" -gt 0; do ;; --cc) - echo '@CC@' -+ echo "gcc" ++ echo 'gcc' ;; --prefix) -@@ -153,16 +153,7 @@ while test "$#" -gt 0; do +@@ -149,16 +149,7 @@ while test "$#" -gt 0; do ;; --libs) -- if test "X@libdir@" != "X/usr/lib" -a "X@libdir@" != "X/usr/lib64"; then -- CURLLIBDIR="-L@libdir@ " +- if test "@libdir@" != '/usr/lib' && test "@libdir@" != '/usr/lib64'; then +- curllibdir="-L@libdir@ " - else -- CURLLIBDIR="" +- curllibdir='' - fi -- if test "X@ENABLE_SHARED@" = "Xno"; then -- echo "${CURLLIBDIR}-lcurl @LIBCURL_LIBS@" +- if test '@ENABLE_SHARED@' = 'no'; then +- echo "${curllibdir}-lcurl @LIBCURL_PC_LIBS_PRIVATE@" - else -- echo "${CURLLIBDIR}-lcurl" +- echo "${curllibdir}-lcurl" - fi -+ echo -lcurl ++ echo '-lcurl' ;; --ssl-backends) -@@ -170,16 +161,12 @@ while test "$#" -gt 0; do +@@ -166,16 +157,12 @@ while test "$#" -gt 0; do ;; --static-libs) -- if test "X@ENABLE_STATIC@" != "Xno" ; then -- echo "@libdir@/libcurl.@libext@" @LDFLAGS@ @LIBCURL_LIBS@ +- if test '@ENABLE_STATIC@' != 'no'; then +- echo "@libdir@/libcurl.@libext@ @LIBCURL_PC_LDFLAGS_PRIVATE@ @LIBCURL_PC_LIBS_PRIVATE@" - else - echo 'curl was built with static libraries disabled' >&2 - exit 1 - fi -+ echo "curl was built with static libraries disabled" >&2 ++ echo 'curl was built with static libraries disabled' >&2 + exit 1 ;; @@ -61,11 +61,11 @@ index 085bb1ef5..e4700260e 100644 *) diff --git a/docs/curl-config.md b/docs/curl-config.md -index d82725082..a79f816e2 100644 +index 12ad245b79..fa0e03d273 100644 --- a/docs/curl-config.md +++ b/docs/curl-config.md -@@ -86,7 +86,9 @@ no, one or several names. If more than one name, they appear comma-separated. - ## --static-libs +@@ -87,7 +87,9 @@ no, one or several names. If more than one name, they appear comma-separated. + ## `--static-libs` Shows the complete set of libs and other linker options you need in order to -link your application with libcurl statically. (Added in 7.17.1) @@ -73,13 +73,13 @@ index d82725082..a79f816e2 100644 +packages do not provide any static libraries, thus cannot be linked statically. +(Added in 7.17.1) - ## --version + ## `--version` diff --git a/libcurl.pc.in b/libcurl.pc.in -index 9db6b0f89..dcac6925a 100644 +index c0ba5244a8..f3645e1748 100644 --- a/libcurl.pc.in +++ b/libcurl.pc.in -@@ -31,6 +31,7 @@ libdir=@libdir@ +@@ -28,6 +28,7 @@ libdir=@libdir@ includedir=@includedir@ supported_protocols="@SUPPORT_PROTOCOLS@" supported_features="@SUPPORT_FEATURES@" @@ -88,5 +88,5 @@ index 9db6b0f89..dcac6925a 100644 Name: libcurl URL: https://curl.se/ -- -2.45.1 +2.52.0 diff --git a/0102-curl-7.84.0-test3026.patch b/0102-curl-7.84.0-test3026.patch deleted file mode 100644 index 82f4642..0000000 --- a/0102-curl-7.84.0-test3026.patch +++ /dev/null @@ -1,71 +0,0 @@ -From 6e470567ca691a7b20334f1b9a5b309053d714b7 Mon Sep 17 00:00:00 2001 -From: Jan Macku -Date: Wed, 22 May 2024 13:03:43 +0200 -Subject: [PATCH 2/2] test3026: disable valgrind - -It fails on x86_64 with: -``` - Use --max-threads=INT to specify a larger number of threads - and rerun valgrind - valgrind: the 'impossible' happened: - Max number of threads is too low - host stacktrace: - ==174357== at 0x58042F5A: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux) - ==174357== by 0x58043087: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux) - ==174357== by 0x580432EF: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux) - ==174357== by 0x58043310: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux) - ==174357== by 0x58099E77: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux) - ==174357== by 0x580E67E9: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux) - ==174357== by 0x5809D59D: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux) - ==174357== by 0x5809901A: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux) - ==174357== by 0x5809B0B6: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux) - ==174357== by 0x580E4050: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux) - sched status: - running_tid=1 - Thread 1: status = VgTs_Runnable syscall 56 (lwpid 174357) - ==174357== at 0x4A07816: clone (in /usr/lib64/libc.so.6) - ==174357== by 0x4A08720: __clone_internal (in /usr/lib64/libc.so.6) - ==174357== by 0x4987ACF: create_thread (in /usr/lib64/libc.so.6) - ==174357== by 0x49885F6: pthread_create@@GLIBC_2.34 (in /usr/lib64/libc.so.6) - ==174357== by 0x1093B5: test.part.0 (lib3026.c:64) - ==174357== by 0x492454F: (below main) (in /usr/lib64/libc.so.6) - client stack range: [0x1FFEFFC000 0x1FFF000FFF] client SP: 0x1FFEFFC998 - valgrind stack range: [0x1002BAA000 0x1002CA9FFF] top usage: 11728 of 1048576 -[...] -``` ---- - tests/data/test3026 | 3 +++ - tests/libtest/lib3026.c | 4 ++-- - 2 files changed, 5 insertions(+), 2 deletions(-) - -diff --git a/tests/data/test3026 b/tests/data/test3026 -index ee9b30678..dd582c3e5 100644 ---- a/tests/data/test3026 -+++ b/tests/data/test3026 -@@ -41,5 +41,8 @@ none - - 0 - -+ -+disable -+ - - -diff --git a/tests/libtest/lib3026.c b/tests/libtest/lib3026.c -index 7e914010e..39374f5bc 100644 ---- a/tests/libtest/lib3026.c -+++ b/tests/libtest/lib3026.c -@@ -145,8 +145,8 @@ CURLcode test(char *URL) - results[i] = CURL_LAST; /* initialize with invalid value */ - res = pthread_create(&tids[i], NULL, run_thread, &results[i]); - if(res) { -- fprintf(stderr, "%s:%d Couldn't create thread, errno %d\n", -- __FILE__, __LINE__, res); -+ fprintf(stderr, "%s:%d Couldn't create thread, i=%u, errno %d\n", -+ __FILE__, __LINE__, i, res); - tid_count = i; - test_failure = (CURLcode)-1; - goto cleanup; --- -2.45.1 - diff --git a/0104-curl-7.88.0-tests-warnings.patch b/0104-curl-7.88.0-tests-warnings.patch deleted file mode 100644 index 0977dee..0000000 --- a/0104-curl-7.88.0-tests-warnings.patch +++ /dev/null @@ -1,30 +0,0 @@ -From ebee18be05631494263bb6be249501eb8874e07a Mon Sep 17 00:00:00 2001 -From: Jan Macku -Date: Wed, 24 Jul 2024 15:15:11 +0200 -Subject: [PATCH] Revert "runtests: consider warnings fatal and error on them" - -While it might be useful for upstream developers, it is not so useful -for downstream consumers. - -This reverts upstream commit 22f795c834cfdbacbb1b55426028a581e3cf67a8. ---- - tests/runtests.pl | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/tests/runtests.pl b/tests/runtests.pl -index 9cc9ef1..c9a1c5d 100755 ---- a/tests/runtests.pl -+++ b/tests/runtests.pl -@@ -57,8 +57,7 @@ - # given, this won't be a problem. - - use strict; --# Promote all warnings to fatal --use warnings FATAL => 'all'; -+use warnings; - use 5.006; - use POSIX qw(strftime); - --- -2.45.2 - diff --git a/curl.rpmlintrc b/curl.rpmlintrc new file mode 100644 index 0000000..022a98e --- /dev/null +++ b/curl.rpmlintrc @@ -0,0 +1,15 @@ +# Intentional stuff we're not concerned about +addFilter("unversioned-explicit-provides webclient") +addFilter("package-with-huge-docs") +addFilter("crypto-policy-non-compliance-openssl /usr/lib(64)?/libcurl.so.4") + +# This is just plain wrong (%_configure redefinition) +addFilter("configure-without-libdir-spec") + +# Technical term +addFilter("E: spelling-error \('kerberos',") + +# Artefacts of RemovePathPostfixes: .minimal +addFilter("W: dangling-relative-symlink /usr/lib/.build-id/.* ../../../../.*curl.*\.minimal") +#addFilter("W: dangling-relative-symlink /usr/lib.*/libcurl.so.4 libcurl.so.4.*.minimal") +#addFilter("E: invalid-ldconfig-symlink /usr/lib.*/libcurl.so.4.* libcurl.so.4.*.minimal") diff --git a/curl.spec b/curl.spec index 174562f..c0ad4db 100644 --- a/curl.spec +++ b/curl.spec @@ -2,15 +2,20 @@ # This is deprecated by OpenSSL since OpenSSL 3.0 and by Fedora since Fedora 41 # https://fedoraproject.org/wiki/Changes/OpensslDeprecateEngine # Change the bcond to 0 to turn off ENGINE support by default -%bcond openssl_engine_support 1 +%bcond openssl_engine_support %[%{defined fedora} || 0%{?rhel} < 10] + +# HTTP/3 support +# This is using ngtcp2 with OpenSSL 3.5 QUIC support instead of curl's +# experimental native OpenSSL 3.5 support. +%bcond http3 %[0%{?fedora} >= 43] Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl -Version: 8.9.1 -Release: 2%{?dist} +Version: 8.18.0 +Release: 1%{?dist} License: curl -Source0: https://curl.se/download/%{name}-%{version}.tar.xz -Source1: https://curl.se/download/%{name}-%{version}.tar.xz.asc +Source0: https://curl.se/download/%{name}-%{version_no_tilde}.tar.xz +Source1: https://curl.se/download/%{name}-%{version_no_tilde}.tar.xz.asc # The curl download page ( https://curl.se/download.html ) links # to Daniel's address page https://daniel.haxx.se/address.html for the GPG Key, # which points to the GPG key as of April 7th 2016 of https://daniel.haxx.se/mykey.asc @@ -19,22 +24,17 @@ Source2: mykey.asc # patch making libcurl multilib ready Patch101: 0101-curl-7.32.0-multilib.patch -# test3026: disable valgrind -Patch102: 0102-curl-7.84.0-test3026.patch - -# do not fail on warnings in the upstream test driver -Patch104: 0104-curl-7.88.0-tests-warnings.patch - -# Fix crashes with transmission due to SIGPIPE -# https://github.com/curl/curl/commit/3eec5afbd0b6377eca893c392569b2faf094d970 -Patch001: 0001-curl-8.9.1-sigpipe.patch - Provides: curl-full = %{version}-%{release} # do not fail when trying to install curl-minimal after drop Provides: curl-minimal = %{version}-%{release} Provides: webclient URL: https://curl.se/ +%if 0%{?fedora} +# instead of bundled wcurl utility, recommend wcurl package +Recommends: wcurl +%endif + # The reason for maintaining two separate packages for curl is no longer valid. # The curl-minimal is currently almost identical to curl-full, so let's drop curl-minimal. # For more details, see https://bugzilla.redhat.com/show_bug.cgi?id=2262096 @@ -48,15 +48,22 @@ BuildRequires: groff BuildRequires: krb5-devel BuildRequires: libidn2-devel BuildRequires: libnghttp2-devel +%if %{with http3} +BuildRequires: libnghttp3-devel +%endif BuildRequires: libpsl-devel BuildRequires: libssh-devel BuildRequires: libtool BuildRequires: make +%if %{with http3} +BuildRequires: ngtcp2-crypto-ossl-devel +%endif BuildRequires: openldap-devel BuildRequires: openssh-clients BuildRequires: openssh-server +BuildRequires: openssl BuildRequires: openssl-devel -%if %{with openssl_engine_support} +%if %{with openssl_engine_support} && 0%{?fedora} >= 41 BuildRequires: openssl-devel-engine %endif BuildRequires: perl-interpreter @@ -101,6 +108,7 @@ BuildRequires: perl(Exporter) BuildRequires: perl(File::Basename) BuildRequires: perl(File::Copy) BuildRequires: perl(File::Spec) +BuildRequires: perl(I18N::Langinfo) BuildRequires: perl(IPC::Open2) BuildRequires: perl(List::Util) BuildRequires: perl(Memoize) @@ -144,6 +152,10 @@ Requires: libcurl%{?_isa} >= %{version}-%{release} # to ensure that we have the necessary symbols available (#2144277) %global libnghttp2_version %(pkg-config --modversion libnghttp2 2>/dev/null || echo 0) +# require at least the version of libnghttp3 that we were built against, +# to ensure that we have the necessary symbols available +%global libnghttp3_version %(pkg-config --modversion libnghttp3 2>/dev/null || echo 0) + # require at least the version of libpsl that we were built against, # to ensure that we have the necessary symbols available (#1631804) %global libpsl_version %(pkg-config --modversion libpsl 2>/dev/null || echo 0) @@ -152,6 +164,10 @@ Requires: libcurl%{?_isa} >= %{version}-%{release} # to ensure that we have the necessary symbols available (#525002, #642796) %global libssh_version %(pkg-config --modversion libssh 2>/dev/null || echo 0) +# require at least the version of ngtcp2 that we were built against, +# to ensure that we have the necessary symbols available +%global ngtcp2_version %(pkg-config --modversion libngtcp2 2>/dev/null || echo 0) + # require at least the version of openssl-libs that we were built against, # to ensure that we have the necessary symbols available (#1462184, #1462211) # (we need to translate 3.0.0-alpha16 -> 3.0.0-0.alpha16 and 3.0.0-beta1 -> 3.0.0-0.beta1 though) @@ -168,8 +184,14 @@ resume, proxy tunneling and a busload of other useful tricks. %package -n libcurl Summary: A library for getting files from web servers Requires: libnghttp2%{?_isa} >= %{libnghttp2_version} +%if %{with http3} +Requires: libnghttp3%{?_isa} >= %{libnghttp3_version} +%endif Requires: libpsl%{?_isa} >= %{libpsl_version} Requires: libssh%{?_isa} >= %{libssh_version} +%if %{with http3} +Requires: ngtcp2%{?_isa} >= %{ngtcp2_version} +%endif Requires: openssl-libs%{?_isa} >= 1:%{openssl_version} Provides: libcurl-full = %{version}-%{release} Provides: libcurl-full%{?_isa} = %{version}-%{release} @@ -214,11 +236,11 @@ be installed. %prep %{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}' -%autosetup -p1 +%autosetup -n %{name}-%{version_no_tilde} -p1 # disable test 1801 # -printf "1801\n" >> tests/data/DISABLED +printf "1801\n" >>tests/data/DISABLED # test3026: avoid pthread_create() failure due to resource exhaustion on i386 %ifarch %{ix86} @@ -238,10 +260,14 @@ sed -e 's|^35$|35,52|' -i tests/data/test323 eval "$cmd" ) +# avoid unnecessary arch-dependent line in the processed file +sed -e '/# Used in @libdir@/d' \ + -i curl-config.in + +%build # regenerate the configure script and Makefile.in files autoreconf -fiv -%build mkdir build-{full,minimal} export common_configure_opts=" \ --cache-file=../config.cache \ @@ -255,7 +281,7 @@ export common_configure_opts=" \ --with-gssapi \ --with-libidn2 \ --with-nghttp2 \ - --with-ssl --with-ca-bundle=%{_sysconfdir}/pki/tls/certs/ca-bundle.crt \ + --with-ssl --with-ca-bundle=%{_sysconfdir}/pki/ca-trust/extracted/pem/tls-ca-bundle.pem \ --with-zsh-functions-dir" %global _configure ../configure @@ -271,7 +297,6 @@ export common_configure_opts=" \ --disable-ldaps \ --disable-mqtt \ --disable-ntlm \ - --disable-ntlm-wb \ --disable-pop3 \ --disable-rtsp \ --disable-smb \ @@ -296,7 +321,6 @@ export common_configure_opts=" \ --enable-ldaps \ --enable-mqtt \ --enable-ntlm \ - --enable-ntlm-wb \ --enable-pop3 \ --enable-rtsp \ --enable-smb \ @@ -307,7 +331,11 @@ export common_configure_opts=" \ --enable-websockets \ --with-brotli \ --with-libpsl \ - --with-libssh + --with-libssh \ +%if %{with http3} + --with-nghttp3 \ + --with-ngtcp2 \ +%endif ) # avoid using rpath @@ -369,18 +397,24 @@ rm -rf ${RPM_BUILD_ROOT}%{_datadir}/fish rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la +# do not install bundled wcurl utility +# it is provided by the wcurl package +rm -f ${RPM_BUILD_ROOT}%{_bindir}/wcurl +rm -f ${RPM_BUILD_ROOT}%{_mandir}/man1/wcurl.1* + %ldconfig_scriptlets -n libcurl %ldconfig_scriptlets -n libcurl-minimal %files -%doc CHANGES +%doc CHANGES.md %doc README %doc docs/BUGS.md %doc docs/DISTROS.md -%doc docs/FAQ +%doc docs/FAQ.md %doc docs/FEATURES.md -%doc docs/TODO +%doc docs/KNOWN_BUGS.md +%doc docs/TODO.md %doc docs/TheArtOfHttpScripting.md %{_bindir}/curl %{_mandir}/man1/curl.1* @@ -408,6 +442,140 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %changelog +* Wed Jan 07 2026 Jan Macku - 8.18.0-1 +- new upstream release + +* Mon Jan 05 2026 Jan Macku - 8.18.0~rc3-1 +- new upstream release candidate + +* Tue Dec 16 2025 Jan Macku - 8.18.0~rc2-1 +- new upstream release candidate +- reenable valgrind on test 616 + +* Tue Dec 09 2025 Jan Macku - 8.18.0~rc1-1 +- new upstream release candidate +- drop upstreamed patches + +* Sun Dec 07 2025 Aleksei Bavshin - 8.17.0-5 +- Enable HTTP/3 support with ngtcp2 + +* Thu Dec 04 2025 Jan Macku - 8.17.0-4 +- apply upstream patches for valgrind issues in HTTP/3 (#2408809) + +* Thu Nov 13 2025 Jan Macku - 8.17.0-3 +- recommend wcurl package instead of bundled wcurl utility + +* Thu Nov 13 2025 Jan Macku - 8.17.0-2 +- remove bundled wcurl utility that was added in 8.14.0~rc1, use wcurl package instead + +* Mon Nov 10 2025 Jan Macku - 8.17.0-1 +- new upstream release + +* Thu Oct 30 2025 Jan Macku - 8.17.0~rc3-1 +- new upstream release candidate + +* Tue Oct 21 2025 Jan Macku - 8.17.0~rc2-1 +- new upstream release candidate + +* Mon Oct 13 2025 Jan Macku - 8.17.0~rc1-1 +- new upstream release candidate + +* Wed Sep 10 2025 Jan Macku - 8.16.0-1 +- new upstream release + +* Wed Sep 03 2025 Jan Macku - 8.16.0~rc3-1 +- new upstream release candidate + +* Tue Aug 26 2025 Jan Macku - 8.16.0~rc2-1 +- new upstream release candidate + +* Wed Jul 23 2025 Fedora Release Engineering - 8.15.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild + +* Wed Jul 16 2025 Jan Macku - 8.15.0-1 +- new upstream release + +* Thu Jul 10 2025 Jan Macku - 8.15.0~rc3-1 +- new upstream release candidate + +* Mon Jun 30 2025 Jan Macku - 8.15.0~rc2-1 +- new upstream release candidate + +* Mon Jun 23 2025 Jan Macku - 8.15.0~rc1-1 +- new upstream release candidate + +* Wed Jun 04 2025 Jan Macku - 8.14.1-1 +- new upstream release +- drop: 0001-curl-8.14.0-multi-fix-add_handle-resizing.patch (no longer needed) + +* Wed May 28 2025 Jan Macku - 8.14.0-1 +- new upstream release, which fixes the following vulnerabilities + CVE-2025-5025 - No QUIC certificate pinning with wolfSSL + CVE-2025-4947 - QUIC certificate check skip with wolfSSL +- fix regression: curl_multi_add_handle() returning OOM when using more than 400 handles + +* Fri May 02 2025 Jan Macku - 8.14.0~rc1-1 +- new upstream release candidate +- new utility: wcurl which lets you download URLs without having to remember any parameters + +* Wed Apr 02 2025 Jan Macku - 8.13.0-1 +- new upstream release +- add build time dependency on openssl (required by tests) + +* Wed Mar 26 2025 Jan Macku - 8.13.0~rc3-1 +- new upstream release candidate +- drop: 0102-curl-7.84.0-test3026.patch (no longer needed) + +* Tue Mar 18 2025 Jan Macku - 8.13.0~rc2-1 +- new upstream release candidate + +* Thu Mar 13 2025 Jan Macku - 8.13.0~rc1-2 +- fix --cert parameter (#2351531) + +* Mon Mar 10 2025 Jan Macku - 8.13.0~rc1-1 +- new upstream release candidate + +* Wed Feb 05 2025 Jan Macku - 8.12.0-1 +- new upstream release, which fixes the following vulnerabilities + CVE-2025-0725 - gzip integer overflow + CVE-2025-0665 - eventfd double close + CVE-2025-0167 - netrc and default credential leak +- drop upstreamed patches + +* Fri Jan 31 2025 Jan Macku - 8.11.1-4 +- TLS: check connection for SSL use, not handler (#2324130#c7) + +* Thu Jan 16 2025 Fedora Release Engineering - 8.11.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild + +* Sun Dec 15 2024 Paul Howarth - 8.11.1-2 +- Fix crash with Unexpected error 9 on netlink descriptor 10 (rhbz#2332350) + - https://github.com/curl/curl/issues/15725 + - https://github.com/curl/curl/pull/15727 + +* Wed Dec 11 2024 Jan Macku - 8.11.1-1 +- new upstream release, which fixes the following vulnerabilities + CVE-2024-11053 - netrc and redirect credential leak + +* Wed Nov 06 2024 Yaakov Selkowitz - 8.11.0-2 +- Disable engine support on RHEL 10+ + +* Wed Nov 06 2024 Jan Macku - 8.11.0-1 +- new upstream release, which fixes the following vulnerabilities + CVE-2024-9681 - HSTS subdomain overwrites parent cache entry + +* Tue Sep 24 2024 Jan Macku - 8.10.1-2 +- Use tls-ca-bundle.pem instead of ca-bundle.crt (OpenSSL specific) (#2313564) + +* Wed Sep 18 2024 Jan Macku - 8.10.1-1 +- new upstream release + +* Wed Sep 11 2024 Jan Macku - 8.10.0-1 +- new upstream release + +* Wed Aug 21 2024 Jacek Migacz - 8.9.1-3 +- Retire deprecated ntlm-wb configure option + * Mon Aug 5 2024 voidanix - 8.9.1-2 - Apply SIGPIPE-related patch due to upstream regression diff --git a/sources b/sources index e35c435..002e494 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (curl-8.9.1.tar.xz) = a0fe234402875db194aad4e4208b7e67e7ffc1562622eea90948d4b9b0122c95c3dde8bbe2f7445a687cb3de7cb09f20e5819d424570442d976aa4c913227fc7 -SHA512 (curl-8.9.1.tar.xz.asc) = 18acd58436d70900ab6912b84774da2c451b9dbfc83d6d00f85bbbe7894b67075918e58956fdb753fcc1486e4f10caa31139d7c68b037d7c83dc2e9c2fae9f9b +SHA512 (curl-8.18.0.tar.xz) = 50c7a7b0528e0019697b0c59b3e56abb2578c71d77e4c085b56797276094b5611718c0a9cb2b14db7f8ab502fcf8f42a364297a3387fae3870a4d281484ba21c +SHA512 (curl-8.18.0.tar.xz.asc) = 07e08d1bb3f8bf20b3d22f37fbc19c49c0d9ee4ea9d92da76fa8a9de343023e1b5d416ccc6535a4ff98b08b30eb9334fd856227e37564f6bcd542aa81bced152 diff --git a/tests/non-root-user-download/runtest.sh b/tests/non-root-user-download/runtest.sh index 4d51e62..0d72276 100755 --- a/tests/non-root-user-download/runtest.sh +++ b/tests/non-root-user-download/runtest.sh @@ -31,9 +31,9 @@ PACKAGE="curl" -FTP_URL=ftp://ftp.fi.muni.cz/pub/linux/fedora/linux/releases/38/Everything/x86_64/iso/Fedora-Everything-38-1.6-x86_64-CHECKSUM -HTTP_URL=https://archives.fedoraproject.org/pub/fedora/linux/releases/38/Everything/x86_64/iso/Fedora-Everything-38-1.6-x86_64-CHECKSUM -CONTENT=4d042dedc8886856db10bc882074b84dcce52f829ea7b3f31d8031db8d84df20 +FTP_URL=ftp://ftp.fi.muni.cz/pub/linux/fedora/linux/releases/42/Everything/x86_64/iso/Fedora-Everything-42-1.1-x86_64-CHECKSUM +HTTP_URL=https://archives.fedoraproject.org/pub/fedora/linux/releases/42/Everything/x86_64/iso/Fedora-Everything-42-1.1-x86_64-CHECKSUM +CONTENT=1bd6ab4798983c2fe4a210f9c4ca135fed453d6142ba852c1f8d5fba22e113ab PASSWORD=pAssw0rd OPTIONS="" rlIsRHEL 7 && OPTIONS="--insecure"