From 25bb999ab6de05c3cfe0d2fcd99ecc58da092e7b Mon Sep 17 00:00:00 2001 From: Jacek Migacz Date: Wed, 21 Aug 2024 18:04:41 +0200 Subject: [PATCH 01/44] Retire depricated ntlm-wb configure option --- curl.spec | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/curl.spec b/curl.spec index 174562f..8aaa2b2 100644 --- a/curl.spec +++ b/curl.spec @@ -7,7 +7,7 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl Version: 8.9.1 -Release: 2%{?dist} +Release: 3%{?dist} License: curl Source0: https://curl.se/download/%{name}-%{version}.tar.xz Source1: https://curl.se/download/%{name}-%{version}.tar.xz.asc @@ -271,7 +271,6 @@ export common_configure_opts=" \ --disable-ldaps \ --disable-mqtt \ --disable-ntlm \ - --disable-ntlm-wb \ --disable-pop3 \ --disable-rtsp \ --disable-smb \ @@ -296,7 +295,6 @@ export common_configure_opts=" \ --enable-ldaps \ --enable-mqtt \ --enable-ntlm \ - --enable-ntlm-wb \ --enable-pop3 \ --enable-rtsp \ --enable-smb \ @@ -408,6 +406,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %changelog +* Wed Aug 21 2024 Jacek Migacz - 8.9.1-3 +- Retire depricated ntlm-wb configure option + * Mon Aug 5 2024 voidanix - 8.9.1-2 - Apply SIGPIPE-related patch due to upstream regression From 8669cc07274c3121030e182bfdb8acd2b2973dca Mon Sep 17 00:00:00 2001 From: Jan Macku Date: Wed, 11 Sep 2024 09:13:07 +0200 Subject: [PATCH 02/44] new upstream release - 8.10.0 --- 0001-curl-8.9.1-sigpipe.patch | 32 ------------------------------- 0101-curl-7.32.0-multilib.patch | 34 ++++++++++++++++----------------- curl.spec | 13 ++++++------- sources | 4 ++-- 4 files changed, 25 insertions(+), 58 deletions(-) delete mode 100644 0001-curl-8.9.1-sigpipe.patch diff --git a/0001-curl-8.9.1-sigpipe.patch b/0001-curl-8.9.1-sigpipe.patch deleted file mode 100644 index f4f0346..0000000 --- a/0001-curl-8.9.1-sigpipe.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 3eec5afbd0b6377eca893c392569b2faf094d970 Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Mon, 5 Aug 2024 00:17:17 +0200 -Subject: [PATCH] sigpipe: init the struct so that first apply ignores - -Initializes 'no_signal' to TRUE, so that a call to sigpipe_apply() after -init ignores the signal (unless CURLOPT_NOSIGNAL) is set. - -I have read the existing code multiple times now and I think it gets the -initial state reversed this missing to ignore. - -Regression from 17e6f06ea37136c36d27 - -Reported-by: Rasmus Thomsen -Fixes #14344 -Closes #14390 ---- - lib/sigpipe.h | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/lib/sigpipe.h b/lib/sigpipe.h -index b91a2f51333956..d78afd905d3414 100644 ---- a/lib/sigpipe.h -+++ b/lib/sigpipe.h -@@ -39,6 +39,7 @@ struct sigpipe_ignore { - static void sigpipe_init(struct sigpipe_ignore *ig) - { - memset(ig, 0, sizeof(*ig)); -+ ig->no_signal = TRUE; - } - - /* diff --git a/0101-curl-7.32.0-multilib.patch b/0101-curl-7.32.0-multilib.patch index f3636dc..8cada87 100644 --- a/0101-curl-7.32.0-multilib.patch +++ b/0101-curl-7.32.0-multilib.patch @@ -1,7 +1,7 @@ -From f4e7b98fb25ff737af29908f3a2081cca9a73437 Mon Sep 17 00:00:00 2001 +From da51b3d89a33fb3a1cbc5dd5faebc4ee18bbcc46 Mon Sep 17 00:00:00 2001 From: Jan Macku -Date: Wed, 22 May 2024 13:00:08 +0200 -Subject: [PATCH 1/2] prevent multilib conflicts on the curl-config script +Date: Wed, 11 Sep 2024 09:21:25 +0200 +Subject: [PATCH] prevent multilib conflicts on the curl-config script --- curl-config.in | 23 +++++------------------ @@ -10,19 +10,19 @@ Subject: [PATCH 1/2] prevent multilib conflicts on the curl-config script 3 files changed, 9 insertions(+), 19 deletions(-) diff --git a/curl-config.in b/curl-config.in -index 085bb1ef5..e4700260e 100644 +index 294e083..df41899 100644 --- a/curl-config.in +++ b/curl-config.in -@@ -73,7 +73,7 @@ while test "$#" -gt 0; do +@@ -75,7 +75,7 @@ while test "$#" -gt 0; do ;; --cc) - echo '@CC@' -+ echo "gcc" ++ echo 'gcc' ;; --prefix) -@@ -153,16 +153,7 @@ while test "$#" -gt 0; do +@@ -155,16 +155,7 @@ while test "$#" -gt 0; do ;; --libs) @@ -32,25 +32,25 @@ index 085bb1ef5..e4700260e 100644 - CURLLIBDIR="" - fi - if test "X@ENABLE_SHARED@" = "Xno"; then -- echo "${CURLLIBDIR}-lcurl @LIBCURL_LIBS@" +- echo "${CURLLIBDIR}-lcurl @LIBCURL_PC_LIBS_PRIVATE@" - else - echo "${CURLLIBDIR}-lcurl" - fi -+ echo -lcurl ++ echo '-lcurl' ;; --ssl-backends) -@@ -170,16 +161,12 @@ while test "$#" -gt 0; do +@@ -172,16 +163,12 @@ while test "$#" -gt 0; do ;; --static-libs) - if test "X@ENABLE_STATIC@" != "Xno" ; then -- echo "@libdir@/libcurl.@libext@" @LDFLAGS@ @LIBCURL_LIBS@ +- echo "@libdir@/libcurl.@libext@" @LDFLAGS@ @LIBCURL_PC_LIBS_PRIVATE@ - else - echo 'curl was built with static libraries disabled' >&2 - exit 1 - fi -+ echo "curl was built with static libraries disabled" >&2 ++ echo 'curl was built with static libraries disabled' >&2 + exit 1 ;; @@ -61,10 +61,10 @@ index 085bb1ef5..e4700260e 100644 *) diff --git a/docs/curl-config.md b/docs/curl-config.md -index d82725082..a79f816e2 100644 +index 4dfaab6..f4e847e 100644 --- a/docs/curl-config.md +++ b/docs/curl-config.md -@@ -86,7 +86,9 @@ no, one or several names. If more than one name, they appear comma-separated. +@@ -87,7 +87,9 @@ no, one or several names. If more than one name, they appear comma-separated. ## --static-libs Shows the complete set of libs and other linker options you need in order to @@ -76,10 +76,10 @@ index d82725082..a79f816e2 100644 ## --version diff --git a/libcurl.pc.in b/libcurl.pc.in -index 9db6b0f89..dcac6925a 100644 +index 8f6f9b4..f69815c 100644 --- a/libcurl.pc.in +++ b/libcurl.pc.in -@@ -31,6 +31,7 @@ libdir=@libdir@ +@@ -28,6 +28,7 @@ libdir=@libdir@ includedir=@includedir@ supported_protocols="@SUPPORT_PROTOCOLS@" supported_features="@SUPPORT_FEATURES@" @@ -88,5 +88,5 @@ index 9db6b0f89..dcac6925a 100644 Name: libcurl URL: https://curl.se/ -- -2.45.1 +2.46.0 diff --git a/curl.spec b/curl.spec index 8aaa2b2..93942f0 100644 --- a/curl.spec +++ b/curl.spec @@ -6,8 +6,8 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl -Version: 8.9.1 -Release: 3%{?dist} +Version: 8.10.0 +Release: 1%{?dist} License: curl Source0: https://curl.se/download/%{name}-%{version}.tar.xz Source1: https://curl.se/download/%{name}-%{version}.tar.xz.asc @@ -25,10 +25,6 @@ Patch102: 0102-curl-7.84.0-test3026.patch # do not fail on warnings in the upstream test driver Patch104: 0104-curl-7.88.0-tests-warnings.patch -# Fix crashes with transmission due to SIGPIPE -# https://github.com/curl/curl/commit/3eec5afbd0b6377eca893c392569b2faf094d970 -Patch001: 0001-curl-8.9.1-sigpipe.patch - Provides: curl-full = %{version}-%{release} # do not fail when trying to install curl-minimal after drop Provides: curl-minimal = %{version}-%{release} @@ -372,7 +368,7 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la %ldconfig_scriptlets -n libcurl-minimal %files -%doc CHANGES +%doc CHANGES.md %doc README %doc docs/BUGS.md %doc docs/DISTROS.md @@ -406,6 +402,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %changelog +* Wed Sep 11 2024 Jan Macku - 8.10.0-1 +- new upstream release + * Wed Aug 21 2024 Jacek Migacz - 8.9.1-3 - Retire depricated ntlm-wb configure option diff --git a/sources b/sources index e35c435..9865b71 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (curl-8.9.1.tar.xz) = a0fe234402875db194aad4e4208b7e67e7ffc1562622eea90948d4b9b0122c95c3dde8bbe2f7445a687cb3de7cb09f20e5819d424570442d976aa4c913227fc7 -SHA512 (curl-8.9.1.tar.xz.asc) = 18acd58436d70900ab6912b84774da2c451b9dbfc83d6d00f85bbbe7894b67075918e58956fdb753fcc1486e4f10caa31139d7c68b037d7c83dc2e9c2fae9f9b +SHA512 (curl-8.10.0.tar.xz) = 055277695ea242fcb0bf26ca6c4867a385cd578cd73ed4c5c4a020233248044c1ecaebcbaeaac47d3ffe07a41300ea5fc86396d7e812137cf75ed3e1b54ca5b2 +SHA512 (curl-8.10.0.tar.xz.asc) = 3d3ece14008facc373cd715d46eeb523bb17a701df3b1839f0774847692613a9472d3e7a60ba814846bbc8e8e4f17c81a1f1355e1c9eebef244b7cd00e0f6fb8 From 67e25e1742ad1cbb538297a9287901e14870ca03 Mon Sep 17 00:00:00 2001 From: Jan Macku Date: Wed, 18 Sep 2024 09:45:38 +0200 Subject: [PATCH 03/44] new upstream release - 8.10.1 --- curl.spec | 5 ++++- sources | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/curl.spec b/curl.spec index 93942f0..90d611d 100644 --- a/curl.spec +++ b/curl.spec @@ -6,7 +6,7 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl -Version: 8.10.0 +Version: 8.10.1 Release: 1%{?dist} License: curl Source0: https://curl.se/download/%{name}-%{version}.tar.xz @@ -402,6 +402,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %changelog +* Wed Sep 18 2024 Jan Macku - 8.10.1-1 +- new upstream release + * Wed Sep 11 2024 Jan Macku - 8.10.0-1 - new upstream release diff --git a/sources b/sources index 9865b71..c221532 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (curl-8.10.0.tar.xz) = 055277695ea242fcb0bf26ca6c4867a385cd578cd73ed4c5c4a020233248044c1ecaebcbaeaac47d3ffe07a41300ea5fc86396d7e812137cf75ed3e1b54ca5b2 -SHA512 (curl-8.10.0.tar.xz.asc) = 3d3ece14008facc373cd715d46eeb523bb17a701df3b1839f0774847692613a9472d3e7a60ba814846bbc8e8e4f17c81a1f1355e1c9eebef244b7cd00e0f6fb8 +SHA512 (curl-8.10.1.tar.xz) = f1c7a12492dcfb8ba08be69b96a83ce9074592cbaa6b95c72b3c16fc58ad35e9f9deec7b72baca7d360d013b0b1c7ea38bd4edae464903ac67aa3c76238d8c6c +SHA512 (curl-8.10.1.tar.xz.asc) = 21d6d560c027efc9e3e5db182a77501d6376442221ba910df817e2ec980bee44a9fe2afc698205f8d5e8313ae47915a341d60206a46b46e816d73ee357a894ac From 1268eeab81c68b229828d0a19c1992f939728f11 Mon Sep 17 00:00:00 2001 From: Jan Macku Date: Tue, 24 Sep 2024 13:37:40 +0200 Subject: [PATCH 04/44] spec: use tls-ca-bundle.pem instead of ca-bundle.crt Resolves: #2313564 --- curl.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/curl.spec b/curl.spec index 90d611d..0cfbaa8 100644 --- a/curl.spec +++ b/curl.spec @@ -7,7 +7,7 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl Version: 8.10.1 -Release: 1%{?dist} +Release: 2%{?dist} License: curl Source0: https://curl.se/download/%{name}-%{version}.tar.xz Source1: https://curl.se/download/%{name}-%{version}.tar.xz.asc @@ -251,7 +251,7 @@ export common_configure_opts=" \ --with-gssapi \ --with-libidn2 \ --with-nghttp2 \ - --with-ssl --with-ca-bundle=%{_sysconfdir}/pki/tls/certs/ca-bundle.crt \ + --with-ssl --with-ca-bundle=%{_sysconfdir}/pki/ca-trust/extracted/pem/tls-ca-bundle.pem \ --with-zsh-functions-dir" %global _configure ../configure @@ -402,6 +402,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %changelog +* Tue Sep 24 2024 Jan Macku - 8.10.1-2 +- Use tls-ca-bundle.pem instead of ca-bundle.crt (OpenSSL specific) (#2313564) + * Wed Sep 18 2024 Jan Macku - 8.10.1-1 - new upstream release From d92476d332b446e871f74225c987968021a5c526 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sun, 29 Sep 2024 16:03:18 +0200 Subject: [PATCH 05/44] Move the autoreconf invocation to %build section The %prep section is supposed to extract and possibly patch the sources. In particular, the code provided by the package should not be called here, but only in %build section. This keeps %prep quick and allows the code provided by upstream to be inspected before running it. Also drop space after the redirection operator to match the style elsewhere in the spec file. Having symmetrical whitespace around the operator makes it look like a binary operator, which it very much is not. --- curl.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/curl.spec b/curl.spec index 0cfbaa8..0c2163c 100644 --- a/curl.spec +++ b/curl.spec @@ -214,7 +214,7 @@ be installed. # disable test 1801 # -printf "1801\n" >> tests/data/DISABLED +printf "1801\n" >>tests/data/DISABLED # test3026: avoid pthread_create() failure due to resource exhaustion on i386 %ifarch %{ix86} @@ -234,10 +234,10 @@ sed -e 's|^35$|35,52|' -i tests/data/test323 eval "$cmd" ) +%build # regenerate the configure script and Makefile.in files autoreconf -fiv -%build mkdir build-{full,minimal} export common_configure_opts=" \ --cache-file=../config.cache \ From e685607ffd9adf33f28101db012be952b5196072 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sun, 29 Sep 2024 16:10:22 +0200 Subject: [PATCH 06/44] Make curl-config arch-independent The final /usr/bin/curl-config file had a comment like "prefix=/usr # used in /usr/lib64" or "prefix=/usr # used in /usr/lib", depending on the arch. This causes the following error on upgrades from f40 for people who have both libcurl-devel.i686 and libcurl-devel.x86_64 installed: Transaction failed: Rpm transaction failed. - file /usr/bin/curl-config conflicts between attempted installs of libcurl-devel-8.9.1-2.fc41.i686 and libcurl-devel-8.9.1-2.fc41.x86_64 The comment is actually not useful at all after the variable is expanded, since it's not clear what is meant by "used in /usr/lib64". Just drop it. With this change, the packages are constinstallable again. --- curl.spec | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/curl.spec b/curl.spec index 0c2163c..3c25207 100644 --- a/curl.spec +++ b/curl.spec @@ -234,6 +234,10 @@ sed -e 's|^35$|35,52|' -i tests/data/test323 eval "$cmd" ) +# avoid unnecessary arch-dependent line in the processed file +sed -e '/# Used in @libdir@/d' \ + -i curl-config.in + %build # regenerate the configure script and Makefile.in files autoreconf -fiv From 44fdfebea17b606fc56b5d0656c982a7a528f366 Mon Sep 17 00:00:00 2001 From: Jan Macku Date: Wed, 6 Nov 2024 10:06:18 +0100 Subject: [PATCH 07/44] new upstream release - 8.11.0 --- .gitignore | 2 +- 0101-curl-7.32.0-multilib.patch | 20 ++++++++++---------- curl.spec | 9 +++++++-- sources | 4 ++-- 4 files changed, 20 insertions(+), 15 deletions(-) diff --git a/.gitignore b/.gitignore index cd6f067..9bb4285 100644 --- a/.gitignore +++ b/.gitignore @@ -2,5 +2,5 @@ /curl-[0-9.]*.tar.lzma.asc /curl-[0-9.]*.tar.xz /curl-[0-9.]*.tar.xz.asc -/curl-[0-9].[0-9].[0-9]/ +/curl-[0-9]*.[0-9]*.[0-9]*/ /*.src.rpm diff --git a/0101-curl-7.32.0-multilib.patch b/0101-curl-7.32.0-multilib.patch index 8cada87..8f3fd08 100644 --- a/0101-curl-7.32.0-multilib.patch +++ b/0101-curl-7.32.0-multilib.patch @@ -1,6 +1,6 @@ -From da51b3d89a33fb3a1cbc5dd5faebc4ee18bbcc46 Mon Sep 17 00:00:00 2001 +From fa6477b901ca866a52db18a818975479f2144928 Mon Sep 17 00:00:00 2001 From: Jan Macku -Date: Wed, 11 Sep 2024 09:21:25 +0200 +Date: Wed, 6 Nov 2024 13:25:10 +0100 Subject: [PATCH] prevent multilib conflicts on the curl-config script --- @@ -10,7 +10,7 @@ Subject: [PATCH] prevent multilib conflicts on the curl-config script 3 files changed, 9 insertions(+), 19 deletions(-) diff --git a/curl-config.in b/curl-config.in -index 294e083..df41899 100644 +index 2dc40ed..9fb1a33 100644 --- a/curl-config.in +++ b/curl-config.in @@ -75,7 +75,7 @@ while test "$#" -gt 0; do @@ -26,12 +26,12 @@ index 294e083..df41899 100644 ;; --libs) -- if test "X@libdir@" != "X/usr/lib" -a "X@libdir@" != "X/usr/lib64"; then +- if test "X@libdir@" != 'X/usr/lib' -a "X@libdir@" != 'X/usr/lib64'; then - CURLLIBDIR="-L@libdir@ " - else -- CURLLIBDIR="" +- CURLLIBDIR='' - fi -- if test "X@ENABLE_SHARED@" = "Xno"; then +- if test 'X@ENABLE_SHARED@' = 'Xno'; then - echo "${CURLLIBDIR}-lcurl @LIBCURL_PC_LIBS_PRIVATE@" - else - echo "${CURLLIBDIR}-lcurl" @@ -44,8 +44,8 @@ index 294e083..df41899 100644 ;; --static-libs) -- if test "X@ENABLE_STATIC@" != "Xno" ; then -- echo "@libdir@/libcurl.@libext@" @LDFLAGS@ @LIBCURL_PC_LIBS_PRIVATE@ +- if test 'X@ENABLE_STATIC@' != 'Xno'; then +- echo "@libdir@/libcurl.@libext@ @LDFLAGS@ @LIBCURL_PC_LIBS_PRIVATE@" - else - echo 'curl was built with static libraries disabled' >&2 - exit 1 @@ -76,7 +76,7 @@ index 4dfaab6..f4e847e 100644 ## --version diff --git a/libcurl.pc.in b/libcurl.pc.in -index 8f6f9b4..f69815c 100644 +index 4c60a7e..9fd935a 100644 --- a/libcurl.pc.in +++ b/libcurl.pc.in @@ -28,6 +28,7 @@ libdir=@libdir@ @@ -88,5 +88,5 @@ index 8f6f9b4..f69815c 100644 Name: libcurl URL: https://curl.se/ -- -2.46.0 +2.47.0 diff --git a/curl.spec b/curl.spec index 3c25207..80243c8 100644 --- a/curl.spec +++ b/curl.spec @@ -6,8 +6,8 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl -Version: 8.10.1 -Release: 2%{?dist} +Version: 8.11.0 +Release: 1%{?dist} License: curl Source0: https://curl.se/download/%{name}-%{version}.tar.xz Source1: https://curl.se/download/%{name}-%{version}.tar.xz.asc @@ -97,6 +97,7 @@ BuildRequires: perl(Exporter) BuildRequires: perl(File::Basename) BuildRequires: perl(File::Copy) BuildRequires: perl(File::Spec) +BuildRequires: perl(I18N::Langinfo) BuildRequires: perl(IPC::Open2) BuildRequires: perl(List::Util) BuildRequires: perl(Memoize) @@ -406,6 +407,10 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %changelog +* Wed Nov 06 2024 Jan Macku - 8.11.0-1 +- new upstream release, which fixes the following vulnerabilities + CVE-2024-9681 - HSTS subdomain overwrites parent cache entry + * Tue Sep 24 2024 Jan Macku - 8.10.1-2 - Use tls-ca-bundle.pem instead of ca-bundle.crt (OpenSSL specific) (#2313564) diff --git a/sources b/sources index c221532..f45b6fe 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (curl-8.10.1.tar.xz) = f1c7a12492dcfb8ba08be69b96a83ce9074592cbaa6b95c72b3c16fc58ad35e9f9deec7b72baca7d360d013b0b1c7ea38bd4edae464903ac67aa3c76238d8c6c -SHA512 (curl-8.10.1.tar.xz.asc) = 21d6d560c027efc9e3e5db182a77501d6376442221ba910df817e2ec980bee44a9fe2afc698205f8d5e8313ae47915a341d60206a46b46e816d73ee357a894ac +SHA512 (curl-8.11.0.tar.xz) = 3a642d421e0a5c09ecb681bea18498f2c6124e9af4d8afdc074dfb85a9b0211d8972ade9cf00ab44b5dfed9303262cd83551dd3b5e0976d11fc19da3c4a0987e +SHA512 (curl-8.11.0.tar.xz.asc) = 71073dde48e8f0013e392eb88bf70f6b8a4a4f0c955a3fb56db98e74aa10acc1004e2a0483f30be082e61b59a76fa75ae1d90545ace7c6b07bca8164078375f0 From 0e038361ddf5965bd02544323cab07570e4281f6 Mon Sep 17 00:00:00 2001 From: Yaakov Selkowitz Date: Wed, 6 Nov 2024 13:13:17 -0500 Subject: [PATCH 08/44] Disable engine support on RHEL 10+ RHEL 10 does not provide the engine header at all. Also, restore compatibility with earlier versions which do not have a separate subpackage for the engine header. --- curl.spec | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/curl.spec b/curl.spec index 80243c8..ba56d35 100644 --- a/curl.spec +++ b/curl.spec @@ -2,12 +2,12 @@ # This is deprecated by OpenSSL since OpenSSL 3.0 and by Fedora since Fedora 41 # https://fedoraproject.org/wiki/Changes/OpensslDeprecateEngine # Change the bcond to 0 to turn off ENGINE support by default -%bcond openssl_engine_support 1 +%bcond openssl_engine_support %[%{defined fedora} || 0%{?rhel} < 10] Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl Version: 8.11.0 -Release: 1%{?dist} +Release: 2%{?dist} License: curl Source0: https://curl.se/download/%{name}-%{version}.tar.xz Source1: https://curl.se/download/%{name}-%{version}.tar.xz.asc @@ -52,7 +52,7 @@ BuildRequires: openldap-devel BuildRequires: openssh-clients BuildRequires: openssh-server BuildRequires: openssl-devel -%if %{with openssl_engine_support} +%if %{with openssl_engine_support} && 0%{?fedora} >= 41 BuildRequires: openssl-devel-engine %endif BuildRequires: perl-interpreter @@ -407,6 +407,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %changelog +* Wed Nov 06 2024 Yaakov Selkowitz - 8.11.0-2 +- Disable engine support on RHEL 10+ + * Wed Nov 06 2024 Jan Macku - 8.11.0-1 - new upstream release, which fixes the following vulnerabilities CVE-2024-9681 - HSTS subdomain overwrites parent cache entry From f200f97c286a92379a9a67ca6787d95a8e6e037c Mon Sep 17 00:00:00 2001 From: Jan Macku Date: Wed, 11 Dec 2024 15:02:18 +0100 Subject: [PATCH 09/44] new upstream release - 8.11.1 --- 0101-curl-7.32.0-multilib.patch | 12 ++++----- 0105-curl-8.11.1-test616.patch | 48 +++++++++++++++++++++++++++++++++ curl.spec | 11 ++++++-- sources | 4 +-- 4 files changed, 65 insertions(+), 10 deletions(-) create mode 100644 0105-curl-8.11.1-test616.patch diff --git a/0101-curl-7.32.0-multilib.patch b/0101-curl-7.32.0-multilib.patch index 8f3fd08..aec4fda 100644 --- a/0101-curl-7.32.0-multilib.patch +++ b/0101-curl-7.32.0-multilib.patch @@ -1,6 +1,6 @@ -From fa6477b901ca866a52db18a818975479f2144928 Mon Sep 17 00:00:00 2001 +From 7efcd412447fc41bded2f9621edf0ab4701c9b14 Mon Sep 17 00:00:00 2001 From: Jan Macku -Date: Wed, 6 Nov 2024 13:25:10 +0100 +Date: Wed, 11 Dec 2024 09:28:12 +0100 Subject: [PATCH] prevent multilib conflicts on the curl-config script --- @@ -10,7 +10,7 @@ Subject: [PATCH] prevent multilib conflicts on the curl-config script 3 files changed, 9 insertions(+), 19 deletions(-) diff --git a/curl-config.in b/curl-config.in -index 2dc40ed..9fb1a33 100644 +index e89c256..9fb1a33 100644 --- a/curl-config.in +++ b/curl-config.in @@ -75,7 +75,7 @@ while test "$#" -gt 0; do @@ -45,7 +45,7 @@ index 2dc40ed..9fb1a33 100644 --static-libs) - if test 'X@ENABLE_STATIC@' != 'Xno'; then -- echo "@libdir@/libcurl.@libext@ @LDFLAGS@ @LIBCURL_PC_LIBS_PRIVATE@" +- echo "@libdir@/libcurl.@libext@ @LIBCURL_PC_LDFLAGS_PRIVATE@ @LIBCURL_PC_LIBS_PRIVATE@" - else - echo 'curl was built with static libraries disabled' >&2 - exit 1 @@ -76,7 +76,7 @@ index 4dfaab6..f4e847e 100644 ## --version diff --git a/libcurl.pc.in b/libcurl.pc.in -index 4c60a7e..9fd935a 100644 +index c0ba524..f3645e1 100644 --- a/libcurl.pc.in +++ b/libcurl.pc.in @@ -28,6 +28,7 @@ libdir=@libdir@ @@ -88,5 +88,5 @@ index 4c60a7e..9fd935a 100644 Name: libcurl URL: https://curl.se/ -- -2.47.0 +2.47.1 diff --git a/0105-curl-8.11.1-test616.patch b/0105-curl-8.11.1-test616.patch new file mode 100644 index 0000000..91bde80 --- /dev/null +++ b/0105-curl-8.11.1-test616.patch @@ -0,0 +1,48 @@ +From 82baec8c7cd40361585d8793dfe4531f7aad30e3 Mon Sep 17 00:00:00 2001 +From: Jan Macku +Date: Wed, 11 Dec 2024 13:16:12 +0100 +Subject: [PATCH] test616: disable valgrind + +Valgrind disable was removed in upstream in https://github.com/curl/curl/commit/c91c37b6e87ceee760b7bb334c8e97e03ee93e93#diff-e01fd8774cf5b26329c7dc7dc03ec49745469205f3d501ced72c9d133455d5e7L35 +But test 616 is still failing under valgrind, so disable valgrind for this test. + +``` + valgrind ERROR ==188588== 144 bytes in 1 blocks are definitely lost in loss record 1 of 1 +==188588== at 0x484B133: calloc (vg_replace_malloc.c:1675) +==188588== by 0x4BB7575: ??? (in /usr/lib64/libssh.so.4.10.1) +==188588== by 0x4BB8CC6: sftp_fstat (in /usr/lib64/libssh.so.4.10.1) +==188588== by 0x48EEAFB: myssh_statemach_act (libssh.c:1610) +==188588== by 0x48F1B9D: myssh_multi_statemach.lto_priv.0 (libssh.c:2095) +==188588== by 0x48BA971: UnknownInlinedFun (multi.c:1643) +==188588== by 0x48BA971: UnknownInlinedFun (multi.c:2314) +==188588== by 0x48BA971: multi_runsingle (multi.c:2768) +==188588== by 0x48BCCA4: curl_multi_perform (multi.c:3016) +==188588== by 0x4884E4A: UnknownInlinedFun (easy.c:701) +==188588== by 0x4884E4A: UnknownInlinedFun (easy.c:796) +==188588== by 0x4884E4A: curl_easy_perform (easy.c:815) +==188588== by 0x10C12B: UnknownInlinedFun (tool_operate.c:2902) +==188588== by 0x10C12B: UnknownInlinedFun (tool_operate.c:3127) +==188588== by 0x10C12B: UnknownInlinedFun (tool_operate.c:3249) +==188588== by 0x10C12B: main (tool_main.c:271) +==188588== +``` +--- + tests/data/test616 | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/tests/data/test616 b/tests/data/test616 +index f76c68a..0ebc734 100644 +--- a/tests/data/test616 ++++ b/tests/data/test616 +@@ -32,5 +32,8 @@ SFTP retrieval of empty file + # + # Verify data after the test has been "shot" + ++ ++disable ++ + + +-- +2.47.1 + diff --git a/curl.spec b/curl.spec index ba56d35..9b1c4c8 100644 --- a/curl.spec +++ b/curl.spec @@ -6,8 +6,8 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl -Version: 8.11.0 -Release: 2%{?dist} +Version: 8.11.1 +Release: 1%{?dist} License: curl Source0: https://curl.se/download/%{name}-%{version}.tar.xz Source1: https://curl.se/download/%{name}-%{version}.tar.xz.asc @@ -25,6 +25,9 @@ Patch102: 0102-curl-7.84.0-test3026.patch # do not fail on warnings in the upstream test driver Patch104: 0104-curl-7.88.0-tests-warnings.patch +# test616: disable valgrind +Patch105: 0105-curl-8.11.1-test616.patch + Provides: curl-full = %{version}-%{release} # do not fail when trying to install curl-minimal after drop Provides: curl-minimal = %{version}-%{release} @@ -407,6 +410,10 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %changelog +* Wed Dec 11 2024 Jan Macku - 8.11.1-1 +- new upstream release, which fixes the following vulnerabilities + CVE-2024-11053 - netrc and redirect credential leak + * Wed Nov 06 2024 Yaakov Selkowitz - 8.11.0-2 - Disable engine support on RHEL 10+ diff --git a/sources b/sources index f45b6fe..91c8f05 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (curl-8.11.0.tar.xz) = 3a642d421e0a5c09ecb681bea18498f2c6124e9af4d8afdc074dfb85a9b0211d8972ade9cf00ab44b5dfed9303262cd83551dd3b5e0976d11fc19da3c4a0987e -SHA512 (curl-8.11.0.tar.xz.asc) = 71073dde48e8f0013e392eb88bf70f6b8a4a4f0c955a3fb56db98e74aa10acc1004e2a0483f30be082e61b59a76fa75ae1d90545ace7c6b07bca8164078375f0 +SHA512 (curl-8.11.1.tar.xz) = 7c7c47a49505575b610c56b455f0919ea5082a993bf5483eeb258ead167aadb87078d626b343b417dcfc5439c53556425c8fb4fe3b01b53a87b47c01686a3e57 +SHA512 (curl-8.11.1.tar.xz.asc) = c09bedb67e83fb8ca3ad73c5bd0d92fed7fc2c26dbe5a71cccb193fd151c7219713241a9fe74baefcd1d008cfafba78142bf04cec24dd4a88d67179184d35824 From 60dca4fc329daf8e5799357a68fe1ff41cffb13a Mon Sep 17 00:00:00 2001 From: Paul Howarth Date: Sun, 15 Dec 2024 12:05:17 +0000 Subject: [PATCH 10/44] Add rpmlintrc --- curl.rpmlintrc | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 curl.rpmlintrc diff --git a/curl.rpmlintrc b/curl.rpmlintrc new file mode 100644 index 0000000..022a98e --- /dev/null +++ b/curl.rpmlintrc @@ -0,0 +1,15 @@ +# Intentional stuff we're not concerned about +addFilter("unversioned-explicit-provides webclient") +addFilter("package-with-huge-docs") +addFilter("crypto-policy-non-compliance-openssl /usr/lib(64)?/libcurl.so.4") + +# This is just plain wrong (%_configure redefinition) +addFilter("configure-without-libdir-spec") + +# Technical term +addFilter("E: spelling-error \('kerberos',") + +# Artefacts of RemovePathPostfixes: .minimal +addFilter("W: dangling-relative-symlink /usr/lib/.build-id/.* ../../../../.*curl.*\.minimal") +#addFilter("W: dangling-relative-symlink /usr/lib.*/libcurl.so.4 libcurl.so.4.*.minimal") +#addFilter("E: invalid-ldconfig-symlink /usr/lib.*/libcurl.so.4.* libcurl.so.4.*.minimal") From 348d650b12c9787af9669f6a985f57cf3ccdc18c Mon Sep 17 00:00:00 2001 From: Paul Howarth Date: Sun, 15 Dec 2024 12:06:23 +0000 Subject: [PATCH 11/44] Fix crash with Unexpected error 9 on netlink descriptor 10 (rhbz#2332350) - https://github.com/curl/curl/issues/15725 - https://github.com/curl/curl/pull/15727 --- 0001-curl-8.11.1-eventfd.patch | 31 +++++++++++++++++++++++++++++++ curl.spec | 15 +++++++++++++-- 2 files changed, 44 insertions(+), 2 deletions(-) create mode 100644 0001-curl-8.11.1-eventfd.patch diff --git a/0001-curl-8.11.1-eventfd.patch b/0001-curl-8.11.1-eventfd.patch new file mode 100644 index 0000000..3960452 --- /dev/null +++ b/0001-curl-8.11.1-eventfd.patch @@ -0,0 +1,31 @@ +From 17c06b1ed19147d9e641ad5bcd672e8bce451b46 Mon Sep 17 00:00:00 2001 +From: Andy Pan +Date: Thu, 12 Dec 2024 12:48:56 +0000 +Subject: [PATCH] async-thread: avoid closing eventfd twice + +When employing eventfd for socketpair, there is only one file +descriptor. Closing that fd twice might result in fd corruption. +Thus, we should avoid closing the eventfd twice, following the +pattern in lib/multi.c. + +Fixes #15725 +--- + lib/asyn-thread.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/lib/asyn-thread.c b/lib/asyn-thread.c +index a58e4b790494ab..32d496b107cb0a 100644 +--- a/lib/asyn-thread.c ++++ b/lib/asyn-thread.c +@@ -195,9 +195,11 @@ void destroy_thread_sync_data(struct thread_sync_data *tsd) + * close one end of the socket pair (may be done in resolver thread); + * the other end (for reading) is always closed in the parent thread. + */ ++#ifndef USE_EVENTFD + if(tsd->sock_pair[1] != CURL_SOCKET_BAD) { + wakeup_close(tsd->sock_pair[1]); + } ++#endif + #endif + memset(tsd, 0, sizeof(*tsd)); + } diff --git a/curl.spec b/curl.spec index 9b1c4c8..beca484 100644 --- a/curl.spec +++ b/curl.spec @@ -7,7 +7,7 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl Version: 8.11.1 -Release: 1%{?dist} +Release: 2%{?dist} License: curl Source0: https://curl.se/download/%{name}-%{version}.tar.xz Source1: https://curl.se/download/%{name}-%{version}.tar.xz.asc @@ -16,6 +16,12 @@ Source1: https://curl.se/download/%{name}-%{version}.tar.xz.asc # which points to the GPG key as of April 7th 2016 of https://daniel.haxx.se/mykey.asc Source2: mykey.asc +# Fix crash with Unexpected error 9 on netlink descriptor 10 +# https://bugzilla.redhat.com/show_bug.cgi?id=2332350 +# https://github.com/curl/curl/issues/15725 +# https://github.com/curl/curl/pull/15727 +Patch1: 0001-curl-8.11.1-eventfd.patch + # patch making libcurl multilib ready Patch101: 0101-curl-7.32.0-multilib.patch @@ -410,6 +416,11 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %changelog +* Sun Dec 15 2024 Paul Howarth - 8.11.1-2 +- Fix crash with Unexpected error 9 on netlink descriptor 10 (rhbz#2332350) + - https://github.com/curl/curl/issues/15725 + - https://github.com/curl/curl/pull/15727 + * Wed Dec 11 2024 Jan Macku - 8.11.1-1 - new upstream release, which fixes the following vulnerabilities CVE-2024-11053 - netrc and redirect credential leak @@ -431,7 +442,7 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la - new upstream release * Wed Aug 21 2024 Jacek Migacz - 8.9.1-3 -- Retire depricated ntlm-wb configure option +- Retire deprecated ntlm-wb configure option * Mon Aug 5 2024 voidanix - 8.9.1-2 - Apply SIGPIPE-related patch due to upstream regression From 84d98cb3c36ac812ecac40f056283c94a3be0f03 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 16 Jan 2025 15:05:19 +0000 Subject: [PATCH 12/44] Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild --- curl.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/curl.spec b/curl.spec index beca484..ef932e9 100644 --- a/curl.spec +++ b/curl.spec @@ -7,7 +7,7 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl Version: 8.11.1 -Release: 2%{?dist} +Release: 3%{?dist} License: curl Source0: https://curl.se/download/%{name}-%{version}.tar.xz Source1: https://curl.se/download/%{name}-%{version}.tar.xz.asc @@ -416,6 +416,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %changelog +* Thu Jan 16 2025 Fedora Release Engineering - 8.11.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild + * Sun Dec 15 2024 Paul Howarth - 8.11.1-2 - Fix crash with Unexpected error 9 on netlink descriptor 10 (rhbz#2332350) - https://github.com/curl/curl/issues/15725 From dbdb66e32ef7a74430edc9f27487a980b933f36b Mon Sep 17 00:00:00 2001 From: Jan Macku Date: Fri, 31 Jan 2025 15:01:32 +0100 Subject: [PATCH 13/44] TLS: check connection for SSL use, not handler Resolves: #2324130 --- ...k-connection-for-SSL-use-not-handler.patch | 227 ++++++++++++++++++ curl.spec | 8 +- 2 files changed, 234 insertions(+), 1 deletion(-) create mode 100644 0002-curl-8.11.1-TLS-check-connection-for-SSL-use-not-handler.patch diff --git a/0002-curl-8.11.1-TLS-check-connection-for-SSL-use-not-handler.patch b/0002-curl-8.11.1-TLS-check-connection-for-SSL-use-not-handler.patch new file mode 100644 index 0000000..9000c48 --- /dev/null +++ b/0002-curl-8.11.1-TLS-check-connection-for-SSL-use-not-handler.patch @@ -0,0 +1,227 @@ +From b876aeb3f5d5c6539102f0575c0ec1d116388337 Mon Sep 17 00:00:00 2001 +From: Stefan Eissing +Date: Fri, 17 Jan 2025 11:57:00 +0100 +Subject: [PATCH] TLS: check connection for SSL use, not handler + +Protocol handler option PROTOPT_SSL is used to setup a connection +filters. Once that is done, used `Curl_conn_is_ssl()` to check if +a connection uses SSL. + +There may be other reasons to add SSL to a connection, e.g. starttls. + +Closes #16034 + +(cherry picked from commit 25b445e4796bcbf9f842de686a8c384b30f6c2a2) +--- + lib/cf-socket.c | 2 +- + lib/ftp.c | 2 +- + lib/http.c | 8 ++++---- + lib/http_negotiate.c | 3 ++- + lib/imap.c | 2 +- + lib/ldap.c | 3 ++- + lib/openldap.c | 2 +- + lib/pop3.c | 2 +- + lib/smb.c | 2 +- + lib/smtp.c | 2 +- + lib/url.c | 12 ++++++------ + 11 files changed, 21 insertions(+), 19 deletions(-) + +diff --git a/lib/cf-socket.c b/lib/cf-socket.c +index 497a3b965..de0c8a3ba 100644 +--- a/lib/cf-socket.c ++++ b/lib/cf-socket.c +@@ -1282,7 +1282,7 @@ static int do_connect(struct Curl_cfilter *cf, struct Curl_easy *data, + + rc = connect(ctx->sock, &ctx->addr.curl_sa_addr, ctx->addr.addrlen); + #elif defined(MSG_FASTOPEN) /* old Linux */ +- if(cf->conn->given->flags & PROTOPT_SSL) ++ if(Curl_conn_is_ssl(cf->conn, cf->sockindex)) + rc = connect(ctx->sock, &ctx->addr.curl_sa_addr, ctx->addr.addrlen); + else + rc = 0; /* Do nothing */ +diff --git a/lib/ftp.c b/lib/ftp.c +index 16ab0af0d..5137ddca4 100644 +--- a/lib/ftp.c ++++ b/lib/ftp.c +@@ -3154,7 +3154,7 @@ static CURLcode ftp_connect(struct Curl_easy *data, + + PINGPONG_SETUP(pp, ftp_statemachine, ftp_endofresp); + +- if(conn->handler->flags & PROTOPT_SSL) { ++ if(Curl_conn_is_ssl(conn, FIRSTSOCKET)) { + /* BLOCKING */ + result = Curl_conn_connect(data, FIRSTSOCKET, TRUE, done); + if(result) +diff --git a/lib/http.c b/lib/http.c +index 35e708551..8e9f0a52e 100644 +--- a/lib/http.c ++++ b/lib/http.c +@@ -2526,7 +2526,7 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) + goto fail; + } + +- if(!(conn->handler->flags&PROTOPT_SSL) && ++ if(!Curl_conn_is_ssl(conn, FIRSTSOCKET) && + conn->httpversion < 20 && + (data->state.httpwant == CURL_HTTP_VERSION_2)) { + /* append HTTP2 upgrade magic stuff to the HTTP request if it is not done +@@ -2672,7 +2672,7 @@ CURLcode Curl_http_header(struct Curl_easy *data, + case 'A': + #ifndef CURL_DISABLE_ALTSVC + v = (data->asi && +- ((data->conn->handler->flags & PROTOPT_SSL) || ++ (Curl_conn_is_ssl(data->conn, FIRSTSOCKET) || + #ifdef DEBUGBUILD + /* allow debug builds to circumvent the HTTPS restriction */ + getenv("CURL_ALTSVC_HTTP") +@@ -2938,7 +2938,7 @@ CURLcode Curl_http_header(struct Curl_easy *data, + #ifndef CURL_DISABLE_HSTS + /* If enabled, the header is incoming and this is over HTTPS */ + v = (data->hsts && +- ((conn->handler->flags & PROTOPT_SSL) || ++ (Curl_conn_is_ssl(conn, FIRSTSOCKET) || + #ifdef DEBUGBUILD + /* allow debug builds to circumvent the HTTPS restriction */ + getenv("CURL_HSTS_HTTP") +@@ -4160,7 +4160,7 @@ CURLcode Curl_http_req_to_h2(struct dynhds *h2_headers, + infof(data, "set pseudo header %s to %s", HTTP_PSEUDO_SCHEME, scheme); + } + else { +- scheme = (data->conn && data->conn->handler->flags & PROTOPT_SSL) ? ++ scheme = Curl_conn_is_ssl(data->conn, FIRSTSOCKET) ? + "https" : "http"; + } + } +diff --git a/lib/http_negotiate.c b/lib/http_negotiate.c +index 5d76bddf7..f031d0abc 100644 +--- a/lib/http_negotiate.c ++++ b/lib/http_negotiate.c +@@ -27,6 +27,7 @@ + #if !defined(CURL_DISABLE_HTTP) && defined(USE_SPNEGO) + + #include "urldata.h" ++#include "cfilters.h" + #include "sendf.h" + #include "http_negotiate.h" + #include "vauth/vauth.h" +@@ -109,7 +110,7 @@ CURLcode Curl_input_negotiate(struct Curl_easy *data, struct connectdata *conn, + #endif + /* Check if the connection is using SSL and get the channel binding data */ + #if defined(USE_SSL) && defined(HAVE_GSSAPI) +- if(conn->handler->flags & PROTOPT_SSL) { ++ if(Curl_conn_is_ssl(conn, FIRSTSOCKET)) { + Curl_dyn_init(&neg_ctx->channel_binding_data, SSL_CB_MAX_SIZE + 1); + result = Curl_ssl_get_channel_binding( + data, FIRSTSOCKET, &neg_ctx->channel_binding_data); +diff --git a/lib/imap.c b/lib/imap.c +index e424cdb05..df9dc343b 100644 +--- a/lib/imap.c ++++ b/lib/imap.c +@@ -1390,7 +1390,7 @@ static CURLcode imap_multi_statemach(struct Curl_easy *data, bool *done) + struct connectdata *conn = data->conn; + struct imap_conn *imapc = &conn->proto.imapc; + +- if((conn->handler->flags & PROTOPT_SSL) && !imapc->ssldone) { ++ if(Curl_conn_is_ssl(conn, FIRSTSOCKET) && !imapc->ssldone) { + bool ssldone = FALSE; + result = Curl_conn_connect(data, FIRSTSOCKET, FALSE, &ssldone); + imapc->ssldone = ssldone; +diff --git a/lib/ldap.c b/lib/ldap.c +index 2cbdb9c21..7dd40acef 100644 +--- a/lib/ldap.c ++++ b/lib/ldap.c +@@ -78,6 +78,7 @@ + + #include "urldata.h" + #include ++#include "cfilters.h" + #include "sendf.h" + #include "escape.h" + #include "progress.h" +@@ -346,7 +347,7 @@ static CURLcode ldap_do(struct Curl_easy *data, bool *done) + } + + /* Get the URL scheme (either ldap or ldaps) */ +- if(conn->given->flags & PROTOPT_SSL) ++ if(Curl_conn_is_ssl(conn, FIRSTSOCKET)) + ldap_ssl = 1; + infof(data, "LDAP local: trying to establish %s connection", + ldap_ssl ? "encrypted" : "cleartext"); +diff --git a/lib/openldap.c b/lib/openldap.c +index 8c4af22be..9676ad3d0 100644 +--- a/lib/openldap.c ++++ b/lib/openldap.c +@@ -571,7 +571,7 @@ static CURLcode oldap_connect(struct Curl_easy *data, bool *done) + ldap_set_option(li->ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF); + + #ifdef USE_SSL +- if(conn->handler->flags & PROTOPT_SSL) ++ if(Curl_conn_is_ssl(conn, FIRSTSOCKET)) + return oldap_ssl_connect(data, OLDAP_SSL); + + if(data->set.use_ssl) { +diff --git a/lib/pop3.c b/lib/pop3.c +index db6ec04c7..83dd64cda 100644 +--- a/lib/pop3.c ++++ b/lib/pop3.c +@@ -1110,7 +1110,7 @@ static CURLcode pop3_multi_statemach(struct Curl_easy *data, bool *done) + struct connectdata *conn = data->conn; + struct pop3_conn *pop3c = &conn->proto.pop3c; + +- if((conn->handler->flags & PROTOPT_SSL) && !pop3c->ssldone) { ++ if(Curl_conn_is_ssl(conn, FIRSTSOCKET) && !pop3c->ssldone) { + bool ssldone = FALSE; + result = Curl_conn_connect(data, FIRSTSOCKET, FALSE, &ssldone); + pop3c->ssldone = ssldone; +diff --git a/lib/smb.c b/lib/smb.c +index a72ece62a..a2c82df5e 100644 +--- a/lib/smb.c ++++ b/lib/smb.c +@@ -840,7 +840,7 @@ static CURLcode smb_connection_state(struct Curl_easy *data, bool *done) + + if(smbc->state == SMB_CONNECTING) { + #ifdef USE_SSL +- if((conn->handler->flags & PROTOPT_SSL)) { ++ if(Curl_conn_is_ssl(conn, FIRSTSOCKET)) { + bool ssl_done = FALSE; + result = Curl_conn_connect(data, FIRSTSOCKET, FALSE, &ssl_done); + if(result && result != CURLE_AGAIN) +diff --git a/lib/smtp.c b/lib/smtp.c +index d854d364f..c7fb0a4ca 100644 +--- a/lib/smtp.c ++++ b/lib/smtp.c +@@ -1286,7 +1286,7 @@ static CURLcode smtp_multi_statemach(struct Curl_easy *data, bool *done) + struct connectdata *conn = data->conn; + struct smtp_conn *smtpc = &conn->proto.smtpc; + +- if((conn->handler->flags & PROTOPT_SSL) && !smtpc->ssldone) { ++ if(Curl_conn_is_ssl(conn, FIRSTSOCKET) && !smtpc->ssldone) { + bool ssldone = FALSE; + result = Curl_conn_connect(data, FIRSTSOCKET, FALSE, &ssldone); + smtpc->ssldone = ssldone; +diff --git a/lib/url.c b/lib/url.c +index 436edd891..de200e1dd 100644 +--- a/lib/url.c ++++ b/lib/url.c +@@ -958,12 +958,12 @@ static bool url_match_conn(struct connectdata *conn, void *userdata) + return FALSE; + #endif + +- if((needle->handler->flags&PROTOPT_SSL) != +- (conn->handler->flags&PROTOPT_SSL)) +- /* do not do mixed SSL and non-SSL connections */ +- if(get_protocol_family(conn->handler) != +- needle->handler->protocol || !conn->bits.tls_upgraded) +- /* except protocols that have been upgraded via TLS */ ++ if((!(needle->handler->flags&PROTOPT_SSL) != ++ !Curl_conn_is_ssl(conn, FIRSTSOCKET)) && ++ !(get_protocol_family(conn->handler) == needle->handler->protocol && ++ conn->bits.tls_upgraded)) ++ /* Deny `conn` if it is not fit for `needle`'s SSL needs, ++ * UNLESS `conn` is the same protocol family and was upgraded to SSL. */ + return FALSE; + + #ifndef CURL_DISABLE_PROXY +-- +2.48.1 + diff --git a/curl.spec b/curl.spec index ef932e9..c21fec2 100644 --- a/curl.spec +++ b/curl.spec @@ -7,7 +7,7 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl Version: 8.11.1 -Release: 3%{?dist} +Release: 4%{?dist} License: curl Source0: https://curl.se/download/%{name}-%{version}.tar.xz Source1: https://curl.se/download/%{name}-%{version}.tar.xz.asc @@ -22,6 +22,9 @@ Source2: mykey.asc # https://github.com/curl/curl/pull/15727 Patch1: 0001-curl-8.11.1-eventfd.patch +# Fix https://bugzilla.redhat.com/show_bug.cgi?id=2324130#c7 +Patch2: 0002-curl-8.11.1-TLS-check-connection-for-SSL-use-not-handler.patch + # patch making libcurl multilib ready Patch101: 0101-curl-7.32.0-multilib.patch @@ -416,6 +419,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %changelog +* Fri Jan 31 2025 Jan Macku - 8.11.1-4 +- TLS: check connection for SSL use, not handler (#2324130#c7) + * Thu Jan 16 2025 Fedora Release Engineering - 8.11.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild From 057c9e09f00a022d8b5e065164a7d77d2d67e669 Mon Sep 17 00:00:00 2001 From: Jan Macku Date: Wed, 5 Feb 2025 09:44:27 +0100 Subject: [PATCH 14/44] new upstream release - 8.12.0 --- 0001-curl-8.11.1-eventfd.patch | 31 --- ...k-connection-for-SSL-use-not-handler.patch | 227 ------------------ 0101-curl-7.32.0-multilib.patch | 28 +-- 0102-curl-7.84.0-test3026.patch | 8 +- 0104-curl-7.88.0-tests-warnings.patch | 30 --- curl.spec | 23 +- sources | 4 +- 7 files changed, 29 insertions(+), 322 deletions(-) delete mode 100644 0001-curl-8.11.1-eventfd.patch delete mode 100644 0002-curl-8.11.1-TLS-check-connection-for-SSL-use-not-handler.patch delete mode 100644 0104-curl-7.88.0-tests-warnings.patch diff --git a/0001-curl-8.11.1-eventfd.patch b/0001-curl-8.11.1-eventfd.patch deleted file mode 100644 index 3960452..0000000 --- a/0001-curl-8.11.1-eventfd.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 17c06b1ed19147d9e641ad5bcd672e8bce451b46 Mon Sep 17 00:00:00 2001 -From: Andy Pan -Date: Thu, 12 Dec 2024 12:48:56 +0000 -Subject: [PATCH] async-thread: avoid closing eventfd twice - -When employing eventfd for socketpair, there is only one file -descriptor. Closing that fd twice might result in fd corruption. -Thus, we should avoid closing the eventfd twice, following the -pattern in lib/multi.c. - -Fixes #15725 ---- - lib/asyn-thread.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/lib/asyn-thread.c b/lib/asyn-thread.c -index a58e4b790494ab..32d496b107cb0a 100644 ---- a/lib/asyn-thread.c -+++ b/lib/asyn-thread.c -@@ -195,9 +195,11 @@ void destroy_thread_sync_data(struct thread_sync_data *tsd) - * close one end of the socket pair (may be done in resolver thread); - * the other end (for reading) is always closed in the parent thread. - */ -+#ifndef USE_EVENTFD - if(tsd->sock_pair[1] != CURL_SOCKET_BAD) { - wakeup_close(tsd->sock_pair[1]); - } -+#endif - #endif - memset(tsd, 0, sizeof(*tsd)); - } diff --git a/0002-curl-8.11.1-TLS-check-connection-for-SSL-use-not-handler.patch b/0002-curl-8.11.1-TLS-check-connection-for-SSL-use-not-handler.patch deleted file mode 100644 index 9000c48..0000000 --- a/0002-curl-8.11.1-TLS-check-connection-for-SSL-use-not-handler.patch +++ /dev/null @@ -1,227 +0,0 @@ -From b876aeb3f5d5c6539102f0575c0ec1d116388337 Mon Sep 17 00:00:00 2001 -From: Stefan Eissing -Date: Fri, 17 Jan 2025 11:57:00 +0100 -Subject: [PATCH] TLS: check connection for SSL use, not handler - -Protocol handler option PROTOPT_SSL is used to setup a connection -filters. Once that is done, used `Curl_conn_is_ssl()` to check if -a connection uses SSL. - -There may be other reasons to add SSL to a connection, e.g. starttls. - -Closes #16034 - -(cherry picked from commit 25b445e4796bcbf9f842de686a8c384b30f6c2a2) ---- - lib/cf-socket.c | 2 +- - lib/ftp.c | 2 +- - lib/http.c | 8 ++++---- - lib/http_negotiate.c | 3 ++- - lib/imap.c | 2 +- - lib/ldap.c | 3 ++- - lib/openldap.c | 2 +- - lib/pop3.c | 2 +- - lib/smb.c | 2 +- - lib/smtp.c | 2 +- - lib/url.c | 12 ++++++------ - 11 files changed, 21 insertions(+), 19 deletions(-) - -diff --git a/lib/cf-socket.c b/lib/cf-socket.c -index 497a3b965..de0c8a3ba 100644 ---- a/lib/cf-socket.c -+++ b/lib/cf-socket.c -@@ -1282,7 +1282,7 @@ static int do_connect(struct Curl_cfilter *cf, struct Curl_easy *data, - - rc = connect(ctx->sock, &ctx->addr.curl_sa_addr, ctx->addr.addrlen); - #elif defined(MSG_FASTOPEN) /* old Linux */ -- if(cf->conn->given->flags & PROTOPT_SSL) -+ if(Curl_conn_is_ssl(cf->conn, cf->sockindex)) - rc = connect(ctx->sock, &ctx->addr.curl_sa_addr, ctx->addr.addrlen); - else - rc = 0; /* Do nothing */ -diff --git a/lib/ftp.c b/lib/ftp.c -index 16ab0af0d..5137ddca4 100644 ---- a/lib/ftp.c -+++ b/lib/ftp.c -@@ -3154,7 +3154,7 @@ static CURLcode ftp_connect(struct Curl_easy *data, - - PINGPONG_SETUP(pp, ftp_statemachine, ftp_endofresp); - -- if(conn->handler->flags & PROTOPT_SSL) { -+ if(Curl_conn_is_ssl(conn, FIRSTSOCKET)) { - /* BLOCKING */ - result = Curl_conn_connect(data, FIRSTSOCKET, TRUE, done); - if(result) -diff --git a/lib/http.c b/lib/http.c -index 35e708551..8e9f0a52e 100644 ---- a/lib/http.c -+++ b/lib/http.c -@@ -2526,7 +2526,7 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) - goto fail; - } - -- if(!(conn->handler->flags&PROTOPT_SSL) && -+ if(!Curl_conn_is_ssl(conn, FIRSTSOCKET) && - conn->httpversion < 20 && - (data->state.httpwant == CURL_HTTP_VERSION_2)) { - /* append HTTP2 upgrade magic stuff to the HTTP request if it is not done -@@ -2672,7 +2672,7 @@ CURLcode Curl_http_header(struct Curl_easy *data, - case 'A': - #ifndef CURL_DISABLE_ALTSVC - v = (data->asi && -- ((data->conn->handler->flags & PROTOPT_SSL) || -+ (Curl_conn_is_ssl(data->conn, FIRSTSOCKET) || - #ifdef DEBUGBUILD - /* allow debug builds to circumvent the HTTPS restriction */ - getenv("CURL_ALTSVC_HTTP") -@@ -2938,7 +2938,7 @@ CURLcode Curl_http_header(struct Curl_easy *data, - #ifndef CURL_DISABLE_HSTS - /* If enabled, the header is incoming and this is over HTTPS */ - v = (data->hsts && -- ((conn->handler->flags & PROTOPT_SSL) || -+ (Curl_conn_is_ssl(conn, FIRSTSOCKET) || - #ifdef DEBUGBUILD - /* allow debug builds to circumvent the HTTPS restriction */ - getenv("CURL_HSTS_HTTP") -@@ -4160,7 +4160,7 @@ CURLcode Curl_http_req_to_h2(struct dynhds *h2_headers, - infof(data, "set pseudo header %s to %s", HTTP_PSEUDO_SCHEME, scheme); - } - else { -- scheme = (data->conn && data->conn->handler->flags & PROTOPT_SSL) ? -+ scheme = Curl_conn_is_ssl(data->conn, FIRSTSOCKET) ? - "https" : "http"; - } - } -diff --git a/lib/http_negotiate.c b/lib/http_negotiate.c -index 5d76bddf7..f031d0abc 100644 ---- a/lib/http_negotiate.c -+++ b/lib/http_negotiate.c -@@ -27,6 +27,7 @@ - #if !defined(CURL_DISABLE_HTTP) && defined(USE_SPNEGO) - - #include "urldata.h" -+#include "cfilters.h" - #include "sendf.h" - #include "http_negotiate.h" - #include "vauth/vauth.h" -@@ -109,7 +110,7 @@ CURLcode Curl_input_negotiate(struct Curl_easy *data, struct connectdata *conn, - #endif - /* Check if the connection is using SSL and get the channel binding data */ - #if defined(USE_SSL) && defined(HAVE_GSSAPI) -- if(conn->handler->flags & PROTOPT_SSL) { -+ if(Curl_conn_is_ssl(conn, FIRSTSOCKET)) { - Curl_dyn_init(&neg_ctx->channel_binding_data, SSL_CB_MAX_SIZE + 1); - result = Curl_ssl_get_channel_binding( - data, FIRSTSOCKET, &neg_ctx->channel_binding_data); -diff --git a/lib/imap.c b/lib/imap.c -index e424cdb05..df9dc343b 100644 ---- a/lib/imap.c -+++ b/lib/imap.c -@@ -1390,7 +1390,7 @@ static CURLcode imap_multi_statemach(struct Curl_easy *data, bool *done) - struct connectdata *conn = data->conn; - struct imap_conn *imapc = &conn->proto.imapc; - -- if((conn->handler->flags & PROTOPT_SSL) && !imapc->ssldone) { -+ if(Curl_conn_is_ssl(conn, FIRSTSOCKET) && !imapc->ssldone) { - bool ssldone = FALSE; - result = Curl_conn_connect(data, FIRSTSOCKET, FALSE, &ssldone); - imapc->ssldone = ssldone; -diff --git a/lib/ldap.c b/lib/ldap.c -index 2cbdb9c21..7dd40acef 100644 ---- a/lib/ldap.c -+++ b/lib/ldap.c -@@ -78,6 +78,7 @@ - - #include "urldata.h" - #include -+#include "cfilters.h" - #include "sendf.h" - #include "escape.h" - #include "progress.h" -@@ -346,7 +347,7 @@ static CURLcode ldap_do(struct Curl_easy *data, bool *done) - } - - /* Get the URL scheme (either ldap or ldaps) */ -- if(conn->given->flags & PROTOPT_SSL) -+ if(Curl_conn_is_ssl(conn, FIRSTSOCKET)) - ldap_ssl = 1; - infof(data, "LDAP local: trying to establish %s connection", - ldap_ssl ? "encrypted" : "cleartext"); -diff --git a/lib/openldap.c b/lib/openldap.c -index 8c4af22be..9676ad3d0 100644 ---- a/lib/openldap.c -+++ b/lib/openldap.c -@@ -571,7 +571,7 @@ static CURLcode oldap_connect(struct Curl_easy *data, bool *done) - ldap_set_option(li->ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF); - - #ifdef USE_SSL -- if(conn->handler->flags & PROTOPT_SSL) -+ if(Curl_conn_is_ssl(conn, FIRSTSOCKET)) - return oldap_ssl_connect(data, OLDAP_SSL); - - if(data->set.use_ssl) { -diff --git a/lib/pop3.c b/lib/pop3.c -index db6ec04c7..83dd64cda 100644 ---- a/lib/pop3.c -+++ b/lib/pop3.c -@@ -1110,7 +1110,7 @@ static CURLcode pop3_multi_statemach(struct Curl_easy *data, bool *done) - struct connectdata *conn = data->conn; - struct pop3_conn *pop3c = &conn->proto.pop3c; - -- if((conn->handler->flags & PROTOPT_SSL) && !pop3c->ssldone) { -+ if(Curl_conn_is_ssl(conn, FIRSTSOCKET) && !pop3c->ssldone) { - bool ssldone = FALSE; - result = Curl_conn_connect(data, FIRSTSOCKET, FALSE, &ssldone); - pop3c->ssldone = ssldone; -diff --git a/lib/smb.c b/lib/smb.c -index a72ece62a..a2c82df5e 100644 ---- a/lib/smb.c -+++ b/lib/smb.c -@@ -840,7 +840,7 @@ static CURLcode smb_connection_state(struct Curl_easy *data, bool *done) - - if(smbc->state == SMB_CONNECTING) { - #ifdef USE_SSL -- if((conn->handler->flags & PROTOPT_SSL)) { -+ if(Curl_conn_is_ssl(conn, FIRSTSOCKET)) { - bool ssl_done = FALSE; - result = Curl_conn_connect(data, FIRSTSOCKET, FALSE, &ssl_done); - if(result && result != CURLE_AGAIN) -diff --git a/lib/smtp.c b/lib/smtp.c -index d854d364f..c7fb0a4ca 100644 ---- a/lib/smtp.c -+++ b/lib/smtp.c -@@ -1286,7 +1286,7 @@ static CURLcode smtp_multi_statemach(struct Curl_easy *data, bool *done) - struct connectdata *conn = data->conn; - struct smtp_conn *smtpc = &conn->proto.smtpc; - -- if((conn->handler->flags & PROTOPT_SSL) && !smtpc->ssldone) { -+ if(Curl_conn_is_ssl(conn, FIRSTSOCKET) && !smtpc->ssldone) { - bool ssldone = FALSE; - result = Curl_conn_connect(data, FIRSTSOCKET, FALSE, &ssldone); - smtpc->ssldone = ssldone; -diff --git a/lib/url.c b/lib/url.c -index 436edd891..de200e1dd 100644 ---- a/lib/url.c -+++ b/lib/url.c -@@ -958,12 +958,12 @@ static bool url_match_conn(struct connectdata *conn, void *userdata) - return FALSE; - #endif - -- if((needle->handler->flags&PROTOPT_SSL) != -- (conn->handler->flags&PROTOPT_SSL)) -- /* do not do mixed SSL and non-SSL connections */ -- if(get_protocol_family(conn->handler) != -- needle->handler->protocol || !conn->bits.tls_upgraded) -- /* except protocols that have been upgraded via TLS */ -+ if((!(needle->handler->flags&PROTOPT_SSL) != -+ !Curl_conn_is_ssl(conn, FIRSTSOCKET)) && -+ !(get_protocol_family(conn->handler) == needle->handler->protocol && -+ conn->bits.tls_upgraded)) -+ /* Deny `conn` if it is not fit for `needle`'s SSL needs, -+ * UNLESS `conn` is the same protocol family and was upgraded to SSL. */ - return FALSE; - - #ifndef CURL_DISABLE_PROXY --- -2.48.1 - diff --git a/0101-curl-7.32.0-multilib.patch b/0101-curl-7.32.0-multilib.patch index aec4fda..13a9a54 100644 --- a/0101-curl-7.32.0-multilib.patch +++ b/0101-curl-7.32.0-multilib.patch @@ -1,7 +1,7 @@ -From 7efcd412447fc41bded2f9621edf0ab4701c9b14 Mon Sep 17 00:00:00 2001 +From c96b08867e8593b32cec0f3971f10adfcaf2276e Mon Sep 17 00:00:00 2001 From: Jan Macku -Date: Wed, 11 Dec 2024 09:28:12 +0100 -Subject: [PATCH] prevent multilib conflicts on the curl-config script +Date: Wed, 5 Feb 2025 09:31:04 +0100 +Subject: [PATCH 1/2] prevent multilib conflicts on the curl-config script --- curl-config.in | 23 +++++------------------ @@ -10,10 +10,10 @@ Subject: [PATCH] prevent multilib conflicts on the curl-config script 3 files changed, 9 insertions(+), 19 deletions(-) diff --git a/curl-config.in b/curl-config.in -index e89c256..9fb1a33 100644 +index 55184167b..324e0b740 100644 --- a/curl-config.in +++ b/curl-config.in -@@ -75,7 +75,7 @@ while test "$#" -gt 0; do +@@ -74,7 +74,7 @@ while test "$#" -gt 0; do ;; --cc) @@ -22,25 +22,25 @@ index e89c256..9fb1a33 100644 ;; --prefix) -@@ -155,16 +155,7 @@ while test "$#" -gt 0; do +@@ -149,16 +149,7 @@ while test "$#" -gt 0; do ;; --libs) - if test "X@libdir@" != 'X/usr/lib' -a "X@libdir@" != 'X/usr/lib64'; then -- CURLLIBDIR="-L@libdir@ " +- curllibdir="-L@libdir@ " - else -- CURLLIBDIR='' +- curllibdir='' - fi - if test 'X@ENABLE_SHARED@' = 'Xno'; then -- echo "${CURLLIBDIR}-lcurl @LIBCURL_PC_LIBS_PRIVATE@" +- echo "${curllibdir}-lcurl @LIBCURL_PC_LIBS_PRIVATE@" - else -- echo "${CURLLIBDIR}-lcurl" +- echo "${curllibdir}-lcurl" - fi + echo '-lcurl' ;; --ssl-backends) -@@ -172,16 +163,12 @@ while test "$#" -gt 0; do +@@ -166,16 +157,12 @@ while test "$#" -gt 0; do ;; --static-libs) @@ -61,7 +61,7 @@ index e89c256..9fb1a33 100644 *) diff --git a/docs/curl-config.md b/docs/curl-config.md -index 4dfaab6..f4e847e 100644 +index b1fcf33dc..b15feec8e 100644 --- a/docs/curl-config.md +++ b/docs/curl-config.md @@ -87,7 +87,9 @@ no, one or several names. If more than one name, they appear comma-separated. @@ -76,7 +76,7 @@ index 4dfaab6..f4e847e 100644 ## --version diff --git a/libcurl.pc.in b/libcurl.pc.in -index c0ba524..f3645e1 100644 +index c0ba5244a..f3645e174 100644 --- a/libcurl.pc.in +++ b/libcurl.pc.in @@ -28,6 +28,7 @@ libdir=@libdir@ @@ -88,5 +88,5 @@ index c0ba524..f3645e1 100644 Name: libcurl URL: https://curl.se/ -- -2.47.1 +2.48.1 diff --git a/0102-curl-7.84.0-test3026.patch b/0102-curl-7.84.0-test3026.patch index 82f4642..6c45cc8 100644 --- a/0102-curl-7.84.0-test3026.patch +++ b/0102-curl-7.84.0-test3026.patch @@ -1,6 +1,6 @@ -From 6e470567ca691a7b20334f1b9a5b309053d714b7 Mon Sep 17 00:00:00 2001 +From 6460e292e664b03fb550ce70e9a8cdf86ad0ef57 Mon Sep 17 00:00:00 2001 From: Jan Macku -Date: Wed, 22 May 2024 13:03:43 +0200 +Date: Wed, 5 Feb 2025 09:34:28 +0100 Subject: [PATCH 2/2] test3026: disable valgrind It fails on x86_64 with: @@ -52,7 +52,7 @@ index ee9b30678..dd582c3e5 100644 diff --git a/tests/libtest/lib3026.c b/tests/libtest/lib3026.c -index 7e914010e..39374f5bc 100644 +index 61c70eb3b..79302fcf7 100644 --- a/tests/libtest/lib3026.c +++ b/tests/libtest/lib3026.c @@ -145,8 +145,8 @@ CURLcode test(char *URL) @@ -67,5 +67,5 @@ index 7e914010e..39374f5bc 100644 test_failure = (CURLcode)-1; goto cleanup; -- -2.45.1 +2.48.1 diff --git a/0104-curl-7.88.0-tests-warnings.patch b/0104-curl-7.88.0-tests-warnings.patch deleted file mode 100644 index 0977dee..0000000 --- a/0104-curl-7.88.0-tests-warnings.patch +++ /dev/null @@ -1,30 +0,0 @@ -From ebee18be05631494263bb6be249501eb8874e07a Mon Sep 17 00:00:00 2001 -From: Jan Macku -Date: Wed, 24 Jul 2024 15:15:11 +0200 -Subject: [PATCH] Revert "runtests: consider warnings fatal and error on them" - -While it might be useful for upstream developers, it is not so useful -for downstream consumers. - -This reverts upstream commit 22f795c834cfdbacbb1b55426028a581e3cf67a8. ---- - tests/runtests.pl | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/tests/runtests.pl b/tests/runtests.pl -index 9cc9ef1..c9a1c5d 100755 ---- a/tests/runtests.pl -+++ b/tests/runtests.pl -@@ -57,8 +57,7 @@ - # given, this won't be a problem. - - use strict; --# Promote all warnings to fatal --use warnings FATAL => 'all'; -+use warnings; - use 5.006; - use POSIX qw(strftime); - --- -2.45.2 - diff --git a/curl.spec b/curl.spec index c21fec2..186b566 100644 --- a/curl.spec +++ b/curl.spec @@ -6,8 +6,8 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl -Version: 8.11.1 -Release: 4%{?dist} +Version: 8.12.0 +Release: 1%{?dist} License: curl Source0: https://curl.se/download/%{name}-%{version}.tar.xz Source1: https://curl.se/download/%{name}-%{version}.tar.xz.asc @@ -16,24 +16,12 @@ Source1: https://curl.se/download/%{name}-%{version}.tar.xz.asc # which points to the GPG key as of April 7th 2016 of https://daniel.haxx.se/mykey.asc Source2: mykey.asc -# Fix crash with Unexpected error 9 on netlink descriptor 10 -# https://bugzilla.redhat.com/show_bug.cgi?id=2332350 -# https://github.com/curl/curl/issues/15725 -# https://github.com/curl/curl/pull/15727 -Patch1: 0001-curl-8.11.1-eventfd.patch - -# Fix https://bugzilla.redhat.com/show_bug.cgi?id=2324130#c7 -Patch2: 0002-curl-8.11.1-TLS-check-connection-for-SSL-use-not-handler.patch - # patch making libcurl multilib ready Patch101: 0101-curl-7.32.0-multilib.patch # test3026: disable valgrind Patch102: 0102-curl-7.84.0-test3026.patch -# do not fail on warnings in the upstream test driver -Patch104: 0104-curl-7.88.0-tests-warnings.patch - # test616: disable valgrind Patch105: 0105-curl-8.11.1-test616.patch @@ -419,6 +407,13 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %changelog +* Wed Feb 05 2025 Jan Macku - 8.12.0-1 +- new upstream release, which fixes the following vulnerabilities + CVE-2025-0725 - gzip integer overflow + CVE-2025-0665 - eventfd double close + CVE-2025-0167 - netrc and default credential leak +- drop upstreamed patches + * Fri Jan 31 2025 Jan Macku - 8.11.1-4 - TLS: check connection for SSL use, not handler (#2324130#c7) diff --git a/sources b/sources index 91c8f05..01ad1a6 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (curl-8.11.1.tar.xz) = 7c7c47a49505575b610c56b455f0919ea5082a993bf5483eeb258ead167aadb87078d626b343b417dcfc5439c53556425c8fb4fe3b01b53a87b47c01686a3e57 -SHA512 (curl-8.11.1.tar.xz.asc) = c09bedb67e83fb8ca3ad73c5bd0d92fed7fc2c26dbe5a71cccb193fd151c7219713241a9fe74baefcd1d008cfafba78142bf04cec24dd4a88d67179184d35824 +SHA512 (curl-8.12.0.tar.xz) = ed35f0020541050ce387f4ba80f9e87562ececd99082da1bae85840dee81c49b86a4a55909e15fcbf4eb116106a796c29a9b2678dee11326f80db75992c6edc5 +SHA512 (curl-8.12.0.tar.xz.asc) = 8526554ffb2187b48b6a4c6a0d4a8c73d484ef3ce4c3791add0e759baf953ac7ae0b2f88d688365b1f09c5745198611fa1761aa14d02ddf52823c4ff238779cd From 9c7fc53ab273793fba55aef94b81682065923b4f Mon Sep 17 00:00:00 2001 From: Jan Macku Date: Thu, 13 Feb 2025 08:28:44 +0100 Subject: [PATCH 15/44] new upstream release - 8.12.1 --- curl.spec | 2 +- sources | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/curl.spec b/curl.spec index 186b566..c7f23e3 100644 --- a/curl.spec +++ b/curl.spec @@ -6,7 +6,7 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl -Version: 8.12.0 +Version: 8.12.1 Release: 1%{?dist} License: curl Source0: https://curl.se/download/%{name}-%{version}.tar.xz diff --git a/sources b/sources index 01ad1a6..acd884b 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (curl-8.12.0.tar.xz) = ed35f0020541050ce387f4ba80f9e87562ececd99082da1bae85840dee81c49b86a4a55909e15fcbf4eb116106a796c29a9b2678dee11326f80db75992c6edc5 -SHA512 (curl-8.12.0.tar.xz.asc) = 8526554ffb2187b48b6a4c6a0d4a8c73d484ef3ce4c3791add0e759baf953ac7ae0b2f88d688365b1f09c5745198611fa1761aa14d02ddf52823c4ff238779cd +SHA512 (curl-8.12.1.tar.xz) = 88915468fa1bb7256e3dd6c9d058ada6894faa1e3e7800c7d9bfee3e8be4081ae57e7f2bf260c5342b709499fc4302ddc2d7864e25bfa3300fa07f118a3de603 +SHA512 (curl-8.12.1.tar.xz.asc) = 41fc5582935090d13940d86974fdea3ea901dd5dab156c16029a87f811d2535172c59dc8dc366f2ffc37bcf85accbecb5aa765bc7b83c2991a3ef402bf25af69 From 3ce21a370c4a3523ee3affbaea685b8c8e6c2cdf Mon Sep 17 00:00:00 2001 From: Jan Macku Date: Mon, 10 Mar 2025 14:27:02 +0100 Subject: [PATCH 16/44] new upstream release - 8.13.0~rc1 --- ...test1022-add-support-for-rc-releases.patch | 44 +++++++++++++++++++ 0101-curl-7.32.0-multilib.patch | 16 +++---- curl.spec | 16 ++++--- sources | 4 +- 4 files changed, 65 insertions(+), 15 deletions(-) create mode 100644 0001-curl-8.13.0~rc1-test1022-add-support-for-rc-releases.patch diff --git a/0001-curl-8.13.0~rc1-test1022-add-support-for-rc-releases.patch b/0001-curl-8.13.0~rc1-test1022-add-support-for-rc-releases.patch new file mode 100644 index 0000000..789aa0e --- /dev/null +++ b/0001-curl-8.13.0~rc1-test1022-add-support-for-rc-releases.patch @@ -0,0 +1,44 @@ +From 3c1a88fdf72e9e43f289d121318fc31536964e66 Mon Sep 17 00:00:00 2001 +From: Samuel Henrique +Date: Sat, 8 Mar 2025 12:47:21 +0000 +Subject: [PATCH] test1022: add support for rc releases + + Fix the following test failure: + curl-config: illegal value + +Closes #16626 +--- + tests/libtest/test1022.pl | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/tests/libtest/test1022.pl b/tests/libtest/test1022.pl +index 583b8f8562c0..5c5c02070ff7 100755 +--- a/tests/libtest/test1022.pl ++++ b/tests/libtest/test1022.pl +@@ -35,7 +35,7 @@ + open(CURL, "$ARGV[1]") || die "Can't open curl --version list in $ARGV[1]\n"; + $_ = ; + chomp; +-/libcurl\/([\.\d]+((-DEV)|(-\d+))?)/; ++/libcurl\/([\.\d]+((-DEV)|(-rc\d)|(-\d+))?)/; + my $version = $1; + close CURL; + +@@ -47,7 +47,7 @@ + chomp; + my $filever=$_; + if ( $what eq "version" ) { +- if($filever =~ /^libcurl ([\.\d]+((-DEV)|(-\d+))?)$/) { ++ if($filever =~ /^libcurl ([\.\d]+((-DEV)|(-rc\d)|(-\d+))?)$/) { + $curlconfigversion = $1; + } + else { +@@ -63,7 +63,7 @@ + $curlconfigversion = "illegal value"; + } + +- # Strip off the -DEV from the curl version if it's there ++ # Strip off the -DEV and -rc suffixes from the curl version if they're there + $version =~ s/-\w*$//; + } + close CURLCONFIG; diff --git a/0101-curl-7.32.0-multilib.patch b/0101-curl-7.32.0-multilib.patch index 13a9a54..e7b2a32 100644 --- a/0101-curl-7.32.0-multilib.patch +++ b/0101-curl-7.32.0-multilib.patch @@ -1,7 +1,7 @@ -From c96b08867e8593b32cec0f3971f10adfcaf2276e Mon Sep 17 00:00:00 2001 +From 495c771a6f9be008b783c5f59285d30fdc15fd63 Mon Sep 17 00:00:00 2001 From: Jan Macku -Date: Wed, 5 Feb 2025 09:31:04 +0100 -Subject: [PATCH 1/2] prevent multilib conflicts on the curl-config script +Date: Mon, 10 Mar 2025 14:23:59 +0100 +Subject: [PATCH] prevent multilib conflicts on the curl-config script --- curl-config.in | 23 +++++------------------ @@ -10,7 +10,7 @@ Subject: [PATCH 1/2] prevent multilib conflicts on the curl-config script 3 files changed, 9 insertions(+), 19 deletions(-) diff --git a/curl-config.in b/curl-config.in -index 55184167b..324e0b740 100644 +index 5518416..324e0b7 100644 --- a/curl-config.in +++ b/curl-config.in @@ -74,7 +74,7 @@ while test "$#" -gt 0; do @@ -61,11 +61,11 @@ index 55184167b..324e0b740 100644 *) diff --git a/docs/curl-config.md b/docs/curl-config.md -index b1fcf33dc..b15feec8e 100644 +index 12ad245..fa0e03d 100644 --- a/docs/curl-config.md +++ b/docs/curl-config.md @@ -87,7 +87,9 @@ no, one or several names. If more than one name, they appear comma-separated. - ## --static-libs + ## `--static-libs` Shows the complete set of libs and other linker options you need in order to -link your application with libcurl statically. (Added in 7.17.1) @@ -73,10 +73,10 @@ index b1fcf33dc..b15feec8e 100644 +packages do not provide any static libraries, thus cannot be linked statically. +(Added in 7.17.1) - ## --version + ## `--version` diff --git a/libcurl.pc.in b/libcurl.pc.in -index c0ba5244a..f3645e174 100644 +index c0ba524..f3645e1 100644 --- a/libcurl.pc.in +++ b/libcurl.pc.in @@ -28,6 +28,7 @@ libdir=@libdir@ diff --git a/curl.spec b/curl.spec index c7f23e3..80a56c3 100644 --- a/curl.spec +++ b/curl.spec @@ -6,18 +6,21 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl -Version: 8.12.1 +Version: 8.13.0~rc1 Release: 1%{?dist} License: curl -Source0: https://curl.se/download/%{name}-%{version}.tar.xz -Source1: https://curl.se/download/%{name}-%{version}.tar.xz.asc +Source0: https://curl.se/download/%{name}-%{version_no_tilde}.tar.xz +Source1: https://curl.se/download/%{name}-%{version_no_tilde}.tar.xz.asc # The curl download page ( https://curl.se/download.html ) links # to Daniel's address page https://daniel.haxx.se/address.html for the GPG Key, # which points to the GPG key as of April 7th 2016 of https://daniel.haxx.se/mykey.asc Source2: mykey.asc +# Test 1022 add support for rc releases +Patch001: 0001-curl-8.13.0~rc1-test1022-add-support-for-rc-releases.patch + # patch making libcurl multilib ready -Patch101: 0101-curl-7.32.0-multilib.patch +# Patch101: 0101-curl-7.32.0-multilib.patch # test3026: disable valgrind Patch102: 0102-curl-7.84.0-test3026.patch @@ -211,7 +214,7 @@ be installed. %prep %{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}' -%autosetup -p1 +%autosetup -n %{name}-%{version_no_tilde} -p1 # disable test 1801 # @@ -407,6 +410,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %changelog +* Mon Mar 10 2025 Jan Macku - 8.13.0~rc1-1 +- new upstream release candidate + * Wed Feb 05 2025 Jan Macku - 8.12.0-1 - new upstream release, which fixes the following vulnerabilities CVE-2025-0725 - gzip integer overflow diff --git a/sources b/sources index acd884b..fd8d757 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (curl-8.12.1.tar.xz) = 88915468fa1bb7256e3dd6c9d058ada6894faa1e3e7800c7d9bfee3e8be4081ae57e7f2bf260c5342b709499fc4302ddc2d7864e25bfa3300fa07f118a3de603 -SHA512 (curl-8.12.1.tar.xz.asc) = 41fc5582935090d13940d86974fdea3ea901dd5dab156c16029a87f811d2535172c59dc8dc366f2ffc37bcf85accbecb5aa765bc7b83c2991a3ef402bf25af69 +SHA512 (curl-8.13.0-rc1.tar.xz) = 6890dae4abf9c9d4017c28ea8ced84ef457aa911574b261af97b81ab1631e04deef188928d015a19c861d8dd319a23d9a7725d93046fc07a39694c5dc445562e +SHA512 (curl-8.13.0-rc1.tar.xz.asc) = aeb6f5abcf1bd19d836ae688bebd0193c673060ed74afa7c5b63c2a0ecf7eaf00a223110cd7aa77d19183e8ba757bd0b8fb481e279cf1141c4b459f92604a740 From 5e5bbeb413edc79263a785e0ba467df9cb9c093c Mon Sep 17 00:00:00 2001 From: Jan Macku Date: Thu, 13 Mar 2025 09:30:38 +0100 Subject: [PATCH 17/44] fix --cert parameter Resolves: #2351531 --- ...3.0~rc1-fix--cert-parameter-clearing.patch | 60 +++++++++++++++++++ curl.spec | 8 ++- 2 files changed, 67 insertions(+), 1 deletion(-) create mode 100644 0002-curl-8.13.0~rc1-fix--cert-parameter-clearing.patch diff --git a/0002-curl-8.13.0~rc1-fix--cert-parameter-clearing.patch b/0002-curl-8.13.0~rc1-fix--cert-parameter-clearing.patch new file mode 100644 index 0000000..e08a349 --- /dev/null +++ b/0002-curl-8.13.0~rc1-fix--cert-parameter-clearing.patch @@ -0,0 +1,60 @@ +From 886569e2db200c31073895a2626d20e0712e5207 Mon Sep 17 00:00:00 2001 +From: Stefan Eissing +Date: Wed, 12 Mar 2025 14:42:19 +0100 +Subject: [PATCH] curl: fix --cert parameter clearing + +Blank the argument *after* it has been copied. + +Reported-by: Jan Macku +Fixes #16686 +Closes #16688 +--- + src/tool_getparam.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/src/tool_getparam.c b/src/tool_getparam.c +index 9f227abbfdb5..e5272de74feb 100644 +--- a/src/tool_getparam.c ++++ b/src/tool_getparam.c +@@ -2481,8 +2481,8 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */ + } + break; + case C_CERT: /* --cert */ +- cleanarg(clearthis); + GetFileAndPassword(nextarg, &config->cert, &config->key_passwd); ++ cleanarg(clearthis); + break; + case C_CACERT: /* --cacert */ + err = getstr(&config->cacert, nextarg, DENY_BLANK); +@@ -2601,18 +2601,18 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */ + config->tcp_fastopen = TRUE; + break; + case C_PROXY_TLSUSER: /* --proxy-tlsuser */ +- cleanarg(clearthis); + if(!feature_tls_srp) + err = PARAM_LIBCURL_DOESNT_SUPPORT; + else + err = getstr(&config->proxy_tls_username, nextarg, ALLOW_BLANK); ++ cleanarg(clearthis); + break; + case C_PROXY_TLSPASSWORD: /* --proxy-tlspassword */ +- cleanarg(clearthis); + if(!feature_tls_srp) + err = PARAM_LIBCURL_DOESNT_SUPPORT; + else + err = getstr(&config->proxy_tls_password, nextarg, DENY_BLANK); ++ cleanarg(clearthis); + break; + case C_PROXY_TLSAUTHTYPE: /* --proxy-tlsauthtype */ + if(!feature_tls_srp) +@@ -2624,9 +2624,9 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */ + } + break; + case C_PROXY_CERT: /* --proxy-cert */ +- cleanarg(clearthis); + GetFileAndPassword(nextarg, &config->proxy_cert, + &config->proxy_key_passwd); ++ cleanarg(clearthis); + break; + case C_PROXY_CERT_TYPE: /* --proxy-cert-type */ + err = getstr(&config->proxy_cert_type, nextarg, DENY_BLANK); diff --git a/curl.spec b/curl.spec index 80a56c3..c7f41cc 100644 --- a/curl.spec +++ b/curl.spec @@ -7,7 +7,7 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl Version: 8.13.0~rc1 -Release: 1%{?dist} +Release: 2%{?dist} License: curl Source0: https://curl.se/download/%{name}-%{version_no_tilde}.tar.xz Source1: https://curl.se/download/%{name}-%{version_no_tilde}.tar.xz.asc @@ -19,6 +19,9 @@ Source2: mykey.asc # Test 1022 add support for rc releases Patch001: 0001-curl-8.13.0~rc1-test1022-add-support-for-rc-releases.patch +# Fix --cert parameter (#2351531) +Patch002: 0002-curl-8.13.0~rc1-fix--cert-parameter-clearing.patch + # patch making libcurl multilib ready # Patch101: 0101-curl-7.32.0-multilib.patch @@ -410,6 +413,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %changelog +* Thu Mar 13 2025 Jan Macku - 8.13.0~rc1-2 +- fix --cert parameter (#2351531) + * Mon Mar 10 2025 Jan Macku - 8.13.0~rc1-1 - new upstream release candidate From 4fcaa6c40447770a0df7ce914dd5ce90bf67a27c Mon Sep 17 00:00:00 2001 From: Jan Macku Date: Tue, 18 Mar 2025 09:23:12 +0100 Subject: [PATCH 18/44] new upstream release - 8.13.0~rc2 --- ...test1022-add-support-for-rc-releases.patch | 44 -------------- ...3.0~rc1-fix--cert-parameter-clearing.patch | 60 ------------------- curl.spec | 13 ++-- sources | 4 +- 4 files changed, 7 insertions(+), 114 deletions(-) delete mode 100644 0001-curl-8.13.0~rc1-test1022-add-support-for-rc-releases.patch delete mode 100644 0002-curl-8.13.0~rc1-fix--cert-parameter-clearing.patch diff --git a/0001-curl-8.13.0~rc1-test1022-add-support-for-rc-releases.patch b/0001-curl-8.13.0~rc1-test1022-add-support-for-rc-releases.patch deleted file mode 100644 index 789aa0e..0000000 --- a/0001-curl-8.13.0~rc1-test1022-add-support-for-rc-releases.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 3c1a88fdf72e9e43f289d121318fc31536964e66 Mon Sep 17 00:00:00 2001 -From: Samuel Henrique -Date: Sat, 8 Mar 2025 12:47:21 +0000 -Subject: [PATCH] test1022: add support for rc releases - - Fix the following test failure: - curl-config: illegal value - -Closes #16626 ---- - tests/libtest/test1022.pl | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/tests/libtest/test1022.pl b/tests/libtest/test1022.pl -index 583b8f8562c0..5c5c02070ff7 100755 ---- a/tests/libtest/test1022.pl -+++ b/tests/libtest/test1022.pl -@@ -35,7 +35,7 @@ - open(CURL, "$ARGV[1]") || die "Can't open curl --version list in $ARGV[1]\n"; - $_ = ; - chomp; --/libcurl\/([\.\d]+((-DEV)|(-\d+))?)/; -+/libcurl\/([\.\d]+((-DEV)|(-rc\d)|(-\d+))?)/; - my $version = $1; - close CURL; - -@@ -47,7 +47,7 @@ - chomp; - my $filever=$_; - if ( $what eq "version" ) { -- if($filever =~ /^libcurl ([\.\d]+((-DEV)|(-\d+))?)$/) { -+ if($filever =~ /^libcurl ([\.\d]+((-DEV)|(-rc\d)|(-\d+))?)$/) { - $curlconfigversion = $1; - } - else { -@@ -63,7 +63,7 @@ - $curlconfigversion = "illegal value"; - } - -- # Strip off the -DEV from the curl version if it's there -+ # Strip off the -DEV and -rc suffixes from the curl version if they're there - $version =~ s/-\w*$//; - } - close CURLCONFIG; diff --git a/0002-curl-8.13.0~rc1-fix--cert-parameter-clearing.patch b/0002-curl-8.13.0~rc1-fix--cert-parameter-clearing.patch deleted file mode 100644 index e08a349..0000000 --- a/0002-curl-8.13.0~rc1-fix--cert-parameter-clearing.patch +++ /dev/null @@ -1,60 +0,0 @@ -From 886569e2db200c31073895a2626d20e0712e5207 Mon Sep 17 00:00:00 2001 -From: Stefan Eissing -Date: Wed, 12 Mar 2025 14:42:19 +0100 -Subject: [PATCH] curl: fix --cert parameter clearing - -Blank the argument *after* it has been copied. - -Reported-by: Jan Macku -Fixes #16686 -Closes #16688 ---- - src/tool_getparam.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/src/tool_getparam.c b/src/tool_getparam.c -index 9f227abbfdb5..e5272de74feb 100644 ---- a/src/tool_getparam.c -+++ b/src/tool_getparam.c -@@ -2481,8 +2481,8 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */ - } - break; - case C_CERT: /* --cert */ -- cleanarg(clearthis); - GetFileAndPassword(nextarg, &config->cert, &config->key_passwd); -+ cleanarg(clearthis); - break; - case C_CACERT: /* --cacert */ - err = getstr(&config->cacert, nextarg, DENY_BLANK); -@@ -2601,18 +2601,18 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */ - config->tcp_fastopen = TRUE; - break; - case C_PROXY_TLSUSER: /* --proxy-tlsuser */ -- cleanarg(clearthis); - if(!feature_tls_srp) - err = PARAM_LIBCURL_DOESNT_SUPPORT; - else - err = getstr(&config->proxy_tls_username, nextarg, ALLOW_BLANK); -+ cleanarg(clearthis); - break; - case C_PROXY_TLSPASSWORD: /* --proxy-tlspassword */ -- cleanarg(clearthis); - if(!feature_tls_srp) - err = PARAM_LIBCURL_DOESNT_SUPPORT; - else - err = getstr(&config->proxy_tls_password, nextarg, DENY_BLANK); -+ cleanarg(clearthis); - break; - case C_PROXY_TLSAUTHTYPE: /* --proxy-tlsauthtype */ - if(!feature_tls_srp) -@@ -2624,9 +2624,9 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */ - } - break; - case C_PROXY_CERT: /* --proxy-cert */ -- cleanarg(clearthis); - GetFileAndPassword(nextarg, &config->proxy_cert, - &config->proxy_key_passwd); -+ cleanarg(clearthis); - break; - case C_PROXY_CERT_TYPE: /* --proxy-cert-type */ - err = getstr(&config->proxy_cert_type, nextarg, DENY_BLANK); diff --git a/curl.spec b/curl.spec index c7f41cc..4e2d4ac 100644 --- a/curl.spec +++ b/curl.spec @@ -6,8 +6,8 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl -Version: 8.13.0~rc1 -Release: 2%{?dist} +Version: 8.13.0~rc2 +Release: 1%{?dist} License: curl Source0: https://curl.se/download/%{name}-%{version_no_tilde}.tar.xz Source1: https://curl.se/download/%{name}-%{version_no_tilde}.tar.xz.asc @@ -16,12 +16,6 @@ Source1: https://curl.se/download/%{name}-%{version_no_tilde}.tar.xz.asc # which points to the GPG key as of April 7th 2016 of https://daniel.haxx.se/mykey.asc Source2: mykey.asc -# Test 1022 add support for rc releases -Patch001: 0001-curl-8.13.0~rc1-test1022-add-support-for-rc-releases.patch - -# Fix --cert parameter (#2351531) -Patch002: 0002-curl-8.13.0~rc1-fix--cert-parameter-clearing.patch - # patch making libcurl multilib ready # Patch101: 0101-curl-7.32.0-multilib.patch @@ -413,6 +407,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %changelog +* Tue Mar 18 2025 Jan Macku - 8.13.0~rc2-1 +- new upstream release candidate + * Thu Mar 13 2025 Jan Macku - 8.13.0~rc1-2 - fix --cert parameter (#2351531) diff --git a/sources b/sources index fd8d757..d2c4139 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (curl-8.13.0-rc1.tar.xz) = 6890dae4abf9c9d4017c28ea8ced84ef457aa911574b261af97b81ab1631e04deef188928d015a19c861d8dd319a23d9a7725d93046fc07a39694c5dc445562e -SHA512 (curl-8.13.0-rc1.tar.xz.asc) = aeb6f5abcf1bd19d836ae688bebd0193c673060ed74afa7c5b63c2a0ecf7eaf00a223110cd7aa77d19183e8ba757bd0b8fb481e279cf1141c4b459f92604a740 +SHA512 (curl-8.13.0-rc2.tar.xz) = 299b41b5bf52b29f5064f68cd7d8d1e95d8b8f8b36fb80fb67ed2b342123f1fc87a543754cbee8c49c83a8e73daca89cb132a76c795d7fa4d9231c6bf281a9e0 +SHA512 (curl-8.13.0-rc2.tar.xz.asc) = 8149ff96d25b41b0a9418929bbdbb0675267457e7999bd98012289fb74af96f96e66bc9319024f37ef478a965ef233827d832e153db867f2cb6cd140954a4b3e From 95664fdd301c40c2d1a6d93b2a9d858a3c430e14 Mon Sep 17 00:00:00 2001 From: Jan Macku Date: Wed, 26 Mar 2025 10:11:44 +0100 Subject: [PATCH 19/44] new upstream release - 8.13.0~rc3 --- 0102-curl-7.84.0-test3026.patch | 71 --------------------------------- curl.spec | 11 ++--- sources | 4 +- 3 files changed, 8 insertions(+), 78 deletions(-) delete mode 100644 0102-curl-7.84.0-test3026.patch diff --git a/0102-curl-7.84.0-test3026.patch b/0102-curl-7.84.0-test3026.patch deleted file mode 100644 index 6c45cc8..0000000 --- a/0102-curl-7.84.0-test3026.patch +++ /dev/null @@ -1,71 +0,0 @@ -From 6460e292e664b03fb550ce70e9a8cdf86ad0ef57 Mon Sep 17 00:00:00 2001 -From: Jan Macku -Date: Wed, 5 Feb 2025 09:34:28 +0100 -Subject: [PATCH 2/2] test3026: disable valgrind - -It fails on x86_64 with: -``` - Use --max-threads=INT to specify a larger number of threads - and rerun valgrind - valgrind: the 'impossible' happened: - Max number of threads is too low - host stacktrace: - ==174357== at 0x58042F5A: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux) - ==174357== by 0x58043087: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux) - ==174357== by 0x580432EF: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux) - ==174357== by 0x58043310: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux) - ==174357== by 0x58099E77: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux) - ==174357== by 0x580E67E9: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux) - ==174357== by 0x5809D59D: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux) - ==174357== by 0x5809901A: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux) - ==174357== by 0x5809B0B6: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux) - ==174357== by 0x580E4050: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux) - sched status: - running_tid=1 - Thread 1: status = VgTs_Runnable syscall 56 (lwpid 174357) - ==174357== at 0x4A07816: clone (in /usr/lib64/libc.so.6) - ==174357== by 0x4A08720: __clone_internal (in /usr/lib64/libc.so.6) - ==174357== by 0x4987ACF: create_thread (in /usr/lib64/libc.so.6) - ==174357== by 0x49885F6: pthread_create@@GLIBC_2.34 (in /usr/lib64/libc.so.6) - ==174357== by 0x1093B5: test.part.0 (lib3026.c:64) - ==174357== by 0x492454F: (below main) (in /usr/lib64/libc.so.6) - client stack range: [0x1FFEFFC000 0x1FFF000FFF] client SP: 0x1FFEFFC998 - valgrind stack range: [0x1002BAA000 0x1002CA9FFF] top usage: 11728 of 1048576 -[...] -``` ---- - tests/data/test3026 | 3 +++ - tests/libtest/lib3026.c | 4 ++-- - 2 files changed, 5 insertions(+), 2 deletions(-) - -diff --git a/tests/data/test3026 b/tests/data/test3026 -index ee9b30678..dd582c3e5 100644 ---- a/tests/data/test3026 -+++ b/tests/data/test3026 -@@ -41,5 +41,8 @@ none - - 0 - -+ -+disable -+ - - -diff --git a/tests/libtest/lib3026.c b/tests/libtest/lib3026.c -index 61c70eb3b..79302fcf7 100644 ---- a/tests/libtest/lib3026.c -+++ b/tests/libtest/lib3026.c -@@ -145,8 +145,8 @@ CURLcode test(char *URL) - results[i] = CURL_LAST; /* initialize with invalid value */ - res = pthread_create(&tids[i], NULL, run_thread, &results[i]); - if(res) { -- fprintf(stderr, "%s:%d Couldn't create thread, errno %d\n", -- __FILE__, __LINE__, res); -+ fprintf(stderr, "%s:%d Couldn't create thread, i=%u, errno %d\n", -+ __FILE__, __LINE__, i, res); - tid_count = i; - test_failure = (CURLcode)-1; - goto cleanup; --- -2.48.1 - diff --git a/curl.spec b/curl.spec index 4e2d4ac..279a92f 100644 --- a/curl.spec +++ b/curl.spec @@ -6,7 +6,7 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl -Version: 8.13.0~rc2 +Version: 8.13.0~rc3 Release: 1%{?dist} License: curl Source0: https://curl.se/download/%{name}-%{version_no_tilde}.tar.xz @@ -17,10 +17,7 @@ Source1: https://curl.se/download/%{name}-%{version_no_tilde}.tar.xz.asc Source2: mykey.asc # patch making libcurl multilib ready -# Patch101: 0101-curl-7.32.0-multilib.patch - -# test3026: disable valgrind -Patch102: 0102-curl-7.84.0-test3026.patch +Patch101: 0101-curl-7.32.0-multilib.patch # test616: disable valgrind Patch105: 0105-curl-8.11.1-test616.patch @@ -407,6 +404,10 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %changelog +* Wed Mar 26 2025 Jan Macku - 8.13.0~rc3-1 +- new upstream release candidate +- drop: 0102-curl-7.84.0-test3026.patch (no longer needed) + * Tue Mar 18 2025 Jan Macku - 8.13.0~rc2-1 - new upstream release candidate diff --git a/sources b/sources index d2c4139..168aaff 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (curl-8.13.0-rc2.tar.xz) = 299b41b5bf52b29f5064f68cd7d8d1e95d8b8f8b36fb80fb67ed2b342123f1fc87a543754cbee8c49c83a8e73daca89cb132a76c795d7fa4d9231c6bf281a9e0 -SHA512 (curl-8.13.0-rc2.tar.xz.asc) = 8149ff96d25b41b0a9418929bbdbb0675267457e7999bd98012289fb74af96f96e66bc9319024f37ef478a965ef233827d832e153db867f2cb6cd140954a4b3e +SHA512 (curl-8.13.0-rc3.tar.xz) = 72c0e0b8b0bc9117ab911b97bab6b1502d877f5a72a34091b68e48c046e45dfd188f24f270c0200f4df3f1a70933ada00f3a73a0aa078ec2b125fa5a9294d33f +SHA512 (curl-8.13.0-rc3.tar.xz.asc) = a2d94a898824fabc1c4834f9e5719fb65311d0f218f6170e80fe1a04c6f842f9fbf589d281767ab916f668ff7087bb318b819a1fb26790640df136f335ff3b99 From 4d98bbf51edd9f631e7e91abc79fd94b1e44e097 Mon Sep 17 00:00:00 2001 From: Jan Macku Date: Wed, 2 Apr 2025 11:17:10 +0200 Subject: [PATCH 20/44] new upstream release - 8.13.0 --- curl.spec | 7 ++++++- sources | 4 ++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/curl.spec b/curl.spec index 279a92f..e265266 100644 --- a/curl.spec +++ b/curl.spec @@ -6,7 +6,7 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl -Version: 8.13.0~rc3 +Version: 8.13.0 Release: 1%{?dist} License: curl Source0: https://curl.se/download/%{name}-%{version_no_tilde}.tar.xz @@ -48,6 +48,7 @@ BuildRequires: make BuildRequires: openldap-devel BuildRequires: openssh-clients BuildRequires: openssh-server +BuildRequires: openssl BuildRequires: openssl-devel %if %{with openssl_engine_support} && 0%{?fedora} >= 41 BuildRequires: openssl-devel-engine @@ -404,6 +405,10 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %changelog +* Wed Apr 02 2025 Jan Macku - 8.13.0-1 +- new upstream release +- add build time dependency on openssl (required by tests) + * Wed Mar 26 2025 Jan Macku - 8.13.0~rc3-1 - new upstream release candidate - drop: 0102-curl-7.84.0-test3026.patch (no longer needed) diff --git a/sources b/sources index 168aaff..92367a0 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (curl-8.13.0-rc3.tar.xz) = 72c0e0b8b0bc9117ab911b97bab6b1502d877f5a72a34091b68e48c046e45dfd188f24f270c0200f4df3f1a70933ada00f3a73a0aa078ec2b125fa5a9294d33f -SHA512 (curl-8.13.0-rc3.tar.xz.asc) = a2d94a898824fabc1c4834f9e5719fb65311d0f218f6170e80fe1a04c6f842f9fbf589d281767ab916f668ff7087bb318b819a1fb26790640df136f335ff3b99 +SHA512 (curl-8.13.0.tar.xz) = d266e460f162ee455b56726e5b7247b2d1aa5265ae12081513fc0c5c79e785a594097bc71d505dc9bcd2c2f6f1ff6f4bab9dbd9d120bb76d06c5be8521a8ca7d +SHA512 (curl-8.13.0.tar.xz.asc) = 07f79c7fd7c305c96e10a5f52797254aed7d2a1f3577c8626b8d617855ceb82634ac6787bfa0b7130a4ed72c3a9945d3c9ba5b7be54df8bafa07ded1c62ef2be From ece940a64912f74d92fd403675eef80f9b357e68 Mon Sep 17 00:00:00 2001 From: Jan Macku Date: Fri, 2 May 2025 09:36:02 +0200 Subject: [PATCH 21/44] new upstream release - 8.14.0~rc1 --- curl.spec | 8 +++++++- sources | 4 ++-- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/curl.spec b/curl.spec index e265266..1e416a3 100644 --- a/curl.spec +++ b/curl.spec @@ -6,7 +6,7 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl -Version: 8.13.0 +Version: 8.14.0~rc1 Release: 1%{?dist} License: curl Source0: https://curl.se/download/%{name}-%{version_no_tilde}.tar.xz @@ -381,6 +381,8 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la %doc docs/TheArtOfHttpScripting.md %{_bindir}/curl %{_mandir}/man1/curl.1* +%{_bindir}/wcurl +%{_mandir}/man1/wcurl.1* %{_datadir}/zsh %files -n libcurl @@ -405,6 +407,10 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %changelog +* Fri May 02 2025 Jan Macku - 8.14.0~rc1-1 +- new upstream release candidate +- new utility: wcurl which lets you download URLs without having to remember any parameters + * Wed Apr 02 2025 Jan Macku - 8.13.0-1 - new upstream release - add build time dependency on openssl (required by tests) diff --git a/sources b/sources index 92367a0..769013c 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (curl-8.13.0.tar.xz) = d266e460f162ee455b56726e5b7247b2d1aa5265ae12081513fc0c5c79e785a594097bc71d505dc9bcd2c2f6f1ff6f4bab9dbd9d120bb76d06c5be8521a8ca7d -SHA512 (curl-8.13.0.tar.xz.asc) = 07f79c7fd7c305c96e10a5f52797254aed7d2a1f3577c8626b8d617855ceb82634ac6787bfa0b7130a4ed72c3a9945d3c9ba5b7be54df8bafa07ded1c62ef2be +SHA512 (curl-8.14.0-rc1.tar.xz) = e9bd9e5c95580ee04171de937ff852c30b4606ef28a0250c1fdd231d7155089d3591e0dbed1f10280c9868b66329c1c9badf9a0e15e3e2721ab103627e92caa3 +SHA512 (curl-8.14.0-rc1.tar.xz.asc) = f02e0fd84bffcbe31fa6ccdba41729be86404241c177087500d4d992278d217ea55d73a9bc260b601ddeef70738e45b799a2bd49c68db05adfe8c127434f5708 From b8ae67753af119081cacdecf02e2180ad85e1b17 Mon Sep 17 00:00:00 2001 From: Jan Macku Date: Wed, 28 May 2025 12:59:33 +0200 Subject: [PATCH 22/44] new upstream release - 8.14.0 --- ...8.14.0-multi-fix-add_handle-resizing.patch | 209 ++++++++++++++++++ curl.spec | 11 +- sources | 4 +- 3 files changed, 221 insertions(+), 3 deletions(-) create mode 100644 0001-curl-8.14.0-multi-fix-add_handle-resizing.patch diff --git a/0001-curl-8.14.0-multi-fix-add_handle-resizing.patch b/0001-curl-8.14.0-multi-fix-add_handle-resizing.patch new file mode 100644 index 0000000..4b7e58a --- /dev/null +++ b/0001-curl-8.14.0-multi-fix-add_handle-resizing.patch @@ -0,0 +1,209 @@ +From d16ccbd55de80c271fe822f4ba8b6271fd9166ff Mon Sep 17 00:00:00 2001 +From: Stefan Eissing +Date: Wed, 28 May 2025 14:04:31 +0200 +Subject: [PATCH] multi: fix add_handle resizing + +Due to someone being stupid, the resizing of the multi's transfer +table was actually shrinking it. Oh my. + +Add test751 to reproduce, add code assertion. + +Fixes #17473 +Reported-by: Jeroen Ooms +Closes #17475 +--- + lib/multi.c | 3 +- + tests/data/Makefile.am | 2 +- + tests/data/test751 | 33 ++++++++++++++ + tests/libtest/Makefile.inc | 4 ++ + tests/libtest/lib751.c | 92 ++++++++++++++++++++++++++++++++++++++ + 5 files changed, 132 insertions(+), 2 deletions(-) + create mode 100644 tests/data/test751 + create mode 100644 tests/libtest/lib751.c + +diff --git a/lib/multi.c b/lib/multi.c +index 792b30515d8b..b744e03ae52f 100644 +--- a/lib/multi.c ++++ b/lib/multi.c +@@ -347,7 +347,8 @@ static CURLMcode multi_xfers_add(struct Curl_multi *multi, + if(unused <= min_unused) { + /* make it a 64 multiple, since our bitsets frow by that and + * small (easy_multi) grows to at least 64 on first resize. */ +- unsigned int newsize = ((capacity + min_unused) + 63) / 64; ++ unsigned int newsize = (((capacity + min_unused) + 63) / 64) * 64; ++ DEBUGASSERT(newsize > capacity); + /* Grow the bitsets first. Should one fail, we do not need + * to downsize the already resized ones. The sets continue + * to work properly when larger than the table, but not +diff --git a/tests/data/Makefile.am b/tests/data/Makefile.am +index e8f9e12be71e..16bb57db8e69 100644 +--- a/tests/data/Makefile.am ++++ b/tests/data/Makefile.am +@@ -107,7 +107,7 @@ test709 test710 test711 test712 test713 test714 test715 test716 test717 \ + test718 test719 test720 test721 test722 test723 test724 test725 test726 \ + test727 test728 test729 test730 test731 test732 test733 test734 test735 \ + test736 test737 test738 test739 test740 test741 test742 test743 test744 \ +-test745 test746 test747 test748 test749 test750 \ ++test745 test746 test747 test748 test749 test750 test751 \ + \ + test780 test781 test782 test783 test784 test785 test786 test787 test788 \ + test789 test790 test791 \ +diff --git a/tests/data/test751 b/tests/data/test751 +new file mode 100644 +index 000000000000..ffc6df512f83 +--- /dev/null ++++ b/tests/data/test751 +@@ -0,0 +1,33 @@ ++ ++ ++ ++MULTI ++ ++ ++ ++ ++ ++ ++ ++# Client-side ++ ++ ++none ++ ++# tool is what to use instead of 'curl' ++ ++lib%TESTNUMBER ++ ++ ++ ++multi - add many easy handles ++ ++ ++ ++ ++ ++ ++# Verify data after the test has been "shot" ++ ++ ++ +diff --git a/tests/libtest/Makefile.inc b/tests/libtest/Makefile.inc +index faf7eacdf6af..002e7ab5470d 100644 +--- a/tests/libtest/Makefile.inc ++++ b/tests/libtest/Makefile.inc +@@ -50,6 +50,7 @@ LIBTESTPROGS = libauthretry libntlmconnect libprereq \ + lib659 lib661 lib666 lib667 lib668 \ + lib670 lib671 lib672 lib673 lib674 lib676 lib677 lib678 lib694 lib695 \ + lib696 \ ++ lib751 \ + lib1156 \ + lib1301 \ + lib1308 \ +@@ -349,6 +350,9 @@ lib695_SOURCES = lib695.c $(SUPPORTFILES) + lib696_SOURCES = lib556.c $(SUPPORTFILES) $(WARNLESS) + lib696_CPPFLAGS = $(AM_CPPFLAGS) -DLIB696 + ++lib751_SOURCES = lib751.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS) ++lib751_LDADD = $(TESTUTIL_LIBS) ++ + lib1301_SOURCES = lib1301.c $(SUPPORTFILES) $(TESTUTIL) + lib1301_LDADD = $(TESTUTIL_LIBS) + +diff --git a/tests/libtest/lib751.c b/tests/libtest/lib751.c +new file mode 100644 +index 000000000000..ab2f923b959d +--- /dev/null ++++ b/tests/libtest/lib751.c +@@ -0,0 +1,92 @@ ++/*************************************************************************** ++ * _ _ ____ _ ++ * Project ___| | | | _ \| | ++ * / __| | | | |_) | | ++ * | (__| |_| | _ <| |___ ++ * \___|\___/|_| \_\_____| ++ * ++ * Copyright (C) Daniel Stenberg, , et al. ++ * ++ * This software is licensed as described in the file COPYING, which ++ * you should have received as part of this distribution. The terms ++ * are also available at https://curl.se/docs/copyright.html. ++ * ++ * You may opt to use, copy, modify, merge, publish, distribute and/or sell ++ * copies of the Software, and permit persons to whom the Software is ++ * furnished to do so, under the terms of the COPYING file. ++ * ++ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY ++ * KIND, either express or implied. ++ * ++ * SPDX-License-Identifier: curl ++ * ++ ***************************************************************************/ ++#include "test.h" ++ ++#include "testutil.h" ++#include "warnless.h" ++#include "memdebug.h" ++ ++#define TEST_HANG_TIMEOUT 60 * 1000 ++ ++/* ++ * Get a single URL without select(). ++ */ ++ ++CURLcode test(char *URL) ++{ ++ CURL *easies[1000]; ++ CURLM *m; ++ CURLcode res = CURLE_FAILED_INIT; ++ CURLMcode mres; ++ int i; ++ ++ (void)URL; ++ memset(easies, 0, sizeof(easies)); ++ ++ curl_global_init(CURL_GLOBAL_DEFAULT); ++ m = curl_multi_init(); ++ if(!m) { ++ res = CURLE_OUT_OF_MEMORY; ++ goto test_cleanup; ++ } ++ ++ for(i = 0; i < 1000; i++) { ++ CURL *e = curl_easy_init(); ++ if(!e) { ++ res = CURLE_OUT_OF_MEMORY; ++ goto test_cleanup; ++ } ++ easies[i] = e; ++ ++ res = curl_easy_setopt(e, CURLOPT_URL, "https://www.example.com/"); ++ if(!res) ++ res = curl_easy_setopt(e, CURLOPT_VERBOSE, 1L); ++ if(res) ++ goto test_cleanup; ++ ++ mres = curl_multi_add_handle(m, e); ++ if(mres != CURLM_OK) { ++ printf("MULTI ERROR: %s\n", curl_multi_strerror(mres)); ++ res = CURLE_FAILED_INIT; ++ goto test_cleanup; ++ } ++ } ++ ++test_cleanup: ++ ++ if(res) ++ printf("ERROR: %s\n", curl_easy_strerror(res)); ++ ++ for(i = 0; i < 1000; i++) { ++ if(easies[i]) { ++ curl_multi_add_handle(m, easies[i]); ++ curl_easy_cleanup(easies[i]); ++ easies[i] = NULL; ++ } ++ } ++ curl_multi_cleanup(m); ++ curl_global_cleanup(); ++ ++ return res; ++} diff --git a/curl.spec b/curl.spec index 1e416a3..555fe8e 100644 --- a/curl.spec +++ b/curl.spec @@ -6,7 +6,7 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl -Version: 8.14.0~rc1 +Version: 8.14.0 Release: 1%{?dist} License: curl Source0: https://curl.se/download/%{name}-%{version_no_tilde}.tar.xz @@ -16,6 +16,9 @@ Source1: https://curl.se/download/%{name}-%{version_no_tilde}.tar.xz.asc # which points to the GPG key as of April 7th 2016 of https://daniel.haxx.se/mykey.asc Source2: mykey.asc +# Fix 8.14.0 regression: https://github.com/curl/curl/issues/17473 +Patch001: 0001-curl-8.14.0-multi-fix-add_handle-resizing.patch + # patch making libcurl multilib ready Patch101: 0101-curl-7.32.0-multilib.patch @@ -407,6 +410,12 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %changelog +* Wed May 28 2025 Jan Macku - 8.14.0-1 +- new upstream release, which fixes the following vulnerabilities + CVE-2025-5025 - No QUIC certificate pinning with wolfSSL + CVE-2025-4947 - QUIC certificate check skip with wolfSSL +- fix regression: curl_multi_add_handle() returning OOM when using more than 400 handles + * Fri May 02 2025 Jan Macku - 8.14.0~rc1-1 - new upstream release candidate - new utility: wcurl which lets you download URLs without having to remember any parameters diff --git a/sources b/sources index 769013c..c4de0f0 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (curl-8.14.0-rc1.tar.xz) = e9bd9e5c95580ee04171de937ff852c30b4606ef28a0250c1fdd231d7155089d3591e0dbed1f10280c9868b66329c1c9badf9a0e15e3e2721ab103627e92caa3 -SHA512 (curl-8.14.0-rc1.tar.xz.asc) = f02e0fd84bffcbe31fa6ccdba41729be86404241c177087500d4d992278d217ea55d73a9bc260b601ddeef70738e45b799a2bd49c68db05adfe8c127434f5708 +SHA512 (curl-8.14.0.tar.xz) = d9f49cac0b93dbc53879713cc017392b4277d84b489bbf2ef3b585c6a50eea6c3a7b80043286b34062af04329560f2dc321f315b0038ce93435aa9bbcaec1eea +SHA512 (curl-8.14.0.tar.xz.asc) = 7c147ddb5e141dd9951e2ef6b23fa120318c0e631fb36861b80fce61b4b19ca08273a6b95627f46a8172945fb51bd790ffc74dee0a4b0de860dad518963b4710 From 8077eb733b4ff6f66c2887694a5034b54550df73 Mon Sep 17 00:00:00 2001 From: Jan Macku Date: Wed, 4 Jun 2025 12:59:43 +0200 Subject: [PATCH 23/44] new upstream release - 8.14.1 --- ...8.14.0-multi-fix-add_handle-resizing.patch | 209 ------------------ curl.spec | 9 +- sources | 4 +- 3 files changed, 7 insertions(+), 215 deletions(-) delete mode 100644 0001-curl-8.14.0-multi-fix-add_handle-resizing.patch diff --git a/0001-curl-8.14.0-multi-fix-add_handle-resizing.patch b/0001-curl-8.14.0-multi-fix-add_handle-resizing.patch deleted file mode 100644 index 4b7e58a..0000000 --- a/0001-curl-8.14.0-multi-fix-add_handle-resizing.patch +++ /dev/null @@ -1,209 +0,0 @@ -From d16ccbd55de80c271fe822f4ba8b6271fd9166ff Mon Sep 17 00:00:00 2001 -From: Stefan Eissing -Date: Wed, 28 May 2025 14:04:31 +0200 -Subject: [PATCH] multi: fix add_handle resizing - -Due to someone being stupid, the resizing of the multi's transfer -table was actually shrinking it. Oh my. - -Add test751 to reproduce, add code assertion. - -Fixes #17473 -Reported-by: Jeroen Ooms -Closes #17475 ---- - lib/multi.c | 3 +- - tests/data/Makefile.am | 2 +- - tests/data/test751 | 33 ++++++++++++++ - tests/libtest/Makefile.inc | 4 ++ - tests/libtest/lib751.c | 92 ++++++++++++++++++++++++++++++++++++++ - 5 files changed, 132 insertions(+), 2 deletions(-) - create mode 100644 tests/data/test751 - create mode 100644 tests/libtest/lib751.c - -diff --git a/lib/multi.c b/lib/multi.c -index 792b30515d8b..b744e03ae52f 100644 ---- a/lib/multi.c -+++ b/lib/multi.c -@@ -347,7 +347,8 @@ static CURLMcode multi_xfers_add(struct Curl_multi *multi, - if(unused <= min_unused) { - /* make it a 64 multiple, since our bitsets frow by that and - * small (easy_multi) grows to at least 64 on first resize. */ -- unsigned int newsize = ((capacity + min_unused) + 63) / 64; -+ unsigned int newsize = (((capacity + min_unused) + 63) / 64) * 64; -+ DEBUGASSERT(newsize > capacity); - /* Grow the bitsets first. Should one fail, we do not need - * to downsize the already resized ones. The sets continue - * to work properly when larger than the table, but not -diff --git a/tests/data/Makefile.am b/tests/data/Makefile.am -index e8f9e12be71e..16bb57db8e69 100644 ---- a/tests/data/Makefile.am -+++ b/tests/data/Makefile.am -@@ -107,7 +107,7 @@ test709 test710 test711 test712 test713 test714 test715 test716 test717 \ - test718 test719 test720 test721 test722 test723 test724 test725 test726 \ - test727 test728 test729 test730 test731 test732 test733 test734 test735 \ - test736 test737 test738 test739 test740 test741 test742 test743 test744 \ --test745 test746 test747 test748 test749 test750 \ -+test745 test746 test747 test748 test749 test750 test751 \ - \ - test780 test781 test782 test783 test784 test785 test786 test787 test788 \ - test789 test790 test791 \ -diff --git a/tests/data/test751 b/tests/data/test751 -new file mode 100644 -index 000000000000..ffc6df512f83 ---- /dev/null -+++ b/tests/data/test751 -@@ -0,0 +1,33 @@ -+ -+ -+ -+MULTI -+ -+ -+ -+ -+ -+ -+ -+# Client-side -+ -+ -+none -+ -+# tool is what to use instead of 'curl' -+ -+lib%TESTNUMBER -+ -+ -+ -+multi - add many easy handles -+ -+ -+ -+ -+ -+ -+# Verify data after the test has been "shot" -+ -+ -+ -diff --git a/tests/libtest/Makefile.inc b/tests/libtest/Makefile.inc -index faf7eacdf6af..002e7ab5470d 100644 ---- a/tests/libtest/Makefile.inc -+++ b/tests/libtest/Makefile.inc -@@ -50,6 +50,7 @@ LIBTESTPROGS = libauthretry libntlmconnect libprereq \ - lib659 lib661 lib666 lib667 lib668 \ - lib670 lib671 lib672 lib673 lib674 lib676 lib677 lib678 lib694 lib695 \ - lib696 \ -+ lib751 \ - lib1156 \ - lib1301 \ - lib1308 \ -@@ -349,6 +350,9 @@ lib695_SOURCES = lib695.c $(SUPPORTFILES) - lib696_SOURCES = lib556.c $(SUPPORTFILES) $(WARNLESS) - lib696_CPPFLAGS = $(AM_CPPFLAGS) -DLIB696 - -+lib751_SOURCES = lib751.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS) -+lib751_LDADD = $(TESTUTIL_LIBS) -+ - lib1301_SOURCES = lib1301.c $(SUPPORTFILES) $(TESTUTIL) - lib1301_LDADD = $(TESTUTIL_LIBS) - -diff --git a/tests/libtest/lib751.c b/tests/libtest/lib751.c -new file mode 100644 -index 000000000000..ab2f923b959d ---- /dev/null -+++ b/tests/libtest/lib751.c -@@ -0,0 +1,92 @@ -+/*************************************************************************** -+ * _ _ ____ _ -+ * Project ___| | | | _ \| | -+ * / __| | | | |_) | | -+ * | (__| |_| | _ <| |___ -+ * \___|\___/|_| \_\_____| -+ * -+ * Copyright (C) Daniel Stenberg, , et al. -+ * -+ * This software is licensed as described in the file COPYING, which -+ * you should have received as part of this distribution. The terms -+ * are also available at https://curl.se/docs/copyright.html. -+ * -+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell -+ * copies of the Software, and permit persons to whom the Software is -+ * furnished to do so, under the terms of the COPYING file. -+ * -+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY -+ * KIND, either express or implied. -+ * -+ * SPDX-License-Identifier: curl -+ * -+ ***************************************************************************/ -+#include "test.h" -+ -+#include "testutil.h" -+#include "warnless.h" -+#include "memdebug.h" -+ -+#define TEST_HANG_TIMEOUT 60 * 1000 -+ -+/* -+ * Get a single URL without select(). -+ */ -+ -+CURLcode test(char *URL) -+{ -+ CURL *easies[1000]; -+ CURLM *m; -+ CURLcode res = CURLE_FAILED_INIT; -+ CURLMcode mres; -+ int i; -+ -+ (void)URL; -+ memset(easies, 0, sizeof(easies)); -+ -+ curl_global_init(CURL_GLOBAL_DEFAULT); -+ m = curl_multi_init(); -+ if(!m) { -+ res = CURLE_OUT_OF_MEMORY; -+ goto test_cleanup; -+ } -+ -+ for(i = 0; i < 1000; i++) { -+ CURL *e = curl_easy_init(); -+ if(!e) { -+ res = CURLE_OUT_OF_MEMORY; -+ goto test_cleanup; -+ } -+ easies[i] = e; -+ -+ res = curl_easy_setopt(e, CURLOPT_URL, "https://www.example.com/"); -+ if(!res) -+ res = curl_easy_setopt(e, CURLOPT_VERBOSE, 1L); -+ if(res) -+ goto test_cleanup; -+ -+ mres = curl_multi_add_handle(m, e); -+ if(mres != CURLM_OK) { -+ printf("MULTI ERROR: %s\n", curl_multi_strerror(mres)); -+ res = CURLE_FAILED_INIT; -+ goto test_cleanup; -+ } -+ } -+ -+test_cleanup: -+ -+ if(res) -+ printf("ERROR: %s\n", curl_easy_strerror(res)); -+ -+ for(i = 0; i < 1000; i++) { -+ if(easies[i]) { -+ curl_multi_add_handle(m, easies[i]); -+ curl_easy_cleanup(easies[i]); -+ easies[i] = NULL; -+ } -+ } -+ curl_multi_cleanup(m); -+ curl_global_cleanup(); -+ -+ return res; -+} diff --git a/curl.spec b/curl.spec index 555fe8e..dd4e145 100644 --- a/curl.spec +++ b/curl.spec @@ -6,7 +6,7 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl -Version: 8.14.0 +Version: 8.14.1 Release: 1%{?dist} License: curl Source0: https://curl.se/download/%{name}-%{version_no_tilde}.tar.xz @@ -16,9 +16,6 @@ Source1: https://curl.se/download/%{name}-%{version_no_tilde}.tar.xz.asc # which points to the GPG key as of April 7th 2016 of https://daniel.haxx.se/mykey.asc Source2: mykey.asc -# Fix 8.14.0 regression: https://github.com/curl/curl/issues/17473 -Patch001: 0001-curl-8.14.0-multi-fix-add_handle-resizing.patch - # patch making libcurl multilib ready Patch101: 0101-curl-7.32.0-multilib.patch @@ -410,6 +407,10 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %changelog +* Wed Jun 04 2025 Jan Macku - 8.14.1-1 +- new upstream release +- drop: 0001-curl-8.14.0-multi-fix-add_handle-resizing.patch (no longer needed) + * Wed May 28 2025 Jan Macku - 8.14.0-1 - new upstream release, which fixes the following vulnerabilities CVE-2025-5025 - No QUIC certificate pinning with wolfSSL diff --git a/sources b/sources index c4de0f0..0f72a68 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (curl-8.14.0.tar.xz) = d9f49cac0b93dbc53879713cc017392b4277d84b489bbf2ef3b585c6a50eea6c3a7b80043286b34062af04329560f2dc321f315b0038ce93435aa9bbcaec1eea -SHA512 (curl-8.14.0.tar.xz.asc) = 7c147ddb5e141dd9951e2ef6b23fa120318c0e631fb36861b80fce61b4b19ca08273a6b95627f46a8172945fb51bd790ffc74dee0a4b0de860dad518963b4710 +SHA512 (curl-8.14.1.tar.xz) = 7f6eae04cc23c50fc41d448aa28dfa59141018009e42c5b1e3f4e0d40c0633460b4e6eec05dfc290f7953671096abfa70a8b5443fccdd3f1be6be32ac10b31d9 +SHA512 (curl-8.14.1.tar.xz.asc) = 663b1652bb27338310d1475a8b0422f04e68fca74be11a4b7120de948af4fc0c2b08b75ce5372d657aa89504a27b36b937b5091cb2d932297a7490d5e390d99f From 1b9d79c6fd4fee6d966e917589125b48c12493ad Mon Sep 17 00:00:00 2001 From: Jan Macku Date: Mon, 23 Jun 2025 10:29:25 +0200 Subject: [PATCH 24/44] new upstream release - 8.15.0~rc1 --- curl.spec | 5 ++++- sources | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/curl.spec b/curl.spec index dd4e145..f21017b 100644 --- a/curl.spec +++ b/curl.spec @@ -6,7 +6,7 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl -Version: 8.14.1 +Version: 8.15.0~rc1 Release: 1%{?dist} License: curl Source0: https://curl.se/download/%{name}-%{version_no_tilde}.tar.xz @@ -407,6 +407,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %changelog +* Mon Jun 23 2025 Jan Macku - 8.15.0~rc1-1 +- new upstream release candidate + * Wed Jun 04 2025 Jan Macku - 8.14.1-1 - new upstream release - drop: 0001-curl-8.14.0-multi-fix-add_handle-resizing.patch (no longer needed) diff --git a/sources b/sources index 0f72a68..8eec045 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (curl-8.14.1.tar.xz) = 7f6eae04cc23c50fc41d448aa28dfa59141018009e42c5b1e3f4e0d40c0633460b4e6eec05dfc290f7953671096abfa70a8b5443fccdd3f1be6be32ac10b31d9 -SHA512 (curl-8.14.1.tar.xz.asc) = 663b1652bb27338310d1475a8b0422f04e68fca74be11a4b7120de948af4fc0c2b08b75ce5372d657aa89504a27b36b937b5091cb2d932297a7490d5e390d99f +SHA512 (curl-8.15.0-rc1.tar.xz) = eedabb0e416e119107e05c1b6afa04b4157f0381a3572c352e996ff682302690dbe34b75f39d49f6b7a26667eb673f06bd311853e73b9a82839eb1d8a43abe60 +SHA512 (curl-8.15.0-rc1.tar.xz.asc) = 8dbd61cc5246dc6244ac3bc16f9411d3bfe84bae8bd52935dd82d114c92a3be01116963d5518dea12426fbc5d6b45d9baec8354f9183c51f9cddf3204953d865 From 1984beb5371b749ce9fdcd32fde589c2860dc8d5 Mon Sep 17 00:00:00 2001 From: Jan Macku Date: Mon, 30 Jun 2025 13:44:33 +0200 Subject: [PATCH 25/44] new upstream release - 8.15.0~rc2 --- curl.spec | 5 ++++- sources | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/curl.spec b/curl.spec index f21017b..bdb28fb 100644 --- a/curl.spec +++ b/curl.spec @@ -6,7 +6,7 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl -Version: 8.15.0~rc1 +Version: 8.15.0~rc2 Release: 1%{?dist} License: curl Source0: https://curl.se/download/%{name}-%{version_no_tilde}.tar.xz @@ -407,6 +407,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %changelog +* Mon Jun 30 2025 Jan Macku - 8.15.0~rc2-1 +- new upstream release candidate + * Mon Jun 23 2025 Jan Macku - 8.15.0~rc1-1 - new upstream release candidate diff --git a/sources b/sources index 8eec045..9da21bd 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (curl-8.15.0-rc1.tar.xz) = eedabb0e416e119107e05c1b6afa04b4157f0381a3572c352e996ff682302690dbe34b75f39d49f6b7a26667eb673f06bd311853e73b9a82839eb1d8a43abe60 -SHA512 (curl-8.15.0-rc1.tar.xz.asc) = 8dbd61cc5246dc6244ac3bc16f9411d3bfe84bae8bd52935dd82d114c92a3be01116963d5518dea12426fbc5d6b45d9baec8354f9183c51f9cddf3204953d865 +SHA512 (curl-8.15.0-rc2.tar.xz) = 9b4e04b0e2ff5d7a432ea931a965e7ee73103c5430c59b029ea9846358ed052c1353ea12a5636809a78df370e8639254103eb5e4614b75f33a65683044599580 +SHA512 (curl-8.15.0-rc2.tar.xz.asc) = 4aa6e38ec97159802cada0d89c374d06d5eba145139a8fd9f1bc52c42d296088ed559296fe7847b906eb852d382c523f7e48f0f5e03b30fef7996181e6628c10 From c602d3aa5676dfaf8bcff41b8daa26f27eb6856d Mon Sep 17 00:00:00 2001 From: Jan Macku Date: Thu, 10 Jul 2025 09:21:53 +0200 Subject: [PATCH 26/44] new upstream release - 8.15.0~rc3 --- curl.spec | 5 ++++- sources | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/curl.spec b/curl.spec index bdb28fb..1045a24 100644 --- a/curl.spec +++ b/curl.spec @@ -6,7 +6,7 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl -Version: 8.15.0~rc2 +Version: 8.15.0~rc3 Release: 1%{?dist} License: curl Source0: https://curl.se/download/%{name}-%{version_no_tilde}.tar.xz @@ -407,6 +407,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %changelog +* Thu Jul 10 2025 Jan Macku - 8.15.0~rc3-1 +- new upstream release candidate + * Mon Jun 30 2025 Jan Macku - 8.15.0~rc2-1 - new upstream release candidate diff --git a/sources b/sources index 9da21bd..0642c98 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (curl-8.15.0-rc2.tar.xz) = 9b4e04b0e2ff5d7a432ea931a965e7ee73103c5430c59b029ea9846358ed052c1353ea12a5636809a78df370e8639254103eb5e4614b75f33a65683044599580 -SHA512 (curl-8.15.0-rc2.tar.xz.asc) = 4aa6e38ec97159802cada0d89c374d06d5eba145139a8fd9f1bc52c42d296088ed559296fe7847b906eb852d382c523f7e48f0f5e03b30fef7996181e6628c10 +SHA512 (curl-8.15.0-rc3.tar.xz) = 0f1f99bc69fde58f5e9348543e9aee9ca7c27642f04c380f233c6b3280ae53b9d65529ede8fe831ea6770d3657963f02dc8604a5006e805c6f4519cac79c8d01 +SHA512 (curl-8.15.0-rc3.tar.xz.asc) = 41cb379d5bceb5eadad86d007a3352846ebeaca383ef6448b58dc597ebc914a0fd4aaaf19dc4d47557ea06933b981f2db617a07e27848d2ff32fbb1dc7f52fca From e6d7e2ed2d76eaac3c5e59273a81872976efef7e Mon Sep 17 00:00:00 2001 From: Jan Macku Date: Wed, 16 Jul 2025 10:14:01 +0200 Subject: [PATCH 27/44] new upstream release - 8.15.0 --- curl.spec | 5 ++++- sources | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/curl.spec b/curl.spec index 1045a24..885ba52 100644 --- a/curl.spec +++ b/curl.spec @@ -6,7 +6,7 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl -Version: 8.15.0~rc3 +Version: 8.15.0 Release: 1%{?dist} License: curl Source0: https://curl.se/download/%{name}-%{version_no_tilde}.tar.xz @@ -407,6 +407,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %changelog +* Wed Jul 16 2025 Jan Macku - 8.15.0-1 +- new upstream release + * Thu Jul 10 2025 Jan Macku - 8.15.0~rc3-1 - new upstream release candidate diff --git a/sources b/sources index 0642c98..fe20191 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (curl-8.15.0-rc3.tar.xz) = 0f1f99bc69fde58f5e9348543e9aee9ca7c27642f04c380f233c6b3280ae53b9d65529ede8fe831ea6770d3657963f02dc8604a5006e805c6f4519cac79c8d01 -SHA512 (curl-8.15.0-rc3.tar.xz.asc) = 41cb379d5bceb5eadad86d007a3352846ebeaca383ef6448b58dc597ebc914a0fd4aaaf19dc4d47557ea06933b981f2db617a07e27848d2ff32fbb1dc7f52fca +SHA512 (curl-8.15.0.tar.xz) = d27e316d70973906ac4b8d2c280f7e99b7528966aa1220c13a38ed45fca2ed6bbde54b8a9d7bed9e283171b92edb621f7b95162ef7d392e6383b0ee469de3191 +SHA512 (curl-8.15.0.tar.xz.asc) = b6aef1c6a1f32c60401494df565a748fa96c1d5098138772c22f6208bafeb8e61402f3077cbc274ea2c05f35ff376d8f736c58554520f8d20fded36d876499a5 From cc5717f9ec610100193bee9eae480f7dad24fa24 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 23 Jul 2025 18:56:38 +0000 Subject: [PATCH 28/44] Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild --- curl.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/curl.spec b/curl.spec index 885ba52..ced8578 100644 --- a/curl.spec +++ b/curl.spec @@ -7,7 +7,7 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl Version: 8.15.0 -Release: 1%{?dist} +Release: 2%{?dist} License: curl Source0: https://curl.se/download/%{name}-%{version_no_tilde}.tar.xz Source1: https://curl.se/download/%{name}-%{version_no_tilde}.tar.xz.asc @@ -407,6 +407,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %changelog +* Wed Jul 23 2025 Fedora Release Engineering - 8.15.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild + * Wed Jul 16 2025 Jan Macku - 8.15.0-1 - new upstream release From e4069769c832d7469bbbeb654b28427c346514dd Mon Sep 17 00:00:00 2001 From: Jan Macku Date: Mon, 25 Aug 2025 10:43:21 +0200 Subject: [PATCH 29/44] new upstream release - 8.16.0~rc2 --- 0101-curl-7.32.0-multilib.patch | 14 +++++++------- curl.spec | 7 +++++-- sources | 4 ++-- 3 files changed, 14 insertions(+), 11 deletions(-) diff --git a/0101-curl-7.32.0-multilib.patch b/0101-curl-7.32.0-multilib.patch index e7b2a32..79e9855 100644 --- a/0101-curl-7.32.0-multilib.patch +++ b/0101-curl-7.32.0-multilib.patch @@ -1,6 +1,6 @@ -From 495c771a6f9be008b783c5f59285d30fdc15fd63 Mon Sep 17 00:00:00 2001 +From ae56f768f418e1dd91f9eb3edf1a88453f61e160 Mon Sep 17 00:00:00 2001 From: Jan Macku -Date: Mon, 10 Mar 2025 14:23:59 +0100 +Date: Mon, 25 Aug 2025 10:41:12 +0200 Subject: [PATCH] prevent multilib conflicts on the curl-config script --- @@ -10,7 +10,7 @@ Subject: [PATCH] prevent multilib conflicts on the curl-config script 3 files changed, 9 insertions(+), 19 deletions(-) diff --git a/curl-config.in b/curl-config.in -index 5518416..324e0b7 100644 +index ce23519..bb43ca8 100644 --- a/curl-config.in +++ b/curl-config.in @@ -74,7 +74,7 @@ while test "$#" -gt 0; do @@ -26,12 +26,12 @@ index 5518416..324e0b7 100644 ;; --libs) -- if test "X@libdir@" != 'X/usr/lib' -a "X@libdir@" != 'X/usr/lib64'; then +- if test "@libdir@" != '/usr/lib' -a "@libdir@" != '/usr/lib64'; then - curllibdir="-L@libdir@ " - else - curllibdir='' - fi -- if test 'X@ENABLE_SHARED@' = 'Xno'; then +- if test '@ENABLE_SHARED@' = 'no'; then - echo "${curllibdir}-lcurl @LIBCURL_PC_LIBS_PRIVATE@" - else - echo "${curllibdir}-lcurl" @@ -44,7 +44,7 @@ index 5518416..324e0b7 100644 ;; --static-libs) -- if test 'X@ENABLE_STATIC@' != 'Xno'; then +- if test '@ENABLE_STATIC@' != 'no'; then - echo "@libdir@/libcurl.@libext@ @LIBCURL_PC_LDFLAGS_PRIVATE@ @LIBCURL_PC_LIBS_PRIVATE@" - else - echo 'curl was built with static libraries disabled' >&2 @@ -88,5 +88,5 @@ index c0ba524..f3645e1 100644 Name: libcurl URL: https://curl.se/ -- -2.48.1 +2.50.1 diff --git a/curl.spec b/curl.spec index ced8578..e780804 100644 --- a/curl.spec +++ b/curl.spec @@ -6,8 +6,8 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl -Version: 8.15.0 -Release: 2%{?dist} +Version: 8.16.0~rc2 +Release: 1%{?dist} License: curl Source0: https://curl.se/download/%{name}-%{version_no_tilde}.tar.xz Source1: https://curl.se/download/%{name}-%{version_no_tilde}.tar.xz.asc @@ -407,6 +407,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %changelog +* Tue Aug 26 2025 Jan Macku - 8.16.0~rc2-1 +- new upstream release candidate + * Wed Jul 23 2025 Fedora Release Engineering - 8.15.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild diff --git a/sources b/sources index fe20191..ad9b1ad 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (curl-8.15.0.tar.xz) = d27e316d70973906ac4b8d2c280f7e99b7528966aa1220c13a38ed45fca2ed6bbde54b8a9d7bed9e283171b92edb621f7b95162ef7d392e6383b0ee469de3191 -SHA512 (curl-8.15.0.tar.xz.asc) = b6aef1c6a1f32c60401494df565a748fa96c1d5098138772c22f6208bafeb8e61402f3077cbc274ea2c05f35ff376d8f736c58554520f8d20fded36d876499a5 +SHA512 (curl-8.16.0-rc2.tar.xz.asc) = c180343f1037cf51eb32c61035a4da7e728c2ee7f8d4ca1d464545b9b4044b30963e6b1ce424951a151ff901d7c7f4d56e7a54dacc581fc2c5c3b54349c155eb +SHA512 (curl-8.16.0-rc2.tar.xz) = 7cc4f56a05634c651cf7224d3844359498d127f259e531aadefe86f6df3a7fc5f6644c296407d38867ddb716fe3e4951d377592f6d977c196ad1a733374e608f From 581c1b9ace3de047af9bec6a8a59cf0c9f36c91c Mon Sep 17 00:00:00 2001 From: Jan Macku Date: Wed, 3 Sep 2025 10:39:46 +0200 Subject: [PATCH 30/44] new upstream release - 8.16.0~rc3 --- curl.spec | 5 ++++- sources | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/curl.spec b/curl.spec index e780804..0a7e2b9 100644 --- a/curl.spec +++ b/curl.spec @@ -6,7 +6,7 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl -Version: 8.16.0~rc2 +Version: 8.16.0~rc3 Release: 1%{?dist} License: curl Source0: https://curl.se/download/%{name}-%{version_no_tilde}.tar.xz @@ -407,6 +407,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %changelog +* Wed Sep 03 2025 Jan Macku - 8.16.0~rc3-1 +- new upstream release candidate + * Tue Aug 26 2025 Jan Macku - 8.16.0~rc2-1 - new upstream release candidate diff --git a/sources b/sources index ad9b1ad..9d707b2 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (curl-8.16.0-rc2.tar.xz.asc) = c180343f1037cf51eb32c61035a4da7e728c2ee7f8d4ca1d464545b9b4044b30963e6b1ce424951a151ff901d7c7f4d56e7a54dacc581fc2c5c3b54349c155eb -SHA512 (curl-8.16.0-rc2.tar.xz) = 7cc4f56a05634c651cf7224d3844359498d127f259e531aadefe86f6df3a7fc5f6644c296407d38867ddb716fe3e4951d377592f6d977c196ad1a733374e608f +SHA512 (curl-8.16.0-rc3.tar.xz) = 119e00ac9c150ac1d61ce5eeb522168b8a1c68d6576077400222170e0bd9b25dbe53182166a194058e58831a8768c1b7d9145fd5051c4e13bcd12841eb3a7284 +SHA512 (curl-8.16.0-rc3.tar.xz.asc) = 50e484772ac1e8390222ce21702c6995c96b4da99d1e0f2e233b7226b48b5ce3a290d6050963e1e2c519b9a29d2ded7134d3bd4e765a946a8abbae3c67e31d32 From 4335a7a3cb25cd33eea86ac9fc8d41bb67fd857f Mon Sep 17 00:00:00 2001 From: Jan Macku Date: Wed, 10 Sep 2025 08:56:14 +0200 Subject: [PATCH 31/44] new upstream release - 8.16.0 --- curl.spec | 5 ++++- sources | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/curl.spec b/curl.spec index 0a7e2b9..bf0f7ee 100644 --- a/curl.spec +++ b/curl.spec @@ -6,7 +6,7 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl -Version: 8.16.0~rc3 +Version: 8.16.0 Release: 1%{?dist} License: curl Source0: https://curl.se/download/%{name}-%{version_no_tilde}.tar.xz @@ -407,6 +407,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %changelog +* Wed Sep 10 2025 Jan Macku - 8.16.0-1 +- new upstream release + * Wed Sep 03 2025 Jan Macku - 8.16.0~rc3-1 - new upstream release candidate diff --git a/sources b/sources index 9d707b2..8b5feac 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (curl-8.16.0-rc3.tar.xz) = 119e00ac9c150ac1d61ce5eeb522168b8a1c68d6576077400222170e0bd9b25dbe53182166a194058e58831a8768c1b7d9145fd5051c4e13bcd12841eb3a7284 -SHA512 (curl-8.16.0-rc3.tar.xz.asc) = 50e484772ac1e8390222ce21702c6995c96b4da99d1e0f2e233b7226b48b5ce3a290d6050963e1e2c519b9a29d2ded7134d3bd4e765a946a8abbae3c67e31d32 +SHA512 (curl-8.16.0.tar.xz) = 8262c3dc113cfd5744ef1b82dbccaa69448a9395ad5c094c22df5cf537a047a927d3332db2cb3be12a31a68a60d8d0fa8485b916e975eda36a4ebd860da4f621 +SHA512 (curl-8.16.0.tar.xz.asc) = 591568e997c0d955a00152ce5bdfb4586d84b42f5c1e15df503514fb4eb4bf289a98b1ebdad23913119c67c27d51a6e6f4065ee6f7657b971c3a581c928a0d82 From 804c73ca4bbb4d7a3f454bf93fa621bd3fd06feb Mon Sep 17 00:00:00 2001 From: Adam Williamson Date: Fri, 12 Sep 2025 10:40:12 -0700 Subject: [PATCH 32/44] Update test URLs to Fedora 42 to fix tests Tests currently fail because Fedora 38 is archived. This bumps the version to 42 and updates the expected content. This will need updating again annually or so. It'd be safer to use something that doesn't age out frequently instead. Signed-off-by: Adam Williamson --- tests/non-root-user-download/runtest.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/non-root-user-download/runtest.sh b/tests/non-root-user-download/runtest.sh index 4d51e62..0d72276 100755 --- a/tests/non-root-user-download/runtest.sh +++ b/tests/non-root-user-download/runtest.sh @@ -31,9 +31,9 @@ PACKAGE="curl" -FTP_URL=ftp://ftp.fi.muni.cz/pub/linux/fedora/linux/releases/38/Everything/x86_64/iso/Fedora-Everything-38-1.6-x86_64-CHECKSUM -HTTP_URL=https://archives.fedoraproject.org/pub/fedora/linux/releases/38/Everything/x86_64/iso/Fedora-Everything-38-1.6-x86_64-CHECKSUM -CONTENT=4d042dedc8886856db10bc882074b84dcce52f829ea7b3f31d8031db8d84df20 +FTP_URL=ftp://ftp.fi.muni.cz/pub/linux/fedora/linux/releases/42/Everything/x86_64/iso/Fedora-Everything-42-1.1-x86_64-CHECKSUM +HTTP_URL=https://archives.fedoraproject.org/pub/fedora/linux/releases/42/Everything/x86_64/iso/Fedora-Everything-42-1.1-x86_64-CHECKSUM +CONTENT=1bd6ab4798983c2fe4a210f9c4ca135fed453d6142ba852c1f8d5fba22e113ab PASSWORD=pAssw0rd OPTIONS="" rlIsRHEL 7 && OPTIONS="--insecure" From 9776a6bb744df02f85cf73c3b8a02e0e387ae915 Mon Sep 17 00:00:00 2001 From: Jan Macku Date: Mon, 13 Oct 2025 10:25:01 +0200 Subject: [PATCH 33/44] new upstream release - 8.17.0~rc1 --- curl.spec | 5 ++++- sources | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/curl.spec b/curl.spec index bf0f7ee..f247bf3 100644 --- a/curl.spec +++ b/curl.spec @@ -6,7 +6,7 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl -Version: 8.16.0 +Version: 8.17.0~rc1 Release: 1%{?dist} License: curl Source0: https://curl.se/download/%{name}-%{version_no_tilde}.tar.xz @@ -407,6 +407,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %changelog +* Mon Oct 13 2025 Jan Macku - 8.17.0~rc1-1 +- new upstream release candidate + * Wed Sep 10 2025 Jan Macku - 8.16.0-1 - new upstream release diff --git a/sources b/sources index 8b5feac..c657397 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (curl-8.16.0.tar.xz) = 8262c3dc113cfd5744ef1b82dbccaa69448a9395ad5c094c22df5cf537a047a927d3332db2cb3be12a31a68a60d8d0fa8485b916e975eda36a4ebd860da4f621 -SHA512 (curl-8.16.0.tar.xz.asc) = 591568e997c0d955a00152ce5bdfb4586d84b42f5c1e15df503514fb4eb4bf289a98b1ebdad23913119c67c27d51a6e6f4065ee6f7657b971c3a581c928a0d82 +SHA512 (curl-8.17.0-rc1.tar.xz) = bbaa3c97860f51c069dfc448d212a0d2149abfe76429bd4e7e3b005f44851e609008b90f5ed5caad048b5815043433248b495c41edf04d4bb5b76a8af41ede02 +SHA512 (curl-8.17.0-rc1.tar.xz.asc) = e86f7c9000ee5e8ee775947e720a17cf327b1f3053d6a6d92d3d1d27ed8dacefe1934ce3ee67b1efd59a601e0312bcffd1fb0900b760fda15e0fe7ba1a892c8f From 6bf2cb17bf9b14db4abc7a4f85e502629eafbbf3 Mon Sep 17 00:00:00 2001 From: Jan Macku Date: Tue, 21 Oct 2025 13:12:51 +0200 Subject: [PATCH 34/44] new upstream release - 8.17.0~rc2 --- curl.spec | 5 ++++- sources | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/curl.spec b/curl.spec index f247bf3..6784164 100644 --- a/curl.spec +++ b/curl.spec @@ -6,7 +6,7 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl -Version: 8.17.0~rc1 +Version: 8.17.0~rc2 Release: 1%{?dist} License: curl Source0: https://curl.se/download/%{name}-%{version_no_tilde}.tar.xz @@ -407,6 +407,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %changelog +* Tue Oct 21 2025 Jan Macku - 8.17.0~rc2-1 +- new upstream release candidate + * Mon Oct 13 2025 Jan Macku - 8.17.0~rc1-1 - new upstream release candidate diff --git a/sources b/sources index c657397..5bd897d 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (curl-8.17.0-rc1.tar.xz) = bbaa3c97860f51c069dfc448d212a0d2149abfe76429bd4e7e3b005f44851e609008b90f5ed5caad048b5815043433248b495c41edf04d4bb5b76a8af41ede02 -SHA512 (curl-8.17.0-rc1.tar.xz.asc) = e86f7c9000ee5e8ee775947e720a17cf327b1f3053d6a6d92d3d1d27ed8dacefe1934ce3ee67b1efd59a601e0312bcffd1fb0900b760fda15e0fe7ba1a892c8f +SHA512 (curl-8.17.0-rc2.tar.xz) = bc7d63e72787c5960a7107e2227b70e761aef2e2e63bda0f13f8c944b31a4e98acc1ca72bde25ff9eba3d97cee38e58e51359dffcfdf59310c6722d3a0986b54 +SHA512 (curl-8.17.0-rc2.tar.xz.asc) = d5bd939f0a004f6ae46f0fca1e05f6f7c4d6e77c3a65641c9b081a28589385a44b51fa968e0a7c35dd76caebe1f4d59ac0b26e0fc84378fd1d57c3ce513c4a2a From 9bd80279ea75fc37dcc6767e0061bc46e4893607 Mon Sep 17 00:00:00 2001 From: Jan Macku Date: Thu, 30 Oct 2025 09:34:03 +0100 Subject: [PATCH 35/44] new upstream release - 8.17.0~rc3 --- curl.spec | 5 ++++- sources | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/curl.spec b/curl.spec index 6784164..2cb6993 100644 --- a/curl.spec +++ b/curl.spec @@ -6,7 +6,7 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl -Version: 8.17.0~rc2 +Version: 8.17.0~rc3 Release: 1%{?dist} License: curl Source0: https://curl.se/download/%{name}-%{version_no_tilde}.tar.xz @@ -407,6 +407,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %changelog +* Thu Oct 30 2025 Jan Macku - 8.17.0~rc3-1 +- new upstream release candidate + * Tue Oct 21 2025 Jan Macku - 8.17.0~rc2-1 - new upstream release candidate diff --git a/sources b/sources index 5bd897d..0a3353d 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (curl-8.17.0-rc2.tar.xz) = bc7d63e72787c5960a7107e2227b70e761aef2e2e63bda0f13f8c944b31a4e98acc1ca72bde25ff9eba3d97cee38e58e51359dffcfdf59310c6722d3a0986b54 -SHA512 (curl-8.17.0-rc2.tar.xz.asc) = d5bd939f0a004f6ae46f0fca1e05f6f7c4d6e77c3a65641c9b081a28589385a44b51fa968e0a7c35dd76caebe1f4d59ac0b26e0fc84378fd1d57c3ce513c4a2a +SHA512 (curl-8.17.0-rc3.tar.xz) = ffa33aaec6c84ee2a9838e4d10f70e905ac414b920794215a0abb5a537e441187b4fd4eba2e1d8103d43375dc6bdf6995f097d22523c6e4ca1172bf0c3e1c347 +SHA512 (curl-8.17.0-rc3.tar.xz.asc) = b2ecef9a04d8337dabfde6be96e9b6fc9151d56dcc8aeb93ce8c5949ba0aaa6bbaf72f25ef3af8a0d4ffc92999d5f5498cead4f519fc0473c4cd311e28d54774 From d2da397853a1847f0a9c1be02842a7720227ec55 Mon Sep 17 00:00:00 2001 From: Jan Macku Date: Thu, 6 Nov 2025 15:10:09 +0100 Subject: [PATCH 36/44] new upstream release - 8.17.0 --- curl.spec | 5 ++++- sources | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/curl.spec b/curl.spec index 2cb6993..f96c5aa 100644 --- a/curl.spec +++ b/curl.spec @@ -6,7 +6,7 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl -Version: 8.17.0~rc3 +Version: 8.17.0 Release: 1%{?dist} License: curl Source0: https://curl.se/download/%{name}-%{version_no_tilde}.tar.xz @@ -407,6 +407,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %changelog +*Mon Nov 10 2025 Jan Macku - 8.17.0-1 +- new upstream release + * Thu Oct 30 2025 Jan Macku - 8.17.0~rc3-1 - new upstream release candidate diff --git a/sources b/sources index 0a3353d..2d835d7 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (curl-8.17.0-rc3.tar.xz) = ffa33aaec6c84ee2a9838e4d10f70e905ac414b920794215a0abb5a537e441187b4fd4eba2e1d8103d43375dc6bdf6995f097d22523c6e4ca1172bf0c3e1c347 -SHA512 (curl-8.17.0-rc3.tar.xz.asc) = b2ecef9a04d8337dabfde6be96e9b6fc9151d56dcc8aeb93ce8c5949ba0aaa6bbaf72f25ef3af8a0d4ffc92999d5f5498cead4f519fc0473c4cd311e28d54774 +SHA512 (curl-8.17.0.tar.xz.asc) = e77d4cb1f4961aa0df3d76f1a8c55a0b9005ed557adf745f3ab24d33cee2d0e4bd06cecb9d911e76409852e7755129873cc7d24936c846ff1b854903c0f086b2 +SHA512 (curl-8.17.0.tar.xz) = fc6349def40c3c259de2a568631507df17dff83e78a2edbb93f069586dce594439fdc88bef7ce2bed7491f35800b8c0c181c8c88e6ef656cc3c18f9834681eca From b15bd53eb8d0de3ade9fb785b019f4d36aba07d5 Mon Sep 17 00:00:00 2001 From: Jan Macku Date: Thu, 13 Nov 2025 09:24:32 +0100 Subject: [PATCH 37/44] remove bundled wcurl utility that was added in 8.14.0~rc1, use wcurl package instead --- curl.spec | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/curl.spec b/curl.spec index f96c5aa..8e3d696 100644 --- a/curl.spec +++ b/curl.spec @@ -7,7 +7,7 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl Version: 8.17.0 -Release: 1%{?dist} +Release: 2%{?dist} License: curl Source0: https://curl.se/download/%{name}-%{version_no_tilde}.tar.xz Source1: https://curl.se/download/%{name}-%{version_no_tilde}.tar.xz.asc @@ -366,6 +366,11 @@ rm -rf ${RPM_BUILD_ROOT}%{_datadir}/fish rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la +# do not install bundled wcurl utility +# it is provided by the wcurl package +rm -f ${RPM_BUILD_ROOT}%{_bindir}/wcurl +rm -f ${RPM_BUILD_ROOT}%{_mandir}/man1/wcurl.1* + %ldconfig_scriptlets -n libcurl %ldconfig_scriptlets -n libcurl-minimal @@ -381,8 +386,6 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la %doc docs/TheArtOfHttpScripting.md %{_bindir}/curl %{_mandir}/man1/curl.1* -%{_bindir}/wcurl -%{_mandir}/man1/wcurl.1* %{_datadir}/zsh %files -n libcurl @@ -407,7 +410,10 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %changelog -*Mon Nov 10 2025 Jan Macku - 8.17.0-1 +* Thu Nov 13 2025 Jan Macku - 8.17.0-2 +- remove bundled wcurl utility that was added in 8.14.0~rc1, use wcurl package instead + +* Mon Nov 10 2025 Jan Macku - 8.17.0-1 - new upstream release * Thu Oct 30 2025 Jan Macku - 8.17.0~rc3-1 From 6803c01e8da370a26d6cd6206093cd8f51ac3bae Mon Sep 17 00:00:00 2001 From: Jan Macku Date: Thu, 13 Nov 2025 16:01:43 +0100 Subject: [PATCH 38/44] recommend wcurl package instead of bundled wcurl utility --- curl.spec | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/curl.spec b/curl.spec index 8e3d696..ca173a3 100644 --- a/curl.spec +++ b/curl.spec @@ -7,7 +7,7 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl Version: 8.17.0 -Release: 2%{?dist} +Release: 3%{?dist} License: curl Source0: https://curl.se/download/%{name}-%{version_no_tilde}.tar.xz Source1: https://curl.se/download/%{name}-%{version_no_tilde}.tar.xz.asc @@ -28,6 +28,11 @@ Provides: curl-minimal = %{version}-%{release} Provides: webclient URL: https://curl.se/ +%if 0%{?fedora} +# instead of bundled wcurl utility, recommend wcurl package +Recommends: wcurl +%endif + # The reason for maintaining two separate packages for curl is no longer valid. # The curl-minimal is currently almost identical to curl-full, so let's drop curl-minimal. # For more details, see https://bugzilla.redhat.com/show_bug.cgi?id=2262096 @@ -410,6 +415,9 @@ rm -f ${RPM_BUILD_ROOT}%{_mandir}/man1/wcurl.1* %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %changelog +* Thu Nov 13 2025 Jan Macku - 8.17.0-3 +- recommend wcurl package instead of bundled wcurl utility + * Thu Nov 13 2025 Jan Macku - 8.17.0-2 - remove bundled wcurl utility that was added in 8.14.0~rc1, use wcurl package instead From 7d91f53d81f6aa9e760638a1e4dceb82a5b839b7 Mon Sep 17 00:00:00 2001 From: Jan Macku Date: Thu, 4 Dec 2025 09:59:27 +0100 Subject: [PATCH 39/44] http3: apply upstream patches for valgrind issues Related: #2408809 --- ...rl-8.17.0-vquic-do_sendmsg-full-init.patch | 34 +++++++++++++++++++ ...0-ngtcp2-openssl-fix-leak-of-session.patch | 32 +++++++++++++++++ curl.spec | 9 ++++- 3 files changed, 74 insertions(+), 1 deletion(-) create mode 100644 0001-curl-8.17.0-vquic-do_sendmsg-full-init.patch create mode 100644 0002-curl-8.17.0-ngtcp2-openssl-fix-leak-of-session.patch diff --git a/0001-curl-8.17.0-vquic-do_sendmsg-full-init.patch b/0001-curl-8.17.0-vquic-do_sendmsg-full-init.patch new file mode 100644 index 0000000..f41b79a --- /dev/null +++ b/0001-curl-8.17.0-vquic-do_sendmsg-full-init.patch @@ -0,0 +1,34 @@ +From aa95d1ceda65e7aa20110a69742797d80009e7de Mon Sep 17 00:00:00 2001 +From: Stefan Eissing +Date: Thu, 27 Nov 2025 10:23:43 +0100 +Subject: [PATCH 1/2] vquic: do_sendmsg full init + +When passing a `msg_ctrl` to sendmsg() as part of GSO handling, zero the +complete array. This fixes any false positives by valgrind that complain +about uninitialised memory, even though the kernel only ever accesses +the first two bytes. + +Reported-by: Aleksei Bavshin +Fixes #19714 +Closes #19715 + +(cherry picked from commit a9e7a027ed866b791c12a3c701dc40304f4e00cb) +--- + lib/vquic/vquic.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/lib/vquic/vquic.c b/lib/vquic/vquic.c +index 7533001ea..2e8d8e5cd 100644 +--- a/lib/vquic/vquic.c ++++ b/lib/vquic/vquic.c +@@ -144,6 +144,7 @@ static CURLcode do_sendmsg(struct Curl_cfilter *cf, + if(pktlen > gsolen) { + /* Only set this, when we need it. macOS, for example, + * does not seem to like a msg_control of length 0. */ ++ memset(msg_ctrl, 0, sizeof(msg_ctrl)); + msg.msg_control = msg_ctrl; + assert(sizeof(msg_ctrl) >= CMSG_SPACE(sizeof(int))); + msg.msg_controllen = CMSG_SPACE(sizeof(int)); +-- +2.52.0 + diff --git a/0002-curl-8.17.0-ngtcp2-openssl-fix-leak-of-session.patch b/0002-curl-8.17.0-ngtcp2-openssl-fix-leak-of-session.patch new file mode 100644 index 0000000..4db6234 --- /dev/null +++ b/0002-curl-8.17.0-ngtcp2-openssl-fix-leak-of-session.patch @@ -0,0 +1,32 @@ +From a11ab7ad4ea0d97ac0d5af1e28b30b00c37c3c3c Mon Sep 17 00:00:00 2001 +From: Stefan Eissing +Date: Thu, 27 Nov 2025 12:11:39 +0100 +Subject: [PATCH 2/2] ngtcp2+openssl: fix leak of session + +Fix return value indicating to OpenSSL if reference to session is kept +(it is not), so OpenSSL frees it. + +Reported-by: Aleksei Bavshin +Fixes #19717 +Closes #19718 + +(cherry picked from commit 9bb5c0578b39e5b086b6a9db5c6eb299a0fe1c5c) +--- + lib/vquic/curl_ngtcp2.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/lib/vquic/curl_ngtcp2.c b/lib/vquic/curl_ngtcp2.c +index f72f6630f..069dcb67e 100644 +--- a/lib/vquic/curl_ngtcp2.c ++++ b/lib/vquic/curl_ngtcp2.c +@@ -2262,7 +2262,6 @@ static int quic_ossl_new_session_cb(SSL *ssl, SSL_SESSION *ssl_sessionid) + #endif + Curl_ossl_add_session(cf, data, ctx->peer.scache_key, ssl_sessionid, + SSL_version(ssl), "h3", quic_tp, quic_tp_len); +- return 1; + } + return 0; + } +-- +2.52.0 + diff --git a/curl.spec b/curl.spec index ca173a3..a58a893 100644 --- a/curl.spec +++ b/curl.spec @@ -7,7 +7,7 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl Version: 8.17.0 -Release: 3%{?dist} +Release: 4%{?dist} License: curl Source0: https://curl.se/download/%{name}-%{version_no_tilde}.tar.xz Source1: https://curl.se/download/%{name}-%{version_no_tilde}.tar.xz.asc @@ -16,6 +16,10 @@ Source1: https://curl.se/download/%{name}-%{version_no_tilde}.tar.xz.asc # which points to the GPG key as of April 7th 2016 of https://daniel.haxx.se/mykey.asc Source2: mykey.asc +# Fix valgrind issues in HTTP/3 +Patch001: 0001-curl-8.17.0-vquic-do_sendmsg-full-init.patch +Patch002: 0002-curl-8.17.0-ngtcp2-openssl-fix-leak-of-session.patch + # patch making libcurl multilib ready Patch101: 0101-curl-7.32.0-multilib.patch @@ -415,6 +419,9 @@ rm -f ${RPM_BUILD_ROOT}%{_mandir}/man1/wcurl.1* %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %changelog +* Thu Dec 04 2025 Jan Macku - 8.17.0-4 +- apply upstream patches for valgrind issues in HTTP/3 (#2408809) + * Thu Nov 13 2025 Jan Macku - 8.17.0-3 - recommend wcurl package instead of bundled wcurl utility From fe73859ecd63f56854b599eda9bc8d991c933d8b Mon Sep 17 00:00:00 2001 From: Aleksei Bavshin Date: Thu, 9 Oct 2025 14:36:47 -0700 Subject: [PATCH 40/44] Enable HTTP/3 support with ngtcp2 --- curl.spec | 36 ++++++++++++++++++++++++++++++++++-- 1 file changed, 34 insertions(+), 2 deletions(-) diff --git a/curl.spec b/curl.spec index a58a893..a47f422 100644 --- a/curl.spec +++ b/curl.spec @@ -4,10 +4,15 @@ # Change the bcond to 0 to turn off ENGINE support by default %bcond openssl_engine_support %[%{defined fedora} || 0%{?rhel} < 10] +# HTTP/3 support +# This is using ngtcp2 with OpenSSL 3.5 QUIC support instead of curl's +# experimental native OpenSSL 3.5 support. +%bcond http3 %[0%{?fedora} >= 43] + Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl Version: 8.17.0 -Release: 4%{?dist} +Release: 5%{?dist} License: curl Source0: https://curl.se/download/%{name}-%{version_no_tilde}.tar.xz Source1: https://curl.se/download/%{name}-%{version_no_tilde}.tar.xz.asc @@ -50,10 +55,16 @@ BuildRequires: groff BuildRequires: krb5-devel BuildRequires: libidn2-devel BuildRequires: libnghttp2-devel +%if %{with http3} +BuildRequires: libnghttp3-devel +%endif BuildRequires: libpsl-devel BuildRequires: libssh-devel BuildRequires: libtool BuildRequires: make +%if %{with http3} +BuildRequires: ngtcp2-crypto-ossl-devel +%endif BuildRequires: openldap-devel BuildRequires: openssh-clients BuildRequires: openssh-server @@ -148,6 +159,10 @@ Requires: libcurl%{?_isa} >= %{version}-%{release} # to ensure that we have the necessary symbols available (#2144277) %global libnghttp2_version %(pkg-config --modversion libnghttp2 2>/dev/null || echo 0) +# require at least the version of libnghttp3 that we were built against, +# to ensure that we have the necessary symbols available +%global libnghttp3_version %(pkg-config --modversion libnghttp3 2>/dev/null || echo 0) + # require at least the version of libpsl that we were built against, # to ensure that we have the necessary symbols available (#1631804) %global libpsl_version %(pkg-config --modversion libpsl 2>/dev/null || echo 0) @@ -156,6 +171,10 @@ Requires: libcurl%{?_isa} >= %{version}-%{release} # to ensure that we have the necessary symbols available (#525002, #642796) %global libssh_version %(pkg-config --modversion libssh 2>/dev/null || echo 0) +# require at least the version of ngtcp2 that we were built against, +# to ensure that we have the necessary symbols available +%global ngtcp2_version %(pkg-config --modversion libngtcp2 2>/dev/null || echo 0) + # require at least the version of openssl-libs that we were built against, # to ensure that we have the necessary symbols available (#1462184, #1462211) # (we need to translate 3.0.0-alpha16 -> 3.0.0-0.alpha16 and 3.0.0-beta1 -> 3.0.0-0.beta1 though) @@ -172,8 +191,14 @@ resume, proxy tunneling and a busload of other useful tricks. %package -n libcurl Summary: A library for getting files from web servers Requires: libnghttp2%{?_isa} >= %{libnghttp2_version} +%if %{with http3} +Requires: libnghttp3%{?_isa} >= %{libnghttp3_version} +%endif Requires: libpsl%{?_isa} >= %{libpsl_version} Requires: libssh%{?_isa} >= %{libssh_version} +%if %{with http3} +Requires: ngtcp2%{?_isa} >= %{ngtcp2_version} +%endif Requires: openssl-libs%{?_isa} >= 1:%{openssl_version} Provides: libcurl-full = %{version}-%{release} Provides: libcurl-full%{?_isa} = %{version}-%{release} @@ -313,7 +338,11 @@ export common_configure_opts=" \ --enable-websockets \ --with-brotli \ --with-libpsl \ - --with-libssh + --with-libssh \ +%if %{with http3} + --with-nghttp3 \ + --with-ngtcp2 \ +%endif ) # avoid using rpath @@ -419,6 +448,9 @@ rm -f ${RPM_BUILD_ROOT}%{_mandir}/man1/wcurl.1* %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %changelog +* Sun Dec 07 2025 Aleksei Bavshin - 8.17.0-5 +- Enable HTTP/3 support with ngtcp2 + * Thu Dec 04 2025 Jan Macku - 8.17.0-4 - apply upstream patches for valgrind issues in HTTP/3 (#2408809) From 9d9fd36c2e8580eea7562a01230282bde942487e Mon Sep 17 00:00:00 2001 From: Jan Macku Date: Tue, 9 Dec 2025 08:50:28 +0100 Subject: [PATCH 41/44] new upstream release - 8.18.0~rc1 --- ...rl-8.17.0-vquic-do_sendmsg-full-init.patch | 34 ------------------- ...0-ngtcp2-openssl-fix-leak-of-session.patch | 32 ----------------- curl.spec | 12 +++---- sources | 4 +-- 4 files changed, 8 insertions(+), 74 deletions(-) delete mode 100644 0001-curl-8.17.0-vquic-do_sendmsg-full-init.patch delete mode 100644 0002-curl-8.17.0-ngtcp2-openssl-fix-leak-of-session.patch diff --git a/0001-curl-8.17.0-vquic-do_sendmsg-full-init.patch b/0001-curl-8.17.0-vquic-do_sendmsg-full-init.patch deleted file mode 100644 index f41b79a..0000000 --- a/0001-curl-8.17.0-vquic-do_sendmsg-full-init.patch +++ /dev/null @@ -1,34 +0,0 @@ -From aa95d1ceda65e7aa20110a69742797d80009e7de Mon Sep 17 00:00:00 2001 -From: Stefan Eissing -Date: Thu, 27 Nov 2025 10:23:43 +0100 -Subject: [PATCH 1/2] vquic: do_sendmsg full init - -When passing a `msg_ctrl` to sendmsg() as part of GSO handling, zero the -complete array. This fixes any false positives by valgrind that complain -about uninitialised memory, even though the kernel only ever accesses -the first two bytes. - -Reported-by: Aleksei Bavshin -Fixes #19714 -Closes #19715 - -(cherry picked from commit a9e7a027ed866b791c12a3c701dc40304f4e00cb) ---- - lib/vquic/vquic.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/lib/vquic/vquic.c b/lib/vquic/vquic.c -index 7533001ea..2e8d8e5cd 100644 ---- a/lib/vquic/vquic.c -+++ b/lib/vquic/vquic.c -@@ -144,6 +144,7 @@ static CURLcode do_sendmsg(struct Curl_cfilter *cf, - if(pktlen > gsolen) { - /* Only set this, when we need it. macOS, for example, - * does not seem to like a msg_control of length 0. */ -+ memset(msg_ctrl, 0, sizeof(msg_ctrl)); - msg.msg_control = msg_ctrl; - assert(sizeof(msg_ctrl) >= CMSG_SPACE(sizeof(int))); - msg.msg_controllen = CMSG_SPACE(sizeof(int)); --- -2.52.0 - diff --git a/0002-curl-8.17.0-ngtcp2-openssl-fix-leak-of-session.patch b/0002-curl-8.17.0-ngtcp2-openssl-fix-leak-of-session.patch deleted file mode 100644 index 4db6234..0000000 --- a/0002-curl-8.17.0-ngtcp2-openssl-fix-leak-of-session.patch +++ /dev/null @@ -1,32 +0,0 @@ -From a11ab7ad4ea0d97ac0d5af1e28b30b00c37c3c3c Mon Sep 17 00:00:00 2001 -From: Stefan Eissing -Date: Thu, 27 Nov 2025 12:11:39 +0100 -Subject: [PATCH 2/2] ngtcp2+openssl: fix leak of session - -Fix return value indicating to OpenSSL if reference to session is kept -(it is not), so OpenSSL frees it. - -Reported-by: Aleksei Bavshin -Fixes #19717 -Closes #19718 - -(cherry picked from commit 9bb5c0578b39e5b086b6a9db5c6eb299a0fe1c5c) ---- - lib/vquic/curl_ngtcp2.c | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/lib/vquic/curl_ngtcp2.c b/lib/vquic/curl_ngtcp2.c -index f72f6630f..069dcb67e 100644 ---- a/lib/vquic/curl_ngtcp2.c -+++ b/lib/vquic/curl_ngtcp2.c -@@ -2262,7 +2262,6 @@ static int quic_ossl_new_session_cb(SSL *ssl, SSL_SESSION *ssl_sessionid) - #endif - Curl_ossl_add_session(cf, data, ctx->peer.scache_key, ssl_sessionid, - SSL_version(ssl), "h3", quic_tp, quic_tp_len); -- return 1; - } - return 0; - } --- -2.52.0 - diff --git a/curl.spec b/curl.spec index a47f422..6ce39e2 100644 --- a/curl.spec +++ b/curl.spec @@ -11,8 +11,8 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl -Version: 8.17.0 -Release: 5%{?dist} +Version: 8.18.0~rc1 +Release: 1%{?dist} License: curl Source0: https://curl.se/download/%{name}-%{version_no_tilde}.tar.xz Source1: https://curl.se/download/%{name}-%{version_no_tilde}.tar.xz.asc @@ -21,10 +21,6 @@ Source1: https://curl.se/download/%{name}-%{version_no_tilde}.tar.xz.asc # which points to the GPG key as of April 7th 2016 of https://daniel.haxx.se/mykey.asc Source2: mykey.asc -# Fix valgrind issues in HTTP/3 -Patch001: 0001-curl-8.17.0-vquic-do_sendmsg-full-init.patch -Patch002: 0002-curl-8.17.0-ngtcp2-openssl-fix-leak-of-session.patch - # patch making libcurl multilib ready Patch101: 0101-curl-7.32.0-multilib.patch @@ -448,6 +444,10 @@ rm -f ${RPM_BUILD_ROOT}%{_mandir}/man1/wcurl.1* %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %changelog +* Tue Dec 09 2025 Jan Macku - 8.18.0~rc1-1 +- new upstream release candidate +- drop upstreamed patches + * Sun Dec 07 2025 Aleksei Bavshin - 8.17.0-5 - Enable HTTP/3 support with ngtcp2 diff --git a/sources b/sources index 2d835d7..80cbe05 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (curl-8.17.0.tar.xz.asc) = e77d4cb1f4961aa0df3d76f1a8c55a0b9005ed557adf745f3ab24d33cee2d0e4bd06cecb9d911e76409852e7755129873cc7d24936c846ff1b854903c0f086b2 -SHA512 (curl-8.17.0.tar.xz) = fc6349def40c3c259de2a568631507df17dff83e78a2edbb93f069586dce594439fdc88bef7ce2bed7491f35800b8c0c181c8c88e6ef656cc3c18f9834681eca +SHA512 (curl-8.18.0-rc1.tar.xz) = 34cb17db3b16458a82b6f2c6c72f967cd028449a74a026acb2b6085161644ad352adf9cc9324d1e3264caf9039424bc53863e55ce92da7971e15871fee0c2551 +SHA512 (curl-8.18.0-rc1.tar.xz.asc) = 6b64d4d035de78f5111cc4cd7aaf4f6e5d4f14e5ee6685a3ff4e5d67f93aa45008a6c85f62cea54800872815fc01158339fc5d53959d060062cffce327a5346d From 9e1a11614b37b5a26a09a2bca7f81270633e3cbc Mon Sep 17 00:00:00 2001 From: Jan Macku Date: Tue, 16 Dec 2025 14:49:18 +0100 Subject: [PATCH 42/44] new upstream release - 8.18.0~rc2 --- 0101-curl-7.32.0-multilib.patch | 14 +++++----- 0105-curl-8.11.1-test616.patch | 48 --------------------------------- curl.spec | 14 +++++----- sources | 4 +-- 4 files changed, 17 insertions(+), 63 deletions(-) delete mode 100644 0105-curl-8.11.1-test616.patch diff --git a/0101-curl-7.32.0-multilib.patch b/0101-curl-7.32.0-multilib.patch index 79e9855..f7f66e6 100644 --- a/0101-curl-7.32.0-multilib.patch +++ b/0101-curl-7.32.0-multilib.patch @@ -1,6 +1,6 @@ -From ae56f768f418e1dd91f9eb3edf1a88453f61e160 Mon Sep 17 00:00:00 2001 +From 6bb4e674cdc953f5c0048aa84172539900725166 Mon Sep 17 00:00:00 2001 From: Jan Macku -Date: Mon, 25 Aug 2025 10:41:12 +0200 +Date: Tue, 16 Dec 2025 10:04:40 +0100 Subject: [PATCH] prevent multilib conflicts on the curl-config script --- @@ -10,7 +10,7 @@ Subject: [PATCH] prevent multilib conflicts on the curl-config script 3 files changed, 9 insertions(+), 19 deletions(-) diff --git a/curl-config.in b/curl-config.in -index ce23519..bb43ca8 100644 +index a1c8185875..bb43ca8335 100644 --- a/curl-config.in +++ b/curl-config.in @@ -74,7 +74,7 @@ while test "$#" -gt 0; do @@ -26,7 +26,7 @@ index ce23519..bb43ca8 100644 ;; --libs) -- if test "@libdir@" != '/usr/lib' -a "@libdir@" != '/usr/lib64'; then +- if test "@libdir@" != '/usr/lib' && test "@libdir@" != '/usr/lib64'; then - curllibdir="-L@libdir@ " - else - curllibdir='' @@ -61,7 +61,7 @@ index ce23519..bb43ca8 100644 *) diff --git a/docs/curl-config.md b/docs/curl-config.md -index 12ad245..fa0e03d 100644 +index 12ad245b79..fa0e03d273 100644 --- a/docs/curl-config.md +++ b/docs/curl-config.md @@ -87,7 +87,9 @@ no, one or several names. If more than one name, they appear comma-separated. @@ -76,7 +76,7 @@ index 12ad245..fa0e03d 100644 ## `--version` diff --git a/libcurl.pc.in b/libcurl.pc.in -index c0ba524..f3645e1 100644 +index c0ba5244a8..f3645e1748 100644 --- a/libcurl.pc.in +++ b/libcurl.pc.in @@ -28,6 +28,7 @@ libdir=@libdir@ @@ -88,5 +88,5 @@ index c0ba524..f3645e1 100644 Name: libcurl URL: https://curl.se/ -- -2.50.1 +2.52.0 diff --git a/0105-curl-8.11.1-test616.patch b/0105-curl-8.11.1-test616.patch deleted file mode 100644 index 91bde80..0000000 --- a/0105-curl-8.11.1-test616.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 82baec8c7cd40361585d8793dfe4531f7aad30e3 Mon Sep 17 00:00:00 2001 -From: Jan Macku -Date: Wed, 11 Dec 2024 13:16:12 +0100 -Subject: [PATCH] test616: disable valgrind - -Valgrind disable was removed in upstream in https://github.com/curl/curl/commit/c91c37b6e87ceee760b7bb334c8e97e03ee93e93#diff-e01fd8774cf5b26329c7dc7dc03ec49745469205f3d501ced72c9d133455d5e7L35 -But test 616 is still failing under valgrind, so disable valgrind for this test. - -``` - valgrind ERROR ==188588== 144 bytes in 1 blocks are definitely lost in loss record 1 of 1 -==188588== at 0x484B133: calloc (vg_replace_malloc.c:1675) -==188588== by 0x4BB7575: ??? (in /usr/lib64/libssh.so.4.10.1) -==188588== by 0x4BB8CC6: sftp_fstat (in /usr/lib64/libssh.so.4.10.1) -==188588== by 0x48EEAFB: myssh_statemach_act (libssh.c:1610) -==188588== by 0x48F1B9D: myssh_multi_statemach.lto_priv.0 (libssh.c:2095) -==188588== by 0x48BA971: UnknownInlinedFun (multi.c:1643) -==188588== by 0x48BA971: UnknownInlinedFun (multi.c:2314) -==188588== by 0x48BA971: multi_runsingle (multi.c:2768) -==188588== by 0x48BCCA4: curl_multi_perform (multi.c:3016) -==188588== by 0x4884E4A: UnknownInlinedFun (easy.c:701) -==188588== by 0x4884E4A: UnknownInlinedFun (easy.c:796) -==188588== by 0x4884E4A: curl_easy_perform (easy.c:815) -==188588== by 0x10C12B: UnknownInlinedFun (tool_operate.c:2902) -==188588== by 0x10C12B: UnknownInlinedFun (tool_operate.c:3127) -==188588== by 0x10C12B: UnknownInlinedFun (tool_operate.c:3249) -==188588== by 0x10C12B: main (tool_main.c:271) -==188588== -``` ---- - tests/data/test616 | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/tests/data/test616 b/tests/data/test616 -index f76c68a..0ebc734 100644 ---- a/tests/data/test616 -+++ b/tests/data/test616 -@@ -32,5 +32,8 @@ SFTP retrieval of empty file - # - # Verify data after the test has been "shot" - -+ -+disable -+ - - --- -2.47.1 - diff --git a/curl.spec b/curl.spec index 6ce39e2..c2ec049 100644 --- a/curl.spec +++ b/curl.spec @@ -11,7 +11,7 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl -Version: 8.18.0~rc1 +Version: 8.18.0~rc2 Release: 1%{?dist} License: curl Source0: https://curl.se/download/%{name}-%{version_no_tilde}.tar.xz @@ -24,9 +24,6 @@ Source2: mykey.asc # patch making libcurl multilib ready Patch101: 0101-curl-7.32.0-multilib.patch -# test616: disable valgrind -Patch105: 0105-curl-8.11.1-test616.patch - Provides: curl-full = %{version}-%{release} # do not fail when trying to install curl-minimal after drop Provides: curl-minimal = %{version}-%{release} @@ -414,9 +411,10 @@ rm -f ${RPM_BUILD_ROOT}%{_mandir}/man1/wcurl.1* %doc README %doc docs/BUGS.md %doc docs/DISTROS.md -%doc docs/FAQ +%doc docs/FAQ.md %doc docs/FEATURES.md -%doc docs/TODO +%doc docs/KNOWN_BUGS.md +%doc docs/TODO.md %doc docs/TheArtOfHttpScripting.md %{_bindir}/curl %{_mandir}/man1/curl.1* @@ -444,6 +442,10 @@ rm -f ${RPM_BUILD_ROOT}%{_mandir}/man1/wcurl.1* %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %changelog +* Tue Dec 16 2025 Jan Macku - 8.18.0~rc2-1 +- new upstream release candidate +- reenable valgrind on test 616 + * Tue Dec 09 2025 Jan Macku - 8.18.0~rc1-1 - new upstream release candidate - drop upstreamed patches diff --git a/sources b/sources index 80cbe05..f75181e 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (curl-8.18.0-rc1.tar.xz) = 34cb17db3b16458a82b6f2c6c72f967cd028449a74a026acb2b6085161644ad352adf9cc9324d1e3264caf9039424bc53863e55ce92da7971e15871fee0c2551 -SHA512 (curl-8.18.0-rc1.tar.xz.asc) = 6b64d4d035de78f5111cc4cd7aaf4f6e5d4f14e5ee6685a3ff4e5d67f93aa45008a6c85f62cea54800872815fc01158339fc5d53959d060062cffce327a5346d +SHA512 (curl-8.18.0-rc2.tar.xz) = 4a71016d3a1d53bda007dc510c6eb7c1f35f04f4bb5c9cb1b10595e2ea15062993edd5fcdf73d008f6e91db48467e6a3428dd96e64ad9fb7acdf74db15ac5564 +SHA512 (curl-8.18.0-rc2.tar.xz.asc) = d3cfefd964958aa83da3005030899d12ed6ac0c456b2a2b1490a76a06c5abff839b4d70c1bad1d6218f9bdae0e63e368fc6a423ed10d03334609b499b7440762 From da5bf8f889f2af14cee4a633294b06b02f90ac16 Mon Sep 17 00:00:00 2001 From: Jan Macku Date: Mon, 5 Jan 2026 09:35:50 +0100 Subject: [PATCH 43/44] new upstream release - 8.18.0~rc3 --- curl.spec | 5 ++++- sources | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/curl.spec b/curl.spec index c2ec049..758e807 100644 --- a/curl.spec +++ b/curl.spec @@ -11,7 +11,7 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl -Version: 8.18.0~rc2 +Version: 8.18.0~rc3 Release: 1%{?dist} License: curl Source0: https://curl.se/download/%{name}-%{version_no_tilde}.tar.xz @@ -442,6 +442,9 @@ rm -f ${RPM_BUILD_ROOT}%{_mandir}/man1/wcurl.1* %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %changelog +* Mon Jan 05 2026 Jan Macku - 8.18.0~rc3-1 +- new upstream release candidate + * Tue Dec 16 2025 Jan Macku - 8.18.0~rc2-1 - new upstream release candidate - reenable valgrind on test 616 diff --git a/sources b/sources index f75181e..5d0cff9 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (curl-8.18.0-rc2.tar.xz) = 4a71016d3a1d53bda007dc510c6eb7c1f35f04f4bb5c9cb1b10595e2ea15062993edd5fcdf73d008f6e91db48467e6a3428dd96e64ad9fb7acdf74db15ac5564 -SHA512 (curl-8.18.0-rc2.tar.xz.asc) = d3cfefd964958aa83da3005030899d12ed6ac0c456b2a2b1490a76a06c5abff839b4d70c1bad1d6218f9bdae0e63e368fc6a423ed10d03334609b499b7440762 +SHA512 (curl-8.18.0-rc3.tar.xz) = 1139b79a6c4356fdf6f368812402c2f9bafcbaec6323c367aef85c4d00ffda9541a87ef476ce9a099142ef6f824b562c9dc840878add60a616f0e441fef44801 +SHA512 (curl-8.18.0-rc3.tar.xz.asc) = fac23b293cec82596ddd7757c0984e3977259c5116ddef719fad2a39a3723cf7cb5d85d12c5c5b2542f34a5411aa6f42f4fb08729fde6c564cd3567f2a3f0434 From 3c4947ef9777ff0e270d3680b23a3e10134ee68f Mon Sep 17 00:00:00 2001 From: Jan Macku Date: Wed, 7 Jan 2026 11:16:40 +0100 Subject: [PATCH 44/44] new upstream release - 8.18.0 --- curl.spec | 5 ++++- sources | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/curl.spec b/curl.spec index 758e807..c0ad4db 100644 --- a/curl.spec +++ b/curl.spec @@ -11,7 +11,7 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl -Version: 8.18.0~rc3 +Version: 8.18.0 Release: 1%{?dist} License: curl Source0: https://curl.se/download/%{name}-%{version_no_tilde}.tar.xz @@ -442,6 +442,9 @@ rm -f ${RPM_BUILD_ROOT}%{_mandir}/man1/wcurl.1* %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %changelog +* Wed Jan 07 2026 Jan Macku - 8.18.0-1 +- new upstream release + * Mon Jan 05 2026 Jan Macku - 8.18.0~rc3-1 - new upstream release candidate diff --git a/sources b/sources index 5d0cff9..002e494 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (curl-8.18.0-rc3.tar.xz) = 1139b79a6c4356fdf6f368812402c2f9bafcbaec6323c367aef85c4d00ffda9541a87ef476ce9a099142ef6f824b562c9dc840878add60a616f0e441fef44801 -SHA512 (curl-8.18.0-rc3.tar.xz.asc) = fac23b293cec82596ddd7757c0984e3977259c5116ddef719fad2a39a3723cf7cb5d85d12c5c5b2542f34a5411aa6f42f4fb08729fde6c564cd3567f2a3f0434 +SHA512 (curl-8.18.0.tar.xz) = 50c7a7b0528e0019697b0c59b3e56abb2578c71d77e4c085b56797276094b5611718c0a9cb2b14db7f8ab502fcf8f42a364297a3387fae3870a4d281484ba21c +SHA512 (curl-8.18.0.tar.xz.asc) = 07e08d1bb3f8bf20b3d22f37fbc19c49c0d9ee4ea9d92da76fa8a9de343023e1b5d416ccc6535a4ff98b08b30eb9334fd856227e37564f6bcd542aa81bced152