Merge branch 'master' into private-kdudka-libcurl-minimal

2017-03-14 13:54:42 +01:00 · 2017-03-14 13:54:42 +01:00 · 8bab5c452b
commit 8bab5c452b
parent 927009397f 4832a02ce4
8 changed files with 131 additions and 125 deletions
--- a/0001-curl-7.47.1-psl-localhost.patch
+++ b/0001-curl-7.47.1-psl-localhost.patch
@ -1,47 +0,0 @@
 From 090ee789dda468fe0d9b715ec4e5dc47a948a239 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de>
 Date: Wed, 2 Mar 2016 11:07:16 +0100
 Subject: [PATCH] cookie: do not refuse cookies for localhost
 Closes #658
 ---
 lib/cookie.c        | 10 ++++++----
 tests/data/test1136 |  1 +
 2 files changed, 7 insertions(+), 4 deletions(-)
 diff --git a/lib/cookie.c b/lib/cookie.c
 index d62f446..e5c7b7e 100644
 --- a/lib/cookie.c
 +++ b/lib/cookie.c
@@ -788,10 +788,12 @@ Curl_cookie_add(struct SessionHandle *data,
 #ifdef USE_LIBPSL
   /* Check if the domain is a Public Suffix and if yes, ignore the cookie.
      This needs a libpsl compiled with builtin data. */
 -  if(co->domain && !isip(co->domain) && (psl = psl_builtin()) != NULL) {
 -    if(psl_is_public_suffix(psl, co->domain)) {
 -      infof(data, "cookie '%s' dropped, domain '%s' is a public suffix\n",
 -            co->name, co->domain);
 +  if(domain && co->domain && !isip(co->domain)) {
 +    if (((psl = psl_builtin()) != NULL)
 +        && !psl_is_cookie_domain_acceptable(psl, domain, co->domain)) {
 +      infof(data,
 +            "cookie '%s' dropped, domain '%s' must not set cookies for '%s'\n",
 +            co->name, domain, co->domain);
       freecookie(co);
       return NULL;
     }
 diff --git a/tests/data/test1136 b/tests/data/test1136
 index e42ca06..d3327e8 100644
 --- a/tests/data/test1136
 +++ b/tests/data/test1136
@@ -58,6 +58,7 @@ http://www.example.ck/1136 http://www.ck/1136 http://z-1.compute-1.amazonaws.com
 .www.example.ck	TRUE	/	FALSE	0	test2	allowed2
 .www.ck	TRUE	/	FALSE	0	test4	allowed4
 +.z-1.compute-1.amazonaws.com	TRUE	/	FALSE	0	test5	forbidden5
 </file>
 </verify>
 </testcase>
 -- 
 2.5.0
--- a/0102-curl-7.36.0-debug.patch
+++ b/0102-curl-7.36.0-debug.patch
@ -12,7 +12,7 @@ diff --git a/configure b/configure
 index 8f079a3..53b4774 100755
 --- a/configure
 +++ b/configure
-@@ -16017,18 +16017,11 @@ $as_echo "yes" >&6; }
+@@ -16623,18 +16623,11 @@ $as_echo "yes" >&6; }
     gccvhi=`echo $gccver | cut -d . -f1`
     gccvlo=`echo $gccver | cut -d . -f2`
     compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null`
@ -33,7 +33,7 @@ index 8f079a3..53b4774 100755
 +    flags_opt_yes=""
     flags_opt_off="-O0"
-       if test -z "$SED"; then
+     OLDCPPFLAGS=$CPPFLAGS
 diff --git a/m4/curl-compilers.m4 b/m4/curl-compilers.m4
 index 0cbba7a..9175b5b 100644
 --- a/m4/curl-compilers.m4
--- a/0107-curl-7.21.4-libidn-valgrind.patch
+++ b/0107-curl-7.21.4-libidn-valgrind.patch
@ -1,26 +0,0 @@
 From d6c42a5bf66d4d458b20836573d6989e53f7d423 Mon Sep 17 00:00:00 2001
 From: Kamil Dudka <kdudka@redhat.com>
 Date: Fri, 18 Feb 2011 17:49:59 +0100
 Subject: [PATCH] curl: work around valgrind bug (RHBZ#678518)
 https://bugs.kde.org/show_bug.cgi?id=264936
 ---
 tests/data/test165 |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)
 diff --git a/tests/data/test165 b/tests/data/test165
 index ddfe1e9..b2cbc4f 100644
 --- a/tests/data/test165
 +++ b/tests/data/test165
@@ -54,5 +54,8 @@ Accept: */*
 Proxy-Connection: Keep-Alive
 </protocol>
 +<valgrind>
 +disable
 +</valgrind>
 </verify>
 </testcase>
 -- 
 1.7.4
--- a/curl-7.47.1.tar.lzma.asc
+++ b/curl-7.47.1.tar.lzma.asc
@ -1,7 +0,0 @@
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 iEYEABECAAYFAla4X80ACgkQeOEcayedXJFLWACglcsd1JCV1a5mQlzMVI166llH
 66oAn3wjtUvix9Gn59EGwBz1k5Kby2gH
 =Zg6S
 -----END PGP SIGNATURE-----
--- a/curl-7.53.1.tar.lzma.asc
+++ b/curl-7.53.1.tar.lzma.asc
@ -0,0 +1,11 @@
 -----BEGIN PGP SIGNATURE-----
 iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAliv5c0ACgkQXMkI/bce
 EsIhQAf+MnT0c/mIi2ADpOgYq4+3Hf8hypkuWkICSWwyH8j2mRJCRDPO3yAOU8U9
 RlVEzPm+Tb13zCLWPLgRu1T75YMHPwJ6+q9wnNNGzBFJ5ShWs/JxL1rhj21ZFQoA
 3l/as6qm8iXkbZOfePWNbgr7W+NyasxHjf9L6O31oWauY3X9FYLcYr9nzUTFHFSh
 gzOAxb7/oYkZTtYccvRSI75Eohqi2kSx6gAkMhcWwbqU1QCU80c+vX2PlptaPNP/
 GGpe3IH66q8v/ExfIL/Tu6LfhdV+ulP2c3m++dYiOvT3wUMSuqHt0WzosOHEUjh5
 SFi75fQRJLkA0fn/3luoj9B+PO7G8g==
 =xg39
 -----END PGP SIGNATURE-----
--- a/curl.spec
+++ b/curl.spec
@ -1,14 +1,10 @@
 Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
 Name: curl
-Version: 7.47.1
+Version: 7.53.1
-Release: 4.2%{?dist}
+Release: 3.3%{?dist}
 License: MIT
 Group: Applications/Internet
-Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
+Source: https://curl.haxx.se/download/%{name}-%{version}.tar.lzma
 Source2: curlbuild.h
 # do not refuse cookies for localhost (#1308791)
 Patch1: 0001-curl-7.47.1-psl-localhost.patch
 # patch making libcurl multilib ready
 Patch101: 0101-curl-7.32.0-multilib.patch
@ -19,19 +15,17 @@ Patch102: 0102-curl-7.36.0-debug.patch
 # use localhost6 instead of ip6-localhost in the curl test-suite
 Patch104: 0104-curl-7.19.7-localhost6.patch
 # work around valgrind bug (#678518)
 Patch107: 0107-curl-7.21.4-libidn-valgrind.patch
 Provides: webclient
-URL: http://curl.haxx.se/
+URL: https://curl.haxx.se/
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(id -nu)
 BuildRequires: groff
 BuildRequires: krb5-devel
-BuildRequires: libidn-devel
+BuildRequires: libidn2-devel
 BuildRequires: libmetalink-devel
 BuildRequires: libnghttp2-devel
 BuildRequires: libpsl-devel
 BuildRequires: libssh2-devel
 BuildRequires: multilib-rpm-config
 BuildRequires: nss-devel
 BuildRequires: openldap-devel
 BuildRequires: openssh-clients
@ -41,6 +35,9 @@ BuildRequires: python
 BuildRequires: stunnel
 BuildRequires: zlib-devel
 # nghttpx (an HTTP/2 proxy) is used by the upstream test-suite
 BuildRequires: nghttp2
 # perl modules used in the test suite
 BuildRequires: perl(Cwd)
 BuildRequires: perl(Digest::MD5)
@ -62,7 +59,7 @@ BuildRequires: perl(vars)
 # to be less reliable, in order to avoid unnecessary build failures (see RHBZ
 # #810992, #816175, and #886891).  Nevertheless developers are free to install
 # valgrind manually to improve test coverage on any architecture.
-%ifarch %{ix86} x86_64
+%ifarch x86_64 %{ix86}
 BuildRequires: valgrind
 %endif
@ -85,6 +82,10 @@ Summary: A library for getting files from web servers
 Group: Development/Libraries
 Requires: libssh2%{?_isa} >= %{libssh2_version}
 # libnsspem.so is no longer included in the nss package (#1347336)
 BuildRequires: nss-pem
 Requires: nss-pem%{?_isa}
 %description -n libcurl
 libcurl is a free and easy-to-use client-side URL transfer library, supporting
 FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP,
@ -145,17 +146,11 @@ be installed.
 %setup -q
 # upstream patches
 %patch1 -p1
 # Fedora patches
 %patch101 -p1
 %patch102 -p1
 %patch104 -p1
 %patch107 -p1
 # use RSA instead of DSA for host authentication in SCP and SFTP test-cases
 # because DSA is no longer supported by OpenSSH
 sed -e 's/ds[as]/rsa/g' -i tests/ssh{help.pm,server.pl}
 # disable test 1112 (#565305) and test 1801
 # <https://github.com/bagder/curl/commit/21e82bd6#commitcomment-12226582>
@ -166,6 +161,9 @@ printf "1112\n1801\n" >> tests/data/DISABLED
 echo "1319" >> tests/data/DISABLED
 %endif
 # temporarily disable failing libidn2 test-cases
 printf "1034\n1035\n2046\n2047\n" >> tests/data/DISABLED
 %build
 [ -x /usr/kerberos/bin/krb5-config ] && KRB5_PREFIX="=/usr/kerberos"
 mkdir build-{full,minimal}
@ -179,15 +177,16 @@ export common_configure_opts=" \
    --with-gssapi${KRB5_PREFIX} \
    --without-ssl --with-nss"
 %global _configure ../configure
 # configure minimal build
 (
    cd build-minimal
    ln -s ../configure
    %configure $common_configure_opts \
        --disable-ldap \
        --disable-ldaps \
        --disable-manual \
-        --without-libidn \
+        --without-libidn2 \
        --without-libmetalink \
        --without-libpsl \
        --without-libssh2 \
@ -197,7 +196,6 @@ export common_configure_opts=" \
 # configure full build
 (
    cd build-full
    ln -s ../configure
    %configure $common_configure_opts \
        --enable-ldap \
        --enable-ldaps \
@ -244,21 +242,19 @@ mv -v ${RPM_BUILD_ROOT}%{_bindir}/curl{,.minimal}
 make DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p" install -C build-full
 # install zsh completion for curl
 # (we have to override LD_LIBRARY_PATH because we eliminated rpath)
 LD_LIBRARY_PATH="$RPM_BUILD_ROOT%{_libdir}:$LD_LIBRARY_PATH" \
    make DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p" \
    install -C build-full/scripts
 rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
 install -d $RPM_BUILD_ROOT%{_datadir}/aclocal
 install -m 644 docs/libcurl/libcurl.m4 $RPM_BUILD_ROOT%{_datadir}/aclocal
 # Make libcurl-devel multilib-ready (bug #488922)
-%if 0%{?__isa_bits} == 64
+%multilib_fix_c_header --file %{_includedir}/curl/curlbuild.h
 %global _curlbuild_h curlbuild-64.h
 %else
 %global _curlbuild_h curlbuild-32.h
 %endif
 mv $RPM_BUILD_ROOT%{_includedir}/curl/curlbuild.h \
   $RPM_BUILD_ROOT%{_includedir}/curl/%{_curlbuild_h}
 install -m 644 %{SOURCE2} $RPM_BUILD_ROOT%{_includedir}/curl/curlbuild.h
 %clean
 rm -rf $RPM_BUILD_ROOT
@ -283,8 +279,8 @@ rm -rf $RPM_BUILD_ROOT
 %{_libdir}/libcurl.so.[0-9].[0-9].[0-9]
 %files -n libcurl-devel
-%doc docs/examples/*.c docs/examples/Makefile.example docs/INTERNALS
+%doc docs/examples/*.c docs/examples/Makefile.example docs/INTERNALS.md
-%doc docs/CONTRIBUTE docs/libcurl/ABI
+%doc docs/CONTRIBUTE.md docs/libcurl/ABI
 %{_bindir}/curl-config*
 %{_includedir}/curl
 %{_libdir}/*.so
@ -304,6 +300,94 @@ rm -rf $RPM_BUILD_ROOT
 %{_libdir}/libcurl.so.[0-9].[0-9].[0-9].minimal
 %changelog
 * Tue Mar 14 2017 Kamil Dudka <kdudka@redhat.com> 7.53.1-3.3
 - rebase on top of current master
 * Mon Mar 06 2017 Kamil Dudka <kdudka@redhat.com> 7.53.1-3
 - make the dependency on nss-pem arch-specific (#1428550)
 * Thu Mar 02 2017 Kamil Dudka <kdudka@redhat.com> 7.53.1-2
 - re-enable valgrind on ix86 because sqlite is fixed (#1428286)
 * Fri Feb 24 2017 Kamil Dudka <kdudka@redhat.com> 7.53.1-1
 - new upstream release
 * Wed Feb 22 2017 Kamil Dudka <kdudka@redhat.com> 7.53.0-1
 - do not use valgrind on ix86 until sqlite is rebuilt by patched GCC (#1423434)
 - new upstream release (fixes CVE-2017-2629)
 * Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 7.52.1-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
 * Fri Dec 23 2016 Kamil Dudka <kdudka@redhat.com> 7.52.1-1
 - new upstream release (fixes CVE-2016-9586)
 * Mon Nov 21 2016 Kamil Dudka <kdudka@redhat.com> 7.51.0-3
 - map CURL_SSLVERSION_DEFAULT to NSS default, add support for TLS 1.3 (#1396719)
 * Tue Nov 15 2016 Kamil Dudka <kdudka@redhat.com> 7.51.0-2
 - stricter host name checking for file:// URLs
 - ssh: check md5 fingerprints case insensitively
 * Wed Nov 02 2016 Kamil Dudka <kdudka@redhat.com> 7.51.0-1
 - temporarily disable failing libidn2 test-cases
 - new upstream release, which fixes the following vulnerabilities
    CVE-2016-8615 - Cookie injection for other servers
    CVE-2016-8616 - Case insensitive password comparison
    CVE-2016-8617 - Out-of-bounds write via unchecked multiplication
    CVE-2016-8618 - Double-free in curl_maprintf
    CVE-2016-8619 - Double-free in krb5 code
    CVE-2016-8620 - Glob parser write/read out of bounds
    CVE-2016-8621 - curl_getdate out-of-bounds read
    CVE-2016-8622 - URL unescape heap overflow via integer truncation
    CVE-2016-8623 - Use-after-free via shared cookies
    CVE-2016-8624 - Invalid URL parsing with '#'
    CVE-2016-8625 - IDNA 2003 makes curl use wrong host
 * Thu Oct 20 2016 Kamil Dudka <kdudka@redhat.com> 7.50.3-3
 - drop 0103-curl-7.50.0-stunnel.patch no longer needed
 * Fri Oct 07 2016 Kamil Dudka <kdudka@redhat.com> 7.50.3-2
 - use the just built version of libcurl while generating zsh completion
 * Wed Sep 14 2016 Kamil Dudka <kdudka@redhat.com> 7.50.3-1
 - new upstream release (fixes CVE-2016-7167)
 * Wed Sep 07 2016 Kamil Dudka <kdudka@redhat.com> 7.50.2-1
 - new upstream release
 * Fri Aug 26 2016 Kamil Dudka <kdudka@redhat.com> 7.50.1-2
 - work around race condition in PK11_FindSlotByName()
 - fix incorrect use of a previously loaded certificate from file
  (related to CVE-2016-5420)
 * Wed Aug 03 2016 Kamil Dudka <kdudka@redhat.com> 7.50.1-1
 - new upstream release (fixes CVE-2016-5419, CVE-2016-5420, and CVE-2016-5421)
 * Tue Jul 26 2016 Kamil Dudka <kdudka@redhat.com> 7.50.0-2
 - run HTTP/2 tests on all architectures (#1360319 now worked around in nghttp2)
 * Thu Jul 21 2016 Kamil Dudka <kdudka@redhat.com> 7.50.0-1
 - run HTTP/2 tests only on Intel for now to work around #1358845
 - require nss-pem because it is no longer included in the nss package (#1347336)
 - fix HTTPS and FTPS tests (work around stunnel bug #1358810)
 - new upstream release
 * Fri Jun 17 2016 Kamil Dudka <kdudka@redhat.com> 7.49.1-3
 - use multilib-rpm-config to install arch-dependent header files
 * Fri Jun 03 2016 Kamil Dudka <kdudka@redhat.com> 7.49.1-2
 - fix SIGSEGV of the curl tool while parsing URL with too many globs (#1340757)
 * Mon May 30 2016 Kamil Dudka <kdudka@redhat.com> 7.49.1-1
 - new upstream release
 * Wed May 18 2016 Kamil Dudka <kdudka@redhat.com> 7.49.0-1
 - new upstream release
 * Wed Mar 23 2016 Kamil Dudka <kdudka@redhat.com> 7.48.0-1
 - new upstream release
 * Thu Mar 17 2016 Kamil Dudka <kdudka@redhat.com> 7.47.1-4.2
 - keep the GSS-API support in libcurl-minimal, too
--- a/curlbuild.h
+++ b/curlbuild.h
@ -1,9 +0,0 @@
 #include <bits/wordsize.h>
 #if __WORDSIZE == 32
 #include "curlbuild-32.h"
 #elif __WORDSIZE == 64
 #include "curlbuild-64.h"
 #else
 #error "Unknown word size"
 #endif
--- a/2
+++ b/2
@ -1 +1 @@
-8242c073d8e5fc1c2a1aa946f1e903a4  curl-7.47.1.tar.lzma
+SHA512 (curl-7.53.1.tar.lzma) = 1a04904a32b3c8767bcdc629c08446495ed40b7ed20e96d74101a0539bc88eba9a2350712afda94d886520f480172f532f020f0c730deb2bbec0bdc2eb5371ea
`@ -1 +1 @@`
	`8242c073d8e5fc1c2a1aa946f1e903a4 curl-7.47.1.tar.lzma`	`SHA512 (curl-7.53.1.tar.lzma) = 1a04904a32b3c8767bcdc629c08446495ed40b7ed20e96d74101a0539bc88eba9a2350712afda94d886520f480172f532f020f0c730deb2bbec0bdc2eb5371ea`