PR#30: new upstream release - 8.7.1 - rpms/curl

rpms / curl

#30 new upstream release - 8.7.1

Merged 2 months ago by jamacku. Opened 2 months ago by jamacku.

rpms/ jamacku/curl 8.7.1 into rawhide

new upstream release - 8.7.1

Jan Macku • 2 months ago

f9311ae

.gitignore

file modified

+1 -2

		`@@ -1,5 +1,4 @@`
		`- /curl-[0-9.]*.tar.lzma`
		`- /curl-[0-9.]*.tar.lzma.asc`
		`/curl-[0-9.]*.tar.xz`
		`/curl-[0-9.]*.tar.xz.asc`
		`/curl-[0-9].[0-9].[0-9]/`
		`+ /*.src.rpm`

0001-curl-8.6.0-remove-duplicate-content.patch

file removed

-108

		`@@ -1,108 +0,0 @@`
		`- From 960cf3ceb40cf875b146d4d1065d9267ccb83da1 Mon Sep 17 00:00:00 2001`
		`- From: Jan Macku <jamacku@redhat.com>`
		`- Date: Thu, 1 Feb 2024 12:56:31 +0100`
		`- Subject: [PATCH 1/2] doc: remove duplicate content from curl-config.1`
		`-`
		`- This will be resolved in next release by:`
		`- https://github.com/curl/curl/pull/12818`
		`-`
		`- see also: https://github.com/curl/curl/issues/12840`
		`-`
		`- Signed-off-by: Jan Macku <jamacku@redhat.com>`
		`- ---`
		`- docs/curl-config.1 \| 82 ----------------------------------------------`
		`- 1 file changed, 82 deletions(-)`
		`-`
		`- diff --git a/docs/curl-config.1 b/docs/curl-config.1`
		`- index 186ba3a..c142cb9 100644`
		`- --- a/docs/curl-config.1`
		`- +++ b/docs/curl-config.1`
		`- @@ -80,85 +80,3 @@ How do I build a single file with a one\-line command?`
		`- .fi`
		`- .SH SEE ALSO`
		`- .BR curl (1)`
		`- -.\" generated by cd2nroff 0.1 from curl-config.md`
		`- -.TH curl-config 1 "January 26 2024" curl-config`
		`- -.SH NAME`
		`- -curl\-config \- Get information about a libcurl installation`
		`- -.SH SYNOPSIS`
		`- -\fBcurl\-config [options]\fP`
		`- -.SH DESCRIPTION`
		`- -\fBcurl\-config\fP`
		`- -displays information about the curl and libcurl installation.`
		`- -.SH OPTIONS`
		`- -.IP --ca`
		`- -Displays the built\-in path to the CA cert bundle this libcurl uses.`
		`- -.IP --cc`
		`- -Displays the compiler used to build libcurl.`
		`- -.IP --cflags`
		`- -Set of compiler options (CFLAGS) to use when compiling files that use`
		`- -libcurl. Currently that is only the include path to the curl include files.`
		`- -.IP "--checkfor [version]"`
		`- -Specify the oldest possible libcurl version string you want, and this`
		`- -script will return 0 if the current installation is new enough or it`
		`- -returns 1 and outputs a text saying that the current version is not new`
		`- -enough. (Added in 7.15.4)`
		`- -.IP --configure`
		`- -Displays the arguments given to configure when building curl.`
		`- -.IP --feature`
		`- -Lists what particular main features the installed libcurl was built with. At`
		`- -the time of writing, this list may include SSL, KRB4 or IPv6. Do not assume`
		`- -any particular order. The keywords will be separated by newlines. There may be`
		`- -none, one, or several keywords in the list.`
		`- -.IP --help`
		`- -Displays the available options.`
		`- -.IP --libs`
		`- -Shows the complete set of libs and other linker options you will need in order`
		`- -to link your application with libcurl.`
		`- -.IP --prefix`
		`- -This is the prefix used when libcurl was installed. Libcurl is then installed`
		`- -in $prefix/lib and its header files are installed in $prefix/include and so`
		`- -on. The prefix is set with "configure \--prefix".`
		`- -.IP --protocols`
		`- -Lists what particular protocols the installed libcurl was built to support. At`
		`- -the time of writing, this list may include HTTP, HTTPS, FTP, FTPS, FILE,`
		`- -TELNET, LDAP, DICT and many more. Do not assume any particular order. The`
		`- -protocols will be listed using uppercase and are separated by newlines. There`
		`- -may be none, one, or several protocols in the list. (Added in 7.13.0)`
		`- -.IP --ssl-backends`
		`- -Lists the SSL backends that were enabled when libcurl was built. It might be`
		`- -no, one or several names. If more than one name, they will appear`
		`- -comma\-separated. (Added in 7.58.0)`
		`- -.IP --static-libs`
		`- -Shows the complete set of libs and other linker options you will need in order`
		`- -to link your application with libcurl statically. (Added in 7.17.1)`
		`- -.IP --version`
		`- -Outputs version information about the installed libcurl.`
		`- -.IP --vernum`
		`- -Outputs version information about the installed libcurl, in numerical mode.`
		`- -This shows the version number, in hexadecimal, using 8 bits for each part:`
		`- -major, minor, and patch numbers. This makes libcurl 7.7.4 appear as 070704 and`
		`- -libcurl 12.13.14 appear as 0c0d0e... Note that the initial zero might be`
		`- -omitted. (This option was broken in the 7.15.0 release.)`
		`- -.SH EXAMPLES`
		`- -What linker options do I need when I link with libcurl?`
		`- -.nf`
		`- - $ curl-config --libs`
		`- -.fi`
		`- -What compiler options do I need when I compile using libcurl functions?`
		`- -.nf`
		`- - $ curl-config --cflags`
		`- -.fi`
		`- -How do I know if libcurl was built with SSL support?`
		`- -.nf`
		`- - $ curl-config --feature \| grep SSL`
		`- -.fi`
		`- -What\(aqs the installed libcurl version?`
		`- -.nf`
		`- - $ curl-config --version`
		`- -.fi`
		`- -How do I build a single file with a one\-line command?`
		`- -.nf`
		- - $ `curl-config --cc --cflags` -o example source.c `curl-config --libs`
		`- -.fi`
		`- -.SH SEE ALSO`
		`- -.BR curl (1)`
		`- --`
		`- 2.43.0`
		`-`

0001-curl-8.7.1-fix-compressed-option.patch

file added

+174

		`@@ -0,0 +1,174 @@`
		`+ From 8f1a06a9efe1048c7ad17af43ae7d4b26de8117e Mon Sep 17 00:00:00 2001`
		`+ From: Stefan Eissing <stefan@eissing.org>`
		`+ Date: Thu, 28 Mar 2024 11:08:15 +0100`
		`+ Subject: [PATCH 1/2] content_encoding: brotli and others, pass through`
		`+ 0-length writes`
		`+`
		`+ - curl's transfer handling may write 0-length chunks at the end of the`
		`+ download with an EOS flag. (HTTP/2 does this commonly)`
		`+`
		`+ - content encoders need to pass-through such a write and not count this`
		`+ as error in case they are finished decoding`
		`+`
		`+ Fixes #13209`
		`+ Fixes #13212`
		`+ Closes #13219`
		`+`
		`+ (cherry picked from commit b30d694a027eb771c02a3db0dee0ca03ccab7377)`
		`+ Signed-off-by: Jan Macku <jamacku@redhat.com>`
		`+ ---`
		`+ lib/content_encoding.c \| 10 +++++-----`
		`+ tests/http/test_02_download.py \| 13 +++++++++++++`
		`+ tests/http/testenv/env.py \| 7 ++++++-`
		`+ tests/http/testenv/httpd.py \| 20 ++++++++++++++++++++`
		`+ 4 files changed, 44 insertions(+), 6 deletions(-)`
		`+`
		`+ diff --git a/lib/content_encoding.c b/lib/content_encoding.c`
		`+ index c1abf24e8..8e926dd2e 100644`
		`+ --- a/lib/content_encoding.c`
		`+ +++ b/lib/content_encoding.c`
		`+ @@ -300,7 +300,7 @@ static CURLcode deflate_do_write(struct Curl_easy *data,`
		`+ struct zlib_writer zp = (struct zlib_writer ) writer;`
		`+ z_stream z = &zp->z; / zlib state structure */`
		`+`
		`+ - if(!(type & CLIENTWRITE_BODY))`
		`+ + if(!(type & CLIENTWRITE_BODY) \|\| !nbytes)`
		`+ return Curl_cwriter_write(data, writer->next, type, buf, nbytes);`
		`+`
		`+ /* Set the compressed input when this function is called */`
		`+ @@ -457,7 +457,7 @@ static CURLcode gzip_do_write(struct Curl_easy *data,`
		`+ struct zlib_writer zp = (struct zlib_writer ) writer;`
		`+ z_stream z = &zp->z; / zlib state structure */`
		`+`
		`+ - if(!(type & CLIENTWRITE_BODY))`
		`+ + if(!(type & CLIENTWRITE_BODY) \|\| !nbytes)`
		`+ return Curl_cwriter_write(data, writer->next, type, buf, nbytes);`
		`+`
		`+ if(zp->zlib_init == ZLIB_INIT_GZIP) {`
		`+ @@ -669,7 +669,7 @@ static CURLcode brotli_do_write(struct Curl_easy *data,`
		`+ CURLcode result = CURLE_OK;`
		`+ BrotliDecoderResult r = BROTLI_DECODER_RESULT_NEEDS_MORE_OUTPUT;`
		`+`
		`+ - if(!(type & CLIENTWRITE_BODY))`
		`+ + if(!(type & CLIENTWRITE_BODY) \|\| !nbytes)`
		`+ return Curl_cwriter_write(data, writer->next, type, buf, nbytes);`
		`+`
		`+ if(!bp->br)`
		`+ @@ -762,7 +762,7 @@ static CURLcode zstd_do_write(struct Curl_easy *data,`
		`+ ZSTD_outBuffer out;`
		`+ size_t errorCode;`
		`+`
		`+ - if(!(type & CLIENTWRITE_BODY))`
		`+ + if(!(type & CLIENTWRITE_BODY) \|\| !nbytes)`
		`+ return Curl_cwriter_write(data, writer->next, type, buf, nbytes);`
		`+`
		`+ if(!zp->decomp) {`
		`+ @@ -916,7 +916,7 @@ static CURLcode error_do_write(struct Curl_easy *data,`
		`+ (void) buf;`
		`+ (void) nbytes;`
		`+`
		`+ - if(!(type & CLIENTWRITE_BODY))`
		`+ + if(!(type & CLIENTWRITE_BODY) \|\| !nbytes)`
		`+ return Curl_cwriter_write(data, writer->next, type, buf, nbytes);`
		`+`
		`+ failf(data, "Unrecognized content encoding type. "`
		`+ diff --git a/tests/http/test_02_download.py b/tests/http/test_02_download.py`
		`+ index 4db9c9d36..395fc862f 100644`
		`+ --- a/tests/http/test_02_download.py`
		`+ +++ b/tests/http/test_02_download.py`
		`+ @@ -394,6 +394,19 @@ class TestDownload:`
		`+ r = client.run(args=[url])`
		`+ r.check_exit_code(0)`
		`+`
		`+ + @pytest.mark.parametrize("proto", ['http/1.1', 'h2', 'h3'])`
		`+ + def test_02_28_get_compressed(self, env: Env, httpd, nghttpx, repeat, proto):`
		`+ + if proto == 'h3' and not env.have_h3():`
		`+ + pytest.skip("h3 not supported")`
		`+ + count = 1`
		`+ + urln = f'https://{env.authority_for(env.domain1brotli, proto)}/data-100k?[0-{count-1}]'`
		`+ + curl = CurlClient(env=env)`
		`+ + r = curl.http_download(urls=[urln], alpn_proto=proto, extra_args=[`
		`+ + '--compressed'`
		`+ + ])`
		`+ + r.check_exit_code(code=0)`
		`+ + r.check_response(count=count, http_status=200)`
		`+ +`
		`+ def check_downloads(self, client, srcfile: str, count: int,`
		`+ complete: bool = True):`
		`+ for i in range(count):`
		`+ diff --git a/tests/http/testenv/env.py b/tests/http/testenv/env.py`
		`+ index a207059dc..13c5d6bd4 100644`
		`+ --- a/tests/http/testenv/env.py`
		`+ +++ b/tests/http/testenv/env.py`
		`+ @@ -129,10 +129,11 @@ class EnvConfig:`
		`+ self.htdocs_dir = os.path.join(self.gen_dir, 'htdocs')`
		`+ self.tld = 'http.curl.se'`
		`+ self.domain1 = f"one.{self.tld}"`
		`+ + self.domain1brotli = f"brotli.one.{self.tld}"`
		`+ self.domain2 = f"two.{self.tld}"`
		`+ self.proxy_domain = f"proxy.{self.tld}"`
		`+ self.cert_specs = [`
		`+ - CertificateSpec(domains=[self.domain1, 'localhost'], key_type='rsa2048'),`
		`+ + CertificateSpec(domains=[self.domain1, self.domain1brotli, 'localhost'], key_type='rsa2048'),`
		`+ CertificateSpec(domains=[self.domain2], key_type='rsa2048'),`
		`+ CertificateSpec(domains=[self.proxy_domain, '127.0.0.1'], key_type='rsa2048'),`
		`+ CertificateSpec(name="clientsX", sub_specs=[`
		`+ @@ -376,6 +377,10 @@ class Env:`
		`+ def domain1(self) -> str:`
		`+ return self.CONFIG.domain1`
		`+`
		`+ + @property`
		`+ + def domain1brotli(self) -> str:`
		`+ + return self.CONFIG.domain1brotli`
		`+ +`
		`+ @property`
		`+ def domain2(self) -> str:`
		`+ return self.CONFIG.domain2`
		`+ diff --git a/tests/http/testenv/httpd.py b/tests/http/testenv/httpd.py`
		`+ index c04c22699..b8615875a 100644`
		`+ --- a/tests/http/testenv/httpd.py`
		`+ +++ b/tests/http/testenv/httpd.py`
		`+ @@ -50,6 +50,7 @@ class Httpd:`
		`+ 'alias', 'env', 'filter', 'headers', 'mime', 'setenvif',`
		`+ 'socache_shmcb',`
		`+ 'rewrite', 'http2', 'ssl', 'proxy', 'proxy_http', 'proxy_connect',`
		`+ + 'brotli',`
		`+ 'mpm_event',`
		`+ ]`
		`+ COMMON_MODULES_DIRS = [`
		`+ @@ -203,6 +204,7 @@ class Httpd:`
		`+`
		`+ def _write_config(self):`
		`+ domain1 = self.env.domain1`
		`+ + domain1brotli = self.env.domain1brotli`
		`+ creds1 = self.env.get_credentials(domain1)`
		`+ domain2 = self.env.domain2`
		`+ creds2 = self.env.get_credentials(domain2)`
		`+ @@ -285,6 +287,24 @@ class Httpd:`
		`+ f'</VirtualHost>',`
		`+ f'',`
		`+ ])`
		`+ + # Alternate to domain1 with BROTLI compression`
		`+ + conf.extend([ # https host for domain1, h1 + h2`
		`+ + f'<VirtualHost *:{self.env.https_port}>',`
		`+ + f' ServerName {domain1brotli}',`
		`+ + f' Protocols h2 http/1.1',`
		`+ + f' SSLEngine on',`
		`+ + f' SSLCertificateFile {creds1.cert_file}',`
		`+ + f' SSLCertificateKeyFile {creds1.pkey_file}',`
		`+ + f' DocumentRoot "{self._docs_dir}"',`
		`+ + f' SetOutputFilter BROTLI_COMPRESS',`
		`+ + ])`
		`+ + conf.extend(self._curltest_conf(domain1))`
		`+ + if domain1 in self._extra_configs:`
		`+ + conf.extend(self._extra_configs[domain1])`
		`+ + conf.extend([`
		`+ + f'</VirtualHost>',`
		`+ + f'',`
		`+ + ])`
		`+ conf.extend([ # https host for domain2, no h2`
		`+ f'<VirtualHost *:{self.env.https_port}>',`
		`+ f' ServerName {domain2}',`
		`+ --`
		`+ 2.44.0`
		`+`

0002-curl-8.6.0-ignore-response-body-to-HEAD.patch

file removed

-184

		`@@ -1,184 +0,0 @@`
		`- From e61ea3ba7054afedafe1eb473226e842ac17b8ff Mon Sep 17 00:00:00 2001`
		`- From: Daniel Stenberg <daniel@haxx.se>`
		`- Date: Thu, 1 Feb 2024 13:23:12 +0100`
		`- Subject: [PATCH] sendf: ignore response body to HEAD`
		`-`
		`- and mark the stream for close, but return OK since the response this far`
		`- was ok - if headers were received. Partly because this is what curl has`
		`- done traditionally.`
		`-`
		`- Test 499 verifies. Updates test 689.`
		`-`
		`- Reported-by: Sergey Bronnikov`
		`- Bug: https://curl.se/mail/lib-2024-02/0000.html`
		`- Closes #12842`
		`-`
		`- (cherry picked from commit b8c003832d730bb2f4b9de4204675ca5d9f7a903)`
		`- Signed-off-by: Jan Macku <jamacku@redhat.com>`
		`- ---`
		`- lib/sendf.c \| 3 ++`
		`- tests/data/Makefile.inc \| 44 ++++++++++++++--------------`
		`- tests/data/test499 \| 65 +++++++++++++++++++++++++++++++++++++++++`
		`- tests/data/test689 \| 4 +--`
		`- 4 files changed, 92 insertions(+), 24 deletions(-)`
		`- create mode 100644 tests/data/test499`
		`-`
		`- diff --git a/lib/sendf.c b/lib/sendf.c`
		`- index db3189a29..60ac0742c 100644`
		`- --- a/lib/sendf.c`
		`- +++ b/lib/sendf.c`
		`- @@ -575,6 +575,9 @@ static CURLcode cw_download_write(struct Curl_easy *data,`
		`- DEBUGF(infof(data, "did not want a BODY, but seeing %zu bytes",`
		`- nbytes));`
		`- data->req.download_done = TRUE;`
		`- + if(data->info.header_size)`
		`- + /* if headers have been received, this is fine */`
		`- + return CURLE_OK;`
		`- return CURLE_WEIRD_SERVER_REPLY;`
		`- }`
		`-`
		`- diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc`
		`- index c3d496f64..cd393da75 100644`
		`- --- a/tests/data/Makefile.inc`
		`- +++ b/tests/data/Makefile.inc`
		`- @@ -75,28 +75,28 @@ test444 test445 test446 test447 test448 test449 test450 test451 test452 \`
		`- test453 test454 test455 test456 test457 test458 test459 test460 test461 \`
		`- \`
		`- test490 test491 test492 test493 test494 test495 test496 test497 test498 \`
		`- -\`
		`- -test500 test501 test502 test503 test504 test505 test506 test507 test508 \`
		`- -test509 test510 test511 test512 test513 test514 test515 test516 test517 \`
		`- -test518 test519 test520 test521 test522 test523 test524 test525 test526 \`
		`- -test527 test528 test529 test530 test531 test532 test533 test534 test535 \`
		`- - test537 test538 test539 test540 test541 test542 test543 test544 \`
		`- -test545 test546 test547 test548 test549 test550 test551 test552 test553 \`
		`- -test554 test555 test556 test557 test558 test559 test560 test561 test562 \`
		`- -test563 test564 test565 test566 test567 test568 test569 test570 test571 \`
		`- -test572 test573 test574 test575 test576 test577 test578 test579 test580 \`
		`- -test581 test582 test583 test584 test585 test586 test587 test588 test589 \`
		`- -test590 test591 test592 test593 test594 test595 test596 test597 test598 \`
		`- -test599 test600 test601 test602 test603 test604 test605 test606 test607 \`
		`- -test608 test609 test610 test611 test612 test613 test614 test615 test616 \`
		`- -test617 test618 test619 test620 test621 test622 test623 test624 test625 \`
		`- -test626 test627 test628 test629 test630 test631 test632 test633 test634 \`
		`- -test635 test636 test637 test638 test639 test640 test641 test642 test643 \`
		`- -test644 test645 test646 test647 test648 test649 test650 test651 test652 \`
		`- -test653 test654 test655 test656 test658 test659 test660 test661 test662 \`
		`- -test663 test664 test665 test666 test667 test668 test669 test670 test671 \`
		`- -test672 test673 test674 test675 test676 test677 test678 test679 test680 \`
		`- -test681 test682 test683 test684 test685 test686 test687 test688 test689 \`
		`- +test499 test500 test501 test502 test503 test504 test505 test506 test507 \`
		`- +test508 test509 test510 test511 test512 test513 test514 test515 test516 \`
		`- +test517 test518 test519 test520 test521 test522 test523 test524 test525 \`
		`- +test526 test527 test528 test529 test530 test531 test532 test533 test534 \`
		`- +test535 test537 test538 test539 test540 test541 test542 test543 \`
		`- +test544 test545 test546 test547 test548 test549 test550 test551 test552 \`
		`- +test553 test554 test555 test556 test557 test558 test559 test560 test561 \`
		`- +test562 test563 test564 test565 test566 test567 test568 test569 test570 \`
		`- +test571 test572 test573 test574 test575 test576 test577 test578 test579 \`
		`- +test580 test581 test582 test583 test584 test585 test586 test587 test588 \`
		`- +test589 test590 test591 test592 test593 test594 test595 test596 test597 \`
		`- +test598 test599 test600 test601 test602 test603 test604 test605 test606 \`
		`- +test607 test608 test609 test610 test611 test612 test613 test614 test615 \`
		`- +test616 test617 test618 test619 test620 test621 test622 test623 test624 \`
		`- +test625 test626 test627 test628 test629 test630 test631 test632 test633 \`
		`- +test634 test635 test636 test637 test638 test639 test640 test641 test642 \`
		`- +test643 test644 test645 test646 test647 test648 test649 test650 test651 \`
		`- +test652 test653 test654 test655 test656 test658 test659 test660 test661 \`
		`- +test662 test663 test664 test665 test666 test667 test668 test669 test670 \`
		`- +test671 test672 test673 test674 test675 test676 test677 test678 test679 \`
		`- +test680 test681 test682 test683 test684 test685 test686 test687 test688 \`
		`- +test689 \`
		`- \`
		`- test700 test701 test702 test703 test704 test705 test706 test707 test708 \`
		`- test709 test710 test711 test712 test713 test714 test715 test716 test717 \`
		`- diff --git a/tests/data/test499 b/tests/data/test499`
		`- new file mode 100644`
		`- index 000000000..d4040b07c`
		`- --- /dev/null`
		`- +++ b/tests/data/test499`
		`- @@ -0,0 +1,65 @@`
		`- +<testcase>`
		`- +<info>`
		`- +<keywords>`
		`- +HTTP`
		`- +HTTP GET`
		`- +</keywords>`
		`- +</info>`
		`- +`
		`- +#`
		`- +# Server-side`
		`- +<reply>`
		`- +<data crlf="yes" nocheck="yes">`
		`- +HTTP/1.1 200 OK`
		`- +Date: Tue, 09 Nov 2010 14:49:00 GMT`
		`- +Server: test-server/fake`
		`- +Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT`
		`- +ETag: "21025-dc7-39462498"`
		`- +Accept-Ranges: bytes`
		`- +Content-Length: 6`
		`- +Connection: close`
		`- +Content-Type: text/html`
		`- +Funny-head: yesyes`
		`- +`
		`- +-foo-`
		`- +</data>`
		`- +<datacheck crlf="yes">`
		`- +HTTP/1.1 200 OK`
		`- +Date: Tue, 09 Nov 2010 14:49:00 GMT`
		`- +Server: test-server/fake`
		`- +Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT`
		`- +ETag: "21025-dc7-39462498"`
		`- +Accept-Ranges: bytes`
		`- +Content-Length: 6`
		`- +Connection: close`
		`- +Content-Type: text/html`
		`- +Funny-head: yesyes`
		`- +</datacheck>`
		`- +</reply>`
		`- +`
		`- +#`
		`- +# Client-side`
		`- +<client>`
		`- +<server>`
		`- +http`
		`- +</server>`
		`- +<name>`
		`- +HTTP HEAD to server still sending a body`
		`- +</name>`
		`- +<command>`
		`- +http://%HOSTIP:%HTTPPORT/%TESTNUMBER -I`
		`- +</command>`
		`- +</client>`
		`- +`
		`- +#`
		`- +# Verify data after the test has been "shot"`
		`- +<verify>`
		`- +<protocol crlf="yes">`
		`- +HEAD /%TESTNUMBER HTTP/1.1`
		`- +Host: %HOSTIP:%HTTPPORT`
		`- +User-Agent: curl/%VERSION`
		`- +Accept: /`
		`- +`
		`- +</protocol>`
		`- +</verify>`
		`- +</testcase>`
		`- diff --git a/tests/data/test689 b/tests/data/test689`
		`- index 821556dec..381ae225a 100644`
		`- --- a/tests/data/test689`
		`- +++ b/tests/data/test689`
		`- @@ -44,9 +44,9 @@ User-Agent: test567`
		`- Test-Number: 567`
		`-`
		`- </protocol>`
		`- -# 8 == CURLE_WEIRD_SERVER_REPLY`
		`- +# 85 == CURLE_RTSP_CSEQ_ERROR`
		`- <errorcode>`
		`- -8`
		`- +85`
		`- </errorcode>`
		`- </verify>`
		`-`
		`- --`
		`- 2.43.0`
		`-`

0002-curl-8.7.1-fix-chunked-POST-via-callback.patch

file added

+69

		`@@ -0,0 +1,69 @@`
		`+ From 2c20a15717bd408ce225dd8707c1798136f084f5 Mon Sep 17 00:00:00 2001`
		`+ From: Stefan Eissing <stefan@eissing.org>`
		`+ Date: Mon, 1 Apr 2024 15:41:18 +0200`
		`+ Subject: [PATCH 2/2] http: with chunked POST forced, disable length check on`
		`+ read callback`
		`+`
		`+ - when an application forces HTTP/1.1 chunked transfer encoding`
		`+ by setting the corresponding header and instructs curl to use`
		`+ the CURLOPT_READFUNCTION, disregard any POST length information.`
		`+ - this establishes backward compatibility with previous curl versions`
		`+`
		`+ Applications are encouraged to not force "chunked", but rather`
		`+ set length information for a POST. By setting -1, curl will`
		`+ auto-select chunked on HTTP/1.1 and work properly on other HTTP`
		`+ versions.`
		`+`
		`+ Reported-by: Jeff King`
		`+ Fixes #13229`
		`+ Closes #13257`
		`+`
		`+ (cherry picked from commit 721941aadf4adf4f6aeb3f4c0ab489bb89610c36)`
		`+ Signed-off-by: Jan Macku <jamacku@redhat.com>`
		`+ ---`
		`+ lib/http.c \| 22 ++++++++++++++++++++--`
		`+ 1 file changed, 20 insertions(+), 2 deletions(-)`
		`+`
		`+ diff --git a/lib/http.c b/lib/http.c`
		`+ index 92c04e69c..a764d3c44 100644`
		`+ --- a/lib/http.c`
		`+ +++ b/lib/http.c`
		`+ @@ -2046,8 +2046,19 @@ static CURLcode set_reader(struct Curl_easy *data, Curl_HttpReq httpreq)`
		`+ else`
		`+ result = Curl_creader_set_null(data);`
		`+ }`
		`+ - else { /* we read the bytes from the callback */`
		`+ - result = Curl_creader_set_fread(data, postsize);`
		`+ + else {`
		`+ + /* we read the bytes from the callback. In case "chunked" encoding`
		+ + * is forced by the application, we disregard `postsize`. This is
		`+ + * a backward compatibility decision to earlier versions where`
		`+ + * chunking disregarded this. See issue #13229. */`
		`+ + bool chunked = FALSE;`
		`+ + char *ptr = Curl_checkheaders(data, STRCONST("Transfer-Encoding"));`
		`+ + if(ptr) {`
		`+ + /* Some kind of TE is requested, check if 'chunked' is chosen */`
		`+ + chunked = Curl_compareheader(ptr, STRCONST("Transfer-Encoding:"),`
		`+ + STRCONST("chunked"));`
		`+ + }`
		`+ + result = Curl_creader_set_fread(data, chunked? -1 : postsize);`
		`+ }`
		`+ return result;`
		`+`
		`+ @@ -2115,6 +2126,13 @@ CURLcode Curl_http_req_set_reader(struct Curl_easy *data,`
		`+ data->req.upload_chunky =`
		`+ Curl_compareheader(ptr,`
		`+ STRCONST("Transfer-Encoding:"), STRCONST("chunked"));`
		`+ + if(data->req.upload_chunky &&`
		`+ + Curl_use_http_1_1plus(data, data->conn) &&`
		`+ + (data->conn->httpversion >= 20)) {`
		`+ + infof(data, "suppressing chunked transfer encoding on connection "`
		`+ + "using HTTP version 2 or higher");`
		`+ + data->req.upload_chunky = FALSE;`
		`+ + }`
		`+ }`
		`+ else {`
		`+ curl_off_t req_clen = Curl_creader_total_length(data);`
		`+ --`
		`+ 2.44.0`
		`+`

0003-curl-8.6.0-vtls-revert-receive-max-buffer-add-test-case.patch

file removed

-68

		`@@ -1,68 +0,0 @@`
		`- From 0f65eaab19624ca018d7bd5ca404618f9bfe267f Mon Sep 17 00:00:00 2001`
		`- From: Stefan Eissing <stefan@eissing.org>`
		`- Date: Thu, 1 Feb 2024 18:15:50 +0100`
		`- Subject: [PATCH] vtls: revert "receive max buffer" + add test case`
		`-`
		`- - add test_05_04 for requests using http/1.0, http/1.1 and h2 against an`
		`- Apache resource that does an unclean TLS shutdown.`
		`- - revert special workarund in openssl.c for suppressing shutdown errors`
		`- on multiplexed connections`
		`- - vlts.c restore to its state before 9a90c9dd64d2f03601833a70786d485851bd1b53`
		`-`
		`- Fixes #12885`
		`- Fixes #12844`
		`-`
		`- Closes #12848`
		`-`
		`- (cherry picked from commit ed09a99af57200643d5ae001e815eeab9ffe3f84)`
		`- Signed-off-by: Jan Macku <jamacku@redhat.com>`
		`- ---`
		`- lib/vtls/vtls.c \| 27 ++++++---------------------`
		`- 1 file changed, 6 insertions(+), 21 deletions(-)`
		`-`
		`- diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c`
		`- index e928ba5d0..f654a9749 100644`
		`- --- a/lib/vtls/vtls.c`
		`- +++ b/lib/vtls/vtls.c`
		`- @@ -1715,32 +1715,17 @@ static ssize_t ssl_cf_recv(struct Curl_cfilter *cf,`
		`- {`
		`- struct cf_call_data save;`
		`- ssize_t nread;`
		`- - size_t ntotal = 0;`
		`-`
		`- CF_DATA_SAVE(save, cf, data);`
		`- *err = CURLE_OK;`
		`- - /* Do receive until we fill the buffer somehwhat or EGAIN, error or EOF */`
		`- - while(!ntotal \|\| (len - ntotal) > (4*1024)) {`
		`- + nread = Curl_ssl->recv_plain(cf, data, buf, len, err);`
		`- + if(nread > 0) {`
		`- + DEBUGASSERT((size_t)nread <= len);`
		`- + }`
		`- + else if(nread == 0) {`
		`- + /* eof */`
		`- *err = CURLE_OK;`
		`- - nread = Curl_ssl->recv_plain(cf, data, buf + ntotal, len - ntotal, err);`
		`- - if(nread < 0) {`
		`- - if(*err == CURLE_AGAIN && ntotal > 0) {`
		`- - /* we EAGAINed after having reed data, return the success amount */`
		`- - *err = CURLE_OK;`
		`- - break;`
		`- - }`
		`- - /* we have a an error to report */`
		`- - goto out;`
		`- - }`
		`- - else if(nread == 0) {`
		`- - /* eof */`
		`- - break;`
		`- - }`
		`- - ntotal += (size_t)nread;`
		`- - DEBUGASSERT((size_t)ntotal <= len);`
		`- }`
		`- - nread = (ssize_t)ntotal;`
		`- -out:`
		`- CURL_TRC_CF(data, cf, "cf_recv(len=%zu) -> %zd, %d", len,`
		`- nread, *err);`
		`- CF_DATA_RESTORE(cf, save);`
		`- --`
		`- 2.43.0`
		`-`

0004-curl-8.6.0-http_chunks-fix-the-accounting-of-consumed-bytes.patch

file removed

-83

		`@@ -1,83 +0,0 @@`
		`- From c7438ccfceee373a75d6d890259cf2e6b5e0e203 Mon Sep 17 00:00:00 2001`
		`- From: Stefan Eissing <stefan@eissing.org>`
		`- Date: Wed, 14 Feb 2024 16:27:23 +0100`
		`- Subject: [PATCH] http_chunks: fix the accounting of consumed bytes`
		`-`
		`- Prior to this change chunks were handled correctly although in verbose`
		`- mode libcurl could incorrectly warn of "Leftovers after chunking" even`
		`- if there were none.`
		`-`
		`- Reported-by: Michael Kaufmann`
		`-`
		`- Fixes https://github.com/curl/curl/issues/12937`
		`- Closes https://github.com/curl/curl/pull/12939`
		`-`
		`- (cherry picked from commit 59e2c78af3a5588d6e6ae6d2223b222f067e054b)`
		`- Signed-off-by: Jan Macku <jamacku@redhat.com>`
		`- ---`
		`- lib/http_chunks.c \| 7 +++++++`
		`- 1 file changed, 7 insertions(+)`
		`-`
		`- diff --git a/lib/http_chunks.c b/lib/http_chunks.c`
		`- index 039c179c4..ad1ee9ada 100644`
		`- --- a/lib/http_chunks.c`
		`- +++ b/lib/http_chunks.c`
		`- @@ -152,6 +152,7 @@ static CURLcode httpchunk_readwrite(struct Curl_easy *data,`
		`- ch->hexbuffer[ch->hexindex++] = *buf;`
		`- buf++;`
		`- blen--;`
		`- + (*pconsumed)++;`
		`- }`
		`- else {`
		`- char *endptr;`
		`- @@ -189,6 +190,7 @@ static CURLcode httpchunk_readwrite(struct Curl_easy *data,`
		`-`
		`- buf++;`
		`- blen--;`
		`- + (*pconsumed)++;`
		`- break;`
		`-`
		`- case CHUNK_DATA:`
		`- @@ -236,6 +238,7 @@ static CURLcode httpchunk_readwrite(struct Curl_easy *data,`
		`- }`
		`- buf++;`
		`- blen--;`
		`- + (*pconsumed)++;`
		`- break;`
		`-`
		`- case CHUNK_TRAILER:`
		`- @@ -293,6 +296,7 @@ static CURLcode httpchunk_readwrite(struct Curl_easy *data,`
		`- }`
		`- buf++;`
		`- blen--;`
		`- + (*pconsumed)++;`
		`- break;`
		`-`
		`- case CHUNK_TRAILER_CR:`
		`- @@ -300,6 +304,7 @@ static CURLcode httpchunk_readwrite(struct Curl_easy *data,`
		`- ch->state = CHUNK_TRAILER_POSTCR;`
		`- buf++;`
		`- blen--;`
		`- + (*pconsumed)++;`
		`- }`
		`- else {`
		`- ch->state = CHUNK_FAILED;`
		`- @@ -320,6 +325,7 @@ static CURLcode httpchunk_readwrite(struct Curl_easy *data,`
		`- /* skip if CR */`
		`- buf++;`
		`- blen--;`
		`- + (*pconsumed)++;`
		`- }`
		`- /* now wait for the final LF */`
		`- ch->state = CHUNK_STOP;`
		`- @@ -328,6 +334,7 @@ static CURLcode httpchunk_readwrite(struct Curl_easy *data,`
		`- case CHUNK_STOP:`
		`- if(*buf == 0x0a) {`
		`- blen--;`
		`- + (*pconsumed)++;`
		`- /* Record the length of any data left in the end of the buffer`
		`- even if there's no more chunks to read */`
		`- ch->datasize = blen;`
		`- --`
		`- 2.43.2`
		`-`

0101-curl-7.32.0-multilib.patch

file modified

+10 -10

		`@@ -1,7 +1,7 @@`
		`- From 84b7e1cf486761e99361f5dcf5879cd7baf51b58 Mon Sep 17 00:00:00 2001`
		`+ From dcc0efa441abace568e00bf930889da78356d041 Mon Sep 17 00:00:00 2001`
		`From: Jan Macku <jamacku@redhat.com>`
		`- Date: Thu, 1 Feb 2024 13:01:23 +0100`
		`- Subject: [PATCH 2/2] prevent multilib conflicts on the curl-config script`
		`+ Date: Wed, 27 Mar 2024 10:16:03 +0100`
		`+ Subject: [PATCH] prevent multilib conflicts on the curl-config script`

		`---`
		`curl-config.in \| 23 +++++------------------`
		`@@ -60,15 +60,15 @@`

		`*)`
		`diff --git a/docs/curl-config.1 b/docs/curl-config.1`
		`- index c142cb9..0e189b4 100644`
		`+ index 2d5617c..0d90aaa 100644`
		`--- a/docs/curl-config.1`
		`+++ b/docs/curl-config.1`
		`- @@ -48,7 +48,9 @@ no, one or several names. If more than one name, they will appear`
		`- comma\-separated. (Added in 7.58.0)`
		`+ @@ -48,7 +48,9 @@ no, one or several names. If more than one name, they appear comma\-separated.`
		`+ (Added in 7.58.0)`
		`.IP --static-libs`
		`- Shows the complete set of libs and other linker options you will need in order`
		`- -to link your application with libcurl statically. (Added in 7.17.1)`
		`- +to link your application with libcurl statically. Note that Fedora/RHEL libcurl`
		`+ Shows the complete set of libs and other linker options you need in order to`
		`+ -link your application with libcurl statically. (Added in 7.17.1)`
		`+ +link your application with libcurl statically. Note that Fedora/RHEL libcurl`
		`+packages do not provide any static libraries, thus cannot be linked statically.`
		`+(Added in 7.17.1)`
		`.IP --version`
		`@@ -87,5 +87,5 @@`
		`Name: libcurl`
		`URL: https://curl.se/`
		`--`
		`- 2.43.0`
		`+ 2.44.0`

curl.spec

file modified

+21 -28

		`@@ -1,7 +1,7 @@`
		`Summary: A utility for getting files from remote servers (FTP, HTTP, and others)`
		`Name: curl`
		`- Version: 8.6.0`
		`- Release: 7%{?dist}`
		`+ Version: 8.7.1`
		`+ Release: 1%{?dist}`
		`License: curl`
		`Source0: https://curl.se/download/%{name}-%{version}.tar.xz`
		`Source1: https://curl.se/download/%{name}-%{version}.tar.xz.asc`
		`@@ -10,19 +10,11 @@`
		`# which points to the GPG key as of April 7th 2016 of https://daniel.haxx.se/mykey.asc`
		`Source2: mykey.asc`

		`- # remove duplicate content from curl-config.1`
		`- Patch001: 0001-curl-8.6.0-remove-duplicate-content.patch`
		`+ # fix issue with --compressed option`
		`+ Patch001: 0001-curl-8.7.1-fix-compressed-option.patch`

		`- # ignore response bode to HEAD requests`
		`- # https://bodhi.fedoraproject.org/updates/FEDORA-2024-634a6662aa`
		`- Patch002: 0002-curl-8.6.0-ignore-response-body-to-HEAD.patch`
		`-`
		`- # revert "receive max buffer" + add test case`
		`- # it breaks pycurl tests suite`
		`- Patch003: 0003-curl-8.6.0-vtls-revert-receive-max-buffer-add-test-case.patch`
		`-`
		`- # Fix: Leftovers after chunking should not be part of the curl buffer output`
		`- Patch004: 0004-curl-8.6.0-http_chunks-fix-the-accounting-of-consumed-bytes.patch`
		`+ # fix chunked POST via callback regression`
		`+ Patch002: 0002-curl-8.7.1-fix-chunked-POST-via-callback.patch`

		`# patch making libcurl multilib ready`
		`Patch101: 0101-curl-7.32.0-multilib.patch`
		`@@ -212,12 +204,9 @@`
		`%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'`
		`%autosetup -p1`

		`- # temporarily disable test 0313`
		`- # <https://bugzilla.redhat.com/show_bug.cgi?id=2263877>`
		`- # <https://github.com/curl/curl/pull/11531>`
		`# disable test 1801`
		`# <https://github.com/bagder/curl/commit/21e82bd6#commitcomment-12226582>`
		`- printf "313\n1801\n" >> tests/data/DISABLED`
		`+ printf "1801\n" >> tests/data/DISABLED`

		`# test3026: avoid pthread_create() failure due to resource exhaustion on i386`
		`%ifarch %{ix86}`
		`@@ -254,7 +243,8 @@`
		`--with-gssapi \`
		`--with-libidn2 \`
		`--with-nghttp2 \`
		`- --with-ssl --with-ca-bundle=%{_sysconfdir}/pki/tls/certs/ca-bundle.crt"`
		`+ --with-ssl --with-ca-bundle=%{_sysconfdir}/pki/tls/certs/ca-bundle.crt \`
		`+ --with-zsh-functions-dir"`

		`%global _configure ../configure`

		`@@ -361,21 +351,12 @@`
		`cd build-full`
		`%make_install`

		`- # install zsh completion for curl`
		`- # (we have to override LD_LIBRARY_PATH because we eliminated rpath)`
		`- LD_LIBRARY_PATH="$RPM_BUILD_ROOT%{_libdir}:$LD_LIBRARY_PATH" \`
		`- %make_install -C scripts`
		`-`
		`# do not install /usr/share/fish/completions/curl.fish which is also installed`
		`# by fish-3.0.2-1.module_f31+3716+57207597 and would trigger a conflict`
		`rm -rf ${RPM_BUILD_ROOT}%{_datadir}/fish`

		`rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la`

		`- # Don't install man for mk-ca-bundle it's upstream bug`
		`- # should be fixed in next release https://github.com/curl/curl/pull/12843`
		`- rm -f ${RPM_BUILD_ROOT}%{_mandir}/man1/mk-ca-bundle.1*`
		`-`
		`%ldconfig_scriptlets -n libcurl`

		`%ldconfig_scriptlets -n libcurl-minimal`
		`@@ -384,6 +365,7 @@`
		`%doc CHANGES`
		`%doc README`
		`%doc docs/BUGS.md`
		`+ %doc docs/DISTROS.md`
		`%doc docs/FAQ`
		`%doc docs/FEATURES.md`
		`%doc docs/TODO`
		`@@ -414,6 +396,17 @@`
		`%{_libdir}/libcurl.so.4.[0-9].[0-9].minimal`

		`%changelog`
		`+ * Wed Mar 27 2024 Jan Macku <jamacku@redhat.com> - 8.7.1-1`
		`+ - new upstream release, which fixes the following vulnerabilities`
		`+ CVE-2024-2004 - Usage of disabled protocol`
		`+ CVE-2024-2379 - QUIC certificate check bypass with wolfSSL`
		`+ CVE-2024-2398 - HTTP/2 push headers memory-leak`
		`+ CVE-2024-2466 - TLS certificate check bypass with mbedTLS`
		`+ - drop upstreamed patches`
		`+ - reenable test 0313`
		`+ - fix zsh completions, use --with-zsh-functions-dir`
		`+ - apply upstream patches for 8.7.1 issues and regressions`
		`+`
		`* Mon Feb 19 2024 Jan Macku <jamacku@redhat.com> - 8.6.0-7`
		`- Fix: Leftovers after chunking should not be part of the curl buffer output (#2264220)`

sources

file modified

+2 -2

		`@@ -1,2 +1,2 @@`
		`- SHA512 (curl-8.6.0.tar.xz) = 359c08d88a5dec441255b36afe1a821730eca0ca8800ba52f57132b9e7d21f32457623907b4ae4876904b5e505eb1a59652372bb7de8dbd8db429dae9785e036`
		`- SHA512 (curl-8.6.0.tar.xz.asc) = 2b835bb4b307e5e1c929b7136c5acfb9f6f06efa471ac27060336cabcfac40e02143f40434986c5e6817d4a9562b09efa8ff3168beed310a45453148cc1b5c8f`
		`+ SHA512 (curl-8.7.1.tar.xz) = 5bbde9d5648e9226f5490fa951690aaf159149345f3a315df2ba58b2468f3e59ca32e8a49734338afc861803a4f81caac6d642a4699b72c6310ebfb1f618aad2`
		`+ SHA512 (curl-8.7.1.tar.xz.asc) = f98c393997c4a32f545a8982226e8cd612395210915a4576c2ce227d0f650cff341be7bf15e989d1789abf32ac4fd9c190b9250b81e650b569e8532048746b37`

jamacku commented 2 months ago

Resolves: CVE-2024-2004 - Usage of disabled protocol
Resolves: CVE-2024-2379 - QUIC certificate check bypass with wolfSSL
Resolves: CVE-2024-2398 - HTTP/2 push headers memory-leak
Resolves: CVE-2024-2466 - TLS certificate check bypass with mbedTLS

pghmcfc commented 2 months ago

I think it's necessary to add --with-zsh-functions-dir to the configure invocation to get the zsh completion now, and no longer necessary to install it manually. It might also be worth revisiting the fish completion (now enabled using --with-fish-functions-dir) as there should no longer be a fish module for it to conflict with.

The manpage for mk-ca-bundle no longer needs to be removed.

rebased onto 7856072

2 months ago

rebased onto 9eaf85e

2 months ago

rebased onto 17c3160

2 months ago

rebased onto 880db65

2 months ago

rebased onto 98c589a

2 months ago

rebased onto 029e419