Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package curl for openSUSE:Factory checked in 
at 2026-07-09 22:17:56
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/curl (Old)
 and      /work/SRC/openSUSE:Factory/.curl.new.1991 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "curl"

Thu Jul  9 22:17:56 2026 rev:226 rq:1361808 version:8.21.0

Changes:
--------
--- /work/SRC/openSUSE:Factory/curl/curl.changes        2026-06-04 
18:53:10.734062083 +0200
+++ /work/SRC/openSUSE:Factory/.curl.new.1991/curl.changes      2026-07-09 
22:17:57.967243039 +0200
@@ -1,0 +2,27 @@
+Wed Jun 24 16:36:24 UTC 2026 - Lucas Mulling <[email protected]>
+
+- Update to 8.21.0:
+  * Security fixes:
+    - CVE-2026-8286: wrong STARTTLS connection reuse (bsc#1268402)
+    - CVE-2026-8458: wrong reuse for different services (bsc#1268407)
+    - CVE-2026-8924: traling dot domain super cookie (bsc#1268409)
+    - CVE-2026-8925: SASL double-free (bsc#1268411)
+    - CVE-2026-8926: password leak with netrc and user in URL (bsc#1268412)
+    - CVE-2026-8927: env-set cross-proxy Digest auth state leak (bsc#1268413)
+    - CVE-2026-8932: incomplete mTLS config matching in conn reuse 
(bsc#1268414)
+    - CVE-2026-9079: stale proxy password leak (bsc#1268415)
+    - CVE-2026-9080: UAF after pause in socket callback (bsc#1268416)
+    - CVE-2026-9545: exposing HTTP/3 early data (bsc#1268417)
+    - CVE-2026-9546: sending old referer (bsc#1268419)
+    - CVE-2026-9547: SSH improper host validation (bsc#1268420)
+    - CVE-2026-10536: HTTP/2 stream-dependency tree UAF (bsc#1268422)
+    - CVE-2026-11352: QUIC zero-length UDP datagrams busy-loop (bsc#1268423)
+    - CVE-2026-11564: Native CA trust persist (bsc#1268424)
+    - CVE-2026-11586: WS Auto-PONG memory exhaustion (bsc#1268425)
+    - CVE-2026-11856: cross-origin Digest auth state leak (bsc#1268426)
+    - CVE-2026-12064: proto-default skips SSH verification (bsc#1268427)
+  * For a complete changelog see: https://curl.se/ch/8.21.0.html
+- Remove patches now in upstream:
+    curl-disabled-redirect-protocol-message.patch 
libcurl-fix-wakeup-consumption.patch
+
+-------------------------------------------------------------------

Old:
----
  curl-8.20.0.tar.xz
  curl-8.20.0.tar.xz.asc
  curl-disabled-redirect-protocol-message.patch
  libcurl-fix-wakeup-consumption.patch

New:
----
  curl-8.21.0.tar.xz
  curl-8.21.0.tar.xz.asc

----------(Old B)----------
  Old:- Remove patches now in upstream:
    curl-disabled-redirect-protocol-message.patch 
libcurl-fix-wakeup-consumption.patch
  Old:- Remove patches now in upstream:
    curl-disabled-redirect-protocol-message.patch 
libcurl-fix-wakeup-consumption.patch
----------(Old E)----------

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ curl.spec ++++++
--- /var/tmp/diff_new_pack.E0AuRB/_old  2026-07-09 22:17:59.315288761 +0200
+++ /var/tmp/diff_new_pack.E0AuRB/_new  2026-07-09 22:17:59.319288897 +0200
@@ -36,7 +36,7 @@
 %endif
 
 Name:           curl%{?psuffix}
-Version:        8.20.0
+Version:        8.21.0
 Release:        0
 Summary:        A Tool for Transferring Data from URLs
 License:        curl
@@ -49,9 +49,6 @@
 Patch0:         libcurl-ocloexec.patch
 Patch1:         dont-mess-with-rpmoptflags.patch
 Patch2:         curl-secure-getenv.patch
-# PATCH-FIX-OPENSUSE bsc#1076446 protocol redirection not supported or disabled
-Patch3:         curl-disabled-redirect-protocol-message.patch
-Patch4:         libcurl-fix-wakeup-consumption.patch
 BuildRequires:  groff
 BuildRequires:  libtool
 BuildRequires:  pkgconfig

++++++ curl-8.20.0.tar.xz -> curl-8.21.0.tar.xz ++++++
++++ 112539 lines of diff (skipped)

Reply via email to