Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package curl for openSUSE:Factory checked in
at 2021-07-22 22:42:54
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/curl (Old)
and /work/SRC/openSUSE:Factory/.curl.new.1899 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "curl"
Thu Jul 22 22:42:54 2021 rev:168 rq:907430 version:7.78.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/curl/curl.changes 2021-06-05
23:30:21.364315268 +0200
+++ /work/SRC/openSUSE:Factory/.curl.new.1899/curl.changes 2021-07-22
22:43:20.279201561 +0200
@@ -1,0 +2,55 @@
+Wed Jul 21 06:50:22 UTC 2021 - Pedro Monreal <pmonr...@suse.com>
+
+- Update to 7.78.0:
+ [bsc#1188217, CVE-2021-22922][bsc#1188218, CVE-2021-22923]
+ [bsc#1188219, CVE-2021-22924][bsc#1188220, CVE-2021-22925]
+ * Changes:
+ - curl_url_set: reject spaces in URLs w/o CURLU_ALLOW_SPACE
+ - CURLE_SETOPT_OPTION_SYNTAX: new error name for wrong setopt syntax
+ - hostip: make 'localhost' return fixed values
+ - mbedtls: add support for cert and key blob options
+ - metalink: remove all support for it
+ - mqtt: add support for username and password
+ * Bugfixes:
+ - ares: always store IPv6 addresses first
+ - c-hyper: abort CONNECT response reading early on non 2xx responses
+ - c-hyper: add support for transfer-encoding in the request
+ - c-hyper: bail on too long response headers
+ - c-hyper: clear NTLM auth buffer when request is issued
+ - c-hyper: fix NTLM on closed connection tested with test159
+ - conncache: lowercase the hash key for better match
+ - curl_multibyte: Remove local encoding fallbacks
+ - Curl_ntlm_core_mk_nt_hash: fix OOM in error path
+ - Curl_ssl_getsessionid: fail if no session cache exists
+ - easy: during upkeep, attach Curl_easy to connections in the cache
+ - gnutls: set the preferred TLS versions in correct order
+ - hsts: ignore numberical IP address hosts
+ - HSTS: not experimental anymore
+ - http2: init recvbuf struct for pushed streams
+ - http: fix crash in rate-limited upload
+ - http: make the haproxy support work with unix domain sockets
+ - http_proxy: deal with non-200 CONNECT response with Hyper
+ - lib: don't compare fd to FD_SETSIZE when using poll
+ - lib: fix compiler warnings with CURL_DISABLE_NETRC
+ - lib: fix type of len passed to *printf's %*s
+ - lib: more %u for port and int for %*s fixes
+ - lib: use %u instead of %ld for port number printf
+ - libssh2: limit time a disconnect can take to 1 second
+ - mqtt: detect illegal and too large file size
+ - msnprintf: return number of printed characters excluding null byte
+ - multi: add scan-build-6 work-around in curl_multi_fdset
+ - multi: alter transfer timeout ordering
+ - multi: do not switch off connect_only flag when closing
+ - multi: fix crash in curl_multi_wait / curl_multi_poll
+ - ngtcp2: disable TLSv1.3 compatible mode when using GnuTLS
+ - openssl: avoid static variable for seed flag
+ - openssl: don't remove session id entry in disassociate
+ - socketpair: fix potential hangs
+ - socks4: scan for the IPv4 address in resolve results
+ - ssl: read pending close notify alert before closing the connection
+ - telnet: fix option parser to not send uninitialized contents
+ - TLS: prevent shutdown loops to get stuck
+ - vtls: exit addsessionid if no cache is inited
+ - vtls: fix connection reuse checks for issuer cert and case sensitivity
+
+-------------------------------------------------------------------
Old:
----
curl-7.77.0.tar.xz
curl-7.77.0.tar.xz.asc
New:
----
curl-7.78.0.tar.xz
curl-7.78.0.tar.xz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ curl.spec ++++++
--- /var/tmp/diff_new_pack.TFjEO4/_old 2021-07-22 22:43:20.911200737 +0200
+++ /var/tmp/diff_new_pack.TFjEO4/_new 2021-07-22 22:43:20.915200732 +0200
@@ -21,7 +21,7 @@
# need ssl always for python-pycurl
%bcond_without openssl
Name: curl
-Version: 7.77.0
+Version: 7.78.0
Release: 0
Summary: A Tool for Transferring Data from URLs
License: curl
@@ -44,7 +44,8 @@
BuildRequires: pkgconfig(krb5)
BuildRequires: pkgconfig(libbrotlidec)
BuildRequires: pkgconfig(libidn2)
-BuildRequires: pkgconfig(libmetalink)
+# Disable metalink [bsc#1188218, CVE-2021-22923][bsc#1188219, CVE-2021-22924]
+# BuildRequires: pkgconfig(libmetalink)
BuildRequires: pkgconfig(libnghttp2)
BuildRequires: pkgconfig(libpsl)
BuildRequires: pkgconfig(libssh)
@@ -124,7 +125,6 @@
--with-gssapi=$(krb5-config --prefix) \
--with-libidn2 \
--with-libssh \
- --with-libmetalink \
--enable-hidden-symbols \
--disable-static \
--enable-threaded-resolver
++++++ curl-7.77.0.tar.xz -> curl-7.78.0.tar.xz ++++++
++++ 59301 lines of diff (skipped)
