Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package curl for openSUSE:Factory checked in at 2021-07-22 22:42:54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/curl (Old) and /work/SRC/openSUSE:Factory/.curl.new.1899 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "curl" Thu Jul 22 22:42:54 2021 rev:168 rq:907430 version:7.78.0 Changes: -------- --- /work/SRC/openSUSE:Factory/curl/curl.changes 2021-06-05 23:30:21.364315268 +0200 +++ /work/SRC/openSUSE:Factory/.curl.new.1899/curl.changes 2021-07-22 22:43:20.279201561 +0200 @@ -1,0 +2,55 @@ +Wed Jul 21 06:50:22 UTC 2021 - Pedro Monreal <pmonr...@suse.com> + +- Update to 7.78.0: + [bsc#1188217, CVE-2021-22922][bsc#1188218, CVE-2021-22923] + [bsc#1188219, CVE-2021-22924][bsc#1188220, CVE-2021-22925] + * Changes: + - curl_url_set: reject spaces in URLs w/o CURLU_ALLOW_SPACE + - CURLE_SETOPT_OPTION_SYNTAX: new error name for wrong setopt syntax + - hostip: make 'localhost' return fixed values + - mbedtls: add support for cert and key blob options + - metalink: remove all support for it + - mqtt: add support for username and password + * Bugfixes: + - ares: always store IPv6 addresses first + - c-hyper: abort CONNECT response reading early on non 2xx responses + - c-hyper: add support for transfer-encoding in the request + - c-hyper: bail on too long response headers + - c-hyper: clear NTLM auth buffer when request is issued + - c-hyper: fix NTLM on closed connection tested with test159 + - conncache: lowercase the hash key for better match + - curl_multibyte: Remove local encoding fallbacks + - Curl_ntlm_core_mk_nt_hash: fix OOM in error path + - Curl_ssl_getsessionid: fail if no session cache exists + - easy: during upkeep, attach Curl_easy to connections in the cache + - gnutls: set the preferred TLS versions in correct order + - hsts: ignore numberical IP address hosts + - HSTS: not experimental anymore + - http2: init recvbuf struct for pushed streams + - http: fix crash in rate-limited upload + - http: make the haproxy support work with unix domain sockets + - http_proxy: deal with non-200 CONNECT response with Hyper + - lib: don't compare fd to FD_SETSIZE when using poll + - lib: fix compiler warnings with CURL_DISABLE_NETRC + - lib: fix type of len passed to *printf's %*s + - lib: more %u for port and int for %*s fixes + - lib: use %u instead of %ld for port number printf + - libssh2: limit time a disconnect can take to 1 second + - mqtt: detect illegal and too large file size + - msnprintf: return number of printed characters excluding null byte + - multi: add scan-build-6 work-around in curl_multi_fdset + - multi: alter transfer timeout ordering + - multi: do not switch off connect_only flag when closing + - multi: fix crash in curl_multi_wait / curl_multi_poll + - ngtcp2: disable TLSv1.3 compatible mode when using GnuTLS + - openssl: avoid static variable for seed flag + - openssl: don't remove session id entry in disassociate + - socketpair: fix potential hangs + - socks4: scan for the IPv4 address in resolve results + - ssl: read pending close notify alert before closing the connection + - telnet: fix option parser to not send uninitialized contents + - TLS: prevent shutdown loops to get stuck + - vtls: exit addsessionid if no cache is inited + - vtls: fix connection reuse checks for issuer cert and case sensitivity + +------------------------------------------------------------------- Old: ---- curl-7.77.0.tar.xz curl-7.77.0.tar.xz.asc New: ---- curl-7.78.0.tar.xz curl-7.78.0.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ curl.spec ++++++ --- /var/tmp/diff_new_pack.TFjEO4/_old 2021-07-22 22:43:20.911200737 +0200 +++ /var/tmp/diff_new_pack.TFjEO4/_new 2021-07-22 22:43:20.915200732 +0200 @@ -21,7 +21,7 @@ # need ssl always for python-pycurl %bcond_without openssl Name: curl -Version: 7.77.0 +Version: 7.78.0 Release: 0 Summary: A Tool for Transferring Data from URLs License: curl @@ -44,7 +44,8 @@ BuildRequires: pkgconfig(krb5) BuildRequires: pkgconfig(libbrotlidec) BuildRequires: pkgconfig(libidn2) -BuildRequires: pkgconfig(libmetalink) +# Disable metalink [bsc#1188218, CVE-2021-22923][bsc#1188219, CVE-2021-22924] +# BuildRequires: pkgconfig(libmetalink) BuildRequires: pkgconfig(libnghttp2) BuildRequires: pkgconfig(libpsl) BuildRequires: pkgconfig(libssh) @@ -124,7 +125,6 @@ --with-gssapi=$(krb5-config --prefix) \ --with-libidn2 \ --with-libssh \ - --with-libmetalink \ --enable-hidden-symbols \ --disable-static \ --enable-threaded-resolver ++++++ curl-7.77.0.tar.xz -> curl-7.78.0.tar.xz ++++++ ++++ 59301 lines of diff (skipped)