Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package curl for openSUSE:Factory checked in at 2022-11-17 17:23:45 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/curl (Old) and /work/SRC/openSUSE:Factory/.curl.new.1597 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "curl" Thu Nov 17 17:23:45 2022 rev:180 rq:1036175 version:7.86.0 Changes: -------- --- /work/SRC/openSUSE:Factory/curl/curl.changes 2022-10-27 13:52:36.856092312 +0200 +++ /work/SRC/openSUSE:Factory/.curl.new.1597/curl.changes 2022-11-17 17:23:51.528860493 +0100 @@ -1,0 +2,16 @@ +Wed Nov 16 03:09:27 UTC 2022 - Luciano Santos <luc1...@opensuse.org> + +- Add 1.50.0 as the minimum libnghttp2 build requirement version as + a bandaid. Curl's 7.86.0 release introduces the use of + nghttp2_option_set_no_rfc9113_leading_and_trailing_ws_validation, + introduced by nghttp2 1.50.0 release, without introducing a check + for the function/right version in their build scripts. This will + make Zypper/cURL unusable in some corner cases where users + installing something that requires libcurl4 before doing full + system upgrade, thus updating the cURL stack, but not + libnghttp2's. Background: boo#1204983, Factory mailing list + threadd: + "? broken dependency in curl and/or *zyp* ?", and forums thread: + Curl-is-broken-after-an-update-which-subsequently-breaks-zypper. + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ curl.spec ++++++ --- /var/tmp/diff_new_pack.qkvV3h/_old 2022-11-17 17:23:52.120863624 +0100 +++ /var/tmp/diff_new_pack.qkvV3h/_new 2022-11-17 17:23:52.124863645 +0100 @@ -46,7 +46,17 @@ BuildRequires: pkgconfig(libidn2) # Disable metalink [bsc#1188218, CVE-2021-22923][bsc#1188217, CVE-2021-22922] # BuildRequires: pkgconfig(libmetalink) -BuildRequires: pkgconfig(libnghttp2) +# +# The 7.86.0 cURL release introduced the use of +# nghttp2_option_set_no_rfc9113_leading_and_trailing_ws_validation, +# a function introduced by the 1.50.0 nghttp2 release. +# +# This is a bandaid, as cURL didn't provide a function/version check +# in their build scripts. Without this some users my end up with a broken +# Zypper/cURL if they have a libnghttp2 < 1.50.0 yet in their system, +# and do some Zypper transaction that updates cURL, but not libnghttp2. +# +BuildRequires: pkgconfig(libnghttp2) >= 1.50.0 BuildRequires: pkgconfig(libpsl) BuildRequires: pkgconfig(libssh) BuildRequires: pkgconfig(libzstd)
