Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package curl for openSUSE:Factory checked in
at 2022-12-23 10:20:42
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/curl (Old)
and /work/SRC/openSUSE:Factory/.curl.new.1563 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "curl"
Fri Dec 23 10:20:42 2022 rev:181 rq:1044033 version:7.87.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/curl/curl.changes 2022-11-17
17:23:51.528860493 +0100
+++ /work/SRC/openSUSE:Factory/.curl.new.1563/curl.changes 2022-12-23
10:20:43.831215941 +0100
@@ -1,0 +2,170 @@
+Wed Dec 21 08:19:23 UTC 2022 - David Anes <david.a...@suse.com>
+
+- Update to 7.87.0:
+ * Security fixes:
+ - CVE-2022-43551, bsc#1206308: another HSTS bypass via IDN
+ - CVE-2022-43552, bsc#1206309: HTTP Proxy deny use-after-free
+ * Changes
+ - curl: add --url-query
+ - CURLOPT_QUICK_EXIT: don't wait for DNS thread on exit
+ - lib: add CURL_WRITEFUNC_ERROR to signal write callback error
+ - openssl: reduce CA certificate bundle reparsing by caching
+ - version: add a feature names array to curl_version_info_data
+ * Bugfixes
+ - altsvc: fix rejection of negative port numbers
+ - aws_sigv4: consult x-%s-content-sha256 for payload hash
+ - aws_sigv4: fix typos in aws_sigv4.c
+ - base64: better alloc size
+ - base64: encode without using snprintf
+ - base64: faster base64 decoding
+ - build: assume assert.h is always available
+ - build: assume errno.h is always available
+ - c-hyper: CONNECT respones are not server responses
+ - c-hyper: fix multi-request mechanism
+ - CI: Change FreeBSD image from 12.3 to 12.4
+ - CI: LGTM.com will be shut down in December 2022
+ - ci: Remove zuul fuzzing job as it's superseded by CIFuzz
+ - cmake: check for cross-compile, not for toolchain
+ - CMake: fix build with `CURL_USE_GSSAPI`
+ - cmake: really enable warnings with clang
+ - cmake: set the soname on the shared library
+ - cmdline-opts/gen.pl: fix the linkifier
+ - cmdline-opts/page-footer: remove long option nroff formatting
+ - config-mac: define HAVE_SYS_IOCTL_H
+ - config-mac: fix typo: size_T -> size_t
+ - config-mac: remove HAVE_SYS_SELECT_H
+ - config-win32: fix SIZEOF_OFF_T for MSVC and old MinGW
+ - configure: require fork for NTLM-WB
+ - contributors.sh: actually use $CURLWWW instead of just setting it
+ - cookie: compare cookie prefixes case insensitively
+ - cookie: expire cookies at once when max-age is negative
+ - cookie: open cookie jar as a binary file
+ - curl-openssl.m4: do not add $prefix/include/openssl to CPPFLAGS
+ - curl-rustls.m4: on macOS, rustls also needs the Security framework
+ - curl.h: include <sys/select.h> on SerenityOS
+ - curl.h: name all public function parameters
+ - curl.h: reword comment to not use deprecated option
+ - curl: override the numeric locale and set "C" by force
+ - curl: timeout in the read callback
+ - curl_endian: remove Curl_write64_le from header
+ - curl_get_line: allow last line without newline char
+ - curl_path: do not add '/' if homedir ends with one
+ - curl_url_get.3: remove spurious backtick
+ - curl_url_set.3: document CURLU_DISALLOW_USER
+ - curl_url_set.3: fix typo
+ - CURLMOPT_SOCKETFUNCTION.3: clarify CURL_POLL_REMOVE
+ - CURLOPT_COOKIEFILE.3: advice => advise
+ - CURLOPT_DEBUGFUNCTION.3: do not assume nul-termination in example
+ - CURLOPT_DEBUGFUNCTION.3: emphasize that incoming data is "raw"
+ - CURLOPT_POST.3: Explain setting to 0 changes request type
+ - docs/curl_ws_send: Fixed typo in websocket docs
+ - docs/EARLY-RELEASE.md: how to determine an early release
+ - docs/examples: spell correction ('Retrieve')
+ - docs/INSTALL.md: expand on static builds
+ - docs/WEBSOCKET.md: explain the URL use
+ - docs: add missing parameters for --retry flag
+ - docs: add more "SEE ALSO" links to CA related pages
+ - docs: explain the noproxy CIDR notation support
+ - docs: extend the dump-header documentation
+ - docs: remove performance note in CURLOPT_SSL_VERIFYPEER
+ - examples/10-at-a-time: fix possible skipped final transfers
+ - examples: update descriptions
+ - ftp: support growing files with CURLOPT_IGNORE_CONTENT_LENGTH
+ - gen.pl: do not generate CURLHELP bitmask lines > 79 characters
+ - GHA: clarify workflows permissions, set least possible privilege
+ - GHA: NSS use clang instead of clang-9
+ - gnutls: use common gnutls init and verify code for ngtcp2
+ - headers: add endif comments
+ - HTTP-COOKIES.md: mention that http://localhost is a secure context
+ - HTTP-COOKIES.md: update the 6265bis link to draft-11
+ - http: do not send PROXY more than once
+ - http: fix the ::1 comparison for IPv6 localhost for cookies
+ - http: set 'this_is_a_follow' in the Location: logic
+ - http: use the IDN decoded name in HSTS checks
+ - hyper: classify headers as CONNECT and 1XX
+ - hyper: fix handling of hyper_task's when reusing the same address
+ - idn: remove Curl_win32_ascii_to_idn
+ - INSTALL: update operating systems and CPU archs
+ - KNOWN_BUGS: remove eight entries
+ - lib1560: add some basic IDN host name tests
+ - lib: connection filters (cfilter) addition to curl:
+ - lib: feature deprecation warnings in gcc >= 4.3
+ - lib: fix some type mismatches and remove unneeded typecasts
+ - lib: parse numbers with fixed known base 10
+ - lib: remove bad set.opt_no_body assignments
+ - lib: rewind BEFORE request instead of AFTER previous
+ - lib: sync guard for Curl_getaddrinfo_ex() definition and use
+ - lib: use size_t or int etc instead of longs
+ - libcurl-errors.3: remove duplicate word
+ - libssh2: return error when ssh_hostkeyfunc returns error
+ - limit-rate.d: see also --rate
+ - log2changes.pl: wrap long lines at 80 columns
+ - Makefile.mk: address minor issues
+ - Makefile.mk: improve a GNU Make hack
+ - Makefile.mk: portable Makefile.m32
+ - maketgz: set the right version in lib/libcurl.plist
+ - mime: relax easy/mime structures binding
+ - misc: Fix incorrect spelling
+ - misc: remove duplicated include files
+ - misc: typo and grammar fixes
+ - negtelnetserver.py: have it call its close() method
+ - netrc.d: provide mutext info
+ - netware: remove leftover traces
+ - noproxy: also match with adjacent comma
+ - noproxy: guard against empty hostnames in noproxy check
+ - noproxy: tailmatch like in 7.85.0 and earlier
+ - nroff-scan.pl: detect double highlights
+ - ntlm: improve comment for encrypt_des
+ - ntlm: silence ubsan warning about copying from null target_info pointer
+ - openssl/mbedtls: use %d for outputing port with failf (int)
+ - openssl: prefix errors with '[lib]/[version]: '
+ - os400: use platform socklen_t in Curl_getnameinfo_a
+ - page-header: grammar improvement (display transfer rate)
+ - proxy: refactor haproxy protocol handling as connection filter
+ - README.md: remove badges and xmas-tree garnish
+ - rtsp: fix RTSP auth
+ - runtests: --no-debuginfod now disables DEBUGINFOD_URLS
+ - runtests: do CRLF replacements per section only
+ - scripts/checksrc.pl: detect duplicated include files
+ - sendf: change Curl_read_plain to wrap Curl_recv_plain
+ - sendf: remove unnecessary if condition
+ - setup: do not require __MRC__ defined for Mac OS 9 builds
+ - smb/telnet: do not free the protocol struct in *_done()
+ - socks: fix username max size is 255 (0xFF)
+ - spellcheck.words: remove 'github' as an accepted word
+ - ssl-reqd.d: clarify that this is for upgrading connections only
+ - strcase: use curl_str(n)equal for case insensitive matches
+ - styled-output.d: this option does not work on Windows
+ - system.h: fix socklen_t, curl_off_t, long long for Classic Mac OS
+ - system.h: support 64-bit curl_off_t for NonStop 32-bit
+ - test1421: fix typo
+ - test3026: reduce runtime in legacy mingw builds
+ - tests/sshserver.pl: re-enable ssh-rsa while using openssh 8.8+
+ - tests: add authorityInfoAccess to generated certs
+ - tests: add HTTP/3 test case, custom location for proper nghttpx
+ - tls: backends use connection filters for IO, enabling HTTPS-proxy
+ - tool: determine the correct fopen option for -D
+ - tool_cfgable: free the ssl_ec_curves on exit
+ - tool_cfgable: make socks5_gssapi_nec a boolean
+ - tool_formparse: avoid clobbering on function params
+ - tool_getparam: make --no-get work as the opposite of --get
+ - tool_operate: provide better errmsg for -G with bad URL
+ - tool_operate: when aborting, make sure there is a non-NULL error buffer
+ - tool_paramhlp: free the proto strings on exit
+ - url: move back the IDN conversion of proxy names
+ - urlapi: reject more bad letters from the host name: &+()
+ - urldata: change port num storage to int and unsigned short
+ - vms: remove SIZEOF_SHORT
+ - vtls: fix build without proxy support
+ - vtls: localization of state data in filters
+ - WEBSOCKET.md: fix broken link
+ - Websocket: fixes for partial frames and buffer updates
+ - websockets: fix handling of partial frames
+ - windows: fail early with a missing windres in autotools
+ - windows: fix linking .rc to shared curl with autotools
+ - winidn: drop WANT_IDN_PROTOTYPES
+ - ws: if no connection is around, return error
+ - ws: return CURLE_NOT_BUILT_IN when websockets not built in
+ - x509asn1: avoid freeing unallocated pointers
+
+-------------------------------------------------------------------
Old:
----
curl-7.86.0.tar.xz
curl-7.86.0.tar.xz.asc
New:
----
curl-7.87.0.tar.xz
curl-7.87.0.tar.xz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ curl.spec ++++++
--- /var/tmp/diff_new_pack.wlK7Ne/_old 2022-12-23 10:20:44.643220582 +0100
+++ /var/tmp/diff_new_pack.wlK7Ne/_new 2022-12-23 10:20:44.647220605 +0100
@@ -21,7 +21,7 @@
# need ssl always for python-pycurl
%bcond_without openssl
Name: curl
-Version: 7.86.0
+Version: 7.87.0
Release: 0
Summary: A Tool for Transferring Data from URLs
License: curl
++++++ curl-7.86.0.tar.xz -> curl-7.87.0.tar.xz ++++++
++++ 85547 lines of diff (skipped)
++++++ libcurl-ocloexec.patch ++++++
--- /var/tmp/diff_new_pack.wlK7Ne/_old 2022-12-23 10:20:45.807227234 +0100
+++ /var/tmp/diff_new_pack.wlK7Ne/_new 2022-12-23 10:20:45.811227257 +0100
@@ -7,11 +7,11 @@
compile time is not enough.
-Index: curl-7.85.0/lib/file.c
+Index: curl-7.87.0/lib/file.c
===================================================================
---- curl-7.85.0.orig/lib/file.c
-+++ curl-7.85.0/lib/file.c
-@@ -222,7 +222,7 @@ static CURLcode file_connect(struct Curl
+--- curl-7.87.0.orig/lib/file.c
++++ curl-7.87.0/lib/file.c
+@@ -232,7 +232,7 @@ static CURLcode file_connect(struct Curl
}
}
#else
@@ -20,7 +20,7 @@
file->path = real_path;
#endif
#endif
-@@ -307,7 +307,7 @@ static CURLcode file_upload(struct Curl_
+@@ -318,7 +318,7 @@ static CURLcode file_upload(struct Curl_
else
mode = MODE_DEFAULT|O_TRUNC;
@@ -29,10 +29,10 @@
if(fd < 0) {
failf(data, "Can't open %s for writing", file->path);
return CURLE_WRITE_ERROR;
-Index: curl-7.85.0/lib/if2ip.c
+Index: curl-7.87.0/lib/if2ip.c
===================================================================
---- curl-7.85.0.orig/lib/if2ip.c
-+++ curl-7.85.0/lib/if2ip.c
+--- curl-7.87.0.orig/lib/if2ip.c
++++ curl-7.87.0/lib/if2ip.c
@@ -206,7 +206,7 @@ if2ip_result_t Curl_if2ip(int af,
if(len >= sizeof(req.ifr_name))
return IF2IP_NOT_FOUND;
@@ -42,11 +42,11 @@
if(CURL_SOCKET_BAD == dummy)
return IF2IP_NOT_FOUND;
-Index: curl-7.85.0/lib/connect.c
+Index: curl-7.87.0/lib/connect.c
===================================================================
---- curl-7.85.0.orig/lib/connect.c
-+++ curl-7.85.0/lib/connect.c
-@@ -1651,7 +1651,9 @@ CURLcode Curl_socket(struct Curl_easy *d
+--- curl-7.87.0.orig/lib/connect.c
++++ curl-7.87.0/lib/connect.c
+@@ -1559,7 +1559,9 @@ CURLcode Curl_socket(struct Curl_easy *d
}
else
/* opensocket callback not set, so simply create the socket now */
@@ -57,11 +57,11 @@
if(*sockfd == CURL_SOCKET_BAD)
/* no socket, no connection */
-Index: curl-7.85.0/configure.ac
+Index: curl-7.87.0/configure.ac
===================================================================
---- curl-7.85.0.orig/configure.ac
-+++ curl-7.85.0/configure.ac
-@@ -335,6 +335,8 @@ AC_DEFINE_UNQUOTED(OS, "${host}", [cpu-m
+--- curl-7.87.0.orig/configure.ac
++++ curl-7.87.0/configure.ac
+@@ -347,6 +347,8 @@ AC_DEFINE_UNQUOTED(OS, "${host}", [cpu-m
# Silence warning: ar: 'u' modifier ignored since 'D' is the default
AC_SUBST(AR_FLAGS, [cr])
@@ -70,20 +70,19 @@
dnl This defines _ALL_SOURCE for AIX
CURL_CHECK_AIX_ALL_SOURCE
-Index: curl-7.85.0/lib/hostip.c
+Index: curl-7.87.0/lib/hostip.c
===================================================================
---- curl-7.85.0.orig/lib/hostip.c
-+++ curl-7.85.0/lib/hostip.c
-@@ -51,7 +51,7 @@
- #ifdef HAVE_PROCESS_H
- #include <process.h>
+--- curl-7.87.0.orig/lib/hostip.c
++++ curl-7.87.0/lib/hostip.c
+@@ -48,6 +48,7 @@
+ #include <signal.h>
#endif
--
+
+#include <fcntl.h>
#include "urldata.h"
#include "sendf.h"
#include "hostip.h"
-@@ -551,7 +551,7 @@ bool Curl_ipv6works(struct Curl_easy *da
+@@ -576,7 +577,7 @@ bool Curl_ipv6works(struct Curl_easy *da
else {
int ipv6_works = -1;
/* probe to see if we have a working IPv6 stack */
