Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package curl for openSUSE:Factory checked in at 2024-01-31 23:53:56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/curl (Old) and /work/SRC/openSUSE:Factory/.curl.new.1815 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "curl" Wed Jan 31 23:53:56 2024 rev:193 rq:1143014 version:8.6.0 Changes: -------- --- /work/SRC/openSUSE:Factory/curl/curl.changes 2024-01-09 20:48:49.750422236 +0100 +++ /work/SRC/openSUSE:Factory/.curl.new.1815/curl.changes 2024-01-31 23:54:08.473835917 +0100 @@ -1,0 +2,50 @@ +Wed Jan 31 09:11:56 UTC 2024 - Pedro Monreal <[email protected]> + +- Update to 8.6.0: [bsc#1219149, CVE-2024-0853] + * Security fixes: + - CVE-2024-0853: OCSP verification bypass with TLS session reuse + * Changes: + - add CURLE_TOO_LARGE, CURLINFO_QUEUE_TIME_T + * Bugfixes: + - altsvc: free 'as' when returning error + - asyn-ares: with modern c-ares, use its default timeout + - cf-socket: show errno in tcpkeepalive error messages + - cmdline-opts: update availability for the *-ca-native options + - configure: when enabling QUIC, check that TLS supports QUIC + - content_encoding: change return code to typedef'ed enum + - curl: show ipfs and ipns as supported "protocols" + - CURLINFO_REFERER.3: clarify that it is the *request* header + - dist: add tests/errorcodes.pl to the tarball + - gen.pl: support ## for doing .IP in table-like lists + - GHA: bump ngtcp2, gnutls, mod_h2, quiche + - hostip: return error immediately when Curl_ip2addr() fails + - http3/quiche: fix result code on a stream reset + - http3: initial support for OpenSSL 3.2 QUIC stack + - http: check for "Host:" case insensitively + - http: fix off-by-one error in request method length check + - http: only act on 101 responses when they are HTTP/1.1 + - lib: add debug log outputs for CURLE_BAD_FUNCTION_ARGUMENT + - lib: error out on multissl + http3 + - lib: fix variable undeclared error caused by `infof` changes + - lib: rename Curl_strndup to Curl_memdup0 to avoid misunderstanding + - lib: strndup/memdup instead of malloc, memcpy and null-terminate + - libssh2: use `libssh2_session_callback_set2()` with v1.11.1 + - ngtcp2: put h3 at the front of alpn + - openldap: fix an LDAP crash + - openldap: fix STARTTLS + - openssl: re-match LibreSSL deinit with init + - rtsp: deal with borked server responses + - sasl: make login option string override http auth + - tool: prepend output_dir in header callback + - tool_getparam: stop supporting `@filename` style for --cookie + - transfer: fix upload rate limiting, add test cases + - url: don't set default CA paths for Secure Transport backend + - url: for disabled protocols, mention if found in redirect + - vquic: extract TLS setup into own source + - websockets: check for negative payload lengths + * Remove patches fixed upstream: + - curl-adjust-pollset-fix.patch + - curl-tests-errorcodes.patch + * Rebase dont-mess-with-rpmoptflags.patch + +------------------------------------------------------------------- Old: ---- curl-8.5.0.tar.xz curl-8.5.0.tar.xz.asc curl-adjust-pollset-fix.patch curl-tests-errorcodes.patch New: ---- curl-8.6.0.tar.xz curl-8.6.0.tar.xz.asc BETA DEBUG BEGIN: Old: * Remove patches fixed upstream: - curl-adjust-pollset-fix.patch - curl-tests-errorcodes.patch Old: - curl-adjust-pollset-fix.patch - curl-tests-errorcodes.patch * Rebase dont-mess-with-rpmoptflags.patch BETA DEBUG END: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ curl.spec ++++++ --- /var/tmp/diff_new_pack.AhQ8HM/_old 2024-01-31 23:54:09.045856558 +0100 +++ /var/tmp/diff_new_pack.AhQ8HM/_new 2024-01-31 23:54:09.049856703 +0100 @@ -21,7 +21,7 @@ # need ssl always for python-pycurl %bcond_without openssl Name: curl -Version: 8.5.0 +Version: 8.6.0 Release: 0 Summary: A Tool for Transferring Data from URLs License: curl @@ -35,10 +35,6 @@ Patch2: curl-secure-getenv.patch #PATCH-FIX-OPENSUSE bsc#1076446 protocol redirection not supported or disabled Patch3: curl-disabled-redirect-protocol-message.patch -#PATCH-FIX-UPSTREAM dist: add tests/errorcodes.pl to the tarball -Patch4: curl-tests-errorcodes.patch -# fix MPD http streaming: https://github.com/curl/curl/issues/12632 -Patch5: curl-adjust-pollset-fix.patch BuildRequires: libtool BuildRequires: pkgconfig Requires: libcurl4 = %{version} @@ -174,6 +170,7 @@ %{_bindir}/curl %{_datadir}/zsh/site-functions/_curl %{_mandir}/man1/curl.1%{?ext_man} +%{_mandir}/man1/mk-ca-bundle.1%{?ext_man} %dir %{_datadir}/zsh %dir %{_datadir}/zsh/site-functions %dir %{_datadir}/fish/ ++++++ curl-8.5.0.tar.xz -> curl-8.6.0.tar.xz ++++++ ++++ 217427 lines of diff (skipped) ++++++ dont-mess-with-rpmoptflags.patch ++++++ --- /var/tmp/diff_new_pack.AhQ8HM/_old 2024-01-31 23:54:10.181897553 +0100 +++ /var/tmp/diff_new_pack.AhQ8HM/_new 2024-01-31 23:54:10.185897697 +0100 @@ -1,11 +1,11 @@ -Index: curl-7.82.0/configure.ac +Index: curl-8.6.0/configure.ac =================================================================== ---- curl-7.82.0.orig/configure.ac -+++ curl-7.82.0/configure.ac -@@ -395,10 +395,6 @@ dnl platform/compiler/architecture speci - dnl ********************************************************************** +--- curl-8.6.0.orig/configure.ac ++++ curl-8.6.0/configure.ac +@@ -506,10 +506,6 @@ dnl ************************************ CURL_CHECK_COMPILER + CURL_CHECK_NATIVE_WINDOWS -CURL_SET_COMPILER_BASIC_OPTS -CURL_SET_COMPILER_DEBUG_OPTS -CURL_SET_COMPILER_OPTIMIZE_OPTS
