Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package curl for openSUSE:Factory checked in at 2024-09-12 16:54:04 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/curl (Old) and /work/SRC/openSUSE:Factory/.curl.new.17570 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "curl" Thu Sep 12 16:54:04 2024 rev:202 rq:1200087 version:8.10.0 Changes: -------- --- /work/SRC/openSUSE:Factory/curl/curl.changes 2024-08-13 13:22:17.399861424 +0200 +++ /work/SRC/openSUSE:Factory/.curl.new.17570/curl.changes 2024-09-12 16:54:14.103556171 +0200 @@ -1,0 +2,64 @@ +Wed Sep 11 06:36:42 UTC 2024 - Pedro Monreal <[email protected]> + +- Update to version 8.10.0: + * Security fixes: + - [bsc#1230093, CVE-2024-8096] curl: OCSP stapling bypass with GnuTLS + * Changes: + - curl: make --rate accept "number of units" + - curl: make --show-headers the same as --include + - curl: support --dump-header % to direct to stderr + - curl: support embedding a CA bundle and --dump-ca-embed + - curl: support repeated use of the verbose option; -vv etc + - curl: use libuv for parallel transfers with --test-event + - vtls: stop offering alpn http/1.1 for http2-prior-knowledge + * Bugfixes: + - curl: allow 500MB data URL encode strings + - curl: warn on unsupported SSL options + - Curl_rand_bytes to control env override + - curl_sha512_256: fix symbol collisions with nettle library + - dist: fix reproducible build from release tarball + - http2: fix GOAWAY message sent to server + - http2: improve rate limiting of downloads + - INSTALL.md: MultiSSL and QUIC are mutually exclusive + - lib: add eos flag to send methods + - lib: make SSPI global symbols use Curl_ prefix + - lib: prefer `CURL_SHA256_DIGEST_LENGTH` over the unprefixed name + - lib: remove the final strncpy() calls + - lib: remove use of RANDOM_FILE + - Makefile.mk: fixup enabling libidn2 + - max-filesize.md: mention zero disables the limit + - mime: avoid inifite loop in client reader + - ngtcp2: use NGHTTP3 prefix instead of NGTCP2 for errors in h3 callbacks + - openssl quic: fix memory leak + - openssl: certinfo errors now fail correctly + - openssl: fix the data race when sharing an SSL session between threads + - openssl: improve shutdown handling + - POP3: fix multi-line responses + - pop3: use the protocol handler ->write_resp + - progress: ratelimit/progress tweaks + - rand: only provide weak random when needed + - sectransp: fix setting tls version + - setopt: make CURLOPT_TFTP_BLKSIZE accept bad values + - sha256: fix symbol collision between nettle (GnuTLS) and OpenSSL + - sigpipe: init the struct so that first apply ignores + - smb: convert superflous assign into assert + - smtp: add tracing feature + - spnego_gssapi: implement TLS channel bindings for openssl + - src: delete `curlx_m*printf()` aliases + - ssh: deduplicate SSH backend includes (and fix libssh cmake unity build) + - tool_operhlp: fix "potentially uninitialized local variable 'pc' used" + - tool_paramhlp: bump maximum post data size in memory to 16GB + - transfer: skip EOS read when download done + - url: fix connection reuse for HTTP/2 upgrades + - urlapi: verify URL *decoded* hostname when set + - urldata: introduce `data->mid`, a unique identifier inside a multi + - vtls: add SSLSUPP_CIPHER_LIST + - vtls: fix static function name collisions between TLS backends + - vtls: init ssl peer only once + - websocket: introduce blocking sends + - ws: flags to opcodes should ignore CURLWS_CONT flag + - x509asn1: raise size limit for x509 certification information + * Remove curl-sigpipe.patch upstream + * Rebase curl-secure-getenv.patch + +------------------------------------------------------------------- Old: ---- curl-8.9.1.tar.xz curl-8.9.1.tar.xz.asc curl-sigpipe.patch New: ---- curl-8.10.0.tar.xz curl-8.10.0.tar.xz.asc BETA DEBUG BEGIN: Old: - x509asn1: raise size limit for x509 certification information * Remove curl-sigpipe.patch upstream * Rebase curl-secure-getenv.patch BETA DEBUG END: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ curl.spec ++++++ --- /var/tmp/diff_new_pack.CQHVTD/_old 2024-09-12 16:54:14.731582298 +0200 +++ /var/tmp/diff_new_pack.CQHVTD/_new 2024-09-12 16:54:14.735582464 +0200 @@ -29,7 +29,7 @@ %endif Name: curl%{?psuffix} -Version: 8.9.1 +Version: 8.10.0 Release: 0 Summary: A Tool for Transferring Data from URLs License: curl @@ -43,8 +43,6 @@ Patch2: curl-secure-getenv.patch #PATCH-FIX-OPENSUSE bsc#1076446 protocol redirection not supported or disabled Patch3: curl-disabled-redirect-protocol-message.patch -#PATCH-FIX-UPSTREAM sigpipe: init the struct so that first apply ignores -Patch4: curl-sigpipe.patch BuildRequires: groff BuildRequires: libtool BuildRequires: pkgconfig @@ -228,7 +226,7 @@ %if !%{with mini} %files -%doc README RELEASE-NOTES CHANGES +%doc README RELEASE-NOTES CHANGES.md %doc docs/{BUGS.md,FAQ,FEATURES.md,TODO,TheArtOfHttpScripting.md} %{_bindir}/curl %{_mandir}/man1/curl.1%{?ext_man} ++++++ curl-8.9.1.tar.xz -> curl-8.10.0.tar.xz ++++++ ++++ 110075 lines of diff (skipped) ++++++ curl-secure-getenv.patch ++++++ --- /var/tmp/diff_new_pack.CQHVTD/_old 2024-09-12 16:54:15.763625233 +0200 +++ /var/tmp/diff_new_pack.CQHVTD/_new 2024-09-12 16:54:15.767625400 +0200 @@ -1,7 +1,7 @@ -Index: curl-8.5.0/lib/getenv.c +Index: curl-8.10.0/lib/getenv.c =================================================================== ---- curl-8.5.0.orig/lib/getenv.c -+++ curl-8.5.0/lib/getenv.c +--- curl-8.10.0.orig/lib/getenv.c ++++ curl-8.10.0/lib/getenv.c @@ -29,6 +29,14 @@ #include "memdebug.h" @@ -26,17 +26,17 @@ return (env && env[0])?strdup(env):NULL; #endif } -Index: curl-8.5.0/configure.ac +Index: curl-8.10.0/configure.ac =================================================================== ---- curl-8.5.0.orig/configure.ac -+++ curl-8.5.0/configure.ac -@@ -4767,6 +4767,8 @@ if test "x$want_curldebug_assumed" = "xy +--- curl-8.10.0.orig/configure.ac ++++ curl-8.10.0/configure.ac +@@ -5213,6 +5213,8 @@ if test "x$want_curldebug_assumed" = "xy ac_configure_args="$ac_configure_args --enable-curldebug" fi +AC_CHECK_FUNCS([__secure_getenv secure_getenv]) + - AC_CONFIG_FILES([Makefile \ - docs/Makefile \ - docs/examples/Makefile \ + AC_CONFIG_FILES([\ + Makefile \ + docs/Makefile \
