Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package curl for openSUSE:Factory checked in at 2024-03-28 13:52:50 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/curl (Old) and /work/SRC/openSUSE:Factory/.curl.new.1905 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "curl" Thu Mar 28 13:52:50 2024 rev:196 rq:1163136 version:8.7.1 Changes: -------- --- /work/SRC/openSUSE:Factory/curl/curl.changes 2024-03-13 22:17:04.940969180 +0100 +++ /work/SRC/openSUSE:Factory/.curl.new.1905/curl.changes 2024-03-28 14:05:16.657548753 +0100 @@ -1,0 +2,51 @@ +Wed Mar 27 09:38:34 UTC 2024 - Pedro Monreal <[email protected]> + +- Update to 8.7.1: + * Fixed empty tool_hugehelp.c file + +- Update to 8.7.0: + * Security fixes: + - [bsc#1221665, CVE-2024-2004] Usage of disabled protocol + - [bsc#1221667, CVE-2024-2398] HTTP/2 push headers memory-leak + - [bsc#1221666, CVE-2024-2379] QUIC certificate check bypass with wolfSSL + - [bsc#1221668, CVE-2024-2466] TLS certificate check bypass with mbedTLS + * Changes: + - configure: add --disable-docs flag + - CURLINFO_USED_PROXY: return bool whether the proxy was used + - digest: support SHA-512/256 + * Bugfixes: + - asyn-thread: use wakeup_close to close the read descriptor + - bufq: writing into a softlimit queue cannot be partial + - cmake: add USE_OPENSSL_QUIC support + - cookie: if psl fails, reject the cookie + - curl: exit on config file parser errors + - digest: add check for hashing error + - docs/libcurl: add TLS backend info for all TLS options + - file: use xfer buf for file:// transfers + - ftp: do lineend conversions in client writer + - ftp: fix socket wait activity in ftp_domore_getsock + - http2: memory errors in the push callbacks are fatal + - http2: push headers better cleanup + - libssh/libssh2: return error on too big range + - OpenSSL QUIC: adapt to v3.3.x + - setopt: fix check for CURLOPT_PROXY_TLSAUTH_TYPE value + - setopt: fix disabling all protocols + - sha512_256: add support for GnuTLS and OpenSSL + - smtp: fix STARTTLS + - strtoofft: fix the overflow check + - TIMER_STARTTRANSFER: set the same for everyone + - TLS: start shutdown only when peer did not already close + - tool_getparam: accept a blank -w "" + - tool_getparam: handle non-existing (out of range) short-options + - tool_operate: change precedence of server Retry-After time + - transfer.c: break receive loop in speed limited transfers + - version: allow building with ancient libpsl + - vquic-tls: fix the error code returned for bad CA file + - vtls: fix tls proxy peer verification + - vtls: revert "receive max buffer" + add test case + - VULN-DISCLOSURE-POLICY.md: update detail about CVE requests + - websocket: fix curl_ws_recv() + * Remove patch upstream: + - 0001-vtls-revert-receive-max-buffer-add-test-case.patch + +------------------------------------------------------------------- Old: ---- 0001-vtls-revert-receive-max-buffer-add-test-case.patch curl-8.6.0.tar.xz curl-8.6.0.tar.xz.asc New: ---- curl-8.7.1.tar.xz curl-8.7.1.tar.xz.asc BETA DEBUG BEGIN: Old: * Remove patch upstream: - 0001-vtls-revert-receive-max-buffer-add-test-case.patch BETA DEBUG END: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ curl.spec ++++++ --- /var/tmp/diff_new_pack.qMNoQi/_old 2024-03-28 14:05:32.218121475 +0100 +++ /var/tmp/diff_new_pack.qMNoQi/_new 2024-03-28 14:05:32.222121623 +0100 @@ -21,7 +21,7 @@ # need ssl always for python-pycurl %bcond_without openssl Name: curl -Version: 8.6.0 +Version: 8.7.1 Release: 0 Summary: A Tool for Transferring Data from URLs License: curl @@ -35,8 +35,6 @@ Patch2: curl-secure-getenv.patch #PATCH-FIX-OPENSUSE bsc#1076446 protocol redirection not supported or disabled Patch3: curl-disabled-redirect-protocol-message.patch -# PATCH-FIX-UPSTREAM -Patch4: 0001-vtls-revert-receive-max-buffer-add-test-case.patch BuildRequires: libtool BuildRequires: pkgconfig Requires: libcurl4 = %{version} @@ -125,7 +123,9 @@ --with-libssh \ --enable-symbol-hiding \ --disable-static \ - --enable-threaded-resolver + --enable-threaded-resolver \ + --with-zsh-functions-dir=%{_datadir}/zsh/site-functions/ \ + --with-fish-functions-dir=%{_datadir}/fish/vendor_completions.d # if this fails, the above sed hack did not work ./libtool --config | grep -q link_all_deplibs=no @@ -161,7 +161,6 @@ %{_bindir}/curl %{_datadir}/zsh/site-functions/_curl %{_mandir}/man1/curl.1%{?ext_man} -%{_mandir}/man1/mk-ca-bundle.1%{?ext_man} %dir %{_datadir}/zsh %dir %{_datadir}/zsh/site-functions %dir %{_datadir}/fish/ ++++++ curl-8.6.0.tar.xz -> curl-8.7.1.tar.xz ++++++ ++++ 92584 lines of diff (skipped)
