Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package curl for openSUSE:Factory checked in
at 2024-12-13 22:30:53
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/curl (Old)
and /work/SRC/openSUSE:Factory/.curl.new.29675 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "curl"
Fri Dec 13 22:30:53 2024 rev:206 rq:1230014 version:8.11.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/curl/curl.changes 2024-11-15
15:39:34.861225677 +0100
+++ /work/SRC/openSUSE:Factory/.curl.new.29675/curl.changes 2024-12-13
22:32:23.551195267 +0100
@@ -1,0 +2,40 @@
+Wed Dec 11 07:42:31 UTC 2024 - Pedro Monreal <pmonr...@suse.com>
+
+- Update to 8.11.1:
+ * Security fixes:
+ - netrc and redirect credential leak [bsc#1234068, CVE-2024-11053]
+ * Bugfixes:
+ - build: fix ECH to always enable HTTPS RR
+ - cookie: treat cookie name case sensitively
+ - curl-rustls.m4: keep existing 'CPPFLAGS'/'LDFLAGS' when detected
+ - curl: use realtime in trace timestamps
+ - digest: produce a shorter cnonce in Digest headers
+ - docs: document default 'User-Agent'
+ - docs: suggest --ssl-reqd instead of --ftp-ssl
+ - duphandle: also init netrc
+ - hostip: don't use the resolver for FQDN localhost
+ - http_negotiate: allow for a one byte larger channel binding buffer
+ - krb5: fix socket/sockindex confusion, MSVC compiler warnings
+ - libssh: use libssh sftp_aio to upload file
+ - libssh: when using IPv6 numerical address, add brackets
+ - mime: fix reader stall on small read lengths
+ - mk-ca-bundle: remove CKA_NSS_SERVER_DISTRUST_AFTER conditions
+ - mprintf: fix the integer overflow checks
+ - multi: fix callback for 'CURLMOPT_TIMERFUNCTION' not being called again
when...
+ - netrc: address several netrc parser flaws
+ - netrc: support large file, longer lines, longer tokens
+ - nghttp2: use custom memory functions
+ - OpenSSL: improvde error message on expired certificate
+ - openssl: remove three "Useless Assignments"
+ - openssl: stop using SSL_CTX_ function prefix for our functions
+ - pytest: add test for use of CURLMOPT_MAX_HOST_CONNECTIONS
+ - rtsp: check EOS in the RTSP receive and return an error code
+ - schannel: remove TLS 1.3 ciphersuite-list support
+ - setopt: fix CURLOPT_HTTP_CONTENT_DECODING
+ - setopt: fix missing options for builds without HTTP & MQTT
+ - socket: handle binding to "host!<ip>"
+ - socketpair: fix enabling 'USE_EVENTFD'
+ - strtok: use namespaced 'strtok_r' macro instead of redefining it
+ * Remove 0001-duphandle-also-init-netrc.patch upstream
+
+-------------------------------------------------------------------
Old:
----
0001-duphandle-also-init-netrc.patch
curl-8.11.0.tar.xz
curl-8.11.0.tar.xz.asc
New:
----
curl-8.11.1.tar.xz
curl-8.11.1.tar.xz.asc
BETA DEBUG BEGIN:
Old: - strtok: use namespaced 'strtok_r' macro instead of redefining it
* Remove 0001-duphandle-also-init-netrc.patch upstream
BETA DEBUG END:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ curl.spec ++++++
--- /var/tmp/diff_new_pack.K3XZuK/_old 2024-12-13 22:32:24.131219458 +0100
+++ /var/tmp/diff_new_pack.K3XZuK/_new 2024-12-13 22:32:24.131219458 +0100
@@ -29,7 +29,7 @@
%endif
Name: curl%{?psuffix}
-Version: 8.11.0
+Version: 8.11.1
Release: 0
Summary: A Tool for Transferring Data from URLs
License: curl
@@ -43,8 +43,6 @@
Patch2: curl-secure-getenv.patch
#PATCH-FIX-OPENSUSE bsc#1076446 protocol redirection not supported or disabled
Patch3: curl-disabled-redirect-protocol-message.patch
-#PATCH-FIX-UPSTREAM fix parsingg of netrc in libcurl ghub#curl/curl#15496
-Patch4: 0001-duphandle-also-init-netrc.patch
BuildRequires: groff
BuildRequires: libtool
BuildRequires: pkgconfig
++++++ curl-8.11.0.tar.xz -> curl-8.11.1.tar.xz ++++++
++++ 21975 lines of diff (skipped)
