Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package curl for openSUSE:Factory checked in at 2021-06-05 23:30:06 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/curl (Old) and /work/SRC/openSUSE:Factory/.curl.new.1898 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "curl" Sat Jun 5 23:30:06 2021 rev:167 rq:895925 version:7.77.0 Changes: -------- --- /work/SRC/openSUSE:Factory/curl/curl.changes 2021-04-27 21:34:11.899937979 +0200 +++ /work/SRC/openSUSE:Factory/.curl.new.1898/curl.changes 2021-06-05 23:30:21.364315268 +0200 @@ -1,0 +2,31 @@ +Wed May 26 07:47:00 UTC 2021 - Pedro Monreal <[email protected]> + +- Update to 7.77.0: [bsc#1186114, CVE-2021-22898] + [bsc#1186115, bsc#1185579, CVE-2021-22901] + * Security fixes: + - CVE-2021-22297: schannel cipher selection surprise + - CVE-2021-22298: TELNET stack contents disclosure + - CVE-2021-22901: TLS session caching disaster + * Changes: + - configure: make the TLS library choice(s) explicit + - curl: ignore options asking for SSLv2 or SSLv3 + - hsts: enable by default + - SSL: support in-memory CA certs for some backends + - vtls: refuse setting any SSL version + * Bugfixes: + - configure: provide --with-openssl, deprecate --with-ssl + - cookie: CURLOPT_COOKIEFILE set to NULL switches off cookies + - curl: include libmetalink version in --version output + - data_pending: check only SECONDARY socket for FTP(S) transfers + - gnutls: don't allow TLS 1.3 for versions that don't support it + - gnutls: make setting only the MAX TLS allowed version work + - http2: fix resource leaks in set_transfer_url() and push_promise() + - http: limit the initial send amount to used upload buffer size + - rustls: only return CURLE_AGAIN when TLS session is fully drained + - rustls: use ALPN + - schannel: Disable auto credentials; add an option to enable it + - schannel: Support strong crypto option + - sectransp: allow cipher name to be specified + - sockfilt: avoid getting stuck waiting for writable socket + +------------------------------------------------------------------- Old: ---- curl-7.76.1.tar.xz curl-7.76.1.tar.xz.asc New: ---- curl-7.77.0.tar.xz curl-7.77.0.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ curl.spec ++++++ --- /var/tmp/diff_new_pack.jb7TLm/_old 2021-06-05 23:30:22.156316645 +0200 +++ /var/tmp/diff_new_pack.jb7TLm/_new 2021-06-05 23:30:22.160316653 +0200 @@ -21,7 +21,7 @@ # need ssl always for python-pycurl %bcond_without openssl Name: curl -Version: 7.76.1 +Version: 7.77.0 Release: 0 Summary: A Tool for Transferring Data from URLs License: curl ++++++ curl-7.76.1.tar.xz -> curl-7.77.0.tar.xz ++++++ ++++ 48951 lines of diff (skipped)
