Hello community, here is the log from the commit of package curl for openSUSE:Factory checked in at 2019-03-01 20:26:00 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/curl (Old) and /work/SRC/openSUSE:Factory/.curl.new.28833 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "curl" Fri Mar 1 20:26:00 2019 rev:142 rq:679773 version:7.64.0 Changes: -------- --- /work/SRC/openSUSE:Factory/curl/curl-mini.changes 2019-01-25 22:41:42.871350220 +0100 +++ /work/SRC/openSUSE:Factory/.curl.new.28833/curl-mini.changes 2019-03-01 20:26:02.738060058 +0100 @@ -1,0 +2,101 @@ +Wed Feb 27 08:53:31 UTC 2019 - Stephan Kulow <[email protected]> + +- BuildRequire libcurl4-mini for !bootstrap to avoid build cycles + due to cmake pulling libcurl4 + +------------------------------------------------------------------- +Wed Feb 6 09:16:58 UTC 2019 - Pedro Monreal Gonzalez <[email protected]> + +- update to version 7.64.0 + [bcs#1123371, CVE-2018-16890][bcs#1123377, CVE-2019-3822] + [bcs#1123378, CVE-2019-3823] + * Changes: + - cookies: leave secure cookies alone + - hostip: support wildcard hosts + - http: Implement trailing headers for chunked transfers + - http: added options for allowing HTTP/0.9 responses + - timeval: Use high resolution timestamps on Windows + * Bugfixes: + - CVE-2018-16890: NTLM type-2 out-of-bounds buffer read + - CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow + - CVE-2019-3823: SMTP end-of-response out-of-bounds read + - FAQ: remove mention of sourceforge for github + - OS400: handle memory error in list conversion + - OS400: upgrade ILE/RPG binding. + - README: add codacy code quality badge + - Revert http_negotiate: do not close connection + - THANKS: added several missing names from year <= 2000 + - build: make 'tidy' target work for metalink builds + - cmake: added checks for variadic macros + - cmake: updated check for HAVE_POLL_FINE to match autotools + - cmake: use lowercase for function name like the rest of the code + - configure: detect xlclang separately from clang + - configure: fix recv/send/select detection on Android + - configure: rewrite --enable-code-coverage + - conncache_unlock: avoid indirection by changing input argument type + - cookie: fix comment typo + - cookies: allow secure override when done over HTTPS + - cookies: extend domain checks to non psl builds + - cookies: skip custom cookies when redirecting cross-site + - curl --xattr: strip credentials from any URL that is stored + - curl -J: refuse to append to the destination file + - curl/urlapi.h: include "curl.h" first + - curl_multi_remove_handle() don't block terminating c-ares requests + - darwinssl: accept setting max-tls with default min-tls + - disconnect: separate connections and easy handles better + - disconnect: set conn->data for protocol disconnect + - docs/version.d: mention MultiSSL + - docs: fix the --tls-max description + - docs: use $(INSTALL_DATA) to install man page + - docs: use meaningless port number in CURLOPT_LOCALPORT example + - gopher: always include the entire gopher-path in request + - http2: clear pause stream id if it gets closed + - if2ip: remove unused function Curl_if_is_interface_name + - libssh: do not let libssh create socket + - libssh: enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION for libssh + - libssh: free sftp_canonicalize_path() data correctly + - libtest/stub_gssapi: use "real" snprintf + - mbedtls: use VERIFYHOST + - multi: multiplexing improvements + - multi: set the EXPIRE_*TIMEOUT timers at TIMER_STARTSINGLE time + - ntlm: fix NTMLv2 compliance + - ntlm_sspi: add support for channel binding + - openssl: adapt to 3.0.0, OpenSSL_version_num() is deprecated + - openssl: fix the SSL_get_tlsext_status_ocsp_resp call + - openvms: fix OpenSSL discovery on VAX + - openvms: fix typos in documentation + - os400: add a missing closing bracket + - os400: fix extra parameter syntax error + - pingpong: change default response timeout to 120 seconds + - pingpong: ignore regular timeout in disconnect phase + - printf: fix format specifiers + - runtests.pl: Fix perl call to include srcdir + - schannel: fix compiler warning + - schannel: preserve original certificate path parameter + - schannel: stop calling it "winssl" + - sigpipe: if mbedTLS is used, ignore SIGPIPE + - smb: fix incorrect path in request if connection reused + - ssh: log the libssh2 error message when ssh session startup fails + - test1558: verify CURLINFO_PROTOCOL on file:// transfer + - test1561: improve test name + - test1653: make it survive torture tests + - tests: allow tests to pass by 2037-02-12 + - tests: move objnames-* from lib into tests + - timediff: fix math for unsigned time_t + - timeval: Disable MSVC Analyzer GetTickCount warning + - tool_cb_prg: avoid integer overflow + - travis: added cmake build for osx + - urlapi: Fix port parsing of eol colon + - urlapi: distinguish possibly empty query + - urlapi: fix parsing ipv6 with zone index + - urldata: rename easy_conn to just conn + - winbuild: conditionally use /DZLIB_WINAPI + - wolfssl: fix memory-leak in threaded use + - spnego_sspi: add support for channel binding + +------------------------------------------------------------------- +Mon Jan 28 18:47:00 UTC 2019 - Jan Engelhardt <[email protected]> + +- Fix wrong summary, curl is at version 7, not 4. + +------------------------------------------------------------------- curl.changes: same change Old: ---- curl-7.63.0.tar.gz curl-7.63.0.tar.gz.asc New: ---- curl-7.64.0.tar.xz curl-7.64.0.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ curl-mini.spec ++++++ --- /var/tmp/diff_new_pack.lgGKgz/_old 2019-03-01 20:26:03.958059772 +0100 +++ /var/tmp/diff_new_pack.lgGKgz/_new 2019-03-01 20:26:03.962059771 +0100 @@ -29,14 +29,14 @@ # need ssl always for python-pycurl %bcond_without openssl Name: curl-mini -Version: 7.63.0 +Version: 7.64.0 Release: 0 Summary: A Tool for Transferring Data from URLs License: curl Group: Productivity/Networking/Web/Utilities Url: https://curl.haxx.se/ -Source: https://curl.haxx.se/download/curl-%{version}.tar.gz -Source2: https://curl.haxx.se/download/curl-%{version}.tar.gz.asc +Source: https://curl.haxx.se/download/curl-%{version}.tar.xz +Source2: https://curl.haxx.se/download/curl-%{version}.tar.xz.asc Source3: baselibs.conf Source4: https://daniel.haxx.se/mykey.asc#/curl.keyring Patch0: libcurl-ocloexec.patch @@ -60,6 +60,8 @@ BuildRequires: pkgconfig(libpsl) BuildRequires: pkgconfig(libssh) BuildRequires: pkgconfig(zlib) +# avoid our own libcurl4 pulled in by cmake +#!BuildRequires: libcurl4-mini %else Requires: this-is-only-for-build-envs Conflicts: curl @@ -85,7 +87,7 @@ without user interaction or any kind of interactivity. %package -n libcurl4%{?mini} -Summary: Version 4 of cURL shared library +Summary: Library for transferring data from URLs Group: Productivity/Networking/Web/Utilities %if 0%{?bootstrap} Provides: libcurl4 = %{version} @@ -94,11 +96,11 @@ %endif %description -n libcurl4%{?mini} -The cURL shared library version 4 for accessing data using different +The cURL shared library for accessing data using different network protocols. %package -n libcurl%{?mini}-devel -Summary: A Tool for Transferring Data from URLs +Summary: Development files for the curl library Group: Development/Libraries/C and C++ Requires: glibc-devel Requires: libcurl4%{?mini} = %{version} ++++++ curl.spec ++++++ --- /var/tmp/diff_new_pack.lgGKgz/_old 2019-03-01 20:26:03.974059769 +0100 +++ /var/tmp/diff_new_pack.lgGKgz/_new 2019-03-01 20:26:03.978059768 +0100 @@ -27,14 +27,14 @@ # need ssl always for python-pycurl %bcond_without openssl Name: curl -Version: 7.63.0 +Version: 7.64.0 Release: 0 Summary: A Tool for Transferring Data from URLs License: curl Group: Productivity/Networking/Web/Utilities Url: https://curl.haxx.se/ -Source: https://curl.haxx.se/download/curl-%{version}.tar.gz -Source2: https://curl.haxx.se/download/curl-%{version}.tar.gz.asc +Source: https://curl.haxx.se/download/curl-%{version}.tar.xz +Source2: https://curl.haxx.se/download/curl-%{version}.tar.xz.asc Source3: baselibs.conf Source4: https://daniel.haxx.se/mykey.asc#/curl.keyring Patch0: libcurl-ocloexec.patch @@ -58,6 +58,8 @@ BuildRequires: pkgconfig(libpsl) BuildRequires: pkgconfig(libssh) BuildRequires: pkgconfig(zlib) +# avoid our own libcurl4 pulled in by cmake +#!BuildRequires: libcurl4-mini %else Requires: this-is-only-for-build-envs Conflicts: curl @@ -83,7 +85,7 @@ without user interaction or any kind of interactivity. %package -n libcurl4%{?mini} -Summary: Version 4 of cURL shared library +Summary: Library for transferring data from URLs Group: Productivity/Networking/Web/Utilities %if 0%{?bootstrap} Provides: libcurl4 = %{version} @@ -92,11 +94,11 @@ %endif %description -n libcurl4%{?mini} -The cURL shared library version 4 for accessing data using different +The cURL shared library for accessing data using different network protocols. %package -n libcurl%{?mini}-devel -Summary: A Tool for Transferring Data from URLs +Summary: Development files for the curl library Group: Development/Libraries/C and C++ Requires: glibc-devel Requires: libcurl4%{?mini} = %{version}
