Sync from SUSE:SLFO:Main curl revision eea87dafe251e3ad88a338e4369cb0ff

curl-8.11.0.tar.xz.asc

@@ -1,11 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmcrFoYACgkQXMkI/bce
-EsIHCAf/fcpnxxtl7XTgSXF3V2tntKZJskiiTuXsJtBCJoDWiOOjrM3gnafXC3Bt
-CcncdGHIubKuUTc+JeuQowr6e+oXWPX5k45SF35U9n1EvWgF/s8uxAF8vJdDQme9
-z30M6UjMkEB7tbADUt1Q7Dyh8ZWWsFC5emekYnMQVDvzmad76Z3o4ZeQAly7xUhd
-V++5Il3Ql44nyMeTDTlHOuOc3jiA5rCmoLr4mMbRqAO8wF+Y2KCDYd5BaNvXZOln
-snEM496m3p0S1sliiEnRwDeccepUpkAyHPQgESS/ATCIvFZb4/MDrLSc5HSr5K+8
-MNYxBV03wmfR5QUqihbH8KXZKpYDnw==
-=9DLI
------END PGP SIGNATURE-----

curl-8.11.1.tar.xz.asc

@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmdZOq0ACgkQXMkI/bce
+EsLzzQgAgcHNuFJ9GItp9dQxzcvXsnvozNy77WMmVKyprUvrUlSRXRXDMc/FTmtV
+pqtTT8XyyTxh8iSY31uvH4firhfunK49Z94SK7R95yp8nCPQOKXJXKyqdzf9i8sm
+MlT3W8RCiVG0wGvmatIdHCAEStjQZsdplyiTNGytgp+4C9iLmXhaxD6sw9JYZWh+
+BryeOnsC9MCjrxhtTc/vD0g+wdhhvBzd5kiqLYsxptdcBdCPlWHoK+FYsQN91oDq
+25G82kpCkzz4tKRhSQmjowJ2kw+pQ3QYC9/5VEeDckaFlRM0tZNJ3TwcpAFxbYBW
+Uni36T510ri+vHBpCrl9ur9mAkbTZA==
+=PffT
+-----END PGP SIGNATURE-----

curl.changes

@@ -1,9 +1,57 @@
+-------------------------------------------------------------------
+Wed Dec 11 07:42:31 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
+
+- Update to 8.11.1:
+  * Security fixes:
+    - netrc and redirect credential leak [bsc#1234068, CVE-2024-11053]
+  * Bugfixes:
+    - build: fix ECH to always enable HTTPS RR
+    - cookie: treat cookie name case sensitively
+    - curl-rustls.m4: keep existing 'CPPFLAGS'/'LDFLAGS' when detected
+    - curl: use realtime in trace timestamps
+    - digest: produce a shorter cnonce in Digest headers
+    - docs: document default 'User-Agent'
+    - docs: suggest --ssl-reqd instead of --ftp-ssl
+    - duphandle: also init netrc
+    - hostip: don't use the resolver for FQDN localhost
+    - http_negotiate: allow for a one byte larger channel binding buffer
+    - krb5: fix socket/sockindex confusion, MSVC compiler warnings
+    - libssh: use libssh sftp_aio to upload file
+    - libssh: when using IPv6 numerical address, add brackets
+    - mime: fix reader stall on small read lengths
+    - mk-ca-bundle: remove CKA_NSS_SERVER_DISTRUST_AFTER conditions
+    - mprintf: fix the integer overflow checks
+    - multi: fix callback for 'CURLMOPT_TIMERFUNCTION' not being called again when...
+    - netrc: address several netrc parser flaws
+    - netrc: support large file, longer lines, longer tokens
+    - nghttp2: use custom memory functions
+    - OpenSSL: improvde error message on expired certificate
+    - openssl: remove three "Useless Assignments"
+    - openssl: stop using SSL_CTX_ function prefix for our functions
+    - pytest: add test for use of CURLMOPT_MAX_HOST_CONNECTIONS
+    - rtsp: check EOS in the RTSP receive and return an error code
+    - schannel: remove TLS 1.3 ciphersuite-list support
+    - setopt: fix CURLOPT_HTTP_CONTENT_DECODING
+    - setopt: fix missing options for builds without HTTP & MQTT
+    - socket: handle binding to "host!<ip>"
+    - socketpair: fix enabling 'USE_EVENTFD'
+    - strtok: use namespaced 'strtok_r' macro instead of redefining it
+  * Remove 0001-duphandle-also-init-netrc.patch upstream
+
+-------------------------------------------------------------------
+Wed Nov 13 12:21:51 UTC 2024 - Björn Bidar <bjorn.bidar@thaodan.de>
+
+- Add patch to fix libcurl when netrc parsing is enabled.
+  curl_easy_duphandle did not init netrc which broke applications such
+  as for example git. gh#curl/curl#15496
+  * 0001-duphandle-also-init-netrc.patch
+
 -------------------------------------------------------------------
 Wed Nov  6 08:43:16 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
 
 - Update to 8.11.0:
   * Security fixes: [bsc#1232528, CVE-2024-9681]
-    *  curl: HSTS subdomain overwrites parent cache entry
+    - curl: HSTS subdomain overwrites parent cache entry
   * Changes:
     - curl: --create-dirs works for --dump-header as well
     - gtls: Add P12 format support

curl.spec

@@ -29,7 +29,7 @@
 %endif
 
 Name:           curl%{?psuffix}
-Version:        8.11.0
+Version:        8.11.1
 Release:        0
 Summary:        A Tool for Transferring Data from URLs
 License:        curl