From c989e99f4fbcd71f203860c8638fc697f69853143047244eb7b6b5b55a4b572a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Fri, 20 Dec 2024 16:03:41 +0100 Subject: [PATCH] Sync from SUSE:SLFO:Main curl revision eea87dafe251e3ad88a338e4369cb0ff --- curl-8.11.0.tar.xz | 3 --- curl-8.11.0.tar.xz.asc | 11 ---------- curl-8.11.1.tar.xz | 3 +++ curl-8.11.1.tar.xz.asc | 11 ++++++++++ curl.changes | 50 +++++++++++++++++++++++++++++++++++++++++- curl.spec | 2 +- 6 files changed, 64 insertions(+), 16 deletions(-) delete mode 100644 curl-8.11.0.tar.xz delete mode 100644 curl-8.11.0.tar.xz.asc create mode 100644 curl-8.11.1.tar.xz create mode 100644 curl-8.11.1.tar.xz.asc diff --git a/curl-8.11.0.tar.xz b/curl-8.11.0.tar.xz deleted file mode 100644 index 2c9db78..0000000 --- a/curl-8.11.0.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:db59cf0d671ca6e7f5c2c5ec177084a33a79e04c97e71cf183a5cdea235054eb -size 2750684 diff --git a/curl-8.11.0.tar.xz.asc b/curl-8.11.0.tar.xz.asc deleted file mode 100644 index cf691aa..0000000 --- a/curl-8.11.0.tar.xz.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmcrFoYACgkQXMkI/bce -EsIHCAf/fcpnxxtl7XTgSXF3V2tntKZJskiiTuXsJtBCJoDWiOOjrM3gnafXC3Bt -CcncdGHIubKuUTc+JeuQowr6e+oXWPX5k45SF35U9n1EvWgF/s8uxAF8vJdDQme9 -z30M6UjMkEB7tbADUt1Q7Dyh8ZWWsFC5emekYnMQVDvzmad76Z3o4ZeQAly7xUhd -V++5Il3Ql44nyMeTDTlHOuOc3jiA5rCmoLr4mMbRqAO8wF+Y2KCDYd5BaNvXZOln -snEM496m3p0S1sliiEnRwDeccepUpkAyHPQgESS/ATCIvFZb4/MDrLSc5HSr5K+8 -MNYxBV03wmfR5QUqihbH8KXZKpYDnw== -=9DLI ------END PGP SIGNATURE----- diff --git a/curl-8.11.1.tar.xz b/curl-8.11.1.tar.xz new file mode 100644 index 0000000..ae8cf94 --- /dev/null +++ b/curl-8.11.1.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c7ca7db48b0909743eaef34250da02c19bc61d4f1dcedd6603f109409536ab56 +size 2751236 diff --git a/curl-8.11.1.tar.xz.asc b/curl-8.11.1.tar.xz.asc new file mode 100644 index 0000000..824e8be --- /dev/null +++ b/curl-8.11.1.tar.xz.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- + +iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmdZOq0ACgkQXMkI/bce +EsLzzQgAgcHNuFJ9GItp9dQxzcvXsnvozNy77WMmVKyprUvrUlSRXRXDMc/FTmtV +pqtTT8XyyTxh8iSY31uvH4firhfunK49Z94SK7R95yp8nCPQOKXJXKyqdzf9i8sm +MlT3W8RCiVG0wGvmatIdHCAEStjQZsdplyiTNGytgp+4C9iLmXhaxD6sw9JYZWh+ +BryeOnsC9MCjrxhtTc/vD0g+wdhhvBzd5kiqLYsxptdcBdCPlWHoK+FYsQN91oDq +25G82kpCkzz4tKRhSQmjowJ2kw+pQ3QYC9/5VEeDckaFlRM0tZNJ3TwcpAFxbYBW +Uni36T510ri+vHBpCrl9ur9mAkbTZA== +=PffT +-----END PGP SIGNATURE----- diff --git a/curl.changes b/curl.changes index ec274c5..ed54c5c 100644 --- a/curl.changes +++ b/curl.changes @@ -1,9 +1,57 @@ +------------------------------------------------------------------- +Wed Dec 11 07:42:31 UTC 2024 - Pedro Monreal + +- Update to 8.11.1: + * Security fixes: + - netrc and redirect credential leak [bsc#1234068, CVE-2024-11053] + * Bugfixes: + - build: fix ECH to always enable HTTPS RR + - cookie: treat cookie name case sensitively + - curl-rustls.m4: keep existing 'CPPFLAGS'/'LDFLAGS' when detected + - curl: use realtime in trace timestamps + - digest: produce a shorter cnonce in Digest headers + - docs: document default 'User-Agent' + - docs: suggest --ssl-reqd instead of --ftp-ssl + - duphandle: also init netrc + - hostip: don't use the resolver for FQDN localhost + - http_negotiate: allow for a one byte larger channel binding buffer + - krb5: fix socket/sockindex confusion, MSVC compiler warnings + - libssh: use libssh sftp_aio to upload file + - libssh: when using IPv6 numerical address, add brackets + - mime: fix reader stall on small read lengths + - mk-ca-bundle: remove CKA_NSS_SERVER_DISTRUST_AFTER conditions + - mprintf: fix the integer overflow checks + - multi: fix callback for 'CURLMOPT_TIMERFUNCTION' not being called again when... + - netrc: address several netrc parser flaws + - netrc: support large file, longer lines, longer tokens + - nghttp2: use custom memory functions + - OpenSSL: improvde error message on expired certificate + - openssl: remove three "Useless Assignments" + - openssl: stop using SSL_CTX_ function prefix for our functions + - pytest: add test for use of CURLMOPT_MAX_HOST_CONNECTIONS + - rtsp: check EOS in the RTSP receive and return an error code + - schannel: remove TLS 1.3 ciphersuite-list support + - setopt: fix CURLOPT_HTTP_CONTENT_DECODING + - setopt: fix missing options for builds without HTTP & MQTT + - socket: handle binding to "host!" + - socketpair: fix enabling 'USE_EVENTFD' + - strtok: use namespaced 'strtok_r' macro instead of redefining it + * Remove 0001-duphandle-also-init-netrc.patch upstream + +------------------------------------------------------------------- +Wed Nov 13 12:21:51 UTC 2024 - Björn Bidar + +- Add patch to fix libcurl when netrc parsing is enabled. + curl_easy_duphandle did not init netrc which broke applications such + as for example git. gh#curl/curl#15496 + * 0001-duphandle-also-init-netrc.patch + ------------------------------------------------------------------- Wed Nov 6 08:43:16 UTC 2024 - Pedro Monreal - Update to 8.11.0: * Security fixes: [bsc#1232528, CVE-2024-9681] - * curl: HSTS subdomain overwrites parent cache entry + - curl: HSTS subdomain overwrites parent cache entry * Changes: - curl: --create-dirs works for --dump-header as well - gtls: Add P12 format support diff --git a/curl.spec b/curl.spec index cb95508..a9d3d9c 100644 --- a/curl.spec +++ b/curl.spec @@ -29,7 +29,7 @@ %endif Name: curl%{?psuffix} -Version: 8.11.0 +Version: 8.11.1 Release: 0 Summary: A Tool for Transferring Data from URLs License: curl