Accepting request 248334 from devel:libraries:c_c++

1 OBS-URL: https://build.opensuse.org/request/show/248334 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/curl?expand=0&rev=94
2014-09-12 13:25:04 +00:00 · 2014-09-12 13:25:04 +00:00 · 2644248ae9
commit 2644248ae9
parent 66d3b0f5fd 1d9cf0e872
6 changed files with 36 additions and 11 deletions
--- a/curl-7.37.1.tar.lzma
+++ b/curl-7.37.1.tar.lzma
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:add81a810081a9f8009d68eecdc2f53c4504cd8368084507917371e42181ce83
-size 2597059
--- a/curl-7.37.1.tar.lzma.asc
+++ b/curl-7.37.1.tar.lzma.asc
@ -1,7 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-Version: GnuPG v1
-
-iEYEABECAAYFAlPGjoIACgkQeOEcayedXJEelACg3KLWyIN61do2wGJDBbD7OuKE
-BvUAoLM3qS3woSWA33C4+eWHxESUBJhX
-=4sUq
-----END PGP SIGNATURE-----
--- a/curl-7.38.0.tar.lzma
+++ b/curl-7.38.0.tar.lzma
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:5bcf1ebe05c691866d0322d687598068e4a8707cc9bcf1bb514dc92d3fef77d5
+size 2607254
--- a/curl-7.38.0.tar.lzma.asc
+++ b/curl-7.38.0.tar.lzma.asc
@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1
+
+iEYEABECAAYFAlQP74cACgkQeOEcayedXJFCawCdH3UiuHmb8+ZZwGJp6lGKzplN
+U6AAnj4WsEGF5Ywf8s4ueF3Y6bFFwX4R
+=9D9Q
+-----END PGP SIGNATURE-----
--- a/curl.changes
+++ b/curl.changes
@ -1,3 +1,28 @@
+-------------------------------------------------------------------
+Wed Sep 10 09:07:59 UTC 2014 - vcizek@suse.com
+
+- update to 7.38.0
+  * fixes CVE-2014-3613 (bnc#894575) and CVE-2014-3620 (bnc#895991)
+  * cookie leaks with IP address as domain and TLDs respectively
+  Changes:
+    supports HTTP/2 draft-14
+    CURLE_HTTP2 is a new error code
+    CURLAUTH_NEGOTIATE is a new auth define
+    CURL_VERSION_GSSAPI is a new capability bit
+    no longer use fbopenssl for anything
+    schannel: use CryptGenRandom for random numbers
+    axtls: define curlssl_random using axTLS's PRNG
+    cyassl: use RNG_GenerateBlock to generate a good random number
+    findprotocol: show unsupported protocol within quotes
+    version: detect and show LibreSSL
+    version: detect and show BoringSSL
+    imap/pop3/smtp: Kerberos (SASL GSSAPI) authentication via Windows SSPI
+    http2: requires nghttp2 0.6.0 or later
+  Bugfixes:
+    SECURITY ADVISORY: cookie leak with IP address as domain
+    SECURITY ADVISORY: cookie leak for TLDs
+    And many other fixes
+
 -------------------------------------------------------------------
 Thu Aug 28 21:59:59 UTC 2014 - andreas.stieger@gmx.de

--- a/curl.spec
+++ b/curl.spec
@ -21,7 +21,7 @@
 %bcond_without testsuite

 Name:           curl
-Version:        7.37.1
+Version:        7.38.0
 Release:        0
 Summary:        A Tool for Transferring Data from URLs
 License:        BSD-3-Clause and MIT