From 2907952dc59d1ebc9ba0a5edf2c75596b740d9bb2de1201b8e57e67d2a32798d Mon Sep 17 00:00:00 2001
From: Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
Date: Wed, 19 Aug 2020 08:14:43 +0000
Subject: [PATCH] Accepting request 827742 from
 home:pmonrealgonzalez:branches:devel:libraries:c_c++

- Update to 7.72.0 [bsc#1175109, CVE-2020-8231]
  * Changes:
    - content_encoding: add zstd decoding support
    - CURL_PUSH_ERROROUT: allow the push callback to fail the parent stream
    - CURLINFO_EFFECTIVE_METHOD: added
  * Bugfixes:
    - CVE-2020-8231: libcurl: wrong connect-only connection
    - curl-config: ignore REQUIRE_LIB_DEPS in --libs output
    - curl: improve the existing file check with -J
    - curl_multi_setopt: fix compiler warning "result is always false"
    - curl_version_info.3: CURL_VERSION_KERBEROS4 is deprecated
    - docs: Add video link to docs/CONTRIBUTE.md
    - docs: clarify MAX_SEND/RECV_SPEED functionality
    - ftp: don't do ssl_shutdown instead of ssl_close
    - ftpserver: don't verify SMTP MAIL FROM names
    - getinfo: reset retry-after value in initinfo
    - gnutls: repair the build with 'CURL_DISABLE_PROXY'
    - gtls: survive not being able to get name/issuer
    - h2: repair trailer handling
    - http2: close the http2 connection when no more requests may be sent
    - http2: fix nghttp2_strerror -> nghttp2_http2_strerror in debug messages
    - libssh2: s/ssherr/sftperr/
    - mprintf: Fix dollar string handling
    - mprintf: Fix stack overflows
    - multi_remove_handle: close unused connect-only connections
    - ngtcp2: adapt to error code rename
    - ngtcp2: adjust to recent sockaddr updates
    - ngtcp2: update to modified qlog callback prototype
    - ntlm: free target_info before (re-)malloc
    - page-header: provide protocol details in the curl.1 man page

OBS-URL: https://build.opensuse.org/request/show/827742
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=284
---
 curl-7.71.1.tar.xz     |  3 ---
 curl-7.71.1.tar.xz.asc | 11 -----------
 curl-7.72.0.tar.xz     |  3 +++
 curl-7.72.0.tar.xz.asc | 11 +++++++++++
 curl.changes           | 45 ++++++++++++++++++++++++++++++++++++++++++
 curl.spec              |  2 +-
 6 files changed, 60 insertions(+), 15 deletions(-)
 delete mode 100644 curl-7.71.1.tar.xz
 delete mode 100644 curl-7.71.1.tar.xz.asc
 create mode 100644 curl-7.72.0.tar.xz
 create mode 100644 curl-7.72.0.tar.xz.asc

diff --git a/curl-7.71.1.tar.xz b/curl-7.71.1.tar.xz
deleted file mode 100644
index a568235..0000000
--- a/curl-7.71.1.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:40f83eda27cdbeb25cd4da48cefb639af1b9395d6026d2da1825bf059239658c
-size 2387660
diff --git a/curl-7.71.1.tar.xz.asc b/curl-7.71.1.tar.xz.asc
deleted file mode 100644
index 8f8aac6..0000000
--- a/curl-7.71.1.tar.xz.asc
+++ /dev/null
@@ -1,11 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAl78MUgACgkQXMkI/bce
-EsJkEgf/ZDR7QKw9aPQoT2dOyqoCTKip1fLCtJBEOmctjS86zF+1caPABYLV1kq6
-9baz7L2qWOmDdHkxF4poTpPH9CkcG3Krq6lHFjbFQ0GxMC+MEnnFYKfDVrRopaKq
-ioBUnZrRSIytgwbiwxB+uxxa4ItzV6tZNVKIiIZOuuVSAZ9azA/swpezet8x2kxg
-yp1Y3oe0R1VCYiCJ2EOB/rMs0ndPHSRuWiCCIBK7uPXA0jJsL4rjhmY5l2qAadfy
-6iDpk85CJvQcGcC8nZMmpbivniOjIjEefjeXviLvg5dZi7f3M028QyGpkkUVzf27
-FiWCDZuZkp9ed2eLIBGWo/wy70f2pw==
-=0YwO
------END PGP SIGNATURE-----
diff --git a/curl-7.72.0.tar.xz b/curl-7.72.0.tar.xz
new file mode 100644
index 0000000..a5be214
--- /dev/null
+++ b/curl-7.72.0.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:0ded0808c4d85f2ee0db86980ae610cc9d165e9ca9da466196cc73c346513713
+size 2390040
diff --git a/curl-7.72.0.tar.xz.asc b/curl-7.72.0.tar.xz.asc
new file mode 100644
index 0000000..fd623ae
--- /dev/null
+++ b/curl-7.72.0.tar.xz.asc
@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAl881xgACgkQXMkI/bce
+EsIjuwgAj6aeQgnWkubxxXAQ2kbckLh6QUKZWJQxPjb91kz98cGRcrdGRP292JFN
+qQprls4rFTWWOIVVMP/kdheeNI9LqDvQAfZMCaLFAWUdw1L2pbId7VbV+NuTAce8
+V/ENqh+Xj2q2LsMnj02k0Uc1e6Nh1K4al2hwFiozarI/ltb3q7jZN2P2fAmDX89y
+f3VsVfNZgv7VIwlX2d3b1RvMdppMFrDC3ZsAXlg2GQZ5sE7yfa2Qq+J5RzaNvEDh
+p3pMbPiNgk1ZuGQrzoiYq9tqK/o7pD2t4h2GsftppALxC3SsoneNrdnly910IfKh
+8qczoMpszBs8F7jts6KnfXszyhyyhQ==
+=sC+U
+-----END PGP SIGNATURE-----
diff --git a/curl.changes b/curl.changes
index 6caefe4..41325ef 100644
--- a/curl.changes
+++ b/curl.changes
@@ -1,3 +1,48 @@
+-------------------------------------------------------------------
+Wed Aug 19 07:47:34 UTC 2020 - Pedro Monreal Gonzalez <pmonreal@suse.com>
+
+- Update to 7.72.0 [bsc#1175109, CVE-2020-8231]
+  * Changes:
+    - content_encoding: add zstd decoding support
+    - CURL_PUSH_ERROROUT: allow the push callback to fail the parent stream
+    - CURLINFO_EFFECTIVE_METHOD: added
+  * Bugfixes:
+    - CVE-2020-8231: libcurl: wrong connect-only connection
+    - curl-config: ignore REQUIRE_LIB_DEPS in --libs output
+    - curl: improve the existing file check with -J
+    - curl_multi_setopt: fix compiler warning "result is always false"
+    - curl_version_info.3: CURL_VERSION_KERBEROS4 is deprecated
+    - docs: Add video link to docs/CONTRIBUTE.md
+    - docs: clarify MAX_SEND/RECV_SPEED functionality
+    - ftp: don't do ssl_shutdown instead of ssl_close
+    - ftpserver: don't verify SMTP MAIL FROM names
+    - getinfo: reset retry-after value in initinfo
+    - gnutls: repair the build with 'CURL_DISABLE_PROXY'
+    - gtls: survive not being able to get name/issuer
+    - h2: repair trailer handling
+    - http2: close the http2 connection when no more requests may be sent
+    - http2: fix nghttp2_strerror -> nghttp2_http2_strerror in debug messages
+    - libssh2: s/ssherr/sftperr/
+    - mprintf: Fix dollar string handling
+    - mprintf: Fix stack overflows
+    - multi_remove_handle: close unused connect-only connections
+    - ngtcp2: adapt to error code rename
+    - ngtcp2: adjust to recent sockaddr updates
+    - ngtcp2: update to modified qlog callback prototype
+    - ntlm: free target_info before (re-)malloc
+    - page-header: provide protocol details in the curl.1 man page
+    - quiche: handle calling disconnect twice
+    - setopt: unset NOBODY switches to GET if still HEAD
+    - smtp_parse_address: handle blank input string properly
+    - socks: use size_t for size variable
+    - tls-max.d: this option is only for TLS-using connections
+    - tlsv1.3.d. only for TLS-using connections
+    - tool_getparam: make --krb option work again
+    - transfer: fix data_pending for builds with both h2 and h3 enabled
+    - transfer: fix memory-leak with CURLOPT_CURLU in a duped handle
+    - transfer: move retrycount from connect struct to easy handle
+    - url: fix CURLU and location following
+
 -------------------------------------------------------------------
 Wed Jul  1 12:59:25 UTC 2020 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
 
diff --git a/curl.spec b/curl.spec
index 92f0c85..8833d7b 100644
--- a/curl.spec
+++ b/curl.spec
@@ -21,7 +21,7 @@
 # need ssl always for python-pycurl
 %bcond_without openssl
 Name:           curl
-Version:        7.71.1
+Version:        7.72.0
 Release:        0
 Summary:        A Tool for Transferring Data from URLs
 License:        curl