Accepting request 1099398 from home:pmonrealgonzalez:branches:devel:libraries:c_c++

- Update to 8.2.0 [bsc#1213237, CVE-2023-32001]
  * Security fix:
    - CVE-2023-32001: fopen race condition
  * Changes:
    - curl: add --ca-native and --proxy-ca-native
    - curl: add --trace-ids
    - CURLOPT_MAIL_RCPT_ALLOWFAILS: replace CURLOPT_MAIL_RCPT_ALLLOWFAILS
    - haproxy: add --haproxy-clientip flag to set client IPs
    - lib: add CURLINFO_CONN_ID and CURLINFO_XFER_ID 
  * Bugfixes:
    - cf-socket: don't bypass fclosesocket callback if cancelled before connect
    - cf-socket: skip getpeername()/getsockname for TFTP
    - curl: count uploaded data to stop at the originally given size
    - curl: return error when asked to use an unsupported HTTP version
    - http2: fix crash in handling stream weights
    - http2: send HEADER & DATA together if possible
    - http3/ngtcp2: upload EAGAIN handling
    - http: rectify the outgoing Cookie: header field size check
    - hyper: fix EOF handling on input
    - imap: Provide method to disable SASL if it is advertised
    - libssh2: provide error message when setting host key type fails
    - libssh2: use custom memory functions
    - ngtcp2: assigning timeout, but value is overwritten before used
    - quiche: avoid NULL deref in debug logging
    - sectransp: fix EOF handling
    - system.h: remove __IBMC__/__IBMCPP__ guards and apply to all z/OS compiles
    - timeval: use CLOCK_MONOTONIC_RAW if available
    - tls13-ciphers.d: include Schannel
    - tool_easysrc.h: correct `easysrc_perform` for `CURL_DISABLE_LIBCURL_OPTION`
    - tool_operate: allow cookie lines up to 8200 bytes

OBS-URL: https://build.opensuse.org/request/show/1099398
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=340

curl-8.1.2.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:31b1118eb8bfd43cd95d9a3f146f814ff874f6ed3999b29d94f4d1e7dbac5ef6
-size 2612652

curl-8.1.2.tar.xz.asc

@@ -1,11 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmR1lPcACgkQXMkI/bce
-EsJGYwgAiXV3rNFy+en5GoRNCagvnVaC4ngY9lOPpqHu9piNfd4JjGowqj0mkAiq
-iNvr020y1xcS7XvLwRviTjSit7pE+5EKhDZDsz1HeHjV7MQapSx5yjvLo6Wvi1UF
-81CSgXvgAa+hMlxvk6AMZqLK5uVTO4UhFONr+hm3Asv/yN3U+NJ4XsEa0dn8HTnc
-NzICrr2WzjlGCLn8NfLtVXgjydYcVaRCWPkyW/YgJghVV3LZwr0MA79pcwaOixhv
-C34xZ3ABboJDGrQlqLXBolG9mIZGj1i3brwerGbtA41Z3KSO1QoV/PSnhJuinAiR
-5cuw0QDKYu51p12B8HroFo0TT7/8Mw==
-=BHtS
------END PGP SIGNATURE-----

curl-8.2.0.tar.xz.asc

@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmS3f48ACgkQXMkI/bce
+EsLutggAkV3mfshVBQ4K75UFad49V+hpSzhFs3Rn1Eo+jxmKOXlIOcfFKQsD/HsY
+GjhuRzirCUyYFYS6TosOupXUwUjKDhpQMuZYEeVgQPko3Yhs4ADdhC9vdXYP/Ffy
+uoLbtBURdHIT4HydNu2hXObCAgyT0A4EV2dotjXiVvjuSqpEaFjR/KBItPx+QbQM
+1XytThaZXnncV/Frp6qrBaqtsXwviC/i4HKhrF51opEDFD5l0yWl3FHvt38RAL+X
+pGi/ktVtZPj1dLY29svQUEafGPgomOi1hwRFCqmBsa/Lvy6Ybbp1vAKEzhhepq1t
+rHW6X/xY2wnczIYWaotBuHCH7NEPDg==
+=4SoD
+-----END PGP SIGNATURE-----

curl.changes

@@ -1,3 +1,45 @@
+-------------------------------------------------------------------
+Wed Jul 19 06:22:14 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
+
+- Update to 8.2.0 [bsc#1213237, CVE-2023-32001]
+  * Security fix:
+    - CVE-2023-32001: fopen race condition
+  * Changes:
+    - curl: add --ca-native and --proxy-ca-native
+    - curl: add --trace-ids
+    - CURLOPT_MAIL_RCPT_ALLOWFAILS: replace CURLOPT_MAIL_RCPT_ALLLOWFAILS
+    - haproxy: add --haproxy-clientip flag to set client IPs
+    - lib: add CURLINFO_CONN_ID and CURLINFO_XFER_ID 
+  * Bugfixes:
+    - cf-socket: don't bypass fclosesocket callback if cancelled before connect
+    - cf-socket: skip getpeername()/getsockname for TFTP
+    - curl: count uploaded data to stop at the originally given size
+    - curl: return error when asked to use an unsupported HTTP version
+    - http2: fix crash in handling stream weights
+    - http2: send HEADER & DATA together if possible
+    - http3/ngtcp2: upload EAGAIN handling
+    - http: rectify the outgoing Cookie: header field size check
+    - hyper: fix EOF handling on input
+    - imap: Provide method to disable SASL if it is advertised
+    - libssh2: provide error message when setting host key type fails
+    - libssh2: use custom memory functions
+    - ngtcp2: assigning timeout, but value is overwritten before used
+    - quiche: avoid NULL deref in debug logging
+    - sectransp: fix EOF handling
+    - system.h: remove __IBMC__/__IBMCPP__ guards and apply to all z/OS compiles
+    - timeval: use CLOCK_MONOTONIC_RAW if available
+    - tls13-ciphers.d: include Schannel
+    - tool_easysrc.h: correct `easysrc_perform` for `CURL_DISABLE_LIBCURL_OPTION`
+    - tool_operate: allow cookie lines up to 8200 bytes
+    - tool_parsecfg: accept line lengths up to 10M
+    - tool_writeout_json: fix encoding of control characters
+    - transfer: clear credentials when redirecting to absolute URL
+    - urlapi: have *set(PATH) prepend a slash if one is missing
+    - urlapi: scheme must start with alpha
+    - vtls: avoid memory leak if sha256 call fails
+    - websocket-cb: example doing WebSocket download using callback
+    - ws: make the curl_ws_meta() return pointer a const 
+
 -------------------------------------------------------------------
 Tue May 30 09:08:35 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
 

curl.spec

@@ -21,7 +21,7 @@
 # need ssl always for python-pycurl
 %bcond_without openssl
 Name:           curl
-Version:        8.1.2
+Version:        8.2.0
 Release:        0
 Summary:        A Tool for Transferring Data from URLs
 License:        curl