diff --git a/curl-7.75.0.tar.xz b/curl-7.75.0.tar.xz deleted file mode 100644 index f7f995d..0000000 --- a/curl-7.75.0.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:fe0c49d8468249000bda75bcfdf9e30ff7e9a86d35f1a21f428d79c389d55675 -size 2418816 diff --git a/curl-7.75.0.tar.xz.asc b/curl-7.75.0.tar.xz.asc deleted file mode 100644 index f9b82dd..0000000 --- a/curl-7.75.0.tar.xz.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmAaSxEACgkQXMkI/bce -EsI36QgAlx+oYuWiaMytv/Ixfcm2gTq+9Qu60KsmvccyKLOq7OxAmX+gz1PYOsUc -eqAwq8dg9Mo+cuk7zWpxRMg1qBgvZpv5oeAhy8VUeWD/HE0Z2RoxC3tw87uNn5uN -2g0FJEXGzDaQQdI0hh2Kb4uNqiKiBCsSfHX4J+eWDUoHwzoFestct8PAcAG8lOzt -0nGj6Is1Rba3SrlkCtRdzEkrjfNe5KKNjE9F0ybhL7TPKSZZvlustZgU5OgdjDHu -uJzFQDK5eyjeYu7tyJQOOwercjOQrmp0YYvYt6CdALUflU2RNvnS83+e/syAYEZ4 -FvnYlZyp8WCKxOikGwX2m/JEOATXSw== -=HFSu ------END PGP SIGNATURE----- diff --git a/curl-7.76.0.tar.xz b/curl-7.76.0.tar.xz new file mode 100644 index 0000000..2af9d67 --- /dev/null +++ b/curl-7.76.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:6302e2d75c59cdc6b35ce3fbe716481dd4301841bbb5fd71854653652a014fc8 +size 2428552 diff --git a/curl-7.76.0.tar.xz.asc b/curl-7.76.0.tar.xz.asc new file mode 100644 index 0000000..99586af --- /dev/null +++ b/curl-7.76.0.tar.xz.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- + +iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmBkDkUACgkQXMkI/bce +EsJ15ggAtcFfjbq0Fk1KMymZ7trx49GcOPNUKa7utST3tumg0Tc3HsIeuWIOyO0s +frTWFtroWogELMjjdr+yyrI5PZrLkEdtFKd+lRYO4T2Y0SS6Q57d/4CCu3SXNgmd +zKUq4ZSRbjdPFRKkWJ6RMDfPeu8pcJIGQM23BapPbpxtEgd5f8+PzzSX/8S3I1aD +yDv9V3tM+NQq6peetV6wj7hWFInUHbTWPSlyzuCvWB2cQRxDNsTcSxuShd0krbgV +CA6Kt4MQc7QOi7luUAHEGmjTRIhSwvTfY6w0EqqFzvRHlf0gsCIUn5jEs8cq+2iV +nEUuezAT/rRYfyjyQ1hWvIK5GP5aCw== +=ju96 +-----END PGP SIGNATURE----- diff --git a/curl.changes b/curl.changes index e993667..304ed92 100644 --- a/curl.changes +++ b/curl.changes @@ -1,3 +1,61 @@ +------------------------------------------------------------------- +Wed Mar 31 08:40:06 UTC 2021 - Pedro Monreal + +- Update to 7.76.0 + * Security fixes: + - [bsc#1183933, CVE-2021-22876]: strip credentials from the + auto-referer header field + - [bsc#1183934, CVE-2021-22890]: add 'isproxy' argument to + Curl_ssl_get/addsessionid() + * Changes: + - cookies: Support multiple -b parameters + - curl: add --fail-with-body + - doh: add options to disable ssl verification + - http: add support to read and store the referrer header + - sasl: support SCRAM-SHA-1 and SCRAM-SHA-256 via libgsasl + - vtls: initial implementation of rustls backend + * Bugfixes: + - CVE-2021-22876: strip credentials from the auto-referer header field + - CVE-2021-22890: add 'isproxy' argument to Curl_ssl_get/addsessionid() + - c-hyper: support automatic content-encoding + - configure: only add OpenSSL paths if they are defined + - configure: provide Largefile feature for curl-config + - curl: set CURLOPT_NEW_FILE_PERMS if requested + - doh: Fix sharing user's resolve list with DOH handles + - doh: Inherit CURLOPT_STDERR from user's easy handle + - dynbuf: bump the max HTTP request to 1MB + - ftp: add 'list_only' to the transfer state struct + - ftp: add 'prefer_ascii' to the transfer state struct + - ftp: allow SIZE to fail when doing (resumed) upload + - ftp: avoid SIZE when asking for a TYPE A file + - ftp: fix memory leak in ftp_done + - ftp: never set data->set.ftp_append outside setopt + - gnutls: assume nettle crypto support + - http2: don't set KEEP_SEND when there's no more data to be sent + - http2: fail if connection terminated without END_STREAM + - http: do not add a referrer header with empty value + - http: strip default port from URL sent to proxy + - http: use credentials from transfer, not connection + - lib: remove 'conn->data' completely + - multi: close the connection when h2=>h1 downgrading + - multi: do once-per-transfer inits in before_perform in DID state + - multi: rename the multi transfer states + - multi: update pending list when removing handle + - ngtcp2: adapt to the new recv_datagram callback + - ngtcp2: clarify calculation precedence + - ngtcp2: sync with recent API updates + - openssl: adapt to v3's new const for a few API calls + - openssl: ensure to check SSL_CTX_set_alpn_protos return values + - openssl: remove get_ssl_version_txt in favor of SSL_get_version + - parse_proxy: fix a memory leak in the OOM path + - url: fix memory leak if OOM in the HSTS handling + - url: fix possible use-after-free in default protocol + - urldata: don't touch data->set.httpversion at run-time + - urldata: merge "struct DynamicStatic" into "struct UrlState" + - urldata: remove the 'rtspversion' field + - urldata: remove the _ORIG suffix from string names + - wolfssl: don't store a NULL sessionid + ------------------------------------------------------------------- Thu Mar 4 17:46:40 UTC 2021 - Cristian Rodríguez diff --git a/curl.spec b/curl.spec index 6952c35..702d8ed 100644 --- a/curl.spec +++ b/curl.spec @@ -21,7 +21,7 @@ # need ssl always for python-pycurl %bcond_without openssl Name: curl -Version: 7.75.0 +Version: 7.76.0 Release: 0 Summary: A Tool for Transferring Data from URLs License: curl