Accepting request 882813 from devel:libraries:c_c++

OBS-URL: https://build.opensuse.org/request/show/882813
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/curl?expand=0&rev=165

curl-7.75.0.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:fe0c49d8468249000bda75bcfdf9e30ff7e9a86d35f1a21f428d79c389d55675
-size 2418816

curl-7.75.0.tar.xz.asc

@@ -1,11 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmAaSxEACgkQXMkI/bce
-EsI36QgAlx+oYuWiaMytv/Ixfcm2gTq+9Qu60KsmvccyKLOq7OxAmX+gz1PYOsUc
-eqAwq8dg9Mo+cuk7zWpxRMg1qBgvZpv5oeAhy8VUeWD/HE0Z2RoxC3tw87uNn5uN
-2g0FJEXGzDaQQdI0hh2Kb4uNqiKiBCsSfHX4J+eWDUoHwzoFestct8PAcAG8lOzt
-0nGj6Is1Rba3SrlkCtRdzEkrjfNe5KKNjE9F0ybhL7TPKSZZvlustZgU5OgdjDHu
-uJzFQDK5eyjeYu7tyJQOOwercjOQrmp0YYvYt6CdALUflU2RNvnS83+e/syAYEZ4
-FvnYlZyp8WCKxOikGwX2m/JEOATXSw==
-=HFSu
------END PGP SIGNATURE-----

curl-7.76.0.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:6302e2d75c59cdc6b35ce3fbe716481dd4301841bbb5fd71854653652a014fc8
+size 2428552

curl-7.76.0.tar.xz.asc

@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmBkDkUACgkQXMkI/bce
+EsJ15ggAtcFfjbq0Fk1KMymZ7trx49GcOPNUKa7utST3tumg0Tc3HsIeuWIOyO0s
+frTWFtroWogELMjjdr+yyrI5PZrLkEdtFKd+lRYO4T2Y0SS6Q57d/4CCu3SXNgmd
+zKUq4ZSRbjdPFRKkWJ6RMDfPeu8pcJIGQM23BapPbpxtEgd5f8+PzzSX/8S3I1aD
+yDv9V3tM+NQq6peetV6wj7hWFInUHbTWPSlyzuCvWB2cQRxDNsTcSxuShd0krbgV
+CA6Kt4MQc7QOi7luUAHEGmjTRIhSwvTfY6w0EqqFzvRHlf0gsCIUn5jEs8cq+2iV
+nEUuezAT/rRYfyjyQ1hWvIK5GP5aCw==
+=ju96
+-----END PGP SIGNATURE-----

curl.changes

@@ -1,3 +1,61 @@
+-------------------------------------------------------------------
+Wed Mar 31 08:40:06 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
+
+- Update to 7.76.0
+  * Security fixes:
+    - [bsc#1183933, CVE-2021-22876]: strip credentials from the
+	    auto-referer header field
+    - [bsc#1183934, CVE-2021-22890]: add 'isproxy' argument to
+	    Curl_ssl_get/addsessionid()
+  * Changes:
+    - cookies: Support multiple -b parameters
+    - curl: add --fail-with-body
+    - doh: add options to disable ssl verification
+    - http: add support to read and store the referrer header
+    - sasl: support SCRAM-SHA-1 and SCRAM-SHA-256 via libgsasl
+    - vtls: initial implementation of rustls backend
+  * Bugfixes:
+    - CVE-2021-22876: strip credentials from the auto-referer header field
+    - CVE-2021-22890: add 'isproxy' argument to Curl_ssl_get/addsessionid()
+    - c-hyper: support automatic content-encoding
+    - configure: only add OpenSSL paths if they are defined
+    - configure: provide Largefile feature for curl-config
+    - curl: set CURLOPT_NEW_FILE_PERMS if requested
+    - doh: Fix sharing user's resolve list with DOH handles
+    - doh: Inherit CURLOPT_STDERR from user's easy handle
+    - dynbuf: bump the max HTTP request to 1MB
+    - ftp: add 'list_only' to the transfer state struct
+    - ftp: add 'prefer_ascii' to the transfer state struct
+    - ftp: allow SIZE to fail when doing (resumed) upload
+    - ftp: avoid SIZE when asking for a TYPE A file
+    - ftp: fix memory leak in ftp_done
+    - ftp: never set data->set.ftp_append outside setopt
+    - gnutls: assume nettle crypto support
+    - http2: don't set KEEP_SEND when there's no more data to be sent
+    - http2: fail if connection terminated without END_STREAM
+    - http: do not add a referrer header with empty value
+    - http: strip default port from URL sent to proxy
+    - http: use credentials from transfer, not connection
+    - lib: remove 'conn->data' completely
+    - multi: close the connection when h2=>h1 downgrading
+    - multi: do once-per-transfer inits in before_perform in DID state
+    - multi: rename the multi transfer states
+    - multi: update pending list when removing handle
+    - ngtcp2: adapt to the new recv_datagram callback
+    - ngtcp2: clarify calculation precedence
+    - ngtcp2: sync with recent API updates
+    - openssl: adapt to v3's new const for a few API calls
+    - openssl: ensure to check SSL_CTX_set_alpn_protos return values
+    - openssl: remove get_ssl_version_txt in favor of SSL_get_version
+    - parse_proxy: fix a memory leak in the OOM path
+    - url: fix memory leak if OOM in the HSTS handling
+    - url: fix possible use-after-free in default protocol
+    - urldata: don't touch data->set.httpversion at run-time
+    - urldata: merge "struct DynamicStatic" into "struct UrlState"
+    - urldata: remove the 'rtspversion' field
+    - urldata: remove the _ORIG suffix from string names
+    - wolfssl: don't store a NULL sessionid
+
 -------------------------------------------------------------------
 Thu Mar  4 17:46:40 UTC 2021 - Cristian Rodríguez <crrodriguez@opensuse.org>
 

curl.spec

@@ -21,7 +21,7 @@
 # need ssl always for python-pycurl
 %bcond_without openssl
 Name:           curl
-Version:        7.75.0
+Version:        7.76.0
 Release:        0
 Summary:        A Tool for Transferring Data from URLs
 License:        curl