Accepting request 895925 from devel:libraries:c_c++

OBS-URL: https://build.opensuse.org/request/show/895925
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/curl?expand=0&rev=167

curl-7.76.1.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:64bb5288c39f0840c07d077e30d9052e1cbb9fa6c2dc52523824cc859e679145
-size 2427636

curl-7.76.1.tar.xz.asc

@@ -1,11 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmB2hJEACgkQXMkI/bce
-EsJN2Qf9GFcide66cPmOPEVW9Lu9dYmg5R6g6KanvxCO02CrdlCzD1Z49M7YjJdp
-dU6sP71/BWqI0+IoUd+94O39BR96ARqPgL3TjPf1Fux8x5PeaUP0oD0TaSGq635m
-da930dB1RABlvf5/0L9A5+x+Mkgjk/u+RCeoX1nh6WF0HLZ9RSQmBSBxuInzZgHe
-Q5bAj1DSOrDizHQ2yvNqymmDqUZVeiusIc3QIzTIwsFSg0PbBqG9sYUCSMdeVSjm
-jGcyp5EjyzCyBq7YIzA7VpSRvNTGFr7Q+QP+Sm68kZ6AMCCn/a83jiFUfMyy7H5/
-PEKUqdkKrPScu7DKFWAyqL5DWXt7cA==
-=GTGl
------END PGP SIGNATURE-----

curl-7.77.0.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:0f64582c54282f31c0de9f0a1a596b182776bd4df9a4c4a2a41bbeb54f62594b
+size 2439336

curl-7.77.0.tar.xz.asc

@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmCt6IwACgkQXMkI/bce
+EsJd+Af/YCvzoV76IFh2aJpoi74XOglG327GQWnJRAt6VooIXvBPddundYOSepAw
+OQbReLSQgzmWIICjp4GnV/+gkNodpqJPB1uFHo8AHEBsiVJBTNO7c/mGirQlp5TM
+f5xGP8cf1OxwDJ6PBAHAYl4s71t6CWm0C2nf8x24ROlDsO85lz+yFCg1665IbZvp
+PFSfeIGHwyUoZesBmBFznm5KI5yc+Yn9gxsq3ujPYMvjMH7KFdw7zQu3SzYjT1+w
+bHqVul6+SC8laHuIqZfKnvrjLJMcIhe0vADoyV0/P64ZJ/4X2tGBrpxtXUJJ9S9C
+Cif/PNjYIGKg9Mk8odMjXzo8EcVFGA==
+=+IKy
+-----END PGP SIGNATURE-----

curl.changes

@@ -1,3 +1,34 @@
+-------------------------------------------------------------------
+Wed May 26 07:47:00 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
+
+- Update to 7.77.0: [bsc#1186114, CVE-2021-22898]
+  [bsc#1186115, bsc#1185579, CVE-2021-22901]
+  * Security fixes:
+    - CVE-2021-22297: schannel cipher selection surprise
+    - CVE-2021-22298: TELNET stack contents disclosure
+    - CVE-2021-22901: TLS session caching disaster
+  * Changes:
+    - configure: make the TLS library choice(s) explicit
+    - curl: ignore options asking for SSLv2 or SSLv3
+    - hsts: enable by default
+    - SSL: support in-memory CA certs for some backends
+    - vtls: refuse setting any SSL version 
+  * Bugfixes:
+    - configure: provide --with-openssl, deprecate --with-ssl
+    - cookie: CURLOPT_COOKIEFILE set to NULL switches off cookies
+    - curl: include libmetalink version in --version output
+    - data_pending: check only SECONDARY socket for FTP(S) transfers
+    - gnutls: don't allow TLS 1.3 for versions that don't support it
+    - gnutls: make setting only the MAX TLS allowed version work
+    - http2: fix resource leaks in set_transfer_url() and push_promise()
+    - http: limit the initial send amount to used upload buffer size
+    - rustls: only return CURLE_AGAIN when TLS session is fully drained
+    - rustls: use ALPN
+    - schannel: Disable auto credentials; add an option to enable it
+    - schannel: Support strong crypto option
+    - sectransp: allow cipher name to be specified
+    - sockfilt: avoid getting stuck waiting for writable socket
+
 -------------------------------------------------------------------
 Sun Apr 25 21:14:40 UTC 2021 - Dirk Müller <dmueller@suse.com>
 

curl.spec

@@ -21,7 +21,7 @@
 # need ssl always for python-pycurl
 %bcond_without openssl
 Name:           curl
-Version:        7.76.1
+Version:        7.77.0
 Release:        0
 Summary:        A Tool for Transferring Data from URLs
 License:        curl