Pedro Monreal Gonzalez
8a8bdb237b
* Security fixes:
- [bsc#1256105, CVE-2025-14017] ldap: call ldap_init() before setting the options
- [bsc#1255731, CVE-2025-14524] curl_sasl: if redirected, require permission to use bearer
- [bsc#1255734, CVE-2025-15224] libssh: require private key or user-agent for public key auth
- [bsc#1255732, CVE-2025-14819] openssl: toggling CURLSSLOPT_NO_PARTIALCHAIN makes a different CA cache
- [bsc#1255733, CVE-2025-15079] libssh: set both knownhosts options to the same file
* Changes:
- openssl: bump minimum OpenSSL version to 3.0.0
* Bugfixes:
- alt-svc: more flexibility on same destination
- altsvc: accept ma/persist per alternative entry
- altsvc: make it one malloc instead of three per entry
- asyn-ares: handle Curl_dnscache_mk_entry() OOM error
- asyn-ares: remove hostname free on OOM
- asyn-thrdd: fix Curl_async_getaddrinfo() on systems without getaddrinfo
- asyn-thrdd: release rrname if ares_init_options fails
- auth: always treat Curl_auth_ntlm_get() returning NULL as OOM
- autotools: add nettle library detection via pkg-config (for GnuTLS)
- autotools: drop autoconf <2.59 compatibility code (zz60-xc-ovr)
- autotools: fix LargeFile feature display on Windows (after prev patch)
- autotools: tidy-up 'if' expressions
- build: add build-level 'CURL_DISABLE_TYPECHECK' options
- build: exclude clang prereleases from compiler warning options
- build: replace '-pedantic' with '-Wpedantic' when supported
- build: set '-Wno-format-signedness'
- build: tidy-up MSVC CRT warning suppression macros
- ccsidcurl: make curl_mime_data_ccsid() use the converted size
- cf-h1-proxy: support folded headers in CONNECT responses
- cf-https-connect: allocate ctx at first in cf_hc_create()
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=420
346 KiB
346 KiB