Pedro Monreal Gonzalez
4a9f41fa87
- Update to 8.0.0: * Security fixes: - TELNET option IAC injection [bsc#1209209, CVE-2023-27533] - SFTP path ~ resolving discrepancy [bsc#1209210, CVE-2023-27534] - FTP too eager connection reuse [bsc#1209211, CVE-2023-27535] - GSS delegation too eager connection re-use [bsc#1209212, CVE-2023-27536] - HSTS double-free [bsc#1209213, CVE-2023-27537] - SSH connection too eager reuse still [bsc#1209214, CVE-2023-27538] * Changes: - build: remove support for curl_off_t < 8 bytes * Bugfixes: - aws_sigv4: fall back to UNSIGNED-PAYLOAD for sign_as_s3 - BINDINGS: add Fortran binding - cf-socket: use port 80 when resolving name for local bind - cookie: don't load cookies again when flushing - curl_path: create the new path with dynbuf - CURLSHOPT_SHARE.3: HSTS sharing is not thread-safe - DYNBUF.md: note Curl_dyn_add* calls Curl_dyn_free on failure - ftp: active mode with SSL, add the filter - hostip: avoid sscanf and extra buffer copies - http2: fix for http2-prior-knowledge when reusing connections - http2: fix handling of RST and GOAWAY to recognize partial transfers - http: don't send 100-continue for short PUT requests - http: fix unix domain socket use in https connects - libssh: use dynbuf instead of realloc - ngtcp2-gnutls.yml: bump to gnutls 3.8.0 - sectransp: make read_cert() use a dynbuf when loading - telnet: only accept option arguments in ascii - telnet: parse telnet options without sscanf - url: fix the SSH connection reuse check OBS-URL: https://build.opensuse.org/request/show/1073050 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=330 |
||
---|---|---|
.gitattributes | ||
.gitignore | ||
baselibs.conf | ||
curl-8.0.0.tar.xz | ||
curl-8.0.0.tar.xz.asc | ||
curl-disabled-redirect-protocol-message.patch | ||
curl-secure-getenv.patch | ||
curl.changes | ||
curl.keyring | ||
curl.spec | ||
dont-mess-with-rpmoptflags.patch | ||
libcurl-ocloexec.patch |