- Update to 8.6.0: [bsc#1219149, CVE-2024-0853]
* Security fixes:
- CVE-2024-0853: OCSP verification bypass with TLS session reuse
* Changes:
- add CURLE_TOO_LARGE, CURLINFO_QUEUE_TIME_T
* Bugfixes:
- altsvc: free 'as' when returning error
- asyn-ares: with modern c-ares, use its default timeout
- cf-socket: show errno in tcpkeepalive error messages
- cmdline-opts: update availability for the *-ca-native options
- configure: when enabling QUIC, check that TLS supports QUIC
- content_encoding: change return code to typedef'ed enum
- curl: show ipfs and ipns as supported "protocols"
- CURLINFO_REFERER.3: clarify that it is the *request* header
- dist: add tests/errorcodes.pl to the tarball
- gen.pl: support ## for doing .IP in table-like lists
- GHA: bump ngtcp2, gnutls, mod_h2, quiche
- hostip: return error immediately when Curl_ip2addr() fails
- http3/quiche: fix result code on a stream reset
- http3: initial support for OpenSSL 3.2 QUIC stack
- http: check for "Host:" case insensitively
- http: fix off-by-one error in request method length check
- http: only act on 101 responses when they are HTTP/1.1
- lib: add debug log outputs for CURLE_BAD_FUNCTION_ARGUMENT
- lib: error out on multissl + http3
- lib: fix variable undeclared error caused by `infof` changes
- lib: rename Curl_strndup to Curl_memdup0 to avoid misunderstanding
- lib: strndup/memdup instead of malloc, memcpy and null-terminate
- libssh2: use `libssh2_session_callback_set2()` with v1.11.1
- ngtcp2: put h3 at the front of alpn
OBS-URL: https://build.opensuse.org/request/show/1142991
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=352
ce6f51d0bc