Accepting request 1063988 from home:avicenzi:branches:server:http

Update to version 2.6.3 Fix CVE-2022-41721 (boo#1207207) OBS-URL: https://build.opensuse.org/request/show/1063988 OBS-URL: https://build.opensuse.org/package/show/server:http/caddy?expand=0&rev=24
2023-02-09 11:16:56 +00:00 · 2023-02-09 11:16:56 +00:00 · febd84ebc0
commit febd84ebc0
parent 0638af3d06
7 changed files with 19 additions and 9 deletions
--- a/2
+++ b/2
@ -5,7 +5,7 @@
    <param name="filename">caddy</param>
    <param name="versionformat">@PARENT_TAG@</param>
    <param name="versionrewrite-pattern">v(.*)</param>
-    <param name="revision">v2.6.2</param>
+    <param name="revision">v2.6.3</param>
    <param name="changesgenerate">enable</param>
 </service>
  <service mode="disabled" name="set_version">
--- a/2
+++ b/2
@ -1,4 +1,4 @@
 <servicedata>
 <service name="tar_scm">
                <param name="url">https://github.com/caddyserver/caddy.git</param>
-              <param name="changesrevision">6bad878a22e048762262d6fabe2144cefaf4ca81</param></service></servicedata>
+              <param name="changesrevision">90798f3eea6b7a219a9bb55f680919c0504263e3</param></service></servicedata>
--- a/caddy-2.6.2.tar.gz
+++ b/caddy-2.6.2.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:932c4aa26c4552df8c7dfa81961302db9be7e5d748982b766c2ae335f5232f4b
-size 572819
--- a/caddy-2.6.3.tar.gz
+++ b/caddy-2.6.3.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:88c1e684df4de353256e311547db40e611aabff35212d532953a9445e9cd6721
+size 582027
--- a/caddy.changes
+++ b/caddy.changes
@ -1,3 +1,13 @@
+-------------------------------------------------------------------
+Thu Feb 09 10:19:47 UTC 2023 - alexandre.vicenzi@suse.com
+
+- Update to version 2.6.3:
+  * New trusted_proxies global option (within servers) can be used to specify trusted proxy IP ranges globally
+  * Unix sockets on Windows now supported as proxy upstreams
+  * Proxied WebSocket connections are now logged with correct status code and "size" (bytes read + bytes written)
+  * The quic-go package has received significant optimizations and HTTP/3 should be more efficient now
+  * CVE-2022-41721: ineffective mitigation for unsafe io.ReadAll (boo#1207207)
+
 -------------------------------------------------------------------
 Thu Oct 13 19:10:18 UTC 2022 - jkowalczyk@suse.com

--- a/caddy.spec
+++ b/caddy.spec
@ -1,7 +1,7 @@
 #
 # spec file for package caddy
 #
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -19,7 +19,7 @@
 %define project github.com/caddyserver/caddy

 Name:           caddy
-Version:        2.6.2
+Version:        2.6.3
 Release:        0
 Summary:        Fast, multi-platform web server with automatic HTTPS
 License:        Apache-2.0
--- a/vendor.tar.gz
+++ b/vendor.tar.gz
@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:e38b498a7ea7baf53702910038011a1b268e15ae8c18afa64efa601860f85c71
-size 8460223
+oid sha256:c2ba887f0a05f5fdb56d8545b050640b87f28b2c4bde739a74a894a8c78f5ea8
+size 8559715