Accepting request 976221 from home:david.anes:branches:devel:libraries:c_c++

- Update to 7.83.1:
  * Security fixes:
    - (bsc#1199225, CVE-2022-30115) HSTS bypass via trailing dot 
    - (bsc#1199224, CVE-2022-27782) TLS and SSH connection too eager reuse
    - (bsc#1199223, CVE-2022-27781) CERTINFO never-ending busy-loop
    - (bsc#1199222, CVE-2022-27780) percent-encoded path separator in URL host
    - (bsc#1199221, CVE-2022-27779) cookie for trailing dot TLD
    - (bsc#1199220, CVE-2022-27778) removes wrong file on error
  * Bugfixes:
    - altsvc: fix host name matching for trailing dots
    - cirrus: Update to FreeBSD 12.3
    - cirrus: Use pip for Python packages on FreeBSD
    - conn: fix typo 'connnection' -> 'connection' in two function names
    - cookies: make bad_domain() not consider a trailing dot fine
    - curl: free resource in error path
    - curl: guard against size_t wraparound in no-clobber code
    - CURLOPT_DOH_URL.3: mention the known bug
    - CURLOPT_HSTS*FUNCTION.3: document the involved structs as well
    - CURLOPT_SSH_AUTH_TYPES.3: fix the default
    - data/test376: set a proper name
    - GHA/mbedtls: enabled nghttp2 in the build
    - gha: build msh3
    - gskit: fixed bogus setsockopt calls
    - gskit: remove unused function set_callback
    - hsts: ignore trailing dots when comparing hosts names
    - HTTP-COOKIES: add missing CURLOPT_COOKIESESSION
    - http: move Curl_allow_auth_to_host()
    - http_proxy/hyper: handle closed connections
    - hyper: fix test 357
    - Makefile: fix "make ca-firefox"

OBS-URL: https://build.opensuse.org/request/show/976221
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=312

curl-7.83.0.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:bbff0e6b5047e773f3c3b084d80546cc1be4e354c09e419c2d0ef6116253511a
-size 2472560

curl-7.83.0.tar.xz.asc

@@ -1,11 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmJo38QACgkQXMkI/bce
-EsL1Uwf/Xg8Prwzathb3KeW0GJl3nvXrsxVgiZ8dKN/21GlYVmDAJqKW9ZvY/z43
-uihaO9OI8p7D7ZAM4JxqOWmYf6e9PadMdCP4nNN00GrZaktV54H7yrdcS7UJrFL8
-ASG0Cjg/gRlZS9O7HtIBVikKaugGc9X2j0n7UbuDlgY8eyUL98dxDxuAHf5QOYCX
-8xvIDQrfHb5y3ZrPJDuxHyeyWUh9lnxv35L6SVFxhaXqxZdFZOWddFsQX4/6xgJ2
-JSOpafG3bGB6YsTZ8fFUgu/5CivEORr4jYMWnnYaruCCCFLbIwXr3a5jOrMmg0Hj
-U7YBDim0fx4Hs1th03Myqkq5QAUXxQ==
-=LoEG
------END PGP SIGNATURE-----

curl-7.83.1.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:2cb9c2356e7263a1272fd1435ef7cdebf2cd21400ec287b068396deb705c22c4
+size 2474940

curl-7.83.1.tar.xz.asc

@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmJ7VmgACgkQXMkI/bce
+EsIa0AgAtFdypCmQsOZ8FYXMjbXoVO6K76fTRwkAIZEn+s/vvmBhTkmGEyZTGg0k
+CV9ohHn7bLJcc0Y1eQbrZNjOKJmKF2TINaDuQ7YJGoLVm7PmmoA5TGdVVG2yMGah
+pW8PPmiQFNCBuAgqwCEJ3/1XAgU0nn8KVi3R0it40Z07OrXozaMXpox7kd6HNOuV
+fogzCtmWyKl4+bo5BJ/6Vno89juLciyM7SZfeMuonCwmSP8mMufY0NBAsamySJ63
+BEMJR/3TKaam6UBsBDiG2+LOaWaFoF9rwIKg9kifldWBoeEioQENrbk0xg1T0LvT
+JDyoX8lCqfFJPJSNzloolHEpvmx5iw==
+=XcGf
+-----END PGP SIGNATURE-----

curl.changes

@@ -1,3 +1,57 @@
+-------------------------------------------------------------------
+Wed May 11 07:11:50 UTC 2022 - David Anes <david.anes@suse.com>
+
+- Update to 7.83.1:
+  * Security fixes:
+    - (bsc#1199225, CVE-2022-30115) HSTS bypass via trailing dot 
+    - (bsc#1199224, CVE-2022-27782) TLS and SSH connection too eager reuse
+    - (bsc#1199223, CVE-2022-27781) CERTINFO never-ending busy-loop
+    - (bsc#1199222, CVE-2022-27780) percent-encoded path separator in URL host
+    - (bsc#1199221, CVE-2022-27779) cookie for trailing dot TLD
+    - (bsc#1199220, CVE-2022-27778) removes wrong file on error
+  * Bugfixes:
+    - altsvc: fix host name matching for trailing dots
+    - cirrus: Update to FreeBSD 12.3
+    - cirrus: Use pip for Python packages on FreeBSD
+    - conn: fix typo 'connnection' -> 'connection' in two function names
+    - cookies: make bad_domain() not consider a trailing dot fine
+    - curl: free resource in error path
+    - curl: guard against size_t wraparound in no-clobber code
+    - CURLOPT_DOH_URL.3: mention the known bug
+    - CURLOPT_HSTS*FUNCTION.3: document the involved structs as well
+    - CURLOPT_SSH_AUTH_TYPES.3: fix the default
+    - data/test376: set a proper name
+    - GHA/mbedtls: enabled nghttp2 in the build
+    - gha: build msh3
+    - gskit: fixed bogus setsockopt calls
+    - gskit: remove unused function set_callback
+    - hsts: ignore trailing dots when comparing hosts names
+    - HTTP-COOKIES: add missing CURLOPT_COOKIESESSION
+    - http: move Curl_allow_auth_to_host()
+    - http_proxy/hyper: handle closed connections
+    - hyper: fix test 357
+    - Makefile: fix "make ca-firefox"
+    - mbedtls: bail out if rng init fails
+    - mbedtls: fix compile when h2-enabled
+    - mbedtls: fix some error messages
+    - misc: use "autoreconf -fi" instead buildconf
+    - msh3: get msh3 version from MsH3Version
+    - msh3: print boolean value as text representation
+    - msh3: psss remote_port to MsH3ConnectionOpen
+    - ngtcp2: add ca-fallback support for OpenSSL backend
+    - nss: return error if seemingly stuck in a cert loop
+    - openssl: define HAVE_SSL_CTX_SET_EC_CURVES for libressl
+    - post_per_transfer: remove the updated file name
+    - sectransp: bail out if SSLSetPeerDomainName fails
+    - tests/server: declare variable 'reqlogfile' static
+    - tests: fix markdown formatting in README
+    - test{898,974,976}: add 'HTTP proxy' keywords
+    - tls: check more TLS details for connection reuse
+    - url: check SSH config match on connection reuse
+    - urlapi: address (harmless) UndefinedBehavior sanitizer warning
+    - urlapi: reject percent-decoding host name into separator bytes
+    - x509asn1: make do_pubkey handle EC public keys 
+
 -------------------------------------------------------------------
 Fri Apr 22 11:39:46 UTC 2022 - David Anes <david.anes@suse.com>
 

curl.spec

@@ -21,7 +21,7 @@
 # need ssl always for python-pycurl
 %bcond_without openssl
 Name:           curl
-Version:        7.83.0
+Version:        7.83.1
 Release:        0
 Summary:        A Tool for Transferring Data from URLs
 License:        curl