diff --git a/curl-7.83.0.tar.xz b/curl-7.83.0.tar.xz deleted file mode 100644 index 782f082..0000000 --- a/curl-7.83.0.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:bbff0e6b5047e773f3c3b084d80546cc1be4e354c09e419c2d0ef6116253511a -size 2472560 diff --git a/curl-7.83.0.tar.xz.asc b/curl-7.83.0.tar.xz.asc deleted file mode 100644 index 62e9049..0000000 --- a/curl-7.83.0.tar.xz.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmJo38QACgkQXMkI/bce -EsL1Uwf/Xg8Prwzathb3KeW0GJl3nvXrsxVgiZ8dKN/21GlYVmDAJqKW9ZvY/z43 -uihaO9OI8p7D7ZAM4JxqOWmYf6e9PadMdCP4nNN00GrZaktV54H7yrdcS7UJrFL8 -ASG0Cjg/gRlZS9O7HtIBVikKaugGc9X2j0n7UbuDlgY8eyUL98dxDxuAHf5QOYCX -8xvIDQrfHb5y3ZrPJDuxHyeyWUh9lnxv35L6SVFxhaXqxZdFZOWddFsQX4/6xgJ2 -JSOpafG3bGB6YsTZ8fFUgu/5CivEORr4jYMWnnYaruCCCFLbIwXr3a5jOrMmg0Hj -U7YBDim0fx4Hs1th03Myqkq5QAUXxQ== -=LoEG ------END PGP SIGNATURE----- diff --git a/curl-7.83.1.tar.xz b/curl-7.83.1.tar.xz new file mode 100644 index 0000000..6f62ee3 --- /dev/null +++ b/curl-7.83.1.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:2cb9c2356e7263a1272fd1435ef7cdebf2cd21400ec287b068396deb705c22c4 +size 2474940 diff --git a/curl-7.83.1.tar.xz.asc b/curl-7.83.1.tar.xz.asc new file mode 100644 index 0000000..ccf52f7 --- /dev/null +++ b/curl-7.83.1.tar.xz.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- + +iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmJ7VmgACgkQXMkI/bce +EsIa0AgAtFdypCmQsOZ8FYXMjbXoVO6K76fTRwkAIZEn+s/vvmBhTkmGEyZTGg0k +CV9ohHn7bLJcc0Y1eQbrZNjOKJmKF2TINaDuQ7YJGoLVm7PmmoA5TGdVVG2yMGah +pW8PPmiQFNCBuAgqwCEJ3/1XAgU0nn8KVi3R0it40Z07OrXozaMXpox7kd6HNOuV +fogzCtmWyKl4+bo5BJ/6Vno89juLciyM7SZfeMuonCwmSP8mMufY0NBAsamySJ63 +BEMJR/3TKaam6UBsBDiG2+LOaWaFoF9rwIKg9kifldWBoeEioQENrbk0xg1T0LvT +JDyoX8lCqfFJPJSNzloolHEpvmx5iw== +=XcGf +-----END PGP SIGNATURE----- diff --git a/curl.changes b/curl.changes index 8127f9b..e89f7d4 100644 --- a/curl.changes +++ b/curl.changes @@ -1,3 +1,57 @@ +------------------------------------------------------------------- +Wed May 11 07:11:50 UTC 2022 - David Anes + +- Update to 7.83.1: + * Security fixes: + - (bsc#1199225, CVE-2022-30115) HSTS bypass via trailing dot + - (bsc#1199224, CVE-2022-27782) TLS and SSH connection too eager reuse + - (bsc#1199223, CVE-2022-27781) CERTINFO never-ending busy-loop + - (bsc#1199222, CVE-2022-27780) percent-encoded path separator in URL host + - (bsc#1199221, CVE-2022-27779) cookie for trailing dot TLD + - (bsc#1199220, CVE-2022-27778) removes wrong file on error + * Bugfixes: + - altsvc: fix host name matching for trailing dots + - cirrus: Update to FreeBSD 12.3 + - cirrus: Use pip for Python packages on FreeBSD + - conn: fix typo 'connnection' -> 'connection' in two function names + - cookies: make bad_domain() not consider a trailing dot fine + - curl: free resource in error path + - curl: guard against size_t wraparound in no-clobber code + - CURLOPT_DOH_URL.3: mention the known bug + - CURLOPT_HSTS*FUNCTION.3: document the involved structs as well + - CURLOPT_SSH_AUTH_TYPES.3: fix the default + - data/test376: set a proper name + - GHA/mbedtls: enabled nghttp2 in the build + - gha: build msh3 + - gskit: fixed bogus setsockopt calls + - gskit: remove unused function set_callback + - hsts: ignore trailing dots when comparing hosts names + - HTTP-COOKIES: add missing CURLOPT_COOKIESESSION + - http: move Curl_allow_auth_to_host() + - http_proxy/hyper: handle closed connections + - hyper: fix test 357 + - Makefile: fix "make ca-firefox" + - mbedtls: bail out if rng init fails + - mbedtls: fix compile when h2-enabled + - mbedtls: fix some error messages + - misc: use "autoreconf -fi" instead buildconf + - msh3: get msh3 version from MsH3Version + - msh3: print boolean value as text representation + - msh3: psss remote_port to MsH3ConnectionOpen + - ngtcp2: add ca-fallback support for OpenSSL backend + - nss: return error if seemingly stuck in a cert loop + - openssl: define HAVE_SSL_CTX_SET_EC_CURVES for libressl + - post_per_transfer: remove the updated file name + - sectransp: bail out if SSLSetPeerDomainName fails + - tests/server: declare variable 'reqlogfile' static + - tests: fix markdown formatting in README + - test{898,974,976}: add 'HTTP proxy' keywords + - tls: check more TLS details for connection reuse + - url: check SSH config match on connection reuse + - urlapi: address (harmless) UndefinedBehavior sanitizer warning + - urlapi: reject percent-decoding host name into separator bytes + - x509asn1: make do_pubkey handle EC public keys + ------------------------------------------------------------------- Fri Apr 22 11:39:46 UTC 2022 - David Anes diff --git a/curl.spec b/curl.spec index 14c3a40..8be82f7 100644 --- a/curl.spec +++ b/curl.spec @@ -21,7 +21,7 @@ # need ssl always for python-pycurl %bcond_without openssl Name: curl -Version: 7.83.0 +Version: 7.83.1 Release: 0 Summary: A Tool for Transferring Data from URLs License: curl