Accepting request 976221 from home:david.anes:branches:devel:libraries:c_c++
- Update to 7.83.1: * Security fixes: - (bsc#1199225, CVE-2022-30115) HSTS bypass via trailing dot - (bsc#1199224, CVE-2022-27782) TLS and SSH connection too eager reuse - (bsc#1199223, CVE-2022-27781) CERTINFO never-ending busy-loop - (bsc#1199222, CVE-2022-27780) percent-encoded path separator in URL host - (bsc#1199221, CVE-2022-27779) cookie for trailing dot TLD - (bsc#1199220, CVE-2022-27778) removes wrong file on error * Bugfixes: - altsvc: fix host name matching for trailing dots - cirrus: Update to FreeBSD 12.3 - cirrus: Use pip for Python packages on FreeBSD - conn: fix typo 'connnection' -> 'connection' in two function names - cookies: make bad_domain() not consider a trailing dot fine - curl: free resource in error path - curl: guard against size_t wraparound in no-clobber code - CURLOPT_DOH_URL.3: mention the known bug - CURLOPT_HSTS*FUNCTION.3: document the involved structs as well - CURLOPT_SSH_AUTH_TYPES.3: fix the default - data/test376: set a proper name - GHA/mbedtls: enabled nghttp2 in the build - gha: build msh3 - gskit: fixed bogus setsockopt calls - gskit: remove unused function set_callback - hsts: ignore trailing dots when comparing hosts names - HTTP-COOKIES: add missing CURLOPT_COOKIESESSION - http: move Curl_allow_auth_to_host() - http_proxy/hyper: handle closed connections - hyper: fix test 357 - Makefile: fix "make ca-firefox" OBS-URL: https://build.opensuse.org/request/show/976221 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=312
This commit is contained in:
parent
73128f1a05
commit
d14347c3d1
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:bbff0e6b5047e773f3c3b084d80546cc1be4e354c09e419c2d0ef6116253511a
|
|
||||||
size 2472560
|
|
@ -1,11 +0,0 @@
|
|||||||
-----BEGIN PGP SIGNATURE-----
|
|
||||||
|
|
||||||
iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmJo38QACgkQXMkI/bce
|
|
||||||
EsL1Uwf/Xg8Prwzathb3KeW0GJl3nvXrsxVgiZ8dKN/21GlYVmDAJqKW9ZvY/z43
|
|
||||||
uihaO9OI8p7D7ZAM4JxqOWmYf6e9PadMdCP4nNN00GrZaktV54H7yrdcS7UJrFL8
|
|
||||||
ASG0Cjg/gRlZS9O7HtIBVikKaugGc9X2j0n7UbuDlgY8eyUL98dxDxuAHf5QOYCX
|
|
||||||
8xvIDQrfHb5y3ZrPJDuxHyeyWUh9lnxv35L6SVFxhaXqxZdFZOWddFsQX4/6xgJ2
|
|
||||||
JSOpafG3bGB6YsTZ8fFUgu/5CivEORr4jYMWnnYaruCCCFLbIwXr3a5jOrMmg0Hj
|
|
||||||
U7YBDim0fx4Hs1th03Myqkq5QAUXxQ==
|
|
||||||
=LoEG
|
|
||||||
-----END PGP SIGNATURE-----
|
|
3
curl-7.83.1.tar.xz
Normal file
3
curl-7.83.1.tar.xz
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:2cb9c2356e7263a1272fd1435ef7cdebf2cd21400ec287b068396deb705c22c4
|
||||||
|
size 2474940
|
11
curl-7.83.1.tar.xz.asc
Normal file
11
curl-7.83.1.tar.xz.asc
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
|
||||||
|
iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmJ7VmgACgkQXMkI/bce
|
||||||
|
EsIa0AgAtFdypCmQsOZ8FYXMjbXoVO6K76fTRwkAIZEn+s/vvmBhTkmGEyZTGg0k
|
||||||
|
CV9ohHn7bLJcc0Y1eQbrZNjOKJmKF2TINaDuQ7YJGoLVm7PmmoA5TGdVVG2yMGah
|
||||||
|
pW8PPmiQFNCBuAgqwCEJ3/1XAgU0nn8KVi3R0it40Z07OrXozaMXpox7kd6HNOuV
|
||||||
|
fogzCtmWyKl4+bo5BJ/6Vno89juLciyM7SZfeMuonCwmSP8mMufY0NBAsamySJ63
|
||||||
|
BEMJR/3TKaam6UBsBDiG2+LOaWaFoF9rwIKg9kifldWBoeEioQENrbk0xg1T0LvT
|
||||||
|
JDyoX8lCqfFJPJSNzloolHEpvmx5iw==
|
||||||
|
=XcGf
|
||||||
|
-----END PGP SIGNATURE-----
|
54
curl.changes
54
curl.changes
@ -1,3 +1,57 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed May 11 07:11:50 UTC 2022 - David Anes <david.anes@suse.com>
|
||||||
|
|
||||||
|
- Update to 7.83.1:
|
||||||
|
* Security fixes:
|
||||||
|
- (bsc#1199225, CVE-2022-30115) HSTS bypass via trailing dot
|
||||||
|
- (bsc#1199224, CVE-2022-27782) TLS and SSH connection too eager reuse
|
||||||
|
- (bsc#1199223, CVE-2022-27781) CERTINFO never-ending busy-loop
|
||||||
|
- (bsc#1199222, CVE-2022-27780) percent-encoded path separator in URL host
|
||||||
|
- (bsc#1199221, CVE-2022-27779) cookie for trailing dot TLD
|
||||||
|
- (bsc#1199220, CVE-2022-27778) removes wrong file on error
|
||||||
|
* Bugfixes:
|
||||||
|
- altsvc: fix host name matching for trailing dots
|
||||||
|
- cirrus: Update to FreeBSD 12.3
|
||||||
|
- cirrus: Use pip for Python packages on FreeBSD
|
||||||
|
- conn: fix typo 'connnection' -> 'connection' in two function names
|
||||||
|
- cookies: make bad_domain() not consider a trailing dot fine
|
||||||
|
- curl: free resource in error path
|
||||||
|
- curl: guard against size_t wraparound in no-clobber code
|
||||||
|
- CURLOPT_DOH_URL.3: mention the known bug
|
||||||
|
- CURLOPT_HSTS*FUNCTION.3: document the involved structs as well
|
||||||
|
- CURLOPT_SSH_AUTH_TYPES.3: fix the default
|
||||||
|
- data/test376: set a proper name
|
||||||
|
- GHA/mbedtls: enabled nghttp2 in the build
|
||||||
|
- gha: build msh3
|
||||||
|
- gskit: fixed bogus setsockopt calls
|
||||||
|
- gskit: remove unused function set_callback
|
||||||
|
- hsts: ignore trailing dots when comparing hosts names
|
||||||
|
- HTTP-COOKIES: add missing CURLOPT_COOKIESESSION
|
||||||
|
- http: move Curl_allow_auth_to_host()
|
||||||
|
- http_proxy/hyper: handle closed connections
|
||||||
|
- hyper: fix test 357
|
||||||
|
- Makefile: fix "make ca-firefox"
|
||||||
|
- mbedtls: bail out if rng init fails
|
||||||
|
- mbedtls: fix compile when h2-enabled
|
||||||
|
- mbedtls: fix some error messages
|
||||||
|
- misc: use "autoreconf -fi" instead buildconf
|
||||||
|
- msh3: get msh3 version from MsH3Version
|
||||||
|
- msh3: print boolean value as text representation
|
||||||
|
- msh3: psss remote_port to MsH3ConnectionOpen
|
||||||
|
- ngtcp2: add ca-fallback support for OpenSSL backend
|
||||||
|
- nss: return error if seemingly stuck in a cert loop
|
||||||
|
- openssl: define HAVE_SSL_CTX_SET_EC_CURVES for libressl
|
||||||
|
- post_per_transfer: remove the updated file name
|
||||||
|
- sectransp: bail out if SSLSetPeerDomainName fails
|
||||||
|
- tests/server: declare variable 'reqlogfile' static
|
||||||
|
- tests: fix markdown formatting in README
|
||||||
|
- test{898,974,976}: add 'HTTP proxy' keywords
|
||||||
|
- tls: check more TLS details for connection reuse
|
||||||
|
- url: check SSH config match on connection reuse
|
||||||
|
- urlapi: address (harmless) UndefinedBehavior sanitizer warning
|
||||||
|
- urlapi: reject percent-decoding host name into separator bytes
|
||||||
|
- x509asn1: make do_pubkey handle EC public keys
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Apr 22 11:39:46 UTC 2022 - David Anes <david.anes@suse.com>
|
Fri Apr 22 11:39:46 UTC 2022 - David Anes <david.anes@suse.com>
|
||||||
|
|
||||||
|
@ -21,7 +21,7 @@
|
|||||||
# need ssl always for python-pycurl
|
# need ssl always for python-pycurl
|
||||||
%bcond_without openssl
|
%bcond_without openssl
|
||||||
Name: curl
|
Name: curl
|
||||||
Version: 7.83.0
|
Version: 7.83.1
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: A Tool for Transferring Data from URLs
|
Summary: A Tool for Transferring Data from URLs
|
||||||
License: curl
|
License: curl
|
||||||
|
Loading…
x
Reference in New Issue
Block a user