Hello community, here is the log from the commit of package curl for openSUSE:Factory checked in at 2017-05-03 15:51:43 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/curl (Old) and /work/SRC/openSUSE:Factory/.curl.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "curl" Wed May 3 15:51:43 2017 rev:123 rq:489265 version:7.54.0 Changes: -------- --- /work/SRC/openSUSE:Factory/curl/curl.changes 2017-02-26 17:03:56.936204319 +0100 +++ /work/SRC/openSUSE:Factory/.curl.new/curl.changes 2017-05-03 15:51:44.586365046 +0200 @@ -1,0 +2,45 @@ +Wed Apr 19 08:17:17 UTC 2017 - idonmez@suse.com + +- Update to 7.54.0 + Changes: + * Add CURL_SSLVERSION_MAX_* constants to CURLOPT_SSLVERSION + * Add --max-tls + * Add CURLOPT_SUPPRESS_CONNECT_HEADERS + * Add --suppress-connect-headers + Bugfixes: + * CVE-2017-7468: switch off SSL session id when client cert is used + * bsc#1033413 + * tests: use consistent environment variables for setting charset + * proxy: fixed a memory leak on OOM + * ftp: removed an erroneous free in an OOM path + * ftp: fixed a NULL pointer dereference on OOM + * gopher: fixed detection of an error condition from Curl_urldecode + * url: fix unix-socket support for proxy-disabled builds + * fix potential use of uninitialized variables + * ares: return error at once if timed out before name resolve starts + * URL: return error on malformed URLs with junk after port number + * http2: Fix assertion error on redirect with CL=0 + * --insecure: clarify that this option is for server connections + * authneg: clear auth.multi flag at http_done + * curl_easy_reset: Also reset the authentication state + * proxy: skip SSL initialization for closed connections + * http_proxy: ignore TE and CL in CONNECT 2xx responses + * multi: fix streamclose() crash in debug mode + * openssl: fall back on SSL_ERROR_* string when no error detail + * asiohiper: make sure socket is open in event_cb + * curl: check for end of input in writeout backslash handling + * openssl: exclude DSA code when OPENSSL_NO_DSA is defined + * http: Fix proxy connection reuse with basic-auth + * pause: handle mixed types of data when paused + * http: do not treat FTPS over CONNECT as HTTPS + * conncache: make hashkey avoid malloc + * multi: fix queueing of pending easy handles + * low_speed_limit: improved function for longer time periods + * nss: load CA certificates even with --insecure + * Curl_expire_latest: ignore already expired timers + * http2: fix handle leak in error path + * openssl: make SSL_ERROR_to_str more future-proof + * openssl: fix thread-safety bugs in error-handling + * openssl: don't try to print nonexistant peer private keys + +------------------------------------------------------------------- Old: ---- curl-7.53.1.tar.lzma curl-7.53.1.tar.lzma.asc New: ---- curl-7.54.0.tar.lzma curl-7.54.0.tar.lzma.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ curl.spec ++++++ --- /var/tmp/diff_new_pack.TBkX8U/_old 2017-05-03 15:51:45.762199045 +0200 +++ /var/tmp/diff_new_pack.TBkX8U/_new 2017-05-03 15:51:45.766198480 +0200 @@ -20,7 +20,7 @@ %bcond_with mozilla_nss %bcond_without testsuite Name: curl -Version: 7.53.1 +Version: 7.54.0 Release: 0 Summary: A Tool for Transferring Data from URLs License: BSD-3-Clause and MIT