Hello community,
here is the log from the commit of package curl for openSUSE:Factory checked in at 2019-03-01 20:26:00
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/curl (Old)
and /work/SRC/openSUSE:Factory/.curl.new.28833 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "curl"
Fri Mar 1 20:26:00 2019 rev:142 rq:679773 version:7.64.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/curl/curl-mini.changes 2019-01-25 22:41:42.871350220 +0100
+++ /work/SRC/openSUSE:Factory/.curl.new.28833/curl-mini.changes 2019-03-01 20:26:02.738060058 +0100
@@ -1,0 +2,101 @@
+Wed Feb 27 08:53:31 UTC 2019 - Stephan Kulow
+
+- BuildRequire libcurl4-mini for !bootstrap to avoid build cycles
+ due to cmake pulling libcurl4
+
+-------------------------------------------------------------------
+Wed Feb 6 09:16:58 UTC 2019 - Pedro Monreal Gonzalez
+
+- update to version 7.64.0
+ [bcs#1123371, CVE-2018-16890][bcs#1123377, CVE-2019-3822]
+ [bcs#1123378, CVE-2019-3823]
+ * Changes:
+ - cookies: leave secure cookies alone
+ - hostip: support wildcard hosts
+ - http: Implement trailing headers for chunked transfers
+ - http: added options for allowing HTTP/0.9 responses
+ - timeval: Use high resolution timestamps on Windows
+ * Bugfixes:
+ - CVE-2018-16890: NTLM type-2 out-of-bounds buffer read
+ - CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow
+ - CVE-2019-3823: SMTP end-of-response out-of-bounds read
+ - FAQ: remove mention of sourceforge for github
+ - OS400: handle memory error in list conversion
+ - OS400: upgrade ILE/RPG binding.
+ - README: add codacy code quality badge
+ - Revert http_negotiate: do not close connection
+ - THANKS: added several missing names from year <= 2000
+ - build: make 'tidy' target work for metalink builds
+ - cmake: added checks for variadic macros
+ - cmake: updated check for HAVE_POLL_FINE to match autotools
+ - cmake: use lowercase for function name like the rest of the code
+ - configure: detect xlclang separately from clang
+ - configure: fix recv/send/select detection on Android
+ - configure: rewrite --enable-code-coverage
+ - conncache_unlock: avoid indirection by changing input argument type
+ - cookie: fix comment typo
+ - cookies: allow secure override when done over HTTPS
+ - cookies: extend domain checks to non psl builds
+ - cookies: skip custom cookies when redirecting cross-site
+ - curl --xattr: strip credentials from any URL that is stored
+ - curl -J: refuse to append to the destination file
+ - curl/urlapi.h: include "curl.h" first
+ - curl_multi_remove_handle() don't block terminating c-ares requests
+ - darwinssl: accept setting max-tls with default min-tls
+ - disconnect: separate connections and easy handles better
+ - disconnect: set conn->data for protocol disconnect
+ - docs/version.d: mention MultiSSL
+ - docs: fix the --tls-max description
+ - docs: use $(INSTALL_DATA) to install man page
+ - docs: use meaningless port number in CURLOPT_LOCALPORT example
+ - gopher: always include the entire gopher-path in request
+ - http2: clear pause stream id if it gets closed
+ - if2ip: remove unused function Curl_if_is_interface_name
+ - libssh: do not let libssh create socket
+ - libssh: enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION for libssh
+ - libssh: free sftp_canonicalize_path() data correctly
+ - libtest/stub_gssapi: use "real" snprintf
+ - mbedtls: use VERIFYHOST
+ - multi: multiplexing improvements
+ - multi: set the EXPIRE_*TIMEOUT timers at TIMER_STARTSINGLE time
+ - ntlm: fix NTMLv2 compliance
+ - ntlm_sspi: add support for channel binding
+ - openssl: adapt to 3.0.0, OpenSSL_version_num() is deprecated
+ - openssl: fix the SSL_get_tlsext_status_ocsp_resp call
+ - openvms: fix OpenSSL discovery on VAX
+ - openvms: fix typos in documentation
+ - os400: add a missing closing bracket
+ - os400: fix extra parameter syntax error
+ - pingpong: change default response timeout to 120 seconds
+ - pingpong: ignore regular timeout in disconnect phase
+ - printf: fix format specifiers
+ - runtests.pl: Fix perl call to include srcdir
+ - schannel: fix compiler warning
+ - schannel: preserve original certificate path parameter
+ - schannel: stop calling it "winssl"
+ - sigpipe: if mbedTLS is used, ignore SIGPIPE
+ - smb: fix incorrect path in request if connection reused
+ - ssh: log the libssh2 error message when ssh session startup fails
+ - test1558: verify CURLINFO_PROTOCOL on file:// transfer
+ - test1561: improve test name
+ - test1653: make it survive torture tests
+ - tests: allow tests to pass by 2037-02-12
+ - tests: move objnames-* from lib into tests
+ - timediff: fix math for unsigned time_t
+ - timeval: Disable MSVC Analyzer GetTickCount warning
+ - tool_cb_prg: avoid integer overflow
+ - travis: added cmake build for osx
+ - urlapi: Fix port parsing of eol colon
+ - urlapi: distinguish possibly empty query
+ - urlapi: fix parsing ipv6 with zone index
+ - urldata: rename easy_conn to just conn
+ - winbuild: conditionally use /DZLIB_WINAPI
+ - wolfssl: fix memory-leak in threaded use
+ - spnego_sspi: add support for channel binding
+
+-------------------------------------------------------------------
+Mon Jan 28 18:47:00 UTC 2019 - Jan Engelhardt
+
+- Fix wrong summary, curl is at version 7, not 4.
+
+-------------------------------------------------------------------
curl.changes: same change
Old:
----
curl-7.63.0.tar.gz
curl-7.63.0.tar.gz.asc
New:
----
curl-7.64.0.tar.xz
curl-7.64.0.tar.xz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ curl-mini.spec ++++++
--- /var/tmp/diff_new_pack.lgGKgz/_old 2019-03-01 20:26:03.958059772 +0100
+++ /var/tmp/diff_new_pack.lgGKgz/_new 2019-03-01 20:26:03.962059771 +0100
@@ -29,14 +29,14 @@
# need ssl always for python-pycurl
%bcond_without openssl
Name: curl-mini
-Version: 7.63.0
+Version: 7.64.0
Release: 0
Summary: A Tool for Transferring Data from URLs
License: curl
Group: Productivity/Networking/Web/Utilities
Url: https://curl.haxx.se/
-Source: https://curl.haxx.se/download/curl-%{version}.tar.gz
-Source2: https://curl.haxx.se/download/curl-%{version}.tar.gz.asc
+Source: https://curl.haxx.se/download/curl-%{version}.tar.xz
+Source2: https://curl.haxx.se/download/curl-%{version}.tar.xz.asc
Source3: baselibs.conf
Source4: https://daniel.haxx.se/mykey.asc#/curl.keyring
Patch0: libcurl-ocloexec.patch
@@ -60,6 +60,8 @@
BuildRequires: pkgconfig(libpsl)
BuildRequires: pkgconfig(libssh)
BuildRequires: pkgconfig(zlib)
+# avoid our own libcurl4 pulled in by cmake
+#!BuildRequires: libcurl4-mini
%else
Requires: this-is-only-for-build-envs
Conflicts: curl
@@ -85,7 +87,7 @@
without user interaction or any kind of interactivity.
%package -n libcurl4%{?mini}
-Summary: Version 4 of cURL shared library
+Summary: Library for transferring data from URLs
Group: Productivity/Networking/Web/Utilities
%if 0%{?bootstrap}
Provides: libcurl4 = %{version}
@@ -94,11 +96,11 @@
%endif
%description -n libcurl4%{?mini}
-The cURL shared library version 4 for accessing data using different
+The cURL shared library for accessing data using different
network protocols.
%package -n libcurl%{?mini}-devel
-Summary: A Tool for Transferring Data from URLs
+Summary: Development files for the curl library
Group: Development/Libraries/C and C++
Requires: glibc-devel
Requires: libcurl4%{?mini} = %{version}
++++++ curl.spec ++++++
--- /var/tmp/diff_new_pack.lgGKgz/_old 2019-03-01 20:26:03.974059769 +0100
+++ /var/tmp/diff_new_pack.lgGKgz/_new 2019-03-01 20:26:03.978059768 +0100
@@ -27,14 +27,14 @@
# need ssl always for python-pycurl
%bcond_without openssl
Name: curl
-Version: 7.63.0
+Version: 7.64.0
Release: 0
Summary: A Tool for Transferring Data from URLs
License: curl
Group: Productivity/Networking/Web/Utilities
Url: https://curl.haxx.se/
-Source: https://curl.haxx.se/download/curl-%{version}.tar.gz
-Source2: https://curl.haxx.se/download/curl-%{version}.tar.gz.asc
+Source: https://curl.haxx.se/download/curl-%{version}.tar.xz
+Source2: https://curl.haxx.se/download/curl-%{version}.tar.xz.asc
Source3: baselibs.conf
Source4: https://daniel.haxx.se/mykey.asc#/curl.keyring
Patch0: libcurl-ocloexec.patch
@@ -58,6 +58,8 @@
BuildRequires: pkgconfig(libpsl)
BuildRequires: pkgconfig(libssh)
BuildRequires: pkgconfig(zlib)
+# avoid our own libcurl4 pulled in by cmake
+#!BuildRequires: libcurl4-mini
%else
Requires: this-is-only-for-build-envs
Conflicts: curl
@@ -83,7 +85,7 @@
without user interaction or any kind of interactivity.
%package -n libcurl4%{?mini}
-Summary: Version 4 of cURL shared library
+Summary: Library for transferring data from URLs
Group: Productivity/Networking/Web/Utilities
%if 0%{?bootstrap}
Provides: libcurl4 = %{version}
@@ -92,11 +94,11 @@
%endif
%description -n libcurl4%{?mini}
-The cURL shared library version 4 for accessing data using different
+The cURL shared library for accessing data using different
network protocols.
%package -n libcurl%{?mini}-devel
-Summary: A Tool for Transferring Data from URLs
+Summary: Development files for the curl library
Group: Development/Libraries/C and C++
Requires: glibc-devel
Requires: libcurl4%{?mini} = %{version}