Security update for curl
This update for curl fixes the following issues:
- CVE-2016-0755: libcurl would reuse NTLM-authenticated proxy connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer (bsc#962983)
The following non-security bugs were fixed:
- boo#936676: secure_getenv or __secure_getenv may not be detected correctly at build time
The following tracked bugs only affect the test suite:
- boo#962996: Expired cookie in test 46 caused test failures
- boo#934333: Curl test suite was not run, is now enabled during build
This update was imported from the SUSE:SLE-12:Update update project.
-
Submitted by
Vítězslav Čížek (vitezslav_cizek)
Fixed bugs
bnc#936676
sles12 curl package has bug implementing curl-secure-getenv.patch
bnc#962996
curl: expired cookie causes failure of test 46
bnc#962983
VUL-0: CVE-2016-0755: curl: libcurl NTLM credentials not-checked for proxy connection re-use
bnc#934333
Run curl testsuite during build
