libcurl-7.85.0-12.fc37 RPM for aarch64

From Fedora 37 updates for aarch64 / Packages / l

libcurl is a free and easy-to-use client-side URL transfer library, supporting
FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP,
SMTP, POP3 and RTSP. libcurl supports SSL certificates, HTTP POST, HTTP PUT,
FTP uploading, HTTP form based upload, proxies, cookies, user+password
authentication (Basic, Digest, NTLM, Negotiate, Kerberos4), file transfer
resume, http proxy tunneling and more.

Provides

• libcurl
• libcurl(aarch-64)
• libcurl-full
• libcurl-full(aarch-64)
• libcurl.so.4()(64bit)

Requires

• ld-linux-aarch64.so.1()(64bit)
• ld-linux-aarch64.so.1(GLIBC_2.17)(64bit)
• libbrotlidec.so.1()(64bit)
• libc.so.6()(64bit)
• libc.so.6(GLIBC_2.17)(64bit)
• libc.so.6(GLIBC_2.33)(64bit)
• libc.so.6(GLIBC_2.34)(64bit)
• libcrypto.so.3()(64bit)
• libcrypto.so.3(OPENSSL_3.0.0)(64bit)
• libgssapi_krb5.so.2()(64bit)
• libgssapi_krb5.so.2(gssapi_krb5_2_MIT)(64bit)
• libidn2.so.0()(64bit)
• libidn2.so.0(IDN2_0.0.0)(64bit)
• liblber.so.2()(64bit)
• liblber.so.2(OPENLDAP_2.200)(64bit)
• libldap.so.2()(64bit)
• libldap.so.2(OPENLDAP_2.200)(64bit)
• libnghttp2(aarch-64) >= 1.51.0
• libnghttp2.so.14()(64bit)
• libpsl(aarch-64) >= 0.21.1
• libpsl.so.5()(64bit)
• libssh(aarch-64) >= 0.10.5
• libssh.so.4()(64bit)
• libssh.so.4(LIBSSH_4_5_0)(64bit)
• libssh.so.4(LIBSSH_4_8_1)(64bit)
• libssl.so.3()(64bit)
• libssl.so.3(OPENSSL_3.0.0)(64bit)
• libz.so.1()(64bit)
• openssl-libs(aarch-64) >= 1:3.0.9
• rpmlib(CompressedFileNames) <= 3.0.4-1
• rpmlib(FileDigests) <= 4.6.0-1
• rpmlib(PayloadFilesHavePrefix) <= 4.0-1
• rpmlib(PayloadIsZstd) <= 5.4.18-1
• rtld(GNU_HASH)

License

MIT

Changelog

* Thu Oct 12 2023 Jan Macku <jamacku@redhat.com> - 7.85.0-12
  - fix cookie injection with none file (CVE-2023-38546)
  - fix SOCKS5 heap buffer overflow (CVE-2023-38545)
* Wed Sep 13 2023 Jan Macku <jamacku@redhat.com> - 7.85.0-11
  - fix HTTP headers eat all memory (CVE-2023-38039)
  - temporarily disable test 678 on aarch64 (it suddently started crashing without any change in curl)
* Thu Jul 20 2023 Jan Macku <jamacku@redhat.com> - 7.85.0-10
  - fix fopen race condition (CVE-2023-32001)
* Mon Jun 05 2023 Jan Macku <jamacku@redhat.com> - 7.85.0-9
  - fix more POST-after-PUT confusion (CVE-2023-28322)
  - fix IDN wildcard match (CVE-2023-28321)
* Fri Mar 24 2023 Kamil Dudka <kdudka@redhat.com> - 7.85.0-8
  - fix SSH connection too eager reuse still (CVE-2023-27538)
  - fix HSTS double-free (CVE-2023-27537)
  - fix GSS delegation too eager connection re-use (CVE-2023-27536)
  - fix FTP too eager connection reuse (CVE-2023-27535)
  - fix SFTP path ~ resolving discrepancy (CVE-2023-27534)
  - fix TELNET option IAC injection (CVE-2023-27533)
* Mon Feb 27 2023 Kamil Dudka <kdudka@redhat.com> - 7.85.0-7
  - header: define public API functions as extern C (#2173299)
* Wed Feb 15 2023 Kamil Dudka <kdudka@redhat.com> - 7.85.0-6
  - fix HTTP multi-header compression denial of service (CVE-2023-23916)
  - share HSTS between handles (CVE-2023-23915 CVE-2023-23914)
* Wed Dec 21 2022 Kamil Dudka <kdudka@redhat.com> - 7.85.0-5
  - smb/telnet: fix use-after-free when HTTP proxy denies tunnel (CVE-2022-43552)
  - http: use the IDN decoded name in HSTS checks (CVE-2022-43551)
* Thu Nov 24 2022 Kamil Dudka <kdudka@redhat.com> - 7.85.0-4
  - enforce versioned libnghttp2 dependency for libcurl (#2144277)
* Mon Nov 21 2022 Kamil Dudka <kdudka@redhat.com> - 7.85.0-3
  - http2: make nghttp2 less picky about field whitespace (#2144277)
* Wed Oct 26 2022 Kamil Dudka <kdudka@redhat.com> - 7.85.0-2
  - url: use IDN decoded names for HSTS checks (CVE-2022-42916)
  - http_proxy: restore the protocol pointer on error (CVE-2022-42915)
  - netrc: replace fgets with Curl_get_line (CVE-2022-35260)
  - fix POST following PUT confusion (CVE-2022-32221)
* Thu Sep 01 2022 Kamil Dudka <kdudka@redhat.com> - 7.85.0-1
  - new upstream release, which fixes the following vulnerability
      CVE-2022-35252 - control code in cookie denial of service
* Thu Aug 25 2022 Kamil Dudka <kdudka@redhat.com> - 7.84.0-3
  - tests: fix http2 tests to use CRLF headers to make it work with nghttp2-1.49.0
* Wed Jul 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 7.84.0-2
  - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Mon Jun 27 2022 Kamil Dudka <kdudka@redhat.com> - 7.84.0-1
  - new upstream release, which fixes the following vulnerabilities
      CVE-2022-32207 - Unpreserved file permissions
      CVE-2022-32205 - Set-Cookie denial of service
      CVE-2022-32206 - HTTP compression denial of service
      CVE-2022-32208 - FTP-KRB bad message verification
* Wed May 11 2022 Kamil Dudka <kdudka@redhat.com> - 7.83.1-1
  - new upstream release, which fixes the following vulnerabilities
      CVE-2022-27782 - fix too eager reuse of TLS and SSH connections
      CVE-2022-27779 - do not accept cookies for TLD with trailing dot
      CVE-2022-27778 - do not remove wrong file on error
      CVE-2022-30115 - hsts: ignore trailing dots when comparing hosts names
      CVE-2022-27780 - reject percent-encoded path separator in URL host
* Wed Apr 27 2022 Kamil Dudka <kdudka@redhat.com> - 7.83.0-1
  - new upstream release, which fixes the following vulnerabilities
      CVE-2022-27774 - curl credential leak on redirect
      CVE-2022-27776 - curl auth/cookie leak on redirect
      CVE-2022-27775 - curl bad local IPv6 connection reuse
      CVE-2022-22576 - curl OAUTH2 bearer bypass in connection re-use
* Tue Mar 15 2022 Kamil Dudka <kdudka@redhat.com> - 7.82.0-2
  - openssl: fix incorrect CURLE_OUT_OF_MEMORY error on CN check failure
* Sat Mar 05 2022 Kamil Dudka <kdudka@redhat.com> - 7.82.0-1
  - new upstream release
* Thu Feb 24 2022 Kamil Dudka <kdudka@redhat.com> - 7.81.0-4
  - enable IDN support also in libcurl-minimal
* Thu Feb 10 2022 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 7.81.0-3
  - Suggest libcurl-minimal in curl-minimal
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 7.81.0-2
  - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Wed Jan 05 2022 Kamil Dudka <kdudka@redhat.com> - 7.81.0-1
  - new upstream release
* Sun Nov 14 2021 Paul Howarth <paul@city-fan.org> - 7.80.0-2
  - sshserver.pl (used in test suite) now requires the Digest::SHA perl module
* Wed Nov 10 2021 Kamil Dudka <kdudka@redhat.com> - 7.80.0-1
  - new upstream release
* Tue Oct 26 2021 Kamil Dudka <kdudka@redhat.com> - 7.79.1-3
  - re-enable HSTS in libcurl-minimal as a security feature (#2005874)

Files

/usr/lib/.build-id
/usr/lib/.build-id/f1
/usr/lib/.build-id/f1/76d97b126e1263f5fb35910fcfc7983eecca69
/usr/lib64/libcurl.so.4
/usr/lib64/libcurl.so.4.8.0
/usr/share/licenses/libcurl
/usr/share/licenses/libcurl/COPYING

Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Apr 9 19:05:07 2024