Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

libcurl-minimal-7.85.0-12.fc37 RPM for aarch64

From Fedora 37 updates for aarch64 / Packages / l

Name: libcurl-minimal Distribution: Fedora Project
Version: 7.85.0 Vendor: Fedora Project
Release: 12.fc37 Build date: Thu Oct 12 12:20:22 2023
Group: Unspecified Build host: buildvm-a64-37.iad2.fedoraproject.org
Size: 543486 Source RPM: curl-7.85.0-12.fc37.src.rpm
Packager: Fedora Project
Url: https://curl.se/
Summary: Conservatively configured build of libcurl for minimal installations
 
This is a replacement of the 'libcurl' package for minimal installations.  It
comes with a limited set of features compared to the 'libcurl' package.  On the
other hand, the package is smaller and requires fewer run-time dependencies to
be installed.

Provides

Requires

License

MIT

Changelog

* Thu Oct 12 2023 Jan Macku <jamacku@redhat.com> - 7.85.0-12
  - fix cookie injection with none file (CVE-2023-38546)
  - fix SOCKS5 heap buffer overflow (CVE-2023-38545)
* Wed Sep 13 2023 Jan Macku <jamacku@redhat.com> - 7.85.0-11
  - fix HTTP headers eat all memory (CVE-2023-38039)
  - temporarily disable test 678 on aarch64 (it suddently started crashing without any change in curl)
* Thu Jul 20 2023 Jan Macku <jamacku@redhat.com> - 7.85.0-10
  - fix fopen race condition (CVE-2023-32001)
* Mon Jun 05 2023 Jan Macku <jamacku@redhat.com> - 7.85.0-9
  - fix more POST-after-PUT confusion (CVE-2023-28322)
  - fix IDN wildcard match (CVE-2023-28321)
* Fri Mar 24 2023 Kamil Dudka <kdudka@redhat.com> - 7.85.0-8
  - fix SSH connection too eager reuse still (CVE-2023-27538)
  - fix HSTS double-free (CVE-2023-27537)
  - fix GSS delegation too eager connection re-use (CVE-2023-27536)
  - fix FTP too eager connection reuse (CVE-2023-27535)
  - fix SFTP path ~ resolving discrepancy (CVE-2023-27534)
  - fix TELNET option IAC injection (CVE-2023-27533)
* Mon Feb 27 2023 Kamil Dudka <kdudka@redhat.com> - 7.85.0-7
  - header: define public API functions as extern C (#2173299)
* Wed Feb 15 2023 Kamil Dudka <kdudka@redhat.com> - 7.85.0-6
  - fix HTTP multi-header compression denial of service (CVE-2023-23916)
  - share HSTS between handles (CVE-2023-23915 CVE-2023-23914)
* Wed Dec 21 2022 Kamil Dudka <kdudka@redhat.com> - 7.85.0-5
  - smb/telnet: fix use-after-free when HTTP proxy denies tunnel (CVE-2022-43552)
  - http: use the IDN decoded name in HSTS checks (CVE-2022-43551)
* Thu Nov 24 2022 Kamil Dudka <kdudka@redhat.com> - 7.85.0-4
  - enforce versioned libnghttp2 dependency for libcurl (#2144277)
* Mon Nov 21 2022 Kamil Dudka <kdudka@redhat.com> - 7.85.0-3
  - http2: make nghttp2 less picky about field whitespace (#2144277)
* Wed Oct 26 2022 Kamil Dudka <kdudka@redhat.com> - 7.85.0-2
  - url: use IDN decoded names for HSTS checks (CVE-2022-42916)
  - http_proxy: restore the protocol pointer on error (CVE-2022-42915)
  - netrc: replace fgets with Curl_get_line (CVE-2022-35260)
  - fix POST following PUT confusion (CVE-2022-32221)
* Thu Sep 01 2022 Kamil Dudka <kdudka@redhat.com> - 7.85.0-1
  - new upstream release, which fixes the following vulnerability
      CVE-2022-35252 - control code in cookie denial of service
* Thu Aug 25 2022 Kamil Dudka <kdudka@redhat.com> - 7.84.0-3
  - tests: fix http2 tests to use CRLF headers to make it work with nghttp2-1.49.0
* Wed Jul 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 7.84.0-2
  - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Mon Jun 27 2022 Kamil Dudka <kdudka@redhat.com> - 7.84.0-1
  - new upstream release, which fixes the following vulnerabilities
      CVE-2022-32207 - Unpreserved file permissions
      CVE-2022-32205 - Set-Cookie denial of service
      CVE-2022-32206 - HTTP compression denial of service
      CVE-2022-32208 - FTP-KRB bad message verification
* Wed May 11 2022 Kamil Dudka <kdudka@redhat.com> - 7.83.1-1
  - new upstream release, which fixes the following vulnerabilities
      CVE-2022-27782 - fix too eager reuse of TLS and SSH connections
      CVE-2022-27779 - do not accept cookies for TLD with trailing dot
      CVE-2022-27778 - do not remove wrong file on error
      CVE-2022-30115 - hsts: ignore trailing dots when comparing hosts names
      CVE-2022-27780 - reject percent-encoded path separator in URL host
* Wed Apr 27 2022 Kamil Dudka <kdudka@redhat.com> - 7.83.0-1
  - new upstream release, which fixes the following vulnerabilities
      CVE-2022-27774 - curl credential leak on redirect
      CVE-2022-27776 - curl auth/cookie leak on redirect
      CVE-2022-27775 - curl bad local IPv6 connection reuse
      CVE-2022-22576 - curl OAUTH2 bearer bypass in connection re-use
* Tue Mar 15 2022 Kamil Dudka <kdudka@redhat.com> - 7.82.0-2
  - openssl: fix incorrect CURLE_OUT_OF_MEMORY error on CN check failure
* Sat Mar 05 2022 Kamil Dudka <kdudka@redhat.com> - 7.82.0-1
  - new upstream release
* Thu Feb 24 2022 Kamil Dudka <kdudka@redhat.com> - 7.81.0-4
  - enable IDN support also in libcurl-minimal
* Thu Feb 10 2022 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 7.81.0-3
  - Suggest libcurl-minimal in curl-minimal
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 7.81.0-2
  - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Wed Jan 05 2022 Kamil Dudka <kdudka@redhat.com> - 7.81.0-1
  - new upstream release
* Sun Nov 14 2021 Paul Howarth <paul@city-fan.org> - 7.80.0-2
  - sshserver.pl (used in test suite) now requires the Digest::SHA perl module
* Wed Nov 10 2021 Kamil Dudka <kdudka@redhat.com> - 7.80.0-1
  - new upstream release
* Tue Oct 26 2021 Kamil Dudka <kdudka@redhat.com> - 7.79.1-3
  - re-enable HSTS in libcurl-minimal as a security feature (#2005874)

Files

/usr/lib/.build-id
/usr/lib/.build-id/c3
/usr/lib/.build-id/c3/4c4103732cd47cb571de4c6af4fb33b7f8bed6
/usr/lib64/libcurl.so.4
/usr/lib64/libcurl.so.4.8.0
/usr/share/licenses/libcurl-minimal
/usr/share/licenses/libcurl-minimal/COPYING

Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Apr 9 19:05:07 2024