Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: libcurl-minimal | Distribution: Fedora Project |
Version: 7.87.0 | Vendor: Fedora Project |
Release: 7.fc38 | Build date: Fri Mar 24 13:38:29 2023 |
Group: Unspecified | Build host: buildvm-ppc64le-14.iad2.fedoraproject.org |
Size: 741086 | Source RPM: curl-7.87.0-7.fc38.src.rpm |
Packager: Fedora Project | |
Url: https://curl.se/ | |
Summary: Conservatively configured build of libcurl for minimal installations |
This is a replacement of the 'libcurl' package for minimal installations. It comes with a limited set of features compared to the 'libcurl' package. On the other hand, the package is smaller and requires fewer run-time dependencies to be installed.
MIT
* Fri Mar 24 2023 Kamil Dudka <kdudka@redhat.com> - 7.87.0-7 - fix SSH connection too eager reuse still (CVE-2023-27538) - fix HSTS double-free (CVE-2023-27537) - fix GSS delegation too eager connection re-use (CVE-2023-27536) - fix FTP too eager connection reuse (CVE-2023-27535) - fix SFTP path ~ resolving discrepancy (CVE-2023-27534) - fix TELNET option IAC injection (CVE-2023-27533) * Wed Mar 15 2023 Kamil Dudka <kdudka@redhat.com> - 7.87.0-6 - tests: make sure gnuserv-tls has SRP support before using it * Wed Feb 15 2023 Kamil Dudka <kdudka@redhat.com> - 7.87.0-5 - fix HTTP multi-header compression denial of service (CVE-2023-23916) - share HSTS between handles (CVE-2023-23915 CVE-2023-23914) * Fri Jan 20 2023 Kamil Dudka <kdudka@redhat.com> - 7.87.0-4 - fix regression in a public header file (#2162716) * Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 7.87.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Wed Jan 11 2023 Kamil Dudka <kdudka@redhat.com> - 7.87.0-2 - test3012: temporarily disable valgrind (#2143040) * Wed Dec 21 2022 Kamil Dudka <kdudka@redhat.com> - 7.87.0-1 - new upstream release, which fixes the following vulnerabilities CVE-2022-43552 - HTTP Proxy deny use-after-free CVE-2022-43551 - Another HSTS bypass via IDN * Tue Nov 29 2022 Kamil Dudka <kdudka@redhat.com> - 7.86.0-4 - noproxy: tailmatch like in 7.85.0 and earlier (#2149224) * Thu Nov 24 2022 Kamil Dudka <kdudka@redhat.com> - 7.86.0-3 - enforce versioned libnghttp2 dependency for libcurl (#2144277) * Mon Oct 31 2022 Kamil Dudka <kdudka@redhat.com> - 7.86.0-2 - fix regression in noproxy matching * Wed Oct 26 2022 Kamil Dudka <kdudka@redhat.com> - 7.86.0-1 - new upstream release, which fixes the following vulnerabilities CVE-2022-42916 - HSTS bypass via IDN CVE-2022-42915 - HTTP proxy double-free CVE-2022-35260 - .netrc parser out-of-bounds access CVE-2022-32221 - POST following PUT confusion * Thu Sep 01 2022 Kamil Dudka <kdudka@redhat.com> - 7.85.0-1 - new upstream release, which fixes the following vulnerability CVE-2022-35252 - control code in cookie denial of service * Thu Aug 25 2022 Kamil Dudka <kdudka@redhat.com> - 7.84.0-3 - tests: fix http2 tests to use CRLF headers to make it work with nghttp2-1.49.0 * Wed Jul 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 7.84.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Mon Jun 27 2022 Kamil Dudka <kdudka@redhat.com> - 7.84.0-1 - new upstream release, which fixes the following vulnerabilities CVE-2022-32207 - Unpreserved file permissions CVE-2022-32205 - Set-Cookie denial of service CVE-2022-32206 - HTTP compression denial of service CVE-2022-32208 - FTP-KRB bad message verification * Wed May 11 2022 Kamil Dudka <kdudka@redhat.com> - 7.83.1-1 - new upstream release, which fixes the following vulnerabilities CVE-2022-27782 - fix too eager reuse of TLS and SSH connections CVE-2022-27779 - do not accept cookies for TLD with trailing dot CVE-2022-27778 - do not remove wrong file on error CVE-2022-30115 - hsts: ignore trailing dots when comparing hosts names CVE-2022-27780 - reject percent-encoded path separator in URL host * Wed Apr 27 2022 Kamil Dudka <kdudka@redhat.com> - 7.83.0-1 - new upstream release, which fixes the following vulnerabilities CVE-2022-27774 - curl credential leak on redirect CVE-2022-27776 - curl auth/cookie leak on redirect CVE-2022-27775 - curl bad local IPv6 connection reuse CVE-2022-22576 - curl OAUTH2 bearer bypass in connection re-use * Tue Mar 15 2022 Kamil Dudka <kdudka@redhat.com> - 7.82.0-2 - openssl: fix incorrect CURLE_OUT_OF_MEMORY error on CN check failure * Sat Mar 05 2022 Kamil Dudka <kdudka@redhat.com> - 7.82.0-1 - new upstream release * Thu Feb 24 2022 Kamil Dudka <kdudka@redhat.com> - 7.81.0-4 - enable IDN support also in libcurl-minimal * Thu Feb 10 2022 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 7.81.0-3 - Suggest libcurl-minimal in curl-minimal * Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 7.81.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild * Wed Jan 05 2022 Kamil Dudka <kdudka@redhat.com> - 7.81.0-1 - new upstream release * Sun Nov 14 2021 Paul Howarth <paul@city-fan.org> - 7.80.0-2 - sshserver.pl (used in test suite) now requires the Digest::SHA perl module * Wed Nov 10 2021 Kamil Dudka <kdudka@redhat.com> - 7.80.0-1 - new upstream release * Tue Oct 26 2021 Kamil Dudka <kdudka@redhat.com> - 7.79.1-3 - re-enable HSTS in libcurl-minimal as a security feature (#2005874) * Mon Oct 04 2021 Kamil Dudka <kdudka@redhat.com> - 7.79.1-2 - disable more protocols and features in libcurl-minimal (#2005874) * Wed Sep 22 2021 Kamil Dudka <kdudka@redhat.com> - 7.79.1-1 - new upstream release * Thu Sep 16 2021 Kamil Dudka <kdudka@redhat.com> - 7.79.0-4 - fix regression in http2 implementation introduced in the last release * Thu Sep 16 2021 Sahana Prasad <sahana@redhat.com> - 7.79.0-3 - Rebuilt with OpenSSL 3.0.0 * Thu Sep 16 2021 Kamil Dudka <kdudka@redhat.com> - 7.79.0-2 - make SCP/SFTP tests work with openssh-8.7p1 * Wed Sep 15 2021 Kamil Dudka <kdudka@redhat.com> - 7.79.0-1 - new upstream release, which fixes the following vulnerabilities CVE-2021-22947 - STARTTLS protocol injection via MITM CVE-2021-22946 - protocol downgrade required TLS bypassed CVE-2021-22945 - use-after-free and double-free in MQTT sending * Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 7.78.0-4 - Rebuilt with OpenSSL 3.0.0 * Fri Jul 23 2021 Kamil Dudka <kdudka@redhat.com> - 7.78.0-3 - make explicit dependency on openssl work with alpha/beta builds of openssl * Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 7.78.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild * Wed Jul 21 2021 Kamil Dudka <kdudka@redhat.com> - 7.78.0-1 - new upstream release, which fixes the following vulnerabilities CVE-2021-22925 - TELNET stack contents disclosure again CVE-2021-22924 - bad connection reuse due to flawed path name checks CVE-2021-22923 - metalink download sends credentials CVE-2021-22922 - wrong content via metalink not discarded * Wed Jun 02 2021 Kamil Dudka <kdudka@redhat.com> - 7.77.0-2 - build the curl tool without metalink support (#1967213) * Wed May 26 2021 Kamil Dudka <kdudka@redhat.com> - 7.77.0-1 - new upstream release, which fixes the following vulnerabilities CVE-2021-22901 - TLS session caching disaster CVE-2021-22898 - TELNET stack contents disclosure * Mon May 03 2021 Kamil Dudka <kdudka@redhat.com> - 7.76.1-2 - http2: fix resource leaks detected by Coverity * Wed Apr 14 2021 Kamil Dudka <kdudka@redhat.com> - 7.76.1-1 - new upstream release * Wed Mar 31 2021 Kamil Dudka <kdudka@redhat.com> - 7.76.0-1 - new upstream release, which fixes the following vulnerabilities CVE-2021-22890 - TLS 1.3 session ticket proxy host mixup CVE-2021-22876 - Automatic referer leaks credentials * Wed Mar 24 2021 Kamil Dudka <kdudka@redhat.com> - 7.75.0-3 - fix SIGSEGV upon disconnect of a ldaps:// transfer
/usr/lib/.build-id /usr/lib/.build-id/f5/0e97797a4403ea5f1c6a604213f955e8e8fd70 /usr/lib64/libcurl.so.4 /usr/lib64/libcurl.so.4.8.0 /usr/share/licenses/libcurl-minimal /usr/share/licenses/libcurl-minimal/COPYING
Generated by rpm2html 1.8.1
Fabrice Bellet, Thu May 9 22:29:55 2024