Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

libcurl-8.6.0-8.fc40 RPM for i686

From Fedora 40 updates for x86_64 / Packages / l

Name: libcurl Distribution: Fedora Project
Version: 8.6.0 Vendor: Fedora Project
Release: 8.fc40 Build date: Thu Apr 4 10:51:45 2024
Group: Unspecified Build host: buildhw-x86-04.iad2.fedoraproject.org
Size: 820132 Source RPM: curl-8.6.0-8.fc40.src.rpm
Packager: Fedora Project
Url: https://curl.se/
Summary: A library for getting files from web servers
libcurl is a free and easy-to-use client-side URL transfer library, supporting
FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP,
SMTP, POP3 and RTSP. libcurl supports SSL certificates, HTTP POST, HTTP PUT,
FTP uploading, HTTP form based upload, proxies, cookies, user+password
authentication (Basic, Digest, NTLM, Negotiate, Kerberos4), file transfer
resume, http proxy tunneling and more.

Provides

Requires

License

curl

Changelog

* Wed Apr 03 2024 Jan Macku <jamacku@redhat.com> - 8.6.0-8
  - fix Usage of disabled protocol (CVE-2024-2004)
  - fix HTTP/2 push headers memory-leak (CVE-2024-2398)
* Mon Feb 19 2024 Jan Macku <jamacku@redhat.com> - 8.6.0-7
  - Fix: Leftovers after chunking should not be part of the curl buffer output (#2264220)
* Mon Feb 12 2024 Jan Macku <jamacku@redhat.com> - 8.6.0-6
  - revert "receive max buffer" + add test case
  - temporarily disable test 0313
  - remove suggests of libcurl-minimal in curl-full
* Mon Feb 12 2024 Jan Macku <jamacku@redhat.com> - 8.6.0-5
  - add Provides to curl-minimal
* Wed Feb 07 2024 Jan Macku <jamacku@redhat.com> - 8.6.0-4
  - drop curl-minimal subpackage in favor of curl-full (#2262096)
* Mon Feb 05 2024 Jan Macku <jamacku@redhat.com> - 8.6.0-3
  - ignore response body to HEAD requests
* Fri Feb 02 2024 Jan Macku <jamacku@redhat.com> - 8.6.0-2
  - don't build manual for curl-full - use man 1 curl instead (#2262373)
* Thu Feb 01 2024 Jan Macku <jamacku@redhat.com> - 8.6.0-1
  - new upstream release, which fixes the following vulnerabilities
      CVE-2024-0853 - OCSP verification bypass with TLS session reuse
  - drop 001-dist-add-tests-errorcodes.pl-to-the-tarball.patch (replaced by upstream fix)
  - remove accidentally included mk-ca-bundle.1 man page (upstream bug #12843)
* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 8.5.0-2
  - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Wed Dec 06 2023 Jan Macku <jamacku@redhat.com> - 8.5.0-1
  - new upstream release, which fixes the following vulnerabilities
      CVE-2023-46218 - cookie mixed case PSL bypass
      CVE-2023-46219 - HSTS long file name clears contents
* Wed Oct 11 2023 Jan Macku <jamacku@redhat.com> - 8.4.0-1
  - new upstream release, which fixes the following vulnerabilities
      CVE-2023-38545 - SOCKS5 heap buffer overflow
      CVE-2023-38546 - cookie injection with none file
* Wed Sep 13 2023 Jan Macku <jamacku@redhat.com> - 8.3.0-1
  - new upstream release, which fixes the following vulnerabilities
      CVE-2023-38039 - HTTP headers eat all memory
* Wed Aug 02 2023 Jan Macku <jamacku@redhat.com> - 8.2.1-2
  - enable websockets (#2224651)
* Wed Jul 26 2023 Lukáš Zaoral <lzaoral@redhat.com> - 8.2.1-1
  - new upstream release (rhbz#2226659)
* Wed Jul 19 2023 Jan Macku <jamacku@redhat.com> - 8.2.0-1
  - new upstream release, which fixes the following vulnerabilities
      CVE-2023-32001 - fopen race condition
* Tue May 30 2023 Jan Macku <jamacku@redhat.com> - 8.1.2-1
  - new upstream release, with small bugfixes and improvements
* Tue May 23 2023 Jan Macku <jamacku@redhat.com> - 8.1.1-1
  - new upstream release, with small bugfixes and improvements
* Wed May 17 2023 Kamil Dudka <kdudka@redhat.com> - 8.1.0-1
  - new upstream release, which fixes the following vulnerabilities
      CVE-2023-28321 - IDN wildcard match
      CVE-2023-28322 - more POST-after-PUT confusion
* Fri Apr 21 2023 Kamil Dudka <kdudka@redhat.com> - 8.0.1-3
  - tests: re-enable temporarily disabled test-cases
  - tests: attempt to fix a conflict on port numbers
  - apply patches automatically
* Tue Mar 21 2023 Lukáš Zaoral <lzaoral@redhat.com> - 8.0.1-2
  - migrated to SPDX license
* Mon Mar 20 2023 Kamil Dudka <kdudka@redhat.com> - 8.0.1-1
  - new upstream release
* Mon Mar 20 2023 Kamil Dudka <kdudka@redhat.com> - 8.0.0-1
  - new upstream release, which fixes the following vulnerabilities
      CVE-2023-27538 - SSH connection too eager reuse still
      CVE-2023-27537 - HSTS double-free
      CVE-2023-27536 - GSS delegation too eager connection re-use
      CVE-2023-27535 - FTP too eager connection reuse
      CVE-2023-27534 - SFTP path ~ resolving discrepancy
      CVE-2023-27533 - TELNET option IAC injection
* Mon Feb 20 2023 Kamil Dudka <kdudka@redhat.com> - 7.88.1-1
  - new upstream release
* Fri Feb 17 2023 Kamil Dudka <kdudka@redhat.com> - 7.88.0-2
  - http2: set drain on stream end
* Wed Feb 15 2023 Kamil Dudka <kdudka@redhat.com> - 7.88.0-1
  - new upstream release, which fixes the following vulnerabilities
      CVE-2023-23916 - HTTP multi-header compression denial of service
      CVE-2023-23915 - HSTS amnesia with --parallel
      CVE-2023-23914 - HSTS ignored on multiple requests
* Fri Jan 20 2023 Kamil Dudka <kdudka@redhat.com> - 7.87.0-4
  - fix regression in a public header file (#2162716)
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 7.87.0-3
  - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Wed Jan 11 2023 Kamil Dudka <kdudka@redhat.com> - 7.87.0-2
  - test3012: temporarily disable valgrind (#2143040)
* Wed Dec 21 2022 Kamil Dudka <kdudka@redhat.com> - 7.87.0-1
  - new upstream release, which fixes the following vulnerabilities
      CVE-2022-43552 - HTTP Proxy deny use-after-free
      CVE-2022-43551 - Another HSTS bypass via IDN
* Tue Nov 29 2022 Kamil Dudka <kdudka@redhat.com> - 7.86.0-4
  - noproxy: tailmatch like in 7.85.0 and earlier (#2149224)
* Thu Nov 24 2022 Kamil Dudka <kdudka@redhat.com> - 7.86.0-3
  - enforce versioned libnghttp2 dependency for libcurl (#2144277)
* Mon Oct 31 2022 Kamil Dudka <kdudka@redhat.com> - 7.86.0-2
  - fix regression in noproxy matching
* Wed Oct 26 2022 Kamil Dudka <kdudka@redhat.com> - 7.86.0-1
  - new upstream release, which fixes the following vulnerabilities
      CVE-2022-42916 - HSTS bypass via IDN
      CVE-2022-42915 - HTTP proxy double-free
      CVE-2022-35260 - .netrc parser out-of-bounds access
      CVE-2022-32221 - POST following PUT confusion
* Thu Sep 01 2022 Kamil Dudka <kdudka@redhat.com> - 7.85.0-1
  - new upstream release, which fixes the following vulnerability
      CVE-2022-35252 - control code in cookie denial of service
* Thu Aug 25 2022 Kamil Dudka <kdudka@redhat.com> - 7.84.0-3
  - tests: fix http2 tests to use CRLF headers to make it work with nghttp2-1.49.0
* Wed Jul 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 7.84.0-2
  - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Mon Jun 27 2022 Kamil Dudka <kdudka@redhat.com> - 7.84.0-1
  - new upstream release, which fixes the following vulnerabilities
      CVE-2022-32207 - Unpreserved file permissions
      CVE-2022-32205 - Set-Cookie denial of service
      CVE-2022-32206 - HTTP compression denial of service
      CVE-2022-32208 - FTP-KRB bad message verification
* Wed May 11 2022 Kamil Dudka <kdudka@redhat.com> - 7.83.1-1
  - new upstream release, which fixes the following vulnerabilities
      CVE-2022-27782 - fix too eager reuse of TLS and SSH connections
      CVE-2022-27779 - do not accept cookies for TLD with trailing dot
      CVE-2022-27778 - do not remove wrong file on error
      CVE-2022-30115 - hsts: ignore trailing dots when comparing hosts names
      CVE-2022-27780 - reject percent-encoded path separator in URL host
* Wed Apr 27 2022 Kamil Dudka <kdudka@redhat.com> - 7.83.0-1
  - new upstream release, which fixes the following vulnerabilities
      CVE-2022-27774 - curl credential leak on redirect
      CVE-2022-27776 - curl auth/cookie leak on redirect
      CVE-2022-27775 - curl bad local IPv6 connection reuse
      CVE-2022-22576 - curl OAUTH2 bearer bypass in connection re-use

Files

/usr/lib/.build-id
/usr/lib/.build-id/91
/usr/lib/.build-id/91/7d7823c5ecc6de02df24f6983015131f4d4443
/usr/lib/libcurl.so.4
/usr/lib/libcurl.so.4.8.0
/usr/share/licenses/libcurl
/usr/share/licenses/libcurl/COPYING


Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Jul 30 00:41:33 2024