Name: | libcurl-devel |
---|---|
Version: | 7.29.0 |
Release: | 51.0.1.el7 |
Architecture: | i686 |
Group: | Development/Libraries |
Size: | 638507 |
License: | MIT |
RPM: | libcurl-devel-7.29.0-51.0.1.el7.i686.rpm |
Source RPM: | curl-7.29.0-51.0.1.el7.src.rpm |
Build Date: | Tue Dec 18 2018 |
Build Host: | x86-ol7-builder-03.us.oracle.com |
Vendor: | Oracle America |
URL: | http://curl.haxx.se/ |
Summary: | Files needed for building applications with libcurl |
Description: | The libcurl-devel package includes header files and libraries necessary for developing programs which use the libcurl library. It contains the API documentation of the library, too. |
- Security Fixes [OraBug: 28939992] - CVE-2016-8615 cookie injection for other servers (https://curl.haxx.se/docs/CVE-2016-8615.html) - CVE-2016-8616 case insensitive password comparison (https://curl.haxx.se/docs/CVE-2016-8616.html) - CVE-2016-8617 OOB write via unchecked multiplication (https://curl.haxx.se/docs/CVE-2016-8617.html) - CVE-2016-8618 double-free in curl_maprintf (https://curl.haxx.se/docs/CVE-2016-8618.html) - CVE-2016-8619 double-free in krb5 code (https://curl.haxx.se/docs/CVE-2016-8619.html) - CVE-2016-8621 curl_getdate read out of bounds (https://curl.haxx.se/docs/CVE-2016-8621.html) - CVE-2016-8622 URL unescape heap overflow via integer truncation (https://curl.haxx.se/docs/CVE-2016-8622.html) - CVE-2016-8623 Use-after-free via shared cookies (https://curl.haxx.se/docs/CVE-2016-8623.html) - CVE-2016-8624 invalid URL parsing with # (https://curl.haxx.se/docs/CVE-2016-8624.html)
- require a new enough version of nss-pem to avoid regression in yum (#1610998)
- remove dead code, detected by Coverity Analysis - remove unused variable, detected by GCC and Clang
- make curl --speed-limit work with TFTP (#1584750)
- fix RTSP bad headers buffer over-read (CVE-2018-1000301) - fix FTP path trickery leads to NIL byte out of bounds write (CVE-2018-1000120) - fix LDAP NULL pointer dereference (CVE-2018-1000121) - fix RTSP RTP buffer over-read (CVE-2018-1000122) - http: prevent custom Authorization headers in redirects (CVE-2018-1000007) - doc: --tlsauthtype works only if built with TLS-SRP support (#1542256) - update certificates in the test-suite because they expire soon (#1572723)
- make NSS deallocate PKCS #11 objects early enough (#1510247)
- reset authentication state when HTTP transfer is done (#1511523)
- fix buffer overflow while processing IMAP FETCH response (CVE-2017-1000257)
- drop 0109-curl-7.29.0-crl-valgrind.patch no longer needed (#1427883)
- curl --socks5-{basic,gssapi}: control socks5 auth (#1409208) - nss: fix a memory leak when CURLOPT_CRLFILE is used (#1427883) - nss: do not leak PKCS #11 slot while loading a key (#1444860) - nss: fix a possible use-after-free in SelectClientCert() (#1473158)