[ol8_baseos_latest] curl-7.61.1-25.el8.aarch64

Name:	curl
Version:	7.61.1
Release:	25.el8
Architecture:	aarch64
Group:	Unspecified
Size:	733589
License:	MIT
RPM:	curl-7.61.1-25.el8.aarch64.rpm
Source RPM:	curl-7.61.1-25.el8.src.rpm
Build Date:	Sun Oct 02 2022
Build Host:	build-ol8-aarch64.oracle.com
Vendor:	Oracle America
URL:	https://curl.haxx.se/
Summary:	A utility for getting files from remote servers (FTP, HTTP, and others)
Description:	curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer resume, proxy tunneling and a busload of other useful tricks.

Changelog (Show File list) (Show related packages)

Wed Jun 29 2022 Kamil Dudka <kdudka@redhat.com> - 7.61.1-25

- setopt: enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION (#2063703)
- fix HTTP compression denial of service (CVE-2022-32206)
- fix FTP-KRB bad message verification (CVE-2022-32208)

Wed May 11 2022 Kamil Dudka <kdudka@redhat.com> - 7.61.1-24

- fix too eager reuse of TLS and SSH connections (CVE-2022-27782)
- fix invalid type in printf() argument detected by Coverity

Thu Apr 28 2022 Kamil Dudka <kdudka@redhat.com> - 7.61.1-23

- fix credential leak on redirect (CVE-2022-27774)
- fix auth/cookie leak on redirect (CVE-2022-27776)
- fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576)

Fri Sep 17 2021 Kamil Dudka <kdudka@redhat.com> - 7.61.1-22

- fix STARTTLS protocol injection via MITM (CVE-2021-22947)
- fix protocol downgrade required TLS bypass (CVE-2021-22946)

Thu Aug 05 2021 Kamil Dudka <kdudka@redhat.com> - 7.61.1-21

- fix TELNET stack contents disclosure again (CVE-2021-22925)
- fix TELNET stack contents disclosure (CVE-2021-22898)
- fix bad connection reuse due to flawed path name checks (CVE-2021-22924)
- disable metalink support to fix the following vulnerabilities
    CVE-2021-22923 - metalink download sends credentials
    CVE-2021-22922 - wrong content via metalink not discarded

Fri Apr 23 2021 Kamil Dudka <kdudka@redhat.com> - 7.61.1-20

- fix a cppcheck's false positive in 0029-curl-7.61.1-CVE-2021-22876.patch

Fri Apr 23 2021 Kamil Dudka <kdudka@redhat.com> - 7.61.1-19

- make `curl --head file://` work as expected (#1947493)
- prevent automatic referer from leaking credentials (CVE-2021-22876)

Thu Jan 28 2021 Kamil Dudka <kdudka@redhat.com> - 7.61.1-18

- http: send payload when (proxy) authentication is done (#1918692)
- curl: Inferior OCSP verification (CVE-2020-8286)
- libcurl: FTP wildcard stack overflow (CVE-2020-8285)
- curl: trusting FTP PASV responses (CVE-2020-8284)

Thu Nov 12 2020 Kamil Dudka <kdudka@redhat.com> - 7.61.1-17

- validate an ssl connection using an intermediate certificate (#1895355)

Fri Nov 06 2020 Kamil Dudka <kdudka@redhat.com> - 7.61.1-16
```
- fix multiarch conflicts in libcurl-minimal (#1895391)
```