[ol8_u5_baseos_base] libcurl-7.61.1-22.el8.aarch64

Name:	libcurl
Version:	7.61.1
Release:	22.el8
Architecture:	aarch64
Group:	Unspecified
Size:	605456
License:	MIT
RPM:	libcurl-7.61.1-22.el8.aarch64.rpm
Source RPM:	curl-7.61.1-22.el8.src.rpm
Build Date:	Wed Nov 10 2021
Build Host:	build-ol8-aarch64.oracle.com
Vendor:	Oracle America
URL:	https://curl.haxx.se/
Summary:	A library for getting files from web servers
Description:	libcurl is a free and easy-to-use client-side URL transfer library, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. libcurl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, Kerberos4), file transfer resume, http proxy tunneling and more.

Changelog (Show File list) (Show related packages)

Fri Sep 17 2021 Kamil Dudka <kdudka@redhat.com> - 7.61.1-22

- fix STARTTLS protocol injection via MITM (CVE-2021-22947)
- fix protocol downgrade required TLS bypass (CVE-2021-22946)

Thu Aug 05 2021 Kamil Dudka <kdudka@redhat.com> - 7.61.1-21

- fix TELNET stack contents disclosure again (CVE-2021-22925)
- fix TELNET stack contents disclosure (CVE-2021-22898)
- fix bad connection reuse due to flawed path name checks (CVE-2021-22924)
- disable metalink support to fix the following vulnerabilities
    CVE-2021-22923 - metalink download sends credentials
    CVE-2021-22922 - wrong content via metalink not discarded

Fri Apr 23 2021 Kamil Dudka <kdudka@redhat.com> - 7.61.1-20

- fix a cppcheck's false positive in 0029-curl-7.61.1-CVE-2021-22876.patch

Fri Apr 23 2021 Kamil Dudka <kdudka@redhat.com> - 7.61.1-19

- make `curl --head file://` work as expected (#1947493)
- prevent automatic referer from leaking credentials (CVE-2021-22876)

Thu Jan 28 2021 Kamil Dudka <kdudka@redhat.com> - 7.61.1-18

- http: send payload when (proxy) authentication is done (#1918692)
- curl: Inferior OCSP verification (CVE-2020-8286)
- libcurl: FTP wildcard stack overflow (CVE-2020-8285)
- curl: trusting FTP PASV responses (CVE-2020-8284)

Thu Nov 12 2020 Kamil Dudka <kdudka@redhat.com> - 7.61.1-17

- validate an ssl connection using an intermediate certificate (#1895355)

Fri Nov 06 2020 Kamil Dudka <kdudka@redhat.com> - 7.61.1-16
```
- fix multiarch conflicts in libcurl-minimal (#1895391)
```

Tue Nov 03 2020 Kamil Dudka <kdudka@redhat.com> - 7.61.1-15

- do not crash when HTTPS_PROXY and NO_PROXY are used together (#1873327)
- libcurl: wrong connect-only connection (CVE-2020-8231)

Tue Jul 28 2020 Kamil Dudka <kdudka@redhat.com> - 7.61.1-14
```
- avoid overwriting a local file with -J (CVE-2020-8177)
```
Wed Jul 15 2020 Kamil Dudka <kdudka@redhat.com> - 7.61.1-13
```
- load built-in openssl engines (#1854369)
```