[ol8_baseos_latest] libcurl-minimal-7.61.1-25.el8_7.2.i686

Name:	libcurl-minimal
Version:	7.61.1
Release:	25.el8_7.2
Architecture:	i686
Group:	Unspecified
Size:	617256
License:	MIT
RPM:	libcurl-minimal-7.61.1-25.el8_7.2.i686.rpm
Source RPM:	curl-7.61.1-25.el8_7.2.src.rpm
Build Date:	Tue Feb 21 2023
Build Host:	build-ol8-i386.oracle.com
Vendor:	Oracle America
URL:	https://curl.haxx.se/
Summary:	Conservatively configured build of libcurl for minimal installations
Description:	This is a replacement of the 'libcurl' package for minimal installations. It comes with a limited set of features compared to the 'libcurl' package. On the other hand, the package is smaller and requires fewer run-time dependencies to be installed.

Changelog (Show File list) (Show related packages)

Tue Feb 07 2023 Kamil Dudka <kdudka@redhat.com> - 7.61.1-25.el8_7.2
```
- h2: lower initial window size to 32 MiB (#2166254)
```

Fri Nov 18 2022 Kamil Dudka <kdudka@redhat.com> - 7.61.1-25.el8_7.1

- upon HTTP_1_1_REQUIRED, retry the request with HTTP/1.1 (#2139337)

Wed Jun 29 2022 Kamil Dudka <kdudka@redhat.com> - 7.61.1-25

- setopt: enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION (#2063703)
- fix HTTP compression denial of service (CVE-2022-32206)
- fix FTP-KRB bad message verification (CVE-2022-32208)

Wed May 11 2022 Kamil Dudka <kdudka@redhat.com> - 7.61.1-24

- fix too eager reuse of TLS and SSH connections (CVE-2022-27782)
- fix invalid type in printf() argument detected by Coverity

Thu Apr 28 2022 Kamil Dudka <kdudka@redhat.com> - 7.61.1-23

- fix credential leak on redirect (CVE-2022-27774)
- fix auth/cookie leak on redirect (CVE-2022-27776)
- fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576)

Fri Sep 17 2021 Kamil Dudka <kdudka@redhat.com> - 7.61.1-22

- fix STARTTLS protocol injection via MITM (CVE-2021-22947)
- fix protocol downgrade required TLS bypass (CVE-2021-22946)

Thu Aug 05 2021 Kamil Dudka <kdudka@redhat.com> - 7.61.1-21

- fix TELNET stack contents disclosure again (CVE-2021-22925)
- fix TELNET stack contents disclosure (CVE-2021-22898)
- fix bad connection reuse due to flawed path name checks (CVE-2021-22924)
- disable metalink support to fix the following vulnerabilities
    CVE-2021-22923 - metalink download sends credentials
    CVE-2021-22922 - wrong content via metalink not discarded

Fri Apr 23 2021 Kamil Dudka <kdudka@redhat.com> - 7.61.1-20

- fix a cppcheck's false positive in 0029-curl-7.61.1-CVE-2021-22876.patch

Fri Apr 23 2021 Kamil Dudka <kdudka@redhat.com> - 7.61.1-19

- make `curl --head file://` work as expected (#1947493)
- prevent automatic referer from leaking credentials (CVE-2021-22876)

Thu Jan 28 2021 Kamil Dudka <kdudka@redhat.com> - 7.61.1-18

- http: send payload when (proxy) authentication is done (#1918692)
- curl: Inferior OCSP verification (CVE-2020-8286)
- libcurl: FTP wildcard stack overflow (CVE-2020-8285)
- curl: trusting FTP PASV responses (CVE-2020-8284)