| Name: | libcurl |
|---|---|
| Version: | 7.61.1 |
| Release: | 11.el8 |
| Architecture: | x86_64 |
| Group: | Unspecified |
| Size: | 846504 |
| License: | MIT |
| RPM: | libcurl-7.61.1-11.el8.x86_64.rpm |
| Source RPM: | curl-7.61.1-11.el8.src.rpm |
| Build Date: | Sat Nov 09 2019 |
| Build Host: | jenkins-10-147-72-125-5175330d-7169-4500-9dab-ee68de92c90a.appad1iad.osdevelopmeniad.oraclevcn.com |
| Vendor: | Oracle America |
| URL: | https://curl.haxx.se/ |
| Summary: | A library for getting files from web servers |
| Description: | libcurl is a free and easy-to-use client-side URL transfer library, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. libcurl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, Kerberos4), file transfer resume, http proxy tunneling and more. |
- rebuild with updated annobin to prevent Execshield RPMDiff check from failing
- fix SMTP end-of-response out-of-bounds read (CVE-2019-3823) - fix NTLMv2 type-3 header stack buffer overflow (CVE-2019-3822) - fix NTLM type-2 out-of-bounds buffer read (CVE-2018-16890) - xattr: strip credentials from any URL that is stored (CVE-2018-20483)
- do not let libssh create a new socket for SCP/SFTP (#1669156)
- curl -J: do not append to the destination file (#1660827)
- make the patch for CVE-2018-16842 apply properly (CVE-2018-16842)
- SASL password overflow via integer overflow (CVE-2018-16839) - fix use-after-free in handle close (CVE-2018-16840) - fix bad arethmetic when outputting warnings to stderr (CVE-2018-16842)
- enable TLS 1.3 post-handshake auth in OpenSSL (#1636900)
- make the built-in manual compressed again (#1620217)
- update the documentation of --tlsv1.0 in curl(1) man page (#1620217)
- enforce versioned libpsl dependency for libcurl (#1631804)