[ol8_baseos_latest] libcurl-7.61.1-25.el8_7.2.x86_64

Name:	libcurl
Version:	7.61.1
Release:	25.el8_7.2
Architecture:	x86_64
Group:	Unspecified
Size:	597640
License:	MIT
RPM:	libcurl-7.61.1-25.el8_7.2.x86_64.rpm
Source RPM:	curl-7.61.1-25.el8_7.2.src.rpm
Build Date:	Tue Feb 21 2023
Build Host:	build-ol8-x86_64.oracle.com
Vendor:	Oracle America
URL:	https://curl.haxx.se/
Summary:	A library for getting files from web servers
Description:	libcurl is a free and easy-to-use client-side URL transfer library, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. libcurl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, Kerberos4), file transfer resume, http proxy tunneling and more.

Changelog (Show File list) (Show related packages)

Tue Feb 07 2023 Kamil Dudka <kdudka@redhat.com> - 7.61.1-25.el8_7.2
```
- h2: lower initial window size to 32 MiB (#2166254)
```

Fri Nov 18 2022 Kamil Dudka <kdudka@redhat.com> - 7.61.1-25.el8_7.1

- upon HTTP_1_1_REQUIRED, retry the request with HTTP/1.1 (#2139337)

Wed Jun 29 2022 Kamil Dudka <kdudka@redhat.com> - 7.61.1-25

- setopt: enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION (#2063703)
- fix HTTP compression denial of service (CVE-2022-32206)
- fix FTP-KRB bad message verification (CVE-2022-32208)

Wed May 11 2022 Kamil Dudka <kdudka@redhat.com> - 7.61.1-24

- fix too eager reuse of TLS and SSH connections (CVE-2022-27782)
- fix invalid type in printf() argument detected by Coverity

Thu Apr 28 2022 Kamil Dudka <kdudka@redhat.com> - 7.61.1-23

- fix credential leak on redirect (CVE-2022-27774)
- fix auth/cookie leak on redirect (CVE-2022-27776)
- fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576)

Fri Sep 17 2021 Kamil Dudka <kdudka@redhat.com> - 7.61.1-22

- fix STARTTLS protocol injection via MITM (CVE-2021-22947)
- fix protocol downgrade required TLS bypass (CVE-2021-22946)

Thu Aug 05 2021 Kamil Dudka <kdudka@redhat.com> - 7.61.1-21

- fix TELNET stack contents disclosure again (CVE-2021-22925)
- fix TELNET stack contents disclosure (CVE-2021-22898)
- fix bad connection reuse due to flawed path name checks (CVE-2021-22924)
- disable metalink support to fix the following vulnerabilities
    CVE-2021-22923 - metalink download sends credentials
    CVE-2021-22922 - wrong content via metalink not discarded

Fri Apr 23 2021 Kamil Dudka <kdudka@redhat.com> - 7.61.1-20

- fix a cppcheck's false positive in 0029-curl-7.61.1-CVE-2021-22876.patch

Fri Apr 23 2021 Kamil Dudka <kdudka@redhat.com> - 7.61.1-19

- make `curl --head file://` work as expected (#1947493)
- prevent automatic referer from leaking credentials (CVE-2021-22876)

Thu Jan 28 2021 Kamil Dudka <kdudka@redhat.com> - 7.61.1-18

- http: send payload when (proxy) authentication is done (#1918692)
- curl: Inferior OCSP verification (CVE-2020-8286)
- libcurl: FTP wildcard stack overflow (CVE-2020-8285)
- curl: trusting FTP PASV responses (CVE-2020-8284)