| ID | 249312 |
| Package Name | curl |
| Version | 8.0.1 |
| Release | 2.fc38 |
| Epoch | |
| Source | git+https://src.fedoraproject.org/rpms/curl.git#0d582aa92f47ef275b1d103a96ef5c71a3632082 |
| Summary |
| Description |
| Built by | davidlt |
| State |
complete
|
| Volume |
DEFAULT |
| Started | Thu, 08 Jun 2023 08:22:55 UTC |
| Completed | Thu, 08 Jun 2023 11:07:14 UTC |
| Task | build (f38, /rpms/curl.git:0d582aa92f47ef275b1d103a96ef5c71a3632082) |
| Extra | {'source': {'original_url': 'git+https://src.fedoraproject.org/rpms/curl.git#0d582aa92f47ef275b1d103a96ef5c71a3632082'}} |
| Tags |
|
| RPMs |
|
| Logs |
|
| Changelog |
* Mon Jun 05 2023 Jan Macku <jamacku@redhat.com> - 8.0.1-2
- fix more POST-after-PUT confusion (CVE-2023-28322)
- fix IDN wildcard match (CVE-2023-28321)
* Wed May 03 2023 Kamil Dudka <kdudka@redhat.com> - 8.0.1-1
- tests: re-enable temporarily disabled test-cases
- tests: attempt to fix a conflict on port numbers
- apply patches automatically
- rebase to latest upstream release (#2192665)
* Wed May 03 2023 Kamil Dudka <kdudka@redhat.com> - 7.87.0-10
- http_proxy: fix memory corruption with http proxy tunneling (#2192665)
* Wed May 03 2023 Kamil Dudka <kdudka@redhat.com> - 7.87.0-9
- vtls: fix hostname handling in filters (#2192665)
* Fri Apr 21 2023 Kamil Dudka <kdudka@redhat.com> - 7.87.0-8
- cfilters: use the first non-connected filter (#2185433)
* Fri Mar 24 2023 Kamil Dudka <kdudka@redhat.com> - 7.87.0-7
- fix SSH connection too eager reuse still (CVE-2023-27538)
- fix HSTS double-free (CVE-2023-27537)
- fix GSS delegation too eager connection re-use (CVE-2023-27536)
- fix FTP too eager connection reuse (CVE-2023-27535)
- fix SFTP path ~ resolving discrepancy (CVE-2023-27534)
- fix TELNET option IAC injection (CVE-2023-27533)
* Wed Mar 15 2023 Kamil Dudka <kdudka@redhat.com> - 7.87.0-6
- tests: make sure gnuserv-tls has SRP support before using it
* Wed Feb 15 2023 Kamil Dudka <kdudka@redhat.com> - 7.87.0-5
- fix HTTP multi-header compression denial of service (CVE-2023-23916)
- share HSTS between handles (CVE-2023-23915 CVE-2023-23914)
* Fri Jan 20 2023 Kamil Dudka <kdudka@redhat.com> - 7.87.0-4
- fix regression in a public header file (#2162716)
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 7.87.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Wed Jan 11 2023 Kamil Dudka <kdudka@redhat.com> - 7.87.0-2
- test3012: temporarily disable valgrind (#2143040)
* Wed Dec 21 2022 Kamil Dudka <kdudka@redhat.com> - 7.87.0-1
- new upstream release, which fixes the following vulnerabilities
CVE-2022-43552 - HTTP Proxy deny use-after-free
CVE-2022-43551 - Another HSTS bypass via IDN
* Tue Nov 29 2022 Kamil Dudka <kdudka@redhat.com> - 7.86.0-4
- noproxy: tailmatch like in 7.85.0 and earlier (#2149224)
* Thu Nov 24 2022 Kamil Dudka <kdudka@redhat.com> - 7.86.0-3
- enforce versioned libnghttp2 dependency for libcurl (#2144277)
* Mon Oct 31 2022 Kamil Dudka <kdudka@redhat.com> - 7.86.0-2
- fix regression in noproxy matching
* Wed Oct 26 2022 Kamil Dudka <kdudka@redhat.com> - 7.86.0-1
- new upstream release, which fixes the following vulnerabilities
CVE-2022-42916 - HSTS bypass via IDN
CVE-2022-42915 - HTTP proxy double-free
CVE-2022-35260 - .netrc parser out-of-bounds access
CVE-2022-32221 - POST following PUT confusion
* Thu Sep 01 2022 Kamil Dudka <kdudka@redhat.com> - 7.85.0-1
- new upstream release, which fixes the following vulnerability
CVE-2022-35252 - control code in cookie denial of service
* Thu Aug 25 2022 Kamil Dudka <kdudka@redhat.com> - 7.84.0-3
- tests: fix http2 tests to use CRLF headers to make it work with nghttp2-1.49.0
* Wed Jul 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 7.84.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Mon Jun 27 2022 Kamil Dudka <kdudka@redhat.com> - 7.84.0-1
- new upstream release, which fixes the following vulnerabilities
CVE-2022-32207 - Unpreserved file permissions
CVE-2022-32205 - Set-Cookie denial of service
CVE-2022-32206 - HTTP compression denial of service
CVE-2022-32208 - FTP-KRB bad message verification
* Wed May 11 2022 Kamil Dudka <kdudka@redhat.com> - 7.83.1-1
- new upstream release, which fixes the following vulnerabilities
CVE-2022-27782 - fix too eager reuse of TLS and SSH connections
CVE-2022-27779 - do not accept cookies for TLD with trailing dot
CVE-2022-27778 - do not remove wrong file on error
CVE-2022-30115 - hsts: ignore trailing dots when comparing hosts names
CVE-2022-27780 - reject percent-encoded path separator in URL host
* Wed Apr 27 2022 Kamil Dudka <kdudka@redhat.com> - 7.83.0-1
- new upstream release, which fixes the following vulnerabilities
CVE-2022-27774 - curl credential leak on redirect
CVE-2022-27776 - curl auth/cookie leak on redirect
CVE-2022-27775 - curl bad local IPv6 connection reuse
CVE-2022-22576 - curl OAUTH2 bearer bypass in connection re-use
* Tue Mar 15 2022 Kamil Dudka <kdudka@redhat.com> - 7.82.0-2
- openssl: fix incorrect CURLE_OUT_OF_MEMORY error on CN check failure
* Sat Mar 05 2022 Kamil Dudka <kdudka@redhat.com> - 7.82.0-1
- new upstream release
* Thu Feb 24 2022 Kamil Dudka <kdudka@redhat.com> - 7.81.0-4
- enable IDN support also in libcurl-minimal
* Thu Feb 10 2022 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 7.81.0-3
- Suggest libcurl-minimal in curl-minimal
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 7.81.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Wed Jan 05 2022 Kamil Dudka <kdudka@redhat.com> - 7.81.0-1
- new upstream release
* Sun Nov 14 2021 Paul Howarth <paul@city-fan.org> - 7.80.0-2
- sshserver.pl (used in test suite) now requires the Digest::SHA perl module
* Wed Nov 10 2021 Kamil Dudka <kdudka@redhat.com> - 7.80.0-1
- new upstream release
* Tue Oct 26 2021 Kamil Dudka <kdudka@redhat.com> - 7.79.1-3
- re-enable HSTS in libcurl-minimal as a security feature (#2005874)
* Mon Oct 04 2021 Kamil Dudka <kdudka@redhat.com> - 7.79.1-2
- disable more protocols and features in libcurl-minimal (#2005874)
* Wed Sep 22 2021 Kamil Dudka <kdudka@redhat.com> - 7.79.1-1
- new upstream release
* Thu Sep 16 2021 Kamil Dudka <kdudka@redhat.com> - 7.79.0-4
- fix regression in http2 implementation introduced in the last release
* Thu Sep 16 2021 Sahana Prasad <sahana@redhat.com> - 7.79.0-3
- Rebuilt with OpenSSL 3.0.0
* Thu Sep 16 2021 Kamil Dudka <kdudka@redhat.com> - 7.79.0-2
- make SCP/SFTP tests work with openssh-8.7p1
* Wed Sep 15 2021 Kamil Dudka <kdudka@redhat.com> - 7.79.0-1
- new upstream release, which fixes the following vulnerabilities
CVE-2021-22947 - STARTTLS protocol injection via MITM
CVE-2021-22946 - protocol downgrade required TLS bypassed
CVE-2021-22945 - use-after-free and double-free in MQTT sending
* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 7.78.0-4
- Rebuilt with OpenSSL 3.0.0
* Fri Jul 23 2021 Kamil Dudka <kdudka@redhat.com> - 7.78.0-3
- make explicit dependency on openssl work with alpha/beta builds of openssl
* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 7.78.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Wed Jul 21 2021 Kamil Dudka <kdudka@redhat.com> - 7.78.0-1
- new upstream release, which fixes the following vulnerabilities
CVE-2021-22925 - TELNET stack contents disclosure again
CVE-2021-22924 - bad connection reuse due to flawed path name checks
CVE-2021-22923 - metalink download sends credentials
CVE-2021-22922 - wrong content via metalink not discarded
|
