Changelog for
libcurl-minimal-8.6.0-7.fc40.x86_64.rpm :
* Mon Feb 19 2024 Jan Macku
- 8.6.0-7- Fix: Leftovers after chunking should not be part of the curl buffer output (#2264220)
* Mon Feb 12 2024 Jan Macku - 8.6.0-6- revert \"receive max buffer\" + add test case- temporarily disable test 0313- remove suggests of libcurl-minimal in curl-full
* Mon Feb 12 2024 Jan Macku - 8.6.0-5- add Provides to curl-minimal
* Wed Feb 07 2024 Jan Macku - 8.6.0-4- drop curl-minimal subpackage in favor of curl-full (#2262096)
* Mon Feb 05 2024 Jan Macku - 8.6.0-3- ignore response body to HEAD requests
* Fri Feb 02 2024 Jan Macku - 8.6.0-2- don\'t build manual for curl-full - use man 1 curl instead (#2262373)
* Thu Feb 01 2024 Jan Macku - 8.6.0-1- new upstream release, which fixes the following vulnerabilities CVE-2024-0853 - OCSP verification bypass with TLS session reuse- drop 001-dist-add-tests-errorcodes.pl-to-the-tarball.patch (replaced by upstream fix)- remove accidentally included mk-ca-bundle.1 man page (upstream bug #12843)
* Fri Jan 19 2024 Fedora Release Engineering - 8.5.0-2- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Wed Dec 06 2023 Jan Macku - 8.5.0-1- new upstream release, which fixes the following vulnerabilities CVE-2023-46218 - cookie mixed case PSL bypass CVE-2023-46219 - HSTS long file name clears contents
* Wed Oct 11 2023 Jan Macku - 8.4.0-1- new upstream release, which fixes the following vulnerabilities CVE-2023-38545 - SOCKS5 heap buffer overflow CVE-2023-38546 - cookie injection with none file
* Wed Sep 13 2023 Jan Macku - 8.3.0-1- new upstream release, which fixes the following vulnerabilities CVE-2023-38039 - HTTP headers eat all memory
* Wed Aug 02 2023 Jan Macku - 8.2.1-2- enable websockets (#2224651)
* Wed Jul 26 2023 Lukáš Zaoral - 8.2.1-1- new upstream release (rhbz#2226659)
* Wed Jul 19 2023 Jan Macku - 8.2.0-1- new upstream release, which fixes the following vulnerabilities CVE-2023-32001 - fopen race condition
* Tue May 30 2023 Jan Macku - 8.1.2-1- new upstream release, with small bugfixes and improvements
* Tue May 23 2023 Jan Macku - 8.1.1-1- new upstream release, with small bugfixes and improvements
* Wed May 17 2023 Kamil Dudka - 8.1.0-1- new upstream release, which fixes the following vulnerabilities CVE-2023-28321 - IDN wildcard match CVE-2023-28322 - more POST-after-PUT confusion
* Fri Apr 21 2023 Kamil Dudka - 8.0.1-3- tests: re-enable temporarily disabled test-cases- tests: attempt to fix a conflict on port numbers- apply patches automatically
* Tue Mar 21 2023 Lukáš Zaoral - 8.0.1-2- migrated to SPDX license
* Mon Mar 20 2023 Kamil Dudka - 8.0.1-1- new upstream release
* Mon Mar 20 2023 Kamil Dudka - 8.0.0-1- new upstream release, which fixes the following vulnerabilities CVE-2023-27538 - SSH connection too eager reuse still CVE-2023-27537 - HSTS double-free CVE-2023-27536 - GSS delegation too eager connection re-use CVE-2023-27535 - FTP too eager connection reuse CVE-2023-27534 - SFTP path ~ resolving discrepancy CVE-2023-27533 - TELNET option IAC injection
* Mon Feb 20 2023 Kamil Dudka - 7.88.1-1- new upstream release
* Fri Feb 17 2023 Kamil Dudka - 7.88.0-2- http2: set drain on stream end
* Wed Feb 15 2023 Kamil Dudka - 7.88.0-1- new upstream release, which fixes the following vulnerabilities CVE-2023-23916 - HTTP multi-header compression denial of service CVE-2023-23915 - HSTS amnesia with --parallel CVE-2023-23914 - HSTS ignored on multiple requests
* Fri Jan 20 2023 Kamil Dudka - 7.87.0-4- fix regression in a public header file (#2162716)
* Thu Jan 19 2023 Fedora Release Engineering - 7.87.0-3- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Wed Jan 11 2023 Kamil Dudka - 7.87.0-2- test3012: temporarily disable valgrind (#2143040)
* Wed Dec 21 2022 Kamil Dudka - 7.87.0-1- new upstream release, which fixes the following vulnerabilities CVE-2022-43552 - HTTP Proxy deny use-after-free CVE-2022-43551 - Another HSTS bypass via IDN
* Tue Nov 29 2022 Kamil Dudka - 7.86.0-4- noproxy: tailmatch like in 7.85.0 and earlier (#2149224)
* Thu Nov 24 2022 Kamil Dudka - 7.86.0-3- enforce versioned libnghttp2 dependency for libcurl (#2144277)
* Mon Oct 31 2022 Kamil Dudka - 7.86.0-2- fix regression in noproxy matching
* Wed Oct 26 2022 Kamil Dudka - 7.86.0-1- new upstream release, which fixes the following vulnerabilities CVE-2022-42916 - HSTS bypass via IDN CVE-2022-42915 - HTTP proxy double-free CVE-2022-35260 - .netrc parser out-of-bounds access CVE-2022-32221 - POST following PUT confusion
* Thu Sep 01 2022 Kamil Dudka - 7.85.0-1- new upstream release, which fixes the following vulnerability CVE-2022-35252 - control code in cookie denial of service
* Thu Aug 25 2022 Kamil Dudka - 7.84.0-3- tests: fix http2 tests to use CRLF headers to make it work with nghttp2-1.49.0
* Wed Jul 20 2022 Fedora Release Engineering - 7.84.0-2- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Mon Jun 27 2022 Kamil Dudka - 7.84.0-1- new upstream release, which fixes the following vulnerabilities CVE-2022-32207 - Unpreserved file permissions CVE-2022-32205 - Set-Cookie denial of service CVE-2022-32206 - HTTP compression denial of service CVE-2022-32208 - FTP-KRB bad message verification
* Wed May 11 2022 Kamil Dudka - 7.83.1-1- new upstream release, which fixes the following vulnerabilities CVE-2022-27782 - fix too eager reuse of TLS and SSH connections CVE-2022-27779 - do not accept cookies for TLD with trailing dot CVE-2022-27778 - do not remove wrong file on error CVE-2022-30115 - hsts: ignore trailing dots when comparing hosts names CVE-2022-27780 - reject percent-encoded path separator in URL host
* Wed Apr 27 2022 Kamil Dudka - 7.83.0-1- new upstream release, which fixes the following vulnerabilities CVE-2022-27774 - curl credential leak on redirect CVE-2022-27776 - curl auth/cookie leak on redirect CVE-2022-27775 - curl bad local IPv6 connection reuse CVE-2022-22576 - curl OAUTH2 bearer bypass in connection re-use
* Tue Mar 15 2022 Kamil Dudka - 7.82.0-2- openssl: fix incorrect CURLE_OUT_OF_MEMORY error on CN check failure
* Sat Mar 05 2022 Kamil Dudka - 7.82.0-1- new upstream release
* Thu Feb 24 2022 Kamil Dudka - 7.81.0-4- enable IDN support also in libcurl-minimal