RPM Search

Changelog for ea-libcurl-8.7.1-2.2.1.cpanel.x86_64.rpm :

* Mon Apr 15 2024 Cory McIntire - 8.7.1-2- EA-12080: patch update that caused issues with CURLOPT_ACCEPT_ENCODING
* Wed Mar 27 2024 Cory McIntire - 8.7.1-1- EA-12051: Update libcurl from v8.6.0 to v8.7.1- CVE-2024-2466: TLS certificate check bypass with mbedTLS- CVE-2024-2398: HTTP/2 push headers memory-leak- CVE-2024-2379: QUIC certificate check bypass with wolfSSL- CVE-2024-2004: Usage of disabled protocol
* Mon Feb 05 2024 Cory McIntire - 8.6.0-1- EA-11948: Update libcurl from v8.5.0 to v8.6.0- CVE-2024-0853: OCSP verification bypass with TLS session reuse
* Wed Dec 06 2023 Cory McIntire - 8.5.0-1- EA-11857: Update libcurl from v8.4.0 to v8.5.0- CVE-2023-46219 - HSTS long file name clears contents- CVE-2023-46218 - cookie mixed case PSL bypass
* Wed Oct 11 2023 Cory McIntire - 8.4.0-1- EA-11731: Update libcurl from v8.3.0 to v8.4.0- CVE-2023-38545 - SOCKS5 heap buffer overflow- CVE-2023-38546 - cookie injection with none file
* Wed Sep 13 2023 Cory McIntire - 8.3.0-1- EA-11680: Update libcurl from v8.2.1 to v8.3.0- CVE-2023-38039: HTTP headers eat all memory
* Fri Jul 28 2023 Cory McIntire - 8.2.1-1- EA-11574: Update libcurl from v8.2.0 to v8.2.1
* Wed Jul 19 2023 Cory McIntire - 8.2.0-1- EA-11560: Update libcurl from v8.1.2 to v8.2.0- CVE-2023-32001 curl: fopen race condition
* Tue May 30 2023 Cory McIntire - 8.1.2-1- EA-11448: Update libcurl from v8.1.1 to v8.1.2
* Tue May 23 2023 Cory McIntire - 8.1.1-1- EA-11432: Update libcurl from v8.0.1 to v8.1.1 - CVE-2023-28322: more POST-after-PUT confusion - CVE-2023-28321: IDN wildcard match - CVE-2023-28320: siglongjmp race condition - CVE-2023-28319: UAF in SSH sha256 fingerprint check
* Tue May 09 2023 Brian Mendoza - 8.0.1-2- ZC-10936: Clean up Makefile and remove debug-package-nil
* Mon Mar 20 2023 Cory McIntire - 8.0.1-1- EA-11303: Update libcurl from v7.88.1 to v8.0.1- CVE-2023-27538: SSH connection too eager reuse still- CVE-2023-27537: HSTS double-free= CVE-2023-27536: GSS delegation too eager connection re-use= CVE-2023-27535: FTP too eager connection reuse- CVE-2023-27534: SFTP path ~ resolving discrepancy
* Mon Feb 20 2023 Cory McIntire - 7.88.1-1- EA-11256: Update libcurl from v7.88.0 to v7.88.1
* Wed Feb 15 2023 Cory McIntire - 7.88.0-1- EA-11241: Update libcurl from v7.87.0 to v7.88.0- CVE-2023-23916: HTTP multi-header compression denial of service- CVE-2023-23915: HSTS amnesia with --parallel- CVE-2023-23914: HSTS ignored on multiple requests
* Wed Feb 08 2023 Travis Holloway - 7.87.0-2- EA-11221: Bump minimum required nghttp2 version to 1.51.0-2
* Wed Dec 21 2022 Cory McIntire - 7.87.0-1- EA-11118: Update libcurl from v7.86.0 to v7.87.0- CVE-2022-43551: Another HSTS bypass via IDN- CVE-2022-43552: HTTP Proxy deny use-after-free
* Thu Oct 27 2022 Cory McIntire - 7.86.0-1- EA-11016: Update libcurl from v7.85.0 to v7.86.0- CVE-2022-32221: POST following PUT confusion- CVE-2022-35260: .netrc parser out-of-bounds access- CVE-2022-42915: HTTP proxy double-free- CVE-2022-42916: HSTS bypass via IDN
* Wed Aug 31 2022 Cory McIntire - 7.85.0-1- EA-10914: Update libcurl from v7.84.0 to v7.85.0
* Mon Jun 27 2022 Cory McIntire - 7.84.0-1- EA-10790: Update libcurl from v7.83.1 to v7.84.0- CVE-2022-32208: FTP-KRB bad message verification- CVE-2022-32207: Unpreserved file permissions- CVE-2022-32206: HTTP compression denial of service- CVE-2022-32205: Set-Cookie denial of service
* Wed May 11 2022 Cory McIntire - 7.83.1-1- EA-10702: Update libcurl from v7.83.0 to v7.83.1
* Wed Apr 27 2022 Cory McIntire - 7.83.0-1- EA-10666: Update libcurl from v7.82.0 to v7.83.0
* Mon Mar 07 2022 Travis Holloway - 7.82.0-1- EA-10537: Update libcurl from v7.81.0 to v7.82.0
* Wed Jan 05 2022 Cory McIntire - 7.81.0-1- EA-10408: Update libcurl from v7.80.0 to v7.81.0
* Tue Dec 28 2021 Dan Muey - 7.80.0-2- ZC-9589: Update DISABLE_BUILD to match OBS
* Thu Nov 11 2021 Tim Mullin - 7.80.0-1- EA-10274: Update libcurl from v7.79.1 to v7.80.0
* Fri Sep 24 2021 Cory McIntire - 7.79.1-1- EA-10135: Update libcurl from v7.79.0 to v7.79.1
* Thu Sep 16 2021 Cory McIntire - 7.79.0-1- EA-10110: Update libcurl from v7.78.0 to v7.79.0
* Thu Jul 22 2021 Cory McIntire - 7.78.0-1- EA-9982: Update libcurl from v7.77.0 to v7.78.0
* Tue Jun 01 2021 Tim Mullin - 7.77.0-2- EA-9816: Fix linking to openssl
* Wed May 26 2021 Tim Mullin - 7.77.0-1- EA-9794: Update libcurl from v7.76.1 to v7.77.0
* Fri Apr 23 2021 Cory McIntire - 7.76.1-1- EA-9710: Update libcurl from v7.76.0 to v7.76.1
* Tue Apr 06 2021 Cory McIntire - 7.76.0-1- EA-9677: Update libcurl from v7.75.0 to v7.76.0
* Thu Feb 04 2021 Cory McIntire - 7.75.0-1- EA-9567: Update libcurl from v7.74.0 to v7.75.0
* Thu Dec 10 2020 Cory McIntire - 7.74.0-1- EA-9479: Update libcurl from v7.73.0 to v7.74.0
* Tue Nov 24 2020 Julian Brown - 7.73.0-2- ZC-8005: Replace ea-openssl11 with system openssl on C8
* Wed Oct 14 2020 Cory McIntire - 7.73.0-1- EA-9371: Update libcurl from v7.72.0 to v7.73.0
* Wed Aug 19 2020 Cory McIntire - 7.72.0-1- EA-9260: Update libcurl from v7.71.1 to v7.72.0
* Mon Jul 06 2020 Cory McIntire - 7.71.1-1- EA-9138: Update libcurl from v7.71.0 to v7.71.1
* Wed Jun 24 2020 Cory McIntire - 7.71.0-1- EA-9124: Update libcurl from v7.70.0 to v7.71.0
* Wed Apr 29 2020 Cory McIntire - 7.70.0-1- EA-9044: Update libcurl from v7.69.1 to v7.70.0
* Tue Mar 31 2020 Tim Mullin - 7.69.1-2- EA-8928: Added version check for libssh2
* Fri Mar 27 2020 Cory McIntire - 7.69.1-1- EA-8947: Update libcurl from v7.68.0 to v7.69.1
* Fri Feb 07 2020 Tim Mullin - 7.68.0-1- EA-8843: Update libcurl from v7.67.0 to v7.68.0
* Wed Dec 18 2019 Danie Muey - 7.67.0-3- ZC-4361: Update ea-openssl requirement to v1.1.1 (ZC-5583)
* Thu Nov 21 2019 Tim Mullin - 7.67.0-2- EA-8754: Patch libcurl 7.67.0 for OpenSSL issue breaking WHMCS
* Fri Nov 08 2019 Cory McIntire - 7.67.0-1- EA-8739: Update libcurl from v7.66.0 to v7.67.0
* Wed Sep 11 2019 Cory McIntire - 7.66.0-1- EA-8649: Update libcurl from v7.65.3 to v7.66.0
* Mon Jul 22 2019 Cory McIntire - 7.65.3-1- EA-8584: Update libcurl from v7.65.1 to v7.65.3
* Thu Jun 27 2019 Cory McIntire - 7.65.1-1- EA-8546: Update libcurl from v7.65.0 to v7.65.1
* Wed May 22 2019 Cory McIntire - 7.65.0-1- EA-8475: Update libcurl from v7.64.1 to v7.65.0
* Thu May 16 2019 Cory McIntire - 7.64.1-1- EA-8472: Update libcurl from v7.64.0 to v7.64.1
* Wed Apr 03 2019 Tim Mullin - 7.64.0-2EA-8303: Removed libssh2-devel as a dependency; this caused problems for RHEL
* Thu Feb 07 2019 Cory McIntire - 7.64.0-1- EA-8204: Update cURL from 7.63.0 to 7.64.0 https://curl.haxx.se/docs/CVE-2018-16890.html https://curl.haxx.se/docs/CVE-2019-3822.html https://curl.haxx.se/docs/CVE-2019-3823.html
* Tue Jan 29 2019 Tim Mullin - 7.63.0-1- EA-8187: Update cURL from 7.62.0 to 7.63.0
* Tue Nov 06 2018 Tim Mullin - 7.62.0-2- EA-7983: Added libssh2-devel as a dependency
* Thu Nov 01 2018 Cory McIntire - 7.62.0-1- EA-7978: Update cURL from 7.61.1 to 7.62.0 for CVEs https://curl.haxx.se/docs/CVE-2018-16839.html https://curl.haxx.se/docs/CVE-2018-16840.html https://curl.haxx.se/docs/CVE-2018-16842.html
* Mon Oct 01 2018 Cory McIntire - 7.61.1-1- EA-7819: Update cURL from 7.61.0 to 7.61.1- CVE-2018-14618 https://curl.haxx.se/docs/CVE-2018-14618.html- Low priority CVE, 32 bit systems only
* Thu Jul 12 2018 Rishwanth Yeddula - 7.61.0-1- EA-7654: Update cURL from 7.60.0 to 7.61.0- CVE-2018-0500 https://curl.haxx.se/docs/adv_2018-70a2.html
* Wed May 16 2018 Cory McIntire - 7.60.0-1- ZC-3769: Update cURL from 7.59.0 to 7.60.0- CVE-2018-1000300 https://curl.haxx.se/docs/adv_2018-82c2.html
* Mon Apr 16 2018 Rishwanth Yeddula - 7.59.0-2- EA-7382: Update dependency on ea-openssl to require the latest version with versioned symbols.- ZC-3626: Re-enable SFTP support via libssh2.
* Sun Apr 01 2018 Cory McIntire - 7.59.0-1- EA-7336: Update cURL from 7.58.0 to 7.59.0
* Mon Mar 26 2018 Rishwanth Yeddula - 7.58.0-5- ZC-3552: Ensure curl is linked again ea-openssl, and ea-nghttp2 Additionally, added support for brotli. Added versioning to ea-openssl and nghttp2 requirements for easier maintenance.
* Wed Mar 07 2018 Cory McIntire - 7.58.0-4- ZC-3479: Ensure we only link only against our ea-openssl
* Thu Feb 08 2018 Rishwanth Yeddula - 7.58.0-3- EA-7233: Require the newer version of ea-nghttp2 to ensure that the packages are updated as a set.
* Wed Feb 07 2018 Rishwanth Yeddula - 7.58.0-2- EA-7219: Build curl against the ea-nghttp2 that is installed in /opt/cpanel/nghttp2 to ensure that http2 can still be utilized.
* Wed Jan 24 2018 Dan Muey - 7.58.0-1- EA-7157: Update cURL to 7.58.0
* Wed Nov 29 2017 Cory McIntire - 7.57.0-1- EA-6989: Update cURL to 7.57.0 to deal with CVE- CVE-2017-8816, CVE-2017-8817, CVE-2017-8818
* Tue Aug 15 2017 Cory McIntire - 7.55.1-2- Bringing in ea-openssl as a Requires to fix EA-6671
* Mon Aug 14 2017 Jacob Perkins - 7.55.1-1- Updated to cURL 7.55.1
* Fri Jul 28 2017 Jacob Perkins - 7.53.1-5- Fix export for static OpenSSL libraries
* Thu Jul 27 2017 Jacob Perkins - 7.53.1-4- Added ALPN support
* Fri Jun 09 2017 Jacob Perkins - 7.53.1-3- Add HTTP2 support
* Mon Apr 03 2017 Cory McIntire - 7.53.1-2- Updated the package with changes suggested by AATTezamriy (Eugene Zamriy)- https://github.com/CpanelInc/libcurl/pull/1- Removed unnecessary ea-libcurl and ea-libcurl-devel Provides- Removed incorrect valgrind and perl
* Provides workaround- Disable automatic Requires generation to avoid broken dependencies- Disable automatic Provides generation to avoid conflicts with system curl- Added libssh2, openldap, krb5-libs requirements- Added krb5-devel build requirement
* Mon Mar 13 2017 Jacob Perkins - 7.53.1-1- Updated to 7.53.1
* Tue Mar 07 2017 Cory McIntire - 7.38.0-4- Removed leftover c-ares build requires
* Thu Mar 02 2017 Jacob Perkins - 7.38.0-3- Removed AsynchDNS feature as it isn\'t required at this time
* Tue Feb 28 2017 Cory McIntire - 7.38.0-2- ZC-2452: Fix missing Available protocols and features
* Fri Feb 17 2017 Cory McIntire - 7.38.0-1- ZC-2421: Create libcurl package