| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: libcurl-minimal | Distribution: Fedora Project |
| Version: 8.9.1 | Vendor: Fedora Project |
| Release: 2.fc41 | Build date: Mon Aug 5 16:41:13 2024 |
| Group: Unspecified | Build host: buildvm-ppc64le-21.iad2.fedoraproject.org |
| Size: 942014 | Source RPM: curl-8.9.1-2.fc41.src.rpm |
| Packager: Fedora Project | |
| Url: https://curl.se/ | |
| Summary: Conservatively configured build of libcurl for minimal installations | |
This is a replacement of the 'libcurl' package for minimal installations. It comes with a limited set of features compared to the 'libcurl' package. On the other hand, the package is smaller and requires fewer run-time dependencies to be installed.
curl
* Mon Aug 05 2024 voidanix <[email protected]> - 8.9.1-2
- Apply SIGPIPE-related patch due to upstream regression
* Wed Jul 24 2024 Jan Macku <[email protected]> - 8.9.1-1
- new upstream release
* Wed Jul 24 2024 Jan Macku <[email protected]> - 8.9.0-1
- new upstream release, which fixes the following vulnerabilities
CVE-2024-6874 - macidn punycode buffer overread
CVE-2024-6197 - freeing stack buffer in utf8asn1str
- drop upstreamed patches
* Wed Jul 17 2024 Fedora Release Engineering <[email protected]> - 8.8.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Fri Jul 12 2024 Paul Howarth <[email protected]> - 8.8.0-2
- adapt for https://fedoraproject.org/wiki/Changes/OpensslDeprecateEngine
- added build condition for openssl_engine_support, true by default so as to
not change the resulting built package (yet)
- with openssl_engine_support true, BR: openssl-devel-engine
- with openssl_engine_support false, build with -DOPENSSL_NO_ENGINE
* Wed May 22 2024 Jan Macku <[email protected]> - 8.8.0-1
- new upstream release
- drop upstreamed patches
* Wed Mar 27 2024 Jan Macku <[email protected]> - 8.7.1-1
- new upstream release, which fixes the following vulnerabilities
CVE-2024-2004 - Usage of disabled protocol
CVE-2024-2379 - QUIC certificate check bypass with wolfSSL
CVE-2024-2398 - HTTP/2 push headers memory-leak
CVE-2024-2466 - TLS certificate check bypass with mbedTLS
- drop upstreamed patches
- reenable test 0313
- fix zsh completions, use --with-zsh-functions-dir
- apply upstream patches for 8.7.1 issues and regressions
* Mon Feb 19 2024 Jan Macku <[email protected]> - 8.6.0-7
- Fix: Leftovers after chunking should not be part of the curl buffer output (#2264220)
* Mon Feb 12 2024 Jan Macku <[email protected]> - 8.6.0-6
- revert "receive max buffer" + add test case
- temporarily disable test 0313
- remove suggests of libcurl-minimal in curl-full
* Mon Feb 12 2024 Jan Macku <[email protected]> - 8.6.0-5
- add Provides to curl-minimal
* Wed Feb 07 2024 Jan Macku <[email protected]> - 8.6.0-4
- drop curl-minimal subpackage in favor of curl-full (#2262096)
* Mon Feb 05 2024 Jan Macku <[email protected]> - 8.6.0-3
- ignore response body to HEAD requests
* Fri Feb 02 2024 Jan Macku <[email protected]> - 8.6.0-2
- don't build manual for curl-full - use man 1 curl instead (#2262373)
* Thu Feb 01 2024 Jan Macku <[email protected]> - 8.6.0-1
- new upstream release, which fixes the following vulnerabilities
CVE-2024-0853 - OCSP verification bypass with TLS session reuse
- drop 001-dist-add-tests-errorcodes.pl-to-the-tarball.patch (replaced by upstream fix)
- remove accidentally included mk-ca-bundle.1 man page (upstream bug #12843)
* Fri Jan 19 2024 Fedora Release Engineering <[email protected]> - 8.5.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Wed Dec 06 2023 Jan Macku <[email protected]> - 8.5.0-1
- new upstream release, which fixes the following vulnerabilities
CVE-2023-46218 - cookie mixed case PSL bypass
CVE-2023-46219 - HSTS long file name clears contents
* Wed Oct 11 2023 Jan Macku <[email protected]> - 8.4.0-1
- new upstream release, which fixes the following vulnerabilities
CVE-2023-38545 - SOCKS5 heap buffer overflow
CVE-2023-38546 - cookie injection with none file
* Wed Sep 13 2023 Jan Macku <[email protected]> - 8.3.0-1
- new upstream release, which fixes the following vulnerabilities
CVE-2023-38039 - HTTP headers eat all memory
* Wed Aug 02 2023 Jan Macku <[email protected]> - 8.2.1-2
- enable websockets (#2224651)
* Wed Jul 26 2023 Lukáš Zaoral <[email protected]> - 8.2.1-1
- new upstream release (rhbz#2226659)
* Wed Jul 19 2023 Jan Macku <[email protected]> - 8.2.0-1
- new upstream release, which fixes the following vulnerabilities
CVE-2023-32001 - fopen race condition
* Tue May 30 2023 Jan Macku <[email protected]> - 8.1.2-1
- new upstream release, with small bugfixes and improvements
* Tue May 23 2023 Jan Macku <[email protected]> - 8.1.1-1
- new upstream release, with small bugfixes and improvements
* Wed May 17 2023 Kamil Dudka <[email protected]> - 8.1.0-1
- new upstream release, which fixes the following vulnerabilities
CVE-2023-28321 - IDN wildcard match
CVE-2023-28322 - more POST-after-PUT confusion
* Fri Apr 21 2023 Kamil Dudka <[email protected]> - 8.0.1-3
- tests: re-enable temporarily disabled test-cases
- tests: attempt to fix a conflict on port numbers
- apply patches automatically
* Tue Mar 21 2023 Lukáš Zaoral <[email protected]> - 8.0.1-2
- migrated to SPDX license
* Mon Mar 20 2023 Kamil Dudka <[email protected]> - 8.0.1-1
- new upstream release
* Mon Mar 20 2023 Kamil Dudka <[email protected]> - 8.0.0-1
- new upstream release, which fixes the following vulnerabilities
CVE-2023-27538 - SSH connection too eager reuse still
CVE-2023-27537 - HSTS double-free
CVE-2023-27536 - GSS delegation too eager connection re-use
CVE-2023-27535 - FTP too eager connection reuse
CVE-2023-27534 - SFTP path ~ resolving discrepancy
CVE-2023-27533 - TELNET option IAC injection
* Mon Feb 20 2023 Kamil Dudka <[email protected]> - 7.88.1-1
- new upstream release
* Fri Feb 17 2023 Kamil Dudka <[email protected]> - 7.88.0-2
- http2: set drain on stream end
* Wed Feb 15 2023 Kamil Dudka <[email protected]> - 7.88.0-1
- new upstream release, which fixes the following vulnerabilities
CVE-2023-23916 - HTTP multi-header compression denial of service
CVE-2023-23915 - HSTS amnesia with --parallel
CVE-2023-23914 - HSTS ignored on multiple requests
* Fri Jan 20 2023 Kamil Dudka <[email protected]> - 7.87.0-4
- fix regression in a public header file (#2162716)
* Thu Jan 19 2023 Fedora Release Engineering <[email protected]> - 7.87.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Wed Jan 11 2023 Kamil Dudka <[email protected]> - 7.87.0-2
- test3012: temporarily disable valgrind (#2143040)
* Wed Dec 21 2022 Kamil Dudka <[email protected]> - 7.87.0-1
- new upstream release, which fixes the following vulnerabilities
CVE-2022-43552 - HTTP Proxy deny use-after-free
CVE-2022-43551 - Another HSTS bypass via IDN
* Tue Nov 29 2022 Kamil Dudka <[email protected]> - 7.86.0-4
- noproxy: tailmatch like in 7.85.0 and earlier (#2149224)
* Thu Nov 24 2022 Kamil Dudka <[email protected]> - 7.86.0-3
- enforce versioned libnghttp2 dependency for libcurl (#2144277)
* Mon Oct 31 2022 Kamil Dudka <[email protected]> - 7.86.0-2
- fix regression in noproxy matching
* Wed Oct 26 2022 Kamil Dudka <[email protected]> - 7.86.0-1
- new upstream release, which fixes the following vulnerabilities
CVE-2022-42916 - HSTS bypass via IDN
CVE-2022-42915 - HTTP proxy double-free
CVE-2022-35260 - .netrc parser out-of-bounds access
CVE-2022-32221 - POST following PUT confusion
* Thu Sep 01 2022 Kamil Dudka <[email protected]> - 7.85.0-1
- new upstream release, which fixes the following vulnerability
CVE-2022-35252 - control code in cookie denial of service
* Thu Aug 25 2022 Kamil Dudka <[email protected]> - 7.84.0-3
- tests: fix http2 tests to use CRLF headers to make it work with nghttp2-1.49.0
/usr/lib/.build-id /usr/lib/.build-id/72 /usr/lib/.build-id/72/d083006710745a68e192f24cdcb3f3d164ffaa /usr/lib64/libcurl.so.4 /usr/lib64/libcurl.so.4.8.0 /usr/share/licenses/libcurl-minimal /usr/share/licenses/libcurl-minimal/COPYING
Generated by rpm2html 1.8.1
Fabrice Bellet, Sun Oct 27 05:57:41 2024