[ol7_latest] curl-7.29.0-59.0.1.el7_9.1.aarch64

Name:	curl
Version:	7.29.0
Release:	59.0.1.el7_9.1
Architecture:	aarch64
Group:	Applications/Internet
Size:	585484
License:	MIT
RPM:	curl-7.29.0-59.0.1.el7_9.1.aarch64.rpm
Source RPM:	curl-7.29.0-59.0.1.el7_9.1.src.rpm
Build Date:	Wed Nov 11 2020
Build Host:	ca-buildarm04.us.oracle.com
Vendor:	Oracle America
URL:	http://curl.haxx.se/
Summary:	A utility for getting files from remote servers (FTP, HTTP, and others)
Description:	curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer resume, proxy tunneling and a busload of other useful tricks.

Changelog (Show File list) (Show related packages)

Tue Nov 10 2020 Kevin Lyons <kevin.x.lyons@oracle.com> - 7.29.0-59.0.1.1

- Fix TFTP small blocksize heap buffer overflow (https://curl.haxx.se/docs/CVE-2019-5482.html)[CVE-2019-5482][Orabug: 30568724]
- Security Fixes [OraBug: 28939992]
- CVE-2016-8615 cookie injection for other servers (https://curl.haxx.se/docs/CVE-2016-8615.html)
- CVE-2016-8616 case insensitive password comparison (https://curl.haxx.se/docs/CVE-2016-8616.html)
- CVE-2016-8617 OOB write via unchecked multiplication (https://curl.haxx.se/docs/CVE-2016-8617.html)
- CVE-2016-8618 double-free in curl_maprintf (https://curl.haxx.se/docs/CVE-2016-8618.html)
- CVE-2016-8619 double-free in krb5 code (https://curl.haxx.se/docs/CVE-2016-8619.html)
- CVE-2016-8621 curl_getdate read out of bounds (https://curl.haxx.se/docs/CVE-2016-8621.html)
- CVE-2016-8622 URL unescape heap overflow via integer truncation (https://curl.haxx.se/docs/CVE-2016-8622.html)
- CVE-2016-8623 Use-after-free via shared cookies (https://curl.haxx.se/docs/CVE-2016-8623.html)
- CVE-2016-8624 invalid URL parsing with # (https://curl.haxx.se/docs/CVE-2016-8624.html)
- Drop 1001-tftp-Alloc-maximum-blksize-and-use-default-unless-OA.patch

Tue Jul 28 2020 Kamil Dudka <kdudka@redhat.com> - 7.29.0-59.el7_9.1
```
- avoid overwriting a local file with -J (CVE-2020-8177)
```

Tue Jun 02 2020 Kamil Dudka <kdudka@redhat.com> - 7.29.0-59

- http: free protocol-specific struct in setup_connection callback (#1836773)

Mon Mar 23 2020 Kamil Dudka <kdudka@redhat.com> - 7.29.0-58

- fix heap buffer overflow in function tftp_receive_packet() (CVE-2019-5482)

Wed Nov 27 2019 Kamil Dudka <kdudka@redhat.com> - 7.29.0-57
```
- allow curl to POST from a char device (#1769307)
```

Tue Oct 01 2019 Kamil Dudka <kdudka@redhat.com> - 7.29.0-56

- fix auth failure with duplicated WWW-Authenticate header (#1754736)

Tue Aug 06 2019 Kamil Dudka <kdudka@redhat.com> - 7.29.0-55
```
- fix TFTP receive buffer overflow (CVE-2019-5436)
```
Mon Jun 03 2019 Kamil Dudka <kdudka@redhat.com> - 7.29.0-54
```
- make `curl --tlsv1` backward compatible (#1672639)
```

Mon May 27 2019 Kamil Dudka <kdudka@redhat.com> - 7.29.0-53

- backport the --tls-max option of curl and TLS 1.3 ciphers (#1672639)

Fri Mar 01 2019 Kamil Dudka <kdudka@redhat.com> - 7.29.0-52

- prevent curl --rate-limit from hanging on file URLs (#1281969)
- fix NTLM password overflow via integer overflow (CVE-2018-14618)
- fix bad arithmetic when outputting warnings to stderr (CVE-2018-16842)
- backport options to force TLS 1.3 in curl and libcurl (#1672639)
- prevent curl --rate-limit from crashing on https URLs (#1683292)