[ol7_latest] libcurl-7.29.0-54.0.1.el7_7.1.aarch64

Name:	libcurl
Version:	7.29.0
Release:	54.0.1.el7_7.1
Architecture:	aarch64
Group:	Development/Libraries
Size:	472104
License:	MIT
RPM:	libcurl-7.29.0-54.0.1.el7_7.1.aarch64.rpm
Source RPM:	curl-7.29.0-54.0.1.el7_7.1.src.rpm
Build Date:	Tue Nov 26 2019
Build Host:	ca-buildarm04.us.oracle.com
Vendor:	Oracle America
URL:	http://curl.haxx.se/
Summary:	A library for getting files from web servers
Description:	libcurl is a free and easy-to-use client-side URL transfer library, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. libcurl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, Kerberos4), file transfer resume, http proxy tunneling and more.

Changelog (Show File list) (Show related packages)

Tue Nov 26 2019 Kevin Lyons <kevin.x.lyons@oracle.com> - 7.29.0-54.0.1.el7_7.1

- Security Fixes [OraBug: 28939992]
- CVE-2016-8615 cookie injection for other servers (https://curl.haxx.se/docs/CVE-2016-8615.html)
- CVE-2016-8616 case insensitive password comparison (https://curl.haxx.se/docs/CVE-2016-8616.html)
- CVE-2016-8617 OOB write via unchecked multiplication (https://curl.haxx.se/docs/CVE-2016-8617.html)
- CVE-2016-8618 double-free in curl_maprintf (https://curl.haxx.se/docs/CVE-2016-8618.html)
- CVE-2016-8619 double-free in krb5 code (https://curl.haxx.se/docs/CVE-2016-8619.html)
- CVE-2016-8621 curl_getdate read out of bounds (https://curl.haxx.se/docs/CVE-2016-8621.html)
- CVE-2016-8622 URL unescape heap overflow via integer truncation (https://curl.haxx.se/docs/CVE-2016-8622.html)
- CVE-2016-8623 Use-after-free via shared cookies (https://curl.haxx.se/docs/CVE-2016-8623.html)
- CVE-2016-8624 invalid URL parsing with # (https://curl.haxx.se/docs/CVE-2016-8624.html)

Mon Oct 07 2019 Kamil Dudka <kdudka@redhat.com> - 7.29.0-54.el7_7.1

- fix auth failure with duplicated WWW-Authenticate header (#1754736)

Mon Jun 03 2019 Kamil Dudka <kdudka@redhat.com> - 7.29.0-54
```
- make `curl --tlsv1` backward compatible (#1672639)
```

Mon May 27 2019 Kamil Dudka <kdudka@redhat.com> - 7.29.0-53

- backport the --tls-max option of curl and TLS 1.3 ciphers (#1672639)

Fri Mar 01 2019 Kamil Dudka <kdudka@redhat.com> - 7.29.0-52

- prevent curl --rate-limit from hanging on file URLs (#1281969)
- fix NTLM password overflow via integer overflow (CVE-2018-14618)
- fix bad arithmetic when outputting warnings to stderr (CVE-2018-16842)
- backport options to force TLS 1.3 in curl and libcurl (#1672639)
- prevent curl --rate-limit from crashing on https URLs (#1683292)

Wed Aug 08 2018 Kamil Dudka <kdudka@redhat.com> - 7.29.0-51

- require a new enough version of nss-pem to avoid regression in yum (#1610998)

Thu Jun 07 2018 Kamil Dudka <kdudka@redhat.com> - 7.29.0-50

- remove dead code, detected by Coverity Analysis
- remove unused variable, detected by GCC and Clang

Wed Jun 06 2018 Kamil Dudka <kdudka@redhat.com> - 7.29.0-49
```
- make curl --speed-limit work with TFTP (#1584750)
```

Wed May 30 2018 Kamil Dudka <kdudka@redhat.com> - 7.29.0-48

- fix RTSP bad headers buffer over-read (CVE-2018-1000301)
- fix FTP path trickery leads to NIL byte out of bounds write (CVE-2018-1000120)
- fix LDAP NULL pointer dereference (CVE-2018-1000121)
- fix RTSP RTP buffer over-read (CVE-2018-1000122)
- http: prevent custom Authorization headers in redirects (CVE-2018-1000007)
- doc: --tlsauthtype works only if built with TLS-SRP support (#1542256)
- update certificates in the test-suite because they expire soon (#1572723)

Fri Mar 02 2018 Kamil Dudka <kdudka@redhat.com> - 7.29.0-47

- make NSS deallocate PKCS #11 objects early enough (#1510247)