ID | 68769 |
Package Name | curl |
Version | 7.61.0 |
Release | 4.fc29 |
Epoch | |
Summary |
Description |
Built by | davidlt |
State |
complete
|
Volume |
DEFAULT |
Started | Thu, 09 Aug 2018 17:28:31 UTC |
Completed | Thu, 09 Aug 2018 18:10:03 UTC |
Task | build (f29-candidate, curl-7.61.0-4.fc29.src.rpm) |
Tags |
|
RPMs |
|
Logs |
|
Changelog |
* Tue Aug 07 2018 Kamil Dudka <kdudka@redhat.com> - 7.61.0-4
- relax crypto policy for the test-suite to make it pass again (#1610888)
* Tue Jul 31 2018 Kamil Dudka <kdudka@redhat.com> - 7.61.0-3
- disable flaky test 1900, which covers deprecated HTTP pipelining
- adapt test 323 for updated OpenSSL
* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 7.61.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed Jul 11 2018 Kamil Dudka <kdudka@redhat.com> - 7.61.0-1
- new upstream release, which fixes the following vulnerability
CVE-2018-0500 - SMTP send heap buffer overflow
* Tue Jul 10 2018 Kamil Dudka <kdudka@redhat.com> - 7.60.0-3
- enable support for brotli compression in libcurl-full
* Wed Jul 04 2018 Kamil Dudka <kdudka@redhat.com> - 7.60.0-2
- do not hard-wire path of the Python 3 interpreter
* Wed May 16 2018 Kamil Dudka <kdudka@redhat.com> - 7.60.0-1
- new upstream release, which fixes the following vulnerabilities
CVE-2018-1000300 - FTP shutdown response buffer overflow
CVE-2018-1000301 - RTSP bad headers buffer over-read
* Thu Mar 15 2018 Kamil Dudka <kdudka@redhat.com> - 7.59.0-3
- make the test-suite use Python 3
* Wed Mar 14 2018 Kamil Dudka <kdudka@redhat.com> - 7.59.0-2
- ftp: fix typo in recursive callback detection for seeking
* Wed Mar 14 2018 Kamil Dudka <kdudka@redhat.com> - 7.59.0-1
- new upstream release, which fixes the following vulnerabilities
CVE-2018-1000120 - FTP path trickery leads to NIL byte out of bounds write
CVE-2018-1000121 - LDAP NULL pointer dereference
CVE-2018-1000122 - RTSP RTP buffer over-read
* Mon Mar 12 2018 Kamil Dudka <kdudka@redhat.com> - 7.58.0-8
- http2: mark the connection for close on GOAWAY
* Mon Feb 19 2018 Paul Howarth <paul@city-fan.org> - 7.58.0-7
- Add explicity-used build requirements
- Fix libcurl soname version number in %files list to avoid accidental soname
bumps
* Thu Feb 15 2018 Paul Howarth <paul@city-fan.org> - 7.58.0-6
- switch to %ldconfig_scriptlets
- drop legacy BuildRoot: and Group: tags
- enforce versioned libssh dependency for libcurl
* Tue Feb 13 2018 Kamil Dudka <kdudka@redhat.com> - 7.58.0-5
- drop temporary workaround for #1540549
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 7.58.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Wed Jan 31 2018 Kamil Dudka <kdudka@redhat.com> - 7.58.0-3
- temporarily work around internal compiler error on x86_64 (#1540549)
- disable brp-ldconfig to make RemovePathPostfixes work with shared libs again
* Wed Jan 24 2018 Andreas Schneider <asn@redhat.com> - 7.58.0-2
- use libssh (instead of libssh2) to implement SCP/SFTP in libcurl (#1531483)
* Wed Jan 24 2018 Kamil Dudka <kdudka@redhat.com> - 7.58.0-1
- new upstream release, which fixes the following vulnerabilities
CVE-2018-1000005 - curl: HTTP/2 trailer out-of-bounds read
CVE-2018-1000007 - curl: HTTP authentication leak in redirects
* Wed Nov 29 2017 Kamil Dudka <kdudka@redhat.com> - 7.57.0-1
- new upstream release, which fixes the following vulnerabilities
CVE-2017-8816 - curl: NTLM buffer overflow via integer overflow
CVE-2017-8817 - curl: FTP wildcard out of bounds read
CVE-2017-8818 - curl: SSL out of buffer access
* Mon Oct 23 2017 Kamil Dudka <kdudka@redhat.com> - 7.56.1-1
- new upstream release (fixes CVE-2017-1000257)
* Wed Oct 04 2017 Kamil Dudka <kdudka@redhat.com> - 7.56.0-1
- new upstream release (fixes CVE-2017-1000254)
* Mon Aug 28 2017 Kamil Dudka <kdudka@redhat.com> - 7.55.1-5
- apply the patch for the previous commit and fix its name (#1485702)
* Mon Aug 28 2017 Bastien Nocera <bnocera@redhat.com> - 7.55.1-4
- Fix NetworkManager connectivity check not working (#1485702)
* Tue Aug 22 2017 Kamil Dudka <kdudka@redhat.com> 7.55.1-3
- utilize system wide crypto policies for TLS (#1483972)
* Tue Aug 15 2017 Kamil Dudka <kdudka@redhat.com> 7.55.1-2
- make zsh completion work again
* Mon Aug 14 2017 Kamil Dudka <kdudka@redhat.com> 7.55.1-1
- new upstream release
* Wed Aug 09 2017 Kamil Dudka <kdudka@redhat.com> 7.55.0-1
- drop multilib fix for libcurl header files no longer needed
- new upstream release, which fixes the following vulnerabilities
CVE-2017-1000099 - FILE buffer read out of bounds
CVE-2017-1000100 - TFTP sends more than buffer size
CVE-2017-1000101 - URL globbing out of bounds read
* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 7.54.1-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Fri Jul 28 2017 Florian Weimer <fweimer@redhat.com> - 7.54.1-7
- Rebuild with fixed binutils (#1475636)
* Fri Jul 28 2017 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 7.54.1-6
- Enable separate debuginfo back
* Thu Jul 27 2017 Kamil Dudka <kdudka@redhat.com> 7.54.1-5
- rebuild to fix broken linkage of cmake on ppc64le
* Wed Jul 26 2017 Kamil Dudka <kdudka@redhat.com> 7.54.1-4
- avoid build failure caused broken RPM code that produces debuginfo packages
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 7.54.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Mon Jun 19 2017 Kamil Dudka <kdudka@redhat.com> 7.54.1-2
- enforce versioned openssl-libs dependency for libcurl (#1462184)
* Wed Jun 14 2017 Kamil Dudka <kdudka@redhat.com> 7.54.1-1
- new upstream release
* Tue May 16 2017 Kamil Dudka <kdudka@redhat.com> 7.54.0-5
- add *-full provides for curl and libcurl to make them explicitly installable
* Thu May 04 2017 Kamil Dudka <kdudka@redhat.com> 7.54.0-4
- make curl-minimal require a new enough version of libcurl
* Thu Apr 27 2017 Kamil Dudka <kdudka@redhat.com> 7.54.0-3
- switch the TLS backend back to OpenSSL (#1445153)
* Tue Apr 25 2017 Kamil Dudka <kdudka@redhat.com> 7.54.0-2
- nss: use libnssckbi.so as the default source of trust
- nss: do not leak PKCS #11 slot while loading a key (#1444860)
* Thu Apr 20 2017 Kamil Dudka <kdudka@redhat.com> 7.54.0-1
- new upstream release (fixes CVE-2017-7468)
* Thu Apr 13 2017 Paul Howarth <paul@city-fan.org> 7.53.1-7
- add %post and %postun scriptlets for libcurl-minimal
- libcurl-minimal provides both libcurl and libcurl%{?_isa}
- remove some legacy spec file cruft
* Wed Apr 12 2017 Kamil Dudka <kdudka@redhat.com> 7.53.1-6
- provide (lib)curl-minimal subpackages with lightweight build of (lib)curl
* Mon Apr 10 2017 Kamil Dudka <kdudka@redhat.com> 7.53.1-5
- disable upstream test 2033 (flaky test for HTTP/1 pipelining)
* Fri Apr 07 2017 Kamil Dudka <kdudka@redhat.com> 7.53.1-4
- fix out of bounds read in curl --write-out (CVE-2017-7407)
* Mon Mar 06 2017 Kamil Dudka <kdudka@redhat.com> 7.53.1-3
- make the dependency on nss-pem arch-specific (#1428550)
* Thu Mar 02 2017 Kamil Dudka <kdudka@redhat.com> 7.53.1-2
- re-enable valgrind on ix86 because sqlite is fixed (#1428286)
* Fri Feb 24 2017 Kamil Dudka <kdudka@redhat.com> 7.53.1-1
- new upstream release
* Wed Feb 22 2017 Kamil Dudka <kdudka@redhat.com> 7.53.0-1
- do not use valgrind on ix86 until sqlite is rebuilt by patched GCC (#1423434)
- new upstream release (fixes CVE-2017-2629)
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 7.52.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Fri Dec 23 2016 Kamil Dudka <kdudka@redhat.com> 7.52.1-1
- new upstream release (fixes CVE-2016-9586)
* Mon Nov 21 2016 Kamil Dudka <kdudka@redhat.com> 7.51.0-3
- map CURL_SSLVERSION_DEFAULT to NSS default, add support for TLS 1.3 (#1396719)
* Tue Nov 15 2016 Kamil Dudka <kdudka@redhat.com> 7.51.0-2
- stricter host name checking for file:// URLs
- ssh: check md5 fingerprints case insensitively
* Wed Nov 02 2016 Kamil Dudka <kdudka@redhat.com> 7.51.0-1
- temporarily disable failing libidn2 test-cases
- new upstream release, which fixes the following vulnerabilities
CVE-2016-8615 - Cookie injection for other servers
CVE-2016-8616 - Case insensitive password comparison
CVE-2016-8617 - Out-of-bounds write via unchecked multiplication
CVE-2016-8618 - Double-free in curl_maprintf
CVE-2016-8619 - Double-free in krb5 code
CVE-2016-8620 - Glob parser write/read out of bounds
CVE-2016-8621 - curl_getdate out-of-bounds read
CVE-2016-8622 - URL unescape heap overflow via integer truncation
CVE-2016-8623 - Use-after-free via shared cookies
CVE-2016-8624 - Invalid URL parsing with '#'
CVE-2016-8625 - IDNA 2003 makes curl use wrong host
* Thu Oct 20 2016 Kamil Dudka <kdudka@redhat.com> 7.50.3-3
- drop 0103-curl-7.50.0-stunnel.patch no longer needed
* Fri Oct 07 2016 Kamil Dudka <kdudka@redhat.com> 7.50.3-2
- use the just built version of libcurl while generating zsh completion
* Wed Sep 14 2016 Kamil Dudka <kdudka@redhat.com> 7.50.3-1
- new upstream release (fixes CVE-2016-7167)
* Wed Sep 07 2016 Kamil Dudka <kdudka@redhat.com> 7.50.2-1
- new upstream release
* Fri Aug 26 2016 Kamil Dudka <kdudka@redhat.com> 7.50.1-2
- work around race condition in PK11_FindSlotByName()
- fix incorrect use of a previously loaded certificate from file
(related to CVE-2016-5420)
|