{"name":"curl","variants":[{"name":"curl","version":"8.20.0","release":"alt1","arch":"i586","epoch":null,"source_rpm":"curl-8.20.0-alt1.src.rpm","summary":"Gets a file from a FTP, GOPHER or HTTP server","description":"Curl is a client to get documents/files from servers, using any of the\nsupported protocols. The command is designed to work without user\ninteraction or any kind of interactivity.\n\nCurl offers a busload of useful tricks like proxy support, user\nauthentication, ftp upload, HTTP post, file transfer resume and more.","group":"Networking/File transfer","packager":"Anton Farygin <rider@altlinux.org>","buildtime":1777996669,"size":652533,"disttag":"p11+416687.100.2.1","filename":"curl-8.20.0-alt1.i586.rpm","filesize":269315,"deps":{"provides":[{"name":"curl","version":"8.20.0-alt1:p11+416687.100.2.1","flags":8}],"requires":[{"name":"/bin/sh","version":"","flags":16384},{"name":"/lib/ld-linux.so.2","version":"","flags":16384},{"name":"coreutils","version":"","flags":16384},{"name":"sed","version":"","flags":16384},{"name":"libcurl","version":"8.20.0-alt1:p11+416687.100.2.1","flags":16392},{"name":"rpmlib(PayloadIsLzma)","version":"","flags":16777280}],"conflicts":[],"obsoletes":[]},"files":["/usr/bin/curl","/usr/bin/wcurl"],"changelog":[{"time":1777464000,"author":"Anton Farygin <rider@altlinux.org>","evr":"8.20.0-alt1","text":"- 8.19.0 -> 8.20.0\n- Fixes:\n  * CVE-2026-7168: cross-proxy Digest auth state leak\n  * CVE-2026-7009: OCSP stapling bypass with Apple SecTrust\n  * CVE-2026-6429: netrc credential leak with reused proxy connection\n  * CVE-2026-6276: stale custom cookie host causes cookie leak\n  * CVE-2026-6253: proxy credentials leak over redirect-to proxy\n  * CVE-2026-5773: wrong reuse of SMB connection\n  * CVE-2026-5545: wrong reuse of HTTP Negotiate connection\n  * CVE-2026-4873: connection reuse ignores TLS requirement"},{"time":1773230400,"author":"Anton Farygin <rider@altlinux.org>","evr":"8.19.0-alt1","text":"- 8.18.0 -> 8.19.0\n- Fixes:\n  * CVE-2026-3805: use after free in SMB connection reuse\n  * CVE-2026-3784: wrong proxy connection reuse with credentials\n  * CVE-2026-3783: token leak with redirect and netrc\n  * CVE-2026-1965: bad reuse of HTTP Negotiate connection"},{"time":1767960000,"author":"Anton Farygin <rider@altlinux.org>","evr":"8.18.0-alt1","text":"- 8.17.0 -> 8.18.0\n- Fixes:\n  * CVE-2025-15224: libssh key passphrase bypass without agent set\n  * CVE-2025-15079: libssh global known_hosts override\n  * CVE-2025-14819: OpenSSL partial chain store policy bypass\n  * CVE-2025-14524: bearer token leak on cross-protocol redirect\n  * CVE-2025-14017: broken TLS options for threaded LDAPS\n  * CVE-2025-13034: No QUIC certificate pinning with GnuTLS"},{"time":1762344000,"author":"Anton Farygin <rider@altlinux.com>","evr":"8.17.0-alt1","text":"- 8.16.0 -> 8.17.0"},{"time":1757505600,"author":"Anton Farygin <rider@altlinux.com>","evr":"8.16.0-alt1","text":"- 8.15.0 -> 8.16.0 (Fixes:  CVE-2025-10148, CVE-2025-9086)"},{"time":1753185600,"author":"Anton Farygin <rider@altlinux.com>","evr":"8.15.0-alt1","text":"- 8.14.1 -> 8.15.0"},{"time":1750852800,"author":"Anton Farygin <rider@altlinux.com>","evr":"8.14.1-alt2","text":"- Added upstream patch to fix --ftp-pasv option (Closes: #54927)"},{"time":1749038400,"author":"Anton Farygin <rider@altlinux.com>","evr":"8.14.1-alt1","text":"- 8.14.0 -> 8.14.1 (Fixes: CVE-2025-5399)\n- turned on more tests"},{"time":1748433600,"author":"Anton Farygin <rider@altlinux.com>","evr":"8.14.0-alt1","text":"- 8.13.0 -> 8.14.0"},{"time":1743595200,"author":"Anton Farygin <rider@altlinux.com>","evr":"8.13.0-alt1","text":"- 8.12.1 -> 8.13.0"},{"time":1739448000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.12.1-alt1","text":"- 8.12.0 -> 8.12.1"},{"time":1738756800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.12.0-alt1","text":"- 8.11.1 -> 8.12.0 (Fixes:  CVE-2025-0665, CVE-2025-0167, CVE-2025-0725)"},{"time":1733918400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.11.1-alt1","text":"- 8.11.0 -> 8.11.1 (Fixes: CVE-2024-11053)"},{"time":1732968000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.11.0-alt2","text":"- applied upstream commit f5c6169 to fix regression\n  with netrc (Closes: #52093)"},{"time":1730894400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.11.0-alt1","text":"- 8.10.0 -> 8.11.0 (Fixes: CVE-2024-9681)"},{"time":1726056000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.10.0-alt1","text":"- 8.9.1 -> 8.10.0 (Fixes: CVE-2024-8096)"},{"time":1722427200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.9.1-alt1","text":"- 8.9.0 -> 8.9.1 (Fixes: CVE-2024-7264)"},{"time":1721822400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.9.0-alt1","text":"- 8.8.0 -> 8.9.0 (Fixes: CVE-2024-6874, CVE-2024-6197)"},{"time":1719835200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.8.0-alt1","text":"- 8.7.1 -> 8.0.0 (Closes: #49883)"},{"time":1713960000,"author":"Andrey Cherepanov <cas@altlinux.org>","evr":"8.7.1-alt2","text":"- NMU: build with --enable-versioned-symbols"},{"time":1711540800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.7.1-alt1","text":"- 8.6.0 -> 8.7.1\n- Fixes:\n   * CVE-2024-2398: HTTP/2 push headers memory-leak\n   * CVE-2024-2004: Usage of disabled protocol"},{"time":1706702400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.6.0-alt1","text":"- 8.5.0 -> 8.6.0\n- Fixes:\n   * CVE-2024-0853 : OCSP verification bypass with TLS session reuse"},{"time":1701864000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.5.0-alt1","text":"- 8.4.0 -> 8.5.0\n- Fixes:\n   * CVE-2023-46218: cookie mixed case PSL bypass\n   * CVE-2023-46219: HSTS long file name clears contents"},{"time":1697025600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.4.0-alt1","text":"- 8.3.0 -> 8.4.0\n- Fixes:\n   * CVE-2023-38545: SOCKS5 heap buffer overflow\n   * CVE-2023-38546"},{"time":1694606400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.3.0-alt1","text":"- 8.2.1 -> 8.3.0\n- Fixes:\n   * CVE-2023-38039 HTTP headers eat all memory\n- relaxed check on armh"},{"time":1690372800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.2.1-alt1","text":"- 8.2.0 -> 8.2.1"},{"time":1689768000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.2.0-alt1","text":"- 8.1.2 -> 8.2.0\n- Fixes:\n   * CVE-2023-32001 fopen race condition"},{"time":1687694400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.1.2-alt2","text":"- built with ngtcp 0.16 and nghttp3 (apply patches from upstream git)"},{"time":1685448000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.1.2-alt1","text":"- 8.1.0 -> 8.1.2"},{"time":1684411200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.1.0-alt2","text":"- built with Gnutls only if QUIC is available"},{"time":1684411200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.1.0-alt1","text":"- 8.0.1 -> 8.1.0\n- descreased the number of tests: apache2-* was removed from BuildRequires to\n  avoid circular dependencies curl -> apache2-mods -> libcurl\n- Fixes:\n   * CVE-2023-28319 UAF in SSH sha256 fingerprint check\n   * CVE-2023-28320 siglongjmp race condition\n   * CVE-2023-28321 IDN wildcard match\n   * CVE-2023-28322 more POST-after-PUT confusion"},{"time":1679400000,"author":"Alexey Shabalin <shaba@altlinux.org>","evr":"8.0.1-alt2","text":"- disable build static library\n- fix configure options\n- fix build with libssh2\n- build with WebSockets support\n- build with gnutls instead of openssl, and build with http3 support\n- increased the number of tests to be execute"},{"time":1679313600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.0.1-alt1","text":"- 8.0.0 -> 8.0.1"},{"time":1679313600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.0.0-alt1","text":"- 7.88.1 -> 8.0.0 (Fixes:  CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536,\n   CVE-2023-27537, CVE-2023-27538)"},{"time":1676894400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.88.1-alt1","text":"- 7.88.0 -> 7.88.1"},{"time":1676462400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.88.0-alt1","text":"- 7.87.0 -> 7.88.0 (Closes: #45281)\n- Fixes:\n  * CVE-2023-23914: HSTS ignored on multiple requests\n  * CVE-2023-23915: HSTS amnesia with --parallel\n  * CVE-2023-23916: HTTP multi-header compression denial of service"},{"time":1671624000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.87.0-alt1","text":"- 7.86.0 -> 7.87.0\n- Fixes:\n  * CVE-2022-43551: Another HSTS bypass via IDN\n  * CVE-2022-43552: HTTP Proxy deny use-after-free"},{"time":1666785600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.86.0-alt1","text":"- 7.85.0 -> 7.86.0\n- Fixes:\n  * CVE-2022-32221: POST following PUT confusion\n  * CVE-2022-35260: .netrc parser out-of-bounds access\n  * CVE-2022-42915: HTTP proxy double-free\n  * CVE-2022-42916: HSTS bypass via IDN"},{"time":1661947200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.85.0-alt1","text":"- 7.84.0 -> 7.85.0\n- Fixes:\n  * CVE-2022-35252: control code in cookie denial of service"},{"time":1660132800,"author":"Egor Ignatov <egori@altlinux.org>","evr":"7.84.0-alt2","text":"- backport upstream fixes:\n  + lib3026: reduce the number of threads to 100 (#9172)\n  + easy_lock.h: include sched.h if available to fix build (#9054)"},{"time":1656331200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.84.0-alt1","text":"- 7.84.0\n- Fixes:\n  * CVE-2022-32208: FTP-KRB bad message verification\n  * CVE-2022-32207: Unpreserved file permissions\n  * CVE-2022-32206: HTTP compression denial of service\n  * CVE-2022-32205: Set-Cookie denial of service"},{"time":1652270400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.83.1-alt1","text":"- 7.83.1\n- Fixes:\n  * CVE-2022-30115: HSTS bypass via trailing dot\n  * CVE-2022-27782: TLS and SSH connection too eager reuse\n  * CVE-2022-27781: CERTINFO never-ending busy-loop\n  * CVE-2022-27780: percent-encoded path separator in URL host\n  * CVE-2022-27779: cookie for trailing dot TLD\n  * CVE-2022-27778: curl removes wrong file on error"},{"time":1651147200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.83.0-alt1","text":"- 7.83.0 (Fixes: CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776)"},{"time":1646827200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.82.0-alt1","text":"- 7.81.0 -> 7.82.0"},{"time":1641643200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.81.0-alt2","text":"- disabled rewindaftersend logic for auth via kerberos to resolve problems with\n  hdfs (fix for curl issue #8264)"},{"time":1641384000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.81.0-alt1","text":"- 7.80.0 -> 7.81.0"},{"time":1637409600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.80.0-alt1","text":"- 7.79.1 -> 7.80.0"},{"time":1632571200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.79.1-alt1","text":"- 7.79.1"},{"time":1632225600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.79.0-alt2","text":"- added patches from curl upstream:\n  * b2e72d2 http: fix the broken >3 digit response code detection\n  * e0742ce Curl_http2_setup: don't change connection data on repeat invokes"},{"time":1631707200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.79.0-alt1","text":"- 7.79.0\n- Fixes:\n  * CVE-2021-22945 clear the leftovers pointer when sending succeeds\n  * CVE-2021-22946 do not ignore --ssl-reqd\n  * CVE-2021-22947 reject STARTTLS server response pipelining"},{"time":1631275200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.78.0-alt2","text":"- fixed FTBFS via -ffat-lto-objects"},{"time":1627387200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.78.0-alt1","text":"- 7.78.0"},{"time":1622030400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.77.0-alt1","text":"- 7.77.0\n- Fixes:\n  * CVE-2021-22897 schannel cipher selection surprise\n  * CVE-2021-22898 TELNET stack contents disclosure\n  * CVE-2021-22901 TLS session caching disaster"},{"time":1618488000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.76.1-alt1","text":"- 7.76.1"},{"time":1617192000,"author":"Anton Farygin <rider@altlinux.org>","evr":"7.76.0-alt1","text":"- 7.76.0\n- Fixes:\n  * CVE-2021-22876 strip credentials from the auto-referer header field\n  * CVE-2021-22890 add 'isproxy' argument to Curl_ssl_get/addsessionid()"},{"time":1614254400,"author":"Anton Farygin <rider@altlinux.org>","evr":"7.75.0-alt1","text":"- 7.75.0"},{"time":1609329600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.74.0-alt1","text":"- 7.74.0\n- Fixes:\n  * CVE-2020-8286 Inferior OCSP verification\n  * CVE-2020-8285 FTP wildcard stack overflow\n  * CVE-2020-8284 trusting FTP PASV responses"},{"time":1602676800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.73.0-alt1","text":"- 7.73.0"},{"time":1597838400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.72.0-alt1","text":"- 7.72.0\n- fixes:\n  * CVE-2020-8231: libcurl: wrong connect-only connection"},{"time":1593777600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.71.1-alt1","text":"- 7.71.1\n- add python3 to BR for tests"},{"time":1593000000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.71.0-alt1","text":"- 7.71.0\n- fixes:\n  * CVE-2020-8177: curl overwrite local file with -J\n  * CVE-2020-8169: Partial password leak over DNS on HTTP redirect"},{"time":1588161600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.70.0-alt1","text":"- 7.70.0\n- removed DEV from version string (with maketgz script)"},{"time":1583928000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.69.1-alt1","text":"- 7.69.1"},{"time":1583928000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.69.0-alt1","text":"- 7.69.0"},{"time":1578657600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.68.0-alt1","text":"- 7.68.0"},{"time":1573473600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.67.0-alt1","text":"- 7.67.0"},{"time":1568203200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.66.0-alt1","text":"- 7.66.0\n- fixes:\n * CVE-2019-5481: FTP-KRB double-free \n * CVE-2019-5482: TFTP small blocksize heap buffer overflow"},{"time":1563883200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.65.3-alt1","text":"- 7.65.3"},{"time":1559736000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.65.1-alt1","text":"- 7.65.1"},{"time":1558526400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.65.0-alt1","text":"- 7.65.0\n- fixes:\n  * CVE-2019-5435: Integer overflows in curl_url_set\n  * CVE-2019-5436: tftp: use the current blksize for recvfrom"},{"time":1553774400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.64.1-alt1","text":"- 7.64.1"},{"time":1552564800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.64.0-alt2","text":"- increased level of verbosity in make check stage"},{"time":1549454400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.64.0-alt1","text":"- 7.64.0\n- fixes:\n  * CVE-2018-16890: NTLM type-2 out-of-bounds buffer read\n  * CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow\n  * CVE-2019-3823: SMTP end-of-response out-of-bounds read"},{"time":1544616000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.63.0-alt1","text":"- 7.63.0"},{"time":1542196800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.62.0-alt3","text":"- enabled idn support (closes: #34103)\n- enabled ldap support\n- enabled brotli support"},{"time":1541073600,"author":"Michael Shigorin <mike@altlinux.org>","evr":"7.62.0-alt2","text":"- added nghttp2 knob (on by default)"},{"time":1540987200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.62.0-alt1","text":"- 7.62.0 \n- fixes:\n  * CVE-2018-16839 - buffer overrun in the SASL authentication code. \n  * CVE-2018-16840 - use-after-free in handle close\n  * CVE-2018-16842 - warning message out-of-buffer read"},{"time":1539259200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.61.1-alt2","text":"- enabled HTTP/2 support"},{"time":1536494400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.61.1-alt1","text":"- 7.61.1 (fixes: CVE-2018-14618)"},{"time":1534420800,"author":"Gleb F-Malinovskiy <glebfm@altlinux.org>","evr":"7.61.0-alt2","text":"- Rebuilt with openssl 1.1.\n- Added BR: libkrb5-devel."},{"time":1531828800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.61.0-alt1","text":"- 7.61.0\n- fixes:\n  * CVE-2018-0500 SMTP send heap buffer overflow"},{"time":1526472000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.60.0-alt1","text":"- 7.60.0 \n- fixes:\n  * CVE-2018-1000300 FTP shutdown response buffer overflow\n  * CVE-2018-1000301 RTSP bad headers buffer over-read"},{"time":1522497600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.59.0-alt1","text":"- new version \n- fixes: \n  * CVE-2018-1000120 FTP path trickery leads to NIL byte out of bounds write\n  * CVE-2018-1000121 LDAP NULL pointer dereference\n  * CVE-2018-1000122  RTSP RTP buffer over-read"},{"time":1516795200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.58.0-alt1","text":"- new version\n- fixes:\n  * CVE-2018-1000005 HTTP/2 trailer out-of-bounds read\n  * CVE-2018-1000007 HTTP authentication leak in redirects"},{"time":1512129600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.57.0-alt1","text":"- new version\n- fixes:\n  * CVE-2017-8818 SSL out of buffer access\n  * CVE-2017-8817 FTP wildcard out of bounds read\n  * CVE-2017-8816 NTLM buffer overflow via integer overflow"},{"time":1508760000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.56.1-alt1","text":"- new version\n- fixes:\n  * CVE-2017-1000257 libcurl contains a buffer overrun flaw in the IMAP handler"},{"time":1507118400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.56.0-alt1","text":"- new version\n- fixes:\n  * CVE-2017-1000254 libcurl may read outside of a heap allocated buffer when doing FTP."},{"time":1502712000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.55.1-alt1","text":"- new version"},{"time":1502280000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.55.0-alt1","text":"- new version with following security fixes:\n   * CVE-2017-1000101 glob: do not parse after a strtoul() overflow range\n   * CVE-2017-1000100 tftp: reject file name lengths that don't fit\n   * CVE-2017-1000099 file: output the correct buffer to the user"},{"time":1497441600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.54.1-alt1","text":"- new version with security fixes:\n  CVE-2017-9502: URL file scheme drive letter buffer overflow"},{"time":1492603200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.54.0-alt1","text":"- new version with security fixes:\n  CVE-2016-5419: TLS session resumption client cert bypass (again)"},{"time":1488196800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.53.1-alt1","text":"- new version"},{"time":1487764800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.53.0-alt1","text":"- new version with security fixes:\n  CVE-2017-2629: SSL_VERIFYSTATUS ignored"},{"time":1482494400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.52.1-alt1","text":"- new version with security fixes:\n  CVE-2016-9594: uninitialized random"},{"time":1482321600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.52.0-alt1","text":"- new version with security fixes:\n  CVE-2016-9586: printf floating point buffer overflow"},{"time":1481112000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.51.0-alt2","text":"- enabled gssapi (closes: #32862)"},{"time":1478088000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.51.0-alt1","text":"- new version with security fixes:\n  CVE-2016-8615: cookie injection for other servers \n  CVE-2016-8616: case insensitive password comparison \n  CVE-2016-8617: OOB write via unchecked multiplication \n  CVE-2016-8618: double-free in curl_maprintf \n  CVE-2016-8619: double-free in krb5 code \n  CVE-2016-8620: glob parser write/read out of bounds \n  CVE-2016-8621: curl_getdate read out of bounds \n  CVE-2016-8622: URL unescape heap overflow via integer truncation \n  CVE-2016-8623: Use-after-free via shared cookies \n  CVE-2016-8624: invalid URL parsing with '#'\n  CVE-2016-8625: IDNA 2003 makes curl use wrong host"},{"time":1477569600,"author":"Vladimir D. Seleznev <vseleznv@altlinux.org>","evr":"7.50.3-alt2","text":"- libcurl-devel: packaged libcurl.m4"},{"time":1473854400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.50.3-alt1","text":"- new version with security fixes (CVE-2016-7167)"},{"time":1473422400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.50.2-alt1","text":"- new version"},{"time":1472212800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.50.1-alt1","text":"- new version"},{"time":1469102400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.50.0-alt1","text":"- new version"},{"time":1464609600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.49.1-alt1","text":"- new version"},{"time":1464004800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.49.0-alt1","text":"- new version"},{"time":1458820800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.48.0-alt1","text":"- new version"},{"time":1457784000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.47.1-alt1","text":"- new version"},{"time":1450008000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.46.0-alt2","text":"- enabled http2 support (closes: #31617)"},{"time":1449489600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.46.0-alt1","text":"- new version"},{"time":1445169600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.45.0-alt1","text":"- new version"},{"time":1434715200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.43.0-alt1","text":"- new version, with fixes for CVE-2015-3236, CVE-2015-3237"},{"time":1430308800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.42.1-alt1","text":"- new version, with fixes for CVE-2015-3153"},{"time":1429704000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.42.0-alt1","text":"- new version, with fixes for CVE-2015-3148, CVE-2015-3143, CVE-2015-3145 \n  and CVE-2015-3144"},{"time":1424865600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.41.0-alt1","text":"- new version"},{"time":1421236800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.40.0-alt1","text":"- new version"},{"time":1415188800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.39.0-alt1","text":"- new version"},{"time":1414670400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.38.0-alt2","text":"- threaded-resolver: revert Curl_expire_latest() switch (closes: #30427)"},{"time":1410350400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.38.0-alt1","text":"- new version"},{"time":1406203200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.37.1-alt1","text":"- new version"},{"time":1402056000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.37.0-alt1","text":"- new version"},{"time":1395835200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.36.0-alt1","text":"- new version\n- added watch file"},{"time":1392379200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.35.0-alt2","text":"- test172 fixed by upstream"},{"time":1390996800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.35.0-alt1","text":"- new version"},{"time":1387281600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.34.0-alt1","text":"- new version"},{"time":1382529600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.33.0-alt1","text":"- new version"},{"time":1376654400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.32.0-alt1","text":"- new version"},{"time":1372075200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.31.0-alt1","text":"- new version"},{"time":1366113600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.30.0-alt1","text":"- new version"},{"time":1360584000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.29.0-alt2","text":"- Fix NULL pointer reference when closing an unused multi handle (closes: #28534)"},{"time":1360152000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.29.0-alt1","text":"- new version"},{"time":1347969600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.27.0-alt1","text":"- new version"},{"time":1338292800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.26.0-alt1","text":"- new version"},{"time":1327406400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.24.0-alt1","text":"- new version (fixes two separate security vulnerabilities)"},{"time":1322136000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.23.1-alt1","text":"- new version"},{"time":1316174400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.22.0-alt1","text":"- new version"},{"time":1309176000,"author":"Gleb F-Malinovskiy <glebfm@altlinux.org>","evr":"7.21.7-alt1","text":"- new version (CVE-2011-2192)"},{"time":1303560000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.6-alt1","text":"- new version"},{"time":1303128000,"author":"Gleb F-Malinovskiy <glebfm@altlinux.org>","evr":"7.21.5-alt2","text":"- fix curl-config script:\n + version: replace VERSION with CURLVERSION\n + checkfor: add Requires: bc"},{"time":1303128000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.5-alt1","text":"- new version"},{"time":1300190400,"author":"Alexey Tourbin <at@altlinux.ru>","evr":"7.21.4-alt2","text":"- libcurl-devel: removed dependencies on libidn-devel libssl-devel zlib-devel\n- applied debug.patch from Fedora to enable -g in CFLAGS"},{"time":1298721600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.4-alt1","text":"- new version\n- enabled test check"},{"time":1297166400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.3-alt1","text":"- new version\n- test suite temporary disabled (it does not work in hasher)"},{"time":1286971200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.2-alt1","text":"- new version"},{"time":1285934400,"author":"Dmitry V. Levin <ldv@altlinux.org>","evr":"7.21.1-alt3","text":"- Removed unused requirement on libcares.\n- Cleaned up package descriptions.\n- Enabled test suite.\n- Built with libssl.so.10."},{"time":1282305600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.1-alt2","text":"- build without libcares (fixed #23891,#23486)"},{"time":1281614400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.1-alt1","text":"- new version\n- enabled build with libssh2"},{"time":1277812800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.0-alt1","text":"- new version"},{"time":1271332800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.20.1-alt1","text":"- new version"},{"time":1265889600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.20.0-alt1","text":"- new version"},{"time":1257681600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.7-alt1","text":"- new version"},{"time":1250164800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.6-alt1","text":"- new version (CVE-2009-2417)"},{"time":1236427200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.4-alt2","text":"- build curl with really external libcares (fixed #19097)"},{"time":1236081600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.4-alt1","text":"- new version (CVE-2009-0037)"},{"time":1234180800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.3-alt3","text":"- build from cvs"},{"time":1234180800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.3-alt2","text":"- curl-config --libs fixed (#18779)"},{"time":1233144000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.3-alt1","text":"- new version"},{"time":1226664000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.2-alt1","text":"- new version"}],"placements":[{"branch":"p11","component":"classic","arch":"i586","kind":"binary"}]},{"name":"curl","version":"8.12.0","release":"alt2","arch":"src","epoch":null,"source_rpm":"curl-8.12.0-alt2.src.rpm","summary":"Gets a file from a FTP, GOPHER or HTTP server","description":"Curl is a client to get documents/files from servers, using any of the\nsupported protocols. The command is designed to work without user\ninteraction or any kind of interactivity.\n\nCurl offers a busload of useful tricks like proxy support, user\nauthentication, ftp upload, HTTP post, file transfer resume and more.","group":"Networking/File transfer","packager":"Roman Efimenkov <trogjan@altlinux.org>","buildtime":null,"size":20783563,"disttag":null,"filename":"curl-8.12.0-alt2.src.rpm","filesize":2325790,"deps":{"provides":[],"requires":[{"name":"libgnutls30","version":"","flags":0},{"name":"groff-base","version":"","flags":0},{"name":"libidn2-devel","version":"","flags":0},{"name":"libkrb5-devel","version":"","flags":0},{"name":"libgsasl-devel","version":"","flags":0},{"name":"zlib-devel","version":"","flags":0},{"name":"libzstd-devel","version":"","flags":0},{"name":"libpsl-devel","version":"","flags":0},{"name":"libldap-devel","version":"","flags":0},{"name":"libbrotli-devel","version":"","flags":0},{"name":"python3-base","version":"","flags":0},{"name":"/proc","version":"","flags":0},{"name":"libnghttp2-tools","version":"","flags":0},{"name":"gnutls-utils","version":"","flags":0},{"name":"/usr/bin/stunnel","version":"","flags":0},{"name":"perl(Digest/SHA.pm)","version":"","flags":0},{"name":"perl(Memoize.pm)","version":"","flags":0},{"name":"openssh-server","version":"","flags":0},{"name":"openssh-clients","version":"","flags":0},{"name":"caddy","version":"","flags":0},{"name":"pytest3","version":"","flags":0},{"name":"python3-module-cryptography","version":"","flags":0},{"name":"libssl-devel","version":"","flags":0},{"name":"libssh2-devel","version":"","flags":0},{"name":"libnghttp2-devel","version":"","flags":0},{"name":"rpmlib(PayloadIsLzma)","version":"","flags":16777280}],"conflicts":[],"obsoletes":[]},"files":[],"changelog":[{"time":1778673600,"author":"Roman Efimenkov <trogjan@altlinux.org>","evr":"8.12.0-alt2","text":"- Applied upstream patch (fixes: CVE-2026-3783)."},{"time":1738756800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.12.0-alt1","text":"- 8.11.1 -> 8.12.0 (Fixes:  CVE-2025-0665, CVE-2025-0167, CVE-2025-0725)"},{"time":1733918400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.11.1-alt1","text":"- 8.11.0 -> 8.11.1 (Fixes: CVE-2024-11053)"},{"time":1732968000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.11.0-alt2","text":"- applied upstream commit f5c6169 to fix regression\n  with netrc (Closes: #52093)"},{"time":1730894400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.11.0-alt1","text":"- 8.10.0 -> 8.11.0 (Fixes: CVE-2024-9681)"},{"time":1726056000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.10.0-alt1","text":"- 8.9.1 -> 8.10.0 (Fixes: CVE-2024-8096)"},{"time":1722427200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.9.1-alt1","text":"- 8.9.0 -> 8.9.1 (Fixes: CVE-2024-7264)"},{"time":1721822400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.9.0-alt1","text":"- 8.8.0 -> 8.9.0 (Fixes: CVE-2024-6874, CVE-2024-6197)"},{"time":1719835200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.8.0-alt1","text":"- 8.7.1 -> 8.0.0 (Closes: #49883)"},{"time":1713960000,"author":"Andrey Cherepanov <cas@altlinux.org>","evr":"8.7.1-alt2","text":"- NMU: build with --enable-versioned-symbols"},{"time":1711540800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.7.1-alt1","text":"- 8.6.0 -> 8.7.1\n- Fixes:\n   * CVE-2024-2398: HTTP/2 push headers memory-leak\n   * CVE-2024-2004: Usage of disabled protocol"},{"time":1706702400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.6.0-alt1","text":"- 8.5.0 -> 8.6.0\n- Fixes:\n   * CVE-2024-0853 : OCSP verification bypass with TLS session reuse"},{"time":1701864000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.5.0-alt1","text":"- 8.4.0 -> 8.5.0\n- Fixes:\n   * CVE-2023-46218: cookie mixed case PSL bypass\n   * CVE-2023-46219: HSTS long file name clears contents"},{"time":1697025600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.4.0-alt1","text":"- 8.3.0 -> 8.4.0\n- Fixes:\n   * CVE-2023-38545: SOCKS5 heap buffer overflow\n   * CVE-2023-38546"},{"time":1694606400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.3.0-alt1","text":"- 8.2.1 -> 8.3.0\n- Fixes:\n   * CVE-2023-38039 HTTP headers eat all memory\n- relaxed check on armh"},{"time":1690372800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.2.1-alt1","text":"- 8.2.0 -> 8.2.1"},{"time":1689768000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.2.0-alt1","text":"- 8.1.2 -> 8.2.0\n- Fixes:\n   * CVE-2023-32001 fopen race condition"},{"time":1687694400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.1.2-alt2","text":"- built with ngtcp 0.16 and nghttp3 (apply patches from upstream git)"},{"time":1685448000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.1.2-alt1","text":"- 8.1.0 -> 8.1.2"},{"time":1684411200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.1.0-alt2","text":"- built with Gnutls only if QUIC is available"},{"time":1684411200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.1.0-alt1","text":"- 8.0.1 -> 8.1.0\n- descreased the number of tests: apache2-* was removed from BuildRequires to\n  avoid circular dependencies curl -> apache2-mods -> libcurl\n- Fixes:\n   * CVE-2023-28319 UAF in SSH sha256 fingerprint check\n   * CVE-2023-28320 siglongjmp race condition\n   * CVE-2023-28321 IDN wildcard match\n   * CVE-2023-28322 more POST-after-PUT confusion"},{"time":1679400000,"author":"Alexey Shabalin <shaba@altlinux.org>","evr":"8.0.1-alt2","text":"- disable build static library\n- fix configure options\n- fix build with libssh2\n- build with WebSockets support\n- build with gnutls instead of openssl, and build with http3 support\n- increased the number of tests to be execute"},{"time":1679313600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.0.1-alt1","text":"- 8.0.0 -> 8.0.1"},{"time":1679313600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.0.0-alt1","text":"- 7.88.1 -> 8.0.0 (Fixes:  CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536,\n   CVE-2023-27537, CVE-2023-27538)"},{"time":1676894400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.88.1-alt1","text":"- 7.88.0 -> 7.88.1"},{"time":1676462400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.88.0-alt1","text":"- 7.87.0 -> 7.88.0 (Closes: #45281)\n- Fixes:\n  * CVE-2023-23914: HSTS ignored on multiple requests\n  * CVE-2023-23915: HSTS amnesia with --parallel\n  * CVE-2023-23916: HTTP multi-header compression denial of service"},{"time":1671624000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.87.0-alt1","text":"- 7.86.0 -> 7.87.0\n- Fixes:\n  * CVE-2022-43551: Another HSTS bypass via IDN\n  * CVE-2022-43552: HTTP Proxy deny use-after-free"},{"time":1666785600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.86.0-alt1","text":"- 7.85.0 -> 7.86.0\n- Fixes:\n  * CVE-2022-32221: POST following PUT confusion\n  * CVE-2022-35260: .netrc parser out-of-bounds access\n  * CVE-2022-42915: HTTP proxy double-free\n  * CVE-2022-42916: HSTS bypass via IDN"},{"time":1661947200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.85.0-alt1","text":"- 7.84.0 -> 7.85.0\n- Fixes:\n  * CVE-2022-35252: control code in cookie denial of service"},{"time":1660132800,"author":"Egor Ignatov <egori@altlinux.org>","evr":"7.84.0-alt2","text":"- backport upstream fixes:\n  + lib3026: reduce the number of threads to 100 (#9172)\n  + easy_lock.h: include sched.h if available to fix build (#9054)"},{"time":1656331200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.84.0-alt1","text":"- 7.84.0\n- Fixes:\n  * CVE-2022-32208: FTP-KRB bad message verification\n  * CVE-2022-32207: Unpreserved file permissions\n  * CVE-2022-32206: HTTP compression denial of service\n  * CVE-2022-32205: Set-Cookie denial of service"},{"time":1652270400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.83.1-alt1","text":"- 7.83.1\n- Fixes:\n  * CVE-2022-30115: HSTS bypass via trailing dot\n  * CVE-2022-27782: TLS and SSH connection too eager reuse\n  * CVE-2022-27781: CERTINFO never-ending busy-loop\n  * CVE-2022-27780: percent-encoded path separator in URL host\n  * CVE-2022-27779: cookie for trailing dot TLD\n  * CVE-2022-27778: curl removes wrong file on error"},{"time":1651147200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.83.0-alt1","text":"- 7.83.0 (Fixes: CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776)"},{"time":1646827200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.82.0-alt1","text":"- 7.81.0 -> 7.82.0"},{"time":1641643200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.81.0-alt2","text":"- disabled rewindaftersend logic for auth via kerberos to resolve problems with\n  hdfs (fix for curl issue #8264)"},{"time":1641384000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.81.0-alt1","text":"- 7.80.0 -> 7.81.0"},{"time":1637409600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.80.0-alt1","text":"- 7.79.1 -> 7.80.0"},{"time":1632571200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.79.1-alt1","text":"- 7.79.1"},{"time":1632225600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.79.0-alt2","text":"- added patches from curl upstream:\n  * b2e72d2 http: fix the broken >3 digit response code detection\n  * e0742ce Curl_http2_setup: don't change connection data on repeat invokes"},{"time":1631707200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.79.0-alt1","text":"- 7.79.0\n- Fixes:\n  * CVE-2021-22945 clear the leftovers pointer when sending succeeds\n  * CVE-2021-22946 do not ignore --ssl-reqd\n  * CVE-2021-22947 reject STARTTLS server response pipelining"},{"time":1631275200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.78.0-alt2","text":"- fixed FTBFS via -ffat-lto-objects"},{"time":1627387200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.78.0-alt1","text":"- 7.78.0"},{"time":1622030400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.77.0-alt1","text":"- 7.77.0\n- Fixes:\n  * CVE-2021-22897 schannel cipher selection surprise\n  * CVE-2021-22898 TELNET stack contents disclosure\n  * CVE-2021-22901 TLS session caching disaster"},{"time":1618488000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.76.1-alt1","text":"- 7.76.1"},{"time":1617192000,"author":"Anton Farygin <rider@altlinux.org>","evr":"7.76.0-alt1","text":"- 7.76.0\n- Fixes:\n  * CVE-2021-22876 strip credentials from the auto-referer header field\n  * CVE-2021-22890 add 'isproxy' argument to Curl_ssl_get/addsessionid()"},{"time":1614254400,"author":"Anton Farygin <rider@altlinux.org>","evr":"7.75.0-alt1","text":"- 7.75.0"},{"time":1609329600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.74.0-alt1","text":"- 7.74.0\n- Fixes:\n  * CVE-2020-8286 Inferior OCSP verification\n  * CVE-2020-8285 FTP wildcard stack overflow\n  * CVE-2020-8284 trusting FTP PASV responses"},{"time":1602676800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.73.0-alt1","text":"- 7.73.0"},{"time":1597838400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.72.0-alt1","text":"- 7.72.0\n- fixes:\n  * CVE-2020-8231: libcurl: wrong connect-only connection"},{"time":1593777600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.71.1-alt1","text":"- 7.71.1\n- add python3 to BR for tests"},{"time":1593000000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.71.0-alt1","text":"- 7.71.0\n- fixes:\n  * CVE-2020-8177: curl overwrite local file with -J\n  * CVE-2020-8169: Partial password leak over DNS on HTTP redirect"},{"time":1588161600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.70.0-alt1","text":"- 7.70.0\n- removed DEV from version string (with maketgz script)"},{"time":1583928000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.69.1-alt1","text":"- 7.69.1"},{"time":1583928000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.69.0-alt1","text":"- 7.69.0"},{"time":1578657600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.68.0-alt1","text":"- 7.68.0"},{"time":1573473600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.67.0-alt1","text":"- 7.67.0"},{"time":1568203200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.66.0-alt1","text":"- 7.66.0\n- fixes:\n * CVE-2019-5481: FTP-KRB double-free\n * CVE-2019-5482: TFTP small blocksize heap buffer overflow"},{"time":1563883200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.65.3-alt1","text":"- 7.65.3"},{"time":1559736000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.65.1-alt1","text":"- 7.65.1"},{"time":1558526400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.65.0-alt1","text":"- 7.65.0\n- fixes:\n  * CVE-2019-5435: Integer overflows in curl_url_set\n  * CVE-2019-5436: tftp: use the current blksize for recvfrom"},{"time":1553774400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.64.1-alt1","text":"- 7.64.1"},{"time":1552564800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.64.0-alt2","text":"- increased level of verbosity in make check stage"},{"time":1549454400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.64.0-alt1","text":"- 7.64.0\n- fixes:\n  * CVE-2018-16890: NTLM type-2 out-of-bounds buffer read\n  * CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow\n  * CVE-2019-3823: SMTP end-of-response out-of-bounds read"},{"time":1544616000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.63.0-alt1","text":"- 7.63.0"},{"time":1542196800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.62.0-alt3","text":"- enabled idn support (closes: #34103)\n- enabled ldap support\n- enabled brotli support"},{"time":1541073600,"author":"Michael Shigorin <mike@altlinux.org>","evr":"7.62.0-alt2","text":"- added nghttp2 knob (on by default)"},{"time":1540987200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.62.0-alt1","text":"- 7.62.0\n- fixes:\n  * CVE-2018-16839 - buffer overrun in the SASL authentication code.\n  * CVE-2018-16840 - use-after-free in handle close\n  * CVE-2018-16842 - warning message out-of-buffer read"},{"time":1539259200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.61.1-alt2","text":"- enabled HTTP/2 support"},{"time":1536494400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.61.1-alt1","text":"- 7.61.1 (fixes: CVE-2018-14618)"},{"time":1534420800,"author":"Gleb F-Malinovskiy <glebfm@altlinux.org>","evr":"7.61.0-alt2","text":"- Rebuilt with openssl 1.1.\n- Added BR: libkrb5-devel."},{"time":1531828800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.61.0-alt1","text":"- 7.61.0\n- fixes:\n  * CVE-2018-0500 SMTP send heap buffer overflow"},{"time":1526472000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.60.0-alt1","text":"- 7.60.0\n- fixes:\n  * CVE-2018-1000300 FTP shutdown response buffer overflow\n  * CVE-2018-1000301 RTSP bad headers buffer over-read"},{"time":1522497600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.59.0-alt1","text":"- new version\n- fixes:\n  * CVE-2018-1000120 FTP path trickery leads to NIL byte out of bounds write\n  * CVE-2018-1000121 LDAP NULL pointer dereference\n  * CVE-2018-1000122  RTSP RTP buffer over-read"},{"time":1516795200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.58.0-alt1","text":"- new version\n- fixes:\n  * CVE-2018-1000005 HTTP/2 trailer out-of-bounds read\n  * CVE-2018-1000007 HTTP authentication leak in redirects"},{"time":1512129600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.57.0-alt1","text":"- new version\n- fixes:\n  * CVE-2017-8818 SSL out of buffer access\n  * CVE-2017-8817 FTP wildcard out of bounds read\n  * CVE-2017-8816 NTLM buffer overflow via integer overflow"},{"time":1508760000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.56.1-alt1","text":"- new version\n- fixes:\n  * CVE-2017-1000257 libcurl contains a buffer overrun flaw in the IMAP handler"},{"time":1507118400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.56.0-alt1","text":"- new version\n- fixes:\n  * CVE-2017-1000254 libcurl may read outside of a heap allocated buffer when doing FTP."},{"time":1502712000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.55.1-alt1","text":"- new version"},{"time":1502280000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.55.0-alt1","text":"- new version with following security fixes:\n   * CVE-2017-1000101 glob: do not parse after a strtoul() overflow range\n   * CVE-2017-1000100 tftp: reject file name lengths that don't fit\n   * CVE-2017-1000099 file: output the correct buffer to the user"},{"time":1497441600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.54.1-alt1","text":"- new version with security fixes:\n  CVE-2017-9502: URL file scheme drive letter buffer overflow"},{"time":1492603200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.54.0-alt1","text":"- new version with security fixes:\n  CVE-2016-5419: TLS session resumption client cert bypass (again)"},{"time":1488196800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.53.1-alt1","text":"- new version"},{"time":1487764800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.53.0-alt1","text":"- new version with security fixes:\n  CVE-2017-2629: SSL_VERIFYSTATUS ignored"},{"time":1482494400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.52.1-alt1","text":"- new version with security fixes:\n  CVE-2016-9594: uninitialized random"},{"time":1482321600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.52.0-alt1","text":"- new version with security fixes:\n  CVE-2016-9586: printf floating point buffer overflow"},{"time":1481112000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.51.0-alt2","text":"- enabled gssapi (closes: #32862)"},{"time":1478088000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.51.0-alt1","text":"- new version with security fixes:\n  CVE-2016-8615: cookie injection for other servers\n  CVE-2016-8616: case insensitive password comparison\n  CVE-2016-8617: OOB write via unchecked multiplication\n  CVE-2016-8618: double-free in curl_maprintf\n  CVE-2016-8619: double-free in krb5 code\n  CVE-2016-8620: glob parser write/read out of bounds\n  CVE-2016-8621: curl_getdate read out of bounds\n  CVE-2016-8622: URL unescape heap overflow via integer truncation\n  CVE-2016-8623: Use-after-free via shared cookies\n  CVE-2016-8624: invalid URL parsing with '#'\n  CVE-2016-8625: IDNA 2003 makes curl use wrong host"},{"time":1477569600,"author":"Vladimir D. Seleznev <vseleznv@altlinux.org>","evr":"7.50.3-alt2","text":"- libcurl-devel: packaged libcurl.m4"},{"time":1473854400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.50.3-alt1","text":"- new version with security fixes (CVE-2016-7167)"},{"time":1473422400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.50.2-alt1","text":"- new version"},{"time":1472212800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.50.1-alt1","text":"- new version"},{"time":1469102400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.50.0-alt1","text":"- new version"},{"time":1464609600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.49.1-alt1","text":"- new version"},{"time":1464004800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.49.0-alt1","text":"- new version"},{"time":1458820800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.48.0-alt1","text":"- new version"},{"time":1457784000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.47.1-alt1","text":"- new version"},{"time":1450008000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.46.0-alt2","text":"- enabled http2 support (closes: #31617)"},{"time":1449489600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.46.0-alt1","text":"- new version"},{"time":1445169600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.45.0-alt1","text":"- new version"},{"time":1434715200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.43.0-alt1","text":"- new version, with fixes for CVE-2015-3236, CVE-2015-3237"},{"time":1430308800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.42.1-alt1","text":"- new version, with fixes for CVE-2015-3153"},{"time":1429704000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.42.0-alt1","text":"- new version, with fixes for CVE-2015-3148, CVE-2015-3143, CVE-2015-3145\n  and CVE-2015-3144"},{"time":1424865600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.41.0-alt1","text":"- new version"},{"time":1421236800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.40.0-alt1","text":"- new version"},{"time":1415188800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.39.0-alt1","text":"- new version"},{"time":1414670400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.38.0-alt2","text":"- threaded-resolver: revert Curl_expire_latest() switch (closes: #30427)"},{"time":1410350400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.38.0-alt1","text":"- new version"},{"time":1406203200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.37.1-alt1","text":"- new version"},{"time":1402056000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.37.0-alt1","text":"- new version"},{"time":1395835200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.36.0-alt1","text":"- new version\n- added watch file"},{"time":1392379200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.35.0-alt2","text":"- test172 fixed by upstream"},{"time":1390996800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.35.0-alt1","text":"- new version"},{"time":1387281600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.34.0-alt1","text":"- new version"},{"time":1382529600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.33.0-alt1","text":"- new version"},{"time":1376654400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.32.0-alt1","text":"- new version"},{"time":1372075200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.31.0-alt1","text":"- new version"},{"time":1366113600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.30.0-alt1","text":"- new version"},{"time":1360584000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.29.0-alt2","text":"- Fix NULL pointer reference when closing an unused multi handle (closes: #28534)"},{"time":1360152000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.29.0-alt1","text":"- new version"},{"time":1347969600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.27.0-alt1","text":"- new version"},{"time":1338292800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.26.0-alt1","text":"- new version"},{"time":1327406400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.24.0-alt1","text":"- new version (fixes two separate security vulnerabilities)"},{"time":1322136000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.23.1-alt1","text":"- new version"},{"time":1316174400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.22.0-alt1","text":"- new version"},{"time":1309176000,"author":"Gleb F-Malinovskiy <glebfm@altlinux.org>","evr":"7.21.7-alt1","text":"- new version (CVE-2011-2192)"},{"time":1303560000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.6-alt1","text":"- new version"},{"time":1303128000,"author":"Gleb F-Malinovskiy <glebfm@altlinux.org>","evr":"7.21.5-alt2","text":"- fix curl-config script:\n + version: replace VERSION with CURLVERSION\n + checkfor: add Requires: bc"},{"time":1303128000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.5-alt1","text":"- new version"},{"time":1300190400,"author":"Alexey Tourbin <at@altlinux.ru>","evr":"7.21.4-alt2","text":"- libcurl-devel: removed dependencies on libidn-devel libssl-devel zlib-devel\n- applied debug.patch from Fedora to enable -g in CFLAGS"},{"time":1298721600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.4-alt1","text":"- new version\n- enabled test check"},{"time":1297166400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.3-alt1","text":"- new version\n- test suite temporary disabled (it does not work in hasher)"},{"time":1286971200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.2-alt1","text":"- new version"},{"time":1285934400,"author":"Dmitry V. Levin <ldv@altlinux.org>","evr":"7.21.1-alt3","text":"- Removed unused requirement on libcares.\n- Cleaned up package descriptions.\n- Enabled test suite.\n- Built with libssl.so.10."},{"time":1282305600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.1-alt2","text":"- build without libcares (fixed #23891,#23486)"},{"time":1281614400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.1-alt1","text":"- new version\n- enabled build with libssh2"},{"time":1277812800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.0-alt1","text":"- new version"},{"time":1271332800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.20.1-alt1","text":"- new version"},{"time":1265889600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.20.0-alt1","text":"- new version"},{"time":1257681600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.7-alt1","text":"- new version"},{"time":1250164800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.6-alt1","text":"- new version (CVE-2009-2417)"},{"time":1236427200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.4-alt2","text":"- build curl with really external libcares (fixed #19097)"},{"time":1236081600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.4-alt1","text":"- new version (CVE-2009-0037)"},{"time":1234180800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.3-alt3","text":"- build from cvs"},{"time":1234180800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.3-alt2","text":"- curl-config --libs fixed (#18779)"},{"time":1233144000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.3-alt1","text":"- new version"},{"time":1226664000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.2-alt1","text":"- new version"}],"placements":[{"branch":"p10","component":"classic","arch":"src","kind":"source"}]},{"name":"curl","version":"8.21.0","release":"alt1","arch":"i586","epoch":null,"source_rpm":"curl-8.21.0-alt1.src.rpm","summary":"Gets a file from a FTP, GOPHER or HTTP server","description":"Curl is a client to get documents/files from servers, using any of the\nsupported protocols. The command is designed to work without user\ninteraction or any kind of interactivity.\n\nCurl offers a busload of useful tricks like proxy support, user\nauthentication, ftp upload, HTTP post, file transfer resume and more.","group":"Networking/File transfer","packager":"Anton Farygin <rider@altlinux.org>","buildtime":1782295668,"size":661373,"disttag":"sisyphus+422578.100.1.2","filename":"curl-8.21.0-alt1.i586.rpm","filesize":273044,"deps":{"provides":[{"name":"curl","version":"8.21.0-alt1:sisyphus+422578.100.1.2","flags":8}],"requires":[{"name":"/bin/sh","version":"","flags":16384},{"name":"/lib/ld-linux.so.2","version":"","flags":16384},{"name":"coreutils","version":"","flags":16384},{"name":"sed","version":"","flags":16384},{"name":"libcurl","version":"8.21.0-alt1:sisyphus+422578.100.1.2","flags":16392},{"name":"rpmlib(PayloadIsLzma)","version":"","flags":16777280}],"conflicts":[],"obsoletes":[]},"files":["/usr/bin/curl","/usr/bin/wcurl"],"changelog":[{"time":1782302400,"author":"Anton Farygin <rider@altlinux.org>","evr":"8.21.0-alt1","text":"- 8.20.0 -> 8.21.0\n- Fixes:\n  * CVE-2026-12064: proto-default skips SSH verification\n  * CVE-2026-11856: cross-origin Digest auth state leak\n  * CVE-2026-11586: WS Auto-PONG memory exhaustion\n  * CVE-2026-11564: Native CA trust persist\n  * CVE-2026-11352: QUIC zero-length UDP datagrams busy-loop\n  * CVE-2026-10536: HTTP/2 stream-dependency tree UAF\n  * CVE-2026-9547: SSH improper host validation\n  * CVE-2026-9546: sending old referer\n  * CVE-2026-9545: exposing HTTP/3 early data\n  * CVE-2026-9080: UAF after pause in socket callback\n  * CVE-2026-9079: stale proxy password leak\n  * CVE-2026-8932: incomplete mTLS config matching in conn reuse\n  * CVE-2026-8927: env-set cross-proxy Digest auth state leak\n  * CVE-2026-8926: password leak with netrc and user in URL\n  * CVE-2026-8925: SASL double-free\n  * CVE-2026-8924: trailing dot domain super cookie\n  * CVE-2026-8458: wrong reuse for different services\n  * CVE-2026-8286: wrong STARTTLS connection reuse"},{"time":1777464000,"author":"Anton Farygin <rider@altlinux.org>","evr":"8.20.0-alt1","text":"- 8.19.0 -> 8.20.0\n- Fixes:\n  * CVE-2026-7168: cross-proxy Digest auth state leak\n  * CVE-2026-7009: OCSP stapling bypass with Apple SecTrust\n  * CVE-2026-6429: netrc credential leak with reused proxy connection\n  * CVE-2026-6276: stale custom cookie host causes cookie leak\n  * CVE-2026-6253: proxy credentials leak over redirect-to proxy\n  * CVE-2026-5773: wrong reuse of SMB connection\n  * CVE-2026-5545: wrong reuse of HTTP Negotiate connection\n  * CVE-2026-4873: connection reuse ignores TLS requirement"},{"time":1773230400,"author":"Anton Farygin <rider@altlinux.org>","evr":"8.19.0-alt1","text":"- 8.18.0 -> 8.19.0\n- Fixes:\n  * CVE-2026-3805: use after free in SMB connection reuse\n  * CVE-2026-3784: wrong proxy connection reuse with credentials\n  * CVE-2026-3783: token leak with redirect and netrc\n  * CVE-2026-1965: bad reuse of HTTP Negotiate connection"},{"time":1767960000,"author":"Anton Farygin <rider@altlinux.org>","evr":"8.18.0-alt1","text":"- 8.17.0 -> 8.18.0\n- Fixes:\n  * CVE-2025-15224: libssh key passphrase bypass without agent set\n  * CVE-2025-15079: libssh global known_hosts override\n  * CVE-2025-14819: OpenSSL partial chain store policy bypass\n  * CVE-2025-14524: bearer token leak on cross-protocol redirect\n  * CVE-2025-14017: broken TLS options for threaded LDAPS\n  * CVE-2025-13034: No QUIC certificate pinning with GnuTLS"},{"time":1762344000,"author":"Anton Farygin <rider@altlinux.com>","evr":"8.17.0-alt1","text":"- 8.16.0 -> 8.17.0"},{"time":1757505600,"author":"Anton Farygin <rider@altlinux.com>","evr":"8.16.0-alt1","text":"- 8.15.0 -> 8.16.0 (Fixes:  CVE-2025-10148, CVE-2025-9086)"},{"time":1753185600,"author":"Anton Farygin <rider@altlinux.com>","evr":"8.15.0-alt1","text":"- 8.14.1 -> 8.15.0"},{"time":1750852800,"author":"Anton Farygin <rider@altlinux.com>","evr":"8.14.1-alt2","text":"- Added upstream patch to fix --ftp-pasv option (Closes: #54927)"},{"time":1749038400,"author":"Anton Farygin <rider@altlinux.com>","evr":"8.14.1-alt1","text":"- 8.14.0 -> 8.14.1 (Fixes: CVE-2025-5399)\n- turned on more tests"},{"time":1748433600,"author":"Anton Farygin <rider@altlinux.com>","evr":"8.14.0-alt1","text":"- 8.13.0 -> 8.14.0"},{"time":1743595200,"author":"Anton Farygin <rider@altlinux.com>","evr":"8.13.0-alt1","text":"- 8.12.1 -> 8.13.0"},{"time":1739448000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.12.1-alt1","text":"- 8.12.0 -> 8.12.1"},{"time":1738756800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.12.0-alt1","text":"- 8.11.1 -> 8.12.0 (Fixes:  CVE-2025-0665, CVE-2025-0167, CVE-2025-0725)"},{"time":1733918400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.11.1-alt1","text":"- 8.11.0 -> 8.11.1 (Fixes: CVE-2024-11053)"},{"time":1732968000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.11.0-alt2","text":"- applied upstream commit f5c6169 to fix regression\n  with netrc (Closes: #52093)"},{"time":1730894400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.11.0-alt1","text":"- 8.10.0 -> 8.11.0 (Fixes: CVE-2024-9681)"},{"time":1726056000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.10.0-alt1","text":"- 8.9.1 -> 8.10.0 (Fixes: CVE-2024-8096)"},{"time":1722427200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.9.1-alt1","text":"- 8.9.0 -> 8.9.1 (Fixes: CVE-2024-7264)"},{"time":1721822400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.9.0-alt1","text":"- 8.8.0 -> 8.9.0 (Fixes: CVE-2024-6874, CVE-2024-6197)"},{"time":1719835200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.8.0-alt1","text":"- 8.7.1 -> 8.0.0 (Closes: #49883)"},{"time":1713960000,"author":"Andrey Cherepanov <cas@altlinux.org>","evr":"8.7.1-alt2","text":"- NMU: build with --enable-versioned-symbols"},{"time":1711540800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.7.1-alt1","text":"- 8.6.0 -> 8.7.1\n- Fixes:\n   * CVE-2024-2398: HTTP/2 push headers memory-leak\n   * CVE-2024-2004: Usage of disabled protocol"},{"time":1706702400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.6.0-alt1","text":"- 8.5.0 -> 8.6.0\n- Fixes:\n   * CVE-2024-0853 : OCSP verification bypass with TLS session reuse"},{"time":1701864000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.5.0-alt1","text":"- 8.4.0 -> 8.5.0\n- Fixes:\n   * CVE-2023-46218: cookie mixed case PSL bypass\n   * CVE-2023-46219: HSTS long file name clears contents"},{"time":1697025600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.4.0-alt1","text":"- 8.3.0 -> 8.4.0\n- Fixes:\n   * CVE-2023-38545: SOCKS5 heap buffer overflow\n   * CVE-2023-38546"},{"time":1694606400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.3.0-alt1","text":"- 8.2.1 -> 8.3.0\n- Fixes:\n   * CVE-2023-38039 HTTP headers eat all memory\n- relaxed check on armh"},{"time":1690372800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.2.1-alt1","text":"- 8.2.0 -> 8.2.1"},{"time":1689768000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.2.0-alt1","text":"- 8.1.2 -> 8.2.0\n- Fixes:\n   * CVE-2023-32001 fopen race condition"},{"time":1687694400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.1.2-alt2","text":"- built with ngtcp 0.16 and nghttp3 (apply patches from upstream git)"},{"time":1685448000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.1.2-alt1","text":"- 8.1.0 -> 8.1.2"},{"time":1684411200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.1.0-alt2","text":"- built with Gnutls only if QUIC is available"},{"time":1684411200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.1.0-alt1","text":"- 8.0.1 -> 8.1.0\n- descreased the number of tests: apache2-* was removed from BuildRequires to\n  avoid circular dependencies curl -> apache2-mods -> libcurl\n- Fixes:\n   * CVE-2023-28319 UAF in SSH sha256 fingerprint check\n   * CVE-2023-28320 siglongjmp race condition\n   * CVE-2023-28321 IDN wildcard match\n   * CVE-2023-28322 more POST-after-PUT confusion"},{"time":1679400000,"author":"Alexey Shabalin <shaba@altlinux.org>","evr":"8.0.1-alt2","text":"- disable build static library\n- fix configure options\n- fix build with libssh2\n- build with WebSockets support\n- build with gnutls instead of openssl, and build with http3 support\n- increased the number of tests to be execute"},{"time":1679313600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.0.1-alt1","text":"- 8.0.0 -> 8.0.1"},{"time":1679313600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.0.0-alt1","text":"- 7.88.1 -> 8.0.0 (Fixes:  CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536,\n   CVE-2023-27537, CVE-2023-27538)"},{"time":1676894400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.88.1-alt1","text":"- 7.88.0 -> 7.88.1"},{"time":1676462400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.88.0-alt1","text":"- 7.87.0 -> 7.88.0 (Closes: #45281)\n- Fixes:\n  * CVE-2023-23914: HSTS ignored on multiple requests\n  * CVE-2023-23915: HSTS amnesia with --parallel\n  * CVE-2023-23916: HTTP multi-header compression denial of service"},{"time":1671624000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.87.0-alt1","text":"- 7.86.0 -> 7.87.0\n- Fixes:\n  * CVE-2022-43551: Another HSTS bypass via IDN\n  * CVE-2022-43552: HTTP Proxy deny use-after-free"},{"time":1666785600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.86.0-alt1","text":"- 7.85.0 -> 7.86.0\n- Fixes:\n  * CVE-2022-32221: POST following PUT confusion\n  * CVE-2022-35260: .netrc parser out-of-bounds access\n  * CVE-2022-42915: HTTP proxy double-free\n  * CVE-2022-42916: HSTS bypass via IDN"},{"time":1661947200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.85.0-alt1","text":"- 7.84.0 -> 7.85.0\n- Fixes:\n  * CVE-2022-35252: control code in cookie denial of service"},{"time":1660132800,"author":"Egor Ignatov <egori@altlinux.org>","evr":"7.84.0-alt2","text":"- backport upstream fixes:\n  + lib3026: reduce the number of threads to 100 (#9172)\n  + easy_lock.h: include sched.h if available to fix build (#9054)"},{"time":1656331200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.84.0-alt1","text":"- 7.84.0\n- Fixes:\n  * CVE-2022-32208: FTP-KRB bad message verification\n  * CVE-2022-32207: Unpreserved file permissions\n  * CVE-2022-32206: HTTP compression denial of service\n  * CVE-2022-32205: Set-Cookie denial of service"},{"time":1652270400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.83.1-alt1","text":"- 7.83.1\n- Fixes:\n  * CVE-2022-30115: HSTS bypass via trailing dot\n  * CVE-2022-27782: TLS and SSH connection too eager reuse\n  * CVE-2022-27781: CERTINFO never-ending busy-loop\n  * CVE-2022-27780: percent-encoded path separator in URL host\n  * CVE-2022-27779: cookie for trailing dot TLD\n  * CVE-2022-27778: curl removes wrong file on error"},{"time":1651147200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.83.0-alt1","text":"- 7.83.0 (Fixes: CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776)"},{"time":1646827200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.82.0-alt1","text":"- 7.81.0 -> 7.82.0"},{"time":1641643200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.81.0-alt2","text":"- disabled rewindaftersend logic for auth via kerberos to resolve problems with\n  hdfs (fix for curl issue #8264)"},{"time":1641384000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.81.0-alt1","text":"- 7.80.0 -> 7.81.0"},{"time":1637409600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.80.0-alt1","text":"- 7.79.1 -> 7.80.0"},{"time":1632571200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.79.1-alt1","text":"- 7.79.1"},{"time":1632225600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.79.0-alt2","text":"- added patches from curl upstream:\n  * b2e72d2 http: fix the broken >3 digit response code detection\n  * e0742ce Curl_http2_setup: don't change connection data on repeat invokes"},{"time":1631707200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.79.0-alt1","text":"- 7.79.0\n- Fixes:\n  * CVE-2021-22945 clear the leftovers pointer when sending succeeds\n  * CVE-2021-22946 do not ignore --ssl-reqd\n  * CVE-2021-22947 reject STARTTLS server response pipelining"},{"time":1631275200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.78.0-alt2","text":"- fixed FTBFS via -ffat-lto-objects"},{"time":1627387200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.78.0-alt1","text":"- 7.78.0"},{"time":1622030400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.77.0-alt1","text":"- 7.77.0\n- Fixes:\n  * CVE-2021-22897 schannel cipher selection surprise\n  * CVE-2021-22898 TELNET stack contents disclosure\n  * CVE-2021-22901 TLS session caching disaster"},{"time":1618488000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.76.1-alt1","text":"- 7.76.1"},{"time":1617192000,"author":"Anton Farygin <rider@altlinux.org>","evr":"7.76.0-alt1","text":"- 7.76.0\n- Fixes:\n  * CVE-2021-22876 strip credentials from the auto-referer header field\n  * CVE-2021-22890 add 'isproxy' argument to Curl_ssl_get/addsessionid()"},{"time":1614254400,"author":"Anton Farygin <rider@altlinux.org>","evr":"7.75.0-alt1","text":"- 7.75.0"},{"time":1609329600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.74.0-alt1","text":"- 7.74.0\n- Fixes:\n  * CVE-2020-8286 Inferior OCSP verification\n  * CVE-2020-8285 FTP wildcard stack overflow\n  * CVE-2020-8284 trusting FTP PASV responses"},{"time":1602676800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.73.0-alt1","text":"- 7.73.0"},{"time":1597838400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.72.0-alt1","text":"- 7.72.0\n- fixes:\n  * CVE-2020-8231: libcurl: wrong connect-only connection"},{"time":1593777600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.71.1-alt1","text":"- 7.71.1\n- add python3 to BR for tests"},{"time":1593000000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.71.0-alt1","text":"- 7.71.0\n- fixes:\n  * CVE-2020-8177: curl overwrite local file with -J\n  * CVE-2020-8169: Partial password leak over DNS on HTTP redirect"},{"time":1588161600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.70.0-alt1","text":"- 7.70.0\n- removed DEV from version string (with maketgz script)"},{"time":1583928000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.69.1-alt1","text":"- 7.69.1"},{"time":1583928000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.69.0-alt1","text":"- 7.69.0"},{"time":1578657600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.68.0-alt1","text":"- 7.68.0"},{"time":1573473600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.67.0-alt1","text":"- 7.67.0"},{"time":1568203200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.66.0-alt1","text":"- 7.66.0\n- fixes:\n * CVE-2019-5481: FTP-KRB double-free \n * CVE-2019-5482: TFTP small blocksize heap buffer overflow"},{"time":1563883200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.65.3-alt1","text":"- 7.65.3"},{"time":1559736000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.65.1-alt1","text":"- 7.65.1"},{"time":1558526400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.65.0-alt1","text":"- 7.65.0\n- fixes:\n  * CVE-2019-5435: Integer overflows in curl_url_set\n  * CVE-2019-5436: tftp: use the current blksize for recvfrom"},{"time":1553774400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.64.1-alt1","text":"- 7.64.1"},{"time":1552564800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.64.0-alt2","text":"- increased level of verbosity in make check stage"},{"time":1549454400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.64.0-alt1","text":"- 7.64.0\n- fixes:\n  * CVE-2018-16890: NTLM type-2 out-of-bounds buffer read\n  * CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow\n  * CVE-2019-3823: SMTP end-of-response out-of-bounds read"},{"time":1544616000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.63.0-alt1","text":"- 7.63.0"},{"time":1542196800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.62.0-alt3","text":"- enabled idn support (closes: #34103)\n- enabled ldap support\n- enabled brotli support"},{"time":1541073600,"author":"Michael Shigorin <mike@altlinux.org>","evr":"7.62.0-alt2","text":"- added nghttp2 knob (on by default)"},{"time":1540987200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.62.0-alt1","text":"- 7.62.0 \n- fixes:\n  * CVE-2018-16839 - buffer overrun in the SASL authentication code. \n  * CVE-2018-16840 - use-after-free in handle close\n  * CVE-2018-16842 - warning message out-of-buffer read"},{"time":1539259200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.61.1-alt2","text":"- enabled HTTP/2 support"},{"time":1536494400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.61.1-alt1","text":"- 7.61.1 (fixes: CVE-2018-14618)"},{"time":1534420800,"author":"Gleb F-Malinovskiy <glebfm@altlinux.org>","evr":"7.61.0-alt2","text":"- Rebuilt with openssl 1.1.\n- Added BR: libkrb5-devel."},{"time":1531828800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.61.0-alt1","text":"- 7.61.0\n- fixes:\n  * CVE-2018-0500 SMTP send heap buffer overflow"},{"time":1526472000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.60.0-alt1","text":"- 7.60.0 \n- fixes:\n  * CVE-2018-1000300 FTP shutdown response buffer overflow\n  * CVE-2018-1000301 RTSP bad headers buffer over-read"},{"time":1522497600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.59.0-alt1","text":"- new version \n- fixes: \n  * CVE-2018-1000120 FTP path trickery leads to NIL byte out of bounds write\n  * CVE-2018-1000121 LDAP NULL pointer dereference\n  * CVE-2018-1000122  RTSP RTP buffer over-read"},{"time":1516795200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.58.0-alt1","text":"- new version\n- fixes:\n  * CVE-2018-1000005 HTTP/2 trailer out-of-bounds read\n  * CVE-2018-1000007 HTTP authentication leak in redirects"},{"time":1512129600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.57.0-alt1","text":"- new version\n- fixes:\n  * CVE-2017-8818 SSL out of buffer access\n  * CVE-2017-8817 FTP wildcard out of bounds read\n  * CVE-2017-8816 NTLM buffer overflow via integer overflow"},{"time":1508760000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.56.1-alt1","text":"- new version\n- fixes:\n  * CVE-2017-1000257 libcurl contains a buffer overrun flaw in the IMAP handler"},{"time":1507118400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.56.0-alt1","text":"- new version\n- fixes:\n  * CVE-2017-1000254 libcurl may read outside of a heap allocated buffer when doing FTP."},{"time":1502712000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.55.1-alt1","text":"- new version"},{"time":1502280000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.55.0-alt1","text":"- new version with following security fixes:\n   * CVE-2017-1000101 glob: do not parse after a strtoul() overflow range\n   * CVE-2017-1000100 tftp: reject file name lengths that don't fit\n   * CVE-2017-1000099 file: output the correct buffer to the user"},{"time":1497441600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.54.1-alt1","text":"- new version with security fixes:\n  CVE-2017-9502: URL file scheme drive letter buffer overflow"},{"time":1492603200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.54.0-alt1","text":"- new version with security fixes:\n  CVE-2016-5419: TLS session resumption client cert bypass (again)"},{"time":1488196800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.53.1-alt1","text":"- new version"},{"time":1487764800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.53.0-alt1","text":"- new version with security fixes:\n  CVE-2017-2629: SSL_VERIFYSTATUS ignored"},{"time":1482494400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.52.1-alt1","text":"- new version with security fixes:\n  CVE-2016-9594: uninitialized random"},{"time":1482321600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.52.0-alt1","text":"- new version with security fixes:\n  CVE-2016-9586: printf floating point buffer overflow"},{"time":1481112000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.51.0-alt2","text":"- enabled gssapi (closes: #32862)"},{"time":1478088000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.51.0-alt1","text":"- new version with security fixes:\n  CVE-2016-8615: cookie injection for other servers \n  CVE-2016-8616: case insensitive password comparison \n  CVE-2016-8617: OOB write via unchecked multiplication \n  CVE-2016-8618: double-free in curl_maprintf \n  CVE-2016-8619: double-free in krb5 code \n  CVE-2016-8620: glob parser write/read out of bounds \n  CVE-2016-8621: curl_getdate read out of bounds \n  CVE-2016-8622: URL unescape heap overflow via integer truncation \n  CVE-2016-8623: Use-after-free via shared cookies \n  CVE-2016-8624: invalid URL parsing with '#'\n  CVE-2016-8625: IDNA 2003 makes curl use wrong host"},{"time":1477569600,"author":"Vladimir D. Seleznev <vseleznv@altlinux.org>","evr":"7.50.3-alt2","text":"- libcurl-devel: packaged libcurl.m4"},{"time":1473854400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.50.3-alt1","text":"- new version with security fixes (CVE-2016-7167)"},{"time":1473422400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.50.2-alt1","text":"- new version"},{"time":1472212800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.50.1-alt1","text":"- new version"},{"time":1469102400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.50.0-alt1","text":"- new version"},{"time":1464609600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.49.1-alt1","text":"- new version"},{"time":1464004800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.49.0-alt1","text":"- new version"},{"time":1458820800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.48.0-alt1","text":"- new version"},{"time":1457784000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.47.1-alt1","text":"- new version"},{"time":1450008000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.46.0-alt2","text":"- enabled http2 support (closes: #31617)"},{"time":1449489600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.46.0-alt1","text":"- new version"},{"time":1445169600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.45.0-alt1","text":"- new version"},{"time":1434715200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.43.0-alt1","text":"- new version, with fixes for CVE-2015-3236, CVE-2015-3237"},{"time":1430308800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.42.1-alt1","text":"- new version, with fixes for CVE-2015-3153"},{"time":1429704000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.42.0-alt1","text":"- new version, with fixes for CVE-2015-3148, CVE-2015-3143, CVE-2015-3145 \n  and CVE-2015-3144"},{"time":1424865600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.41.0-alt1","text":"- new version"},{"time":1421236800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.40.0-alt1","text":"- new version"},{"time":1415188800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.39.0-alt1","text":"- new version"},{"time":1414670400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.38.0-alt2","text":"- threaded-resolver: revert Curl_expire_latest() switch (closes: #30427)"},{"time":1410350400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.38.0-alt1","text":"- new version"},{"time":1406203200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.37.1-alt1","text":"- new version"},{"time":1402056000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.37.0-alt1","text":"- new version"},{"time":1395835200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.36.0-alt1","text":"- new version\n- added watch file"},{"time":1392379200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.35.0-alt2","text":"- test172 fixed by upstream"},{"time":1390996800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.35.0-alt1","text":"- new version"},{"time":1387281600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.34.0-alt1","text":"- new version"},{"time":1382529600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.33.0-alt1","text":"- new version"},{"time":1376654400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.32.0-alt1","text":"- new version"},{"time":1372075200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.31.0-alt1","text":"- new version"},{"time":1366113600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.30.0-alt1","text":"- new version"},{"time":1360584000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.29.0-alt2","text":"- Fix NULL pointer reference when closing an unused multi handle (closes: #28534)"},{"time":1360152000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.29.0-alt1","text":"- new version"},{"time":1347969600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.27.0-alt1","text":"- new version"},{"time":1338292800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.26.0-alt1","text":"- new version"},{"time":1327406400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.24.0-alt1","text":"- new version (fixes two separate security vulnerabilities)"},{"time":1322136000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.23.1-alt1","text":"- new version"},{"time":1316174400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.22.0-alt1","text":"- new version"},{"time":1309176000,"author":"Gleb F-Malinovskiy <glebfm@altlinux.org>","evr":"7.21.7-alt1","text":"- new version (CVE-2011-2192)"},{"time":1303560000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.6-alt1","text":"- new version"},{"time":1303128000,"author":"Gleb F-Malinovskiy <glebfm@altlinux.org>","evr":"7.21.5-alt2","text":"- fix curl-config script:\n + version: replace VERSION with CURLVERSION\n + checkfor: add Requires: bc"},{"time":1303128000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.5-alt1","text":"- new version"},{"time":1300190400,"author":"Alexey Tourbin <at@altlinux.ru>","evr":"7.21.4-alt2","text":"- libcurl-devel: removed dependencies on libidn-devel libssl-devel zlib-devel\n- applied debug.patch from Fedora to enable -g in CFLAGS"},{"time":1298721600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.4-alt1","text":"- new version\n- enabled test check"},{"time":1297166400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.3-alt1","text":"- new version\n- test suite temporary disabled (it does not work in hasher)"},{"time":1286971200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.2-alt1","text":"- new version"},{"time":1285934400,"author":"Dmitry V. Levin <ldv@altlinux.org>","evr":"7.21.1-alt3","text":"- Removed unused requirement on libcares.\n- Cleaned up package descriptions.\n- Enabled test suite.\n- Built with libssl.so.10."},{"time":1282305600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.1-alt2","text":"- build without libcares (fixed #23891,#23486)"},{"time":1281614400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.1-alt1","text":"- new version\n- enabled build with libssh2"},{"time":1277812800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.0-alt1","text":"- new version"},{"time":1271332800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.20.1-alt1","text":"- new version"},{"time":1265889600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.20.0-alt1","text":"- new version"},{"time":1257681600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.7-alt1","text":"- new version"},{"time":1250164800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.6-alt1","text":"- new version (CVE-2009-2417)"},{"time":1236427200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.4-alt2","text":"- build curl with really external libcares (fixed #19097)"},{"time":1236081600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.4-alt1","text":"- new version (CVE-2009-0037)"},{"time":1234180800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.3-alt3","text":"- build from cvs"},{"time":1234180800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.3-alt2","text":"- curl-config --libs fixed (#18779)"},{"time":1233144000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.3-alt1","text":"- new version"},{"time":1226664000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.2-alt1","text":"- new version"}],"placements":[{"branch":"sisyphus","component":"classic","arch":"i586","kind":"binary"}]},{"name":"curl","version":"8.20.0","release":"alt1","arch":"src","epoch":null,"source_rpm":"curl-8.20.0-alt1.src.rpm","summary":"Gets a file from a FTP, GOPHER or HTTP server","description":"Curl is a client to get documents/files from servers, using any of the\nsupported protocols. The command is designed to work without user\ninteraction or any kind of interactivity.\n\nCurl offers a busload of useful tricks like proxy support, user\nauthentication, ftp upload, HTTP post, file transfer resume and more.","group":"Networking/File transfer","packager":"Anton Farygin <rider@altlinux.org>","buildtime":null,"size":20761414,"disttag":null,"filename":"curl-8.20.0-alt1.src.rpm","filesize":2392927,"deps":{"provides":[],"requires":[{"name":"libgnutls30","version":"","flags":0},{"name":"groff-base","version":"","flags":0},{"name":"libidn2-devel","version":"","flags":0},{"name":"libkrb5-devel","version":"","flags":0},{"name":"libgsasl-devel","version":"","flags":0},{"name":"zlib-devel","version":"","flags":0},{"name":"libzstd-devel","version":"","flags":0},{"name":"libpsl-devel","version":"","flags":0},{"name":"libldap-devel","version":"","flags":0},{"name":"libbrotli-devel","version":"","flags":0},{"name":"python3-base","version":"","flags":0},{"name":"/proc","version":"","flags":0},{"name":"libnghttp2-tools","version":"","flags":0},{"name":"gnutls-utils","version":"","flags":0},{"name":"/usr/bin/stunnel","version":"","flags":0},{"name":"perl(Digest/SHA.pm)","version":"","flags":0},{"name":"perl(Memoize.pm)","version":"","flags":0},{"name":"openssh-server","version":"","flags":0},{"name":"openssh-clients","version":"","flags":0},{"name":"caddy","version":"","flags":0},{"name":"pytest3","version":"","flags":0},{"name":"python3-module-cryptography","version":"","flags":0},{"name":"apache2-httpd-worker","version":"","flags":0},{"name":"apache2-devel","version":"","flags":0},{"name":"apache2-mod_ssl","version":"","flags":0},{"name":"apache2-mod_http2","version":"","flags":0},{"name":"vsftpd","version":"","flags":0},{"name":"python3-module-pytest-xdist","version":"","flags":0},{"name":"python3-module-psutil","version":"","flags":0},{"name":"python3-module-filelock","version":"","flags":0},{"name":"libgnutls-devel","version":"","flags":0},{"name":"libnettle-devel","version":"","flags":0},{"name":"libssh2-devel","version":"","flags":0},{"name":"libnghttp2-devel","version":"","flags":0},{"name":"libngtcp2-devel","version":"0.15.0","flags":12},{"name":"libnghttp3-devel","version":"","flags":0},{"name":"rpmlib(PayloadIsLzma)","version":"","flags":16777280}],"conflicts":[],"obsoletes":[]},"files":[],"changelog":[{"time":1777464000,"author":"Anton Farygin <rider@altlinux.org>","evr":"8.20.0-alt1","text":"- 8.19.0 -> 8.20.0\n- Fixes:\n  * CVE-2026-7168: cross-proxy Digest auth state leak\n  * CVE-2026-7009: OCSP stapling bypass with Apple SecTrust\n  * CVE-2026-6429: netrc credential leak with reused proxy connection\n  * CVE-2026-6276: stale custom cookie host causes cookie leak\n  * CVE-2026-6253: proxy credentials leak over redirect-to proxy\n  * CVE-2026-5773: wrong reuse of SMB connection\n  * CVE-2026-5545: wrong reuse of HTTP Negotiate connection\n  * CVE-2026-4873: connection reuse ignores TLS requirement"},{"time":1773230400,"author":"Anton Farygin <rider@altlinux.org>","evr":"8.19.0-alt1","text":"- 8.18.0 -> 8.19.0\n- Fixes:\n  * CVE-2026-3805: use after free in SMB connection reuse\n  * CVE-2026-3784: wrong proxy connection reuse with credentials\n  * CVE-2026-3783: token leak with redirect and netrc\n  * CVE-2026-1965: bad reuse of HTTP Negotiate connection"},{"time":1767960000,"author":"Anton Farygin <rider@altlinux.org>","evr":"8.18.0-alt1","text":"- 8.17.0 -> 8.18.0\n- Fixes:\n  * CVE-2025-15224: libssh key passphrase bypass without agent set\n  * CVE-2025-15079: libssh global known_hosts override\n  * CVE-2025-14819: OpenSSL partial chain store policy bypass\n  * CVE-2025-14524: bearer token leak on cross-protocol redirect\n  * CVE-2025-14017: broken TLS options for threaded LDAPS\n  * CVE-2025-13034: No QUIC certificate pinning with GnuTLS"},{"time":1762344000,"author":"Anton Farygin <rider@altlinux.com>","evr":"8.17.0-alt1","text":"- 8.16.0 -> 8.17.0"},{"time":1757505600,"author":"Anton Farygin <rider@altlinux.com>","evr":"8.16.0-alt1","text":"- 8.15.0 -> 8.16.0 (Fixes:  CVE-2025-10148, CVE-2025-9086)"},{"time":1753185600,"author":"Anton Farygin <rider@altlinux.com>","evr":"8.15.0-alt1","text":"- 8.14.1 -> 8.15.0"},{"time":1750852800,"author":"Anton Farygin <rider@altlinux.com>","evr":"8.14.1-alt2","text":"- Added upstream patch to fix --ftp-pasv option (Closes: #54927)"},{"time":1749038400,"author":"Anton Farygin <rider@altlinux.com>","evr":"8.14.1-alt1","text":"- 8.14.0 -> 8.14.1 (Fixes: CVE-2025-5399)\n- turned on more tests"},{"time":1748433600,"author":"Anton Farygin <rider@altlinux.com>","evr":"8.14.0-alt1","text":"- 8.13.0 -> 8.14.0"},{"time":1743595200,"author":"Anton Farygin <rider@altlinux.com>","evr":"8.13.0-alt1","text":"- 8.12.1 -> 8.13.0"},{"time":1739448000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.12.1-alt1","text":"- 8.12.0 -> 8.12.1"},{"time":1738756800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.12.0-alt1","text":"- 8.11.1 -> 8.12.0 (Fixes:  CVE-2025-0665, CVE-2025-0167, CVE-2025-0725)"},{"time":1733918400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.11.1-alt1","text":"- 8.11.0 -> 8.11.1 (Fixes: CVE-2024-11053)"},{"time":1732968000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.11.0-alt2","text":"- applied upstream commit f5c6169 to fix regression\n  with netrc (Closes: #52093)"},{"time":1730894400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.11.0-alt1","text":"- 8.10.0 -> 8.11.0 (Fixes: CVE-2024-9681)"},{"time":1726056000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.10.0-alt1","text":"- 8.9.1 -> 8.10.0 (Fixes: CVE-2024-8096)"},{"time":1722427200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.9.1-alt1","text":"- 8.9.0 -> 8.9.1 (Fixes: CVE-2024-7264)"},{"time":1721822400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.9.0-alt1","text":"- 8.8.0 -> 8.9.0 (Fixes: CVE-2024-6874, CVE-2024-6197)"},{"time":1719835200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.8.0-alt1","text":"- 8.7.1 -> 8.0.0 (Closes: #49883)"},{"time":1713960000,"author":"Andrey Cherepanov <cas@altlinux.org>","evr":"8.7.1-alt2","text":"- NMU: build with --enable-versioned-symbols"},{"time":1711540800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.7.1-alt1","text":"- 8.6.0 -> 8.7.1\n- Fixes:\n   * CVE-2024-2398: HTTP/2 push headers memory-leak\n   * CVE-2024-2004: Usage of disabled protocol"},{"time":1706702400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.6.0-alt1","text":"- 8.5.0 -> 8.6.0\n- Fixes:\n   * CVE-2024-0853 : OCSP verification bypass with TLS session reuse"},{"time":1701864000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.5.0-alt1","text":"- 8.4.0 -> 8.5.0\n- Fixes:\n   * CVE-2023-46218: cookie mixed case PSL bypass\n   * CVE-2023-46219: HSTS long file name clears contents"},{"time":1697025600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.4.0-alt1","text":"- 8.3.0 -> 8.4.0\n- Fixes:\n   * CVE-2023-38545: SOCKS5 heap buffer overflow\n   * CVE-2023-38546"},{"time":1694606400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.3.0-alt1","text":"- 8.2.1 -> 8.3.0\n- Fixes:\n   * CVE-2023-38039 HTTP headers eat all memory\n- relaxed check on armh"},{"time":1690372800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.2.1-alt1","text":"- 8.2.0 -> 8.2.1"},{"time":1689768000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.2.0-alt1","text":"- 8.1.2 -> 8.2.0\n- Fixes:\n   * CVE-2023-32001 fopen race condition"},{"time":1687694400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.1.2-alt2","text":"- built with ngtcp 0.16 and nghttp3 (apply patches from upstream git)"},{"time":1685448000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.1.2-alt1","text":"- 8.1.0 -> 8.1.2"},{"time":1684411200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.1.0-alt2","text":"- built with Gnutls only if QUIC is available"},{"time":1684411200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.1.0-alt1","text":"- 8.0.1 -> 8.1.0\n- descreased the number of tests: apache2-* was removed from BuildRequires to\n  avoid circular dependencies curl -> apache2-mods -> libcurl\n- Fixes:\n   * CVE-2023-28319 UAF in SSH sha256 fingerprint check\n   * CVE-2023-28320 siglongjmp race condition\n   * CVE-2023-28321 IDN wildcard match\n   * CVE-2023-28322 more POST-after-PUT confusion"},{"time":1679400000,"author":"Alexey Shabalin <shaba@altlinux.org>","evr":"8.0.1-alt2","text":"- disable build static library\n- fix configure options\n- fix build with libssh2\n- build with WebSockets support\n- build with gnutls instead of openssl, and build with http3 support\n- increased the number of tests to be execute"},{"time":1679313600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.0.1-alt1","text":"- 8.0.0 -> 8.0.1"},{"time":1679313600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.0.0-alt1","text":"- 7.88.1 -> 8.0.0 (Fixes:  CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536,\n   CVE-2023-27537, CVE-2023-27538)"},{"time":1676894400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.88.1-alt1","text":"- 7.88.0 -> 7.88.1"},{"time":1676462400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.88.0-alt1","text":"- 7.87.0 -> 7.88.0 (Closes: #45281)\n- Fixes:\n  * CVE-2023-23914: HSTS ignored on multiple requests\n  * CVE-2023-23915: HSTS amnesia with --parallel\n  * CVE-2023-23916: HTTP multi-header compression denial of service"},{"time":1671624000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.87.0-alt1","text":"- 7.86.0 -> 7.87.0\n- Fixes:\n  * CVE-2022-43551: Another HSTS bypass via IDN\n  * CVE-2022-43552: HTTP Proxy deny use-after-free"},{"time":1666785600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.86.0-alt1","text":"- 7.85.0 -> 7.86.0\n- Fixes:\n  * CVE-2022-32221: POST following PUT confusion\n  * CVE-2022-35260: .netrc parser out-of-bounds access\n  * CVE-2022-42915: HTTP proxy double-free\n  * CVE-2022-42916: HSTS bypass via IDN"},{"time":1661947200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.85.0-alt1","text":"- 7.84.0 -> 7.85.0\n- Fixes:\n  * CVE-2022-35252: control code in cookie denial of service"},{"time":1660132800,"author":"Egor Ignatov <egori@altlinux.org>","evr":"7.84.0-alt2","text":"- backport upstream fixes:\n  + lib3026: reduce the number of threads to 100 (#9172)\n  + easy_lock.h: include sched.h if available to fix build (#9054)"},{"time":1656331200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.84.0-alt1","text":"- 7.84.0\n- Fixes:\n  * CVE-2022-32208: FTP-KRB bad message verification\n  * CVE-2022-32207: Unpreserved file permissions\n  * CVE-2022-32206: HTTP compression denial of service\n  * CVE-2022-32205: Set-Cookie denial of service"},{"time":1652270400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.83.1-alt1","text":"- 7.83.1\n- Fixes:\n  * CVE-2022-30115: HSTS bypass via trailing dot\n  * CVE-2022-27782: TLS and SSH connection too eager reuse\n  * CVE-2022-27781: CERTINFO never-ending busy-loop\n  * CVE-2022-27780: percent-encoded path separator in URL host\n  * CVE-2022-27779: cookie for trailing dot TLD\n  * CVE-2022-27778: curl removes wrong file on error"},{"time":1651147200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.83.0-alt1","text":"- 7.83.0 (Fixes: CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776)"},{"time":1646827200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.82.0-alt1","text":"- 7.81.0 -> 7.82.0"},{"time":1641643200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.81.0-alt2","text":"- disabled rewindaftersend logic for auth via kerberos to resolve problems with\n  hdfs (fix for curl issue #8264)"},{"time":1641384000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.81.0-alt1","text":"- 7.80.0 -> 7.81.0"},{"time":1637409600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.80.0-alt1","text":"- 7.79.1 -> 7.80.0"},{"time":1632571200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.79.1-alt1","text":"- 7.79.1"},{"time":1632225600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.79.0-alt2","text":"- added patches from curl upstream:\n  * b2e72d2 http: fix the broken >3 digit response code detection\n  * e0742ce Curl_http2_setup: don't change connection data on repeat invokes"},{"time":1631707200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.79.0-alt1","text":"- 7.79.0\n- Fixes:\n  * CVE-2021-22945 clear the leftovers pointer when sending succeeds\n  * CVE-2021-22946 do not ignore --ssl-reqd\n  * CVE-2021-22947 reject STARTTLS server response pipelining"},{"time":1631275200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.78.0-alt2","text":"- fixed FTBFS via -ffat-lto-objects"},{"time":1627387200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.78.0-alt1","text":"- 7.78.0"},{"time":1622030400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.77.0-alt1","text":"- 7.77.0\n- Fixes:\n  * CVE-2021-22897 schannel cipher selection surprise\n  * CVE-2021-22898 TELNET stack contents disclosure\n  * CVE-2021-22901 TLS session caching disaster"},{"time":1618488000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.76.1-alt1","text":"- 7.76.1"},{"time":1617192000,"author":"Anton Farygin <rider@altlinux.org>","evr":"7.76.0-alt1","text":"- 7.76.0\n- Fixes:\n  * CVE-2021-22876 strip credentials from the auto-referer header field\n  * CVE-2021-22890 add 'isproxy' argument to Curl_ssl_get/addsessionid()"},{"time":1614254400,"author":"Anton Farygin <rider@altlinux.org>","evr":"7.75.0-alt1","text":"- 7.75.0"},{"time":1609329600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.74.0-alt1","text":"- 7.74.0\n- Fixes:\n  * CVE-2020-8286 Inferior OCSP verification\n  * CVE-2020-8285 FTP wildcard stack overflow\n  * CVE-2020-8284 trusting FTP PASV responses"},{"time":1602676800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.73.0-alt1","text":"- 7.73.0"},{"time":1597838400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.72.0-alt1","text":"- 7.72.0\n- fixes:\n  * CVE-2020-8231: libcurl: wrong connect-only connection"},{"time":1593777600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.71.1-alt1","text":"- 7.71.1\n- add python3 to BR for tests"},{"time":1593000000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.71.0-alt1","text":"- 7.71.0\n- fixes:\n  * CVE-2020-8177: curl overwrite local file with -J\n  * CVE-2020-8169: Partial password leak over DNS on HTTP redirect"},{"time":1588161600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.70.0-alt1","text":"- 7.70.0\n- removed DEV from version string (with maketgz script)"},{"time":1583928000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.69.1-alt1","text":"- 7.69.1"},{"time":1583928000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.69.0-alt1","text":"- 7.69.0"},{"time":1578657600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.68.0-alt1","text":"- 7.68.0"},{"time":1573473600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.67.0-alt1","text":"- 7.67.0"},{"time":1568203200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.66.0-alt1","text":"- 7.66.0\n- fixes:\n * CVE-2019-5481: FTP-KRB double-free \n * CVE-2019-5482: TFTP small blocksize heap buffer overflow"},{"time":1563883200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.65.3-alt1","text":"- 7.65.3"},{"time":1559736000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.65.1-alt1","text":"- 7.65.1"},{"time":1558526400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.65.0-alt1","text":"- 7.65.0\n- fixes:\n  * CVE-2019-5435: Integer overflows in curl_url_set\n  * CVE-2019-5436: tftp: use the current blksize for recvfrom"},{"time":1553774400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.64.1-alt1","text":"- 7.64.1"},{"time":1552564800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.64.0-alt2","text":"- increased level of verbosity in make check stage"},{"time":1549454400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.64.0-alt1","text":"- 7.64.0\n- fixes:\n  * CVE-2018-16890: NTLM type-2 out-of-bounds buffer read\n  * CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow\n  * CVE-2019-3823: SMTP end-of-response out-of-bounds read"},{"time":1544616000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.63.0-alt1","text":"- 7.63.0"},{"time":1542196800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.62.0-alt3","text":"- enabled idn support (closes: #34103)\n- enabled ldap support\n- enabled brotli support"},{"time":1541073600,"author":"Michael Shigorin <mike@altlinux.org>","evr":"7.62.0-alt2","text":"- added nghttp2 knob (on by default)"},{"time":1540987200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.62.0-alt1","text":"- 7.62.0 \n- fixes:\n  * CVE-2018-16839 - buffer overrun in the SASL authentication code. \n  * CVE-2018-16840 - use-after-free in handle close\n  * CVE-2018-16842 - warning message out-of-buffer read"},{"time":1539259200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.61.1-alt2","text":"- enabled HTTP/2 support"},{"time":1536494400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.61.1-alt1","text":"- 7.61.1 (fixes: CVE-2018-14618)"},{"time":1534420800,"author":"Gleb F-Malinovskiy <glebfm@altlinux.org>","evr":"7.61.0-alt2","text":"- Rebuilt with openssl 1.1.\n- Added BR: libkrb5-devel."},{"time":1531828800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.61.0-alt1","text":"- 7.61.0\n- fixes:\n  * CVE-2018-0500 SMTP send heap buffer overflow"},{"time":1526472000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.60.0-alt1","text":"- 7.60.0 \n- fixes:\n  * CVE-2018-1000300 FTP shutdown response buffer overflow\n  * CVE-2018-1000301 RTSP bad headers buffer over-read"},{"time":1522497600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.59.0-alt1","text":"- new version \n- fixes: \n  * CVE-2018-1000120 FTP path trickery leads to NIL byte out of bounds write\n  * CVE-2018-1000121 LDAP NULL pointer dereference\n  * CVE-2018-1000122  RTSP RTP buffer over-read"},{"time":1516795200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.58.0-alt1","text":"- new version\n- fixes:\n  * CVE-2018-1000005 HTTP/2 trailer out-of-bounds read\n  * CVE-2018-1000007 HTTP authentication leak in redirects"},{"time":1512129600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.57.0-alt1","text":"- new version\n- fixes:\n  * CVE-2017-8818 SSL out of buffer access\n  * CVE-2017-8817 FTP wildcard out of bounds read\n  * CVE-2017-8816 NTLM buffer overflow via integer overflow"},{"time":1508760000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.56.1-alt1","text":"- new version\n- fixes:\n  * CVE-2017-1000257 libcurl contains a buffer overrun flaw in the IMAP handler"},{"time":1507118400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.56.0-alt1","text":"- new version\n- fixes:\n  * CVE-2017-1000254 libcurl may read outside of a heap allocated buffer when doing FTP."},{"time":1502712000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.55.1-alt1","text":"- new version"},{"time":1502280000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.55.0-alt1","text":"- new version with following security fixes:\n   * CVE-2017-1000101 glob: do not parse after a strtoul() overflow range\n   * CVE-2017-1000100 tftp: reject file name lengths that don't fit\n   * CVE-2017-1000099 file: output the correct buffer to the user"},{"time":1497441600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.54.1-alt1","text":"- new version with security fixes:\n  CVE-2017-9502: URL file scheme drive letter buffer overflow"},{"time":1492603200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.54.0-alt1","text":"- new version with security fixes:\n  CVE-2016-5419: TLS session resumption client cert bypass (again)"},{"time":1488196800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.53.1-alt1","text":"- new version"},{"time":1487764800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.53.0-alt1","text":"- new version with security fixes:\n  CVE-2017-2629: SSL_VERIFYSTATUS ignored"},{"time":1482494400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.52.1-alt1","text":"- new version with security fixes:\n  CVE-2016-9594: uninitialized random"},{"time":1482321600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.52.0-alt1","text":"- new version with security fixes:\n  CVE-2016-9586: printf floating point buffer overflow"},{"time":1481112000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.51.0-alt2","text":"- enabled gssapi (closes: #32862)"},{"time":1478088000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.51.0-alt1","text":"- new version with security fixes:\n  CVE-2016-8615: cookie injection for other servers \n  CVE-2016-8616: case insensitive password comparison \n  CVE-2016-8617: OOB write via unchecked multiplication \n  CVE-2016-8618: double-free in curl_maprintf \n  CVE-2016-8619: double-free in krb5 code \n  CVE-2016-8620: glob parser write/read out of bounds \n  CVE-2016-8621: curl_getdate read out of bounds \n  CVE-2016-8622: URL unescape heap overflow via integer truncation \n  CVE-2016-8623: Use-after-free via shared cookies \n  CVE-2016-8624: invalid URL parsing with '#'\n  CVE-2016-8625: IDNA 2003 makes curl use wrong host"},{"time":1477569600,"author":"Vladimir D. Seleznev <vseleznv@altlinux.org>","evr":"7.50.3-alt2","text":"- libcurl-devel: packaged libcurl.m4"},{"time":1473854400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.50.3-alt1","text":"- new version with security fixes (CVE-2016-7167)"},{"time":1473422400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.50.2-alt1","text":"- new version"},{"time":1472212800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.50.1-alt1","text":"- new version"},{"time":1469102400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.50.0-alt1","text":"- new version"},{"time":1464609600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.49.1-alt1","text":"- new version"},{"time":1464004800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.49.0-alt1","text":"- new version"},{"time":1458820800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.48.0-alt1","text":"- new version"},{"time":1457784000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.47.1-alt1","text":"- new version"},{"time":1450008000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.46.0-alt2","text":"- enabled http2 support (closes: #31617)"},{"time":1449489600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.46.0-alt1","text":"- new version"},{"time":1445169600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.45.0-alt1","text":"- new version"},{"time":1434715200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.43.0-alt1","text":"- new version, with fixes for CVE-2015-3236, CVE-2015-3237"},{"time":1430308800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.42.1-alt1","text":"- new version, with fixes for CVE-2015-3153"},{"time":1429704000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.42.0-alt1","text":"- new version, with fixes for CVE-2015-3148, CVE-2015-3143, CVE-2015-3145 \n  and CVE-2015-3144"},{"time":1424865600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.41.0-alt1","text":"- new version"},{"time":1421236800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.40.0-alt1","text":"- new version"},{"time":1415188800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.39.0-alt1","text":"- new version"},{"time":1414670400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.38.0-alt2","text":"- threaded-resolver: revert Curl_expire_latest() switch (closes: #30427)"},{"time":1410350400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.38.0-alt1","text":"- new version"},{"time":1406203200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.37.1-alt1","text":"- new version"},{"time":1402056000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.37.0-alt1","text":"- new version"},{"time":1395835200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.36.0-alt1","text":"- new version\n- added watch file"},{"time":1392379200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.35.0-alt2","text":"- test172 fixed by upstream"},{"time":1390996800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.35.0-alt1","text":"- new version"},{"time":1387281600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.34.0-alt1","text":"- new version"},{"time":1382529600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.33.0-alt1","text":"- new version"},{"time":1376654400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.32.0-alt1","text":"- new version"},{"time":1372075200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.31.0-alt1","text":"- new version"},{"time":1366113600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.30.0-alt1","text":"- new version"},{"time":1360584000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.29.0-alt2","text":"- Fix NULL pointer reference when closing an unused multi handle (closes: #28534)"},{"time":1360152000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.29.0-alt1","text":"- new version"},{"time":1347969600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.27.0-alt1","text":"- new version"},{"time":1338292800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.26.0-alt1","text":"- new version"},{"time":1327406400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.24.0-alt1","text":"- new version (fixes two separate security vulnerabilities)"},{"time":1322136000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.23.1-alt1","text":"- new version"},{"time":1316174400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.22.0-alt1","text":"- new version"},{"time":1309176000,"author":"Gleb F-Malinovskiy <glebfm@altlinux.org>","evr":"7.21.7-alt1","text":"- new version (CVE-2011-2192)"},{"time":1303560000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.6-alt1","text":"- new version"},{"time":1303128000,"author":"Gleb F-Malinovskiy <glebfm@altlinux.org>","evr":"7.21.5-alt2","text":"- fix curl-config script:\n + version: replace VERSION with CURLVERSION\n + checkfor: add Requires: bc"},{"time":1303128000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.5-alt1","text":"- new version"},{"time":1300190400,"author":"Alexey Tourbin <at@altlinux.ru>","evr":"7.21.4-alt2","text":"- libcurl-devel: removed dependencies on libidn-devel libssl-devel zlib-devel\n- applied debug.patch from Fedora to enable -g in CFLAGS"},{"time":1298721600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.4-alt1","text":"- new version\n- enabled test check"},{"time":1297166400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.3-alt1","text":"- new version\n- test suite temporary disabled (it does not work in hasher)"},{"time":1286971200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.2-alt1","text":"- new version"},{"time":1285934400,"author":"Dmitry V. Levin <ldv@altlinux.org>","evr":"7.21.1-alt3","text":"- Removed unused requirement on libcares.\n- Cleaned up package descriptions.\n- Enabled test suite.\n- Built with libssl.so.10."},{"time":1282305600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.1-alt2","text":"- build without libcares (fixed #23891,#23486)"},{"time":1281614400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.1-alt1","text":"- new version\n- enabled build with libssh2"},{"time":1277812800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.0-alt1","text":"- new version"},{"time":1271332800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.20.1-alt1","text":"- new version"},{"time":1265889600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.20.0-alt1","text":"- new version"},{"time":1257681600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.7-alt1","text":"- new version"},{"time":1250164800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.6-alt1","text":"- new version (CVE-2009-2417)"},{"time":1236427200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.4-alt2","text":"- build curl with really external libcares (fixed #19097)"},{"time":1236081600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.4-alt1","text":"- new version (CVE-2009-0037)"},{"time":1234180800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.3-alt3","text":"- build from cvs"},{"time":1234180800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.3-alt2","text":"- curl-config --libs fixed (#18779)"},{"time":1233144000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.3-alt1","text":"- new version"},{"time":1226664000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.2-alt1","text":"- new version"}],"placements":[{"branch":"p11","component":"classic","arch":"src","kind":"source"}]},{"name":"curl","version":"8.12.1","release":"alt2","arch":"src","epoch":null,"source_rpm":"curl-8.12.1-alt2.src.rpm","summary":"Gets a file from a FTP, GOPHER or HTTP server","description":"Curl is a client to get documents/files from servers, using any of the\nsupported protocols. The command is designed to work without user\ninteraction or any kind of interactivity.\n\nCurl offers a busload of useful tricks like proxy support, user\nauthentication, ftp upload, HTTP post, file transfer resume and more.","group":"Networking/File transfer","packager":"Roman Efimenkov <trogjan@altlinux.org>","buildtime":null,"size":20763167,"disttag":null,"filename":"curl-8.12.1-alt2.src.rpm","filesize":2323298,"deps":{"provides":[],"requires":[{"name":"libgnutls30","version":"","flags":0},{"name":"groff-base","version":"","flags":0},{"name":"libidn2-devel","version":"","flags":0},{"name":"libkrb5-devel","version":"","flags":0},{"name":"libgsasl-devel","version":"","flags":0},{"name":"zlib-devel","version":"","flags":0},{"name":"libzstd-devel","version":"","flags":0},{"name":"libpsl-devel","version":"","flags":0},{"name":"libldap-devel","version":"","flags":0},{"name":"libbrotli-devel","version":"","flags":0},{"name":"python3-base","version":"","flags":0},{"name":"/proc","version":"","flags":0},{"name":"libnghttp2-tools","version":"","flags":0},{"name":"gnutls-utils","version":"","flags":0},{"name":"/usr/bin/stunnel","version":"","flags":0},{"name":"perl(Digest/SHA.pm)","version":"","flags":0},{"name":"perl(Memoize.pm)","version":"","flags":0},{"name":"openssh-server","version":"","flags":0},{"name":"openssh-clients","version":"","flags":0},{"name":"caddy","version":"","flags":0},{"name":"pytest3","version":"","flags":0},{"name":"python3-module-cryptography","version":"","flags":0},{"name":"libssl-devel","version":"","flags":0},{"name":"libssh2-devel","version":"","flags":0},{"name":"libnghttp2-devel","version":"","flags":0},{"name":"rpmlib(PayloadIsLzma)","version":"","flags":16777280}],"conflicts":[],"obsoletes":[]},"files":[],"changelog":[{"time":1778673600,"author":"Roman Efimenkov <trogjan@altlinux.org>","evr":"8.12.1-alt2","text":"- Applied upstream patch (fixes: CVE-2026-3783)."},{"time":1739448000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.12.1-alt1","text":"- 8.12.0 -> 8.12.1"},{"time":1738756800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.12.0-alt1","text":"- 8.11.1 -> 8.12.0 (Fixes:  CVE-2025-0665, CVE-2025-0167, CVE-2025-0725)"},{"time":1733918400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.11.1-alt1","text":"- 8.11.0 -> 8.11.1 (Fixes: CVE-2024-11053)"},{"time":1732968000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.11.0-alt2","text":"- applied upstream commit f5c6169 to fix regression\n  with netrc (Closes: #52093)"},{"time":1730894400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.11.0-alt1","text":"- 8.10.0 -> 8.11.0 (Fixes: CVE-2024-9681)"},{"time":1726056000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.10.0-alt1","text":"- 8.9.1 -> 8.10.0 (Fixes: CVE-2024-8096)"},{"time":1722427200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.9.1-alt1","text":"- 8.9.0 -> 8.9.1 (Fixes: CVE-2024-7264)"},{"time":1721822400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.9.0-alt1","text":"- 8.8.0 -> 8.9.0 (Fixes: CVE-2024-6874, CVE-2024-6197)"},{"time":1719835200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.8.0-alt1","text":"- 8.7.1 -> 8.0.0 (Closes: #49883)"},{"time":1713960000,"author":"Andrey Cherepanov <cas@altlinux.org>","evr":"8.7.1-alt2","text":"- NMU: build with --enable-versioned-symbols"},{"time":1711540800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.7.1-alt1","text":"- 8.6.0 -> 8.7.1\n- Fixes:\n   * CVE-2024-2398: HTTP/2 push headers memory-leak\n   * CVE-2024-2004: Usage of disabled protocol"},{"time":1706702400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.6.0-alt1","text":"- 8.5.0 -> 8.6.0\n- Fixes:\n   * CVE-2024-0853 : OCSP verification bypass with TLS session reuse"},{"time":1701864000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.5.0-alt1","text":"- 8.4.0 -> 8.5.0\n- Fixes:\n   * CVE-2023-46218: cookie mixed case PSL bypass\n   * CVE-2023-46219: HSTS long file name clears contents"},{"time":1697025600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.4.0-alt1","text":"- 8.3.0 -> 8.4.0\n- Fixes:\n   * CVE-2023-38545: SOCKS5 heap buffer overflow\n   * CVE-2023-38546"},{"time":1694606400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.3.0-alt1","text":"- 8.2.1 -> 8.3.0\n- Fixes:\n   * CVE-2023-38039 HTTP headers eat all memory\n- relaxed check on armh"},{"time":1690372800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.2.1-alt1","text":"- 8.2.0 -> 8.2.1"},{"time":1689768000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.2.0-alt1","text":"- 8.1.2 -> 8.2.0\n- Fixes:\n   * CVE-2023-32001 fopen race condition"},{"time":1687694400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.1.2-alt2","text":"- built with ngtcp 0.16 and nghttp3 (apply patches from upstream git)"},{"time":1685448000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.1.2-alt1","text":"- 8.1.0 -> 8.1.2"},{"time":1684411200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.1.0-alt2","text":"- built with Gnutls only if QUIC is available"},{"time":1684411200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.1.0-alt1","text":"- 8.0.1 -> 8.1.0\n- descreased the number of tests: apache2-* was removed from BuildRequires to\n  avoid circular dependencies curl -> apache2-mods -> libcurl\n- Fixes:\n   * CVE-2023-28319 UAF in SSH sha256 fingerprint check\n   * CVE-2023-28320 siglongjmp race condition\n   * CVE-2023-28321 IDN wildcard match\n   * CVE-2023-28322 more POST-after-PUT confusion"},{"time":1679400000,"author":"Alexey Shabalin <shaba@altlinux.org>","evr":"8.0.1-alt2","text":"- disable build static library\n- fix configure options\n- fix build with libssh2\n- build with WebSockets support\n- build with gnutls instead of openssl, and build with http3 support\n- increased the number of tests to be execute"},{"time":1679313600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.0.1-alt1","text":"- 8.0.0 -> 8.0.1"},{"time":1679313600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.0.0-alt1","text":"- 7.88.1 -> 8.0.0 (Fixes:  CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536,\n   CVE-2023-27537, CVE-2023-27538)"},{"time":1676894400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.88.1-alt1","text":"- 7.88.0 -> 7.88.1"},{"time":1676462400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.88.0-alt1","text":"- 7.87.0 -> 7.88.0 (Closes: #45281)\n- Fixes:\n  * CVE-2023-23914: HSTS ignored on multiple requests\n  * CVE-2023-23915: HSTS amnesia with --parallel\n  * CVE-2023-23916: HTTP multi-header compression denial of service"},{"time":1671624000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.87.0-alt1","text":"- 7.86.0 -> 7.87.0\n- Fixes:\n  * CVE-2022-43551: Another HSTS bypass via IDN\n  * CVE-2022-43552: HTTP Proxy deny use-after-free"},{"time":1666785600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.86.0-alt1","text":"- 7.85.0 -> 7.86.0\n- Fixes:\n  * CVE-2022-32221: POST following PUT confusion\n  * CVE-2022-35260: .netrc parser out-of-bounds access\n  * CVE-2022-42915: HTTP proxy double-free\n  * CVE-2022-42916: HSTS bypass via IDN"},{"time":1661947200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.85.0-alt1","text":"- 7.84.0 -> 7.85.0\n- Fixes:\n  * CVE-2022-35252: control code in cookie denial of service"},{"time":1660132800,"author":"Egor Ignatov <egori@altlinux.org>","evr":"7.84.0-alt2","text":"- backport upstream fixes:\n  + lib3026: reduce the number of threads to 100 (#9172)\n  + easy_lock.h: include sched.h if available to fix build (#9054)"},{"time":1656331200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.84.0-alt1","text":"- 7.84.0\n- Fixes:\n  * CVE-2022-32208: FTP-KRB bad message verification\n  * CVE-2022-32207: Unpreserved file permissions\n  * CVE-2022-32206: HTTP compression denial of service\n  * CVE-2022-32205: Set-Cookie denial of service"},{"time":1652270400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.83.1-alt1","text":"- 7.83.1\n- Fixes:\n  * CVE-2022-30115: HSTS bypass via trailing dot\n  * CVE-2022-27782: TLS and SSH connection too eager reuse\n  * CVE-2022-27781: CERTINFO never-ending busy-loop\n  * CVE-2022-27780: percent-encoded path separator in URL host\n  * CVE-2022-27779: cookie for trailing dot TLD\n  * CVE-2022-27778: curl removes wrong file on error"},{"time":1651147200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.83.0-alt1","text":"- 7.83.0 (Fixes: CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776)"},{"time":1646827200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.82.0-alt1","text":"- 7.81.0 -> 7.82.0"},{"time":1641643200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.81.0-alt2","text":"- disabled rewindaftersend logic for auth via kerberos to resolve problems with\n  hdfs (fix for curl issue #8264)"},{"time":1641384000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.81.0-alt1","text":"- 7.80.0 -> 7.81.0"},{"time":1637409600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.80.0-alt1","text":"- 7.79.1 -> 7.80.0"},{"time":1632571200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.79.1-alt1","text":"- 7.79.1"},{"time":1632225600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.79.0-alt2","text":"- added patches from curl upstream:\n  * b2e72d2 http: fix the broken >3 digit response code detection\n  * e0742ce Curl_http2_setup: don't change connection data on repeat invokes"},{"time":1631707200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.79.0-alt1","text":"- 7.79.0\n- Fixes:\n  * CVE-2021-22945 clear the leftovers pointer when sending succeeds\n  * CVE-2021-22946 do not ignore --ssl-reqd\n  * CVE-2021-22947 reject STARTTLS server response pipelining"},{"time":1631275200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.78.0-alt2","text":"- fixed FTBFS via -ffat-lto-objects"},{"time":1627387200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.78.0-alt1","text":"- 7.78.0"},{"time":1622030400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.77.0-alt1","text":"- 7.77.0\n- Fixes:\n  * CVE-2021-22897 schannel cipher selection surprise\n  * CVE-2021-22898 TELNET stack contents disclosure\n  * CVE-2021-22901 TLS session caching disaster"},{"time":1618488000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.76.1-alt1","text":"- 7.76.1"},{"time":1617192000,"author":"Anton Farygin <rider@altlinux.org>","evr":"7.76.0-alt1","text":"- 7.76.0\n- Fixes:\n  * CVE-2021-22876 strip credentials from the auto-referer header field\n  * CVE-2021-22890 add 'isproxy' argument to Curl_ssl_get/addsessionid()"},{"time":1614254400,"author":"Anton Farygin <rider@altlinux.org>","evr":"7.75.0-alt1","text":"- 7.75.0"},{"time":1609329600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.74.0-alt1","text":"- 7.74.0\n- Fixes:\n  * CVE-2020-8286 Inferior OCSP verification\n  * CVE-2020-8285 FTP wildcard stack overflow\n  * CVE-2020-8284 trusting FTP PASV responses"},{"time":1602676800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.73.0-alt1","text":"- 7.73.0"},{"time":1597838400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.72.0-alt1","text":"- 7.72.0\n- fixes:\n  * CVE-2020-8231: libcurl: wrong connect-only connection"},{"time":1593777600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.71.1-alt1","text":"- 7.71.1\n- add python3 to BR for tests"},{"time":1593000000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.71.0-alt1","text":"- 7.71.0\n- fixes:\n  * CVE-2020-8177: curl overwrite local file with -J\n  * CVE-2020-8169: Partial password leak over DNS on HTTP redirect"},{"time":1588161600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.70.0-alt1","text":"- 7.70.0\n- removed DEV from version string (with maketgz script)"},{"time":1583928000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.69.1-alt1","text":"- 7.69.1"},{"time":1583928000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.69.0-alt1","text":"- 7.69.0"},{"time":1578657600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.68.0-alt1","text":"- 7.68.0"},{"time":1573473600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.67.0-alt1","text":"- 7.67.0"},{"time":1568203200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.66.0-alt1","text":"- 7.66.0\n- fixes:\n * CVE-2019-5481: FTP-KRB double-free\n * CVE-2019-5482: TFTP small blocksize heap buffer overflow"},{"time":1563883200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.65.3-alt1","text":"- 7.65.3"},{"time":1559736000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.65.1-alt1","text":"- 7.65.1"},{"time":1558526400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.65.0-alt1","text":"- 7.65.0\n- fixes:\n  * CVE-2019-5435: Integer overflows in curl_url_set\n  * CVE-2019-5436: tftp: use the current blksize for recvfrom"},{"time":1553774400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.64.1-alt1","text":"- 7.64.1"},{"time":1552564800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.64.0-alt2","text":"- increased level of verbosity in make check stage"},{"time":1549454400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.64.0-alt1","text":"- 7.64.0\n- fixes:\n  * CVE-2018-16890: NTLM type-2 out-of-bounds buffer read\n  * CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow\n  * CVE-2019-3823: SMTP end-of-response out-of-bounds read"},{"time":1544616000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.63.0-alt1","text":"- 7.63.0"},{"time":1542196800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.62.0-alt3","text":"- enabled idn support (closes: #34103)\n- enabled ldap support\n- enabled brotli support"},{"time":1541073600,"author":"Michael Shigorin <mike@altlinux.org>","evr":"7.62.0-alt2","text":"- added nghttp2 knob (on by default)"},{"time":1540987200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.62.0-alt1","text":"- 7.62.0\n- fixes:\n  * CVE-2018-16839 - buffer overrun in the SASL authentication code.\n  * CVE-2018-16840 - use-after-free in handle close\n  * CVE-2018-16842 - warning message out-of-buffer read"},{"time":1539259200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.61.1-alt2","text":"- enabled HTTP/2 support"},{"time":1536494400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.61.1-alt1","text":"- 7.61.1 (fixes: CVE-2018-14618)"},{"time":1534420800,"author":"Gleb F-Malinovskiy <glebfm@altlinux.org>","evr":"7.61.0-alt2","text":"- Rebuilt with openssl 1.1.\n- Added BR: libkrb5-devel."},{"time":1531828800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.61.0-alt1","text":"- 7.61.0\n- fixes:\n  * CVE-2018-0500 SMTP send heap buffer overflow"},{"time":1526472000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.60.0-alt1","text":"- 7.60.0\n- fixes:\n  * CVE-2018-1000300 FTP shutdown response buffer overflow\n  * CVE-2018-1000301 RTSP bad headers buffer over-read"},{"time":1522497600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.59.0-alt1","text":"- new version\n- fixes:\n  * CVE-2018-1000120 FTP path trickery leads to NIL byte out of bounds write\n  * CVE-2018-1000121 LDAP NULL pointer dereference\n  * CVE-2018-1000122  RTSP RTP buffer over-read"},{"time":1516795200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.58.0-alt1","text":"- new version\n- fixes:\n  * CVE-2018-1000005 HTTP/2 trailer out-of-bounds read\n  * CVE-2018-1000007 HTTP authentication leak in redirects"},{"time":1512129600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.57.0-alt1","text":"- new version\n- fixes:\n  * CVE-2017-8818 SSL out of buffer access\n  * CVE-2017-8817 FTP wildcard out of bounds read\n  * CVE-2017-8816 NTLM buffer overflow via integer overflow"},{"time":1508760000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.56.1-alt1","text":"- new version\n- fixes:\n  * CVE-2017-1000257 libcurl contains a buffer overrun flaw in the IMAP handler"},{"time":1507118400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.56.0-alt1","text":"- new version\n- fixes:\n  * CVE-2017-1000254 libcurl may read outside of a heap allocated buffer when doing FTP."},{"time":1502712000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.55.1-alt1","text":"- new version"},{"time":1502280000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.55.0-alt1","text":"- new version with following security fixes:\n   * CVE-2017-1000101 glob: do not parse after a strtoul() overflow range\n   * CVE-2017-1000100 tftp: reject file name lengths that don't fit\n   * CVE-2017-1000099 file: output the correct buffer to the user"},{"time":1497441600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.54.1-alt1","text":"- new version with security fixes:\n  CVE-2017-9502: URL file scheme drive letter buffer overflow"},{"time":1492603200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.54.0-alt1","text":"- new version with security fixes:\n  CVE-2016-5419: TLS session resumption client cert bypass (again)"},{"time":1488196800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.53.1-alt1","text":"- new version"},{"time":1487764800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.53.0-alt1","text":"- new version with security fixes:\n  CVE-2017-2629: SSL_VERIFYSTATUS ignored"},{"time":1482494400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.52.1-alt1","text":"- new version with security fixes:\n  CVE-2016-9594: uninitialized random"},{"time":1482321600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.52.0-alt1","text":"- new version with security fixes:\n  CVE-2016-9586: printf floating point buffer overflow"},{"time":1481112000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.51.0-alt2","text":"- enabled gssapi (closes: #32862)"},{"time":1478088000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.51.0-alt1","text":"- new version with security fixes:\n  CVE-2016-8615: cookie injection for other servers\n  CVE-2016-8616: case insensitive password comparison\n  CVE-2016-8617: OOB write via unchecked multiplication\n  CVE-2016-8618: double-free in curl_maprintf\n  CVE-2016-8619: double-free in krb5 code\n  CVE-2016-8620: glob parser write/read out of bounds\n  CVE-2016-8621: curl_getdate read out of bounds\n  CVE-2016-8622: URL unescape heap overflow via integer truncation\n  CVE-2016-8623: Use-after-free via shared cookies\n  CVE-2016-8624: invalid URL parsing with '#'\n  CVE-2016-8625: IDNA 2003 makes curl use wrong host"},{"time":1477569600,"author":"Vladimir D. Seleznev <vseleznv@altlinux.org>","evr":"7.50.3-alt2","text":"- libcurl-devel: packaged libcurl.m4"},{"time":1473854400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.50.3-alt1","text":"- new version with security fixes (CVE-2016-7167)"},{"time":1473422400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.50.2-alt1","text":"- new version"},{"time":1472212800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.50.1-alt1","text":"- new version"},{"time":1469102400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.50.0-alt1","text":"- new version"},{"time":1464609600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.49.1-alt1","text":"- new version"},{"time":1464004800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.49.0-alt1","text":"- new version"},{"time":1458820800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.48.0-alt1","text":"- new version"},{"time":1457784000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.47.1-alt1","text":"- new version"},{"time":1450008000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.46.0-alt2","text":"- enabled http2 support (closes: #31617)"},{"time":1449489600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.46.0-alt1","text":"- new version"},{"time":1445169600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.45.0-alt1","text":"- new version"},{"time":1434715200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.43.0-alt1","text":"- new version, with fixes for CVE-2015-3236, CVE-2015-3237"},{"time":1430308800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.42.1-alt1","text":"- new version, with fixes for CVE-2015-3153"},{"time":1429704000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.42.0-alt1","text":"- new version, with fixes for CVE-2015-3148, CVE-2015-3143, CVE-2015-3145\n  and CVE-2015-3144"},{"time":1424865600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.41.0-alt1","text":"- new version"},{"time":1421236800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.40.0-alt1","text":"- new version"},{"time":1415188800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.39.0-alt1","text":"- new version"},{"time":1414670400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.38.0-alt2","text":"- threaded-resolver: revert Curl_expire_latest() switch (closes: #30427)"},{"time":1410350400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.38.0-alt1","text":"- new version"},{"time":1406203200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.37.1-alt1","text":"- new version"},{"time":1402056000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.37.0-alt1","text":"- new version"},{"time":1395835200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.36.0-alt1","text":"- new version\n- added watch file"},{"time":1392379200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.35.0-alt2","text":"- test172 fixed by upstream"},{"time":1390996800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.35.0-alt1","text":"- new version"},{"time":1387281600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.34.0-alt1","text":"- new version"},{"time":1382529600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.33.0-alt1","text":"- new version"},{"time":1376654400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.32.0-alt1","text":"- new version"},{"time":1372075200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.31.0-alt1","text":"- new version"},{"time":1366113600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.30.0-alt1","text":"- new version"},{"time":1360584000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.29.0-alt2","text":"- Fix NULL pointer reference when closing an unused multi handle (closes: #28534)"},{"time":1360152000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.29.0-alt1","text":"- new version"},{"time":1347969600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.27.0-alt1","text":"- new version"},{"time":1338292800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.26.0-alt1","text":"- new version"},{"time":1327406400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.24.0-alt1","text":"- new version (fixes two separate security vulnerabilities)"},{"time":1322136000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.23.1-alt1","text":"- new version"},{"time":1316174400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.22.0-alt1","text":"- new version"},{"time":1309176000,"author":"Gleb F-Malinovskiy <glebfm@altlinux.org>","evr":"7.21.7-alt1","text":"- new version (CVE-2011-2192)"},{"time":1303560000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.6-alt1","text":"- new version"},{"time":1303128000,"author":"Gleb F-Malinovskiy <glebfm@altlinux.org>","evr":"7.21.5-alt2","text":"- fix curl-config script:\n + version: replace VERSION with CURLVERSION\n + checkfor: add Requires: bc"},{"time":1303128000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.5-alt1","text":"- new version"},{"time":1300190400,"author":"Alexey Tourbin <at@altlinux.ru>","evr":"7.21.4-alt2","text":"- libcurl-devel: removed dependencies on libidn-devel libssl-devel zlib-devel\n- applied debug.patch from Fedora to enable -g in CFLAGS"},{"time":1298721600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.4-alt1","text":"- new version\n- enabled test check"},{"time":1297166400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.3-alt1","text":"- new version\n- test suite temporary disabled (it does not work in hasher)"},{"time":1286971200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.2-alt1","text":"- new version"},{"time":1285934400,"author":"Dmitry V. Levin <ldv@altlinux.org>","evr":"7.21.1-alt3","text":"- Removed unused requirement on libcares.\n- Cleaned up package descriptions.\n- Enabled test suite.\n- Built with libssl.so.10."},{"time":1282305600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.1-alt2","text":"- build without libcares (fixed #23891,#23486)"},{"time":1281614400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.1-alt1","text":"- new version\n- enabled build with libssh2"},{"time":1277812800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.0-alt1","text":"- new version"},{"time":1271332800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.20.1-alt1","text":"- new version"},{"time":1265889600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.20.0-alt1","text":"- new version"},{"time":1257681600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.7-alt1","text":"- new version"},{"time":1250164800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.6-alt1","text":"- new version (CVE-2009-2417)"},{"time":1236427200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.4-alt2","text":"- build curl with really external libcares (fixed #19097)"},{"time":1236081600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.4-alt1","text":"- new version (CVE-2009-0037)"},{"time":1234180800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.3-alt3","text":"- build from cvs"},{"time":1234180800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.3-alt2","text":"- curl-config --libs fixed (#18779)"},{"time":1233144000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.3-alt1","text":"- new version"},{"time":1226664000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.2-alt1","text":"- new version"}],"placements":[{"branch":"c10f2","component":"classic","arch":"src","kind":"source"}]},{"name":"curl","version":"8.12.1","release":"alt2","arch":"i586","epoch":null,"source_rpm":"curl-8.12.1-alt2.src.rpm","summary":"Gets a file from a FTP, GOPHER or HTTP server","description":"Curl is a client to get documents/files from servers, using any of the\nsupported protocols. The command is designed to work without user\ninteraction or any kind of interactivity.\n\nCurl offers a busload of useful tricks like proxy support, user\nauthentication, ftp upload, HTTP post, file transfer resume and more.","group":"Networking/File transfer","packager":"Roman Efimenkov <trogjan@altlinux.org>","buildtime":1778702321,"size":594812,"disttag":"c10f2+415761.200.2.1","filename":"curl-8.12.1-alt2.i586.rpm","filesize":242864,"deps":{"provides":[{"name":"curl","version":"8.12.1-alt2:c10f2+415761.200.2.1","flags":8}],"requires":[{"name":"/lib/ld-linux.so.2","version":"","flags":16384},{"name":"libcurl","version":"8.12.1-alt2:c10f2+415761.200.2.1","flags":16392},{"name":"rpmlib(PayloadIsLzma)","version":"","flags":16777280}],"conflicts":[],"obsoletes":[]},"files":["/usr/bin/curl"],"changelog":[{"time":1778673600,"author":"Roman Efimenkov <trogjan@altlinux.org>","evr":"8.12.1-alt2","text":"- Applied upstream patch (fixes: CVE-2026-3783)."},{"time":1739448000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.12.1-alt1","text":"- 8.12.0 -> 8.12.1"},{"time":1738756800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.12.0-alt1","text":"- 8.11.1 -> 8.12.0 (Fixes:  CVE-2025-0665, CVE-2025-0167, CVE-2025-0725)"},{"time":1733918400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.11.1-alt1","text":"- 8.11.0 -> 8.11.1 (Fixes: CVE-2024-11053)"},{"time":1732968000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.11.0-alt2","text":"- applied upstream commit f5c6169 to fix regression\n  with netrc (Closes: #52093)"},{"time":1730894400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.11.0-alt1","text":"- 8.10.0 -> 8.11.0 (Fixes: CVE-2024-9681)"},{"time":1726056000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.10.0-alt1","text":"- 8.9.1 -> 8.10.0 (Fixes: CVE-2024-8096)"},{"time":1722427200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.9.1-alt1","text":"- 8.9.0 -> 8.9.1 (Fixes: CVE-2024-7264)"},{"time":1721822400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.9.0-alt1","text":"- 8.8.0 -> 8.9.0 (Fixes: CVE-2024-6874, CVE-2024-6197)"},{"time":1719835200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.8.0-alt1","text":"- 8.7.1 -> 8.0.0 (Closes: #49883)"},{"time":1713960000,"author":"Andrey Cherepanov <cas@altlinux.org>","evr":"8.7.1-alt2","text":"- NMU: build with --enable-versioned-symbols"},{"time":1711540800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.7.1-alt1","text":"- 8.6.0 -> 8.7.1\n- Fixes:\n   * CVE-2024-2398: HTTP/2 push headers memory-leak\n   * CVE-2024-2004: Usage of disabled protocol"},{"time":1706702400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.6.0-alt1","text":"- 8.5.0 -> 8.6.0\n- Fixes:\n   * CVE-2024-0853 : OCSP verification bypass with TLS session reuse"},{"time":1701864000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.5.0-alt1","text":"- 8.4.0 -> 8.5.0\n- Fixes:\n   * CVE-2023-46218: cookie mixed case PSL bypass\n   * CVE-2023-46219: HSTS long file name clears contents"},{"time":1697025600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.4.0-alt1","text":"- 8.3.0 -> 8.4.0\n- Fixes:\n   * CVE-2023-38545: SOCKS5 heap buffer overflow\n   * CVE-2023-38546"},{"time":1694606400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.3.0-alt1","text":"- 8.2.1 -> 8.3.0\n- Fixes:\n   * CVE-2023-38039 HTTP headers eat all memory\n- relaxed check on armh"},{"time":1690372800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.2.1-alt1","text":"- 8.2.0 -> 8.2.1"},{"time":1689768000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.2.0-alt1","text":"- 8.1.2 -> 8.2.0\n- Fixes:\n   * CVE-2023-32001 fopen race condition"},{"time":1687694400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.1.2-alt2","text":"- built with ngtcp 0.16 and nghttp3 (apply patches from upstream git)"},{"time":1685448000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.1.2-alt1","text":"- 8.1.0 -> 8.1.2"},{"time":1684411200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.1.0-alt2","text":"- built with Gnutls only if QUIC is available"},{"time":1684411200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.1.0-alt1","text":"- 8.0.1 -> 8.1.0\n- descreased the number of tests: apache2-* was removed from BuildRequires to\n  avoid circular dependencies curl -> apache2-mods -> libcurl\n- Fixes:\n   * CVE-2023-28319 UAF in SSH sha256 fingerprint check\n   * CVE-2023-28320 siglongjmp race condition\n   * CVE-2023-28321 IDN wildcard match\n   * CVE-2023-28322 more POST-after-PUT confusion"},{"time":1679400000,"author":"Alexey Shabalin <shaba@altlinux.org>","evr":"8.0.1-alt2","text":"- disable build static library\n- fix configure options\n- fix build with libssh2\n- build with WebSockets support\n- build with gnutls instead of openssl, and build with http3 support\n- increased the number of tests to be execute"},{"time":1679313600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.0.1-alt1","text":"- 8.0.0 -> 8.0.1"},{"time":1679313600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.0.0-alt1","text":"- 7.88.1 -> 8.0.0 (Fixes:  CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536,\n   CVE-2023-27537, CVE-2023-27538)"},{"time":1676894400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.88.1-alt1","text":"- 7.88.0 -> 7.88.1"},{"time":1676462400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.88.0-alt1","text":"- 7.87.0 -> 7.88.0 (Closes: #45281)\n- Fixes:\n  * CVE-2023-23914: HSTS ignored on multiple requests\n  * CVE-2023-23915: HSTS amnesia with --parallel\n  * CVE-2023-23916: HTTP multi-header compression denial of service"},{"time":1671624000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.87.0-alt1","text":"- 7.86.0 -> 7.87.0\n- Fixes:\n  * CVE-2022-43551: Another HSTS bypass via IDN\n  * CVE-2022-43552: HTTP Proxy deny use-after-free"},{"time":1666785600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.86.0-alt1","text":"- 7.85.0 -> 7.86.0\n- Fixes:\n  * CVE-2022-32221: POST following PUT confusion\n  * CVE-2022-35260: .netrc parser out-of-bounds access\n  * CVE-2022-42915: HTTP proxy double-free\n  * CVE-2022-42916: HSTS bypass via IDN"},{"time":1661947200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.85.0-alt1","text":"- 7.84.0 -> 7.85.0\n- Fixes:\n  * CVE-2022-35252: control code in cookie denial of service"},{"time":1660132800,"author":"Egor Ignatov <egori@altlinux.org>","evr":"7.84.0-alt2","text":"- backport upstream fixes:\n  + lib3026: reduce the number of threads to 100 (#9172)\n  + easy_lock.h: include sched.h if available to fix build (#9054)"},{"time":1656331200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.84.0-alt1","text":"- 7.84.0\n- Fixes:\n  * CVE-2022-32208: FTP-KRB bad message verification\n  * CVE-2022-32207: Unpreserved file permissions\n  * CVE-2022-32206: HTTP compression denial of service\n  * CVE-2022-32205: Set-Cookie denial of service"},{"time":1652270400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.83.1-alt1","text":"- 7.83.1\n- Fixes:\n  * CVE-2022-30115: HSTS bypass via trailing dot\n  * CVE-2022-27782: TLS and SSH connection too eager reuse\n  * CVE-2022-27781: CERTINFO never-ending busy-loop\n  * CVE-2022-27780: percent-encoded path separator in URL host\n  * CVE-2022-27779: cookie for trailing dot TLD\n  * CVE-2022-27778: curl removes wrong file on error"},{"time":1651147200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.83.0-alt1","text":"- 7.83.0 (Fixes: CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776)"},{"time":1646827200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.82.0-alt1","text":"- 7.81.0 -> 7.82.0"},{"time":1641643200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.81.0-alt2","text":"- disabled rewindaftersend logic for auth via kerberos to resolve problems with\n  hdfs (fix for curl issue #8264)"},{"time":1641384000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.81.0-alt1","text":"- 7.80.0 -> 7.81.0"},{"time":1637409600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.80.0-alt1","text":"- 7.79.1 -> 7.80.0"},{"time":1632571200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.79.1-alt1","text":"- 7.79.1"},{"time":1632225600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.79.0-alt2","text":"- added patches from curl upstream:\n  * b2e72d2 http: fix the broken >3 digit response code detection\n  * e0742ce Curl_http2_setup: don't change connection data on repeat invokes"},{"time":1631707200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.79.0-alt1","text":"- 7.79.0\n- Fixes:\n  * CVE-2021-22945 clear the leftovers pointer when sending succeeds\n  * CVE-2021-22946 do not ignore --ssl-reqd\n  * CVE-2021-22947 reject STARTTLS server response pipelining"},{"time":1631275200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.78.0-alt2","text":"- fixed FTBFS via -ffat-lto-objects"},{"time":1627387200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.78.0-alt1","text":"- 7.78.0"},{"time":1622030400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.77.0-alt1","text":"- 7.77.0\n- Fixes:\n  * CVE-2021-22897 schannel cipher selection surprise\n  * CVE-2021-22898 TELNET stack contents disclosure\n  * CVE-2021-22901 TLS session caching disaster"},{"time":1618488000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.76.1-alt1","text":"- 7.76.1"},{"time":1617192000,"author":"Anton Farygin <rider@altlinux.org>","evr":"7.76.0-alt1","text":"- 7.76.0\n- Fixes:\n  * CVE-2021-22876 strip credentials from the auto-referer header field\n  * CVE-2021-22890 add 'isproxy' argument to Curl_ssl_get/addsessionid()"},{"time":1614254400,"author":"Anton Farygin <rider@altlinux.org>","evr":"7.75.0-alt1","text":"- 7.75.0"},{"time":1609329600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.74.0-alt1","text":"- 7.74.0\n- Fixes:\n  * CVE-2020-8286 Inferior OCSP verification\n  * CVE-2020-8285 FTP wildcard stack overflow\n  * CVE-2020-8284 trusting FTP PASV responses"},{"time":1602676800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.73.0-alt1","text":"- 7.73.0"},{"time":1597838400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.72.0-alt1","text":"- 7.72.0\n- fixes:\n  * CVE-2020-8231: libcurl: wrong connect-only connection"},{"time":1593777600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.71.1-alt1","text":"- 7.71.1\n- add python3 to BR for tests"},{"time":1593000000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.71.0-alt1","text":"- 7.71.0\n- fixes:\n  * CVE-2020-8177: curl overwrite local file with -J\n  * CVE-2020-8169: Partial password leak over DNS on HTTP redirect"},{"time":1588161600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.70.0-alt1","text":"- 7.70.0\n- removed DEV from version string (with maketgz script)"},{"time":1583928000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.69.1-alt1","text":"- 7.69.1"},{"time":1583928000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.69.0-alt1","text":"- 7.69.0"},{"time":1578657600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.68.0-alt1","text":"- 7.68.0"},{"time":1573473600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.67.0-alt1","text":"- 7.67.0"},{"time":1568203200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.66.0-alt1","text":"- 7.66.0\n- fixes:\n * CVE-2019-5481: FTP-KRB double-free\n * CVE-2019-5482: TFTP small blocksize heap buffer overflow"},{"time":1563883200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.65.3-alt1","text":"- 7.65.3"},{"time":1559736000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.65.1-alt1","text":"- 7.65.1"},{"time":1558526400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.65.0-alt1","text":"- 7.65.0\n- fixes:\n  * CVE-2019-5435: Integer overflows in curl_url_set\n  * CVE-2019-5436: tftp: use the current blksize for recvfrom"},{"time":1553774400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.64.1-alt1","text":"- 7.64.1"},{"time":1552564800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.64.0-alt2","text":"- increased level of verbosity in make check stage"},{"time":1549454400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.64.0-alt1","text":"- 7.64.0\n- fixes:\n  * CVE-2018-16890: NTLM type-2 out-of-bounds buffer read\n  * CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow\n  * CVE-2019-3823: SMTP end-of-response out-of-bounds read"},{"time":1544616000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.63.0-alt1","text":"- 7.63.0"},{"time":1542196800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.62.0-alt3","text":"- enabled idn support (closes: #34103)\n- enabled ldap support\n- enabled brotli support"},{"time":1541073600,"author":"Michael Shigorin <mike@altlinux.org>","evr":"7.62.0-alt2","text":"- added nghttp2 knob (on by default)"},{"time":1540987200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.62.0-alt1","text":"- 7.62.0\n- fixes:\n  * CVE-2018-16839 - buffer overrun in the SASL authentication code.\n  * CVE-2018-16840 - use-after-free in handle close\n  * CVE-2018-16842 - warning message out-of-buffer read"},{"time":1539259200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.61.1-alt2","text":"- enabled HTTP/2 support"},{"time":1536494400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.61.1-alt1","text":"- 7.61.1 (fixes: CVE-2018-14618)"},{"time":1534420800,"author":"Gleb F-Malinovskiy <glebfm@altlinux.org>","evr":"7.61.0-alt2","text":"- Rebuilt with openssl 1.1.\n- Added BR: libkrb5-devel."},{"time":1531828800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.61.0-alt1","text":"- 7.61.0\n- fixes:\n  * CVE-2018-0500 SMTP send heap buffer overflow"},{"time":1526472000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.60.0-alt1","text":"- 7.60.0\n- fixes:\n  * CVE-2018-1000300 FTP shutdown response buffer overflow\n  * CVE-2018-1000301 RTSP bad headers buffer over-read"},{"time":1522497600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.59.0-alt1","text":"- new version\n- fixes:\n  * CVE-2018-1000120 FTP path trickery leads to NIL byte out of bounds write\n  * CVE-2018-1000121 LDAP NULL pointer dereference\n  * CVE-2018-1000122  RTSP RTP buffer over-read"},{"time":1516795200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.58.0-alt1","text":"- new version\n- fixes:\n  * CVE-2018-1000005 HTTP/2 trailer out-of-bounds read\n  * CVE-2018-1000007 HTTP authentication leak in redirects"},{"time":1512129600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.57.0-alt1","text":"- new version\n- fixes:\n  * CVE-2017-8818 SSL out of buffer access\n  * CVE-2017-8817 FTP wildcard out of bounds read\n  * CVE-2017-8816 NTLM buffer overflow via integer overflow"},{"time":1508760000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.56.1-alt1","text":"- new version\n- fixes:\n  * CVE-2017-1000257 libcurl contains a buffer overrun flaw in the IMAP handler"},{"time":1507118400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.56.0-alt1","text":"- new version\n- fixes:\n  * CVE-2017-1000254 libcurl may read outside of a heap allocated buffer when doing FTP."},{"time":1502712000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.55.1-alt1","text":"- new version"},{"time":1502280000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.55.0-alt1","text":"- new version with following security fixes:\n   * CVE-2017-1000101 glob: do not parse after a strtoul() overflow range\n   * CVE-2017-1000100 tftp: reject file name lengths that don't fit\n   * CVE-2017-1000099 file: output the correct buffer to the user"},{"time":1497441600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.54.1-alt1","text":"- new version with security fixes:\n  CVE-2017-9502: URL file scheme drive letter buffer overflow"},{"time":1492603200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.54.0-alt1","text":"- new version with security fixes:\n  CVE-2016-5419: TLS session resumption client cert bypass (again)"},{"time":1488196800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.53.1-alt1","text":"- new version"},{"time":1487764800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.53.0-alt1","text":"- new version with security fixes:\n  CVE-2017-2629: SSL_VERIFYSTATUS ignored"},{"time":1482494400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.52.1-alt1","text":"- new version with security fixes:\n  CVE-2016-9594: uninitialized random"},{"time":1482321600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.52.0-alt1","text":"- new version with security fixes:\n  CVE-2016-9586: printf floating point buffer overflow"},{"time":1481112000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.51.0-alt2","text":"- enabled gssapi (closes: #32862)"},{"time":1478088000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.51.0-alt1","text":"- new version with security fixes:\n  CVE-2016-8615: cookie injection for other servers\n  CVE-2016-8616: case insensitive password comparison\n  CVE-2016-8617: OOB write via unchecked multiplication\n  CVE-2016-8618: double-free in curl_maprintf\n  CVE-2016-8619: double-free in krb5 code\n  CVE-2016-8620: glob parser write/read out of bounds\n  CVE-2016-8621: curl_getdate read out of bounds\n  CVE-2016-8622: URL unescape heap overflow via integer truncation\n  CVE-2016-8623: Use-after-free via shared cookies\n  CVE-2016-8624: invalid URL parsing with '#'\n  CVE-2016-8625: IDNA 2003 makes curl use wrong host"},{"time":1477569600,"author":"Vladimir D. Seleznev <vseleznv@altlinux.org>","evr":"7.50.3-alt2","text":"- libcurl-devel: packaged libcurl.m4"},{"time":1473854400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.50.3-alt1","text":"- new version with security fixes (CVE-2016-7167)"},{"time":1473422400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.50.2-alt1","text":"- new version"},{"time":1472212800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.50.1-alt1","text":"- new version"},{"time":1469102400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.50.0-alt1","text":"- new version"},{"time":1464609600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.49.1-alt1","text":"- new version"},{"time":1464004800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.49.0-alt1","text":"- new version"},{"time":1458820800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.48.0-alt1","text":"- new version"},{"time":1457784000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.47.1-alt1","text":"- new version"},{"time":1450008000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.46.0-alt2","text":"- enabled http2 support (closes: #31617)"},{"time":1449489600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.46.0-alt1","text":"- new version"},{"time":1445169600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.45.0-alt1","text":"- new version"},{"time":1434715200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.43.0-alt1","text":"- new version, with fixes for CVE-2015-3236, CVE-2015-3237"},{"time":1430308800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.42.1-alt1","text":"- new version, with fixes for CVE-2015-3153"},{"time":1429704000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.42.0-alt1","text":"- new version, with fixes for CVE-2015-3148, CVE-2015-3143, CVE-2015-3145\n  and CVE-2015-3144"},{"time":1424865600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.41.0-alt1","text":"- new version"},{"time":1421236800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.40.0-alt1","text":"- new version"},{"time":1415188800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.39.0-alt1","text":"- new version"},{"time":1414670400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.38.0-alt2","text":"- threaded-resolver: revert Curl_expire_latest() switch (closes: #30427)"},{"time":1410350400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.38.0-alt1","text":"- new version"},{"time":1406203200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.37.1-alt1","text":"- new version"},{"time":1402056000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.37.0-alt1","text":"- new version"},{"time":1395835200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.36.0-alt1","text":"- new version\n- added watch file"},{"time":1392379200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.35.0-alt2","text":"- test172 fixed by upstream"},{"time":1390996800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.35.0-alt1","text":"- new version"},{"time":1387281600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.34.0-alt1","text":"- new version"},{"time":1382529600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.33.0-alt1","text":"- new version"},{"time":1376654400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.32.0-alt1","text":"- new version"},{"time":1372075200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.31.0-alt1","text":"- new version"},{"time":1366113600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.30.0-alt1","text":"- new version"},{"time":1360584000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.29.0-alt2","text":"- Fix NULL pointer reference when closing an unused multi handle (closes: #28534)"},{"time":1360152000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.29.0-alt1","text":"- new version"},{"time":1347969600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.27.0-alt1","text":"- new version"},{"time":1338292800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.26.0-alt1","text":"- new version"},{"time":1327406400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.24.0-alt1","text":"- new version (fixes two separate security vulnerabilities)"},{"time":1322136000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.23.1-alt1","text":"- new version"},{"time":1316174400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.22.0-alt1","text":"- new version"},{"time":1309176000,"author":"Gleb F-Malinovskiy <glebfm@altlinux.org>","evr":"7.21.7-alt1","text":"- new version (CVE-2011-2192)"},{"time":1303560000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.6-alt1","text":"- new version"},{"time":1303128000,"author":"Gleb F-Malinovskiy <glebfm@altlinux.org>","evr":"7.21.5-alt2","text":"- fix curl-config script:\n + version: replace VERSION with CURLVERSION\n + checkfor: add Requires: bc"},{"time":1303128000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.5-alt1","text":"- new version"},{"time":1300190400,"author":"Alexey Tourbin <at@altlinux.ru>","evr":"7.21.4-alt2","text":"- libcurl-devel: removed dependencies on libidn-devel libssl-devel zlib-devel\n- applied debug.patch from Fedora to enable -g in CFLAGS"},{"time":1298721600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.4-alt1","text":"- new version\n- enabled test check"},{"time":1297166400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.3-alt1","text":"- new version\n- test suite temporary disabled (it does not work in hasher)"},{"time":1286971200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.2-alt1","text":"- new version"},{"time":1285934400,"author":"Dmitry V. Levin <ldv@altlinux.org>","evr":"7.21.1-alt3","text":"- Removed unused requirement on libcares.\n- Cleaned up package descriptions.\n- Enabled test suite.\n- Built with libssl.so.10."},{"time":1282305600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.1-alt2","text":"- build without libcares (fixed #23891,#23486)"},{"time":1281614400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.1-alt1","text":"- new version\n- enabled build with libssh2"},{"time":1277812800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.0-alt1","text":"- new version"},{"time":1271332800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.20.1-alt1","text":"- new version"},{"time":1265889600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.20.0-alt1","text":"- new version"},{"time":1257681600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.7-alt1","text":"- new version"},{"time":1250164800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.6-alt1","text":"- new version (CVE-2009-2417)"},{"time":1236427200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.4-alt2","text":"- build curl with really external libcares (fixed #19097)"},{"time":1236081600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.4-alt1","text":"- new version (CVE-2009-0037)"},{"time":1234180800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.3-alt3","text":"- build from cvs"},{"time":1234180800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.3-alt2","text":"- curl-config --libs fixed (#18779)"},{"time":1233144000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.3-alt1","text":"- new version"},{"time":1226664000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.2-alt1","text":"- new version"}],"placements":[{"branch":"c10f2","component":"classic","arch":"i586","kind":"binary"}]},{"name":"curl","version":"8.12.0","release":"alt2","arch":"i586","epoch":null,"source_rpm":"curl-8.12.0-alt2.src.rpm","summary":"Gets a file from a FTP, GOPHER or HTTP server","description":"Curl is a client to get documents/files from servers, using any of the\nsupported protocols. The command is designed to work without user\ninteraction or any kind of interactivity.\n\nCurl offers a busload of useful tricks like proxy support, user\nauthentication, ftp upload, HTTP post, file transfer resume and more.","group":"Networking/File transfer","packager":"Roman Efimenkov <trogjan@altlinux.org>","buildtime":1778700593,"size":609384,"disttag":"p10+415760.200.2.1","filename":"curl-8.12.0-alt2.i586.rpm","filesize":247713,"deps":{"provides":[{"name":"curl","version":"8.12.0-alt2:p10+415760.200.2.1","flags":8}],"requires":[{"name":"/lib/ld-linux.so.2","version":"","flags":16384},{"name":"libcurl","version":"8.12.0-alt2:p10+415760.200.2.1","flags":16392},{"name":"rpmlib(PayloadIsLzma)","version":"","flags":16777280}],"conflicts":[],"obsoletes":[]},"files":["/usr/bin/curl"],"changelog":[{"time":1778673600,"author":"Roman Efimenkov <trogjan@altlinux.org>","evr":"8.12.0-alt2","text":"- Applied upstream patch (fixes: CVE-2026-3783)."},{"time":1738756800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.12.0-alt1","text":"- 8.11.1 -> 8.12.0 (Fixes:  CVE-2025-0665, CVE-2025-0167, CVE-2025-0725)"},{"time":1733918400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.11.1-alt1","text":"- 8.11.0 -> 8.11.1 (Fixes: CVE-2024-11053)"},{"time":1732968000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.11.0-alt2","text":"- applied upstream commit f5c6169 to fix regression\n  with netrc (Closes: #52093)"},{"time":1730894400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.11.0-alt1","text":"- 8.10.0 -> 8.11.0 (Fixes: CVE-2024-9681)"},{"time":1726056000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.10.0-alt1","text":"- 8.9.1 -> 8.10.0 (Fixes: CVE-2024-8096)"},{"time":1722427200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.9.1-alt1","text":"- 8.9.0 -> 8.9.1 (Fixes: CVE-2024-7264)"},{"time":1721822400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.9.0-alt1","text":"- 8.8.0 -> 8.9.0 (Fixes: CVE-2024-6874, CVE-2024-6197)"},{"time":1719835200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.8.0-alt1","text":"- 8.7.1 -> 8.0.0 (Closes: #49883)"},{"time":1713960000,"author":"Andrey Cherepanov <cas@altlinux.org>","evr":"8.7.1-alt2","text":"- NMU: build with --enable-versioned-symbols"},{"time":1711540800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.7.1-alt1","text":"- 8.6.0 -> 8.7.1\n- Fixes:\n   * CVE-2024-2398: HTTP/2 push headers memory-leak\n   * CVE-2024-2004: Usage of disabled protocol"},{"time":1706702400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.6.0-alt1","text":"- 8.5.0 -> 8.6.0\n- Fixes:\n   * CVE-2024-0853 : OCSP verification bypass with TLS session reuse"},{"time":1701864000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.5.0-alt1","text":"- 8.4.0 -> 8.5.0\n- Fixes:\n   * CVE-2023-46218: cookie mixed case PSL bypass\n   * CVE-2023-46219: HSTS long file name clears contents"},{"time":1697025600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.4.0-alt1","text":"- 8.3.0 -> 8.4.0\n- Fixes:\n   * CVE-2023-38545: SOCKS5 heap buffer overflow\n   * CVE-2023-38546"},{"time":1694606400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.3.0-alt1","text":"- 8.2.1 -> 8.3.0\n- Fixes:\n   * CVE-2023-38039 HTTP headers eat all memory\n- relaxed check on armh"},{"time":1690372800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.2.1-alt1","text":"- 8.2.0 -> 8.2.1"},{"time":1689768000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.2.0-alt1","text":"- 8.1.2 -> 8.2.0\n- Fixes:\n   * CVE-2023-32001 fopen race condition"},{"time":1687694400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.1.2-alt2","text":"- built with ngtcp 0.16 and nghttp3 (apply patches from upstream git)"},{"time":1685448000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.1.2-alt1","text":"- 8.1.0 -> 8.1.2"},{"time":1684411200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.1.0-alt2","text":"- built with Gnutls only if QUIC is available"},{"time":1684411200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.1.0-alt1","text":"- 8.0.1 -> 8.1.0\n- descreased the number of tests: apache2-* was removed from BuildRequires to\n  avoid circular dependencies curl -> apache2-mods -> libcurl\n- Fixes:\n   * CVE-2023-28319 UAF in SSH sha256 fingerprint check\n   * CVE-2023-28320 siglongjmp race condition\n   * CVE-2023-28321 IDN wildcard match\n   * CVE-2023-28322 more POST-after-PUT confusion"},{"time":1679400000,"author":"Alexey Shabalin <shaba@altlinux.org>","evr":"8.0.1-alt2","text":"- disable build static library\n- fix configure options\n- fix build with libssh2\n- build with WebSockets support\n- build with gnutls instead of openssl, and build with http3 support\n- increased the number of tests to be execute"},{"time":1679313600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.0.1-alt1","text":"- 8.0.0 -> 8.0.1"},{"time":1679313600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.0.0-alt1","text":"- 7.88.1 -> 8.0.0 (Fixes:  CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536,\n   CVE-2023-27537, CVE-2023-27538)"},{"time":1676894400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.88.1-alt1","text":"- 7.88.0 -> 7.88.1"},{"time":1676462400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.88.0-alt1","text":"- 7.87.0 -> 7.88.0 (Closes: #45281)\n- Fixes:\n  * CVE-2023-23914: HSTS ignored on multiple requests\n  * CVE-2023-23915: HSTS amnesia with --parallel\n  * CVE-2023-23916: HTTP multi-header compression denial of service"},{"time":1671624000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.87.0-alt1","text":"- 7.86.0 -> 7.87.0\n- Fixes:\n  * CVE-2022-43551: Another HSTS bypass via IDN\n  * CVE-2022-43552: HTTP Proxy deny use-after-free"},{"time":1666785600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.86.0-alt1","text":"- 7.85.0 -> 7.86.0\n- Fixes:\n  * CVE-2022-32221: POST following PUT confusion\n  * CVE-2022-35260: .netrc parser out-of-bounds access\n  * CVE-2022-42915: HTTP proxy double-free\n  * CVE-2022-42916: HSTS bypass via IDN"},{"time":1661947200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.85.0-alt1","text":"- 7.84.0 -> 7.85.0\n- Fixes:\n  * CVE-2022-35252: control code in cookie denial of service"},{"time":1660132800,"author":"Egor Ignatov <egori@altlinux.org>","evr":"7.84.0-alt2","text":"- backport upstream fixes:\n  + lib3026: reduce the number of threads to 100 (#9172)\n  + easy_lock.h: include sched.h if available to fix build (#9054)"},{"time":1656331200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.84.0-alt1","text":"- 7.84.0\n- Fixes:\n  * CVE-2022-32208: FTP-KRB bad message verification\n  * CVE-2022-32207: Unpreserved file permissions\n  * CVE-2022-32206: HTTP compression denial of service\n  * CVE-2022-32205: Set-Cookie denial of service"},{"time":1652270400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.83.1-alt1","text":"- 7.83.1\n- Fixes:\n  * CVE-2022-30115: HSTS bypass via trailing dot\n  * CVE-2022-27782: TLS and SSH connection too eager reuse\n  * CVE-2022-27781: CERTINFO never-ending busy-loop\n  * CVE-2022-27780: percent-encoded path separator in URL host\n  * CVE-2022-27779: cookie for trailing dot TLD\n  * CVE-2022-27778: curl removes wrong file on error"},{"time":1651147200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.83.0-alt1","text":"- 7.83.0 (Fixes: CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776)"},{"time":1646827200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.82.0-alt1","text":"- 7.81.0 -> 7.82.0"},{"time":1641643200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.81.0-alt2","text":"- disabled rewindaftersend logic for auth via kerberos to resolve problems with\n  hdfs (fix for curl issue #8264)"},{"time":1641384000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.81.0-alt1","text":"- 7.80.0 -> 7.81.0"},{"time":1637409600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.80.0-alt1","text":"- 7.79.1 -> 7.80.0"},{"time":1632571200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.79.1-alt1","text":"- 7.79.1"},{"time":1632225600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.79.0-alt2","text":"- added patches from curl upstream:\n  * b2e72d2 http: fix the broken >3 digit response code detection\n  * e0742ce Curl_http2_setup: don't change connection data on repeat invokes"},{"time":1631707200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.79.0-alt1","text":"- 7.79.0\n- Fixes:\n  * CVE-2021-22945 clear the leftovers pointer when sending succeeds\n  * CVE-2021-22946 do not ignore --ssl-reqd\n  * CVE-2021-22947 reject STARTTLS server response pipelining"},{"time":1631275200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.78.0-alt2","text":"- fixed FTBFS via -ffat-lto-objects"},{"time":1627387200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.78.0-alt1","text":"- 7.78.0"},{"time":1622030400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.77.0-alt1","text":"- 7.77.0\n- Fixes:\n  * CVE-2021-22897 schannel cipher selection surprise\n  * CVE-2021-22898 TELNET stack contents disclosure\n  * CVE-2021-22901 TLS session caching disaster"},{"time":1618488000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.76.1-alt1","text":"- 7.76.1"},{"time":1617192000,"author":"Anton Farygin <rider@altlinux.org>","evr":"7.76.0-alt1","text":"- 7.76.0\n- Fixes:\n  * CVE-2021-22876 strip credentials from the auto-referer header field\n  * CVE-2021-22890 add 'isproxy' argument to Curl_ssl_get/addsessionid()"},{"time":1614254400,"author":"Anton Farygin <rider@altlinux.org>","evr":"7.75.0-alt1","text":"- 7.75.0"},{"time":1609329600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.74.0-alt1","text":"- 7.74.0\n- Fixes:\n  * CVE-2020-8286 Inferior OCSP verification\n  * CVE-2020-8285 FTP wildcard stack overflow\n  * CVE-2020-8284 trusting FTP PASV responses"},{"time":1602676800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.73.0-alt1","text":"- 7.73.0"},{"time":1597838400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.72.0-alt1","text":"- 7.72.0\n- fixes:\n  * CVE-2020-8231: libcurl: wrong connect-only connection"},{"time":1593777600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.71.1-alt1","text":"- 7.71.1\n- add python3 to BR for tests"},{"time":1593000000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.71.0-alt1","text":"- 7.71.0\n- fixes:\n  * CVE-2020-8177: curl overwrite local file with -J\n  * CVE-2020-8169: Partial password leak over DNS on HTTP redirect"},{"time":1588161600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.70.0-alt1","text":"- 7.70.0\n- removed DEV from version string (with maketgz script)"},{"time":1583928000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.69.1-alt1","text":"- 7.69.1"},{"time":1583928000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.69.0-alt1","text":"- 7.69.0"},{"time":1578657600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.68.0-alt1","text":"- 7.68.0"},{"time":1573473600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.67.0-alt1","text":"- 7.67.0"},{"time":1568203200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.66.0-alt1","text":"- 7.66.0\n- fixes:\n * CVE-2019-5481: FTP-KRB double-free\n * CVE-2019-5482: TFTP small blocksize heap buffer overflow"},{"time":1563883200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.65.3-alt1","text":"- 7.65.3"},{"time":1559736000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.65.1-alt1","text":"- 7.65.1"},{"time":1558526400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.65.0-alt1","text":"- 7.65.0\n- fixes:\n  * CVE-2019-5435: Integer overflows in curl_url_set\n  * CVE-2019-5436: tftp: use the current blksize for recvfrom"},{"time":1553774400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.64.1-alt1","text":"- 7.64.1"},{"time":1552564800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.64.0-alt2","text":"- increased level of verbosity in make check stage"},{"time":1549454400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.64.0-alt1","text":"- 7.64.0\n- fixes:\n  * CVE-2018-16890: NTLM type-2 out-of-bounds buffer read\n  * CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow\n  * CVE-2019-3823: SMTP end-of-response out-of-bounds read"},{"time":1544616000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.63.0-alt1","text":"- 7.63.0"},{"time":1542196800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.62.0-alt3","text":"- enabled idn support (closes: #34103)\n- enabled ldap support\n- enabled brotli support"},{"time":1541073600,"author":"Michael Shigorin <mike@altlinux.org>","evr":"7.62.0-alt2","text":"- added nghttp2 knob (on by default)"},{"time":1540987200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.62.0-alt1","text":"- 7.62.0\n- fixes:\n  * CVE-2018-16839 - buffer overrun in the SASL authentication code.\n  * CVE-2018-16840 - use-after-free in handle close\n  * CVE-2018-16842 - warning message out-of-buffer read"},{"time":1539259200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.61.1-alt2","text":"- enabled HTTP/2 support"},{"time":1536494400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.61.1-alt1","text":"- 7.61.1 (fixes: CVE-2018-14618)"},{"time":1534420800,"author":"Gleb F-Malinovskiy <glebfm@altlinux.org>","evr":"7.61.0-alt2","text":"- Rebuilt with openssl 1.1.\n- Added BR: libkrb5-devel."},{"time":1531828800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.61.0-alt1","text":"- 7.61.0\n- fixes:\n  * CVE-2018-0500 SMTP send heap buffer overflow"},{"time":1526472000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.60.0-alt1","text":"- 7.60.0\n- fixes:\n  * CVE-2018-1000300 FTP shutdown response buffer overflow\n  * CVE-2018-1000301 RTSP bad headers buffer over-read"},{"time":1522497600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.59.0-alt1","text":"- new version\n- fixes:\n  * CVE-2018-1000120 FTP path trickery leads to NIL byte out of bounds write\n  * CVE-2018-1000121 LDAP NULL pointer dereference\n  * CVE-2018-1000122  RTSP RTP buffer over-read"},{"time":1516795200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.58.0-alt1","text":"- new version\n- fixes:\n  * CVE-2018-1000005 HTTP/2 trailer out-of-bounds read\n  * CVE-2018-1000007 HTTP authentication leak in redirects"},{"time":1512129600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.57.0-alt1","text":"- new version\n- fixes:\n  * CVE-2017-8818 SSL out of buffer access\n  * CVE-2017-8817 FTP wildcard out of bounds read\n  * CVE-2017-8816 NTLM buffer overflow via integer overflow"},{"time":1508760000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.56.1-alt1","text":"- new version\n- fixes:\n  * CVE-2017-1000257 libcurl contains a buffer overrun flaw in the IMAP handler"},{"time":1507118400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.56.0-alt1","text":"- new version\n- fixes:\n  * CVE-2017-1000254 libcurl may read outside of a heap allocated buffer when doing FTP."},{"time":1502712000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.55.1-alt1","text":"- new version"},{"time":1502280000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.55.0-alt1","text":"- new version with following security fixes:\n   * CVE-2017-1000101 glob: do not parse after a strtoul() overflow range\n   * CVE-2017-1000100 tftp: reject file name lengths that don't fit\n   * CVE-2017-1000099 file: output the correct buffer to the user"},{"time":1497441600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.54.1-alt1","text":"- new version with security fixes:\n  CVE-2017-9502: URL file scheme drive letter buffer overflow"},{"time":1492603200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.54.0-alt1","text":"- new version with security fixes:\n  CVE-2016-5419: TLS session resumption client cert bypass (again)"},{"time":1488196800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.53.1-alt1","text":"- new version"},{"time":1487764800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.53.0-alt1","text":"- new version with security fixes:\n  CVE-2017-2629: SSL_VERIFYSTATUS ignored"},{"time":1482494400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.52.1-alt1","text":"- new version with security fixes:\n  CVE-2016-9594: uninitialized random"},{"time":1482321600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.52.0-alt1","text":"- new version with security fixes:\n  CVE-2016-9586: printf floating point buffer overflow"},{"time":1481112000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.51.0-alt2","text":"- enabled gssapi (closes: #32862)"},{"time":1478088000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.51.0-alt1","text":"- new version with security fixes:\n  CVE-2016-8615: cookie injection for other servers\n  CVE-2016-8616: case insensitive password comparison\n  CVE-2016-8617: OOB write via unchecked multiplication\n  CVE-2016-8618: double-free in curl_maprintf\n  CVE-2016-8619: double-free in krb5 code\n  CVE-2016-8620: glob parser write/read out of bounds\n  CVE-2016-8621: curl_getdate read out of bounds\n  CVE-2016-8622: URL unescape heap overflow via integer truncation\n  CVE-2016-8623: Use-after-free via shared cookies\n  CVE-2016-8624: invalid URL parsing with '#'\n  CVE-2016-8625: IDNA 2003 makes curl use wrong host"},{"time":1477569600,"author":"Vladimir D. Seleznev <vseleznv@altlinux.org>","evr":"7.50.3-alt2","text":"- libcurl-devel: packaged libcurl.m4"},{"time":1473854400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.50.3-alt1","text":"- new version with security fixes (CVE-2016-7167)"},{"time":1473422400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.50.2-alt1","text":"- new version"},{"time":1472212800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.50.1-alt1","text":"- new version"},{"time":1469102400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.50.0-alt1","text":"- new version"},{"time":1464609600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.49.1-alt1","text":"- new version"},{"time":1464004800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.49.0-alt1","text":"- new version"},{"time":1458820800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.48.0-alt1","text":"- new version"},{"time":1457784000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.47.1-alt1","text":"- new version"},{"time":1450008000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.46.0-alt2","text":"- enabled http2 support (closes: #31617)"},{"time":1449489600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.46.0-alt1","text":"- new version"},{"time":1445169600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.45.0-alt1","text":"- new version"},{"time":1434715200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.43.0-alt1","text":"- new version, with fixes for CVE-2015-3236, CVE-2015-3237"},{"time":1430308800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.42.1-alt1","text":"- new version, with fixes for CVE-2015-3153"},{"time":1429704000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.42.0-alt1","text":"- new version, with fixes for CVE-2015-3148, CVE-2015-3143, CVE-2015-3145\n  and CVE-2015-3144"},{"time":1424865600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.41.0-alt1","text":"- new version"},{"time":1421236800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.40.0-alt1","text":"- new version"},{"time":1415188800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.39.0-alt1","text":"- new version"},{"time":1414670400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.38.0-alt2","text":"- threaded-resolver: revert Curl_expire_latest() switch (closes: #30427)"},{"time":1410350400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.38.0-alt1","text":"- new version"},{"time":1406203200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.37.1-alt1","text":"- new version"},{"time":1402056000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.37.0-alt1","text":"- new version"},{"time":1395835200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.36.0-alt1","text":"- new version\n- added watch file"},{"time":1392379200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.35.0-alt2","text":"- test172 fixed by upstream"},{"time":1390996800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.35.0-alt1","text":"- new version"},{"time":1387281600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.34.0-alt1","text":"- new version"},{"time":1382529600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.33.0-alt1","text":"- new version"},{"time":1376654400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.32.0-alt1","text":"- new version"},{"time":1372075200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.31.0-alt1","text":"- new version"},{"time":1366113600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.30.0-alt1","text":"- new version"},{"time":1360584000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.29.0-alt2","text":"- Fix NULL pointer reference when closing an unused multi handle (closes: #28534)"},{"time":1360152000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.29.0-alt1","text":"- new version"},{"time":1347969600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.27.0-alt1","text":"- new version"},{"time":1338292800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.26.0-alt1","text":"- new version"},{"time":1327406400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.24.0-alt1","text":"- new version (fixes two separate security vulnerabilities)"},{"time":1322136000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.23.1-alt1","text":"- new version"},{"time":1316174400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.22.0-alt1","text":"- new version"},{"time":1309176000,"author":"Gleb F-Malinovskiy <glebfm@altlinux.org>","evr":"7.21.7-alt1","text":"- new version (CVE-2011-2192)"},{"time":1303560000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.6-alt1","text":"- new version"},{"time":1303128000,"author":"Gleb F-Malinovskiy <glebfm@altlinux.org>","evr":"7.21.5-alt2","text":"- fix curl-config script:\n + version: replace VERSION with CURLVERSION\n + checkfor: add Requires: bc"},{"time":1303128000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.5-alt1","text":"- new version"},{"time":1300190400,"author":"Alexey Tourbin <at@altlinux.ru>","evr":"7.21.4-alt2","text":"- libcurl-devel: removed dependencies on libidn-devel libssl-devel zlib-devel\n- applied debug.patch from Fedora to enable -g in CFLAGS"},{"time":1298721600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.4-alt1","text":"- new version\n- enabled test check"},{"time":1297166400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.3-alt1","text":"- new version\n- test suite temporary disabled (it does not work in hasher)"},{"time":1286971200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.2-alt1","text":"- new version"},{"time":1285934400,"author":"Dmitry V. Levin <ldv@altlinux.org>","evr":"7.21.1-alt3","text":"- Removed unused requirement on libcares.\n- Cleaned up package descriptions.\n- Enabled test suite.\n- Built with libssl.so.10."},{"time":1282305600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.1-alt2","text":"- build without libcares (fixed #23891,#23486)"},{"time":1281614400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.1-alt1","text":"- new version\n- enabled build with libssh2"},{"time":1277812800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.0-alt1","text":"- new version"},{"time":1271332800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.20.1-alt1","text":"- new version"},{"time":1265889600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.20.0-alt1","text":"- new version"},{"time":1257681600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.7-alt1","text":"- new version"},{"time":1250164800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.6-alt1","text":"- new version (CVE-2009-2417)"},{"time":1236427200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.4-alt2","text":"- build curl with really external libcares (fixed #19097)"},{"time":1236081600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.4-alt1","text":"- new version (CVE-2009-0037)"},{"time":1234180800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.3-alt3","text":"- build from cvs"},{"time":1234180800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.3-alt2","text":"- curl-config --libs fixed (#18779)"},{"time":1233144000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.3-alt1","text":"- new version"},{"time":1226664000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.2-alt1","text":"- new version"}],"placements":[{"branch":"p10","component":"classic","arch":"i586","kind":"binary"}]},{"name":"curl","version":"8.12.1","release":"alt2","arch":"x86_64","epoch":null,"source_rpm":"curl-8.12.1-alt2.src.rpm","summary":"Gets a file from a FTP, GOPHER or HTTP server","description":"Curl is a client to get documents/files from servers, using any of the\nsupported protocols. The command is designed to work without user\ninteraction or any kind of interactivity.\n\nCurl offers a busload of useful tricks like proxy support, user\nauthentication, ftp upload, HTTP post, file transfer resume and more.","group":"Networking/File transfer","packager":"Roman Efimenkov <trogjan@altlinux.org>","buildtime":1778702290,"size":693812,"disttag":"c10f2+415761.200.2.1","filename":"curl-8.12.1-alt2.x86_64.rpm","filesize":245512,"deps":{"provides":[{"name":"curl","version":"8.12.1-alt2:c10f2+415761.200.2.1","flags":8}],"requires":[{"name":"/lib64/ld-linux-x86-64.so.2","version":"","flags":16384},{"name":"libcurl","version":"8.12.1-alt2:c10f2+415761.200.2.1","flags":16392},{"name":"rpmlib(PayloadIsLzma)","version":"","flags":16777280}],"conflicts":[],"obsoletes":[]},"files":["/usr/bin/curl"],"changelog":[{"time":1778673600,"author":"Roman Efimenkov <trogjan@altlinux.org>","evr":"8.12.1-alt2","text":"- Applied upstream patch (fixes: CVE-2026-3783)."},{"time":1739448000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.12.1-alt1","text":"- 8.12.0 -> 8.12.1"},{"time":1738756800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.12.0-alt1","text":"- 8.11.1 -> 8.12.0 (Fixes:  CVE-2025-0665, CVE-2025-0167, CVE-2025-0725)"},{"time":1733918400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.11.1-alt1","text":"- 8.11.0 -> 8.11.1 (Fixes: CVE-2024-11053)"},{"time":1732968000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.11.0-alt2","text":"- applied upstream commit f5c6169 to fix regression\n  with netrc (Closes: #52093)"},{"time":1730894400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.11.0-alt1","text":"- 8.10.0 -> 8.11.0 (Fixes: CVE-2024-9681)"},{"time":1726056000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.10.0-alt1","text":"- 8.9.1 -> 8.10.0 (Fixes: CVE-2024-8096)"},{"time":1722427200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.9.1-alt1","text":"- 8.9.0 -> 8.9.1 (Fixes: CVE-2024-7264)"},{"time":1721822400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.9.0-alt1","text":"- 8.8.0 -> 8.9.0 (Fixes: CVE-2024-6874, CVE-2024-6197)"},{"time":1719835200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.8.0-alt1","text":"- 8.7.1 -> 8.0.0 (Closes: #49883)"},{"time":1713960000,"author":"Andrey Cherepanov <cas@altlinux.org>","evr":"8.7.1-alt2","text":"- NMU: build with --enable-versioned-symbols"},{"time":1711540800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.7.1-alt1","text":"- 8.6.0 -> 8.7.1\n- Fixes:\n   * CVE-2024-2398: HTTP/2 push headers memory-leak\n   * CVE-2024-2004: Usage of disabled protocol"},{"time":1706702400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.6.0-alt1","text":"- 8.5.0 -> 8.6.0\n- Fixes:\n   * CVE-2024-0853 : OCSP verification bypass with TLS session reuse"},{"time":1701864000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.5.0-alt1","text":"- 8.4.0 -> 8.5.0\n- Fixes:\n   * CVE-2023-46218: cookie mixed case PSL bypass\n   * CVE-2023-46219: HSTS long file name clears contents"},{"time":1697025600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.4.0-alt1","text":"- 8.3.0 -> 8.4.0\n- Fixes:\n   * CVE-2023-38545: SOCKS5 heap buffer overflow\n   * CVE-2023-38546"},{"time":1694606400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.3.0-alt1","text":"- 8.2.1 -> 8.3.0\n- Fixes:\n   * CVE-2023-38039 HTTP headers eat all memory\n- relaxed check on armh"},{"time":1690372800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.2.1-alt1","text":"- 8.2.0 -> 8.2.1"},{"time":1689768000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.2.0-alt1","text":"- 8.1.2 -> 8.2.0\n- Fixes:\n   * CVE-2023-32001 fopen race condition"},{"time":1687694400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.1.2-alt2","text":"- built with ngtcp 0.16 and nghttp3 (apply patches from upstream git)"},{"time":1685448000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.1.2-alt1","text":"- 8.1.0 -> 8.1.2"},{"time":1684411200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.1.0-alt2","text":"- built with Gnutls only if QUIC is available"},{"time":1684411200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.1.0-alt1","text":"- 8.0.1 -> 8.1.0\n- descreased the number of tests: apache2-* was removed from BuildRequires to\n  avoid circular dependencies curl -> apache2-mods -> libcurl\n- Fixes:\n   * CVE-2023-28319 UAF in SSH sha256 fingerprint check\n   * CVE-2023-28320 siglongjmp race condition\n   * CVE-2023-28321 IDN wildcard match\n   * CVE-2023-28322 more POST-after-PUT confusion"},{"time":1679400000,"author":"Alexey Shabalin <shaba@altlinux.org>","evr":"8.0.1-alt2","text":"- disable build static library\n- fix configure options\n- fix build with libssh2\n- build with WebSockets support\n- build with gnutls instead of openssl, and build with http3 support\n- increased the number of tests to be execute"},{"time":1679313600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.0.1-alt1","text":"- 8.0.0 -> 8.0.1"},{"time":1679313600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.0.0-alt1","text":"- 7.88.1 -> 8.0.0 (Fixes:  CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536,\n   CVE-2023-27537, CVE-2023-27538)"},{"time":1676894400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.88.1-alt1","text":"- 7.88.0 -> 7.88.1"},{"time":1676462400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.88.0-alt1","text":"- 7.87.0 -> 7.88.0 (Closes: #45281)\n- Fixes:\n  * CVE-2023-23914: HSTS ignored on multiple requests\n  * CVE-2023-23915: HSTS amnesia with --parallel\n  * CVE-2023-23916: HTTP multi-header compression denial of service"},{"time":1671624000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.87.0-alt1","text":"- 7.86.0 -> 7.87.0\n- Fixes:\n  * CVE-2022-43551: Another HSTS bypass via IDN\n  * CVE-2022-43552: HTTP Proxy deny use-after-free"},{"time":1666785600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.86.0-alt1","text":"- 7.85.0 -> 7.86.0\n- Fixes:\n  * CVE-2022-32221: POST following PUT confusion\n  * CVE-2022-35260: .netrc parser out-of-bounds access\n  * CVE-2022-42915: HTTP proxy double-free\n  * CVE-2022-42916: HSTS bypass via IDN"},{"time":1661947200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.85.0-alt1","text":"- 7.84.0 -> 7.85.0\n- Fixes:\n  * CVE-2022-35252: control code in cookie denial of service"},{"time":1660132800,"author":"Egor Ignatov <egori@altlinux.org>","evr":"7.84.0-alt2","text":"- backport upstream fixes:\n  + lib3026: reduce the number of threads to 100 (#9172)\n  + easy_lock.h: include sched.h if available to fix build (#9054)"},{"time":1656331200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.84.0-alt1","text":"- 7.84.0\n- Fixes:\n  * CVE-2022-32208: FTP-KRB bad message verification\n  * CVE-2022-32207: Unpreserved file permissions\n  * CVE-2022-32206: HTTP compression denial of service\n  * CVE-2022-32205: Set-Cookie denial of service"},{"time":1652270400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.83.1-alt1","text":"- 7.83.1\n- Fixes:\n  * CVE-2022-30115: HSTS bypass via trailing dot\n  * CVE-2022-27782: TLS and SSH connection too eager reuse\n  * CVE-2022-27781: CERTINFO never-ending busy-loop\n  * CVE-2022-27780: percent-encoded path separator in URL host\n  * CVE-2022-27779: cookie for trailing dot TLD\n  * CVE-2022-27778: curl removes wrong file on error"},{"time":1651147200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.83.0-alt1","text":"- 7.83.0 (Fixes: CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776)"},{"time":1646827200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.82.0-alt1","text":"- 7.81.0 -> 7.82.0"},{"time":1641643200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.81.0-alt2","text":"- disabled rewindaftersend logic for auth via kerberos to resolve problems with\n  hdfs (fix for curl issue #8264)"},{"time":1641384000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.81.0-alt1","text":"- 7.80.0 -> 7.81.0"},{"time":1637409600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.80.0-alt1","text":"- 7.79.1 -> 7.80.0"},{"time":1632571200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.79.1-alt1","text":"- 7.79.1"},{"time":1632225600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.79.0-alt2","text":"- added patches from curl upstream:\n  * b2e72d2 http: fix the broken >3 digit response code detection\n  * e0742ce Curl_http2_setup: don't change connection data on repeat invokes"},{"time":1631707200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.79.0-alt1","text":"- 7.79.0\n- Fixes:\n  * CVE-2021-22945 clear the leftovers pointer when sending succeeds\n  * CVE-2021-22946 do not ignore --ssl-reqd\n  * CVE-2021-22947 reject STARTTLS server response pipelining"},{"time":1631275200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.78.0-alt2","text":"- fixed FTBFS via -ffat-lto-objects"},{"time":1627387200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.78.0-alt1","text":"- 7.78.0"},{"time":1622030400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.77.0-alt1","text":"- 7.77.0\n- Fixes:\n  * CVE-2021-22897 schannel cipher selection surprise\n  * CVE-2021-22898 TELNET stack contents disclosure\n  * CVE-2021-22901 TLS session caching disaster"},{"time":1618488000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.76.1-alt1","text":"- 7.76.1"},{"time":1617192000,"author":"Anton Farygin <rider@altlinux.org>","evr":"7.76.0-alt1","text":"- 7.76.0\n- Fixes:\n  * CVE-2021-22876 strip credentials from the auto-referer header field\n  * CVE-2021-22890 add 'isproxy' argument to Curl_ssl_get/addsessionid()"},{"time":1614254400,"author":"Anton Farygin <rider@altlinux.org>","evr":"7.75.0-alt1","text":"- 7.75.0"},{"time":1609329600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.74.0-alt1","text":"- 7.74.0\n- Fixes:\n  * CVE-2020-8286 Inferior OCSP verification\n  * CVE-2020-8285 FTP wildcard stack overflow\n  * CVE-2020-8284 trusting FTP PASV responses"},{"time":1602676800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.73.0-alt1","text":"- 7.73.0"},{"time":1597838400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.72.0-alt1","text":"- 7.72.0\n- fixes:\n  * CVE-2020-8231: libcurl: wrong connect-only connection"},{"time":1593777600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.71.1-alt1","text":"- 7.71.1\n- add python3 to BR for tests"},{"time":1593000000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.71.0-alt1","text":"- 7.71.0\n- fixes:\n  * CVE-2020-8177: curl overwrite local file with -J\n  * CVE-2020-8169: Partial password leak over DNS on HTTP redirect"},{"time":1588161600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.70.0-alt1","text":"- 7.70.0\n- removed DEV from version string (with maketgz script)"},{"time":1583928000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.69.1-alt1","text":"- 7.69.1"},{"time":1583928000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.69.0-alt1","text":"- 7.69.0"},{"time":1578657600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.68.0-alt1","text":"- 7.68.0"},{"time":1573473600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.67.0-alt1","text":"- 7.67.0"},{"time":1568203200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.66.0-alt1","text":"- 7.66.0\n- fixes:\n * CVE-2019-5481: FTP-KRB double-free\n * CVE-2019-5482: TFTP small blocksize heap buffer overflow"},{"time":1563883200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.65.3-alt1","text":"- 7.65.3"},{"time":1559736000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.65.1-alt1","text":"- 7.65.1"},{"time":1558526400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.65.0-alt1","text":"- 7.65.0\n- fixes:\n  * CVE-2019-5435: Integer overflows in curl_url_set\n  * CVE-2019-5436: tftp: use the current blksize for recvfrom"},{"time":1553774400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.64.1-alt1","text":"- 7.64.1"},{"time":1552564800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.64.0-alt2","text":"- increased level of verbosity in make check stage"},{"time":1549454400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.64.0-alt1","text":"- 7.64.0\n- fixes:\n  * CVE-2018-16890: NTLM type-2 out-of-bounds buffer read\n  * CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow\n  * CVE-2019-3823: SMTP end-of-response out-of-bounds read"},{"time":1544616000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.63.0-alt1","text":"- 7.63.0"},{"time":1542196800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.62.0-alt3","text":"- enabled idn support (closes: #34103)\n- enabled ldap support\n- enabled brotli support"},{"time":1541073600,"author":"Michael Shigorin <mike@altlinux.org>","evr":"7.62.0-alt2","text":"- added nghttp2 knob (on by default)"},{"time":1540987200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.62.0-alt1","text":"- 7.62.0\n- fixes:\n  * CVE-2018-16839 - buffer overrun in the SASL authentication code.\n  * CVE-2018-16840 - use-after-free in handle close\n  * CVE-2018-16842 - warning message out-of-buffer read"},{"time":1539259200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.61.1-alt2","text":"- enabled HTTP/2 support"},{"time":1536494400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.61.1-alt1","text":"- 7.61.1 (fixes: CVE-2018-14618)"},{"time":1534420800,"author":"Gleb F-Malinovskiy <glebfm@altlinux.org>","evr":"7.61.0-alt2","text":"- Rebuilt with openssl 1.1.\n- Added BR: libkrb5-devel."},{"time":1531828800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.61.0-alt1","text":"- 7.61.0\n- fixes:\n  * CVE-2018-0500 SMTP send heap buffer overflow"},{"time":1526472000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.60.0-alt1","text":"- 7.60.0\n- fixes:\n  * CVE-2018-1000300 FTP shutdown response buffer overflow\n  * CVE-2018-1000301 RTSP bad headers buffer over-read"},{"time":1522497600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.59.0-alt1","text":"- new version\n- fixes:\n  * CVE-2018-1000120 FTP path trickery leads to NIL byte out of bounds write\n  * CVE-2018-1000121 LDAP NULL pointer dereference\n  * CVE-2018-1000122  RTSP RTP buffer over-read"},{"time":1516795200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.58.0-alt1","text":"- new version\n- fixes:\n  * CVE-2018-1000005 HTTP/2 trailer out-of-bounds read\n  * CVE-2018-1000007 HTTP authentication leak in redirects"},{"time":1512129600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.57.0-alt1","text":"- new version\n- fixes:\n  * CVE-2017-8818 SSL out of buffer access\n  * CVE-2017-8817 FTP wildcard out of bounds read\n  * CVE-2017-8816 NTLM buffer overflow via integer overflow"},{"time":1508760000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.56.1-alt1","text":"- new version\n- fixes:\n  * CVE-2017-1000257 libcurl contains a buffer overrun flaw in the IMAP handler"},{"time":1507118400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.56.0-alt1","text":"- new version\n- fixes:\n  * CVE-2017-1000254 libcurl may read outside of a heap allocated buffer when doing FTP."},{"time":1502712000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.55.1-alt1","text":"- new version"},{"time":1502280000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.55.0-alt1","text":"- new version with following security fixes:\n   * CVE-2017-1000101 glob: do not parse after a strtoul() overflow range\n   * CVE-2017-1000100 tftp: reject file name lengths that don't fit\n   * CVE-2017-1000099 file: output the correct buffer to the user"},{"time":1497441600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.54.1-alt1","text":"- new version with security fixes:\n  CVE-2017-9502: URL file scheme drive letter buffer overflow"},{"time":1492603200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.54.0-alt1","text":"- new version with security fixes:\n  CVE-2016-5419: TLS session resumption client cert bypass (again)"},{"time":1488196800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.53.1-alt1","text":"- new version"},{"time":1487764800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.53.0-alt1","text":"- new version with security fixes:\n  CVE-2017-2629: SSL_VERIFYSTATUS ignored"},{"time":1482494400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.52.1-alt1","text":"- new version with security fixes:\n  CVE-2016-9594: uninitialized random"},{"time":1482321600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.52.0-alt1","text":"- new version with security fixes:\n  CVE-2016-9586: printf floating point buffer overflow"},{"time":1481112000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.51.0-alt2","text":"- enabled gssapi (closes: #32862)"},{"time":1478088000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.51.0-alt1","text":"- new version with security fixes:\n  CVE-2016-8615: cookie injection for other servers\n  CVE-2016-8616: case insensitive password comparison\n  CVE-2016-8617: OOB write via unchecked multiplication\n  CVE-2016-8618: double-free in curl_maprintf\n  CVE-2016-8619: double-free in krb5 code\n  CVE-2016-8620: glob parser write/read out of bounds\n  CVE-2016-8621: curl_getdate read out of bounds\n  CVE-2016-8622: URL unescape heap overflow via integer truncation\n  CVE-2016-8623: Use-after-free via shared cookies\n  CVE-2016-8624: invalid URL parsing with '#'\n  CVE-2016-8625: IDNA 2003 makes curl use wrong host"},{"time":1477569600,"author":"Vladimir D. Seleznev <vseleznv@altlinux.org>","evr":"7.50.3-alt2","text":"- libcurl-devel: packaged libcurl.m4"},{"time":1473854400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.50.3-alt1","text":"- new version with security fixes (CVE-2016-7167)"},{"time":1473422400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.50.2-alt1","text":"- new version"},{"time":1472212800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.50.1-alt1","text":"- new version"},{"time":1469102400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.50.0-alt1","text":"- new version"},{"time":1464609600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.49.1-alt1","text":"- new version"},{"time":1464004800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.49.0-alt1","text":"- new version"},{"time":1458820800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.48.0-alt1","text":"- new version"},{"time":1457784000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.47.1-alt1","text":"- new version"},{"time":1450008000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.46.0-alt2","text":"- enabled http2 support (closes: #31617)"},{"time":1449489600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.46.0-alt1","text":"- new version"},{"time":1445169600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.45.0-alt1","text":"- new version"},{"time":1434715200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.43.0-alt1","text":"- new version, with fixes for CVE-2015-3236, CVE-2015-3237"},{"time":1430308800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.42.1-alt1","text":"- new version, with fixes for CVE-2015-3153"},{"time":1429704000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.42.0-alt1","text":"- new version, with fixes for CVE-2015-3148, CVE-2015-3143, CVE-2015-3145\n  and CVE-2015-3144"},{"time":1424865600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.41.0-alt1","text":"- new version"},{"time":1421236800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.40.0-alt1","text":"- new version"},{"time":1415188800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.39.0-alt1","text":"- new version"},{"time":1414670400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.38.0-alt2","text":"- threaded-resolver: revert Curl_expire_latest() switch (closes: #30427)"},{"time":1410350400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.38.0-alt1","text":"- new version"},{"time":1406203200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.37.1-alt1","text":"- new version"},{"time":1402056000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.37.0-alt1","text":"- new version"},{"time":1395835200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.36.0-alt1","text":"- new version\n- added watch file"},{"time":1392379200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.35.0-alt2","text":"- test172 fixed by upstream"},{"time":1390996800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.35.0-alt1","text":"- new version"},{"time":1387281600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.34.0-alt1","text":"- new version"},{"time":1382529600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.33.0-alt1","text":"- new version"},{"time":1376654400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.32.0-alt1","text":"- new version"},{"time":1372075200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.31.0-alt1","text":"- new version"},{"time":1366113600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.30.0-alt1","text":"- new version"},{"time":1360584000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.29.0-alt2","text":"- Fix NULL pointer reference when closing an unused multi handle (closes: #28534)"},{"time":1360152000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.29.0-alt1","text":"- new version"},{"time":1347969600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.27.0-alt1","text":"- new version"},{"time":1338292800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.26.0-alt1","text":"- new version"},{"time":1327406400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.24.0-alt1","text":"- new version (fixes two separate security vulnerabilities)"},{"time":1322136000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.23.1-alt1","text":"- new version"},{"time":1316174400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.22.0-alt1","text":"- new version"},{"time":1309176000,"author":"Gleb F-Malinovskiy <glebfm@altlinux.org>","evr":"7.21.7-alt1","text":"- new version (CVE-2011-2192)"},{"time":1303560000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.6-alt1","text":"- new version"},{"time":1303128000,"author":"Gleb F-Malinovskiy <glebfm@altlinux.org>","evr":"7.21.5-alt2","text":"- fix curl-config script:\n + version: replace VERSION with CURLVERSION\n + checkfor: add Requires: bc"},{"time":1303128000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.5-alt1","text":"- new version"},{"time":1300190400,"author":"Alexey Tourbin <at@altlinux.ru>","evr":"7.21.4-alt2","text":"- libcurl-devel: removed dependencies on libidn-devel libssl-devel zlib-devel\n- applied debug.patch from Fedora to enable -g in CFLAGS"},{"time":1298721600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.4-alt1","text":"- new version\n- enabled test check"},{"time":1297166400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.3-alt1","text":"- new version\n- test suite temporary disabled (it does not work in hasher)"},{"time":1286971200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.2-alt1","text":"- new version"},{"time":1285934400,"author":"Dmitry V. Levin <ldv@altlinux.org>","evr":"7.21.1-alt3","text":"- Removed unused requirement on libcares.\n- Cleaned up package descriptions.\n- Enabled test suite.\n- Built with libssl.so.10."},{"time":1282305600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.1-alt2","text":"- build without libcares (fixed #23891,#23486)"},{"time":1281614400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.1-alt1","text":"- new version\n- enabled build with libssh2"},{"time":1277812800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.0-alt1","text":"- new version"},{"time":1271332800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.20.1-alt1","text":"- new version"},{"time":1265889600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.20.0-alt1","text":"- new version"},{"time":1257681600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.7-alt1","text":"- new version"},{"time":1250164800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.6-alt1","text":"- new version (CVE-2009-2417)"},{"time":1236427200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.4-alt2","text":"- build curl with really external libcares (fixed #19097)"},{"time":1236081600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.4-alt1","text":"- new version (CVE-2009-0037)"},{"time":1234180800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.3-alt3","text":"- build from cvs"},{"time":1234180800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.3-alt2","text":"- curl-config --libs fixed (#18779)"},{"time":1233144000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.3-alt1","text":"- new version"},{"time":1226664000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.2-alt1","text":"- new version"}],"placements":[{"branch":"c10f2","component":"classic","arch":"x86_64","kind":"binary"}]},{"name":"curl","version":"8.21.0","release":"alt1","arch":"src","epoch":null,"source_rpm":"curl-8.21.0-alt1.src.rpm","summary":"Gets a file from a FTP, GOPHER or HTTP server","description":"Curl is a client to get documents/files from servers, using any of the\nsupported protocols. The command is designed to work without user\ninteraction or any kind of interactivity.\n\nCurl offers a busload of useful tricks like proxy support, user\nauthentication, ftp upload, HTTP post, file transfer resume and more.","group":"Networking/File transfer","packager":"Anton Farygin <rider@altlinux.org>","buildtime":null,"size":21233483,"disttag":null,"filename":"curl-8.21.0-alt1.src.rpm","filesize":2440255,"deps":{"provides":[],"requires":[{"name":"libgnutls30","version":"","flags":0},{"name":"groff-base","version":"","flags":0},{"name":"libidn2-devel","version":"","flags":0},{"name":"libkrb5-devel","version":"","flags":0},{"name":"libgsasl-devel","version":"","flags":0},{"name":"zlib-devel","version":"","flags":0},{"name":"libzstd-devel","version":"","flags":0},{"name":"libpsl-devel","version":"","flags":0},{"name":"libldap-devel","version":"","flags":0},{"name":"libbrotli-devel","version":"","flags":0},{"name":"python3-base","version":"","flags":0},{"name":"/proc","version":"","flags":0},{"name":"libnghttp2-tools","version":"","flags":0},{"name":"gnutls-utils","version":"","flags":0},{"name":"/usr/bin/stunnel","version":"","flags":0},{"name":"perl(Digest/SHA.pm)","version":"","flags":0},{"name":"perl(Memoize.pm)","version":"","flags":0},{"name":"openssh-server","version":"","flags":0},{"name":"openssh-clients","version":"","flags":0},{"name":"caddy","version":"","flags":0},{"name":"pytest3","version":"","flags":0},{"name":"python3-module-cryptography","version":"","flags":0},{"name":"apache2-httpd-worker","version":"","flags":0},{"name":"apache2-devel","version":"","flags":0},{"name":"apache2-mod_ssl","version":"","flags":0},{"name":"apache2-mod_http2","version":"","flags":0},{"name":"vsftpd","version":"","flags":0},{"name":"python3-module-pytest-xdist","version":"","flags":0},{"name":"python3-module-psutil","version":"","flags":0},{"name":"python3-module-filelock","version":"","flags":0},{"name":"libgnutls-devel","version":"","flags":0},{"name":"libnettle-devel","version":"","flags":0},{"name":"libssh2-devel","version":"","flags":0},{"name":"libnghttp2-devel","version":"","flags":0},{"name":"libngtcp2-devel","version":"0.15.0","flags":12},{"name":"libnghttp3-devel","version":"","flags":0},{"name":"rpmlib(PayloadIsLzma)","version":"","flags":16777280}],"conflicts":[],"obsoletes":[]},"files":[],"changelog":[{"time":1782302400,"author":"Anton Farygin <rider@altlinux.org>","evr":"8.21.0-alt1","text":"- 8.20.0 -> 8.21.0\n- Fixes:\n  * CVE-2026-12064: proto-default skips SSH verification\n  * CVE-2026-11856: cross-origin Digest auth state leak\n  * CVE-2026-11586: WS Auto-PONG memory exhaustion\n  * CVE-2026-11564: Native CA trust persist\n  * CVE-2026-11352: QUIC zero-length UDP datagrams busy-loop\n  * CVE-2026-10536: HTTP/2 stream-dependency tree UAF\n  * CVE-2026-9547: SSH improper host validation\n  * CVE-2026-9546: sending old referer\n  * CVE-2026-9545: exposing HTTP/3 early data\n  * CVE-2026-9080: UAF after pause in socket callback\n  * CVE-2026-9079: stale proxy password leak\n  * CVE-2026-8932: incomplete mTLS config matching in conn reuse\n  * CVE-2026-8927: env-set cross-proxy Digest auth state leak\n  * CVE-2026-8926: password leak with netrc and user in URL\n  * CVE-2026-8925: SASL double-free\n  * CVE-2026-8924: trailing dot domain super cookie\n  * CVE-2026-8458: wrong reuse for different services\n  * CVE-2026-8286: wrong STARTTLS connection reuse"},{"time":1777464000,"author":"Anton Farygin <rider@altlinux.org>","evr":"8.20.0-alt1","text":"- 8.19.0 -> 8.20.0\n- Fixes:\n  * CVE-2026-7168: cross-proxy Digest auth state leak\n  * CVE-2026-7009: OCSP stapling bypass with Apple SecTrust\n  * CVE-2026-6429: netrc credential leak with reused proxy connection\n  * CVE-2026-6276: stale custom cookie host causes cookie leak\n  * CVE-2026-6253: proxy credentials leak over redirect-to proxy\n  * CVE-2026-5773: wrong reuse of SMB connection\n  * CVE-2026-5545: wrong reuse of HTTP Negotiate connection\n  * CVE-2026-4873: connection reuse ignores TLS requirement"},{"time":1773230400,"author":"Anton Farygin <rider@altlinux.org>","evr":"8.19.0-alt1","text":"- 8.18.0 -> 8.19.0\n- Fixes:\n  * CVE-2026-3805: use after free in SMB connection reuse\n  * CVE-2026-3784: wrong proxy connection reuse with credentials\n  * CVE-2026-3783: token leak with redirect and netrc\n  * CVE-2026-1965: bad reuse of HTTP Negotiate connection"},{"time":1767960000,"author":"Anton Farygin <rider@altlinux.org>","evr":"8.18.0-alt1","text":"- 8.17.0 -> 8.18.0\n- Fixes:\n  * CVE-2025-15224: libssh key passphrase bypass without agent set\n  * CVE-2025-15079: libssh global known_hosts override\n  * CVE-2025-14819: OpenSSL partial chain store policy bypass\n  * CVE-2025-14524: bearer token leak on cross-protocol redirect\n  * CVE-2025-14017: broken TLS options for threaded LDAPS\n  * CVE-2025-13034: No QUIC certificate pinning with GnuTLS"},{"time":1762344000,"author":"Anton Farygin <rider@altlinux.com>","evr":"8.17.0-alt1","text":"- 8.16.0 -> 8.17.0"},{"time":1757505600,"author":"Anton Farygin <rider@altlinux.com>","evr":"8.16.0-alt1","text":"- 8.15.0 -> 8.16.0 (Fixes:  CVE-2025-10148, CVE-2025-9086)"},{"time":1753185600,"author":"Anton Farygin <rider@altlinux.com>","evr":"8.15.0-alt1","text":"- 8.14.1 -> 8.15.0"},{"time":1750852800,"author":"Anton Farygin <rider@altlinux.com>","evr":"8.14.1-alt2","text":"- Added upstream patch to fix --ftp-pasv option (Closes: #54927)"},{"time":1749038400,"author":"Anton Farygin <rider@altlinux.com>","evr":"8.14.1-alt1","text":"- 8.14.0 -> 8.14.1 (Fixes: CVE-2025-5399)\n- turned on more tests"},{"time":1748433600,"author":"Anton Farygin <rider@altlinux.com>","evr":"8.14.0-alt1","text":"- 8.13.0 -> 8.14.0"},{"time":1743595200,"author":"Anton Farygin <rider@altlinux.com>","evr":"8.13.0-alt1","text":"- 8.12.1 -> 8.13.0"},{"time":1739448000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.12.1-alt1","text":"- 8.12.0 -> 8.12.1"},{"time":1738756800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.12.0-alt1","text":"- 8.11.1 -> 8.12.0 (Fixes:  CVE-2025-0665, CVE-2025-0167, CVE-2025-0725)"},{"time":1733918400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.11.1-alt1","text":"- 8.11.0 -> 8.11.1 (Fixes: CVE-2024-11053)"},{"time":1732968000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.11.0-alt2","text":"- applied upstream commit f5c6169 to fix regression\n  with netrc (Closes: #52093)"},{"time":1730894400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.11.0-alt1","text":"- 8.10.0 -> 8.11.0 (Fixes: CVE-2024-9681)"},{"time":1726056000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.10.0-alt1","text":"- 8.9.1 -> 8.10.0 (Fixes: CVE-2024-8096)"},{"time":1722427200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.9.1-alt1","text":"- 8.9.0 -> 8.9.1 (Fixes: CVE-2024-7264)"},{"time":1721822400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.9.0-alt1","text":"- 8.8.0 -> 8.9.0 (Fixes: CVE-2024-6874, CVE-2024-6197)"},{"time":1719835200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.8.0-alt1","text":"- 8.7.1 -> 8.0.0 (Closes: #49883)"},{"time":1713960000,"author":"Andrey Cherepanov <cas@altlinux.org>","evr":"8.7.1-alt2","text":"- NMU: build with --enable-versioned-symbols"},{"time":1711540800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.7.1-alt1","text":"- 8.6.0 -> 8.7.1\n- Fixes:\n   * CVE-2024-2398: HTTP/2 push headers memory-leak\n   * CVE-2024-2004: Usage of disabled protocol"},{"time":1706702400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.6.0-alt1","text":"- 8.5.0 -> 8.6.0\n- Fixes:\n   * CVE-2024-0853 : OCSP verification bypass with TLS session reuse"},{"time":1701864000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.5.0-alt1","text":"- 8.4.0 -> 8.5.0\n- Fixes:\n   * CVE-2023-46218: cookie mixed case PSL bypass\n   * CVE-2023-46219: HSTS long file name clears contents"},{"time":1697025600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.4.0-alt1","text":"- 8.3.0 -> 8.4.0\n- Fixes:\n   * CVE-2023-38545: SOCKS5 heap buffer overflow\n   * CVE-2023-38546"},{"time":1694606400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.3.0-alt1","text":"- 8.2.1 -> 8.3.0\n- Fixes:\n   * CVE-2023-38039 HTTP headers eat all memory\n- relaxed check on armh"},{"time":1690372800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.2.1-alt1","text":"- 8.2.0 -> 8.2.1"},{"time":1689768000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.2.0-alt1","text":"- 8.1.2 -> 8.2.0\n- Fixes:\n   * CVE-2023-32001 fopen race condition"},{"time":1687694400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.1.2-alt2","text":"- built with ngtcp 0.16 and nghttp3 (apply patches from upstream git)"},{"time":1685448000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.1.2-alt1","text":"- 8.1.0 -> 8.1.2"},{"time":1684411200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.1.0-alt2","text":"- built with Gnutls only if QUIC is available"},{"time":1684411200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.1.0-alt1","text":"- 8.0.1 -> 8.1.0\n- descreased the number of tests: apache2-* was removed from BuildRequires to\n  avoid circular dependencies curl -> apache2-mods -> libcurl\n- Fixes:\n   * CVE-2023-28319 UAF in SSH sha256 fingerprint check\n   * CVE-2023-28320 siglongjmp race condition\n   * CVE-2023-28321 IDN wildcard match\n   * CVE-2023-28322 more POST-after-PUT confusion"},{"time":1679400000,"author":"Alexey Shabalin <shaba@altlinux.org>","evr":"8.0.1-alt2","text":"- disable build static library\n- fix configure options\n- fix build with libssh2\n- build with WebSockets support\n- build with gnutls instead of openssl, and build with http3 support\n- increased the number of tests to be execute"},{"time":1679313600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.0.1-alt1","text":"- 8.0.0 -> 8.0.1"},{"time":1679313600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.0.0-alt1","text":"- 7.88.1 -> 8.0.0 (Fixes:  CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536,\n   CVE-2023-27537, CVE-2023-27538)"},{"time":1676894400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.88.1-alt1","text":"- 7.88.0 -> 7.88.1"},{"time":1676462400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.88.0-alt1","text":"- 7.87.0 -> 7.88.0 (Closes: #45281)\n- Fixes:\n  * CVE-2023-23914: HSTS ignored on multiple requests\n  * CVE-2023-23915: HSTS amnesia with --parallel\n  * CVE-2023-23916: HTTP multi-header compression denial of service"},{"time":1671624000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.87.0-alt1","text":"- 7.86.0 -> 7.87.0\n- Fixes:\n  * CVE-2022-43551: Another HSTS bypass via IDN\n  * CVE-2022-43552: HTTP Proxy deny use-after-free"},{"time":1666785600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.86.0-alt1","text":"- 7.85.0 -> 7.86.0\n- Fixes:\n  * CVE-2022-32221: POST following PUT confusion\n  * CVE-2022-35260: .netrc parser out-of-bounds access\n  * CVE-2022-42915: HTTP proxy double-free\n  * CVE-2022-42916: HSTS bypass via IDN"},{"time":1661947200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.85.0-alt1","text":"- 7.84.0 -> 7.85.0\n- Fixes:\n  * CVE-2022-35252: control code in cookie denial of service"},{"time":1660132800,"author":"Egor Ignatov <egori@altlinux.org>","evr":"7.84.0-alt2","text":"- backport upstream fixes:\n  + lib3026: reduce the number of threads to 100 (#9172)\n  + easy_lock.h: include sched.h if available to fix build (#9054)"},{"time":1656331200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.84.0-alt1","text":"- 7.84.0\n- Fixes:\n  * CVE-2022-32208: FTP-KRB bad message verification\n  * CVE-2022-32207: Unpreserved file permissions\n  * CVE-2022-32206: HTTP compression denial of service\n  * CVE-2022-32205: Set-Cookie denial of service"},{"time":1652270400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.83.1-alt1","text":"- 7.83.1\n- Fixes:\n  * CVE-2022-30115: HSTS bypass via trailing dot\n  * CVE-2022-27782: TLS and SSH connection too eager reuse\n  * CVE-2022-27781: CERTINFO never-ending busy-loop\n  * CVE-2022-27780: percent-encoded path separator in URL host\n  * CVE-2022-27779: cookie for trailing dot TLD\n  * CVE-2022-27778: curl removes wrong file on error"},{"time":1651147200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.83.0-alt1","text":"- 7.83.0 (Fixes: CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776)"},{"time":1646827200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.82.0-alt1","text":"- 7.81.0 -> 7.82.0"},{"time":1641643200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.81.0-alt2","text":"- disabled rewindaftersend logic for auth via kerberos to resolve problems with\n  hdfs (fix for curl issue #8264)"},{"time":1641384000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.81.0-alt1","text":"- 7.80.0 -> 7.81.0"},{"time":1637409600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.80.0-alt1","text":"- 7.79.1 -> 7.80.0"},{"time":1632571200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.79.1-alt1","text":"- 7.79.1"},{"time":1632225600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.79.0-alt2","text":"- added patches from curl upstream:\n  * b2e72d2 http: fix the broken >3 digit response code detection\n  * e0742ce Curl_http2_setup: don't change connection data on repeat invokes"},{"time":1631707200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.79.0-alt1","text":"- 7.79.0\n- Fixes:\n  * CVE-2021-22945 clear the leftovers pointer when sending succeeds\n  * CVE-2021-22946 do not ignore --ssl-reqd\n  * CVE-2021-22947 reject STARTTLS server response pipelining"},{"time":1631275200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.78.0-alt2","text":"- fixed FTBFS via -ffat-lto-objects"},{"time":1627387200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.78.0-alt1","text":"- 7.78.0"},{"time":1622030400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.77.0-alt1","text":"- 7.77.0\n- Fixes:\n  * CVE-2021-22897 schannel cipher selection surprise\n  * CVE-2021-22898 TELNET stack contents disclosure\n  * CVE-2021-22901 TLS session caching disaster"},{"time":1618488000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.76.1-alt1","text":"- 7.76.1"},{"time":1617192000,"author":"Anton Farygin <rider@altlinux.org>","evr":"7.76.0-alt1","text":"- 7.76.0\n- Fixes:\n  * CVE-2021-22876 strip credentials from the auto-referer header field\n  * CVE-2021-22890 add 'isproxy' argument to Curl_ssl_get/addsessionid()"},{"time":1614254400,"author":"Anton Farygin <rider@altlinux.org>","evr":"7.75.0-alt1","text":"- 7.75.0"},{"time":1609329600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.74.0-alt1","text":"- 7.74.0\n- Fixes:\n  * CVE-2020-8286 Inferior OCSP verification\n  * CVE-2020-8285 FTP wildcard stack overflow\n  * CVE-2020-8284 trusting FTP PASV responses"},{"time":1602676800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.73.0-alt1","text":"- 7.73.0"},{"time":1597838400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.72.0-alt1","text":"- 7.72.0\n- fixes:\n  * CVE-2020-8231: libcurl: wrong connect-only connection"},{"time":1593777600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.71.1-alt1","text":"- 7.71.1\n- add python3 to BR for tests"},{"time":1593000000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.71.0-alt1","text":"- 7.71.0\n- fixes:\n  * CVE-2020-8177: curl overwrite local file with -J\n  * CVE-2020-8169: Partial password leak over DNS on HTTP redirect"},{"time":1588161600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.70.0-alt1","text":"- 7.70.0\n- removed DEV from version string (with maketgz script)"},{"time":1583928000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.69.1-alt1","text":"- 7.69.1"},{"time":1583928000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.69.0-alt1","text":"- 7.69.0"},{"time":1578657600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.68.0-alt1","text":"- 7.68.0"},{"time":1573473600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.67.0-alt1","text":"- 7.67.0"},{"time":1568203200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.66.0-alt1","text":"- 7.66.0\n- fixes:\n * CVE-2019-5481: FTP-KRB double-free \n * CVE-2019-5482: TFTP small blocksize heap buffer overflow"},{"time":1563883200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.65.3-alt1","text":"- 7.65.3"},{"time":1559736000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.65.1-alt1","text":"- 7.65.1"},{"time":1558526400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.65.0-alt1","text":"- 7.65.0\n- fixes:\n  * CVE-2019-5435: Integer overflows in curl_url_set\n  * CVE-2019-5436: tftp: use the current blksize for recvfrom"},{"time":1553774400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.64.1-alt1","text":"- 7.64.1"},{"time":1552564800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.64.0-alt2","text":"- increased level of verbosity in make check stage"},{"time":1549454400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.64.0-alt1","text":"- 7.64.0\n- fixes:\n  * CVE-2018-16890: NTLM type-2 out-of-bounds buffer read\n  * CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow\n  * CVE-2019-3823: SMTP end-of-response out-of-bounds read"},{"time":1544616000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.63.0-alt1","text":"- 7.63.0"},{"time":1542196800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.62.0-alt3","text":"- enabled idn support (closes: #34103)\n- enabled ldap support\n- enabled brotli support"},{"time":1541073600,"author":"Michael Shigorin <mike@altlinux.org>","evr":"7.62.0-alt2","text":"- added nghttp2 knob (on by default)"},{"time":1540987200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.62.0-alt1","text":"- 7.62.0 \n- fixes:\n  * CVE-2018-16839 - buffer overrun in the SASL authentication code. \n  * CVE-2018-16840 - use-after-free in handle close\n  * CVE-2018-16842 - warning message out-of-buffer read"},{"time":1539259200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.61.1-alt2","text":"- enabled HTTP/2 support"},{"time":1536494400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.61.1-alt1","text":"- 7.61.1 (fixes: CVE-2018-14618)"},{"time":1534420800,"author":"Gleb F-Malinovskiy <glebfm@altlinux.org>","evr":"7.61.0-alt2","text":"- Rebuilt with openssl 1.1.\n- Added BR: libkrb5-devel."},{"time":1531828800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.61.0-alt1","text":"- 7.61.0\n- fixes:\n  * CVE-2018-0500 SMTP send heap buffer overflow"},{"time":1526472000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.60.0-alt1","text":"- 7.60.0 \n- fixes:\n  * CVE-2018-1000300 FTP shutdown response buffer overflow\n  * CVE-2018-1000301 RTSP bad headers buffer over-read"},{"time":1522497600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.59.0-alt1","text":"- new version \n- fixes: \n  * CVE-2018-1000120 FTP path trickery leads to NIL byte out of bounds write\n  * CVE-2018-1000121 LDAP NULL pointer dereference\n  * CVE-2018-1000122  RTSP RTP buffer over-read"},{"time":1516795200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.58.0-alt1","text":"- new version\n- fixes:\n  * CVE-2018-1000005 HTTP/2 trailer out-of-bounds read\n  * CVE-2018-1000007 HTTP authentication leak in redirects"},{"time":1512129600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.57.0-alt1","text":"- new version\n- fixes:\n  * CVE-2017-8818 SSL out of buffer access\n  * CVE-2017-8817 FTP wildcard out of bounds read\n  * CVE-2017-8816 NTLM buffer overflow via integer overflow"},{"time":1508760000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.56.1-alt1","text":"- new version\n- fixes:\n  * CVE-2017-1000257 libcurl contains a buffer overrun flaw in the IMAP handler"},{"time":1507118400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.56.0-alt1","text":"- new version\n- fixes:\n  * CVE-2017-1000254 libcurl may read outside of a heap allocated buffer when doing FTP."},{"time":1502712000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.55.1-alt1","text":"- new version"},{"time":1502280000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.55.0-alt1","text":"- new version with following security fixes:\n   * CVE-2017-1000101 glob: do not parse after a strtoul() overflow range\n   * CVE-2017-1000100 tftp: reject file name lengths that don't fit\n   * CVE-2017-1000099 file: output the correct buffer to the user"},{"time":1497441600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.54.1-alt1","text":"- new version with security fixes:\n  CVE-2017-9502: URL file scheme drive letter buffer overflow"},{"time":1492603200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.54.0-alt1","text":"- new version with security fixes:\n  CVE-2016-5419: TLS session resumption client cert bypass (again)"},{"time":1488196800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.53.1-alt1","text":"- new version"},{"time":1487764800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.53.0-alt1","text":"- new version with security fixes:\n  CVE-2017-2629: SSL_VERIFYSTATUS ignored"},{"time":1482494400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.52.1-alt1","text":"- new version with security fixes:\n  CVE-2016-9594: uninitialized random"},{"time":1482321600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.52.0-alt1","text":"- new version with security fixes:\n  CVE-2016-9586: printf floating point buffer overflow"},{"time":1481112000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.51.0-alt2","text":"- enabled gssapi (closes: #32862)"},{"time":1478088000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.51.0-alt1","text":"- new version with security fixes:\n  CVE-2016-8615: cookie injection for other servers \n  CVE-2016-8616: case insensitive password comparison \n  CVE-2016-8617: OOB write via unchecked multiplication \n  CVE-2016-8618: double-free in curl_maprintf \n  CVE-2016-8619: double-free in krb5 code \n  CVE-2016-8620: glob parser write/read out of bounds \n  CVE-2016-8621: curl_getdate read out of bounds \n  CVE-2016-8622: URL unescape heap overflow via integer truncation \n  CVE-2016-8623: Use-after-free via shared cookies \n  CVE-2016-8624: invalid URL parsing with '#'\n  CVE-2016-8625: IDNA 2003 makes curl use wrong host"},{"time":1477569600,"author":"Vladimir D. Seleznev <vseleznv@altlinux.org>","evr":"7.50.3-alt2","text":"- libcurl-devel: packaged libcurl.m4"},{"time":1473854400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.50.3-alt1","text":"- new version with security fixes (CVE-2016-7167)"},{"time":1473422400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.50.2-alt1","text":"- new version"},{"time":1472212800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.50.1-alt1","text":"- new version"},{"time":1469102400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.50.0-alt1","text":"- new version"},{"time":1464609600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.49.1-alt1","text":"- new version"},{"time":1464004800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.49.0-alt1","text":"- new version"},{"time":1458820800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.48.0-alt1","text":"- new version"},{"time":1457784000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.47.1-alt1","text":"- new version"},{"time":1450008000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.46.0-alt2","text":"- enabled http2 support (closes: #31617)"},{"time":1449489600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.46.0-alt1","text":"- new version"},{"time":1445169600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.45.0-alt1","text":"- new version"},{"time":1434715200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.43.0-alt1","text":"- new version, with fixes for CVE-2015-3236, CVE-2015-3237"},{"time":1430308800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.42.1-alt1","text":"- new version, with fixes for CVE-2015-3153"},{"time":1429704000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.42.0-alt1","text":"- new version, with fixes for CVE-2015-3148, CVE-2015-3143, CVE-2015-3145 \n  and CVE-2015-3144"},{"time":1424865600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.41.0-alt1","text":"- new version"},{"time":1421236800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.40.0-alt1","text":"- new version"},{"time":1415188800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.39.0-alt1","text":"- new version"},{"time":1414670400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.38.0-alt2","text":"- threaded-resolver: revert Curl_expire_latest() switch (closes: #30427)"},{"time":1410350400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.38.0-alt1","text":"- new version"},{"time":1406203200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.37.1-alt1","text":"- new version"},{"time":1402056000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.37.0-alt1","text":"- new version"},{"time":1395835200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.36.0-alt1","text":"- new version\n- added watch file"},{"time":1392379200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.35.0-alt2","text":"- test172 fixed by upstream"},{"time":1390996800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.35.0-alt1","text":"- new version"},{"time":1387281600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.34.0-alt1","text":"- new version"},{"time":1382529600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.33.0-alt1","text":"- new version"},{"time":1376654400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.32.0-alt1","text":"- new version"},{"time":1372075200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.31.0-alt1","text":"- new version"},{"time":1366113600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.30.0-alt1","text":"- new version"},{"time":1360584000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.29.0-alt2","text":"- Fix NULL pointer reference when closing an unused multi handle (closes: #28534)"},{"time":1360152000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.29.0-alt1","text":"- new version"},{"time":1347969600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.27.0-alt1","text":"- new version"},{"time":1338292800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.26.0-alt1","text":"- new version"},{"time":1327406400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.24.0-alt1","text":"- new version (fixes two separate security vulnerabilities)"},{"time":1322136000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.23.1-alt1","text":"- new version"},{"time":1316174400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.22.0-alt1","text":"- new version"},{"time":1309176000,"author":"Gleb F-Malinovskiy <glebfm@altlinux.org>","evr":"7.21.7-alt1","text":"- new version (CVE-2011-2192)"},{"time":1303560000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.6-alt1","text":"- new version"},{"time":1303128000,"author":"Gleb F-Malinovskiy <glebfm@altlinux.org>","evr":"7.21.5-alt2","text":"- fix curl-config script:\n + version: replace VERSION with CURLVERSION\n + checkfor: add Requires: bc"},{"time":1303128000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.5-alt1","text":"- new version"},{"time":1300190400,"author":"Alexey Tourbin <at@altlinux.ru>","evr":"7.21.4-alt2","text":"- libcurl-devel: removed dependencies on libidn-devel libssl-devel zlib-devel\n- applied debug.patch from Fedora to enable -g in CFLAGS"},{"time":1298721600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.4-alt1","text":"- new version\n- enabled test check"},{"time":1297166400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.3-alt1","text":"- new version\n- test suite temporary disabled (it does not work in hasher)"},{"time":1286971200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.2-alt1","text":"- new version"},{"time":1285934400,"author":"Dmitry V. Levin <ldv@altlinux.org>","evr":"7.21.1-alt3","text":"- Removed unused requirement on libcares.\n- Cleaned up package descriptions.\n- Enabled test suite.\n- Built with libssl.so.10."},{"time":1282305600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.1-alt2","text":"- build without libcares (fixed #23891,#23486)"},{"time":1281614400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.1-alt1","text":"- new version\n- enabled build with libssh2"},{"time":1277812800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.0-alt1","text":"- new version"},{"time":1271332800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.20.1-alt1","text":"- new version"},{"time":1265889600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.20.0-alt1","text":"- new version"},{"time":1257681600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.7-alt1","text":"- new version"},{"time":1250164800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.6-alt1","text":"- new version (CVE-2009-2417)"},{"time":1236427200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.4-alt2","text":"- build curl with really external libcares (fixed #19097)"},{"time":1236081600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.4-alt1","text":"- new version (CVE-2009-0037)"},{"time":1234180800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.3-alt3","text":"- build from cvs"},{"time":1234180800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.3-alt2","text":"- curl-config --libs fixed (#18779)"},{"time":1233144000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.3-alt1","text":"- new version"},{"time":1226664000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.2-alt1","text":"- new version"}],"placements":[{"branch":"sisyphus","component":"classic","arch":"src","kind":"source"}]},{"name":"curl","version":"8.20.0","release":"alt1","arch":"x86_64","epoch":null,"source_rpm":"curl-8.20.0-alt1.src.rpm","summary":"Gets a file from a FTP, GOPHER or HTTP server","description":"Curl is a client to get documents/files from servers, using any of the\nsupported protocols. The command is designed to work without user\ninteraction or any kind of interactivity.\n\nCurl offers a busload of useful tricks like proxy support, user\nauthentication, ftp upload, HTTP post, file transfer resume and more.","group":"Networking/File transfer","packager":"Anton Farygin <rider@altlinux.org>","buildtime":1777996648,"size":780233,"disttag":"p11+416687.100.2.1","filename":"curl-8.20.0-alt1.x86_64.rpm","filesize":275156,"deps":{"provides":[{"name":"curl","version":"8.20.0-alt1:p11+416687.100.2.1","flags":8}],"requires":[{"name":"/bin/sh","version":"","flags":16384},{"name":"/lib64/ld-linux-x86-64.so.2","version":"","flags":16384},{"name":"coreutils","version":"","flags":16384},{"name":"sed","version":"","flags":16384},{"name":"libcurl","version":"8.20.0-alt1:p11+416687.100.2.1","flags":16392},{"name":"rpmlib(PayloadIsLzma)","version":"","flags":16777280}],"conflicts":[],"obsoletes":[]},"files":["/usr/bin/curl","/usr/bin/wcurl"],"changelog":[{"time":1777464000,"author":"Anton Farygin <rider@altlinux.org>","evr":"8.20.0-alt1","text":"- 8.19.0 -> 8.20.0\n- Fixes:\n  * CVE-2026-7168: cross-proxy Digest auth state leak\n  * CVE-2026-7009: OCSP stapling bypass with Apple SecTrust\n  * CVE-2026-6429: netrc credential leak with reused proxy connection\n  * CVE-2026-6276: stale custom cookie host causes cookie leak\n  * CVE-2026-6253: proxy credentials leak over redirect-to proxy\n  * CVE-2026-5773: wrong reuse of SMB connection\n  * CVE-2026-5545: wrong reuse of HTTP Negotiate connection\n  * CVE-2026-4873: connection reuse ignores TLS requirement"},{"time":1773230400,"author":"Anton Farygin <rider@altlinux.org>","evr":"8.19.0-alt1","text":"- 8.18.0 -> 8.19.0\n- Fixes:\n  * CVE-2026-3805: use after free in SMB connection reuse\n  * CVE-2026-3784: wrong proxy connection reuse with credentials\n  * CVE-2026-3783: token leak with redirect and netrc\n  * CVE-2026-1965: bad reuse of HTTP Negotiate connection"},{"time":1767960000,"author":"Anton Farygin <rider@altlinux.org>","evr":"8.18.0-alt1","text":"- 8.17.0 -> 8.18.0\n- Fixes:\n  * CVE-2025-15224: libssh key passphrase bypass without agent set\n  * CVE-2025-15079: libssh global known_hosts override\n  * CVE-2025-14819: OpenSSL partial chain store policy bypass\n  * CVE-2025-14524: bearer token leak on cross-protocol redirect\n  * CVE-2025-14017: broken TLS options for threaded LDAPS\n  * CVE-2025-13034: No QUIC certificate pinning with GnuTLS"},{"time":1762344000,"author":"Anton Farygin <rider@altlinux.com>","evr":"8.17.0-alt1","text":"- 8.16.0 -> 8.17.0"},{"time":1757505600,"author":"Anton Farygin <rider@altlinux.com>","evr":"8.16.0-alt1","text":"- 8.15.0 -> 8.16.0 (Fixes:  CVE-2025-10148, CVE-2025-9086)"},{"time":1753185600,"author":"Anton Farygin <rider@altlinux.com>","evr":"8.15.0-alt1","text":"- 8.14.1 -> 8.15.0"},{"time":1750852800,"author":"Anton Farygin <rider@altlinux.com>","evr":"8.14.1-alt2","text":"- Added upstream patch to fix --ftp-pasv option (Closes: #54927)"},{"time":1749038400,"author":"Anton Farygin <rider@altlinux.com>","evr":"8.14.1-alt1","text":"- 8.14.0 -> 8.14.1 (Fixes: CVE-2025-5399)\n- turned on more tests"},{"time":1748433600,"author":"Anton Farygin <rider@altlinux.com>","evr":"8.14.0-alt1","text":"- 8.13.0 -> 8.14.0"},{"time":1743595200,"author":"Anton Farygin <rider@altlinux.com>","evr":"8.13.0-alt1","text":"- 8.12.1 -> 8.13.0"},{"time":1739448000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.12.1-alt1","text":"- 8.12.0 -> 8.12.1"},{"time":1738756800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.12.0-alt1","text":"- 8.11.1 -> 8.12.0 (Fixes:  CVE-2025-0665, CVE-2025-0167, CVE-2025-0725)"},{"time":1733918400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.11.1-alt1","text":"- 8.11.0 -> 8.11.1 (Fixes: CVE-2024-11053)"},{"time":1732968000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.11.0-alt2","text":"- applied upstream commit f5c6169 to fix regression\n  with netrc (Closes: #52093)"},{"time":1730894400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.11.0-alt1","text":"- 8.10.0 -> 8.11.0 (Fixes: CVE-2024-9681)"},{"time":1726056000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.10.0-alt1","text":"- 8.9.1 -> 8.10.0 (Fixes: CVE-2024-8096)"},{"time":1722427200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.9.1-alt1","text":"- 8.9.0 -> 8.9.1 (Fixes: CVE-2024-7264)"},{"time":1721822400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.9.0-alt1","text":"- 8.8.0 -> 8.9.0 (Fixes: CVE-2024-6874, CVE-2024-6197)"},{"time":1719835200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.8.0-alt1","text":"- 8.7.1 -> 8.0.0 (Closes: #49883)"},{"time":1713960000,"author":"Andrey Cherepanov <cas@altlinux.org>","evr":"8.7.1-alt2","text":"- NMU: build with --enable-versioned-symbols"},{"time":1711540800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.7.1-alt1","text":"- 8.6.0 -> 8.7.1\n- Fixes:\n   * CVE-2024-2398: HTTP/2 push headers memory-leak\n   * CVE-2024-2004: Usage of disabled protocol"},{"time":1706702400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.6.0-alt1","text":"- 8.5.0 -> 8.6.0\n- Fixes:\n   * CVE-2024-0853 : OCSP verification bypass with TLS session reuse"},{"time":1701864000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.5.0-alt1","text":"- 8.4.0 -> 8.5.0\n- Fixes:\n   * CVE-2023-46218: cookie mixed case PSL bypass\n   * CVE-2023-46219: HSTS long file name clears contents"},{"time":1697025600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.4.0-alt1","text":"- 8.3.0 -> 8.4.0\n- Fixes:\n   * CVE-2023-38545: SOCKS5 heap buffer overflow\n   * CVE-2023-38546"},{"time":1694606400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.3.0-alt1","text":"- 8.2.1 -> 8.3.0\n- Fixes:\n   * CVE-2023-38039 HTTP headers eat all memory\n- relaxed check on armh"},{"time":1690372800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.2.1-alt1","text":"- 8.2.0 -> 8.2.1"},{"time":1689768000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.2.0-alt1","text":"- 8.1.2 -> 8.2.0\n- Fixes:\n   * CVE-2023-32001 fopen race condition"},{"time":1687694400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.1.2-alt2","text":"- built with ngtcp 0.16 and nghttp3 (apply patches from upstream git)"},{"time":1685448000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.1.2-alt1","text":"- 8.1.0 -> 8.1.2"},{"time":1684411200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.1.0-alt2","text":"- built with Gnutls only if QUIC is available"},{"time":1684411200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.1.0-alt1","text":"- 8.0.1 -> 8.1.0\n- descreased the number of tests: apache2-* was removed from BuildRequires to\n  avoid circular dependencies curl -> apache2-mods -> libcurl\n- Fixes:\n   * CVE-2023-28319 UAF in SSH sha256 fingerprint check\n   * CVE-2023-28320 siglongjmp race condition\n   * CVE-2023-28321 IDN wildcard match\n   * CVE-2023-28322 more POST-after-PUT confusion"},{"time":1679400000,"author":"Alexey Shabalin <shaba@altlinux.org>","evr":"8.0.1-alt2","text":"- disable build static library\n- fix configure options\n- fix build with libssh2\n- build with WebSockets support\n- build with gnutls instead of openssl, and build with http3 support\n- increased the number of tests to be execute"},{"time":1679313600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.0.1-alt1","text":"- 8.0.0 -> 8.0.1"},{"time":1679313600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.0.0-alt1","text":"- 7.88.1 -> 8.0.0 (Fixes:  CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536,\n   CVE-2023-27537, CVE-2023-27538)"},{"time":1676894400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.88.1-alt1","text":"- 7.88.0 -> 7.88.1"},{"time":1676462400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.88.0-alt1","text":"- 7.87.0 -> 7.88.0 (Closes: #45281)\n- Fixes:\n  * CVE-2023-23914: HSTS ignored on multiple requests\n  * CVE-2023-23915: HSTS amnesia with --parallel\n  * CVE-2023-23916: HTTP multi-header compression denial of service"},{"time":1671624000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.87.0-alt1","text":"- 7.86.0 -> 7.87.0\n- Fixes:\n  * CVE-2022-43551: Another HSTS bypass via IDN\n  * CVE-2022-43552: HTTP Proxy deny use-after-free"},{"time":1666785600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.86.0-alt1","text":"- 7.85.0 -> 7.86.0\n- Fixes:\n  * CVE-2022-32221: POST following PUT confusion\n  * CVE-2022-35260: .netrc parser out-of-bounds access\n  * CVE-2022-42915: HTTP proxy double-free\n  * CVE-2022-42916: HSTS bypass via IDN"},{"time":1661947200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.85.0-alt1","text":"- 7.84.0 -> 7.85.0\n- Fixes:\n  * CVE-2022-35252: control code in cookie denial of service"},{"time":1660132800,"author":"Egor Ignatov <egori@altlinux.org>","evr":"7.84.0-alt2","text":"- backport upstream fixes:\n  + lib3026: reduce the number of threads to 100 (#9172)\n  + easy_lock.h: include sched.h if available to fix build (#9054)"},{"time":1656331200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.84.0-alt1","text":"- 7.84.0\n- Fixes:\n  * CVE-2022-32208: FTP-KRB bad message verification\n  * CVE-2022-32207: Unpreserved file permissions\n  * CVE-2022-32206: HTTP compression denial of service\n  * CVE-2022-32205: Set-Cookie denial of service"},{"time":1652270400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.83.1-alt1","text":"- 7.83.1\n- Fixes:\n  * CVE-2022-30115: HSTS bypass via trailing dot\n  * CVE-2022-27782: TLS and SSH connection too eager reuse\n  * CVE-2022-27781: CERTINFO never-ending busy-loop\n  * CVE-2022-27780: percent-encoded path separator in URL host\n  * CVE-2022-27779: cookie for trailing dot TLD\n  * CVE-2022-27778: curl removes wrong file on error"},{"time":1651147200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.83.0-alt1","text":"- 7.83.0 (Fixes: CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776)"},{"time":1646827200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.82.0-alt1","text":"- 7.81.0 -> 7.82.0"},{"time":1641643200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.81.0-alt2","text":"- disabled rewindaftersend logic for auth via kerberos to resolve problems with\n  hdfs (fix for curl issue #8264)"},{"time":1641384000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.81.0-alt1","text":"- 7.80.0 -> 7.81.0"},{"time":1637409600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.80.0-alt1","text":"- 7.79.1 -> 7.80.0"},{"time":1632571200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.79.1-alt1","text":"- 7.79.1"},{"time":1632225600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.79.0-alt2","text":"- added patches from curl upstream:\n  * b2e72d2 http: fix the broken >3 digit response code detection\n  * e0742ce Curl_http2_setup: don't change connection data on repeat invokes"},{"time":1631707200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.79.0-alt1","text":"- 7.79.0\n- Fixes:\n  * CVE-2021-22945 clear the leftovers pointer when sending succeeds\n  * CVE-2021-22946 do not ignore --ssl-reqd\n  * CVE-2021-22947 reject STARTTLS server response pipelining"},{"time":1631275200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.78.0-alt2","text":"- fixed FTBFS via -ffat-lto-objects"},{"time":1627387200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.78.0-alt1","text":"- 7.78.0"},{"time":1622030400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.77.0-alt1","text":"- 7.77.0\n- Fixes:\n  * CVE-2021-22897 schannel cipher selection surprise\n  * CVE-2021-22898 TELNET stack contents disclosure\n  * CVE-2021-22901 TLS session caching disaster"},{"time":1618488000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.76.1-alt1","text":"- 7.76.1"},{"time":1617192000,"author":"Anton Farygin <rider@altlinux.org>","evr":"7.76.0-alt1","text":"- 7.76.0\n- Fixes:\n  * CVE-2021-22876 strip credentials from the auto-referer header field\n  * CVE-2021-22890 add 'isproxy' argument to Curl_ssl_get/addsessionid()"},{"time":1614254400,"author":"Anton Farygin <rider@altlinux.org>","evr":"7.75.0-alt1","text":"- 7.75.0"},{"time":1609329600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.74.0-alt1","text":"- 7.74.0\n- Fixes:\n  * CVE-2020-8286 Inferior OCSP verification\n  * CVE-2020-8285 FTP wildcard stack overflow\n  * CVE-2020-8284 trusting FTP PASV responses"},{"time":1602676800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.73.0-alt1","text":"- 7.73.0"},{"time":1597838400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.72.0-alt1","text":"- 7.72.0\n- fixes:\n  * CVE-2020-8231: libcurl: wrong connect-only connection"},{"time":1593777600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.71.1-alt1","text":"- 7.71.1\n- add python3 to BR for tests"},{"time":1593000000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.71.0-alt1","text":"- 7.71.0\n- fixes:\n  * CVE-2020-8177: curl overwrite local file with -J\n  * CVE-2020-8169: Partial password leak over DNS on HTTP redirect"},{"time":1588161600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.70.0-alt1","text":"- 7.70.0\n- removed DEV from version string (with maketgz script)"},{"time":1583928000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.69.1-alt1","text":"- 7.69.1"},{"time":1583928000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.69.0-alt1","text":"- 7.69.0"},{"time":1578657600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.68.0-alt1","text":"- 7.68.0"},{"time":1573473600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.67.0-alt1","text":"- 7.67.0"},{"time":1568203200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.66.0-alt1","text":"- 7.66.0\n- fixes:\n * CVE-2019-5481: FTP-KRB double-free \n * CVE-2019-5482: TFTP small blocksize heap buffer overflow"},{"time":1563883200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.65.3-alt1","text":"- 7.65.3"},{"time":1559736000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.65.1-alt1","text":"- 7.65.1"},{"time":1558526400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.65.0-alt1","text":"- 7.65.0\n- fixes:\n  * CVE-2019-5435: Integer overflows in curl_url_set\n  * CVE-2019-5436: tftp: use the current blksize for recvfrom"},{"time":1553774400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.64.1-alt1","text":"- 7.64.1"},{"time":1552564800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.64.0-alt2","text":"- increased level of verbosity in make check stage"},{"time":1549454400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.64.0-alt1","text":"- 7.64.0\n- fixes:\n  * CVE-2018-16890: NTLM type-2 out-of-bounds buffer read\n  * CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow\n  * CVE-2019-3823: SMTP end-of-response out-of-bounds read"},{"time":1544616000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.63.0-alt1","text":"- 7.63.0"},{"time":1542196800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.62.0-alt3","text":"- enabled idn support (closes: #34103)\n- enabled ldap support\n- enabled brotli support"},{"time":1541073600,"author":"Michael Shigorin <mike@altlinux.org>","evr":"7.62.0-alt2","text":"- added nghttp2 knob (on by default)"},{"time":1540987200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.62.0-alt1","text":"- 7.62.0 \n- fixes:\n  * CVE-2018-16839 - buffer overrun in the SASL authentication code. \n  * CVE-2018-16840 - use-after-free in handle close\n  * CVE-2018-16842 - warning message out-of-buffer read"},{"time":1539259200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.61.1-alt2","text":"- enabled HTTP/2 support"},{"time":1536494400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.61.1-alt1","text":"- 7.61.1 (fixes: CVE-2018-14618)"},{"time":1534420800,"author":"Gleb F-Malinovskiy <glebfm@altlinux.org>","evr":"7.61.0-alt2","text":"- Rebuilt with openssl 1.1.\n- Added BR: libkrb5-devel."},{"time":1531828800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.61.0-alt1","text":"- 7.61.0\n- fixes:\n  * CVE-2018-0500 SMTP send heap buffer overflow"},{"time":1526472000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.60.0-alt1","text":"- 7.60.0 \n- fixes:\n  * CVE-2018-1000300 FTP shutdown response buffer overflow\n  * CVE-2018-1000301 RTSP bad headers buffer over-read"},{"time":1522497600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.59.0-alt1","text":"- new version \n- fixes: \n  * CVE-2018-1000120 FTP path trickery leads to NIL byte out of bounds write\n  * CVE-2018-1000121 LDAP NULL pointer dereference\n  * CVE-2018-1000122  RTSP RTP buffer over-read"},{"time":1516795200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.58.0-alt1","text":"- new version\n- fixes:\n  * CVE-2018-1000005 HTTP/2 trailer out-of-bounds read\n  * CVE-2018-1000007 HTTP authentication leak in redirects"},{"time":1512129600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.57.0-alt1","text":"- new version\n- fixes:\n  * CVE-2017-8818 SSL out of buffer access\n  * CVE-2017-8817 FTP wildcard out of bounds read\n  * CVE-2017-8816 NTLM buffer overflow via integer overflow"},{"time":1508760000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.56.1-alt1","text":"- new version\n- fixes:\n  * CVE-2017-1000257 libcurl contains a buffer overrun flaw in the IMAP handler"},{"time":1507118400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.56.0-alt1","text":"- new version\n- fixes:\n  * CVE-2017-1000254 libcurl may read outside of a heap allocated buffer when doing FTP."},{"time":1502712000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.55.1-alt1","text":"- new version"},{"time":1502280000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.55.0-alt1","text":"- new version with following security fixes:\n   * CVE-2017-1000101 glob: do not parse after a strtoul() overflow range\n   * CVE-2017-1000100 tftp: reject file name lengths that don't fit\n   * CVE-2017-1000099 file: output the correct buffer to the user"},{"time":1497441600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.54.1-alt1","text":"- new version with security fixes:\n  CVE-2017-9502: URL file scheme drive letter buffer overflow"},{"time":1492603200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.54.0-alt1","text":"- new version with security fixes:\n  CVE-2016-5419: TLS session resumption client cert bypass (again)"},{"time":1488196800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.53.1-alt1","text":"- new version"},{"time":1487764800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.53.0-alt1","text":"- new version with security fixes:\n  CVE-2017-2629: SSL_VERIFYSTATUS ignored"},{"time":1482494400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.52.1-alt1","text":"- new version with security fixes:\n  CVE-2016-9594: uninitialized random"},{"time":1482321600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.52.0-alt1","text":"- new version with security fixes:\n  CVE-2016-9586: printf floating point buffer overflow"},{"time":1481112000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.51.0-alt2","text":"- enabled gssapi (closes: #32862)"},{"time":1478088000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.51.0-alt1","text":"- new version with security fixes:\n  CVE-2016-8615: cookie injection for other servers \n  CVE-2016-8616: case insensitive password comparison \n  CVE-2016-8617: OOB write via unchecked multiplication \n  CVE-2016-8618: double-free in curl_maprintf \n  CVE-2016-8619: double-free in krb5 code \n  CVE-2016-8620: glob parser write/read out of bounds \n  CVE-2016-8621: curl_getdate read out of bounds \n  CVE-2016-8622: URL unescape heap overflow via integer truncation \n  CVE-2016-8623: Use-after-free via shared cookies \n  CVE-2016-8624: invalid URL parsing with '#'\n  CVE-2016-8625: IDNA 2003 makes curl use wrong host"},{"time":1477569600,"author":"Vladimir D. Seleznev <vseleznv@altlinux.org>","evr":"7.50.3-alt2","text":"- libcurl-devel: packaged libcurl.m4"},{"time":1473854400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.50.3-alt1","text":"- new version with security fixes (CVE-2016-7167)"},{"time":1473422400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.50.2-alt1","text":"- new version"},{"time":1472212800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.50.1-alt1","text":"- new version"},{"time":1469102400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.50.0-alt1","text":"- new version"},{"time":1464609600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.49.1-alt1","text":"- new version"},{"time":1464004800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.49.0-alt1","text":"- new version"},{"time":1458820800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.48.0-alt1","text":"- new version"},{"time":1457784000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.47.1-alt1","text":"- new version"},{"time":1450008000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.46.0-alt2","text":"- enabled http2 support (closes: #31617)"},{"time":1449489600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.46.0-alt1","text":"- new version"},{"time":1445169600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.45.0-alt1","text":"- new version"},{"time":1434715200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.43.0-alt1","text":"- new version, with fixes for CVE-2015-3236, CVE-2015-3237"},{"time":1430308800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.42.1-alt1","text":"- new version, with fixes for CVE-2015-3153"},{"time":1429704000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.42.0-alt1","text":"- new version, with fixes for CVE-2015-3148, CVE-2015-3143, CVE-2015-3145 \n  and CVE-2015-3144"},{"time":1424865600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.41.0-alt1","text":"- new version"},{"time":1421236800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.40.0-alt1","text":"- new version"},{"time":1415188800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.39.0-alt1","text":"- new version"},{"time":1414670400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.38.0-alt2","text":"- threaded-resolver: revert Curl_expire_latest() switch (closes: #30427)"},{"time":1410350400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.38.0-alt1","text":"- new version"},{"time":1406203200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.37.1-alt1","text":"- new version"},{"time":1402056000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.37.0-alt1","text":"- new version"},{"time":1395835200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.36.0-alt1","text":"- new version\n- added watch file"},{"time":1392379200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.35.0-alt2","text":"- test172 fixed by upstream"},{"time":1390996800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.35.0-alt1","text":"- new version"},{"time":1387281600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.34.0-alt1","text":"- new version"},{"time":1382529600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.33.0-alt1","text":"- new version"},{"time":1376654400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.32.0-alt1","text":"- new version"},{"time":1372075200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.31.0-alt1","text":"- new version"},{"time":1366113600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.30.0-alt1","text":"- new version"},{"time":1360584000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.29.0-alt2","text":"- Fix NULL pointer reference when closing an unused multi handle (closes: #28534)"},{"time":1360152000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.29.0-alt1","text":"- new version"},{"time":1347969600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.27.0-alt1","text":"- new version"},{"time":1338292800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.26.0-alt1","text":"- new version"},{"time":1327406400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.24.0-alt1","text":"- new version (fixes two separate security vulnerabilities)"},{"time":1322136000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.23.1-alt1","text":"- new version"},{"time":1316174400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.22.0-alt1","text":"- new version"},{"time":1309176000,"author":"Gleb F-Malinovskiy <glebfm@altlinux.org>","evr":"7.21.7-alt1","text":"- new version (CVE-2011-2192)"},{"time":1303560000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.6-alt1","text":"- new version"},{"time":1303128000,"author":"Gleb F-Malinovskiy <glebfm@altlinux.org>","evr":"7.21.5-alt2","text":"- fix curl-config script:\n + version: replace VERSION with CURLVERSION\n + checkfor: add Requires: bc"},{"time":1303128000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.5-alt1","text":"- new version"},{"time":1300190400,"author":"Alexey Tourbin <at@altlinux.ru>","evr":"7.21.4-alt2","text":"- libcurl-devel: removed dependencies on libidn-devel libssl-devel zlib-devel\n- applied debug.patch from Fedora to enable -g in CFLAGS"},{"time":1298721600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.4-alt1","text":"- new version\n- enabled test check"},{"time":1297166400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.3-alt1","text":"- new version\n- test suite temporary disabled (it does not work in hasher)"},{"time":1286971200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.2-alt1","text":"- new version"},{"time":1285934400,"author":"Dmitry V. Levin <ldv@altlinux.org>","evr":"7.21.1-alt3","text":"- Removed unused requirement on libcares.\n- Cleaned up package descriptions.\n- Enabled test suite.\n- Built with libssl.so.10."},{"time":1282305600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.1-alt2","text":"- build without libcares (fixed #23891,#23486)"},{"time":1281614400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.1-alt1","text":"- new version\n- enabled build with libssh2"},{"time":1277812800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.0-alt1","text":"- new version"},{"time":1271332800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.20.1-alt1","text":"- new version"},{"time":1265889600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.20.0-alt1","text":"- new version"},{"time":1257681600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.7-alt1","text":"- new version"},{"time":1250164800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.6-alt1","text":"- new version (CVE-2009-2417)"},{"time":1236427200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.4-alt2","text":"- build curl with really external libcares (fixed #19097)"},{"time":1236081600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.4-alt1","text":"- new version (CVE-2009-0037)"},{"time":1234180800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.3-alt3","text":"- build from cvs"},{"time":1234180800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.3-alt2","text":"- curl-config --libs fixed (#18779)"},{"time":1233144000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.3-alt1","text":"- new version"},{"time":1226664000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.2-alt1","text":"- new version"}],"placements":[{"branch":"p11","component":"classic","arch":"x86_64","kind":"binary"}]},{"name":"curl","version":"8.21.0","release":"alt1","arch":"x86_64","epoch":null,"source_rpm":"curl-8.21.0-alt1.src.rpm","summary":"Gets a file from a FTP, GOPHER or HTTP server","description":"Curl is a client to get documents/files from servers, using any of the\nsupported protocols. The command is designed to work without user\ninteraction or any kind of interactivity.\n\nCurl offers a busload of useful tricks like proxy support, user\nauthentication, ftp upload, HTTP post, file transfer resume and more.","group":"Networking/File transfer","packager":"Anton Farygin <rider@altlinux.org>","buildtime":1782295653,"size":789173,"disttag":"sisyphus+422578.100.1.2","filename":"curl-8.21.0-alt1.x86_64.rpm","filesize":279496,"deps":{"provides":[{"name":"curl","version":"8.21.0-alt1:sisyphus+422578.100.1.2","flags":8}],"requires":[{"name":"/bin/sh","version":"","flags":16384},{"name":"/lib64/ld-linux-x86-64.so.2","version":"","flags":16384},{"name":"coreutils","version":"","flags":16384},{"name":"sed","version":"","flags":16384},{"name":"libcurl","version":"8.21.0-alt1:sisyphus+422578.100.1.2","flags":16392},{"name":"rpmlib(PayloadIsLzma)","version":"","flags":16777280}],"conflicts":[],"obsoletes":[]},"files":["/usr/bin/curl","/usr/bin/wcurl"],"changelog":[{"time":1782302400,"author":"Anton Farygin <rider@altlinux.org>","evr":"8.21.0-alt1","text":"- 8.20.0 -> 8.21.0\n- Fixes:\n  * CVE-2026-12064: proto-default skips SSH verification\n  * CVE-2026-11856: cross-origin Digest auth state leak\n  * CVE-2026-11586: WS Auto-PONG memory exhaustion\n  * CVE-2026-11564: Native CA trust persist\n  * CVE-2026-11352: QUIC zero-length UDP datagrams busy-loop\n  * CVE-2026-10536: HTTP/2 stream-dependency tree UAF\n  * CVE-2026-9547: SSH improper host validation\n  * CVE-2026-9546: sending old referer\n  * CVE-2026-9545: exposing HTTP/3 early data\n  * CVE-2026-9080: UAF after pause in socket callback\n  * CVE-2026-9079: stale proxy password leak\n  * CVE-2026-8932: incomplete mTLS config matching in conn reuse\n  * CVE-2026-8927: env-set cross-proxy Digest auth state leak\n  * CVE-2026-8926: password leak with netrc and user in URL\n  * CVE-2026-8925: SASL double-free\n  * CVE-2026-8924: trailing dot domain super cookie\n  * CVE-2026-8458: wrong reuse for different services\n  * CVE-2026-8286: wrong STARTTLS connection reuse"},{"time":1777464000,"author":"Anton Farygin <rider@altlinux.org>","evr":"8.20.0-alt1","text":"- 8.19.0 -> 8.20.0\n- Fixes:\n  * CVE-2026-7168: cross-proxy Digest auth state leak\n  * CVE-2026-7009: OCSP stapling bypass with Apple SecTrust\n  * CVE-2026-6429: netrc credential leak with reused proxy connection\n  * CVE-2026-6276: stale custom cookie host causes cookie leak\n  * CVE-2026-6253: proxy credentials leak over redirect-to proxy\n  * CVE-2026-5773: wrong reuse of SMB connection\n  * CVE-2026-5545: wrong reuse of HTTP Negotiate connection\n  * CVE-2026-4873: connection reuse ignores TLS requirement"},{"time":1773230400,"author":"Anton Farygin <rider@altlinux.org>","evr":"8.19.0-alt1","text":"- 8.18.0 -> 8.19.0\n- Fixes:\n  * CVE-2026-3805: use after free in SMB connection reuse\n  * CVE-2026-3784: wrong proxy connection reuse with credentials\n  * CVE-2026-3783: token leak with redirect and netrc\n  * CVE-2026-1965: bad reuse of HTTP Negotiate connection"},{"time":1767960000,"author":"Anton Farygin <rider@altlinux.org>","evr":"8.18.0-alt1","text":"- 8.17.0 -> 8.18.0\n- Fixes:\n  * CVE-2025-15224: libssh key passphrase bypass without agent set\n  * CVE-2025-15079: libssh global known_hosts override\n  * CVE-2025-14819: OpenSSL partial chain store policy bypass\n  * CVE-2025-14524: bearer token leak on cross-protocol redirect\n  * CVE-2025-14017: broken TLS options for threaded LDAPS\n  * CVE-2025-13034: No QUIC certificate pinning with GnuTLS"},{"time":1762344000,"author":"Anton Farygin <rider@altlinux.com>","evr":"8.17.0-alt1","text":"- 8.16.0 -> 8.17.0"},{"time":1757505600,"author":"Anton Farygin <rider@altlinux.com>","evr":"8.16.0-alt1","text":"- 8.15.0 -> 8.16.0 (Fixes:  CVE-2025-10148, CVE-2025-9086)"},{"time":1753185600,"author":"Anton Farygin <rider@altlinux.com>","evr":"8.15.0-alt1","text":"- 8.14.1 -> 8.15.0"},{"time":1750852800,"author":"Anton Farygin <rider@altlinux.com>","evr":"8.14.1-alt2","text":"- Added upstream patch to fix --ftp-pasv option (Closes: #54927)"},{"time":1749038400,"author":"Anton Farygin <rider@altlinux.com>","evr":"8.14.1-alt1","text":"- 8.14.0 -> 8.14.1 (Fixes: CVE-2025-5399)\n- turned on more tests"},{"time":1748433600,"author":"Anton Farygin <rider@altlinux.com>","evr":"8.14.0-alt1","text":"- 8.13.0 -> 8.14.0"},{"time":1743595200,"author":"Anton Farygin <rider@altlinux.com>","evr":"8.13.0-alt1","text":"- 8.12.1 -> 8.13.0"},{"time":1739448000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.12.1-alt1","text":"- 8.12.0 -> 8.12.1"},{"time":1738756800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.12.0-alt1","text":"- 8.11.1 -> 8.12.0 (Fixes:  CVE-2025-0665, CVE-2025-0167, CVE-2025-0725)"},{"time":1733918400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.11.1-alt1","text":"- 8.11.0 -> 8.11.1 (Fixes: CVE-2024-11053)"},{"time":1732968000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.11.0-alt2","text":"- applied upstream commit f5c6169 to fix regression\n  with netrc (Closes: #52093)"},{"time":1730894400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.11.0-alt1","text":"- 8.10.0 -> 8.11.0 (Fixes: CVE-2024-9681)"},{"time":1726056000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.10.0-alt1","text":"- 8.9.1 -> 8.10.0 (Fixes: CVE-2024-8096)"},{"time":1722427200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.9.1-alt1","text":"- 8.9.0 -> 8.9.1 (Fixes: CVE-2024-7264)"},{"time":1721822400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.9.0-alt1","text":"- 8.8.0 -> 8.9.0 (Fixes: CVE-2024-6874, CVE-2024-6197)"},{"time":1719835200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.8.0-alt1","text":"- 8.7.1 -> 8.0.0 (Closes: #49883)"},{"time":1713960000,"author":"Andrey Cherepanov <cas@altlinux.org>","evr":"8.7.1-alt2","text":"- NMU: build with --enable-versioned-symbols"},{"time":1711540800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.7.1-alt1","text":"- 8.6.0 -> 8.7.1\n- Fixes:\n   * CVE-2024-2398: HTTP/2 push headers memory-leak\n   * CVE-2024-2004: Usage of disabled protocol"},{"time":1706702400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.6.0-alt1","text":"- 8.5.0 -> 8.6.0\n- Fixes:\n   * CVE-2024-0853 : OCSP verification bypass with TLS session reuse"},{"time":1701864000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.5.0-alt1","text":"- 8.4.0 -> 8.5.0\n- Fixes:\n   * CVE-2023-46218: cookie mixed case PSL bypass\n   * CVE-2023-46219: HSTS long file name clears contents"},{"time":1697025600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.4.0-alt1","text":"- 8.3.0 -> 8.4.0\n- Fixes:\n   * CVE-2023-38545: SOCKS5 heap buffer overflow\n   * CVE-2023-38546"},{"time":1694606400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.3.0-alt1","text":"- 8.2.1 -> 8.3.0\n- Fixes:\n   * CVE-2023-38039 HTTP headers eat all memory\n- relaxed check on armh"},{"time":1690372800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.2.1-alt1","text":"- 8.2.0 -> 8.2.1"},{"time":1689768000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.2.0-alt1","text":"- 8.1.2 -> 8.2.0\n- Fixes:\n   * CVE-2023-32001 fopen race condition"},{"time":1687694400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.1.2-alt2","text":"- built with ngtcp 0.16 and nghttp3 (apply patches from upstream git)"},{"time":1685448000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.1.2-alt1","text":"- 8.1.0 -> 8.1.2"},{"time":1684411200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.1.0-alt2","text":"- built with Gnutls only if QUIC is available"},{"time":1684411200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.1.0-alt1","text":"- 8.0.1 -> 8.1.0\n- descreased the number of tests: apache2-* was removed from BuildRequires to\n  avoid circular dependencies curl -> apache2-mods -> libcurl\n- Fixes:\n   * CVE-2023-28319 UAF in SSH sha256 fingerprint check\n   * CVE-2023-28320 siglongjmp race condition\n   * CVE-2023-28321 IDN wildcard match\n   * CVE-2023-28322 more POST-after-PUT confusion"},{"time":1679400000,"author":"Alexey Shabalin <shaba@altlinux.org>","evr":"8.0.1-alt2","text":"- disable build static library\n- fix configure options\n- fix build with libssh2\n- build with WebSockets support\n- build with gnutls instead of openssl, and build with http3 support\n- increased the number of tests to be execute"},{"time":1679313600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.0.1-alt1","text":"- 8.0.0 -> 8.0.1"},{"time":1679313600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.0.0-alt1","text":"- 7.88.1 -> 8.0.0 (Fixes:  CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536,\n   CVE-2023-27537, CVE-2023-27538)"},{"time":1676894400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.88.1-alt1","text":"- 7.88.0 -> 7.88.1"},{"time":1676462400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.88.0-alt1","text":"- 7.87.0 -> 7.88.0 (Closes: #45281)\n- Fixes:\n  * CVE-2023-23914: HSTS ignored on multiple requests\n  * CVE-2023-23915: HSTS amnesia with --parallel\n  * CVE-2023-23916: HTTP multi-header compression denial of service"},{"time":1671624000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.87.0-alt1","text":"- 7.86.0 -> 7.87.0\n- Fixes:\n  * CVE-2022-43551: Another HSTS bypass via IDN\n  * CVE-2022-43552: HTTP Proxy deny use-after-free"},{"time":1666785600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.86.0-alt1","text":"- 7.85.0 -> 7.86.0\n- Fixes:\n  * CVE-2022-32221: POST following PUT confusion\n  * CVE-2022-35260: .netrc parser out-of-bounds access\n  * CVE-2022-42915: HTTP proxy double-free\n  * CVE-2022-42916: HSTS bypass via IDN"},{"time":1661947200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.85.0-alt1","text":"- 7.84.0 -> 7.85.0\n- Fixes:\n  * CVE-2022-35252: control code in cookie denial of service"},{"time":1660132800,"author":"Egor Ignatov <egori@altlinux.org>","evr":"7.84.0-alt2","text":"- backport upstream fixes:\n  + lib3026: reduce the number of threads to 100 (#9172)\n  + easy_lock.h: include sched.h if available to fix build (#9054)"},{"time":1656331200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.84.0-alt1","text":"- 7.84.0\n- Fixes:\n  * CVE-2022-32208: FTP-KRB bad message verification\n  * CVE-2022-32207: Unpreserved file permissions\n  * CVE-2022-32206: HTTP compression denial of service\n  * CVE-2022-32205: Set-Cookie denial of service"},{"time":1652270400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.83.1-alt1","text":"- 7.83.1\n- Fixes:\n  * CVE-2022-30115: HSTS bypass via trailing dot\n  * CVE-2022-27782: TLS and SSH connection too eager reuse\n  * CVE-2022-27781: CERTINFO never-ending busy-loop\n  * CVE-2022-27780: percent-encoded path separator in URL host\n  * CVE-2022-27779: cookie for trailing dot TLD\n  * CVE-2022-27778: curl removes wrong file on error"},{"time":1651147200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.83.0-alt1","text":"- 7.83.0 (Fixes: CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776)"},{"time":1646827200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.82.0-alt1","text":"- 7.81.0 -> 7.82.0"},{"time":1641643200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.81.0-alt2","text":"- disabled rewindaftersend logic for auth via kerberos to resolve problems with\n  hdfs (fix for curl issue #8264)"},{"time":1641384000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.81.0-alt1","text":"- 7.80.0 -> 7.81.0"},{"time":1637409600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.80.0-alt1","text":"- 7.79.1 -> 7.80.0"},{"time":1632571200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.79.1-alt1","text":"- 7.79.1"},{"time":1632225600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.79.0-alt2","text":"- added patches from curl upstream:\n  * b2e72d2 http: fix the broken >3 digit response code detection\n  * e0742ce Curl_http2_setup: don't change connection data on repeat invokes"},{"time":1631707200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.79.0-alt1","text":"- 7.79.0\n- Fixes:\n  * CVE-2021-22945 clear the leftovers pointer when sending succeeds\n  * CVE-2021-22946 do not ignore --ssl-reqd\n  * CVE-2021-22947 reject STARTTLS server response pipelining"},{"time":1631275200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.78.0-alt2","text":"- fixed FTBFS via -ffat-lto-objects"},{"time":1627387200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.78.0-alt1","text":"- 7.78.0"},{"time":1622030400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.77.0-alt1","text":"- 7.77.0\n- Fixes:\n  * CVE-2021-22897 schannel cipher selection surprise\n  * CVE-2021-22898 TELNET stack contents disclosure\n  * CVE-2021-22901 TLS session caching disaster"},{"time":1618488000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.76.1-alt1","text":"- 7.76.1"},{"time":1617192000,"author":"Anton Farygin <rider@altlinux.org>","evr":"7.76.0-alt1","text":"- 7.76.0\n- Fixes:\n  * CVE-2021-22876 strip credentials from the auto-referer header field\n  * CVE-2021-22890 add 'isproxy' argument to Curl_ssl_get/addsessionid()"},{"time":1614254400,"author":"Anton Farygin <rider@altlinux.org>","evr":"7.75.0-alt1","text":"- 7.75.0"},{"time":1609329600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.74.0-alt1","text":"- 7.74.0\n- Fixes:\n  * CVE-2020-8286 Inferior OCSP verification\n  * CVE-2020-8285 FTP wildcard stack overflow\n  * CVE-2020-8284 trusting FTP PASV responses"},{"time":1602676800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.73.0-alt1","text":"- 7.73.0"},{"time":1597838400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.72.0-alt1","text":"- 7.72.0\n- fixes:\n  * CVE-2020-8231: libcurl: wrong connect-only connection"},{"time":1593777600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.71.1-alt1","text":"- 7.71.1\n- add python3 to BR for tests"},{"time":1593000000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.71.0-alt1","text":"- 7.71.0\n- fixes:\n  * CVE-2020-8177: curl overwrite local file with -J\n  * CVE-2020-8169: Partial password leak over DNS on HTTP redirect"},{"time":1588161600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.70.0-alt1","text":"- 7.70.0\n- removed DEV from version string (with maketgz script)"},{"time":1583928000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.69.1-alt1","text":"- 7.69.1"},{"time":1583928000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.69.0-alt1","text":"- 7.69.0"},{"time":1578657600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.68.0-alt1","text":"- 7.68.0"},{"time":1573473600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.67.0-alt1","text":"- 7.67.0"},{"time":1568203200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.66.0-alt1","text":"- 7.66.0\n- fixes:\n * CVE-2019-5481: FTP-KRB double-free \n * CVE-2019-5482: TFTP small blocksize heap buffer overflow"},{"time":1563883200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.65.3-alt1","text":"- 7.65.3"},{"time":1559736000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.65.1-alt1","text":"- 7.65.1"},{"time":1558526400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.65.0-alt1","text":"- 7.65.0\n- fixes:\n  * CVE-2019-5435: Integer overflows in curl_url_set\n  * CVE-2019-5436: tftp: use the current blksize for recvfrom"},{"time":1553774400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.64.1-alt1","text":"- 7.64.1"},{"time":1552564800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.64.0-alt2","text":"- increased level of verbosity in make check stage"},{"time":1549454400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.64.0-alt1","text":"- 7.64.0\n- fixes:\n  * CVE-2018-16890: NTLM type-2 out-of-bounds buffer read\n  * CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow\n  * CVE-2019-3823: SMTP end-of-response out-of-bounds read"},{"time":1544616000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.63.0-alt1","text":"- 7.63.0"},{"time":1542196800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.62.0-alt3","text":"- enabled idn support (closes: #34103)\n- enabled ldap support\n- enabled brotli support"},{"time":1541073600,"author":"Michael Shigorin <mike@altlinux.org>","evr":"7.62.0-alt2","text":"- added nghttp2 knob (on by default)"},{"time":1540987200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.62.0-alt1","text":"- 7.62.0 \n- fixes:\n  * CVE-2018-16839 - buffer overrun in the SASL authentication code. \n  * CVE-2018-16840 - use-after-free in handle close\n  * CVE-2018-16842 - warning message out-of-buffer read"},{"time":1539259200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.61.1-alt2","text":"- enabled HTTP/2 support"},{"time":1536494400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.61.1-alt1","text":"- 7.61.1 (fixes: CVE-2018-14618)"},{"time":1534420800,"author":"Gleb F-Malinovskiy <glebfm@altlinux.org>","evr":"7.61.0-alt2","text":"- Rebuilt with openssl 1.1.\n- Added BR: libkrb5-devel."},{"time":1531828800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.61.0-alt1","text":"- 7.61.0\n- fixes:\n  * CVE-2018-0500 SMTP send heap buffer overflow"},{"time":1526472000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.60.0-alt1","text":"- 7.60.0 \n- fixes:\n  * CVE-2018-1000300 FTP shutdown response buffer overflow\n  * CVE-2018-1000301 RTSP bad headers buffer over-read"},{"time":1522497600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.59.0-alt1","text":"- new version \n- fixes: \n  * CVE-2018-1000120 FTP path trickery leads to NIL byte out of bounds write\n  * CVE-2018-1000121 LDAP NULL pointer dereference\n  * CVE-2018-1000122  RTSP RTP buffer over-read"},{"time":1516795200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.58.0-alt1","text":"- new version\n- fixes:\n  * CVE-2018-1000005 HTTP/2 trailer out-of-bounds read\n  * CVE-2018-1000007 HTTP authentication leak in redirects"},{"time":1512129600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.57.0-alt1","text":"- new version\n- fixes:\n  * CVE-2017-8818 SSL out of buffer access\n  * CVE-2017-8817 FTP wildcard out of bounds read\n  * CVE-2017-8816 NTLM buffer overflow via integer overflow"},{"time":1508760000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.56.1-alt1","text":"- new version\n- fixes:\n  * CVE-2017-1000257 libcurl contains a buffer overrun flaw in the IMAP handler"},{"time":1507118400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.56.0-alt1","text":"- new version\n- fixes:\n  * CVE-2017-1000254 libcurl may read outside of a heap allocated buffer when doing FTP."},{"time":1502712000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.55.1-alt1","text":"- new version"},{"time":1502280000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.55.0-alt1","text":"- new version with following security fixes:\n   * CVE-2017-1000101 glob: do not parse after a strtoul() overflow range\n   * CVE-2017-1000100 tftp: reject file name lengths that don't fit\n   * CVE-2017-1000099 file: output the correct buffer to the user"},{"time":1497441600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.54.1-alt1","text":"- new version with security fixes:\n  CVE-2017-9502: URL file scheme drive letter buffer overflow"},{"time":1492603200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.54.0-alt1","text":"- new version with security fixes:\n  CVE-2016-5419: TLS session resumption client cert bypass (again)"},{"time":1488196800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.53.1-alt1","text":"- new version"},{"time":1487764800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.53.0-alt1","text":"- new version with security fixes:\n  CVE-2017-2629: SSL_VERIFYSTATUS ignored"},{"time":1482494400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.52.1-alt1","text":"- new version with security fixes:\n  CVE-2016-9594: uninitialized random"},{"time":1482321600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.52.0-alt1","text":"- new version with security fixes:\n  CVE-2016-9586: printf floating point buffer overflow"},{"time":1481112000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.51.0-alt2","text":"- enabled gssapi (closes: #32862)"},{"time":1478088000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.51.0-alt1","text":"- new version with security fixes:\n  CVE-2016-8615: cookie injection for other servers \n  CVE-2016-8616: case insensitive password comparison \n  CVE-2016-8617: OOB write via unchecked multiplication \n  CVE-2016-8618: double-free in curl_maprintf \n  CVE-2016-8619: double-free in krb5 code \n  CVE-2016-8620: glob parser write/read out of bounds \n  CVE-2016-8621: curl_getdate read out of bounds \n  CVE-2016-8622: URL unescape heap overflow via integer truncation \n  CVE-2016-8623: Use-after-free via shared cookies \n  CVE-2016-8624: invalid URL parsing with '#'\n  CVE-2016-8625: IDNA 2003 makes curl use wrong host"},{"time":1477569600,"author":"Vladimir D. Seleznev <vseleznv@altlinux.org>","evr":"7.50.3-alt2","text":"- libcurl-devel: packaged libcurl.m4"},{"time":1473854400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.50.3-alt1","text":"- new version with security fixes (CVE-2016-7167)"},{"time":1473422400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.50.2-alt1","text":"- new version"},{"time":1472212800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.50.1-alt1","text":"- new version"},{"time":1469102400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.50.0-alt1","text":"- new version"},{"time":1464609600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.49.1-alt1","text":"- new version"},{"time":1464004800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.49.0-alt1","text":"- new version"},{"time":1458820800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.48.0-alt1","text":"- new version"},{"time":1457784000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.47.1-alt1","text":"- new version"},{"time":1450008000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.46.0-alt2","text":"- enabled http2 support (closes: #31617)"},{"time":1449489600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.46.0-alt1","text":"- new version"},{"time":1445169600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.45.0-alt1","text":"- new version"},{"time":1434715200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.43.0-alt1","text":"- new version, with fixes for CVE-2015-3236, CVE-2015-3237"},{"time":1430308800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.42.1-alt1","text":"- new version, with fixes for CVE-2015-3153"},{"time":1429704000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.42.0-alt1","text":"- new version, with fixes for CVE-2015-3148, CVE-2015-3143, CVE-2015-3145 \n  and CVE-2015-3144"},{"time":1424865600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.41.0-alt1","text":"- new version"},{"time":1421236800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.40.0-alt1","text":"- new version"},{"time":1415188800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.39.0-alt1","text":"- new version"},{"time":1414670400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.38.0-alt2","text":"- threaded-resolver: revert Curl_expire_latest() switch (closes: #30427)"},{"time":1410350400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.38.0-alt1","text":"- new version"},{"time":1406203200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.37.1-alt1","text":"- new version"},{"time":1402056000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.37.0-alt1","text":"- new version"},{"time":1395835200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.36.0-alt1","text":"- new version\n- added watch file"},{"time":1392379200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.35.0-alt2","text":"- test172 fixed by upstream"},{"time":1390996800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.35.0-alt1","text":"- new version"},{"time":1387281600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.34.0-alt1","text":"- new version"},{"time":1382529600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.33.0-alt1","text":"- new version"},{"time":1376654400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.32.0-alt1","text":"- new version"},{"time":1372075200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.31.0-alt1","text":"- new version"},{"time":1366113600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.30.0-alt1","text":"- new version"},{"time":1360584000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.29.0-alt2","text":"- Fix NULL pointer reference when closing an unused multi handle (closes: #28534)"},{"time":1360152000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.29.0-alt1","text":"- new version"},{"time":1347969600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.27.0-alt1","text":"- new version"},{"time":1338292800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.26.0-alt1","text":"- new version"},{"time":1327406400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.24.0-alt1","text":"- new version (fixes two separate security vulnerabilities)"},{"time":1322136000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.23.1-alt1","text":"- new version"},{"time":1316174400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.22.0-alt1","text":"- new version"},{"time":1309176000,"author":"Gleb F-Malinovskiy <glebfm@altlinux.org>","evr":"7.21.7-alt1","text":"- new version (CVE-2011-2192)"},{"time":1303560000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.6-alt1","text":"- new version"},{"time":1303128000,"author":"Gleb F-Malinovskiy <glebfm@altlinux.org>","evr":"7.21.5-alt2","text":"- fix curl-config script:\n + version: replace VERSION with CURLVERSION\n + checkfor: add Requires: bc"},{"time":1303128000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.5-alt1","text":"- new version"},{"time":1300190400,"author":"Alexey Tourbin <at@altlinux.ru>","evr":"7.21.4-alt2","text":"- libcurl-devel: removed dependencies on libidn-devel libssl-devel zlib-devel\n- applied debug.patch from Fedora to enable -g in CFLAGS"},{"time":1298721600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.4-alt1","text":"- new version\n- enabled test check"},{"time":1297166400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.3-alt1","text":"- new version\n- test suite temporary disabled (it does not work in hasher)"},{"time":1286971200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.2-alt1","text":"- new version"},{"time":1285934400,"author":"Dmitry V. Levin <ldv@altlinux.org>","evr":"7.21.1-alt3","text":"- Removed unused requirement on libcares.\n- Cleaned up package descriptions.\n- Enabled test suite.\n- Built with libssl.so.10."},{"time":1282305600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.1-alt2","text":"- build without libcares (fixed #23891,#23486)"},{"time":1281614400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.1-alt1","text":"- new version\n- enabled build with libssh2"},{"time":1277812800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.0-alt1","text":"- new version"},{"time":1271332800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.20.1-alt1","text":"- new version"},{"time":1265889600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.20.0-alt1","text":"- new version"},{"time":1257681600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.7-alt1","text":"- new version"},{"time":1250164800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.6-alt1","text":"- new version (CVE-2009-2417)"},{"time":1236427200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.4-alt2","text":"- build curl with really external libcares (fixed #19097)"},{"time":1236081600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.4-alt1","text":"- new version (CVE-2009-0037)"},{"time":1234180800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.3-alt3","text":"- build from cvs"},{"time":1234180800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.3-alt2","text":"- curl-config --libs fixed (#18779)"},{"time":1233144000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.3-alt1","text":"- new version"},{"time":1226664000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.2-alt1","text":"- new version"}],"placements":[{"branch":"sisyphus","component":"classic","arch":"x86_64","kind":"binary"}]},{"name":"curl","version":"8.21.0","release":"alt1","arch":"aarch64","epoch":null,"source_rpm":"curl-8.21.0-alt1.src.rpm","summary":"Gets a file from a FTP, GOPHER or HTTP server","description":"Curl is a client to get documents/files from servers, using any of the\nsupported protocols. The command is designed to work without user\ninteraction or any kind of interactivity.\n\nCurl offers a busload of useful tricks like proxy support, user\nauthentication, ftp upload, HTTP post, file transfer resume and more.","group":"Networking/File transfer","packager":"Anton Farygin <rider@altlinux.org>","buildtime":1782295819,"size":801285,"disttag":"sisyphus+422578.100.1.2","filename":"curl-8.21.0-alt1.aarch64.rpm","filesize":266753,"deps":{"provides":[{"name":"curl","version":"8.21.0-alt1:sisyphus+422578.100.1.2","flags":8}],"requires":[{"name":"/bin/sh","version":"","flags":16384},{"name":"/lib64/ld-linux-aarch64.so.1","version":"","flags":16384},{"name":"coreutils","version":"","flags":16384},{"name":"sed","version":"","flags":16384},{"name":"libcurl","version":"8.21.0-alt1:sisyphus+422578.100.1.2","flags":16392},{"name":"rpmlib(PayloadIsLzma)","version":"","flags":16777280}],"conflicts":[],"obsoletes":[]},"files":["/usr/bin/curl","/usr/bin/wcurl"],"changelog":[{"time":1782302400,"author":"Anton Farygin <rider@altlinux.org>","evr":"8.21.0-alt1","text":"- 8.20.0 -> 8.21.0\n- Fixes:\n  * CVE-2026-12064: proto-default skips SSH verification\n  * CVE-2026-11856: cross-origin Digest auth state leak\n  * CVE-2026-11586: WS Auto-PONG memory exhaustion\n  * CVE-2026-11564: Native CA trust persist\n  * CVE-2026-11352: QUIC zero-length UDP datagrams busy-loop\n  * CVE-2026-10536: HTTP/2 stream-dependency tree UAF\n  * CVE-2026-9547: SSH improper host validation\n  * CVE-2026-9546: sending old referer\n  * CVE-2026-9545: exposing HTTP/3 early data\n  * CVE-2026-9080: UAF after pause in socket callback\n  * CVE-2026-9079: stale proxy password leak\n  * CVE-2026-8932: incomplete mTLS config matching in conn reuse\n  * CVE-2026-8927: env-set cross-proxy Digest auth state leak\n  * CVE-2026-8926: password leak with netrc and user in URL\n  * CVE-2026-8925: SASL double-free\n  * CVE-2026-8924: trailing dot domain super cookie\n  * CVE-2026-8458: wrong reuse for different services\n  * CVE-2026-8286: wrong STARTTLS connection reuse"},{"time":1777464000,"author":"Anton Farygin <rider@altlinux.org>","evr":"8.20.0-alt1","text":"- 8.19.0 -> 8.20.0\n- Fixes:\n  * CVE-2026-7168: cross-proxy Digest auth state leak\n  * CVE-2026-7009: OCSP stapling bypass with Apple SecTrust\n  * CVE-2026-6429: netrc credential leak with reused proxy connection\n  * CVE-2026-6276: stale custom cookie host causes cookie leak\n  * CVE-2026-6253: proxy credentials leak over redirect-to proxy\n  * CVE-2026-5773: wrong reuse of SMB connection\n  * CVE-2026-5545: wrong reuse of HTTP Negotiate connection\n  * CVE-2026-4873: connection reuse ignores TLS requirement"},{"time":1773230400,"author":"Anton Farygin <rider@altlinux.org>","evr":"8.19.0-alt1","text":"- 8.18.0 -> 8.19.0\n- Fixes:\n  * CVE-2026-3805: use after free in SMB connection reuse\n  * CVE-2026-3784: wrong proxy connection reuse with credentials\n  * CVE-2026-3783: token leak with redirect and netrc\n  * CVE-2026-1965: bad reuse of HTTP Negotiate connection"},{"time":1767960000,"author":"Anton Farygin <rider@altlinux.org>","evr":"8.18.0-alt1","text":"- 8.17.0 -> 8.18.0\n- Fixes:\n  * CVE-2025-15224: libssh key passphrase bypass without agent set\n  * CVE-2025-15079: libssh global known_hosts override\n  * CVE-2025-14819: OpenSSL partial chain store policy bypass\n  * CVE-2025-14524: bearer token leak on cross-protocol redirect\n  * CVE-2025-14017: broken TLS options for threaded LDAPS\n  * CVE-2025-13034: No QUIC certificate pinning with GnuTLS"},{"time":1762344000,"author":"Anton Farygin <rider@altlinux.com>","evr":"8.17.0-alt1","text":"- 8.16.0 -> 8.17.0"},{"time":1757505600,"author":"Anton Farygin <rider@altlinux.com>","evr":"8.16.0-alt1","text":"- 8.15.0 -> 8.16.0 (Fixes:  CVE-2025-10148, CVE-2025-9086)"},{"time":1753185600,"author":"Anton Farygin <rider@altlinux.com>","evr":"8.15.0-alt1","text":"- 8.14.1 -> 8.15.0"},{"time":1750852800,"author":"Anton Farygin <rider@altlinux.com>","evr":"8.14.1-alt2","text":"- Added upstream patch to fix --ftp-pasv option (Closes: #54927)"},{"time":1749038400,"author":"Anton Farygin <rider@altlinux.com>","evr":"8.14.1-alt1","text":"- 8.14.0 -> 8.14.1 (Fixes: CVE-2025-5399)\n- turned on more tests"},{"time":1748433600,"author":"Anton Farygin <rider@altlinux.com>","evr":"8.14.0-alt1","text":"- 8.13.0 -> 8.14.0"},{"time":1743595200,"author":"Anton Farygin <rider@altlinux.com>","evr":"8.13.0-alt1","text":"- 8.12.1 -> 8.13.0"},{"time":1739448000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.12.1-alt1","text":"- 8.12.0 -> 8.12.1"},{"time":1738756800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.12.0-alt1","text":"- 8.11.1 -> 8.12.0 (Fixes:  CVE-2025-0665, CVE-2025-0167, CVE-2025-0725)"},{"time":1733918400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.11.1-alt1","text":"- 8.11.0 -> 8.11.1 (Fixes: CVE-2024-11053)"},{"time":1732968000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.11.0-alt2","text":"- applied upstream commit f5c6169 to fix regression\n  with netrc (Closes: #52093)"},{"time":1730894400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.11.0-alt1","text":"- 8.10.0 -> 8.11.0 (Fixes: CVE-2024-9681)"},{"time":1726056000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.10.0-alt1","text":"- 8.9.1 -> 8.10.0 (Fixes: CVE-2024-8096)"},{"time":1722427200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.9.1-alt1","text":"- 8.9.0 -> 8.9.1 (Fixes: CVE-2024-7264)"},{"time":1721822400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.9.0-alt1","text":"- 8.8.0 -> 8.9.0 (Fixes: CVE-2024-6874, CVE-2024-6197)"},{"time":1719835200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.8.0-alt1","text":"- 8.7.1 -> 8.0.0 (Closes: #49883)"},{"time":1713960000,"author":"Andrey Cherepanov <cas@altlinux.org>","evr":"8.7.1-alt2","text":"- NMU: build with --enable-versioned-symbols"},{"time":1711540800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.7.1-alt1","text":"- 8.6.0 -> 8.7.1\n- Fixes:\n   * CVE-2024-2398: HTTP/2 push headers memory-leak\n   * CVE-2024-2004: Usage of disabled protocol"},{"time":1706702400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.6.0-alt1","text":"- 8.5.0 -> 8.6.0\n- Fixes:\n   * CVE-2024-0853 : OCSP verification bypass with TLS session reuse"},{"time":1701864000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.5.0-alt1","text":"- 8.4.0 -> 8.5.0\n- Fixes:\n   * CVE-2023-46218: cookie mixed case PSL bypass\n   * CVE-2023-46219: HSTS long file name clears contents"},{"time":1697025600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.4.0-alt1","text":"- 8.3.0 -> 8.4.0\n- Fixes:\n   * CVE-2023-38545: SOCKS5 heap buffer overflow\n   * CVE-2023-38546"},{"time":1694606400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.3.0-alt1","text":"- 8.2.1 -> 8.3.0\n- Fixes:\n   * CVE-2023-38039 HTTP headers eat all memory\n- relaxed check on armh"},{"time":1690372800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.2.1-alt1","text":"- 8.2.0 -> 8.2.1"},{"time":1689768000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.2.0-alt1","text":"- 8.1.2 -> 8.2.0\n- Fixes:\n   * CVE-2023-32001 fopen race condition"},{"time":1687694400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.1.2-alt2","text":"- built with ngtcp 0.16 and nghttp3 (apply patches from upstream git)"},{"time":1685448000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.1.2-alt1","text":"- 8.1.0 -> 8.1.2"},{"time":1684411200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.1.0-alt2","text":"- built with Gnutls only if QUIC is available"},{"time":1684411200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.1.0-alt1","text":"- 8.0.1 -> 8.1.0\n- descreased the number of tests: apache2-* was removed from BuildRequires to\n  avoid circular dependencies curl -> apache2-mods -> libcurl\n- Fixes:\n   * CVE-2023-28319 UAF in SSH sha256 fingerprint check\n   * CVE-2023-28320 siglongjmp race condition\n   * CVE-2023-28321 IDN wildcard match\n   * CVE-2023-28322 more POST-after-PUT confusion"},{"time":1679400000,"author":"Alexey Shabalin <shaba@altlinux.org>","evr":"8.0.1-alt2","text":"- disable build static library\n- fix configure options\n- fix build with libssh2\n- build with WebSockets support\n- build with gnutls instead of openssl, and build with http3 support\n- increased the number of tests to be execute"},{"time":1679313600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.0.1-alt1","text":"- 8.0.0 -> 8.0.1"},{"time":1679313600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.0.0-alt1","text":"- 7.88.1 -> 8.0.0 (Fixes:  CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536,\n   CVE-2023-27537, CVE-2023-27538)"},{"time":1676894400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.88.1-alt1","text":"- 7.88.0 -> 7.88.1"},{"time":1676462400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.88.0-alt1","text":"- 7.87.0 -> 7.88.0 (Closes: #45281)\n- Fixes:\n  * CVE-2023-23914: HSTS ignored on multiple requests\n  * CVE-2023-23915: HSTS amnesia with --parallel\n  * CVE-2023-23916: HTTP multi-header compression denial of service"},{"time":1671624000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.87.0-alt1","text":"- 7.86.0 -> 7.87.0\n- Fixes:\n  * CVE-2022-43551: Another HSTS bypass via IDN\n  * CVE-2022-43552: HTTP Proxy deny use-after-free"},{"time":1666785600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.86.0-alt1","text":"- 7.85.0 -> 7.86.0\n- Fixes:\n  * CVE-2022-32221: POST following PUT confusion\n  * CVE-2022-35260: .netrc parser out-of-bounds access\n  * CVE-2022-42915: HTTP proxy double-free\n  * CVE-2022-42916: HSTS bypass via IDN"},{"time":1661947200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.85.0-alt1","text":"- 7.84.0 -> 7.85.0\n- Fixes:\n  * CVE-2022-35252: control code in cookie denial of service"},{"time":1660132800,"author":"Egor Ignatov <egori@altlinux.org>","evr":"7.84.0-alt2","text":"- backport upstream fixes:\n  + lib3026: reduce the number of threads to 100 (#9172)\n  + easy_lock.h: include sched.h if available to fix build (#9054)"},{"time":1656331200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.84.0-alt1","text":"- 7.84.0\n- Fixes:\n  * CVE-2022-32208: FTP-KRB bad message verification\n  * CVE-2022-32207: Unpreserved file permissions\n  * CVE-2022-32206: HTTP compression denial of service\n  * CVE-2022-32205: Set-Cookie denial of service"},{"time":1652270400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.83.1-alt1","text":"- 7.83.1\n- Fixes:\n  * CVE-2022-30115: HSTS bypass via trailing dot\n  * CVE-2022-27782: TLS and SSH connection too eager reuse\n  * CVE-2022-27781: CERTINFO never-ending busy-loop\n  * CVE-2022-27780: percent-encoded path separator in URL host\n  * CVE-2022-27779: cookie for trailing dot TLD\n  * CVE-2022-27778: curl removes wrong file on error"},{"time":1651147200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.83.0-alt1","text":"- 7.83.0 (Fixes: CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776)"},{"time":1646827200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.82.0-alt1","text":"- 7.81.0 -> 7.82.0"},{"time":1641643200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.81.0-alt2","text":"- disabled rewindaftersend logic for auth via kerberos to resolve problems with\n  hdfs (fix for curl issue #8264)"},{"time":1641384000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.81.0-alt1","text":"- 7.80.0 -> 7.81.0"},{"time":1637409600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.80.0-alt1","text":"- 7.79.1 -> 7.80.0"},{"time":1632571200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.79.1-alt1","text":"- 7.79.1"},{"time":1632225600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.79.0-alt2","text":"- added patches from curl upstream:\n  * b2e72d2 http: fix the broken >3 digit response code detection\n  * e0742ce Curl_http2_setup: don't change connection data on repeat invokes"},{"time":1631707200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.79.0-alt1","text":"- 7.79.0\n- Fixes:\n  * CVE-2021-22945 clear the leftovers pointer when sending succeeds\n  * CVE-2021-22946 do not ignore --ssl-reqd\n  * CVE-2021-22947 reject STARTTLS server response pipelining"},{"time":1631275200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.78.0-alt2","text":"- fixed FTBFS via -ffat-lto-objects"},{"time":1627387200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.78.0-alt1","text":"- 7.78.0"},{"time":1622030400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.77.0-alt1","text":"- 7.77.0\n- Fixes:\n  * CVE-2021-22897 schannel cipher selection surprise\n  * CVE-2021-22898 TELNET stack contents disclosure\n  * CVE-2021-22901 TLS session caching disaster"},{"time":1618488000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.76.1-alt1","text":"- 7.76.1"},{"time":1617192000,"author":"Anton Farygin <rider@altlinux.org>","evr":"7.76.0-alt1","text":"- 7.76.0\n- Fixes:\n  * CVE-2021-22876 strip credentials from the auto-referer header field\n  * CVE-2021-22890 add 'isproxy' argument to Curl_ssl_get/addsessionid()"},{"time":1614254400,"author":"Anton Farygin <rider@altlinux.org>","evr":"7.75.0-alt1","text":"- 7.75.0"},{"time":1609329600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.74.0-alt1","text":"- 7.74.0\n- Fixes:\n  * CVE-2020-8286 Inferior OCSP verification\n  * CVE-2020-8285 FTP wildcard stack overflow\n  * CVE-2020-8284 trusting FTP PASV responses"},{"time":1602676800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.73.0-alt1","text":"- 7.73.0"},{"time":1597838400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.72.0-alt1","text":"- 7.72.0\n- fixes:\n  * CVE-2020-8231: libcurl: wrong connect-only connection"},{"time":1593777600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.71.1-alt1","text":"- 7.71.1\n- add python3 to BR for tests"},{"time":1593000000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.71.0-alt1","text":"- 7.71.0\n- fixes:\n  * CVE-2020-8177: curl overwrite local file with -J\n  * CVE-2020-8169: Partial password leak over DNS on HTTP redirect"},{"time":1588161600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.70.0-alt1","text":"- 7.70.0\n- removed DEV from version string (with maketgz script)"},{"time":1583928000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.69.1-alt1","text":"- 7.69.1"},{"time":1583928000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.69.0-alt1","text":"- 7.69.0"},{"time":1578657600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.68.0-alt1","text":"- 7.68.0"},{"time":1573473600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.67.0-alt1","text":"- 7.67.0"},{"time":1568203200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.66.0-alt1","text":"- 7.66.0\n- fixes:\n * CVE-2019-5481: FTP-KRB double-free \n * CVE-2019-5482: TFTP small blocksize heap buffer overflow"},{"time":1563883200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.65.3-alt1","text":"- 7.65.3"},{"time":1559736000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.65.1-alt1","text":"- 7.65.1"},{"time":1558526400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.65.0-alt1","text":"- 7.65.0\n- fixes:\n  * CVE-2019-5435: Integer overflows in curl_url_set\n  * CVE-2019-5436: tftp: use the current blksize for recvfrom"},{"time":1553774400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.64.1-alt1","text":"- 7.64.1"},{"time":1552564800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.64.0-alt2","text":"- increased level of verbosity in make check stage"},{"time":1549454400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.64.0-alt1","text":"- 7.64.0\n- fixes:\n  * CVE-2018-16890: NTLM type-2 out-of-bounds buffer read\n  * CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow\n  * CVE-2019-3823: SMTP end-of-response out-of-bounds read"},{"time":1544616000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.63.0-alt1","text":"- 7.63.0"},{"time":1542196800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.62.0-alt3","text":"- enabled idn support (closes: #34103)\n- enabled ldap support\n- enabled brotli support"},{"time":1541073600,"author":"Michael Shigorin <mike@altlinux.org>","evr":"7.62.0-alt2","text":"- added nghttp2 knob (on by default)"},{"time":1540987200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.62.0-alt1","text":"- 7.62.0 \n- fixes:\n  * CVE-2018-16839 - buffer overrun in the SASL authentication code. \n  * CVE-2018-16840 - use-after-free in handle close\n  * CVE-2018-16842 - warning message out-of-buffer read"},{"time":1539259200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.61.1-alt2","text":"- enabled HTTP/2 support"},{"time":1536494400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.61.1-alt1","text":"- 7.61.1 (fixes: CVE-2018-14618)"},{"time":1534420800,"author":"Gleb F-Malinovskiy <glebfm@altlinux.org>","evr":"7.61.0-alt2","text":"- Rebuilt with openssl 1.1.\n- Added BR: libkrb5-devel."},{"time":1531828800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.61.0-alt1","text":"- 7.61.0\n- fixes:\n  * CVE-2018-0500 SMTP send heap buffer overflow"},{"time":1526472000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.60.0-alt1","text":"- 7.60.0 \n- fixes:\n  * CVE-2018-1000300 FTP shutdown response buffer overflow\n  * CVE-2018-1000301 RTSP bad headers buffer over-read"},{"time":1522497600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.59.0-alt1","text":"- new version \n- fixes: \n  * CVE-2018-1000120 FTP path trickery leads to NIL byte out of bounds write\n  * CVE-2018-1000121 LDAP NULL pointer dereference\n  * CVE-2018-1000122  RTSP RTP buffer over-read"},{"time":1516795200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.58.0-alt1","text":"- new version\n- fixes:\n  * CVE-2018-1000005 HTTP/2 trailer out-of-bounds read\n  * CVE-2018-1000007 HTTP authentication leak in redirects"},{"time":1512129600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.57.0-alt1","text":"- new version\n- fixes:\n  * CVE-2017-8818 SSL out of buffer access\n  * CVE-2017-8817 FTP wildcard out of bounds read\n  * CVE-2017-8816 NTLM buffer overflow via integer overflow"},{"time":1508760000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.56.1-alt1","text":"- new version\n- fixes:\n  * CVE-2017-1000257 libcurl contains a buffer overrun flaw in the IMAP handler"},{"time":1507118400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.56.0-alt1","text":"- new version\n- fixes:\n  * CVE-2017-1000254 libcurl may read outside of a heap allocated buffer when doing FTP."},{"time":1502712000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.55.1-alt1","text":"- new version"},{"time":1502280000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.55.0-alt1","text":"- new version with following security fixes:\n   * CVE-2017-1000101 glob: do not parse after a strtoul() overflow range\n   * CVE-2017-1000100 tftp: reject file name lengths that don't fit\n   * CVE-2017-1000099 file: output the correct buffer to the user"},{"time":1497441600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.54.1-alt1","text":"- new version with security fixes:\n  CVE-2017-9502: URL file scheme drive letter buffer overflow"},{"time":1492603200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.54.0-alt1","text":"- new version with security fixes:\n  CVE-2016-5419: TLS session resumption client cert bypass (again)"},{"time":1488196800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.53.1-alt1","text":"- new version"},{"time":1487764800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.53.0-alt1","text":"- new version with security fixes:\n  CVE-2017-2629: SSL_VERIFYSTATUS ignored"},{"time":1482494400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.52.1-alt1","text":"- new version with security fixes:\n  CVE-2016-9594: uninitialized random"},{"time":1482321600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.52.0-alt1","text":"- new version with security fixes:\n  CVE-2016-9586: printf floating point buffer overflow"},{"time":1481112000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.51.0-alt2","text":"- enabled gssapi (closes: #32862)"},{"time":1478088000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.51.0-alt1","text":"- new version with security fixes:\n  CVE-2016-8615: cookie injection for other servers \n  CVE-2016-8616: case insensitive password comparison \n  CVE-2016-8617: OOB write via unchecked multiplication \n  CVE-2016-8618: double-free in curl_maprintf \n  CVE-2016-8619: double-free in krb5 code \n  CVE-2016-8620: glob parser write/read out of bounds \n  CVE-2016-8621: curl_getdate read out of bounds \n  CVE-2016-8622: URL unescape heap overflow via integer truncation \n  CVE-2016-8623: Use-after-free via shared cookies \n  CVE-2016-8624: invalid URL parsing with '#'\n  CVE-2016-8625: IDNA 2003 makes curl use wrong host"},{"time":1477569600,"author":"Vladimir D. Seleznev <vseleznv@altlinux.org>","evr":"7.50.3-alt2","text":"- libcurl-devel: packaged libcurl.m4"},{"time":1473854400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.50.3-alt1","text":"- new version with security fixes (CVE-2016-7167)"},{"time":1473422400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.50.2-alt1","text":"- new version"},{"time":1472212800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.50.1-alt1","text":"- new version"},{"time":1469102400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.50.0-alt1","text":"- new version"},{"time":1464609600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.49.1-alt1","text":"- new version"},{"time":1464004800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.49.0-alt1","text":"- new version"},{"time":1458820800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.48.0-alt1","text":"- new version"},{"time":1457784000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.47.1-alt1","text":"- new version"},{"time":1450008000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.46.0-alt2","text":"- enabled http2 support (closes: #31617)"},{"time":1449489600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.46.0-alt1","text":"- new version"},{"time":1445169600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.45.0-alt1","text":"- new version"},{"time":1434715200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.43.0-alt1","text":"- new version, with fixes for CVE-2015-3236, CVE-2015-3237"},{"time":1430308800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.42.1-alt1","text":"- new version, with fixes for CVE-2015-3153"},{"time":1429704000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.42.0-alt1","text":"- new version, with fixes for CVE-2015-3148, CVE-2015-3143, CVE-2015-3145 \n  and CVE-2015-3144"},{"time":1424865600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.41.0-alt1","text":"- new version"},{"time":1421236800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.40.0-alt1","text":"- new version"},{"time":1415188800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.39.0-alt1","text":"- new version"},{"time":1414670400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.38.0-alt2","text":"- threaded-resolver: revert Curl_expire_latest() switch (closes: #30427)"},{"time":1410350400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.38.0-alt1","text":"- new version"},{"time":1406203200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.37.1-alt1","text":"- new version"},{"time":1402056000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.37.0-alt1","text":"- new version"},{"time":1395835200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.36.0-alt1","text":"- new version\n- added watch file"},{"time":1392379200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.35.0-alt2","text":"- test172 fixed by upstream"},{"time":1390996800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.35.0-alt1","text":"- new version"},{"time":1387281600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.34.0-alt1","text":"- new version"},{"time":1382529600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.33.0-alt1","text":"- new version"},{"time":1376654400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.32.0-alt1","text":"- new version"},{"time":1372075200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.31.0-alt1","text":"- new version"},{"time":1366113600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.30.0-alt1","text":"- new version"},{"time":1360584000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.29.0-alt2","text":"- Fix NULL pointer reference when closing an unused multi handle (closes: #28534)"},{"time":1360152000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.29.0-alt1","text":"- new version"},{"time":1347969600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.27.0-alt1","text":"- new version"},{"time":1338292800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.26.0-alt1","text":"- new version"},{"time":1327406400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.24.0-alt1","text":"- new version (fixes two separate security vulnerabilities)"},{"time":1322136000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.23.1-alt1","text":"- new version"},{"time":1316174400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.22.0-alt1","text":"- new version"},{"time":1309176000,"author":"Gleb F-Malinovskiy <glebfm@altlinux.org>","evr":"7.21.7-alt1","text":"- new version (CVE-2011-2192)"},{"time":1303560000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.6-alt1","text":"- new version"},{"time":1303128000,"author":"Gleb F-Malinovskiy <glebfm@altlinux.org>","evr":"7.21.5-alt2","text":"- fix curl-config script:\n + version: replace VERSION with CURLVERSION\n + checkfor: add Requires: bc"},{"time":1303128000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.5-alt1","text":"- new version"},{"time":1300190400,"author":"Alexey Tourbin <at@altlinux.ru>","evr":"7.21.4-alt2","text":"- libcurl-devel: removed dependencies on libidn-devel libssl-devel zlib-devel\n- applied debug.patch from Fedora to enable -g in CFLAGS"},{"time":1298721600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.4-alt1","text":"- new version\n- enabled test check"},{"time":1297166400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.3-alt1","text":"- new version\n- test suite temporary disabled (it does not work in hasher)"},{"time":1286971200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.2-alt1","text":"- new version"},{"time":1285934400,"author":"Dmitry V. Levin <ldv@altlinux.org>","evr":"7.21.1-alt3","text":"- Removed unused requirement on libcares.\n- Cleaned up package descriptions.\n- Enabled test suite.\n- Built with libssl.so.10."},{"time":1282305600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.1-alt2","text":"- build without libcares (fixed #23891,#23486)"},{"time":1281614400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.1-alt1","text":"- new version\n- enabled build with libssh2"},{"time":1277812800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.0-alt1","text":"- new version"},{"time":1271332800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.20.1-alt1","text":"- new version"},{"time":1265889600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.20.0-alt1","text":"- new version"},{"time":1257681600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.7-alt1","text":"- new version"},{"time":1250164800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.6-alt1","text":"- new version (CVE-2009-2417)"},{"time":1236427200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.4-alt2","text":"- build curl with really external libcares (fixed #19097)"},{"time":1236081600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.4-alt1","text":"- new version (CVE-2009-0037)"},{"time":1234180800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.3-alt3","text":"- build from cvs"},{"time":1234180800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.3-alt2","text":"- curl-config --libs fixed (#18779)"},{"time":1233144000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.3-alt1","text":"- new version"},{"time":1226664000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.2-alt1","text":"- new version"}],"placements":[{"branch":"sisyphus","component":"classic","arch":"aarch64","kind":"binary"}]},{"name":"curl","version":"8.12.0","release":"alt2","arch":"aarch64","epoch":null,"source_rpm":"curl-8.12.0-alt2.src.rpm","summary":"Gets a file from a FTP, GOPHER or HTTP server","description":"Curl is a client to get documents/files from servers, using any of the\nsupported protocols. The command is designed to work without user\ninteraction or any kind of interactivity.\n\nCurl offers a busload of useful tricks like proxy support, user\nauthentication, ftp upload, HTTP post, file transfer resume and more.","group":"Networking/File transfer","packager":"Roman Efimenkov <trogjan@altlinux.org>","buildtime":1778700690,"size":712464,"disttag":"p10+415760.200.2.1","filename":"curl-8.12.0-alt2.aarch64.rpm","filesize":240848,"deps":{"provides":[{"name":"curl","version":"8.12.0-alt2:p10+415760.200.2.1","flags":8}],"requires":[{"name":"/lib64/ld-linux-aarch64.so.1","version":"","flags":16384},{"name":"libcurl","version":"8.12.0-alt2:p10+415760.200.2.1","flags":16392},{"name":"rpmlib(PayloadIsLzma)","version":"","flags":16777280}],"conflicts":[],"obsoletes":[]},"files":["/usr/bin/curl"],"changelog":[{"time":1778673600,"author":"Roman Efimenkov <trogjan@altlinux.org>","evr":"8.12.0-alt2","text":"- Applied upstream patch (fixes: CVE-2026-3783)."},{"time":1738756800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.12.0-alt1","text":"- 8.11.1 -> 8.12.0 (Fixes:  CVE-2025-0665, CVE-2025-0167, CVE-2025-0725)"},{"time":1733918400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.11.1-alt1","text":"- 8.11.0 -> 8.11.1 (Fixes: CVE-2024-11053)"},{"time":1732968000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.11.0-alt2","text":"- applied upstream commit f5c6169 to fix regression\n  with netrc (Closes: #52093)"},{"time":1730894400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.11.0-alt1","text":"- 8.10.0 -> 8.11.0 (Fixes: CVE-2024-9681)"},{"time":1726056000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.10.0-alt1","text":"- 8.9.1 -> 8.10.0 (Fixes: CVE-2024-8096)"},{"time":1722427200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.9.1-alt1","text":"- 8.9.0 -> 8.9.1 (Fixes: CVE-2024-7264)"},{"time":1721822400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.9.0-alt1","text":"- 8.8.0 -> 8.9.0 (Fixes: CVE-2024-6874, CVE-2024-6197)"},{"time":1719835200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.8.0-alt1","text":"- 8.7.1 -> 8.0.0 (Closes: #49883)"},{"time":1713960000,"author":"Andrey Cherepanov <cas@altlinux.org>","evr":"8.7.1-alt2","text":"- NMU: build with --enable-versioned-symbols"},{"time":1711540800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.7.1-alt1","text":"- 8.6.0 -> 8.7.1\n- Fixes:\n   * CVE-2024-2398: HTTP/2 push headers memory-leak\n   * CVE-2024-2004: Usage of disabled protocol"},{"time":1706702400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.6.0-alt1","text":"- 8.5.0 -> 8.6.0\n- Fixes:\n   * CVE-2024-0853 : OCSP verification bypass with TLS session reuse"},{"time":1701864000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.5.0-alt1","text":"- 8.4.0 -> 8.5.0\n- Fixes:\n   * CVE-2023-46218: cookie mixed case PSL bypass\n   * CVE-2023-46219: HSTS long file name clears contents"},{"time":1697025600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.4.0-alt1","text":"- 8.3.0 -> 8.4.0\n- Fixes:\n   * CVE-2023-38545: SOCKS5 heap buffer overflow\n   * CVE-2023-38546"},{"time":1694606400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.3.0-alt1","text":"- 8.2.1 -> 8.3.0\n- Fixes:\n   * CVE-2023-38039 HTTP headers eat all memory\n- relaxed check on armh"},{"time":1690372800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.2.1-alt1","text":"- 8.2.0 -> 8.2.1"},{"time":1689768000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.2.0-alt1","text":"- 8.1.2 -> 8.2.0\n- Fixes:\n   * CVE-2023-32001 fopen race condition"},{"time":1687694400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.1.2-alt2","text":"- built with ngtcp 0.16 and nghttp3 (apply patches from upstream git)"},{"time":1685448000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.1.2-alt1","text":"- 8.1.0 -> 8.1.2"},{"time":1684411200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.1.0-alt2","text":"- built with Gnutls only if QUIC is available"},{"time":1684411200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.1.0-alt1","text":"- 8.0.1 -> 8.1.0\n- descreased the number of tests: apache2-* was removed from BuildRequires to\n  avoid circular dependencies curl -> apache2-mods -> libcurl\n- Fixes:\n   * CVE-2023-28319 UAF in SSH sha256 fingerprint check\n   * CVE-2023-28320 siglongjmp race condition\n   * CVE-2023-28321 IDN wildcard match\n   * CVE-2023-28322 more POST-after-PUT confusion"},{"time":1679400000,"author":"Alexey Shabalin <shaba@altlinux.org>","evr":"8.0.1-alt2","text":"- disable build static library\n- fix configure options\n- fix build with libssh2\n- build with WebSockets support\n- build with gnutls instead of openssl, and build with http3 support\n- increased the number of tests to be execute"},{"time":1679313600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.0.1-alt1","text":"- 8.0.0 -> 8.0.1"},{"time":1679313600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.0.0-alt1","text":"- 7.88.1 -> 8.0.0 (Fixes:  CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536,\n   CVE-2023-27537, CVE-2023-27538)"},{"time":1676894400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.88.1-alt1","text":"- 7.88.0 -> 7.88.1"},{"time":1676462400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.88.0-alt1","text":"- 7.87.0 -> 7.88.0 (Closes: #45281)\n- Fixes:\n  * CVE-2023-23914: HSTS ignored on multiple requests\n  * CVE-2023-23915: HSTS amnesia with --parallel\n  * CVE-2023-23916: HTTP multi-header compression denial of service"},{"time":1671624000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.87.0-alt1","text":"- 7.86.0 -> 7.87.0\n- Fixes:\n  * CVE-2022-43551: Another HSTS bypass via IDN\n  * CVE-2022-43552: HTTP Proxy deny use-after-free"},{"time":1666785600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.86.0-alt1","text":"- 7.85.0 -> 7.86.0\n- Fixes:\n  * CVE-2022-32221: POST following PUT confusion\n  * CVE-2022-35260: .netrc parser out-of-bounds access\n  * CVE-2022-42915: HTTP proxy double-free\n  * CVE-2022-42916: HSTS bypass via IDN"},{"time":1661947200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.85.0-alt1","text":"- 7.84.0 -> 7.85.0\n- Fixes:\n  * CVE-2022-35252: control code in cookie denial of service"},{"time":1660132800,"author":"Egor Ignatov <egori@altlinux.org>","evr":"7.84.0-alt2","text":"- backport upstream fixes:\n  + lib3026: reduce the number of threads to 100 (#9172)\n  + easy_lock.h: include sched.h if available to fix build (#9054)"},{"time":1656331200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.84.0-alt1","text":"- 7.84.0\n- Fixes:\n  * CVE-2022-32208: FTP-KRB bad message verification\n  * CVE-2022-32207: Unpreserved file permissions\n  * CVE-2022-32206: HTTP compression denial of service\n  * CVE-2022-32205: Set-Cookie denial of service"},{"time":1652270400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.83.1-alt1","text":"- 7.83.1\n- Fixes:\n  * CVE-2022-30115: HSTS bypass via trailing dot\n  * CVE-2022-27782: TLS and SSH connection too eager reuse\n  * CVE-2022-27781: CERTINFO never-ending busy-loop\n  * CVE-2022-27780: percent-encoded path separator in URL host\n  * CVE-2022-27779: cookie for trailing dot TLD\n  * CVE-2022-27778: curl removes wrong file on error"},{"time":1651147200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.83.0-alt1","text":"- 7.83.0 (Fixes: CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776)"},{"time":1646827200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.82.0-alt1","text":"- 7.81.0 -> 7.82.0"},{"time":1641643200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.81.0-alt2","text":"- disabled rewindaftersend logic for auth via kerberos to resolve problems with\n  hdfs (fix for curl issue #8264)"},{"time":1641384000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.81.0-alt1","text":"- 7.80.0 -> 7.81.0"},{"time":1637409600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.80.0-alt1","text":"- 7.79.1 -> 7.80.0"},{"time":1632571200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.79.1-alt1","text":"- 7.79.1"},{"time":1632225600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.79.0-alt2","text":"- added patches from curl upstream:\n  * b2e72d2 http: fix the broken >3 digit response code detection\n  * e0742ce Curl_http2_setup: don't change connection data on repeat invokes"},{"time":1631707200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.79.0-alt1","text":"- 7.79.0\n- Fixes:\n  * CVE-2021-22945 clear the leftovers pointer when sending succeeds\n  * CVE-2021-22946 do not ignore --ssl-reqd\n  * CVE-2021-22947 reject STARTTLS server response pipelining"},{"time":1631275200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.78.0-alt2","text":"- fixed FTBFS via -ffat-lto-objects"},{"time":1627387200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.78.0-alt1","text":"- 7.78.0"},{"time":1622030400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.77.0-alt1","text":"- 7.77.0\n- Fixes:\n  * CVE-2021-22897 schannel cipher selection surprise\n  * CVE-2021-22898 TELNET stack contents disclosure\n  * CVE-2021-22901 TLS session caching disaster"},{"time":1618488000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.76.1-alt1","text":"- 7.76.1"},{"time":1617192000,"author":"Anton Farygin <rider@altlinux.org>","evr":"7.76.0-alt1","text":"- 7.76.0\n- Fixes:\n  * CVE-2021-22876 strip credentials from the auto-referer header field\n  * CVE-2021-22890 add 'isproxy' argument to Curl_ssl_get/addsessionid()"},{"time":1614254400,"author":"Anton Farygin <rider@altlinux.org>","evr":"7.75.0-alt1","text":"- 7.75.0"},{"time":1609329600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.74.0-alt1","text":"- 7.74.0\n- Fixes:\n  * CVE-2020-8286 Inferior OCSP verification\n  * CVE-2020-8285 FTP wildcard stack overflow\n  * CVE-2020-8284 trusting FTP PASV responses"},{"time":1602676800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.73.0-alt1","text":"- 7.73.0"},{"time":1597838400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.72.0-alt1","text":"- 7.72.0\n- fixes:\n  * CVE-2020-8231: libcurl: wrong connect-only connection"},{"time":1593777600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.71.1-alt1","text":"- 7.71.1\n- add python3 to BR for tests"},{"time":1593000000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.71.0-alt1","text":"- 7.71.0\n- fixes:\n  * CVE-2020-8177: curl overwrite local file with -J\n  * CVE-2020-8169: Partial password leak over DNS on HTTP redirect"},{"time":1588161600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.70.0-alt1","text":"- 7.70.0\n- removed DEV from version string (with maketgz script)"},{"time":1583928000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.69.1-alt1","text":"- 7.69.1"},{"time":1583928000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.69.0-alt1","text":"- 7.69.0"},{"time":1578657600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.68.0-alt1","text":"- 7.68.0"},{"time":1573473600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.67.0-alt1","text":"- 7.67.0"},{"time":1568203200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.66.0-alt1","text":"- 7.66.0\n- fixes:\n * CVE-2019-5481: FTP-KRB double-free\n * CVE-2019-5482: TFTP small blocksize heap buffer overflow"},{"time":1563883200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.65.3-alt1","text":"- 7.65.3"},{"time":1559736000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.65.1-alt1","text":"- 7.65.1"},{"time":1558526400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.65.0-alt1","text":"- 7.65.0\n- fixes:\n  * CVE-2019-5435: Integer overflows in curl_url_set\n  * CVE-2019-5436: tftp: use the current blksize for recvfrom"},{"time":1553774400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.64.1-alt1","text":"- 7.64.1"},{"time":1552564800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.64.0-alt2","text":"- increased level of verbosity in make check stage"},{"time":1549454400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.64.0-alt1","text":"- 7.64.0\n- fixes:\n  * CVE-2018-16890: NTLM type-2 out-of-bounds buffer read\n  * CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow\n  * CVE-2019-3823: SMTP end-of-response out-of-bounds read"},{"time":1544616000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.63.0-alt1","text":"- 7.63.0"},{"time":1542196800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.62.0-alt3","text":"- enabled idn support (closes: #34103)\n- enabled ldap support\n- enabled brotli support"},{"time":1541073600,"author":"Michael Shigorin <mike@altlinux.org>","evr":"7.62.0-alt2","text":"- added nghttp2 knob (on by default)"},{"time":1540987200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.62.0-alt1","text":"- 7.62.0\n- fixes:\n  * CVE-2018-16839 - buffer overrun in the SASL authentication code.\n  * CVE-2018-16840 - use-after-free in handle close\n  * CVE-2018-16842 - warning message out-of-buffer read"},{"time":1539259200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.61.1-alt2","text":"- enabled HTTP/2 support"},{"time":1536494400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.61.1-alt1","text":"- 7.61.1 (fixes: CVE-2018-14618)"},{"time":1534420800,"author":"Gleb F-Malinovskiy <glebfm@altlinux.org>","evr":"7.61.0-alt2","text":"- Rebuilt with openssl 1.1.\n- Added BR: libkrb5-devel."},{"time":1531828800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.61.0-alt1","text":"- 7.61.0\n- fixes:\n  * CVE-2018-0500 SMTP send heap buffer overflow"},{"time":1526472000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.60.0-alt1","text":"- 7.60.0\n- fixes:\n  * CVE-2018-1000300 FTP shutdown response buffer overflow\n  * CVE-2018-1000301 RTSP bad headers buffer over-read"},{"time":1522497600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.59.0-alt1","text":"- new version\n- fixes:\n  * CVE-2018-1000120 FTP path trickery leads to NIL byte out of bounds write\n  * CVE-2018-1000121 LDAP NULL pointer dereference\n  * CVE-2018-1000122  RTSP RTP buffer over-read"},{"time":1516795200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.58.0-alt1","text":"- new version\n- fixes:\n  * CVE-2018-1000005 HTTP/2 trailer out-of-bounds read\n  * CVE-2018-1000007 HTTP authentication leak in redirects"},{"time":1512129600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.57.0-alt1","text":"- new version\n- fixes:\n  * CVE-2017-8818 SSL out of buffer access\n  * CVE-2017-8817 FTP wildcard out of bounds read\n  * CVE-2017-8816 NTLM buffer overflow via integer overflow"},{"time":1508760000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.56.1-alt1","text":"- new version\n- fixes:\n  * CVE-2017-1000257 libcurl contains a buffer overrun flaw in the IMAP handler"},{"time":1507118400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.56.0-alt1","text":"- new version\n- fixes:\n  * CVE-2017-1000254 libcurl may read outside of a heap allocated buffer when doing FTP."},{"time":1502712000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.55.1-alt1","text":"- new version"},{"time":1502280000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.55.0-alt1","text":"- new version with following security fixes:\n   * CVE-2017-1000101 glob: do not parse after a strtoul() overflow range\n   * CVE-2017-1000100 tftp: reject file name lengths that don't fit\n   * CVE-2017-1000099 file: output the correct buffer to the user"},{"time":1497441600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.54.1-alt1","text":"- new version with security fixes:\n  CVE-2017-9502: URL file scheme drive letter buffer overflow"},{"time":1492603200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.54.0-alt1","text":"- new version with security fixes:\n  CVE-2016-5419: TLS session resumption client cert bypass (again)"},{"time":1488196800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.53.1-alt1","text":"- new version"},{"time":1487764800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.53.0-alt1","text":"- new version with security fixes:\n  CVE-2017-2629: SSL_VERIFYSTATUS ignored"},{"time":1482494400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.52.1-alt1","text":"- new version with security fixes:\n  CVE-2016-9594: uninitialized random"},{"time":1482321600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.52.0-alt1","text":"- new version with security fixes:\n  CVE-2016-9586: printf floating point buffer overflow"},{"time":1481112000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.51.0-alt2","text":"- enabled gssapi (closes: #32862)"},{"time":1478088000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.51.0-alt1","text":"- new version with security fixes:\n  CVE-2016-8615: cookie injection for other servers\n  CVE-2016-8616: case insensitive password comparison\n  CVE-2016-8617: OOB write via unchecked multiplication\n  CVE-2016-8618: double-free in curl_maprintf\n  CVE-2016-8619: double-free in krb5 code\n  CVE-2016-8620: glob parser write/read out of bounds\n  CVE-2016-8621: curl_getdate read out of bounds\n  CVE-2016-8622: URL unescape heap overflow via integer truncation\n  CVE-2016-8623: Use-after-free via shared cookies\n  CVE-2016-8624: invalid URL parsing with '#'\n  CVE-2016-8625: IDNA 2003 makes curl use wrong host"},{"time":1477569600,"author":"Vladimir D. Seleznev <vseleznv@altlinux.org>","evr":"7.50.3-alt2","text":"- libcurl-devel: packaged libcurl.m4"},{"time":1473854400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.50.3-alt1","text":"- new version with security fixes (CVE-2016-7167)"},{"time":1473422400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.50.2-alt1","text":"- new version"},{"time":1472212800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.50.1-alt1","text":"- new version"},{"time":1469102400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.50.0-alt1","text":"- new version"},{"time":1464609600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.49.1-alt1","text":"- new version"},{"time":1464004800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.49.0-alt1","text":"- new version"},{"time":1458820800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.48.0-alt1","text":"- new version"},{"time":1457784000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.47.1-alt1","text":"- new version"},{"time":1450008000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.46.0-alt2","text":"- enabled http2 support (closes: #31617)"},{"time":1449489600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.46.0-alt1","text":"- new version"},{"time":1445169600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.45.0-alt1","text":"- new version"},{"time":1434715200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.43.0-alt1","text":"- new version, with fixes for CVE-2015-3236, CVE-2015-3237"},{"time":1430308800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.42.1-alt1","text":"- new version, with fixes for CVE-2015-3153"},{"time":1429704000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.42.0-alt1","text":"- new version, with fixes for CVE-2015-3148, CVE-2015-3143, CVE-2015-3145\n  and CVE-2015-3144"},{"time":1424865600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.41.0-alt1","text":"- new version"},{"time":1421236800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.40.0-alt1","text":"- new version"},{"time":1415188800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.39.0-alt1","text":"- new version"},{"time":1414670400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.38.0-alt2","text":"- threaded-resolver: revert Curl_expire_latest() switch (closes: #30427)"},{"time":1410350400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.38.0-alt1","text":"- new version"},{"time":1406203200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.37.1-alt1","text":"- new version"},{"time":1402056000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.37.0-alt1","text":"- new version"},{"time":1395835200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.36.0-alt1","text":"- new version\n- added watch file"},{"time":1392379200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.35.0-alt2","text":"- test172 fixed by upstream"},{"time":1390996800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.35.0-alt1","text":"- new version"},{"time":1387281600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.34.0-alt1","text":"- new version"},{"time":1382529600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.33.0-alt1","text":"- new version"},{"time":1376654400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.32.0-alt1","text":"- new version"},{"time":1372075200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.31.0-alt1","text":"- new version"},{"time":1366113600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.30.0-alt1","text":"- new version"},{"time":1360584000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.29.0-alt2","text":"- Fix NULL pointer reference when closing an unused multi handle (closes: #28534)"},{"time":1360152000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.29.0-alt1","text":"- new version"},{"time":1347969600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.27.0-alt1","text":"- new version"},{"time":1338292800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.26.0-alt1","text":"- new version"},{"time":1327406400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.24.0-alt1","text":"- new version (fixes two separate security vulnerabilities)"},{"time":1322136000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.23.1-alt1","text":"- new version"},{"time":1316174400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.22.0-alt1","text":"- new version"},{"time":1309176000,"author":"Gleb F-Malinovskiy <glebfm@altlinux.org>","evr":"7.21.7-alt1","text":"- new version (CVE-2011-2192)"},{"time":1303560000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.6-alt1","text":"- new version"},{"time":1303128000,"author":"Gleb F-Malinovskiy <glebfm@altlinux.org>","evr":"7.21.5-alt2","text":"- fix curl-config script:\n + version: replace VERSION with CURLVERSION\n + checkfor: add Requires: bc"},{"time":1303128000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.5-alt1","text":"- new version"},{"time":1300190400,"author":"Alexey Tourbin <at@altlinux.ru>","evr":"7.21.4-alt2","text":"- libcurl-devel: removed dependencies on libidn-devel libssl-devel zlib-devel\n- applied debug.patch from Fedora to enable -g in CFLAGS"},{"time":1298721600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.4-alt1","text":"- new version\n- enabled test check"},{"time":1297166400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.3-alt1","text":"- new version\n- test suite temporary disabled (it does not work in hasher)"},{"time":1286971200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.2-alt1","text":"- new version"},{"time":1285934400,"author":"Dmitry V. Levin <ldv@altlinux.org>","evr":"7.21.1-alt3","text":"- Removed unused requirement on libcares.\n- Cleaned up package descriptions.\n- Enabled test suite.\n- Built with libssl.so.10."},{"time":1282305600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.1-alt2","text":"- build without libcares (fixed #23891,#23486)"},{"time":1281614400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.1-alt1","text":"- new version\n- enabled build with libssh2"},{"time":1277812800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.0-alt1","text":"- new version"},{"time":1271332800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.20.1-alt1","text":"- new version"},{"time":1265889600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.20.0-alt1","text":"- new version"},{"time":1257681600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.7-alt1","text":"- new version"},{"time":1250164800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.6-alt1","text":"- new version (CVE-2009-2417)"},{"time":1236427200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.4-alt2","text":"- build curl with really external libcares (fixed #19097)"},{"time":1236081600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.4-alt1","text":"- new version (CVE-2009-0037)"},{"time":1234180800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.3-alt3","text":"- build from cvs"},{"time":1234180800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.3-alt2","text":"- curl-config --libs fixed (#18779)"},{"time":1233144000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.3-alt1","text":"- new version"},{"time":1226664000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.2-alt1","text":"- new version"}],"placements":[{"branch":"p10","component":"classic","arch":"aarch64","kind":"binary"}]},{"name":"curl","version":"8.12.0","release":"alt2","arch":"armh","epoch":null,"source_rpm":"curl-8.12.0-alt2.src.rpm","summary":"Gets a file from a FTP, GOPHER or HTTP server","description":"Curl is a client to get documents/files from servers, using any of the\nsupported protocols. The command is designed to work without user\ninteraction or any kind of interactivity.\n\nCurl offers a busload of useful tricks like proxy support, user\nauthentication, ftp upload, HTTP post, file transfer resume and more.","group":"Networking/File transfer","packager":"Roman Efimenkov <trogjan@altlinux.org>","buildtime":1778700889,"size":527612,"disttag":"p10+415760.200.2.1","filename":"curl-8.12.0-alt2.armh.rpm","filesize":230135,"deps":{"provides":[{"name":"curl","version":"8.12.0-alt2:p10+415760.200.2.1","flags":8}],"requires":[{"name":"/lib/ld-linux-armhf.so.3","version":"","flags":16384},{"name":"libcurl","version":"8.12.0-alt2:p10+415760.200.2.1","flags":16392},{"name":"rpmlib(PayloadIsLzma)","version":"","flags":16777280}],"conflicts":[],"obsoletes":[]},"files":["/usr/bin/curl"],"changelog":[{"time":1778673600,"author":"Roman Efimenkov <trogjan@altlinux.org>","evr":"8.12.0-alt2","text":"- Applied upstream patch (fixes: CVE-2026-3783)."},{"time":1738756800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.12.0-alt1","text":"- 8.11.1 -> 8.12.0 (Fixes:  CVE-2025-0665, CVE-2025-0167, CVE-2025-0725)"},{"time":1733918400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.11.1-alt1","text":"- 8.11.0 -> 8.11.1 (Fixes: CVE-2024-11053)"},{"time":1732968000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.11.0-alt2","text":"- applied upstream commit f5c6169 to fix regression\n  with netrc (Closes: #52093)"},{"time":1730894400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.11.0-alt1","text":"- 8.10.0 -> 8.11.0 (Fixes: CVE-2024-9681)"},{"time":1726056000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.10.0-alt1","text":"- 8.9.1 -> 8.10.0 (Fixes: CVE-2024-8096)"},{"time":1722427200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.9.1-alt1","text":"- 8.9.0 -> 8.9.1 (Fixes: CVE-2024-7264)"},{"time":1721822400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.9.0-alt1","text":"- 8.8.0 -> 8.9.0 (Fixes: CVE-2024-6874, CVE-2024-6197)"},{"time":1719835200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.8.0-alt1","text":"- 8.7.1 -> 8.0.0 (Closes: #49883)"},{"time":1713960000,"author":"Andrey Cherepanov <cas@altlinux.org>","evr":"8.7.1-alt2","text":"- NMU: build with --enable-versioned-symbols"},{"time":1711540800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.7.1-alt1","text":"- 8.6.0 -> 8.7.1\n- Fixes:\n   * CVE-2024-2398: HTTP/2 push headers memory-leak\n   * CVE-2024-2004: Usage of disabled protocol"},{"time":1706702400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.6.0-alt1","text":"- 8.5.0 -> 8.6.0\n- Fixes:\n   * CVE-2024-0853 : OCSP verification bypass with TLS session reuse"},{"time":1701864000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.5.0-alt1","text":"- 8.4.0 -> 8.5.0\n- Fixes:\n   * CVE-2023-46218: cookie mixed case PSL bypass\n   * CVE-2023-46219: HSTS long file name clears contents"},{"time":1697025600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.4.0-alt1","text":"- 8.3.0 -> 8.4.0\n- Fixes:\n   * CVE-2023-38545: SOCKS5 heap buffer overflow\n   * CVE-2023-38546"},{"time":1694606400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.3.0-alt1","text":"- 8.2.1 -> 8.3.0\n- Fixes:\n   * CVE-2023-38039 HTTP headers eat all memory\n- relaxed check on armh"},{"time":1690372800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.2.1-alt1","text":"- 8.2.0 -> 8.2.1"},{"time":1689768000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.2.0-alt1","text":"- 8.1.2 -> 8.2.0\n- Fixes:\n   * CVE-2023-32001 fopen race condition"},{"time":1687694400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.1.2-alt2","text":"- built with ngtcp 0.16 and nghttp3 (apply patches from upstream git)"},{"time":1685448000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.1.2-alt1","text":"- 8.1.0 -> 8.1.2"},{"time":1684411200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.1.0-alt2","text":"- built with Gnutls only if QUIC is available"},{"time":1684411200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.1.0-alt1","text":"- 8.0.1 -> 8.1.0\n- descreased the number of tests: apache2-* was removed from BuildRequires to\n  avoid circular dependencies curl -> apache2-mods -> libcurl\n- Fixes:\n   * CVE-2023-28319 UAF in SSH sha256 fingerprint check\n   * CVE-2023-28320 siglongjmp race condition\n   * CVE-2023-28321 IDN wildcard match\n   * CVE-2023-28322 more POST-after-PUT confusion"},{"time":1679400000,"author":"Alexey Shabalin <shaba@altlinux.org>","evr":"8.0.1-alt2","text":"- disable build static library\n- fix configure options\n- fix build with libssh2\n- build with WebSockets support\n- build with gnutls instead of openssl, and build with http3 support\n- increased the number of tests to be execute"},{"time":1679313600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.0.1-alt1","text":"- 8.0.0 -> 8.0.1"},{"time":1679313600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.0.0-alt1","text":"- 7.88.1 -> 8.0.0 (Fixes:  CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536,\n   CVE-2023-27537, CVE-2023-27538)"},{"time":1676894400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.88.1-alt1","text":"- 7.88.0 -> 7.88.1"},{"time":1676462400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.88.0-alt1","text":"- 7.87.0 -> 7.88.0 (Closes: #45281)\n- Fixes:\n  * CVE-2023-23914: HSTS ignored on multiple requests\n  * CVE-2023-23915: HSTS amnesia with --parallel\n  * CVE-2023-23916: HTTP multi-header compression denial of service"},{"time":1671624000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.87.0-alt1","text":"- 7.86.0 -> 7.87.0\n- Fixes:\n  * CVE-2022-43551: Another HSTS bypass via IDN\n  * CVE-2022-43552: HTTP Proxy deny use-after-free"},{"time":1666785600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.86.0-alt1","text":"- 7.85.0 -> 7.86.0\n- Fixes:\n  * CVE-2022-32221: POST following PUT confusion\n  * CVE-2022-35260: .netrc parser out-of-bounds access\n  * CVE-2022-42915: HTTP proxy double-free\n  * CVE-2022-42916: HSTS bypass via IDN"},{"time":1661947200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.85.0-alt1","text":"- 7.84.0 -> 7.85.0\n- Fixes:\n  * CVE-2022-35252: control code in cookie denial of service"},{"time":1660132800,"author":"Egor Ignatov <egori@altlinux.org>","evr":"7.84.0-alt2","text":"- backport upstream fixes:\n  + lib3026: reduce the number of threads to 100 (#9172)\n  + easy_lock.h: include sched.h if available to fix build (#9054)"},{"time":1656331200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.84.0-alt1","text":"- 7.84.0\n- Fixes:\n  * CVE-2022-32208: FTP-KRB bad message verification\n  * CVE-2022-32207: Unpreserved file permissions\n  * CVE-2022-32206: HTTP compression denial of service\n  * CVE-2022-32205: Set-Cookie denial of service"},{"time":1652270400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.83.1-alt1","text":"- 7.83.1\n- Fixes:\n  * CVE-2022-30115: HSTS bypass via trailing dot\n  * CVE-2022-27782: TLS and SSH connection too eager reuse\n  * CVE-2022-27781: CERTINFO never-ending busy-loop\n  * CVE-2022-27780: percent-encoded path separator in URL host\n  * CVE-2022-27779: cookie for trailing dot TLD\n  * CVE-2022-27778: curl removes wrong file on error"},{"time":1651147200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.83.0-alt1","text":"- 7.83.0 (Fixes: CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776)"},{"time":1646827200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.82.0-alt1","text":"- 7.81.0 -> 7.82.0"},{"time":1641643200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.81.0-alt2","text":"- disabled rewindaftersend logic for auth via kerberos to resolve problems with\n  hdfs (fix for curl issue #8264)"},{"time":1641384000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.81.0-alt1","text":"- 7.80.0 -> 7.81.0"},{"time":1637409600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.80.0-alt1","text":"- 7.79.1 -> 7.80.0"},{"time":1632571200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.79.1-alt1","text":"- 7.79.1"},{"time":1632225600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.79.0-alt2","text":"- added patches from curl upstream:\n  * b2e72d2 http: fix the broken >3 digit response code detection\n  * e0742ce Curl_http2_setup: don't change connection data on repeat invokes"},{"time":1631707200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.79.0-alt1","text":"- 7.79.0\n- Fixes:\n  * CVE-2021-22945 clear the leftovers pointer when sending succeeds\n  * CVE-2021-22946 do not ignore --ssl-reqd\n  * CVE-2021-22947 reject STARTTLS server response pipelining"},{"time":1631275200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.78.0-alt2","text":"- fixed FTBFS via -ffat-lto-objects"},{"time":1627387200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.78.0-alt1","text":"- 7.78.0"},{"time":1622030400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.77.0-alt1","text":"- 7.77.0\n- Fixes:\n  * CVE-2021-22897 schannel cipher selection surprise\n  * CVE-2021-22898 TELNET stack contents disclosure\n  * CVE-2021-22901 TLS session caching disaster"},{"time":1618488000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.76.1-alt1","text":"- 7.76.1"},{"time":1617192000,"author":"Anton Farygin <rider@altlinux.org>","evr":"7.76.0-alt1","text":"- 7.76.0\n- Fixes:\n  * CVE-2021-22876 strip credentials from the auto-referer header field\n  * CVE-2021-22890 add 'isproxy' argument to Curl_ssl_get/addsessionid()"},{"time":1614254400,"author":"Anton Farygin <rider@altlinux.org>","evr":"7.75.0-alt1","text":"- 7.75.0"},{"time":1609329600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.74.0-alt1","text":"- 7.74.0\n- Fixes:\n  * CVE-2020-8286 Inferior OCSP verification\n  * CVE-2020-8285 FTP wildcard stack overflow\n  * CVE-2020-8284 trusting FTP PASV responses"},{"time":1602676800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.73.0-alt1","text":"- 7.73.0"},{"time":1597838400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.72.0-alt1","text":"- 7.72.0\n- fixes:\n  * CVE-2020-8231: libcurl: wrong connect-only connection"},{"time":1593777600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.71.1-alt1","text":"- 7.71.1\n- add python3 to BR for tests"},{"time":1593000000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.71.0-alt1","text":"- 7.71.0\n- fixes:\n  * CVE-2020-8177: curl overwrite local file with -J\n  * CVE-2020-8169: Partial password leak over DNS on HTTP redirect"},{"time":1588161600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.70.0-alt1","text":"- 7.70.0\n- removed DEV from version string (with maketgz script)"},{"time":1583928000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.69.1-alt1","text":"- 7.69.1"},{"time":1583928000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.69.0-alt1","text":"- 7.69.0"},{"time":1578657600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.68.0-alt1","text":"- 7.68.0"},{"time":1573473600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.67.0-alt1","text":"- 7.67.0"},{"time":1568203200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.66.0-alt1","text":"- 7.66.0\n- fixes:\n * CVE-2019-5481: FTP-KRB double-free\n * CVE-2019-5482: TFTP small blocksize heap buffer overflow"},{"time":1563883200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.65.3-alt1","text":"- 7.65.3"},{"time":1559736000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.65.1-alt1","text":"- 7.65.1"},{"time":1558526400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.65.0-alt1","text":"- 7.65.0\n- fixes:\n  * CVE-2019-5435: Integer overflows in curl_url_set\n  * CVE-2019-5436: tftp: use the current blksize for recvfrom"},{"time":1553774400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.64.1-alt1","text":"- 7.64.1"},{"time":1552564800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.64.0-alt2","text":"- increased level of verbosity in make check stage"},{"time":1549454400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.64.0-alt1","text":"- 7.64.0\n- fixes:\n  * CVE-2018-16890: NTLM type-2 out-of-bounds buffer read\n  * CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow\n  * CVE-2019-3823: SMTP end-of-response out-of-bounds read"},{"time":1544616000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.63.0-alt1","text":"- 7.63.0"},{"time":1542196800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.62.0-alt3","text":"- enabled idn support (closes: #34103)\n- enabled ldap support\n- enabled brotli support"},{"time":1541073600,"author":"Michael Shigorin <mike@altlinux.org>","evr":"7.62.0-alt2","text":"- added nghttp2 knob (on by default)"},{"time":1540987200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.62.0-alt1","text":"- 7.62.0\n- fixes:\n  * CVE-2018-16839 - buffer overrun in the SASL authentication code.\n  * CVE-2018-16840 - use-after-free in handle close\n  * CVE-2018-16842 - warning message out-of-buffer read"},{"time":1539259200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.61.1-alt2","text":"- enabled HTTP/2 support"},{"time":1536494400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.61.1-alt1","text":"- 7.61.1 (fixes: CVE-2018-14618)"},{"time":1534420800,"author":"Gleb F-Malinovskiy <glebfm@altlinux.org>","evr":"7.61.0-alt2","text":"- Rebuilt with openssl 1.1.\n- Added BR: libkrb5-devel."},{"time":1531828800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.61.0-alt1","text":"- 7.61.0\n- fixes:\n  * CVE-2018-0500 SMTP send heap buffer overflow"},{"time":1526472000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.60.0-alt1","text":"- 7.60.0\n- fixes:\n  * CVE-2018-1000300 FTP shutdown response buffer overflow\n  * CVE-2018-1000301 RTSP bad headers buffer over-read"},{"time":1522497600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.59.0-alt1","text":"- new version\n- fixes:\n  * CVE-2018-1000120 FTP path trickery leads to NIL byte out of bounds write\n  * CVE-2018-1000121 LDAP NULL pointer dereference\n  * CVE-2018-1000122  RTSP RTP buffer over-read"},{"time":1516795200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.58.0-alt1","text":"- new version\n- fixes:\n  * CVE-2018-1000005 HTTP/2 trailer out-of-bounds read\n  * CVE-2018-1000007 HTTP authentication leak in redirects"},{"time":1512129600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.57.0-alt1","text":"- new version\n- fixes:\n  * CVE-2017-8818 SSL out of buffer access\n  * CVE-2017-8817 FTP wildcard out of bounds read\n  * CVE-2017-8816 NTLM buffer overflow via integer overflow"},{"time":1508760000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.56.1-alt1","text":"- new version\n- fixes:\n  * CVE-2017-1000257 libcurl contains a buffer overrun flaw in the IMAP handler"},{"time":1507118400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.56.0-alt1","text":"- new version\n- fixes:\n  * CVE-2017-1000254 libcurl may read outside of a heap allocated buffer when doing FTP."},{"time":1502712000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.55.1-alt1","text":"- new version"},{"time":1502280000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.55.0-alt1","text":"- new version with following security fixes:\n   * CVE-2017-1000101 glob: do not parse after a strtoul() overflow range\n   * CVE-2017-1000100 tftp: reject file name lengths that don't fit\n   * CVE-2017-1000099 file: output the correct buffer to the user"},{"time":1497441600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.54.1-alt1","text":"- new version with security fixes:\n  CVE-2017-9502: URL file scheme drive letter buffer overflow"},{"time":1492603200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.54.0-alt1","text":"- new version with security fixes:\n  CVE-2016-5419: TLS session resumption client cert bypass (again)"},{"time":1488196800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.53.1-alt1","text":"- new version"},{"time":1487764800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.53.0-alt1","text":"- new version with security fixes:\n  CVE-2017-2629: SSL_VERIFYSTATUS ignored"},{"time":1482494400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.52.1-alt1","text":"- new version with security fixes:\n  CVE-2016-9594: uninitialized random"},{"time":1482321600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.52.0-alt1","text":"- new version with security fixes:\n  CVE-2016-9586: printf floating point buffer overflow"},{"time":1481112000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.51.0-alt2","text":"- enabled gssapi (closes: #32862)"},{"time":1478088000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.51.0-alt1","text":"- new version with security fixes:\n  CVE-2016-8615: cookie injection for other servers\n  CVE-2016-8616: case insensitive password comparison\n  CVE-2016-8617: OOB write via unchecked multiplication\n  CVE-2016-8618: double-free in curl_maprintf\n  CVE-2016-8619: double-free in krb5 code\n  CVE-2016-8620: glob parser write/read out of bounds\n  CVE-2016-8621: curl_getdate read out of bounds\n  CVE-2016-8622: URL unescape heap overflow via integer truncation\n  CVE-2016-8623: Use-after-free via shared cookies\n  CVE-2016-8624: invalid URL parsing with '#'\n  CVE-2016-8625: IDNA 2003 makes curl use wrong host"},{"time":1477569600,"author":"Vladimir D. Seleznev <vseleznv@altlinux.org>","evr":"7.50.3-alt2","text":"- libcurl-devel: packaged libcurl.m4"},{"time":1473854400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.50.3-alt1","text":"- new version with security fixes (CVE-2016-7167)"},{"time":1473422400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.50.2-alt1","text":"- new version"},{"time":1472212800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.50.1-alt1","text":"- new version"},{"time":1469102400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.50.0-alt1","text":"- new version"},{"time":1464609600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.49.1-alt1","text":"- new version"},{"time":1464004800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.49.0-alt1","text":"- new version"},{"time":1458820800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.48.0-alt1","text":"- new version"},{"time":1457784000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.47.1-alt1","text":"- new version"},{"time":1450008000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.46.0-alt2","text":"- enabled http2 support (closes: #31617)"},{"time":1449489600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.46.0-alt1","text":"- new version"},{"time":1445169600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.45.0-alt1","text":"- new version"},{"time":1434715200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.43.0-alt1","text":"- new version, with fixes for CVE-2015-3236, CVE-2015-3237"},{"time":1430308800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.42.1-alt1","text":"- new version, with fixes for CVE-2015-3153"},{"time":1429704000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.42.0-alt1","text":"- new version, with fixes for CVE-2015-3148, CVE-2015-3143, CVE-2015-3145\n  and CVE-2015-3144"},{"time":1424865600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.41.0-alt1","text":"- new version"},{"time":1421236800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.40.0-alt1","text":"- new version"},{"time":1415188800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.39.0-alt1","text":"- new version"},{"time":1414670400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.38.0-alt2","text":"- threaded-resolver: revert Curl_expire_latest() switch (closes: #30427)"},{"time":1410350400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.38.0-alt1","text":"- new version"},{"time":1406203200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.37.1-alt1","text":"- new version"},{"time":1402056000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.37.0-alt1","text":"- new version"},{"time":1395835200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.36.0-alt1","text":"- new version\n- added watch file"},{"time":1392379200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.35.0-alt2","text":"- test172 fixed by upstream"},{"time":1390996800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.35.0-alt1","text":"- new version"},{"time":1387281600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.34.0-alt1","text":"- new version"},{"time":1382529600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.33.0-alt1","text":"- new version"},{"time":1376654400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.32.0-alt1","text":"- new version"},{"time":1372075200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.31.0-alt1","text":"- new version"},{"time":1366113600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.30.0-alt1","text":"- new version"},{"time":1360584000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.29.0-alt2","text":"- Fix NULL pointer reference when closing an unused multi handle (closes: #28534)"},{"time":1360152000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.29.0-alt1","text":"- new version"},{"time":1347969600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.27.0-alt1","text":"- new version"},{"time":1338292800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.26.0-alt1","text":"- new version"},{"time":1327406400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.24.0-alt1","text":"- new version (fixes two separate security vulnerabilities)"},{"time":1322136000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.23.1-alt1","text":"- new version"},{"time":1316174400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.22.0-alt1","text":"- new version"},{"time":1309176000,"author":"Gleb F-Malinovskiy <glebfm@altlinux.org>","evr":"7.21.7-alt1","text":"- new version (CVE-2011-2192)"},{"time":1303560000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.6-alt1","text":"- new version"},{"time":1303128000,"author":"Gleb F-Malinovskiy <glebfm@altlinux.org>","evr":"7.21.5-alt2","text":"- fix curl-config script:\n + version: replace VERSION with CURLVERSION\n + checkfor: add Requires: bc"},{"time":1303128000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.5-alt1","text":"- new version"},{"time":1300190400,"author":"Alexey Tourbin <at@altlinux.ru>","evr":"7.21.4-alt2","text":"- libcurl-devel: removed dependencies on libidn-devel libssl-devel zlib-devel\n- applied debug.patch from Fedora to enable -g in CFLAGS"},{"time":1298721600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.4-alt1","text":"- new version\n- enabled test check"},{"time":1297166400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.3-alt1","text":"- new version\n- test suite temporary disabled (it does not work in hasher)"},{"time":1286971200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.2-alt1","text":"- new version"},{"time":1285934400,"author":"Dmitry V. Levin <ldv@altlinux.org>","evr":"7.21.1-alt3","text":"- Removed unused requirement on libcares.\n- Cleaned up package descriptions.\n- Enabled test suite.\n- Built with libssl.so.10."},{"time":1282305600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.1-alt2","text":"- build without libcares (fixed #23891,#23486)"},{"time":1281614400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.1-alt1","text":"- new version\n- enabled build with libssh2"},{"time":1277812800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.0-alt1","text":"- new version"},{"time":1271332800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.20.1-alt1","text":"- new version"},{"time":1265889600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.20.0-alt1","text":"- new version"},{"time":1257681600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.7-alt1","text":"- new version"},{"time":1250164800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.6-alt1","text":"- new version (CVE-2009-2417)"},{"time":1236427200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.4-alt2","text":"- build curl with really external libcares (fixed #19097)"},{"time":1236081600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.4-alt1","text":"- new version (CVE-2009-0037)"},{"time":1234180800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.3-alt3","text":"- build from cvs"},{"time":1234180800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.3-alt2","text":"- curl-config --libs fixed (#18779)"},{"time":1233144000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.3-alt1","text":"- new version"},{"time":1226664000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.2-alt1","text":"- new version"}],"placements":[{"branch":"p10","component":"classic","arch":"armh","kind":"binary"}]},{"name":"curl","version":"8.20.0","release":"alt1","arch":"aarch64","epoch":null,"source_rpm":"curl-8.20.0-alt1.src.rpm","summary":"Gets a file from a FTP, GOPHER or HTTP server","description":"Curl is a client to get documents/files from servers, using any of the\nsupported protocols. The command is designed to work without user\ninteraction or any kind of interactivity.\n\nCurl offers a busload of useful tricks like proxy support, user\nauthentication, ftp upload, HTTP post, file transfer resume and more.","group":"Networking/File transfer","packager":"Anton Farygin <rider@altlinux.org>","buildtime":1777996776,"size":800609,"disttag":"p11+416687.100.2.1","filename":"curl-8.20.0-alt1.aarch64.rpm","filesize":263409,"deps":{"provides":[{"name":"curl","version":"8.20.0-alt1:p11+416687.100.2.1","flags":8}],"requires":[{"name":"/bin/sh","version":"","flags":16384},{"name":"/lib64/ld-linux-aarch64.so.1","version":"","flags":16384},{"name":"coreutils","version":"","flags":16384},{"name":"sed","version":"","flags":16384},{"name":"libcurl","version":"8.20.0-alt1:p11+416687.100.2.1","flags":16392},{"name":"rpmlib(PayloadIsLzma)","version":"","flags":16777280}],"conflicts":[],"obsoletes":[]},"files":["/usr/bin/curl","/usr/bin/wcurl"],"changelog":[{"time":1777464000,"author":"Anton Farygin <rider@altlinux.org>","evr":"8.20.0-alt1","text":"- 8.19.0 -> 8.20.0\n- Fixes:\n  * CVE-2026-7168: cross-proxy Digest auth state leak\n  * CVE-2026-7009: OCSP stapling bypass with Apple SecTrust\n  * CVE-2026-6429: netrc credential leak with reused proxy connection\n  * CVE-2026-6276: stale custom cookie host causes cookie leak\n  * CVE-2026-6253: proxy credentials leak over redirect-to proxy\n  * CVE-2026-5773: wrong reuse of SMB connection\n  * CVE-2026-5545: wrong reuse of HTTP Negotiate connection\n  * CVE-2026-4873: connection reuse ignores TLS requirement"},{"time":1773230400,"author":"Anton Farygin <rider@altlinux.org>","evr":"8.19.0-alt1","text":"- 8.18.0 -> 8.19.0\n- Fixes:\n  * CVE-2026-3805: use after free in SMB connection reuse\n  * CVE-2026-3784: wrong proxy connection reuse with credentials\n  * CVE-2026-3783: token leak with redirect and netrc\n  * CVE-2026-1965: bad reuse of HTTP Negotiate connection"},{"time":1767960000,"author":"Anton Farygin <rider@altlinux.org>","evr":"8.18.0-alt1","text":"- 8.17.0 -> 8.18.0\n- Fixes:\n  * CVE-2025-15224: libssh key passphrase bypass without agent set\n  * CVE-2025-15079: libssh global known_hosts override\n  * CVE-2025-14819: OpenSSL partial chain store policy bypass\n  * CVE-2025-14524: bearer token leak on cross-protocol redirect\n  * CVE-2025-14017: broken TLS options for threaded LDAPS\n  * CVE-2025-13034: No QUIC certificate pinning with GnuTLS"},{"time":1762344000,"author":"Anton Farygin <rider@altlinux.com>","evr":"8.17.0-alt1","text":"- 8.16.0 -> 8.17.0"},{"time":1757505600,"author":"Anton Farygin <rider@altlinux.com>","evr":"8.16.0-alt1","text":"- 8.15.0 -> 8.16.0 (Fixes:  CVE-2025-10148, CVE-2025-9086)"},{"time":1753185600,"author":"Anton Farygin <rider@altlinux.com>","evr":"8.15.0-alt1","text":"- 8.14.1 -> 8.15.0"},{"time":1750852800,"author":"Anton Farygin <rider@altlinux.com>","evr":"8.14.1-alt2","text":"- Added upstream patch to fix --ftp-pasv option (Closes: #54927)"},{"time":1749038400,"author":"Anton Farygin <rider@altlinux.com>","evr":"8.14.1-alt1","text":"- 8.14.0 -> 8.14.1 (Fixes: CVE-2025-5399)\n- turned on more tests"},{"time":1748433600,"author":"Anton Farygin <rider@altlinux.com>","evr":"8.14.0-alt1","text":"- 8.13.0 -> 8.14.0"},{"time":1743595200,"author":"Anton Farygin <rider@altlinux.com>","evr":"8.13.0-alt1","text":"- 8.12.1 -> 8.13.0"},{"time":1739448000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.12.1-alt1","text":"- 8.12.0 -> 8.12.1"},{"time":1738756800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.12.0-alt1","text":"- 8.11.1 -> 8.12.0 (Fixes:  CVE-2025-0665, CVE-2025-0167, CVE-2025-0725)"},{"time":1733918400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.11.1-alt1","text":"- 8.11.0 -> 8.11.1 (Fixes: CVE-2024-11053)"},{"time":1732968000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.11.0-alt2","text":"- applied upstream commit f5c6169 to fix regression\n  with netrc (Closes: #52093)"},{"time":1730894400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.11.0-alt1","text":"- 8.10.0 -> 8.11.0 (Fixes: CVE-2024-9681)"},{"time":1726056000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.10.0-alt1","text":"- 8.9.1 -> 8.10.0 (Fixes: CVE-2024-8096)"},{"time":1722427200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.9.1-alt1","text":"- 8.9.0 -> 8.9.1 (Fixes: CVE-2024-7264)"},{"time":1721822400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.9.0-alt1","text":"- 8.8.0 -> 8.9.0 (Fixes: CVE-2024-6874, CVE-2024-6197)"},{"time":1719835200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.8.0-alt1","text":"- 8.7.1 -> 8.0.0 (Closes: #49883)"},{"time":1713960000,"author":"Andrey Cherepanov <cas@altlinux.org>","evr":"8.7.1-alt2","text":"- NMU: build with --enable-versioned-symbols"},{"time":1711540800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.7.1-alt1","text":"- 8.6.0 -> 8.7.1\n- Fixes:\n   * CVE-2024-2398: HTTP/2 push headers memory-leak\n   * CVE-2024-2004: Usage of disabled protocol"},{"time":1706702400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.6.0-alt1","text":"- 8.5.0 -> 8.6.0\n- Fixes:\n   * CVE-2024-0853 : OCSP verification bypass with TLS session reuse"},{"time":1701864000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.5.0-alt1","text":"- 8.4.0 -> 8.5.0\n- Fixes:\n   * CVE-2023-46218: cookie mixed case PSL bypass\n   * CVE-2023-46219: HSTS long file name clears contents"},{"time":1697025600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.4.0-alt1","text":"- 8.3.0 -> 8.4.0\n- Fixes:\n   * CVE-2023-38545: SOCKS5 heap buffer overflow\n   * CVE-2023-38546"},{"time":1694606400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.3.0-alt1","text":"- 8.2.1 -> 8.3.0\n- Fixes:\n   * CVE-2023-38039 HTTP headers eat all memory\n- relaxed check on armh"},{"time":1690372800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.2.1-alt1","text":"- 8.2.0 -> 8.2.1"},{"time":1689768000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.2.0-alt1","text":"- 8.1.2 -> 8.2.0\n- Fixes:\n   * CVE-2023-32001 fopen race condition"},{"time":1687694400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.1.2-alt2","text":"- built with ngtcp 0.16 and nghttp3 (apply patches from upstream git)"},{"time":1685448000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.1.2-alt1","text":"- 8.1.0 -> 8.1.2"},{"time":1684411200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.1.0-alt2","text":"- built with Gnutls only if QUIC is available"},{"time":1684411200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.1.0-alt1","text":"- 8.0.1 -> 8.1.0\n- descreased the number of tests: apache2-* was removed from BuildRequires to\n  avoid circular dependencies curl -> apache2-mods -> libcurl\n- Fixes:\n   * CVE-2023-28319 UAF in SSH sha256 fingerprint check\n   * CVE-2023-28320 siglongjmp race condition\n   * CVE-2023-28321 IDN wildcard match\n   * CVE-2023-28322 more POST-after-PUT confusion"},{"time":1679400000,"author":"Alexey Shabalin <shaba@altlinux.org>","evr":"8.0.1-alt2","text":"- disable build static library\n- fix configure options\n- fix build with libssh2\n- build with WebSockets support\n- build with gnutls instead of openssl, and build with http3 support\n- increased the number of tests to be execute"},{"time":1679313600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.0.1-alt1","text":"- 8.0.0 -> 8.0.1"},{"time":1679313600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.0.0-alt1","text":"- 7.88.1 -> 8.0.0 (Fixes:  CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536,\n   CVE-2023-27537, CVE-2023-27538)"},{"time":1676894400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.88.1-alt1","text":"- 7.88.0 -> 7.88.1"},{"time":1676462400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.88.0-alt1","text":"- 7.87.0 -> 7.88.0 (Closes: #45281)\n- Fixes:\n  * CVE-2023-23914: HSTS ignored on multiple requests\n  * CVE-2023-23915: HSTS amnesia with --parallel\n  * CVE-2023-23916: HTTP multi-header compression denial of service"},{"time":1671624000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.87.0-alt1","text":"- 7.86.0 -> 7.87.0\n- Fixes:\n  * CVE-2022-43551: Another HSTS bypass via IDN\n  * CVE-2022-43552: HTTP Proxy deny use-after-free"},{"time":1666785600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.86.0-alt1","text":"- 7.85.0 -> 7.86.0\n- Fixes:\n  * CVE-2022-32221: POST following PUT confusion\n  * CVE-2022-35260: .netrc parser out-of-bounds access\n  * CVE-2022-42915: HTTP proxy double-free\n  * CVE-2022-42916: HSTS bypass via IDN"},{"time":1661947200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.85.0-alt1","text":"- 7.84.0 -> 7.85.0\n- Fixes:\n  * CVE-2022-35252: control code in cookie denial of service"},{"time":1660132800,"author":"Egor Ignatov <egori@altlinux.org>","evr":"7.84.0-alt2","text":"- backport upstream fixes:\n  + lib3026: reduce the number of threads to 100 (#9172)\n  + easy_lock.h: include sched.h if available to fix build (#9054)"},{"time":1656331200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.84.0-alt1","text":"- 7.84.0\n- Fixes:\n  * CVE-2022-32208: FTP-KRB bad message verification\n  * CVE-2022-32207: Unpreserved file permissions\n  * CVE-2022-32206: HTTP compression denial of service\n  * CVE-2022-32205: Set-Cookie denial of service"},{"time":1652270400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.83.1-alt1","text":"- 7.83.1\n- Fixes:\n  * CVE-2022-30115: HSTS bypass via trailing dot\n  * CVE-2022-27782: TLS and SSH connection too eager reuse\n  * CVE-2022-27781: CERTINFO never-ending busy-loop\n  * CVE-2022-27780: percent-encoded path separator in URL host\n  * CVE-2022-27779: cookie for trailing dot TLD\n  * CVE-2022-27778: curl removes wrong file on error"},{"time":1651147200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.83.0-alt1","text":"- 7.83.0 (Fixes: CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776)"},{"time":1646827200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.82.0-alt1","text":"- 7.81.0 -> 7.82.0"},{"time":1641643200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.81.0-alt2","text":"- disabled rewindaftersend logic for auth via kerberos to resolve problems with\n  hdfs (fix for curl issue #8264)"},{"time":1641384000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.81.0-alt1","text":"- 7.80.0 -> 7.81.0"},{"time":1637409600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.80.0-alt1","text":"- 7.79.1 -> 7.80.0"},{"time":1632571200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.79.1-alt1","text":"- 7.79.1"},{"time":1632225600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.79.0-alt2","text":"- added patches from curl upstream:\n  * b2e72d2 http: fix the broken >3 digit response code detection\n  * e0742ce Curl_http2_setup: don't change connection data on repeat invokes"},{"time":1631707200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.79.0-alt1","text":"- 7.79.0\n- Fixes:\n  * CVE-2021-22945 clear the leftovers pointer when sending succeeds\n  * CVE-2021-22946 do not ignore --ssl-reqd\n  * CVE-2021-22947 reject STARTTLS server response pipelining"},{"time":1631275200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.78.0-alt2","text":"- fixed FTBFS via -ffat-lto-objects"},{"time":1627387200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.78.0-alt1","text":"- 7.78.0"},{"time":1622030400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.77.0-alt1","text":"- 7.77.0\n- Fixes:\n  * CVE-2021-22897 schannel cipher selection surprise\n  * CVE-2021-22898 TELNET stack contents disclosure\n  * CVE-2021-22901 TLS session caching disaster"},{"time":1618488000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.76.1-alt1","text":"- 7.76.1"},{"time":1617192000,"author":"Anton Farygin <rider@altlinux.org>","evr":"7.76.0-alt1","text":"- 7.76.0\n- Fixes:\n  * CVE-2021-22876 strip credentials from the auto-referer header field\n  * CVE-2021-22890 add 'isproxy' argument to Curl_ssl_get/addsessionid()"},{"time":1614254400,"author":"Anton Farygin <rider@altlinux.org>","evr":"7.75.0-alt1","text":"- 7.75.0"},{"time":1609329600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.74.0-alt1","text":"- 7.74.0\n- Fixes:\n  * CVE-2020-8286 Inferior OCSP verification\n  * CVE-2020-8285 FTP wildcard stack overflow\n  * CVE-2020-8284 trusting FTP PASV responses"},{"time":1602676800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.73.0-alt1","text":"- 7.73.0"},{"time":1597838400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.72.0-alt1","text":"- 7.72.0\n- fixes:\n  * CVE-2020-8231: libcurl: wrong connect-only connection"},{"time":1593777600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.71.1-alt1","text":"- 7.71.1\n- add python3 to BR for tests"},{"time":1593000000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.71.0-alt1","text":"- 7.71.0\n- fixes:\n  * CVE-2020-8177: curl overwrite local file with -J\n  * CVE-2020-8169: Partial password leak over DNS on HTTP redirect"},{"time":1588161600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.70.0-alt1","text":"- 7.70.0\n- removed DEV from version string (with maketgz script)"},{"time":1583928000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.69.1-alt1","text":"- 7.69.1"},{"time":1583928000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.69.0-alt1","text":"- 7.69.0"},{"time":1578657600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.68.0-alt1","text":"- 7.68.0"},{"time":1573473600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.67.0-alt1","text":"- 7.67.0"},{"time":1568203200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.66.0-alt1","text":"- 7.66.0\n- fixes:\n * CVE-2019-5481: FTP-KRB double-free \n * CVE-2019-5482: TFTP small blocksize heap buffer overflow"},{"time":1563883200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.65.3-alt1","text":"- 7.65.3"},{"time":1559736000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.65.1-alt1","text":"- 7.65.1"},{"time":1558526400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.65.0-alt1","text":"- 7.65.0\n- fixes:\n  * CVE-2019-5435: Integer overflows in curl_url_set\n  * CVE-2019-5436: tftp: use the current blksize for recvfrom"},{"time":1553774400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.64.1-alt1","text":"- 7.64.1"},{"time":1552564800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.64.0-alt2","text":"- increased level of verbosity in make check stage"},{"time":1549454400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.64.0-alt1","text":"- 7.64.0\n- fixes:\n  * CVE-2018-16890: NTLM type-2 out-of-bounds buffer read\n  * CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow\n  * CVE-2019-3823: SMTP end-of-response out-of-bounds read"},{"time":1544616000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.63.0-alt1","text":"- 7.63.0"},{"time":1542196800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.62.0-alt3","text":"- enabled idn support (closes: #34103)\n- enabled ldap support\n- enabled brotli support"},{"time":1541073600,"author":"Michael Shigorin <mike@altlinux.org>","evr":"7.62.0-alt2","text":"- added nghttp2 knob (on by default)"},{"time":1540987200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.62.0-alt1","text":"- 7.62.0 \n- fixes:\n  * CVE-2018-16839 - buffer overrun in the SASL authentication code. \n  * CVE-2018-16840 - use-after-free in handle close\n  * CVE-2018-16842 - warning message out-of-buffer read"},{"time":1539259200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.61.1-alt2","text":"- enabled HTTP/2 support"},{"time":1536494400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.61.1-alt1","text":"- 7.61.1 (fixes: CVE-2018-14618)"},{"time":1534420800,"author":"Gleb F-Malinovskiy <glebfm@altlinux.org>","evr":"7.61.0-alt2","text":"- Rebuilt with openssl 1.1.\n- Added BR: libkrb5-devel."},{"time":1531828800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.61.0-alt1","text":"- 7.61.0\n- fixes:\n  * CVE-2018-0500 SMTP send heap buffer overflow"},{"time":1526472000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.60.0-alt1","text":"- 7.60.0 \n- fixes:\n  * CVE-2018-1000300 FTP shutdown response buffer overflow\n  * CVE-2018-1000301 RTSP bad headers buffer over-read"},{"time":1522497600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.59.0-alt1","text":"- new version \n- fixes: \n  * CVE-2018-1000120 FTP path trickery leads to NIL byte out of bounds write\n  * CVE-2018-1000121 LDAP NULL pointer dereference\n  * CVE-2018-1000122  RTSP RTP buffer over-read"},{"time":1516795200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.58.0-alt1","text":"- new version\n- fixes:\n  * CVE-2018-1000005 HTTP/2 trailer out-of-bounds read\n  * CVE-2018-1000007 HTTP authentication leak in redirects"},{"time":1512129600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.57.0-alt1","text":"- new version\n- fixes:\n  * CVE-2017-8818 SSL out of buffer access\n  * CVE-2017-8817 FTP wildcard out of bounds read\n  * CVE-2017-8816 NTLM buffer overflow via integer overflow"},{"time":1508760000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.56.1-alt1","text":"- new version\n- fixes:\n  * CVE-2017-1000257 libcurl contains a buffer overrun flaw in the IMAP handler"},{"time":1507118400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.56.0-alt1","text":"- new version\n- fixes:\n  * CVE-2017-1000254 libcurl may read outside of a heap allocated buffer when doing FTP."},{"time":1502712000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.55.1-alt1","text":"- new version"},{"time":1502280000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.55.0-alt1","text":"- new version with following security fixes:\n   * CVE-2017-1000101 glob: do not parse after a strtoul() overflow range\n   * CVE-2017-1000100 tftp: reject file name lengths that don't fit\n   * CVE-2017-1000099 file: output the correct buffer to the user"},{"time":1497441600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.54.1-alt1","text":"- new version with security fixes:\n  CVE-2017-9502: URL file scheme drive letter buffer overflow"},{"time":1492603200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.54.0-alt1","text":"- new version with security fixes:\n  CVE-2016-5419: TLS session resumption client cert bypass (again)"},{"time":1488196800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.53.1-alt1","text":"- new version"},{"time":1487764800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.53.0-alt1","text":"- new version with security fixes:\n  CVE-2017-2629: SSL_VERIFYSTATUS ignored"},{"time":1482494400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.52.1-alt1","text":"- new version with security fixes:\n  CVE-2016-9594: uninitialized random"},{"time":1482321600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.52.0-alt1","text":"- new version with security fixes:\n  CVE-2016-9586: printf floating point buffer overflow"},{"time":1481112000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.51.0-alt2","text":"- enabled gssapi (closes: #32862)"},{"time":1478088000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.51.0-alt1","text":"- new version with security fixes:\n  CVE-2016-8615: cookie injection for other servers \n  CVE-2016-8616: case insensitive password comparison \n  CVE-2016-8617: OOB write via unchecked multiplication \n  CVE-2016-8618: double-free in curl_maprintf \n  CVE-2016-8619: double-free in krb5 code \n  CVE-2016-8620: glob parser write/read out of bounds \n  CVE-2016-8621: curl_getdate read out of bounds \n  CVE-2016-8622: URL unescape heap overflow via integer truncation \n  CVE-2016-8623: Use-after-free via shared cookies \n  CVE-2016-8624: invalid URL parsing with '#'\n  CVE-2016-8625: IDNA 2003 makes curl use wrong host"},{"time":1477569600,"author":"Vladimir D. Seleznev <vseleznv@altlinux.org>","evr":"7.50.3-alt2","text":"- libcurl-devel: packaged libcurl.m4"},{"time":1473854400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.50.3-alt1","text":"- new version with security fixes (CVE-2016-7167)"},{"time":1473422400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.50.2-alt1","text":"- new version"},{"time":1472212800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.50.1-alt1","text":"- new version"},{"time":1469102400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.50.0-alt1","text":"- new version"},{"time":1464609600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.49.1-alt1","text":"- new version"},{"time":1464004800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.49.0-alt1","text":"- new version"},{"time":1458820800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.48.0-alt1","text":"- new version"},{"time":1457784000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.47.1-alt1","text":"- new version"},{"time":1450008000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.46.0-alt2","text":"- enabled http2 support (closes: #31617)"},{"time":1449489600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.46.0-alt1","text":"- new version"},{"time":1445169600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.45.0-alt1","text":"- new version"},{"time":1434715200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.43.0-alt1","text":"- new version, with fixes for CVE-2015-3236, CVE-2015-3237"},{"time":1430308800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.42.1-alt1","text":"- new version, with fixes for CVE-2015-3153"},{"time":1429704000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.42.0-alt1","text":"- new version, with fixes for CVE-2015-3148, CVE-2015-3143, CVE-2015-3145 \n  and CVE-2015-3144"},{"time":1424865600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.41.0-alt1","text":"- new version"},{"time":1421236800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.40.0-alt1","text":"- new version"},{"time":1415188800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.39.0-alt1","text":"- new version"},{"time":1414670400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.38.0-alt2","text":"- threaded-resolver: revert Curl_expire_latest() switch (closes: #30427)"},{"time":1410350400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.38.0-alt1","text":"- new version"},{"time":1406203200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.37.1-alt1","text":"- new version"},{"time":1402056000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.37.0-alt1","text":"- new version"},{"time":1395835200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.36.0-alt1","text":"- new version\n- added watch file"},{"time":1392379200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.35.0-alt2","text":"- test172 fixed by upstream"},{"time":1390996800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.35.0-alt1","text":"- new version"},{"time":1387281600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.34.0-alt1","text":"- new version"},{"time":1382529600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.33.0-alt1","text":"- new version"},{"time":1376654400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.32.0-alt1","text":"- new version"},{"time":1372075200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.31.0-alt1","text":"- new version"},{"time":1366113600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.30.0-alt1","text":"- new version"},{"time":1360584000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.29.0-alt2","text":"- Fix NULL pointer reference when closing an unused multi handle (closes: #28534)"},{"time":1360152000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.29.0-alt1","text":"- new version"},{"time":1347969600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.27.0-alt1","text":"- new version"},{"time":1338292800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.26.0-alt1","text":"- new version"},{"time":1327406400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.24.0-alt1","text":"- new version (fixes two separate security vulnerabilities)"},{"time":1322136000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.23.1-alt1","text":"- new version"},{"time":1316174400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.22.0-alt1","text":"- new version"},{"time":1309176000,"author":"Gleb F-Malinovskiy <glebfm@altlinux.org>","evr":"7.21.7-alt1","text":"- new version (CVE-2011-2192)"},{"time":1303560000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.6-alt1","text":"- new version"},{"time":1303128000,"author":"Gleb F-Malinovskiy <glebfm@altlinux.org>","evr":"7.21.5-alt2","text":"- fix curl-config script:\n + version: replace VERSION with CURLVERSION\n + checkfor: add Requires: bc"},{"time":1303128000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.5-alt1","text":"- new version"},{"time":1300190400,"author":"Alexey Tourbin <at@altlinux.ru>","evr":"7.21.4-alt2","text":"- libcurl-devel: removed dependencies on libidn-devel libssl-devel zlib-devel\n- applied debug.patch from Fedora to enable -g in CFLAGS"},{"time":1298721600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.4-alt1","text":"- new version\n- enabled test check"},{"time":1297166400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.3-alt1","text":"- new version\n- test suite temporary disabled (it does not work in hasher)"},{"time":1286971200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.2-alt1","text":"- new version"},{"time":1285934400,"author":"Dmitry V. Levin <ldv@altlinux.org>","evr":"7.21.1-alt3","text":"- Removed unused requirement on libcares.\n- Cleaned up package descriptions.\n- Enabled test suite.\n- Built with libssl.so.10."},{"time":1282305600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.1-alt2","text":"- build without libcares (fixed #23891,#23486)"},{"time":1281614400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.1-alt1","text":"- new version\n- enabled build with libssh2"},{"time":1277812800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.0-alt1","text":"- new version"},{"time":1271332800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.20.1-alt1","text":"- new version"},{"time":1265889600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.20.0-alt1","text":"- new version"},{"time":1257681600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.7-alt1","text":"- new version"},{"time":1250164800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.6-alt1","text":"- new version (CVE-2009-2417)"},{"time":1236427200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.4-alt2","text":"- build curl with really external libcares (fixed #19097)"},{"time":1236081600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.4-alt1","text":"- new version (CVE-2009-0037)"},{"time":1234180800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.3-alt3","text":"- build from cvs"},{"time":1234180800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.3-alt2","text":"- curl-config --libs fixed (#18779)"},{"time":1233144000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.3-alt1","text":"- new version"},{"time":1226664000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.2-alt1","text":"- new version"}],"placements":[{"branch":"p11","component":"classic","arch":"aarch64","kind":"binary"}]},{"name":"curl","version":"8.12.0","release":"alt2","arch":"x86_64","epoch":null,"source_rpm":"curl-8.12.0-alt2.src.rpm","summary":"Gets a file from a FTP, GOPHER or HTTP server","description":"Curl is a client to get documents/files from servers, using any of the\nsupported protocols. The command is designed to work without user\ninteraction or any kind of interactivity.\n\nCurl offers a busload of useful tricks like proxy support, user\nauthentication, ftp upload, HTTP post, file transfer resume and more.","group":"Networking/File transfer","packager":"Roman Efimenkov <trogjan@altlinux.org>","buildtime":1778700569,"size":716576,"disttag":"p10+415760.200.2.1","filename":"curl-8.12.0-alt2.x86_64.rpm","filesize":251384,"deps":{"provides":[{"name":"curl","version":"8.12.0-alt2:p10+415760.200.2.1","flags":8}],"requires":[{"name":"/lib64/ld-linux-x86-64.so.2","version":"","flags":16384},{"name":"libcurl","version":"8.12.0-alt2:p10+415760.200.2.1","flags":16392},{"name":"rpmlib(PayloadIsLzma)","version":"","flags":16777280}],"conflicts":[],"obsoletes":[]},"files":["/usr/bin/curl"],"changelog":[{"time":1778673600,"author":"Roman Efimenkov <trogjan@altlinux.org>","evr":"8.12.0-alt2","text":"- Applied upstream patch (fixes: CVE-2026-3783)."},{"time":1738756800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.12.0-alt1","text":"- 8.11.1 -> 8.12.0 (Fixes:  CVE-2025-0665, CVE-2025-0167, CVE-2025-0725)"},{"time":1733918400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.11.1-alt1","text":"- 8.11.0 -> 8.11.1 (Fixes: CVE-2024-11053)"},{"time":1732968000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.11.0-alt2","text":"- applied upstream commit f5c6169 to fix regression\n  with netrc (Closes: #52093)"},{"time":1730894400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.11.0-alt1","text":"- 8.10.0 -> 8.11.0 (Fixes: CVE-2024-9681)"},{"time":1726056000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.10.0-alt1","text":"- 8.9.1 -> 8.10.0 (Fixes: CVE-2024-8096)"},{"time":1722427200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.9.1-alt1","text":"- 8.9.0 -> 8.9.1 (Fixes: CVE-2024-7264)"},{"time":1721822400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.9.0-alt1","text":"- 8.8.0 -> 8.9.0 (Fixes: CVE-2024-6874, CVE-2024-6197)"},{"time":1719835200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.8.0-alt1","text":"- 8.7.1 -> 8.0.0 (Closes: #49883)"},{"time":1713960000,"author":"Andrey Cherepanov <cas@altlinux.org>","evr":"8.7.1-alt2","text":"- NMU: build with --enable-versioned-symbols"},{"time":1711540800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.7.1-alt1","text":"- 8.6.0 -> 8.7.1\n- Fixes:\n   * CVE-2024-2398: HTTP/2 push headers memory-leak\n   * CVE-2024-2004: Usage of disabled protocol"},{"time":1706702400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.6.0-alt1","text":"- 8.5.0 -> 8.6.0\n- Fixes:\n   * CVE-2024-0853 : OCSP verification bypass with TLS session reuse"},{"time":1701864000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.5.0-alt1","text":"- 8.4.0 -> 8.5.0\n- Fixes:\n   * CVE-2023-46218: cookie mixed case PSL bypass\n   * CVE-2023-46219: HSTS long file name clears contents"},{"time":1697025600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.4.0-alt1","text":"- 8.3.0 -> 8.4.0\n- Fixes:\n   * CVE-2023-38545: SOCKS5 heap buffer overflow\n   * CVE-2023-38546"},{"time":1694606400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.3.0-alt1","text":"- 8.2.1 -> 8.3.0\n- Fixes:\n   * CVE-2023-38039 HTTP headers eat all memory\n- relaxed check on armh"},{"time":1690372800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.2.1-alt1","text":"- 8.2.0 -> 8.2.1"},{"time":1689768000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.2.0-alt1","text":"- 8.1.2 -> 8.2.0\n- Fixes:\n   * CVE-2023-32001 fopen race condition"},{"time":1687694400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.1.2-alt2","text":"- built with ngtcp 0.16 and nghttp3 (apply patches from upstream git)"},{"time":1685448000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.1.2-alt1","text":"- 8.1.0 -> 8.1.2"},{"time":1684411200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.1.0-alt2","text":"- built with Gnutls only if QUIC is available"},{"time":1684411200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.1.0-alt1","text":"- 8.0.1 -> 8.1.0\n- descreased the number of tests: apache2-* was removed from BuildRequires to\n  avoid circular dependencies curl -> apache2-mods -> libcurl\n- Fixes:\n   * CVE-2023-28319 UAF in SSH sha256 fingerprint check\n   * CVE-2023-28320 siglongjmp race condition\n   * CVE-2023-28321 IDN wildcard match\n   * CVE-2023-28322 more POST-after-PUT confusion"},{"time":1679400000,"author":"Alexey Shabalin <shaba@altlinux.org>","evr":"8.0.1-alt2","text":"- disable build static library\n- fix configure options\n- fix build with libssh2\n- build with WebSockets support\n- build with gnutls instead of openssl, and build with http3 support\n- increased the number of tests to be execute"},{"time":1679313600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.0.1-alt1","text":"- 8.0.0 -> 8.0.1"},{"time":1679313600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.0.0-alt1","text":"- 7.88.1 -> 8.0.0 (Fixes:  CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536,\n   CVE-2023-27537, CVE-2023-27538)"},{"time":1676894400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.88.1-alt1","text":"- 7.88.0 -> 7.88.1"},{"time":1676462400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.88.0-alt1","text":"- 7.87.0 -> 7.88.0 (Closes: #45281)\n- Fixes:\n  * CVE-2023-23914: HSTS ignored on multiple requests\n  * CVE-2023-23915: HSTS amnesia with --parallel\n  * CVE-2023-23916: HTTP multi-header compression denial of service"},{"time":1671624000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.87.0-alt1","text":"- 7.86.0 -> 7.87.0\n- Fixes:\n  * CVE-2022-43551: Another HSTS bypass via IDN\n  * CVE-2022-43552: HTTP Proxy deny use-after-free"},{"time":1666785600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.86.0-alt1","text":"- 7.85.0 -> 7.86.0\n- Fixes:\n  * CVE-2022-32221: POST following PUT confusion\n  * CVE-2022-35260: .netrc parser out-of-bounds access\n  * CVE-2022-42915: HTTP proxy double-free\n  * CVE-2022-42916: HSTS bypass via IDN"},{"time":1661947200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.85.0-alt1","text":"- 7.84.0 -> 7.85.0\n- Fixes:\n  * CVE-2022-35252: control code in cookie denial of service"},{"time":1660132800,"author":"Egor Ignatov <egori@altlinux.org>","evr":"7.84.0-alt2","text":"- backport upstream fixes:\n  + lib3026: reduce the number of threads to 100 (#9172)\n  + easy_lock.h: include sched.h if available to fix build (#9054)"},{"time":1656331200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.84.0-alt1","text":"- 7.84.0\n- Fixes:\n  * CVE-2022-32208: FTP-KRB bad message verification\n  * CVE-2022-32207: Unpreserved file permissions\n  * CVE-2022-32206: HTTP compression denial of service\n  * CVE-2022-32205: Set-Cookie denial of service"},{"time":1652270400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.83.1-alt1","text":"- 7.83.1\n- Fixes:\n  * CVE-2022-30115: HSTS bypass via trailing dot\n  * CVE-2022-27782: TLS and SSH connection too eager reuse\n  * CVE-2022-27781: CERTINFO never-ending busy-loop\n  * CVE-2022-27780: percent-encoded path separator in URL host\n  * CVE-2022-27779: cookie for trailing dot TLD\n  * CVE-2022-27778: curl removes wrong file on error"},{"time":1651147200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.83.0-alt1","text":"- 7.83.0 (Fixes: CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776)"},{"time":1646827200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.82.0-alt1","text":"- 7.81.0 -> 7.82.0"},{"time":1641643200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.81.0-alt2","text":"- disabled rewindaftersend logic for auth via kerberos to resolve problems with\n  hdfs (fix for curl issue #8264)"},{"time":1641384000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.81.0-alt1","text":"- 7.80.0 -> 7.81.0"},{"time":1637409600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.80.0-alt1","text":"- 7.79.1 -> 7.80.0"},{"time":1632571200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.79.1-alt1","text":"- 7.79.1"},{"time":1632225600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.79.0-alt2","text":"- added patches from curl upstream:\n  * b2e72d2 http: fix the broken >3 digit response code detection\n  * e0742ce Curl_http2_setup: don't change connection data on repeat invokes"},{"time":1631707200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.79.0-alt1","text":"- 7.79.0\n- Fixes:\n  * CVE-2021-22945 clear the leftovers pointer when sending succeeds\n  * CVE-2021-22946 do not ignore --ssl-reqd\n  * CVE-2021-22947 reject STARTTLS server response pipelining"},{"time":1631275200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.78.0-alt2","text":"- fixed FTBFS via -ffat-lto-objects"},{"time":1627387200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.78.0-alt1","text":"- 7.78.0"},{"time":1622030400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.77.0-alt1","text":"- 7.77.0\n- Fixes:\n  * CVE-2021-22897 schannel cipher selection surprise\n  * CVE-2021-22898 TELNET stack contents disclosure\n  * CVE-2021-22901 TLS session caching disaster"},{"time":1618488000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.76.1-alt1","text":"- 7.76.1"},{"time":1617192000,"author":"Anton Farygin <rider@altlinux.org>","evr":"7.76.0-alt1","text":"- 7.76.0\n- Fixes:\n  * CVE-2021-22876 strip credentials from the auto-referer header field\n  * CVE-2021-22890 add 'isproxy' argument to Curl_ssl_get/addsessionid()"},{"time":1614254400,"author":"Anton Farygin <rider@altlinux.org>","evr":"7.75.0-alt1","text":"- 7.75.0"},{"time":1609329600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.74.0-alt1","text":"- 7.74.0\n- Fixes:\n  * CVE-2020-8286 Inferior OCSP verification\n  * CVE-2020-8285 FTP wildcard stack overflow\n  * CVE-2020-8284 trusting FTP PASV responses"},{"time":1602676800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.73.0-alt1","text":"- 7.73.0"},{"time":1597838400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.72.0-alt1","text":"- 7.72.0\n- fixes:\n  * CVE-2020-8231: libcurl: wrong connect-only connection"},{"time":1593777600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.71.1-alt1","text":"- 7.71.1\n- add python3 to BR for tests"},{"time":1593000000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.71.0-alt1","text":"- 7.71.0\n- fixes:\n  * CVE-2020-8177: curl overwrite local file with -J\n  * CVE-2020-8169: Partial password leak over DNS on HTTP redirect"},{"time":1588161600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.70.0-alt1","text":"- 7.70.0\n- removed DEV from version string (with maketgz script)"},{"time":1583928000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.69.1-alt1","text":"- 7.69.1"},{"time":1583928000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.69.0-alt1","text":"- 7.69.0"},{"time":1578657600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.68.0-alt1","text":"- 7.68.0"},{"time":1573473600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.67.0-alt1","text":"- 7.67.0"},{"time":1568203200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.66.0-alt1","text":"- 7.66.0\n- fixes:\n * CVE-2019-5481: FTP-KRB double-free\n * CVE-2019-5482: TFTP small blocksize heap buffer overflow"},{"time":1563883200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.65.3-alt1","text":"- 7.65.3"},{"time":1559736000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.65.1-alt1","text":"- 7.65.1"},{"time":1558526400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.65.0-alt1","text":"- 7.65.0\n- fixes:\n  * CVE-2019-5435: Integer overflows in curl_url_set\n  * CVE-2019-5436: tftp: use the current blksize for recvfrom"},{"time":1553774400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.64.1-alt1","text":"- 7.64.1"},{"time":1552564800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.64.0-alt2","text":"- increased level of verbosity in make check stage"},{"time":1549454400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.64.0-alt1","text":"- 7.64.0\n- fixes:\n  * CVE-2018-16890: NTLM type-2 out-of-bounds buffer read\n  * CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow\n  * CVE-2019-3823: SMTP end-of-response out-of-bounds read"},{"time":1544616000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.63.0-alt1","text":"- 7.63.0"},{"time":1542196800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.62.0-alt3","text":"- enabled idn support (closes: #34103)\n- enabled ldap support\n- enabled brotli support"},{"time":1541073600,"author":"Michael Shigorin <mike@altlinux.org>","evr":"7.62.0-alt2","text":"- added nghttp2 knob (on by default)"},{"time":1540987200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.62.0-alt1","text":"- 7.62.0\n- fixes:\n  * CVE-2018-16839 - buffer overrun in the SASL authentication code.\n  * CVE-2018-16840 - use-after-free in handle close\n  * CVE-2018-16842 - warning message out-of-buffer read"},{"time":1539259200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.61.1-alt2","text":"- enabled HTTP/2 support"},{"time":1536494400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.61.1-alt1","text":"- 7.61.1 (fixes: CVE-2018-14618)"},{"time":1534420800,"author":"Gleb F-Malinovskiy <glebfm@altlinux.org>","evr":"7.61.0-alt2","text":"- Rebuilt with openssl 1.1.\n- Added BR: libkrb5-devel."},{"time":1531828800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.61.0-alt1","text":"- 7.61.0\n- fixes:\n  * CVE-2018-0500 SMTP send heap buffer overflow"},{"time":1526472000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.60.0-alt1","text":"- 7.60.0\n- fixes:\n  * CVE-2018-1000300 FTP shutdown response buffer overflow\n  * CVE-2018-1000301 RTSP bad headers buffer over-read"},{"time":1522497600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.59.0-alt1","text":"- new version\n- fixes:\n  * CVE-2018-1000120 FTP path trickery leads to NIL byte out of bounds write\n  * CVE-2018-1000121 LDAP NULL pointer dereference\n  * CVE-2018-1000122  RTSP RTP buffer over-read"},{"time":1516795200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.58.0-alt1","text":"- new version\n- fixes:\n  * CVE-2018-1000005 HTTP/2 trailer out-of-bounds read\n  * CVE-2018-1000007 HTTP authentication leak in redirects"},{"time":1512129600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.57.0-alt1","text":"- new version\n- fixes:\n  * CVE-2017-8818 SSL out of buffer access\n  * CVE-2017-8817 FTP wildcard out of bounds read\n  * CVE-2017-8816 NTLM buffer overflow via integer overflow"},{"time":1508760000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.56.1-alt1","text":"- new version\n- fixes:\n  * CVE-2017-1000257 libcurl contains a buffer overrun flaw in the IMAP handler"},{"time":1507118400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.56.0-alt1","text":"- new version\n- fixes:\n  * CVE-2017-1000254 libcurl may read outside of a heap allocated buffer when doing FTP."},{"time":1502712000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.55.1-alt1","text":"- new version"},{"time":1502280000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.55.0-alt1","text":"- new version with following security fixes:\n   * CVE-2017-1000101 glob: do not parse after a strtoul() overflow range\n   * CVE-2017-1000100 tftp: reject file name lengths that don't fit\n   * CVE-2017-1000099 file: output the correct buffer to the user"},{"time":1497441600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.54.1-alt1","text":"- new version with security fixes:\n  CVE-2017-9502: URL file scheme drive letter buffer overflow"},{"time":1492603200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.54.0-alt1","text":"- new version with security fixes:\n  CVE-2016-5419: TLS session resumption client cert bypass (again)"},{"time":1488196800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.53.1-alt1","text":"- new version"},{"time":1487764800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.53.0-alt1","text":"- new version with security fixes:\n  CVE-2017-2629: SSL_VERIFYSTATUS ignored"},{"time":1482494400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.52.1-alt1","text":"- new version with security fixes:\n  CVE-2016-9594: uninitialized random"},{"time":1482321600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.52.0-alt1","text":"- new version with security fixes:\n  CVE-2016-9586: printf floating point buffer overflow"},{"time":1481112000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.51.0-alt2","text":"- enabled gssapi (closes: #32862)"},{"time":1478088000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.51.0-alt1","text":"- new version with security fixes:\n  CVE-2016-8615: cookie injection for other servers\n  CVE-2016-8616: case insensitive password comparison\n  CVE-2016-8617: OOB write via unchecked multiplication\n  CVE-2016-8618: double-free in curl_maprintf\n  CVE-2016-8619: double-free in krb5 code\n  CVE-2016-8620: glob parser write/read out of bounds\n  CVE-2016-8621: curl_getdate read out of bounds\n  CVE-2016-8622: URL unescape heap overflow via integer truncation\n  CVE-2016-8623: Use-after-free via shared cookies\n  CVE-2016-8624: invalid URL parsing with '#'\n  CVE-2016-8625: IDNA 2003 makes curl use wrong host"},{"time":1477569600,"author":"Vladimir D. Seleznev <vseleznv@altlinux.org>","evr":"7.50.3-alt2","text":"- libcurl-devel: packaged libcurl.m4"},{"time":1473854400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.50.3-alt1","text":"- new version with security fixes (CVE-2016-7167)"},{"time":1473422400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.50.2-alt1","text":"- new version"},{"time":1472212800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.50.1-alt1","text":"- new version"},{"time":1469102400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.50.0-alt1","text":"- new version"},{"time":1464609600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.49.1-alt1","text":"- new version"},{"time":1464004800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.49.0-alt1","text":"- new version"},{"time":1458820800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.48.0-alt1","text":"- new version"},{"time":1457784000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.47.1-alt1","text":"- new version"},{"time":1450008000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.46.0-alt2","text":"- enabled http2 support (closes: #31617)"},{"time":1449489600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.46.0-alt1","text":"- new version"},{"time":1445169600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.45.0-alt1","text":"- new version"},{"time":1434715200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.43.0-alt1","text":"- new version, with fixes for CVE-2015-3236, CVE-2015-3237"},{"time":1430308800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.42.1-alt1","text":"- new version, with fixes for CVE-2015-3153"},{"time":1429704000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.42.0-alt1","text":"- new version, with fixes for CVE-2015-3148, CVE-2015-3143, CVE-2015-3145\n  and CVE-2015-3144"},{"time":1424865600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.41.0-alt1","text":"- new version"},{"time":1421236800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.40.0-alt1","text":"- new version"},{"time":1415188800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.39.0-alt1","text":"- new version"},{"time":1414670400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.38.0-alt2","text":"- threaded-resolver: revert Curl_expire_latest() switch (closes: #30427)"},{"time":1410350400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.38.0-alt1","text":"- new version"},{"time":1406203200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.37.1-alt1","text":"- new version"},{"time":1402056000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.37.0-alt1","text":"- new version"},{"time":1395835200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.36.0-alt1","text":"- new version\n- added watch file"},{"time":1392379200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.35.0-alt2","text":"- test172 fixed by upstream"},{"time":1390996800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.35.0-alt1","text":"- new version"},{"time":1387281600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.34.0-alt1","text":"- new version"},{"time":1382529600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.33.0-alt1","text":"- new version"},{"time":1376654400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.32.0-alt1","text":"- new version"},{"time":1372075200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.31.0-alt1","text":"- new version"},{"time":1366113600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.30.0-alt1","text":"- new version"},{"time":1360584000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.29.0-alt2","text":"- Fix NULL pointer reference when closing an unused multi handle (closes: #28534)"},{"time":1360152000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.29.0-alt1","text":"- new version"},{"time":1347969600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.27.0-alt1","text":"- new version"},{"time":1338292800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.26.0-alt1","text":"- new version"},{"time":1327406400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.24.0-alt1","text":"- new version (fixes two separate security vulnerabilities)"},{"time":1322136000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.23.1-alt1","text":"- new version"},{"time":1316174400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.22.0-alt1","text":"- new version"},{"time":1309176000,"author":"Gleb F-Malinovskiy <glebfm@altlinux.org>","evr":"7.21.7-alt1","text":"- new version (CVE-2011-2192)"},{"time":1303560000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.6-alt1","text":"- new version"},{"time":1303128000,"author":"Gleb F-Malinovskiy <glebfm@altlinux.org>","evr":"7.21.5-alt2","text":"- fix curl-config script:\n + version: replace VERSION with CURLVERSION\n + checkfor: add Requires: bc"},{"time":1303128000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.5-alt1","text":"- new version"},{"time":1300190400,"author":"Alexey Tourbin <at@altlinux.ru>","evr":"7.21.4-alt2","text":"- libcurl-devel: removed dependencies on libidn-devel libssl-devel zlib-devel\n- applied debug.patch from Fedora to enable -g in CFLAGS"},{"time":1298721600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.4-alt1","text":"- new version\n- enabled test check"},{"time":1297166400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.3-alt1","text":"- new version\n- test suite temporary disabled (it does not work in hasher)"},{"time":1286971200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.2-alt1","text":"- new version"},{"time":1285934400,"author":"Dmitry V. Levin <ldv@altlinux.org>","evr":"7.21.1-alt3","text":"- Removed unused requirement on libcares.\n- Cleaned up package descriptions.\n- Enabled test suite.\n- Built with libssl.so.10."},{"time":1282305600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.1-alt2","text":"- build without libcares (fixed #23891,#23486)"},{"time":1281614400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.1-alt1","text":"- new version\n- enabled build with libssh2"},{"time":1277812800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.0-alt1","text":"- new version"},{"time":1271332800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.20.1-alt1","text":"- new version"},{"time":1265889600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.20.0-alt1","text":"- new version"},{"time":1257681600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.7-alt1","text":"- new version"},{"time":1250164800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.6-alt1","text":"- new version (CVE-2009-2417)"},{"time":1236427200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.4-alt2","text":"- build curl with really external libcares (fixed #19097)"},{"time":1236081600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.4-alt1","text":"- new version (CVE-2009-0037)"},{"time":1234180800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.3-alt3","text":"- build from cvs"},{"time":1234180800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.3-alt2","text":"- curl-config --libs fixed (#18779)"},{"time":1233144000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.3-alt1","text":"- new version"},{"time":1226664000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.2-alt1","text":"- new version"}],"placements":[{"branch":"p10","component":"classic","arch":"x86_64","kind":"binary"}]},{"name":"curl","version":"8.12.1","release":"alt2","arch":"aarch64","epoch":null,"source_rpm":"curl-8.12.1-alt2.src.rpm","summary":"Gets a file from a FTP, GOPHER or HTTP server","description":"Curl is a client to get documents/files from servers, using any of the\nsupported protocols. The command is designed to work without user\ninteraction or any kind of interactivity.\n\nCurl offers a busload of useful tricks like proxy support, user\nauthentication, ftp upload, HTTP post, file transfer resume and more.","group":"Networking/File transfer","packager":"Roman Efimenkov <trogjan@altlinux.org>","buildtime":1778702584,"size":689700,"disttag":"c10f2+415761.200.2.1","filename":"curl-8.12.1-alt2.aarch64.rpm","filesize":234920,"deps":{"provides":[{"name":"curl","version":"8.12.1-alt2:c10f2+415761.200.2.1","flags":8}],"requires":[{"name":"/lib64/ld-linux-aarch64.so.1","version":"","flags":16384},{"name":"libcurl","version":"8.12.1-alt2:c10f2+415761.200.2.1","flags":16392},{"name":"rpmlib(PayloadIsLzma)","version":"","flags":16777280}],"conflicts":[],"obsoletes":[]},"files":["/usr/bin/curl"],"changelog":[{"time":1778673600,"author":"Roman Efimenkov <trogjan@altlinux.org>","evr":"8.12.1-alt2","text":"- Applied upstream patch (fixes: CVE-2026-3783)."},{"time":1739448000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.12.1-alt1","text":"- 8.12.0 -> 8.12.1"},{"time":1738756800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.12.0-alt1","text":"- 8.11.1 -> 8.12.0 (Fixes:  CVE-2025-0665, CVE-2025-0167, CVE-2025-0725)"},{"time":1733918400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.11.1-alt1","text":"- 8.11.0 -> 8.11.1 (Fixes: CVE-2024-11053)"},{"time":1732968000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.11.0-alt2","text":"- applied upstream commit f5c6169 to fix regression\n  with netrc (Closes: #52093)"},{"time":1730894400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.11.0-alt1","text":"- 8.10.0 -> 8.11.0 (Fixes: CVE-2024-9681)"},{"time":1726056000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.10.0-alt1","text":"- 8.9.1 -> 8.10.0 (Fixes: CVE-2024-8096)"},{"time":1722427200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.9.1-alt1","text":"- 8.9.0 -> 8.9.1 (Fixes: CVE-2024-7264)"},{"time":1721822400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.9.0-alt1","text":"- 8.8.0 -> 8.9.0 (Fixes: CVE-2024-6874, CVE-2024-6197)"},{"time":1719835200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.8.0-alt1","text":"- 8.7.1 -> 8.0.0 (Closes: #49883)"},{"time":1713960000,"author":"Andrey Cherepanov <cas@altlinux.org>","evr":"8.7.1-alt2","text":"- NMU: build with --enable-versioned-symbols"},{"time":1711540800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.7.1-alt1","text":"- 8.6.0 -> 8.7.1\n- Fixes:\n   * CVE-2024-2398: HTTP/2 push headers memory-leak\n   * CVE-2024-2004: Usage of disabled protocol"},{"time":1706702400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.6.0-alt1","text":"- 8.5.0 -> 8.6.0\n- Fixes:\n   * CVE-2024-0853 : OCSP verification bypass with TLS session reuse"},{"time":1701864000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.5.0-alt1","text":"- 8.4.0 -> 8.5.0\n- Fixes:\n   * CVE-2023-46218: cookie mixed case PSL bypass\n   * CVE-2023-46219: HSTS long file name clears contents"},{"time":1697025600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.4.0-alt1","text":"- 8.3.0 -> 8.4.0\n- Fixes:\n   * CVE-2023-38545: SOCKS5 heap buffer overflow\n   * CVE-2023-38546"},{"time":1694606400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.3.0-alt1","text":"- 8.2.1 -> 8.3.0\n- Fixes:\n   * CVE-2023-38039 HTTP headers eat all memory\n- relaxed check on armh"},{"time":1690372800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.2.1-alt1","text":"- 8.2.0 -> 8.2.1"},{"time":1689768000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.2.0-alt1","text":"- 8.1.2 -> 8.2.0\n- Fixes:\n   * CVE-2023-32001 fopen race condition"},{"time":1687694400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.1.2-alt2","text":"- built with ngtcp 0.16 and nghttp3 (apply patches from upstream git)"},{"time":1685448000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.1.2-alt1","text":"- 8.1.0 -> 8.1.2"},{"time":1684411200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.1.0-alt2","text":"- built with Gnutls only if QUIC is available"},{"time":1684411200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.1.0-alt1","text":"- 8.0.1 -> 8.1.0\n- descreased the number of tests: apache2-* was removed from BuildRequires to\n  avoid circular dependencies curl -> apache2-mods -> libcurl\n- Fixes:\n   * CVE-2023-28319 UAF in SSH sha256 fingerprint check\n   * CVE-2023-28320 siglongjmp race condition\n   * CVE-2023-28321 IDN wildcard match\n   * CVE-2023-28322 more POST-after-PUT confusion"},{"time":1679400000,"author":"Alexey Shabalin <shaba@altlinux.org>","evr":"8.0.1-alt2","text":"- disable build static library\n- fix configure options\n- fix build with libssh2\n- build with WebSockets support\n- build with gnutls instead of openssl, and build with http3 support\n- increased the number of tests to be execute"},{"time":1679313600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.0.1-alt1","text":"- 8.0.0 -> 8.0.1"},{"time":1679313600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"8.0.0-alt1","text":"- 7.88.1 -> 8.0.0 (Fixes:  CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536,\n   CVE-2023-27537, CVE-2023-27538)"},{"time":1676894400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.88.1-alt1","text":"- 7.88.0 -> 7.88.1"},{"time":1676462400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.88.0-alt1","text":"- 7.87.0 -> 7.88.0 (Closes: #45281)\n- Fixes:\n  * CVE-2023-23914: HSTS ignored on multiple requests\n  * CVE-2023-23915: HSTS amnesia with --parallel\n  * CVE-2023-23916: HTTP multi-header compression denial of service"},{"time":1671624000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.87.0-alt1","text":"- 7.86.0 -> 7.87.0\n- Fixes:\n  * CVE-2022-43551: Another HSTS bypass via IDN\n  * CVE-2022-43552: HTTP Proxy deny use-after-free"},{"time":1666785600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.86.0-alt1","text":"- 7.85.0 -> 7.86.0\n- Fixes:\n  * CVE-2022-32221: POST following PUT confusion\n  * CVE-2022-35260: .netrc parser out-of-bounds access\n  * CVE-2022-42915: HTTP proxy double-free\n  * CVE-2022-42916: HSTS bypass via IDN"},{"time":1661947200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.85.0-alt1","text":"- 7.84.0 -> 7.85.0\n- Fixes:\n  * CVE-2022-35252: control code in cookie denial of service"},{"time":1660132800,"author":"Egor Ignatov <egori@altlinux.org>","evr":"7.84.0-alt2","text":"- backport upstream fixes:\n  + lib3026: reduce the number of threads to 100 (#9172)\n  + easy_lock.h: include sched.h if available to fix build (#9054)"},{"time":1656331200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.84.0-alt1","text":"- 7.84.0\n- Fixes:\n  * CVE-2022-32208: FTP-KRB bad message verification\n  * CVE-2022-32207: Unpreserved file permissions\n  * CVE-2022-32206: HTTP compression denial of service\n  * CVE-2022-32205: Set-Cookie denial of service"},{"time":1652270400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.83.1-alt1","text":"- 7.83.1\n- Fixes:\n  * CVE-2022-30115: HSTS bypass via trailing dot\n  * CVE-2022-27782: TLS and SSH connection too eager reuse\n  * CVE-2022-27781: CERTINFO never-ending busy-loop\n  * CVE-2022-27780: percent-encoded path separator in URL host\n  * CVE-2022-27779: cookie for trailing dot TLD\n  * CVE-2022-27778: curl removes wrong file on error"},{"time":1651147200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.83.0-alt1","text":"- 7.83.0 (Fixes: CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776)"},{"time":1646827200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.82.0-alt1","text":"- 7.81.0 -> 7.82.0"},{"time":1641643200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.81.0-alt2","text":"- disabled rewindaftersend logic for auth via kerberos to resolve problems with\n  hdfs (fix for curl issue #8264)"},{"time":1641384000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.81.0-alt1","text":"- 7.80.0 -> 7.81.0"},{"time":1637409600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.80.0-alt1","text":"- 7.79.1 -> 7.80.0"},{"time":1632571200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.79.1-alt1","text":"- 7.79.1"},{"time":1632225600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.79.0-alt2","text":"- added patches from curl upstream:\n  * b2e72d2 http: fix the broken >3 digit response code detection\n  * e0742ce Curl_http2_setup: don't change connection data on repeat invokes"},{"time":1631707200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.79.0-alt1","text":"- 7.79.0\n- Fixes:\n  * CVE-2021-22945 clear the leftovers pointer when sending succeeds\n  * CVE-2021-22946 do not ignore --ssl-reqd\n  * CVE-2021-22947 reject STARTTLS server response pipelining"},{"time":1631275200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.78.0-alt2","text":"- fixed FTBFS via -ffat-lto-objects"},{"time":1627387200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.78.0-alt1","text":"- 7.78.0"},{"time":1622030400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.77.0-alt1","text":"- 7.77.0\n- Fixes:\n  * CVE-2021-22897 schannel cipher selection surprise\n  * CVE-2021-22898 TELNET stack contents disclosure\n  * CVE-2021-22901 TLS session caching disaster"},{"time":1618488000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.76.1-alt1","text":"- 7.76.1"},{"time":1617192000,"author":"Anton Farygin <rider@altlinux.org>","evr":"7.76.0-alt1","text":"- 7.76.0\n- Fixes:\n  * CVE-2021-22876 strip credentials from the auto-referer header field\n  * CVE-2021-22890 add 'isproxy' argument to Curl_ssl_get/addsessionid()"},{"time":1614254400,"author":"Anton Farygin <rider@altlinux.org>","evr":"7.75.0-alt1","text":"- 7.75.0"},{"time":1609329600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.74.0-alt1","text":"- 7.74.0\n- Fixes:\n  * CVE-2020-8286 Inferior OCSP verification\n  * CVE-2020-8285 FTP wildcard stack overflow\n  * CVE-2020-8284 trusting FTP PASV responses"},{"time":1602676800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.73.0-alt1","text":"- 7.73.0"},{"time":1597838400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.72.0-alt1","text":"- 7.72.0\n- fixes:\n  * CVE-2020-8231: libcurl: wrong connect-only connection"},{"time":1593777600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.71.1-alt1","text":"- 7.71.1\n- add python3 to BR for tests"},{"time":1593000000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.71.0-alt1","text":"- 7.71.0\n- fixes:\n  * CVE-2020-8177: curl overwrite local file with -J\n  * CVE-2020-8169: Partial password leak over DNS on HTTP redirect"},{"time":1588161600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.70.0-alt1","text":"- 7.70.0\n- removed DEV from version string (with maketgz script)"},{"time":1583928000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.69.1-alt1","text":"- 7.69.1"},{"time":1583928000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.69.0-alt1","text":"- 7.69.0"},{"time":1578657600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.68.0-alt1","text":"- 7.68.0"},{"time":1573473600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.67.0-alt1","text":"- 7.67.0"},{"time":1568203200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.66.0-alt1","text":"- 7.66.0\n- fixes:\n * CVE-2019-5481: FTP-KRB double-free\n * CVE-2019-5482: TFTP small blocksize heap buffer overflow"},{"time":1563883200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.65.3-alt1","text":"- 7.65.3"},{"time":1559736000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.65.1-alt1","text":"- 7.65.1"},{"time":1558526400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.65.0-alt1","text":"- 7.65.0\n- fixes:\n  * CVE-2019-5435: Integer overflows in curl_url_set\n  * CVE-2019-5436: tftp: use the current blksize for recvfrom"},{"time":1553774400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.64.1-alt1","text":"- 7.64.1"},{"time":1552564800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.64.0-alt2","text":"- increased level of verbosity in make check stage"},{"time":1549454400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.64.0-alt1","text":"- 7.64.0\n- fixes:\n  * CVE-2018-16890: NTLM type-2 out-of-bounds buffer read\n  * CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow\n  * CVE-2019-3823: SMTP end-of-response out-of-bounds read"},{"time":1544616000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.63.0-alt1","text":"- 7.63.0"},{"time":1542196800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.62.0-alt3","text":"- enabled idn support (closes: #34103)\n- enabled ldap support\n- enabled brotli support"},{"time":1541073600,"author":"Michael Shigorin <mike@altlinux.org>","evr":"7.62.0-alt2","text":"- added nghttp2 knob (on by default)"},{"time":1540987200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.62.0-alt1","text":"- 7.62.0\n- fixes:\n  * CVE-2018-16839 - buffer overrun in the SASL authentication code.\n  * CVE-2018-16840 - use-after-free in handle close\n  * CVE-2018-16842 - warning message out-of-buffer read"},{"time":1539259200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.61.1-alt2","text":"- enabled HTTP/2 support"},{"time":1536494400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.61.1-alt1","text":"- 7.61.1 (fixes: CVE-2018-14618)"},{"time":1534420800,"author":"Gleb F-Malinovskiy <glebfm@altlinux.org>","evr":"7.61.0-alt2","text":"- Rebuilt with openssl 1.1.\n- Added BR: libkrb5-devel."},{"time":1531828800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.61.0-alt1","text":"- 7.61.0\n- fixes:\n  * CVE-2018-0500 SMTP send heap buffer overflow"},{"time":1526472000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.60.0-alt1","text":"- 7.60.0\n- fixes:\n  * CVE-2018-1000300 FTP shutdown response buffer overflow\n  * CVE-2018-1000301 RTSP bad headers buffer over-read"},{"time":1522497600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.59.0-alt1","text":"- new version\n- fixes:\n  * CVE-2018-1000120 FTP path trickery leads to NIL byte out of bounds write\n  * CVE-2018-1000121 LDAP NULL pointer dereference\n  * CVE-2018-1000122  RTSP RTP buffer over-read"},{"time":1516795200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.58.0-alt1","text":"- new version\n- fixes:\n  * CVE-2018-1000005 HTTP/2 trailer out-of-bounds read\n  * CVE-2018-1000007 HTTP authentication leak in redirects"},{"time":1512129600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.57.0-alt1","text":"- new version\n- fixes:\n  * CVE-2017-8818 SSL out of buffer access\n  * CVE-2017-8817 FTP wildcard out of bounds read\n  * CVE-2017-8816 NTLM buffer overflow via integer overflow"},{"time":1508760000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.56.1-alt1","text":"- new version\n- fixes:\n  * CVE-2017-1000257 libcurl contains a buffer overrun flaw in the IMAP handler"},{"time":1507118400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.56.0-alt1","text":"- new version\n- fixes:\n  * CVE-2017-1000254 libcurl may read outside of a heap allocated buffer when doing FTP."},{"time":1502712000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.55.1-alt1","text":"- new version"},{"time":1502280000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.55.0-alt1","text":"- new version with following security fixes:\n   * CVE-2017-1000101 glob: do not parse after a strtoul() overflow range\n   * CVE-2017-1000100 tftp: reject file name lengths that don't fit\n   * CVE-2017-1000099 file: output the correct buffer to the user"},{"time":1497441600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.54.1-alt1","text":"- new version with security fixes:\n  CVE-2017-9502: URL file scheme drive letter buffer overflow"},{"time":1492603200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.54.0-alt1","text":"- new version with security fixes:\n  CVE-2016-5419: TLS session resumption client cert bypass (again)"},{"time":1488196800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.53.1-alt1","text":"- new version"},{"time":1487764800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.53.0-alt1","text":"- new version with security fixes:\n  CVE-2017-2629: SSL_VERIFYSTATUS ignored"},{"time":1482494400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.52.1-alt1","text":"- new version with security fixes:\n  CVE-2016-9594: uninitialized random"},{"time":1482321600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.52.0-alt1","text":"- new version with security fixes:\n  CVE-2016-9586: printf floating point buffer overflow"},{"time":1481112000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.51.0-alt2","text":"- enabled gssapi (closes: #32862)"},{"time":1478088000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.51.0-alt1","text":"- new version with security fixes:\n  CVE-2016-8615: cookie injection for other servers\n  CVE-2016-8616: case insensitive password comparison\n  CVE-2016-8617: OOB write via unchecked multiplication\n  CVE-2016-8618: double-free in curl_maprintf\n  CVE-2016-8619: double-free in krb5 code\n  CVE-2016-8620: glob parser write/read out of bounds\n  CVE-2016-8621: curl_getdate read out of bounds\n  CVE-2016-8622: URL unescape heap overflow via integer truncation\n  CVE-2016-8623: Use-after-free via shared cookies\n  CVE-2016-8624: invalid URL parsing with '#'\n  CVE-2016-8625: IDNA 2003 makes curl use wrong host"},{"time":1477569600,"author":"Vladimir D. Seleznev <vseleznv@altlinux.org>","evr":"7.50.3-alt2","text":"- libcurl-devel: packaged libcurl.m4"},{"time":1473854400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.50.3-alt1","text":"- new version with security fixes (CVE-2016-7167)"},{"time":1473422400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.50.2-alt1","text":"- new version"},{"time":1472212800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.50.1-alt1","text":"- new version"},{"time":1469102400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.50.0-alt1","text":"- new version"},{"time":1464609600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.49.1-alt1","text":"- new version"},{"time":1464004800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.49.0-alt1","text":"- new version"},{"time":1458820800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.48.0-alt1","text":"- new version"},{"time":1457784000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.47.1-alt1","text":"- new version"},{"time":1450008000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.46.0-alt2","text":"- enabled http2 support (closes: #31617)"},{"time":1449489600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.46.0-alt1","text":"- new version"},{"time":1445169600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.45.0-alt1","text":"- new version"},{"time":1434715200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.43.0-alt1","text":"- new version, with fixes for CVE-2015-3236, CVE-2015-3237"},{"time":1430308800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.42.1-alt1","text":"- new version, with fixes for CVE-2015-3153"},{"time":1429704000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.42.0-alt1","text":"- new version, with fixes for CVE-2015-3148, CVE-2015-3143, CVE-2015-3145\n  and CVE-2015-3144"},{"time":1424865600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.41.0-alt1","text":"- new version"},{"time":1421236800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.40.0-alt1","text":"- new version"},{"time":1415188800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.39.0-alt1","text":"- new version"},{"time":1414670400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.38.0-alt2","text":"- threaded-resolver: revert Curl_expire_latest() switch (closes: #30427)"},{"time":1410350400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.38.0-alt1","text":"- new version"},{"time":1406203200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.37.1-alt1","text":"- new version"},{"time":1402056000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.37.0-alt1","text":"- new version"},{"time":1395835200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.36.0-alt1","text":"- new version\n- added watch file"},{"time":1392379200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.35.0-alt2","text":"- test172 fixed by upstream"},{"time":1390996800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.35.0-alt1","text":"- new version"},{"time":1387281600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.34.0-alt1","text":"- new version"},{"time":1382529600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.33.0-alt1","text":"- new version"},{"time":1376654400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.32.0-alt1","text":"- new version"},{"time":1372075200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.31.0-alt1","text":"- new version"},{"time":1366113600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.30.0-alt1","text":"- new version"},{"time":1360584000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.29.0-alt2","text":"- Fix NULL pointer reference when closing an unused multi handle (closes: #28534)"},{"time":1360152000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.29.0-alt1","text":"- new version"},{"time":1347969600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.27.0-alt1","text":"- new version"},{"time":1338292800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.26.0-alt1","text":"- new version"},{"time":1327406400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.24.0-alt1","text":"- new version (fixes two separate security vulnerabilities)"},{"time":1322136000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.23.1-alt1","text":"- new version"},{"time":1316174400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.22.0-alt1","text":"- new version"},{"time":1309176000,"author":"Gleb F-Malinovskiy <glebfm@altlinux.org>","evr":"7.21.7-alt1","text":"- new version (CVE-2011-2192)"},{"time":1303560000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.6-alt1","text":"- new version"},{"time":1303128000,"author":"Gleb F-Malinovskiy <glebfm@altlinux.org>","evr":"7.21.5-alt2","text":"- fix curl-config script:\n + version: replace VERSION with CURLVERSION\n + checkfor: add Requires: bc"},{"time":1303128000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.5-alt1","text":"- new version"},{"time":1300190400,"author":"Alexey Tourbin <at@altlinux.ru>","evr":"7.21.4-alt2","text":"- libcurl-devel: removed dependencies on libidn-devel libssl-devel zlib-devel\n- applied debug.patch from Fedora to enable -g in CFLAGS"},{"time":1298721600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.4-alt1","text":"- new version\n- enabled test check"},{"time":1297166400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.3-alt1","text":"- new version\n- test suite temporary disabled (it does not work in hasher)"},{"time":1286971200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.2-alt1","text":"- new version"},{"time":1285934400,"author":"Dmitry V. Levin <ldv@altlinux.org>","evr":"7.21.1-alt3","text":"- Removed unused requirement on libcares.\n- Cleaned up package descriptions.\n- Enabled test suite.\n- Built with libssl.so.10."},{"time":1282305600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.1-alt2","text":"- build without libcares (fixed #23891,#23486)"},{"time":1281614400,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.1-alt1","text":"- new version\n- enabled build with libssh2"},{"time":1277812800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.21.0-alt1","text":"- new version"},{"time":1271332800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.20.1-alt1","text":"- new version"},{"time":1265889600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.20.0-alt1","text":"- new version"},{"time":1257681600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.7-alt1","text":"- new version"},{"time":1250164800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.6-alt1","text":"- new version (CVE-2009-2417)"},{"time":1236427200,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.4-alt2","text":"- build curl with really external libcares (fixed #19097)"},{"time":1236081600,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.4-alt1","text":"- new version (CVE-2009-0037)"},{"time":1234180800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.3-alt3","text":"- build from cvs"},{"time":1234180800,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.3-alt2","text":"- curl-config --libs fixed (#18779)"},{"time":1233144000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.3-alt1","text":"- new version"},{"time":1226664000,"author":"Anton Farygin <rider@altlinux.ru>","evr":"7.19.2-alt1","text":"- new version"}],"placements":[{"branch":"c10f2","component":"classic","arch":"aarch64","kind":"binary"}]}],"source_names":["curl-8.12.0-alt2.src.rpm","curl-8.12.1-alt2.src.rpm","curl-8.20.0-alt1.src.rpm","curl-8.21.0-alt1.src.rpm"]}