Tuesday 24th January 2012
Fedora Project
Updated perl-List-MoreUtils to 0.33 in Rawhide:
Updated can_xs to fix a bug in it
Local Packages
Updated curl to 7.24.0:
curl was vulnerable to a data injection attack for certain protocols (CVE-2012-0036, http://curl.haxx.se/docs/adv_20120124.html)
curl was vulnerable to a SSL CBC IV vulnerability when built to use OpenSSL (CVE-2011-3389, http://curl.haxx.se/docs/adv_20120124B.html)
CURLOPT_QUOTE: SFTP supports the '*'-prefix now
CURLOPT_DNS_SERVERS: set name servers if possible
Add support for using nettle instead of gcrypt as gnutls backend
CURLOPT_INTERFACE: avoid resolving interfaces names with magic prefixes
Added CURLOPT_ACCEPTTIMEOUT_MS
configure: add symbols versioning option --enable-versioned-symbols
- SSL session share: move the age counter to the share object
-J -O: use -O name if no Content-Disposition header comes!
protocol_connect: show verbose connect and set connect time
query-part: ignore the URI part for given protocols
gnutls: only translate winsock errors for old versions
- POP3: fix end of body detection
POP3: detect when LIST returns no mails
- TELNET: improved treatment of options
configure: add support for pkg-config detection of libidn
- CyaSSL 2.0+ library initialization adjustment
multi interface: only use non-NULL socker function pointer
Call opensocket callback properly for active FTP
Don't call close socket callback for sockets created with accept()
- Differentiate better between host/proxy errors
SSH: fix CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 and --hostpubmd5
multi: handle timeouts on DNS servers by checking for new sockets
CURLOPT_DNS_SERVERS: fix return code
- POP3: fixed escaped dot not being stripped out
OpenSSL: check for the SSLv2 function in configure
MakefileBuild: fix the static build
create_conn: don't switch to HTTP protocol if tunneling is enabled
multi interface: fix block when CONNECT_ONLY option is used
- Fix connection reuse for TLS upgraded connections
Multiple file upload with -F and custom type
multi interface: active FTP connections are no longer blocking
- Android build fix
timer: restore PRETRANSFER timing
libcurl.m4: fix quoting arguments of AC_LANG_PROGRAM
- appconnect time fixed for non-blocking connect ssl backends
Do not include SSL handshake into time spent waiting for 100-continue
- Handle dns cache case insensitive
- Use new host name casing for subsequent HTTP requests
CURLOPT_RESOLVE: avoid adding already present host names
SFTP mkdir: use correct permission
resolve: don't leak pre-populated dns entries
--retry: retry transfers on timeout and DNS errors
- Negotiate with SSPI backend: use the correct buffer for input
SFTP dir: increase buffer size counter to avoid cut off file names
- TFTP: fix resending (again)
c-ares: don't include getaddrinfo-using code
FTP: CURLE_PARTIAL_FILE will not close the control channel
- win32-threaded-resolver: stop using a dummy socket
- OpenSSL: remove reference to openssl internal struct
OpenSSL: SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option no longer enabled
- OpenSSL: fix PKCS#12 certificate parsing related memory leak
- OpenLDAP: fix LDAP connection phase memory leak
Telnet: use correct file descriptor for telnet upload
Telnet: Remove bogus optimisation of telnet upload
- URL parse: user name with ipv6 numerical address
- polarssl: show cipher suite name correctly with 1.1.0
polarssl: havege_rand is not present in version 1.1.0 (warning: we still use the old API which is said to be insecure - see: http://polarssl.org/trac/wiki/SecurityAdvisory201102)
gnutls: enforced use of SSLv3
Updated libcurl7112 to include backported fix for SSL CBC IV vulnerability (CVE-2011-3389); note that libcurl7112 is not vulnerable to CVE-2012-0036 (http://curl.haxx.se/docs/adv_20120124.html)
Updated libcurl7155 to include backported fix for SSL CBC IV vulnerability (CVE-2011-3389); note that libcurl7155 is not vulnerable to CVE-2012-0036 (http://curl.haxx.se/docs/adv_20120124.html)
Cleaned up and rebuilt perl-Devel-Symdump, perl-File-Find-Rule-Perl, perl-List-MoreUtils, perl-Moose and perl-Test-Synopsis