#acl PaulHowarth:read,write,admin,revert,delete All:read

=== Tuesday 24th January 2012 ===

==== Fedora Project ====

 * Updated `perl-List-MoreUtils` to 0.33 in Rawhide:
  * Updated `can_xs` to fix a bug in it

==== Local Packages ====

 * Updated `curl` to 7.24.0:
  * `curl` was vulnerable to a data injection attack for certain protocols ([[CVE:2012-0036|CVE-2012-0036]], http://curl.haxx.se/docs/adv_20120124.html)
  * `curl` was vulnerable to a SSL CBC IV vulnerability when built to use OpenSSL ([[CVE:2011-3389|CVE-2011-3389]], http://curl.haxx.se/docs/adv_20120124B.html)
  * `CURLOPT_QUOTE`: SFTP supports the '`*`'-prefix now
  * `CURLOPT_DNS_SERVERS`: set name servers if possible
  * Add support for using `nettle` instead of `gcrypt` as `gnutls` backend
  * `CURLOPT_INTERFACE`: avoid resolving interfaces names with magic prefixes
  * Added `CURLOPT_ACCEPTTIMEOUT_MS`
  * `configure`: add symbols versioning option `--enable-versioned-symbols`
  * SSL session share: move the age counter to the share object
  * `-J -O`: use `-O` name if no `Content-Disposition` header comes!
  * `protocol_connect`: show verbose connect and set connect time
  * `query-part`: ignore the URI part for given protocols
  * `gnutls`: only translate winsock errors for old versions
  * POP3: fix end of body detection
  * POP3: detect when `LIST` returns no mails
  * TELNET: improved treatment of options
  * `configure`: add support for `pkg-config` detection of `libidn`
  * CyaSSL 2.0+ library initialization adjustment
  * `multi` interface: only use non-`NULL` socker function pointer
  * Call `opensocket` callback properly for active FTP
  * Don't call `close socket` callback for sockets created with `accept()`
  * Differentiate better between host/proxy errors
  * SSH: fix `CURLOPT_SSH_HOST_PUBLIC_KEY_MD5` and `--hostpubmd5`
  * `multi`: handle timeouts on DNS servers by checking for new sockets
  * `CURLOPT_DNS_SERVERS`: fix return code
  * POP3: fixed escaped dot not being stripped out
  * OpenSSL: check for the `SSLv2` function in `configure`
  * `MakefileBuild`: fix the static build
  * `create_conn`: don't switch to HTTP protocol if tunneling is enabled
  * `multi` interface: fix block when `CONNECT_ONLY` option is used
  * Fix connection reuse for TLS upgraded connections
  * Multiple file upload with `-F` and custom type
  * `multi` interface: active FTP connections are no longer blocking
  * Android build fix
  * `timer`: restore `PRETRANSFER` timing
  * `libcurl.m4`: fix quoting arguments of `AC_LANG_PROGRAM`
  * appconnect time fixed for non-blocking connect ssl backends
  * Do not include SSL handshake into time spent waiting for `100-continue`
  * Handle dns cache case insensitive
  * Use new host name casing for subsequent HTTP requests
  * `CURLOPT_RESOLVE`: avoid adding already present host names
  * SFTP `mkdir`: use correct permission
  * `resolve`: don't leak pre-populated dns entries
  * `--retry`: retry transfers on timeout and DNS errors
  * Negotiate with SSPI backend: use the correct buffer for input
  * SFTP `dir`: increase buffer size counter to avoid cut off file names
  * TFTP: fix resending (again)
  * `c-ares`: don't include `getaddrinfo`-using code
  * FTP: `CURLE_PARTIAL_FILE` will not close the control channel
  * win32-threaded-resolver: stop using a dummy socket
  * OpenSSL: remove reference to openssl internal struct
  * OpenSSL: `SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG` option no longer enabled
  * OpenSSL: fix PKCS#12 certificate parsing related memory leak
  * OpenLDAP: fix LDAP connection phase memory leak
  * Telnet: use correct file descriptor for `telnet` upload
  * Telnet: Remove bogus optimisation of `telnet` upload
  * URL parse: user name with ipv6 numerical address
  * polarssl: show cipher suite name correctly with 1.1.0
  * polarssl: `havege_rand` is not present in version 1.1.0 (''warning'': we still use the old API which is said to be insecure - see: http://polarssl.org/trac/wiki/SecurityAdvisory201102)
  * gnutls: enforced use of `SSLv3`
 * Updated `libcurl7112` to include backported fix for SSL CBC IV vulnerability ([[CVE:2011-3389|CVE-2011-3389]]); note that `libcurl7112` is not vulnerable to [[CVE:2012-0036|CVE-2012-0036]] (http://curl.haxx.se/docs/adv_20120124.html)
 * Updated `libcurl7155` to include backported fix for SSL CBC IV vulnerability ([[CVE:2011-3389|CVE-2011-3389]]); note that `libcurl7155` is not vulnerable to [[CVE:2012-0036|CVE-2012-0036]] (http://curl.haxx.se/docs/adv_20120124.html)
 * Cleaned up and rebuilt `perl-Devel-Symdump`, `perl-File-Find-Rule-Perl`, `perl-List-MoreUtils`, `perl-Moose` and `perl-Test-Synopsis`

----