PaulHowarth/Blog/2013-06-22

Saturday 22nd June 2013

Fedora Project

  • Updated perl-Dist-CheckConflicts to 0.06 in Rawhide:

    • Add optional runtime conflict warnings
    • Require 5.8.1, clean up a few things and add a few more tests

    • Use Exporter instead of Sub::Exporter

Local Packages

  • Updated curl to 7.31.0:

    • Security Vulnerability: curl_easy_unescape() may parse data beyond the end of the input buffer (CVE-2013-2174)

    • darwinssl: add TLS session resumption

    • darwinssl: add TLS crypto authentication

    • imap/pop3/smtp: added support for ;auth=<mech> in the URL

    • imap/pop3/smtp: added support for ;auth=<mech> to CURLOPT_USERPWD

    • usercertinmem.c: add example showing user cert in memory

    • url: added smtp and pop3 hostnames to the protocol detection list

    • imap/pop3/smtp: added support for enabling the SASL initial response

    • curl -E: allow to use ':' in certificate nicknames

    • FTP: access files in root dir correctly

    • configure: try pthread_create without -lpthread

    • FTP: handle a 230 welcome response

    • curl-config: don't output static libs when they are disabled

    • CURL_CHECK_CA_BUNDLE: don't check for paths when cross-compiling

    • Various documentation updates

    • getinfo.c: reset timecond when clearing session-info variables

    • FILE: prevent an artificial timeout event due to stale speed-check data

    • ftp_state_pasv_resp: connect through proxy also when set by env

    • sshserver: disable StrictHostKeyChecking

    • ftpserver: fixed imap logout confirmation data

    • curl_easy_init: use less mallocs

    • smtp: fixed unknown percentage complete in progress bar

    • smtp: fixed sending of double CRLF caused by first in EOB

    • bindlocal: move brace out of #ifdef

    • winssl: fixed invalid memory access during SSL shutdown

    • OS X framework: fix invalid symbolic link
    • OpenSSL: allow empty server certificate subject

    • axtls: prevent memleaks on SSL handshake failures

    • cookies: only consider full path matches

    • Revert win32 MemoryTracking: wcsdup() _wcsdup() and _tcsdup()

    • Curl_cookie_add: handle IPv6 hosts

    • ossl_send: SSL_write() returning 0 is an error too

    • ossl_recv: SSL_read() returning 0 is an error too

    • digest auth: escape user names with \ or " in them

    • curl_formadd.3: fixed wrong "end-marker" syntax

    • libcurl-tutorial.3: fix incorrect backslash

    • curl_multi_wait: reduce timeout if the multi handle wants to

    • tests/Makefile: typo in the perlcheck target

    • axtls: honour disabled VERIFYHOST

    • OpenSSL: avoid double free in the PKCS12 certificate code

    • multi_socket: reduce timeout inaccuracy margin

    • digest: support auth-int for empty entity body

    • axtls: now done non-blocking

    • lib1900: use tutil_tvnow instead of gettimeofday

    • curl_easy_perform: avoid busy-looping

    • CURLOPT_COOKIELIST: take cookie share lock

    • multi_socket: react on socket close immediately

  • Updated perl-Dist-CheckConflicts to 0.06 as per the Fedora version

Recent