Wednesday 10th September 2014
Local Packages
Updated curl to 7.38.0:
CVE-2014-3613: cookie leak with IP address as domain
CVE-2014-3620: cookie leak for TLDs
CURLE_HTTP2 is a new error code
CURLAUTH_NEGOTIATE is a new auth define
CURL_VERSION_GSSAPI is a new capability bit
No longer use fbopenssl for anything
schannel: use CryptGenRandom for random numbers
axtls: define curlssl_random using axTLS's PRNG
cyassl: use RNG_GenerateBlock to generate a good random number
findprotocol: show unsupported protocol within quotes
version: detect and show LibreSSL
version: detect and show BoringSSL
imap/pop3/smtp: Kerberos (SASL GSSAPI) authentication via Windows SSPI
http2: requires nghttp2 0.6.0 or later
- Fix a build failure on Debian when NSS support is enabled
HTTP/2: fixed compiler warnings when built disabled
cyassl: return the correct error code on no CA cert
http: deprecate GSS-Negotiate macros due to bad naming
http: fixed Negotiate: authentication
multi: improve proxy CONNECT performance (regression)
ntlm_wb: avoid invoking ntlm_auth helper with empty username
ntlm_wb: fix hard-coded limit on NTLM auth packet size
url.c: use the preferred symbol name: *READDATA
smtp: fixed a segfault during test 1320 torture test
cyassl: made it compile with version 2.0.6 again
nss: do not check the version of NSS at run time
c-ares: fix build without IPv6 support
HTTP/2: use base64url encoding
SSPI Negotiate: fix 3 memory leaks
libtest: fixed duplicated line in Makefile
conncache: fix compiler warning
openssl: make ossl_send return CURLE_OK better
HTTP/2: support expect: 100-continue
HTTP/2: fix infinite loop in readwrite_data()
parsedate: fix the return code for an overflow edge condition
darwinssl: don't use strtok()
http_negotiate_sspi: fixed specific username and password not working
openssl: replace call to OPENSSL_config
http2: show the received header for better debugging
HTTP/2: move :authority before non-pseudo header fields
HTTP/2: reset promised stream, not its associated stream
HTTP/2: added some more logging for debugging stream problems
ntlm: added support for SSPI package info query
ntlm: fixed hard coded buffer for SSPI based auth packet generation
sasl_sspi: fixed memory leak with not releasing Package Info struct
sasl_sspi: fixed SPN not being converted to wchar under Unicode builds
sasl: use a dynamic buffer for DIGEST-MD5 SPN generation
http_negotiate_sspi: use a dynamic buffer for SPN generation
sasl_sspi: fixed missing free of challenge buffer on SPN failure
sasl_sspi: fixed hard coded buffer for response generation
Curl_poll + Curl_wait_ms: fix timeout return value
docs/SSLCERTS: update the section about NSS database
create_conn: prune dead connections
openssl: fix version report for the 0.9.8 branch
mk-ca-bundle.pl: switched to using hg.mozilla.org
http: fix the Content-Range: parser
Curl_disconnect: don't free the URL
win32: fixed WinSock 2 #if
NTLM: ignore CURLOPT_FORBID_REUSE during NTLM HTTP auth
curl.1: clarify --limit-rate's effect on both directions
disconnect: don't touch easy-related state on disconnects
Cmake: big clean-up and numerous fixes
HTTP/2: supports draft-14 - moved :headers before the non-psuedo headers
configure.ac: add support for recent GSS-API implementations for HP-UX
CONNECT: close proxy connections that fail
CURLOPT_NOBODY.3: clarify this option is for downloads
darwinssl: fix CA certificate checking using PEM format
resolve: cache lookup for async resolvers
low-speed-limit: avoid timeout flood
polarssl: implement CURLOPT_SSLVERSION
multi: convert CURLM_STATE_CONNECT_PEND handling to a list
curl_multi_cleanup: remove superfluous NULL assigns
polarssl: support CURLOPT_CAPATH / --capath
progress: size_dl/size_ul are always ≳ 0, and clear "KNOWN" properly