#acl PaulHowarth:read,write,admin,revert,delete All:read === Wednesday 10th September 2014 === ==== Local Packages ==== * Updated `curl` to 7.38.0: * [[CVE:2014-3613|CVE-2014-3613]]: cookie leak with IP address as domain * [[CVE:2014-3620|CVE-2014-3620]]: cookie leak for TLDs * `CURLE_HTTP2` is a new error code * `CURLAUTH_NEGOTIATE` is a new auth define * `CURL_VERSION_GSSAPI` is a new capability bit * No longer use `fbopenssl` for anything * `schannel`: use `CryptGenRandom` for random numbers * `axtls`: define `curlssl_random` using axTLS's PRNG * `cyassl`: use `RNG_GenerateBlock` to generate a good random number * `findprotocol`: show unsupported protocol within quotes * `version`: detect and show LibreSSL * `version`: detect and show BoringSSL * `imap`/`pop3`/`smtp`: Kerberos (SASL GSSAPI) authentication via Windows SSPI * `http2`: requires `nghttp2` 0.6.0 or later * Fix a build failure on Debian when NSS support is enabled * `HTTP/2`: fixed compiler warnings when built disabled * `cyassl`: return the correct error code on no CA cert * `http`: deprecate `GSS-Negotiate` macros due to bad naming * `http`: fixed `Negotiate:` authentication * `multi`: improve proxy `CONNECT` performance (regression) * `ntlm_wb`: avoid invoking `ntlm_auth` helper with empty username * `ntlm_wb`: fix hard-coded limit on NTLM `auth` packet size * `url.c`: use the preferred symbol name: `*READDATA` * `smtp`: fixed a segfault during `test 1320` torture test * `cyassl`: made it compile with version 2.0.6 again * `nss`: do not check the version of NSS at run time * `c-ares`: fix build without IPv6 support * `HTTP/2`: use base64url encoding * `SSPI Negotiate`: fix 3 memory leaks * `libtest`: fixed duplicated line in `Makefile` * `conncache`: fix compiler warning * `openssl`: make `ossl_send` return `CURLE_OK` better * `HTTP/2`: support `expect: 100-continue` * `HTTP/2`: fix infinite loop in `readwrite_data()` * `parsedate`: fix the return code for an overflow edge condition * `darwinssl`: don't use `strtok()` * `http_negotiate_sspi`: fixed specific username and password not working * `openssl`: replace call to `OPENSSL_config` * `http2`: show the received header for better debugging * `HTTP/2`: move `:authority` before non-pseudo header fields * `HTTP/2`: reset promised stream, not its associated stream * `HTTP/2`: added some more logging for debugging stream problems * `ntlm`: added support for SSPI package info query * `ntlm`: fixed hard coded buffer for SSPI based `auth` packet generation * `sasl_sspi`: fixed memory leak with not releasing Package Info struct * `sasl_sspi`: fixed SPN not being converted to `wchar` under Unicode builds * `sasl`: use a dynamic buffer for `DIGEST-MD5` SPN generation * `http_negotiate_sspi`: use a dynamic buffer for SPN generation * `sasl_sspi`: fixed missing `free` of challenge buffer on SPN failure * `sasl_sspi`: fixed hard coded buffer for response generation * `Curl_poll` + `Curl_wait_ms`: fix timeout return value * `docs/SSLCERTS`: update the section about NSS database * `create_conn`: prune dead connections * `openssl`: fix version report for the 0.9.8 branch * `mk-ca-bundle.pl`: switched to using `hg.mozilla.org` * `http`: fix the `Content-Range:` parser * `Curl_disconnect`: don't `free` the URL * `win32`: fixed `WinSock` 2 `#if` * `NTLM`: ignore `CURLOPT_FORBID_REUSE` during NTLM HTTP auth * `curl.1`: clarify `--limit-rate`'s effect on both directions * `disconnect`: don't touch `easy`-related state on disconnects * `Cmake`: big clean-up and numerous fixes * `HTTP/2`: supports `draft-14` - moved `:headers` before the non-psuedo headers * `configure.ac`: add support for recent GSS-API implementations for HP-UX * `CONNECT`: close proxy connections that fail * `CURLOPT_NOBODY.3`: clarify this option is for downloads * `darwinssl`: fix CA certificate checking using PEM format * `resolve`: cache lookup for async resolvers * `low-speed-limit`: avoid timeout flood * `polarssl`: implement `CURLOPT_SSLVERSION` * `multi`: convert `CURLM_STATE_CONNECT_PEND` handling to a list * `curl_multi_cleanup`: remove superfluous `NULL` assigns * `polarssl`: support `CURLOPT_CAPATH` / `--capath` * `progress`: `size_dl`/`size_ul` are always ≳ 0, and clear "`KNOWN`" properly ----