PaulHowarth/Blog/2015-01-08

Thursday 8th January 2015

Local Packages

  • Updated cdrtools to 3.01 alpha release 26

  • Updated curl to 7.40.0 (addresses CVE-2014-8150 and CVE-2014-8151):

    • http_digest: added support for Windows SSPI based authentication

    • Version info: added Kerberos V5 to the supported features

    • Makefile: added VC targets for WinIDN

    • config-win32: introduce build targets for VS2012+

    • SSL: add PEM format support for public key pinning

    • smtp: added support for the conversion of Unix newlines during mail send

    • smb: added initial support for the SMB/CIFS protocol

    • Added support for HTTP over unix domain sockets, via CURLOPT_UNIX_SOCKET_PATH and --unix-socket

    • sasl: added support for GSS-API based Kerberos V5 authentication

    • darwinssl: fix session ID keys to only reuse identical sessions
    • url-parsing: reject CRLFs within URLs
    • OS400: adjust specific support to last release

    • THANKS: remove duplicate names

    • url.c: fixed compilation warning

    • ssh: fixed build on platforms where R_OK is not defined

    • tool_strdup.c: include the tool strdup.h

    • Build: fixed Visual Studio project file generation of strdup.[c|h]

    • curl_easy_setopt.3: add CURLOPT_PINNEDPUBLICKEY

    • curl.1: show zone index use in a URL

    • mk-ca-bundle.vbs: switch to new certdata.txt URL

    • Makefile.dist: added some missing SSPI configurations

    • Build: fixed no NTLM support for email when CURL_DISABLE_HTTP is defined

    • SSH: use the port number as well for known_known checks

    • libssh2: detect features based on version, not configure checks

    • http2: deal with HTTP/2 data inside Upgrade response header buffer

    • multi: removed Curl_multi_set_easy_connection

    • symbol-scan.pl: do not require autotools

    • cmake: add ENABLE_THREADED_RESOLVER, rename ARES

    • cmake: build libhostname for test suite

    • cmake: fix HAVE_GETHOSTNAME definition

    • Tests: fix libhostname visibility

    • Tests: fix memleak in server/resolve.c

    • vtls.h: fixed compiler warning when compiled without SSL

    • cmake: restore order-dependent header checks

    • cmake: restore order-dependent library checks

    • Tool: removed krb4 from the supported features

    • http2: don't send Upgrade headers when we already do HTTP/2

    • examples: don't call select() to sleep on windows

    • Win32: updated some legacy APIs to use the newer extended versions

    • easy.c: fixed compilation warning when no verbose string support

    • connect.c: fixed compilation warning when no verbose string support

    • Build: in Makefile.m32 pass -F flag to windres

    • Build: in Makefile.m32 add -m32 flag for 32bit

    • multi: when leaving for timeout, close accordingly

    • cmake: simplify if() conditions on check result variables

    • Build: in Makefile.m32 try to detect 64bit target

    • multi: inform about closed sockets before they are closed

    • multi-uv.c: close the file handle after download

    • examples: wait recommended 100ms when no file descriptors are ready

    • ntlm: split the SSPI based messaging code from the native messaging code

    • cmake: fix NTLM detection when CURL_DISABLE_HTTP defined

    • cmake: add Kerberos to the supported feature

    • CURLOPT_POSTFIELDS.3: mention the COPYPOSTFIELDS option

    • http: disable pipelining for HTTP/2 and upgraded connections

    • ntlm: fixed static'ness of local decode function

    • sasl: reduced the need for two sets of NTLM messaging functions

    • multi.c: fixed compilation warnings when no verbose string support

    • select.c: fix compilation for VxWorks

    • multi-single.c: switch to use curl_multi_wait

    • curl_multi_wait.3: clarify numfds being used if not NULL

    • http.c: fixed compilation warnings from features being disabled

    • NSS: enable the CAPATH option

    • Docs: fix FAILONERROR typos

    • HTTP: don't abort connections with pending Negotiate authentication

    • HTTP: free (proxy)userpwd for NTLM/Negotiate after sending a request

    • http_perhapsrewind: don't abort CONNECT requests

    • Build: updated dependencies in makefiles

    • multi.c: fixed compilation warning

    • ftp.c: fixed compilation warnings when proxy support disabled

    • get_url_file_name: fixed crash on OOM on debug build

    • cookie.c: refactored cleanup code to simplify

    • OS400: enable NTLM authentication

    • ntlm: use Windows Crypt API

    • http2: avoid logging neg "failure" if h2 was not requested

    • schannel_recv: return the correct code

    • VC build: added sspi define for winssl-zlib builds

    • Curl_client_write(): chop long data, convert data only once

    • openldap: do not ignore Curl_client_write() return code

    • ldap: check Curl_client_write() return codes

    • parsedate.c: fixed compilation warning

    • url.c: fixed compilation warning when USE_NTLM is not defined

    • ntlm_wb_response: fix "statement not reached"

    • telnet: fix "cast increases required alignment of target type"

    • smtp: fixed dot stuffing when EOL characters at end of input buffers

    • ntlm: allow NTLM2Session messages when USE_NTRESPONSES manually defined

    • ntlm: disable NTLM v2 when 64-bit integers are not supported

    • ntlm: use short integer when decoding 16-bit values

    • ftp.c: fixed compilation warning when no verbose string support

    • synctime.c: fixed timeserver URLs

    • mk-ca-bundle.pl: restored forced run again

    • ntlm: fixed return code for bad type-2 Target Info

    • curl_schannel.c: data may be available before connection shutdown

    • curl_schannel: improvements to memory re-allocation strategy

    • darwinssl: aprintf() to allocate the session key

    • tool_util.c: use GetTickCount64 if it is available

    • lib: fixed multiple code analysis warnings if SAL are available

    • tool_binmode.c: explicitly ignore the return code of setmode

    • tool_urlglob.c: silence warning C6293: Ill-defined for-loop

    • opts: warn CURLOPT_TIMEOUT overrides when set after CURLOPT_TIMEOUT_MS

    • SFTP: work-around servers that return zero size on STAT

    • connect: singleipconnect(): properly try other address families after failure

    • IPV6: address scope != scope id

    • parseurlandfillconn(): fix improper non-numeric scope_id stripping

    • secureserver.pl: make OpenSSL CApath and cert absolute path values

    • secureserver.pl: update Windows detection and fix path conversion

    • secureserver.pl: clean up formatting of config and fix verbose output

    • Tests: added Windows support using Cygwin-based OpenSSH

    • sockfilt.c: use non-Ex functions that are available before WinXP

    • VMS: updates for 0740-0D1220

    • openssl: warn for SRP set if SSLv3 is used, not for TLS version

    • openssl: make it compile against openssl 1.1.0-DEV master branch

    • openssl: fix SSL/TLS versions in verbose output

    • curl: show size of inhibited data when using -v

    • Build: removed WIN32 definition from the Visual Studio projects

    • Build: removed WIN64 definition from the libcurl Visual Studio projects

    • vtls: use bool for Curl_ssl_getsessionid() return type

    • sockfilt.c: replace 100ms sleep with thread throttle

    • sockfilt.c: reduce the number of individual memory allocations

    • vtls: don't set cert info count until memory allocation is successful

    • nss: don't ignore Curl_ssl_init_certinfo() OOM failure

    • nss: don't ignore Curl_extract_certinfo() OOM failure

    • vtls: fixed compilation warning and an ignored return code

    • sockfilt.c: fixed compilation warnings

    • darwinssl: fixed compilation warning

    • vtls: use '(void) arg' for unused parameters

    • sepheaders.c: fixed resource leak on failure

    • lib1900.c: fixed cppcheck error

    • ldap: fixed Unicode connection details in Win32 initialisation / bind calls

    • ldap: fixed Unicode DN, attributes and filter in Win32 search calls

Recent