PaulHowarth/Blog/2015-01-08

Thursday 8th January 2015

Local Packages

• Updated cdrtools to 3.01 alpha release 26

• Updated curl to 7.40.0 (addresses CVE-2014-8150 and CVE-2014-8151):

  • http_digest: added support for Windows SSPI based authentication

  • Version info: added Kerberos V5 to the supported features

  • Makefile: added VC targets for WinIDN

  • config-win32: introduce build targets for VS2012+

  • SSL: add PEM format support for public key pinning

  • smtp: added support for the conversion of Unix newlines during mail send

  • smb: added initial support for the SMB/CIFS protocol

  • Added support for HTTP over unix domain sockets, via CURLOPT_UNIX_SOCKET_PATH and --unix-socket

  • sasl: added support for GSS-API based Kerberos V5 authentication

  • darwinssl: fix session ID keys to only reuse identical sessions
  • url-parsing: reject CRLFs within URLs
  • OS400: adjust specific support to last release

  • THANKS: remove duplicate names

  • url.c: fixed compilation warning

  • ssh: fixed build on platforms where R_OK is not defined

  • tool_strdup.c: include the tool strdup.h

  • Build: fixed Visual Studio project file generation of strdup.[c|h]

  • curl_easy_setopt.3: add CURLOPT_PINNEDPUBLICKEY

  • curl.1: show zone index use in a URL

  • mk-ca-bundle.vbs: switch to new certdata.txt URL

  • Makefile.dist: added some missing SSPI configurations

  • Build: fixed no NTLM support for email when CURL_DISABLE_HTTP is defined

  • SSH: use the port number as well for known_known checks

  • libssh2: detect features based on version, not configure checks

  • http2: deal with HTTP/2 data inside Upgrade response header buffer

  • multi: removed Curl_multi_set_easy_connection

  • symbol-scan.pl: do not require autotools

  • cmake: add ENABLE_THREADED_RESOLVER, rename ARES

  • cmake: build libhostname for test suite

  • cmake: fix HAVE_GETHOSTNAME definition

  • Tests: fix libhostname visibility

  • Tests: fix memleak in server/resolve.c

  • vtls.h: fixed compiler warning when compiled without SSL

  • cmake: restore order-dependent header checks

  • cmake: restore order-dependent library checks

  • Tool: removed krb4 from the supported features

  • http2: don't send Upgrade headers when we already do HTTP/2

  • examples: don't call select() to sleep on windows

  • Win32: updated some legacy APIs to use the newer extended versions

  • easy.c: fixed compilation warning when no verbose string support

  • connect.c: fixed compilation warning when no verbose string support

  • Build: in Makefile.m32 pass -F flag to windres

  • Build: in Makefile.m32 add -m32 flag for 32bit

  • multi: when leaving for timeout, close accordingly

  • cmake: simplify if() conditions on check result variables

  • Build: in Makefile.m32 try to detect 64bit target

  • multi: inform about closed sockets before they are closed

  • multi-uv.c: close the file handle after download

  • examples: wait recommended 100ms when no file descriptors are ready

  • ntlm: split the SSPI based messaging code from the native messaging code

  • cmake: fix NTLM detection when CURL_DISABLE_HTTP defined

  • cmake: add Kerberos to the supported feature

  • CURLOPT_POSTFIELDS.3: mention the COPYPOSTFIELDS option

  • http: disable pipelining for HTTP/2 and upgraded connections

  • ntlm: fixed static'ness of local decode function

  • sasl: reduced the need for two sets of NTLM messaging functions

  • multi.c: fixed compilation warnings when no verbose string support

  • select.c: fix compilation for VxWorks

  • multi-single.c: switch to use curl_multi_wait

  • curl_multi_wait.3: clarify numfds being used if not NULL

  • http.c: fixed compilation warnings from features being disabled

  • NSS: enable the CAPATH option

  • Docs: fix FAILONERROR typos

  • HTTP: don't abort connections with pending Negotiate authentication

  • HTTP: free (proxy)userpwd for NTLM/Negotiate after sending a request

  • http_perhapsrewind: don't abort CONNECT requests

  • Build: updated dependencies in makefiles

  • multi.c: fixed compilation warning

  • ftp.c: fixed compilation warnings when proxy support disabled

  • get_url_file_name: fixed crash on OOM on debug build

  • cookie.c: refactored cleanup code to simplify

  • OS400: enable NTLM authentication

  • ntlm: use Windows Crypt API

  • http2: avoid logging neg "failure" if h2 was not requested

  • schannel_recv: return the correct code

  • VC build: added sspi define for winssl-zlib builds

  • Curl_client_write(): chop long data, convert data only once

  • openldap: do not ignore Curl_client_write() return code

  • ldap: check Curl_client_write() return codes

  • parsedate.c: fixed compilation warning

  • url.c: fixed compilation warning when USE_NTLM is not defined

  • ntlm_wb_response: fix "statement not reached"

  • telnet: fix "cast increases required alignment of target type"

  • smtp: fixed dot stuffing when EOL characters at end of input buffers

  • ntlm: allow NTLM2Session messages when USE_NTRESPONSES manually defined

  • ntlm: disable NTLM v2 when 64-bit integers are not supported

  • ntlm: use short integer when decoding 16-bit values

  • ftp.c: fixed compilation warning when no verbose string support

  • synctime.c: fixed timeserver URLs

  • mk-ca-bundle.pl: restored forced run again

  • ntlm: fixed return code for bad type-2 Target Info

  • curl_schannel.c: data may be available before connection shutdown

  • curl_schannel: improvements to memory re-allocation strategy

  • darwinssl: aprintf() to allocate the session key

  • tool_util.c: use GetTickCount64 if it is available

  • lib: fixed multiple code analysis warnings if SAL are available

  • tool_binmode.c: explicitly ignore the return code of setmode

  • tool_urlglob.c: silence warning C6293: Ill-defined for-loop

  • opts: warn CURLOPT_TIMEOUT overrides when set after CURLOPT_TIMEOUT_MS

  • SFTP: work-around servers that return zero size on STAT

  • connect: singleipconnect(): properly try other address families after failure

  • IPV6: address scope != scope id

  • parseurlandfillconn(): fix improper non-numeric scope_id stripping

  • secureserver.pl: make OpenSSL CApath and cert absolute path values

  • secureserver.pl: update Windows detection and fix path conversion

  • secureserver.pl: clean up formatting of config and fix verbose output

  • Tests: added Windows support using Cygwin-based OpenSSH

  • sockfilt.c: use non-Ex functions that are available before WinXP

  • VMS: updates for 0740-0D1220

  • openssl: warn for SRP set if SSLv3 is used, not for TLS version

  • openssl: make it compile against openssl 1.1.0-DEV master branch

  • openssl: fix SSL/TLS versions in verbose output

  • curl: show size of inhibited data when using -v

  • Build: removed WIN32 definition from the Visual Studio projects

  • Build: removed WIN64 definition from the libcurl Visual Studio projects

  • vtls: use bool for Curl_ssl_getsessionid() return type

  • sockfilt.c: replace 100ms sleep with thread throttle

  • sockfilt.c: reduce the number of individual memory allocations

  • vtls: don't set cert info count until memory allocation is successful

  • nss: don't ignore Curl_ssl_init_certinfo() OOM failure

  • nss: don't ignore Curl_extract_certinfo() OOM failure

  • vtls: fixed compilation warning and an ignored return code

  • sockfilt.c: fixed compilation warnings

  • darwinssl: fixed compilation warning

  • vtls: use '(void) arg' for unused parameters

  • sepheaders.c: fixed resource leak on failure

  • lib1900.c: fixed cppcheck error

  • ldap: fixed Unicode connection details in Win32 initialisation / bind calls

  • ldap: fixed Unicode DN, attributes and filter in Win32 search calls