PaulHowarth/Blog/2015-06-17

Wednesday 17th June 2015

Fedora Project

  • Updated perl-DBM-Deep to 2.0012 in Rawhide:

    • Improved transaction validation and warnings (GH#12)

  • Updated perl-Text-CSV_XS to 1.19 in Rawhide:

    • Guard tests against $PERL_UNICODE

    • Numeric options were sometimes interpreted as boolean

    • Safer meta_info use

Local Packages

  • Updated curl to 7.43.0:

    • CVE-2015-3236: Lingering HTTP credentials in connection re-use

    • CVE-2015-3237: SMB send off unrelated memory contents

    • Added CURLOPT_PROXY_SERVICE_NAME

    • Added CURLOPT_SERVICE_NAME

    • New curl option: --proxy-service-name

    • New curl option: --service-name

    • New curl option: --data-raw

    • Added CURLOPT_PIPEWAIT

    • Added support for multiplexing transfers using HTTP/2, and enable this with the new CURLPIPE_MULTIPLEX bit for CURLMOPT_PIPELINING

    • HTTP/2: Requires nghttp2 1.0.0 or later

    • scripts: Add zsh.pl for generating zsh completion

    • curl.h: Add CURL_HTTP_VERSION_2

    • nss: Fix compilation failure with old versions of NSS

    • curl_easy_getinfo.3: Document 'internals' in CURLINFO_TLS_SESSION

    • schannel.c: Fix possible SEC_E_BUFFER_TOO_SMALL error

    • Curl_ossl_init: Load built-in modules

    • configure: Follow-up fix for krb5-config

    • sasl_sspi: Populate domain from the realm in the challenge

    • netrc: Support 'default' token

    • README: Convert to UTF-8

    • cyassl: Implement public key pinning

    • nss: Implement public key pinning for NSS backend

    • MinGW build: Add arch -m32/-m64 to LDFLAGS

    • schannel: Fix out of bounds array

    • configure: Remove autogenerated files by autoconf

    • configure: Remove --automake from libtoolize call

    • acinclude.m4: Fix shell test for default CA cert bundle/path

    • schannel: Fix regression in schannel_recv

    • openssl: Skip trace outputs for ssl_ver == 0

    • gnutls: Properly retrieve certificate status

    • netrc: Read in text mode when cygwin

    • winbuild: Document the option used to statically link the CRT

    • FTP: Make EPSV use the control IP address rather than the original host

    • FTP: fIx dangling conn->ip_addr dereference on verbose EPSV

    • conncache: Keep bundles on host+port bases, not only host names

    • runtests.pl: Use 'h2c' now, no -14 any more

    • curlver: Introducing new version number (checking) macros

    • openssl: boringssl build breakage, use SSL_CTX_set_msg_callback

    • CURLOPT_POSTFIELDS.3: Correct variable names

    • curl_easy_unescape.3: Update RFC reference

    • gnutls: Don't fail on non-fatal alerts during handshake

    • testcurl.pl: Allow source to be in an arbitrary directory

    • CURLOPT_HTTPPROXYTUNNEL.3: Only works with a HTTP proxy

    • SSPI-error: Change SEC_E_ILLEGAL_MESSAGE description

    • parse_proxy: Switch off tunnelling if non-HTTP proxy

    • share_init: Fix OOM crash

    • perl: Remove subdir, not touched in 9 years

    • CURLOPT_COOKIELIST.3: Add example

    • CURLOPT_COOKIE.3: Explain that the cookies won't be modified

    • CURLOPT_COOKIELIST.3: Explain Set-Cookie without a domain

    • FAQ: How do I port libcurl to my OS?

    • openssl: Use TLS_client_method for OpenSSL 1.1.0+

    • HTTP-NTLM: Fail auth on connection close instead of looping

    • curl_setup: Add macros for FOPEN_READTEXT, FOPEN_WRITETEXT

    • curl_getdate.3: Update RFC reference

    • curl_multi_info_read.3: Added example

    • curl_multi_perform.3: Added example

    • curl_multi_timeout.3: Added example

    • cookie: Stop exporting any-domain cookies

    • openssl: Remove dummy callback use from SSL_CTX_set_verify()

    • openssl: Remove SSL_get_session()-using code

    • openssl: Removed USERDATA_IN_PWD_CALLBACK kludge

    • openssl: Removed error string #ifdef

    • openssl: Fix verification of server-sent legacy intermediates

    • docs: man page indentation and syntax fixes
    • docs: Spelling fixes

    • fopen.c: Fix a few compiler warnings

    • CURLOPT_OPENSOCKETFUNCTION: Return error at once

    • schannel: Add support for optional client certificates

    • build: Properly detect OpenSSL 1.0.2 when using configure

    • urldata: Store POST size in state.infilesize too

    • security: choose_mech: Remove dead code

    • rtsp_do: Remove dead code

    • docs: Many HTTP URIs changed to HTTPS

    • schannel: schannel_recv overhaul

  • Updated perl-DBM-Deep to 2.0012 as per the Fedora version

  • Updated perl-Module-CoreList to 5.20150520:

    • Updated for v5.22.0

  • Updated perl-Text-CSV_XS to 1.19 as per the Fedora version

  • Rebuilt bluefish, GeoIP, GeoIP-GeoLite-data, geoipupdate, gtkwave and Judy for the Fedora_23_Mass_Rebuild

Recent