PaulHowarth/Blog/2018-01-24

Wednesday 24th January 2018

Local Packages

  • Updated curl to 7.58.0:

    • New libssh-powered SSH SCP/SFTP back-end

    • curl-config: Add --ssl-backends

    • http2: Fix incorrect trailer buffer size (CVE-2018-1000005)

    • http: Prevent custom Authorization headers in redirects (CVE-2018-1000007)

    • travis: Add boringssl build

    • examples/xmlstream.c: Don't switch off CURL_GLOBAL_SSL

    • SSL: Avoid magic allocation of SSL backend specific data

    • lib: Don't export all symbols, just everything curl_*

    • libssh2: Send the correct CURLE error code on scp file not found

    • libssh2: Return CURLE_UPLOAD_FAILED on failure to upload

    • openssl: Enable pkcs12 in boringssl builds

    • libssh2: Remove dead code from SSH_SFTP_QUOTE

    • sasl_getmessage: Make sure we have a long enough string to pass

    • conncache: Fix several lock issues

    • threaded-shared-conn.c: New example

    • conncache: Only allow multiplexing within same multi handle

    • configure: Check for netinet/in6.h

    • URL: Tolerate backslash after drive letter for FILE:

    • openldap: Add commented out debug possibilities

    • include: Get netinet/in.h before linux/tcp.h

    • CONNECT: Keep close connection flag in http_connect_state struct

    • BINDINGS: Another PostgreSQL client

    • curl: Limit -# update frequency for unknown total size

    • configure: Add AX_CODE_COVERAGE only if using gcc

    • curl.h: Remove incorrect comment about ERRORBUFFER

    • openssl: Improve data-pending check for https proxy

    • curl: Remove __EMX__ #ifdefs

    • CURLOPT_PRIVATE.3: Fix grammar

    • sftp: Allow quoted commands to use relative paths

    • CURLOPT_DNS_CACHE_TIMEOUT.3: See also CURLOPT_RESOLVE

    • RESOLVE: Output verbose text when trying to set a duplicate name

    • openssl: Disable file buffering for Win32 SSLKEYLOGFILE

    • multi_done: Prune DNS cache

    • tests: Update .gitignore for libtests

    • tests: Mark data files as non-executable in git

    • CURLOPT_DNS_LOCAL_IP4.3: Fixed the "SEE ALSO" to not self-reference

    • curl.1: Documented two missing valid exit codes

    • curl.1: Mention http:// and https:// as valid proxy prefixes

    • vtls: Replaced getenv() with curl_getenv()

    • setopt: Less or equal than INT_MAX/1000 should be fine

    • examples/smtp-mail.c: Use separate defines for options and mail

    • curl: Support >256 bytes warning messages

    • conncache: Fix a return code

    • krb5: Fix a potential access of uninitialized memory

    • rand: Add a clang-analyzer work-around

    • CURLOPT_READFUNCTION.3: Refer to argument with correct name

    • brotli: Allow compiling with version 0.6.0

    • content_encoding: Rework zlib_inflate

    • curl_easy_reset: Release mime-related data

    • examples/rtsp: Fix error handling macros

    • build-openssl.bat: Added support for VC15

    • build-wolfssl.bat: Added support for VC15

    • build: Added Visual Studio 2017 project files
    • winbuild: Added support for VC15

    • curl: Support size modifiers for --max-filesize

    • examples/cacertinmem: Ignore cert-already-exists error

    • brotli: Data at the end of content can be lost

    • curl_version_info.3: Call the argument 'age'

    • openssl: Fix memory leak of SSLKEYLOGFILE filename

    • build: Remove HAVE_LIMITS_H check

    • --mail-rcpt: Fix short-text description

    • scripts: Allow all perl scripts to be run directly

    • progress: Calculate transfer speed on milliseconds if possible

    • system.h: Check __LONG_MAX__ for defining curl_off_t

    • easy: Fix connection ownership in curl_easy_pause

    • setopt: Reintroduce non-static Curl_vsetopt() for OS400 support

    • setopt: Fix SSLVERSION to allow CURL_SSLVERSION_MAX_ values

    • configure.ac: Append extra linker flags instead of prepending them

    • HTTP: Bail out on negative Content-Length: values

    • docs: Comment about CURLE_READ_ERROR returned by curl_mime_filedata

    • mime: Clone mime tree upon easy handle duplication

    • openssl: Enable SSLKEYLOGFILE support by default

    • smtp/pop3/imap_get_message: Decrease the data length too...

    • CURLOPT_TCP_NODELAY.3: Fix typo

    • SMB: Fix numeric constant suffix and variable types

    • ftp-wildcard: Fix matching an empty string with "*[^a]"

    • curl_fnmatch: only allow 5 '*' sections in a single pattern

    • openssl: Fix potential memory leak in SSLKEYLOGFILE logic

    • SSH: Fix state machine for ssh-agent authentication

    • examples/url2file.c: Add missing curl_global_cleanup() call

    • http2: Don't close connection when single transfer is stopped

    • libcurl-env.3: First version

    • curl: Progress bar refresh, get width using ioctl()

    • CONNECT_TO: Fail attempt to set an IPv6 numerical without IPv6 support

  • Updated perl-DateTime-TimeZone to 2.17:

    • This release is based on version 2018b of the Olson database
    • Revert the changes for Ireland in the previous version as these caused breakages in some systems that consumed the IANA time zone data

Recent