SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for libcurl-devel-7.21.2-45.1.i586.rpm :

* Fri Apr 11 2014 lijewski.stefanAATTgmail.com- fixes for two security vulnerabilities:
* CVE-2014-138 (bnc#868627) - curl: wrong re-use of connections - added curl-CVE-2014-0138.patch
* CVE-2014-139 (bnc#868629) - curl: IP address wildcard certificate validation - curl-CVE-2014-0139.patch
* Tue Jan 14 2014 vcizekAATTsuse.com- fix for CVE-2014-0015 (bnc#858673)
* re-use of wrong HTTP NTLM connection in libcurl
* added curl-CVE-2014-0015-NTLM_connection_reuse.patch- fix test failure because of an expired cookie (bnc#862144)
* added curl-test172_cookie_expiration.patch
* Mon Dec 02 2013 vcizekAATTsuse.com- fix CVE-2013-4545 (bnc#849596) = acknowledge VERIFYHOST without VERIFYPEER
* Thu Jun 13 2013 vcizekAATTsuse.com- fix for CVE-2013-2174 (bnc#824517) added curl-CVE-2013-2174.patch
* Fri Apr 12 2013 vcizekAATTsuse.com- fixed CVE-2013-1944 (bnc#814655)
* Thu Jan 26 2012 vcizekAATTsuse.com- workaround to CVE-2011-2192 by disabling GSSAPI (bnc#698796)
* Sun Jan 22 2012 mmarekAATTsuse.cz- Fix IMAP, POP3 and SMTP URL sanitization (bnc#740452, CVE-2012-0036)- Disable SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option when built against an older OpenSSL version (CVE-2010-4180).- Don\'t enable SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS (bnc#742306, CVE-2011-3389).
* Fri Oct 22 2010 cristian.rodriguezAATTopensuse.org- Update to version 7.21.2
* curl -T: ignore file size of special files
* Added GOPHER protocol support
* Added mk-ca-bundle.vbs script
* c-ares build now requires c-ares >= 1.6.0
* --remote-header-name security vulnerability fixed
* multi: support the timeouts correctly, fixes known bug #62
* multi: use timeouts properly for MAX_RECV/SEND_SPEED
* negotiation: Wrong proxy authorization
* multi: avoid sending multiple complete messages
* cmdline: make -F type= accept ;charset=
* RESUME_FROM: clarify what ftp uploads do
* http: handle trailer headers in all chunked responses
* Curl_is_connected: use correct errno
* progress: callback for POSTs less than MAX_INITIAL_POST_SIZE
* Link curl and the test apps with -lrt explicitly when necessary
* chunky parser: only rewind stream internally if needed
* remote-header-name: don\'t output filename when NULL
* Curl_timeleft: avoid returning \"no timeout\" by mistake
* timeout: use the correct start value as offset
* FTP: fix wrong timeout trigger
* rtsp: avoid SIGSEGV on malformed header
* LDAP: Support for tunnelling queries through HTTP proxy
* curl_easy_duphandle: clone the c-ares handle correctly
* support URL containing colon without trailing port number
* parsedate: allow time specified without seconds
* curl_easy_escape: don\'t escape \"unreserved\" characters
* SFTP: avoid downloading negative sizes
* Lots of GSS/KRB FTP fixes
* TFTP: Work around tftpd-hpa upload bug
* libcurl.m4: several fixes
* HTTP: remove special case for 416
* globbing: fix crash on unballanced open brace
* Wed Jun 02 2010 lnusselAATTsuse.de- allowing switching to nss instead of openssl via bcond
* Mon May 10 2010 crrodriguezAATTopensuse.org- disable c-ares support while bnc598574 is fixed.
* Sat Apr 24 2010 cooloAATTnovell.com- buildrequire pkg-config to fix provides
* Fri Apr 23 2010 crrodriguezAATTopensuse.org- Update to libcurl 7.20.1
* off-by-one in the chunked encoding trailer parser
* CURLOPT_CERTINFO memory leak
* threaded resolver double free when closing curl handle
* url_multi_remove_handle() caused use after free
* SSL possible double free when reusing curl handle
* alarm()-based DNS timeout bug
* Wed Mar 24 2010 crrodriguezAATTopensuse.org- enable libssh2 support unconditionally.
* Wed Mar 10 2010 crrodriguezAATTopensuse.org- enable libcares support unconditionally.
* Sat Feb 13 2010 dimstarAATTopensuse.org- Update to version 7.20.0:
* support SSL_FILETYPE_ENGINE for client certificate
* curl-config can now show the arguments used when building curl
* non-blocking TFTP
* send Expect: 100-continue for POSTs with unknown sizes
* added support for IMAP(S), POP3(S), SMTP(S) and RTSP
* added new curl_easy_setopt() options for SMTP and RTSP
* added --mail-from and --mail-rcpt for SMTP
* VMS build system enhancements
* added support for the PRET ftp command
* curl supports --ssl and --ssl-reqd
* added -J/--remote-header-name for using server-provided filename with -O
* enhanced asynchronous DNS lookups
* symbol CURL_FORMAT_OFF_T is obsoleted
* many bugfixes
* Tue Jan 26 2010 mmarekAATTsuse.cz- updated to 7.19.7
* -T. is now for non-blocking uploading from stdin
* SYST handling on FTP for OS/400 FTP server cases
* libcurl refuses to read a single HTTP header longer than 100K
* added the --crlfile option to curl
* many bugfixes
* Mon Jan 11 2010 meissnerAATTsuse.de- add baselibs.conf as source
* Thu Aug 13 2009 mmarekAATTsuse.cz- updated to 7.19.6
* CURLOPT_FTPPORT (and curl\'s -P/--ftpport) support port ranges
* Added CURLOPT_SSH_KNOWNHOSTS, CURLOPT_SSH_KEYFUNCTION, CURLOPT_SSH_KEYDATA
* CURLOPT_QUOTE, CURLOPT_POSTQUOTE and CURLOPT_PREQUOTE can be told to ignore error responses when used with FTP
* fixed CVE-2009-2417 (matching certificates with embedded NUL bytes)
* many other bugfixes
* Tue May 19 2009 mmarekAATTsuse.cz- remove the Obsoletes: curl-ca-bundle, it breaks parallel installation of older libcurl packages (bnc#484044).
* Tue May 19 2009 mmarekAATTsuse.cz- updated to 7.19.5
* libcurl now closes all dead connections whenever you attempt to open a new connection
* libssh2\'s version number can now be figured out run-time instead of using the build-time fixed number
* CURLOPT_SEEKFUNCTION may now return CURL_SEEKFUNC_CANTSEEK
* curl can now upload with resume even when reading from a pipe
* a build-time configured curl_socklen_t is now used instead of socklen_t- by default, don\'t abort if the testsuite fails.
* Thu Mar 05 2009 mmarekAATTsuse.cz- don\'t run autoreconf -fi as it breaks on older distros and upstream uses recent autotools already.
* Mon Mar 02 2009 mmarekAATTsuse.cz- updated to 7.19.4
* don\'t follow redirects to file:// and scp:// by default; add new curl_easy_setopt options CURLOPT_PROTOCOLS and CURLOPT_REDIR_PROTOCOLS to specify which protocols are allowed and which protocols are allowed to redirect to (bnc#475103, CVE-2009-0037)
* Added CURLOPT_NOPROXY and the corresponding --noproxy
* the OpenSSL-specific code disables TICKET (rfc5077) which is enabled by default in openssl 0.9.8j
* Added CURLOPT_TFTP_BLKSIZE
* Added CURLOPT_SOCKS5_GSSAPI_SERVICE and CURLOPT_SOCKS5_GSSAPI_NEC - with the corresponding curl options - -socks5-gssapi-service and --socks5-gssapi-nec
* Improved IPv6 support when built with with c-ares >= 1.6.1
* Added CURLPROXY_HTTP_1_0 and --proxy1.0
* Added docs/libcurl/symbols-in-versions
* Added CURLINFO_CONDITION_UNMET
* Added support for Digest and NTLM authentication using GnuTLS
* CURLOPT_FTP_CREATE_MISSING_DIRS can now be set to 2 to retry the CWD even when MKD fails
* GnuTLS initing moved to curl_global_init()
* CURLAUTH_DIGEST_IE bit added for CURLOPT_HTTPAUTH and CURLOPT_PROXYAUTH
* pkg-config can now show supported_protocols and supported_features
* Added CURLOPT_CERTINFO and CURLINFO_CERTINFO
* Added CURLOPT_POSTREDIR
* Better detect HTTP 1.0 servers and don\'t do HTTP 1.1 requests on them
* configure --disable-proxy disables proxy support
* Added CURLOPT_USERNAME and CURLOPT_PASSWORD
* --interface now works with IPv6 connections on glibc systems
* Added CURLOPT_PROXYUSERNAME and CURLOPT_PROXYPASSWORD
  
ICM