id,summary,reporter,owner,description,type,status,priority,milestone,component,version,severity,resolution,keywords,cc 6427,curl-7.42.0,Fernando de Oliveira,Fernando de Oliveira,"[http://curl.haxx.se/download/curl-7.42.0.tar.lzma] [http://curl.haxx.se/download/curl-7.42.0.tar.lzma.asc] [http://curl.haxx.se/changes.html#7_42_0] {{{ Fixed in 7.42.0 - April 22 2015 Changes: • openssl: show the cipher selection to use in verbose text • gtls: implement CURLOPT_CERTINFO • add CURLOPT_SSL_FALSESTART option (darwinssl and NSS) • curl: add --false-start option • add CURLOPT_PATH_AS_IS • curl: add --path-as-is option • curl: create output file on successful download of an empty file Bugfixes: • ConnectionExists: for NTLM re-use, require credentials to match • cookie: cookie parser out of boundary memory access • fix_hostname: zero length host name caused -1 index offset • http_done: close Negotiate connections when done • sws: timeout idle CONNECT connections • nss: improve error handling in Curl_nss_random() • nss: do not skip Curl_nss_seed() if data is NULL • curl-config.in: eliminate double quotes around CURL_CA_BUNDLE • http2: move lots of verbose output to be debug-only • dist: add extern-scan.pl to the tarball • http2: return recv error on unexpected EOF • build: Use default RandomizedBaseAddress directive in VC9+ project files • build: Removed DataExecutionPrevention directive from VC9+ project files • tool: Updated the warnf() function to use the GlobalConfig structure • http2: Return error if stream was closed with other than NO_ERROR • mprintf.h: remove #ifdef CURLDEBUG • libtest: fixed linker errors on msvc • tool: use ENABLE_CURLX_PRINTF instead of _MPRINTF_REPLACE • curl.1: fix ""The the"" typo • cmake: handle build definitions CURLDEBUG/DEBUGBUILD • openssl: remove all uses of USE_SSLEAY • multi: fix memory-leak on timeout (regression) • curl_easy_setopt.3: added CURLOPT_SSL_VERIFYSTATUS • metalink: add some error checks • TLS: make it possible to enable ALPN/NPN without HTTP/2 • http2: use CURL_HTTP_VERSION_* symbols instead of NPN_* • conncontrol: only log changes to the connection bit • multi: fix *getsock() with CONNECT • symbols.pl: handle '-' in the deprecated field • MacOSX-Framework: use @rpath instead of @executable_path • GnuTLS: add support for CURLOPT_CAPATH • GnuTLS: print negotiated TLS version and full cipher suite name • GnuTLS: don't print double newline after certificate dates • memanalyze.pl: handle free(NULL) • proxy: re-use proxy connections (regression) • mk-ca-bundle: Don't report SHA1 numbers with ""-q"" • http: always send Host: header as first header • openssl: sort ciphers to use based on strength • openssl: use colons properly in the ciphers list • http2: detect premature close without data transfered • hostip: Fix signal race in Curl_resolv_timeout • closesocket: call multi socket cb on close even with custom close • mksymbolsmanpage.pl: use std header and generate better nroff header • connect: Fix happy eyeballs logic for IPv4-only builds • curl_easy_perform.3: remove superfluous close brace from example • HTTP: don't use Expect: headers when on HTTP/2 • Curl_sh_entry: remove unused 'timestamp' • docs/libcurl: makefile portability fix • mkhelp: Remove trailing carriage return from every line of input • nss: explicitly tell NSS to disable NPN/ALPN when libcurl disables it • curl_easy_setopt.3: added a few missing options • metalink: fix resource leak in OOM • axtls: version 1.5.2 now requires that config.h be manually included • HTTP: don't switch to HTTP/2 from 1.1 until we get the 101 • cyassl: detect the library as renamed wolfssl • CURLOPT_HTTPHEADER.3: add a ""SECURITY CONCERNS"" section • CURLOPT_URL.3: Added ""SECURITY CONCERNS • openssl: try to avoid accessing OCSP structs when possible • test938: added missing closing tags • testcurl: Allow '=' in values given on command line • tests/certs: added make target to rebuild certificates • tests/certs: rebuild certificates with modified key usage bits • gtls: avoid uninitialized variable • gtls: dereferencing NULL pointer • gtls: add check of return code • test1513: eliminated race condition in test run • dict: rename byte to avoid compiler shadowed declaration warning • curl_easy_recv/send: make them work with the multi interface • vtls: fix compile with --disable-crypto-auth but with SSL • openssl: adapt to ASN1/X509 things gone opaque in 1.1 • openssl: verifystatus: only use the OCSP work-around <= 1.0.2a • curl_memory: make curl_memory.h the second-last header file loaded • testcurl.pl: add the --notes option to supply more info about a build • cyassl: If wolfSSL then identify as such in version string • cyassl: Check for invalid length parameter in Curl_cyassl_random • cyassl: default to highest possible TLS version • Curl_ssl_md5sum: return CURLcode (fixes OOM) • polarssl: remove dead code • polarssl: called mbedTLS in 1.3.10 and later • globbing: fix step parsing for character globbing ranges • globbing: fix url number calculation when using range with step • multi: on a request completion, check all CONNECT_PEND transfers • build: link curl to openssl libraries when openssl support is enabled • url: Don't accept CURLOPT_SSLVERSION unless USE_SSL is defined • vtls: Don't accept unknown CURLOPT_SSLVERSION values • build: Fix libcurl.sln erroneous mixed configurations • cyassl: remove undefined reference to CyaSSL_no_filesystem_verify • cyassl: add SSL context callback support for CyaSSL • tool: only set SSL options if SSL is enabled • multi: remove_handle: move pending connections • configure: Use KRB5CONFIG for krb5-config • axtls: add timeout within Curl_axtls_connect • CURLOPT_HTTP200ALIASES.3: Mainly SHOUTcast servers use ""ICY 200"" • cyassl: Fix library initialization return value • cookie: handle spaces after the name in Set-Cookie • http2: Fix missing nghttp2_session_send call in Curl_http2_switched • cyassl: Fix certificate load check • build-openssl.bat: Fix mixed line endings • checksrc.bat: Check lib\vtls source • DNS: fix refreshing of obsolete dns cache entries • CURLOPT_RESOLVE: actually implement removals • checksrc.bat: quotes to support an SRC_DIR with spaces • cyassl: Remove 'Connecting to' message from cyassl_connect_step2 • cyassl: Use CYASSL_MAX_ERROR_SZ for error buffer size • lib/transfer.c: Remove factor of 8 from sleep time calculation • lib/makefile.m32: add missing libs to build libcurl.dll • build: Generate source prerequisites for Visual Studio in generate.bat • cyassl: Include the CyaSSL build config • firefox-db2pem: fix wildcard to find Firefox default profile • BUGS: refer to the github issue tracker now as primary • vtls_openssl: improve several certificate error messages • cyassl: Add support for TLS extension SNI • parsecfg: do not continue past a zero termination • configure --with-nss=PATH: query pkg-config if available • configure --with-nss: drop redundant if statement • cyassl: Fix include order • HTTP: fix PUT regression with Negotiate • curl_version_info.3: fixed the 'protocols' variable type }}} ",enhancement,closed,normal,7.8,BOOK,SVN,normal,fixed,,