Opened 9 years ago
Closed 9 years ago
#6618 closed enhancement (fixed)
curl-7.43.0
Reported by: | Fernando de Oliveira | Owned by: | Fernando de Oliveira |
---|---|---|---|
Priority: | high | Milestone: | 7.8 |
Component: | BOOK | Version: | SVN |
Severity: | normal | Keywords: | |
Cc: |
Description (last modified by )
http://curl.haxx.se/download/curl-7.43.0.tar.lzma
http://curl.haxx.se/download/curl-7.43.0.tar.lzma.asc
http://curl.haxx.se/docs/adv_20150617A.html (CVE-2015-3236)
http://curl.haxx.se/docs/adv_20150617B.html (CVE-2015-3237)
http://curl.haxx.se/mail/archive-2015-06/0031.html
or
http://curl.haxx.se/changes.html#7_43_0
Fixed in 7.43.0 - June 17 2015 Changes: • Added CURLOPT_PROXY_SERVICE_NAME • Added CURLOPT_SERVICE_NAME • New curl option: --proxy-service-name • New curl option: --service-name • New curl option: --data-raw • Added CURLOPT_PIPEWAIT • Added support for multiplexing transfers using HTTP/2, enable this with the new CURLPIPE_MULTIPLEX bit for CURLMOPT_PIPELINING • HTTP/2: requires nghttp2 1.0.0 or later • scripts: add zsh.pl for generating zsh completion • curl.h: add CURL_HTTP_VERSION_2 Bugfixes: • CVE-2015-3236: lingering HTTP credentials in connection re-use • CVE-2015-3237: SMB send off unrelated memory contents • nss: fix compilation failure with old versions of NSS • curl_easy_getinfo.3: document 'internals' in CURLINFO_TLS_SESSION • schannel.c: Fix possible SEC_E_BUFFER_TOO_SMALL error • Curl_ossl_init: load builtin modules • configure: follow-up fix for krb5-config • sasl_sspi: Populate domain from the realm in the challenge • netrc: support 'default' token • README: convert to UTF-8 • cyassl: Implement public key pinning • nss: implement public key pinning for NSS backend • mingw build: add arch -m32/-m64 to LDFLAGS • schannel: Fix out of bounds array • configure: remove autogenerated files by autoconf • configure: remove --automake from libtoolize call • acinclude.m4: fix shell test for default CA cert bundle/path • schannel: fix regression in schannel_recv • openssl: skip trace outputs for ssl_ver == 0 • gnutls: properly retrieve certificate status • netrc: Read in text mode when cygwin • winbuild: Document the option used to statically link the CRT • FTP: Make EPSV use the control IP address rather than the original host • FTP: fix dangling conn->ip_addr dereference on verbose EPSV • conncache: keep bundles on host+port bases, not only host names • runtests.pl: use 'h2c' now, no -14 anymore • curlver: introducing new version number (checking) macros • openssl: boringssl build brekage, use SSL_CTX_set_msg_callback • CURLOPT_POSTFIELDS.3: correct variable names • curl_easy_unescape.3: update RFC reference • gnutls: don't fail on non-fatal alerts during handshake • testcurl.pl: allow source to be in an arbitrary directory • CURLOPT_HTTPPROXYTUNNEL.3: only works with a HTTP proxy • SSPI-error: Change SEC_E_ILLEGAL_MESSAGE description • parse_proxy: switch off tunneling if non-HTTP proxy • share_init: fix OOM crash • perl: remove subdir, not touched in 9 years • CURLOPT_COOKIELIST.3: Add example • CURLOPT_COOKIE.3: Explain that the cookies won't be modified • CURLOPT_COOKIELIST.3: Explain Set-Cookie without a domain • FAQ: How do I port libcurl to my OS? • openssl: Use TLS_client_method for OpenSSL 1.1.0+ • HTTP-NTLM: fail auth on connection close instead of looping • curl_setup: Add macros for FOPEN_READTEXT, FOPEN_WRITETEXT • curl_getdate.3: update RFC reference • curl_multi_info_read.3: added example • curl_multi_perform.3: added example • curl_multi_timeout.3: added example • cookie: Stop exporting any-domain cookies • openssl: remove dummy callback use from SSL_CTX_set_verify() • openssl: remove SSL_get_session()-using code • openssl: removed USERDATA_IN_PWD_CALLBACK kludge • openssl: removed error string #ifdef • openssl: Fix verification of server-sent legacy intermediates • docs: man page indentation and syntax fixes • docs: Spelling fixes • fopen.c: fix a few compiler warnings • CURLOPT_OPENSOCKETFUNCTION: return error at once • schannel: Add support for optional client certificates • build: Properly detect OpenSSL 1.0.2 when using configure • urldata: store POST size in state.infilesize too • security:choose_mech remove dead code • rtsp_do: remove dead code • docs: many HTTP URIs changed to HTTPS • schannel: schannel_recv overhaul
Change History (4)
comment:1 by , 9 years ago
Priority: | normal → high |
---|
comment:2 by , 9 years ago
Description: | modified (diff) |
---|
comment:3 by , 9 years ago
Owner: | changed from | to
---|---|
Status: | new → assigned |
comment:4 by , 9 years ago
Resolution: | → fixed |
---|---|
Status: | assigned → closed |
Note:
See TracTickets
for help on using tickets.
fixed at r16135.