#11113: curl-7.61.1
-------------------------+-----------------------
Reporter: renodr | Owner: bdubbs
Type: enhancement | Status: assigned
Priority: high | Milestone: 8.4
Component: BOOK | Version: SVN
Severity: normal | Resolution:
Keywords: |
-------------------------+-----------------------
Comment (by bdubbs):
Fixed in 7.61.1 - September 5 2018
Bugfixes:
- security advisory (CVE-2018-14618): NTLM password overflow via integer
overflow
- CURLINFO_SIZE_UPLOAD: fix missing counter update
- CURLOPT_ACCEPT_ENCODING.3: list them comma-separated
- CURLOPT_SSL_CTX_FUNCTION.3: might cause accidental connection reuse
- Curl_getoff_all_pipelines: improved for multiplexed
- DEPRECATE: remove release date from 7.62.0
- HTTP: Don't attempt to needlessly decompress redirect body
- INTERNALS: require GnuTLS >= 2.11.3
- README.md: add LGTM.com code quality grade for C/C++
- SSLCERTS: improve the openssl command line
- Silence GCC 8 cast-function-type warnings
- ares: check for NULL in completed-callback
- asyn-thread: Remove unused macro
- auth: only pick CURLAUTH_BEARER if we *have* a Bearer token
- auth: pick Bearer authentication whenever a token is available
- cmake: CMake config files are defining CURL_STATICLIB for static
builds
- cmake: Respect BUILD_SHARED_LIBS
- cmake: Update scripts to use consistent style
- cmake: bumped minimum version to 3.4
- cmake: link curl to the OpenSSL targets instead of lib absolute paths
- configure: conditionally enable pedantic-errors
- configure: fix for -lpthread detection with OpenSSL and pkg-config
- conn: remove the boolean 'inuse' field
- content_encoding: accept up to 4 unknown trailer bytes after raw
deflate data
- cookie tests: treat files as text
- cookies: support creation-time attribute for cookies
- curl: Fix segfault when -H @headerfile is empty
- curl: add http code 408 to transient list for --retry
- curl: fix time-of-check, time-of-use race in dir creation
- curl: use Content-Disposition before the "URL end" for -OJ
- curl: warn the user if a given file name looks like an option
- curl_threads: silence bad-function-cast warning
- darwinssl: add support for ALPN negotiation
- docs/CURLOPT_URL: fix indentation
- docs/CURLOPT_WRITEFUNCTION: size is always 1
- docs/SECURITY-PROCESS: mention bounty, drop pre-notify
- docs/examples: add hiperfifo example using linux epoll/timerfd
- docs: add disallow-username-in-url.d and haproxy-protocol.d to dist
- docs: clarify NO_PROXY env variable functionality
- docs: improved the manual pages of some callbacks
- docs: mention NULL is fine input to several functions
- formdata: Remove unused macro HTTPPOST_CONTENTTYPE_DEFAULT
- gopher: Do not translate `?' to `%09'
- header output: switch off all styles, not just unbold
- hostip: fix unused variable warning
- http2: Use correct format identifier for stream_id
- http2: abort the send_callback if not setup yet
- http2: avoid set_stream_user_data() before stream is assigned
- http2: check nghttp2_session_set_stream_user_data return code
- http2: clear the drain counter in Curl_http2_done
- http2: make sure to send after RST_STREAM
- http2: separate easy handle from connections better
- http: fix for tiny "HTTP/0.9" response
- http_proxy: Remove unused macro SELECT_TIMEOUT
- lib/Makefile: only do symbol hiding if told to
- lib1502: fix memory leak in torture test
- lib1522: fix curl_easy_setopt argument type
- libcurl-thread.3: expand somewhat on the NO_SIGNAL motivation
- mime: check Curl_rand_hex's return code
- multi: always do the COMPLETED procedure/state
- openssl: assume engine support in 1.0.0 or later
- openssl: fix debug messages
- projects: Improve Windows perl detection in batch scripts
- retry: return error if rewind was necessary but didn't happen
- reuse_conn(): memory leak - free old_conn->options
- schannel: client certificate store opening fix
- schannel: enable CALG_TLS1PRF for w32api >= 5.1
- schannel: fix MinGW compile break
- sftp: don't send post-quote sequence when retrying a connection
- smb: fix memory leak on early failure
- smb: fix memory-leak in URL parse error path
- smb_getsock: always wait for write socket too
- ssh-libssh: fix infinite connect loop on invalid private key
- ssh-libssh: reduce excessive verbose output about pubkey auth
- ssh-libssh: use FALLTHROUGH to silence gcc8
- ssl: set engine implicitly when a PKCS#11 URI is provided
- sws: handle EINTR when calling select()
- system_win32: fix version checking
- telnet: Remove unused macros TELOPTS and TELCMDS
- test1143: disable MSYS2's POSIX path conversion
- test1148: disable if decimal separator is not point
- test1307: (fnmatch testing) disabled
- test1422: add required file feature
- test1531: Add timeout
- test1540: Remove unused macro TEST_HANG_TIMEOUT
- test214: disable MSYS2's POSIX path conversion for URL
- test320: treat curl320.out file as binary
- tests/http_pipe.py: Use /usr/bin/env to find python
- tests: Don't use Windows path %PWD for SSH tests
- tests: fixes for Windows line endlings
- tool_operate: Fix setting proxy TLS 1.3 ciphers
- travis: build darwinssl on macos 10.12 to fix linker errors
- travis: execute "set -eo pipefail" for coverage build
- travis: run a 'make checksrc' too
- travis: update to GCC-8
- travis: verify that man pages can be regenerated
- upload: allocate upload buffer on-demand
- upload: change default UPLOAD_BUFSIZE to 64KB
- urldata: remove unused pipe_broke struct field
- vtls: reinstantiate engine on duplicated handles
- windows: implement send buffer tuning
- wolfSSL/CyaSSL: Fix memory leak in Curl_cyassl_random
--
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/11113#comment:2>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch
--
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
