curl-users
ANNOUNCE: curl and libcurl 7.24.0
Date: Tue, 24 Jan 2012 10:17:57 +0100 (CET)
Hello!
I'm happy to announce that I've just packaged and uploaded another curl
release. We've fixed many bugs and added a bunch of new features. As usual you
get it from http://curl.haxx.se/
This time we also ship two security fixes, announced separately just within
moments from now.
Curl and libcurl 7.24.0
Public curl releases: 127
Command line options: 149
curl_easy_setopt() options: 192
Public functions in libcurl: 58
Known libcurl bindings: 39
Contributors: 907
This release includes the following security fixes:
o curl was vulnerable to a data injection attack for certain protocols
http://curl.haxx.se/docs/adv_20120124.html
o curl was vulnerable to a SSL CBC IV vulnerability when built to use OpenSSL
http://curl.haxx.se/docs/adv_20120124B.html
This release includes the following changes:
o CURLOPT_QUOTE: SFTP supports the '*'-prefix now [24]
o CURLOPT_DNS_SERVERS: set name servers if possible [23]
o Add support for using nettle instead of gcrypt as gnutls backend [22]
o CURLOPT_INTERFACE: avoid resolving interfaces names with magic prefixes [21]
o Added CURLOPT_ACCEPTTIMEOUT_MS [30]
o configure: add symbols versioning option --enable-versioned-symbols [31]
This release includes the following bugfixes:
o SSL session share: move the age counter to the share object [1]
o -J -O: use -O name if no Content-Disposition header comes! [2]
o protocol_connect: show verbose connect and set connect time [3]
o query-part: ignore the URI part for given protocols [4]
o gnutls: only translate winsock errors for old versions [5]
o POP3: fix end of body detection [6]
o POP3: detect when LIST returns no mails
o TELNET: improved treatment of options [7]
o configure: add support for pkg-config detection of libidn [8]
o CyaSSL 2.0+ library initialization adjustment [9]
o multi interface: only use non-NULL socker function pointer
o call opensocket callback properly for active FTP
o don't call close socket callback for sockets created with accept() [10]
o differentiate better between host/proxy errors [11]
o SSH: fix CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 and --hostpubmd5 [12]
o multi: handle timeouts on DNS servers by checking for new sockets [13]
o CURLOPT_DNS_SERVERS: fix return code
o POP3: fixed escaped dot not being stripped out [14]
o OpenSSL: check for the SSLv2 function in configure [15]
o MakefileBuild: fix the static build [16]
o create_conn: don't switch to HTTP protocol if tunneling is enabled [17]
o multi interface: fix block when CONNECT_ONLY option is used [18]
o Fix connection reuse for TLS upgraded connections [19]
o multiple file upload with -F and custom type [20]
o multi interface: active FTP connections are no longer blocking [25]
o Android build fix [26]
o timer: restore PRETRANSFER timing [27]
o libcurl.m4: Fix quoting arguments of AC_LANG_PROGRAM [28]
o appconnect time fixed for non-blocking connect ssl backends [29]
o do not include SSL handshake into time spent waiting for 100-continue [32]
o handle dns cache case insensitive
o use new host name casing for subsequent HTTP requests [33]
o CURLOPT_RESOLVE: avoid adding already present host names
o SFTP mkdir: use correct permission [34]
o resolve: don't leak pre-populated dns entries [35]
o --retry: Retry transfers on timeout and DNS errors
o negotiate with SSPI backend: use the correct buffer for input [36]
o SFTP dir: increase buffer size counter to avoid cut off file names [37]
o TFTP: fix resending (again) [38]
o c-ares: don't include getaddrinfo-using code [39]
o FTP: CURLE_PARTIAL_FILE will not close the control channel [40]
o win32-threaded-resolver: stop using a dummy socket
o OpenSSL: remove reference to openssl internal struct [41]
o OpenSSL: SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option no longer enabled
o OpenSSL: fix PKCS#12 certificate parsing related memory leak
o OpenLDAP: fix LDAP connection phase memory leak [42]
o Telnet: Use correct file descriptor for telnet upload
o Telnet: Remove bogus optimisation of telnet upload
o URL parse: user name with ipv6 numerical address
o polarssl: show cipher suite name correctly with 1.1.0
o polarssl: havege_rand is not present in version 1.1.0 WARNING, we still
use the old API which is said to be insecure. See
http://polarssl.org/trac/wiki/SecurityAdvisory201102
o gnutls: enforced use of SSLv3 [43]
This release includes the following known bugs:
o see docs/KNOWN_BUGS (http://curl.haxx.se/docs/knownbugs.html)
This release would not have looked like this without help, code, reports and
advice from friends like these:
Alejandro Alvarez Ayllon, Jason Glasgow, Jonas Schnelli, Mark Brand,
Martin Storsjo, Yang Tse, Laurent Rabret, Jason Glasgow, Steve Holme,
Reza Arbab, Jason Liu, Gokhan Sengun, Rob Ward, Dan Fandrich,
Naveen Chandran, Ward Willats, Vladimir Grishchenko, Colin Hogben,
Alessandro Ghedini, Cedric Deltheil, Toni Moreno, Bernhard Reutner-Fischer,
Sven Wegener, Alex Vinnik, Kamil Dudka, Mamoru Tasaka, Patrice Guerin,
Armel Asselin, Arthur Murray, Steve H Truong, Peter Sylvester,
Johannes Bauer, Brandon Wang, Pierre Joye, Robert Schumann,
Christian Grothoff, Nikos Mavrogiannopoulos
Thanks! (and sorry if I forgot to mention someone)
References to bug reports and discussions on issues:
[1] = http://curl.haxx.se/mail/lib-2011-11/0116.html
[2] = http://curl.haxx.se/mail/archive-2011-11/0030.htm
[3] = http://curl.haxx.se/mail/archive-2011-11/0035.html
[4] = http://curl.haxx.se/mail/lib-2011-11/0218.html
[5] = http://curl.haxx.se/mail/lib-2011-11/0267.html
[6] = http://curl.haxx.se/mail/lib-2011-11/0279.html
[7] = http://curl.haxx.se/mail/lib-2011-11/0247.html
[8] = http://curl.haxx.se/mail/lib-2011-11/0294.html
[9] = http://curl.haxx.se/bug/view.cgi?id=3442068
[10] = http://curl.haxx.se/mail/lib-2011-12/0018.html
[11] = http://curl.haxx.se/mail/archive-2011-12/0010.html
[12] = http://curl.haxx.se/bug/view.cgi?id=3451592
[13] = http://curl.haxx.se/mail/lib-2011-11/0371.html
[14] = http://curl.haxx.se/mail/lib-2011-11/0368.html
[15] = http://curl.haxx.se/mail/archive-2011-12/0012.html
[16] = http://curl.haxx.se/mail/lib-2011-12/0063.html
[17] = http://curl.haxx.se/mail/lib-2011-12/0010.html
[18] = http://curl.haxx.se/mail/lib-2011-12/0070.html
[19] = http://curl.haxx.se/mail/lib-2011-11/0022.html
[20] = http://curl.haxx.se/mail/lib-2011-12/0121.html
[21] = http://curl.haxx.se/mail/lib-2011-12/0107.html
[22] = http://curl.haxx.se/mail/lib-2011-11/0164.html
[23] = http://curl.haxx.se/mail/lib-2011-11/0067.html
[24] = http://curl.haxx.se/mail/lib-2011-11/0205.html
[25] = http://curl.haxx.se/mail/lib-2011-12/0179.html
[26] = http://curl.haxx.se/mail/lib-2011-12/0215.html
[27] = http://curl.haxx.se/mail/archive-2011-12/0022.html
[28] = http://curl.haxx.se/mail/lib-2011-12/0218.html
[29] = http://curl.haxx.se/mail/lib-2011-12/0211.html
[30] = http://curl.haxx.se/libcurl/c/curl_easy_setopt.html#CURLOPTACCEPTTIMOUTMS
[31] = http://curl.haxx.se/mail/lib-2011-12/0133.html
[32] = https://bugzilla.redhat.com/767490
[33] = http://curl.haxx.se/mail/lib-2011-12/0314.html
[34] = http://curl.haxx.se/mail/lib-2011-12/0249.html
[35] = http://curl.haxx.se/bug/view.cgi?id=3463121
[36] = http://curl.haxx.se/bug/view.cgi?id=3466497
[37] = http://curl.haxx.se/mail/lib-2011-12/0249.html
[38] = http://curl.haxx.se/mail/lib-2012-01/0146.html
[39] = http://curl.haxx.se/mail/lib-2012-01/0160.html
[40] = http://curl.haxx.se/mail/lib-2012-01/0096.html
[41] = http://curl.haxx.se/mail/lib-2012-01/0049.html
[42] = http://curl.haxx.se/bug/view.cgi?id=3474308
[43] = http://curl.haxx.se/mail/lib-2012-01/0225.html
-- / daniel.haxx.se ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-users FAQ: http://curl.haxx.se/docs/faq.html Etiquette: http://curl.haxx.se/mail/etiquette.htmlReceived on 2012-01-24