Accepting request 672083 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- update to version 7.64.0
[bcs#1123371, CVE-2018-16890][bcs#1123377, CVE-2019-3822]
[bcs#1123378, CVE-2019-3823]
* Changes:
- cookies: leave secure cookies alone
- hostip: support wildcard hosts
- http: Implement trailing headers for chunked transfers
- http: added options for allowing HTTP/0.9 responses
- timeval: Use high resolution timestamps on Windows
* Bugfixes:
- CVE-2018-16890: NTLM type-2 out-of-bounds buffer read
- CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow
- CVE-2019-3823: SMTP end-of-response out-of-bounds read
- FAQ: remove mention of sourceforge for github
- OS400: handle memory error in list conversion
- OS400: upgrade ILE/RPG binding.
- README: add codacy code quality badge
- Revert http_negotiate: do not close connection
- THANKS: added several missing names from year <= 2000
- build: make 'tidy' target work for metalink builds
- cmake: added checks for variadic macros
- cmake: updated check for HAVE_POLL_FINE to match autotools
- cmake: use lowercase for function name like the rest of the code
- configure: detect xlclang separately from clang
- configure: fix recv/send/select detection on Android
- configure: rewrite --enable-code-coverage
- conncache_unlock: avoid indirection by changing input argument type
- cookie: fix comment typo
- cookies: allow secure override when done over HTTPS
- cookies: extend domain checks to non psl builds
OBS-URL: https://build.opensuse.org/request/show/672083
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=244
This commit is contained in:
Tomáš Chvátal
committed by
Git OBS Bridge
Git OBS Bridge
parent
d780acec9f
commit
ec4ab9ef11
90
curl.changes
90
curl.changes
@@ -1,3 +1,93 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Feb 6 09:16:58 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
|
||||
|
||||
- update to version 7.64.0
|
||||
[bcs#1123371, CVE-2018-16890][bcs#1123377, CVE-2019-3822]
|
||||
[bcs#1123378, CVE-2019-3823]
|
||||
* Changes:
|
||||
- cookies: leave secure cookies alone
|
||||
- hostip: support wildcard hosts
|
||||
- http: Implement trailing headers for chunked transfers
|
||||
- http: added options for allowing HTTP/0.9 responses
|
||||
- timeval: Use high resolution timestamps on Windows
|
||||
* Bugfixes:
|
||||
- CVE-2018-16890: NTLM type-2 out-of-bounds buffer read
|
||||
- CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow
|
||||
- CVE-2019-3823: SMTP end-of-response out-of-bounds read
|
||||
- FAQ: remove mention of sourceforge for github
|
||||
- OS400: handle memory error in list conversion
|
||||
- OS400: upgrade ILE/RPG binding.
|
||||
- README: add codacy code quality badge
|
||||
- Revert http_negotiate: do not close connection
|
||||
- THANKS: added several missing names from year <= 2000
|
||||
- build: make 'tidy' target work for metalink builds
|
||||
- cmake: added checks for variadic macros
|
||||
- cmake: updated check for HAVE_POLL_FINE to match autotools
|
||||
- cmake: use lowercase for function name like the rest of the code
|
||||
- configure: detect xlclang separately from clang
|
||||
- configure: fix recv/send/select detection on Android
|
||||
- configure: rewrite --enable-code-coverage
|
||||
- conncache_unlock: avoid indirection by changing input argument type
|
||||
- cookie: fix comment typo
|
||||
- cookies: allow secure override when done over HTTPS
|
||||
- cookies: extend domain checks to non psl builds
|
||||
- cookies: skip custom cookies when redirecting cross-site
|
||||
- curl --xattr: strip credentials from any URL that is stored
|
||||
- curl -J: refuse to append to the destination file
|
||||
- curl/urlapi.h: include "curl.h" first
|
||||
- curl_multi_remove_handle() don't block terminating c-ares requests
|
||||
- darwinssl: accept setting max-tls with default min-tls
|
||||
- disconnect: separate connections and easy handles better
|
||||
- disconnect: set conn->data for protocol disconnect
|
||||
- docs/version.d: mention MultiSSL
|
||||
- docs: fix the --tls-max description
|
||||
- docs: use $(INSTALL_DATA) to install man page
|
||||
- docs: use meaningless port number in CURLOPT_LOCALPORT example
|
||||
- gopher: always include the entire gopher-path in request
|
||||
- http2: clear pause stream id if it gets closed
|
||||
- if2ip: remove unused function Curl_if_is_interface_name
|
||||
- libssh: do not let libssh create socket
|
||||
- libssh: enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION for libssh
|
||||
- libssh: free sftp_canonicalize_path() data correctly
|
||||
- libtest/stub_gssapi: use "real" snprintf
|
||||
- mbedtls: use VERIFYHOST
|
||||
- multi: multiplexing improvements
|
||||
- multi: set the EXPIRE_*TIMEOUT timers at TIMER_STARTSINGLE time
|
||||
- ntlm: fix NTMLv2 compliance
|
||||
- ntlm_sspi: add support for channel binding
|
||||
- openssl: adapt to 3.0.0, OpenSSL_version_num() is deprecated
|
||||
- openssl: fix the SSL_get_tlsext_status_ocsp_resp call
|
||||
- openvms: fix OpenSSL discovery on VAX
|
||||
- openvms: fix typos in documentation
|
||||
- os400: add a missing closing bracket
|
||||
- os400: fix extra parameter syntax error
|
||||
- pingpong: change default response timeout to 120 seconds
|
||||
- pingpong: ignore regular timeout in disconnect phase
|
||||
- printf: fix format specifiers
|
||||
- runtests.pl: Fix perl call to include srcdir
|
||||
- schannel: fix compiler warning
|
||||
- schannel: preserve original certificate path parameter
|
||||
- schannel: stop calling it "winssl"
|
||||
- sigpipe: if mbedTLS is used, ignore SIGPIPE
|
||||
- smb: fix incorrect path in request if connection reused
|
||||
- ssh: log the libssh2 error message when ssh session startup fails
|
||||
- test1558: verify CURLINFO_PROTOCOL on file:// transfer
|
||||
- test1561: improve test name
|
||||
- test1653: make it survive torture tests
|
||||
- tests: allow tests to pass by 2037-02-12
|
||||
- tests: move objnames-* from lib into tests
|
||||
- timediff: fix math for unsigned time_t
|
||||
- timeval: Disable MSVC Analyzer GetTickCount warning
|
||||
- tool_cb_prg: avoid integer overflow
|
||||
- travis: added cmake build for osx
|
||||
- urlapi: Fix port parsing of eol colon
|
||||
- urlapi: distinguish possibly empty query
|
||||
- urlapi: fix parsing ipv6 with zone index
|
||||
- urldata: rename easy_conn to just conn
|
||||
- winbuild: conditionally use /DZLIB_WINAPI
|
||||
- wolfssl: fix memory-leak in threaded use
|
||||
- spnego_sspi: add support for channel binding
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jan 28 18:47:00 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
|
||||
|
||||
|
||||
Reference in New Issue
Block a user