cURL / Mailing Lists / curl-library / Single Mail

curl-library

[RELEASE] curl and libcurl 7.29.0

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Wed, 6 Feb 2013 11:25:51 +0100 (CET)

Hello world!

I'm happy to present curl and libcurl version 7.29.0, readily available for
download from http://curl.haxx.se/ as usual.

This time we have a little security advisory you may want to pay closer
attention to...

Curl and libcurl 7.29.0

  Public curl releases: 131
  Command line options: 152
  curl_easy_setopt() options: 199
  Public functions in libcurl: 58
  Known libcurl bindings: 39
  Contributors: 993

This release includes the following securify fix:

  o POP3/IMAP/SMTP SASL buffer overflow vulnerability [17]

This release includes the following changes:

  o test: offer "automake" output and check for perl better
  o always-multi: always use non-blocking internals [1]
  o imap: Added support for sasl digest-md5 authentication
  o imap: Added support for sasl cram-md5 authentication
  o imap: Added support for sasl ntlm authentication
  o imap: Added support for sasl login authentication
  o imap: Added support for sasl plain text authentication
  o imap: Added support for login disabled server capability
  o mk-ca-bundle: add -f, support passing to stdout and more [5]
  o writeout: -w now supports remote_ip/port and local_ip/port

This release includes the following bugfixes:

  o nss: prevent NSS from crashing on client auth hook failure
  o darwinssl: Fixed inability to disable peer verification on Snow Leopard
    and Lion
  o curl_multi_remove_handle: fix memory leak triggered with CURLOPT_RESOLVE
  o SCP: relative path didn't work as documented [7]
  o setup_once.h: HP-UX <sys/socket.h> issue workaround
  o configure: fix cross pkg-config detection
  o runtests: Do not add undefined values to @INC
  o build: fix compilation with CURL_DISABLE_CRYPTO_AUTH flag
  o multi: fix re-sending request on early connection close
  o HTTP: remove stray CRLF in chunk-encoded content-free request bodies
  o build: fix AIX compilation and usage of events/revents
  o VC Makefiles: add missing hostcheck
  o nss: clear session cache if a client certificate from file is used
  o nss: fix error messages for CURLE_SSL_{CACERT,CRL}_BADFILE
  o fix HTTP CONNECT tunnel establishment upon delayed response [2]
  o --libcurl: fix for non-zero default options
  o FTP: reject illegal port numbers in EPSV 229 responses
  o build: use per-target '_CPPFLAGS' for those currently using default
  o configure: fix automake 1.13 compatibility [6]
  o curl: ignore SIGPIPE [4]
  o pop3: Added support for non-blocking SSL upgrade
  o pop3: Fixed default authentication detection
  o imap: Fixed usernames and passwords that contain escape characters
  o packages/DOS/common.dj: remove COFF debug info generation [3]
  o imap/pop3/smtp: Fixed failure detection during TLS upgrade [8]
  o pop3: Fixed no known authentication mechanism when fallback is required [9]
  o formadd: reject trying to read a directory where a file is expected [10]
  o formpost: support quotes, commas and semicolon in file names [11]
  o docs: update the comments about loading CA certs with NSS [12]
  o docs: fix typos in man pages [13]
  o darwinssl: Fix bug where packets were sometimes transmitted twice [14]
  o winbuild: include version info for .dll .exe [15]
  o schannel: Removed extended error connection setup flag [16]
  o VMS: fix and generate the VMS build config

This release includes the following known bugs:

  o see docs/KNOWN_BUGS (http://curl.haxx.se/docs/knownbugs.html)

This release would not have looked like this without help, code, reports and
advice from friends like these:

  Nick Zitzmann, Colin Watson, Fabian Keil, Kamil Dudka, Lijo Antony,
  Linus Nielsen Feltzing, Marc Hoersken, Stanislav Ivochkin, Steve Holme,
  Yang Tse, Balaji Parasuram, Dan Fandrich, Bob Relyea, Gisle Vanem,
  Yves Arrouye, Kai Engert, Lluís Batlle i Rossell, Jirí Hruka,
  John E. Malmberg, Tor Arntsen, Matt Arsenault, Sergei Nikulov,
  Guenter Knauf, Craig Davison, Ulrich Doehner, Jiri Jaburek, Bruno de Carvalho,
  Eldar Zaitov

         Thanks! (and sorry if I forgot to mention someone)

References to bug reports and discussions on issues:

  [1] = http://daniel.haxx.se/blog/2013/01/17/internally-were-all-multi-now/
  [2] = http://curl.haxx.se/mail/lib-2013-01/0191.html
  [3] = http://curl.haxx.se/mail/lib-2013-01/0130.html
  [4] = http://curl.haxx.se/bug/view.cgi?id=1180
  [5] = http://curl.haxx.se/mail/lib-2013-01/0045.html
  [6] = http://curl.haxx.se/mail/lib-2012-12/0246.html
  [7] = http://curl.haxx.se/bug/view.cgi?id=1173
  [8] = http://curl.haxx.se/mail/lib-2013-01/0250.html
  [9] = http://curl.haxx.se/mail/lib-2013-02/0004.html
  [10] = http://curl.haxx.se/mail/archive-2013-01/0017.html
  [11] = http://curl.haxx.se/bug/view.cgi?id=1171
  [12] = https://bugzilla.redhat.com/696783
  [13] = https://bugzilla.redhat.com/896544
  [14] = http://curl.haxx.se/mail/lib-2013-01/0295.html
  [15] = http://curl.haxx.se/bug/view.cgi?id=1186
  [16] = http://curl.haxx.se/bug/view.cgi?id=1187
  [17] = http://curl.haxx.se/docs/adv_20130206.html

-- 
  / daniel.haxx.se

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2013-02-06