2009年8月17日

[installer 2038] curl-7.19.6

curl-7.19.6 出ています。

セキュリティホールの修正版です。
http://curl.haxx.se/docs/adv_20090812.txt
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2417
参照のこと。旧版についてのパッチも出ています。

http://curl.haxx.se/CVE-2009-2417/curl-7.10.6-CVE-2009-2417.patch

http://curl.haxx.se/CVE-2009-2417/curl-7.11.0-CVE-2009-2417.patch
http://curl.haxx.se/CVE-2009-2417/curl-7.12.1-CVE-2009-2417.patch
http://curl.haxx.se/CVE-2009-2417/curl-7.15.1-CVE-2009-2417.patch
http://curl.haxx.se/CVE-2009-2417/curl-7.15.5-CVE-2009-2417.patch
http://curl.haxx.se/CVE-2009-2417/curl-7.16.4-CVE-2009-2417.patch
http://curl.haxx.se/CVE-2009-2417/curl-7.18.1-CVE-2009-2417.patch
http://curl.haxx.se/CVE-2009-2417/curl-7.19.0-CVE-2009-2417.patch
http://curl.haxx.se/CVE-2009-2417/curl-7.19.5-CVE-2009-2417.patch

☆ curl-7.19.6
http://curl.haxx.se/
http://curl.haxx.se/download/curl-7.19.6.tar.gz

Curl and libcurl 7.19.6

Public curl releases: 112
Command line options: 132
curl_easy_setopt() options: 163
Public functions in libcurl: 58
Known libcurl bindings: 38
Contributors: 715

This release includes the following changes:

o CURLOPT_FTPPORT (and curl's -P/--ftpport) support port ranges
o Added CURLOPT_SSH_KNOWNHOSTS, CURLOPT_SSH_KEYFUNCTION, CURLOPT_SSH_KEYDATA
o CURLOPT_QUOTE, CURLOPT_POSTQUOTE and CURLOPT_PREQUOTE can be told to ignore
error responses when used with FTP

This release includes the following bugfixes:

o crash on bad socket close with FTP
o leaking cookie memory when duplicate domains or paths were used
o build fix for Symbian
o CURLOPT_USERPWD set to NULL clears auth credentials
o libcurl-NSS build fixes
o configure script fixed for VMS
o set Content-Length: with POST and PUT failed with NTLM auth
o allow building libcurl for VxWorks
o curl tool exit codes fixed for VMS
o --no-buffer treated correctly
o djgpp build fix
o configure detection of GnuTLS now based on pkg-config as well
o libcurl-NSS client cert handling segfaults
o curl uploading from stdin/pipes now works in non-blocking way so that it
continues the downloading even when the read stalls
o ftp credentials are added to the url if needed for http proxies
o curl -o - sends data to stdout using binary mode on windows
o fixed the separators for "array" style string that CURLINFO_CERTINFO returns
o auth problem over several hosts with re-used connection
o improved the support for client certificates in libcurl+NSS
o fix leak in gtls code
o missing algorithms in libcurl+OpenSSL
o with noproxy set you could still get a proxy if a proxy env was set
o rand seeding on libcurl on windows built with OpenSSL was not thread-safe
o fixed the zero byte inserted in cert name flaw in libcurl+OpenSSL
o don't try SNI with SSLv2 or SSLv3 (OpenSSL and GnuTLS builds)
o libcurl+OpenSSL would wrongly acknowledge a cert if CN matched but
subjectAltName didn't
o TFTP upload sent illegal TSIZE packets

This release includes the following known bugs:

o see docs/KNOWN_BUGS http://curl.haxx.se/docs/knownbugs.html)

----
こがよういちろう


投稿者 xml-rpc : 2009年8月17日 09:23
役に立ちました?:
過去のフィードバック 平均:(0) 総合:(0) 投票回数:(0)
本記事へのTrackback: http://hoop.euqset.org/blog/mt-tb2006.cgi/87581
トラックバック
コメント
コメントする




画像の中に見える文字を入力してください。