|
|
bagder: curl-www Makefile, 1.95, 1.96 _changes.html, 1.118, 1.119 libcurl-g: msg#00004
|
Subject: |
bagder: curl-www Makefile, 1.95, 1.96 _changes.html, 1.118, 1.119 libcurl-gnutlscert.patch, NONE, 1.1 |
Update of /cvsroot/curl/curl-www
In directory labb:/tmp/cvs-serv30720
Modified Files:
Makefile _changes.html
Added Files:
libcurl-gnutlscert.patch
Log Message:
7.16.4 with the security advisory, the announcement will follow
--- NEW FILE: libcurl-gnutlscert.patch ---
Index: lib/gtls.c
===================================================================
RCS file: /cvsroot/curl/curl/lib/gtls.c,v
retrieving revision 1.27
diff -u -r1.27 gtls.c
--- lib/gtls.c 28 Apr 2007 21:01:30 -0000 1.27
+++ lib/gtls.c 10 Jul 2007 20:27:43 -0000
@@ -420,6 +420,43 @@
else
infof(data, "\t common name: %s (matched)\n", certbuf);
+ /* Check for time-based validity */
+ clock = gnutls_x509_crt_get_expiration_time(x509_cert);
+
+ if(clock == (time_t)-1) {
+ failf(data, "server cert expiration date verify failed");
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+
+ if(clock < time(NULL)) {
+ if (data->set.ssl.verifypeer) {
+ failf(data, "server certificate expiration date has passed.");
+ return CURLE_SSL_PEER_CERTIFICATE;
+ }
+ else
+ infof(data, "\t server certificate expiration date FAILED\n");
+ }
+ else
+ infof(data, "\t server certificate expiration date OK\n");
+
+ clock = gnutls_x509_crt_get_activation_time(x509_cert);
+
+ if(clock == (time_t)-1) {
+ failf(data, "server cert activation date verify failed");
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+
+ if(clock > time(NULL)) {
+ if (data->set.ssl.verifypeer) {
+ failf(data, "server certificate not activated yet.");
+ return CURLE_SSL_PEER_CERTIFICATE;
+ }
+ else
+ infof(data, "\t server certificate activation date FAILED\n");
+ }
+ else
+ infof(data, "\t server certificate activation date OK\n");
+
/* Show:
- ciphers used
Index: Makefile
===================================================================
RCS file: /cvsroot/curl/curl-www/Makefile,v
retrieving revision 1.95
retrieving revision 1.96
diff -u -d -r1.95 -r1.96
--- Makefile 25 Jun 2007 09:24:03 -0000 1.95
+++ Makefile 10 Jul 2007 21:43:46 -0000 1.96
@@ -5,8 +5,8 @@
NOW=$(shell gnudate +'-D__TODAY__=%B %e, %Y')
# the latest stable version is:
-STABLE= 7.16.3
-RELDATE = "25th of June 2007"
+STABLE= 7.16.4
+RELDATE = "10th of July 2007"
# name of the dir to tempoary unpack and build zip files in:
TEMPDIR=tempzip
Index: _changes.html
===================================================================
RCS file: /cvsroot/curl/curl-www/_changes.html,v
retrieving revision 1.118
retrieving revision 1.119
diff -u -d -r1.118 -r1.119
--- _changes.html 25 Jun 2007 09:28:26 -0000 1.118
+++ _changes.html 10 Jul 2007 21:43:46 -0000 1.119
@@ -46,6 +46,26 @@
<li> <a href="http://curl.haxx.se/auto/cvshistory.html";>recent CVS activity</a>
</ul>
+SUBTITLE(Fixed in 7.16.4 - July 10 2007)
+<p> Changes:
+<ul>
+ <li> added CURLOPT_NEW_FILE_PERMS and CURLOPT_NEW_DIRECTORY_PERMS
+ <li> improved hashing of sockets for the multi_socket API
+ <li> ftp kerberos5 support added
+</ul>
+<p> Bugfixes:
+<ul>
+ <li> adjusted how libcurl treats HTTP 1.1 responses without content-lenth or
+ chunked encoding
+ <li> fixed the 10-at-a-time.c example
+ <li> FTP over SOCKS proxy
+ <li> improved error messages on SCP upload failures
+ <li> <a href="http://curl.haxx.se/docs/adv_20070710.html";>security flaw</a>
in which libcurl
+ failed to properly reject some outdated or not yet valid server certificates
+ when built with GnuTLS
+</ul>
+
+
SUBTITLE(Fixed in 7.16.3 - June 25 2007)
<p> Changes:
<ul>
|
Try Searching:
servers, voip, java, networking, microsoft ...
|
|
|
| |
