Comment 0 for bug 435259

Binary package hint: curl

curl 7.19.6 has been released

 Fixed in 7.19.6 - August 12 2009
Release contains security-related bug fix

Changes:

    * CURLOPT_FTPPORT (and curl's -P/--ftpport) support port ranges
    * Added CURLOPT_SSH_KNOWNHOSTS, CURLOPT_SSH_KEYFUNCTION, CURLOPT_SSH_KEYDATA
    * CURLOPT_QUOTE, CURLOPT_POSTQUOTE and CURLOPT_PREQUOTE can be told to ignore error responses when used with FTP

Bugfixes:

    * crash on bad socket close with FTP
    * leaking cookie memory when duplicate domains or paths were used
    * build fix for Symbian
    * CURLOPT_USERPWD set to NULL clears auth credentials
    * libcurl-NSS build fixes
    * configure script fixed for VMS
    * set Content-Length: with POST and PUT failed with NTLM auth
    * allow building libcurl for VxWorks
    * curl tool exit codes fixed for VMS
    * --no-buffer treated correctly
    * djgpp build fix
    * configure detection of GnuTLS now based on pkg-config as well
    * libcurl-NSS client cert handling segfaults
    * curl uploading from stdin/pipes now works in non-blocking way so that it continues the downloading even when the read stalls
    * ftp credentials are added to the url if needed for http proxies
    * curl -o - sends data to stdout using binary mode on windows
    * fixed the separators for "array" style string that CURLINFO_CERTINFO returns
    * auth problem over several hosts with re-used connection
    * improved the support for client certificates in libcurl+NSS
    * fix leak in gtls code
    * missing algorithms in libcurl+OpenSSL
    * with noproxy set you could still get a proxy if a proxy env was set
    * rand seeding on libcurl on windows built with OpenSSL was not thread-safe
    * fixed the zero byte inserted in cert name flaw in libcurl+OpenSSL
    * don't try SNI with SSLv2 or SSLv3 (OpenSSL and GnuTLS builds)
    * libcurl+OpenSSL would wrongly acknowledge a cert if CN matched but subjectAltName didn't
    * TFTP upload sent illegal TSIZE packets