7.35. curl

Bug Fixes

BZ#741935

The libssh2 library did not sufficiently reflect its ABI extensions in its version, which prevented the RPM dependency scanner from adding the correct dependency of libcurl on an updated version of libssh2. Consequently, if the user updated libcurl without first updating libssh2, the update ended with incorrect linkage of libcurl and the user was then unable to update libssh2 using yum. An explicit dependency of libcurl on an update version of libssh2 has been added and yum can now be used to update libcurl.

BZ#746629

Previously, libcurl required certificates loaded from files to have unique file base names due to limitation of the legacy API of NSS (Network Security Services). Some packages using libcurl did not fulfil this requirement and caused nickname collisions within NSS. Now, libcurl has been modified to use a newer API of NSS, which does not suffer from this limitation, and packages using libcurl are now allowed to load certificates from files with unrestricted file names.

BZ#813127

Previously, libcurl misinterpreted the Content-Length HTTP header when receiving data using the chunked encoding. Consequently, libcurl failed to read the last chunk of data and the transfer terminated prematurely. An upstream patch has been applied to fix the handling of the header and the chunked encoding in libcurl now works as expected.

BZ#841905

A sub-optimally chosen identifier in cURL source files clashed with an identifier from a public header file introduced in a newer version of libssh2, which prevented the curl package from a successful build. An upstream patch has been applied on cURL source files, which fixes the identifier collisions and the package now builds as expected.

BZ#738456

The OpenLDAP suite was recently modified to use NSS instead of OpenSSL as the SSL back end. This change led to collisions between libcurl and OpenLDAP on NSS initialization and shutdown. Consequently, applications that were using both libcurl and OpenLDAP failed to establish SSL connections. This update modifies libcurl to use the same NSS API as OpenLDAP, which prevents collisions from occurring. Applications using OpenLDAP and libcurl can now connect to the LDAP server over SSL as expected.

BZ#719938

As a solution to a security issue, GSSAPI credential delegation was disabled, which broke the functionality of applications that were relying on delegation, incorrectly enabled by libcurl. To fix this issue, the CURLOPT_GSSAPI_DELEGATION libcurl option has been introduced in order to enable delegation explicitly when applications need it. All applications using GSSAPI credential delegation can now use this new libcurl option to be able to run properly.

BZ#772642

SSL connections could not be established with libcurl if the selected NSS database was broken or invalid. This update modifies the code of libcurl to initialize NSS without a valid database, which allows applications to establish SSL connections as expected.

BZ#873789

Previously, libcurl incorrectly checked return values of the SCP/SFTP write functions provided by libssh2. Negative values returned by those functions were treated as negative download amounts, which caused applications to terminate unexpectedly. With this update, all negative values are treated as errors and as such are properly handled on the libcurl level, thus preventing the crashes.

BZ#879592

Prior to this update, libcurl used an obsolete libssh2 API for uploading files over the SCP protocol, which limited the maximum size of files being transferred on 32-bit architectures. Consequently, the 32-bit packages of libcurl were unable to transfer large files over SCP. With this update, a new libssh2 API for SCP uploads is used, which does not suffer from this limitation, thus fixing this bug.

Enhancements

BZ#676596

Previously, libcurl provided only HTTP status codes in error messages when reporting HTTP errors. This could confuse users not familiar with HTTP. Now, libcurl has been improved to include the HTTP reason phrase in error messages, thus providing more understandable output.

BZ#730445

This update introduces a new option, --delegation, which enables Kerberos credential delegation in cURL.