Chapter 31. Networking

Previously, in some cases, Network Security Services (NSS) incorrectly reused a TLS session for a server with a different host name. Consequently, HTTPS servers could respond with an HTTP error 400 (Bad Request). An upstream patch has been applied on the source code of the libcurl library to prevent NSS from reusing a TLS session in case the HTTP host name does not match the TLS session host name. As a result, libcurl can now successfully communicate with servers that require HTTP host name to match the TLS session host name. (BZ#1269855)

Prior to this update, the curl utility required both private and public SSH keys (paired with each other) for user authentication. Consequently, if a user provided only the private SSH key, which is a common practice with the scp utility, curl failed to authenticate the user. An upstream patch has been applied to improve the SSH user authentication, and curl now authenticates the user successfully also in case only a private SSH key is provided. (BZ#1275769)

The URL parser in the libcurl library previously did not support arbitrarily long user names and passwords. Consequently, user names and passwords longer than 255 characters were truncated. A series of upstream patches has been applied on the libcurl source code, and long user names and passwords in the URLs are now processed correctly by libcurl. (BZ#1260178)

Previously, the PycURL interface violated the libcurl API, which requires a string passed by the CURLOPT_POSTFIELDS option to remain valid until the transfer finishes. Consequently, if the pycurl.POSTFIELDS option was used, libcurl accessed a string beyond its lifetime, which resulted in an undefined behavior. An upstream patch has been applied on the PycURL source code to make sure that the string passed to the CURLOPT_POSTFIELDS option of libcurl remains valid long enough, and the described problem no longer occurs. (BZ#1153321)

Previously, when sctp_accept() was called by a user during a heartbeat timeout event after the 4-way handshake, a deadlock could occur. With this update, the bug has been fixed by giving the assoc->base.sk pointer to make sure SCTP correctly locks and unlocks the listening socket. (BZ#1270586)

Prior to this update, using the ftp command put when the stack size was set to unlimited caused the sysconf(_SC_ARG_MAX) function to return -1, which in turn resulted in the malloc() function being called with an argument of 0 and causing an Out of memory message to be displayed. With this update, the underlying source code has been improved to allocate a reasonable minimum of memory. As a result, the Out of memory message no longer appears if the stack size was previously set to unlimited. (BZ#1304064)

Previously, NetworkManager always sent only the host part of a machine host name in a DHCP request. As a consequence, it was not possible to force sending a Fully Qualified Domain Name (FQDN). After this update, the user can configure the FQDN to be sent in a DHCP request by using nmcli and setting ipv4.dhcp-fqdn to the desired FQDN and ensuring that ipv4.dhcp-send-hostname is enabled. In configuration files, the FQDN can be specified with the DHCP_FQDN variable. (BZ#1255507)