Version 2.6.5 - Python3 and Ruby 2.5

@Openwsman Openwsman released this Nov 28, 2017 · 4 commits to master since this release

This release supports Python3 and Ruby 2.5 for the bindings component.

  • Bugfixes
    • Replace obsolete pam modules with standard ones (
    • Include shttpd_config.h in tarball (
    • Build with Python 3
    • Build with Ruby 2.5

Version 2.6.4 - security update

@kkaempf kkaempf released this Nov 7, 2017 · 24 commits to master since this release

This update fixes CVE-2016-2183 (aka 'sweet32')

  • Bugfixes
    • setup ECDHE to allow Perfect Forward Secrecy, using the p256 NIST prime curve (CVE-2016-2183)(mmeissner)

Version 2.6.3

@kkaempf kkaempf released this Jun 21, 2016 · 38 commits to master since this release

This is a bugfix/cleanup release

  • Bugfixes
    • Prevent buffer overflow if digest realm too long
    • Ensure path starts with '/' in client data endpoint
    • Java bindings build fix
    • Fix SSL library, usage is not thread safe (vcrhonek)
    • Improve NetBSD and OSX builds (apjanke)
    • Install winrs with correct name and permissions

Version 2.6.2

@kkaempf kkaempf released this Oct 19, 2015 · 62 commits to master since this release

The most important bugfix of this release is the thread-safety of iniparser, which could crash when reading the openwsman.conf file.

Fixing the selector extraction from URI query allows to specific an instance as resource URI + key properties within a single URI in wsman.

  • Features
    • Install winrs.rb (Windows Remote Shell) to /usr/bin
    • New package: winrs
  • Bugfixes
    • Make iniparser thread-safe (Emil Bartczak)
    • Fix excessive RPM rebuilds (Olaf Hering)
    • Fix selector extraction from URI query (Markus Kolb)
    • Fix RPM building on older distributions
    • Fix RPM building on Fedora 22

Version 2.6.1

@kkaempf kkaempf released this Aug 28, 2015 · 80 commits to master since this release

This release contains two important fixes, one of them disguised as a feature.

With multithreading client applications, the libcurl backend might crash if DNS lookups time out. This is due to the way libcurl handles timeouts using setjmp, longjmp, and signals.
openwsman_client.conf now provides an option curlopt_nosignal within the [client] section to work around that crash. Setting curlopt_nosignal = 1 prevents these crashes at the risk of hanging DNS lookups.
See for details.

The other fix is in dictionary_get() of iniparser.c which can crash in strcmp if a NULL pointer is passed. This bug has been there all the years and probably got triggered due to new versions of GCC.

From the ChangeLog:

  • Features
    • Add curlopt_nosignal option to openwsman_client.conf to prevent
      CURL crashes in multithreaded client applications
    • Limit EnvelopeSize to 32767 if wsman:MaxEnvelopeSize not set in
      request (WS-Man 1.2 compatibility) (Prabhakar Pujeri)
  • Bugfixes
    • fix memory leaks (Vitezslav Crhonek)
    • honor client:agent from openwsman_client.conf
    • fix possible crash in dictionary_get()

Version 2.6.0

@kkaempf kkaempf released this Jun 9, 2015 · 99 commits to master since this release

Main feature of this release is support for Section 6.3 (wsman:Locale) of DSP 0226 (aka WS-Management standard)

The downside is a size change of the client_opt_t structure, requiring a so version increase for libwsman-client.

Special thanks to Prabhakar Pujeri for this release !

Version 2.5.2

@kkaempf kkaempf released this Jun 3, 2015 · 108 commits to master since this release

This version provides native Python packaging, see

Version 2.5.1

@kkaempf kkaempf released this Jun 2, 2015 · 120 commits to master since this release

This release adds RFC1866 support in allowing ; as a separator for resource uri query parameters (selectors).
It also prints a warning if a resource URI (wrongly) uses , as query parameter separator.

Do NOT use http://...?Foo="Bar",Baz="Boo",...
Use http://...?Foo="Bar"&Baz="Boo"&... or http://...?Foo="Bar";Baz="Boo";...

Version 2.5.0

@kkaempf kkaempf released this Jun 2, 2015 · 121 commits to master since this release

Version 2.5.0 completely rewrites the handling of key/value pairs for selectors and properties. This brings a breakage of an internal(!) API which was used by wsmancli.
The .so version of libwsman was therefore increased to 3. wsmancli was fixed to use public APIs only.

You must upgrade wsmancli to 2.5.0 (or later) together with Openwsman

  • Rewrite selector and property handling to keep
    them in order (#49)
    Selectors and properties can now handle EndpointReferences
    as values. This increases compatibility with Intel AMT 7.0
    and later.
  • ABI change, .so version 3
  • Ruby: Add EndPointReference#to_s

Version 2.4.15

@kkaempf kkaempf released this May 20, 2015 · 131 commits to master since this release

This release fixes a nasty bug in wsmc_add_property.

  • Features
    • Ruby: Add Fault#to_s
    • Ruby: Enable ClientOptions#properties=
    • Cim: New config option "cim_client_cql' to select CQL query
      identifier ('CQL' - default, 'DMTF:CQL' - standards-compliant)
  • Bugfixes
    • Fix segfault in wsmc_add_property
    • Fix memleak in xpath handling
    • Fix typo in parsing max_connections_per_thread (vcrhonek)
    • Ruby: ClientOptions#properties=