This update fixes CVE-2016-2183 (aka 'sweet32')
- setup ECDHE to allow Perfect Forward Secrecy, using the p256 NIST prime curve (CVE-2016-2183)(mmeissner)
This is a bugfix/cleanup release
- Prevent buffer overflow if digest realm too long
- Ensure path starts with '/' in client data endpoint
- Java bindings build fix
- Fix SSL library, usage is not thread safe (vcrhonek)
- Improve NetBSD and OSX builds (apjanke)
- Install winrs with correct name and permissions
The most important bugfix of this release is the thread-safety of iniparser, which could crash when reading the
Fixing the selector extraction from URI query allows to specific an instance as resource URI + key properties within a single URI in
- Install winrs.rb (Windows Remote Shell) to /usr/bin
- New package: winrs
- Make iniparser thread-safe (Emil Bartczak)
- Fix excessive RPM rebuilds (Olaf Hering)
- Fix selector extraction from URI query (Markus Kolb)
- Fix RPM building on older distributions
- Fix RPM building on Fedora 22
This release contains two important fixes, one of them disguised as a feature.
With multithreading client applications, the libcurl backend might crash if DNS lookups time out. This is due to the way libcurl handles timeouts using
longjmp, and signals.
openwsman_client.conf now provides an option
curlopt_nosignal within the
[client] section to work around that crash. Setting
curlopt_nosignal = 1 prevents these crashes at the risk of hanging DNS lookups.
See http://curl.haxx.se/libcurl/c/CURLOPT_NOSIGNAL.html for details.
The other fix is in
iniparser.c which can crash in
strcmp if a NULL pointer is passed. This bug has been there all the years and probably got triggered due to new versions of GCC.
From the ChangeLog:
CURL crashes in multithreaded client applications
- Limit EnvelopeSize to 32767 if
wsman:MaxEnvelopeSizenot set in
request (WS-Man 1.2 compatibility) (Prabhakar Pujeri)
- fix memory leaks (Vitezslav Crhonek)
- fix possible crash in
Main feature of this release is support for Section 6.3 (wsman:Locale) of DSP 0226 (aka WS-Management standard)
The downside is a size change of the
client_opt_t structure, requiring a so version increase for libwsman-client.
Special thanks to Prabhakar Pujeri for this release !
This release adds RFC1866 support in allowing
; as a separator for resource uri query parameters (selectors).
It also prints a warning if a resource URI (wrongly) uses
, as query parameter separator.
Do NOT use
Version 2.5.0 completely rewrites the handling of key/value pairs for selectors and properties. This brings a breakage of an internal(!) API which was used by
The .so version of
libwsman was therefore increased to 3.
wsmancli was fixed to use public APIs only.
You must upgrade
wsmancli to 2.5.0 (or later) together with Openwsman
- Rewrite selector and property handling to keep
them in order (#49)
Selectors and properties can now handle EndpointReferences
as values. This increases compatibility with Intel AMT 7.0
- ABI change, .so version 3
- Ruby: Add EndPointReference#to_s
This release fixes a nasty bug in wsmc_add_property.
- Ruby: Add Fault#to_s
- Ruby: Enable ClientOptions#properties=
- Cim: New config option "cim_client_cql' to select CQL query
identifier ('CQL' - default, 'DMTF:CQL' - standards-compliant)
- Fix segfault in wsmc_add_property
- Fix memleak in xpath handling
- Fix typo in parsing max_connections_per_thread (vcrhonek)
- Ruby: ClientOptions#properties=