diff options
Diffstat (limited to 'RELEASE-NOTES')
-rw-r--r-- | RELEASE-NOTES | 207 |
1 files changed, 146 insertions, 61 deletions
diff --git a/RELEASE-NOTES b/RELEASE-NOTES index a735262..bb52004 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -1,40 +1,88 @@ -Curl and libcurl 7.55.1 +Curl and libcurl 7.57.0 - Public curl releases: 168 - Command line options: 210 - curl_easy_setopt() options: 247 - Public functions in libcurl: 61 - Contributors: 1592 + Public curl releases: 171 + Command line options: 211 + curl_easy_setopt() options: 249 + Public functions in libcurl: 74 + Contributors: 1649 + +This release includes the following changes: + + o auth: add support for RFC7616 - HTTP Digest access authentication [12] + o share: add support for sharing the connection cache [31] + o HTTP: implement Brotli content encoding [28] This release includes the following bugfixes: - o build: fix 'make install' with configure, install docs/libcurl/* too - o make install: add 8 missing man pages to the installation - o curl: do bounds check using a double comparison [1] - o dist: Add dictserver.py/negtelnetserver.py to release [2] - o digest_sspi: Don't reuse context if the user/passwd has changed [3] - o gitignore: ignore top-level .vs folder [4] - o build: check out *.sln files with Windows line endings [5] - o travis: verify "make install" [6] - o dist: fix the cmake build by shipping cmake_uninstall.cmake.in too [7] - o metalink: fix error: ‘*’ in boolean context, suggest ‘&&’ instead - o configure: use the threaded resolver backend by default if possible [8] - o mkhelp.pl: allow executing this script directly [9] - o maketgz: remove old *.dist files before making the tarball [10] - o openssl: remove CONST_ASN1_BIT_STRING [11] - o openssl: fix "error: this statement may fall through" - o proxy: fix memory leak in case of invalid proxy server name [12] - o curl/system.h: support more architectures (OpenRISC, ARC) [13] - o docs: fix typos [14] - o curl/system.h: add Oracle Solaris Studio [15] - o CURLINFO_TOTAL_TIME: could wrongly return 4200 seconds [16] - o docs: --connect-to clarified - o cmake: allow user to override CMAKE_DEBUG_POSTFIX [17] - o travis: test cmake build on tarball too - o redirect: make it handle absolute redirects to IDN names [18] - o curl/system.h: fix for gcc on PowerPC [19] - o curl --interface: fixed for IPV6 unique local addresses [20] - o cmake: threads detection improvements [21] + o CVE-2017-8816: NTLM buffer overflow via integer overflow [47] + o CVE-2017-8817: FTP wildcard out of bounds read [48] + o CVE-2017-8818: SSL out of buffer access [49] + o curl_mime_filedata.3: fix typos [1] + o libtest: Add required test libraries for lib1552 and lib1553 [2] + o fix time diffs for systems using unsigned time_t [3] + o ftplistparser: memory leak fix: free temporary memory always [4] + o multi: allow table handle sizes to be overridden [5] + o wildcards: don't use with non-supported protocols [6] + o curl_fnmatch: return error on illegal wildcard pattern [7] + o transfer: Fix chunked-encoding upload too early exit [8] + o curl_setup: Improve detection of CURL_WINDOWS_APP [9] + o resolvers: only include anything if needed [10] + o setopt: fix CURLOPT_SSH_AUTH_TYPES option read + o appveyor: add a win32 build + o Curl_timeleft: change return type to timediff_t [11] + o cmake: Export libcurl and curl targets to use by other cmake projects [13] + o curl: in -F option arg, comma is a delimiter for files only [14] + o curl: improved ";type=" handling in -F option arguments + o timeval: use mach_absolute_time() on MacOS [15] + o curlx: the timeval functions are no longer provided as curlx_* [16] + o mkhelp.pl: do not generate comment with current date [17] + o memdebug: use send/recv signature for curl_dosend/curl_dorecv [18] + o cookie: avoid NULL dereference [19] + o url: fix CURLOPT_POSTFIELDSIZE arg value check to allow -1 [20] + o include: remove conncache.h inclusion from where its not needed + o CURLOPT_MAXREDIRS: allow -1 as a value [21] + o tests: Fixed torture tests on tests 556 and 650 + o http2: Fixed OOM handling in upgrade request + o url: fix CURLOPT_DNS_CACHE_TIMEOUT arg value check to allow -1 + o CURLOPT_INFILESIZE: accept -1 [22] + o curl: pass through [] in URLs instead of calling globbing error [23] + o curl: speed up handling of many URLs [24] + o ntlm: avoid malloc(0) for zero length passwords [25] + o url: remove faulty arg value check from CURLOPT_SSH_AUTH_TYPES [26] + o HTTP: support multiple Content-Encodings [27] + o travis: add a job with brotli enabled + o url: remove unncessary NULL-check + o fnmatch: remove dead code + o connect: store IPv6 connection status after valid connection [29] + o imap: deal with commands case insensitively [30] + o --interface: add support for Linux VRF [32] + o content_encoding: fix inflate_stream for no bytes available [33] + o cmake: Correctly include curl.rc in Windows builds [34] + o cmake: Add missing setmode check [35] + o connect.c: remove executable bit on file [36] + o SMB: fix uninitialized local variable + o zlib/brotli: only include header files in modules needing them [37] + o URL: return error on malformed URLs with junk after IPv6 bracket [38] + o openssl: fix too broad use of HAVE_OPAQUE_EVP_PKEY [39] + o macOS: Fix missing connectx function with Xcode version older than 9.0 [40] + o --resolve: allow IP address within [] brackets [41] + o examples/curlx: Fix code style [42] + o ntlm: remove unnecessary NULL-check to please scan-build [43] + o Curl_llist_remove: fix potential NULL pointer deref [43] + o mime: fix "Value stored to 'sz' is never read" scan-build error [43] + o openssl: fix "Value stored to 'rc' is never read" scan-build error [43] + o http2: fix "Value stored to 'hdbuf' is never read" scan-build error [43] + o http2: fix "Value stored to 'end' is never read" scan-build error [43] + o Curl_open: fix OOM return error correctly [43] + o url: reject ASCII control characters and space in host names [44] + o examples/rtsp: clear RANGE again after use [45] + o connect: improve the bind error message [46] + o make: fix "make distclean" [50] + o connect: add support for new TCP Fast Open API on Linux [51] + o metalink: fix memory-leak and NULL pointer dereference [52] + o URL: update "file:" URL handling [53] + o ssh: remove check for a NULL pointer [54] + o global_init: ignore CURL_GLOBAL_SSL's absense [55] This release includes the following known bugs: @@ -43,36 +91,73 @@ This release includes the following known bugs: This release would not have looked like this without help, code, reports and advice from friends like these: - Adam Sampson, Alessandro Ghedini, Alex Potapenko, Bernard Spil, - Christian Weisgerber, Dagobert Michelsen, Dan Fandrich, Daniel Krügler, - Daniel Stenberg, David Benjamin, David Lord, Even Rouault, Han Qiao, - Isaac Boukris, James Slaughter, Marcel Raad, paulharris on github, - Ray Satiro, Salah-Eddin Shaban, Sergei Nikulov, Simon Warta, - Thomas Petazzoni, - (22 contributors) + Alessandro Ghedini, Alex Malinovich, Alex Nichols, Alfonso Martone, + Andrew Lambert, arainchik on github, Brian Carpenter, cbartl on github, + Dan Fandrich, Daniel Bankhead, Daniel Stenberg, Dirk Feytons, + Dmitri Tikhonov, Evgeny Grin, Gisle Vanem, hsiao yi, Jakub Zakrzewski, + John Starks, Juro Bystricky, Kamil Dudka, Luca Boccassi, Marcel Raad, + Martin Storsjö, Matthew Kerwin, Max Dymond, Michael Felt, Michael Kaufmann, + moohoorama on github, omau on github, Orgad Shaneh, Patrick Monnerat, + Paul Howarth, Pavel Gushchin, Pavol Markovic, Per Lundberg, Peter Piekarski, + Petr Voytsik, Ray Satiro, Rob Cotrone, Viktor Szakáts, youngchopin on github, + (41 contributors) Thanks! (and sorry if I forgot to mention someone) References to bug reports and discussions on issues: - [1] = https://curl.haxx.se/bug/?i=1750 - [2] = https://curl.haxx.se/bug/?i=1744 - [3] = https://curl.haxx.se/bug/?i=1742 - [4] = https://curl.haxx.se/bug/?i=1746 - [5] = https://curl.haxx.se/bug/?i=1746 - [6] = https://curl.haxx.se/bug/?i=1753 - [7] = https://curl.haxx.se/bug/?i=1755 - [8] = https://curl.haxx.se/bug/?i=1647 - [9] = https://curl.haxx.se/bug/?i=1743 - [10] = https://curl.haxx.se/mail/lib-2017-08/0050.html - [11] = https://curl.haxx.se/bug/?i=1759 - [12] = https://curl.haxx.se/bug/?i=1761 - [13] = https://curl.haxx.se/bug/?i=1766 - [14] = https://curl.haxx.se/bug/?i=1770 - [15] = https://curl.haxx.se/bug/?i=1752 - [16] = https://curl.haxx.se/bug/?i=1769 - [17] = https://curl.haxx.se/bug/?i=1763 - [18] = https://curl.haxx.se/bug/?i=1762 - [19] = https://curl.haxx.se/bug/?i=1774 - [20] = https://curl.haxx.se/bug/?i=1764 - [21] = https://curl.haxx.se/bug/?i=1719 + [1] = https://curl.haxx.se/bug/?i=2008 + [2] = https://curl.haxx.se/bug/?i=2006 + [3] = https://curl.haxx.se/bug/?i=2004 + [4] = https://curl.haxx.se/bug/?i=2013 + [5] = https://curl.haxx.se/bug/?i=1982 + [6] = https://curl.haxx.se/bug/?i=2016 + [7] = https://curl.haxx.se/bug/?i=2015 + [8] = https://curl.haxx.se/bug/?i=2001 + [9] = https://curl.haxx.se/bug/?i=2025 + [10] = https://curl.haxx.se/bug/?i=2023 + [11] = https://curl.haxx.se/bug/?i=2021 + [12] = https://curl.haxx.se/bug/?i=1934 + [13] = https://curl.haxx.se/bug/?i=1879 + [14] = https://curl.haxx.se/bug/?i=2022 + [15] = https://curl.haxx.se/bug/?i=2033 + [16] = https://curl.haxx.se/bug/?i=2034 + [17] = https://curl.haxx.se/bug/?i=2026 + [18] = https://curl.haxx.se/bug/?i=2031 + [19] = https://curl.haxx.se/bug/?i=2032 + [20] = https://curl.haxx.se/mail/lib-2017-11/0000.html + [21] = https://curl.haxx.se/bug/?i=2038 + [22] = https://curl.haxx.se/bug/?i=2047 + [23] = https://curl.haxx.se/bug/?i=2044 + [24] = https://curl.haxx.se/bug/?i=1959 + [25] = https://curl.haxx.se/bug/?i=2054 + [26] = https://github.com/curl/curl/commit/f121575#commitcomment-25347120 + [27] = https://curl.haxx.se/bug/?i=2002 + [28] = https://curl.haxx.se/bug/?i=2045 + [29] = https://curl.haxx.se/bug/?i=2053 + [30] = https://curl.haxx.se/bug/?i=2061 + [31] = https://curl.haxx.se/bug/?i=2043 + [32] = https://curl.haxx.se/bug/?i=2024 + [33] = https://curl.haxx.se/bug/?i=2060 + [34] = https://curl.haxx.se/bug/?i=2064 + [35] = https://curl.haxx.se/bug/?i=2067 + [36] = https://curl.haxx.se/bug/?i=2071 + [37] = https://curl.haxx.se/mail/lib-2017-11/0032.html + [38] = https://curl.haxx.se/bug/?i=2072 + [39] = https://curl.haxx.se/bug/?i=2079 + [40] = https://curl.haxx.se/bug/?i=2080 + [41] = https://curl.haxx.se/bug/?i=2087 + [42] = https://curl.haxx.se/bug/?i=2096 + [43] = https://curl.haxx.se/bug/?i=2098 + [44] = https://curl.haxx.se/bug/?i=2073 + [45] = https://curl.haxx.se/bug/?i=2106 + [46] = https://curl.haxx.se/bug/?i=2104 + [47] = https://curl.haxx.se/docs/adv_2017-11e7.html + [48] = https://curl.haxx.se/docs/adv_2017-ae72.html + [49] = https://curl.haxx.se/docs/adv_2017-af0a.html + [50] = https://curl.haxx.se/bug/?i=2097 + [51] = https://curl.haxx.se/bug/?i=2056 + [52] = https://curl.haxx.se/bug/?i=2109 + [53] = https://curl.haxx.se/bug/?i=2110 + [54] = https://curl.haxx.se/bug/?i=2111 + [55] = https://curl.haxx.se/bug/?i=2083 |