aboutsummaryrefslogtreecommitdiffstats
path: root/RELEASE-NOTES
diff options
context:
space:
mode:
Diffstat (limited to 'RELEASE-NOTES')
-rw-r--r--RELEASE-NOTES207
1 files changed, 146 insertions, 61 deletions
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index a735262..bb52004 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -1,40 +1,88 @@
-Curl and libcurl 7.55.1
+Curl and libcurl 7.57.0
- Public curl releases: 168
- Command line options: 210
- curl_easy_setopt() options: 247
- Public functions in libcurl: 61
- Contributors: 1592
+ Public curl releases: 171
+ Command line options: 211
+ curl_easy_setopt() options: 249
+ Public functions in libcurl: 74
+ Contributors: 1649
+
+This release includes the following changes:
+
+ o auth: add support for RFC7616 - HTTP Digest access authentication [12]
+ o share: add support for sharing the connection cache [31]
+ o HTTP: implement Brotli content encoding [28]
This release includes the following bugfixes:
- o build: fix 'make install' with configure, install docs/libcurl/* too
- o make install: add 8 missing man pages to the installation
- o curl: do bounds check using a double comparison [1]
- o dist: Add dictserver.py/negtelnetserver.py to release [2]
- o digest_sspi: Don't reuse context if the user/passwd has changed [3]
- o gitignore: ignore top-level .vs folder [4]
- o build: check out *.sln files with Windows line endings [5]
- o travis: verify "make install" [6]
- o dist: fix the cmake build by shipping cmake_uninstall.cmake.in too [7]
- o metalink: fix error: ‘*’ in boolean context, suggest ‘&&’ instead
- o configure: use the threaded resolver backend by default if possible [8]
- o mkhelp.pl: allow executing this script directly [9]
- o maketgz: remove old *.dist files before making the tarball [10]
- o openssl: remove CONST_ASN1_BIT_STRING [11]
- o openssl: fix "error: this statement may fall through"
- o proxy: fix memory leak in case of invalid proxy server name [12]
- o curl/system.h: support more architectures (OpenRISC, ARC) [13]
- o docs: fix typos [14]
- o curl/system.h: add Oracle Solaris Studio [15]
- o CURLINFO_TOTAL_TIME: could wrongly return 4200 seconds [16]
- o docs: --connect-to clarified
- o cmake: allow user to override CMAKE_DEBUG_POSTFIX [17]
- o travis: test cmake build on tarball too
- o redirect: make it handle absolute redirects to IDN names [18]
- o curl/system.h: fix for gcc on PowerPC [19]
- o curl --interface: fixed for IPV6 unique local addresses [20]
- o cmake: threads detection improvements [21]
+ o CVE-2017-8816: NTLM buffer overflow via integer overflow [47]
+ o CVE-2017-8817: FTP wildcard out of bounds read [48]
+ o CVE-2017-8818: SSL out of buffer access [49]
+ o curl_mime_filedata.3: fix typos [1]
+ o libtest: Add required test libraries for lib1552 and lib1553 [2]
+ o fix time diffs for systems using unsigned time_t [3]
+ o ftplistparser: memory leak fix: free temporary memory always [4]
+ o multi: allow table handle sizes to be overridden [5]
+ o wildcards: don't use with non-supported protocols [6]
+ o curl_fnmatch: return error on illegal wildcard pattern [7]
+ o transfer: Fix chunked-encoding upload too early exit [8]
+ o curl_setup: Improve detection of CURL_WINDOWS_APP [9]
+ o resolvers: only include anything if needed [10]
+ o setopt: fix CURLOPT_SSH_AUTH_TYPES option read
+ o appveyor: add a win32 build
+ o Curl_timeleft: change return type to timediff_t [11]
+ o cmake: Export libcurl and curl targets to use by other cmake projects [13]
+ o curl: in -F option arg, comma is a delimiter for files only [14]
+ o curl: improved ";type=" handling in -F option arguments
+ o timeval: use mach_absolute_time() on MacOS [15]
+ o curlx: the timeval functions are no longer provided as curlx_* [16]
+ o mkhelp.pl: do not generate comment with current date [17]
+ o memdebug: use send/recv signature for curl_dosend/curl_dorecv [18]
+ o cookie: avoid NULL dereference [19]
+ o url: fix CURLOPT_POSTFIELDSIZE arg value check to allow -1 [20]
+ o include: remove conncache.h inclusion from where its not needed
+ o CURLOPT_MAXREDIRS: allow -1 as a value [21]
+ o tests: Fixed torture tests on tests 556 and 650
+ o http2: Fixed OOM handling in upgrade request
+ o url: fix CURLOPT_DNS_CACHE_TIMEOUT arg value check to allow -1
+ o CURLOPT_INFILESIZE: accept -1 [22]
+ o curl: pass through [] in URLs instead of calling globbing error [23]
+ o curl: speed up handling of many URLs [24]
+ o ntlm: avoid malloc(0) for zero length passwords [25]
+ o url: remove faulty arg value check from CURLOPT_SSH_AUTH_TYPES [26]
+ o HTTP: support multiple Content-Encodings [27]
+ o travis: add a job with brotli enabled
+ o url: remove unncessary NULL-check
+ o fnmatch: remove dead code
+ o connect: store IPv6 connection status after valid connection [29]
+ o imap: deal with commands case insensitively [30]
+ o --interface: add support for Linux VRF [32]
+ o content_encoding: fix inflate_stream for no bytes available [33]
+ o cmake: Correctly include curl.rc in Windows builds [34]
+ o cmake: Add missing setmode check [35]
+ o connect.c: remove executable bit on file [36]
+ o SMB: fix uninitialized local variable
+ o zlib/brotli: only include header files in modules needing them [37]
+ o URL: return error on malformed URLs with junk after IPv6 bracket [38]
+ o openssl: fix too broad use of HAVE_OPAQUE_EVP_PKEY [39]
+ o macOS: Fix missing connectx function with Xcode version older than 9.0 [40]
+ o --resolve: allow IP address within [] brackets [41]
+ o examples/curlx: Fix code style [42]
+ o ntlm: remove unnecessary NULL-check to please scan-build [43]
+ o Curl_llist_remove: fix potential NULL pointer deref [43]
+ o mime: fix "Value stored to 'sz' is never read" scan-build error [43]
+ o openssl: fix "Value stored to 'rc' is never read" scan-build error [43]
+ o http2: fix "Value stored to 'hdbuf' is never read" scan-build error [43]
+ o http2: fix "Value stored to 'end' is never read" scan-build error [43]
+ o Curl_open: fix OOM return error correctly [43]
+ o url: reject ASCII control characters and space in host names [44]
+ o examples/rtsp: clear RANGE again after use [45]
+ o connect: improve the bind error message [46]
+ o make: fix "make distclean" [50]
+ o connect: add support for new TCP Fast Open API on Linux [51]
+ o metalink: fix memory-leak and NULL pointer dereference [52]
+ o URL: update "file:" URL handling [53]
+ o ssh: remove check for a NULL pointer [54]
+ o global_init: ignore CURL_GLOBAL_SSL's absense [55]
This release includes the following known bugs:
@@ -43,36 +91,73 @@ This release includes the following known bugs:
This release would not have looked like this without help, code, reports and
advice from friends like these:
- Adam Sampson, Alessandro Ghedini, Alex Potapenko, Bernard Spil,
- Christian Weisgerber, Dagobert Michelsen, Dan Fandrich, Daniel Krügler,
- Daniel Stenberg, David Benjamin, David Lord, Even Rouault, Han Qiao,
- Isaac Boukris, James Slaughter, Marcel Raad, paulharris on github,
- Ray Satiro, Salah-Eddin Shaban, Sergei Nikulov, Simon Warta,
- Thomas Petazzoni,
- (22 contributors)
+ Alessandro Ghedini, Alex Malinovich, Alex Nichols, Alfonso Martone,
+ Andrew Lambert, arainchik on github, Brian Carpenter, cbartl on github,
+ Dan Fandrich, Daniel Bankhead, Daniel Stenberg, Dirk Feytons,
+ Dmitri Tikhonov, Evgeny Grin, Gisle Vanem, hsiao yi, Jakub Zakrzewski,
+ John Starks, Juro Bystricky, Kamil Dudka, Luca Boccassi, Marcel Raad,
+ Martin Storsjö, Matthew Kerwin, Max Dymond, Michael Felt, Michael Kaufmann,
+ moohoorama on github, omau on github, Orgad Shaneh, Patrick Monnerat,
+ Paul Howarth, Pavel Gushchin, Pavol Markovic, Per Lundberg, Peter Piekarski,
+ Petr Voytsik, Ray Satiro, Rob Cotrone, Viktor Szakáts, youngchopin on github,
+ (41 contributors)
Thanks! (and sorry if I forgot to mention someone)
References to bug reports and discussions on issues:
- [1] = https://curl.haxx.se/bug/?i=1750
- [2] = https://curl.haxx.se/bug/?i=1744
- [3] = https://curl.haxx.se/bug/?i=1742
- [4] = https://curl.haxx.se/bug/?i=1746
- [5] = https://curl.haxx.se/bug/?i=1746
- [6] = https://curl.haxx.se/bug/?i=1753
- [7] = https://curl.haxx.se/bug/?i=1755
- [8] = https://curl.haxx.se/bug/?i=1647
- [9] = https://curl.haxx.se/bug/?i=1743
- [10] = https://curl.haxx.se/mail/lib-2017-08/0050.html
- [11] = https://curl.haxx.se/bug/?i=1759
- [12] = https://curl.haxx.se/bug/?i=1761
- [13] = https://curl.haxx.se/bug/?i=1766
- [14] = https://curl.haxx.se/bug/?i=1770
- [15] = https://curl.haxx.se/bug/?i=1752
- [16] = https://curl.haxx.se/bug/?i=1769
- [17] = https://curl.haxx.se/bug/?i=1763
- [18] = https://curl.haxx.se/bug/?i=1762
- [19] = https://curl.haxx.se/bug/?i=1774
- [20] = https://curl.haxx.se/bug/?i=1764
- [21] = https://curl.haxx.se/bug/?i=1719
+ [1] = https://curl.haxx.se/bug/?i=2008
+ [2] = https://curl.haxx.se/bug/?i=2006
+ [3] = https://curl.haxx.se/bug/?i=2004
+ [4] = https://curl.haxx.se/bug/?i=2013
+ [5] = https://curl.haxx.se/bug/?i=1982
+ [6] = https://curl.haxx.se/bug/?i=2016
+ [7] = https://curl.haxx.se/bug/?i=2015
+ [8] = https://curl.haxx.se/bug/?i=2001
+ [9] = https://curl.haxx.se/bug/?i=2025
+ [10] = https://curl.haxx.se/bug/?i=2023
+ [11] = https://curl.haxx.se/bug/?i=2021
+ [12] = https://curl.haxx.se/bug/?i=1934
+ [13] = https://curl.haxx.se/bug/?i=1879
+ [14] = https://curl.haxx.se/bug/?i=2022
+ [15] = https://curl.haxx.se/bug/?i=2033
+ [16] = https://curl.haxx.se/bug/?i=2034
+ [17] = https://curl.haxx.se/bug/?i=2026
+ [18] = https://curl.haxx.se/bug/?i=2031
+ [19] = https://curl.haxx.se/bug/?i=2032
+ [20] = https://curl.haxx.se/mail/lib-2017-11/0000.html
+ [21] = https://curl.haxx.se/bug/?i=2038
+ [22] = https://curl.haxx.se/bug/?i=2047
+ [23] = https://curl.haxx.se/bug/?i=2044
+ [24] = https://curl.haxx.se/bug/?i=1959
+ [25] = https://curl.haxx.se/bug/?i=2054
+ [26] = https://github.com/curl/curl/commit/f121575#commitcomment-25347120
+ [27] = https://curl.haxx.se/bug/?i=2002
+ [28] = https://curl.haxx.se/bug/?i=2045
+ [29] = https://curl.haxx.se/bug/?i=2053
+ [30] = https://curl.haxx.se/bug/?i=2061
+ [31] = https://curl.haxx.se/bug/?i=2043
+ [32] = https://curl.haxx.se/bug/?i=2024
+ [33] = https://curl.haxx.se/bug/?i=2060
+ [34] = https://curl.haxx.se/bug/?i=2064
+ [35] = https://curl.haxx.se/bug/?i=2067
+ [36] = https://curl.haxx.se/bug/?i=2071
+ [37] = https://curl.haxx.se/mail/lib-2017-11/0032.html
+ [38] = https://curl.haxx.se/bug/?i=2072
+ [39] = https://curl.haxx.se/bug/?i=2079
+ [40] = https://curl.haxx.se/bug/?i=2080
+ [41] = https://curl.haxx.se/bug/?i=2087
+ [42] = https://curl.haxx.se/bug/?i=2096
+ [43] = https://curl.haxx.se/bug/?i=2098
+ [44] = https://curl.haxx.se/bug/?i=2073
+ [45] = https://curl.haxx.se/bug/?i=2106
+ [46] = https://curl.haxx.se/bug/?i=2104
+ [47] = https://curl.haxx.se/docs/adv_2017-11e7.html
+ [48] = https://curl.haxx.se/docs/adv_2017-ae72.html
+ [49] = https://curl.haxx.se/docs/adv_2017-af0a.html
+ [50] = https://curl.haxx.se/bug/?i=2097
+ [51] = https://curl.haxx.se/bug/?i=2056
+ [52] = https://curl.haxx.se/bug/?i=2109
+ [53] = https://curl.haxx.se/bug/?i=2110
+ [54] = https://curl.haxx.se/bug/?i=2111
+ [55] = https://curl.haxx.se/bug/?i=2083
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-21 11:06:22 +0000