diff options
author | Daniel Stenberg <daniel@haxx.se> | 2017-12-01 10:37:05 +0100 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2017-12-01 10:37:05 +0100 |
commit | 3973ee6a654e96c027afee86037680334b24e709 (patch) | |
tree | 334ed2c5468b83912b4f7e3c437861c81ccb3ae5 | |
parent | af8cc7a693ddda1cd67fb3933169a5dc4059d239 (diff) | |
download | curl-3973ee6a654e96c027afee86037680334b24e709.tar.gz |
RELEASE-NOTES: synced with af8cc7a69
-rw-r--r-- | RELEASE-NOTES | 152 |
1 files changed, 13 insertions, 139 deletions
diff --git a/RELEASE-NOTES b/RELEASE-NOTES index bb52004c0..23515f8ba 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -1,6 +1,6 @@ -Curl and libcurl 7.57.0 +Curl and libcurl 7.57.1 - Public curl releases: 171 + Public curl releases: 172 Command line options: 211 curl_easy_setopt() options: 249 Public functions in libcurl: 74 @@ -8,81 +8,14 @@ Curl and libcurl 7.57.0 This release includes the following changes: - o auth: add support for RFC7616 - HTTP Digest access authentication [12] - o share: add support for sharing the connection cache [31] - o HTTP: implement Brotli content encoding [28] + o This release includes the following bugfixes: - o CVE-2017-8816: NTLM buffer overflow via integer overflow [47] - o CVE-2017-8817: FTP wildcard out of bounds read [48] - o CVE-2017-8818: SSL out of buffer access [49] - o curl_mime_filedata.3: fix typos [1] - o libtest: Add required test libraries for lib1552 and lib1553 [2] - o fix time diffs for systems using unsigned time_t [3] - o ftplistparser: memory leak fix: free temporary memory always [4] - o multi: allow table handle sizes to be overridden [5] - o wildcards: don't use with non-supported protocols [6] - o curl_fnmatch: return error on illegal wildcard pattern [7] - o transfer: Fix chunked-encoding upload too early exit [8] - o curl_setup: Improve detection of CURL_WINDOWS_APP [9] - o resolvers: only include anything if needed [10] - o setopt: fix CURLOPT_SSH_AUTH_TYPES option read - o appveyor: add a win32 build - o Curl_timeleft: change return type to timediff_t [11] - o cmake: Export libcurl and curl targets to use by other cmake projects [13] - o curl: in -F option arg, comma is a delimiter for files only [14] - o curl: improved ";type=" handling in -F option arguments - o timeval: use mach_absolute_time() on MacOS [15] - o curlx: the timeval functions are no longer provided as curlx_* [16] - o mkhelp.pl: do not generate comment with current date [17] - o memdebug: use send/recv signature for curl_dosend/curl_dorecv [18] - o cookie: avoid NULL dereference [19] - o url: fix CURLOPT_POSTFIELDSIZE arg value check to allow -1 [20] - o include: remove conncache.h inclusion from where its not needed - o CURLOPT_MAXREDIRS: allow -1 as a value [21] - o tests: Fixed torture tests on tests 556 and 650 - o http2: Fixed OOM handling in upgrade request - o url: fix CURLOPT_DNS_CACHE_TIMEOUT arg value check to allow -1 - o CURLOPT_INFILESIZE: accept -1 [22] - o curl: pass through [] in URLs instead of calling globbing error [23] - o curl: speed up handling of many URLs [24] - o ntlm: avoid malloc(0) for zero length passwords [25] - o url: remove faulty arg value check from CURLOPT_SSH_AUTH_TYPES [26] - o HTTP: support multiple Content-Encodings [27] - o travis: add a job with brotli enabled - o url: remove unncessary NULL-check - o fnmatch: remove dead code - o connect: store IPv6 connection status after valid connection [29] - o imap: deal with commands case insensitively [30] - o --interface: add support for Linux VRF [32] - o content_encoding: fix inflate_stream for no bytes available [33] - o cmake: Correctly include curl.rc in Windows builds [34] - o cmake: Add missing setmode check [35] - o connect.c: remove executable bit on file [36] - o SMB: fix uninitialized local variable - o zlib/brotli: only include header files in modules needing them [37] - o URL: return error on malformed URLs with junk after IPv6 bracket [38] - o openssl: fix too broad use of HAVE_OPAQUE_EVP_PKEY [39] - o macOS: Fix missing connectx function with Xcode version older than 9.0 [40] - o --resolve: allow IP address within [] brackets [41] - o examples/curlx: Fix code style [42] - o ntlm: remove unnecessary NULL-check to please scan-build [43] - o Curl_llist_remove: fix potential NULL pointer deref [43] - o mime: fix "Value stored to 'sz' is never read" scan-build error [43] - o openssl: fix "Value stored to 'rc' is never read" scan-build error [43] - o http2: fix "Value stored to 'hdbuf' is never read" scan-build error [43] - o http2: fix "Value stored to 'end' is never read" scan-build error [43] - o Curl_open: fix OOM return error correctly [43] - o url: reject ASCII control characters and space in host names [44] - o examples/rtsp: clear RANGE again after use [45] - o connect: improve the bind error message [46] - o make: fix "make distclean" [50] - o connect: add support for new TCP Fast Open API on Linux [51] - o metalink: fix memory-leak and NULL pointer dereference [52] - o URL: update "file:" URL handling [53] - o ssh: remove check for a NULL pointer [54] - o global_init: ignore CURL_GLOBAL_SSL's absense [55] + o travis: add boringssl build [1] + o examples/xmlstream.c: don't switch off CURL_GLOBAL_SSL [2] + o SSL: Avoid magic allocation of SSL backend specific data [3] + o lib: don't export all symbols, just everything curl_* [4] This release includes the following known bugs: @@ -91,73 +24,14 @@ This release includes the following known bugs: This release would not have looked like this without help, code, reports and advice from friends like these: - Alessandro Ghedini, Alex Malinovich, Alex Nichols, Alfonso Martone, - Andrew Lambert, arainchik on github, Brian Carpenter, cbartl on github, - Dan Fandrich, Daniel Bankhead, Daniel Stenberg, Dirk Feytons, - Dmitri Tikhonov, Evgeny Grin, Gisle Vanem, hsiao yi, Jakub Zakrzewski, - John Starks, Juro Bystricky, Kamil Dudka, Luca Boccassi, Marcel Raad, - Martin Storsjö, Matthew Kerwin, Max Dymond, Michael Felt, Michael Kaufmann, - moohoorama on github, omau on github, Orgad Shaneh, Patrick Monnerat, - Paul Howarth, Pavel Gushchin, Pavol Markovic, Per Lundberg, Peter Piekarski, - Petr Voytsik, Ray Satiro, Rob Cotrone, Viktor Szakáts, youngchopin on github, - (41 contributors) + Daniel Stenberg, Dima Tisnek, Johannes Schindelin, W. Mark Kubacki, + (4 contributors) Thanks! (and sorry if I forgot to mention someone) References to bug reports and discussions on issues: - [1] = https://curl.haxx.se/bug/?i=2008 - [2] = https://curl.haxx.se/bug/?i=2006 - [3] = https://curl.haxx.se/bug/?i=2004 - [4] = https://curl.haxx.se/bug/?i=2013 - [5] = https://curl.haxx.se/bug/?i=1982 - [6] = https://curl.haxx.se/bug/?i=2016 - [7] = https://curl.haxx.se/bug/?i=2015 - [8] = https://curl.haxx.se/bug/?i=2001 - [9] = https://curl.haxx.se/bug/?i=2025 - [10] = https://curl.haxx.se/bug/?i=2023 - [11] = https://curl.haxx.se/bug/?i=2021 - [12] = https://curl.haxx.se/bug/?i=1934 - [13] = https://curl.haxx.se/bug/?i=1879 - [14] = https://curl.haxx.se/bug/?i=2022 - [15] = https://curl.haxx.se/bug/?i=2033 - [16] = https://curl.haxx.se/bug/?i=2034 - [17] = https://curl.haxx.se/bug/?i=2026 - [18] = https://curl.haxx.se/bug/?i=2031 - [19] = https://curl.haxx.se/bug/?i=2032 - [20] = https://curl.haxx.se/mail/lib-2017-11/0000.html - [21] = https://curl.haxx.se/bug/?i=2038 - [22] = https://curl.haxx.se/bug/?i=2047 - [23] = https://curl.haxx.se/bug/?i=2044 - [24] = https://curl.haxx.se/bug/?i=1959 - [25] = https://curl.haxx.se/bug/?i=2054 - [26] = https://github.com/curl/curl/commit/f121575#commitcomment-25347120 - [27] = https://curl.haxx.se/bug/?i=2002 - [28] = https://curl.haxx.se/bug/?i=2045 - [29] = https://curl.haxx.se/bug/?i=2053 - [30] = https://curl.haxx.se/bug/?i=2061 - [31] = https://curl.haxx.se/bug/?i=2043 - [32] = https://curl.haxx.se/bug/?i=2024 - [33] = https://curl.haxx.se/bug/?i=2060 - [34] = https://curl.haxx.se/bug/?i=2064 - [35] = https://curl.haxx.se/bug/?i=2067 - [36] = https://curl.haxx.se/bug/?i=2071 - [37] = https://curl.haxx.se/mail/lib-2017-11/0032.html - [38] = https://curl.haxx.se/bug/?i=2072 - [39] = https://curl.haxx.se/bug/?i=2079 - [40] = https://curl.haxx.se/bug/?i=2080 - [41] = https://curl.haxx.se/bug/?i=2087 - [42] = https://curl.haxx.se/bug/?i=2096 - [43] = https://curl.haxx.se/bug/?i=2098 - [44] = https://curl.haxx.se/bug/?i=2073 - [45] = https://curl.haxx.se/bug/?i=2106 - [46] = https://curl.haxx.se/bug/?i=2104 - [47] = https://curl.haxx.se/docs/adv_2017-11e7.html - [48] = https://curl.haxx.se/docs/adv_2017-ae72.html - [49] = https://curl.haxx.se/docs/adv_2017-af0a.html - [50] = https://curl.haxx.se/bug/?i=2097 - [51] = https://curl.haxx.se/bug/?i=2056 - [52] = https://curl.haxx.se/bug/?i=2109 - [53] = https://curl.haxx.se/bug/?i=2110 - [54] = https://curl.haxx.se/bug/?i=2111 - [55] = https://curl.haxx.se/bug/?i=2083 + [1] = https://curl.haxx.se/bug/?i=2118 + [2] = https://curl.haxx.se/mail/lib-2017-12/0000.html + [3] = https://curl.haxx.se/bug/?i=2119 + [4] = https://curl.haxx.se/bug/?i=2127 |