summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2017-12-01 10:37:05 +0100
committerDaniel Stenberg <daniel@haxx.se>2017-12-01 10:37:05 +0100
commit3973ee6a654e96c027afee86037680334b24e709 (patch)
tree334ed2c5468b83912b4f7e3c437861c81ccb3ae5
parentaf8cc7a693ddda1cd67fb3933169a5dc4059d239 (diff)
downloadcurl-3973ee6a654e96c027afee86037680334b24e709.tar.gz
RELEASE-NOTES: synced with af8cc7a69
-rw-r--r--RELEASE-NOTES152
1 files changed, 13 insertions, 139 deletions
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index bb52004c0..23515f8ba 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -1,6 +1,6 @@
-Curl and libcurl 7.57.0
+Curl and libcurl 7.57.1
- Public curl releases: 171
+ Public curl releases: 172
Command line options: 211
curl_easy_setopt() options: 249
Public functions in libcurl: 74
@@ -8,81 +8,14 @@ Curl and libcurl 7.57.0
This release includes the following changes:
- o auth: add support for RFC7616 - HTTP Digest access authentication [12]
- o share: add support for sharing the connection cache [31]
- o HTTP: implement Brotli content encoding [28]
+ o
This release includes the following bugfixes:
- o CVE-2017-8816: NTLM buffer overflow via integer overflow [47]
- o CVE-2017-8817: FTP wildcard out of bounds read [48]
- o CVE-2017-8818: SSL out of buffer access [49]
- o curl_mime_filedata.3: fix typos [1]
- o libtest: Add required test libraries for lib1552 and lib1553 [2]
- o fix time diffs for systems using unsigned time_t [3]
- o ftplistparser: memory leak fix: free temporary memory always [4]
- o multi: allow table handle sizes to be overridden [5]
- o wildcards: don't use with non-supported protocols [6]
- o curl_fnmatch: return error on illegal wildcard pattern [7]
- o transfer: Fix chunked-encoding upload too early exit [8]
- o curl_setup: Improve detection of CURL_WINDOWS_APP [9]
- o resolvers: only include anything if needed [10]
- o setopt: fix CURLOPT_SSH_AUTH_TYPES option read
- o appveyor: add a win32 build
- o Curl_timeleft: change return type to timediff_t [11]
- o cmake: Export libcurl and curl targets to use by other cmake projects [13]
- o curl: in -F option arg, comma is a delimiter for files only [14]
- o curl: improved ";type=" handling in -F option arguments
- o timeval: use mach_absolute_time() on MacOS [15]
- o curlx: the timeval functions are no longer provided as curlx_* [16]
- o mkhelp.pl: do not generate comment with current date [17]
- o memdebug: use send/recv signature for curl_dosend/curl_dorecv [18]
- o cookie: avoid NULL dereference [19]
- o url: fix CURLOPT_POSTFIELDSIZE arg value check to allow -1 [20]
- o include: remove conncache.h inclusion from where its not needed
- o CURLOPT_MAXREDIRS: allow -1 as a value [21]
- o tests: Fixed torture tests on tests 556 and 650
- o http2: Fixed OOM handling in upgrade request
- o url: fix CURLOPT_DNS_CACHE_TIMEOUT arg value check to allow -1
- o CURLOPT_INFILESIZE: accept -1 [22]
- o curl: pass through [] in URLs instead of calling globbing error [23]
- o curl: speed up handling of many URLs [24]
- o ntlm: avoid malloc(0) for zero length passwords [25]
- o url: remove faulty arg value check from CURLOPT_SSH_AUTH_TYPES [26]
- o HTTP: support multiple Content-Encodings [27]
- o travis: add a job with brotli enabled
- o url: remove unncessary NULL-check
- o fnmatch: remove dead code
- o connect: store IPv6 connection status after valid connection [29]
- o imap: deal with commands case insensitively [30]
- o --interface: add support for Linux VRF [32]
- o content_encoding: fix inflate_stream for no bytes available [33]
- o cmake: Correctly include curl.rc in Windows builds [34]
- o cmake: Add missing setmode check [35]
- o connect.c: remove executable bit on file [36]
- o SMB: fix uninitialized local variable
- o zlib/brotli: only include header files in modules needing them [37]
- o URL: return error on malformed URLs with junk after IPv6 bracket [38]
- o openssl: fix too broad use of HAVE_OPAQUE_EVP_PKEY [39]
- o macOS: Fix missing connectx function with Xcode version older than 9.0 [40]
- o --resolve: allow IP address within [] brackets [41]
- o examples/curlx: Fix code style [42]
- o ntlm: remove unnecessary NULL-check to please scan-build [43]
- o Curl_llist_remove: fix potential NULL pointer deref [43]
- o mime: fix "Value stored to 'sz' is never read" scan-build error [43]
- o openssl: fix "Value stored to 'rc' is never read" scan-build error [43]
- o http2: fix "Value stored to 'hdbuf' is never read" scan-build error [43]
- o http2: fix "Value stored to 'end' is never read" scan-build error [43]
- o Curl_open: fix OOM return error correctly [43]
- o url: reject ASCII control characters and space in host names [44]
- o examples/rtsp: clear RANGE again after use [45]
- o connect: improve the bind error message [46]
- o make: fix "make distclean" [50]
- o connect: add support for new TCP Fast Open API on Linux [51]
- o metalink: fix memory-leak and NULL pointer dereference [52]
- o URL: update "file:" URL handling [53]
- o ssh: remove check for a NULL pointer [54]
- o global_init: ignore CURL_GLOBAL_SSL's absense [55]
+ o travis: add boringssl build [1]
+ o examples/xmlstream.c: don't switch off CURL_GLOBAL_SSL [2]
+ o SSL: Avoid magic allocation of SSL backend specific data [3]
+ o lib: don't export all symbols, just everything curl_* [4]
This release includes the following known bugs:
@@ -91,73 +24,14 @@ This release includes the following known bugs:
This release would not have looked like this without help, code, reports and
advice from friends like these:
- Alessandro Ghedini, Alex Malinovich, Alex Nichols, Alfonso Martone,
- Andrew Lambert, arainchik on github, Brian Carpenter, cbartl on github,
- Dan Fandrich, Daniel Bankhead, Daniel Stenberg, Dirk Feytons,
- Dmitri Tikhonov, Evgeny Grin, Gisle Vanem, hsiao yi, Jakub Zakrzewski,
- John Starks, Juro Bystricky, Kamil Dudka, Luca Boccassi, Marcel Raad,
- Martin Storsjö, Matthew Kerwin, Max Dymond, Michael Felt, Michael Kaufmann,
- moohoorama on github, omau on github, Orgad Shaneh, Patrick Monnerat,
- Paul Howarth, Pavel Gushchin, Pavol Markovic, Per Lundberg, Peter Piekarski,
- Petr Voytsik, Ray Satiro, Rob Cotrone, Viktor Szakáts, youngchopin on github,
- (41 contributors)
+ Daniel Stenberg, Dima Tisnek, Johannes Schindelin, W. Mark Kubacki,
+ (4 contributors)
Thanks! (and sorry if I forgot to mention someone)
References to bug reports and discussions on issues:
- [1] = https://curl.haxx.se/bug/?i=2008
- [2] = https://curl.haxx.se/bug/?i=2006
- [3] = https://curl.haxx.se/bug/?i=2004
- [4] = https://curl.haxx.se/bug/?i=2013
- [5] = https://curl.haxx.se/bug/?i=1982
- [6] = https://curl.haxx.se/bug/?i=2016
- [7] = https://curl.haxx.se/bug/?i=2015
- [8] = https://curl.haxx.se/bug/?i=2001
- [9] = https://curl.haxx.se/bug/?i=2025
- [10] = https://curl.haxx.se/bug/?i=2023
- [11] = https://curl.haxx.se/bug/?i=2021
- [12] = https://curl.haxx.se/bug/?i=1934
- [13] = https://curl.haxx.se/bug/?i=1879
- [14] = https://curl.haxx.se/bug/?i=2022
- [15] = https://curl.haxx.se/bug/?i=2033
- [16] = https://curl.haxx.se/bug/?i=2034
- [17] = https://curl.haxx.se/bug/?i=2026
- [18] = https://curl.haxx.se/bug/?i=2031
- [19] = https://curl.haxx.se/bug/?i=2032
- [20] = https://curl.haxx.se/mail/lib-2017-11/0000.html
- [21] = https://curl.haxx.se/bug/?i=2038
- [22] = https://curl.haxx.se/bug/?i=2047
- [23] = https://curl.haxx.se/bug/?i=2044
- [24] = https://curl.haxx.se/bug/?i=1959
- [25] = https://curl.haxx.se/bug/?i=2054
- [26] = https://github.com/curl/curl/commit/f121575#commitcomment-25347120
- [27] = https://curl.haxx.se/bug/?i=2002
- [28] = https://curl.haxx.se/bug/?i=2045
- [29] = https://curl.haxx.se/bug/?i=2053
- [30] = https://curl.haxx.se/bug/?i=2061
- [31] = https://curl.haxx.se/bug/?i=2043
- [32] = https://curl.haxx.se/bug/?i=2024
- [33] = https://curl.haxx.se/bug/?i=2060
- [34] = https://curl.haxx.se/bug/?i=2064
- [35] = https://curl.haxx.se/bug/?i=2067
- [36] = https://curl.haxx.se/bug/?i=2071
- [37] = https://curl.haxx.se/mail/lib-2017-11/0032.html
- [38] = https://curl.haxx.se/bug/?i=2072
- [39] = https://curl.haxx.se/bug/?i=2079
- [40] = https://curl.haxx.se/bug/?i=2080
- [41] = https://curl.haxx.se/bug/?i=2087
- [42] = https://curl.haxx.se/bug/?i=2096
- [43] = https://curl.haxx.se/bug/?i=2098
- [44] = https://curl.haxx.se/bug/?i=2073
- [45] = https://curl.haxx.se/bug/?i=2106
- [46] = https://curl.haxx.se/bug/?i=2104
- [47] = https://curl.haxx.se/docs/adv_2017-11e7.html
- [48] = https://curl.haxx.se/docs/adv_2017-ae72.html
- [49] = https://curl.haxx.se/docs/adv_2017-af0a.html
- [50] = https://curl.haxx.se/bug/?i=2097
- [51] = https://curl.haxx.se/bug/?i=2056
- [52] = https://curl.haxx.se/bug/?i=2109
- [53] = https://curl.haxx.se/bug/?i=2110
- [54] = https://curl.haxx.se/bug/?i=2111
- [55] = https://curl.haxx.se/bug/?i=2083
+ [1] = https://curl.haxx.se/bug/?i=2118
+ [2] = https://curl.haxx.se/mail/lib-2017-12/0000.html
+ [3] = https://curl.haxx.se/bug/?i=2119
+ [4] = https://curl.haxx.se/bug/?i=2127