summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2020-06-24 11:44:22 +0200
committerDaniel Stenberg <daniel@haxx.se>2020-06-24 11:44:22 +0200
commit7fb33ee871a04d2e4f6ffedba0808635efb1ef53 (patch)
tree3bdca5bc5b728f9fd598914161de9a579f759013
parent906bb64ac9f74e2fef864d95ff22eb3fca143ba0 (diff)
downloadcurl-7fb33ee871a04d2e4f6ffedba0808635efb1ef53.tar.gz
RELEASE-NOTES: synced
-rw-r--r--RELEASE-NOTES281
1 files changed, 7 insertions, 274 deletions
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index d76511360..3abdb5db0 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -1,6 +1,6 @@
-curl and libcurl 7.71.0
+curl and libcurl 7.71.1
- Public curl releases: 192
+ Public curl releases: 193
Command line options: 232
curl_easy_setopt() options: 277
Public functions in libcurl: 82
@@ -8,149 +8,11 @@ curl and libcurl 7.71.0
This release includes the following changes:
- o CURLOPT_SSL_OPTIONS: optional use of Windows' CA store (with openssl) [10]
- o setopt: add CURLOPT_PROXY_ISSUERCERT(_BLOB) for coherency [31]
- o setopt: support certificate options in memory with struct curl_blob [41]
- o tool: Add option --retry-all-errors to retry on any error [27]
+ o
This release includes the following bugfixes:
- o CVE-2020-8177: curl overwrite local file with -J [111]
- o CVE-2020-8169: Partial password leak over DNS on HTTP redirect [48]
- o *_sspi: fix bad uses of CURLE_NOT_BUILT_IN [21]
- o all: fix codespell errors [75]
- o altsvc: bump to h3-29 [114]
- o altsvc: fix 'dsthost' may be used uninitialized in this function
- o altsvc: fix parser for lines ending with CRLF [74]
- o altsvc: remove the num field from the altsvc struct [109]
- o appveyor: add non-debug plain autotools-based build [90]
- o appveyor: disable flaky test 1501 and ignore broken 1056
- o appveyor: disable test 1139 instead of ignoring it
- o asyn-*: remove support for never-used NULL entry pointers [19]
- o azure: use matrix strategy to avoid configuration redundancy [83]
- o build: disable more code/data when built without proxy support [84]
- o buildconf: remove -print from the find command that removes files
- o checksrc: enhance the ASTERISKSPACE and update code accordingly [52]
- o CI/macos: fix 'is already installed' errors by using bundle [94]
- o cirrus: disable SFTP and SCP tests [7]
- o CMake: add ENABLE_ALT_SVC option
- o CMake: add HTTP/3 support (ngtcp2+nghttp3, quiche) [34]
- o CMake: add libssh build support [37]
- o CMake: do not build test programs by default [30]
- o CMake: fix runtests.pl with CMake, add new test targets [29]
- o CMake: ignore INTERFACE_LIBRARY targets for pkg-config file [112]
- o CMake: rebuild Makefile.inc.cmake when Makefile.inc changes [58]
- o CODE_REVIEW.md: how to do code reviews in curl [108]
- o configure: fix pthread check with static boringssl
- o configure: for wolfSSL, check for the DES func needed for NTLM
- o configure: only strip first -L from LDFLAGS [89]
- o configure: repair the check if argv can be written to [47]
- o configure: the wolfssh backend does not provide SCP [57]
- o connect: improve happy eyeballs handling [118]
- o connect: make happy eyeballs work for QUIC (again) [16]
- o curl.1: Quote globbed URLs [51]
- o curl: remove -J "informational" written on stdout [36]
- o Curl_addrinfo: use one malloc instead of three [97]
- o CURLINFO_ACTIVESOCKET.3: clarify the description [87]
- o doc: add missing closing parenthesis in CURLINFO_SSL_VERIFYRESULT.3 [5]
- o doc: Rename VERSIONS to VERSIONS.md as it already has Markdown syntax [20]
- o docs/HTTP3: add qlog to the quiche build instruction
- o docs/options-in-versions: which version added each cmdline option [53]
- o docs: unify protocol lists [54]
- o dynbuf: introduce internal generic dynamic buffer functions [17]
- o easy: fix dangling pointer on easy_perform fail [26]
- o examples/ephiperfifo: turn off interval when setting timerfd [79]
- o examples/http2-down/upload: add error checks [78]
- o examples: remove asiohiper.cpp [4]
- o FILEFORMAT: add more features that tests can depend on
- o FILEFORMAT: describe verify/stderr
- o ftp: make domore_getsock() return the secondary socket properly
- o ftp: mark return-ignoring calls to Curl_GetFTPResponse with (void) [64]
- o ftp: shut down the secondary connection properly when SSL is used [43]
- o GnuTLS: Backend support for CURLINFO_SSL_VERIFYRESULT [9]
- o hostip: make Curl_printable_address not return anything [63]
- o hostip: on macOS avoid DoH when given a numerical IP address [69]
- o http2: keep trying to send pending frames after req.upload_done [40]
- o http2: simplify and clean up trailer handling [6]
- o HTTP3.md: clarify cargo build directory [77]
- o http: move header storage to Curl_easy from connectdata [107]
- o libcurl.pc: Merge Libs.private into Libs for static-only builds [28]
- o libssh2: improved error output for wrong quote syntax [39]
- o libssh2: keep sftp errors as 'unsigned long' [103]
- o libssh2: set the expected total size in SCP upload init [2]
- o libtest/cmake: Remove commented code [13]
- o list-only.d: this option existed already in 4.0
- o manpage: add three missing environment variables [121]
- o multi: add defensive check on data->multi->num_alive [96]
- o multi: implement wait using winsock events [120]
- o ngtcp2: cleanup memory when failing to connect [70]
- o ngtcp2: fix build with current ngtcp2 master implementing draft 28 [76]
- o ngtcp2: fix happy eyeballs quic connect crash [118]
- o ngtcp2: introduce qlog support [23]
- o ngtcp2: never call fprintf() in lib code in release version
- o ngtcp2: update with recent API changes [100]
- o ntlm: enable NTLM support with wolfSSL [81]
- o OpenSSL: have CURLOPT_CRLFILE imply CURLSSLOPT_NO_PARTIALCHAIN [55]
- o openssl: set FLAG_TRUSTED_FIRST unconditionally [105]
- o projects: Add crypt32.lib to dependencies for all OpenSSL configs [93]
- o quiche: clean up memory properly when failing to connect [71]
- o quiche: enable qlog output [14]
- o quiche: update SSLKEYLOGFILE support [98]
- o Revert "buildconf: use find -execdir" [38]
- o Revert "ssh: ignore timeouts during disconnect" [67]
- o runtests: remove sleep calls [18]
- o runtests: show elapsed test time with higher precision (ms)
- o select: always use Sleep in Curl_wait_ms on Win32 [82]
- o select: fix overflow protection in Curl_socket_check [22]
- o sendf: make failf() use the mvsnprintf() return code [62]
- o server/sws: fix asan warning on use of uninitialized variable
- o server/util: fix logmsg format using curl_off_t argument [106]
- o sha256: fixed potentially uninitialized variable [61]
- o share: don't set the share flag it something fails [116]
- o sockfilt: make select_ws stop waiting on exit signal event
- o socks: detect connection close during handshake [95]
- o socks: fix expected length of SOCKS5 reply [68]
- o socks: remove unreachable breaks in socks.c and mime.c [101]
- o source cleanup: remove all custom typedef structs [42]
- o test1167: fixes in badsymbols.pl [73]
- o test1177: look for curl.h in source directory [1]
- o test1238: avoid tftpd being busy for tests shortly following [33]
- o test613.pl: make tests 613 and 614 work with OpenSSH for Windows [8]
- o test75: Remove precheck test
- o tests: add https-proxy support to the test suite [49]
- o tests: add support for SSH server variant specific transfer paths [24]
- o tests: add two simple tests for --login-options [99]
- o tests: make test 1248 + 1249 use %NOLISTENPORT [3]
- o tests: pick a random port number for SSH [12]
- o tests: run stunnel for HTTPS and FTPS on dynamic ports [11]
- o timeouts: change millisecond timeouts to timediff_t from time_t [86]
- o timeouts: move ms timeouts to timediff_t from int and long [104]
- o tool: fixup a few --help descriptions [56]
- o tool: support UTF-16 command line on Windows [46]
- o tool_cfgable: free login_options at exit [102]
- o tool_getparam: fix memory leak in parse_args
- o tool_operate: fixed potentially uninitialized variables [60]
- o tool_paramhlp: fixed potentially uninitialized strtol() variable [59]
- o transfer: close connection after excess data has been read [66]
- o travis: add "qlog" as feature in the quiche build
- o travis: Add ngtcp2 and quiche tests for CMake
- o travis: upgrade to bionic, clang-9, improve readability [35]
- o typecheck-gcc.h: CURLINFO_PRIVATE does not need a 'char *' [44]
- o unit1604.c: fix implicit conv from 'SANITIZEcode' to 'CURLcode' [88]
- o url: accept "any length" credentials for proxy auth [72]
- o url: alloc the download buffer at transfer start [85]
- o url: reject too long input when parsing credentials [25]
- o url: sort the protocol schemes in rough popularity order [32]
- o urlapi: accept :: as a valid IPv6 address [15]
- o urldata: leave the HTTP method untouched in the set.* struct [45]
- o urlglob: treat literal IPv6 addresses with zone IDs as a host name [115]
- o user-agent.d: spell out what happens given a blank argument [80]
- o vauth/cleartext: fix theoretical integer overflow [50]
- o version.d: expanded and alpha-sorted [110]
- o vtls: Extract and simplify key log file handling from OpenSSL
- o wolfssl: add SSLKEYLOGFILE support [65]
- o wording: avoid blacklist/whitelist stereotypes [92]
- o write-out.d: added "response_code"
+ o DYNBUF.md: fix a typo: trail => tail [2]
This release includes the following known bugs:
@@ -159,140 +21,11 @@ This release includes the following known bugs:
This release would not have looked like this without help, code, reports and
advice from friends like these:
- Adnan Khan, Alessandro Ghedini, Billyzou0741326 on github, Brian Carpenter,
- Cherish98 on github, Dan Fandrich, Daniel Gustafsson, Daniel Stenberg,
- Emil Engler, Estanislau Augé-Pujadas, François Rigault, Geeknik Labs,
- Gergely Nagy, Gilles Vollant, Gregory Jefferis, Hugo van Kemenade,
- huzunhao on github, James Fuller, James Le Cuirot, Jeroen Ooms, John Simpson,
- Kamil Dudka, Kane York, Lucas Pardue, Maksim Stsepanenka, Marcel Raad,
- Marc Hörsken, Martin V, Max Peal, Michael Kaufmann, Mohamed Osama,
- Murugan Balraj, Neal Poole, Nicolas Sterchele, Pavel Volgarev, Peter Wang,
- Peter Wu, puckipedia on github, Radoslav Georgiev, Ray Satiro, Rich Salz,
- Rikard Falkeborn, rl1987 on github, Ruurd Beerstra, Saleem Abdulrasool,
- Samuel Marks, Siva Sivaraman, sn on hackerone, Tatsuhiro Tsujikawa,
- therealhirudo on github, Thomas Bouzerar, Valentyn Korniienko,
- Viktor Szakats, Vyron Tsingaras, Werner Stolz, Will Roberts,
- zloi-user on github, Коваленко Анатолий Викторович, kotoriのねこ
- (59 contributors)
+ Alexandre Pion, Daniel Stenberg, Denis Baručić,
+ (3 contributors)
Thanks! (and sorry if I forgot to mention someone)
References to bug reports and discussions on issues:
- [1] = https://curl.haxx.se/bug/?i=5310
- [2] = https://curl.haxx.se/mail/archive-2020-05/0000.html
- [3] = https://curl.haxx.se/bug/?i=5318
- [4] = https://curl.haxx.se/bug/?i=5090
- [5] = https://curl.haxx.se/bug/?i=5320
- [6] = https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22030
- [7] = https://curl.haxx.se/bug/?i=5315
- [8] = https://curl.haxx.se/bug/?i=5328
- [9] = https://curl.haxx.se/bug/?i=5287
- [10] = https://curl.haxx.se/bug/?i=4346
- [11] = https://curl.haxx.se/bug/?i=5267
- [12] = https://curl.haxx.se/bug/?i=5273
- [13] = https://curl.haxx.se/bug/?i=5311
- [14] = https://curl.haxx.se/bug/?i=5341
- [15] = https://curl.haxx.se/bug/?i=5344
- [16] = https://curl.haxx.se/bug/?i=5334
- [17] = https://curl.haxx.se/bug/?i=5300
- [18] = https://curl.haxx.se/bug/?i=5323
- [19] = https://curl.haxx.se/bug/?i=5324
- [20] = https://curl.haxx.se/bug/?i=5325
- [21] = https://curl.haxx.se/bug/?i=5355
- [22] = https://curl.haxx.se/bug/?i=5286
- [23] = https://curl.haxx.se/bug/?i=5353
- [24] = https://curl.haxx.se/bug/?i=5298
- [25] = https://curl.haxx.se/bug/?i=5383
- [26] = https://curl.haxx.se/bug/?i=5363
- [27] = https://curl.haxx.se/bug/?i=5185
- [28] = https://curl.haxx.se/bug/?i=5373
- [29] = https://curl.haxx.se/bug/?i=5358
- [30] = https://curl.haxx.se/bug/?i=5368
- [31] = https://curl.haxx.se/bug/?i=5431
- [32] = https://curl.haxx.se/bug/?i=5377
- [33] = https://curl.haxx.se/bug/?i=5364
- [34] = https://curl.haxx.se/bug/?i=5359
- [35] = https://curl.haxx.se/bug/?i=5370
- [36] = https://curl.haxx.se/mail/archive-2020-05/0044.html
- [37] = https://curl.haxx.se/bug/?i=5372
- [38] = https://curl.haxx.se/bug/?i=5483
- [39] = https://curl.haxx.se/bug/?i=5474
- [40] = https://curl.haxx.se/bug/?i=1410
- [41] = https://curl.haxx.se/bug/?i=5357
- [42] = https://curl.haxx.se/bug/?i=5338
- [43] = https://curl.haxx.se/bug/?i=5340
- [44] = https://curl.haxx.se/bug/?i=5432
- [45] = https://curl.haxx.se/bug/?i=5499
- [46] = https://curl.haxx.se/bug/?i=3784
- [47] = https://curl.haxx.se/bug/?i=5470
- [48] = https://curl.haxx.se/docs/CVE-2020-8169.html
- [49] = https://curl.haxx.se/bug/?i=5399
- [50] = https://curl.haxx.se/bug/?i=5391
- [51] = https://github.com/curl/curl/issues/5388
- [52] = https://curl.haxx.se/bug/?i=5386
- [53] = https://curl.haxx.se/bug/?i=5381
- [54] = https://curl.haxx.se/bug/?i=5384
- [55] = https://curl.haxx.se/bug/?i=5374
- [56] = https://curl.haxx.se/bug/?i=5379
- [57] = https://curl.haxx.se/bug/?i=5387
- [58] = https://curl.haxx.se/bug/?i=5469
- [59] = https://curl.haxx.se/bug/?i=5417
- [60] = https://curl.haxx.se/bug/?i=5416
- [61] = https://curl.haxx.se/bug/?i=5414
- [62] = https://curl.haxx.se/bug/?i=5413
- [63] = https://curl.haxx.se/bug/?i=5411
- [64] = https://curl.haxx.se/bug/?i=5412
- [65] = https://curl.haxx.se/bug/?i=5327
- [66] = https://curl.haxx.se/bug/?i=5440
- [67] = https://curl.haxx.se/mail/lib-2020-05/0068.html
- [68] = https://curl.haxx.se/bug/?i=5527
- [69] = https://curl.haxx.se/bug/?i=5454
- [70] = https://curl.haxx.se/bug/?i=5447
- [71] = https://curl.haxx.se/bug/?i=5450
- [72] = https://curl.haxx.se/bug/?i=5448
- [73] = https://curl.haxx.se/bug/?i=5442
- [74] = https://curl.haxx.se/bug/?i=5445
- [75] = https://curl.haxx.se/bug/?i=5452
- [76] = https://curl.haxx.se/bug/?i=5444
- [77] = https://curl.haxx.se/bug/?i=5522
- [78] = https://curl.haxx.se/bug/?i=5463
- [79] = https://curl.haxx.se/bug/?i=5485
- [80] = https://curl.haxx.se/bug/?i=5525
- [81] = https://curl.haxx.se/bug/?i=5548
- [82] = https://curl.haxx.se/bug/?i=5489
- [83] = https://curl.haxx.se/bug/?i=5468
- [84] = https://curl.haxx.se/bug/?i=5466
- [85] = https://curl.haxx.se/bug/?i=5472
- [86] = https://curl.haxx.se/bug/?i=5479
- [87] = https://curl.haxx.se/bug/?i=5299
- [88] = https://curl.haxx.se/bug/?i=5476
- [89] = https://curl.haxx.se/bug/?i=5519
- [90] = https://curl.haxx.se/bug/?i=5477
- [92] = https://curl.haxx.se/bug/?i=5546
- [93] = https://curl.haxx.se/bug/?i=5516
- [94] = https://curl.haxx.se/bug/?i=5513
- [95] = https://curl.haxx.se/bug/?i=5532
- [96] = https://curl.haxx.se/bug/?i=5540
- [97] = https://curl.haxx.se/bug/?i=5533
- [98] = https://curl.haxx.se/bug/?i=5541
- [99] = https://curl.haxx.se/bug/?i=5539
- [100] = https://curl.haxx.se/bug/?i=5538
- [101] = https://curl.haxx.se/bug/?i=5537
- [102] = https://curl.haxx.se/bug/?i=5535
- [103] = https://curl.haxx.se/bug/?i=5534
- [104] = https://curl.haxx.se/bug/?i=5490
- [105] = https://curl.haxx.se/bug/?i=5530
- [106] = https://curl.haxx.se/bug/?i=5529
- [107] = https://curl.haxx.se/bug/?i=5566
- [108] = https://curl.haxx.se/bug/?i=5555
- [109] = https://curl.haxx.se/bug/?i=5553
- [110] = https://curl.haxx.se/bug/?i=5558
- [111] = https://curl.haxx.se/docs/CVE-2020-8177.html
- [112] = https://curl.haxx.se/bug/?i=5512
- [114] = https://curl.haxx.se/bug/?i=5584
- [115] = https://curl.haxx.se/bug/?i=5576
- [116] = https://curl.haxx.se/bug/?i=5554
- [118] = https://curl.haxx.se/bug/?i=5565
- [120] = https://curl.haxx.se/bug/?i=5397
- [121] = https://curl.haxx.se/bug/?i=5571
+ [2] = https://curl.haxx.se/bug/?i=5599