From e052859759b34d0e05ce0f17244873e5cd7b457b Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 9 Dec 2020 07:38:24 +0100 Subject: RELEASE-NOTES: synced for 7.74.0 --- RELEASE-NOTES | 36 +++++++++++++++++++++++++++--------- docs/THANKS | 22 ++++++++++++++++++++++ 2 files changed, 49 insertions(+), 9 deletions(-) diff --git a/RELEASE-NOTES b/RELEASE-NOTES index fc6d168d8..a96762961 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -12,6 +12,9 @@ This release includes the following changes: This release includes the following bugfixes: + o CVE-2020-8286: Inferior OCSP verification [93] + o CVE-2020-8285: FTP wildcard stack overflow [95] + o CVE-2020-8284: trusting FTP PASV responses [97] o acinclude: detect manually set minimum macos/ipod version [46] o alt-svc: enable (in the build) by default [20] o alt-svc: minimize variable scope and avoid "DEAD_STORE" [51] @@ -26,6 +29,7 @@ This release includes the following bugfixes: o cmake: check for linux/tcp.h [91] o cmake: correctly handle linker flags for static libs [52] o cmake: don't pass -fvisibility=hidden to clang-cl on Windows [53] + o cmake: don't use reserved target name 'test' [79] o cmake: make BUILD_TESTING dependent option [30] o cmake: make CURL_ZLIB a tri-state variable [70] o cmake: set the unicode feature in curl-config on Windows [23] @@ -53,6 +57,7 @@ This release includes the following bugfixes: o examples/httpput: remove use of CURLOPT_PUT [39] o FAQ: refreshed [56] o file: avoid duplicated code sequence [77] + o ftp: retry getpeername for FTP with TCP_FASTOPEN [100] o gnutls: fix memory leaks (certfields memory wasn't released) [41] o header.d: mention the "Transfer-Encoding: chunked" handling [45] o HISTORY: the new domain @@ -84,12 +89,14 @@ This release includes the following bugfixes: o quiche: remove 'static' from local buffer [71] o range.d: clarify that curl will not parse multipart responses [36] o range.d: fix typo + o Revert "multi: implement wait using winsock events" [99] o rtsp: error out on empty Session ID, unified the code o rtsp: fixed Session ID comparison to refuse prefix [65] o rtsp: fixed the RTST Session ID mismatch in test 570 [64] o runtests: return error if no tests ran [16] o runtests: revert the mistaken edit of $CURL o runtests: show keywords when no tests ran [33] + o scripts/completion.pl: parse all opts [101] o socks: check for DNS entries with the right port number [74] o src/tool_filetime: disable -Wformat on mingw for this file [2] o strerror: use 'const' as the string should never be modified [18] @@ -108,6 +115,7 @@ This release includes the following bugfixes: o tool_writeout: use off_t getinfo-types instead of doubles [76] o travis: use ninja-build for CMake builds [63] o travis: use valgrind when running tests for debug builds [40] + o urlapi: don't accept blank port number field without scheme [98] o urlapi: URL encode a '+' in the query part [14] o urldata: remove 'void *protop' and create the union 'p' [86] o vquic/ngtcp2.h: define local_addr as sockaddr_storage [73] @@ -121,15 +129,17 @@ advice from friends like these: Andreas Fischer, asavah on github, b9a1 on github, Baruch Siach, Basuke Suzuki, bobmitchell1956 on github, BrumBrum on hackerone, - Cristian Morales Vega, Daiki Ueno, Daniel Gustafsson, Daniel Stenberg, - Dietmar Hauser, Dirk Wetter, emanruse on github, Emil Engler, - hamstergene on github, Harry Sintonen, Jakub Zakrzewski, Jeroen Ooms, - Jon Rumsey, José Joaquín Atria, Junho Choi, Kael1117 on github, - Klaus Crusius, Kovalkov Dmitrii, Marcel Raad, Marc Hörsken, Marc Schlatter, - Niranjan Hasabnis, nosajsnikta on github, Oliver Urbann, Per Nilsson, - Philipp Klaus Krause, Ray Satiro, Rikard Falkeborn, Rui LIU, Sergei Nikulov, - Tobias Hieta, Tom G. Christensen, Viktor Szakats, Vincent Torri, - (41 contributors) + Cristian Morales Vega, d4d on hackerone, Daiki Ueno, Daniel Gustafsson, + Daniel Stenberg, Dietmar Hauser, Dirk Wetter, emanruse on github, + Emil Engler, hamstergene on github, Harry Sintonen, Jacob Hoffman-Andrews, + Jakub Zakrzewski, Jeroen Ooms, Jon Rumsey, José Joaquín Atria, Junho Choi, + Kael1117 on github, Klaus Crusius, Kovalkov Dmitrii, Marcel Raad, + Marc Hörsken, Marc Schlatter, Niranjan Hasabnis, nosajsnikta on github, + Oliver Urbann, Per Nilsson, Philipp Klaus Krause, Ray Satiro, + Rikard Falkeborn, Rui LIU, Sergei Nikulov, Thomas Danielsson, Tobias Hieta, + Tom G. Christensen, Varnavas Papaioannou, Viktor Szakats, Vincent Torri, + xnynx on github, + (46 contributors) Thanks! (and sorry if I forgot to mention someone) @@ -213,6 +223,7 @@ References to bug reports and discussions on issues: [76] = https://curl.se/bug/?i=6248 [77] = https://curl.se/bug/?i=6249 [78] = https://curl.se/bug/?i=6241 + [79] = https://curl.se/bug/?i=6257 [80] = https://curl.se/bug/?i=6211 [81] = https://curl.se/bug/?i=6058 [82] = https://curl.se/bug/?i=6205 @@ -226,5 +237,12 @@ References to bug reports and discussions on issues: [90] = https://curl.se/bug/?i=6271 [91] = https://curl.se/bug/?i=6252 [92] = https://curl.se/bug/?i=6263 + [93] = https://curl.se/docs/CVE-2020-8286.html [94] = https://curl.se/bug/?i=6267 + [95] = https://curl.se/docs/CVE-2020-8285.html [96] = https://curl.se/bug/?i=6264 + [97] = https://curl.se/docs/CVE-2020-8284.html + [98] = https://curl.se/bug/?i=6283 + [99] = https://curl.se/bug/?i=6146 + [100] = https://curl.se/bug/?i=6252 + [101] = https://curl.se/bug/?i=6280 diff --git a/docs/THANKS b/docs/THANKS index 9e037eecf..fcac1f5f3 100644 --- a/docs/THANKS +++ b/docs/THANKS @@ -116,6 +116,7 @@ Andre Heinecke Andreas Damm Andreas Falkenhahn Andreas Farber +Andreas Fischer Andreas Kostyrka Andreas Malzahn Andreas Ntaflos @@ -201,6 +202,7 @@ Austin Green Avery Fay Axel Tillequin Ayoub Boudhar +b9a1 on github Balaji Parasuram Balaji S Rao Balaji Salunke @@ -407,6 +409,7 @@ Craig Markwardt crazydef on github Cris Bailiff Cristian Greco +Cristian Morales Vega Cristian Rodríguez Curt Bogmine Cynthia Coan @@ -415,6 +418,7 @@ Cyrill Osterwalder Cédric Connes Cédric Deltheil D. Flinkmann +d4d on hackerone d912e3 on github Da-Yoon Chung daboul on github @@ -532,6 +536,7 @@ Dheeraj Sangamkar Didier Brisebourg Diego Bes Diego Casorran +Dietmar Hauser Dilyan Palauzov Dima Barsky Dima Pasechnik @@ -545,6 +550,7 @@ Dinar Dirk Eddelbuettel Dirk Feytons Dirk Manske +Dirk Wetter Dirkjan Bussink Diven Qi divinity76 on github @@ -620,6 +626,7 @@ Elliot Saba Ellis Pritchard Elmira A Semenova elsamuko on github +emanruse on github Emanuele Bovisio Emil Engler Emil Lerner @@ -883,6 +890,7 @@ Jack Zhang Jackarain on github Jacky Lam Jacob Barthelmeh +Jacob Hoffman-Andrews Jacob Meuser Jacob Moshenko Jactry Zeng @@ -1081,6 +1089,7 @@ Joshua Kwan Joshua Swink Josie Huddleston Josue Andrade Gomes +José Joaquín Atria Jozef Kralik JP Mens Juan Barreto @@ -1117,6 +1126,7 @@ Jörg Mueller-Tolk Jörn Hartroth K. R. Walker ka7 on github +Kael1117 on github Kai Engert Kai Noda Kai Sommerfeld @@ -1160,6 +1170,7 @@ Kimmo Kinnunen Kirill Marchuk Kjell Ericson Kjetil Jacobsen +Klaus Crusius Klaus Stein Klevtsov Vadim Kobi Gurkan @@ -1168,6 +1179,7 @@ Konstantin Isakov Konstantin Kushnir kotoriのねこ kouzhudong on github +Kovalkov Dmitrii kreshano on github Kris Kennaway Krishnendu Majumdar @@ -1547,6 +1559,7 @@ Nikos Tsipinakis niner on github Ning Dong Nir Soffer +Niranjan Hasabnis Nis Jorgensen nk NobodyXu on github @@ -1556,6 +1569,7 @@ nopjmp on github Norbert Frese Norbert Kett Norbert Novotny +nosajsnikta on github NTMan on Github Octavio Schroeder Ofer @@ -1571,6 +1585,7 @@ Oliver Gondža Oliver Graute Oliver Kuckertz Oliver Schindler +Oliver Urbann Olivier Berger Olivier Brunel Omar Ramadan @@ -1647,6 +1662,7 @@ pendrek at hackerone Peng Li Per Lundberg Per Malmberg +Per Nilsson Pete Lomax Peter Bray Peter Forret @@ -1687,6 +1703,7 @@ Philip Craig Philip Gladstone Philip Langdale Philip Prindeville +Philipp Klaus Krause Philipp Waehnert Philippe Hameau Philippe Marguinaud @@ -1853,6 +1870,7 @@ Rosimildo da Silva Ross Burton Roy Bellingan Roy Shan +Rui LIU Rune Kleveland Ruslan Baratov Ruslan Gazizov @@ -2053,6 +2071,7 @@ therealhirudo on github tholin on github Thomas Bouzerar Thomas Braun +Thomas Danielsson Thomas Gamper Thomas Glanzmann Thomas J. Moore @@ -2107,6 +2126,7 @@ Todd Short Todd Vierling Tom Benoist Tom Donovan +Tom G. Christensen Tom Grace Tom Greenslade Tom Lee @@ -2164,6 +2184,7 @@ Valentin David Valentyn Korniienko Valerii Zapodovnikov vanillajonathan on github +Varnavas Papaioannou Vasiliy Faronov Vasily Lobaskin Vasy Okhin @@ -2231,6 +2252,7 @@ Xiang Xiao Xiangbin Li Xiaoyin Liu XmiliaH on github +xnynx on github xwxbug on github Yaakov Selkowitz Yang Tse -- cgit v1.2.1