From 783d434648a78e0f0879ceddbd45f76ee2a6f3a8 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Fri, 11 Aug 2017 10:30:02 +0200
Subject: RELEASE-NOTES: synced with 37f2195a9

---
 RELEASE-NOTES | 255 ++++++++--------------------------------------------------
 1 file changed, 34 insertions(+), 221 deletions(-)

(limited to 'RELEASE-NOTES')

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index cb0634b4e..d5247d287 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -1,137 +1,32 @@
-Curl and libcurl 7.55.0
+Curl and libcurl 7.55.1
 
- Public curl releases:         167
+ Public curl releases:         168
  Command line options:         210
  curl_easy_setopt() options:   247
  Public functions in libcurl:  61
- Contributors:                 1571
+ Contributors:                 1592
 
 This release includes the following changes:
 
- o curl: allow --header and --proxy-header read from file [7]
- o getinfo: provide sizes as curl_off_t [6]
- o curl: prevent binary output spewed to terminal [16]
- o curl: added --request-target [22]
- o libcurl: added CURLOPT_REQUEST_TARGET [22]
- o curl: added --socks5-{basic,gssapi}: control socks5 auth [30]
- o libcurl: added CURLOPT_SOCKS5_AUTH [30]
+ o
 
 This release includes the following bugfixes:
 
- o glob: do not parse after a strtoul() overflow range (CVE-2017-1000101) [85]
- o tftp: reject file name lengths that don't fit (CVE-2017-1000100) [84]
- o file: output the correct buffer to the user (CVE-2017-1000099) [83]
- o includes: remove curl/curlbuild.h and curl/curlrules.h [1]
- o dist: make the hugehelp.c not get regenerated unnecessarily [2]
- o timers: store internal time stamps as time_t instead of doubles [3]
- o progress: let "current speed" be UL + DL speeds combined [4]
- o http-proxy: do the HTTP CONNECT process entirely non-blocking [5]
- o lib/curl_setup.h: remove CURL_WANTS_CA_BUNDLE_ENV [8]
- o fuzz: bring oss-fuzz initial code converted to C89 [10]
- o configure: disable nghttp2 too if HTTP has been disabled
- o mk-ca-bundle.pl: Check curl's exit code after certdata download [11]
- o test1148: verify the -# progressbar [12]
- o tests: stabilize test 2032 and 2033 [13]
- o HTTPS-Proxy: don't offer h2 for https proxy connections [14]
- o http-proxy: only attempt FTP over HTTP proxy [9]
- o curl-compilers.m4: enable vla warning for clang [15]
- o curl-compilers.m4: enable double-promotion warning [15]
- o curl-compilers.m4: enable missing-variable-declarations clang warning [15]
- o curl-compilers.m4: enable comma clang warning [15]
- o Makefile.m32: enable -W for MinGW32 build [15]
- o CURLOPT_PREQUOTE: not supported for SFTP [17]
- o http2: fix OOM crash
- o PIPELINING_SERVER_BL: cleanup the internal list use [18]
- o mkhelp.pl: fix script name in usage text
- o lib1521: add curl_easy_getinfo calls to the test set
- o travis: do the distcheck test build out-of-tree as well
- o if2ip: fix compiler warning in ISO C90 mode
- o lib: fix the djgpp build [19]
- o typecheck-gcc: add support for CURLINFO_OFF_T [20]
- o travis: enable typecheck-gcc warnings [21]
- o maketgz: switch to xz instead of lzma [23]
- o CURLINFO_REDIRECT_URL.3: mention the CURLOPT_MAXREDIRS case
- o curl-compilers.m4: fix unknown-warning-option on Apple clang [24]
- o winbuild: fix boringssl build [25]
- o curl/system.h: add check for XTENSA for 32bit gcc [26]
- o test1537: fixed memory leak on OOM
- o test1521: fix compiler warnings [27]
- o curl: fix memory leak on test 1147 OOM [28]
- o libtest/make: generate lib1521.c dynamically at build-time [29]
- o curl_strequal.3: fix typo in SYNOPSIS [31]
- o progress: prevent resetting t_starttransfer [32]
- o openssl: improve fallback seed of PRNG with a time based hash [33]
- o http2: improved PING frame handling [34]
- o test1450: add simple testing for DICT [35]
- o make: build the docs subdir only from within src [36]
- o cmake: Added compatibility options for older Windows versions [37]
- o gtls: fix build when sizeof(long) < sizeof(void *) [38]
- o url: make the original string get used on subsequent transfers [39]
- o timeval.c: Use long long constant type for timeval assignment [40]
- o tool_sleep: typecast to avoid macos compiler warning
- o travis.yml: use --enable-werror on debug builds [41]
- o test1451: add SMB support to the testbed [42]
- o configure: remove checks for 5 functions never used [43]
- o configure: try ldap/lber in reversed order first [44]
- o smb: fix build for djgpp/MSDOS [45]
- o travis: install nghttp2 on linux builds [46]
- o smb: add support for CURLOPT_FILETIME [47]
- o cmake: fix send/recv argument scanner for windows [48]
- o inet_pton: fix include on windows to get prototype [49]
- o select.h: avoid macro redefinition harder
- o cmake: if inet_pton is used, bump _WIN32_WINNT
- o asyn-thread.c: fix unused variable warnings on macOS
- o runtests: support "threaded-resolver" as a feature
- o test506: skip if threaded-resolver
- o cmake: remove spurious "-l" from linker flags [50]
- o cmake: add CURL_WERROR for enabling "warning as errors"
- o memdebug: don't setbuf() if the file open failed [51]
- o curl_easy_escape.3: mention the (lack of) encoding [52]
- o test1452: add telnet negotiation [53]
- o CURLOPT_POSTFIELDS.3: explain the 100-continue magic better
- o cmake: offer CMAKE_DEBUG_POSTFIX when building with MSVC [54]
- o tests/valgrind.supp: supress OpenSSL false positive seen on travis [55]
- o curl_setup_once: Remove ERRNO/SET_ERRNO macros [56]
- o curl-compilers.m4: disable warning spam with Cygwin's clang [57]
- o ldap: fix MinGW compiler warning [58]
- o make: fix docs build on OpenBSD [59]
- o curl_setup: always define WIN32_LEAN_AND_MEAN on Windows [60]
- o system.h: include winsock2.h before windows.h
- o winbuild: build with warning level 4 [61]
- o rtspd: fix MSVC level 4 warning
- o sockfilt: suppress conversion warning with explicit cast
- o libtest: fix MSVC warning C4706
- o darwinssl: fix pinnedpubkey build error [62]
- o tests/server/resolve.c: fix deprecation warning [63]
- o nss: fix a possible use-after-free in SelectClientCert() [64]
- o checksrc: escape open brace in regex
- o multi: mention integer overflow risk if using > 500 million sockets [65]
- o darwinssl: fix --tlsv1.2 regression [66]
- o timeval: struct curltime is a struct timeval replacement [67]
- o curl_rtmp: fix a compiler warning [68]
- o include.d: clarify that it concerns the response headers [69]
- o cmake: support make uninstall [70]
- o include.d: clarify --include is only for response headers [71]
- o libcurl: Stop using error codes defined under CURL_NO_OLDIES [72]
- o http: fix response code parser to avoid integer overflow [73]
- o configure: fix the check for IdnToUnicode [74]
- o multi: fix request timer management [75]
- o curl_threads: fix MSVC compiler warning [76]
- o travis: build on osx with openssl
- o travis: build on osx with libressl
- o CURLOPT_NETRC.3: mention the file name on windows
- o cmake: set MSVC warning level to 4 [77]
- o netrc: skip lines starting with '#' [78]
- o darwinssl: fix curlssl_sha256sum() compiler warnings on first argument
- o BUILD.WINDOWS: mention buildconf.bat for builds off git
- o darwinssl: silence compiler warnings [79]
- o travis: build on osx with darwinssl
- o FTP: skip unnecessary CWD when in nocwd mode [80]
- o gssapi: fix memory leak of output token in multi round context [81]
- o getparameter: avoid returning uninitialized 'usedarg' [82]
- o curl (debug build) easy_events: make event data static
- o curl: detect and bail out early on parameter integer overflows [86]
- o configure: fix recv/send/select detection on Android [87]
+ o build: fix 'make install' with configure, install docs/libcurl/* too
+ o make install: add 8 missing man pages to the installation
+ o curl: do bounds check using a double comparison [1]
+ o dist: Add dictserver.py/negtelnetserver.py to release [2]
+ o digest_sspi: Don't reuse context if the user/passwd has changed [3]
+ o gitignore: ignore top-level .vs folder [4]
+ o build: check out *.sln files with Windows line endings [5]
+ o travis: verify "make install" [6]
+ o dist: fix the cmake build by shipping cmake_uninstall.cmake.in too [7]
+ o metalink: fix error: ‘*’ in boolean context, suggest ‘&&’ instead
+ o configure: use the threaded resolver backend by default if possible [8]
+ o mkhelp.pl: allow executing this script directly [9]
+ o maketgz: remove old *.dist files before making the tarball [10]
+ o openssl: remove CONST_ASN1_BIT_STRING [11]
+ o openssl: fix "error: this statement may fall through"
 
 This release includes the following known bugs:
 
@@ -140,105 +35,23 @@ This release includes the following known bugs:
 This release would not have looked like this without help, code, reports and
 advice from friends like these:
 
-  Brad Spencer, Brian Carpenter, Dan Fandrich, Daniel Stenberg,
-  David E. Narváez, destman at github, Dmitry Kostjuchenko,
-  Dwarakanath Yadavalli, Even Rouault, Evert Pot, Frederik B, Gisle Vanem,
-  Hannes Magnusson, Henrik Gaßmann, Isaac Boukris, Jakub Wilk, Jeremy Tan,
-  Jeroen Ooms, Jesse Chisholm, Johannes Schindelin, Kamil Dudka, Marcel Raad,
-  Martin Kepplinger, Matteo B., Max Dymond, Michael Kaufmann, Neil Kolban,
-  Nick Miyake, olesteban at github, ovidiu-benea on github, Pascal Terjan,
-  Paul Harris, Pavel Rochnyak, Per Malmberg, Ray Satiro, Rob Sanders,
-  Ryan Winograd, Sergei Nikulov, Simon Warta, Timothe Litt, Viktor Szakáts,
-  (41 contributors)
+  Adam Sampson, Bernard Spil, Christian Weisgerber, Daniel Krügler,
+  Daniel Stenberg, David Benjamin, Isaac Boukris, Marcel Raad,
+  paulharris on github, Ray Satiro,
+  (10 contributors)
 
         Thanks! (and sorry if I forgot to mention someone)
 
 References to bug reports and discussions on issues:
 
- [1] = https://daniel.haxx.se/blog/2017/06/15/target-independent-libcurl-headers/
- [2] = https://curl.haxx.se/bug/?i=1565
- [3] = https://curl.haxx.se/bug/?i=1531
- [4] = https://curl.haxx.se/bug/?i=1556
- [5] = https://curl.haxx.se/bug/?i=1547
- [6] = https://curl.haxx.se/bug/?i=1511
- [7] = https://curl.haxx.se/bug/?i=1486
- [8] = https://curl.haxx.se/bug/?i=1538
- [9] = https://curl.haxx.se/bug/?i=1505
- [10] = https://curl.haxx.se/bug/?i=1476
- [11] = https://curl.haxx.se/bug/?i=1577
- [12] = https://curl.haxx.se/bug/?i=1569
- [13] = https://curl.haxx.se/bug/?i=1576
- [14] = https://curl.haxx.se/bug/?i=1546
- [15] = https://curl.haxx.se/bug/?i=1578
- [16] = https://curl.haxx.se/bug/?i=1512
- [17] = https://curl.haxx.se/bug/?i=1514
- [18] = https://curl.haxx.se/bug/?i=1584
- [19] = https://github.com/curl/curl/commit/73a2fcea0b4adea6ba342cd7ed1149782c214ae3#commitcomment-22655993
- [20] = https://curl.haxx.se/bug/?i=1592
- [21] = https://curl.haxx.se/bug/?i=1595
- [22] = https://curl.haxx.se/bug/?i=1593
- [23] = https://curl.haxx.se/bug/?i=1604
- [24] = https://curl.haxx.se/bug/?i=1606
- [25] = https://curl.haxx.se/bug/?i=1610
- [26] = https://curl.haxx.se/bug/?i=1598
- [27] = https://curl.haxx.se/bug/?i=1611
- [28] = https://github.com/curl/curl/pull/1486#issuecomment-310926872
- [29] = https://curl.haxx.se/bug/?i=1614
- [30] = https://curl.haxx.se/bug/?i=1454
- [31] = https://curl.haxx.se/bug/?i=1623
- [32] = https://curl.haxx.se/bug/?i=1616
- [33] = https://curl.haxx.se/bug/?i=1620
- [34] = https://curl.haxx.se/bug/?i=1521
- [35] = https://curl.haxx.se/bug/?i=1615
- [36] = https://curl.haxx.se/bug/?i=1591
- [37] = https://curl.haxx.se/bug/?i=1621
- [38] = https://curl.haxx.se/bug/?i=1617
- [39] = https://curl.haxx.se/bug/?i=1631
- [40] = https://curl.haxx.se/mail/lib-2017-07/0003.html
- [41] = https://curl.haxx.se/bug/?i=1637
- [42] = https://curl.haxx.se/bug/?i=1630
- [43] = https://curl.haxx.se/bug/?i=1638
- [44] = https://curl.haxx.se/bug/?i=1619
- [45] = https://curl.haxx.se/mail/lib-2017-07/0005.html
- [46] = https://curl.haxx.se/bug/?i=1642
- [47] = https://curl.haxx.se/mail/lib-2017-07/0005.html
- [48] = https://curl.haxx.se/bug/?i=1640
- [49] = https://curl.haxx.se/bug/?i=1639
- [50] = https://curl.haxx.se/bug/?i=1552
- [51] = https://github.com/curl/curl/issues/828#issuecomment-313475151
- [52] = https://curl.haxx.se/bug/?i=1612
- [53] = https://curl.haxx.se/bug/?i=1645
- [54] = https://curl.haxx.se/bug/?i=1649
- [55] = https://curl.haxx.se/bug/?i=1653
- [56] = https://curl.haxx.se/bug/?i=1589
- [57] = https://curl.haxx.se/bug/?i=1665
- [58] = https://curl.haxx.se/bug/?i=1664
- [59] = https://curl.haxx.se/bug/?i=1591
- [60] = https://curl.haxx.se/bug/?i=1672
- [61] = https://curl.haxx.se/bug/?i=1667
- [62] = https://github.com/curl/curl/commit/eb16305#commitcomment-23035670
- [63] = https://curl.haxx.se/bug/?i=1682
- [64] = https://bugzilla.redhat.com/1436158
- [65] = https://curl.haxx.se/bug/?i=1683
- [66] = https://curl.haxx.se/bug/?i=1703
- [67] = https://curl.haxx.se/bug/?i=1693
- [68] = https://curl.haxx.se/bug/?i=1652
- [69] = https://curl.haxx.se/bug/?i=1704
- [70] = https://curl.haxx.se/bug/?i=1674
- [71] = https://github.com/curl/curl/commit/de6de94#commitcomment-23370851
- [72] = https://curl.haxx.se/bug/?i=1688
- [73] = https://curl.haxx.se/bug/?i=1714
- [74] = https://curl.haxx.se/bug/?i=1669
- [75] = https://curl.haxx.se/mail/lib-2017-07/0033.html
- [76] = https://curl.haxx.se/bug/?i=1717
- [77] = https://curl.haxx.se/bug/?i=1711
- [78] = https://curl.haxx.se/mail/lib-2017-08/0008.html
- [79] = https://curl.haxx.se/bug/?i=1722
- [80] = https://curl.haxx.se/bug/?i=1718
- [81] = https://curl.haxx.se/bug/?i=1733
- [82] = https://curl.haxx.se/bug/?i=1728
- [83] = https://curl.haxx.se/docs/adv_20170809C.html
- [84] = https://curl.haxx.se/docs/adv_20170809B.html
- [85] = https://curl.haxx.se/docs/adv_20170809A.html
- [86] = https://curl.haxx.se/bug/?i=1730
- [87] = https://curl.haxx.se/bug/?i=1738
+ [1] = https://curl.haxx.se/bug/?i=1750
+ [2] = https://curl.haxx.se/bug/?i=1744
+ [3] = https://curl.haxx.se/bug/?i=1742
+ [4] = https://curl.haxx.se/bug/?i=1746
+ [5] = https://curl.haxx.se/bug/?i=1746
+ [6] = https://curl.haxx.se/bug/?i=1753
+ [7] = https://curl.haxx.se/bug/?i=1755
+ [8] = https://curl.haxx.se/bug/?i=1647
+ [9] = https://curl.haxx.se/bug/?i=1743
+ [10] = https://curl.haxx.se/mail/lib-2017-08/0050.html
+ [11] = https://curl.haxx.se/bug/?i=1759
-- 
cgit v1.2.1