2011-11-16 03:44:49 +08:00
|
|
|
Curl and libcurl 7.24.0
|
2003-09-23 05:38:52 +08:00
|
|
|
|
2011-11-18 01:29:15 +08:00
|
|
|
Public curl releases: 127
|
2011-08-13 05:51:41 +08:00
|
|
|
Command line options: 149
|
2011-08-09 15:32:53 +08:00
|
|
|
curl_easy_setopt() options: 192
|
2008-05-13 05:43:24 +08:00
|
|
|
Public functions in libcurl: 58
|
2009-11-30 03:12:00 +08:00
|
|
|
Known libcurl bindings: 39
|
2011-11-18 01:29:15 +08:00
|
|
|
Contributors: 907
|
2003-10-29 17:53:21 +08:00
|
|
|
|
2012-01-24 15:37:40 +08:00
|
|
|
This release includes the following security fixes:
|
|
|
|
|
|
|
|
o curl was vulnerable to a data injection attack for certain protocols
|
|
|
|
http://curl.haxx.se/docs/adv_20120124.html
|
|
|
|
o curl was vulnerable to a SSL CBC IV vulnerability when built to use OpenSSL
|
|
|
|
http://curl.haxx.se/docs/adv_20120124B.html
|
|
|
|
|
2006-08-09 06:56:46 +08:00
|
|
|
This release includes the following changes:
|
2008-09-01 22:27:24 +08:00
|
|
|
|
2011-12-20 03:08:59 +08:00
|
|
|
o CURLOPT_QUOTE: SFTP supports the '*'-prefix now [24]
|
|
|
|
o CURLOPT_DNS_SERVERS: set name servers if possible [23]
|
|
|
|
o Add support for using nettle instead of gcrypt as gnutls backend [22]
|
|
|
|
o CURLOPT_INTERFACE: avoid resolving interfaces names with magic prefixes [21]
|
2011-12-21 06:57:39 +08:00
|
|
|
o Added CURLOPT_ACCEPTTIMEOUT_MS [30]
|
|
|
|
o configure: add symbols versioning option --enable-versioned-symbols [31]
|
2006-08-09 06:56:46 +08:00
|
|
|
|
2007-07-22 18:17:52 +08:00
|
|
|
This release includes the following bugfixes:
|
|
|
|
|
2011-12-20 03:08:59 +08:00
|
|
|
o SSL session share: move the age counter to the share object [1]
|
|
|
|
o -J -O: use -O name if no Content-Disposition header comes! [2]
|
|
|
|
o protocol_connect: show verbose connect and set connect time [3]
|
|
|
|
o query-part: ignore the URI part for given protocols [4]
|
|
|
|
o gnutls: only translate winsock errors for old versions [5]
|
|
|
|
o POP3: fix end of body detection [6]
|
2011-11-30 23:38:58 +08:00
|
|
|
o POP3: detect when LIST returns no mails
|
2011-12-20 03:08:59 +08:00
|
|
|
o TELNET: improved treatment of options [7]
|
|
|
|
o configure: add support for pkg-config detection of libidn [8]
|
|
|
|
o CyaSSL 2.0+ library initialization adjustment [9]
|
2011-12-06 05:58:30 +08:00
|
|
|
o multi interface: only use non-NULL socker function pointer
|
|
|
|
o call opensocket callback properly for active FTP
|
2011-12-20 03:08:59 +08:00
|
|
|
o don't call close socket callback for sockets created with accept() [10]
|
|
|
|
o differentiate better between host/proxy errors [11]
|
|
|
|
o SSH: fix CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 and --hostpubmd5 [12]
|
|
|
|
o multi: handle timeouts on DNS servers by checking for new sockets [13]
|
2011-12-06 05:58:30 +08:00
|
|
|
o CURLOPT_DNS_SERVERS: fix return code
|
2011-12-20 03:08:59 +08:00
|
|
|
o POP3: fixed escaped dot not being stripped out [14]
|
|
|
|
o OpenSSL: check for the SSLv2 function in configure [15]
|
|
|
|
o MakefileBuild: fix the static build [16]
|
|
|
|
o create_conn: don't switch to HTTP protocol if tunneling is enabled [17]
|
|
|
|
o multi interface: fix block when CONNECT_ONLY option is used [18]
|
|
|
|
o Fix connection reuse for TLS upgraded connections [19]
|
|
|
|
o multiple file upload with -F and custom type [20]
|
2011-12-21 06:27:41 +08:00
|
|
|
o multi interface: active FTP connections are no longer blocking [25]
|
|
|
|
o Android build fix [26]
|
|
|
|
o timer: restore PRETRANSFER timing [27]
|
|
|
|
o libcurl.m4: Fix quoting arguments of AC_LANG_PROGRAM [28]
|
|
|
|
o appconnect time fixed for non-blocking connect ssl backends [29]
|
2011-12-26 05:37:24 +08:00
|
|
|
o do not include SSL handshake into time spent waiting for 100-continue [32]
|
2011-12-31 18:22:26 +08:00
|
|
|
o handle dns cache case insensitive
|
|
|
|
o use new host name casing for subsequent HTTP requests [33]
|
|
|
|
o CURLOPT_RESOLVE: avoid adding already present host names
|
|
|
|
o SFTP mkdir: use correct permission [34]
|
|
|
|
o resolve: don't leak pre-populated dns entries [35]
|
|
|
|
o --retry: Retry transfers on timeout and DNS errors
|
2012-01-04 06:33:52 +08:00
|
|
|
o negotiate with SSPI backend: use the correct buffer for input [36]
|
|
|
|
o SFTP dir: increase buffer size counter to avoid cut off file names [37]
|
2012-01-13 06:30:19 +08:00
|
|
|
o TFTP: fix resending (again) [38]
|
|
|
|
o c-ares: don't include getaddrinfo-using code [39]
|
|
|
|
o FTP: CURLE_PARTIAL_FILE will not close the control channel [40]
|
|
|
|
o win32-threaded-resolver: stop using a dummy socket
|
|
|
|
o OpenSSL: remove reference to openssl internal struct [41]
|
2012-01-19 05:33:45 +08:00
|
|
|
o OpenSSL: SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option no longer enabled
|
|
|
|
o OpenSSL: fix PKCS#12 certificate parsing related memory leak
|
|
|
|
o OpenLDAP: fix LDAP connection phase memory leak [42]
|
|
|
|
o Telnet: Use correct file descriptor for telnet upload
|
|
|
|
o Telnet: Remove bogus optimisation of telnet upload
|
2012-01-23 06:44:51 +08:00
|
|
|
o URL parse: user name with ipv6 numerical address
|
|
|
|
o polarssl: show cipher suite name correctly with 1.1.0
|
|
|
|
o polarssl: havege_rand is not present in version 1.1.0 WARNING, we still
|
|
|
|
use the old API which is said to be insecure. See
|
|
|
|
http://polarssl.org/trac/wiki/SecurityAdvisory201102
|
2012-01-24 15:37:40 +08:00
|
|
|
o gnutls: enforced use of SSLv3 [43]
|
2010-12-15 22:54:17 +08:00
|
|
|
|
2007-07-22 18:17:52 +08:00
|
|
|
This release includes the following known bugs:
|
|
|
|
|
|
|
|
o see docs/KNOWN_BUGS (http://curl.haxx.se/docs/knownbugs.html)
|
|
|
|
|
|
|
|
This release would not have looked like this without help, code, reports and
|
|
|
|
advice from friends like these:
|
|
|
|
|
2011-11-25 07:09:43 +08:00
|
|
|
Alejandro Alvarez Ayllon, Jason Glasgow, Jonas Schnelli, Mark Brand,
|
2011-12-06 05:58:30 +08:00
|
|
|
Martin Storsjo, Yang Tse, Laurent Rabret, Jason Glasgow, Steve Holme,
|
2011-12-13 03:06:50 +08:00
|
|
|
Reza Arbab, Jason Liu, Gokhan Sengun, Rob Ward, Dan Fandrich,
|
2011-12-20 03:08:59 +08:00
|
|
|
Naveen Chandran, Ward Willats, Vladimir Grishchenko, Colin Hogben,
|
2011-12-21 06:27:41 +08:00
|
|
|
Alessandro Ghedini, Cedric Deltheil, Toni Moreno, Bernhard Reutner-Fischer,
|
2012-01-04 06:33:52 +08:00
|
|
|
Sven Wegener, Alex Vinnik, Kamil Dudka, Mamoru Tasaka, Patrice Guerin,
|
2012-01-19 05:33:45 +08:00
|
|
|
Armel Asselin, Arthur Murray, Steve H Truong, Peter Sylvester,
|
2012-01-24 15:37:40 +08:00
|
|
|
Johannes Bauer, Brandon Wang, Pierre Joye, Robert Schumann,
|
|
|
|
Christian Grothoff, Nikos Mavrogiannopoulos
|
2008-01-29 05:19:15 +08:00
|
|
|
|
2003-09-23 05:38:52 +08:00
|
|
|
Thanks! (and sorry if I forgot to mention someone)
|
2011-12-20 03:08:59 +08:00
|
|
|
|
|
|
|
References to bug reports and discussions on issues:
|
|
|
|
|
|
|
|
[1] = http://curl.haxx.se/mail/lib-2011-11/0116.html
|
|
|
|
[2] = http://curl.haxx.se/mail/archive-2011-11/0030.htm
|
|
|
|
[3] = http://curl.haxx.se/mail/archive-2011-11/0035.html
|
|
|
|
[4] = http://curl.haxx.se/mail/lib-2011-11/0218.html
|
|
|
|
[5] = http://curl.haxx.se/mail/lib-2011-11/0267.html
|
|
|
|
[6] = http://curl.haxx.se/mail/lib-2011-11/0279.html
|
|
|
|
[7] = http://curl.haxx.se/mail/lib-2011-11/0247.html
|
|
|
|
[8] = http://curl.haxx.se/mail/lib-2011-11/0294.html
|
|
|
|
[9] = http://curl.haxx.se/bug/view.cgi?id=3442068
|
|
|
|
[10] = http://curl.haxx.se/mail/lib-2011-12/0018.html
|
|
|
|
[11] = http://curl.haxx.se/mail/archive-2011-12/0010.html
|
|
|
|
[12] = http://curl.haxx.se/bug/view.cgi?id=3451592
|
|
|
|
[13] = http://curl.haxx.se/mail/lib-2011-11/0371.html
|
|
|
|
[14] = http://curl.haxx.se/mail/lib-2011-11/0368.html
|
|
|
|
[15] = http://curl.haxx.se/mail/archive-2011-12/0012.html
|
|
|
|
[16] = http://curl.haxx.se/mail/lib-2011-12/0063.html
|
|
|
|
[17] = http://curl.haxx.se/mail/lib-2011-12/0010.html
|
|
|
|
[18] = http://curl.haxx.se/mail/lib-2011-12/0070.html
|
|
|
|
[19] = http://curl.haxx.se/mail/lib-2011-11/0022.html
|
|
|
|
[20] = http://curl.haxx.se/mail/lib-2011-12/0121.html
|
|
|
|
[21] = http://curl.haxx.se/mail/lib-2011-12/0107.html
|
|
|
|
[22] = http://curl.haxx.se/mail/lib-2011-11/0164.html
|
|
|
|
[23] = http://curl.haxx.se/mail/lib-2011-11/0067.html
|
|
|
|
[24] = http://curl.haxx.se/mail/lib-2011-11/0205.html
|
2011-12-21 06:27:41 +08:00
|
|
|
[25] = http://curl.haxx.se/mail/lib-2011-12/0179.html
|
|
|
|
[26] = http://curl.haxx.se/mail/lib-2011-12/0215.html
|
|
|
|
[27] = http://curl.haxx.se/mail/archive-2011-12/0022.html
|
|
|
|
[28] = http://curl.haxx.se/mail/lib-2011-12/0218.html
|
|
|
|
[29] = http://curl.haxx.se/mail/lib-2011-12/0211.html
|
2011-12-21 06:57:39 +08:00
|
|
|
[30] = http://curl.haxx.se/libcurl/c/curl_easy_setopt.html#CURLOPTACCEPTTIMOUTMS
|
|
|
|
[31] = http://curl.haxx.se/mail/lib-2011-12/0133.html
|
2011-12-26 05:37:24 +08:00
|
|
|
[32] = https://bugzilla.redhat.com/767490
|
2011-12-31 18:22:26 +08:00
|
|
|
[33] = http://curl.haxx.se/mail/lib-2011-12/0314.html
|
|
|
|
[34] = http://curl.haxx.se/mail/lib-2011-12/0249.html
|
|
|
|
[35] = http://curl.haxx.se/bug/view.cgi?id=3463121
|
2012-01-04 06:33:52 +08:00
|
|
|
[36] = http://curl.haxx.se/bug/view.cgi?id=3466497
|
|
|
|
[37] = http://curl.haxx.se/mail/lib-2011-12/0249.html
|
2012-01-13 06:30:19 +08:00
|
|
|
[38] = http://curl.haxx.se/mail/lib-2012-01/0146.html
|
|
|
|
[39] = http://curl.haxx.se/mail/lib-2012-01/0160.html
|
|
|
|
[40] = http://curl.haxx.se/mail/lib-2012-01/0096.html
|
|
|
|
[41] = http://curl.haxx.se/mail/lib-2012-01/0049.html
|
2012-01-19 05:33:45 +08:00
|
|
|
[42] = http://curl.haxx.se/bug/view.cgi?id=3474308
|
2012-01-24 15:37:40 +08:00
|
|
|
[43] = http://curl.haxx.se/mail/lib-2012-01/0225.html
|