curl/RELEASE-NOTES
2017-06-14 08:08:56 +02:00

220 lines
10 KiB
Plaintext

Curl and libcurl 7.54.1
Public curl releases: 166
Command line options: 207
curl_easy_setopt() options: 245
Public functions in libcurl: 61
Contributors: 1571
This release includes the following changes:
o curl: show the libcurl release date in --version output [32]
This release includes the following bugfixes:
o CVE-2017-9502: file: URL buffer overflow [65]
o openssl: fix memory leak in servercert
o tests: remove the html and PDF versions from the tarball
o mbedtls: enable NTLM (& SMB) even if MD4 support is unavailable
o typecheck-gcc: handle function pointers properly [1]
o llist: no longer uses malloc [2]
o gnutls: removed some code when --disable-verbose is configured
o lib: fix maybe-uninitialized warnings
o multi: clarify condition in curl_multi_wait [3]
o schannel: Don't treat encrypted partial record as pending data [4]
o configure: fix the -ldl check for openssl, add -lpthread check [5]
o configure: accept -Og and -Ofast GCC flags [6]
o Makefile: avoid use of GNU-specific form of $< [7]
o if2ip: fix -Wcast-align warning
o configure: stop prepending to LDFLAGS, CPPFLAGS [8]
o curl: set a 100K buffer size by default [9]
o typecheck-gcc: fix _curl_is_slist_info [10]
o nss: do not leak PKCS #11 slot while loading a key [11]
o nss: load libnssckbi.so if no other trust is specified [12]
o examples: ftpuploadfrommem.c [13]
o url: declare get_protocol_family() static [14]
o examples/cookie_interface.c: changed to example.com
o test1443: test --remote-time
o curl: use utimes instead of obsolescent utime when available
o url: fixed a memory leak on OOM while setting CURLOPT_BUFFERSIZE
o curl_rtmp: fix missing-variable-declarations warnings
o tests: fixed OOM handling of unit tests to abort test
o curl_setup: Ensure no more than one IDN lib is enabled [15]
o tool: Fix missing prototype warnings for CURL_DOES_CONVERSIONS [16]
o CURLOPT_BUFFERSIZE: 1024 bytes is now the minimum size [17]
o curl: non-boolean command line args reject --no- prefixes [18]
o telnet: Write full buffer instead of byte-by-byte [19]
o typecheck-gcc: add missing string options [20]
o typecheck-gcc: add support for CURLINFO_SOCKET [21]
o opt man pages: they all have examples now
o curl_setup_once: use SEND_QUAL_ARG2 for swrite [22]
o test557: set a known good numeric locale
o schannel: return a more specific error code for SEC_E_UNTRUSTED_ROOT
o tests/server: make string literals const
o runtests: use -R for random order [23]
o unit1305: fix compiler warning
o curl_slist_append.3: clarify a NULL input creates a new list
o tests/server: run checksrc by default in debug-builds
o tests: fix -Wcast-qual warnings
o runtests.pl: simplify the datacheck read section
o curl: remove --environment and tool_writeenv.c [24]
o buildconf: fix hang on IRIX [25]
o tftp: silence bad-function-cast warning
o asyn-thread: fix unused macro warnings
o tool_parsecfg: fix -Wcast-qual warning
o sendrecv: fix MinGW-w64 warning
o test537: use correct variable type [26]
o rand: treat fake entropy the same regardless of endianness [27]
o curl: generate the --help output [28]
o tests: removed redundant --trace-ascii arguments
o multi: assign IDs to all timers and make each timer singleton
o multi: use a fixed array of timers instead of malloc [29]
o mbedtls: Support server renegotiation request [30]
o pipeline: fix mistakenly trying to pipeline POSTs [31]
o lib510: don't write past the end of the buffer if it's too small
o CURLOPT_HTTPPROXYTUNNEL.3: clarify, add example
o SecureTransport/DarwinSSL: Implement public key pinning [33]
o curl.1: clarify --config
o curl_sasl: fix build error with CURL_DISABLE_CRYPTO_AUTH + USE_NTLM [34]
o darwinssl: Fix exception when processing a client-side certificate [35]
o curl.1: mention --oauth2-bearer's <token> argument
o mkhelp.pl: do not add current time into curl binary [36]
o asiohiper.cpp / evhiperfifo.c: deal with negative timerfunction input [37]
o ssh: fix memory leak in disconnect due to timeout [38]
o tests: stabilize test 1034 [39]
o cmake: auto detection of CURL_CA_BUNDLE/CURL_CA_PATH [40]
o assert: avoid, use DEBUGASSERT instead [41]
o LDAP: using ldap_bind_s on Windows with methods [42]
o redirect: store the "would redirect to" URL when max redirs is reached [43]
o winbuild: fix the nghttp2 build [44]
o examples: fix -Wimplicit-fallthrough warnings
o time: fix type conversions and compiler warnings [45]
o mbedtls: fix variable shadow warning
o test557: fix ubsan runtime error due to int left shift [46]
o transfer: init the infilesize from the postfields [47]
o docs: clarify NO_PROXY further [48]
o build-wolfssl: Sync config with wolfSSL 3.11
o curl-compilers.m4: enable -Wshift-sign-overflow for clang [49]
o example/externalsocket.c: make it use CLOSESOCKETFUNCTION too
o lib574.c: use correct callback proto
o lib583: fix compiler warning
o curl-compilers.m4: fix compiler_num for clang [50]
o typecheck-gcc.h: separate getinfo slist checks from other pointers [51]
o typecheck-gcc.h: check CURLINFO_TLS_SSL_PTR and CURLINFO_TLS_SESSION
o typecheck-gcc.h: check CURLINFO_CERTINFO [52]
o build: provide easy code coverage measuring [53]
o test1537: dedicated tests of the URL (un)escape API calls [54]
o curl_endian: remove unused functions [55]
o test1538: verify the libcurl strerror API calls
o MD(4|5): silence cast-align clang warning
o dedotdot: fixed output for ".." and "." only input [56]
o cyassl: define build macros before including ssl.h [57]
o updatemanpages.pl: error out on too old git version
o curl_sasl: fix unused-variable warning
o x509asn1: fix implicit-fallthrough warning with GCC 7
o libtest: fix implicit-fallthrough warnings with GCC 7
o BINDINGS: add Ring binding [58]
o curl_ntlm_core: pass unsigned char to toupper
o test1262: verify ftp download with -z for "if older than this"
o test1521: test all curl_easy_setopt options [59]
o typecheck-gcc: allow CURLOPT_STDERR to be NULL too
o metalink: remove unused printf() argument
o file: make speedcheck use current time for checks [60]
o configure: fix link with librtmp when specifying path [61]
o examples/multi-uv.c: fix deprecated symbol [62]
o cmake: Fix inconsistency regarding mbed TLS include directory [63]
o setopt: check CURLOPT_ADDRESS_SCOPE option range
o gitignore: ignore all vim swap files [64]
o urlglob: fix division by zero
o libressl: OCSP and intermediate certs workaround no longer needed [66]
This release includes the following known bugs:
o see docs/KNOWN_BUGS (https://curl.haxx.se/docs/knownbugs.html)
This release would not have looked like this without help, code, reports and
advice from friends like these:
Akhil Kedia, Alan Jenkins, Anatol Belski, Bernhard M. Wiedemann,
Brian Childs, canavan at github, Chris Carlmar, Dan Fandrich,
Daniel Stenberg, Edward Thomson, Gisle Vanem, GwanYeong Kim,
Helmut K. C. Tessarek, Joel Depooter, jonrumsey at github, Kai Engert,
Kamil Dudka, Kevin Ji, Lloyd Fournier, Mahmoud Samir Fayed, Marcel Raad,
Martin Kepplinger, Max Dymond, Michael Kaufmann, Nick Zitzmann, Paul Harris,
Phil Crump, Piotr Dobrogost, Ray Satiro, Richard Hsu, Ron Eldor,
Ryuichi KAWAMATA, Sergei Nikulov, Simon Warta, stootill at github,
Stuart Henderson, TheAssassin at github, Thomas Klausner, Travis Burtrum,
Vincas Razma, wyattoday at github,
(41 contributors)
Thanks! (and sorry if I forgot to mention someone)
References to bug reports and discussions on issues:
[1] = https://curl.haxx.se/bug/?i=1403
[2] = https://curl.haxx.se/bug/?i=1435
[3] = https://curl.haxx.se/bug/?i=1439
[4] = https://curl.haxx.se/bug/?i=1392
[5] = https://curl.haxx.se/bug/?i=1427
[6] = https://curl.haxx.se/bug/?i=1440
[7] = https://curl.haxx.se/bug/?i=1432
[8] = https://curl.haxx.se/bug/?i=1420
[9] = https://curl.haxx.se/bug/?i=1446
[10] = https://curl.haxx.se/bug/?i=1447
[11] = https://bugzilla.redhat.com/1444860
[12] = https://curl.haxx.se/bug/?i=1414
[13] = https://curl.haxx.se/bug/?i=1451
[14] = https://curl.haxx.se/mail/lib-2017-04/0127.html
[15] = https://github.com/curl/curl/issues/1441#issuecomment-297689856
[16] = https://curl.haxx.se/bug/?i=1460
[17] = https://curl.haxx.se/bug/?i=1449
[18] = https://curl.haxx.se/bug/?i=1453
[19] = https://curl.haxx.se/bug/?i=1389
[20] = https://curl.haxx.se/bug/?i=1452
[21] = https://curl.haxx.se/bug/?i=1452
[22] = https://curl.haxx.se/bug/?i=1464
[23] = https://curl.haxx.se/bug/?i=1466
[24] = https://curl.haxx.se/bug/?i=1463
[25] = https://curl.haxx.se/bug/?i=1471
[26] = https://curl.haxx.se/bug/?i=1469
[27] = https://curl.haxx.se/bug/?i=1315
[28] = https://curl.haxx.se/bug/?i=1465
[29] = https://curl.haxx.se/bug/?i=1472
[30] = https://curl.haxx.se/bug/?i=1475
[31] = https://curl.haxx.se/bug/?i=1481
[32] = https://curl.haxx.se/bug/?i=1474
[33] = https://curl.haxx.se/bug/?i=1400
[34] = https://curl.haxx.se/bug/?i=1487
[35] = https://curl.haxx.se/bug/?i=1450
[36] = https://curl.haxx.se/bug/?i=1490
[37] = https://curl.haxx.se/bug/?i=1253
[38] = https://curl.haxx.se/bug/?i=1479
[39] = https://curl.haxx.se/bug/?i=1488
[40] = https://curl.haxx.se/bug/?i=1461
[41] = https://curl.haxx.se/bug/?i=1504
[42] = https://curl.haxx.se/bug/?i=878
[43] = https://curl.haxx.se/bug/?i=1489
[44] = https://curl.haxx.se/bug/?i=1321
[45] = https://curl.haxx.se/bug/?i=1499
[46] = https://curl.haxx.se/bug/?i=1516
[47] = https://curl.haxx.se/bug/?i=1294
[48] = https://curl.haxx.se/bug/?i=1208
[49] = https://curl.haxx.se/bug/?i=1516
[50] = https://curl.haxx.se/bug/?i=1522
[51] = https://curl.haxx.se/bug/?i=1524
[52] = https://curl.haxx.se/bug/?i=846
[53] = https://curl.haxx.se/bug/?i=1528
[54] = https://curl.haxx.se/bug/?i=1530
[55] = https://curl.haxx.se/bug/?i=1529
[56] = https://curl.haxx.se/bug/?i=1532
[57] = https://curl.haxx.se/bug/?i=1536
[58] = https://curl.haxx.se/bug/?i=1539
[59] = https://curl.haxx.se/bug/?i=1543
[60] = https://curl.haxx.se/bug/?i=1550
[61] = https://curl.haxx.se/mail/lib-2017-06/0017.html
[62] = https://curl.haxx.se/bug/?i=1557
[63] = https://curl.haxx.se/bug/?i=1541
[64] = https://curl.haxx.se/bug/?i=1561
[65] = https://curl.haxx.se/docs/adv_20170614.html
[66] = https://curl.haxx.se/mail/lib-2017-06/0038.html