mirror of
https://github.com/curl/curl.git
synced 2024-11-27 05:50:21 +08:00
142 lines
6.6 KiB
Plaintext
142 lines
6.6 KiB
Plaintext
Curl and libcurl 7.51.0
|
||
|
||
Public curl releases: 160
|
||
Command line options: 185
|
||
curl_easy_setopt() options: 224
|
||
Public functions in libcurl: 61
|
||
Contributors: 1445
|
||
|
||
This release includes the following changes:
|
||
|
||
o nss: additional cipher suites are now accepted by CURLOPT_SSL_CIPHER_LIST
|
||
o New option: CURLOPT_KEEP_SENDING_ON_ERROR [10]
|
||
|
||
This release includes the following bugfixes:
|
||
|
||
o CVE-2016-8615: cookie injection for other servers [28]
|
||
o CVE-2016-8616: case insensitive password comparison [29]
|
||
o CVE-2016-8617: OOB write via unchecked multiplication [30]
|
||
o CVE-2016-8618: double-free in curl_maprintf [31]
|
||
o CVE-2016-8619: double-free in krb5 code [32]
|
||
o CVE-2016-8620: glob parser write/read out of bounds [33]
|
||
o CVE-2016-8621: curl_getdate read out of bounds [34]
|
||
o CVE-2016-8622: URL unescape heap overflow via integer truncation [35]
|
||
o CVE-2016-8623: Use-after-free via shared cookies [36]
|
||
o CVE-2016-8624: invalid URL parsing with '#' [37]
|
||
o CVE-2016-8625: IDNA 2003 makes curl use wrong host [38]
|
||
o openssl: fix per-thread memory leak using 1.0.1 or 1.0.2 [1]
|
||
o http: accept "Transfer-Encoding: chunked" for HTTP/2 as well [2]
|
||
o LICENSE-MIXING.md: update with mbedTLS dual licensing [3]
|
||
o examples/imap-append: Set size of data to be uploaded [4]
|
||
o test2048: fix url
|
||
o darwinssl: disable RC4 cipher-suite support
|
||
o CURLOPT_PINNEDPUBLICKEY.3: fix the AVAILABILITY formatting
|
||
o openssl: don’t call CRYTPO_cleanup_all_ex_data [5]
|
||
o libressl: fix version output [6]
|
||
o easy: Reset all statistical session info in curl_easy_reset [7]
|
||
o curl_global_cleanup.3: don't unload the lib with sub threads running [8]
|
||
o dist: add CurlSymbolHiding.cmake to the tarball
|
||
o docs: Remove that --proto is just used for initial retrieval [9]
|
||
o configure: Fixed builds with libssh2 in a custom location
|
||
o curl.1: --trace supports % for sending to stderr!
|
||
o cookies: same domain handling changed to match browser behavior [11]
|
||
o formpost: trying to attach a directory no longer crashes [12]
|
||
o CURLOPT_DEBUGFUNCTION.3: fixed unused argument warning [13]
|
||
o formpost: avoid silent snprintf() truncation
|
||
o ftp: fix Curl_ftpsendf
|
||
o mprintf: return error on too many arguments
|
||
o smb: properly check incoming packet boundaries [14]
|
||
o GIT-INFO: remove the Mac 10.1-specific details [15]
|
||
o resolve: add error message when resolving using SIGALRM [16]
|
||
o cmake: add nghttp2 support [17]
|
||
o dist: remove PDF and HTML converted docs from the releases [18]
|
||
o configure: disable poll() in macOS builds [19]
|
||
o vtls: only re-use session-ids using the same scheme
|
||
o pipelining: skip to-be-closed connections when pipelining [20]
|
||
o win: fix Universal Windows Platform build [21]
|
||
o curl: do not set CURLOPT_SSLENGINE to DEFAULT automatically [22]
|
||
o maketgz: make it support "only" generating version info
|
||
o Curl_socket_check: add extra check to avoid integer overflow
|
||
o gopher: properly return error for poll failures
|
||
o curl: set INTERLEAVEDATA too
|
||
o polarssl: clear thread array at init
|
||
o polarssl: fix unaligned SSL session-id lock
|
||
o polarssl: reduce #ifdef madness with a macro
|
||
o curl_multi_add_handle: set timeouts in closure handles [23]
|
||
o configure: set min version flags for builds on mac [24]
|
||
o INSTALL: converted to markdown => INSTALL.md
|
||
o curl_multi_remove_handle: fix a double-free [25]
|
||
o multi: fix inifinte loop in curl_multi_cleanup() [26]
|
||
o nss: fix tight loop in non-blocking TLS handhsake over proxy [27]
|
||
o mk-ca-bundle: Change URL retrieval to HTTPS-only by default [39]
|
||
o mbedtls: stop using deprecated include file [40]
|
||
o docs: fix req->data in multi-uv example [41]
|
||
o configure: Fix test syntax for monotonic clock_gettime
|
||
o CURLMOPT_MAX_PIPELINE_LENGTH.3: Clarify it's not for HTTP/2 [42]
|
||
|
||
This release includes the following known bugs:
|
||
|
||
o see docs/KNOWN_BUGS (https://curl.haxx.se/docs/knownbugs.html)
|
||
|
||
This release would not have looked like this without help, code, reports and
|
||
advice from friends like these:
|
||
|
||
Akshay Vernekar, Alexander Sinditskiy, Anders Bakken, Andreas Streichardt,
|
||
Andrei Sedoi, Bernard Spil, Christian Heimes, Dan Fandrich,
|
||
Daniel Gustafsson, Daniel Stenberg, Darío Hereñú, David Woodhouse,
|
||
Fernando Muñoz, Gregory Szorc, Jeroen Ooms, Kamil Dudka, Luật Nguyễn,
|
||
lukaszgn on github, Marcel Raad, Martin Frodl, Martin Storsjo,
|
||
Martin Storsjö, Michael Kaufmann, Michael Osipov, Miloš Ljumović,
|
||
Nick Zitzmann, nopjmp on github, Paul Joyce, Rainer Müller, Ray Satiro,
|
||
Remo E, Rider Linden, Sebastian Mundry, Sergei Kuzmin, Stephen Brokenshire,
|
||
Tobias Stoeckmann, Toby Peterson, Todd Short, Tony Kelman, Torben Dannhauer,
|
||
Valentin David,
|
||
(41 contributors)
|
||
|
||
Thanks! (and sorry if I forgot to mention someone)
|
||
|
||
References to bug reports and discussions on issues:
|
||
|
||
[1] = https://curl.haxx.se/bug/?i=964
|
||
[2] = https://curl.haxx.se/bug/?i=1013
|
||
[3] = https://curl.haxx.se/bug/?i=1019
|
||
[4] = https://curl.haxx.se/bug/?i=1011
|
||
[5] = https://curl.haxx.se/mail/lib-2016-09/0045.html
|
||
[6] = https://curl.haxx.se/bug/?i=1029
|
||
[7] = https://curl.haxx.se/bug/?i=1017
|
||
[8] = https://curl.haxx.se/bug/?i=997
|
||
[9] = https://curl.haxx.se/bug/?i=1031
|
||
[10] = https://curl.haxx.se/libcurl/c/CURLOPT_KEEP_SENDING_ON_ERROR.html
|
||
[11] = https://curl.haxx.se/bug/?i=1050
|
||
[12] = https://curl.haxx.se/bug/?i=1053
|
||
[13] = https://curl.haxx.se/bug/?i=1056
|
||
[14] = https://curl.haxx.se/bug/?i=1052
|
||
[15] = https://curl.haxx.se/bug/?i=1049
|
||
[16] = https://curl.haxx.se/bug/?i=1066
|
||
[17] = https://curl.haxx.se/bug/?i=922
|
||
[18] = https://curl.haxx.se/mail/lib-2016-10/0040.html
|
||
[19] = https://curl.haxx.se/bug/?i=1057
|
||
[20] = https://curl.haxx.se/bug/?i=1075
|
||
[21] = https://curl.haxx.se/bug/?i=1048
|
||
[22] = https://curl.haxx.se/bug/?i=1042
|
||
[23] = https://curl.haxx.se/bug/?i=739
|
||
[24] = https://curl.haxx.se/bug/?i=1069
|
||
[25] = https://curl.haxx.se/bug/?i=1083
|
||
[26] = https://curl.haxx.se/mail/lib-2016-10/0011.html
|
||
[27] = https://bugzilla.redhat.com/1388162
|
||
[28] = https://curl.haxx.se/docs/adv_20161102A.html
|
||
[29] = https://curl.haxx.se/docs/adv_20161102B.html
|
||
[30] = https://curl.haxx.se/docs/adv_20161102C.html
|
||
[31] = https://curl.haxx.se/docs/adv_20161102D.html
|
||
[32] = https://curl.haxx.se/docs/adv_20161102E.html
|
||
[33] = https://curl.haxx.se/docs/adv_20161102F.html
|
||
[34] = https://curl.haxx.se/docs/adv_20161102G.html
|
||
[35] = https://curl.haxx.se/docs/adv_20161102H.html
|
||
[36] = https://curl.haxx.se/docs/adv_20161102I.html
|
||
[37] = https://curl.haxx.se/docs/adv_20161102J.html
|
||
[38] = https://curl.haxx.se/docs/adv_20161102K.html
|
||
[39] = https://curl.haxx.se/bug/?i=1012
|
||
[40] = https://curl.haxx.se/bug/?i=1087
|
||
[41] = https://curl.haxx.se/bug/?i=1088
|
||
[42] = https://curl.haxx.se/bug/?i=1059
|