[352] | 1 | Curl and libcurl 7.57.0
|
---|
| 2 |
|
---|
| 3 | Public curl releases: 171
|
---|
| 4 | Command line options: 211
|
---|
| 5 | curl_easy_setopt() options: 249
|
---|
| 6 | Public functions in libcurl: 74
|
---|
| 7 | Contributors: 1649
|
---|
| 8 |
|
---|
| 9 | This release includes the following changes:
|
---|
| 10 |
|
---|
| 11 | o auth: add support for RFC7616 - HTTP Digest access authentication [12]
|
---|
| 12 | o share: add support for sharing the connection cache [31]
|
---|
| 13 | o HTTP: implement Brotli content encoding [28]
|
---|
| 14 |
|
---|
| 15 | This release includes the following bugfixes:
|
---|
| 16 |
|
---|
| 17 | o CVE-2017-8816: NTLM buffer overflow via integer overflow [47]
|
---|
| 18 | o CVE-2017-8817: FTP wildcard out of bounds read [48]
|
---|
| 19 | o CVE-2017-8818: SSL out of buffer access [49]
|
---|
| 20 | o curl_mime_filedata.3: fix typos [1]
|
---|
| 21 | o libtest: Add required test libraries for lib1552 and lib1553 [2]
|
---|
| 22 | o fix time diffs for systems using unsigned time_t [3]
|
---|
| 23 | o ftplistparser: memory leak fix: free temporary memory always [4]
|
---|
| 24 | o multi: allow table handle sizes to be overridden [5]
|
---|
| 25 | o wildcards: don't use with non-supported protocols [6]
|
---|
| 26 | o curl_fnmatch: return error on illegal wildcard pattern [7]
|
---|
| 27 | o transfer: Fix chunked-encoding upload too early exit [8]
|
---|
| 28 | o curl_setup: Improve detection of CURL_WINDOWS_APP [9]
|
---|
| 29 | o resolvers: only include anything if needed [10]
|
---|
| 30 | o setopt: fix CURLOPT_SSH_AUTH_TYPES option read
|
---|
| 31 | o appveyor: add a win32 build
|
---|
| 32 | o Curl_timeleft: change return type to timediff_t [11]
|
---|
| 33 | o cmake: Export libcurl and curl targets to use by other cmake projects [13]
|
---|
| 34 | o curl: in -F option arg, comma is a delimiter for files only [14]
|
---|
| 35 | o curl: improved ";type=" handling in -F option arguments
|
---|
| 36 | o timeval: use mach_absolute_time() on MacOS [15]
|
---|
| 37 | o curlx: the timeval functions are no longer provided as curlx_* [16]
|
---|
| 38 | o mkhelp.pl: do not generate comment with current date [17]
|
---|
| 39 | o memdebug: use send/recv signature for curl_dosend/curl_dorecv [18]
|
---|
| 40 | o cookie: avoid NULL dereference [19]
|
---|
| 41 | o url: fix CURLOPT_POSTFIELDSIZE arg value check to allow -1 [20]
|
---|
| 42 | o include: remove conncache.h inclusion from where its not needed
|
---|
| 43 | o CURLOPT_MAXREDIRS: allow -1 as a value [21]
|
---|
| 44 | o tests: Fixed torture tests on tests 556 and 650
|
---|
| 45 | o http2: Fixed OOM handling in upgrade request
|
---|
| 46 | o url: fix CURLOPT_DNS_CACHE_TIMEOUT arg value check to allow -1
|
---|
| 47 | o CURLOPT_INFILESIZE: accept -1 [22]
|
---|
| 48 | o curl: pass through [] in URLs instead of calling globbing error [23]
|
---|
| 49 | o curl: speed up handling of many URLs [24]
|
---|
| 50 | o ntlm: avoid malloc(0) for zero length passwords [25]
|
---|
| 51 | o url: remove faulty arg value check from CURLOPT_SSH_AUTH_TYPES [26]
|
---|
| 52 | o HTTP: support multiple Content-Encodings [27]
|
---|
| 53 | o travis: add a job with brotli enabled
|
---|
| 54 | o url: remove unncessary NULL-check
|
---|
| 55 | o fnmatch: remove dead code
|
---|
| 56 | o connect: store IPv6 connection status after valid connection [29]
|
---|
| 57 | o imap: deal with commands case insensitively [30]
|
---|
| 58 | o --interface: add support for Linux VRF [32]
|
---|
| 59 | o content_encoding: fix inflate_stream for no bytes available [33]
|
---|
| 60 | o cmake: Correctly include curl.rc in Windows builds [34]
|
---|
| 61 | o cmake: Add missing setmode check [35]
|
---|
| 62 | o connect.c: remove executable bit on file [36]
|
---|
| 63 | o SMB: fix uninitialized local variable
|
---|
| 64 | o zlib/brotli: only include header files in modules needing them [37]
|
---|
| 65 | o URL: return error on malformed URLs with junk after IPv6 bracket [38]
|
---|
| 66 | o openssl: fix too broad use of HAVE_OPAQUE_EVP_PKEY [39]
|
---|
| 67 | o macOS: Fix missing connectx function with Xcode version older than 9.0 [40]
|
---|
| 68 | o --resolve: allow IP address within [] brackets [41]
|
---|
| 69 | o examples/curlx: Fix code style [42]
|
---|
| 70 | o ntlm: remove unnecessary NULL-check to please scan-build [43]
|
---|
| 71 | o Curl_llist_remove: fix potential NULL pointer deref [43]
|
---|
| 72 | o mime: fix "Value stored to 'sz' is never read" scan-build error [43]
|
---|
| 73 | o openssl: fix "Value stored to 'rc' is never read" scan-build error [43]
|
---|
| 74 | o http2: fix "Value stored to 'hdbuf' is never read" scan-build error [43]
|
---|
| 75 | o http2: fix "Value stored to 'end' is never read" scan-build error [43]
|
---|
| 76 | o Curl_open: fix OOM return error correctly [43]
|
---|
| 77 | o url: reject ASCII control characters and space in host names [44]
|
---|
| 78 | o examples/rtsp: clear RANGE again after use [45]
|
---|
| 79 | o connect: improve the bind error message [46]
|
---|
| 80 | o make: fix "make distclean" [50]
|
---|
| 81 | o connect: add support for new TCP Fast Open API on Linux [51]
|
---|
| 82 | o metalink: fix memory-leak and NULL pointer dereference [52]
|
---|
| 83 | o URL: update "file:" URL handling [53]
|
---|
| 84 | o ssh: remove check for a NULL pointer [54]
|
---|
| 85 | o global_init: ignore CURL_GLOBAL_SSL's absense [55]
|
---|
| 86 |
|
---|
| 87 | This release includes the following known bugs:
|
---|
| 88 |
|
---|
| 89 | o see docs/KNOWN_BUGS (https://curl.haxx.se/docs/knownbugs.html)
|
---|
| 90 |
|
---|
| 91 | This release would not have looked like this without help, code, reports and
|
---|
| 92 | advice from friends like these:
|
---|
| 93 |
|
---|
| 94 | Alessandro Ghedini, Alex Malinovich, Alex Nichols, Alfonso Martone,
|
---|
| 95 | Andrew Lambert, arainchik on github, Brian Carpenter, cbartl on github,
|
---|
| 96 | Dan Fandrich, Daniel Bankhead, Daniel Stenberg, Dirk Feytons,
|
---|
| 97 | Dmitri Tikhonov, Evgeny Grin, Gisle Vanem, hsiao yi, Jakub Zakrzewski,
|
---|
| 98 | John Starks, Juro Bystricky, Kamil Dudka, Luca Boccassi, Marcel Raad,
|
---|
| 99 | Martin Storsjæ¦, Matthew Kerwin, Max Dymond, Michael Felt, Michael Kaufmann,
|
---|
| 100 | moohoorama on github, omau on github, Orgad Shaneh, Patrick Monnerat,
|
---|
| 101 | Paul Howarth, Pavel Gushchin, Pavol Markovic, Per Lundberg, Peter Piekarski,
|
---|
| 102 | Petr Voytsik, Ray Satiro, Rob Cotrone, Viktor Szakå©ts, youngchopin on github,
|
---|
| 103 | (41 contributors)
|
---|
| 104 |
|
---|
| 105 | Thanks! (and sorry if I forgot to mention someone)
|
---|
| 106 |
|
---|
| 107 | References to bug reports and discussions on issues:
|
---|
| 108 |
|
---|
| 109 | [1] = https://curl.haxx.se/bug/?i=2008
|
---|
| 110 | [2] = https://curl.haxx.se/bug/?i=2006
|
---|
| 111 | [3] = https://curl.haxx.se/bug/?i=2004
|
---|
| 112 | [4] = https://curl.haxx.se/bug/?i=2013
|
---|
| 113 | [5] = https://curl.haxx.se/bug/?i=1982
|
---|
| 114 | [6] = https://curl.haxx.se/bug/?i=2016
|
---|
| 115 | [7] = https://curl.haxx.se/bug/?i=2015
|
---|
| 116 | [8] = https://curl.haxx.se/bug/?i=2001
|
---|
| 117 | [9] = https://curl.haxx.se/bug/?i=2025
|
---|
| 118 | [10] = https://curl.haxx.se/bug/?i=2023
|
---|
| 119 | [11] = https://curl.haxx.se/bug/?i=2021
|
---|
| 120 | [12] = https://curl.haxx.se/bug/?i=1934
|
---|
| 121 | [13] = https://curl.haxx.se/bug/?i=1879
|
---|
| 122 | [14] = https://curl.haxx.se/bug/?i=2022
|
---|
| 123 | [15] = https://curl.haxx.se/bug/?i=2033
|
---|
| 124 | [16] = https://curl.haxx.se/bug/?i=2034
|
---|
| 125 | [17] = https://curl.haxx.se/bug/?i=2026
|
---|
| 126 | [18] = https://curl.haxx.se/bug/?i=2031
|
---|
| 127 | [19] = https://curl.haxx.se/bug/?i=2032
|
---|
| 128 | [20] = https://curl.haxx.se/mail/lib-2017-11/0000.html
|
---|
| 129 | [21] = https://curl.haxx.se/bug/?i=2038
|
---|
| 130 | [22] = https://curl.haxx.se/bug/?i=2047
|
---|
| 131 | [23] = https://curl.haxx.se/bug/?i=2044
|
---|
| 132 | [24] = https://curl.haxx.se/bug/?i=1959
|
---|
| 133 | [25] = https://curl.haxx.se/bug/?i=2054
|
---|
| 134 | [26] = https://github.com/curl/curl/commit/f121575#commitcomment-25347120
|
---|
| 135 | [27] = https://curl.haxx.se/bug/?i=2002
|
---|
| 136 | [28] = https://curl.haxx.se/bug/?i=2045
|
---|
| 137 | [29] = https://curl.haxx.se/bug/?i=2053
|
---|
| 138 | [30] = https://curl.haxx.se/bug/?i=2061
|
---|
| 139 | [31] = https://curl.haxx.se/bug/?i=2043
|
---|
| 140 | [32] = https://curl.haxx.se/bug/?i=2024
|
---|
| 141 | [33] = https://curl.haxx.se/bug/?i=2060
|
---|
| 142 | [34] = https://curl.haxx.se/bug/?i=2064
|
---|
| 143 | [35] = https://curl.haxx.se/bug/?i=2067
|
---|
| 144 | [36] = https://curl.haxx.se/bug/?i=2071
|
---|
| 145 | [37] = https://curl.haxx.se/mail/lib-2017-11/0032.html
|
---|
| 146 | [38] = https://curl.haxx.se/bug/?i=2072
|
---|
| 147 | [39] = https://curl.haxx.se/bug/?i=2079
|
---|
| 148 | [40] = https://curl.haxx.se/bug/?i=2080
|
---|
| 149 | [41] = https://curl.haxx.se/bug/?i=2087
|
---|
| 150 | [42] = https://curl.haxx.se/bug/?i=2096
|
---|
| 151 | [43] = https://curl.haxx.se/bug/?i=2098
|
---|
| 152 | [44] = https://curl.haxx.se/bug/?i=2073
|
---|
| 153 | [45] = https://curl.haxx.se/bug/?i=2106
|
---|
| 154 | [46] = https://curl.haxx.se/bug/?i=2104
|
---|
| 155 | [47] = https://curl.haxx.se/docs/adv_2017-11e7.html
|
---|
| 156 | [48] = https://curl.haxx.se/docs/adv_2017-ae72.html
|
---|
| 157 | [49] = https://curl.haxx.se/docs/adv_2017-af0a.html
|
---|
| 158 | [50] = https://curl.haxx.se/bug/?i=2097
|
---|
| 159 | [51] = https://curl.haxx.se/bug/?i=2056
|
---|
| 160 | [52] = https://curl.haxx.se/bug/?i=2109
|
---|
| 161 | [53] = https://curl.haxx.se/bug/?i=2110
|
---|
| 162 | [54] = https://curl.haxx.se/bug/?i=2111
|
---|
| 163 | [55] = https://curl.haxx.se/bug/?i=2083
|
---|