1 | Curl and libcurl 7.57.0
|
---|
2 |
|
---|
3 | Public curl releases: 171
|
---|
4 | Command line options: 211
|
---|
5 | curl_easy_setopt() options: 249
|
---|
6 | Public functions in libcurl: 74
|
---|
7 | Contributors: 1649
|
---|
8 |
|
---|
9 | This release includes the following changes:
|
---|
10 |
|
---|
11 | o auth: add support for RFC7616 - HTTP Digest access authentication [12]
|
---|
12 | o share: add support for sharing the connection cache [31]
|
---|
13 | o HTTP: implement Brotli content encoding [28]
|
---|
14 |
|
---|
15 | This release includes the following bugfixes:
|
---|
16 |
|
---|
17 | o CVE-2017-8816: NTLM buffer overflow via integer overflow [47]
|
---|
18 | o CVE-2017-8817: FTP wildcard out of bounds read [48]
|
---|
19 | o CVE-2017-8818: SSL out of buffer access [49]
|
---|
20 | o curl_mime_filedata.3: fix typos [1]
|
---|
21 | o libtest: Add required test libraries for lib1552 and lib1553 [2]
|
---|
22 | o fix time diffs for systems using unsigned time_t [3]
|
---|
23 | o ftplistparser: memory leak fix: free temporary memory always [4]
|
---|
24 | o multi: allow table handle sizes to be overridden [5]
|
---|
25 | o wildcards: don't use with non-supported protocols [6]
|
---|
26 | o curl_fnmatch: return error on illegal wildcard pattern [7]
|
---|
27 | o transfer: Fix chunked-encoding upload too early exit [8]
|
---|
28 | o curl_setup: Improve detection of CURL_WINDOWS_APP [9]
|
---|
29 | o resolvers: only include anything if needed [10]
|
---|
30 | o setopt: fix CURLOPT_SSH_AUTH_TYPES option read
|
---|
31 | o appveyor: add a win32 build
|
---|
32 | o Curl_timeleft: change return type to timediff_t [11]
|
---|
33 | o cmake: Export libcurl and curl targets to use by other cmake projects [13]
|
---|
34 | o curl: in -F option arg, comma is a delimiter for files only [14]
|
---|
35 | o curl: improved ";type=" handling in -F option arguments
|
---|
36 | o timeval: use mach_absolute_time() on MacOS [15]
|
---|
37 | o curlx: the timeval functions are no longer provided as curlx_* [16]
|
---|
38 | o mkhelp.pl: do not generate comment with current date [17]
|
---|
39 | o memdebug: use send/recv signature for curl_dosend/curl_dorecv [18]
|
---|
40 | o cookie: avoid NULL dereference [19]
|
---|
41 | o url: fix CURLOPT_POSTFIELDSIZE arg value check to allow -1 [20]
|
---|
42 | o include: remove conncache.h inclusion from where its not needed
|
---|
43 | o CURLOPT_MAXREDIRS: allow -1 as a value [21]
|
---|
44 | o tests: Fixed torture tests on tests 556 and 650
|
---|
45 | o http2: Fixed OOM handling in upgrade request
|
---|
46 | o url: fix CURLOPT_DNS_CACHE_TIMEOUT arg value check to allow -1
|
---|
47 | o CURLOPT_INFILESIZE: accept -1 [22]
|
---|
48 | o curl: pass through [] in URLs instead of calling globbing error [23]
|
---|
49 | o curl: speed up handling of many URLs [24]
|
---|
50 | o ntlm: avoid malloc(0) for zero length passwords [25]
|
---|
51 | o url: remove faulty arg value check from CURLOPT_SSH_AUTH_TYPES [26]
|
---|
52 | o HTTP: support multiple Content-Encodings [27]
|
---|
53 | o travis: add a job with brotli enabled
|
---|
54 | o url: remove unncessary NULL-check
|
---|
55 | o fnmatch: remove dead code
|
---|
56 | o connect: store IPv6 connection status after valid connection [29]
|
---|
57 | o imap: deal with commands case insensitively [30]
|
---|
58 | o --interface: add support for Linux VRF [32]
|
---|
59 | o content_encoding: fix inflate_stream for no bytes available [33]
|
---|
60 | o cmake: Correctly include curl.rc in Windows builds [34]
|
---|
61 | o cmake: Add missing setmode check [35]
|
---|
62 | o connect.c: remove executable bit on file [36]
|
---|
63 | o SMB: fix uninitialized local variable
|
---|
64 | o zlib/brotli: only include header files in modules needing them [37]
|
---|
65 | o URL: return error on malformed URLs with junk after IPv6 bracket [38]
|
---|
66 | o openssl: fix too broad use of HAVE_OPAQUE_EVP_PKEY [39]
|
---|
67 | o macOS: Fix missing connectx function with Xcode version older than 9.0 [40]
|
---|
68 | o --resolve: allow IP address within [] brackets [41]
|
---|
69 | o examples/curlx: Fix code style [42]
|
---|
70 | o ntlm: remove unnecessary NULL-check to please scan-build [43]
|
---|
71 | o Curl_llist_remove: fix potential NULL pointer deref [43]
|
---|
72 | o mime: fix "Value stored to 'sz' is never read" scan-build error [43]
|
---|
73 | o openssl: fix "Value stored to 'rc' is never read" scan-build error [43]
|
---|
74 | o http2: fix "Value stored to 'hdbuf' is never read" scan-build error [43]
|
---|
75 | o http2: fix "Value stored to 'end' is never read" scan-build error [43]
|
---|
76 | o Curl_open: fix OOM return error correctly [43]
|
---|
77 | o url: reject ASCII control characters and space in host names [44]
|
---|
78 | o examples/rtsp: clear RANGE again after use [45]
|
---|
79 | o connect: improve the bind error message [46]
|
---|
80 | o make: fix "make distclean" [50]
|
---|
81 | o connect: add support for new TCP Fast Open API on Linux [51]
|
---|
82 | o metalink: fix memory-leak and NULL pointer dereference [52]
|
---|
83 | o URL: update "file:" URL handling [53]
|
---|
84 | o ssh: remove check for a NULL pointer [54]
|
---|
85 | o global_init: ignore CURL_GLOBAL_SSL's absense [55]
|
---|
86 |
|
---|
87 | This release includes the following known bugs:
|
---|
88 |
|
---|
89 | o see docs/KNOWN_BUGS (https://curl.haxx.se/docs/knownbugs.html)
|
---|
90 |
|
---|
91 | This release would not have looked like this without help, code, reports and
|
---|
92 | advice from friends like these:
|
---|
93 |
|
---|
94 | Alessandro Ghedini, Alex Malinovich, Alex Nichols, Alfonso Martone,
|
---|
95 | Andrew Lambert, arainchik on github, Brian Carpenter, cbartl on github,
|
---|
96 | Dan Fandrich, Daniel Bankhead, Daniel Stenberg, Dirk Feytons,
|
---|
97 | Dmitri Tikhonov, Evgeny Grin, Gisle Vanem, hsiao yi, Jakub Zakrzewski,
|
---|
98 | John Starks, Juro Bystricky, Kamil Dudka, Luca Boccassi, Marcel Raad,
|
---|
99 | Martin Storsjæ¦, Matthew Kerwin, Max Dymond, Michael Felt, Michael Kaufmann,
|
---|
100 | moohoorama on github, omau on github, Orgad Shaneh, Patrick Monnerat,
|
---|
101 | Paul Howarth, Pavel Gushchin, Pavol Markovic, Per Lundberg, Peter Piekarski,
|
---|
102 | Petr Voytsik, Ray Satiro, Rob Cotrone, Viktor Szakå©ts, youngchopin on github,
|
---|
103 | (41 contributors)
|
---|
104 |
|
---|
105 | Thanks! (and sorry if I forgot to mention someone)
|
---|
106 |
|
---|
107 | References to bug reports and discussions on issues:
|
---|
108 |
|
---|
109 | [1] = https://curl.haxx.se/bug/?i=2008
|
---|
110 | [2] = https://curl.haxx.se/bug/?i=2006
|
---|
111 | [3] = https://curl.haxx.se/bug/?i=2004
|
---|
112 | [4] = https://curl.haxx.se/bug/?i=2013
|
---|
113 | [5] = https://curl.haxx.se/bug/?i=1982
|
---|
114 | [6] = https://curl.haxx.se/bug/?i=2016
|
---|
115 | [7] = https://curl.haxx.se/bug/?i=2015
|
---|
116 | [8] = https://curl.haxx.se/bug/?i=2001
|
---|
117 | [9] = https://curl.haxx.se/bug/?i=2025
|
---|
118 | [10] = https://curl.haxx.se/bug/?i=2023
|
---|
119 | [11] = https://curl.haxx.se/bug/?i=2021
|
---|
120 | [12] = https://curl.haxx.se/bug/?i=1934
|
---|
121 | [13] = https://curl.haxx.se/bug/?i=1879
|
---|
122 | [14] = https://curl.haxx.se/bug/?i=2022
|
---|
123 | [15] = https://curl.haxx.se/bug/?i=2033
|
---|
124 | [16] = https://curl.haxx.se/bug/?i=2034
|
---|
125 | [17] = https://curl.haxx.se/bug/?i=2026
|
---|
126 | [18] = https://curl.haxx.se/bug/?i=2031
|
---|
127 | [19] = https://curl.haxx.se/bug/?i=2032
|
---|
128 | [20] = https://curl.haxx.se/mail/lib-2017-11/0000.html
|
---|
129 | [21] = https://curl.haxx.se/bug/?i=2038
|
---|
130 | [22] = https://curl.haxx.se/bug/?i=2047
|
---|
131 | [23] = https://curl.haxx.se/bug/?i=2044
|
---|
132 | [24] = https://curl.haxx.se/bug/?i=1959
|
---|
133 | [25] = https://curl.haxx.se/bug/?i=2054
|
---|
134 | [26] = https://github.com/curl/curl/commit/f121575#commitcomment-25347120
|
---|
135 | [27] = https://curl.haxx.se/bug/?i=2002
|
---|
136 | [28] = https://curl.haxx.se/bug/?i=2045
|
---|
137 | [29] = https://curl.haxx.se/bug/?i=2053
|
---|
138 | [30] = https://curl.haxx.se/bug/?i=2061
|
---|
139 | [31] = https://curl.haxx.se/bug/?i=2043
|
---|
140 | [32] = https://curl.haxx.se/bug/?i=2024
|
---|
141 | [33] = https://curl.haxx.se/bug/?i=2060
|
---|
142 | [34] = https://curl.haxx.se/bug/?i=2064
|
---|
143 | [35] = https://curl.haxx.se/bug/?i=2067
|
---|
144 | [36] = https://curl.haxx.se/bug/?i=2071
|
---|
145 | [37] = https://curl.haxx.se/mail/lib-2017-11/0032.html
|
---|
146 | [38] = https://curl.haxx.se/bug/?i=2072
|
---|
147 | [39] = https://curl.haxx.se/bug/?i=2079
|
---|
148 | [40] = https://curl.haxx.se/bug/?i=2080
|
---|
149 | [41] = https://curl.haxx.se/bug/?i=2087
|
---|
150 | [42] = https://curl.haxx.se/bug/?i=2096
|
---|
151 | [43] = https://curl.haxx.se/bug/?i=2098
|
---|
152 | [44] = https://curl.haxx.se/bug/?i=2073
|
---|
153 | [45] = https://curl.haxx.se/bug/?i=2106
|
---|
154 | [46] = https://curl.haxx.se/bug/?i=2104
|
---|
155 | [47] = https://curl.haxx.se/docs/adv_2017-11e7.html
|
---|
156 | [48] = https://curl.haxx.se/docs/adv_2017-ae72.html
|
---|
157 | [49] = https://curl.haxx.se/docs/adv_2017-af0a.html
|
---|
158 | [50] = https://curl.haxx.se/bug/?i=2097
|
---|
159 | [51] = https://curl.haxx.se/bug/?i=2056
|
---|
160 | [52] = https://curl.haxx.se/bug/?i=2109
|
---|
161 | [53] = https://curl.haxx.se/bug/?i=2110
|
---|
162 | [54] = https://curl.haxx.se/bug/?i=2111
|
---|
163 | [55] = https://curl.haxx.se/bug/?i=2083
|
---|