| lh | 9ed821d | 2023-04-07 01:36:19 -0700 | [diff] [blame] | 1 | Curl and libcurl 7.54.1 | 
|  | 2 |  | 
|  | 3 | Public curl releases:         166 | 
|  | 4 | Command line options:         207 | 
|  | 5 | curl_easy_setopt() options:   245 | 
|  | 6 | Public functions in libcurl:  61 | 
|  | 7 | Contributors:                 1571 | 
|  | 8 |  | 
|  | 9 | This release includes the following changes: | 
|  | 10 |  | 
|  | 11 | o curl: show the libcurl release date in --version output [32] | 
|  | 12 |  | 
|  | 13 | This release includes the following bugfixes: | 
|  | 14 |  | 
|  | 15 | o CVE-2017-9502: file: URL buffer overflow [65] | 
|  | 16 | o openssl: fix memory leak in servercert | 
|  | 17 | o tests: remove the html and PDF versions from the tarball | 
|  | 18 | o mbedtls: enable NTLM (& SMB) even if MD4 support is unavailable | 
|  | 19 | o typecheck-gcc: handle function pointers properly [1] | 
|  | 20 | o llist: no longer uses malloc [2] | 
|  | 21 | o gnutls: removed some code when --disable-verbose is configured | 
|  | 22 | o lib: fix maybe-uninitialized warnings | 
|  | 23 | o multi: clarify condition in curl_multi_wait [3] | 
|  | 24 | o schannel: Don't treat encrypted partial record as pending data [4] | 
|  | 25 | o configure: fix the -ldl check for openssl, add -lpthread check [5] | 
|  | 26 | o configure: accept -Og and -Ofast GCC flags [6] | 
|  | 27 | o Makefile: avoid use of GNU-specific form of $< [7] | 
|  | 28 | o if2ip: fix -Wcast-align warning | 
|  | 29 | o configure: stop prepending to LDFLAGS, CPPFLAGS [8] | 
|  | 30 | o curl: set a 100K buffer size by default [9] | 
|  | 31 | o typecheck-gcc: fix _curl_is_slist_info [10] | 
|  | 32 | o nss: do not leak PKCS #11 slot while loading a key [11] | 
|  | 33 | o nss: load libnssckbi.so if no other trust is specified [12] | 
|  | 34 | o examples: ftpuploadfrommem.c [13] | 
|  | 35 | o url: declare get_protocol_family() static [14] | 
|  | 36 | o examples/cookie_interface.c: changed to example.com | 
|  | 37 | o test1443: test --remote-time | 
|  | 38 | o curl: use utimes instead of obsolescent utime when available | 
|  | 39 | o url: fixed a memory leak on OOM while setting CURLOPT_BUFFERSIZE | 
|  | 40 | o curl_rtmp: fix missing-variable-declarations warnings | 
|  | 41 | o tests: fixed OOM handling of unit tests to abort test | 
|  | 42 | o curl_setup: Ensure no more than one IDN lib is enabled [15] | 
|  | 43 | o tool: Fix missing prototype warnings for CURL_DOES_CONVERSIONS [16] | 
|  | 44 | o CURLOPT_BUFFERSIZE: 1024 bytes is now the minimum size [17] | 
|  | 45 | o curl: non-boolean command line args reject --no- prefixes [18] | 
|  | 46 | o telnet: Write full buffer instead of byte-by-byte [19] | 
|  | 47 | o typecheck-gcc: add missing string options [20] | 
|  | 48 | o typecheck-gcc: add support for CURLINFO_SOCKET [21] | 
|  | 49 | o opt man pages: they all have examples now | 
|  | 50 | o curl_setup_once: use SEND_QUAL_ARG2 for swrite [22] | 
|  | 51 | o test557: set a known good numeric locale | 
|  | 52 | o schannel: return a more specific error code for SEC_E_UNTRUSTED_ROOT | 
|  | 53 | o tests/server: make string literals const | 
|  | 54 | o runtests: use -R for random order [23] | 
|  | 55 | o unit1305: fix compiler warning | 
|  | 56 | o curl_slist_append.3: clarify a NULL input creates a new list | 
|  | 57 | o tests/server: run checksrc by default in debug-builds | 
|  | 58 | o tests: fix -Wcast-qual warnings | 
|  | 59 | o runtests.pl: simplify the datacheck read section | 
|  | 60 | o curl: remove --environment and tool_writeenv.c [24] | 
|  | 61 | o buildconf: fix hang on IRIX [25] | 
|  | 62 | o tftp: silence bad-function-cast warning | 
|  | 63 | o asyn-thread: fix unused macro warnings | 
|  | 64 | o tool_parsecfg: fix -Wcast-qual warning | 
|  | 65 | o sendrecv: fix MinGW-w64 warning | 
|  | 66 | o test537: use correct variable type [26] | 
|  | 67 | o rand: treat fake entropy the same regardless of endianness [27] | 
|  | 68 | o curl: generate the --help output [28] | 
|  | 69 | o tests: removed redundant --trace-ascii arguments | 
|  | 70 | o multi: assign IDs to all timers and make each timer singleton | 
|  | 71 | o multi: use a fixed array of timers instead of malloc [29] | 
|  | 72 | o mbedtls: Support server renegotiation request [30] | 
|  | 73 | o pipeline: fix mistakenly trying to pipeline POSTs [31] | 
|  | 74 | o lib510: don't write past the end of the buffer if it's too small | 
|  | 75 | o CURLOPT_HTTPPROXYTUNNEL.3: clarify, add example | 
|  | 76 | o SecureTransport/DarwinSSL: Implement public key pinning [33] | 
|  | 77 | o curl.1: clarify --config | 
|  | 78 | o curl_sasl: fix build error with CURL_DISABLE_CRYPTO_AUTH + USE_NTLM [34] | 
|  | 79 | o darwinssl: Fix exception when processing a client-side certificate [35] | 
|  | 80 | o curl.1: mention --oauth2-bearer's <token> argument | 
|  | 81 | o mkhelp.pl: do not add current time into curl binary [36] | 
|  | 82 | o asiohiper.cpp / evhiperfifo.c: deal with negative timerfunction input [37] | 
|  | 83 | o ssh: fix memory leak in disconnect due to timeout [38] | 
|  | 84 | o tests: stabilize test 1034 [39] | 
|  | 85 | o cmake: auto detection of CURL_CA_BUNDLE/CURL_CA_PATH [40] | 
|  | 86 | o assert: avoid, use DEBUGASSERT instead [41] | 
|  | 87 | o LDAP: using ldap_bind_s on Windows with methods [42] | 
|  | 88 | o redirect: store the "would redirect to" URL when max redirs is reached [43] | 
|  | 89 | o winbuild: fix the nghttp2 build [44] | 
|  | 90 | o examples: fix -Wimplicit-fallthrough warnings | 
|  | 91 | o time: fix type conversions and compiler warnings [45] | 
|  | 92 | o mbedtls: fix variable shadow warning | 
|  | 93 | o test557: fix ubsan runtime error due to int left shift [46] | 
|  | 94 | o transfer: init the infilesize from the postfields [47] | 
|  | 95 | o docs: clarify NO_PROXY further [48] | 
|  | 96 | o build-wolfssl: Sync config with wolfSSL 3.11 | 
|  | 97 | o curl-compilers.m4: enable -Wshift-sign-overflow for clang [49] | 
|  | 98 | o example/externalsocket.c: make it use CLOSESOCKETFUNCTION too | 
|  | 99 | o lib574.c: use correct callback proto | 
|  | 100 | o lib583: fix compiler warning | 
|  | 101 | o curl-compilers.m4: fix compiler_num for clang [50] | 
|  | 102 | o typecheck-gcc.h: separate getinfo slist checks from other pointers [51] | 
|  | 103 | o typecheck-gcc.h: check CURLINFO_TLS_SSL_PTR and CURLINFO_TLS_SESSION | 
|  | 104 | o typecheck-gcc.h: check CURLINFO_CERTINFO [52] | 
|  | 105 | o build: provide easy code coverage measuring [53] | 
|  | 106 | o test1537: dedicated tests of the URL (un)escape API calls [54] | 
|  | 107 | o curl_endian: remove unused functions [55] | 
|  | 108 | o test1538: verify the libcurl strerror API calls | 
|  | 109 | o MD(4|5): silence cast-align clang warning | 
|  | 110 | o dedotdot: fixed output for ".." and "." only input [56] | 
|  | 111 | o cyassl: define build macros before including ssl.h [57] | 
|  | 112 | o updatemanpages.pl: error out on too old git version | 
|  | 113 | o curl_sasl: fix unused-variable warning | 
|  | 114 | o x509asn1: fix implicit-fallthrough warning with GCC 7 | 
|  | 115 | o libtest: fix implicit-fallthrough warnings with GCC 7 | 
|  | 116 | o BINDINGS: add Ring binding [58] | 
|  | 117 | o curl_ntlm_core: pass unsigned char to toupper | 
|  | 118 | o test1262: verify ftp download with -z for "if older than this" | 
|  | 119 | o test1521: test all curl_easy_setopt options [59] | 
|  | 120 | o typecheck-gcc: allow CURLOPT_STDERR to be NULL too | 
|  | 121 | o metalink: remove unused printf() argument | 
|  | 122 | o file: make speedcheck use current time for checks [60] | 
|  | 123 | o configure: fix link with librtmp when specifying path [61] | 
|  | 124 | o examples/multi-uv.c: fix deprecated symbol [62] | 
|  | 125 | o cmake: Fix inconsistency regarding mbed TLS include directory [63] | 
|  | 126 | o setopt: check CURLOPT_ADDRESS_SCOPE option range | 
|  | 127 | o gitignore: ignore all vim swap files [64] | 
|  | 128 | o urlglob: fix division by zero | 
|  | 129 | o libressl: OCSP and intermediate certs workaround no longer needed [66] | 
|  | 130 |  | 
|  | 131 | This release includes the following known bugs: | 
|  | 132 |  | 
|  | 133 | o see docs/KNOWN_BUGS (https://curl.haxx.se/docs/knownbugs.html) | 
|  | 134 |  | 
|  | 135 | This release would not have looked like this without help, code, reports and | 
|  | 136 | advice from friends like these: | 
|  | 137 |  | 
|  | 138 | Akhil Kedia, Alan Jenkins, Anatol Belski, Bernhard M. Wiedemann, | 
|  | 139 | Brian Childs, canavan at github, Chris Carlmar, Dan Fandrich, | 
|  | 140 | Daniel Stenberg, Edward Thomson, Gisle Vanem, GwanYeong Kim, | 
|  | 141 | Helmut K. C. Tessarek, Joel Depooter, jonrumsey at github, Kai Engert, | 
|  | 142 | Kamil Dudka, Kevin Ji, Lloyd Fournier, Mahmoud Samir Fayed, Marcel Raad, | 
|  | 143 | Martin Kepplinger, Max Dymond, Michael Kaufmann, Nick Zitzmann, Paul Harris, | 
|  | 144 | Phil Crump, Piotr Dobrogost, Ray Satiro, Richard Hsu, Ron Eldor, | 
|  | 145 | Ryuichi KAWAMATA, Sergei Nikulov, Simon Warta, stootill at github, | 
|  | 146 | Stuart Henderson, TheAssassin at github, Thomas Klausner, Travis Burtrum, | 
|  | 147 | Vincas Razma, wyattoday at github, | 
|  | 148 | (41 contributors) | 
|  | 149 |  | 
|  | 150 | Thanks! (and sorry if I forgot to mention someone) | 
|  | 151 |  | 
|  | 152 | References to bug reports and discussions on issues: | 
|  | 153 |  | 
|  | 154 | [1] = https://curl.haxx.se/bug/?i=1403 | 
|  | 155 | [2] = https://curl.haxx.se/bug/?i=1435 | 
|  | 156 | [3] = https://curl.haxx.se/bug/?i=1439 | 
|  | 157 | [4] = https://curl.haxx.se/bug/?i=1392 | 
|  | 158 | [5] = https://curl.haxx.se/bug/?i=1427 | 
|  | 159 | [6] = https://curl.haxx.se/bug/?i=1440 | 
|  | 160 | [7] = https://curl.haxx.se/bug/?i=1432 | 
|  | 161 | [8] = https://curl.haxx.se/bug/?i=1420 | 
|  | 162 | [9] = https://curl.haxx.se/bug/?i=1446 | 
|  | 163 | [10] = https://curl.haxx.se/bug/?i=1447 | 
|  | 164 | [11] = https://bugzilla.redhat.com/1444860 | 
|  | 165 | [12] = https://curl.haxx.se/bug/?i=1414 | 
|  | 166 | [13] = https://curl.haxx.se/bug/?i=1451 | 
|  | 167 | [14] = https://curl.haxx.se/mail/lib-2017-04/0127.html | 
|  | 168 | [15] = https://github.com/curl/curl/issues/1441#issuecomment-297689856 | 
|  | 169 | [16] = https://curl.haxx.se/bug/?i=1460 | 
|  | 170 | [17] = https://curl.haxx.se/bug/?i=1449 | 
|  | 171 | [18] = https://curl.haxx.se/bug/?i=1453 | 
|  | 172 | [19] = https://curl.haxx.se/bug/?i=1389 | 
|  | 173 | [20] = https://curl.haxx.se/bug/?i=1452 | 
|  | 174 | [21] = https://curl.haxx.se/bug/?i=1452 | 
|  | 175 | [22] = https://curl.haxx.se/bug/?i=1464 | 
|  | 176 | [23] = https://curl.haxx.se/bug/?i=1466 | 
|  | 177 | [24] = https://curl.haxx.se/bug/?i=1463 | 
|  | 178 | [25] = https://curl.haxx.se/bug/?i=1471 | 
|  | 179 | [26] = https://curl.haxx.se/bug/?i=1469 | 
|  | 180 | [27] = https://curl.haxx.se/bug/?i=1315 | 
|  | 181 | [28] = https://curl.haxx.se/bug/?i=1465 | 
|  | 182 | [29] = https://curl.haxx.se/bug/?i=1472 | 
|  | 183 | [30] = https://curl.haxx.se/bug/?i=1475 | 
|  | 184 | [31] = https://curl.haxx.se/bug/?i=1481 | 
|  | 185 | [32] = https://curl.haxx.se/bug/?i=1474 | 
|  | 186 | [33] = https://curl.haxx.se/bug/?i=1400 | 
|  | 187 | [34] = https://curl.haxx.se/bug/?i=1487 | 
|  | 188 | [35] = https://curl.haxx.se/bug/?i=1450 | 
|  | 189 | [36] = https://curl.haxx.se/bug/?i=1490 | 
|  | 190 | [37] = https://curl.haxx.se/bug/?i=1253 | 
|  | 191 | [38] = https://curl.haxx.se/bug/?i=1479 | 
|  | 192 | [39] = https://curl.haxx.se/bug/?i=1488 | 
|  | 193 | [40] = https://curl.haxx.se/bug/?i=1461 | 
|  | 194 | [41] = https://curl.haxx.se/bug/?i=1504 | 
|  | 195 | [42] = https://curl.haxx.se/bug/?i=878 | 
|  | 196 | [43] = https://curl.haxx.se/bug/?i=1489 | 
|  | 197 | [44] = https://curl.haxx.se/bug/?i=1321 | 
|  | 198 | [45] = https://curl.haxx.se/bug/?i=1499 | 
|  | 199 | [46] = https://curl.haxx.se/bug/?i=1516 | 
|  | 200 | [47] = https://curl.haxx.se/bug/?i=1294 | 
|  | 201 | [48] = https://curl.haxx.se/bug/?i=1208 | 
|  | 202 | [49] = https://curl.haxx.se/bug/?i=1516 | 
|  | 203 | [50] = https://curl.haxx.se/bug/?i=1522 | 
|  | 204 | [51] = https://curl.haxx.se/bug/?i=1524 | 
|  | 205 | [52] = https://curl.haxx.se/bug/?i=846 | 
|  | 206 | [53] = https://curl.haxx.se/bug/?i=1528 | 
|  | 207 | [54] = https://curl.haxx.se/bug/?i=1530 | 
|  | 208 | [55] = https://curl.haxx.se/bug/?i=1529 | 
|  | 209 | [56] = https://curl.haxx.se/bug/?i=1532 | 
|  | 210 | [57] = https://curl.haxx.se/bug/?i=1536 | 
|  | 211 | [58] = https://curl.haxx.se/bug/?i=1539 | 
|  | 212 | [59] = https://curl.haxx.se/bug/?i=1543 | 
|  | 213 | [60] = https://curl.haxx.se/bug/?i=1550 | 
|  | 214 | [61] = https://curl.haxx.se/mail/lib-2017-06/0017.html | 
|  | 215 | [62] = https://curl.haxx.se/bug/?i=1557 | 
|  | 216 | [63] = https://curl.haxx.se/bug/?i=1541 | 
|  | 217 | [64] = https://curl.haxx.se/bug/?i=1561 | 
|  | 218 | [65] = https://curl.haxx.se/docs/adv_20170614.html | 
|  | 219 | [66] = https://curl.haxx.se/mail/lib-2017-06/0038.html |