blob: 532a203042aaa5d8ddf4a6d9ca7bca47159f78ce [file] [log] [blame]
lh9ed821d2023-04-07 01:36:19 -07001Curl and libcurl 7.54.1
2
3 Public curl releases: 166
4 Command line options: 207
5 curl_easy_setopt() options: 245
6 Public functions in libcurl: 61
7 Contributors: 1571
8
9This release includes the following changes:
10
11 o curl: show the libcurl release date in --version output [32]
12
13This release includes the following bugfixes:
14
15 o CVE-2017-9502: file: URL buffer overflow [65]
16 o openssl: fix memory leak in servercert
17 o tests: remove the html and PDF versions from the tarball
18 o mbedtls: enable NTLM (& SMB) even if MD4 support is unavailable
19 o typecheck-gcc: handle function pointers properly [1]
20 o llist: no longer uses malloc [2]
21 o gnutls: removed some code when --disable-verbose is configured
22 o lib: fix maybe-uninitialized warnings
23 o multi: clarify condition in curl_multi_wait [3]
24 o schannel: Don't treat encrypted partial record as pending data [4]
25 o configure: fix the -ldl check for openssl, add -lpthread check [5]
26 o configure: accept -Og and -Ofast GCC flags [6]
27 o Makefile: avoid use of GNU-specific form of $< [7]
28 o if2ip: fix -Wcast-align warning
29 o configure: stop prepending to LDFLAGS, CPPFLAGS [8]
30 o curl: set a 100K buffer size by default [9]
31 o typecheck-gcc: fix _curl_is_slist_info [10]
32 o nss: do not leak PKCS #11 slot while loading a key [11]
33 o nss: load libnssckbi.so if no other trust is specified [12]
34 o examples: ftpuploadfrommem.c [13]
35 o url: declare get_protocol_family() static [14]
36 o examples/cookie_interface.c: changed to example.com
37 o test1443: test --remote-time
38 o curl: use utimes instead of obsolescent utime when available
39 o url: fixed a memory leak on OOM while setting CURLOPT_BUFFERSIZE
40 o curl_rtmp: fix missing-variable-declarations warnings
41 o tests: fixed OOM handling of unit tests to abort test
42 o curl_setup: Ensure no more than one IDN lib is enabled [15]
43 o tool: Fix missing prototype warnings for CURL_DOES_CONVERSIONS [16]
44 o CURLOPT_BUFFERSIZE: 1024 bytes is now the minimum size [17]
45 o curl: non-boolean command line args reject --no- prefixes [18]
46 o telnet: Write full buffer instead of byte-by-byte [19]
47 o typecheck-gcc: add missing string options [20]
48 o typecheck-gcc: add support for CURLINFO_SOCKET [21]
49 o opt man pages: they all have examples now
50 o curl_setup_once: use SEND_QUAL_ARG2 for swrite [22]
51 o test557: set a known good numeric locale
52 o schannel: return a more specific error code for SEC_E_UNTRUSTED_ROOT
53 o tests/server: make string literals const
54 o runtests: use -R for random order [23]
55 o unit1305: fix compiler warning
56 o curl_slist_append.3: clarify a NULL input creates a new list
57 o tests/server: run checksrc by default in debug-builds
58 o tests: fix -Wcast-qual warnings
59 o runtests.pl: simplify the datacheck read section
60 o curl: remove --environment and tool_writeenv.c [24]
61 o buildconf: fix hang on IRIX [25]
62 o tftp: silence bad-function-cast warning
63 o asyn-thread: fix unused macro warnings
64 o tool_parsecfg: fix -Wcast-qual warning
65 o sendrecv: fix MinGW-w64 warning
66 o test537: use correct variable type [26]
67 o rand: treat fake entropy the same regardless of endianness [27]
68 o curl: generate the --help output [28]
69 o tests: removed redundant --trace-ascii arguments
70 o multi: assign IDs to all timers and make each timer singleton
71 o multi: use a fixed array of timers instead of malloc [29]
72 o mbedtls: Support server renegotiation request [30]
73 o pipeline: fix mistakenly trying to pipeline POSTs [31]
74 o lib510: don't write past the end of the buffer if it's too small
75 o CURLOPT_HTTPPROXYTUNNEL.3: clarify, add example
76 o SecureTransport/DarwinSSL: Implement public key pinning [33]
77 o curl.1: clarify --config
78 o curl_sasl: fix build error with CURL_DISABLE_CRYPTO_AUTH + USE_NTLM [34]
79 o darwinssl: Fix exception when processing a client-side certificate [35]
80 o curl.1: mention --oauth2-bearer's <token> argument
81 o mkhelp.pl: do not add current time into curl binary [36]
82 o asiohiper.cpp / evhiperfifo.c: deal with negative timerfunction input [37]
83 o ssh: fix memory leak in disconnect due to timeout [38]
84 o tests: stabilize test 1034 [39]
85 o cmake: auto detection of CURL_CA_BUNDLE/CURL_CA_PATH [40]
86 o assert: avoid, use DEBUGASSERT instead [41]
87 o LDAP: using ldap_bind_s on Windows with methods [42]
88 o redirect: store the "would redirect to" URL when max redirs is reached [43]
89 o winbuild: fix the nghttp2 build [44]
90 o examples: fix -Wimplicit-fallthrough warnings
91 o time: fix type conversions and compiler warnings [45]
92 o mbedtls: fix variable shadow warning
93 o test557: fix ubsan runtime error due to int left shift [46]
94 o transfer: init the infilesize from the postfields [47]
95 o docs: clarify NO_PROXY further [48]
96 o build-wolfssl: Sync config with wolfSSL 3.11
97 o curl-compilers.m4: enable -Wshift-sign-overflow for clang [49]
98 o example/externalsocket.c: make it use CLOSESOCKETFUNCTION too
99 o lib574.c: use correct callback proto
100 o lib583: fix compiler warning
101 o curl-compilers.m4: fix compiler_num for clang [50]
102 o typecheck-gcc.h: separate getinfo slist checks from other pointers [51]
103 o typecheck-gcc.h: check CURLINFO_TLS_SSL_PTR and CURLINFO_TLS_SESSION
104 o typecheck-gcc.h: check CURLINFO_CERTINFO [52]
105 o build: provide easy code coverage measuring [53]
106 o test1537: dedicated tests of the URL (un)escape API calls [54]
107 o curl_endian: remove unused functions [55]
108 o test1538: verify the libcurl strerror API calls
109 o MD(4|5): silence cast-align clang warning
110 o dedotdot: fixed output for ".." and "." only input [56]
111 o cyassl: define build macros before including ssl.h [57]
112 o updatemanpages.pl: error out on too old git version
113 o curl_sasl: fix unused-variable warning
114 o x509asn1: fix implicit-fallthrough warning with GCC 7
115 o libtest: fix implicit-fallthrough warnings with GCC 7
116 o BINDINGS: add Ring binding [58]
117 o curl_ntlm_core: pass unsigned char to toupper
118 o test1262: verify ftp download with -z for "if older than this"
119 o test1521: test all curl_easy_setopt options [59]
120 o typecheck-gcc: allow CURLOPT_STDERR to be NULL too
121 o metalink: remove unused printf() argument
122 o file: make speedcheck use current time for checks [60]
123 o configure: fix link with librtmp when specifying path [61]
124 o examples/multi-uv.c: fix deprecated symbol [62]
125 o cmake: Fix inconsistency regarding mbed TLS include directory [63]
126 o setopt: check CURLOPT_ADDRESS_SCOPE option range
127 o gitignore: ignore all vim swap files [64]
128 o urlglob: fix division by zero
129 o libressl: OCSP and intermediate certs workaround no longer needed [66]
130
131This release includes the following known bugs:
132
133 o see docs/KNOWN_BUGS (https://curl.haxx.se/docs/knownbugs.html)
134
135This release would not have looked like this without help, code, reports and
136advice from friends like these:
137
138 Akhil Kedia, Alan Jenkins, Anatol Belski, Bernhard M. Wiedemann,
139 Brian Childs, canavan at github, Chris Carlmar, Dan Fandrich,
140 Daniel Stenberg, Edward Thomson, Gisle Vanem, GwanYeong Kim,
141 Helmut K. C. Tessarek, Joel Depooter, jonrumsey at github, Kai Engert,
142 Kamil Dudka, Kevin Ji, Lloyd Fournier, Mahmoud Samir Fayed, Marcel Raad,
143 Martin Kepplinger, Max Dymond, Michael Kaufmann, Nick Zitzmann, Paul Harris,
144 Phil Crump, Piotr Dobrogost, Ray Satiro, Richard Hsu, Ron Eldor,
145 Ryuichi KAWAMATA, Sergei Nikulov, Simon Warta, stootill at github,
146 Stuart Henderson, TheAssassin at github, Thomas Klausner, Travis Burtrum,
147 Vincas Razma, wyattoday at github,
148 (41 contributors)
149
150 Thanks! (and sorry if I forgot to mention someone)
151
152References to bug reports and discussions on issues:
153
154 [1] = https://curl.haxx.se/bug/?i=1403
155 [2] = https://curl.haxx.se/bug/?i=1435
156 [3] = https://curl.haxx.se/bug/?i=1439
157 [4] = https://curl.haxx.se/bug/?i=1392
158 [5] = https://curl.haxx.se/bug/?i=1427
159 [6] = https://curl.haxx.se/bug/?i=1440
160 [7] = https://curl.haxx.se/bug/?i=1432
161 [8] = https://curl.haxx.se/bug/?i=1420
162 [9] = https://curl.haxx.se/bug/?i=1446
163 [10] = https://curl.haxx.se/bug/?i=1447
164 [11] = https://bugzilla.redhat.com/1444860
165 [12] = https://curl.haxx.se/bug/?i=1414
166 [13] = https://curl.haxx.se/bug/?i=1451
167 [14] = https://curl.haxx.se/mail/lib-2017-04/0127.html
168 [15] = https://github.com/curl/curl/issues/1441#issuecomment-297689856
169 [16] = https://curl.haxx.se/bug/?i=1460
170 [17] = https://curl.haxx.se/bug/?i=1449
171 [18] = https://curl.haxx.se/bug/?i=1453
172 [19] = https://curl.haxx.se/bug/?i=1389
173 [20] = https://curl.haxx.se/bug/?i=1452
174 [21] = https://curl.haxx.se/bug/?i=1452
175 [22] = https://curl.haxx.se/bug/?i=1464
176 [23] = https://curl.haxx.se/bug/?i=1466
177 [24] = https://curl.haxx.se/bug/?i=1463
178 [25] = https://curl.haxx.se/bug/?i=1471
179 [26] = https://curl.haxx.se/bug/?i=1469
180 [27] = https://curl.haxx.se/bug/?i=1315
181 [28] = https://curl.haxx.se/bug/?i=1465
182 [29] = https://curl.haxx.se/bug/?i=1472
183 [30] = https://curl.haxx.se/bug/?i=1475
184 [31] = https://curl.haxx.se/bug/?i=1481
185 [32] = https://curl.haxx.se/bug/?i=1474
186 [33] = https://curl.haxx.se/bug/?i=1400
187 [34] = https://curl.haxx.se/bug/?i=1487
188 [35] = https://curl.haxx.se/bug/?i=1450
189 [36] = https://curl.haxx.se/bug/?i=1490
190 [37] = https://curl.haxx.se/bug/?i=1253
191 [38] = https://curl.haxx.se/bug/?i=1479
192 [39] = https://curl.haxx.se/bug/?i=1488
193 [40] = https://curl.haxx.se/bug/?i=1461
194 [41] = https://curl.haxx.se/bug/?i=1504
195 [42] = https://curl.haxx.se/bug/?i=878
196 [43] = https://curl.haxx.se/bug/?i=1489
197 [44] = https://curl.haxx.se/bug/?i=1321
198 [45] = https://curl.haxx.se/bug/?i=1499
199 [46] = https://curl.haxx.se/bug/?i=1516
200 [47] = https://curl.haxx.se/bug/?i=1294
201 [48] = https://curl.haxx.se/bug/?i=1208
202 [49] = https://curl.haxx.se/bug/?i=1516
203 [50] = https://curl.haxx.se/bug/?i=1522
204 [51] = https://curl.haxx.se/bug/?i=1524
205 [52] = https://curl.haxx.se/bug/?i=846
206 [53] = https://curl.haxx.se/bug/?i=1528
207 [54] = https://curl.haxx.se/bug/?i=1530
208 [55] = https://curl.haxx.se/bug/?i=1529
209 [56] = https://curl.haxx.se/bug/?i=1532
210 [57] = https://curl.haxx.se/bug/?i=1536
211 [58] = https://curl.haxx.se/bug/?i=1539
212 [59] = https://curl.haxx.se/bug/?i=1543
213 [60] = https://curl.haxx.se/bug/?i=1550
214 [61] = https://curl.haxx.se/mail/lib-2017-06/0017.html
215 [62] = https://curl.haxx.se/bug/?i=1557
216 [63] = https://curl.haxx.se/bug/?i=1541
217 [64] = https://curl.haxx.se/bug/?i=1561
218 [65] = https://curl.haxx.se/docs/adv_20170614.html
219 [66] = https://curl.haxx.se/mail/lib-2017-06/0038.html