lh | 9ed821d | 2023-04-07 01:36:19 -0700 | [diff] [blame] | 1 | Curl and libcurl 7.54.1 |
| 2 | |
| 3 | Public curl releases: 166 |
| 4 | Command line options: 207 |
| 5 | curl_easy_setopt() options: 245 |
| 6 | Public functions in libcurl: 61 |
| 7 | Contributors: 1571 |
| 8 | |
| 9 | This release includes the following changes: |
| 10 | |
| 11 | o curl: show the libcurl release date in --version output [32] |
| 12 | |
| 13 | This release includes the following bugfixes: |
| 14 | |
| 15 | o CVE-2017-9502: file: URL buffer overflow [65] |
| 16 | o openssl: fix memory leak in servercert |
| 17 | o tests: remove the html and PDF versions from the tarball |
| 18 | o mbedtls: enable NTLM (& SMB) even if MD4 support is unavailable |
| 19 | o typecheck-gcc: handle function pointers properly [1] |
| 20 | o llist: no longer uses malloc [2] |
| 21 | o gnutls: removed some code when --disable-verbose is configured |
| 22 | o lib: fix maybe-uninitialized warnings |
| 23 | o multi: clarify condition in curl_multi_wait [3] |
| 24 | o schannel: Don't treat encrypted partial record as pending data [4] |
| 25 | o configure: fix the -ldl check for openssl, add -lpthread check [5] |
| 26 | o configure: accept -Og and -Ofast GCC flags [6] |
| 27 | o Makefile: avoid use of GNU-specific form of $< [7] |
| 28 | o if2ip: fix -Wcast-align warning |
| 29 | o configure: stop prepending to LDFLAGS, CPPFLAGS [8] |
| 30 | o curl: set a 100K buffer size by default [9] |
| 31 | o typecheck-gcc: fix _curl_is_slist_info [10] |
| 32 | o nss: do not leak PKCS #11 slot while loading a key [11] |
| 33 | o nss: load libnssckbi.so if no other trust is specified [12] |
| 34 | o examples: ftpuploadfrommem.c [13] |
| 35 | o url: declare get_protocol_family() static [14] |
| 36 | o examples/cookie_interface.c: changed to example.com |
| 37 | o test1443: test --remote-time |
| 38 | o curl: use utimes instead of obsolescent utime when available |
| 39 | o url: fixed a memory leak on OOM while setting CURLOPT_BUFFERSIZE |
| 40 | o curl_rtmp: fix missing-variable-declarations warnings |
| 41 | o tests: fixed OOM handling of unit tests to abort test |
| 42 | o curl_setup: Ensure no more than one IDN lib is enabled [15] |
| 43 | o tool: Fix missing prototype warnings for CURL_DOES_CONVERSIONS [16] |
| 44 | o CURLOPT_BUFFERSIZE: 1024 bytes is now the minimum size [17] |
| 45 | o curl: non-boolean command line args reject --no- prefixes [18] |
| 46 | o telnet: Write full buffer instead of byte-by-byte [19] |
| 47 | o typecheck-gcc: add missing string options [20] |
| 48 | o typecheck-gcc: add support for CURLINFO_SOCKET [21] |
| 49 | o opt man pages: they all have examples now |
| 50 | o curl_setup_once: use SEND_QUAL_ARG2 for swrite [22] |
| 51 | o test557: set a known good numeric locale |
| 52 | o schannel: return a more specific error code for SEC_E_UNTRUSTED_ROOT |
| 53 | o tests/server: make string literals const |
| 54 | o runtests: use -R for random order [23] |
| 55 | o unit1305: fix compiler warning |
| 56 | o curl_slist_append.3: clarify a NULL input creates a new list |
| 57 | o tests/server: run checksrc by default in debug-builds |
| 58 | o tests: fix -Wcast-qual warnings |
| 59 | o runtests.pl: simplify the datacheck read section |
| 60 | o curl: remove --environment and tool_writeenv.c [24] |
| 61 | o buildconf: fix hang on IRIX [25] |
| 62 | o tftp: silence bad-function-cast warning |
| 63 | o asyn-thread: fix unused macro warnings |
| 64 | o tool_parsecfg: fix -Wcast-qual warning |
| 65 | o sendrecv: fix MinGW-w64 warning |
| 66 | o test537: use correct variable type [26] |
| 67 | o rand: treat fake entropy the same regardless of endianness [27] |
| 68 | o curl: generate the --help output [28] |
| 69 | o tests: removed redundant --trace-ascii arguments |
| 70 | o multi: assign IDs to all timers and make each timer singleton |
| 71 | o multi: use a fixed array of timers instead of malloc [29] |
| 72 | o mbedtls: Support server renegotiation request [30] |
| 73 | o pipeline: fix mistakenly trying to pipeline POSTs [31] |
| 74 | o lib510: don't write past the end of the buffer if it's too small |
| 75 | o CURLOPT_HTTPPROXYTUNNEL.3: clarify, add example |
| 76 | o SecureTransport/DarwinSSL: Implement public key pinning [33] |
| 77 | o curl.1: clarify --config |
| 78 | o curl_sasl: fix build error with CURL_DISABLE_CRYPTO_AUTH + USE_NTLM [34] |
| 79 | o darwinssl: Fix exception when processing a client-side certificate [35] |
| 80 | o curl.1: mention --oauth2-bearer's <token> argument |
| 81 | o mkhelp.pl: do not add current time into curl binary [36] |
| 82 | o asiohiper.cpp / evhiperfifo.c: deal with negative timerfunction input [37] |
| 83 | o ssh: fix memory leak in disconnect due to timeout [38] |
| 84 | o tests: stabilize test 1034 [39] |
| 85 | o cmake: auto detection of CURL_CA_BUNDLE/CURL_CA_PATH [40] |
| 86 | o assert: avoid, use DEBUGASSERT instead [41] |
| 87 | o LDAP: using ldap_bind_s on Windows with methods [42] |
| 88 | o redirect: store the "would redirect to" URL when max redirs is reached [43] |
| 89 | o winbuild: fix the nghttp2 build [44] |
| 90 | o examples: fix -Wimplicit-fallthrough warnings |
| 91 | o time: fix type conversions and compiler warnings [45] |
| 92 | o mbedtls: fix variable shadow warning |
| 93 | o test557: fix ubsan runtime error due to int left shift [46] |
| 94 | o transfer: init the infilesize from the postfields [47] |
| 95 | o docs: clarify NO_PROXY further [48] |
| 96 | o build-wolfssl: Sync config with wolfSSL 3.11 |
| 97 | o curl-compilers.m4: enable -Wshift-sign-overflow for clang [49] |
| 98 | o example/externalsocket.c: make it use CLOSESOCKETFUNCTION too |
| 99 | o lib574.c: use correct callback proto |
| 100 | o lib583: fix compiler warning |
| 101 | o curl-compilers.m4: fix compiler_num for clang [50] |
| 102 | o typecheck-gcc.h: separate getinfo slist checks from other pointers [51] |
| 103 | o typecheck-gcc.h: check CURLINFO_TLS_SSL_PTR and CURLINFO_TLS_SESSION |
| 104 | o typecheck-gcc.h: check CURLINFO_CERTINFO [52] |
| 105 | o build: provide easy code coverage measuring [53] |
| 106 | o test1537: dedicated tests of the URL (un)escape API calls [54] |
| 107 | o curl_endian: remove unused functions [55] |
| 108 | o test1538: verify the libcurl strerror API calls |
| 109 | o MD(4|5): silence cast-align clang warning |
| 110 | o dedotdot: fixed output for ".." and "." only input [56] |
| 111 | o cyassl: define build macros before including ssl.h [57] |
| 112 | o updatemanpages.pl: error out on too old git version |
| 113 | o curl_sasl: fix unused-variable warning |
| 114 | o x509asn1: fix implicit-fallthrough warning with GCC 7 |
| 115 | o libtest: fix implicit-fallthrough warnings with GCC 7 |
| 116 | o BINDINGS: add Ring binding [58] |
| 117 | o curl_ntlm_core: pass unsigned char to toupper |
| 118 | o test1262: verify ftp download with -z for "if older than this" |
| 119 | o test1521: test all curl_easy_setopt options [59] |
| 120 | o typecheck-gcc: allow CURLOPT_STDERR to be NULL too |
| 121 | o metalink: remove unused printf() argument |
| 122 | o file: make speedcheck use current time for checks [60] |
| 123 | o configure: fix link with librtmp when specifying path [61] |
| 124 | o examples/multi-uv.c: fix deprecated symbol [62] |
| 125 | o cmake: Fix inconsistency regarding mbed TLS include directory [63] |
| 126 | o setopt: check CURLOPT_ADDRESS_SCOPE option range |
| 127 | o gitignore: ignore all vim swap files [64] |
| 128 | o urlglob: fix division by zero |
| 129 | o libressl: OCSP and intermediate certs workaround no longer needed [66] |
| 130 | |
| 131 | This release includes the following known bugs: |
| 132 | |
| 133 | o see docs/KNOWN_BUGS (https://curl.haxx.se/docs/knownbugs.html) |
| 134 | |
| 135 | This release would not have looked like this without help, code, reports and |
| 136 | advice from friends like these: |
| 137 | |
| 138 | Akhil Kedia, Alan Jenkins, Anatol Belski, Bernhard M. Wiedemann, |
| 139 | Brian Childs, canavan at github, Chris Carlmar, Dan Fandrich, |
| 140 | Daniel Stenberg, Edward Thomson, Gisle Vanem, GwanYeong Kim, |
| 141 | Helmut K. C. Tessarek, Joel Depooter, jonrumsey at github, Kai Engert, |
| 142 | Kamil Dudka, Kevin Ji, Lloyd Fournier, Mahmoud Samir Fayed, Marcel Raad, |
| 143 | Martin Kepplinger, Max Dymond, Michael Kaufmann, Nick Zitzmann, Paul Harris, |
| 144 | Phil Crump, Piotr Dobrogost, Ray Satiro, Richard Hsu, Ron Eldor, |
| 145 | Ryuichi KAWAMATA, Sergei Nikulov, Simon Warta, stootill at github, |
| 146 | Stuart Henderson, TheAssassin at github, Thomas Klausner, Travis Burtrum, |
| 147 | Vincas Razma, wyattoday at github, |
| 148 | (41 contributors) |
| 149 | |
| 150 | Thanks! (and sorry if I forgot to mention someone) |
| 151 | |
| 152 | References to bug reports and discussions on issues: |
| 153 | |
| 154 | [1] = https://curl.haxx.se/bug/?i=1403 |
| 155 | [2] = https://curl.haxx.se/bug/?i=1435 |
| 156 | [3] = https://curl.haxx.se/bug/?i=1439 |
| 157 | [4] = https://curl.haxx.se/bug/?i=1392 |
| 158 | [5] = https://curl.haxx.se/bug/?i=1427 |
| 159 | [6] = https://curl.haxx.se/bug/?i=1440 |
| 160 | [7] = https://curl.haxx.se/bug/?i=1432 |
| 161 | [8] = https://curl.haxx.se/bug/?i=1420 |
| 162 | [9] = https://curl.haxx.se/bug/?i=1446 |
| 163 | [10] = https://curl.haxx.se/bug/?i=1447 |
| 164 | [11] = https://bugzilla.redhat.com/1444860 |
| 165 | [12] = https://curl.haxx.se/bug/?i=1414 |
| 166 | [13] = https://curl.haxx.se/bug/?i=1451 |
| 167 | [14] = https://curl.haxx.se/mail/lib-2017-04/0127.html |
| 168 | [15] = https://github.com/curl/curl/issues/1441#issuecomment-297689856 |
| 169 | [16] = https://curl.haxx.se/bug/?i=1460 |
| 170 | [17] = https://curl.haxx.se/bug/?i=1449 |
| 171 | [18] = https://curl.haxx.se/bug/?i=1453 |
| 172 | [19] = https://curl.haxx.se/bug/?i=1389 |
| 173 | [20] = https://curl.haxx.se/bug/?i=1452 |
| 174 | [21] = https://curl.haxx.se/bug/?i=1452 |
| 175 | [22] = https://curl.haxx.se/bug/?i=1464 |
| 176 | [23] = https://curl.haxx.se/bug/?i=1466 |
| 177 | [24] = https://curl.haxx.se/bug/?i=1463 |
| 178 | [25] = https://curl.haxx.se/bug/?i=1471 |
| 179 | [26] = https://curl.haxx.se/bug/?i=1469 |
| 180 | [27] = https://curl.haxx.se/bug/?i=1315 |
| 181 | [28] = https://curl.haxx.se/bug/?i=1465 |
| 182 | [29] = https://curl.haxx.se/bug/?i=1472 |
| 183 | [30] = https://curl.haxx.se/bug/?i=1475 |
| 184 | [31] = https://curl.haxx.se/bug/?i=1481 |
| 185 | [32] = https://curl.haxx.se/bug/?i=1474 |
| 186 | [33] = https://curl.haxx.se/bug/?i=1400 |
| 187 | [34] = https://curl.haxx.se/bug/?i=1487 |
| 188 | [35] = https://curl.haxx.se/bug/?i=1450 |
| 189 | [36] = https://curl.haxx.se/bug/?i=1490 |
| 190 | [37] = https://curl.haxx.se/bug/?i=1253 |
| 191 | [38] = https://curl.haxx.se/bug/?i=1479 |
| 192 | [39] = https://curl.haxx.se/bug/?i=1488 |
| 193 | [40] = https://curl.haxx.se/bug/?i=1461 |
| 194 | [41] = https://curl.haxx.se/bug/?i=1504 |
| 195 | [42] = https://curl.haxx.se/bug/?i=878 |
| 196 | [43] = https://curl.haxx.se/bug/?i=1489 |
| 197 | [44] = https://curl.haxx.se/bug/?i=1321 |
| 198 | [45] = https://curl.haxx.se/bug/?i=1499 |
| 199 | [46] = https://curl.haxx.se/bug/?i=1516 |
| 200 | [47] = https://curl.haxx.se/bug/?i=1294 |
| 201 | [48] = https://curl.haxx.se/bug/?i=1208 |
| 202 | [49] = https://curl.haxx.se/bug/?i=1516 |
| 203 | [50] = https://curl.haxx.se/bug/?i=1522 |
| 204 | [51] = https://curl.haxx.se/bug/?i=1524 |
| 205 | [52] = https://curl.haxx.se/bug/?i=846 |
| 206 | [53] = https://curl.haxx.se/bug/?i=1528 |
| 207 | [54] = https://curl.haxx.se/bug/?i=1530 |
| 208 | [55] = https://curl.haxx.se/bug/?i=1529 |
| 209 | [56] = https://curl.haxx.se/bug/?i=1532 |
| 210 | [57] = https://curl.haxx.se/bug/?i=1536 |
| 211 | [58] = https://curl.haxx.se/bug/?i=1539 |
| 212 | [59] = https://curl.haxx.se/bug/?i=1543 |
| 213 | [60] = https://curl.haxx.se/bug/?i=1550 |
| 214 | [61] = https://curl.haxx.se/mail/lib-2017-06/0017.html |
| 215 | [62] = https://curl.haxx.se/bug/?i=1557 |
| 216 | [63] = https://curl.haxx.se/bug/?i=1541 |
| 217 | [64] = https://curl.haxx.se/bug/?i=1561 |
| 218 | [65] = https://curl.haxx.se/docs/adv_20170614.html |
| 219 | [66] = https://curl.haxx.se/mail/lib-2017-06/0038.html |