| Curl and libcurl 7.54.1 |
| |
| Public curl releases: 166 |
| Command line options: 207 |
| curl_easy_setopt() options: 245 |
| Public functions in libcurl: 61 |
| Contributors: 1571 |
| |
| This release includes the following changes: |
| |
| o curl: show the libcurl release date in --version output [32] |
| |
| This release includes the following bugfixes: |
| |
| o CVE-2017-9502: file: URL buffer overflow [65] |
| o openssl: fix memory leak in servercert |
| o tests: remove the html and PDF versions from the tarball |
| o mbedtls: enable NTLM (& SMB) even if MD4 support is unavailable |
| o typecheck-gcc: handle function pointers properly [1] |
| o llist: no longer uses malloc [2] |
| o gnutls: removed some code when --disable-verbose is configured |
| o lib: fix maybe-uninitialized warnings |
| o multi: clarify condition in curl_multi_wait [3] |
| o schannel: Don't treat encrypted partial record as pending data [4] |
| o configure: fix the -ldl check for openssl, add -lpthread check [5] |
| o configure: accept -Og and -Ofast GCC flags [6] |
| o Makefile: avoid use of GNU-specific form of $< [7] |
| o if2ip: fix -Wcast-align warning |
| o configure: stop prepending to LDFLAGS, CPPFLAGS [8] |
| o curl: set a 100K buffer size by default [9] |
| o typecheck-gcc: fix _curl_is_slist_info [10] |
| o nss: do not leak PKCS #11 slot while loading a key [11] |
| o nss: load libnssckbi.so if no other trust is specified [12] |
| o examples: ftpuploadfrommem.c [13] |
| o url: declare get_protocol_family() static [14] |
| o examples/cookie_interface.c: changed to example.com |
| o test1443: test --remote-time |
| o curl: use utimes instead of obsolescent utime when available |
| o url: fixed a memory leak on OOM while setting CURLOPT_BUFFERSIZE |
| o curl_rtmp: fix missing-variable-declarations warnings |
| o tests: fixed OOM handling of unit tests to abort test |
| o curl_setup: Ensure no more than one IDN lib is enabled [15] |
| o tool: Fix missing prototype warnings for CURL_DOES_CONVERSIONS [16] |
| o CURLOPT_BUFFERSIZE: 1024 bytes is now the minimum size [17] |
| o curl: non-boolean command line args reject --no- prefixes [18] |
| o telnet: Write full buffer instead of byte-by-byte [19] |
| o typecheck-gcc: add missing string options [20] |
| o typecheck-gcc: add support for CURLINFO_SOCKET [21] |
| o opt man pages: they all have examples now |
| o curl_setup_once: use SEND_QUAL_ARG2 for swrite [22] |
| o test557: set a known good numeric locale |
| o schannel: return a more specific error code for SEC_E_UNTRUSTED_ROOT |
| o tests/server: make string literals const |
| o runtests: use -R for random order [23] |
| o unit1305: fix compiler warning |
| o curl_slist_append.3: clarify a NULL input creates a new list |
| o tests/server: run checksrc by default in debug-builds |
| o tests: fix -Wcast-qual warnings |
| o runtests.pl: simplify the datacheck read section |
| o curl: remove --environment and tool_writeenv.c [24] |
| o buildconf: fix hang on IRIX [25] |
| o tftp: silence bad-function-cast warning |
| o asyn-thread: fix unused macro warnings |
| o tool_parsecfg: fix -Wcast-qual warning |
| o sendrecv: fix MinGW-w64 warning |
| o test537: use correct variable type [26] |
| o rand: treat fake entropy the same regardless of endianness [27] |
| o curl: generate the --help output [28] |
| o tests: removed redundant --trace-ascii arguments |
| o multi: assign IDs to all timers and make each timer singleton |
| o multi: use a fixed array of timers instead of malloc [29] |
| o mbedtls: Support server renegotiation request [30] |
| o pipeline: fix mistakenly trying to pipeline POSTs [31] |
| o lib510: don't write past the end of the buffer if it's too small |
| o CURLOPT_HTTPPROXYTUNNEL.3: clarify, add example |
| o SecureTransport/DarwinSSL: Implement public key pinning [33] |
| o curl.1: clarify --config |
| o curl_sasl: fix build error with CURL_DISABLE_CRYPTO_AUTH + USE_NTLM [34] |
| o darwinssl: Fix exception when processing a client-side certificate [35] |
| o curl.1: mention --oauth2-bearer's <token> argument |
| o mkhelp.pl: do not add current time into curl binary [36] |
| o asiohiper.cpp / evhiperfifo.c: deal with negative timerfunction input [37] |
| o ssh: fix memory leak in disconnect due to timeout [38] |
| o tests: stabilize test 1034 [39] |
| o cmake: auto detection of CURL_CA_BUNDLE/CURL_CA_PATH [40] |
| o assert: avoid, use DEBUGASSERT instead [41] |
| o LDAP: using ldap_bind_s on Windows with methods [42] |
| o redirect: store the "would redirect to" URL when max redirs is reached [43] |
| o winbuild: fix the nghttp2 build [44] |
| o examples: fix -Wimplicit-fallthrough warnings |
| o time: fix type conversions and compiler warnings [45] |
| o mbedtls: fix variable shadow warning |
| o test557: fix ubsan runtime error due to int left shift [46] |
| o transfer: init the infilesize from the postfields [47] |
| o docs: clarify NO_PROXY further [48] |
| o build-wolfssl: Sync config with wolfSSL 3.11 |
| o curl-compilers.m4: enable -Wshift-sign-overflow for clang [49] |
| o example/externalsocket.c: make it use CLOSESOCKETFUNCTION too |
| o lib574.c: use correct callback proto |
| o lib583: fix compiler warning |
| o curl-compilers.m4: fix compiler_num for clang [50] |
| o typecheck-gcc.h: separate getinfo slist checks from other pointers [51] |
| o typecheck-gcc.h: check CURLINFO_TLS_SSL_PTR and CURLINFO_TLS_SESSION |
| o typecheck-gcc.h: check CURLINFO_CERTINFO [52] |
| o build: provide easy code coverage measuring [53] |
| o test1537: dedicated tests of the URL (un)escape API calls [54] |
| o curl_endian: remove unused functions [55] |
| o test1538: verify the libcurl strerror API calls |
| o MD(4|5): silence cast-align clang warning |
| o dedotdot: fixed output for ".." and "." only input [56] |
| o cyassl: define build macros before including ssl.h [57] |
| o updatemanpages.pl: error out on too old git version |
| o curl_sasl: fix unused-variable warning |
| o x509asn1: fix implicit-fallthrough warning with GCC 7 |
| o libtest: fix implicit-fallthrough warnings with GCC 7 |
| o BINDINGS: add Ring binding [58] |
| o curl_ntlm_core: pass unsigned char to toupper |
| o test1262: verify ftp download with -z for "if older than this" |
| o test1521: test all curl_easy_setopt options [59] |
| o typecheck-gcc: allow CURLOPT_STDERR to be NULL too |
| o metalink: remove unused printf() argument |
| o file: make speedcheck use current time for checks [60] |
| o configure: fix link with librtmp when specifying path [61] |
| o examples/multi-uv.c: fix deprecated symbol [62] |
| o cmake: Fix inconsistency regarding mbed TLS include directory [63] |
| o setopt: check CURLOPT_ADDRESS_SCOPE option range |
| o gitignore: ignore all vim swap files [64] |
| o urlglob: fix division by zero |
| o libressl: OCSP and intermediate certs workaround no longer needed [66] |
| |
| This release includes the following known bugs: |
| |
| o see docs/KNOWN_BUGS (https://curl.haxx.se/docs/knownbugs.html) |
| |
| This release would not have looked like this without help, code, reports and |
| advice from friends like these: |
| |
| Akhil Kedia, Alan Jenkins, Anatol Belski, Bernhard M. Wiedemann, |
| Brian Childs, canavan at github, Chris Carlmar, Dan Fandrich, |
| Daniel Stenberg, Edward Thomson, Gisle Vanem, GwanYeong Kim, |
| Helmut K. C. Tessarek, Joel Depooter, jonrumsey at github, Kai Engert, |
| Kamil Dudka, Kevin Ji, Lloyd Fournier, Mahmoud Samir Fayed, Marcel Raad, |
| Martin Kepplinger, Max Dymond, Michael Kaufmann, Nick Zitzmann, Paul Harris, |
| Phil Crump, Piotr Dobrogost, Ray Satiro, Richard Hsu, Ron Eldor, |
| Ryuichi KAWAMATA, Sergei Nikulov, Simon Warta, stootill at github, |
| Stuart Henderson, TheAssassin at github, Thomas Klausner, Travis Burtrum, |
| Vincas Razma, wyattoday at github, |
| (41 contributors) |
| |
| Thanks! (and sorry if I forgot to mention someone) |
| |
| References to bug reports and discussions on issues: |
| |
| [1] = https://curl.haxx.se/bug/?i=1403 |
| [2] = https://curl.haxx.se/bug/?i=1435 |
| [3] = https://curl.haxx.se/bug/?i=1439 |
| [4] = https://curl.haxx.se/bug/?i=1392 |
| [5] = https://curl.haxx.se/bug/?i=1427 |
| [6] = https://curl.haxx.se/bug/?i=1440 |
| [7] = https://curl.haxx.se/bug/?i=1432 |
| [8] = https://curl.haxx.se/bug/?i=1420 |
| [9] = https://curl.haxx.se/bug/?i=1446 |
| [10] = https://curl.haxx.se/bug/?i=1447 |
| [11] = https://bugzilla.redhat.com/1444860 |
| [12] = https://curl.haxx.se/bug/?i=1414 |
| [13] = https://curl.haxx.se/bug/?i=1451 |
| [14] = https://curl.haxx.se/mail/lib-2017-04/0127.html |
| [15] = https://github.com/curl/curl/issues/1441#issuecomment-297689856 |
| [16] = https://curl.haxx.se/bug/?i=1460 |
| [17] = https://curl.haxx.se/bug/?i=1449 |
| [18] = https://curl.haxx.se/bug/?i=1453 |
| [19] = https://curl.haxx.se/bug/?i=1389 |
| [20] = https://curl.haxx.se/bug/?i=1452 |
| [21] = https://curl.haxx.se/bug/?i=1452 |
| [22] = https://curl.haxx.se/bug/?i=1464 |
| [23] = https://curl.haxx.se/bug/?i=1466 |
| [24] = https://curl.haxx.se/bug/?i=1463 |
| [25] = https://curl.haxx.se/bug/?i=1471 |
| [26] = https://curl.haxx.se/bug/?i=1469 |
| [27] = https://curl.haxx.se/bug/?i=1315 |
| [28] = https://curl.haxx.se/bug/?i=1465 |
| [29] = https://curl.haxx.se/bug/?i=1472 |
| [30] = https://curl.haxx.se/bug/?i=1475 |
| [31] = https://curl.haxx.se/bug/?i=1481 |
| [32] = https://curl.haxx.se/bug/?i=1474 |
| [33] = https://curl.haxx.se/bug/?i=1400 |
| [34] = https://curl.haxx.se/bug/?i=1487 |
| [35] = https://curl.haxx.se/bug/?i=1450 |
| [36] = https://curl.haxx.se/bug/?i=1490 |
| [37] = https://curl.haxx.se/bug/?i=1253 |
| [38] = https://curl.haxx.se/bug/?i=1479 |
| [39] = https://curl.haxx.se/bug/?i=1488 |
| [40] = https://curl.haxx.se/bug/?i=1461 |
| [41] = https://curl.haxx.se/bug/?i=1504 |
| [42] = https://curl.haxx.se/bug/?i=878 |
| [43] = https://curl.haxx.se/bug/?i=1489 |
| [44] = https://curl.haxx.se/bug/?i=1321 |
| [45] = https://curl.haxx.se/bug/?i=1499 |
| [46] = https://curl.haxx.se/bug/?i=1516 |
| [47] = https://curl.haxx.se/bug/?i=1294 |
| [48] = https://curl.haxx.se/bug/?i=1208 |
| [49] = https://curl.haxx.se/bug/?i=1516 |
| [50] = https://curl.haxx.se/bug/?i=1522 |
| [51] = https://curl.haxx.se/bug/?i=1524 |
| [52] = https://curl.haxx.se/bug/?i=846 |
| [53] = https://curl.haxx.se/bug/?i=1528 |
| [54] = https://curl.haxx.se/bug/?i=1530 |
| [55] = https://curl.haxx.se/bug/?i=1529 |
| [56] = https://curl.haxx.se/bug/?i=1532 |
| [57] = https://curl.haxx.se/bug/?i=1536 |
| [58] = https://curl.haxx.se/bug/?i=1539 |
| [59] = https://curl.haxx.se/bug/?i=1543 |
| [60] = https://curl.haxx.se/bug/?i=1550 |
| [61] = https://curl.haxx.se/mail/lib-2017-06/0017.html |
| [62] = https://curl.haxx.se/bug/?i=1557 |
| [63] = https://curl.haxx.se/bug/?i=1541 |
| [64] = https://curl.haxx.se/bug/?i=1561 |
| [65] = https://curl.haxx.se/docs/adv_20170614.html |
| [66] = https://curl.haxx.se/mail/lib-2017-06/0038.html |