diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2020-06-24 11:44:22 +0200 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2020-06-24 11:44:22 +0200 |
| commit | 7fb33ee871a04d2e4f6ffedba0808635efb1ef53 (patch) | |
| tree | 3bdca5bc5b728f9fd598914161de9a579f759013 | |
| parent | 906bb64ac9f74e2fef864d95ff22eb3fca143ba0 (diff) | |
| download | gnurl-7fb33ee871a04d2e4f6ffedba0808635efb1ef53.tar.gz gnurl-7fb33ee871a04d2e4f6ffedba0808635efb1ef53.tar.bz2 gnurl-7fb33ee871a04d2e4f6ffedba0808635efb1ef53.zip | |
RELEASE-NOTES: synced
| -rw-r--r-- | RELEASE-NOTES | 281 |
1 files changed, 7 insertions, 274 deletions
diff --git a/RELEASE-NOTES b/RELEASE-NOTES index d76511360..3abdb5db0 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -1,6 +1,6 @@ -curl and libcurl 7.71.0 +curl and libcurl 7.71.1 - Public curl releases: 192 + Public curl releases: 193 Command line options: 232 curl_easy_setopt() options: 277 Public functions in libcurl: 82 @@ -8,149 +8,11 @@ curl and libcurl 7.71.0 This release includes the following changes: - o CURLOPT_SSL_OPTIONS: optional use of Windows' CA store (with openssl) [10] - o setopt: add CURLOPT_PROXY_ISSUERCERT(_BLOB) for coherency [31] - o setopt: support certificate options in memory with struct curl_blob [41] - o tool: Add option --retry-all-errors to retry on any error [27] + o This release includes the following bugfixes: - o CVE-2020-8177: curl overwrite local file with -J [111] - o CVE-2020-8169: Partial password leak over DNS on HTTP redirect [48] - o *_sspi: fix bad uses of CURLE_NOT_BUILT_IN [21] - o all: fix codespell errors [75] - o altsvc: bump to h3-29 [114] - o altsvc: fix 'dsthost' may be used uninitialized in this function - o altsvc: fix parser for lines ending with CRLF [74] - o altsvc: remove the num field from the altsvc struct [109] - o appveyor: add non-debug plain autotools-based build [90] - o appveyor: disable flaky test 1501 and ignore broken 1056 - o appveyor: disable test 1139 instead of ignoring it - o asyn-*: remove support for never-used NULL entry pointers [19] - o azure: use matrix strategy to avoid configuration redundancy [83] - o build: disable more code/data when built without proxy support [84] - o buildconf: remove -print from the find command that removes files - o checksrc: enhance the ASTERISKSPACE and update code accordingly [52] - o CI/macos: fix 'is already installed' errors by using bundle [94] - o cirrus: disable SFTP and SCP tests [7] - o CMake: add ENABLE_ALT_SVC option - o CMake: add HTTP/3 support (ngtcp2+nghttp3, quiche) [34] - o CMake: add libssh build support [37] - o CMake: do not build test programs by default [30] - o CMake: fix runtests.pl with CMake, add new test targets [29] - o CMake: ignore INTERFACE_LIBRARY targets for pkg-config file [112] - o CMake: rebuild Makefile.inc.cmake when Makefile.inc changes [58] - o CODE_REVIEW.md: how to do code reviews in curl [108] - o configure: fix pthread check with static boringssl - o configure: for wolfSSL, check for the DES func needed for NTLM - o configure: only strip first -L from LDFLAGS [89] - o configure: repair the check if argv can be written to [47] - o configure: the wolfssh backend does not provide SCP [57] - o connect: improve happy eyeballs handling [118] - o connect: make happy eyeballs work for QUIC (again) [16] - o curl.1: Quote globbed URLs [51] - o curl: remove -J "informational" written on stdout [36] - o Curl_addrinfo: use one malloc instead of three [97] - o CURLINFO_ACTIVESOCKET.3: clarify the description [87] - o doc: add missing closing parenthesis in CURLINFO_SSL_VERIFYRESULT.3 [5] - o doc: Rename VERSIONS to VERSIONS.md as it already has Markdown syntax [20] - o docs/HTTP3: add qlog to the quiche build instruction - o docs/options-in-versions: which version added each cmdline option [53] - o docs: unify protocol lists [54] - o dynbuf: introduce internal generic dynamic buffer functions [17] - o easy: fix dangling pointer on easy_perform fail [26] - o examples/ephiperfifo: turn off interval when setting timerfd [79] - o examples/http2-down/upload: add error checks [78] - o examples: remove asiohiper.cpp [4] - o FILEFORMAT: add more features that tests can depend on - o FILEFORMAT: describe verify/stderr - o ftp: make domore_getsock() return the secondary socket properly - o ftp: mark return-ignoring calls to Curl_GetFTPResponse with (void) [64] - o ftp: shut down the secondary connection properly when SSL is used [43] - o GnuTLS: Backend support for CURLINFO_SSL_VERIFYRESULT [9] - o hostip: make Curl_printable_address not return anything [63] - o hostip: on macOS avoid DoH when given a numerical IP address [69] - o http2: keep trying to send pending frames after req.upload_done [40] - o http2: simplify and clean up trailer handling [6] - o HTTP3.md: clarify cargo build directory [77] - o http: move header storage to Curl_easy from connectdata [107] - o libcurl.pc: Merge Libs.private into Libs for static-only builds [28] - o libssh2: improved error output for wrong quote syntax [39] - o libssh2: keep sftp errors as 'unsigned long' [103] - o libssh2: set the expected total size in SCP upload init [2] - o libtest/cmake: Remove commented code [13] - o list-only.d: this option existed already in 4.0 - o manpage: add three missing environment variables [121] - o multi: add defensive check on data->multi->num_alive [96] - o multi: implement wait using winsock events [120] - o ngtcp2: cleanup memory when failing to connect [70] - o ngtcp2: fix build with current ngtcp2 master implementing draft 28 [76] - o ngtcp2: fix happy eyeballs quic connect crash [118] - o ngtcp2: introduce qlog support [23] - o ngtcp2: never call fprintf() in lib code in release version - o ngtcp2: update with recent API changes [100] - o ntlm: enable NTLM support with wolfSSL [81] - o OpenSSL: have CURLOPT_CRLFILE imply CURLSSLOPT_NO_PARTIALCHAIN [55] - o openssl: set FLAG_TRUSTED_FIRST unconditionally [105] - o projects: Add crypt32.lib to dependencies for all OpenSSL configs [93] - o quiche: clean up memory properly when failing to connect [71] - o quiche: enable qlog output [14] - o quiche: update SSLKEYLOGFILE support [98] - o Revert "buildconf: use find -execdir" [38] - o Revert "ssh: ignore timeouts during disconnect" [67] - o runtests: remove sleep calls [18] - o runtests: show elapsed test time with higher precision (ms) - o select: always use Sleep in Curl_wait_ms on Win32 [82] - o select: fix overflow protection in Curl_socket_check [22] - o sendf: make failf() use the mvsnprintf() return code [62] - o server/sws: fix asan warning on use of uninitialized variable - o server/util: fix logmsg format using curl_off_t argument [106] - o sha256: fixed potentially uninitialized variable [61] - o share: don't set the share flag it something fails [116] - o sockfilt: make select_ws stop waiting on exit signal event - o socks: detect connection close during handshake [95] - o socks: fix expected length of SOCKS5 reply [68] - o socks: remove unreachable breaks in socks.c and mime.c [101] - o source cleanup: remove all custom typedef structs [42] - o test1167: fixes in badsymbols.pl [73] - o test1177: look for curl.h in source directory [1] - o test1238: avoid tftpd being busy for tests shortly following [33] - o test613.pl: make tests 613 and 614 work with OpenSSH for Windows [8] - o test75: Remove precheck test - o tests: add https-proxy support to the test suite [49] - o tests: add support for SSH server variant specific transfer paths [24] - o tests: add two simple tests for --login-options [99] - o tests: make test 1248 + 1249 use %NOLISTENPORT [3] - o tests: pick a random port number for SSH [12] - o tests: run stunnel for HTTPS and FTPS on dynamic ports [11] - o timeouts: change millisecond timeouts to timediff_t from time_t [86] - o timeouts: move ms timeouts to timediff_t from int and long [104] - o tool: fixup a few --help descriptions [56] - o tool: support UTF-16 command line on Windows [46] - o tool_cfgable: free login_options at exit [102] - o tool_getparam: fix memory leak in parse_args - o tool_operate: fixed potentially uninitialized variables [60] - o tool_paramhlp: fixed potentially uninitialized strtol() variable [59] - o transfer: close connection after excess data has been read [66] - o travis: add "qlog" as feature in the quiche build - o travis: Add ngtcp2 and quiche tests for CMake - o travis: upgrade to bionic, clang-9, improve readability [35] - o typecheck-gcc.h: CURLINFO_PRIVATE does not need a 'char *' [44] - o unit1604.c: fix implicit conv from 'SANITIZEcode' to 'CURLcode' [88] - o url: accept "any length" credentials for proxy auth [72] - o url: alloc the download buffer at transfer start [85] - o url: reject too long input when parsing credentials [25] - o url: sort the protocol schemes in rough popularity order [32] - o urlapi: accept :: as a valid IPv6 address [15] - o urldata: leave the HTTP method untouched in the set.* struct [45] - o urlglob: treat literal IPv6 addresses with zone IDs as a host name [115] - o user-agent.d: spell out what happens given a blank argument [80] - o vauth/cleartext: fix theoretical integer overflow [50] - o version.d: expanded and alpha-sorted [110] - o vtls: Extract and simplify key log file handling from OpenSSL - o wolfssl: add SSLKEYLOGFILE support [65] - o wording: avoid blacklist/whitelist stereotypes [92] - o write-out.d: added "response_code" + o DYNBUF.md: fix a typo: trail => tail [2] This release includes the following known bugs: @@ -159,140 +21,11 @@ This release includes the following known bugs: This release would not have looked like this without help, code, reports and advice from friends like these: - Adnan Khan, Alessandro Ghedini, Billyzou0741326 on github, Brian Carpenter, - Cherish98 on github, Dan Fandrich, Daniel Gustafsson, Daniel Stenberg, - Emil Engler, Estanislau Augé-Pujadas, François Rigault, Geeknik Labs, - Gergely Nagy, Gilles Vollant, Gregory Jefferis, Hugo van Kemenade, - huzunhao on github, James Fuller, James Le Cuirot, Jeroen Ooms, John Simpson, - Kamil Dudka, Kane York, Lucas Pardue, Maksim Stsepanenka, Marcel Raad, - Marc Hörsken, Martin V, Max Peal, Michael Kaufmann, Mohamed Osama, - Murugan Balraj, Neal Poole, Nicolas Sterchele, Pavel Volgarev, Peter Wang, - Peter Wu, puckipedia on github, Radoslav Georgiev, Ray Satiro, Rich Salz, - Rikard Falkeborn, rl1987 on github, Ruurd Beerstra, Saleem Abdulrasool, - Samuel Marks, Siva Sivaraman, sn on hackerone, Tatsuhiro Tsujikawa, - therealhirudo on github, Thomas Bouzerar, Valentyn Korniienko, - Viktor Szakats, Vyron Tsingaras, Werner Stolz, Will Roberts, - zloi-user on github, Коваленко Анатолий Викторович, kotoriのねこ - (59 contributors) + Alexandre Pion, Daniel Stenberg, Denis Baručić, + (3 contributors) Thanks! (and sorry if I forgot to mention someone) References to bug reports and discussions on issues: - [1] = https://curl.haxx.se/bug/?i=5310 - [2] = https://curl.haxx.se/mail/archive-2020-05/0000.html - [3] = https://curl.haxx.se/bug/?i=5318 - [4] = https://curl.haxx.se/bug/?i=5090 - [5] = https://curl.haxx.se/bug/?i=5320 - [6] = https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22030 - [7] = https://curl.haxx.se/bug/?i=5315 - [8] = https://curl.haxx.se/bug/?i=5328 - [9] = https://curl.haxx.se/bug/?i=5287 - [10] = https://curl.haxx.se/bug/?i=4346 - [11] = https://curl.haxx.se/bug/?i=5267 - [12] = https://curl.haxx.se/bug/?i=5273 - [13] = https://curl.haxx.se/bug/?i=5311 - [14] = https://curl.haxx.se/bug/?i=5341 - [15] = https://curl.haxx.se/bug/?i=5344 - [16] = https://curl.haxx.se/bug/?i=5334 - [17] = https://curl.haxx.se/bug/?i=5300 - [18] = https://curl.haxx.se/bug/?i=5323 - [19] = https://curl.haxx.se/bug/?i=5324 - [20] = https://curl.haxx.se/bug/?i=5325 - [21] = https://curl.haxx.se/bug/?i=5355 - [22] = https://curl.haxx.se/bug/?i=5286 - [23] = https://curl.haxx.se/bug/?i=5353 - [24] = https://curl.haxx.se/bug/?i=5298 - [25] = https://curl.haxx.se/bug/?i=5383 - [26] = https://curl.haxx.se/bug/?i=5363 - [27] = https://curl.haxx.se/bug/?i=5185 - [28] = https://curl.haxx.se/bug/?i=5373 - [29] = https://curl.haxx.se/bug/?i=5358 - [30] = https://curl.haxx.se/bug/?i=5368 - [31] = https://curl.haxx.se/bug/?i=5431 - [32] = https://curl.haxx.se/bug/?i=5377 - [33] = https://curl.haxx.se/bug/?i=5364 - [34] = https://curl.haxx.se/bug/?i=5359 - [35] = https://curl.haxx.se/bug/?i=5370 - [36] = https://curl.haxx.se/mail/archive-2020-05/0044.html - [37] = https://curl.haxx.se/bug/?i=5372 - [38] = https://curl.haxx.se/bug/?i=5483 - [39] = https://curl.haxx.se/bug/?i=5474 - [40] = https://curl.haxx.se/bug/?i=1410 - [41] = https://curl.haxx.se/bug/?i=5357 - [42] = https://curl.haxx.se/bug/?i=5338 - [43] = https://curl.haxx.se/bug/?i=5340 - [44] = https://curl.haxx.se/bug/?i=5432 - [45] = https://curl.haxx.se/bug/?i=5499 - [46] = https://curl.haxx.se/bug/?i=3784 - [47] = https://curl.haxx.se/bug/?i=5470 - [48] = https://curl.haxx.se/docs/CVE-2020-8169.html - [49] = https://curl.haxx.se/bug/?i=5399 - [50] = https://curl.haxx.se/bug/?i=5391 - [51] = https://github.com/curl/curl/issues/5388 - [52] = https://curl.haxx.se/bug/?i=5386 - [53] = https://curl.haxx.se/bug/?i=5381 - [54] = https://curl.haxx.se/bug/?i=5384 - [55] = https://curl.haxx.se/bug/?i=5374 - [56] = https://curl.haxx.se/bug/?i=5379 - [57] = https://curl.haxx.se/bug/?i=5387 - [58] = https://curl.haxx.se/bug/?i=5469 - [59] = https://curl.haxx.se/bug/?i=5417 - [60] = https://curl.haxx.se/bug/?i=5416 - [61] = https://curl.haxx.se/bug/?i=5414 - [62] = https://curl.haxx.se/bug/?i=5413 - [63] = https://curl.haxx.se/bug/?i=5411 - [64] = https://curl.haxx.se/bug/?i=5412 - [65] = https://curl.haxx.se/bug/?i=5327 - [66] = https://curl.haxx.se/bug/?i=5440 - [67] = https://curl.haxx.se/mail/lib-2020-05/0068.html - [68] = https://curl.haxx.se/bug/?i=5527 - [69] = https://curl.haxx.se/bug/?i=5454 - [70] = https://curl.haxx.se/bug/?i=5447 - [71] = https://curl.haxx.se/bug/?i=5450 - [72] = https://curl.haxx.se/bug/?i=5448 - [73] = https://curl.haxx.se/bug/?i=5442 - [74] = https://curl.haxx.se/bug/?i=5445 - [75] = https://curl.haxx.se/bug/?i=5452 - [76] = https://curl.haxx.se/bug/?i=5444 - [77] = https://curl.haxx.se/bug/?i=5522 - [78] = https://curl.haxx.se/bug/?i=5463 - [79] = https://curl.haxx.se/bug/?i=5485 - [80] = https://curl.haxx.se/bug/?i=5525 - [81] = https://curl.haxx.se/bug/?i=5548 - [82] = https://curl.haxx.se/bug/?i=5489 - [83] = https://curl.haxx.se/bug/?i=5468 - [84] = https://curl.haxx.se/bug/?i=5466 - [85] = https://curl.haxx.se/bug/?i=5472 - [86] = https://curl.haxx.se/bug/?i=5479 - [87] = https://curl.haxx.se/bug/?i=5299 - [88] = https://curl.haxx.se/bug/?i=5476 - [89] = https://curl.haxx.se/bug/?i=5519 - [90] = https://curl.haxx.se/bug/?i=5477 - [92] = https://curl.haxx.se/bug/?i=5546 - [93] = https://curl.haxx.se/bug/?i=5516 - [94] = https://curl.haxx.se/bug/?i=5513 - [95] = https://curl.haxx.se/bug/?i=5532 - [96] = https://curl.haxx.se/bug/?i=5540 - [97] = https://curl.haxx.se/bug/?i=5533 - [98] = https://curl.haxx.se/bug/?i=5541 - [99] = https://curl.haxx.se/bug/?i=5539 - [100] = https://curl.haxx.se/bug/?i=5538 - [101] = https://curl.haxx.se/bug/?i=5537 - [102] = https://curl.haxx.se/bug/?i=5535 - [103] = https://curl.haxx.se/bug/?i=5534 - [104] = https://curl.haxx.se/bug/?i=5490 - [105] = https://curl.haxx.se/bug/?i=5530 - [106] = https://curl.haxx.se/bug/?i=5529 - [107] = https://curl.haxx.se/bug/?i=5566 - [108] = https://curl.haxx.se/bug/?i=5555 - [109] = https://curl.haxx.se/bug/?i=5553 - [110] = https://curl.haxx.se/bug/?i=5558 - [111] = https://curl.haxx.se/docs/CVE-2020-8177.html - [112] = https://curl.haxx.se/bug/?i=5512 - [114] = https://curl.haxx.se/bug/?i=5584 - [115] = https://curl.haxx.se/bug/?i=5576 - [116] = https://curl.haxx.se/bug/?i=5554 - [118] = https://curl.haxx.se/bug/?i=5565 - [120] = https://curl.haxx.se/bug/?i=5397 - [121] = https://curl.haxx.se/bug/?i=5571 + [2] = https://curl.haxx.se/bug/?i=5599 |