RELEASE-NOTES: syncedcurl-7_74_0

for 7.74.0
author: Daniel Stenberg <daniel@haxx.se> 2020-12-09 07:38:24 +0100
committer: Daniel Stenberg <daniel@haxx.se> 2020-12-09 07:38:24 +0100
commit: e052859759b34d0e05ce0f17244873e5cd7b457b (patch)
tree: d3b2f6ee97d9f78bd46d705d149a071f30b5fab1
parent: 6d338a87d6d80b1a33965cb8d0e4298805fe4dc4 (diff)
download: gnurl-e052859759b34d0e05ce0f17244873e5cd7b457b.tar.gz
gnurl-e052859759b34d0e05ce0f17244873e5cd7b457b.tar.bz2
gnurl-e052859759b34d0e05ce0f17244873e5cd7b457b.zip
2 files changed, 49 insertions, 9 deletions
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index fc6d168d8..a96762961 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -12,6 +12,9 @@ This release includes the following changes:
 
 This release includes the following bugfixes:
 
+ o CVE-2020-8286: Inferior OCSP verification [93]
+ o CVE-2020-8285: FTP wildcard stack overflow [95]
+ o CVE-2020-8284: trusting FTP PASV responses [97]
  o acinclude: detect manually set minimum macos/ipod version [46]
  o alt-svc: enable (in the build) by default [20]
  o alt-svc: minimize variable scope and avoid "DEAD_STORE" [51]
@@ -26,6 +29,7 @@ This release includes the following bugfixes:
  o cmake: check for linux/tcp.h [91]
  o cmake: correctly handle linker flags for static libs [52]
  o cmake: don't pass -fvisibility=hidden to clang-cl on Windows [53]
+ o cmake: don't use reserved target name 'test' [79]
  o cmake: make BUILD_TESTING dependent option [30]
  o cmake: make CURL_ZLIB a tri-state variable [70]
  o cmake: set the unicode feature in curl-config on Windows [23]
@@ -53,6 +57,7 @@ This release includes the following bugfixes:
  o examples/httpput: remove use of CURLOPT_PUT [39]
  o FAQ: refreshed [56]
  o file: avoid duplicated code sequence [77]
+ o ftp: retry getpeername for FTP with TCP_FASTOPEN [100]
  o gnutls: fix memory leaks (certfields memory wasn't released) [41]
  o header.d: mention the "Transfer-Encoding: chunked" handling [45]
  o HISTORY: the new domain
@@ -84,12 +89,14 @@ This release includes the following bugfixes:
  o quiche: remove 'static' from local buffer [71]
  o range.d: clarify that curl will not parse multipart responses [36]
  o range.d: fix typo
+ o Revert "multi: implement wait using winsock events" [99]
  o rtsp: error out on empty Session ID, unified the code
  o rtsp: fixed Session ID comparison to refuse prefix [65]
  o rtsp: fixed the RTST Session ID mismatch in test 570 [64]
  o runtests: return error if no tests ran [16]
  o runtests: revert the mistaken edit of $CURL
  o runtests: show keywords when no tests ran [33]
+ o scripts/completion.pl: parse all opts [101]
  o socks: check for DNS entries with the right port number [74]
  o src/tool_filetime: disable -Wformat on mingw for this file [2]
  o strerror: use 'const' as the string should never be modified [18]
@@ -108,6 +115,7 @@ This release includes the following bugfixes:
  o tool_writeout: use off_t getinfo-types instead of doubles [76]
  o travis: use ninja-build for CMake builds [63]
  o travis: use valgrind when running tests for debug builds [40]
+ o urlapi: don't accept blank port number field without scheme [98]
  o urlapi: URL encode a '+' in the query part [14]
  o urldata: remove 'void *protop' and create the union 'p' [86]
  o vquic/ngtcp2.h: define local_addr as sockaddr_storage [73]
@@ -121,15 +129,17 @@ advice from friends like these:
 
   Andreas Fischer, asavah on github, b9a1 on github, Baruch Siach,
   Basuke Suzuki, bobmitchell1956 on github, BrumBrum on hackerone,
-  Cristian Morales Vega, Daiki Ueno, Daniel Gustafsson, Daniel Stenberg,
-  Dietmar Hauser, Dirk Wetter, emanruse on github, Emil Engler,
-  hamstergene on github, Harry Sintonen, Jakub Zakrzewski, Jeroen Ooms,
-  Jon Rumsey, José Joaquín Atria, Junho Choi, Kael1117 on github,
-  Klaus Crusius, Kovalkov Dmitrii, Marcel Raad, Marc Hörsken, Marc Schlatter,
-  Niranjan Hasabnis, nosajsnikta on github, Oliver Urbann, Per Nilsson,
-  Philipp Klaus Krause, Ray Satiro, Rikard Falkeborn, Rui LIU, Sergei Nikulov,
-  Tobias Hieta, Tom G. Christensen, Viktor Szakats, Vincent Torri,
-  (41 contributors)
+  Cristian Morales Vega, d4d on hackerone, Daiki Ueno, Daniel Gustafsson,
+  Daniel Stenberg, Dietmar Hauser, Dirk Wetter, emanruse on github,
+  Emil Engler, hamstergene on github, Harry Sintonen, Jacob Hoffman-Andrews,
+  Jakub Zakrzewski, Jeroen Ooms, Jon Rumsey, José Joaquín Atria, Junho Choi,
+  Kael1117 on github, Klaus Crusius, Kovalkov Dmitrii, Marcel Raad,
+  Marc Hörsken, Marc Schlatter, Niranjan Hasabnis, nosajsnikta on github,
+  Oliver Urbann, Per Nilsson, Philipp Klaus Krause, Ray Satiro,
+  Rikard Falkeborn, Rui LIU, Sergei Nikulov, Thomas Danielsson, Tobias Hieta,
+  Tom G. Christensen, Varnavas Papaioannou, Viktor Szakats, Vincent Torri,
+  xnynx on github,
+  (46 contributors)
 
         Thanks! (and sorry if I forgot to mention someone)
 
@@ -213,6 +223,7 @@ References to bug reports and discussions on issues:
  [76] = https://curl.se/bug/?i=6248
  [77] = https://curl.se/bug/?i=6249
  [78] = https://curl.se/bug/?i=6241
+ [79] = https://curl.se/bug/?i=6257
  [80] = https://curl.se/bug/?i=6211
  [81] = https://curl.se/bug/?i=6058
  [82] = https://curl.se/bug/?i=6205
@@ -226,5 +237,12 @@ References to bug reports and discussions on issues:
  [90] = https://curl.se/bug/?i=6271
  [91] = https://curl.se/bug/?i=6252
  [92] = https://curl.se/bug/?i=6263
+ [93] = https://curl.se/docs/CVE-2020-8286.html
  [94] = https://curl.se/bug/?i=6267
+ [95] = https://curl.se/docs/CVE-2020-8285.html
  [96] = https://curl.se/bug/?i=6264
+ [97] = https://curl.se/docs/CVE-2020-8284.html
+ [98] = https://curl.se/bug/?i=6283
+ [99] = https://curl.se/bug/?i=6146
+ [100] = https://curl.se/bug/?i=6252
+ [101] = https://curl.se/bug/?i=6280
diff --git a/docs/THANKS b/docs/THANKS
index 9e037eecf..fcac1f5f3 100644
--- a/docs/THANKS
+++ b/docs/THANKS
@@ -116,6 +116,7 @@ Andre Heinecke
 Andreas Damm
 Andreas Falkenhahn
 Andreas Farber
+Andreas Fischer
 Andreas Kostyrka
 Andreas Malzahn
 Andreas Ntaflos
@@ -201,6 +202,7 @@ Austin Green
 Avery Fay
 Axel Tillequin
 Ayoub Boudhar
+b9a1 on github
 Balaji Parasuram
 Balaji S Rao
 Balaji Salunke
@@ -407,6 +409,7 @@ Craig Markwardt
 crazydef on github
 Cris Bailiff
 Cristian Greco
+Cristian Morales Vega
 Cristian Rodríguez
 Curt Bogmine
 Cynthia Coan
@@ -415,6 +418,7 @@ Cyrill Osterwalder
 Cédric Connes
 Cédric Deltheil
 D. Flinkmann
+d4d on hackerone
 d912e3 on github
 Da-Yoon Chung
 daboul on github
@@ -532,6 +536,7 @@ Dheeraj Sangamkar
 Didier Brisebourg
 Diego Bes
 Diego Casorran
+Dietmar Hauser
 Dilyan Palauzov
 Dima Barsky
 Dima Pasechnik
@@ -545,6 +550,7 @@ Dinar
 Dirk Eddelbuettel
 Dirk Feytons
 Dirk Manske
+Dirk Wetter
 Dirkjan Bussink
 Diven Qi
 divinity76 on github
@@ -620,6 +626,7 @@ Elliot Saba
 Ellis Pritchard
 Elmira A Semenova
 elsamuko on github
+emanruse on github
 Emanuele Bovisio
 Emil Engler
 Emil Lerner
@@ -883,6 +890,7 @@ Jack Zhang
 Jackarain on github
 Jacky Lam
 Jacob Barthelmeh
+Jacob Hoffman-Andrews
 Jacob Meuser
 Jacob Moshenko
 Jactry Zeng
@@ -1081,6 +1089,7 @@ Joshua Kwan
 Joshua Swink
 Josie Huddleston
 Josue Andrade Gomes
+José Joaquín Atria
 Jozef Kralik
 JP Mens
 Juan Barreto
@@ -1117,6 +1126,7 @@ Jörg Mueller-Tolk
 Jörn Hartroth
 K. R. Walker
 ka7 on github
+Kael1117 on github
 Kai Engert
 Kai Noda
 Kai Sommerfeld
@@ -1160,6 +1170,7 @@ Kimmo Kinnunen
 Kirill Marchuk
 Kjell Ericson
 Kjetil Jacobsen
+Klaus Crusius
 Klaus Stein
 Klevtsov Vadim
 Kobi Gurkan
@@ -1168,6 +1179,7 @@ Konstantin Isakov
 Konstantin Kushnir
 kotoriのねこ
 kouzhudong on github
+Kovalkov Dmitrii
 kreshano on github
 Kris Kennaway
 Krishnendu Majumdar
@@ -1547,6 +1559,7 @@ Nikos Tsipinakis
 niner on github
 Ning Dong
 Nir Soffer
+Niranjan Hasabnis
 Nis Jorgensen
 nk
 NobodyXu on github
@@ -1556,6 +1569,7 @@ nopjmp on github
 Norbert Frese
 Norbert Kett
 Norbert Novotny
+nosajsnikta on github
 NTMan on Github
 Octavio Schroeder
 Ofer
@@ -1571,6 +1585,7 @@ Oliver Gondža
 Oliver Graute
 Oliver Kuckertz
 Oliver Schindler
+Oliver Urbann
 Olivier Berger
 Olivier Brunel
 Omar Ramadan
@@ -1647,6 +1662,7 @@ pendrek at hackerone
 Peng Li
 Per Lundberg
 Per Malmberg
+Per Nilsson
 Pete Lomax
 Peter Bray
 Peter Forret
@@ -1687,6 +1703,7 @@ Philip Craig
 Philip Gladstone
 Philip Langdale
 Philip Prindeville
+Philipp Klaus Krause
 Philipp Waehnert
 Philippe Hameau
 Philippe Marguinaud
@@ -1853,6 +1870,7 @@ Rosimildo da Silva
 Ross Burton
 Roy Bellingan
 Roy Shan
+Rui LIU
 Rune Kleveland
 Ruslan Baratov
 Ruslan Gazizov
@@ -2053,6 +2071,7 @@ therealhirudo on github
 tholin on github
 Thomas Bouzerar
 Thomas Braun
+Thomas Danielsson
 Thomas Gamper
 Thomas Glanzmann
 Thomas J. Moore
@@ -2107,6 +2126,7 @@ Todd Short
 Todd Vierling
 Tom Benoist
 Tom Donovan
+Tom G. Christensen
 Tom Grace
 Tom Greenslade
 Tom Lee
@@ -2164,6 +2184,7 @@ Valentin David
 Valentyn Korniienko
 Valerii Zapodovnikov
 vanillajonathan on github
+Varnavas Papaioannou
 Vasiliy Faronov
 Vasily Lobaskin
 Vasy Okhin
@@ -2231,6 +2252,7 @@ Xiang Xiao
 Xiangbin Li
 Xiaoyin Liu
 XmiliaH on github
+xnynx on github
 xwxbug on github
 Yaakov Selkowitz
 Yang Tse
author	Daniel Stenberg <daniel@haxx.se>	2020-12-09 07:38:24 +0100
committer	Daniel Stenberg <daniel@haxx.se>	2020-12-09 07:38:24 +0100
commit	e052859759b34d0e05ce0f17244873e5cd7b457b (patch)
tree	d3b2f6ee97d9f78bd46d705d149a071f30b5fab1
parent	6d338a87d6d80b1a33965cb8d0e4298805fe4dc4 (diff)
download	gnurl-e052859759b34d0e05ce0f17244873e5cd7b457b.tar.gz gnurl-e052859759b34d0e05ce0f17244873e5cd7b457b.tar.bz2 gnurl-e052859759b34d0e05ce0f17244873e5cd7b457b.zip