aboutsummaryrefslogtreecommitdiff
path: root/RELEASE-NOTES
blob: 339190478ef341d92537896db005958a2ee0bff4 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
Curl and libcurl 7.54.0

 Public curl releases:         165
 Command line options:         207
 curl_easy_setopt() options:   245
 Public functions in libcurl:  61
 Contributors:                 1538

This release includes the following changes:
 o Add CURL_SSLVERSION_MAX_* constants to CURLOPT_SSLVERSION [19]
 o Add --max-tls [19]
 o Add CURLOPT_SUPPRESS_CONNECT_HEADERS [24]
 o Add --suppress-connect-headers [24]

This release includes the following bugfixes:

 o CVE-2017-7468: switch off SSL session id when client cert is used [68]
 o cmake: Replace invalid UTF-8 byte sequence [1]
 o tests: use consistent environment variables for setting charset
 o proxy: fixed a memory leak on OOM
 o ftp: removed an erroneous free in an OOM path
 o docs: de-duplicate file lists in the Makefiles [2]
 o ftp: fixed a NULL pointer dereference on OOM
 o gopher: fixed detection of an error condition from Curl_urldecode
 o url: fix unix-socket support for proxy-disabled builds [3]
 o test1139: allow for the possibility that the man page is not rebuilt
 o cyassl: get library version string at runtime
 o digest_sspi: fix compilation warning
 o tests: enable HTTP/2 tests to run with non-default port numbers
 o warnless: suppress compiler warning
 o darwinssl: Warn that disabling host verify also disables SNI [4]
 o configure: fix for --enable-pthreads [5]
 o checksrc.bat: Ignore curl_config.h.in, curl_config.h
 o no-keepalive.d: fix typo [6]
 o configure: fix --with-zlib when a path is specified [7]
 o build: fix gcc7 implicit fallthrough warnings [8]
 o fix potential use of uninitialized variables [9]
 o CURLOPT_SSL_CTX_FUNCTION.3: Fix EXAMPLE formatting errors [10]
 o CMake: Reorganize SSL support, separate WinSSL and SSPI [11]
 o CMake: Add DarwinSSL support [12]
 o CMake: Add mbedTLS support [13]
 o ares: return error at once if timed out before name resolve starts [14]
 o BINDINGS: added C++, perl, go and Scilab bindings
 o URL: return error on malformed URLs with junk after port number
 o KNOWN_BUGS: Add DarwinSSL won't import PKCS#12 without a password [15]
 o http2: Fix assertion error on redirect with CL=0 [16]
 o updatemanpages.pl: Update man pages to use current date and versions [17]
 o --insecure: clarify that this option is for server connections [18]
 o mkhelp: simplified the gzip code
 o build: fixed making man page in out-of-tree tarball builds
 o tests: disabled 1903 due to flakiness
 o openssl: add two /* FALLTHROUGH */ to satisfy coverity
 o cmdline-opts: fixed a few typos
 o authneg: clear auth.multi flag at http_done [20]
 o curl_easy_reset: Also reset the authentication state [21]
 o proxy: skip SSL initialization for closed connections [22]
 o http_proxy: ignore TE and CL in CONNECT 2xx responses [23]
 o tool_writeout: fixed a buffer read overrun on --write-out
 o make: regenerate docs/curl.1 by running make in docs [25]
 o winbuild: add basic support for OpenSSL 1.1.x [26]
 o build: removed redundant DEPENDENCIES from makefiles
 o CURLINFO_LOCAL_PORT.3: added example
 o curl: show HTTPS-Proxy options on CURLE_SSL_CACERT [27]
 o tests: strip more options from non-HTTP --libcurl tests
 o tests: fixed the documented test server port numbers
 o runtests.pl: fixed display of the Gopher IPv6 port number
 o multi: fix streamclose() crash in debug mode [28]
 o cmake: build manual pages [29]
 o cmake: add support for building HTML and PDF docs [30]
 o mbedtls: add support for CURLOPT_SSL_CTX_FUNCTION [31]
 o make: introduce 'test-nonflaky' target
 o CURLINFO_PRIMARY_IP.3: add example
 o tests/README: mention nroff for --manual tests [32]
 o mkhelp: disable compression if the perl gzip module is unavailable
 o openssl: fall back on SSL_ERROR_* string when no error detail [33]
 o asiohiper: make sure socket is open in event_cb [34]
 o tests/README: make "Run" section foolproof [35]
 o curl: check for end of input in writeout backslash handling
 o .gitattributes: turn off CRLF for *.am [36]
 o multi: fix MinGW-w64 compiler warnings
 o schannel: fix variable shadowing warning
 o openssl: exclude DSA code when OPENSSL_NO_DSA is defined [37]
 o http: Fix proxy connection reuse with basic-auth [38]
 o pause: handle mixed types of data when paused [39]
 o http: do not treat FTPS over CONNECT as HTTPS
 o conncache: make hashkey avoid malloc [40]
 o make: use the variable MAKE for recursive calls [41]
 o curl: fix callback argument inconsistency [42]
 o NTLM: check for features with #ifdef instead of #if [43]
 o cmake: add several missing files to the dist
 o select: use correct SIZEOF_ constant [44]
 o connect: fix unreferenced parameter warning
 o schannel: fix unused variable warning
 o gcc7: fix ‘*’ in boolean context [45]
 o http2: silence unused parameter warnings
 o ssh: fix narrowing conversion warning
 o telnet: (win32) fix read callback return variable [46]
 o docs: Explain --fail-early does not imply --fail [47]
 o docs: added examples for CURLINFO_FILETIME.3 and CURLOPT_FILETIME.3
 o tests/server/util: remove in6addr_any for recent MinGW [48]
 o multi: make curl_multi_wait avoid malloc in the typical case [49]
 o include: curl/system.h is a run-time version of curlbuild.h [50]
 o easy: silence compiler warning
 o llist: replace Curl_llist_alloc with Curl_llist_init [51]
 o hash: move key into hash struct to reduce mallocs [52]
 o url: don't free postponed data on connection reuse [53]
 o curl_sasl: declare mechtable static
 o curl: fix Windows Unicode build
 o multi: fix queueing of pending easy handles [54]
 o tool_operate: fix MinGW compiler warning [55]
 o low_speed_limit: improved function for longer time periods [56]
 o gtls: fix compiler warning
 o sspi: print out InitializeSecurityContext() error message [57]
 o schannel: fix compiler warnings [58]
 o vtls: fix unreferenced variable warnings
 o INSTALL.md: fix secure transport configure arguments
 o CURLINFO_SCHEME.3: fix variable type
 o libcurl-thread.3: also mention threaded-resolver [59]
 o nss: load CA certificates even with --insecure [60]
 o openssl: fix this statement may fall through [61]
 o poll: prefer <poll.h> over <sys/poll.h> [62]
 o polarssl: unbreak build with versions < 1.3.8 [63]
 o Curl_expire_latest: ignore already expired timers [64]
 o configure: turn implicit function declarations into errors [65]
 o mbedtls: fix memory leak in error path [66]
 o http2: fix handle leak in error path [67]
 o .gitattributes: force shell scripts to LF [69]
 o configure.ac: ignore CR after version numbers [70]
 o extern-scan.pl: strip trailing CR [71]
 o openssl: make SSL_ERROR_to_str more future-proof [72]
 o openssl: fix thread-safety bugs in error-handling [73]
 o openssl: don't try to print nonexistant peer private keys [74]
 o nss: fix MinGW compiler warnings [75]

This release includes the following known bugs:

 o see docs/KNOWN_BUGS (https://curl.haxx.se/docs/knownbugs.html)

This release would not have looked like this without help, code, reports and
advice from friends like these:

  Ales Mlakar, Alex Bligh, Alexis La Goutte, Anatol Belski, Anders Roxell,
  Andrew Krieger, Antony74 on github, Antti Hätälä, Brian Carpenter,
  Carlo Cannas, Carlo Teubner, Dan Fandrich, Dániel Bakai, Daniel Gustafsson,
  Daniel Stenberg, David Benjamin, Desmond O. Chang, Edward Kimmel,
  Gisle Vanem, Giuseppe Persico, Greg Rowe, Hanno Böck, Isaac Boukris,
  Joel Depooter, Jozef Kralik, Justin Clift, ka7 on github, Kamil Dudka,
  Larry Stefani, lijian996 on github, madblobfish on github,
  Maksim Stsepanenka, Marc-Antoine Perennou, Marcel Raad, Martin Kepplinger,
  mccormickt12 on github, Michael Kaufmann, Michael Maltese, mkzero on github,
  Nehal J Wani, neheb on github, Orange Tsai, Palo Markovic, Paul Harris,
  Peter Pentchev, Peter Wu, Rainer Canavan, Ray Satiro, Simon Warta,
  Stephen Toub, Steve Brokenshire, Sylvestre Ledru, Tatsuhiro Tsujikawa,
  Thomas Glanzmann, zelinchen on github,
  (55 contributors)

        Thanks! (and sorry if I forgot to mention someone)

References to bug reports and discussions on issues:

 [1] = https://curl.haxx.se/bug/?i=1275
 [2] = https://curl.haxx.se/bug/?i=1287
 [3] = https://curl.haxx.se/bug/?i=1289
 [4] = https://curl.haxx.se/bug/?i=1240
 [5] = https://curl.haxx.se/bug/?i=1295
 [6] = https://curl.haxx.se/bug/?i=1301
 [7] = https://curl.haxx.se/bug/?i=1292
 [8] = https://curl.haxx.se/bug/?i=1297
 [9] = https://curl.haxx.se/bug/?i=1304
 [10] = https://curl.haxx.se/bug/?i=1290
 [11] = https://curl.haxx.se/bug/?i=1228
 [12] = https://curl.haxx.se/bug/?i=1228
 [13] = https://curl.haxx.se/bug/?i=1228
 [14] = https://curl.haxx.se/mail/lib-2017-03/0004.html
 [15] = https://curl.haxx.se/bug/?i=1308
 [16] = https://curl.haxx.se/bug/?i=1286
 [17] = https://curl.haxx.se/bug/?i=1058
 [18] = https://curl.haxx.se/mail/lib-2017-03/0002.html
 [19] = https://curl.haxx.se/bug/?i=1166
 [20] = https://curl.haxx.se/bug/?i=1095
 [21] = https://curl.haxx.se/bug/?i=1095
 [22] = https://curl.haxx.se/bug/?i=1239
 [23] = https://curl.haxx.se/bug/?i=1317
 [24] = https://curl.haxx.se/bug/?i=783
 [25] = https://curl.haxx.se/mail/lib-2017-03/0017.html
 [26] = https://curl.haxx.se/bug/?i=1322
 [27] = https://curl.haxx.se/bug/?i=1331
 [28] = https://curl.haxx.se/bug/?i=1329
 [29] = https://curl.haxx.se/bug/?i=1288
 [30] = https://curl.haxx.se/bug/?i=1288
 [31] = https://curl.haxx.se/bug/?i=1272
 [32] = https://curl.haxx.se/bug/?i=1342
 [33] = https://curl.haxx.se/bug/?i=1348
 [34] = https://curl.haxx.se/bug/?i=1318
 [35] = https://curl.haxx.se/bug/?i=1352
 [36] = https://curl.haxx.se/bug/?i=1344
 [37] = https://curl.haxx.se/bug/?i=1361
 [38] = https://curl.haxx.se/bug/?i=1350
 [39] = https://curl.haxx.se/bug/?i=1354
 [40] = https://curl.haxx.se/bug/?i=1365
 [41] = https://curl.haxx.se/bug/?i=1366
 [42] = https://curl.haxx.se/mail/lib-2017-03/0116.html
 [43] = https://github.com/curl/curl/pull/1367
 [44] = https://curl.haxx.se/bug/?i=1362
 [45] = https://curl.haxx.se/bug/?i=1371
 [46] = https://github.com/curl/curl/issues/1225#issuecomment-290340890
 [47] = https://curl.haxx.se/bug/?i=1375
 [48] = https://curl.haxx.se/bug/?i=1379
 [49] = https://curl.haxx.se/bug/?i=1377
 [50] = https://curl.haxx.se/bug/?i=1373
 [51] = https://curl.haxx.se/bug/?i=1381
 [52] = https://curl.haxx.se/bug/?i=1376
 [53] = https://curl.haxx.se/bug/?i=1380
 [54] = https://curl.haxx.se/bug/?i=1358
 [55] = https://curl.haxx.se/bug/?i=1378
 [56] = https://curl.haxx.se/bug/?i=1390
 [57] = https://curl.haxx.se/bug/?i=1395
 [58] = https://curl.haxx.se/bug/?i=1394
 [59] = https://curl.haxx.se/mail/lib-2017-04/0044.html
 [60] = https://curl.haxx.se/bug/?i=851
 [61] = https://curl.haxx.se/bug/?i=1402
 [62] = https://curl.haxx.se/bug/?i=1406
 [63] = https://curl.haxx.se/bug/?i=1401
 [64] = https://curl.haxx.se/mail/lib-2017-04/0030.html
 [65] = https://curl.haxx.se/bug/?i=1409
 [66] = https://curl.haxx.se/bug/?i=1417
 [67] = https://curl.haxx.se/bug/?i=1416
 [68] = https://curl.haxx.se/docs/adv_20170419.html
 [69] = https://curl.haxx.se/bug/?i=1422
 [70] = https://curl.haxx.se/bug/?i=1422
 [71] = https://curl.haxx.se/bug/?i=1422
 [72] = https://curl.haxx.se/bug/?i=1424
 [73] = https://curl.haxx.se/bug/?i=1424
 [74] = https://curl.haxx.se/bug/?i=1425
 [75] = https://curl.haxx.se/bug/?i=1393