mirror of https://github.com/moparisthebest/curl
bump: start working on 7.51.1
This commit is contained in:
parent
d7e5f18279
commit
71cfce9ce7
124
RELEASE-NOTES
124
RELEASE-NOTES
|
@ -1,6 +1,6 @@
|
|||
Curl and libcurl 7.51.0
|
||||
Curl and libcurl 7.51.1
|
||||
|
||||
Public curl releases: 160
|
||||
Public curl releases: 161
|
||||
Command line options: 185
|
||||
curl_easy_setopt() options: 225
|
||||
Public functions in libcurl: 61
|
||||
|
@ -8,72 +8,12 @@ Curl and libcurl 7.51.0
|
|||
|
||||
This release includes the following changes:
|
||||
|
||||
o nss: additional cipher suites are now accepted by CURLOPT_SSL_CIPHER_LIST
|
||||
o New option: CURLOPT_KEEP_SENDING_ON_ERROR [10]
|
||||
o
|
||||
|
||||
This release includes the following bugfixes:
|
||||
|
||||
o CVE-2016-8615: cookie injection for other servers [28]
|
||||
o CVE-2016-8616: case insensitive password comparison [29]
|
||||
o CVE-2016-8617: OOB write via unchecked multiplication [30]
|
||||
o CVE-2016-8618: double-free in curl_maprintf [31]
|
||||
o CVE-2016-8619: double-free in krb5 code [32]
|
||||
o CVE-2016-8620: glob parser write/read out of bounds [33]
|
||||
o CVE-2016-8621: curl_getdate read out of bounds [34]
|
||||
o CVE-2016-8622: URL unescape heap overflow via integer truncation [35]
|
||||
o CVE-2016-8623: Use-after-free via shared cookies [36]
|
||||
o CVE-2016-8624: invalid URL parsing with '#' [37]
|
||||
o CVE-2016-8625: IDNA 2003 makes curl use wrong host [38]
|
||||
o openssl: fix per-thread memory leak using 1.0.1 or 1.0.2 [1]
|
||||
o http: accept "Transfer-Encoding: chunked" for HTTP/2 as well [2]
|
||||
o LICENSE-MIXING.md: update with mbedTLS dual licensing [3]
|
||||
o examples/imap-append: Set size of data to be uploaded [4]
|
||||
o test2048: fix url
|
||||
o darwinssl: disable RC4 cipher-suite support
|
||||
o CURLOPT_PINNEDPUBLICKEY.3: fix the AVAILABILITY formatting
|
||||
o openssl: don’t call CRYTPO_cleanup_all_ex_data [5]
|
||||
o libressl: fix version output [6]
|
||||
o easy: Reset all statistical session info in curl_easy_reset [7]
|
||||
o curl_global_cleanup.3: don't unload the lib with sub threads running [8]
|
||||
o dist: add CurlSymbolHiding.cmake to the tarball
|
||||
o docs: Remove that --proto is just used for initial retrieval [9]
|
||||
o configure: Fixed builds with libssh2 in a custom location
|
||||
o curl.1: --trace supports % for sending to stderr!
|
||||
o cookies: same domain handling changed to match browser behavior [11]
|
||||
o formpost: trying to attach a directory no longer crashes [12]
|
||||
o CURLOPT_DEBUGFUNCTION.3: fixed unused argument warning [13]
|
||||
o formpost: avoid silent snprintf() truncation
|
||||
o ftp: fix Curl_ftpsendf
|
||||
o mprintf: return error on too many arguments
|
||||
o smb: properly check incoming packet boundaries [14]
|
||||
o GIT-INFO: remove the Mac 10.1-specific details [15]
|
||||
o resolve: add error message when resolving using SIGALRM [16]
|
||||
o cmake: add nghttp2 support [17]
|
||||
o dist: remove PDF and HTML converted docs from the releases [18]
|
||||
o configure: disable poll() in macOS builds [19]
|
||||
o vtls: only re-use session-ids using the same scheme
|
||||
o pipelining: skip to-be-closed connections when pipelining [20]
|
||||
o win: fix Universal Windows Platform build [21]
|
||||
o curl: do not set CURLOPT_SSLENGINE to DEFAULT automatically [22]
|
||||
o maketgz: make it support "only" generating version info
|
||||
o Curl_socket_check: add extra check to avoid integer overflow
|
||||
o gopher: properly return error for poll failures
|
||||
o curl: set INTERLEAVEDATA too
|
||||
o polarssl: clear thread array at init
|
||||
o polarssl: fix unaligned SSL session-id lock
|
||||
o polarssl: reduce #ifdef madness with a macro
|
||||
o curl_multi_add_handle: set timeouts in closure handles [23]
|
||||
o configure: set min version flags for builds on mac [24]
|
||||
o INSTALL: converted to markdown => INSTALL.md
|
||||
o curl_multi_remove_handle: fix a double-free [25]
|
||||
o multi: fix inifinte loop in curl_multi_cleanup() [26]
|
||||
o nss: fix tight loop in non-blocking TLS handhsake over proxy [27]
|
||||
o mk-ca-bundle: Change URL retrieval to HTTPS-only by default [39]
|
||||
o mbedtls: stop using deprecated include file [40]
|
||||
o docs: fix req->data in multi-uv example [41]
|
||||
o configure: Fix test syntax for monotonic clock_gettime
|
||||
o CURLMOPT_MAX_PIPELINE_LENGTH.3: Clarify it's not for HTTP/2 [42]
|
||||
|
||||
o
|
||||
|
||||
This release includes the following known bugs:
|
||||
|
||||
o see docs/KNOWN_BUGS (https://curl.haxx.se/docs/knownbugs.html)
|
||||
|
@ -81,61 +21,9 @@ This release includes the following known bugs:
|
|||
This release would not have looked like this without help, code, reports and
|
||||
advice from friends like these:
|
||||
|
||||
Akshay Vernekar, Alexander Sinditskiy, Anders Bakken, Andreas Streichardt,
|
||||
Andrei Sedoi, Bernard Spil, Christian Heimes, Dan Fandrich,
|
||||
Daniel Gustafsson, Daniel Stenberg, Darío Hereñú, David Woodhouse,
|
||||
Fernando Muñoz, Gregory Szorc, Jeroen Ooms, Kamil Dudka, Luật Nguyễn,
|
||||
lukaszgn on github, Marcel Raad, Martin Frodl, Martin Storsjö,
|
||||
Michael Kaufmann, Michael Osipov, Miloš Ljumović, Nick Zitzmann,
|
||||
nopjmp on github, Paul Joyce, Rainer Müller, Ray Satiro, Remo E,
|
||||
Rider Linden, Sebastian Mundry, Sergei Kuzmin, Stephen Brokenshire,
|
||||
Tobias Stoeckmann, Toby Peterson, Todd Short, Tony Kelman, Torben Dannhauer,
|
||||
Valentin David,
|
||||
(40 contributors)
|
||||
|
||||
Thanks! (and sorry if I forgot to mention someone)
|
||||
|
||||
References to bug reports and discussions on issues:
|
||||
|
||||
[1] = https://curl.haxx.se/bug/?i=964
|
||||
[2] = https://curl.haxx.se/bug/?i=1013
|
||||
[3] = https://curl.haxx.se/bug/?i=1019
|
||||
[4] = https://curl.haxx.se/bug/?i=1011
|
||||
[5] = https://curl.haxx.se/mail/lib-2016-09/0045.html
|
||||
[6] = https://curl.haxx.se/bug/?i=1029
|
||||
[7] = https://curl.haxx.se/bug/?i=1017
|
||||
[8] = https://curl.haxx.se/bug/?i=997
|
||||
[9] = https://curl.haxx.se/bug/?i=1031
|
||||
[10] = https://curl.haxx.se/libcurl/c/CURLOPT_KEEP_SENDING_ON_ERROR.html
|
||||
[11] = https://curl.haxx.se/bug/?i=1050
|
||||
[12] = https://curl.haxx.se/bug/?i=1053
|
||||
[13] = https://curl.haxx.se/bug/?i=1056
|
||||
[14] = https://curl.haxx.se/bug/?i=1052
|
||||
[15] = https://curl.haxx.se/bug/?i=1049
|
||||
[16] = https://curl.haxx.se/bug/?i=1066
|
||||
[17] = https://curl.haxx.se/bug/?i=922
|
||||
[18] = https://curl.haxx.se/mail/lib-2016-10/0040.html
|
||||
[19] = https://curl.haxx.se/bug/?i=1057
|
||||
[20] = https://curl.haxx.se/bug/?i=1075
|
||||
[21] = https://curl.haxx.se/bug/?i=1048
|
||||
[22] = https://curl.haxx.se/bug/?i=1042
|
||||
[23] = https://curl.haxx.se/bug/?i=739
|
||||
[24] = https://curl.haxx.se/bug/?i=1069
|
||||
[25] = https://curl.haxx.se/bug/?i=1083
|
||||
[26] = https://curl.haxx.se/mail/lib-2016-10/0011.html
|
||||
[27] = https://bugzilla.redhat.com/1388162
|
||||
[28] = https://curl.haxx.se/docs/adv_20161102A.html
|
||||
[29] = https://curl.haxx.se/docs/adv_20161102B.html
|
||||
[30] = https://curl.haxx.se/docs/adv_20161102C.html
|
||||
[31] = https://curl.haxx.se/docs/adv_20161102D.html
|
||||
[32] = https://curl.haxx.se/docs/adv_20161102E.html
|
||||
[33] = https://curl.haxx.se/docs/adv_20161102F.html
|
||||
[34] = https://curl.haxx.se/docs/adv_20161102G.html
|
||||
[35] = https://curl.haxx.se/docs/adv_20161102H.html
|
||||
[36] = https://curl.haxx.se/docs/adv_20161102I.html
|
||||
[37] = https://curl.haxx.se/docs/adv_20161102J.html
|
||||
[38] = https://curl.haxx.se/docs/adv_20161102K.html
|
||||
[39] = https://curl.haxx.se/bug/?i=1012
|
||||
[40] = https://curl.haxx.se/bug/?i=1087
|
||||
[41] = https://curl.haxx.se/bug/?i=1088
|
||||
[42] = https://curl.haxx.se/bug/?i=1059
|
||||
[1] = https://curl.haxx.se/bug/?i=
|
||||
|
|
|
@ -30,13 +30,13 @@
|
|||
|
||||
/* This is the version number of the libcurl package from which this header
|
||||
file origins: */
|
||||
#define LIBCURL_VERSION "7.51.0-DEV"
|
||||
#define LIBCURL_VERSION "7.51.1-DEV"
|
||||
|
||||
/* The numeric version number is also available "in parts" by using these
|
||||
defines: */
|
||||
#define LIBCURL_VERSION_MAJOR 7
|
||||
#define LIBCURL_VERSION_MINOR 51
|
||||
#define LIBCURL_VERSION_PATCH 0
|
||||
#define LIBCURL_VERSION_PATCH 1
|
||||
|
||||
/* This is the numeric version of the libcurl version number, meant for easier
|
||||
parsing and comparions by programs. The LIBCURL_VERSION_NUM define will
|
||||
|
@ -57,7 +57,7 @@
|
|||
CURL_VERSION_BITS() macro since curl's own configure script greps for it
|
||||
and needs it to contain the full number.
|
||||
*/
|
||||
#define LIBCURL_VERSION_NUM 0x073300
|
||||
#define LIBCURL_VERSION_NUM 0x073301
|
||||
|
||||
/*
|
||||
* This is the date and time when the full source package was created. The
|
||||
|
|
Loading…
Reference in New Issue