mirror of
https://github.com/moparisthebest/curl
synced 2024-12-23 08:38:49 -05:00
RELEASE-NOTES: synced
This commit is contained in:
parent
906bb64ac9
commit
7fb33ee871
281
RELEASE-NOTES
281
RELEASE-NOTES
@ -1,6 +1,6 @@
|
||||
curl and libcurl 7.71.0
|
||||
curl and libcurl 7.71.1
|
||||
|
||||
Public curl releases: 192
|
||||
Public curl releases: 193
|
||||
Command line options: 232
|
||||
curl_easy_setopt() options: 277
|
||||
Public functions in libcurl: 82
|
||||
@ -8,149 +8,11 @@ curl and libcurl 7.71.0
|
||||
|
||||
This release includes the following changes:
|
||||
|
||||
o CURLOPT_SSL_OPTIONS: optional use of Windows' CA store (with openssl) [10]
|
||||
o setopt: add CURLOPT_PROXY_ISSUERCERT(_BLOB) for coherency [31]
|
||||
o setopt: support certificate options in memory with struct curl_blob [41]
|
||||
o tool: Add option --retry-all-errors to retry on any error [27]
|
||||
o
|
||||
|
||||
This release includes the following bugfixes:
|
||||
|
||||
o CVE-2020-8177: curl overwrite local file with -J [111]
|
||||
o CVE-2020-8169: Partial password leak over DNS on HTTP redirect [48]
|
||||
o *_sspi: fix bad uses of CURLE_NOT_BUILT_IN [21]
|
||||
o all: fix codespell errors [75]
|
||||
o altsvc: bump to h3-29 [114]
|
||||
o altsvc: fix 'dsthost' may be used uninitialized in this function
|
||||
o altsvc: fix parser for lines ending with CRLF [74]
|
||||
o altsvc: remove the num field from the altsvc struct [109]
|
||||
o appveyor: add non-debug plain autotools-based build [90]
|
||||
o appveyor: disable flaky test 1501 and ignore broken 1056
|
||||
o appveyor: disable test 1139 instead of ignoring it
|
||||
o asyn-*: remove support for never-used NULL entry pointers [19]
|
||||
o azure: use matrix strategy to avoid configuration redundancy [83]
|
||||
o build: disable more code/data when built without proxy support [84]
|
||||
o buildconf: remove -print from the find command that removes files
|
||||
o checksrc: enhance the ASTERISKSPACE and update code accordingly [52]
|
||||
o CI/macos: fix 'is already installed' errors by using bundle [94]
|
||||
o cirrus: disable SFTP and SCP tests [7]
|
||||
o CMake: add ENABLE_ALT_SVC option
|
||||
o CMake: add HTTP/3 support (ngtcp2+nghttp3, quiche) [34]
|
||||
o CMake: add libssh build support [37]
|
||||
o CMake: do not build test programs by default [30]
|
||||
o CMake: fix runtests.pl with CMake, add new test targets [29]
|
||||
o CMake: ignore INTERFACE_LIBRARY targets for pkg-config file [112]
|
||||
o CMake: rebuild Makefile.inc.cmake when Makefile.inc changes [58]
|
||||
o CODE_REVIEW.md: how to do code reviews in curl [108]
|
||||
o configure: fix pthread check with static boringssl
|
||||
o configure: for wolfSSL, check for the DES func needed for NTLM
|
||||
o configure: only strip first -L from LDFLAGS [89]
|
||||
o configure: repair the check if argv can be written to [47]
|
||||
o configure: the wolfssh backend does not provide SCP [57]
|
||||
o connect: improve happy eyeballs handling [118]
|
||||
o connect: make happy eyeballs work for QUIC (again) [16]
|
||||
o curl.1: Quote globbed URLs [51]
|
||||
o curl: remove -J "informational" written on stdout [36]
|
||||
o Curl_addrinfo: use one malloc instead of three [97]
|
||||
o CURLINFO_ACTIVESOCKET.3: clarify the description [87]
|
||||
o doc: add missing closing parenthesis in CURLINFO_SSL_VERIFYRESULT.3 [5]
|
||||
o doc: Rename VERSIONS to VERSIONS.md as it already has Markdown syntax [20]
|
||||
o docs/HTTP3: add qlog to the quiche build instruction
|
||||
o docs/options-in-versions: which version added each cmdline option [53]
|
||||
o docs: unify protocol lists [54]
|
||||
o dynbuf: introduce internal generic dynamic buffer functions [17]
|
||||
o easy: fix dangling pointer on easy_perform fail [26]
|
||||
o examples/ephiperfifo: turn off interval when setting timerfd [79]
|
||||
o examples/http2-down/upload: add error checks [78]
|
||||
o examples: remove asiohiper.cpp [4]
|
||||
o FILEFORMAT: add more features that tests can depend on
|
||||
o FILEFORMAT: describe verify/stderr
|
||||
o ftp: make domore_getsock() return the secondary socket properly
|
||||
o ftp: mark return-ignoring calls to Curl_GetFTPResponse with (void) [64]
|
||||
o ftp: shut down the secondary connection properly when SSL is used [43]
|
||||
o GnuTLS: Backend support for CURLINFO_SSL_VERIFYRESULT [9]
|
||||
o hostip: make Curl_printable_address not return anything [63]
|
||||
o hostip: on macOS avoid DoH when given a numerical IP address [69]
|
||||
o http2: keep trying to send pending frames after req.upload_done [40]
|
||||
o http2: simplify and clean up trailer handling [6]
|
||||
o HTTP3.md: clarify cargo build directory [77]
|
||||
o http: move header storage to Curl_easy from connectdata [107]
|
||||
o libcurl.pc: Merge Libs.private into Libs for static-only builds [28]
|
||||
o libssh2: improved error output for wrong quote syntax [39]
|
||||
o libssh2: keep sftp errors as 'unsigned long' [103]
|
||||
o libssh2: set the expected total size in SCP upload init [2]
|
||||
o libtest/cmake: Remove commented code [13]
|
||||
o list-only.d: this option existed already in 4.0
|
||||
o manpage: add three missing environment variables [121]
|
||||
o multi: add defensive check on data->multi->num_alive [96]
|
||||
o multi: implement wait using winsock events [120]
|
||||
o ngtcp2: cleanup memory when failing to connect [70]
|
||||
o ngtcp2: fix build with current ngtcp2 master implementing draft 28 [76]
|
||||
o ngtcp2: fix happy eyeballs quic connect crash [118]
|
||||
o ngtcp2: introduce qlog support [23]
|
||||
o ngtcp2: never call fprintf() in lib code in release version
|
||||
o ngtcp2: update with recent API changes [100]
|
||||
o ntlm: enable NTLM support with wolfSSL [81]
|
||||
o OpenSSL: have CURLOPT_CRLFILE imply CURLSSLOPT_NO_PARTIALCHAIN [55]
|
||||
o openssl: set FLAG_TRUSTED_FIRST unconditionally [105]
|
||||
o projects: Add crypt32.lib to dependencies for all OpenSSL configs [93]
|
||||
o quiche: clean up memory properly when failing to connect [71]
|
||||
o quiche: enable qlog output [14]
|
||||
o quiche: update SSLKEYLOGFILE support [98]
|
||||
o Revert "buildconf: use find -execdir" [38]
|
||||
o Revert "ssh: ignore timeouts during disconnect" [67]
|
||||
o runtests: remove sleep calls [18]
|
||||
o runtests: show elapsed test time with higher precision (ms)
|
||||
o select: always use Sleep in Curl_wait_ms on Win32 [82]
|
||||
o select: fix overflow protection in Curl_socket_check [22]
|
||||
o sendf: make failf() use the mvsnprintf() return code [62]
|
||||
o server/sws: fix asan warning on use of uninitialized variable
|
||||
o server/util: fix logmsg format using curl_off_t argument [106]
|
||||
o sha256: fixed potentially uninitialized variable [61]
|
||||
o share: don't set the share flag it something fails [116]
|
||||
o sockfilt: make select_ws stop waiting on exit signal event
|
||||
o socks: detect connection close during handshake [95]
|
||||
o socks: fix expected length of SOCKS5 reply [68]
|
||||
o socks: remove unreachable breaks in socks.c and mime.c [101]
|
||||
o source cleanup: remove all custom typedef structs [42]
|
||||
o test1167: fixes in badsymbols.pl [73]
|
||||
o test1177: look for curl.h in source directory [1]
|
||||
o test1238: avoid tftpd being busy for tests shortly following [33]
|
||||
o test613.pl: make tests 613 and 614 work with OpenSSH for Windows [8]
|
||||
o test75: Remove precheck test
|
||||
o tests: add https-proxy support to the test suite [49]
|
||||
o tests: add support for SSH server variant specific transfer paths [24]
|
||||
o tests: add two simple tests for --login-options [99]
|
||||
o tests: make test 1248 + 1249 use %NOLISTENPORT [3]
|
||||
o tests: pick a random port number for SSH [12]
|
||||
o tests: run stunnel for HTTPS and FTPS on dynamic ports [11]
|
||||
o timeouts: change millisecond timeouts to timediff_t from time_t [86]
|
||||
o timeouts: move ms timeouts to timediff_t from int and long [104]
|
||||
o tool: fixup a few --help descriptions [56]
|
||||
o tool: support UTF-16 command line on Windows [46]
|
||||
o tool_cfgable: free login_options at exit [102]
|
||||
o tool_getparam: fix memory leak in parse_args
|
||||
o tool_operate: fixed potentially uninitialized variables [60]
|
||||
o tool_paramhlp: fixed potentially uninitialized strtol() variable [59]
|
||||
o transfer: close connection after excess data has been read [66]
|
||||
o travis: add "qlog" as feature in the quiche build
|
||||
o travis: Add ngtcp2 and quiche tests for CMake
|
||||
o travis: upgrade to bionic, clang-9, improve readability [35]
|
||||
o typecheck-gcc.h: CURLINFO_PRIVATE does not need a 'char *' [44]
|
||||
o unit1604.c: fix implicit conv from 'SANITIZEcode' to 'CURLcode' [88]
|
||||
o url: accept "any length" credentials for proxy auth [72]
|
||||
o url: alloc the download buffer at transfer start [85]
|
||||
o url: reject too long input when parsing credentials [25]
|
||||
o url: sort the protocol schemes in rough popularity order [32]
|
||||
o urlapi: accept :: as a valid IPv6 address [15]
|
||||
o urldata: leave the HTTP method untouched in the set.* struct [45]
|
||||
o urlglob: treat literal IPv6 addresses with zone IDs as a host name [115]
|
||||
o user-agent.d: spell out what happens given a blank argument [80]
|
||||
o vauth/cleartext: fix theoretical integer overflow [50]
|
||||
o version.d: expanded and alpha-sorted [110]
|
||||
o vtls: Extract and simplify key log file handling from OpenSSL
|
||||
o wolfssl: add SSLKEYLOGFILE support [65]
|
||||
o wording: avoid blacklist/whitelist stereotypes [92]
|
||||
o write-out.d: added "response_code"
|
||||
o DYNBUF.md: fix a typo: trail => tail [2]
|
||||
|
||||
This release includes the following known bugs:
|
||||
|
||||
@ -159,140 +21,11 @@ This release includes the following known bugs:
|
||||
This release would not have looked like this without help, code, reports and
|
||||
advice from friends like these:
|
||||
|
||||
Adnan Khan, Alessandro Ghedini, Billyzou0741326 on github, Brian Carpenter,
|
||||
Cherish98 on github, Dan Fandrich, Daniel Gustafsson, Daniel Stenberg,
|
||||
Emil Engler, Estanislau Augé-Pujadas, François Rigault, Geeknik Labs,
|
||||
Gergely Nagy, Gilles Vollant, Gregory Jefferis, Hugo van Kemenade,
|
||||
huzunhao on github, James Fuller, James Le Cuirot, Jeroen Ooms, John Simpson,
|
||||
Kamil Dudka, Kane York, Lucas Pardue, Maksim Stsepanenka, Marcel Raad,
|
||||
Marc Hörsken, Martin V, Max Peal, Michael Kaufmann, Mohamed Osama,
|
||||
Murugan Balraj, Neal Poole, Nicolas Sterchele, Pavel Volgarev, Peter Wang,
|
||||
Peter Wu, puckipedia on github, Radoslav Georgiev, Ray Satiro, Rich Salz,
|
||||
Rikard Falkeborn, rl1987 on github, Ruurd Beerstra, Saleem Abdulrasool,
|
||||
Samuel Marks, Siva Sivaraman, sn on hackerone, Tatsuhiro Tsujikawa,
|
||||
therealhirudo on github, Thomas Bouzerar, Valentyn Korniienko,
|
||||
Viktor Szakats, Vyron Tsingaras, Werner Stolz, Will Roberts,
|
||||
zloi-user on github, Коваленко Анатолий Викторович, kotoriのねこ
|
||||
(59 contributors)
|
||||
Alexandre Pion, Daniel Stenberg, Denis Baručić,
|
||||
(3 contributors)
|
||||
|
||||
Thanks! (and sorry if I forgot to mention someone)
|
||||
|
||||
References to bug reports and discussions on issues:
|
||||
|
||||
[1] = https://curl.haxx.se/bug/?i=5310
|
||||
[2] = https://curl.haxx.se/mail/archive-2020-05/0000.html
|
||||
[3] = https://curl.haxx.se/bug/?i=5318
|
||||
[4] = https://curl.haxx.se/bug/?i=5090
|
||||
[5] = https://curl.haxx.se/bug/?i=5320
|
||||
[6] = https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22030
|
||||
[7] = https://curl.haxx.se/bug/?i=5315
|
||||
[8] = https://curl.haxx.se/bug/?i=5328
|
||||
[9] = https://curl.haxx.se/bug/?i=5287
|
||||
[10] = https://curl.haxx.se/bug/?i=4346
|
||||
[11] = https://curl.haxx.se/bug/?i=5267
|
||||
[12] = https://curl.haxx.se/bug/?i=5273
|
||||
[13] = https://curl.haxx.se/bug/?i=5311
|
||||
[14] = https://curl.haxx.se/bug/?i=5341
|
||||
[15] = https://curl.haxx.se/bug/?i=5344
|
||||
[16] = https://curl.haxx.se/bug/?i=5334
|
||||
[17] = https://curl.haxx.se/bug/?i=5300
|
||||
[18] = https://curl.haxx.se/bug/?i=5323
|
||||
[19] = https://curl.haxx.se/bug/?i=5324
|
||||
[20] = https://curl.haxx.se/bug/?i=5325
|
||||
[21] = https://curl.haxx.se/bug/?i=5355
|
||||
[22] = https://curl.haxx.se/bug/?i=5286
|
||||
[23] = https://curl.haxx.se/bug/?i=5353
|
||||
[24] = https://curl.haxx.se/bug/?i=5298
|
||||
[25] = https://curl.haxx.se/bug/?i=5383
|
||||
[26] = https://curl.haxx.se/bug/?i=5363
|
||||
[27] = https://curl.haxx.se/bug/?i=5185
|
||||
[28] = https://curl.haxx.se/bug/?i=5373
|
||||
[29] = https://curl.haxx.se/bug/?i=5358
|
||||
[30] = https://curl.haxx.se/bug/?i=5368
|
||||
[31] = https://curl.haxx.se/bug/?i=5431
|
||||
[32] = https://curl.haxx.se/bug/?i=5377
|
||||
[33] = https://curl.haxx.se/bug/?i=5364
|
||||
[34] = https://curl.haxx.se/bug/?i=5359
|
||||
[35] = https://curl.haxx.se/bug/?i=5370
|
||||
[36] = https://curl.haxx.se/mail/archive-2020-05/0044.html
|
||||
[37] = https://curl.haxx.se/bug/?i=5372
|
||||
[38] = https://curl.haxx.se/bug/?i=5483
|
||||
[39] = https://curl.haxx.se/bug/?i=5474
|
||||
[40] = https://curl.haxx.se/bug/?i=1410
|
||||
[41] = https://curl.haxx.se/bug/?i=5357
|
||||
[42] = https://curl.haxx.se/bug/?i=5338
|
||||
[43] = https://curl.haxx.se/bug/?i=5340
|
||||
[44] = https://curl.haxx.se/bug/?i=5432
|
||||
[45] = https://curl.haxx.se/bug/?i=5499
|
||||
[46] = https://curl.haxx.se/bug/?i=3784
|
||||
[47] = https://curl.haxx.se/bug/?i=5470
|
||||
[48] = https://curl.haxx.se/docs/CVE-2020-8169.html
|
||||
[49] = https://curl.haxx.se/bug/?i=5399
|
||||
[50] = https://curl.haxx.se/bug/?i=5391
|
||||
[51] = https://github.com/curl/curl/issues/5388
|
||||
[52] = https://curl.haxx.se/bug/?i=5386
|
||||
[53] = https://curl.haxx.se/bug/?i=5381
|
||||
[54] = https://curl.haxx.se/bug/?i=5384
|
||||
[55] = https://curl.haxx.se/bug/?i=5374
|
||||
[56] = https://curl.haxx.se/bug/?i=5379
|
||||
[57] = https://curl.haxx.se/bug/?i=5387
|
||||
[58] = https://curl.haxx.se/bug/?i=5469
|
||||
[59] = https://curl.haxx.se/bug/?i=5417
|
||||
[60] = https://curl.haxx.se/bug/?i=5416
|
||||
[61] = https://curl.haxx.se/bug/?i=5414
|
||||
[62] = https://curl.haxx.se/bug/?i=5413
|
||||
[63] = https://curl.haxx.se/bug/?i=5411
|
||||
[64] = https://curl.haxx.se/bug/?i=5412
|
||||
[65] = https://curl.haxx.se/bug/?i=5327
|
||||
[66] = https://curl.haxx.se/bug/?i=5440
|
||||
[67] = https://curl.haxx.se/mail/lib-2020-05/0068.html
|
||||
[68] = https://curl.haxx.se/bug/?i=5527
|
||||
[69] = https://curl.haxx.se/bug/?i=5454
|
||||
[70] = https://curl.haxx.se/bug/?i=5447
|
||||
[71] = https://curl.haxx.se/bug/?i=5450
|
||||
[72] = https://curl.haxx.se/bug/?i=5448
|
||||
[73] = https://curl.haxx.se/bug/?i=5442
|
||||
[74] = https://curl.haxx.se/bug/?i=5445
|
||||
[75] = https://curl.haxx.se/bug/?i=5452
|
||||
[76] = https://curl.haxx.se/bug/?i=5444
|
||||
[77] = https://curl.haxx.se/bug/?i=5522
|
||||
[78] = https://curl.haxx.se/bug/?i=5463
|
||||
[79] = https://curl.haxx.se/bug/?i=5485
|
||||
[80] = https://curl.haxx.se/bug/?i=5525
|
||||
[81] = https://curl.haxx.se/bug/?i=5548
|
||||
[82] = https://curl.haxx.se/bug/?i=5489
|
||||
[83] = https://curl.haxx.se/bug/?i=5468
|
||||
[84] = https://curl.haxx.se/bug/?i=5466
|
||||
[85] = https://curl.haxx.se/bug/?i=5472
|
||||
[86] = https://curl.haxx.se/bug/?i=5479
|
||||
[87] = https://curl.haxx.se/bug/?i=5299
|
||||
[88] = https://curl.haxx.se/bug/?i=5476
|
||||
[89] = https://curl.haxx.se/bug/?i=5519
|
||||
[90] = https://curl.haxx.se/bug/?i=5477
|
||||
[92] = https://curl.haxx.se/bug/?i=5546
|
||||
[93] = https://curl.haxx.se/bug/?i=5516
|
||||
[94] = https://curl.haxx.se/bug/?i=5513
|
||||
[95] = https://curl.haxx.se/bug/?i=5532
|
||||
[96] = https://curl.haxx.se/bug/?i=5540
|
||||
[97] = https://curl.haxx.se/bug/?i=5533
|
||||
[98] = https://curl.haxx.se/bug/?i=5541
|
||||
[99] = https://curl.haxx.se/bug/?i=5539
|
||||
[100] = https://curl.haxx.se/bug/?i=5538
|
||||
[101] = https://curl.haxx.se/bug/?i=5537
|
||||
[102] = https://curl.haxx.se/bug/?i=5535
|
||||
[103] = https://curl.haxx.se/bug/?i=5534
|
||||
[104] = https://curl.haxx.se/bug/?i=5490
|
||||
[105] = https://curl.haxx.se/bug/?i=5530
|
||||
[106] = https://curl.haxx.se/bug/?i=5529
|
||||
[107] = https://curl.haxx.se/bug/?i=5566
|
||||
[108] = https://curl.haxx.se/bug/?i=5555
|
||||
[109] = https://curl.haxx.se/bug/?i=5553
|
||||
[110] = https://curl.haxx.se/bug/?i=5558
|
||||
[111] = https://curl.haxx.se/docs/CVE-2020-8177.html
|
||||
[112] = https://curl.haxx.se/bug/?i=5512
|
||||
[114] = https://curl.haxx.se/bug/?i=5584
|
||||
[115] = https://curl.haxx.se/bug/?i=5576
|
||||
[116] = https://curl.haxx.se/bug/?i=5554
|
||||
[118] = https://curl.haxx.se/bug/?i=5565
|
||||
[120] = https://curl.haxx.se/bug/?i=5397
|
||||
[121] = https://curl.haxx.se/bug/?i=5571
|
||||
[2] = https://curl.haxx.se/bug/?i=5599
|
||||
|
Loading…
Reference in New Issue
Block a user