| Curl and libcurl 7.57.0 |
| |
| Public curl releases: 171 |
| Command line options: 211 |
| curl_easy_setopt() options: 249 |
| Public functions in libcurl: 74 |
| Contributors: 1649 |
| |
| This release includes the following changes: |
| |
| o auth: add support for RFC7616 - HTTP Digest access authentication [12] |
| o share: add support for sharing the connection cache [31] |
| o HTTP: implement Brotli content encoding [28] |
| |
| This release includes the following bugfixes: |
| |
| o CVE-2017-8816: NTLM buffer overflow via integer overflow [47] |
| o CVE-2017-8817: FTP wildcard out of bounds read [48] |
| o CVE-2017-8818: SSL out of buffer access [49] |
| o curl_mime_filedata.3: fix typos [1] |
| o libtest: Add required test libraries for lib1552 and lib1553 [2] |
| o fix time diffs for systems using unsigned time_t [3] |
| o ftplistparser: memory leak fix: free temporary memory always [4] |
| o multi: allow table handle sizes to be overridden [5] |
| o wildcards: don't use with non-supported protocols [6] |
| o curl_fnmatch: return error on illegal wildcard pattern [7] |
| o transfer: Fix chunked-encoding upload too early exit [8] |
| o curl_setup: Improve detection of CURL_WINDOWS_APP [9] |
| o resolvers: only include anything if needed [10] |
| o setopt: fix CURLOPT_SSH_AUTH_TYPES option read |
| o appveyor: add a win32 build |
| o Curl_timeleft: change return type to timediff_t [11] |
| o cmake: Export libcurl and curl targets to use by other cmake projects [13] |
| o curl: in -F option arg, comma is a delimiter for files only [14] |
| o curl: improved ";type=" handling in -F option arguments |
| o timeval: use mach_absolute_time() on MacOS [15] |
| o curlx: the timeval functions are no longer provided as curlx_* [16] |
| o mkhelp.pl: do not generate comment with current date [17] |
| o memdebug: use send/recv signature for curl_dosend/curl_dorecv [18] |
| o cookie: avoid NULL dereference [19] |
| o url: fix CURLOPT_POSTFIELDSIZE arg value check to allow -1 [20] |
| o include: remove conncache.h inclusion from where its not needed |
| o CURLOPT_MAXREDIRS: allow -1 as a value [21] |
| o tests: Fixed torture tests on tests 556 and 650 |
| o http2: Fixed OOM handling in upgrade request |
| o url: fix CURLOPT_DNS_CACHE_TIMEOUT arg value check to allow -1 |
| o CURLOPT_INFILESIZE: accept -1 [22] |
| o curl: pass through [] in URLs instead of calling globbing error [23] |
| o curl: speed up handling of many URLs [24] |
| o ntlm: avoid malloc(0) for zero length passwords [25] |
| o url: remove faulty arg value check from CURLOPT_SSH_AUTH_TYPES [26] |
| o HTTP: support multiple Content-Encodings [27] |
| o travis: add a job with brotli enabled |
| o url: remove unncessary NULL-check |
| o fnmatch: remove dead code |
| o connect: store IPv6 connection status after valid connection [29] |
| o imap: deal with commands case insensitively [30] |
| o --interface: add support for Linux VRF [32] |
| o content_encoding: fix inflate_stream for no bytes available [33] |
| o cmake: Correctly include curl.rc in Windows builds [34] |
| o cmake: Add missing setmode check [35] |
| o connect.c: remove executable bit on file [36] |
| o SMB: fix uninitialized local variable |
| o zlib/brotli: only include header files in modules needing them [37] |
| o URL: return error on malformed URLs with junk after IPv6 bracket [38] |
| o openssl: fix too broad use of HAVE_OPAQUE_EVP_PKEY [39] |
| o macOS: Fix missing connectx function with Xcode version older than 9.0 [40] |
| o --resolve: allow IP address within [] brackets [41] |
| o examples/curlx: Fix code style [42] |
| o ntlm: remove unnecessary NULL-check to please scan-build [43] |
| o Curl_llist_remove: fix potential NULL pointer deref [43] |
| o mime: fix "Value stored to 'sz' is never read" scan-build error [43] |
| o openssl: fix "Value stored to 'rc' is never read" scan-build error [43] |
| o http2: fix "Value stored to 'hdbuf' is never read" scan-build error [43] |
| o http2: fix "Value stored to 'end' is never read" scan-build error [43] |
| o Curl_open: fix OOM return error correctly [43] |
| o url: reject ASCII control characters and space in host names [44] |
| o examples/rtsp: clear RANGE again after use [45] |
| o connect: improve the bind error message [46] |
| o make: fix "make distclean" [50] |
| o connect: add support for new TCP Fast Open API on Linux [51] |
| o metalink: fix memory-leak and NULL pointer dereference [52] |
| o URL: update "file:" URL handling [53] |
| o ssh: remove check for a NULL pointer [54] |
| o global_init: ignore CURL_GLOBAL_SSL's absense [55] |
| |
| This release includes the following known bugs: |
| |
| o see docs/KNOWN_BUGS (https://curl.haxx.se/docs/knownbugs.html) |
| |
| This release would not have looked like this without help, code, reports and |
| advice from friends like these: |
| |
| Alessandro Ghedini, Alex Malinovich, Alex Nichols, Alfonso Martone, |
| Andrew Lambert, arainchik on github, Brian Carpenter, cbartl on github, |
| Dan Fandrich, Daniel Bankhead, Daniel Stenberg, Dirk Feytons, |
| Dmitri Tikhonov, Evgeny Grin, Gisle Vanem, hsiao yi, Jakub Zakrzewski, |
| John Starks, Juro Bystricky, Kamil Dudka, Luca Boccassi, Marcel Raad, |
| Martin Storsjö, Matthew Kerwin, Max Dymond, Michael Felt, Michael Kaufmann, |
| moohoorama on github, omau on github, Orgad Shaneh, Patrick Monnerat, |
| Paul Howarth, Pavel Gushchin, Pavol Markovic, Per Lundberg, Peter Piekarski, |
| Petr Voytsik, Ray Satiro, Rob Cotrone, Viktor Szakáts, youngchopin on github, |
| (41 contributors) |
| |
| Thanks! (and sorry if I forgot to mention someone) |
| |
| References to bug reports and discussions on issues: |
| |
| [1] = https://curl.haxx.se/bug/?i=2008 |
| [2] = https://curl.haxx.se/bug/?i=2006 |
| [3] = https://curl.haxx.se/bug/?i=2004 |
| [4] = https://curl.haxx.se/bug/?i=2013 |
| [5] = https://curl.haxx.se/bug/?i=1982 |
| [6] = https://curl.haxx.se/bug/?i=2016 |
| [7] = https://curl.haxx.se/bug/?i=2015 |
| [8] = https://curl.haxx.se/bug/?i=2001 |
| [9] = https://curl.haxx.se/bug/?i=2025 |
| [10] = https://curl.haxx.se/bug/?i=2023 |
| [11] = https://curl.haxx.se/bug/?i=2021 |
| [12] = https://curl.haxx.se/bug/?i=1934 |
| [13] = https://curl.haxx.se/bug/?i=1879 |
| [14] = https://curl.haxx.se/bug/?i=2022 |
| [15] = https://curl.haxx.se/bug/?i=2033 |
| [16] = https://curl.haxx.se/bug/?i=2034 |
| [17] = https://curl.haxx.se/bug/?i=2026 |
| [18] = https://curl.haxx.se/bug/?i=2031 |
| [19] = https://curl.haxx.se/bug/?i=2032 |
| [20] = https://curl.haxx.se/mail/lib-2017-11/0000.html |
| [21] = https://curl.haxx.se/bug/?i=2038 |
| [22] = https://curl.haxx.se/bug/?i=2047 |
| [23] = https://curl.haxx.se/bug/?i=2044 |
| [24] = https://curl.haxx.se/bug/?i=1959 |
| [25] = https://curl.haxx.se/bug/?i=2054 |
| [26] = https://github.com/curl/curl/commit/f121575#commitcomment-25347120 |
| [27] = https://curl.haxx.se/bug/?i=2002 |
| [28] = https://curl.haxx.se/bug/?i=2045 |
| [29] = https://curl.haxx.se/bug/?i=2053 |
| [30] = https://curl.haxx.se/bug/?i=2061 |
| [31] = https://curl.haxx.se/bug/?i=2043 |
| [32] = https://curl.haxx.se/bug/?i=2024 |
| [33] = https://curl.haxx.se/bug/?i=2060 |
| [34] = https://curl.haxx.se/bug/?i=2064 |
| [35] = https://curl.haxx.se/bug/?i=2067 |
| [36] = https://curl.haxx.se/bug/?i=2071 |
| [37] = https://curl.haxx.se/mail/lib-2017-11/0032.html |
| [38] = https://curl.haxx.se/bug/?i=2072 |
| [39] = https://curl.haxx.se/bug/?i=2079 |
| [40] = https://curl.haxx.se/bug/?i=2080 |
| [41] = https://curl.haxx.se/bug/?i=2087 |
| [42] = https://curl.haxx.se/bug/?i=2096 |
| [43] = https://curl.haxx.se/bug/?i=2098 |
| [44] = https://curl.haxx.se/bug/?i=2073 |
| [45] = https://curl.haxx.se/bug/?i=2106 |
| [46] = https://curl.haxx.se/bug/?i=2104 |
| [47] = https://curl.haxx.se/docs/adv_2017-11e7.html |
| [48] = https://curl.haxx.se/docs/adv_2017-ae72.html |
| [49] = https://curl.haxx.se/docs/adv_2017-af0a.html |
| [50] = https://curl.haxx.se/bug/?i=2097 |
| [51] = https://curl.haxx.se/bug/?i=2056 |
| [52] = https://curl.haxx.se/bug/?i=2109 |
| [53] = https://curl.haxx.se/bug/?i=2110 |
| [54] = https://curl.haxx.se/bug/?i=2111 |
| [55] = https://curl.haxx.se/bug/?i=2083 |