Download
Browse source Changelog
Documentation
Project   Help us   Known bugs   TODO Protocols   CA bundle   HTTP Cookies   HTTP/2   SSL Certs Releases   Security   Version numbers   Vulnerabilities curl tool   man page   Tutorial   HTTP scripting Who and Why
libcurl
ABI API Competitors Examples Features Mailing list Related libs Using libcurl Tutorial Testimonials
Get Help
curl-library curl-users curl-announce curl-commits Book: Everything curl Report a bug Mail Etiquette
Development
Autobuilds Code Style Contribute Internals Release Notes Release Procedure Roadmap Run Tests Security Specifications Test curl
News
Changelog Release table
curl / Mailing Lists / curl-library / Single Mail

curl-library

Re: [RELEASE] curl 7.57.0

From: Michael Felt <michael_at_felt.demon.nl>
Date: Wed, 29 Nov 2017 20:36:03 +0100

I got some initial issues resolved (see
https://github.com/curl/curl/issues/2124) and now, in 32-bit mode:

Warning: dict server unexpectedly alive
TESTDONE: 883 tests out of 885 reported OK: 99%
TESTFAIL: These test cases failed: 1013 1140
TESTDONE: 1164 tests were considered

After the 64-bit build will have, finally, a new release available.

On 11/29/2017 10:33 AM, Daniel Stenberg wrote:
> Hi friends!
>
> I'm glad to once again present a brand new curl release. This time we
> introduce a few changes and three security advisories. The latter will
> be detailed in separate mails sent out in assocation with this.
>
> As always, download the latest curl from https://curl.haxx.se/
>
> Curl and libcurl 7.57.0
>
>  Public curl releases:         171
>  Command line options:         211
>  curl_easy_setopt() options:   249
>  Public functions in libcurl:  74
>  Contributors:                 1649
>
> This release includes the following changes:
>
>  o auth: add support for RFC7616 - HTTP Digest access authentication [12]
>  o share: add support for sharing the connection cache [31]
>  o HTTP: implement Brotli content encoding [28]
>
> This release includes the following bugfixes:
>
>  o CVE-2017-8816: NTLM buffer overflow via integer overflow [47]
>  o CVE-2017-8817: FTP wildcard out of bounds read [48]
>  o CVE-2017-8818: SSL out of buffer access [49]
>  o curl_mime_filedata.3: fix typos [1]
>  o libtest: Add required test libraries for lib1552 and lib1553 [2]
>  o fix time diffs for systems using unsigned time_t [3]
>  o ftplistparser: memory leak fix: free temporary memory always [4]
>  o multi: allow table handle sizes to be overridden [5]
>  o wildcards: don't use with non-supported protocols [6]
>  o curl_fnmatch: return error on illegal wildcard pattern [7]
>  o transfer: Fix chunked-encoding upload too early exit [8]
>  o curl_setup: Improve detection of CURL_WINDOWS_APP [9]
>  o resolvers: only include anything if needed [10]
>  o setopt: fix CURLOPT_SSH_AUTH_TYPES option read
>  o appveyor: add a win32 build
>  o Curl_timeleft: change return type to timediff_t [11]
>  o cmake: Export libcurl and curl targets to use by other cmake
> projects [13]
>  o curl: in -F option arg, comma is a delimiter for files only [14]
>  o curl: improved ";type=" handling in -F option arguments
>  o timeval: use mach_absolute_time() on MacOS [15]
>  o curlx: the timeval functions are no longer provided as curlx_* [16]
>  o mkhelp.pl: do not generate comment with current date [17]
>  o memdebug: use send/recv signature for curl_dosend/curl_dorecv [18]
>  o cookie: avoid NULL dereference [19]
>  o url: fix CURLOPT_POSTFIELDSIZE arg value check to allow -1 [20]
>  o include: remove conncache.h inclusion from where its not needed
>  o CURLOPT_MAXREDIRS: allow -1 as a value [21]
>  o tests: Fixed torture tests on tests 556 and 650
>  o http2: Fixed OOM handling in upgrade request
>  o url: fix CURLOPT_DNS_CACHE_TIMEOUT arg value check to allow -1
>  o CURLOPT_INFILESIZE: accept -1 [22]
>  o curl: pass through [] in URLs instead of calling globbing error [23]
>  o curl: speed up handling of many URLs [24]
>  o ntlm: avoid malloc(0) for zero length passwords [25]
>  o url: remove faulty arg value check from CURLOPT_SSH_AUTH_TYPES [26]
>  o HTTP: support multiple Content-Encodings [27]
>  o travis: add a job with brotli enabled
>  o url: remove unncessary NULL-check
>  o fnmatch: remove dead code
>  o connect: store IPv6 connection status after valid connection [29]
>  o imap: deal with commands case insensitively [30]
>  o --interface: add support for Linux VRF [32]
>  o content_encoding: fix inflate_stream for no bytes available [33]
>  o cmake: Correctly include curl.rc in Windows builds [34]
>  o cmake: Add missing setmode check [35]
>  o connect.c: remove executable bit on file [36]
>  o SMB: fix uninitialized local variable
>  o zlib/brotli: only include header files in modules needing them [37]
>  o URL: return error on malformed URLs with junk after IPv6 bracket [38]
>  o openssl: fix too broad use of HAVE_OPAQUE_EVP_PKEY [39]
>  o macOS: Fix missing connectx function with Xcode version older than
> 9.0 [40]
>  o --resolve: allow IP address within [] brackets [41]
>  o examples/curlx: Fix code style [42]
>  o ntlm: remove unnecessary NULL-check to please scan-build [43]
>  o Curl_llist_remove: fix potential NULL pointer deref [43]
>  o mime: fix "Value stored to 'sz' is never read" scan-build error [43]
>  o openssl: fix "Value stored to 'rc' is never read" scan-build error
> [43]
>  o http2: fix "Value stored to 'hdbuf' is never read" scan-build error
> [43]
>  o http2: fix "Value stored to 'end' is never read" scan-build error [43]
>  o Curl_open: fix OOM return error correctly [43]
>  o url: reject ASCII control characters and space in host names [44]
>  o examples/rtsp: clear RANGE again after use [45]
>  o connect: improve the bind error message [46]
>  o make: fix "make distclean" [50]
>  o connect: add support for new TCP Fast Open API on Linux [51]
>  o metalink: fix memory-leak and NULL pointer dereference [52]
>  o URL: update "file:" URL handling [53]
>  o ssh: remove check for a NULL pointer [54]
>  o global_init: ignore CURL_GLOBAL_SSL's absense [55]
>
> This release includes the following known bugs:
>
>  o see docs/KNOWN_BUGS (https://curl.haxx.se/docs/knownbugs.html)
>
> This release would not have looked like this without help, code,
> reports and
> advice from friends like these:
>
>   Alessandro Ghedini, Alex Malinovich, Alex Nichols, Alfonso Martone,
>   Andrew Lambert, arainchik on github, Brian Carpenter, cbartl on github,
>   Dan Fandrich, Daniel Bankhead, Daniel Stenberg, Dirk Feytons,
>   Dmitri Tikhonov, Evgeny Grin, Gisle Vanem, hsiao yi, Jakub Zakrzewski,
>   John Starks, Juro Bystricky, Kamil Dudka, Luca Boccassi, Marcel Raad,
>   Martin Storsjö, Matthew Kerwin, Max Dymond, Michael Felt, Michael
> Kaufmann,
>   moohoorama on github, omau on github, Orgad Shaneh, Patrick Monnerat,
>   Paul Howarth, Pavel Gushchin, Pavol Markovic, Per Lundberg, Peter
> Piekarski,
>   Petr Voytsik, Ray Satiro, Rob Cotrone, Viktor Szakáts, youngchopin
> on github,
>   (41 contributors)
>
>         Thanks! (and sorry if I forgot to mention someone)
>
> References to bug reports and discussions on issues:
>
>  [1] = https://curl.haxx.se/bug/?i=2008
>  [2] = https://curl.haxx.se/bug/?i=2006
>  [3] = https://curl.haxx.se/bug/?i=2004
>  [4] = https://curl.haxx.se/bug/?i=2013
>  [5] = https://curl.haxx.se/bug/?i=1982
>  [6] = https://curl.haxx.se/bug/?i=2016
>  [7] = https://curl.haxx.se/bug/?i=2015
>  [8] = https://curl.haxx.se/bug/?i=2001
>  [9] = https://curl.haxx.se/bug/?i=2025
>  [10] = https://curl.haxx.se/bug/?i=2023
>  [11] = https://curl.haxx.se/bug/?i=2021
>  [12] = https://curl.haxx.se/bug/?i=1934
>  [13] = https://curl.haxx.se/bug/?i=1879
>  [14] = https://curl.haxx.se/bug/?i=2022
>  [15] = https://curl.haxx.se/bug/?i=2033
>  [16] = https://curl.haxx.se/bug/?i=2034
>  [17] = https://curl.haxx.se/bug/?i=2026
>  [18] = https://curl.haxx.se/bug/?i=2031
>  [19] = https://curl.haxx.se/bug/?i=2032
>  [20] = https://curl.haxx.se/mail/lib-2017-11/0000.html
>  [21] = https://curl.haxx.se/bug/?i=2038
>  [22] = https://curl.haxx.se/bug/?i=2047
>  [23] = https://curl.haxx.se/bug/?i=2044
>  [24] = https://curl.haxx.se/bug/?i=1959
>  [25] = https://curl.haxx.se/bug/?i=2054
>  [26] =
> https://github.com/curl/curl/commit/f121575#commitcomment-25347120
>  [27] = https://curl.haxx.se/bug/?i=2002
>  [28] = https://curl.haxx.se/bug/?i=2045
>  [29] = https://curl.haxx.se/bug/?i=2053
>  [30] = https://curl.haxx.se/bug/?i=2061
>  [31] = https://curl.haxx.se/bug/?i=2043
>  [32] = https://curl.haxx.se/bug/?i=2024
>  [33] = https://curl.haxx.se/bug/?i=2060
>  [34] = https://curl.haxx.se/bug/?i=2064
>  [35] = https://curl.haxx.se/bug/?i=2067
>  [36] = https://curl.haxx.se/bug/?i=2071
>  [37] = https://curl.haxx.se/mail/lib-2017-11/0032.html
>  [38] = https://curl.haxx.se/bug/?i=2072
>  [39] = https://curl.haxx.se/bug/?i=2079
>  [40] = https://curl.haxx.se/bug/?i=2080
>  [41] = https://curl.haxx.se/bug/?i=2087
>  [42] = https://curl.haxx.se/bug/?i=2096
>  [43] = https://curl.haxx.se/bug/?i=2098
>  [44] = https://curl.haxx.se/bug/?i=2073
>  [45] = https://curl.haxx.se/bug/?i=2106
>  [46] = https://curl.haxx.se/bug/?i=2104
>  [47] = https://curl.haxx.se/docs/adv_2017-11e7.html
>  [48] = https://curl.haxx.se/docs/adv_2017-ae72.html
>  [49] = https://curl.haxx.se/docs/adv_2017-af0a.html
>  [50] = https://curl.haxx.se/bug/?i=2097
>  [51] = https://curl.haxx.se/bug/?i=2056
>  [52] = https://curl.haxx.se/bug/?i=2109
>  [53] = https://curl.haxx.se/bug/?i=2110
>  [54] = https://curl.haxx.se/bug/?i=2111
>  [55] = https://curl.haxx.se/bug/?i=2083
>
>
>
> -------------------------------------------------------------------
> Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
> Etiquette: https://curl.haxx.se/mail/etiquette.html

-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2017-11-29