Opened 8 years ago

Closed 8 years ago

#7207 closed enhancement (fixed)

curl-7.46.0

Reported by: Fernando de Oliveira Owned by: Fernando de Oliveira
Priority: normal Milestone: 7.9
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

http://curl.haxx.se/download/curl-7.46.0.tar.lzma

http://curl.haxx.se/download/curl-7.46.0.tar.lzma.asc

http://curl.haxx.se/docs/vuln-7.46.0.html 

curl 7.46.0 - Single version vulnerability summary

curl version 7.46.0 was released on December 2 2015. The following 0
security problems are known to exist in this version.

Yay - there are no published security vulnerabilities for this version!

http://curl.haxx.se/mail/archive-2015-12/0004.html

or

http://curl.haxx.se/changes.html#7.46.0 

curl-users

RELEASE: curl and libcurl 7.46.0

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Wed, 2 Dec 2015 08:14:06 +0100 (CET)

Good day team!

I'm happy to announce the end of another eight week cycle with a new
release.  We call it 7.46.0 and it is our 150th release. 68 bug fixes,
18 of the 35 credited contributors are new. We also introduce a few new
things again. The full RELEASE-NOTES is of course below as usual.

This release includes the following changes:

  • configure: build silently by default
  • cookies: Add support for Publix Suffix List with libpsl
  • vtls: added support for mbedTLS [7]
  • Added CURLOPT_STREAM_DEPENDS [8]
  • Added CURLOPT_STREAM_DEPENDS_E [9]
  • Added CURLOPT_STREAM_WEIGHT [10]
  • Added CURLFORM_CONTENTLEN [14]
  • oauth2: Added support for OAUTHBEARER SASL mechanism to IMAP, POP3
    and SNMP

This release includes the following bugfixes:

  • des: Fix header conditional for Curl_des_set_odd_parity
  • ntlm: get rid of unconditional use of long long [1]
  • CURLOPT_CERTINFO.3: fix reference to CURLINFO_CERTINFO
  • docs: CURLINFO_LASTSOCKET => CURLINFO_ACTIVESOCKET [2]
  • http2: Fix http2_recv to return -1 if recv returned -1
  • curl_global_init_mem: set function pointers before doing init
  • ntlm: error out without 64bit support as the code needs it [1]
  • openssl: Fix set up of pkcs12 certificate verification chain
  • acinclude: remove PKGCONFIG override [3]
  • test1531: case the size to fix the test on non-largefile builds
  • fread_func: move callback pointer from set to state struct [4]
  • test1601: fix compilation with --enable-debug and
    --disable-crypto-auth
  • http2: Don't pass unitialized name+len pairs to
    nghttp2_submit_request [5]
  • curlbuild.h: Fix non-configure compiling to mips and sh4 targets
  • tool: Generate easysrc with last cache linked-list [6]
  • cmake: Fix for add_subdirectory(curl) use-case
  • vtls: fix compiler warning for TLS backends without sha256
  • build: fix for MSDOS/djgpp
  • checksrc: add crude // detection
  • http2: on_frame_recv: trust the conn/data input
  • ftp: allow CURLOPT_IGNORE_CONTENT_LENGTH to ignore size [11]
  • polarssl/mbedtls: fix name space pollution
  • build: Fix mingw ssl gdi32 order [12]
  • build: Fix support for PKG_CONFIG
  • MacOSX-Framework: sdk regex fix for sdk 10.10 and later
  • socks: Fix incorrect port numbers in failed connect messages
  • curl.1: -E: s/private certificate/client certificate
  • curl.h: s/HTTPPOST_/CURL_HTTPOST_ [13]
  • curl_formadd: support >2GB files on windows [14]
  • http redirects: %-encode bytes outside of ascii range [15]
  • rawstr: Speed up Curl_raw_toupper by 40%
  • curl_ntlm_core: fix 2 curl_off_t constant overflows.
  • getinfo: CURLINFO_ACTIVESOCKET: fix bad socket value
  • tftp tests: verify sent options too
  • imap: Don't call imap_atom() when no mailbox specified in LIST
    command
  • imap: Fixed double quote in LIST command when mailbox contains
    spaces
  • imap: Don't check for continuation when executing a CUSTOMREQUEST
    [16]
  • acinclude: Remove check for 16-bit curl_off_t
  • BoringSSL: Work with stricter BIO_get_mem_data() [17]
  • cmake: Add missing feature macros in config header [18]
  • sasl_sspi: fixed unicode build for digest authentication [19]
  • sasl_sspi: fix identity memory leak in digest authentication
  • unit1602: Fixed failure in torture test
  • unit1603: Added unit tests for hash functions
  • vtls/openssl: remove unused traces of yassl ifdefs
  • openssl: remove #ifdefs for < 0.9.7 support
  • typecheck-gcc.h: add some missing options
  • curl: mark two more options strings for --libcurl output
  • openssl: Free modules on cleanup [20]
  • CURLMOPT_PUSHFUNCTION.3: *_byname() returns only the first header
  • getconnectinfo: Don't call recv(2) if socket == -1
  • http2: http_done: don't free already-freed push headers
  • zsh completion: Preserve single quotes in output [21]
  • os400: Provide options for libssh2 use in compile scripts.
  • build: Fix theoretical infinite loops [22]
  • pop3: Differentiate between success and continuation responses
  • examples: Fixed compilation warnings
  • schannel: Use GetVersionEx() when VerifyVersionInfo() isn't
    available
  • CURLOPT_HEADERFUNCTION.3: fix typo
  • curl: expanded the -XHEAD warning text
  • done: make sure the final progress update is made [23]
  • build: Install zsh completion [24]
  • RTSP: do not add if-modified-since without timecondition [25]
  • curl: Fixed display of URL index in password prompt for --next
  • nonblock: fix setting non-blocking mode for Amiga [26]
  • http2 push: add missing inits of new stream [27]
  • http2: convert some verbose output into debug-only output
  • Curl_read_plain: clean up ifdefs that break statements [28]

This release includes the following known bugs:

  • see docs/KNOWN_BUGS (http://curl.haxx.se/docs/knownbugs.html)

References to bug reports and discussions on issues:

  [1] = http://curl.haxx.se/bug/?i=478
  [2] = http://curl.haxx.se/bug/?i=479
  [3] = http://curl.haxx.se/mail/lib-2015-10/0035.html
  [4] = http://curl.haxx.se/bug/?i=346
  [5] = http://curl.haxx.se/bug/?i=493
  [6] = http://curl.haxx.se/bug/?i=452
  [7] = http://curl.haxx.se/bug/?i=496
  [8] = http://curl.haxx.se/libcurl/c/CURLOPT_STREAM_DEPENDS.html
  [9] = http://curl.haxx.se/libcurl/c/CURLOPT_STREAM_DEPENDS_E.html
  [10] = http://curl.haxx.se/libcurl/c/CURLOPT_STREAM_WEIGHT.html
  [11] = http://curl.haxx.se/bug/?i=480
  [12] = https://github.com/bagder/curl/pull/501
  [13] = http://curl.haxx.se/bug/?i=506
  [14] = http://curl.haxx.se/bug/?i=425
  [15] = http://curl.haxx.se/bug/?i=473
  [16] = http://curl.haxx.se/bug/?i=486
  [17] = http://curl.haxx.se/bug/?i=524
  [18] = http://curl.haxx.se/bug/?i=523
  [19] = http://curl.haxx.se/bug/?i=525
  [20] = http://curl.haxx.se/bug/?i=526
  [21] = http://curl.haxx.se/bug/?i=532
  [22] = http://curl.haxx.se/bug/?i=535
  [23] = http://curl.haxx.se/bug/?i=538
  [24] = http://curl.haxx.se/bug/?i=534
  [25] = http://stackoverflow.com/questions/33903982/curl-timecond-none-doesnt-work-how-to-remove-if-modified-since-header
  [26] = http://curl.haxx.se/mail/lib-2015-11/0088.html
  [27] = http://curl.haxx.se/bug/?i=530
  [28] = http://curl.haxx.se/bug/?i=546

-- 
  / daniel.haxx.se

Change History (2)

comment:1 by Fernando de Oliveira, 8 years ago

Owner: changed from blfs-book@… to Fernando de Oliveira
Status: newassigned

comment:2 by Fernando de Oliveira, 8 years ago

Resolution: fixed
Status: assignedclosed

Fixed at r16706.

Note: See TracTickets for help on using tickets.