Opened 3 years ago

Closed 3 years ago

#10781 closed enhancement (fixed)

curl-7.60.0

Reported by: Bruce Dubbs Owned by: Bruce Dubbs
Priority: normal Milestone: 8.3
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

New minor version.

Change History (3)

comment:1 by Bruce Dubbs, 3 years ago

Owner: changed from blfs-book to Bruce Dubbs
Status: newassigned

comment:2 by Bruce Dubbs, 3 years ago

This release includes the following changes:

 o Add CURLOPT_HAPROXYPROTOCOL, support for the HAProxy PROXY protocol [10]
 o Add --haproxy-protocol for the command line tool [10]
 o Add CURLOPT_DNS_SHUFFLE_ADDRESSES, shuffle returned IP addresses [12]

This release includes the following bugfixes:

 o FTP: shutdown response buffer overflow CVE-2018-1000300 [88]
 o RTSP: bad headers buffer over-read CVE-2018-1000301 [89]
 o FTP: fix typo in recursive callback detection for seeking [1]
 o test1208: marked flaky
 o HTTP: make header-less responses still count correct body size [2]
 o user-agent.d:: mention --proxy-header as well [3]
 o http2: fixes typo [4] 
 o cleanup: misc typos in strings and comments [5]
 o rate-limit: use three second window to better handle high speeds [6]
 o examples/hiperfifo.c: improved
 o pause: when changing pause state, update socket state [7]
 o multi: improved pending transfers handling => improved performance [8]
 o curl_version_info.3: fix ssl_version description [9]
 o add_handle/easy_perform: clear errorbuffer on start if set [11]
 o darwinssl: fix iOS build [13]
 o cmake: add support for brotli [14]
 o parsedate: support UT timezone [15]
 o vauth/ntlm.h: fix the #ifdef header guard
 o lib/curl_path.h: added #ifdef header guard 
 o vauth/cleartext: fix integer overflow check [16]
 o CURLINFO_COOKIELIST.3: made the example not leak memory
 o cookie.d: mention that "-" as filename means stdin [17]
 o CURLINFO_SSL_VERIFYRESULT.3: fixed the example [18]
 o http2: read pending frames (including GOAWAY) in connection-check [19]
 o timeval: remove compilation warning by casting [20]
 o cmake: avoid warn-as-error during config checks [21]
 o travis-ci: enable -Werror for CMake builds [22]
 o openldap: fix for NULL return from ldap_get_attribute_ber() [23]
 o threaded resolver: track resolver time and set suitable timeout values [24]
 o cmake: Add advapi32 as explicit link library for win32 [25]
 o docs: fix CURLINFO_*_T examples use of CURL_FORMAT_CURL_OFF_T [26]
 o test1148: set a fixed locale for the test [27]
 o cookies: when reading from a file, only remove_expired once [28]
 o cookie: store cookies per top-level-domain-specific hash table [29]
 o openssl: fix build with LibreSSL 2.7 [30]
 o tls: fix mbedTLS 2.7.0 build + handle sha256 failures [31]
 o openssl: RESTORED verify locations when verifypeer==0 [32] 
 o file: restore old behavior for file:////foo/bar URLs [33]
 o FTP: allow PASV on IPv6 connections when a proxy is being used [34]
 o build-openssl.bat: allow custom paths for VS and perl [35]
 o winbuild: make the clean target work without build-type [36]
 o build-openssl.bat: Refer to VS2017 as VC14.1 instead of VC15 [37]
 o curl: retry on FTP 4xx, ignore other protocols [38]
 o configure: detect (and use) sa_family_t [39]
 o examples/sftpuploadresume: Fix Windows large file seek
 o build: cleanup to fix clang warnings/errors [40]
 o winbuild: updated the documentation [41]
 o lib: silence null-dereference warnings [42]
 o travis: bump to clang 6 and gcc 7 [43]
 o travis: build libpsl and make builds use it [44]
 o proxy: show getenv proxy use in verbose output [45]
 o duphandle: make sure CURLOPT_RESOLVE is duplicated [46]
 o all: Refactor malloc+memset to use calloc [47]
 o checksrc: Fix typo [48]
 o system.h: Add sparcv8plus to oracle/sunpro 32-bit detection [49]
 o vauth: Fix typo [50]
 o ssh: show libSSH2 error code when closing fails [51]
 o test1148: tolerate progress updates better [52]
 o urldata: make service names unconditional [53]
 o configure: keep LD_LIBRARY_PATH changes local [54]
 o ntlm_sspi: fix authentication using Credential Manager [55]
 o schannel: add client certificate authentication [56]
 o winbuild: Support custom devel paths for each dependency [57]
 o schannel: add support for CURLOPT_CAINFO [58]
 o http2: handle on_begin_headers() called more than once [59]
 o openssl: support OpenSSL 1.1.1 verbose-mode trace messages [60]
 o openssl: fix subjectAltName check on non-ASCII platforms [61]
 o http2: avoid strstr() on data not zero terminated [62]
 o http2: clear the "drain counter" when a stream is closed [63]
 o http2: handle GOAWAY properly [64]
 o tool_help: clarify --max-time unit of time is seconds
 o curl.1: clarify that options and URLs can be mixed [65]
 o http2: convert an assert to run-time check [66]
 o curl_global_sslset: always provide available backends [67]
 o ftplistparser: keep state between invokes [68]
 o Curl_memchr: zero length input can't match
 o examples/sftpuploadresume: typecast fseek argument to long
 o examples/http2-upload: expand buffer to avoid silly warning
 o ctype: restore character classification for non-ASCII platforms [69]
 o mime: avoid NULL pointer dereference risk [70]
 o cookies: ensure that we have cookies before writing jar [71]
 o os400.c: fix checksrc warnings [72]
 o configure: provide --with-wolfssl as an alias for --with-cyassl
 o cyassl: adapt to libraries without TLS 1.0 support built-in
 o http2: get rid of another strstr [73]
 o checksrc: force indentation of lines after an else [74]
 o cookies: remove unused macro [75]
 o CURLINFO_PROTOCOL.3: mention the existing defined names
 o tests: provide 'manual' as a feature to optionally require [76]
 o travis: enable libssh2 on both macos and Linux [77]
 o CURLOPT_URL.3: added ENCODING section
 o wolfssl: Fix non-blocking connect [78]
 o vtls: don't define MD5_DIGEST_LENGTH for wolfssl
 o docs: remove extraneous commas in man pages [79]
 o URL: fix ASCII dependency in strcpy_url and strlen_url [80]
 o ssh-libssh.c: fix left shift compiler warning
 o configure: only check for CA bundle for file-using SSL backends [81]
 o travis: add an mbedtls build [82]
 o http: don't set the "rewind" flag when not uploading anything [83]
 o configure: put CURLDEBUG and DEBUGBUILD in lib/curl_config.h [84]
 o transfer: don't unset writesockfd on setup of multiplexed conns [85]
 o vtls: use unified "supports" bitfield member in backends [86]
 o URLs: fix one more http url [87]
 o travis: add a build using WolfSSL [90]
 o openssl: change FILE ops to BIO ops [91]
 o travis: add build using NSS [92]
 o smb: reject negative file sizes [93]
 o cookies: accept parameter names as cookie name [94]
 o http2: getsock fix for uploads [95]
 o all over: fixed format specifiers [96]
 o http2: use the correct function pointer typedef [97]

comment:3 by Bruce Dubbs, 3 years ago

Resolution: fixed
Status: assignedclosed

Fixed at revision 20169.

Note: See TracTickets for help on using tickets.