This commit is contained in:
Daniel Stenberg 2018-10-29 08:35:51 +01:00
Родитель bbed10da65
Коммит 196677150f
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 5CC908FDB71E12C2
1 изменённых файлов: 31 добавлений и 9 удалений

Просмотреть файл

@ -4,7 +4,7 @@ Curl and libcurl 7.62.0
Command line options: 219
curl_easy_setopt() options: 261
Public functions in libcurl: 80
Contributors: 1787
Contributors: 1808
This release includes the following changes:
@ -21,6 +21,9 @@ This release includes the following changes:
This release includes the following bugfixes:
o CVE-2018-16839: SASL password overflow via integer overflow [107]
o CVE-2018-16840: use-after-free in handle close [108]
o CVE-2018-16842: warning message out-of-buffer read [114]
o CURLOPT_DNS_USE_GLOBAL_CACHE: deprecated [5]
o Curl_dedotdotify(): always nul terminate returned string [46]
o Curl_follow: Always free the passed new URL [87]
@ -40,6 +43,7 @@ This release includes the following bugfixes:
o checksrc: handle zero scoped ignore commands [62]
o cmake: Backport to work with CMake 3.0 again [55]
o cmake: Improve config installation [60]
o cmake: add support for transitive ZLIB target [113]
o cmake: disable -Wpedantic-ms-format [84]
o cmake: don't require OpenSSL if USE_OPENSSL=OFF [35]
o cmake: fixed path used in generation of docs/tests [56]
@ -88,6 +92,7 @@ This release includes the following bugfixes:
o lib: fix gcc8 warning on Windows [20]
o memory: add missing curl_printf header [30]
o memory: ensure to check allocation results [68]
o multi: Fix error handling in the SENDPROTOCONNECT state [112]
o multi: fix memory leak in content encoding related error path [59]
o multi: make the closure handle "inherit" CURLOPT_NOSIGNAL [90]
o netrc: free temporary strings if memory allocation fails [103]
@ -104,6 +109,7 @@ This release includes the following bugfixes:
o openssl: return CURLE_PEER_FAILED_VERIFICATION on failure to parse issuer [6]
o openssl: show "proper" version number for libressl builds [28]
o pipelining: deprecated [1]
o rand: add comment to skip a clang-tidy false positive
o rtmp: fix for compiling with lwIP [100]
o runtests: ignore disabled even when ranges are given [74]
o runtests: skip ld_preload tests on macOS [80]
@ -112,21 +118,27 @@ This release includes the following bugfixes:
o sendf: Fix whitespace in infof/failf concatenation [26]
o ssh: free the session on init failures [96]
o ssl: deprecate CURLE_SSL_CACERT in favour of a unified error code [6]
o system.h: use proper setting with Sun C++ as well [109]
o test1299: use single quotes around asterisk [72]
o test1452: mark as flaky [2]
o test1651: unit test Curl_extract_certinfo() [110]
o test320: strip out more HTML when comparing [66]
o tests/negtelnetserver.py: fix Python2-ism in neg TELNET server [67]
o tests: add unit tests for url.c [3]
o timeval: fix use of weak symbol clock_gettime() on Apple platforms [61]
o tool_cb_hdr: handle failure of rename() [94]
o travis: add a "make tidy" build that runs clang-tidy [105]
o travis: add build for "configure --disable-verbose" [93]
o travis: bump the Secure Transport build to use xcode [58]
o travis: make distcheck scan for BOM markers [86]
o unit1300: fix stack-use-after-scope AddressSanitizer warning [106]
o urldata: Fix "connecting" comment
o urlglob: improve error message on bad globs [22]
o vtls: fix ssl version "or later" behavior change for many backends [38]
o x509asn1: Fix SAN IP address verification [88]
o x509asn1: always check return code from getASN1Element() [110]
o x509asn1: return CURLE_PEER_FAILED_VERIFICATION on failure to parse cert [6]
o x509asn1: suppress left shift on signed value [111]
This release includes the following known bugs:
@ -135,18 +147,18 @@ This release includes the following known bugs:
This release would not have looked like this without help, code, reports and
advice from friends like these:
Alexey Eremikhin, Brad King, Christian Heimes, Colin Hogben,
Alexey Eremikhin, Brad King, Brian Carpenter, Christian Heimes, Colin Hogben,
Daniel Gustafsson, Daniel Shahaf, Daniel Stenberg, Dario Weißer,
Dave Reisner, Dima Pasechnik, Dmitry Kostjuchenko, Doron Behar,
Eason-Yu on github, Erik Minekus, Even Rouault, Gisle Vanem,
Github user @jakirkham, Han Han, Harry Sintonen, Jean Fabrice, Jim Fuller,
Kamil Dudka, Loganaden Velvindron, Marcel Raad, Marc Hörsken, Martin Ankerl,
Eason-Yu on github, Erik Minekus, Even Rouault, Gisle Vanem, Han Han,
Harry Sintonen, jakirkham on github, Jean Fabrice, Jim Fuller, Kamil Dudka,
Loganaden Velvindron, Marcel Raad, Marc Hörsken, Martin Ankerl,
Matthew Whitehead, Max Dymond, Maxime Legros, Michael Kaufmann, Nate Prewitt,
Nicklas Avén, Nick Zitzmann, Philipp Waehnert, Rainer Jung, Ray Satiro,
Rich Turner, Rick Deist, Ricky-Tigg on github, Rikard Falkeborn,
Ruslan Baratov, Sergei Nikulov, Shaun Jackman, Thomas Glanzmann,
Nicklas Avén, Nick Zitzmann, Patrick Monnerat, Philipp Waehnert, Rainer Jung,
Ray Satiro, Rich Turner, Rick Deist, Ricky-Tigg on github, Rikard Falkeborn,
Ruslan Baratov, Sergei Nikulov, Shaun Jackman, Thomas Glanzmann, Tuomo Rinne,
Viktor Szakats, Yiming Jing,
(46 contributors)
(49 contributors)
Thanks! (and sorry if I forgot to mention someone)
@ -256,3 +268,13 @@ References to bug reports and discussions on issues:
[102] = https://curl.haxx.se/bug/?i=3166
[103] = https://curl.haxx.se/bug/?i=3122
[104] = https://curl.haxx.se/bug/?i=3162
[105] = https://curl.haxx.se/bug/?i=3182
[106] = https://curl.haxx.se/bug/?i=3182
[107] = https://curl.haxx.se/docs/CVE-2018-16839.html
[108] = https://curl.haxx.se/docs/CVE-2018-16840.html
[109] = https://curl.haxx.se/bug/?i=3181
[110] = https://curl.haxx.se/bug/?i=3163
[111] = https://curl.haxx.se/bug/?i=3163
[112] = https://curl.haxx.se/bug/?i=3170
[113] = https://curl.haxx.se/bug/?i=3123
[114] = https://curl.haxx.se/docs/CVE-2018-16842.html