1
Curl and libcurl 7.29.0
1
Curl and libcurl 7.30.0
3
Public curl releases: 131
3
Public curl releases: 132
4
4
Command line options: 152
5
5
curl_easy_setopt() options: 199
6
6
Public functions in libcurl: 58
7
Known libcurl bindings: 39
10
This release includes the following securify fix:
12
o POP3/IMAP/SMTP SASL buffer overflow vulnerability [17]
7
Known libcurl bindings: 42
11
krb4 support is up for removal. If you care about it at all, speak up
12
on the curl-library list asap!
14
15
This release includes the following changes:
16
o test: offer "automake" output and check for perl better
17
o always-multi: always use non-blocking internals [1]
18
o imap: Added support for sasl digest-md5 authentication
19
o imap: Added support for sasl cram-md5 authentication
20
o imap: Added support for sasl ntlm authentication
21
o imap: Added support for sasl login authentication
22
o imap: Added support for sasl plain text authentication
23
o imap: Added support for login disabled server capability
24
o mk-ca-bundle: add -f, support passing to stdout and more [5]
25
o writeout: -w now supports remote_ip/port and local_ip/port
17
o imap: Changed response tag generation to be completely unique
18
o imap: Added support for SASL-IR extension
19
o imap: Added support for the list command
20
o imap: Added support for the append command
21
o imap: Added custom request parsing
22
o imap: Added support to the fetch command for UID and SECTION properties
23
o imap: Added parsing and verification of the UIDVALIDITY mailbox attribute
24
o darwinssl: Make certificate errors less techy
25
o imap/pop3/smtp: Added support for the STARTTLS capability
26
o checksrc: ban use of sprintf, vsprintf, strcat, strncat and gets
27
o curl_global_init() now accepts the CURL_GLOBAL_ACK_EINTR flag [10]
28
o Added CURLMOPT_MAX_HOST_CONNECTIONS, CURLMOPT_MAX_TOTAL_CONNECTIONS for
29
new multi interface connection handling
30
o Added CURLMOPT_MAX_PIPELINE_LENGTH, CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE,
31
CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE, CURLMOPT_PIPELINING_SITE_BL and
32
CURLMOPT_PIPELINING_SERVER_BL for new pipelining control [15]
27
34
This release includes the following bugfixes:
29
o nss: prevent NSS from crashing on client auth hook failure
30
o darwinssl: Fixed inability to disable peer verification on Snow Leopard
32
o curl_multi_remove_handle: fix memory leak triggered with CURLOPT_RESOLVE
33
o SCP: relative path didn't work as documented [7]
34
o setup_once.h: HP-UX <sys/socket.h> issue workaround
35
o configure: fix cross pkg-config detection
36
o runtests: Do not add undefined values to @INC
37
o build: fix compilation with CURL_DISABLE_CRYPTO_AUTH flag
38
o multi: fix re-sending request on early connection close
39
o HTTP: remove stray CRLF in chunk-encoded content-free request bodies
40
o build: fix AIX compilation and usage of events/revents
41
o VC Makefiles: add missing hostcheck
42
o nss: clear session cache if a client certificate from file is used
43
o nss: fix error messages for CURLE_SSL_{CACERT,CRL}_BADFILE
44
o fix HTTP CONNECT tunnel establishment upon delayed response [2]
45
o --libcurl: fix for non-zero default options
46
o FTP: reject illegal port numbers in EPSV 229 responses
47
o build: use per-target '_CPPFLAGS' for those currently using default
48
o configure: fix automake 1.13 compatibility [6]
49
o curl: ignore SIGPIPE [4]
50
o pop3: Added support for non-blocking SSL upgrade
51
o pop3: Fixed default authentication detection
52
o imap: Fixed usernames and passwords that contain escape characters
53
o packages/DOS/common.dj: remove COFF debug info generation [3]
54
o imap/pop3/smtp: Fixed failure detection during TLS upgrade [8]
55
o pop3: Fixed no known authentication mechanism when fallback is required [9]
56
o formadd: reject trying to read a directory where a file is expected [10]
57
o formpost: support quotes, commas and semicolon in file names [11]
58
o docs: update the comments about loading CA certs with NSS [12]
59
o docs: fix typos in man pages [13]
60
o darwinssl: Fix bug where packets were sometimes transmitted twice [14]
61
o winbuild: include version info for .dll .exe [15]
62
o schannel: Removed extended error connection setup flag [16]
63
o VMS: fix and generate the VMS build config
36
o SECURITY ADVISORY: cookie tailmatching to avoid cross-domain leakage [25]
37
o darwinssl: Fix build under Leopard
38
o DONE: consider callback-aborted transfers premature [1]
39
o ntlm: Fixed memory leaks
40
o smtp: Fixed an issue when processing EHLO failure responses
41
o pop3: Fixed incorrect return value from pop3_endofresp()
42
o pop3: Fixed SASL authentication capability detection
43
o pop3: Fixed blocking SSL connect when connecting via POP3S
44
o imap: Fixed memory leak when performing multiple selects
45
o nss: fix misplaced code enabling non-blocking socket mode
46
o AddFormData: prevent only directories from being posted [2]
47
o darwinssl: fix infinite loop if server disconnected abruptly [3]
48
o metalink: fix improbable crash parsing metalink filename
49
o show proper host name on failed resolve
50
o MacOSX-Framework: Make script work in Xcode 4.0 and later
51
o strlcat: remove function [4]
52
o darwinssl: Fix send glitchiness with data > 32 or so KB [5]
53
o polarssl: better 1.1.x and 1.2.x support
54
o various documentation improvements
55
o multi: NULL pointer reference when closing an unused multi handle [9]
56
o SOCKS: fix socks proxy when noproxy matched [7]
57
o install-sh: updated to support multiple source files as arguments [6]
58
o PolarSSL: added human readable error strings
59
o resolver_error: remove wrong error message output
60
o docs: updates HTML index and general improvements
61
o curlbuild.h.dist: enhance non-configure GCC ABI detection logic
62
o sasl: Fixed null pointer reference when decoding empty digest challenge [8]
63
o easy: do not ignore poll() failures other than EINTR
64
o darwinssl: disable ECC ciphers under Mountain Lion by default
65
o CONNECT: count received headers [11]
66
o build: fixes for VMS
67
o CONNECT: clear 'rewindaftersend' on success [12]
68
o HTTP proxy: insert slash in URL if missing [13]
69
o hiperfifo: updated to use current libevent API [14]
70
o getinmemory.c: abort the transfer nicely if not enough memory
71
o improved win32 memorytracking
72
o corrected proxy header response headers count [16]
73
o FTP quote operations on re-used connection [17]
74
o tcpkeepalive on win32 [18]
75
o tcpkeepalive on Mac OS X [23]
76
o easy: acknowledge the CURLOPT_MAXCONNECTS option properly [19]
77
o easy interface: restore default MAXCONNECTS to 5
78
o win32: don't set SO_SNDBUF for windows vista or later versions [20]
79
o HTTP: made cookie sort function more deterministic
80
o winssl: Fixed memory leak if connection was not successful
81
o FTP: wait on both connections during active STOR state [21]
82
o connect: treat a failed local bind of an interface as a non-fatal error [22]
83
o darwinssl: disable insecure ciphers by default
84
o FTP: handle "rubbish" in front of directory name in 257 responses [24]
85
o mk-ca-bundle: Fixed lost OpenSSL output with "-t"
65
87
This release includes the following known bugs:
69
91
This release would not have looked like this without help, code, reports and
70
92
advice from friends like these:
72
Nick Zitzmann, Colin Watson, Fabian Keil, Kamil Dudka, Lijo Antony,
73
Linus Nielsen Feltzing, Marc Hoersken, Stanislav Ivochkin, Steve Holme,
74
Yang Tse, Balaji Parasuram, Dan Fandrich, Bob Relyea, Gisle Vanem,
75
Yves Arrouye, Kai Engert, Lluís Batlle i Rossell, Jirí Hruka,
76
John E. Malmberg, Tor Arntsen, Matt Arsenault, Sergei Nikulov,
77
Guenter Knauf, Craig Davison, Ulrich Doehner, Jiri Jaburek, Bruno de Carvalho,
94
Kamil Dudka, Steve Holme, Nick Zitzmann, Patricia Muscalu, Dan Fandrich,
95
Gisle Vanem, Guenter Knauf, Yang Tse, Oliver Gondža, Aki Koskinen,
96
Alexander Klauer, Kim Vandry, Willem Sparreboom, Jeremy Huddleston,
97
Bruno de Carvalho, Rainer Jung, Jeremy Huddleston, Kim Vandry, Jiri Hruska,
98
Alexander Klauer, Saran Neti, Alessandro Ghedini, Linus Nielsen Feltzing,
99
Martin Jansen, John E. Malmberg, Tom Grace, Patrick Monnerat,
100
Zdenek Pavlas, Myk Taylor, Cédric Deltheil, Robert Wruck, Sam Deane,
101
Clemens Gruber, Marc Hoersken, Tomas Mlcoch, Fredrik Thulin, Steven Gu,
102
Andrew Kurushin, Christian Hägele, Daniel Theron, Bill Middlecamp,
103
Richard Michael, Yamada Yasuharu
80
105
Thanks! (and sorry if I forgot to mention someone)
82
107
References to bug reports and discussions on issues:
84
[1] = http://daniel.haxx.se/blog/2013/01/17/internally-were-all-multi-now/
85
[2] = http://curl.haxx.se/mail/lib-2013-01/0191.html
86
[3] = http://curl.haxx.se/mail/lib-2013-01/0130.html
87
[4] = http://curl.haxx.se/bug/view.cgi?id=1180
88
[5] = http://curl.haxx.se/mail/lib-2013-01/0045.html
89
[6] = http://curl.haxx.se/mail/lib-2012-12/0246.html
90
[7] = http://curl.haxx.se/bug/view.cgi?id=1173
91
[8] = http://curl.haxx.se/mail/lib-2013-01/0250.html
92
[9] = http://curl.haxx.se/mail/lib-2013-02/0004.html
93
[10] = http://curl.haxx.se/mail/archive-2013-01/0017.html
94
[11] = http://curl.haxx.se/bug/view.cgi?id=1171
95
[12] = https://bugzilla.redhat.com/696783
96
[13] = https://bugzilla.redhat.com/896544
97
[14] = http://curl.haxx.se/mail/lib-2013-01/0295.html
98
[15] = http://curl.haxx.se/bug/view.cgi?id=1186
99
[16] = http://curl.haxx.se/bug/view.cgi?id=1187
100
[17] = http://curl.haxx.se/docs/adv_20130206.html
109
[1] = http://curl.haxx.se/bug/view.cgi?id=1184
110
[2] = http://curl.haxx.se/mail/archive-2013-02/0040.html
111
[3] = http://curl.haxx.se/mail/lib-2013-03/0014.html
112
[4] = http://curl.haxx.se/bug/view.cgi?id=1192
113
[5] = http://curl.haxx.se/mail/lib-2013-02/0145.html
114
[6] = http://curl.haxx.se/bug/view.cgi?id=1195
115
[7] = http://curl.haxx.se/bug/view.cgi?id=1190
116
[8] = http://curl.haxx.se/bug/view.cgi?id=1193
117
[9] = http://curl.haxx.se/bug/view.cgi?id=1194
118
[10] = http://curl.haxx.se/bug/view.cgi?id=1168
119
[11] = http://curl.haxx.se/bug/view.cgi?id=1204
120
[12] = https://groups.google.com/d/msg/msysgit/B31LNftR4BI/KhRTz0iuGmUJ
121
[13] = http://curl.haxx.se/bug/view.cgi?id=1206
122
[14] = http://curl.haxx.se/bug/view.cgi?id=1199
123
[15] = http://daniel.haxx.se/blog/2013/03/26/better-pipelining-in-libcurl-7-30-0/
124
[16] = http://curl.haxx.se/bug/view.cgi?id=1204
125
[17] = http://curl.haxx.se/mail/lib-2013-03/0319.html
126
[18] = http://curl.haxx.se/bug/view.cgi?id=1209
127
[19] = http://curl.haxx.se/bug/view.cgi?id=1212
128
[20] = http://curl.haxx.se/bug/view.cgi?id=1188
129
[21] = http://curl.haxx.se/bug/view.cgi?id=1183
130
[22] = http://curl.haxx.se/bug/view.cgi?id=1189
131
[23] = http://curl.haxx.se/bug/view.cgi?id=1214
132
[24] = http://curl.haxx.se/mail/lib-2013-04/0113.html
133
[25] = http://curl.haxx.se/docs/adv_20130412.html