[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnurl] 214/220: RELEASE-NOTES: curl 7.66.0
From: |
gnunet |
Subject: |
[GNUnet-SVN] [gnurl] 214/220: RELEASE-NOTES: curl 7.66.0 |
Date: |
Thu, 12 Sep 2019 17:29:34 +0200 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to branch master
in repository gnurl.
commit 9cd755e1d768bbf228e7c9faf223b7459f7e0105
Author: Daniel Stenberg <address@hidden>
AuthorDate: Mon Sep 9 14:08:57 2019 +0200
RELEASE-NOTES: curl 7.66.0
---
RELEASE-NOTES | 34 +++++++++++++++++++++++++---------
1 file changed, 25 insertions(+), 9 deletions(-)
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 6d14902b6..cd13827f5 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -17,6 +17,8 @@ This release includes the following changes:
This release includes the following bugfixes:
+ o CVE-2019-5481: FTP-KRB double-free [64]
+ o CVE-2019-5482: TFTP small blocksize heap buffer overflow [65]
o CI: remove duplicate configure flag for LGTM.com
o CMake: remove needless newlines at end of gss variables
o CMake: use platform dependent name for dlopen() library [62]
@@ -28,6 +30,7 @@ This release includes the following bugfixes:
o CURLOPT_READFUNCTION.3: provide inline example
o CURLOPT_SSL_VERIFYHOST: treat the value 1 as 2 [51]
o Curl_addr2string: take an addrlen argument too [61]
+ o Curl_fillreadbuffer: avoid double-free trailer buf on error [66]
o HTTP: use chunked Transfer-Encoding for HTTP_POST if size unknown [10]
o alt-svc: add protocol version selection masking [31]
o alt-svc: fix removal of expired cache entry [30]
@@ -44,6 +47,7 @@ This release includes the following bugfixes:
o curl.h: add CURL_HTTP_VERSION_3 to the version enum
o curl.h: fix outdated comment [23]
o curl: cap the maximum allowed values for retry time arguments [13]
+ o curl: handle a libcurl build without netrc support [63]
o curl: make use of CURLINFO_RETRY_AFTER when retrying [35]
o curl: remove outdated comment [24]
o curl: use .curlrc (with a dot) on Windows [52]
@@ -73,6 +77,7 @@ This release includes the following bugfixes:
o netrc: make the code try ".netrc" on Windows [52]
o nss: use TLSv1.3 as default if supported [39]
o openssl: build warning free with boringssl [50]
+ o openssl: use SSL_CTX_set_<min|max>_proto_version() when available [68]
o plan9: add support for running on Plan 9 [22]
o progress: reset download/uploaded counter between transfers [12]
o readwrite_data: repair setting the TIMER_STARTTRANSFER stamp [26]
@@ -84,10 +89,13 @@ This release includes the following bugfixes:
o src/makefile: fix uncompressed hugehelp.c generation [19]
o ssh-libssh: do not specify O_APPEND when not in append mode [7]
o ssh: move code into vssh for SSH backends [53]
+ o sspi: fix memory leaks [67]
o tests: Replace outdated test case numbering documentation [43]
+ o tftp: return error when packet is too small for options
o timediff: make it 64 bit (if possible) even with 32 bit time_t [20]
o travis: reduce number of torture tests in 'coverage' [42]
o url: make use of new HTTP version if alt-svc has one [16]
+ o urlapi: verify the IPv6 numerical address [69]
o urldata: avoid 'generic', use dedicated pointers [57]
o vauth: Use CURLE_AUTH_ERROR for auth function errors [41]
@@ -100,15 +108,16 @@ advice from friends like these:
Alessandro Ghedini, Alex Mayorga, Amit Katyal, Balazs Kovacsics,
Brad Spencer, Brandon Dong, Carlo Marcelo Arenas Belón, Christopher Head,
- Daniel Gustafsson, Daniel Stenberg, Dominik Hölzl, Eric Wong, Felix Hädicke,
- Gergely Nagy, Gisle Vanem, Igor Makarov, Ironbars13 on github, Jason Lee,
- Jeremy Lainé, Jonathan Cardoso Machado, Junho Choi, Kamil Dudka,
- Kyle Abramowitz, Kyohei Kadota, Lance Ware, Marcel Raad, Max Dymond,
- Michael Lee, Michal Čaplygin, Mike Crowe, niallor on github, osabc on github,
- patnyb on github, Patrick Monnerat, Peter Wu, Ray Satiro, Rolf Eike Beer,
- Steve Holme, Tatsuhiro Tsujikawa, The Infinnovation team, Tom van der Woerdt,
- Yiming Jing,
- (42 contributors)
+ Clément Notin, codesniffer13 on github, Daniel Gustafsson, Daniel Stenberg,
+ Dominik Hölzl, Eric Wong, Felix Hädicke, Gergely Nagy, Gisle Vanem,
+ Igor Makarov, Ironbars13 on github, Jason Lee, Jeremy Lainé,
+ Jonathan Cardoso Machado, Junho Choi, Kamil Dudka, Kyle Abramowitz,
+ Kyohei Kadota, Lance Ware, Marcel Raad, Max Dymond, Michael Lee,
+ Michal Čaplygin, migueljcrum on github, Mike Crowe, niallor on github,
+ osabc on github, patnyb on github, Patrick Monnerat, Peter Wu, Ray Satiro,
+ Rolf Eike Beer, Steve Holme, Tatsuhiro Tsujikawa, The Infinnovation team,
+ Thomas Vegas, Tom van der Woerdt, Yiming Jing,
+ (46 contributors)
Thanks! (and sorry if I forgot to mention someone)
@@ -176,3 +185,10 @@ References to bug reports and discussions on issues:
[60] = https://curl.haxx.se/bug/?i=4286
[61] = https://curl.haxx.se/bug/?i=4283
[62] = https://curl.haxx.se/bug/?i=4279
+ [63] = https://curl.haxx.se/bug/?i=4302
+ [64] = https://curl.haxx.se/docs/CVE-2019-5481.html
+ [65] = https://curl.haxx.se/docs/CVE-2019-5482.html
+ [66] = https://curl.haxx.se/bug/?i=4307
+ [67] = https://curl.haxx.se/bug/?i=4299
+ [68] = https://curl.haxx.se/bug/?i=4304
+ [69] = https://curl.haxx.se/bug/?i=4315
--
To stop receiving notification emails like this one, please contact
address@hidden.
- [GNUnet-SVN] [gnurl] 194/220: smb: init *msg to NULL in smb_send_and_recv(), (continued)
- [GNUnet-SVN] [gnurl] 194/220: smb: init *msg to NULL in smb_send_and_recv(), gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 207/220: sspi: fix memory leaks, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 209/220: openssl: use SSL_CTX_set_<min|max>_proto_version() when available, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 210/220: urlapi: verify the IPv6 numerical address, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 218/220: docs: curl->gnurl sed, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 220/220: doc: man 3 rename., gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 219/220: rename man 3 file, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 208/220: openssl: indent, re-organize and add comments, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 203/220: security:read_data fix bad realloc(), gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 196/220: cleanup: move functions out of url.c and make them static, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 214/220: RELEASE-NOTES: curl 7.66.0,
gnunet <=
- [GNUnet-SVN] [gnurl] 216/220: Merge tag 'curl-7_66_0', gnunet, 2019/09/12