🠰 7.56.1 all changes 7.58.0 🠲
Changes in 7.57.0 - November 29 2017
Changes:
- auth: add support for RFC7616 - HTTP Digest access authentication
- share: add support for sharing the connection cache
- HTTP: implement Brotli content encoding
Bugfixes:
- CVE-2017-8816: NTLM buffer overflow via integer overflow
- CVE-2017-8817: FTP wildcard out of bounds read
- CVE-2017-8818: SSL out of buffer access
- curl_mime_filedata.3: fix typos
- libtest: Add required test libraries for lib1552 and lib1553
- fix time diffs for systems using unsigned time_t
- ftplistparser: memory leak fix: free temporary memory always
- multi: allow table handle sizes to be overridden
- wildcards: don't use with non-supported protocols
- curl_fnmatch: return error on illegal wildcard pattern
- transfer: Fix chunked-encoding upload too early exit
- curl_setup: Improve detection of CURL_WINDOWS_APP
- resolvers: only include anything if needed
- setopt: fix CURLOPT_SSH_AUTH_TYPES option read
- appveyor: add a win32 build
- Curl_timeleft: change return type to timediff_t
- cmake: Export libcurl and curl targets to use by other cmake projects
- curl: in -F option arg, comma is a delimiter for files only
- curl: improved ";type=" handling in -F option arguments
- timeval: use mach_absolute_time() on MacOS
- curlx: the timeval functions are no longer provided as curlx_*
- mkhelp.pl: do not generate comment with current date
- memdebug: use send/recv signature for curl_dosend/curl_dorecv
- cookie: avoid NULL dereference
- url: fix CURLOPT_POSTFIELDSIZE arg value check to allow -1
- include: remove conncache.h inclusion from where its not needed
- CURLOPT_MAXREDIRS: allow -1 as a value
- tests: Fixed torture tests on tests 556 and 650
- http2: Fixed OOM handling in upgrade request
- url: fix CURLOPT_DNS_CACHE_TIMEOUT arg value check to allow -1
- CURLOPT_INFILESIZE: accept -1
- curl: pass through [] in URLs instead of calling globbing error
- curl: speed up handling of many URLs
- ntlm: avoid malloc(0) for zero length passwords
- url: remove faulty arg value check from CURLOPT_SSH_AUTH_TYPES
- HTTP: support multiple Content-Encodings
- travis: add a job with brotli enabled
- url: remove unnecessary NULL-check
- fnmatch: remove dead code
- connect: store IPv6 connection status after valid connection
- imap: deal with commands case insensitively
- --interface: add support for Linux VRF
- content_encoding: fix inflate_stream for no bytes available
- cmake: Correctly include curl.rc in Windows builds
- cmake: Add missing setmode check
- connect.c: remove executable bit on file
- SMB: fix uninitialized local variable
- zlib/brotli: only include header files in modules needing them
- URL: return error on malformed URLs with junk after IPv6 bracket
- openssl: fix too broad use of HAVE_OPAQUE_EVP_PKEY
- macOS: Fix missing connectx function with Xcode version older than 9.0
- --resolve: allow IP address within [] brackets
- examples/curlx: Fix code style
- ntlm: remove unnecessary NULL-check to please scan-build
- Curl_llist_remove: fix potential NULL pointer deref
- mime: fix "Value stored to 'sz' is never read" scan-build error
- openssl: fix "Value stored to 'rc' is never read" scan-build error
- http2: fix "Value stored to 'hdbuf' is never read" scan-build error
- http2: fix "Value stored to 'end' is never read" scan-build error
- Curl_open: fix OOM return error correctly
- url: reject ASCII control characters and space in hostnames
- examples/rtsp: clear RANGE again after use
- connect: improve the bind error message
- make: fix "make distclean"
- connect: add support for new TCP Fast Open API on Linux
- metalink: fix memory-leak and NULL pointer dereference
- URL: update "file:" URL handling
- ssh: remove check for a NULL pointer
- global_init: ignore CURL_GLOBAL_SSL's absence