curl-users
[RELEASE] curl and libcurl 7.39.0
Date: Wed, 5 Nov 2014 08:55:40 +0100 (CET)
Hi friends!
I'm happy and proud to once again tell you about a brand new public release of
curl and libcurl. The packages were just uploaded and this time I want you all
to put some extra attention on the security advisory I will post about
separately just after this announcement.
As always, get curl from here: http://curl.haxx.se/
Curl and libcurl 7.39.0
Public curl releases: 142
Command line options: 162
curl_easy_setopt() options: 208
Public functions in libcurl: 58
Contributors: 1216
This release includes the following changes:
o SSLv3 is disabled by default
o CURLOPT_COOKIELIST: Added "RELOAD" command [5]
o build: Added WinIDN build configuration options to Visual Studio projects
o ssh: improve key file search
o SSL: public key pinning. Use CURLOPT_PINNEDPUBLICKEY and --pinnedpubkey
o vtls: remove QsoSSL support, use gskit!
o mk-ca-bundle: added SHA-384 signature algorithm
o docs: added many examples for libcurl opts and other doc improvements
o build: Added VC ssh2 target to main Makefile
o MinGW: Added support to build with nghttp2
o NetWare: Added support to build with nghttp2
o build: added Watcom support to build with WinSSL
o build: Added optional specific version generation of VC project files
This release includes the following bugfixes:
o curl_easy_duphandle: CURLOPT_COPYPOSTFIELDS read out of bounds [9]
o openssl: build fix for versions < 0.9.8e [1]
o newlines: fix mixed newlines to LF-only [2]
o ntlm: Fixed HTTP proxy authentication when using Windows SSPI [3]
o sasl_sspi: Fixed Unicode build [4]
o file: reject paths using embedded %00
o threaded-resolver: revert Curl_expire_latest() switch [6]
o configure: allow --with-ca-path with PolarSSL too
o HTTP/2: Fix busy loop when EOF is encountered
o CURLOPT_CAPATH: return failure if set without backend support
o nss: do not fail if a CRL is already cached
o smtp: Fixed intermittent "SSL3_WRITE_PENDING: bad write retry" error
o fixed 20+ nits/memory leaks identified by Coverity scans
o curl_schannel.c: Fixed possible memory or handle leak
o multi-uv.c: call curl_multi_info_read() better
o Cmake: Check for OpenSSL before OpenLDAP
o Cmake: Fix library list provided to cURL tests
o Cmake: Avoid cycle directory dependencies
o Cmake: Build with GSS-API libraries (MIT or Heimdal)
o vtls: provide backend defines for internal source code
o nss: fix a connection failure when FTPS handle is reused
o tests/http_pipe.py: Python 3 support
o cmake: build tool_hugehelp (ENABLE_MANUAL)
o cmake: enable IPv6 by default if available
o tests: move TESTCASES to Makefile.inc, add show for cmake
o ntlm: Avoid unnecessary buffer allocation for SSPI based type-2 token
o ntlm: Fixed empty/bad base-64 decoded buffer return codes
o ntlm: Fixed empty type-2 decoded message info text
o cmake: add CMake/Macros.cmake to the release tarball
o cmake: add SUPPORT_FEATURES and SUPPORT_PROTOCOLS
o cmake: use LIBCURL_VERSION from curlver.h
o cmake: generate pkg-config and curl-config
o fixed several superfluous variable assignements identified by cppcheck
o cleanup of 'CURLcode result' return code
o pipelining: only output "is not blacklisted" in debug builds
o SSL: Remove SSLv3 from SSL default due to POODLE attack
o gskit.c: remove SSLv3 from SSL default
o darwinssl: detect possible future removal of SSLv3 from the framework
o ntlm: Only define ntlm data structure when USE_NTLM is defined
o ntlm: Return CURLcode from Curl_ntlm_core_mk_lm_hash()
o ntlm: Return all errors from Curl_ntlm_core_mk_nt_hash()
o sspi: Only call CompleteAuthToken() when complete is needed
o http_negotiate: Fixed missing check for USE_SPNEGO
o HTTP: return larger than 3 digit response codes too [7]
o openssl: Check for NPN / ALPN via OpenSSL version number
o openssl: enable NPN separately from ALPN
o sasl_sspi: Allow DIGEST-MD5 to use current windows credentials
o sspi: Return CURLE_LOGIN_DENIED on AcquireCredentialsHandle() failure
o resume: consider a resume from [content-length] to be OK [8]
o sasl: Fixed Kerberos V5 inclusion when CURL_DISABLE_CRYPTO_AUTH is used
o build-openssl.bat: Fix x64 release build
o cmake: drop _BSD_SOURCE macro usage
o cmake: fix gethostby{addr,name}_r in CurlTests
o cmake: clean OtherTests, fixing -Werror
o cmake: fix struct sockaddr_storage check
o Curl_single_getsock: fix hold/pause sock handling
o SSL: PolarSSL default min SSL version TLS 1.0
o cmake: fix ZLIB_INCLUDE_DIRS use [10]
o buildconf: stop checking for libtool
This release includes the following known bugs:
o see docs/KNOWN_BUGS (http://curl.haxx.se/docs/knownbugs.html)
This release would not have looked like this without help, code, reports and
advice from friends like these:
Askar Safin, Balaji Salunke, Bill Nagel, Bruno Thomsen, Carlo Wood,
Catalin Patulea, Dan Fandrich, Daniel Stenberg, Dimitar Boevski, Fabian Keil,
Guenter Knauf, Jakub Zakrzewski, Jeremy Lin, Jonathan Cardoso Machado,
Kamil Dudka, K. R. Walker, Luan Cestari, Lucas Pardue, Marcel Raad,
Marc Hoersken, Michael Wallner, Nick Zitzmann, Patrick Monnerat,
Paul Howarth, Peter Wu, Ray Satiro, Steve Holme, Symeon Paraschoudis,
Tatsuhiro Tsujikawa, Ulrich Telle, Viktor Szakáts, Waldek Kozba,
Yousuke Kimoto,
Thanks! (and sorry if I forgot to mention someone)
References to bug reports and discussions on issues:
[1] = http://curl.haxx.se/mail/lib-2014-09/0064.html
[2] = http://curl.haxx.se/mail/lib-2014-09/0075.html
[3] = http://curl.haxx.se/mail/lib-2014-08/0273.html
[4] = http://curl.haxx.se/bug/view.cgi?id=1422
[5] = http://curl.haxx.se/libcurl/c/CURLOPT_COOKIELIST.html
[6] = http://curl.haxx.se/bug/view.cgi?id=1426
[7] = http://curl.haxx.se/bug/view.cgi?id=1441
[8] = http://curl.haxx.se/bug/view.cgi?id=1443
[9] = http://curl.haxx.se/docs/adv_20141105.html
[10] = https://github.com/bagder/curl/pull/123
-- / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-11-05