curl / Mailing Lists / curl-users / Single Mail

curl-users

[RELEASE] curl 7.58.0

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Wed, 24 Jan 2018 08:11:17 +0100 (CET)

Hi friends!

I'm glad to let you know that there's a new latest curl out. curl 7.58.0 was
just packaged and uploaded and you can get it at

   https://curl.haxx.se/

This time we ship two security advisories in association with the release that
you might want to pay special attention to.

Curl and libcurl 7.58.0

  Public curl releases: 172
  Command line options: 211
  curl_easy_setopt() options: 249
  Public functions in libcurl: 74
  Contributors: 1685

This release includes the following changes:

  o new libssh-powered SSH SCP/SFTP back-end
  o curl-config: add --ssl-backends [10]

This release includes the following bugfixes:

  o http2: fix incorrect trailer buffer size [40]
  o http: prevent custom Authorization headers in redirects [55]
  o travis: add boringssl build [1]
  o examples/xmlstream.c: don't switch off CURL_GLOBAL_SSL [2]
  o SSL: Avoid magic allocation of SSL backend specific data [3]
  o lib: don't export all symbols, just everything curl_* [4]
  o libssh2: send the correct CURLE error code on scp file not found
  o libssh2: return CURLE_UPLOAD_FAILED on failure to upload
  o openssl: enable pkcs12 in boringssl builds [5]
  o libssh2: remove dead code from SSH_SFTP_QUOTE [6]
  o sasl_getmesssage: make sure we have a long enough string to pass [7]
  o conncache: fix several lock issues [8]
  o threaded-shared-conn.c: new example
  o conncache: only allow multiplexing within same multi handle [9]
  o configure: check for netinet/in6.h [11]
  o URL: tolerate backslash after drive letter for FILE: [12]
  o openldap: add commented out debug possibilities [13]
  o include: get netinet/in.h before linux/tcp.h [14]
  o CONNECT: keep close connection flag in http_connect_state struct [15]
  o BINDINGS: another PostgreSQL client
  o curl: limit -# update frequency for unknown total size [16]
  o configure: add AX_CODE_COVERAGE only if using gcc [17]
  o curl.h: remove incorrect comment about ERRORBUFFER
  o openssl: improve data-pending check for https proxy [18]
  o curl: remove __EMX__ #ifdefs [19]
  o CURLOPT_PRIVATE.3: fix grammar [20]
  o sftp: allow quoted commands to use relative paths [21]
  o CURLOPT_DNS_CACHE_TIMEOUT.3: see also CURLOPT_RESOLVE
  o RESOLVE: output verbose text when trying to set a duplicate name
  o openssl: Disable file buffering for Win32 SSLKEYLOGFILE [22]
  o multi_done: prune DNS cache [23]
  o tests: update .gitignore for libtests
  o tests: mark data files as non-executable in git
  o CURLOPT_DNS_LOCAL_IP4.3: fixed the "SEE ALSO" to not self-reference
  o curl.1: documented two missing valid exit codes
  o curl.1: mention http:// and https:// as valid proxy prefixes
  o vtls: replaced getenv() with curl_getenv() [24]
  o setopt: less *or equal* than INT_MAX/1000 should be fine [25]
  o examples/smtp-mail.c: use separate defines for options and mail
  o curl: support >256 bytes warning messsages [26]
  o conncache: fix a return code
  o krb5: fix a potential access of uninitialized memory
  o rand: add a clang-analyzer work-around
  o CURLOPT_READFUNCTION.3: refer to argument with correct name [27]
  o brotli: allow compiling with version 0.6.0
  o content_encoding: rework zlib_inflate [28]
  o curl_easy_reset: release mime-related data [29]
  o examples/rtsp: fix error handling macros [30]
  o build-openssl.bat: Added support for VC15
  o build-wolfssl.bat: Added support for VC15
  o build: Added Visual Studio 2017 project files
  o winbuild: Added support for VC15
  o curl: Support size modifiers for --max-filesize [32]
  o examples/cacertinmem: ignore cert-already-exists error [33]
  o brotli: data at the end of content can be lost [34]
  o curl_version_info.3: call the argument 'age' [35]
  o openssl: fix memory leak of SSLKEYLOGFILE filename
  o build: remove HAVE_LIMITS_H check [36]
  o --mail-rcpt: fix short-text description
  o scripts: allow all perl scripts to be run directly [37]
  o progress: calculate transfer speed on milliseconds if possible [38]
  o system.h: check __LONG_MAX__ for defining curl_off_t [31]
  o easy: fix connection ownership in curl_easy_pause [39]
  o setopt: reintroduce non-static Curl_vsetopt() for OS400 support [41]
  o setopt: fix SSLVERSION to allow CURL_SSLVERSION_MAX_ values [42]
  o configure.ac: append extra linker flags instead of prepending them [43]
  o HTTP: bail out on negative Content-Length: values [44]
  o docs: comment about CURLE_READ_ERROR returned by curl_mime_filedata
  o mime: clone mime tree upon easy handle duplication [45]
  o openssl: enable SSLKEYLOGFILE support by default [46]
  o smtp/pop3/imap_get_message: decrease the data length too... [47]
  o CURLOPT_TCP_NODELAY.3: fix typo [48]
  o SMB: fix numeric constant suffix and variable types [49]
  o ftp-wildcard: fix matching an empty string with "*[^a]" [50]
  o curl_fnmatch: only allow 5 '*' sections in a single pattern
  o openssl: fix potential memory leak in SSLKEYLOGFILE logic
  o SSH: Fix state machine for ssh-agent authentication [51]
  o examples/url2file.c: add missing curl_global_cleanup() call [52]
  o http2: don't close connection when single transfer is stopped [53]
  o libcurl-env.3: first version
  o curl: progress bar refresh, get width using ioctl() [54]
  o CONNECT_TO: fail attempt to set an IPv6 numerical without IPv6 support [56]

This release includes the following known bugs:

  o see docs/KNOWN_BUGS (https://curl.haxx.se/docs/knownbugs.html)

This release would not have looked like this without help, code, reports and
advice from friends like these:

   ahodesuka on github, Andreas Schneider, Basuke Suzuki, Brad Spencer,
   Chester Liu, cmfrolick on github, Craig de Stigter, Daniel Stenberg,
   Dan Johnson, David Benjamin, Dima Tisnek, Dimitrios Apostolou,
   Dmitry Kostjuchenko, Dominik Hölzl, Elliot Saba, Frank Gevaerts, Gisle Vanem,
   guitared on github, Jan Ehrhardt, Johannes Schindelin, John DeHelian,
   John Hascall, jonrumsey on github, jungle-boogie on github, Kartik Mahajan,
   Martin Galvan, Matthew Kerwin, Mattias Fornander, Max Dymond, Michael Felt,
   Michael Gmelin, Michael Kaufmann, Mikalai Ananenka, Nikos Mavrogiannopoulos,
   Oleg Pudeyev, Patrick Dawson, Patrick Monnerat, Per Malmberg, Pete Lomax,
   Rainer Canavan, Randall S. Becker, Ray Satiro, Richard Alcock, Robert Kolcun,
   Sean MacLennan, Stanislav Zidek, Stepan Broz, Steve Holme,
   Thomas van Hesteren, Tomas Mraz, W. Mark Kubacki, XhstormR on github,
   Zachary Seguin, Zhouyihai Ding,
   (54 contributors)

         Thanks! (and sorry if I forgot to mention someone)

References to bug reports and discussions on issues:

  [1] = https://curl.haxx.se/bug/?i=2118
  [2] = https://curl.haxx.se/mail/lib-2017-12/0000.html
  [3] = https://curl.haxx.se/bug/?i=2119
  [4] = https://curl.haxx.se/bug/?i=2127
  [5] = https://curl.haxx.se/bug/?i=2134
  [6] = https://curl.haxx.se/bug/?i=2143
  [7] = https://curl.haxx.se/bug/?i=2150
  [8] = https://curl.haxx.se/bug/?i=2132
  [9] = https://curl.haxx.se/bug/?i=2152
  [10] = https://curl.haxx.se/bug/?i=2128
  [11] = https://curl.haxx.se/bug/?i=2146
  [12] = https://curl.haxx.se/bug/?i=2154
  [13] = https://curl.haxx.se/bug/?i=2159
  [14] = https://curl.haxx.se/bug/?i=2160
  [15] = https://curl.haxx.se/bug/?i=2088
  [16] = https://curl.haxx.se/bug/?i=2158
  [17] = https://curl.haxx.se/bug/?i=2076
  [18] = https://curl.haxx.se/bug/?i=1916
  [19] = https://curl.haxx.se/bug/?i=2166
  [20] = https://curl.haxx.se/bug/?i=2168
  [21] = https://curl.haxx.se/bug/?i=1900
  [22] = https://github.com/curl/curl/pull/1346#issuecomment-350530901
  [23] = https://curl.haxx.se/bug/?i=2169
  [24] = https://curl.haxx.se/bug/?i=2171
  [25] = https://curl.haxx.se/bug/?i=2173
  [26] = https://curl.haxx.se/bug/?i=2174
  [27] = https://curl.haxx.se/bug/?i=2175
  [28] = https://curl.haxx.se/bug/?i=2068
  [29] = https://curl.haxx.se/mail/lib-2017-12/0060.html
  [30] = https://curl.haxx.se/bug/?i=2185
  [31] = https://curl.haxx.se/bug/?i=2216
  [32] = https://curl.haxx.se/bug/?i=2179
  [33] = https://curl.haxx.se/mail/lib-2017-12/0057.html
  [34] = https://curl.haxx.se/bug/?i=2194
  [35] = https://curl.haxx.se/mail/lib-2017-12/0074.html
  [36] = https://curl.haxx.se/bug/?i=2215
  [37] = https://curl.haxx.se/bug/?i=2222
  [38] = https://curl.haxx.se/bug/?i=2200
  [39] = https://curl.haxx.se/bug/?i=2217
  [40] = https://curl.haxx.se/docs/adv_2018-824a.html
  [41] = https://curl.haxx.se/bug/?i=2230
  [42] = https://curl.haxx.se/bug/?i=2225
  [43] = https://curl.haxx.se/bug/?i=2234
  [44] = https://curl.haxx.se/bug/?i=2212
  [45] = https://curl.haxx.se/bug/?i=2235
  [46] = https://curl.haxx.se/bug/?i=2210
  [47] = https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5206
  [48] = https://curl.haxx.se/bug/?i=2239
  [49] = https://curl.haxx.se/bug/?i=2211
  [50] = https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5251
  [51] = https://curl.haxx.se/bug/?i=2248
  [52] = https://curl.haxx.se/bug/?i=2245
  [53] = https://curl.haxx.se/bug/?i=2237
  [54] = https://curl.haxx.se/bug/?i=2242
  [55] = https://curl.haxx.se/docs/adv_2018-b3bf.html
  [56] = https://curl.haxx.se/mail/lib-2018-01/0087.html

-- 
  / daniel.haxx.se

-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2018-01-24