curl / Mailing Lists / curl-library / Single Mail


[RELEASE] curl 7.54.0

From: Daniel Stenberg <>
Date: Wed, 19 Apr 2017 08:00:36 +0200 (CEST)

Hi friends!

I'm happy to announce the latest curl release. Get it as usual from:

Curl and libcurl 7.54.0

  Public curl releases: 165
  Command line options: 207
  curl_easy_setopt() options: 245
  Public functions in libcurl: 61
  Contributors: 1538

This release includes the following changes:
  o Add --max-tls [19]
  o Add --suppress-connect-headers [24]

This release includes the following bugfixes:

  o CVE-2017-7468: switch off SSL session id when client cert is used [68]
  o cmake: Replace invalid UTF-8 byte sequence [1]
  o tests: use consistent environment variables for setting charset
  o proxy: fixed a memory leak on OOM
  o ftp: removed an erroneous free in an OOM path
  o docs: de-duplicate file lists in the Makefiles [2]
  o ftp: fixed a NULL pointer dereference on OOM
  o gopher: fixed detection of an error condition from Curl_urldecode
  o url: fix unix-socket support for proxy-disabled builds [3]
  o test1139: allow for the possibility that the man page is not rebuilt
  o cyassl: get library version string at runtime
  o digest_sspi: fix compilation warning
  o tests: enable HTTP/2 tests to run with non-default port numbers
  o warnless: suppress compiler warning
  o darwinssl: Warn that disabling host verify also disables SNI [4]
  o configure: fix for --enable-pthreads [5]
  o checksrc.bat: Ignore, curl_config.h
  o no-keepalive.d: fix typo [6]
  o configure: fix --with-zlib when a path is specified [7]
  o build: fix gcc7 implicit fallthrough warnings [8]
  o fix potential use of uninitialized variables [9]
  o CURLOPT_SSL_CTX_FUNCTION.3: Fix EXAMPLE formatting errors [10]
  o CMake: Reorganize SSL support, separate WinSSL and SSPI [11]
  o CMake: Add DarwinSSL support [12]
  o CMake: Add mbedTLS support [13]
  o ares: return error at once if timed out before name resolve starts [14]
  o BINDINGS: added C++, perl, go and Scilab bindings
  o URL: return error on malformed URLs with junk after port number
  o KNOWN_BUGS: Add DarwinSSL won't import PKCS#12 without a password [15]
  o http2: Fix assertion error on redirect with CL=0 [16]
  o Update man pages to use current date and versions [17]
  o --insecure: clarify that this option is for server connections [18]
  o mkhelp: simplified the gzip code
  o build: fixed making man page in out-of-tree tarball builds
  o tests: disabled 1903 due to flakiness
  o openssl: add two /* FALLTHROUGH */ to satisfy coverity
  o cmdline-opts: fixed a few typos
  o authneg: clear auth.multi flag at http_done [20]
  o curl_easy_reset: Also reset the authentication state [21]
  o proxy: skip SSL initialization for closed connections [22]
  o http_proxy: ignore TE and CL in CONNECT 2xx responses [23]
  o tool_writeout: fixed a buffer read overrun on --write-out
  o make: regenerate docs/curl.1 by running make in docs [25]
  o winbuild: add basic support for OpenSSL 1.1.x [26]
  o build: removed redundant DEPENDENCIES from makefiles
  o CURLINFO_LOCAL_PORT.3: added example
  o curl: show HTTPS-Proxy options on CURLE_SSL_CACERT [27]
  o tests: strip more options from non-HTTP --libcurl tests
  o tests: fixed the documented test server port numbers
  o fixed display of the Gopher IPv6 port number
  o multi: fix streamclose() crash in debug mode [28]
  o cmake: build manual pages [29]
  o cmake: add support for building HTML and PDF docs [30]
  o mbedtls: add support for CURLOPT_SSL_CTX_FUNCTION [31]
  o make: introduce 'test-nonflaky' target
  o CURLINFO_PRIMARY_IP.3: add example
  o tests/README: mention nroff for --manual tests [32]
  o mkhelp: disable compression if the perl gzip module is unavailable
  o openssl: fall back on SSL_ERROR_* string when no error detail [33]
  o asiohiper: make sure socket is open in event_cb [34]
  o tests/README: make "Run" section foolproof [35]
  o curl: check for end of input in writeout backslash handling
  o .gitattributes: turn off CRLF for *.am [36]
  o multi: fix MinGW-w64 compiler warnings
  o schannel: fix variable shadowing warning
  o openssl: exclude DSA code when OPENSSL_NO_DSA is defined [37]
  o http: Fix proxy connection reuse with basic-auth [38]
  o pause: handle mixed types of data when paused [39]
  o http: do not treat FTPS over CONNECT as HTTPS
  o conncache: make hashkey avoid malloc [40]
  o make: use the variable MAKE for recursive calls [41]
  o curl: fix callback argument inconsistency [42]
  o NTLM: check for features with #ifdef instead of #if [43]
  o cmake: add several missing files to the dist
  o select: use correct SIZEOF_ constant [44]
  o connect: fix unreferenced parameter warning
  o schannel: fix unused variable warning
  o gcc7: fix ‘*’ in boolean context [45]
  o http2: silence unused parameter warnings
  o ssh: fix narrowing conversion warning
  o telnet: (win32) fix read callback return variable [46]
  o docs: Explain --fail-early does not imply --fail [47]
  o docs: added examples for CURLINFO_FILETIME.3 and CURLOPT_FILETIME.3
  o tests/server/util: remove in6addr_any for recent MinGW [48]
  o multi: make curl_multi_wait avoid malloc in the typical case [49]
  o include: curl/system.h is a run-time version of curlbuild.h [50]
  o easy: silence compiler warning
  o llist: replace Curl_llist_alloc with Curl_llist_init [51]
  o hash: move key into hash struct to reduce mallocs [52]
  o url: don't free postponed data on connection reuse [53]
  o curl_sasl: declare mechtable static
  o curl: fix Windows Unicode build
  o multi: fix queueing of pending easy handles [54]
  o tool_operate: fix MinGW compiler warning [55]
  o low_speed_limit: improved function for longer time periods [56]
  o gtls: fix compiler warning
  o sspi: print out InitializeSecurityContext() error message [57]
  o schannel: fix compiler warnings [58]
  o vtls: fix unreferenced variable warnings
  o fix secure transport configure arguments
  o CURLINFO_SCHEME.3: fix variable type
  o libcurl-thread.3: also mention threaded-resolver [59]
  o nss: load CA certificates even with --insecure [60]
  o openssl: fix this statement may fall through [61]
  o poll: prefer <poll.h> over <sys/poll.h> [62]
  o polarssl: unbreak build with versions < 1.3.8 [63]
  o Curl_expire_latest: ignore already expired timers [64]
  o configure: turn implicit function declarations into errors [65]
  o mbedtls: fix memory leak in error path [66]
  o http2: fix handle leak in error path [67]
  o .gitattributes: force shell scripts to LF [69]
  o ignore CR after version numbers [70]
  o strip trailing CR [71]
  o openssl: make SSL_ERROR_to_str more future-proof [72]
  o openssl: fix thread-safety bugs in error-handling [73]
  o openssl: don't try to print nonexistant peer private keys [74]
  o nss: fix MinGW compiler warnings [75]

This release includes the following known bugs:

  o see docs/KNOWN_BUGS (

This release would not have looked like this without help, code, reports and
advice from friends like these:

   Ales Mlakar, Alex Bligh, Alexis La Goutte, Anatol Belski, Anders Roxell,
   Andrew Krieger, Antony74 on github, Antti Hätälä, Brian Carpenter,
   Carlo Cannas, Carlo Teubner, Dan Fandrich, Dániel Bakai, Daniel Gustafsson,
   Daniel Stenberg, David Benjamin, Desmond O. Chang, Edward Kimmel,
   Gisle Vanem, Giuseppe Persico, Greg Rowe, Hanno Böck, Isaac Boukris,
   Joel Depooter, Jozef Kralik, Justin Clift, ka7 on github, Kamil Dudka,
   Larry Stefani, lijian996 on github, madblobfish on github,
   Maksim Stsepanenka, Marc-Antoine Perennou, Marcel Raad, Martin Kepplinger,
   mccormickt12 on github, Michael Kaufmann, Michael Maltese, mkzero on github,
   Nehal J Wani, neheb on github, Orange Tsai, Palo Markovic, Paul Harris,
   Peter Pentchev, Peter Wu, Rainer Canavan, Ray Satiro, Simon Warta,
   Stephen Toub, Steve Brokenshire, Sylvestre Ledru, Tatsuhiro Tsujikawa,
   Thomas Glanzmann, zelinchen on github,
   (55 contributors)

         Thanks! (and sorry if I forgot to mention someone)

References to bug reports and discussions on issues:

  [1] =
  [2] =
  [3] =
  [4] =
  [5] =
  [6] =
  [7] =
  [8] =
  [9] =
  [10] =
  [11] =
  [12] =
  [13] =
  [14] =
  [15] =
  [16] =
  [17] =
  [18] =
  [19] =
  [20] =
  [21] =
  [22] =
  [23] =
  [24] =
  [25] =
  [26] =
  [27] =
  [28] =
  [29] =
  [30] =
  [31] =
  [32] =
  [33] =
  [34] =
  [35] =
  [36] =
  [37] =
  [38] =
  [39] =
  [40] =
  [41] =
  [42] =
  [43] =
  [44] =
  [45] =
  [46] =
  [47] =
  [48] =
  [49] =
  [50] =
  [51] =
  [52] =
  [53] =
  [54] =
  [55] =
  [56] =
  [57] =
  [58] =
  [59] =
  [60] =
  [61] =
  [62] =
  [63] =
  [64] =
  [65] =
  [66] =
  [67] =
  [68] =
  [69] =
  [70] =
  [71] =
  [72] =
  [73] =
  [74] =
  [75] =


Received on 2017-04-19