bump: start working on 7.51.1

author: Daniel Stenberg <daniel@haxx.se> 2016-11-03 10:08:26 +0100
committer: Daniel Stenberg <daniel@haxx.se> 2016-11-03 10:08:26 +0100
commit: 71cfce9ce7ae91dc4f8b99042ad122bf07db0a79 (patch)
tree: 8004977f16b501dc3dc2a8ddfe05e7bccf059eba /RELEASE-NOTES
parent: d7e5f182796c818e6fd412fdd4d2270d838612b5 (diff)
1 files changed, 6 insertions, 118 deletions
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index ead6c0b30..d224476d5 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -1,6 +1,6 @@
-Curl and libcurl 7.51.0
+Curl and libcurl 7.51.1
 
- Public curl releases:         160
+ Public curl releases:         161
  Command line options:         185
  curl_easy_setopt() options:   225
  Public functions in libcurl:  61
@@ -8,72 +8,12 @@ Curl and libcurl 7.51.0
 
 This release includes the following changes:
 
- o nss: additional cipher suites are now accepted by CURLOPT_SSL_CIPHER_LIST
- o New option: CURLOPT_KEEP_SENDING_ON_ERROR [10]
+ o
 
 This release includes the following bugfixes:
 
- o CVE-2016-8615: cookie injection for other servers [28]
- o CVE-2016-8616: case insensitive password comparison [29]
- o CVE-2016-8617: OOB write via unchecked multiplication [30]
- o CVE-2016-8618: double-free in curl_maprintf [31]
- o CVE-2016-8619: double-free in krb5 code [32]
- o CVE-2016-8620: glob parser write/read out of bounds [33]
- o CVE-2016-8621: curl_getdate read out of bounds [34]
- o CVE-2016-8622: URL unescape heap overflow via integer truncation [35]
- o CVE-2016-8623: Use-after-free via shared cookies [36]
- o CVE-2016-8624: invalid URL parsing with '#' [37]
- o CVE-2016-8625: IDNA 2003 makes curl use wrong host [38]
- o openssl: fix per-thread memory leak using 1.0.1 or 1.0.2 [1]
- o http: accept "Transfer-Encoding: chunked" for HTTP/2 as well [2]
- o LICENSE-MIXING.md: update with mbedTLS dual licensing [3]
- o examples/imap-append: Set size of data to be uploaded [4]
- o test2048: fix url
- o darwinssl: disable RC4 cipher-suite support
- o CURLOPT_PINNEDPUBLICKEY.3: fix the AVAILABILITY formatting
- o openssl: don’t call CRYTPO_cleanup_all_ex_data [5]
- o libressl: fix version output [6]
- o easy: Reset all statistical session info in curl_easy_reset [7]
- o curl_global_cleanup.3: don't unload the lib with sub threads running [8]
- o dist: add CurlSymbolHiding.cmake to the tarball
- o docs: Remove that --proto is just used for initial retrieval [9]
- o configure: Fixed builds with libssh2 in a custom location
- o curl.1: --trace supports % for sending to stderr!
- o cookies: same domain handling changed to match browser behavior [11]
- o formpost: trying to attach a directory no longer crashes [12]
- o CURLOPT_DEBUGFUNCTION.3: fixed unused argument warning [13]
- o formpost: avoid silent snprintf() truncation
- o ftp: fix Curl_ftpsendf
- o mprintf: return error on too many arguments
- o smb: properly check incoming packet boundaries [14]
- o GIT-INFO: remove the Mac 10.1-specific details [15]
- o resolve: add error message when resolving using SIGALRM [16]
- o cmake: add nghttp2 support [17]
- o dist: remove PDF and HTML converted docs from the releases [18]
- o configure: disable poll() in macOS builds [19]
- o vtls: only re-use session-ids using the same scheme
- o pipelining: skip to-be-closed connections when pipelining [20]
- o win: fix Universal Windows Platform build [21]
- o curl: do not set CURLOPT_SSLENGINE to DEFAULT automatically [22]
- o maketgz: make it support "only" generating version info
- o Curl_socket_check: add extra check to avoid integer overflow
- o gopher: properly return error for poll failures
- o curl: set INTERLEAVEDATA too
- o polarssl: clear thread array at init
- o polarssl: fix unaligned SSL session-id lock
- o polarssl: reduce #ifdef madness with a macro
- o curl_multi_add_handle: set timeouts in closure handles [23]
- o configure: set min version flags for builds on mac [24]
- o INSTALL: converted to markdown => INSTALL.md
- o curl_multi_remove_handle: fix a double-free [25]
- o multi: fix inifinte loop in curl_multi_cleanup() [26]
- o nss: fix tight loop in non-blocking TLS handhsake over proxy [27]
- o mk-ca-bundle: Change URL retrieval to HTTPS-only by default [39]
- o mbedtls: stop using deprecated include file [40]
- o docs: fix req->data in multi-uv example [41]
- o configure: Fix test syntax for monotonic clock_gettime
- o CURLMOPT_MAX_PIPELINE_LENGTH.3: Clarify it's not for HTTP/2 [42]
-
+ o
+ 
 This release includes the following known bugs:
 
  o see docs/KNOWN_BUGS (https://curl.haxx.se/docs/knownbugs.html)
@@ -81,61 +21,9 @@ This release includes the following known bugs:
 This release would not have looked like this without help, code, reports and
 advice from friends like these:
 
-  Akshay Vernekar, Alexander Sinditskiy, Anders Bakken, Andreas Streichardt,
-  Andrei Sedoi, Bernard Spil, Christian Heimes, Dan Fandrich,
-  Daniel Gustafsson, Daniel Stenberg, Darío Hereñú, David Woodhouse,
-  Fernando Muñoz, Gregory Szorc, Jeroen Ooms, Kamil Dudka, Luật Nguyễn,
-  lukaszgn on github, Marcel Raad, Martin Frodl, Martin Storsjö,
-  Michael Kaufmann, Michael Osipov, Miloš Ljumović, Nick Zitzmann,
-  nopjmp on github, Paul Joyce, Rainer Müller, Ray Satiro, Remo E,
-  Rider Linden, Sebastian Mundry, Sergei Kuzmin, Stephen Brokenshire,
-  Tobias Stoeckmann, Toby Peterson, Todd Short, Tony Kelman, Torben Dannhauer,
-  Valentin David,
-  (40 contributors)
 
         Thanks! (and sorry if I forgot to mention someone)
 
 References to bug reports and discussions on issues:
 
- [1] = https://curl.haxx.se/bug/?i=964
- [2] = https://curl.haxx.se/bug/?i=1013
- [3] = https://curl.haxx.se/bug/?i=1019
- [4] = https://curl.haxx.se/bug/?i=1011
- [5] = https://curl.haxx.se/mail/lib-2016-09/0045.html
- [6] = https://curl.haxx.se/bug/?i=1029
- [7] = https://curl.haxx.se/bug/?i=1017
- [8] = https://curl.haxx.se/bug/?i=997
- [9] = https://curl.haxx.se/bug/?i=1031
- [10] = https://curl.haxx.se/libcurl/c/CURLOPT_KEEP_SENDING_ON_ERROR.html
- [11] = https://curl.haxx.se/bug/?i=1050
- [12] = https://curl.haxx.se/bug/?i=1053
- [13] = https://curl.haxx.se/bug/?i=1056
- [14] = https://curl.haxx.se/bug/?i=1052
- [15] = https://curl.haxx.se/bug/?i=1049
- [16] = https://curl.haxx.se/bug/?i=1066
- [17] = https://curl.haxx.se/bug/?i=922
- [18] = https://curl.haxx.se/mail/lib-2016-10/0040.html
- [19] = https://curl.haxx.se/bug/?i=1057
- [20] = https://curl.haxx.se/bug/?i=1075
- [21] = https://curl.haxx.se/bug/?i=1048
- [22] = https://curl.haxx.se/bug/?i=1042
- [23] = https://curl.haxx.se/bug/?i=739
- [24] = https://curl.haxx.se/bug/?i=1069
- [25] = https://curl.haxx.se/bug/?i=1083
- [26] = https://curl.haxx.se/mail/lib-2016-10/0011.html
- [27] = https://bugzilla.redhat.com/1388162
- [28] = https://curl.haxx.se/docs/adv_20161102A.html
- [29] = https://curl.haxx.se/docs/adv_20161102B.html
- [30] = https://curl.haxx.se/docs/adv_20161102C.html
- [31] = https://curl.haxx.se/docs/adv_20161102D.html
- [32] = https://curl.haxx.se/docs/adv_20161102E.html
- [33] = https://curl.haxx.se/docs/adv_20161102F.html
- [34] = https://curl.haxx.se/docs/adv_20161102G.html
- [35] = https://curl.haxx.se/docs/adv_20161102H.html
- [36] = https://curl.haxx.se/docs/adv_20161102I.html
- [37] = https://curl.haxx.se/docs/adv_20161102J.html
- [38] = https://curl.haxx.se/docs/adv_20161102K.html
- [39] = https://curl.haxx.se/bug/?i=1012
- [40] = https://curl.haxx.se/bug/?i=1087
- [41] = https://curl.haxx.se/bug/?i=1088
- [42] = https://curl.haxx.se/bug/?i=1059
+ [1] = https://curl.haxx.se/bug/?i=
author	Daniel Stenberg <daniel@haxx.se>	2016-11-03 10:08:26 +0100
committer	Daniel Stenberg <daniel@haxx.se>	2016-11-03 10:08:26 +0100
commit	71cfce9ce7ae91dc4f8b99042ad122bf07db0a79 (patch)
tree	8004977f16b501dc3dc2a8ddfe05e7bccf059eba /RELEASE-NOTES
parent	d7e5f182796c818e6fd412fdd4d2270d838612b5 (diff)