1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
|
Curl and libcurl 7.38.0
Public curl releases: 141
Command line options: 162
curl_easy_setopt() options: 208
Public functions in libcurl: 58
Contributors: 1164
This release includes the following changes:
o CURLE_HTTP2 is a new error code
o CURLAUTH_NEGOTIATE is a new auth define
o CURL_VERSION_GSSAPI is a new capability bit
o no longer use fbopenssl for anything
o schannel: use CryptGenRandom for random numbers
o axtls: define curlssl_random using axTLS's PRNG
o cyassl: use RNG_GenerateBlock to generate a good random number
o findprotocol: show unsupported protocol within quotes
o version: detect and show LibreSSL
o version: detect and show BoringSSL
o Kerberos (SASL GSSAPI) authentication working for IMAP, SMTP and POP3
This release includes the following bugfixes:
o fix a build failure on Debian when NSS support is enabled [1]
o http2: fixed compiler warnings when built disabled [2]
o cyassl: return the correct error code on no CA cert
o http: Deprecate GSS-Negotiate macros due to bad naming
o http: Fixed Negotiate: authentication
o multi: Improve proxy CONNECT performance (regression) [3]
o ntlm_wb: Avoid invoking ntlm_auth helper with empty username
o ntlm_wb: Fix hard-coded limit on NTLM auth packet size
o url.c: use the preferred symbol name: *READDATA [4]
o smtp: fixed a segfault during test 1320 torture test
o cyassl: made it compile with version 2.0.6 again
o nss: do not check the version of NSS at run time
o c-ares: fix build without IPv6 support [5]
o http2: use base64url encoding [6]
o SSPI Negotiate: Fix 3 memory leaks
o libtest: fixed duplicated line in Makefile [7]
o conncache: fix compiler warning [8]
o openssl: make ossl_send return CURLE_OK better
o HTTP2: Support expect: 100-continue
o HTTP/2: Fix infinite loop in readwrite_data()
o parsedate: fix the return code for an overflow edge condition
o darwinssl: don't use strtok()
o http_negotiate_sspi: Fixed specific username and password not working [9]
o openssl: replace call to OPENSSL_config [10]
o http2: show the received header for better debugging
o HTTP/2: Move :authority before non-pseudo header fields
o HTTP/2: Reset promised stream, not its associated stream
o http2: added some more logging for debugging stream problems
o ntlm: Added support for SSPI package info query
o ntlm: Fixed hard coded buffer for SSPI based auth packet generation
o sasl_sspi: Fixed memory leak with not releasing Package Info struct
o sasl_sspi: Fixed SPN not being converted to wchar under Unicode builds
o sasl: Use a dynamic buffer for DIGEST-MD5 SPN generation
o http_negotiate_sspi: Use a dynamic buffer for SPN generation
o sasl_sspi: Fixed missing free of challenge buffer on SPN failure
o sasl_sspi: Fixed hard coded buffer for response generation
o Curl_poll + Curl_wait_ms: fix timeout return value
o docs/SSLCERTS: update the section about NSS database
o create_conn: prune dead connections [11]
o openssl: fix version report for the 0.9.8 branch
o mk-ca-bundle.pl: switched to using hg.mozilla.org [12]
o http: fix the Content-Range: parser [13]
o Curl_disconnect: don't free the URL [14]
o win32: Fixed WinSock 2 #if [15]
o NTLM: ignore CURLOPT_FORBID_REUSE during NTLM HTTP auth
o curl.1: clarify --limit-rate's effect on both directions [16]
o disconnect: don't touch easy-related state on disconnects [17]
o Cmake: big cleanup and numerous fixes
This release includes the following known bugs:
o see docs/KNOWN_BUGS (http://curl.haxx.se/docs/knownbugs.html)
This release would not have looked like this without help, code, reports and
advice from friends like these:
Alessandro Ghedini, Anthon Pang, Dan Fandrich, Daniel Stenberg, Dave Reisner,
David Shaw, David Woodhouse, Dimitrios Siganos, Ed Morley, Fabian Keil,
Frank Meier, Haris Okanovic, Jakub Zakrzewski, Jan Ehrhardt, Jonatan Vela,
Jose Alf, Kamil Dudka, Leonardo Rosati, Marcel Raad, Michael Osipov,
Michael Wallner, Paras S, Patrick Monnerat, Paul Saab, Peter Wang,
Rafaël Carré, Sergey Nikulov, Spork Schivago, Steve Holme,
Tatsuhiro Tsujikawa, Toby Peterson,
Thanks! (and sorry if I forgot to mention someone)
References to bug reports and discussions on issues:
[1] = http://curl.haxx.se/mail/lib-2014-07/0209.html
[2] = http://curl.haxx.se/mail/lib-2014-07/0202.html
[3] = http://curl.haxx.se/bug/view.cgi?id=1397
[4] = http://curl.haxx.se/bug/view.cgi?id=1398
[5] = http://curl.haxx.se/mail/lib-2014-07/0337.html
[6] = https://github.com/tatsuhiro-t/nghttp2/issues/62
[7] = https://github.com/bagder/curl/pull/105
[8] = http://curl.haxx.se/bug/view.cgi?id=1399
[9] = http://curl.haxx.se/mail/lib-2014-06/0224.html
[10] = http://curl.haxx.se/bug/view.cgi?id=1401
[11] = http://curl.haxx.se/mail/lib-2014-06/0189.html
[12] = http://curl.haxx.se/bug/view.cgi?id=1409
[13] = http://curl.haxx.se/mail/lib-2014-06/0221.html
[14] = http://curl.haxx.se/mail/lib-2014-08/0148.html
[15] = http://curl.haxx.se/mail/lib-2014-08/0155.html
[16] = http://curl.haxx.se/bug/view.cgi?id=1414
[17] = http://curl.haxx.se/mail/lib-2014-08/0148.html
|