Erstellt vor 10 Tagen

Geschlossen vor 6 Tagen

#2945 closed version bump (fixed)

curl-7.56.1 -> 7.57.0

Erstellt von: f_666 Verantwortlicher:
Priorität: low Meilenstein: freetz-next
Komponente: packages Version: devel
Stichworte: curl Beobachter:
Product Id: Firmware Version:

Beschreibung

Fixed in 7.57.0 - November 29 2017

Changes:

auth: add support for RFC7616 - HTTP Digest access authentication
share: add support for sharing the connection cache
HTTP: implement Brotli content encoding

Bugfixes:

CVE-2017-8816: NTLM buffer overflow via integer overflow
CVE-2017-8817: FTP wildcard out of bounds read
CVE-2017-8818: SSL out of buffer access
curl_mime_filedata.3: fix typos
libtest: Add required test libraries for lib1552 and lib1553
fix time diffs for systems using unsigned time_t
ftplistparser: memory leak fix: free temporary memory always
multi: allow table handle sizes to be overridden
wildcards: don't use with non-supported protocols
curl_fnmatch: return error on illegal wildcard pattern
transfer: Fix chunked-encoding upload too early exit
curl_setup: Improve detection of CURL_WINDOWS_APP
resolvers: only include anything if needed
setopt: fix CURLOPT_SSH_AUTH_TYPES option read
appveyor: add a win32 build
Curl_timeleft: change return type to timediff_t
cmake: Export libcurl and curl targets to use by other cmake projects
curl: in -F option arg, comma is a delimiter for files only
curl: improved ";type=" handling in -F option arguments
timeval: use mach_absolute_time() on MacOS
curlx: the timeval functions are no longer provided as curlx_*
mkhelp.pl: do not generate comment with current date
memdebug: use send/recv signature for curl_dosend/curl_dorecv
cookie: avoid NULL dereference
url: fix CURLOPT_POSTFIELDSIZE arg value check to allow -1
include: remove conncache.h inclusion from where its not needed
CURLOPT_MAXREDIRS: allow -1 as a value
tests: Fixed torture tests on tests 556 and 650
http2: Fixed OOM handling in upgrade request
url: fix CURLOPT_DNS_CACHE_TIMEOUT arg value check to allow -1
CURLOPT_INFILESIZE: accept -1
curl: pass through [] in URLs instead of calling globbing error
curl: speed up handling of many URLs
ntlm: avoid malloc(0) for zero length passwords
url: remove faulty arg value check from CURLOPT_SSH_AUTH_TYPES
HTTP: support multiple Content-Encodings
travis: add a job with brotli enabled
url: remove unncessary NULL-check
fnmatch: remove dead code
connect: store IPv6 connection status after valid connection
imap: deal with commands case insensitively
—interface: add support for Linux VRF
content_encoding: fix inflate_stream for no bytes available
cmake: Correctly include curl.rc in Windows builds
cmake: Add missing setmode check
connect.c: remove executable bit on file
SMB: fix uninitialized local variable
zlib/brotli: only include header files in modules needing them
URL: return error on malformed URLs with junk after IPv6 bracket
openssl: fix too broad use of HAVE_OPAQUE_EVP_PKEY
macOS: Fix missing connectx function with Xcode version older than 9.0
—resolve: allow IP address within [] brackets
examples/curlx: Fix code style
ntlm: remove unnecessary NULL-check to please scan-build
Curl_llist_remove: fix potential NULL pointer deref
mime: fix "Value stored to 'sz' is never read" scan-build error
openssl: fix "Value stored to 'rc' is never read" scan-build error
http2: fix "Value stored to 'hdbuf' is never read" scan-build error
http2: fix "Value stored to 'end' is never read" scan-build error
Curl_open: fix OOM return error correctly
url: reject ASCII control characters and space in host names
examples/rtsp: clear RANGE again after use
connect: improve the bind error message
make: fix "make distclean"
connect: add support for new TCP Fast Open API on Linux
metalink: fix memory-leak and NULL pointer dereference
URL: update "file:" URL handling
ssh: remove check for a NULL pointer
global_init: ignore CURL_GLOBAL_SSL's absense

Anhänge (1)

freetz_curl_versionbump.diff (1.3 KB) - hinzugefügt von f_666 vor 10 Tagen.

Alle Anhänge herunterladen als: .zip

Änderungshistorie (4)

Geändert vor 10 Tagen durch f_666

comment:1 Geändert vor 10 Tagen durch f_666

(Compile-)Getestet mit einer 7490, mit SSL und mit & ohne SFTP Unterstützung.

comment:2 Geändert vor 7 Tagen durch f_666

Kann geschlossen werden, ist in r14573 drin.

comment:3 Geändert vor 6 Tagen durch Whoopie

  • Lösung auf fixed gesetzt
  • Status von new nach closed geändert
Hinweis: Hilfe zur Verwendung von Tickets finden Sie in TracTickets.