Mainly thanks to the 22 friends named in the release notes, curl and libcurl 7.18.1 was released today with the news and fixes that should prove this the best curl and libcurl versions ever – I guess we always have to believe that our latest is the greatest, why else would we release it?
The release notes identifies 23 bug fixes we did during the two months since the last release, and the news we introduce include these goodies:
- added support for “HttpOnly” cookies
- ‘make ca-bundle’ downloads and generates an updated ca bundle file
- we no longer distribute or install a ca cert bundle
- SSLv2 is now disabled by default for SSL operations
- the test509-style setting URL in callback is officially no longer supported
- support a full chain of certificates in a given PKCS12 certificate
- resumed transfers work with SFTP
- added type checking macros for curl_easy_setopt() and curl_easy_getinfo(), watch out for new warnings in code using libcurl (needs gcc-4.3 and currently only works in C mode)
- curl_easy_setopt(), curl_easy_getinfo(), curl_share_setopt() and curl_multi_setopt() uses are now checked to use exactly three arguments
- –with-ca-path=DIR configure option allows to set an openSSL CApath instead of a default ca bundle.
As usual, you can download it here.
It is yet again time to pause the add-new-features-craze in order to settle down and fix a few more remaining bugs before we go ship another curl and libcurl release in the beginning of April.
So at March 20 we hold back and only fix bugs for about 2 weeks until we release curl and libcurl 7.18.1.
The only currently mentioned flaw in TODO-RELEASE to fix before this release is the claimed race condition in win32 gethostbyname_thread but since the reporter doesn’t respond anymore and we can’t repeat the problem it is deemed to just be buried and forgotten.
Other problems currently mentioned on the mailing list is a POST problem with digest and read callbacks and a mysterious bad progress callbacks for uploads, but none of them seem very serious and thus terribly important to get fixed in case they should turn out hard-to-fix.
Yes, I picked the date on purpose as that is the magic date in this project. Especially this year.
I’m happy to announce the 103rd curl release: curl and libcurl 7.18.0.
No less than 35 persons beside myself contributed with info, reports and/or code to make the release as it turned out. We’ve added a bunch of new features and we’ve solved well over 30 different bugs. This is the news:
- curl-config –features and –protocols show the correct output when built with NSS, and also when SCP, SFTP and libz are not available
- free problem in the curl tool for users with empty home dir
- curl.h version 7.17.1 problem when building C++ apps with MSVC
- SFTP and SCP use persistent connections
- segfault on bad URL
- variable wrapping when using absolutely huge send buffer sizes
- variable wrapping when using debug callback and the HTTP request wasn’t sent in one go
- SSL connections with NSS done with the multi-interface
- setting a share no longer activates cookies
- Negotiate now works on auth and proxy simultaneously
- support HTTP Digest nonces up to 1023 letters
- resumed ftp upload no longer requires the read callback to return full buffers
- no longer default-appends ;type= on FTP URLs thru proxies
- SSL session id caching
- POST with callback over proxy requiring NTLM or Digest
- Expect: 100-continue flaw on re-used connection with POSTs
- build fix for MSVC 9.0 (VS2008)
- Windows curl builds failed file truncation when retry downloading
- SSL session ID cache memory leak
- bad connection re-use check with environment variable-activated proxy use
- –libcurl now generates a return statement as well
- socklen_t is no longer used in the public includes
- time zone offsets from -1400 to +1400 are now accepted by the date parser
- allows more spaces in WWW/Proxy-Authenticate: headers
- curl-config –libs skips /usr/lib64
- range support for file:// transfers
- libcurl hang with huge POST request and request-body read from callback
- removed extra newlines from many error messages
- improved pipelining
- improved OOM handling for data url encoded HTTP POSTs when read from a file
- test suite could pick wrong tool(s) if more than one existed in the PATH
- curl_multi_fdset() failed to return socket while doing CONNECT over proxy
- curl_multi_remove_handle() on a handle that is in used for a pipeline now break that pipeline
- CURLOPT_COOKIELIST memory leaks
- progress meter/callback during http proxy CONNECT requests
- auth for http proxy when the proxy closes connection after first response
SONAME bump and more is included in the fresh new c-ares release, when the changes from the Google camp was incorporated. There have also been a fair bunch of bug fixes that should make this the best c-ares version so far.
There are some indications c-ares is coming to Debian. It seems to already be packaged and made available for at least Fedora, Gentoo, OpenSuse and more…
Update: I quickly released a 1.5.1 since I messed up with the 1.5.0 which didn’t build out of the tarball…