@@ -16,13 +16,17 @@ This release includes the following changes:
1616
1717This release includes the following bugfixes:
1818
19+ o CVE-2021-22297: schannel cipher selection surprise [132]
20+ o CVE-2021-22298: TELNET stack contents disclosure [131]
21+ o CVE-2021-22901: TLS session caching disaster [130]
1922 o AmigaOS: add functions definitions for SHA256 [126]
2023 o build: fix compilation for Windows UWP platform [82]
2124 o c-hyper: don't write to set.writeheader if null [67]
2225 o c-hyper: fix handling of zero-byte chunk from hyper [39]
2326 o c-hyper: handle body on HYPER_TASK_EMPTY [104]
2427 o checksrc: complain on == NULL or != 0 checks in conditions [20]
2528 o CI/cirrus: add shared and static Windows release builds [102]
29+ o cmake: add CURL_ENABLE_EXPORT_TARGET option [133]
2630 o cmake: check for getppid and utimes [87]
2731 o cmake: detect CURL_SA_FAMILY_T [124]
2832 o cmake: fix two invokes result in different curl_config.h [123]
@@ -83,6 +87,7 @@ This release includes the following bugfixes:
8387 o krb5/name_to_level: replace checkprefix with curl_strequal [49]
8488 o krb5: don't use 'static' to store PBSZ size response [23]
8589 o krb5: remove the unused 'overhead' function [35]
90+ o lib/hostip6.c: make NAT64 address synthesis on macOS work [135]
8691 o lib1564.c: enable last wakeup test part on Windows [26]
8792 o lib: fix 0-length Curl_client_write calls [60]
8893 o lib: fix some misuse of curlx_convert_UTF8_to_tchar [64]
@@ -118,6 +123,7 @@ This release includes the following bugfixes:
118123 o schannel: Disable auto credentials; add an option to enable it [18]
119124 o schannel: Support strong crypto option [44]
120125 o sectransp: allow cipher name to be specified [29]
126+ o sectransp: fix EXC_BAD_ACCESS caused by uninitialized buffer [136]
121127 o sigpipe: ignore SIGPIPE when using wolfSSL as well [70]
122128 o sockfilt: avoid getting stuck waiting for writable socket [80]
123129 o sockfilt: fix invalid increment of handles index variable nfd [79]
@@ -151,25 +157,26 @@ This release includes the following known bugs:
151157This release would not have looked like this without help, code, reports and
152158advice from friends like these:
153159
154- 3eka on github, Andrew Barnert, Ayushman Singh Chauhan, Benjamin Riefenstahl,
155- Blake Burkhart, Calvin Buckley, Cameron Cawley, Dan Fandrich,
156- Daniel Carpenter, Daniel Gustafsson, Daniel Stenberg, David Cook,
157- Denis Goleshchikhin, Dmitry Karpov, Dmitry Kostjuchenko, ebejan on github,
158- Emil Engler, Georeth Zhou, Gergely Nagy, Gilles Vollant, Harry Sintonen,
159- Howard Chu, Ikko Ashimine, Illarion Taev, Jacob Hoffman-Andrews,
160- Jakub Zakrzewski, Javier Blazquez, J. Bromley, Jeroen Ooms, Joel Depooter,
161- Joel Jakobsson, Johann150 on github, Jon Rumsey, Kamil Dudka, Kevin Burke,
162- Kevin R. Bulgrien, Lucas Clemente Vella, Lucas Servén Marín,
163- MAntoniak on github, Marc Aldorasi, Marcel Raad, Marc Hörsken, Martin Dorey,
164- Martin Halle, Matias N. Goldberg, Max Dymond, Michael Kolechkin,
165- Michael O'Farrell, Michał Antoniak, Michal Rus, Morten Minde Neergaard,
166- Oliver Urbann, Patrick Monnerat, Peng-Yu Chen, Pontus Lundkvist,
160+ 3eka on github, Alessandro Ghedini, Andrew Barnert, Ayushman Singh Chauhan,
161+ Benjamin Riefenstahl, Blake Burkhart, Brad Spencer, Calvin Buckley,
162+ Cameron Cawley, Dan Fandrich, Daniel Carpenter, Daniel Gustafsson,
163+ Daniel Stenberg, David Cook, Denis Goleshchikhin, Dmitry Karpov,
164+ Dmitry Kostjuchenko, ebejan on github, Emil Engler, Georeth Zhou,
165+ Gergely Nagy, Gilles Vollant, Harry Sintonen, Howard Chu, Ikko Ashimine,
166+ Illarion Taev, Jacob Hoffman-Andrews, Jakub Zakrzewski, Javier Blazquez,
167+ J. Bromley, Jeroen Ooms, Joel Depooter, Joel Jakobsson, Johann150 on github,
168+ Jon Rumsey, Kamil Dudka, Kevin Burke, Kevin R. Bulgrien, Koichi Shiraishi,
169+ Lucas Clemente Vella, Lucas Servén Marín, MAntoniak on github, Marc Aldorasi,
170+ Marcel Raad, Marc Hörsken, Martin Dorey, Martin Halle, Matias N. Goldberg,
171+ Max Dymond, Michael Kolechkin, Michael O'Farrell, Michał Antoniak,
172+ Michal Rus, Morten Minde Neergaard, Oliver Urbann, Orgad Shaneh,
173+ Patrick Monnerat, Paweł Wegner, Peng-Yu Chen, Pontus Lundkvist, Radek Zajic,
167174 Ralph Langendam, Ray Satiro, rcombs on github, Rich FitzJohn,
168175 Ryan Beck-Buysse, Sergey Markelov, sergio-nsk on github, Stefan Karpinski,
169176 Timo Lange, Timothy Gu, tmkk on github, Tobias Gabriel, Tommy Odom,
170- Travis Burtrum on github , Tuomas Siipola, ustcqidi on github, Victor Vieux,
177+ Travis Burtrum, Tuomas Siipola, ustcqidi on github, Victor Vieux,
171178 Viktor Szakats, Wes Hinsley, Ymir1711 on github, Yusuke Nakamura,
172- (76 contributors)
179+ (82 contributors)
173180
174181References to bug reports and discussions on issues:
175182
@@ -302,3 +309,9 @@ References to bug reports and discussions on issues:
302309 [127] = https://curl.se/bug/?i=7083
303310 [128] = https://curl.se/bug/?i=7083
304311 [129] = https://curl.se/bug/?i=7097
312+ [130] = https://curl.se/docs/CVE-2021-22901.html
313+ [131] = https://curl.se/docs/CVE-2021-22898.html
314+ [132] = https://curl.se/docs/CVE-2021-22897.html
315+ [133] = https://curl.se/bug/?i=7060
316+ [135] = https://curl.se/bug/?i=7121
317+ [136] = https://curl.se/bug/?i=7126
0 commit comments