From 35b118db057f13326015e5e42f99712a9fc7459f Mon Sep 17 00:00:00 2001 From: xukunrui Date: Thu, 18 Feb 2021 08:47:27 +0100 Subject: [PATCH 1/2] BUGS: language polish # docs/BUGS.md Signed-off-by: xukunrui --- docs/BUGS.md | 266 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 266 insertions(+) create mode 100644 docs/BUGS.md diff --git a/docs/BUGS.md b/docs/BUGS.md new file mode 100644 index 000000000..e37875f80 --- /dev/null +++ b/docs/BUGS.md @@ -0,0 +1,266 @@ +# BUGS + +## There are still bugs + + Curl and libcurl keep being developed. Adding features and changing code + means that bugs will sneak in, no matter how hard we try not to. + + Of course there are lots of bugs left. And lots of misfeatures. + + To help us make curl the stable and solid product we want it to be, we need + bug reports and bug fixes. + +## Where to report + + If you can't fix a bug yourself and submit a fix for it, try to report an as + detailed report as possible to a curl mailing list to allow one of us to have + a go at a solution. You can optionally also submit your problem in [curl's + bug tracking system](https://github.com/curl/curl/issues). + + Please read the rest of this document below first before doing that! + + If you feel you need to ask around first, find a suitable [mailing list]( + https://curl.se/mail/) and post your questions there. + +## Security bugs + + If you find a bug or problem in curl or libcurl that you think has a security + impact, for example a bug that can put users in danger or make them + vulnerable if the bug becomes public knowledge, then please report that bug + using our security development process. + + Security related bugs or bugs that are suspected to have a security impact, + should be reported on the [curl security tracker at + HackerOne](https://hackerone.com/curl). + + This ensures that the report reaches the curl security team so that they + first can be deal with the report away from the public to minimize the harm + and impact it will have on existing users out there who might be using the + vulnerable versions. + + The curl project's process for handling security related issues is + [documented separately](https://curl.se/dev/secprocess.html). + +## What to report + + When reporting a bug, you should include all information that will help us + understand what's wrong, what you expected to happen and how to repeat the + bad behavior. You therefore need to tell us: + + - your operating system's name and version number + + - what version of curl you're using (`curl -V` is fine) + + - versions of the used libraries that libcurl is built to use + + - what URL you were working with (if possible), at least which protocol + + and anything and everything else you think matters. Tell us what you expected + to happen, tell use what did happen, tell us how you could make it work + another way. Dig around, try out, test. Then include all the tiny bits and + pieces in your report. You will benefit from this yourself, as it will enable + us to help you quicker and more accurately. + + Since curl deals with networks, it often helps us if you include a protocol + debug dump with your bug report. The output you get by using the `-v` or + `--trace` options. + + If curl crashed, causing a core dump (in unix), there is hardly any use to + send that huge file to anyone of us. Unless we have an exact same system + setup as you, we can't do much with it. Instead we ask you to get a stack + trace and send that (much smaller) output to us instead! + + The address and how to subscribe to the mailing lists are detailed in the + `MANUAL.md` file. + +## libcurl problems + + When you've written your own application with libcurl to perform transfers, + it is even more important to be specific and detailed when reporting bugs. + + Tell us the libcurl version and your operating system. Tell us the name and + version of all relevant sub-components like for example the SSL library + you're using and what name resolving your libcurl uses. If you use SFTP or + SCP, the libssh2 version is relevant etc. + + Showing us a real source code example repeating your problem is the best way + to get our attention and it will greatly increase our chances to understand + your problem and to work on a fix (if we agree it truly is a problem). + + Lots of problems that appear to be libcurl problems are actually just abuses + of the libcurl API or other malfunctions in your applications. It is advised + that you run your problematic program using a memory debug tool like valgrind + or similar before you post memory-related or "crashing" problems to us. + +## Who will fix the problems + + If the problems or bugs you describe are considered to be bugs, we want to + have the problems fixed. + + There are no developers in the curl project that are paid to work on bugs. + All developers that take on reported bugs do this on a voluntary basis. We do + it out of an ambition to keep curl and libcurl excellent products and out of + pride. + + But please do not assume that you can just lump over something to us and it + will then magically be fixed after some given time. Most often we need + feedback and help to understand what you've experienced and how to repeat a + problem. Then we may only be able to assist YOU to debug the problem and to + track down the proper fix. + + We get reports from many people every month and each report can take a + considerable amount of time to really go to the bottom with. + +## How to get a stack trace + + First, you must make sure that you compile all sources with `-g` and that you + don't 'strip' the final executable. Try to avoid optimizing the code as well, + remove `-O`, `-O2` etc from the compiler options. + + Run the program until it cores. + + Run your debugger on the core file, like ` curl + core`. `` should be replaced with the name of your debugger, in + most cases that will be `gdb`, but `dbx` and others also occur. + + When the debugger has finished loading the core file and presents you a + prompt, enter `where` (without quotes) and press return. + + The list that is presented is the stack trace. If everything worked, it is + supposed to contain the chain of functions that were called when curl + crashed. Include the stack trace with your detailed bug report. It'll help a + lot. + +## Bugs in libcurl bindings + + There will of course pop up bugs in libcurl bindings. You should then + primarily approach the team that works on that particular binding and see + what you can do to help them fix the problem. + + If you suspect that the problem exists in the underlying libcurl, then please + convert your program over to plain C and follow the steps outlined above. + +## Bugs in old versions + + The curl project typically releases new versions every other month, and we + fix several hundred bugs per year. For a huge table of releases, number of + bug fixes and more, see: https://curl.se/docs/releases.html + + The developers in the curl project do not have bandwidth or energy enough to + maintain several branches or to spend much time on hunting down problems in + old versions when chances are we already fixed them or at least that they've + changed nature and appearance in later versions. + + When you experience a problem and want to report it, you really SHOULD + include the version number of the curl you're using when you experience the + issue. If that version number shows us that you're using an out-of-date curl, + you should also try out a modern curl version to see if the problem persists + or how/if it has changed in appearance. + + Even if you cannot immediately upgrade your application/system to run the + latest curl version, you can most often at least run a test version or + experimental build or similar, to get this confirmed or not. + + At times people insist that they cannot upgrade to a modern curl version, but + instead they "just want the bug fixed". That's fine, just don't count on us + spending many cycles on trying to identify which single commit, if that's + even possible, that at some point in the past fixed the problem you're now + experiencing. + + Security wise, it is almost always a bad idea to lag behind the current curl + versions by a lot. We keeping discovering and reporting security problems + over time see you can see in [this + table](https://curl.se/docs/vulnerabilities.html) + +# Bug fixing procedure + +## What happens on first filing + + When a new issue is posted in the issue tracker or on the mailing list, the + team of developers first need to see the report. Maybe they took the day off, + maybe they're off in the woods hunting. Have patience. Allow at least a few + days before expecting someone to have responded. + + In the issue tracker you can expect that some labels will be set on the issue + to help categorize it. + +## First response + + If your issue/bug report wasn't perfect at once (and few are), chances are + that someone will ask follow-up questions. Which version did you use? Which + options did you use? How often does the problem occur? How can we reproduce + this problem? Which protocols does it involve? Or perhaps much more specific + and deep diving questions. It all depends on your specific issue. + + You should then respond to these follow-up questions and provide more info + about the problem, so that we can help you figure it out. Or maybe you can + help us figure it out. An active back-and-forth communication is important + and the key for finding a cure and landing a fix. + +## Not reproducible + + For problems that we can't reproduce and can't understand even after having + gotten all the info we need and having studied the source code over again, + are really hard to solve so then we may require further work from you who + actually see or experience the problem. + +## Unresponsive + + If the problem haven't been understood or reproduced, and there's nobody + responding to follow-up questions or questions asking for clarifications or + for discussing possible ways to move forward with the task, we take that as a + strong suggestion that the bug is not important. + + Unimportant issues will be closed as inactive sooner or later as they can't + be fixed. The inactivity period (waiting for responses) should not be shorter + than two weeks but may extend months. + +## Lack of time/interest + + Bugs that are filed and are understood can unfortunately end up in the + "nobody cares enough about it to work on it" category. Such bugs are + perfectly valid problems that *should* get fixed but apparently aren't. We + try to mark such bugs as `KNOWN_BUGS material` after a time of inactivity and + if no activity is noticed after yet some time those bugs are added to the + `KNOWN_BUGS` document and are closed in the issue tracker. + +## `KNOWN_BUGS` + + This is a list of known bugs. Bugs we know exist and that have been pointed + out but that haven't yet been fixed. The reasons for why they haven't been + fixed can involve anything really, but the primary reason is that nobody has + considered these problems to be important enough to spend the necessary time + and effort to have them fixed. + + The `KNOWN_BUGS` items are always up for grabs and we love the ones who bring + one of them back to life and offer solutions to them. + + The `KNOWN_BUGS` document has a sibling document known as `TODO`. + +## `TODO` + + Issues that are filed or reported that aren't really bugs but more missing + features or ideas for future improvements and so on are marked as + 'enhancement' or 'feature-request' and will be added to the `TODO` document + and the issues are closed. We don't keep TODO items open in the issue + tracker. + + The `TODO` document is full of ideas and suggestions of what we can add or + fix one day. You're always encouraged and free to grab one of those items and + take up a discussion with the curl development team on how that could be + implemented or provided in the project so that you can work on ticking it odd + that document. + + If an issue is rather a bug and not a missing feature or functionality, it is + listed in `KNOWN_BUGS` instead. + +## Closing off stalled bugs + + The [issue and pull request trackers](https://github.com/curl/curl) only + holds "active" entries open (using a non-precise definition of what active + actually is, but they're at least not completely dead). Those that are + abandoned or in other ways dormant will be closed and sometimes added to + `TODO` and `KNOWN_BUGS` instead. + + This way, we only have "active" issues open on GitHub. Irrelevant issues and + pull requests will not distract developers or casual visitors. -- Gitee From 69011e1e266d0fbb151249532fbeb61614441ec3 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 19 Jul 2021 09:18:45 +0200 Subject: [PATCH 2/2] RELEASE-NOTES: synced curl 7.78.0 release Signed-off-by: xukunrui --- RELEASE-NOTES | 447 ++++++++++++++++++++++++++++++++++++++++++-------- docs/THANKS | 64 ++++++++ 2 files changed, 447 insertions(+), 64 deletions(-) diff --git a/RELEASE-NOTES b/RELEASE-NOTES index ef3e38d14..134f8b1a3 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -1,40 +1,198 @@ curl and libcurl 7.69.1 - Public curl releases: 190 - Command line options: 230 - curl_easy_setopt() options: 270 - Public functions in libcurl: 82 - Contributors: 2133 + Public curl releases: 201 + Command line options: 242 + curl_easy_setopt() options: 290 + Public functions in libcurl: 85 + Contributors: 2459 + +This release includes the following changes: + + o curl_url_set: reject spaces in URLs w/o CURLU_ALLOW_SPACE [118] + o CURLE_SETOPT_OPTION_SYNTAX: new error name for wrong setopt syntax [40] + o hostip: make 'localhost' return fixed values [16] + o mbedtls: add support for cert and key blob options [11] + o metalink: remove all support for it [54] + o mqtt: add support for username and password [91] This release includes the following bugfixes: - o ares: store dns parameters for duphandle [20] - o cirrus-ci: disable the FreeBSD 13 builds [3] - o curl_share_setopt.3: Note sharing cookies doesn't enable the engine [11] - o lib1564: reduce number of mid-wait wakeup calls [16] - o libssh: Fix matching user-specified MD5 hex key [7] - o MANUAL: update a dict-using command line - o mime: do not perform more than one read in a row [18] - o mime: fix the binary encoder to handle large data properly [17] - o mime: latch last read callback status [19] - o multi: skip EINTR check on wakeup socket if it was closed [12] - o pause: bail out on bad input [8] - o pause: force a connection recheck after unpausing (take 2) [5] - o pause: return early for calls that don't change pause state [10] - o runtests.1: rephrase how to specify what tests to run [2] - o runtests: fix missing use of exe_ext helper function - o seek: fix fall back for missing ftruncate on Windows [4] - o sftp: fix segfault regression introduced by #4747 in 7.69.0 [22] - o sha256: Added SecureTransport implementation [15] - o sha256: Added WinCrypt implementation [15] - o socks4: fix host resolve regression [14] - o socks5: host name resolv regression fix [6] - o tests/server: fix missing use of exe_ext helper function [24] - o tests: fix static ip:port instead of dynamic values being used [23] - o tests: make sleeping portable by avoiding select [1] - o unit1612: fix the inclusion and compilation of the HMAC unit test [9] - o urldata: remove the 'stream_was_rewound' connectdata struct member [13] - o version: make curl_version* thread-safe without using global context [21] + o --socks4[a]: clarify where the host name is resolved [107] + o ares: always store IPv6 addresses first [20] + o asyn-ares: remove check for 'data' in Curl_resolver_cancel [89] + o bearssl: explicitly initialize all fields of Curl_ssl [1] + o bearssl: remove incorrect const on variable that is modified [1] + o build: fix compiler warnings when CURL_DISABLE_VERBOSE_STRINGS [155] + o c-hyper: abort CONNECT response reading early on non 2xx responses [75] + o c-hyper: add support for transfer-encoding in the request [121] + o c-hyper: bail on too long response headers [115] + o c-hyper: clear NTLM auth buffer when request is issued [23] + o c-hyper: convert HYPERE_INVALID_PEER_MESSAGE to CURLE_UNSUPPORTED_PROTOCOL [21] + o c-hyper: fix NTLM on closed connection tested with test159 [4] + o c-hyper: fix the uploaded field in progress callbacks [78] + o c-hyper: handle NULL from hyper_buf_copy() [19] + o c-hyper: support CURLINFO_STARTTRANSFER_TIME [29] + o c-hyper: support CURLOPT_HEADER [32] + o ccsidcurl: fix the compile errors [27] + o CI/cirrus: install impacket from PyPI instead of FreeBSD packages [166] + o CI: add bearssl build [1] + o CI: add Circle CI [92] + o CI: add jobs using Zuul [86] + o CI: delete --enable-hsts option (it is the default now) [2] + o CI: remove travis details [144] + o cleanup: spell DoH with a lowercase o [172] + o cmake: add CURL_DISABLE_NTLM option [44] + o cmake: avoid leaking absolute paths into exported config [3] + o cmake: fix IoctlSocket FIONBIO check [156] + o cmake: fix support for UnixSockets feature on Win32 [104] + o cmake: remove libssh2 feature checks [122] + o cmake: try well-known send/recv signature for Apple [12] + o configure.ac: make non-executable [109] + o configure/cmake: remove checks for many unused functions [95] + o configure: add --disable-ntlm option [45] + o configure: disable RTSP when hyper is selected [68] + o configure: do not strip out debug flags [110] + o configure: fix nghttp2 library name for static builds [157] + o configure: inhibit the implicit-fallthrough warning on gcc-12 [106] + o configure: rename get-easy-option configure option to get-easy-options [81] + o conn_shutdown: if closed during CONNECT cleanup properly [59] + o conncache: lowercase the hash key for better match [5] + o cookies: track expiration in jar to optimize removals [25] + o copyright: add boiler-plate headers to CI config files [143] + o crustls: bump crustls version and use new URL [119] + o curl.h: is supported by VxWorks7 [102] + o curl.h: include sys/select.h for NuttX RTOS [100] + o curl: ignore blank --output-dir [57] + o curl_endian: remove the unused Curl_write64_le function [85] + o curl_multibyte: Remove local encoding fallbacks [58] + o Curl_ntlm_core_mk_nt_hash: fix OOM in error path [8] + o Curl_ssl_getsessionid: fail if no session cache exists [14] + o CURLOPT_WRITEFUNCTION.3: minor update of the example [80] + o docs/BINDINGS: fix outdated links [116] + o docs/examples: use curl_multi_poll() in multi examples [152] + o docs/INSTALL: remove mentions of configure --with-darwin-ssl [55] + o docs: document missing arguments to commands [160] + o docs: fix inconsistencies in EGDSOCKET documentation [159] + o docs: fix incorrect argument name reference [161] + o docs: Fix typos [146] + o docs: make docs for --etag-save match the program behaviour [169] + o docs: use --max-redirs instead of --max-redir [28] + o doh: (void)-prefix call to curl_easy_setopt + o doh: fix wrong DEBUGASSERT for doh private_data [62] + o easy: during upkeep, attach Curl_easy to connections in the cache [171] + o examples/multi-single: fix scan-build warning [150] + o examples: length-limit two sscanf() uses of %s [96] + o examples: safer and more proper read callback logic [127] + o filecheck: quietly remove test-place/*~ [39] + o formdata: avoid "Argument cannot be negative" warning [131] + o formdata: correct typecast in curl_mime_data call [137] + o GHA: add a linux-hyper job [52] + o GHA: add several libcurl tests to the hyper job + o GHA: run the newly fixed tests with hyper [36] + o github: timeout jobs on macOS after 90 minutes [42] + o glob: pass an 'int' as len when using printf's %*s [139] + o gnutls: set the preferred TLS versions in correct order [94] + o GOVERNANCE: add 'user', 'committer' and 'contributor' [15] + o hostip: (macOS) free returned memory of SCDynamicStoreCopyProxies [105] + o hostip: bad CURLOPT_RESOLVE syntax now returns error [35] + o hsts: ignore numberical IP address hosts [17] + o HSTS: not experimental anymore + o http2: clarify 'Using HTTP2' verbose message [63] + o http2: init recvbuf struct for pushed streams [13] + o http2_connisdead: handle trailing GOAWAY better [18] + o http: fix crash in rate-limited upload [142] + o http: make the haproxy support work with unix domain sockets [99] + o http_proxy: deal with non-200 CONNECT response with Hyper [22] + o hyper: propagate errors back up from read callbacks [113] + o HYPER: remove mentions of deprecated development branch + o idn: fix libidn2 with windows unicode builds [117] + o infof: remove newline from format strings, always append it [149] + o lib: don't compare fd to FD_SETSIZE when using poll [61] + o lib: fix compiler warnings with CURL_DISABLE_NETRC [168] + o lib: fix type of len passed to *printf's %*s [133] + o lib: more %u for port and int for %*s fixes [132] + o lib: use %u instead of %ld for port number printf [134] + o libcurl-security.3: mention file descriptors and forks [108] + o libssh2: limit time a disconnect can take to 1 second [111] + o mbedtls: make mbedtls_strerror always work [6] + o mbedtls: Remove unnecessary include [175] + o mqtt: detect illegal and too large file size [43] + o mqtt: extend the error message for no topic [136] + o msnprintf: return number of printed characters excluding null byte [148] + o multi: add scan-build-6 work-around in curl_multi_fdset [88] + o multi: alter transfer timeout ordering [97] + o multi: do not switch off connect_only flag when closing [98] + o multi: fix crash in curl_multi_wait / curl_multi_poll [153] + o netrc: skip 'macdef' definitions [87] + o ngtcp2: disable TLSv1.3 compatible mode when using GnuTLS [83] + o openssl: avoid static variable for seed flag [101] + o openssl: don't remove session id entry in disassociate [56] + o pinnedpubkey.d: fix formatting for version support lists [126] + o proto.d: fix formatting for paragraphs after margin changes [125] + o quiche: use send() instead of sendto() to avoid macOS issue [103] + o Revert "c-hyper: handle body on HYPER_TASK_EMPTY" [26] + o Revert "ftp: Expression 'ftpc->wait_data_conn' is always false" [147] + o runtests: also find the last test in Makefile.inc [66] + o runtests: enable 'hyper mode' only for HTTP tests [34] + o runtests: init $VERSION to avoid warnings when using -l + o runtests: parse data/Makefile.inc instead of using make [38] + o runtests: skip disabled tests unless -f is used [82] + o rustls: remove native_roots fallback [65] + o schannel: set ALPN length correctly for HTTP/2 [24] + o SChannel: Use '_tcsncmp()' instead [164] + o sectransp: check for client certs by name first, then file [167] + o setopt: fix incorrect comments [10] + o socketpair: fix potential hangs [37] + o socks4: scan for the IPv4 address in resolve results [124] + o ssl: read pending close notify alert before closing the connection [9] + o sws: malloc request struct instead of using stack [60] + o telnet: fix option parser to not send uninitialized contents [170] + o test1116: hyper doesn't pass through "surprise-trailers" [123] + o test1147: hyper doesn't allow "crazy" request headers like built-in [114] + o test1151: added missing CRLF to work with hyper [120] + o test1216: adjusted for hyper mode [73] + o test1218: adjusted for hyper mode [72] + o test1230: adjust to work in hyper mode [74] + o test1340/1341: adjusted for hyper mode [71] + o test1438/1457: add HTTP keyword to make hyper mode work [70] + o test1514: add a CRLF to the response to make it correct [130] + o test1518: adjusted to work with hyper [129] + o test1519: adjusted to work with hyper [128] + o test1594/1595/1596: fix to work in hyper mode [69] + o test269: disable for hyper [33] + o test3010: work with hyper mode [67] + o test328: avoid a header-looking body to make hyper mode work [53] + o test339: CRLFify better to work in hyper mode [51] + o test347: CRLFify to work in hyper mode [50] + o test393: make Content-Length fit within 64 bit for hyper [49] + o test394: hyper returns a different error [48] + o test395: hyper cannot work around > 64 bit content-lengths like built-in [47] + o test433: adjust for hyper mode [46] + o test434: add HTTP keyword [76] + o test500: adjust to work with hyper mode + o test566: adjust to work with hyper mode [79] + o test599: adjusted to work in hyper mode [77] + o test644: remove as duplicate of test 587 [84] + o tests: fix Accept-Encoding strips to work with Hyper builds [41] + o TLS: prevent shutdown loops to get stuck [112] + o tool: make _lseeki64() macro work with the PellesC compiler [163] + o tool_help: document that --tlspassword takes a password [162] + o tool_help: remove unused define [154] + o url.c: remove two variable assigns that are never read [90] + o url: (void)-prefix a curl_url_get() call [138] + o url: bad CURLOPT_CONNECT_TO syntax now returns error [31] + o version: turn version number functions into returning void [135] + o vtls: exit addsessionid if no cache is inited [7] + o vtls: fix connection reuse checks for issuer cert and case sensitivity [165] + o vtls: only store TIMER_APPCONNECT for non-proxy connect [93] + o vtls: use free() not curl_free() [140] + o warnless: simplify type size handling [30] + o Win32: fix build with Watt-32 + o winbuild/README: VC should be set to 6 'or larger' [64] + o winbuild: support alternate nghttp2 static lib name [174] + o wolfssl: failing to set a session id is not reason to error out [151] + o write-out.d: clarify urlnum is not unique for de-globbed URLs [145] + o zuul: use the new rustls directory name [141] This release includes the following known bugs: @@ -43,38 +201,199 @@ This release includes the following known bugs: This release would not have looked like this without help, code, reports and advice from friends like these: - amishmm on github, Anders Berg, Andy Fiddaman, Christopher Reid, - Dan Fandrich, Daniel Stenberg, Ernst Sjöstrand, fds242 on github, - Fedor Korotkov, Felipe Gasper, Jim Fuller, Marcel Raad, Marc Hörsken, - MrdUkk on github, Patrick Monnerat, Ray Satiro, RuurdBeerstra on github, - Steve Holme, vitaha85 on github, - (19 contributors) - - Thanks! (and sorry if I forgot to mention someone) + Albin Vass, Aleksander Mazur, Alexis Vachette, Alex Xu, Andrea Pappacoda, + Andrei Rybak, Bachue Zhou, Bastian Krause, Bin Lan, Bin Meng, + Christian Weisgerber, Christoph M. Becker, civodul on github, Dan Fandrich, + Daniel Gustafsson, Daniel Stenberg, David Hu, dEajL3kA on github, + Dmitry Karpov, Dmitry Kostjuchenko, Douglas R. Reno, Ebe Janchivdorj, + Fawad Mirza, Francisco Munoz, Gabriel Simmer, Gealber Morales, Gergely Nagy, + Gerrit Renker, Gisle Vanem, Gregor Jasny, Gregory Muchka, Harry Sintonen, + Hugh Macdonald, Jacob Hoffman-Andrews, Jishan Shaikh, Joel Depooter, + Jonathan Wernberg, Jon Rumsey, Josh Soref, Josie Huddleston, Jun-ya Kato, + Kevin Burke, Laurent Dufresne, Li Xinwei, MAntoniak on github, Marcel Raad, + Marc Hörsken, Mark Swaanenburg, Martin Howarth, Max Zettlmeißl, + Michael Forney, Michael Kaufmann, Mohammed Naser, nian6324 on github, + Nikos Mavrogiannopoulos, Paul Groke, Peter Körner, Phil E. Taylor, + Pierre Yager, Randolf J, Ray Satiro, Red Hat Product Security, + Richard Marion, Richard Whitehouse, Sergey Markelov, Shikha Sharma, + shithappens2016 on github, sylgal on github, Timur Artikov, Tobias Nyholm, + Tommy Chiang, User Sg, Vadim Grinshpun, Valentín Gutiérrez, Viktor Szakats, + William Desportes, Wyatt OʼDay, Xiang Xiao, Yongkang Huang, Younes El-karama, + Zhang Xiuhua, Борис Верховский, Коваленко Анатолий Викторович, + (83 contributors) References to bug reports and discussions on issues: - [1] = https://curl.haxx.se/bug/?i=5035 - [2] = https://curl.haxx.se/bug/?i=5033 - [3] = https://curl.haxx.se/bug/?i=5028 - [4] = https://curl.haxx.se/bug/?i=5055 - [5] = https://curl.haxx.se/bug/?i=5049 - [6] = https://curl.haxx.se/bug/?i=5053 - [7] = https://curl.haxx.se/bug/?i=4971 - [8] = https://curl.haxx.se/bug/?i=5050 - [9] = https://curl.haxx.se/bug/?i=5024 - [10] = https://curl.haxx.se/bug/?i=5026 - [11] = https://curl.haxx.se/mail/lib-2020-03/0019.html - [12] = https://curl.haxx.se/bug/?i=5047 - [13] = https://curl.haxx.se/bug/?i=5046 - [14] = https://curl.haxx.se/bug/?i=5061 - [15] = https://curl.haxx.se/bug/?i=5030 - [16] = https://curl.haxx.se/bug/?i=5037 - [17] = https://curl.haxx.se/bug/?i=4860 - [18] = https://curl.haxx.se/bug/?i=4826 - [19] = https://curl.haxx.se/bug/?i=4813 - [20] = https://curl.haxx.se/bug/?i=4893 - [21] = https://curl.haxx.se/bug/?i=5010 - [22] = https://curl.haxx.se/bug/?i=5041 - [23] = https://curl.haxx.se/bug/?i=5065 - [24] = https://curl.haxx.se/bug/?i=5064 + [1] = https://curl.se/bug/?i=7133 + [2] = https://curl.se/bug/?i=7167 + [3] = https://curl.se/bug/?i=7152 + [4] = https://curl.se/bug/?i=7154 + [5] = https://curl.se/bug/?i=7159 + [6] = https://curl.se/bug/?i=7162 + [7] = https://curl.se/bug/?i=7165 + [8] = https://curl.se/bug/?i=7164 + [9] = https://curl.se/bug/?i=7095 + [10] = https://curl.se/bug/?i=7157 + [11] = https://curl.se/bug/?i=7157 + [12] = https://curl.se/bug/?i=7158 + [13] = https://curl.se/bug/?i=7153 + [14] = https://curl.se/bug/?i=7148 + [15] = https://curl.se/bug/?i=7151 + [16] = https://curl.se/bug/?i=7039 + [17] = https://curl.se/bug/?i=7146 + [18] = https://curl.se/mail/lib-2021-06/0001.html + [19] = https://curl.se/bug/?i=7143 + [20] = https://curl.se/mail/lib-2021-06/0003.html + [21] = https://curl.se/bug/?i=7141 + [22] = https://curl.se/bug/?i=7141 + [23] = https://curl.se/bug/?i=7139 + [24] = https://curl.se/bug/?i=7138 + [25] = https://curl.se/bug/?i=7172 + [26] = https://curl.se/bug/?i=7122 + [27] = https://curl.se/bug/?i=7134 + [28] = https://curl.se/bug/?i=7130 + [29] = https://curl.se/bug/?i=7204 + [30] = https://curl.se/bug/?i=7181 + [31] = https://curl.se/bug/?i=7183 + [32] = https://curl.se/bug/?i=7204 + [33] = https://curl.se/bug/?i=7184 + [34] = https://curl.se/bug/?i=7185 + [35] = https://curl.se/bug/?i=7170 + [36] = https://curl.se/bug/?i=7205 + [37] = https://curl.se/bug/?i=7144 + [38] = https://curl.se/bug/?i=7177 + [39] = https://curl.se/bug/?i=7179 + [40] = https://curl.se/bug/?i=7175 + [41] = https://curl.se/bug/?i=7169 + [42] = https://curl.se/bug/?i=7173 + [43] = https://curl.se/bug/?i=7166 + [44] = https://curl.se/bug/?i=7028 + [45] = https://curl.se/bug/?i=7028 + [46] = https://curl.se/bug/?i=7205 + [47] = https://curl.se/bug/?i=7205 + [48] = https://curl.se/bug/?i=7205 + [49] = https://curl.se/bug/?i=7205 + [50] = https://curl.se/bug/?i=7205 + [51] = https://curl.se/bug/?i=7205 + [52] = https://curl.se/bug/?i=7206 + [53] = https://curl.se/bug/?i=7203 + [54] = https://curl.se/bug/?i=7176 + [55] = https://curl.se/mail/lib-2021-06/0008.html + [56] = https://curl.se/bug/?i=7222 + [57] = https://curl.se/bug/?i=7218 + [58] = https://curl.se/bug/?i=7257 + [59] = https://curl.se/bug/?i=7236 + [60] = https://curl.se/mail/lib-2021-06/0018.html + [61] = https://curl.se/bug/?i=7240 + [62] = https://curl.se/bug/?i=7227 + [63] = https://github.com/curl/curl/discussions/7255 + [64] = https://curl.se/bug/?i=7253 + [65] = https://curl.se/bug/?i=7250 + [66] = https://curl.se/bug/?i=7209 + [67] = https://curl.se/bug/?i=7209 + [68] = https://curl.se/bug/?i=7209 + [69] = https://curl.se/bug/?i=7209 + [70] = https://curl.se/bug/?i=7209 + [71] = https://curl.se/bug/?i=7209 + [72] = https://curl.se/bug/?i=7209 + [73] = https://curl.se/bug/?i=7209 + [74] = https://curl.se/bug/?i=7209 + [75] = https://curl.se/bug/?i=493 + [76] = https://curl.se/bug/?i=7209 + [77] = https://curl.se/bug/?i=7209 + [78] = https://curl.se/bug/?i=7209 + [79] = https://curl.se/bug/?i=7209 + [80] = https://curl.se/bug/?i=7219 + [81] = https://curl.se/bug/?i=7211 + [82] = https://curl.se/bug/?i=7212 + [83] = https://curl.se/bug/?i=6896 + [84] = https://curl.se/bug/?i=7208 + [85] = https://curl.se/bug/?i=7280 + [86] = https://curl.se/bug/?i=7245 + [87] = https://curl.se/bug/?i=7238 + [88] = https://curl.se/bug/?i=7248 + [89] = https://curl.se/bug/?i=7248 + [90] = https://curl.se/bug/?i=7248 + [91] = https://curl.se/bug/?i=7243 + [92] = https://curl.se/bug/?i=7239 + [93] = https://curl.se/bug/?i=7274 + [94] = https://curl.se/bug/?i=7277 + [95] = https://curl.se/bug/?i=7276 + [96] = https://curl.se/bug/?i=7293 + [97] = https://curl.se/bug/?i=7178 + [98] = https://curl.se/mail/lib-2021-06/0024.html + [99] = https://curl.se/bug/?i=7290 + [100] = https://curl.se/bug/?i=7287 + [101] = https://curl.se/bug/?i=7296 + [102] = https://curl.se/bug/?i=7285 + [103] = https://curl.se/bug/?i=7260 + [104] = https://curl.se/bug/?i=7034 + [105] = https://curl.se/bug/?i=7265 + [106] = https://curl.se/bug/?i=7295 + [107] = https://curl.se/bug/?i=7273 + [108] = https://curl.se/bug/?i=7270 + [109] = https://curl.se/bug/?i=7272 + [110] = https://curl.se/bug/?i=7216 + [111] = https://curl.se/bug/?i=7271 + [112] = https://curl.se/bug/?i=7271 + [113] = https://curl.se/bug/?i=7266 + [114] = https://curl.se/bug/?i=7349 + [115] = https://curl.se/bug/?i=7350 + [116] = https://curl.se/bug/?i=7301 + [117] = https://curl.se/bug/?i=7228 + [118] = https://curl.se/bug/?i=7073 + [119] = https://curl.se/bug/?i=7297 + [120] = https://curl.se/bug/?i=7350 + [121] = https://curl.se/bug/?i=7348 + [122] = https://curl.se/bug/?i=7343 + [123] = https://curl.se/bug/?i=7344 + [124] = https://curl.se/bug/?i=7345 + [125] = https://curl.se/bug/?i=7341 + [126] = https://curl.se/bug/?i=7340 + [127] = https://curl.se/bug/?i=7330 + [128] = https://curl.se/bug/?i=7333 + [129] = https://curl.se/bug/?i=7333 + [130] = https://curl.se/bug/?i=7334 + [131] = https://curl.se/bug/?i=7328 + [132] = https://curl.se/bug/?i=7329 + [133] = https://curl.se/bug/?i=7326 + [134] = https://curl.se/bug/?i=7325 + [135] = https://curl.se/bug/?i=7319 + [136] = https://curl.se/bug/?i=7316 + [137] = https://curl.se/bug/?i=7327 + [138] = https://curl.se/bug/?i=7320 + [139] = https://curl.se/bug/?i=7324 + [140] = https://curl.se/bug/?i=7318 + [141] = https://curl.se/bug/?i=7311 + [142] = https://curl.se/bug/?i=7308 + [143] = https://curl.se/bug/?i=7314 + [144] = https://curl.se/bug/?i=7313 + [145] = https://curl.se/bug/?i=7342 + [146] = https://curl.se/bug/?i=7370 + [147] = https://curl.se/mail/lib-2021-07/0025.html + [148] = https://curl.se/bug/?i=7361 + [149] = https://curl.se/bug/?i=7357 + [150] = https://curl.se/bug/?i=7360 + [151] = https://curl.se/bug/?i=7358 + [152] = https://curl.se/bug/?i=7352 + [153] = https://curl.se/bug/?i=7379 + [154] = https://curl.se/bug/?i=7380 + [155] = https://curl.se/bug/?i=7377 + [156] = https://curl.se/bug/?i=7375 + [157] = https://curl.se/bug/?i=7367 + [159] = https://curl.se/bug/?i=7391 + [160] = https://curl.se/bug/?i=7382 + [161] = https://curl.se/bug/?i=7383 + [162] = https://curl.se/bug/?i=7378 + [163] = https://curl.se/bug/?i=7397 + [164] = https://curl.se/bug/?i=7398 + [165] = https://curl.se/docs/CVE-2021-22924.html + [166] = https://curl.se/bug/?i=7418 + [167] = https://curl.se/docs/CVE-2021-22926.html + [168] = https://curl.se/bug/?i=7423 + [169] = https://curl.se/bug/?i=7429 + [170] = https://curl.se/docs/CVE-2021-22925.html + [171] = https://curl.se/bug/?i=7386 + [172] = https://curl.se/bug/?i=7413 + [174] = https://curl.se/bug/?i=7446 + [175] = https://curl.se/bug/?i=7419 diff --git a/docs/THANKS b/docs/THANKS index 53735cb6f..300511248 100644 --- a/docs/THANKS +++ b/docs/THANKS @@ -41,9 +41,11 @@ Alan Jenkins Alan Pinstein Albert Chin-A-Young Albert Choy +Albin Vass Alejandro Alvarez Ayllon Alejandro R. Sedeño Aleksandar Milivojevic +Aleksander Mazur Aleksey Tulinov Ales Mlakar Ales Novak @@ -87,6 +89,7 @@ Alexey Simak Alexey Zakhlestin Alexis Carvalho Alexis La Goutte +Alexis Vachette Alfonso Martone Alfred Gebert Allen Pulsifer @@ -107,6 +110,7 @@ Anderson Toshiyuki Sasaki Andi Jahja Andre Guibert de Bruet Andre Heinecke +Andrea Pappacoda Andreas Damm Andreas Falkenhahn Andreas Farber @@ -125,6 +129,7 @@ Andrei Cipu Andrei Karas Andrei Kurushin Andrei Neculau +Andrei Rybak Andrei Sedoi Andrei Valeriu BICA Andrei Virtosu @@ -191,6 +196,9 @@ Austin Green Avery Fay Axel Tillequin Ayoub Boudhar +Ayushman Singh Chauhan +b9a1 on github +Bachue Zhou Balaji Parasuram Balaji S Rao Balaji Salunke @@ -201,6 +209,7 @@ Barry Pollard Bart Whiteley Bas Mevissen Bas van Schaik +Bastian Krause Bastien Bouclet Basuke Suzuki baumanj on github @@ -239,6 +248,9 @@ Bill Hoffman Bill Middlecamp Bill Nagel Bill Pyne +Billyzou0741326 on github +Bin Lan +Bin Meng Bjarni Ingi Gislason Bjoern Franke Bjoern Sikora @@ -351,6 +363,7 @@ Christopher Reid Christopher Stone Chungtsun Li Ciprian Badescu +civodul on github Claes Jakobsson Clarence Gardner Claudio Neves @@ -487,6 +500,7 @@ David Woodhouse David Wright David Yan dbrowndan on github +dEajL3kA on github Dengminwen Denis Chaplygin Denis Feklushkin @@ -561,6 +575,8 @@ Dániel Bakai Early Ehlinger Earnestly on github Eason-Yu on github +Ebe Janchivdorj +ebejan on github Ebenezer Ikonne Ed Morley Edgaras Janušauskas @@ -638,6 +654,7 @@ Fabrice Fontaine Fabrizio Ammollo Fahim Chandurwala Faizur Rahman +Fawad Mirza fds242 on github Federico Bianchi Fedor Karpelevitch @@ -657,6 +674,7 @@ Florian Weimer Florin Petriuc Forrest Cahoon Francisco Moraes +Francisco Munoz Francisco Sedano Francois Petitjean Francois Rivard @@ -678,6 +696,7 @@ Frederic Lepied Frederik B Fredrik Thulin Gabriel Kuri +Gabriel Simmer Gabriel Sjoberg Garrett Holmstrom Gary Maxwell @@ -687,6 +706,7 @@ Gautam Mani Gavrie Philipson Gaz Iqbal Gaël Portay +Gealber Morales Geeknik Labs Geoff Beier Georg Horn @@ -698,6 +718,7 @@ Gerd v. Egidy Gergely Nagy Gerhard Herre Gerrit Bruchhäuser +Gerrit Renker Ghennadi Procopciuc Giancarlo Formicuccia Giaslas Georgios @@ -728,6 +749,9 @@ Greg Onufer Greg Pratt Greg Rowe Greg Zavertnik +Gregor Jasny +Gregory Jefferis +Gregory Muchka Gregory Nicholls Gregory Szorc Griffin Downs @@ -785,6 +809,8 @@ Howard Blaise Howard Chu hsiao yi Hubert Kario +Hugh Macdonald +Hugo van Kemenade Huzaifa Sidhpurwala Hzhijun Ian D Allen @@ -934,6 +960,7 @@ Jimmy Gaussen Jiri Dvorak Jiri Hruska Jiri Jaburek +Jishan Shaikh Jiří Malák jnbr on github Jocelyn Jaubert @@ -1004,6 +1031,8 @@ Jonathan Cardoso Machado Jonathan Hseu Jonathan Moerman Jonathan Nieder +Jonathan Watt +Jonathan Wernberg Jongki Suwandi jonrumsey on github Joombalaya on github @@ -1013,6 +1042,7 @@ Jose Kahan Josef Wolf Josh Bialkowski Josh Kapell +Josh Soref joshhe on github Joshua Kwan Joshua Swink @@ -1134,6 +1164,7 @@ Lars Johannesen Lars Nilsson Lars Torben Wilson Laurent Bonnans +Laurent Dufresne Laurent Rabret Lauri Kasanen Laurie Clark-Michalek @@ -1246,6 +1277,7 @@ Mark Lentczner Mark Nottingham Mark Salisbury Mark Snelling +Mark Swaanenburg Mark Tully Mark W. Eichin Mark Wotton @@ -1267,6 +1299,7 @@ Martin Galvan Martin Gartner Martin Hager Martin Hedenfalk +Martin Howarth Martin Jansen Martin Kammerhofer Martin Kepplinger @@ -1311,6 +1344,7 @@ Max Katsev Max Kellermann Max Khon Max Savenkov +Max Zettlmeißl Maxim Ivanov Maxim Perenesenko Maxim Prohorov @@ -1397,6 +1431,7 @@ mkzero on github Mohamed Lrhazi Mohammad AlSaleh Mohammad Hasbini +Mohammed Naser Mohun Biswas momala454 on github moohoorama on github @@ -1429,6 +1464,7 @@ Neil Spring nevv on HackerOne/curl Niall O'Reilly niallor on github +nian6324 on github nianxuejie on github Nic Roets Nicholas Maniscalco @@ -1587,6 +1623,7 @@ Petr Pisar Petr Voytsik Phil Blundell Phil Crump +Phil E. Taylor Phil Karn Phil Lisiecki Phil Pellouchoud @@ -1603,6 +1640,7 @@ Pierre Pierre Brico Pierre Chapuis Pierre Joye +Pierre Yager Pierre Ynard Pierre-Yves Bigourdan Piotr Dobrogost @@ -1639,6 +1677,7 @@ Ralph Mitchell Ram Krushna Mishra Ran Mozes Randall S. Becker +Randolf J Randy Armstrong Randy McMurchy Raphael Gozzo @@ -1647,6 +1686,8 @@ Ray Dassen Ray Pekowski Ray Satiro Razvan Cojocaru +rcombs on github +Red Hat Product Security Reed Loden Reinhard Max Reinout van Schouwen @@ -1682,11 +1723,13 @@ Richard Gorton Richard Gray Richard Hosking Richard Hsu +Richard Marion Richard Michael Richard Moore Richard Prescott Richard Silverman Richard van den Berg +Richard Whitehouse Richy Kim Rick Deist Rick Jones @@ -1824,8 +1867,10 @@ Shard Shaun Jackman Shawn Landden Shawn Poulson +Shikha Sharma Shine Fan Shiraz Kanga +shithappens2016 on github Shlomi Fish Shmulik Regev Siddhartha Prakash Jain @@ -1908,6 +1953,7 @@ Sven Neuhaus Sven Wegener Svyatoslav Mishyn swalkaus at yahoo.com +sylgal on github Sylvestre Ledru Symeon Paraschoudis Sébastien Willemijns @@ -1963,6 +2009,7 @@ Timo Sirainen Timotej Lazar Timothe Litt Timothy Polich +Timur Artikov Tinus van den Berg TJ Saunders Tobias Blomberg @@ -1970,6 +2017,7 @@ Tobias Hieta Tobias Hintze Tobias Lindgren Tobias Markus +Tobias Nyholm Tobias Rundström Tobias Stoeckmann Toby Peterson @@ -2003,6 +2051,9 @@ Tomasz Kojm Tomasz Lacki Tommie Gannert tommink[at]post.pl +Tommy Chiang +Tommy Odom +Tommy Petty Tommy Tam Ton Voon Toni Moreno @@ -2031,7 +2082,13 @@ Ulf Samuelsson Ulrich Doehner Ulrich Telle Ulrich Zadow +UrsusArctos on github +User Sg +ustcqidi on github +Vadim Grinshpun Valentin David +Valentyn Korniienko +Valentín Gutiérrez Valerii Zapodovnikov vanillajonathan on github Vasiliy Faronov @@ -2086,12 +2143,14 @@ Will Dietz Willem Sparreboom William A. Rowe Jr William Ahern +William Desportes wmsch on github wncboy on github Wojciech Zwiefka Wouter Van Rooy Wu Yongzheng Wyatt O'Day +Wyatt OʼDay Xavier Bouchoux XhstormR on github Xiang Xiao @@ -2111,6 +2170,8 @@ Yi Huang Yiming Jing Yingwei Liu Yonggang Luo +Yongkang Huang +Younes El-karama youngchopin on github Yousuke Kimoto Yu Xin @@ -2125,6 +2186,7 @@ Zekun Ni zelinchen on github Zenju on github Zero King +Zhang Xiuhua Zhao Yisha Zhaoyang Wu Zhibiao Wu @@ -2135,5 +2197,7 @@ zzq1015 on github İsmail Dönmez Łukasz Domeradzki Štefan Kremeň +Борис Верховский +Коваленко Анатолий Викторович Никита Дорохин 加藤郁之 -- Gitee