curl/RELEASE-NOTES

281 lines
13 KiB
Plaintext
Raw Normal View History

2018-09-05 16:22:54 +08:00
Curl and libcurl 7.62.0
2018-09-05 16:22:54 +08:00
Public curl releases: 177
2018-09-09 04:45:45 +08:00
Command line options: 219
curl_easy_setopt() options: 261
Public functions in libcurl: 80
2018-10-29 15:35:51 +08:00
Contributors: 1808
2018-09-05 16:22:54 +08:00
This release includes the following changes:
2018-09-09 04:45:45 +08:00
o multiplex: enable by default [4]
o url: default to CURL_HTTP_VERSION_2TLS if built h2-enabled [4]
o setopt: add CURLOPT_DOH_URL [7]
o curl: --doh-url added [7]
o setopt: add CURLOPT_UPLOAD_BUFFERSIZE: set upload buffer size [8]
o imap: change from "FETCH" to "UID FETCH" [9]
o configure: add option to disable automatic OpenSSL config loading [10]
o upkeep: add a connection upkeep API: curl_easy_upkeep() [11]
o URL-API: added five new functions [12]
2018-09-18 22:45:58 +08:00
o vtls: MesaLink is a new TLS backend [23]
2018-09-05 16:22:54 +08:00
This release includes the following bugfixes:
2018-10-29 15:35:51 +08:00
o CVE-2018-16839: SASL password overflow via integer overflow [107]
o CVE-2018-16840: use-after-free in handle close [108]
o CVE-2018-16842: warning message out-of-buffer read [114]
2018-09-09 04:45:45 +08:00
o CURLOPT_DNS_USE_GLOBAL_CACHE: deprecated [5]
2018-10-02 06:26:57 +08:00
o Curl_dedotdotify(): always nul terminate returned string [46]
2018-10-17 14:17:04 +08:00
o Curl_follow: Always free the passed new URL [87]
2018-10-02 06:26:57 +08:00
o Curl_http2_done: fix memleak in error path [51]
o Curl_retry_request: fix memory leak [49]
2018-09-22 06:16:57 +08:00
o Curl_saferealloc: Fixed typo in docblock [40]
2018-10-08 21:03:21 +08:00
o FILE: fix CURLOPT_NOBODY and CURLOPT_HEADER output [78]
2018-09-22 06:16:57 +08:00
o GnutTLS: TLS 1.3 support [39]
2018-10-02 06:26:57 +08:00
o SECURITY-PROCESS: mention the bountygraph program [42]
2018-10-24 15:22:18 +08:00
o VS projects: add USE_IPV6: [91]
2018-10-17 14:17:04 +08:00
o Windows: fixes for MinGW targeting Windows Vista [82]
2018-09-18 22:45:58 +08:00
o anyauthput: fix compiler warning on 64-bit Windows [21]
2018-10-08 21:03:21 +08:00
o appveyor: add WinSSL builds [81]
o appveyor: run test suite (on Windows!) [65]
2018-09-22 06:16:57 +08:00
o certs: generate tests certs with sha256 digest algorithm [37]
2018-10-08 21:03:21 +08:00
o checksrc: enable strict mode and warnings [63]
o checksrc: handle zero scoped ignore commands [62]
2018-10-02 06:26:57 +08:00
o cmake: Backport to work with CMake 3.0 again [55]
o cmake: Improve config installation [60]
2018-10-29 15:35:51 +08:00
o cmake: add support for transitive ZLIB target [113]
2018-10-17 14:17:04 +08:00
o cmake: disable -Wpedantic-ms-format [84]
2018-09-18 22:45:58 +08:00
o cmake: don't require OpenSSL if USE_OPENSSL=OFF [35]
2018-10-02 06:26:57 +08:00
o cmake: fixed path used in generation of docs/tests [56]
2018-10-27 17:14:13 +08:00
o cmake: remove unused *SOCKLEN_T variables [102]
2018-10-08 21:03:21 +08:00
o cmake: suppress MSVC warning C4127 for libtest
o cmake: test and set missed defines during configuration [64]
o comment: Fix multiple typos in function parameters [69]
2018-10-27 17:14:13 +08:00
o config: Remove unused SIZEOF_VOIDP [104]
2018-10-24 15:22:18 +08:00
o config_win32: enable LDAPS [92]
2018-09-22 06:16:57 +08:00
o configure: force-use -lpthreads on HPUX [41]
2018-10-27 17:14:13 +08:00
o configure: remove CURL_CONFIGURE_CURL_SOCKLEN_T [101]
2018-10-02 06:26:57 +08:00
o configure: s/AC_RUN_IFELSE/CURL_RUN_IFELSE [53]
2018-09-18 22:45:58 +08:00
o cookies: Remove redundant expired check [14]
o cookies: fix leak when writing cookies to file [15]
2018-10-27 17:14:13 +08:00
o curl-config.in: remove dependency on bc [99]
o curl.1: --ipv6 mutexes ipv4 (fixed typo) [98]
2018-10-02 06:26:57 +08:00
o curl: enabled Windows VT Support and UTF-8 output [57]
2018-09-18 22:45:58 +08:00
o curl: update the documentation of --tlsv1.0 [17]
o curl_multi_wait: call getsock before figuring out timeout [34]
2018-10-08 21:03:21 +08:00
o curl_ntlm_wb: check aprintf() return codes [75]
2018-10-02 06:26:57 +08:00
o curl_threads: fix classic MinGW compile break [54]
2018-09-18 22:45:58 +08:00
o darwinssl: Fix realloc memleak [32]
2018-09-09 04:45:45 +08:00
o darwinssl: more specific and unified error codes [6]
2018-10-08 21:03:21 +08:00
o data-binary.d: clarify default content-type is x-www-form-urlencoded [71]
o docs/BUG-BOUNTY: explain the bounty program [76]
2018-10-24 15:22:18 +08:00
o docs/CIPHERS: Mention the options used to set TLS 1.3 ciphers [89]
2018-10-27 17:14:13 +08:00
o docs/CIPHERS: fix the TLS 1.3 cipher names [95]
2018-10-08 21:03:21 +08:00
o docs/CIPHERS: mention the colon separation for OpenSSL [73]
2018-10-02 06:26:57 +08:00
o docs/examples: URL updates [45]
2018-10-17 14:17:04 +08:00
o docs: add "see also" links for SSL options [85]
2018-09-18 22:45:58 +08:00
o example/asiohiper: insert warning comment about its status [18]
2018-10-02 06:26:57 +08:00
o example/htmltidy: fix include paths of tidy libraries [52]
o examples/Makefile.m32: sync with core [44]
2018-09-18 22:45:58 +08:00
o examples/http2-pushinmemory: receive HTTP/2 pushed files in memory [33]
2018-10-02 06:26:57 +08:00
o examples/parseurl.c: show off the URL API [43]
2018-09-18 22:45:58 +08:00
o examples: Fix memory leaks from realloc errors [31]
o examples: do not wait when no transfers are running [16]
o ftp: include command in Curl_ftpsend sendbuffer [25]
2018-10-08 21:03:21 +08:00
o gskit: make sure to terminate version string [79]
2018-10-27 17:14:13 +08:00
o gtls: Values stored to but never read [97]
2018-10-08 21:03:21 +08:00
o hostip: fix check on Curl_shuffle_addr return value [77]
2018-09-18 22:45:58 +08:00
o http2: fix memory leaks on error-path [29]
2018-10-02 06:26:57 +08:00
o http: fix memleak in rewind error path [50]
2018-09-18 22:45:58 +08:00
o krb5: fix memory leak in krb_auth [25]
2018-10-17 14:17:04 +08:00
o ldap: show precise LDAP call in error message on Windows [83]
2018-09-18 22:45:58 +08:00
o lib: fix gcc8 warning on Windows [20]
o memory: add missing curl_printf header [30]
2018-10-08 21:03:21 +08:00
o memory: ensure to check allocation results [68]
2018-10-29 15:35:51 +08:00
o multi: Fix error handling in the SENDPROTOCONNECT state [112]
2018-10-02 06:26:57 +08:00
o multi: fix memory leak in content encoding related error path [59]
2018-10-24 15:22:18 +08:00
o multi: make the closure handle "inherit" CURLOPT_NOSIGNAL [90]
2018-10-27 17:14:13 +08:00
o netrc: free temporary strings if memory allocation fails [103]
2018-10-08 21:03:21 +08:00
o nss: fix nssckbi module loading on Windows [70]
2018-09-22 06:16:57 +08:00
o nss: try to connect even if libnssckbi.so fails to load [36]
2018-09-18 22:45:58 +08:00
o ntlm_wb: Fix memory leaks in ntlm_wb_response [24]
o ntlm_wb: bail out if the response gets overly large [13]
o openssl: assume engine support in 0.9.8 or later [27]
2018-10-02 06:26:57 +08:00
o openssl: enable TLS 1.3 post-handshake auth [47]
2018-09-18 22:45:58 +08:00
o openssl: fix gcc8 warning [19]
2018-10-02 06:26:57 +08:00
o openssl: load built-in engines too [48]
2018-10-27 17:14:13 +08:00
o openssl: make 'done' a proper boolean [97]
o openssl: output the correct cipher list on TLS 1.3 error [95]
2018-09-09 04:45:45 +08:00
o openssl: return CURLE_PEER_FAILED_VERIFICATION on failure to parse issuer [6]
2018-09-18 22:45:58 +08:00
o openssl: show "proper" version number for libressl builds [28]
o pipelining: deprecated [1]
2018-10-29 15:35:51 +08:00
o rand: add comment to skip a clang-tidy false positive
2018-10-27 17:14:13 +08:00
o rtmp: fix for compiling with lwIP [100]
2018-10-08 21:03:21 +08:00
o runtests: ignore disabled even when ranges are given [74]
o runtests: skip ld_preload tests on macOS [80]
o runtests: use Windows paths for Windows curl
2018-09-18 22:45:58 +08:00
o schannel: unified error code handling [6]
o sendf: Fix whitespace in infof/failf concatenation [26]
2018-10-27 17:14:13 +08:00
o ssh: free the session on init failures [96]
2018-09-09 04:45:45 +08:00
o ssl: deprecate CURLE_SSL_CACERT in favour of a unified error code [6]
2018-10-29 15:35:51 +08:00
o system.h: use proper setting with Sun C++ as well [109]
2018-10-08 21:03:21 +08:00
o test1299: use single quotes around asterisk [72]
2018-09-18 22:45:58 +08:00
o test1452: mark as flaky [2]
2018-10-29 15:35:51 +08:00
o test1651: unit test Curl_extract_certinfo() [110]
2018-10-08 21:03:21 +08:00
o test320: strip out more HTML when comparing [66]
o tests/negtelnetserver.py: fix Python2-ism in neg TELNET server [67]
2018-09-18 22:45:58 +08:00
o tests: add unit tests for url.c [3]
2018-10-08 21:03:21 +08:00
o timeval: fix use of weak symbol clock_gettime() on Apple platforms [61]
2018-10-24 15:22:18 +08:00
o tool_cb_hdr: handle failure of rename() [94]
2018-10-29 15:35:51 +08:00
o travis: add a "make tidy" build that runs clang-tidy [105]
2018-10-24 15:22:18 +08:00
o travis: add build for "configure --disable-verbose" [93]
2018-10-02 06:26:57 +08:00
o travis: bump the Secure Transport build to use xcode [58]
2018-10-17 14:17:04 +08:00
o travis: make distcheck scan for BOM markers [86]
2018-10-29 15:35:51 +08:00
o unit1300: fix stack-use-after-scope AddressSanitizer warning [106]
2018-10-27 17:14:13 +08:00
o urldata: Fix "connecting" comment
2018-09-18 22:45:58 +08:00
o urlglob: improve error message on bad globs [22]
2018-09-22 06:16:57 +08:00
o vtls: fix ssl version "or later" behavior change for many backends [38]
2018-10-17 14:17:04 +08:00
o x509asn1: Fix SAN IP address verification [88]
2018-10-29 15:35:51 +08:00
o x509asn1: always check return code from getASN1Element() [110]
2018-09-18 22:45:58 +08:00
o x509asn1: return CURLE_PEER_FAILED_VERIFICATION on failure to parse cert [6]
2018-10-29 15:35:51 +08:00
o x509asn1: suppress left shift on signed value [111]
This release includes the following known bugs:
o see docs/KNOWN_BUGS (https://curl.haxx.se/docs/knownbugs.html)
This release would not have looked like this without help, code, reports and
advice from friends like these:
2018-10-29 15:35:51 +08:00
Alexey Eremikhin, Brad King, Brian Carpenter, Christian Heimes, Colin Hogben,
2018-10-27 17:14:13 +08:00
Daniel Gustafsson, Daniel Shahaf, Daniel Stenberg, Dario Weißer,
Dave Reisner, Dima Pasechnik, Dmitry Kostjuchenko, Doron Behar,
2018-10-29 15:35:51 +08:00
Eason-Yu on github, Erik Minekus, Even Rouault, Gisle Vanem, Han Han,
Harry Sintonen, jakirkham on github, Jean Fabrice, Jim Fuller, Kamil Dudka,
Loganaden Velvindron, Marcel Raad, Marc Hörsken, Martin Ankerl,
2018-10-24 15:22:18 +08:00
Matthew Whitehead, Max Dymond, Maxime Legros, Michael Kaufmann, Nate Prewitt,
2018-10-29 15:35:51 +08:00
Nicklas Avén, Nick Zitzmann, Patrick Monnerat, Philipp Waehnert, Rainer Jung,
Ray Satiro, Rich Turner, Rick Deist, Ricky-Tigg on github, Rikard Falkeborn,
Ruslan Baratov, Sergei Nikulov, Shaun Jackman, Thomas Glanzmann, Tuomo Rinne,
2018-10-27 17:14:13 +08:00
Viktor Szakats, Yiming Jing,
2018-10-29 15:35:51 +08:00
(49 contributors)
2018-09-09 04:45:45 +08:00
Thanks! (and sorry if I forgot to mention someone)
References to bug reports and discussions on issues:
2018-09-09 04:45:45 +08:00
[1] = https://curl.haxx.se/bug/?i=2705
[2] = https://curl.haxx.se/bug/?i=2941
[3] = https://curl.haxx.se/bug/?i=2937
[4] = https://curl.haxx.se/bug/?i=2709
[5] = https://curl.haxx.se/bug/?i=2942
[6] = https://curl.haxx.se/bug/?i=2901
[7] = https://curl.haxx.se/bug/?i=2668
[8] = https://curl.haxx.se/bug/?i=2896
[9] = https://curl.haxx.se/bug/?i=2789
[10] = https://curl.haxx.se/bug/?i=2724
[11] = https://curl.haxx.se/bug/?i=1641
[12] = https://curl.haxx.se/bug/?i=2842
2018-09-18 22:45:58 +08:00
[13] = https://curl.haxx.se/bug/?i=2959
[14] = https://curl.haxx.se/bug/?i=2962
[15] = https://curl.haxx.se/bug/?i=2957
[16] = https://curl.haxx.se/bug/?i=2948
[17] = https://curl.haxx.se/bug/?i=2955
[18] = https://curl.haxx.se/bug/?i=2407
[19] = https://curl.haxx.se/bug/?i=2980
[20] = https://curl.haxx.se/bug/?i=2979
[21] = https://curl.haxx.se/bug/?i=2972
[22] = https://curl.haxx.se/bug/?i=2763
[23] = https://curl.haxx.se/bug/?i=2984
[24] = https://curl.haxx.se/bug/?i=2966
[25] = https://curl.haxx.se/bug/?i=2985
[26] = https://curl.haxx.se/bug/?i=2986
[27] = https://curl.haxx.se/bug/?i=2983
[28] = https://curl.haxx.se/bug/?i=2989
[29] = https://curl.haxx.se/bug/?i=2992
[30] = https://curl.haxx.se/bug/?i=2999
[31] = https://curl.haxx.se/bug/?i=2991
[32] = https://curl.haxx.se/bug/?i=3005
[33] = https://curl.haxx.se/bug/?i=3004
[34] = https://curl.haxx.se/bug/?i=2996
[35] = https://curl.haxx.se/bug/?i=3001
2018-09-22 06:16:57 +08:00
[36] = https://curl.haxx.se/bug/?i=3016
[37] = https://curl.haxx.se/bug/?i=3014
[38] = https://curl.haxx.se/bug/?i=2969
[39] = https://curl.haxx.se/bug/?i=2971
[40] = https://curl.haxx.se/bug/?i=3029
[41] = https://curl.haxx.se/bug/?i=2697
2018-09-26 16:41:04 +08:00
[42] = https://curl.haxx.se/bug/?i=3032
[43] = https://curl.haxx.se/bug/?i=3030
[44] = https://curl.haxx.se/bug/?i=3033
[45] = https://curl.haxx.se/bug/?i=3036
[46] = https://curl.haxx.se/bug/?i=3039
[47] = https://curl.haxx.se/bug/?i=3026
[48] = https://curl.haxx.se/bug/?i=3023
[49] = https://curl.haxx.se/bug/?i=3042
[50] = https://curl.haxx.se/bug/?i=3044
[51] = https://curl.haxx.se/bug/?i=3046
2018-10-02 06:26:57 +08:00
[52] = https://curl.haxx.se/bug/?i=3050
[53] = https://curl.haxx.se/bug/?i=3006
[54] = https://github.com/curl/curl/issues/2924#issuecomment-424334807
[55] = https://curl.haxx.se/bug/?i=3055
[56] = https://curl.haxx.se/bug/?i=3056
[57] = https://curl.haxx.se/bug/?i=3008
[58] = https://curl.haxx.se/bug/?i=3062
[59] = https://curl.haxx.se/bug/?i=3063
[60] = https://curl.haxx.se/bug/?i=2849
2018-10-06 04:40:02 +08:00
[61] = https://curl.haxx.se/bug/?i=3048
[62] = https://curl.haxx.se/bug/?i=3096
[63] = https://curl.haxx.se/bug/?i=3090
[64] = https://curl.haxx.se/bug/?i=3097
[65] = https://curl.haxx.se/bug/?i=3100
[66] = https://curl.haxx.se/bug/?i=3093
[67] = https://curl.haxx.se/bug/?i=2929
[68] = https://curl.haxx.se/bug/?i=3084
[69] = https://curl.haxx.se/bug/?i=3079
[70] = https://curl.haxx.se/bug/?i=3086
[71] = https://curl.haxx.se/bug/?i=3085
[72] = https://github.com/curl/curl/issues/1751#issuecomment-321522580
[73] = https://curl.haxx.se/bug/?i=3077
[74] = https://curl.haxx.se/bug/?i=3075
2018-10-08 21:03:21 +08:00
[75] = https://curl.haxx.se/bug/?i=3111
[76] = https://curl.haxx.se/bug/?i=3067
[77] = https://curl.haxx.se/bug/?i=3110
[78] = https://curl.haxx.se/bug/?i=3083
[79] = https://curl.haxx.se/bug/?i=3105
[80] = https://curl.haxx.se/bug/?i=2394
[81] = https://curl.haxx.se/bug/?i=3104
2018-10-17 14:17:04 +08:00
[82] = https://curl.haxx.se/bug/?i=3113
[83] = https://curl.haxx.se/bug/?i=3118
[84] = https://curl.haxx.se/bug/?i=3120
[85] = https://curl.haxx.se/bug/?i=3121
[86] = https://curl.haxx.se/bug/?i=3126
[87] = https://curl.haxx.se/bug/?i=3124
[88] = https://curl.haxx.se/bug/?i=3102
2018-10-24 15:22:18 +08:00
[89] = https://curl.haxx.se/bug/?i=3159
[90] = https://curl.haxx.se/bug/?i=3138
[91] = https://curl.haxx.se/bug/?i=3137
[92] = https://curl.haxx.se/bug/?i=3137
[93] = https://curl.haxx.se/bug/?i=3144
[94] = https://curl.haxx.se/bug/?i=3140
2018-10-27 17:14:13 +08:00
[95] = https://curl.haxx.se/bug/?i=3178
[96] = https://curl.haxx.se/bug/?i=3179
[97] = https://curl.haxx.se/bug/?i=3176
[98] = https://curl.haxx.se/bug/?i=3171
[99] = https://curl.haxx.se/bug/?i=3143
[100] = https://curl.haxx.se/bug/?i=3155
[101] = https://curl.haxx.se/bug/?i=3168
[102] = https://curl.haxx.se/bug/?i=3166
[103] = https://curl.haxx.se/bug/?i=3122
[104] = https://curl.haxx.se/bug/?i=3162
2018-10-29 15:35:51 +08:00
[105] = https://curl.haxx.se/bug/?i=3182
[106] = https://curl.haxx.se/bug/?i=3182
[107] = https://curl.haxx.se/docs/CVE-2018-16839.html
[108] = https://curl.haxx.se/docs/CVE-2018-16840.html
[109] = https://curl.haxx.se/bug/?i=3181
[110] = https://curl.haxx.se/bug/?i=3163
[111] = https://curl.haxx.se/bug/?i=3163
[112] = https://curl.haxx.se/bug/?i=3170
[113] = https://curl.haxx.se/bug/?i=3123
[114] = https://curl.haxx.se/docs/CVE-2018-16842.html