mirror of
https://github.com/curl/curl.git
synced 2024-11-27 05:50:21 +08:00
191 lines
8.6 KiB
Plaintext
191 lines
8.6 KiB
Plaintext
curl and libcurl 7.64.0
|
|
|
|
Public curl releases: 179
|
|
Command line options: 220
|
|
curl_easy_setopt() options: 265
|
|
Public functions in libcurl: 80
|
|
Contributors: 1875
|
|
|
|
This release includes the following changes:
|
|
|
|
o cookies: leave secure cookies alone [3]
|
|
o hostip: support wildcard hosts [23]
|
|
o http: Implement trailing headers for chunked transfers [7]
|
|
o http: added options for allowing HTTP/0.9 responses [10]
|
|
o timeval: Use high resolution timestamps on Windows [19]
|
|
|
|
This release includes the following bugfixes:
|
|
|
|
o CVE-2018-16890: NTLM type-2 out-of-bounds buffer read [67]
|
|
o CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow [68]
|
|
o CVE-2019-3823: SMTP end-of-response out-of-bounds read [66]
|
|
o FAQ: remove mention of sourceforge for github [22]
|
|
o OS400: handle memory error in list conversion [4]
|
|
o OS400: upgrade ILE/RPG binding.
|
|
o README: add codacy code quality badge
|
|
o Revert http_negotiate: do not close connection [31]
|
|
o THANKS: added several missing names from year <= 2000
|
|
o build: make 'tidy' target work for metalink builds
|
|
o cmake: added checks for variadic macros [47]
|
|
o cmake: updated check for HAVE_POLL_FINE to match autotools [39]
|
|
o cmake: use lowercase for function name like the rest of the code [20]
|
|
o configure: detect xlclang separately from clang [41]
|
|
o configure: fix recv/send/select detection on Android [53]
|
|
o configure: rewrite --enable-code-coverage [61]
|
|
o conncache_unlock: avoid indirection by changing input argument type
|
|
o cookie: fix comment typo [44]
|
|
o cookies: allow secure override when done over HTTPS [34]
|
|
o cookies: extend domain checks to non psl builds [12]
|
|
o cookies: skip custom cookies when redirecting cross-site [36]
|
|
o curl --xattr: strip credentials from any URL that is stored [33]
|
|
o curl -J: refuse to append to the destination file [14]
|
|
o curl/urlapi.h: include "curl.h" first [30]
|
|
o curl_multi_remove_handle() don't block terminating c-ares requests [32]
|
|
o darwinssl: accept setting max-tls with default min-tls [6]
|
|
o disconnect: separate connections and easy handles better [18]
|
|
o disconnect: set conn->data for protocol disconnect
|
|
o docs/version.d: mention MultiSSL [26]
|
|
o docs: fix the --tls-max description [2]
|
|
o docs: use $(INSTALL_DATA) to install man page [64]
|
|
o docs: use meaningless port number in CURLOPT_LOCALPORT example [58]
|
|
o gopher: always include the entire gopher-path in request [5]
|
|
o http2: clear pause stream id if it gets closed [8]
|
|
o if2ip: remove unused function Curl_if_is_interface_name [9]
|
|
o libssh: do not let libssh create socket [63]
|
|
o libssh: enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION for libssh [62]
|
|
o libssh: free sftp_canonicalize_path() data correctly [17]
|
|
o libtest/stub_gssapi: use "real" snprintf [27]
|
|
o mbedtls: use VERIFYHOST [15]
|
|
o multi: multiplexing improvements [35]
|
|
o multi: set the EXPIRE_*TIMEOUT timers at TIMER_STARTSINGLE time [57]
|
|
o ntlm: fix NTMLv2 compliance [25]
|
|
o ntlm_sspi: add support for channel binding [54]
|
|
o openssl: adapt to 3.0.0, OpenSSL_version_num() is deprecated [46]
|
|
o openssl: fix the SSL_get_tlsext_status_ocsp_resp call [40]
|
|
o openvms: fix OpenSSL discovery on VAX [21]
|
|
o openvms: fix typos in documentation
|
|
o os400: add a missing closing bracket [50]
|
|
o os400: fix extra parameter syntax error [50]
|
|
o pingpong: change default response timeout to 120 seconds
|
|
o pingpong: ignore regular timeout in disconnect phase [16]
|
|
o printf: fix format specifiers [28]
|
|
o runtests.pl: Fix perl call to include srcdir [65]
|
|
o schannel: fix compiler warning [29]
|
|
o schannel: preserve original certificate path parameter [52]
|
|
o schannel: stop calling it "winssl" [56]
|
|
o sigpipe: if mbedTLS is used, ignore SIGPIPE [59]
|
|
o smb: fix incorrect path in request if connection reused [13]
|
|
o ssh: log the libssh2 error message when ssh session startup fails [55]
|
|
o test1558: verify CURLINFO_PROTOCOL on file:// transfer [51]
|
|
o test1561: improve test name
|
|
o test1653: make it survive torture tests
|
|
o tests: allow tests to pass by 2037-02-12 [38]
|
|
o tests: move objnames-* from lib into tests [42]
|
|
o timediff: fix math for unsigned time_t [37]
|
|
o timeval: Disable MSVC Analyzer GetTickCount warning [60]
|
|
o tool_cb_prg: avoid integer overflow [49]
|
|
o travis: added cmake build for osx [43]
|
|
o urlapi: Fix port parsing of eol colon [1]
|
|
o urlapi: distinguish possibly empty query [5]
|
|
o urlapi: fix parsing ipv6 with zone index [24]
|
|
o urldata: rename easy_conn to just conn [48]
|
|
o winbuild: conditionally use /DZLIB_WINAPI [45]
|
|
o wolfssl: fix memory-leak in threaded use [11]
|
|
o spnego_sspi: add support for channel binding [69]
|
|
|
|
This release includes the following known bugs:
|
|
|
|
o see docs/KNOWN_BUGS (https://curl.haxx.se/docs/knownbugs.html)
|
|
|
|
This release would not have looked like this without help, code, reports and
|
|
advice from friends like these:
|
|
|
|
Alessandro Ghedini, Andrei Neculau, Archangel SDY, Ayoub Boudhar, Ben Kohler,
|
|
Bernhard M. Wiedemann, Brad Spencer, Brian Carpenter, Claes Jakobsson,
|
|
Daniel Gustafsson, Daniel Stenberg, David Garske, dnivras on github,
|
|
Eric Rosenquist, Etienne Simard, Felix Hädicke, Florian Pritz,
|
|
Frank Gevaerts, Giorgos Oikonomou, Gisle Vanem, GitYuanQu on github,
|
|
Haibo Huang, Harry Sintonen, Helge Klein, Huzaifa Sidhpurwala,
|
|
jasal82 on github, Jeremie Rapin, Jeroen Ooms, Joel Depooter, John Marshall,
|
|
jonrumsey on github, Julian Z, Kamil Dudka, Katsuhiko YOSHIDA, Kees Dekker,
|
|
Ladar Levison, Leonardo Taccari, Marcel Raad, Markus Moeller,
|
|
masbug on github, Matus Uzak, Michael Kujawa, Patrick Monnerat, Pavel Pavlov,
|
|
Peng Li, Ray Satiro, Rikard Falkeborn, Ruslan Baratov, Sergei Nikulov,
|
|
Shlomi Fish, Tobias Lindgren, Tom van der Woerdt, Viktor Szakats,
|
|
Wenxiang Qian, William A. Rowe Jr, Zhao Yisha,
|
|
(56 contributors)
|
|
|
|
Thanks! (and sorry if I forgot to mention someone)
|
|
|
|
References to bug reports and discussions on issues:
|
|
|
|
[1] = https://curl.haxx.se/bug/?i=3365
|
|
[2] = https://curl.haxx.se/bug/?i=3368
|
|
[3] = https://curl.haxx.se/bug/?i=2956
|
|
[4] = https://curl.haxx.se/bug/?i=3372
|
|
[5] = https://curl.haxx.se/bug/?i=3369
|
|
[6] = https://curl.haxx.se/bug/?i=3367
|
|
[7] = https://curl.haxx.se/bug/?i=3350
|
|
[8] = https://curl.haxx.se/bug/?i=3392
|
|
[9] = https://curl.haxx.se/bug/?i=3401
|
|
[10] = https://curl.haxx.se/bug/?i=2873
|
|
[11] = https://curl.haxx.se/bug/?i=3395
|
|
[12] = https://curl.haxx.se/bug/?i=2964
|
|
[13] = https://curl.haxx.se/bug/?i=3388
|
|
[14] = https://curl.haxx.se/bug/?i=3380
|
|
[15] = https://curl.haxx.se/bug/?i=3376
|
|
[16] = https://curl.haxx.se/bug/?i=3264
|
|
[17] = https://curl.haxx.se/bug/?i=3402
|
|
[18] = https://curl.haxx.se/bug/?i=3400
|
|
[19] = https://curl.haxx.se/bug/?i=3318
|
|
[20] = https://curl.haxx.se/bug/?i=3196
|
|
[21] = https://curl.haxx.se/bug/?i=3407
|
|
[22] = https://curl.haxx.se/bug/?i=3410
|
|
[23] = https://curl.haxx.se/bug/?i=3406
|
|
[24] = https://curl.haxx.se/bug/?i=3411
|
|
[25] = https://curl.haxx.se/bug/?i=3286
|
|
[26] = https://curl.haxx.se/bug/?i=3432
|
|
[27] = https://curl.haxx.se/mail/lib-2019-01/0000.html
|
|
[28] = https://curl.haxx.se/bug/?i=3426
|
|
[29] = https://curl.haxx.se/bug/?i=3435
|
|
[30] = https://curl.haxx.se/bug/?i=3438
|
|
[31] = https://curl.haxx.se/bug/?i=3384
|
|
[32] = https://curl.haxx.se/bug/?i=3371
|
|
[33] = https://curl.haxx.se/bug/?i=3423
|
|
[34] = https://curl.haxx.se/bug/?i=3445
|
|
[35] = https://curl.haxx.se/bug/?i=3436
|
|
[36] = https://curl.haxx.se/bug/?i=3417
|
|
[37] = https://curl.haxx.se/bug/?i=3449
|
|
[38] = https://curl.haxx.se/bug/?i=3443
|
|
[39] = https://curl.haxx.se/bug/?i=3292
|
|
[40] = https://curl.haxx.se/bug/?i=3477
|
|
[41] = https://curl.haxx.se/bug/?i=3474
|
|
[42] = https://curl.haxx.se/bug/?i=3470
|
|
[43] = https://curl.haxx.se/bug/?i=3468
|
|
[44] = https://curl.haxx.se/bug/?i=3469
|
|
[45] = https://curl.haxx.se/bug/?i=3133
|
|
[46] = https://curl.haxx.se/bug/?i=3462
|
|
[47] = https://curl.haxx.se/bug/?i=3459
|
|
[48] = https://curl.haxx.se/bug/?i=3442
|
|
[49] = https://curl.haxx.se/bug/?i=3456
|
|
[50] = https://curl.haxx.se/bug/?i=3453
|
|
[51] = https://curl.haxx.se/bug/?i=3447
|
|
[52] = https://curl.haxx.se/bug/?i=3480
|
|
[53] = https://curl.haxx.se/bug/?i=3484
|
|
[54] = https://curl.haxx.se/bug/?i=3280
|
|
[55] = https://curl.haxx.se/bug/?i=3481
|
|
[56] = https://curl.haxx.se/bug/?i=3504
|
|
[57] = https://curl.haxx.se/mail/lib-2019-01/0073.html
|
|
[58] = https://curl.haxx.se/bug/?i=3513
|
|
[59] = https://curl.haxx.se/bug/?i=3502
|
|
[60] = https://curl.haxx.se/bug/?i=3437
|
|
[61] = https://curl.haxx.se/bug/?i=3497
|
|
[62] = https://curl.haxx.se/bug/?i=3493
|
|
[63] = https://curl.haxx.se/bug/?i=3491
|
|
[64] = https://curl.haxx.se/bug/?i=3518
|
|
[65] = https://curl.haxx.se/bug/?i=3496
|
|
[66] = https://curl.haxx.se/docs/CVE-2019-3823.html
|
|
[67] = https://curl.haxx.se/docs/CVE-2018-16890.html
|
|
[68] = https://curl.haxx.se/docs/CVE-2019-3822.html
|
|
[69] = https://curl.haxx.se/bug/?i=3503
|