diff options
Diffstat (limited to 'RELEASE-NOTES')
-rw-r--r-- | RELEASE-NOTES | 237 |
1 files changed, 8 insertions, 229 deletions
diff --git a/RELEASE-NOTES b/RELEASE-NOTES index a29bf1c5a..098522819 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -1,6 +1,6 @@ -curl and libcurl 7.65.0 +curl and libcurl 7.65.1 - Public curl releases: 181 + Public curl releases: 182 Command line options: 221 curl_easy_setopt() options: 268 Public functions in libcurl: 80 @@ -8,132 +8,12 @@ curl and libcurl 7.65.0 This release includes the following changes: - o CURLOPT_DNS_USE_GLOBAL_CACHE: removed [25] - o CURLOPT_MAXAGE_CONN: set the maximum allowed age for conn reuse [37] - o pipelining: removed [10] - + o + This release includes the following bugfixes: - o CVE-2019-5435: Integer overflows in curl_url_set [87] - o CVE-2019-5436: tftp: use the current blksize for recvfrom() [82] - o --config: clarify that initial : and = might need quoting [17] - o AppVeyor: enable testing for WinSSL build [23] - o CURLMOPT_TIMERFUNCTION.3: warn about the recursive risk [52] - o CURLOPT_ADDRESS_SCOPE: fix range check and more [32] - o CURLOPT_CAINFO.3: with Schannel, you want Windows 8 or later [75] - o CURLOPT_CHUNK_BGN_FUNCTION.3: document the struct and time value [51] - o CURLOPT_READFUNCTION.3: see also CURLOPT_UPLOAD_BUFFERSIZE [71] - o CURL_MAX_INPUT_LENGTH: largest acceptable string input size [44] - o Curl_disconnect: treat all CONNECT_ONLY connections as "dead" [39] - o INTERNALS: Add code highlighting [47] - o OS400/ccsidcurl: replace use of Curl_vsetopt [50] - o OpenSSL: Report -fips in version if OpenSSL is built with FIPS [55] - o README.md: fix no-consecutive-blank-lines Codacy warning [22] - o VC15 project: remove MinimalRebuild - o VS projects: use Unicode for VC10+ [16] - o WRITEFUNCTION: add missing set_in_callback around callback [60] - o altsvc: Fix building with cookies disabled [38] - o auth: Rename the various authentication clean up functions [61] - o base64: build conditionally if there are users - o build-openssl.bat: Fixed support for OpenSSL v1.1.0+ - o build: fix "clarify calculation precedence" warnings [63] - o checksrc.bat: ignore snprintf warnings in docs/examples [67] - o cirrus: Customize the disabled tests per FreeBSD version - o cleanup: remove FIXME and TODO comments [81] - o cmake: avoid linking executable for some tests with cmake 3.6+ [18] - o cmake: clear CMAKE_REQUIRED_LIBRARIES after each use [19] - o cmake: rename CMAKE_USE_DARWINSSL to CMAKE_USE_SECTRANSP [46] - o cmake: set SSL_BACKENDS [12] - o configure: avoid unportable `==' test(1) operator [1] - o configure: error out if OpenSSL wasn't detected when asked for [74] - o configure: fix default location for fish completions [13] - o cookie: Guard against possible NULL ptr deref [42] - o curl: make code work with protocol-disabled libcurl [78] - o curl: report error for "--no-" on non-boolean options [86] - o curl_easy_getinfo.3: fix minor formatting mistake - o curlver.h: use parenthesis in CURL_VERSION_BITS macro [45] - o docs/BUG-BOUNTY: bug bounty time [48] - o docs/INSTALL: fix broken link [62] - o docs/RELEASE-PROCEDURE: link to live iCalendar [79] - o documentation: Fix several typos [7] - o doh: acknowledge CURL_DISABLE_DOH - o doh: disable DOH for the cases it doesn't work [66] - o examples: remove unused variables [88] - o ftplistparser: fix LGTM alert "Empty block without comment" [14] - o hostip: acknowledge CURL_DISABLE_SHUFFLE_DNS [78] - o http: Ignore HTTP/2 prior knowledge setting for HTTP proxies [54] - o http: acknowledge CURL_DISABLE_HTTP_AUTH - o http: mark bundle as not for multiuse on < HTTP/2 response [41] - o http_digest: Don't expose functions when HTTP and Crypto Auth are disabled [65] - o http_negotiate: do not treat failure of gss_init_sec_context() as fatal [53] - o http_ntlm: Corrected the name of the include guard [64] - o http_ntlm_wb: Handle auth for only a single request [77] - o http_ntlm_wb: Return the correct error on receiving an empty auth message [77] - o lib509: add missing include for strdup [22] - o lib557: initialize variables [22] - o makedebug: Fix ERRORLEVEL detection after running where.exe [58] - o mbedtls: enable use of EC keys [85] - o mime: acknowledge CURL_DISABLE_MIME - o multi: improved HTTP_1_1_REQUIRED handling [2] - o netrc: acknowledge CURL_DISABLE_NETRC [78] - o nss: allow fifos and character devices for certificates [56] - o nss: provide more specific error messages on failed init [43] - o ntlm: Fix misaligned function comments for Curl_auth_ntlm_cleanup [70] - o ntlm: Support the NT response in the type-3 when OpenSSL doesn't include MD4 - o openssl: mark connection for close on TLS close_notify [36] - o openvms: Remove pre-processor for SecureTransport [40] - o openvms: Remove pre-processors for Windows [40] - o parse_proxy: use the URL parser API [72] - o parsedate: disabled on CURL_DISABLE_PARSEDATE - o pingpong: disable more when no pingpong protocols are enabled - o polarssl_threadlock: remove conditionally unused code [22] - o progress: acknowledge CURL_DISABLE_PROGRESS_METER [78] - o proxy: acknowledge DISABLE_PROXY more - o resolve: apply Happy Eyeballs philosophy to parallel c-ares queries [3] - o revert "multi: support verbose conncache closure handle" [69] - o sasl: Don't send authcid as authzid for the PLAIN mechanism as per RFC 4616 - o sasl: only enable if there's a protocol enabled using it - o scripts: fix typos - o singleipconnect: show port in the verbose "Trying ..." message - o smtp: fix compiler warning [15] - o socks5: user name and passwords must be shorter than 256 [8] - o socks: fix error message - o socksd: new SOCKS 4+5 server for tests [31] - o spnego_gssapi: fix return code on gss_init_sec_context() failure [53] - o ssh-libssh: remove unused variable [83] - o ssh: define USE_SSH if SSH is enabled (any backend) [57] - o ssh: move variable declaration to where it's used [83] - o test1002: correct the name - o test2100: Fix typos in test description - o tests/server/util: fix Windows Unicode build [21] - o tests: Run global cleanup at end of tests [29] - o tests: make Impacket (SMB server) Python 3 compatible [11] - o tool_cb_wrt: fix bad-function-cast warning [5] - o tool_formparse: remove redundant assignment [83] - o tool_help: Warn if curl and libcurl versions do not match [28] - o tool_help: include <strings.h> for strcasecmp [4] - o transfer: fix LGTM alert "Comparison is always true" [14] - o travis: add an osx http-only build [80] - o travis: allow builds on branches named "ci" - o travis: install dependencies only when needed [24] - o travis: update some builds do Xenial [30] - o travis: updated mesalink builds [35] - o url: always clone the CUROPT_CURLU handle [26] - o url: convert the zone id from a IPv6 URL to correct scope id [89] - o urlapi: add CURLUPART_ZONEID to set and get [59] - o urlapi: increase supported scheme length to 40 bytes [84] - o urlapi: require a non-zero host name length when parsing URL [73] - o urlapi: stricter CURLUPART_PORT parsing [33] - o urlapi: strip off zone id from numerical IPv6 addresses [49] - o urlapi: urlencode characters above 0x7f correctly [9] - o vauth/cleartext: update the PLAIN login to match RFC 4616 [27] - o vauth/oauth2: Fix OAUTHBEARER token generation [6] - o vauth: Fix incorrect function description for Curl_auth_user_contains_domain [68] - o vtls: fix potential ssl_buffer stack overflow [76] - o wildcard: disable from build when FTP isn't present - o winbuild: Support MultiSSL builds [34] - o xattr: skip unittest on unsupported platforms [20] - + o + This release includes the following known bugs: o see docs/KNOWN_BUGS (https://curl.haxx.se/docs/knownbugs.html) @@ -141,110 +21,9 @@ This release includes the following known bugs: This release would not have looked like this without help, code, reports and advice from friends like these: - Aron Bergman, Brad Spencer, cclauss on github, Dan Fandrich, - Daniel Gustafsson, Daniel Stenberg, Eli Schwartz, Even Rouault, - Frank Gevaerts, Gisle Vanem, GitYuanQu on github, Guy Poizat, Isaiah Norton, - Jakub Zakrzewski, Jan Ehrhardt, Jeroen Ooms, Jonathan Cardoso Machado, - Jonathan Moerman, Joombalaya on github, Kamil Dudka, Kristoffer Gleditsch, - l00p3r on hackerone, Leonardo Taccari, Marcel Raad, Mert Yazıcıoğlu, - nevv on HackerOne/curl, niner on github, Olen Andoni, Omar Ramadan, - Paolo Mossino, Patrick Monnerat, Po-Chuan Hsieh, Poul T Lomholt, Ray Satiro, - Reed Loden, Ricardo Gomes, Ricky Leverence, Rikard Falkeborn, Roy Bellingan, - Simon Warta, Steve Holme, Taiyu Len, Tim Rühsen, Tom van der Woerdt, - Tseng Jun, Viktor Szakats, Wenchao Li, Wyatt O'Day, XmiliaH on github, - Yiming Jing, - (50 contributors) - + Thanks! (and sorry if I forgot to mention someone) References to bug reports and discussions on issues: - [1] = https://curl.haxx.se/bug/?i=3709 - [2] = https://curl.haxx.se/bug/?i=3707 - [3] = https://curl.haxx.se/bug/?i=3699 - [4] = https://curl.haxx.se/bug/?i=3715 - [5] = https://curl.haxx.se/bug/?i=3718 - [6] = https://curl.haxx.se/bug/?i=2487 - [7] = https://curl.haxx.se/bug/?i=3724 - [8] = https://curl.haxx.se/bug/?i=3737 - [9] = https://curl.haxx.se/bug/?i=3741 - [10] = https://curl.haxx.se/bug/?i=3651 - [11] = https://curl.haxx.se/bug/?i=3731 - [12] = https://curl.haxx.se/bug/?i=3736 - [13] = https://curl.haxx.se/bug/?i=3723 - [14] = https://curl.haxx.se/bug/?i=3732 - [15] = https://curl.haxx.se/bug/?i=3729 - [16] = https://curl.haxx.se/bug/?i=3720 - [17] = https://curl.haxx.se/bug/?i=3738 - [18] = https://curl.haxx.se/bug/?i=3744 - [19] = https://curl.haxx.se/bug/?i=3743 - [20] = https://curl.haxx.se/bug/?i=3759 - [21] = https://curl.haxx.se/bug/?i=3758 - [22] = https://curl.haxx.se/bug/?i=3739 - [23] = https://curl.haxx.se/bug/?i=3725 - [24] = https://curl.haxx.se/bug/?i=3721 - [25] = https://curl.haxx.se/bug/?i=3654 - [26] = https://curl.haxx.se/bug/?i=3753 - [27] = https://curl.haxx.se/bug/?i=3757 - [28] = https://curl.haxx.se/bug/?i=3774 - [29] = https://curl.haxx.se/bug/?i=3783 - [30] = https://curl.haxx.se/bug/?i=3777 - [31] = https://curl.haxx.se/bug/?i=3752 - [32] = https://curl.haxx.se/bug/?i=3713 - [33] = https://curl.haxx.se/bug/?i=3762 - [34] = https://curl.haxx.se/bug/?i=3772 - [35] = https://curl.haxx.se/bug/?i=3823 - [36] = https://curl.haxx.se/bug/?i=3750 - [37] = https://curl.haxx.se/bug/?i=3782 - [38] = https://curl.haxx.se/bug/?i=3717 - [39] = https://curl.haxx.se/mail/lib-2019-04/0052.html - [40] = https://curl.haxx.se/bug/?i=3768 - [41] = https://curl.haxx.se/bug/?i=3813 - [42] = https://curl.haxx.se/bug/?i=3820 - [43] = https://curl.haxx.se/bug/?i=3808 - [44] = https://curl.haxx.se/bug/?i=3805 - [45] = https://curl.haxx.se/bug/?i=3809 - [46] = https://curl.haxx.se/bug/?i=3769 - [47] = https://curl.haxx.se/bug/?i=3801 - [48] = https://curl.haxx.se/bug/?i=3488 - [49] = https://curl.haxx.se/bug/?i=3817 - [50] = https://curl.haxx.se/bug/?i=3833 - [51] = https://curl.haxx.se/bug/?i=3829 - [52] = https://curl.haxx.se/bug/?i=3537 - [53] = https://curl.haxx.se/bug/?i=3726 - [54] = https://curl.haxx.se/bug/?i=3570 - [55] = https://curl.haxx.se/bug/?i=3771 - [56] = https://curl.haxx.se/bug/?i=3807 - [57] = https://curl.haxx.se/bug/?i=3846 - [58] = https://curl.haxx.se/bug/?i=3838 - [59] = https://curl.haxx.se/bug/?i=3834 - [60] = https://curl.haxx.se/bug/?i=3837 - [61] = https://curl.haxx.se/bug/?i=3869 - [62] = https://curl.haxx.se/bug/?i=3818 - [63] = https://curl.haxx.se/bug/?i=3866 - [64] = https://curl.haxx.se/bug/?i=3867 - [65] = https://curl.haxx.se/bug/?i=3861 - [66] = https://curl.haxx.se/bug/?i=3850 - [67] = https://curl.haxx.se/bug/?i=3862 - [68] = https://curl.haxx.se/bug/?i=3860 - [69] = https://curl.haxx.se/bug/?i=3856 - [70] = https://curl.haxx.se/bug/?i=3858 - [71] = https://curl.haxx.se/bug/?i=3885 - [72] = https://curl.haxx.se/bug/?i=3878 - [73] = https://curl.haxx.se/bug/?i=3880 - [74] = https://curl.haxx.se/bug/?i=3824 - [75] = https://curl.haxx.se/bug/?i=3711 - [76] = https://curl.haxx.se/bug/?i=3863 - [77] = https://curl.haxx.se/bug/?i=3894 - [78] = https://curl.haxx.se/bug/?i=3844 - [79] = https://curl.haxx.se/bug/?i=3895 - [80] = https://curl.haxx.se/bug/?i=3887 - [81] = https://curl.haxx.se/bug/?i=3876 - [82] = https://curl.haxx.se/docs/CVE-2019-5436.html - [83] = https://curl.haxx.se/bug/?i=3873 - [84] = https://curl.haxx.se/bug/?i=3905 - [85] = https://curl.haxx.se/bug/?i=3892 - [86] = https://curl.haxx.se/bug/?i=3906 - [87] = https://curl.haxx.se/docs/CVE-2019-5435.html - [88] = https://curl.haxx.se/bug/?i=3908 - [89] = https://curl.haxx.se/bug/?i=3902 + [1] = https://curl.haxx.se/bug/?i= |