From 61a51e0e12ed84a504a0a10be6b166a910f22ff2 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 5 Sep 2018 10:22:54 +0200 Subject: RELEASE-NOTES: start working on 7.62.0 --- RELEASE-NOTES | 205 +++---------------------------------------------- include/curl/curlver.h | 8 +- 2 files changed, 13 insertions(+), 200 deletions(-) diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 0d8d27817..8023038fd 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -1,115 +1,18 @@ -Curl and libcurl 7.61.1 +Curl and libcurl 7.62.0 - Public curl releases: 176 + Public curl releases: 177 Command line options: 218 curl_easy_setopt() options: 258 Public functions in libcurl: 74 Contributors: 1787 +This release includes the following changes: + + o + This release includes the following bugfixes: - o security advisory (CVE-2018-14618): NTLM password overflow via integer overflow [73] - o CURLINFO_SIZE_UPLOAD: fix missing counter update [46] - o CURLOPT_ACCEPT_ENCODING.3: list them comma-separated - o CURLOPT_SSL_CTX_FUNCTION.3: might cause accidental connection reuse [72] - o Curl_getoff_all_pipelines: improved for multiplexed [3] - o DEPRECATE: remove release date from 7.62.0 - o HTTP: Don't attempt to needlessly decompress redirect body [30] - o INTERNALS: require GnuTLS >= 2.11.3 [62] - o README.md: add LGTM.com code quality grade for C/C++ [42] - o SSLCERTS: improve the openssl command line - o Silence GCC 8 cast-function-type warnings [47] - o ares: check for NULL in completed-callback [3] - o asyn-thread: Remove unused macro [40] - o auth: only pick CURLAUTH_BEARER if we *have* a Bearer token [15] - o auth: pick Bearer authentication whenever a token is available [15] - o cmake: CMake config files are defining CURL_STATICLIB for static builds [54] - o cmake: Respect BUILD_SHARED_LIBS [35] - o cmake: Update scripts to use consistent style [9] - o cmake: bumped minimum version to 3.4 [34] - o cmake: link curl to the OpenSSL targets instead of lib absolute paths [34] - o configure: conditionally enable pedantic-errors [64] - o configure: fix for -lpthread detection with OpenSSL and pkg-config [38] - o conn: remove the boolean 'inuse' field [3] - o content_encoding: accept up to 4 unknown trailer bytes after raw deflate data [5] - o cookie tests: treat files as text - o cookies: support creation-time attribute for cookies [75] - o curl: Fix segfault when -H @headerfile is empty [23] - o curl: add http code 408 to transient list for --retry [78] - o curl: fix time-of-check, time-of-use race in dir creation [71] - o curl: use Content-Disposition before the "URL end" for -OJ [29] - o curl: warn the user if a given file name looks like an option [56] - o curl_threads: silence bad-function-cast warning [69] - o darwinssl: add support for ALPN negotiation [7] - o docs/CURLOPT_URL: fix indentation [20] - o docs/CURLOPT_WRITEFUNCTION: size is always 1 [19] - o docs/SECURITY-PROCESS: mention bounty, drop pre-notify - o docs/examples: add hiperfifo example using linux epoll/timerfd [21] - o docs: add disallow-username-in-url.d and haproxy-protocol.d to dist [50] - o docs: clarify NO_PROXY env variable functionality [70] - o docs: improved the manual pages of some callbacks [48] - o docs: mention NULL is fine input to several functions [43] - o formdata: Remove unused macro HTTPPOST_CONTENTTYPE_DEFAULT [40] - o gopher: Do not translate `?' to `%09' [67] - o header output: switch off all styles, not just unbold [8] - o hostip: fix unused variable warning - o http2: Use correct format identifier for stream_id [77] - o http2: abort the send_callback if not setup yet [63] - o http2: avoid set_stream_user_data() before stream is assigned [61] - o http2: check nghttp2_session_set_stream_user_data return code [55] - o http2: clear the drain counter in Curl_http2_done [27] - o http2: make sure to send after RST_STREAM [58] - o http2: separate easy handle from connections better [12] - o http: fix for tiny "HTTP/0.9" response [51] - o http_proxy: Remove unused macro SELECT_TIMEOUT [40] - o lib/Makefile: only do symbol hiding if told to [32] - o lib1502: fix memory leak in torture test [44] - o lib1522: fix curl_easy_setopt argument type - o libcurl-thread.3: expand somewhat on the NO_SIGNAL motivation [66] - o mime: check Curl_rand_hex's return code [22] - o multi: always do the COMPLETED procedure/state [3] - o openssl: assume engine support in 1.0.0 or later [2] - o openssl: fix debug messages [39] - o projects: Improve Windows perl detection in batch scripts [49] - o retry: return error if rewind was necessary but didn't happen [28] - o reuse_conn(): memory leak - free old_conn->options [17] - o schannel: client certificate store opening fix [68] - o schannel: enable CALG_TLS1PRF for w32api >= 5.1 - o schannel: fix MinGW compile break [1] - o sftp: don't send post-qoute sequence when retrying a connection [79] - o smb: fix memory leak on early failure [26] - o smb: fix memory-leak in URL parse error path [4] - o smb_getsock: always wait for write socket too [11] - o ssh-libssh: fix infinite connect loop on invalid private key [53] - o ssh-libssh: reduce excessive verbose output about pubkey auth [53] - o ssh-libssh: use FALLTHROUGH to silence gcc8 [76] - o ssl: set engine implicitly when a PKCS#11 URI is provided [36] - o sws: handle EINTR when calling select() [24] - o system_win32: fix version checking [16] - o telnet: Remove unused macros TELOPTS and TELCMDS [40] - o test1143: disable MSYS2's POSIX path conversion [10] - o test1148: disable if decimal separator is not point [65] - o test1307: (fnmatch testing) disabled [31] - o test1422: add required file feature [6] - o test1531: Add timeout [41] - o test1540: Remove unused macro TEST_HANG_TIMEOUT [40] - o test214: disable MSYS2's POSIX path conversion for URL - o test320: treat curl320.out file as binary [14] - o tests/http_pipe.py: Use /usr/bin/env to find python - o tests: Don't use Windows path %PWD for SSH tests [74] - o tests: fixes for Windows line endlings [13] - o tool_operate: Fix setting proxy TLS 1.3 ciphers - o travis: build darwinssl on macos 10.12 to fix linker errors [33] - o travis: execute "set -eo pipefail" for coverage build [45] - o travis: run a 'make checksrc' too [25] - o travis: update to GCC-8 [52] - o travis: verify that man pages can be regenerated [50] - o upload: allocate upload buffer on-demand [60] - o upload: change default UPLOAD_BUFSIZE to 64KB [60] - o urldata: remove unused pipe_broke struct field [57] - o vtls: reinstantiate engine on duplicated handles [59] - o windows: implement send buffer tuning [37] - o wolfSSL/CyaSSL: Fix memory leak in Curl_cyassl_random [18] + o This release includes the following known bugs: @@ -118,99 +21,9 @@ This release includes the following known bugs: This release would not have looked like this without help, code, reports and advice from friends like these: - adnn on github, Anderson Toshiyuki Sasaki, Andrei Virtosu, Anton Gerasimov, - Bas van Schaik, Carie Pointer, Christopher Head, clbr on github, - Dan Fandrich, Daniel Gustafsson, Daniel Jeliński, Daniel Stenberg, - Darío Hereñú, Even Rouault, Harry Sintonen, Ihor Karpenko, Jakub Zakrzewski, - Jeffrey Walton, Jeroen Ooms, Johannes Schindelin, John Butterfield, - Josh Bialkowski, Kamil Dudka, Kirill Marchuk, Laurent Bonnans, - Leonardo Taccari, Marcel Raad, Markus Elfring, Michael Kaufmann, - Nick Zitzmann, Nikos Mavrogiannopoulos, Patrick Monnerat, Paul Howarth, - Przemysław Tomaszewski, pszemus on github, Ran Mozes, Ray Satiro, - Rikard Falkeborn, Rodger Combs, Ruslan Baratov, Sergei Nikulov, - Thomas Klausner, Tobias Blomberg, Viktor Szakats, Zero King, Zhaoyang Wu, - (46 contributors) - + Thanks! (and sorry if I forgot to mention someone) References to bug reports and discussions on issues: - [1] = https://github.com/curl/curl/pull/2721#issuecomment-403636043 - [2] = https://curl.haxx.se/bug/?i=2732 - [3] = https://curl.haxx.se/bug/?i=2733 - [4] = https://curl.haxx.se/bug/?i=2740 - [5] = https://curl.haxx.se/bug/?i=2719 - [6] = https://curl.haxx.se/bug/?i=2741 - [7] = https://curl.haxx.se/bug/?i=2731 - [8] = https://curl.haxx.se/bug/?i=2736 - [9] = https://curl.haxx.se/bug/?i=2727 - [10] = https://curl.haxx.se/bug/?i=2765 - [11] = https://curl.haxx.se/bug/?i=2768 - [12] = https://curl.haxx.se/bug/?i=2751 - [13] = https://curl.haxx.se/bug/?i=2772 - [14] = https://curl.haxx.se/bug/?i=2776 - [15] = https://curl.haxx.se/bug/?i=2754 - [16] = https://curl.haxx.se/bug/?i=2792 - [17] = https://curl.haxx.se/bug/?i=2790 - [18] = https://curl.haxx.se/bug/?i=2784 - [19] = https://curl.haxx.se/bug/?i=2787 - [20] = https://curl.haxx.se/bug/?i=2788 - [21] = https://curl.haxx.se/bug/?i=2804 - [22] = https://curl.haxx.se/bug/?i=2795 - [23] = https://curl.haxx.se/bug/?i=2797 - [24] = https://curl.haxx.se/bug/?i=2808 - [25] = https://curl.haxx.se/bug/?i=2811 - [26] = https://curl.haxx.se/bug/?i=2769 - [27] = https://curl.haxx.se/bug/?i=2800 - [28] = https://curl.haxx.se/bug/?i=2801 - [29] = https://curl.haxx.se/bug/?i=2783 - [30] = https://curl.haxx.se/bug/?i=2798 - [31] = https://curl.haxx.se/bug/?i=2825 - [32] = https://curl.haxx.se/bug/?i=2830 - [33] = https://curl.haxx.se/bug/?i=2835 - [34] = https://curl.haxx.se/bug/?i=2753 - [35] = https://curl.haxx.se/bug/?i=2755 - [36] = https://curl.haxx.se/bug/?i=2333 - [37] = https://curl.haxx.se/mail/lib-2018-07/0080.html - [38] = https://curl.haxx.se/bug/?i=2848 - [39] = https://curl.haxx.se/bug/?i=2806 - [40] = https://curl.haxx.se/bug/?i=2852 - [41] = https://curl.haxx.se/bug/?i=2853 - [42] = https://curl.haxx.se/bug/?i=2857 - [43] = https://curl.haxx.se/bug/?i=2837 - [44] = https://curl.haxx.se/bug/?i=2861 - [45] = https://curl.haxx.se/bug/?i=2862 - [46] = https://curl.haxx.se/bug/?i=2847 - [47] = https://curl.haxx.se/bug/?i=2860 - [48] = https://curl.haxx.se/bug/?i=2868 - [49] = https://curl.haxx.se/bug/?i=2865 - [50] = https://curl.haxx.se/bug/?i=2856 - [51] = https://curl.haxx.se/bug/?i=2420 - [52] = https://curl.haxx.se/bug/?i=2869 - [53] = https://curl.haxx.se/bug/?i=2879 - [54] = https://curl.haxx.se/bug/?i=2817 - [55] = https://curl.haxx.se/bug/?i=2880 - [56] = https://curl.haxx.se/bug/?i=2885 - [57] = https://curl.haxx.se/bug/?i=2871 - [58] = https://curl.haxx.se/bug/?i=2882 - [59] = https://curl.haxx.se/bug/?i=2829 - [60] = https://curl.haxx.se/bug/?i=2892 - [61] = https://curl.haxx.se/bug/?i=2894 - [62] = https://curl.haxx.se/bug/?i=2890 - [63] = https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10012 - [64] = https://curl.haxx.se/bug/?i=2747 - [65] = https://curl.haxx.se/bug/?i=2786 - [66] = https://curl.haxx.se/bug/?i=2904 - [67] = https://curl.haxx.se/bug/?i=2910 - [68] = https://curl.haxx.se/mail/lib-2018-08/0198.html - [69] = https://curl.haxx.se/bug/?i=2908 - [70] = https://curl.haxx.se/bug/?i=2773 - [71] = https://curl.haxx.se/bug/?i=2739 - [72] = https://curl.haxx.se/bug/?i=2915 - [73] = https://curl.haxx.se/docs/CVE-2018-14618.html - [74] = https://curl.haxx.se/bug/?i=2920 - [75] = https://curl.haxx.se/bug/?i=2524 - [76] = https://curl.haxx.se/bug/?i=2922 - [77] = https://curl.haxx.se/bug/?i=2928 - [78] = https://curl.haxx.se/bug/?i=2925 - [79] = https://curl.haxx.se/bug/?i=2939 + [1] = https://curl.haxx.se/bug/?i= diff --git a/include/curl/curlver.h b/include/curl/curlver.h index 12b2f9f91..6c111dad7 100644 --- a/include/curl/curlver.h +++ b/include/curl/curlver.h @@ -30,13 +30,13 @@ /* This is the version number of the libcurl package from which this header file origins: */ -#define LIBCURL_VERSION "7.61.1-DEV" +#define LIBCURL_VERSION "7.62.0-DEV" /* The numeric version number is also available "in parts" by using these defines: */ #define LIBCURL_VERSION_MAJOR 7 -#define LIBCURL_VERSION_MINOR 61 -#define LIBCURL_VERSION_PATCH 1 +#define LIBCURL_VERSION_MINOR 62 +#define LIBCURL_VERSION_PATCH 0 /* This is the numeric version of the libcurl version number, meant for easier parsing and comparions by programs. The LIBCURL_VERSION_NUM define will @@ -57,7 +57,7 @@ CURL_VERSION_BITS() macro since curl's own configure script greps for it and needs it to contain the full number. */ -#define LIBCURL_VERSION_NUM 0x073D01 +#define LIBCURL_VERSION_NUM 0x073E00 /* * This is the date and time when the full source package was created. The -- cgit v1.2.3