RELEASE-NOTES: start working on 7.62.0

RELEASE-NOTES

@@ -1,115 +1,18 @@
-Curl and libcurl 7.61.1
+Curl and libcurl 7.62.0
 
- Public curl releases:         176
+ Public curl releases:         177
  Command line options:         218
  curl_easy_setopt() options:   258
  Public functions in libcurl:  74
  Contributors:                 1787
 
+This release includes the following changes:
+
+ o
+
 This release includes the following bugfixes:
 
- o security advisory (CVE-2018-14618): NTLM password overflow via integer overflow [73]
+ o
- o CURLINFO_SIZE_UPLOAD: fix missing counter update [46]
- o CURLOPT_ACCEPT_ENCODING.3: list them comma-separated
- o CURLOPT_SSL_CTX_FUNCTION.3: might cause accidental connection reuse [72]
- o Curl_getoff_all_pipelines: improved for multiplexed [3]
- o DEPRECATE: remove release date from 7.62.0
- o HTTP: Don't attempt to needlessly decompress redirect body [30]
- o INTERNALS: require GnuTLS >= 2.11.3 [62]
- o README.md: add LGTM.com code quality grade for C/C++ [42]
- o SSLCERTS: improve the openssl command line
- o Silence GCC 8 cast-function-type warnings [47]
- o ares: check for NULL in completed-callback [3]
- o asyn-thread: Remove unused macro [40]
- o auth: only pick CURLAUTH_BEARER if we *have* a Bearer token [15]
- o auth: pick Bearer authentication whenever a token is available [15]
- o cmake: CMake config files are defining CURL_STATICLIB for static builds [54]
- o cmake: Respect BUILD_SHARED_LIBS [35]
- o cmake: Update scripts to use consistent style [9]
- o cmake: bumped minimum version to 3.4 [34]
- o cmake: link curl to the OpenSSL targets instead of lib absolute paths [34]
- o configure: conditionally enable pedantic-errors [64]
- o configure: fix for -lpthread detection with OpenSSL and pkg-config [38]
- o conn: remove the boolean 'inuse' field [3]
- o content_encoding: accept up to 4 unknown trailer bytes after raw deflate data [5]
- o cookie tests: treat files as text
- o cookies: support creation-time attribute for cookies [75]
- o curl: Fix segfault when -H @headerfile is empty [23]
- o curl: add http code 408 to transient list for --retry [78]
- o curl: fix time-of-check, time-of-use race in dir creation [71]
- o curl: use Content-Disposition before the "URL end" for -OJ [29]
- o curl: warn the user if a given file name looks like an option [56]
- o curl_threads: silence bad-function-cast warning [69]
- o darwinssl: add support for ALPN negotiation [7]
- o docs/CURLOPT_URL: fix indentation [20]
- o docs/CURLOPT_WRITEFUNCTION: size is always 1 [19]
- o docs/SECURITY-PROCESS: mention bounty, drop pre-notify
- o docs/examples: add hiperfifo example using linux epoll/timerfd [21]
- o docs: add disallow-username-in-url.d and haproxy-protocol.d to dist [50]
- o docs: clarify NO_PROXY env variable functionality [70]
- o docs: improved the manual pages of some callbacks [48]
- o docs: mention NULL is fine input to several functions [43]
- o formdata: Remove unused macro HTTPPOST_CONTENTTYPE_DEFAULT [40]
- o gopher: Do not translate `?' to `%09' [67]
- o header output: switch off all styles, not just unbold [8]
- o hostip: fix unused variable warning
- o http2: Use correct format identifier for stream_id [77]
- o http2: abort the send_callback if not setup yet [63]
- o http2: avoid set_stream_user_data() before stream is assigned [61]
- o http2: check nghttp2_session_set_stream_user_data return code [55]
- o http2: clear the drain counter in Curl_http2_done [27]
- o http2: make sure to send after RST_STREAM [58]
- o http2: separate easy handle from connections better [12]
- o http: fix for tiny "HTTP/0.9" response [51]
- o http_proxy: Remove unused macro SELECT_TIMEOUT [40]
- o lib/Makefile: only do symbol hiding if told to [32]
- o lib1502: fix memory leak in torture test [44]
- o lib1522: fix curl_easy_setopt argument type
- o libcurl-thread.3: expand somewhat on the NO_SIGNAL motivation [66]
- o mime: check Curl_rand_hex's return code [22]
- o multi: always do the COMPLETED procedure/state [3]
- o openssl: assume engine support in 1.0.0 or later [2]
- o openssl: fix debug messages [39]
- o projects: Improve Windows perl detection in batch scripts [49]
- o retry: return error if rewind was necessary but didn't happen [28]
- o reuse_conn(): memory leak - free old_conn->options [17]
- o schannel: client certificate store opening fix [68]
- o schannel: enable CALG_TLS1PRF for w32api >= 5.1
- o schannel: fix MinGW compile break [1]
- o sftp: don't send post-qoute sequence when retrying a connection [79]
- o smb: fix memory leak on early failure [26]
- o smb: fix memory-leak in URL parse error path [4]
- o smb_getsock: always wait for write socket too [11]
- o ssh-libssh: fix infinite connect loop on invalid private key [53]
- o ssh-libssh: reduce excessive verbose output about pubkey auth [53]
- o ssh-libssh: use FALLTHROUGH to silence gcc8 [76]
- o ssl: set engine implicitly when a PKCS#11 URI is provided [36]
- o sws: handle EINTR when calling select() [24]
- o system_win32: fix version checking [16]
- o telnet: Remove unused macros TELOPTS and TELCMDS [40]
- o test1143: disable MSYS2's POSIX path conversion [10]
- o test1148: disable if decimal separator is not point [65]
- o test1307: (fnmatch testing) disabled [31]
- o test1422: add required file feature [6]
- o test1531: Add timeout [41]
- o test1540: Remove unused macro TEST_HANG_TIMEOUT [40]
- o test214: disable MSYS2's POSIX path conversion for URL
- o test320: treat curl320.out file as binary [14]
- o tests/http_pipe.py: Use /usr/bin/env to find python
- o tests: Don't use Windows path %PWD for SSH tests [74]
- o tests: fixes for Windows line endlings [13]
- o tool_operate: Fix setting proxy TLS 1.3 ciphers
- o travis: build darwinssl on macos 10.12 to fix linker errors [33]
- o travis: execute "set -eo pipefail" for coverage build [45]
- o travis: run a 'make checksrc' too [25]
- o travis: update to GCC-8 [52]
- o travis: verify that man pages can be regenerated [50]
- o upload: allocate upload buffer on-demand [60]
- o upload: change default UPLOAD_BUFSIZE to 64KB [60]
- o urldata: remove unused pipe_broke struct field [57]
- o vtls: reinstantiate engine on duplicated handles [59]
- o windows: implement send buffer tuning [37]
- o wolfSSL/CyaSSL: Fix memory leak in Curl_cyassl_random [18]
 
 This release includes the following known bugs:
 
@@ -118,99 +21,9 @@ This release includes the following known bugs:
 This release would not have looked like this without help, code, reports and
 advice from friends like these:
 
-  adnn on github, Anderson Toshiyuki Sasaki, Andrei Virtosu, Anton Gerasimov,
-  Bas van Schaik, Carie Pointer, Christopher Head, clbr on github,
-  Dan Fandrich, Daniel Gustafsson, Daniel Jeliński, Daniel Stenberg,
-  Darío Hereñú, Even Rouault, Harry Sintonen, Ihor Karpenko, Jakub Zakrzewski,
-  Jeffrey Walton, Jeroen Ooms, Johannes Schindelin, John Butterfield,
-  Josh Bialkowski, Kamil Dudka, Kirill Marchuk, Laurent Bonnans,
-  Leonardo Taccari, Marcel Raad, Markus Elfring, Michael Kaufmann,
-  Nick Zitzmann, Nikos Mavrogiannopoulos, Patrick Monnerat, Paul Howarth,
-  Przemysław Tomaszewski, pszemus on github, Ran Mozes, Ray Satiro,
-  Rikard Falkeborn, Rodger Combs, Ruslan Baratov, Sergei Nikulov,
-  Thomas Klausner, Tobias Blomberg, Viktor Szakats, Zero King, Zhaoyang Wu,
-  (46 contributors)
   
         Thanks! (and sorry if I forgot to mention someone)
 
 References to bug reports and discussions on issues:
 
- [1] = https://github.com/curl/curl/pull/2721#issuecomment-403636043
+ [1] = https://curl.haxx.se/bug/?i=
- [2] = https://curl.haxx.se/bug/?i=2732
- [3] = https://curl.haxx.se/bug/?i=2733
- [4] = https://curl.haxx.se/bug/?i=2740
- [5] = https://curl.haxx.se/bug/?i=2719
- [6] = https://curl.haxx.se/bug/?i=2741
- [7] = https://curl.haxx.se/bug/?i=2731
- [8] = https://curl.haxx.se/bug/?i=2736
- [9] = https://curl.haxx.se/bug/?i=2727
- [10] = https://curl.haxx.se/bug/?i=2765
- [11] = https://curl.haxx.se/bug/?i=2768
- [12] = https://curl.haxx.se/bug/?i=2751
- [13] = https://curl.haxx.se/bug/?i=2772
- [14] = https://curl.haxx.se/bug/?i=2776
- [15] = https://curl.haxx.se/bug/?i=2754
- [16] = https://curl.haxx.se/bug/?i=2792
- [17] = https://curl.haxx.se/bug/?i=2790
- [18] = https://curl.haxx.se/bug/?i=2784
- [19] = https://curl.haxx.se/bug/?i=2787
- [20] = https://curl.haxx.se/bug/?i=2788
- [21] = https://curl.haxx.se/bug/?i=2804
- [22] = https://curl.haxx.se/bug/?i=2795
- [23] = https://curl.haxx.se/bug/?i=2797
- [24] = https://curl.haxx.se/bug/?i=2808
- [25] = https://curl.haxx.se/bug/?i=2811
- [26] = https://curl.haxx.se/bug/?i=2769
- [27] = https://curl.haxx.se/bug/?i=2800
- [28] = https://curl.haxx.se/bug/?i=2801
- [29] = https://curl.haxx.se/bug/?i=2783
- [30] = https://curl.haxx.se/bug/?i=2798
- [31] = https://curl.haxx.se/bug/?i=2825
- [32] = https://curl.haxx.se/bug/?i=2830
- [33] = https://curl.haxx.se/bug/?i=2835
- [34] = https://curl.haxx.se/bug/?i=2753
- [35] = https://curl.haxx.se/bug/?i=2755
- [36] = https://curl.haxx.se/bug/?i=2333
- [37] = https://curl.haxx.se/mail/lib-2018-07/0080.html
- [38] = https://curl.haxx.se/bug/?i=2848
- [39] = https://curl.haxx.se/bug/?i=2806
- [40] = https://curl.haxx.se/bug/?i=2852
- [41] = https://curl.haxx.se/bug/?i=2853
- [42] = https://curl.haxx.se/bug/?i=2857
- [43] = https://curl.haxx.se/bug/?i=2837
- [44] = https://curl.haxx.se/bug/?i=2861
- [45] = https://curl.haxx.se/bug/?i=2862
- [46] = https://curl.haxx.se/bug/?i=2847
- [47] = https://curl.haxx.se/bug/?i=2860
- [48] = https://curl.haxx.se/bug/?i=2868
- [49] = https://curl.haxx.se/bug/?i=2865
- [50] = https://curl.haxx.se/bug/?i=2856
- [51] = https://curl.haxx.se/bug/?i=2420
- [52] = https://curl.haxx.se/bug/?i=2869
- [53] = https://curl.haxx.se/bug/?i=2879
- [54] = https://curl.haxx.se/bug/?i=2817
- [55] = https://curl.haxx.se/bug/?i=2880
- [56] = https://curl.haxx.se/bug/?i=2885
- [57] = https://curl.haxx.se/bug/?i=2871
- [58] = https://curl.haxx.se/bug/?i=2882
- [59] = https://curl.haxx.se/bug/?i=2829
- [60] = https://curl.haxx.se/bug/?i=2892
- [61] = https://curl.haxx.se/bug/?i=2894
- [62] = https://curl.haxx.se/bug/?i=2890
- [63] = https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10012
- [64] = https://curl.haxx.se/bug/?i=2747
- [65] = https://curl.haxx.se/bug/?i=2786
- [66] = https://curl.haxx.se/bug/?i=2904
- [67] = https://curl.haxx.se/bug/?i=2910
- [68] = https://curl.haxx.se/mail/lib-2018-08/0198.html
- [69] = https://curl.haxx.se/bug/?i=2908
- [70] = https://curl.haxx.se/bug/?i=2773
- [71] = https://curl.haxx.se/bug/?i=2739
- [72] = https://curl.haxx.se/bug/?i=2915
- [73] = https://curl.haxx.se/docs/CVE-2018-14618.html
- [74] = https://curl.haxx.se/bug/?i=2920
- [75] = https://curl.haxx.se/bug/?i=2524
- [76] = https://curl.haxx.se/bug/?i=2922
- [77] = https://curl.haxx.se/bug/?i=2928
- [78] = https://curl.haxx.se/bug/?i=2925
- [79] = https://curl.haxx.se/bug/?i=2939

include/curl/curlver.h

@@ -30,13 +30,13 @@
 
 /* This is the version number of the libcurl package from which this header
    file origins: */
-#define LIBCURL_VERSION "7.61.1-DEV"
+#define LIBCURL_VERSION "7.62.0-DEV"
 
 /* The numeric version number is also available "in parts" by using these
    defines: */
 #define LIBCURL_VERSION_MAJOR 7
-#define LIBCURL_VERSION_MINOR 61
+#define LIBCURL_VERSION_MINOR 62
-#define LIBCURL_VERSION_PATCH 1
+#define LIBCURL_VERSION_PATCH 0
 
 /* This is the numeric version of the libcurl version number, meant for easier
    parsing and comparions by programs. The LIBCURL_VERSION_NUM define will
@@ -57,7 +57,7 @@
    CURL_VERSION_BITS() macro since curl's own configure script greps for it
    and needs it to contain the full number.
 */
-#define LIBCURL_VERSION_NUM 0x073D01
+#define LIBCURL_VERSION_NUM 0x073E00
 
 /*
  * This is the date and time when the full source package was created. The