mirror of https://github.com/moparisthebest/curl
RELEASE-NOTES: 7.65.0 release
This commit is contained in:
parent
adea6eddba
commit
885ce31401
|
@ -14,6 +14,8 @@ This release includes the following changes:
|
||||||
|
|
||||||
This release includes the following bugfixes:
|
This release includes the following bugfixes:
|
||||||
|
|
||||||
|
o CVE-2019-5435: Integer overflows in curl_url_set [87]
|
||||||
|
o CVE-2019-5436: tftp: use the current blksize for recvfrom() [82]
|
||||||
o --config: clarify that initial : and = might need quoting [17]
|
o --config: clarify that initial : and = might need quoting [17]
|
||||||
o AppVeyor: enable testing for WinSSL build [23]
|
o AppVeyor: enable testing for WinSSL build [23]
|
||||||
o CURLMOPT_TIMERFUNCTION.3: warn about the recursive risk [52]
|
o CURLMOPT_TIMERFUNCTION.3: warn about the recursive risk [52]
|
||||||
|
@ -33,10 +35,11 @@ This release includes the following bugfixes:
|
||||||
o altsvc: Fix building with cookies disabled [38]
|
o altsvc: Fix building with cookies disabled [38]
|
||||||
o auth: Rename the various authentication clean up functions [61]
|
o auth: Rename the various authentication clean up functions [61]
|
||||||
o base64: build conditionally if there are users
|
o base64: build conditionally if there are users
|
||||||
o build-openssl.bat: lots of improvements and polish
|
o build-openssl.bat: Fixed support for OpenSSL v1.1.0+
|
||||||
o build: fix "clarify calculation precedence" warnings [63]
|
o build: fix "clarify calculation precedence" warnings [63]
|
||||||
o checksrc.bat: ignore snprintf warnings in docs/examples [67]
|
o checksrc.bat: ignore snprintf warnings in docs/examples [67]
|
||||||
o cirrus: Customize the disabled tests per FreeBSD version
|
o cirrus: Customize the disabled tests per FreeBSD version
|
||||||
|
o cleanup: remove FIXME and TODO comments [81]
|
||||||
o cmake: avoid linking executable for some tests with cmake 3.6+ [18]
|
o cmake: avoid linking executable for some tests with cmake 3.6+ [18]
|
||||||
o cmake: clear CMAKE_REQUIRED_LIBRARIES after each use [19]
|
o cmake: clear CMAKE_REQUIRED_LIBRARIES after each use [19]
|
||||||
o cmake: rename CMAKE_USE_DARWINSSL to CMAKE_USE_SECTRANSP [46]
|
o cmake: rename CMAKE_USE_DARWINSSL to CMAKE_USE_SECTRANSP [46]
|
||||||
|
@ -45,25 +48,34 @@ This release includes the following bugfixes:
|
||||||
o configure: error out if OpenSSL wasn't detected when asked for [74]
|
o configure: error out if OpenSSL wasn't detected when asked for [74]
|
||||||
o configure: fix default location for fish completions [13]
|
o configure: fix default location for fish completions [13]
|
||||||
o cookie: Guard against possible NULL ptr deref [42]
|
o cookie: Guard against possible NULL ptr deref [42]
|
||||||
|
o curl: make code work with protocol-disabled libcurl [78]
|
||||||
|
o curl: report error for "--no-" on non-boolean options [86]
|
||||||
o curl_easy_getinfo.3: fix minor formatting mistake
|
o curl_easy_getinfo.3: fix minor formatting mistake
|
||||||
o curlver.h: use parenthesis in CURL_VERSION_BITS macro [45]
|
o curlver.h: use parenthesis in CURL_VERSION_BITS macro [45]
|
||||||
o docs/BUG-BOUNTY: bug bounty time [48]
|
o docs/BUG-BOUNTY: bug bounty time [48]
|
||||||
o docs/INSTALL: fix broken link [62]
|
o docs/INSTALL: fix broken link [62]
|
||||||
|
o docs/RELEASE-PROCEDURE: link to live iCalendar [79]
|
||||||
o documentation: Fix several typos [7]
|
o documentation: Fix several typos [7]
|
||||||
o doh: acknowledge CURL_DISABLE_DOH
|
o doh: acknowledge CURL_DISABLE_DOH
|
||||||
o doh: disable DOH for the cases it doesn't work [66]
|
o doh: disable DOH for the cases it doesn't work [66]
|
||||||
|
o examples: remove unused variables [88]
|
||||||
o ftplistparser: fix LGTM alert "Empty block without comment" [14]
|
o ftplistparser: fix LGTM alert "Empty block without comment" [14]
|
||||||
|
o hostip: acknowledge CURL_DISABLE_SHUFFLE_DNS [78]
|
||||||
o http: Ignore HTTP/2 prior knowledge setting for HTTP proxies [54]
|
o http: Ignore HTTP/2 prior knowledge setting for HTTP proxies [54]
|
||||||
o http: acknowledge CURL_DISABLE_HTTP_AUTH
|
o http: acknowledge CURL_DISABLE_HTTP_AUTH
|
||||||
o http: mark bundle as not for multiuse on < HTTP/2 response [41]
|
o http: mark bundle as not for multiuse on < HTTP/2 response [41]
|
||||||
o http_digest: Don't expose functions when HTTP and Crypto Auth are disabled [65]
|
o http_digest: Don't expose functions when HTTP and Crypto Auth are disabled [65]
|
||||||
o http_negotiate: do not treat failure of gss_init_sec_context() as fatal [53]
|
o http_negotiate: do not treat failure of gss_init_sec_context() as fatal [53]
|
||||||
o http_ntlm: Corrected the name of the include guard [64]
|
o http_ntlm: Corrected the name of the include guard [64]
|
||||||
|
o http_ntlm_wb: Handle auth for only a single request [77]
|
||||||
|
o http_ntlm_wb: Return the correct error on receiving an empty auth message [77]
|
||||||
o lib509: add missing include for strdup [22]
|
o lib509: add missing include for strdup [22]
|
||||||
o lib557: initialize variables [22]
|
o lib557: initialize variables [22]
|
||||||
o makedebug: Fix ERRORLEVEL detection after running where.exe [58]
|
o makedebug: Fix ERRORLEVEL detection after running where.exe [58]
|
||||||
|
o mbedtls: enable use of EC keys [85]
|
||||||
o mime: acknowledge CURL_DISABLE_MIME
|
o mime: acknowledge CURL_DISABLE_MIME
|
||||||
o multi: improved HTTP_1_1_REQUIRED handling [2]
|
o multi: improved HTTP_1_1_REQUIRED handling [2]
|
||||||
|
o netrc: acknowledge CURL_DISABLE_NETRC [78]
|
||||||
o nss: allow fifos and character devices for certificates [56]
|
o nss: allow fifos and character devices for certificates [56]
|
||||||
o nss: provide more specific error messages on failed init [43]
|
o nss: provide more specific error messages on failed init [43]
|
||||||
o ntlm: Fix misaligned function comments for Curl_auth_ntlm_cleanup [70]
|
o ntlm: Fix misaligned function comments for Curl_auth_ntlm_cleanup [70]
|
||||||
|
@ -75,6 +87,7 @@ This release includes the following bugfixes:
|
||||||
o parsedate: disabled on CURL_DISABLE_PARSEDATE
|
o parsedate: disabled on CURL_DISABLE_PARSEDATE
|
||||||
o pingpong: disable more when no pingpong protocols are enabled
|
o pingpong: disable more when no pingpong protocols are enabled
|
||||||
o polarssl_threadlock: remove conditionally unused code [22]
|
o polarssl_threadlock: remove conditionally unused code [22]
|
||||||
|
o progress: acknowledge CURL_DISABLE_PROGRESS_METER [78]
|
||||||
o proxy: acknowledge DISABLE_PROXY more
|
o proxy: acknowledge DISABLE_PROXY more
|
||||||
o resolve: apply Happy Eyeballs philosophy to parallel c-ares queries [3]
|
o resolve: apply Happy Eyeballs philosophy to parallel c-ares queries [3]
|
||||||
o revert "multi: support verbose conncache closure handle" [69]
|
o revert "multi: support verbose conncache closure handle" [69]
|
||||||
|
@ -87,22 +100,28 @@ This release includes the following bugfixes:
|
||||||
o socks: fix error message
|
o socks: fix error message
|
||||||
o socksd: new SOCKS 4+5 server for tests [31]
|
o socksd: new SOCKS 4+5 server for tests [31]
|
||||||
o spnego_gssapi: fix return code on gss_init_sec_context() failure [53]
|
o spnego_gssapi: fix return code on gss_init_sec_context() failure [53]
|
||||||
|
o ssh-libssh: remove unused variable [83]
|
||||||
o ssh: define USE_SSH if SSH is enabled (any backend) [57]
|
o ssh: define USE_SSH if SSH is enabled (any backend) [57]
|
||||||
|
o ssh: move variable declaration to where it's used [83]
|
||||||
o test1002: correct the name
|
o test1002: correct the name
|
||||||
o test2100: Fix typos in test description
|
o test2100: Fix typos in test description
|
||||||
o tests/server/util: fix Windows Unicode build [21]
|
o tests/server/util: fix Windows Unicode build [21]
|
||||||
o tests: Run global cleanup at end of tests [29]
|
o tests: Run global cleanup at end of tests [29]
|
||||||
o tests: make Impacket (SMB server) Python 3 compatible [11]
|
o tests: make Impacket (SMB server) Python 3 compatible [11]
|
||||||
o tool_cb_wrt: fix bad-function-cast warning [5]
|
o tool_cb_wrt: fix bad-function-cast warning [5]
|
||||||
|
o tool_formparse: remove redundant assignment [83]
|
||||||
o tool_help: Warn if curl and libcurl versions do not match [28]
|
o tool_help: Warn if curl and libcurl versions do not match [28]
|
||||||
o tool_help: include <strings.h> for strcasecmp [4]
|
o tool_help: include <strings.h> for strcasecmp [4]
|
||||||
o transfer: fix LGTM alert "Comparison is always true" [14]
|
o transfer: fix LGTM alert "Comparison is always true" [14]
|
||||||
|
o travis: add an osx http-only build [80]
|
||||||
o travis: allow builds on branches named "ci"
|
o travis: allow builds on branches named "ci"
|
||||||
o travis: install dependencies only when needed [24]
|
o travis: install dependencies only when needed [24]
|
||||||
o travis: update some builds do Xenial [30]
|
o travis: update some builds do Xenial [30]
|
||||||
o travis: updated mesalink builds [35]
|
o travis: updated mesalink builds [35]
|
||||||
o url: always clone the CUROPT_CURLU handle [26]
|
o url: always clone the CUROPT_CURLU handle [26]
|
||||||
|
o url: convert the zone id from a IPv6 URL to correct scope id [89]
|
||||||
o urlapi: add CURLUPART_ZONEID to set and get [59]
|
o urlapi: add CURLUPART_ZONEID to set and get [59]
|
||||||
|
o urlapi: increase supported scheme length to 40 bytes [84]
|
||||||
o urlapi: require a non-zero host name length when parsing URL [73]
|
o urlapi: require a non-zero host name length when parsing URL [73]
|
||||||
o urlapi: stricter CURLUPART_PORT parsing [33]
|
o urlapi: stricter CURLUPART_PORT parsing [33]
|
||||||
o urlapi: strip off zone id from numerical IPv6 addresses [49]
|
o urlapi: strip off zone id from numerical IPv6 addresses [49]
|
||||||
|
@ -124,16 +143,17 @@ advice from friends like these:
|
||||||
|
|
||||||
Aron Bergman, Brad Spencer, cclauss on github, Dan Fandrich,
|
Aron Bergman, Brad Spencer, cclauss on github, Dan Fandrich,
|
||||||
Daniel Gustafsson, Daniel Stenberg, Eli Schwartz, Even Rouault,
|
Daniel Gustafsson, Daniel Stenberg, Eli Schwartz, Even Rouault,
|
||||||
Frank Gevaerts, Gisle Vanem, Isaiah Norton, Jakub Zakrzewski, Jan Ehrhardt,
|
Frank Gevaerts, Gisle Vanem, GitYuanQu on github, Guy Poizat, Isaiah Norton,
|
||||||
Jeroen Ooms, Jonathan Cardoso Machado, Jonathan Moerman,
|
Jakub Zakrzewski, Jan Ehrhardt, Jeroen Ooms, Jonathan Cardoso Machado,
|
||||||
Joombalaya on github, Kamil Dudka, Kristoffer Gleditsch, l00p3r on Hackerone,
|
Jonathan Moerman, Joombalaya on github, Kamil Dudka, Kristoffer Gleditsch,
|
||||||
Leonardo Taccari, Marcel Raad, Mert Yazıcıoğlu, nevv on HackerOne/curl,
|
l00p3r on hackerone, Leonardo Taccari, Marcel Raad, Mert Yazıcıoğlu,
|
||||||
niner on github, Paolo Mossino, Patrick Monnerat, Po-Chuan Hsieh,
|
nevv on HackerOne/curl, niner on github, Olen Andoni, Omar Ramadan,
|
||||||
Poul T Lomholt, Ray Satiro, Reed Loden, Ricardo Gomes, Ricky Leverence,
|
Paolo Mossino, Patrick Monnerat, Po-Chuan Hsieh, Poul T Lomholt, Ray Satiro,
|
||||||
Rikard Falkeborn, Roy Bellingan, Simon Warta, Steve Holme, Taiyu Len,
|
Reed Loden, Ricardo Gomes, Ricky Leverence, Rikard Falkeborn, Roy Bellingan,
|
||||||
Tim Rühsen, Tom van der Woerdt, Tseng Jun, Viktor Szakats, Wenchao Li,
|
Simon Warta, Steve Holme, Taiyu Len, Tim Rühsen, Tom van der Woerdt,
|
||||||
Wyatt O'Day, XmiliaH on github, Yiming Jing,
|
Tseng Jun, Viktor Szakats, Wenchao Li, Wyatt O'Day, XmiliaH on github,
|
||||||
(46 contributors)
|
Yiming Jing,
|
||||||
|
(50 contributors)
|
||||||
|
|
||||||
Thanks! (and sorry if I forgot to mention someone)
|
Thanks! (and sorry if I forgot to mention someone)
|
||||||
|
|
||||||
|
@ -215,3 +235,16 @@ References to bug reports and discussions on issues:
|
||||||
[74] = https://curl.haxx.se/bug/?i=3824
|
[74] = https://curl.haxx.se/bug/?i=3824
|
||||||
[75] = https://curl.haxx.se/bug/?i=3711
|
[75] = https://curl.haxx.se/bug/?i=3711
|
||||||
[76] = https://curl.haxx.se/bug/?i=3863
|
[76] = https://curl.haxx.se/bug/?i=3863
|
||||||
|
[77] = https://curl.haxx.se/bug/?i=3894
|
||||||
|
[78] = https://curl.haxx.se/bug/?i=3844
|
||||||
|
[79] = https://curl.haxx.se/bug/?i=3895
|
||||||
|
[80] = https://curl.haxx.se/bug/?i=3887
|
||||||
|
[81] = https://curl.haxx.se/bug/?i=3876
|
||||||
|
[82] = https://curl.haxx.se/docs/CVE-2019-5436.html
|
||||||
|
[83] = https://curl.haxx.se/bug/?i=3873
|
||||||
|
[84] = https://curl.haxx.se/bug/?i=3905
|
||||||
|
[85] = https://curl.haxx.se/bug/?i=3892
|
||||||
|
[86] = https://curl.haxx.se/bug/?i=3906
|
||||||
|
[87] = https://curl.haxx.se/docs/CVE-2019-5435.html
|
||||||
|
[88] = https://curl.haxx.se/bug/?i=3908
|
||||||
|
[89] = https://curl.haxx.se/bug/?i=3902
|
||||||
|
|
Loading…
Reference in New Issue