RELEASE-NOTES: 7.65.0 release

This commit is contained in:
Daniel Stenberg 2019-05-22 07:48:44 +02:00
parent adea6eddba
commit 885ce31401
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 44 additions and 11 deletions

View File

@ -14,6 +14,8 @@ This release includes the following changes:
This release includes the following bugfixes: This release includes the following bugfixes:
o CVE-2019-5435: Integer overflows in curl_url_set [87]
o CVE-2019-5436: tftp: use the current blksize for recvfrom() [82]
o --config: clarify that initial : and = might need quoting [17] o --config: clarify that initial : and = might need quoting [17]
o AppVeyor: enable testing for WinSSL build [23] o AppVeyor: enable testing for WinSSL build [23]
o CURLMOPT_TIMERFUNCTION.3: warn about the recursive risk [52] o CURLMOPT_TIMERFUNCTION.3: warn about the recursive risk [52]
@ -33,10 +35,11 @@ This release includes the following bugfixes:
o altsvc: Fix building with cookies disabled [38] o altsvc: Fix building with cookies disabled [38]
o auth: Rename the various authentication clean up functions [61] o auth: Rename the various authentication clean up functions [61]
o base64: build conditionally if there are users o base64: build conditionally if there are users
o build-openssl.bat: lots of improvements and polish o build-openssl.bat: Fixed support for OpenSSL v1.1.0+
o build: fix "clarify calculation precedence" warnings [63] o build: fix "clarify calculation precedence" warnings [63]
o checksrc.bat: ignore snprintf warnings in docs/examples [67] o checksrc.bat: ignore snprintf warnings in docs/examples [67]
o cirrus: Customize the disabled tests per FreeBSD version o cirrus: Customize the disabled tests per FreeBSD version
o cleanup: remove FIXME and TODO comments [81]
o cmake: avoid linking executable for some tests with cmake 3.6+ [18] o cmake: avoid linking executable for some tests with cmake 3.6+ [18]
o cmake: clear CMAKE_REQUIRED_LIBRARIES after each use [19] o cmake: clear CMAKE_REQUIRED_LIBRARIES after each use [19]
o cmake: rename CMAKE_USE_DARWINSSL to CMAKE_USE_SECTRANSP [46] o cmake: rename CMAKE_USE_DARWINSSL to CMAKE_USE_SECTRANSP [46]
@ -45,25 +48,34 @@ This release includes the following bugfixes:
o configure: error out if OpenSSL wasn't detected when asked for [74] o configure: error out if OpenSSL wasn't detected when asked for [74]
o configure: fix default location for fish completions [13] o configure: fix default location for fish completions [13]
o cookie: Guard against possible NULL ptr deref [42] o cookie: Guard against possible NULL ptr deref [42]
o curl: make code work with protocol-disabled libcurl [78]
o curl: report error for "--no-" on non-boolean options [86]
o curl_easy_getinfo.3: fix minor formatting mistake o curl_easy_getinfo.3: fix minor formatting mistake
o curlver.h: use parenthesis in CURL_VERSION_BITS macro [45] o curlver.h: use parenthesis in CURL_VERSION_BITS macro [45]
o docs/BUG-BOUNTY: bug bounty time [48] o docs/BUG-BOUNTY: bug bounty time [48]
o docs/INSTALL: fix broken link [62] o docs/INSTALL: fix broken link [62]
o docs/RELEASE-PROCEDURE: link to live iCalendar [79]
o documentation: Fix several typos [7] o documentation: Fix several typos [7]
o doh: acknowledge CURL_DISABLE_DOH o doh: acknowledge CURL_DISABLE_DOH
o doh: disable DOH for the cases it doesn't work [66] o doh: disable DOH for the cases it doesn't work [66]
o examples: remove unused variables [88]
o ftplistparser: fix LGTM alert "Empty block without comment" [14] o ftplistparser: fix LGTM alert "Empty block without comment" [14]
o hostip: acknowledge CURL_DISABLE_SHUFFLE_DNS [78]
o http: Ignore HTTP/2 prior knowledge setting for HTTP proxies [54] o http: Ignore HTTP/2 prior knowledge setting for HTTP proxies [54]
o http: acknowledge CURL_DISABLE_HTTP_AUTH o http: acknowledge CURL_DISABLE_HTTP_AUTH
o http: mark bundle as not for multiuse on < HTTP/2 response [41] o http: mark bundle as not for multiuse on < HTTP/2 response [41]
o http_digest: Don't expose functions when HTTP and Crypto Auth are disabled [65] o http_digest: Don't expose functions when HTTP and Crypto Auth are disabled [65]
o http_negotiate: do not treat failure of gss_init_sec_context() as fatal [53] o http_negotiate: do not treat failure of gss_init_sec_context() as fatal [53]
o http_ntlm: Corrected the name of the include guard [64] o http_ntlm: Corrected the name of the include guard [64]
o http_ntlm_wb: Handle auth for only a single request [77]
o http_ntlm_wb: Return the correct error on receiving an empty auth message [77]
o lib509: add missing include for strdup [22] o lib509: add missing include for strdup [22]
o lib557: initialize variables [22] o lib557: initialize variables [22]
o makedebug: Fix ERRORLEVEL detection after running where.exe [58] o makedebug: Fix ERRORLEVEL detection after running where.exe [58]
o mbedtls: enable use of EC keys [85]
o mime: acknowledge CURL_DISABLE_MIME o mime: acknowledge CURL_DISABLE_MIME
o multi: improved HTTP_1_1_REQUIRED handling [2] o multi: improved HTTP_1_1_REQUIRED handling [2]
o netrc: acknowledge CURL_DISABLE_NETRC [78]
o nss: allow fifos and character devices for certificates [56] o nss: allow fifos and character devices for certificates [56]
o nss: provide more specific error messages on failed init [43] o nss: provide more specific error messages on failed init [43]
o ntlm: Fix misaligned function comments for Curl_auth_ntlm_cleanup [70] o ntlm: Fix misaligned function comments for Curl_auth_ntlm_cleanup [70]
@ -75,6 +87,7 @@ This release includes the following bugfixes:
o parsedate: disabled on CURL_DISABLE_PARSEDATE o parsedate: disabled on CURL_DISABLE_PARSEDATE
o pingpong: disable more when no pingpong protocols are enabled o pingpong: disable more when no pingpong protocols are enabled
o polarssl_threadlock: remove conditionally unused code [22] o polarssl_threadlock: remove conditionally unused code [22]
o progress: acknowledge CURL_DISABLE_PROGRESS_METER [78]
o proxy: acknowledge DISABLE_PROXY more o proxy: acknowledge DISABLE_PROXY more
o resolve: apply Happy Eyeballs philosophy to parallel c-ares queries [3] o resolve: apply Happy Eyeballs philosophy to parallel c-ares queries [3]
o revert "multi: support verbose conncache closure handle" [69] o revert "multi: support verbose conncache closure handle" [69]
@ -87,22 +100,28 @@ This release includes the following bugfixes:
o socks: fix error message o socks: fix error message
o socksd: new SOCKS 4+5 server for tests [31] o socksd: new SOCKS 4+5 server for tests [31]
o spnego_gssapi: fix return code on gss_init_sec_context() failure [53] o spnego_gssapi: fix return code on gss_init_sec_context() failure [53]
o ssh-libssh: remove unused variable [83]
o ssh: define USE_SSH if SSH is enabled (any backend) [57] o ssh: define USE_SSH if SSH is enabled (any backend) [57]
o ssh: move variable declaration to where it's used [83]
o test1002: correct the name o test1002: correct the name
o test2100: Fix typos in test description o test2100: Fix typos in test description
o tests/server/util: fix Windows Unicode build [21] o tests/server/util: fix Windows Unicode build [21]
o tests: Run global cleanup at end of tests [29] o tests: Run global cleanup at end of tests [29]
o tests: make Impacket (SMB server) Python 3 compatible [11] o tests: make Impacket (SMB server) Python 3 compatible [11]
o tool_cb_wrt: fix bad-function-cast warning [5] o tool_cb_wrt: fix bad-function-cast warning [5]
o tool_formparse: remove redundant assignment [83]
o tool_help: Warn if curl and libcurl versions do not match [28] o tool_help: Warn if curl and libcurl versions do not match [28]
o tool_help: include <strings.h> for strcasecmp [4] o tool_help: include <strings.h> for strcasecmp [4]
o transfer: fix LGTM alert "Comparison is always true" [14] o transfer: fix LGTM alert "Comparison is always true" [14]
o travis: add an osx http-only build [80]
o travis: allow builds on branches named "ci" o travis: allow builds on branches named "ci"
o travis: install dependencies only when needed [24] o travis: install dependencies only when needed [24]
o travis: update some builds do Xenial [30] o travis: update some builds do Xenial [30]
o travis: updated mesalink builds [35] o travis: updated mesalink builds [35]
o url: always clone the CUROPT_CURLU handle [26] o url: always clone the CUROPT_CURLU handle [26]
o url: convert the zone id from a IPv6 URL to correct scope id [89]
o urlapi: add CURLUPART_ZONEID to set and get [59] o urlapi: add CURLUPART_ZONEID to set and get [59]
o urlapi: increase supported scheme length to 40 bytes [84]
o urlapi: require a non-zero host name length when parsing URL [73] o urlapi: require a non-zero host name length when parsing URL [73]
o urlapi: stricter CURLUPART_PORT parsing [33] o urlapi: stricter CURLUPART_PORT parsing [33]
o urlapi: strip off zone id from numerical IPv6 addresses [49] o urlapi: strip off zone id from numerical IPv6 addresses [49]
@ -124,16 +143,17 @@ advice from friends like these:
Aron Bergman, Brad Spencer, cclauss on github, Dan Fandrich, Aron Bergman, Brad Spencer, cclauss on github, Dan Fandrich,
Daniel Gustafsson, Daniel Stenberg, Eli Schwartz, Even Rouault, Daniel Gustafsson, Daniel Stenberg, Eli Schwartz, Even Rouault,
Frank Gevaerts, Gisle Vanem, Isaiah Norton, Jakub Zakrzewski, Jan Ehrhardt, Frank Gevaerts, Gisle Vanem, GitYuanQu on github, Guy Poizat, Isaiah Norton,
Jeroen Ooms, Jonathan Cardoso Machado, Jonathan Moerman, Jakub Zakrzewski, Jan Ehrhardt, Jeroen Ooms, Jonathan Cardoso Machado,
Joombalaya on github, Kamil Dudka, Kristoffer Gleditsch, l00p3r on Hackerone, Jonathan Moerman, Joombalaya on github, Kamil Dudka, Kristoffer Gleditsch,
Leonardo Taccari, Marcel Raad, Mert Yazıcıoğlu, nevv on HackerOne/curl, l00p3r on hackerone, Leonardo Taccari, Marcel Raad, Mert Yazıcıoğlu,
niner on github, Paolo Mossino, Patrick Monnerat, Po-Chuan Hsieh, nevv on HackerOne/curl, niner on github, Olen Andoni, Omar Ramadan,
Poul T Lomholt, Ray Satiro, Reed Loden, Ricardo Gomes, Ricky Leverence, Paolo Mossino, Patrick Monnerat, Po-Chuan Hsieh, Poul T Lomholt, Ray Satiro,
Rikard Falkeborn, Roy Bellingan, Simon Warta, Steve Holme, Taiyu Len, Reed Loden, Ricardo Gomes, Ricky Leverence, Rikard Falkeborn, Roy Bellingan,
Tim Rühsen, Tom van der Woerdt, Tseng Jun, Viktor Szakats, Wenchao Li, Simon Warta, Steve Holme, Taiyu Len, Tim Rühsen, Tom van der Woerdt,
Wyatt O'Day, XmiliaH on github, Yiming Jing, Tseng Jun, Viktor Szakats, Wenchao Li, Wyatt O'Day, XmiliaH on github,
(46 contributors) Yiming Jing,
(50 contributors)
Thanks! (and sorry if I forgot to mention someone) Thanks! (and sorry if I forgot to mention someone)
@ -215,3 +235,16 @@ References to bug reports and discussions on issues:
[74] = https://curl.haxx.se/bug/?i=3824 [74] = https://curl.haxx.se/bug/?i=3824
[75] = https://curl.haxx.se/bug/?i=3711 [75] = https://curl.haxx.se/bug/?i=3711
[76] = https://curl.haxx.se/bug/?i=3863 [76] = https://curl.haxx.se/bug/?i=3863
[77] = https://curl.haxx.se/bug/?i=3894
[78] = https://curl.haxx.se/bug/?i=3844
[79] = https://curl.haxx.se/bug/?i=3895
[80] = https://curl.haxx.se/bug/?i=3887
[81] = https://curl.haxx.se/bug/?i=3876
[82] = https://curl.haxx.se/docs/CVE-2019-5436.html
[83] = https://curl.haxx.se/bug/?i=3873
[84] = https://curl.haxx.se/bug/?i=3905
[85] = https://curl.haxx.se/bug/?i=3892
[86] = https://curl.haxx.se/bug/?i=3906
[87] = https://curl.haxx.se/docs/CVE-2019-5435.html
[88] = https://curl.haxx.se/bug/?i=3908
[89] = https://curl.haxx.se/bug/?i=3902