mirror of
https://github.com/moparisthebest/curl
synced 2024-11-10 11:35:07 -05:00
217 lines
10 KiB
Plaintext
217 lines
10 KiB
Plaintext
Curl and libcurl 7.61.1
|
|
|
|
Public curl releases: 176
|
|
Command line options: 218
|
|
curl_easy_setopt() options: 258
|
|
Public functions in libcurl: 74
|
|
Contributors: 1787
|
|
|
|
This release includes the following bugfixes:
|
|
|
|
o security advisory (CVE-2018-14618): NTLM password overflow via integer overflow [73]
|
|
o CURLINFO_SIZE_UPLOAD: fix missing counter update [46]
|
|
o CURLOPT_ACCEPT_ENCODING.3: list them comma-separated
|
|
o CURLOPT_SSL_CTX_FUNCTION.3: might cause accidental connection reuse [72]
|
|
o Curl_getoff_all_pipelines: improved for multiplexed [3]
|
|
o DEPRECATE: remove release date from 7.62.0
|
|
o HTTP: Don't attempt to needlessly decompress redirect body [30]
|
|
o INTERNALS: require GnuTLS >= 2.11.3 [62]
|
|
o README.md: add LGTM.com code quality grade for C/C++ [42]
|
|
o SSLCERTS: improve the openssl command line
|
|
o Silence GCC 8 cast-function-type warnings [47]
|
|
o ares: check for NULL in completed-callback [3]
|
|
o asyn-thread: Remove unused macro [40]
|
|
o auth: only pick CURLAUTH_BEARER if we *have* a Bearer token [15]
|
|
o auth: pick Bearer authentication whenever a token is available [15]
|
|
o cmake: CMake config files are defining CURL_STATICLIB for static builds [54]
|
|
o cmake: Respect BUILD_SHARED_LIBS [35]
|
|
o cmake: Update scripts to use consistent style [9]
|
|
o cmake: bumped minimum version to 3.4 [34]
|
|
o cmake: link curl to the OpenSSL targets instead of lib absolute paths [34]
|
|
o configure: conditionally enable pedantic-errors [64]
|
|
o configure: fix for -lpthread detection with OpenSSL and pkg-config [38]
|
|
o conn: remove the boolean 'inuse' field [3]
|
|
o content_encoding: accept up to 4 unknown trailer bytes after raw deflate data [5]
|
|
o cookie tests: treat files as text
|
|
o cookies: support creation-time attribute for cookies [75]
|
|
o curl: Fix segfault when -H @headerfile is empty [23]
|
|
o curl: add http code 408 to transient list for --retry [78]
|
|
o curl: fix time-of-check, time-of-use race in dir creation [71]
|
|
o curl: use Content-Disposition before the "URL end" for -OJ [29]
|
|
o curl: warn the user if a given file name looks like an option [56]
|
|
o curl_threads: silence bad-function-cast warning [69]
|
|
o darwinssl: add support for ALPN negotiation [7]
|
|
o docs/CURLOPT_URL: fix indentation [20]
|
|
o docs/CURLOPT_WRITEFUNCTION: size is always 1 [19]
|
|
o docs/SECURITY-PROCESS: mention bounty, drop pre-notify
|
|
o docs/examples: add hiperfifo example using linux epoll/timerfd [21]
|
|
o docs: add disallow-username-in-url.d and haproxy-protocol.d to dist [50]
|
|
o docs: clarify NO_PROXY env variable functionality [70]
|
|
o docs: improved the manual pages of some callbacks [48]
|
|
o docs: mention NULL is fine input to several functions [43]
|
|
o formdata: Remove unused macro HTTPPOST_CONTENTTYPE_DEFAULT [40]
|
|
o gopher: Do not translate `?' to `%09' [67]
|
|
o header output: switch off all styles, not just unbold [8]
|
|
o hostip: fix unused variable warning
|
|
o http2: Use correct format identifier for stream_id [77]
|
|
o http2: abort the send_callback if not setup yet [63]
|
|
o http2: avoid set_stream_user_data() before stream is assigned [61]
|
|
o http2: check nghttp2_session_set_stream_user_data return code [55]
|
|
o http2: clear the drain counter in Curl_http2_done [27]
|
|
o http2: make sure to send after RST_STREAM [58]
|
|
o http2: separate easy handle from connections better [12]
|
|
o http: fix for tiny "HTTP/0.9" response [51]
|
|
o http_proxy: Remove unused macro SELECT_TIMEOUT [40]
|
|
o lib/Makefile: only do symbol hiding if told to [32]
|
|
o lib1502: fix memory leak in torture test [44]
|
|
o lib1522: fix curl_easy_setopt argument type
|
|
o libcurl-thread.3: expand somewhat on the NO_SIGNAL motivation [66]
|
|
o mime: check Curl_rand_hex's return code [22]
|
|
o multi: always do the COMPLETED procedure/state [3]
|
|
o openssl: assume engine support in 1.0.0 or later [2]
|
|
o openssl: fix debug messages [39]
|
|
o projects: Improve Windows perl detection in batch scripts [49]
|
|
o retry: return error if rewind was necessary but didn't happen [28]
|
|
o reuse_conn(): memory leak - free old_conn->options [17]
|
|
o schannel: client certificate store opening fix [68]
|
|
o schannel: enable CALG_TLS1PRF for w32api >= 5.1
|
|
o schannel: fix MinGW compile break [1]
|
|
o sftp: don't send post-qoute sequence when retrying a connection [79]
|
|
o smb: fix memory leak on early failure [26]
|
|
o smb: fix memory-leak in URL parse error path [4]
|
|
o smb_getsock: always wait for write socket too [11]
|
|
o ssh-libssh: fix infinite connect loop on invalid private key [53]
|
|
o ssh-libssh: reduce excessive verbose output about pubkey auth [53]
|
|
o ssh-libssh: use FALLTHROUGH to silence gcc8 [76]
|
|
o ssl: set engine implicitly when a PKCS#11 URI is provided [36]
|
|
o sws: handle EINTR when calling select() [24]
|
|
o system_win32: fix version checking [16]
|
|
o telnet: Remove unused macros TELOPTS and TELCMDS [40]
|
|
o test1143: disable MSYS2's POSIX path conversion [10]
|
|
o test1148: disable if decimal separator is not point [65]
|
|
o test1307: (fnmatch testing) disabled [31]
|
|
o test1422: add required file feature [6]
|
|
o test1531: Add timeout [41]
|
|
o test1540: Remove unused macro TEST_HANG_TIMEOUT [40]
|
|
o test214: disable MSYS2's POSIX path conversion for URL
|
|
o test320: treat curl320.out file as binary [14]
|
|
o tests/http_pipe.py: Use /usr/bin/env to find python
|
|
o tests: Don't use Windows path %PWD for SSH tests [74]
|
|
o tests: fixes for Windows line endlings [13]
|
|
o tool_operate: Fix setting proxy TLS 1.3 ciphers
|
|
o travis: build darwinssl on macos 10.12 to fix linker errors [33]
|
|
o travis: execute "set -eo pipefail" for coverage build [45]
|
|
o travis: run a 'make checksrc' too [25]
|
|
o travis: update to GCC-8 [52]
|
|
o travis: verify that man pages can be regenerated [50]
|
|
o upload: allocate upload buffer on-demand [60]
|
|
o upload: change default UPLOAD_BUFSIZE to 64KB [60]
|
|
o urldata: remove unused pipe_broke struct field [57]
|
|
o vtls: reinstantiate engine on duplicated handles [59]
|
|
o windows: implement send buffer tuning [37]
|
|
o wolfSSL/CyaSSL: Fix memory leak in Curl_cyassl_random [18]
|
|
|
|
This release includes the following known bugs:
|
|
|
|
o see docs/KNOWN_BUGS (https://curl.haxx.se/docs/knownbugs.html)
|
|
|
|
This release would not have looked like this without help, code, reports and
|
|
advice from friends like these:
|
|
|
|
adnn on github, Anderson Toshiyuki Sasaki, Andrei Virtosu, Anton Gerasimov,
|
|
Bas van Schaik, Carie Pointer, Christopher Head, clbr on github,
|
|
Dan Fandrich, Daniel Gustafsson, Daniel Jeliński, Daniel Stenberg,
|
|
Darío Hereñú, Even Rouault, Harry Sintonen, Ihor Karpenko, Jakub Zakrzewski,
|
|
Jeffrey Walton, Jeroen Ooms, Johannes Schindelin, John Butterfield,
|
|
Josh Bialkowski, Kamil Dudka, Kirill Marchuk, Laurent Bonnans,
|
|
Leonardo Taccari, Marcel Raad, Markus Elfring, Michael Kaufmann,
|
|
Nick Zitzmann, Nikos Mavrogiannopoulos, Patrick Monnerat, Paul Howarth,
|
|
Przemysław Tomaszewski, pszemus on github, Ran Mozes, Ray Satiro,
|
|
Rikard Falkeborn, Rodger Combs, Ruslan Baratov, Sergei Nikulov,
|
|
Thomas Klausner, Tobias Blomberg, Viktor Szakats, Zero King, Zhaoyang Wu,
|
|
(46 contributors)
|
|
|
|
Thanks! (and sorry if I forgot to mention someone)
|
|
|
|
References to bug reports and discussions on issues:
|
|
|
|
[1] = https://github.com/curl/curl/pull/2721#issuecomment-403636043
|
|
[2] = https://curl.haxx.se/bug/?i=2732
|
|
[3] = https://curl.haxx.se/bug/?i=2733
|
|
[4] = https://curl.haxx.se/bug/?i=2740
|
|
[5] = https://curl.haxx.se/bug/?i=2719
|
|
[6] = https://curl.haxx.se/bug/?i=2741
|
|
[7] = https://curl.haxx.se/bug/?i=2731
|
|
[8] = https://curl.haxx.se/bug/?i=2736
|
|
[9] = https://curl.haxx.se/bug/?i=2727
|
|
[10] = https://curl.haxx.se/bug/?i=2765
|
|
[11] = https://curl.haxx.se/bug/?i=2768
|
|
[12] = https://curl.haxx.se/bug/?i=2751
|
|
[13] = https://curl.haxx.se/bug/?i=2772
|
|
[14] = https://curl.haxx.se/bug/?i=2776
|
|
[15] = https://curl.haxx.se/bug/?i=2754
|
|
[16] = https://curl.haxx.se/bug/?i=2792
|
|
[17] = https://curl.haxx.se/bug/?i=2790
|
|
[18] = https://curl.haxx.se/bug/?i=2784
|
|
[19] = https://curl.haxx.se/bug/?i=2787
|
|
[20] = https://curl.haxx.se/bug/?i=2788
|
|
[21] = https://curl.haxx.se/bug/?i=2804
|
|
[22] = https://curl.haxx.se/bug/?i=2795
|
|
[23] = https://curl.haxx.se/bug/?i=2797
|
|
[24] = https://curl.haxx.se/bug/?i=2808
|
|
[25] = https://curl.haxx.se/bug/?i=2811
|
|
[26] = https://curl.haxx.se/bug/?i=2769
|
|
[27] = https://curl.haxx.se/bug/?i=2800
|
|
[28] = https://curl.haxx.se/bug/?i=2801
|
|
[29] = https://curl.haxx.se/bug/?i=2783
|
|
[30] = https://curl.haxx.se/bug/?i=2798
|
|
[31] = https://curl.haxx.se/bug/?i=2825
|
|
[32] = https://curl.haxx.se/bug/?i=2830
|
|
[33] = https://curl.haxx.se/bug/?i=2835
|
|
[34] = https://curl.haxx.se/bug/?i=2753
|
|
[35] = https://curl.haxx.se/bug/?i=2755
|
|
[36] = https://curl.haxx.se/bug/?i=2333
|
|
[37] = https://curl.haxx.se/mail/lib-2018-07/0080.html
|
|
[38] = https://curl.haxx.se/bug/?i=2848
|
|
[39] = https://curl.haxx.se/bug/?i=2806
|
|
[40] = https://curl.haxx.se/bug/?i=2852
|
|
[41] = https://curl.haxx.se/bug/?i=2853
|
|
[42] = https://curl.haxx.se/bug/?i=2857
|
|
[43] = https://curl.haxx.se/bug/?i=2837
|
|
[44] = https://curl.haxx.se/bug/?i=2861
|
|
[45] = https://curl.haxx.se/bug/?i=2862
|
|
[46] = https://curl.haxx.se/bug/?i=2847
|
|
[47] = https://curl.haxx.se/bug/?i=2860
|
|
[48] = https://curl.haxx.se/bug/?i=2868
|
|
[49] = https://curl.haxx.se/bug/?i=2865
|
|
[50] = https://curl.haxx.se/bug/?i=2856
|
|
[51] = https://curl.haxx.se/bug/?i=2420
|
|
[52] = https://curl.haxx.se/bug/?i=2869
|
|
[53] = https://curl.haxx.se/bug/?i=2879
|
|
[54] = https://curl.haxx.se/bug/?i=2817
|
|
[55] = https://curl.haxx.se/bug/?i=2880
|
|
[56] = https://curl.haxx.se/bug/?i=2885
|
|
[57] = https://curl.haxx.se/bug/?i=2871
|
|
[58] = https://curl.haxx.se/bug/?i=2882
|
|
[59] = https://curl.haxx.se/bug/?i=2829
|
|
[60] = https://curl.haxx.se/bug/?i=2892
|
|
[61] = https://curl.haxx.se/bug/?i=2894
|
|
[62] = https://curl.haxx.se/bug/?i=2890
|
|
[63] = https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10012
|
|
[64] = https://curl.haxx.se/bug/?i=2747
|
|
[65] = https://curl.haxx.se/bug/?i=2786
|
|
[66] = https://curl.haxx.se/bug/?i=2904
|
|
[67] = https://curl.haxx.se/bug/?i=2910
|
|
[68] = https://curl.haxx.se/mail/lib-2018-08/0198.html
|
|
[69] = https://curl.haxx.se/bug/?i=2908
|
|
[70] = https://curl.haxx.se/bug/?i=2773
|
|
[71] = https://curl.haxx.se/bug/?i=2739
|
|
[72] = https://curl.haxx.se/bug/?i=2915
|
|
[73] = https://curl.haxx.se/docs/CVE-2018-14618.html
|
|
[74] = https://curl.haxx.se/bug/?i=2920
|
|
[75] = https://curl.haxx.se/bug/?i=2524
|
|
[76] = https://curl.haxx.se/bug/?i=2922
|
|
[77] = https://curl.haxx.se/bug/?i=2928
|
|
[78] = https://curl.haxx.se/bug/?i=2925
|
|
[79] = https://curl.haxx.se/bug/?i=2939
|