summaryrefslogtreecommitdiff
path: root/RELEASE-NOTES
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2019-05-22 10:11:05 +0200
committerDaniel Stenberg <daniel@haxx.se>2019-05-22 10:11:05 +0200
commita57e4786b710b51fe463420f36f1d2a61a029f36 (patch)
tree23d176cf1375b0dfe03a95828829388d80226bf6 /RELEASE-NOTES
parent159ea554afb69f429098b0b5e7aa841149e93f2d (diff)
downloadcurl-a57e4786b710b51fe463420f36f1d2a61a029f36.tar.gz
bump: start on the next release
Diffstat (limited to 'RELEASE-NOTES')
-rw-r--r--RELEASE-NOTES237
1 files changed, 8 insertions, 229 deletions
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index a29bf1c5a..098522819 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -1,6 +1,6 @@
-curl and libcurl 7.65.0
+curl and libcurl 7.65.1
- Public curl releases: 181
+ Public curl releases: 182
Command line options: 221
curl_easy_setopt() options: 268
Public functions in libcurl: 80
@@ -8,132 +8,12 @@ curl and libcurl 7.65.0
This release includes the following changes:
- o CURLOPT_DNS_USE_GLOBAL_CACHE: removed [25]
- o CURLOPT_MAXAGE_CONN: set the maximum allowed age for conn reuse [37]
- o pipelining: removed [10]
-
+ o
+
This release includes the following bugfixes:
- o CVE-2019-5435: Integer overflows in curl_url_set [87]
- o CVE-2019-5436: tftp: use the current blksize for recvfrom() [82]
- o --config: clarify that initial : and = might need quoting [17]
- o AppVeyor: enable testing for WinSSL build [23]
- o CURLMOPT_TIMERFUNCTION.3: warn about the recursive risk [52]
- o CURLOPT_ADDRESS_SCOPE: fix range check and more [32]
- o CURLOPT_CAINFO.3: with Schannel, you want Windows 8 or later [75]
- o CURLOPT_CHUNK_BGN_FUNCTION.3: document the struct and time value [51]
- o CURLOPT_READFUNCTION.3: see also CURLOPT_UPLOAD_BUFFERSIZE [71]
- o CURL_MAX_INPUT_LENGTH: largest acceptable string input size [44]
- o Curl_disconnect: treat all CONNECT_ONLY connections as "dead" [39]
- o INTERNALS: Add code highlighting [47]
- o OS400/ccsidcurl: replace use of Curl_vsetopt [50]
- o OpenSSL: Report -fips in version if OpenSSL is built with FIPS [55]
- o README.md: fix no-consecutive-blank-lines Codacy warning [22]
- o VC15 project: remove MinimalRebuild
- o VS projects: use Unicode for VC10+ [16]
- o WRITEFUNCTION: add missing set_in_callback around callback [60]
- o altsvc: Fix building with cookies disabled [38]
- o auth: Rename the various authentication clean up functions [61]
- o base64: build conditionally if there are users
- o build-openssl.bat: Fixed support for OpenSSL v1.1.0+
- o build: fix "clarify calculation precedence" warnings [63]
- o checksrc.bat: ignore snprintf warnings in docs/examples [67]
- o cirrus: Customize the disabled tests per FreeBSD version
- o cleanup: remove FIXME and TODO comments [81]
- o cmake: avoid linking executable for some tests with cmake 3.6+ [18]
- o cmake: clear CMAKE_REQUIRED_LIBRARIES after each use [19]
- o cmake: rename CMAKE_USE_DARWINSSL to CMAKE_USE_SECTRANSP [46]
- o cmake: set SSL_BACKENDS [12]
- o configure: avoid unportable `==' test(1) operator [1]
- o configure: error out if OpenSSL wasn't detected when asked for [74]
- o configure: fix default location for fish completions [13]
- o cookie: Guard against possible NULL ptr deref [42]
- o curl: make code work with protocol-disabled libcurl [78]
- o curl: report error for "--no-" on non-boolean options [86]
- o curl_easy_getinfo.3: fix minor formatting mistake
- o curlver.h: use parenthesis in CURL_VERSION_BITS macro [45]
- o docs/BUG-BOUNTY: bug bounty time [48]
- o docs/INSTALL: fix broken link [62]
- o docs/RELEASE-PROCEDURE: link to live iCalendar [79]
- o documentation: Fix several typos [7]
- o doh: acknowledge CURL_DISABLE_DOH
- o doh: disable DOH for the cases it doesn't work [66]
- o examples: remove unused variables [88]
- o ftplistparser: fix LGTM alert "Empty block without comment" [14]
- o hostip: acknowledge CURL_DISABLE_SHUFFLE_DNS [78]
- o http: Ignore HTTP/2 prior knowledge setting for HTTP proxies [54]
- o http: acknowledge CURL_DISABLE_HTTP_AUTH
- o http: mark bundle as not for multiuse on < HTTP/2 response [41]
- o http_digest: Don't expose functions when HTTP and Crypto Auth are disabled [65]
- o http_negotiate: do not treat failure of gss_init_sec_context() as fatal [53]
- o http_ntlm: Corrected the name of the include guard [64]
- o http_ntlm_wb: Handle auth for only a single request [77]
- o http_ntlm_wb: Return the correct error on receiving an empty auth message [77]
- o lib509: add missing include for strdup [22]
- o lib557: initialize variables [22]
- o makedebug: Fix ERRORLEVEL detection after running where.exe [58]
- o mbedtls: enable use of EC keys [85]
- o mime: acknowledge CURL_DISABLE_MIME
- o multi: improved HTTP_1_1_REQUIRED handling [2]
- o netrc: acknowledge CURL_DISABLE_NETRC [78]
- o nss: allow fifos and character devices for certificates [56]
- o nss: provide more specific error messages on failed init [43]
- o ntlm: Fix misaligned function comments for Curl_auth_ntlm_cleanup [70]
- o ntlm: Support the NT response in the type-3 when OpenSSL doesn't include MD4
- o openssl: mark connection for close on TLS close_notify [36]
- o openvms: Remove pre-processor for SecureTransport [40]
- o openvms: Remove pre-processors for Windows [40]
- o parse_proxy: use the URL parser API [72]
- o parsedate: disabled on CURL_DISABLE_PARSEDATE
- o pingpong: disable more when no pingpong protocols are enabled
- o polarssl_threadlock: remove conditionally unused code [22]
- o progress: acknowledge CURL_DISABLE_PROGRESS_METER [78]
- o proxy: acknowledge DISABLE_PROXY more
- o resolve: apply Happy Eyeballs philosophy to parallel c-ares queries [3]
- o revert "multi: support verbose conncache closure handle" [69]
- o sasl: Don't send authcid as authzid for the PLAIN mechanism as per RFC 4616
- o sasl: only enable if there's a protocol enabled using it
- o scripts: fix typos
- o singleipconnect: show port in the verbose "Trying ..." message
- o smtp: fix compiler warning [15]
- o socks5: user name and passwords must be shorter than 256 [8]
- o socks: fix error message
- o socksd: new SOCKS 4+5 server for tests [31]
- o spnego_gssapi: fix return code on gss_init_sec_context() failure [53]
- o ssh-libssh: remove unused variable [83]
- o ssh: define USE_SSH if SSH is enabled (any backend) [57]
- o ssh: move variable declaration to where it's used [83]
- o test1002: correct the name
- o test2100: Fix typos in test description
- o tests/server/util: fix Windows Unicode build [21]
- o tests: Run global cleanup at end of tests [29]
- o tests: make Impacket (SMB server) Python 3 compatible [11]
- o tool_cb_wrt: fix bad-function-cast warning [5]
- o tool_formparse: remove redundant assignment [83]
- o tool_help: Warn if curl and libcurl versions do not match [28]
- o tool_help: include <strings.h> for strcasecmp [4]
- o transfer: fix LGTM alert "Comparison is always true" [14]
- o travis: add an osx http-only build [80]
- o travis: allow builds on branches named "ci"
- o travis: install dependencies only when needed [24]
- o travis: update some builds do Xenial [30]
- o travis: updated mesalink builds [35]
- o url: always clone the CUROPT_CURLU handle [26]
- o url: convert the zone id from a IPv6 URL to correct scope id [89]
- o urlapi: add CURLUPART_ZONEID to set and get [59]
- o urlapi: increase supported scheme length to 40 bytes [84]
- o urlapi: require a non-zero host name length when parsing URL [73]
- o urlapi: stricter CURLUPART_PORT parsing [33]
- o urlapi: strip off zone id from numerical IPv6 addresses [49]
- o urlapi: urlencode characters above 0x7f correctly [9]
- o vauth/cleartext: update the PLAIN login to match RFC 4616 [27]
- o vauth/oauth2: Fix OAUTHBEARER token generation [6]
- o vauth: Fix incorrect function description for Curl_auth_user_contains_domain [68]
- o vtls: fix potential ssl_buffer stack overflow [76]
- o wildcard: disable from build when FTP isn't present
- o winbuild: Support MultiSSL builds [34]
- o xattr: skip unittest on unsupported platforms [20]
-
+ o
+
This release includes the following known bugs:
o see docs/KNOWN_BUGS (https://curl.haxx.se/docs/knownbugs.html)
@@ -141,110 +21,9 @@ This release includes the following known bugs:
This release would not have looked like this without help, code, reports and
advice from friends like these:
- Aron Bergman, Brad Spencer, cclauss on github, Dan Fandrich,
- Daniel Gustafsson, Daniel Stenberg, Eli Schwartz, Even Rouault,
- Frank Gevaerts, Gisle Vanem, GitYuanQu on github, Guy Poizat, Isaiah Norton,
- Jakub Zakrzewski, Jan Ehrhardt, Jeroen Ooms, Jonathan Cardoso Machado,
- Jonathan Moerman, Joombalaya on github, Kamil Dudka, Kristoffer Gleditsch,
- l00p3r on hackerone, Leonardo Taccari, Marcel Raad, Mert Yazıcıoğlu,
- nevv on HackerOne/curl, niner on github, Olen Andoni, Omar Ramadan,
- Paolo Mossino, Patrick Monnerat, Po-Chuan Hsieh, Poul T Lomholt, Ray Satiro,
- Reed Loden, Ricardo Gomes, Ricky Leverence, Rikard Falkeborn, Roy Bellingan,
- Simon Warta, Steve Holme, Taiyu Len, Tim Rühsen, Tom van der Woerdt,
- Tseng Jun, Viktor Szakats, Wenchao Li, Wyatt O'Day, XmiliaH on github,
- Yiming Jing,
- (50 contributors)
-
+
Thanks! (and sorry if I forgot to mention someone)
References to bug reports and discussions on issues:
- [1] = https://curl.haxx.se/bug/?i=3709
- [2] = https://curl.haxx.se/bug/?i=3707
- [3] = https://curl.haxx.se/bug/?i=3699
- [4] = https://curl.haxx.se/bug/?i=3715
- [5] = https://curl.haxx.se/bug/?i=3718
- [6] = https://curl.haxx.se/bug/?i=2487
- [7] = https://curl.haxx.se/bug/?i=3724
- [8] = https://curl.haxx.se/bug/?i=3737
- [9] = https://curl.haxx.se/bug/?i=3741
- [10] = https://curl.haxx.se/bug/?i=3651
- [11] = https://curl.haxx.se/bug/?i=3731
- [12] = https://curl.haxx.se/bug/?i=3736
- [13] = https://curl.haxx.se/bug/?i=3723
- [14] = https://curl.haxx.se/bug/?i=3732
- [15] = https://curl.haxx.se/bug/?i=3729
- [16] = https://curl.haxx.se/bug/?i=3720
- [17] = https://curl.haxx.se/bug/?i=3738
- [18] = https://curl.haxx.se/bug/?i=3744
- [19] = https://curl.haxx.se/bug/?i=3743
- [20] = https://curl.haxx.se/bug/?i=3759
- [21] = https://curl.haxx.se/bug/?i=3758
- [22] = https://curl.haxx.se/bug/?i=3739
- [23] = https://curl.haxx.se/bug/?i=3725
- [24] = https://curl.haxx.se/bug/?i=3721
- [25] = https://curl.haxx.se/bug/?i=3654
- [26] = https://curl.haxx.se/bug/?i=3753
- [27] = https://curl.haxx.se/bug/?i=3757
- [28] = https://curl.haxx.se/bug/?i=3774
- [29] = https://curl.haxx.se/bug/?i=3783
- [30] = https://curl.haxx.se/bug/?i=3777
- [31] = https://curl.haxx.se/bug/?i=3752
- [32] = https://curl.haxx.se/bug/?i=3713
- [33] = https://curl.haxx.se/bug/?i=3762
- [34] = https://curl.haxx.se/bug/?i=3772
- [35] = https://curl.haxx.se/bug/?i=3823
- [36] = https://curl.haxx.se/bug/?i=3750
- [37] = https://curl.haxx.se/bug/?i=3782
- [38] = https://curl.haxx.se/bug/?i=3717
- [39] = https://curl.haxx.se/mail/lib-2019-04/0052.html
- [40] = https://curl.haxx.se/bug/?i=3768
- [41] = https://curl.haxx.se/bug/?i=3813
- [42] = https://curl.haxx.se/bug/?i=3820
- [43] = https://curl.haxx.se/bug/?i=3808
- [44] = https://curl.haxx.se/bug/?i=3805
- [45] = https://curl.haxx.se/bug/?i=3809
- [46] = https://curl.haxx.se/bug/?i=3769
- [47] = https://curl.haxx.se/bug/?i=3801
- [48] = https://curl.haxx.se/bug/?i=3488
- [49] = https://curl.haxx.se/bug/?i=3817
- [50] = https://curl.haxx.se/bug/?i=3833
- [51] = https://curl.haxx.se/bug/?i=3829
- [52] = https://curl.haxx.se/bug/?i=3537
- [53] = https://curl.haxx.se/bug/?i=3726
- [54] = https://curl.haxx.se/bug/?i=3570
- [55] = https://curl.haxx.se/bug/?i=3771
- [56] = https://curl.haxx.se/bug/?i=3807
- [57] = https://curl.haxx.se/bug/?i=3846
- [58] = https://curl.haxx.se/bug/?i=3838
- [59] = https://curl.haxx.se/bug/?i=3834
- [60] = https://curl.haxx.se/bug/?i=3837
- [61] = https://curl.haxx.se/bug/?i=3869
- [62] = https://curl.haxx.se/bug/?i=3818
- [63] = https://curl.haxx.se/bug/?i=3866
- [64] = https://curl.haxx.se/bug/?i=3867
- [65] = https://curl.haxx.se/bug/?i=3861
- [66] = https://curl.haxx.se/bug/?i=3850
- [67] = https://curl.haxx.se/bug/?i=3862
- [68] = https://curl.haxx.se/bug/?i=3860
- [69] = https://curl.haxx.se/bug/?i=3856
- [70] = https://curl.haxx.se/bug/?i=3858
- [71] = https://curl.haxx.se/bug/?i=3885
- [72] = https://curl.haxx.se/bug/?i=3878
- [73] = https://curl.haxx.se/bug/?i=3880
- [74] = https://curl.haxx.se/bug/?i=3824
- [75] = https://curl.haxx.se/bug/?i=3711
- [76] = https://curl.haxx.se/bug/?i=3863
- [77] = https://curl.haxx.se/bug/?i=3894
- [78] = https://curl.haxx.se/bug/?i=3844
- [79] = https://curl.haxx.se/bug/?i=3895
- [80] = https://curl.haxx.se/bug/?i=3887
- [81] = https://curl.haxx.se/bug/?i=3876
- [82] = https://curl.haxx.se/docs/CVE-2019-5436.html
- [83] = https://curl.haxx.se/bug/?i=3873
- [84] = https://curl.haxx.se/bug/?i=3905
- [85] = https://curl.haxx.se/bug/?i=3892
- [86] = https://curl.haxx.se/bug/?i=3906
- [87] = https://curl.haxx.se/docs/CVE-2019-5435.html
- [88] = https://curl.haxx.se/bug/?i=3908
- [89] = https://curl.haxx.se/bug/?i=3902
+ [1] = https://curl.haxx.se/bug/?i=