Upgrade curl to curl-7_65_0 Test: build, boots, `vendor/google/tools/fake-ota on streaming` works Change-Id: I14034f7e81b55368c1927440cb2003b6b173a6f8
diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 644b6d7..a29bf1c 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES
@@ -1,134 +1,138 @@ -curl and libcurl 7.64.1 +curl and libcurl 7.65.0 - Public curl releases: 180 + Public curl releases: 181 Command line options: 221 - curl_easy_setopt() options: 267 + curl_easy_setopt() options: 268 Public functions in libcurl: 80 Contributors: 1929 This release includes the following changes: - o alt-svc: experiemental support added [74] - o configure: add --with-amissl [84] + o CURLOPT_DNS_USE_GLOBAL_CACHE: removed [25] + o CURLOPT_MAXAGE_CONN: set the maximum allowed age for conn reuse [37] + o pipelining: removed [10] This release includes the following bugfixes: - o AppVeyor: add MinGW-w64 and classic Mingw builds [55] - o AppVeyor: switch VS 2015 builds to VS 2017 image [49] - o CURLU: fix NULL dereference when used over proxy [73] - o Curl_easy: remove req.maxfd - never used! [58] - o Curl_now: figure out windows version in win32_init: [11] - o Curl_resolv: fix a gcc -Werror=maybe-uninitialized warning [20] - o DoH: inherit some SSL options from user's easy handle [80] - o Secure Transport: no more "darwinssl" [56] - o Secure Transport: tvOS 11 is required for ALPN support [94] - o cirrus: Added FreeBSD builds using Cirrus CI - o cleanup: make local functions static [5] - o cli tool: do not use mime.h private structures [27] - o cmdline-opts/proxytunnel.d: the option tunnnels all protocols [83] - o configure: add additional libraries to check for LDAP support [45] - o configure: remove the unused fdopen macro [40] - o configure: show features as well in the final summary [15] - o conncache: use conn->data to know if a transfer owns it [95] - o connection: never reuse CONNECT_ONLY connections [35] - o connection_check: restore original conn->data after the check [14] - o connection_check: set ->data to the transfer doing the check [3] - o cookie: Add support for cookie prefixes [29] - o cookies: dotless names can set cookies again [81] - o cookies: fix NULL dereference if flushing cookies with no CookieInfo set [47] - o curl.1: --user and --proxy-user are hidden from ps output [86] - o curl.1: mark the argument to --cookie as <data|filename> [87] - o curl.h: use __has_declspec_attribute for shared builds [52] - o curl: display --version features sorted alphabetically [51] - o curl: fix FreeBSD compiler warning in the --xattr code [2] - o curl: remove MANUAL from -M output [38] - o curl_easy_duphandle.3: clarify that a duped handle has no shares [64] - o curl_multi_remove_handle.3: use at any time, just not from within callbacks - o curl_url.3: this API is not experimental anymore - o dns: release sharelock as soon as possible [1] - o docs: update max-redirs.d phrasing [59] - o easy: fix win32 init to work without CURL_GLOBAL_WIN32 [30] - o examples/10-at-a-time.c: improve readability and simplify - o examples/cacertinmem.c: use multiple certificates for loading CA-chain [54] - o examples/crawler: Fix the Accept-Encoding setting - o examples/ephiperfifo.c: various fixes [63] - o examples/externalsocket: add missing close socket calls [78] - o examples/http2-download: cleaned up - o examples/http2-serverpush: add some sensible error checks [31] - o examples/http2-upload: cleaned up - o examples/httpcustomheader: Value stored to 'res' is never read - o examples/postinmemory: Potential leak of memory pointed to by 'chunk.memory' - o examples/sftpuploadresume: Value stored to 'result' is never read - o examples: only include <curl/curl.h> [70] - o examples: remove recursive calls to curl_multi_socket_action [42] - o examples: remove superfluous null-pointer checks - o file: fix "Checking if unsigned variable 'readcount' is less than zero." [90] - o fnmatch: disable if FTP is disabled [25] - o gnutls: remove call to deprecated gnutls_compression_get_name [66] - o gopher: remove check for path == NULL [69] - o gssapi: fix deprecated header warnings [16] - o hostip: make create_hostcache_id avoid alloc + free [4] - o http2: multi_connchanged() moved from multi.c, only used for h2 [21] - o http2: verify :athority in push promise requests [37] - o http: make adding a blank header thread-safe [33] - o http: send payload when (proxy) authentication is done [89] - o http: set state.infilesize when sending multipart formposts [57] - o makefile: make checksrc and hugefile commands "silent" [85] - o mbedtls: make it build even if MBEDTLS_VERSION_C isn't set [24] - o mbedtls: release sessionid resources on error [28] - o memdebug: log pointer before freeing its data [91] - o memdebug: make debug-specific functions use curl_dbg_ prefix [82] - o mime: put the boundary buffer into the curl_mime struct [18] - o multi: call multi_done on connect timeouts, fixes CURLINFO_TOTAL_TIME [43] - o multi: remove verbose "Expire in" ... messages [23] - o multi: removed unused code for request retries [79] - o multi: support verbose conncache closure handle [72] - o negotiate: fix for HTTP POST with Negotiate [88] - o openssl: add support for TLS ASYNC state [46] - o openssl: if cert type is ENG and no key specified, key is ENG too [93] - o pretransfer: don't strlen() POSTFIELDS set for GET requests [22] - o rand: Fix a mismatch between comments in source and header [32] - o runtests: detect "schannel" as an alias for "winssl" [50] - o schannel: be quiet - remove verbose output [19] - o schannel: close TLS before removing conn from cache [10] - o schannel: support CALG_ECDH_EPHEM algorithm [44] - o scripts/completion.pl: also generate fish completion file [67] - o singlesocket: fix the 'sincebefore' placement [36] - o source: fix two 'nread' may be used uninitialized warnings [68] - o ssh: fix Condition '!status' is always true [60] - o ssh: loop the state machine if not done and not blocking [71] - o strerror: make the strerror function use local buffers [48] - o system_win32: move win32_init here from easy.c [65] - o test578: make it read data from the correct test - o tests: Fixed XML validation errors in some test files - o tests: add stderr comparison to the test suite [26] - o tests: fix multiple may be used uninitialized warnings - o threaded-resolver: shutdown the resolver thread without error message [61] - o tool_cb_wrt: fix writing to Windows null device NUL [96] - o tool_getpass: termios.h is present on AmigaOS 3, but no tcgetattr/tcsetattr [84] - o tool_operate: build on AmigaOS [84] - o tool_operate: fix typecheck warning [9] - o transfer.c: do not compute length of undefined hex buffer - o travis: add build using gnutls [75] - o travis: add scan-build [13] - o travis: bump the used wolfSSL version to 4.0.0 [92] - o travis: enable valgrind for the iconv tests [12] - o travis: use updated compiler versions: clang 7 and gcc 8 [77] - o unit1307: require FTP support [17] - o unit1651: survive curl_easy_init() fails - o url/idnconvert: remove scan for <= 32 ascii values [6] - o url: change conn shutdown order to ensure SOCKETFUNCTION callbacks [39] - o urlapi: reduce variable scope, remove unreachable 'break' [7] - o urldata: convert bools to bitfields and move to end [53] - o urldata: simplify bytecounters [62] - o urlglob: Argument with 'nonnull' attribute passed null - o version.c: silent scan-build even when librtmp is not enabled - o vtls: rename some of the SSL functions [84] - o wolfssl: stop custom-adding curves [41] - o x509asn1: "Dereference of null pointer" - o x509asn1: cleanup and unify code layout [34] - o zsh.pl: escape ':' character [8] - o zsh.pl: update regex to better match curl -h output [8] + o CVE-2019-5435: Integer overflows in curl_url_set [87] + o CVE-2019-5436: tftp: use the current blksize for recvfrom() [82] + o --config: clarify that initial : and = might need quoting [17] + o AppVeyor: enable testing for WinSSL build [23] + o CURLMOPT_TIMERFUNCTION.3: warn about the recursive risk [52] + o CURLOPT_ADDRESS_SCOPE: fix range check and more [32] + o CURLOPT_CAINFO.3: with Schannel, you want Windows 8 or later [75] + o CURLOPT_CHUNK_BGN_FUNCTION.3: document the struct and time value [51] + o CURLOPT_READFUNCTION.3: see also CURLOPT_UPLOAD_BUFFERSIZE [71] + o CURL_MAX_INPUT_LENGTH: largest acceptable string input size [44] + o Curl_disconnect: treat all CONNECT_ONLY connections as "dead" [39] + o INTERNALS: Add code highlighting [47] + o OS400/ccsidcurl: replace use of Curl_vsetopt [50] + o OpenSSL: Report -fips in version if OpenSSL is built with FIPS [55] + o README.md: fix no-consecutive-blank-lines Codacy warning [22] + o VC15 project: remove MinimalRebuild + o VS projects: use Unicode for VC10+ [16] + o WRITEFUNCTION: add missing set_in_callback around callback [60] + o altsvc: Fix building with cookies disabled [38] + o auth: Rename the various authentication clean up functions [61] + o base64: build conditionally if there are users + o build-openssl.bat: Fixed support for OpenSSL v1.1.0+ + o build: fix "clarify calculation precedence" warnings [63] + o checksrc.bat: ignore snprintf warnings in docs/examples [67] + o cirrus: Customize the disabled tests per FreeBSD version + o cleanup: remove FIXME and TODO comments [81] + o cmake: avoid linking executable for some tests with cmake 3.6+ [18] + o cmake: clear CMAKE_REQUIRED_LIBRARIES after each use [19] + o cmake: rename CMAKE_USE_DARWINSSL to CMAKE_USE_SECTRANSP [46] + o cmake: set SSL_BACKENDS [12] + o configure: avoid unportable `==' test(1) operator [1] + o configure: error out if OpenSSL wasn't detected when asked for [74] + o configure: fix default location for fish completions [13] + o cookie: Guard against possible NULL ptr deref [42] + o curl: make code work with protocol-disabled libcurl [78] + o curl: report error for "--no-" on non-boolean options [86] + o curl_easy_getinfo.3: fix minor formatting mistake + o curlver.h: use parenthesis in CURL_VERSION_BITS macro [45] + o docs/BUG-BOUNTY: bug bounty time [48] + o docs/INSTALL: fix broken link [62] + o docs/RELEASE-PROCEDURE: link to live iCalendar [79] + o documentation: Fix several typos [7] + o doh: acknowledge CURL_DISABLE_DOH + o doh: disable DOH for the cases it doesn't work [66] + o examples: remove unused variables [88] + o ftplistparser: fix LGTM alert "Empty block without comment" [14] + o hostip: acknowledge CURL_DISABLE_SHUFFLE_DNS [78] + o http: Ignore HTTP/2 prior knowledge setting for HTTP proxies [54] + o http: acknowledge CURL_DISABLE_HTTP_AUTH + o http: mark bundle as not for multiuse on < HTTP/2 response [41] + o http_digest: Don't expose functions when HTTP and Crypto Auth are disabled [65] + o http_negotiate: do not treat failure of gss_init_sec_context() as fatal [53] + o http_ntlm: Corrected the name of the include guard [64] + o http_ntlm_wb: Handle auth for only a single request [77] + o http_ntlm_wb: Return the correct error on receiving an empty auth message [77] + o lib509: add missing include for strdup [22] + o lib557: initialize variables [22] + o makedebug: Fix ERRORLEVEL detection after running where.exe [58] + o mbedtls: enable use of EC keys [85] + o mime: acknowledge CURL_DISABLE_MIME + o multi: improved HTTP_1_1_REQUIRED handling [2] + o netrc: acknowledge CURL_DISABLE_NETRC [78] + o nss: allow fifos and character devices for certificates [56] + o nss: provide more specific error messages on failed init [43] + o ntlm: Fix misaligned function comments for Curl_auth_ntlm_cleanup [70] + o ntlm: Support the NT response in the type-3 when OpenSSL doesn't include MD4 + o openssl: mark connection for close on TLS close_notify [36] + o openvms: Remove pre-processor for SecureTransport [40] + o openvms: Remove pre-processors for Windows [40] + o parse_proxy: use the URL parser API [72] + o parsedate: disabled on CURL_DISABLE_PARSEDATE + o pingpong: disable more when no pingpong protocols are enabled + o polarssl_threadlock: remove conditionally unused code [22] + o progress: acknowledge CURL_DISABLE_PROGRESS_METER [78] + o proxy: acknowledge DISABLE_PROXY more + o resolve: apply Happy Eyeballs philosophy to parallel c-ares queries [3] + o revert "multi: support verbose conncache closure handle" [69] + o sasl: Don't send authcid as authzid for the PLAIN mechanism as per RFC 4616 + o sasl: only enable if there's a protocol enabled using it + o scripts: fix typos + o singleipconnect: show port in the verbose "Trying ..." message + o smtp: fix compiler warning [15] + o socks5: user name and passwords must be shorter than 256 [8] + o socks: fix error message + o socksd: new SOCKS 4+5 server for tests [31] + o spnego_gssapi: fix return code on gss_init_sec_context() failure [53] + o ssh-libssh: remove unused variable [83] + o ssh: define USE_SSH if SSH is enabled (any backend) [57] + o ssh: move variable declaration to where it's used [83] + o test1002: correct the name + o test2100: Fix typos in test description + o tests/server/util: fix Windows Unicode build [21] + o tests: Run global cleanup at end of tests [29] + o tests: make Impacket (SMB server) Python 3 compatible [11] + o tool_cb_wrt: fix bad-function-cast warning [5] + o tool_formparse: remove redundant assignment [83] + o tool_help: Warn if curl and libcurl versions do not match [28] + o tool_help: include <strings.h> for strcasecmp [4] + o transfer: fix LGTM alert "Comparison is always true" [14] + o travis: add an osx http-only build [80] + o travis: allow builds on branches named "ci" + o travis: install dependencies only when needed [24] + o travis: update some builds do Xenial [30] + o travis: updated mesalink builds [35] + o url: always clone the CUROPT_CURLU handle [26] + o url: convert the zone id from a IPv6 URL to correct scope id [89] + o urlapi: add CURLUPART_ZONEID to set and get [59] + o urlapi: increase supported scheme length to 40 bytes [84] + o urlapi: require a non-zero host name length when parsing URL [73] + o urlapi: stricter CURLUPART_PORT parsing [33] + o urlapi: strip off zone id from numerical IPv6 addresses [49] + o urlapi: urlencode characters above 0x7f correctly [9] + o vauth/cleartext: update the PLAIN login to match RFC 4616 [27] + o vauth/oauth2: Fix OAUTHBEARER token generation [6] + o vauth: Fix incorrect function description for Curl_auth_user_contains_domain [68] + o vtls: fix potential ssl_buffer stack overflow [76] + o wildcard: disable from build when FTP isn't present + o winbuild: Support MultiSSL builds [34] + o xattr: skip unittest on unsupported platforms [20] This release includes the following known bugs: @@ -137,117 +141,110 @@ This release would not have looked like this without help, code, reports and advice from friends like these: - accountantM on github, Alessandro Ghedini, Andre Guibert de Bruet, - Arnaud Rebillout, Bernd Mueller, Björn Stenberg, buzo-ffm on github, - Chris Araman, Christian Schmitz, Chris Young, d912e3 on github, Dan Fandrich, - Daniel Gustafsson, Daniel Lublin, Daniel Stenberg, David Garske, - David Woodhouse, Dominik Hölzl, Don J Olmstead, Eric Curtin, Frank Gevaerts, - Gisle Vanem, James Brown, Jan Alexander Steffens, jnbr on github, - MAntoniak on github, Marcel Raad, Marc Schlatter, Matt McClure, Michael Felt, - Michael Schmid, Michael Wallner, Michał Antoniak, nedres on github, - nianxuejie on github, Nick Zitzmann, Nicolas Grekas, Patrick Monnerat, - Paul Groke, Pavel Löbl, Ray Satiro, Renaud Allard, Romain Geissler, - Sara Golemon, Simon Legner, tholin on github, Tim Rühsen, Volker Schmid, - wesinator on github, - (49 contributors) + Aron Bergman, Brad Spencer, cclauss on github, Dan Fandrich, + Daniel Gustafsson, Daniel Stenberg, Eli Schwartz, Even Rouault, + Frank Gevaerts, Gisle Vanem, GitYuanQu on github, Guy Poizat, Isaiah Norton, + Jakub Zakrzewski, Jan Ehrhardt, Jeroen Ooms, Jonathan Cardoso Machado, + Jonathan Moerman, Joombalaya on github, Kamil Dudka, Kristoffer Gleditsch, + l00p3r on hackerone, Leonardo Taccari, Marcel Raad, Mert Yazıcıoğlu, + nevv on HackerOne/curl, niner on github, Olen Andoni, Omar Ramadan, + Paolo Mossino, Patrick Monnerat, Po-Chuan Hsieh, Poul T Lomholt, Ray Satiro, + Reed Loden, Ricardo Gomes, Ricky Leverence, Rikard Falkeborn, Roy Bellingan, + Simon Warta, Steve Holme, Taiyu Len, Tim Rühsen, Tom van der Woerdt, + Tseng Jun, Viktor Szakats, Wenchao Li, Wyatt O'Day, XmiliaH on github, + Yiming Jing, + (50 contributors) Thanks! (and sorry if I forgot to mention someone) References to bug reports and discussions on issues: - [1] = https://curl.haxx.se/bug/?i=3516 - [2] = https://curl.haxx.se/bug/?i=3550 - [3] = https://curl.haxx.se/bug/?i=3541 - [4] = https://curl.haxx.se/bug/?i=3544 - [5] = https://curl.haxx.se/bug/?i=3538 - [6] = https://curl.haxx.se/bug/?i=3539 - [7] = https://curl.haxx.se/bug/?i=3540 - [8] = https://bugs.debian.org/921452 - [9] = https://curl.haxx.se/bug/?i=3534 - [10] = https://curl.haxx.se/bug/?i=3412 - [11] = https://curl.haxx.se/bug/?i=3572 - [12] = https://curl.haxx.se/bug/?i=3571 - [13] = https://curl.haxx.se/bug/?i=3564 - [14] = https://curl.haxx.se/bug/?i=3542 - [15] = https://curl.haxx.se/bug/?i=3569 - [16] = https://curl.haxx.se/bug/?i=3566 - [17] = https://curl.haxx.se/bug/?i=3565 - [18] = https://curl.haxx.se/bug/?i=3561 - [19] = https://curl.haxx.se/bug/?i=3552 - [20] = https://curl.haxx.se/bug/?i=3562 - [21] = https://curl.haxx.se/bug/?i=3557 - [22] = https://curl.haxx.se/bug/?i=3548 - [23] = https://curl.haxx.se/mail/archive-2019-02/0013.html - [24] = https://curl.haxx.se/bug/?i=3553 - [25] = https://curl.haxx.se/bug/?i=3551 - [26] = https://curl.haxx.se/bug/?i=3536 - [27] = https://curl.haxx.se/bug/?i=3532 - [28] = https://curl.haxx.se/bug/?i=3574 - [29] = https://curl.haxx.se/bug/?i=3554 - [30] = https://curl.haxx.se/bug/?i=3313 - [31] = https://curl.haxx.se/bug/?i=3580 - [32] = https://curl.haxx.se/bug/?i=3584 - [33] = https://curl.haxx.se/bug/?i=3578 - [34] = https://curl.haxx.se/bug/?i=3582 - [35] = https://curl.haxx.se/mail/lib-2019-02/0064.html - [36] = https://curl.haxx.se/bug/?i=3585 - [37] = https://curl.haxx.se/bug/?i=3577 - [38] = https://curl.haxx.se/bug/?i=3587 - [39] = https://curl.haxx.se/mail/lib-2019-02/0101.html - [40] = https://curl.haxx.se/bug/?i=3600 - [41] = https://curl.haxx.se/bug/?i=3599 - [42] = https://curl.haxx.se/bug/?i=3537 - [43] = https://curl.haxx.se/bug/?i=3602 - [44] = https://curl.haxx.se/bug/?i=3608 - [45] = https://curl.haxx.se/bug/?i=3595 - [46] = https://curl.haxx.se/bug/?i=3591 - [47] = https://curl.haxx.se/bug/?i=3613 - [48] = https://curl.haxx.se/bug/?i=3612 - [49] = https://curl.haxx.se/bug/?i=3606 - [50] = https://curl.haxx.se/bug/?i=3609 - [51] = https://curl.haxx.se/bug/?i=3611 - [52] = https://curl.haxx.se/bug/?i=3616 - [53] = https://curl.haxx.se/bug/?i=3610 - [54] = https://curl.haxx.se/bug/?i=3421 - [55] = https://curl.haxx.se/bug/?i=3623 - [56] = https://curl.haxx.se/bug/?i=3619 - [57] = https://curl.haxx.se/mail/archive-2019-02/0023.html - [58] = https://curl.haxx.se/bug/?i=3626 - [59] = https://curl.haxx.se/bug/?i=3631 - [60] = https://curl.haxx.se/bug/?i=3628 - [61] = https://curl.haxx.se/bug/?i=3629 - [62] = https://curl.haxx.se/bug/?i=3627 - [63] = https://curl.haxx.se/bug/?i=3632 - [64] = https://curl.haxx.se/bug/?i=3592 - [65] = https://curl.haxx.se/bug/?i=3625 - [66] = https://curl.haxx.se/bug/?i=3636 - [67] = https://curl.haxx.se/bug/?i=3545 - [68] = https://curl.haxx.se/bug/?i=3546 - [69] = https://curl.haxx.se/bug/?i=3617 - [70] = https://curl.haxx.se/bug/?i=3645 - [71] = https://curl.haxx.se/bug/?i=3506 - [72] = https://curl.haxx.se/bug/?i=3618 - [73] = https://curl.haxx.se/bug/?i=3641 - [74] = https://curl.haxx.se/bug/?i=3498 - [76] = https://curl.haxx.se/bug/?i=3637 - [77] = https://curl.haxx.se/bug/?i=3670 - [78] = https://curl.haxx.se/bug/?i=3663 - [79] = https://curl.haxx.se/bug/?i=3666 - [80] = https://curl.haxx.se/bug/?i=3660 - [81] = https://curl.haxx.se/bug/?i=3649 - [82] = https://curl.haxx.se/bug/?i=3656 - [83] = https://curl.haxx.se/bug/?i=3658 - [84] = https://curl.haxx.se/bug/?i=3677 - [85] = https://curl.haxx.se/bug/?i=3681 - [86] = https://curl.haxx.se/bug/?i=3680 - [87] = https://curl.haxx.se/bug/?i=3682 - [88] = https://curl.haxx.se/bug/?i=1261 - [89] = https://curl.haxx.se/bug/?i=2431 - [90] = https://curl.haxx.se/bug/?i=3672 - [91] = https://curl.haxx.se/bug/?i=3671 - [92] = https://curl.haxx.se/bug/?i=3697 - [93] = https://curl.haxx.se/bug/?i=3692 - [94] = https://curl.haxx.se/bug/?i=3689 - [95] = https://curl.haxx.se/bug/?i=3686 - [96] = https://github.com/curl/curl/issues/3175#issuecomment-439068724 - + [1] = https://curl.haxx.se/bug/?i=3709 + [2] = https://curl.haxx.se/bug/?i=3707 + [3] = https://curl.haxx.se/bug/?i=3699 + [4] = https://curl.haxx.se/bug/?i=3715 + [5] = https://curl.haxx.se/bug/?i=3718 + [6] = https://curl.haxx.se/bug/?i=2487 + [7] = https://curl.haxx.se/bug/?i=3724 + [8] = https://curl.haxx.se/bug/?i=3737 + [9] = https://curl.haxx.se/bug/?i=3741 + [10] = https://curl.haxx.se/bug/?i=3651 + [11] = https://curl.haxx.se/bug/?i=3731 + [12] = https://curl.haxx.se/bug/?i=3736 + [13] = https://curl.haxx.se/bug/?i=3723 + [14] = https://curl.haxx.se/bug/?i=3732 + [15] = https://curl.haxx.se/bug/?i=3729 + [16] = https://curl.haxx.se/bug/?i=3720 + [17] = https://curl.haxx.se/bug/?i=3738 + [18] = https://curl.haxx.se/bug/?i=3744 + [19] = https://curl.haxx.se/bug/?i=3743 + [20] = https://curl.haxx.se/bug/?i=3759 + [21] = https://curl.haxx.se/bug/?i=3758 + [22] = https://curl.haxx.se/bug/?i=3739 + [23] = https://curl.haxx.se/bug/?i=3725 + [24] = https://curl.haxx.se/bug/?i=3721 + [25] = https://curl.haxx.se/bug/?i=3654 + [26] = https://curl.haxx.se/bug/?i=3753 + [27] = https://curl.haxx.se/bug/?i=3757 + [28] = https://curl.haxx.se/bug/?i=3774 + [29] = https://curl.haxx.se/bug/?i=3783 + [30] = https://curl.haxx.se/bug/?i=3777 + [31] = https://curl.haxx.se/bug/?i=3752 + [32] = https://curl.haxx.se/bug/?i=3713 + [33] = https://curl.haxx.se/bug/?i=3762 + [34] = https://curl.haxx.se/bug/?i=3772 + [35] = https://curl.haxx.se/bug/?i=3823 + [36] = https://curl.haxx.se/bug/?i=3750 + [37] = https://curl.haxx.se/bug/?i=3782 + [38] = https://curl.haxx.se/bug/?i=3717 + [39] = https://curl.haxx.se/mail/lib-2019-04/0052.html + [40] = https://curl.haxx.se/bug/?i=3768 + [41] = https://curl.haxx.se/bug/?i=3813 + [42] = https://curl.haxx.se/bug/?i=3820 + [43] = https://curl.haxx.se/bug/?i=3808 + [44] = https://curl.haxx.se/bug/?i=3805 + [45] = https://curl.haxx.se/bug/?i=3809 + [46] = https://curl.haxx.se/bug/?i=3769 + [47] = https://curl.haxx.se/bug/?i=3801 + [48] = https://curl.haxx.se/bug/?i=3488 + [49] = https://curl.haxx.se/bug/?i=3817 + [50] = https://curl.haxx.se/bug/?i=3833 + [51] = https://curl.haxx.se/bug/?i=3829 + [52] = https://curl.haxx.se/bug/?i=3537 + [53] = https://curl.haxx.se/bug/?i=3726 + [54] = https://curl.haxx.se/bug/?i=3570 + [55] = https://curl.haxx.se/bug/?i=3771 + [56] = https://curl.haxx.se/bug/?i=3807 + [57] = https://curl.haxx.se/bug/?i=3846 + [58] = https://curl.haxx.se/bug/?i=3838 + [59] = https://curl.haxx.se/bug/?i=3834 + [60] = https://curl.haxx.se/bug/?i=3837 + [61] = https://curl.haxx.se/bug/?i=3869 + [62] = https://curl.haxx.se/bug/?i=3818 + [63] = https://curl.haxx.se/bug/?i=3866 + [64] = https://curl.haxx.se/bug/?i=3867 + [65] = https://curl.haxx.se/bug/?i=3861 + [66] = https://curl.haxx.se/bug/?i=3850 + [67] = https://curl.haxx.se/bug/?i=3862 + [68] = https://curl.haxx.se/bug/?i=3860 + [69] = https://curl.haxx.se/bug/?i=3856 + [70] = https://curl.haxx.se/bug/?i=3858 + [71] = https://curl.haxx.se/bug/?i=3885 + [72] = https://curl.haxx.se/bug/?i=3878 + [73] = https://curl.haxx.se/bug/?i=3880 + [74] = https://curl.haxx.se/bug/?i=3824 + [75] = https://curl.haxx.se/bug/?i=3711 + [76] = https://curl.haxx.se/bug/?i=3863 + [77] = https://curl.haxx.se/bug/?i=3894 + [78] = https://curl.haxx.se/bug/?i=3844 + [79] = https://curl.haxx.se/bug/?i=3895 + [80] = https://curl.haxx.se/bug/?i=3887 + [81] = https://curl.haxx.se/bug/?i=3876 + [82] = https://curl.haxx.se/docs/CVE-2019-5436.html + [83] = https://curl.haxx.se/bug/?i=3873 + [84] = https://curl.haxx.se/bug/?i=3905 + [85] = https://curl.haxx.se/bug/?i=3892 + [86] = https://curl.haxx.se/bug/?i=3906 + [87] = https://curl.haxx.se/docs/CVE-2019-5435.html + [88] = https://curl.haxx.se/bug/?i=3908 + [89] = https://curl.haxx.se/bug/?i=3902
