Google Git
Sign in
android / platform / external / curl / 34ab3465b2ef3c2ecf613738b94ff3fd8538d1e7 / . / RELEASE-NOTES
blob: a29bf1c5a5ba3c036dd4c1fe0c7d4d00ce4cb948 [file] [log] [blame]
Haibo Huang34ab3462019-05-22 00:50:27 -0700[diff] [blame^]1curl and libcurl 7.65.0
Lucas Eckels9bd90e62012-08-06 15:07:02 -0700[diff] [blame]2
Haibo Huang34ab3462019-05-22 00:50:27 -0700[diff] [blame^]3 Public curl releases: 181
Haibo Huang65021c72019-03-27 15:37:23 -0700[diff] [blame]4 Command line options: 221
Haibo Huang34ab3462019-05-22 00:50:27 -0700[diff] [blame^]5 curl_easy_setopt() options: 268
Elliott Hughesa93fb052018-12-12 14:22:48 -0800[diff] [blame]6 Public functions in libcurl: 80
Haibo Huang65021c72019-03-27 15:37:23 -0700[diff] [blame]7 Contributors: 1929
Elliott Hughesa93fb052018-12-12 14:22:48 -0800[diff] [blame]8
9This release includes the following changes:
10
Haibo Huang34ab3462019-05-22 00:50:27 -0700[diff] [blame^]11 o CURLOPT_DNS_USE_GLOBAL_CACHE: removed [25]
12 o CURLOPT_MAXAGE_CONN: set the maximum allowed age for conn reuse [37]
13 o pipelining: removed [10]
Lucas Eckels9bd90e62012-08-06 15:07:02 -0700[diff] [blame]14
15This release includes the following bugfixes:
16
Haibo Huang34ab3462019-05-22 00:50:27 -0700[diff] [blame^]17 o CVE-2019-5435: Integer overflows in curl_url_set [87]
18 o CVE-2019-5436: tftp: use the current blksize for recvfrom() [82]
19 o --config: clarify that initial : and = might need quoting [17]
20 o AppVeyor: enable testing for WinSSL build [23]
21 o CURLMOPT_TIMERFUNCTION.3: warn about the recursive risk [52]
22 o CURLOPT_ADDRESS_SCOPE: fix range check and more [32]
23 o CURLOPT_CAINFO.3: with Schannel, you want Windows 8 or later [75]
24 o CURLOPT_CHUNK_BGN_FUNCTION.3: document the struct and time value [51]
25 o CURLOPT_READFUNCTION.3: see also CURLOPT_UPLOAD_BUFFERSIZE [71]
26 o CURL_MAX_INPUT_LENGTH: largest acceptable string input size [44]
27 o Curl_disconnect: treat all CONNECT_ONLY connections as "dead" [39]
28 o INTERNALS: Add code highlighting [47]
29 o OS400/ccsidcurl: replace use of Curl_vsetopt [50]
30 o OpenSSL: Report -fips in version if OpenSSL is built with FIPS [55]
31 o README.md: fix no-consecutive-blank-lines Codacy warning [22]
32 o VC15 project: remove MinimalRebuild
33 o VS projects: use Unicode for VC10+ [16]
34 o WRITEFUNCTION: add missing set_in_callback around callback [60]
35 o altsvc: Fix building with cookies disabled [38]
36 o auth: Rename the various authentication clean up functions [61]
37 o base64: build conditionally if there are users
38 o build-openssl.bat: Fixed support for OpenSSL v1.1.0+
39 o build: fix "clarify calculation precedence" warnings [63]
40 o checksrc.bat: ignore snprintf warnings in docs/examples [67]
41 o cirrus: Customize the disabled tests per FreeBSD version
42 o cleanup: remove FIXME and TODO comments [81]
43 o cmake: avoid linking executable for some tests with cmake 3.6+ [18]
44 o cmake: clear CMAKE_REQUIRED_LIBRARIES after each use [19]
45 o cmake: rename CMAKE_USE_DARWINSSL to CMAKE_USE_SECTRANSP [46]
46 o cmake: set SSL_BACKENDS [12]
47 o configure: avoid unportable `==' test(1) operator [1]
48 o configure: error out if OpenSSL wasn't detected when asked for [74]
49 o configure: fix default location for fish completions [13]
50 o cookie: Guard against possible NULL ptr deref [42]
51 o curl: make code work with protocol-disabled libcurl [78]
52 o curl: report error for "--no-" on non-boolean options [86]
53 o curl_easy_getinfo.3: fix minor formatting mistake
54 o curlver.h: use parenthesis in CURL_VERSION_BITS macro [45]
55 o docs/BUG-BOUNTY: bug bounty time [48]
56 o docs/INSTALL: fix broken link [62]
57 o docs/RELEASE-PROCEDURE: link to live iCalendar [79]
58 o documentation: Fix several typos [7]
59 o doh: acknowledge CURL_DISABLE_DOH
60 o doh: disable DOH for the cases it doesn't work [66]
61 o examples: remove unused variables [88]
62 o ftplistparser: fix LGTM alert "Empty block without comment" [14]
63 o hostip: acknowledge CURL_DISABLE_SHUFFLE_DNS [78]
64 o http: Ignore HTTP/2 prior knowledge setting for HTTP proxies [54]
65 o http: acknowledge CURL_DISABLE_HTTP_AUTH
66 o http: mark bundle as not for multiuse on < HTTP/2 response [41]
67 o http_digest: Don't expose functions when HTTP and Crypto Auth are disabled [65]
68 o http_negotiate: do not treat failure of gss_init_sec_context() as fatal [53]
69 o http_ntlm: Corrected the name of the include guard [64]
70 o http_ntlm_wb: Handle auth for only a single request [77]
71 o http_ntlm_wb: Return the correct error on receiving an empty auth message [77]
72 o lib509: add missing include for strdup [22]
73 o lib557: initialize variables [22]
74 o makedebug: Fix ERRORLEVEL detection after running where.exe [58]
75 o mbedtls: enable use of EC keys [85]
76 o mime: acknowledge CURL_DISABLE_MIME
77 o multi: improved HTTP_1_1_REQUIRED handling [2]
78 o netrc: acknowledge CURL_DISABLE_NETRC [78]
79 o nss: allow fifos and character devices for certificates [56]
80 o nss: provide more specific error messages on failed init [43]
81 o ntlm: Fix misaligned function comments for Curl_auth_ntlm_cleanup [70]
82 o ntlm: Support the NT response in the type-3 when OpenSSL doesn't include MD4
83 o openssl: mark connection for close on TLS close_notify [36]
84 o openvms: Remove pre-processor for SecureTransport [40]
85 o openvms: Remove pre-processors for Windows [40]
86 o parse_proxy: use the URL parser API [72]
87 o parsedate: disabled on CURL_DISABLE_PARSEDATE
88 o pingpong: disable more when no pingpong protocols are enabled
89 o polarssl_threadlock: remove conditionally unused code [22]
90 o progress: acknowledge CURL_DISABLE_PROGRESS_METER [78]
91 o proxy: acknowledge DISABLE_PROXY more
92 o resolve: apply Happy Eyeballs philosophy to parallel c-ares queries [3]
93 o revert "multi: support verbose conncache closure handle" [69]
94 o sasl: Don't send authcid as authzid for the PLAIN mechanism as per RFC 4616
95 o sasl: only enable if there's a protocol enabled using it
96 o scripts: fix typos
97 o singleipconnect: show port in the verbose "Trying ..." message
98 o smtp: fix compiler warning [15]
99 o socks5: user name and passwords must be shorter than 256 [8]
100 o socks: fix error message
101 o socksd: new SOCKS 4+5 server for tests [31]
102 o spnego_gssapi: fix return code on gss_init_sec_context() failure [53]
103 o ssh-libssh: remove unused variable [83]
104 o ssh: define USE_SSH if SSH is enabled (any backend) [57]
105 o ssh: move variable declaration to where it's used [83]
106 o test1002: correct the name
107 o test2100: Fix typos in test description
108 o tests/server/util: fix Windows Unicode build [21]
109 o tests: Run global cleanup at end of tests [29]
110 o tests: make Impacket (SMB server) Python 3 compatible [11]
111 o tool_cb_wrt: fix bad-function-cast warning [5]
112 o tool_formparse: remove redundant assignment [83]
113 o tool_help: Warn if curl and libcurl versions do not match [28]
114 o tool_help: include <strings.h> for strcasecmp [4]
115 o transfer: fix LGTM alert "Comparison is always true" [14]
116 o travis: add an osx http-only build [80]
117 o travis: allow builds on branches named "ci"
118 o travis: install dependencies only when needed [24]
119 o travis: update some builds do Xenial [30]
120 o travis: updated mesalink builds [35]
121 o url: always clone the CUROPT_CURLU handle [26]
122 o url: convert the zone id from a IPv6 URL to correct scope id [89]
123 o urlapi: add CURLUPART_ZONEID to set and get [59]
124 o urlapi: increase supported scheme length to 40 bytes [84]
125 o urlapi: require a non-zero host name length when parsing URL [73]
126 o urlapi: stricter CURLUPART_PORT parsing [33]
127 o urlapi: strip off zone id from numerical IPv6 addresses [49]
128 o urlapi: urlencode characters above 0x7f correctly [9]
129 o vauth/cleartext: update the PLAIN login to match RFC 4616 [27]
130 o vauth/oauth2: Fix OAUTHBEARER token generation [6]
131 o vauth: Fix incorrect function description for Curl_auth_user_contains_domain [68]
132 o vtls: fix potential ssl_buffer stack overflow [76]
133 o wildcard: disable from build when FTP isn't present
134 o winbuild: Support MultiSSL builds [34]
135 o xattr: skip unittest on unsupported platforms [20]
Lucas Eckels9bd90e62012-08-06 15:07:02 -0700[diff] [blame]136
137This release includes the following known bugs:
138
Alex Deymod15eaac2016-06-28 14:49:26 -0700[diff] [blame]139 o see docs/KNOWN_BUGS (https://curl.haxx.se/docs/knownbugs.html)
Lucas Eckels9bd90e62012-08-06 15:07:02 -0700[diff] [blame]140
141This release would not have looked like this without help, code, reports and
142advice from friends like these:
143
Haibo Huang34ab3462019-05-22 00:50:27 -0700[diff] [blame^]144 Aron Bergman, Brad Spencer, cclauss on github, Dan Fandrich,
145 Daniel Gustafsson, Daniel Stenberg, Eli Schwartz, Even Rouault,
146 Frank Gevaerts, Gisle Vanem, GitYuanQu on github, Guy Poizat, Isaiah Norton,
147 Jakub Zakrzewski, Jan Ehrhardt, Jeroen Ooms, Jonathan Cardoso Machado,
148 Jonathan Moerman, Joombalaya on github, Kamil Dudka, Kristoffer Gleditsch,
149 l00p3r on hackerone, Leonardo Taccari, Marcel Raad, Mert Yazıcıoğlu,
150 nevv on HackerOne/curl, niner on github, Olen Andoni, Omar Ramadan,
151 Paolo Mossino, Patrick Monnerat, Po-Chuan Hsieh, Poul T Lomholt, Ray Satiro,
152 Reed Loden, Ricardo Gomes, Ricky Leverence, Rikard Falkeborn, Roy Bellingan,
153 Simon Warta, Steve Holme, Taiyu Len, Tim Rühsen, Tom van der Woerdt,
154 Tseng Jun, Viktor Szakats, Wenchao Li, Wyatt O'Day, XmiliaH on github,
155 Yiming Jing,
156 (50 contributors)
Lucas Eckels9bd90e62012-08-06 15:07:02 -0700[diff] [blame]157
158 Thanks! (and sorry if I forgot to mention someone)
Bertrand SIMONNETe6cd7382015-07-01 15:39:44 -0700[diff] [blame]159
160References to bug reports and discussions on issues:
161
Haibo Huang34ab3462019-05-22 00:50:27 -0700[diff] [blame^]162 [1] = https://curl.haxx.se/bug/?i=3709
163 [2] = https://curl.haxx.se/bug/?i=3707
164 [3] = https://curl.haxx.se/bug/?i=3699
165 [4] = https://curl.haxx.se/bug/?i=3715
166 [5] = https://curl.haxx.se/bug/?i=3718
167 [6] = https://curl.haxx.se/bug/?i=2487
168 [7] = https://curl.haxx.se/bug/?i=3724
169 [8] = https://curl.haxx.se/bug/?i=3737
170 [9] = https://curl.haxx.se/bug/?i=3741
171 [10] = https://curl.haxx.se/bug/?i=3651
172 [11] = https://curl.haxx.se/bug/?i=3731
173 [12] = https://curl.haxx.se/bug/?i=3736
174 [13] = https://curl.haxx.se/bug/?i=3723
175 [14] = https://curl.haxx.se/bug/?i=3732
176 [15] = https://curl.haxx.se/bug/?i=3729
177 [16] = https://curl.haxx.se/bug/?i=3720
178 [17] = https://curl.haxx.se/bug/?i=3738
179 [18] = https://curl.haxx.se/bug/?i=3744
180 [19] = https://curl.haxx.se/bug/?i=3743
181 [20] = https://curl.haxx.se/bug/?i=3759
182 [21] = https://curl.haxx.se/bug/?i=3758
183 [22] = https://curl.haxx.se/bug/?i=3739
184 [23] = https://curl.haxx.se/bug/?i=3725
185 [24] = https://curl.haxx.se/bug/?i=3721
186 [25] = https://curl.haxx.se/bug/?i=3654
187 [26] = https://curl.haxx.se/bug/?i=3753
188 [27] = https://curl.haxx.se/bug/?i=3757
189 [28] = https://curl.haxx.se/bug/?i=3774
190 [29] = https://curl.haxx.se/bug/?i=3783
191 [30] = https://curl.haxx.se/bug/?i=3777
192 [31] = https://curl.haxx.se/bug/?i=3752
193 [32] = https://curl.haxx.se/bug/?i=3713
194 [33] = https://curl.haxx.se/bug/?i=3762
195 [34] = https://curl.haxx.se/bug/?i=3772
196 [35] = https://curl.haxx.se/bug/?i=3823
197 [36] = https://curl.haxx.se/bug/?i=3750
198 [37] = https://curl.haxx.se/bug/?i=3782
199 [38] = https://curl.haxx.se/bug/?i=3717
200 [39] = https://curl.haxx.se/mail/lib-2019-04/0052.html
201 [40] = https://curl.haxx.se/bug/?i=3768
202 [41] = https://curl.haxx.se/bug/?i=3813
203 [42] = https://curl.haxx.se/bug/?i=3820
204 [43] = https://curl.haxx.se/bug/?i=3808
205 [44] = https://curl.haxx.se/bug/?i=3805
206 [45] = https://curl.haxx.se/bug/?i=3809
207 [46] = https://curl.haxx.se/bug/?i=3769
208 [47] = https://curl.haxx.se/bug/?i=3801
209 [48] = https://curl.haxx.se/bug/?i=3488
210 [49] = https://curl.haxx.se/bug/?i=3817
211 [50] = https://curl.haxx.se/bug/?i=3833
212 [51] = https://curl.haxx.se/bug/?i=3829
213 [52] = https://curl.haxx.se/bug/?i=3537
214 [53] = https://curl.haxx.se/bug/?i=3726
215 [54] = https://curl.haxx.se/bug/?i=3570
216 [55] = https://curl.haxx.se/bug/?i=3771
217 [56] = https://curl.haxx.se/bug/?i=3807
218 [57] = https://curl.haxx.se/bug/?i=3846
219 [58] = https://curl.haxx.se/bug/?i=3838
220 [59] = https://curl.haxx.se/bug/?i=3834
221 [60] = https://curl.haxx.se/bug/?i=3837
222 [61] = https://curl.haxx.se/bug/?i=3869
223 [62] = https://curl.haxx.se/bug/?i=3818
224 [63] = https://curl.haxx.se/bug/?i=3866
225 [64] = https://curl.haxx.se/bug/?i=3867
226 [65] = https://curl.haxx.se/bug/?i=3861
227 [66] = https://curl.haxx.se/bug/?i=3850
228 [67] = https://curl.haxx.se/bug/?i=3862
229 [68] = https://curl.haxx.se/bug/?i=3860
230 [69] = https://curl.haxx.se/bug/?i=3856
231 [70] = https://curl.haxx.se/bug/?i=3858
232 [71] = https://curl.haxx.se/bug/?i=3885
233 [72] = https://curl.haxx.se/bug/?i=3878
234 [73] = https://curl.haxx.se/bug/?i=3880
235 [74] = https://curl.haxx.se/bug/?i=3824
236 [75] = https://curl.haxx.se/bug/?i=3711
237 [76] = https://curl.haxx.se/bug/?i=3863
238 [77] = https://curl.haxx.se/bug/?i=3894
239 [78] = https://curl.haxx.se/bug/?i=3844
240 [79] = https://curl.haxx.se/bug/?i=3895
241 [80] = https://curl.haxx.se/bug/?i=3887
242 [81] = https://curl.haxx.se/bug/?i=3876
243 [82] = https://curl.haxx.se/docs/CVE-2019-5436.html
244 [83] = https://curl.haxx.se/bug/?i=3873
245 [84] = https://curl.haxx.se/bug/?i=3905
246 [85] = https://curl.haxx.se/bug/?i=3892
247 [86] = https://curl.haxx.se/bug/?i=3906
248 [87] = https://curl.haxx.se/docs/CVE-2019-5435.html
249 [88] = https://curl.haxx.se/bug/?i=3908
250 [89] = https://curl.haxx.se/bug/?i=3902