RELEASE-NOTES 12.8 KB
Newer Older
Curl and libcurl 7.62.0
 Public curl releases:         177
Daniel Stenberg's avatar
Daniel Stenberg committed
 Command line options:         219
 curl_easy_setopt() options:   261
 Public functions in libcurl:  80
Daniel Stenberg's avatar
Daniel Stenberg committed
 Contributors:                 1808
This release includes the following changes:

Daniel Stenberg's avatar
Daniel Stenberg committed
 o multiplex: enable by default [4]
 o url: default to CURL_HTTP_VERSION_2TLS if built h2-enabled [4]
 o setopt: add CURLOPT_DOH_URL [7]
 o curl: --doh-url added [7]
 o setopt: add CURLOPT_UPLOAD_BUFFERSIZE: set upload buffer size [8]
 o imap: change from "FETCH" to "UID FETCH" [9]
 o configure: add option to disable automatic OpenSSL config loading [10]
 o upkeep: add a connection upkeep API: curl_easy_upkeep() [11]
 o URL-API: added five new functions [12]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o vtls: MesaLink is a new TLS backend [23]
This release includes the following bugfixes:

Daniel Stenberg's avatar
Daniel Stenberg committed
 o CVE-2018-16839: SASL password overflow via integer overflow [107]
 o CVE-2018-16840: use-after-free in handle close [108]
 o CVE-2018-16842: warning message out-of-buffer read [114]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o CURLOPT_DNS_USE_GLOBAL_CACHE: deprecated [5]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o Curl_dedotdotify(): always nul terminate returned string [46]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o Curl_follow: Always free the passed new URL [87]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o Curl_http2_done: fix memleak in error path [51]
 o Curl_retry_request: fix memory leak [49]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o Curl_saferealloc: Fixed typo in docblock [40]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o FILE: fix CURLOPT_NOBODY and CURLOPT_HEADER output [78]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o GnutTLS: TLS 1.3 support [39]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o SECURITY-PROCESS: mention the bountygraph program [42]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o VS projects: add USE_IPV6: [91]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o Windows: fixes for MinGW targeting Windows Vista [82]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o anyauthput: fix compiler warning on 64-bit Windows [21]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o appveyor: add WinSSL builds [81]
 o appveyor: run test suite (on Windows!) [65]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o certs: generate tests certs with sha256 digest algorithm [37]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o checksrc: enable strict mode and warnings [63]
 o checksrc: handle zero scoped ignore commands [62]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o cmake: Backport to work with CMake 3.0 again [55]
 o cmake: Improve config installation [60]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o cmake: add support for transitive ZLIB target [113]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o cmake: disable -Wpedantic-ms-format [84]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o cmake: don't require OpenSSL if USE_OPENSSL=OFF [35]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o cmake: fixed path used in generation of docs/tests [56]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o cmake: remove unused *SOCKLEN_T variables [102]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o cmake: suppress MSVC warning C4127 for libtest
 o cmake: test and set missed defines during configuration [64]
 o comment: Fix multiple typos in function parameters [69]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o config: Remove unused SIZEOF_VOIDP [104]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o config_win32: enable LDAPS [92]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o configure: force-use -lpthreads on HPUX [41]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o configure: remove CURL_CONFIGURE_CURL_SOCKLEN_T [101]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o configure: s/AC_RUN_IFELSE/CURL_RUN_IFELSE [53]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o cookies: Remove redundant expired check [14]
 o cookies: fix leak when writing cookies to file [15]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o curl-config.in: remove dependency on bc [99]
 o curl.1: --ipv6 mutexes ipv4 (fixed typo) [98]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o curl: enabled Windows VT Support and UTF-8 output [57]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o curl: update the documentation of --tlsv1.0 [17]
 o curl_multi_wait: call getsock before figuring out timeout [34]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o curl_ntlm_wb: check aprintf() return codes [75]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o curl_threads: fix classic MinGW compile break [54]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o darwinssl: Fix realloc memleak [32]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o darwinssl: more specific and unified error codes [6]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o data-binary.d: clarify default content-type is x-www-form-urlencoded [71]
 o docs/BUG-BOUNTY: explain the bounty program [76]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o docs/CIPHERS: Mention the options used to set TLS 1.3 ciphers [89]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o docs/CIPHERS: fix the TLS 1.3 cipher names [95]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o docs/CIPHERS: mention the colon separation for OpenSSL [73]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o docs/examples: URL updates [45]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o docs: add "see also" links for SSL options [85]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o example/asiohiper: insert warning comment about its status [18]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o example/htmltidy: fix include paths of tidy libraries [52]
 o examples/Makefile.m32: sync with core [44]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o examples/http2-pushinmemory: receive HTTP/2 pushed files in memory [33]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o examples/parseurl.c: show off the URL API [43]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o examples: Fix memory leaks from realloc errors [31]
 o examples: do not wait when no transfers are running [16]
 o ftp: include command in Curl_ftpsend sendbuffer [25]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o gskit: make sure to terminate version string [79]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o gtls: Values stored to but never read [97]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o hostip: fix check on Curl_shuffle_addr return value [77]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o http2: fix memory leaks on error-path [29]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o http: fix memleak in rewind error path [50]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o krb5: fix memory leak in krb_auth [25]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o ldap: show precise LDAP call in error message on Windows [83]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o lib: fix gcc8 warning on Windows [20]
 o memory: add missing curl_printf header [30]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o memory: ensure to check allocation results [68]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o multi: Fix error handling in the SENDPROTOCONNECT state [112]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o multi: fix memory leak in content encoding related error path [59]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o multi: make the closure handle "inherit" CURLOPT_NOSIGNAL [90]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o netrc: free temporary strings if memory allocation fails [103]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o nss: fix nssckbi module loading on Windows [70]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o nss: try to connect even if libnssckbi.so fails to load [36]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o ntlm_wb: Fix memory leaks in ntlm_wb_response [24]
 o ntlm_wb: bail out if the response gets overly large [13]
 o openssl: assume engine support in 0.9.8 or later [27]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o openssl: enable TLS 1.3 post-handshake auth [47]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o openssl: fix gcc8 warning [19]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o openssl: load built-in engines too [48]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o openssl: make 'done' a proper boolean [97]
 o openssl: output the correct cipher list on TLS 1.3 error [95]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o openssl: return CURLE_PEER_FAILED_VERIFICATION on failure to parse issuer [6]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o openssl: show "proper" version number for libressl builds [28]
 o pipelining: deprecated [1]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o rand: add comment to skip a clang-tidy false positive
Daniel Stenberg's avatar
Daniel Stenberg committed
 o rtmp: fix for compiling with lwIP [100]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o runtests: ignore disabled even when ranges are given [74]
 o runtests: skip ld_preload tests on macOS [80]
 o runtests: use Windows paths for Windows curl
Daniel Stenberg's avatar
Daniel Stenberg committed
 o schannel: unified error code handling [6]
 o sendf: Fix whitespace in infof/failf concatenation [26]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o ssh: free the session on init failures [96]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o ssl: deprecate CURLE_SSL_CACERT in favour of a unified error code [6]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o system.h: use proper setting with Sun C++ as well [109]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o test1299: use single quotes around asterisk [72]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o test1452: mark as flaky [2]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o test1651: unit test Curl_extract_certinfo() [110]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o test320: strip out more HTML when comparing [66]
 o tests/negtelnetserver.py: fix Python2-ism in neg TELNET server [67]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o tests: add unit tests for url.c [3]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o timeval: fix use of weak symbol clock_gettime() on Apple platforms [61]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o tool_cb_hdr: handle failure of rename() [94]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o travis: add a "make tidy" build that runs clang-tidy [105]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o travis: add build for "configure --disable-verbose" [93]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o travis: bump the Secure Transport build to use xcode [58]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o travis: make distcheck scan for BOM markers [86]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o unit1300: fix stack-use-after-scope AddressSanitizer warning [106]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o urldata: Fix "connecting" comment
Daniel Stenberg's avatar
Daniel Stenberg committed
 o urlglob: improve error message on bad globs [22]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o vtls: fix ssl version "or later" behavior change for many backends [38]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o x509asn1: Fix SAN IP address verification [88]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o x509asn1: always check return code from getASN1Element() [110]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o x509asn1: return CURLE_PEER_FAILED_VERIFICATION on failure to parse cert [6]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o x509asn1: suppress left shift on signed value [111]
This release includes the following known bugs:

 o see docs/KNOWN_BUGS (https://curl.haxx.se/docs/knownbugs.html)

This release would not have looked like this without help, code, reports and
advice from friends like these:

Daniel Stenberg's avatar
Daniel Stenberg committed
  Alexey Eremikhin, Brad King, Brian Carpenter, Christian Heimes, Colin Hogben,
Daniel Stenberg's avatar
Daniel Stenberg committed
  Daniel Gustafsson, Daniel Shahaf, Daniel Stenberg, Dario Weißer,
  Dave Reisner, Dima Pasechnik, Dmitry Kostjuchenko, Doron Behar,
Daniel Stenberg's avatar
Daniel Stenberg committed
  Eason-Yu on github, Erik Minekus, Even Rouault, Gisle Vanem, Han Han,
  Harry Sintonen, jakirkham on github, Jean Fabrice, Jim Fuller, Kamil Dudka,
  Loganaden Velvindron, Marcel Raad, Marc Hörsken, Martin Ankerl,
Daniel Stenberg's avatar
Daniel Stenberg committed
  Matthew Whitehead, Max Dymond, Maxime Legros, Michael Kaufmann, Nate Prewitt,
Daniel Stenberg's avatar
Daniel Stenberg committed
  Nicklas Avén, Nick Zitzmann, Patrick Monnerat, Philipp Waehnert, Rainer Jung,
  Ray Satiro, Rich Turner, Rick Deist, Ricky-Tigg on github, Rikard Falkeborn,
  Ruslan Baratov, Sergei Nikulov, Shaun Jackman, Thomas Glanzmann, Tuomo Rinne,
Daniel Stenberg's avatar
Daniel Stenberg committed
  Viktor Szakats, Yiming Jing,
Daniel Stenberg's avatar
Daniel Stenberg committed
  (49 contributors)
        Thanks! (and sorry if I forgot to mention someone)

References to bug reports and discussions on issues:

Daniel Stenberg's avatar
Daniel Stenberg committed
 [1] = https://curl.haxx.se/bug/?i=2705
 [2] = https://curl.haxx.se/bug/?i=2941
 [3] = https://curl.haxx.se/bug/?i=2937
 [4] = https://curl.haxx.se/bug/?i=2709
 [5] = https://curl.haxx.se/bug/?i=2942
 [6] = https://curl.haxx.se/bug/?i=2901
 [7] = https://curl.haxx.se/bug/?i=2668
 [8] = https://curl.haxx.se/bug/?i=2896
 [9] = https://curl.haxx.se/bug/?i=2789
 [10] = https://curl.haxx.se/bug/?i=2724
 [11] = https://curl.haxx.se/bug/?i=1641
 [12] = https://curl.haxx.se/bug/?i=2842
Daniel Stenberg's avatar
Daniel Stenberg committed
 [13] = https://curl.haxx.se/bug/?i=2959
 [14] = https://curl.haxx.se/bug/?i=2962
 [15] = https://curl.haxx.se/bug/?i=2957
 [16] = https://curl.haxx.se/bug/?i=2948
 [17] = https://curl.haxx.se/bug/?i=2955
 [18] = https://curl.haxx.se/bug/?i=2407
 [19] = https://curl.haxx.se/bug/?i=2980
 [20] = https://curl.haxx.se/bug/?i=2979
 [21] = https://curl.haxx.se/bug/?i=2972
 [22] = https://curl.haxx.se/bug/?i=2763
 [23] = https://curl.haxx.se/bug/?i=2984
 [24] = https://curl.haxx.se/bug/?i=2966
 [25] = https://curl.haxx.se/bug/?i=2985
 [26] = https://curl.haxx.se/bug/?i=2986
 [27] = https://curl.haxx.se/bug/?i=2983
 [28] = https://curl.haxx.se/bug/?i=2989
 [29] = https://curl.haxx.se/bug/?i=2992
 [30] = https://curl.haxx.se/bug/?i=2999
 [31] = https://curl.haxx.se/bug/?i=2991
 [32] = https://curl.haxx.se/bug/?i=3005
 [33] = https://curl.haxx.se/bug/?i=3004
 [34] = https://curl.haxx.se/bug/?i=2996
 [35] = https://curl.haxx.se/bug/?i=3001
Daniel Stenberg's avatar
Daniel Stenberg committed
 [36] = https://curl.haxx.se/bug/?i=3016
 [37] = https://curl.haxx.se/bug/?i=3014
 [38] = https://curl.haxx.se/bug/?i=2969
 [39] = https://curl.haxx.se/bug/?i=2971
 [40] = https://curl.haxx.se/bug/?i=3029
 [41] = https://curl.haxx.se/bug/?i=2697
Daniel Stenberg's avatar
Daniel Stenberg committed
 [42] = https://curl.haxx.se/bug/?i=3032
 [43] = https://curl.haxx.se/bug/?i=3030
 [44] = https://curl.haxx.se/bug/?i=3033
 [45] = https://curl.haxx.se/bug/?i=3036
 [46] = https://curl.haxx.se/bug/?i=3039
 [47] = https://curl.haxx.se/bug/?i=3026
 [48] = https://curl.haxx.se/bug/?i=3023
 [49] = https://curl.haxx.se/bug/?i=3042
 [50] = https://curl.haxx.se/bug/?i=3044
 [51] = https://curl.haxx.se/bug/?i=3046
Daniel Stenberg's avatar
Daniel Stenberg committed
 [52] = https://curl.haxx.se/bug/?i=3050
 [53] = https://curl.haxx.se/bug/?i=3006
 [54] = https://github.com/curl/curl/issues/2924#issuecomment-424334807
 [55] = https://curl.haxx.se/bug/?i=3055
 [56] = https://curl.haxx.se/bug/?i=3056
 [57] = https://curl.haxx.se/bug/?i=3008
 [58] = https://curl.haxx.se/bug/?i=3062
 [59] = https://curl.haxx.se/bug/?i=3063
 [60] = https://curl.haxx.se/bug/?i=2849
Daniel Stenberg's avatar
Daniel Stenberg committed
 [61] = https://curl.haxx.se/bug/?i=3048
 [62] = https://curl.haxx.se/bug/?i=3096
 [63] = https://curl.haxx.se/bug/?i=3090
 [64] = https://curl.haxx.se/bug/?i=3097
 [65] = https://curl.haxx.se/bug/?i=3100
 [66] = https://curl.haxx.se/bug/?i=3093
 [67] = https://curl.haxx.se/bug/?i=2929
 [68] = https://curl.haxx.se/bug/?i=3084
 [69] = https://curl.haxx.se/bug/?i=3079
 [70] = https://curl.haxx.se/bug/?i=3086
 [71] = https://curl.haxx.se/bug/?i=3085
 [72] = https://github.com/curl/curl/issues/1751#issuecomment-321522580
 [73] = https://curl.haxx.se/bug/?i=3077
 [74] = https://curl.haxx.se/bug/?i=3075
Daniel Stenberg's avatar
Daniel Stenberg committed
 [75] = https://curl.haxx.se/bug/?i=3111
 [76] = https://curl.haxx.se/bug/?i=3067
 [77] = https://curl.haxx.se/bug/?i=3110
 [78] = https://curl.haxx.se/bug/?i=3083
 [79] = https://curl.haxx.se/bug/?i=3105
 [80] = https://curl.haxx.se/bug/?i=2394
 [81] = https://curl.haxx.se/bug/?i=3104
Daniel Stenberg's avatar
Daniel Stenberg committed
 [82] = https://curl.haxx.se/bug/?i=3113
 [83] = https://curl.haxx.se/bug/?i=3118
 [84] = https://curl.haxx.se/bug/?i=3120
 [85] = https://curl.haxx.se/bug/?i=3121
 [86] = https://curl.haxx.se/bug/?i=3126
 [87] = https://curl.haxx.se/bug/?i=3124
 [88] = https://curl.haxx.se/bug/?i=3102
Daniel Stenberg's avatar
Daniel Stenberg committed
 [89] = https://curl.haxx.se/bug/?i=3159
 [90] = https://curl.haxx.se/bug/?i=3138
 [91] = https://curl.haxx.se/bug/?i=3137
 [92] = https://curl.haxx.se/bug/?i=3137
 [93] = https://curl.haxx.se/bug/?i=3144
 [94] = https://curl.haxx.se/bug/?i=3140
Daniel Stenberg's avatar
Daniel Stenberg committed
 [95] = https://curl.haxx.se/bug/?i=3178
 [96] = https://curl.haxx.se/bug/?i=3179
 [97] = https://curl.haxx.se/bug/?i=3176
 [98] = https://curl.haxx.se/bug/?i=3171
 [99] = https://curl.haxx.se/bug/?i=3143
 [100] = https://curl.haxx.se/bug/?i=3155
 [101] = https://curl.haxx.se/bug/?i=3168
 [102] = https://curl.haxx.se/bug/?i=3166
 [103] = https://curl.haxx.se/bug/?i=3122
 [104] = https://curl.haxx.se/bug/?i=3162
Daniel Stenberg's avatar
Daniel Stenberg committed
 [105] = https://curl.haxx.se/bug/?i=3182
 [106] = https://curl.haxx.se/bug/?i=3182
 [107] = https://curl.haxx.se/docs/CVE-2018-16839.html
 [108] = https://curl.haxx.se/docs/CVE-2018-16840.html
 [109] = https://curl.haxx.se/bug/?i=3181
 [110] = https://curl.haxx.se/bug/?i=3163
 [111] = https://curl.haxx.se/bug/?i=3163
 [112] = https://curl.haxx.se/bug/?i=3170
 [113] = https://curl.haxx.se/bug/?i=3123
 [114] = https://curl.haxx.se/docs/CVE-2018-16842.html