Skip to content
RELEASE-NOTES 10.2 KiB
Newer Older
Daniel Stenberg's avatar
Daniel Stenberg committed
Curl and libcurl 7.61.1
Daniel Stenberg's avatar
Daniel Stenberg committed
 Public curl releases:         176
Daniel Stenberg's avatar
Daniel Stenberg committed
 Command line options:         218
 curl_easy_setopt() options:   258
 Public functions in libcurl:  74
Daniel Stenberg's avatar
Daniel Stenberg committed
 Contributors:                 1787
This release includes the following bugfixes:

Daniel Stenberg's avatar
Daniel Stenberg committed
 o security advisory (CVE-2018-14618): NTLM password overflow via integer overflow [73]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o CURLINFO_SIZE_UPLOAD: fix missing counter update [46]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o CURLOPT_ACCEPT_ENCODING.3: list them comma-separated
 o CURLOPT_SSL_CTX_FUNCTION.3: might cause accidental connection reuse [72]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o Curl_getoff_all_pipelines: improved for multiplexed [3]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o DEPRECATE: remove release date from 7.62.0
 o HTTP: Don't attempt to needlessly decompress redirect body [30]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o INTERNALS: require GnuTLS >= 2.11.3 [62]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o README.md: add LGTM.com code quality grade for C/C++ [42]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o SSLCERTS: improve the openssl command line
Daniel Stenberg's avatar
Daniel Stenberg committed
 o Silence GCC 8 cast-function-type warnings [47]
 o ares: check for NULL in completed-callback [3]
 o asyn-thread: Remove unused macro [40]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o auth: only pick CURLAUTH_BEARER if we *have* a Bearer token [15]
 o auth: pick Bearer authentication whenever a token is available [15]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o cmake: CMake config files are defining CURL_STATICLIB for static builds [54]
 o cmake: Respect BUILD_SHARED_LIBS [35]
 o cmake: Update scripts to use consistent style [9]
 o cmake: bumped minimum version to 3.4 [34]
 o cmake: link curl to the OpenSSL targets instead of lib absolute paths [34]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o configure: conditionally enable pedantic-errors [64]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o configure: fix for -lpthread detection with OpenSSL and pkg-config [38]
 o conn: remove the boolean 'inuse' field [3]
 o content_encoding: accept up to 4 unknown trailer bytes after raw deflate data [5]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o cookie tests: treat files as text
Daniel Stenberg's avatar
Daniel Stenberg committed
 o cookies: support creation-time attribute for cookies [75]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o curl: Fix segfault when -H @headerfile is empty [23]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o curl: add http code 408 to transient list for --retry [78]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o curl: fix time-of-check, time-of-use race in dir creation [71]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o curl: use Content-Disposition before the "URL end" for -OJ [29]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o curl: warn the user if a given file name looks like an option [56]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o curl_threads: silence bad-function-cast warning [69]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o darwinssl: add support for ALPN negotiation [7]
 o docs/CURLOPT_URL: fix indentation [20]
 o docs/CURLOPT_WRITEFUNCTION: size is always 1 [19]
 o docs/SECURITY-PROCESS: mention bounty, drop pre-notify
 o docs/examples: add hiperfifo example using linux epoll/timerfd [21]
 o docs: add disallow-username-in-url.d and haproxy-protocol.d to dist [50]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o docs: clarify NO_PROXY env variable functionality [70]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o docs: improved the manual pages of some callbacks [48]
 o docs: mention NULL is fine input to several functions [43]
 o formdata: Remove unused macro HTTPPOST_CONTENTTYPE_DEFAULT [40]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o gopher: Do not translate `?' to `%09' [67]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o header output: switch off all styles, not just unbold [8]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o hostip: fix unused variable warning
Daniel Stenberg's avatar
Daniel Stenberg committed
 o http2: Use correct format identifier for stream_id [77]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o http2: abort the send_callback if not setup yet [63]
 o http2: avoid set_stream_user_data() before stream is assigned [61]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o http2: check nghttp2_session_set_stream_user_data return code [55]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o http2: clear the drain counter in Curl_http2_done [27]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o http2: make sure to send after RST_STREAM [58]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o http2: separate easy handle from connections better [12]
 o http: fix for tiny "HTTP/0.9" response [51]
 o http_proxy: Remove unused macro SELECT_TIMEOUT [40]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o lib/Makefile: only do symbol hiding if told to [32]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o lib1502: fix memory leak in torture test [44]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o lib1522: fix curl_easy_setopt argument type
 o libcurl-thread.3: expand somewhat on the NO_SIGNAL motivation [66]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o mime: check Curl_rand_hex's return code [22]
 o multi: always do the COMPLETED procedure/state [3]
 o openssl: assume engine support in 1.0.0 or later [2]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o openssl: fix debug messages [39]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o projects: Improve Windows perl detection in batch scripts [49]
 o retry: return error if rewind was necessary but didn't happen [28]
 o reuse_conn(): memory leak - free old_conn->options [17]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o schannel: client certificate store opening fix [68]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o schannel: enable CALG_TLS1PRF for w32api >= 5.1
 o schannel: fix MinGW compile break [1]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o sftp: don't send post-qoute sequence when retrying a connection [79]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o smb: fix memory leak on early failure [26]
 o smb: fix memory-leak in URL parse error path [4]
 o smb_getsock: always wait for write socket too [11]
 o ssh-libssh: fix infinite connect loop on invalid private key [53]
 o ssh-libssh: reduce excessive verbose output about pubkey auth [53]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o ssh-libssh: use FALLTHROUGH to silence gcc8 [76]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o ssl: set engine implicitly when a PKCS#11 URI is provided [36]
 o sws: handle EINTR when calling select() [24]
 o system_win32: fix version checking [16]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o telnet: Remove unused macros TELOPTS and TELCMDS [40]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o test1143: disable MSYS2's POSIX path conversion [10]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o test1148: disable if decimal separator is not point [65]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o test1307: (fnmatch testing) disabled [31]
 o test1422: add required file feature [6]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o test1531: Add timeout [41]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o test1540: Remove unused macro TEST_HANG_TIMEOUT [40]
 o test214: disable MSYS2's POSIX path conversion for URL
 o test320: treat curl320.out file as binary [14]
 o tests/http_pipe.py: Use /usr/bin/env to find python
Daniel Stenberg's avatar
Daniel Stenberg committed
 o tests: Don't use Windows path %PWD for SSH tests [74]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o tests: fixes for Windows line endlings [13]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o tool_operate: Fix setting proxy TLS 1.3 ciphers
Daniel Stenberg's avatar
Daniel Stenberg committed
 o travis: build darwinssl on macos 10.12 to fix linker errors [33]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o travis: execute "set -eo pipefail" for coverage build [45]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o travis: run a 'make checksrc' too [25]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o travis: update to GCC-8 [52]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o travis: verify that man pages can be regenerated [50]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o upload: allocate upload buffer on-demand [60]
 o upload: change default UPLOAD_BUFSIZE to 64KB [60]
 o urldata: remove unused pipe_broke struct field [57]
 o vtls: reinstantiate engine on duplicated handles [59]
Daniel Stenberg's avatar
Daniel Stenberg committed
 o windows: implement send buffer tuning [37]
 o wolfSSL/CyaSSL: Fix memory leak in Curl_cyassl_random [18]
This release includes the following known bugs:

 o see docs/KNOWN_BUGS (https://curl.haxx.se/docs/knownbugs.html)

This release would not have looked like this without help, code, reports and
advice from friends like these:

Daniel Stenberg's avatar
Daniel Stenberg committed
  adnn on github, Anderson Toshiyuki Sasaki, Andrei Virtosu, Anton Gerasimov,
  Bas van Schaik, Carie Pointer, Christopher Head, clbr on github,
Daniel Stenberg's avatar
Daniel Stenberg committed
  Dan Fandrich, Daniel Gustafsson, Daniel Jeliński, Daniel Stenberg,
Daniel Stenberg's avatar
Daniel Stenberg committed
  Darío Hereñú, Even Rouault, Harry Sintonen, Ihor Karpenko, Jakub Zakrzewski,
  Jeffrey Walton, Jeroen Ooms, Johannes Schindelin, John Butterfield,
  Josh Bialkowski, Kamil Dudka, Kirill Marchuk, Laurent Bonnans,
  Leonardo Taccari, Marcel Raad, Markus Elfring, Michael Kaufmann,
Daniel Stenberg's avatar
Daniel Stenberg committed
  Nick Zitzmann, Nikos Mavrogiannopoulos, Patrick Monnerat, Paul Howarth,
Daniel Stenberg's avatar
Daniel Stenberg committed
  Przemysław Tomaszewski, pszemus on github, Ran Mozes, Ray Satiro,
  Rikard Falkeborn, Rodger Combs, Ruslan Baratov, Sergei Nikulov,
  Thomas Klausner, Tobias Blomberg, Viktor Szakats, Zero King, Zhaoyang Wu,
  (46 contributors)
        Thanks! (and sorry if I forgot to mention someone)

References to bug reports and discussions on issues:

Daniel Stenberg's avatar
Daniel Stenberg committed
 [1] = https://github.com/curl/curl/pull/2721#issuecomment-403636043
 [2] = https://curl.haxx.se/bug/?i=2732
 [3] = https://curl.haxx.se/bug/?i=2733
 [4] = https://curl.haxx.se/bug/?i=2740
 [5] = https://curl.haxx.se/bug/?i=2719
 [6] = https://curl.haxx.se/bug/?i=2741
 [7] = https://curl.haxx.se/bug/?i=2731
 [8] = https://curl.haxx.se/bug/?i=2736
 [9] = https://curl.haxx.se/bug/?i=2727
Daniel Stenberg's avatar
Daniel Stenberg committed
 [10] = https://curl.haxx.se/bug/?i=2765
 [11] = https://curl.haxx.se/bug/?i=2768
 [12] = https://curl.haxx.se/bug/?i=2751
 [13] = https://curl.haxx.se/bug/?i=2772
 [14] = https://curl.haxx.se/bug/?i=2776
 [15] = https://curl.haxx.se/bug/?i=2754
 [16] = https://curl.haxx.se/bug/?i=2792
 [17] = https://curl.haxx.se/bug/?i=2790
 [18] = https://curl.haxx.se/bug/?i=2784
 [19] = https://curl.haxx.se/bug/?i=2787
 [20] = https://curl.haxx.se/bug/?i=2788
 [21] = https://curl.haxx.se/bug/?i=2804
 [22] = https://curl.haxx.se/bug/?i=2795
 [23] = https://curl.haxx.se/bug/?i=2797
 [24] = https://curl.haxx.se/bug/?i=2808
 [25] = https://curl.haxx.se/bug/?i=2811
 [26] = https://curl.haxx.se/bug/?i=2769
 [27] = https://curl.haxx.se/bug/?i=2800
 [28] = https://curl.haxx.se/bug/?i=2801
 [29] = https://curl.haxx.se/bug/?i=2783
 [30] = https://curl.haxx.se/bug/?i=2798
Daniel Stenberg's avatar
Daniel Stenberg committed
 [31] = https://curl.haxx.se/bug/?i=2825
 [32] = https://curl.haxx.se/bug/?i=2830
 [33] = https://curl.haxx.se/bug/?i=2835
 [34] = https://curl.haxx.se/bug/?i=2753
 [35] = https://curl.haxx.se/bug/?i=2755
 [36] = https://curl.haxx.se/bug/?i=2333
 [37] = https://curl.haxx.se/mail/lib-2018-07/0080.html
Daniel Stenberg's avatar
Daniel Stenberg committed
 [38] = https://curl.haxx.se/bug/?i=2848
 [39] = https://curl.haxx.se/bug/?i=2806
 [40] = https://curl.haxx.se/bug/?i=2852
 [41] = https://curl.haxx.se/bug/?i=2853
 [42] = https://curl.haxx.se/bug/?i=2857
 [43] = https://curl.haxx.se/bug/?i=2837
 [44] = https://curl.haxx.se/bug/?i=2861
 [45] = https://curl.haxx.se/bug/?i=2862
Daniel Stenberg's avatar
Daniel Stenberg committed
 [46] = https://curl.haxx.se/bug/?i=2847
 [47] = https://curl.haxx.se/bug/?i=2860
 [48] = https://curl.haxx.se/bug/?i=2868
 [49] = https://curl.haxx.se/bug/?i=2865
 [50] = https://curl.haxx.se/bug/?i=2856
 [51] = https://curl.haxx.se/bug/?i=2420
 [52] = https://curl.haxx.se/bug/?i=2869
 [53] = https://curl.haxx.se/bug/?i=2879
 [54] = https://curl.haxx.se/bug/?i=2817
Daniel Stenberg's avatar
Daniel Stenberg committed
 [55] = https://curl.haxx.se/bug/?i=2880
 [56] = https://curl.haxx.se/bug/?i=2885
 [57] = https://curl.haxx.se/bug/?i=2871
 [58] = https://curl.haxx.se/bug/?i=2882
 [59] = https://curl.haxx.se/bug/?i=2829
 [60] = https://curl.haxx.se/bug/?i=2892
Daniel Stenberg's avatar
Daniel Stenberg committed
 [61] = https://curl.haxx.se/bug/?i=2894
 [62] = https://curl.haxx.se/bug/?i=2890
 [63] = https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10012
 [64] = https://curl.haxx.se/bug/?i=2747
 [65] = https://curl.haxx.se/bug/?i=2786
Daniel Stenberg's avatar
Daniel Stenberg committed
 [66] = https://curl.haxx.se/bug/?i=2904
 [67] = https://curl.haxx.se/bug/?i=2910
 [68] = https://curl.haxx.se/mail/lib-2018-08/0198.html
 [69] = https://curl.haxx.se/bug/?i=2908
 [70] = https://curl.haxx.se/bug/?i=2773
 [71] = https://curl.haxx.se/bug/?i=2739
 [72] = https://curl.haxx.se/bug/?i=2915
Daniel Stenberg's avatar
Daniel Stenberg committed
 [73] = https://curl.haxx.se/docs/CVE-2018-14618.html
 [74] = https://curl.haxx.se/bug/?i=2920
 [75] = https://curl.haxx.se/bug/?i=2524
 [76] = https://curl.haxx.se/bug/?i=2922
 [77] = https://curl.haxx.se/bug/?i=2928
 [78] = https://curl.haxx.se/bug/?i=2925
 [79] = https://curl.haxx.se/bug/?i=2939