-curl and libcurl 7.66.0
+curl and libcurl 7.66.1
- Public curl releases: 185
+ Public curl releases: 186
Command line options: 225
curl_easy_setopt() options: 269
Public functions in libcurl: 81
- Contributors: 1991
+ Contributors: 2014
This release includes the following changes:
- o CURLINFO_RETRY_AFTER: parse the Retry-After header value [35]
- o HTTP3: initial (experimental still not working) support [5]
- o curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the tool [27]
- o curl: support parallel transfers with -Z [4]
- o curl_multi_poll: a sister to curl_multi_wait() that waits more [28]
- o sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID [27]
+ o
This release includes the following bugfixes:
- o CVE-2019-5481: FTP-KRB double-free [64]
- o CVE-2019-5482: TFTP small blocksize heap buffer overflow [65]
- o CI: remove duplicate configure flag for LGTM.com
- o CMake: remove needless newlines at end of gss variables
- o CMake: use platform dependent name for dlopen() library [62]
- o CURLINFO docs: mention that in redirects times are added [55]
- o CURLOPT_ALTSVC.3: use a "" file name to not load from a file
- o CURLOPT_ALTSVC_CTRL.3: remove CURLALTSVC_ALTUSED
- o CURLOPT_HEADERFUNCTION.3: clarify [54]
- o CURLOPT_HTTP_VERSION: seting this to 3 forces HTTP/3 use directly [33]
- o CURLOPT_READFUNCTION.3: provide inline example
- o CURLOPT_SSL_VERIFYHOST: treat the value 1 as 2 [51]
- o Curl_addr2string: take an addrlen argument too [61]
- o Curl_fillreadbuffer: avoid double-free trailer buf on error [66]
- o HTTP: use chunked Transfer-Encoding for HTTP_POST if size unknown [10]
- o alt-svc: add protocol version selection masking [31]
- o alt-svc: fix removal of expired cache entry [30]
- o alt-svc: make it use h3-22 with ngtcp2 as well
- o alt-svc: more liberal ALPN name parsing [17]
- o alt-svc: send Alt-Used: in redirected requests [32]
- o alt-svc: with quiche, use the quiche h3 alpn string [16]
- o appveyor: pass on -k to make
- o asyn-thread: create a socketpair to wait on [14]
- o build-openssl: fix build with Visual Studio 2019 [45]
- o cleanup: move functions out of url.c and make them static [58]
- o cleanup: remove the 'numsocks' argument used in many places [25]
- o configure: avoid undefined check_for_ca_bundle [37]
- o curl.h: add CURL_HTTP_VERSION_3 to the version enum
- o curl.h: fix outdated comment [23]
- o curl: cap the maximum allowed values for retry time arguments [13]
- o curl: handle a libcurl build without netrc support [63]
- o curl: make use of CURLINFO_RETRY_AFTER when retrying [35]
- o curl: remove outdated comment [24]
- o curl: use .curlrc (with a dot) on Windows [52]
- o curl: use CURLINFO_PROTOCOL to check for HTTP(s)
- o curl_global_init_mem.3: mention it was added in 7.12.0
- o curl_version: bump string buffer size to 250
- o curl_version_info.3: mentioned ALTSVC and HTTP3
- o curl_version_info: offer quic (and h3) library info [38]
- o curl_version_info: provide nghttp2 details [2]
- o defines: avoid underscore-prefixed defines [47]
- o docs/ALTSVC: remove what works and the experimental explanation [34]
- o docs/EXPERIMENTAL: explain what it means and what's experimental now
- o docs/MANUAL.md: converted to markdown from plain text [3]
- o docs/examples/curlx: fix errors [48]
- o docs: s/curl_debug/curl_dbg_debug in comments and docs [36]
- o easy: resize receive buffer on easy handle reset [9]
- o examples: Avoid reserved names in hiperfifo examples [8]
- o examples: add http3.c, altsvc.c and http3-present.c [40]
- o getenv: support up to 4K environment variable contents on windows [21]
- o http09: disable HTTP/0.9 by default in both tool and library [29]
- o http2: when marked for closure and wanted to close == OK [56]
- o http2_recv: trigger another read when the last data is returned [11]
- o http: fix use of credentials from URL when using HTTP proxy [44]
- o http_negotiate: improve handling of gss_init_sec_context() failures [18]
- o md4: Use our own MD4 when no crypto libraries are available [15]
- o multi: call detach_connection before Curl_disconnect [6]
- o netrc: make the code try ".netrc" on Windows [52]
- o nss: use TLSv1.3 as default if supported [39]
- o openssl: build warning free with boringssl [50]
- o openssl: use SSL_CTX_set_<min|max>_proto_version() when available [68]
- o plan9: add support for running on Plan 9 [22]
- o progress: reset download/uploaded counter between transfers [12]
- o readwrite_data: repair setting the TIMER_STARTTRANSFER stamp [26]
- o scp: fix directory name length used in memcpy [46]
- o smb: init *msg to NULL in smb_send_and_recv() [60]
- o smtp: check for and bail out on too short EHLO response [59]
- o source: remove names from source comments [1]
- o spnego_sspi: add typecast to fix build warning [49]
- o src/makefile: fix uncompressed hugehelp.c generation [19]
- o ssh-libssh: do not specify O_APPEND when not in append mode [7]
- o ssh: move code into vssh for SSH backends [53]
- o sspi: fix memory leaks [67]
- o tests: Replace outdated test case numbering documentation [43]
- o tftp: return error when packet is too small for options
- o timediff: make it 64 bit (if possible) even with 32 bit time_t [20]
- o travis: reduce number of torture tests in 'coverage' [42]
- o url: make use of new HTTP version if alt-svc has one [16]
- o urlapi: verify the IPv6 numerical address [69]
- o urldata: avoid 'generic', use dedicated pointers [57]
- o vauth: Use CURLE_AUTH_ERROR for auth function errors [41]
+ o ldap: Stop using wide char version of ldapp_err2string [1]
+ o winbuild/MakefileBuild.vc: Fix line endings
+ o winbuild/MakefileBuild.vc: Add vssh [2]
+ o asyn-thread: s/AF_LOCAL/AF_UNIX for Solaris [3]
+ o setopt: make it easier to add new enum values [4]
This release includes the following known bugs:
This release would not have looked like this without help, code, reports and
advice from friends like these:
- Alessandro Ghedini, Alex Mayorga, Amit Katyal, Balazs Kovacsics,
- Brad Spencer, Brandon Dong, Carlo Marcelo Arenas Belón, Christopher Head,
- Clément Notin, codesniffer13 on github, Daniel Gustafsson, Daniel Stenberg,
- Dominik Hölzl, Eric Wong, Felix Hädicke, Gergely Nagy, Gisle Vanem,
- Igor Makarov, Ironbars13 on github, Jason Lee, Jeremy Lainé,
- Jonathan Cardoso Machado, Junho Choi, Kamil Dudka, Kyle Abramowitz,
- Kyohei Kadota, Lance Ware, Marcel Raad, Max Dymond, Michael Lee,
- Michal Čaplygin, migueljcrum on github, Mike Crowe, niallor on github,
- osabc on github, patnyb on github, Patrick Monnerat, Peter Wu, Ray Satiro,
- Rolf Eike Beer, Steve Holme, Tatsuhiro Tsujikawa, The Infinnovation team,
- Thomas Vegas, Tom van der Woerdt, Yiming Jing,
- (46 contributors)
+ Bernhard Walle, Dagobert Michelsen, Daniel Stenberg, Ray Satiro,
+ Zenju on github,
+ (5 contributors)
Thanks! (and sorry if I forgot to mention someone)
References to bug reports and discussions on issues:
- [1] = https://curl.haxx.se/bug/?i=4129
- [2] = https://curl.haxx.se/bug/?i=4121
- [3] = https://curl.haxx.se/bug/?i=4131
- [4] = https://curl.haxx.se/bug/?i=3804
- [5] = https://curl.haxx.se/bug/?i=3500
- [6] = https://curl.haxx.se/bug/?i=4144
- [7] = https://curl.haxx.se/bug/?i=4147
- [8] = https://curl.haxx.se/bug/?i=4153
- [9] = https://curl.haxx.se/bug/?i=4143
- [10] = https://curl.haxx.se/bug/?i=4138
- [11] = https://curl.haxx.se/bug/?i=4043
- [12] = https://curl.haxx.se/bug/?i=4084
- [13] = https://curl.haxx.se/bug/?i=4166
- [14] = https://curl.haxx.se/bug/?i=4157
- [15] = https://curl.haxx.se/bug/?i=3780
- [16] = https://curl.haxx.se/bug/?i=4183
- [17] = https://curl.haxx.se/bug/?i=4182
- [18] = https://curl.haxx.se/bug/?i=3992
- [19] = https://curl.haxx.se/bug/?i=4176
- [20] = https://curl.haxx.se/bug/?i=4165
- [21] = https://curl.haxx.se/bug/?i=4174
- [22] = https://curl.haxx.se/bug/?i=3701
- [23] = https://curl.haxx.se/bug/?i=4167
- [24] = https://curl.haxx.se/bug/?i=4172
- [25] = https://curl.haxx.se/bug/?i=4169
- [26] = https://curl.haxx.se/bug/?i=4136
- [27] = https://curl.haxx.se/bug/?i=3653
- [28] = https://curl.haxx.se/bug/?i=4163
- [29] = https://curl.haxx.se/bug/?i=4191
- [30] = https://curl.haxx.se/bug/?i=4192
- [31] = https://curl.haxx.se/bug/?i=4201
- [32] = https://curl.haxx.se/bug/?i=4199
- [33] = https://curl.haxx.se/bug/?i=4197
- [34] = https://curl.haxx.se/bug/?i=4198
- [35] = https://curl.haxx.se/bug/?i=3794
- [36] = https://curl.haxx.se/bug/?i=3794
- [37] = https://curl.haxx.se/bug/?i=4213
- [38] = https://curl.haxx.se/bug/?i=4216
- [39] = https://curl.haxx.se/bug/?i=4187
- [40] = https://curl.haxx.se/bug/?i=4221
- [41] = https://curl.haxx.se/bug/?i=3848
- [42] = https://curl.haxx.se/bug/?i=4223
- [43] = https://curl.haxx.se/bug/?i=4227
- [44] = https://curl.haxx.se/bug/?i=4228
- [45] = https://curl.haxx.se/bug/?i=4188
- [46] = https://curl.haxx.se/bug/?i=4258
- [47] = https://curl.haxx.se/bug/?i=4254
- [48] = https://curl.haxx.se/bug/?i=4248
- [49] = https://curl.haxx.se/bug/?i=4245
- [50] = https://curl.haxx.se/bug/?i=4244
- [51] = https://curl.haxx.se/bug/?i=4241
- [52] = https://curl.haxx.se/bug/?i=4230
- [53] = https://curl.haxx.se/bug/?i=4235
- [54] = https://curl.haxx.se/bug/?i=4273
- [55] = https://curl.haxx.se/bug/?i=4250
- [56] = https://curl.haxx.se/bug/?i=4267
- [57] = https://curl.haxx.se/bug/?i=4290
- [58] = https://curl.haxx.se/bug/?i=4289
- [59] = https://curl.haxx.se/bug/?i=4287
- [60] = https://curl.haxx.se/bug/?i=4286
- [61] = https://curl.haxx.se/bug/?i=4283
- [62] = https://curl.haxx.se/bug/?i=4279
- [63] = https://curl.haxx.se/bug/?i=4302
- [64] = https://curl.haxx.se/docs/CVE-2019-5481.html
- [65] = https://curl.haxx.se/docs/CVE-2019-5482.html
- [66] = https://curl.haxx.se/bug/?i=4307
- [67] = https://curl.haxx.se/bug/?i=4299
- [68] = https://curl.haxx.se/bug/?i=4304
- [69] = https://curl.haxx.se/bug/?i=4315
+ [1] = https://curl.haxx.se/bug/?i=4272
+ [2] = https://curl.haxx.se/bug/?i=4322
+ [3] = https://curl.haxx.se/bug/?i=4328
+ [4] = https://curl.haxx.se/bug/?i=4321