From f83b2f1ae1550ee490723182f2441ee4dfa5d725 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Thu, 12 Sep 2019 09:48:00 +0200 Subject: [PATCH] RELEASE-NOTES: synced --- RELEASE-NOTES | 187 +++++--------------------------------------------- 1 file changed, 16 insertions(+), 171 deletions(-) diff --git a/RELEASE-NOTES b/RELEASE-NOTES index cd13827f5..1cef2280a 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -1,103 +1,22 @@ -curl and libcurl 7.66.0 +curl and libcurl 7.66.1 - Public curl releases: 185 + Public curl releases: 186 Command line options: 225 curl_easy_setopt() options: 269 Public functions in libcurl: 81 - Contributors: 1991 + Contributors: 2014 This release includes the following changes: - o CURLINFO_RETRY_AFTER: parse the Retry-After header value [35] - o HTTP3: initial (experimental still not working) support [5] - o curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the tool [27] - o curl: support parallel transfers with -Z [4] - o curl_multi_poll: a sister to curl_multi_wait() that waits more [28] - o sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID [27] + o This release includes the following bugfixes: - o CVE-2019-5481: FTP-KRB double-free [64] - o CVE-2019-5482: TFTP small blocksize heap buffer overflow [65] - o CI: remove duplicate configure flag for LGTM.com - o CMake: remove needless newlines at end of gss variables - o CMake: use platform dependent name for dlopen() library [62] - o CURLINFO docs: mention that in redirects times are added [55] - o CURLOPT_ALTSVC.3: use a "" file name to not load from a file - o CURLOPT_ALTSVC_CTRL.3: remove CURLALTSVC_ALTUSED - o CURLOPT_HEADERFUNCTION.3: clarify [54] - o CURLOPT_HTTP_VERSION: seting this to 3 forces HTTP/3 use directly [33] - o CURLOPT_READFUNCTION.3: provide inline example - o CURLOPT_SSL_VERIFYHOST: treat the value 1 as 2 [51] - o Curl_addr2string: take an addrlen argument too [61] - o Curl_fillreadbuffer: avoid double-free trailer buf on error [66] - o HTTP: use chunked Transfer-Encoding for HTTP_POST if size unknown [10] - o alt-svc: add protocol version selection masking [31] - o alt-svc: fix removal of expired cache entry [30] - o alt-svc: make it use h3-22 with ngtcp2 as well - o alt-svc: more liberal ALPN name parsing [17] - o alt-svc: send Alt-Used: in redirected requests [32] - o alt-svc: with quiche, use the quiche h3 alpn string [16] - o appveyor: pass on -k to make - o asyn-thread: create a socketpair to wait on [14] - o build-openssl: fix build with Visual Studio 2019 [45] - o cleanup: move functions out of url.c and make them static [58] - o cleanup: remove the 'numsocks' argument used in many places [25] - o configure: avoid undefined check_for_ca_bundle [37] - o curl.h: add CURL_HTTP_VERSION_3 to the version enum - o curl.h: fix outdated comment [23] - o curl: cap the maximum allowed values for retry time arguments [13] - o curl: handle a libcurl build without netrc support [63] - o curl: make use of CURLINFO_RETRY_AFTER when retrying [35] - o curl: remove outdated comment [24] - o curl: use .curlrc (with a dot) on Windows [52] - o curl: use CURLINFO_PROTOCOL to check for HTTP(s) - o curl_global_init_mem.3: mention it was added in 7.12.0 - o curl_version: bump string buffer size to 250 - o curl_version_info.3: mentioned ALTSVC and HTTP3 - o curl_version_info: offer quic (and h3) library info [38] - o curl_version_info: provide nghttp2 details [2] - o defines: avoid underscore-prefixed defines [47] - o docs/ALTSVC: remove what works and the experimental explanation [34] - o docs/EXPERIMENTAL: explain what it means and what's experimental now - o docs/MANUAL.md: converted to markdown from plain text [3] - o docs/examples/curlx: fix errors [48] - o docs: s/curl_debug/curl_dbg_debug in comments and docs [36] - o easy: resize receive buffer on easy handle reset [9] - o examples: Avoid reserved names in hiperfifo examples [8] - o examples: add http3.c, altsvc.c and http3-present.c [40] - o getenv: support up to 4K environment variable contents on windows [21] - o http09: disable HTTP/0.9 by default in both tool and library [29] - o http2: when marked for closure and wanted to close == OK [56] - o http2_recv: trigger another read when the last data is returned [11] - o http: fix use of credentials from URL when using HTTP proxy [44] - o http_negotiate: improve handling of gss_init_sec_context() failures [18] - o md4: Use our own MD4 when no crypto libraries are available [15] - o multi: call detach_connection before Curl_disconnect [6] - o netrc: make the code try ".netrc" on Windows [52] - o nss: use TLSv1.3 as default if supported [39] - o openssl: build warning free with boringssl [50] - o openssl: use SSL_CTX_set__proto_version() when available [68] - o plan9: add support for running on Plan 9 [22] - o progress: reset download/uploaded counter between transfers [12] - o readwrite_data: repair setting the TIMER_STARTTRANSFER stamp [26] - o scp: fix directory name length used in memcpy [46] - o smb: init *msg to NULL in smb_send_and_recv() [60] - o smtp: check for and bail out on too short EHLO response [59] - o source: remove names from source comments [1] - o spnego_sspi: add typecast to fix build warning [49] - o src/makefile: fix uncompressed hugehelp.c generation [19] - o ssh-libssh: do not specify O_APPEND when not in append mode [7] - o ssh: move code into vssh for SSH backends [53] - o sspi: fix memory leaks [67] - o tests: Replace outdated test case numbering documentation [43] - o tftp: return error when packet is too small for options - o timediff: make it 64 bit (if possible) even with 32 bit time_t [20] - o travis: reduce number of torture tests in 'coverage' [42] - o url: make use of new HTTP version if alt-svc has one [16] - o urlapi: verify the IPv6 numerical address [69] - o urldata: avoid 'generic', use dedicated pointers [57] - o vauth: Use CURLE_AUTH_ERROR for auth function errors [41] + o ldap: Stop using wide char version of ldapp_err2string [1] + o winbuild/MakefileBuild.vc: Fix line endings + o winbuild/MakefileBuild.vc: Add vssh [2] + o asyn-thread: s/AF_LOCAL/AF_UNIX for Solaris [3] + o setopt: make it easier to add new enum values [4] This release includes the following known bugs: @@ -106,89 +25,15 @@ This release includes the following known bugs: This release would not have looked like this without help, code, reports and advice from friends like these: - Alessandro Ghedini, Alex Mayorga, Amit Katyal, Balazs Kovacsics, - Brad Spencer, Brandon Dong, Carlo Marcelo Arenas Belón, Christopher Head, - Clément Notin, codesniffer13 on github, Daniel Gustafsson, Daniel Stenberg, - Dominik Hölzl, Eric Wong, Felix Hädicke, Gergely Nagy, Gisle Vanem, - Igor Makarov, Ironbars13 on github, Jason Lee, Jeremy Lainé, - Jonathan Cardoso Machado, Junho Choi, Kamil Dudka, Kyle Abramowitz, - Kyohei Kadota, Lance Ware, Marcel Raad, Max Dymond, Michael Lee, - Michal Čaplygin, migueljcrum on github, Mike Crowe, niallor on github, - osabc on github, patnyb on github, Patrick Monnerat, Peter Wu, Ray Satiro, - Rolf Eike Beer, Steve Holme, Tatsuhiro Tsujikawa, The Infinnovation team, - Thomas Vegas, Tom van der Woerdt, Yiming Jing, - (46 contributors) + Bernhard Walle, Dagobert Michelsen, Daniel Stenberg, Ray Satiro, + Zenju on github, + (5 contributors) Thanks! (and sorry if I forgot to mention someone) References to bug reports and discussions on issues: - [1] = https://curl.haxx.se/bug/?i=4129 - [2] = https://curl.haxx.se/bug/?i=4121 - [3] = https://curl.haxx.se/bug/?i=4131 - [4] = https://curl.haxx.se/bug/?i=3804 - [5] = https://curl.haxx.se/bug/?i=3500 - [6] = https://curl.haxx.se/bug/?i=4144 - [7] = https://curl.haxx.se/bug/?i=4147 - [8] = https://curl.haxx.se/bug/?i=4153 - [9] = https://curl.haxx.se/bug/?i=4143 - [10] = https://curl.haxx.se/bug/?i=4138 - [11] = https://curl.haxx.se/bug/?i=4043 - [12] = https://curl.haxx.se/bug/?i=4084 - [13] = https://curl.haxx.se/bug/?i=4166 - [14] = https://curl.haxx.se/bug/?i=4157 - [15] = https://curl.haxx.se/bug/?i=3780 - [16] = https://curl.haxx.se/bug/?i=4183 - [17] = https://curl.haxx.se/bug/?i=4182 - [18] = https://curl.haxx.se/bug/?i=3992 - [19] = https://curl.haxx.se/bug/?i=4176 - [20] = https://curl.haxx.se/bug/?i=4165 - [21] = https://curl.haxx.se/bug/?i=4174 - [22] = https://curl.haxx.se/bug/?i=3701 - [23] = https://curl.haxx.se/bug/?i=4167 - [24] = https://curl.haxx.se/bug/?i=4172 - [25] = https://curl.haxx.se/bug/?i=4169 - [26] = https://curl.haxx.se/bug/?i=4136 - [27] = https://curl.haxx.se/bug/?i=3653 - [28] = https://curl.haxx.se/bug/?i=4163 - [29] = https://curl.haxx.se/bug/?i=4191 - [30] = https://curl.haxx.se/bug/?i=4192 - [31] = https://curl.haxx.se/bug/?i=4201 - [32] = https://curl.haxx.se/bug/?i=4199 - [33] = https://curl.haxx.se/bug/?i=4197 - [34] = https://curl.haxx.se/bug/?i=4198 - [35] = https://curl.haxx.se/bug/?i=3794 - [36] = https://curl.haxx.se/bug/?i=3794 - [37] = https://curl.haxx.se/bug/?i=4213 - [38] = https://curl.haxx.se/bug/?i=4216 - [39] = https://curl.haxx.se/bug/?i=4187 - [40] = https://curl.haxx.se/bug/?i=4221 - [41] = https://curl.haxx.se/bug/?i=3848 - [42] = https://curl.haxx.se/bug/?i=4223 - [43] = https://curl.haxx.se/bug/?i=4227 - [44] = https://curl.haxx.se/bug/?i=4228 - [45] = https://curl.haxx.se/bug/?i=4188 - [46] = https://curl.haxx.se/bug/?i=4258 - [47] = https://curl.haxx.se/bug/?i=4254 - [48] = https://curl.haxx.se/bug/?i=4248 - [49] = https://curl.haxx.se/bug/?i=4245 - [50] = https://curl.haxx.se/bug/?i=4244 - [51] = https://curl.haxx.se/bug/?i=4241 - [52] = https://curl.haxx.se/bug/?i=4230 - [53] = https://curl.haxx.se/bug/?i=4235 - [54] = https://curl.haxx.se/bug/?i=4273 - [55] = https://curl.haxx.se/bug/?i=4250 - [56] = https://curl.haxx.se/bug/?i=4267 - [57] = https://curl.haxx.se/bug/?i=4290 - [58] = https://curl.haxx.se/bug/?i=4289 - [59] = https://curl.haxx.se/bug/?i=4287 - [60] = https://curl.haxx.se/bug/?i=4286 - [61] = https://curl.haxx.se/bug/?i=4283 - [62] = https://curl.haxx.se/bug/?i=4279 - [63] = https://curl.haxx.se/bug/?i=4302 - [64] = https://curl.haxx.se/docs/CVE-2019-5481.html - [65] = https://curl.haxx.se/docs/CVE-2019-5482.html - [66] = https://curl.haxx.se/bug/?i=4307 - [67] = https://curl.haxx.se/bug/?i=4299 - [68] = https://curl.haxx.se/bug/?i=4304 - [69] = https://curl.haxx.se/bug/?i=4315 + [1] = https://curl.haxx.se/bug/?i=4272 + [2] = https://curl.haxx.se/bug/?i=4322 + [3] = https://curl.haxx.se/bug/?i=4328 + [4] = https://curl.haxx.se/bug/?i=4321 -- 2.40.0