🠰 7.61.1 all changes 7.63.0 🠲
Changes in 7.62.0 - October 31 2018
Changes:
- multiplex: enable by default
- url: default to CURL_HTTP_VERSION_2TLS if built h2-enabled
- setopt: add CURLOPT_DOH_URL
- curl: --doh-url added
- setopt: add CURLOPT_UPLOAD_BUFFERSIZE: set upload buffer size
- imap: change from "FETCH" to "UID FETCH"
- configure: add option to disable automatic OpenSSL config loading
- upkeep: add a connection upkeep API: curl_easy_upkeep()
- URL-API: added five new functions
- vtls: MesaLink is a new TLS backend
Bugfixes:
- CVE-2018-16839: SASL password overflow via integer overflow
- CVE-2018-16840: use-after-free in handle close
- CVE-2018-16842: warning message out-of-buffer read
- CURLOPT_DNS_USE_GLOBAL_CACHE: deprecated
- Curl_dedotdotify(): always nul terminate returned string
- Curl_follow: Always free the passed new URL
- Curl_http2_done: fix memleak in error path
- Curl_retry_request: fix memory leak
- Curl_saferealloc: Fixed typo in docblock
- FILE: fix CURLOPT_NOBODY and CURLOPT_HEADER output
- GnutTLS: TLS 1.3 support
- SECURITY-PROCESS: mention the bountygraph program
- VS projects: add USE_IPV6:
- Windows: fixes for MinGW targeting Windows Vista
- anyauthput: fix compiler warning on 64-bit Windows
- appveyor: add WinSSL builds
- appveyor: run test suite (on Windows!)
- certs: generate tests certs with sha256 digest algorithm
- checksrc: enable strict mode and warnings
- checksrc: handle zero scoped ignore commands
- cmake: Backport to work with CMake 3.0 again
- cmake: Improve config installation
- cmake: add support for transitive ZLIB target
- cmake: disable -Wpedantic-ms-format
- cmake: don't require OpenSSL if USE_OPENSSL=OFF
- cmake: fixed path used in generation of docs/tests
- cmake: remove unused *SOCKLEN_T variables
- cmake: suppress MSVC warning C4127 for libtest
- cmake: test and set missed defines during configuration
- comment: Fix multiple typos in function parameters
- config: Remove unused SIZEOF_VOIDP
- config_win32: enable LDAPS
- configure: force-use -lpthreads on HPUX
- configure: remove CURL_CONFIGURE_CURL_SOCKLEN_T
- configure: s/AC_RUN_IFELSE/CURL_RUN_IFELSE
- cookies: Remove redundant expired check
- cookies: fix leak when writing cookies to file
- curl-config.in: remove dependency on bc
- curl.1: --ipv6 mutexes ipv4 (fixed typo)
- curl: enabled Windows VT Support and UTF-8 output
- curl: update the documentation of --tlsv1.0
- curl_multi_wait: call getsock before figuring out timeout
- curl_ntlm_wb: check aprintf() return codes
- curl_threads: fix classic MinGW compile break
- darwinssl: Fix realloc memleak
- darwinssl: more specific and unified error codes
- data-binary.d: clarify default content-type is x-www-form-urlencoded
- docs/BUG-BOUNTY: explain the bounty program
- docs/CIPHERS: Mention the options used to set TLS 1.3 ciphers
- docs/CIPHERS: fix the TLS 1.3 cipher names
- docs/CIPHERS: mention the colon separation for OpenSSL
- docs/examples: URL updates
- docs: add "see also" links for SSL options
- example/asiohiper: insert warning comment about its status
- example/htmltidy: fix include paths of tidy libraries
- examples/Makefile.m32: sync with core
- examples/http2-pushinmemory: receive HTTP/2 pushed files in memory
- examples/parseurl.c: show off the URL API
- examples: Fix memory leaks from realloc errors
- examples: do not wait when no transfers are running
- ftp: include command in Curl_ftpsend sendbuffer
- gskit: make sure to terminate version string
- gtls: Values stored to but never read
- hostip: fix check on Curl_shuffle_addr return value
- http2: fix memory leaks on error-path
- http: fix memleak in rewind error path
- krb5: fix memory leak in krb_auth
- ldap: show precise LDAP call in error message on Windows
- lib: fix gcc8 warning on Windows
- memory: add missing curl_printf header
- memory: ensure to check allocation results
- multi: Fix error handling in the SENDPROTOCONNECT state
- multi: fix memory leak in content encoding related error path
- multi: make the closure handle "inherit" CURLOPT_NOSIGNAL
- netrc: free temporary strings if memory allocation fails
- nss: fix nssckbi module loading on Windows
- nss: try to connect even if libnssckbi.so fails to load
- ntlm_wb: Fix memory leaks in ntlm_wb_response
- ntlm_wb: bail out if the response gets overly large
- openssl: assume engine support in 0.9.8 or later
- openssl: enable TLS 1.3 post-handshake auth
- openssl: fix gcc8 warning
- openssl: load built-in engines too
- openssl: make 'done' a proper boolean
- openssl: output the correct cipher list on TLS 1.3 error
- openssl: return CURLE_PEER_FAILED_VERIFICATION on failure to parse issuer
- openssl: show "proper" version number for libressl builds
- pipelining: deprecated
- rand: add comment to skip a clang-tidy false positive
- rtmp: fix for compiling with lwIP
- runtests: ignore disabled even when ranges are given
- runtests: skip ld_preload tests on macOS
- runtests: use Windows paths for Windows curl
- schannel: unified error code handling
- sendf: Fix whitespace in infof/failf concatenation
- ssh: free the session on init failures
- ssl: deprecate CURLE_SSL_CACERT in favour of a unified error code
- system.h: use proper setting with Sun C++ as well
- test1299: use single quotes around asterisk
- test1452: mark as flaky
- test1651: unit test Curl_extract_certinfo()
- test320: strip out more HTML when comparing
- tests/negtelnetserver.py: fix Python2-ism in neg TELNET server
- tests: add unit tests for url.c
- timeval: fix use of weak symbol clock_gettime() on Apple platforms
- tool_cb_hdr: handle failure of rename()
- travis: add a "make tidy" build that runs clang-tidy
- travis: add build for "configure --disable-verbose"
- travis: bump the Secure Transport build to use xcode
- travis: make distcheck scan for BOM markers
- unit1300: fix stack-use-after-scope AddressSanitizer warning
- urldata: Fix "connecting" comment
- urlglob: improve error message on bad globs
- vtls: fix ssl version "or later" behavior change for many backends
- x509asn1: Fix SAN IP address verification
- x509asn1: always check return code from getASN1Element()
- x509asn1: return CURLE_PEER_FAILED_VERIFICATION on failure to parse cert
- x509asn1: suppress left shift on signed value