| curl and libcurl 7.66.0 |
| |
| Public curl releases: 185 |
| Command line options: 225 |
| curl_easy_setopt() options: 269 |
| Public functions in libcurl: 81 |
| Contributors: 1991 |
| |
| This release includes the following changes: |
| |
| o CURLINFO_RETRY_AFTER: parse the Retry-After header value [35] |
| o HTTP3: initial (experimental still not working) support [5] |
| o curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the tool [27] |
| o curl: support parallel transfers with -Z [4] |
| o curl_multi_poll: a sister to curl_multi_wait() that waits more [28] |
| o sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID [27] |
| |
| This release includes the following bugfixes: |
| |
| o CVE-2019-5481: FTP-KRB double-free [64] |
| o CVE-2019-5482: TFTP small blocksize heap buffer overflow [65] |
| o CI: remove duplicate configure flag for LGTM.com |
| o CMake: remove needless newlines at end of gss variables |
| o CMake: use platform dependent name for dlopen() library [62] |
| o CURLINFO docs: mention that in redirects times are added [55] |
| o CURLOPT_ALTSVC.3: use a "" file name to not load from a file |
| o CURLOPT_ALTSVC_CTRL.3: remove CURLALTSVC_ALTUSED |
| o CURLOPT_HEADERFUNCTION.3: clarify [54] |
| o CURLOPT_HTTP_VERSION: seting this to 3 forces HTTP/3 use directly [33] |
| o CURLOPT_READFUNCTION.3: provide inline example |
| o CURLOPT_SSL_VERIFYHOST: treat the value 1 as 2 [51] |
| o Curl_addr2string: take an addrlen argument too [61] |
| o Curl_fillreadbuffer: avoid double-free trailer buf on error [66] |
| o HTTP: use chunked Transfer-Encoding for HTTP_POST if size unknown [10] |
| o alt-svc: add protocol version selection masking [31] |
| o alt-svc: fix removal of expired cache entry [30] |
| o alt-svc: make it use h3-22 with ngtcp2 as well |
| o alt-svc: more liberal ALPN name parsing [17] |
| o alt-svc: send Alt-Used: in redirected requests [32] |
| o alt-svc: with quiche, use the quiche h3 alpn string [16] |
| o appveyor: pass on -k to make |
| o asyn-thread: create a socketpair to wait on [14] |
| o build-openssl: fix build with Visual Studio 2019 [45] |
| o cleanup: move functions out of url.c and make them static [58] |
| o cleanup: remove the 'numsocks' argument used in many places [25] |
| o configure: avoid undefined check_for_ca_bundle [37] |
| o curl.h: add CURL_HTTP_VERSION_3 to the version enum |
| o curl.h: fix outdated comment [23] |
| o curl: cap the maximum allowed values for retry time arguments [13] |
| o curl: handle a libcurl build without netrc support [63] |
| o curl: make use of CURLINFO_RETRY_AFTER when retrying [35] |
| o curl: remove outdated comment [24] |
| o curl: use .curlrc (with a dot) on Windows [52] |
| o curl: use CURLINFO_PROTOCOL to check for HTTP(s) |
| o curl_global_init_mem.3: mention it was added in 7.12.0 |
| o curl_version: bump string buffer size to 250 |
| o curl_version_info.3: mentioned ALTSVC and HTTP3 |
| o curl_version_info: offer quic (and h3) library info [38] |
| o curl_version_info: provide nghttp2 details [2] |
| o defines: avoid underscore-prefixed defines [47] |
| o docs/ALTSVC: remove what works and the experimental explanation [34] |
| o docs/EXPERIMENTAL: explain what it means and what's experimental now |
| o docs/MANUAL.md: converted to markdown from plain text [3] |
| o docs/examples/curlx: fix errors [48] |
| o docs: s/curl_debug/curl_dbg_debug in comments and docs [36] |
| o easy: resize receive buffer on easy handle reset [9] |
| o examples: Avoid reserved names in hiperfifo examples [8] |
| o examples: add http3.c, altsvc.c and http3-present.c [40] |
| o getenv: support up to 4K environment variable contents on windows [21] |
| o http09: disable HTTP/0.9 by default in both tool and library [29] |
| o http2: when marked for closure and wanted to close == OK [56] |
| o http2_recv: trigger another read when the last data is returned [11] |
| o http: fix use of credentials from URL when using HTTP proxy [44] |
| o http_negotiate: improve handling of gss_init_sec_context() failures [18] |
| o md4: Use our own MD4 when no crypto libraries are available [15] |
| o multi: call detach_connection before Curl_disconnect [6] |
| o netrc: make the code try ".netrc" on Windows [52] |
| o nss: use TLSv1.3 as default if supported [39] |
| o openssl: build warning free with boringssl [50] |
| o openssl: use SSL_CTX_set_<min|max>_proto_version() when available [68] |
| o plan9: add support for running on Plan 9 [22] |
| o progress: reset download/uploaded counter between transfers [12] |
| o readwrite_data: repair setting the TIMER_STARTTRANSFER stamp [26] |
| o scp: fix directory name length used in memcpy [46] |
| o smb: init *msg to NULL in smb_send_and_recv() [60] |
| o smtp: check for and bail out on too short EHLO response [59] |
| o source: remove names from source comments [1] |
| o spnego_sspi: add typecast to fix build warning [49] |
| o src/makefile: fix uncompressed hugehelp.c generation [19] |
| o ssh-libssh: do not specify O_APPEND when not in append mode [7] |
| o ssh: move code into vssh for SSH backends [53] |
| o sspi: fix memory leaks [67] |
| o tests: Replace outdated test case numbering documentation [43] |
| o tftp: return error when packet is too small for options |
| o timediff: make it 64 bit (if possible) even with 32 bit time_t [20] |
| o travis: reduce number of torture tests in 'coverage' [42] |
| o url: make use of new HTTP version if alt-svc has one [16] |
| o urlapi: verify the IPv6 numerical address [69] |
| o urldata: avoid 'generic', use dedicated pointers [57] |
| o vauth: Use CURLE_AUTH_ERROR for auth function errors [41] |
| |
| This release includes the following known bugs: |
| |
| o see docs/KNOWN_BUGS (https://curl.haxx.se/docs/knownbugs.html) |
| |
| This release would not have looked like this without help, code, reports and |
| advice from friends like these: |
| |
| Alessandro Ghedini, Alex Mayorga, Amit Katyal, Balazs Kovacsics, |
| Brad Spencer, Brandon Dong, Carlo Marcelo Arenas Belón, Christopher Head, |
| Clément Notin, codesniffer13 on github, Daniel Gustafsson, Daniel Stenberg, |
| Dominik Hölzl, Eric Wong, Felix Hädicke, Gergely Nagy, Gisle Vanem, |
| Igor Makarov, Ironbars13 on github, Jason Lee, Jeremy Lainé, |
| Jonathan Cardoso Machado, Junho Choi, Kamil Dudka, Kyle Abramowitz, |
| Kyohei Kadota, Lance Ware, Marcel Raad, Max Dymond, Michael Lee, |
| Michal Čaplygin, migueljcrum on github, Mike Crowe, niallor on github, |
| osabc on github, patnyb on github, Patrick Monnerat, Peter Wu, Ray Satiro, |
| Rolf Eike Beer, Steve Holme, Tatsuhiro Tsujikawa, The Infinnovation team, |
| Thomas Vegas, Tom van der Woerdt, Yiming Jing, |
| (46 contributors) |
| |
| Thanks! (and sorry if I forgot to mention someone) |
| |
| References to bug reports and discussions on issues: |
| |
| [1] = https://curl.haxx.se/bug/?i=4129 |
| [2] = https://curl.haxx.se/bug/?i=4121 |
| [3] = https://curl.haxx.se/bug/?i=4131 |
| [4] = https://curl.haxx.se/bug/?i=3804 |
| [5] = https://curl.haxx.se/bug/?i=3500 |
| [6] = https://curl.haxx.se/bug/?i=4144 |
| [7] = https://curl.haxx.se/bug/?i=4147 |
| [8] = https://curl.haxx.se/bug/?i=4153 |
| [9] = https://curl.haxx.se/bug/?i=4143 |
| [10] = https://curl.haxx.se/bug/?i=4138 |
| [11] = https://curl.haxx.se/bug/?i=4043 |
| [12] = https://curl.haxx.se/bug/?i=4084 |
| [13] = https://curl.haxx.se/bug/?i=4166 |
| [14] = https://curl.haxx.se/bug/?i=4157 |
| [15] = https://curl.haxx.se/bug/?i=3780 |
| [16] = https://curl.haxx.se/bug/?i=4183 |
| [17] = https://curl.haxx.se/bug/?i=4182 |
| [18] = https://curl.haxx.se/bug/?i=3992 |
| [19] = https://curl.haxx.se/bug/?i=4176 |
| [20] = https://curl.haxx.se/bug/?i=4165 |
| [21] = https://curl.haxx.se/bug/?i=4174 |
| [22] = https://curl.haxx.se/bug/?i=3701 |
| [23] = https://curl.haxx.se/bug/?i=4167 |
| [24] = https://curl.haxx.se/bug/?i=4172 |
| [25] = https://curl.haxx.se/bug/?i=4169 |
| [26] = https://curl.haxx.se/bug/?i=4136 |
| [27] = https://curl.haxx.se/bug/?i=3653 |
| [28] = https://curl.haxx.se/bug/?i=4163 |
| [29] = https://curl.haxx.se/bug/?i=4191 |
| [30] = https://curl.haxx.se/bug/?i=4192 |
| [31] = https://curl.haxx.se/bug/?i=4201 |
| [32] = https://curl.haxx.se/bug/?i=4199 |
| [33] = https://curl.haxx.se/bug/?i=4197 |
| [34] = https://curl.haxx.se/bug/?i=4198 |
| [35] = https://curl.haxx.se/bug/?i=3794 |
| [36] = https://curl.haxx.se/bug/?i=3794 |
| [37] = https://curl.haxx.se/bug/?i=4213 |
| [38] = https://curl.haxx.se/bug/?i=4216 |
| [39] = https://curl.haxx.se/bug/?i=4187 |
| [40] = https://curl.haxx.se/bug/?i=4221 |
| [41] = https://curl.haxx.se/bug/?i=3848 |
| [42] = https://curl.haxx.se/bug/?i=4223 |
| [43] = https://curl.haxx.se/bug/?i=4227 |
| [44] = https://curl.haxx.se/bug/?i=4228 |
| [45] = https://curl.haxx.se/bug/?i=4188 |
| [46] = https://curl.haxx.se/bug/?i=4258 |
| [47] = https://curl.haxx.se/bug/?i=4254 |
| [48] = https://curl.haxx.se/bug/?i=4248 |
| [49] = https://curl.haxx.se/bug/?i=4245 |
| [50] = https://curl.haxx.se/bug/?i=4244 |
| [51] = https://curl.haxx.se/bug/?i=4241 |
| [52] = https://curl.haxx.se/bug/?i=4230 |
| [53] = https://curl.haxx.se/bug/?i=4235 |
| [54] = https://curl.haxx.se/bug/?i=4273 |
| [55] = https://curl.haxx.se/bug/?i=4250 |
| [56] = https://curl.haxx.se/bug/?i=4267 |
| [57] = https://curl.haxx.se/bug/?i=4290 |
| [58] = https://curl.haxx.se/bug/?i=4289 |
| [59] = https://curl.haxx.se/bug/?i=4287 |
| [60] = https://curl.haxx.se/bug/?i=4286 |
| [61] = https://curl.haxx.se/bug/?i=4283 |
| [62] = https://curl.haxx.se/bug/?i=4279 |
| [63] = https://curl.haxx.se/bug/?i=4302 |
| [64] = https://curl.haxx.se/docs/CVE-2019-5481.html |
| [65] = https://curl.haxx.se/docs/CVE-2019-5482.html |
| [66] = https://curl.haxx.se/bug/?i=4307 |
| [67] = https://curl.haxx.se/bug/?i=4299 |
| [68] = https://curl.haxx.se/bug/?i=4304 |
| [69] = https://curl.haxx.se/bug/?i=4315 |