summaryrefslogtreecommitdiff
path: root/RELEASE-NOTES
blob: 198ba1f85ef2533d3f65a085abd6ecb3cbb28ce5 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
Curl and libcurl 7.62.0

 Public curl releases:         177
 Command line options:         219
 curl_easy_setopt() options:   261
 Public functions in libcurl:  80
 Contributors:                 1787

This release includes the following changes:

 o multiplex: enable by default [4]
 o url: default to CURL_HTTP_VERSION_2TLS if built h2-enabled [4]
 o setopt: add CURLOPT_DOH_URL [7]
 o curl: --doh-url added [7]
 o setopt: add CURLOPT_UPLOAD_BUFFERSIZE: set upload buffer size [8]
 o imap: change from "FETCH" to "UID FETCH" [9]
 o configure: add option to disable automatic OpenSSL config loading [10]
 o upkeep: add a connection upkeep API: curl_easy_upkeep() [11]
 o URL-API: added five new functions [12]
 o vtls: MesaLink is a new TLS backend [23]

This release includes the following bugfixes:

 o CURLOPT_DNS_USE_GLOBAL_CACHE: deprecated [5]
 o Curl_dedotdotify(): always nul terminate returned string [46]
 o Curl_follow: Always free the passed new URL [87]
 o Curl_http2_done: fix memleak in error path [51]
 o Curl_retry_request: fix memory leak [49]
 o Curl_saferealloc: Fixed typo in docblock [40]
 o FILE: fix CURLOPT_NOBODY and CURLOPT_HEADER output [78]
 o GnutTLS: TLS 1.3 support [39]
 o SECURITY-PROCESS: mention the bountygraph program [42]
 o VS projects: add USE_IPV6: [91]
 o Windows: fixes for MinGW targeting Windows Vista [82]
 o anyauthput: fix compiler warning on 64-bit Windows [21]
 o appveyor: add WinSSL builds [81]
 o appveyor: run test suite (on Windows!) [65]
 o certs: generate tests certs with sha256 digest algorithm [37]
 o checksrc: enable strict mode and warnings [63]
 o checksrc: handle zero scoped ignore commands [62]
 o cmake: Backport to work with CMake 3.0 again [55]
 o cmake: Improve config installation [60]
 o cmake: disable -Wpedantic-ms-format [84]
 o cmake: don't require OpenSSL if USE_OPENSSL=OFF [35]
 o cmake: fixed path used in generation of docs/tests [56]
 o cmake: suppress MSVC warning C4127 for libtest
 o cmake: test and set missed defines during configuration [64]
 o comment: Fix multiple typos in function parameters [69]
 o config_win32: enable LDAPS [92]
 o configure: force-use -lpthreads on HPUX [41]
 o configure: s/AC_RUN_IFELSE/CURL_RUN_IFELSE [53]
 o cookies: Remove redundant expired check [14]
 o cookies: fix leak when writing cookies to file [15]
 o curl: enabled Windows VT Support and UTF-8 output [57]
 o curl: update the documentation of --tlsv1.0 [17]
 o curl_multi_wait: call getsock before figuring out timeout [34]
 o curl_ntlm_wb: check aprintf() return codes [75]
 o curl_threads: fix classic MinGW compile break [54]
 o darwinssl: Fix realloc memleak [32]
 o darwinssl: more specific and unified error codes [6]
 o data-binary.d: clarify default content-type is x-www-form-urlencoded [71]
 o docs/BUG-BOUNTY: explain the bounty program [76]
 o docs/CIPHERS: Mention the options used to set TLS 1.3 ciphers [89]
 o docs/CIPHERS: mention the colon separation for OpenSSL [73]
 o docs/examples: URL updates [45]
 o docs: add "see also" links for SSL options [85]
 o example/asiohiper: insert warning comment about its status [18]
 o example/htmltidy: fix include paths of tidy libraries [52]
 o examples/Makefile.m32: sync with core [44]
 o examples/http2-pushinmemory: receive HTTP/2 pushed files in memory [33]
 o examples/parseurl.c: show off the URL API [43]
 o examples: Fix memory leaks from realloc errors [31]
 o examples: do not wait when no transfers are running [16]
 o ftp: include command in Curl_ftpsend sendbuffer [25]
 o gskit: make sure to terminate version string [79]
 o hostip: fix check on Curl_shuffle_addr return value [77]
 o http2: fix memory leaks on error-path [29]
 o http: fix memleak in rewind error path [50]
 o krb5: fix memory leak in krb_auth [25]
 o ldap: show precise LDAP call in error message on Windows [83]
 o lib: fix gcc8 warning on Windows [20]
 o memory: add missing curl_printf header [30]
 o memory: ensure to check allocation results [68]
 o multi: fix memory leak in content encoding related error path [59]
 o multi: make the closure handle "inherit" CURLOPT_NOSIGNAL [90]
 o nss: fix nssckbi module loading on Windows [70]
 o nss: try to connect even if libnssckbi.so fails to load [36]
 o ntlm_wb: Fix memory leaks in ntlm_wb_response [24]
 o ntlm_wb: bail out if the response gets overly large [13]
 o openssl: assume engine support in 0.9.8 or later [27]
 o openssl: enable TLS 1.3 post-handshake auth [47]
 o openssl: fix gcc8 warning [19]
 o openssl: load built-in engines too [48]
 o openssl: return CURLE_PEER_FAILED_VERIFICATION on failure to parse issuer [6]
 o openssl: show "proper" version number for libressl builds [28]
 o pipelining: deprecated [1]
 o runtests: ignore disabled even when ranges are given [74]
 o runtests: skip ld_preload tests on macOS [80]
 o runtests: use Windows paths for Windows curl
 o schannel: unified error code handling [6]
 o sendf: Fix whitespace in infof/failf concatenation [26]
 o ssl: deprecate CURLE_SSL_CACERT in favour of a unified error code [6]
 o test1299: use single quotes around asterisk [72]
 o test1452: mark as flaky [2]
 o test320: strip out more HTML when comparing [66]
 o tests/negtelnetserver.py: fix Python2-ism in neg TELNET server [67]
 o tests: add unit tests for url.c [3]
 o timeval: fix use of weak symbol clock_gettime() on Apple platforms [61]
 o tool_cb_hdr: handle failure of rename() [94]
 o travis: add build for "configure --disable-verbose" [93]
 o travis: bump the Secure Transport build to use xcode [58]
 o travis: make distcheck scan for BOM markers [86]
 o urlglob: improve error message on bad globs [22]
 o vtls: fix ssl version "or later" behavior change for many backends [38]
 o x509asn1: Fix SAN IP address verification [88]
 o x509asn1: return CURLE_PEER_FAILED_VERIFICATION on failure to parse cert [6]

This release includes the following known bugs:

 o see docs/KNOWN_BUGS (https://curl.haxx.se/docs/knownbugs.html)

This release would not have looked like this without help, code, reports and
advice from friends like these:

  Brad King, Christian Heimes, Colin Hogben, Daniel Gustafsson, Daniel Shahaf,
  Daniel Stenberg, Dario Weißer, Dave Reisner, Dmitry Kostjuchenko,
  Doron Behar, Eason-Yu on github, Erik Minekus, Even Rouault, Gisle Vanem,
  Github user @jakirkham, Han Han, Harry Sintonen, Jean Fabrice, Jim Fuller,
  Kamil Dudka, Loganaden Velvindron, Marcel Raad, Marc Hörsken, Martin Ankerl,
  Matthew Whitehead, Max Dymond, Maxime Legros, Michael Kaufmann, Nate Prewitt,
  Nicklas Avén, Nick Zitzmann, Philipp Waehnert, Rainer Jung, Ray Satiro,
  Rich Turner, Rick Deist, Rikard Falkeborn, Ruslan Baratov, Sergei Nikulov,
  Shaun Jackman, Thomas Glanzmann, Viktor Szakats, Yiming Jing,
  (43 contributors)

        Thanks! (and sorry if I forgot to mention someone)

References to bug reports and discussions on issues:

 [1] = https://curl.haxx.se/bug/?i=2705
 [2] = https://curl.haxx.se/bug/?i=2941
 [3] = https://curl.haxx.se/bug/?i=2937
 [4] = https://curl.haxx.se/bug/?i=2709
 [5] = https://curl.haxx.se/bug/?i=2942
 [6] = https://curl.haxx.se/bug/?i=2901
 [7] = https://curl.haxx.se/bug/?i=2668
 [8] = https://curl.haxx.se/bug/?i=2896
 [9] = https://curl.haxx.se/bug/?i=2789
 [10] = https://curl.haxx.se/bug/?i=2724
 [11] = https://curl.haxx.se/bug/?i=1641
 [12] = https://curl.haxx.se/bug/?i=2842
 [13] = https://curl.haxx.se/bug/?i=2959
 [14] = https://curl.haxx.se/bug/?i=2962
 [15] = https://curl.haxx.se/bug/?i=2957
 [16] = https://curl.haxx.se/bug/?i=2948
 [17] = https://curl.haxx.se/bug/?i=2955
 [18] = https://curl.haxx.se/bug/?i=2407
 [19] = https://curl.haxx.se/bug/?i=2980
 [20] = https://curl.haxx.se/bug/?i=2979
 [21] = https://curl.haxx.se/bug/?i=2972
 [22] = https://curl.haxx.se/bug/?i=2763
 [23] = https://curl.haxx.se/bug/?i=2984
 [24] = https://curl.haxx.se/bug/?i=2966
 [25] = https://curl.haxx.se/bug/?i=2985
 [26] = https://curl.haxx.se/bug/?i=2986
 [27] = https://curl.haxx.se/bug/?i=2983
 [28] = https://curl.haxx.se/bug/?i=2989
 [29] = https://curl.haxx.se/bug/?i=2992
 [30] = https://curl.haxx.se/bug/?i=2999
 [31] = https://curl.haxx.se/bug/?i=2991
 [32] = https://curl.haxx.se/bug/?i=3005
 [33] = https://curl.haxx.se/bug/?i=3004
 [34] = https://curl.haxx.se/bug/?i=2996
 [35] = https://curl.haxx.se/bug/?i=3001
 [36] = https://curl.haxx.se/bug/?i=3016
 [37] = https://curl.haxx.se/bug/?i=3014
 [38] = https://curl.haxx.se/bug/?i=2969
 [39] = https://curl.haxx.se/bug/?i=2971
 [40] = https://curl.haxx.se/bug/?i=3029
 [41] = https://curl.haxx.se/bug/?i=2697
 [42] = https://curl.haxx.se/bug/?i=3032
 [43] = https://curl.haxx.se/bug/?i=3030
 [44] = https://curl.haxx.se/bug/?i=3033
 [45] = https://curl.haxx.se/bug/?i=3036
 [46] = https://curl.haxx.se/bug/?i=3039
 [47] = https://curl.haxx.se/bug/?i=3026
 [48] = https://curl.haxx.se/bug/?i=3023
 [49] = https://curl.haxx.se/bug/?i=3042
 [50] = https://curl.haxx.se/bug/?i=3044
 [51] = https://curl.haxx.se/bug/?i=3046
 [52] = https://curl.haxx.se/bug/?i=3050
 [53] = https://curl.haxx.se/bug/?i=3006
 [54] = https://github.com/curl/curl/issues/2924#issuecomment-424334807
 [55] = https://curl.haxx.se/bug/?i=3055
 [56] = https://curl.haxx.se/bug/?i=3056
 [57] = https://curl.haxx.se/bug/?i=3008
 [58] = https://curl.haxx.se/bug/?i=3062
 [59] = https://curl.haxx.se/bug/?i=3063
 [60] = https://curl.haxx.se/bug/?i=2849
 [61] = https://curl.haxx.se/bug/?i=3048
 [62] = https://curl.haxx.se/bug/?i=3096
 [63] = https://curl.haxx.se/bug/?i=3090
 [64] = https://curl.haxx.se/bug/?i=3097
 [65] = https://curl.haxx.se/bug/?i=3100
 [66] = https://curl.haxx.se/bug/?i=3093
 [67] = https://curl.haxx.se/bug/?i=2929
 [68] = https://curl.haxx.se/bug/?i=3084
 [69] = https://curl.haxx.se/bug/?i=3079
 [70] = https://curl.haxx.se/bug/?i=3086
 [71] = https://curl.haxx.se/bug/?i=3085
 [72] = https://github.com/curl/curl/issues/1751#issuecomment-321522580
 [73] = https://curl.haxx.se/bug/?i=3077
 [74] = https://curl.haxx.se/bug/?i=3075
 [75] = https://curl.haxx.se/bug/?i=3111
 [76] = https://curl.haxx.se/bug/?i=3067
 [77] = https://curl.haxx.se/bug/?i=3110
 [78] = https://curl.haxx.se/bug/?i=3083
 [79] = https://curl.haxx.se/bug/?i=3105
 [80] = https://curl.haxx.se/bug/?i=2394
 [81] = https://curl.haxx.se/bug/?i=3104
 [82] = https://curl.haxx.se/bug/?i=3113
 [83] = https://curl.haxx.se/bug/?i=3118
 [84] = https://curl.haxx.se/bug/?i=3120
 [85] = https://curl.haxx.se/bug/?i=3121
 [86] = https://curl.haxx.se/bug/?i=3126
 [87] = https://curl.haxx.se/bug/?i=3124
 [88] = https://curl.haxx.se/bug/?i=3102
 [89] = https://curl.haxx.se/bug/?i=3159
 [90] = https://curl.haxx.se/bug/?i=3138
 [91] = https://curl.haxx.se/bug/?i=3137
 [92] = https://curl.haxx.se/bug/?i=3137
 [93] = https://curl.haxx.se/bug/?i=3144
 [94] = https://curl.haxx.se/bug/?i=3140