cURL

Jarom

Jarom

Bardzo aktywny
Zasłużony
Dołączył
23 Wrzesień 2016
Posty
3893
Reakcje/Polubienia
1228
cURL 7.54.1

yxDkOR6.png


cURL – sieciowa biblioteka programistyczna, napisana w języku C, działająca po stronie klienta, z interfejsami dla ponad 30 innych języków. Umożliwia wysyłanie zapytań HTTP, w tym pobieranie z serwerów stron i plików, a także wysyłanie treści formularzy. Ułatwia tworzenie aplikacji korzystających z protokołu HTTP. Biblioteka cURL posiada ogromne możliwości, jej podstawowym zastosowaniem jest tworzenie sprzęgów w złożonych systemach opartych o technologie Webowe.

cURL obsługuje protokoły DICT, FILE, FTP, FTPS, Gopher, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, POP3, POP3S, RTMP, RTSP, SCP, SFTP, SMTP, SMTPS, Telnet oraz TFTP. Wspiera także mechanizmy takie jak: certyfikaty SSL, HTTP POST, HTTP PUT, upload FTP, wysyłanie formularzy HTTP, serwery proxy, HTTP cookie, Uwierzytelnianie (użytkownik+hasło), wznawiania transferu plików, tunelowanie proxy HTTP oraz wiele innych.

Biblioteka cURL udostępniana jest na licencji MIT.

Więcej:
Zaloguj lub Zarejestruj się aby zobaczyć!
Kliknij aby rozwinąć...
Źródło: wikipedia.org

Historia zmian:
Zaloguj lub Zarejestruj się aby zobaczyć!


Zaloguj lub Zarejestruj się aby zobaczyć!
 
Jarom

Jarom

Bardzo aktywny
Zasłużony
Dołączył
23 Wrzesień 2016
Posty
3893
Reakcje/Polubienia
1228
cURL 7.55.0
CHANGES:
  • curl: allow --header and --proxy-header read from file
  • getinfo: provide sizes as curl_off_t
  • curl: prevent binary output spewed to terminal
  • curl: added --request-target
  • libcurl: added CURLOPT_REQUEST_TARGET
  • curl: added --socks5-{basic,gssapi}: control socks5 auth
  • libcurl: added CURLOPT_SOCKS5_AUTH

BUGFIXES:
  • glob: do not parse after a strtoul() overflow range (CVE-2017-1000101)
  • tftp: reject file name lengths that don't fit (CVE-2017-1000100)
  • file: output the correct buffer to the user (CVE-2017-1000099)
  • includes: remove curl/curlbuild.h and curl/curlrules.h
  • dist: make the hugehelp.c not get regenerated unnecessarily
  • timers: store internal time stamps as time_t instead of doubles
  • progress: let "current speed" be UL + DL speeds combined
  • http-proxy: do the HTTP CONNECT process entirely non-blocking
  • lib/curl_setup.h: remove CURL_WANTS_CA_BUNDLE_ENV
  • fuzz: bring oss-fuzz initial code converted to C89
  • configure: disable nghttp2 too if HTTP has been disabled
  • mk-ca-bundle.pl: Check curl's exit code after certdata download
  • test1148: verify the -# progressbar
  • tests: stabilize test 2032 and 2033
  • HTTPS-Proxy: don't offer h2 for https proxy connections
  • http-proxy: only attempt FTP over HTTP proxy
  • curl-compilers.m4: enable vla warning for clang
  • curl-compilers.m4: enable double-promotion warning
  • curl-compilers.m4: enable missing-variable-declarations clang warning
  • curl-compilers.m4: enable comma clang warning
  • Makefile.m32: enable -W for MinGW32 build
  • CURLOPT_PREQUOTE: not supported for SFTP
  • http2: fix OOM crash
  • PIPELINING_SERVER_BL: cleanup the internal list use
  • mkhelp.pl: fix script name in usage text
  • lib1521: add curl_easy_getinfo calls to the test set
  • travis: do the distcheck test build out-of-tree as well
  • if2ip: fix compiler warning in ISO C90 mode
  • lib: fix the djgpp build
  • typecheck-gcc: add support for CURLINFO_OFF_T
  • travis: enable typecheck-gcc warnings
  • maketgz: switch to xz instead of lzma
  • CURLINFO_REDIRECT_URL.3: mention the CURLOPT_MAXREDIRS case
  • curl-compilers.m4: fix unknown-warning-option on Apple clang
  • winbuild: fix boringssl build
  • curl/system.h: add check for XTENSA for 32bit gcc
  • test1537: fixed memory leak on OOM
  • test1521: fix compiler warnings
  • curl: fix memory leak on test 1147 OOM
  • libtest/make: generate lib1521.c dynamically at build-time
  • curl_strequal.3: fix typo in SYNOPSIS
  • progress: prevent resetting t_starttransfer
  • openssl: improve fallback seed of PRNG with a time based hash
  • http2: improved PING frame handling
  • test1450: add simple testing for DICT
  • make: build the docs subdir only from within src
  • cmake: Added compatibility options for older Windows versions
  • gtls: fix build when sizeof(long) < sizeof(void *)
  • url: make the original string get used on subsequent transfers
  • timeval.c: Use long long constant type for timeval assignment
  • tool_sleep: typecast to avoid macos compiler warning
  • travis.yml: use --enable-werror on debug builds
  • test1451: add SMB support to the testbed
  • configure: remove checks for 5 functions never used
  • configure: try ldap/lber in reversed order first
  • smb: fix build for djgpp/MSDOS
  • travis: install nghttp2 on linux builds
  • smb: add support for CURLOPT_FILETIME
  • cmake: fix send/recv argument scanner for windows
  • inet_pton: fix include on windows to get prototype
  • select.h: avoid macro redefinition harder
  • cmake: if inet_pton is used, bump _WIN32_WINNT
  • asyn-thread.c: fix unused variable warnings on macOS
  • runtests: support "threaded-resolver" as a feature
  • test506: skip if threaded-resolver
  • cmake: remove spurious "-l" from linker flags
  • cmake: add CURL_WERROR for enabling "warning as errors"
  • memdebug: don't setbuf() if the file open failed
  • curl_easy_escape.3: mention the (lack of) encoding
  • test1452: add telnet negotiation
  • CURLOPT_POSTFIELDS.3: explain the 100-continue magic better
  • cmake: offer CMAKE_DEBUG_POSTFIX when building with MSVC
  • tests/valgrind.supp: supress OpenSSL false positive seen on travis
  • curl_setup_once: Remove ERRNO/SET_ERRNO macros
  • curl-compilers.m4: disable warning spam with Cygwin's clang
  • ldap: fix MinGW compiler warning
  • make: fix docs build on OpenBSD
  • curl_setup: always define WIN32_LEAN_AND_MEAN on Windows
  • system.h: include winsock2.h before windows.h
  • winbuild: build with warning level 4
  • rtspd: fix MSVC level 4 warning
  • sockfilt: suppress conversion warning with explicit cast
  • libtest: fix MSVC warning C4706
  • darwinssl: fix pinnedpubkey build error
  • tests/server/resolve.c: fix deprecation warning
  • nss: fix a possible use-after-free in SelectClientCert()
  • checksrc: escape open brace in regex
  • multi: mention integer overflow risk if using > 500 million sockets
  • darwinssl: fix --tlsv1.2 regression
  • timeval: struct curltime is a struct timeval replacement
  • curl_rtmp: fix a compiler warning
  • include.d: clarify that it concerns the response headers
  • cmake: support make uninstall
  • include.d: clarify --include is only for response headers
  • libcurl: Stop using error codes defined under CURL_NO_OLDIES
  • http: fix response code parser to avoid integer overflow
  • configure: fix the check for IdnToUnicode
  • multi: fix request timer management
  • curl_threads: fix MSVC compiler warning
  • travis: build on osx with openssl
  • travis: build on osx with libressl
  • CURLOPT_NETRC.3: mention the file name on windows
  • cmake: set MSVC warning level to 4
  • netrc: skip lines starting with '#'
  • darwinssl: fix curlssl_sha256sum() compiler warnings on first argument
  • BUILD.WINDOWS: mention buildconf.bat for builds off git
  • darwinssl: silence compiler warnings
  • travis: build on osx with darwinssl
  • FTP: skip unnecessary CWD when in nocwd mode
  • gssapi: fix memory leak of output token in multi round context
  • getparameter: avoid returning uninitialized 'usedarg'
  • curl (debug build) easy_events: make event data static
  • curl: detect and bail out early on parameter integer overflows
  • configure: fix recv/send/select detection on Android
Kliknij aby rozwinąć...
Zaloguj lub Zarejestruj się aby zobaczyć!
 
Jarom

Jarom

Bardzo aktywny
Zasłużony
Dołączył
23 Wrzesień 2016
Posty
3893
Reakcje/Polubienia
1228
cURL 7.55.1
  • BUG FIXES:
  • build: fix 'make install' with configure, install docs/libcurl/* too
  • make install: add 8 missing man pages to the installation
  • curl: do bounds check using a double comparison
  • dist: Add dictserver.py/negtelnetserver.py to release
  • digest_sspi: Don't reuse context if the user/passwd has changed
  • gitignore: ignore top-level .vs folder
  • build: check out *.sln files with Windows line endings
  • travis: verify "make install"
  • dist: fix the cmake build by shipping cmake_uninstall.cmake.in too
  • metalink: fix error: ‘*’ in boolean context, suggest ‘&&’ instead
  • configure: use the threaded resolver backend by default if possible
  • mkhelp.pl: allow executing this script directly
  • maketgz: remove old *.dist files before making the tarball
  • openssl: remove CONST_ASN1_BIT_STRING
  • openssl: fix "error: this statement may fall through"
  • proxy: fix memory leak in case of invalid proxy server name
  • curl/system.h: support more architectures (OpenRISC, ARC)
  • docs: fix typos
  • curl/system.h: add Oracle Solaris Studio
  • CURLINFO_TOTAL_TIME: could wrongly return 4200 seconds
  • docs: --connect-to clarified
  • cmake: allow user to override CMAKE_DEBUG_POSTFIX
  • travis: test cmake build on tarball too
  • redirect: make it handle absolute redirects to IDN names
  • curl/system.h: fix for gcc on PowerPC
  • curl --interface: fixed for IPV6 unique local addresses
  • cmake: threads detection improvements
Kliknij aby rozwinąć...
Zaloguj lub Zarejestruj się aby zobaczyć!
 
Jarom

Jarom

Bardzo aktywny
Zasłużony
Dołączył
23 Wrzesień 2016
Posty
3893
Reakcje/Polubienia
1228
cURL 7.56.0
Changes:
  • curl: enable compression for SCP/SFTP with --compressed-ssh
  • libcurl: enable compression for SCP/SFTP with CURLOPT_SSH_COMPRESSION
  • vtls: added dynamic changing SSL backend with curl_global_sslset()
  • new MIME API, curl_mime_init() and friends
  • openssl: initial SSLKEYLOGFILE implementation

Bugfixes:
  • FTP: zero terminate the entry path even on bad input
  • examples/ftpuploadresume.c: use portable code
  • runtests: match keywords case insensitively
  • travis: build the examples too
  • strtoofft: reduce integer overflow risks globally
  • zsh.pl: produce a working completion script again
  • cmake: remove dead code for CURL_DISABLE_RTMP
  • progress: Track total times following redirects
  • configure: fix --disable-threaded-resolver
  • cmake: remove dead code for DISABLED_THREADSAFE
  • configure: fix clang version detection
  • darwinssi: fix error: variable length array used
  • travis: add metalink to some osx builds
  • configure: check for __builtin_available() availability
  • http_proxy: fix build error for CURL_DOES_CONVERSIONS
  • examples/ftpuploadresume: checksrc compliance
  • ftp: fix CWD when doing multicwd then nocwd on same connection
  • system.h: remove all CURL_SIZEOF_* defines
  • http: Don't wait on CONNECT when there is no proxy
  • system.h: check for __ppc__ as well
  • http2_recv: return error better on fatal h2 errors
  • scripts/contri*sh: use "git log --use-mailmap"
  • tftp: fix memory leak on too long filename
  • system.h: fix build for hppa
  • cmake: enable picky compiler options with clang and gcc
  • makefile.m32: add support for libidn2
  • curl: turn off MinGW CRT's globbing
  • request-target.d: mention added in 7.55.0
  • curl: shorten and clean up CA cert verification error message
  • imap: support PREAUTH
  • CURLOPT_USERPWD.3: see also CURLOPT_PROXYUSERPWD
  • examples/threaded-ssl: mention that this is for openssl before 1.1
  • winbuild: fix embedded manifest option
  • tests: Make sure libtests & unittests call curl_global_cleanup()
  • system.h: include sys/poll.h for AIX
  • darwinssl: handle long strings in TLS certs
  • strtooff: fix build for systems with long long but no strtoll
  • asyn-thread: Improved cleanup after OOM situations
  • HELP-US.md: "How to get started helping out in the curl project"
  • curl.h: CURLSSLBACKEND_WOLFSSL used wrong value
  • unit1301: fix error message on first test
  • ossfuzz: moving towards the ideal integration
  • http: fix a memory leakage in checkrtspprefix()
  • examples/post-callback: stop returning one byte at a time
  • schannel: return CURLE_SSL_CACERT on failed verification
  • MAIL-ETIQUETTE: added "1.9 Your emails are public"
  • http-proxy: treat all 2xx as CONNECT success
  • openssl: use OpenSSL's default ciphers by default
  • runtests.pl: support attribute "nonewline" in part verify/upload
  • configure: remove --enable-soname-bump and SONAME_BUMP
  • travis: add c-ares enabled builds linux + osx
  • vtls: fix WolfSSL 3.12 build problems
  • http-proxy: when not doing CONNECT, that phase is done immediately
  • configure: fix curl_off_t check's include order
  • configure: use -Wno-varargs on clang 3.9[.X] debug builds
  • rtsp: do not call fwrite() with NULL pointer FILE *
  • mbedtls: enable CA path processing
  • travis: add build without HTTP/SMTP/IMAP
  • checksrc: verify more code style rules
  • HTTP proxy: on connection re-use, still use the new remote port
  • tests: add initial gssapi test using stub implementation
  • rtsp: Segfault when using WRITEDATA
  • docs: clarify the CURLOPT_INTERLEAVE* options behavior
  • non-ascii: use iconv() with 'char **' argument
  • server/getpart: provide dummy function to build conversion enabled
  • conversions: fix several compiler warnings
  • openssl: add missing includes
  • schannel: Support partial send for when data is too large
  • socks: fix incorrect port number in SOCKS4 error message
  • curl: fix integer overflow in timeout options
  • travis: on mac, don't install openssl or libidn
  • cookies: reject oversized cookies instead of truncating
  • cookies: use lock when using CURLINFO_COOKIELIST
  • curl: check fseek() return code and bail on error
  • examples/post-callback: use long for CURLOPT_POSTFIELDSIZE
  • openssl: only verify RSA private key if supported
  • tests: make the imap server not verify user+password
  • imap: quote atoms properly when escaping characters
  • tests: fix a compiler warning in test 643
  • file_range: avoid integer overflow when figuring out byte range
  • curl.h: include on cygwin too
  • reuse_conn: don't copy flags that are known to be equal
  • http: fix adding custom empty headers to repeated requests
  • docs: clarify the use of environment variables for proxy
  • docs: link CURLOPT_CONNECTTIMEOUT and CURLOPT_CONNECTTIMEOUT_MS
  • connect: fix race condition with happy eyeballs timeout
  • cookie: fix memory leak if path was set twice in header
  • vtls: compare and clone ssl configs properly
  • proxy: read the "no_proxy" variable only if necessary
Kliknij aby rozwinąć...
Zaloguj lub Zarejestruj się aby zobaczyć!
 
Jarom

Jarom

Bardzo aktywny
Zasłużony
Dołączył
23 Wrzesień 2016
Posty
3893
Reakcje/Polubienia
1228
cURL 7.56.1
Bugfixes:
  • imap: if a FETCH response has no size, don't call write callback
  • ftp: UBsan fixup 'pointer index expression overflowed
  • failf: skip the sprintf() if there are no consumers
  • fuzzer: move to using external curl-fuzzer
  • lib/Makefile.m32: allow customizing dll suffixes
  • docs: fix typo in curl_mime_data_cb man page
  • darwinssl: add support for TLSv1.3
  • build: fix --disable-crypto-auth
  • lib/config-win32.h: let SMB/SMBS be enabled with OpenSSL/NSS
  • openssl: fix build without HAVE_OPAQUE_EVP_PKEY
  • strtoofft: Remove extraneous null check
  • multi_cleanup: call DONE on handles that never got that
  • tests: added flaky keyword to tests 587 and 644
  • pingpong: return error when trying to send without connection
  • remove_handle: call multi_done() first, then clear dns cache pointer
  • mime: be tolerant about setting the same header list twice in a part
  • mime: improve unbinding top multipart from easy handle
  • mime: avoid resetting a part's encoder when part's contents change
  • mime: refuse to add subparts to one of their own descendants
  • RTSP: avoid integer overflow on funny RTSP responses
  • curl: don't pass semicolons when parsing Content-Disposition
  • openssl: enable PKCS12 support for !BoringSSL
  • FAQ: s/CURLOPT_PROGRESSFUNCTION/CURLOPT_XFERINFOFUNCTION
  • CURLOPT_NOPROGRESS.3: also refer to xferinfofunction
  • CURLOPT_XFERINFODATA.3: fix duplicate see also
  • test298: verify --ftp-method nowcwd with URL encoded path
  • FTP: URL decode path for dir listing in nocwd mode
  • smtp_done: fix memory leak on send failure
  • ftpserver: support case insensitive commands
  • test950; verify SMTP with custom request
  • openssl: don't use old BORINGSSL_YYYYMM macros
  • setopt: update current connection SSL verify params
  • winbuild/BUILD.WINDOWS.txt: mention WITH_NGHTTP2
  • curl: reimplement stdin buffering in -F option
  • mime: keep "text/plain" content type if user-specified
  • mime: fix the content reader to handle >16K data properly
  • configure: remove the C++ compiler check
  • memdebug: trace send, recv and socket
  • runtests: use valgrind for torture as well
  • ldap: silence clang warning
  • makefile.m32: allow to override gcc, ar and ranlib
  • setopt: avoid integer overflows when setting millsecond values
  • setopt: range check most long options
  • ftp: reject illegal IP/port in PASV 227 response
  • mime: do not reuse previously computed multipart size
  • vtls: change struct Curl_ssl `close' field name to `close_one'
  • os400: add missing symbols in config file
  • mime: limit bas64-encoded lines length to 76 characters
  • mk-ca-bundle: Remove URL for aurora
  • mk-ca-bundle: Fix URL for NSS
Kliknij aby rozwinąć...
Zaloguj lub Zarejestruj się aby zobaczyć!
 
Jarom

Jarom

Bardzo aktywny
Zasłużony
Dołączył
23 Wrzesień 2016
Posty
3893
Reakcje/Polubienia
1228
cURL 7.57.0
Changes:
Bugfixes:
Kliknij aby rozwinąć...
Zaloguj lub Zarejestruj się aby zobaczyć!
 
Jarom

Jarom

Bardzo aktywny
Zasłużony
Dołączył
23 Wrzesień 2016
Posty
3893
Reakcje/Polubienia
1228
cURL 7.64.0

Fixed in 7.64.0 - February 6 2019
Changes:
Bugfixes:
Fixed in 7.63.0 - December 12 2018
Changes:
Bugfixes:
Fixed in 7.62.0 - October 31 2018
Changes:
Bugfixes:
Fixed in 7.61.1 - September 5 2018
Bugfixes:
Fixed in 7.61.0 - July 11 2018
Changes:
Bugfixes:
Fixed in 7.60.0 - May 16 2018
Changes:
Bugfixes:
Fixed in 7.59.0 - March 14 2018
Changes:
Bugfixes:
Fixed in 7.58.0 - January 24 2018
Changes:
Bugfixes:
Kliknij aby rozwinąć...

Zaloguj lub Zarejestruj się aby zobaczyć!
 
Jarom

Jarom

Bardzo aktywny
Zasłużony
Dołączył
23 Wrzesień 2016
Posty
3893
Reakcje/Polubienia
1228
cURL 7.66.0

Fixed in 7.66.0 - September 11 2019

Changes:
CURLINFO_RETRY_AFTER: parse the Retry-After header value
HTTP3: initial (experimental still not working) support
curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the tool
curl: support parallel transfers with -Z
curl_multi_poll: a sister to curl_multi_wait() that waits more
sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID

Bugfixes:
CVE-2019-5481: FTP-KRB double-free
CVE-2019-5482: TFTP small blocksize heap buffer overflow
CI: remove duplicate configure flag for LGTM.com
CMake: remove needless newlines at end of gss variables
CMake: use platform dependent name for dlopen() library
CURLINFO docs: mention that in redirects times are added
CURLOPT_ALTSVC.3: use a "" file name to not load from a file
CURLOPT_ALTSVC_CTRL.3: remove CURLALTSVC_ALTUSED
CURLOPT_HEADERFUNCTION.3: clarify
CURLOPT_HTTP_VERSION: seting this to 3 forces HTTP/3 use directly
CURLOPT_READFUNCTION.3: provide inline example
CURLOPT_SSL_VERIFYHOST: treat the value 1 as 2
Curl_addr2string: take an addrlen argument too
Curl_fillreadbuffer: avoid double-free trailer buf on error
HTTP: use chunked Transfer-Encoding for HTTP_POST if size unknown
alt-svc: add protocol version selection masking
alt-svc: fix removal of expired cache entry
alt-svc: make it use h3-22 with ngtcp2 as well
alt-svc: more liberal ALPN name parsing
alt-svc: send Alt-Used: in redirected requests
alt-svc: with quiche, use the quiche h3 alpn string
appveyor: pass on -k to make
asyn-thread: create a socketpair to wait on
build-openssl: fix build with Visual Studio 2019
cleanup: move functions out of url.c and make them static
cleanup: remove the 'numsocks' argument used in many places
configure: avoid undefined check_for_ca_bundle
curl.h: add CURL_HTTP_VERSION_3 to the version enum
curl.h: fix outdated comment
curl: cap the maximum allowed values for retry time arguments
curl: handle a libcurl build without netrc support
curl: make use of CURLINFO_RETRY_AFTER when retrying
curl: remove outdated comment
curl: use .curlrc (with a dot) on Windows
curl: use CURLINFO_PROTOCOL to check for HTTP(s)
curl_global_init_mem.3: mention it was added in 7.12.0
curl_version: bump string buffer size to 250
curl_version_info.3: mentioned ALTSVC and HTTP3
curl_version_info: offer quic (and h3) library info
curl_version_info: provide nghttp2 details
defines: avoid underscore-prefixed defines
docs/ALTSVC: remove what works and the experimental explanation
docs/EXPERIMENTAL: explain what it means and what's experimental now
docs/MANUAL.md: converted to markdown from plain text
docs/examples/curlx: fix errors
docs: s/curl_debug/curl_dbg_debug in comments and docs
easy: resize receive buffer on easy handle reset
examples: Avoid reserved names in hiperfifo examples
examples: add http3.c, altsvc.c and http3-present.c
getenv: support up to 4K environment variable contents on windows
http09: disable HTTP/0.9 by default in both tool and library
http2: when marked for closure and wanted to close == OK
http2_recv: trigger another read when the last data is returned
http: fix use of credentials from URL when using HTTP proxy
http_negotiate: improve handling of gss_init_sec_context() failures
md4: Use our own MD4 when no crypto libraries are available
multi: call detach_connection before Curl_disconnect
netrc: make the code try ".netrc" on Windows
nss: use TLSv1.3 as default if supported
openssl: build warning free with boringssl
openssl: use SSL_CTX_set__proto_version() when available
plan9: add support for running on Plan 9
progress: reset download/uploaded counter between transfers
readwrite_data: repair setting the TIMER_STARTTRANSFER stamp
scp: fix directory name length used in memcpy
smb: init *msg to NULL in smb_send_and_recv()
smtp: check for and bail out on too short EHLO response
source: remove names from source comments
spnego_sspi: add typecast to fix build warning
src/makefile: fix uncompressed hugehelp.c generation
ssh-libssh: do not specify O_APPEND when not in append mode
ssh: move code into vssh for SSH backends
sspi: fix memory leaks
tests: Replace outdated test case numbering documentation
tftp: return error when packet is too small for options
timediff: make it 64 bit (if possible) even with 32 bit time_t
travis: reduce number of torture tests in 'coverage'
url: make use of new HTTP version if alt-svc has one
urlapi: verify the IPv6 numerical address
urldata: avoid 'generic', use dedicated pointers
vauth: Use CURLE_AUTH_ERROR for auth function errors

Fixed in 7.65.3 - July 19 2019

Bugfixes:
progress: make the progress meter appear again

Fixed in 7.65.2 - July 17 2019

Bugfixes:
CIPHERS.md: Explain Schannel error SEC_E_ALGORITHM_MISMATCH
CMake: Convert errant elseif() to else()
CMake: Fix finding Brotli on case-sensitive file systems
CURLMOPT_SOCKETFUNCTION.3: clarified
CURLMOPT_SOCKETFUNCTION.3: fix typo
CURLOPT_CAINFO.3: polished wording
CURLOPT_HEADEROPT.3: Fix example
CURLOPT_RANGE.3: Caution against using it for HTTP PUT
CURLOPT_SEEKDATA.3: fix variable name
DEPRECATE: fixup versions and spelling
bindlocal: detect and avoid IP version mismatches in bind()
build: fix Codacy warnings
buildconf.bat: fix header filename
c-ares: honor port numbers in CURLOPT_DNS_SERVERS
config-os400: add getpeername and getsockname defines
configure: --disable-progress-meter
configure: fix --disable-code-coverage
configure: fix typo '--disable-http-uath'
configure: more --disable switches to toggle off individual features
configure: remove CURL_DISABLE_TLS_SRP
conn_maxage: move the check to prune_dead_connections()
curl: skip CURLOPT_PROXY_CAPATH for disabled-proxy builds
curl_multi_wait.3: escape backslash in example
docs: Explain behavior change in --tlsv1. options since 7.54
docs: Fix links to OpenSSL docs
docs: fix string suggesting HTTP/2 is not the default
examples/fopen: fix comparison
examples/htmltitle: use C++ casts between pointer types
headers: Remove no longer exported functions
http2: call done_sending on end of upload
http2: don't call stream-close on already closed streams
http2: remove CURL_DISABLE_TYPECHECK define
http: allow overriding timecond with custom header
http: clarify header buffer size calculation
krb5: fix compiler warning
lib: Use UTF-8 encoding in comments
libcurl-tutorial.3: Fix small typo (mutipart -> multipart)
libcurl: Restrict redirect schemes to HTTP, HTTPS, FTP and FTPS
multi: enable multiplexing by default (again)
multi: fix the transfer hashes in the socket hash entries
multi: make sure 'data' can present in several sockhash entries
netrc: Return the correct error code when out of memory
nss: don't set unused parameter
nss: inspect returnvalue of token check
nss: only cache valid CRL entries
nss: support using libnss on macOS
openssl: define HAVE_SSL_GET_SHUTDOWN based on version number
openssl: disable engine if OPENSSL_NO_UI_CONSOLE is defined
openssl: fix pubkey/signature algorithm detection in certinfo
openssl: remove outdated comment
os400: make vsetopt() non-static as Curl_vsetopt() for os400 support
quote.d: asterisk prefix works for SFTP as well
runtests: keep logfiles around by default
runtests: report single test time + total duration
smb: Use the correct error code for access denied on file open
sws: remove unused variables
system_win32: fix clang warning
system_win32: fix typo
test1165: verify that CURL_DISABLE_ symbols are in sync
test1521: adapt to SLISTPOINT
test1523: test CURLOPT_LOW_SPEED_LIMIT
test153: fix content-length to avoid occasional hang
test188/189: fix Content-Length
tests: have runtests figure out disabled features
tests: support non-localhost HOSTIP for dict/smb servers
tests: update fixed IP for hostip/clientip split
tool_cb_prg: Fix integer overflow in progress bar
travis: disable threaded resolver for coverage build
travis: enable alt-svc for coverage build
travis: enable brotli for all xenial jobs
travis: enable libssh2 for coverage build
travis: enable warnings-as-errors for coverage build
travis: update scan-build job to xenial
typecheck: CURLOPT_CONNECT_TO takes an slist too
typecheck: add 3 missing strings and a callback data pointer
unit1654: cleanup on memory failure
unpause: trigger a timeout for event-based transfers
url: Fix CURLOPT_MAXAGE_CONN time comparison
win32: make DLL loading a no-op for UWP
winbuild: Change Makefile to honor ENABLE_OPENSSL_AUTO_LOAD_CONFIG
winbuild: use WITH_PREFIX if given
wolfssl: refer to it as wolfSSL only

Fixed in 7.65.1 - June 5 2019

Bugfixes:
CURLOPT_LOW_SPEED_* repaired
NTLM: reset proxy "multipass" state when CONNECT request is done
PolarSSL: deprecate support step 1. Removed from configure
appveyor: add Visual Studio solution build
cmake: check for if_nametoindex()
cmake: support CMAKE_OSX_ARCHITECTURES when detecting SIZEOF variables
config-win32: add support for if_nametoindex and getsockname
conncache: Remove the DEBUGASSERT on length check
conncache: make "bundles" per host name when doing proxy tunnels
curl-win32.h: Enable Unix Domain Sockets based on the Windows SDK version
curl_share_setopt.3: improve wording
dump-header.d: spell out that no headers == empty file
example/http2-download: fix format specifier
examples: cleanups and compiler warning fixes
http2: Stop drain from being permanently set
http: don't parse body-related headers in bodyless responses
md4: build correctly with openssl without MD4
md4: include the mbedtls config.h to get the MD4 info
multi: track users of a socket better
nss: allow to specify TLS 1.3 ciphers if supported by NSS
parse_proxy: make sure portptr is initialized
parse_proxy: use the IPv6 zone id if given
sectransp: handle errSSLPeerAuthCompleted from SSLRead()
singlesocket: use separate variable for inner loop
ssl: Update outdated "openssl-only" comments for supported backends
tests: add HAProxy keywords
tests: add support to test against OpenSSH for Windows
tests: make test 1420 and 1406 work with rtsp-disabled libcurl
tls13-docs: mention it is only for OpenSSL >= 1.1.1
tool_parse_cfg: Avoid 2 fopen() for WIN32
tool_setopt: for builds with disabled-proxy, skip all proxy setopts()
url: Load if_nametoindex() dynamically from iphlpapi.dll on Windows
url: fix bad feature-disable #ifdef
url: use correct port in ConnectionExists()
winbuild: Use two space indentation

Fixed in 7.65.0 - May 22 2019

Changes:
CURLOPT_DNS_USE_GLOBAL_CACHE: removed
CURLOPT_MAXAGE_CONN: set the maximum allowed age for conn reuse
pipelining: removed

Bugfixes:
CVE-2019-5435: Integer overflows in curl_url_set
CVE-2019-5436: tftp: use the current blksize for recvfrom()
--config: clarify that initial : and = might need quoting
AppVeyor: enable testing for WinSSL build
CURLMOPT_TIMERFUNCTION.3: warn about the recursive risk
CURLOPT_ADDRESS_SCOPE: fix range check and more
CURLOPT_CAINFO.3: with Schannel, you want Windows 8 or later
CURLOPT_CHUNK_BGN_FUNCTION.3: document the struct and time value
CURLOPT_READFUNCTION.3: see also CURLOPT_UPLOAD_BUFFERSIZE
CURL_MAX_INPUT_LENGTH: largest acceptable string input size
Curl_disconnect: treat all CONNECT_ONLY connections as "dead"
INTERNALS: Add code highlighting
OS400/ccsidcurl: replace use of Curl_vsetopt
OpenSSL: Report -fips in version if OpenSSL is built with FIPS
README.md: fix no-consecutive-blank-lines Codacy warning
VC15 project: remove MinimalRebuild
VS projects: use Unicode for VC10+
WRITEFUNCTION: add missing set_in_callback around callback
altsvc: Fix building with cookies disabled
auth: Rename the various authentication clean up functions
base64: build conditionally if there are users
build-openssl.bat: Fixed support for OpenSSL v1.1.0+
build: fix "clarify calculation precedence" warnings
checksrc.bat: ignore snprintf warnings in docs/examples
cirrus: Customize the disabled tests per FreeBSD version
cleanup: remove FIXME and TODO comments
cmake: avoid linking executable for some tests with cmake 3.6+
cmake: clear CMAKE_REQUIRED_LIBRARIES after each use
cmake: rename CMAKE_USE_DARWINSSL to CMAKE_USE_SECTRANSP
cmake: set SSL_BACKENDS
configure: avoid unportable `==' test(1) operator
configure: error out if OpenSSL wasn't detected when asked for
configure: fix default location for fish completions
cookie: Guard against possible NULL ptr deref
curl: make code work with protocol-disabled libcurl
curl: report error for "--no-" on non-boolean options
curl_easy_getinfo.3: fix minor formatting mistake
curlver.h: use parenthesis in CURL_VERSION_BITS macro
docs/BUG-BOUNTY: bug bounty time
docs/INSTALL: fix broken link
docs/RELEASE-PROCEDURE: link to live iCalendar
documentation: Fix several typos
doh: acknowledge CURL_DISABLE_DOH
doh: disable DOH for the cases it doesn't work
examples: remove unused variables
ftplistparser: fix LGTM alert "Empty block without comment"
hostip: acknowledge CURL_DISABLE_SHUFFLE_DNS
http: Ignore HTTP/2 prior knowledge setting for HTTP proxies
http: acknowledge CURL_DISABLE_HTTP_AUTH
http: mark bundle as not for multiuse on < HTTP/2 response
http_digest: Don't expose functions when HTTP and Crypto Auth are disabled
http_negotiate: do not treat failure of gss_init_sec_context() as fatal
http_ntlm: Corrected the name of the include guard
http_ntlm_wb: Handle auth for only a single request
http_ntlm_wb: Return the correct error on receiving an empty auth message
lib509: add missing include for strdup
lib557: initialize variables
makedebug: Fix ERRORLEVEL detection after running where.exe
mbedtls: enable use of EC keys
mime: acknowledge CURL_DISABLE_MIME
multi: improved HTTP_1_1_REQUIRED handling
netrc: acknowledge CURL_DISABLE_NETRC
nss: allow fifos and character devices for certificates
nss: provide more specific error messages on failed init
ntlm: Fix misaligned function comments for Curl_auth_ntlm_cleanup
ntlm: Support the NT response in the type-3 when OpenSSL doesn't include MD4
openssl: mark connection for close on TLS close_notify
openvms: Remove pre-processor for SecureTransport
openvms: Remove pre-processors for Windows
parse_proxy: use the URL parser API
parsedate: disabled on CURL_DISABLE_PARSEDATE
pingpong: disable more when no pingpong protocols are enabled
polarssl_threadlock: remove conditionally unused code
progress: acknowledge CURL_DISABLE_PROGRESS_METER
proxy: acknowledge DISABLE_PROXY more
resolve: apply Happy Eyeballs philosophy to parallel c-ares queries
revert "multi: support verbose conncache closure handle"
sasl: Don't send authcid as authzid for the PLAIN mechanism as per RFC 4616
sasl: only enable if there's a protocol enabled using it
scripts: fix typos
singleipconnect: show port in the verbose "Trying ..." message
smtp: fix compiler warning
socks5: user name and passwords must be shorter than 256
socks: fix error message
socksd: new SOCKS 4+5 server for tests
spnego_gssapi: fix return code on gss_init_sec_context() failure
ssh-libssh: remove unused variable
ssh: define USE_SSH if SSH is enabled (any backend)
ssh: move variable declaration to where it's used
test1002: correct the name
test2100: Fix typos in test description
tests/server/util: fix Windows Unicode build
tests: Run global cleanup at end of tests
tests: make Impacket (SMB server) Python 3 compatible
tool_cb_wrt: fix bad-function-cast warning
tool_formparse: remove redundant assignment
tool_help: Warn if curl and libcurl versions do not match
tool_help: include for strcasecmp
transfer: fix LGTM alert "Comparison is always true"
travis: add an osx http-only build
travis: allow builds on branches named "ci"
travis: install dependencies only when needed
travis: update some builds do Xenial
travis: updated mesalink builds
url: always clone the CUROPT_CURLU handle
url: convert the zone id from a IPv6 URL to correct scope id
urlapi: add CURLUPART_ZONEID to set and get
urlapi: increase supported scheme length to 40 bytes
urlapi: require a non-zero host name length when parsing URL
urlapi: stricter CURLUPART_PORT parsing
urlapi: strip off zone id from numerical IPv6 addresses
urlapi: urlencode characters above 0x7f correctly
vauth/cleartext: update the PLAIN login to match RFC 4616
vauth/oauth2: Fix OAUTHBEARER token generation
vauth: Fix incorrect function description for Curl_auth_user_contains_domain
vtls: fix potential ssl_buffer stack overflow
wildcard: disable from build when FTP isn't present
winbuild: Support MultiSSL builds
xattr: skip unittest on unsupported platforms

Fixed in 7.64.1 - March 27 2019

Changes:
alt-svc: experiemental support added
configure: add --with-amissl

Bugfixes:
AppVeyor: add MinGW-w64 and classic Mingw builds
AppVeyor: switch VS 2015 builds to VS 2017 image
CURLU: fix NULL dereference when used over proxy
Curl_easy: remove req.maxfd - never used!
Curl_now: figure out windows version in win32_init:
Curl_resolv: fix a gcc -Werror=maybe-uninitialized warning
DoH: inherit some SSL options from user's easy handle
Secure Transport: no more "darwinssl"
Secure Transport: tvOS 11 is required for ALPN support
cirrus: Added FreeBSD builds using Cirrus CI
cleanup: make local functions static
cli tool: do not use mime.h private structures
cmdline-opts/proxytunnel.d: the option tunnnels all protocols
configure: add additional libraries to check for LDAP support
configure: remove the unused fdopen macro
configure: show features as well in the final summary
conncache: use conn->data to know if a transfer owns it
connection: never reuse CONNECT_ONLY connections
connection_check: restore original conn->data after the check
connection_check: set ->data to the transfer doing the check
cookie: Add support for cookie prefixes
cookies: dotless names can set cookies again
cookies: fix NULL dereference if flushing cookies with no CookieInfo set
curl.1: --user and --proxy-user are hidden from ps output
curl.1: mark the argument to --cookie as
curl.h: use __has_declspec_attribute for shared builds
curl: display --version features sorted alphabetically
curl: fix FreeBSD compiler warning in the --xattr code
curl: remove MANUAL from -M output
curl_easy_duphandle.3: clarify that a duped handle has no shares
curl_multi_remove_handle.3: use at any time, just not from within callbacks
curl_url.3: this API is not experimental anymore
dns: release sharelock as soon as possible
docs: update max-redirs.d phrasing
easy: fix win32 init to work without CURL_GLOBAL_WIN32
examples/10-at-a-time.c: improve readability and simplify
examples/cacertinmem.c: use multiple certificates for loading CA-chain
examples/crawler: Fix the Accept-Encoding setting
examples/ephiperfifo.c: various fixes
examples/externalsocket: add missing close socket calls
examples/http2-download: cleaned up
examples/http2-serverpush: add some sensible error checks
examples/http2-upload: cleaned up
examples/httpcustomheader: Value stored to 'res' is never read
examples/postinmemory: Potential leak of memory pointed to by 'chunk.memory'
examples/sftpuploadresume: Value stored to 'result' is never read
examples: only include
examples: remove recursive calls to curl_multi_socket_action
examples: remove superfluous null-pointer checks
file: fix "Checking if unsigned variable 'readcount' is less than zero."
fnmatch: disable if FTP is disabled
gnutls: remove call to deprecated gnutls_compression_get_name
gopher: remove check for path == NULL
gssapi: fix deprecated header warnings
hostip: make create_hostcache_id avoid alloc + free
http2: multi_connchanged() moved from multi.c, only used for h2
http2: verify :athority in push promise requests
http: make adding a blank header thread-safe
http: send payload when (proxy) authentication is done
http: set state.infilesize when sending multipart formposts
makefile: make checksrc and hugefile commands "silent"
mbedtls: make it build even if MBEDTLS_VERSION_C isn't set
mbedtls: release sessionid resources on error
memdebug: log pointer before freeing its data
memdebug: make debug-specific functions use curl_dbg_ prefix
mime: put the boundary buffer into the curl_mime struct
multi: call multi_done on connect timeouts, fixes CURLINFO_TOTAL_TIME
multi: remove verbose "Expire in" ... messages
multi: removed unused code for request retries
multi: support verbose conncache closure handle
negotiate: fix for HTTP POST with Negotiate
openssl: add support for TLS ASYNC state
openssl: if cert type is ENG and no key specified, key is ENG too
pretransfer: don't strlen() POSTFIELDS set for GET requests
rand: Fix a mismatch between comments in source and header
runtests: detect "schannel" as an alias for "winssl"
schannel: be quiet - remove verbose output
schannel: close TLS before removing conn from cache
schannel: support CALG_ECDH_EPHEM algorithm
scripts/completion.pl: also generate fish completion file
singlesocket: fix the 'sincebefore' placement
source: fix two 'nread' may be used uninitialized warnings
ssh: fix Condition '!status' is always true
ssh: loop the state machine if not done and not blocking
strerror: make the strerror function use local buffers
system_win32: move win32_init here from easy.c
test578: make it read data from the correct test
tests: Fixed XML validation errors in some test files
tests: add stderr comparison to the test suite
tests: fix multiple may be used uninitialized warnings
threaded-resolver: shutdown the resolver thread without error message
tool_cb_wrt: fix writing to Windows null device NUL
tool_getpass: termios.h is present on AmigaOS 3, but no tcgetattr/tcsetattr
tool_operate: build on AmigaOS
tool_operate: fix typecheck warning
transfer.c: do not compute length of undefined hex buffer
travis: add build using gnutls
travis: add scan-build
travis: bump the used wolfSSL version to 4.0.0
travis: enable valgrind for the iconv tests
travis: use updated compiler versions: clang 7 and gcc 8
unit1307: require FTP support
unit1651: survive curl_easy_init() fails
url/idnconvert: remove scan for <= 32 ascii values
url: change conn shutdown order to ensure SOCKETFUNCTION callbacks
urlapi: reduce variable scope, remove unreachable 'break'
urldata: convert bools to bitfields and move to end
urldata: simplify bytecounters
urlglob: Argument with 'nonnull' attribute passed null
version.c: silent scan-build even when librtmp is not enabled
vtls: rename some of the SSL functions
wolfssl: stop custom-adding curves
x509asn1: "Dereference of null pointer"
x509asn1: cleanup and unify code layout
zsh.pl: escape ':' character
zsh.pl: update regex to better match curl -h output

Fixed in 7.64.0 - February 6 2019

Changes:
cookies: leave secure cookies alone
hostip: support wildcard hosts
http: Implement trailing headers for chunked transfers
http: added options for allowing HTTP/0.9 responses
timeval: Use high resolution timestamps on Windows

Bugfixes:
CVE-2018-16890: NTLM type-2 out-of-bounds buffer read
CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow
CVE-2019-3823: SMTP end-of-response out-of-bounds read
FAQ: remove mention of sourceforge for github
OS400: handle memory error in list conversion
OS400: upgrade ILE/RPG binding.
README: add codacy code quality badge
Revert http_negotiate: do not close connection
THANKS: added several missing names from year <= 2000
build: make 'tidy' target work for metalink builds
cmake: added checks for variadic macros
cmake: updated check for HAVE_POLL_FINE to match autotools
cmake: use lowercase for function name like the rest of the code
configure: detect xlclang separately from clang
configure: fix recv/send/select detection on Android
configure: rewrite --enable-code-coverage
conncache_unlock: avoid indirection by changing input argument type
cookie: fix comment typo
cookies: allow secure override when done over HTTPS
cookies: extend domain checks to non psl builds
cookies: skip custom cookies when redirecting cross-site
curl --xattr: strip credentials from any URL that is stored
curl -J: refuse to append to the destination file
curl/urlapi.h: include "curl.h" first
curl_multi_remove_handle() don't block terminating c-ares requests
darwinssl: accept setting max-tls with default min-tls
disconnect: separate connections and easy handles better
disconnect: set conn->data for protocol disconnect
docs/version.d: mention MultiSSL
docs: fix the --tls-max description
docs: use $(INSTALL_DATA) to install man page
docs: use meaningless port number in CURLOPT_LOCALPORT example
gopher: always include the entire gopher-path in request
http2: clear pause stream id if it gets closed
if2ip: remove unused function Curl_if_is_interface_name
libssh: do not let libssh create socket
libssh: enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION for libssh
libssh: free sftp_canonicalize_path() data correctly
libtest/stub_gssapi: use "real" snprintf
mbedtls: use VERIFYHOST
multi: multiplexing improvements
multi: set the EXPIRE_*TIMEOUT timers at TIMER_STARTSINGLE time
ntlm: fix NTMLv2 compliance
ntlm_sspi: add support for channel binding
openssl: adapt to 3.0.0, OpenSSL_version_num() is deprecated
openssl: fix the SSL_get_tlsext_status_ocsp_resp call
openvms: fix OpenSSL discovery on VAX
openvms: fix typos in documentation
os400: add a missing closing bracket
os400: fix extra parameter syntax error
pingpong: change default response timeout to 120 seconds
pingpong: ignore regular timeout in disconnect phase
printf: fix format specifiers
runtests.pl: Fix perl call to include srcdir
schannel: fix compiler warning
schannel: preserve original certificate path parameter
schannel: stop calling it "winssl"
sigpipe: if mbedTLS is used, ignore SIGPIPE
smb: fix incorrect path in request if connection reused
ssh: log the libssh2 error message when ssh session startup fails
test1558: verify CURLINFO_PROTOCOL on file:// transfer
test1561: improve test name
test1653: make it survive torture tests
tests: allow tests to pass by 2037-02-12
tests: move objnames-* from lib into tests
timediff: fix math for unsigned time_t
timeval: Disable MSVC Analyzer GetTickCount warning
tool_cb_prg: avoid integer overflow
travis: added cmake build for osx
urlapi: Fix port parsing of eol colon
urlapi: distinguish possibly empty query
urlapi: fix parsing ipv6 with zone index
urldata: rename easy_conn to just conn
winbuild: conditionally use /DZLIB_WINAPI
wolfssl: fix memory-leak in threaded use
spnego_sspi: add support for channel binding

Fixed in 7.63.0 - December 12 2018

Changes:
curl: add %{stderr} and %{stdout} for --write-out
curl: add undocumented option --dump-module-paths for win32
setopt: add CURLOPT_CURLU

Bugfixes:
(lib)curl.rc: fixup for minor bugs
CURLINFO_REDIRECT_URL: extract the Location: header field unvalidated
CURLOPT_HEADERFUNCTION.3: match 'nitems' name in synopsis and description
CURLOPT_WRITEFUNCTION.3: spell out that it gets called many times
Curl_follow: accept non-supported schemes for "fake" redirects
KNOWN_BUGS: add --proxy-any connection issue
NTLM: Remove redundant ifdef USE_OPENSSL
NTLM: force the connection to HTTP/1.1
OS400: add URL API ccsid wrappers and sync ILE/RPG bindings
SECURITY-PROCESS: bountygraph shuts down again
TODO: Have the URL API offer IDN decoding
ares: remove fd from multi fd set when ares is about to close the fd
axtls: removed
checksrc: add COPYRIGHTYEAR check
cmake: fix MIT/Heimdal Kerberos detection
configure: include all libraries in ssl-libs fetch
configure: show CFLAGS, LDFLAGS etc in summary
connect: fix building for recent versions of Minix
cookies: create the cookiejar even if no cookies to save
cookies: expire "Max-Age=0" immediately
curl: --local-port range was not "including"
curl: fix --local-port integer overflow
curl: fix memory leak reading --writeout from file
curl: fixed UTF-8 in current console code page (Windows)
curl_easy_perform: fix timeout handling
curl_global_sslset(): id == -1 is not necessarily an error
curl_multibyte: fix a malloc overcalculation
curle: move deprecated error code to ifndef block
docs: curl_formadd field and file names are now escaped
docs: escape "\n" codes
doh: fix memory leak in OOM situation
doh: make it work for h2-disabled builds too
examples/ephiperfifo: report error when epoll_ctl fails
ftp: avoid two unsigned int overflows in FTP listing parser
host names: allow trailing dot in name resolve, then strip it
http2: Upon HTTP_1_1_REQUIRED, retry the request with HTTP/1.1
http: don't set CURLINFO_CONDITION_UNMET for http status code 204
http: fix HTTP Digest auth to include query in URI
http_negotiate: do not close connection until negotiation is completed
impacket: add LICENSE
infof: clearly indicate truncation
ldap: fix LDAP URL parsing regressions
libcurl: stop reading from paused transfers
mprintf: avoid unsigned integer overflow warning
netrc: don't ignore the login name specified with "--user"
nss: Fall back to latest supported SSL version
nss: Fix compatibility with nss versions 3.14 to 3.15
nss: fix fallthrough comment to fix picky compiler warning
nss: remove version selecting dead code
nss: set default max-tls to 1.3/1.2
openssl: Remove SSLEAY leftovers
openssl: do not log excess "TLS app data" lines for TLS 1.3
openssl: do not use file BIOs if not requested
openssl: fix unused variable compiler warning with old openssl
openssl: support session resume with TLS 1.3
openvms: fix example name
os400: Add curl_easy_conn_upkeep() to ILE/RPG binding
os400: add CURLOPT_CURLU to ILE/RPG binding
os400: fix return type of curl_easy_pause() in ILE/RPG binding
packages: remove old leftover files and dirs
pop3: only do APOP with a valid timestamp
runtests: use the local curl for verifying
schannel: be consistent in Schannel capitalization
schannel: better CURLOPT_CERTINFO support
schannel: use Curl_ prefix for global private symbols
snprintf: renamed and we now only use msnprintf()
ssl: fix compilation with OpenSSL 0.9.7
ssl: replace all internal uses of CURLE_SSL_CACERT
symbols-in-versions: add missing CURLU_ symbols
test328: verify Content-Encoding: none
tests: disable SO_EXCLUSIVEADDRUSE for stunnel on Windows
tests: drop http_pipe.py script no longer used
tool_cb_wrt: Silence function cast compiler warning
tool_doswin: Fix uninitialized field warning
travis: build with clang sanitizers
travis: remove curl before a normal build
url: a short host name + port is not a scheme
url: fix IPv6 numeral address parser
urlapi: only skip encoding the first '=' with APPENDQUERY set

Fixed in 7.62.0 - October 31 2018

Changes:
multiplex: enable by default
url: default to CURL_HTTP_VERSION_2TLS if built h2-enabled
setopt: add CURLOPT_DOH_URL
curl: --doh-url added
setopt: add CURLOPT_UPLOAD_BUFFERSIZE: set upload buffer size
imap: change from "FETCH" to "UID FETCH"
configure: add option to disable automatic OpenSSL config loading
upkeep: add a connection upkeep API: curl_easy_upkeep()
URL-API: added five new functions
vtls: MesaLink is a new TLS backend

Bugfixes:
CVE-2018-16839: SASL password overflow via integer overflow
CVE-2018-16840: use-after-free in handle close
CVE-2018-16842: warning message out-of-buffer read
CURLOPT_DNS_USE_GLOBAL_CACHE: deprecated
Curl_dedotdotify(): always nul terminate returned string
Curl_follow: Always free the passed new URL
Curl_http2_done: fix memleak in error path
Curl_retry_request: fix memory leak
Curl_saferealloc: Fixed typo in docblock
FILE: fix CURLOPT_NOBODY and CURLOPT_HEADER output
GnutTLS: TLS 1.3 support
SECURITY-PROCESS: mention the bountygraph program
VS projects: add USE_IPV6:
Windows: fixes for MinGW targeting Windows Vista
anyauthput: fix compiler warning on 64-bit Windows
appveyor: add WinSSL builds
appveyor: run test suite (on Windows!)
certs: generate tests certs with sha256 digest algorithm
checksrc: enable strict mode and warnings
checksrc: handle zero scoped ignore commands
cmake: Backport to work with CMake 3.0 again
cmake: Improve config installation
cmake: add support for transitive ZLIB target
cmake: disable -Wpedantic-ms-format
cmake: don't require OpenSSL if USE_OPENSSL=OFF
cmake: fixed path used in generation of docs/tests
cmake: remove unused *SOCKLEN_T variables
cmake: suppress MSVC warning C4127 for libtest
cmake: test and set missed defines during configuration
comment: Fix multiple typos in function parameters
config: Remove unused SIZEOF_VOIDP
config_win32: enable LDAPS
configure: force-use -lpthreads on HPUX
configure: remove CURL_CONFIGURE_CURL_SOCKLEN_T
configure: s/AC_RUN_IFELSE/CURL_RUN_IFELSE
cookies: Remove redundant expired check
cookies: fix leak when writing cookies to file
curl-config.in: remove dependency on bc
curl.1: --ipv6 mutexes ipv4 (fixed typo)
curl: enabled Windows VT Support and UTF-8 output
curl: update the documentation of --tlsv1.0
curl_multi_wait: call getsock before figuring out timeout
curl_ntlm_wb: check aprintf() return codes
curl_threads: fix classic MinGW compile break
darwinssl: Fix realloc memleak
darwinssl: more specific and unified error codes
data-binary.d: clarify default content-type is x-www-form-urlencoded
docs/BUG-BOUNTY: explain the bounty program
docs/CIPHERS: Mention the options used to set TLS 1.3 ciphers
docs/CIPHERS: fix the TLS 1.3 cipher names
docs/CIPHERS: mention the colon separation for OpenSSL
docs/examples: URL updates
docs: add "see also" links for SSL options
example/asiohiper: insert warning comment about its status
example/htmltidy: fix include paths of tidy libraries
examples/Makefile.m32: sync with core
examples/http2-pushinmemory: receive HTTP/2 pushed files in memory
examples/parseurl.c: show off the URL API
examples: Fix memory leaks from realloc errors
examples: do not wait when no transfers are running
ftp: include command in Curl_ftpsend sendbuffer
gskit: make sure to terminate version string
gtls: Values stored to but never read
hostip: fix check on Curl_shuffle_addr return value
http2: fix memory leaks on error-path
http: fix memleak in rewind error path
krb5: fix memory leak in krb_auth
ldap: show precise LDAP call in error message on Windows
lib: fix gcc8 warning on Windows
memory: add missing curl_printf header
memory: ensure to check allocation results
multi: Fix error handling in the SENDPROTOCONNECT state
multi: fix memory leak in content encoding related error path
multi: make the closure handle "inherit" CURLOPT_NOSIGNAL
netrc: free temporary strings if memory allocation fails
nss: fix nssckbi module loading on Windows
nss: try to connect even if libnssckbi.so fails to load
ntlm_wb: Fix memory leaks in ntlm_wb_response
ntlm_wb: bail out if the response gets overly large
openssl: assume engine support in 0.9.8 or later
openssl: enable TLS 1.3 post-handshake auth
openssl: fix gcc8 warning
openssl: load built-in engines too
openssl: make 'done' a proper boolean
openssl: output the correct cipher list on TLS 1.3 error
openssl: return CURLE_PEER_FAILED_VERIFICATION on failure to parse issuer
openssl: show "proper" version number for libressl builds
pipelining: deprecated
rand: add comment to skip a clang-tidy false positive
rtmp: fix for compiling with lwIP
runtests: ignore disabled even when ranges are given
runtests: skip ld_preload tests on macOS
runtests: use Windows paths for Windows curl
schannel: unified error code handling
sendf: Fix whitespace in infof/failf concatenation
ssh: free the session on init failures
ssl: deprecate CURLE_SSL_CACERT in favour of a unified error code
system.h: use proper setting with Sun C++ as well
test1299: use single quotes around asterisk
test1452: mark as flaky
test1651: unit test Curl_extract_certinfo()
test320: strip out more HTML when comparing
tests/negtelnetserver.py: fix Python2-ism in neg TELNET server
tests: add unit tests for url.c
timeval: fix use of weak symbol clock_gettime() on Apple platforms
tool_cb_hdr: handle failure of rename()
travis: add a "make tidy" build that runs clang-tidy
travis: add build for "configure --disable-verbose"
travis: bump the Secure Transport build to use xcode
travis: make distcheck scan for BOM markers
unit1300: fix stack-use-after-scope AddressSanitizer warning
urldata: Fix "connecting" comment
urlglob: improve error message on bad globs
vtls: fix ssl version "or later" behavior change for many backends
x509asn1: Fix SAN IP address verification
x509asn1: always check return code from getASN1Element()
x509asn1: return CURLE_PEER_FAILED_VERIFICATION on failure to parse cert
x509asn1: suppress left shift on signed value

Fixed in 7.61.1 - September 5 2018

Bugfixes:
security advisory (CVE-2018-14618): NTLM password overflow via integer overflow
CURLINFO_SIZE_UPLOAD: fix missing counter update
CURLOPT_ACCEPT_ENCODING.3: list them comma-separated
CURLOPT_SSL_CTX_FUNCTION.3: might cause accidental connection reuse
Curl_getoff_all_pipelines: improved for multiplexed
DEPRECATE: remove release date from 7.62.0
HTTP: Don't attempt to needlessly decompress redirect body
INTERNALS: require GnuTLS >= 2.11.3
README.md: add LGTM.com code quality grade for C/C++
SSLCERTS: improve the openssl command line
Silence GCC 8 cast-function-type warnings
ares: check for NULL in completed-callback
asyn-thread: Remove unused macro
auth: only pick CURLAUTH_BEARER if we *have* a Bearer token
auth: pick Bearer authentication whenever a token is available
cmake: CMake config files are defining CURL_STATICLIB for static builds
cmake: Respect BUILD_SHARED_LIBS
cmake: Update scripts to use consistent style
cmake: bumped minimum version to 3.4
cmake: link curl to the OpenSSL targets instead of lib absolute paths
configure: conditionally enable pedantic-errors
configure: fix for -lpthread detection with OpenSSL and pkg-config
conn: remove the boolean 'inuse' field
content_encoding: accept up to 4 unknown trailer bytes after raw deflate data
cookie tests: treat files as text
cookies: support creation-time attribute for cookies
curl: Fix segfault when -H @headerfile is empty
curl: add http code 408 to transient list for --retry
curl: fix time-of-check, time-of-use race in dir creation
curl: use Content-Disposition before the "URL end" for -OJ
curl: warn the user if a given file name looks like an option
curl_threads: silence bad-function-cast warning
darwinssl: add support for ALPN negotiation
docs/CURLOPT_URL: fix indentation
docs/CURLOPT_WRITEFUNCTION: size is always 1
docs/SECURITY-PROCESS: mention bounty, drop pre-notify
docs/examples: add hiperfifo example using linux epoll/timerfd
docs: add disallow-username-in-url.d and haproxy-protocol.d to dist
docs: clarify NO_PROXY env variable functionality
docs: improved the manual pages of some callbacks
docs: mention NULL is fine input to several functions
formdata: Remove unused macro HTTPPOST_CONTENTTYPE_DEFAULT
gopher: Do not translate `?' to `%09'
header output: switch off all styles, not just unbold
hostip: fix unused variable warning
http2: Use correct format identifier for stream_id
http2: abort the send_callback if not setup yet
http2: avoid set_stream_user_data() before stream is assigned
http2: check nghttp2_session_set_stream_user_data return code
http2: clear the drain counter in Curl_http2_done
http2: make sure to send after RST_STREAM
http2: separate easy handle from connections better
http: fix for tiny "HTTP/0.9" response
http_proxy: Remove unused macro SELECT_TIMEOUT
lib/Makefile: only do symbol hiding if told to
lib1502: fix memory leak in torture test
lib1522: fix curl_easy_setopt argument type
libcurl-thread.3: expand somewhat on the NO_SIGNAL motivation
mime: check Curl_rand_hex's return code
multi: always do the COMPLETED procedure/state
openssl: assume engine support in 1.0.0 or later
openssl: fix debug messages
projects: Improve Windows perl detection in batch scripts
retry: return error if rewind was necessary but didn't happen
reuse_conn(): memory leak - free old_conn->options
schannel: client certificate store opening fix
schannel: enable CALG_TLS1PRF for w32api >= 5.1
schannel: fix MinGW compile break
sftp: don't send post-quote sequence when retrying a connection
smb: fix memory leak on early failure
smb: fix memory-leak in URL parse error path
smb_getsock: always wait for write socket too
ssh-libssh: fix infinite connect loop on invalid private key
ssh-libssh: reduce excessive verbose output about pubkey auth
ssh-libssh: use FALLTHROUGH to silence gcc8
ssl: set engine implicitly when a PKCS#11 URI is provided
sws: handle EINTR when calling select()
system_win32: fix version checking
telnet: Remove unused macros TELOPTS and TELCMDS
test1143: disable MSYS2's POSIX path conversion
test1148: disable if decimal separator is not point
test1307: (fnmatch testing) disabled
test1422: add required file feature
test1531: Add timeout
test1540: Remove unused macro TEST_HANG_TIMEOUT
test214: disable MSYS2's POSIX path conversion for URL
test320: treat curl320.out file as binary
tests/http_pipe.py: Use /usr/bin/env to find python
tests: Don't use Windows path %PWD for SSH tests
tests: fixes for Windows line endlings
tool_operate: Fix setting proxy TLS 1.3 ciphers
travis: build darwinssl on macos 10.12 to fix linker errors
travis: execute "set -eo pipefail" for coverage build
travis: run a 'make checksrc' too
travis: update to GCC-8
travis: verify that man pages can be regenerated
upload: allocate upload buffer on-demand
upload: change default UPLOAD_BUFSIZE to 64KB
urldata: remove unused pipe_broke struct field
vtls: reinstantiate engine on duplicated handles
windows: implement send buffer tuning
wolfSSL/CyaSSL: Fix memory leak in Curl_cyassl_random

Fixed in 7.61.0 - July 11 2018

Changes:
getinfo: add microsecond precise timers for seven intervals
curl: show headers in bold, switch off with --no-styled-output
httpauth: add support for Bearer tokens
Add CURLOPT_TLS13_CIPHERS and CURLOPT_PROXY_TLS13_CIPHERS
curl: --tls13-ciphers and --proxy-tls13-ciphers
Add CURLOPT_DISALLOW_USERNAME_IN_URL
curl: --disallow-username-in-url

Bugfixes:
CVE-2018-0500: smtp: fix SMTP send buffer overflow
schannel: disable client cert option if APIs not available
schannel: disable manual verify if APIs not available
tests/libtest/Makefile: Do not unconditionally add gcc-specific flags
openssl: acknowledge --tls-max for default version too
stub_gssapi: fix 'unused parameter' warnings
examples/progressfunc: make it build on both new and old libcurls
docs: mention it is HA Proxy protocol "version 1"
curl_fnmatch: only allow two asterisks for matching
docs: clarify CURLOPT_HTTPGET
configure: replace a AC_TRY_RUN with CURL_RUN_IFELSE
configure: do compile-time SIZEOF checks instead of run-time
checksrc: make sure sizeof() is used *with* parentheses
CURLOPT_ACCEPT_ENCODING.3: add brotli and clarify a bit
schannel: make CAinfo parsing resilient to CR/LF
tftp: make sure error is zero terminated before printfing it
http resume: skip body if http code 416 (range error) is ignored
configure: add basic test of --with-ssl prefix
cmake: set -d postfix for debug builds
multi: provide a socket to wait for in Curl_protocol_getsock
content_encoding: handle zlib versions too old for Z_BLOCK
winbuild: only delete OUTFILE if it exists
winbuild: In MakefileBuild.vc fix typo DISTDIR->DIRDIST
schannel: add failf calls for client certificate failures
cmake: Fix the test for fsetxattr and strerror_r
curl.1: Fix cmdline-opts reference errors
cmdline-opts/gen.pl: warn if mutexes: or see-also: list non-existing options
cmake: check for getpwuid_r
configure: fix ssh2 linking when built with a static mbedtls
psl: use latest psl and refresh it periodically
fnmatch: insist on escaped bracket to match
KNOWN_BUGS: restore text regarding #2101
INSTALL: LDFLAGS=-Wl,-R/usr/local/ssl/lib
configure: override AR_FLAGS to silence warning
os400: implement mime api EBCDIC wrappers
curl.rc: embed manifest for correct Windows version detection
strictness: correct {infof, failf} format specifiers
tests: update .gitignore for libtests
configure: check for declaration of getpwuid_r
fnmatch: use the system one if available
CURLOPT_RESOLVE: always purge old entry first
multi: remove a potentially bad DEBUGF()
curl_addrinfo: use same #ifdef conditions in source as header
build: remove the Borland specific makefiles
axTLS: not considered fit for use
cmdline-opts/cert-type.d: mention "p12" as a recognized type
system.h: add support for IBM xlc C compiler
tests/libtest: Add lib1521 to nodist_SOURCES
mk-ca-bundle.pl: leave certificate name untouched
boringssl + schannel: undef X509_NAME in lib/schannel.h
openssl: assume engine support in 1.0.1 or later
cppcheck: fix warnings
test 46: make test pass after year 2025
schannel: support selecting ciphers
Curl_debug: remove dead printhost code
test 1455: unflakified
Curl_init_do: handle NULL connection pointer passed in
progress: remove a set of unused defines
mk-ca-bundle.pl: make -u delete certdata.txt if found not changed
GOVERNANCE.md: explains how this project is run
configure: use pkg-config for c-ares detection
configure: enhance ability to build with static openssl
maketgz: fix sed issues on OSX
multi: fix memory leak when stopped during name resolve
CURLOPT_INTERFACE.3: interface names not supported on Windows
url: fix dangling conn->data pointer
cmake: allow multiple SSL backends
system.h: fix for gcc on 32 bit OpenServer
ConnectionExists: make sure conn->data is set when "taking" a connection
multi: fix crash due to dangling entry in connect-pending list
CURLOPT_SSL_VERIFYPEER.3: Add performance note
netrc: use a larger buffer to support longer passwords
url: check Curl_conncache_add_conn return code
configure: Add dependent libraries after crypto
easy_perform: faster local name resolves by using *multi_timeout()
getnameinfo: not used, removed all configure checks
travis: add a build using the synchronous name resolver
CURLINFO_TLS_SSL_PTR.3: improve the example
openssl: allow TLS 1.3 by default
openssl: make the requested TLS version the *minimum* wanted
openssl: Remove some dead code
telnet: fix clang warnings
DEPRECATE: new doc describing planned item removals
example/crawler.c: simple crawler based on libxml2
libssh: goto DISCONNECT state on error, not SESSION_FREE
CMake: Remove unused functions
darwinssl: allow High Sierra users to build the code using GCC
scripts: include _curl as part of CLEANFILES

Fixed in 7.60.0 - May 16 2018

Changes:
Add CURLOPT_HAPROXYPROTOCOL, support for the HAProxy PROXY protocol
Add --haproxy-protocol for the command line tool
Add CURLOPT_DNS_SHUFFLE_ADDRESSES, shuffle returned IP addresses

Bugfixes:
FTP: shutdown response buffer overflow CVE-2018-1000300
RTSP: bad headers buffer over-read CVE-2018-1000301
FTP: fix typo in recursive callback detection for seeking
test1208: marked flaky
HTTP: make header-less responses still count correct body size
user-agent.d:: mention --proxy-header as well
http2: fixes typo
cleanup: misc typos in strings and comments
rate-limit: use three second window to better handle high speeds
examples/hiperfifo.c: improved
pause: when changing pause state, update socket state
multi: improved pending transfers handling => improved performance
curl_version_info.3: fix ssl_version description
add_handle/easy_perform: clear errorbuffer on start if set
darwinssl: fix iOS build
cmake: add support for brotli
parsedate: support UT timezone
vauth/ntlm.h: fix the #ifdef header guard
lib/curl_path.h: added #ifdef header guard
vauth/cleartext: fix integer overflow check
CURLINFO_COOKIELIST.3: made the example not leak memory
cookie.d: mention that "-" as filename means stdin
CURLINFO_SSL_VERIFYRESULT.3: fixed the example
http2: read pending frames (including GOAWAY) in connection-check
timeval: remove compilation warning by casting
cmake: avoid warn-as-error during config checks
travis-ci: enable -Werror for CMake builds
openldap: fix for NULL return from ldap_get_attribute_ber()
threaded resolver: track resolver time and set suitable timeout values
cmake: Add advapi32 as explicit link library for win32
docs: fix CURLINFO_*_T examples use of CURL_FORMAT_CURL_OFF_T
test1148: set a fixed locale for the test
cookies: when reading from a file, only remove_expired once
cookie: store cookies per top-level-domain-specific hash table
openssl: fix build with LibreSSL 2.7
tls: fix mbedTLS 2.7.0 build + handle sha256 failures
openssl: RESTORED verify locations when verifypeer==0
file: restore old behavior for file:////foo/bar URLs
FTP: allow PASV on IPv6 connections when a proxy is being used
build-openssl.bat: allow custom paths for VS and perl
winbuild: make the clean target work without build-type
build-openssl.bat: Refer to VS2017 as VC14.1 instead of VC15
curl: retry on FTP 4xx, ignore other protocols
configure: detect (and use) sa_family_t
examples/sftpuploadresume: Fix Windows large file seek
build: cleanup to fix clang warnings/errors
winbuild: updated the documentation
lib: silence null-dereference warnings
travis: bump to clang 6 and gcc 7
travis: build libpsl and make builds use it
proxy: show getenv proxy use in verbose output
duphandle: make sure CURLOPT_RESOLVE is duplicated
all: Refactor malloc+memset to use calloc
checksrc: Fix typo
system.h: Add sparcv8plus to oracle/sunpro 32-bit detection
vauth: Fix typo
ssh: show libSSH2 error code when closing fails
test1148: tolerate progress updates better
urldata: make service names unconditional
configure: keep LD_LIBRARY_PATH changes local
ntlm_sspi: fix authentication using Credential Manager
schannel: add client certificate authentication
winbuild: Support custom devel paths for each dependency
schannel: add support for CURLOPT_CAINFO
http2: handle on_begin_headers() called more than once
openssl: support OpenSSL 1.1.1 verbose-mode trace messages
openssl: fix subjectAltName check on non-ASCII platforms
http2: avoid strstr() on data not zero terminated
http2: clear the "drain counter" when a stream is closed
http2: handle GOAWAY properly
tool_help: clarify --max-time unit of time is seconds
curl.1: clarify that options and URLs can be mixed
http2: convert an assert to run-time check
curl_global_sslset: always provide available backends
ftplistparser: keep state between invokes
Curl_memchr: zero length input can't match
examples/sftpuploadresume: typecast fseek argument to long
examples/http2-upload: expand buffer to avoid silly warning
ctype: restore character classification for non-ASCII platforms
mime: avoid NULL pointer dereference risk
cookies: ensure that we have cookies before writing jar
os400.c: fix checksrc warnings
configure: provide --with-wolfssl as an alias for --with-cyassl
cyassl: adapt to libraries without TLS 1.0 support built-in
http2: get rid of another strstr
checksrc: force indentation of lines after an else
cookies: remove unused macro
CURLINFO_PROTOCOL.3: mention the existing defined names
tests: provide 'manual' as a feature to optionally require
travis: enable libssh2 on both macos and Linux
CURLOPT_URL.3: added ENCODING section
wolfssl: Fix non-blocking connect
vtls: don't define MD5_DIGEST_LENGTH for wolfssl
docs: remove extraneous commas in man pages
URL: fix ASCII dependency in strcpy_url and strlen_url
ssh-libssh.c: fix left shift compiler warning
configure: only check for CA bundle for file-using SSL backends
travis: add an mbedtls build
http: don't set the "rewind" flag when not uploading anything
configure: put CURLDEBUG and DEBUGBUILD in lib/curl_config.h
transfer: don't unset writesockfd on setup of multiplexed conns
vtls: use unified "supports" bitfield member in backends
URLs: fix one more http url
travis: add a build using WolfSSL
openssl: change FILE ops to BIO ops
travis: add build using NSS
smb: reject negative file sizes
cookies: accept parameter names as cookie name
http2: getsock fix for uploads
all over: fixed format specifiers
http2: use the correct function pointer typedef

Fixed in 7.59.0 - March 14 2018

Changes:
curl: add --proxy-pinnedpubkey
added: CURLOPT_TIMEVALUE_LARGE and CURLINFO_FILETIME_T
CURLOPT_RESOLVE: Add support for multiple IP addresses per entry
Add option CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS
Add new tool option --happy-eyeballs-timeout-ms
Add CURLOPT_RESOLVER_START_FUNCTION and CURLOPT_RESOLVER_START_DATA

Bugfixes:
openldap: check ldap_get_attribute_ber() results for NULL before using
FTP: reject path components with control codes
readwrite: make sure excess reads don't go beyond buffer end
lib555: drop text conversion and encode data as ascii codes
lib517: make variable static to avoid compiler warning
lib544: sync ascii code data with textual data
GSKit: restore pinnedpubkey functionality
darwinssl: Don't import client certificates into Keychain on macOS
parsedate: fix date parsing for systems with 32 bit long
openssl: fix pinned public key build error in FIPS mode
SChannel/WinSSL: Implement public key pinning
cookies: remove verbose "cookie size:" output
progress-bar: don't use stderr explicitly, use bar->out
Fixes for MSDOS
build: open VC15 projects with VS 2017
curl_ctype: private is*() type macros and functions
configure: set PATH_SEPARATOR to colon for PATH w/o separator
winbuild: make linker generate proper PDB
curl_easy_reset: clear digest auth state
curl/curl.h: fix comment typo for CURLOPT_DNS_LOCAL_IP6
range: commonize FTP and FILE range handling
progress-bar docs: update to match implementation
fnmatch: do not match the empty string with a character set
fnmatch: accept an alphanum to be followed by a non-alphanum in char set
build: fix termios issue on android cross-compile
getdate: return -1 for out of range
formdata: use the mime-content type function
time-cond: fix reading the file modification time on Windows
build-openssl.bat: Extend VC15 support to include Enterprise and Professional
build-wolfssl.bat: Extend VC15 support to include Enterprise and Professional
openssl: Don't add verify locations when verifypeer==0
fnmatch: optimize processing of consecutive *s and ?s pattern characters
schannel: fix compiler warnings
content_encoding: Add "none" alias to "identity"
get_posix_time: only check for overflows if they can happen
http_chunks: don't write chunks twice with CURLOPT_HTTP_TRANSFER_DECODING
README: language fix
sha256: build with OpenSSL < 0.9.8
smtp: fix processing of initial dot in data
--tlsauthtype: works only if libcurl is built with TLS-SRP support
tests: new tests for http raw mode
libcurl-security.3: man page discussion security concerns when using libcurl
curl_gssapi: make sure this file too uses our *printf()
BINDINGS: fix curb link (and remove ruby-curl-multi)
nss: use PK11_CreateManagedGenericObject() if available
travis: add build with iconv enabled
ssh: add two missing state names
CURLOPT_HEADERFUNCTION.3: mention folded headers
http: fix the max header length detection logic
header callback: don't chop headers into smaller pieces
CURLOPT_HEADER.3: clarify problems with different data sizes
curl --version: show PSL if the run-time lib has it enabled
examples/sftpuploadresume: resume upload via CURLOPT_APPEND
Return error if called recursively from within callbacks
sasl: prefer PLAIN mechanism over LOGIN
winbuild: Use CALL to run batch scripts
curl_share_setopt.3: connection cache is shared within multi handles
winbuild: Use macros for the names of some build utilities
projects/README: remove reference to dead IDN link/package
lib655: silence compiler warning
configure: Fix version check for OpenSSL 1.1.1
docs/MANUAL: formfind.pl is not accessible on the site anymore
unit1309: fix warning on Windows x64
unit1307: proper cleanup on OOM to fix torture tests
curl_ctype: fix macro redefinition warnings
build: get CFLAGS (including -werror) used for examples and tests
NO_PROXY: fix for IPv6 numericals in the URL
krb5: use nondeprecated functions
winbuild: prefer documented zlib library names
http2: mark the connection for close on GOAWAY
limit-rate: kick in even before "limit" data has been received
HTTP: allow "header;" to replace an internal header with a blank one
http2: verbose output new MAX_CONCURRENT_STREAMS values
SECURITY: distros' max embargo time is 14 days
curl tool: accept --compressed also if Brotli is enabled and zlib is not
WolfSSL: adding TLSv1.3
checksrc.pl: add -i and -m options
CURLOPT_COOKIEFILE.3: "-" as file name means stdin
Kliknij aby rozwinąć...

Zaloguj lub Zarejestruj się aby zobaczyć!
 
Musisz się zalogować lub zarejestrować aby odpowiedzieć

Podobne tematy:

Grandalf
MAMP
Odpowiedzi
0
Wyświetleń
461
Grandalf
Grandalf
Do góry