forked from curl/curl-www
-
Notifications
You must be signed in to change notification settings - Fork 0
/
_changes.html
7285 lines (7106 loc) · 445 KB
/
_changes.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
#include "_doctype.html"
<html lang="en">
<head> <title>curl - Changes</title>
#include "css.t"
</HEAD>
#define CURL_CHANGES
#define CURL_URL changes.html
#include "_menu.html"
#include "setup.t"
WHERE1(Changes)
<a name="changes"></a>
TITLE(Changelog)
<div class="relatedbox">
<b>Related:</b>
<br><a href="/snapshots/">Daily Snapshots</a>
<br><a href="/source.html">Source repo</a>
<br><a href="/docs/security.html">Security</a>
<br><a href="/docs/vulnerabilities.html">Vulnerabilities</a>
<br><a href="/docs/releases.html">Releaselog</a>
<br><a href="/dev/release-notes.html">Pending Release Notes</a>
</div>
#if 0
<a name="9_19_19"></a>
SUBTITLE(-- Fixed in 7.20.0 - February 9 2011)
<p> Changes:
<ul class="changes">
CHG change
</ul>
<p> Bugfixes:
<ul class="bugfixes">
BGF fix
</ul>
#endif
#define CHG <li>
#define BGF <li>
<a name="7_64_0"></a>
SUBTITLE(Fixed in 7.64.0 - February 6 2019)
<p> Changes:
<ul class="changes">
CHG <a href="https://curl.haxx.se/bug/?i=2956">cookies: leave secure cookies alone</a>
CHG <a href="https://curl.haxx.se/bug/?i=3406">hostip: support wildcard hosts</a>
CHG <a href="https://curl.haxx.se/bug/?i=3350">http: Implement trailing headers for chunked transfers</a>
CHG <a href="https://curl.haxx.se/bug/?i=2873">http: added options for allowing HTTP/0.9 responses</a>
CHG <a href="https://curl.haxx.se/bug/?i=3318">timeval: Use high resolution timestamps on Windows</a>
</ul>
<p> Bugfixes:
<ul class="bugfixes">
BGF <a href="https://curl.haxx.se/docs/CVE-2018-16890.html">CVE-2018-16890: NTLM type-2 out-of-bounds buffer read</a>
BGF <a href="https://curl.haxx.se/docs/CVE-2019-3822.html">CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow</a>
BGF <a href="https://curl.haxx.se/docs/CVE-2019-3823.html">CVE-2019-3823: SMTP end-of-response out-of-bounds read</a>
BGF <a href="https://curl.haxx.se/bug/?i=3410">FAQ: remove mention of sourceforge for github</a>
BGF <a href="https://curl.haxx.se/bug/?i=3372">OS400: handle memory error in list conversion</a>
BGF OS400: upgrade ILE/RPG binding.
BGF README: add codacy code quality badge
BGF <a href="https://curl.haxx.se/bug/?i=3384">Revert http_negotiate: do not close connection</a>
BGF THANKS: added several missing names from year <= 2000
BGF build: make 'tidy' target work for metalink builds
BGF <a href="https://curl.haxx.se/bug/?i=3459">cmake: added checks for variadic macros</a>
BGF <a href="https://curl.haxx.se/bug/?i=3292">cmake: updated check for HAVE_POLL_FINE to match autotools</a>
BGF <a href="https://curl.haxx.se/bug/?i=3196">cmake: use lowercase for function name like the rest of the code</a>
BGF <a href="https://curl.haxx.se/bug/?i=3474">configure: detect xlclang separately from clang</a>
BGF <a href="https://curl.haxx.se/bug/?i=3484">configure: fix recv/send/select detection on Android</a>
BGF <a href="https://curl.haxx.se/bug/?i=3497">configure: rewrite --enable-code-coverage</a>
BGF conncache_unlock: avoid indirection by changing input argument type
BGF <a href="https://curl.haxx.se/bug/?i=3469">cookie: fix comment typo</a>
BGF <a href="https://curl.haxx.se/bug/?i=3445">cookies: allow secure override when done over HTTPS</a>
BGF <a href="https://curl.haxx.se/bug/?i=2964">cookies: extend domain checks to non psl builds</a>
BGF <a href="https://curl.haxx.se/bug/?i=3417">cookies: skip custom cookies when redirecting cross-site</a>
BGF <a href="https://curl.haxx.se/bug/?i=3423">curl --xattr: strip credentials from any URL that is stored</a>
BGF <a href="https://curl.haxx.se/bug/?i=3380">curl -J: refuse to append to the destination file</a>
BGF <a href="https://curl.haxx.se/bug/?i=3438">curl/urlapi.h: include "curl.h" first</a>
BGF <a href="https://curl.haxx.se/bug/?i=3371">curl_multi_remove_handle() don't block terminating c-ares requests</a>
BGF <a href="https://curl.haxx.se/bug/?i=3367">darwinssl: accept setting max-tls with default min-tls</a>
BGF <a href="https://curl.haxx.se/bug/?i=3400">disconnect: separate connections and easy handles better</a>
BGF disconnect: set conn->data for protocol disconnect
BGF <a href="https://curl.haxx.se/bug/?i=3432">docs/version.d: mention MultiSSL</a>
BGF <a href="https://curl.haxx.se/bug/?i=3368">docs: fix the --tls-max description</a>
BGF <a href="https://curl.haxx.se/bug/?i=3518">docs: use $(INSTALL_DATA) to install man page</a>
BGF <a href="https://curl.haxx.se/bug/?i=3513">docs: use meaningless port number in CURLOPT_LOCALPORT example</a>
BGF <a href="https://curl.haxx.se/bug/?i=3369">gopher: always include the entire gopher-path in request</a>
BGF <a href="https://curl.haxx.se/bug/?i=3392">http2: clear pause stream id if it gets closed</a>
BGF <a href="https://curl.haxx.se/bug/?i=3401">if2ip: remove unused function Curl_if_is_interface_name</a>
BGF <a href="https://curl.haxx.se/bug/?i=3491">libssh: do not let libssh create socket</a>
BGF <a href="https://curl.haxx.se/bug/?i=3493">libssh: enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION for libssh</a>
BGF <a href="https://curl.haxx.se/bug/?i=3402">libssh: free sftp_canonicalize_path() data correctly</a>
BGF <a href="https://curl.haxx.se/mail/lib-2019-01/0000.html">libtest/stub_gssapi: use "real" snprintf</a>
BGF <a href="https://curl.haxx.se/bug/?i=3376">mbedtls: use VERIFYHOST</a>
BGF <a href="https://curl.haxx.se/bug/?i=3436">multi: multiplexing improvements</a>
BGF <a href="https://curl.haxx.se/mail/lib-2019-01/0073.html">multi: set the EXPIRE_*TIMEOUT timers at TIMER_STARTSINGLE time</a>
BGF <a href="https://curl.haxx.se/bug/?i=3286">ntlm: fix NTMLv2 compliance</a>
BGF <a href="https://curl.haxx.se/bug/?i=3280">ntlm_sspi: add support for channel binding</a>
BGF <a href="https://curl.haxx.se/bug/?i=3462">openssl: adapt to 3.0.0, OpenSSL_version_num() is deprecated</a>
BGF <a href="https://curl.haxx.se/bug/?i=3477">openssl: fix the SSL_get_tlsext_status_ocsp_resp call</a>
BGF <a href="https://curl.haxx.se/bug/?i=3407">openvms: fix OpenSSL discovery on VAX</a>
BGF openvms: fix typos in documentation
BGF <a href="https://curl.haxx.se/bug/?i=3453">os400: add a missing closing bracket</a>
BGF <a href="https://curl.haxx.se/bug/?i=3453">os400: fix extra parameter syntax error</a>
BGF pingpong: change default response timeout to 120 seconds
BGF <a href="https://curl.haxx.se/bug/?i=3264">pingpong: ignore regular timeout in disconnect phase</a>
BGF <a href="https://curl.haxx.se/bug/?i=3426">printf: fix format specifiers</a>
BGF <a href="https://curl.haxx.se/bug/?i=3496">runtests.pl: Fix perl call to include srcdir</a>
BGF <a href="https://curl.haxx.se/bug/?i=3435">schannel: fix compiler warning</a>
BGF <a href="https://curl.haxx.se/bug/?i=3480">schannel: preserve original certificate path parameter</a>
BGF <a href="https://curl.haxx.se/bug/?i=3504">schannel: stop calling it "winssl"</a>
BGF <a href="https://curl.haxx.se/bug/?i=3502">sigpipe: if mbedTLS is used, ignore SIGPIPE</a>
BGF <a href="https://curl.haxx.se/bug/?i=3388">smb: fix incorrect path in request if connection reused</a>
BGF <a href="https://curl.haxx.se/bug/?i=3481">ssh: log the libssh2 error message when ssh session startup fails</a>
BGF <a href="https://curl.haxx.se/bug/?i=3447">test1558: verify CURLINFO_PROTOCOL on file:// transfer</a>
BGF test1561: improve test name
BGF test1653: make it survive torture tests
BGF <a href="https://curl.haxx.se/bug/?i=3443">tests: allow tests to pass by 2037-02-12</a>
BGF <a href="https://curl.haxx.se/bug/?i=3470">tests: move objnames-* from lib into tests</a>
BGF <a href="https://curl.haxx.se/bug/?i=3449">timediff: fix math for unsigned time_t</a>
BGF <a href="https://curl.haxx.se/bug/?i=3437">timeval: Disable MSVC Analyzer GetTickCount warning</a>
BGF <a href="https://curl.haxx.se/bug/?i=3456">tool_cb_prg: avoid integer overflow</a>
BGF <a href="https://curl.haxx.se/bug/?i=3468">travis: added cmake build for osx</a>
BGF <a href="https://curl.haxx.se/bug/?i=3365">urlapi: Fix port parsing of eol colon</a>
BGF <a href="https://curl.haxx.se/bug/?i=3369">urlapi: distinguish possibly empty query</a>
BGF <a href="https://curl.haxx.se/bug/?i=3411">urlapi: fix parsing ipv6 with zone index</a>
BGF <a href="https://curl.haxx.se/bug/?i=3442">urldata: rename easy_conn to just conn</a>
BGF <a href="https://curl.haxx.se/bug/?i=3133">winbuild: conditionally use /DZLIB_WINAPI</a>
BGF <a href="https://curl.haxx.se/bug/?i=3395">wolfssl: fix memory-leak in threaded use</a>
BGF <a href="https://curl.haxx.se/bug/?i=3503">spnego_sspi: add support for channel binding</a>
</ul>
<a name="7_63_0"></a>
SUBTITLE(Fixed in 7.63.0 - December 12 2018)
<p> Changes:
<ul class="changes">
CHG <a href="https://curl.haxx.se/bug/?i=3115">curl: add %{stderr} and %{stdout} for --write-out</a>
CHG <a href="https://curl.haxx.se/bug/?i=3208">curl: add undocumented option --dump-module-paths for win32</a>
CHG <a href="https://curl.haxx.se/bug/?i=3227">setopt: add CURLOPT_CURLU</a>
</ul>
<p> Bugfixes:
<ul class="bugfixes">
BGF <a href="https://curl.haxx.se/bug/?i=3348">(lib)curl.rc: fixup for minor bugs</a>
BGF <a href="https://curl.haxx.se/bug/?i=3340">CURLINFO_REDIRECT_URL: extract the Location: header field unvalidated</a>
BGF <a href="https://curl.haxx.se/bug/?i=3295">CURLOPT_HEADERFUNCTION.3: match 'nitems' name in synopsis and description</a>
BGF CURLOPT_WRITEFUNCTION.3: spell out that it gets called many times
BGF <a href="https://curl.haxx.se/bug/?i=3210">Curl_follow: accept non-supported schemes for "fake" redirects</a>
BGF <a href="https://curl.haxx.se/bug/?i=876">KNOWN_BUGS: add --proxy-any connection issue</a>
BGF <a href="https://curl.haxx.se/bug/?i=3269">NTLM: Remove redundant ifdef USE_OPENSSL</a>
BGF <a href="https://curl.haxx.se/bug/?i=3345">NTLM: force the connection to HTTP/1.1</a>
BGF OS400: add URL API ccsid wrappers and sync ILE/RPG bindings
BGF <a href="https://curl.haxx.se/bug/?i=3311">SECURITY-PROCESS: bountygraph shuts down again</a>
BGF <a href="https://curl.haxx.se/bug/?i=3232">TODO: Have the URL API offer IDN decoding</a>
BGF <a href="https://curl.haxx.se/bug/?i=3238">ares: remove fd from multi fd set when ares is about to close the fd</a>
BGF <a href="https://curl.haxx.se/bug/?i=3194">axtls: removed</a>
BGF <a href="https://curl.haxx.se/bug/?i=3303">checksrc: add COPYRIGHTYEAR check</a>
BGF <a href="https://curl.haxx.se/bug/?i=3316">cmake: fix MIT/Heimdal Kerberos detection</a>
BGF <a href="https://curl.haxx.se/bug/?i=3193">configure: include all libraries in ssl-libs fetch</a>
BGF <a href="https://curl.haxx.se/bug/?i=3207">configure: show CFLAGS, LDFLAGS etc in summary</a>
BGF <a href="https://curl.haxx.se/bug/?i=3323">connect: fix building for recent versions of Minix</a>
BGF <a href="https://curl.haxx.se/bug/?i=3299">cookies: create the cookiejar even if no cookies to save</a>
BGF <a href="https://curl.haxx.se/bug/?i=3351">cookies: expire "Max-Age=0" immediately</a>
BGF <a href="https://curl.haxx.se/bug/?i=3251">curl: --local-port range was not "including"</a>
BGF <a href="https://curl.haxx.se/bug/?i=3242">curl: fix --local-port integer overflow</a>
BGF <a href="https://curl.haxx.se/bug/?i=3322">curl: fix memory leak reading --writeout from file</a>
BGF <a href="https://curl.haxx.se/bug/?i=3211">curl: fixed UTF-8 in current console code page (Windows)</a>
BGF <a href="https://curl.haxx.se/bug/?i=3305">curl_easy_perform: fix timeout handling</a>
BGF <a href="https://curl.haxx.se/bug/?i=3346">curl_global_sslset(): id == -1 is not necessarily an error</a>
BGF <a href="https://curl.haxx.se/bug/?i=3209">curl_multibyte: fix a malloc overcalculation</a>
BGF <a href="https://curl.haxx.se/bug/?i=3291">curle: move deprecated error code to ifndef block</a>
BGF <a href="https://curl.haxx.se/bug/?i=3361">docs: curl_formadd field and file names are now escaped</a>
BGF <a href="https://curl.haxx.se/bug/?i=3246">docs: escape "\n" codes</a>
BGF <a href="https://curl.haxx.se/bug/?i=3342">doh: fix memory leak in OOM situation</a>
BGF <a href="https://curl.haxx.se/bug/?i=3325">doh: make it work for h2-disabled builds too</a>
BGF examples/ephiperfifo: report error when epoll_ctl fails
BGF <a href="https://curl.haxx.se/bug/?i=3225">ftp: avoid two unsigned int overflows in FTP listing parser</a>
BGF <a href="https://curl.haxx.se/bug/?i=3022">host names: allow trailing dot in name resolve, then strip it</a>
BGF <a href="https://curl.haxx.se/bug/?i=3349">http2: Upon HTTP_1_1_REQUIRED, retry the request with HTTP/1.1</a>
BGF <a href="https://curl.haxx.se/bug/?i=3359">http: don't set CURLINFO_CONDITION_UNMET for http status code 204</a>
BGF <a href="https://curl.haxx.se/bug/?i=3353">http: fix HTTP Digest auth to include query in URI</a>
BGF <a href="https://curl.haxx.se/bug/?i=3275">http_negotiate: do not close connection until negotiation is completed</a>
BGF <a href="https://curl.haxx.se/bug/?i=3276">impacket: add LICENSE</a>
BGF <a href="https://curl.haxx.se/bug/?i=3216">infof: clearly indicate truncation</a>
BGF <a href="https://curl.haxx.se/bug/?i=3362">ldap: fix LDAP URL parsing regressions</a>
BGF <a href="https://curl.haxx.se/bug/?i=3240">libcurl: stop reading from paused transfers</a>
BGF <a href="https://curl.haxx.se/bug/?i=3184">mprintf: avoid unsigned integer overflow warning</a>
BGF <a href="https://curl.haxx.se/bug/?i=3213">netrc: don't ignore the login name specified with "--user"</a>
BGF <a href="https://curl.haxx.se/bug/?i=3261">nss: Fall back to latest supported SSL version</a>
BGF <a href="https://curl.haxx.se/bug/?i=3337">nss: Fix compatibility with nss versions 3.14 to 3.15</a>
BGF nss: fix fallthrough comment to fix picky compiler warning
BGF <a href="https://curl.haxx.se/bug/?i=3262">nss: remove version selecting dead code</a>
BGF <a href="https://curl.haxx.se/bug/?i=3261">nss: set default max-tls to 1.3/1.2</a>
BGF <a href="https://curl.haxx.se/bug/?i=3270">openssl: Remove SSLEAY leftovers</a>
BGF <a href="https://curl.haxx.se/bug/?i=3281">openssl: do not log excess "TLS app data" lines for TLS 1.3</a>
BGF <a href="https://curl.haxx.se/bug/?i=3339">openssl: do not use file BIOs if not requested</a>
BGF <a href="https://curl.haxx.se/bug/?i=3337">openssl: fix unused variable compiler warning with old openssl</a>
BGF <a href="https://curl.haxx.se/bug/?i=3202">openssl: support session resume with TLS 1.3</a>
BGF <a href="https://curl.haxx.se/bug/?i=3217">openvms: fix example name</a>
BGF os400: Add curl_easy_conn_upkeep() to ILE/RPG binding
BGF os400: add CURLOPT_CURLU to ILE/RPG binding
BGF os400: fix return type of curl_easy_pause() in ILE/RPG binding
BGF <a href="https://curl.haxx.se/bug/?i=3331">packages: remove old leftover files and dirs</a>
BGF <a href="https://curl.haxx.se/bug/?i=3278">pop3: only do APOP with a valid timestamp</a>
BGF <a href="https://curl.haxx.se/mail/lib-2018-10/0118.html">runtests: use the local curl for verifying</a>
BGF <a href="https://curl.haxx.se/bug/?i=3243">schannel: be consistent in Schannel capitalization</a>
BGF <a href="https://curl.haxx.se/bug/?i=3197">schannel: better CURLOPT_CERTINFO support</a>
BGF <a href="https://curl.haxx.se/bug/?i=3201">schannel: use Curl_ prefix for global private symbols</a>
BGF <a href="https://curl.haxx.se/bug/?i=3296">snprintf: renamed and we now only use msnprintf()</a>
BGF <a href="https://curl.haxx.se/bug/?i=3266">ssl: fix compilation with OpenSSL 0.9.7</a>
BGF <a href="https://curl.haxx.se/bug/?i=3291">ssl: replace all internal uses of CURLE_SSL_CACERT</a>
BGF <a href="https://curl.haxx.se/bug/?i=3226">symbols-in-versions: add missing CURLU_ symbols</a>
BGF <a href="https://curl.haxx.se/bug/?i=3317">test328: verify Content-Encoding: none</a>
BGF tests: disable SO_EXCLUSIVEADDRUSE for stunnel on Windows
BGF <a href="https://curl.haxx.se/bug/?i=3204">tests: drop http_pipe.py script no longer used</a>
BGF <a href="https://curl.haxx.se/bug/?i=3263">tool_cb_wrt: Silence function cast compiler warning</a>
BGF <a href="https://curl.haxx.se/bug/?i=3254">tool_doswin: Fix uninitialized field warning</a>
BGF <a href="https://curl.haxx.se/bug/?i=3190">travis: build with clang sanitizers</a>
BGF <a href="https://curl.haxx.se/bug/?i=3198">travis: remove curl before a normal build</a>
BGF <a href="https://curl.haxx.se/bug/?i=3220">url: a short host name + port is not a scheme</a>
BGF <a href="https://curl.haxx.se/bug/?i=3218">url: fix IPv6 numeral address parser</a>
BGF <a href="https://curl.haxx.se/bug/?i=3231">urlapi: only skip encoding the first '=' with APPENDQUERY set</a>
</ul>
<a name="7_62_0"></a>
SUBTITLE(Fixed in 7.62.0 - October 31 2018)
<p> Changes:
<ul class="changes">
CHG <a href="https://curl.haxx.se/bug/?i=2709">multiplex: enable by default</a>
CHG <a href="https://curl.haxx.se/bug/?i=2709">url: default to CURL_HTTP_VERSION_2TLS if built h2-enabled</a>
CHG <a href="https://curl.haxx.se/bug/?i=2668">setopt: add CURLOPT_DOH_URL</a>
CHG <a href="https://curl.haxx.se/bug/?i=2668">curl: --doh-url added</a>
CHG <a href="https://curl.haxx.se/bug/?i=2896">setopt: add CURLOPT_UPLOAD_BUFFERSIZE: set upload buffer size</a>
CHG <a href="https://curl.haxx.se/bug/?i=2789">imap: change from "FETCH" to "UID FETCH"</a>
CHG <a href="https://curl.haxx.se/bug/?i=2724">configure: add option to disable automatic OpenSSL config loading</a>
CHG <a href="https://curl.haxx.se/bug/?i=1641">upkeep: add a connection upkeep API: curl_easy_upkeep()</a>
CHG <a href="https://curl.haxx.se/bug/?i=2842">URL-API: added five new functions</a>
CHG <a href="https://curl.haxx.se/bug/?i=2984">vtls: MesaLink is a new TLS backend</a>
</ul>
<p> Bugfixes:
<ul class="bugfixes">
BGF <a href="https://curl.haxx.se/docs/CVE-2018-16839.html">CVE-2018-16839: SASL password overflow via integer overflow</a>
BGF <a href="https://curl.haxx.se/docs/CVE-2018-16840.html">CVE-2018-16840: use-after-free in handle close</a>
BGF <a href="https://curl.haxx.se/docs/CVE-2018-16842.html">CVE-2018-16842: warning message out-of-buffer read</a>
BGF <a href="https://curl.haxx.se/bug/?i=2942">CURLOPT_DNS_USE_GLOBAL_CACHE: deprecated</a>
BGF <a href="https://curl.haxx.se/bug/?i=3039">Curl_dedotdotify(): always nul terminate returned string</a>
BGF <a href="https://curl.haxx.se/bug/?i=3124">Curl_follow: Always free the passed new URL</a>
BGF <a href="https://curl.haxx.se/bug/?i=3046">Curl_http2_done: fix memleak in error path</a>
BGF <a href="https://curl.haxx.se/bug/?i=3042">Curl_retry_request: fix memory leak</a>
BGF <a href="https://curl.haxx.se/bug/?i=3029">Curl_saferealloc: Fixed typo in docblock</a>
BGF <a href="https://curl.haxx.se/bug/?i=3083">FILE: fix CURLOPT_NOBODY and CURLOPT_HEADER output</a>
BGF <a href="https://curl.haxx.se/bug/?i=2971">GnutTLS: TLS 1.3 support</a>
BGF <a href="https://curl.haxx.se/bug/?i=3032">SECURITY-PROCESS: mention the bountygraph program</a>
BGF <a href="https://curl.haxx.se/bug/?i=3137">VS projects: add USE_IPV6:</a>
BGF <a href="https://curl.haxx.se/bug/?i=3113">Windows: fixes for MinGW targeting Windows Vista</a>
BGF <a href="https://curl.haxx.se/bug/?i=2972">anyauthput: fix compiler warning on 64-bit Windows</a>
BGF <a href="https://curl.haxx.se/bug/?i=3104">appveyor: add WinSSL builds</a>
BGF <a href="https://curl.haxx.se/bug/?i=3100">appveyor: run test suite (on Windows!)</a>
BGF <a href="https://curl.haxx.se/bug/?i=3014">certs: generate tests certs with sha256 digest algorithm</a>
BGF <a href="https://curl.haxx.se/bug/?i=3090">checksrc: enable strict mode and warnings</a>
BGF <a href="https://curl.haxx.se/bug/?i=3096">checksrc: handle zero scoped ignore commands</a>
BGF <a href="https://curl.haxx.se/bug/?i=3055">cmake: Backport to work with CMake 3.0 again</a>
BGF <a href="https://curl.haxx.se/bug/?i=2849">cmake: Improve config installation</a>
BGF <a href="https://curl.haxx.se/bug/?i=3123">cmake: add support for transitive ZLIB target</a>
BGF <a href="https://curl.haxx.se/bug/?i=3120">cmake: disable -Wpedantic-ms-format</a>
BGF <a href="https://curl.haxx.se/bug/?i=3001">cmake: don't require OpenSSL if USE_OPENSSL=OFF</a>
BGF <a href="https://curl.haxx.se/bug/?i=3056">cmake: fixed path used in generation of docs/tests</a>
BGF <a href="https://curl.haxx.se/bug/?i=3166">cmake: remove unused *SOCKLEN_T variables</a>
BGF cmake: suppress MSVC warning C4127 for libtest
BGF <a href="https://curl.haxx.se/bug/?i=3097">cmake: test and set missed defines during configuration</a>
BGF <a href="https://curl.haxx.se/bug/?i=3079">comment: Fix multiple typos in function parameters</a>
BGF <a href="https://curl.haxx.se/bug/?i=3162">config: Remove unused SIZEOF_VOIDP</a>
BGF <a href="https://curl.haxx.se/bug/?i=3137">config_win32: enable LDAPS</a>
BGF <a href="https://curl.haxx.se/bug/?i=2697">configure: force-use -lpthreads on HPUX</a>
BGF <a href="https://curl.haxx.se/bug/?i=3168">configure: remove CURL_CONFIGURE_CURL_SOCKLEN_T</a>
BGF <a href="https://curl.haxx.se/bug/?i=3006">configure: s/AC_RUN_IFELSE/CURL_RUN_IFELSE</a>
BGF <a href="https://curl.haxx.se/bug/?i=2962">cookies: Remove redundant expired check</a>
BGF <a href="https://curl.haxx.se/bug/?i=2957">cookies: fix leak when writing cookies to file</a>
BGF <a href="https://curl.haxx.se/bug/?i=3143">curl-config.in: remove dependency on bc</a>
BGF <a href="https://curl.haxx.se/bug/?i=3171">curl.1: --ipv6 mutexes ipv4 (fixed typo)</a>
BGF <a href="https://curl.haxx.se/bug/?i=3008">curl: enabled Windows VT Support and UTF-8 output</a>
BGF <a href="https://curl.haxx.se/bug/?i=2955">curl: update the documentation of --tlsv1.0</a>
BGF <a href="https://curl.haxx.se/bug/?i=2996">curl_multi_wait: call getsock before figuring out timeout</a>
BGF <a href="https://curl.haxx.se/bug/?i=3111">curl_ntlm_wb: check aprintf() return codes</a>
BGF <a href="https://github.com/curl/curl/issues/2924#issuecomment-424334807">curl_threads: fix classic MinGW compile break</a>
BGF <a href="https://curl.haxx.se/bug/?i=3005">darwinssl: Fix realloc memleak</a>
BGF <a href="https://curl.haxx.se/bug/?i=2901">darwinssl: more specific and unified error codes</a>
BGF <a href="https://curl.haxx.se/bug/?i=3085">data-binary.d: clarify default content-type is x-www-form-urlencoded</a>
BGF <a href="https://curl.haxx.se/bug/?i=3067">docs/BUG-BOUNTY: explain the bounty program</a>
BGF <a href="https://curl.haxx.se/bug/?i=3159">docs/CIPHERS: Mention the options used to set TLS 1.3 ciphers</a>
BGF <a href="https://curl.haxx.se/bug/?i=3178">docs/CIPHERS: fix the TLS 1.3 cipher names</a>
BGF <a href="https://curl.haxx.se/bug/?i=3077">docs/CIPHERS: mention the colon separation for OpenSSL</a>
BGF <a href="https://curl.haxx.se/bug/?i=3036">docs/examples: URL updates</a>
BGF <a href="https://curl.haxx.se/bug/?i=3121">docs: add "see also" links for SSL options</a>
BGF <a href="https://curl.haxx.se/bug/?i=2407">example/asiohiper: insert warning comment about its status</a>
BGF <a href="https://curl.haxx.se/bug/?i=3050">example/htmltidy: fix include paths of tidy libraries</a>
BGF <a href="https://curl.haxx.se/bug/?i=3033">examples/Makefile.m32: sync with core</a>
BGF <a href="https://curl.haxx.se/bug/?i=3004">examples/http2-pushinmemory: receive HTTP/2 pushed files in memory</a>
BGF <a href="https://curl.haxx.se/bug/?i=3030">examples/parseurl.c: show off the URL API</a>
BGF <a href="https://curl.haxx.se/bug/?i=2991">examples: Fix memory leaks from realloc errors</a>
BGF <a href="https://curl.haxx.se/bug/?i=2948">examples: do not wait when no transfers are running</a>
BGF <a href="https://curl.haxx.se/bug/?i=2985">ftp: include command in Curl_ftpsend sendbuffer</a>
BGF <a href="https://curl.haxx.se/bug/?i=3105">gskit: make sure to terminate version string</a>
BGF <a href="https://curl.haxx.se/bug/?i=3176">gtls: Values stored to but never read</a>
BGF <a href="https://curl.haxx.se/bug/?i=3110">hostip: fix check on Curl_shuffle_addr return value</a>
BGF <a href="https://curl.haxx.se/bug/?i=2992">http2: fix memory leaks on error-path</a>
BGF <a href="https://curl.haxx.se/bug/?i=3044">http: fix memleak in rewind error path</a>
BGF <a href="https://curl.haxx.se/bug/?i=2985">krb5: fix memory leak in krb_auth</a>
BGF <a href="https://curl.haxx.se/bug/?i=3118">ldap: show precise LDAP call in error message on Windows</a>
BGF <a href="https://curl.haxx.se/bug/?i=2979">lib: fix gcc8 warning on Windows</a>
BGF <a href="https://curl.haxx.se/bug/?i=2999">memory: add missing curl_printf header</a>
BGF <a href="https://curl.haxx.se/bug/?i=3084">memory: ensure to check allocation results</a>
BGF <a href="https://curl.haxx.se/bug/?i=3170">multi: Fix error handling in the SENDPROTOCONNECT state</a>
BGF <a href="https://curl.haxx.se/bug/?i=3063">multi: fix memory leak in content encoding related error path</a>
BGF <a href="https://curl.haxx.se/bug/?i=3138">multi: make the closure handle "inherit" CURLOPT_NOSIGNAL</a>
BGF <a href="https://curl.haxx.se/bug/?i=3122">netrc: free temporary strings if memory allocation fails</a>
BGF <a href="https://curl.haxx.se/bug/?i=3086">nss: fix nssckbi module loading on Windows</a>
BGF <a href="https://curl.haxx.se/bug/?i=3016">nss: try to connect even if libnssckbi.so fails to load</a>
BGF <a href="https://curl.haxx.se/bug/?i=2966">ntlm_wb: Fix memory leaks in ntlm_wb_response</a>
BGF <a href="https://curl.haxx.se/bug/?i=2959">ntlm_wb: bail out if the response gets overly large</a>
BGF <a href="https://curl.haxx.se/bug/?i=2983">openssl: assume engine support in 0.9.8 or later</a>
BGF <a href="https://curl.haxx.se/bug/?i=3026">openssl: enable TLS 1.3 post-handshake auth</a>
BGF <a href="https://curl.haxx.se/bug/?i=2980">openssl: fix gcc8 warning</a>
BGF <a href="https://curl.haxx.se/bug/?i=3023">openssl: load built-in engines too</a>
BGF <a href="https://curl.haxx.se/bug/?i=3176">openssl: make 'done' a proper boolean</a>
BGF <a href="https://curl.haxx.se/bug/?i=3178">openssl: output the correct cipher list on TLS 1.3 error</a>
BGF <a href="https://curl.haxx.se/bug/?i=2901">openssl: return CURLE_PEER_FAILED_VERIFICATION on failure to parse issuer</a>
BGF <a href="https://curl.haxx.se/bug/?i=2989">openssl: show "proper" version number for libressl builds</a>
BGF <a href="https://curl.haxx.se/bug/?i=2705">pipelining: deprecated</a>
BGF rand: add comment to skip a clang-tidy false positive
BGF <a href="https://curl.haxx.se/bug/?i=3155">rtmp: fix for compiling with lwIP</a>
BGF <a href="https://curl.haxx.se/bug/?i=3075">runtests: ignore disabled even when ranges are given</a>
BGF <a href="https://curl.haxx.se/bug/?i=2394">runtests: skip ld_preload tests on macOS</a>
BGF runtests: use Windows paths for Windows curl
BGF <a href="https://curl.haxx.se/bug/?i=2901">schannel: unified error code handling</a>
BGF <a href="https://curl.haxx.se/bug/?i=2986">sendf: Fix whitespace in infof/failf concatenation</a>
BGF <a href="https://curl.haxx.se/bug/?i=3179">ssh: free the session on init failures</a>
BGF <a href="https://curl.haxx.se/bug/?i=2901">ssl: deprecate CURLE_SSL_CACERT in favour of a unified error code</a>
BGF <a href="https://curl.haxx.se/bug/?i=3181">system.h: use proper setting with Sun C++ as well</a>
BGF <a href="https://github.com/curl/curl/issues/1751#issuecomment-321522580">test1299: use single quotes around asterisk</a>
BGF <a href="https://curl.haxx.se/bug/?i=2941">test1452: mark as flaky</a>
BGF <a href="https://curl.haxx.se/bug/?i=3163">test1651: unit test Curl_extract_certinfo()</a>
BGF <a href="https://curl.haxx.se/bug/?i=3093">test320: strip out more HTML when comparing</a>
BGF <a href="https://curl.haxx.se/bug/?i=2929">tests/negtelnetserver.py: fix Python2-ism in neg TELNET server</a>
BGF <a href="https://curl.haxx.se/bug/?i=2937">tests: add unit tests for url.c</a>
BGF <a href="https://curl.haxx.se/bug/?i=3048">timeval: fix use of weak symbol clock_gettime() on Apple platforms</a>
BGF <a href="https://curl.haxx.se/bug/?i=3140">tool_cb_hdr: handle failure of rename()</a>
BGF <a href="https://curl.haxx.se/bug/?i=3182">travis: add a "make tidy" build that runs clang-tidy</a>
BGF <a href="https://curl.haxx.se/bug/?i=3144">travis: add build for "configure --disable-verbose"</a>
BGF <a href="https://curl.haxx.se/bug/?i=3062">travis: bump the Secure Transport build to use xcode</a>
BGF <a href="https://curl.haxx.se/bug/?i=3126">travis: make distcheck scan for BOM markers</a>
BGF <a href="https://curl.haxx.se/bug/?i=3182">unit1300: fix stack-use-after-scope AddressSanitizer warning</a>
BGF urldata: Fix "connecting" comment
BGF <a href="https://curl.haxx.se/bug/?i=2763">urlglob: improve error message on bad globs</a>
BGF <a href="https://curl.haxx.se/bug/?i=2969">vtls: fix ssl version "or later" behavior change for many backends</a>
BGF <a href="https://curl.haxx.se/bug/?i=3102">x509asn1: Fix SAN IP address verification</a>
BGF <a href="https://curl.haxx.se/bug/?i=3163">x509asn1: always check return code from getASN1Element()</a>
BGF <a href="https://curl.haxx.se/bug/?i=2901">x509asn1: return CURLE_PEER_FAILED_VERIFICATION on failure to parse cert</a>
BGF <a href="https://curl.haxx.se/bug/?i=3163">x509asn1: suppress left shift on signed value</a>
</ul>
<a name="7_61_1"></a>
SUBTITLE(Fixed in 7.61.1 - September 5 2018)
<p> Bugfixes:
<ul class="bugfixes">
BGF <a href="https://curl.haxx.se/docs/CVE-2018-14618.html">security advisory (CVE-2018-14618): NTLM password overflow via integer overflow</a>
BGF <a href="https://curl.haxx.se/bug/?i=2847">CURLINFO_SIZE_UPLOAD: fix missing counter update</a>
BGF CURLOPT_ACCEPT_ENCODING.3: list them comma-separated
BGF <a href="https://curl.haxx.se/bug/?i=2915">CURLOPT_SSL_CTX_FUNCTION.3: might cause accidental connection reuse</a>
BGF <a href="https://curl.haxx.se/bug/?i=2733">Curl_getoff_all_pipelines: improved for multiplexed</a>
BGF DEPRECATE: remove release date from 7.62.0
BGF <a href="https://curl.haxx.se/bug/?i=2798">HTTP: Don't attempt to needlessly decompress redirect body</a>
BGF <a href="https://curl.haxx.se/bug/?i=2890">INTERNALS: require GnuTLS >= 2.11.3</a>
BGF <a href="https://curl.haxx.se/bug/?i=2857">README.md: add LGTM.com code quality grade for C/C++</a>
BGF SSLCERTS: improve the openssl command line
BGF <a href="https://curl.haxx.se/bug/?i=2860">Silence GCC 8 cast-function-type warnings</a>
BGF <a href="https://curl.haxx.se/bug/?i=2733">ares: check for NULL in completed-callback</a>
BGF <a href="https://curl.haxx.se/bug/?i=2852">asyn-thread: Remove unused macro</a>
BGF <a href="https://curl.haxx.se/bug/?i=2754">auth: only pick CURLAUTH_BEARER if we *have* a Bearer token</a>
BGF <a href="https://curl.haxx.se/bug/?i=2754">auth: pick Bearer authentication whenever a token is available</a>
BGF <a href="https://curl.haxx.se/bug/?i=2817">cmake: CMake config files are defining CURL_STATICLIB for static builds</a>
BGF <a href="https://curl.haxx.se/bug/?i=2755">cmake: Respect BUILD_SHARED_LIBS</a>
BGF <a href="https://curl.haxx.se/bug/?i=2727">cmake: Update scripts to use consistent style</a>
BGF <a href="https://curl.haxx.se/bug/?i=2753">cmake: bumped minimum version to 3.4</a>
BGF <a href="https://curl.haxx.se/bug/?i=2753">cmake: link curl to the OpenSSL targets instead of lib absolute paths</a>
BGF <a href="https://curl.haxx.se/bug/?i=2747">configure: conditionally enable pedantic-errors</a>
BGF <a href="https://curl.haxx.se/bug/?i=2848">configure: fix for -lpthread detection with OpenSSL and pkg-config</a>
BGF <a href="https://curl.haxx.se/bug/?i=2733">conn: remove the boolean 'inuse' field</a>
BGF <a href="https://curl.haxx.se/bug/?i=2719">content_encoding: accept up to 4 unknown trailer bytes after raw deflate data</a>
BGF cookie tests: treat files as text
BGF <a href="https://curl.haxx.se/bug/?i=2524">cookies: support creation-time attribute for cookies</a>
BGF <a href="https://curl.haxx.se/bug/?i=2797">curl: Fix segfault when -H @headerfile is empty</a>
BGF <a href="https://curl.haxx.se/bug/?i=2925">curl: add http code 408 to transient list for --retry</a>
BGF <a href="https://curl.haxx.se/bug/?i=2739">curl: fix time-of-check, time-of-use race in dir creation</a>
BGF <a href="https://curl.haxx.se/bug/?i=2783">curl: use Content-Disposition before the "URL end" for -OJ</a>
BGF <a href="https://curl.haxx.se/bug/?i=2885">curl: warn the user if a given file name looks like an option</a>
BGF <a href="https://curl.haxx.se/bug/?i=2908">curl_threads: silence bad-function-cast warning</a>
BGF <a href="https://curl.haxx.se/bug/?i=2731">darwinssl: add support for ALPN negotiation</a>
BGF <a href="https://curl.haxx.se/bug/?i=2788">docs/CURLOPT_URL: fix indentation</a>
BGF <a href="https://curl.haxx.se/bug/?i=2787">docs/CURLOPT_WRITEFUNCTION: size is always 1</a>
BGF docs/SECURITY-PROCESS: mention bounty, drop pre-notify
BGF <a href="https://curl.haxx.se/bug/?i=2804">docs/examples: add hiperfifo example using linux epoll/timerfd</a>
BGF <a href="https://curl.haxx.se/bug/?i=2856">docs: add disallow-username-in-url.d and haproxy-protocol.d to dist</a>
BGF <a href="https://curl.haxx.se/bug/?i=2773">docs: clarify NO_PROXY env variable functionality</a>
BGF <a href="https://curl.haxx.se/bug/?i=2868">docs: improved the manual pages of some callbacks</a>
BGF <a href="https://curl.haxx.se/bug/?i=2837">docs: mention NULL is fine input to several functions</a>
BGF <a href="https://curl.haxx.se/bug/?i=2852">formdata: Remove unused macro HTTPPOST_CONTENTTYPE_DEFAULT</a>
BGF <a href="https://curl.haxx.se/bug/?i=2910">gopher: Do not translate `?' to `%09'</a>
BGF <a href="https://curl.haxx.se/bug/?i=2736">header output: switch off all styles, not just unbold</a>
BGF hostip: fix unused variable warning
BGF <a href="https://curl.haxx.se/bug/?i=2928">http2: Use correct format identifier for stream_id</a>
BGF <a href="https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10012">http2: abort the send_callback if not setup yet</a>
BGF <a href="https://curl.haxx.se/bug/?i=2894">http2: avoid set_stream_user_data() before stream is assigned</a>
BGF <a href="https://curl.haxx.se/bug/?i=2880">http2: check nghttp2_session_set_stream_user_data return code</a>
BGF <a href="https://curl.haxx.se/bug/?i=2800">http2: clear the drain counter in Curl_http2_done</a>
BGF <a href="https://curl.haxx.se/bug/?i=2882">http2: make sure to send after RST_STREAM</a>
BGF <a href="https://curl.haxx.se/bug/?i=2751">http2: separate easy handle from connections better</a>
BGF <a href="https://curl.haxx.se/bug/?i=2420">http: fix for tiny "HTTP/0.9" response</a>
BGF <a href="https://curl.haxx.se/bug/?i=2852">http_proxy: Remove unused macro SELECT_TIMEOUT</a>
BGF <a href="https://curl.haxx.se/bug/?i=2830">lib/Makefile: only do symbol hiding if told to</a>
BGF <a href="https://curl.haxx.se/bug/?i=2861">lib1502: fix memory leak in torture test</a>
BGF lib1522: fix curl_easy_setopt argument type
BGF <a href="https://curl.haxx.se/bug/?i=2904">libcurl-thread.3: expand somewhat on the NO_SIGNAL motivation</a>
BGF <a href="https://curl.haxx.se/bug/?i=2795">mime: check Curl_rand_hex's return code</a>
BGF <a href="https://curl.haxx.se/bug/?i=2733">multi: always do the COMPLETED procedure/state</a>
BGF <a href="https://curl.haxx.se/bug/?i=2732">openssl: assume engine support in 1.0.0 or later</a>
BGF <a href="https://curl.haxx.se/bug/?i=2806">openssl: fix debug messages</a>
BGF <a href="https://curl.haxx.se/bug/?i=2865">projects: Improve Windows perl detection in batch scripts</a>
BGF <a href="https://curl.haxx.se/bug/?i=2801">retry: return error if rewind was necessary but didn't happen</a>
BGF <a href="https://curl.haxx.se/bug/?i=2790">reuse_conn(): memory leak - free old_conn->options</a>
BGF <a href="https://curl.haxx.se/mail/lib-2018-08/0198.html">schannel: client certificate store opening fix</a>
BGF schannel: enable CALG_TLS1PRF for w32api >= 5.1
BGF <a href="https://github.com/curl/curl/pull/2721#issuecomment-403636043">schannel: fix MinGW compile break</a>
BGF <a href="https://curl.haxx.se/bug/?i=2939">sftp: don't send post-quote sequence when retrying a connection</a>
BGF <a href="https://curl.haxx.se/bug/?i=2769">smb: fix memory leak on early failure</a>
BGF <a href="https://curl.haxx.se/bug/?i=2740">smb: fix memory-leak in URL parse error path</a>
BGF <a href="https://curl.haxx.se/bug/?i=2768">smb_getsock: always wait for write socket too</a>
BGF <a href="https://curl.haxx.se/bug/?i=2879">ssh-libssh: fix infinite connect loop on invalid private key</a>
BGF <a href="https://curl.haxx.se/bug/?i=2879">ssh-libssh: reduce excessive verbose output about pubkey auth</a>
BGF <a href="https://curl.haxx.se/bug/?i=2922">ssh-libssh: use FALLTHROUGH to silence gcc8</a>
BGF <a href="https://curl.haxx.se/bug/?i=2333">ssl: set engine implicitly when a PKCS#11 URI is provided</a>
BGF <a href="https://curl.haxx.se/bug/?i=2808">sws: handle EINTR when calling select()</a>
BGF <a href="https://curl.haxx.se/bug/?i=2792">system_win32: fix version checking</a>
BGF <a href="https://curl.haxx.se/bug/?i=2852">telnet: Remove unused macros TELOPTS and TELCMDS</a>
BGF <a href="https://curl.haxx.se/bug/?i=2765">test1143: disable MSYS2's POSIX path conversion</a>
BGF <a href="https://curl.haxx.se/bug/?i=2786">test1148: disable if decimal separator is not point</a>
BGF <a href="https://curl.haxx.se/bug/?i=2825">test1307: (fnmatch testing) disabled</a>
BGF <a href="https://curl.haxx.se/bug/?i=2741">test1422: add required file feature</a>
BGF <a href="https://curl.haxx.se/bug/?i=2853">test1531: Add timeout</a>
BGF <a href="https://curl.haxx.se/bug/?i=2852">test1540: Remove unused macro TEST_HANG_TIMEOUT</a>
BGF test214: disable MSYS2's POSIX path conversion for URL
BGF <a href="https://curl.haxx.se/bug/?i=2776">test320: treat curl320.out file as binary</a>
BGF tests/http_pipe.py: Use /usr/bin/env to find python
BGF <a href="https://curl.haxx.se/bug/?i=2920">tests: Don't use Windows path %PWD for SSH tests</a>
BGF <a href="https://curl.haxx.se/bug/?i=2772">tests: fixes for Windows line endlings</a>
BGF tool_operate: Fix setting proxy TLS 1.3 ciphers
BGF <a href="https://curl.haxx.se/bug/?i=2835">travis: build darwinssl on macos 10.12 to fix linker errors</a>
BGF <a href="https://curl.haxx.se/bug/?i=2862">travis: execute "set -eo pipefail" for coverage build</a>
BGF <a href="https://curl.haxx.se/bug/?i=2811">travis: run a 'make checksrc' too</a>
BGF <a href="https://curl.haxx.se/bug/?i=2869">travis: update to GCC-8</a>
BGF <a href="https://curl.haxx.se/bug/?i=2856">travis: verify that man pages can be regenerated</a>
BGF <a href="https://curl.haxx.se/bug/?i=2892">upload: allocate upload buffer on-demand</a>
BGF <a href="https://curl.haxx.se/bug/?i=2892">upload: change default UPLOAD_BUFSIZE to 64KB</a>
BGF <a href="https://curl.haxx.se/bug/?i=2871">urldata: remove unused pipe_broke struct field</a>
BGF <a href="https://curl.haxx.se/bug/?i=2829">vtls: reinstantiate engine on duplicated handles</a>
BGF <a href="https://curl.haxx.se/mail/lib-2018-07/0080.html">windows: implement send buffer tuning</a>
BGF <a href="https://curl.haxx.se/bug/?i=2784">wolfSSL/CyaSSL: Fix memory leak in Curl_cyassl_random</a>
</ul>
<a name="7_61_0"></a>
SUBTITLE(Fixed in 7.61.0 - July 11 2018)
<p> Changes:
<ul class="changes">
CHG <a href="https://curl.haxx.se/bug/?i=2495">getinfo: add microsecond precise timers for seven intervals</a>
CHG <a href="https://curl.haxx.se/bug/?i=2538">curl: show headers in bold, switch off with --no-styled-output</a>
CHG <a href="https://curl.haxx.se/bug/?i=2102">httpauth: add support for Bearer tokens</a>
CHG <a href="https://curl.haxx.se/bug/?i=2435">Add CURLOPT_TLS13_CIPHERS and CURLOPT_PROXY_TLS13_CIPHERS</a>
CHG <a href="https://curl.haxx.se/bug/?i=2435">curl: --tls13-ciphers and --proxy-tls13-ciphers</a>
CHG <a href="https://curl.haxx.se/bug/?i=2340">Add CURLOPT_DISALLOW_USERNAME_IN_URL</a>
CHG <a href="https://curl.haxx.se/bug/?i=2340">curl: --disallow-username-in-url</a>
</ul>
<p> Bugfixes:
<ul class="bugfixes">
BGF <a href="https://curl.haxx.se/docs/CVE-2018-0500.html">CVE-2018-0500: smtp: fix SMTP send buffer overflow</a>
BGF <a href="https://curl.haxx.se/bug/?i=2522">schannel: disable client cert option if APIs not available</a>
BGF schannel: disable manual verify if APIs not available
BGF <a href="https://curl.haxx.se/bug/?i=2576">tests/libtest/Makefile: Do not unconditionally add gcc-specific flags</a>
BGF <a href="https://curl.haxx.se/bug/?i=2571">openssl: acknowledge --tls-max for default version too</a>
BGF stub_gssapi: fix 'unused parameter' warnings
BGF <a href="https://curl.haxx.se/bug/?i=2584">examples/progressfunc: make it build on both new and old libcurls</a>
BGF <a href="https://curl.haxx.se/bug/?i=2579">docs: mention it is HA Proxy protocol "version 1"</a>
BGF <a href="https://curl.haxx.se/bug/?i=2587">curl_fnmatch: only allow two asterisks for matching</a>
BGF <a href="https://curl.haxx.se/bug/?i=2590">docs: clarify CURLOPT_HTTPGET</a>
BGF <a href="https://curl.haxx.se/bug/?i=2586">configure: replace a AC_TRY_RUN with CURL_RUN_IFELSE</a>
BGF <a href="https://curl.haxx.se/bug/?i=2586">configure: do compile-time SIZEOF checks instead of run-time</a>
BGF <a href="https://curl.haxx.se/bug/?i=2563">checksrc: make sure sizeof() is used *with* parentheses</a>
BGF CURLOPT_ACCEPT_ENCODING.3: add brotli and clarify a bit
BGF <a href="https://curl.haxx.se/bug/?i=2592">schannel: make CAinfo parsing resilient to CR/LF</a>
BGF tftp: make sure error is zero terminated before printfing it
BGF <a href="https://curl.haxx.se/bug/?i=1163">http resume: skip body if http code 416 (range error) is ignored</a>
BGF <a href="https://curl.haxx.se/bug/?i=2580">configure: add basic test of --with-ssl prefix</a>
BGF <a href="https://curl.haxx.se/bug/?i=2121">cmake: set -d postfix for debug builds</a>
BGF <a href="https://curl.haxx.se/mail/lib-2018-05/0062.html">multi: provide a socket to wait for in Curl_protocol_getsock</a>
BGF <a href="https://curl.haxx.se/bug/?i=2606">content_encoding: handle zlib versions too old for Z_BLOCK</a>
BGF <a href="https://curl.haxx.se/bug/?i=2602">winbuild: only delete OUTFILE if it exists</a>
BGF <a href="https://curl.haxx.se/bug/?i=2603">winbuild: In MakefileBuild.vc fix typo DISTDIR->DIRDIST</a>
BGF <a href="https://curl.haxx.se/bug/?i=2604">schannel: add failf calls for client certificate failures</a>
BGF cmake: Fix the test for fsetxattr and strerror_r
BGF <a href="https://curl.haxx.se/bug/?i=2612">curl.1: Fix cmdline-opts reference errors</a>
BGF cmdline-opts/gen.pl: warn if mutexes: or see-also: list non-existing options
BGF <a href="https://curl.haxx.se/bug/?i=2609">cmake: check for getpwuid_r</a>
BGF <a href="https://curl.haxx.se/bug/?i=2613">configure: fix ssh2 linking when built with a static mbedtls</a>
BGF <a href="https://curl.haxx.se/bug/?i=2553">psl: use latest psl and refresh it periodically</a>
BGF <a href="https://curl.haxx.se/bug/?i=2614">fnmatch: insist on escaped bracket to match</a>
BGF <a href="https://curl.haxx.se/bug/?i=2618">KNOWN_BUGS: restore text regarding #2101</a>
BGF <a href="https://curl.haxx.se/bug/?i=2615">INSTALL: LDFLAGS=-Wl,-R/usr/local/ssl/lib</a>
BGF <a href="https://curl.haxx.se/bug/?i=2617">configure: override AR_FLAGS to silence warning</a>
BGF os400: implement mime api EBCDIC wrappers
BGF <a href="https://curl.haxx.se/bug/?i=1221">curl.rc: embed manifest for correct Windows version detection</a>
BGF <a href="https://curl.haxx.se/bug/?i=2623">strictness: correct {infof, failf} format specifiers</a>
BGF <a href="https://curl.haxx.se/bug/?i=2624">tests: update .gitignore for libtests</a>
BGF <a href="https://curl.haxx.se/bug/?i=2609">configure: check for declaration of getpwuid_r</a>
BGF <a href="https://curl.haxx.se/bug/?i=2626">fnmatch: use the system one if available</a>
BGF <a href="https://curl.haxx.se/bug/?i=2622">CURLOPT_RESOLVE: always purge old entry first</a>
BGF <a href="https://curl.haxx.se/bug/?i=2627">multi: remove a potentially bad DEBUGF()</a>
BGF curl_addrinfo: use same #ifdef conditions in source as header
BGF <a href="https://curl.haxx.se/bug/?i=2629">build: remove the Borland specific makefiles</a>
BGF <a href="https://curl.haxx.se/bug/?i=2628">axTLS: not considered fit for use</a>
BGF cmdline-opts/cert-type.d: mention "p12" as a recognized type
BGF <a href="https://curl.haxx.se/bug/?i=2637">system.h: add support for IBM xlc C compiler</a>
BGF <a href="https://curl.haxx.se/bug/?i=2633">tests/libtest: Add lib1521 to nodist_SOURCES</a>
BGF <a href="https://curl.haxx.se/bug/?i=2640">mk-ca-bundle.pl: leave certificate name untouched</a>
BGF <a href="https://curl.haxx.se/bug/?i=2634">boringssl + schannel: undef X509_NAME in lib/schannel.h</a>
BGF <a href="https://curl.haxx.se/bug/?i=2641">openssl: assume engine support in 1.0.1 or later</a>
BGF <a href="https://curl.haxx.se/bug/?i=2631">cppcheck: fix warnings</a>
BGF <a href="https://curl.haxx.se/bug/?i=2646">test 46: make test pass after year 2025</a>
BGF <a href="https://curl.haxx.se/bug/?i=2630">schannel: support selecting ciphers</a>
BGF <a href="https://curl.haxx.se/bug/?i=2647">Curl_debug: remove dead printhost code</a>
BGF <a href="https://curl.haxx.se/bug/?i=2649">test 1455: unflakified</a>
BGF <a href="https://curl.haxx.se/bug/?i=2653">Curl_init_do: handle NULL connection pointer passed in</a>
BGF <a href="https://curl.haxx.se/bug/?i=2654">progress: remove a set of unused defines</a>
BGF <a href="https://curl.haxx.se/bug/?i=2655">mk-ca-bundle.pl: make -u delete certdata.txt if found not changed</a>
BGF <a href="https://curl.haxx.se/bug/?i=2657">GOVERNANCE.md: explains how this project is run</a>
BGF <a href="https://curl.haxx.se/bug/?i=2203">configure: use pkg-config for c-ares detection</a>
BGF <a href="https://curl.haxx.se/bug/?i=2199">configure: enhance ability to build with static openssl</a>
BGF <a href="https://curl.haxx.se/bug/?i=2660">maketgz: fix sed issues on OSX</a>
BGF <a href="https://curl.haxx.se/bug/?i=1968">multi: fix memory leak when stopped during name resolve</a>
BGF CURLOPT_INTERFACE.3: interface names not supported on Windows
BGF <a href="https://curl.haxx.se/bug/?i=2669">url: fix dangling conn->data pointer</a>
BGF <a href="https://curl.haxx.se/bug/?i=2665">cmake: allow multiple SSL backends</a>
BGF <a href="https://curl.haxx.se/mail/lib-2018-06/0100.html">system.h: fix for gcc on 32 bit OpenServer</a>
BGF <a href="https://curl.haxx.se/bug/?i=2674">ConnectionExists: make sure conn->data is set when "taking" a connection</a>
BGF <a href="https://curl.haxx.se/bug/?i=2677">multi: fix crash due to dangling entry in connect-pending list</a>
BGF <a href="https://curl.haxx.se/bug/?i=2673">CURLOPT_SSL_VERIFYPEER.3: Add performance note</a>
BGF <a href="https://curl.haxx.se/bug/?i=2676">netrc: use a larger buffer to support longer passwords</a>
BGF <a href="https://curl.haxx.se/bug/?i=2681">url: check Curl_conncache_add_conn return code</a>
BGF <a href="https://curl.haxx.se/bug/?i=2684">configure: Add dependent libraries after crypto</a>
BGF <a href="https://curl.haxx.se/bug/?i=2685">easy_perform: faster local name resolves by using *multi_timeout()</a>
BGF <a href="https://curl.haxx.se/bug/?i=2687">getnameinfo: not used, removed all configure checks</a>
BGF <a href="https://curl.haxx.se/bug/?i=2689">travis: add a build using the synchronous name resolver</a>
BGF <a href="https://curl.haxx.se/bug/?i=2690">CURLINFO_TLS_SSL_PTR.3: improve the example</a>
BGF <a href="https://curl.haxx.se/bug/?i=2692">openssl: allow TLS 1.3 by default</a>
BGF <a href="https://curl.haxx.se/bug/?i=2691">openssl: make the requested TLS version the *minimum* wanted</a>
BGF <a href="https://curl.haxx.se/bug/?i=2698">openssl: Remove some dead code</a>
BGF <a href="https://curl.haxx.se/bug/?i=2696">telnet: fix clang warnings</a>
BGF <a href="https://curl.haxx.se/dev/deprecate.html">DEPRECATE: new doc describing planned item removals</a>
BGF <a href="https://curl.haxx.se/bug/?i=2706">example/crawler.c: simple crawler based on libxml2</a>
BGF <a href="https://curl.haxx.se/bug/?i=2708">libssh: goto DISCONNECT state on error, not SESSION_FREE</a>
BGF <a href="https://curl.haxx.se/bug/?i=2711">CMake: Remove unused functions</a>
BGF <a href="https://curl.haxx.se/bug/?i=2656">darwinssl: allow High Sierra users to build the code using GCC</a>
BGF <a href="https://curl.haxx.se/bug/?i=2718">scripts: include _curl as part of CLEANFILES</a>
</ul>
<a name="7_60_0"></a>
SUBTITLE(Fixed in 7.60.0 - May 16 2018)
<p> Changes:
<ul class="changes">
CHG <a href="https://curl.haxx.se/bug/?i=2162">Add CURLOPT_HAPROXYPROTOCOL, support for the HAProxy PROXY protocol</a>
CHG <a href="https://curl.haxx.se/bug/?i=2162">Add --haproxy-protocol for the command line tool</a>
CHG <a href="https://curl.haxx.se/bug/?i=1694">Add CURLOPT_DNS_SHUFFLE_ADDRESSES, shuffle returned IP addresses</a>
</ul>
<p> Bugfixes:
<ul class="bugfixes">
BGF <a href="https://curl.haxx.se/docs/CVE-2018-1000300.html">FTP: shutdown response buffer overflow CVE-2018-1000300</a>
BGF <a href="https://curl.haxx.se/docs/CVE-2018-1000301.html">RTSP: bad headers buffer over-read CVE-2018-1000301</a>
BGF <a href="https://curl.haxx.se/bug/?i=2380">FTP: fix typo in recursive callback detection for seeking</a>
BGF test1208: marked flaky
BGF <a href="https://curl.haxx.se/bug/?i=2382">HTTP: make header-less responses still count correct body size</a>
BGF <a href="https://curl.haxx.se/bug/?i=2381">user-agent.d:: mention --proxy-header as well</a>
BGF <a href="https://curl.haxx.se/bug/?i=2387">http2: fixes typo</a>
BGF <a href="https://curl.haxx.se/bug/?i=2389">cleanup: misc typos in strings and comments</a>
BGF <a href="https://curl.haxx.se/bug/?i=2386">rate-limit: use three second window to better handle high speeds</a>
BGF examples/hiperfifo.c: improved
BGF <a href="https://curl.haxx.se/mail/lib-2018-03/0048.html">pause: when changing pause state, update socket state</a>
BGF <a href="https://curl.haxx.se/bug/?i=2369">multi: improved pending transfers handling => improved performance</a>
BGF <a href="https://curl.haxx.se/bug/?i=2364">curl_version_info.3: fix ssl_version description</a>
BGF <a href="https://curl.haxx.se/bug/?i=2190">add_handle/easy_perform: clear errorbuffer on start if set</a>
BGF <a href="https://curl.haxx.se/bug/?i=2397">darwinssl: fix iOS build</a>
BGF <a href="https://curl.haxx.se/bug/?i=2392">cmake: add support for brotli</a>
BGF <a href="https://curl.haxx.se/bug/?i=2401">parsedate: support UT timezone</a>
BGF vauth/ntlm.h: fix the #ifdef header guard
BGF lib/curl_path.h: added #ifdef header guard
BGF <a href="https://curl.haxx.se/bug/?i=2408">vauth/cleartext: fix integer overflow check</a>
BGF CURLINFO_COOKIELIST.3: made the example not leak memory
BGF <a href="https://curl.haxx.se/bug/?i=2410">cookie.d: mention that "-" as filename means stdin</a>
BGF <a href="https://curl.haxx.se/bug/?i=2400">CURLINFO_SSL_VERIFYRESULT.3: fixed the example</a>
BGF <a href="https://curl.haxx.se/bug/?i=1967">http2: read pending frames (including GOAWAY) in connection-check</a>
BGF <a href="https://curl.haxx.se/bug/?i=2358">timeval: remove compilation warning by casting</a>
BGF <a href="https://curl.haxx.se/bug/?i=2358">cmake: avoid warn-as-error during config checks</a>
BGF <a href="https://curl.haxx.se/bug/?i=2418">travis-ci: enable -Werror for CMake builds</a>
BGF <a href="https://curl.haxx.se/bug/?i=2399">openldap: fix for NULL return from ldap_get_attribute_ber()</a>
BGF <a href="https://curl.haxx.se/bug/?i=2419">threaded resolver: track resolver time and set suitable timeout values</a>
BGF <a href="https://curl.haxx.se/bug/?i=2363">cmake: Add advapi32 as explicit link library for win32</a>
BGF <a href="https://curl.haxx.se/mail/lib-2018-03/0140.html">docs: fix CURLINFO_*_T examples use of CURL_FORMAT_CURL_OFF_T</a>
BGF <a href="https://curl.haxx.se/bug/?i=2436">test1148: set a fixed locale for the test</a>
BGF <a href="https://curl.haxx.se/bug/?i=2441">cookies: when reading from a file, only remove_expired once</a>
BGF <a href="https://curl.haxx.se/bug/?i=2440">cookie: store cookies per top-level-domain-specific hash table</a>
BGF <a href="https://curl.haxx.se/bug/?i=2319">openssl: fix build with LibreSSL 2.7</a>
BGF <a href="https://curl.haxx.se/bug/?i=2453">tls: fix mbedTLS 2.7.0 build + handle sha256 failures</a>
BGF <a href="https://curl.haxx.se/bug/?i=2451">openssl: RESTORED verify locations when verifypeer==0</a>
BGF <a href="https://curl.haxx.se/bug/?i=2438">file: restore old behavior for file:////foo/bar URLs</a>
BGF <a href="https://curl.haxx.se/bug/?i=2432">FTP: allow PASV on IPv6 connections when a proxy is being used</a>
BGF <a href="https://curl.haxx.se/bug/?i=2430">build-openssl.bat: allow custom paths for VS and perl</a>
BGF <a href="https://curl.haxx.se/bug/?i=2455">winbuild: make the clean target work without build-type</a>
BGF <a href="https://curl.haxx.se/bug/?i=2189">build-openssl.bat: Refer to VS2017 as VC14.1 instead of VC15</a>
BGF <a href="https://curl.haxx.se/bug/?i=2462">curl: retry on FTP 4xx, ignore other protocols</a>
BGF <a href="https://curl.haxx.se/bug/?i=2463">configure: detect (and use) sa_family_t</a>
BGF examples/sftpuploadresume: Fix Windows large file seek
BGF <a href="https://curl.haxx.se/bug/?i=2466">build: cleanup to fix clang warnings/errors</a>
BGF <a href="https://curl.haxx.se/bug/?i=2472">winbuild: updated the documentation</a>
BGF <a href="https://curl.haxx.se/bug/?i=2463">lib: silence null-dereference warnings</a>
BGF <a href="https://curl.haxx.se/bug/?i=2478">travis: bump to clang 6 and gcc 7</a>
BGF <a href="https://curl.haxx.se/bug/?i=2471">travis: build libpsl and make builds use it</a>
BGF <a href="https://curl.haxx.se/bug/?i=2480">proxy: show getenv proxy use in verbose output</a>
BGF <a href="https://curl.haxx.se/bug/?i=2485">duphandle: make sure CURLOPT_RESOLVE is duplicated</a>
BGF <a href="https://curl.haxx.se/bug/?i=2497">all: Refactor malloc+memset to use calloc</a>
BGF <a href="https://curl.haxx.se/bug/?i=2498">checksrc: Fix typo</a>
BGF <a href="https://curl.haxx.se/bug/?i=2491">system.h: Add sparcv8plus to oracle/sunpro 32-bit detection</a>
BGF <a href="https://curl.haxx.se/bug/?i=2496">vauth: Fix typo</a>
BGF <a href="https://curl.haxx.se/bug/?i=2500">ssh: show libSSH2 error code when closing fails</a>
BGF <a href="https://curl.haxx.se/bug/?i=2446">test1148: tolerate progress updates better</a>
BGF <a href="https://curl.haxx.se/bug/?i=2479">urldata: make service names unconditional</a>
BGF <a href="https://curl.haxx.se/bug/?i=2490">configure: keep LD_LIBRARY_PATH changes local</a>
BGF <a href="https://curl.haxx.se/bug/?i=1622">ntlm_sspi: fix authentication using Credential Manager</a>
BGF <a href="https://curl.haxx.se/bug/?i=2376">schannel: add client certificate authentication</a>
BGF <a href="https://curl.haxx.se/bug/?i=2474">winbuild: Support custom devel paths for each dependency</a>
BGF <a href="https://curl.haxx.se/bug/?i=1325">schannel: add support for CURLOPT_CAINFO</a>
BGF <a href="https://curl.haxx.se/bug/?i=2507">http2: handle on_begin_headers() called more than once</a>
BGF <a href="https://curl.haxx.se/bug/?i=2403">openssl: support OpenSSL 1.1.1 verbose-mode trace messages</a>
BGF <a href="https://curl.haxx.se/bug/?i=2493">openssl: fix subjectAltName check on non-ASCII platforms</a>
BGF <a href="https://curl.haxx.se/bug/?i=2513">http2: avoid strstr() on data not zero terminated</a>
BGF <a href="https://curl.haxx.se/bug/?i=1680">http2: clear the "drain counter" when a stream is closed</a>
BGF <a href="https://curl.haxx.se/bug/?i=2416">http2: handle GOAWAY properly</a>
BGF tool_help: clarify --max-time unit of time is seconds
BGF <a href="https://curl.haxx.se/bug/?i=2515">curl.1: clarify that options and URLs can be mixed</a>
BGF <a href="https://curl.haxx.se/bug/?i=2514">http2: convert an assert to run-time check</a>
BGF <a href="https://curl.haxx.se/bug/?i=2499">curl_global_sslset: always provide available backends</a>
BGF <a href="https://curl.haxx.se/bug/?i=2445">ftplistparser: keep state between invokes</a>
BGF Curl_memchr: zero length input can't match
BGF examples/sftpuploadresume: typecast fseek argument to long
BGF examples/http2-upload: expand buffer to avoid silly warning
BGF <a href="https://curl.haxx.se/bug/?i=2494">ctype: restore character classification for non-ASCII platforms</a>
BGF <a href="https://curl.haxx.se/bug/?i=2527">mime: avoid NULL pointer dereference risk</a>
BGF <a href="https://curl.haxx.se/bug/?i=2529">cookies: ensure that we have cookies before writing jar</a>
BGF <a href="https://curl.haxx.se/bug/?i=2525">os400.c: fix checksrc warnings</a>
BGF configure: provide --with-wolfssl as an alias for --with-cyassl
BGF cyassl: adapt to libraries without TLS 1.0 support built-in
BGF <a href="https://curl.haxx.se/bug/?i=2534">http2: get rid of another strstr</a>
BGF <a href="https://curl.haxx.se/bug/?i=2532">checksrc: force indentation of lines after an else</a>
BGF <a href="https://curl.haxx.se/bug/?i=2537">cookies: remove unused macro</a>
BGF CURLINFO_PROTOCOL.3: mention the existing defined names
BGF <a href="https://curl.haxx.se/bug/?i=2533">tests: provide 'manual' as a feature to optionally require</a>
BGF <a href="https://curl.haxx.se/bug/?i=2541">travis: enable libssh2 on both macos and Linux</a>
BGF CURLOPT_URL.3: added ENCODING section
BGF <a href="https://curl.haxx.se/bug/?i=2542">wolfssl: Fix non-blocking connect</a>
BGF vtls: don't define MD5_DIGEST_LENGTH for wolfssl
BGF <a href="https://curl.haxx.se/bug/?i=2544">docs: remove extraneous commas in man pages</a>
BGF <a href="https://curl.haxx.se/bug/?i=2535">URL: fix ASCII dependency in strcpy_url and strlen_url</a>
BGF ssh-libssh.c: fix left shift compiler warning
BGF <a href="https://curl.haxx.se/bug/?i=2180">configure: only check for CA bundle for file-using SSL backends</a>
BGF <a href="https://curl.haxx.se/bug/?i=2531">travis: add an mbedtls build</a>
BGF <a href="https://curl.haxx.se/bug/?i=2546">http: don't set the "rewind" flag when not uploading anything</a>
BGF <a href="https://curl.haxx.se/bug/?i=2548">configure: put CURLDEBUG and DEBUGBUILD in lib/curl_config.h</a>
BGF <a href="https://curl.haxx.se/bug/?i=2520">transfer: don't unset writesockfd on setup of multiplexed conns</a>
BGF <a href="https://curl.haxx.se/bug/?i=2547">vtls: use unified "supports" bitfield member in backends</a>
BGF <a href="https://curl.haxx.se/bug/?i=2550">URLs: fix one more http url</a>
BGF <a href="https://curl.haxx.se/bug/?i=2528">travis: add a build using WolfSSL</a>
BGF <a href="https://curl.haxx.se/bug/?i=2512">openssl: change FILE ops to BIO ops</a>
BGF <a href="https://curl.haxx.se/bug/?i=2558">travis: add build using NSS</a>
BGF <a href="https://curl.haxx.se/bug/?i=2558">smb: reject negative file sizes</a>
BGF <a href="https://curl.haxx.se/bug/?i=2564">cookies: accept parameter names as cookie name</a>
BGF <a href="https://curl.haxx.se/bug/?i=2520">http2: getsock fix for uploads</a>
BGF <a href="https://curl.haxx.se/bug/?i=2561">all over: fixed format specifiers</a>
BGF <a href="https://curl.haxx.se/bug/?i=2560">http2: use the correct function pointer typedef</a>
</ul>
<a name="7_59_0"></a>
SUBTITLE(Fixed in 7.59.0 - March 14 2018)
<p> Changes:
<ul class="changes">
CHG <a href="https://curl.haxx.se/bug/?i=2268">curl: add --proxy-pinnedpubkey</a>
CHG <a href="https://curl.haxx.se/bug/?i=2238">added: CURLOPT_TIMEVALUE_LARGE and CURLINFO_FILETIME_T</a>
CHG <a href="https://curl.haxx.se/bug/?i=2260">CURLOPT_RESOLVE: Add support for multiple IP addresses per entry</a>
CHG <a href="https://curl.haxx.se/bug/?i=2260">Add option CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS</a>
CHG <a href="https://curl.haxx.se/bug/?i=2260">Add new tool option --happy-eyeballs-timeout-ms</a>
CHG <a href="https://curl.haxx.se/bug/?i=2311">Add CURLOPT_RESOLVER_START_FUNCTION and CURLOPT_RESOLVER_START_DATA</a>
</ul>
<p> Bugfixes:
<ul class="bugfixes">
BGF <a href="https://curl.haxx.se/docs/CVE-2018-1000121.html">openldap: check ldap_get_attribute_ber() results for NULL before using</a>
BGF <a href="https://curl.haxx.se/docs/CVE-2018-1000120.html">FTP: reject path components with control codes</a>
BGF <a href="https://curl.haxx.se/docs/CVE-2018-1000122.html">readwrite: make sure excess reads don't go beyond buffer end</a>
BGF <a href="https://curl.haxx.se/bug/?i=1872">lib555: drop text conversion and encode data as ascii codes</a>
BGF lib517: make variable static to avoid compiler warning
BGF <a href="https://curl.haxx.se/bug/?i=1872">lib544: sync ascii code data with textual data</a>
BGF <a href="https://curl.haxx.se/bug/?i=2263">GSKit: restore pinnedpubkey functionality</a>
BGF <a href="https://curl.haxx.se/bug/?i=2085">darwinssl: Don't import client certificates into Keychain on macOS</a>
BGF <a href="https://curl.haxx.se/bug/?i=2250">parsedate: fix date parsing for systems with 32 bit long</a>
BGF <a href="https://curl.haxx.se/bug/?i=2258">openssl: fix pinned public key build error in FIPS mode</a>
BGF <a href="https://curl.haxx.se/bug/?i=1429">SChannel/WinSSL: Implement public key pinning</a>
BGF cookies: remove verbose "cookie size:" output
BGF <a href="https://github.com/curl/curl/commit/993dd5651a6c853bfe3870f6a69c7b329fa4e8ce#commitcomment-27070080">progress-bar: don't use stderr explicitly, use bar->out</a>
BGF Fixes for MSDOS
BGF build: open VC15 projects with VS 2017
BGF <a href="https://curl.haxx.se/bug/?i=2269">curl_ctype: private is*() type macros and functions</a>
BGF <a href="https://curl.haxx.se/bug/?i=2202">configure: set PATH_SEPARATOR to colon for PATH w/o separator</a>
BGF <a href="https://curl.haxx.se/bug/?i=2274">winbuild: make linker generate proper PDB</a>
BGF <a href="https://curl.haxx.se/mail/lib-2018-01/0074.html">curl_easy_reset: clear digest auth state</a>
BGF <a href="https://curl.haxx.se/bug/?i=2275">curl/curl.h: fix comment typo for CURLOPT_DNS_LOCAL_IP6</a>
BGF <a href="https://curl.haxx.se/bug/?i=2205">range: commonize FTP and FILE range handling</a>
BGF <a href="https://curl.haxx.se/bug/?i=2271">progress-bar docs: update to match implementation</a>
BGF fnmatch: do not match the empty string with a character set
BGF <a href="https://curl.haxx.se/mail/lib-2018-01/0114.html">fnmatch: accept an alphanum to be followed by a non-alphanum in char set</a>
BGF <a href="https://curl.haxx.se/mail/lib-2018-01/0122.html">build: fix termios issue on android cross-compile</a>
BGF <a href="https://curl.haxx.se/bug/?i=2278">getdate: return -1 for out of range</a>
BGF <a href="https://curl.haxx.se/bug/?i=2282">formdata: use the mime-content type function</a>
BGF <a href="https://curl.haxx.se/bug/?i=2164">time-cond: fix reading the file modification time on Windows</a>
BGF build-openssl.bat: Extend VC15 support to include Enterprise and Professional
BGF build-wolfssl.bat: Extend VC15 support to include Enterprise and Professional
BGF openssl: Don't add verify locations when verifypeer==0
BGF <a href="https://curl.haxx.se/bug/?i=2291">fnmatch: optimize processing of consecutive *s and ?s pattern characters</a>
BGF <a href="https://curl.haxx.se/bug/?i=2296">schannel: fix compiler warnings</a>
BGF <a href="https://curl.haxx.se/bug/?i=2298">content_encoding: Add "none" alias to "identity"</a>
BGF get_posix_time: only check for overflows if they can happen
BGF <a href="https://curl.haxx.se/bug/?i=2303">http_chunks: don't write chunks twice with CURLOPT_HTTP_TRANSFER_DECODING</a>
BGF <a href="https://curl.haxx.se/bug/?i=2300">README: language fix</a>
BGF <a href="https://curl.haxx.se/bug/?i=2305">sha256: build with OpenSSL < 0.9.8</a>
BGF <a href="https://curl.haxx.se/bug/?i=2304">smtp: fix processing of initial dot in data</a>
BGF <a href="https://bugzilla.redhat.com/1542256">--tlsauthtype: works only if libcurl is built with TLS-SRP support</a>
BGF <a href="https://curl.haxx.se/bug/?i=2303">tests: new tests for http raw mode</a>
BGF libcurl-security.3: man page discussion security concerns when using libcurl
BGF curl_gssapi: make sure this file too uses our *printf()
BGF BINDINGS: fix curb link (and remove ruby-curl-multi)
BGF <a href="https://bugzilla.redhat.com/1510247">nss: use PK11_CreateManagedGenericObject() if available</a>
BGF <a href="https://curl.haxx.se/bug/?i=1872">travis: add build with iconv enabled</a>
BGF <a href="https://curl.haxx.se/bug/?i=2312">ssh: add two missing state names</a>
BGF CURLOPT_HEADERFUNCTION.3: mention folded headers
BGF <a href="https://curl.haxx.se/mail/lib-2018-02/0056.html">http: fix the max header length detection logic</a>
BGF <a href="https://curl.haxx.se/bug/?i=2314">header callback: don't chop headers into smaller pieces</a>
BGF CURLOPT_HEADER.3: clarify problems with different data sizes
BGF curl --version: show PSL if the run-time lib has it enabled
BGF <a href="https://curl.haxx.se/mail/lib-2018-02/0072.html">examples/sftpuploadresume: resume upload via CURLOPT_APPEND</a>
BGF <a href="https://curl.haxx.se/bug/?i=2302">Return error if called recursively from within callbacks</a>
BGF sasl: prefer PLAIN mechanism over LOGIN
BGF <a href="https://curl.haxx.se/bug/?i=2330">winbuild: Use CALL to run batch scripts</a>
BGF curl_share_setopt.3: connection cache is shared within multi handles
BGF <a href="https://curl.haxx.se/bug/?i=2329">winbuild: Use macros for the names of some build utilities</a>
BGF <a href="https://curl.haxx.se/bug/?i=2325">projects/README: remove reference to dead IDN link/package</a>
BGF <a href="https://curl.haxx.se/bug/?i=2335">lib655: silence compiler warning</a>
BGF configure: Fix version check for OpenSSL 1.1.1
BGF <a href="https://curl.haxx.se/bug/?i=2342">docs/MANUAL: formfind.pl is not accessible on the site anymore</a>
BGF <a href="https://curl.haxx.se/bug/?i=2341">unit1309: fix warning on Windows x64</a>
BGF unit1307: proper cleanup on OOM to fix torture tests
BGF curl_ctype: fix macro redefinition warnings
BGF <a href="https://curl.haxx.se/bug/?i=2337">build: get CFLAGS (including -werror) used for examples and tests</a>
BGF <a href="https://curl.haxx.se/bug/?i=2353">NO_PROXY: fix for IPv6 numericals in the URL</a>
BGF <a href="https://curl.haxx.se/bug/?i=2356">krb5: use nondeprecated functions</a>
BGF <a href="https://curl.haxx.se/bug/?i=2354">winbuild: prefer documented zlib library names</a>
BGF <a href="https://curl.haxx.se/bug/?i=2365">http2: mark the connection for close on GOAWAY</a>
BGF <a href="https://curl.haxx.se/bug/?i=2371">limit-rate: kick in even before "limit" data has been received</a>
BGF <a href="https://curl.haxx.se/bug/?i=2357">HTTP: allow "header;" to replace an internal header with a blank one</a>
BGF http2: verbose output new MAX_CONCURRENT_STREAMS values
BGF SECURITY: distros' max embargo time is 14 days
BGF curl tool: accept --compressed also if Brotli is enabled and zlib is not
BGF <a href="https://curl.haxx.se/bug/?i=2349">WolfSSL: adding TLSv1.3</a>
BGF checksrc.pl: add -i and -m options
BGF CURLOPT_COOKIEFILE.3: "-" as file name means stdin
</ul>
<a name="7_58_0"></a>
SUBTITLE(Fixed in 7.58.0 - January 24 2018)
<p> Changes:
<ul class="changes">
CHG new libssh-powered SSH SCP/SFTP back-end
CHG <a href="https://curl.haxx.se/bug/?i=2128">curl-config: add --ssl-backends</a>
</ul>
<p> Bugfixes:
<ul class="bugfixes">
BGF <a href="https://curl.haxx.se/docs/CVE-2018-1000005.html">http2: fix incorrect trailer buffer size</a>
BGF <a href="https://curl.haxx.se/docs/CVE-2018-1000007.html">http: prevent custom Authorization headers in redirects</a>
BGF <a href="https://curl.haxx.se/bug/?i=2118">travis: add boringssl build</a>
BGF <a href="https://curl.haxx.se/mail/lib-2017-12/0000.html">examples/xmlstream.c: don't switch off CURL_GLOBAL_SSL</a>
BGF <a href="https://curl.haxx.se/bug/?i=2119">SSL: Avoid magic allocation of SSL backend specific data</a>
BGF <a href="https://curl.haxx.se/bug/?i=2127">lib: don't export all symbols, just everything curl_*</a>
BGF libssh2: send the correct CURLE error code on scp file not found
BGF libssh2: return CURLE_UPLOAD_FAILED on failure to upload
BGF <a href="https://curl.haxx.se/bug/?i=2134">openssl: enable pkcs12 in boringssl builds</a>
BGF <a href="https://curl.haxx.se/bug/?i=2143">libssh2: remove dead code from SSH_SFTP_QUOTE</a>
BGF <a href="https://curl.haxx.se/bug/?i=2150">sasl_getmessage: make sure we have a long enough string to pass</a>
BGF <a href="https://curl.haxx.se/bug/?i=2132">conncache: fix several lock issues</a>
BGF threaded-shared-conn.c: new example
BGF <a href="https://curl.haxx.se/bug/?i=2152">conncache: only allow multiplexing within same multi handle</a>
BGF <a href="https://curl.haxx.se/bug/?i=2146">configure: check for netinet/in6.h</a>
BGF <a href="https://curl.haxx.se/bug/?i=2154">URL: tolerate backslash after drive letter for FILE:</a>
BGF <a href="https://curl.haxx.se/bug/?i=2159">openldap: add commented out debug possibilities</a>
BGF <a href="https://curl.haxx.se/bug/?i=2160">include: get netinet/in.h before linux/tcp.h</a>
BGF <a href="https://curl.haxx.se/bug/?i=2088">CONNECT: keep close connection flag in http_connect_state struct</a>
BGF BINDINGS: another PostgreSQL client
BGF <a href="https://curl.haxx.se/bug/?i=2158">curl: limit -# update frequency for unknown total size</a>
BGF <a href="https://curl.haxx.se/bug/?i=2076">configure: add AX_CODE_COVERAGE only if using gcc</a>
BGF curl.h: remove incorrect comment about ERRORBUFFER
BGF <a href="https://curl.haxx.se/bug/?i=1916">openssl: improve data-pending check for https proxy</a>
BGF <a href="https://curl.haxx.se/bug/?i=2166">curl: remove __EMX__ #ifdefs</a>
BGF <a href="https://curl.haxx.se/bug/?i=2168">CURLOPT_PRIVATE.3: fix grammar</a>
BGF <a href="https://curl.haxx.se/bug/?i=1900">sftp: allow quoted commands to use relative paths</a>
BGF CURLOPT_DNS_CACHE_TIMEOUT.3: see also CURLOPT_RESOLVE
BGF RESOLVE: output verbose text when trying to set a duplicate name
BGF <a href="https://github.com/curl/curl/pull/1346#issuecomment-350530901">openssl: Disable file buffering for Win32 SSLKEYLOGFILE</a>
BGF <a href="https://curl.haxx.se/bug/?i=2169">multi_done: prune DNS cache</a>
BGF tests: update .gitignore for libtests
BGF tests: mark data files as non-executable in git
BGF CURLOPT_DNS_LOCAL_IP4.3: fixed the "SEE ALSO" to not self-reference
BGF curl.1: documented two missing valid exit codes
BGF curl.1: mention http:// and https:// as valid proxy prefixes
BGF <a href="https://curl.haxx.se/bug/?i=2171">vtls: replaced getenv() with curl_getenv()</a>
BGF <a href="https://curl.haxx.se/bug/?i=2173">setopt: less *or equal* than INT_MAX/1000 should be fine</a>
BGF examples/smtp-mail.c: use separate defines for options and mail
BGF <a href="https://curl.haxx.se/bug/?i=2174">curl: support >256 bytes warning messages</a>
BGF conncache: fix a return code
BGF krb5: fix a potential access of uninitialized memory
BGF rand: add a clang-analyzer work-around
BGF <a href="https://curl.haxx.se/bug/?i=2175">CURLOPT_READFUNCTION.3: refer to argument with correct name</a>
BGF brotli: allow compiling with version 0.6.0
BGF <a href="https://curl.haxx.se/bug/?i=2068">content_encoding: rework zlib_inflate</a>
BGF <a href="https://curl.haxx.se/mail/lib-2017-12/0060.html">curl_easy_reset: release mime-related data</a>
BGF <a href="https://curl.haxx.se/bug/?i=2185">examples/rtsp: fix error handling macros</a>
BGF build-openssl.bat: Added support for VC15
BGF build-wolfssl.bat: Added support for VC15
BGF build: Added Visual Studio 2017 project files
BGF winbuild: Added support for VC15
BGF <a href="https://curl.haxx.se/bug/?i=2179">curl: Support size modifiers for --max-filesize</a>
BGF <a href="https://curl.haxx.se/mail/lib-2017-12/0057.html">examples/cacertinmem: ignore cert-already-exists error</a>
BGF <a href="https://curl.haxx.se/bug/?i=2194">brotli: data at the end of content can be lost</a>
BGF <a href="https://curl.haxx.se/mail/lib-2017-12/0074.html">curl_version_info.3: call the argument 'age'</a>
BGF openssl: fix memory leak of SSLKEYLOGFILE filename
BGF <a href="https://curl.haxx.se/bug/?i=2215">build: remove HAVE_LIMITS_H check</a>
BGF --mail-rcpt: fix short-text description
BGF <a href="https://curl.haxx.se/bug/?i=2222">scripts: allow all perl scripts to be run directly</a>
BGF <a href="https://curl.haxx.se/bug/?i=2200">progress: calculate transfer speed on milliseconds if possible</a>
BGF <a href="https://curl.haxx.se/bug/?i=2216">system.h: check __LONG_MAX__ for defining curl_off_t</a>
BGF <a href="https://curl.haxx.se/bug/?i=2217">easy: fix connection ownership in curl_easy_pause</a>
BGF <a href="https://curl.haxx.se/bug/?i=2230">setopt: reintroduce non-static Curl_vsetopt() for OS400 support</a>
BGF <a href="https://curl.haxx.se/bug/?i=2225">setopt: fix SSLVERSION to allow CURL_SSLVERSION_MAX_ values</a>
BGF <a href="https://curl.haxx.se/bug/?i=2234">configure.ac: append extra linker flags instead of prepending them</a>
BGF <a href="https://curl.haxx.se/bug/?i=2212">HTTP: bail out on negative Content-Length: values</a>
BGF docs: comment about CURLE_READ_ERROR returned by curl_mime_filedata
BGF <a href="https://curl.haxx.se/bug/?i=2235">mime: clone mime tree upon easy handle duplication</a>
BGF <a href="https://curl.haxx.se/bug/?i=2210">openssl: enable SSLKEYLOGFILE support by default</a>
BGF <a href="https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5206">smtp/pop3/imap_get_message: decrease the data length too...</a>
BGF <a href="https://curl.haxx.se/bug/?i=2239">CURLOPT_TCP_NODELAY.3: fix typo</a>
BGF <a href="https://curl.haxx.se/bug/?i=2211">SMB: fix numeric constant suffix and variable types</a>
BGF <a href="https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5251">ftp-wildcard: fix matching an empty string with "*[^a]"</a>
BGF curl_fnmatch: only allow 5 '*' sections in a single pattern
BGF openssl: fix potential memory leak in SSLKEYLOGFILE logic
BGF <a href="https://curl.haxx.se/bug/?i=2248">SSH: Fix state machine for ssh-agent authentication</a>
BGF <a href="https://curl.haxx.se/bug/?i=2245">examples/url2file.c: add missing curl_global_cleanup() call</a>
BGF <a href="https://curl.haxx.se/bug/?i=2237">http2: don't close connection when single transfer is stopped</a>
BGF libcurl-env.3: first version
BGF <a href="https://curl.haxx.se/bug/?i=2242">curl: progress bar refresh, get width using ioctl()</a>
BGF <a href="https://curl.haxx.se/mail/lib-2018-01/0087.html">CONNECT_TO: fail attempt to set an IPv6 numerical without IPv6 support</a>
</ul>
<a name="7_57_0"></a>
SUBTITLE(Fixed in 7.57.0 - November 29 2017)
<p> Changes:
<ul class="changes">
CHG <a href="https://curl.haxx.se/bug/?i=1934">auth: add support for RFC7616 - HTTP Digest access authentication</a>
CHG <a href="https://curl.haxx.se/bug/?i=2043">share: add support for sharing the connection cache</a>
CHG <a href="https://curl.haxx.se/bug/?i=2045">HTTP: implement Brotli content encoding</a>
</ul>
<p> Bugfixes:
<ul class="bugfixes">
BGF <a href="https://curl.haxx.se/docs/CVE-2017-8816.html">CVE-2017-8816: NTLM buffer overflow via integer overflow</a>
BGF <a href="https://curl.haxx.se/docs/CVE-2017-8817.html">CVE-2017-8817: FTP wildcard out of bounds read</a>
BGF <a href="https://curl.haxx.se/docs/CVE-2017-8818.html">CVE-2017-8818: SSL out of buffer access</a>
BGF <a href="https://curl.haxx.se/bug/?i=2008">curl_mime_filedata.3: fix typos</a>
BGF <a href="https://curl.haxx.se/bug/?i=2006">libtest: Add required test libraries for lib1552 and lib1553</a>
BGF <a href="https://curl.haxx.se/bug/?i=2004">fix time diffs for systems using unsigned time_t</a>
BGF <a href="https://curl.haxx.se/bug/?i=2013">ftplistparser: memory leak fix: free temporary memory always</a>
BGF <a href="https://curl.haxx.se/bug/?i=1982">multi: allow table handle sizes to be overridden</a>
BGF <a href="https://curl.haxx.se/bug/?i=2016">wildcards: don't use with non-supported protocols</a>
BGF <a href="https://curl.haxx.se/bug/?i=2015">curl_fnmatch: return error on illegal wildcard pattern</a>
BGF <a href="https://curl.haxx.se/bug/?i=2001">transfer: Fix chunked-encoding upload too early exit</a>
BGF <a href="https://curl.haxx.se/bug/?i=2025">curl_setup: Improve detection of CURL_WINDOWS_APP</a>
BGF <a href="https://curl.haxx.se/bug/?i=2023">resolvers: only include anything if needed</a>
BGF setopt: fix CURLOPT_SSH_AUTH_TYPES option read
BGF appveyor: add a win32 build
BGF <a href="https://curl.haxx.se/bug/?i=2021">Curl_timeleft: change return type to timediff_t</a>
BGF <a href="https://curl.haxx.se/bug/?i=1879">cmake: Export libcurl and curl targets to use by other cmake projects</a>
BGF <a href="https://curl.haxx.se/bug/?i=2022">curl: in -F option arg, comma is a delimiter for files only</a>
BGF curl: improved ";type=" handling in -F option arguments
BGF <a href="https://curl.haxx.se/bug/?i=2033">timeval: use mach_absolute_time() on MacOS</a>
BGF <a href="https://curl.haxx.se/bug/?i=2034">curlx: the timeval functions are no longer provided as curlx_*</a>
BGF <a href="https://curl.haxx.se/bug/?i=2026">mkhelp.pl: do not generate comment with current date</a>
BGF <a href="https://curl.haxx.se/bug/?i=2031">memdebug: use send/recv signature for curl_dosend/curl_dorecv</a>
BGF <a href="https://curl.haxx.se/bug/?i=2032">cookie: avoid NULL dereference</a>
BGF <a href="https://curl.haxx.se/mail/lib-2017-11/0000.html">url: fix CURLOPT_POSTFIELDSIZE arg value check to allow -1</a>
BGF include: remove conncache.h inclusion from where its not needed
BGF <a href="https://curl.haxx.se/bug/?i=2038">CURLOPT_MAXREDIRS: allow -1 as a value</a>
BGF tests: Fixed torture tests on tests 556 and 650
BGF http2: Fixed OOM handling in upgrade request
BGF url: fix CURLOPT_DNS_CACHE_TIMEOUT arg value check to allow -1
BGF <a href="https://curl.haxx.se/bug/?i=2047">CURLOPT_INFILESIZE: accept -1</a>
BGF <a href="https://curl.haxx.se/bug/?i=2044">curl: pass through [] in URLs instead of calling globbing error</a>
BGF <a href="https://curl.haxx.se/bug/?i=1959">curl: speed up handling of many URLs</a>
BGF <a href="https://curl.haxx.se/bug/?i=2054">ntlm: avoid malloc(0) for zero length passwords</a>
BGF <a href="https://github.com/curl/curl/commit/f121575#commitcomment-25347120">url: remove faulty arg value check from CURLOPT_SSH_AUTH_TYPES</a>
BGF <a href="https://curl.haxx.se/bug/?i=2002">HTTP: support multiple Content-Encodings</a>
BGF travis: add a job with brotli enabled
BGF url: remove unnecessary NULL-check
BGF fnmatch: remove dead code
BGF <a href="https://curl.haxx.se/bug/?i=2053">connect: store IPv6 connection status after valid connection</a>
BGF <a href="https://curl.haxx.se/bug/?i=2061">imap: deal with commands case insensitively</a>
BGF <a href="https://curl.haxx.se/bug/?i=2024">--interface: add support for Linux VRF</a>
BGF <a href="https://curl.haxx.se/bug/?i=2060">content_encoding: fix inflate_stream for no bytes available</a>
BGF <a href="https://curl.haxx.se/bug/?i=2064">cmake: Correctly include curl.rc in Windows builds</a>
BGF <a href="https://curl.haxx.se/bug/?i=2067">cmake: Add missing setmode check</a>
BGF <a href="https://curl.haxx.se/bug/?i=2071">connect.c: remove executable bit on file</a>
BGF SMB: fix uninitialized local variable
BGF <a href="https://curl.haxx.se/mail/lib-2017-11/0032.html">zlib/brotli: only include header files in modules needing them</a>
BGF <a href="https://curl.haxx.se/bug/?i=2072">URL: return error on malformed URLs with junk after IPv6 bracket</a>
BGF <a href="https://curl.haxx.se/bug/?i=2079">openssl: fix too broad use of HAVE_OPAQUE_EVP_PKEY</a>
BGF <a href="https://curl.haxx.se/bug/?i=2080">macOS: Fix missing connectx function with Xcode version older than 9.0</a>
BGF <a href="https://curl.haxx.se/bug/?i=2087">--resolve: allow IP address within [] brackets</a>
BGF <a href="https://curl.haxx.se/bug/?i=2096">examples/curlx: Fix code style</a>
BGF <a href="https://curl.haxx.se/bug/?i=2098">ntlm: remove unnecessary NULL-check to please scan-build</a>
BGF <a href="https://curl.haxx.se/bug/?i=2098">Curl_llist_remove: fix potential NULL pointer deref</a>
BGF <a href="https://curl.haxx.se/bug/?i=2098">mime: fix "Value stored to 'sz' is never read" scan-build error</a>
BGF <a href="https://curl.haxx.se/bug/?i=2098">openssl: fix "Value stored to 'rc' is never read" scan-build error</a>
BGF <a href="https://curl.haxx.se/bug/?i=2098">http2: fix "Value stored to 'hdbuf' is never read" scan-build error</a>
BGF <a href="https://curl.haxx.se/bug/?i=2098">http2: fix "Value stored to 'end' is never read" scan-build error</a>
BGF <a href="https://curl.haxx.se/bug/?i=2098">Curl_open: fix OOM return error correctly</a>
BGF <a href="https://curl.haxx.se/bug/?i=2073">url: reject ASCII control characters and space in host names</a>
BGF <a href="https://curl.haxx.se/bug/?i=2106">examples/rtsp: clear RANGE again after use</a>
BGF <a href="https://curl.haxx.se/bug/?i=2104">connect: improve the bind error message</a>
BGF <a href="https://curl.haxx.se/bug/?i=2097">make: fix "make distclean"</a>
BGF <a href="https://curl.haxx.se/bug/?i=2056">connect: add support for new TCP Fast Open API on Linux</a>
BGF <a href="https://curl.haxx.se/bug/?i=2109">metalink: fix memory-leak and NULL pointer dereference</a>
BGF <a href="https://curl.haxx.se/bug/?i=2110">URL: update "file:" URL handling</a>
BGF <a href="https://curl.haxx.se/bug/?i=2111">ssh: remove check for a NULL pointer</a>
BGF <a href="https://curl.haxx.se/bug/?i=2083">global_init: ignore CURL_GLOBAL_SSL's absence</a>
</ul>
<a name="7_56_1"></a>
SUBTITLE(Fixed in 7.56.1 - October 23 2017)
<p> Bugfixes:
<ul class="bugfixes">
BGF <a href="https://curl.haxx.se/docs/CVE-2017-1000257.html">imap: if a FETCH response has no size, don't call write callback</a>
BGF <a href="https://curl.haxx.se/bug/?i=1939">ftp: UBsan fixup 'pointer index expression overflowed</a>
BGF <a href="https://curl.haxx.se/bug/?i=1936">failf: skip the sprintf() if there are no consumers</a>
BGF <a href="https://curl.haxx.se/bug/?i=1923">fuzzer: move to using external curl-fuzzer</a>
BGF <a href="https://curl.haxx.se/bug/?i=1942">lib/Makefile.m32: allow customizing dll suffixes</a>
BGF <a href="https://curl.haxx.se/bug/?i=1946">docs: fix typo in curl_mime_data_cb man page</a>
BGF <a href="https://curl.haxx.se/bug/?i=1794">darwinssl: add support for TLSv1.3</a>
BGF <a href="https://curl.haxx.se/bug/?i=1945">build: fix --disable-crypto-auth</a>
BGF <a href="https://curl.haxx.se/bug/?i=1943">lib/config-win32.h: let SMB/SMBS be enabled with OpenSSL/NSS</a>
BGF <a href="https://curl.haxx.se/bug/?i=1955">openssl: fix build without HAVE_OPAQUE_EVP_PKEY</a>
BGF <a href="https://curl.haxx.se/bug/?i=1950">strtoofft: Remove extraneous null check</a>
BGF <a href="https://curl.haxx.se/bug/?i=1954">multi_cleanup: call DONE on handles that never got that</a>
BGF tests: added flaky keyword to tests 587 and 644
BGF <a href="https://curl.haxx.se/bug/?i=1953">pingpong: return error when trying to send without connection</a>
BGF <a href="https://curl.haxx.se/bug/?i=1960">remove_handle: call multi_done() first, then clear dns cache pointer</a>
BGF mime: be tolerant about setting the same header list twice in a part
BGF mime: improve unbinding top multipart from easy handle
BGF mime: avoid resetting a part's encoder when part's contents change
BGF <a href="https://curl.haxx.se/bug/?i=1962">mime: refuse to add subparts to one of their own descendants</a>
BGF <a href="https://curl.haxx.se/bug/?i=1969">RTSP: avoid integer overflow on funny RTSP responses</a>
BGF <a href="https://curl.haxx.se/bug/?i=1964">curl: don't pass semicolons when parsing Content-Disposition</a>
BGF <a href="https://curl.haxx.se/bug/?i=1948">openssl: enable PKCS12 support for !BoringSSL</a>
BGF FAQ: s/CURLOPT_PROGRESSFUNCTION/CURLOPT_XFERINFOFUNCTION
BGF CURLOPT_NOPROGRESS.3: also refer to xferinfofunction
BGF CURLOPT_XFERINFODATA.3: fix duplicate see also
BGF <a href="https://curl.haxx.se/bug/?i=1974">test298: verify --ftp-method nowcwd with URL encoded path</a>
BGF <a href="https://curl.haxx.se/bug/?i=1974">FTP: URL decode path for dir listing in nocwd mode</a>
BGF <a href="https://curl.haxx.se/bug/?i=1977">smtp_done: fix memory leak on send failure</a>
BGF ftpserver: support case insensitive commands
BGF test950; verify SMTP with custom request
BGF <a href="https://curl.haxx.se/bug/?i=1979">openssl: don't use old BORINGSSL_YYYYMM macros</a>
BGF <a href="https://curl.haxx.se/bug/?i=1941">setopt: update current connection SSL verify params</a>