diff options
Diffstat (limited to 'RELEASE-NOTES')
-rw-r--r-- | RELEASE-NOTES | 462 |
1 files changed, 263 insertions, 199 deletions
diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 0d8d2781..4cdab8d1 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -1,115 +1,144 @@ -Curl and libcurl 7.61.1 +Curl and libcurl 7.62.0 - Public curl releases: 176 - Command line options: 218 - curl_easy_setopt() options: 258 - Public functions in libcurl: 74 - Contributors: 1787 + Public curl releases: 177 + Command line options: 219 + curl_easy_setopt() options: 261 + Public functions in libcurl: 80 + Contributors: 1808 + +This release includes the following changes: + + o multiplex: enable by default [4] + o url: default to CURL_HTTP_VERSION_2TLS if built h2-enabled [4] + o setopt: add CURLOPT_DOH_URL [7] + o curl: --doh-url added [7] + o setopt: add CURLOPT_UPLOAD_BUFFERSIZE: set upload buffer size [8] + o imap: change from "FETCH" to "UID FETCH" [9] + o configure: add option to disable automatic OpenSSL config loading [10] + o upkeep: add a connection upkeep API: curl_easy_upkeep() [11] + o URL-API: added five new functions [12] + o vtls: MesaLink is a new TLS backend [23] This release includes the following bugfixes: - o security advisory (CVE-2018-14618): NTLM password overflow via integer overflow [73] - o CURLINFO_SIZE_UPLOAD: fix missing counter update [46] - o CURLOPT_ACCEPT_ENCODING.3: list them comma-separated - o CURLOPT_SSL_CTX_FUNCTION.3: might cause accidental connection reuse [72] - o Curl_getoff_all_pipelines: improved for multiplexed [3] - o DEPRECATE: remove release date from 7.62.0 - o HTTP: Don't attempt to needlessly decompress redirect body [30] - o INTERNALS: require GnuTLS >= 2.11.3 [62] - o README.md: add LGTM.com code quality grade for C/C++ [42] - o SSLCERTS: improve the openssl command line - o Silence GCC 8 cast-function-type warnings [47] - o ares: check for NULL in completed-callback [3] - o asyn-thread: Remove unused macro [40] - o auth: only pick CURLAUTH_BEARER if we *have* a Bearer token [15] - o auth: pick Bearer authentication whenever a token is available [15] - o cmake: CMake config files are defining CURL_STATICLIB for static builds [54] - o cmake: Respect BUILD_SHARED_LIBS [35] - o cmake: Update scripts to use consistent style [9] - o cmake: bumped minimum version to 3.4 [34] - o cmake: link curl to the OpenSSL targets instead of lib absolute paths [34] - o configure: conditionally enable pedantic-errors [64] - o configure: fix for -lpthread detection with OpenSSL and pkg-config [38] - o conn: remove the boolean 'inuse' field [3] - o content_encoding: accept up to 4 unknown trailer bytes after raw deflate data [5] - o cookie tests: treat files as text - o cookies: support creation-time attribute for cookies [75] - o curl: Fix segfault when -H @headerfile is empty [23] - o curl: add http code 408 to transient list for --retry [78] - o curl: fix time-of-check, time-of-use race in dir creation [71] - o curl: use Content-Disposition before the "URL end" for -OJ [29] - o curl: warn the user if a given file name looks like an option [56] - o curl_threads: silence bad-function-cast warning [69] - o darwinssl: add support for ALPN negotiation [7] - o docs/CURLOPT_URL: fix indentation [20] - o docs/CURLOPT_WRITEFUNCTION: size is always 1 [19] - o docs/SECURITY-PROCESS: mention bounty, drop pre-notify - o docs/examples: add hiperfifo example using linux epoll/timerfd [21] - o docs: add disallow-username-in-url.d and haproxy-protocol.d to dist [50] - o docs: clarify NO_PROXY env variable functionality [70] - o docs: improved the manual pages of some callbacks [48] - o docs: mention NULL is fine input to several functions [43] - o formdata: Remove unused macro HTTPPOST_CONTENTTYPE_DEFAULT [40] - o gopher: Do not translate `?' to `%09' [67] - o header output: switch off all styles, not just unbold [8] - o hostip: fix unused variable warning - o http2: Use correct format identifier for stream_id [77] - o http2: abort the send_callback if not setup yet [63] - o http2: avoid set_stream_user_data() before stream is assigned [61] - o http2: check nghttp2_session_set_stream_user_data return code [55] - o http2: clear the drain counter in Curl_http2_done [27] - o http2: make sure to send after RST_STREAM [58] - o http2: separate easy handle from connections better [12] - o http: fix for tiny "HTTP/0.9" response [51] - o http_proxy: Remove unused macro SELECT_TIMEOUT [40] - o lib/Makefile: only do symbol hiding if told to [32] - o lib1502: fix memory leak in torture test [44] - o lib1522: fix curl_easy_setopt argument type - o libcurl-thread.3: expand somewhat on the NO_SIGNAL motivation [66] - o mime: check Curl_rand_hex's return code [22] - o multi: always do the COMPLETED procedure/state [3] - o openssl: assume engine support in 1.0.0 or later [2] - o openssl: fix debug messages [39] - o projects: Improve Windows perl detection in batch scripts [49] - o retry: return error if rewind was necessary but didn't happen [28] - o reuse_conn(): memory leak - free old_conn->options [17] - o schannel: client certificate store opening fix [68] - o schannel: enable CALG_TLS1PRF for w32api >= 5.1 - o schannel: fix MinGW compile break [1] - o sftp: don't send post-qoute sequence when retrying a connection [79] - o smb: fix memory leak on early failure [26] - o smb: fix memory-leak in URL parse error path [4] - o smb_getsock: always wait for write socket too [11] - o ssh-libssh: fix infinite connect loop on invalid private key [53] - o ssh-libssh: reduce excessive verbose output about pubkey auth [53] - o ssh-libssh: use FALLTHROUGH to silence gcc8 [76] - o ssl: set engine implicitly when a PKCS#11 URI is provided [36] - o sws: handle EINTR when calling select() [24] - o system_win32: fix version checking [16] - o telnet: Remove unused macros TELOPTS and TELCMDS [40] - o test1143: disable MSYS2's POSIX path conversion [10] - o test1148: disable if decimal separator is not point [65] - o test1307: (fnmatch testing) disabled [31] - o test1422: add required file feature [6] - o test1531: Add timeout [41] - o test1540: Remove unused macro TEST_HANG_TIMEOUT [40] - o test214: disable MSYS2's POSIX path conversion for URL - o test320: treat curl320.out file as binary [14] - o tests/http_pipe.py: Use /usr/bin/env to find python - o tests: Don't use Windows path %PWD for SSH tests [74] - o tests: fixes for Windows line endlings [13] - o tool_operate: Fix setting proxy TLS 1.3 ciphers - o travis: build darwinssl on macos 10.12 to fix linker errors [33] - o travis: execute "set -eo pipefail" for coverage build [45] - o travis: run a 'make checksrc' too [25] - o travis: update to GCC-8 [52] - o travis: verify that man pages can be regenerated [50] - o upload: allocate upload buffer on-demand [60] - o upload: change default UPLOAD_BUFSIZE to 64KB [60] - o urldata: remove unused pipe_broke struct field [57] - o vtls: reinstantiate engine on duplicated handles [59] - o windows: implement send buffer tuning [37] - o wolfSSL/CyaSSL: Fix memory leak in Curl_cyassl_random [18] + o CVE-2018-16839: SASL password overflow via integer overflow [107] + o CVE-2018-16840: use-after-free in handle close [108] + o CVE-2018-16842: warning message out-of-buffer read [114] + o CURLOPT_DNS_USE_GLOBAL_CACHE: deprecated [5] + o Curl_dedotdotify(): always nul terminate returned string [46] + o Curl_follow: Always free the passed new URL [87] + o Curl_http2_done: fix memleak in error path [51] + o Curl_retry_request: fix memory leak [49] + o Curl_saferealloc: Fixed typo in docblock [40] + o FILE: fix CURLOPT_NOBODY and CURLOPT_HEADER output [78] + o GnutTLS: TLS 1.3 support [39] + o SECURITY-PROCESS: mention the bountygraph program [42] + o VS projects: add USE_IPV6: [91] + o Windows: fixes for MinGW targeting Windows Vista [82] + o anyauthput: fix compiler warning on 64-bit Windows [21] + o appveyor: add WinSSL builds [81] + o appveyor: run test suite (on Windows!) [65] + o certs: generate tests certs with sha256 digest algorithm [37] + o checksrc: enable strict mode and warnings [63] + o checksrc: handle zero scoped ignore commands [62] + o cmake: Backport to work with CMake 3.0 again [55] + o cmake: Improve config installation [60] + o cmake: add support for transitive ZLIB target [113] + o cmake: disable -Wpedantic-ms-format [84] + o cmake: don't require OpenSSL if USE_OPENSSL=OFF [35] + o cmake: fixed path used in generation of docs/tests [56] + o cmake: remove unused *SOCKLEN_T variables [102] + o cmake: suppress MSVC warning C4127 for libtest + o cmake: test and set missed defines during configuration [64] + o comment: Fix multiple typos in function parameters [69] + o config: Remove unused SIZEOF_VOIDP [104] + o config_win32: enable LDAPS [92] + o configure: force-use -lpthreads on HPUX [41] + o configure: remove CURL_CONFIGURE_CURL_SOCKLEN_T [101] + o configure: s/AC_RUN_IFELSE/CURL_RUN_IFELSE [53] + o cookies: Remove redundant expired check [14] + o cookies: fix leak when writing cookies to file [15] + o curl-config.in: remove dependency on bc [99] + o curl.1: --ipv6 mutexes ipv4 (fixed typo) [98] + o curl: enabled Windows VT Support and UTF-8 output [57] + o curl: update the documentation of --tlsv1.0 [17] + o curl_multi_wait: call getsock before figuring out timeout [34] + o curl_ntlm_wb: check aprintf() return codes [75] + o curl_threads: fix classic MinGW compile break [54] + o darwinssl: Fix realloc memleak [32] + o darwinssl: more specific and unified error codes [6] + o data-binary.d: clarify default content-type is x-www-form-urlencoded [71] + o docs/BUG-BOUNTY: explain the bounty program [76] + o docs/CIPHERS: Mention the options used to set TLS 1.3 ciphers [89] + o docs/CIPHERS: fix the TLS 1.3 cipher names [95] + o docs/CIPHERS: mention the colon separation for OpenSSL [73] + o docs/examples: URL updates [45] + o docs: add "see also" links for SSL options [85] + o example/asiohiper: insert warning comment about its status [18] + o example/htmltidy: fix include paths of tidy libraries [52] + o examples/Makefile.m32: sync with core [44] + o examples/http2-pushinmemory: receive HTTP/2 pushed files in memory [33] + o examples/parseurl.c: show off the URL API [43] + o examples: Fix memory leaks from realloc errors [31] + o examples: do not wait when no transfers are running [16] + o ftp: include command in Curl_ftpsend sendbuffer [25] + o gskit: make sure to terminate version string [79] + o gtls: Values stored to but never read [97] + o hostip: fix check on Curl_shuffle_addr return value [77] + o http2: fix memory leaks on error-path [29] + o http: fix memleak in rewind error path [50] + o krb5: fix memory leak in krb_auth [25] + o ldap: show precise LDAP call in error message on Windows [83] + o lib: fix gcc8 warning on Windows [20] + o memory: add missing curl_printf header [30] + o memory: ensure to check allocation results [68] + o multi: Fix error handling in the SENDPROTOCONNECT state [112] + o multi: fix memory leak in content encoding related error path [59] + o multi: make the closure handle "inherit" CURLOPT_NOSIGNAL [90] + o netrc: free temporary strings if memory allocation fails [103] + o nss: fix nssckbi module loading on Windows [70] + o nss: try to connect even if libnssckbi.so fails to load [36] + o ntlm_wb: Fix memory leaks in ntlm_wb_response [24] + o ntlm_wb: bail out if the response gets overly large [13] + o openssl: assume engine support in 0.9.8 or later [27] + o openssl: enable TLS 1.3 post-handshake auth [47] + o openssl: fix gcc8 warning [19] + o openssl: load built-in engines too [48] + o openssl: make 'done' a proper boolean [97] + o openssl: output the correct cipher list on TLS 1.3 error [95] + o openssl: return CURLE_PEER_FAILED_VERIFICATION on failure to parse issuer [6] + o openssl: show "proper" version number for libressl builds [28] + o pipelining: deprecated [1] + o rand: add comment to skip a clang-tidy false positive + o rtmp: fix for compiling with lwIP [100] + o runtests: ignore disabled even when ranges are given [74] + o runtests: skip ld_preload tests on macOS [80] + o runtests: use Windows paths for Windows curl + o schannel: unified error code handling [6] + o sendf: Fix whitespace in infof/failf concatenation [26] + o ssh: free the session on init failures [96] + o ssl: deprecate CURLE_SSL_CACERT in favour of a unified error code [6] + o system.h: use proper setting with Sun C++ as well [109] + o test1299: use single quotes around asterisk [72] + o test1452: mark as flaky [2] + o test1651: unit test Curl_extract_certinfo() [110] + o test320: strip out more HTML when comparing [66] + o tests/negtelnetserver.py: fix Python2-ism in neg TELNET server [67] + o tests: add unit tests for url.c [3] + o timeval: fix use of weak symbol clock_gettime() on Apple platforms [61] + o tool_cb_hdr: handle failure of rename() [94] + o travis: add a "make tidy" build that runs clang-tidy [105] + o travis: add build for "configure --disable-verbose" [93] + o travis: bump the Secure Transport build to use xcode [58] + o travis: make distcheck scan for BOM markers [86] + o unit1300: fix stack-use-after-scope AddressSanitizer warning [106] + o urldata: Fix "connecting" comment + o urlglob: improve error message on bad globs [22] + o vtls: fix ssl version "or later" behavior change for many backends [38] + o x509asn1: Fix SAN IP address verification [88] + o x509asn1: always check return code from getASN1Element() [110] + o x509asn1: return CURLE_PEER_FAILED_VERIFICATION on failure to parse cert [6] + o x509asn1: suppress left shift on signed value [111] This release includes the following known bugs: @@ -118,99 +147,134 @@ This release includes the following known bugs: This release would not have looked like this without help, code, reports and advice from friends like these: - adnn on github, Anderson Toshiyuki Sasaki, Andrei Virtosu, Anton Gerasimov, - Bas van Schaik, Carie Pointer, Christopher Head, clbr on github, - Dan Fandrich, Daniel Gustafsson, Daniel Jeliński, Daniel Stenberg, - Darío Hereñú, Even Rouault, Harry Sintonen, Ihor Karpenko, Jakub Zakrzewski, - Jeffrey Walton, Jeroen Ooms, Johannes Schindelin, John Butterfield, - Josh Bialkowski, Kamil Dudka, Kirill Marchuk, Laurent Bonnans, - Leonardo Taccari, Marcel Raad, Markus Elfring, Michael Kaufmann, - Nick Zitzmann, Nikos Mavrogiannopoulos, Patrick Monnerat, Paul Howarth, - Przemysław Tomaszewski, pszemus on github, Ran Mozes, Ray Satiro, - Rikard Falkeborn, Rodger Combs, Ruslan Baratov, Sergei Nikulov, - Thomas Klausner, Tobias Blomberg, Viktor Szakats, Zero King, Zhaoyang Wu, - (46 contributors) + Alexey Eremikhin, Brad King, Brian Carpenter, Christian Heimes, Colin Hogben, + Daniel Gustafsson, Daniel Shahaf, Daniel Stenberg, Dario Weißer, + Dave Reisner, Dima Pasechnik, Dmitry Kostjuchenko, Doron Behar, + Eason-Yu on github, Erik Minekus, Even Rouault, Gisle Vanem, Han Han, + Harry Sintonen, jakirkham on github, Jean Fabrice, Jim Fuller, Kamil Dudka, + Loganaden Velvindron, Marcel Raad, Marc Hörsken, Martin Ankerl, + Matthew Whitehead, Max Dymond, Maxime Legros, Michael Kaufmann, Nate Prewitt, + Nicklas Avén, Nick Zitzmann, Patrick Monnerat, Philipp Waehnert, Rainer Jung, + Ray Satiro, Rich Turner, Rick Deist, Ricky-Tigg on github, Rikard Falkeborn, + Ruslan Baratov, Sergei Nikulov, Shaun Jackman, Thomas Glanzmann, Tuomo Rinne, + Viktor Szakats, Yiming Jing, + (49 contributors) Thanks! (and sorry if I forgot to mention someone) References to bug reports and discussions on issues: - [1] = https://github.com/curl/curl/pull/2721#issuecomment-403636043 - [2] = https://curl.haxx.se/bug/?i=2732 - [3] = https://curl.haxx.se/bug/?i=2733 - [4] = https://curl.haxx.se/bug/?i=2740 - [5] = https://curl.haxx.se/bug/?i=2719 - [6] = https://curl.haxx.se/bug/?i=2741 - [7] = https://curl.haxx.se/bug/?i=2731 - [8] = https://curl.haxx.se/bug/?i=2736 - [9] = https://curl.haxx.se/bug/?i=2727 - [10] = https://curl.haxx.se/bug/?i=2765 - [11] = https://curl.haxx.se/bug/?i=2768 - [12] = https://curl.haxx.se/bug/?i=2751 - [13] = https://curl.haxx.se/bug/?i=2772 - [14] = https://curl.haxx.se/bug/?i=2776 - [15] = https://curl.haxx.se/bug/?i=2754 - [16] = https://curl.haxx.se/bug/?i=2792 - [17] = https://curl.haxx.se/bug/?i=2790 - [18] = https://curl.haxx.se/bug/?i=2784 - [19] = https://curl.haxx.se/bug/?i=2787 - [20] = https://curl.haxx.se/bug/?i=2788 - [21] = https://curl.haxx.se/bug/?i=2804 - [22] = https://curl.haxx.se/bug/?i=2795 - [23] = https://curl.haxx.se/bug/?i=2797 - [24] = https://curl.haxx.se/bug/?i=2808 - [25] = https://curl.haxx.se/bug/?i=2811 - [26] = https://curl.haxx.se/bug/?i=2769 - [27] = https://curl.haxx.se/bug/?i=2800 - [28] = https://curl.haxx.se/bug/?i=2801 - [29] = https://curl.haxx.se/bug/?i=2783 - [30] = https://curl.haxx.se/bug/?i=2798 - [31] = https://curl.haxx.se/bug/?i=2825 - [32] = https://curl.haxx.se/bug/?i=2830 - [33] = https://curl.haxx.se/bug/?i=2835 - [34] = https://curl.haxx.se/bug/?i=2753 - [35] = https://curl.haxx.se/bug/?i=2755 - [36] = https://curl.haxx.se/bug/?i=2333 - [37] = https://curl.haxx.se/mail/lib-2018-07/0080.html - [38] = https://curl.haxx.se/bug/?i=2848 - [39] = https://curl.haxx.se/bug/?i=2806 - [40] = https://curl.haxx.se/bug/?i=2852 - [41] = https://curl.haxx.se/bug/?i=2853 - [42] = https://curl.haxx.se/bug/?i=2857 - [43] = https://curl.haxx.se/bug/?i=2837 - [44] = https://curl.haxx.se/bug/?i=2861 - [45] = https://curl.haxx.se/bug/?i=2862 - [46] = https://curl.haxx.se/bug/?i=2847 - [47] = https://curl.haxx.se/bug/?i=2860 - [48] = https://curl.haxx.se/bug/?i=2868 - [49] = https://curl.haxx.se/bug/?i=2865 - [50] = https://curl.haxx.se/bug/?i=2856 - [51] = https://curl.haxx.se/bug/?i=2420 - [52] = https://curl.haxx.se/bug/?i=2869 - [53] = https://curl.haxx.se/bug/?i=2879 - [54] = https://curl.haxx.se/bug/?i=2817 - [55] = https://curl.haxx.se/bug/?i=2880 - [56] = https://curl.haxx.se/bug/?i=2885 - [57] = https://curl.haxx.se/bug/?i=2871 - [58] = https://curl.haxx.se/bug/?i=2882 - [59] = https://curl.haxx.se/bug/?i=2829 - [60] = https://curl.haxx.se/bug/?i=2892 - [61] = https://curl.haxx.se/bug/?i=2894 - [62] = https://curl.haxx.se/bug/?i=2890 - [63] = https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10012 - [64] = https://curl.haxx.se/bug/?i=2747 - [65] = https://curl.haxx.se/bug/?i=2786 - [66] = https://curl.haxx.se/bug/?i=2904 - [67] = https://curl.haxx.se/bug/?i=2910 - [68] = https://curl.haxx.se/mail/lib-2018-08/0198.html - [69] = https://curl.haxx.se/bug/?i=2908 - [70] = https://curl.haxx.se/bug/?i=2773 - [71] = https://curl.haxx.se/bug/?i=2739 - [72] = https://curl.haxx.se/bug/?i=2915 - [73] = https://curl.haxx.se/docs/CVE-2018-14618.html - [74] = https://curl.haxx.se/bug/?i=2920 - [75] = https://curl.haxx.se/bug/?i=2524 - [76] = https://curl.haxx.se/bug/?i=2922 - [77] = https://curl.haxx.se/bug/?i=2928 - [78] = https://curl.haxx.se/bug/?i=2925 - [79] = https://curl.haxx.se/bug/?i=2939 + [1] = https://curl.haxx.se/bug/?i=2705 + [2] = https://curl.haxx.se/bug/?i=2941 + [3] = https://curl.haxx.se/bug/?i=2937 + [4] = https://curl.haxx.se/bug/?i=2709 + [5] = https://curl.haxx.se/bug/?i=2942 + [6] = https://curl.haxx.se/bug/?i=2901 + [7] = https://curl.haxx.se/bug/?i=2668 + [8] = https://curl.haxx.se/bug/?i=2896 + [9] = https://curl.haxx.se/bug/?i=2789 + [10] = https://curl.haxx.se/bug/?i=2724 + [11] = https://curl.haxx.se/bug/?i=1641 + [12] = https://curl.haxx.se/bug/?i=2842 + [13] = https://curl.haxx.se/bug/?i=2959 + [14] = https://curl.haxx.se/bug/?i=2962 + [15] = https://curl.haxx.se/bug/?i=2957 + [16] = https://curl.haxx.se/bug/?i=2948 + [17] = https://curl.haxx.se/bug/?i=2955 + [18] = https://curl.haxx.se/bug/?i=2407 + [19] = https://curl.haxx.se/bug/?i=2980 + [20] = https://curl.haxx.se/bug/?i=2979 + [21] = https://curl.haxx.se/bug/?i=2972 + [22] = https://curl.haxx.se/bug/?i=2763 + [23] = https://curl.haxx.se/bug/?i=2984 + [24] = https://curl.haxx.se/bug/?i=2966 + [25] = https://curl.haxx.se/bug/?i=2985 + [26] = https://curl.haxx.se/bug/?i=2986 + [27] = https://curl.haxx.se/bug/?i=2983 + [28] = https://curl.haxx.se/bug/?i=2989 + [29] = https://curl.haxx.se/bug/?i=2992 + [30] = https://curl.haxx.se/bug/?i=2999 + [31] = https://curl.haxx.se/bug/?i=2991 + [32] = https://curl.haxx.se/bug/?i=3005 + [33] = https://curl.haxx.se/bug/?i=3004 + [34] = https://curl.haxx.se/bug/?i=2996 + [35] = https://curl.haxx.se/bug/?i=3001 + [36] = https://curl.haxx.se/bug/?i=3016 + [37] = https://curl.haxx.se/bug/?i=3014 + [38] = https://curl.haxx.se/bug/?i=2969 + [39] = https://curl.haxx.se/bug/?i=2971 + [40] = https://curl.haxx.se/bug/?i=3029 + [41] = https://curl.haxx.se/bug/?i=2697 + [42] = https://curl.haxx.se/bug/?i=3032 + [43] = https://curl.haxx.se/bug/?i=3030 + [44] = https://curl.haxx.se/bug/?i=3033 + [45] = https://curl.haxx.se/bug/?i=3036 + [46] = https://curl.haxx.se/bug/?i=3039 + [47] = https://curl.haxx.se/bug/?i=3026 + [48] = https://curl.haxx.se/bug/?i=3023 + [49] = https://curl.haxx.se/bug/?i=3042 + [50] = https://curl.haxx.se/bug/?i=3044 + [51] = https://curl.haxx.se/bug/?i=3046 + [52] = https://curl.haxx.se/bug/?i=3050 + [53] = https://curl.haxx.se/bug/?i=3006 + [54] = https://github.com/curl/curl/issues/2924#issuecomment-424334807 + [55] = https://curl.haxx.se/bug/?i=3055 + [56] = https://curl.haxx.se/bug/?i=3056 + [57] = https://curl.haxx.se/bug/?i=3008 + [58] = https://curl.haxx.se/bug/?i=3062 + [59] = https://curl.haxx.se/bug/?i=3063 + [60] = https://curl.haxx.se/bug/?i=2849 + [61] = https://curl.haxx.se/bug/?i=3048 + [62] = https://curl.haxx.se/bug/?i=3096 + [63] = https://curl.haxx.se/bug/?i=3090 + [64] = https://curl.haxx.se/bug/?i=3097 + [65] = https://curl.haxx.se/bug/?i=3100 + [66] = https://curl.haxx.se/bug/?i=3093 + [67] = https://curl.haxx.se/bug/?i=2929 + [68] = https://curl.haxx.se/bug/?i=3084 + [69] = https://curl.haxx.se/bug/?i=3079 + [70] = https://curl.haxx.se/bug/?i=3086 + [71] = https://curl.haxx.se/bug/?i=3085 + [72] = https://github.com/curl/curl/issues/1751#issuecomment-321522580 + [73] = https://curl.haxx.se/bug/?i=3077 + [74] = https://curl.haxx.se/bug/?i=3075 + [75] = https://curl.haxx.se/bug/?i=3111 + [76] = https://curl.haxx.se/bug/?i=3067 + [77] = https://curl.haxx.se/bug/?i=3110 + [78] = https://curl.haxx.se/bug/?i=3083 + [79] = https://curl.haxx.se/bug/?i=3105 + [80] = https://curl.haxx.se/bug/?i=2394 + [81] = https://curl.haxx.se/bug/?i=3104 + [82] = https://curl.haxx.se/bug/?i=3113 + [83] = https://curl.haxx.se/bug/?i=3118 + [84] = https://curl.haxx.se/bug/?i=3120 + [85] = https://curl.haxx.se/bug/?i=3121 + [86] = https://curl.haxx.se/bug/?i=3126 + [87] = https://curl.haxx.se/bug/?i=3124 + [88] = https://curl.haxx.se/bug/?i=3102 + [89] = https://curl.haxx.se/bug/?i=3159 + [90] = https://curl.haxx.se/bug/?i=3138 + [91] = https://curl.haxx.se/bug/?i=3137 + [92] = https://curl.haxx.se/bug/?i=3137 + [93] = https://curl.haxx.se/bug/?i=3144 + [94] = https://curl.haxx.se/bug/?i=3140 + [95] = https://curl.haxx.se/bug/?i=3178 + [96] = https://curl.haxx.se/bug/?i=3179 + [97] = https://curl.haxx.se/bug/?i=3176 + [98] = https://curl.haxx.se/bug/?i=3171 + [99] = https://curl.haxx.se/bug/?i=3143 + [100] = https://curl.haxx.se/bug/?i=3155 + [101] = https://curl.haxx.se/bug/?i=3168 + [102] = https://curl.haxx.se/bug/?i=3166 + [103] = https://curl.haxx.se/bug/?i=3122 + [104] = https://curl.haxx.se/bug/?i=3162 + [105] = https://curl.haxx.se/bug/?i=3182 + [106] = https://curl.haxx.se/bug/?i=3182 + [107] = https://curl.haxx.se/docs/CVE-2018-16839.html + [108] = https://curl.haxx.se/docs/CVE-2018-16840.html + [109] = https://curl.haxx.se/bug/?i=3181 + [110] = https://curl.haxx.se/bug/?i=3163 + [111] = https://curl.haxx.se/bug/?i=3163 + [112] = https://curl.haxx.se/bug/?i=3170 + [113] = https://curl.haxx.se/bug/?i=3123 + [114] = https://curl.haxx.se/docs/CVE-2018-16842.html |