Mercurial > hgrepos > Python2 > PyMuPDF
diff mupdf-source/thirdparty/curl/RELEASE-NOTES @ 2:b50eed0cc0ef upstream
ADD: MuPDF v1.26.7: the MuPDF source as downloaded by a default build of PyMuPDF 1.26.4.
The directory name has changed: no version number in the expanded directory now.
| author | Franz Glasner <fzglas.hg@dom66.de> |
|---|---|
| date | Mon, 15 Sep 2025 11:43:07 +0200 |
| parents | |
| children |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/mupdf-source/thirdparty/curl/RELEASE-NOTES Mon Sep 15 11:43:07 2025 +0200 @@ -0,0 +1,194 @@ +curl and libcurl 7.66.0 + + Public curl releases: 185 + Command line options: 225 + curl_easy_setopt() options: 269 + Public functions in libcurl: 81 + Contributors: 1991 + +This release includes the following changes: + + o CURLINFO_RETRY_AFTER: parse the Retry-After header value [35] + o HTTP3: initial (experimental still not working) support [5] + o curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the tool [27] + o curl: support parallel transfers with -Z [4] + o curl_multi_poll: a sister to curl_multi_wait() that waits more [28] + o sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID [27] + +This release includes the following bugfixes: + + o CVE-2019-5481: FTP-KRB double-free [64] + o CVE-2019-5482: TFTP small blocksize heap buffer overflow [65] + o CI: remove duplicate configure flag for LGTM.com + o CMake: remove needless newlines at end of gss variables + o CMake: use platform dependent name for dlopen() library [62] + o CURLINFO docs: mention that in redirects times are added [55] + o CURLOPT_ALTSVC.3: use a "" file name to not load from a file + o CURLOPT_ALTSVC_CTRL.3: remove CURLALTSVC_ALTUSED + o CURLOPT_HEADERFUNCTION.3: clarify [54] + o CURLOPT_HTTP_VERSION: seting this to 3 forces HTTP/3 use directly [33] + o CURLOPT_READFUNCTION.3: provide inline example + o CURLOPT_SSL_VERIFYHOST: treat the value 1 as 2 [51] + o Curl_addr2string: take an addrlen argument too [61] + o Curl_fillreadbuffer: avoid double-free trailer buf on error [66] + o HTTP: use chunked Transfer-Encoding for HTTP_POST if size unknown [10] + o alt-svc: add protocol version selection masking [31] + o alt-svc: fix removal of expired cache entry [30] + o alt-svc: make it use h3-22 with ngtcp2 as well + o alt-svc: more liberal ALPN name parsing [17] + o alt-svc: send Alt-Used: in redirected requests [32] + o alt-svc: with quiche, use the quiche h3 alpn string [16] + o appveyor: pass on -k to make + o asyn-thread: create a socketpair to wait on [14] + o build-openssl: fix build with Visual Studio 2019 [45] + o cleanup: move functions out of url.c and make them static [58] + o cleanup: remove the 'numsocks' argument used in many places [25] + o configure: avoid undefined check_for_ca_bundle [37] + o curl.h: add CURL_HTTP_VERSION_3 to the version enum + o curl.h: fix outdated comment [23] + o curl: cap the maximum allowed values for retry time arguments [13] + o curl: handle a libcurl build without netrc support [63] + o curl: make use of CURLINFO_RETRY_AFTER when retrying [35] + o curl: remove outdated comment [24] + o curl: use .curlrc (with a dot) on Windows [52] + o curl: use CURLINFO_PROTOCOL to check for HTTP(s) + o curl_global_init_mem.3: mention it was added in 7.12.0 + o curl_version: bump string buffer size to 250 + o curl_version_info.3: mentioned ALTSVC and HTTP3 + o curl_version_info: offer quic (and h3) library info [38] + o curl_version_info: provide nghttp2 details [2] + o defines: avoid underscore-prefixed defines [47] + o docs/ALTSVC: remove what works and the experimental explanation [34] + o docs/EXPERIMENTAL: explain what it means and what's experimental now + o docs/MANUAL.md: converted to markdown from plain text [3] + o docs/examples/curlx: fix errors [48] + o docs: s/curl_debug/curl_dbg_debug in comments and docs [36] + o easy: resize receive buffer on easy handle reset [9] + o examples: Avoid reserved names in hiperfifo examples [8] + o examples: add http3.c, altsvc.c and http3-present.c [40] + o getenv: support up to 4K environment variable contents on windows [21] + o http09: disable HTTP/0.9 by default in both tool and library [29] + o http2: when marked for closure and wanted to close == OK [56] + o http2_recv: trigger another read when the last data is returned [11] + o http: fix use of credentials from URL when using HTTP proxy [44] + o http_negotiate: improve handling of gss_init_sec_context() failures [18] + o md4: Use our own MD4 when no crypto libraries are available [15] + o multi: call detach_connection before Curl_disconnect [6] + o netrc: make the code try ".netrc" on Windows [52] + o nss: use TLSv1.3 as default if supported [39] + o openssl: build warning free with boringssl [50] + o openssl: use SSL_CTX_set_<min|max>_proto_version() when available [68] + o plan9: add support for running on Plan 9 [22] + o progress: reset download/uploaded counter between transfers [12] + o readwrite_data: repair setting the TIMER_STARTTRANSFER stamp [26] + o scp: fix directory name length used in memcpy [46] + o smb: init *msg to NULL in smb_send_and_recv() [60] + o smtp: check for and bail out on too short EHLO response [59] + o source: remove names from source comments [1] + o spnego_sspi: add typecast to fix build warning [49] + o src/makefile: fix uncompressed hugehelp.c generation [19] + o ssh-libssh: do not specify O_APPEND when not in append mode [7] + o ssh: move code into vssh for SSH backends [53] + o sspi: fix memory leaks [67] + o tests: Replace outdated test case numbering documentation [43] + o tftp: return error when packet is too small for options + o timediff: make it 64 bit (if possible) even with 32 bit time_t [20] + o travis: reduce number of torture tests in 'coverage' [42] + o url: make use of new HTTP version if alt-svc has one [16] + o urlapi: verify the IPv6 numerical address [69] + o urldata: avoid 'generic', use dedicated pointers [57] + o vauth: Use CURLE_AUTH_ERROR for auth function errors [41] + +This release includes the following known bugs: + + o see docs/KNOWN_BUGS (https://curl.haxx.se/docs/knownbugs.html) + +This release would not have looked like this without help, code, reports and +advice from friends like these: + + Alessandro Ghedini, Alex Mayorga, Amit Katyal, Balazs Kovacsics, + Brad Spencer, Brandon Dong, Carlo Marcelo Arenas Belón, Christopher Head, + Clément Notin, codesniffer13 on github, Daniel Gustafsson, Daniel Stenberg, + Dominik Hölzl, Eric Wong, Felix Hädicke, Gergely Nagy, Gisle Vanem, + Igor Makarov, Ironbars13 on github, Jason Lee, Jeremy Lainé, + Jonathan Cardoso Machado, Junho Choi, Kamil Dudka, Kyle Abramowitz, + Kyohei Kadota, Lance Ware, Marcel Raad, Max Dymond, Michael Lee, + Michal Čaplygin, migueljcrum on github, Mike Crowe, niallor on github, + osabc on github, patnyb on github, Patrick Monnerat, Peter Wu, Ray Satiro, + Rolf Eike Beer, Steve Holme, Tatsuhiro Tsujikawa, The Infinnovation team, + Thomas Vegas, Tom van der Woerdt, Yiming Jing, + (46 contributors) + + Thanks! (and sorry if I forgot to mention someone) + +References to bug reports and discussions on issues: + + [1] = https://curl.haxx.se/bug/?i=4129 + [2] = https://curl.haxx.se/bug/?i=4121 + [3] = https://curl.haxx.se/bug/?i=4131 + [4] = https://curl.haxx.se/bug/?i=3804 + [5] = https://curl.haxx.se/bug/?i=3500 + [6] = https://curl.haxx.se/bug/?i=4144 + [7] = https://curl.haxx.se/bug/?i=4147 + [8] = https://curl.haxx.se/bug/?i=4153 + [9] = https://curl.haxx.se/bug/?i=4143 + [10] = https://curl.haxx.se/bug/?i=4138 + [11] = https://curl.haxx.se/bug/?i=4043 + [12] = https://curl.haxx.se/bug/?i=4084 + [13] = https://curl.haxx.se/bug/?i=4166 + [14] = https://curl.haxx.se/bug/?i=4157 + [15] = https://curl.haxx.se/bug/?i=3780 + [16] = https://curl.haxx.se/bug/?i=4183 + [17] = https://curl.haxx.se/bug/?i=4182 + [18] = https://curl.haxx.se/bug/?i=3992 + [19] = https://curl.haxx.se/bug/?i=4176 + [20] = https://curl.haxx.se/bug/?i=4165 + [21] = https://curl.haxx.se/bug/?i=4174 + [22] = https://curl.haxx.se/bug/?i=3701 + [23] = https://curl.haxx.se/bug/?i=4167 + [24] = https://curl.haxx.se/bug/?i=4172 + [25] = https://curl.haxx.se/bug/?i=4169 + [26] = https://curl.haxx.se/bug/?i=4136 + [27] = https://curl.haxx.se/bug/?i=3653 + [28] = https://curl.haxx.se/bug/?i=4163 + [29] = https://curl.haxx.se/bug/?i=4191 + [30] = https://curl.haxx.se/bug/?i=4192 + [31] = https://curl.haxx.se/bug/?i=4201 + [32] = https://curl.haxx.se/bug/?i=4199 + [33] = https://curl.haxx.se/bug/?i=4197 + [34] = https://curl.haxx.se/bug/?i=4198 + [35] = https://curl.haxx.se/bug/?i=3794 + [36] = https://curl.haxx.se/bug/?i=3794 + [37] = https://curl.haxx.se/bug/?i=4213 + [38] = https://curl.haxx.se/bug/?i=4216 + [39] = https://curl.haxx.se/bug/?i=4187 + [40] = https://curl.haxx.se/bug/?i=4221 + [41] = https://curl.haxx.se/bug/?i=3848 + [42] = https://curl.haxx.se/bug/?i=4223 + [43] = https://curl.haxx.se/bug/?i=4227 + [44] = https://curl.haxx.se/bug/?i=4228 + [45] = https://curl.haxx.se/bug/?i=4188 + [46] = https://curl.haxx.se/bug/?i=4258 + [47] = https://curl.haxx.se/bug/?i=4254 + [48] = https://curl.haxx.se/bug/?i=4248 + [49] = https://curl.haxx.se/bug/?i=4245 + [50] = https://curl.haxx.se/bug/?i=4244 + [51] = https://curl.haxx.se/bug/?i=4241 + [52] = https://curl.haxx.se/bug/?i=4230 + [53] = https://curl.haxx.se/bug/?i=4235 + [54] = https://curl.haxx.se/bug/?i=4273 + [55] = https://curl.haxx.se/bug/?i=4250 + [56] = https://curl.haxx.se/bug/?i=4267 + [57] = https://curl.haxx.se/bug/?i=4290 + [58] = https://curl.haxx.se/bug/?i=4289 + [59] = https://curl.haxx.se/bug/?i=4287 + [60] = https://curl.haxx.se/bug/?i=4286 + [61] = https://curl.haxx.se/bug/?i=4283 + [62] = https://curl.haxx.se/bug/?i=4279 + [63] = https://curl.haxx.se/bug/?i=4302 + [64] = https://curl.haxx.se/docs/CVE-2019-5481.html + [65] = https://curl.haxx.se/docs/CVE-2019-5482.html + [66] = https://curl.haxx.se/bug/?i=4307 + [67] = https://curl.haxx.se/bug/?i=4299 + [68] = https://curl.haxx.se/bug/?i=4304 + [69] = https://curl.haxx.se/bug/?i=4315