diff options
author | Haibo Huang <hhb@google.com> | 2020-08-19 13:00:07 -0700 |
---|---|---|
committer | Haibo Huang <hhb@google.com> | 2020-09-09 07:04:53 +0000 |
commit | c3c04f457bfe878abba216d3e76c08b65fc22694 (patch) | |
tree | 89b0208ca55971e6700beb987bc77fab72a9c67f /RELEASE-NOTES | |
parent | 9aa1a64cabedcc41f8be6608e0ee872b56c454a3 (diff) | |
download | external_curl-c3c04f457bfe878abba216d3e76c08b65fc22694.tar.gz external_curl-c3c04f457bfe878abba216d3e76c08b65fc22694.tar.bz2 external_curl-c3c04f457bfe878abba216d3e76c08b65fc22694.zip |
Upgrade curl to curl-7_72_0
Change-Id: Iff17a59dc7fa5428cf622bdac216aafed9e1d00a
Diffstat (limited to 'RELEASE-NOTES')
-rw-r--r-- | RELEASE-NOTES | 265 |
1 files changed, 222 insertions, 43 deletions
diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 04aa18bb..363c7c94 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -1,31 +1,119 @@ -curl and libcurl 7.71.1 +curl and libcurl 7.72.0 - Public curl releases: 193 + Public curl releases: 194 Command line options: 232 curl_easy_setopt() options: 277 Public functions in libcurl: 82 - Contributors: 2210 + Contributors: 2239 + +This release includes the following changes: + + o content_encoding: add zstd decoding support [1] + o CURL_PUSH_ERROROUT: allow the push callback to fail the parent stream [31] + o CURLINFO_EFFECTIVE_METHOD: added [34] This release includes the following bugfixes: - o cirrus-ci: disable FreeBSD 13 (again) [14] - o Curl_inet_ntop: always check the return code [12] - o CURLOPT_READFUNCTION.3: provide the upload data size up front [5] - o DYNBUF.md: fix a typo: trail => tail [2] - o escape: make the URL decode able to reject only %00-bytes - o escape: zero length input should return a zero length output [11] - o examples/multithread.c: call curl_global_cleanup() [16] - o http2: set the correct URL in pushed transfers [9] - o http: fix proxy auth with blank password [3] - o mbedtls: fix build with disabled proxy support [7] - o ngtcp2: sync with current master [15] - o openssl: Fix compilation on Windows when ngtcp2 is enabled [10] - o Revert "multi: implement wait using winsock events" [6] - o sendf: improve the message on client write errors [13] - o terminology: call them null-terminated strings [1] - o tool_cb_hdr: Fix etag warning output and return code [4] - o url: allow user + password to contain "control codes" for HTTP(S) [8] - o vtls: compare cert blob when finding a connection to reuse [17] + o CVE-2020-8231: libcurl: wrong connect-only connection [98] + o appveyor: collect libcurl.dll variants with prefix or suffix [38] + o asyn-ares: correct some bad comments [94] + o bearssl: fix build with disabled proxy support [16] + o buildconf: avoid array concatenation in die() [64] + o buildconf: retire ares buildconf invocation + o checksrc: ban gmtime/localtime [40] + o checksrc: invoke script with -D to find .checksrc proper [63] + o CI/azure: install libssh2 for use with msys2-based builds [67] + o CI/azure: unconditionally enable warnings-as-errors with autotools [19] + o CI/macos: enable warnings as errors for CMake builds [4] + o CI/macos: set minimum macOS version [56] + o CI/macos: unconditionally enable warnings-as-errors with autotools [21] + o CI: Add muse CI analyzer [79] + o cirrus-ci: upgrade 11-STABLE to 11.4 [2] + o CMake: don't complain about missing nroff [87] + o CMake: fix test for warning suppressions [17] + o cmake: fix windows xp build [13] + o configure.ac: Sort features name in summary [6] + o configure: allow disabling warnings [26] + o configure: cleanup wolfssl + pkg-config conflicts when cross compiling. [48] + o configure: show zstd "no" in summary when built without it [49] + o connect: remove redundant message about connect failure [66] + o curl-config: ignore REQUIRE_LIB_DEPS in --libs output [96] + o curl.1: add a few missing valid exit codes [76] + o curl: add %{method} to the -w variables + o curl: improve the existing file check with -J [43] + o curl_multi_setopt: fix compiler warning "result is always false" [42] + o curl_version_info.3: CURL_VERSION_KERBEROS4 is deprecated [9] + o CURLINFO_CERTINFO.3: fix typo [3] + o CURLOPT_NOBODY.3: clarify what setting to 0 means [46] + o docs: add date of 7.20 to CURLM_CALL_MULTI_PERFORM mentions [18] + o docs: Add video link to docs/CONTRIBUTE.md [95] + o docs: change "web site" to "website" [86] + o docs: clarify MAX_SEND/RECV_SPEED functionality [92] + o docs: Update a few leftover mentions of DarwinSSL [29] + o doh: remove redundant cast [20] + o file2memory: use a define instead of -1 unsigned value [30] + o ftp: don't do ssl_shutdown instead of ssl_close [85] + o ftpserver: don't verify SMTP MAIL FROM names [8] + o getinfo: reset retry-after value in initinfo [51] + o gnutls: repair the build with `CURL_DISABLE_PROXY` [5] + o gtls: survive not being able to get name/issuer [73] + o h2: repair trailer handling [81] + o http2: close the http2 connection when no more requests may be sent [7] + o http2: fix nghttp2_strerror -> nghttp2_http2_strerror in debug messages [11] + o libssh2: s/ssherr/sftperr/ [78] + o libtest/Makefile.am: add -no-undefined for libstubgss for Cygwin [91] + o md(4|5): don't use deprecated macOS functions [23] + o mprintf: Fix dollar string handling [54] + o mprintf: Fix stack overflows [53] + o multi: Condition 'extrawait' is always true [60] + o multi: Remove 10-year old out-commented code [97] + o multi: remove two checks always true [36] + o multi: update comment to say easyp list is linear [44] + o multi_remove_handle: close unused connect-only connections [62] + o ngtcp2: adapt to error code rename [69] + o ngtcp2: adjust to recent sockaddr updates [27] + o ngtcp2: update to modified qlog callback prototype [14] + o nss: fix build with disabled proxy support [32] + o ntlm: free target_info before (re-)malloc [55] + o openssl: fix build with LibreSSL < 2.9.1 [61] + o page-header: provide protocol details in the curl.1 man page [28] + o quiche: handle calling disconnect twice [50] + o runtests.pl: treat LibreSSL and BoringSSL as OpenSSL [59] + o runtests: move the gnutls-serv tests to a dynamic port [74] + o runtests: move the smbserver to use a dynamic port number [71] + o runtests: move the TELNET server to a dynamic port [68] + o runtests: run the DICT server on a random port number [90] + o runtests: run the http2 tests on a random port number [72] + o runtests: support dynamicly base64 encoded sections in tests [75] + o setopt: unset NOBODY switches to GET if still HEAD [47] + o smtp_parse_address: handle blank input string properly [89] + o socks: use size_t for size variable [39] + o strdup: remove the odd strlen check [24] + o test1119: verify stdout in the test [33] + o test1139: make it display the difference on test failures + o test1140: compare stdout [93] + o test1908: treat file as text [83] + o tests/FILEFORMAT.md: mention %HTTP2PORT + o tests/sshserver.pl: fix compatibility with OpenSSH for Windows + o TLS naming: fix more Winssl and Darwinssl leftovers [88] + o tls-max.d: this option is only for TLS-using connections [45] + o tlsv1.3.d. only for TLS-using connections [37] + o tool_doswin: Simplify Windows version detection [57] + o tool_getparam: make --krb option work again [10] + o TrackMemory tests: ignore realloc and free in getenv.c [84] + o transfer: fix data_pending for builds with both h2 and h3 enabled [41] + o transfer: fix memory-leak with CURLOPT_CURLU in a duped handle [15] + o transfer: move retrycount from connect struct to easy handle [77] + o travis/script.sh: fix use of `-n' with unquoted envvar [80] + o travis: add ppc64le and s390x builds [65] + o travis: update quiche builds for new boringssl layout [25] + o url: fix CURLU and location following [70] + o url: silence MSVC warning [12] + o util: silence conversion warnings [22] + o win32: Add Curl_verify_windows_version() to curlx [58] + o WIN32: stop forcing narrow-character API [52] + o windows: add unicode to feature list [35] + o windows: disable Unix Sockets for old mingw [82] This release includes the following known bugs: @@ -34,30 +122,121 @@ This release includes the following known bugs: This release would not have looked like this without help, code, reports and advice from friends like these: - Alexandre Pion, Baruch Siach, coinhubs on github, Daniel Stenberg, - Denis Baručić, Gergely Nagy, Javier Blazquez, Jonathan Cardoso Machado, - Jon Johnson Jr, Kristoffer Gleditsch, Lucien Zürcher, Nicolas Sterchele, - qiandu2006 on github, Ray Satiro, Siva Sivaraman, tmkk on github, - (16 contributors) + Alessandro Ghedini, Alex Kiernan, Baruch Siach, Bevan Weiss, Brian Inglis, + BrumBrum on hackerone, Cameron Cawley, Carlo Marcelo Arenas Belón, + causal-agent on github, Cherish98 on github, Dan Fandrich, Daniel Gustafsson, + Daniel Stenberg, Denis Goleshchikhin, divinity76 on github, Ehren Bendler, + Emil Engler, Erik Johansson, Filip Salomonsson, Gilles Vollant, Gisle Vanem, + H3RSKO on github, ihsinme on github, Jeremy Maitin-Shepard, + joey-l-us on github, Jonathan Cardoso Machado, Jonathan Nieder, Kamil Dudka, + Ken Brown, Laramie Leavitt, lilongyan-huawei on github, Marc Aldorasi, + Marcel Raad, Marc Hörsken, Masaya Suzuki, Matthias Naegler, + Nicolas Sterchele, NobodyXu on github, Peter Wu, ramsay-jones on github, + Rasmus Melchior Jacobsen, Ray Satiro, sspiri on github, Stefan Yohansson, + Tadej Vengust, Tatsuhiro Tsujikawa, tbugfinder on github, + Thomas M. DuBuisson, Tobias Stoeckmann, Tomas Berger, Viktor Szakats, + xwxbug on github, + (52 contributors) Thanks! (and sorry if I forgot to mention someone) References to bug reports and discussions on issues: - [1] = https://curl.haxx.se/bug/?i=5598 - [2] = https://curl.haxx.se/bug/?i=5599 - [3] = https://curl.haxx.se/bug/?i=5613 - [4] = https://curl.haxx.se/bug/?i=5612 - [5] = https://curl.haxx.se/bug/?i=5607 - [6] = https://curl.haxx.se/bug/?i=5631 - [7] = https://curl.haxx.se/bug/?i=5615 - [8] = https://curl.haxx.se/bug/?i=5582 - [9] = https://curl.haxx.se/bug/?i=5589 - [10] = https://curl.haxx.se/bug/?i=5606 - [11] = https://curl.haxx.se/bug/?i=5601 - [12] = https://curl.haxx.se/bug/?i=5412 - [13] = https://curl.haxx.se/bug/?i=5594 - [14] = https://curl.haxx.se/bug/?i=5628 - [15] = https://curl.haxx.se/bug/?i=5624 - [16] = https://curl.haxx.se/bug/?i=5622 - [17] = https://curl.haxx.se/bug/?i=5617 + [1] = https://curl.haxx.se/bug/?i=5453 + [2] = https://curl.haxx.se/bug/?i=5668 + [3] = https://curl.haxx.se/bug/?i=5655 + [4] = https://curl.haxx.se/bug/?i=5716 + [5] = https://curl.haxx.se/bug/?i=5645 + [6] = https://curl.haxx.se/bug/?i=5656 + [7] = https://curl.haxx.se/bug/?i=5643 + [8] = https://curl.haxx.se/bug/?i=5639 + [9] = https://curl.haxx.se/bug/?i=5642 + [10] = https://bugzilla.redhat.com/1833193 + [11] = https://curl.haxx.se/bug/?i=5641 + [12] = https://curl.haxx.se/bug/?i=5638 + [13] = https://curl.haxx.se/bug/?i=5662 + [14] = https://curl.haxx.se/bug/?i=5675 + [15] = https://curl.haxx.se/bug/?i=5665 + [16] = https://curl.haxx.se/bug/?i=5666 + [17] = https://curl.haxx.se/bug/?i=5714 + [18] = https://curl.haxx.se/bug/?i=5744 + [19] = https://curl.haxx.se/bug/?i=5706 + [20] = https://curl.haxx.se/bug/?i=5704 + [21] = https://curl.haxx.se/bug/?i=5694 + [22] = https://curl.haxx.se/bug/?i=5695 + [23] = https://curl.haxx.se/bug/?i=5695 + [24] = https://curl.haxx.se/bug/?i=5697 + [25] = https://curl.haxx.se/bug/?i=5691 + [26] = https://curl.haxx.se/bug/?i=5689 + [27] = https://curl.haxx.se/bug/?i=5690 + [28] = https://curl.haxx.se/bug/?i=5679 + [29] = https://curl.haxx.se/bug/?i=5688 + [30] = https://curl.haxx.se/bug/?i=5683 + [31] = https://curl.haxx.se/bug/?i=5636 + [32] = https://curl.haxx.se/bug/?i=5667 + [33] = https://curl.haxx.se/bug/?i=5644 + [34] = https://curl.haxx.se/bug/?i=5511 + [35] = https://curl.haxx.se/bug/?i=5491 + [36] = https://curl.haxx.se/bug/?i=5676 + [37] = https://curl.haxx.se/bug/?i=5764 + [38] = https://curl.haxx.se/bug/?i=5659 + [39] = https://curl.haxx.se/bug/?i=5654 + [40] = https://curl.haxx.se/bug/?i=5732 + [41] = https://curl.haxx.se/bug/?i=5734 + [42] = https://github.com/curl/curl/commit/61a08508f6a458fe21bbb18cd2a9bac2f039452b#commitcomment-40941232 + [43] = https://hackerone.com/reports/926638 + [44] = https://curl.haxx.se/bug/?i=5737 + [45] = https://curl.haxx.se/bug/?i=5764 + [46] = https://curl.haxx.se/bug/?i=5729 + [47] = https://curl.haxx.se/bug/?i=5725 + [48] = https://curl.haxx.se/bug/?i=5605 + [49] = https://curl.haxx.se/bug/?i=5720 + [50] = https://curl.haxx.se/bug/?i=5726 + [51] = https://curl.haxx.se/bug/?i=5661 + [52] = https://curl.haxx.se/bug/?i=5658 + [53] = https://curl.haxx.se/bug/?i=5722 + [54] = https://curl.haxx.se/bug/?i=5722 + [55] = https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24379 + [56] = https://curl.haxx.se/bug/?i=5723 + [57] = https://curl.haxx.se/bug/?i=5754 + [58] = https://curl.haxx.se/bug/?i=5754 + [59] = https://curl.haxx.se/bug/?i=5762 + [60] = https://curl.haxx.se/bug/?i=5759 + [61] = https://curl.haxx.se/bug/?i=5757 + [62] = https://curl.haxx.se/bug/?i=5749 + [63] = https://curl.haxx.se/bug/?i=5715 + [64] = https://curl.haxx.se/bug/?i=5701 + [65] = https://curl.haxx.se/bug/?i=5752 + [66] = https://curl.haxx.se/bug/?i=5708 + [67] = https://curl.haxx.se/bug/?i=5721 + [68] = https://curl.haxx.se/bug/?i=5785 + [69] = https://curl.haxx.se/bug/?i=5786 + [70] = https://curl.haxx.se/bug/?i=5709 + [71] = https://curl.haxx.se/bug/?i=5782 + [72] = https://curl.haxx.se/bug/?i=5779 + [73] = https://curl.haxx.se/bug/?i=5778 + [74] = https://curl.haxx.se/bug/?i=5778 + [75] = https://curl.haxx.se/bug/?i=5761 + [76] = https://curl.haxx.se/bug/?i=5777 + [77] = https://curl.haxx.se/bug/?i=5794 + [78] = https://github.com/curl/curl/commit/7370b4e39f1390e701f5b68d910c619151daf72b#r41334700 + [79] = https://curl.haxx.se/bug/?i=5772 + [80] = https://curl.haxx.se/bug/?i=5773 + [81] = https://curl.haxx.se/bug/?i=5663 + [82] = https://curl.haxx.se/bug/?i=5674 + [83] = https://curl.haxx.se/bug/?i=5767 + [84] = https://curl.haxx.se/bug/?i=5767 + [85] = https://curl.haxx.se/bug/?i=5797 + [86] = https://curl.haxx.se/bug/?i=5822 + [87] = https://curl.haxx.se/bug/?i=5817 + [88] = https://curl.haxx.se/bug/?i=5795 + [89] = https://curl.haxx.se/bug/?i=5792 + [90] = https://curl.haxx.se/bug/?i=5783 + [91] = https://curl.haxx.se/bug/?i=5819 + [92] = https://curl.haxx.se/bug/?i=5788 + [93] = https://curl.haxx.se/bug/?i=5814 + [94] = https://curl.haxx.se/bug/?i=5812 + [95] = https://curl.haxx.se/bug/?i=5811 + [96] = https://curl.haxx.se/bug/?i=5793 + [97] = https://curl.haxx.se/bug/?i=5805 + [98] = https://curl.haxx.se/docs/CVE-2020-8231.html |