Upgrade curl to curl-7_72_0

Change-Id: Iff17a59dc7fa5428cf622bdac216aafed9e1d00a

1 files changed, 222 insertions, 43 deletions

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 04aa18bb..363c7c94 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -1,31 +1,119 @@
-curl and libcurl 7.71.1
+curl and libcurl 7.72.0
 
- Public curl releases:         193
+ Public curl releases:         194
  Command line options:         232
  curl_easy_setopt() options:   277
  Public functions in libcurl:  82
- Contributors:                 2210
+ Contributors:                 2239
+
+This release includes the following changes:
+
+ o content_encoding: add zstd decoding support [1]
+ o CURL_PUSH_ERROROUT: allow the push callback to fail the parent stream [31]
+ o CURLINFO_EFFECTIVE_METHOD: added [34]
 
 This release includes the following bugfixes:
 
- o cirrus-ci: disable FreeBSD 13 (again) [14]
- o Curl_inet_ntop: always check the return code [12]
- o CURLOPT_READFUNCTION.3: provide the upload data size up front [5]
- o DYNBUF.md: fix a typo: trail => tail [2]
- o escape: make the URL decode able to reject only %00-bytes
- o escape: zero length input should return a zero length output [11]
- o examples/multithread.c: call curl_global_cleanup() [16]
- o http2: set the correct URL in pushed transfers [9]
- o http: fix proxy auth with blank password [3]
- o mbedtls: fix build with disabled proxy support [7]
- o ngtcp2: sync with current master [15]
- o openssl: Fix compilation on Windows when ngtcp2 is enabled [10]
- o Revert "multi: implement wait using winsock events" [6]
- o sendf: improve the message on client write errors [13]
- o terminology: call them null-terminated strings [1]
- o tool_cb_hdr: Fix etag warning output and return code [4]
- o url: allow user + password to contain "control codes" for HTTP(S) [8]
- o vtls: compare cert blob when finding a connection to reuse [17]
+ o CVE-2020-8231: libcurl: wrong connect-only connection [98]
+ o appveyor: collect libcurl.dll variants with prefix or suffix [38]
+ o asyn-ares: correct some bad comments [94]
+ o bearssl: fix build with disabled proxy support [16]
+ o buildconf: avoid array concatenation in die() [64]
+ o buildconf: retire ares buildconf invocation
+ o checksrc: ban gmtime/localtime [40]
+ o checksrc: invoke script with -D to find .checksrc proper [63]
+ o CI/azure: install libssh2 for use with msys2-based builds [67]
+ o CI/azure: unconditionally enable warnings-as-errors with autotools [19]
+ o CI/macos: enable warnings as errors for CMake builds [4]
+ o CI/macos: set minimum macOS version [56]
+ o CI/macos: unconditionally enable warnings-as-errors with autotools [21]
+ o CI: Add muse CI analyzer [79]
+ o cirrus-ci: upgrade 11-STABLE to 11.4 [2]
+ o CMake: don't complain about missing nroff [87]
+ o CMake: fix test for warning suppressions [17]
+ o cmake: fix windows xp build [13]
+ o configure.ac: Sort features name in summary [6]
+ o configure: allow disabling warnings [26]
+ o configure: cleanup wolfssl + pkg-config conflicts when cross compiling. [48]
+ o configure: show zstd "no" in summary when built without it [49]
+ o connect: remove redundant message about connect failure [66]
+ o curl-config: ignore REQUIRE_LIB_DEPS in --libs output [96]
+ o curl.1: add a few missing valid exit codes [76]
+ o curl: add %{method} to the -w variables
+ o curl: improve the existing file check with -J [43]
+ o curl_multi_setopt: fix compiler warning "result is always false" [42]
+ o curl_version_info.3: CURL_VERSION_KERBEROS4 is deprecated [9]
+ o CURLINFO_CERTINFO.3: fix typo [3]
+ o CURLOPT_NOBODY.3: clarify what setting to 0 means [46]
+ o docs: add date of 7.20 to CURLM_CALL_MULTI_PERFORM mentions [18]
+ o docs: Add video link to docs/CONTRIBUTE.md [95]
+ o docs: change "web site" to "website" [86]
+ o docs: clarify MAX_SEND/RECV_SPEED functionality [92]
+ o docs: Update a few leftover mentions of DarwinSSL [29]
+ o doh: remove redundant cast [20]
+ o file2memory: use a define instead of -1 unsigned value [30]
+ o ftp: don't do ssl_shutdown instead of ssl_close [85]
+ o ftpserver: don't verify SMTP MAIL FROM names [8]
+ o getinfo: reset retry-after value in initinfo [51]
+ o gnutls: repair the build with `CURL_DISABLE_PROXY` [5]
+ o gtls: survive not being able to get name/issuer [73]
+ o h2: repair trailer handling [81]
+ o http2: close the http2 connection when no more requests may be sent [7]
+ o http2: fix nghttp2_strerror -> nghttp2_http2_strerror in debug messages [11]
+ o libssh2: s/ssherr/sftperr/ [78]
+ o libtest/Makefile.am: add -no-undefined for libstubgss for Cygwin [91]
+ o md(4|5): don't use deprecated macOS functions [23]
+ o mprintf: Fix dollar string handling [54]
+ o mprintf: Fix stack overflows [53]
+ o multi: Condition 'extrawait' is always true [60]
+ o multi: Remove 10-year old out-commented code [97]
+ o multi: remove two checks always true [36]
+ o multi: update comment to say easyp list is linear [44]
+ o multi_remove_handle: close unused connect-only connections [62]
+ o ngtcp2: adapt to error code rename [69]
+ o ngtcp2: adjust to recent sockaddr updates [27]
+ o ngtcp2: update to modified qlog callback prototype [14]
+ o nss: fix build with disabled proxy support [32]
+ o ntlm: free target_info before (re-)malloc [55]
+ o openssl: fix build with LibreSSL < 2.9.1 [61]
+ o page-header: provide protocol details in the curl.1 man page [28]
+ o quiche: handle calling disconnect twice [50]
+ o runtests.pl: treat LibreSSL and BoringSSL as OpenSSL [59]
+ o runtests: move the gnutls-serv tests to a dynamic port [74]
+ o runtests: move the smbserver to use a dynamic port number [71]
+ o runtests: move the TELNET server to a dynamic port [68]
+ o runtests: run the DICT server on a random port number [90]
+ o runtests: run the http2 tests on a random port number [72]
+ o runtests: support dynamicly base64 encoded sections in tests [75]
+ o setopt: unset NOBODY switches to GET if still HEAD [47]
+ o smtp_parse_address: handle blank input string properly [89]
+ o socks: use size_t for size variable [39]
+ o strdup: remove the odd strlen check [24]
+ o test1119: verify stdout in the test [33]
+ o test1139: make it display the difference on test failures
+ o test1140: compare stdout [93]
+ o test1908: treat file as text [83]
+ o tests/FILEFORMAT.md: mention %HTTP2PORT
+ o tests/sshserver.pl: fix compatibility with OpenSSH for Windows
+ o TLS naming: fix more Winssl and Darwinssl leftovers [88]
+ o tls-max.d: this option is only for TLS-using connections [45]
+ o tlsv1.3.d. only for TLS-using connections [37]
+ o tool_doswin: Simplify Windows version detection [57]
+ o tool_getparam: make --krb option work again [10]
+ o TrackMemory tests: ignore realloc and free in getenv.c [84]
+ o transfer: fix data_pending for builds with both h2 and h3 enabled [41]
+ o transfer: fix memory-leak with CURLOPT_CURLU in a duped handle [15]
+ o transfer: move retrycount from connect struct to easy handle [77]
+ o travis/script.sh: fix use of `-n' with unquoted envvar [80]
+ o travis: add ppc64le and s390x builds [65]
+ o travis: update quiche builds for new boringssl layout [25]
+ o url: fix CURLU and location following [70]
+ o url: silence MSVC warning [12]
+ o util: silence conversion warnings [22]
+ o win32: Add Curl_verify_windows_version() to curlx [58]
+ o WIN32: stop forcing narrow-character API [52]
+ o windows: add unicode to feature list [35]
+ o windows: disable Unix Sockets for old mingw [82]
 
 This release includes the following known bugs:
 
@@ -34,30 +122,121 @@ This release includes the following known bugs:
 This release would not have looked like this without help, code, reports and
 advice from friends like these:
 
-  Alexandre Pion, Baruch Siach, coinhubs on github, Daniel Stenberg,
-  Denis Baručić, Gergely Nagy, Javier Blazquez, Jonathan Cardoso Machado,
-  Jon Johnson Jr, Kristoffer Gleditsch, Lucien Zürcher, Nicolas Sterchele,
-  qiandu2006 on github, Ray Satiro, Siva Sivaraman, tmkk on github,
-  (16 contributors)
+  Alessandro Ghedini, Alex Kiernan, Baruch Siach, Bevan Weiss, Brian Inglis,
+  BrumBrum on hackerone, Cameron Cawley, Carlo Marcelo Arenas Belón,
+  causal-agent on github, Cherish98 on github, Dan Fandrich, Daniel Gustafsson,
+  Daniel Stenberg, Denis Goleshchikhin, divinity76 on github, Ehren Bendler,
+  Emil Engler, Erik Johansson, Filip Salomonsson, Gilles Vollant, Gisle Vanem,
+  H3RSKO on github, ihsinme on github, Jeremy Maitin-Shepard,
+  joey-l-us on github, Jonathan Cardoso Machado, Jonathan Nieder, Kamil Dudka,
+  Ken Brown, Laramie Leavitt, lilongyan-huawei on github, Marc Aldorasi,
+  Marcel Raad, Marc Hörsken, Masaya Suzuki, Matthias Naegler,
+  Nicolas Sterchele, NobodyXu on github, Peter Wu, ramsay-jones on github,
+  Rasmus Melchior Jacobsen, Ray Satiro, sspiri on github, Stefan Yohansson,
+  Tadej Vengust, Tatsuhiro Tsujikawa, tbugfinder on github,
+  Thomas M. DuBuisson, Tobias Stoeckmann, Tomas Berger, Viktor Szakats,
+  xwxbug on github,
+  (52 contributors)
 
         Thanks! (and sorry if I forgot to mention someone)
 
 References to bug reports and discussions on issues:
 
- [1] = https://curl.haxx.se/bug/?i=5598
- [2] = https://curl.haxx.se/bug/?i=5599
- [3] = https://curl.haxx.se/bug/?i=5613
- [4] = https://curl.haxx.se/bug/?i=5612
- [5] = https://curl.haxx.se/bug/?i=5607
- [6] = https://curl.haxx.se/bug/?i=5631
- [7] = https://curl.haxx.se/bug/?i=5615
- [8] = https://curl.haxx.se/bug/?i=5582
- [9] = https://curl.haxx.se/bug/?i=5589
- [10] = https://curl.haxx.se/bug/?i=5606
- [11] = https://curl.haxx.se/bug/?i=5601
- [12] = https://curl.haxx.se/bug/?i=5412
- [13] = https://curl.haxx.se/bug/?i=5594
- [14] = https://curl.haxx.se/bug/?i=5628
- [15] = https://curl.haxx.se/bug/?i=5624
- [16] = https://curl.haxx.se/bug/?i=5622
- [17] = https://curl.haxx.se/bug/?i=5617
+ [1] = https://curl.haxx.se/bug/?i=5453
+ [2] = https://curl.haxx.se/bug/?i=5668
+ [3] = https://curl.haxx.se/bug/?i=5655
+ [4] = https://curl.haxx.se/bug/?i=5716
+ [5] = https://curl.haxx.se/bug/?i=5645
+ [6] = https://curl.haxx.se/bug/?i=5656
+ [7] = https://curl.haxx.se/bug/?i=5643
+ [8] = https://curl.haxx.se/bug/?i=5639
+ [9] = https://curl.haxx.se/bug/?i=5642
+ [10] = https://bugzilla.redhat.com/1833193
+ [11] = https://curl.haxx.se/bug/?i=5641
+ [12] = https://curl.haxx.se/bug/?i=5638
+ [13] = https://curl.haxx.se/bug/?i=5662
+ [14] = https://curl.haxx.se/bug/?i=5675
+ [15] = https://curl.haxx.se/bug/?i=5665
+ [16] = https://curl.haxx.se/bug/?i=5666
+ [17] = https://curl.haxx.se/bug/?i=5714
+ [18] = https://curl.haxx.se/bug/?i=5744
+ [19] = https://curl.haxx.se/bug/?i=5706
+ [20] = https://curl.haxx.se/bug/?i=5704
+ [21] = https://curl.haxx.se/bug/?i=5694
+ [22] = https://curl.haxx.se/bug/?i=5695
+ [23] = https://curl.haxx.se/bug/?i=5695
+ [24] = https://curl.haxx.se/bug/?i=5697
+ [25] = https://curl.haxx.se/bug/?i=5691
+ [26] = https://curl.haxx.se/bug/?i=5689
+ [27] = https://curl.haxx.se/bug/?i=5690
+ [28] = https://curl.haxx.se/bug/?i=5679
+ [29] = https://curl.haxx.se/bug/?i=5688
+ [30] = https://curl.haxx.se/bug/?i=5683
+ [31] = https://curl.haxx.se/bug/?i=5636
+ [32] = https://curl.haxx.se/bug/?i=5667
+ [33] = https://curl.haxx.se/bug/?i=5644
+ [34] = https://curl.haxx.se/bug/?i=5511
+ [35] = https://curl.haxx.se/bug/?i=5491
+ [36] = https://curl.haxx.se/bug/?i=5676
+ [37] = https://curl.haxx.se/bug/?i=5764
+ [38] = https://curl.haxx.se/bug/?i=5659
+ [39] = https://curl.haxx.se/bug/?i=5654
+ [40] = https://curl.haxx.se/bug/?i=5732
+ [41] = https://curl.haxx.se/bug/?i=5734
+ [42] = https://github.com/curl/curl/commit/61a08508f6a458fe21bbb18cd2a9bac2f039452b#commitcomment-40941232
+ [43] = https://hackerone.com/reports/926638
+ [44] = https://curl.haxx.se/bug/?i=5737
+ [45] = https://curl.haxx.se/bug/?i=5764
+ [46] = https://curl.haxx.se/bug/?i=5729
+ [47] = https://curl.haxx.se/bug/?i=5725
+ [48] = https://curl.haxx.se/bug/?i=5605
+ [49] = https://curl.haxx.se/bug/?i=5720
+ [50] = https://curl.haxx.se/bug/?i=5726
+ [51] = https://curl.haxx.se/bug/?i=5661
+ [52] = https://curl.haxx.se/bug/?i=5658
+ [53] = https://curl.haxx.se/bug/?i=5722
+ [54] = https://curl.haxx.se/bug/?i=5722
+ [55] = https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24379
+ [56] = https://curl.haxx.se/bug/?i=5723
+ [57] = https://curl.haxx.se/bug/?i=5754
+ [58] = https://curl.haxx.se/bug/?i=5754
+ [59] = https://curl.haxx.se/bug/?i=5762
+ [60] = https://curl.haxx.se/bug/?i=5759
+ [61] = https://curl.haxx.se/bug/?i=5757
+ [62] = https://curl.haxx.se/bug/?i=5749
+ [63] = https://curl.haxx.se/bug/?i=5715
+ [64] = https://curl.haxx.se/bug/?i=5701
+ [65] = https://curl.haxx.se/bug/?i=5752
+ [66] = https://curl.haxx.se/bug/?i=5708
+ [67] = https://curl.haxx.se/bug/?i=5721
+ [68] = https://curl.haxx.se/bug/?i=5785
+ [69] = https://curl.haxx.se/bug/?i=5786
+ [70] = https://curl.haxx.se/bug/?i=5709
+ [71] = https://curl.haxx.se/bug/?i=5782
+ [72] = https://curl.haxx.se/bug/?i=5779
+ [73] = https://curl.haxx.se/bug/?i=5778
+ [74] = https://curl.haxx.se/bug/?i=5778
+ [75] = https://curl.haxx.se/bug/?i=5761
+ [76] = https://curl.haxx.se/bug/?i=5777
+ [77] = https://curl.haxx.se/bug/?i=5794
+ [78] = https://github.com/curl/curl/commit/7370b4e39f1390e701f5b68d910c619151daf72b#r41334700
+ [79] = https://curl.haxx.se/bug/?i=5772
+ [80] = https://curl.haxx.se/bug/?i=5773
+ [81] = https://curl.haxx.se/bug/?i=5663
+ [82] = https://curl.haxx.se/bug/?i=5674
+ [83] = https://curl.haxx.se/bug/?i=5767
+ [84] = https://curl.haxx.se/bug/?i=5767
+ [85] = https://curl.haxx.se/bug/?i=5797
+ [86] = https://curl.haxx.se/bug/?i=5822
+ [87] = https://curl.haxx.se/bug/?i=5817
+ [88] = https://curl.haxx.se/bug/?i=5795
+ [89] = https://curl.haxx.se/bug/?i=5792
+ [90] = https://curl.haxx.se/bug/?i=5783
+ [91] = https://curl.haxx.se/bug/?i=5819
+ [92] = https://curl.haxx.se/bug/?i=5788
+ [93] = https://curl.haxx.se/bug/?i=5814
+ [94] = https://curl.haxx.se/bug/?i=5812
+ [95] = https://curl.haxx.se/bug/?i=5811
+ [96] = https://curl.haxx.se/bug/?i=5793
+ [97] = https://curl.haxx.se/bug/?i=5805
+ [98] = https://curl.haxx.se/docs/CVE-2020-8231.html