1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
|
curl and libcurl 7.72.0
Public curl releases: 194
Command line options: 232
curl_easy_setopt() options: 277
Public functions in libcurl: 82
Contributors: 2239
This release includes the following changes:
o content_encoding: add zstd decoding support [1]
o CURL_PUSH_ERROROUT: allow the push callback to fail the parent stream [31]
o CURLINFO_EFFECTIVE_METHOD: added [34]
This release includes the following bugfixes:
o CVE-2020-8231: libcurl: wrong connect-only connection [98]
o appveyor: collect libcurl.dll variants with prefix or suffix [38]
o asyn-ares: correct some bad comments [94]
o bearssl: fix build with disabled proxy support [16]
o buildconf: avoid array concatenation in die() [64]
o buildconf: retire ares buildconf invocation
o checksrc: ban gmtime/localtime [40]
o checksrc: invoke script with -D to find .checksrc proper [63]
o CI/azure: install libssh2 for use with msys2-based builds [67]
o CI/azure: unconditionally enable warnings-as-errors with autotools [19]
o CI/macos: enable warnings as errors for CMake builds [4]
o CI/macos: set minimum macOS version [56]
o CI/macos: unconditionally enable warnings-as-errors with autotools [21]
o CI: Add muse CI analyzer [79]
o cirrus-ci: upgrade 11-STABLE to 11.4 [2]
o CMake: don't complain about missing nroff [87]
o CMake: fix test for warning suppressions [17]
o cmake: fix windows xp build [13]
o configure.ac: Sort features name in summary [6]
o configure: allow disabling warnings [26]
o configure: cleanup wolfssl + pkg-config conflicts when cross compiling. [48]
o configure: show zstd "no" in summary when built without it [49]
o connect: remove redundant message about connect failure [66]
o curl-config: ignore REQUIRE_LIB_DEPS in --libs output [96]
o curl.1: add a few missing valid exit codes [76]
o curl: add %{method} to the -w variables
o curl: improve the existing file check with -J [43]
o curl_multi_setopt: fix compiler warning "result is always false" [42]
o curl_version_info.3: CURL_VERSION_KERBEROS4 is deprecated [9]
o CURLINFO_CERTINFO.3: fix typo [3]
o CURLOPT_NOBODY.3: clarify what setting to 0 means [46]
o docs: add date of 7.20 to CURLM_CALL_MULTI_PERFORM mentions [18]
o docs: Add video link to docs/CONTRIBUTE.md [95]
o docs: change "web site" to "website" [86]
o docs: clarify MAX_SEND/RECV_SPEED functionality [92]
o docs: Update a few leftover mentions of DarwinSSL [29]
o doh: remove redundant cast [20]
o file2memory: use a define instead of -1 unsigned value [30]
o ftp: don't do ssl_shutdown instead of ssl_close [85]
o ftpserver: don't verify SMTP MAIL FROM names [8]
o getinfo: reset retry-after value in initinfo [51]
o gnutls: repair the build with `CURL_DISABLE_PROXY` [5]
o gtls: survive not being able to get name/issuer [73]
o h2: repair trailer handling [81]
o http2: close the http2 connection when no more requests may be sent [7]
o http2: fix nghttp2_strerror -> nghttp2_http2_strerror in debug messages [11]
o libssh2: s/ssherr/sftperr/ [78]
o libtest/Makefile.am: add -no-undefined for libstubgss for Cygwin [91]
o md(4|5): don't use deprecated macOS functions [23]
o mprintf: Fix dollar string handling [54]
o mprintf: Fix stack overflows [53]
o multi: Condition 'extrawait' is always true [60]
o multi: Remove 10-year old out-commented code [97]
o multi: remove two checks always true [36]
o multi: update comment to say easyp list is linear [44]
o multi_remove_handle: close unused connect-only connections [62]
o ngtcp2: adapt to error code rename [69]
o ngtcp2: adjust to recent sockaddr updates [27]
o ngtcp2: update to modified qlog callback prototype [14]
o nss: fix build with disabled proxy support [32]
o ntlm: free target_info before (re-)malloc [55]
o openssl: fix build with LibreSSL < 2.9.1 [61]
o page-header: provide protocol details in the curl.1 man page [28]
o quiche: handle calling disconnect twice [50]
o runtests.pl: treat LibreSSL and BoringSSL as OpenSSL [59]
o runtests: move the gnutls-serv tests to a dynamic port [74]
o runtests: move the smbserver to use a dynamic port number [71]
o runtests: move the TELNET server to a dynamic port [68]
o runtests: run the DICT server on a random port number [90]
o runtests: run the http2 tests on a random port number [72]
o runtests: support dynamicly base64 encoded sections in tests [75]
o setopt: unset NOBODY switches to GET if still HEAD [47]
o smtp_parse_address: handle blank input string properly [89]
o socks: use size_t for size variable [39]
o strdup: remove the odd strlen check [24]
o test1119: verify stdout in the test [33]
o test1139: make it display the difference on test failures
o test1140: compare stdout [93]
o test1908: treat file as text [83]
o tests/FILEFORMAT.md: mention %HTTP2PORT
o tests/sshserver.pl: fix compatibility with OpenSSH for Windows
o TLS naming: fix more Winssl and Darwinssl leftovers [88]
o tls-max.d: this option is only for TLS-using connections [45]
o tlsv1.3.d. only for TLS-using connections [37]
o tool_doswin: Simplify Windows version detection [57]
o tool_getparam: make --krb option work again [10]
o TrackMemory tests: ignore realloc and free in getenv.c [84]
o transfer: fix data_pending for builds with both h2 and h3 enabled [41]
o transfer: fix memory-leak with CURLOPT_CURLU in a duped handle [15]
o transfer: move retrycount from connect struct to easy handle [77]
o travis/script.sh: fix use of `-n' with unquoted envvar [80]
o travis: add ppc64le and s390x builds [65]
o travis: update quiche builds for new boringssl layout [25]
o url: fix CURLU and location following [70]
o url: silence MSVC warning [12]
o util: silence conversion warnings [22]
o win32: Add Curl_verify_windows_version() to curlx [58]
o WIN32: stop forcing narrow-character API [52]
o windows: add unicode to feature list [35]
o windows: disable Unix Sockets for old mingw [82]
This release includes the following known bugs:
o see docs/KNOWN_BUGS (https://curl.haxx.se/docs/knownbugs.html)
This release would not have looked like this without help, code, reports and
advice from friends like these:
Alessandro Ghedini, Alex Kiernan, Baruch Siach, Bevan Weiss, Brian Inglis,
BrumBrum on hackerone, Cameron Cawley, Carlo Marcelo Arenas Belón,
causal-agent on github, Cherish98 on github, Dan Fandrich, Daniel Gustafsson,
Daniel Stenberg, Denis Goleshchikhin, divinity76 on github, Ehren Bendler,
Emil Engler, Erik Johansson, Filip Salomonsson, Gilles Vollant, Gisle Vanem,
H3RSKO on github, ihsinme on github, Jeremy Maitin-Shepard,
joey-l-us on github, Jonathan Cardoso Machado, Jonathan Nieder, Kamil Dudka,
Ken Brown, Laramie Leavitt, lilongyan-huawei on github, Marc Aldorasi,
Marcel Raad, Marc Hörsken, Masaya Suzuki, Matthias Naegler,
Nicolas Sterchele, NobodyXu on github, Peter Wu, ramsay-jones on github,
Rasmus Melchior Jacobsen, Ray Satiro, sspiri on github, Stefan Yohansson,
Tadej Vengust, Tatsuhiro Tsujikawa, tbugfinder on github,
Thomas M. DuBuisson, Tobias Stoeckmann, Tomas Berger, Viktor Szakats,
xwxbug on github,
(52 contributors)
Thanks! (and sorry if I forgot to mention someone)
References to bug reports and discussions on issues:
[1] = https://curl.haxx.se/bug/?i=5453
[2] = https://curl.haxx.se/bug/?i=5668
[3] = https://curl.haxx.se/bug/?i=5655
[4] = https://curl.haxx.se/bug/?i=5716
[5] = https://curl.haxx.se/bug/?i=5645
[6] = https://curl.haxx.se/bug/?i=5656
[7] = https://curl.haxx.se/bug/?i=5643
[8] = https://curl.haxx.se/bug/?i=5639
[9] = https://curl.haxx.se/bug/?i=5642
[10] = https://bugzilla.redhat.com/1833193
[11] = https://curl.haxx.se/bug/?i=5641
[12] = https://curl.haxx.se/bug/?i=5638
[13] = https://curl.haxx.se/bug/?i=5662
[14] = https://curl.haxx.se/bug/?i=5675
[15] = https://curl.haxx.se/bug/?i=5665
[16] = https://curl.haxx.se/bug/?i=5666
[17] = https://curl.haxx.se/bug/?i=5714
[18] = https://curl.haxx.se/bug/?i=5744
[19] = https://curl.haxx.se/bug/?i=5706
[20] = https://curl.haxx.se/bug/?i=5704
[21] = https://curl.haxx.se/bug/?i=5694
[22] = https://curl.haxx.se/bug/?i=5695
[23] = https://curl.haxx.se/bug/?i=5695
[24] = https://curl.haxx.se/bug/?i=5697
[25] = https://curl.haxx.se/bug/?i=5691
[26] = https://curl.haxx.se/bug/?i=5689
[27] = https://curl.haxx.se/bug/?i=5690
[28] = https://curl.haxx.se/bug/?i=5679
[29] = https://curl.haxx.se/bug/?i=5688
[30] = https://curl.haxx.se/bug/?i=5683
[31] = https://curl.haxx.se/bug/?i=5636
[32] = https://curl.haxx.se/bug/?i=5667
[33] = https://curl.haxx.se/bug/?i=5644
[34] = https://curl.haxx.se/bug/?i=5511
[35] = https://curl.haxx.se/bug/?i=5491
[36] = https://curl.haxx.se/bug/?i=5676
[37] = https://curl.haxx.se/bug/?i=5764
[38] = https://curl.haxx.se/bug/?i=5659
[39] = https://curl.haxx.se/bug/?i=5654
[40] = https://curl.haxx.se/bug/?i=5732
[41] = https://curl.haxx.se/bug/?i=5734
[42] = https://github.com/curl/curl/commit/61a08508f6a458fe21bbb18cd2a9bac2f039452b#commitcomment-40941232
[43] = https://hackerone.com/reports/926638
[44] = https://curl.haxx.se/bug/?i=5737
[45] = https://curl.haxx.se/bug/?i=5764
[46] = https://curl.haxx.se/bug/?i=5729
[47] = https://curl.haxx.se/bug/?i=5725
[48] = https://curl.haxx.se/bug/?i=5605
[49] = https://curl.haxx.se/bug/?i=5720
[50] = https://curl.haxx.se/bug/?i=5726
[51] = https://curl.haxx.se/bug/?i=5661
[52] = https://curl.haxx.se/bug/?i=5658
[53] = https://curl.haxx.se/bug/?i=5722
[54] = https://curl.haxx.se/bug/?i=5722
[55] = https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24379
[56] = https://curl.haxx.se/bug/?i=5723
[57] = https://curl.haxx.se/bug/?i=5754
[58] = https://curl.haxx.se/bug/?i=5754
[59] = https://curl.haxx.se/bug/?i=5762
[60] = https://curl.haxx.se/bug/?i=5759
[61] = https://curl.haxx.se/bug/?i=5757
[62] = https://curl.haxx.se/bug/?i=5749
[63] = https://curl.haxx.se/bug/?i=5715
[64] = https://curl.haxx.se/bug/?i=5701
[65] = https://curl.haxx.se/bug/?i=5752
[66] = https://curl.haxx.se/bug/?i=5708
[67] = https://curl.haxx.se/bug/?i=5721
[68] = https://curl.haxx.se/bug/?i=5785
[69] = https://curl.haxx.se/bug/?i=5786
[70] = https://curl.haxx.se/bug/?i=5709
[71] = https://curl.haxx.se/bug/?i=5782
[72] = https://curl.haxx.se/bug/?i=5779
[73] = https://curl.haxx.se/bug/?i=5778
[74] = https://curl.haxx.se/bug/?i=5778
[75] = https://curl.haxx.se/bug/?i=5761
[76] = https://curl.haxx.se/bug/?i=5777
[77] = https://curl.haxx.se/bug/?i=5794
[78] = https://github.com/curl/curl/commit/7370b4e39f1390e701f5b68d910c619151daf72b#r41334700
[79] = https://curl.haxx.se/bug/?i=5772
[80] = https://curl.haxx.se/bug/?i=5773
[81] = https://curl.haxx.se/bug/?i=5663
[82] = https://curl.haxx.se/bug/?i=5674
[83] = https://curl.haxx.se/bug/?i=5767
[84] = https://curl.haxx.se/bug/?i=5767
[85] = https://curl.haxx.se/bug/?i=5797
[86] = https://curl.haxx.se/bug/?i=5822
[87] = https://curl.haxx.se/bug/?i=5817
[88] = https://curl.haxx.se/bug/?i=5795
[89] = https://curl.haxx.se/bug/?i=5792
[90] = https://curl.haxx.se/bug/?i=5783
[91] = https://curl.haxx.se/bug/?i=5819
[92] = https://curl.haxx.se/bug/?i=5788
[93] = https://curl.haxx.se/bug/?i=5814
[94] = https://curl.haxx.se/bug/?i=5812
[95] = https://curl.haxx.se/bug/?i=5811
[96] = https://curl.haxx.se/bug/?i=5793
[97] = https://curl.haxx.se/bug/?i=5805
[98] = https://curl.haxx.se/docs/CVE-2020-8231.html
|
