1- curl and libcurl 7.69.1
1+ curl and libcurl 7.72.0
22
3- Public curl releases: 190
4- Command line options: 230
5- curl_easy_setopt() options: 270
3+ Public curl releases: 194
4+ Command line options: 232
5+ curl_easy_setopt() options: 277
66 Public functions in libcurl: 82
7- Contributors: 2133
7+ Contributors: 2239
8+
9+ This release includes the following changes:
10+
11+ o content_encoding: add zstd decoding support [1]
12+ o CURL_PUSH_ERROROUT: allow the push callback to fail the parent stream [31]
13+ o CURLINFO_EFFECTIVE_METHOD: added [34]
814
915This release includes the following bugfixes:
1016
11- o ares: store dns parameters for duphandle [20]
12- o cirrus-ci: disable the FreeBSD 13 builds [3]
13- o curl_share_setopt.3: Note sharing cookies doesn't enable the engine [11]
14- o lib1564: reduce number of mid-wait wakeup calls [16]
15- o libssh: Fix matching user-specified MD5 hex key [7]
16- o MANUAL: update a dict-using command line
17- o mime: do not perform more than one read in a row [18]
18- o mime: fix the binary encoder to handle large data properly [17]
19- o mime: latch last read callback status [19]
20- o multi: skip EINTR check on wakeup socket if it was closed [12]
21- o pause: bail out on bad input [8]
22- o pause: force a connection recheck after unpausing (take 2) [5]
23- o pause: return early for calls that don't change pause state [10]
24- o runtests.1: rephrase how to specify what tests to run [2]
25- o runtests: fix missing use of exe_ext helper function
26- o seek: fix fall back for missing ftruncate on Windows [4]
27- o sftp: fix segfault regression introduced by #4747 in 7.69.0 [22]
28- o sha256: Added SecureTransport implementation [15]
29- o sha256: Added WinCrypt implementation [15]
30- o socks4: fix host resolve regression [14]
31- o socks5: host name resolv regression fix [6]
32- o tests/server: fix missing use of exe_ext helper function [24]
33- o tests: fix static ip:port instead of dynamic values being used [23]
34- o tests: make sleeping portable by avoiding select [1]
35- o unit1612: fix the inclusion and compilation of the HMAC unit test [9]
36- o urldata: remove the 'stream_was_rewound' connectdata struct member [13]
37- o version: make curl_version* thread-safe without using global context [21]
17+ o CVE-2020-8231: libcurl: wrong connect-only connection [98]
18+ o appveyor: collect libcurl.dll variants with prefix or suffix [38]
19+ o asyn-ares: correct some bad comments [94]
20+ o bearssl: fix build with disabled proxy support [16]
21+ o buildconf: avoid array concatenation in die() [64]
22+ o buildconf: retire ares buildconf invocation
23+ o checksrc: ban gmtime/localtime [40]
24+ o checksrc: invoke script with -D to find .checksrc proper [63]
25+ o CI/azure: install libssh2 for use with msys2-based builds [67]
26+ o CI/azure: unconditionally enable warnings-as-errors with autotools [19]
27+ o CI/macos: enable warnings as errors for CMake builds [4]
28+ o CI/macos: set minimum macOS version [56]
29+ o CI/macos: unconditionally enable warnings-as-errors with autotools [21]
30+ o CI: Add muse CI analyzer [79]
31+ o cirrus-ci: upgrade 11-STABLE to 11.4 [2]
32+ o CMake: don't complain about missing nroff [87]
33+ o CMake: fix test for warning suppressions [17]
34+ o cmake: fix windows xp build [13]
35+ o configure.ac: Sort features name in summary [6]
36+ o configure: allow disabling warnings [26]
37+ o configure: cleanup wolfssl + pkg-config conflicts when cross compiling. [48]
38+ o configure: show zstd "no" in summary when built without it [49]
39+ o connect: remove redundant message about connect failure [66]
40+ o curl-config: ignore REQUIRE_LIB_DEPS in --libs output [96]
41+ o curl.1: add a few missing valid exit codes [76]
42+ o curl: add %{method} to the -w variables
43+ o curl: improve the existing file check with -J [43]
44+ o curl_multi_setopt: fix compiler warning "result is always false" [42]
45+ o curl_version_info.3: CURL_VERSION_KERBEROS4 is deprecated [9]
46+ o CURLINFO_CERTINFO.3: fix typo [3]
47+ o CURLOPT_NOBODY.3: clarify what setting to 0 means [46]
48+ o docs: add date of 7.20 to CURLM_CALL_MULTI_PERFORM mentions [18]
49+ o docs: Add video link to docs/CONTRIBUTE.md [95]
50+ o docs: change "web site" to "website" [86]
51+ o docs: clarify MAX_SEND/RECV_SPEED functionality [92]
52+ o docs: Update a few leftover mentions of DarwinSSL [29]
53+ o doh: remove redundant cast [20]
54+ o file2memory: use a define instead of -1 unsigned value [30]
55+ o ftp: don't do ssl_shutdown instead of ssl_close [85]
56+ o ftpserver: don't verify SMTP MAIL FROM names [8]
57+ o getinfo: reset retry-after value in initinfo [51]
58+ o gnutls: repair the build with `CURL_DISABLE_PROXY` [5]
59+ o gtls: survive not being able to get name/issuer [73]
60+ o h2: repair trailer handling [81]
61+ o http2: close the http2 connection when no more requests may be sent [7]
62+ o http2: fix nghttp2_strerror -> nghttp2_http2_strerror in debug messages [11]
63+ o libssh2: s/ssherr/sftperr/ [78]
64+ o libtest/Makefile.am: add -no-undefined for libstubgss for Cygwin [91]
65+ o md(4|5): don't use deprecated macOS functions [23]
66+ o mprintf: Fix dollar string handling [54]
67+ o mprintf: Fix stack overflows [53]
68+ o multi: Condition 'extrawait' is always true [60]
69+ o multi: Remove 10-year old out-commented code [97]
70+ o multi: remove two checks always true [36]
71+ o multi: update comment to say easyp list is linear [44]
72+ o multi_remove_handle: close unused connect-only connections [62]
73+ o ngtcp2: adapt to error code rename [69]
74+ o ngtcp2: adjust to recent sockaddr updates [27]
75+ o ngtcp2: update to modified qlog callback prototype [14]
76+ o nss: fix build with disabled proxy support [32]
77+ o ntlm: free target_info before (re-)malloc [55]
78+ o openssl: fix build with LibreSSL < 2.9.1 [61]
79+ o page-header: provide protocol details in the curl.1 man page [28]
80+ o quiche: handle calling disconnect twice [50]
81+ o runtests.pl: treat LibreSSL and BoringSSL as OpenSSL [59]
82+ o runtests: move the gnutls-serv tests to a dynamic port [74]
83+ o runtests: move the smbserver to use a dynamic port number [71]
84+ o runtests: move the TELNET server to a dynamic port [68]
85+ o runtests: run the DICT server on a random port number [90]
86+ o runtests: run the http2 tests on a random port number [72]
87+ o runtests: support dynamicly base64 encoded sections in tests [75]
88+ o setopt: unset NOBODY switches to GET if still HEAD [47]
89+ o smtp_parse_address: handle blank input string properly [89]
90+ o socks: use size_t for size variable [39]
91+ o strdup: remove the odd strlen check [24]
92+ o test1119: verify stdout in the test [33]
93+ o test1139: make it display the difference on test failures
94+ o test1140: compare stdout [93]
95+ o test1908: treat file as text [83]
96+ o tests/FILEFORMAT.md: mention %HTTP2PORT
97+ o tests/sshserver.pl: fix compatibility with OpenSSH for Windows
98+ o TLS naming: fix more Winssl and Darwinssl leftovers [88]
99+ o tls-max.d: this option is only for TLS-using connections [45]
100+ o tlsv1.3.d. only for TLS-using connections [37]
101+ o tool_doswin: Simplify Windows version detection [57]
102+ o tool_getparam: make --krb option work again [10]
103+ o TrackMemory tests: ignore realloc and free in getenv.c [84]
104+ o transfer: fix data_pending for builds with both h2 and h3 enabled [41]
105+ o transfer: fix memory-leak with CURLOPT_CURLU in a duped handle [15]
106+ o transfer: move retrycount from connect struct to easy handle [77]
107+ o travis/script.sh: fix use of `-n' with unquoted envvar [80]
108+ o travis: add ppc64le and s390x builds [65]
109+ o travis: update quiche builds for new boringssl layout [25]
110+ o url: fix CURLU and location following [70]
111+ o url: silence MSVC warning [12]
112+ o util: silence conversion warnings [22]
113+ o win32: Add Curl_verify_windows_version() to curlx [58]
114+ o WIN32: stop forcing narrow-character API [52]
115+ o windows: add unicode to feature list [35]
116+ o windows: disable Unix Sockets for old mingw [82]
38117
39118This release includes the following known bugs:
40119
@@ -43,38 +122,121 @@ This release includes the following known bugs:
43122This release would not have looked like this without help, code, reports and
44123advice from friends like these:
45124
46- amishmm on github, Anders Berg, Andy Fiddaman, Christopher Reid,
47- Dan Fandrich, Daniel Stenberg, Ernst Sjöstrand, fds242 on github,
48- Fedor Korotkov, Felipe Gasper, Jim Fuller, Marcel Raad, Marc Hörsken,
49- MrdUkk on github, Patrick Monnerat, Ray Satiro, RuurdBeerstra on github,
50- Steve Holme, vitaha85 on github,
51- (19 contributors)
125+ Alessandro Ghedini, Alex Kiernan, Baruch Siach, Bevan Weiss, Brian Inglis,
126+ BrumBrum on hackerone, Cameron Cawley, Carlo Marcelo Arenas Belón,
127+ causal-agent on github, Cherish98 on github, Dan Fandrich, Daniel Gustafsson,
128+ Daniel Stenberg, Denis Goleshchikhin, divinity76 on github, Ehren Bendler,
129+ Emil Engler, Erik Johansson, Filip Salomonsson, Gilles Vollant, Gisle Vanem,
130+ H3RSKO on github, ihsinme on github, Jeremy Maitin-Shepard,
131+ joey-l-us on github, Jonathan Cardoso Machado, Jonathan Nieder, Kamil Dudka,
132+ Ken Brown, Laramie Leavitt, lilongyan-huawei on github, Marc Aldorasi,
133+ Marcel Raad, Marc Hörsken, Masaya Suzuki, Matthias Naegler,
134+ Nicolas Sterchele, NobodyXu on github, Peter Wu, ramsay-jones on github,
135+ Rasmus Melchior Jacobsen, Ray Satiro, sspiri on github, Stefan Yohansson,
136+ Tadej Vengust, Tatsuhiro Tsujikawa, tbugfinder on github,
137+ Thomas M. DuBuisson, Tobias Stoeckmann, Tomas Berger, Viktor Szakats,
138+ xwxbug on github,
139+ (52 contributors)
52140
53141 Thanks! (and sorry if I forgot to mention someone)
54142
55143References to bug reports and discussions on issues:
56144
57- [1] = https://curl.haxx.se/bug/?i=5035
58- [2] = https://curl.haxx.se/bug/?i=5033
59- [3] = https://curl.haxx.se/bug/?i=5028
60- [4] = https://curl.haxx.se/bug/?i=5055
61- [5] = https://curl.haxx.se/bug/?i=5049
62- [6] = https://curl.haxx.se/bug/?i=5053
63- [7] = https://curl.haxx.se/bug/?i=4971
64- [8] = https://curl.haxx.se/bug/?i=5050
65- [9] = https://curl.haxx.se/bug/?i=5024
66- [10] = https://curl.haxx.se/bug/?i=5026
67- [11] = https://curl.haxx.se/mail/lib-2020-03/0019.html
68- [12] = https://curl.haxx.se/bug/?i=5047
69- [13] = https://curl.haxx.se/bug/?i=5046
70- [14] = https://curl.haxx.se/bug/?i=5061
71- [15] = https://curl.haxx.se/bug/?i=5030
72- [16] = https://curl.haxx.se/bug/?i=5037
73- [17] = https://curl.haxx.se/bug/?i=4860
74- [18] = https://curl.haxx.se/bug/?i=4826
75- [19] = https://curl.haxx.se/bug/?i=4813
76- [20] = https://curl.haxx.se/bug/?i=4893
77- [21] = https://curl.haxx.se/bug/?i=5010
78- [22] = https://curl.haxx.se/bug/?i=5041
79- [23] = https://curl.haxx.se/bug/?i=5065
80- [24] = https://curl.haxx.se/bug/?i=5064
145+ [1] = https://curl.haxx.se/bug/?i=5453
146+ [2] = https://curl.haxx.se/bug/?i=5668
147+ [3] = https://curl.haxx.se/bug/?i=5655
148+ [4] = https://curl.haxx.se/bug/?i=5716
149+ [5] = https://curl.haxx.se/bug/?i=5645
150+ [6] = https://curl.haxx.se/bug/?i=5656
151+ [7] = https://curl.haxx.se/bug/?i=5643
152+ [8] = https://curl.haxx.se/bug/?i=5639
153+ [9] = https://curl.haxx.se/bug/?i=5642
154+ [10] = https://bugzilla.redhat.com/1833193
155+ [11] = https://curl.haxx.se/bug/?i=5641
156+ [12] = https://curl.haxx.se/bug/?i=5638
157+ [13] = https://curl.haxx.se/bug/?i=5662
158+ [14] = https://curl.haxx.se/bug/?i=5675
159+ [15] = https://curl.haxx.se/bug/?i=5665
160+ [16] = https://curl.haxx.se/bug/?i=5666
161+ [17] = https://curl.haxx.se/bug/?i=5714
162+ [18] = https://curl.haxx.se/bug/?i=5744
163+ [19] = https://curl.haxx.se/bug/?i=5706
164+ [20] = https://curl.haxx.se/bug/?i=5704
165+ [21] = https://curl.haxx.se/bug/?i=5694
166+ [22] = https://curl.haxx.se/bug/?i=5695
167+ [23] = https://curl.haxx.se/bug/?i=5695
168+ [24] = https://curl.haxx.se/bug/?i=5697
169+ [25] = https://curl.haxx.se/bug/?i=5691
170+ [26] = https://curl.haxx.se/bug/?i=5689
171+ [27] = https://curl.haxx.se/bug/?i=5690
172+ [28] = https://curl.haxx.se/bug/?i=5679
173+ [29] = https://curl.haxx.se/bug/?i=5688
174+ [30] = https://curl.haxx.se/bug/?i=5683
175+ [31] = https://curl.haxx.se/bug/?i=5636
176+ [32] = https://curl.haxx.se/bug/?i=5667
177+ [33] = https://curl.haxx.se/bug/?i=5644
178+ [34] = https://curl.haxx.se/bug/?i=5511
179+ [35] = https://curl.haxx.se/bug/?i=5491
180+ [36] = https://curl.haxx.se/bug/?i=5676
181+ [37] = https://curl.haxx.se/bug/?i=5764
182+ [38] = https://curl.haxx.se/bug/?i=5659
183+ [39] = https://curl.haxx.se/bug/?i=5654
184+ [40] = https://curl.haxx.se/bug/?i=5732
185+ [41] = https://curl.haxx.se/bug/?i=5734
186+ [42] = https://github.com/curl/curl/commit/61a08508f6a458fe21bbb18cd2a9bac2f039452b#commitcomment-40941232
187+ [43] = https://hackerone.com/reports/926638
188+ [44] = https://curl.haxx.se/bug/?i=5737
189+ [45] = https://curl.haxx.se/bug/?i=5764
190+ [46] = https://curl.haxx.se/bug/?i=5729
191+ [47] = https://curl.haxx.se/bug/?i=5725
192+ [48] = https://curl.haxx.se/bug/?i=5605
193+ [49] = https://curl.haxx.se/bug/?i=5720
194+ [50] = https://curl.haxx.se/bug/?i=5726
195+ [51] = https://curl.haxx.se/bug/?i=5661
196+ [52] = https://curl.haxx.se/bug/?i=5658
197+ [53] = https://curl.haxx.se/bug/?i=5722
198+ [54] = https://curl.haxx.se/bug/?i=5722
199+ [55] = https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24379
200+ [56] = https://curl.haxx.se/bug/?i=5723
201+ [57] = https://curl.haxx.se/bug/?i=5754
202+ [58] = https://curl.haxx.se/bug/?i=5754
203+ [59] = https://curl.haxx.se/bug/?i=5762
204+ [60] = https://curl.haxx.se/bug/?i=5759
205+ [61] = https://curl.haxx.se/bug/?i=5757
206+ [62] = https://curl.haxx.se/bug/?i=5749
207+ [63] = https://curl.haxx.se/bug/?i=5715
208+ [64] = https://curl.haxx.se/bug/?i=5701
209+ [65] = https://curl.haxx.se/bug/?i=5752
210+ [66] = https://curl.haxx.se/bug/?i=5708
211+ [67] = https://curl.haxx.se/bug/?i=5721
212+ [68] = https://curl.haxx.se/bug/?i=5785
213+ [69] = https://curl.haxx.se/bug/?i=5786
214+ [70] = https://curl.haxx.se/bug/?i=5709
215+ [71] = https://curl.haxx.se/bug/?i=5782
216+ [72] = https://curl.haxx.se/bug/?i=5779
217+ [73] = https://curl.haxx.se/bug/?i=5778
218+ [74] = https://curl.haxx.se/bug/?i=5778
219+ [75] = https://curl.haxx.se/bug/?i=5761
220+ [76] = https://curl.haxx.se/bug/?i=5777
221+ [77] = https://curl.haxx.se/bug/?i=5794
222+ [78] = https://github.com/curl/curl/commit/7370b4e39f1390e701f5b68d910c619151daf72b#r41334700
223+ [79] = https://curl.haxx.se/bug/?i=5772
224+ [80] = https://curl.haxx.se/bug/?i=5773
225+ [81] = https://curl.haxx.se/bug/?i=5663
226+ [82] = https://curl.haxx.se/bug/?i=5674
227+ [83] = https://curl.haxx.se/bug/?i=5767
228+ [84] = https://curl.haxx.se/bug/?i=5767
229+ [85] = https://curl.haxx.se/bug/?i=5797
230+ [86] = https://curl.haxx.se/bug/?i=5822
231+ [87] = https://curl.haxx.se/bug/?i=5817
232+ [88] = https://curl.haxx.se/bug/?i=5795
233+ [89] = https://curl.haxx.se/bug/?i=5792
234+ [90] = https://curl.haxx.se/bug/?i=5783
235+ [91] = https://curl.haxx.se/bug/?i=5819
236+ [92] = https://curl.haxx.se/bug/?i=5788
237+ [93] = https://curl.haxx.se/bug/?i=5814
238+ [94] = https://curl.haxx.se/bug/?i=5812
239+ [95] = https://curl.haxx.se/bug/?i=5811
240+ [96] = https://curl.haxx.se/bug/?i=5793
241+ [97] = https://curl.haxx.se/bug/?i=5805
242+ [98] = https://curl.haxx.se/docs/CVE-2020-8231.html
0 commit comments