diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 363c7c947..f49d68770 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -1,119 +1,18 @@ -curl and libcurl 7.72.0 +curl and libcurl 7.72.1 - Public curl releases: 194 + Public curl releases: 195 Command line options: 232 curl_easy_setopt() options: 277 Public functions in libcurl: 82 - Contributors: 2239 + Contributors: 2240 This release includes the following changes: - o content_encoding: add zstd decoding support [1] - o CURL_PUSH_ERROROUT: allow the push callback to fail the parent stream [31] - o CURLINFO_EFFECTIVE_METHOD: added [34] + o This release includes the following bugfixes: - o CVE-2020-8231: libcurl: wrong connect-only connection [98] - o appveyor: collect libcurl.dll variants with prefix or suffix [38] - o asyn-ares: correct some bad comments [94] - o bearssl: fix build with disabled proxy support [16] - o buildconf: avoid array concatenation in die() [64] - o buildconf: retire ares buildconf invocation - o checksrc: ban gmtime/localtime [40] - o checksrc: invoke script with -D to find .checksrc proper [63] - o CI/azure: install libssh2 for use with msys2-based builds [67] - o CI/azure: unconditionally enable warnings-as-errors with autotools [19] - o CI/macos: enable warnings as errors for CMake builds [4] - o CI/macos: set minimum macOS version [56] - o CI/macos: unconditionally enable warnings-as-errors with autotools [21] - o CI: Add muse CI analyzer [79] - o cirrus-ci: upgrade 11-STABLE to 11.4 [2] - o CMake: don't complain about missing nroff [87] - o CMake: fix test for warning suppressions [17] - o cmake: fix windows xp build [13] - o configure.ac: Sort features name in summary [6] - o configure: allow disabling warnings [26] - o configure: cleanup wolfssl + pkg-config conflicts when cross compiling. [48] - o configure: show zstd "no" in summary when built without it [49] - o connect: remove redundant message about connect failure [66] - o curl-config: ignore REQUIRE_LIB_DEPS in --libs output [96] - o curl.1: add a few missing valid exit codes [76] - o curl: add %{method} to the -w variables - o curl: improve the existing file check with -J [43] - o curl_multi_setopt: fix compiler warning "result is always false" [42] - o curl_version_info.3: CURL_VERSION_KERBEROS4 is deprecated [9] - o CURLINFO_CERTINFO.3: fix typo [3] - o CURLOPT_NOBODY.3: clarify what setting to 0 means [46] - o docs: add date of 7.20 to CURLM_CALL_MULTI_PERFORM mentions [18] - o docs: Add video link to docs/CONTRIBUTE.md [95] - o docs: change "web site" to "website" [86] - o docs: clarify MAX_SEND/RECV_SPEED functionality [92] - o docs: Update a few leftover mentions of DarwinSSL [29] - o doh: remove redundant cast [20] - o file2memory: use a define instead of -1 unsigned value [30] - o ftp: don't do ssl_shutdown instead of ssl_close [85] - o ftpserver: don't verify SMTP MAIL FROM names [8] - o getinfo: reset retry-after value in initinfo [51] - o gnutls: repair the build with `CURL_DISABLE_PROXY` [5] - o gtls: survive not being able to get name/issuer [73] - o h2: repair trailer handling [81] - o http2: close the http2 connection when no more requests may be sent [7] - o http2: fix nghttp2_strerror -> nghttp2_http2_strerror in debug messages [11] - o libssh2: s/ssherr/sftperr/ [78] - o libtest/Makefile.am: add -no-undefined for libstubgss for Cygwin [91] - o md(4|5): don't use deprecated macOS functions [23] - o mprintf: Fix dollar string handling [54] - o mprintf: Fix stack overflows [53] - o multi: Condition 'extrawait' is always true [60] - o multi: Remove 10-year old out-commented code [97] - o multi: remove two checks always true [36] - o multi: update comment to say easyp list is linear [44] - o multi_remove_handle: close unused connect-only connections [62] - o ngtcp2: adapt to error code rename [69] - o ngtcp2: adjust to recent sockaddr updates [27] - o ngtcp2: update to modified qlog callback prototype [14] - o nss: fix build with disabled proxy support [32] - o ntlm: free target_info before (re-)malloc [55] - o openssl: fix build with LibreSSL < 2.9.1 [61] - o page-header: provide protocol details in the curl.1 man page [28] - o quiche: handle calling disconnect twice [50] - o runtests.pl: treat LibreSSL and BoringSSL as OpenSSL [59] - o runtests: move the gnutls-serv tests to a dynamic port [74] - o runtests: move the smbserver to use a dynamic port number [71] - o runtests: move the TELNET server to a dynamic port [68] - o runtests: run the DICT server on a random port number [90] - o runtests: run the http2 tests on a random port number [72] - o runtests: support dynamicly base64 encoded sections in tests [75] - o setopt: unset NOBODY switches to GET if still HEAD [47] - o smtp_parse_address: handle blank input string properly [89] - o socks: use size_t for size variable [39] - o strdup: remove the odd strlen check [24] - o test1119: verify stdout in the test [33] - o test1139: make it display the difference on test failures - o test1140: compare stdout [93] - o test1908: treat file as text [83] - o tests/FILEFORMAT.md: mention %HTTP2PORT - o tests/sshserver.pl: fix compatibility with OpenSSH for Windows - o TLS naming: fix more Winssl and Darwinssl leftovers [88] - o tls-max.d: this option is only for TLS-using connections [45] - o tlsv1.3.d. only for TLS-using connections [37] - o tool_doswin: Simplify Windows version detection [57] - o tool_getparam: make --krb option work again [10] - o TrackMemory tests: ignore realloc and free in getenv.c [84] - o transfer: fix data_pending for builds with both h2 and h3 enabled [41] - o transfer: fix memory-leak with CURLOPT_CURLU in a duped handle [15] - o transfer: move retrycount from connect struct to easy handle [77] - o travis/script.sh: fix use of `-n' with unquoted envvar [80] - o travis: add ppc64le and s390x builds [65] - o travis: update quiche builds for new boringssl layout [25] - o url: fix CURLU and location following [70] - o url: silence MSVC warning [12] - o util: silence conversion warnings [22] - o win32: Add Curl_verify_windows_version() to curlx [58] - o WIN32: stop forcing narrow-character API [52] - o windows: add unicode to feature list [35] - o windows: disable Unix Sockets for old mingw [82] + o tls: provide the CApath verbose log on its own line [1] This release includes the following known bugs: @@ -122,121 +21,11 @@ This release includes the following known bugs: This release would not have looked like this without help, code, reports and advice from friends like these: - Alessandro Ghedini, Alex Kiernan, Baruch Siach, Bevan Weiss, Brian Inglis, - BrumBrum on hackerone, Cameron Cawley, Carlo Marcelo Arenas Belón, - causal-agent on github, Cherish98 on github, Dan Fandrich, Daniel Gustafsson, - Daniel Stenberg, Denis Goleshchikhin, divinity76 on github, Ehren Bendler, - Emil Engler, Erik Johansson, Filip Salomonsson, Gilles Vollant, Gisle Vanem, - H3RSKO on github, ihsinme on github, Jeremy Maitin-Shepard, - joey-l-us on github, Jonathan Cardoso Machado, Jonathan Nieder, Kamil Dudka, - Ken Brown, Laramie Leavitt, lilongyan-huawei on github, Marc Aldorasi, - Marcel Raad, Marc Hörsken, Masaya Suzuki, Matthias Naegler, - Nicolas Sterchele, NobodyXu on github, Peter Wu, ramsay-jones on github, - Rasmus Melchior Jacobsen, Ray Satiro, sspiri on github, Stefan Yohansson, - Tadej Vengust, Tatsuhiro Tsujikawa, tbugfinder on github, - Thomas M. DuBuisson, Tobias Stoeckmann, Tomas Berger, Viktor Szakats, - xwxbug on github, - (52 contributors) + Daniel Stenberg, jmdavitt on github, Viktor Szakats, + (3 contributors) Thanks! (and sorry if I forgot to mention someone) References to bug reports and discussions on issues: - [1] = https://curl.haxx.se/bug/?i=5453 - [2] = https://curl.haxx.se/bug/?i=5668 - [3] = https://curl.haxx.se/bug/?i=5655 - [4] = https://curl.haxx.se/bug/?i=5716 - [5] = https://curl.haxx.se/bug/?i=5645 - [6] = https://curl.haxx.se/bug/?i=5656 - [7] = https://curl.haxx.se/bug/?i=5643 - [8] = https://curl.haxx.se/bug/?i=5639 - [9] = https://curl.haxx.se/bug/?i=5642 - [10] = https://bugzilla.redhat.com/1833193 - [11] = https://curl.haxx.se/bug/?i=5641 - [12] = https://curl.haxx.se/bug/?i=5638 - [13] = https://curl.haxx.se/bug/?i=5662 - [14] = https://curl.haxx.se/bug/?i=5675 - [15] = https://curl.haxx.se/bug/?i=5665 - [16] = https://curl.haxx.se/bug/?i=5666 - [17] = https://curl.haxx.se/bug/?i=5714 - [18] = https://curl.haxx.se/bug/?i=5744 - [19] = https://curl.haxx.se/bug/?i=5706 - [20] = https://curl.haxx.se/bug/?i=5704 - [21] = https://curl.haxx.se/bug/?i=5694 - [22] = https://curl.haxx.se/bug/?i=5695 - [23] = https://curl.haxx.se/bug/?i=5695 - [24] = https://curl.haxx.se/bug/?i=5697 - [25] = https://curl.haxx.se/bug/?i=5691 - [26] = https://curl.haxx.se/bug/?i=5689 - [27] = https://curl.haxx.se/bug/?i=5690 - [28] = https://curl.haxx.se/bug/?i=5679 - [29] = https://curl.haxx.se/bug/?i=5688 - [30] = https://curl.haxx.se/bug/?i=5683 - [31] = https://curl.haxx.se/bug/?i=5636 - [32] = https://curl.haxx.se/bug/?i=5667 - [33] = https://curl.haxx.se/bug/?i=5644 - [34] = https://curl.haxx.se/bug/?i=5511 - [35] = https://curl.haxx.se/bug/?i=5491 - [36] = https://curl.haxx.se/bug/?i=5676 - [37] = https://curl.haxx.se/bug/?i=5764 - [38] = https://curl.haxx.se/bug/?i=5659 - [39] = https://curl.haxx.se/bug/?i=5654 - [40] = https://curl.haxx.se/bug/?i=5732 - [41] = https://curl.haxx.se/bug/?i=5734 - [42] = https://github.com/curl/curl/commit/61a08508f6a458fe21bbb18cd2a9bac2f039452b#commitcomment-40941232 - [43] = https://hackerone.com/reports/926638 - [44] = https://curl.haxx.se/bug/?i=5737 - [45] = https://curl.haxx.se/bug/?i=5764 - [46] = https://curl.haxx.se/bug/?i=5729 - [47] = https://curl.haxx.se/bug/?i=5725 - [48] = https://curl.haxx.se/bug/?i=5605 - [49] = https://curl.haxx.se/bug/?i=5720 - [50] = https://curl.haxx.se/bug/?i=5726 - [51] = https://curl.haxx.se/bug/?i=5661 - [52] = https://curl.haxx.se/bug/?i=5658 - [53] = https://curl.haxx.se/bug/?i=5722 - [54] = https://curl.haxx.se/bug/?i=5722 - [55] = https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24379 - [56] = https://curl.haxx.se/bug/?i=5723 - [57] = https://curl.haxx.se/bug/?i=5754 - [58] = https://curl.haxx.se/bug/?i=5754 - [59] = https://curl.haxx.se/bug/?i=5762 - [60] = https://curl.haxx.se/bug/?i=5759 - [61] = https://curl.haxx.se/bug/?i=5757 - [62] = https://curl.haxx.se/bug/?i=5749 - [63] = https://curl.haxx.se/bug/?i=5715 - [64] = https://curl.haxx.se/bug/?i=5701 - [65] = https://curl.haxx.se/bug/?i=5752 - [66] = https://curl.haxx.se/bug/?i=5708 - [67] = https://curl.haxx.se/bug/?i=5721 - [68] = https://curl.haxx.se/bug/?i=5785 - [69] = https://curl.haxx.se/bug/?i=5786 - [70] = https://curl.haxx.se/bug/?i=5709 - [71] = https://curl.haxx.se/bug/?i=5782 - [72] = https://curl.haxx.se/bug/?i=5779 - [73] = https://curl.haxx.se/bug/?i=5778 - [74] = https://curl.haxx.se/bug/?i=5778 - [75] = https://curl.haxx.se/bug/?i=5761 - [76] = https://curl.haxx.se/bug/?i=5777 - [77] = https://curl.haxx.se/bug/?i=5794 - [78] = https://github.com/curl/curl/commit/7370b4e39f1390e701f5b68d910c619151daf72b#r41334700 - [79] = https://curl.haxx.se/bug/?i=5772 - [80] = https://curl.haxx.se/bug/?i=5773 - [81] = https://curl.haxx.se/bug/?i=5663 - [82] = https://curl.haxx.se/bug/?i=5674 - [83] = https://curl.haxx.se/bug/?i=5767 - [84] = https://curl.haxx.se/bug/?i=5767 - [85] = https://curl.haxx.se/bug/?i=5797 - [86] = https://curl.haxx.se/bug/?i=5822 - [87] = https://curl.haxx.se/bug/?i=5817 - [88] = https://curl.haxx.se/bug/?i=5795 - [89] = https://curl.haxx.se/bug/?i=5792 - [90] = https://curl.haxx.se/bug/?i=5783 - [91] = https://curl.haxx.se/bug/?i=5819 - [92] = https://curl.haxx.se/bug/?i=5788 - [93] = https://curl.haxx.se/bug/?i=5814 - [94] = https://curl.haxx.se/bug/?i=5812 - [95] = https://curl.haxx.se/bug/?i=5811 - [96] = https://curl.haxx.se/bug/?i=5793 - [97] = https://curl.haxx.se/bug/?i=5805 - [98] = https://curl.haxx.se/docs/CVE-2020-8231.html + [1] = https://curl.haxx.se/bug/?i=5826 diff --git a/include/curl/curlver.h b/include/curl/curlver.h index b9fd7e6d6..41db2d6f1 100644 --- a/include/curl/curlver.h +++ b/include/curl/curlver.h @@ -30,13 +30,13 @@ /* This is the version number of the libcurl package from which this header file origins: */ -#define LIBCURL_VERSION "7.72.0-DEV" +#define LIBCURL_VERSION "7.72.1-DEV" /* The numeric version number is also available "in parts" by using these defines: */ #define LIBCURL_VERSION_MAJOR 7 #define LIBCURL_VERSION_MINOR 72 -#define LIBCURL_VERSION_PATCH 0 +#define LIBCURL_VERSION_PATCH 1 /* This is the numeric version of the libcurl version number, meant for easier parsing and comparisons by programs. The LIBCURL_VERSION_NUM define will @@ -57,7 +57,7 @@ CURL_VERSION_BITS() macro since curl's own configure script greps for it and needs it to contain the full number. */ -#define LIBCURL_VERSION_NUM 0x074800 +#define LIBCURL_VERSION_NUM 0x074801 /* * This is the date and time when the full source package was created. The