1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-11 20:15:03 -05:00

RELEASE-NOTES: synced

and bumped to 7.76.1
This commit is contained in:
Daniel Stenberg 2021-04-04 23:53:02 +02:00
parent f573998c22
commit f6bbc3407a
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
2 changed files with 15 additions and 274 deletions

View File

@ -1,6 +1,6 @@
curl and libcurl 7.76.0
curl and libcurl 7.76.1
Public curl releases: 198
Public curl releases: 199
Command line options: 240
curl_easy_setopt() options: 288
Public functions in libcurl: 85
@ -8,145 +8,13 @@ curl and libcurl 7.76.0
This release includes the following changes:
o cookies: Support multiple -b parameters [69]
o curl: add --fail-with-body [17]
o doh: add options to disable ssl verification [5]
o http: add support to read and store the referrer header [30]
o sasl: support SCRAM-SHA-1 and SCRAM-SHA-256 via libgsasl [4]
o vtls: initial implementation of rustls backend [3]
o
This release includes the following bugfixes:
o CVE-2021-22876: strip credentials from the auto-referer header field [88]
o CVE-2021-22890: add 'isproxy' argument to Curl_ssl_get/addsessionid() [55]
o asyn-ares: use consistent resolve error message [37]
o BUG-BOUNTY: removed the cooperation mention
o build: delete unused feature guards [51]
o build: fix --disable-dateparse [1]
o build: fix --disable-http-auth
o build: remove all traces of USE_BLOCKING_SOCKETS [70]
o c-hyper: Remove superfluous pointer check [56]
o c-hyper: support automatic content-encoding [74]
o CI/azure: disable test 433 on azure-ubuntu [105]
o CI/azure: replace python-impacket with python3-impacket [61]
o ci: stop building on freebsd-12-1 [38]
o cmake: fix import library name for non-MS compiler on Windows [10]
o cmake: use CMAKE_INSTALL_INCLUDEDIR indirection [49]
o cmake: support WinIDN [100]
o config: fix building SMB with configure using Win32 Crypto [91]
o config: fix detection of restricted Windows App environment
o configure: fail if --with-quiche is used and quiche isn't found [48]
o configure: make AC_TRY_* into AC_*_IFELSE
o configure: make hyper opt-in, and fail if missing [53]
o configure: only add OpenSSL paths if they are defined [68]
o configure: provide Largefile feature for curl-config [79]
o configure: remove use of deprecated macros
o configure: s/AC_HELP_STRING/AS_HELP_STRING [110]
o cookies: Fix potential NULL pointer deref with PSL [66]
o curl: set CURLOPT_NEW_FILE_PERMS if requested [65]
o curl_easy_setopt.3: add curl_easy_option* functions to SEE ALSO
o curl_multibyte: always return a heap-allocated copy of string [29]
o curl_multibyte: fall back to local code page stat/access on Windows [8]
o Curl_timeleft: check both timeouts during connect [109]
o curl_url_set.3: mention CURLU_PATH_AS_IS [13]
o CURLOPT_QUOTE.3: clarify that libcurl doesn't parse what's sent [16]
o docs/HTTP2: remove the outdated remark about multiplexing for the tool
o docs/Makefile.inc: format to be update-friendly [11]
o docs: add CURLOPT_CURLU to 'See also' in curl_url_ functions [52]
o docs: add missing Arg tag to --stderr [58]
o docs: Add SSL backend names to CURL_SSL_BACKEND [106]
o docs: clarify timeouts for queued transfers in multi API [101]
o docs: Explain DOH transfers inherit some SSL settings [107]
o docs: fix FILE example url in --metalink documentation [19]
o docs: make gen.pl support *italic* and **bold** [112]
o doh: Fix sharing user's resolve list with DOH handles [46]
o doh: Inherit CURLOPT_STDERR from user's easy handle [60]
o dynbuf: bump the max HTTP request to 1MB [39]
o examples: Remove threaded-shared-conn.c due to bug [119]
o file: Support unicode urls on windows [9]
o ftp: add 'list_only' to the transfer state struct [35]
o ftp: add 'prefer_ascii' to the transfer state struct [36]
o FTP: allow SIZE to fail when doing (resumed) upload [78]
o ftp: avoid SIZE when asking for a TYPE A file [23]
o ftp: fix Codacy/cppcheck warning about null pointer arithmetic [34]
o ftp: fix memory leak in ftp_done [96]
o ftp: never set data->set.ftp_append outside setopt [14]
o gen.pl: quote "bare" minuses in the nroff curl.1 [92]
o github: add torture-ftp for FTP-only torture testing [94]
o gnutls: assume nettle crypto support [33]
o gskit: correct the gskit_send() prototype [21]
o hostip: fix build with sync resolver [20]
o hostip: fix crash in sync resolver builds that use DOH [12]
o hsts: remove unused defines [93]
o http2: don't set KEEP_SEND when there's no more data to be sent [90]
o http2: fail if connection terminated without END_STREAM [97]
o http: cap body data amount during send speed limiting [116]
o http: do not add a referrer header with empty value [44]
o http: make 416 not fail with resume + CURLOPT_FAILONERRROR [108]
o http: remove superfluous NULL assign [75]
o http: strip default port from URL sent to proxy [104]
o http: use credentials from transfer, not connection [25]
o ldap: use correct memory free function [63]
o lib1536: check ptr against NULL before dereferencing it [83]
o lib1537: check ptr against NULL before dereferencing it [84]
o lib: remove 'conn->data' completely [45]
o libssh2: kdb_callback: get the right struct pointer [99]
o libssh2:ssh_connect: clear session pointer after free [98]
o memdebug: close debug logfile explicitly on exit [28]
o mingw: enable using strcasecmp() [50]
o multi: close the connection when h2=>h1 downgrading [122]
o multi: do once-per-transfer inits in before_perform in DID state [54]
o multi: rename the multi transfer states [43]
o multi: update pending list when removing handle [82]
o ngtcp2: adapt to the new recv_datagram callback
o ngtcp2: clarify calculation precedence [27]
o ngtcp2: Fix build error due to change in ngtcp2_addr_init [81]
o ngtcp2: sync with recent API updates [113]
o openldap: avoid NULL pointer dereferences [102]
o openssl: adapt to v3's new const for a few API calls [86]
o openssl: ensure to check SSL_CTX_set_alpn_protos return values [121]
o openssl: remove get_ssl_version_txt in favor of SSL_get_version [67]
o openssl: set the transfer pointer for logging early [123]
o OS400: update for CURLOPT_AWS_SIGV4 [2]
o parse_proxy: fix a memory leak in the OOM path [41]
o pathhelp.pm: fix use of pwd -L in Msys environment
o projects: Update VS projects for OpenSSL 1.1.x [59]
o quiche: fix build error: use 'int' for port number
o quiche: fix crash when failing to connect [87]
o retry-all-errors.d: Explain curl errors versus HTTP response errors [72]
o retry.d: Clarify transient 5xx HTTP response codes [71]
o runtests.pl: add %TESTNUMBER variable to make copying tests more convenient
o runtests.pl: add a -P option to specify an external proxy
o runtests.pl: kill processes locking test log files [62]
o setopt: error on CURLOPT_HTTP09_ALLOWED set true with Hyper [77]
o test1188: change error to check for: --fail HTTP status [26]
o test220/314: adjust to run with Hyper
o test304: header CRLF cleanup to work with Hyper
o test306: make it not run with Hyper
o tests: disable .curlrc in more environments [7]
o tests: use %TESTNUMBER instead of fixed number [103]
o tftp: remove the 3600 second default timeout [111]
o time: enable 64-bit time_t in supported mingw environments [24]
o tool_help: add missing argument for --create-file-mode [18]
o tool_help: Increase space between option and description [64]
o tool_operate: bail if set CURLOPT_HTTP09_ALLOWED returns error [76]
o travis: add a rustls build [89]
o travis: bump wolfssl to 4.7.0
o travis: only build wolfssl when needed [85]
o travis: split "torture" into a separate "events" build [95]
o travis: switch ngtcp2 build over to quictls [73]
o travis: use ubuntu nghttp2 package instead of build our own [80]
o url.c: use consistent error message for failed resolve
o url: fix memory leak if OOM in the HSTS handling [32]
o url: fix possible use-after-free in default protocol [42]
o urldata: don't touch data->set.httpversion at run-time [6]
o urldata: fix build without HTTP and MQTT [22]
o urldata: make 'actions[]' use unsigned char instead of int [47]
o urldata: merge "struct DynamicStatic" into "struct UrlState" [117]
o urldata: remove the 'rtspversion' field [15]
o urldata: remove the _ORIG suffix from string names [31]
o version.d: Add missing features to the features list [57]
o wolfssl: don't store a NULL sessionid [40]
o TLS: fix HTTP/2 selection [3]
o hostip: Fix for builds that disable all asynchronous DNS [1]
o openssl: Fix CURLOPT_SSLCERT_BLOB without CURLOPT_SSLCERT_KEY [2]
This release includes the following known bugs:
@ -155,139 +23,12 @@ This release includes the following known bugs:
This release would not have looked like this without help, code, reports and
advice from friends like these:
Ádler Jonas Gross, Alejandro Colomar, Alex Xu, Amaury Denoyelle, Andrei Bica,
Anthony Ramine, arvids-kokins-bidstack on github, awesomenode on github,
Benbuck Nason, Bodo Bergmann, Carl Zogheib, Christian Schmitz, Dan Fandrich,
Daniel Gustafsson, Daniel Stenberg, David Demelier, David Goerger, David Hu,
ebejan on github, Emil Engler, Fabian Keil, Firefox OS, Gisle Vanem,
Gregor Jasny, Ikko Ashimine, Jack Boos Yu, Jacob Hoffman-Andrews,
Jean-Philippe Menil, Joel Teichroeb, Johannes Lesr, Jonathan Watt,
Jon Rumsey, Jordan Brown, Joseph Chen, Jun-ya Kato, kokke on github,
Lawrence Gripper, Li Xinwei, Manuj Bhatia, Marcel Raad, Marc Hörsken,
Michael Brown, Michael Hordijk, Mingtao Yang, Oumph on github,
Patrick Monnerat, Per Jensen, Ray Satiro, Robert Ronto, Sergei Nikulov,
Simon Josefsson, Stephan Szabo, Tomas Berger, Viktor Szakats, Vincent Torri,
Vladimir Varlamov, ZimCodes on github, ウさん
(58 contributors)
Benbuck Nason, Christian Schmitz, Daniel Stenberg, Gilles Vollant,
Kenneth Davidson, Ray Satiro, romamik om github,
(7 contributors)
References to bug reports and discussions on issues:
[1] = https://curl.se/mail/lib-2021-02/0008.html
[2] = https://curl.se/bug/?i=6560
[3] = https://curl.se/bug/?i=6350
[4] = https://curl.se/bug/?i=6372
[5] = https://curl.se/bug/?i=4578
[6] = https://curl.se/bug/?i=6585
[7] = https://curl.se/bug/?i=6595
[8] = https://curl.se/bug/?i=6514
[9] = https://curl.se/bug/?i=6501
[10] = https://curl.se/bug/?i=6225
[11] = https://curl.se/bug/?i=6593
[12] = https://curl.se/bug/?i=6603
[13] = https://curl.se/mail/lib-2021-02/0046.html
[14] = https://curl.se/bug/?i=6579
[15] = https://curl.se/bug/?i=6581
[16] = https://curl.se/bug/?i=6577
[17] = https://curl.se/bug/?i=6449
[18] = https://curl.se/bug/?i=6590
[19] = https://curl.se/bug/?i=6573
[20] = https://curl.se/bug/?i=6566
[21] = https://curl.se/bug/?i=6569
[22] = https://curl.se/bug/?i=6562
[23] = https://curl.se/bug/?i=6564
[24] = https://curl.se/bug/?i=6636
[25] = https://curl.se/bug/?i=6542
[26] = https://curl.se/bug/?i=6637
[27] = https://curl.se/bug/?i=6576
[28] = https://github.com/curl/curl/pull/6591#issuecomment-780396541
[29] = https://curl.se/bug/?i=6602
[30] = https://curl.se/bug/?i=6591
[31] = https://curl.se/bug/?i=6624
[32] = https://github.com/curl/curl/pull/6627#issuecomment-781626205
[33] = https://curl.se/bug/?i=6625
[34] = https://curl.se/bug/?i=6576
[35] = https://curl.se/bug/?i=6578
[36] = https://curl.se/bug/?i=6578
[37] = https://curl.se/bug/?i=6626
[38] = https://curl.se/bug/?i=6622
[39] = https://curl.se/bug/?i=6681
[40] = https://curl.se/bug/?i=6616
[41] = https://github.com/curl/curl/pull/6591#issuecomment-780396541
[42] = https://github.com/curl/curl/issues/6604#issuecomment-780138219
[43] = https://curl.se/bug/?i=6612
[44] = https://curl.se/bug/?i=6610
[45] = https://curl.se/bug/?i=6608
[46] = https://curl.se/bug/?i=6589
[47] = https://curl.se/bug/?i=6648
[48] = https://curl.se/bug/?i=6652
[49] = https://curl.se/bug/?i=6440
[50] = https://curl.se/bug/?i=6644
[51] = https://curl.se/bug/?i=6645
[52] = https://curl.se/bug/?i=6639
[53] = https://curl.se/bug/?i=6598
[54] = https://curl.se/bug/?i=6640
[55] = https://curl.se/docs/CVE-2021-22890.html
[56] = https://curl.se/bug/?i=6697
[57] = https://curl.se/bug/?i=6677
[58] = https://curl.se/bug/?i=6692
[59] = https://curl.se/bug/?i=984
[60] = https://github.com/curl/curl/issues/6605
[61] = https://curl.se/bug/?i=6678
[62] = https://curl.se/bug/?i=6179
[63] = https://curl.se/bug/?i=6671
[64] = https://curl.se/bug/?i=6674
[65] = https://curl.se/bug/?i=6657
[66] = https://curl.se/bug/?i=6731
[67] = https://curl.se/bug/?i=6665
[68] = https://curl.se/bug/?i=6730
[69] = https://curl.se/bug/?i=6649
[70] = https://curl.se/bug/?i=6655
[71] = https://curl.se/bug/?i=6724
[72] = https://curl.se/bug/?i=6712
[73] = https://curl.se/bug/?i=6729
[74] = https://curl.se/bug/?i=6727
[75] = https://curl.se/bug/?i=6727
[76] = https://curl.se/bug/?i=6727
[77] = https://curl.se/bug/?i=6727
[78] = https://curl.se/bug/?i=6715
[79] = https://curl.se/bug/?i=6702
[80] = https://curl.se/bug/?i=6751
[81] = https://curl.se/bug/?i=6716
[82] = https://curl.se/bug/?i=6713
[83] = https://curl.se/bug/?i=6710
[84] = https://curl.se/bug/?i=6707
[85] = https://curl.se/bug/?i=6751
[86] = https://curl.se/bug/?i=6703
[87] = https://curl.se/bug/?i=6664
[88] = https://curl.se/docs/CVE-2021-22876.html
[89] = https://curl.se/bug/?i=6750
[90] = https://curl.se/bug/?i=6747
[91] = https://curl.se/bug/?i=6277
[92] = https://curl.se/bug/?i=6698
[93] = https://curl.se/bug/?i=6741
[94] = https://curl.se/bug/?i=6728
[95] = https://curl.se/bug/?i=6728
[96] = https://curl.se/bug/?i=6737
[97] = https://curl.se/bug/?i=6736
[98] = https://curl.se/bug/?i=6764
[99] = https://curl.se/bug/?i=6691
[100] = https://curl.se/bug/?i=6807
[101] = https://curl.se/bug/?i=6758
[102] = https://curl.se/bug/?i=6676
[103] = https://curl.se/bug/?i=6738
[104] = https://curl.se/bug/?i=6769
[105] = https://curl.se/bug/?i=6739
[106] = https://curl.se/bug/?i=6755
[107] = https://curl.se/bug/?i=6688
[108] = https://curl.se/bug/?i=6740
[109] = https://curl.se/bug/?i=6744
[110] = https://curl.se/bug/?i=6647
[111] = https://curl.se/bug/?i=6774
[112] = https://curl.se/bug/?i=6771
[113] = https://curl.se/bug/?i=6770
[116] = https://curl.se/mail/lib-2021-03/0042.html
[117] = https://curl.se/bug/?i=6798
[119] = https://curl.se/bug/?i=6795
[121] = https://curl.se/bug/?i=6794
[122] = https://curl.se/bug/?i=6788
[123] = https://curl.se/bug/?i=6783
[1] = https://curl.se/bug/?i=6831
[2] = https://curl.se/bug/?i=6816
[3] = https://curl.se/bug/?i=6825

View File

@ -30,13 +30,13 @@
/* This is the version number of the libcurl package from which this header
file origins: */
#define LIBCURL_VERSION "7.76.0-DEV"
#define LIBCURL_VERSION "7.76.1-DEV"
/* The numeric version number is also available "in parts" by using these
defines: */
#define LIBCURL_VERSION_MAJOR 7
#define LIBCURL_VERSION_MINOR 76
#define LIBCURL_VERSION_PATCH 0
#define LIBCURL_VERSION_PATCH 1
/* This is the numeric version of the libcurl version number, meant for easier
parsing and comparisons by programs. The LIBCURL_VERSION_NUM define will
@ -57,7 +57,7 @@
CURL_VERSION_BITS() macro since curl's own configure script greps for it
and needs it to contain the full number.
*/
#define LIBCURL_VERSION_NUM 0x074c00
#define LIBCURL_VERSION_NUM 0x074c01
/*
* This is the date and time when the full source package was created. The