RELEASE-NOTES: synced

and bumped to 7.76.1

2 files changed, 15 insertions, 274 deletions

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index ac4343930..0df539348 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -1,6 +1,6 @@
-curl and libcurl 7.76.0
+curl and libcurl 7.76.1
 
- Public curl releases:         198
+ Public curl releases:         199
  Command line options:         240
  curl_easy_setopt() options:   288
  Public functions in libcurl:  85
@@ -8,145 +8,13 @@ curl and libcurl 7.76.0
 
 This release includes the following changes:
 
- o cookies: Support multiple -b parameters [69]
- o curl: add --fail-with-body [17]
- o doh: add options to disable ssl verification [5]
- o http: add support to read and store the referrer header [30]
- o sasl: support SCRAM-SHA-1 and SCRAM-SHA-256 via libgsasl [4]
- o vtls: initial implementation of rustls backend [3]
+ o
 
 This release includes the following bugfixes:
 
- o CVE-2021-22876: strip credentials from the auto-referer header field [88]
- o CVE-2021-22890: add 'isproxy' argument to Curl_ssl_get/addsessionid() [55]
- o asyn-ares: use consistent resolve error message [37]
- o BUG-BOUNTY: removed the cooperation mention
- o build: delete unused feature guards [51]
- o build: fix --disable-dateparse [1]
- o build: fix --disable-http-auth
- o build: remove all traces of USE_BLOCKING_SOCKETS [70]
- o c-hyper: Remove superfluous pointer check [56]
- o c-hyper: support automatic content-encoding [74]
- o CI/azure: disable test 433 on azure-ubuntu [105]
- o CI/azure: replace python-impacket with python3-impacket [61]
- o ci: stop building on freebsd-12-1 [38]
- o cmake: fix import library name for non-MS compiler on Windows [10]
- o cmake: use CMAKE_INSTALL_INCLUDEDIR indirection [49]
- o cmake: support WinIDN [100]
- o config: fix building SMB with configure using Win32 Crypto [91]
- o config: fix detection of restricted Windows App environment
- o configure: fail if --with-quiche is used and quiche isn't found [48]
- o configure: make AC_TRY_* into AC_*_IFELSE
- o configure: make hyper opt-in, and fail if missing [53]
- o configure: only add OpenSSL paths if they are defined [68]
- o configure: provide Largefile feature for curl-config [79]
- o configure: remove use of deprecated macros
- o configure: s/AC_HELP_STRING/AS_HELP_STRING [110]
- o cookies: Fix potential NULL pointer deref with PSL [66]
- o curl: set CURLOPT_NEW_FILE_PERMS if requested [65]
- o curl_easy_setopt.3: add curl_easy_option* functions to SEE ALSO
- o curl_multibyte: always return a heap-allocated copy of string [29]
- o curl_multibyte: fall back to local code page stat/access on Windows [8]
- o Curl_timeleft: check both timeouts during connect [109]
- o curl_url_set.3: mention CURLU_PATH_AS_IS [13]
- o CURLOPT_QUOTE.3: clarify that libcurl doesn't parse what's sent [16]
- o docs/HTTP2: remove the outdated remark about multiplexing for the tool
- o docs/Makefile.inc: format to be update-friendly [11]
- o docs: add CURLOPT_CURLU to 'See also' in curl_url_ functions [52]
- o docs: add missing Arg tag to --stderr [58]
- o docs: Add SSL backend names to CURL_SSL_BACKEND [106]
- o docs: clarify timeouts for queued transfers in multi API [101]
- o docs: Explain DOH transfers inherit some SSL settings [107]
- o docs: fix FILE example url in --metalink documentation [19]
- o docs: make gen.pl support *italic* and **bold** [112]
- o doh: Fix sharing user's resolve list with DOH handles [46]
- o doh: Inherit CURLOPT_STDERR from user's easy handle [60]
- o dynbuf: bump the max HTTP request to 1MB [39]
- o examples: Remove threaded-shared-conn.c due to bug [119]
- o file: Support unicode urls on windows [9]
- o ftp: add 'list_only' to the transfer state struct [35]
- o ftp: add 'prefer_ascii' to the transfer state struct [36]
- o FTP: allow SIZE to fail when doing (resumed) upload [78]
- o ftp: avoid SIZE when asking for a TYPE A file [23]
- o ftp: fix Codacy/cppcheck warning about null pointer arithmetic [34]
- o ftp: fix memory leak in ftp_done [96]
- o ftp: never set data->set.ftp_append outside setopt [14]
- o gen.pl: quote "bare" minuses in the nroff curl.1 [92]
- o github: add torture-ftp for FTP-only torture testing [94]
- o gnutls: assume nettle crypto support [33]
- o gskit: correct the gskit_send() prototype [21]
- o hostip: fix build with sync resolver [20]
- o hostip: fix crash in sync resolver builds that use DOH [12]
- o hsts: remove unused defines [93]
- o http2: don't set KEEP_SEND when there's no more data to be sent [90]
- o http2: fail if connection terminated without END_STREAM [97]
- o http: cap body data amount during send speed limiting [116]
- o http: do not add a referrer header with empty value [44]
- o http: make 416 not fail with resume + CURLOPT_FAILONERRROR [108]
- o http: remove superfluous NULL assign [75]
- o http: strip default port from URL sent to proxy [104]
- o http: use credentials from transfer, not connection [25]
- o ldap: use correct memory free function [63]
- o lib1536: check ptr against NULL before dereferencing it [83]
- o lib1537: check ptr against NULL before dereferencing it [84]
- o lib: remove 'conn->data' completely [45]
- o libssh2: kdb_callback: get the right struct pointer [99]
- o libssh2:ssh_connect: clear session pointer after free [98]
- o memdebug: close debug logfile explicitly on exit [28]
- o mingw: enable using strcasecmp() [50]
- o multi: close the connection when h2=>h1 downgrading [122]
- o multi: do once-per-transfer inits in before_perform in DID state [54]
- o multi: rename the multi transfer states [43]
- o multi: update pending list when removing handle [82]
- o ngtcp2: adapt to the new recv_datagram callback
- o ngtcp2: clarify calculation precedence [27]
- o ngtcp2: Fix build error due to change in ngtcp2_addr_init [81]
- o ngtcp2: sync with recent API updates [113]
- o openldap: avoid NULL pointer dereferences [102]
- o openssl: adapt to v3's new const for a few API calls [86]
- o openssl: ensure to check SSL_CTX_set_alpn_protos return values [121]
- o openssl: remove get_ssl_version_txt in favor of SSL_get_version [67]
- o openssl: set the transfer pointer for logging early [123]
- o OS400: update for CURLOPT_AWS_SIGV4 [2]
- o parse_proxy: fix a memory leak in the OOM path [41]
- o pathhelp.pm: fix use of pwd -L in Msys environment
- o projects: Update VS projects for OpenSSL 1.1.x [59]
- o quiche: fix build error: use 'int' for port number
- o quiche: fix crash when failing to connect [87]
- o retry-all-errors.d: Explain curl errors versus HTTP response errors [72]
- o retry.d: Clarify transient 5xx HTTP response codes [71]
- o runtests.pl: add %TESTNUMBER variable to make copying tests more convenient
- o runtests.pl: add a -P option to specify an external proxy
- o runtests.pl: kill processes locking test log files [62]
- o setopt: error on CURLOPT_HTTP09_ALLOWED set true with Hyper [77]
- o test1188: change error to check for: --fail HTTP status [26]
- o test220/314: adjust to run with Hyper
- o test304: header CRLF cleanup to work with Hyper
- o test306: make it not run with Hyper
- o tests: disable .curlrc in more environments [7]
- o tests: use %TESTNUMBER instead of fixed number [103]
- o tftp: remove the 3600 second default timeout [111]
- o time: enable 64-bit time_t in supported mingw environments [24]
- o tool_help: add missing argument for --create-file-mode [18]
- o tool_help: Increase space between option and description [64]
- o tool_operate: bail if set CURLOPT_HTTP09_ALLOWED returns error [76]
- o travis: add a rustls build [89]
- o travis: bump wolfssl to 4.7.0
- o travis: only build wolfssl when needed [85]
- o travis: split "torture" into a separate "events" build [95]
- o travis: switch ngtcp2 build over to quictls [73]
- o travis: use ubuntu nghttp2 package instead of build our own [80]
- o url.c: use consistent error message for failed resolve
- o url: fix memory leak if OOM in the HSTS handling [32]
- o url: fix possible use-after-free in default protocol [42]
- o urldata: don't touch data->set.httpversion at run-time [6]
- o urldata: fix build without HTTP and MQTT [22]
- o urldata: make 'actions[]' use unsigned char instead of int [47]
- o urldata: merge "struct DynamicStatic" into "struct UrlState" [117]
- o urldata: remove the 'rtspversion' field [15]
- o urldata: remove the _ORIG suffix from string names [31]
- o version.d: Add missing features to the features list [57]
- o wolfssl: don't store a NULL sessionid [40]
+ o TLS: fix HTTP/2 selection [3]
+ o hostip: Fix for builds that disable all asynchronous DNS [1]
+ o openssl: Fix CURLOPT_SSLCERT_BLOB without CURLOPT_SSLCERT_KEY [2]
 
 This release includes the following known bugs:
 
@@ -155,139 +23,12 @@ This release includes the following known bugs:
 This release would not have looked like this without help, code, reports and
 advice from friends like these:
 
-  Ádler Jonas Gross, Alejandro Colomar, Alex Xu, Amaury Denoyelle, Andrei Bica,
-  Anthony Ramine, arvids-kokins-bidstack on github, awesomenode on github,
-  Benbuck Nason, Bodo Bergmann, Carl Zogheib, Christian Schmitz, Dan Fandrich,
-  Daniel Gustafsson, Daniel Stenberg, David Demelier, David Goerger, David Hu,
-  ebejan on github, Emil Engler, Fabian Keil, Firefox OS, Gisle Vanem,
-  Gregor Jasny, Ikko Ashimine, Jack Boos Yu, Jacob Hoffman-Andrews,
-  Jean-Philippe Menil, Joel Teichroeb, Johannes Lesr, Jonathan Watt,
-  Jon Rumsey, Jordan Brown, Joseph Chen, Jun-ya Kato, kokke on github,
-  Lawrence Gripper, Li Xinwei, Manuj Bhatia, Marcel Raad, Marc Hörsken,
-  Michael Brown, Michael Hordijk, Mingtao Yang, Oumph on github,
-  Patrick Monnerat, Per Jensen, Ray Satiro, Robert Ronto, Sergei Nikulov,
-  Simon Josefsson, Stephan Szabo, Tomas Berger, Viktor Szakats, Vincent Torri,
-  Vladimir Varlamov, ZimCodes on github, ウさん
-  (58 contributors)
+  Benbuck Nason, Christian Schmitz, Daniel Stenberg, Gilles Vollant,
+  Kenneth Davidson, Ray Satiro, romamik om github,
+  (7 contributors)
 
 References to bug reports and discussions on issues:
 
- [1] = https://curl.se/mail/lib-2021-02/0008.html
- [2] = https://curl.se/bug/?i=6560
- [3] = https://curl.se/bug/?i=6350
- [4] = https://curl.se/bug/?i=6372
- [5] = https://curl.se/bug/?i=4578
- [6] = https://curl.se/bug/?i=6585
- [7] = https://curl.se/bug/?i=6595
- [8] = https://curl.se/bug/?i=6514
- [9] = https://curl.se/bug/?i=6501
- [10] = https://curl.se/bug/?i=6225
- [11] = https://curl.se/bug/?i=6593
- [12] = https://curl.se/bug/?i=6603
- [13] = https://curl.se/mail/lib-2021-02/0046.html
- [14] = https://curl.se/bug/?i=6579
- [15] = https://curl.se/bug/?i=6581
- [16] = https://curl.se/bug/?i=6577
- [17] = https://curl.se/bug/?i=6449
- [18] = https://curl.se/bug/?i=6590
- [19] = https://curl.se/bug/?i=6573
- [20] = https://curl.se/bug/?i=6566
- [21] = https://curl.se/bug/?i=6569
- [22] = https://curl.se/bug/?i=6562
- [23] = https://curl.se/bug/?i=6564
- [24] = https://curl.se/bug/?i=6636
- [25] = https://curl.se/bug/?i=6542
- [26] = https://curl.se/bug/?i=6637
- [27] = https://curl.se/bug/?i=6576
- [28] = https://github.com/curl/curl/pull/6591#issuecomment-780396541
- [29] = https://curl.se/bug/?i=6602
- [30] = https://curl.se/bug/?i=6591
- [31] = https://curl.se/bug/?i=6624
- [32] = https://github.com/curl/curl/pull/6627#issuecomment-781626205
- [33] = https://curl.se/bug/?i=6625
- [34] = https://curl.se/bug/?i=6576
- [35] = https://curl.se/bug/?i=6578
- [36] = https://curl.se/bug/?i=6578
- [37] = https://curl.se/bug/?i=6626
- [38] = https://curl.se/bug/?i=6622
- [39] = https://curl.se/bug/?i=6681
- [40] = https://curl.se/bug/?i=6616
- [41] = https://github.com/curl/curl/pull/6591#issuecomment-780396541
- [42] = https://github.com/curl/curl/issues/6604#issuecomment-780138219
- [43] = https://curl.se/bug/?i=6612
- [44] = https://curl.se/bug/?i=6610
- [45] = https://curl.se/bug/?i=6608
- [46] = https://curl.se/bug/?i=6589
- [47] = https://curl.se/bug/?i=6648
- [48] = https://curl.se/bug/?i=6652
- [49] = https://curl.se/bug/?i=6440
- [50] = https://curl.se/bug/?i=6644
- [51] = https://curl.se/bug/?i=6645
- [52] = https://curl.se/bug/?i=6639
- [53] = https://curl.se/bug/?i=6598
- [54] = https://curl.se/bug/?i=6640
- [55] = https://curl.se/docs/CVE-2021-22890.html
- [56] = https://curl.se/bug/?i=6697
- [57] = https://curl.se/bug/?i=6677
- [58] = https://curl.se/bug/?i=6692
- [59] = https://curl.se/bug/?i=984
- [60] = https://github.com/curl/curl/issues/6605
- [61] = https://curl.se/bug/?i=6678
- [62] = https://curl.se/bug/?i=6179
- [63] = https://curl.se/bug/?i=6671
- [64] = https://curl.se/bug/?i=6674
- [65] = https://curl.se/bug/?i=6657
- [66] = https://curl.se/bug/?i=6731
- [67] = https://curl.se/bug/?i=6665
- [68] = https://curl.se/bug/?i=6730
- [69] = https://curl.se/bug/?i=6649
- [70] = https://curl.se/bug/?i=6655
- [71] = https://curl.se/bug/?i=6724
- [72] = https://curl.se/bug/?i=6712
- [73] = https://curl.se/bug/?i=6729
- [74] = https://curl.se/bug/?i=6727
- [75] = https://curl.se/bug/?i=6727
- [76] = https://curl.se/bug/?i=6727
- [77] = https://curl.se/bug/?i=6727
- [78] = https://curl.se/bug/?i=6715
- [79] = https://curl.se/bug/?i=6702
- [80] = https://curl.se/bug/?i=6751
- [81] = https://curl.se/bug/?i=6716
- [82] = https://curl.se/bug/?i=6713
- [83] = https://curl.se/bug/?i=6710
- [84] = https://curl.se/bug/?i=6707
- [85] = https://curl.se/bug/?i=6751
- [86] = https://curl.se/bug/?i=6703
- [87] = https://curl.se/bug/?i=6664
- [88] = https://curl.se/docs/CVE-2021-22876.html
- [89] = https://curl.se/bug/?i=6750
- [90] = https://curl.se/bug/?i=6747
- [91] = https://curl.se/bug/?i=6277
- [92] = https://curl.se/bug/?i=6698
- [93] = https://curl.se/bug/?i=6741
- [94] = https://curl.se/bug/?i=6728
- [95] = https://curl.se/bug/?i=6728
- [96] = https://curl.se/bug/?i=6737
- [97] = https://curl.se/bug/?i=6736
- [98] = https://curl.se/bug/?i=6764
- [99] = https://curl.se/bug/?i=6691
- [100] = https://curl.se/bug/?i=6807
- [101] = https://curl.se/bug/?i=6758
- [102] = https://curl.se/bug/?i=6676
- [103] = https://curl.se/bug/?i=6738
- [104] = https://curl.se/bug/?i=6769
- [105] = https://curl.se/bug/?i=6739
- [106] = https://curl.se/bug/?i=6755
- [107] = https://curl.se/bug/?i=6688
- [108] = https://curl.se/bug/?i=6740
- [109] = https://curl.se/bug/?i=6744
- [110] = https://curl.se/bug/?i=6647
- [111] = https://curl.se/bug/?i=6774
- [112] = https://curl.se/bug/?i=6771
- [113] = https://curl.se/bug/?i=6770
- [116] = https://curl.se/mail/lib-2021-03/0042.html
- [117] = https://curl.se/bug/?i=6798
- [119] = https://curl.se/bug/?i=6795
- [121] = https://curl.se/bug/?i=6794
- [122] = https://curl.se/bug/?i=6788
- [123] = https://curl.se/bug/?i=6783
+ [1] = https://curl.se/bug/?i=6831
+ [2] = https://curl.se/bug/?i=6816
+ [3] = https://curl.se/bug/?i=6825
diff --git a/include/curl/curlver.h b/include/curl/curlver.h
index 5b104ecfe..7ac16692d 100644
--- a/include/curl/curlver.h
+++ b/include/curl/curlver.h
@@ -30,13 +30,13 @@
 
 /* This is the version number of the libcurl package from which this header
    file origins: */
-#define LIBCURL_VERSION "7.76.0-DEV"
+#define LIBCURL_VERSION "7.76.1-DEV"
 
 /* The numeric version number is also available "in parts" by using these
    defines: */
 #define LIBCURL_VERSION_MAJOR 7
 #define LIBCURL_VERSION_MINOR 76
-#define LIBCURL_VERSION_PATCH 0
+#define LIBCURL_VERSION_PATCH 1
 
 /* This is the numeric version of the libcurl version number, meant for easier
    parsing and comparisons by programs. The LIBCURL_VERSION_NUM define will
@@ -57,7 +57,7 @@
    CURL_VERSION_BITS() macro since curl's own configure script greps for it
    and needs it to contain the full number.
 */
-#define LIBCURL_VERSION_NUM 0x074c00
+#define LIBCURL_VERSION_NUM 0x074c01
 
 /*
  * This is the date and time when the full source package was created. The