From f6bbc3407ad6c62e44c0b87da84c5a8ffa5560ee Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Sun, 4 Apr 2021 23:53:02 +0200 Subject: RELEASE-NOTES: synced and bumped to 7.76.1 --- RELEASE-NOTES | 283 +++------------------------------------------------------- 1 file changed, 12 insertions(+), 271 deletions(-) (limited to 'RELEASE-NOTES') diff --git a/RELEASE-NOTES b/RELEASE-NOTES index ac4343930..0df539348 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -1,6 +1,6 @@ -curl and libcurl 7.76.0 +curl and libcurl 7.76.1 - Public curl releases: 198 + Public curl releases: 199 Command line options: 240 curl_easy_setopt() options: 288 Public functions in libcurl: 85 @@ -8,145 +8,13 @@ curl and libcurl 7.76.0 This release includes the following changes: - o cookies: Support multiple -b parameters [69] - o curl: add --fail-with-body [17] - o doh: add options to disable ssl verification [5] - o http: add support to read and store the referrer header [30] - o sasl: support SCRAM-SHA-1 and SCRAM-SHA-256 via libgsasl [4] - o vtls: initial implementation of rustls backend [3] + o This release includes the following bugfixes: - o CVE-2021-22876: strip credentials from the auto-referer header field [88] - o CVE-2021-22890: add 'isproxy' argument to Curl_ssl_get/addsessionid() [55] - o asyn-ares: use consistent resolve error message [37] - o BUG-BOUNTY: removed the cooperation mention - o build: delete unused feature guards [51] - o build: fix --disable-dateparse [1] - o build: fix --disable-http-auth - o build: remove all traces of USE_BLOCKING_SOCKETS [70] - o c-hyper: Remove superfluous pointer check [56] - o c-hyper: support automatic content-encoding [74] - o CI/azure: disable test 433 on azure-ubuntu [105] - o CI/azure: replace python-impacket with python3-impacket [61] - o ci: stop building on freebsd-12-1 [38] - o cmake: fix import library name for non-MS compiler on Windows [10] - o cmake: use CMAKE_INSTALL_INCLUDEDIR indirection [49] - o cmake: support WinIDN [100] - o config: fix building SMB with configure using Win32 Crypto [91] - o config: fix detection of restricted Windows App environment - o configure: fail if --with-quiche is used and quiche isn't found [48] - o configure: make AC_TRY_* into AC_*_IFELSE - o configure: make hyper opt-in, and fail if missing [53] - o configure: only add OpenSSL paths if they are defined [68] - o configure: provide Largefile feature for curl-config [79] - o configure: remove use of deprecated macros - o configure: s/AC_HELP_STRING/AS_HELP_STRING [110] - o cookies: Fix potential NULL pointer deref with PSL [66] - o curl: set CURLOPT_NEW_FILE_PERMS if requested [65] - o curl_easy_setopt.3: add curl_easy_option* functions to SEE ALSO - o curl_multibyte: always return a heap-allocated copy of string [29] - o curl_multibyte: fall back to local code page stat/access on Windows [8] - o Curl_timeleft: check both timeouts during connect [109] - o curl_url_set.3: mention CURLU_PATH_AS_IS [13] - o CURLOPT_QUOTE.3: clarify that libcurl doesn't parse what's sent [16] - o docs/HTTP2: remove the outdated remark about multiplexing for the tool - o docs/Makefile.inc: format to be update-friendly [11] - o docs: add CURLOPT_CURLU to 'See also' in curl_url_ functions [52] - o docs: add missing Arg tag to --stderr [58] - o docs: Add SSL backend names to CURL_SSL_BACKEND [106] - o docs: clarify timeouts for queued transfers in multi API [101] - o docs: Explain DOH transfers inherit some SSL settings [107] - o docs: fix FILE example url in --metalink documentation [19] - o docs: make gen.pl support *italic* and **bold** [112] - o doh: Fix sharing user's resolve list with DOH handles [46] - o doh: Inherit CURLOPT_STDERR from user's easy handle [60] - o dynbuf: bump the max HTTP request to 1MB [39] - o examples: Remove threaded-shared-conn.c due to bug [119] - o file: Support unicode urls on windows [9] - o ftp: add 'list_only' to the transfer state struct [35] - o ftp: add 'prefer_ascii' to the transfer state struct [36] - o FTP: allow SIZE to fail when doing (resumed) upload [78] - o ftp: avoid SIZE when asking for a TYPE A file [23] - o ftp: fix Codacy/cppcheck warning about null pointer arithmetic [34] - o ftp: fix memory leak in ftp_done [96] - o ftp: never set data->set.ftp_append outside setopt [14] - o gen.pl: quote "bare" minuses in the nroff curl.1 [92] - o github: add torture-ftp for FTP-only torture testing [94] - o gnutls: assume nettle crypto support [33] - o gskit: correct the gskit_send() prototype [21] - o hostip: fix build with sync resolver [20] - o hostip: fix crash in sync resolver builds that use DOH [12] - o hsts: remove unused defines [93] - o http2: don't set KEEP_SEND when there's no more data to be sent [90] - o http2: fail if connection terminated without END_STREAM [97] - o http: cap body data amount during send speed limiting [116] - o http: do not add a referrer header with empty value [44] - o http: make 416 not fail with resume + CURLOPT_FAILONERRROR [108] - o http: remove superfluous NULL assign [75] - o http: strip default port from URL sent to proxy [104] - o http: use credentials from transfer, not connection [25] - o ldap: use correct memory free function [63] - o lib1536: check ptr against NULL before dereferencing it [83] - o lib1537: check ptr against NULL before dereferencing it [84] - o lib: remove 'conn->data' completely [45] - o libssh2: kdb_callback: get the right struct pointer [99] - o libssh2:ssh_connect: clear session pointer after free [98] - o memdebug: close debug logfile explicitly on exit [28] - o mingw: enable using strcasecmp() [50] - o multi: close the connection when h2=>h1 downgrading [122] - o multi: do once-per-transfer inits in before_perform in DID state [54] - o multi: rename the multi transfer states [43] - o multi: update pending list when removing handle [82] - o ngtcp2: adapt to the new recv_datagram callback - o ngtcp2: clarify calculation precedence [27] - o ngtcp2: Fix build error due to change in ngtcp2_addr_init [81] - o ngtcp2: sync with recent API updates [113] - o openldap: avoid NULL pointer dereferences [102] - o openssl: adapt to v3's new const for a few API calls [86] - o openssl: ensure to check SSL_CTX_set_alpn_protos return values [121] - o openssl: remove get_ssl_version_txt in favor of SSL_get_version [67] - o openssl: set the transfer pointer for logging early [123] - o OS400: update for CURLOPT_AWS_SIGV4 [2] - o parse_proxy: fix a memory leak in the OOM path [41] - o pathhelp.pm: fix use of pwd -L in Msys environment - o projects: Update VS projects for OpenSSL 1.1.x [59] - o quiche: fix build error: use 'int' for port number - o quiche: fix crash when failing to connect [87] - o retry-all-errors.d: Explain curl errors versus HTTP response errors [72] - o retry.d: Clarify transient 5xx HTTP response codes [71] - o runtests.pl: add %TESTNUMBER variable to make copying tests more convenient - o runtests.pl: add a -P option to specify an external proxy - o runtests.pl: kill processes locking test log files [62] - o setopt: error on CURLOPT_HTTP09_ALLOWED set true with Hyper [77] - o test1188: change error to check for: --fail HTTP status [26] - o test220/314: adjust to run with Hyper - o test304: header CRLF cleanup to work with Hyper - o test306: make it not run with Hyper - o tests: disable .curlrc in more environments [7] - o tests: use %TESTNUMBER instead of fixed number [103] - o tftp: remove the 3600 second default timeout [111] - o time: enable 64-bit time_t in supported mingw environments [24] - o tool_help: add missing argument for --create-file-mode [18] - o tool_help: Increase space between option and description [64] - o tool_operate: bail if set CURLOPT_HTTP09_ALLOWED returns error [76] - o travis: add a rustls build [89] - o travis: bump wolfssl to 4.7.0 - o travis: only build wolfssl when needed [85] - o travis: split "torture" into a separate "events" build [95] - o travis: switch ngtcp2 build over to quictls [73] - o travis: use ubuntu nghttp2 package instead of build our own [80] - o url.c: use consistent error message for failed resolve - o url: fix memory leak if OOM in the HSTS handling [32] - o url: fix possible use-after-free in default protocol [42] - o urldata: don't touch data->set.httpversion at run-time [6] - o urldata: fix build without HTTP and MQTT [22] - o urldata: make 'actions[]' use unsigned char instead of int [47] - o urldata: merge "struct DynamicStatic" into "struct UrlState" [117] - o urldata: remove the 'rtspversion' field [15] - o urldata: remove the _ORIG suffix from string names [31] - o version.d: Add missing features to the features list [57] - o wolfssl: don't store a NULL sessionid [40] + o TLS: fix HTTP/2 selection [3] + o hostip: Fix for builds that disable all asynchronous DNS [1] + o openssl: Fix CURLOPT_SSLCERT_BLOB without CURLOPT_SSLCERT_KEY [2] This release includes the following known bugs: @@ -155,139 +23,12 @@ This release includes the following known bugs: This release would not have looked like this without help, code, reports and advice from friends like these: - Ádler Jonas Gross, Alejandro Colomar, Alex Xu, Amaury Denoyelle, Andrei Bica, - Anthony Ramine, arvids-kokins-bidstack on github, awesomenode on github, - Benbuck Nason, Bodo Bergmann, Carl Zogheib, Christian Schmitz, Dan Fandrich, - Daniel Gustafsson, Daniel Stenberg, David Demelier, David Goerger, David Hu, - ebejan on github, Emil Engler, Fabian Keil, Firefox OS, Gisle Vanem, - Gregor Jasny, Ikko Ashimine, Jack Boos Yu, Jacob Hoffman-Andrews, - Jean-Philippe Menil, Joel Teichroeb, Johannes Lesr, Jonathan Watt, - Jon Rumsey, Jordan Brown, Joseph Chen, Jun-ya Kato, kokke on github, - Lawrence Gripper, Li Xinwei, Manuj Bhatia, Marcel Raad, Marc Hörsken, - Michael Brown, Michael Hordijk, Mingtao Yang, Oumph on github, - Patrick Monnerat, Per Jensen, Ray Satiro, Robert Ronto, Sergei Nikulov, - Simon Josefsson, Stephan Szabo, Tomas Berger, Viktor Szakats, Vincent Torri, - Vladimir Varlamov, ZimCodes on github, ウさん - (58 contributors) + Benbuck Nason, Christian Schmitz, Daniel Stenberg, Gilles Vollant, + Kenneth Davidson, Ray Satiro, romamik om github, + (7 contributors) References to bug reports and discussions on issues: - [1] = https://curl.se/mail/lib-2021-02/0008.html - [2] = https://curl.se/bug/?i=6560 - [3] = https://curl.se/bug/?i=6350 - [4] = https://curl.se/bug/?i=6372 - [5] = https://curl.se/bug/?i=4578 - [6] = https://curl.se/bug/?i=6585 - [7] = https://curl.se/bug/?i=6595 - [8] = https://curl.se/bug/?i=6514 - [9] = https://curl.se/bug/?i=6501 - [10] = https://curl.se/bug/?i=6225 - [11] = https://curl.se/bug/?i=6593 - [12] = https://curl.se/bug/?i=6603 - [13] = https://curl.se/mail/lib-2021-02/0046.html - [14] = https://curl.se/bug/?i=6579 - [15] = https://curl.se/bug/?i=6581 - [16] = https://curl.se/bug/?i=6577 - [17] = https://curl.se/bug/?i=6449 - [18] = https://curl.se/bug/?i=6590 - [19] = https://curl.se/bug/?i=6573 - [20] = https://curl.se/bug/?i=6566 - [21] = https://curl.se/bug/?i=6569 - [22] = https://curl.se/bug/?i=6562 - [23] = https://curl.se/bug/?i=6564 - [24] = https://curl.se/bug/?i=6636 - [25] = https://curl.se/bug/?i=6542 - [26] = https://curl.se/bug/?i=6637 - [27] = https://curl.se/bug/?i=6576 - [28] = https://github.com/curl/curl/pull/6591#issuecomment-780396541 - [29] = https://curl.se/bug/?i=6602 - [30] = https://curl.se/bug/?i=6591 - [31] = https://curl.se/bug/?i=6624 - [32] = https://github.com/curl/curl/pull/6627#issuecomment-781626205 - [33] = https://curl.se/bug/?i=6625 - [34] = https://curl.se/bug/?i=6576 - [35] = https://curl.se/bug/?i=6578 - [36] = https://curl.se/bug/?i=6578 - [37] = https://curl.se/bug/?i=6626 - [38] = https://curl.se/bug/?i=6622 - [39] = https://curl.se/bug/?i=6681 - [40] = https://curl.se/bug/?i=6616 - [41] = https://github.com/curl/curl/pull/6591#issuecomment-780396541 - [42] = https://github.com/curl/curl/issues/6604#issuecomment-780138219 - [43] = https://curl.se/bug/?i=6612 - [44] = https://curl.se/bug/?i=6610 - [45] = https://curl.se/bug/?i=6608 - [46] = https://curl.se/bug/?i=6589 - [47] = https://curl.se/bug/?i=6648 - [48] = https://curl.se/bug/?i=6652 - [49] = https://curl.se/bug/?i=6440 - [50] = https://curl.se/bug/?i=6644 - [51] = https://curl.se/bug/?i=6645 - [52] = https://curl.se/bug/?i=6639 - [53] = https://curl.se/bug/?i=6598 - [54] = https://curl.se/bug/?i=6640 - [55] = https://curl.se/docs/CVE-2021-22890.html - [56] = https://curl.se/bug/?i=6697 - [57] = https://curl.se/bug/?i=6677 - [58] = https://curl.se/bug/?i=6692 - [59] = https://curl.se/bug/?i=984 - [60] = https://github.com/curl/curl/issues/6605 - [61] = https://curl.se/bug/?i=6678 - [62] = https://curl.se/bug/?i=6179 - [63] = https://curl.se/bug/?i=6671 - [64] = https://curl.se/bug/?i=6674 - [65] = https://curl.se/bug/?i=6657 - [66] = https://curl.se/bug/?i=6731 - [67] = https://curl.se/bug/?i=6665 - [68] = https://curl.se/bug/?i=6730 - [69] = https://curl.se/bug/?i=6649 - [70] = https://curl.se/bug/?i=6655 - [71] = https://curl.se/bug/?i=6724 - [72] = https://curl.se/bug/?i=6712 - [73] = https://curl.se/bug/?i=6729 - [74] = https://curl.se/bug/?i=6727 - [75] = https://curl.se/bug/?i=6727 - [76] = https://curl.se/bug/?i=6727 - [77] = https://curl.se/bug/?i=6727 - [78] = https://curl.se/bug/?i=6715 - [79] = https://curl.se/bug/?i=6702 - [80] = https://curl.se/bug/?i=6751 - [81] = https://curl.se/bug/?i=6716 - [82] = https://curl.se/bug/?i=6713 - [83] = https://curl.se/bug/?i=6710 - [84] = https://curl.se/bug/?i=6707 - [85] = https://curl.se/bug/?i=6751 - [86] = https://curl.se/bug/?i=6703 - [87] = https://curl.se/bug/?i=6664 - [88] = https://curl.se/docs/CVE-2021-22876.html - [89] = https://curl.se/bug/?i=6750 - [90] = https://curl.se/bug/?i=6747 - [91] = https://curl.se/bug/?i=6277 - [92] = https://curl.se/bug/?i=6698 - [93] = https://curl.se/bug/?i=6741 - [94] = https://curl.se/bug/?i=6728 - [95] = https://curl.se/bug/?i=6728 - [96] = https://curl.se/bug/?i=6737 - [97] = https://curl.se/bug/?i=6736 - [98] = https://curl.se/bug/?i=6764 - [99] = https://curl.se/bug/?i=6691 - [100] = https://curl.se/bug/?i=6807 - [101] = https://curl.se/bug/?i=6758 - [102] = https://curl.se/bug/?i=6676 - [103] = https://curl.se/bug/?i=6738 - [104] = https://curl.se/bug/?i=6769 - [105] = https://curl.se/bug/?i=6739 - [106] = https://curl.se/bug/?i=6755 - [107] = https://curl.se/bug/?i=6688 - [108] = https://curl.se/bug/?i=6740 - [109] = https://curl.se/bug/?i=6744 - [110] = https://curl.se/bug/?i=6647 - [111] = https://curl.se/bug/?i=6774 - [112] = https://curl.se/bug/?i=6771 - [113] = https://curl.se/bug/?i=6770 - [116] = https://curl.se/mail/lib-2021-03/0042.html - [117] = https://curl.se/bug/?i=6798 - [119] = https://curl.se/bug/?i=6795 - [121] = https://curl.se/bug/?i=6794 - [122] = https://curl.se/bug/?i=6788 - [123] = https://curl.se/bug/?i=6783 + [1] = https://curl.se/bug/?i=6831 + [2] = https://curl.se/bug/?i=6816 + [3] = https://curl.se/bug/?i=6825 -- cgit v1.2.1