curl / Mailing Lists / curl-users / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

[RELEASE] curl 7.72.0

From: Daniel Stenberg via curl-users <curl-users_at_cool.haxx.se>
Date: Wed, 19 Aug 2020 09:52:51 +0200 (CEST)

Friends!

I'm happy to say that we once again put together a package and here I am
telling the world about it. This is another release with added features and
this time also with a security advisory and CVE (see full details in separate
email).

Get this release, as always, from: https://curl.haxx.se/

Enjoy!

curl and libcurl 7.72.0

  Public curl releases: 194
  Command line options: 232
  curl_easy_setopt() options: 277
  Public functions in libcurl: 82
  Contributors: 2239

This release includes the following changes:

  o content_encoding: add zstd decoding support [1]
  o CURL_PUSH_ERROROUT: allow the push callback to fail the parent stream [31]
  o CURLINFO_EFFECTIVE_METHOD: added [34]

This release includes the following bugfixes:

  o CVE-2020-8231: libcurl: wrong connect-only connection [98]
  o appveyor: collect libcurl.dll variants with prefix or suffix [38]
  o asyn-ares: correct some bad comments [94]
  o bearssl: fix build with disabled proxy support [16]
  o buildconf: avoid array concatenation in die() [64]
  o buildconf: retire ares buildconf invocation
  o checksrc: ban gmtime/localtime [40]
  o checksrc: invoke script with -D to find .checksrc proper [63]
  o CI/azure: install libssh2 for use with msys2-based builds [67]
  o CI/azure: unconditionally enable warnings-as-errors with autotools [19]
  o CI/macos: enable warnings as errors for CMake builds [4]
  o CI/macos: set minimum macOS version [56]
  o CI/macos: unconditionally enable warnings-as-errors with autotools [21]
  o CI: Add muse CI analyzer [79]
  o cirrus-ci: upgrade 11-STABLE to 11.4 [2]
  o CMake: don't complain about missing nroff [87]
  o CMake: fix test for warning suppressions [17]
  o cmake: fix windows xp build [13]
  o configure.ac: Sort features name in summary [6]
  o configure: allow disabling warnings [26]
  o configure: cleanup wolfssl + pkg-config conflicts when cross compiling. [48]
  o configure: show zstd "no" in summary when built without it [49]
  o connect: remove redundant message about connect failure [66]
  o curl-config: ignore REQUIRE_LIB_DEPS in --libs output [96]
  o curl.1: add a few missing valid exit codes [76]
  o curl: add %{method} to the -w variables
  o curl: improve the existing file check with -J [43]
  o curl_multi_setopt: fix compiler warning "result is always false" [42]
  o curl_version_info.3: CURL_VERSION_KERBEROS4 is deprecated [9]
  o CURLINFO_CERTINFO.3: fix typo [3]
  o CURLOPT_NOBODY.3: clarify what setting to 0 means [46]
  o docs: add date of 7.20 to CURLM_CALL_MULTI_PERFORM mentions [18]
  o docs: Add video link to docs/CONTRIBUTE.md [95]
  o docs: change "web site" to "website" [86]
  o docs: clarify MAX_SEND/RECV_SPEED functionality [92]
  o docs: Update a few leftover mentions of DarwinSSL [29]
  o doh: remove redundant cast [20]
  o file2memory: use a define instead of -1 unsigned value [30]
  o ftp: don't do ssl_shutdown instead of ssl_close [85]
  o ftpserver: don't verify SMTP MAIL FROM names [8]
  o getinfo: reset retry-after value in initinfo [51]
  o gnutls: repair the build with `CURL_DISABLE_PROXY` [5]
  o gtls: survive not being able to get name/issuer [73]
  o h2: repair trailer handling [81]
  o http2: close the http2 connection when no more requests may be sent [7]
  o http2: fix nghttp2_strerror -> nghttp2_http2_strerror in debug messages [11]
  o libssh2: s/ssherr/sftperr/ [78]
  o libtest/Makefile.am: add -no-undefined for libstubgss for Cygwin [91]
  o md(4|5): don't use deprecated macOS functions [23]
  o mprintf: Fix dollar string handling [54]
  o mprintf: Fix stack overflows [53]
  o multi: Condition 'extrawait' is always true [60]
  o multi: Remove 10-year old out-commented code [97]
  o multi: remove two checks always true [36]
  o multi: update comment to say easyp list is linear [44]
  o multi_remove_handle: close unused connect-only connections [62]
  o ngtcp2: adapt to error code rename [69]
  o ngtcp2: adjust to recent sockaddr updates [27]
  o ngtcp2: update to modified qlog callback prototype [14]
  o nss: fix build with disabled proxy support [32]
  o ntlm: free target_info before (re-)malloc [55]
  o openssl: fix build with LibreSSL < 2.9.1 [61]
  o page-header: provide protocol details in the curl.1 man page [28]
  o quiche: handle calling disconnect twice [50]
  o runtests.pl: treat LibreSSL and BoringSSL as OpenSSL [59]
  o runtests: move the gnutls-serv tests to a dynamic port [74]
  o runtests: move the smbserver to use a dynamic port number [71]
  o runtests: move the TELNET server to a dynamic port [68]
  o runtests: run the DICT server on a random port number [90]
  o runtests: run the http2 tests on a random port number [72]
  o runtests: support dynamicly base64 encoded sections in tests [75]
  o setopt: unset NOBODY switches to GET if still HEAD [47]
  o smtp_parse_address: handle blank input string properly [89]
  o socks: use size_t for size variable [39]
  o strdup: remove the odd strlen check [24]
  o test1119: verify stdout in the test [33]
  o test1139: make it display the difference on test failures
  o test1140: compare stdout [93]
  o test1908: treat file as text [83]
  o tests/FILEFORMAT.md: mention %HTTP2PORT
  o tests/sshserver.pl: fix compatibility with OpenSSH for Windows
  o TLS naming: fix more Winssl and Darwinssl leftovers [88]
  o tls-max.d: this option is only for TLS-using connections [45]
  o tlsv1.3.d. only for TLS-using connections [37]
  o tool_doswin: Simplify Windows version detection [57]
  o tool_getparam: make --krb option work again [10]
  o TrackMemory tests: ignore realloc and free in getenv.c [84]
  o transfer: fix data_pending for builds with both h2 and h3 enabled [41]
  o transfer: fix memory-leak with CURLOPT_CURLU in a duped handle [15]
  o transfer: move retrycount from connect struct to easy handle [77]
  o travis/script.sh: fix use of `-n' with unquoted envvar [80]
  o travis: add ppc64le and s390x builds [65]
  o travis: update quiche builds for new boringssl layout [25]
  o url: fix CURLU and location following [70]
  o url: silence MSVC warning [12]
  o util: silence conversion warnings [22]
  o win32: Add Curl_verify_windows_version() to curlx [58]
  o WIN32: stop forcing narrow-character API [52]
  o windows: add unicode to feature list [35]
  o windows: disable Unix Sockets for old mingw [82]

This release includes the following known bugs:

  o see docs/KNOWN_BUGS (https://curl.haxx.se/docs/knownbugs.html)

This release would not have looked like this without help, code, reports and
advice from friends like these:

   Alessandro Ghedini, Alex Kiernan, Baruch Siach, Bevan Weiss, Brian Inglis,
   BrumBrum on hackerone, Cameron Cawley, Carlo Marcelo Arenas Belón,
   causal-agent on github, Cherish98 on github, Dan Fandrich, Daniel Gustafsson,
   Daniel Stenberg, Denis Goleshchikhin, divinity76 on github, Ehren Bendler,
   Emil Engler, Erik Johansson, Filip Salomonsson, Gilles Vollant, Gisle Vanem,
   H3RSKO on github, ihsinme on github, Jeremy Maitin-Shepard,
   joey-l-us on github, Jonathan Cardoso Machado, Jonathan Nieder, Kamil Dudka,
   Ken Brown, Laramie Leavitt, lilongyan-huawei on github, Marc Aldorasi,
   Marcel Raad, Marc Hörsken, Masaya Suzuki, Matthias Naegler,
   Nicolas Sterchele, NobodyXu on github, Peter Wu, ramsay-jones on github,
   Rasmus Melchior Jacobsen, Ray Satiro, sspiri on github, Stefan Yohansson,
   Tadej Vengust, Tatsuhiro Tsujikawa, tbugfinder on github,
   Thomas M. DuBuisson, Tobias Stoeckmann, Tomas Berger, Viktor Szakats,
   xwxbug on github,
   (52 contributors)

         Thanks! (and sorry if I forgot to mention someone)

References to bug reports and discussions on issues:

  [1] = https://curl.haxx.se/bug/?i=5453
  [2] = https://curl.haxx.se/bug/?i=5668
  [3] = https://curl.haxx.se/bug/?i=5655
  [4] = https://curl.haxx.se/bug/?i=5716
  [5] = https://curl.haxx.se/bug/?i=5645
  [6] = https://curl.haxx.se/bug/?i=5656
  [7] = https://curl.haxx.se/bug/?i=5643
  [8] = https://curl.haxx.se/bug/?i=5639
  [9] = https://curl.haxx.se/bug/?i=5642
  [10] = https://bugzilla.redhat.com/1833193
  [11] = https://curl.haxx.se/bug/?i=5641
  [12] = https://curl.haxx.se/bug/?i=5638
  [13] = https://curl.haxx.se/bug/?i=5662
  [14] = https://curl.haxx.se/bug/?i=5675
  [15] = https://curl.haxx.se/bug/?i=5665
  [16] = https://curl.haxx.se/bug/?i=5666
  [17] = https://curl.haxx.se/bug/?i=5714
  [18] = https://curl.haxx.se/bug/?i=5744
  [19] = https://curl.haxx.se/bug/?i=5706
  [20] = https://curl.haxx.se/bug/?i=5704
  [21] = https://curl.haxx.se/bug/?i=5694
  [22] = https://curl.haxx.se/bug/?i=5695
  [23] = https://curl.haxx.se/bug/?i=5695
  [24] = https://curl.haxx.se/bug/?i=5697
  [25] = https://curl.haxx.se/bug/?i=5691
  [26] = https://curl.haxx.se/bug/?i=5689
  [27] = https://curl.haxx.se/bug/?i=5690
  [28] = https://curl.haxx.se/bug/?i=5679
  [29] = https://curl.haxx.se/bug/?i=5688
  [30] = https://curl.haxx.se/bug/?i=5683
  [31] = https://curl.haxx.se/bug/?i=5636
  [32] = https://curl.haxx.se/bug/?i=5667
  [33] = https://curl.haxx.se/bug/?i=5644
  [34] = https://curl.haxx.se/bug/?i=5511
  [35] = https://curl.haxx.se/bug/?i=5491
  [36] = https://curl.haxx.se/bug/?i=5676
  [37] = https://curl.haxx.se/bug/?i=5764
  [38] = https://curl.haxx.se/bug/?i=5659
  [39] = https://curl.haxx.se/bug/?i=5654
  [40] = https://curl.haxx.se/bug/?i=5732
  [41] = https://curl.haxx.se/bug/?i=5734
  [42] = https://github.com/curl/curl/commit/61a08508f6a458fe21bbb18cd2a9bac2f039452b#commitcomment-40941232
  [43] = https://hackerone.com/reports/926638
  [44] = https://curl.haxx.se/bug/?i=5737
  [45] = https://curl.haxx.se/bug/?i=5764
  [46] = https://curl.haxx.se/bug/?i=5729
  [47] = https://curl.haxx.se/bug/?i=5725
  [48] = https://curl.haxx.se/bug/?i=5605
  [49] = https://curl.haxx.se/bug/?i=5720
  [50] = https://curl.haxx.se/bug/?i=5726
  [51] = https://curl.haxx.se/bug/?i=5661
  [52] = https://curl.haxx.se/bug/?i=5658
  [53] = https://curl.haxx.se/bug/?i=5722
  [54] = https://curl.haxx.se/bug/?i=5722
  [55] = https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24379
  [56] = https://curl.haxx.se/bug/?i=5723
  [57] = https://curl.haxx.se/bug/?i=5754
  [58] = https://curl.haxx.se/bug/?i=5754
  [59] = https://curl.haxx.se/bug/?i=5762
  [60] = https://curl.haxx.se/bug/?i=5759
  [61] = https://curl.haxx.se/bug/?i=5757
  [62] = https://curl.haxx.se/bug/?i=5749
  [63] = https://curl.haxx.se/bug/?i=5715
  [64] = https://curl.haxx.se/bug/?i=5701
  [65] = https://curl.haxx.se/bug/?i=5752
  [66] = https://curl.haxx.se/bug/?i=5708
  [67] = https://curl.haxx.se/bug/?i=5721
  [68] = https://curl.haxx.se/bug/?i=5785
  [69] = https://curl.haxx.se/bug/?i=5786
  [70] = https://curl.haxx.se/bug/?i=5709
  [71] = https://curl.haxx.se/bug/?i=5782
  [72] = https://curl.haxx.se/bug/?i=5779
  [73] = https://curl.haxx.se/bug/?i=5778
  [74] = https://curl.haxx.se/bug/?i=5778
  [75] = https://curl.haxx.se/bug/?i=5761
  [76] = https://curl.haxx.se/bug/?i=5777
  [77] = https://curl.haxx.se/bug/?i=5794
  [78] = https://github.com/curl/curl/commit/7370b4e39f1390e701f5b68d910c619151daf72b#r41334700
  [79] = https://curl.haxx.se/bug/?i=5772
  [80] = https://curl.haxx.se/bug/?i=5773
  [81] = https://curl.haxx.se/bug/?i=5663
  [82] = https://curl.haxx.se/bug/?i=5674
  [83] = https://curl.haxx.se/bug/?i=5767
  [84] = https://curl.haxx.se/bug/?i=5767
  [85] = https://curl.haxx.se/bug/?i=5797
  [86] = https://curl.haxx.se/bug/?i=5822
  [87] = https://curl.haxx.se/bug/?i=5817
  [88] = https://curl.haxx.se/bug/?i=5795
  [89] = https://curl.haxx.se/bug/?i=5792
  [90] = https://curl.haxx.se/bug/?i=5783
  [91] = https://curl.haxx.se/bug/?i=5819
  [92] = https://curl.haxx.se/bug/?i=5788
  [93] = https://curl.haxx.se/bug/?i=5814
  [94] = https://curl.haxx.se/bug/?i=5812
  [95] = https://curl.haxx.se/bug/?i=5811
  [96] = https://curl.haxx.se/bug/?i=5793
  [97] = https://curl.haxx.se/bug/?i=5805
  [98] = https://curl.haxx.se/docs/CVE-2020-8231.html

-- 
  / daniel.haxx.se | Commercial curl support up to 24x7 is available!
                   | Private help, bug fixes, support, ports, new features
                   | https://www.wolfssl.com/contact/

-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2020-08-19