RELEASE-NOTES: synced

and bump to 8.7.2 for now

RELEASE-NOTES

@@ -1,6 +1,6 @@
-curl and libcurl 8.7.0
+curl and libcurl 8.7.2
 
- Public curl releases:         255
+ Public curl releases:         257
  Command line options:         258
  curl_easy_setopt() options:   304
  Public functions in libcurl:  93
@@ -8,176 +8,11 @@ curl and libcurl 8.7.0
 
 This release includes the following changes:
 
- o configure: add --disable-docs flag [16]
- o CURLINFO_USED_PROXY: return bool whether the proxy was used [24]
- o digest: support SHA-512/256 [118]
- o DoH: add trace configuration [61]
- o write-out: add '%{proxy_used}' [24]
 
 This release includes the following bugfixes:
 
- o ALTSVC.md: correct a typo [14]
- o asyn-ares: fix data race warning [88]
- o asyn-thread: use wakeup_close to close the read descriptor [1]
- o badwords: use hostname, not host name [46]
- o BINDINGS: add mcurl, the python binding [67]
- o bufq: writing into a softlimit queue cannot be partial [49]
- o c-hyper: add header collection writer in hyper builds [70]
- o cd2nroff: gen: make `\>` in input to render as plain '>' in output
- o cd2nroff: remove backticks from titles
- o checksrc.pl: fix handling .checksrc with CRLF [43]
- o cmake: add USE_OPENSSL_QUIC support [21]
- o cmake: add warning for using TLS libraries without 1.3 support [25]
- o cmake: enable `ENABLE_CURL_MANUAL` by default [112]
- o cmake: fix `CURL_WINDOWS_SSPI=ON` with Schannel disabled [117]
- o cmake: fix function description in comment [47]
- o cmake: fix install for older CMake versions [53]
- o cmake: fix libcurl.pc and curl-config library specifications [115]
- o cmdline-docs/Makefile: avoid using a fixed temp file name [5]
- o cmdline-docs: quote and angle bracket cleanup [45]
- o cmdline-opts/_EXITCODES: sync with libcurl-errors [80]
- o cmdline-opts/_VARIABLES.md: improve the description [105]
- o cmdline-opts/_VERSION: provide %VERSION correctly [87]
- o cmdline-opts: shorter help texts [148]
- o configure: add pkg-config support to rustls detection [151]
- o configure: add warning for using TLS libraries without 1.3 support [26]
- o configure: build & install shell completions when enabled [85]
- o configure: do not link with nghttp3 unless necessary [7]
- o configure: Don't build shell completions when disabled [68]
- o configure: Don't make shell completions without perl [83]
- o configure: find libpsl with pkg-config [79]
- o connect.c: fix typo [17]
- o CONTRIBUTE: update the section on documentation format [96]
- o cookie.md: provide an example sending a fixed cookie [13]
- o cookie: if psl fails, reject the cookie [107]
- o curl: exit on config file parser errors [40]
- o curl: make --libcurl output better CURLOPT_*SSLVERSION [127]
- o curl: when allocating variables, add the name into the struct [37]
- o curl_setup.h: add curl_uint64_t internal type
- o curldown: fix email address in Copyright [89]
- o CURLMOPT_MAX*: mention what happens if changed mid-transfer [154]
- o CURLOPT_INTERFACE.md: remove spurious amp, add see-also [137]
- o CURLOPT_POSTQUOTE.md: fix typo [36]
- o CURLOPT_SSL_CTX_FUNCTION.md: no promises of lifetime after return [104]
- o CURLOPT_WRITEFUNCTION.md: typo fix [41]
- o digest: add check for hashing error [111]
- o dist: make sure the http tests are in the tarball [29]
- o DISTROS: add document with distro pointers [144]
- o docs/libcurl: add TLS backend info for all TLS options [155]
- o docs/libcurl: generate PROTOCOLS from meta-data [153]
- o docs: add missing slashes to SChannel client certificate documentation [11]
- o docs: add necessary setup for nghttp3 [51]
- o docs: ascii version of manpage without nroff [121]
- o docs: dist curl*.1 and install without perl [64]
- o docs: make curldown do angle brackets like markdown [54]
- o docs: make each libcurl man specify protocol(s) [157]
- o docs: make sure curl.1 is included in dist tarballs [35]
- o docs: update minimal binary size in INSTALL.md
- o docs: use present tense [103]
- o examples: use present tense in comments [97]
- o file: use xfer buf for file:// transfers [23]
- o fopen: fix narrowing conversion warning on 32-bit Android [100]
- o form-string.md: correct the example [4]
- o ftp: do lineend conversions in client writer [32]
- o ftp: fix socket wait activity in ftp_domore_getsock [28]
- o ftp: tracing improvements [33]
- o ftp: treat a 226 arriving before data as a signal to read data [19]
- o gen.pl: make the "manpageification" faster [95]
- o gen: make `\>` in input to render as plain '>' in output [78]
- o getparam: make --ftp-ssl work again [90]
- o GHA/linux: add sysctl trick to work-around GitHub runner issue [129]
- o GIT-INFO: convert to markdown [114]
- o GOVERNANCE: document the core team [133]
- o header.md: remove backslash, make nicer markdown [48]
- o HTTP/2: write response directly [12]
- o http2, http3: return CURLE_PARTIAL_FILE when bytes were received [160]
- o http2: fix push discard [124]
- o http2: memory errors in the push callbacks are fatal [132]
- o http2: minor tweaks to optimize two struct sizes [130]
- o http2: push headers better cleanup [113]
- o http2: remove the third (unused) argument from http2_data_done() [159]
- o HTTP3.md: adjust the OpenSSL QUIC install instructions [34]
- o http: better error message for HTTP/1.x response without status line [86]
- o http: improve response header handling, save cpu cycles [138]
- o http: move headers collecting to writer [71]
- o http: remove stale comment about rewindbeforesend [136]
- o http: separate response parsing from response action [158]
- o http_chunks: fix the accounting of consumed bytes [22]
- o http_chunks: remove unused 'endptr' variable [58]
- o https-proxy: use IP address and cert with ip in alt names [50]
- o hyper: implement unpausing via client reader [98]
- o ipv6.md: mention IPv4 mapped addresses [147]
- o KNOWN_BUGS: POP3 issue when reading small chunks [134]
- o lib1598: fix `CURLOPT_POSTFIELDSIZE` usage [128]
- o lib582: remove code causing warning that is never run [38]
- o lib: add `void *ctx` to reader/writer instances [122]
- o lib: convert Curl_get_line to use dynbuf [42]
- o lib: Curl_read/Curl_write clarifications [101]
- o lib: enhance client reader resume + rewind [92]
- o lib: initialize output pointers to NULL before calling strto[ff,l,ul] [63]
- o lib: keep conn IP information together [109]
- o lib: move 'done' parameter to SingleRequests [142]
- o lib: remove curl_mimepart object when CURL_DISABLE_MIME [72]
- o libcurl-docs: cleanups
- o libcurl-security.md: Active FTP passes on the local IP address [6]
- o libssh/libssh2: return error on too big range [75]
- o MANUAL.md: fix typo [66]
- o mbedtls: fix building when MBEDTLS_X509_REMOVE_INFO flag is defined [27]
- o mbedtls: fix pytest for newer versions [146]
- o mbedtls: properly cleanup the thread-shared entropy [140]
- o mbedtls: use mbedtls_ssl_conf_{min|max}_tls_version [59]
- o md4: include strdup.h for the memdup proto [10]
- o mime: add client reader [126]
- o misc: fix typos in docs and lib [84]
- o mkhelp: simplify the generated hugehelp program [120]
- o mprintf: fix format prefix I32/I64 for windows compilers [77]
- o multi: add xfer_buf to multi handle [30]
- o multi: fix multi_sock handling of select_bits [81]
- o multi: make add_handle free any multi_easy [102]
- o ngtcp2: no recvbuf for stream [108]
- o ntml_wb: fix buffer type typo [2]
- o OpenSSL QUIC: adapt to v3.3.x [65]
- o openssl-quic: check on Windows that socket conv to int is possible [8]
- o openssl-quic: fix BIO leak and Windows warning [93]
- o openssl-quic: fix unity build, casing, indentation [94]
- o OS400: avoid using awk in the build scripts [20]
- o paramhlp: fix CRLF-stripping files with "-d @file" [116]
- o proxy1.0.md: fix example [15]
- o pytest: adapt to API change [106]
- o request: clarify message when request has been sent off [143]
- o rustls: make curl compile with 0.12.0 [73]
- o schannel: fix hang on unexpected server close [57]
- o scripts: fix cijobs.pl for Azure and GHA
- o sendf: ignore response body to HEAD [18]
- o setopt: fix check for CURLOPT_PROXY_TLSAUTH_TYPE value [76]
- o setopt: fix disabling all protocols [99]
- o sha512_256: add support for GnuTLS and OpenSSL [110]
- o smtp: fix STARTTLS [91]
- o SPONSORS: describe the basics [131]
- o strtoofft: fix the overflow check [74]
- o test 1541: verify getinfo values on first header callback [149]
- o test1165: improve pattern matching [60]
- o tests: support setting/using blank content env variables
- o TIMER_STARTTRANSFER: set the same for everyone [82]
- o TLS: start shutdown only when peer did not already close [150]
- o TODO: update 13.11 with more information [152]
- o tool_cb_hdr: only parse etag + content-disposition for 2xx [9]
- o tool_getparam: accept a blank -w "" [139]
- o tool_getparam: handle non-existing (out of range) short-options [141]
- o tool_operate: change precedence of server Retry-After time [44]
- o tool_operate: do not set CURLOPT_QUICK_EXIT in debug builds [3]
- o trace-config.md: remove the mutexed options list [119]
- o transfer.c: break receive loop in speed limited transfers [125]
- o transfer: improve Windows SO_SNDBUF update limit [56]
- o urldata: move authneg bit from conn to Curl_easy [69]
- o version: allow building with ancient libpsl [52]
- o vquic-tls: fix the error code returned for bad CA file [135]
- o vtls: fix tls proxy peer verification [55]
- o vtls: revert "receive max buffer" + add test case [39]
- o VULN-DISCLOSURE-POLICY.md: update detail about CVE requests [123]
- o websocket: fix curl_ws_recv() [62]
- o wolfSSL: do not call the stub function wolfSSL_BIO_set_init() [145]
- o write-out.md: clarify error handling details [31]
+ o configure: make --disable-docs imply --disable-manual [2]
+ o cmdline-docs: fix make install with configure --disable-docs [1]
 
 This release includes the following known bugs:
 
@@ -192,188 +27,10 @@ Planned upcoming removals include:
 This release would not have looked like this without help, code, reports and
 advice from friends like these:
 
-  5533asdg on github, Alan Coopersmith, Andreas Kiefer, Andrew Kaster,
-  Andy Fiddaman, Arjan van de Ven, av223119 on github, awesomekosm on github,
-  Boris Verkhovskiy, Brett Buddin, Brian Clemens, chensong1211 on github,
-  Chris Webb, chrysos349 on github, Dan Fandrich, Daniel Gustafsson,
-  Daniel Stenberg, Daniel Szmulewicz, Dan McDonald, DasKutti on github,
-  dependabot[bot], Dexter Gerig, dfdity on github, Dirk Hünniger,
-  Dmitry Karpov, Dmitry Tretyakov, edmcln on github, Erik Schnetter,
-  Evgeny Grin (Karlson2k), Fabian Keil, Fabian Vogt, Fabrice Fontaine,
-  Faraz Fallahi, Gaelan Steele, Geeknik Labs, Gisle Vanem, graywolf on github,
-  Harry Sintonen, HsiehYuho on github, Jan Macku, Jiawen Geng, Jiří Bok,
-  Joel Depooter, John Marshall, Jonathan Perkin, Jon Rumsey, Jordan Brown,
-  Josh Soref, Karthikdasari0423, Karthikdasari0423 on github, Kevin Daudt,
-  Konstantin Vlasov, kpcyrd, Lars Kellogg-Stedman, LeeRiva, Louis Solofrizzo,
-  Lukáš Zaoral, Marcel Raad, Marcus Müller, Matt Jolly, Michael Forney,
-  Michael Kaufmann, Michał Antoniak, Michał Górny, Mohammadreza Hendiani,
-  Nikita Taranov, Outvi V, Patrick Monnerat, Paweł Witas, Pēteris Caune,
-  Peter Krefting, RainRat, Ramiro Garcia, Ray Satiro, Richard Levitte,
-  Robert Moreton, Ross Burton, Rudi Heitbaum, Ryan Carsten Schmidt,
-  Scott Mutter, Scott Talbert, Sean Molenaar, Sebastian Neubauer,
-  Sergey Bronnikov, Simon K, Stefan Eissing, Tal Regev, Thomas Pyle,
-  Till Wegmüller, Viktor Szakats, vulnerabilityspotter on hackerone,
-  Winni Neessen
-  (92 contributors)
+  Chris Webb, Daniel Stenberg, Harry Sintonen
+  (3 contributors)
 
 References to bug reports and discussions on issues:
 
- [1] = https://curl.se/bug/?i=12836
- [2] = https://curl.se/bug/?i=12825
- [3] = https://curl.se/bug/?i=12834
- [4] = https://curl.se/bug/?i=12822
- [5] = https://curl.se/bug/?i=12829
- [6] = https://curl.se/bug/?i=12867
- [7] = https://curl.se/bug/?i=12833
- [8] = https://curl.se/bug/?i=12861
- [9] = https://curl.se/bug/?i=12866
- [10] = https://curl.se/bug/?i=12849
- [11] = https://curl.se/bug/?i=12854
- [12] = https://curl.se/bug/?i=12828
- [13] = https://curl.se/bug/?i=12868
- [14] = https://curl.se/bug/?i=12852
- [15] = https://curl.se/bug/?i=12856
- [16] = https://curl.se/bug/?i=12832
- [17] = https://curl.se/bug/?i=12858
- [18] = https://curl.se/mail/lib-2024-02/0000.html
- [19] = https://curl.se/bug/?i=12823
- [20] = https://curl.se/bug/?i=12826
- [21] = https://curl.se/bug/?i=13034
- [22] = https://curl.se/bug/?i=12937
- [23] = https://curl.se/bug/?i=12750
- [24] = https://curl.se/bug/?i=12719
- [25] = https://curl.se/bug/?i=12900
- [26] = https://curl.se/bug/?i=12900
- [27] = https://curl.se/bug/?i=12904
- [28] = https://curl.se/bug/?i=12901
- [29] = https://curl.se/bug/?i=12914
- [30] = https://curl.se/bug/?i=12805
- [31] = https://curl.se/bug/?i=12909
- [32] = https://curl.se/bug/?i=12878
- [33] = https://curl.se/bug/?i=12902
- [34] = https://curl.se/bug/?i=12896
- [35] = https://curl.se/bug/?i=12892
- [36] = https://curl.se/bug/?i=12926
- [37] = https://curl.se/bug/?i=12891
- [38] = https://curl.se/bug/?i=12890
- [39] = https://curl.se/bug/?i=12885
- [40] = https://curl.se/mail/archive-2024-02/0008.html
- [41] = https://curl.se/bug/?i=12889
- [42] = https://curl.se/bug/?i=12846
- [43] = https://curl.se/bug/?i=12924
- [44] = https://curl.se/mail/archive-2024-01/0022.html
- [45] = https://curl.se/bug/?i=12884
- [46] = https://curl.se/bug/?i=12888
- [47] = https://curl.se/bug/?i=12879
- [48] = https://curl.se/bug/?i=12877
- [49] = https://curl.se/bug/?i=13020
- [50] = https://curl.se/bug/?i=12838
- [51] = https://curl.se/bug/?i=12859
- [52] = https://curl.se/mail/archive-2024-02/0004.html
- [53] = https://curl.se/bug/?i=12920
- [54] = https://curl.se/bug/?i=12869
- [55] = https://curl.se/bug/?i=12831
- [56] = https://curl.se/bug/?i=12911
- [57] = https://curl.se/bug/?i=12894
- [58] = https://curl.se/bug/?i=12996
- [59] = https://curl.se/bug/?i=12905
- [60] = https://curl.se/bug/?i=12903
- [61] = https://curl.se/bug/?i=12411
- [62] = https://curl.se/bug/?i=12945
- [63] = https://curl.se/bug/?i=12995
- [64] = https://curl.se/bug/?i=12921
- [65] = https://curl.se/bug/?i=12933
- [66] = https://curl.se/bug/?i=12965
- [67] = https://curl.se/bug/?i=12962
- [68] = https://curl.se/bug/?i=13027
- [69] = https://curl.se/bug/?i=12949
- [70] = https://curl.se/bug/?i=12880
- [71] = https://curl.se/bug/?i=12880
- [72] = https://curl.se/bug/?i=12948
- [73] = https://curl.se/bug/?i=12989
- [74] = https://curl.se/bug/?i=12990
- [75] = https://curl.se/bug/?i=12983
- [76] = https://curl.se/bug/?i=12981
- [77] = https://curl.se/bug/?i=12944
- [78] = https://curl.se/bug/?i=12977
- [79] = https://curl.se/bug/?i=12947
- [80] = https://curl.se/bug/?i=13015
- [81] = https://curl.se/bug/?i=12971
- [82] = https://curl.se/bug/?i=13052
- [83] = https://curl.se/bug/?i=13022
- [84] = https://curl.se/bug/?i=13019
- [85] = https://curl.se/bug/?i=12906
- [86] = https://curl.se/bug/?i=13045
- [87] = https://curl.se/bug/?i=13008
- [88] = https://curl.se/bug/?i=13065
- [89] = https://curl.se/bug/?i=12997
- [90] = https://curl.se/bug/?i=13006
- [91] = https://curl.se/bug/?i=13048
- [92] = https://curl.se/bug/?i=13026
- [93] = https://curl.se/bug/?i=13043
- [94] = https://curl.se/bug/?i=13044
- [95] = https://curl.se/bug/?i=13041
- [96] = https://curl.se/bug/?i=13046
- [97] = https://curl.se/bug/?i=13003
- [98] = https://curl.se/bug/?i=13075
- [99] = https://curl.se/bug/?i=13004
- [100] = https://curl.se/bug/?i=12998
- [101] = https://curl.se/bug/?i=12964
- [102] = https://curl.se/bug/?i=12992
- [103] = https://curl.se/bug/?i=13001
- [104] = https://curl.se/bug/?i=12999
- [105] = https://curl.se/bug/?i=13040
- [106] = https://curl.se/bug/?i=13037
- [107] = https://curl.se/bug/?i=13033
- [108] = https://curl.se/bug/?i=13073
- [109] = https://curl.se/bug/?i=13084
- [110] = https://curl.se/bug/?i=13070
- [111] = https://curl.se/bug/?i=13072
- [112] = https://curl.se/bug/?i=13028
- [113] = https://curl.se/bug/?i=13054
- [114] = https://curl.se/bug/?i=13074
- [115] = https://curl.se/bug/?i=6169
- [116] = https://curl.se/bug/?i=13063
- [117] = https://curl.se/bug/?i=13061
- [118] = https://curl.se/bug/?i=12897
- [119] = https://curl.se/bug/?i=13031
- [120] = https://curl.se/bug/?i=13047
- [121] = https://curl.se/bug/?i=13047
- [122] = https://curl.se/bug/?i=13035
- [123] = https://curl.se/bug/?i=13088
- [124] = https://curl.se/bug/?i=13055
- [125] = https://curl.se/mail/lib-2024-03/0001.html
- [126] = https://curl.se/bug/?i=13039
- [127] = https://curl.se/bug/?i=13127
- [128] = https://curl.se/bug/?i=13085
- [129] = https://curl.se/bug/?i=13124
- [130] = https://curl.se/bug/?i=13082
- [131] = https://curl.se/bug/?i=13119
- [132] = https://curl.se/bug/?i=13081
- [133] = https://curl.se/bug/?i=13118
- [134] = https://curl.se/bug/?i=12063
- [135] = https://curl.se/bug/?i=13115
- [136] = https://curl.se/bug/?i=13187
- [137] = https://curl.se/bug/?i=13149
- [138] = https://curl.se/bug/?i=13143
- [139] = https://curl.se/bug/?i=13144
- [140] = https://curl.se/bug/?i=11919
- [141] = https://curl.se/bug/?i=13101
- [142] = https://curl.se/bug/?i=13096
- [143] = https://curl.se/bug/?i=13093
- [144] = https://curl.se/bug/?i=13178
- [145] = https://curl.se/bug/?i=13164
- [146] = https://curl.se/bug/?i=13132
- [147] = https://curl.se/bug/?i=13112
- [148] = https://curl.se/bug/?i=13169
- [149] = https://curl.se/bug/?i=13128
- [150] = https://curl.se/bug/?i=10290
- [151] = https://curl.se/bug/?i=13179
- [152] = https://curl.se/bug/?i=13173
- [153] = https://curl.se/bug/?i=13175
- [154] = https://curl.se/bug/?i=13176
- [155] = https://curl.se/bug/?i=13168
- [157] = https://curl.se/bug/?i=13166
- [158] = https://curl.se/bug/?i=13134
- [159] = https://curl.se/bug/?i=13154
- [160] = https://curl.se/bug/?i=13151
+ [1] = https://curl.se/bug/?i=13198
+ [2] = https://curl.se/bug/?i=13191

include/curl/curlver.h

@@ -32,13 +32,13 @@
 
 /* This is the version number of the libcurl package from which this header
    file origins: */
-#define LIBCURL_VERSION "8.7.0-DEV"
+#define LIBCURL_VERSION "8.7.2-DEV"
 
 /* The numeric version number is also available "in parts" by using these
    defines: */
 #define LIBCURL_VERSION_MAJOR 8
 #define LIBCURL_VERSION_MINOR 7
-#define LIBCURL_VERSION_PATCH 0
+#define LIBCURL_VERSION_PATCH 2
 
 /* This is the numeric version of the libcurl version number, meant for easier
    parsing and comparisons by programs. The LIBCURL_VERSION_NUM define will
@@ -59,7 +59,7 @@
    CURL_VERSION_BITS() macro since curl's own configure script greps for it
    and needs it to contain the full number.
 */
-#define LIBCURL_VERSION_NUM 0x080700
+#define LIBCURL_VERSION_NUM 0x080702
 
 /*
  * This is the date and time when the full source package was created. The