RELEASE-NOTES: synced

bumped to 7.78.1 for next release

1 files changed, 15 insertions, 377 deletions

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 1dc81810f..067cff2bf 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -1,6 +1,6 @@
-curl and libcurl 7.78.0
+curl and libcurl 7.78.1
 
- Public curl releases:         201
+ Public curl releases:         202
  Command line options:         242
  curl_easy_setopt() options:   290
  Public functions in libcurl:  85
@@ -8,191 +8,15 @@ curl and libcurl 7.78.0
 
 This release includes the following changes:
 
- o curl_url_set: reject spaces in URLs w/o CURLU_ALLOW_SPACE [118]
- o CURLE_SETOPT_OPTION_SYNTAX: new error name for wrong setopt syntax [40]
- o hostip: make 'localhost' return fixed values [16]
- o mbedtls: add support for cert and key blob options [11]
- o metalink: remove all support for it [54]
- o mqtt: add support for username and password [91]
+ o
 
 This release includes the following bugfixes:
 
- o --socks4[a]: clarify where the host name is resolved [107]
- o ares: always store IPv6 addresses first [20]
- o asyn-ares: remove check for 'data' in Curl_resolver_cancel [89]
- o bearssl: explicitly initialize all fields of Curl_ssl [1]
- o bearssl: remove incorrect const on variable that is modified [1]
- o build: fix compiler warnings when CURL_DISABLE_VERBOSE_STRINGS [155]
- o c-hyper: abort CONNECT response reading early on non 2xx responses [75]
- o c-hyper: add support for transfer-encoding in the request [121]
- o c-hyper: bail on too long response headers [115]
- o c-hyper: clear NTLM auth buffer when request is issued [23]
- o c-hyper: convert HYPERE_INVALID_PEER_MESSAGE to CURLE_UNSUPPORTED_PROTOCOL [21]
- o c-hyper: fix NTLM on closed connection tested with test159 [4]
- o c-hyper: fix the uploaded field in progress callbacks [78]
- o c-hyper: handle NULL from hyper_buf_copy() [19]
- o c-hyper: support CURLINFO_STARTTRANSFER_TIME [29]
- o c-hyper: support CURLOPT_HEADER [32]
- o ccsidcurl: fix the compile errors [27]
- o CI/cirrus: install impacket from PyPI instead of FreeBSD packages [166]
- o CI: add bearssl build [1]
- o CI: add Circle CI [92]
- o CI: add jobs using Zuul [86]
- o CI: delete --enable-hsts option (it is the default now) [2]
- o CI: remove travis details [144]
- o cleanup: spell DoH with a lowercase o [172]
- o cmake: add CURL_DISABLE_NTLM option [44]
- o cmake: avoid leaking absolute paths into exported config [3]
- o cmake: fix IoctlSocket FIONBIO check [156]
- o cmake: fix support for UnixSockets feature on Win32 [104]
- o cmake: remove libssh2 feature checks [122]
- o cmake: try well-known send/recv signature for Apple [12]
- o configure.ac: make non-executable [109]
- o configure/cmake: remove checks for many unused functions [95]
- o configure: add --disable-ntlm option [45]
- o configure: disable RTSP when hyper is selected [68]
- o configure: do not strip out debug flags [110]
- o configure: fix nghttp2 library name for static builds [157]
- o configure: inhibit the implicit-fallthrough warning on gcc-12 [106]
- o configure: rename get-easy-option configure option to get-easy-options [81]
- o conn_shutdown: if closed during CONNECT cleanup properly [59]
- o conncache: lowercase the hash key for better match [5]
- o cookies: track expiration in jar to optimize removals [25]
- o copyright: add boiler-plate headers to CI config files [143]
- o crustls: bump crustls version and use new URL [119]
- o curl.h: <sys/select.h> is supported by VxWorks7 [102]
- o curl.h: include sys/select.h for NuttX RTOS [100]
- o curl: ignore blank --output-dir [57]
- o curl_endian: remove the unused Curl_write64_le function [85]
- o curl_multibyte: Remove local encoding fallbacks [58]
- o Curl_ntlm_core_mk_nt_hash: fix OOM in error path [8]
- o Curl_ssl_getsessionid: fail if no session cache exists [14]
- o CURLOPT_WRITEFUNCTION.3: minor update of the example [80]
- o docs/BINDINGS: fix outdated links [116]
- o docs/examples: use curl_multi_poll() in multi examples [152]
- o docs/INSTALL: remove mentions of configure --with-darwin-ssl [55]
- o docs: document missing arguments to commands [160]
- o docs: fix inconsistencies in EGDSOCKET documentation [159]
- o docs: fix incorrect argument name reference [161]
- o docs: Fix typos [146]
- o docs: make docs for --etag-save match the program behaviour [169]
- o docs: use --max-redirs instead of --max-redir [28]
- o doh: (void)-prefix call to curl_easy_setopt
- o doh: fix wrong DEBUGASSERT for doh private_data [62]
- o easy: during upkeep, attach Curl_easy to connections in the cache [171]
- o examples/multi-single: fix scan-build warning [150]
- o examples: length-limit two sscanf() uses of %s [96]
- o examples: safer and more proper read callback logic [127]
- o filecheck: quietly remove test-place/*~ [39]
- o formdata: avoid "Argument cannot be negative" warning [131]
- o formdata: correct typecast in curl_mime_data call [137]
- o GHA: add a linux-hyper job [52]
- o GHA: add several libcurl tests to the hyper job
- o GHA: run the newly fixed tests with hyper [36]
- o github: timeout jobs on macOS after 90 minutes [42]
- o glob: pass an 'int' as len when using printf's %*s [139]
- o gnutls: set the preferred TLS versions in correct order [94]
- o GOVERNANCE: add 'user', 'committer' and 'contributor' [15]
- o hostip: (macOS) free returned memory of SCDynamicStoreCopyProxies [105]
- o hostip: bad CURLOPT_RESOLVE syntax now returns error [35]
- o hsts: ignore numberical IP address hosts [17]
- o HSTS: not experimental anymore
- o http2: clarify 'Using HTTP2' verbose message [63]
- o http2: init recvbuf struct for pushed streams [13]
- o http2_connisdead: handle trailing GOAWAY better [18]
- o http: fix crash in rate-limited upload [142]
- o http: make the haproxy support work with unix domain sockets [99]
- o http_proxy: deal with non-200 CONNECT response with Hyper [22]
- o hyper: propagate errors back up from read callbacks [113]
- o HYPER: remove mentions of deprecated development branch
- o idn: fix libidn2 with windows unicode builds [117]
- o infof: remove newline from format strings, always append it [149]
- o lib: don't compare fd to FD_SETSIZE when using poll [61]
- o lib: fix compiler warnings with CURL_DISABLE_NETRC [168]
- o lib: fix type of len passed to *printf's %*s [133]
- o lib: more %u for port and int for %*s fixes [132]
- o lib: use %u instead of %ld for port number printf [134]
- o libcurl-security.3: mention file descriptors and forks [108]
- o libssh2: limit time a disconnect can take to 1 second [111]
- o mbedtls: make mbedtls_strerror always work [6]
- o mbedtls: Remove unnecessary include [175]
- o mqtt: detect illegal and too large file size [43]
- o mqtt: extend the error message for no topic [136]
- o msnprintf: return number of printed characters excluding null byte [148]
- o multi: add scan-build-6 work-around in curl_multi_fdset [88]
- o multi: alter transfer timeout ordering [97]
- o multi: do not switch off connect_only flag when closing [98]
- o multi: fix crash in curl_multi_wait / curl_multi_poll [153]
- o netrc: skip 'macdef' definitions [87]
- o ngtcp2: disable TLSv1.3 compatible mode when using GnuTLS [83]
- o openssl: avoid static variable for seed flag [101]
- o openssl: don't remove session id entry in disassociate [56]
- o pinnedpubkey.d: fix formatting for version support lists [126]
- o proto.d: fix formatting for paragraphs after margin changes [125]
- o quiche: use send() instead of sendto() to avoid macOS issue [103]
- o Revert "c-hyper: handle body on HYPER_TASK_EMPTY" [26]
- o Revert "ftp: Expression 'ftpc->wait_data_conn' is always false" [147]
- o runtests: also find the last test in Makefile.inc [66]
- o runtests: enable 'hyper mode' only for HTTP tests [34]
- o runtests: init $VERSION to avoid warnings when using -l
- o runtests: parse data/Makefile.inc instead of using make [38]
- o runtests: skip disabled tests unless -f is used [82]
- o rustls: remove native_roots fallback [65]
- o schannel: set ALPN length correctly for HTTP/2 [24]
- o SChannel: Use '_tcsncmp()' instead [164]
- o sectransp: check for client certs by name first, then file [167]
- o setopt: fix incorrect comments [10]
- o socketpair: fix potential hangs [37]
- o socks4: scan for the IPv4 address in resolve results [124]
- o ssl: read pending close notify alert before closing the connection [9]
- o sws: malloc request struct instead of using stack [60]
- o telnet: fix option parser to not send uninitialized contents [170]
- o test1116: hyper doesn't pass through "surprise-trailers" [123]
- o test1147: hyper doesn't allow "crazy" request headers like built-in [114]
- o test1151: added missing CRLF to work with hyper [120]
- o test1216: adjusted for hyper mode [73]
- o test1218: adjusted for hyper mode [72]
- o test1230: adjust to work in hyper mode [74]
- o test1340/1341: adjusted for hyper mode [71]
- o test1438/1457: add HTTP keyword to make hyper mode work [70]
- o test1514: add a CRLF to the response to make it correct [130]
- o test1518: adjusted to work with hyper [129]
- o test1519: adjusted to work with hyper [128]
- o test1594/1595/1596: fix to work in hyper mode [69]
- o test269: disable for hyper [33]
- o test3010: work with hyper mode [67]
- o test328: avoid a header-looking body to make hyper mode work [53]
- o test339: CRLFify better to work in hyper mode [51]
- o test347: CRLFify to work in hyper mode [50]
- o test393: make Content-Length fit within 64 bit for hyper [49]
- o test394: hyper returns a different error [48]
- o test395: hyper cannot work around > 64 bit content-lengths like built-in [47]
- o test433: adjust for hyper mode [46]
- o test434: add HTTP keyword [76]
- o test500: adjust to work with hyper mode
- o test566: adjust to work with hyper mode [79]
- o test599: adjusted to work in hyper mode [77]
- o test644: remove as duplicate of test 587 [84]
- o tests: fix Accept-Encoding strips to work with Hyper builds [41]
- o TLS: prevent shutdown loops to get stuck [112]
- o tool: make _lseeki64() macro work with the PellesC compiler [163]
- o tool_help: document that --tlspassword takes a password [162]
- o tool_help: remove unused define [154]
- o url.c: remove two variable assigns that are never read [90]
- o url: (void)-prefix a curl_url_get() call [138]
- o url: bad CURLOPT_CONNECT_TO syntax now returns error [31]
- o version: turn version number functions into returning void [135]
- o vtls: exit addsessionid if no cache is inited [7]
- o vtls: fix connection reuse checks for issuer cert and case sensitivity [165]
- o vtls: only store TIMER_APPCONNECT for non-proxy connect [93]
- o vtls: use free() not curl_free() [140]
- o warnless: simplify type size handling [30]
- o Win32: fix build with Watt-32
- o winbuild/README: VC should be set to 6 'or larger' [64]
- o winbuild: support alternate nghttp2 static lib name [174]
- o wolfssl: failing to set a session id is not reason to error out [151]
- o write-out.d: clarify urlnum is not unique for de-globbed URLs [145]
- o zuul: use the new rustls directory name [141]
+ o configure: tweak nghttp2 library name fix [2]
+ o CURLMOPT_TIMERFUNCTION.3: remove misplaced "time" [5]
+ o docs/MQTT: update state of username/password support [4]
+ o Get rid of the unused HAVE_SIG_ATOMIC_T et. al.
+ o http_proxy: clear 'sending' when the outgoing request is sent [6]
 
 This release includes the following known bugs:
 
@@ -201,199 +25,13 @@ This release includes the following known bugs:
 This release would not have looked like this without help, code, reports and
 advice from friends like these:
 
-  Albin Vass, Aleksander Mazur, Alexis Vachette, Alex Xu, Andrea Pappacoda,
-  Andrei Rybak, Bachue Zhou, Bastian Krause, Bin Lan, Bin Meng,
-  Christian Weisgerber, Christoph M. Becker, civodul on github, Dan Fandrich,
-  Daniel Gustafsson, Daniel Stenberg, David Hu, dEajL3kA on github,
-  Dmitry Karpov, Dmitry Kostjuchenko, Douglas R. Reno, Ebe Janchivdorj,
-  Fawad Mirza, Francisco Munoz, Gabriel Simmer, Gealber Morales, Gergely Nagy,
-  Gerrit Renker, Gisle Vanem, Gregor Jasny, Gregory Muchka, Harry Sintonen,
-  Hugh Macdonald, Jacob Hoffman-Andrews, Jishan Shaikh, Joel Depooter,
-  Jonathan Wernberg, Jon Rumsey, Josh Soref, Josie Huddleston, Jun-ya Kato,
-  Kevin Burke, Laurent Dufresne, Li Xinwei, MAntoniak on github, Marcel Raad,
-  Marc Hörsken, Mark Swaanenburg, Martin Howarth, Max Zettlmeißl,
-  Michael Forney, Michael Kaufmann, Mohammed Naser, nian6324 on github,
-  Nikos Mavrogiannopoulos, Paul Groke, Peter Körner, Phil E. Taylor,
-  Pierre Yager, Randolf J, Ray Satiro, Red Hat Product Security,
-  Richard Marion, Richard Whitehouse, Sergey Markelov, Shikha Sharma,
-  shithappens2016 on github, sylgal on github, Timur Artikov, Tobias Nyholm,
-  Tommy Chiang, User Sg, Vadim Grinshpun, Valentín Gutiérrez, Viktor Szakats,
-  William Desportes, Wyatt OʼDay, Xiang Xiao, Yongkang Huang, Younes El-karama,
-  Zhang Xiuhua, Борис Верховский, Коваленко Анатолий Викторович,
-  (83 contributors)
+  Bastian Krause, Christian Weisgerber, Dan Fandrich, Daniel Stenberg,
+  Josh Soref, Oleg Pudeyev, Ray Satiro, zloi-user on github,
+  (8 contributors)
 
 References to bug reports and discussions on issues:
 
- [1] = https://curl.se/bug/?i=7133
- [2] = https://curl.se/bug/?i=7167
- [3] = https://curl.se/bug/?i=7152
- [4] = https://curl.se/bug/?i=7154
- [5] = https://curl.se/bug/?i=7159
- [6] = https://curl.se/bug/?i=7162
- [7] = https://curl.se/bug/?i=7165
- [8] = https://curl.se/bug/?i=7164
- [9] = https://curl.se/bug/?i=7095
- [10] = https://curl.se/bug/?i=7157
- [11] = https://curl.se/bug/?i=7157
- [12] = https://curl.se/bug/?i=7158
- [13] = https://curl.se/bug/?i=7153
- [14] = https://curl.se/bug/?i=7148
- [15] = https://curl.se/bug/?i=7151
- [16] = https://curl.se/bug/?i=7039
- [17] = https://curl.se/bug/?i=7146
- [18] = https://curl.se/mail/lib-2021-06/0001.html
- [19] = https://curl.se/bug/?i=7143
- [20] = https://curl.se/mail/lib-2021-06/0003.html
- [21] = https://curl.se/bug/?i=7141
- [22] = https://curl.se/bug/?i=7141
- [23] = https://curl.se/bug/?i=7139
- [24] = https://curl.se/bug/?i=7138
- [25] = https://curl.se/bug/?i=7172
- [26] = https://curl.se/bug/?i=7122
- [27] = https://curl.se/bug/?i=7134
- [28] = https://curl.se/bug/?i=7130
- [29] = https://curl.se/bug/?i=7204
- [30] = https://curl.se/bug/?i=7181
- [31] = https://curl.se/bug/?i=7183
- [32] = https://curl.se/bug/?i=7204
- [33] = https://curl.se/bug/?i=7184
- [34] = https://curl.se/bug/?i=7185
- [35] = https://curl.se/bug/?i=7170
- [36] = https://curl.se/bug/?i=7205
- [37] = https://curl.se/bug/?i=7144
- [38] = https://curl.se/bug/?i=7177
- [39] = https://curl.se/bug/?i=7179
- [40] = https://curl.se/bug/?i=7175
- [41] = https://curl.se/bug/?i=7169
- [42] = https://curl.se/bug/?i=7173
- [43] = https://curl.se/bug/?i=7166
- [44] = https://curl.se/bug/?i=7028
- [45] = https://curl.se/bug/?i=7028
- [46] = https://curl.se/bug/?i=7205
- [47] = https://curl.se/bug/?i=7205
- [48] = https://curl.se/bug/?i=7205
- [49] = https://curl.se/bug/?i=7205
- [50] = https://curl.se/bug/?i=7205
- [51] = https://curl.se/bug/?i=7205
- [52] = https://curl.se/bug/?i=7206
- [53] = https://curl.se/bug/?i=7203
- [54] = https://curl.se/bug/?i=7176
- [55] = https://curl.se/mail/lib-2021-06/0008.html
- [56] = https://curl.se/bug/?i=7222
- [57] = https://curl.se/bug/?i=7218
- [58] = https://curl.se/bug/?i=7257
- [59] = https://curl.se/bug/?i=7236
- [60] = https://curl.se/mail/lib-2021-06/0018.html
- [61] = https://curl.se/bug/?i=7240
- [62] = https://curl.se/bug/?i=7227
- [63] = https://github.com/curl/curl/discussions/7255
- [64] = https://curl.se/bug/?i=7253
- [65] = https://curl.se/bug/?i=7250
- [66] = https://curl.se/bug/?i=7209
- [67] = https://curl.se/bug/?i=7209
- [68] = https://curl.se/bug/?i=7209
- [69] = https://curl.se/bug/?i=7209
- [70] = https://curl.se/bug/?i=7209
- [71] = https://curl.se/bug/?i=7209
- [72] = https://curl.se/bug/?i=7209
- [73] = https://curl.se/bug/?i=7209
- [74] = https://curl.se/bug/?i=7209
- [75] = https://curl.se/bug/?i=493
- [76] = https://curl.se/bug/?i=7209
- [77] = https://curl.se/bug/?i=7209
- [78] = https://curl.se/bug/?i=7209
- [79] = https://curl.se/bug/?i=7209
- [80] = https://curl.se/bug/?i=7219
- [81] = https://curl.se/bug/?i=7211
- [82] = https://curl.se/bug/?i=7212
- [83] = https://curl.se/bug/?i=6896
- [84] = https://curl.se/bug/?i=7208
- [85] = https://curl.se/bug/?i=7280
- [86] = https://curl.se/bug/?i=7245
- [87] = https://curl.se/bug/?i=7238
- [88] = https://curl.se/bug/?i=7248
- [89] = https://curl.se/bug/?i=7248
- [90] = https://curl.se/bug/?i=7248
- [91] = https://curl.se/bug/?i=7243
- [92] = https://curl.se/bug/?i=7239
- [93] = https://curl.se/bug/?i=7274
- [94] = https://curl.se/bug/?i=7277
- [95] = https://curl.se/bug/?i=7276
- [96] = https://curl.se/bug/?i=7293
- [97] = https://curl.se/bug/?i=7178
- [98] = https://curl.se/mail/lib-2021-06/0024.html
- [99] = https://curl.se/bug/?i=7290
- [100] = https://curl.se/bug/?i=7287
- [101] = https://curl.se/bug/?i=7296
- [102] = https://curl.se/bug/?i=7285
- [103] = https://curl.se/bug/?i=7260
- [104] = https://curl.se/bug/?i=7034
- [105] = https://curl.se/bug/?i=7265
- [106] = https://curl.se/bug/?i=7295
- [107] = https://curl.se/bug/?i=7273
- [108] = https://curl.se/bug/?i=7270
- [109] = https://curl.se/bug/?i=7272
- [110] = https://curl.se/bug/?i=7216
- [111] = https://curl.se/bug/?i=7271
- [112] = https://curl.se/bug/?i=7271
- [113] = https://curl.se/bug/?i=7266
- [114] = https://curl.se/bug/?i=7349
- [115] = https://curl.se/bug/?i=7350
- [116] = https://curl.se/bug/?i=7301
- [117] = https://curl.se/bug/?i=7228
- [118] = https://curl.se/bug/?i=7073
- [119] = https://curl.se/bug/?i=7297
- [120] = https://curl.se/bug/?i=7350
- [121] = https://curl.se/bug/?i=7348
- [122] = https://curl.se/bug/?i=7343
- [123] = https://curl.se/bug/?i=7344
- [124] = https://curl.se/bug/?i=7345
- [125] = https://curl.se/bug/?i=7341
- [126] = https://curl.se/bug/?i=7340
- [127] = https://curl.se/bug/?i=7330
- [128] = https://curl.se/bug/?i=7333
- [129] = https://curl.se/bug/?i=7333
- [130] = https://curl.se/bug/?i=7334
- [131] = https://curl.se/bug/?i=7328
- [132] = https://curl.se/bug/?i=7329
- [133] = https://curl.se/bug/?i=7326
- [134] = https://curl.se/bug/?i=7325
- [135] = https://curl.se/bug/?i=7319
- [136] = https://curl.se/bug/?i=7316
- [137] = https://curl.se/bug/?i=7327
- [138] = https://curl.se/bug/?i=7320
- [139] = https://curl.se/bug/?i=7324
- [140] = https://curl.se/bug/?i=7318
- [141] = https://curl.se/bug/?i=7311
- [142] = https://curl.se/bug/?i=7308
- [143] = https://curl.se/bug/?i=7314
- [144] = https://curl.se/bug/?i=7313
- [145] = https://curl.se/bug/?i=7342
- [146] = https://curl.se/bug/?i=7370
- [147] = https://curl.se/mail/lib-2021-07/0025.html
- [148] = https://curl.se/bug/?i=7361
- [149] = https://curl.se/bug/?i=7357
- [150] = https://curl.se/bug/?i=7360
- [151] = https://curl.se/bug/?i=7358
- [152] = https://curl.se/bug/?i=7352
- [153] = https://curl.se/bug/?i=7379
- [154] = https://curl.se/bug/?i=7380
- [155] = https://curl.se/bug/?i=7377
- [156] = https://curl.se/bug/?i=7375
- [157] = https://curl.se/bug/?i=7367
- [159] = https://curl.se/bug/?i=7391
- [160] = https://curl.se/bug/?i=7382
- [161] = https://curl.se/bug/?i=7383
- [162] = https://curl.se/bug/?i=7378
- [163] = https://curl.se/bug/?i=7397
- [164] = https://curl.se/bug/?i=7398
- [165] = https://curl.se/docs/CVE-2021-22924.html
- [166] = https://curl.se/bug/?i=7418
- [167] = https://curl.se/docs/CVE-2021-22926.html
- [168] = https://curl.se/bug/?i=7423
- [169] = https://curl.se/bug/?i=7429
- [170] = https://curl.se/docs/CVE-2021-22925.html
- [171] = https://curl.se/bug/?i=7386
- [172] = https://curl.se/bug/?i=7413
- [174] = https://curl.se/bug/?i=7446
- [175] = https://curl.se/bug/?i=7419
+ [2] = https://curl.se/bug/?i=7485
+ [4] = https://curl.se/bug/?i=7474
+ [5] = https://curl.se/bug/?i=7470
+ [6] = https://curl.se/bug/?i=7155