1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
|
curl and libcurl 7.82.0
Public curl releases: 206
Command line options: 245
curl_easy_setopt() options: 295
Public functions in libcurl: 86
Contributors: 2597
This release includes the following changes:
o curl: add --json [67]
o mesalink: remove support [23]
This release includes the following bugfixes:
o appveyor: update images from VS 2019 to 2022
o appveyor: use VS 2017 image for the autotools builds
o bearssl: fix connect error on expired cert and no verify [132]
o bearssl: fix EXC_BAD_ACCESS on incomplete CA cert [131]
o bearssl: fix session resumption (session id) [133]
o build: enable -Warith-conversion
o build: fix -Wenum-conversion handling
o build: fix ngtcp2 crypto library detection [63]
o checkprefix: remove strlen calls [128]
o checksrc: fix typo in comment [34]
o CI: move 'distcheck' job from zuul to azure pipelines [60]
o CI: move scan-build job from Zuul to Azure Pipelines [59]
o CI: move the NSS job from zuul to GHA [84]
o ci: move the OpenSSL + c-ares job from Zuul to Circle CI [75]
o CI: move the rustls CI job to GHA from Zuul [8]
o CI: move two jobs from Zuul to Circle CI [73]
o CI: test building wolfssl with --enable-opensslextra [42]
o CI: workflows/wolfssl: install impacket [47]
o circleci: add a job using libssh [121]
o cirlceci: also run a c-ares job on arm with debug enabled [74]
o cmake: fix iOS CMake project generation error [13]
o cmdline-opts/gen.pl: fix option matching to improve references [50]
o config.d: Clarify _curlrc filename is still valid on Windows [95]
o configure.ac: use user-specified gssapi dir when using pkg-config [136]
o configure: change output for cross-compiled alt-svc support [140]
o configure: fix '--enable-code-coverage' typo [110]
o configure: remove support for "embedded ares" [82]
o configure: requires --with-nss-deprecated to build with NSS [114]
o configure: set CURL_LIBRARY_PATH for nghttp2 [58]
o configure: support specification of a nghttp2 library path [101]
o configure: use correct CFLAGS for threaded resolver with xlC on AIX [54]
o curl tool: erase some more sensitive command line arguments [22]
o curl-functions.m4: fix LIBRARY_PATH adjustment to avoid eval [5]
o curl-functions.m4: revert DYLD_LIBRARY_PATH tricks in CURL_RUN_IFELSE [9]
o curl-openssl: fix SRP check for OpenSSL 3.0 [86]
o curl-openssl: remove the OpenSSL headers and library versions check [35]
o curl.h: fix typo [129]
o curl: remove "separators" (when using globbed URLs) [32]
o curl_getdate.3: remove pointless .PP line [68]
o curl_multi_socket.3: remove callback and typical usage descriptions [7]
o curl_url_set.3: mention when CURLU_ALLOW_SPACE was added
o CURLMOPT_TIMERFUNCTION/DATA.3: fix the examples [27]
o CURLOPT_PROGRESSFUNCTION.3: fix example struct assignment [147]
o CURLOPT_RESOLVE.3: change example port to 443
o CURLOPT_XFERINFOFUNCTION.3: fix typo in example [81]
o CURLSHOPT_LOCKFUNC.3: fix typo "relased" -> "released" [71]
o des: fix compile break for OpenSSL without DES [141]
o docs/cmdline-opts: add "mutexed" options for more http versions [25]
o docs/DEPRECATE: remove NPN support in August 2022 [64]
o docs: capitalize the name 'Netscape' [77]
o docs: document HTTP/2 not insisting on TLS 1.2 [49]
o docs: fix mandoc -T lint formatting complaints [2]
o docs: update IETF links to use datatracker [41]
o examples/multi-app.c: call curl_multi_remove_handle as well [19]
o formdata: avoid size_t => long typecast overflows [37]
o ftp: provide error message for control bytes in path [66]
o gen.pl: terminate "example" sections better [4]
o gha: add a macOS CI job with libssh [142]
o gskit: Convert to using Curl_poll [111]
o gskit: Fix errors from Curl_strerror refactor [113]
o gskit: Fix initialization of Curl_ssl_gskit struct [112]
o h2/h3: allow CURLOPT_HTTPHEADER change ":scheme" [88]
o hostcheck: fixed to not touch used input strings [38]
o hostcheck: reduce strlen calls on chained certificates [92]
o hostip: avoid unused parameter error in Curl_resolv_check [144]
o http2: move two infof calls to debug-h2-only [145]
o http: make Curl_compareheader() take string length arguments too [87]
o if2ip: make Curl_ipv6_scope a blank macro when IPv6-disabled [104]
o KNOWN_BUGS: fix typo "libpsl"
o ldap: return CURLE_URL_MALFORMAT for bad URL [24]
o lib: remove support for CURL_DOES_CONVERSIONS [96]
o libssh2: don't typecast socket to int for libssh2_session_handshake [151]
o Makefile.am: Generate VS 2022 projects
o maketgz: return error if 'make dist' fails [79]
o mbedtls: enable use of mbedtls without CRL support [57]
o mbedtls: enable use of mbedtls without filesystem functions support [100]
o mbedtls: fix CURLOPT_SSLCERT_BLOB (again)
o mbedtls: fix ssl_init error with mbedTLS 3.1.0+ [12]
o mbedtls: remove #include <mbedtls/certs.h> [56]
o mbedtls: return CURLcode result instead of a mbedtls error code [1]
o md5: check md5_init_func return value
o mime: use a define instead of the magic number 24 [89]
o misc: allow curl to build with wolfssl --enable-opensslextra [43]
o misc: remove BeOS code and references [30]
o misc: remove the final watcom references [29]
o misc: remove unused data when IPv6 is not supported [80]
o mqtt: free 'sendleftovers' in disconnect [115]
o mqtt: free any send leftover data when done [36]
o multi: allow user callbacks to call curl_multi_assign [126]
o multi: grammar fix in comment [69]
o multi: remember connection_id before returning connection to pool [76]
o multi: set in_callback for multi interface callbacks [28]
o netware: remove support [72]
o next.d. remove .fi/.nf as they are handled by gen.pl [3]
o ngtcp2: adapt to changed end of headers callback proto [39]
o ngtcp2: fix declaration of ‘result’ shadows a previous local [14]
o ngtcp2: Reset dynbuf when it is fully drained [143]
o nss: handshake callback during shutdown has no conn->bundle [55]
o ntlm: remove unused feature defines [117]
o openldap: fix compiler warning when built without SSL support [70]
o openldap: implement SASL authentication [16]
o openldap: pass string length arguments to client_write() [116]
o openssl.h: avoid including OpenSSL headers here [15]
o openssl: check if sessionid flag is enabled before retrieving session [125]
o openssl: check SSL_get_ex_data to prevent potential NULL dereference [40]
o openssl: check the return value of BIO_new_mem_buf() [18]
o openssl: fix `ctx_option_t` for OpenSSL v3+
o openssl: fix build for version < 1.1.0 [134]
o openssl: return error if TLS 1.3 is requested when not supported [45]
o os400: Add function wrapper for system command [138]
o os400: Add link to QADRT devkit to README.OS400 [137]
o os400: Default build to target current release [139]
o OS400: fix typos in rpg include file [149]
o projects: add support for Visual Studio 17 (2022) [124]
o projects: fix Visual Studio wolfSSL configurations
o projects: remove support for MSVC before VC10 (Visual Studio 2010) [123]
o quiche: after leaving h3_recving state, poll again [108]
o quiche: change qlog file extension to `.sqlog` [44]
o quiche: fix upload for bigger content-length [146]
o quiche: handle stream reset [83]
o quiche: remove two leftover debug infof() outputs
o quiche: verify the server cert on connect [33]
o quiche: when *recv_body() returns data, drain it before polling again [109]
o README.md: fix links [118]
o remote-header-name.d: clarify [10]
o runtests.pl: disable debuginfod [51]
o runtests.pl: properly print the test if it contains binary zeros
o runtests.pl: support the nonewline attribute for the data part [21]
o runtests.pl: tolerate test directories without Makefile.inc [98]
o runtests: allow client/file to specify multiple directories
o runtests: make 'rustls' a testable feature
o runtests: make 'wolfssl' a testable feature [6]
o runtests: set 'oldlibssh' for libssh versions before 0.9.6 [122]
o rustls: add CURLOPT_CAINFO_BLOB support [26]
o schannel: move the algIds array out of schannel.h [135]
o scripts/cijobs.pl: output data about all currect CI jobs [78]
o scripts/completion.pl: improve zsh completion [46]
o scripts/copyright.pl: support many provided file names on the cmdline
o scripts/delta: check the file delta for current branch
o sectransp: mark a 3DES cipher as weak [130]
o setopt: do bounds-check before strdup [99]
o setopt: fix the TLSAUTH #ifdefs for proxy-disabled builds [53]
o sha256: Fix minimum OpenSSL version [102]
o smb: pass socket for writing and reading data instead of FIRSTSOCKET [90]
o ssl: reduce allocated space for ssl backend when FTP is disabled [127]
o test3021: disable all msys2 path transformation
o test374: gif data without new line at the end [20]
o tests/disable-scan.pl: properly detect multiple symbols per line [94]
o tests/unit/Makefile.am: add NSS_LIBS to build with NSS fine [85]
o tool_findfile: check ~/.config/curlrc too [17]
o tool_getparam: DNS options that need c-ares now fail without it [31]
o TPF: drop support [97]
o url: exclude zonefrom_url when no ipv6 is available [103]
o url: given a user in the URL, find pwd for that user in netrc [11]
o url: keep trailing dot in host name [62]
o url: make Curl_disconnect return void [48]
o urlapi: handle "redirects" smarter [119]
o urldata: CONN_IS_PROXIED replaces bits.proxy when proxy can be disabled [52]
o urldata: remove conn->bits.user_passwd [105]
o version_win32: fix warning for `CURL_WINDOWS_APP` [93]
o vtls: fix socket check conditions [150]
o vtls: pass on the right SNI name [61]
o vxworks: drop support [65]
o winbuild: add parameter WITH_SSH [120]
o wolfssl: return CURLE_AGAIN for the SSL_ERROR_NONE case [106]
o wolfssl: when SSL_read() returns zero, check the error [107]
o write-out.d: Fix num_headers formatting
o x509asn1: toggle off functions not needed for diff tls backends [91]
This release includes the following known bugs:
o see docs/KNOWN_BUGS (https://curl.se/docs/knownbugs.html)
This release would not have looked like this without help, code, reports and
advice from friends like these:
1337vt on github, Alejandro R. Sedeño, Alessandro Ghedini, Antoine Pietri,
Bernhard Walle, Bjarni Ingi Gislason, Cameron Will, Charles Cazabon,
coralw on github, Dan Fandrich, Daniel Stenberg, Davide Cassioli,
Eric Musser, Fabian Keil, Fabian Yamaguchi, Farzin on github, Filip Lundgren,
gaoxingwang on github, Harry Sarson, Henrik Holst, Ikko Ashimine,
illusory-dream on github, Jan Ehrhardt, Jan-Piet Mens, Jan Venekamp,
Jean-Philippe Menil, jhoyla on github, Jim Beveridge, Joel Depooter,
John H. Ayad, jonny112 on github, Kantanat Wannapaka, Kevin Adler,
Kushal Das, Leah Neukirchen, Lucas Pardue, luminixinc on github,
Manfred Schwarb, Marcel Raad, Melroy van den Berg, Michael Kaufmann,
Michael Wallner, Michał Antoniak, Neal McBurnett, neutric on github,
Niels Martignène, Patrick Monnerat, pheiduck on github, Ray Satiro,
Rob Boeckermann, Ryan Schmidt, Samuel Henrique, Sandro Jaeckel,
Satadru Pramanik, Sebastian Sterk, siddharthchhabrap on github, Stav Nir,
Stefan Eissing, Stephen Boost, Stephen M. Coakley, Stewart Gebbie,
Tatsuhiro Tsujikawa, updatede on github, Viktor Szakats, vl409 on github,
Xiaoke Wang,
(66 contributors)
References to bug reports and discussions on issues:
[1] = https://curl.se/bug/?i=8266
[2] = https://curl.se/bug/?i=8228
[3] = https://curl.se/bug/?i=8228
[4] = https://curl.se/bug/?i=8228
[5] = https://curl.se/bug/?i=8229
[6] = https://curl.se/bug/?i=8252
[7] = https://curl.se/bug/?i=8262
[8] = https://curl.se/bug/?i=8251
[9] = https://curl.se/bug/?i=8229
[10] = https://curl.se/bug/?i=8249
[11] = https://curl.se/bug/?i=8241
[12] = https://curl.se/bug/?i=8238
[13] = https://curl.se/bug/?i=8244
[14] = https://curl.se/bug/?i=8245
[15] = https://curl.se/bug/?i=8240
[16] = https://curl.se/bug/?i=8152
[17] = https://curl.se/bug/?i=8208
[18] = https://curl.se/bug/?i=8233
[19] = https://curl.se/bug/?i=8234
[20] = https://curl.se/bug/?i=8239
[21] = https://curl.se/bug/?i=8239
[22] = https://curl.se/bug/?i=7964
[23] = https://curl.se/bug/?i=8188
[24] = https://curl.se/bug/?i=8170
[25] = https://curl.se/bug/?i=8254
[26] = https://curl.se/bug/?i=8255
[27] = https://curl.se/bug/?i=8286
[28] = https://curl.se/bug/?i=8282
[29] = https://curl.se/bug/?i=8287
[30] = https://curl.se/bug/?i=8288
[31] = https://curl.se/bug/?i=8285
[32] = https://curl.se/bug/?i=8278
[33] = https://curl.se/bug/?i=8173
[34] = https://curl.se/bug/?i=8281
[35] = https://curl.se/bug/?i=8279
[36] = https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43515
[37] = https://hackerone.com/reports/1444539
[38] = https://curl.se/bug/?i=8321
[39] = https://curl.se/bug/?i=8322
[40] = https://curl.se/bug/?i=8268
[41] = https://curl.se/bug/?i=8317
[42] = https://curl.se/bug/?i=8315
[43] = https://curl.se/bug/?i=8292
[44] = https://curl.se/bug/?i=8316
[45] = https://curl.se/bug/?i=8309
[46] = https://curl.se/bug/?i=8363
[47] = https://curl.se/bug/?i=8307
[48] = https://curl.se/bug/?i=8303
[49] = https://curl.se/bug/?i=8235
[50] = https://curl.se/bug/?i=8299
[51] = https://curl.se/bug/?i=8291
[52] = https://curl.se/bug/?i=8350
[53] = https://curl.se/bug/?i=8350
[54] = https://curl.se/bug/?i=8276
[55] = https://curl.se/bug/?i=8341
[56] = https://curl.se/bug/?i=8343
[57] = https://curl.se/bug/?i=8344
[58] = https://curl.se/bug/?i=8340
[59] = https://curl.se/bug/?i=8338
[60] = https://curl.se/bug/?i=8334
[61] = https://curl.se/bug/?i=8320
[62] = https://curl.se/bug/?i=8290
[63] = https://curl.se/bug/?i=8372
[64] = https://curl.se/bug/?i=8458
[65] = https://curl.se/bug/?i=8362
[66] = https://curl.se/bug/?i=8460
[67] = https://curl.se/bug/?i=8314
[68] = https://curl.se/bug/?i=8365
[69] = https://curl.se/bug/?i=8368
[70] = https://curl.se/bug/?i=8367
[71] = https://curl.se/bug/?i=8364
[72] = https://curl.se/bug/?i=8358
[73] = https://curl.se/bug/?i=8359
[74] = https://curl.se/bug/?i=8357
[75] = https://curl.se/bug/?i=8357
[76] = https://hackerone.com/reports/1463013
[77] = https://curl.se/bug/?i=8354
[78] = https://curl.se/bug/?i=8408
[79] = https://curl.se/mail/lib-2022-02/0070.html
[80] = https://curl.se/bug/?i=8430
[81] = https://curl.se/bug/?i=8487
[82] = https://curl.se/bug/?i=8397
[83] = https://curl.se/bug/?i=8437
[84] = https://curl.se/bug/?i=8396
[85] = https://curl.se/bug/?i=8396
[86] = https://curl.se/bug/?i=8394
[87] = https://curl.se/bug/?i=8391
[88] = https://curl.se/bug/?i=8381
[89] = https://curl.se/bug/?i=8441
[90] = https://curl.se/bug/?i=8383
[91] = https://curl.se/bug/?i=8386
[92] = https://curl.se/bug/?i=8428
[93] = https://curl.se/bug/?i=8385
[94] = https://curl.se/bug/?i=8384
[95] = https://curl.se/bug/?i=8382
[96] = https://curl.se/bug/?i=8378
[97] = https://curl.se/bug/?i=8378
[98] = https://curl.se/bug/?i=8379
[99] = https://curl.se/bug/?i=8377
[100] = https://curl.se/bug/?i=8376
[101] = https://curl.se/bug/?i=8375
[102] = https://curl.se/bug/?i=8464
[103] = https://curl.se/bug/?i=8439
[104] = https://curl.se/bug/?i=8439
[105] = https://curl.se/bug/?i=8449
[106] = https://curl.se/bug/?i=8431
[107] = https://curl.se/bug/?i=8431
[108] = https://curl.se/bug/?i=8436
[109] = https://curl.se/bug/?i=8429
[110] = https://curl.se/bug/?i=8425
[111] = https://curl.se/bug/?i=8454
[112] = https://curl.se/bug/?i=8454
[113] = https://curl.se/bug/?i=8454
[114] = https://curl.se/bug/?i=8395
[115] = https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43646
[116] = https://curl.se/bug/?i=8404
[117] = https://curl.se/bug/?i=8453
[118] = https://curl.se/bug/?i=8448
[119] = https://curl.se/bug/?i=8450
[120] = https://curl.se/bug/?i=8514
[121] = https://curl.se/bug/?i=8444
[122] = https://curl.se/bug/?i=8444
[123] = https://curl.se/bug/?i=8442
[124] = https://curl.se/bug/?i=8438
[125] = https://curl.se/bug/?i=8472
[126] = https://curl.se/bug/?i=8480
[127] = https://curl.se/bug/?i=8471
[128] = https://curl.se/bug/?i=8481
[129] = https://curl.se/bug/?i=8482
[130] = https://curl.se/bug/?i=8479
[131] = https://curl.se/bug/?i=8476
[132] = https://curl.se/bug/?i=8475
[133] = https://curl.se/bug/?i=8474
[134] = https://curl.se/bug/?i=8470
[135] = https://curl.se/bug/?i=8469
[136] = https://curl.se/bug/?i=8289
[137] = https://curl.se/bug/?i=8455
[138] = https://curl.se/bug/?i=8455
[139] = https://curl.se/bug/?i=8455
[140] = https://curl.se/bug/?i=8512
[141] = https://curl.se/bug/?i=8459
[142] = https://curl.se/bug/?i=8513
[143] = https://curl.se/bug/?i=7351
[144] = https://curl.se/bug/?i=8505
[145] = https://curl.se/bug/?i=8502
[146] = https://curl.se/bug/?i=8421
[147] = https://curl.se/bug/?i=8500
[149] = https://curl.se/bug/?i=8494
[150] = https://curl.se/bug/?i=8493
[151] = https://curl.se/bug/?i=8492
|
