| curl and libcurl 7.77.0 |
| |
| Public curl releases: 200 |
| Command line options: 242 |
| curl_easy_setopt() options: 290 |
| Public functions in libcurl: 85 |
| Contributors: 2408 |
| |
| This release includes the following changes: |
| |
| o configure: make the TLS library choice(s) explicit [3] |
| o curl: ignore options asking for SSLv2 or SSLv3 [10] |
| o hsts: enable by default [8] |
| o SSL: support in-memory CA certs for some backends [85] |
| o vtls: refuse setting any SSL version [9] |
| |
| This release includes the following bugfixes: |
| |
| o AmigaOS: add functions definitions for SHA256 [126] |
| o build: fix compilation for Windows UWP platform [82] |
| o c-hyper: don't write to set.writeheader if null [67] |
| o c-hyper: fix handling of zero-byte chunk from hyper [39] |
| o c-hyper: handle body on HYPER_TASK_EMPTY [104] |
| o checksrc: complain on == NULL or != 0 checks in conditions [20] |
| o CI/cirrus: add shared and static Windows release builds [102] |
| o cmake: check for getppid and utimes [87] |
| o cmake: detect CURL_SA_FAMILY_T [124] |
| o cmake: fix two invokes result in different curl_config.h [123] |
| o cmake: make libcurl output filename configurable [41] |
| o cmake: Use multithreaded compilation on VS 2008+ [122] |
| o config: remove now-unused macros [107] |
| o configure: if asked for, fail if ldap is not found [109] |
| o configure: provide --with-openssl, deprecate --with-ssl [15] |
| o conn: add 'attach' to protocol handler, make libssh2 use it [119] |
| o connect: use CURL_SA_FAMILY_T for portability [34] |
| o ConnectionExists: respect requests for h1 connections better |
| o cookie: CURLOPT_COOKIEFILE set to NULL switches off cookies [1] |
| o curl-wolfssl.m4: without custom include path, assume /usr/include [116] |
| o curl: include libmetalink version in --version output [111] |
| o Curl_http_header: check for colon when matching Persistent-Auth [51] |
| o Curl_http_input_auth: require valid separator after negotiation type [52] |
| o Curl_input_digest: require space after Digest [50] |
| o curl_mprintf.3: add description [73] |
| o curl_setup: provide the shutdown flags wider [33] |
| o curl_url_set.3: add memory management information [38] |
| o CURLcode: add CURLE_SSL_CLIENTCERT [47] |
| o CURLOPT_CAPATH.3: defaults to a path, not NULL [103] |
| o CURLOPT_IPRESOLVE: preventing wrong IP version from being used [125] |
| o CURLOPT_POSTFIELDS.3: clarify how it gets the size of the data [40] |
| o data_pending: check only SECONDARY socket for FTP(S) transfers [117] |
| o docs/TheArtOfHttpScripting: fix markdown links [129] |
| o docs: camelcase it like GitHub everywhere [62] |
| o docs: cookies from HTTP headers need domain set [121] |
| o docs: fix typo in fail-with-body doc [63] |
| o docs: improve INTERNALS.md regarding getsock cb [105] |
| o docs: replace dots with dashes in markdown enums [101] |
| o easy: ignore sigpipe in curl_easy_send [69] |
| o FILEFORMAT: mention sectransp as a feature [89] |
| o GIT-INFO: suggest using autoreconf instead of buildconf [96] |
| o github: add a workflow with libssh2 on macOS using cmake [81] |
| o github: inhibit deprecated declarations for clang on macOS [118] |
| o GnuTLS: don't allow TLS 1.3 for versions that don't support it [77] |
| o gnutls: make setting only the MAX TLS allowed version work [83] |
| o gskit: fix CURL_DISABLE_PROXY build [57] |
| o gskit: fix undefined reference to 'conn' [58] |
| o hostip.h: remove declaration of unimplemented function [108] |
| o hostip: remove the debug code for LocalHost [113] |
| o http2: call the handle-closed function correctly on closed stream [37] |
| o http2: fix a resource leak in push_promise() [54] |
| o http2: fix resource leaks in set_transfer_url() [55] |
| o http2: make sure pause is done on HTTP [120] |
| o http2: move the stream error field to the per-transfer storage [36] |
| o http2: skip immediate parsing of payload following protocol switch [90] |
| o http2: use nghttp2_session_upgrade2 instead of nghttp2_session_upgrade [91] |
| o HTTP3.md: fix nghttp2's HTTP/3 server port [21] |
| o HTTP3.md: make the ngtcp2 build use the quictls fork [98] |
| o http: deal with partial CONNECT sends [97] |
| o http: fix the check for 'Authorization' with Bearer [53] |
| o http: limit the initial send amount to used upload buffer size [99] |
| o http: reset the header buffer when sending the request [61] |
| o http: use offsets inst of integer literals for header parsing [95] |
| o INSTALL: add IBM i specific quirks [75] |
| o krb5/name_to_level: replace checkprefix with curl_strequal [49] |
| o krb5: don't use 'static' to store PBSZ size response [23] |
| o krb5: remove the unused 'overhead' function [35] |
| o lib1564.c: enable last wakeup test part on Windows [26] |
| o lib: fix 0-length Curl_client_write calls [60] |
| o lib: fix some misuse of curlx_convert_UTF8_to_tchar [64] |
| o libcurl-security.3: be careful of setuid [66] |
| o libcurl-security.3: don't try to filter IPv4 hosts based on the URL [71] |
| o libcurl.3: mention the URL API [76] |
| o libssh2: fix Value stored to 'sshp' is never read [13] |
| o libssh2: ignore timeout during disconnect [45] |
| o libssh: fix "empty expression statement has no effect" warnings [7] |
| o libtest: remove lib530.c [88] |
| o m4: add security frameworks on Mac when compiling rustls [31] |
| o multi: don't close connection HTTP_1_1_REQUIRED |
| o multi: fix slow write/upload performance on Windows [27] |
| o multi: reduce Win32 API calls to improve performance [28] |
| o ngtcp2: fix the cb_acked_stream_data_offset proto [46] |
| o NSS: add ciphers to map [30] |
| o NSS: make colons, commas and spaces valid separators in cipher list [106] |
| o nss_set_blocking: avoid static for sock_opt [72] |
| o ntlm: precaution against super huge type2 offsets [65] |
| o openldap: protect SSL-specific code with proper #ifdef [12] |
| o openldap: replace ldap_ prefix on private functions [84] |
| o openssl: fix build error with OpenSSL < 1.0.2 [4] |
| o openssl: remove unneeded cast for CertOpenSystemStore() [93] |
| o os400: additional support for options metadata [24] |
| o progress: fix scan-build-11 warnings [92] |
| o progress: reset limit_size variables at transfer start [114] |
| o progress: when possible, calculate transfer speeds with microseconds [48] |
| o README.md: delete Codacy UTM parameters [5] |
| o Revert "Revert 'multi: implement wait using winsock events'" [26] |
| o rustls: only return CURLE_AGAIN when TLS session is fully drained [2] |
| o rustls: use ALPN [56] |
| o sasl: use 'unsigned short' to store mechanism [112] |
| o schannel: Disable auto credentials; add an option to enable it [18] |
| o schannel: Support strong crypto option [44] |
| o sectransp: allow cipher name to be specified [29] |
| o sigpipe: ignore SIGPIPE when using wolfSSL as well [70] |
| o sockfilt: avoid getting stuck waiting for writable socket [80] |
| o sockfilt: fix invalid increment of handles index variable nfd [79] |
| o sws: #ifdef S_IFSOCK use [32] |
| o sws: allow HTTP requests up to 2MB in size [100] |
| o test server: take care of siginterrupt() deprecation [25] |
| o test2100: make it run with and require IPv6 [127] |
| o tests/disable-scan.pl: also scan all m4 files [17] |
| o tests/getpart: generate output URL encoded for better diffs [128] |
| o tests: ignore case of chunked hex numbers in tests [86] |
| o tls: add USE_HTTP2 define [59] |
| o tool_getparam: handle failure of curlx_convert_tchar_to_UTF8() [78] |
| o tool_getparam: replace (in-place) '%20' by '+' according to RFC1866 [14] |
| o tool_operate: don't discard failed parallel transfer result [16] |
| o tool_writeout: fix the HTTP_CODE json output [11] |
| o travis: disable the failing libssh build [94] |
| o URL-SYNTAX: update IDNA section for WHATWG spec changes [74] |
| o urlapi: "normalize" numerical IPv4 host names [6] |
| o vauth: factor base64 conversions out of authentication procedures [22] |
| o version: add gsasl_version to curl_version_info_data [43] |
| o version: add OpenLDAP version in the output [110] |
| o vtls: deduplicate some DISABLE_PROXY ifdefs [19] |
| o vtls: reset ssl use flag upon negotiation failure [42] |
| o wolfssl: handle SSL_write() returns 0 for error [68] |
| o wolfssl: remove SSLv3 support leftovers [115] |
| |
| This release includes the following known bugs: |
| |
| o see docs/KNOWN_BUGS (https://curl.se/docs/knownbugs.html) |
| |
| This release would not have looked like this without help, code, reports and |
| advice from friends like these: |
| |
| 3eka on github, Andrew Barnert, Ayushman Singh Chauhan, Benjamin Riefenstahl, |
| Blake Burkhart, Calvin Buckley, Cameron Cawley, Dan Fandrich, |
| Daniel Carpenter, Daniel Gustafsson, Daniel Stenberg, David Cook, |
| Denis Goleshchikhin, Dmitry Karpov, Dmitry Kostjuchenko, ebejan on github, |
| Emil Engler, Georeth Zhou, Gergely Nagy, Gilles Vollant, Harry Sintonen, |
| Howard Chu, Ikko Ashimine, Illarion Taev, Jacob Hoffman-Andrews, |
| Jakub Zakrzewski, Javier Blazquez, J. Bromley, Jeroen Ooms, Joel Depooter, |
| Joel Jakobsson, Johann150 on github, Jon Rumsey, Kamil Dudka, Kevin Burke, |
| Kevin R. Bulgrien, Lucas Clemente Vella, Lucas Servén Marín, |
| MAntoniak on github, Marc Aldorasi, Marcel Raad, Marc Hörsken, Martin Dorey, |
| Martin Halle, Matias N. Goldberg, Max Dymond, Michael Kolechkin, |
| Michael O'Farrell, Michał Antoniak, Michal Rus, Morten Minde Neergaard, |
| Oliver Urbann, Patrick Monnerat, Peng-Yu Chen, Pontus Lundkvist, |
| Ralph Langendam, Ray Satiro, rcombs on github, Rich FitzJohn, |
| Ryan Beck-Buysse, Sergey Markelov, sergio-nsk on github, Stefan Karpinski, |
| Timo Lange, Timothy Gu, tmkk on github, Tobias Gabriel, Tommy Odom, |
| Travis Burtrum on github, Tuomas Siipola, ustcqidi on github, Victor Vieux, |
| Viktor Szakats, Wes Hinsley, Ymir1711 on github, Yusuke Nakamura, |
| (76 contributors) |
| |
| References to bug reports and discussions on issues: |
| |
| [1] = https://curl.se/bug/?i=6889 |
| [2] = https://curl.se/bug/?i=6894 |
| [3] = https://curl.se/bug/?i=6897 |
| [4] = https://curl.se/bug/?i=6920 |
| [5] = https://curl.se/bug/?i=6919 |
| [6] = https://curl.se/bug/?i=6863 |
| [7] = https://curl.se/bug/?i=6847 |
| [8] = https://curl.se/bug/?i=6700 |
| [9] = https://curl.se/bug/?i=6773 |
| [10] = https://curl.se/bug/?i=6772 |
| [11] = https://curl.se/bug/?i=6905 |
| [12] = https://curl.se/bug/?i=6901 |
| [13] = https://curl.se/bug/?i=6900 |
| [14] = https://curl.se/bug/?i=6895 |
| [15] = https://curl.se/bug/?i=6887 |
| [16] = https://curl.se/bug/?i=6921 |
| [17] = https://curl.se/bug/?i=1165 |
| [18] = https://curl.se/bug/?i=2262 |
| [19] = https://curl.se/bug/?i=6660 |
| [20] = https://curl.se/bug/?i=6912 |
| [21] = https://curl.se/bug/?i=6964 |
| [22] = https://curl.se/bug/?i=6654 |
| [23] = https://curl.se/bug/?i=6963 |
| [24] = https://curl.se/bug/?i=6574 |
| [25] = https://curl.se/bug/?i=6529 |
| [26] = https://curl.se/bug/?i=6245 |
| [27] = https://curl.se/bug/?i=6146 |
| [28] = https://curl.se/bug/?i=6146 |
| [29] = https://curl.se/bug/?i=6464 |
| [30] = https://curl.se/bug/?i=6670 |
| [31] = https://curl.se/bug/?i=6955 |
| [32] = https://curl.se/mail/lib-2021-04/0074.html |
| [33] = https://curl.se/mail/lib-2021-04/0073.html |
| [34] = https://curl.se/mail/lib-2021-04/0071.html |
| [35] = https://curl.se/bug/?i=6947 |
| [36] = https://curl.se/bug/?i=6910 |
| [37] = https://curl.se/bug/?i=6862 |
| [38] = https://curl.se/bug/?i=6953 |
| [39] = https://curl.se/bug/?i=6951 |
| [40] = https://curl.se/bug/?i=6943 |
| [41] = https://curl.se/bug/?i=6933 |
| [42] = https://curl.se/bug/?i=6934 |
| [43] = https://curl.se/bug/?i=6843 |
| [44] = https://curl.se/bug/?i=6734 |
| [45] = https://curl.se/bug/?i=6990 |
| [46] = https://curl.se/mail/lib-2021-05/0019.html |
| [47] = https://curl.se/bug/?i=6721 |
| [48] = https://curl.se/bug/?i=7017 |
| [49] = https://curl.se/bug/?i=6993 |
| [50] = https://curl.se/bug/?i=6993 |
| [51] = https://curl.se/bug/?i=6993 |
| [52] = https://curl.se/bug/?i=6993 |
| [53] = https://curl.se/bug/?i=6988 |
| [54] = https://curl.se/bug/?i=6986 |
| [55] = https://curl.se/bug/?i=6986 |
| [56] = https://curl.se/bug/?i=6960 |
| [57] = https://curl.se/bug/?i=6981 |
| [58] = https://curl.se/bug/?i=6980 |
| [59] = https://curl.se/bug/?i=6959 |
| [60] = https://curl.se/bug/?i=6954 |
| [61] = https://curl.se/bug/?i=7018 |
| [62] = https://curl.se/bug/?i=6979 |
| [63] = https://curl.se/bug/?i=6977 |
| [64] = https://github.com/curl/curl/pull/6602#issuecomment-825236763 |
| [65] = https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33720 |
| [66] = https://curl.se/bug/?i=6970 |
| [67] = https://curl.se/bug/?i=6619 |
| [68] = https://curl.se/bug/?i=6967 |
| [69] = https://curl.se/bug/?i=6965 |
| [70] = https://curl.se/bug/?i=6966 |
| [71] = https://curl.se/bug/?i=6942 |
| [72] = https://curl.se/bug/?i=6945 |
| [73] = https://curl.se/bug/?i=7010 |
| [74] = https://curl.se/bug/?i=7026 |
| [75] = https://curl.se/bug/?i=6830 |
| [76] = https://curl.se/bug/?i=7009 |
| [77] = https://curl.se/bug/?i=7014 |
| [78] = https://curl.se/bug/?i=7023 |
| [79] = https://curl.se/bug/?i=6992 |
| [80] = https://curl.se/bug/?i=6992 |
| [81] = https://curl.se/bug/?i=7047 |
| [82] = https://curl.se/bug/?i=7006 |
| [83] = https://curl.se/bug/?i=6998 |
| [84] = https://curl.se/bug/?i=7004 |
| [85] = https://curl.se/bug/?i=6662 |
| [86] = https://curl.se/bug/?i=6987 |
| [87] = https://curl.se/bug/?i=6997 |
| [88] = https://curl.se/bug/?i=6999 |
| [89] = https://curl.se/bug/?i=7001 |
| [90] = https://curl.se/bug/?i=7036 |
| [91] = https://curl.se/bug/?i=7041 |
| [92] = https://curl.se/mail/lib-2021-05/0022.html |
| [93] = https://curl.se/bug/?i=7025 |
| [94] = https://curl.se/bug/?i=7011 |
| [95] = https://curl.se/bug/?i=7032 |
| [96] = https://curl.se/bug/?i=7033 |
| [97] = https://curl.se/bug/?i=6950 |
| [98] = https://curl.se/bug/?i=7031 |
| [99] = https://curl.se/bug/?i=7022 |
| [100] = https://curl.se/bug/?i=7075 |
| [101] = https://curl.se/bug/?i=7093 |
| [102] = https://curl.se/bug/?i=6991 |
| [103] = https://curl.se/bug/?i=7062 |
| [104] = https://curl.se/bug/?i=7064 |
| [105] = https://curl.se/bug/?i=7092 |
| [106] = https://curl.se/bug/?i=7110 |
| [107] = https://curl.se/bug/?i=7094 |
| [108] = https://curl.se/bug/?i=7094 |
| [109] = https://curl.se/bug/?i=7053 |
| [110] = https://curl.se/bug/?i=7054 |
| [111] = https://curl.se/bug/?i=7112 |
| [112] = https://curl.se/bug/?i=7045 |
| [113] = https://curl.se/bug/?i=7044 |
| [114] = https://curl.se/bug/?i=7042 |
| [115] = https://curl.se/bug/?i=7088 |
| [116] = https://curl.se/bug/?i=7085 |
| [117] = https://curl.se/bug/?i=7068 |
| [118] = https://curl.se/bug/?i=7081 |
| [119] = https://curl.se/bug/?i=6898 |
| [120] = https://curl.se/bug/?i=7079 |
| [121] = https://curl.se/bug/?i=6723 |
| [122] = https://curl.se/bug/?i=7109 |
| [123] = https://curl.se/bug/?i=7100 |
| [124] = https://curl.se/bug/?i=7049 |
| [125] = https://curl.se/bug/?i=6853 |
| [126] = https://github.com/jens-maus/amissl/issues/15 |
| [127] = https://curl.se/bug/?i=7083 |
| [128] = https://curl.se/bug/?i=7083 |
| [129] = https://curl.se/bug/?i=7097 |