🠰 7.76.1 all changes 7.78.0 🠲
Changes in 7.77.0 - May 26 2021
Changes:
- configure: make the TLS library choice(s) explicit
- curl: ignore options asking for SSLv2 or SSLv3
- hsts: enable by default
- SSL: support in-memory CA certs for some backends
- vtls: refuse setting any SSL version
Bugfixes:
- CVE-2021-22897: schannel cipher selection surprise
- CVE-2021-22898: TELNET stack contents disclosure
- CVE-2021-22901: TLS session caching disaster
- AmigaOS: add functions definitions for SHA256
- build: fix compilation for Windows UWP platform
- c-hyper: don't write to set.writeheader if null
- c-hyper: fix handling of zero-byte chunk from hyper
- c-hyper: handle body on HYPER_TASK_EMPTY
- checksrc: complain on == NULL or != 0 checks in conditions
- CI/cirrus: add shared and static Windows release builds
- cmake: add CURL_ENABLE_EXPORT_TARGET option
- cmake: check for getppid and utimes
- cmake: detect CURL_SA_FAMILY_T
- cmake: fix two invokes result in different curl_config.h
- cmake: make libcurl output filename configurable
- cmake: Use multithreaded compilation on VS 2008+
- config: remove now-unused macros
- configure: if asked for, fail if ldap is not found
- configure: provide --with-openssl, deprecate --with-ssl
- conn: add 'attach' to protocol handler, make libssh2 use it
- connect: use CURL_SA_FAMILY_T for portability
- ConnectionExists: respect requests for h1 connections better
- cookie: CURLOPT_COOKIEFILE set to NULL switches off cookies
- curl-wolfssl.m4: without custom include path, assume /usr/include
- curl: include libmetalink version in --version output
- Curl_http_header: check for colon when matching Persistent-Auth
- Curl_http_input_auth: require valid separator after negotiation type
- Curl_input_digest: require space after Digest
- curl_mprintf.3: add description
- curl_setup: provide the shutdown flags wider
- curl_url_set.3: add memory management information
- CURLcode: add CURLE_SSL_CLIENTCERT
- CURLOPT_CAPATH.3: defaults to a path, not NULL
- CURLOPT_IPRESOLVE: preventing wrong IP version from being used
- CURLOPT_POSTFIELDS.3: clarify how it gets the size of the data
- data_pending: check only SECONDARY socket for FTP(S) transfers
- docs/TheArtOfHttpScripting: fix markdown links
- docs: camelcase it like GitHub everywhere
- docs: cookies from HTTP headers need domain set
- docs: fix typo in fail-with-body doc
- docs: improve INTERNALS.md regarding getsock cb
- docs: replace dots with dashes in markdown enums
- easy: ignore sigpipe in curl_easy_send
- FILEFORMAT: mention sectransp as a feature
- GIT-INFO: suggest using autoreconf instead of buildconf
- github: add a workflow with libssh2 on macOS using cmake
- github: inhibit deprecated declarations for clang on macOS
- GnuTLS: don't allow TLS 1.3 for versions that don't support it
- gnutls: make setting only the MAX TLS allowed version work
- gskit: fix CURL_DISABLE_PROXY build
- gskit: fix undefined reference to 'conn'
- hostip.h: remove declaration of unimplemented function
- hostip: remove the debug code for LocalHost
- http2: call the handle-closed function correctly on closed stream
- http2: fix a resource leak in push_promise()
- http2: fix resource leaks in set_transfer_url()
- http2: make sure pause is done on HTTP
- http2: move the stream error field to the per-transfer storage
- http2: skip immediate parsing of payload following protocol switch
- http2: use nghttp2_session_upgrade2 instead of nghttp2_session_upgrade
- HTTP3.md: fix nghttp2's HTTP/3 server port
- HTTP3.md: make the ngtcp2 build use the quictls fork
- http: deal with partial CONNECT sends
- http: fix the check for 'Authorization' with Bearer
- http: limit the initial send amount to used upload buffer size
- http: reset the header buffer when sending the request
- http: use offsets inst of integer literals for header parsing
- INSTALL: add IBM i specific quirks
- krb5/name_to_level: replace checkprefix with curl_strequal
- krb5: don't use 'static' to store PBSZ size response
- krb5: remove the unused 'overhead' function
- lib/hostip6.c: make NAT64 address synthesis on macOS work
- lib1564.c: enable last wakeup test part on Windows
- lib: fix 0-length Curl_client_write calls
- lib: fix some misuse of curlx_convert_UTF8_to_tchar
- libcurl-security.3: be careful of setuid
- libcurl-security.3: don't try to filter IPv4 hosts based on the URL
- libcurl.3: mention the URL API
- libssh2: fix Value stored to 'sshp' is never read
- libssh2: ignore timeout during disconnect
- libssh: fix "empty expression statement has no effect" warnings
- libtest: remove lib530.c
- m4: add security frameworks on Mac when compiling rustls
- multi: don't close connection HTTP_1_1_REQUIRED
- multi: fix slow write/upload performance on Windows
- multi: reduce Win32 API calls to improve performance
- ngtcp2: fix the cb_acked_stream_data_offset proto
- NSS: add ciphers to map
- NSS: make colons, commas and spaces valid separators in cipher list
- nss_set_blocking: avoid static for sock_opt
- ntlm: precaution against super huge type2 offsets
- openldap: protect SSL-specific code with proper #ifdef
- openldap: replace ldap_ prefix on private functions
- openssl: fix build error with OpenSSL < 1.0.2
- openssl: remove unneeded cast for CertOpenSystemStore()
- os400: additional support for options metadata
- progress: fix scan-build-11 warnings
- progress: reset limit_size variables at transfer start
- progress: when possible, calculate transfer speeds with microseconds
- README.md: delete Codacy UTM parameters
- Revert "Revert 'multi: implement wait using winsock events'"
- rustls: only return CURLE_AGAIN when TLS session is fully drained
- rustls: use ALPN
- sasl: use 'unsigned short' to store mechanism
- schannel: Disable auto credentials; add an option to enable it
- schannel: Support strong crypto option
- sectransp: allow cipher name to be specified
- sectransp: fix EXC_BAD_ACCESS caused by uninitialized buffer
- sigpipe: ignore SIGPIPE when using wolfSSL as well
- sockfilt: avoid getting stuck waiting for writable socket
- sockfilt: fix invalid increment of handles index variable nfd
- sws: #ifdef S_IFSOCK use
- sws: allow HTTP requests up to 2MB in size
- test server: take care of siginterrupt() deprecation
- test2100: make it run with and require IPv6
- tests/disable-scan.pl: also scan all m4 files
- tests/getpart: generate output URL encoded for better diffs
- tests: ignore case of chunked hex numbers in tests
- tls: add USE_HTTP2 define
- tool_getparam: handle failure of curlx_convert_tchar_to_UTF8()
- tool_getparam: replace (in-place) '%20' by '+' according to RFC1866
- tool_operate: don't discard failed parallel transfer result
- tool_writeout: fix the HTTP_CODE json output
- travis: disable the failing libssh build
- URL-SYNTAX: update IDNA section for WHATWG spec changes
- urlapi: "normalize" numerical IPv4 hostnames
- vauth: factor base64 conversions out of authentication procedures
- version: add gsasl_version to curl_version_info_data
- version: add OpenLDAP version in the output
- vtls: deduplicate some DISABLE_PROXY ifdefs
- vtls: reset ssl use flag upon negotiation failure
- wolfssl: handle SSL_write() returns 0 for error
- wolfssl: remove SSLv3 support leftovers