Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
RE: [RELEASE] curl 7.77.0
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Bill Mercer via curl-users <curl-users_at_cool.haxx.se>
Date: Wed, 26 May 2021 14:03:14 +0000
Congratulations on this milestone, and thanks for always reacting quickly to address security concerns.
> -----Original Message-----
> From: curl-users <curl-users-bounces_at_cool.haxx.se> On Behalf Of Daniel
> Stenberg via curl-users
> Sent: Wednesday, May 26, 2021 2:43 AM
> To: curl users <curl-users_at_cool.haxx.se>; curl-announce_at_cool.haxx.se;
> libcurl hacking <curl-library_at_cool.haxx.se>
> Cc: Daniel Stenberg <daniel_at_haxx.se>
> Subject: [RELEASE] curl 7.77.0
>
> Hi friends!
>
> I'm happy to announce the 200th curl release and we called it curl 7.77.0.
> This release comes with no less than *three* fixed security vulnerabilites and
> you will see those announcement in separate emails following this email.
>
> Download curl as always from https://curl.se/
>
> curl and libcurl 7.77.0
>
> Public curl releases: 200
> Command line options: 242
> curl_easy_setopt() options: 290
> Public functions in libcurl: 85
> Contributors: 2408
>
> This release includes the following changes:
>
> o configure: make the TLS library choice(s) explicit [3]
> o curl: ignore options asking for SSLv2 or SSLv3 [10]
> o hsts: enable by default [8]
> o SSL: support in-memory CA certs for some backends [85]
> o vtls: refuse setting any SSL version [9]
>
> This release includes the following bugfixes:
>
> o CVE-2021-22297: schannel cipher selection surprise [132]
> o CVE-2021-22298: TELNET stack contents disclosure [131]
> o CVE-2021-22901: TLS session caching disaster [130]
> o AmigaOS: add functions definitions for SHA256 [126]
> o build: fix compilation for Windows UWP platform [82]
> o c-hyper: don't write to set.writeheader if null [67]
> o c-hyper: fix handling of zero-byte chunk from hyper [39]
> o c-hyper: handle body on HYPER_TASK_EMPTY [104]
> o checksrc: complain on == NULL or != 0 checks in conditions [20]
> o CI/cirrus: add shared and static Windows release builds [102]
> o cmake: add CURL_ENABLE_EXPORT_TARGET option [133]
> o cmake: check for getppid and utimes [87]
> o cmake: detect CURL_SA_FAMILY_T [124]
> o cmake: fix two invokes result in different curl_config.h [123]
> o cmake: make libcurl output filename configurable [41]
> o cmake: Use multithreaded compilation on VS 2008+ [122]
> o config: remove now-unused macros [107]
> o configure: if asked for, fail if ldap is not found [109]
> o configure: provide --with-openssl, deprecate --with-ssl [15]
> o conn: add 'attach' to protocol handler, make libssh2 use it [119]
> o connect: use CURL_SA_FAMILY_T for portability [34]
> o ConnectionExists: respect requests for h1 connections better
> o cookie: CURLOPT_COOKIEFILE set to NULL switches off cookies [1]
> o curl-wolfssl.m4: without custom include path, assume /usr/include [116]
> o curl: include libmetalink version in --version output [111]
> o Curl_http_header: check for colon when matching Persistent-Auth [51]
> o Curl_http_input_auth: require valid separator after negotiation type [52]
> o Curl_input_digest: require space after Digest [50]
> o curl_mprintf.3: add description [73]
> o curl_setup: provide the shutdown flags wider [33]
> o curl_url_set.3: add memory management information [38]
> o CURLcode: add CURLE_SSL_CLIENTCERT [47]
> o CURLOPT_CAPATH.3: defaults to a path, not NULL [103]
> o CURLOPT_IPRESOLVE: preventing wrong IP version from being used [125]
> o CURLOPT_POSTFIELDS.3: clarify how it gets the size of the data [40]
> o data_pending: check only SECONDARY socket for FTP(S) transfers [117]
> o docs/TheArtOfHttpScripting: fix markdown links [129]
> o docs: camelcase it like GitHub everywhere [62]
> o docs: cookies from HTTP headers need domain set [121]
> o docs: fix typo in fail-with-body doc [63]
> o docs: improve INTERNALS.md regarding getsock cb [105]
> o docs: replace dots with dashes in markdown enums [101]
> o easy: ignore sigpipe in curl_easy_send [69]
> o FILEFORMAT: mention sectransp as a feature [89]
> o GIT-INFO: suggest using autoreconf instead of buildconf [96]
> o github: add a workflow with libssh2 on macOS using cmake [81]
> o github: inhibit deprecated declarations for clang on macOS [118]
> o GnuTLS: don't allow TLS 1.3 for versions that don't support it [77]
> o gnutls: make setting only the MAX TLS allowed version work [83]
> o gskit: fix CURL_DISABLE_PROXY build [57]
> o gskit: fix undefined reference to 'conn' [58]
> o hostip.h: remove declaration of unimplemented function [108]
> o hostip: remove the debug code for LocalHost [113]
> o http2: call the handle-closed function correctly on closed stream [37]
> o http2: fix a resource leak in push_promise() [54]
> o http2: fix resource leaks in set_transfer_url() [55]
> o http2: make sure pause is done on HTTP [120]
> o http2: move the stream error field to the per-transfer storage [36]
> o http2: skip immediate parsing of payload following protocol switch [90]
> o http2: use nghttp2_session_upgrade2 instead of
> nghttp2_session_upgrade [91]
> o HTTP3.md: fix nghttp2's HTTP/3 server port [21]
> o HTTP3.md: make the ngtcp2 build use the quictls fork [98]
> o http: deal with partial CONNECT sends [97]
> o http: fix the check for 'Authorization' with Bearer [53]
> o http: limit the initial send amount to used upload buffer size [99]
> o http: reset the header buffer when sending the request [61]
> o http: use offsets inst of integer literals for header parsing [95]
> o INSTALL: add IBM i specific quirks [75]
> o krb5/name_to_level: replace checkprefix with curl_strequal [49]
> o krb5: don't use 'static' to store PBSZ size response [23]
> o krb5: remove the unused 'overhead' function [35]
> o lib/hostip6.c: make NAT64 address synthesis on macOS work [135]
> o lib1564.c: enable last wakeup test part on Windows [26]
> o lib: fix 0-length Curl_client_write calls [60]
> o lib: fix some misuse of curlx_convert_UTF8_to_tchar [64]
> o libcurl-security.3: be careful of setuid [66]
> o libcurl-security.3: don't try to filter IPv4 hosts based on the URL [71]
> o libcurl.3: mention the URL API [76]
> o libssh2: fix Value stored to 'sshp' is never read [13]
> o libssh2: ignore timeout during disconnect [45]
> o libssh: fix "empty expression statement has no effect" warnings [7]
> o libtest: remove lib530.c [88]
> o m4: add security frameworks on Mac when compiling rustls [31]
> o multi: don't close connection HTTP_1_1_REQUIRED
> o multi: fix slow write/upload performance on Windows [27]
> o multi: reduce Win32 API calls to improve performance [28]
> o ngtcp2: fix the cb_acked_stream_data_offset proto [46]
> o NSS: add ciphers to map [30]
> o NSS: make colons, commas and spaces valid separators in cipher list [106]
> o nss_set_blocking: avoid static for sock_opt [72]
> o ntlm: precaution against super huge type2 offsets [65]
> o openldap: protect SSL-specific code with proper #ifdef [12]
> o openldap: replace ldap_ prefix on private functions [84]
> o openssl: fix build error with OpenSSL < 1.0.2 [4]
> o openssl: remove unneeded cast for CertOpenSystemStore() [93]
> o os400: additional support for options metadata [24]
> o progress: fix scan-build-11 warnings [92]
> o progress: reset limit_size variables at transfer start [114]
> o progress: when possible, calculate transfer speeds with microseconds [48]
> o README.md: delete Codacy UTM parameters [5]
> o Revert "Revert 'multi: implement wait using winsock events'" [26]
> o rustls: only return CURLE_AGAIN when TLS session is fully drained [2]
> o rustls: use ALPN [56]
> o sasl: use 'unsigned short' to store mechanism [112]
> o schannel: Disable auto credentials; add an option to enable it [18]
> o schannel: Support strong crypto option [44]
> o sectransp: allow cipher name to be specified [29]
> o sectransp: fix EXC_BAD_ACCESS caused by uninitialized buffer [136]
> o sigpipe: ignore SIGPIPE when using wolfSSL as well [70]
> o sockfilt: avoid getting stuck waiting for writable socket [80]
> o sockfilt: fix invalid increment of handles index variable nfd [79]
> o sws: #ifdef S_IFSOCK use [32]
> o sws: allow HTTP requests up to 2MB in size [100]
> o test server: take care of siginterrupt() deprecation [25]
> o test2100: make it run with and require IPv6 [127]
> o tests/disable-scan.pl: also scan all m4 files [17]
> o tests/getpart: generate output URL encoded for better diffs [128]
> o tests: ignore case of chunked hex numbers in tests [86]
> o tls: add USE_HTTP2 define [59]
> o tool_getparam: handle failure of curlx_convert_tchar_to_UTF8() [78]
> o tool_getparam: replace (in-place) '%20' by '+' according to RFC1866 [14]
> o tool_operate: don't discard failed parallel transfer result [16]
> o tool_writeout: fix the HTTP_CODE json output [11]
> o travis: disable the failing libssh build [94]
> o URL-SYNTAX: update IDNA section for WHATWG spec changes [74]
> o urlapi: "normalize" numerical IPv4 host names [6]
> o vauth: factor base64 conversions out of authentication procedures [22]
> o version: add gsasl_version to curl_version_info_data [43]
> o version: add OpenLDAP version in the output [110]
> o vtls: deduplicate some DISABLE_PROXY ifdefs [19]
> o vtls: reset ssl use flag upon negotiation failure [42]
> o wolfssl: handle SSL_write() returns 0 for error [68]
> o wolfssl: remove SSLv3 support leftovers [115]
>
> This release includes the following known bugs:
>
> o see docs/KNOWN_BUGS (https://curl.se/docs/knownbugs.html)
>
> This release would not have looked like this without help, code, reports and
> advice from friends like these:
>
> 3eka on github, Alessandro Ghedini, Andrew Barnert, Ayushman Singh
> Chauhan,
> Benjamin Riefenstahl, Blake Burkhart, Brad Spencer, Calvin Buckley,
> Cameron Cawley, Dan Fandrich, Daniel Carpenter, Daniel Gustafsson,
> Daniel Stenberg, David Cook, Denis Goleshchikhin, Dmitry Karpov,
> Dmitry Kostjuchenko, ebejan on github, Emil Engler, Georeth Zhou,
> Gergely Nagy, Gilles Vollant, Harry Sintonen, Howard Chu, Ikko Ashimine,
> Illarion Taev, Jacob Hoffman-Andrews, Jakub Zakrzewski, Javier Blazquez,
> J. Bromley, Jeroen Ooms, Joel Depooter, Joel Jakobsson, Johann150 on
> github,
> Jon Rumsey, Kamil Dudka, Kevin Burke, Kevin R. Bulgrien, Koichi Shiraishi,
> Lucas Clemente Vella, Lucas Servén Marín, MAntoniak on github, Marc
> Aldorasi,
> Marcel Raad, Marc Hörsken, Martin Dorey, Martin Halle, Matias N.
> Goldberg,
> Max Dymond, Michael Kolechkin, Michael O'Farrell, Michał Antoniak,
> Michal Rus, Morten Minde Neergaard, Oliver Urbann, Orgad Shaneh,
> Patrick Monnerat, Paweł Wegner, Peng-Yu Chen, Pontus Lundkvist, Radek
> Zajic,
> Ralph Langendam, Ray Satiro, rcombs on github, Rich FitzJohn,
> Ryan Beck-Buysse, Sergey Markelov, sergio-nsk on github, Stefan Karpinski,
> Timo Lange, Timothy Gu, tmkk on github, Tobias Gabriel, Tommy Odom,
> Travis Burtrum, Tuomas Siipola, ustcqidi on github, Victor Vieux,
> Viktor Szakats, Wes Hinsley, Ymir1711 on github, Yusuke Nakamura,
> (82 contributors)
>
> References to bug reports and discussions on issues:
>
> [1] = https://curl.se/bug/?i=6889
> [2] = https://curl.se/bug/?i=6894
> [3] = https://curl.se/bug/?i=6897
> [4] = https://curl.se/bug/?i=6920
> [5] = https://curl.se/bug/?i=6919
> [6] = https://curl.se/bug/?i=6863
> [7] = https://curl.se/bug/?i=6847
> [8] = https://curl.se/bug/?i=6700
> [9] = https://curl.se/bug/?i=6773
> [10] = https://curl.se/bug/?i=6772
> [11] = https://curl.se/bug/?i=6905
> [12] = https://curl.se/bug/?i=6901
> [13] = https://curl.se/bug/?i=6900
> [14] = https://curl.se/bug/?i=6895
> [15] = https://curl.se/bug/?i=6887
> [16] = https://curl.se/bug/?i=6921
> [17] = https://curl.se/bug/?i=1165
> [18] = https://curl.se/bug/?i=2262
> [19] = https://curl.se/bug/?i=6660
> [20] = https://curl.se/bug/?i=6912
> [21] = https://curl.se/bug/?i=6964
> [22] = https://curl.se/bug/?i=6654
> [23] = https://curl.se/bug/?i=6963
> [24] = https://curl.se/bug/?i=6574
> [25] = https://curl.se/bug/?i=6529
> [26] = https://curl.se/bug/?i=6245
> [27] = https://curl.se/bug/?i=6146
> [28] = https://curl.se/bug/?i=6146
> [29] = https://curl.se/bug/?i=6464
> [30] = https://curl.se/bug/?i=6670
> [31] = https://curl.se/bug/?i=6955
> [32] = https://curl.se/mail/lib-2021-04/0074.html
> [33] = https://curl.se/mail/lib-2021-04/0073.html
> [34] = https://curl.se/mail/lib-2021-04/0071.html
> [35] = https://curl.se/bug/?i=6947
> [36] = https://curl.se/bug/?i=6910
> [37] = https://curl.se/bug/?i=6862
> [38] = https://curl.se/bug/?i=6953
> [39] = https://curl.se/bug/?i=6951
> [40] = https://curl.se/bug/?i=6943
> [41] = https://curl.se/bug/?i=6933
> [42] = https://curl.se/bug/?i=6934
> [43] = https://curl.se/bug/?i=6843
> [44] = https://curl.se/bug/?i=6734
> [45] = https://curl.se/bug/?i=6990
> [46] = https://curl.se/mail/lib-2021-05/0019.html
> [47] = https://curl.se/bug/?i=6721
> [48] = https://curl.se/bug/?i=7017
> [49] = https://curl.se/bug/?i=6993
> [50] = https://curl.se/bug/?i=6993
> [51] = https://curl.se/bug/?i=6993
> [52] = https://curl.se/bug/?i=6993
> [53] = https://curl.se/bug/?i=6988
> [54] = https://curl.se/bug/?i=6986
> [55] = https://curl.se/bug/?i=6986
> [56] = https://curl.se/bug/?i=6960
> [57] = https://curl.se/bug/?i=6981
> [58] = https://curl.se/bug/?i=6980
> [59] = https://curl.se/bug/?i=6959
> [60] = https://curl.se/bug/?i=6954
> [61] = https://curl.se/bug/?i=7018
> [62] = https://curl.se/bug/?i=6979
> [63] = https://curl.se/bug/?i=6977
> [64] = https://github.com/curl/curl/pull/6602#issuecomment-825236763
> [65] = https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33720
> [66] = https://curl.se/bug/?i=6970
> [67] = https://curl.se/bug/?i=6619
> [68] = https://curl.se/bug/?i=6967
> [69] = https://curl.se/bug/?i=6965
> [70] = https://curl.se/bug/?i=6966
> [71] = https://curl.se/bug/?i=6942
> [72] = https://curl.se/bug/?i=6945
> [73] = https://curl.se/bug/?i=7010
> [74] = https://curl.se/bug/?i=7026
> [75] = https://curl.se/bug/?i=6830
> [76] = https://curl.se/bug/?i=7009
> [77] = https://curl.se/bug/?i=7014
> [78] = https://curl.se/bug/?i=7023
> [79] = https://curl.se/bug/?i=6992
> [80] = https://curl.se/bug/?i=6992
> [81] = https://curl.se/bug/?i=7047
> [82] = https://curl.se/bug/?i=7006
> [83] = https://curl.se/bug/?i=6998
> [84] = https://curl.se/bug/?i=7004
> [85] = https://curl.se/bug/?i=6662
> [86] = https://curl.se/bug/?i=6987
> [87] = https://curl.se/bug/?i=6997
> [88] = https://curl.se/bug/?i=6999
> [89] = https://curl.se/bug/?i=7001
> [90] = https://curl.se/bug/?i=7036
> [91] = https://curl.se/bug/?i=7041
> [92] = https://curl.se/mail/lib-2021-05/0022.html
> [93] = https://curl.se/bug/?i=7025
> [94] = https://curl.se/bug/?i=7011
> [95] = https://curl.se/bug/?i=7032
> [96] = https://curl.se/bug/?i=7033
> [97] = https://curl.se/bug/?i=6950
> [98] = https://curl.se/bug/?i=7031
> [99] = https://curl.se/bug/?i=7022
> [100] = https://curl.se/bug/?i=7075
> [101] = https://curl.se/bug/?i=7093
> [102] = https://curl.se/bug/?i=6991
> [103] = https://curl.se/bug/?i=7062
> [104] = https://curl.se/bug/?i=7064
> [105] = https://curl.se/bug/?i=7092
> [106] = https://curl.se/bug/?i=7110
> [107] = https://curl.se/bug/?i=7094
> [108] = https://curl.se/bug/?i=7094
> [109] = https://curl.se/bug/?i=7053
> [110] = https://curl.se/bug/?i=7054
> [111] = https://curl.se/bug/?i=7112
> [112] = https://curl.se/bug/?i=7045
> [113] = https://curl.se/bug/?i=7044
> [114] = https://curl.se/bug/?i=7042
> [115] = https://curl.se/bug/?i=7088
> [116] = https://curl.se/bug/?i=7085
> [117] = https://curl.se/bug/?i=7068
> [118] = https://curl.se/bug/?i=7081
> [119] = https://curl.se/bug/?i=6898
> [120] = https://curl.se/bug/?i=7079
> [121] = https://curl.se/bug/?i=6723
> [122] = https://curl.se/bug/?i=7109
> [123] = https://curl.se/bug/?i=7100
> [124] = https://curl.se/bug/?i=7049
> [125] = https://curl.se/bug/?i=6853
> [126] = https://github.com/jens-maus/amissl/issues/15
> [127] = https://curl.se/bug/?i=7083
> [128] = https://curl.se/bug/?i=7083
> [129] = https://curl.se/bug/?i=7097
> [130] = https://curl.se/docs/CVE-2021-22901.html
> [131] = https://curl.se/docs/CVE-2021-22898.html
> [132] = https://curl.se/docs/CVE-2021-22897.html
> [133] = https://curl.se/bug/?i=7060
> [135] = https://curl.se/bug/?i=7121
> [136] = https://curl.se/bug/?i=7126
>
> --
>
> / daniel.haxx.se
> | Commercial curl support up to 24x7 is available!
> | Private help, bug fixes, support, ports, new features
> | https://www.wolfssl.com/contact/
-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2021-05-26
Date: Wed, 26 May 2021 14:03:14 +0000
Congratulations on this milestone, and thanks for always reacting quickly to address security concerns.
> -----Original Message-----
> From: curl-users <curl-users-bounces_at_cool.haxx.se> On Behalf Of Daniel
> Stenberg via curl-users
> Sent: Wednesday, May 26, 2021 2:43 AM
> To: curl users <curl-users_at_cool.haxx.se>; curl-announce_at_cool.haxx.se;
> libcurl hacking <curl-library_at_cool.haxx.se>
> Cc: Daniel Stenberg <daniel_at_haxx.se>
> Subject: [RELEASE] curl 7.77.0
>
> Hi friends!
>
> I'm happy to announce the 200th curl release and we called it curl 7.77.0.
> This release comes with no less than *three* fixed security vulnerabilites and
> you will see those announcement in separate emails following this email.
>
> Download curl as always from https://curl.se/
>
> curl and libcurl 7.77.0
>
> Public curl releases: 200
> Command line options: 242
> curl_easy_setopt() options: 290
> Public functions in libcurl: 85
> Contributors: 2408
>
> This release includes the following changes:
>
> o configure: make the TLS library choice(s) explicit [3]
> o curl: ignore options asking for SSLv2 or SSLv3 [10]
> o hsts: enable by default [8]
> o SSL: support in-memory CA certs for some backends [85]
> o vtls: refuse setting any SSL version [9]
>
> This release includes the following bugfixes:
>
> o CVE-2021-22297: schannel cipher selection surprise [132]
> o CVE-2021-22298: TELNET stack contents disclosure [131]
> o CVE-2021-22901: TLS session caching disaster [130]
> o AmigaOS: add functions definitions for SHA256 [126]
> o build: fix compilation for Windows UWP platform [82]
> o c-hyper: don't write to set.writeheader if null [67]
> o c-hyper: fix handling of zero-byte chunk from hyper [39]
> o c-hyper: handle body on HYPER_TASK_EMPTY [104]
> o checksrc: complain on == NULL or != 0 checks in conditions [20]
> o CI/cirrus: add shared and static Windows release builds [102]
> o cmake: add CURL_ENABLE_EXPORT_TARGET option [133]
> o cmake: check for getppid and utimes [87]
> o cmake: detect CURL_SA_FAMILY_T [124]
> o cmake: fix two invokes result in different curl_config.h [123]
> o cmake: make libcurl output filename configurable [41]
> o cmake: Use multithreaded compilation on VS 2008+ [122]
> o config: remove now-unused macros [107]
> o configure: if asked for, fail if ldap is not found [109]
> o configure: provide --with-openssl, deprecate --with-ssl [15]
> o conn: add 'attach' to protocol handler, make libssh2 use it [119]
> o connect: use CURL_SA_FAMILY_T for portability [34]
> o ConnectionExists: respect requests for h1 connections better
> o cookie: CURLOPT_COOKIEFILE set to NULL switches off cookies [1]
> o curl-wolfssl.m4: without custom include path, assume /usr/include [116]
> o curl: include libmetalink version in --version output [111]
> o Curl_http_header: check for colon when matching Persistent-Auth [51]
> o Curl_http_input_auth: require valid separator after negotiation type [52]
> o Curl_input_digest: require space after Digest [50]
> o curl_mprintf.3: add description [73]
> o curl_setup: provide the shutdown flags wider [33]
> o curl_url_set.3: add memory management information [38]
> o CURLcode: add CURLE_SSL_CLIENTCERT [47]
> o CURLOPT_CAPATH.3: defaults to a path, not NULL [103]
> o CURLOPT_IPRESOLVE: preventing wrong IP version from being used [125]
> o CURLOPT_POSTFIELDS.3: clarify how it gets the size of the data [40]
> o data_pending: check only SECONDARY socket for FTP(S) transfers [117]
> o docs/TheArtOfHttpScripting: fix markdown links [129]
> o docs: camelcase it like GitHub everywhere [62]
> o docs: cookies from HTTP headers need domain set [121]
> o docs: fix typo in fail-with-body doc [63]
> o docs: improve INTERNALS.md regarding getsock cb [105]
> o docs: replace dots with dashes in markdown enums [101]
> o easy: ignore sigpipe in curl_easy_send [69]
> o FILEFORMAT: mention sectransp as a feature [89]
> o GIT-INFO: suggest using autoreconf instead of buildconf [96]
> o github: add a workflow with libssh2 on macOS using cmake [81]
> o github: inhibit deprecated declarations for clang on macOS [118]
> o GnuTLS: don't allow TLS 1.3 for versions that don't support it [77]
> o gnutls: make setting only the MAX TLS allowed version work [83]
> o gskit: fix CURL_DISABLE_PROXY build [57]
> o gskit: fix undefined reference to 'conn' [58]
> o hostip.h: remove declaration of unimplemented function [108]
> o hostip: remove the debug code for LocalHost [113]
> o http2: call the handle-closed function correctly on closed stream [37]
> o http2: fix a resource leak in push_promise() [54]
> o http2: fix resource leaks in set_transfer_url() [55]
> o http2: make sure pause is done on HTTP [120]
> o http2: move the stream error field to the per-transfer storage [36]
> o http2: skip immediate parsing of payload following protocol switch [90]
> o http2: use nghttp2_session_upgrade2 instead of
> nghttp2_session_upgrade [91]
> o HTTP3.md: fix nghttp2's HTTP/3 server port [21]
> o HTTP3.md: make the ngtcp2 build use the quictls fork [98]
> o http: deal with partial CONNECT sends [97]
> o http: fix the check for 'Authorization' with Bearer [53]
> o http: limit the initial send amount to used upload buffer size [99]
> o http: reset the header buffer when sending the request [61]
> o http: use offsets inst of integer literals for header parsing [95]
> o INSTALL: add IBM i specific quirks [75]
> o krb5/name_to_level: replace checkprefix with curl_strequal [49]
> o krb5: don't use 'static' to store PBSZ size response [23]
> o krb5: remove the unused 'overhead' function [35]
> o lib/hostip6.c: make NAT64 address synthesis on macOS work [135]
> o lib1564.c: enable last wakeup test part on Windows [26]
> o lib: fix 0-length Curl_client_write calls [60]
> o lib: fix some misuse of curlx_convert_UTF8_to_tchar [64]
> o libcurl-security.3: be careful of setuid [66]
> o libcurl-security.3: don't try to filter IPv4 hosts based on the URL [71]
> o libcurl.3: mention the URL API [76]
> o libssh2: fix Value stored to 'sshp' is never read [13]
> o libssh2: ignore timeout during disconnect [45]
> o libssh: fix "empty expression statement has no effect" warnings [7]
> o libtest: remove lib530.c [88]
> o m4: add security frameworks on Mac when compiling rustls [31]
> o multi: don't close connection HTTP_1_1_REQUIRED
> o multi: fix slow write/upload performance on Windows [27]
> o multi: reduce Win32 API calls to improve performance [28]
> o ngtcp2: fix the cb_acked_stream_data_offset proto [46]
> o NSS: add ciphers to map [30]
> o NSS: make colons, commas and spaces valid separators in cipher list [106]
> o nss_set_blocking: avoid static for sock_opt [72]
> o ntlm: precaution against super huge type2 offsets [65]
> o openldap: protect SSL-specific code with proper #ifdef [12]
> o openldap: replace ldap_ prefix on private functions [84]
> o openssl: fix build error with OpenSSL < 1.0.2 [4]
> o openssl: remove unneeded cast for CertOpenSystemStore() [93]
> o os400: additional support for options metadata [24]
> o progress: fix scan-build-11 warnings [92]
> o progress: reset limit_size variables at transfer start [114]
> o progress: when possible, calculate transfer speeds with microseconds [48]
> o README.md: delete Codacy UTM parameters [5]
> o Revert "Revert 'multi: implement wait using winsock events'" [26]
> o rustls: only return CURLE_AGAIN when TLS session is fully drained [2]
> o rustls: use ALPN [56]
> o sasl: use 'unsigned short' to store mechanism [112]
> o schannel: Disable auto credentials; add an option to enable it [18]
> o schannel: Support strong crypto option [44]
> o sectransp: allow cipher name to be specified [29]
> o sectransp: fix EXC_BAD_ACCESS caused by uninitialized buffer [136]
> o sigpipe: ignore SIGPIPE when using wolfSSL as well [70]
> o sockfilt: avoid getting stuck waiting for writable socket [80]
> o sockfilt: fix invalid increment of handles index variable nfd [79]
> o sws: #ifdef S_IFSOCK use [32]
> o sws: allow HTTP requests up to 2MB in size [100]
> o test server: take care of siginterrupt() deprecation [25]
> o test2100: make it run with and require IPv6 [127]
> o tests/disable-scan.pl: also scan all m4 files [17]
> o tests/getpart: generate output URL encoded for better diffs [128]
> o tests: ignore case of chunked hex numbers in tests [86]
> o tls: add USE_HTTP2 define [59]
> o tool_getparam: handle failure of curlx_convert_tchar_to_UTF8() [78]
> o tool_getparam: replace (in-place) '%20' by '+' according to RFC1866 [14]
> o tool_operate: don't discard failed parallel transfer result [16]
> o tool_writeout: fix the HTTP_CODE json output [11]
> o travis: disable the failing libssh build [94]
> o URL-SYNTAX: update IDNA section for WHATWG spec changes [74]
> o urlapi: "normalize" numerical IPv4 host names [6]
> o vauth: factor base64 conversions out of authentication procedures [22]
> o version: add gsasl_version to curl_version_info_data [43]
> o version: add OpenLDAP version in the output [110]
> o vtls: deduplicate some DISABLE_PROXY ifdefs [19]
> o vtls: reset ssl use flag upon negotiation failure [42]
> o wolfssl: handle SSL_write() returns 0 for error [68]
> o wolfssl: remove SSLv3 support leftovers [115]
>
> This release includes the following known bugs:
>
> o see docs/KNOWN_BUGS (https://curl.se/docs/knownbugs.html)
>
> This release would not have looked like this without help, code, reports and
> advice from friends like these:
>
> 3eka on github, Alessandro Ghedini, Andrew Barnert, Ayushman Singh
> Chauhan,
> Benjamin Riefenstahl, Blake Burkhart, Brad Spencer, Calvin Buckley,
> Cameron Cawley, Dan Fandrich, Daniel Carpenter, Daniel Gustafsson,
> Daniel Stenberg, David Cook, Denis Goleshchikhin, Dmitry Karpov,
> Dmitry Kostjuchenko, ebejan on github, Emil Engler, Georeth Zhou,
> Gergely Nagy, Gilles Vollant, Harry Sintonen, Howard Chu, Ikko Ashimine,
> Illarion Taev, Jacob Hoffman-Andrews, Jakub Zakrzewski, Javier Blazquez,
> J. Bromley, Jeroen Ooms, Joel Depooter, Joel Jakobsson, Johann150 on
> github,
> Jon Rumsey, Kamil Dudka, Kevin Burke, Kevin R. Bulgrien, Koichi Shiraishi,
> Lucas Clemente Vella, Lucas Servén Marín, MAntoniak on github, Marc
> Aldorasi,
> Marcel Raad, Marc Hörsken, Martin Dorey, Martin Halle, Matias N.
> Goldberg,
> Max Dymond, Michael Kolechkin, Michael O'Farrell, Michał Antoniak,
> Michal Rus, Morten Minde Neergaard, Oliver Urbann, Orgad Shaneh,
> Patrick Monnerat, Paweł Wegner, Peng-Yu Chen, Pontus Lundkvist, Radek
> Zajic,
> Ralph Langendam, Ray Satiro, rcombs on github, Rich FitzJohn,
> Ryan Beck-Buysse, Sergey Markelov, sergio-nsk on github, Stefan Karpinski,
> Timo Lange, Timothy Gu, tmkk on github, Tobias Gabriel, Tommy Odom,
> Travis Burtrum, Tuomas Siipola, ustcqidi on github, Victor Vieux,
> Viktor Szakats, Wes Hinsley, Ymir1711 on github, Yusuke Nakamura,
> (82 contributors)
>
> References to bug reports and discussions on issues:
>
> [1] = https://curl.se/bug/?i=6889
> [2] = https://curl.se/bug/?i=6894
> [3] = https://curl.se/bug/?i=6897
> [4] = https://curl.se/bug/?i=6920
> [5] = https://curl.se/bug/?i=6919
> [6] = https://curl.se/bug/?i=6863
> [7] = https://curl.se/bug/?i=6847
> [8] = https://curl.se/bug/?i=6700
> [9] = https://curl.se/bug/?i=6773
> [10] = https://curl.se/bug/?i=6772
> [11] = https://curl.se/bug/?i=6905
> [12] = https://curl.se/bug/?i=6901
> [13] = https://curl.se/bug/?i=6900
> [14] = https://curl.se/bug/?i=6895
> [15] = https://curl.se/bug/?i=6887
> [16] = https://curl.se/bug/?i=6921
> [17] = https://curl.se/bug/?i=1165
> [18] = https://curl.se/bug/?i=2262
> [19] = https://curl.se/bug/?i=6660
> [20] = https://curl.se/bug/?i=6912
> [21] = https://curl.se/bug/?i=6964
> [22] = https://curl.se/bug/?i=6654
> [23] = https://curl.se/bug/?i=6963
> [24] = https://curl.se/bug/?i=6574
> [25] = https://curl.se/bug/?i=6529
> [26] = https://curl.se/bug/?i=6245
> [27] = https://curl.se/bug/?i=6146
> [28] = https://curl.se/bug/?i=6146
> [29] = https://curl.se/bug/?i=6464
> [30] = https://curl.se/bug/?i=6670
> [31] = https://curl.se/bug/?i=6955
> [32] = https://curl.se/mail/lib-2021-04/0074.html
> [33] = https://curl.se/mail/lib-2021-04/0073.html
> [34] = https://curl.se/mail/lib-2021-04/0071.html
> [35] = https://curl.se/bug/?i=6947
> [36] = https://curl.se/bug/?i=6910
> [37] = https://curl.se/bug/?i=6862
> [38] = https://curl.se/bug/?i=6953
> [39] = https://curl.se/bug/?i=6951
> [40] = https://curl.se/bug/?i=6943
> [41] = https://curl.se/bug/?i=6933
> [42] = https://curl.se/bug/?i=6934
> [43] = https://curl.se/bug/?i=6843
> [44] = https://curl.se/bug/?i=6734
> [45] = https://curl.se/bug/?i=6990
> [46] = https://curl.se/mail/lib-2021-05/0019.html
> [47] = https://curl.se/bug/?i=6721
> [48] = https://curl.se/bug/?i=7017
> [49] = https://curl.se/bug/?i=6993
> [50] = https://curl.se/bug/?i=6993
> [51] = https://curl.se/bug/?i=6993
> [52] = https://curl.se/bug/?i=6993
> [53] = https://curl.se/bug/?i=6988
> [54] = https://curl.se/bug/?i=6986
> [55] = https://curl.se/bug/?i=6986
> [56] = https://curl.se/bug/?i=6960
> [57] = https://curl.se/bug/?i=6981
> [58] = https://curl.se/bug/?i=6980
> [59] = https://curl.se/bug/?i=6959
> [60] = https://curl.se/bug/?i=6954
> [61] = https://curl.se/bug/?i=7018
> [62] = https://curl.se/bug/?i=6979
> [63] = https://curl.se/bug/?i=6977
> [64] = https://github.com/curl/curl/pull/6602#issuecomment-825236763
> [65] = https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33720
> [66] = https://curl.se/bug/?i=6970
> [67] = https://curl.se/bug/?i=6619
> [68] = https://curl.se/bug/?i=6967
> [69] = https://curl.se/bug/?i=6965
> [70] = https://curl.se/bug/?i=6966
> [71] = https://curl.se/bug/?i=6942
> [72] = https://curl.se/bug/?i=6945
> [73] = https://curl.se/bug/?i=7010
> [74] = https://curl.se/bug/?i=7026
> [75] = https://curl.se/bug/?i=6830
> [76] = https://curl.se/bug/?i=7009
> [77] = https://curl.se/bug/?i=7014
> [78] = https://curl.se/bug/?i=7023
> [79] = https://curl.se/bug/?i=6992
> [80] = https://curl.se/bug/?i=6992
> [81] = https://curl.se/bug/?i=7047
> [82] = https://curl.se/bug/?i=7006
> [83] = https://curl.se/bug/?i=6998
> [84] = https://curl.se/bug/?i=7004
> [85] = https://curl.se/bug/?i=6662
> [86] = https://curl.se/bug/?i=6987
> [87] = https://curl.se/bug/?i=6997
> [88] = https://curl.se/bug/?i=6999
> [89] = https://curl.se/bug/?i=7001
> [90] = https://curl.se/bug/?i=7036
> [91] = https://curl.se/bug/?i=7041
> [92] = https://curl.se/mail/lib-2021-05/0022.html
> [93] = https://curl.se/bug/?i=7025
> [94] = https://curl.se/bug/?i=7011
> [95] = https://curl.se/bug/?i=7032
> [96] = https://curl.se/bug/?i=7033
> [97] = https://curl.se/bug/?i=6950
> [98] = https://curl.se/bug/?i=7031
> [99] = https://curl.se/bug/?i=7022
> [100] = https://curl.se/bug/?i=7075
> [101] = https://curl.se/bug/?i=7093
> [102] = https://curl.se/bug/?i=6991
> [103] = https://curl.se/bug/?i=7062
> [104] = https://curl.se/bug/?i=7064
> [105] = https://curl.se/bug/?i=7092
> [106] = https://curl.se/bug/?i=7110
> [107] = https://curl.se/bug/?i=7094
> [108] = https://curl.se/bug/?i=7094
> [109] = https://curl.se/bug/?i=7053
> [110] = https://curl.se/bug/?i=7054
> [111] = https://curl.se/bug/?i=7112
> [112] = https://curl.se/bug/?i=7045
> [113] = https://curl.se/bug/?i=7044
> [114] = https://curl.se/bug/?i=7042
> [115] = https://curl.se/bug/?i=7088
> [116] = https://curl.se/bug/?i=7085
> [117] = https://curl.se/bug/?i=7068
> [118] = https://curl.se/bug/?i=7081
> [119] = https://curl.se/bug/?i=6898
> [120] = https://curl.se/bug/?i=7079
> [121] = https://curl.se/bug/?i=6723
> [122] = https://curl.se/bug/?i=7109
> [123] = https://curl.se/bug/?i=7100
> [124] = https://curl.se/bug/?i=7049
> [125] = https://curl.se/bug/?i=6853
> [126] = https://github.com/jens-maus/amissl/issues/15
> [127] = https://curl.se/bug/?i=7083
> [128] = https://curl.se/bug/?i=7083
> [129] = https://curl.se/bug/?i=7097
> [130] = https://curl.se/docs/CVE-2021-22901.html
> [131] = https://curl.se/docs/CVE-2021-22898.html
> [132] = https://curl.se/docs/CVE-2021-22897.html
> [133] = https://curl.se/bug/?i=7060
> [135] = https://curl.se/bug/?i=7121
> [136] = https://curl.se/bug/?i=7126
>
> --
>
> / daniel.haxx.se
> | Commercial curl support up to 24x7 is available!
> | Private help, bug fixes, support, ports, new features
> | https://www.wolfssl.com/contact/
-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2021-05-26