curl / Mailing Lists / curl-users / Single Mail

Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

[RELEASE] curl 7.83.1

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: Daniel Stenberg via curl-users <curl-users_at_lists.haxx.se>
Date: Wed, 11 May 2022 08:34:29 +0200 (CEST)

Hi friends.

I am happy to once again present a new curl release. This time in association
with six new security advisories that will be announced the next following
minutes.

As always, get curl from https://curl.se

curl and libcurl 7.83.1

  Public curl releases: 208
  Command line options: 247
  curl_easy_setopt() options: 295
  Public functions in libcurl: 88
  Contributors: 2632

This release includes the following bugfixes:

  o altsvc: fix host name matching for trailing dots [31]
  o cirrus: Update to FreeBSD 12.3 [24]
  o cirrus: Use pip for Python packages on FreeBSD [23]
  o conn: fix typo 'connnection' -> 'connection' in two function names [1]
  o cookies: make bad_domain() not consider a trailing dot fine [26]
  o curl: free resource in error path [3]
  o curl: guard against size_t wraparound in no-clobber code [4]
  o CURLOPT_DOH_URL.3: mention the known bug [19]
  o CURLOPT_HSTS*FUNCTION.3: document the involved structs as well [20]
  o CURLOPT_SSH_AUTH_TYPES.3: fix the default [18]
  o data/test376: set a proper name
  o GHA/mbedtls: enabled nghttp2 in the build [11]
  o gha: build msh3 [5]
  o gskit: fixed bogus setsockopt calls [17]
  o gskit: remove unused function set_callback [2]
  o hsts: ignore trailing dots when comparing hosts names [28]
  o HTTP-COOKIES: add missing CURLOPT_COOKIESESSION [40]
  o http: move Curl_allow_auth_to_host() [9]
  o http_proxy/hyper: handle closed connections [34]
  o hyper: fix test 357 [32]
  o Makefile: fix "make ca-firefox" [37]
  o mbedtls: bail out if rng init fails [14]
  o mbedtls: fix compile when h2-enabled [12]
  o mbedtls: fix some error messages
  o misc: use "autoreconf -fi" instead buildconf [22]
  o msh3: get msh3 version from MsH3Version [6]
  o msh3: print boolean value as text representation [10]
  o msh3: psss remote_port to MsH3ConnectionOpen [7]
  o ngtcp2: add ca-fallback support for OpenSSL backend [35]
  o nss: return error if seemingly stuck in a cert loop [30]
  o openssl: define HAVE_SSL_CTX_SET_EC_CURVES for libressl [8]
  o post_per_transfer: remove the updated file name [27]
  o sectransp: bail out if SSLSetPeerDomainName fails [33]
  o tests/server: declare variable 'reqlogfile' static [39]
  o tests: fix markdown formatting in README [38]
  o test{898,974,976}: add 'HTTP proxy' keywords [16]
  o tls: check more TLS details for connection reuse [25]
  o url: check SSH config match on connection reuse [21]
  o urlapi: address (harmless) UndefinedBehavior sanitizer warning [15]
  o urlapi: reject percent-decoding host name into separator bytes [29]
  o x509asn1: make do_pubkey handle EC public keys [13]

This release includes the following known bugs:

  o see docs/KNOWN_BUGS (https://curl.se/docs/knownbugs.html)

This release would not have looked like this without help, code, reports and
advice from friends like these:

   Adam Rosenfield, Axel Chong, Christian Weisgerber, Daniel Gustafsson,
   Daniel Stenberg, Fabian Keil, Florian Kohnh�user, Garrett Squire,
   Harry Sintonen, LigH-de on github, Michael Olbrich, Nick Banks,
   Patrick Monnerat, Philip H, Prithvi MK, Ray Satiro, Ryan Schmidt,
   Sergey Markelov, Tatsuhiro Tsujikawa, Yusuke Nakamura
   (20 contributors)

References to bug reports and discussions on issues:

  [1] = https://curl.se/bug/?i=8759
  [2] = https://curl.se/bug/?i=8782
  [3] = https://curl.se/bug/?i=8770
  [4] = https://curl.se/bug/?i=8771
  [5] = https://curl.se/bug/?i=8779
  [6] = https://curl.se/bug/?i=8762
  [7] = https://curl.se/bug/?i=8762
  [8] = https://curl.se/mail/lib-2022-04/0059.html
  [9] = https://curl.se/bug/?i=8772
  [10] = https://curl.se/bug/?i=8763
  [11] = https://curl.se/bug/?i=8767
  [12] = https://curl.se/bug/?i=8766
  [13] = https://curl.se/bug/?i=8757
  [14] = https://curl.se/bug/?i=8796
  [15] = https://curl.se/bug/?i=8797
  [16] = https://curl.se/bug/?i=8791
  [17] = https://curl.se/bug/?i=8793
  [18] = https://curl.se/bug/?i=8792
  [19] = https://curl.se/bug/?i=8790
  [20] = https://curl.se/bug/?i=8788
  [21] = https://curl.se/docs/CVE-2022-27782.html
  [22] = https://curl.se/bug/?i=8777
  [23] = https://curl.se/bug/?i=8783
  [24] = https://curl.se/bug/?i=8783
  [25] = https://curl.se/docs/CVE-2022-27782.html
  [26] = https://curl.se/docs/CVE-2022-27779.html
  [27] = https://curl.se/docs/CVE-2022-27778.html
  [28] = https://curl.se/docs/CVE-2022-30115.html
  [29] = https://curl.se/docs/CVE-2022-27780.html
  [30] = https://curl.se/docs/CVE-2022-27781.html
  [31] = https://curl.se/bug/?i=8819
  [32] = https://curl.se/bug/?i=8811
  [33] = https://curl.se/bug/?i=8798
  [34] = https://curl.se/bug/?i=8700
  [35] = https://curl.se/bug/?i=8828
  [37] = https://curl.se/bug/?i=8804
  [38] = https://curl.se/bug/?i=8802
  [39] = https://curl.se/bug/?i=8799
  [40] = https://curl.se/bug/?i=8795

-- 
  / daniel.haxx.se
  | Commercial curl support up to 24x7 is available!
  | Private help, bug fixes, support, ports, new features
  | https://curl.se/support.html

-- 
Unsubscribe: https://lists.haxx.se/listinfo/curl-users
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Received on 2022-05-11

This message: [ Message body ]
Next message: Daniel Stenberg via curl-users: "[SECURITY ADVISORY] curl: removes wrong file on error"
Previous message: Maksym Tkachov via curl-users: "Negotiate WinSSPI"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]