curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

RELEASE: curl 7.83.0

From: Daniel Stenberg via curl-library <curl-library_at_lists.haxx.se>
Date: Wed, 27 Apr 2022 08:38:21 +0200 (CEST)

Friends!

I am happy and proud to yet again let you know what we have produced a curl
release and uploaded it to the world. This time, pay extra attention to the
four associated security advisories that we also publish today.

Get curl as always from https://curl.se/

curl and libcurl 7.83.0

  Public curl releases: 207
  Command line options: 247
  curl_easy_setopt() options: 295
  Public functions in libcurl: 88
  Contributors: 2625

This release includes the following changes:

  o curl: add %header{name} experimental support in -w handling
  o curl: add %{header_json} experimental support in -w handling
  o curl: add --no-clobber [28]
  o curl: add --remove-on-error [11]
  o header api: add curl_easy_header and curl_easy_nextheader [56]
  o msh3: add support for QUIC and HTTP/3 using msh3 [84]

This release includes the following bugfixes:

  o appveyor: add Cygwin build [77]
  o appveyor: only add MSYS2 to PATH where required [78]
  o BearSSL: add CURLOPT_SSL_CIPHER_LIST support [27]
  o BearSSL: add CURLOPT_SSL_CTX_FUNCTION support [26]
  o BINDINGS.md: add Hollywood binding [34]
  o CI: Do not use buildconf. Instead, just use: autoreconf -fi [42]
  o CI: install Python package impacket to run SMB test 1451 [5]
  o configure.ac: move -pthread CFLAGS setting back where it used to be [14]
  o configure: bump the copyright year range int the generated output
  o conncache: include the zone id in the "bundle" hashkey [112]
  o connecache: remove duplicate connc->closure_handle check [90]
  o connect: make Curl_getconnectinfo work with conn cache from share handle [22]
  o connect: use TCP_KEEPALIVE only if TCP_KEEPIDLE is not defined [6]
  o cookie.d: clarify when cookies are sent
  o cookies: improve errorhandling for reading cookiefile [123]
  o curl/system.h: update ifdef condition for MCST-LCC compiler [4]
  o curl: error out if -T and -d are used for the same URL [99]
  o curl: error out when options need features not present in libcurl [18]
  o curl: escape '?' in generated --libcurl code [117]
  o curl: fix segmentation fault for empty output file names. [60]
  o curl_easy_header: fix typos in documentation [74]
  o CURLINFO_PRIMARY_PORT.3: clarify which port this is [126]
  o CURLOPT*TLSAUTH.3: they only work with OpenSSL or GnuTLS [105]
  o CURLOPT_DISALLOW_USERNAME_IN_URL.3: use uppercase URL
  o CURLOPT_PREQUOTE.3: only works for FTP file transfers, not dirs [79]
  o CURLOPT_PROGRESSFUNCTION.3: fix typo in example [63]
  o CURLOPT_UNRESTRICTED_AUTH.3: extended explanation [127]
  o CURLSHOPT_UNLOCKFUNC.3: fix the callback prototype [9]
  o docs/HYPER.md: updated to reflect current hyper build needs
  o docs/opts: Mention Schannel client cert type is P12 [50]
  o docs: Fix missing semicolon in example code [102]
  o docs: lots of minor language polish [51]
  o English: use American spelling consistently [95]
  o fail.d: tweak the description [101]
  o firefox-db2pem.sh: make the shell script safer [47]
  o ftp: fix error message for partial file upload [61]
  o gen.pl: change wording for mutexed options [98]
  o GHA: add openssl3 jobs moved over from zuul [88]
  o GHA: build hyper with nightly rustc [7]
  o GHA: move bearssl jobs over from zuul [85]
  o gha: move the event-based test over from Zuul [59]
  o gtls: fix build for disabled TLS-SRP [48]
  o http2: handle DONE called for the paused stream [69]
  o http2: RST the stream if we stop it on our own will [67]
  o http: avoid auth/cookie on redirects same host diff port [110]
  o http: close the stream (not connection) on time condition abort [68]
  o http: reject header contents with nul bytes [41]
  o http: return error on colon-less HTTP headers [31]
  o http: streamclose "already downloaded" [57]
  o hyper: fix status_line() return code [13]
  o hyper: fix tests 580 and 581 for hyper [107]
  o hyper: no h2c support [33]
  o infof: consistent capitalization of warning messages [103]
  o ipv4/6.d: clarify that they are about using IP addresses [3]
  o json.d: fix typo (overriden -> overridden) [24]
  o keepalive-time.d: It takes many probes to detect brokenness [29]
  o lib/warnless.[ch]: only check for WIN32 and ignore _WIN32 [45]
  o lib670: avoid double check result [71]
  o lib: #ifdef on USE_HTTP2 better [65]
  o lib: fix some misuse of curlx_convert_wchar_to_UTF8 [38]
  o lib: remove exclamation marks [100]
  o libssh2: compare sha256 strings case sensitively [114]
  o libssh2: make the md5 comparison fail if wrong length [111]
  o libssh: fix build with old libssh versions [12]
  o libssh: fix double close [124]
  o libssh: Improve fix for missing SSH_S_ stat macros [10]
  o libssh: unstick SFTP transfers when done event-based [58]
  o macos: set .plist version in autoconf [122]
  o mbedtls: remove 'protocols' array from backend when ALPN is not used [66]
  o mbedtls: remove server_fd from backend [91]
  o mk-ca-bundle.pl: Use stricter logic to process the certificates [39]
  o mk-ca-bundle.vbs: delete this script in favor of mk-ca-bundle.pl [8]
  o mlc_config.json: add file to ignore known troublesome URLs [35]
  o mqtt: better handling of TCP disconnect mid-message [55]
  o ngtcp2: add client certificate authentication for OpenSSL [15]
  o ngtcp2: avoid busy loop in low CWND situation [119]
  o ngtcp2: deal with sub-millisecond timeout [116]
  o ngtcp2: disconnect the QUIC connection proper [19]
  o ngtcp2: enlarge H3_SEND_SIZE [82]
  o ngtcp2: fix HTTP/3 upload stall and avoid busy loop [83]
  o ngtcp2: fix memory leak [80]
  o ngtcp2: fix QUIC_IDLE_TIMEOUT [94]
  o ngtcp2: make curl 1ms faster [93]
  o ngtcp2: remove remote_addr which is not used in a meaningful way [81]
  o ngtcp2: update to work after recent ngtcp2 updates [62]
  o ngtcp2: use token when detecting :status header field [92]
  o nonblock: restore setsockopt method to curlx_nonblock [20]
  o openssl: check SSL_get_peer_cert_chain return value [1]
  o openssl: enable CURLOPT_SSL_EC_CURVES with BoringSSL [23]
  o openssl: fix CN check error code [21]
  o options: remove mistaken space before paren in prototype
  o perl: removed a double semicolon at end of line [64]
  o pop3/smtp: return *WEIRD_SERVER_REPLY when not understood [43]
  o projects/README: converted to markdown [76]
  o projects: Update VC version names for VS2017, VS2022 [52]
  o rtsp: don't let CSeq error override earlier errors [37]
  o runtests: add 'bearssl' as testable feature [87]
  o runtests: make 'oldlibssh' be before 0.9.4 [2]
  o schannel: remove dead code that will never run [89]
  o scripts/copyright.pl: ignore the new mlc_config.json file
  o scripts: move three scripts from lib/ to scripts/ [44]
  o test1135: sync with recent API updates [54]
  o test1459: disable for oldlibssh [53]
  o test375: fix line endings on Windows [40]
  o test386: Fix an incorrect test markup tag
  o test718: edited slightly to return better HTTP [32]
  o tests/server/util.h: align WIN32 condition with util.c [46]
  o tests: refactor server/socksd.c to support --unix-socket [96]
  o timediff.[ch]: add curlx helper functions for timeval conversions [86]
  o tls: make mbedtls and NSS check for h2, not nghttp2 [70]
  o tool and tests: force flush of all buffers at end of program [17]
  o tool_cb_hdr: Turn the Location: into a terminal hyperlink [30]
  o tool_getparam: error out on missing -K file [115]
  o tool_listhelp.c: uppercase URL
  o tool_operate: fix a scan-build warning [16]
  o tool_paramhlp: use feof(3) to identify EOF correctly when using fread(3) [97]
  o transfer: redirects to other protocols or ports clear auth [109]
  o unit1620: call global_init before calling Curl_open [125]
  o url: check sasl additional parameters for connection reuse. [113]
  o vtls: provide a unified APLN-disagree string for all backends [75]
  o vtls: use a backend standard message for "ALPN: offers %s" [73]
  o vtls: use a generic "ALPN, server accepted" message [72]
  o winbuild/README.md: fixup dead link [36]
  o winbuild: Add a Visual Studio example to the README [49]
  o wolfssl: fix compiler error without IPv6 [25]

This release includes the following known bugs:

  o see docs/KNOWN_BUGS (https://curl.se/docs/knownbugs.html)

This release would not have looked like this without help, code, reports and
advice from friends like these:

   Alejandro R. Sedeño, Andreas Falkenhahn, Andrey Alifanov,
   anon00000000 on github, Balakrishnan Balasubramanian, Boris Verkhovskiy,
   Brad Spencer, Christian Schmitz, Christopher Degawa, Colin Leroy,
   Dan Fandrich, Daniel Gustafsson, Daniel Stenberg, Daniel Valenzuela,
   Don J Olmstead, Emanuele Torre, Evangelos Foutras, Francisco Olarte,
   Frank Meier, Gisle Vanem, Harry Sintonen, Ian Blanes, Jan Venekamp,
   Jay Dommaschk, Jean-Philippe Menil, Jenny Heino, Joseph Chen,
   jurisuk on github, Kristoffer Gleditsch, Kushal Das, Leandro Coutinho,
   Liam Warfield, Marcel Raad, Marc Hörsken, Matteo Baccan,
   Median Median Stride, mehatzri on github, Michael Kaufmann, Michał Antoniak,
   Nick Banks, Nick Coghlan, Nick Zitzmann, Patrick Monnerat, Paul Howarth,
   Paweł Kowalski, Peter Korsgaard, pheiduck on github, r-a-sattarov on github,
   Ray Satiro, Rianov Viacheslav, Robert Brose, Robert Charles Muir,
   Robin A. Meade, Samuel Henrique, Sascha Zengler, Taras Kushnir,
   Tatsuhiro Tsujikawa, Timothe Litt, Viktor Szakats, HexTheDragon
   (60 contributors)

References to bug reports and discussions on issues:

  [1] = https://curl.se/bug/?i=8579
  [2] = https://curl.se/bug/?i=8548
  [3] = https://curl.se/bug/?i=8543
  [4] = https://curl.se/bug/?i=8546
  [5] = https://curl.se/bug/?i=8544
  [6] = https://curl.se/bug/?i=8539
  [7] = https://curl.se/bug/?i=8545
  [8] = https://curl.se/bug/?i=8412
  [9] = https://curl.se/bug/?i=8573
  [10] = https://curl.se/bug/?i=8588
  [11] = https://curl.se/bug/?i=8503
  [12] = https://curl.se/bug/?i=8574
  [13] = https://curl.se/bug/?i=8572
  [14] = https://curl.se/bug/?i=8541
  [15] = https://curl.se/bug/?i=8522
  [16] = https://curl.se/bug/?i=8565
  [17] = https://curl.se/bug/?i=8516
  [18] = https://curl.se/bug/?i=8565
  [19] = https://curl.se/bug/?i=8534
  [20] = https://curl.se/bug/?i=8562
  [21] = https://curl.se/bug/?i=8559
  [22] = https://curl.se/bug/?i=8524
  [23] = https://curl.se/bug/?i=8553
  [24] = https://curl.se/bug/?i=8557
  [25] = https://curl.se/bug/?i=8550
  [26] = https://curl.se/bug/?i=8478
  [27] = https://curl.se/bug/?i=8477
  [28] = https://curl.se/bug/?i=7708
  [29] = https://curl.se/bug/?i=8570
  [30] = https://curl.se/bug/?i=7963
  [31] = https://curl.se/bug/?i=8610
  [32] = https://github.com/hyperium/hyper/issues/2783
  [33] = https://curl.se/bug/?i=8605
  [34] = https://curl.se/bug/?i=8609
  [35] = https://curl.se/bug/?i=8597
  [36] = https://curl.se/bug/?i=8597
  [37] = https://curl.se/bug/?i=8525
  [38] = https://curl.se/bug/?i=8521
  [39] = https://curl.se/bug/?i=8411
  [40] = https://curl.se/bug/?i=8599
  [41] = https://curl.se/bug/?i=8601
  [42] = https://curl.se/bug/?i=8596
  [43] = https://curl.se/bug/?i=8506
  [44] = https://curl.se/bug/?i=8625
  [45] = https://curl.se/bug/?i=8594
  [46] = https://curl.se/bug/?i=8594
  [47] = https://curl.se/bug/?i=8616
  [48] = https://curl.se/mail/lib-2022-03/0046.html
  [49] = https://curl.se/bug/?i=8592
  [50] = https://curl.se/bug/?i=8587
  [51] = https://curl.se/bug/?i=8646
  [52] = https://curl.se/bug/?i=8447
  [53] = https://curl.se/bug/?i=8622
  [54] = https://curl.se/bug/?i=8620
  [55] = https://hackerone.com/reports/1521610
  [56] = https://curl.se/bug/?i=8593
  [57] = https://curl.se/bug/?i=8665
  [58] = https://curl.se/bug/?i=8490
  [59] = https://curl.se/bug/?i=8490
  [60] = https://curl.se/bug/?i=8606
  [61] = https://curl.se/bug/?i=8637
  [62] = https://curl.se/bug/?i=8638
  [63] = https://curl.se/bug/?i=8636
  [64] = https://curl.se/bug/?i=8709
  [65] = https://curl.se/bug/?i=8661
  [66] = https://curl.se/bug/?i=8663
  [67] = https://curl.se/bug/?i=8664
  [68] = https://curl.se/bug/?i=8664
  [69] = https://curl.se/bug/?i=8626
  [70] = https://curl.se/bug/?i=8656
  [71] = https://curl.se/bug/?i=8660
  [72] = https://curl.se/bug/?i=8657
  [73] = https://curl.se/bug/?i=8657
  [74] = https://curl.se/bug/?i=8694
  [75] = https://curl.se/bug/?i=8643
  [76] = https://curl.se/bug/?i=8652
  [77] = https://curl.se/bug/?i=8693
  [78] = https://curl.se/bug/?i=8693
  [79] = https://curl.se/bug/?i=8602
  [80] = https://curl.se/bug/?i=8691
  [81] = https://curl.se/bug/?i=8689
  [82] = https://curl.se/bug/?i=8690
  [83] = https://curl.se/bug/?i=8688
  [84] = https://curl.se/bug/?i=8517
  [85] = https://curl.se/bug/?i=8684
  [86] = https://curl.se/bug/?i=8595
  [87] = https://curl.se/bug/?i=8684
  [88] = https://curl.se/bug/?i=8683
  [89] = https://curl.se/bug/?i=8677
  [90] = https://curl.se/bug/?i=8676
  [91] = https://curl.se/bug/?i=8682
  [92] = https://curl.se/bug/?i=8679
  [93] = https://curl.se/bug/?i=8678
  [94] = https://curl.se/bug/?i=8678
  [95] = https://curl.se/bug/?i=8673
  [96] = https://curl.se/bug/?i=8687
  [97] = https://curl.se/bug/?i=8701
  [98] = https://curl.se/bug/?i=8716
  [99] = https://curl.se/bug/?i=8704
  [100] = https://curl.se/bug/?i=8713
  [101] = https://curl.se/bug/?i=8714
  [102] = https://curl.se/bug/?i=8697
  [103] = https://curl.se/bug/?i=8711
  [105] = https://curl.se/bug/?i=8753
  [107] = https://curl.se/bug/?i=8707
  [109] = https://curl.se/docs/CVE-2022-27774.html
  [110] = https://curl.se/docs/CVE-2022-27776.html
  [111] = https://hackerone.com/reports/1549461
  [112] = https://curl.se/docs/CVE-2022-27775.html
  [113] = https://curl.se/docs/CVE-2022-22576.html
  [114] = https://hackerone.com/reports/1549435
  [115] = https://hackerone.com/reports/1542881
  [116] = https://curl.se/bug/?i=8738
  [117] = https://hackerone.com/reports/1548535
  [119] = https://curl.se/bug/?i=8739
  [122] = https://curl.se/bug/?i=8692
  [123] = https://curl.se/bug/?i=8699
  [124] = https://curl.se/bug/?i=8708
  [125] = https://curl.se/bug/?i=8719
  [126] = https://curl.se/bug/?i=8725
  [127] = https://curl.se/bug/?i=8724

-- 
  / daniel.haxx.se
  | Commercial curl support up to 24x7 is available!
  | Private help, bug fixes, support, ports, new features
  | https://curl.se/support.html


-- 
Unsubscribe: https://lists.haxx.se/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html
Received on 2022-04-27