Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
[RELEASE] curl 7.83.1
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Daniel Stenberg via curl-library <curl-library_at_lists.haxx.se>
Date: Wed, 11 May 2022 08:34:29 +0200 (CEST)
Hi friends.
I am happy to once again present a new curl release. This time in association
with six new security advisories that will be announced the next following
minutes.
As always, get curl from https://curl.se
curl and libcurl 7.83.1
Public curl releases: 208
Command line options: 247
curl_easy_setopt() options: 295
Public functions in libcurl: 88
Contributors: 2632
This release includes the following bugfixes:
o altsvc: fix host name matching for trailing dots [31]
o cirrus: Update to FreeBSD 12.3 [24]
o cirrus: Use pip for Python packages on FreeBSD [23]
o conn: fix typo 'connnection' -> 'connection' in two function names [1]
o cookies: make bad_domain() not consider a trailing dot fine [26]
o curl: free resource in error path [3]
o curl: guard against size_t wraparound in no-clobber code [4]
o CURLOPT_DOH_URL.3: mention the known bug [19]
o CURLOPT_HSTS*FUNCTION.3: document the involved structs as well [20]
o CURLOPT_SSH_AUTH_TYPES.3: fix the default [18]
o data/test376: set a proper name
o GHA/mbedtls: enabled nghttp2 in the build [11]
o gha: build msh3 [5]
o gskit: fixed bogus setsockopt calls [17]
o gskit: remove unused function set_callback [2]
o hsts: ignore trailing dots when comparing hosts names [28]
o HTTP-COOKIES: add missing CURLOPT_COOKIESESSION [40]
o http: move Curl_allow_auth_to_host() [9]
o http_proxy/hyper: handle closed connections [34]
o hyper: fix test 357 [32]
o Makefile: fix "make ca-firefox" [37]
o mbedtls: bail out if rng init fails [14]
o mbedtls: fix compile when h2-enabled [12]
o mbedtls: fix some error messages
o misc: use "autoreconf -fi" instead buildconf [22]
o msh3: get msh3 version from MsH3Version [6]
o msh3: print boolean value as text representation [10]
o msh3: psss remote_port to MsH3ConnectionOpen [7]
o ngtcp2: add ca-fallback support for OpenSSL backend [35]
o nss: return error if seemingly stuck in a cert loop [30]
o openssl: define HAVE_SSL_CTX_SET_EC_CURVES for libressl [8]
o post_per_transfer: remove the updated file name [27]
o sectransp: bail out if SSLSetPeerDomainName fails [33]
o tests/server: declare variable 'reqlogfile' static [39]
o tests: fix markdown formatting in README [38]
o test{898,974,976}: add 'HTTP proxy' keywords [16]
o tls: check more TLS details for connection reuse [25]
o url: check SSH config match on connection reuse [21]
o urlapi: address (harmless) UndefinedBehavior sanitizer warning [15]
o urlapi: reject percent-decoding host name into separator bytes [29]
o x509asn1: make do_pubkey handle EC public keys [13]
This release includes the following known bugs:
o see docs/KNOWN_BUGS (https://curl.se/docs/knownbugs.html)
This release would not have looked like this without help, code, reports and
advice from friends like these:
Adam Rosenfield, Axel Chong, Christian Weisgerber, Daniel Gustafsson,
Daniel Stenberg, Fabian Keil, Florian Kohnhäuser, Garrett Squire,
Harry Sintonen, LigH-de on github, Michael Olbrich, Nick Banks,
Patrick Monnerat, Philip H, Prithvi MK, Ray Satiro, Ryan Schmidt,
Sergey Markelov, Tatsuhiro Tsujikawa, Yusuke Nakamura
(20 contributors)
References to bug reports and discussions on issues:
[1] = https://curl.se/bug/?i=8759
[2] = https://curl.se/bug/?i=8782
[3] = https://curl.se/bug/?i=8770
[4] = https://curl.se/bug/?i=8771
[5] = https://curl.se/bug/?i=8779
[6] = https://curl.se/bug/?i=8762
[7] = https://curl.se/bug/?i=8762
[8] = https://curl.se/mail/lib-2022-04/0059.html
[9] = https://curl.se/bug/?i=8772
[10] = https://curl.se/bug/?i=8763
[11] = https://curl.se/bug/?i=8767
[12] = https://curl.se/bug/?i=8766
[13] = https://curl.se/bug/?i=8757
[14] = https://curl.se/bug/?i=8796
[15] = https://curl.se/bug/?i=8797
[16] = https://curl.se/bug/?i=8791
[17] = https://curl.se/bug/?i=8793
[18] = https://curl.se/bug/?i=8792
[19] = https://curl.se/bug/?i=8790
[20] = https://curl.se/bug/?i=8788
[21] = https://curl.se/docs/CVE-2022-27782.html
[22] = https://curl.se/bug/?i=8777
[23] = https://curl.se/bug/?i=8783
[24] = https://curl.se/bug/?i=8783
[25] = https://curl.se/docs/CVE-2022-27782.html
[26] = https://curl.se/docs/CVE-2022-27779.html
[27] = https://curl.se/docs/CVE-2022-27778.html
[28] = https://curl.se/docs/CVE-2022-30115.html
[29] = https://curl.se/docs/CVE-2022-27780.html
[30] = https://curl.se/docs/CVE-2022-27781.html
[31] = https://curl.se/bug/?i=8819
[32] = https://curl.se/bug/?i=8811
[33] = https://curl.se/bug/?i=8798
[34] = https://curl.se/bug/?i=8700
[35] = https://curl.se/bug/?i=8828
[37] = https://curl.se/bug/?i=8804
[38] = https://curl.se/bug/?i=8802
[39] = https://curl.se/bug/?i=8799
[40] = https://curl.se/bug/?i=8795
Date: Wed, 11 May 2022 08:34:29 +0200 (CEST)
Hi friends.
I am happy to once again present a new curl release. This time in association
with six new security advisories that will be announced the next following
minutes.
As always, get curl from https://curl.se
curl and libcurl 7.83.1
Public curl releases: 208
Command line options: 247
curl_easy_setopt() options: 295
Public functions in libcurl: 88
Contributors: 2632
This release includes the following bugfixes:
o altsvc: fix host name matching for trailing dots [31]
o cirrus: Update to FreeBSD 12.3 [24]
o cirrus: Use pip for Python packages on FreeBSD [23]
o conn: fix typo 'connnection' -> 'connection' in two function names [1]
o cookies: make bad_domain() not consider a trailing dot fine [26]
o curl: free resource in error path [3]
o curl: guard against size_t wraparound in no-clobber code [4]
o CURLOPT_DOH_URL.3: mention the known bug [19]
o CURLOPT_HSTS*FUNCTION.3: document the involved structs as well [20]
o CURLOPT_SSH_AUTH_TYPES.3: fix the default [18]
o data/test376: set a proper name
o GHA/mbedtls: enabled nghttp2 in the build [11]
o gha: build msh3 [5]
o gskit: fixed bogus setsockopt calls [17]
o gskit: remove unused function set_callback [2]
o hsts: ignore trailing dots when comparing hosts names [28]
o HTTP-COOKIES: add missing CURLOPT_COOKIESESSION [40]
o http: move Curl_allow_auth_to_host() [9]
o http_proxy/hyper: handle closed connections [34]
o hyper: fix test 357 [32]
o Makefile: fix "make ca-firefox" [37]
o mbedtls: bail out if rng init fails [14]
o mbedtls: fix compile when h2-enabled [12]
o mbedtls: fix some error messages
o misc: use "autoreconf -fi" instead buildconf [22]
o msh3: get msh3 version from MsH3Version [6]
o msh3: print boolean value as text representation [10]
o msh3: psss remote_port to MsH3ConnectionOpen [7]
o ngtcp2: add ca-fallback support for OpenSSL backend [35]
o nss: return error if seemingly stuck in a cert loop [30]
o openssl: define HAVE_SSL_CTX_SET_EC_CURVES for libressl [8]
o post_per_transfer: remove the updated file name [27]
o sectransp: bail out if SSLSetPeerDomainName fails [33]
o tests/server: declare variable 'reqlogfile' static [39]
o tests: fix markdown formatting in README [38]
o test{898,974,976}: add 'HTTP proxy' keywords [16]
o tls: check more TLS details for connection reuse [25]
o url: check SSH config match on connection reuse [21]
o urlapi: address (harmless) UndefinedBehavior sanitizer warning [15]
o urlapi: reject percent-decoding host name into separator bytes [29]
o x509asn1: make do_pubkey handle EC public keys [13]
This release includes the following known bugs:
o see docs/KNOWN_BUGS (https://curl.se/docs/knownbugs.html)
This release would not have looked like this without help, code, reports and
advice from friends like these:
Adam Rosenfield, Axel Chong, Christian Weisgerber, Daniel Gustafsson,
Daniel Stenberg, Fabian Keil, Florian Kohnhäuser, Garrett Squire,
Harry Sintonen, LigH-de on github, Michael Olbrich, Nick Banks,
Patrick Monnerat, Philip H, Prithvi MK, Ray Satiro, Ryan Schmidt,
Sergey Markelov, Tatsuhiro Tsujikawa, Yusuke Nakamura
(20 contributors)
References to bug reports and discussions on issues:
[1] = https://curl.se/bug/?i=8759
[2] = https://curl.se/bug/?i=8782
[3] = https://curl.se/bug/?i=8770
[4] = https://curl.se/bug/?i=8771
[5] = https://curl.se/bug/?i=8779
[6] = https://curl.se/bug/?i=8762
[7] = https://curl.se/bug/?i=8762
[8] = https://curl.se/mail/lib-2022-04/0059.html
[9] = https://curl.se/bug/?i=8772
[10] = https://curl.se/bug/?i=8763
[11] = https://curl.se/bug/?i=8767
[12] = https://curl.se/bug/?i=8766
[13] = https://curl.se/bug/?i=8757
[14] = https://curl.se/bug/?i=8796
[15] = https://curl.se/bug/?i=8797
[16] = https://curl.se/bug/?i=8791
[17] = https://curl.se/bug/?i=8793
[18] = https://curl.se/bug/?i=8792
[19] = https://curl.se/bug/?i=8790
[20] = https://curl.se/bug/?i=8788
[21] = https://curl.se/docs/CVE-2022-27782.html
[22] = https://curl.se/bug/?i=8777
[23] = https://curl.se/bug/?i=8783
[24] = https://curl.se/bug/?i=8783
[25] = https://curl.se/docs/CVE-2022-27782.html
[26] = https://curl.se/docs/CVE-2022-27779.html
[27] = https://curl.se/docs/CVE-2022-27778.html
[28] = https://curl.se/docs/CVE-2022-30115.html
[29] = https://curl.se/docs/CVE-2022-27780.html
[30] = https://curl.se/docs/CVE-2022-27781.html
[31] = https://curl.se/bug/?i=8819
[32] = https://curl.se/bug/?i=8811
[33] = https://curl.se/bug/?i=8798
[34] = https://curl.se/bug/?i=8700
[35] = https://curl.se/bug/?i=8828
[37] = https://curl.se/bug/?i=8804
[38] = https://curl.se/bug/?i=8802
[39] = https://curl.se/bug/?i=8799
[40] = https://curl.se/bug/?i=8795
-- / daniel.haxx.se | Commercial curl support up to 24x7 is available! | Private help, bug fixes, support, ports, new features | https://curl.se/support.html
-- Unsubscribe: https://lists.haxx.se/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.htmlReceived on 2022-05-11