aboutsummaryrefslogtreecommitdiffstats
path: root/contrib/libs/curl/RELEASE-NOTES
blob: 53514245b6d192e5ab070cfc03760537b3b19529 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
curl and libcurl 7.83.1

 Public curl releases:         208
 Command line options:         247
 curl_easy_setopt() options:   295
 Public functions in libcurl:  88
 Contributors:                 2632

This release includes the following bugfixes:

 o altsvc: fix host name matching for trailing dots [31]
 o cirrus: Update to FreeBSD 12.3 [24]
 o cirrus: Use pip for Python packages on FreeBSD [23]
 o conn: fix typo 'connnection' -> 'connection' in two function names [1]
 o cookies: make bad_domain() not consider a trailing dot fine [26]
 o curl: free resource in error path [3]
 o curl: guard against size_t wraparound in no-clobber code [4]
 o CURLOPT_DOH_URL.3: mention the known bug [19]
 o CURLOPT_HSTS*FUNCTION.3: document the involved structs as well [20]
 o CURLOPT_SSH_AUTH_TYPES.3: fix the default [18]
 o data/test376: set a proper name
 o GHA/mbedtls: enabled nghttp2 in the build [11]
 o gha: build msh3 [5]
 o gskit: fixed bogus setsockopt calls [17]
 o gskit: remove unused function set_callback [2]
 o hsts: ignore trailing dots when comparing hosts names [28]
 o HTTP-COOKIES: add missing CURLOPT_COOKIESESSION [40]
 o http: move Curl_allow_auth_to_host() [9]
 o http_proxy/hyper: handle closed connections [34]
 o hyper: fix test 357 [32]
 o Makefile: fix "make ca-firefox" [37]
 o mbedtls: bail out if rng init fails [14]
 o mbedtls: fix compile when h2-enabled [12]
 o mbedtls: fix some error messages
 o misc: use "autoreconf -fi" instead buildconf [22]
 o msh3: get msh3 version from MsH3Version [6]
 o msh3: print boolean value as text representation [10]
 o msh3: psss remote_port to MsH3ConnectionOpen [7]
 o ngtcp2: add ca-fallback support for OpenSSL backend [35]
 o nss: return error if seemingly stuck in a cert loop [30]
 o openssl: define HAVE_SSL_CTX_SET_EC_CURVES for libressl [8]
 o post_per_transfer: remove the updated file name [27]
 o sectransp: bail out if SSLSetPeerDomainName fails [33]
 o tests/server: declare variable 'reqlogfile' static [39]
 o tests: fix markdown formatting in README [38]
 o test{898,974,976}: add 'HTTP proxy' keywords [16]
 o tls: check more TLS details for connection reuse [25]
 o url: check SSH config match on connection reuse [21]
 o urlapi: address (harmless) UndefinedBehavior sanitizer warning [15]
 o urlapi: reject percent-decoding host name into separator bytes [29]
 o x509asn1: make do_pubkey handle EC public keys [13]

This release includes the following known bugs:

 o see docs/KNOWN_BUGS (https://curl.se/docs/knownbugs.html)

This release would not have looked like this without help, code, reports and
advice from friends like these:

  Adam Rosenfield, Axel Chong, Christian Weisgerber, Daniel Gustafsson,
  Daniel Stenberg, Fabian Keil, Florian Kohnhäuser, Garrett Squire,
  Harry Sintonen, LigH-de on github, Michael Olbrich, Nick Banks,
  Patrick Monnerat, Philip H, Prithvi MK, Ray Satiro, Ryan Schmidt,
  Sergey Markelov, Tatsuhiro Tsujikawa, Yusuke Nakamura
  (20 contributors)

References to bug reports and discussions on issues:

 [1] = https://curl.se/bug/?i=8759
 [2] = https://curl.se/bug/?i=8782
 [3] = https://curl.se/bug/?i=8770
 [4] = https://curl.se/bug/?i=8771
 [5] = https://curl.se/bug/?i=8779
 [6] = https://curl.se/bug/?i=8762
 [7] = https://curl.se/bug/?i=8762
 [8] = https://curl.se/mail/lib-2022-04/0059.html
 [9] = https://curl.se/bug/?i=8772
 [10] = https://curl.se/bug/?i=8763
 [11] = https://curl.se/bug/?i=8767
 [12] = https://curl.se/bug/?i=8766
 [13] = https://curl.se/bug/?i=8757
 [14] = https://curl.se/bug/?i=8796
 [15] = https://curl.se/bug/?i=8797
 [16] = https://curl.se/bug/?i=8791
 [17] = https://curl.se/bug/?i=8793
 [18] = https://curl.se/bug/?i=8792
 [19] = https://curl.se/bug/?i=8790
 [20] = https://curl.se/bug/?i=8788
 [21] = https://curl.se/docs/CVE-2022-27782.html
 [22] = https://curl.se/bug/?i=8777
 [23] = https://curl.se/bug/?i=8783
 [24] = https://curl.se/bug/?i=8783
 [25] = https://curl.se/docs/CVE-2022-27782.html
 [26] = https://curl.se/docs/CVE-2022-27779.html
 [27] = https://curl.se/docs/CVE-2022-27778.html
 [28] = https://curl.se/docs/CVE-2022-30115.html
 [29] = https://curl.se/docs/CVE-2022-27780.html
 [30] = https://curl.se/docs/CVE-2022-27781.html
 [31] = https://curl.se/bug/?i=8819
 [32] = https://curl.se/bug/?i=8811
 [33] = https://curl.se/bug/?i=8798
 [34] = https://curl.se/bug/?i=8700
 [35] = https://curl.se/bug/?i=8828
 [37] = https://curl.se/bug/?i=8804
 [38] = https://curl.se/bug/?i=8802
 [39] = https://curl.se/bug/?i=8799
 [40] = https://curl.se/bug/?i=8795