curl/RELEASE-NOTES

curl and libcurl 7.82.0

 Public curl releases:         206
 Command line options:         245
 curl_easy_setopt() options:   295
 Public functions in libcurl:  86
 Contributors:                 2597

This release includes the following changes:

 o curl: add --json [67]
 o mesalink: remove support [23]

This release includes the following bugfixes:

 o appveyor: update images from VS 2019 to 2022
 o appveyor: use VS 2017 image for the autotools builds
 o azure-pipelines: add a build on Windows with libssh [154]
 o bearssl: fix connect error on expired cert and no verify [132]
 o bearssl: fix EXC_BAD_ACCESS on incomplete CA cert [131]
 o bearssl: fix session resumption (session id) [133]
 o build: enable -Warith-conversion
 o build: fix -Wenum-conversion handling
 o build: fix ngtcp2 crypto library detection [63]
 o checkprefix: remove strlen calls [128]
 o checksrc: fix typo in comment [34]
 o CI: move 'distcheck' job from zuul to azure pipelines [60]
 o CI: move scan-build job from Zuul to Azure Pipelines [59]
 o CI: move the NSS job from zuul to GHA [84]
 o ci: move the OpenSSL + c-ares job from Zuul to Circle CI [75]
 o CI: move the rustls CI job to GHA from Zuul [8]
 o CI: move two jobs from Zuul to Circle CI [73]
 o CI: test building wolfssl with --enable-opensslextra [42]
 o CI: workflows/wolfssl: install impacket [47]
 o circleci: add a job using libssh [121]
 o cirlceci: also run a c-ares job on arm with debug enabled [74]
 o cmake: fix iOS CMake project generation error [13]
 o cmdline-opts/gen.pl: fix option matching to improve references [50]
 o config.d: Clarify _curlrc filename is still valid on Windows [95]
 o configure.ac: use user-specified gssapi dir when using pkg-config [136]
 o configure: change output for cross-compiled alt-svc support [140]
 o configure: fix '--enable-code-coverage' typo [110]
 o configure: remove support for "embedded ares" [82]
 o configure: requires --with-nss-deprecated to build with NSS [114]
 o configure: set CURL_LIBRARY_PATH for nghttp2 [58]
 o configure: support specification of a nghttp2 library path [101]
 o configure: use correct CFLAGS for threaded resolver with xlC on AIX [54]
 o curl tool: erase some more sensitive command line arguments [22]
 o curl-functions.m4: fix LIBRARY_PATH adjustment to avoid eval [5]
 o curl-functions.m4: revert DYLD_LIBRARY_PATH tricks in CURL_RUN_IFELSE [9]
 o curl-openssl: fix SRP check for OpenSSL 3.0 [86]
 o curl-openssl: remove the OpenSSL headers and library versions check [35]
 o curl.h: fix typo [129]
 o curl: remove "separators" (when using globbed URLs) [32]
 o curl_getdate.3: remove pointless .PP line [68]
 o curl_multi_socket.3: remove callback and typical usage descriptions [7]
 o curl_url_set.3: mention when CURLU_ALLOW_SPACE was added
 o CURLMOPT_TIMERFUNCTION/DATA.3: fix the examples [27]
 o CURLOPT_PROGRESSFUNCTION.3: fix example struct assignment [147]
 o CURLOPT_RESOLVE.3: change example port to 443
 o CURLOPT_XFERINFOFUNCTION.3: fix example struct assignment [153]
 o CURLOPT_XFERINFOFUNCTION.3: fix typo in example [81]
 o CURLSHOPT_LOCKFUNC.3: fix typo "relased" -> "released" [71]
 o des: fix compile break for OpenSSL without DES [141]
 o docs/cmdline-opts: add "mutexed" options for more http versions [25]
 o docs/DEPRECATE: remove NPN support in August 2022 [64]
 o docs: capitalize the name 'Netscape' [77]
 o docs: document HTTP/2 not insisting on TLS 1.2 [49]
 o docs: fix mandoc -T lint formatting complaints [2]
 o docs: update IETF links to use datatracker [41]
 o examples/curlx: support building with OpenSSL 1.1.0+ [148]
 o examples/multi-app.c: call curl_multi_remove_handle as well [19]
 o formdata: avoid size_t => long typecast overflows [37]
 o ftp: provide error message for control bytes in path [66]
 o gen.pl: terminate "example" sections better [4]
 o gha: add a macOS CI job with libssh [142]
 o gskit: Convert to using Curl_poll [111]
 o gskit: Fix errors from Curl_strerror refactor [113]
 o gskit: Fix initialization of Curl_ssl_gskit struct [112]
 o h2/h3: allow CURLOPT_HTTPHEADER change ":scheme" [88]
 o hostcheck: fixed to not touch used input strings [38]
 o hostcheck: reduce strlen calls on chained certificates [92]
 o hostip: avoid unused parameter error in Curl_resolv_check [144]
 o http2: move two infof calls to debug-h2-only [145]
 o http: make Curl_compareheader() take string length arguments too [87]
 o if2ip: make Curl_ipv6_scope a blank macro when IPv6-disabled [104]
 o KNOWN_BUGS: fix typo "libpsl"
 o ldap: return CURLE_URL_MALFORMAT for bad URL [24]
 o lib: remove support for CURL_DOES_CONVERSIONS [96]
 o libssh2: don't typecast socket to int for libssh2_session_handshake [151]
 o libssh: fix include files and defines use for Windows builds [156]
 o Makefile.am: Generate VS 2022 projects
 o maketgz: return error if 'make dist' fails [79]
 o mbedtls: enable use of mbedtls without CRL support [57]
 o mbedtls: enable use of mbedtls without filesystem functions support [100]
 o mbedtls: fix CURLOPT_SSLCERT_BLOB (again)
 o mbedtls: fix ssl_init error with mbedTLS 3.1.0+ [12]
 o mbedtls: remove #include <mbedtls/certs.h> [56]
 o mbedtls: return CURLcode result instead of a mbedtls error code [1]
 o md5: check md5_init_func return value
 o mime: use a define instead of the magic number 24 [89]
 o misc: allow curl to build with wolfssl --enable-opensslextra [43]
 o misc: remove BeOS code and references [30]
 o misc: remove the final watcom references [29]
 o misc: remove unused data when IPv6 is not supported [80]
 o mqtt: free 'sendleftovers' in disconnect [115]
 o mqtt: free any send leftover data when done [36]
 o multi: allow user callbacks to call curl_multi_assign [126]
 o multi: grammar fix in comment [69]
 o multi: remember connection_id before returning connection to pool [76]
 o multi: set in_callback for multi interface callbacks [28]
 o netware: remove support [72]
 o next.d. remove .fi/.nf as they are handled by gen.pl [3]
 o ngtcp2: adapt to changed end of headers callback proto [39]
 o ngtcp2: fix declaration of ‘result’ shadows a previous local [14]
 o ngtcp2: Reset dynbuf when it is fully drained [143]
 o nss: handshake callback during shutdown has no conn->bundle [55]
 o ntlm: remove unused feature defines [117]
 o openldap: fix compiler warning when built without SSL support [70]
 o openldap: implement SASL authentication [16]
 o openldap: pass string length arguments to client_write() [116]
 o openssl.h: avoid including OpenSSL headers here [15]
 o openssl: check if sessionid flag is enabled before retrieving session [125]
 o openssl: check SSL_get_ex_data to prevent potential NULL dereference [40]
 o openssl: check the return value of BIO_new_mem_buf() [18]
 o openssl: fix `ctx_option_t` for OpenSSL v3+
 o openssl: fix build for version < 1.1.0 [134]
 o openssl: return error if TLS 1.3 is requested when not supported [45]
 o os400: Add function wrapper for system command [138]
 o os400: Add link to QADRT devkit to README.OS400 [137]
 o os400: Default build to target current release [139]
 o OS400: fix typos in rpg include file [149]
 o projects: add support for Visual Studio 17 (2022) [124]
 o projects: fix Visual Studio wolfSSL configurations
 o projects: remove support for MSVC before VC10 (Visual Studio 2010) [123]
 o quiche: after leaving h3_recving state, poll again [108]
 o quiche: change qlog file extension to `.sqlog` [44]
 o quiche: fix upload for bigger content-length [146]
 o quiche: handle stream reset [83]
 o quiche: remove two leftover debug infof() outputs
 o quiche: verify the server cert on connect [33]
 o quiche: when *recv_body() returns data, drain it before polling again [109]
 o README.md: fix links [118]
 o remote-header-name.d: clarify [10]
 o runtests.pl: disable debuginfod [51]
 o runtests.pl: properly print the test if it contains binary zeros
 o runtests.pl: support the nonewline attribute for the data part [21]
 o runtests.pl: tolerate test directories without Makefile.inc [98]
 o runtests: allow client/file to specify multiple directories
 o runtests: make 'rustls' a testable feature
 o runtests: make 'wolfssl' a testable feature [6]
 o runtests: set 'oldlibssh' for libssh versions before 0.9.5 [122]
 o rustls: add CURLOPT_CAINFO_BLOB support [26]
 o schannel: move the algIds array out of schannel.h [135]
 o scripts/cijobs.pl: output data about all currect CI jobs [78]
 o scripts/completion.pl: improve zsh completion [46]
 o scripts/copyright.pl: support many provided file names on the cmdline
 o scripts/delta: check the file delta for current branch
 o sectransp: mark a 3DES cipher as weak [130]
 o setopt: do bounds-check before strdup [99]
 o setopt: fix the TLSAUTH #ifdefs for proxy-disabled builds [53]
 o sha256: Fix minimum OpenSSL version [102]
 o smb: pass socket for writing and reading data instead of FIRSTSOCKET [90]
 o ssl: reduce allocated space for ssl backend when FTP is disabled [127]
 o test3021: disable all msys2 path transformation
 o test374: gif data without new line at the end [20]
 o tests/disable-scan.pl: properly detect multiple symbols per line [94]
 o tests/unit/Makefile.am: add NSS_LIBS to build with NSS fine [85]
 o tool_findfile: check ~/.config/curlrc too [17]
 o tool_getparam: DNS options that need c-ares now fail without it [31]
 o TPF: drop support [97]
 o unit1610: init SSL library before calling SHA256 functions [152]
 o url: exclude zonefrom_url when no ipv6 is available [103]
 o url: given a user in the URL, find pwd for that user in netrc [11]
 o url: keep trailing dot in host name [62]
 o url: make Curl_disconnect return void [48]
 o urlapi: handle "redirects" smarter [119]
 o urldata: CONN_IS_PROXIED replaces bits.proxy when proxy can be disabled [52]
 o urldata: remove conn->bits.user_passwd [105]
 o version_win32: fix warning for `CURL_WINDOWS_APP` [93]
 o vtls: fix socket check conditions [150]
 o vtls: pass on the right SNI name [61]
 o vxworks: drop support [65]
 o winbuild: add parameter WITH_SSH [120]
 o wolfssl: return CURLE_AGAIN for the SSL_ERROR_NONE case [106]
 o wolfssl: when SSL_read() returns zero, check the error [107]
 o write-out.d: Fix num_headers formatting
 o x509asn1: toggle off functions not needed for diff tls backends [91]

This release includes the following known bugs:

 o see docs/KNOWN_BUGS (https://curl.se/docs/knownbugs.html)

This release would not have looked like this without help, code, reports and
advice from friends like these:

  1337vt on github, Alejandro R. Sedeño, Alessandro Ghedini, Antoine Pietri,
  Bernhard Walle, Bjarni Ingi Gislason, Cameron Will, Charles Cazabon,
  coralw on github, Dan Fandrich, Daniel Stenberg, Davide Cassioli,
  Eric Musser, Fabian Keil, Fabian Yamaguchi, Farzin on github, Filip Lundgren,
  gaoxingwang on github, Harry Sarson, Henrik Holst, Ikko Ashimine,
  illusory-dream on github, Jan Ehrhardt, Jan-Piet Mens, Jan Venekamp,
  Jean-Philippe Menil, jhoyla on github, Jim Beveridge, Joel Depooter,
  John H. Ayad, jonny112 on github, Kantanat Wannapaka, Kevin Adler,
  Kushal Das, Leah Neukirchen, Lucas Pardue, luminixinc on github,
  Manfred Schwarb, Marcel Raad, Melroy van den Berg, Michael Kaufmann,
  Michael Wallner, Michał Antoniak, Neal McBurnett, neutric on github,
  Niels Martignène, Patrick Monnerat, pheiduck on github, Ray Satiro,
  Rob Boeckermann, Ryan Schmidt, Samuel Henrique, Sandro Jaeckel,
  Satadru Pramanik, Sebastian Sterk, siddharthchhabrap on github, Stav Nir,
  Stefan Eissing, Stephen Boost, Stephen M. Coakley, Stewart Gebbie,
  Tatsuhiro Tsujikawa, updatede on github, Viktor Szakats, vl409 on github,
  Xiaoke Wang, 梦终无痕
  (67 contributors)

References to bug reports and discussions on issues:

 [1] = https://curl.se/bug/?i=8266
 [2] = https://curl.se/bug/?i=8228
 [3] = https://curl.se/bug/?i=8228
 [4] = https://curl.se/bug/?i=8228
 [5] = https://curl.se/bug/?i=8229
 [6] = https://curl.se/bug/?i=8252
 [7] = https://curl.se/bug/?i=8262
 [8] = https://curl.se/bug/?i=8251
 [9] = https://curl.se/bug/?i=8229
 [10] = https://curl.se/bug/?i=8249
 [11] = https://curl.se/bug/?i=8241
 [12] = https://curl.se/bug/?i=8238
 [13] = https://curl.se/bug/?i=8244
 [14] = https://curl.se/bug/?i=8245
 [15] = https://curl.se/bug/?i=8240
 [16] = https://curl.se/bug/?i=8152
 [17] = https://curl.se/bug/?i=8208
 [18] = https://curl.se/bug/?i=8233
 [19] = https://curl.se/bug/?i=8234
 [20] = https://curl.se/bug/?i=8239
 [21] = https://curl.se/bug/?i=8239
 [22] = https://curl.se/bug/?i=7964
 [23] = https://curl.se/bug/?i=8188
 [24] = https://curl.se/bug/?i=8170
 [25] = https://curl.se/bug/?i=8254
 [26] = https://curl.se/bug/?i=8255
 [27] = https://curl.se/bug/?i=8286
 [28] = https://curl.se/bug/?i=8282
 [29] = https://curl.se/bug/?i=8287
 [30] = https://curl.se/bug/?i=8288
 [31] = https://curl.se/bug/?i=8285
 [32] = https://curl.se/bug/?i=8278
 [33] = https://curl.se/bug/?i=8173
 [34] = https://curl.se/bug/?i=8281
 [35] = https://curl.se/bug/?i=8279
 [36] = https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43515
 [37] = https://hackerone.com/reports/1444539
 [38] = https://curl.se/bug/?i=8321
 [39] = https://curl.se/bug/?i=8322
 [40] = https://curl.se/bug/?i=8268
 [41] = https://curl.se/bug/?i=8317
 [42] = https://curl.se/bug/?i=8315
 [43] = https://curl.se/bug/?i=8292
 [44] = https://curl.se/bug/?i=8316
 [45] = https://curl.se/bug/?i=8309
 [46] = https://curl.se/bug/?i=8363
 [47] = https://curl.se/bug/?i=8307
 [48] = https://curl.se/bug/?i=8303
 [49] = https://curl.se/bug/?i=8235
 [50] = https://curl.se/bug/?i=8299
 [51] = https://curl.se/bug/?i=8291
 [52] = https://curl.se/bug/?i=8350
 [53] = https://curl.se/bug/?i=8350
 [54] = https://curl.se/bug/?i=8276
 [55] = https://curl.se/bug/?i=8341
 [56] = https://curl.se/bug/?i=8343
 [57] = https://curl.se/bug/?i=8344
 [58] = https://curl.se/bug/?i=8340
 [59] = https://curl.se/bug/?i=8338
 [60] = https://curl.se/bug/?i=8334
 [61] = https://curl.se/bug/?i=8320
 [62] = https://curl.se/bug/?i=8290
 [63] = https://curl.se/bug/?i=8372
 [64] = https://curl.se/bug/?i=8458
 [65] = https://curl.se/bug/?i=8362
 [66] = https://curl.se/bug/?i=8460
 [67] = https://curl.se/bug/?i=8314
 [68] = https://curl.se/bug/?i=8365
 [69] = https://curl.se/bug/?i=8368
 [70] = https://curl.se/bug/?i=8367
 [71] = https://curl.se/bug/?i=8364
 [72] = https://curl.se/bug/?i=8358
 [73] = https://curl.se/bug/?i=8359
 [74] = https://curl.se/bug/?i=8357
 [75] = https://curl.se/bug/?i=8357
 [76] = https://hackerone.com/reports/1463013
 [77] = https://curl.se/bug/?i=8354
 [78] = https://curl.se/bug/?i=8408
 [79] = https://curl.se/mail/lib-2022-02/0070.html
 [80] = https://curl.se/bug/?i=8430
 [81] = https://curl.se/bug/?i=8487
 [82] = https://curl.se/bug/?i=8397
 [83] = https://curl.se/bug/?i=8437
 [84] = https://curl.se/bug/?i=8396
 [85] = https://curl.se/bug/?i=8396
 [86] = https://curl.se/bug/?i=8394
 [87] = https://curl.se/bug/?i=8391
 [88] = https://curl.se/bug/?i=8381
 [89] = https://curl.se/bug/?i=8441
 [90] = https://curl.se/bug/?i=8383
 [91] = https://curl.se/bug/?i=8386
 [92] = https://curl.se/bug/?i=8428
 [93] = https://curl.se/bug/?i=8385
 [94] = https://curl.se/bug/?i=8384
 [95] = https://curl.se/bug/?i=8382
 [96] = https://curl.se/bug/?i=8378
 [97] = https://curl.se/bug/?i=8378
 [98] = https://curl.se/bug/?i=8379
 [99] = https://curl.se/bug/?i=8377
 [100] = https://curl.se/bug/?i=8376
 [101] = https://curl.se/bug/?i=8375
 [102] = https://curl.se/bug/?i=8464
 [103] = https://curl.se/bug/?i=8439
 [104] = https://curl.se/bug/?i=8439
 [105] = https://curl.se/bug/?i=8449
 [106] = https://curl.se/bug/?i=8431
 [107] = https://curl.se/bug/?i=8431
 [108] = https://curl.se/bug/?i=8436
 [109] = https://curl.se/bug/?i=8429
 [110] = https://curl.se/bug/?i=8425
 [111] = https://curl.se/bug/?i=8454
 [112] = https://curl.se/bug/?i=8454
 [113] = https://curl.se/bug/?i=8454
 [114] = https://curl.se/bug/?i=8395
 [115] = https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43646
 [116] = https://curl.se/bug/?i=8404
 [117] = https://curl.se/bug/?i=8453
 [118] = https://curl.se/bug/?i=8448
 [119] = https://curl.se/bug/?i=8450
 [120] = https://curl.se/bug/?i=8514
 [121] = https://curl.se/bug/?i=8444
 [122] = https://curl.se/bug/?i=8444
 [123] = https://curl.se/bug/?i=8442
 [124] = https://curl.se/bug/?i=8438
 [125] = https://curl.se/bug/?i=8472
 [126] = https://curl.se/bug/?i=8480
 [127] = https://curl.se/bug/?i=8471
 [128] = https://curl.se/bug/?i=8481
 [129] = https://curl.se/bug/?i=8482
 [130] = https://curl.se/bug/?i=8479
 [131] = https://curl.se/bug/?i=8476
 [132] = https://curl.se/bug/?i=8475
 [133] = https://curl.se/bug/?i=8474
 [134] = https://curl.se/bug/?i=8470
 [135] = https://curl.se/bug/?i=8469
 [136] = https://curl.se/bug/?i=8289
 [137] = https://curl.se/bug/?i=8455
 [138] = https://curl.se/bug/?i=8455
 [139] = https://curl.se/bug/?i=8455
 [140] = https://curl.se/bug/?i=8512
 [141] = https://curl.se/bug/?i=8459
 [142] = https://curl.se/bug/?i=8513
 [143] = https://curl.se/bug/?i=7351
 [144] = https://curl.se/bug/?i=8505
 [145] = https://curl.se/bug/?i=8502
 [146] = https://curl.se/bug/?i=8421
 [147] = https://curl.se/bug/?i=8500
 [148] = https://curl.se/bug/?i=8529
 [149] = https://curl.se/bug/?i=8494
 [150] = https://curl.se/bug/?i=8493
 [151] = https://curl.se/bug/?i=8492
 [152] = https://curl.se/bug/?i=8538
 [153] = https://curl.se/bug/?i=8519
 [154] = https://curl.se/bug/?i=8511
 [156] = https://curl.se/mail/lib-2022-02/0131.html