curl/RELEASE-NOTES

curl and libcurl 7.77.0

 Public curl releases:         200
 Command line options:         242
 curl_easy_setopt() options:   288
 Public functions in libcurl:  85
 Contributors:                 2383

This release includes the following changes:

 o curl: ignore options asking for SSLv2 or SSLv3 [10]
 o hsts: enable by default [8]
 o vtls: refuse setting any SSL version [9]

This release includes the following bugfixes:

 o c-hyper: don't write to set.writeheader if null [67]
 o c-hyper: fix handling of zero-byte chunk from hyper [39]
 o checksrc: complain on == NULL or != 0 checks in conditions [20]
 o cmake: make libcurl output filename configurable [41]
 o configure: make the TLS library choice(s) explicit [3]
 o configure: provide --with-openssl, deprecate --with-ssl [15]
 o connect: use CURL_SA_FAMILY_T for portability [34]
 o ConnectionExists: respect requests for h1 connections better
 o cookie: CURLOPT_COOKIEFILE set to NULL switches off cookies [1]
 o Curl_http_header: check for colon when matching Persistent-Auth [51]
 o Curl_http_input_auth: require valid separator after negotiation type [52]
 o Curl_input_digest: require space after Digest [50]
 o curl_setup: provide the shutdown flags wider [33]
 o curl_url_set.3: add memory management information [38]
 o CURLcode: add CURLE_SSL_CLIENTCERT [47]
 o CURLOPT_POSTFIELDS.3: clarify how it gets the size of the data [40]
 o docs/HTTP3.md: fix nghttp2's HTTP/3 server port [21]
 o docs: camelcase it like GitHub everywhere [62]
 o docs: fix typo in fail-with-body doc [63]
 o easy: ignore sigpipe in curl_easy_send [69]
 o gskit: fix CURL_DISABLE_PROXY build [57]
 o gskit: fix undefined reference to 'conn' [58]
 o http2: call the handle-closed function correctly on closed stream [37]
 o http2: fix a resource leak in push_promise() [54]
 o http2: fix resource leaks in set_transfer_url() [55]
 o http2: move the stream error field to the per-transfer storage [36]
 o http: fix the check for 'Authorization' with Bearer [53]
 o krb5/name_to_level: replace checkprefix with curl_strequal [49]
 o krb5: don't use 'static' to store PBSZ size response [23]
 o krb5: remove the unused 'overhead' function [35]
 o lib1564.c: enable last wakeup test part on Windows [26]
 o lib: fix 0-length Curl_client_write calls [60]
 o lib: fix some misuse of curlx_convert_UTF8_to_tchar [64]
 o libcurl-security.3: be careful of setuid [66]
 o libcurl-security.3: don't try to filter IPv4 hosts based on the URL [71]
 o libssh2: fix Value stored to 'sshp' is never read [13]
 o libssh2: ignore timeout during disconnect [45]
 o libssh: fix "empty expression statement has no effect" warnings [7]
 o m4: add security frameworks on Mac when compiling rustls [31]
 o multi: don't close connection HTTP_1_1_REQUIRED
 o multi: fix slow write/upload performance on Windows [27]
 o multi: reduce Win32 API calls to improve performance [28]
 o NSS: add ciphers to map [30]
 o nss_set_blocking: avoid static for sock_opt [72]
 o ntlm: precaution against super huge type2 offsets [65]
 o openldap: protect SSL-specific code with proper #ifdef [12]
 o openssl: fix build error with OpenSSL < 1.0.2 [4]
 o os400: additional support for options metadata [24]
 o README.md: delete Codacy UTM parameters [5]
 o Revert "Revert 'multi: implement wait using winsock events'" [26]
 o rustls: only return CURLE_AGAIN when TLS session is fully drained [2]
 o rustls: use ALPN [56]
 o schannel: Disable auto credentials; add an option to enable it [18]
 o schannel: Support strong crypto option [44]
 o sectransp: allow cipher name to be specified [29]
 o sigpipe: ignore SIGPIPE when using wolfSSL as well [70]
 o sws: #ifdef S_IFSOCK use [32]
 o test server: take care of siginterrupt() deprecation [25]
 o tests/disable-scan.pl: also scan all m4 files [17]
 o tls: add USE_HTTP2 define [59]
 o tool_getparam: replace (in-place) '%20' by '+' according to RFC1866 [14]
 o tool_operate: don't discard failed parallel transfer result [16]
 o tool_writeout: fix the HTTP_CODE json output [11]
 o urlapi: "normalize" numerical IPv4 host names [6]
 o vauth: factor base64 conversions out of authentication procedures [22]
 o version: add gsasl_version to curl_version_info_data [43]
 o vtls: deduplicate some DISABLE_PROXY ifdefs [19]
 o vtls: reset ssl use flag upon negotiation failure [42]
 o wolfssl: handle SSL_write() returns 0 for error [68]

This release includes the following known bugs:

 o see docs/KNOWN_BUGS (https://curl.se/docs/knownbugs.html)

This release would not have looked like this without help, code, reports and
advice from friends like these:

  Ayushman Singh Chauhan, Benjamin Riefenstahl, Blake Burkhart, Dan Fandrich,
  Daniel Stenberg, ebejan on github, Emil Engler, Georeth Zhou, Gergely Nagy,
  Harry Sintonen, Illarion Taev, Jacob Hoffman-Andrews, Jakub Zakrzewski,
  Javier Blazquez, Jeroen Ooms, Johann150 on github, Jon Rumsey, Kamil Dudka,
  Kevin Burke, Kevin R. Bulgrien, Lucas Servén Marín, MAntoniak on github,
  Marcel Raad, Marc Hörsken, Martin Halle, Max Dymond, Michael Kolechkin,
  Michał Antoniak, Michal Rus, Morten Minde Neergaard, Patrick Monnerat,
  Pontus Lundkvist, Ralph Langendam, Ray Satiro, rcombs on github,
  Rich FitzJohn, sergio-nsk on github, Stefan Karpinski, Timo Lange,
  tmkk on github, Tobias Gabriel, Tommy Odom, Tuomas Siipola, Victor Vieux,
  Viktor Szakats, Wes Hinsley, Yusuke Nakamura,
  (47 contributors)

References to bug reports and discussions on issues:

 [1] = https://curl.se/bug/?i=6889
 [2] = https://curl.se/bug/?i=6894
 [3] = https://curl.se/bug/?i=6897
 [4] = https://curl.se/bug/?i=6920
 [5] = https://curl.se/bug/?i=6919
 [6] = https://curl.se/bug/?i=6863
 [7] = https://curl.se/bug/?i=6847
 [8] = https://curl.se/bug/?i=6700
 [9] = https://curl.se/bug/?i=6773
 [10] = https://curl.se/bug/?i=6772
 [11] = https://curl.se/bug/?i=6905
 [12] = https://curl.se/bug/?i=6901
 [13] = https://curl.se/bug/?i=6900
 [14] = https://curl.se/bug/?i=6895
 [15] = https://curl.se/bug/?i=6887
 [16] = https://curl.se/bug/?i=6921
 [17] = https://curl.se/bug/?i=1165
 [18] = https://curl.se/bug/?i=2262
 [19] = https://curl.se/bug/?i=6660
 [20] = https://curl.se/bug/?i=6912
 [21] = https://curl.se/bug/?i=6964
 [22] = https://curl.se/bug/?i=6654
 [23] = https://curl.se/bug/?i=6963
 [24] = https://curl.se/bug/?i=6574
 [25] = https://curl.se/bug/?i=6529
 [26] = https://curl.se/bug/?i=6245
 [27] = https://curl.se/bug/?i=6146
 [28] = https://curl.se/bug/?i=6146
 [29] = https://curl.se/bug/?i=6464
 [30] = https://curl.se/bug/?i=6670
 [31] = https://curl.se/bug/?i=6955
 [32] = https://curl.se/mail/lib-2021-04/0074.html
 [33] = https://curl.se/mail/lib-2021-04/0073.html
 [34] = https://curl.se/mail/lib-2021-04/0071.html
 [35] = https://curl.se/bug/?i=6947
 [36] = https://curl.se/bug/?i=6910
 [37] = https://curl.se/bug/?i=6862
 [38] = https://curl.se/bug/?i=6953
 [39] = https://curl.se/bug/?i=6951
 [40] = https://curl.se/bug/?i=6943
 [41] = https://curl.se/bug/?i=6933
 [42] = https://curl.se/bug/?i=6934
 [43] = https://curl.se/bug/?i=6843
 [44] = https://curl.se/bug/?i=6734
 [45] = https://curl.se/bug/?i=6990
 [47] = https://curl.se/bug/?i=6721
 [49] = https://curl.se/bug/?i=6993
 [50] = https://curl.se/bug/?i=6993
 [51] = https://curl.se/bug/?i=6993
 [52] = https://curl.se/bug/?i=6993
 [53] = https://curl.se/bug/?i=6988
 [54] = https://curl.se/bug/?i=6986
 [55] = https://curl.se/bug/?i=6986
 [56] = https://curl.se/bug/?i=6960
 [57] = https://curl.se/bug/?i=6981
 [58] = https://curl.se/bug/?i=6980
 [59] = https://curl.se/bug/?i=6959
 [60] = https://curl.se/bug/?i=6954
 [62] = https://curl.se/bug/?i=6979
 [63] = https://curl.se/bug/?i=6977
 [64] = https://github.com/curl/curl/pull/6602#issuecomment-825236763
 [65] = https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33720
 [66] = https://curl.se/bug/?i=6970
 [67] = https://curl.se/bug/?i=6619
 [68] = https://curl.se/bug/?i=6967
 [69] = https://curl.se/bug/?i=6965
 [70] = https://curl.se/bug/?i=6966
 [71] = https://curl.se/bug/?i=6942
 [72] = https://curl.se/bug/?i=6945