                                  _   _ ____  _
                              ___| | | |  _ \| |
                             / __| | | | |_) | |
                            | (__| |_| |  _ <| |___
                             \___|\___/|_| \_\_____|

                                  Changelog

Version 7.78.0 (21 Jul 2021)

Daniel Stenberg (21 Jul 2021)
- RELEASE-NOTES: synced
  
  curl 7.78.0 release

- winbuild/MakefileBuild.vc: bump copyright year

Jay Satiro (21 Jul 2021)
- docs: mention max-filesize options also apply to MQTT transfers
  
  Also make it clearer that the caveat 'if the file size is unknown it
  the option will have no effect' may apply to protocols other than FTP
  and HTTP.
  
  Reported-by: Josh Soref
  
  Fixes https://github.com/curl/curl/issues/7453

- [Josh Soref brought this change]

  docs/cmdline: fix grammar and typos

- [Josh Soref brought this change]

  dump-header.d: Drop suggestion to use for cookie storage
  
  Since --cookie-jar is the preferred way to store cookies, no longer
  suggest using --dump-header to do so.
  
  Co-authored-by: Daniel Stenberg
  
  Closes https://github.com/curl/curl/issues/7414

- [Josh Soref brought this change]

  doc/cmdline: fix grammar and typos
  
  Closes https://github.com/curl/curl/pull/7454
  Closes https://github.com/curl/curl/pull/7455
  Closes https://github.com/curl/curl/pull/7456
  Closes https://github.com/curl/curl/pull/7459
  Closes https://github.com/curl/curl/pull/7460
  Closes https://github.com/curl/curl/pull/7461
  Closes https://github.com/curl/curl/pull/7462
  Closes https://github.com/curl/curl/pull/7463

Daniel Stenberg (20 Jul 2021)
- vtls: fix connection reuse checks for issuer cert and case sensitivity
  
  CVE-2021-22924
  
  Reported-by: Harry Sintonen
  Bug: https://curl.se/docs/CVE-2021-22924.html

- sectransp: check for client certs by name first, then file
  
  CVE-2021-22926
  
  Bug: https://curl.se/docs/CVE-2021-22926.html
  
  Assisted-by: Daniel Gustafsson
  Reported-by: Harry Sintonen

- telnet: fix option parser to not send uninitialized contents
  
  CVS-2021-22925
  
  Reported-by: Red Hat Product Security
  Bug: https://curl.se/docs/CVE-2021-22925.html

Jay Satiro (20 Jul 2021)
- connect: fix wrong format specifier in connect error string
  
  0842175 (not in any release) used the wrong format specifier (long int)
  for timediff_t. On an OS such as Windows libcurl's timediff_t (usually
  64-bit) is bigger than long int (32-bit). In 32-bit Windows builds the
  upper 32-bits of the timediff_t were erroneously then used by the next
  format specifier. Usually since the timeout isn't larger than 32-bits
  this would result in null as a pointer to the string with the reason for
  the connection failing. On other OSes or maybe other compilers it could
  probably result in garbage values (ie crash on deref).
  
  Before:
  Failed to connect to localhost port 12345 after 1201 ms: (nil)
  
  After:
  Failed to connect to localhost port 12345 after 1203 ms: Connection refused
  
  Closes https://github.com/curl/curl/pull/7449

- winbuild: support alternate nghttp2 static lib name
  
  - Support both nghttp2.lib and nghttp2_static.lib for static nghttp2.
  
  nghttp2 briefly changed its static lib name to nghttp2_static, but then
  made the _static suffix optional.
  
  Ref: https://github.com/nghttp2/nghttp2/pull/1394
  Ref: https://github.com/nghttp2/nghttp2/pull/1418
  Ref: https://github.com/nghttp2/nghttp2/issues/1466
  
  Reported-by: Pierre Yager
  
  Fixes https://github.com/curl/curl/issues/7446
  Closes https://github.com/curl/curl/pull/7447

- [Josh Soref brought this change]

  docs/cmdline: fix grammar and typos
  
  Closes https://github.com/curl/curl/pull/7432
  Closes https://github.com/curl/curl/pull/7436
  Closes https://github.com/curl/curl/pull/7438
  Closes https://github.com/curl/curl/pull/7440
  Closes https://github.com/curl/curl/pull/7445

- [Josh Soref brought this change]

  delegation.d: mention what happens when used multiple times
  
  Closes https://github.com/curl/curl/pull/7408

- [Josh Soref brought this change]

  create-file-mode.d: mention what happens when used multiple times
  
  Closes https://github.com/curl/curl/pull/7407

- [Josh Soref brought this change]

  config.d: split comments and option-per line
  
  Closes https://github.com/curl/curl/pull/7405

Daniel Stenberg (19 Jul 2021)
- misc: copyright year range updates

- mailmap: add Tobias and Timur

Daniel Gustafsson (18 Jul 2021)
- [Josh Soref brought this change]

  docs: spell out directories instead of dirs in create-dirs
  
  Write out directories rather than using the dirs abbrevation. Also
  use plural form consistently, even if the code in the end might just
  create a single directory.
  
  Closes #7406
  Reviewed-by: Daniel Stenberg <daniel@haxx.se>
  Reviewed-by: Daniel Gustafsson <daniel@yesql.se>

- [Tobias Nyholm brought this change]

  docs: correct spelling errors and a broken link
  
  Update grammar and spelling in docs and source code comments.
  
  Closes: #7427
  Reviewed-by: Daniel Stenberg <daniel@haxx.se>

Marc Hoersken (18 Jul 2021)
- CI/cirrus: install impacket from PyPI instead of FreeBSD packages
  
  Availability of impacket as FreeBSD package is too flaky.
  
  Stick to legacy version of cryptography which still
  supports OpenSSL version 1.0.2 due to FreeBSD 11.
  
  Reviewed-by: Daniel Stenberg
  
  Closes #7418

Daniel Stenberg (18 Jul 2021)
- [Josh Soref brought this change]

  docs/cmdline: mention what happens when used multiple times
  
  For --dns-ipv4-addr, --dns-ipv6-addr and --dns-servers
  
  Closes #7410
  Closes #7411
  Closes #7412

- [MAntoniak brought this change]

  lib: fix compiler warnings with CURL_DISABLE_NETRC
  
  warning C4189: 'netrc_user_changed': local variable is initialized but
  not referenced
  
  warning C4189: 'netrc_passwd_changed': local variable is initialized but
  not referenced
  
  Closes #7423

- disable-epsv.d: remove duplicate "(FTP)"
  
  ... since the tooling adds that to the output based on the "Protocols:"
  tag.

- [Max Zettlmeißl brought this change]

  docs: make the documentation for --etag-save match the program behaviour
  
  When using curl with the option `--etag-save` I expected it to save the
  ETag without its surrounding quotes, as stated by the documentation in
  the repository and by the generated man pages.
  
  My first endeavour was to fix the program, but while investigating the
  history of the relevant parts, I discovered that curl once saved the
  ETag without the quotes.  This was undone by Daniel Stenberg in commit
  `98c94596f5928840177b6bd3c7b0f0dd03a431af`, therefore I decided that in
  this case the documentation should be adjusted to match the behaviour of
  curl.
  
  The changed save behaviour also made parts of the `--etag-compare`
  documentation wrong or superfluous, so I adjusted those accordingly.
  
  Closes #7429

- [Josh Soref brought this change]

  write-out.d: add missing periods
  
  Closes #7404

- [Josie Huddleston brought this change]

  easy: during upkeep, attach Curl_easy to connections in the cache
  
  During the protocol-specific parts of connection upkeep, some code
  assumes that the data->conn pointer already is set correctly.  However,
  there's currently no guarantee of that in the code.
  
  This fix temporarily attaches each connection to the Curl_easy object
  before performing the protocol-specific connection check on it, in a
  similar manner to the connection checking in extract_if_dead().
  
  Fixes #7386
  Closes #7387
  Reported-by: Josie Huddleston

- [Josh Soref brought this change]

  cleanup: spell DoH with a lowercase o
  
  Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
  
  Closes #7413

- [Josh Soref brought this change]

  TheArtOfHttpScripting: polish
  
  - add missing backticks and comma
  
  - fix proxy description:
  
  * example proxy isn't local
  * locally doesn't really make sense
  
  Closes #7416

- [Josh Soref brought this change]

  form.d: add examples of `,`/`;` for file[name]
  
  Fixes #7415
  Closes #7417

- [MAntoniak brought this change]

  mbedtls: Remove unnecessary include
  
  - curl_setup.h: all references to mbedtls_md4* functions and structures
    are in the md4.c. This file already includes the <mbedtls/md4.h> file
    along with the file existence control (defined (MBEDTLS_MD4_C))
  
  - curl_ntlm_core.c: unnecessary include - repeated below
  
  Closes #7419

- RELEASE-NOTES: synced

Jay Satiro (16 Jul 2021)
- [User Sg brought this change]

  multi: fix crash in curl_multi_wait / curl_multi_poll
  
  Appears to have been caused by 51c0ebc (precedes 7.77.0) which added a
  VALID_SOCK check to one of the loops through the sockets but not the
  other.
  
  Reported-by: sylgal@users.noreply.github.com
  Authored-by: sylgal@users.noreply.github.com
  
  Fixes https://github.com/curl/curl/issues/7379
  Closes https://github.com/curl/curl/pull/7389

- [Daniel Gustafsson brought this change]

  tool_help: remove unused define
  
  The PRINT_LINES_PAUSE macro is no longer used, and has been mostly
  cleaned out but one occurrence remained.
  
  Closes https://github.com/curl/curl/pull/7380

- [Sergey Markelov brought this change]

  build: fix compiler warnings when CURL_DISABLE_VERBOSE_STRINGS
  
  fix compiler warnings about unused variables and parameters when
  built with --disable-verbose.
  
  Closes https://github.com/curl/curl/pull/7377

- [Andrea Pappacoda brought this change]

  build: fix IoctlSocket FIONBIO check
  
  Prior to this change HAVE_IOCTLSOCKET_CAMEL_FIONBIO mistakenly checked
  for (lowercase) ioctlsocket when it should have checked for IoctlSocket.
  
  Closes https://github.com/curl/curl/pull/7375

- [Timur Artikov brought this change]

  configure: fix nghttp2 library name for static builds
  
  Don't hardcode the nghttp2 library name,
  because it can vary, be "nghttp2_static" for example.
  
  Fixes https://github.com/curl/curl/issues/7367
  Closes https://github.com/curl/curl/pull/7368

Gisle Vanem (16 Jul 2021)
- [PellesC] fix _lseeki64() macro

- [SChannel] Use '_tcsncmp()' instead
  
  Revert previous change for PellesC.
  
  Instead replace all use of `_tcsnccmp()` with `_tcsncmp()`.

- [PellesC] missing '_tcsnccmp'
  
  PellesC compiler does not have this macro in it's `<tchar.h>`

Daniel Gustafsson (14 Jul 2021)
- TODO: add mention of mbedTLS 3 incompatibilities
  
  Wyatt OʼDay reported in #7385 that mbedTLS isn't backwards compatible
  and curl no longer builds with it. Document the need to fix our support
  until so has been done.
  
  Closes #7390
  Fixes #7385
  Reported-by: Wyatt OʼDay
  Reviewed-by: Jay Satiro <raysatiro@yahoo.com>

- docs: fix inconsistencies in EGDSOCKET documentation
  
  Only the OpenSSL backend actually use the EGDSOCKET, and also use
  TLS consistently rather than mixing SSL and TLS. While there, also
  fix a minor spelling nit.
  
  Closes: #7391
  Reviewed-by: Jay Satiro <raysatiro@yahoo.com>

- [Борис Верховский brought this change]

  docs: document missing arguments to commands
  
  This is a followup to commit f410b9e538129e77607fef1 fixing a few
  more commands which takes arguments.
  
  Closes #7382
  Reviewed-by: Daniel Gustafsson <daniel@yesql.se>

- [Randolf J brought this change]

  docs: fix incorrect argument name reference
  
  The documentation for the read callback was erroneously referencing
  the nitems argument by nmemb.  The error was introduced in commit
  ce0881edee3c7.
  
  Closes #7383
  Reviewed-by: Daniel Gustafsson <daniel@yesql.se>

- [Борис Верховский brought this change]

  tool_help: Document that --tlspassword takes a password
  
  Closes #7378
  Reviewed-by: Daniel Stenberg <daniel@haxx.se>

- scripts: Fix typo in release-notes instructions
  
  The command to run had a typo in the pathname which prevented copy
  pasting it to work, which has annoyed me enough to fix this now.

- RELEASE-NOTES: synced

Jay Satiro (10 Jul 2021)
- write-out.d: Clarify urlnum is not unique for de-globbed URLs
  
  Reported-by: Коваленко Анатолий Викторович
  
  Fixes https://github.com/curl/curl/issues/7342
  Closes https://github.com/curl/curl/pull/7369

Daniel Gustafsson (3 Jul 2021)
- [William Desportes brought this change]

  docs: Fix typos
  
  Closes: #7370
  Reviewed-by: Daniel Gustafsson <daniel@yesql.se>

Daniel Stenberg (8 Jul 2021)
- [Jonathan Wernberg brought this change]

  Revert "ftp: Expression 'ftpc->wait_data_conn' is always false"
  
  The reverted commit introduced a logic error in code that was
  correct.
  
  The client using libcurl would notice the error since FTP file
  uploads in active transfer mode would somtimes complete with
  success despite no transfer having been performed and the
  "uploaded" file thus not being on the remote server afterwards.
  
  The FTP server would notice the error because it receives a
  RST on the data connection it has established with the client
  before any data was transferred at all.
  
  The logic error happens if the STOR response from the server have
  arrived by the time ftp_multi_statemach() in the affected code path
  is called, but the incoming data connection have not arrived yet.
  In that case, the processing of the STOR response will cause
  'ftpc->wait_data_conn' to be set to TRUE, contradicting the comment
  in the code. Since 'complete' will also be set, later logic would
  believe the transfer was done.
  
  In most cases, the STOR response will not have arrived yet when
  the affected code path is executed, or the incoming connection will
  also have arrived, and thus the error would not express itself.
  But if the speed difference of the device using libcurl and the
  FTP server is exactly right, the error may happen as often as in
  one out of hundred file transfers.
  
  This reverts commit 49f3117a238b6eac0e22a32f50699a9eddcb66ab.
  
  Bug: https://curl.se/mail/lib-2021-07/0025.html
  Closes #7362

- msnprintf: return number of printed characters excluding null byte
  
  ... even when the output is "capped" by the maximum length argument.
  
  Clarified in the docs.
  
  Closes #7361

- infof: remove newline from format strings, always append it
  
  - the data needs to be "line-based" anyway since it's also passed to the
    debug callback/application
  
  - it makes infof() work like failf() and consistency is good
  
  - there's an assert that triggers on newlines in the format string
  
  - Also removes a few instances of "..."
  
  - Removes the code that would append "..." to the end of the data *iff*
    it was truncated in infof()
  
  Closes #7357

- examples/multi-single: fix scan-build warning
  
  warning: Value stored to 'mc' during its initialization is never read
  
  Follow-up to ae8e11ed5fd2ce
  
  Closes #7360

- wolfssl: failing to set a session id is not reason to error out
  
  ... as it is *probably* just timed out.
  
  Reported-by: Francisco Munoz
  
  Closes #7358

- docs/examples: use curl_multi_poll() in multi examples
  
  The API is soon two years old and deserves being shown as the primary
  way to drive multi code as it makes it much easier to write code.
  
  multi-poll: removed
  
  multi-legacy: add to show how we did multi API use before
  curl_multi_wait/poll.
  
  Closes #7352

- KNOWN_BUGS: flaky Windows CI builds
  
  Closes #6972

- RELEASE-NOTES: synced

- test1147: hyper doesn't allow "crazy" request headers like built-in
  
  ... so strip that from the test.
  
  Closes #7349

- c-hyper: bail on too long response headers
  
  To match with built-in behaviors. Makes test 1154 work.
  
  Closes #7350

- test1151: added missing CRLF to work with hyper
  
  Closes #7350

- c-hyper: add support for transfer-encoding in the request
  
  Closes #7348

- [Andrea Pappacoda brought this change]

  cmake: remove libssh2 feature checks
  
  libssh2 features are detected based on version since commit
  9dbbba997608f7c3c5de1c627c77c8cd2aa85b73
  
  Closes #7343

- test1116: hyper doesn't pass through "surprise-trailers"
  
  Closes #7344

- socks4: scan for the IPv4 address in resolve results
  
  Follow-up to 84d2839740 which changed the resolving to always resolve
  both address families, but since SOCKS4 only supports IPv4 it should
  scan for and use the first available IPv4 address.
  
  Reported-by: shithappens2016 on github
  Fixes #7345
  Closes #7346

Jay Satiro (5 Jul 2021)
- proto.d: fix formatting for paragraphs after margin changes
  
  Closes https://github.com/curl/curl/pull/7341

- pinnedpubkey.d: fix formatting for version support lists
  
  Closes https://github.com/curl/curl/pull/7340

Daniel Stenberg (2 Jul 2021)
- TODO: "Support in-memory certs/ca certs/keys" done
  
  Has been suppored for a while now with the *BLOB options.

- examples: safer and more proper read callback logic
  
  The same callback code is used in:
  
   imap-append.c
   smtp-authzid.c
   smtp-mail.c
   smtp-multi.c
   smtp-ssl.c
   smtp-tls.c
  
  It should not assume that it can copy full lines into the buffer as it
  will encourage sloppy coding practices. Instead use byte-wise logic and
  check/acknowledge the buffer size appropriately.
  
  Reported-by: Harry Sintonen
  Fixes #7330
  Closes #7331

- test1519: adjusted to work with hyper
  
  Closes #7333

- test1518: adjusted to work with hyper
  
  ... by making sure the stdout output doesn't look like HTTP headers.
  
  Closes #7333

- test1514: add a CRLF to the response to make it correct
  
  Makes hyper accept it fine instead returning HYPERE_UNEXPECTED_EOF on
  us.
  
  Closes #7334

- formdata: avoid "Argument cannot be negative" warning
  
  ... when converting a curl_off_t to size_t, by using
  CURL_ZERO_TERMINATED before passing the argument to the function.
  
  Detected by Coverity CID 1486590.
  
  Closes #7328
  Assisted-by: Daniel Gustafsson

- lib: more %u for port and int for %*s fixes
  
  Detected by Coverity
  
  Closes #7329

- doh: (void)-prefix call to curl_easy_setopt

- lib: fix type of len passed to *printf's %*s
  
  ... it needs to be 'int'. Detected by Coverity CID 1486611 (etc)
  
  Closes #7326

- lib: use %u instead of %ld for port number printf
  
  Follow-up to 764c6bd3bf which changed the type of some port number
  fields. Detected by Coverity (CID 1486624) etc.
  
  Closes #7325

- version: turn version number functions into returning void
  
  ... as we never use the return codes from them.
  
  Reviewed-by: Daniel Gustafsson
  Closes #7319

- mqtt: extend the error message for no topic
  
  ... and mention that it needs URL encoding.
  
  Reported-by: Peter Körner
  Fixes #7316
  Closes #7317

- formdata: correct typecast in curl_mime_data call
  
  Coverity pointed out it the mismatch. CID 1486590
  
  Closes #7327

- url: (void)-prefix a curl_url_get() call
  
  Coverity (CID 1486645) pointed out a use of curl_url_get() in the
  parse_proxy function where the return code wasn't checked. A
  (void)-prefix makes the intention obvious.
  
  Closes #7320

- glob: pass an 'int' as len when using printf's %*s
  
  Detected by Coverity CID 1486629.
  
  Closes #7324

- vtls: use free() not curl_free()
  
  curl_free() is provided for users of the API to free returned data,
  there's no need to use it internally.
  
  Closes #7318

- zuul: use the new rustls directory name
  
  Follow-up to 6d972c8b1cbb3 which missed updating this directory name.
  
  Also no longer call it crustls in the docs and bump to rusttls-ffi 0.7.1
  
  Closes #7311

Jay Satiro (29 Jun 2021)
- http: fix crash in rate-limited upload
  
  - Don't set the size of the piece of data to send to the rate limit if
    that limit is larger than the buffer size that will hold the piece.
  
  Prior to this change if CURLOPT_MAX_SEND_SPEED_LARGE
  (curl tool: --limit-rate) was set then it was possible that a temporary
  buffer used for uploading could be written to out of bounds. A likely
  scenario for this would be a non-trivial amount of post data combined
  with a rate limit larger than CURLOPT_UPLOAD_BUFFERSIZE (default 64k).
  
  The bug was introduced in 24e469f which is in releases since 7.76.0.
  
  perl -e "print '0' x 200000" > tmp
  curl --limit-rate 128k -d @tmp httpbin.org/post
  
  Reported-by: Richard Marion
  
  Fixes https://github.com/curl/curl/issues/7308
  Closes https://github.com/curl/curl/pull/7315

Daniel Stenberg (29 Jun 2021)
- copyright: add boiler-plate headers to CI config files
  
  And whitelist .zuul.ignore
  
  Closes #7314

- CI: remove travis details
  
  Rename still used leftovers to "zuul" as that's now the CI using them.
  
  Closes #7313

- RELEASE-NOTES: synced

- openssl: avoid static variable for seed flag
  
  Avoid the race condition risk by instead storing the "seeded" flag in
  the multi handle. Modern OpenSSL versions handle the seeding itself so
  doing the seeding once per multi-handle instead of once per process is
  less of an issue.
  
  Reported-by: Gerrit Renker
  Fixes #7296
  Closes #7306

- configure: inhibit the implicit-fallthrough warning on gcc-12
  
  ... since it no longer acknowledges the comment markup we use for that
  purpose.
  
  Reported-by: Younes El-karama
  Fixes #7295
  Closes #7307

Daniel Gustafsson (28 Jun 2021)
- [Andrei Rybak brought this change]

  misc: fix typos in comments which repeat a word
  
  Fix typos in code comments which repeat various words.  In trivial
  cases, just delete the repeated word.  Reword the affected sentence in
  "lib/url.c" for it to make sense.
  
  Closes #7303
  Reviewed-by: Daniel Gustafsson <daniel@yesql.se>

Daniel Stenberg (27 Jun 2021)
- lib677: make it survive torture testing
  
  Follow-up to a5ab72d5edd7
  
  Closes #7300

- [Tommy Chiang brought this change]

  docs/BINDINGS: fix outdated links
  
  * luacurl page is now not accessible, fix it with wayback machine page
  * Scheme one seems not providing https now, change it back to http one
  
  Closes #7301

- [Jacob Hoffman-Andrews brought this change]

  curstls: bump crustls version and use new URL
  
  crustls moved to https://github.com/rustls/rustls-ffi. This also bumps
  the expected version to 0.7.0.
  
  Closes #7297

- RELEASE-NOTES: synced

- examples: length-limit two sscanf() uses of %s
  
  Reported-by: Jishan Shaikh
  Fixes #7293
  Closes #7294

- [Richard Whitehouse brought this change]

  multi: alter transfer timeout ordering
  
  - Check whether a connection has succeded before checking whether it's
    timed out.
  
    This means if we've connected quickly, but subsequently been
    descheduled, we allow the connection to succeed. Note, if we timeout,
    but between checking the timeout, and connecting to the server the
    connection succeeds, we will allow it to go ahead. This is viewed as
    an acceptable trade off.
  
  - Add additional failf logging around failed connection attempts to
    propogate the cause up to the caller.
  
  Co-Authored-by: Martin Howarth
  Closes #7178

- test677: IMAP CONNECT_ONLY, custom command and then exit
  
  Adjusted ftpserver.pl to add support for the IMAP IDLE command
  
  Adjusted test 660 to sync with the fix

- multi: do not switch off connect_only flag when closing
  
  ... as it made protocol specific disconnect commands wrongly get used.
  
  Bug: https://curl.se/mail/lib-2021-06/0024.html
  Reported-by: Aleksander Mazur
  Closes #7288

- http: make the haproxy support work with unix domain sockets
  
  ... it should then pass on "PROXY UNKNOWN" since it doesn't know the
  involved IP addresses.
  
  Reported-by: Valentín Gutiérrez
  Fixes #7290
  Closes #7291

- [Xiang Xiao brought this change]

  curl.h: include sys/select.h for NuttX RTOS
  
  Closes #7287

- [Bin Meng brought this change]

  curl.h: remove the execution bit
  
  The execution bit of curl.h file was wrongly added:
  
    commit 2621025d6f96 ("curl.h: <sys/select.h> is supported by VxWorks7")
  
  and should be removed.
  
  Follow-up to 2621025d6f96 ("curl.h: <sys/select.h> is supported by VxWorks7")
  Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
  Closes #7286

- [Bin Lan brought this change]

  curl.h: <sys/select.h> is supported by VxWorks7
  
  Closes #7285

- [Bachue Zhou brought this change]

  quiche: use send() instead of sendto() to avoid macOS issue
  
  sendto() always returns "Socket is already connected" error on macos
  
  Closes #7260

- [Li Xinwei brought this change]

  cmake: fix support for UnixSockets feature on Win32
  
  Move the definition of sockaddr_un struct from config-win32.h to
  curl_setup.h, so that it could be shared by all build systems.
  
  Add ADDRESS_FAMILY typedef for old mingw, now old mingw can also use
  unix sockets.
  
  Also fix the build of tests/server/sws.c on Win32 when USE_UNIX_SOCKETS
  is defined.
  
  Closes #7034

- [Gregory Muchka brought this change]

  hostip: (macOS) free returned memory of SCDynamicStoreCopyProxies
  
  From Apples documentation on SCDynamicStoreCopyProxies, "Return Value: A
  dictionary of key-value pairs that represent the current internet proxy
  settings, or NULL if no proxy settings have been defined or if an error
  occurred. You must release the returned value."
  
  Failure to release the returned value of SCDynamicStoreCopyProxies can
  result in a memory leak.
  
  Source: https://developer.apple.com/documentation/systemconfiguration/1517088-scdynamicstorecopyproxies
  
  Closes #7265

- RELEASE-NOTES: synced

Jay Satiro (21 Jun 2021)
- vtls: fix warning due to function prototype mismatch
  
  b09c8ee changed the function prototype. Caught by Visual Studio.

- curl_multibyte: Remove local encoding fallbacks
  
  - If the UTF-8 to UTF-16 conversion fails in Windows Unicode builds then
    no longer fall back to assuming the string is in a local encoding.
  
  Background:
  
  Some functions in Windows Unicode builds must convert UTF-8 to UTF-16 to
  pass to the Windows CRT API wide-character functions since in Windows
  UTF-8 is not a valid locale (or at least 99% of the time right now).
  
  Prior to this change if the Unicode encoding conversion failed then
  libcurl would assume, for backwards compatibility with applications that
  may have written their code for non-Unicode builds, attempt to convert
  the string from local encoding to UTF-16.
  
  That type of "best effort" could theoretically cause some type of
  security or other problem if a string that was locally encoded was also
  valid UTF-8, and therefore an unexpected UTF-8 to UTF-16 conversion
  could occur.
  
  Ref: https://github.com/curl/curl/pull/7246
  
  Closes https://github.com/curl/curl/pull/7257

Daniel Stenberg (20 Jun 2021)
- curl_endian: remove the unused Curl_write64_le function
  
  The last usage was removed in cca455a36
  
  Closes #7280

- vtls: only store TIMER_APPCONNECT for non-proxy connect
  
  Introducing a 'isproxy' argument to the connect function so that it
  knows wether to store the time stamp or not.
  
  Reported-by: Yongkang Huang
  Fixes #7274
  Closes #7274

- gnutls: set the preferred TLS versions in correct order
  
  Regression since 781864bedbc57 (curl 7.77.0)
  
  Reported-by: civodul on github
  Assisted-by: Nikos Mavrogiannopoulos
  Fixes #7277
  Closes #7278

- [Gergely Nagy brought this change]

  configure/cmake: remove checks for unused gethostbyaddr and gethostbyaddr_r
  
  Closes #7276

- [Gergely Nagy brought this change]

  configure/cmake: remove checks for unused inet_ntoa and inet_ntoa_r
  
  Closes #7276

- [Gergely Nagy brought this change]

  configure/cmake: remove unused define HAVE_PERROR
  
  Closes #7276

- [Gergely Nagy brought this change]

  configure: remove unused check for gai_strerror
  
  Closes #7276

- [Gergely Nagy brought this change]

  configure/cmake: remove unused define HAVE_FREEIFADDRS
  
  Closes #7276

- [Gergely Nagy brought this change]

  configure/cmake: remove unused define HAVE_FORK
