                                  _   _ ____  _
                              ___| | | |  _ \| |
                             / __| | | | |_) | |
                            | (__| |_| |  _ <| |___
                             \___|\___/|_| \_\_____|

                                  Changelog

Version 7.82.0 (5 Mar 2022)

Daniel Stenberg (5 Mar 2022)
- RELEASE-NOTES: synced
  
  The 7.82.0 release

- THANKS: updates from the 7.82.0 release notes

- misc: update copyright year ranges

Jay Satiro (5 Mar 2022)
- unit1610: init SSL library before calling SHA256 functions
  
  The SSL library must be initialized (via global initialization) because
  libcurl's SHA256 functions may call SHA256 functions in the SSL library.
  
  Reported-by: Gisle Vanem
  
  Fixes https://github.com/curl/curl/issues/8538
  Closes https://github.com/curl/curl/pull/8540

- examples/curlx: support building with OpenSSL 1.1.0+
  
  - Access members of X509_STORE_CTX in OpenSSL 1.1.0+ by using API
    functions.
  
  The X509_STORE_CTX struct has been opaque since OpenSSL 1.1.0.
  
  Ref: https://curl.se/mail/lib-2022-03/0004.html
  
  Closes https://github.com/curl/curl/pull/8529

- h2h3: fix typo
  
  Bug: https://github.com/curl/curl/issues/8381#issuecomment-1055440241
  Reported-by: Michael Kaufmann

- [Farzin brought this change]

  CURLOPT_XFERINFOFUNCTION.3: fix example struct assignment
  
  Closes https://github.com/curl/curl/pull/8519

Daniel Stenberg (26 Feb 2022)
- azure-pipelines: add a build on Windows with libssh
  
  Closes #8511

- runtests: make 'oldlibssh' be before 0.9.5
  
  Closes #8511

- libssh: fix include files and defines use for Windows builds
  
  Reported-by: 梦终无痕
  Bug: https://curl.se/mail/lib-2022-02/0131.html
  Closes #8511

- RELEASE-NOTES: synced

- [illusory-dream brought this change]

  winbuild: add parameter WITH_SSH
  
  For building with libssh
  Closes #8514

- configure: change output for cross-compiled alt-svc support
  
  It said 'no', while it actually is 'yes'
  
  Closes #8512

- gha: add a macOS CI job with libssh
  
  Closes #8513

- TODO: remove "Bring back libssh tests on Travis"
  
  The job was added to Circle CI in d8ddd0e7536

- TODO: remove "better persistency for HTTP/1.0"
  
  Let's not bother.

- TODO: remove "Option to ignore private IP"
  
  ... as curl ignores the IP entirely by default these days.

- TODO: remove "hardcode the "localhost" addresses"
  
  This is implmented since 1a0ebf6632f88

- TODO: 1.24 was a dupe of 1.1

- TODO: remove "Typesafe curl_easy_setopt()"
  
  I don't consider this a serious TODO item

- KNOWN_BUGS: remove "Uploading HTTP/3 files gets interrupted"
  
  This works now

- KNOWN_BUGS: remove "HTTP/3 multipart POST with quiche fails"
  
  It works now

- quiche: remove two leftover debug infof() outputs

- [Tatsuhiro Tsujikawa brought this change]

  ngtcp2: Reset dynbuf when it is fully drained
  
  Reported-by: vl409 on github
  Fixes #7351
  Closes #8504

- [Stewart Gebbie brought this change]

  hostip: avoid unused parameter error in Curl_resolv_check
  
  When built without DNS-over-HTTP and without asynchronous resolvers,
  neither the dns nor the data parameters are used.
  
  That is Curl_resolv_check appears to call
  Curl_resolver_is_resolved(data, dns). But,
  with CURL_DISABLE_DOH without CURLRES_ASYNCH, the call is actually
  elided via a macro definition.
  
  This fix resolves the resultant: "unused parameter 'data'" error.
  
  Closes #8505

- http2: move two infof calls to debug-h2-only
  
  and remove a superflous one
  
  Ref: https://github.com/curl/curl/discussions/8498
  Closes #8502

- [Jean-Philippe Menil brought this change]

  quiche: fix upload for bigger content-length
  
  Signed-off-by: Jean-Philippe Menil <jpmenil@gmail.com>
  Closes #8421

Jay Satiro (23 Feb 2022)
- [Farzin brought this change]

  CURLOPT_PROGRESSFUNCTION.3: fix example struct assignment
  
  Closes https://github.com/curl/curl/pull/8500

Daniel Stenberg (22 Feb 2022)
- [Rob Boeckermann brought this change]

  OS400/README: clarify compilation steps
  
  Closes #8494

- [Rob Boeckermann brought this change]

  OS400: fix typos in rpg include file
  
  This resolves issues compiling rpg code that includes the curl header
  file.
  
  Closes #8494

- [Michał Antoniak brought this change]

  vtls: fix socket check conditions
  
  fix condition to check the second socket during associate and
  disassociate connection
  
  Closes #8493

- libssh2: don't typecast socket to int for libssh2_session_handshake
  
  Since libssh2_socket_t uses SOCKET on windows which can be larger than
  int.
  
  Closes #8492

- RELEASE-NOTES: fix typo and make one desc shorter

- RELEASE-NOTES: synced

- CURLOPT_XFERINFOFUNCTION.3: fix typo in example
  
  Reported-by: coralw on github
  Fixes #8487
  Closes #8488

- README: disable linkchecks for the sponsor links
  
  Closes #8489

Jay Satiro (21 Feb 2022)
- openssl: check if sessionid flag is enabled before retrieving session
  
  Ideally, Curl_ssl_getsessionid should not be called unless sessionid
  caching is enabled. There is a debug assertion in the function to help
  ensure that. Therefore, the pattern in all vtls is basically:
  
    if(primary.sessionid) {lock(); Curl_ssl_getsessionid(...); unlock();}
  
  There was one instance in openssl.c where sessionid was not checked
  beforehand and this change fixes that.
  
  Prior to this change an assertion would occur in openssl debug builds
  during connection stage if session caching was disabled.
  
  Reported-by: Jim Beveridge
  
  Fixes https://github.com/curl/curl/issues/8472
  Closes https://github.com/curl/curl/pull/8484

- multi: allow user callbacks to call curl_multi_assign
  
  Several years ago a change was made to block user callbacks from calling
  back into the API when not supported (recursive calls). One of the calls
  blocked was curl_multi_assign. Recently the blocking was extended to the
  multi interface API, however curl_multi_assign may need to be called
  from within those user callbacks (eg CURLMOPT_SOCKETFUNCTION).
  
  I can't think of any callback where it would be unsafe to call
  curl_multi_assign so I removed the restriction entirely.
  
  Reported-by: Michael Wallner
  
  Ref: https://github.com/curl/curl/commit/b46cfbc
  Ref: https://github.com/curl/curl/commit/340bb19
  
  Fixes https://github.com/curl/curl/issues/8480
  Closes https://github.com/curl/curl/pull/8483

Daniel Stenberg (21 Feb 2022)
- [Michał Antoniak brought this change]

  ssl: reduce allocated space for ssl backend when FTP is disabled
  
  Add assert() for the backend pointer in many places
  
  Closes #8471

- [Michał Antoniak brought this change]

  checkprefix: remove strlen calls
  
  Closes #8481

Jay Satiro (20 Feb 2022)
- [1337vt brought this change]

  curl.h: fix typo
  
  Closes https://github.com/curl/curl/pull/8482

- [Jan Venekamp brought this change]

  sectransp: mark a 3DES cipher as weak
  
  - Change TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA strength to weak.
  
  All other 3DES ciphers are already marked as weak.
  
  Closes https://github.com/curl/curl/pull/8479

- [Jan Venekamp brought this change]

  bearssl: fix EXC_BAD_ACCESS on incomplete CA cert
  
  - Do not create trust anchor object for a CA certificate until after it
    is processed.
  
  Prior to this change the object was created at state BR_PEM_BEGIN_OBJ
  (certificate processing begin state). An incomplete certificate (for
  example missing a newline at the end) never reaches BR_PEM_END_OBJ
  (certificate processing end state) and therefore the trust anchor data
  was not set in those objects, which caused EXC_BAD_ACCESS.
  
  Ref: https://github.com/curl/curl/pull/8106
  
  Closes https://github.com/curl/curl/pull/8476

- [Jan Venekamp brought this change]

  bearssl: fix connect error on expired cert and no verify
  
  - When peer verification is disabled use the x509_decode engine instead
    of the x509_minimal engine to parse and extract the public key from
    the first cert of the chain.
  
  Prior to this change in such a case no key was extracted and that caused
  CURLE_SSL_CONNECT_ERROR. The x509_minimal engine will stop parsing if
  any validity check fails but the x509_decode won't.
  
  Ref: https://github.com/curl/curl/pull/8106
  
  Closes https://github.com/curl/curl/pull/8475

- [Jan Venekamp brought this change]

  bearssl: fix session resumption (session id)
  
  Prior to this change br_ssl_client_reset was mistakenly called with
  resume_session param set to 0, which disabled session resumption.
  
  Ref: https://github.com/curl/curl/pull/8106
  
  Closes https://github.com/curl/curl/pull/8474

Daniel Stenberg (18 Feb 2022)
- [Michał Antoniak brought this change]

  openssl: fix build for version < 1.1.0
  
  Closes #8470

- [Joel Depooter brought this change]

  schannel: move the algIds array out of schannel.h
  
  This array is only used by the SCHANNEL_CRED struct in the
  schannel_acquire_credential_handle function. It can therefore be kept as
  a local variable. This is a minor update to
  bbb71507b7bab52002f9b1e0880bed6a32834511.
  
  This change also updates the NUM_CIPHERS value to accurately count the
  number of ciphers options listed in schannel.c, which is 47 instead of
  45. It is unlikely that anyone tries to set all 47 values, but if they
  had tried, the last two would not have been set.
  
  Closes #8469

- [Alejandro R. Sedeño brought this change]

  configure.ac: use user-specified gssapi dir when using pkg-config
  
  Using the system pkg-config path in the face of a user-specified
  library path is asking to link the wrong library.
  
  Reported-by: Michael Kaufmann
  Fixes #8289
  Closes #8456

- [Kevin Adler brought this change]

  os400: Add link to QADRT devkit to README.OS400
  
  Closes #8455

- [Kevin Adler brought this change]

  os400: Add function wrapper for system command
  
  The wrapper will exit if the system command failed instead of blindly
  continuing on.
  
  In addition, only copy docs which exist, since now the copy failure will
  cause the build to stop.
  
  Closes #8455

- [Kevin Adler brought this change]

  os400: Default build to target current release
  
  V6R1M0 is not available as a target release since IBM i 7.2. To keep
  from having to keep this up to date in git, default to the current
  release. Users can configure this to whatever release they want to
  actually build for.
  
  Closes #8455

- docs/INTERNALS.md: clean up, refer to the book
  
  The explanatory parts are now in the everything curl book (which can
  also use images etc). This document now refers to that resource and only
  leaves listings of supported versions of libs, tools and operating
  systems. See https://everything.curl.dev/internals
  
  Closes #8467

Marcel Raad (17 Feb 2022)
- des: fix compile break for OpenSSL without DES
  
  When `USE_OPENSSL` was defined but OpenSSL had no DES support and a
  different crypto library was used for that, `Curl_des_set_odd_parity`
  was called but not defined. This could for example happen on Windows
  and macOS when using OpenSSL v3 with deprecated features disabled.
  
  Use the same condition for the function definition as used at the
  caller side, but leaving out the OpenSSL part to avoid including
  OpenSSL headers.
  
  Closes https://github.com/curl/curl/pull/8459

Daniel Stenberg (17 Feb 2022)
- RELEASE-NOTES: synced

- docs/DEPRECATE: remove NPN support in August 2022
  
  Closes #8458

- ftp: provide error message for control bytes in path
  
  Closes #8460

- http: fix "unused parameter ‘conn’" warning
  
  Follow-up from 7d600ad1c395
  
  Spotted on appveyor
  
  Closes #8465

Jay Satiro (17 Feb 2022)
- [Alejandro R. Sedeño brought this change]

  sha256: Fix minimum OpenSSL version
  
  - Change the minimum OpenSSL version for using their SHA256
    implementation from 0.9.7 to 0.9.8.
  
  EVP_sha256() does not appear in the OpenSSL source before 0.9.7h, and
  does not get built by default until 0.9.8, so trying to use it for all
  0.9.7 is wrong, and before 0.9.8 is unreliable.
  
  Closes https://github.com/curl/curl/pull/8464

Daniel Stenberg (16 Feb 2022)
- KNOWN_BUGS: remove "slow connect to localhost on Windows"
  
  localhost is not resolved anymore since 1a0ebf6632f88

- KNOWN_BUGS: remove "HTTP/3 download is 5x times slower than HTTP/2"
  
  It's not actually a bug. More like room for improvement.

- KNOWN_BUGS: remove "HTTP/3 download with quiche halts after a while"
  
  Follow-up to 96f85a0fef694

- KNOWN_BUGS: remove "pulseUI vpn" as a problem
  
  We haven't heard about this for a long time and rumours have it they
  might have fixed it.

- urldata: remove conn->bits.user_passwd
  
  The authentication status should be told by the transfer and not the
  connection.
  
  Reported-by: John H. Ayad
  Fixes #8449
  Closes #8451

- [Kevin Adler brought this change]

  gskit: Convert to using Curl_poll
  
  As mentioned in 32766cb, gskit was the last user of Curl_select which is
  now gone. Convert to using Curl_poll to allow build to work on IBM i.
  
  Closes #8454

- [Kevin Adler brought this change]

  gskit: Fix initialization of Curl_ssl_gskit struct
  
  In c30bf22, Curl_ssl_getsock was factored out in to a member of
  struct Curl_ssl but the gskit initialization was not updated to reflect
  this new member.
  
  Closes #8454

- [Kevin Adler brought this change]

  gskit: Fix errors from Curl_strerror refactor
  
  2f0bb864c1 replaced sterror with Curl_strerror, but the strerror buffer
  shadows the set_buffer "buffer" parameter. To keep consistency with the
  other functions that use Curl_strerror, rename the parameter.
  
  In addition, strerror.h is needed for the definition of STRERROR_LEN.
  
  Closes #8454

Marcel Raad (15 Feb 2022)
- ntlm: remove unused feature defines
  
  They're not used anymore and always supported.
  
  Closes https://github.com/curl/curl/pull/8453

Daniel Stenberg (15 Feb 2022)
- [Kantanat Wannapaka brought this change]

  README.md: fix link and layout
  
  replace <a></a> tags and <img></img> tags
  
  Closes #8448

- KNOWN_BUGS: fix typo "libpsl"

Jay Satiro (14 Feb 2022)
- h2h3: fix compiler warning due to function prototype mismatch
  
  - Add missing const qualifier in Curl_pseudo_headers declaration.

Daniel Stenberg (14 Feb 2022)
- [Stefan Eissing brought this change]

  urlapi: handle "redirects" smarter
  
    - avoid one malloc when setting a new url via curl_url_set()
      and CURLUPART_URL.
    - extract common pattern into a new static function.
  
  Closes #8450

- cijobs: pick up circleci configure lines better

- circleci: add a job using wolfSSH
  
  Build only, no tests.
  
  Closes #8445

- scripts/ciconfig.pl: show used options not available

- circleci: add a job using libssh
  
  Closes #8444

- runtests: set 'oldlibssh' for libssh versions before 0.9.6
  
  ... and make test 1459 check for the different return code then.
  
  Closes #8444

Jay Satiro (13 Feb 2022)
- Makefile.am: Generate VS 2022 projects
  
  Follow-up to f13d4d0 which added VS 2022 project support.
  
  Ref: https://github.com/curl/curl/pull/8438

- [Daniel Stenberg brought this change]

  projects: remove support for MSVC before VC10 (Visual Studio 2010)
  
  - Remove Visual Studio project files for VC6, VC7, VC7.1, VC8 and VC9.
  
  Those versions are too old to be maintained any longer.
  
  Closes https://github.com/curl/curl/pull/8442

- [Stav Nir brought this change]

  projects: add support for Visual Studio 17 (2022)
  
  Closes https://github.com/curl/curl/pull/8438

Daniel Stenberg (13 Feb 2022)
- RELEASE-NOTES: synced

- connect: follow-up fix the copyright year

- [Michał Antoniak brought this change]

  misc: remove unused data when IPv6 is not supported
  
  Closes #8430

- scripts/ciconfig: show CI job config info
  
  Closes #8446

- quiche: handle stream reset
  
  A stream reset now causes a CURLE_PARTIAL_FILE error. I'm not convinced
  this is the right action nor the right error code.
  
  Reported-by: Lucas Pardue
  Fixes #8437
  Closes #8440

- mime: use a define instead of the magic number 24
  
  MIME_BOUNDARY_DASHES is now the number of leading dashes in the
  generated boundary string.
  
  Closes #8441

- [Henrik Holst brought this change]

  hostcheck: reduce strlen calls on chained certificates
  
  Closes #8428

- [Patrick Monnerat brought this change]

  mime: some more strlen() call removals.
  
  Closes #8423

- scripts/cijobs.pl: detect zuul cmake jobs better

- url: exclude zonefrom_url when no ipv6 is available
  
  Closes #8439

- if2ip: make Curl_ipv6_scope a blank macro when IPv6-disabled
  
  Closes #8439

- [Henrik Holst brought this change]

  mprintf: remove strlen calls on empty strings in dprintf_formatf
  
  Turns out that in dprintf_formatf we did a strlen on empty strings, a
  bit strange is how common this actually is, 24 alone when doing a simple
  GET from https://curl.se
  
  Closes #8427

- wolfssl: return CURLE_AGAIN for the SSL_ERROR_NONE case
  
  Closes #8431

- wolfssl: when SSL_read() returns zero, check the error
  
  Returning zero indicates end of connection, so if there's no data read
  but the connection is alive, it needs to return -1 with CURLE_AGAIN.
  
  Closes #8431

- quiche: after leaving h3_recving state, poll again
  
  This could otherwise easily leave libcurl "hanging" after the entire
  transfer is done but without noticing the end-of-transfer signal.
  
  Assisted-by: Lucas Pardue
  Closes #8436

- quiche: when *recv_body() returns data, drain it before polling again
  
  Assisted-by: Lucas Pardue
  
  Closes #8429

- [gaoxingwang on github brought this change]

  configure: fix '--enable-code-coverage' typo
  
  Fixes #8425
  Closes #8426

- lib/h2h3: #ifdef on ENABLE_QUIC, not the wrong define
  
  Otherwise the build fails when H3 is enabled but the build doesn't
  include nghttp2.
  
  Closes #8424

- hostcheck: pass in pattern length too, to avoid a strlen call
  
  Removes one strlen() call per SAN name in a cert-check.
  
  Closes #8418

- [Henrik Holst brought this change]

  misc: remove strlen for Curl_checkheaders + Curl_checkProxyheaders
  
  Closes #8409

- configure: requires --with-nss-deprecated to build with NSS
  
  Add deprecation plans to docs/DEPRECATE.md
  
  Closes #8395

- mqtt: free 'sendleftovers' in disconnect
  
  Fix a memory-leak
  
  Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43646
  Closes #8415

- [Patrick Monnerat brought this change]

  openldap: pass string length arguments to client_write()
  
  This uses the new STRCONST() macro and saves 2 strlen() calls on short
  string constants per LDIF output line.
  
  Closes #8404

- [Henrik Holst brought this change]

  misc: reduce strlen() calls with Curl_dyn_add()
  
  Use STRCONST() to switch from Curl_dyn_add() to Curl_dyn_addn() for
  string literals.
  
  Closes #8398

- http2: fix the array copy to nghttp2_nv
  
  Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44517
  Follow-up to 9f985a11e794
  Closes #8414

- RELEASE-NOTES: synced

- scripts/cijobs.pl: output data about all currect CI jobs
  
  This script parses the config files for all the CI services currently in
  use and output the information in a uniform way. The idea is that the
  output from this script should be possible to massage into informational
  tables or graphs to help us visualize what they are all testing and NOT
  testing.
  
  Closes #8408

- maketgz: return error if 'make dist' fails
  
  To better detect this problem in CI jobs
  
  Reported-by: Marcel Raad
  Bug: https://curl.se/mail/lib-2022-02/0070.html
  Closes #8402

- h2h3: pass correct argument types to infof()
  
  Detected by Coverity. CID 1497993
  
  Closes #8401

- lib/Makefile: remove config-tpf.h from the dist
  
  Follow-up from da15443dddea2bfb. Missed before because the 'distcheck'
  CI job was not working as intended.
  
  Reported-by: Marcel Raad
  Bug: https://curl.se/mail/lib-2022-02/0070.html
  Closes #8403

- configure: remove support for "embedded ares"
  
  In March 2010 (commit 4259d2df7dd) we removed the embedded 'ares'
  directory from the curl source tree but we have since supported
  especially detecting and using that build directory. The time has come
  to remove that kludge and ask users to specify the c-ares dir correctly
  with --enable-ares.
  
  Closes #8397

- [Sebastian Sterk brought this change]

  github/workflows/mbedtls: fix indent & remove unnecessary line breaks
  
  Closes #8399

- CI: move the NSS job from zuul to GHA
  
  Closes #8396

- tests/unit/Makefile.am: add NSS_LIBS to build with NSS fine
  
  Closes #8396

Marcel Raad (7 Feb 2022)
- curl-openssl: fix SRP check for OpenSSL 3.0
  
  When OpenSSL 3.0 is built with `--api=3.0` and `no-deprecated`, the SRP
  functions exist in the library, but are disabled for user code. Check
  if they are actually usable instead of only if they exist. Also, check
  for the functions actually required for TLS-SRP.
  
  TLS-SRP support is still enabled if OpenSSL is configured with just
  `--api=3.0` or with `--api=1.1.1 no-deprecated`.
  
  Closes https://github.com/curl/curl/pull/8394

Daniel Stenberg (7 Feb 2022)
- [Henrik Holst brought this change]

  http: make Curl_compareheader() take string length arguments too
  
  Also add STRCONST, a macro that returns a string literal and it's length
  for functions that take "string,len"
  
  Removes unnecesary calls to strlen().
  
  Closes #8391

- vquic/vquic.h: removed the unused H3 psuedo defines

- ngtcp2: use Curl_pseudo_headers

- quiche: use Curl_pseudo_headers

- http2: use Curl_pseudo_headers

- h2h3: added Curl_pseudo_headers()
  
  For use with both http2 and http3 requests.

- ngtcp2/quiche: make :scheme possible to set

- http2: allow CURLOPT_HTTPHEADER change ":scheme"
  
  The only h2 psuedo header that wasn't previously possible to change by a
  user. This change also makes it impossible to send a HTTP/1 header that
  starts with a colon, which I don't think anyone does anyway.
  
  The other pseudo headers are possible to change indirectly by doing the
  rightly crafted request.
  
  Reported-by: siddharthchhabrap on github
  Fixes #8381
  Closes #8393

- h2/h3: provide and refer to pseudo headers as defines
  
  ... and do sizeof() on the defines to use constants better.
  
  Closes #8389

- [Michał Antoniak brought this change]

  smb: passing a socket for writing and reading data instead of FIRSTSOCKET
  
  Closes #8383

- x509asn1: toggle off functions not needed for diff tls backends
  
  ... and clean the header file from private defines/structs (move to C
  file) and unused function prototypes.
  
  Closes #8386

- lib: move hostcheck and x509sn1 sources to vtls/
  
  ... since they are used strictly by TLS code.
  
  Closes #8386

Marcel Raad (4 Feb 2022)
- version_win32: fix warning for `CURL_WINDOWS_APP`
  
  The build version is not supported by the UWP code.
  
  Closes https://github.com/curl/curl/pull/8385

Daniel Stenberg (4 Feb 2022)
- tests/disable-scan.pl: properly detect multiple symbols per line
  
  Test 1165 would fail on some systems because it didn't detect
  CURL_DISABLE_* symbols that were used to the right of another one on the
  same line! The script would only detect and extract the first one.
  
  Reported-by: Marcel Raad
  Fixes #8384
  Closes #8388

Jay Satiro (4 Feb 2022)
- config.d: Clarify _curlrc filename is still valid on Windows
  
  Recent changes added support for filename .curlrc on Windows, and
  when it's not found curl falls back on the original Windows filename
  _curlrc. _curlrc was removed from the doc, however it is still valid.
  
  Closes https://github.com/curl/curl/pull/8382

Daniel Stenberg (4 Feb 2022)
- lib: remove support for CURL_DOES_CONVERSIONS
  
  TPF was the only user and support for that was dropped.
  
  Closes #8378

- TPF: drop support
  
  There has been no TPF related changes done since September 2010 (commit
  7e1a45e224e57) and since this is a platform that is relatively different
  than many others (== needs attention), I draw the conclusion that this
  build is broken since a long time.
  
  Closes #8378

- scripts/delta: check the file delta for current branch
  
  ... also polish the output style a little bit

Jay Satiro (3 Feb 2022)
- [Fabian Keil brought this change]

  runtests.pl: tolerate test directories without Makefile.inc
  
  Silences the following warnings when using a Makefile.inc-free
  TESTDIR using the "-o" argument:
  
     readline() on closed filehandle D at ./runtests.pl line 592.
     Use of uninitialized value $disttests in pattern match (m//) at
     ./runtests.pl line 3602.
  
  Closes https://github.com/curl/curl/pull/8379

Daniel Stenberg (3 Feb 2022)
- [Henrik Holst brought this change]

  setopt: do bounds-check before strdup
  
  Curl_setstropt() allocated memory for the string before checking if the
  string was within bounds. The bounds check should be done first.
  
  Closes #8377

- [Michał Antoniak brought this change]

  mbedtls: enable use of mbedtls without filesystem functions support
  
  Closes #8376

- [Bernhard Walle brought this change]

  configure: support specification of a nghttp2 library path
  
  This enables using --with-nghttp2=<dir> on systems without pkg-config.
  
  Closes #8375

- scripts/release-notes.pl: remove leftover debug output

- RELEASE-NOTES: synced

- scripts/release-notes.pl: fix number extraction for full URLs

- [Leah Neukirchen brought this change]

  scripts/completion.pl: improve zsh completion
  
  - Detect all spellings of <file>, <file name> etc as well as <path>.
  - Only complete directories for <dir>.
  - Complete URLs for <URL>.
  - Complete --request and --ftp-method.
  
  Closes #8363

- [Davide Cassioli brought this change]

  configure: use correct CFLAGS for threaded resolver with xlC on AIX
  
  Fixes #8276
  Closes #8374

- mailmap: Henrik Holst

Jay Satiro (2 Feb 2022)
- build: fix ngtcp2 crypto library detection
  
  - Change library link check for ngtcp2_crypto_{gnutls,openssl} to
    to use function ngtcp2_crypto_recv_client_initial_cb instead of
    ngtcp2_crypto_ctx_initial.
  
  The latter function is no longer external since two days ago in
  ngtcp2/ngtcp2@533451f. curl HTTP/3 CI builds have been failing since
  then because they would not link to the ngtcp2 crypto library.
  
  Ref: https://github.com/ngtcp2/ngtcp2/pull/356
  
  Closes https://github.com/curl/curl/pull/8372

- [Henrik Holst brought this change]

  urlapi: remove an unnecessary call to strlen
  
  - Use strcpy instead of strlen+memcpy to copy the url path.
  
  Ref: https://curl.se/mail/lib-2022-02/0006.html
  
  Closes https://github.com/curl/curl/pull/8370
