test977: reproduce ability to set cookie on TLD

When PSL is not enabled

scripts/contributors.sh: correct the copyright range

docs/RELEASE-PROCEDURE.md: refreshed and adjsuted the release dates

test379: verify --remove-on-error with --no-clobber

post_per_transfer: remove the updated file name

When --remove-on-error is used with --no-clobber, it might have an
updated file name to remove.

Bug: https://curl.se/docs/CVE-202

post_per_transfer: remove the updated file name

When --remove-on-error is used with --no-clobber, it might have an
updated file name to remove.

Bug: https://curl.se/docs/CVE-2022-27778.html

CVE-2022-27778

Reported-by: Harry Sintonen

Closes #8824

show more ...

hsts: ignore trailing dots when comparing hosts names

CVE-2022-30115

Reported-by: Axel Chong
Bug: https://curl.se/docs/CVE-2022-30115.html
Closes #8821

test440/441: verify HSTS with trailing dots

libtest/lib1560: verify the host name percent decode fix

urlapi: reject percent-decoding host name into separator bytes

CVE-2022-27780

Reported-by: Axel Chong
Bug: https://curl.se/docs/CVE-2022-27780.html
Closes #8826

nss: return error if seemingly stuck in a cert loop

CVE-2022-27781

Reported-by: Florian Kohnhäuser
Bug: https://curl.se/docs/CVE-2022-27781.html
Closes #8822

test412/413: verify alt-svc with trailing dots

altsvc: fix host name matching for trailing dots

Closes #8819

hyper: fix test 357

This change fixes the hyper API such that PUT requests that receive a
417 response can retry without the Expect header.

Closes #8811

sectransp: bail out if SSLSetPeerDomainName fails

Before the code would just warn about SSLSetPeerDomainName() errors.

Closes #8798

http_proxy/hyper: handle closed connections

Enable test 1021 for hyper builds.

Patched-by: Prithvi MK
Fixes #8700
Closes #8806

KNOWN_BUGS: timeout when reusing a http3 connection

Closes #8764

KNOWN_BUGS: configure --with-ca-fallback is not supported by h3

Closes #8696

Makefile: fix "make ca-firefox"

Closes #8804

tests: fix markdown formatting in README

The asterisk in the abbreviation *NIX (for UNIX/Linux) needs to be
escaped to not mean start of italic formatting. This is consistent
with do

tests: fix markdown formatting in README

The asterisk in the abbreviation *NIX (for UNIX/Linux) needs to be
escaped to not mean start of italic formatting. This is consistent
with docs/RELEASE-PROCEDURE.md.

Closes: #8802
Reviewed-by: Daniel Stenberg <daniel@haxx.se>

show more ...

TODO: expand on "Expose tried IP addresses that failed"

Ref: #8794

tests/server: declare variable 'reqlogfile' static

Silences the warning:

CC socksd-socksd.o
socksd.c:143:13: warning: no previous extern declaration for
no

tests/server: declare variable 'reqlogfile' static

Silences the warning:

CC socksd-socksd.o
socksd.c:143:13: warning: no previous extern declaration for
non-static variable 'reqlogfile' [-Wmissing-variable-declarations]
const char *reqlogfile = DEFAULT_REQFILE;
^
socksd.c:143:7: note: declare 'static' if the variable is not
intended to be used outside of this translation unit
const char *reqlogfile = DEFAULT_REQFILE;
^
1 warning generated.

... when compiling with clang 13.

Closes: #8799
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>

show more ...

HTTP-COOKIES: add missing CURLOPT_COOKIESESSION

Commit 980a47b42 added support for ignoring session cookies, but it
was never added to the documentation.

Closes: #8795
Revie

HTTP-COOKIES: add missing CURLOPT_COOKIESESSION

Commit 980a47b42 added support for ignoring session cookies, but it
was never added to the documentation.

Closes: #8795
Reviewed-by: Daniel Stenberg <daniel@haxx.se>

show more ...

docs/THANKS: remove name duplicate

.mailmap: update

Closes #8800

mbedtls: fix some error messages

Prior to this change some of the error messages misidentified the
function that failed.