#acl PaulHowarth:read,write,admin,revert,delete All:read

=== Monday 20th March 2023 ===

==== Local Packages ====

 * Updated `curl` to 8.0.0:
  * build: Remove support for `curl_off_t` < 8 bytes
  * `.cirrus.yml`: Bump to FreeBSD 13.2
  * `aws_sigv4`: Fall back to `UNSIGNED-PAYLOAD` for `sign_as_s3`
  * `BINDINGS`: Add Fortran binding
  * build: Drop the use of `XC_AMEND_DISTCLEAN`
  * build: Fix `stdint`/`inttypes` detection with non-autotools
  * cf-socket: Fix handling of remote addr for accepted tcp sockets
  * cf-socket: If socket is already connected, return `CURLE_OK`
  * cf-socket: Use port 80 when resolving name for local bind
  * CI: Don't run CI jobs if only another CI was changed
  * CI: Update `ngtcp2` and `nghttp2` for `pytest`
  * cmake: Delete unused `HAVE__STRTOI64`
  * cmake: Fix enabling LDAPS on Windows
  * cmake: Skip CA-path/bundle auto-detection in cross-builds
  * `connect`: Fix `time_connect` and `time_appconnect` timer statistics
  * cookie: Don't load cookies again when flushing
  * cookie: Parse without `sscanf()`
  * `curl.h`: Require `gcc` 12.1 for the deprecation magic
  * `curl`: Make `-w`'s `%{stderr}` use the file set with `--stderr`
  * `curl_path`: Create the new path with `dynbuf` ([[CVE:2023-27534|CVE-2023-27534]])
  * `CURLOPT_PIPEWAIT`: Allow waited reuse also for subsequent connections
  * `CURLOPT_PROXY.3`: `curl`+`NSS` does not handle HTTPS over unix domain socket
  * `CURLSHOPT_SHARE.3`: HSTS sharing is not thread-safe ([[CVE:2023-27537|CVE-2023-27537]])
  * `DEPRECATE`: The original legacy mingw version 1
  * doc: Fix compiler warning in `libcurl.m4`
  * `docs/cmdline-opts`: Mark all global options
  * `docs/SECURITY-PROCESS.md`: Updates
  * docs: Extend the URL API descriptions
  * docs: Note '`--data-urlencode`' option
  * `DYNBUF.md`: Note `Curl_dyn_add*` calls `Curl_dyn_free` on failure
  * `easy`: Remove `infof()` debug leftover from `curl_easy_recv`
  * `examples/http3.c`: Use `CURL_HTTP_VERSION_3`
  * ftp: Active mode with SSL, add the filter
  * ftp: Add more conditions for connection reuse ([[CVE:2023-27535|CVE-2023-27535]])
  * ftp: Allocate the wildcard struct on demand
  * ftp: Make the `EPSV` response parser not use `sscanf`
  * ftp: Replace `sscanf` for `MDTM` `213` response parsing
  * ftp: Replace `sscanf` for `PASV` parsing
  * `gssapi`: Align '`gss_OID_desc`' to silence `ld` warnings on macOS ventura
  * headers: Make `curl_easy_header` and `nextheader` return different buffers
  * `hostip`: Avoid `sscanf` and extra buffer copies
  * http2: Fix error handling during parallel operations
  * http2: Fix for http2-prior-knowledge when reusing connections
  * http2: Fix handling of `RST` and `GOAWAY` to recognize partial transfers
  * http2: Fix upload busy loop
  * http: Don't send `100-continue` for short `PUT` requests
  * http: Fix unix domain socket use in https connects
  * http: Rewrite the status line parser without `sscanf`
  * `http_proxy`: Parse the status line without `sscanf`
  * `idn`: Return error if the conversion ends up with a blank host
  * krb5: Avoid `sscanf` for parsing
  * `lib1560`: Test parsing URLs with ridiculously large fields
  * `lib2305`: Deal with `CURLE_AGAIN`
  * `lib517`: Verify time stamps without leading zeroes plus some more
  * `lib`: Silence `clang`/`gcc -Wvla` warnings in `brotli` headers
  * `lib`: Skip `Curl_llist_destroy` calls
  * `libcurl-errors.3`: Add the `CURLHcode` errors from `curl_easy_header.3`
  * `libssh2`: Only set the memory callbacks when debugging
  * `libssh2`: Remove unused variable from `libssh2`'s struct
  * `libssh`: Use `dynbuf` instead of `realloc`
  * `Makefile.mk`: Delete redundant '`HAVE_LDAP_SSL`' macro
  * `Makefile.mk`: Fix `-g` option in debug mode
  * `mqtt`: On `send` error, return error
  * `multi`: Make `multi_perform` ignore/unignore signals less often
  * `multi`: Remove `PENDING` + `MSGSENT` handles from the main linked list
  * `ngtcp2-gnutls.yml`: Bump to `gnutls` 3.8.0
  * `ngtcp2`: Fix unwanted `close` of file descriptor 0
  * page-footer: Add explanation for three missing exit codes
  * `parsedate`: Parse strings without using `sscanf()`
  * `parsedate`: Replace `sscanf()` for time stamp parsing
  * `quic`/`schannel`: Fix compiler warnings
  * `rand`: Use `arc4random` as fallback when available
  * `rate.d`: Single URLs make no sense in `--rate` example
  * `RELEASE-PROCEDURE.md`: Update coming release dates
  * rtsp: Avoid `sscanf` for parsing
  * `runtests`: Use a hash table for server port numbers
  * `sectransp`: Fix compiler warning c89 mixed code/declaration
  * `sectransp`: Make `read_cert()` use a `dynbuf` when loading
  * `secure-transport`: Fix `recv` return code handling
  * `select`: Stop treating `POLLRDBAND` as an error
  * `setopt`: Move the `CURLOPT_CHUNK_DATA` pointer to the `set` struct
  * `socket`: Detect "dead" connections better, e.g. not fit for reuse
  * `src`: Silence `wmain()` warning for all build methods
  * telnet: Only accept option arguments in ascii ([[CVE:2023-27533|CVE-2023-27533]])
  * telnet: Parse `NEW_ENVIRON` without `sscanf`
  * telnet: Parse telnet options without `sscanf`
  * telnet: Parse the `WS=` argument without `sscanf`
  * `test1470`: Test socks proxy using unix sockets and connect to https
  * `test1960`: Verify `CURL_SOCKOPT_ALREADY_CONNECTED`
  * `test2600`: Detect when `ALARM_TIMEOUT` is in use and adjust
  * `test422`: Verify `--next` used without a prior URL
  * `tests/http`: Add `pytest` to GHA and improve tests
  * tests: Add '`cookies`' features
  * tests: Add `timeout`, `SLOWDOWN` and `DELAY` keywords to tests
  * tests: Fix `gnutls-serv` check
  * tests: Fix MSVC unreachable code warnings in unit tests
  * tests: Hack to build most unit tests under `cmake`
  * tests: HTTP server fix-ups
  * tests: Keep `cmake` unit tests names in sync
  * tests: Make `CPPFLAGS` common to all unit tests
  * tests: Make `first.c` the same for both `lib` tests and `unit` tests
  * tests: Support for `imaps`/`pop3s`/`smtps` protocols
  * tests: Sync option lists in `runtests.pl` and its man page
  * tests: Test secure mail protocols with explicit SSL requests
  * tests: Use `AM_CPPFILES` to modify flags in unit tests
  * tests: Use dynamic ports numbers in `pytest` suite
  * tool: Dump headers even if file is write-only
  * tool: Improve `--stderr` handling
  * `tool_getparam`: Don't add a new node for just `--no-remote-name`
  * `tool_getparam`: Error if `--next` is used without a prior URL
  * `tool_operate`: Avoid `fclose(NULL)` on bad header dump file
  * `tool_operate`: Propagate error codes for missing URL after `--next`
  * `tool_progress`: Shut off progress meter for `--silent` in parallel
  * `tool_writeout_json`: Fix the output for duplicate header names
  * transfer: Limit Windows `SO_SNDBUF` updates to once a second
  * url: Fix cookielist memleak when `curl_easy_reset`
  * url: Fix logic in connection reuse to deny reuse on "unclean" connections
  * url: Fix the SSH connection reuse check ([[CVE:2023-27538|CVE-2023-27538]])
  * url: Only reuse connections with same GSS delegation ([[CVE:2023-27536|CVE-2023-27536]])
  * url: Remove dummy protocol handler
  * urlapi: '`%`' is illegal in host names
  * urlapi: Avoid mutating internals in getter routine
  * urlapi: Parse IPv6 literals without `ENABLE_IPV6`
  * urlapi: Take `const` args in `_dup` and `_get` functions
  * wildcard: Remove files and move functions into `ftplistparser.c`
  * winbuild: Fix makefile clean
  * wolfssl: Add `quic`/`ngtcp2` detection in `cmake`, and fix builds
  * wolfSSL: Resurrect the BIO '`io_result`'
  * ws: Keep the socket non-blocking
  * `x509asn1.c`: Use correct format specifier for `infof()` call
  * `x509asn1`: Use plain `%x`, not `%lx`, when the arg is an `int`
 * Updated `curl` to 8.0.1:
  * Revert "multi: remove `PENDING` + `MSGSENT` handles"

----