1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
|
curl and libcurl 7.87.1
Public curl releases: 213
Command line options: 250
curl_easy_setopt() options: 302
Public functions in libcurl: 91
Contributors: 2806
This release includes the following changes:
o curl.h: add CURL_HTTP_VERSION_3ONLY [82]
o share: add sharing of HSTS cache among handles [7]
o src: add --http3-only [81]
o tool_operate: share HSTS between handles
o urlapi: add CURLU_PUNYCODE [25]
This release includes the following bugfixes:
o cf-socket: fix build when not HAVE_GETPEERNAME [89]
o cf-socket: keep sockaddr local in the socket filters [69]
o cfilters:Curl_conn_get_select_socks: use the first non-connected filter [24]
o CI: add a workflow to automatically label pull requests [102]
o CI: add pytest GHA to CI test/tests-httpd on a HTTP/3 setup [109]
o cmake: bump requirement to 3.7 [23]
o cmake: check for sendmsg [39]
o cmake: delete redundant macro definition `SECURITY_WIN32` [91]
o cmake: fix the snprintf detection [5]
o cmake: remove deprecated symbols check [96]
o cmake: set SOVERSION also for macOS [68]
o cmake: use list APPEND syntax for CMAKE_REQUIRED_DEFINITIONS [94]
o CODEOWNERS: remove the peeps mentioned as CI owners [128]
o connect: fix access of pointer before NULL check [83]
o connect: fix build when not ENABLE_IPV6 [88]
o connect: fix strategy testing for attempts, timeouts and happy-eyeball [110]
o connections: introduce http/3 happy eyeballs [127]
o cookies: fp is always not NULL [104]
o copyright.pl: cease doing year verifications [74]
o copyright: update all copyright lines and remove year ranges [35]
o curl.h: allow up to 10M buffer size [76]
o curl.h: mark CURLSSLBACKEND_MESALINK as deprecated [52]
o curl: output warning at --verbose output for debug-enabled version [80]
o curl_free.3: fix return type of `curl_free` [113]
o curl_global_sslset.3: clarify the openssl situation [53]
o curl_log: for failf/infof and debug logging implementations [87]
o curl_version_info.3: fix typo [100]
o curl_ws_send.3: clarify how to send multi-frame messages
o CURLOPT_HEADERDATA.3: warn DLL users must set write function [45]
o CURLOPT_READFUNCTION.3: the callback 'size' arg is always 1 [73]
o CURLOPT_WRITEFUNCTION.3: fix memory leak in example [122]
o dict: URL decode the entire path always [120]
o docs/DEPRECATE.md: deprecate gskit [36]
o docs: add link to GitHub Discussions [49]
o docs: mention indirect effects of --insecure [19]
o docs: POSTFIELDSIZE must be set to -1 with read function [97]
o doh: ifdef IPv6 code [123]
o easyoptions: fix header printing in generation script [84]
o escape: hex decode with a lookup-table [107]
o escape: use table lookup when adding %-codes to output [105]
o examples: remove the curlgtk.c example [48]
o fopen: remove unnecessary assignment [111]
o ftpserver: lower the DATA connect timeout to speed up torture tests [27]
o GHA/macos.yml: bump to gcc-12 [106]
o GHA/macos: use Xcode_14.0.1 for cmake builds [132]
o GHA: add job on Slackware 15.0 [58]
o GHA: move the quiche job here from zuul [75]
o GHA: use designated ngtcp2 and its dependencies versions [77]
o haxproxy: send before TLS handhshake [34]
o hsts.d: explain hsts more [78]
o hsts: handle adding the same host name again
o http2: fix compiler warning due to uninitialized variable
o http2: when using printf %.*s, the length arg must be 'int' [41]
o HTTP3: mention what needs to be in place to remove EXPERIMENTAL label [31]
o http: add additional condition for including stdint.h [54]
o http: decode transfer encoding first [51]
o http: fix "part of conditional expression is always false" [125]
o http: remove the trace message "Mark bundle... multiuse" [6]
o http_aws_sigv4: remove typecasts from HMAC_SHA256 macro [121]
o http_proxy: do not assign data->req.p.http use local copy [59]
o INSTALL: document how to use multiple TLS backends [103]
o lib670: make test.h the first include [56]
o lib: connect/h2/h3 refactor [57]
o lib: fix typos [99]
o lib: fix typos in comments which repeat a word [67]
o libssh2: try sha2 algos for hostkey methods [2]
o libtest: add a sleep macro for Windows [115]
o Linux CI: update some dependecies to latest tag [44]
o Makefile.mk: fix wolfssl and mbedtls default paths [21]
o man pages: call the custom user pointer 'clientp' consistently [135]
o md4: fix build with GnuTLS + OpenSSL v1 [12]
o misc: fix grammar and spelling [14]
o misc: fix spelling [134]
o misc: reduce struct and struct field sizes [65]
o msh3: add support for request payload [28]
o msh3: update to v0.5 Release [17]
o msh3: update to v0.6 [60]
o multihandle: turn bool struct fields into bits [26]
o ngtcp2: add CURLOPT_SSL_CTX_FUNCTION support for openssl+wolfssl [62]
o ngtcp2: fix the build without 'sendmsg' [38]
o noproxy: support for space-separated names is deprecated [66]
o nss: implement data_pending method [43]
o openssl: adapt to boringssl's error code type [118]
o openssl: don't ignore CA paths when using Windows CA store (redux) [101]
o openssl: don't log raw record headers [93]
o openssl: make the BIO_METHOD a local variable in the connection filter [79]
o openssl: only use CA_BLOB if verifying peer [112]
o openssl: remove attached easy handles from SSL instances [29]
o os400: fixes to make-lib.sh and initscript.sh [71]
o packages: remove Android, update README [108]
o release-notes.pl: check fixes/closes lines better
o Revert "x509asn1: avoid freeing unallocated pointers" [37]
o runtest.pl: add expected fourth return value [40]
o runtests: also tear down http2/http3 servers when https server is stopped [8]
o runtests: consider warnings fatal and error on them [32]
o runtests: fix detection of TLS backends [50]
o runtests: make 'mbedtls' a testable feature
o scripts: fix Appveyor job detection in cijobs.pl
o scripts: set file mode +x on all perl and shell scripts [63]
o sectransp: fix for incomplete read/writes [61]
o SECURITY-PROCESS.md: document severity levels [20]
o setopt: move the SHA256 opt within #ifdef libssh2 [42]
o setopt: use >, not >=, when checking if uarg is larger than uint-max [140]
o socketpair: allow localhost MITM sniffers [30]
o strdup: name it Curl_strdup [16]
o system.h: assume OS400 is always built with ILEC compiler [95]
o test1560: use a UTF8-using locale when run [46]
o tests-httpd: basic infra to run curl against an apache httpd [72]
o tests: add 3 new HTTP/2 test cases, plus https: support for nghttpx [9]
o tests: avoid use of sha1 in certificates [4]
o tls: fixes for wolfssl + openssl combo builds [133]
o tool_getparam: fix hiding of command line secrets [85]
o tool_operate: fix `CURLOPT_SOCKS5_GSSAPI_NEC` type [1]
o tool_operate: fix error codes during DOS filename sanitize [138]
o tool_operate: fix error codes on bad URL & OOM [139]
o tool_operate: fix headerfile writing [64]
o tool_operate: repair --rate [119]
o transfer: break the read loop when RECV is cleared [22]
o typecheck: accept expressions for option/info parameters [3]
o url: fix part of conditional expression is always true [147]
o urlapi: avoid Curl_dyn_addf() for hex outputs [130]
o urlapi: fix part of conditional expression is always true: qlen [146]
o urlapi: skip path checks if path is just "/" [131]
o urlapi: skip the extra dedotdot alloc if no dot in path [126]
o urldata: cease storing TLS auth type [55]
o urldata: make 'ftp_create_missing_dirs' depend on FTP || SFTP [13]
o urldata: make set.http200aliases conditional on HTTP being present [11]
o urldata: move the cookefilelist to the 'set' struct [15]
o urldata: remove unused struct fields, made more conditional [10]
o vtls: fix hostname handling in filters [98]
o vtls: manage current easy handle in nested cfilter calls [90]
o vtls: use ALPN HTTP/1.0 when HTTP/1.0 is used
o winbuild: document that arm64 is supported [92]
o wolfssl: remove deprecated post-quantum algorithms [124]
o workflows/linux.yml: merge 3 common packages [18]
o write-out.d: add 'since version' to %{header_json} documentation [129]
o write-out.d: clarify Windows % symbol escaping [86]
o writeout: add %{certs} and %{num_certs} [33]
o ws: fix autoping handling [70]
o ws: fix multiframe send handling [143]
o ws: remove bad assert [117]
o ws: unstick connect-only shutdown [116]
o x509asn1: fix compile errors and warnings [47]
o zuul: stop using this CI service [114]
This release includes the following known bugs:
o see docs/KNOWN_BUGS (https://curl.se/docs/knownbugs.html)
Planned upcoming removals include:
o gskit
o NSS
o Support for systems without 64 bit data types
See https://curl.se/dev/deprecate.html for details
This release would not have looked like this without help, code, reports and
advice from friends like these:
Alexey Savchuk, Andrei Rybak, Andy Alt, Anthony Hu, Brian Green,
Cameron Blomquist, Dan Fandrich, Daniel Gustafsson, Daniel Stenberg,
dekerser on github, Divy Le Ray, Esdras de Morais da Silva, Fujii Hironori,
Gerrit Renker, Gisle Vanem, Hannah Schierling, Harry Sintonen, Hide Ishikawa,
highmtworks on github, Jakob Hirsch, John Bampton, John Porter,
John Sherrill, Jon Rumsey, Josh Brobst, Kvarec Lezki, Marc Aldorasi,
Marcel Raad, Mark Roszko, Martin D'Aloia, Martin Waleczek, Michael Osipov,
Mike Duglas, Muhammad Hussein Ammari, Nick Banks, nick-telia on github,
norbertmm on github, odek86 on github, Patrick Monnerat, Paul Groke,
Paul Howarth, Peter Wu, Philip Heiduck, Pronyushkin Petr, Radek Brich,
Radu Hociung, RanBarLavie on github, Ray Satiro, Ryan Schmidt,
Sébastien Helleu, Sergey Bronnikov, Sergio-IME on github,
sergio-nsk on github, SerusDev on github, Stanley Wucw, Stefan Eissing,
Stefan Talpalaru, Stephan Guilloux, Tatsuhiro Tsujikawa,
Thomas1664 on github, Thomas Klausner, Timmy Schierling, Viktor Szakats,
violetlige on github, William Tang, Yurii Rashkovskii
(66 contributors)
References to bug reports and discussions on issues:
[1] = https://curl.se/bug/?i=10124
[2] = https://curl.se/bug/?i=10143
[3] = https://curl.se/bug/?i=10148
[4] = https://curl.se/bug/?i=10135
[5] = https://curl.se/bug/?i=10155
[6] = https://curl.se/bug/?i=10159
[7] = https://curl.se/bug/?i=10138
[8] = https://curl.se/bug/?i=10114
[9] = https://curl.se/bug/?i=10114
[10] = https://curl.se/bug/?i=10147
[11] = https://curl.se/bug/?i=10140
[12] = https://curl.se/bug/?i=10110
[13] = https://curl.se/bug/?i=10139
[14] = https://curl.se/bug/?i=10137
[15] = https://curl.se/bug/?i=10133
[16] = https://curl.se/bug/?i=10132
[17] = https://curl.se/bug/?i=10125
[18] = https://curl.se/bug/?i=10071
[19] = https://curl.se/bug/?i=10126
[20] = https://curl.se/bug/?i=10118
[21] = https://curl.se/bug/?i=10164
[22] = https://curl.se/bug/?i=10172
[23] = https://curl.se/bug/?i=10128
[24] = https://curl.se/bug/?i=10157
[25] = https://curl.se/bug/?i=10109
[26] = https://curl.se/bug/?i=10179
[27] = https://curl.se/bug/?i=10178
[28] = https://curl.se/bug/?i=10136
[29] = https://curl.se/bug/?i=10151
[30] = https://curl.se/bug/?i=10144
[31] = https://curl.se/bug/?i=10168
[32] = https://curl.se/bug/?i=10208
[33] = https://curl.se/bug/?i=10019
[34] = https://curl.se/bug/?i=10165
[35] = https://curl.se/bug/?i=10205
[36] = https://curl.se/bug/?i=10201
[37] = https://curl.se/bug/?i=10163
[38] = https://curl.se/bug/?i=10210
[39] = https://curl.se/bug/?i=10211
[40] = https://curl.se/bug/?i=10206
[41] = https://curl.se/bug/?i=10203
[42] = https://curl.se/bug/?i=10255
[43] = https://curl.se/bug/?i=10225
[44] = https://curl.se/bug/?i=10195
[45] = https://curl.se/bug/?i=10233
[46] = https://curl.se/bug/?i=10193
[47] = https://curl.se/bug/?i=10238
[48] = https://curl.se/bug/?i=10197
[49] = https://curl.se/bug/?i=10171
[50] = https://curl.se/bug/?i=10236
[51] = https://curl.se/bug/?i=10187
[52] = https://curl.se/bug/?i=10189
[53] = https://curl.se/bug/?i=10188
[54] = https://curl.se/bug/?i=10185
[55] = https://curl.se/bug/?i=10181
[56] = https://curl.se/bug/?i=10182
[57] = https://curl.se/bug/?i=10141
[58] = https://curl.se/bug/?i=10230
[59] = https://curl.se/bug/?i=10194
[60] = https://curl.se/bug/?i=10192
[61] = https://curl.se/bug/?i=10227
[62] = https://curl.se/bug/?i=10222
[63] = https://curl.se/bug/?i=10219
[64] = https://curl.se/bug/?i=10224
[65] = https://curl.se/bug/?i=10186
[66] = https://curl.se/bug/?i=10209
[67] = https://curl.se/bug/?i=10220
[68] = https://curl.se/bug/?i=10214
[69] = https://curl.se/bug/?i=10213
[70] = https://curl.se/bug/?i=10289
[71] = https://curl.se/bug/?i=10266
[72] = https://curl.se/bug/?i=10175
[73] = https://curl.se/bug/?i=10328
[74] = https://curl.se/bug/?i=10345
[75] = https://curl.se/bug/?i=10241
[76] = https://curl.se/bug/?i=10256
[77] = https://curl.se/bug/?i=10257
[78] = https://curl.se/bug/?i=10258
[79] = https://curl.se/bug/?i=10285
[80] = https://curl.se/bug/?i=10278
[81] = https://curl.se/bug/?i=10264
[82] = https://curl.se/bug/?i=10264
[83] = https://curl.se/bug/?i=10284
[84] = https://curl.se/bug/?i=10275
[85] = https://curl.se/bug/?i=10276
[86] = https://curl.se/bug/?i=10323
[87] = https://curl.se/bug/?i=10271
[88] = https://curl.se/bug/?i=10344
[89] = https://curl.se/bug/?i=10343
[90] = https://curl.se/bug/?i=10336
[91] = https://curl.se/bug/?i=10341
[92] = https://curl.se/bug/?i=10332
[93] = https://curl.se/bug/?i=10299
[94] = https://curl.se/bug/?i=10272
[95] = https://curl.se/bug/?i=10305
[96] = https://curl.se/bug/?i=10314
[97] = https://curl.se/bug/?i=10313
[98] = https://curl.se/bug/?i=10273
[99] = https://curl.se/bug/?i=10307
[100] = https://curl.se/bug/?i=10306
[101] = https://curl.se/bug/?i=10244
[102] = https://curl.se/bug/?i=10326
[103] = https://curl.se/bug/?i=10321
[104] = https://curl.se/bug/?i=10383
[105] = https://curl.se/bug/?i=10377
[106] = https://curl.se/bug/?i=10415
[107] = https://curl.se/bug/?i=10376
[108] = https://curl.se/bug/?i=10416
[109] = https://curl.se/bug/?i=10317
[110] = https://curl.se/bug/?i=10312
[111] = https://curl.se/bug/?i=10398
[112] = https://curl.se/mail/lib-2023-01/0070.html
[113] = https://curl.se/bug/?i=10373
[114] = https://curl.se/bug/?i=10368
[115] = https://curl.se/bug/?i=10295
[116] = https://curl.se/bug/?i=10366
[117] = https://curl.se/bug/?i=10347
[118] = https://curl.se/bug/?i=10360
[119] = https://curl.se/bug/?i=10357
[120] = https://curl.se/bug/?i=10298
[121] = https://curl.se/bug/?i=10400
[122] = https://curl.se/bug/?i=10390
[123] = https://curl.se/bug/?i=10397
[124] = https://curl.se/bug/?i=10440
[125] = https://curl.se/bug/?i=10399
[126] = https://curl.se/bug/?i=10403
[127] = https://curl.se/bug/?i=10349
[128] = https://curl.se/bug/?i=10386
[129] = https://curl.se/bug/?i=10395
[130] = https://curl.se/bug/?i=10384
[131] = https://curl.se/bug/?i=10385
[132] = https://curl.se/bug/?i=10356
[133] = https://curl.se/bug/?i=10322
[134] = https://curl.se/bug/?i=10437
[135] = https://curl.se/bug/?i=10434
[138] = https://curl.se/bug/?i=10414
[139] = https://curl.se/bug/?i=10130
[140] = https://curl.se/bug/?i=10421
[143] = https://curl.se/bug/?i=10413
[146] = https://curl.se/bug/?i=10408
[147] = https://curl.se/bug/?i=10407
|
