forked from lwthiker/curl
-
Notifications
You must be signed in to change notification settings - Fork 2
/
RELEASE-NOTES
379 lines (365 loc) · 17 KB
/
RELEASE-NOTES
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
curl and libcurl 8.7.0
Public curl releases: 255
Command line options: 258
curl_easy_setopt() options: 304
Public functions in libcurl: 93
Contributors: 3134
This release includes the following changes:
o configure: add --disable-docs flag [16]
o CURLINFO_USED_PROXY: return bool whether the proxy was used [24]
o digest: support SHA-512/256 [118]
o DoH: add trace configuration [61]
o write-out: add '%{proxy_used}' [24]
This release includes the following bugfixes:
o ALTSVC.md: correct a typo [14]
o asyn-ares: fix data race warning [88]
o asyn-thread: use wakeup_close to close the read descriptor [1]
o badwords: use hostname, not host name [46]
o BINDINGS: add mcurl, the python binding [67]
o bufq: writing into a softlimit queue cannot be partial [49]
o c-hyper: add header collection writer in hyper builds [70]
o cd2nroff: gen: make `\>` in input to render as plain '>' in output
o cd2nroff: remove backticks from titles
o checksrc.pl: fix handling .checksrc with CRLF [43]
o cmake: add USE_OPENSSL_QUIC support [21]
o cmake: add warning for using TLS libraries without 1.3 support [25]
o cmake: enable `ENABLE_CURL_MANUAL` by default [112]
o cmake: fix `CURL_WINDOWS_SSPI=ON` with Schannel disabled [117]
o cmake: fix function description in comment [47]
o cmake: fix install for older CMake versions [53]
o cmake: fix libcurl.pc and curl-config library specifications [115]
o cmdline-docs/Makefile: avoid using a fixed temp file name [5]
o cmdline-docs: quote and angle bracket cleanup [45]
o cmdline-opts/_EXITCODES: sync with libcurl-errors [80]
o cmdline-opts/_VARIABLES.md: improve the description [105]
o cmdline-opts/_VERSION: provide %VERSION correctly [87]
o cmdline-opts: shorter help texts [148]
o configure: add pkg-config support to rustls detection [151]
o configure: add warning for using TLS libraries without 1.3 support [26]
o configure: build & install shell completions when enabled [85]
o configure: do not link with nghttp3 unless necessary [7]
o configure: Don't build shell completions when disabled [68]
o configure: Don't make shell completions without perl [83]
o configure: find libpsl with pkg-config [79]
o connect.c: fix typo [17]
o CONTRIBUTE: update the section on documentation format [96]
o cookie.md: provide an example sending a fixed cookie [13]
o cookie: if psl fails, reject the cookie [107]
o curl: exit on config file parser errors [40]
o curl: make --libcurl output better CURLOPT_*SSLVERSION [127]
o curl: when allocating variables, add the name into the struct [37]
o curl_setup.h: add curl_uint64_t internal type
o curldown: fix email address in Copyright [89]
o CURLMOPT_MAX*: mention what happens if changed mid-transfer [154]
o CURLOPT_INTERFACE.md: remove spurious amp, add see-also [137]
o CURLOPT_POSTQUOTE.md: fix typo [36]
o CURLOPT_SSL_CTX_FUNCTION.md: no promises of lifetime after return [104]
o CURLOPT_WRITEFUNCTION.md: typo fix [41]
o digest: add check for hashing error [111]
o dist: make sure the http tests are in the tarball [29]
o DISTROS: add document with distro pointers [144]
o docs/libcurl: add TLS backend info for all TLS options [155]
o docs/libcurl: generate PROTOCOLS from meta-data [153]
o docs: add missing slashes to SChannel client certificate documentation [11]
o docs: add necessary setup for nghttp3 [51]
o docs: ascii version of manpage without nroff [121]
o docs: dist curl*.1 and install without perl [64]
o docs: make curldown do angle brackets like markdown [54]
o docs: make each libcurl man specify protocol(s) [157]
o docs: make sure curl.1 is included in dist tarballs [35]
o docs: update minimal binary size in INSTALL.md
o docs: use present tense [103]
o examples: use present tense in comments [97]
o file: use xfer buf for file:// transfers [23]
o fopen: fix narrowing conversion warning on 32-bit Android [100]
o form-string.md: correct the example [4]
o ftp: do lineend conversions in client writer [32]
o ftp: fix socket wait activity in ftp_domore_getsock [28]
o ftp: tracing improvements [33]
o ftp: treat a 226 arriving before data as a signal to read data [19]
o gen.pl: make the "manpageification" faster [95]
o gen: make `\>` in input to render as plain '>' in output [78]
o getparam: make --ftp-ssl work again [90]
o GHA/linux: add sysctl trick to work-around GitHub runner issue [129]
o GIT-INFO: convert to markdown [114]
o GOVERNANCE: document the core team [133]
o header.md: remove backslash, make nicer markdown [48]
o HTTP/2: write response directly [12]
o http2, http3: return CURLE_PARTIAL_FILE when bytes were received [160]
o http2: fix push discard [124]
o http2: memory errors in the push callbacks are fatal [132]
o http2: minor tweaks to optimize two struct sizes [130]
o http2: push headers better cleanup [113]
o http2: remove the third (unused) argument from http2_data_done() [159]
o HTTP3.md: adjust the OpenSSL QUIC install instructions [34]
o http: better error message for HTTP/1.x response without status line [86]
o http: improve response header handling, save cpu cycles [138]
o http: move headers collecting to writer [71]
o http: remove stale comment about rewindbeforesend [136]
o http: separate response parsing from response action [158]
o http_chunks: fix the accounting of consumed bytes [22]
o http_chunks: remove unused 'endptr' variable [58]
o https-proxy: use IP address and cert with ip in alt names [50]
o hyper: implement unpausing via client reader [98]
o ipv6.md: mention IPv4 mapped addresses [147]
o KNOWN_BUGS: POP3 issue when reading small chunks [134]
o lib1598: fix `CURLOPT_POSTFIELDSIZE` usage [128]
o lib582: remove code causing warning that is never run [38]
o lib: add `void *ctx` to reader/writer instances [122]
o lib: convert Curl_get_line to use dynbuf [42]
o lib: Curl_read/Curl_write clarifications [101]
o lib: enhance client reader resume + rewind [92]
o lib: initialize output pointers to NULL before calling strto[ff,l,ul] [63]
o lib: keep conn IP information together [109]
o lib: move 'done' parameter to SingleRequests [142]
o lib: remove curl_mimepart object when CURL_DISABLE_MIME [72]
o libcurl-docs: cleanups
o libcurl-security.md: Active FTP passes on the local IP address [6]
o libssh/libssh2: return error on too big range [75]
o MANUAL.md: fix typo [66]
o mbedtls: fix building when MBEDTLS_X509_REMOVE_INFO flag is defined [27]
o mbedtls: fix pytest for newer versions [146]
o mbedtls: properly cleanup the thread-shared entropy [140]
o mbedtls: use mbedtls_ssl_conf_{min|max}_tls_version [59]
o md4: include strdup.h for the memdup proto [10]
o mime: add client reader [126]
o misc: fix typos in docs and lib [84]
o mkhelp: simplify the generated hugehelp program [120]
o mprintf: fix format prefix I32/I64 for windows compilers [77]
o multi: add xfer_buf to multi handle [30]
o multi: fix multi_sock handling of select_bits [81]
o multi: make add_handle free any multi_easy [102]
o ngtcp2: no recvbuf for stream [108]
o ntml_wb: fix buffer type typo [2]
o OpenSSL QUIC: adapt to v3.3.x [65]
o openssl-quic: check on Windows that socket conv to int is possible [8]
o openssl-quic: fix BIO leak and Windows warning [93]
o openssl-quic: fix unity build, casing, indentation [94]
o OS400: avoid using awk in the build scripts [20]
o paramhlp: fix CRLF-stripping files with "-d @file" [116]
o proxy1.0.md: fix example [15]
o pytest: adapt to API change [106]
o request: clarify message when request has been sent off [143]
o rustls: make curl compile with 0.12.0 [73]
o schannel: fix hang on unexpected server close [57]
o scripts: fix cijobs.pl for Azure and GHA
o sendf: ignore response body to HEAD [18]
o setopt: fix check for CURLOPT_PROXY_TLSAUTH_TYPE value [76]
o setopt: fix disabling all protocols [99]
o sha512_256: add support for GnuTLS and OpenSSL [110]
o smtp: fix STARTTLS [91]
o SPONSORS: describe the basics [131]
o strtoofft: fix the overflow check [74]
o test 1541: verify getinfo values on first header callback [149]
o test1165: improve pattern matching [60]
o tests: support setting/using blank content env variables
o TIMER_STARTTRANSFER: set the same for everyone [82]
o TLS: start shutdown only when peer did not already close [150]
o TODO: update 13.11 with more information [152]
o tool_cb_hdr: only parse etag + content-disposition for 2xx [9]
o tool_getparam: accept a blank -w "" [139]
o tool_getparam: handle non-existing (out of range) short-options [141]
o tool_operate: change precedence of server Retry-After time [44]
o tool_operate: do not set CURLOPT_QUICK_EXIT in debug builds [3]
o trace-config.md: remove the mutexed options list [119]
o transfer.c: break receive loop in speed limited transfers [125]
o transfer: improve Windows SO_SNDBUF update limit [56]
o urldata: move authneg bit from conn to Curl_easy [69]
o version: allow building with ancient libpsl [52]
o vquic-tls: fix the error code returned for bad CA file [135]
o vtls: fix tls proxy peer verification [55]
o vtls: revert "receive max buffer" + add test case [39]
o VULN-DISCLOSURE-POLICY.md: update detail about CVE requests [123]
o websocket: fix curl_ws_recv() [62]
o wolfSSL: do not call the stub function wolfSSL_BIO_set_init() [145]
o write-out.md: clarify error handling details [31]
This release includes the following known bugs:
o see docs/KNOWN_BUGS (https://curl.se/docs/knownbugs.html)
Planned upcoming removals include:
o support for space-separated NOPROXY patterns
See https://curl.se/dev/deprecate.html for details
This release would not have looked like this without help, code, reports and
advice from friends like these:
5533asdg on github, Alan Coopersmith, Andreas Kiefer, Andrew Kaster,
Andy Fiddaman, Arjan van de Ven, av223119 on github, awesomekosm on github,
Boris Verkhovskiy, Brett Buddin, Brian Clemens, chensong1211 on github,
Chris Webb, chrysos349 on github, Dan Fandrich, Daniel Gustafsson,
Daniel Stenberg, Daniel Szmulewicz, Dan McDonald, DasKutti on github,
dependabot[bot], Dexter Gerig, dfdity on github, Dirk Hünniger,
Dmitry Karpov, Dmitry Tretyakov, edmcln on github, Erik Schnetter,
Evgeny Grin (Karlson2k), Fabian Keil, Fabian Vogt, Fabrice Fontaine,
Faraz Fallahi, Gaelan Steele, Geeknik Labs, Gisle Vanem, graywolf on github,
Harry Sintonen, HsiehYuho on github, Jan Macku, Jiawen Geng, Jiří Bok,
Joel Depooter, John Marshall, Jonathan Perkin, Jon Rumsey, Jordan Brown,
Josh Soref, Karthikdasari0423, Karthikdasari0423 on github, Kevin Daudt,
Konstantin Vlasov, kpcyrd, Lars Kellogg-Stedman, LeeRiva, Louis Solofrizzo,
Lukáš Zaoral, Marcel Raad, Marcus Müller, Matt Jolly, Michael Forney,
Michael Kaufmann, Michał Antoniak, Michał Górny, Mohammadreza Hendiani,
Nikita Taranov, Outvi V, Patrick Monnerat, Paweł Witas, Pēteris Caune,
Peter Krefting, RainRat, Ramiro Garcia, Ray Satiro, Richard Levitte,
Robert Moreton, Ross Burton, Rudi Heitbaum, Ryan Carsten Schmidt,
Scott Mutter, Scott Talbert, Sean Molenaar, Sebastian Neubauer,
Sergey Bronnikov, Simon K, Stefan Eissing, Tal Regev, Thomas Pyle,
Till Wegmüller, Viktor Szakats, vulnerabilityspotter on hackerone,
Winni Neessen
(92 contributors)
References to bug reports and discussions on issues:
[1] = https://curl.se/bug/?i=12836
[2] = https://curl.se/bug/?i=12825
[3] = https://curl.se/bug/?i=12834
[4] = https://curl.se/bug/?i=12822
[5] = https://curl.se/bug/?i=12829
[6] = https://curl.se/bug/?i=12867
[7] = https://curl.se/bug/?i=12833
[8] = https://curl.se/bug/?i=12861
[9] = https://curl.se/bug/?i=12866
[10] = https://curl.se/bug/?i=12849
[11] = https://curl.se/bug/?i=12854
[12] = https://curl.se/bug/?i=12828
[13] = https://curl.se/bug/?i=12868
[14] = https://curl.se/bug/?i=12852
[15] = https://curl.se/bug/?i=12856
[16] = https://curl.se/bug/?i=12832
[17] = https://curl.se/bug/?i=12858
[18] = https://curl.se/mail/lib-2024-02/0000.html
[19] = https://curl.se/bug/?i=12823
[20] = https://curl.se/bug/?i=12826
[21] = https://curl.se/bug/?i=13034
[22] = https://curl.se/bug/?i=12937
[23] = https://curl.se/bug/?i=12750
[24] = https://curl.se/bug/?i=12719
[25] = https://curl.se/bug/?i=12900
[26] = https://curl.se/bug/?i=12900
[27] = https://curl.se/bug/?i=12904
[28] = https://curl.se/bug/?i=12901
[29] = https://curl.se/bug/?i=12914
[30] = https://curl.se/bug/?i=12805
[31] = https://curl.se/bug/?i=12909
[32] = https://curl.se/bug/?i=12878
[33] = https://curl.se/bug/?i=12902
[34] = https://curl.se/bug/?i=12896
[35] = https://curl.se/bug/?i=12892
[36] = https://curl.se/bug/?i=12926
[37] = https://curl.se/bug/?i=12891
[38] = https://curl.se/bug/?i=12890
[39] = https://curl.se/bug/?i=12885
[40] = https://curl.se/mail/archive-2024-02/0008.html
[41] = https://curl.se/bug/?i=12889
[42] = https://curl.se/bug/?i=12846
[43] = https://curl.se/bug/?i=12924
[44] = https://curl.se/mail/archive-2024-01/0022.html
[45] = https://curl.se/bug/?i=12884
[46] = https://curl.se/bug/?i=12888
[47] = https://curl.se/bug/?i=12879
[48] = https://curl.se/bug/?i=12877
[49] = https://curl.se/bug/?i=13020
[50] = https://curl.se/bug/?i=12838
[51] = https://curl.se/bug/?i=12859
[52] = https://curl.se/mail/archive-2024-02/0004.html
[53] = https://curl.se/bug/?i=12920
[54] = https://curl.se/bug/?i=12869
[55] = https://curl.se/bug/?i=12831
[56] = https://curl.se/bug/?i=12911
[57] = https://curl.se/bug/?i=12894
[58] = https://curl.se/bug/?i=12996
[59] = https://curl.se/bug/?i=12905
[60] = https://curl.se/bug/?i=12903
[61] = https://curl.se/bug/?i=12411
[62] = https://curl.se/bug/?i=12945
[63] = https://curl.se/bug/?i=12995
[64] = https://curl.se/bug/?i=12921
[65] = https://curl.se/bug/?i=12933
[66] = https://curl.se/bug/?i=12965
[67] = https://curl.se/bug/?i=12962
[68] = https://curl.se/bug/?i=13027
[69] = https://curl.se/bug/?i=12949
[70] = https://curl.se/bug/?i=12880
[71] = https://curl.se/bug/?i=12880
[72] = https://curl.se/bug/?i=12948
[73] = https://curl.se/bug/?i=12989
[74] = https://curl.se/bug/?i=12990
[75] = https://curl.se/bug/?i=12983
[76] = https://curl.se/bug/?i=12981
[77] = https://curl.se/bug/?i=12944
[78] = https://curl.se/bug/?i=12977
[79] = https://curl.se/bug/?i=12947
[80] = https://curl.se/bug/?i=13015
[81] = https://curl.se/bug/?i=12971
[82] = https://curl.se/bug/?i=13052
[83] = https://curl.se/bug/?i=13022
[84] = https://curl.se/bug/?i=13019
[85] = https://curl.se/bug/?i=12906
[86] = https://curl.se/bug/?i=13045
[87] = https://curl.se/bug/?i=13008
[88] = https://curl.se/bug/?i=13065
[89] = https://curl.se/bug/?i=12997
[90] = https://curl.se/bug/?i=13006
[91] = https://curl.se/bug/?i=13048
[92] = https://curl.se/bug/?i=13026
[93] = https://curl.se/bug/?i=13043
[94] = https://curl.se/bug/?i=13044
[95] = https://curl.se/bug/?i=13041
[96] = https://curl.se/bug/?i=13046
[97] = https://curl.se/bug/?i=13003
[98] = https://curl.se/bug/?i=13075
[99] = https://curl.se/bug/?i=13004
[100] = https://curl.se/bug/?i=12998
[101] = https://curl.se/bug/?i=12964
[102] = https://curl.se/bug/?i=12992
[103] = https://curl.se/bug/?i=13001
[104] = https://curl.se/bug/?i=12999
[105] = https://curl.se/bug/?i=13040
[106] = https://curl.se/bug/?i=13037
[107] = https://curl.se/bug/?i=13033
[108] = https://curl.se/bug/?i=13073
[109] = https://curl.se/bug/?i=13084
[110] = https://curl.se/bug/?i=13070
[111] = https://curl.se/bug/?i=13072
[112] = https://curl.se/bug/?i=13028
[113] = https://curl.se/bug/?i=13054
[114] = https://curl.se/bug/?i=13074
[115] = https://curl.se/bug/?i=6169
[116] = https://curl.se/bug/?i=13063
[117] = https://curl.se/bug/?i=13061
[118] = https://curl.se/bug/?i=12897
[119] = https://curl.se/bug/?i=13031
[120] = https://curl.se/bug/?i=13047
[121] = https://curl.se/bug/?i=13047
[122] = https://curl.se/bug/?i=13035
[123] = https://curl.se/bug/?i=13088
[124] = https://curl.se/bug/?i=13055
[125] = https://curl.se/mail/lib-2024-03/0001.html
[126] = https://curl.se/bug/?i=13039
[127] = https://curl.se/bug/?i=13127
[128] = https://curl.se/bug/?i=13085
[129] = https://curl.se/bug/?i=13124
[130] = https://curl.se/bug/?i=13082
[131] = https://curl.se/bug/?i=13119
[132] = https://curl.se/bug/?i=13081
[133] = https://curl.se/bug/?i=13118
[134] = https://curl.se/bug/?i=12063
[135] = https://curl.se/bug/?i=13115
[136] = https://curl.se/bug/?i=13187
[137] = https://curl.se/bug/?i=13149
[138] = https://curl.se/bug/?i=13143
[139] = https://curl.se/bug/?i=13144
[140] = https://curl.se/bug/?i=11919
[141] = https://curl.se/bug/?i=13101
[142] = https://curl.se/bug/?i=13096
[143] = https://curl.se/bug/?i=13093
[144] = https://curl.se/bug/?i=13178
[145] = https://curl.se/bug/?i=13164
[146] = https://curl.se/bug/?i=13132
[147] = https://curl.se/bug/?i=13112
[148] = https://curl.se/bug/?i=13169
[149] = https://curl.se/bug/?i=13128
[150] = https://curl.se/bug/?i=10290
[151] = https://curl.se/bug/?i=13179
[152] = https://curl.se/bug/?i=13173
[153] = https://curl.se/bug/?i=13175
[154] = https://curl.se/bug/?i=13176
[155] = https://curl.se/bug/?i=13168
[157] = https://curl.se/bug/?i=13166
[158] = https://curl.se/bug/?i=13134
[159] = https://curl.se/bug/?i=13154
[160] = https://curl.se/bug/?i=13151