forked from curl/curl
-
Notifications
You must be signed in to change notification settings - Fork 0
/
RELEASE-NOTES
348 lines (334 loc) · 15.4 KB
/
RELEASE-NOTES
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
curl and libcurl 8.7.0
Public curl releases: 255
Command line options: 258
curl_easy_setopt() options: 304
Public functions in libcurl: 93
Contributors: 3120
This release includes the following changes:
o configure: add --disable-docs flag [16]
o CURLINFO_USED_PROXY: return bool whether the proxy was used [24]
o digest: support SHA-512/256 [118]
o DoH: add trace configuration [61]
o write-out: add '%{proxy_used}' [24]
This release includes the following bugfixes:
o ALTSVC.md: correct a typo [14]
o asyn-ares: fix data race warning [88]
o asyn-thread: use wakeup_close to close the read descriptor [1]
o badwords: use hostname, not host name [46]
o BINDINGS: add mcurl, the python binding [67]
o bufq: writing into a softlimit queue cannot be partial [49]
o c-hyper: add header collection writer in hyper builds [70]
o cd2nroff: gen: make `\>` in input to render as plain '>' in output
o cd2nroff: remove backticks from titles
o checksrc.pl: fix handling .checksrc with CRLF [43]
o cmake: add USE_OPENSSL_QUIC support [21]
o cmake: add warning for using TLS libraries without 1.3 support [25]
o cmake: enable `ENABLE_CURL_MANUAL` by default [112]
o cmake: fix `CURL_WINDOWS_SSPI=ON` with Schannel disabled [117]
o cmake: fix function description in comment [47]
o cmake: fix install for older CMake versions [53]
o cmake: fix libcurl.pc and curl-config library specifications [115]
o cmdline-docs/Makefile: avoid using a fixed temp file name [5]
o cmdline-docs: quote and angle bracket cleanup [45]
o cmdline-opts/_EXITCODES: sync with libcurl-errors [80]
o cmdline-opts/_VARIABLES.md: improve the description [105]
o cmdline-opts/_VERSION: provide %VERSION correctly [87]
o configure.ac: find libpsl with pkg-config [79]
o configure: add warning for using TLS libraries without 1.3 support [26]
o configure: build & install shell completions when enabled [85]
o configure: do not link with nghttp3 unless necessary [7]
o configure: Don't build shell completions when disabled [68]
o configure: Don't make shell completions without perl [83]
o connect.c: fix typo [17]
o CONTRIBUTE: update the section on documentation format [96]
o cookie.md: provide an example sending a fixed cookie [13]
o cookie: if psl fails, reject the cookie [107]
o curl: exit on config file parser errors [40]
o curl: make --libcurl output better CURLOPT_*SSLVERSION [127]
o curl: when allocating variables, add the name into the struct [37]
o curl_setup.h: add curl_uint64_t internal type
o curldown: fix email address in Copyright [89]
o CURLOPT_INTERFACE.md: remove spurious amp, add see-also [137]
o CURLOPT_POSTQUOTE.md: fix typo [36]
o CURLOPT_SSL_CTX_FUNCTION.md: no promises of lifetime after return [104]
o CURLOPT_WRITEFUNCTION.md: typo fix [41]
o digest: add check for hashing error [111]
o dist: make sure the http tests are in the tarball [29]
o docs: add missing slashes to SChannel client certificate documentation [11]
o docs: add necessary setup for nghttp3 [51]
o docs: ascii version of manpage without nroff [121]
o docs: dist curl*.1 and install without perl [64]
o docs: make curldown do angle brackets like markdown [54]
o docs: make sure curl.1 is included in dist tarballs [35]
o docs: update minimal binary size in INSTALL.md
o docs: use present tense [103]
o examples: use present tense in comments [97]
o file: use xfer buf for file:// transfers [23]
o fopen: fix narrowing conversion warning on 32-bit Android [100]
o form-string.md: correct the example [4]
o ftp: do lineend conversions in client writer [32]
o ftp: fix socket wait activity in ftp_domore_getsock [28]
o ftp: tracing improvements [33]
o ftp: treat a 226 arriving before data as a signal to read data [19]
o gen.pl: make the "manpageification" faster [95]
o gen: make `\>` in input to render as plain '>' in output [78]
o getparam: make --ftp-ssl work again [90]
o GHA/linux: add sysctl trick to work-around GitHub runner issue [129]
o GIT-INFO: convert to markdown [114]
o GOVERNANCE: document the core team [133]
o header.md: remove backslash, make nicer markdown [48]
o HTTP/2: write response directly [12]
o http2: fix push discard [124]
o http2: memory errors in the push callbacks are fatal [132]
o http2: minor tweaks to optimize two struct sizes [130]
o http2: push headers better cleanup [113]
o HTTP3.md: adjust the OpenSSL QUIC install instructions [34]
o http: better error message for HTTP/1.x response without status line [86]
o http: improve response header handling, save cpu cycles [138]
o http: move headers collecting to writer [71]
o http_chunks: fix the accounting of consumed bytes [22]
o http_chunks: remove unused 'endptr' variable [58]
o https-proxy: use IP address and cert with ip in alt names [50]
o hyper: implement unpausing via client reader [98]
o ipv6.md: mention IPv4 mapped addresses [147]
o KNOWN_BUGS: POP3 issue when reading small chunks [134]
o lib1598: fix `CURLOPT_POSTFIELDSIZE` usage [128]
o lib582: remove code causing warning that is never run [38]
o lib: add `void *ctx` to reader/writer instances [122]
o lib: convert Curl_get_line to use dynbuf [42]
o lib: Curl_read/Curl_write clarifications [101]
o lib: enhance client reader resume + rewind [92]
o lib: initialize output pointers to NULL before calling strto[ff,l,ul] [63]
o lib: keep conn IP information together [109]
o lib: move 'done' parameter to SingleRequests [142]
o lib: remove curl_mimepart object when CURL_DISABLE_MIME [72]
o libcurl-docs: cleanups
o libcurl-security.md: Active FTP passes on the local IP address [6]
o libssh/libssh2: return error on too big range [75]
o MANUAL.md: fix typo [66]
o mbedtls: fix building when MBEDTLS_X509_REMOVE_INFO flag is defined [27]
o mbedtls: fix pytest for newer versions [146]
o mbedtls: properly cleanup the thread-shared entropy [140]
o mbedtls: use mbedtls_ssl_conf_{min|max}_tls_version [59]
o md4: include strdup.h for the memdup proto [10]
o mime: add client reader [126]
o misc: fix typos in docs and lib [84]
o mkhelp: simplify the generated hugehelp program [120]
o mprintf: fix format prefix I32/I64 for windows compilers [77]
o multi: add xfer_buf to multi handle [30]
o multi: fix multi_sock handling of select_bits [81]
o multi: make add_handle free any multi_easy [102]
o ngtcp2: no recvbuf for stream [108]
o ntml_wb: fix buffer type typo [2]
o OpenSSL QUIC: adapt to v3.3.x [65]
o openssl-quic: check on Windows that socket conv to int is possible [8]
o openssl-quic: fix BIO leak and Windows warning [93]
o openssl-quic: fix unity build, casing, indentation [94]
o OS400: avoid using awk in the build scripts [20]
o paramhlp: fix CRLF-stripping files with "-d @file" [116]
o proxy1.0.md: fix example [15]
o pytest: adapt to API change [106]
o request: clarify message when request has been sent off [143]
o rustls: make curl compile with 0.12.0 [73]
o schannel: fix hang on unexpected server close [57]
o scripts: fix cijobs.pl for Azure and GHA
o sendf: ignore response body to HEAD [18]
o setopt: fix check for CURLOPT_PROXY_TLSAUTH_TYPE value [76]
o setopt: fix disabling all protocols [99]
o sha512_256: add support for GnuTLS and OpenSSL [110]
o smtp: fix STARTTLS [91]
o SPONSORS: describe the basics [131]
o strtoofft: fix the overflow check [74]
o test 1541: verify getinfo values on first header callback [149]
o test1165: improve pattern matching [60]
o tests: support setting/using blank content env variables
o TIMER_STARTTRANSFER: set the same for everyone [82]
o TLS: start shutdown only when peer did not already close [150]
o tool_cb_hdr: only parse etag + content-disposition for 2xx [9]
o tool_getparam: accept a blank -w "" [139]
o tool_getparam: handle non-existing (out of range) short-options [141]
o tool_operate: change precedence of server Retry-After time [44]
o tool_operate: do not set CURLOPT_QUICK_EXIT in debug builds [3]
o trace-config.md: remove the mutexed options list [119]
o transfer.c: break receive loop in speed limited transfers [125]
o transfer: improve Windows SO_SNDBUF update limit [56]
o urldata: move authneg bit from conn to Curl_easy [69]
o version: allow building with ancient libpsl [52]
o vquic-tls: fix the error code returned for bad CA file [135]
o vtls: fix tls proxy peer verification [55]
o vtls: revert "receive max buffer" + add test case [39]
o VULN-DISCLOSURE-POLICY.md: update detail about CVE requests [123]
o websocket: fix curl_ws_recv() [62]
o write-out.md: clarify error handling details [31]
This release includes the following known bugs:
o see docs/KNOWN_BUGS (https://curl.se/docs/knownbugs.html)
Planned upcoming removals include:
o support for space-separated NOPROXY patterns
See https://curl.se/dev/deprecate.html for details
This release would not have looked like this without help, code, reports and
advice from friends like these:
5533asdg on github, Andreas Kiefer, av223119 on github,
awesomekosm on github, Boris Verkhovskiy, Brett Buddin,
chensong1211 on github, Chris Webb, Dan Fandrich, Daniel Gustafsson,
Daniel Stenberg, Daniel Szmulewicz, DasKutti on github, dependabot[bot],
Dexter Gerig, dfdity on github, Dirk Hünniger, Dmitry Karpov,
Dmitry Tretyakov, edmcln on github, Erik Schnetter, Evgeny Grin (Karlson2k),
Fabian Vogt, Fabrice Fontaine, Faraz Fallahi, Geeknik Labs, Gisle Vanem,
Harry Sintonen, HsiehYuho on github, Jan Macku, Jiawen Geng, Jiří Bok,
Joel Depooter, Jon Rumsey, Jordan Brown, Josh Soref, Karthikdasari0423,
Karthikdasari0423 on github, Konstantin Vlasov, kpcyrd, Lars Kellogg-Stedman,
LeeRiva, Louis Solofrizzo, Lukáš Zaoral, Marcel Raad, Michael Forney,
Michael Kaufmann, Michał Antoniak, Nikita Taranov, Patrick Monnerat,
Paweł Witas, Pēteris Caune, Peter Krefting, RainRat, Ramiro Garcia,
Ray Satiro, Richard Levitte, Robert Moreton, Rudi Heitbaum,
Ryan Carsten Schmidt, Scott Mutter, Scott Talbert, Sebastian Neubauer,
Sergey Bronnikov, Simon K, Stefan Eissing, Tal Regev, Thomas Pyle,
Viktor Szakats, vulnerabilityspotter on hackerone
(70 contributors)
References to bug reports and discussions on issues:
[1] = https://curl.se/bug/?i=12836
[2] = https://curl.se/bug/?i=12825
[3] = https://curl.se/bug/?i=12834
[4] = https://curl.se/bug/?i=12822
[5] = https://curl.se/bug/?i=12829
[6] = https://curl.se/bug/?i=12867
[7] = https://curl.se/bug/?i=12833
[8] = https://curl.se/bug/?i=12861
[9] = https://curl.se/bug/?i=12866
[10] = https://curl.se/bug/?i=12849
[11] = https://curl.se/bug/?i=12854
[12] = https://curl.se/bug/?i=12828
[13] = https://curl.se/bug/?i=12868
[14] = https://curl.se/bug/?i=12852
[15] = https://curl.se/bug/?i=12856
[16] = https://curl.se/bug/?i=12832
[17] = https://curl.se/bug/?i=12858
[18] = https://curl.se/mail/lib-2024-02/0000.html
[19] = https://curl.se/bug/?i=12823
[20] = https://curl.se/bug/?i=12826
[21] = https://curl.se/bug/?i=13034
[22] = https://curl.se/bug/?i=12937
[23] = https://curl.se/bug/?i=12750
[24] = https://curl.se/bug/?i=12719
[25] = https://curl.se/bug/?i=12900
[26] = https://curl.se/bug/?i=12900
[27] = https://curl.se/bug/?i=12904
[28] = https://curl.se/bug/?i=12901
[29] = https://curl.se/bug/?i=12914
[30] = https://curl.se/bug/?i=12805
[31] = https://curl.se/bug/?i=12909
[32] = https://curl.se/bug/?i=12878
[33] = https://curl.se/bug/?i=12902
[34] = https://curl.se/bug/?i=12896
[35] = https://curl.se/bug/?i=12892
[36] = https://curl.se/bug/?i=12926
[37] = https://curl.se/bug/?i=12891
[38] = https://curl.se/bug/?i=12890
[39] = https://curl.se/bug/?i=12885
[40] = https://curl.se/mail/archive-2024-02/0008.html
[41] = https://curl.se/bug/?i=12889
[42] = https://curl.se/bug/?i=12846
[43] = https://curl.se/bug/?i=12924
[44] = https://curl.se/mail/archive-2024-01/0022.html
[45] = https://curl.se/bug/?i=12884
[46] = https://curl.se/bug/?i=12888
[47] = https://curl.se/bug/?i=12879
[48] = https://curl.se/bug/?i=12877
[49] = https://curl.se/bug/?i=13020
[50] = https://curl.se/bug/?i=12838
[51] = https://curl.se/bug/?i=12859
[52] = https://curl.se/mail/archive-2024-02/0004.html
[53] = https://curl.se/bug/?i=12920
[54] = https://curl.se/bug/?i=12869
[55] = https://curl.se/bug/?i=12831
[56] = https://curl.se/bug/?i=12911
[57] = https://curl.se/bug/?i=12894
[58] = https://curl.se/bug/?i=12996
[59] = https://curl.se/bug/?i=12905
[60] = https://curl.se/bug/?i=12903
[61] = https://curl.se/bug/?i=12411
[62] = https://curl.se/bug/?i=12945
[63] = https://curl.se/bug/?i=12995
[64] = https://curl.se/bug/?i=12921
[65] = https://curl.se/bug/?i=12933
[66] = https://curl.se/bug/?i=12965
[67] = https://curl.se/bug/?i=12962
[68] = https://curl.se/bug/?i=13027
[69] = https://curl.se/bug/?i=12949
[70] = https://curl.se/bug/?i=12880
[71] = https://curl.se/bug/?i=12880
[72] = https://curl.se/bug/?i=12948
[73] = https://curl.se/bug/?i=12989
[74] = https://curl.se/bug/?i=12990
[75] = https://curl.se/bug/?i=12983
[76] = https://curl.se/bug/?i=12981
[77] = https://curl.se/bug/?i=12944
[78] = https://curl.se/bug/?i=12977
[79] = https://curl.se/bug/?i=12947
[80] = https://curl.se/bug/?i=13015
[81] = https://curl.se/bug/?i=12971
[82] = https://curl.se/bug/?i=13052
[83] = https://curl.se/bug/?i=13022
[84] = https://curl.se/bug/?i=13019
[85] = https://curl.se/bug/?i=12906
[86] = https://curl.se/bug/?i=13045
[87] = https://curl.se/bug/?i=13008
[88] = https://curl.se/bug/?i=13065
[89] = https://curl.se/bug/?i=12997
[90] = https://curl.se/bug/?i=13006
[91] = https://curl.se/bug/?i=13048
[92] = https://curl.se/bug/?i=13026
[93] = https://curl.se/bug/?i=13043
[94] = https://curl.se/bug/?i=13044
[95] = https://curl.se/bug/?i=13041
[96] = https://curl.se/bug/?i=13046
[97] = https://curl.se/bug/?i=13003
[98] = https://curl.se/bug/?i=13075
[99] = https://curl.se/bug/?i=13004
[100] = https://curl.se/bug/?i=12998
[101] = https://curl.se/bug/?i=12964
[102] = https://curl.se/bug/?i=12992
[103] = https://curl.se/bug/?i=13001
[104] = https://curl.se/bug/?i=12999
[105] = https://curl.se/bug/?i=13040
[106] = https://curl.se/bug/?i=13037
[107] = https://curl.se/bug/?i=13033
[108] = https://curl.se/bug/?i=13073
[109] = https://curl.se/bug/?i=13084
[110] = https://curl.se/bug/?i=13070
[111] = https://curl.se/bug/?i=13072
[112] = https://curl.se/bug/?i=13028
[113] = https://curl.se/bug/?i=13054
[114] = https://curl.se/bug/?i=13074
[115] = https://curl.se/bug/?i=6169
[116] = https://curl.se/bug/?i=13063
[117] = https://curl.se/bug/?i=13061
[118] = https://curl.se/bug/?i=12897
[119] = https://curl.se/bug/?i=13031
[120] = https://curl.se/bug/?i=13047
[121] = https://curl.se/bug/?i=13047
[122] = https://curl.se/bug/?i=13035
[123] = https://curl.se/bug/?i=13088
[124] = https://curl.se/bug/?i=13055
[125] = https://curl.se/mail/lib-2024-03/0001.html
[126] = https://curl.se/bug/?i=13039
[127] = https://curl.se/bug/?i=13127
[128] = https://curl.se/bug/?i=13085
[129] = https://curl.se/bug/?i=13124
[130] = https://curl.se/bug/?i=13082
[131] = https://curl.se/bug/?i=13119
[132] = https://curl.se/bug/?i=13081
[133] = https://curl.se/bug/?i=13118
[134] = https://curl.se/bug/?i=12063
[135] = https://curl.se/bug/?i=13115
[137] = https://curl.se/bug/?i=13149
[138] = https://curl.se/bug/?i=13143
[139] = https://curl.se/bug/?i=13144
[140] = https://curl.se/bug/?i=11919
[141] = https://curl.se/bug/?i=13101
[142] = https://curl.se/bug/?i=13096
[143] = https://curl.se/bug/?i=13093
[146] = https://curl.se/bug/?i=13132
[147] = https://curl.se/bug/?i=13112
[149] = https://curl.se/bug/?i=13128
[150] = https://curl.se/bug/?i=10290