-
Notifications
You must be signed in to change notification settings - Fork 12
/
RELEASE-NOTES
201 lines (185 loc) · 8.76 KB
/
RELEASE-NOTES
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
curl and libcurl 8.11.1
Public curl releases: 263
Command line options: 266
curl_easy_setopt() options: 306
Public functions in libcurl: 94
Contributors: 3298
This release includes the following changes:
This release includes the following bugfixes:
o build: fix ECH to always enable HTTPS RR [35]
o build: fix MSVC UWP builds [32]
o build: omit certain deps from `libcurl.pc` unless found via `pkg-config` [27]
o build: use `_fseeki64()` on Windows, drop detections [41]
o cmake: do not echo most inherited `LDFLAGS` to config files [55]
o cmake: drop cmake args list from `buildinfo.txt` [8]
o cmake: include `wolfssl/options.h` first [53]
o cmake: remove legacy unused IMMEDIATE keyword [21]
o cmake: restore cmake args list in `buildinfo.txt` [26]
o cmake: set `CURL_STATICLIB` for static lib when `SHARE_LIB_OBJECT=OFF` [64]
o cmake: sync GSS config code with other deps [28]
o cmake: typo in comment
o cmake: work around `ios.toolchain.cmake` breaking feature-detections [37]
o cmakelint: fix to check root `CMakeLists.txt` [36]
o cmdline/ech.md: formatting cleanups [13]
o configure: add FIXMEs for disabled pkg-config references
o configure: do not echo most inherited `LDFLAGS` to config files [31]
o configure: replace `$#` shell syntax [25]
o cookie: treat cookie name case sensitively [4]
o curl-rustls.m4: keep existing `CPPFLAGS`/`LDFLAGS` when detected [40]
o curl.h: mark two error codes as obsolete [19]
o curl: --continue-at is mutually exclusive with --no-clobber [51]
o curl: --continue-at is mutually exclusive with --range [61]
o curl: --continue-at is mutually exclusive with --remove-on-error [50]
o curl: --test-duphandle in debug builds runs "duphandled" [6]
o curl: do more command line parsing in sub functions [71]
o curl: rename struct var to fix AIX build [24]
o curl: use realtime in trace timestamps [52]
o curl_multi_socket_all.md: soften the deprecation warning [56]
o CURLOPT_PREREQFUNCTION.md: add result code on failure [23]
o digest: produce a shorter cnonce in Digest headers [70]
o DISTROS: update Alt Linux links
o dmaketgz: use --no-cache when building docker image [66]
o docs: bring back ALTSVC.md and HSTS.md [76]
o docs: document default `User-Agent` [57]
o docs: suggest --ssl-reqd instead of --ftp-ssl [62]
o duphandle: also init netrc [3]
o ECH: enable support for the AWS-LC backend [5]
o hostip: don't use the resolver for FQDN localhost [45]
o http_negotiate: allow for a one byte larger channel binding buffer [63]
o http_proxy: move dynhds_add_custom here from http.c [18]
o KNOWN_BUGS: setting a disabled option should return CURLE_NOT_BUILT_IN [74]
o krb5: fix socket/sockindex confusion, MSVC compiler warnings [22]
o lib: fixes for wolfSSL OPENSSL_COEXIST [73]
o libssh: use libssh sftp_aio to upload file [47]
o libssh: when using IPv6 numerical address, add brackets [43]
o macos: disable gcc `availability` workaround as needed [7]
o mbedtls: call psa_crypt_init() in global init [2]
o mime: fix reader stall on small read lengths [65]
o mk-ca-bundle: remove CKA_NSS_SERVER_DISTRUST_AFTER conditions [39]
o mprintf: fix the integer overflow checks [44]
o multi: add clarifying comment for wakeup_write() [9]
o multi: fix callback for `CURLMOPT_TIMERFUNCTION` not being called again when... [48]
o netrc: address several netrc parser flaws [17]
o netrc: support large file, longer lines, longer tokens [14]
o nghttp2: use custom memory functions [1]
o OpenSSL: improvde error message on expired certificate [59]
o openssl: remove three "Useless Assignments" [72]
o openssl: stop using SSL_CTX_ function prefix for our functions [20]
o os400: Fix IBMi builds [33]
o os400: Fix IBMi EBCDIC conversion of arguments [34]
o pytest: add test for use of CURLMOPT_MAX_HOST_CONNECTIONS [60]
o rtsp: check EOS in the RTSP receive and return an error code [49]
o schannel: remove TLS 1.3 ciphersuite-list support [54]
o setopt: fix CURLOPT_HTTP_CONTENT_DECODING [15]
o setopt: fix missing options for builds without HTTP & MQTT [10]
o show-headers.md: clarify the headers are saved with the data [58]
o socket: handle binding to "host!<ip>" [16]
o socketpair: fix enabling `USE_EVENTFD` [30]
o strtok: use namespaced `strtok_r` macro instead of redefining it [29]
o tests: add the ending time stamp in testcurl.pl
o tests: re-enable 2086, and 472, 1299, 1613 for Windows [38]
o TODO: consider OCSP stapling by default [11]
o tool_formparse: remove use of sscanf() [68]
o tool_getparam: parse --localport without using sscanf [67]
o tool_getpass: fix UWP `-Wnull-dereference` [46]
o tool_getpass: replace `getch()` call with `_getch()` on Windows [42]
o tool_urlglob: parse character globbing range without sscanf [69]
o vtls: fix compile warning when ALPN is not available [12]
This release includes the following known bugs:
See docs/KNOWN_BUGS (https://curl.se/docs/knownbugs.html)
For all changes ever done in curl:
See https://curl.se/changes.html
Planned upcoming removals include:
o TLS libraries not supporting TLS 1.3
See https://curl.se/dev/deprecate.html for details
This release would not have looked like this without help, code, reports and
advice from friends like these:
Alexis Savin, Andrew Ayer, Andrew Kirillov, Andy Fiddaman, Ben Greear,
Bo Anderson, Brendon Smith, chemodax, Dan Fandrich, Daniel Engberg,
Daniel Pouzzner, Daniel Stenberg, Dan Rosser, delogicsreal on github,
dengjfzh on github, Ethan Everett, Florian Eckert, galen11 on github,
Harmen Stoppels, Harry Sintonen, henrikjehgmti on github, hiimmat on github,
Jacob Champion, Jeroen Ooms, Jesus Malo Poyatos, jethrogb on github,
Kai Pastor, Logan Buth, Maarten Billemont, marcos-ng on github, Moritz,
newfunction on hackerone, Nicolas F., Peter Kokot, Peter Marko, Ray Satiro,
renovate[bot], Samuel Henrique, Stefan Eissing, SuperStormer on github,
Tal Regev, Thomas, tinyboxvk, tkzv on github, tranzystorekk on github,
Viktor Szakats, Vladislavs Sokurenko, wxiaoguang on github, Wyatt O'Day,
xiaofeng, Yoshimasa Ohno
(51 contributors)
References to bug reports and discussions on issues:
[1] = https://curl.se/bug/?i=15527
[2] = https://curl.se/bug/?i=15500
[3] = https://curl.se/bug/?i=15496
[4] = https://curl.se/bug/?i=15492
[5] = https://curl.se/bug/?i=15499
[6] = https://curl.se/bug/?i=15504
[7] = https://curl.se/bug/?i=15508
[8] = https://curl.se/bug/?i=15501
[9] = https://curl.se/bug/?i=15600
[10] = https://curl.se/bug/?i=15634
[11] = https://curl.se/bug/?i=15483
[12] = https://curl.se/bug/?i=15515
[13] = https://curl.se/bug/?i=15506
[14] = https://curl.se/bug/?i=15513
[15] = https://curl.se/bug/?i=15511
[16] = https://curl.se/bug/?i=15553
[17] = https://curl.se/bug/?i=15586
[18] = https://curl.se/bug/?i=15672
[19] = https://curl.se/bug/?i=15538
[20] = https://curl.se/bug/?i=15673
[21] = https://curl.se/bug/?i=15661
[22] = https://curl.se/bug/?i=15585
[23] = https://curl.se/bug/?i=15542
[24] = https://curl.se/bug/?i=15580
[25] = https://curl.se/bug/?i=15584
[26] = https://curl.se/bug/?i=15563
[27] = https://curl.se/bug/?i=15469
[28] = https://curl.se/bug/?i=15545
[29] = https://curl.se/bug/?i=15549
[30] = https://curl.se/bug/?i=15561
[31] = https://curl.se/bug/?i=15533
[32] = https://curl.se/bug/?i=15657
[33] = https://curl.se/bug/?i=15566
[34] = https://curl.se/bug/?i=15570
[35] = https://curl.se/bug/?i=15648
[36] = https://curl.se/bug/?i=15565
[37] = https://curl.se/bug/?i=15557
[38] = https://curl.se/bug/?i=15644
[39] = https://curl.se/bug/?i=15547
[40] = https://curl.se/bug/?i=15546
[41] = https://curl.se/bug/?i=15525
[42] = https://curl.se/bug/?i=15642
[43] = https://curl.se/bug/?i=15522
[44] = https://curl.se/bug/?i=15699
[45] = https://curl.se/bug/?i=15676
[46] = https://curl.se/bug/?i=15638
[47] = https://curl.se/bug/?i=15625
[48] = https://curl.se/bug/?i=15627
[49] = https://curl.se/bug/?i=15624
[50] = https://curl.se/bug/?i=15645
[51] = https://curl.se/bug/?i=15645
[52] = https://curl.se/bug/?i=15614
[53] = https://curl.se/bug/?i=15620
[54] = https://hackerone.com/reports/2792484
[55] = https://curl.se/bug/?i=15617
[56] = https://curl.se/mail/lib-2024-11/0029.html
[57] = https://curl.se/bug/?i=15608
[58] = https://curl.se/bug/?i=15605
[59] = https://curl.se/bug/?i=15612
[60] = https://curl.se/bug/?i=15494
[61] = https://curl.se/bug/?i=15646
[62] = https://curl.se/bug/?i=15658
[63] = https://curl.se/bug/?i=15685
[64] = https://curl.se/bug/?i=15695
[65] = https://curl.se/bug/?i=15688
[66] = https://curl.se/bug/?i=15689
[67] = https://curl.se/bug/?i=15681
[68] = https://curl.se/bug/?i=15683
[69] = https://curl.se/bug/?i=15682
[70] = https://curl.se/bug/?i=15653
[71] = https://curl.se/bug/?i=15680
[72] = https://curl.se/bug/?i=15679
[73] = https://curl.se/bug/?i=15650
[74] = https://curl.se/bug/?i=15472
[76] = https://curl.se/bug/?i=15705