| curl and libcurl 7.87.0 |
| |
| Public curl releases: 212 |
| Command line options: 249 |
| curl_easy_setopt() options: 302 |
| Public functions in libcurl: 91 |
| Contributors: 2771 |
| |
| This release includes the following changes: |
| |
| o curl: add --url-query [52] |
| o CURLOPT_QUICK_EXIT: don't wait for DNS thread on exit [75] |
| o lib: add CURL_WRITEFUNC_ERROR to signal write callback error [47] |
| o openssl: reduce CA certificate bundle reparsing by caching [11] |
| o version: add a feature names array to curl_version_info_data [67] |
| |
| This release includes the following bugfixes: |
| |
| o altsvc: fix rejection of negative port numbers [144] |
| o aws_sigv4: consult x-%s-content-sha256 for payload hash [102] |
| o aws_sigv4: fix typos in aws_sigv4.c [101] |
| o base64: better alloc size [124] |
| o base64: encode without using snprintf [123] |
| o base64: faster base64 decoding [120] |
| o build: assume assert.h is always available [111] |
| o build: assume errno.h is always available [110] |
| o c-hyper: CONNECT respones are not server responses [137] |
| o c-hyper: fix multi-request mechanism [115] |
| o CI: Change FreeBSD image from 12.3 to 12.4 [108] |
| o CI: LGTM.com will be shut down in December 2022 [112] |
| o ci: Remove zuul fuzzing job as it's superseded by CIFuzz |
| o cmake: check for cross-compile, not for toolchain [54] |
| o CMake: fix build with `CURL_USE_GSSAPI` [78] |
| o cmake: really enable warnings with clang [25] |
| o cmake: set the soname on the shared library [140] |
| o cmdline-opts/gen.pl: fix the linkifier [64] |
| o cmdline-opts/page-footer: remove long option nroff formatting |
| o config-mac: define HAVE_SYS_IOCTL_H [107] |
| o config-mac: fix typo: size_T -> size_t [125] |
| o config-mac: remove HAVE_SYS_SELECT_H [116] |
| o config-win32: fix SIZEOF_OFF_T for MSVC and old MinGW [41] |
| o configure: require fork for NTLM-WB [36] |
| o contributors.sh: actually use $CURLWWW instead of just setting it [129] |
| o cookie: compare cookie prefixes case insensitively [14] |
| o cookie: expire cookies at once when max-age is negative [45] |
| o cookie: open cookie jar as a binary file [89] |
| o curl-openssl.m4: do not add $prefix/include/openssl to CPPFLAGS [90] |
| o curl-rustls.m4: on macOS, rustls also needs the Security framework [44] |
| o curl.h: include <sys/select.h> on SerenityOS [104] |
| o curl.h: name all public function parameters [118] |
| o curl.h: reword comment to not use deprecated option [132] |
| o curl: override the numeric locale and set "C" by force [60] |
| o curl: timeout in the read callback [15] |
| o curl_endian: remove Curl_write64_le from header [81] |
| o curl_get_line: allow last line without newline char [88] |
| o curl_path: do not add '/' if homedir ends with one [4] |
| o curl_url_get.3: remove spurious backtick [127] |
| o curl_url_set.3: document CURLU_DISALLOW_USER [139] |
| o curl_url_set.3: fix typo [148] |
| o CURLMOPT_SOCKETFUNCTION.3: clarify CURL_POLL_REMOVE [1] |
| o CURLOPT_COOKIEFILE.3: advice => advise [131] |
| o CURLOPT_DEBUGFUNCTION.3: do not assume nul-termination in example [31] |
| o CURLOPT_DEBUGFUNCTION.3: emphasize that incoming data is "raw" [130] |
| o CURLOPT_POST.3: Explain setting to 0 changes request type [61] |
| o docs/curl_ws_send: Fixed typo in websocket docs [114] |
| o docs/EARLY-RELEASE.md: how to determine an early release [37] |
| o docs/examples: spell correction ('Retrieve') [119] |
| o docs/INSTALL.md: expand on static builds [62] |
| o docs/WEBSOCKET.md: explain the URL use [71] |
| o docs: add missing parameters for --retry flag [2] |
| o docs: add more "SEE ALSO" links to CA related pages [82] |
| o docs: explain the noproxy CIDR notation support [17] |
| o docs: extend the dump-header documentation [150] |
| o docs: remove performance note in CURLOPT_SSL_VERIFYPEER [13] |
| o examples/10-at-a-time: fix possible skipped final transfers [85] |
| o examples: update descriptions [83] |
| o ftp: support growing files with CURLOPT_IGNORE_CONTENT_LENGTH [96] |
| o gen.pl: do not generate CURLHELP bitmask lines > 79 characters [10] |
| o GHA: clarify workflows permissions, set least possible privilege [79] |
| o GHA: NSS use clang instead of clang-9 [103] |
| o gnutls: use common gnutls init and verify code for ngtcp2 [98] |
| o headers: add endif comments [51] |
| o HTTP-COOKIES.md: mention that http://localhost is a secure context [76] |
| o HTTP-COOKIES.md: update the 6265bis link to draft-11 [70] |
| o http: do not send PROXY more than once [46] |
| o http: fix the ::1 comparison for IPv6 localhost for cookies [155] |
| o http: set 'this_is_a_follow' in the Location: logic [40] |
| o http: use the IDN decoded name in HSTS checks [154] |
| o hyper: classify headers as CONNECT and 1XX [56] |
| o hyper: fix handling of hyper_task's when reusing the same address [33] |
| o idn: remove Curl_win32_ascii_to_idn [153] |
| o INSTALL: update operating systems and CPU archs [91] |
| o KNOWN_BUGS: remove eight entries [50] |
| o lib1560: add some basic IDN host name tests [151] |
| o lib: connection filters (cfilter) addition to curl: [43] |
| o lib: feature deprecation warnings in gcc >= 4.3 [58] |
| o lib: fix some type mismatches and remove unneeded typecasts [12] |
| o lib: parse numbers with fixed known base 10 [77] |
| o lib: remove bad set.opt_no_body assignments [42] |
| o lib: rewind BEFORE request instead of AFTER previous [65] |
| o lib: sync guard for Curl_getaddrinfo_ex() definition and use [6] |
| o lib: use size_t or int etc instead of longs [145] |
| o libcurl-errors.3: remove duplicate word [3] |
| o libssh2: return error when ssh_hostkeyfunc returns error [121] |
| o limit-rate.d: see also --rate |
| o log2changes.pl: wrap long lines at 80 columns [59] |
| o Makefile.mk: address minor issues [87] |
| o Makefile.mk: improve a GNU Make hack [122] |
| o Makefile.mk: portable Makefile.m32 [86] |
| o maketgz: set the right version in lib/libcurl.plist [53] |
| o mime: relax easy/mime structures binding [94] |
| o misc: Fix incorrect spelling [113] |
| o misc: remove duplicated include files [28] |
| o misc: typo and grammar fixes [23] |
| o negtelnetserver.py: have it call its close() method [68] |
| o netrc.d: provide mutext info [63] |
| o netware: remove leftover traces [80] |
| o noproxy: also match with adjacent comma [19] |
| o noproxy: guard against empty hostnames in noproxy check [136] |
| o noproxy: tailmatch like in 7.85.0 and earlier [35] |
| o nroff-scan.pl: detect double highlights |
| o ntlm: improve comment for encrypt_des [55] |
| o ntlm: silence ubsan warning about copying from null target_info pointer [69] |
| o openssl/mbedtls: use %d for outputing port with failf (int) [72] |
| o openssl: prefix errors with '[lib]/[version]: ' [105] |
| o os400: use platform socklen_t in Curl_getnameinfo_a [18] |
| o page-header: grammar improvement (display transfer rate) [126] |
| o proxy: refactor haproxy protocol handling as connection filter [57] |
| o README.md: remove badges and xmas-tree garnish [9] |
| o rtsp: fix RTSP auth [49] |
| o runtests: --no-debuginfod now disables DEBUGINFOD_URLS [100] |
| o runtests: do CRLF replacements per section only [97] |
| o scripts/checksrc.pl: detect duplicated include files [29] |
| o sendf: change Curl_read_plain to wrap Curl_recv_plain [48] |
| o sendf: remove unnecessary if condition [26] |
| o setup: do not require __MRC__ defined for Mac OS 9 builds [117] |
| o smb/telnet: do not free the protocol struct in *_done() [152] |
| o socks: fix username max size is 255 (0xFF) [146] |
| o spellcheck.words: remove 'github' as an accepted word [22] |
| o ssl-reqd.d: clarify that this is for upgrading connections only [138] |
| o strcase: use curl_str(n)equal for case insensitive matches [8] |
| o styled-output.d: this option does not work on Windows [93] |
| o system.h: fix socklen_t, curl_off_t, long long for Classic Mac OS [133] |
| o system.h: support 64-bit curl_off_t for NonStop 32-bit [21] |
| o test1421: fix typo [109] |
| o test3026: reduce runtime in legacy mingw builds [73] |
| o tests/sshserver.pl: re-enable ssh-rsa while using openssh 8.8+ |
| o tests: add authorityInfoAccess to generated certs [99] |
| o tests: add HTTP/3 test case, custom location for proper nghttpx [106] |
| o tls: backends use connection filters for IO, enabling HTTPS-proxy [92] |
| o tool: determine the correct fopen option for -D [95] |
| o tool_cfgable: free the ssl_ec_curves on exit [142] |
| o tool_cfgable: make socks5_gssapi_nec a boolean [128] |
| o tool_formparse: avoid clobbering on function params [135] |
| o tool_getparam: make --no-get work as the opposite of --get [39] |
| o tool_operate: provide better errmsg for -G with bad URL [16] |
| o tool_operate: when aborting, make sure there is a non-NULL error buffer [20] |
| o tool_paramhlp: free the proto strings on exit [141] |
| o url: move back the IDN conversion of proxy names [74] |
| o urlapi: reject more bad letters from the host name: &+() [143] |
| o urldata: change port num storage to int and unsigned short [66] |
| o vms: remove SIZEOF_SHORT [134] |
| o vtls: fix build without proxy support [38] |
| o vtls: localization of state data in filters [84] |
| o WEBSOCKET.md: fix broken link [30] |
| o Websocket: fixes for partial frames and buffer updates [7] |
| o websockets: fix handling of partial frames [32] |
| o windows: fail early with a missing windres in autotools [5] |
| o windows: fix linking .rc to shared curl with autotools [24] |
| o winidn: drop WANT_IDN_PROTOTYPES [27] |
| o ws: if no connection is around, return error [149] |
| o ws: return CURLE_NOT_BUILT_IN when websockets not built in [34] |
| o x509asn1: avoid freeing unallocated pointers [147] |
| |
| This release includes the following known bugs: |
| |
| o see docs/KNOWN_BUGS (https://curl.se/docs/knownbugs.html) |
| |
| Planned upcoming removals include: |
| |
| o NSS |
| o Support for systems without 64 bit data types |
| |
| See https://curl.se/dev/deprecate.html for details |
| |
| This release would not have looked like this without help, code, reports and |
| advice from friends like these: |
| |
| Adam Averay, Alexandre Ferrieux, Alex Xu, Ali Utku Selen, Andrei Rybak, |
| Andy Alt, Andy Stamp, Anthony Hu, AtariDreams on github, Ayesh Karunaratne, |
| Baitinq on github, Boris Verkhovskiy, BratSinot on github, Casey Bodley, |
| Christian Schmitz, Christopher Sauer, Christoph Reiter, Dan Fandrich, |
| Daniel Faust, Daniel Gustafsson, Daniel Stenberg, David Benjamin, |
| Diogo Teles Sant'Anna, Egor Pugin, Emanuele Torre, Emil Engler, |
| Emil Österlund, Eric Vigeant, Erik Janssen, Fata Nugraha, Felipe Gasper, |
| Frank Gevaerts, Geeknik Labs, Gisle Vanem, godmar on github, Henning Schild, |
| Hiroki Kurosawa, Hirotaka Tagawa, Ikko Ashimine, Jakub Zakrzewski, |
| Joel Depooter, John Sherrill, Jon Rumsey, jvreelanda on github, |
| Karthikdasari0423 on github, Kenneth Myhra, Lorenzo Miniero, Luca Niccoli, |
| Marcel Raad, Marc Hörsken, Mark Gaiser, Max Dymond, Michael Drake, |
| Michael Kaufmann, Michael Musset, Mikhail Kuznetsov, |
| MonkeybreadSoftware on github, Nathan Moinvaziri, Oskar Sigvardsson, |
| Patrick Monnerat, Patrick Schlangen, Peter Piekarski, Philip Chan, |
| Philip Heiduck, Philip Sanetra, Prithvi MK, Randall S. Becker, Ray Satiro, |
| Rob de Wit, Robin Marx, Ryan Schmidt, Sean McArthur, Stefan Eissing, |
| Stephan Guilloux, Stuart Henderson, Thomas Glanzmann, Trail of Bits, |
| u20221022 on github, Viktor Szakats, xianghongai on github, Xì Gà, |
| xtonik on github, Zespre Schmidt |
| (83 contributors) |
| |
| References to bug reports and discussions on issues: |
| |
| [1] = https://curl.se/bug/?i=9799 |
| [2] = https://curl.se/bug/?i=9848 |
| [3] = https://curl.se/bug/?i=9846 |
| [4] = https://curl.se/bug/?i=9844 |
| [5] = https://curl.se/bug/?i=9781 |
| [6] = https://curl.se/bug/?i=9734 |
| [7] = https://curl.se/bug/?i=9890 |
| [8] = https://curl.se/bug/?i=9837 |
| [9] = https://curl.se/bug/?i=9833 |
| [10] = https://curl.se/bug/?i=9834 |
| [11] = https://curl.se/bug/?i=9620 |
| [12] = https://curl.se/bug/?i=9835 |
| [13] = https://curl.se/bug/?i=9832 |
| [14] = https://curl.se/bug/?i=9863 |
| [15] = https://sourceforge.net/p/curl/bugs/846/ |
| [16] = https://curl.se/bug/?i=9889 |
| [17] = https://curl.se/bug/?i=9818 |
| [18] = https://curl.se/bug/?i=9811 |
| [19] = https://curl.se/bug/?i=9813 |
| [20] = https://curl.se/bug/?i=9865 |
| [21] = https://curl.se/bug/?i=9817 |
| [22] = https://curl.se/bug/?i=9810 |
| [23] = https://curl.se/bug/?i=9802 |
| [24] = https://curl.se/bug/?i=9803 |
| [25] = https://curl.se/bug/?i=9783 |
| [26] = https://curl.se/bug/?i=9801 |
| [27] = https://curl.se/bug/?i=9793 |
| [28] = https://curl.se/bug/?i=9796 |
| [29] = https://curl.se/bug/?i=9796 |
| [30] = https://curl.se/mail/lib-2022-10/0097.html |
| [31] = https://curl.se/mail/lib-2022-11/0016.html |
| [32] = https://curl.se/bug/?i=9861 |
| [33] = https://curl.se/bug/?i=9840 |
| [34] = https://curl.se/bug/?i=9851 |
| [35] = https://curl.se/bug/?i=9842 |
| [36] = https://curl.se/bug/?i=9847 |
| [37] = https://curl.se/bug/?i=9820 |
| [38] = https://curl.se/bug/?i=9895 |
| [39] = https://curl.se/bug/?i=9891 |
| [40] = https://curl.se/bug/?i=9885 |
| [41] = https://curl.se/bug/?i=9712 |
| [42] = https://curl.se/bug/?i=9888 |
| [43] = https://curl.se/bug/?i=9855 |
| [44] = https://curl.se/bug/?i=9883 |
| [45] = https://curl.se/bug/?i=9930 |
| [46] = https://curl.se/bug/?i=9442 |
| [47] = https://curl.se/bug/?i=9874 |
| [48] = https://curl.se/bug/?i=9431 |
| [49] = https://curl.se/bug/?i=4750 |
| [50] = https://curl.se/bug/?i=9871 |
| [51] = https://curl.se/bug/?i=9853 |
| [52] = https://curl.se/bug/?i=9691 |
| [53] = https://curl.se/bug/?i=9866 |
| [54] = https://curl.se/bug/?i=9921 |
| [55] = https://curl.se/bug/?i=9903 |
| [56] = https://curl.se/bug/?i=9947 |
| [57] = https://curl.se/bug/?i=9893 |
| [58] = https://curl.se/bug/?i=9667 |
| [59] = https://curl.se/bug/?i=9896 |
| [60] = https://curl.se/bug/?i=9969 |
| [61] = https://curl.se/bug/?i=9849 |
| [62] = https://curl.se/bug/?i=9944 |
| [63] = https://curl.se/bug/?i=9899 |
| [64] = https://curl.se/bug/?i=9899 |
| [65] = https://curl.se/bug/?i=9735 |
| [66] = https://curl.se/bug/?i=9946 |
| [67] = https://curl.se/bug/?i=9583 |
| [68] = https://curl.se/bug/?i=9894 |
| [69] = https://curl.se/bug/?i=9898 |
| [70] = https://curl.se/bug/?i=9940 |
| [71] = https://curl.se/bug/?i=9936 |
| [72] = https://curl.se/bug/?i=10001 |
| [73] = https://curl.se/bug/?i=9412 |
| [74] = https://curl.se/bug/?i=9937 |
| [75] = https://curl.se/bug/?i=2975 |
| [76] = https://curl.se/bug/?i=9938 |
| [77] = https://curl.se/bug/?i=9933 |
| [78] = https://curl.se/bug/?i=9017 |
| [79] = https://curl.se/bug/?i=9928 |
| [80] = https://curl.se/bug/?i=9966 |
| [81] = https://curl.se/bug/?i=9968 |
| [82] = https://curl.se/bug/?i=9959 |
| [83] = https://curl.se/bug/?i=9960 |
| [84] = https://curl.se/bug/?i=9919 |
| [85] = https://curl.se/bug/?i=9953 |
| [86] = https://curl.se/bug/?i=9764 |
| [87] = https://curl.se/bug/?i=10000 |
| [88] = https://curl.se/bug/?i=9973 |
| [89] = https://curl.se/bug/?i=10017 |
| [90] = https://curl.se/bug/?i=9989 |
| [91] = https://curl.se/bug/?i=9994 |
| [92] = https://curl.se/bug/?i=9962 |
| [93] = https://curl.se/bug/?i=10082 |
| [94] = https://curl.se/bug/?i=9927 |
| [95] = https://curl.se/bug/?i=10074 |
| [96] = https://curl.se/bug/?i=9772 |
| [97] = https://curl.se/bug/?i=10009 |
| [98] = https://curl.se/bug/?i=10007 |
| [99] = https://curl.se/bug/?i=9980 |
| [100] = https://curl.se/bug/?i=9950 |
| [101] = https://curl.se/bug/?i=10008 |
| [102] = https://curl.se/bug/?i=9804 |
| [103] = https://curl.se/bug/?i=9978 |
| [104] = https://curl.se/bug/?i=10006 |
| [105] = https://curl.se/bug/?i=10004 |
| [106] = https://curl.se/bug/?i=9031 |
| [107] = https://curl.se/bug/?i=10042 |
| [108] = https://curl.se/bug/?i=10051 |
| [109] = https://curl.se/bug/?i=10055 |
| [110] = https://curl.se/bug/?i=9986 |
| [111] = https://curl.se/bug/?i=9985 |
| [112] = https://curl.se/bug/?i=10052 |
| [113] = https://curl.se/bug/?i=10045 |
| [114] = https://curl.se/bug/?i=10081 |
| [115] = https://curl.se/bug/?i=8896 |
| [116] = https://curl.se/bug/?i=10039 |
| [117] = https://curl.se/bug/?i=10037 |
| [118] = https://curl.se/bug/?i=10036 |
| [119] = https://curl.se/bug/?i=10040 |
| [120] = https://curl.se/bug/?i=10032 |
| [121] = https://curl.se/bug/?i=10034 |
| [122] = https://curl.se/bug/?i=10031 |
| [123] = https://curl.se/bug/?i=10026 |
| [124] = https://curl.se/bug/?i=10024 |
| [125] = https://curl.se/bug/?i=10029 |
| [126] = https://curl.se/bug/?i=10068 |
| [127] = https://curl.se/bug/?i=10101 |
| [128] = https://curl.se/bug/?i=10078 |
| [129] = https://curl.se/bug/?i=10064 |
| [130] = https://curl.se/bug/?i=10106 |
| [131] = https://curl.se/bug/?i=10063 |
| [132] = https://curl.se/bug/?i=10062 |
| [133] = https://curl.se/bug/?i=10049 |
| [134] = https://curl.se/bug/?i=10061 |
| [135] = https://curl.se/bug/?i=10046 |
| [136] = https://curl.se/bug/?i=10057 |
| [137] = https://curl.se/bug/?i=8853 |
| [138] = https://curl.se/bug/?i=10093 |
| [139] = https://curl.se/bug/?i=10099 |
| [140] = https://curl.se/bug/?i=10023 |
| [141] = https://curl.se/bug/?i=10098 |
| [142] = https://curl.se/bug/?i=10097 |
| [143] = https://curl.se/bug/?i=10096 |
| [144] = https://curl.se/bug/?i=10095 |
| [145] = https://curl.se/bug/?i=10088 |
| [146] = https://curl.se/bug/?i=10105 |
| [147] = https://curl.se/bug/?i=10087 |
| [148] = https://curl.se/bug/?i=10089 |
| [149] = https://curl.se/bug/?i=10084 |
| [150] = https://curl.se/bug/?i=10085 |
| [151] = https://curl.se/bug/?i=10094 |
| [152] = https://curl.se/bug/?i=10112 |
| [153] = https://curl.se/bug/?i=10094 |
| [154] = https://curl.se/bug/?i=10111 |
| [155] = https://curl.se/bug/?i=10120 |