| curl and libcurl 8.1.0 |
| |
| Public curl releases: 217 |
| Command line options: 251 |
| curl_easy_setopt() options: 302 |
| Public functions in libcurl: 91 |
| Contributors: 2867 |
| |
| This release includes the following changes: |
| |
| o curl: add --proxy-http2 [62] |
| o CURLPROXY_HTTPS2: for HTTPS proxy that may speak HTTP/2 [57] |
| o proxy: http2 proxy tunnel implementation [68] |
| o tool_writeout: add URL component variables [41] |
| |
| This release includes the following bugfixes: |
| |
| o amiga: Fix CA certificate paths for AmiSSL and MorphOS [150] |
| o autotools: sync up clang picky warnings with cmake [114] |
| o bufq: simplify since expression is always true [72] |
| o cf-h1-proxy: skip an extra NULL assign [80] |
| o cf-h2-proxy: fix processing ingress to stop too early [76] |
| o cf-socket: add socket recv buffering for most tcp cases [90] |
| o cf-socket: Disable socket receive buffer by default [75] |
| o cf-socket: remove dead code discovered by PVS [82] |
| o cf-socket: turn off IPV6_V6ONLY on Windows if it is supported [123] |
| o checksrc: check for spaces before the colon of switch labels [160] |
| o checksrc: find bad indentation in conditions without open brace [152] |
| o checksrc: fix SPACEBEFOREPAREN for conditions starting with "*" [115] |
| o ci: `-Wno-vla` no longer necessary [158] |
| o CI: fix brew retries on GHA |
| o CI: Set minimal permissions on workflow ngtcp2-quictls.yml [153] |
| o CI: skip Azure for commits which change only GHA |
| o CI: use another glob syntax for matching files on Appveyor |
| o cmake: bring in the network library on Haiku [9] |
| o cmake: do not add zlib headers for openssl [49] |
| o CMake: make config version 8 compatible with 7 [28] |
| o cmake: picky-linker fixes for openssl, ZLIB, H3 and more [31] |
| o cmake: set SONAME for SunOS too [3] |
| o cmake: speed up and extend picky clang/gcc options [116] |
| o CMakeLists.txt: fix typo for Haiku detection [95] |
| o compressed.d: clarify the words on "not notifying headers" [163] |
| o config-dos.h: fix SIZEOF_CURL_OFF_T for MS-DOS/DJGPP [52] |
| o configure: don't set HAVE_WRITABLE_ARGV on Windows [64] |
| o configure: fix detection of apxs (for httpd) [157] |
| o configure: make quiche require quiche_conn_send_ack_eliciting [46] |
| o connect: fix https connection setup to treat ssl_mode correctly [94] |
| o content_encoding: only do tranfer-encoding compression if asked to [61] |
| o cookie: address PVS nits [74] |
| o cookie: clarify that init with data set to NULL reads no file [99] |
| o curl: do NOT append file name to path for upload when there's a query [58] |
| o curl_easy_getinfo.3: typo fix (duplicated "from the") [43] |
| o curl_easy_unescape.3: rename the argument [113] |
| o curl_path: bring back support for SFTP path ending in /~ [130] |
| o curl_url_set.3: mention that users can set content rather freely [105] |
| o CURLOPT_IPRESOLVE.3: this for host names, not IP addresses [165] |
| o data.d: emphasize no conversion [5] |
| o digest: clear target buffer [8] |
| o doc: curl_mime_init() strong easy binding was relaxed in 7.87.0 [26] |
| o docs/cmdline-opts: document the dotless config path [1] |
| o docs/examples/protofeats.c: outputs all protocols and features [110] |
| o docs/libcurl/curl_*escape.3: rename "url" argument to "input"/"string" [131] |
| o docs/SECURITY-ADVISORY.md: how to write a curl security advisory [128] |
| o docs: bump the minimum perl version to 5.6 |
| o docs: clarify that more backends have HTTPS proxy support [127] |
| o dynbuf: never allocate larger than "toobig" [17] |
| o easy_cleanup: require a "good" handle to act [149] |
| o ftp: fix 'portsock' variable was assigned the same value [78] |
| o ftp: remove dead code [79] |
| o ftplistparser: move out private data from public struct [20] |
| o ftplistparser: replace realloc with dynbuf [18] |
| o gen.pl: error on duplicated See-Also fields [102] |
| o getpart: better handle case of file not found |
| o GHA-linux: add an address-sanitizer build [15] |
| o GHA: add a memory-sanitizer job [2] |
| o GHA: run all linux test jobs with valgrind [14] |
| o GHA: suppress git clone output [89] |
| o GHA: update ngtcp2-*.yml to v0.10.0 [21] |
| o gskit: various compile errors in OS400 [12] |
| o h2/h3: replace `state.drain` counter with `state.dselect_bits` [141] |
| o hash: fix assigning same value [73] |
| o hostcheck: fix host name wildcard checking [134] |
| o hostip: add locks around use of global buffer for alarm() [129] |
| o hostip: enforce a maximum DNS cache size independent of timeout value [166] |
| o hostip: refuse to resolve the .onion TLD [19] |
| o HTTP-COOKIES.md: mention the #HttpOnly_ prefix [16] |
| o http2: always EXPIRE_RUN_NOW unpaused http/2 transfers [139] |
| o http2: do flow window accounting for cancelled streams [155] |
| o http2: enlarge the connection window [101] |
| o http2: flow control and buffer improvements [54] |
| o http2: move HTTP/2 stream vars into local context [67] |
| o http2: pass `stream` to http2_handle_stream_close to avoid NULL checks [140] |
| o http2: remove unused Curl_http2_strerror function declaration [108] |
| o HTTP3/quiche: terminate h1 response header when no body is sent [112] |
| o http3: check stream_ctx more thoroughly in all backends [77] |
| o HTTP3: document the ngtcp2/nghttp3 versions to use for building curl [143] |
| o http3: expire unpaused transfers in all HTTP/3 backends [138] |
| o http3: improvements across backends [51] |
| o http: free the url before storing a new copy [162] |
| o http: skip a double NULL assign [83] |
| o ipv4.d/ipv6.d: they are "mutex", not "boolean" [122] |
| o KNOWN_BUGS: remove fixed or outdated issues, move non-bugs [65] |
| o lib/cmake: add HAVE_WRITABLE_ARGV check [63] |
| o lib/sha256.c: typo fix in comment (duplicated "is available") [40] |
| o lib1560: verify that more bad host names are rejected [104] |
| o lib: add `bufq` and `dynhds` [34] |
| o lib: remove CURLX_NO_MEMORY_CALLBACKS [55] |
| o lib: unify the upload/method handling [144] |
| o lib: use correct printf flags for sockets and timediffs [36] |
| o libssh2: fix crash in keyboard callback [126] |
| o libssh2: free fingerprint better [164] |
| o libssh: tell it to use SFTP non-blocking [59] |
| o man pages: simplify the .TH sections [133] |
| o MANUAL.md: add dict example for looking up a single definition [132] |
| o mime: skip NULL assigns after Curl_safefree() [84] |
| o multi: add handle asserts in DEBUG builds [11] |
| o multi: add multi-ignore logic to multi_socket_action [154] |
| o multi: free up more data earleier in DONE [118] |
| o multi: remove a few superfluous assigns [97] |
| o multi: remove PENDING + MSGSENT handles from the main linked list [23] |
| o ngtcp2: adapted to 0.15.0 [151] |
| o ngtcp2: adjust config and code checks for ngtcp2 without nghttp3 [4] |
| o noproxy: pointer to local array 'hostip' is stored outside scope [93] |
| o ntlm: clear lm and nt response buffers before use [7] |
| o openssl: interop with AWS-LC [30] |
| o OS400: fix and complete ILE/RPG binding [96] |
| o OS400: implement EBCDIC support for recent features [100] |
| o OS400: improve vararg emulation [92] |
| o OS400: provide ILE/RPG usage examples [81] |
| o pingpong: fix compiler warning "assigning an enum to unsigned char" [156] |
| o pytest: improvements for suitable curl and error output [35] |
| o quiche: disable pacing while pacing is not actually performed [148] |
| o quiche: Enable IDLE egress handling [109] |
| o RELEASE-PROCEDURE: update to new schedule [25] |
| o rtsp: convert mallocs to dynbuf for RTP buffering [37] |
| o rtsp: skip malformed RTSP interleaved frame data [33] |
| o rtsp: skip NULL assigns after Curl_safefree() [85] |
| o runtests: die if curl version can be found [10] |
| o runtests: don't start servers if -l is given |
| o runtests: fix -c option when run with valgrind [145] |
| o runtests: fix quoting in Appveyor and Azure test integration [117] |
| o runtests: lots of refactoring |
| o runtests: refactor into more packages [60] |
| o runtests: show error message if file can't be written |
| o runtests: spawn a new process for the test runner [146] |
| o rustls: fix error in recv handling [50] |
| o schannel: add clarifying comment [98] |
| o server/getpart: clear target buffer before load [6] |
| o smb: remove double assign [86] |
| o smbserver: remove temporary files before exit [135] |
| o socketpair: verify with a random value [142] |
| o telnet: simplify the implementation of str_is_nonascii() [42] |
| o test1169: fix so it works properly everywhere [106] |
| o test1592: add flaky keyword [39] |
| o test1960: point to the correct path for the precheck tool |
| o test303: kill server after test |
| o tests/http: add timeout to running curl in test cases [24] |
| o tests/http: fix log formatting on wrong exit code [27] |
| o tests/http: fix out-of-tree builds [121] |
| o tests/http: improved httpd detection [45] |
| o tests/http: more tests with specific clients [125] |
| o tests/http: relax connection check in test_07_02 [53] |
| o tests/keywords.pl: remove [111] |
| o tests/libtest/lib1900.c: remove |
| o tests/sshserver.pl: Define AddressFamily earlier [103] |
| o tests: 1078 1288 1297 use valid IPv4 addresses |
| o tests: document that the unittest keyword is special |
| o tests: increase sws timeout for more robust testing [66] |
| o tests: log a too-long Unix socket path in sws and socksd |
| o tests: make test_12_01 a bit more forgiving on connection counts |
| o tests: move pidfiles and portfiles under the log directory [48] |
| o tests: move server config files under the pid dir [47] |
| o tests: silence some Perl::Critic warnings in test suite [56] |
| o tests: stop using strndup(), which isn't portable |
| o tests: switch to 3-argument open in test suite |
| o tests: turn perl modules into full packages |
| o tests: use %LOGDIR to refer to the log directory |
| o tool_cb_hdr: Fix 'Location:' formatting for early VTE terminals [147] |
| o tool_operate: pass a long as CURLOPT_HEADEROPT argument [13] |
| o tool_operate: refuse (--data or --form) and --continue-at combo [119] |
| o transfer: refuse POSTFIELDS + RESUME_FROM combo [120] |
| o transfer: skip extra assign [87] |
| o url: fix PVS nits [71] |
| o url: remove call to Curl_llist_destroy in Curl_close [22] |
| o urlapi: cleanups and improvements [91] |
| o urlapi: detect and error on illegal IPv4 addresses [70] |
| o urlapi: prevent setting invalid schemes with *url_set() [107] |
| o urlapi: skip a pointless assign [88] |
| o urlapi: URL encoding for the URL missed the fragment [29] |
| o urldata: copy CURLOPT_AWS_SIGV4 value on handle duplication [137] |
| o urldata: shrink *select_bits int => unsigned char [124] |
| o vlts: use full buffer size when receiving data if possible [32] |
| o vtls and h2 improvements [69] |
| o Websocket: enhanced en-/decoding [136] |
| o wolfssl.yml: bump to version 5.6.0 [44] |
| o ws: handle reads before EAGAIN better [38] |
| |
| This release includes the following known bugs: |
| |
| o see docs/KNOWN_BUGS (https://curl.se/docs/knownbugs.html) |
| |
| Planned upcoming removals include: |
| |
| o gskit |
| o NSS |
| o support for space-separated NOPROXY patterns |
| o support for the original legacy mingw version 1 |
| |
| See https://curl.se/dev/deprecate.html for details |
| |
| This release would not have looked like this without help, code, reports and |
| advice from friends like these: |
| |
| Ali Khodkar, Andreas Falkenhahn, Andreas Huebner, Andy Alt, Arne Soete, |
| Ben Fritz, Biswapriyo Nath, Boris Kuschel, Brian Lund, Chloe Kudryavtsev, |
| Colman Mbuya, Dan Fandrich, Dan Frandrich, Daniel Stenberg, |
| dengjfzh on github, Diogo Teles Sant'Anna, Dirk Rosenkranz, Douglas R. Reno, |
| Dylan Anthony, eaglegai on github, Emanuele Torre, Emil Engler, |
| François Michel, Frank Gevaerts, Gisle Vanem, Harry Sintonen, |
| Hiroki Kurosawa, Jakub Zakrzewski, Jim King, Jon Rumsey, Josh McCullough, |
| Kai Pastor, Kamil Dudka, Kvarec Lezki, kwind on github, Marcel Raad, |
| Matt Jolly, Micah Snyder), nobedee on github, Oliver Chang, Osaila on github, |
| Patrick Monnerat, Paul Howarth, Pavel Mayorov, Paweł Wegner, Philip Heiduck, |
| Ray Satiro, Ronan Pigott, Sevan Janiyan, simplerobot on github, |
| Smackd0wn on github, Stefan Eissing, SuperIlu on github, Viktor Szakats, |
| Wei Chong Tan, YX Hao |
| (56 contributors) |
| |
| References to bug reports and discussions on issues: |
| |
| [1] = https://curl.se/bug/?i=10849 |
| [2] = https://curl.se/bug/?i=10815 |
| [3] = https://curl.se/bug/?i=10816 |
| [4] = https://curl.se/bug/?i=10793 |
| [5] = https://curl.se/bug/?i=10823 |
| [6] = https://curl.se/bug/?i=10822 |
| [7] = https://curl.se/bug/?i=10814 |
| [8] = https://curl.se/bug/?i=10814 |
| [9] = https://curl.se/bug/?i=10296 |
| [10] = https://curl.se/bug/?i=10813 |
| [11] = https://curl.se/bug/?i=10812 |
| [12] = https://curl.se/bug/?i=10799 |
| [13] = https://curl.se/bug/?i=10798 |
| [14] = https://curl.se/bug/?i=10798 |
| [15] = https://curl.se/bug/?i=10810 |
| [16] = https://curl.se/bug/?i=10847 |
| [17] = https://curl.se/bug/?i=10845 |
| [18] = https://curl.se/bug/?i=10844 |
| [19] = https://curl.se/bug/?i=543 |
| [20] = https://curl.se/bug/?i=10844 |
| [21] = https://curl.se/bug/?i=10612 |
| [22] = https://curl.se/bug/?i=10846 |
| [23] = https://curl.se/bug/?i=10801 |
| [24] = https://curl.se/bug/?i=10783 |
| [25] = https://curl.se/bug/?i=10827 |
| [26] = https://curl.se/bug/?i=10834 |
| [27] = https://curl.se/bug/?i=10868 |
| [28] = https://curl.se/bug/?i=10819 |
| [29] = https://curl.se/bug/?i=10887 |
| [30] = https://curl.se/bug/?i=10320 |
| [31] = https://curl.se/bug/?i=10857 |
| [32] = https://curl.se/bug/?i=10736 |
| [33] = https://curl.se/bug/?i=10808 |
| [34] = https://curl.se/bug/?i=10720 |
| [35] = https://curl.se/bug/?i=10829 |
| [36] = https://curl.se/bug/?i=10737 |
| [37] = https://curl.se/bug/?i=10786 |
| [38] = https://curl.se/bug/?i=10831 |
| [39] = https://curl.se/bug/?i=10860 |
| [40] = https://curl.se/bug/?i=10851 |
| [41] = https://curl.se/bug/?i=10853 |
| [42] = https://curl.se/bug/?i=10852 |
| [43] = https://curl.se/bug/?i=10850 |
| [44] = https://curl.se/bug/?i=10843 |
| [45] = https://curl.se/bug/?i=10879 |
| [46] = https://curl.se/bug/?i=10886 |
| [47] = https://curl.se/bug/?i=10875 |
| [48] = https://curl.se/bug/?i=10874 |
| [49] = https://curl.se/bug/?i=10878 |
| [50] = https://curl.se/bug/?i=10876 |
| [51] = https://curl.se/bug/?i=10772 |
| [52] = https://curl.se/bug/?i=10905 |
| [53] = https://curl.se/bug/?i=10865 |
| [54] = https://curl.se/bug/?i=10771 |
| [55] = https://curl.se/bug/?i=10908 |
| [56] = https://curl.se/bug/?i=10861 |
| [57] = https://curl.se/bug/?i=10900 |
| [58] = https://curl.se/mail/archive-2023-04/0008.html |
| [59] = https://curl.se/bug/?i=11020 |
| [60] = https://curl.se/bug/?i=10995 |
| [61] = https://curl.se/bug/?i=10899 |
| [62] = https://curl.se/bug/?i=10926 |
| [63] = https://curl.se/bug/?i=10896 |
| [64] = https://curl.se/bug/?i=10896 |
| [65] = https://curl.se/bug/?i=10963 |
| [66] = https://curl.se/bug/?i=10898 |
| [67] = https://curl.se/bug/?i=10877 |
| [68] = https://curl.se/bug/?i=10780 |
| [69] = https://curl.se/bug/?i=10891 |
| [70] = https://curl.se/bug/?i=10894 |
| [71] = https://curl.se/bug/?i=10959 |
| [72] = https://curl.se/bug/?i=10958 |
| [73] = https://curl.se/bug/?i=10956 |
| [74] = https://curl.se/bug/?i=10954 |
| [75] = https://curl.se/bug/?i=10961 |
| [76] = https://curl.se/bug/?i=10952 |
| [77] = https://curl.se/bug/?i=10951 |
| [78] = https://curl.se/bug/?i=10955 |
| [79] = https://curl.se/bug/?i=10957 |
| [80] = https://curl.se/bug/?i=10953 |
| [81] = https://curl.se/bug/?i=10994 |
| [82] = https://curl.se/bug/?i=10960 |
| [83] = https://curl.se/bug/?i=10950 |
| [84] = https://curl.se/bug/?i=10947 |
| [85] = https://curl.se/bug/?i=10946 |
| [86] = https://curl.se/bug/?i=10945 |
| [87] = https://curl.se/bug/?i=10944 |
| [88] = https://curl.se/bug/?i=10943 |
| [89] = https://curl.se/bug/?i=10939 |
| [90] = https://curl.se/bug/?i=10787 |
| [91] = https://curl.se/bug/?i=10935 |
| [92] = https://curl.se/bug/?i=10994 |
| [93] = https://curl.se/bug/?i=10933 |
| [94] = https://curl.se/bug/?i=10934 |
| [95] = https://curl.se/bug/?i=10937 |
| [96] = https://curl.se/bug/?i=10994 |
| [97] = https://curl.se/bug/?i=10932 |
| [98] = https://curl.se/bug/?i=10931 |
| [99] = https://curl.se/bug/?i=10930 |
| [100] = https://curl.se/bug/?i=10994 |
| [101] = https://curl.se/bug/?i=10988 |
| [102] = https://curl.se/bug/?i=10925 |
| [103] = https://curl.se/bug/?i=10983 |
| [104] = https://curl.se/bug/?i=10922 |
| [105] = https://curl.se/bug/?i=10921 |
| [106] = https://curl.se/bug/?i=10889 |
| [107] = https://curl.se/bug/?i=10911 |
| [108] = https://curl.se/bug/?i=10912 |
| [109] = https://curl.se/bug/?i=11000 |
| [110] = https://curl.se/bug/?i=10991 |
| [111] = https://curl.se/bug/?i=10895 |
| [112] = https://curl.se/bug/?i=11003 |
| [113] = https://curl.se/bug/?i=10979 |
| [114] = https://curl.se/bug/?i=10974 |
| [115] = https://curl.se/bug/?i=11044 |
| [116] = https://curl.se/bug/?i=10973 |
| [117] = https://curl.se/bug/?i=11010 |
| [118] = https://curl.se/bug/?i=10971 |
| [119] = https://curl.se/bug/?i=11081 |
| [120] = https://curl.se/bug/?i=11081 |
| [121] = https://curl.se/bug/?i=11036 |
| [122] = https://curl.se/bug/?i=11085 |
| [123] = https://curl.se/bug/?i=10975 |
| [124] = https://curl.se/bug/?i=11025 |
| [125] = https://curl.se/bug/?i=11006 |
| [126] = https://curl.se/bug/?i=11024 |
| [127] = https://curl.se/bug/?i=11033 |
| [128] = https://curl.se/bug/?i=11080 |
| [129] = https://curl.se/bug/?i=11030 |
| [130] = https://curl.se/bug/?i=11001 |
| [131] = https://curl.se/bug/?i=11027 |
| [132] = https://curl.se/bug/?i=11077 |
| [133] = https://curl.se/bug/?i=11029 |
| [134] = https://curl.se/bug/?i=11018 |
| [135] = https://curl.se/bug/?i=10990 |
| [136] = https://curl.se/bug/?i=10962 |
| [137] = https://curl.se/bug/?i=11021 |
| [138] = https://curl.se/bug/?i=11005 |
| [139] = https://curl.se/bug/?i=11005 |
| [140] = https://curl.se/bug/?i=11005 |
| [141] = https://curl.se/bug/?i=11005 |
| [142] = https://curl.se/bug/?i=10993 |
| [143] = https://curl.se/bug/?i=11019 |
| [144] = https://curl.se/bug/?i=11017 |
| [145] = https://curl.se/bug/?i=11074 |
| [146] = https://curl.se/bug/?i=11064 |
| [147] = https://curl.se/bug/?i=10428 |
| [148] = https://curl.se/bug/?i=11068 |
| [149] = https://curl.se/bug/?i=11061 |
| [150] = https://curl.se/bug/?i=11059 |
| [151] = https://curl.se/bug/?i=11031 |
| [152] = https://curl.se/bug/?i=11054 |
| [153] = https://curl.se/bug/?i=11055 |
| [154] = https://curl.se/bug/?i=11045 |
| [155] = https://curl.se/bug/?i=11052 |
| [156] = https://curl.se/bug/?i=11050 |
| [157] = https://curl.se/bug/?i=11051 |
| [158] = https://curl.se/bug/?i=11048 |
| [160] = https://curl.se/bug/?i=11047 |
| [162] = https://curl.se/bug/?i=11093 |
| [163] = https://curl.se/bug/?i=11091 |
| [164] = https://curl.se/bug/?i=11088 |
| [165] = https://curl.se/bug/?i=11087 |
| [166] = https://curl.se/bug/?i=11084 |