| curl and libcurl 8.6.0 |
| |
| Public curl releases: 254 |
| Command line options: 258 |
| curl_easy_setopt() options: 304 |
| Public functions in libcurl: 93 |
| Contributors: 3078 |
| |
| This release includes the following changes: |
| |
| o add CURLE_TOO_LARGE [48] |
| o add CURLINFO_QUEUE_TIME_T [76] |
| o add CURLOPT_SERVER_RESPONSE_TIMEOUT_MS: add [39] |
| o asyn-thread: use GetAddrInfoExW on >= Windows 8 [55] |
| o configure: make libpsl detection failure cause error [109] |
| o docs/cmdline: change to .md for cmdline docs [77] |
| o docs: introduce "curldown" for libcurl man page format [102] |
| o runtests: support -gl. Like -g but for lldb. [47] |
| |
| This release includes the following bugfixes: |
| |
| o altsvc: free 'as' when returning error [23] |
| o appveyor: replace PowerShell with bash + parallel autotools [54] |
| o appveyor: switch to out-of-tree builds [29] |
| o asyn-ares: with modern c-ares, use its default timeout [127] |
| o build: delete unused `HAVE_{GSSHEIMDAL,GSSMIT,HEIMDAL}` [4] |
| o build: enable missing OpenSSF-recommended warnings, with fixes [11] |
| o build: fix `-Wconversion`/`-Wsign-conversion` warnings [26] |
| o build: fix Windows ADDRESS_FAMILY detection [35] |
| o build: more `-Wformat` fixes [40] |
| o build: remove redundant `CURL_PULL_*` settings [8] |
| o cf-h1-proxy: no CURLOPT_USERAGENT in CONNECT with hyper [133] |
| o cf-socket: show errno in tcpkeepalive error messages [120] |
| o CI/distcheck: run full tests [31] |
| o CI: remove unnecessary OpenSSL 3 option `enable-tls1_3` [168] |
| o cmake: add option to disable building docs |
| o cmake: fix generation for system name iOS [53] |
| o cmake: fix typo [5] |
| o cmake: prefill/cache `HAVE_STRUCT_SOCKADDR_STORAGE` [45] |
| o cmake: rework options to enable curl and libcurl docs [161] |
| o cmake: when USE_MANUAL=YES, build the curl.1 man page [113] |
| o cmdline-opts/write-out.d: remove spurious double quotes |
| o cmdline-opts: update availability for the *-ca-native options [66] |
| o cmdline/gen: fix the sorting of the man page options [33] |
| o configure: add libngtcp2_crypto_boringssl detection [155] |
| o configure: fix no default int compile error in ipv6 detection [69] |
| o configure: when enabling QUIC, check that TLS supports QUIC [87] |
| o connect: remove margin from eyeballer alloc [79] |
| o content_encoding: change return code to typedef'ed enum [94] |
| o cookie.d: document use of empty string to enable cookie engine [106] |
| o cookie: avoid fopen with empty file name [24] |
| o curl.h: CURLOPT_DNS_SERVERS is only available with c-ares [131] |
| o curl: show ipfs and ipns as supported "protocols" [15] |
| o curl_easy_getinfo.3: remove the wrong time value count [116] |
| o curl_multi_fdset.3: remove mention of null pointer support [134] |
| o CURLINFO_REFERER.3: clarify that it is the *request* header [70] |
| o CURLOPT_AUTOREFERER.3: mention CURLINFO_REFERER |
| o CURLOPT_POSTFIELDS.3: fix incorrect C string escape in example [27] |
| o CURLOPT_SSH_*_KEYFILE: clarify [57] |
| o dist: add tests/errorcodes.pl to the tarball [6] |
| o docs: clean up Protocols: for cmdline options [32] |
| o docs: describe and highlight super cookies [80] |
| o docs: do not start lines/sentences with So, But nor And [140] |
| o docs: install curl.1 with cmake as well [166] |
| o docs: mention env vars not used by schannel [124] |
| o doh: remove unused local variable [34] |
| o examples: add four new examples [99] |
| o file+ftp: use stack buffers instead of data->state.buffer [138] |
| o ftp: handle the PORT parsing without allocation [44] |
| o ftp: use dynbuf to store entrypath [83] |
| o ftp: use memdup0 to store the OS from a SYST 215 response [82] |
| o ftpserver.pl: send 213 SIZE response without spurious newline |
| o gen.pl: support ## for doing .IP in table-like lists [105] |
| o gen: do italics/bold for a range of letters, not just single word [78] |
| o GHA: add a job scanning for "bad words" in markdown [164] |
| o GHA: bump ngtcp2, gnutls, mod_h2, quiche [158] |
| o gnutls: fix build with --disable-verbose [3] |
| o haproxy-clientip.d: document the arg [68] |
| o headers: make sure the trailing newline is not stored [97] |
| o headers: remove assert from Curl_headers_push [115] |
| o hostip: return error immediately when Curl_ip2addr() fails [19] |
| o hsts: remove assert for zero length domain [96] |
| o http2: improved on_stream_close/data_done handling [49] |
| o http3/quiche: fix result code on a stream reset [91] |
| o http3: initial support for OpenSSL 3.2 QUIC stack [110] |
| o http: adjust_pollset fix [85] |
| o http: check for "Host:" case insensitively [154] |
| o http: fix off-by-one error in request method length check [14] |
| o http: only act on 101 responses when they are HTTP/1.1 [98] |
| o http: remove comment reference to a removed solution [156] |
| o http: use stack scratch buffer [150] |
| o http_proxy: a blank CURLOPT_USERAGENT should not be used in CONNECT [90] |
| o krb5: add prototype to silence clang warnings on mvsnprintf() [119] |
| o lib: add debug log outputs for CURLE_BAD_FUNCTION_ARGUMENT [62] |
| o lib: fix variable undeclared error caused by `infof` changes [2] |
| o lib: reduce use of strncpy [30] |
| o lib: rename Curl_strndup to Curl_memdup0 to avoid misunderstanding [36] |
| o lib: replace readwrite with write_resp [137] |
| o lib: strndup/memdup instead of malloc, memcpy and null-terminate [42] |
| o libssh2: use `libssh2_session_callback_set2()` with v1.11.1 [103] |
| o libssh: improve the deprecation warning dismissal [20] |
| o libssh: supress warnings without version check [18] |
| o Makefile.am: fix the MSVC project generation [22] |
| o Makefile.mk: drop Windows support [12] |
| o mbedtls: fix `-Wnull-dereference` and `-Wredundant-decls` [117] |
| o mbedtls: free the entropy when threaded [46] |
| o mime: use memdup0 instead of malloc + memcpy [63] |
| o mksymbolsmanpage.pl: provide references to where the symbol is used |
| o mprintf: overhaul and bugfixes [52] |
| o mqtt: use stack scratch buffer for recv+publish [148] |
| o multi: remove total timer reset in file_do() while fetching file:// [89] |
| o ngtcp2: put h3 at the front of alpn [58] |
| o ntlm_wb: do not use data->state.buffer any longer [151] |
| o openldap: fix an LDAP crash [75] |
| o openldap: fix STARTTLS [67] |
| o openssl: re-match LibreSSL deinit with init [17] |
| o openssl: when verifystatus fails, remove session id from cache [100] |
| o pingpong: stop using the download buffer [159] |
| o pop3: replace calloc + memcpy with memdup0 [60] |
| o pytest: scorecard tracking CPU and RSS [157] |
| o quiche: return CURLE_HTTP3 on send to invalid stream [65] |
| o readwrite_data: loop less [21] |
| o Revert "urldata: move async resolver state from easy handle to connectdata" [16] |
| o rtsp: deal with borked server responses [129] |
| o runtests: for mode="text" on <stdout>, fix newlines on both parts [64] |
| o sasl: make login option string override http auth [142] |
| o schannel: fix `-Warith-conversion` gcc 13 warning [28] |
| o sectransp: do verify_cert without memdup for blobs [93] |
| o sectransp_ make TLSCipherNameForNumber() available in non-verbose config [1] |
| o sendf: fix compiler warning with CURL_DISABLE_HEADERS_API [38] |
| o setopt: clear mimepost when formp is freed [92] |
| o setopt: use memdup0 when cloning COPYPOSTFIELDS [107] |
| o socks: fix generic output string to say SOCKS instead of SOCKS4 [144] |
| o socks: use own buffer instead of data->state.buffer [143] |
| o ssh: fix namespace of two local macros [51] |
| o ssh: use stack scratch buffer for seeks [146] |
| o strerror: repair get_winsock_error() [56] |
| o system.h: sync mingw `CURL_TYPEOF_CURL_SOCKLEN_T` with other compilers [9] |
| o system_win32: fix a function pointer assignment warning [71] |
| o telnet: use dynbuf instad of malloc for escape buffer [108] |
| o telnet: use stack scratch buffer for do [149] |
| o tests/server: delete workaround for old-mingw [25] |
| o tests: avoid int/size_t conversion size/sign warnings [163] |
| o tests: respect $TMPDIR when creating unix domain sockets [50] |
| o tool: make parser reject blank arguments if not supported [86] |
| o tool: prepend output_dir in header callback [95] |
| o tool_getparam: bsearch cmdline options [74] |
| o tool_getparam: do not try to expand without an argument [59] |
| o tool_getparam: stop supporting `@filename` style for --cookie [121] |
| o tool_listhelp: regenerate after recent .d updates [61] |
| o tool_operate: make --remove-on-error only remove "real" files [125] |
| o tool_operate: stop setting the file comment on Amiga [128] |
| o transfer: adjust_pollset improvements [81] |
| o transfer: fix upload rate limiting, add test cases [37] |
| o transfer: make the select_bits_paused condition check both directions [104] |
| o transfer: remove warning: Value stored to 'blen' is never read [136] |
| o url: don't set default CA paths for Secure Transport backend [126] |
| o url: for disabled protocols, mention if found in redirect [7] |
| o urlapi: remove assert [162] |
| o verify-examples.pl: fail verification on unescaped backslash [72] |
| o version: show only the libpsl version, not its dependencies [130] |
| o vquic: extract TLS setup into own source [88] |
| o vtls: fix missing multissl version info [73] |
| o vtls: receive max buffer [139] |
| o vtls: remove the Curl_cft_ssl_proxy object if CURL_DISABLE_PROXY [41] |
| o websockets: check for negative payload lengths [123] |
| o websockets: refactor decode chain [122] |
| o windows: delete redundant headers [43] |
| o windows: simplify detecting and using system headers [10] |
| o wolfssl: load certificate *chain* for PEM client certs [84] |
| o x509asn1: remove code for WANT_VERIFYHOST [132] |
| o x509asn1: switch from malloc to dynbuf [112] |
| |
| This release includes the following known bugs: |
| |
| o see docs/KNOWN_BUGS (https://curl.se/docs/knownbugs.html) |
| |
| Planned upcoming removals include: |
| |
| o support for space-separated NOPROXY patterns |
| |
| See https://curl.se/dev/deprecate.html for details |
| |
| This release would not have looked like this without help, code, reports and |
| advice from friends like these: |
| |
| Andy Alt, annalee, Baruch Siach, Ben, Boris Verkhovskiy, Brad Harder, |
| bubbleguuum on github, Cajus Pollmeier, calvin2021y on github, Chara White, |
| Chris Sauer, Dan Fandrich, Daniel Gustafsson, Daniel Stenberg, |
| dependabot[bot], Dmitry Karpov, Gabe, Geeknik Labs, Gisle Vanem, |
| Graham Campbell, Hans-Christian Egtvedt, Harry Sintonen, Haydar Alaidrus, |
| hgdagon on github, Hiroki Kurosawa, iAroc on github, ivanfywang, |
| janko-js on github, Jay Wu, Jess Lowe, Karthikdasari0423 on github, |
| Lealem Amedie, Lin Sun, Marcel Raad, Mark Huang, Mark Sinkovics, |
| Mauricio Scheffer, Michał Antoniak, Mike Hommey, Mohammadreza Hendiani, |
| Ozan Cansel, Patrick Monnerat, Pavel Pavlov, promptfuzz_ on hackerone, |
| Ray Satiro, RevaliQaQ on github, Richard Levitte, Scarlett McAllister, |
| Sergey Bronnikov, Sergey Markelov, sfan5 on github, Stefan Eissing, |
| Tatsuhiko Miyagawa, Tatsuhiro Tsujikawa, Theo, Thomas Ferguson, |
| Viktor Szakats, Xi Ruoyao, Yadhu Krishna M, Yedaya Katsman, Yifei Kong, |
| YX Hao, zengwei, zengwei2000, ウさん (65 contributors) |
| |
| References to bug reports and discussions on issues: |
| |
| [1] = https://curl.se/bug/?i=12474 |
| [2] = https://curl.se/bug/?i=12470 |
| [3] = https://curl.se/bug/?i=12505 |
| [4] = https://curl.se/bug/?i=12506 |
| [5] = https://curl.se/bug/?i=12464 |
| [6] = https://curl.se/bug/?i=12462 |
| [7] = https://curl.se/bug/?i=12466 |
| [8] = https://curl.se/bug/?i=12502 |
| [9] = https://curl.se/bug/?i=12501 |
| [10] = https://curl.se/bug/?i=12495 |
| [11] = https://curl.se/bug/?i=12489 |
| [12] = https://curl.se/bug/?i=12224 |
| [14] = https://curl.se/bug/?i=12534 |
| [15] = https://curl.se/mail/archive-2023-12/0026.html |
| [16] = https://curl.se/bug/?i=12524 |
| [17] = https://curl.se/bug/?i=12525 |
| [18] = https://curl.se/bug/?i=12523 |
| [19] = https://curl.se/bug/?i=12522 |
| [20] = https://curl.se/bug/?i=12519 |
| [21] = https://curl.se/bug/?i=12504 |
| [22] = https://curl.se/bug/?i=12564 |
| [23] = https://curl.se/bug/?i=12570 |
| [24] = https://curl.se/bug/?i=12514 |
| [25] = https://curl.se/bug/?i=12510 |
| [26] = https://curl.se/bug/?i=12557 |
| [27] = https://curl.se/bug/?i=12588 |
| [28] = https://curl.se/bug/?i=12616 |
| [29] = https://curl.se/bug/?i=12550 |
| [30] = https://curl.se/bug/?i=12499 |
| [31] = https://curl.se/bug/?i=12503 |
| [32] = https://curl.se/bug/?i=12496 |
| [33] = https://curl.se/mail/archive-2023-12/0014.html |
| [34] = https://curl.se/bug/?i=12491 |
| [35] = https://curl.se/bug/?i=12441 |
| [36] = https://curl.se/bug/?i=12490 |
| [37] = https://curl.se/bug/?i=12559 |
| [38] = https://curl.se/bug/?i=12485 |
| [39] = https://curl.se/bug/?i=12369 |
| [40] = https://curl.se/bug/?i=12540 |
| [41] = https://curl.se/bug/?i=12459 |
| [42] = https://curl.se/bug/?i=12453 |
| [43] = https://curl.se/bug/?i=12539 |
| [44] = https://curl.se/bug/?i=12456 |
| [45] = https://curl.se/bug/?i=12537 |
| [46] = https://curl.se/bug/?i=12584 |
| [47] = https://curl.se/bug/?i=12547 |
| [48] = https://curl.se/bug/?i=12269 |
| [49] = https://curl.se/bug/?i=10936 |
| [50] = https://curl.se/bug/?i=12545 |
| [51] = https://curl.se/bug/?i=12544 |
| [52] = https://curl.se/bug/?i=12561 |
| [53] = https://curl.se/bug/?i=12515 |
| [54] = https://curl.se/bug/?i=12560 |
| [55] = https://curl.se/bug/?i=12481 |
| [56] = https://curl.se/bug/?i=12578 |
| [57] = https://curl.se/bug/?i=12554 |
| [58] = https://curl.se/bug/?i=12576 |
| [59] = https://curl.se/bug/?i=12565 |
| [60] = https://curl.se/bug/?i=12650 |
| [61] = https://curl.se/bug/?i=12612 |
| [62] = https://curl.se/bug/?i=12658 |
| [63] = https://curl.se/bug/?i=12649 |
| [64] = https://curl.se/bug/?i=12612 |
| [65] = https://curl.se/bug/?i=12590 |
| [66] = https://curl.se/bug/?i=12613 |
| [67] = https://curl.se/bug/?i=12610 |
| [68] = https://curl.se/bug/?i=12611 |
| [69] = https://curl.se/bug/?i=12607 |
| [70] = https://curl.se/bug/?i=12605 |
| [71] = https://curl.se/bug/?i=12581 |
| [72] = https://curl.se/bug/?i=12589 |
| [73] = https://curl.se/bug/?i=12599 |
| [74] = https://curl.se/bug/?i=12631 |
| [75] = https://curl.se/bug/?i=12593 |
| [76] = https://curl.se/bug/?i=12368 |
| [77] = https://curl.se/bug/?i=12751 |
| [78] = https://curl.se/bug/?i=12689 |
| [79] = https://curl.se/bug/?i=12647 |
| [80] = https://curl.se/bug/?i=12687 |
| [81] = https://curl.se/bug/?i=12640 |
| [82] = https://curl.se/bug/?i=12639 |
| [83] = https://curl.se/bug/?i=12638 |
| [84] = https://curl.se/bug/?i=12634 |
| [85] = https://curl.se/bug/?i=12632 |
| [86] = https://curl.se/bug/?i=12620 |
| [87] = https://curl.se/bug/?i=12683 |
| [88] = https://curl.se/bug/?i=12678 |
| [89] = https://curl.se/bug/?i=12682 |
| [90] = https://curl.se/bug/?i=12680 |
| [91] = https://curl.se/bug/?i=12629 |
| [92] = https://curl.se/bug/?i=12608 |
| [93] = https://curl.se/bug/?i=12679 |
| [94] = https://curl.se/bug/?i=12618 |
| [95] = https://curl.se/bug/?i=12614 |
| [96] = https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65661 |
| [97] = https://curl.se/mail/lib-2024-01/0019.html |
| [98] = https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66184 |
| [99] = https://curl.se/bug/?i=12671 |
| [100] = https://curl.se/bug/?i=12760 |
| [102] = https://curl.se/bug/?i=12730 |
| [103] = https://curl.se/bug/?i=12754 |
| [104] = https://curl.se/mail/lib-2024-01/0049.html |
| [105] = https://curl.se/bug/?i=12667 |
| [106] = https://curl.se/bug/?i=12643 |
| [107] = https://curl.se/bug/?i=12651 |
| [108] = https://curl.se/bug/?i=12652 |
| [109] = https://curl.se/bug/?i=12661 |
| [110] = https://curl.se/bug/?i=12734 |
| [112] = https://curl.se/bug/?i=12808 |
| [113] = https://curl.se/bug/?i=12742 |
| [115] = https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65839 |
| [116] = https://curl.se/bug/?i=12727 |
| [117] = https://curl.se/bug/?i=12720 |
| [119] = https://curl.se/bug/?i=12803 |
| [120] = https://curl.se/bug/?i=12726 |
| [121] = https://curl.se/bug/?i=12645 |
| [122] = https://curl.se/bug/?i=12713 |
| [123] = https://curl.se/bug/?i=12707 |
| [124] = https://curl.se/bug/?i=12711 |
| [125] = https://curl.se/bug/?i=12710 |
| [126] = https://curl.se/bug/?i=12704 |
| [127] = https://curl.se/bug/?i=12703 |
| [128] = https://curl.se/bug/?i=12709 |
| [129] = https://curl.se/bug/?i=12701 |
| [130] = https://curl.se/bug/?i=12700 |
| [131] = https://curl.se/bug/?i=12695 |
| [132] = https://curl.se/bug/?i=12804 |
| [133] = https://curl.se/bug/?i=12697 |
| [134] = https://curl.se/bug/?i=12691 |
| [136] = https://curl.se/bug/?i=12693 |
| [137] = https://curl.se/bug/?i=12480 |
| [138] = https://curl.se/bug/?i=12789 |
| [139] = https://curl.se/bug/?i=12801 |
| [140] = https://curl.se/bug/?i=12802 |
| [142] = https://curl.se/bug/?i=10259 |
| [143] = https://curl.se/bug/?i=12788 |
| [144] = https://curl.se/bug/?i=12797 |
| [146] = https://curl.se/bug/?i=12794 |
| [148] = https://curl.se/bug/?i=12792 |
| [149] = https://curl.se/bug/?i=12793 |
| [150] = https://curl.se/bug/?i=12791 |
| [151] = https://curl.se/bug/?i=12787 |
| [154] = https://curl.se/bug/?i=12784 |
| [155] = https://curl.se/bug/?i=12724 |
| [156] = https://curl.se/bug/?i=12785 |
| [157] = https://curl.se/bug/?i=12765 |
| [158] = https://curl.se/bug/?i=12778 |
| [159] = https://curl.se/bug/?i=12757 |
| [161] = https://curl.se/bug/?i=12773 |
| [162] = https://curl.se/bug/?i=12775 |
| [163] = https://curl.se/bug/?i=12768 |
| [164] = https://curl.se/bug/?i=12764 |
| [166] = https://curl.se/bug/?i=12759 |
| [168] = https://curl.se/bug/?i=12758 |