2
0

RELEASE-NOTES 14 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306
  1. curl and libcurl 8.4.0
  2. Public curl releases: 252
  3. Command line options: 258
  4. curl_easy_setopt() options: 303
  5. Public functions in libcurl: 93
  6. Contributors: 2995
  7. This release includes the following changes:
  8. o curl: add support for the IPFS protocols via HTTP gateway [46]
  9. o curl_multi_get_handles: get easy handles from a multi handle [20]
  10. o mingw: delete support for legacy mingw.org toolchain [45]
  11. This release includes the following bugfixes:
  12. o acinclude.m4: Document proper system truststore on FreeBSD [83]
  13. o appveyor: fix yamlint issues, indent [67]
  14. o appveyor: rewrite batch in PowerShell + CI improvements [109]
  15. o autotools: adjust `CURL_CA_PATH` value to CMake [53]
  16. o autotools: restore `HAVE_IOCTL_*` detections [111]
  17. o base64: also build for curl [78]
  18. o bufq: remove Curl_bufq_skip_and_shift (unused) [47]
  19. o build: delete checks for C89 standard headers [65]
  20. o build: do not publish `HAVE_BORINGSSL`, `HAVE_AWSLC` macros [114]
  21. o cf-socket: simulate slow/blocked receives in debug [120]
  22. o cmake, configure: also link with CoreServices [32]
  23. o cmake: add check for suseconds_t [91]
  24. o cmake: add feature checks for `memrchr` and `getifaddrs` [57]
  25. o cmake: add missing checks [86]
  26. o cmake: delete old `HAVE_LDAP_URL_PARSE` logic [105]
  27. o cmake: detect `HAVE_CLOCK_GETTIME_MONOTONIC_RAW` [75]
  28. o cmake: detect `HAVE_GETADDRINFO_THREADSAFE` [76]
  29. o cmake: detect `sys/wait.h` and `netinet/udp.h` [61]
  30. o cmake: detect TLS-SRP in OpenSSL/wolfSSL/GnuTLS [93]
  31. o cmake: disable unity mode with Windows Unicode + TrackMemory [108]
  32. o cmake: fix `HAVE_LDAP_SSL`, `HAVE_LDAP_URL_PARSE` on non-Windows [110]
  33. o cmake: fix `HAVE_WRITABLE_ARGV` detection [77]
  34. o cmake: fix duplicate symbols when linking tests [73]
  35. o cmake: fix missing `zlib.h` when compiling `libcurltool` [72]
  36. o cmake: fix stderr initialization in unity builds [71]
  37. o cmake: fix the help text to the static build option in CMakeLists.txt [10]
  38. o cmake: fix unity builds for more build combinations [96]
  39. o cmake: fix unity symbol collisions in h2 builds [48]
  40. o cmake: fix unity with Windows Unicode + TrackMemory [107]
  41. o cmake: improve OpenLDAP builds [92]
  42. o cmake: lib `CURL_STATICLIB` fixes (Windows) [74]
  43. o cmake: move global headers to specific checks [58]
  44. o cmake: pre-cache `HAVE_BASENAME` for mingw-w64 and MSVC [85]
  45. o cmake: pre-cache `HAVE_POLL_FINE` on Windows [36]
  46. o cmake: tidy-up `NOT_NEED_LBER_H` detection
  47. o cmake: validate `CURL_DEFAULT_SSL_BACKEND` config value [50]
  48. o configure: check for the capath by default [63]
  49. o configure: remove unused checks [87]
  50. o configure: replace adhoc domain with `localhost` in tests [79]
  51. o configure: sort AC_CHECK_FUNCS
  52. o connect: expire the timeout when trying next [54]
  53. o connect: only start the happy eyeballs timer when needed [95]
  54. o cookie: do not store the expire or max-age strings [16]
  55. o cookie: remove unnecessary struct fields [17]
  56. o cookie: set ->running in cookie_init even if data is NULL [5]
  57. o create-dirs.d: clarify it also uses --output-dirs [66]
  58. o curl.h: mark CURLSSLBACKEND_NSS as deprecated since 8.3.0 [18]
  59. o curl_easy_pause.3: mention h2/h3 buffering [113]
  60. o curl_easy_pause.3: mention it works within callbacks [112]
  61. o curl_easy_pause: set "in callback" true on exit if true [100]
  62. o CURLOPT_DEBUGFUNCTION.3: warn about internal handles [122]
  63. o docs/libcurl/opts/Makefile.inc: add missing manpage files
  64. o docs: adapt SEE ALSO sections to new requirements [52]
  65. o docs: explain how PINNEDPUBLICKEY is independent of VERIFYPEER [68]
  66. o docs: replace made up domains with example.com [82]
  67. o docs: update curl man page references [89]
  68. o docs: use CURLSSLBACKEND_NONE [19]
  69. o doh: inherit DEBUGFUNCTION/DATA [12]
  70. o escape: replace Curl_isunreserved with ISUNRESERVED [2]
  71. o FAQ: How do I upgrade curl.exe in Windows? [84]
  72. o GHA/linux: run singleuse to detect single-use global functions [35]
  73. o GHA: add workflow to compare configure vs cmake outputs [102]
  74. o h2-proxy: remove left-over mistake in drain_tunnel() [7]
  75. o h2: testcase and fix for pausing h2 streams [49]
  76. o h3: add support for ngtcp2 with AWS-LC builds [103]
  77. o http2: refused stream handling for retry [121]
  78. o http: fix CURL_DISABLE_BEARER_AUTH breakage [28]
  79. o http: h1/h2 proxy unification [21]
  80. o http: remove wrong comment for http_should_fail [55]
  81. o http: use per-request counter to check too large headers [6]
  82. o http_aws_sigv4: fix sorting with empty parts [13]
  83. o idn: fix WinIDN null ptr deref on bad host [90]
  84. o idn: if idn2_check_version returns NULL, return error [27]
  85. o inet_ntop: add typecast to silence Coverity [51]
  86. o lib: disambiguate Curl_client_write flag semantics [24]
  87. o lib: enable hmac for digest as well [26]
  88. o lib: failf/infof compiler warnings [8]
  89. o lib: let the max filesize option stop too big transfers too [44]
  90. o lib: move handling of `data->req.writer_stack` into Curl_client_write() [97]
  91. o lib: provide and use Curl_hexencode [62]
  92. o lib: remove TIME_WITH_SYS_TIME [88]
  93. o lib: use wrapper for curl_mime_data fseek callback [30]
  94. o libssh2: fix error message on failed pubkey-from-file [22]
  95. o libssh: cap SFTP packet size sent [14]
  96. o Makefile.mk: always set `CURL_STATICLIB` for lib (Windows) [42]
  97. o MANUAL.md: change domain to example.com [11]
  98. o misc: better random strings [15]
  99. o MQTT: improve receive of ACKs [125]
  100. o multi: do CURLM_CALL_MULTI_PERFORM at two more places [99]
  101. o multi: fix small timeouts [70]
  102. o multi: remove Curl_multi_dump [37]
  103. o multi: round the timeout up to prevent early wakeups [98]
  104. o multi: set CURLM_CALL_MULTI_PERFORM after switch to DOING_MORE [115]
  105. o openssl: improve ssl shutdown handling [69]
  106. o openssl: use X509_ALGOR_get0 instead of reaching into X509_ALGOR [104]
  107. o pytest: exclude test_03_goaway in CI runs due to timing dependency [23]
  108. o quic: set ciphers/curves the same way regular TLS does [43]
  109. o quiche: fix build error with --with-ca-fallback [1]
  110. o RELEASE-PROCEDURE.md: updated coming release dates
  111. o runtests: display the test status if tests appear hung [81]
  112. o runtests: eliminate a warning on old perl versions
  113. o socks: return error if hostname too long for remote resolve [118]
  114. o src/mkhelp: make generated code pass `checksrc` [59]
  115. o test1056: disable on Windows
  116. o test1474: disable test on NetBSD, OpenBSD and Solaris 10 [31]
  117. o test1592: greatly increase the maximum test timeout
  118. o test1903: actually verify the cookies after the test [116]
  119. o test1906: set a lower timeout since it's hit on Windows [117]
  120. o test2600: remove special case handling for USE_ALARM_TIMEOUT [3]
  121. o test650: fix an end tag typo
  122. o test661: return from test early in case of curl error
  123. o test: add missing <feature>s
  124. o tests: close the shell used to start sshd [41]
  125. o tests: fix a race condition in ftp server disconnect [101]
  126. o tests: fix compiler warnings [38]
  127. o tests: Fix zombie processes left behind by FTP tests. [80]
  128. o tests: improve SLOWDOWN test reliability by reducing sent data
  129. o tests: increase lib571 timeout from 3s to 30s [106]
  130. o tests: log the test result code after each libtest
  131. o tests: propagate errors in libtests
  132. o tests: set --expect100-timeout to improve test reliability
  133. o tests: show which curl tool `runtests.pl` is using [60]
  134. o tests: stop overriding the lock timeout
  135. o tftpd: always use curl's own tftp.h [25]
  136. o tool: use our own stderr variable [94]
  137. o tool_cb_wrt: fix debug assertion [4]
  138. o tool_getparam: accept variable expansion on file names too [123]
  139. o tool_setopt: remove unused function tool_setopt_flags [56]
  140. o upload-file.d: describe the file name slash/backslash handling [9]
  141. o url: fall back to http/https proxy env-variable if ws/wss not set [119]
  142. o url: fix netrc info message [39]
  143. o warnless: remove unused functions [33]
  144. o wolfssh: do cleanup in Curl_ssh_cleanup [40]
  145. o wolfssl: allow capath with CURLOPT_CAINFO_BLOB [29]
  146. o wolfssl: if CURLOPT_CAINFO_BLOB is set, ignore the CA files [34]
  147. o wolfssl: ignore errors in CA path [64]
  148. This release includes the following known bugs:
  149. o see docs/KNOWN_BUGS (https://curl.se/docs/knownbugs.html)
  150. Planned upcoming removals include:
  151. o support for space-separated NOPROXY patterns
  152. See https://curl.se/dev/deprecate.html for details
  153. This release would not have looked like this without help, code, reports and
  154. advice from friends like these:
  155. Aleksander Mazur, black-desk on github, calvin2021y on github,
  156. Christian Schmitz, Christian Weisgerber, claudiusaiz on github,
  157. consulion on github, Craig Andrews, Dan Fandrich, Daniel Stenberg,
  158. David Benjamin, Douglas R. Reno, Eduard Strehlau, Elliot Killick,
  159. Gisle Vanem, Hakan Sunay Halil, Harry Sintonen, Jakub Jelen, John Haugabook,
  160. Joshix-1 on github, Juliusz Sosinowicz, Junho Choi,
  161. Karthikdasari0423 on github, Lars Francke, Loïc Yhuel, Marc Hörsken,
  162. Mark Gaiser, Mathias Fuchs, Maxim Dzhura, Michael Osipov, Natanael Copa,
  163. Patrick Monnerat, PBudmark on github, Peter Wang, Philip Heiduck, Ray Satiro,
  164. Robert Simpson, Ryan Schmidt, s0urc3_ on hackerone, Samuel Henrique,
  165. Stefan Eissing, Ted Lyngmo, Viktor Szakats, vvb2060, w0x42 on hackerone,
  166. 南宫雪珊
  167. (46 contributors)
  168. References to bug reports and discussions on issues:
  169. [1] = https://curl.se/bug/?i=11850
  170. [2] = https://curl.se/bug/?i=11846
  171. [3] = https://curl.se/bug/?i=11767
  172. [4] = https://github.com/curl/curl/commit/af3f4e41#r127212213
  173. [5] = https://curl.se/bug/?i=11875
  174. [6] = https://curl.se/bug/?i=11871
  175. [7] = https://curl.se/bug/?i=11877
  176. [8] = https://curl.se/bug/?i=11874
  177. [9] = https://curl.se/bug/?i=11911
  178. [10] = https://curl.se/bug/?i=11843
  179. [11] = https://curl.se/bug/?i=11866
  180. [12] = https://curl.se/bug/?i=11864
  181. [13] = https://curl.se/bug/?i=11855
  182. [14] = https://curl.se/bug/?i=11804
  183. [15] = https://curl.se/bug/?i=11838
  184. [16] = https://curl.se/bug/?i=11862
  185. [17] = https://curl.se/bug/?i=11862
  186. [18] = https://curl.se/bug/?i=11905
  187. [19] = https://curl.se/bug/?i=11909
  188. [20] = https://curl.se/bug/?i=11750
  189. [21] = https://curl.se/bug/?i=11808
  190. [22] = https://curl.se/bug/?i=11837
  191. [23] = https://curl.se/bug/?i=11860
  192. [24] = https://curl.se/bug/?i=11885
  193. [25] = https://curl.se/bug/?i=11897
  194. [26] = https://curl.se/bug/?i=11890
  195. [27] = https://curl.se/bug/?i=11898
  196. [28] = https://curl.se/bug/?i=11892
  197. [29] = https://curl.se/bug/?i=11886
  198. [30] = https://curl.se/bug/?i=11882
  199. [31] = https://curl.se/bug/?i=11888
  200. [32] = https://curl.se/bug/?i=11893
  201. [33] = https://curl.se/bug/?i=11932
  202. [34] = https://curl.se/bug/?i=11884
  203. [35] = https://curl.se/bug/?i=11932
  204. [36] = https://curl.se/bug/?i=12003
  205. [37] = https://curl.se/bug/?i=11931
  206. [38] = https://curl.se/bug/?i=11925
  207. [39] = https://curl.se/bug/?i=11904
  208. [40] = https://curl.se/bug/?i=11921
  209. [41] = https://curl.se/bug/?i=12032
  210. [42] = https://curl.se/bug/?i=11924
  211. [43] = https://curl.se/bug/?i=11796
  212. [44] = https://curl.se/bug/?i=11810
  213. [45] = https://curl.se/bug/?i=11625
  214. [46] = https://curl.se/bug/?i=8805
  215. [47] = https://curl.se/bug/?i=11915
  216. [48] = https://curl.se/bug/?i=11912
  217. [49] = https://curl.se/bug/?i=11982
  218. [50] = https://curl.se/bug/?i=11998
  219. [51] = https://curl.se/bug/?i=11960
  220. [52] = https://curl.se/bug/?i=11957
  221. [53] = https://curl.se/bug/?i=11997
  222. [54] = https://curl.se/bug/?i=11920
  223. [55] = https://curl.se/bug/?i=11941
  224. [56] = https://curl.se/bug/?i=11943
  225. [57] = https://curl.se/bug/?i=11954
  226. [58] = https://curl.se/bug/?i=11951
  227. [59] = https://curl.se/bug/?i=11955
  228. [60] = https://curl.se/bug/?i=11953
  229. [61] = https://curl.se/bug/?i=11996
  230. [62] = https://curl.se/bug/?i=11990
  231. [63] = https://curl.se/bug/?i=11987
  232. [64] = https://curl.se/bug/?i=11987
  233. [65] = https://curl.se/bug/?i=11940
  234. [66] = https://curl.se/bug/?i=11991
  235. [67] = https://curl.se/bug/?i=11994
  236. [68] = https://curl.se/bug/?i=2935
  237. [69] = https://curl.se/bug/?i=11858
  238. [70] = https://curl.se/bug/?i=11937
  239. [71] = https://curl.se/bug/?i=11929
  240. [72] = https://curl.se/bug/?i=11927
  241. [73] = https://curl.se/bug/?i=11926
  242. [74] = https://curl.se/bug/?i=11914
  243. [75] = https://curl.se/bug/?i=11981
  244. [76] = https://curl.se/bug/?i=11979
  245. [77] = https://curl.se/bug/?i=11978
  246. [78] = https://curl.se/bug/?i=12010
  247. [79] = https://curl.se/bug/?i=11988
  248. [80] = https://curl.se/bug/?i=12018
  249. [81] = https://curl.se/bug/?i=11980
  250. [82] = https://curl.se/bug/?i=11986
  251. [83] = https://curl.se/bug/?i=11985
  252. [84] = https://curl.se/bug/?i=11984
  253. [85] = https://curl.se/bug/?i=11974
  254. [86] = https://curl.se/bug/?i=11973
  255. [87] = https://curl.se/bug/?i=11973
  256. [88] = https://curl.se/bug/?i=11975
  257. [89] = https://curl.se/bug/?i=11963
  258. [90] = https://curl.se/bug/?i=11983
  259. [91] = https://curl.se/bug/?i=11977
  260. [92] = https://curl.se/bug/?i=12024
  261. [93] = https://curl.se/bug/?i=11967
  262. [94] = https://curl.se/bug/?i=11958
  263. [95] = https://curl.se/bug/?i=11939
  264. [96] = https://curl.se/bug/?i=12027
  265. [97] = https://curl.se/bug/?i=11908
  266. [98] = https://curl.se/bug/?i=11938
  267. [99] = https://curl.se/bug/?i=12033
  268. [100] = https://curl.se/bug/?i=12059
  269. [101] = https://curl.se/bug/?i=12002
  270. [102] = https://curl.se/bug/?i=11964
  271. [103] = https://curl.se/bug/?i=12066
  272. [104] = https://curl.se/bug/?i=12038
  273. [105] = https://curl.se/bug/?i=12015
  274. [106] = https://curl.se/bug/?i=12013
  275. [107] = https://curl.se/bug/?i=11928
  276. [108] = https://curl.se/bug/?i=12005
  277. [109] = https://curl.se/bug/?i=11999
  278. [110] = https://curl.se/bug/?i=12006
  279. [111] = https://curl.se/bug/?i=12008
  280. [112] = https://curl.se/mail/lib-2023-10/0010.html
  281. [113] = https://curl.se/bug/?i=12045
  282. [114] = https://curl.se/bug/?i=12065
  283. [115] = https://curl.se/bug/?i=12042
  284. [116] = https://curl.se/bug/?i=12041
  285. [117] = https://curl.se/bug/?i=12036
  286. [118] = https://curl.se/docs/CVE-2023-38545.html
  287. [119] = https://curl.se/bug/?i=12031
  288. [120] = https://curl.se/bug/?i=12035
  289. [121] = https://curl.se/bug/?i=12054
  290. [122] = https://curl.se/bug/?i=12034
  291. [123] = https://curl.se/bug/?i=12048
  292. [125] = https://curl.se/bug/?i=12071