RELEASE-NOTES 17 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384
  1. curl and libcurl 7.87.1
  2. Public curl releases: 213
  3. Command line options: 250
  4. curl_easy_setopt() options: 302
  5. Public functions in libcurl: 91
  6. Contributors: 2811
  7. This release includes the following changes:
  8. o curl.h: add CURL_HTTP_VERSION_3ONLY [82]
  9. o share: add sharing of HSTS cache among handles [7]
  10. o src: add --http3-only [81]
  11. o tool_operate: share HSTS between handles
  12. o urlapi: add CURLU_PUNYCODE [25]
  13. o writeout: add %{certs} and %{num_certs} [33]
  14. This release includes the following bugfixes:
  15. o cf-socket: fix build when not HAVE_GETPEERNAME [89]
  16. o cf-socket: keep sockaddr local in the socket filters [69]
  17. o cfilters:Curl_conn_get_select_socks: use the first non-connected filter [24]
  18. o CI: add a workflow to automatically label pull requests [102]
  19. o CI: add pytest GHA to CI test/tests-httpd on a HTTP/3 setup [109]
  20. o CI: Retry failed downloads to reduce spurious failures
  21. o cmake: bump requirement to 3.7 [23]
  22. o cmake: check for sendmsg [39]
  23. o cmake: delete redundant macro definition `SECURITY_WIN32` [91]
  24. o cmake: fix dev warning due to mismatched arg [160]
  25. o cmake: fix the snprintf detection [5]
  26. o cmake: remove deprecated symbols check [96]
  27. o cmake: set SOVERSION also for macOS [68]
  28. o cmake: use list APPEND syntax for CMAKE_REQUIRED_DEFINITIONS [94]
  29. o CODEOWNERS: remove the peeps mentioned as CI owners [128]
  30. o connect: fix access of pointer before NULL check [83]
  31. o connect: fix build when not ENABLE_IPV6 [88]
  32. o connect: fix strategy testing for attempts, timeouts and happy-eyeball [110]
  33. o connections: introduce http/3 happy eyeballs [127]
  34. o cookies: fp is always not NULL [104]
  35. o copyright.pl: cease doing year verifications [74]
  36. o copyright: update all copyright lines and remove year ranges [35]
  37. o curl.h: allow up to 10M buffer size [76]
  38. o curl.h: mark CURLSSLBACKEND_MESALINK as deprecated [52]
  39. o curl/websockets.h: extend the websocket frame struct
  40. o curl: output warning at --verbose output for debug-enabled version [80]
  41. o curl_free.3: fix return type of `curl_free` [113]
  42. o curl_global_sslset.3: clarify the openssl situation [53]
  43. o curl_log: for failf/infof and debug logging implementations [87]
  44. o curl_setup: Disable by default recv-before-send in Windows [154]
  45. o curl_version_info.3: fix typo [100]
  46. o curl_ws_send.3: clarify how to send multi-frame messages
  47. o CURLOPT_HEADERDATA.3: warn DLL users must set write function [45]
  48. o CURLOPT_READFUNCTION.3: the callback 'size' arg is always 1 [73]
  49. o CURLOPT_WRITEFUNCTION.3: fix memory leak in example [122]
  50. o dict: URL decode the entire path always [120]
  51. o docs/DEPRECATE.md: deprecate gskit [36]
  52. o docs: add link to GitHub Discussions [49]
  53. o docs: mention indirect effects of --insecure [19]
  54. o docs: POSTFIELDSIZE must be set to -1 with read function [97]
  55. o doh: ifdef IPv6 code [123]
  56. o easyoptions: fix header printing in generation script [84]
  57. o escape: hex decode with a lookup-table [107]
  58. o escape: use table lookup when adding %-codes to output [105]
  59. o examples: remove the curlgtk.c example [48]
  60. o fopen: remove unnecessary assignment [111]
  61. o ftpserver: lower the DATA connect timeout to speed up torture tests [27]
  62. o GHA/macos.yml: bump to gcc-12 [106]
  63. o GHA/macos: use Xcode_14.0.1 for cmake builds [132]
  64. o GHA: add job on Slackware 15.0 [58]
  65. o GHA: enable websockets in the torture job [148]
  66. o GHA: move the quiche job here from zuul [75]
  67. o GHA: use designated ngtcp2 and its dependencies versions [77]
  68. o haxproxy: send before TLS handhshake [34]
  69. o header.d: add a header file example [149]
  70. o hsts.d: explain hsts more [78]
  71. o hsts: handle adding the same host name again
  72. o HTTP/[23]: continue upload when state.drain is set [150]
  73. o http2: aggregate small SETTINGS/PRIO/WIN_UPDATE frames [155]
  74. o http2: fix compiler warning due to uninitialized variable
  75. o http2: minor buffer and error path fixes [151]
  76. o http2: when using printf %.*s, the length arg must be 'int' [41]
  77. o HTTP3: mention what needs to be in place to remove EXPERIMENTAL label [31]
  78. o http: add additional condition for including stdint.h [54]
  79. o http: decode transfer encoding first [51]
  80. o http: fix "part of conditional expression is always false" [125]
  81. o http: remove the trace message "Mark bundle... multiuse" [6]
  82. o http_aws_sigv4: remove typecasts from HMAC_SHA256 macro [121]
  83. o http_proxy: do not assign data->req.p.http use local copy [59]
  84. o INSTALL: document how to use multiple TLS backends [103]
  85. o lib670: make test.h the first include [56]
  86. o lib: connect/h2/h3 refactor [57]
  87. o lib: fix typos [99]
  88. o lib: fix typos in comments which repeat a word [67]
  89. o libssh2: try sha2 algos for hostkey methods [2]
  90. o libtest: add a sleep macro for Windows [115]
  91. o Linux CI: update some dependecies to latest tag [44]
  92. o Makefile.mk: fix wolfssl and mbedtls default paths [21]
  93. o man pages: call the custom user pointer 'clientp' consistently [135]
  94. o md4: fix build with GnuTLS + OpenSSL v1 [12]
  95. o misc: fix grammar and spelling [14]
  96. o misc: fix spelling [134]
  97. o misc: reduce struct and struct field sizes [65]
  98. o msh3: add support for request payload [28]
  99. o msh3: update to v0.5 Release [17]
  100. o msh3: update to v0.6 [60]
  101. o multi: stop sending empty HTTP/3 UDP datagrams on Windows [136]
  102. o multihandle: turn bool struct fields into bits [26]
  103. o ngtcp2: add CURLOPT_SSL_CTX_FUNCTION support for openssl+wolfssl [62]
  104. o ngtcp2: fix the build without 'sendmsg' [38]
  105. o ngtcp2: replace removed define and stop using removed function [164]
  106. o no-clobber.d: only use long form options in man page text [145]
  107. o noproxy: support for space-separated names is deprecated [66]
  108. o nss: implement data_pending method [43]
  109. o openldap: fix missing sasl symbols at build in specific configs [152]
  110. o openssl: adapt to boringssl's error code type [118]
  111. o openssl: don't ignore CA paths when using Windows CA store (redux) [101]
  112. o openssl: don't log raw record headers [93]
  113. o openssl: make the BIO_METHOD a local variable in the connection filter [79]
  114. o openssl: only use CA_BLOB if verifying peer [112]
  115. o openssl: remove attached easy handles from SSL instances [29]
  116. o openssl: store the CA after first send (ClientHello) [156]
  117. o os400: fixes to make-lib.sh and initscript.sh [71]
  118. o packages: remove Android, update README [108]
  119. o release-notes.pl: check fixes/closes lines better
  120. o Revert "x509asn1: avoid freeing unallocated pointers" [37]
  121. o runtest.pl: add expected fourth return value [40]
  122. o runtests: also tear down http2/http3 servers when https server is stopped [8]
  123. o runtests: consider warnings fatal and error on them [32]
  124. o runtests: fix detection of TLS backends [50]
  125. o runtests: make 'mbedtls' a testable feature
  126. o rustls: improve error messages [162]
  127. o scripts/delta: show percent of number of files changed since last tag
  128. o scripts: fix Appveyor job detection in cijobs.pl
  129. o scripts: set file mode +x on all perl and shell scripts [63]
  130. o sectransp: fix for incomplete read/writes [61]
  131. o SECURITY-PROCESS.md: document severity levels [20]
  132. o setopt: Address undefined behaviour by checking for null [161]
  133. o setopt: move the SHA256 opt within #ifdef libssh2 [42]
  134. o setopt: use >, not >=, when checking if uarg is larger than uint-max [140]
  135. o smb: return error on upload without size [142]
  136. o socketpair: allow localhost MITM sniffers [30]
  137. o strdup: name it Curl_strdup [16]
  138. o system.h: assume OS400 is always built with ILEC compiler [95]
  139. o test1560: use a UTF8-using locale when run [46]
  140. o test2304: remove stdout verification
  141. o tests-httpd: basic infra to run curl against an apache httpd [72]
  142. o tests: add 3 new HTTP/2 test cases, plus https: support for nghttpx [9]
  143. o tests: avoid use of sha1 in certificates [4]
  144. o tls: fixes for wolfssl + openssl combo builds [133]
  145. o tool_getparam: fix hiding of command line secrets [85]
  146. o tool_operate: fix `CURLOPT_SOCKS5_GSSAPI_NEC` type [1]
  147. o tool_operate: fix error codes during DOS filename sanitize [138]
  148. o tool_operate: fix error codes on bad URL & OOM [139]
  149. o tool_operate: fix headerfile writing [64]
  150. o tool_operate: repair --rate [119]
  151. o transfer: break the read loop when RECV is cleared [22]
  152. o typecheck: accept expressions for option/info parameters [3]
  153. o url: fix part of conditional expression is always true [147]
  154. o urlapi: avoid Curl_dyn_addf() for hex outputs [130]
  155. o urlapi: fix part of conditional expression is always true: qlen [146]
  156. o urlapi: skip path checks if path is just "/" [131]
  157. o urlapi: skip the extra dedotdot alloc if no dot in path [126]
  158. o urldata: cease storing TLS auth type [55]
  159. o urldata: make 'ftp_create_missing_dirs' depend on FTP || SFTP [13]
  160. o urldata: make set.http200aliases conditional on HTTP being present [11]
  161. o urldata: move the cookefilelist to the 'set' struct [15]
  162. o urldata: remove unused struct fields, made more conditional [10]
  163. o vquic: stabilization and improvements [141]
  164. o vtls: fix hostname handling in filters [98]
  165. o vtls: manage current easy handle in nested cfilter calls [90]
  166. o vtls: use ALPN HTTP/1.0 when HTTP/1.0 is used
  167. o winbuild: document that arm64 is supported [92]
  168. o windows: always use curl's basename() implementation [157]
  169. o wolfssl: remove deprecated post-quantum algorithms [124]
  170. o workflows/linux.yml: merge 3 common packages [18]
  171. o write-out.d: add 'since version' to %{header_json} documentation [129]
  172. o write-out.d: clarify Windows % symbol escaping [86]
  173. o ws: fix autoping handling [70]
  174. o ws: fix multiframe send handling [143]
  175. o ws: fix recv of larger frames [144]
  176. o ws: remove bad assert [117]
  177. o ws: unstick connect-only shutdown [116]
  178. o ws: use %Ou for outputting curl_off_t with info() [153]
  179. o x509asn1: fix compile errors and warnings [47]
  180. o zuul: stop using this CI service [114]
  181. This release includes the following known bugs:
  182. o see docs/KNOWN_BUGS (https://curl.se/docs/knownbugs.html)
  183. Planned upcoming removals include:
  184. o gskit
  185. o NSS
  186. o Support for systems without 64 bit data types
  187. See https://curl.se/dev/deprecate.html for details
  188. This release would not have looked like this without help, code, reports and
  189. advice from friends like these:
  190. Alexey Savchuk, Andrei Rybak, Andy Alt, Anthony Hu, Brian Green,
  191. Cameron Blomquist, Cherish98 on Github, Dan Fandrich, Daniel Gustafsson,
  192. Daniel Stenberg, dekerser on github, Divy Le Ray, Dmitry Atamanov,
  193. Esdras de Morais da Silva, Federico Pellegrin, Fujii Hironori, Gerrit Renker,
  194. Gisle Vanem, Gregory Panakkal, Hannah Schierling, Harry Sintonen,
  195. Hide Ishikawa, highmtworks on github, Jacob Hoffman-Andrews, Jakob Hirsch,
  196. James Keast, John Bampton, John Porter, John Sherrill, Jon Rumsey,
  197. Josh Brobst, Karthikdasari0423 on github, Kvarec Lezki, Lucas Pardue,
  198. Marc Aldorasi, Marcel Raad, Marc Hörsken, Mark Roszko, Martin D'Aloia,
  199. Martin Waleczek, Michael Osipov, Mike Duglas, Muhammad Hussein Ammari,
  200. Nick Banks, nick-telia on github, norbertmm on github, odek86 on github,
  201. Patrick Monnerat, Paul Groke, Paul Howarth, Peter Wu, Philip Heiduck,
  202. Pronyushkin Petr, Radek Brich, Radu Hociung, RanBarLavie on github,
  203. Ray Satiro, Ryan Schmidt, Sébastien Helleu, Sergey Bronnikov,
  204. Sergio-IME on github, sergio-nsk on github, SerusDev on github, Stanley Wucw,
  205. Stefan Eissing, Stefan Talpalaru, Stephan Guilloux, Tatsuhiro Tsujikawa,
  206. Thomas1664 on github, Thomas Klausner, Timmy Schierling,
  207. UnicornZhang on Github, Viktor Szakats, violetlige on github, William Tang,
  208. Yurii Rashkovskii
  209. (76 contributors)
  210. References to bug reports and discussions on issues:
  211. [1] = https://curl.se/bug/?i=10124
  212. [2] = https://curl.se/bug/?i=10143
  213. [3] = https://curl.se/bug/?i=10148
  214. [4] = https://curl.se/bug/?i=10135
  215. [5] = https://curl.se/bug/?i=10155
  216. [6] = https://curl.se/bug/?i=10159
  217. [7] = https://curl.se/bug/?i=10138
  218. [8] = https://curl.se/bug/?i=10114
  219. [9] = https://curl.se/bug/?i=10114
  220. [10] = https://curl.se/bug/?i=10147
  221. [11] = https://curl.se/bug/?i=10140
  222. [12] = https://curl.se/bug/?i=10110
  223. [13] = https://curl.se/bug/?i=10139
  224. [14] = https://curl.se/bug/?i=10137
  225. [15] = https://curl.se/bug/?i=10133
  226. [16] = https://curl.se/bug/?i=10132
  227. [17] = https://curl.se/bug/?i=10125
  228. [18] = https://curl.se/bug/?i=10071
  229. [19] = https://curl.se/bug/?i=10126
  230. [20] = https://curl.se/bug/?i=10118
  231. [21] = https://curl.se/bug/?i=10164
  232. [22] = https://curl.se/bug/?i=10172
  233. [23] = https://curl.se/bug/?i=10128
  234. [24] = https://curl.se/bug/?i=10157
  235. [25] = https://curl.se/bug/?i=10109
  236. [26] = https://curl.se/bug/?i=10179
  237. [27] = https://curl.se/bug/?i=10178
  238. [28] = https://curl.se/bug/?i=10136
  239. [29] = https://curl.se/bug/?i=10151
  240. [30] = https://curl.se/bug/?i=10144
  241. [31] = https://curl.se/bug/?i=10168
  242. [32] = https://curl.se/bug/?i=10208
  243. [33] = https://curl.se/bug/?i=10019
  244. [34] = https://curl.se/bug/?i=10165
  245. [35] = https://curl.se/bug/?i=10205
  246. [36] = https://curl.se/bug/?i=10201
  247. [37] = https://curl.se/bug/?i=10163
  248. [38] = https://curl.se/bug/?i=10210
  249. [39] = https://curl.se/bug/?i=10211
  250. [40] = https://curl.se/bug/?i=10206
  251. [41] = https://curl.se/bug/?i=10203
  252. [42] = https://curl.se/bug/?i=10255
  253. [43] = https://curl.se/bug/?i=10225
  254. [44] = https://curl.se/bug/?i=10195
  255. [45] = https://curl.se/bug/?i=10233
  256. [46] = https://curl.se/bug/?i=10193
  257. [47] = https://curl.se/bug/?i=10238
  258. [48] = https://curl.se/bug/?i=10197
  259. [49] = https://curl.se/bug/?i=10171
  260. [50] = https://curl.se/bug/?i=10236
  261. [51] = https://curl.se/bug/?i=10187
  262. [52] = https://curl.se/bug/?i=10189
  263. [53] = https://curl.se/bug/?i=10188
  264. [54] = https://curl.se/bug/?i=10185
  265. [55] = https://curl.se/bug/?i=10181
  266. [56] = https://curl.se/bug/?i=10182
  267. [57] = https://curl.se/bug/?i=10141
  268. [58] = https://curl.se/bug/?i=10230
  269. [59] = https://curl.se/bug/?i=10194
  270. [60] = https://curl.se/bug/?i=10192
  271. [61] = https://curl.se/bug/?i=10227
  272. [62] = https://curl.se/bug/?i=10222
  273. [63] = https://curl.se/bug/?i=10219
  274. [64] = https://curl.se/bug/?i=10224
  275. [65] = https://curl.se/bug/?i=10186
  276. [66] = https://curl.se/bug/?i=10209
  277. [67] = https://curl.se/bug/?i=10220
  278. [68] = https://curl.se/bug/?i=10214
  279. [69] = https://curl.se/bug/?i=10213
  280. [70] = https://curl.se/bug/?i=10289
  281. [71] = https://curl.se/bug/?i=10266
  282. [72] = https://curl.se/bug/?i=10175
  283. [73] = https://curl.se/bug/?i=10328
  284. [74] = https://curl.se/bug/?i=10345
  285. [75] = https://curl.se/bug/?i=10241
  286. [76] = https://curl.se/bug/?i=10256
  287. [77] = https://curl.se/bug/?i=10257
  288. [78] = https://curl.se/bug/?i=10258
  289. [79] = https://curl.se/bug/?i=10285
  290. [80] = https://curl.se/bug/?i=10278
  291. [81] = https://curl.se/bug/?i=10264
  292. [82] = https://curl.se/bug/?i=10264
  293. [83] = https://curl.se/bug/?i=10284
  294. [84] = https://curl.se/bug/?i=10275
  295. [85] = https://curl.se/bug/?i=10276
  296. [86] = https://curl.se/bug/?i=10323
  297. [87] = https://curl.se/bug/?i=10271
  298. [88] = https://curl.se/bug/?i=10344
  299. [89] = https://curl.se/bug/?i=10343
  300. [90] = https://curl.se/bug/?i=10336
  301. [91] = https://curl.se/bug/?i=10341
  302. [92] = https://curl.se/bug/?i=10332
  303. [93] = https://curl.se/bug/?i=10299
  304. [94] = https://curl.se/bug/?i=10272
  305. [95] = https://curl.se/bug/?i=10305
  306. [96] = https://curl.se/bug/?i=10314
  307. [97] = https://curl.se/bug/?i=10313
  308. [98] = https://curl.se/bug/?i=10273
  309. [99] = https://curl.se/bug/?i=10307
  310. [100] = https://curl.se/bug/?i=10306
  311. [101] = https://curl.se/bug/?i=10244
  312. [102] = https://curl.se/bug/?i=10326
  313. [103] = https://curl.se/bug/?i=10321
  314. [104] = https://curl.se/bug/?i=10383
  315. [105] = https://curl.se/bug/?i=10377
  316. [106] = https://curl.se/bug/?i=10415
  317. [107] = https://curl.se/bug/?i=10376
  318. [108] = https://curl.se/bug/?i=10416
  319. [109] = https://curl.se/bug/?i=10317
  320. [110] = https://curl.se/bug/?i=10312
  321. [111] = https://curl.se/bug/?i=10398
  322. [112] = https://curl.se/mail/lib-2023-01/0070.html
  323. [113] = https://curl.se/bug/?i=10373
  324. [114] = https://curl.se/bug/?i=10368
  325. [115] = https://curl.se/bug/?i=10295
  326. [116] = https://curl.se/bug/?i=10366
  327. [117] = https://curl.se/bug/?i=10347
  328. [118] = https://curl.se/bug/?i=10360
  329. [119] = https://curl.se/bug/?i=10357
  330. [120] = https://curl.se/bug/?i=10298
  331. [121] = https://curl.se/bug/?i=10400
  332. [122] = https://curl.se/bug/?i=10390
  333. [123] = https://curl.se/bug/?i=10397
  334. [124] = https://curl.se/bug/?i=10440
  335. [125] = https://curl.se/bug/?i=10399
  336. [126] = https://curl.se/bug/?i=10403
  337. [127] = https://curl.se/bug/?i=10349
  338. [128] = https://curl.se/bug/?i=10386
  339. [129] = https://curl.se/bug/?i=10395
  340. [130] = https://curl.se/bug/?i=10384
  341. [131] = https://curl.se/bug/?i=10385
  342. [132] = https://curl.se/bug/?i=10356
  343. [133] = https://curl.se/bug/?i=10322
  344. [134] = https://curl.se/bug/?i=10437
  345. [135] = https://curl.se/bug/?i=10434
  346. [136] = https://curl.se/bug/?i=9086
  347. [138] = https://curl.se/bug/?i=10414
  348. [139] = https://curl.se/bug/?i=10130
  349. [140] = https://curl.se/bug/?i=10421
  350. [141] = https://curl.se/bug/?i=10451
  351. [142] = https://curl.se/bug/?i=10484
  352. [143] = https://curl.se/bug/?i=10413
  353. [144] = https://curl.se/bug/?i=10438
  354. [145] = https://curl.se/bug/?i=10461
  355. [146] = https://curl.se/bug/?i=10408
  356. [147] = https://curl.se/bug/?i=10407
  357. [148] = https://curl.se/bug/?i=10448
  358. [149] = https://curl.se/bug/?i=10455
  359. [150] = https://curl.se/bug/?i=10433
  360. [151] = https://curl.se/bug/?i=10444
  361. [152] = https://curl.se/bug/?i=10445
  362. [153] = https://curl.se/bug/?i=10439
  363. [154] = https://curl.se/bug/?i=10409
  364. [155] = https://curl.se/bug/?i=10432
  365. [156] = https://curl.se/bug/?i=10432
  366. [157] = https://curl.se/bug/?i=10261
  367. [160] = https://curl.se/bug/?i=10471
  368. [161] = https://curl.se/bug/?i=10472
  369. [162] = https://curl.se/bug/?i=10463
  370. [164] = https://curl.se/bug/?i=10469