curl/RELEASE-NOTES

curl and libcurl 8.8.1

 Public curl releases:         258
 Command line options:         263
 curl_easy_setopt() options:   306
 Public functions in libcurl:  94
 Contributors:                 3199

This release includes the following changes:

 o curl: add --ip-tos (IP Type of Service / Traffic Class) [42]
 o curl: add --mptcp [29]
 o curl: add --vlan-priority [107]
 o curl: add -w '%{num_retries} [65]
 o gnutls: support CA caching [90]
 o mbedtls: support CURLOPT_CERTINFO [116]
 o noproxy: patterns need to be comma separated [75]
 o socket: support binding to interface *AND* IP [80]
 o tcpkeepalive: add CURLOPT_TCP_KEEPCNT and --keepalive-cnt [103]
 o urlapi: add CURLU_NO_GUESS_SCHEME [72]
 o wolfssl: support CA caching [73]

This release includes the following bugfixes:

 o (lib)curl.rc: set debug flag also for `CURLDEBUG` and `UNITTESTS` [2]
 o asyn-thread: avoid using GetAddrInfoExW with impersonation [7]
 o autoconf: remove 'deeper' checks for `AC_CHECK_FUNCS` [23]
 o autotools: fix pkg-config names (zstd, ngtcp2*) [170]
 o aws-sigv4: url encode the canonical path [55]
 o BINDINGS: update java link to one that exists [115]
 o build: add more supported attributes to the IAR compiler [46]
 o build: untangle `CURLDEBUG` and `DEBUGBUILD` macros [9]
 o cd2nroff: convert two warnings to errors [135]
 o cd2nroff: use an empty "##" to signal end of .IP sequence [56]
 o cf-socket: improve SO_SNDBUF update for Winsock [27]
 o cf-socket: optimize curlx_nonblock() and check its return error [151]
 o cfilters: make Curl_conn_connect always assign 'done' [60]
 o cmake: add CURL_USE_GSASL option with detection + CI test [133]
 o cmake: allow `ENABLE_CURLDEBUG=OFF` with `ENABLE_DEBUG=ON` [26]
 o cmake: allow SOVERSION override with `CURL_LIBCURL_SOVERSION` [120]
 o cmake: always build unit tests with the `testdeps` target [20]
 o cmake: bring `curl-config.cmake` closer to `FindCURL` [130]
 o cmake: enable SOVERSION for Cygwin and `CMAKE_DLL_NAME_WITH_SOVERSION` [119]
 o cmake: fix `-Wredundant-decls` in unity/mingw-w64 builds [15]
 o cmake: fix brotli lib order [3]
 o cmake: fix building in unity mode [4]
 o cmake: fix building with both md4 and md5 in unity mode [13]
 o cmake: fix quotes when appending multiple options (SecureTransport) [139]
 o cmake: fix test 1013 with websockets enabled and no TLS [47]
 o cmake: stop setting SOVERSION for the static lib target [127]
 o cmake: use `APPLE` instead of `CMAKE_SYSTEM_NAME` string [24]
 o cmake: whitespace, formatting/tidy-up in comments [25]
 o cmdline-docs: "added in" cleanups [171]
 o cmdline-opts/_PROTOCOLS.md: mention WS(S) [94]
 o cmdline-opts/ech.md: shorten the help text [93]
 o cmdline-opts/fail.md: expand and clarify [95]
 o cmdline-opts/interface.md: expand the documentation [66]
 o cmdline-opts: expand the parallel explanations [98]
 o cmdline: expand proxy option explanations [97]
 o configure: fix pkg-config library name 'libnghttp3' [138]
 o configure: require a QUIC library if nghttp3 is used [142]
 o configure: use `$EGREP` in place of `grep -E` [41]
 o configure: use AC_MSG_WARN for TLS/experimental warning texts [122]
 o connect-to.md: expand with examples [147]
 o connection: shutdown TLS (for FTP) better [104]
 o cookie-jar.md: see also --junk-session-cookies [144]
 o curl-config: revert to backticks to support old target envs [88]
 o curl: make warnings and other messages aware of terminal width [58]
 o curl_multi_poll.md: expand the example with an custom file descriptor [21]
 o curl_url_set.md: libcurl only parses :// URLs [48]
 o CURLOPT_CONNECTTIMEOUT*: clarify, document the milliseond version [105]
 o CURLOPT_ECH.md: remove repeated 'if' [109]
 o CURLOPT_NETRC.md: clarify what it does on Windows [140]
 o CURLOPT_RESOLVE.md: mention hostname can be wildcard ('*') [150]
 o DISTROS: add a link to the list archive [22]
 o DISTROS: add MSYS2 (native) links [100]
 o Dockerfile: update debian:bookworm-slim to 84d83b2 [121]
 o docs/cmdline-opts: fix mail-auth example TLD typo [35]
 o docs/cmdline-opts: remove two superfluous "Added in" mentions [143]
 o docs/Makefile.am: make curl-config.1 install [14]
 o docs: reference non deprecated libcurl options [113]
 o doh-insecure.md: expand [96]
 o dump-header.md: mention minus for stdout [149]
 o examples/threaded-ssl: remove locking callback code [83]
 o examples: add missing binaries to .gitignore [106]
 o examples: delete unused includes [10]
 o examples: fix compiling with MSVC [34]
 o file: separate fake headers and body with a stand-alone CRLF [137]
 o get.d: clarify the explanation [32]
 o GHA: detect and warn for more English contractions [123]
 o GHA: disable MQTT and WebSocket tests in Windows jobs [63]
 o GHA: disable TFTP tests in Windows jobs
 o GHA: enable tests 1139, 1177, 1477 on Windows [59]
 o GHA: unify http3 workflows into one [77]
 o gnutls: improve TLS shutdown [62]
 o gnutls: pass in SNI name, not hostname when checking cert [114]
 o http/3: add shutdown support [154]
 o http: remove "struct HTTP" [134]
 o http: write last header line late [44]
 o lib/v*: tidy up types and casts [64]
 o lib: fix gcc warning in certain debug builds [19]
 o lib: fix thread entry point to return `DWORD` on WinCE [85]
 o lib: graceful connection shutdown [162]
 o lib: prefer `var = time(NULL)` over `time(&var)` [52]
 o lib: tidy up types and casts [92]
 o lib: xfer_setup and non-blocking shutdown [111]
 o libcurl.pc: add `Requires.private`, `Requires` for static linking [129]
 o libssh: remove CURLOPT_SSL_VERIFYHOST check [36]
 o managen: "added in" fixes [131]
 o managen: cleanups to generate nicer-looking output [141]
 o managen: error on trailing blank lines in input files [165]
 o managen: only output .RE for manpage output [156]
 o managen: output tabs for each 8 leading spaces [164]
 o managen: warn on excessively long help texts [87]
 o mbedtls: check version for cipher id [12]
 o mbedtls: send close-notify on close [11]
 o mbedtls: v3.6.0 workarounds [89]
 o misc: fix typos [108]
 o multi: add multi->proto_hash, a key-value store for protocol data [37]
 o multi: fix multi_wait() timeout handling [51]
 o multi: multi_getsock(), check correct socket [167]
 o noproxy: test bad ipv6 net size first [82]
 o openssl/gnutls: rectify the TLS version checks for QUIC [61]
 o openssl: fix %-specifier in infof() call [57]
 o openSSL: fix hostname handling when using ECH [78]
 o openssl: stop duplicate ssl key logging for legacy OpenSSL [49]
 o os400: make it compilable again [128]
 o pytest: add ftp upload tests [16]
 o pytest: include testenv/vsftpd.py in dist tarball [99]
 o quic: enable UDP GRO [157]
 o quic: openssl quic, cmake and doc version update to 3.3.0 [148]
 o quic: require at least OpenSSL 3.3 for QUIC [158]
 o request.md: language fix [70]
 o request: change the struct field bodywrites to a bool, only for hyper [132]
 o runtests: sort test IDs in summary lines [33]
 o runtests: support %DATE for YYYY-MM-DD of right now
 o runtests: support %VERNUM
 o runtests: support crlf="yes" for the <stderr> section
 o sectransp: remove large cipher table [76]
 o sectransp: use common code for cipher suite lookup [54]
 o socket: change TCP keepalive from ms to seconds on DragonFly BSD [74]
 o socket: use SOCK_NONBLOCK to eliminate extra system call [86]
 o socketpair: add `eventfd` and use `SOCK_NONBLOCK` for `socketpair()` [81]
 o system_win32: add missing curl.h include [160]
 o tcpkeepalive: support TCP keep-alive parameters on Solaris <11.4 [91]
 o test1486: verify that write-out.md and tool_writeout.c are in sync [112]
 o test: add test1484, for HEAD with content [18]
 o test: add test1546, chunked not last transfer encoding [17]
 o tests: add pytest for --ciphers and --tls13-ciphers options [38]
 o tests: delete redundant `!MSDOS` guard [84]
 o tests: extend user/password parsing test1620 [40]
 o tests: log "Throwing away" messages before throwing away
 o tests: run with "--trace-config all" to provide even more info [6]
 o tests: test_17_ssl_use.py clarify mbedtls TLSv1.3 support [43]
 o tests: use exec when spawning nghttpx [45]
 o tidy-up: use consistent casing for Windows directories [28]
 o TODO: remove some old, clarify, add something [31]
 o tool_cb_hdr: allow etag and content-disposition for 3xx reply [117]
 o tool_cb_hdr: return error for failed header writes [30]
 o tool_operate: avoid explicitly setting verifypeer to 1 [39]
 o tool_writeout: bsearch the variable name [102]
 o tool_writeout: get certinfo only when needing it [101]
 o trace-ascii.md: mention "%" for stderr [146]
 o transfer: conn close on paused upload [8]
 o transfer: do not use EXPIRE_NOW while blocked [124]
 o transfer: remove curl_upload_refill_watermark, no longer used [50]
 o transfer: set CSELECT_IN if there is data pending [118]
 o unit2604: use 'unitfail' instead of 'error' variable [153]
 o url: allow DoH transfers to override max connection limit [68]
 o vms: fixed language in comment [110]
 o vtls: deprioritize Secure Transport [71]
 o winbuild: fix PE version info debug flag [1]
 o winbuild: remove outdated WIN32 defines [5]
 o windows: fix UWP builds, add GHA job [79]
 o winsock: move SO_SNDBUF update into cf-socket [53]
 o wolfssl: assume key_file equal to clientcert if no key_file [169]
 o x509asn1: add some common ECDSA OIDs [67]
 o x509asn1: ASN1tostr() should fail when 'constructed' is set [125]
 o x509asn1: fallback to dotted OID representation [69]
 o x509asn1: make Curl_extract_certinfo store error message [136]
 o x509asn1: prevent NULL dereference [152]
 o x509asn1: remove two static variables [126]

This release includes the following known bugs:

 o see docs/KNOWN_BUGS (https://curl.se/docs/knownbugs.html)

Planned upcoming removals include:

 o support for space-separated NOPROXY patterns

 See https://curl.se/dev/deprecate.html for details

This release would not have looked like this without help, code, reports and
advice from friends like these:

  Alejandro R. Sedeño, alervd on github, Alexander Shtuchkin, Alex Snast,
  Andy Pan, Aurélien Pierre, Ayesh Karunaratne, Bo Anderson, brian m. carlson,
  Christian Heusel, Christian Schmitz, Dan Fandrich, Daniel Gustafsson,
  Daniel Stenberg, dependabot[bot], Dexter Gerig, dogma, Dorian Craps,
  edmcln on github, Eli Schwartz, Elliott Balsley, fds242 on github,
  Guilherme Puida, Harry Sintonen, James Abbatiello, Jan Venekamp,
  Jay Guerette, Jiang Wenjian, Jonathan Matthews, Joseph Chen, Kai Pastor,
  kartatz, Keerthi Timmaraju, Lee Li, Luke Hamburg, Marcel Raad,
  Matthias Gatto, Matthieu Baerts, Matt Jolly, Morgan Willcock,
  Olivier Bonaventure, Orgad Shaneh, Patrick Monnerat, Pavel Pavlov,
  pszlazak on github, RainRat, Ray Satiro, renovate[bot], Ryan Carsten Schmidt,
  Samuel Chiang, saurabhsingh-dev on github, Sebastian Andersson,
  Sergey Bronnikov, Sergey Markelov, Stefan Eissing, Stephen Farrell,
  Tal Regev, Tatsuhiro Tsujikawa, Viktor Szakats, vvb2060, Yedaya Katsman, z2_,
  李四
  (63 contributors)

References to bug reports and discussions on issues:

 [1] = https://curl.se/bug/?i=13739
 [2] = https://curl.se/bug/?i=13730
 [3] = https://curl.se/bug/?i=13761
 [4] = https://curl.se/bug/?i=13751
 [5] = https://curl.se/bug/?i=13739
 [6] = https://curl.se/bug/?i=13791
 [7] = https://curl.se/bug/?i=13612
 [8] = https://curl.se/bug/?i=13740
 [9] = https://curl.se/bug/?i=13718
 [10] = https://curl.se/bug/?i=13785
 [11] = https://curl.se/bug/?i=13745
 [12] = https://curl.se/bug/?i=13749
 [13] = https://curl.se/bug/?i=13737
 [14] = https://curl.se/bug/?i=13741
 [15] = https://curl.se/bug/?i=13705
 [16] = https://curl.se/bug/?i=13734
 [17] = https://curl.se/bug/?i=13736
 [18] = https://curl.se/bug/?i=13735
 [19] = https://curl.se/bug/?i=13800
 [20] = https://curl.se/bug/?i=13698
 [21] = https://curl.se/bug/?i=13842
 [22] = https://curl.se/bug/?i=13843
 [23] = https://bugs.gentoo.org/932827
 [24] = https://curl.se/bug/?i=13713
 [25] = https://curl.se/bug/?i=13711
 [26] = https://curl.se/bug/?i=13792
 [27] = https://curl.se/bug/?i=13827
 [28] = https://curl.se/bug/?i=13832
 [29] = https://curl.se/bug/?i=13278
 [30] = https://curl.se/bug/?i=13836
 [31] = https://curl.se/bug/?i=13788
 [32] = https://curl.se/bug/?i=13706
 [33] = https://curl.se/bug/?i=13774
 [34] = https://curl.se/bug/?i=13771
 [35] = https://curl.se/bug/?i=13784
 [36] = https://curl.se/bug/?i=13767
 [37] = https://curl.se/bug/?i=13345
 [38] = https://curl.se/bug/?i=13530
 [39] = https://curl.se/bug/?i=13704
 [40] = https://curl.se/bug/?i=13756
 [41] = https://curl.se/bug/?i=13780
 [42] = https://curl.se/bug/?i=13606
 [43] = https://curl.se/bug/?i=13779
 [44] = https://curl.se/bug/?i=13752
 [45] = https://curl.se/bug/?i=13772
 [46] = https://curl.se/bug/?i=13744
 [47] = https://curl.se/bug/?i=13769
 [48] = https://curl.se/bug/?i=13821
 [49] = https://curl.se/bug/?i=13683
 [50] = https://curl.se/bug/?i=13764
 [51] = https://curl.se/bug/?i=13782
 [52] = https://curl.se/bug/?i=13815
 [53] = https://curl.se/bug/?i=13763
 [54] = https://curl.se/bug/?i=13521
 [55] = https://curl.se/bug/?i=13754
 [56] = https://curl.se/bug/?i=13803
 [57] = https://curl.se/bug/?i=13816
 [58] = https://curl.se/bug/?i=13804
 [59] = https://curl.se/bug/?i=13817
 [60] = https://curl.se/bug/?i=13884
 [61] = https://curl.se/bug/?i=13799
 [62] = https://curl.se/bug/?i=13790
 [63] = https://curl.se/bug/?i=13860
 [64] = https://curl.se/bug/?i=13622
 [65] = https://curl.se/bug/?i=13910
 [66] = https://curl.se/bug/?i=13882
 [67] = https://curl.se/bug/?i=13857
 [68] = https://curl.se/mail/lib-2024-06/0001.html
 [69] = https://curl.se/bug/?i=13845
 [70] = https://curl.se/bug/?i=13854
 [71] = https://curl.se/bug/?i=13547
 [72] = https://curl.se/bug/?i=13616
 [73] = https://curl.se/bug/?i=13786
 [74] = https://curl.se/bug/?i=13847
 [75] = https://curl.se/bug/?i=13789
 [76] = https://curl.se/bug/?i=13823
 [77] = https://curl.se/bug/?i=13841
 [78] = https://curl.se/bug/?i=13818
 [79] = https://curl.se/bug/?i=13870
 [80] = https://curl.se/bug/?i=13719
 [81] = https://curl.se/bug/?i=13874
 [82] = https://curl.se/bug/?i=13902
 [83] = https://curl.se/bug/?i=13851
 [84] = https://curl.se/bug/?i=13878
 [85] = https://curl.se/bug/?i=13877
 [86] = https://curl.se/bug/?i=13855
 [87] = https://curl.se/bug/?i=13895
 [88] = https://curl.se/bug/?i=13871
 [89] = https://curl.se/bug/?i=13653
 [90] = https://curl.se/bug/?i=13795
 [91] = https://curl.se/bug/?i=13864
 [92] = https://curl.se/bug/?i=13862
 [93] = https://curl.se/bug/?i=13894
 [94] = https://curl.se/bug/?i=13891
 [95] = https://curl.se/bug/?i=13890
 [96] = https://curl.se/bug/?i=13889
 [97] = https://curl.se/bug/?i=13887
 [98] = https://curl.se/bug/?i=13886
 [99] = https://curl.se/bug/?i=13918
 [100] = https://curl.se/bug/?i=13915
 [101] = https://curl.se/bug/?i=13914
 [102] = https://curl.se/bug/?i=13914
 [103] = https://curl.se/bug/?i=13885
 [104] = https://curl.se/bug/?i=13904
 [105] = https://curl.se/bug/?i=13905
 [106] = https://curl.se/bug/?i=13952
 [107] = https://curl.se/bug/?i=13907
 [108] = https://curl.se/bug/?i=13923
 [109] = https://curl.se/bug/?i=13922
 [110] = https://curl.se/bug/?i=13921
 [111] = https://curl.se/bug/?i=13913
 [112] = https://curl.se/bug/?i=13920
 [113] = https://curl.se/bug/?i=13951
 [114] = https://curl.se/bug/?i=13428
 [115] = https://github.com/curl/everything-curl/issues/456
 [116] = https://curl.se/bug/?i=13113
 [117] = https://curl.se/bug/?i=13302
 [118] = https://curl.se/bug/?i=13695
 [119] = https://curl.se/bug/?i=13898
 [120] = https://curl.se/bug/?i=13944
 [121] = https://curl.se/bug/?i=13934
 [122] = https://curl.se/bug/?i=13941
 [123] = https://curl.se/bug/?i=13940
 [124] = https://curl.se/bug/?i=13908
 [125] = https://curl.se/bug/?i=13972
 [126] = https://curl.se/bug/?i=13971
 [127] = https://curl.se/bug/?i=13936
 [128] = https://curl.se/bug/?i=13930
 [129] = https://curl.se/bug/?i=864
 [130] = https://curl.se/bug/?i=13897
 [131] = https://curl.se/bug/?i=14002
 [132] = https://curl.se/bug/?i=13928
 [133] = https://curl.se/bug/?i=13948
 [134] = https://curl.se/bug/?i=13927
 [135] = https://curl.se/bug/?i=13929
 [136] = https://curl.se/bug/?i=13959
 [137] = https://curl.se/mail/lib-2024-06/0033.html
 [138] = https://curl.se/bug/?i=13994
 [139] = https://curl.se/bug/?i=13953
 [140] = https://curl.se/bug/?i=13956
 [141] = https://curl.se/bug/?i=14001
 [142] = https://curl.se/bug/?i=13995
 [143] = https://curl.se/bug/?i=14000
 [144] = https://curl.se/bug/?i=13996
 [146] = https://curl.se/bug/?i=13991
 [147] = https://curl.se/bug/?i=13989
 [148] = https://curl.se/bug/?i=14028
 [149] = https://curl.se/bug/?i=13985
 [150] = https://curl.se/bug/?i=13983
 [151] = https://curl.se/bug/?i=13942
 [152] = https://curl.se/bug/?i=13978
 [153] = https://curl.se/bug/?i=13967
 [154] = https://curl.se/bug/?i=14022
 [156] = https://curl.se/bug/?i=14025
 [157] = https://curl.se/bug/?i=14012
 [158] = https://curl.se/bug/?i=14026
 [160] = https://curl.se/bug/?i=14019
 [162] = https://curl.se/bug/?i=13976
 [164] = https://curl.se/bug/?i=14016
 [165] = https://curl.se/bug/?i=14015
 [167] = https://curl.se/bug/?i=13998
 [169] = https://curl.se/bug/?i=14007
 [170] = https://curl.se/bug/?i=14005
 [171] = https://curl.se/bug/?i=14003