curl/RELEASE-NOTES

curl and libcurl 8.2.0

 Public curl releases:         220
 Command line options:         255
 curl_easy_setopt() options:   303
 Public functions in libcurl:  91
 Contributors:                 2922

This release includes the following changes:

 o curl: add --ca-native and --proxy-ca-native [24]
 o curl: add --trace-ids [53]
 o CURLOPT_MAIL_RCPT_ALLOWFAILS: replace CURLOPT_MAIL_RCPT_ALLLOWFAILS [5]
 o haproxy: add --haproxy-clientip flag to set client IPs [23]
 o lib: add CURLINFO_CONN_ID and CURLINFO_XFER_ID [54]

This release includes the following bugfixes:

 o bufq: make write/pass methods more robust [21]
 o build: drop unused/redundant `HAVE_WINLDAP_H` [25]
 o cf-socket: don't bypass fclosesocket callback if cancelled before connect [114]
 o cf-socket: move ctx declaration under HAVE_GETPEERNAME [91]
 o cf-socket: skip getpeername()/getsockname for TFTP [65]
 o checksrc: modernise perl file open [87]
 o checksrc: quote the file name to work with "funny" letters [93]
 o CI: brew fix for openssl in default path [116]
 o CI: don't install impacket if tests are not run
 o CI: enable parallel make in more builds
 o circleci: install impacket & wolfssl 5.6.0 [1]
 o cmake: add support for "unity" builds [13]
 o cmake: make use of snprintf [102]
 o cmake: stop CMake from quietly ignoring missing Brotli [81]
 o configure: add check for ldap_init_fd [80]
 o configure: fix run-compiler for old /bin/sh [4]
 o configure: the --without forms of the options are also gone [79]
 o connect-timeout.d: mention that the DNS lookup is included [85]
 o curl.h: include <sys/select.h> for vxworks [78]
 o curl: count uploaded data to stop at the originally given size [14]
 o curl: return error when asked to use an unsupported HTTP version [113]
 o curl_easy_nextheader.3: add missing open parenthesis examples [74]
 o curl_log: evaluate log statement only when transfer is verbose [8]
 o curl_mprintf.3: minor fix of the example
 o curl_pushheader_byname/bynum.3: document in their own man pages [37]
 o curl_url_set: enforce the max string length check for all parts [38]
 o CURLOPT_AWS_SIGV4.3: remove unused variable from example [11]
 o CURLOPT_INFILESIZE.3: mention -1 triggers chunked [55]
 o CURLOPT_MIMEPOST.3: clarify what setting to NULL means [95]
 o CURLOPT_SSH_PRIVATE_KEYFILE.3: expand on the file search [31]
 o docs/libcurl/libcurl.3: cleanups and improvements [46]
 o docs: add more .IP after .RE to fix indentation of generate paragraphs [82]
 o docs: fix missing parameter names in examples [41]
 o docs: update CURLOPT_UPLOAD.3 [63]
 o docs: update HTTP3.md for newer ngtcp2 and nghttp3 [28]
 o docs: use a space after RFC when spelling out RFC numbers [105]
 o example/connect-to: show CURLOPT_CONNECT_TO [47]
 o example/crawler: also set CURLOPT_AUTOREFERER [35]
 o example/crawler: make it use a few more options
 o example/default-scheme: set the default scheme for schemeless URLs [67]
 o example/hsts-preload: show one way to HSTS preload [68]
 o example/http2-download: set CURLOPT_BUFFERSIZE [34]
 o example/ipv6: feature CURLOPT_ADDRESS_SCOPE in use [27]
 o example/maxconnects: set maxconnect example [98]
 o example/opensslthreadlock: remove [59]
 o examples/ftpuploadresume.c: add use of CURLOPT_ACCEPTTIMEOUT_MS [39]
 o examples/http-options: show how to send "OPTIONS *" [69]
 o examples/https.c: use CURLOPT_CA_CACHE_TIMEOUT [19]
 o examples/multi-debugcallback.c: avoid the bool typedef [29]
 o examples/smtp-mime: use CURLOPT_MAIL_RCPT_ALLOWFAILS [71]
 o examples/unixsocket.c: example using CURLOPT_UNIX_SOCKET_PATH [40]
 o examples/websocket.c: websocket example using CONNECT_ONLY [17]
 o examples: make use of CURLOPT_(REDIR_|)PROTOCOLS_STR [70]
 o fopen: fix conversion warning on 32-bit Android [49]
 o fopen: optimize [101]
 o hostip.c: Move macOS-specific calls into global init call [104]
 o HTTP/2: upload handling fixes [56]
 o http2: better support for --limit-rate [7]
 o http2: error stream resets with code CURLE_HTTP2_STREAM [84]
 o http2: fix crash in handling stream weights [76]
 o http2: fix variable type [50]
 o http2: h2 and h2-PROXY connection alive check fixes [83]
 o http2: raise header limitations above and beyond [73]
 o http2: send HEADER & DATA together if possible [99]
 o http2: treat initial SETTINGS as a WINDOW_UPDATE [100]
 o HTTP3.md: update openssl version [57]
 o http3/ngtcp2: upload EAGAIN handling [108]
 o http: rectify the outgoing Cookie: header field size check [72]
 o hyper: fix EOF handling on input [66]
 o hyper: unslow [51]
 o imap-append.c: update to make it more likely to work [106]
 o imap: Provide method to disable SASL if it is advertised [75]
 o krb5: add typecast to please Coverity
 o libcurl-url.3: also mention CURLUPART_ZONEID
 o libcurl-ws.3. WebSocket API overview [48]
 o libssh2: provide error message when setting host key type fails [9]
 o libssh2: use custom memory functions [12]
 o ngtcp2: assigning timeout, but value is overwritten before used [103]
 o ngtcp2: build with 0.17.0 and nghttp3 0.13.0 [96]
 o ngtcp2: use ever increasing timestamp in io [32]
 o quiche: avoid NULL deref in debug logging [97]
 o quiche: fix defects found in latest coverity report [94]
 o quote.d: fix indentation of generated paragraphs [86]
 o runtests: abort test run after failure without -a [3]
 o runtests: better handle ^C during slow tests
 o runtests: consistently write the test check summary block
 o runtests: create multiple test runners when requested [20]
 o runtests: include missing valgrind package [89]
 o runtests: make test file directories in log/N [44]
 o runtests: rename server command file
 o runtests: use more consistent failure lines
 o runtests: work around a perl without SIGUSR1 [88]
 o runtests; give each server a unique log lock file [43]
 o scripts: Fix GHA matrix job detection in cijobs.pl
 o sectransp: fix EOF handling [92]
 o system.h: remove __IBMC__/__IBMCPP__ guards and apply to all z/OS compiles [10]
 o test2600: fix the description [90]
 o test427: verify sending more cookies than fit in a 8190 bytes line [61]
 o tests/http: Add mod_h2 directive `H2ProxyRequests` [77]
 o tests/servers.pm: pick unused port number with a server socket [16]
 o tests/servers: generate temp names in /tmp for unix domain sockets [6]
 o tests: fix error messages & handling around sockets [30]
 o tests: improve reliability of TFTP tests
 o testutil: allow multiple %-operators on the same line [62]
 o timeval: use CLOCK_MONOTONIC_RAW if available [52]
 o tls13-ciphers.d: include Schannel [36]
 o tool: remove exclamation marks from error/warning messages
 o tool: remove newlines from all helpf/notef/warnf/errorf calls [15]
 o tool_easysrc.h: correct `easysrc_perform` for `CURL_DISABLE_LIBCURL_OPTION` [109]
 o tool_getparam: fix comment [22]
 o tool_operate: allow cookie lines up to 8200 bytes [60]
 o tool_parsecfg: accept line lengths up to 10M [115]
 o tool_urlglob: use curl_off_t instead of longs [2]
 o tool_writeout_json: fix encoding of control characters [107]
 o transfer: clear credentials when redirecting to absolute URL [64]
 o urlapi: have *set(PATH) prepend a slash if one is missing [42]
 o urlapi: scheme must start with alpha [26]
 o vtls: avoid memory leak if sha256 call fails [58]
 o websocket-cb: example doing WebSocket download using callback [18]
 o wolfssl: detect when TLS 1.2 support is not built into wolfssl [111]
 o wolfssl: support setting CA certificates as blob [110]
 o ws: make the curl_ws_meta() return pointer a const [45]

This release includes the following known bugs:

 o see docs/KNOWN_BUGS (https://curl.se/docs/knownbugs.html)

Planned upcoming removals include:

 o gskit
 o NSS
 o support for space-separated NOPROXY patterns
 o support for the original legacy mingw version 1

 See https://curl.se/dev/deprecate.html for details

This release would not have looked like this without help, code, reports and
advice from friends like these:

  ad0p on github, Alejandro R. Sedeño, Andy Fiddaman, Anssi Kolehmainen,
  Antoine du Hamel, atjg on github, Boris Verkhovskiy, Brian Nixon,
  Chris Paulson-Ellis, Chris Talbot, Cristian Rodríguez, Dan Fandrich,
  Daniel Stenberg, Derzsi Dániel, Dion Williams, divinity76, Emanuele Torre,
  Frank Gevaerts, Gisle Vanem, Graham Campbell, Harry Sintonen, humbleacolyte,
  Igor Todorovski, James Fuller, James Lucas, jbgoog on github,
  Juan Cruz Viotti, JustAnotherArchivist on github, Karthikdasari0423,
  lizhuang0630 on github, MaeIsBad on github, Marcel Raad, Margu,
  Mark Seuffert, Michał Petryka, Oleg Jukovec, Ondřej Koláček, Paul Wise,
  Pedro Henrique, Philip Heiduck, Pontakorn Prasertsuk, Raito Bezarius,
  Ray Satiro, SaltyMilk, Sean McArthur, selmelc on hackerone, Sergey Alirzaev,
  Sheshadri.V, Stan Hu, Stefan Eissing, Tatsuhiro Tsujikawa, Viktor Szakats,
  vlkl-sap on github, Wyatt OʼDay
  (54 contributors)

References to bug reports and discussions on issues:

 [1] = https://curl.se/bug/?i=11221
 [2] = https://curl.se/bug/?i=11224
 [3] = https://curl.se/bug/?i=11225
 [4] = https://curl.se/bug/?i=11228
 [5] = https://curl.se/bug/?i=11218
 [6] = https://curl.se/bug/?i=11152
 [7] = https://curl.se/bug/?i=11115
 [8] = https://curl.se/bug/?i=11238
 [9] = https://curl.se/bug/?i=11240
 [10] = https://curl.se/bug/?i=11241
 [11] = https://curl.se/bug/?i=11302
 [12] = https://curl.se/bug/?i=11235
 [13] = https://curl.se/bug/?i=11095
 [14] = https://curl.se/bug/?i=11222
 [15] = https://curl.se/bug/?i=11226
 [16] = https://curl.se/bug/?i=11220
 [17] = https://curl.se/bug/?i=11262
 [18] = https://curl.se/bug/?i=11260
 [19] = https://curl.se/bug/?i=11290
 [20] = https://curl.se/bug/?i=10818
 [21] = https://curl.se/bug/?i=11247
 [22] = https://curl.se/bug/?i=11253
 [23] = https://curl.se/bug/?i=10779
 [24] = https://curl.se/bug/?i=11049
 [25] = https://curl.se/bug/?i=11245
 [26] = https://curl.se/bug/?i=11249
 [27] = https://curl.se/bug/?i=11282
 [28] = https://curl.se/bug/?i=11295
 [29] = https://curl.se/bug/?i=11299
 [30] = https://curl.se/bug/?i=11265
 [31] = https://curl.se/bug/?i=11289
 [32] = https://curl.se/bug/?i=11288
 [34] = https://curl.se/bug/?i=11284
 [35] = https://curl.se/bug/?i=11283
 [36] = https://curl.se/bug/?i=11271
 [37] = https://curl.se/bug/?i=11286
 [38] = https://curl.se/bug/?i=11273
 [39] = https://curl.se/bug/?i=11277
 [40] = https://curl.se/bug/?i=11276
 [41] = https://curl.se/bug/?i=11278
 [42] = https://curl.se/mail/lib-2023-06/0015.html
 [43] = https://curl.se/bug/?i=11231
 [44] = https://curl.se/bug/?i=11267
 [45] = https://curl.se/bug/?i=11261
 [46] = https://curl.se/bug/?i=11317
 [47] = https://curl.se/bug/?i=11340
 [48] = https://curl.se/bug/?i=11314
 [49] = https://curl.se/bug/?i=11313
 [50] = https://curl.se/bug/?i=11312
 [51] = https://curl.se/bug/?i=11203
 [52] = https://curl.se/bug/?i=11291
 [53] = https://curl.se/bug/?i=11185
 [54] = https://curl.se/bug/?i=11185
 [55] = https://curl.se/bug/?i=11304
 [56] = https://curl.se/bug/?i=11342
 [57] = https://curl.se/bug/?i=11297
 [58] = https://curl.se/bug/?i=11306
 [59] = https://curl.se/bug/?i=11341
 [60] = https://curl.se/bug/?i=11303
 [61] = https://curl.se/bug/?i=11303
 [62] = https://curl.se/bug/?i=11303
 [63] = https://curl.se/bug/?i=11300
 [64] = https://curl.se/bug/?i=11410
 [65] = https://curl.se/bug/?i=11332
 [66] = https://curl.se/bug/?i=11377
 [67] = https://curl.se/bug/?i=11338
 [68] = https://curl.se/bug/?i=11337
 [69] = https://curl.se/bug/?i=11333
 [70] = https://curl.se/bug/?i=11334
 [71] = https://curl.se/bug/?i=11335
 [72] = https://curl.se/bug/?i=11331
 [73] = https://curl.se/bug/?i=11405
 [74] = https://curl.se/bug/?i=11409
 [75] = https://curl.se/bug/?i=10041
 [76] = https://curl.se/bug/?i=11379
 [77] = https://curl.se/bug/?i=11392
 [78] = https://curl.se/bug/?i=11356
 [79] = https://curl.se/bug/?i=11378
 [80] = https://curl.se/bug/?i=11372
 [81] = https://curl.se/bug/?i=11376
 [82] = https://curl.se/bug/?i=11375
 [83] = https://curl.se/bug/?i=11368
 [84] = https://curl.se/bug/?i=11357
 [85] = https://curl.se/bug/?i=11370
 [86] = https://curl.se/bug/?i=11371
 [87] = https://curl.se/bug/?i=11358
 [88] = https://curl.se/bug/?i=11350
 [89] = https://curl.se/bug/?i=11364
 [90] = https://curl.se/bug/?i=11354
 [91] = https://curl.se/bug/?i=11352
 [92] = https://curl.se/bug/?i=11427
 [93] = https://curl.se/bug/?i=11437
 [94] = https://curl.se/bug/?i=11455
 [95] = https://curl.se/bug/?i=11430
 [96] = https://curl.se/bug/?i=11428
 [97] = https://curl.se/bug/?i=11454
 [98] = https://curl.se/bug/?i=11343
 [99] = https://curl.se/bug/?i=11420
 [100] = https://curl.se/bug/?i=11450
 [101] = https://curl.se/bug/?i=11419
 [102] = https://curl.se/bug/?i=11423
 [103] = https://curl.se/bug/?i=11453
 [104] = https://curl.se/bug/?i=11252
 [105] = https://curl.se/bug/?i=11382
 [106] = https://curl.se/bug/?i=10300
 [107] = https://curl.se/bug/?i=11414
 [108] = https://curl.se/bug/?i=11389
 [109] = https://curl.se/bug/?i=11398
 [110] = https://curl.se/bug/?i=11445
 [111] = https://curl.se/bug/?i=11444
 [113] = https://curl.se/bug/?i=11440
 [114] = https://curl.se/bug/?i=11439
 [115] = https://curl.se/bug/?i=11431
 [116] = https://curl.se/bug/?i=11413