curl/RELEASE-NOTES

curl and libcurl 8.0.0

 Public curl releases:         215
 Command line options:         250
 curl_easy_setopt() options:   302
 Public functions in libcurl:  91
 Contributors:                 2840

This release includes the following changes:

 o build: remove support for curl_off_t < 8 bytes [19]

This release includes the following bugfixes:

 o .cirrus.yml: Bump to FreeBSD 13.2 [9]
 o aws_sigv4: fall back to UNSIGNED-PAYLOAD for sign_as_s3 [112]
 o BINDINGS: add Fortran binding [33]
 o build: drop the use of XC_AMEND_DISTCLEAN [62]
 o build: fix stdint/inttypes detection with non-autotools [120]
 o cf-socket: fix handling of remote addr for accepted tcp sockets [17]
 o cf-socket: if socket is already connected, return CURLE_OK [69]
 o CI: don't run CI jobs if only another CI was changed [92]
 o CI: update ngtcp2 and nghttp2 for pytest [13]
 o cmake: delete unused HAVE__STRTOI64 [117]
 o cmake: fix enabling LDAPS on Windows [55]
 o cmake: skip CA-path/bundle auto-detection in cross-builds [57]
 o connect: fix time_connect and time_appconnect timer statistics [90]
 o cookie: don't load cookies again when flushing [91]
 o cookie: parse without sscanf()
 o curl: make -w's %{stderr} use the file set with --stderr [30]
 o curl_path: create the new path with dynbuf [99]
 o CURLOPT_PIPEWAIT: allow waited reuse also for subsequent connections [10]
 o CURLOPT_PROXY.3: curl+NSS does not handle HTTPS over unix domain socket [102]
 o CURLSHOPT_SHARE.3: HSTS sharing is not thread-safe [103]
 o DEPRECATE: the original legacy mingw version 1 [43]
 o doc: fix compiler warning in libcurl.m4 [82]
 o docs/cmdline-opts: mark all global options [6]
 o docs/SECURITY-PROCESS.md: updates [67]
 o docs: extend the URL API descriptions [85]
 o docs: note '--data-urlencode' option [7]
 o DYNBUF.md: note Curl_dyn_add* calls Curl_dyn_free on failure [70]
 o easy: remove infof() debug leftover from curl_easy_recv [44]
 o examples/http3.c: use CURL_HTTP_VERSION_3 [46]
 o ftp: active mode with SSL, add the filter [84]
 o ftp: add more conditions for connection reuse [74]
 o ftp: allocate the wildcard struct on demand [59]
 o ftp: make the EPSV response parser not use sscanf [25]
 o ftp: replace sscanf for MDTM 213 response parsing [23]
 o ftp: replace sscanf for PASV parsing [24]
 o gssapi: align global `gss_OID_desc` vars to silence ld warnings on macOS ventura [58]
 o headers: make curl_easy_header and nextheader return different buffers [77]
 o hostip: avoid sscanf and extra buffer copies [42]
 o http2: fix error handling during parallel operations [96]
 o http2: fix for http2-prior-knowledge when reusing connections [14]
 o http2: fix handling of RST and GOAWAY to recognize partial transfers [88]
 o http2: fix upload busy loop [71]
 o http: don't send 100-continue for short PUT requests [93]
 o http: fix unix domain socket use in https connects [28]
 o http: rewrite the status line parser without sscanf [29]
 o http_proxy: parse the status line without sscanf [16]
 o idn: return error if the conversion ends up with a blank host [45]
 o krb5: avoid sscanf for parsing [18]
 o lib1560: test parsing URLs with ridiculously large fields [60]
 o lib517: verify time stamps without leading zeroes plus some more
 o lib: silence clang/gcc -Wvla warnings in brotli headers [98]
 o lib: skip Curl_llist_destroy calls [108]
 o libcurl-errors.3: add the CURLHcode errors from curl_easy_header.3 [39]
 o libssh2: only set the memory callbacks when debugging [65]
 o Makefile.mk: delete redundant `HAVE_LDAP_SSL` macro [56]
 o Makefile.mk: fix -g option in debug mode [81]
 o mqtt: on send error, return error [40]
 o multi: make multi_perform ignore/unignore signals less often [116]
 o multi: remove PENDING + MSGSENT handles from the main linked list [105]
 o ngtcp2-gnutls.yml: bump to gnutls 3.8.0 [11]
 o ngtcp2: fix unwanted close of file descriptor 0 [26]
 o page-footer: add explanation for three missing exit codes [37]
 o parsedate: parse strings without using sscanf() [2]
 o parsedate: replace sscanf( for time stamp parsing [1]
 o quic/schannel: fix compiler warnings [36]
 o rand: use arc4random as fallback when available [48]
 o rate.d: single URLs make no sense in --rate example [38]
 o RELEASE-PROCEDURE.md: update coming release dates
 o rtsp: avoid sscanf for parsing [15]
 o runtests: use a hash table for server port numbers [51]
 o sectransp: fix compiler warning c89 mixed code/declaration [32]
 o sectransp: make read_cert() use a dynbuf when loading [72]
 o secure-transport: fix recv return code handling [114]
 o select: stop treating POLLRDBAND as an error [27]
 o setopt: move the CURLOPT_CHUNK_DATA pointer to the set struct [35]
 o socket: detect "dead" connections better, e.g. not fit for reuse [66]
 o src: silence wmain() warning for all build methods [95]
 o telnet: only accept option arguments in ascii [104]
 o telnet: parse NEW_ENVIRON without sscanf [20]
 o telnet: parse telnet options without sscanf [22]
 o telnet: parse the WS= argument without sscanf [21]
 o test1470: test socks proxy using unix sockets and connect to https [63]
 o test1960: verify CURL_SOCKOPT_ALREADY_CONNECTED [64]
 o test2600: detect when ALARM_TIMEOUT is in use and adjust [34]
 o tests/http: add pytest to GHA and improve tests [118]
 o tests: add `cookies` features [68]
 o tests: add timeout, SLOWDOWN and DELAY keywords to tests
 o tests: fix gnutls-serv check [53]
 o tests: fix MSVC unreachable code warnings in unit tests
 o tests: hack to build most unit tests under cmake [94]
 o tests: HTTP server fixups [3]
 o tests: keep cmake unit tests names in sync
 o tests: make CPPFLAGS common to all unit tests
 o tests: make first.c the same for both lib tests and unit tests [75]
 o tests: support for imaps/pop3s/smtps protocols [50]
 o tests: sync option lists in runtests.pl & its man page
 o tests: test secure mail protocols with explicit SSL requests [49]
 o tests: use AM_CPPFILES to modify flags in unit tests
 o tests: use dynamic ports numbers in pytest suite [89]
 o tool: dump headers even if file is write-only [52]
 o tool: improve --stderr handling [83]
 o tool_getparam: don't add a new node for just --no-remote-name [5]
 o tool_operate: avoid fclose(NULL) on bad header dump file [12]
 o tool_operate: propagate error codes for missing URL after --next [4]
 o tool_progress: shut off progress meter for --silent in parallel [8]
 o tool_writeout_json. fix the output for duplicate header names [76]
 o transfer: limit Windows SO_SNDBUF updates to once a second [73]
 o url: fix cookielist memleak when curl_easy_reset [106]
 o url: fix logic in connection reuse to deny reuse on "unclean" connections [86]
 o url: fix the SSH connection reuse check [101]
 o url: only reuse connections with same GSS delegation [97]
 o url: remove dummy protocol handler [100]
 o urlapi: '%' is illegal in host names [80]
 o urlapi: avoid mutating internals in getter routine [79]
 o urlapi: parse IPv6 literals without ENABLE_IPV6 [61]
 o urlapi: take const args in _dup and _get functions [78]
 o wildcard: remove files and move functions into ftplistparser.c
 o winbuild: fix makefile clean [31]
 o wolfssl: add quic/ngtcp2 detection in cmake, and fix builds [113]
 o wolfSSL: ressurect the BIO `io_result` [54]
 o ws: keep the socket non-blocking [41]
 o x509asn1.c: use correct format specifier for infof() call [47]
 o x509asn1: use plain %x, not %lx, when the arg is an int [87]

This release includes the following known bugs:

 o see docs/KNOWN_BUGS (https://curl.se/docs/knownbugs.html)

Planned upcoming removals include:

 o gskit
 o NSS
 o support for space-separated NOPROXY patterns

 See https://curl.se/dev/deprecate.html for details

This release would not have looked like this without help, code, reports and
advice from friends like these:

  Andy Alt, Balakrishnan Balasubramanian, Boris Okunskiy, Brad Spencer,
  Casey Bodley, Cristian Morales Vega, Dan Fandrich, Daniel Stenberg,
  Evgeny Grin (Karlson2k), finkjsc on github, Grisha Levit, Harry Sintonen,
  Hiroki Kurosawa, Ilmari Lauhakangas, JackBoosY on github, Jan Engelhardt,
  Jelle van der Waa, Jérémy Rabasco, Jerome St-Louis, Maciej Domanski,
  Marcel Raad, marski on github, Master Inspire, Matt Jolly,
  opensslonzos-github on github, Patrick Monnerat, Philip Heiduck,
  Philipp Engel, Ray Satiro, rcombs on github, rwmjones on github,
  SandakovMM on github, SendSonS on github, Sergey Fionov, Sergey Ryabinin,
  Sergio Mijatovic, Shankar Jadhavar, Stefan Eissing, u20221022 on github,
  Viktor Szakats, 積丹尼 Dan Jacobson
  (41 contributors)

References to bug reports and discussions on issues:

 [1] = https://curl.se/bug/?i=10547
 [2] = https://curl.se/bug/?i=10547
 [3] = https://curl.se/bug/?i=10568
 [4] = https://curl.se/bug/?i=10558
 [5] = https://curl.se/bug/?i=10564
 [6] = https://curl.se/bug/?i=10566
 [7] = https://curl.se/bug/?i=10687
 [8] = https://curl.se/bug/?i=10573
 [9] = https://curl.se/bug/?i=10270
 [10] = https://curl.se/bug/?i=10456
 [11] = https://curl.se/bug/?i=10507
 [12] = https://curl.se/bug/?i=10570
 [13] = https://curl.se/bug/?i=10508
 [14] = https://curl.se/bug/?i=10634
 [15] = https://curl.se/bug/?i=10605
 [16] = https://curl.se/bug/?i=10602
 [17] = https://curl.se/bug/?i=10622
 [18] = https://curl.se/bug/?i=10599
 [19] = https://curl.se/bug/?i=10597
 [20] = https://curl.se/bug/?i=10596
 [21] = https://curl.se/bug/?i=10596
 [22] = https://curl.se/bug/?i=10596
 [23] = https://curl.se/bug/?i=10590
 [24] = https://curl.se/bug/?i=10590
 [25] = https://curl.se/bug/?i=10590
 [26] = https://curl.se/bug/?i=10593
 [27] = https://curl.se/bug/?i=10501
 [28] = https://curl.se/bug/?i=10633
 [29] = https://curl.se/bug/?i=10585
 [30] = https://curl.se/bug/?i=10491
 [31] = https://curl.se/bug/?i=10576
 [32] = https://curl.se/bug/?i=10574
 [33] = https://curl.se/bug/?i=10589
 [34] = https://curl.se/bug/?i=10513
 [35] = https://curl.se/bug/?i=10635
 [36] = https://curl.se/bug/?i=10603
 [37] = https://curl.se/bug/?i=10630
 [38] = https://curl.se/bug/?i=10638
 [39] = https://curl.se/bug/?i=10629
 [40] = https://curl.se/bug/?i=10623
 [41] = https://curl.se/bug/?i=10615
 [42] = https://curl.se/bug/?i=10601
 [43] = https://curl.se/bug/?i=10667
 [44] = https://curl.se/bug/?i=10628
 [45] = https://curl.se/bug/?i=10617
 [46] = https://curl.se/bug/?i=10619
 [47] = https://curl.se/bug/?i=10614
 [48] = https://curl.se/bug/?i=10672
 [49] = https://curl.se/bug/?i=10077
 [50] = https://curl.se/bug/?i=10077
 [51] = https://curl.se/bug/?i=10077
 [52] = https://curl.se/bug/?i=10675
 [53] = https://curl.se/bug/?i=10688
 [54] = https://curl.se/bug/?i=10716
 [55] = https://curl.se/bug/?i=6284
 [56] = https://curl.se/bug/?i=10681
 [57] = https://curl.se/bug/?i=6178
 [58] = https://curl.se/bug/?i=10718
 [59] = https://curl.se/bug/?i=10639
 [60] = https://curl.se/bug/?i=10665
 [61] = https://curl.se/bug/?i=10660
 [62] = https://curl.se/bug/?i=9843
 [63] = https://curl.se/bug/?i=10662
 [64] = https://curl.se/bug/?i=10651
 [65] = https://curl.se/bug/?i=10721
 [66] = https://curl.se/bug/?i=10646
 [67] = https://curl.se/bug/?i=10719
 [68] = https://curl.se/bug/?i=10713
 [69] = https://curl.se/bug/?i=10626
 [70] = https://curl.se/bug/?i=10645
 [71] = https://curl.se/bug/?i=10449
 [72] = https://curl.se/bug/?i=10632
 [73] = https://curl.se/bug/?i=10611
 [74] = https://curl.se/bug/?i=10730
 [75] = https://curl.se/bug/?i=10749
 [76] = https://curl.se/bug/?i=10704
 [77] = https://curl.se/bug/?i=10704
 [78] = https://curl.se/bug/?i=10708
 [79] = https://curl.se/bug/?i=10708
 [80] = https://curl.se/bug/?i=10711
 [81] = https://curl.se/bug/?i=10747
 [82] = https://curl.se/bug/?i=10710
 [83] = https://curl.se/bug/?i=10673
 [84] = https://curl.se/bug/?i=10666
 [85] = https://curl.se/bug/?i=10701
 [86] = https://curl.se/bug/?i=10690
 [87] = https://curl.se/bug/?i=10689
 [88] = https://curl.se/bug/?i=10693
 [89] = https://curl.se/bug/?i=10692
 [90] = https://curl.se/bug/?i=10670
 [91] = https://curl.se/bug/?i=10677
 [92] = https://curl.se/bug/?i=10742
 [93] = https://curl.se/bug/?i=10740
 [94] = https://curl.se/bug/?i=10722
 [95] = https://curl.se/bug/?i=7229
 [96] = https://curl.se/bug/?i=10715
 [97] = https://curl.se/bug/?i=10731
 [98] = https://curl.se/bug/?i=10738
 [99] = https://curl.se/bug/?i=10729
 [100] = https://curl.se/bug/?i=10727
 [101] = https://curl.se/bug/?i=10735
 [102] = https://curl.se/bug/?i=10723
 [103] = https://curl.se/bug/?i=10732
 [104] = https://curl.se/bug/?i=10728
 [105] = https://curl.se/bug/?i=10762
 [106] = https://curl.se/bug/?i=10694
 [108] = https://curl.se/bug/?i=10764
 [112] = https://curl.se/bug/?i=9995
 [113] = https://curl.se/bug/?i=10739
 [114] = https://curl.se/bug/?i=10717
 [116] = https://curl.se/bug/?i=10750
 [117] = https://curl.se/bug/?i=10756
 [118] = https://curl.se/bug/?i=10699
 [120] = https://curl.se/bug/?i=10745