-
-
Notifications
You must be signed in to change notification settings - Fork 6.6k
/
Copy pathRELEASE-NOTES
307 lines (291 loc) · 13.5 KB
/
RELEASE-NOTES
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
curl and libcurl 8.13.0
Public curl releases: 266
Command line options: 267
curl_easy_setopt() options: 306
Public functions in libcurl: 96
Contributors: 3356
This release includes the following changes:
o curl: add write-out variable 'tls_earlydata' [79]
o rustls: add support for CERTINFO [106]
o tool_getparam: make --url support a file with URLs [104]
o var: add a '64dec' function that can base64 decode a string [78]
o wolfssl: tls early data support [50]
This release includes the following bugfixes:
o addrinfo: add curl macro to avoid redefining foreign symbols [29]
o asyn-thread: avoid the separate 'struct resdata' alloc [20]
o asyn-thread: avoid the separate curl_mutex_t alloc [6]
o asyn-thread: do not allocate thread_data separately [21]
o asyn-thread: remove 'status' from struct Curl_async [36]
o build: add Windows CE / CeGCC support, with CI jobs [87]
o build: drop unused `getpart` tool [107]
o build: enable -Wjump-misses-init for GCC 4.5+ [62]
o build: fix compiler warnings in feature detections [39]
o build: set `-O3` and tune WinCE in CI, fix `getpart`, `vtls_scache` fallouts [137]
o build: set `HAVE_WRITABLE_ARGV` for Apple cross-builds [8]
o build: silence bogus `-Wconversion` warnings with gcc 5.1-5.4 [68]
o build: silence mingw32ce C99 format warnings, simplify CI [143]
o c-ares: error out for unsupported versions, drop unused macros [85]
o ca-native.md: sync with CURLSSLOPT_NATIVE_CA [72]
o cf-socket: deduplicate Windows Vista detection [11]
o client writer: handle pause before deocding [61]
o cmake: `SHARE_LIB_OBJECT=ON` requires CMake 3.12 or newer [46]
o cmake: add pre-fill for Unix, enable in GHA/macos, verify pre-fills [42]
o cmake: allow `CURL_STATIC_CRT` with shared libcurl and no curl exe [123]
o cmake: allow empty `IMPORT_LIB_SUFFIX`, add suffix collision detection [41]
o cmake: avoid `-Wnonnull` warning in `HAVE_FSETXATTR_5` detection [81]
o cmake: disable HTTPS-proxy as a feature if proxy is disabled [77]
o cmake: drop `CURL_DISABLE_TESTS` option [94]
o cmake: drop `HAVE_C_FLAG_Wno_long_double` logic for ancient Apple gcc [126]
o cmake: drop `HAVE_IN_ADDR_T` from pre-fill too
o cmake: drop two stray TLS feature checks for wolfSSL [9]
o cmake: fix `HAVE_ATOMIC`/`HAVE_STDATOMIC` pre-fill for clang-cl [28]
o cmake: fix ECH detection in custom-patched OpenSSL [32]
o cmake: hide empty `MINGW64_VERSION` output for mingw32ce [114]
o cmake: improve httpd detection for pytest [127]
o cmake: mention 'insecure' in the debug build warning [15]
o cmake: misc tidy-ups [38]
o cmake: pre-fill known type sizes for Windows OSes [100]
o cmake: restrict static CRT builds to static curl exe, test in CI [113]
o cmake: sync cutoff version with autotools for picky option `-ftree-vrp` [99]
o cmake: sync OpenSSL(-fork) feature checks with `./configure` [49]
o CODE_STYLE: readability and banned functions [35]
o configure: silence compiler warnings in feature checks, drop duplicates [86]
o configure: use `curl_cv_apple` variable [40]
o conn: fix connection reuse when SSL is optional [54]
o contributors.sh: lowercase 'github' for consistency [52]
o contrithanks.sh: update docs/THANKS in place [119]
o cookie: do prefix matching case-sensitively [82]
o cookie: minor parser simplification [58]
o cookie: simplify invalid_octets() [24]
o curl.h: change some enums to defines with L suffix [84]
o curl.h: stop defining non-curl `__has_declspec_attribute` [142]
o curl_msh3: remove verify bypass from DEBUGBUILDs [43]
o curl_trc: fix build with CURL_DISABLE_VERBOSE_STRINGS [109]
o CURLMOPT_SOCKETFUNCTION.md: add advice for socket callback invocation[69]
o CURLOPT_HTTPHEADER.md: add comments to the example [90]
o CURLOPT_HTTPHEADER.md: rephrases [108]
o docs: add FD_ZERO to curl_multi_fdset example [19]
o docs: bump `rustls` to 0.14.1 [111]
o docs: correct argument names & URL redirection [4]
o docs: minor edits to please the new spellchecker regime
o docs: vulnerabilities in debug code are not eligible for a bounty [118]
o eventfd: allow use on all CPUs [93]
o examples: prefer `return` over `exit()` (cont.) [110]
o gnutls: fix connection state check on handshake [80]
o gnutls: fix use of pkcs11 urls for keys/certs [122]
o hash: use single linked list for entries [57]
o hostip: make CURLOPT_RESOLVE support replacing IPv6 addresses [47]
o HTTP3.md: only speak about minimal versions [18]
o http: convert parsers to strparse [48]
o http: fix NTLM info message typo [22]
o http: fix the auth check [88]
o http: make the RTSP version check stricter [73]
o http: negotiation and room for alt-svc/https rr to navigate [64]
o http: version negotiation [45]
o http_aws_sigv4: use strparse more for parsing [55]
o https-rr: implementation improvements [44]
o httpsrr: fix port detection [51]
o httpsrr: fix the HTTPS-RR threaded-resolver build combo [67]
o INSTALL-CMAKE.md: CMake usage updates [101]
o INSTALL-CMAKE.md: mention `ZLIB_USE_STATIC_LIBS` [112]
o lib: better optimized casecompare() and ncasecompare() [3]
o lib: simplify more white space loops [60]
o lib: strtoofft.h header cleanup [17]
o lib: use Curl_str_* instead of strtok_r() [59]
o lib: use Curl_str_number() for parsing decimal numbers [13]
o libtest/libprereq.c: set CURLOPT_FOLLOWLOCATION with a long [89]
o managen: correct the warning for un-escaped '<' and '>' [1]
o msvc: drop support for VS2005 and older [96]
o multi: event based rework [74]
o openssl: check return value of X509_get0_pubkey [105]
o openssl: drop support for old OpenSSL/LibreSSL versions [95]
o openssl: remove bad `goto`s into other scope [63]
o pytest: test negotiate with http proxy [83]
o runtests: accept `CURL_DIRSUFFIX` without ending slash [133]
o runtests: drop recognizing 'winssl' as Schannel [102]
o runtests: drop ref to unused external function
o runtests: recognize AWS-LC as OpenSSL [103]
o runtests: support multi-target cmake, drop workarounds from CI [116]
o schannel: deduplicate Windows Vista detection [98]
o schannel: enable ALPN support under WINE 6.0+ [92]
o schannel: enable ALPN with MinGW, fix ALPN for UWP builds [71]
o schannel: guard ALPN init code to ALPN builds [91]
o scripts/managen: fix option 'single' [31]
o scripts/managen: fix parsing of markdown code sections [30]
o setopt: remove unnecesary void pointer typecasts [76]
o ssh: consider sftp quote commands case sensitive [33]
o ssl session cache: add exportable flag [56]
o strparse: make Curl_str_number() return error for no digits [14]
o strparse: switch the API to work on 'const char *' [2]
o strparse: switch to curl_off_t as base data type [7]
o test1167: catch #defines with extra whitespace [140]
o tests: fix comment in lib533 [121]
o tests: fix enum/int confusion, fix autotools `CFLAGS` for `servers` [27]
o tidy-up: align MSYS2/Cygwin codepaths, follow Cygwin `MAX_PID` bump [97]
o tidy-up: delete, comment or scope C macros reported unused [16]
o tidy-up: drop unused `CURL_INADDR_NONE` macro and `in_addr_t` type [26]
o tidy-up: use `CURL_ARRAYSIZE()` [37]
o timediff: fix comment for curlx_mstotv() [25]
o timediff: remove unnecessary double typecast [53]
o tool_getparam: clear sensitive arguments better [66]
o tool_operate: fail SSH transfers without server auth [70]
o urlapi: fix redirect from file:// with query, and simplify [136]
o urlapi: simplify junkscan [23]
o urldata: remove 'hostname' from struct Curl_async [131]
o variable.md: clarify 'trim' example [12]
o winbuild: reduce command-line length by dropping whitespace [117]
o windows: drop code and curl manifest targeting W2K and older [115]
o wolfssh: retrieve the error using wolfSSH_get_error [5]
o wolfssl: fix CA certificate multiple location import [34]
o wolfssl: warn if CA native import option is ignored [65]
o wolfssl: when using PQ KEM, use ML-KEM, not Kyber [10]
This release includes the following known bugs:
See https://curl.se/docs/knownbugs.html
For all changes ever done in curl:
See https://curl.se/changes.html
Planned upcoming removals include:
o Support for the msh3 HTTP/3 backend
o The winbuild build system
o TLS libraries not supporting TLS 1.3
See https://curl.se/dev/deprecate.html
This release would not have looked like this without help, code, reports and
advice from friends like these:
Anthony Hu, Carlos Henrique Lima Melara, Dan Fandrich, Daniel Stenberg,
dependabot[bot], Derek Huang, Dexter Gerig, Harry Sintonen, Jeremy Drake,
John Bampton, Joseph Chen, kayrus on github, kriztalz, Laurențiu Nicola,
lf- on github, Marcel Raad, Mark Phillips, qhill on github, Ray Satiro,
renovate[bot], rmg-x on github, RubisetCie on github, Sergey, Stefan Eissing,
stevenpackardblp on github, Tatsuhiro Tsujikawa, Tianyi Song, Timo Tijhof,
Viktor Szakats, Yedaya Katsman, Zenju on github, Zhaoming Luo
(32 contributors)
References to bug reports and discussions on issues:
[1] = https://curl.se/bug/?i=16315
[2] = https://curl.se/bug/?i=16316
[3] = https://curl.se/bug/?i=16311
[4] = https://curl.se/bug/?i=16334
[5] = https://curl.se/bug/?i=16335
[6] = https://curl.se/bug/?i=16323
[7] = https://curl.se/bug/?i=16336
[8] = https://curl.se/bug/?i=16338
[9] = https://curl.se/bug/?i=16339
[10] = https://curl.se/bug/?i=16337
[11] = https://curl.se/bug/?i=16400
[12] = https://curl.se/bug/?i=16346
[13] = https://curl.se/bug/?i=16319
[14] = https://curl.se/bug/?i=16319
[15] = https://curl.se/bug/?i=16327
[16] = https://curl.se/bug/?i=16279
[17] = https://curl.se/bug/?i=16331
[18] = https://curl.se/bug/?i=16320
[19] = https://curl.se/bug/?i=16325
[20] = https://curl.se/bug/?i=16321
[21] = https://curl.se/bug/?i=16241
[22] = https://curl.se/bug/?i=16305
[23] = https://curl.se/bug/?i=16307
[24] = https://curl.se/bug/?i=16306
[25] = https://curl.se/bug/?i=16310
[26] = https://curl.se/bug/?i=16318
[27] = https://curl.se/bug/?i=16314
[28] = https://curl.se/bug/?i=16313
[29] = https://curl.se/bug/?i=16274
[30] = https://curl.se/bug/?i=16345
[31] = https://curl.se/bug/?i=16344
[32] = https://curl.se/bug/?i=16354
[33] = https://curl.se/bug/?i=16382
[34] = https://curl.se/bug/?i=16391
[35] = https://curl.se/bug/?i=16349
[36] = https://curl.se/bug/?i=16347
[37] = https://curl.se/bug/?i=16381
[38] = https://curl.se/bug/?i=16238
[39] = https://curl.se/bug/?i=16287
[40] = https://curl.se/bug/?i=16340
[41] = https://curl.se/bug/?i=16324
[42] = https://curl.se/bug/?i=15841
[43] = https://curl.se/bug/?i=16342
[44] = https://curl.se/bug/?i=16132
[45] = https://curl.se/bug/?i=16100
[46] = https://curl.se/bug/?i=16375
[47] = https://curl.se/bug/?i=16357
[48] = https://curl.se/bug/?i=16436
[49] = https://curl.se/bug/?i=16352
[50] = https://curl.se/bug/?i=16167
[51] = https://curl.se/bug/?i=16409
[52] = https://curl.se/bug/?i=16443
[53] = https://curl.se/bug/?i=16367
[54] = https://curl.se/bug/?i=16384
[55] = https://curl.se/bug/?i=16366
[56] = https://curl.se/bug/?i=16322
[57] = https://curl.se/bug/?i=16351
[58] = https://curl.se/bug/?i=16362
[59] = https://curl.se/bug/?i=16360
[60] = https://curl.se/bug/?i=16363
[61] = https://curl.se/bug/?i=16280
[62] = https://curl.se/bug/?i=16252
[63] = https://curl.se/bug/?i=16356
[64] = https://curl.se/bug/?i=16117
[65] = https://curl.se/bug/?i=16417
[66] = https://curl.se/bug/?i=16396
[67] = https://curl.se/bug/?i=16399
[68] = https://curl.se/bug/?i=16398
[69] = https://curl.se/bug/?i=16441
[70] = https://curl.se/bug/?i=16205
[71] = https://curl.se/bug/?i=16385
[72] = https://curl.se/bug/?i=16373
[73] = https://curl.se/bug/?i=16435
[74] = https://curl.se/bug/?i=16308
[76] = https://curl.se/bug/?i=16426
[77] = https://curl.se/bug/?i=16434
[78] = https://curl.se/bug/?i=16330
[79] = https://curl.se/bug/?i=15956
[80] = https://curl.se/bug/?i=16423
[81] = https://curl.se/bug/?i=16427
[82] = https://curl.se/bug/?i=16494
[83] = https://curl.se/bug/?i=14973
[84] = https://curl.se/bug/?i=16482
[85] = https://curl.se/bug/?i=16407
[86] = https://curl.se/bug/?i=16377
[87] = https://curl.se/bug/?i=15975
[88] = https://curl.se/bug/?i=16419
[89] = https://curl.se/bug/?i=16487
[90] = https://curl.se/bug/?i=16488
[91] = https://curl.se/bug/?i=16420
[92] = https://curl.se/bug/?i=16393
[93] = https://curl.se/bug/?i=16277
[94] = https://curl.se/bug/?i=16134
[95] = https://curl.se/bug/?i=16104
[96] = https://curl.se/bug/?i=16004
[97] = https://curl.se/bug/?i=16217
[98] = https://curl.se/bug/?i=16408
[99] = https://curl.se/bug/?i=16478
[100] = https://curl.se/bug/?i=16464
[101] = https://curl.se/bug/?i=16329
[102] = https://curl.se/bug/?i=16467
[103] = https://curl.se/bug/?i=16466
[104] = https://curl.se/bug/?i=16099
[105] = https://curl.se/bug/?i=16468
[106] = https://curl.se/bug/?i=16459
[107] = https://curl.se/bug/?i=16460
[108] = https://curl.se/bug/?i=16461
[109] = https://curl.se/bug/?i=16462
[110] = https://curl.se/bug/?i=16524
[111] = https://curl.se/bug/?i=16446
[112] = https://curl.se/bug/?i=16457
[113] = https://curl.se/bug/?i=16456
[114] = https://curl.se/bug/?i=16455
[115] = https://curl.se/bug/?i=16453
[116] = https://curl.se/bug/?i=16452
[117] = https://curl.se/bug/?i=16508
[118] = https://curl.se/bug/?i=16527
[119] = https://curl.se/bug/?i=16448
[121] = https://curl.se/bug/?i=16523
[122] = https://curl.se/bug/?i=16249
[123] = https://curl.se/bug/?i=16516
[126] = https://curl.se/bug/?i=16513
[127] = https://curl.se/bug/?i=16515
[131] = https://curl.se/bug/?i=16451
[133] = https://curl.se/bug/?i=16506
[136] = https://curl.se/bug/?i=16498
[137] = https://curl.se/bug/?i=16476
[140] = https://curl.se/bug/?i=16496
[142] = https://curl.se/bug/?i=16491
[143] = https://curl.se/bug/?i=16492