1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
|
curl and libcurl 7.84.0
Public curl releases: 209
Command line options: 248
curl_easy_setopt() options: 297
Public functions in libcurl: 88
Contributors: 2648
This release includes the following changes:
o curl: add --rate to set max request rate per time unit [69]
o curl: deprecate --random-file and --egd-file [12]
o curl_version_info: add CURL_VERSION_THREADSAFE [100]
o CURLINFO_CAPATH/CAINFO: get the default CA paths from libcurl [9]
o lib: make curl_global_init() threadsafe when possible [101]
o libssh2: add CURLOPT_SSH_HOSTKEYFUNCTION [78]
o opts: deprecate RANDOM_FILE and EGDSOCKET [13]
o socks: support unix sockets for socks proxy [2]
This release includes the following bugfixes:
o aws-sigv4: fix potentional NULL pointer arithmetic [48]
o bindlocal: don't use a random port if port number would wrap [14]
o c-hyper: mark status line as status for Curl_client_write() [58]
o ci: update github actions [36]
o cmake: add libpsl support [3]
o cmake: do not add libcurl.rc to the static libcurl library [53]
o cmake: enable curl.rc for all Windows targets [55]
o cmake: fix detecting libidn2 [56]
o cmake: support adding a suffix to the OS value [54]
o configure: skip libidn2 detection when winidn is used [89]
o configure: use the SED value to invoke sed [28]
o configure: warn about rustls being experimental [103]
o cookie: address secure domain overlay [7]
o copyright.pl: parse and use .reuse/dep5 for skips [105]
o copyright: make repository REUSE compliant [119]
o curl.1: add a few see also --tls-max [52]
o curl.1: mention exit code zero too [44]
o curl: re-enable --no-remote-name [31]
o curl_easy_pause.3: remove explanation of progress function [97]
o curl_getdate.3: document that some illegal dates pass through [34]
o Curl_parsenetrc: don't access local pwbuf outside of scope [27]
o curl_url_set.3: clarify by default using known schemes only [120]
o CURLOPT_FILETIME.3: fix the protocols this works with
o CURLOPT_HTTPHEADER.3: improve comment in example [66]
o CURLOPT_NETRC.3: document the .netrc file format
o CURLOPT_PORT.3: We discourage using this option [92]
o CURLOPT_RANGE.3: remove ranged upload advice [99]
o digest: added detection of more syntax error in server headers [81]
o digest: tolerate missing "realm" [80]
o digest: unquote realm and nonce before processing [82]
o DISABLED: disable 1021 for hyper again
o docs/cmdline-opts: add copyright and license identifier to each file [112]
o docs/CONTRIBUTE.md: document the 'needs-votes' concept [79]
o docs: clarify data replacement policy for MIME API [16]
o doh: remove UNITTEST macro definition [67]
o examples/crawler.c: use the curl license [73]
o examples: remove fopen.c and rtsp.c [76]
o FAQ: Clarify Windows double quote usage [42]
o ftp: when failing to do a secure GSSAPI login, fail hard [62]
o GHA/hyper: enable debug in the build
o gssapi: improve handling of errors from gss_display_status [45]
o gssapi: initialize gss_buffer_desc strings
o headers api: remove EXPERIMENTAL tag [35]
o http2: always debug print stream id in decimal with %u [46]
o http2: reject overly many push-promise headers [63]
o http: restore header folding behavior [64]
o hyper: use 'alt-used' [71]
o lib: make more protocol specific struct fields #ifdefed [84]
o libcurl-security.3: add "Secrets in memory" [30]
o libcurl-security.3: document CRLF header injection [98]
o libssh: skip the fake-close when libssh does the right thing [102]
o links: update dead links to the curl-wiki [21]
o log2changes: do not indent empty lines [ci skip] [37]
o macos9: remove partial support [22]
o Makefile.am: fix portability issues [1]
o Makefile.m32: delete obsolete options, improve -On [ci skip] [65]
o Makefile.m32: delete two obsolete OpenSSL options [ci skip] [39]
o max-time.d: clarify max-time sets max transfer time [70]
o mprintf: ignore clang non-literal format string [19]
o netrc: check %USERPROFILE% as well on Windows [77]
o netrc: support quoted strings [33]
o ngtcp2: allow curl to send larger UDP datagrams [29]
o ngtcp2: correct use of ngtcp2 and nghttp3 signed integer types [25]
o ngtcp2: enable Linux GSO [91]
o ngtcp2: extend QUIC transport parameters buffer [4]
o ngtcp2: fix alert_read_func return value [26]
o ngtcp2: fix typo in preprocessor condition [121]
o ngtcp2: handle error from ngtcp2_conn_submit_crypto_data [5]
o ngtcp2: send appropriate connection close error code [6]
o ngtcp2: support boringssl crypto backend [17]
o ngtcp2: use helper funcs to simplify TLS handshake integration [68]
o ntlm: provide a fixed fake host name [32]
o quic: add Curl_quic_idle [18]
o quiche: support ca-fallback [49]
o remote-name.d: mention --output-dir [88]
o runtests.pl: add the --repeat parameter to the --help output [43]
o runtests: fix skipping tests not done event-based [95]
o runtests: skip starting the ssh server if user name is lacking [104]
o scripts/copyright.pl: fix the exclusion to not ignore man pages [75]
o sectransp: check for a function defined when __BLOCKS__ is undefined [20]
o select: return error from "lethal" poll/select errors [93]
o server/sws: support spaces in the HTTP request path
o speed-limit/time.d: mention these affect transfers in either direction [74]
o strcase: some optimisations [8]
o test 2081: add a valid reply for the second request [60]
o test 675: add missing CR so the test passes when run through Privoxy [61]
o test414: add the '--resolve' keyword [23]
o test681: verify --no-remote-name [90]
o tests 266, 116 and 1540: add a small write delay
o tests/data/test1501: kill ftp server after slow LIST response [59]
o tests/getpart: fix getpartattr to work with "data" and "data2"
o tests/server/sws.c: change the HTTP writedelay unit to milliseconds [47]
o test{440,441,493,977}: add "HTTP proxy" keywords [40]
o tool_getparam: fix --parallel-max maximum value constraint [51]
o tool_operate: make sure --fail-with-body works with --retry [24]
o transfer: fix potential NULL pointer dereference [15]
o transfer: maintain --path-as-is after redirects [96]
o url: free old conn better on reuse [41]
o url: remove redundant #ifdefs in allocate_conn()
o url: URL encode the path when extracted, if spaces were set
o urlapi: support CURLU_URLENCODE for curl_url_get()
o urldata: reduce size of a few struct fields [86]
o urldata: remove three unused booleans from struct UserDefined [87]
o urldata: store tcp_keepidle and tcp_keepintvl as ints [85]
o version: allow stricmp() for sorting the feature list [57]
o vtls: make curl_global_sslset thread-safe [94]
o wolfssh.h: removed [10]
o wolfssl: correct the failf() message when a handle can't be made [38]
o wolfSSL: explicitly use compatibility layer [11]
o x509asn1: mark msnprintf return as unchecked [50]
This release includes the following known bugs:
o see docs/KNOWN_BUGS (https://curl.se/docs/knownbugs.html)
This release would not have looked like this without help, code, reports and
advice from friends like these:
Andrea Pappacoda, Balakrishnan Balasubramanian, Boris Verkhovskiy,
Carlo Alberto, Christian Weisgerber via curl-library, Dan Fandrich,
Daniel Gustafsson, Daniel Stenberg, Egor Pugin, Emil Engler, Evgeny Grin,
Fabian Keil, Frank Gevaerts, Frazer Smith, Gisle Vanem, Gregor Jasny,
Harry Sintonen, Illarion Taev, ImpatientHippo on GitHub, Jakub Bochenski,
Kamil Dudka, Karlson2k on github, KotlinIsland on github, Ladar Levison,
Marcel Raad, Marc Hörsken, Marcus T, Max Mehl, michael musset, Nick Zitzmann,
Nuru on github, Patrick Monnerat, Petr Pisar, Ray Satiro, Ricardo M. Correia,
Simon Berger, Tatsuhiro Tsujikawa, Thomas Guillem, Viktor Szakats,
Vincent Torri, vvb2060 on github, Wolf Vollprecht, Elms
(43 contributors)
References to bug reports and discussions on issues:
[1] = https://curl.se/mail/lib-2022-05/0024.html
[2] = https://curl.se/bug/?i=8668
[3] = https://curl.se/bug/?i=8865
[4] = https://curl.se/bug/?i=8872
[5] = https://curl.se/bug/?i=8871
[6] = https://curl.se/bug/?i=8870
[7] = https://hackerone.com/reports/1560324
[8] = https://curl.se/bug/?i=8875
[9] = https://curl.se/bug/?i=8888
[10] = https://curl.se/bug/?i=8863
[11] = https://curl.se/bug/?i=8864
[12] = https://curl.se/bug/?i=8670
[13] = https://curl.se/bug/?i=8670
[14] = https://curl.se/bug/?i=8862
[15] = https://curl.se/bug/?i=8857
[16] = https://curl.se/bug/?i=8860
[17] = https://curl.se/bug/?i=8789
[18] = https://curl.se/bug/?i=8698
[19] = https://curl.se/bug/?i=8740
[20] = https://curl.se/bug/?i=8846
[21] = https://curl.se/bug/?i=8897
[22] = https://curl.se/bug/?i=8836
[23] = https://curl.se/bug/?i=8959
[24] = https://curl.se/bug/?i=8845
[25] = https://curl.se/bug/?i=8851
[26] = https://curl.se/bug/?i=8852
[27] = https://curl.se/bug/?i=8850
[28] = https://curl.se/bug/?i=8891
[29] = https://curl.se/bug/?i=8883
[30] = https://curl.se/bug/?i=8881
[31] = https://curl.se/bug/?i=8931
[32] = https://curl.se/bug/?i=8859
[33] = https://curl.se/bug/?i=8908
[34] = https://curl.se/bug/?i=8938
[35] = https://curl.se/bug/?i=8900
[36] = https://curl.se/bug/?i=8843
[37] = https://curl.se/bug/?i=8887
[38] = https://curl.se/bug/?i=8885
[39] = https://curl.se/bug/?i=8884
[40] = https://curl.se/bug/?i=8959
[41] = https://curl.se/bug/?i=8841
[42] = https://curl.se/bug/?i=8823
[43] = https://curl.se/bug/?i=8959
[44] = https://curl.se/bug/?i=8833
[45] = https://curl.se/bug/?i=8832
[46] = https://curl.se/bug/?i=8808
[47] = https://curl.se/bug/?i=8827
[48] = https://curl.se/bug/?i=8814
[49] = https://curl.se/bug/?i=8696
[50] = https://curl.se/bug/?i=8831
[51] = https://curl.se/bug/?i=8930
[52] = https://curl.se/bug/?i=8929
[53] = https://curl.se/bug/?i=8918
[54] = https://curl.se/bug/?i=8919
[55] = https://curl.se/bug/?i=8918
[56] = https://curl.se/bug/?i=8917
[57] = https://curl.se/bug/?i=8916
[58] = https://curl.se/bug/?i=8894
[59] = https://curl.se/bug/?i=8907
[60] = https://curl.se/bug/?i=8959
[61] = https://curl.se/bug/?i=8959
[62] = https://hackerone.com/reports/1590102
[63] = https://hackerone.com/reports/1589847
[64] = https://curl.se/bug/?i=8844
[65] = https://curl.se/bug/?i=8904
[66] = https://curl.se/bug/?i=9025
[67] = https://curl.se/bug/?i=8902
[68] = https://curl.se/bug/?i=8968
[69] = https://curl.se/bug/?i=8671
[70] = https://curl.se/bug/?i=8877
[71] = https://curl.se/bug/?i=8898
[73] = https://curl.se/bug/?i=8950
[74] = https://curl.se/bug/?i=8948
[75] = https://curl.se/bug/?i=8952
[76] = https://curl.se/bug/?i=8949
[77] = https://curl.se/bug/?i=8855
[78] = https://curl.se/bug/?i=7959
[79] = https://curl.se/bug/?i=8910
[80] = https://curl.se/bug/?i=8912
[81] = https://curl.se/bug/?i=8912
[82] = https://curl.se/bug/?i=8912
[84] = https://curl.se/bug/?i=8944
[85] = https://curl.se/bug/?i=8940
[86] = https://curl.se/bug/?i=8940
[87] = https://curl.se/bug/?i=8940
[88] = https://curl.se/bug/?i=8945
[89] = https://curl.se/bug/?i=8934
[90] = https://curl.se/bug/?i=8942
[91] = https://curl.se/bug/?i=8909
[92] = https://curl.se/bug/?i=8941
[93] = https://curl.se/bug/?i=8921
[94] = https://curl.se/bug/?i=9016
[95] = https://curl.se/bug/?i=8977
[96] = https://curl.se/bug/?i=8974
[97] = https://curl.se/bug/?i=9015
[98] = https://curl.se/bug/?i=8964
[99] = https://curl.se/bug/?i=8969
[100] = https://curl.se/bug/?i=8680
[101] = https://curl.se/bug/?i=8680
[102] = https://curl.se/bug/?i=9021
[103] = https://curl.se/bug/?i=9019
[104] = https://curl.se/bug/?i=9013
[105] = https://curl.se/bug/?i=9006
[112] = https://curl.se/bug/?i=9002
[119] = https://curl.se/bug/?i=8869
[120] = https://curl.se/bug/?i=8994
[121] = https://curl.se/bug/?i=8981
|
