| curl and libcurl 8.4.0 |
| |
| Public curl releases: 252 |
| Command line options: 258 |
| curl_easy_setopt() options: 303 |
| Public functions in libcurl: 93 |
| Contributors: 2995 |
| |
| This release includes the following changes: |
| |
| o curl: add support for the IPFS protocols via HTTP gateway [46] |
| o curl_multi_get_handles: get easy handles from a multi handle [20] |
| o mingw: delete support for legacy mingw.org toolchain [45] |
| |
| This release includes the following bugfixes: |
| |
| o acinclude.m4: Document proper system truststore on FreeBSD [83] |
| o appveyor: fix yamlint issues, indent [67] |
| o appveyor: rewrite batch in PowerShell + CI improvements [109] |
| o autotools: adjust `CURL_CA_PATH` value to CMake [53] |
| o autotools: restore `HAVE_IOCTL_*` detections [111] |
| o base64: also build for curl [78] |
| o bufq: remove Curl_bufq_skip_and_shift (unused) [47] |
| o build: delete checks for C89 standard headers [65] |
| o build: do not publish `HAVE_BORINGSSL`, `HAVE_AWSLC` macros [114] |
| o cf-socket: simulate slow/blocked receives in debug [120] |
| o cmake, configure: also link with CoreServices [32] |
| o cmake: add check for suseconds_t [91] |
| o cmake: add feature checks for `memrchr` and `getifaddrs` [57] |
| o cmake: add missing checks [86] |
| o cmake: delete old `HAVE_LDAP_URL_PARSE` logic [105] |
| o cmake: detect `HAVE_CLOCK_GETTIME_MONOTONIC_RAW` [75] |
| o cmake: detect `HAVE_GETADDRINFO_THREADSAFE` [76] |
| o cmake: detect `sys/wait.h` and `netinet/udp.h` [61] |
| o cmake: detect TLS-SRP in OpenSSL/wolfSSL/GnuTLS [93] |
| o cmake: disable unity mode with Windows Unicode + TrackMemory [108] |
| o cmake: fix `HAVE_LDAP_SSL`, `HAVE_LDAP_URL_PARSE` on non-Windows [110] |
| o cmake: fix `HAVE_WRITABLE_ARGV` detection [77] |
| o cmake: fix duplicate symbols when linking tests [73] |
| o cmake: fix missing `zlib.h` when compiling `libcurltool` [72] |
| o cmake: fix stderr initialization in unity builds [71] |
| o cmake: fix the help text to the static build option in CMakeLists.txt [10] |
| o cmake: fix unity builds for more build combinations [96] |
| o cmake: fix unity symbol collisions in h2 builds [48] |
| o cmake: fix unity with Windows Unicode + TrackMemory [107] |
| o cmake: improve OpenLDAP builds [92] |
| o cmake: lib `CURL_STATICLIB` fixes (Windows) [74] |
| o cmake: move global headers to specific checks [58] |
| o cmake: pre-cache `HAVE_BASENAME` for mingw-w64 and MSVC [85] |
| o cmake: pre-cache `HAVE_POLL_FINE` on Windows [36] |
| o cmake: tidy-up `NOT_NEED_LBER_H` detection |
| o cmake: validate `CURL_DEFAULT_SSL_BACKEND` config value [50] |
| o configure: check for the capath by default [63] |
| o configure: remove unused checks [87] |
| o configure: replace adhoc domain with `localhost` in tests [79] |
| o configure: sort AC_CHECK_FUNCS |
| o connect: expire the timeout when trying next [54] |
| o connect: only start the happy eyeballs timer when needed [95] |
| o cookie: do not store the expire or max-age strings [16] |
| o cookie: remove unnecessary struct fields [17] |
| o cookie: set ->running in cookie_init even if data is NULL [5] |
| o create-dirs.d: clarify it also uses --output-dirs [66] |
| o curl.h: mark CURLSSLBACKEND_NSS as deprecated since 8.3.0 [18] |
| o curl_easy_pause.3: mention h2/h3 buffering [113] |
| o curl_easy_pause.3: mention it works within callbacks [112] |
| o curl_easy_pause: set "in callback" true on exit if true [100] |
| o CURLOPT_DEBUGFUNCTION.3: warn about internal handles [122] |
| o docs/libcurl/opts/Makefile.inc: add missing manpage files |
| o docs: adapt SEE ALSO sections to new requirements [52] |
| o docs: explain how PINNEDPUBLICKEY is independent of VERIFYPEER [68] |
| o docs: replace made up domains with example.com [82] |
| o docs: update curl man page references [89] |
| o docs: use CURLSSLBACKEND_NONE [19] |
| o doh: inherit DEBUGFUNCTION/DATA [12] |
| o escape: replace Curl_isunreserved with ISUNRESERVED [2] |
| o FAQ: How do I upgrade curl.exe in Windows? [84] |
| o GHA/linux: run singleuse to detect single-use global functions [35] |
| o GHA: add workflow to compare configure vs cmake outputs [102] |
| o h2-proxy: remove left-over mistake in drain_tunnel() [7] |
| o h2: testcase and fix for pausing h2 streams [49] |
| o h3: add support for ngtcp2 with AWS-LC builds [103] |
| o http2: refused stream handling for retry [121] |
| o http: fix CURL_DISABLE_BEARER_AUTH breakage [28] |
| o http: h1/h2 proxy unification [21] |
| o http: remove wrong comment for http_should_fail [55] |
| o http: use per-request counter to check too large headers [6] |
| o http_aws_sigv4: fix sorting with empty parts [13] |
| o idn: fix WinIDN null ptr deref on bad host [90] |
| o idn: if idn2_check_version returns NULL, return error [27] |
| o inet_ntop: add typecast to silence Coverity [51] |
| o lib: disambiguate Curl_client_write flag semantics [24] |
| o lib: enable hmac for digest as well [26] |
| o lib: failf/infof compiler warnings [8] |
| o lib: let the max filesize option stop too big transfers too [44] |
| o lib: move handling of `data->req.writer_stack` into Curl_client_write() [97] |
| o lib: provide and use Curl_hexencode [62] |
| o lib: remove TIME_WITH_SYS_TIME [88] |
| o lib: use wrapper for curl_mime_data fseek callback [30] |
| o libssh2: fix error message on failed pubkey-from-file [22] |
| o libssh: cap SFTP packet size sent [14] |
| o Makefile.mk: always set `CURL_STATICLIB` for lib (Windows) [42] |
| o MANUAL.md: change domain to example.com [11] |
| o misc: better random strings [15] |
| o MQTT: improve receive of ACKs [125] |
| o multi: do CURLM_CALL_MULTI_PERFORM at two more places [99] |
| o multi: fix small timeouts [70] |
| o multi: remove Curl_multi_dump [37] |
| o multi: round the timeout up to prevent early wakeups [98] |
| o multi: set CURLM_CALL_MULTI_PERFORM after switch to DOING_MORE [115] |
| o openssl: improve ssl shutdown handling [69] |
| o openssl: use X509_ALGOR_get0 instead of reaching into X509_ALGOR [104] |
| o pytest: exclude test_03_goaway in CI runs due to timing dependency [23] |
| o quic: set ciphers/curves the same way regular TLS does [43] |
| o quiche: fix build error with --with-ca-fallback [1] |
| o RELEASE-PROCEDURE.md: updated coming release dates |
| o runtests: display the test status if tests appear hung [81] |
| o runtests: eliminate a warning on old perl versions |
| o socks: return error if hostname too long for remote resolve [118] |
| o src/mkhelp: make generated code pass `checksrc` [59] |
| o test1056: disable on Windows |
| o test1474: disable test on NetBSD, OpenBSD and Solaris 10 [31] |
| o test1592: greatly increase the maximum test timeout |
| o test1903: actually verify the cookies after the test [116] |
| o test1906: set a lower timeout since it's hit on Windows [117] |
| o test2600: remove special case handling for USE_ALARM_TIMEOUT [3] |
| o test650: fix an end tag typo |
| o test661: return from test early in case of curl error |
| o test: add missing <feature>s |
| o tests: close the shell used to start sshd [41] |
| o tests: fix a race condition in ftp server disconnect [101] |
| o tests: fix compiler warnings [38] |
| o tests: Fix zombie processes left behind by FTP tests. [80] |
| o tests: improve SLOWDOWN test reliability by reducing sent data |
| o tests: increase lib571 timeout from 3s to 30s [106] |
| o tests: log the test result code after each libtest |
| o tests: propagate errors in libtests |
| o tests: set --expect100-timeout to improve test reliability |
| o tests: show which curl tool `runtests.pl` is using [60] |
| o tests: stop overriding the lock timeout |
| o tftpd: always use curl's own tftp.h [25] |
| o tool: use our own stderr variable [94] |
| o tool_cb_wrt: fix debug assertion [4] |
| o tool_getparam: accept variable expansion on file names too [123] |
| o tool_setopt: remove unused function tool_setopt_flags [56] |
| o upload-file.d: describe the file name slash/backslash handling [9] |
| o url: fall back to http/https proxy env-variable if ws/wss not set [119] |
| o url: fix netrc info message [39] |
| o warnless: remove unused functions [33] |
| o wolfssh: do cleanup in Curl_ssh_cleanup [40] |
| o wolfssl: allow capath with CURLOPT_CAINFO_BLOB [29] |
| o wolfssl: if CURLOPT_CAINFO_BLOB is set, ignore the CA files [34] |
| o wolfssl: ignore errors in CA path [64] |
| |
| This release includes the following known bugs: |
| |
| o see docs/KNOWN_BUGS (https://curl.se/docs/knownbugs.html) |
| |
| Planned upcoming removals include: |
| |
| o support for space-separated NOPROXY patterns |
| |
| See https://curl.se/dev/deprecate.html for details |
| |
| This release would not have looked like this without help, code, reports and |
| advice from friends like these: |
| |
| Aleksander Mazur, black-desk on github, calvin2021y on github, |
| Christian Schmitz, Christian Weisgerber, claudiusaiz on github, |
| consulion on github, Craig Andrews, Dan Fandrich, Daniel Stenberg, |
| David Benjamin, Douglas R. Reno, Eduard Strehlau, Elliot Killick, |
| Gisle Vanem, Hakan Sunay Halil, Harry Sintonen, Jakub Jelen, John Haugabook, |
| Joshix-1 on github, Juliusz Sosinowicz, Junho Choi, |
| Karthikdasari0423 on github, Lars Francke, Loïc Yhuel, Marc Hörsken, |
| Mark Gaiser, Mathias Fuchs, Maxim Dzhura, Michael Osipov, Natanael Copa, |
| Patrick Monnerat, PBudmark on github, Peter Wang, Philip Heiduck, Ray Satiro, |
| Robert Simpson, Ryan Schmidt, s0urc3_ on hackerone, Samuel Henrique, |
| Stefan Eissing, Ted Lyngmo, Viktor Szakats, vvb2060, w0x42 on hackerone, |
| 南宫雪珊 |
| (46 contributors) |
| |
| References to bug reports and discussions on issues: |
| |
| [1] = https://curl.se/bug/?i=11850 |
| [2] = https://curl.se/bug/?i=11846 |
| [3] = https://curl.se/bug/?i=11767 |
| [4] = https://github.com/curl/curl/commit/af3f4e41#r127212213 |
| [5] = https://curl.se/bug/?i=11875 |
| [6] = https://curl.se/bug/?i=11871 |
| [7] = https://curl.se/bug/?i=11877 |
| [8] = https://curl.se/bug/?i=11874 |
| [9] = https://curl.se/bug/?i=11911 |
| [10] = https://curl.se/bug/?i=11843 |
| [11] = https://curl.se/bug/?i=11866 |
| [12] = https://curl.se/bug/?i=11864 |
| [13] = https://curl.se/bug/?i=11855 |
| [14] = https://curl.se/bug/?i=11804 |
| [15] = https://curl.se/bug/?i=11838 |
| [16] = https://curl.se/bug/?i=11862 |
| [17] = https://curl.se/bug/?i=11862 |
| [18] = https://curl.se/bug/?i=11905 |
| [19] = https://curl.se/bug/?i=11909 |
| [20] = https://curl.se/bug/?i=11750 |
| [21] = https://curl.se/bug/?i=11808 |
| [22] = https://curl.se/bug/?i=11837 |
| [23] = https://curl.se/bug/?i=11860 |
| [24] = https://curl.se/bug/?i=11885 |
| [25] = https://curl.se/bug/?i=11897 |
| [26] = https://curl.se/bug/?i=11890 |
| [27] = https://curl.se/bug/?i=11898 |
| [28] = https://curl.se/bug/?i=11892 |
| [29] = https://curl.se/bug/?i=11886 |
| [30] = https://curl.se/bug/?i=11882 |
| [31] = https://curl.se/bug/?i=11888 |
| [32] = https://curl.se/bug/?i=11893 |
| [33] = https://curl.se/bug/?i=11932 |
| [34] = https://curl.se/bug/?i=11884 |
| [35] = https://curl.se/bug/?i=11932 |
| [36] = https://curl.se/bug/?i=12003 |
| [37] = https://curl.se/bug/?i=11931 |
| [38] = https://curl.se/bug/?i=11925 |
| [39] = https://curl.se/bug/?i=11904 |
| [40] = https://curl.se/bug/?i=11921 |
| [41] = https://curl.se/bug/?i=12032 |
| [42] = https://curl.se/bug/?i=11924 |
| [43] = https://curl.se/bug/?i=11796 |
| [44] = https://curl.se/bug/?i=11810 |
| [45] = https://curl.se/bug/?i=11625 |
| [46] = https://curl.se/bug/?i=8805 |
| [47] = https://curl.se/bug/?i=11915 |
| [48] = https://curl.se/bug/?i=11912 |
| [49] = https://curl.se/bug/?i=11982 |
| [50] = https://curl.se/bug/?i=11998 |
| [51] = https://curl.se/bug/?i=11960 |
| [52] = https://curl.se/bug/?i=11957 |
| [53] = https://curl.se/bug/?i=11997 |
| [54] = https://curl.se/bug/?i=11920 |
| [55] = https://curl.se/bug/?i=11941 |
| [56] = https://curl.se/bug/?i=11943 |
| [57] = https://curl.se/bug/?i=11954 |
| [58] = https://curl.se/bug/?i=11951 |
| [59] = https://curl.se/bug/?i=11955 |
| [60] = https://curl.se/bug/?i=11953 |
| [61] = https://curl.se/bug/?i=11996 |
| [62] = https://curl.se/bug/?i=11990 |
| [63] = https://curl.se/bug/?i=11987 |
| [64] = https://curl.se/bug/?i=11987 |
| [65] = https://curl.se/bug/?i=11940 |
| [66] = https://curl.se/bug/?i=11991 |
| [67] = https://curl.se/bug/?i=11994 |
| [68] = https://curl.se/bug/?i=2935 |
| [69] = https://curl.se/bug/?i=11858 |
| [70] = https://curl.se/bug/?i=11937 |
| [71] = https://curl.se/bug/?i=11929 |
| [72] = https://curl.se/bug/?i=11927 |
| [73] = https://curl.se/bug/?i=11926 |
| [74] = https://curl.se/bug/?i=11914 |
| [75] = https://curl.se/bug/?i=11981 |
| [76] = https://curl.se/bug/?i=11979 |
| [77] = https://curl.se/bug/?i=11978 |
| [78] = https://curl.se/bug/?i=12010 |
| [79] = https://curl.se/bug/?i=11988 |
| [80] = https://curl.se/bug/?i=12018 |
| [81] = https://curl.se/bug/?i=11980 |
| [82] = https://curl.se/bug/?i=11986 |
| [83] = https://curl.se/bug/?i=11985 |
| [84] = https://curl.se/bug/?i=11984 |
| [85] = https://curl.se/bug/?i=11974 |
| [86] = https://curl.se/bug/?i=11973 |
| [87] = https://curl.se/bug/?i=11973 |
| [88] = https://curl.se/bug/?i=11975 |
| [89] = https://curl.se/bug/?i=11963 |
| [90] = https://curl.se/bug/?i=11983 |
| [91] = https://curl.se/bug/?i=11977 |
| [92] = https://curl.se/bug/?i=12024 |
| [93] = https://curl.se/bug/?i=11967 |
| [94] = https://curl.se/bug/?i=11958 |
| [95] = https://curl.se/bug/?i=11939 |
| [96] = https://curl.se/bug/?i=12027 |
| [97] = https://curl.se/bug/?i=11908 |
| [98] = https://curl.se/bug/?i=11938 |
| [99] = https://curl.se/bug/?i=12033 |
| [100] = https://curl.se/bug/?i=12059 |
| [101] = https://curl.se/bug/?i=12002 |
| [102] = https://curl.se/bug/?i=11964 |
| [103] = https://curl.se/bug/?i=12066 |
| [104] = https://curl.se/bug/?i=12038 |
| [105] = https://curl.se/bug/?i=12015 |
| [106] = https://curl.se/bug/?i=12013 |
| [107] = https://curl.se/bug/?i=11928 |
| [108] = https://curl.se/bug/?i=12005 |
| [109] = https://curl.se/bug/?i=11999 |
| [110] = https://curl.se/bug/?i=12006 |
| [111] = https://curl.se/bug/?i=12008 |
| [112] = https://curl.se/mail/lib-2023-10/0010.html |
| [113] = https://curl.se/bug/?i=12045 |
| [114] = https://curl.se/bug/?i=12065 |
| [115] = https://curl.se/bug/?i=12042 |
| [116] = https://curl.se/bug/?i=12041 |
| [117] = https://curl.se/bug/?i=12036 |
| [118] = https://curl.se/docs/CVE-2023-38545.html |
| [119] = https://curl.se/bug/?i=12031 |
| [120] = https://curl.se/bug/?i=12035 |
| [121] = https://curl.se/bug/?i=12054 |
| [122] = https://curl.se/bug/?i=12034 |
| [123] = https://curl.se/bug/?i=12048 |
| [125] = https://curl.se/bug/?i=12071 |