366 lines
17 KiB
Plaintext
366 lines
17 KiB
Plaintext
curl and libcurl 8.6.0
|
|
|
|
Public curl releases: 254
|
|
Command line options: 258
|
|
curl_easy_setopt() options: 304
|
|
Public functions in libcurl: 93
|
|
Contributors: 3078
|
|
|
|
This release includes the following changes:
|
|
|
|
o add CURLE_TOO_LARGE [48]
|
|
o add CURLINFO_QUEUE_TIME_T [76]
|
|
o add CURLOPT_SERVER_RESPONSE_TIMEOUT_MS: add [39]
|
|
o asyn-thread: use GetAddrInfoExW on >= Windows 8 [55]
|
|
o configure: make libpsl detection failure cause error [109]
|
|
o docs/cmdline: change to .md for cmdline docs [77]
|
|
o docs: introduce "curldown" for libcurl man page format [102]
|
|
o runtests: support -gl. Like -g but for lldb. [47]
|
|
|
|
This release includes the following bugfixes:
|
|
|
|
o altsvc: free 'as' when returning error [23]
|
|
o appveyor: replace PowerShell with bash + parallel autotools [54]
|
|
o appveyor: switch to out-of-tree builds [29]
|
|
o asyn-ares: with modern c-ares, use its default timeout [127]
|
|
o build: delete unused `HAVE_{GSSHEIMDAL,GSSMIT,HEIMDAL}` [4]
|
|
o build: delete/replace clang warning pragmas [111]
|
|
o build: enable missing OpenSSF-recommended warnings, with fixes [11]
|
|
o build: fix `-Wconversion`/`-Wsign-conversion` warnings [26]
|
|
o build: fix Windows ADDRESS_FAMILY detection [35]
|
|
o build: more `-Wformat` fixes [40]
|
|
o build: remove redundant `CURL_PULL_*` settings [8]
|
|
o cf-h1-proxy: no CURLOPT_USERAGENT in CONNECT with hyper [133]
|
|
o cf-socket: show errno in tcpkeepalive error messages [120]
|
|
o CI/distcheck: run full tests [31]
|
|
o cmake: add option to disable building docs
|
|
o cmake: fix generation for system name iOS [53]
|
|
o cmake: fix typo [5]
|
|
o cmake: freshen up docs/INSTALL.cmake [101]
|
|
o cmake: prefill/cache `HAVE_STRUCT_SOCKADDR_STORAGE` [45]
|
|
o cmake: rework options to enable curl and libcurl docs [161]
|
|
o cmake: when USE_MANUAL=YES, build the curl.1 man page [113]
|
|
o cmdline-opts/write-out.d: remove spurious double quotes
|
|
o cmdline-opts: update availability for the *-ca-native options [66]
|
|
o cmdline/gen: fix the sorting of the man page options [33]
|
|
o configure: add libngtcp2_crypto_boringssl detection [155]
|
|
o configure: fix no default int compile error in ipv6 detection [69]
|
|
o configure: when enabling QUIC, check that TLS supports QUIC [87]
|
|
o connect: remove margin from eyeballer alloc [79]
|
|
o content_encoding: change return code to typedef'ed enum [94]
|
|
o cookie.d: document use of empty string to enable cookie engine [106]
|
|
o cookie: avoid fopen with empty file name [24]
|
|
o curl.h: CURLOPT_DNS_SERVERS is only available with c-ares [131]
|
|
o curl: show ipfs and ipns as supported "protocols" [15]
|
|
o curl_easy_getinfo.3: remove the wrong time value count [116]
|
|
o curl_multi_fdset.3: remove mention of null pointer support [134]
|
|
o CURLINFO_REFERER.3: clarify that it is the *request* header [70]
|
|
o CURLOPT_AUTOREFERER.3: mention CURLINFO_REFERER
|
|
o CURLOPT_POSTFIELDS.3: fix incorrect C string escape in example [27]
|
|
o CURLOPT_SSH_*_KEYFILE: clarify [57]
|
|
o dist: add tests/errorcodes.pl to the tarball [6]
|
|
o docs: clean up Protocols: for cmdline options [32]
|
|
o docs: describe and highlight super cookies [80]
|
|
o docs: do not start lines/sentences with So, But nor And [140]
|
|
o docs: install curl.1 with cmake [166]
|
|
o docs: mention env vars not used by schannel [124]
|
|
o doh: remove unused local variable [34]
|
|
o examples: add four new examples [99]
|
|
o file+ftp: use stack buffers instead of data->state.buffer [138]
|
|
o ftp: handle the PORT parsing without allocation [44]
|
|
o ftp: use dynbuf to store entrypath [83]
|
|
o ftp: use memdup0 to store the OS from a SYST 215 response [82]
|
|
o ftpserver.pl: send 213 SIZE response without spurious newline
|
|
o gen.pl: support ## for doing .IP in table-like lists [105]
|
|
o gen: do italics/bold for a range of letters, not just single word [78]
|
|
o GHA: add a job scanning for "bad words" in markdown [164]
|
|
o GHA: bump ngtcp2, gnutls, mod_h2, quiche [158]
|
|
o gnutls: fix build with --disable-verbose [3]
|
|
o haproxy-clientip.d: document the arg [68]
|
|
o headers: make sure the trailing newline is not stored [97]
|
|
o headers: remove assert from Curl_headers_push [115]
|
|
o hostip: return error immediately when Curl_ip2addr() fails [19]
|
|
o hsts: remove assert for zero length domain [96]
|
|
o http2: improved on_stream_close/data_done handling [49]
|
|
o http3/quiche: fix result code on a stream reset [91]
|
|
o http3: initial support for OpenSSL 3.2 QUIC stack [110]
|
|
o http: adjust_pollset fix [85]
|
|
o http: check for "Host:" case insensitively [154]
|
|
o http: fix off-by-one error in request method length check [14]
|
|
o http: only act on 101 responses when they are HTTP/1.1 [98]
|
|
o http: remove comment reference to a removed solution [156]
|
|
o http: use stack scratch buffer [150]
|
|
o http_proxy: a blank CURLOPT_USERAGENT should not be used in CONNECT [90]
|
|
o krb5: add prototype to silence clang warnings on mvsnprintf() [119]
|
|
o lib: add debug log outputs for CURLE_BAD_FUNCTION_ARGUMENT [62]
|
|
o lib: error out on multissl + http3 [13]
|
|
o lib: fix variable undeclared error caused by `infof` changes [2]
|
|
o lib: reduce use of strncpy [30]
|
|
o lib: rename Curl_strndup to Curl_memdup0 to avoid misunderstanding [36]
|
|
o lib: replace readwrite with write_resp [137]
|
|
o lib: strndup/memdup instead of malloc, memcpy and null-terminate [42]
|
|
o libssh2: use `libssh2_session_callback_set2()` with v1.11.1 [103]
|
|
o libssh: improve the deprecation warning dismissal [20]
|
|
o libssh: supress warnings without version check [18]
|
|
o Makefile.am: fix the MSVC project generation [22]
|
|
o Makefile.mk: drop Windows support [12]
|
|
o mbedtls: fix `-Wnull-dereference` and `-Wredundant-decls` [117]
|
|
o mbedtls: free the entropy when threaded [46]
|
|
o mime: use memdup0 instead of malloc + memcpy [63]
|
|
o mksymbolsmanpage.pl: provide references to where the symbol is used
|
|
o mprintf: overhaul and bugfixes [52]
|
|
o mqtt: use stack scratch buffer for recv+publish [148]
|
|
o multi: remove total timer reset in file_do() while fetching file:// [89]
|
|
o ngtcp2: put h3 at the front of alpn [58]
|
|
o ntlm_wb: do not use data->state.buffer any longer [151]
|
|
o openldap: fix an LDAP crash [75]
|
|
o openldap: fix STARTTLS [67]
|
|
o openssl: re-match LibreSSL deinit with init [17]
|
|
o openssl: when verifystatus fails, remove session id from cache [100]
|
|
o OS400: sync ILE/RPG binding [114]
|
|
o pingpong: stop using the download buffer [159]
|
|
o pop3: replace calloc + memcpy with memdup0 [60]
|
|
o pytest: scorecard tracking CPU and RSS [157]
|
|
o quiche: return CURLE_HTTP3 on send to invalid stream [65]
|
|
o readwrite_data: loop less [21]
|
|
o Revert "urldata: move async resolver state from easy handle to connectdata" [16]
|
|
o rtsp: deal with borked server responses [129]
|
|
o runtests: for mode="text" on <stdout>, fix newlines on both parts [64]
|
|
o sasl: make login option string override http auth [142]
|
|
o schannel: fix `-Warith-conversion` gcc 13 warning [28]
|
|
o sectransp: do verify_cert without memdup for blobs [93]
|
|
o sectransp_ make TLSCipherNameForNumber() available in non-verbose config [1]
|
|
o sendf: fix compiler warning with CURL_DISABLE_HEADERS_API [38]
|
|
o setopt: clear mimepost when formp is freed [92]
|
|
o setopt: use memdup0 when cloning COPYPOSTFIELDS [107]
|
|
o socks: fix generic output string to say SOCKS instead of SOCKS4 [144]
|
|
o socks: use own buffer instead of data->state.buffer [143]
|
|
o ssh: fix namespace of two local macros [51]
|
|
o ssh: use stack scratch buffer for seeks [146]
|
|
o strerror: repair get_winsock_error() [56]
|
|
o system.h: sync mingw `CURL_TYPEOF_CURL_SOCKLEN_T` with other compilers [9]
|
|
o system_win32: fix a function pointer assignment warning [71]
|
|
o telnet: use dynbuf instad of malloc for escape buffer [108]
|
|
o telnet: use stack scratch buffer for do [149]
|
|
o tests/server: delete workaround for old-mingw [25]
|
|
o tests: avoid int/size_t conversion size/sign warnings [163]
|
|
o tests: respect $TMPDIR when creating unix domain sockets [50]
|
|
o tool: make parser reject blank arguments if not supported [86]
|
|
o tool: prepend output_dir in header callback [95]
|
|
o tool_getparam: bsearch cmdline options [74]
|
|
o tool_getparam: do not try to expand without an argument [59]
|
|
o tool_getparam: stop supporting `@filename` style for --cookie [121]
|
|
o tool_listhelp: regenerate after recent .d updates [61]
|
|
o tool_operate: make --remove-on-error only remove "real" files [125]
|
|
o tool_operate: stop setting the file comment on Amiga [128]
|
|
o transfer: adjust_pollset improvements [81]
|
|
o transfer: fix upload rate limiting, add test cases [37]
|
|
o transfer: make the select_bits_paused condition check both directions [104]
|
|
o transfer: remove warning: Value stored to 'blen' is never read [136]
|
|
o url: don't set default CA paths for Secure Transport backend [126]
|
|
o url: for disabled protocols, mention if found in redirect [7]
|
|
o urlapi: remove assert [162]
|
|
o verify-examples.pl: fail verification on unescaped backslash [72]
|
|
o version: show only the libpsl version, not its dependencies [130]
|
|
o vquic: extract TLS setup into own source [88]
|
|
o vtls: fix missing multissl version info [73]
|
|
o vtls: receive max buffer [139]
|
|
o vtls: remove the Curl_cft_ssl_proxy object if CURL_DISABLE_PROXY [41]
|
|
o websockets: check for negative payload lengths [123]
|
|
o websockets: refactor decode chain [122]
|
|
o windows: delete redundant headers [43]
|
|
o windows: simplify detecting and using system headers [10]
|
|
o wolfssl: load certificate *chain* for PEM client certs [84]
|
|
o x509asn1: remove code for WANT_VERIFYHOST [132]
|
|
o x509asn1: switch from malloc to dynbuf [112]
|
|
|
|
This release includes the following known bugs:
|
|
|
|
o see docs/KNOWN_BUGS (https://curl.se/docs/knownbugs.html)
|
|
|
|
Planned upcoming removals include:
|
|
|
|
o support for space-separated NOPROXY patterns
|
|
|
|
See https://curl.se/dev/deprecate.html for details
|
|
|
|
This release would not have looked like this without help, code, reports and
|
|
advice from friends like these:
|
|
|
|
Andy Alt, annalee, Baruch Siach, Ben, Boris Verkhovskiy, Brad Harder,
|
|
bubbleguuum on github, Cajus Pollmeier, calvin2021y on github, Chara White,
|
|
Chris Sauer, Dan Fandrich, Daniel Gustafsson, Daniel Stenberg,
|
|
dependabot[bot], Dmitry Karpov, Gabe, Geeknik Labs, Gisle Vanem,
|
|
Graham Campbell, Hans-Christian Egtvedt, Harry Sintonen, Haydar Alaidrus,
|
|
hgdagon on github, Hiroki Kurosawa, iAroc on github, ivanfywang,
|
|
janko-js on github, Jay Wu, Jess Lowe, Karthikdasari0423 on github,
|
|
Lealem Amedie, Lin Sun, Marcel Raad, Mark Huang, Mark Sinkovics,
|
|
Mauricio Scheffer, Michał Antoniak, Mike Hommey, Mohammadreza Hendiani,
|
|
Ozan Cansel, Patrick Monnerat, Pavel Pavlov, promptfuzz_ on hackerone,
|
|
Ray Satiro, RevaliQaQ on github, Richard Levitte, Scarlett McAllister,
|
|
Sergey Bronnikov, Sergey Markelov, sfan5 on github, Stefan Eissing,
|
|
Tatsuhiko Miyagawa, Tatsuhiro Tsujikawa, Theo, Thomas Ferguson,
|
|
Viktor Szakats, Xi Ruoyao, Yadhu Krishna M, Yedaya Katsman, Yifei Kong,
|
|
YX Hao, zengwei, zengwei2000, ウさん
|
|
(65 contributors)
|
|
|
|
References to bug reports and discussions on issues:
|
|
|
|
[1] = https://curl.se/bug/?i=12474
|
|
[2] = https://curl.se/bug/?i=12470
|
|
[3] = https://curl.se/bug/?i=12505
|
|
[4] = https://curl.se/bug/?i=12506
|
|
[5] = https://curl.se/bug/?i=12464
|
|
[6] = https://curl.se/bug/?i=12462
|
|
[7] = https://curl.se/bug/?i=12466
|
|
[8] = https://curl.se/bug/?i=12502
|
|
[9] = https://curl.se/bug/?i=12501
|
|
[10] = https://curl.se/bug/?i=12495
|
|
[11] = https://curl.se/bug/?i=12489
|
|
[12] = https://curl.se/bug/?i=12224
|
|
[13] = https://curl.se/bug/?i=12807
|
|
[14] = https://curl.se/bug/?i=12534
|
|
[15] = https://curl.se/mail/archive-2023-12/0026.html
|
|
[16] = https://curl.se/bug/?i=12524
|
|
[17] = https://curl.se/bug/?i=12525
|
|
[18] = https://curl.se/bug/?i=12523
|
|
[19] = https://curl.se/bug/?i=12522
|
|
[20] = https://curl.se/bug/?i=12519
|
|
[21] = https://curl.se/bug/?i=12504
|
|
[22] = https://curl.se/bug/?i=12564
|
|
[23] = https://curl.se/bug/?i=12570
|
|
[24] = https://curl.se/bug/?i=12514
|
|
[25] = https://curl.se/bug/?i=12510
|
|
[26] = https://curl.se/bug/?i=12557
|
|
[27] = https://curl.se/bug/?i=12588
|
|
[28] = https://curl.se/bug/?i=12616
|
|
[29] = https://curl.se/bug/?i=12550
|
|
[30] = https://curl.se/bug/?i=12499
|
|
[31] = https://curl.se/bug/?i=12503
|
|
[32] = https://curl.se/bug/?i=12496
|
|
[33] = https://curl.se/mail/archive-2023-12/0014.html
|
|
[34] = https://curl.se/bug/?i=12491
|
|
[35] = https://curl.se/bug/?i=12441
|
|
[36] = https://curl.se/bug/?i=12490
|
|
[37] = https://curl.se/bug/?i=12559
|
|
[38] = https://curl.se/bug/?i=12485
|
|
[39] = https://curl.se/bug/?i=12369
|
|
[40] = https://curl.se/bug/?i=12540
|
|
[41] = https://curl.se/bug/?i=12459
|
|
[42] = https://curl.se/bug/?i=12453
|
|
[43] = https://curl.se/bug/?i=12539
|
|
[44] = https://curl.se/bug/?i=12456
|
|
[45] = https://curl.se/bug/?i=12537
|
|
[46] = https://curl.se/bug/?i=12584
|
|
[47] = https://curl.se/bug/?i=12547
|
|
[48] = https://curl.se/bug/?i=12269
|
|
[49] = https://curl.se/bug/?i=10936
|
|
[50] = https://curl.se/bug/?i=12545
|
|
[51] = https://curl.se/bug/?i=12544
|
|
[52] = https://curl.se/bug/?i=12561
|
|
[53] = https://curl.se/bug/?i=12515
|
|
[54] = https://curl.se/bug/?i=12560
|
|
[55] = https://curl.se/bug/?i=12481
|
|
[56] = https://curl.se/bug/?i=12578
|
|
[57] = https://curl.se/bug/?i=12554
|
|
[58] = https://curl.se/bug/?i=12576
|
|
[59] = https://curl.se/bug/?i=12565
|
|
[60] = https://curl.se/bug/?i=12650
|
|
[61] = https://curl.se/bug/?i=12612
|
|
[62] = https://curl.se/bug/?i=12658
|
|
[63] = https://curl.se/bug/?i=12649
|
|
[64] = https://curl.se/bug/?i=12612
|
|
[65] = https://curl.se/bug/?i=12590
|
|
[66] = https://curl.se/bug/?i=12613
|
|
[67] = https://curl.se/bug/?i=12610
|
|
[68] = https://curl.se/bug/?i=12611
|
|
[69] = https://curl.se/bug/?i=12607
|
|
[70] = https://curl.se/bug/?i=12605
|
|
[71] = https://curl.se/bug/?i=12581
|
|
[72] = https://curl.se/bug/?i=12589
|
|
[73] = https://curl.se/bug/?i=12599
|
|
[74] = https://curl.se/bug/?i=12631
|
|
[75] = https://curl.se/bug/?i=12593
|
|
[76] = https://curl.se/bug/?i=12368
|
|
[77] = https://curl.se/bug/?i=12751
|
|
[78] = https://curl.se/bug/?i=12689
|
|
[79] = https://curl.se/bug/?i=12647
|
|
[80] = https://curl.se/bug/?i=12687
|
|
[81] = https://curl.se/bug/?i=12640
|
|
[82] = https://curl.se/bug/?i=12639
|
|
[83] = https://curl.se/bug/?i=12638
|
|
[84] = https://curl.se/bug/?i=12634
|
|
[85] = https://curl.se/bug/?i=12632
|
|
[86] = https://curl.se/bug/?i=12620
|
|
[87] = https://curl.se/bug/?i=12683
|
|
[88] = https://curl.se/bug/?i=12678
|
|
[89] = https://curl.se/bug/?i=12682
|
|
[90] = https://curl.se/bug/?i=12680
|
|
[91] = https://curl.se/bug/?i=12629
|
|
[92] = https://curl.se/bug/?i=12608
|
|
[93] = https://curl.se/bug/?i=12679
|
|
[94] = https://curl.se/bug/?i=12618
|
|
[95] = https://curl.se/bug/?i=12614
|
|
[96] = https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65661
|
|
[97] = https://curl.se/mail/lib-2024-01/0019.html
|
|
[98] = https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66184
|
|
[99] = https://curl.se/bug/?i=12671
|
|
[100] = https://curl.se/bug/?i=12760
|
|
[101] = https://curl.se/bug/?i=12772
|
|
[102] = https://curl.se/bug/?i=12730
|
|
[103] = https://curl.se/bug/?i=12754
|
|
[104] = https://curl.se/mail/lib-2024-01/0049.html
|
|
[105] = https://curl.se/bug/?i=12667
|
|
[106] = https://curl.se/bug/?i=12643
|
|
[107] = https://curl.se/bug/?i=12651
|
|
[108] = https://curl.se/bug/?i=12652
|
|
[109] = https://curl.se/bug/?i=12661
|
|
[110] = https://curl.se/bug/?i=12734
|
|
[111] = https://curl.se/bug/?i=12812
|
|
[112] = https://curl.se/bug/?i=12808
|
|
[113] = https://curl.se/bug/?i=12742
|
|
[114] = https://curl.se/bug/?i=12815
|
|
[115] = https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65839
|
|
[116] = https://curl.se/bug/?i=12727
|
|
[117] = https://curl.se/bug/?i=12720
|
|
[119] = https://curl.se/bug/?i=12803
|
|
[120] = https://curl.se/bug/?i=12726
|
|
[121] = https://curl.se/bug/?i=12645
|
|
[122] = https://curl.se/bug/?i=12713
|
|
[123] = https://curl.se/bug/?i=12707
|
|
[124] = https://curl.se/bug/?i=12711
|
|
[125] = https://curl.se/bug/?i=12710
|
|
[126] = https://curl.se/bug/?i=12704
|
|
[127] = https://curl.se/bug/?i=12703
|
|
[128] = https://curl.se/bug/?i=12709
|
|
[129] = https://curl.se/bug/?i=12701
|
|
[130] = https://curl.se/bug/?i=12700
|
|
[131] = https://curl.se/bug/?i=12695
|
|
[132] = https://curl.se/bug/?i=12804
|
|
[133] = https://curl.se/bug/?i=12697
|
|
[134] = https://curl.se/bug/?i=12691
|
|
[136] = https://curl.se/bug/?i=12693
|
|
[137] = https://curl.se/bug/?i=12480
|
|
[138] = https://curl.se/bug/?i=12789
|
|
[139] = https://curl.se/bug/?i=12801
|
|
[140] = https://curl.se/bug/?i=12802
|
|
[142] = https://curl.se/bug/?i=10259
|
|
[143] = https://curl.se/bug/?i=12788
|
|
[144] = https://curl.se/bug/?i=12797
|
|
[146] = https://curl.se/bug/?i=12794
|
|
[148] = https://curl.se/bug/?i=12792
|
|
[149] = https://curl.se/bug/?i=12793
|
|
[150] = https://curl.se/bug/?i=12791
|
|
[151] = https://curl.se/bug/?i=12787
|
|
[154] = https://curl.se/bug/?i=12784
|
|
[155] = https://curl.se/bug/?i=12724
|
|
[156] = https://curl.se/bug/?i=12785
|
|
[157] = https://curl.se/bug/?i=12765
|
|
[158] = https://curl.se/bug/?i=12778
|
|
[159] = https://curl.se/bug/?i=12757
|
|
[161] = https://curl.se/bug/?i=12773
|
|
[162] = https://curl.se/bug/?i=12775
|
|
[163] = https://curl.se/bug/?i=12768
|
|
[164] = https://curl.se/bug/?i=12764
|
|
[166] = https://curl.se/bug/?i=12759
|