🠰 8.9.1 all changes pending release
Changes in 8.10.0 - September 11 2024
Changes:
- autotools: add `--enable-windows-unicode` option
- curl: --help [option] displays documentation for given cmdline option
- curl: add --skip-existing
- curl: for -O, use "default" as filename when the URL has none
- curl: make --rate accept "number of units"
- curl: make --show-headers the same as --include
- curl: support --dump-header % to direct to stderr
- curl: support embedding a CA bundle and --dump-ca-embed
- curl: support repeated use of the verbose option; -vv etc
- curl: use libuv for parallel transfers with --test-event
- getinfo: add CURLINFO_POSTTRANSFER_TIME_T
- mbedtls: add CURLOPT_TLS13_CIPHERS support
- rustls: add support for setting TLS version and ciphers
- vtls: stop offering alpn http/1.1 for http2-prior-knowledge
- wolfssl: add CURLOPT_TLS13_CIPHERS support
- wolfssl: add support for ssl cert blob / ssl key blob options
Bugfixes:
- asyn-thread: stop using GetAddrInfoExW on Windows
- autotools: fix MS-DOS builds
- autotools: fix typo in tests/data target
- aws_sigv4: fix canon order for headers with same prefix
- bearssl: fix setting tls version
- bearssl: improve shutdown handling
- BINDINGS: add zig binding
- build: add `iphlpapi` lib for libssh on Windows
- build: add `poll()` detection for cross-builds
- build: add options to disable SHA-512/256 hash algo
- build: check OS-native IDN first, then libidn2
- build: delete unused `REQUIRE_LIB_DEPS`
- build: drop unused `NROFF` reference
- build: drop unused feature-detection code for Apple `poll()`
- build: generate `buildinfo.txt` for test logs
- build: improve compiler version detection portability
- build: make `CURL_FORMAT_CURL_OFF_T[U]` work with mingw-w64 <=7.0.0
- build: silence C4232 MSVC warnings in vcpkg ngtcp2 builds
- build: use -Wno-format-overflow
- buildconf.bat: fix tool_hugehelp.c generation
- cf-socket: fix pollset for listening
- cf-socket: prevent KEEPALIVE_FACTOR being set to 1000 for Windows
- cfilters: send flush
- CHANGES: rename to CHANGES.md, no longer generated
- CI: enable parallel testing in CI builds
- ci: Update actions/upload-artifact digest to 89ef406
- cmake: `Libs.private` improvements
- cmake: add `CURL_USE_PKGCONFIG` option
- cmake: add Linux CI job, fix pytest with cmake
- cmake: add math library when using wolfssl and ngtcp2
- cmake: add missing `pkg-config` hints to Find modules
- cmake: add missing version detection to Find modules
- cmake: add rustls
- cmake: add support for versioned symbols option
- cmake: add wolfSSH support
- cmake: allow `pkg-config` in more envs
- cmake: cleanup header paths
- cmake: default `CURL_DISABLE_LDAPS` to the value of `CURL_DISABLE_LDAP`
- cmake: delete MSVC warning suppression for tests/server
- cmake: detect `nghttp2` via `pkg-config`, enable by default
- cmake: detect and show VCPKG in platform flags
- cmake: distcheck for files in CMake subdir
- cmake: drop custom `CMakeOutput.log`/`CMakeError.log` logs
- cmake: drop libssh CONFIG-style detection
- cmake: drop no-op `tests/data/CMakeLists.txt`
- cmake: drop reference to undefined variable
- cmake: drop unused `HAVE_IDNA_STRERROR`
- cmake: drop unused internal variable
- cmake: exclude tests/http/clients builds by default
- cmake: fix `GSS_VERSION` for Heimdal found via pkg-config
- cmake: fix `pkg-config`-based detection in `FindGSS.cmake`
- cmake: fix and tidy up c-ares builds, enable in more CI jobs
- cmake: fix find rustls
- cmake: fixup linking libgsasl when detected via CMake-native
- cmake: honor custom `CMAKE_UNITY_BUILD_BATCH_SIZE`
- cmake: limit `pkg-config` to UNIX and MSVC+vcpkg by default
- cmake: limit libidn2 `pkg-config` detection to `UNIX`
- cmake: migrate dependency detections to Find modules
- cmake: more small tidy-ups and fixes
- cmake: rename wolfSSL and zstd config variables to uppercase
- cmake: respect cflags/libdirs of native pkg-config detections
- cmake: show CMake platform/compiler flags
- cmake: show warning if libpsl is not found
- cmake: sync code between test/example targets
- cmake: sync up formatting in Find modules
- cmake: TLS 1.3 warning only for bearssl and sectranp
- cmake: update `curl-config.cmake.in` template var list
- cmake: update list of "advanced" variables
- cmake: use numeric comparison for `HAVE_WIN32_WINNT`
- cmdline-opts: language fix for expect100-timeout.md and max-time.md
- configure: delete unused `CURL_DEFINE_UNQUOTED` function
- configure: delete unused `HAVE_OPENSSL3` macro
- configure: delete unused `m4/xc-translit.m4`
- configure: detect AppleIDN
- configure: fail if PSL is not disabled but not found
- configure: fix WinIDN builds targeting old Windows
- configure: remove USE_EXPLICIT_LIB_DEPS
- configure: replace nonportable grep -o with awk
- connect: always prefer ipv6 in IP eyeballing
- connect: limit update IP info
- cookie.md: try to articulate the two different uses this option has
- curl: allow 500MB data URL encode strings
- curl: find curlrc in XDG_CONFIG_HOME without leading dot
- curl: fix --proxy-pinnedpubkey
- curl: fix the -w urle.* variables
- curl: make the progress bar detect terminal width changes
- curl: warn on unsupported SSL options
- Curl_rand_bytes to control env override
- curl_sha512_256: fix symbol collisions with nettle library
- CURLMOPT_SOCKETFUNCTION.md: expand on the easy argument
- CURLOPT_XFERINFOFUNCTION: clarify the callback return codes
- dist: add missing `docs/examples/CMakeLists.txt`
- dist: add missing `FindNettle.cmake`
- dist: add missing `lib/optiontable.pl`
- dist: add missing `test_*.py` scripts
- dist: drop buildconf
- dist: fix reproducible build from release tarball
- dmaketgz: only run 'make distclean' if Makefile exists
- docs/SSLCERTS: rewrite
- docs: add description of effect of --location-trusted on cookie
- docs: document the (weak) random value situation in rustls builds
- docs: fix some examples in man pages
- docs: improve cipher options documentation
- docs: mention "@-" in more places
- docs: remove ALTSVC.md, HSTS.md, HTTP2.md and PARALLEL-TRANSFERS.md
- docs: update CIPHERS.md
- doh-url.md: point out DOH server IP pinning
- doh: remove redundant checks
- easy: fix curl_easy_upkeep for shared connection caches
- escape: allow curl_easy_escape to generate 3*input length output
- FEATURES.md: fix typo
- ftp: always offer line end conversions
- ftp: flush pingpong before response
- getinfo: return zero for unsupported options (when disabled)
- GHA/windows: enable MulitSSL in an MSVC job
- GHA: scan git repository and detect unvetted binary files
- gnutls/wolfssl: improve error message when certificate fails
- gnutls: send all data
- gtls: fix OCSP stapling management
- haproxy: send though next filter
- hash: provide asserts to verify API use
- http/2: simplify eos/blocked handling
- http2+h3 filters: fix ctx init
- http2: fix GOAWAY message sent to server
- http2: improve rate limiting of downloads
- http2: improved upload eos handling
- http3.md: mention how the fallback can be h1 or h2
- hyper: call Curl_req_set_upload_done()
- idn: more strictly check AppleIDN errors
- idn: support non-UTF-8 input under AppleIDN
- INSTALL.md: MultiSSL and QUIC are mutually exclusive
- KNOWN_BUGS: "special characers" in URL works with aws-sigv4
- krb5: add Linux/macOS CI tests, fix cmake GSS detection
- krb5: fix `-Wcast-align`
- lib: add eos flag to send methods
- lib: avoid macro collisions between wolfSSL and GnuTLS headers
- lib: convert some debugf()s into traces
- lib: delete stray undefs for `vsnprintf`, `vsprintf`
- lib: fix AIX build issues
- lib: fix building with wolfSSL without DES support
- lib: make SSPI global symbols use Curl_ prefix
- lib: prefer `CURL_SHA256_DIGEST_LENGTH` over the unprefixed name
- lib: remove the final strncpy() calls
- lib: remove use of RANDOM_FILE
- libcurl.def: move from / into lib
- libcurl.pc: add `Cflags.private`
- libcurl.pc: add reference to `libgsasl`
- libcurl/docs: expand on redirect following and secrets to other hosts
- llist: remove direct struct accesses, use only functions
- Makefile.dist: fix `ca-firefox` target
- Makefile.mk: fixup enabling libidn2
- Makefile: remove 'scripts' duplicate from DIST_SUBDIRS
- maketgz: accept option to include latest commit hash
- maketgz: fix RELEASE-TOOLS.md for daily tarballs
- maketgz: move from / into scripts
- managen: fix superfluous leading blank line in quoted sections
- managen: in man output, remove the leading space from examples
- managen: wordwrap long example lines in ASCII output
- manpage: ensure a maximum width for the text version
- max-filesize.md: mention zero disables the limit
- mbedtls: add more informative logging
- mbedtls: fix setting tls version
- mbedtls: no longer use MBEDTLS_SSL_VERIFY_OPTIONAL
- mime: avoid inifite loop in client reader
- mk-ca-bundle.pl: include a link to the caextract webpage
- multi: make the "general" list of easy handles a Curl_llist
- multi: on socket callback error, remove socket hash entry nonetheless
- ngtcp2/osslq: remove NULL pointer dereferences
- ngtcp2: use NGHTTP3 prefix instead of NGTCP2 for errors in h3 callbacks
- openssl quic: fix memory leak
- openssl: certinfo errors now fail correctly
- openssl: fix the data race when sharing an SSL session between threads
- openssl: improve shutdown handling
- pingpong: drain the input buffer when reading responses
- POP3: fix multi-line responses
- pop3: use the protocol handler ->write_resp
- printf: fix mingw-w64 format checks
- progress: ratelimit/progress tweaks
- pytests: add tests for HEAD requests in all HTTP versions
- rand: only provide weak random when needed
- runtests: if DISABLED cannot be read, error out
- runtests: log ignored but passed tests
- runtests: remove "has_textaware"
- rustls: fix setting tls version
- rustls: make all tests pass
- schannel: avoid malloc for CAinfo_blob_digest
- scorecard: tweak request measurements
- sectransp: fix setting tls version
- SECURITY: mention OpenSSF best practices gold badge
- setopt: allow CURLOPT_INTERFACE to be set to NULL
- setopt: let CURLOPT_ECH set to NULL reset to default
- setopt: make CURLOPT_TFTP_BLKSIZE accept bad values
- sha256: fix symbol collision between nettle (GnuTLS) and OpenSSL
- share: don't reinitialize conncache
- sigpipe: init the struct so that first apply ignores
- smb: convert superflous assign into assert
- smtp: add tracing feature
- splay: use access functions, add asserts, use Curl_timediff
- spnego_gssapi: implement TLS channel bindings for openssl
- src: delete `curlx_m*printf()` aliases
- src: fix potential macro confusion in cmake unity builds
- src: namespace symbols clashing with lib
- src: replace copy of printf mappings with an include
- ssh: deduplicate SSH backend includes (and fix libssh cmake unity build)
- system_win32: fix typo
- test httpd: tweak cipher list
- test1521: verify setting options to NULL better
- test1707: output diff more for debugging differences in CI outputs
- test556: improve robustness
- test579: improve robustness
- test587: improve robustness
- test649: improve robustness
- test677: improve robustness
- tests/runner: only allow [!A-Za-z0-9_-] in %if feature names
- tests: constrain http pytest to tests/http directory
- tests: don't mangle output if hostname or type unknown
- tests: ignore QUIT from FTP protocol comparisons
- tests: provide docs as curldown, not nroff
- tidy-up: misc build, tests, `lib/macos.c`
- tidy-up: OS names
- tool_operhlp: fix "potentially uninitialized local variable 'pc' used"
- tool_paramhlp: bump maximum post data size in memory to 16GB
- transfer: Curl_sendrecv() and event related improvements
- transfer: remove comments, add asserts
- transfer: skip EOS read when download done
- url: dns_entry related improvements
- url: fix connection reuse for HTTP/2 upgrades
- urlapi: verify URL *decoded* hostname when set
- urldata: introduce `data->mid`, a unique identifier inside a multi
- urldata: remove 'scratch' from the UrlState struct
- urldata: remove crlf_conversions counter
- urldata: remove proxy_connect_closed bit
- verify-release: shell script that verifies a release tarball
- version: fix shadowing a `libssh.h` symbol
- vtls: add SSLSUPP_CIPHER_LIST
- vtls: fix MSVC 'cast truncates constant value' warning
- vtls: fix static function name collisions between TLS backends
- vtls: init ssl peer only once
- websocket: introduce blocking sends
- wolfssl: avoid taking cached x509 store ref if sslctx already using it
- wolfssl: fix CURLOPT_SSLVERSION
- wolfssl: fix setting tls version
- wolfssl: improve shutdown handling
- ws: flags to opcodes should ignore CURLWS_CONT flag
- x509asn1: raise size limit for x509 certification information