Changes in 8.3.0 - September 13 2023

Changes:

• curl: make %output{} in -w specify a file to write to
• gskit: remove
• lib: --disable-bindlocal builds curl without local binding support
• nss: remove support for this TLS library
• tool: add "variable" support
• trace: make tracing available in non-debug builds
• url: change default value for CURLOPT_MAXREDIRS to 30
• urlapi: CURLU_PUNY2IDN - convert from punycode to IDN name
• wolfssl: support loading system CA certificates

Bugfixes:

• altsvc: accept and parse IPv6 addresses in response headers
• asyn-ares: reduce timeout to 2000ms
• aws-sigv4: canonicalize the query
• aws-sigv4: fix having date header twice in some cases
• aws-sigv4: handle no-value user header entries
• bearssl: don't load CA certs when peer verification is disabled
• bearssl: handshake fix, provide proper get_select_socks() implementation
• build: fix portability of mancheck and checksrc targets
• build: streamline non-UWP wincrypt detections
• c-hyper: adjust the hyper to curlcode conversion
• c-hyper: fix memory leaks in `Curl_http`
• cf-haproxy: make CURLOPT_HAPROXY_CLIENT_IP set the *source* IP
• cf-socket: log successful interface bind
• CI/cirrus: disable python install on FreeBSD
• CI: add a 32-bit i686 Linux build
• CI: add caching to many jobs
• CI: move on to ngtcp2 v0.19.1
• CI: move the Alpine build from Cirrus to GHA
• CI: ngtcp2-linux: use separate caches for tls libraries
• CI: remove Windows builds from Cirrus, without replacement
• CI: switch macOS ARM build from Cirrus to Circle CI
• CI: use master again for wolfssl
• cirrus: install everthing with pkg, avoid pip
• cmake: add GnuTLS option
• cmake: add support for `CURL_DEFAULT_SSL_BACKEND`
• cmake: add support for single libcurl compilation pass
• cmake: allow `SHARE_LIB_OBJECT=ON` on all platforms
• cmake: assume `wldap32` availability on Windows
• cmake: cache more config and delete unused ones
• cmake: detect `SSL_set0_wbio` in OpenSSL
• cmake: drop `HAVE_LIBWINMM` and `HAVE_LIBWS2_32` feature checks
• cmake: fix to use variable for the curl namespace
• cmake: fixup H2 duplicate symbols for unity builds
• cmake: set SIZEOF_LONG_LONG in curl_config.h
• cmake: support building static and shared libcurl in one go
• cmdline-docs: make sure to phrase it as "added in ...."
• cmdline-docs: use present tense, not future
• cmdline-opts/docs: mention the negative option part
• cmdline-opts/page-header: clarify stronger that !opt == URL
• cmdline-opts/page-header: reorder, clean up
• configure, cmake, lib: more form api deprecation
• configure: fix `HAVE_TIME_T_UNSIGNED` check
• configure: trust pkg-config when it's used for zlib
• configure: use the pkg-config --libs-only-l flag for libssh2
• connect: stop halving the remaining timeout when less than 600 ms left
• cookie-jar.d: emphasize that this option is ONLY writing cookies
• crypto: ensure crypto initialization works
• curl_url_get/set.3: add missing semicolon in SYNOPSIS
• CURLINFO_CERTINFO.3: better explain curl_certinfo struct
• CURLINFO_TLS_SSL_PTR.3: clarify a recommendation
• CURLOPT_*TIMEOUT*: extend and clarify
• CURLOPT_SSL_VERIFYPEER.3: mention it does not load CA certs when disabled
• CURLOPT_URL.3: add two URL API calls in the see-also section
• CURLOPT_URL.3: explain curl_url_set() uses the same parser
• digest: Use hostname to generate spn instead of realm
• disable.d: explain --disable not implemented prior to 7.50.0
• docs/cmdline-opts/gen.pl: hide "added in" before 7.50.0
• docs/cmdline-opts: match the current output
• docs/cmdline-opts: spellfixes, typos and polish
• docs/cmdline: add small "warning" to verbose options
• docs/cmdline: remove repeated working for negotiate + ntlm
• docs/HYPER.md: document a workaround for a link error
• docs: add curl_global_trace to some SEE ALSO sections
• docs: link to the website versions instead of markdowns
• docs: mark --ssl-revoke-best-effort as Schannel specific
• docs: mention critical files in same directories as curl saves
• docs: removing "pausing transfers" from HYPER.md.
• docs: rewrite to present tense
• easy: remove #ifdefs to make code easier on the eye
• egd: delete feature detection and related source code
• ftp: fix temp write of ipv6 address
• gen.pl: escape all dashes (ascii minus) to avoid unicode hyphens
• gen.pl: replace all single quotes with aq
• GHA: adding quiche workflow
• headers: accept leading whitespaces on first response header
• http2: avoid too early connection re-use/multiplexing
• http2: cleanup trace messages
• http2: disable asssertion blocking OSSFuzz testing
• http2: fix in h2 proxy tunnel: progress in ingress on sending
• http2: polish things around POST
• http2: upgrade tests and add fix for non-existing stream
• http3/ngtcp2: shorten handshake, trace cleanup
• http3: quiche, handshake optimization, trace cleanup
• http: close the connection after a late 417 is received
• http: do not require a username when using CURLAUTH_NEGOTIATE
• http: fix sending of large requests
• http: remove the p_pragma struct field
• http: return error when receiving too large header set
• hyper: fix a progress upload counter bug
• hyper: fix ownership problems
• hyper: remove `hyptransfer->endtask`
• imap: add a check for failing strdup()
• imap: remove the only sscanf() call in the IMAP code
• include.d: explain headers not printed with --fail before 7.75.0
• include/curl/mprintf.h: add __attribute__ for the prototypes
• krb5: fix "implicit conversion loses integer precision" warnings
• lib: add ability to disable auths individually
• lib: build fixups when built with most things disabled
• lib: fix a few *printf() flag mistakes
• lib: fix null ptr derefs and uninitialized vars (h2/h3)
• lib: move mimepost data from ->req.p.http to ->state
• libtest: use curl_free() to free libcurl allocated data
• list-only.d: mention SFTP as supported protocol
• macOS: fix target detection more
• misc: fix various typos
• multi.h: the 'revents' field of curl_waitfd is supported
• multi: more efficient pollfd count for poll
• multi: remove 'processing: <url>' debug message
• ngtcp2: fix handling of large requests
• openssl: auto-detect `SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED`
• openssl: clear error queue after SSL_shutdown
• openssl: make aws-lc version support OCSP
• openssl: Support async cert verify callback
• openssl: switch to modern init for LibreSSL 2.7.0+
• openssl: use `SSL_CTX_set_ciphersuites` with LibreSSL 3.4.1
• openssl: use `SSL_CTX_set_keylog_callback` with LibreSSL 3.5.0
• openssl: when CURLOPT_SSL_CTX_FUNCTION is registered, init x509 store before
• os400: build test servers
• os400: do not check translatable options at build time
• os400: implement CLI tool
• page-footer: QLOGDIR works with ngtcp2 and quiche
• page-header: move up a URL paragraph from GLOBBING to URL
• pytest: fix check for slow_network skips to only apply when intended
• quic: don't set SNI if hostname is an IP address
• quiche: adjust quiche `QUIC_IDLE_TIMEOUT` to 60s
• quiche: enable quiche to handle timeout events
• resolve: use PF_INET6 family lookups when CURL_IPRESOLVE_V6 is set
• revert "schannel: reverse the order of certinfo insertions"
• schannel: fix ordering of cert chain info
• schannel: fix user-set legacy algorithms in Windows 10 & 11
• schannel: verify hostname independent of verify cert
• sectransp: fix compiler warnings
• sectransp: prevent CFRelease() of NULL
• secureserver.pl: fix stunnel path quoting
• secureserver.pl: fix stunnel version parsing
• SECURITY-PROCESS.md: not a sec issue: Tricking user to run a cmdline
• system.h: add CURL_OFF_T definitions on HP-UX with HP aCC
• test1304: build and skip without netrc support
• test1554: check translatable string options in OS400 wrapper
• test1608: make it build and get skipped without shuffle DNS support
• test687/688: two more basic --xattr tests
• tests/tftpd+mqttd: make variables static to silence picky warnings
• tests: add 'large-time' as a testable feature
• tests: add support for nested %if conditions
• tests: don't call HTTP errors OK in test cases
• tests: ensure `libcurl.def` contains all exports
• tests: fix h3 server check and parallel instances
• tests: TLS session sharing test
• tests: update cookie expiry dates to far in the future
• time-cond.d: mention what happens on a missing file
• tool: avoid including leading spaces in the Location hyperlink
• tool: change some fopen failures from warnings to errors
• tool: make the length argument an int for printf()-.* flags
• tool_cb_wrt: fix invalid unicode for windows console
• tool_filetime: make -z work with file dates before 1970
• tool_operate: allow both SSL_CERT_FILE and SSL_CERT_DIR
• tool_operate: make aws-sigv4 not require TLS to be used
• tool_paramhlp: improve str2num(): avoid unnecessary call to strlen()
• tool_urlglob: use the correct format specifier for curl_off_t in msnprintf
• transfer: also stop the sending on closed connection
• transfer: don't set TIMER_STARTTRANSFER on first send
• unit2600: fix build warning if built without verbose messages
• url: remove infof() output for "still name resolving"
• urlapi: fix heap buffer overflow
• urlapi: make sure zoneid is also duplicated in curl_url_dup
• urlapi: return CURLUE_BAD_HOSTNAME if puny2idn encoding fails
• urlapi: setting a blank URL ("") is not an ok URL
• vquic: show stringified messages for errno
• vtls: clarify "ALPN: offers" message
• winbuild: improve check for static zlib
• wolfSSL: avoid the OpenSSL compat API when not needed
• workflows/macos.yml: disable zstd and alt-svc in the http-only build
• write-out.d: clarify %{time_starttransfer}
• ws: fix spelling mistakes in examples and tests

Further