Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
[RELEASE] curl 7.85.0
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Daniel Stenberg via curl-users <curl-users_at_lists.haxx.se>
Date: Wed, 31 Aug 2022 08:29:36 +0200 (CEST)
Hello friends.
I'm proud to announce another curl release. This time in assocation with a CVE
that will be published following this announcement.
Download curl or read all about it as always on https://curl.se
(At 08:00 UTC today (10:00 CEST) I will do a live-streamed release
presentation on twitch: https://www.twitch.tv/curlhacker)
curl and libcurl 7.85.0
Public curl releases: 210
Command line options: 248
curl_easy_setopt() options: 299
Public functions in libcurl: 88
Contributors: 2690
This release includes the following changes:
o quic: add support via wolfSSL [142]
o schannel: Add TLS 1.3 support [96]
o setopt: add CURLOPT_PROTOCOLS_STR and CURLOPT_REDIR_PROTOCOLS_STR [30]
This release includes the following bugfixes:
o amigaos: fix threaded resolver on AmigaOS 4.x [133]
o amissl: allow AmiSSL to be used with AmigaOS 4.x builds [115]
o amissl: make AmiSSL v5 a minimum requirement [117]
o asyn-ares: make a single alloc out of hostname + async data [123]
o asyn-thread: fix socket leak on OOM [128]
o asyn-thread: make getaddrinfo_complete return CURLcode [53]
o base64: base64url encoding has no padding [41]
o BUGS.md: improve language [62]
o build: improve OS string in CMake and `config-win32.h` [15]
o cert.d: clarify that escape character works for file paths [161]
o cirrus.yml: replace py38-pip with py39-pip [63]
o cirrus/freebsd-ci: bootstrap the pip installer [104]
o cmake: add detection of threadsafe feature [163]
o cmake: do not force Windows target versions [28]
o cmake: fix build for mingw cross compile [33]
o cmake: link curl to its dependencies with PRIVATE [57]
o cmake: remove APPEND in export(TARGETS) [58]
o cmake: set feature PSL if present [168]
o cmake: support ngtcp2 boringssl backend [18]
o cmdline-opts/gen.pl: improve performance [97]
o config: remove the check for and use of SIZEOF_SHORT [129]
o configure: -pthread not available on AmigaOS 4.x [118]
o configure: check for the stdatomic.h header in configure [7]
o configure: fix --disable-headers-api [55]
o configure: fix broken m4 syntax in TLS options [145]
o configure: fixup bsdsocket detection code for AmigaOS 4.x [110]
o configure: if asked to use TLS, fail if no TLS lib was detected [156]
o configure: introduce CURL_SIZEOF [130]
o connect: add quic connection information [100]
o connect: close the happy eyeballs loser connection when using QUIC [109]
o connect: revert the use of IP*_RECVERR [102]
o connect: set socktype/protocol correctly [114]
o cookie: reject cookies with "control bytes" [152]
o cookie: treat a blank domain in Set-Cookie: as non-existing [40]
o cookie: use %zu to infof() for size_t values [26]
o curl-compilers.m4: make icc use -diag* options and disable two warnings [84]
o curl-config: quote directories with potential space [132]
o curl-confopts: remove leftover AC_REQUIREs [91]
o curl-functions.m4: check whether atomics can link [86]
o curl-wolfssl.m4: add options header when building test code [87]
o curl.h: CURLE_CONV_FAILED is obsoleted [4]
o curl.h: include <sys/select.h> on SunOS [151]
o curl: output warning when a cookie is dropped due to size [5]
o curl: writeout: fix repeated header outputs [47]
o Curl_close: call Curl_resolver_cancel to avoid memory-leak [124]
o curl_easy_header: Add CURLH_PSEUDO to sanity check [94]
o curl_mime_data.3: polish the wording [6]
o curl_multi_timeout.3: clarify usage [48]
o CURLINFO_SPEED_UPLOAD/DOWNLOAD.3: fix examples [121]
o CURLOPT_BUFFERSIZE.3: add upload buffersize to see also [159]
o CURLOPT_CONNECT_ONLY.3: clarify multi API use [64]
o CURLOPT_SERVER_RESPONSE_TIMEOUT: the new name [16]
o digest: fix memory leak, fix not quoted 'opaque' [66]
o digest: fix missing increment of 'nc' value for auth-int [39]
o digest: pass over leading spaces in qop values [119]
o digest: reject broken header with session protocol but without qop [120]
o docs/cmdline-opts/gen.pl: encode leading single and double quotes [138]
o docs/cmdline-opts: fix example and categories for --form-escape [125]
o docs/cmdline: mark fail and fail-with-body as mutually exclusive [98]
o docs: add dns category to --resolve [95]
o docs: explain curl_easy_escape/unescape curl handle is ignored [23]
o docs: remove him/her/he/she from documentation [103]
o doh: move doh related struct definitions to doh.h [45]
o doh: use https protocol by default [51]
o easy_lock.h: include sched.h if available to fix build [13]
o easy_lock.h: use __asm__ instead of asm to fix build [11]
o easy_lock: fix build for mingw [34]
o easy_lock: fix build with icc [54]
o easy_lock: fix the #ifdef conditional for ia32_pause [8]
o easy_lock: switch to using atomic_int instead of bool [9]
o easyoptions: fix icc warning [42]
o escape: remove outdated comment [25]
o examples/curlx.c: remove [150]
o file: add handling of native AmigaOS paths [108]
o file: fix icc enumerated type mixed with another type warning [92]
o ftp: use a correct expire ID for timer expiry [88]
o getinfo: return better error on NULL as first argument [21]
o GHA: add two Intel compiler CI jobs [85]
o GHA: move libressl CI from zuul to GitHub [144]
o gha: move over ngtcp2-gnutls CI job from zuul [162]
o GHA: mv CI torture test from Zuul [135]
o h2h3: fix overriding the 'TE: Trailers' header [43]
o hostip: resolve *.localhost to 127.0.0.1/::1 [127]
o HTTP3.md: update to msh3 v0.4.0 [126]
o http: typecast the httpreq assignment to avoid icc compiler warning [76]
o http_aws_sigv4.c: remove two unusued includes [36]
o http_chunks: remove an assign + typecast [82]
o hyper: customize test1274 to how hyper unfolds headers [131]
o hyper: enable obs-folded multiline headers [101]
o hyper: use wakers for curl pause/resume [2]
o imap: use ISALNUM() for alphanumeric checks [134]
o ldap: adapt to conn->port now being an 'int' [106]
o lib/curl_path.c: add ISC to license expression [1]
o lib3026: reduce the number of threads to 100 [44]
o libcurl-security.3: fix typo on macro "SH_" [12]
o libssh2: make atime/mtime date overflow return error [148]
o libssh2: provide symlink name in SFTP dir listing [155]
o libssh: ignore deprecation warnings [157]
o libssh: make atime/mtime date overflow return error [149]
o Makefile.m32: add `CURL_RC` and `CURL_STRIP` variables [ci skip] [17]
o Makefile.m32: add `NGTCP2_LIBS` option [ci skip] [38]
o makefile.m32: add support for custom ARCH [ci skip] [27]
o Makefile.m32: allow -nghttp3/-ngtcp2 without -ssl [ci skip] [141]
o Makefile.m32: do not set the libcurl.rc debug flag [ci skip] [3]
o Makefile.m32: stop trying to build libcares.a [ci skip] [46]
o memdebug: add annotation attributes [143]
o mprintf: fix *dyn_vprintf() when out-of-memory [90]
o mprintf: make dprintf_formatf never return negative [49]
o msh3: fix the QUIC disconnect function [107]
o multi: fix the return code from Curl_pgrsDone() [80]
o multi: have curl_multi_remove_handle close CONNECT_ONLY transfer [136]
o multi: use a pipe instead of a socketpair on apple platforms [154]
o multi: use larger dns hash table for multi interface [140]
o multi_wait: fix and improve Curl_poll error handling on Windows [146]
o multi_wait: fix skipping to populate revents for extra_fds [147]
o netrc.d: remove spurious quote [37]
o netrc: Use the password from lines without login [166]
o ngtcp2: Fix build error due to change in nghttp3 prototypes [61]
o ngtcp2: fix incompatible function pointer types [10]
o ngtcp2: Fix missing initialization of nghttp3_nv.flags [31]
o ngtcp2: fix stall or busy loop on STOP_SENDING with upload data [19]
o ngtcp2: implement cb_h3_stop_sending and cb_h3_reset_stream callbacks [59]
o openssl: add `CURL_BORINGSSL_VERSION` to identify BoringSSL [24]
o openssl: add cert path in error message [160]
o openssl: add details to "unable to set client certificate" error [116]
o openssl: fix BoringSSL symbol conflicts with LDAP and Schannel [52]
o quiche: fix build failure [99]
o select: do not return fatal error on EINTR from poll() [32]
o sendf: fix paused header writes since after the header API [89]
o sendf: make Curl_debug a void function [81]
o sendf: skip storing HTTP headers if HTTP disabled [73]
o sendf: store the header type in an usigned char to avoid icc warnings [79]
o splay: avoid using -1 in unsigned variable [78]
o test3026: add support for Windows using native Win32 threads [65]
o test3026: require 'threadsafe' [56]
o test44[2-4]: add '--resolve' to the keywords [122]
o tests/server/sockfilt.c: avoid race condition without a mutex [139]
o tests: fix http2 tests to use CRLF headers [153]
o tests: several enumerated type cleanups [67]
o THANKS: merged two entries for Evgeny Grin
o tidy-up: delete unused build configuration macros [93]
o tool: reintroduce set file comment code for AmigaOS [111]
o tool_cfgable: make 'synthetic_error' a plain bool [70]
o tool_formparse: fix variable may be used before its value is set [72]
o tool_getparam: make --doh-url "" switch it off [60]
o tool_getparam: repair cleanarg [22]
o tool_operate: better cleanup of easy handle in exit path [20]
o tool_paramhlp: fix "enumerated type mixed with another type" [68]
o tool_paramhlp: make check_protocol return ParameterError [71]
o tool_progress: avoid division by zero in parallel progress meter [35]
o tool_writeout: fix enumerated type mixed with another type [69]
o trace: 0x7F character is non-printable [50]
o unit1303: four tests should have TRUE for 'connecting' [158]
o url: enumerated type mixed with another type [74]
o url: really use the user provided in the url when netrc entry exists [165]
o url: reject URLs with hostnames longer than 65535 bytes [137]
o url: treat missing usernames in netrc as empty [167]
o urldata: change second proxytype field to unsigned char to match [75]
o urldata: make 'negnpn' use less storage [112]
o urldata: make state.httpreq an unsigned char [77]
o urldata: make three *_proto struct fields smaller [113]
o urldata: move smaller fields down in connectdata struct [105]
o urldata: reduce size of several struct fields [14]
o vtls: make Curl_ssl_backend() return the enum type curl_sslbackend [83]
o windows: improve random source [29]
This release includes the following known bugs:
o see docs/KNOWN_BUGS (https://curl.se/docs/knownbugs.html)
This release would not have looked like this without help, code, reports and
advice from friends like these:
Adam Sampson, Alessandro Ghedini, Alexandre Bury, Andreas Sommer,
Andrew Lambert, Axel Chong, Brad Forschinger, Brian Carpenter,
Cering on github, Chris Paulson-Ellis, Chris Young, Daniel Katz,
Daniel Stenberg, David Carlier, dEajL3kA on github, Domen Ko¾ar,
Dominik Thalhammer, Don J Olmstead, Dustin Howett, Emanuele Torre,
Emil Engler, Érico Nogueira Rolim, Even Rouault, Evgeny Grin (Karlson2k),
Fabian Fischer, Fabian Keil, Gisle Vanem, Gwen Shapira, Harry Sintonen,
highmtworks on github, Ivan Tsybulin, Jacob Tolar, Jakub Zakrzewski,
Jilayne Lovejoy, Joshua Root, jurisuk on github, jvvprasad78 on github,
Kai Pastor, Litter White, lwthiker on github, Marcel Raad, Marc Hörsken,
Marco Kamner, MasterInQuestion on github, Matthew Thompson, Maxim Ivanov,
Michael Trebilcock, Micha³ Antoniak, Nao Yonashiro, Nick Banks,
Oliver Roberts, opensignature on github, Orgad Shaneh, Patrick Monnerat,
Philip H, privetryan on github, Ray Satiro, rcombs on github, Rosen Penev,
Ryan Schmidt, Ryan Sleevi, rzrymiak on github, Samuel Henrique,
Sean McArthur, Sergey Ogryzkov, Somnath Kundu, Stefan Eissing,
Sukanya Hanumanthu, Tatsuhiro Tsujikawa, Ted Lyngmo, TheKnarf on github,
Thomas Weißschuh, Tobias Nygren, Viktor Szakats, vlubart on github, Wu Zheng,
Wyatt O'Day, Xiaoke Wang, yiyuaner on github
(79 contributors)
References to bug reports and discussions on issues:
[1] = https://curl.se/bug/?i=9073
[2] = https://curl.se/bug/?i=9070
[3] = https://curl.se/bug/?i=9069
[4] = https://curl.se/bug/?i=9067
[5] = https://curl.se/bug/?i=9064
[6] = https://curl.se/bug/?i=9063
[7] = https://curl.se/bug/?i=9059
[8] = https://curl.se/bug/?i=9058
[9] = https://curl.se/bug/?i=9055
[10] = https://curl.se/bug/?i=9056
[11] = https://curl.se/bug/?i=9056
[12] = https://curl.se/bug/?i=9057
[13] = https://curl.se/bug/?i=9054
[14] = https://curl.se/bug/?i=9106
[15] = https://curl.se/bug/?i=9117
[16] = https://curl.se/bug/?i=9104
[17] = https://curl.se/bug/?i=9132
[18] = https://curl.se/bug/?i=9065
[19] = https://curl.se/bug/?i=9122
[20] = https://curl.se/bug/?i=9114
[21] = https://curl.se/bug/?i=9114
[22] = https://curl.se/bug/?i=9128
[23] = https://curl.se/bug/?i=9115
[24] = https://curl.se/bug/?i=9113
[25] = https://curl.se/bug/?i=9115
[26] = https://curl.se/bug/?i=9095
[27] = https://curl.se/bug/?i=9092
[28] = https://curl.se/bug/?i=9046
[29] = https://curl.se/bug/?i=9027
[30] = https://curl.se/bug/?i=8992
[31] = https://curl.se/bug/?i=9118
[32] = https://bugs.archlinux.org/task/75201
[33] = https://curl.se/bug/?i=9084
[34] = https://curl.se/bug/?i=8997
[35] = https://curl.se/bug/?i=9082
[36] = https://curl.se/bug/?i=9080
[37] = https://curl.se/bug/?i=9111
[38] = https://curl.se/bug/?i=9109
[39] = https://curl.se/bug/?i=9090
[40] = https://curl.se/bug/?i=9164
[41] = https://curl.se/bug/?i=9139
[42] = https://curl.se/bug/?i=9176
[43] = https://curl.se/bug/?i=9170
[44] = https://curl.se/bug/?i=9172
[45] = https://curl.se/bug/?i=9174
[46] = https://curl.se/bug/?i=9169
[47] = https://curl.se/bug/?i=9150
[48] = https://curl.se/bug/?i=9155
[49] = https://curl.se/bug/?i=9149
[50] = https://curl.se/bug/?i=9162
[51] = https://curl.se/bug/?i=9163
[52] = https://curl.se/bug/?i=9110
[53] = https://curl.se/bug/?i=9081
[54] = https://curl.se/bug/?i=9081
[55] = https://curl.se/bug/?i=9134
[56] = https://curl.se/bug/?i=9141
[57] = https://curl.se/bug/?i=9125
[58] = https://curl.se/bug/?i=9124
[59] = https://curl.se/bug/?i=9135
[60] = https://curl.se/bug/?i=9207
[61] = https://curl.se/bug/?i=9204
[62] = https://curl.se/bug/?i=9205
[63] = https://curl.se/bug/?i=9201
[64] = https://curl.se/bug/?i=9244
[65] = https://curl.se/bug/?i=9012
[66] = https://curl.se/bug/?i=9199
[67] = https://curl.se/bug/?i=9179
[68] = https://curl.se/bug/?i=9179
[69] = https://curl.se/bug/?i=9179
[70] = https://curl.se/bug/?i=9179
[71] = https://curl.se/bug/?i=9179
[72] = https://curl.se/bug/?i=9179
[73] = https://curl.se/bug/?i=9179
[74] = https://curl.se/bug/?i=9179
[75] = https://curl.se/bug/?i=9179
[76] = https://curl.se/bug/?i=9179
[77] = https://curl.se/bug/?i=9179
[78] = https://curl.se/bug/?i=9179
[79] = https://curl.se/bug/?i=9179
[80] = https://curl.se/bug/?i=9179
[81] = https://curl.se/bug/?i=9179
[82] = https://curl.se/bug/?i=9179
[83] = https://curl.se/bug/?i=9179
[84] = https://curl.se/bug/?i=9179
[85] = https://curl.se/bug/?i=9179
[86] = https://curl.se/bug/?i=9190
[87] = https://curl.se/bug/?i=9187
[88] = https://curl.se/bug/?i=9184
[89] = https://curl.se/bug/?i=9180
[90] = https://curl.se/bug/?i=9185
[91] = https://curl.se/bug/?i=9183
[92] = https://curl.se/bug/?i=9181
[93] = https://curl.se/bug/?i=9044
[94] = https://curl.se/bug/?i=9235
[95] = https://curl.se/bug/?i=9229
[96] = https://curl.se/bug/?i=8419
[97] = https://curl.se/bug/?i=9230
[98] = https://curl.se/bug/?i=9221
[99] = https://curl.se/bug/?i=9223
[100] = https://curl.se/bug/?i=9286
[101] = https://curl.se/bug/?i=9216
[102] = https://curl.se/bug/?i=9209
[103] = https://curl.se/bug/?i=9208
[104] = https://curl.se/bug/?i=9213
[105] = https://curl.se/bug/?i=9280
[106] = https://curl.se/bug/?i=9281
[107] = https://curl.se/bug/?i=8915
[108] = https://curl.se/bug/?i=9259
[109] = https://curl.se/bug/?i=9303
[110] = https://curl.se/bug/?i=9268
[111] = https://curl.se/bug/?i=9258
[112] = https://curl.se/bug/?i=9279
[113] = https://curl.se/bug/?i=9278
[114] = https://curl.se/bug/?i=9274
[115] = https://curl.se/bug/?i=9269
[116] = https://curl.se/bug/?i=9228
[117] = https://curl.se/bug/?i=9267
[118] = https://curl.se/bug/?i=9266
[119] = https://curl.se/bug/?i=9264
[120] = https://curl.se/bug/?i=9077
[121] = https://curl.se/bug/?i=9239
[122] = https://curl.se/bug/?i=9250
[123] = https://curl.se/bug/?i=9310
[124] = https://curl.se/bug/?i=9310
[125] = https://curl.se/bug/?i=9298
[126] = https://curl.se/bug/?i=9297
[127] = https://curl.se/bug/?i=9192
[128] = https://curl.se/bug/?i=9310
[129] = https://curl.se/bug/?i=9291
[130] = https://curl.se/bug/?i=9291
[131] = https://curl.se/bug/?i=9217
[132] = https://curl.se/bug/?i=9253
[133] = https://curl.se/bug/?i=9265
[134] = https://curl.se/bug/?i=9289
[135] = https://curl.se/bug/?i=9310
[136] = https://curl.se/bug/?i=9335
[137] = https://curl.se/bug/?i=9317
[138] = https://curl.se/bug/?i=9352
[139] = https://curl.se/bug/?i=9023
[140] = https://curl.se/bug/?i=9376
[141] = https://curl.se/bug/?i=9314
[142] = https://curl.se/bug/?i=9290
[143] = https://curl.se/bug/?i=9306
[144] = https://curl.se/bug/?i=9309
[145] = https://curl.se/bug/?i=9344
[146] = https://curl.se/bug/?i=9372
[147] = https://curl.se/bug/?i=9361
[148] = https://curl.se/bug/?i=9328
[149] = https://curl.se/bug/?i=9328
[150] = https://curl.se/bug/?i=9330
[151] = https://curl.se/bug/?i=9329
[152] = https://curl.se/docs/CVE-2022-35252.html
[153] = https://curl.se/bug/?i=9364
[154] = https://curl.se/bug/?i=6132
[155] = https://curl.se/bug/?i=9369
[156] = https://curl.se/bug/?i=9367
[157] = https://curl.se/bug/?i=9382
[158] = https://curl.se/bug/?i=9356
[159] = https://curl.se/bug/?i=9354
[160] = https://curl.se/bug/?i=9349
[161] = https://curl.se/bug/?i=9349
[162] = https://curl.se/bug/?i=9331
[163] = https://curl.se/bug/?i=9312
[165] = https://curl.se/bug/?i=9243
[166] = https://curl.se/bug/?i=9248
[167] = https://curl.se/bug/?i=8653
[168] = https://curl.se/bug/?i=9391
Date: Wed, 31 Aug 2022 08:29:36 +0200 (CEST)
Hello friends.
I'm proud to announce another curl release. This time in assocation with a CVE
that will be published following this announcement.
Download curl or read all about it as always on https://curl.se
(At 08:00 UTC today (10:00 CEST) I will do a live-streamed release
presentation on twitch: https://www.twitch.tv/curlhacker)
curl and libcurl 7.85.0
Public curl releases: 210
Command line options: 248
curl_easy_setopt() options: 299
Public functions in libcurl: 88
Contributors: 2690
This release includes the following changes:
o quic: add support via wolfSSL [142]
o schannel: Add TLS 1.3 support [96]
o setopt: add CURLOPT_PROTOCOLS_STR and CURLOPT_REDIR_PROTOCOLS_STR [30]
This release includes the following bugfixes:
o amigaos: fix threaded resolver on AmigaOS 4.x [133]
o amissl: allow AmiSSL to be used with AmigaOS 4.x builds [115]
o amissl: make AmiSSL v5 a minimum requirement [117]
o asyn-ares: make a single alloc out of hostname + async data [123]
o asyn-thread: fix socket leak on OOM [128]
o asyn-thread: make getaddrinfo_complete return CURLcode [53]
o base64: base64url encoding has no padding [41]
o BUGS.md: improve language [62]
o build: improve OS string in CMake and `config-win32.h` [15]
o cert.d: clarify that escape character works for file paths [161]
o cirrus.yml: replace py38-pip with py39-pip [63]
o cirrus/freebsd-ci: bootstrap the pip installer [104]
o cmake: add detection of threadsafe feature [163]
o cmake: do not force Windows target versions [28]
o cmake: fix build for mingw cross compile [33]
o cmake: link curl to its dependencies with PRIVATE [57]
o cmake: remove APPEND in export(TARGETS) [58]
o cmake: set feature PSL if present [168]
o cmake: support ngtcp2 boringssl backend [18]
o cmdline-opts/gen.pl: improve performance [97]
o config: remove the check for and use of SIZEOF_SHORT [129]
o configure: -pthread not available on AmigaOS 4.x [118]
o configure: check for the stdatomic.h header in configure [7]
o configure: fix --disable-headers-api [55]
o configure: fix broken m4 syntax in TLS options [145]
o configure: fixup bsdsocket detection code for AmigaOS 4.x [110]
o configure: if asked to use TLS, fail if no TLS lib was detected [156]
o configure: introduce CURL_SIZEOF [130]
o connect: add quic connection information [100]
o connect: close the happy eyeballs loser connection when using QUIC [109]
o connect: revert the use of IP*_RECVERR [102]
o connect: set socktype/protocol correctly [114]
o cookie: reject cookies with "control bytes" [152]
o cookie: treat a blank domain in Set-Cookie: as non-existing [40]
o cookie: use %zu to infof() for size_t values [26]
o curl-compilers.m4: make icc use -diag* options and disable two warnings [84]
o curl-config: quote directories with potential space [132]
o curl-confopts: remove leftover AC_REQUIREs [91]
o curl-functions.m4: check whether atomics can link [86]
o curl-wolfssl.m4: add options header when building test code [87]
o curl.h: CURLE_CONV_FAILED is obsoleted [4]
o curl.h: include <sys/select.h> on SunOS [151]
o curl: output warning when a cookie is dropped due to size [5]
o curl: writeout: fix repeated header outputs [47]
o Curl_close: call Curl_resolver_cancel to avoid memory-leak [124]
o curl_easy_header: Add CURLH_PSEUDO to sanity check [94]
o curl_mime_data.3: polish the wording [6]
o curl_multi_timeout.3: clarify usage [48]
o CURLINFO_SPEED_UPLOAD/DOWNLOAD.3: fix examples [121]
o CURLOPT_BUFFERSIZE.3: add upload buffersize to see also [159]
o CURLOPT_CONNECT_ONLY.3: clarify multi API use [64]
o CURLOPT_SERVER_RESPONSE_TIMEOUT: the new name [16]
o digest: fix memory leak, fix not quoted 'opaque' [66]
o digest: fix missing increment of 'nc' value for auth-int [39]
o digest: pass over leading spaces in qop values [119]
o digest: reject broken header with session protocol but without qop [120]
o docs/cmdline-opts/gen.pl: encode leading single and double quotes [138]
o docs/cmdline-opts: fix example and categories for --form-escape [125]
o docs/cmdline: mark fail and fail-with-body as mutually exclusive [98]
o docs: add dns category to --resolve [95]
o docs: explain curl_easy_escape/unescape curl handle is ignored [23]
o docs: remove him/her/he/she from documentation [103]
o doh: move doh related struct definitions to doh.h [45]
o doh: use https protocol by default [51]
o easy_lock.h: include sched.h if available to fix build [13]
o easy_lock.h: use __asm__ instead of asm to fix build [11]
o easy_lock: fix build for mingw [34]
o easy_lock: fix build with icc [54]
o easy_lock: fix the #ifdef conditional for ia32_pause [8]
o easy_lock: switch to using atomic_int instead of bool [9]
o easyoptions: fix icc warning [42]
o escape: remove outdated comment [25]
o examples/curlx.c: remove [150]
o file: add handling of native AmigaOS paths [108]
o file: fix icc enumerated type mixed with another type warning [92]
o ftp: use a correct expire ID for timer expiry [88]
o getinfo: return better error on NULL as first argument [21]
o GHA: add two Intel compiler CI jobs [85]
o GHA: move libressl CI from zuul to GitHub [144]
o gha: move over ngtcp2-gnutls CI job from zuul [162]
o GHA: mv CI torture test from Zuul [135]
o h2h3: fix overriding the 'TE: Trailers' header [43]
o hostip: resolve *.localhost to 127.0.0.1/::1 [127]
o HTTP3.md: update to msh3 v0.4.0 [126]
o http: typecast the httpreq assignment to avoid icc compiler warning [76]
o http_aws_sigv4.c: remove two unusued includes [36]
o http_chunks: remove an assign + typecast [82]
o hyper: customize test1274 to how hyper unfolds headers [131]
o hyper: enable obs-folded multiline headers [101]
o hyper: use wakers for curl pause/resume [2]
o imap: use ISALNUM() for alphanumeric checks [134]
o ldap: adapt to conn->port now being an 'int' [106]
o lib/curl_path.c: add ISC to license expression [1]
o lib3026: reduce the number of threads to 100 [44]
o libcurl-security.3: fix typo on macro "SH_" [12]
o libssh2: make atime/mtime date overflow return error [148]
o libssh2: provide symlink name in SFTP dir listing [155]
o libssh: ignore deprecation warnings [157]
o libssh: make atime/mtime date overflow return error [149]
o Makefile.m32: add `CURL_RC` and `CURL_STRIP` variables [ci skip] [17]
o Makefile.m32: add `NGTCP2_LIBS` option [ci skip] [38]
o makefile.m32: add support for custom ARCH [ci skip] [27]
o Makefile.m32: allow -nghttp3/-ngtcp2 without -ssl [ci skip] [141]
o Makefile.m32: do not set the libcurl.rc debug flag [ci skip] [3]
o Makefile.m32: stop trying to build libcares.a [ci skip] [46]
o memdebug: add annotation attributes [143]
o mprintf: fix *dyn_vprintf() when out-of-memory [90]
o mprintf: make dprintf_formatf never return negative [49]
o msh3: fix the QUIC disconnect function [107]
o multi: fix the return code from Curl_pgrsDone() [80]
o multi: have curl_multi_remove_handle close CONNECT_ONLY transfer [136]
o multi: use a pipe instead of a socketpair on apple platforms [154]
o multi: use larger dns hash table for multi interface [140]
o multi_wait: fix and improve Curl_poll error handling on Windows [146]
o multi_wait: fix skipping to populate revents for extra_fds [147]
o netrc.d: remove spurious quote [37]
o netrc: Use the password from lines without login [166]
o ngtcp2: Fix build error due to change in nghttp3 prototypes [61]
o ngtcp2: fix incompatible function pointer types [10]
o ngtcp2: Fix missing initialization of nghttp3_nv.flags [31]
o ngtcp2: fix stall or busy loop on STOP_SENDING with upload data [19]
o ngtcp2: implement cb_h3_stop_sending and cb_h3_reset_stream callbacks [59]
o openssl: add `CURL_BORINGSSL_VERSION` to identify BoringSSL [24]
o openssl: add cert path in error message [160]
o openssl: add details to "unable to set client certificate" error [116]
o openssl: fix BoringSSL symbol conflicts with LDAP and Schannel [52]
o quiche: fix build failure [99]
o select: do not return fatal error on EINTR from poll() [32]
o sendf: fix paused header writes since after the header API [89]
o sendf: make Curl_debug a void function [81]
o sendf: skip storing HTTP headers if HTTP disabled [73]
o sendf: store the header type in an usigned char to avoid icc warnings [79]
o splay: avoid using -1 in unsigned variable [78]
o test3026: add support for Windows using native Win32 threads [65]
o test3026: require 'threadsafe' [56]
o test44[2-4]: add '--resolve' to the keywords [122]
o tests/server/sockfilt.c: avoid race condition without a mutex [139]
o tests: fix http2 tests to use CRLF headers [153]
o tests: several enumerated type cleanups [67]
o THANKS: merged two entries for Evgeny Grin
o tidy-up: delete unused build configuration macros [93]
o tool: reintroduce set file comment code for AmigaOS [111]
o tool_cfgable: make 'synthetic_error' a plain bool [70]
o tool_formparse: fix variable may be used before its value is set [72]
o tool_getparam: make --doh-url "" switch it off [60]
o tool_getparam: repair cleanarg [22]
o tool_operate: better cleanup of easy handle in exit path [20]
o tool_paramhlp: fix "enumerated type mixed with another type" [68]
o tool_paramhlp: make check_protocol return ParameterError [71]
o tool_progress: avoid division by zero in parallel progress meter [35]
o tool_writeout: fix enumerated type mixed with another type [69]
o trace: 0x7F character is non-printable [50]
o unit1303: four tests should have TRUE for 'connecting' [158]
o url: enumerated type mixed with another type [74]
o url: really use the user provided in the url when netrc entry exists [165]
o url: reject URLs with hostnames longer than 65535 bytes [137]
o url: treat missing usernames in netrc as empty [167]
o urldata: change second proxytype field to unsigned char to match [75]
o urldata: make 'negnpn' use less storage [112]
o urldata: make state.httpreq an unsigned char [77]
o urldata: make three *_proto struct fields smaller [113]
o urldata: move smaller fields down in connectdata struct [105]
o urldata: reduce size of several struct fields [14]
o vtls: make Curl_ssl_backend() return the enum type curl_sslbackend [83]
o windows: improve random source [29]
This release includes the following known bugs:
o see docs/KNOWN_BUGS (https://curl.se/docs/knownbugs.html)
This release would not have looked like this without help, code, reports and
advice from friends like these:
Adam Sampson, Alessandro Ghedini, Alexandre Bury, Andreas Sommer,
Andrew Lambert, Axel Chong, Brad Forschinger, Brian Carpenter,
Cering on github, Chris Paulson-Ellis, Chris Young, Daniel Katz,
Daniel Stenberg, David Carlier, dEajL3kA on github, Domen Ko¾ar,
Dominik Thalhammer, Don J Olmstead, Dustin Howett, Emanuele Torre,
Emil Engler, Érico Nogueira Rolim, Even Rouault, Evgeny Grin (Karlson2k),
Fabian Fischer, Fabian Keil, Gisle Vanem, Gwen Shapira, Harry Sintonen,
highmtworks on github, Ivan Tsybulin, Jacob Tolar, Jakub Zakrzewski,
Jilayne Lovejoy, Joshua Root, jurisuk on github, jvvprasad78 on github,
Kai Pastor, Litter White, lwthiker on github, Marcel Raad, Marc Hörsken,
Marco Kamner, MasterInQuestion on github, Matthew Thompson, Maxim Ivanov,
Michael Trebilcock, Micha³ Antoniak, Nao Yonashiro, Nick Banks,
Oliver Roberts, opensignature on github, Orgad Shaneh, Patrick Monnerat,
Philip H, privetryan on github, Ray Satiro, rcombs on github, Rosen Penev,
Ryan Schmidt, Ryan Sleevi, rzrymiak on github, Samuel Henrique,
Sean McArthur, Sergey Ogryzkov, Somnath Kundu, Stefan Eissing,
Sukanya Hanumanthu, Tatsuhiro Tsujikawa, Ted Lyngmo, TheKnarf on github,
Thomas Weißschuh, Tobias Nygren, Viktor Szakats, vlubart on github, Wu Zheng,
Wyatt O'Day, Xiaoke Wang, yiyuaner on github
(79 contributors)
References to bug reports and discussions on issues:
[1] = https://curl.se/bug/?i=9073
[2] = https://curl.se/bug/?i=9070
[3] = https://curl.se/bug/?i=9069
[4] = https://curl.se/bug/?i=9067
[5] = https://curl.se/bug/?i=9064
[6] = https://curl.se/bug/?i=9063
[7] = https://curl.se/bug/?i=9059
[8] = https://curl.se/bug/?i=9058
[9] = https://curl.se/bug/?i=9055
[10] = https://curl.se/bug/?i=9056
[11] = https://curl.se/bug/?i=9056
[12] = https://curl.se/bug/?i=9057
[13] = https://curl.se/bug/?i=9054
[14] = https://curl.se/bug/?i=9106
[15] = https://curl.se/bug/?i=9117
[16] = https://curl.se/bug/?i=9104
[17] = https://curl.se/bug/?i=9132
[18] = https://curl.se/bug/?i=9065
[19] = https://curl.se/bug/?i=9122
[20] = https://curl.se/bug/?i=9114
[21] = https://curl.se/bug/?i=9114
[22] = https://curl.se/bug/?i=9128
[23] = https://curl.se/bug/?i=9115
[24] = https://curl.se/bug/?i=9113
[25] = https://curl.se/bug/?i=9115
[26] = https://curl.se/bug/?i=9095
[27] = https://curl.se/bug/?i=9092
[28] = https://curl.se/bug/?i=9046
[29] = https://curl.se/bug/?i=9027
[30] = https://curl.se/bug/?i=8992
[31] = https://curl.se/bug/?i=9118
[32] = https://bugs.archlinux.org/task/75201
[33] = https://curl.se/bug/?i=9084
[34] = https://curl.se/bug/?i=8997
[35] = https://curl.se/bug/?i=9082
[36] = https://curl.se/bug/?i=9080
[37] = https://curl.se/bug/?i=9111
[38] = https://curl.se/bug/?i=9109
[39] = https://curl.se/bug/?i=9090
[40] = https://curl.se/bug/?i=9164
[41] = https://curl.se/bug/?i=9139
[42] = https://curl.se/bug/?i=9176
[43] = https://curl.se/bug/?i=9170
[44] = https://curl.se/bug/?i=9172
[45] = https://curl.se/bug/?i=9174
[46] = https://curl.se/bug/?i=9169
[47] = https://curl.se/bug/?i=9150
[48] = https://curl.se/bug/?i=9155
[49] = https://curl.se/bug/?i=9149
[50] = https://curl.se/bug/?i=9162
[51] = https://curl.se/bug/?i=9163
[52] = https://curl.se/bug/?i=9110
[53] = https://curl.se/bug/?i=9081
[54] = https://curl.se/bug/?i=9081
[55] = https://curl.se/bug/?i=9134
[56] = https://curl.se/bug/?i=9141
[57] = https://curl.se/bug/?i=9125
[58] = https://curl.se/bug/?i=9124
[59] = https://curl.se/bug/?i=9135
[60] = https://curl.se/bug/?i=9207
[61] = https://curl.se/bug/?i=9204
[62] = https://curl.se/bug/?i=9205
[63] = https://curl.se/bug/?i=9201
[64] = https://curl.se/bug/?i=9244
[65] = https://curl.se/bug/?i=9012
[66] = https://curl.se/bug/?i=9199
[67] = https://curl.se/bug/?i=9179
[68] = https://curl.se/bug/?i=9179
[69] = https://curl.se/bug/?i=9179
[70] = https://curl.se/bug/?i=9179
[71] = https://curl.se/bug/?i=9179
[72] = https://curl.se/bug/?i=9179
[73] = https://curl.se/bug/?i=9179
[74] = https://curl.se/bug/?i=9179
[75] = https://curl.se/bug/?i=9179
[76] = https://curl.se/bug/?i=9179
[77] = https://curl.se/bug/?i=9179
[78] = https://curl.se/bug/?i=9179
[79] = https://curl.se/bug/?i=9179
[80] = https://curl.se/bug/?i=9179
[81] = https://curl.se/bug/?i=9179
[82] = https://curl.se/bug/?i=9179
[83] = https://curl.se/bug/?i=9179
[84] = https://curl.se/bug/?i=9179
[85] = https://curl.se/bug/?i=9179
[86] = https://curl.se/bug/?i=9190
[87] = https://curl.se/bug/?i=9187
[88] = https://curl.se/bug/?i=9184
[89] = https://curl.se/bug/?i=9180
[90] = https://curl.se/bug/?i=9185
[91] = https://curl.se/bug/?i=9183
[92] = https://curl.se/bug/?i=9181
[93] = https://curl.se/bug/?i=9044
[94] = https://curl.se/bug/?i=9235
[95] = https://curl.se/bug/?i=9229
[96] = https://curl.se/bug/?i=8419
[97] = https://curl.se/bug/?i=9230
[98] = https://curl.se/bug/?i=9221
[99] = https://curl.se/bug/?i=9223
[100] = https://curl.se/bug/?i=9286
[101] = https://curl.se/bug/?i=9216
[102] = https://curl.se/bug/?i=9209
[103] = https://curl.se/bug/?i=9208
[104] = https://curl.se/bug/?i=9213
[105] = https://curl.se/bug/?i=9280
[106] = https://curl.se/bug/?i=9281
[107] = https://curl.se/bug/?i=8915
[108] = https://curl.se/bug/?i=9259
[109] = https://curl.se/bug/?i=9303
[110] = https://curl.se/bug/?i=9268
[111] = https://curl.se/bug/?i=9258
[112] = https://curl.se/bug/?i=9279
[113] = https://curl.se/bug/?i=9278
[114] = https://curl.se/bug/?i=9274
[115] = https://curl.se/bug/?i=9269
[116] = https://curl.se/bug/?i=9228
[117] = https://curl.se/bug/?i=9267
[118] = https://curl.se/bug/?i=9266
[119] = https://curl.se/bug/?i=9264
[120] = https://curl.se/bug/?i=9077
[121] = https://curl.se/bug/?i=9239
[122] = https://curl.se/bug/?i=9250
[123] = https://curl.se/bug/?i=9310
[124] = https://curl.se/bug/?i=9310
[125] = https://curl.se/bug/?i=9298
[126] = https://curl.se/bug/?i=9297
[127] = https://curl.se/bug/?i=9192
[128] = https://curl.se/bug/?i=9310
[129] = https://curl.se/bug/?i=9291
[130] = https://curl.se/bug/?i=9291
[131] = https://curl.se/bug/?i=9217
[132] = https://curl.se/bug/?i=9253
[133] = https://curl.se/bug/?i=9265
[134] = https://curl.se/bug/?i=9289
[135] = https://curl.se/bug/?i=9310
[136] = https://curl.se/bug/?i=9335
[137] = https://curl.se/bug/?i=9317
[138] = https://curl.se/bug/?i=9352
[139] = https://curl.se/bug/?i=9023
[140] = https://curl.se/bug/?i=9376
[141] = https://curl.se/bug/?i=9314
[142] = https://curl.se/bug/?i=9290
[143] = https://curl.se/bug/?i=9306
[144] = https://curl.se/bug/?i=9309
[145] = https://curl.se/bug/?i=9344
[146] = https://curl.se/bug/?i=9372
[147] = https://curl.se/bug/?i=9361
[148] = https://curl.se/bug/?i=9328
[149] = https://curl.se/bug/?i=9328
[150] = https://curl.se/bug/?i=9330
[151] = https://curl.se/bug/?i=9329
[152] = https://curl.se/docs/CVE-2022-35252.html
[153] = https://curl.se/bug/?i=9364
[154] = https://curl.se/bug/?i=6132
[155] = https://curl.se/bug/?i=9369
[156] = https://curl.se/bug/?i=9367
[157] = https://curl.se/bug/?i=9382
[158] = https://curl.se/bug/?i=9356
[159] = https://curl.se/bug/?i=9354
[160] = https://curl.se/bug/?i=9349
[161] = https://curl.se/bug/?i=9349
[162] = https://curl.se/bug/?i=9331
[163] = https://curl.se/bug/?i=9312
[165] = https://curl.se/bug/?i=9243
[166] = https://curl.se/bug/?i=9248
[167] = https://curl.se/bug/?i=8653
[168] = https://curl.se/bug/?i=9391
-- / daniel.haxx.se | Commercial curl support up to 24x7 is available! | Private help, bug fixes, support, ports, new features | https://curl.se/support.html
-- Unsubscribe: https://lists.haxx.se/listinfo/curl-users Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2022-08-31