curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

[RELEASE] curl 8.1.0

From: Daniel Stenberg via curl-library <curl-library_at_lists.haxx.se>
Date: Wed, 17 May 2023 08:33:58 +0200 (CEST)

Hi team,

I'm happy to announce that I just packaged, signed and uploaded another curl
release. This time in association with four security advisories, which I will
email about shortly. As always, get curl from here:

   https://curl.se/

curl and libcurl 8.1.0

  Public curl releases: 217
  Command line options: 251
  curl_easy_setopt() options: 302
  Public functions in libcurl: 91
  Contributors: 2875

This release includes the following changes:

  o curl: add --proxy-http2 [62]
  o CURLPROXY_HTTPS2: for HTTPS proxy that may speak HTTP/2 [57]
  o hostip: refuse to resolve the .onion TLD [19]
  o tool_writeout: add URL component variables [41]

This release includes the following bugfixes:

  o amiga: Fix CA certificate paths for AmiSSL and MorphOS [150]
  o autotools: sync up clang picky warnings with cmake [114]
  o aws-sigv4.d: fix region identifier in example [168]
  o bufq: simplify since expression is always true [72]
  o cf-h1-proxy: skip an extra NULL assign [80]
  o cf-h2-proxy: fix processing ingress to stop too early [76]
  o cf-socket: add socket recv buffering for most tcp cases [90]
  o cf-socket: Disable socket receive buffer by default [75]
  o cf-socket: remove dead code discovered by PVS [82]
  o cf-socket: turn off IPV6_V6ONLY on Windows if it is supported [123]
  o checksrc: check for spaces before the colon of switch labels [160]
  o checksrc: find bad indentation in conditions without open brace [152]
  o checksrc: fix SPACEBEFOREPAREN for conditions starting with "*" [115]
  o ci: `-Wno-vla` no longer necessary [158]
  o CI: fix brew retries on GHA
  o CI: Set minimal permissions on workflow ngtcp2-quictls.yml [153]
  o CI: skip Azure for commits which change only GHA
  o CI: use another glob syntax for matching files on Appveyor
  o cmake: bring in the network library on Haiku [9]
  o cmake: do not add zlib headers for openssl [49]
  o CMake: make config version 8 compatible with 7 [28]
  o cmake: picky-linker fixes for openssl, ZLIB, H3 and more [31]
  o cmake: set SONAME for SunOS too [3]
  o cmake: speed up and extend picky clang/gcc options [116]
  o CMakeLists.txt: fix typo for Haiku detection [95]
  o compressed.d: clarify the words on "not notifying headers" [163]
  o config-dos.h: fix SIZEOF_CURL_OFF_T for MS-DOS/DJGPP [52]
  o configure: don't set HAVE_WRITABLE_ARGV on Windows [64]
  o configure: fix detection of apxs (for httpd) [157]
  o configure: make quiche require quiche_conn_send_ack_eliciting [46]
  o connect: fix https connection setup to treat ssl_mode correctly [94]
  o content_encoding: only do transfer-encoding compression if asked to [61]
  o cookie: address PVS nits [74]
  o cookie: clarify that init with data set to NULL reads no file [99]
  o curl: do NOT append file name to path for upload when there's a query [58]
  o curl_easy_getinfo.3: typo fix (duplicated "from the") [43]
  o curl_easy_unescape.3: rename the argument [113]
  o curl_path: bring back support for SFTP path ending in /~ [130]
  o curl_url_set.3: mention that users can set content rather freely [105]
  o CURLOPT_IPRESOLVE.3: this for host names, not IP addresses [165]
  o data.d: emphasize no conversion [5]
  o digest: clear target buffer [8]
  o doc: curl_mime_init() strong easy binding was relaxed in 7.87.0 [26]
  o docs/cmdline-opts: document the dotless config path [1]
  o docs/examples/protofeats.c: outputs all protocols and features [110]
  o docs/libcurl/curl_*escape.3: rename "url" argument to "input"/"string" [131]
  o docs/SECURITY-ADVISORY.md: how to write a curl security advisory [128]
  o docs: bump the minimum perl version to 5.6
  o docs: clarify that more backends have HTTPS proxy support [127]
  o dynbuf: never allocate larger than "toobig" [17]
  o easy_cleanup: require a "good" handle to act [149]
  o ftp: fix 'portsock' variable was assigned the same value [78]
  o ftp: remove dead code [79]
  o ftplistparser: move out private data from public struct [20]
  o ftplistparser: replace realloc with dynbuf [18]
  o gen.pl: error on duplicated See-Also fields [102]
  o getpart: better handle case of file not found
  o GHA-linux: add an address-sanitizer build [15]
  o GHA: add a memory-sanitizer job [2]
  o GHA: run all linux test jobs with valgrind [14]
  o GHA: suppress git clone output [89]
  o GIT-INFO: add --with-openssl [171]
  o gskit: various compile errors in OS400 [12]
  o h2/h3: replace `state.drain` counter with `state.dselect_bits` [141]
  o hash: fix assigning same value [73]
  o headers: clear (possibly) lingering pointer in init [167]
  o hostcheck: fix host name wildcard checking [134]
  o hostip: add locks around use of global buffer for alarm() [129]
  o hostip: enforce a maximum DNS cache size independent of timeout value [166]
  o HTTP-COOKIES.md: mention the #HttpOnly_ prefix [16]
  o http2: always EXPIRE_RUN_NOW unpaused http/2 transfers [139]
  o http2: do flow window accounting for cancelled streams [155]
  o http2: enlarge the connection window [101]
  o http2: flow control and buffer improvements [54]
  o http2: move HTTP/2 stream vars into local context [67]
  o http2: pass `stream` to http2_handle_stream_close to avoid NULL checks [140]
  o http2: remove unused Curl_http2_strerror function declaration [108]
  o HTTP3/quiche: terminate h1 response header when no body is sent [112]
  o http3: check stream_ctx more thoroughly in all backends [77]
  o HTTP3: document the ngtcp2/nghttp3 versions to use for building curl [143]
  o http3: expire unpaused transfers in all HTTP/3 backends [138]
  o http3: improvements across backends [51]
  o http: free the url before storing a new copy [162]
  o http: skip a double NULL assign [83]
  o ipv4.d/ipv6.d: they are "mutex", not "boolean" [122]
  o KNOWN_BUGS: remove fixed or outdated issues, move non-bugs [65]
  o lib/cmake: add HAVE_WRITABLE_ARGV check [63]
  o lib/sha256.c: typo fix in comment (duplicated "is available") [40]
  o lib1560: verify that more bad host names are rejected [104]
  o lib: add `bufq` and `dynhds` [34]
  o lib: remove CURLX_NO_MEMORY_CALLBACKS [55]
  o lib: unify the upload/method handling [144]
  o lib: use correct printf flags for sockets and timediffs [36]
  o libssh2: fix crash in keyboard callback [126]
  o libssh2: free fingerprint better [164]
  o libssh: tell it to use SFTP non-blocking [59]
  o man pages: simplify the .TH sections [133]
  o MANUAL.md: add dict example for looking up a single definition [132]
  o md(4|5): don't use deprecated iOS functions [21]
  o md4: only build when used [68]
  o mime: skip NULL assigns after Curl_safefree() [84]
  o multi: add handle asserts in DEBUG builds [11]
  o multi: add multi-ignore logic to multi_socket_action [154]
  o multi: free up more data earleier in DONE [118]
  o multi: remove a few superfluous assigns [97]
  o multi: remove PENDING + MSGSENT handles from the main linked list [23]
  o ngtcp2: adapted to 0.15.0 [151]
  o ngtcp2: adjust config and code checks for ngtcp2 without nghttp3 [4]
  o noproxy: pointer to local array 'hostip' is stored outside scope [93]
  o ntlm: clear lm and nt response buffers before use [7]
  o openssl: interop with AWS-LC [30]
  o OS400: fix and complete ILE/RPG binding [96]
  o OS400: implement EBCDIC support for recent features [100]
  o OS400: improve vararg emulation [92]
  o OS400: provide ILE/RPG usage examples [81]
  o pingpong: fix compiler warning "assigning an enum to unsigned char" [156]
  o pytest: improvements for suitable curl and error output [35]
  o quiche: disable pacing while pacing is not actually performed [148]
  o quiche: Enable IDLE egress handling [109]
  o RELEASE-PROCEDURE: update to new schedule [25]
  o rtsp: convert mallocs to dynbuf for RTP buffering [37]
  o rtsp: skip malformed RTSP interleaved frame data [33]
  o rtsp: skip NULL assigns after Curl_safefree() [85]
  o runtests: die if curl version can be found [10]
  o runtests: don't start servers if -l is given
  o runtests: fix -c option when run with valgrind [145]
  o runtests: fix quoting in Appveyor and Azure test integration [117]
  o runtests: lots of refactoring
  o runtests: refactor into more packages [60]
  o runtests: show error message if file can't be written
  o runtests: spawn a new process for the test runner [146]
  o rustls: fix error in recv handling [50]
  o schannel: add clarifying comment [98]
  o server/getpart: clear target buffer before load [6]
  o smb: remove double assign [86]
  o smbserver: remove temporary files before exit [135]
  o socketpair: verify with a random value [142]
  o ssh: Add support for libssh2 read timeout [170]
  o telnet: simplify the implementation of str_is_nonascii() [42]
  o test1169: fix so it works properly everywhere [106]
  o test1592: add flaky keyword [39]
  o test1960: point to the correct path for the precheck tool
  o test303: kill server after test
  o tests/http: add timeout to running curl in test cases [24]
  o tests/http: fix log formatting on wrong exit code [27]
  o tests/http: fix out-of-tree builds [121]
  o tests/http: improved httpd detection [45]
  o tests/http: more tests with specific clients [125]
  o tests/http: relax connection check in test_07_02 [53]
  o tests/keywords.pl: remove [111]
  o tests/libtest/lib1900.c: remove
  o tests/sshserver.pl: Define AddressFamily earlier [103]
  o tests: 1078 1288 1297 use valid IPv4 addresses
  o tests: document that the unittest keyword is special
  o tests: increase sws timeout for more robust testing [66]
  o tests: log a too-long Unix socket path in sws and socksd
  o tests: make test_12_01 a bit more forgiving on connection counts
  o tests: move pidfiles and portfiles under the log directory [48]
  o tests: move server config files under the pid dir [47]
  o tests: silence some Perl::Critic warnings in test suite [56]
  o tests: stop using strndup(), which isn't portable
  o tests: switch to 3-argument open in test suite
  o tests: turn perl modules into full packages
  o tests: use %LOGDIR to refer to the log directory
  o tool_cb_hdr: Fix 'Location:' formatting for early VTE terminals [147]
  o tool_operate: pass a long as CURLOPT_HEADEROPT argument [13]
  o tool_operate: refuse (--data or --form) and --continue-at combo [119]
  o transfer: refuse POSTFIELDS + RESUME_FROM combo [120]
  o transfer: skip extra assign [87]
  o url: fix null dispname for --connect-to option [161]
  o url: fix PVS nits [71]
  o url: remove call to Curl_llist_destroy in Curl_close [22]
  o urlapi: cleanups and improvements [91]
  o urlapi: detect and error on illegal IPv4 addresses [70]
  o urlapi: prevent setting invalid schemes with *url_set() [107]
  o urlapi: skip a pointless assign [88]
  o urlapi: URL encoding for the URL missed the fragment [29]
  o urldata: copy CURLOPT_AWS_SIGV4 value on handle duplication [137]
  o urldata: shrink *select_bits int => unsigned char [124]
  o vlts: use full buffer size when receiving data if possible [32]
  o vtls and h2 improvements [69]
  o Websocket: enhanced en-/decoding [136]
  o wolfssl.yml: bump to version 5.6.0 [44]
  o write-out.d: Use response_code in example [159]
  o ws: handle reads before EAGAIN better [38]

This release includes the following known bugs:

  o see docs/KNOWN_BUGS (https://curl.se/docs/knownbugs.html)

Planned upcoming removals include:

  o gskit
  o NSS
  o support for space-separated NOPROXY patterns
  o support for the original legacy mingw version 1

  See https://curl.se/dev/deprecate.html for details

This release would not have looked like this without help, code, reports and
advice from friends like these:

   Ali Khodkar, Andreas Falkenhahn, Andreas Huebner, Andy Alt, Arne Soete,
   Ben Fritz, Biswapriyo Nath, Boris Kuschel, Brian Lund, Chloe Kudryavtsev,
   Colman Mbuya, Dan Fandrich, Dan Frandrich, Daniel Silverstone,
   Daniel Stenberg, dengjfzh on github, Diogo Teles Sant'Anna, Dirk Rosenkranz,
   Douglas R. Reno, Dylan Anthony, eaglegai on github, Emanuele Torre,
   Emil Engler, François Michel, Frank Gevaerts, Gisle Vanem, Harry Sintonen,
   Hiroki Kurosawa, Jakub Zakrzewski, Janne Blomqvist, Jim King, Jon Rumsey,
   Josh McCullough, Kai Pastor, Kamil Dudka, Kvarec Lezki, kwind on github,
   Marc Deslauriers, Marcel Raad, Matt Jolly, Micah Snyder), nobedee on github,
   Oliver Chang, Osaila on github, Osama Albahrani, Patrick Monnerat,
   Paul Howarth, Pavel Mayorov, Paweł Wegner, Philip Heiduck, Ray Satiro,
   Ronan Pigott, Sevan Janiyan, Shohei Maeda, simplerobot on github,
   Smackd0wn on github, Stefan Eissing, Steve Herrell, SuperIlu on github,
   Thomas Taylor, Viktor Szakats, Vítor Galvão, Wei Chong Tan, YX Hao
   (64 contributors)

References to bug reports and discussions on issues:

  [1] = https://curl.se/bug/?i=10849
  [2] = https://curl.se/bug/?i=10815
  [3] = https://curl.se/bug/?i=10816
  [4] = https://curl.se/bug/?i=10793
  [5] = https://curl.se/bug/?i=10823
  [6] = https://curl.se/bug/?i=10822
  [7] = https://curl.se/bug/?i=10814
  [8] = https://curl.se/bug/?i=10814
  [9] = https://curl.se/bug/?i=10296
  [10] = https://curl.se/bug/?i=10813
  [11] = https://curl.se/bug/?i=10812
  [12] = https://curl.se/bug/?i=10799
  [13] = https://curl.se/bug/?i=10798
  [14] = https://curl.se/bug/?i=10798
  [15] = https://curl.se/bug/?i=10810
  [16] = https://curl.se/bug/?i=10847
  [17] = https://curl.se/bug/?i=10845
  [18] = https://curl.se/bug/?i=10844
  [19] = https://curl.se/bug/?i=543
  [20] = https://curl.se/bug/?i=10844
  [21] = https://curl.se/bug/?i=11098
  [22] = https://curl.se/bug/?i=10846
  [23] = https://curl.se/bug/?i=10801
  [24] = https://curl.se/bug/?i=10783
  [25] = https://curl.se/bug/?i=10827
  [26] = https://curl.se/bug/?i=10834
  [27] = https://curl.se/bug/?i=10868
  [28] = https://curl.se/bug/?i=10819
  [29] = https://curl.se/bug/?i=10887
  [30] = https://curl.se/bug/?i=10320
  [31] = https://curl.se/bug/?i=10857
  [32] = https://curl.se/bug/?i=10736
  [33] = https://curl.se/bug/?i=10808
  [34] = https://curl.se/bug/?i=10720
  [35] = https://curl.se/bug/?i=10829
  [36] = https://curl.se/bug/?i=10737
  [37] = https://curl.se/bug/?i=10786
  [38] = https://curl.se/bug/?i=10831
  [39] = https://curl.se/bug/?i=10860
  [40] = https://curl.se/bug/?i=10851
  [41] = https://curl.se/bug/?i=10853
  [42] = https://curl.se/bug/?i=10852
  [43] = https://curl.se/bug/?i=10850
  [44] = https://curl.se/bug/?i=10843
  [45] = https://curl.se/bug/?i=10879
  [46] = https://curl.se/bug/?i=10886
  [47] = https://curl.se/bug/?i=10875
  [48] = https://curl.se/bug/?i=10874
  [49] = https://curl.se/bug/?i=10878
  [50] = https://curl.se/bug/?i=10876
  [51] = https://curl.se/bug/?i=10772
  [52] = https://curl.se/bug/?i=10905
  [53] = https://curl.se/bug/?i=10865
  [54] = https://curl.se/bug/?i=10771
  [55] = https://curl.se/bug/?i=10908
  [56] = https://curl.se/bug/?i=10861
  [57] = https://curl.se/bug/?i=10900
  [58] = https://curl.se/mail/archive-2023-04/0008.html
  [59] = https://curl.se/bug/?i=11020
  [60] = https://curl.se/bug/?i=10995
  [61] = https://curl.se/bug/?i=10899
  [62] = https://curl.se/bug/?i=10926
  [63] = https://curl.se/bug/?i=10896
  [64] = https://curl.se/bug/?i=10896
  [65] = https://curl.se/bug/?i=10963
  [66] = https://curl.se/bug/?i=10898
  [67] = https://curl.se/bug/?i=10877
  [68] = https://curl.se/bug/?i=11102
  [69] = https://curl.se/bug/?i=10891
  [70] = https://curl.se/bug/?i=10894
  [71] = https://curl.se/bug/?i=10959
  [72] = https://curl.se/bug/?i=10958
  [73] = https://curl.se/bug/?i=10956
  [74] = https://curl.se/bug/?i=10954
  [75] = https://curl.se/bug/?i=10961
  [76] = https://curl.se/bug/?i=10952
  [77] = https://curl.se/bug/?i=10951
  [78] = https://curl.se/bug/?i=10955
  [79] = https://curl.se/bug/?i=10957
  [80] = https://curl.se/bug/?i=10953
  [81] = https://curl.se/bug/?i=10994
  [82] = https://curl.se/bug/?i=10960
  [83] = https://curl.se/bug/?i=10950
  [84] = https://curl.se/bug/?i=10947
  [85] = https://curl.se/bug/?i=10946
  [86] = https://curl.se/bug/?i=10945
  [87] = https://curl.se/bug/?i=10944
  [88] = https://curl.se/bug/?i=10943
  [89] = https://curl.se/bug/?i=10939
  [90] = https://curl.se/bug/?i=10787
  [91] = https://curl.se/bug/?i=10935
  [92] = https://curl.se/bug/?i=10994
  [93] = https://curl.se/bug/?i=10933
  [94] = https://curl.se/bug/?i=10934
  [95] = https://curl.se/bug/?i=10937
  [96] = https://curl.se/bug/?i=10994
  [97] = https://curl.se/bug/?i=10932
  [98] = https://curl.se/bug/?i=10931
  [99] = https://curl.se/bug/?i=10930
  [100] = https://curl.se/bug/?i=10994
  [101] = https://curl.se/bug/?i=10988
  [102] = https://curl.se/bug/?i=10925
  [103] = https://curl.se/bug/?i=10983
  [104] = https://curl.se/bug/?i=10922
  [105] = https://curl.se/bug/?i=10921
  [106] = https://curl.se/bug/?i=10889
  [107] = https://curl.se/bug/?i=10911
  [108] = https://curl.se/bug/?i=10912
  [109] = https://curl.se/bug/?i=11000
  [110] = https://curl.se/bug/?i=10991
  [111] = https://curl.se/bug/?i=10895
  [112] = https://curl.se/bug/?i=11003
  [113] = https://curl.se/bug/?i=10979
  [114] = https://curl.se/bug/?i=10974
  [115] = https://curl.se/bug/?i=11044
  [116] = https://curl.se/bug/?i=10973
  [117] = https://curl.se/bug/?i=11010
  [118] = https://curl.se/bug/?i=10971
  [119] = https://curl.se/bug/?i=11081
  [120] = https://curl.se/bug/?i=11081
  [121] = https://curl.se/bug/?i=11036
  [122] = https://curl.se/bug/?i=11085
  [123] = https://curl.se/bug/?i=10975
  [124] = https://curl.se/bug/?i=11025
  [125] = https://curl.se/bug/?i=11006
  [126] = https://curl.se/bug/?i=11024
  [127] = https://curl.se/bug/?i=11033
  [128] = https://curl.se/bug/?i=11080
  [129] = https://curl.se/bug/?i=11030
  [130] = https://curl.se/bug/?i=11001
  [131] = https://curl.se/bug/?i=11027
  [132] = https://curl.se/bug/?i=11077
  [133] = https://curl.se/bug/?i=11029
  [134] = https://curl.se/bug/?i=11018
  [135] = https://curl.se/bug/?i=10990
  [136] = https://curl.se/bug/?i=10962
  [137] = https://curl.se/bug/?i=11021
  [138] = https://curl.se/bug/?i=11005
  [139] = https://curl.se/bug/?i=11005
  [140] = https://curl.se/bug/?i=11005
  [141] = https://curl.se/bug/?i=11005
  [142] = https://curl.se/bug/?i=10993
  [143] = https://curl.se/bug/?i=11019
  [144] = https://curl.se/bug/?i=11017
  [145] = https://curl.se/bug/?i=11074
  [146] = https://curl.se/bug/?i=11064
  [147] = https://curl.se/bug/?i=10428
  [148] = https://curl.se/bug/?i=11068
  [149] = https://curl.se/bug/?i=11061
  [150] = https://curl.se/bug/?i=11059
  [151] = https://curl.se/bug/?i=11031
  [152] = https://curl.se/bug/?i=11054
  [153] = https://curl.se/bug/?i=11055
  [154] = https://curl.se/bug/?i=11045
  [155] = https://curl.se/bug/?i=11052
  [156] = https://curl.se/bug/?i=11050
  [157] = https://curl.se/bug/?i=11051
  [158] = https://curl.se/bug/?i=11048
  [159] = https://curl.se/bug/?i=11107
  [160] = https://curl.se/bug/?i=11047
  [161] = https://curl.se/bug/?i=11106
  [162] = https://curl.se/bug/?i=11093
  [163] = https://curl.se/bug/?i=11091
  [164] = https://curl.se/bug/?i=11088
  [165] = https://curl.se/bug/?i=11087
  [166] = https://curl.se/bug/?i=11084
  [167] = https://curl.se/bug/?i=11101
  [168] = https://curl.se/bug/?i=11117
  [170] = https://curl.se/bug/?i=10965
  [171] = https://curl.se/bug/?i=11110

-- 
  / daniel.haxx.se
  | Commercial curl support up to 24x7 is available!
  | Private help, bug fixes, support, ports, new features
  | https://curl.se/support.html


-- 
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html
Received on 2023-05-17