-
Notifications
You must be signed in to change notification settings - Fork 0
/
RELEASE-NOTES
245 lines (234 loc) · 11 KB
/
RELEASE-NOTES
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
curl and libcurl 7.82.0
Public curl releases: 206
Command line options: 245
curl_easy_setopt() options: 295
Public functions in libcurl: 86
Contributors: 2582
This release includes the following changes:
o curl: add --json [67]
o mesalink: remove support [23]
This release includes the following bugfixes:
o appveyor: update images from VS 2019 to 2022
o appveyor: use VS 2017 image for the autotools builds
o base64: remove an unnecessary call to strlen [66]
o build: enable -Warith-conversion
o build: fix -Wenum-conversion handling
o build: fix ngtcp2 crypto library detection [63]
o checksrc: fix typo in comment [34]
o CI: move 'distcheck' job from zuul to azure pipelines [60]
o CI: move scan-build job from Zuul to Azure Pipelines [59]
o CI: move the NSS job from zuul to GHA [84]
o ci: move the OpenSSL + c-ares job from Zuul to Circle CI [75]
o CI: move the rustls CI job to GHA from Zuul [8]
o CI: move two jobs from Zuul to Circle CI [73]
o CI: test building wolfssl with --enable-opensslextra [42]
o CI: workflows/wolfssl: install impacket [47]
o cirlceci: also run a c-ares job on arm with debug enabled [74]
o cmake: fix iOS CMake project generation error [13]
o cmdline-opts/gen.pl: fix option matching to improve references [50]
o config.d: Clarify _curlrc filename is still valid on Windows [95]
o configure: remove support for "embedded ares" [82]
o configure: set CURL_LIBRARY_PATH for nghttp2 [58]
o configure: support specification of a nghttp2 library path [101]
o configure: use correct CFLAGS for threaded resolver with xlC on AIX [54]
o curl tool: erase some more sensitive command line arguments [22]
o curl-functions.m4: fix LIBRARY_PATH adjustment to avoid eval [5]
o curl-functions.m4: revert DYLD_LIBRARY_PATH tricks in CURL_RUN_IFELSE [9]
o curl-openssl: fix SRP check for OpenSSL 3.0 [86]
o curl-openssl: remove the OpenSSL headers and library versions check [35]
o curl: remove "separators" (when using globbed URLs) [32]
o curl_getdate.3: remove pointless .PP line [68]
o curl_multi_socket.3: remove callback and typical usage descriptions [7]
o curl_url_set.3: mention when CURLU_ALLOW_SPACE was added
o CURLMOPT_TIMERFUNCTION/DATA.3: fix the examples [27]
o CURLOPT_RESOLVE.3: change example port to 443
o CURLSHOPT_LOCKFUNC.3: fix typo "relased" -> "released" [71]
o docs/cmdline-opts: add "mutexed" options for more http versions [25]
o docs: capitalize the name 'Netscape' [77]
o docs: document HTTP/2 not insisting on TLS 1.2 [49]
o docs: fix mandoc -T lint formatting complaints [2]
o docs: update IETF links to use datatracker [41]
o examples/multi-app.c: call curl_multi_remove_handle as well [19]
o formdata: avoid size_t => long typecast overflows [37]
o gen.pl: terminate "example" sections better [4]
o h2/h3: allow CURLOPT_HTTPHEADER change ":scheme" [88]
o hostcheck: fixed to not touch used input strings [38]
o http: make Curl_compareheader() take string length arguments too [87]
o ldap: return CURLE_URL_MALFORMAT for bad URL [24]
o lib: remove support for CURL_DOES_CONVERSIONS [96]
o maketgz: return error if 'make dist' fails [79]
o mbedtls: enable use of mbedtls without CRL support [57]
o mbedtls: enable use of mbedtls without filesystem functions support [100]
o mbedtls: fix CURLOPT_SSLCERT_BLOB (again)
o mbedtls: fix ssl_init error with mbedTLS 3.1.0+ [12]
o mbedtls: remove #include <mbedtls/certs.h> [56]
o mbedtls: return CURLcode result instead of a mbedtls error code [1]
o md5: check md5_init_func return value
o misc: allow curl to build with wolfssl --enable-opensslextra [43]
o misc: remove BeOS code and references [30]
o misc: remove the final watcom references [29]
o mqtt: free any send leftover data when done [36]
o multi: grammar fix in comment [69]
o multi: remember connection_id before returning connection to pool [76]
o multi: set in_callback for multi interface callbacks [28]
o netware: remove support [72]
o next.d. remove .fi/.nf as they are handled by gen.pl [3]
o ngtcp2: adapt to changed end of headers callback proto [39]
o ngtcp2: fix declaration of ‘result’ shadows a previous local [14]
o nss: handshake callback during shutdown has no conn->bundle [55]
o openldap: fix compiler warning when built without SSL support [70]
o openldap: implement SASL authentication [16]
o openssl.h: avoid including OpenSSL headers here [15]
o openssl: check SSL_get_ex_data to prevent potential NULL dereference [40]
o openssl: check the return value of BIO_new_mem_buf() [18]
o openssl: fix `ctx_option_t` for OpenSSL v3+
o openssl: return error if TLS 1.3 is requested when not supported [45]
o projects: fix Visual Studio wolfSSL configurations
o quiche: change qlog file extension to `.sqlog` [44]
o quiche: verify the server cert on connect [33]
o remote-header-name.d: clarify [10]
o runtests.pl: disable debuginfod [51]
o runtests.pl: properly print the test if it contains binary zeros
o runtests.pl: support the nonewline attribute for the data part [21]
o runtests.pl: tolerate test directories without Makefile.inc [98]
o runtests: allow client/file to specify multiple directories
o runtests: make 'rustls' a testable feature
o runtests: make 'wolfssl' a testable feature [6]
o rustls: add CURLOPT_CAINFO_BLOB support [26]
o scripts/cijobs.pl: output data about all currect CI jobs [78]
o scripts/completion.pl: improve zsh completion [46]
o scripts/copyright.pl: support many provided file names on the cmdline
o scripts/delta: check the file delta for current branch
o setopt: do bounds-check before strdup [99]
o setopt: fix the TLSAUTH #ifdefs for proxy-disabled builds [53]
o smb: passing a socket for writing and reading data instead of FIRSTSOCKET [90]
o test3021: disable all msys2 path transformation
o test374: gif data without new line at the end [20]
o tests/disable-scan.pl: properly detect multiple symbols per line [94]
o tests/unit/Makefile.am: add NSS_LIBS to build with NSS fine [85]
o tool_findfile: check ~/.config/curlrc too [17]
o tool_getparam: DNS options that need c-ares now fail without it [31]
o TPF: drop support [97]
o url: given a user in the URL, find pwd for that user in netrc [11]
o url: keep trailing dot in host name [62]
o url: make Curl_disconnect return void [48]
o urlapi: remove an unnecessary call to strlen [64]
o urldata: CONN_IS_PROXIED replaces bits.close when proxy can be disabled [52]
o version_win32: fix warning for `CURL_WINDOWS_APP` [93]
o vtls: pass on the right SNI name [61]
o vxworks: drop support [65]
o write-out.d: Fix num_headers formatting
o x509asn1: toggle off functions not needed for diff tls backends [91]
This release includes the following known bugs:
o see docs/KNOWN_BUGS (https://curl.se/docs/knownbugs.html)
This release would not have looked like this without help, code, reports and
advice from friends like these:
Alessandro Ghedini, Antoine Pietri, Bernhard Walle, Bjarni Ingi Gislason,
Cameron Will, Charles Cazabon, Daniel Stenberg, Davide Cassioli, Eric Musser,
Fabian Keil, Fabian Yamaguchi, Filip Lundgren, Harry Sarson, Henrik Holst,
Ikko Ashimine, Jan Ehrhardt, Jan-Piet Mens, jhoyla on github,
jonny112 on github, Kushal Das, Leah Neukirchen, Lucas Pardue,
luminixinc on github, Manfred Schwarb, Marcel Raad, Melroy van den Berg,
Michał Antoniak, neutric on github, Niels Martignène, Patrick Monnerat,
pheiduck on github, Ray Satiro, Ryan Schmidt, Samuel Henrique,
Sandro Jaeckel, Satadru Pramanik, Sebastian Sterk,
siddharthchhabrap on github, Stefan Eissing, Stephen Boost,
Stephen M. Coakley, updatede on github, Viktor Szakats, Xiaoke Wang,
(44 contributors)
References to bug reports and discussions on issues:
[1] = https://curl.se/bug/?i=8266
[2] = https://curl.se/bug/?i=8228
[3] = https://curl.se/bug/?i=8228
[4] = https://curl.se/bug/?i=8228
[5] = https://curl.se/bug/?i=8229
[6] = https://curl.se/bug/?i=8252
[7] = https://curl.se/bug/?i=8262
[8] = https://curl.se/bug/?i=8251
[9] = https://curl.se/bug/?i=8229
[10] = https://curl.se/bug/?i=8249
[11] = https://curl.se/bug/?i=8241
[12] = https://curl.se/bug/?i=8238
[13] = https://curl.se/bug/?i=8244
[14] = https://curl.se/bug/?i=8245
[15] = https://curl.se/bug/?i=8240
[16] = https://curl.se/bug/?i=8152
[17] = https://curl.se/bug/?i=8208
[18] = https://curl.se/bug/?i=8233
[19] = https://curl.se/bug/?i=8234
[20] = https://curl.se/bug/?i=8239
[21] = https://curl.se/bug/?i=8239
[22] = https://curl.se/bug/?i=7964
[23] = https://curl.se/bug/?i=8188
[24] = https://curl.se/bug/?i=8170
[25] = https://curl.se/bug/?i=8254
[26] = https://curl.se/bug/?i=8255
[27] = https://curl.se/bug/?i=8286
[28] = https://curl.se/bug/?i=8282
[29] = https://curl.se/bug/?i=8287
[30] = https://curl.se/bug/?i=8288
[31] = https://curl.se/bug/?i=8285
[32] = https://curl.se/bug/?i=8278
[33] = https://curl.se/bug/?i=8173
[34] = https://curl.se/bug/?i=8281
[35] = https://curl.se/bug/?i=8279
[36] = https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43515
[37] = https://hackerone.com/reports/1444539
[38] = https://curl.se/bug/?i=8321
[39] = https://curl.se/bug/?i=8322
[40] = https://curl.se/bug/?i=8268
[41] = https://curl.se/bug/?i=8317
[42] = https://curl.se/bug/?i=8315
[43] = https://curl.se/bug/?i=8292
[44] = https://curl.se/bug/?i=8316
[45] = https://curl.se/bug/?i=8309
[46] = https://curl.se/bug/?i=8363
[47] = https://curl.se/bug/?i=8307
[48] = https://curl.se/bug/?i=8303
[49] = https://curl.se/bug/?i=8235
[50] = https://curl.se/bug/?i=8299
[51] = https://curl.se/bug/?i=8291
[52] = https://curl.se/bug/?i=8350
[53] = https://curl.se/bug/?i=8350
[54] = https://curl.se/bug/?i=8276
[55] = https://curl.se/bug/?i=8341
[56] = https://curl.se/bug/?i=8343
[57] = https://curl.se/bug/?i=8344
[58] = https://curl.se/bug/?i=8340
[59] = https://curl.se/bug/?i=8338
[60] = https://curl.se/bug/?i=8334
[61] = https://curl.se/bug/?i=8320
[62] = https://curl.se/bug/?i=8290
[63] = https://curl.se/bug/?i=8372
[64] = https://curl.se/bug/?i=8370
[65] = https://curl.se/bug/?i=8362
[66] = https://curl.se/bug/?i=8369
[67] = https://curl.se/bug/?i=8314
[68] = https://curl.se/bug/?i=8365
[69] = https://curl.se/bug/?i=8368
[70] = https://curl.se/bug/?i=8367
[71] = https://curl.se/bug/?i=8364
[72] = https://curl.se/bug/?i=8358
[73] = https://curl.se/bug/?i=8359
[74] = https://curl.se/bug/?i=8357
[75] = https://curl.se/bug/?i=8357
[76] = https://hackerone.com/reports/1463013
[77] = https://curl.se/bug/?i=8354
[78] = https://curl.se/bug/?i=8408
[79] = https://curl.se/mail/lib-2022-02/0070.html
[82] = https://curl.se/bug/?i=8397
[84] = https://curl.se/bug/?i=8396
[85] = https://curl.se/bug/?i=8396
[86] = https://curl.se/bug/?i=8394
[87] = https://curl.se/bug/?i=8391
[88] = https://curl.se/bug/?i=8381
[90] = https://curl.se/bug/?i=8383
[91] = https://curl.se/bug/?i=8386
[93] = https://curl.se/bug/?i=8385
[94] = https://curl.se/bug/?i=8384
[95] = https://curl.se/bug/?i=8382
[96] = https://curl.se/bug/?i=8378
[97] = https://curl.se/bug/?i=8378
[98] = https://curl.se/bug/?i=8379
[99] = https://curl.se/bug/?i=8377
[100] = https://curl.se/bug/?i=8376
[101] = https://curl.se/bug/?i=8375