aboutsummaryrefslogtreecommitdiffstats
path: root/contrib/libs/curl/RELEASE-NOTES
blob: 2a428467693f5e9d5536cf18746513dcbfdb42ff (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
curl and libcurl 7.83.0

 Public curl releases:         207
 Command line options:         247
 curl_easy_setopt() options:   295
 Public functions in libcurl:  88
 Contributors:                 2625

This release includes the following changes:

 o curl: add %header{name} experimental support in -w handling
 o curl: add %{header_json} experimental support in -w handling
 o curl: add --no-clobber [28]
 o curl: add --remove-on-error [11]
 o header api: add curl_easy_header and curl_easy_nextheader [56]
 o msh3: add support for QUIC and HTTP/3 using msh3 [84]

This release includes the following bugfixes:

 o appveyor: add Cygwin build [77]
 o appveyor: only add MSYS2 to PATH where required [78]
 o BearSSL: add CURLOPT_SSL_CIPHER_LIST support [27]
 o BearSSL: add CURLOPT_SSL_CTX_FUNCTION support [26]
 o BINDINGS.md: add Hollywood binding [34]
 o CI: Do not use buildconf. Instead, just use: autoreconf -fi [42]
 o CI: install Python package impacket to run SMB test 1451 [5]
 o configure.ac: move -pthread CFLAGS setting back where it used to be [14]
 o configure: bump the copyright year range int the generated output
 o conncache: include the zone id in the "bundle" hashkey [112]
 o connecache: remove duplicate connc->closure_handle check [90]
 o connect: make Curl_getconnectinfo work with conn cache from share handle [22]
 o connect: use TCP_KEEPALIVE only if TCP_KEEPIDLE is not defined [6]
 o cookie.d: clarify when cookies are sent
 o cookies: improve errorhandling for reading cookiefile [123]
 o curl/system.h: update ifdef condition for MCST-LCC compiler [4]
 o curl: error out if -T and -d are used for the same URL [99]
 o curl: error out when options need features not present in libcurl [18]
 o curl: escape '?' in generated --libcurl code [117]
 o curl: fix segmentation fault for empty output file names. [60]
 o curl_easy_header: fix typos in documentation [74]
 o CURLINFO_PRIMARY_PORT.3: clarify which port this is [126]
 o CURLOPT*TLSAUTH.3: they only work with OpenSSL or GnuTLS [105]
 o CURLOPT_DISALLOW_USERNAME_IN_URL.3: use uppercase URL
 o CURLOPT_PREQUOTE.3: only works for FTP file transfers, not dirs [79]
 o CURLOPT_PROGRESSFUNCTION.3: fix typo in example [63]
 o CURLOPT_UNRESTRICTED_AUTH.3: extended explanation [127]
 o CURLSHOPT_UNLOCKFUNC.3: fix the callback prototype [9]
 o docs/HYPER.md: updated to reflect current hyper build needs
 o docs/opts: Mention Schannel client cert type is P12 [50]
 o docs: Fix missing semicolon in example code [102]
 o docs: lots of minor language polish [51]
 o English: use American spelling consistently [95]
 o fail.d: tweak the description [101]
 o firefox-db2pem.sh: make the shell script safer [47]
 o ftp: fix error message for partial file upload [61]
 o gen.pl: change wording for mutexed options [98]
 o GHA: add openssl3 jobs moved over from zuul [88]
 o GHA: build hyper with nightly rustc [7]
 o GHA: move bearssl jobs over from zuul [85]
 o gha: move the event-based test over from Zuul [59]
 o gtls: fix build for disabled TLS-SRP [48]
 o http2: handle DONE called for the paused stream [69]
 o http2: RST the stream if we stop it on our own will [67]
 o http: avoid auth/cookie on redirects same host diff port [110]
 o http: close the stream (not connection) on time condition abort [68]
 o http: reject header contents with nul bytes [41]
 o http: return error on colon-less HTTP headers [31]
 o http: streamclose "already downloaded" [57]
 o hyper: fix status_line() return code [13]
 o hyper: fix tests 580 and 581 for hyper [107]
 o hyper: no h2c support [33]
 o infof: consistent capitalization of warning messages [103]
 o ipv4/6.d: clarify that they are about using IP addresses [3]
 o json.d: fix typo (overriden -> overridden) [24]
 o keepalive-time.d: It takes many probes to detect brokenness [29]
 o lib/warnless.[ch]: only check for WIN32 and ignore _WIN32 [45]
 o lib670: avoid double check result [71]
 o lib: #ifdef on USE_HTTP2 better [65]
 o lib: fix some misuse of curlx_convert_wchar_to_UTF8 [38]
 o lib: remove exclamation marks [100]
 o libssh2: compare sha256 strings case sensitively [114]
 o libssh2: make the md5 comparison fail if wrong length [111]
 o libssh: fix build with old libssh versions [12]
 o libssh: fix double close [124]
 o libssh: Improve fix for missing SSH_S_ stat macros [10]
 o libssh: unstick SFTP transfers when done event-based [58]
 o macos: set .plist version in autoconf [122]
 o mbedtls: remove 'protocols' array from backend when ALPN is not used [66]
 o mbedtls: remove server_fd from backend [91]
 o mk-ca-bundle.pl: Use stricter logic to process the certificates [39]
 o mk-ca-bundle.vbs: delete this script in favor of mk-ca-bundle.pl [8]
 o mlc_config.json: add file to ignore known troublesome URLs [35]
 o mqtt: better handling of TCP disconnect mid-message [55]
 o ngtcp2: add client certificate authentication for OpenSSL [15]
 o ngtcp2: avoid busy loop in low CWND situation [119]
 o ngtcp2: deal with sub-millisecond timeout [116]
 o ngtcp2: disconnect the QUIC connection proper [19]
 o ngtcp2: enlarge H3_SEND_SIZE [82]
 o ngtcp2: fix HTTP/3 upload stall and avoid busy loop [83]
 o ngtcp2: fix memory leak [80]
 o ngtcp2: fix QUIC_IDLE_TIMEOUT [94]
 o ngtcp2: make curl 1ms faster [93]
 o ngtcp2: remove remote_addr which is not used in a meaningful way [81]
 o ngtcp2: update to work after recent ngtcp2 updates [62]
 o ngtcp2: use token when detecting :status header field [92]
 o nonblock: restore setsockopt method to curlx_nonblock [20]
 o openssl: check SSL_get_peer_cert_chain return value [1]
 o openssl: enable CURLOPT_SSL_EC_CURVES with BoringSSL [23]
 o openssl: fix CN check error code [21]
 o options: remove mistaken space before paren in prototype
 o perl: removed a double semicolon at end of line [64]
 o pop3/smtp: return *WEIRD_SERVER_REPLY when not understood [43]
 o projects/README: converted to markdown [76]
 o projects: Update VC version names for VS2017, VS2022 [52]
 o rtsp: don't let CSeq error override earlier errors [37]
 o runtests: add 'bearssl' as testable feature [87]
 o runtests: make 'oldlibssh' be before 0.9.4 [2]
 o schannel: remove dead code that will never run [89]
 o scripts/copyright.pl: ignore the new mlc_config.json file
 o scripts: move three scripts from lib/ to scripts/ [44]
 o test1135: sync with recent API updates [54]
 o test1459: disable for oldlibssh [53]
 o test375: fix line endings on Windows [40]
 o test386: Fix an incorrect test markup tag
 o test718: edited slightly to return better HTTP [32]
 o tests/server/util.h: align WIN32 condition with util.c [46]
 o tests: refactor server/socksd.c to support --unix-socket [96]
 o timediff.[ch]: add curlx helper functions for timeval conversions [86]
 o tls: make mbedtls and NSS check for h2, not nghttp2 [70]
 o tool and tests: force flush of all buffers at end of program [17]
 o tool_cb_hdr: Turn the Location: into a terminal hyperlink [30]
 o tool_getparam: error out on missing -K file [115]
 o tool_listhelp.c: uppercase URL
 o tool_operate: fix a scan-build warning [16]
 o tool_paramhlp: use feof(3) to identify EOF correctly when using fread(3) [97]
 o transfer: redirects to other protocols or ports clear auth [109]
 o unit1620: call global_init before calling Curl_open [125]
 o url: check sasl additional parameters for connection reuse. [113]
 o vtls: provide a unified APLN-disagree string for all backends [75]
 o vtls: use a backend standard message for "ALPN: offers %s" [73]
 o vtls: use a generic "ALPN, server accepted" message [72]
 o winbuild/README.md: fixup dead link [36]
 o winbuild: Add a Visual Studio example to the README [49]
 o wolfssl: fix compiler error without IPv6 [25]

This release includes the following known bugs:

 o see docs/KNOWN_BUGS (https://curl.se/docs/knownbugs.html)

This release would not have looked like this without help, code, reports and
advice from friends like these:

  Alejandro R. Sedeño, Andreas Falkenhahn, Andrey Alifanov,
  anon00000000 on github, Balakrishnan Balasubramanian, Boris Verkhovskiy,
  Brad Spencer, Christian Schmitz, Christopher Degawa, Colin Leroy,
  Dan Fandrich, Daniel Gustafsson, Daniel Stenberg, Daniel Valenzuela,
  Don J Olmstead, Emanuele Torre, Evangelos Foutras, Francisco Olarte,
  Frank Meier, Gisle Vanem, Harry Sintonen, Ian Blanes, Jan Venekamp,
  Jay Dommaschk, Jean-Philippe Menil, Jenny Heino, Joseph Chen,
  jurisuk on github, Kristoffer Gleditsch, Kushal Das, Leandro Coutinho,
  Liam Warfield, Marcel Raad, Marc Hörsken, Matteo Baccan,
  Median Median Stride, mehatzri on github, Michael Kaufmann, Michał Antoniak,
  Nick Banks, Nick Coghlan, Nick Zitzmann, Patrick Monnerat, Paul Howarth,
  Paweł Kowalski, Peter Korsgaard, pheiduck on github, r-a-sattarov on github,
  Ray Satiro, Rianov Viacheslav, Robert Brose, Robert Charles Muir,
  Robin A. Meade, Samuel Henrique, Sascha Zengler, Taras Kushnir,
  Tatsuhiro Tsujikawa, Timothe Litt, Viktor Szakats, HexTheDragon
  (60 contributors)

References to bug reports and discussions on issues:

 [1] = https://curl.se/bug/?i=8579
 [2] = https://curl.se/bug/?i=8548
 [3] = https://curl.se/bug/?i=8543
 [4] = https://curl.se/bug/?i=8546
 [5] = https://curl.se/bug/?i=8544
 [6] = https://curl.se/bug/?i=8539
 [7] = https://curl.se/bug/?i=8545
 [8] = https://curl.se/bug/?i=8412
 [9] = https://curl.se/bug/?i=8573
 [10] = https://curl.se/bug/?i=8588
 [11] = https://curl.se/bug/?i=8503
 [12] = https://curl.se/bug/?i=8574
 [13] = https://curl.se/bug/?i=8572
 [14] = https://curl.se/bug/?i=8541
 [15] = https://curl.se/bug/?i=8522
 [16] = https://curl.se/bug/?i=8565
 [17] = https://curl.se/bug/?i=8516
 [18] = https://curl.se/bug/?i=8565
 [19] = https://curl.se/bug/?i=8534
 [20] = https://curl.se/bug/?i=8562
 [21] = https://curl.se/bug/?i=8559
 [22] = https://curl.se/bug/?i=8524
 [23] = https://curl.se/bug/?i=8553
 [24] = https://curl.se/bug/?i=8557
 [25] = https://curl.se/bug/?i=8550
 [26] = https://curl.se/bug/?i=8478
 [27] = https://curl.se/bug/?i=8477
 [28] = https://curl.se/bug/?i=7708
 [29] = https://curl.se/bug/?i=8570
 [30] = https://curl.se/bug/?i=7963
 [31] = https://curl.se/bug/?i=8610
 [32] = https://github.com/hyperium/hyper/issues/2783
 [33] = https://curl.se/bug/?i=8605
 [34] = https://curl.se/bug/?i=8609
 [35] = https://curl.se/bug/?i=8597
 [36] = https://curl.se/bug/?i=8597
 [37] = https://curl.se/bug/?i=8525
 [38] = https://curl.se/bug/?i=8521
 [39] = https://curl.se/bug/?i=8411
 [40] = https://curl.se/bug/?i=8599
 [41] = https://curl.se/bug/?i=8601
 [42] = https://curl.se/bug/?i=8596
 [43] = https://curl.se/bug/?i=8506
 [44] = https://curl.se/bug/?i=8625
 [45] = https://curl.se/bug/?i=8594
 [46] = https://curl.se/bug/?i=8594
 [47] = https://curl.se/bug/?i=8616
 [48] = https://curl.se/mail/lib-2022-03/0046.html
 [49] = https://curl.se/bug/?i=8592
 [50] = https://curl.se/bug/?i=8587
 [51] = https://curl.se/bug/?i=8646
 [52] = https://curl.se/bug/?i=8447
 [53] = https://curl.se/bug/?i=8622
 [54] = https://curl.se/bug/?i=8620
 [55] = https://hackerone.com/reports/1521610
 [56] = https://curl.se/bug/?i=8593
 [57] = https://curl.se/bug/?i=8665
 [58] = https://curl.se/bug/?i=8490
 [59] = https://curl.se/bug/?i=8490
 [60] = https://curl.se/bug/?i=8606
 [61] = https://curl.se/bug/?i=8637
 [62] = https://curl.se/bug/?i=8638
 [63] = https://curl.se/bug/?i=8636
 [64] = https://curl.se/bug/?i=8709
 [65] = https://curl.se/bug/?i=8661
 [66] = https://curl.se/bug/?i=8663
 [67] = https://curl.se/bug/?i=8664
 [68] = https://curl.se/bug/?i=8664
 [69] = https://curl.se/bug/?i=8626
 [70] = https://curl.se/bug/?i=8656
 [71] = https://curl.se/bug/?i=8660
 [72] = https://curl.se/bug/?i=8657
 [73] = https://curl.se/bug/?i=8657
 [74] = https://curl.se/bug/?i=8694
 [75] = https://curl.se/bug/?i=8643
 [76] = https://curl.se/bug/?i=8652
 [77] = https://curl.se/bug/?i=8693
 [78] = https://curl.se/bug/?i=8693
 [79] = https://curl.se/bug/?i=8602
 [80] = https://curl.se/bug/?i=8691
 [81] = https://curl.se/bug/?i=8689
 [82] = https://curl.se/bug/?i=8690
 [83] = https://curl.se/bug/?i=8688
 [84] = https://curl.se/bug/?i=8517
 [85] = https://curl.se/bug/?i=8684
 [86] = https://curl.se/bug/?i=8595
 [87] = https://curl.se/bug/?i=8684
 [88] = https://curl.se/bug/?i=8683
 [89] = https://curl.se/bug/?i=8677
 [90] = https://curl.se/bug/?i=8676
 [91] = https://curl.se/bug/?i=8682
 [92] = https://curl.se/bug/?i=8679
 [93] = https://curl.se/bug/?i=8678
 [94] = https://curl.se/bug/?i=8678
 [95] = https://curl.se/bug/?i=8673
 [96] = https://curl.se/bug/?i=8687
 [97] = https://curl.se/bug/?i=8701
 [98] = https://curl.se/bug/?i=8716
 [99] = https://curl.se/bug/?i=8704
 [100] = https://curl.se/bug/?i=8713
 [101] = https://curl.se/bug/?i=8714
 [102] = https://curl.se/bug/?i=8697
 [103] = https://curl.se/bug/?i=8711
 [105] = https://curl.se/bug/?i=8753
 [107] = https://curl.se/bug/?i=8707
 [109] = https://curl.se/docs/CVE-2022-27774.html
 [110] = https://curl.se/docs/CVE-2022-27776.html
 [111] = https://hackerone.com/reports/1549461
 [112] = https://curl.se/docs/CVE-2022-27775.html
 [113] = https://curl.se/docs/CVE-2022-22576.html
 [114] = https://hackerone.com/reports/1549435
 [115] = https://hackerone.com/reports/1542881
 [116] = https://curl.se/bug/?i=8738
 [117] = https://hackerone.com/reports/1548535
 [119] = https://curl.se/bug/?i=8739
 [122] = https://curl.se/bug/?i=8692
 [123] = https://curl.se/bug/?i=8699
 [124] = https://curl.se/bug/?i=8708
 [125] = https://curl.se/bug/?i=8719
 [126] = https://curl.se/bug/?i=8725
 [127] = https://curl.se/bug/?i=8724