Wednesday 31st January 2024
Local Packages
Updated curl to 8.6.0:
Add CURLE_TOO_LARGE
Add CURLINFO_QUEUE_TIME_T
Add CURLOPT_SERVER_RESPONSE_TIMEOUT_MS
asyn-thread: Use GetAddrInfoExW on Windows ≥ 8
configure: Make libpsl detection failure cause error
docs/cmdline: Change to .md for cmdline docs
docs: Introduce "curldown" for libcurl man page format
runtests: Support -gl; Like -g but for lldb
altsvc: Free 'as' when returning error
appveyor: Replace PowerShell with bash plus parallel autotools
- appveyor: Switch to out-of-tree builds
asyn-ares: With modern c-ares, use its default timeout
build: Delete unused 'HAVE_{GSSHEIMDAL,GSSMIT,HEIMDAL}'
build: Delete/replace clang warning pragmas
- build: Enable missing OpenSSF-recommended warnings, with fixes
build: Fix '-Wconversion'/'-Wsign-conversion' warnings
build: Fix Windows ADDRESS_FAMILY detection
build: More '-Wformat' fixes
build: Remove redundant 'CURL_PULL_*' settings
cf-h1-proxy: No CURLOPT_USERAGENT in CONNECT with hyper
cf-socket: Show errno in tcpkeepalive error messages
CI/distcheck: Run full tests
cmake: Add option to disable building docs
cmake: Fix generation for system name iOS
cmake: Fix typo
cmake: Freshen up docs/INSTALL.cmake
cmake: Prefill/cache 'HAVE_STRUCT_SOCKADDR_STORAGE'
cmake: Rework options to enable curl and libcurl docs
cmake: When USE_MANUAL=YES, build the curl.1 man page
cmdline-opts/write-out.d: Remove spurious double quotes
cmdline-opts: Update availability for the *-ca-native options
cmdline/gen: Fix the sorting of the man page options
configure: Add libngtcp2_crypto_boringssl detection
configure: Fix no default int compile error in ipv6 detection
configure: When enabling QUIC, check that TLS supports QUIC
connect: Remove margin from eyeballer alloc
content_encoding: Change return code to typedef'ed enum
cookie.d: Document use of empty string to enable cookie engine
cookie: Avoid fopen with empty file name
curl.h: CURLOPT_DNS_SERVERS is only available with c-ares
curl: Show ipfs and ipns as supported "protocols"
curl_easy_getinfo.3: Remove the wrong time value count
curl_multi_fdset.3: Remove mention of null pointer support
CURLINFO_REFERER.3: Clarify that it is the request header
CURLOPT_AUTOREFERER.3: Mention CURLINFO_REFERER
CURLOPT_POSTFIELDS.3: Fix incorrect C string escape in example
CURLOPT_SSH_*_KEYFILE: Clarify
dist: Add tests/errorcodes.pl to the tarball
docs: Clean up Protocols: for cmdline options
- docs: Describe and highlight super cookies
docs: Do not start lines/sentences with So, But nor And
docs: Install curl.1 with cmake
- docs: Mention environment variables not used by schannel
- doh: Remove unused local variable
- examples: Add four new examples
file+ftp: Use stack buffers instead of data->state.buffer
ftp: Handle the PORT parsing without allocation
ftp: Use dynbuf to store entrypath
ftp: Use memdup0 to store the OS from a SYST 215 response
ftpserver.pl: Send 213 SIZE response without spurious newline
gen.pl: Support ## for doing .IP in table-like lists
gen: Do italics/bold for a range of letters, not just single word
- GHA: Add a job scanning for "bad words" in markdown
GHA: Bump ngtcp2, gnutls, mod_h2, quiche
gnutls: Fix build with --disable-verbose
haproxy-clientip.d: Document the arg
- headers: Make sure the trailing newline is not stored
headers: Remove assert from Curl_headers_push
hostip: Return error immediately when Curl_ip2addr() fails
hsts: Remove assert for zero length domain
http2: Improved on_stream_close/data_done handling
- http3/quiche: Fix result code on a stream reset
- http3: Initial support for OpenSSL 3.2 QUIC stack
http: adjust_pollset fix
http: Check for "Host:" case-insensitively
- http: Fix off-by-one error in request method length check
http: Only act on 101 responses when they are HTTP/1.1
- http: Remove comment reference to a removed solution
- http: Use stack scratch buffer
http_proxy: A blank CURLOPT_USERAGENT should not be used in CONNECT
krb5: Add prototype to silence clang warnings on mvsnprintf()
lib: Add debug log outputs for CURLE_BAD_FUNCTION_ARGUMENT
- lib: Error out on multissl + http3
lib: Fix variable undeclared error caused by 'infof' changes
lib: Reduce use of strncpy
lib: Rename Curl_strndup to Curl_memdup0 to avoid misunderstanding
lib: Replace readwrite with write_resp
lib: strndup/memdup instead of malloc, memcpy and null-terminate
libssh2: Use 'libssh2_session_callback_set2()' with v1.11.1
libssh: Improve the deprecation warning dismissal
libssh: Suppress warnings without version check
Makefile.am: Fix the MSVC project generation
Makefile.mk: Drop Windows support
mbedtls: Fix '-Wnull-dereference' and '-Wredundant-decls'
mbedtls: Free the entropy when threaded
mime: Use memdup0 instead of malloc + memcpy
mksymbolsmanpage.pl: Provide references to where the symbol is used
mprintf: Overhaul and bugfixes
mqtt: Use stack scratch buffer for recv+publish
multi: Remove total timer reset in file_do() while fetching file://
ngtcp2: Put h3 at the front of alpn
ntlm_wb: Do not use data->state.buffer any longer
openldap: Fix an LDAP crash
openldap: Fix STARTTLS
openssl: Re-match LibreSSL deinit with init
openssl: When verifystatus fails, remove session id from cache (CVE-2024-0853)
- OS400: Sync ILE/RPG binding
pingpong: Stop using the download buffer
pop3: Replace calloc + memcpy with memdup0
pytest: Scorecard tracking CPU and RSS
quiche: Return CURLE_HTTP3 on send to invalid stream
readwrite_data: Loop less
- Revert "urldata: move async resolver state from easy handle to connectdata"
- rtsp: Deal with borked server responses
runtests: For mode="text" on <stdout>, fix newlines on both parts
- sasl: Make login option string override http auth
schannel: Fix '-Warith-conversion' gcc 13 warning
sectransp: Do verify_cert without memdup for blobs
sectransp: Make TLSCipherNameForNumber() available in non-verbose config
sendf: Fix compiler warning with CURL_DISABLE_HEADERS_API
setopt: Clear mimepost when formp is freed
setopt: Use memdup0 when cloning COPYPOSTFIELDS
socks: Fix generic output string to say SOCKS instead of SOCKS4
socks: Use own buffer instead of data->state.buffer
- ssh: Fix namespace of two local macros
- ssh: Use stack scratch buffer for seeks
strerror: Repair get_winsock_error()
system.h: Sync mingw 'CURL_TYPEOF_CURL_SOCKLEN_T' with other compilers
system_win32: Fix a function pointer assignment warning
telnet: Use dynbuf instead of malloc for escape buffer
telnet: Use stack scratch buffer for do
tests/server: Delete workaround for old-mingw
tests: Avoid int/size_t conversion size/sign warnings
tests: Respect $TMPDIR when creating unix domain sockets
- tool: Make parser reject blank arguments if not supported
tool: Prepend output_dir in header callback
tool_getparam: bsearch cmdline options
tool_getparam: Do not try to expand without an argument
tool_getparam: Stop supporting '@filename' style for --cookie
tool_listhelp: Regenerate after recent .d updates
tool_operate: Make --remove-on-error only remove "real" files
tool_operate: Stop setting the file comment on Amiga
transfer: adjust_pollset improvements
- transfer: Fix upload rate limiting, add test cases
transfer: Make the select_bits_paused condition check both directions
transfer: Remove warning: Value stored to 'blen' is never read
- url: Don't set default CA paths for Secure Transport backend
- url: For disabled protocols, mention if found in redirect
urlapi: Remove assert
verify-examples.pl: Fail verification on unescaped backslash
version: Show only the libpsl version, not its dependencies
- vquic: Extract TLS setup into own source
vtls: Fix missing multissl version info
- vtls: Receive max buffer
vtls: Remove the Curl_cft_ssl_proxy object if CURL_DISABLE_PROXY
- websockets: Check for negative payload lengths
- websockets: Refactor decode chain
- windows: Delete redundant headers
- windows: Simplify detecting and using system headers
- wolfssl: Load certificate *chain* for PEM client certs
x509asn1: Remove code for WANT_VERIFYHOST
x509asn1: Switch from malloc to dynbuf