Wednesday 27th March 2024
Local Packages
Updated curl to 8.7.1:
configure: Add --disable-docs flag
CURLINFO_USED_PROXY: Return bool whether the proxy was used
digest: Support SHA-512/256
- DoH: Add trace configuration
write-out: Add '%{proxy_used}'
ALTSVC.md: Correct a typo
- asyn-ares: Fix data race warning
asyn-thread: Use wakeup_close to close the read descriptor
- badwords: Use hostname, not host name
BINDINGS: Add mcurl, the python binding
bufq: Writing into a softlimit queue cannot be partial
c-hyper: Add header collection writer in hyper builds
cd2nroff: gen: Make '\>' in input to render as plain '>' in output
cd2nroff: Remove backticks from titles
checksrc.pl: Fix handling .checksrc with CRLF
cmake: Add USE_OPENSSL_QUIC support
cmake: Add warning for using TLS libraries without 1.3 support
cmake: Enable 'ENABLE_CURL_MANUAL' by default
cmake: Fix 'CURL_WINDOWS_SSPI=ON' with Schannel disabled
cmake: Fix function description in comment
cmake: Fix install for older CMake versions
cmake: Fix libcurl.pc and curl-config library specifications
cmdline-docs/Makefile: Avoid using a fixed temp file name
cmdline-docs: Quote and angle bracket clean-up
cmdline-opts/_EXITCODES: Sync with libcurl-errors
cmdline-opts/_VARIABLES.md: Improve the description
cmdline-opts/_VERSION: Provide %VERSION correctly
cmdline-opts: Shorter help texts
configure Add pkg-config support to rustls detection
configure: Add warning for using TLS libraries without 1.3 support
configure: Build and install shell completions when enabled
configure: Do not link with nghttp3 unless necessary
configure: Don't build shell completions when disabled
configure: Don't make shell completions without perl
configure: Find libpsl with pkg-config
connect.c: Fix typo
CONTRIBUTE: Update the section on documentation format
cookie.md: Provide an example sending a fixed cookie
cookie: If psl fails, reject the cookie
curl: exit on config file parser errors
curl: Make --libcurl output better CURLOPT_*SSLVERSION
curl: When allocating variables, add the name into the struct
curl_setup.h: Add curl_uint64_t internal type
curldown: Fix email address in Copyright
CURLMOPT_MAX*: Mention what happens if changed mid-transfer
CURLOPT_INTERFACE.md: Remove spurious ampersand, add see-also
CURLOPT_POSTQUOTE.md: Fix typo
CURLOPT_SSL_CTX_FUNCTION.md: No promises of lifetime after return
CURLOPT_WRITEFUNCTION.md: Typo fix
digest: Add check for hashing error
- dist: Make sure the http tests are in the tarball
DISTROS: Add document with distro pointers
docs/libcurl: Add TLS backend info for all TLS options
docs/libcurl: Generate PROTOCOLS from meta-data
- docs: Add missing slashes to SChannel client certificate documentation
docs: Add necessary setup for nghttp3
docs: ASCII version of manpage without nroff
docs: dist curl*.1 and install without perl
docs: Make curldown do angle brackets like markdown
docs: Make each libcurl man specify protocol(s)
docs: Make sure curl.1 is included in dist tarballs
docs: Update minimal binary size in INSTALL.md
- docs: Use present tense
& examples: Use present tense in comments
file: Use xfer buf for file:// transfers
fopen: Fix narrowing conversion warning on 32-bit Android
form-string.md: Correct the example
- ftp: Do lineend conversions in client writer
ftp: Fix socket wait activity in ftp_domore_getsock
- ftp: Tracing improvements
ftp: Treat a 226 arriving before data as a signal to read data
gen.pl: Make the "manpageification" faster
gen: Make '\>' in input to render as plain '>' in output
getparam: Make --ftp-ssl work again
GHA/linux: Add sysctl trick to work-around GitHub runner issue
GIT-INFO: Convert to markdown
GOVERNANCE: Document the core team
header.md: Remove backslash, make nicer markdown
- HTTP/2: Write response directly
http2, http3: Return CURLE_PARTIAL_FILE when bytes were received
http2: Fix push discard
http2: Memory errors in the push callbacks are fatal
http2: Minor tweaks to optimize two struct sizes
http2: Push headers better clean-up (CVE-2024-2398)
http2: Remove the third (unused) argument from http2_data_done()
HTTP3.md: Adjust the OpenSSL QUIC install instructions
http: Better error message for HTTP/1.x response without status line
http: Improve response header handling, save CPU cycles
http: Move headers collecting to writer
http: Remove stale comment about rewindbeforesend
http: Separate response parsing from response action
http_chunks: Fix the accounting of consumed bytes
http_chunks: Remove unused 'endptr' variable
https-proxy: Use IP address and cert with IP in alt names
- hyper: Implement unpausing via client reader
ipv6.md: Mention IPv4 mapped addresses
KNOWN_BUGS: POP3 issue when reading small chunks
lib1598: Fix 'CURLOPT_POSTFIELDSIZE' usage
lib582: Remove code causing warning that is never run
lib: Add 'void *ctx' to reader/writer instances
lib: Convert Curl_get_line to use dynbuf
lib: Curl_read/Curl_write clarifications
lib: Enhance client reader resume + rewind
lib: Initialize output pointers to NULL before calling strto[ff,l,ul]
lib: Keep conn IP information together
lib: Move 'done' parameter to SingleRequests
lib: Remove curl_mimepart object when CURL_DISABLE_MIME
libcurl-docs: Clean-ups
libcurl-security.md: Active FTP passes on the local IP address
libssh/libssh2: Return error on too big range
MANUAL.md: Fix typo
mbedtls: Fix building when MBEDTLS_X509_REMOVE_INFO flag is defined
mbedtls: Fix pytest for newer versions (CVE-2024-2466)
mbedtls: Properly clean up the thread-shared entropy
mbedtls: Use mbedtls_ssl_conf_{min|max}_tls_version
md4: Include strdup.h for the memdup proto
- mime: Add client reader
- misc: Fix typos in docs and lib
mkhelp: Simplify the generated hugehelp program
mprintf: Fix format prefix I32/I64 for windows compilers
multi: Add xfer_buf to multi handle
multi: Fix multi_sock handling of select_bits
multi: Make add_handle free any multi_easy
ngtcp2: No recvbuf for stream
ntml_wb: Fix buffer type typo
- OpenSSL QUIC: Adapt to v3.3.x
openssl-quic: Check on Windows that socket conv to int is possible
openssl-quic: Fix BIO leak and Windows warning
openssl-quic: Fix unity build, casing, indentation
OS400: Avoid using awk in the build scripts
paramhlp: Fix CRLF-stripping files with "-d @file"
proxy1.0.md: Fix example
pytest: Adapt to API change
request: Clarify message when request has been sent off
rustls: Make curl compile with 0.12.0
schannel: Fix hang on unexpected server close
scripts: Fix cijobs.pl for Azure and GHA
sendf: Ignore response body to HEAD
setopt: Fix check for CURLOPT_PROXY_TLSAUTH_TYPE value
setopt: Fix disabling all protocols (CVE-2024-2004)
sha512_256: Add support for GnuTLS and OpenSSL
smtp: Fix STARTTLS
SPONSORS: Describe the basics
strtoofft: Fix the overflow check
test1541: Verify getinfo values on first header callback
test1165: Improve pattern matching
tests: Support setting/using blank content environment variables
TIMER_STARTTRANSFER: Set the same for everyone
- TLS: Start shutdown only when peer did not already close
TODO: Update 13.11 with more information
tool_cb_hdr: Only parse etag + content-disposition for 2xx
tool_getparam: Accept a blank -w ""
tool_getparam: Handle non-existing (out of range) short-options
tool_operate: Change precedence of server Retry-After time
tool_operate: Do not set CURLOPT_QUICK_EXIT in debug builds
trace-config.md: Remove the mutexed options list
transfer.c: Break receive loop in speed limited transfers
transfer: Improve Windows SO_SNDBUF update limit
urldata: Move authneg bit from conn to Curl_easy
version: Allow building with ancient libpsl
vquic-tls: Fix the error code returned for bad CA file (CVE-2024-2379)
- vtls: Fix tls proxy peer verification
- vtls: Revert "receive max buffer" + add test case
VULN-DISCLOSURE-POLICY.md: Update detail about CVE requests
websocket: Fix curl_ws_recv()
wolfSSL: Do not call the stub function wolfSSL_BIO_set_init()
write-out.md: Clarify error handling details
Updated dovecot (2.3.21) to drop i686 build from Fedora 40 onwards as per Changes/EncourageI686LeafRemoval
Updated perl-Variable-OnDestruct to 0.08:
- Revert not catching exceptions from destruct handlers
- Restore functionality on perl ≤ 5.12