Wednesday 2nd April 2025
Local Packages
Updated curl to 8.13.0:
curl: Add write-out variable 'tls_earlydata'
curl: Make --url support a file with URLs
gnutls: Set priority via --ciphers
IMAP: Add CURLOPT_UPLOAD_FLAGS and --upload-flags
lib: Add CURLFOLLOW_OBEYCODE and CURLFOLLOW_FIRSTONLY
- OpenSSL/quictls: Add support for TLSv1.3 early data
rustls: Add support for CERTINFO
rustls: Add support for SSLKEYLOGFILE
- rustls: Support ECH with DoH lookup for config
- rustls: Support native platform verifier
var: Add a '64dec' function that can base64 decode a string
- wolfssl: TLS early data support
- addrinfo: Add curl macro to avoid redefining foreign symbols
asyn-thread: Avoid the separate 'struct resdata' alloc
asyn-thread: Avoid the separate curl_mutex_t alloc
- asyn-thread: Do not allocate thread_data` separately
asyn-thread: Remove 'status' from struct Curl_async
autotools: Fix 'dllmain.c' in unity builds
autotools: Fix 'libtest' bundle to depend on 'FIRSTFILES'
autotools: Use 'CURLDEBUG' to exclude TrackMemory code from unity
- aws_sigv4: Cannot be used for proxy
- aws_sigv4: Merge repeated headers in canonical request
aws_sigv4: Use strparse more for parsing
base64: Drop 'BUILDING_CURL' macro, always include in tests/server
- build: Add Windows CE / CeGCC support, with CI jobs
- build: cmake multi-pkg-config detection improvements (brotli, ldap, mbedtls)
build: Do not apply curl debug macros to 'tests/server' by default
build: Drop unused 'getpart' tool
build: Enable -Wjump-misses-init for GCC 4.5+
build: Enable '-Wcast-qual', fix or silence compiler warnings
- build: Fix compiler warnings in feature detections
build: Replace Curl_ prefix with curlx_ for functions used in servers
build: Set '-O3' and tune WinCE in CI, fix 'getpart', 'vtls_scache' fallouts
build: Set 'HAVE_STDINT_H' if 'stdint.h' is available
build: Set 'HAVE_WRITABLE_ARGV' for Apple cross-builds
build: Silence bogus '-Wconversion' warnings with gcc 5.1-5.4
build: Silence mingw32ce C99 format warnings, simplify CI
build: Tidy-ups around 'inet_pton'
c-ares httpsrr: Fix ifdef
- c-ares: Error out for unsupported versions, drop unused macros
ca-native.md: Sync with CURLSSLOPT_NATIVE_CA
cf-socket: Deduplicate Windows Vista detection
cf-socket: Remove empty switch
- client writer: Handle pause before decoding
cmake: 'CURL_LIBDIRS' improvements (upstreamed from vcpkg)
cmake: 'SHARE_LIB_OBJECT=ON' requires CMake 3.12 or newer
- cmake: Add custom command scripts as dependencies where missing
- cmake: Add pre-fill for Unix, enable in GHA/macos, verify pre-fills
- cmake: Add shell completion support
cmake: Allow 'CURL_STATIC_CRT' with shared libcurl and no curl exe
cmake: Allow 'CURL_STATIC_CRT' with UCRT VS2015+ builds
cmake: Allow empty 'IMPORT_LIB_SUFFIX', add suffix collision detection
cmake: Avoid '-Wnonnull' warning in 'HAVE_FSETXATTR_5' detection
- cmake: Disable HTTPS-proxy as a feature if proxy is disabled
cmake: Drop 'CURL_DISABLE_TESTS' option
cmake: Drop 'HAVE_C_FLAG_Wno_long_double' logic for ancient Apple gcc
cmake: Drop 'HAVE_IN_ADDR_T' from pre-fill too
- cmake: Drop two stray TLS feature checks for wolfSSL
cmake: Exclude '-MP' for 'clang-cl' again
cmake: Fix 'HAVE_ATOMIC'/'HAVE_STDATOMIC' pre-fill for clang-cl
cmake: Fix clang-tidy builds to verify tests, fix fallouts
- cmake: Fix detection pre-fills for iOS
- cmake: Fix ECH detection in custom-patched OpenSSL
- cmake: Fix typo in ECH config error message
cmake: Hide empty 'MINGW64_VERSION' output for mingw32ce
cmake: Improve httpd detection for pytest
cmake: Mention 'insecure' in the debug build warning
- cmake: Misc tidy-ups
- cmake: Pre-fill known type sizes for Windows OSes
cmake: Replace CMAKE_COMPILER_IS_GNUCC with CMAKE_C_COMPILER_ID
cmake: Replace exec_program() with execute_process()
cmake: Restrict static CRT builds to static curl exe, test in CI
cmake: Sync cutoff version with autotools for picky option '-ftree-vrp'
cmake: Sync OpenSSL(-fork) feature checks with './configure'
cmake: Unity mode optimization for non-'CURLDEBUG' 'testdeps' targets
CODE_STYLE: Readability and banned functions
config-win32: Set 'HAVE_STDINT_H' where available
- configure: Call the blocking resolver "blocking", not "default"
- configure: Fix ECH detection with MultiSSL
- configure: Silence compiler warnings in feature checks, drop duplicates
- configure: Tidy up shell completion rules
configure: Use 'curl_cv_apple' variable
conn: Eliminate 'conn->now'
- conn: Fix connection reuse when SSL is optional
conncache: Eliminate 'conn->destination_len' as premature optimization
contributors.sh: Lowercase 'github' for consistency
contrithanks.sh: Update docs/THANKS in place
- cookie: Do prefix matching case-sensitively
- cookie: Minor parser simplification
cookie: Simplify invalid_octets()
core: Stop redefining 'E*' macros on Windows, map 'EACCES', related fixes
curl.h: Change some enums to defines with L suffix
curl.h: Convert CURLUSESSL* names to defines
curl.h: Stop defining non-curl '__has_declspec_attribute'
curl.h: Switch 'CURL_HTTP_VERSION*' enums to long constants
curl/system.h: Drop leftover comment about 32 bit curl_off_t
curl: Add my_setopt_long() and _offt()
curl_msh3: Remove verify bypass from DEBUGBUILDs
curl_setup: Drop 'ERANGE' (for WinCE), no longer used
curl_setup_once: Drop 'E*' macro redefines unused (with winsock2)
curl_setup_once: Stop redefining 'ENAMETOOLONG' to winsock2 error code
curl_trc: Fix build with CURL_DISABLE_VERBOSE_STRINGS
curl_ws_recv.md: Expand a little on the fragments the API delivers
CURLMOPT_SOCKETFUNCTION.md: Add advice for socket callback invocation
CURLOPT_HTTPHEADER.md: Add comments to the example
CURLOPT_HTTPHEADER.md: Rephrases
curltime: Use libcurl time functions in src and tests/server
DISABLED: Add 313 for sectransp (move from GHA/macos)
docs/cmdline-opts: Use imperative form
docs: Adapt to removed --with-random
docs: Add FD_ZERO to curl_multi_fdset example
docs: Bump 'rustls' to 0.14.1
- docs: Correct argument names and URL redirection
- docs: Minor edits to please the new spellchecker regime
- docs: Rework RUSTLS install instructions
docs: Unify HTTP version style in --help output
- docs: Vulnerabilities in debug code are not eligible for a bounty
- doh: Improve HTTPS RR svcparams parsing
doh: Remove wrong but unreachable exit path from doh_decode_rdata_name
dynbuf: Assert init on free
easy: Drop 'break' after 'return'
- easy: Fix warning about possible comma misuse
eventfd: Allow use on all CPUs
examples: Prefer 'return' over 'exit()' (cont.)
ftp/sftp: strdup data info memory
- ftp: Fix comment
- gnutls: Fix connection state check on handshake
- gnutls: Fix use of pkcs11 urls for keys/certs
- gtls: Fix uninitialized variable
- hash: Use single linked list for entries
hostip: Don't use alarm() for DoH resolves
hostip: Make CURLOPT_RESOLVE support replacing IPv6 addresses
http2: Add on_invalid_frame callback for error detection
- http2: Detect session being closed on ingress handling
http2: Enhance error messages on Curl_dyn* upon receiving headers
- http2: Fix stream assignment for pushes
- http2: Reset stream on response header error
HTTP3.md: Only speak about minimal versions
http: Convert parsers to strparse
- http: Fix NTLM info message typo
- http: Fix the auth check
- http: Make the RTSP version check stricter
http: Negotiation and room for alt-svc/https RR to navigate
- http: Remove a HTTP method size restriction
- http: Version negotiation
http_chunks: Replace a strofft call with curl_str_hex
https-rr: Implementation improvements
https-rr: Fix port detection
https-rr: Fix the HTTPS-RR threaded-resolver build combo
INFRASTRUCTURE.md: Add IRC and Matrix details
INSTALL-CMAKE.md: CMake usage updates
INSTALL-CMAKE.md: mention 'ZLIB_USE_STATIC_LIBS'
lib1156: Pass longs to 'curl_easy_setopt()'
lib1560: Test set path containing LR or CR
lib2302: Fix crash due to stack overflow on MSVC and clang Windows
lib696: Fix building on Windows in non-bundle mode
lib: Better optimized casecompare() and ncasecompare()
lib: Clear up CURLRES_ASYNCH vs. USE_CURL_ASYNC use
lib: Fix two curlx_strtoofft invokes
lib: Rename curlx_strtoofft to Curl_str_numblanks()
lib: Replace while(ISBLANK()) loops with Curl_str_passblanks()
- lib: Simplify more white space loops
lib: strtoofft.h header clean-up
lib: Use Curl_str_* instead of strtok_r()
lib: Use Curl_str_number() for parsing decimal numbers
libssh2: Fix freeing of resources in disconnect
libssh2: Fix memory leak in 'SSH_SFTP_REALPATH' state
libssh2: Fix to ignore 'known_hosts' if SHA256 host public key is set
libssh2: Print user with verbose flag
libssh2: Show crypto backend in the verbose connect log
libssh: Fix freeing of resources in disconnect
libssh: Fix scp large file upload for 32-bit size_t systems
libtest/first.c: Remove the Test: stderr output for unity builds
libtest/libprereq.c: Set CURLOPT_FOLLOWLOCATION with a long
- managen: Accept more markdown-quote-markers
managen: Correct the warning for un-escaped '<' and '>'
- mbedtls: Re-enable an error check
memdebug.h: Avoid '-Wredundant-decls' with an extra guard
memdebug: Drop dynamic allocation from 'curl_dbg_log()'
mprintf: Switch three number parsers to use strparse
mqtt: Convert sendleftovers to dynbuf
- msvc: Drop support for VS2005 and older
multi: Call protocol handler done() if PROTOCONNECT or later
- multi: Event based rework
multi: Kill off remaining internal handles in curl_multi_cleanup
- multi: Start the loop over when handles are removed
multi_ev: Fixes regarding connection shutdowns
- ngtcp2: Do not iterate over multi handles
ntlm: Merge ntlm.h into ntlm.c
openssl-quic: Do not iterate over multi handles
openssl: Check return value of X509_get0_pubkey
- openssl: Drop support for old OpenSSL/LibreSSL versions
- openssl: Fix crash on missing cert password
- openssl: Fix pkcs11 URI checking for key files
openssl: Remove bad 'goto's into other scope
prox/preproxy.md: Document argument within <brackets>
pytest: Test negotiate with http proxy
- quiche: Do not iterate over multi handles
RELEASE-PROCEDURE.md: Explain release candidates
request: Clear sendbuf_hds_len when resetting request bufq
resolve: Fix building without Unix sockets and 'CURLDEBUG'
runtests: Accept 'CURL_DIRSUFFIX' without ending slash
- runtests: Add feature-based filtering
runtests: Check and report if 'diff' tool is missing
runtests: Drop logic calling the 'handle' tool (Windows)
runtests: Drop recognizing 'winssl' as Schannel
- runtests: Drop ref to unused external function
runtests: Fix bundled test invocation with '-g' option
runtests: Fix SSH server not starting in cases, re-ignore failing vcpkg CI jobs
runtests: Fix test key format for libssh2 WinCNG (and others)
- runtests: Generate certs dynamically, bump to EC-256, tidy up
- runtests: Recognize AWS-LC as OpenSSL
runtests: Rewrite 'genserv.sh' in Perl
- runtests: Support multi-target cmake, drop workarounds from CI
runtests: Support running tests under wine or qemu
runtests: Use 'setfacl' on Cygwin/MSYS, if present
- rustls: Add ECH support with string ECH config
- rustls: Cap maximum allowed CRL file size to 8MB
- rustls: Support ECH GREASE
- rustls: Use client cert and key if available
- schannel: Deduplicate Windows Vista detection
- schannel: Enable ALPN support under WINE 6.0+
- schannel: Enable ALPN with MinGW, fix ALPN for UWP builds
- schannel: Guard ALPN init code to ALPN builds
scripts/managen: Fix option 'single'
scripts/managen: Fix parsing of markdown code sections
scripts: Update completion.pl to parse options from docs
sectransp: Add support for HTTP/2 in gcc builds
sendf: Client reader line conversion: do not change data->state.infilesize
setopt: Illegal CURLOPT_SOCKS5_AUTH should return error
- setopt: Remove unnecessary void pointer typecasts
setopt: Setting PROXYUSERPWD after PROXYUSERNAME/PASSWORD is fine
- shutdowns: Split shutdown handling from connection pool
socks: Remove bad assert from do_SOCKS5()
src: Avoid strdup on platforms not doing UTF-8 conversions
src: Clean-up ISBLANK vs. ISSPACE
src: Remove Curl_ prefix from tool-specific function
src: Remove final uses of Curl_ symbol prefixes in tool code
src: Replace strto[u][ld] with curlx_str_ parsers
- ssh: Consider sftp quote commands case sensitive
sshserver.pl: Adjust 'AuthorizedKeysFile2' cutoff version
sshserver.pl: Use Perl 'chmod'
- sshserver: Fix excluding obsolete client config lines
- ssl session cache: Add exportable flag
SSLCERTS: List support for SSL_CERT_FILE and SSL_CERT_DIR
strparse: Make Curl_str_number() return error for no digits
strparse: Switch the API to work on 'const char *'
strparse: Switch to curl_off_t as base data type
test1022: Add support for rc releases
test1167: Catch #defines with extra whitespace
test313: Disable CRL test for Schannel due to lack of support and flakiness
test313: Disable via '<features>' for backends without CRL support
test489: Set output dir
test612: SCP 'rm' the uploaded remote file (not the local source), unignore in CI
test613: Make it pass on Windows, fix postprocess, unignore in CI
test615: Fix for Cygwin, unignore in CI
tests/certs: Clean up
tests/server: Drop unused 'base64.pl'
tests/server: Fix to check against winsock2 error codes on Windows
tests/server: Give global 'path' variable a more descriptive name
tests/server: Make the signal handler signal-safe
tests/server: Replace 'errno' with 'SOCKERRNO' in sockfilt, socksd, sws
tests/server: Replace 'strerror' with 'sstrerror' in socksd
tests/server: Support bundle binary
tests/server: Sync 'wait_ms()' with the libcurl implementation
tests/server: Use 'curlx_str_numblanks()' to avoid 'errno'
tests/servers.pm: Remove unused variable 'portrange'
- tests: Build non-debug unit tests with autotools, run them
tests: Fix comment in lib533
tests: Fix enum/int confusion, fix autotools 'CFLAGS' for 'servers'
tests: Make sure 'commands.log' is generated in the correct logdir
- tests: Mark tests 1631, 1632 flaky
- tests: Reformat error messages to avoid tripping MSBuild
- tests: Remove base64 encoded sections
- tests: Remove unused variables
- tests: Replace remaining non-ASCII bytes with hex markup
tftpd: Prefix TFTP protocol error 'E*' constants with 'TFTP_'
tidy-up: Align MSYS2/Cygwin codepaths, follow Cygwin 'MAX_PID' bump
- tidy-up: Delete, comment or scope C macros reported unused
tidy-up: Drop unused 'CURL_INADDR_NONE' macro and 'in_addr_t' type
tidy-up: Use 'CURL_ARRAYSIZE()'
timediff: Fix comment for curlx_mstotv()
timediff: Remove unnecessary double typecast
tool_dirhie: Create dir hierarchy without strtok
tool_getparam: Clear sensitive arguments better
tool_getparam: Do parse_upload_flags without the alloc/free
tool_getparam: Parse --trace-config without strdup()/free()
tool_getparam: parse_header() without strtok
tool_operate: Change "1 retries" to "1 retry"
tool_operate: Fail SSH transfers without server auth
tool_operate: Fix pluralization of seconds
tool_operate: Remove unnecessary (long) typecasts
tool_paramhlp: Do --proto parsing without strtok
tool_parsecfg: Make my_get_line skip comments and newlines
tool_setopt: Reduce use of "code hiding" macros
url: Call protocol handler's disconnect in Curl_conn_free
urlapi: Fix redirect from file:// with query, and simplify
- urlapi: Remove percent encoded dot sequences from the URL path
- urlapi: Simplify junkscan
urldata: Remove 'hostname' from struct Curl_async
variable.md: Clarify 'trim' example
vquic: Obey IOV_MAX
- vtls: Fix compiler warnings seen with gcc 7.3.0 and mbedTLS
- winbuild: Reduce command-line length by dropping whitespace
windows: Do not use winsock2 'inet_ntop()'/'inet_pton()'
- windows: Drop code and curl manifest targeting W2K and older
windows: Fix issues detected by clang-tidy, and some more
- wolfssh: Fix freeing of resources in disconnect
wolfssh: Retrieve the error using wolfSSH_get_error
- wolfssl: Fix CA certificate multiple location import
- wolfssl: Fix unused variable warning
- wolfssl: Warn if CA native import option is ignored
- wolfssl: When using PQ KEM, use ML-KEM, not Kyber
ws: Corrected curlws_cont to reflect its documented purpose
ws: Fix and extend CURLWS_CONT handling
- zlib: Bump minimum to 1.2.5.2 (was: 1.2.0.4)
The openssl tool package is now needed for the test suite to run successfully; it is used to generate certificates