Wednesday 28th May 2025
Local Packages
Updated curl to 8.14.0:
mqtt: Send ping at upkeep interval
- schannel: Handle pkcs12 client certificates containing CA certificates
TLS: Add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs
vquic: ngtcp2 + openssl support
wcurl: Import v2025.04.20 script and documentation
- websocket: Add option to disable auto-pong reply
_SEEALSO.md: Remove spaces around command and man page section
asnyc-thrdd: Fix detach from running thread
asnyc-thrdd: Explain how this is okay with a comment
- async resolver code improvements
- async-threaded resolver: Use ref counter
- async: DoH improvements
autotools: Detect 'wolfSSL_set_quic_use_legacy_code' like cmake does
- autotools: Install shell completion files on cross build
aws-sigv4: Allow a blank string
build: Check required rustls-ffi version
- build: Enable gcc-12/13+, clang-10+ picky warnings
- build: Enable gcc-15 picky warnings
certs: Drop unused 'default_bits' from '.prm' files
cf-https-connect: Use the passed-in dns struct pointer
cf-socket: Fix FTP accept connect
- cfilters: Remove assert
cmake/FindNGTCP2: Simplify multi-pkg-config detection
cmake: Append picky warnings to 'CMAKE_REQUIRED_FLAGS' as string
cmake: Avoid 'target is imported but not globally visible' when consuming libcurl with old cmake
cmake: Do not install 'mk-ca-bundle' script and manpage
cmake: Enable '-Wall' for MSVC when 'PICKY_COMPILER=ON'
- cmake: Extend integration tests
cmake: Fix 'fish' install directory detection via 'pkg-config'
cmake: Fix nghttp3 static linking with 'USE_OPENSSL_QUIC=ON'
cmake: Fix option() and mark_as_advanced() mixed order
- cmake: Fix shell completion install when just one flavour is enabled
cmake: Honour individual picky option overrides found in 'CMAKE_C_FLAGS'
- cmake: Install shell completions for cross-builds
cmake: Link 'crypt32' for OpenSSL feature detection
cmake: Merge 'CURL_WERROR' logic into 'PickyWarnings.cmake'
cmake: Prefer 'COMPILE_OPTIONS' over 'CMAKE_C_FLAGS' for custom C options
cmake: Quotes, whitespace, use 'VERSION_GREATER_EQUAL'
cmake: Revert 'CURL_LTO' behaviour for multi-config generators
cmake: Set 'BUILDING_LIBCURL' directly for unit test targets
cmake: Stop deleting '-W<n>' from 'CMAKE_C_FLAGS' (MSVC)
- cmake: Tidy up and document feature detections in dependencies
cmake: Use 'CMAKE_COMPILE_WARNING_AS_ERROR' if available
cmake: Use 'INCLUDE_DIRECTORIES' prop to specify local header dirs
cmake: Use 'LIB_NAME' in 'curl-config.cmake.in'
- cmake: Use absolute paths for completion targets
cmake: Use the 'LINK_OPTIONS' property with CMake 3.13+
configure: Catch asking for double resolver without https-rr
configure: Fix --disable-rt
- configure: Restore link checks
configure: Suppress command not found for brew
conncache: Make Curl_cpool_init return void
- connect: Shutdown timer fix
content_encoding: Transfer-Encoding parser improvements
CONTRIBUTE: Add project guidelines for AI use
contrithanks.sh: Drop set -e
- cpool/cshutdown: Force close connections under pressure
curl: Fix memory leak when -h is used in config file
curl: Only warn once for --manual in manual-disabled build
curl_get_line: Handle lines ending on the buffer boundary
curl_krb5: Only use functions if FTP is still enabled
curl_multibyte: Fix up low-level calls, include in unity builds
curl_osslq: Remove a leftover debug fprintf() call
curl_url_get.md: Don't call it normalized
curl_version_info.md: Clarify ssl_version for MultiSSL
CURLMOPT_TIMERFUNCTION.md: Correct the example
CURLOPT_ERRORBUFFER.md: Buffer is read only after curl takes ownership
CURLOPT_FOLLOWLOCATION.md: Switch to GET => no body
CURLOPT_READFUNCTION.md: Mention the seek callback
CURLOPT_XFERINFOFUNCTION.md: Fix the callback return type in example
curlx: Move the docs to docs/internals/
DEPRECATE.md: Drop support for VS2008
DEPRECATE.md: Drop Windows CE support
dist: Drop duplicate entry from 'CMAKE_DIST'
dns_entry: Move from conn to data->state
Dockerfile: Update debian:bookworm-slim Docker digest to 90522ee
docs/INSTALL.md: Drop reference to removed configure option
docs/libcurl: Fix type and prototype problems in examples
docs/libcurl: Make examples build with picky compiler options
docs/libcurl: Mention sensitive data/headers
docs: Add missing return statement in examples
- docs: Fix incorrect shell substitution in docker run example command
docs: Fix typo in retry.md
- docs: Update distros links
doh: httpsrr fix
doh: Make sure CURLOPT_PROTOCOLS is set with a "long" arg
- doh: Reduce the DNS request buffer size
easy_reset: Fix dohfor_mid member
- ECH: Reference the OpenSSL ECH feature branch
etag-save.md: Mention how using both options is a good idea
eventfd: Fix feature guards
formdata: Clean-ups
- ftp: Fix bug in failed init
- ftp: Fix race in upload handling
ftplistparser: Add two overflow preventions
ftplistparser: Split up into more functions
generate.bat: Exclude curlinfo.c from legacy VS projects
genserv.pl: Fail with a message if 'openssl' is missing or failing
- headers: Enforce a max number of response header to accept
- headers: Set an error message on illegal response headers
hostip: Fix build without threaded-resolver and without DoH
hostip: Show the correct name on proxy resolve error
- http2: Fix stream window size after unpausing
HTTP3.md: Fix incorrect variable placeholders
- http: Fix a build error when all auths are disabled
- http: Fix HTTP/2 handling of TE request header using "trailers"
http: In alt-svc negotiation only allow supported HTTP versions
http_aws_sigv4: Add additional verbose log statements
http_aws_sigv4: Improve sigv4 url encoding and canonicalization
http_chunks: Narrow variable scope for 'trlen'
http_negotiate: Fix non-SSL build with GSSAPI
https-connect: Fix httpsrr target check
HTTPSRR.md: Clarify somewhat
if2ip: Build the function also if FTP is present
- imap: Remove redundant condition
INSTALL-CMAKE.md: Fix typo
INSTALL.md: Update the minimal libcurl size example
KNOWN_BUGS: Fix link in sivg4 issue 16.3
lib/src/docs/test: Improve curl_easy_setopt() calls
lib1560: Use hex notation, drop non-ASCII exception
lib3026: Drop DLL pre-load perf mitigation for old mingw
lib: Add const to clientwriter tables
lib: Drop curlx_getpid, use fake pid in SMB
- lib: Include files using known path
lib: Make Curl_easyopts const
- lib: Unify conversions to/from hex
libcurl-tutorial.md: Fix read callback explanation
libssh: Add NULL check for Curl_meta_get()
libssh: Fix memory leak
libssh: Remove a condition that always equals false
libtest/first: Stop defining MEMDEBUG_NODEFINES
libtests: Define CURL_DISABLE_DEPRECATION first
- make: Clean tests better
mbedtls: TLS 1.3 is max when mbedtls has 1.3 support
metahash: Add asserts to help analysers
mk-ca-bundle.pl: Follow redirects
mk-ca-bundle: Switch URLs to GitHub versions
mkhelp: Fix to not generate a line-ending space in some cases
mqtt: Use conn/easy meta hash
multi: Do transfer book keeping using mid
multi: init_do(): Check result
netrc: Avoid NULL deref on weird input
netrc: Avoid strdup NULL
netrc: Deal with null token better
ngtcp2: Clarify ignoring of result
openssl-quic: Avoid potential '-Wnull-dereference', add assert
openssl-quic: Fix printf mask
openssl-quic: Fix shutdown when stream not open
openssl: Enable builds for both engines and providers
- openssl: Set the cipher string before doing private cert
parsedate: Provide Curl_wkday also for GnuTLS builds
processhelp.pm: Always call 'taskkill' with '-f' (force)
processhelp.pm: Avoid potential endless loop, log more (Windows)
- progress: Avoid integer overflow when gathering total transfer size
pytest tls: Extend coverage (fixes WolfSSL cert validation, CVE-2025-4947)
pytest-xdist: pytest in parallel
pytest: Add pinnedpubkey test cases (fixes WolfSSL pinning, CVE-2025-5025)
pytest: Give parametrized tests better ids for read- and parsability
pytest: Make test_07_22 more lenient to exit codes
quic: No local idle connection timeout, ngtcp2 keep-alive
rand: Update comment on Curl_rand_bytes weak random
RELEASE-PROCEDURE.md: Release candidate git tagging explained
- rtsp: Remove redundant condition
runtests: Add retry option to reduce flakiness
runtests: Fix indentation
runtests: Recognize lowercase 'windows' in 'curl -V'
runtests: Remove server verification after start
runtests: Split 'SSH_PWD' into 'SCP_PWD' and 'SFTP_PWD', and more
- rustls: Make max size of cert and key reasonable
sasl: Give help when unable to select AUTH
scripts: completion.pl: Sort the completion file for all shells
- scripts: Drop unused import, formatting
scripts: Fix --opts-dir help in completion.pl
- scripts: Fix perl indentation, whitespace, semicolons
sectransp: Fix building for macOS Sierra and older
setopt: Provide info for CURLE_BAD_FUNCTION_ARGUMENT
- smb: Avoid integer overflow on weird input date
socket: Use accept4 when available
socketpair: Support pipe2 where available
spacecheck.pl: Check for non-ASCII chars, fix fallouts
spacecheck.pl: Verify 'tests/data/test*' for non-ASCII chars
src: Drop strcase.[ch] from tool builds
src: Include memdebug.h consistently with angle brackets <>
src: Rename curlx_safefree to tool_safefree
test1173.pl: Whitelist some option-looking names that aren't options
test1658: Add unit test for the HTTPS RR decoder
test: Make unittest 1308 into a libtest
tests/ech_tests.sh: Sync shebang with rest of bash scripts
tests/FILEFORMAT.md: Clarify %hex[] formatting
tests/FILEFORMAT.md: Document the aws feature
tests/README.md: Document --test-duphandle
tests/README.md: List the openssl tool among the prerequisites
tests/server/dnsd: Basic DNS server for test suite
tests/server: Check for 'stream != NULL' in mqttd
tests/server: Fix typo in comment
tests/server: Stop using libcurl string comparisons
tests/server: Stop using libcurl's printf functions
tests/serverhelp: Remove last remnants of http-pipe server
tests/tunit: Make a separate directory for tool-based unit tests
tests: Add aws feature to the related tests
tests: Add https-mtls server to force client auth
- tests: Fix some test tag mismatches
tests: Mark ipfs tests to require ipfs
- tests: Move a boolean variable out of the path section
tests: Prefer '--insecure' over '-k'
- tests: Provide all non-ascii data hex encoded
- tests: Remove some unused test case sections
- tests: Require IPv6 for 1265, 1324, 2086
tests: Separate tunit tests from unit tests more
tests: Stop using libcurl's strdup
- tests: Unify test case keywords
- tests: Use a more portable null device path
TODO: Remove "nicer lacking perl message"
tool_cb_write.c: Handle EINTR on flush
tool_getparam: Clear argument only when needed
tool_operate: Make retrycheck() a separate function
tool_operate: When retrying, only truncate regular files
tool_paramhlp: Avoid integer overflow in secs2ms()
tool_parsecfg: Make get_line handle lines ending on the buffer boundary
typecheck-gcc.h: Fix the typechecks
- urlapi: Redirecting to "" is considered fine
urlapi: Remove unneeded guards around PUNY2IDN
urldata: Remove the unused struct field 'hide_progress'
VERSIONS: List all past releases
vquic: Consistent name for the stream struct across backends
vquic: Init for every call to recvmsg
vtls: Avoid NULL deref on bad PEM input
- vtls: Fix build with ssl but without http
VULN-DISCLOSURE-POLICY: Use of weak algos
winbuild: Add the deprecation warning to the README
winbuild: curl_get_line is not used for tool builds
- windows: Fix builds targeting WinXP, test it in CI
- wolfssl: Fix to enable ALPN when available
- ws: Fix the header replace check
- ws: Store protocol context as connection meta data