Wednesday 16th July 2025
Local Packages
Updated curl to 8.15.0:
- TLS: Remove support for Secure Transport and BearSSL
altsvc: Accept 'clear' without semicolon as well
asyn-ares: Remove redundant NULL check
asyn-thrdd: Free the previous name before strdup'ing the new
autotools: Detect and link 'brotlicommon' library for brotli
autotools: Drop '$top_builddir/src' from src header path
autotools: Drop headers from src mk-unity rules (fixup)
autotools: Drop no longer necessary '--srcdir' unity options
autotools: Drop redundant 'Makefile.inc' from 'EXTRA_DIST' in src
- autotools: Simplify configuration in tests, examples
bufq: Change read/write signatures
bufq: Remove the unused Curl_bufq_unwrite function
build: Assume 'sys/socket.h', 'sys/time.h' on non-Windows (as in 'curl/curl.h')
build: Drop 'HAVE_SYS_SOCKET_H' and 'HAVE_SYS_TIME_H' macros
build: Drop explicit curlx from hdr paths, refer headers with 'curlx/' prefix
- build: Drop unused variables in tests
build: Fix libcurltool with cmake and tunits, related tidy-ups
build: Split '.c' and '.h' file lists in tests
build: Stop checking for 'sys/stat.h'
build: stubgss tidy-ups (in tests)
build: Sync build scripts between client/libtest
build: Tidy up 'Makefile.inc' use in lib and src
build: Tidy up header paths, use srcdir where possible
cf-socket: Make socket data_pending a no-op
checksrc-all: Rewrite in Perl, remove 'checksrc.bat'
checksrc: Reduce exceptions, apply again to curlx
cmake/FindGSS: Fix processing C header path options
cmake/FindGSS: Initialize result variables
cmake: 'curl_add_clang_tidy_test_target' tidy-ups
cmake: Build 'stubgss' library for libtests to match autotools
cmake: Check USE_WINDOWS_SSPI when adding secur32 to CURL_LIBS
- cmake: Configure c-ares header directory in project root (was: lib)
cmake: Document OpenSSL and ngtcp2 crypto lib custom variables
- cmake: Drop never-propagated C macros
cmake: Drop passing redundant 'CURL_STATICLIB' in examples and clients
- cmake: Drop redundant macro from test clients
cmake: Drop reference to future variable
cmake: Enable soversion by default for OpenHarmony OS
cmake: Fix 'curl_add_clang_tidy_test_target' when no '-D' option
cmake: Fix generator expression in docs/examples
cmake: Gather options recursively in 'curl_add_clang_tidy_test_target'
- cmake: Make docs depend on support files
cmake: Move 'OUTPUT' argument in the 'add_custom_command()' line
cmake: Omit clang-tidy on internal libs curlu and curltool
cmake: Replace 'cmakelint' with 'cmake-lint' from 'cmakelang', fix issues
cmake: Replace the way clang-tidy verifies tests, fix issues found
cmake: Simplify handling generated 'lib1521.c' in libtests
cmake: Sync 'target_link_libraries()' order in tests more
cmake: Sync tests scripts by using the variable 'BUNDLE'
- cmake: Sync tests scripts with each other and autotools (more)
cmake: Use 'target_link_options()' when available
config-win32: Fix default targets, shorten macro logic
configure: Order LDAP after the SSL libraries
connect: Drop unused struct member
connection: Clarify 'transport'
connection: Eliminate member 'remote_addr'
curl-config: Fix whitespace in usage text
curl.h: Make CURL_IPRESOLVE_* symbols defined as longs
curl.h: Make CURLSSLOPT_* symbols defined as longs
curl.h: Remove the "RESERVED" error codes
curl: Implement non-blocking STDIN read on Windows
curl: Improve non-blocking STDIN performance
curl: Remove the global argument from many functions
- curl: Unify pointer names to global config
curl_get_line: Make sure lines end with newline
curl_memory.h: Fix to undefine 'accept4'
curl_path: Make SFTP handle a path like /~ properly
curlinfo: Provide the 'digest' feature
CURLSHOPT_SHARE.md: Mention multi-threading requires callbacks
DEPRECATE.md: Add VS2005 removal to the list
- digest: Fix build with disabled digest auth
DISTROS: Update NixOS link
docs,tests: Fix english grammar "allow to" -> "allow <something> to"
docs/CONTRIBUTE: Fix broken link
docs/examples: Add ftp-delete.c
docs: Beef up examples/websocket.c
docs: Fix broken link in CODE_REVIEW.md
docs: Fix broken link in INSTALL.md
docs: Fix docs for CURLOPT_PREQUOTE after GH#17616
docs: Fix documentation of connect_only 2
- docs: Fix two typos
docs: Mention that the netrc file works without port numbers
- docs: Mention the as-is concept generically
docs: Note SSLS-EXPORT feature in -ssl-sessions doc
- docs: Reflect that delimiter-separated capath is only OpenSSL
docs: Sync -tls-earlydata support with CURLOPT_SSL_OPTIONS
docs: Warn about lifetime in CURLOPT_CLOSESOCKET*
- easy: Fix comment-documentation
easygetopt: Fix curl logo in header comment
firefox-db2pem: Avoid use of eval in script
- ftp: Fix prequotes for a directory in URL
ftplistparser: Split parse_unix into sub-functions
h2_serverpush: Fix file handle leaks reported by clang-tidy
- h3: Fix query of concurrent streams
- http/3: Report handshake with version and cipher as for TCP connections
http2: Do not delay RST send on aborted transfer
http2: Fix var types in is_alive() implementations
http: Explicitly ignore parsing errors for Retry-After
http: Fix build with cookies and HSTS disabled
http_ntlm: Protect against null deref
http_ntlm: Remove unreachable code
INSTALL.md: Cygwin details and add source code link
ldap: Avoid automake caching issues with LDAP library names
ldap: If ldap-lib is sufficient, add it to LIBS
ldap: Initial support for --with-ldap option
lib2082: Drop 'typedef struct'
- lib: Address single-use issues
- lib: Avoid reusing unclean connection
lib: Drop two interim macros in favour of native libcurl API calls
- lib: Fix unused parameter/function compiler warnings
lib: Make 'CURLX_SET_BINMODE()' and use it
lib: Make 'curlx_wait_ms()' and use it
lib: Replace scache no-op macros with '#ifdef'
lib: Stop 'time()' debug overrides at the end of source in altsvc, hsts
lib: Unify recv/send function signatures
libcurl-env.md: Drop LOGNAME, USER and NTLMUSER
libcurl.m4: Fix indentation
libssh2: Remove use of 'initialised' for clean-up
libssh: De-complex myssh_statemach_act()
libssh: Fix readdir issues
libtests: Make tests 1503, 1504, 1505 use the 1502 binary
libtests: More header tidy-ups
libtests: Stop building the same source multiple times
memdebug.h: #undef 'fclose' before defining it
memdebug.h: Eliminate global macro 'CURL_MT_LOGFNAME_BUFSIZE'
memdebug: Include in unity batch
memory: Stop overriding unused 'wcsdup()'/'_wcsdup()' system functions
memory: Tidy up '_tcsdup()' override
- misc: Fix typos
mk-lib1521: Replace 'printf' with 'curl_mprintf'
- multi: Add dirty bitset
- multi: Do not expire a blocked transfer
- multi: Fix polling with pending input
- multi: Remove careful bounds check as coverity says it is not needed
- multi: xfer table/bitset, handle limits
ngtcp2: Fix coverity warning about result handling
- openssl: Enable read-ahead
openssl: Error on SSL_ERROR_SYSCALL
- openssl: Fix handling of buffered data
- openssl: Fix openssl engine use
- openssl: Fix pkcs11 provider available check
- os400: Upgrade ILE/RPG bindings with latest definitions
pingpong: On disconnect, check for unflushed pingpong state
projects/build-openssl.bat: Remove
pytest: test_07_70, weaken early data check
pytest: Adapt for runs with openssl-1.1.1
pytest: Disable test_07_37 and test_07_36 with openssl's quic
quic: Implement CURLINFO_TLS_SSL_PTR
RELEASE-PROCEDURE.md: Update docs/VERSIONS
runtests.pl: Fix sprintf() using one too many %s
runtests: Fix 'LD_PRELOAD' detection for cmake-built curl binaries
runtests: Support memory-limits per test
rustls: Apply memory function overrides, fixing an ECH buffer free
rustls: Don't try printing the not provided file
schannel: Allow partial chains for manual peer verification
schannel: Drop Windows 2000 compatibility logic
- scorecard: Flame graphs and documentation
SCP/SFTP: Avoid busy loop after EAGAIN
- scripts: Fix to quote the copyright email address
- socks: Fix query when filter context is null
system.h: Remove some macros
test1117: Reduce write delays
test1175: Fix to run, and fix documentation issues detected
test1222: Fix for out-of-tree and no-libcurl-manual builds
test1499, 1599: use '%LOGDIR'
test1499: Verify two chunked responses on reused connection
test1596: Let test pass after year 2036
test1706: Pass include directory to 'managen' for out-of-tree builds
tests/client: Drop autotools logic no longer necessary
tests/client: Use 'curl_mfprintf()'
tests/dnsd: Read config from file
tests/http/clients: Drop hack and use 'curl_setup.h' again
tests/http/clients: Move to tests/client
tests/http/requirements: Remove multipart
tests/libtest: Call 'curlx_now_init()' for unit 1399, 2600 (Windows)
tests/libtest: Drop 'TEST_HANG_TIMEOUT' redefinition hack
tests/libtest: Drop a checksrc exception
tests/libtest: Use 'curltime' from curlx
tests/server/util.c: Include netinet/in6.h
tests/server: De-dupe/merge three 'sockdaemon()' clones into one
tests/server: Drop 'memdebug.h'
tests/server: Make all global vars/funcs static
tests/server: Move memory init to 'memptr.c'
tests/servers.pm: Add more ways to figure out current user
- tests: Always make bundles, adapt build and tests
- tests: Bundle http clients, de-dupe, enable for MSVC
- tests: Constify, make consts static
tests: Drop 'BUNDLE_SRC' variable
tests: Drop mk-bundle exceptions
- tests: Drop unused or redundant includes
tests: Drop useless "nodist_SOURCES" assignments
tests: Fail torture if !valgrind&threaded resolver
tests: Fix 1301, 1308 to fail on error
tests: Fix 'BUNDLE' variable references in 'Makefile.am'
tests: Make all names < 75 characters long
- tests: Make individual test sources compile cleanly
tests: Make sshserver less verbose
tests: Move 'curlcheck.h' to libtest as 'unitcheck.h'
tests: Move GSS-API dynamic stub into debug-mode libcurl
tests: torture: Don't duplicate valgrind command
tests: Use %b64[] to base64 data
tests: Use %b64[] to base64 data in 2056, 2057
tftpd: Use 'CURLMIN()' macro
tidy-up: Replace '<memdebug.h>' with '"memdebug.h"' (src, units)
tls: Remove Curl_ssl false_start
tool1621: Drop unused internal libcurl headers
tool_getparam: Fix --ftp-pasv
tool_operate: Fix return code when --retry is used but not triggered
tool_paramhelp: Fix language in comments
- top-complexity: Lower max allowed complexity threshold to 90
- unit tests: Extract "private" prototypes at build time
unit1302: Expand the base64 encode/decode tests
- url: Fix connection lifetime checks
url: Fix NULL deref with bad password when no user is provided
urlapi: Simplify and split into sub functions
urlapi: Use upper case hex encoding
vauth: Move auth structs to conn meta data
vtls: Change send/recv signatures of tls backends
vtls: Fix a copy-pasted early data comment typo
vtls: Log rustls negotiated KEX group name
vtls: Prefer ciphersuite to cipher in msgs
vtls: Prefer rustls-ffi ciphersuite name API
VULN-DISCLOSURE-POLICY.md: Fix typos
VULN-DISCLOSURE-POLICY: All reports should be disclosed
VULN-DISCLOSURE-POLICY: Exclude not installed software
VULN-DISCLOSURE-POLICY: Minor language polish
warnless: Drop parts of the 'read'/'write' preprocessor hack (Windows)
warnless: Replace 'read()'/'write()' wrapper functions with macros (Windows)
windows: Drop redundant 'curl_wcsdup_callback' callback
windows: Fixup 'fopen()' in 'CURLDEBUG' builds
- windows: Reduce/stop loading DLLs at runtime
wolfssl: Add support for ML_KEM hybrids
ws: Drop redundant 'CURL_EXTERN' from function definitions
xfer: Manage pause bits