Lines Matching +full:stringop +full:- +full:overflow
13 - RELEASE-NOTES: synced
17 - THANKS: new contributors from 8.5.0
21 - cd2nroff: use perl 'strict' and 'warnings'
23 - Use strict and warnings pragmas.
25 - If open() fails then show the reason.
27 - Set STDIN io layer :crlf so that input is properly read on Windows.
29 - When STDIN is used as input, the filename $f is now set to "STDIN".
38 - cd2nroff: fix duplicate output issue
40 Assisted-by: Jay Satiro
41 Fixes https://github.com/curl/curl-www/issues/321
44 - lib: error out on multissl + http3
51 Assisted-by: Viktor Szakats
52 Assisted-by: Gisle Vanem
58 - OS400: sync ILE/RPG binding
66 - build: delete/replace 3 more clang warning pragmas
68 - tool_msgs: delete redundant `-Wformat-nonliteral` suppression pragma.
70 - whitespace formatting in `mprintf.h`, lib518, lib537.
72 - lib518: fix wrong variable in `sizeof()`.
74 - lib518: bump variables to `rlim_t`.
75 Follow-up to e2b394106d543c4615a60795b7fdce04bd4e5090 #1469
77 - lib518: sync error message with lib537
78 Follow-up to 365322b8bcf9efb6a361473d227b70f2032212ce
80 - lib518, lib537: replace `-Wformat-nonliteral` suppression pragmas
83 Follow-up to 5b286c250829e06a135a6ba998e80beb7f43a734 #12812
84 Follow-up to aee4ebe59161d0a5281743f96e7738ad97fe1cd4 #12803
85 Follow-up to 09230127589eccc7e01c1a7217787ef8e64f3328 #12540
86 Follow-up to 3829759bd042c03225ae862062560f568ba1a231 #12489
88 Reviewed-by: Daniel Stenberg
93 - cmake: freshen up docs/INSTALL.cmake
95 - Turn docs/INSTALL.cmake into a proper markdown file,
96 docs/INSTALL-CMAKE.md
97 - Move things around to divide the description into configuration,
99 - Mention the more modern cmake options to configure, build and install,
106 - build: delete/replace clang warning pragmas
108 - delete redundant warning suppressions for `-Wformat-nonliteral`.
111 as a corner-case here.
113 - replace two pragmas with code changes to avoid the warnings.
115 Follow-up to aee4ebe59161d0a5281743f96e7738ad97fe1cd4 #12803
116 Follow-up to 09230127589eccc7e01c1a7217787ef8e64f3328 #12540
117 Follow-up to 3829759bd042c03225ae862062560f568ba1a231 #12489
119 Reviewed-by: Daniel Stenberg
124 - RELEASE-NOTES: synced
126 - http: only act on 101 responses when they are HTTP/1.1
133 Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66184
138 - _VARIABLES.md: add missing 'be' into the sentence
144 - mqtt, remove remaining use of data->state.buffer
150 - x509asn1: switch from malloc to dynbuf
154 - x509asn1: make utf8asn1str() use dynbuf instead of malloc + memcpy
158 - x509asn1: reduce malloc in Curl_extract_certinfo
166 - THANKS: add Alexander Bartel and Brennan Kinney
174 - krb5: add prototype to silence clang warnings on mvsnprintf()
178 Follow-up to 09230127589eccc7 which made the warning appear
180 Assisted-by: Viktor Szakats
183 - x509asn1: remove code for WANT_VERIFYHOST
187 Follow-up to 78d6232f1f326b9ab4d
191 - socks: reduce the buffer size to 600 (from 8K)
200 - file+ftp: use stack buffers instead of data->state.buffer
204 - vtls: receive max buffer
206 - do not only receive one TLS record, but try to fill
208 - consider <4K remaning space is "filled".
214 - docs: do not start lines/sentences with So, But nor And
218 - docs: remove spurious ampersands from markdown
222 Follow-up to eefcc1bda4bccd800f5a5
228 - sasl: make login option string override http auth
230 - Use http authentication mechanisms as a default, not a preset.
241 CURLAUTH_BEARER as a side-effect of --oauth2-bearer, because this flag
252 - socks: use own buffer instead of data->state.buffer
258 - socks: fix generic output string to say SOCKS instead of SOCKS4
264 - test742: test SOCKS5 with max length user, password and hostname
273 - ssh: use stack scratch buffer for seeks
275 - instead of data->state.buffer
281 - krb5: access the response buffer correctly
285 Folllow-up to c2d973627bab12ab
286 Pointed-out-by: Stefan Eissing
291 - mqtt: use stack scratch buffer for recv+publish
293 - instead of data->state.buffer
297 - telnet, use stack scratch buffer for do
299 - instead of data->state.buffer
303 - http, use stack scratch buffer
305 - instead of data->state.buffer
309 - ntlm_wb: do not use data->state.buf any longer
313 - gitignore: the generated `libcurl-symbols.md`
319 - tool: fix the listhelp generation command
329 - http: check for "Host:" case insensitively
336 Found-by: Dan Fandrich
342 - configure: add libngtcp2_crypto_boringssl detection
344 If OpenSSL is found to be BoringSSL or AWS-LC, and ngtcp2 is requested,
347 Reported-by: ウさん
353 - http: remove comment reference to a removed solution
355 Follow-up to 58974d25d
361 - pytest: Scorecard tracking CPU and RSS
367 - GHA: bump ngtcp2, gnutls, mod_h2, quiche
369 - ngtcp2 to v1.2.0
370 - gnutls to 3.8.3
371 - mod_h2 to 2.0.26
372 - quiche to 0.20.0
381 - ftpserver.pl: send 213 SIZE response without spurious newline
383 - pingpong: stop using the download buffer
391 'overflow' counter is indicate how many bytes.
395 - gen.pl: remove bold from .IP used for ##
397 Reported-by: Viktor Szakats
403 - cmake: rework options to enable curl and libcurl docs
407 - rename `ENABLE_MANUAL` to `ENABLE_CURL_MANUAL`, meaning:
408 to build man page and built-in manual for curl tool.
410 - rename `BUILD_DOCS` to `BUILD_LIBCURL_DOCS`, meaning:
413 - `BUILD_LIBCURL_DOCS` now works without having to enable
416 - drop support for existing CMake-level `USE_MANUAL` option to avoid
420 Assisted-by: Richard Levitte
426 - urlapi: remove assert
434 Follow-up to 4cfa5bcc9a
436 Reported-by: promptfuzz_ on hackerone
441 - tests: avoid int/size_t conversion size/sign warnings
447 - GHA: add a job scanning for "bad words" in markdown
449 This means words, phrases or things we have decided not to use - words that
457 - cmake: speed up curldown processing, enable by default
459 - cmake: enable `BUILD_DOCS` by default (this controls converting and
462 - cmake: speed up generating `.3` files by using a single command per
465 in resulting in 500 -one per file- external `-E touch_nocreate` calls.)
467 - cd2nroff: add ability to process multiple input files.
469 - cd2nroff: add `-k` option to use the source filename to form the
470 output filename. (instead of the default in-file `Title:` line.)
472 Follow-up to 3f08d80b2244524646ce86915c585509ac54fb4c
473 Follow-up to ea0b575dab86a3c44dd1d547dc500276266aa382 #12753
474 Follow-up to eefcc1bda4bccd800f5a56a0fe17a2f44a96e88b #12730
480 - docs: install curl.1 with cmake as well
486 - osslq: remove the TLS library from the version output
493 Reported-by: Viktor Szakats
498 - CI: remove unnecessary OpenSSL 3 option `enable-tls1_3`
504 - GHA: bump nghttp2 version to v1.59.0
506 - Switch to v1.59.0 for GHA CI jobs that use a specific nghttp2-version.
512 - RELEASE-NOTES: synced
514 - docs/cmdline: change to .md for cmdline docs
516 - switch all invidual files documenting command line options into .md,
517 as the documentation is now markdown-looking.
519 - made the parser treat 4-space indents as quotes
521 - switch to building the curl.1 manpage using the "mainpage.idx" file,
523 previous page-footer/headers. Also, those files are now also .md
531 - updated test cases accordingly
537 - CI: bump actions/cache from 3 to 4
540 - [Release notes](https://github.com/actions/cache/releases)
541 - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
542 - [Commits](https://github.com/actions/cache/compare/v3...v4)
544 ---
545 updated-dependencies:
546 - dependency-name: actions/cache
547 dependency-type: direct:production
548 update-type: version-update:semver-major
551 Signed-off-by: dependabot[bot] <support@github.com>
556 - openssl: when verifystatus fails, remove session id from cache
562 Reported-by: Hiroki Kurosawa
567 - cmake: add option to disable building docs
571 - cmake: use curldown to build man pages
580 - mksymbolsmanpage.pl: provide references to where the symbol is used
582 - docs: introduce "curldown" for libcurl man page format
587 - Each file has a set of leading headers with meta-data
588 - Supports a small subset of markdown
589 - Uses .md file extensions for editors/IDE/GitHub to treat them nicely
590 - Generates man pages very similar to the previous ones
591 - Generates man pages that still convert nicely to HTML on the website
592 - Detects and highlights mentions of curl symbols automatically (when
597 - cd2nroff: converts from curldown to nroff man page
598 - nroff2cd: convert an (old) nroff man page to curldown
599 - cdall: convert many nroff pages to curldown versions
600 - cd2cd: verifies and updates a curldown to latest curldown
615 - libssh2: use `libssh2_session_callback_set2()` with v1.11.1
621 ted: since libssh2 1.11.1. Use libssh2_session_callback_set2() [-Wdeprecated-
624 ted: since libssh2 1.11.1. Use libssh2_session_callback_set2() [-Wdeprecated-
627 Ref: https://github.com/curl/curl-for-win/actions/runs/7609484879/job/2072082
633 Reviewed-by: Daniel Stenberg
638 - transfer: make the select_bits_paused condition check both directions
642 Reported-by: Sergey Bronnikov
643 Bug: https://curl.se/mail/lib-2024-01/0049.html
648 - http3: initial support for OpenSSL 3.2 QUIC stack
650 - HTTP/3 for curl using OpenSSL's own QUIC stack together
652 - configure with `--with-openssl-quic` to enable curl to
654 - implementation with the following restrictions:
658 This makes connections to non-reponsive servers hang.
661 in processing delays or Transfer-Encodings on proxied
671 - cmake: fix `ENABLE_MANUAL` option
675 Before this patch `ENABLE_MANUAL=ON` was a no-op, even though it was the
676 option designed to enable building and using the built-in curl manual.
679 Ref: https://github.com/curl/curl/pull/12730#issuecomment-1902572409
684 - TODO: update broken link to ratelimit-headers draft
690 - cmake: when USE_MANUAL=YES, build the curl.1 man page
696 - cmdline-opts/write-out.d: remove spurious double quotes
700 - rtsp: Convert assertion into debug log
702 Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65934
704 - write excess bytes to the client where the standard excess bytes
712 - headers: remove assert from Curl_headers_push
717 Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65839
721 - curl_easy_getinfo.3: remove the wrong time value count
730 - mbedtls: fix `-Wnull-dereference` and `-Wredundant-decls`
732 - Silence warning in mbedTLS v3.5.1 public headers:
734 ./mbedtls/_x64-linux-musl/usr/include/psa/crypto_extra.h:489:14: warning: r
735 edundant redeclaration of 'psa_set_key_domain_parameters' [-Wredundant-decls]
736 ./mbedtls/_x64-linux-musl/usr/include/psa/crypto_struct.h:354:14: note: pre
743 - Fix compiler warnings seen with gcc 9.2.0 + cmake unity:
746 ./curl/lib/vtls/mbedtls.c:189:11: warning: null pointer dereference [-Wnull
747 -dereference]
748 189 | nread = Curl_conn_cf_recv(cf->next, data, (char *)buf, blen, &res
753 ./curl/lib/vtls/mbedtls.c:168:14: warning: null pointer dereference [-Wnull
754 -dereference]
755 168 | nwritten = Curl_conn_cf_send(cf->next, data, (char *)buf, blen, &
761 - delete stray `#else`.
767 - docs: cleanup nroff format use
769 - remove use of .BI for code snippet
770 - stop using .br, just do a blank line
771 - remove use of .PP
772 - remove use for .sp
773 - remove backslash in .IP
774 - use .IP instead of .TP
780 - test2307: fix expected failure code after ws refactoring
787 - cf-socket: show errno in tcpkeepalive error messages
789 - If the socket keepalive options (TCP_KEEPIDLE, etc) cannot be set
792 Ref: https://github.com/curl/curl/discussions/12715#discussioncomment-8151652
796 - tool_getparam: stop supporting `@filename` style for --cookie
798 The `@filename` style was never documented for --cookie <data|filename>
807 `--cookie @foo=bar`
813 Other curl options with a data/filename option-value use the `@filename`
815 --cookie option has never been documented that way.
817 Ref: https://curl.se/docs/manpage.html#-b
823 - websockets: refactor decode chain
825 - use client writer stack for decoding frames
826 - move websocket protocol handler to ws.c
830 - websockets: check for negative payload lengths
832 - in en- and decoding, check the websocket frame payload lengths for
834 - add test 2307 to verify
840 - docs: mention env vars not used by schannel
844 Co-authored-by: Jay Satiro <raysatiro@yahoo.com>
848 - tool_operate: make --remove-on-error only remove "real" files
850 Reported-by: Harry Sintonen
851 Assisted-by: Dan Fandrich
857 - url: don't set default CA paths for Secure Transport backend
865 - asyn-ares: with modern c-ares, use its default timeout
871 - tool_operate: stop setting the file comment on Amiga
873 - the URL is capped at 80 cols, which ruins it if longer
874 - it does not strip off URL credentials
875 - it is done unconditonally, not on --xattr
876 - we don't have Amiga in the CI which makes fixing it blindly fragile
881 Reported-by: Harry Sintonen
886 - rtsp: deal with borked server responses
888 - enforce a response body length of 0, if the
889 response has no Content-lenght. This is according
891 - excess bytes in a response body are forwarded to
895 Follow-up to d7b6ce6
901 - version: show only the libpsl version, not its dependencies
907 Ref: https://github.com/curl/curl-for-win/issues/63
912 - curl.h: CURLOPT_DNS_SERVERS is only available with c-ares
918 - cmdline-opts/gen.pl: error on initital blank line
920 After the "---" separator, there should be no blank line and this script
926 - cf-h1-proxy: no CURLOPT_USERAGENT in CONNECT with hyper
928 Follow-up to 693cd1679361828a which was incomplete
933 - curl_multi_fdset.3: remove mention of null pointer support
939 Reported-by: sfan5 on github
944 - docs/cmdline: remove unnecessary line breaks
950 - transfer: remove warning: Value stored to 'blen' is never read
952 Detected by scan-build
954 Follow-up from 1cd2f0072f
960 - lib: replace readwrite with write_resp
976 - CURLcode (*readwrite)(struct Curl_easy *data, struct connectdata *conn,
977 - const char *buf, size_t blen,
978 - size_t *pconsumed, bool *readmore);
987 * `conn` removed as it always operates on `data->conn`
991 response (end-of-stream).
1040 - RELEASE-NOTES: synced
1042 - TODO: TFTP doesn't convert LF to CRLF for mode=netascii
1047 - gen: do italics/bold for a range of letters, not just single word
1049 Previously it would match only on a sequence of non-space, which made it
1057 - docs: describe and highlight super cookies
1059 Reported-by: Yadhu Krishna M
1063 - configure: when enabling QUIC, check that TLS supports QUIC
1067 BoringSSL, libressl, AWS-LC and quictls do.
1076 - vquic: extract TLS setup into own source
1078 - separate ngtcp2 specific parts out
1079 - provide callback during init to allow ngtcp2 to apply its defaults
1085 - multi: remove total timer reset in file_do() while fetching file://
1090 timer. Otherwise, the total time is always less than the pre-transfer
1097 - http_proxy: a blank CURLOPT_USERAGENT should not be used in CONNECT
1101 Reported-by: Stefan Eissing
1105 - sectransp: do verify_cert without memdup for blobs
1112 - hsts: remove assert for zero length domain
1117 Follow-up from cfe7902111ae547873
1119 Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65661
1123 - headers: make sure the trailing newline is not stored
1127 Bug: https://curl.se/mail/lib-2024-01/0019.html
1128 Reported-by: Dmitry Karpov
1131 - curl_easy_header.3: tiny language fix
1135 - examples/range.c: add
1139 - examples/netrc.c: add
1143 - examples/ipv6.c: new example showing IPv6-only internet transfer
1147 - examples/address-scope.c: renamed from ipv6.c
1155 - multi: pollset adjust, init with FIRSTSOCKET during connect
1157 - `conn->sockfd` is set by `Curl_setup_transfer()`, but that
1159 - use `conn->sock[FIRSTSOCKET]` instead
1161 Follow-up to a0f94800d507de
1166 - WEBSOCKET.md: remove dead link
1168 - CI: spellcheck/appveyor: invoke configure --without-libpsl
1170 Follow-up to 2998874bb61ac6
1172 - cmdline/docs/*.d: switch to using ## instead of .IP
1178 - gen.pl: support ## for doing .IP in table-like lists
1186 - cookie.d: Document use of empty string to enable cookie engine
1188 - Explain that --cookie "" can be used to enable the cookie engine
1195 Bug: https://github.com/curl/curl/issues/12643#issuecomment-1879844420
1196 Reported-by: janko-js@users.noreply.github.com
1202 - setopt: use memdup0 when cloning COPYPOSTFIELDS
1206 - telnet: use dynbuf instad of malloc for escape buffer
1213 - CI: install libpsl or configure --without-libpsl in builds
1215 As a follow-up to the stricted libpsl check in configure
1217 - configure: make libpsl detection failure cause error
1222 --without-libpsl is the option to use if PSL is not wanted.
1226 - RELEASE-NOTES: synced
1228 - pop3: replace calloc + memcpy with memdup0
1234 - lib: add debug log outputs for CURLE_BAD_FUNCTION_ARGUMENT
1238 - mime: use memdup0 instead of malloc + memcpy
1242 - tool_getparam: move the --rate logic into set_rate()
1244 - tool_getparam: switch to an enum for every option
1249 - tool_getparam: build post data using dynbuf (more)
1251 - tool_getparam: replace malloc + copy by dynbuf for --data
1253 - tool_getparam: make data_urlencode avoid direct malloc
1257 - tool_getparam: move the --url-query logic into url_query()
1261 - tool_getparam: move the --data logic into set_data()
1263 - tool_getparam: unify the cmdline switch() into a single one
1265 - easier to follow, easier to modify, easier to extend, possibly slightly
1268 - each case now has the long option as a comment
1270 - tool_getparam: bsearch cmdline options
1272 - the option names are now alpha sorted and lookup is a lot faster
1274 - use case sensitive matching. It was previously case insensitive, but that
1277 - remove "partial match" feature. It was not documented, not tested and
1281 - lookup short options via a table
1287 - COPYING: update copyright year
1293 - url: init conn->sockfd and writesockfd to CURL_SOCKET_BAD
1297 Follow-up to a0f9480
1304 - connect: remove margin from eyeballer alloc
1310 - ftp: only consider entry path if it has a length
1312 Follow-up from 8edcfedc1a144f438bd1cdf814a0016cb
1314 Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65631
1322 - transfer: adjust_pollset improvements
1324 - let `multi_getsock()` initialize the pollset in what the
1326 - change connection filters `adjust_pollset()` implementation
1327 to react on the presence of POLLIN/-OUT in the pollset and
1329 - cf-socket will no longer add POLLIN on its own
1330 - http2 and http/3 filters will only do adjustments if the
1339 - ftp: use memdup0 to store the OS from a SYST 215 response
1345 - ftp: use dynbuf to store entrypath
1353 - wolfssl: load certificate *chain* for PEM client certs
1359 - http: adjust_pollset fix
1364 Follow-up to 47f5b1a
1366 Reported-by: bubbleguuum on github
1372 - tool: make parser reject blank arguments if not supported
1380 - build(deps): bump github/codeql-action from 2 to 3
1382 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2
1384 - [Release notes](https://github.com/github/codeql-action/releases)
1385 - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
1386 - [Commits](https://github.com/github/codeql-action/compare/v2...v3)
1388 ---
1389 updated-dependencies:
1390 - dependency-name: github/codeql-action
1391 dependency-type: direct:production
1392 update-type: version-update:semver-major
1395 Signed-off-by: dependabot[bot] <support@github.com>
1399 - build(deps): bump actions/checkout from 3 to 4
1402 - [Release notes](https://github.com/actions/checkout/releases)
1403 - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
1404 - [Commits](https://github.com/actions/checkout/compare/v3...v4)
1406 ---
1407 updated-dependencies:
1408 - dependency-name: actions/checkout
1409 dependency-type: direct:production
1410 update-type: version-update:semver-major
1413 Signed-off-by: dependabot[bot] <support@github.com>
1417 - build(deps): bump actions/upload-artifact from 3 to 4
1419 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) f
1421 - [Release notes](https://github.com/actions/upload-artifact/releases)
1422 - [Commits](https://github.com/actions/upload-artifact/compare/v3...v4)
1424 ---
1425 updated-dependencies:
1426 - dependency-name: actions/upload-artifact
1427 dependency-type: direct:production
1428 update-type: version-update:semver-major
1431 Signed-off-by: dependabot[bot] <support@github.com>
1435 - build(deps): bump actions/download-artifact from 3 to 4
1437 Bumps [actions/download-artifact](https://github.com/actions/download-artifac
1439 - [Release notes](https://github.com/actions/download-artifact/releases)
1440 - [Commits](https://github.com/actions/download-artifact/compare/v3...v4)
1442 ---
1443 updated-dependencies:
1444 - dependency-name: actions/download-artifact
1445 dependency-type: direct:production
1446 update-type: version-update:semver-major
1449 Signed-off-by: dependabot[bot] <support@github.com>
1455 - http3/quiche: fix result code on a stream reset
1457 - fixes pytest failures in test 07_22
1458 - aligns CURLcode values on stream reset with ngtcp2
1464 - setopt: clear mimepost when formp is freed
1468 Reported-by: Thomas Ferguson
1474 - CI: Add dependabot.yml
1483 - content_encoding: change return code to typedef'ed enum
1492 - tool: prepend output_dir in header callback
1494 When Content-Disposition parsing is used and an output dir is prepended,
1496 for setting the file timestamp when --remote-time is used.
1500 Co-Authored-by: Jay Satiro
1501 Reported-by: hgdagon on github
1505 - test1254: fix typo in name plus shorten it
1507 - RELEASE-NOTES: synced
1511 - schannel: fix `-Warith-conversion` gcc 13 warning
1515 may change the sign of the result [-Warith-conversion]
1522 - asyn-thread: silence `-Wcast-align` warning for Windows
1526 lib/asyn-thread.c:310:5: warning: cast from 'PCHAR' (aka 'char *') to 'struct
1527 thread_sync_data *' increases required alignment from 1 to 8 [-Wcast-align]
1532 .../llvm-mingw/aarch64-w64-mingw32/include/winnt.h:717:48: note: expanded fro
1535 ss) - (ULONG_PTR)(&((type *)0)->field)))
1540 Follow-up to a6bbc87f9e9ffb46a1801dfb983e7534825ed56b #12482
1542 Ref: https://github.com/curl/curl/pull/12482#issuecomment-1873017261
1547 - tool_listhelp: regenerate after recent .d updates
1553 - test1478: verify src/tool_listhelp.c
1560 - testutil: make runtests support %include
1567 - runtests: for mode="text" on <stdout>, fix newlines on both parts
1573 - quiche: return CURLE_HTTP3 on send to invalid stream
1589 - cmdline-opts: update availability for the *-ca-native options
1595 - openldap: fix STARTTLS
1606 - haproxy-clientip.d: document the arg
1614 - configure: fix no default int compile error in ipv6 detection
1620 - CI: Fix use of any-glob-to-all-files in the labeler
1622 Despite its name, this atom acts like one-glob-to-all-files and a
1624 any-glob-to-all-files semantics. Unfortunately, this makes the file
1631 - CURLOPT_AUTOREFERER.3: mention CURLINFO_REFERER
1633 - CURLINFO_REFERER.3: clarify that it is the *request* header
1641 - system_win32: fix a function pointer assignment warning
1643 - Use CURLX_FUNCTION_CAST to suppress a function pointer assignment
1648 about that as breaking strict-aliasing rules so this PR changes those
1651 Bug: https://github.com/curl/curl/pull/12581#issuecomment-1869804317
1652 Reported-by: Marcel Raad
1656 - verify-examples.pl: fail verification on unescaped backslash
1658 - Check that all backslashes in EXAMPLE are properly escaped.
1667 Co-authored-by: Daniel Stenberg
1673 - vtls: fix missing multissl version info
1675 - Fix erroneous buffer copy logic from ff74cef5.
1684 - KNOWN_BUGS: [RTSP] Some methods do not support response bodies
1690 - openldap: fix an LDAP crash
1692 Reported-by: Ozan Cansel
1698 - getinfo: CURLINFO_QUEUE_TIME_T
1708 - RELEASE-NOTES: synced
1712 - examples/sendrecv: fix comment line length
1718 - CURLOPT_POSTFIELDS.3: fix incorrect C string escape in example
1720 - Escape inner quotes with two backslashes.
1731 - appveyor: tidy-ups
1733 - replace two remaining backslashes with forward slashes.
1734 - tidy up the way we form and pass `TFLAGS`.
1736 Follow-up to 2d4d0c1fd32f5cc3f946c407c8eccd5477b287df #12572
1742 - transfer: fix upload rate limiting, add test cases
1744 - add test cases for rate limiting uploads for all
1746 - fix transfer loop handling of limits. Signal a re-receive
1748 - fix `data->state.selectbits` forcing re-receive to also
1749 set re-sending when transfer is doing this.
1751 Reported-by: Karthikdasari0423 on github
1757 - mbedtls: free the entropy when threaded
1762 Reported-by: RevaliQaQ on github
1768 - http2: improved on_stream_close/data_done handling
1770 - there seems to be a code path that cleans up easy handles without
1773 - add GOOD check to easy handle used in on_close_callback to
1775 - NULL the stream user data early before submitting RST
1776 - add checks in on_stream_close() to identify UNGOOD easy handles
1778 Reported-by: Hans-Christian Egtvedt
1784 - mprintf: overhaul and bugfixes
1787 %-codes per call, this version is around 30% faster than previous
1791 given unknown %-sequences. Fixing that flaw required a different take on
1792 the problem, which resulted in the new two-arrays model.
1794 lib557: extended - Verify the #12561 fix and test more printf features
1804 - appveyor: replace PowerShell with bash + parallel autotools
1812 has been improved in 7.2 (2021-Nov), but fixed versions aren't running
1818 - use `-j2` with autotools tests, making them finish 5-15 minutes per
1820 - omit `POSIX_PATH_PREFIX`.
1821 - use `WINDIR`.
1822 - prefer forward slashes.
1824 Follow-up to: 75078a415d9c769419aed4153d3d525a8eba95af #11999
1832 - asyn-thread: use GetAddrInfoExW on >= Windows 8
1842 - strerror: repair get_winsock_error()
1846 Follow-up to ff74cef5d4a0cf60106517a1c7384
1847 Reported-by: calvin2021y on github
1851 - CURLOPT_SSH_*_KEYFILE: clarify
1857 - ngtcp2: put h3 at the front of alpn
1863 - test460: verify a command line using --expand with no argument
1867 - tool_getparam: do not try to expand without an argument
1872 Reported-by: Geeknik Labs
1875 - RELEASE-NOTES: synced
1879 - Makefile.am: fix the MSVC project generation
1885 Reported-by: iAroc on github
1891 - altsvc: free 'as' when returning error
1895 Signed-off-by: zengwei <zengwei1@uniontech.com>
1899 - build: fix `-Wconversion`/`-Wsign-conversion` warnings
1905 older Cygwin/MSYS2 builds. Likely fixed on 2020-08-03 by:
1906 https://cygwin.com/git/?p=newlib-cygwin.git;a=commitdiff;h=5717262b8ecfed0f7f
1909 Follow-up to 2dbe75bd7f3c36837aa06fd87a442bdf3fb7faef #12492
1913 - build: fix some `-Wsign-conversion`/`-Warith-conversion` warnings
1915 - enable `-Wsign-conversion` warnings, but also setting them to not
1917 - fix `-Warith-conversion` warnings seen in CI.
1918 These are triggered by `-Wsign-converion` and causing errors unless
1921 - fix some `-Wsign-conversion` warnings.
1922 - hide `-Wsign-conversion` warnings with a `#pragma`.
1923 - add macro `CURL_WARN_SIGN_CONVERSION` to unhide them on a per-build
1925 - update a CI job to unhide them with the above macro:
1926 https://github.com/curl/curl/actions/workflows/linux.yml -> OpenSSL -O3
1930 - cmake: tidy-up `OtherTests.cmake`
1932 - make more obvious which detection uses which prep steps.
1933 - merge and streamline conditions.
1934 - these should not alter detection results.
1941 - appveyor: switch to out-of-tree builds
1949 - DEPRECATE.md: mention that NTLM_WB no longer works
1954 - CURLOPT_SERVER_RESPONSE_TIMEOUT_MS: add
1956 Proposed-by: Yifei Kong
1957 Ref: https://curl.se/mail/lib-2023-11/0023.html
1962 - build: more `-Wformat` fixes
1964 - memdebug: update to not trigger `-Wformat-nonliteral` warnings.
1965 - imap: mark `imap_sendf()` with `CURL_PRINTF()`.
1966 - tool_msgs: mark static function with `CURL_PRINTF()`.
1968 Follow-up to 3829759bd042c03225ae862062560f568ba1a231 #12489
1972 - windows: delete redundant headers
1982 - cmake: prefill/cache `HAVE_STRUCT_SOCKADDR_STORAGE`
1991 - runner.pm: fix perl warning when running tests
1996 Follow-up from 3dcf301752a09d9
2000 - runtests: support -gl. Like -g but for lldb.
2002 Follow-up to 63b5748
2009 - curl.h: add CURLE_TOO_LARGE
2018 - CI/circleci: disable MQTT in the HTTP-only build
2026 - tests: respect $TMPDIR when creating unix domain sockets
2039 - ssh: fix namespace of two local macros
2044 Follow-up to 413a0fedd02c8c6df1d294534b8c6e306fcca7a2 #12346
2046 Reviewed-by: Daniel Stenberg
2049 - cmake: whitespace tidy-up in `OtherTests.cmake`
2055 - cmake: fix generation for system name iOS
2064 `vcpkg install curl:arm64-ios` and `vcpkg install curl:x64-ios` failed
2067 CMake Error: try_run() invoked in cross-compiling mode, please set the follow
2077 Co-authored-by: Viktor Szakats
2082 - RELEASE-NOTES: synced
2086 - gnutls: fix build with --disable-verbose
2088 infof() parameters must be defined event with --disable-verbose since
2108 - build: delete unused `HAVE_{GSSHEIMDAL,GSSMIT,HEIMDAL}`
2113 Reviewed-by: Daniel Stenberg
2116 - build: remove redundant `CURL_PULL_*` settings
2122 [2] without the logic it enabled. A subsequent fix [3] re-added the
2126 [1] 2012-11-23: 665adcd4b7bcdb7deb638cdc499fbe71f8d777f2
2127 [2] 2017-03-29: 9506d01ee50d5908138ebad0fd9fbd39b66bd64d #1373
2128 [3] 2017-08-25: 8a84fcc4b59e8b78d2acc6febf44a43d6bc81b59 #1828 #1833
2130 Reviewed-by: Daniel Stenberg
2133 - system.h: sync mingw `CURL_TYPEOF_CURL_SOCKLEN_T` with other compilers
2137 makes it unnecessary to make a mingw-specific trick and pull all Windows
2139 Windows, not to the compiler. mingw-w64's Windows header maps it to
2148 Reviewed-by: Daniel Stenberg
2149 Reviewed-by: Jay Satiro
2152 - windows: simplify detecting and using system headers
2154 - autotools, cmake: assume that if we detect Windows, `windows.h`,
2156 - lib: fix 3 outlier `#if` conditions to use `USE_WINSOCK` instead of
2158 - autotools: merge 3 Windows check methods into one.
2159 - move Watt-32 and lwIP socket support to `setup-win32.h` from
2160 `config-win32.h`. It opens up using these with all build tools. Also
2162 - fix to assume Windows sockets with the mingw32ce toolchain.
2163 Follow-up to: 2748c64d605b19fb419ae56810ad8da36487a2d4
2164 - cmake: delete unused variable `signature_call_conv` since
2166 - autotools: simplify `CURL_CHECK_WIN32_LARGEFILE` detection.
2167 - examples/externalsocket: fix header order.
2168 - cmake/OtherTests.cmake: delete Windows-specific `_source_epilogue`
2170 - cmake/OtherTests.cmake: set `WIN32_LEAN_AND_MEAN` for test
2174 Windows-specific logic. It guards Windows Sockets-specific logic with
2177 Reviewed-by: Jay Satiro
2180 - build: enable missing OpenSSF-recommended warnings, with fixes
2182 https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening
2183 -Guide-for-C-and-C++.html
2184 as of 2023-11-29 [1].
2186 Enable new recommended warnings (except `-Wsign-conversion`):
2188 - enable `-Wformat=2` for clang (in both cmake and autotools).
2189 - add `CURL_PRINTF()` internal attribute and mark functions accepting
2193 https://gcc.gnu.org/onlinedocs/gcc-3.0.4/gcc_5.html#SEC94
2194 - fix `CURL_PRINTF()` and existing `CURL_TEMP_PRINTF()` for
2195 mingw-w64 and enable it on this platform.
2196 - enable `-Wimplicit-fallthrough`.
2197 - enable `-Wtrampolines`.
2198 - add `-Wsign-conversion` commented with a FIXME.
2199 - cmake: enable `-pedantic-errors` the way we do it with autotools.
2200 Follow-up to d5c0351055d5709da8f3e16c91348092fdb481aa #2747
2201 - lib/curl_trc.h: use `CURL_FORMAT()`, this also fixes it to enable format
2207 - fix bug where an `set_ipv6_v6only()` call was missed in builds with
2208 `--disable-verbose` / `CURL_DISABLE_VERBOSE_STRINGS=ON`.
2209 - add internal `FALLTHROUGH()` macro.
2210 - replace obsolete fall-through comments with `FALLTHROUGH()`.
2211 - fix fallthrough markups: Delete redundant ones (showing up as
2213 - silence `-Wformat-nonliteral` warnings with llvm/clang.
2214 - fix one `-Wformat-nonliteral` warning.
2215 - fix new `-Wformat` and `-Wformat-security` warnings.
2216 - fix `CURL_FORMAT_SOCKET_T` value for mingw-w64. Also move its
2218 - lib: fix two wrongly passed string arguments in log outputs.
2219 Co-authored-by: Jay Satiro
2220 - fix new `-Wformat` warnings on mingw-w64.
2222 [1] https://github.com/ossf/wg-best-practices-os-developers/blob/56c0fde3895b
2223 fc55c8a973ef49a2572c507b2ae1/docs/Compiler-Hardening-Guides/Compiler-Options-
2224 Hardening-Guide-for-C-and-C%2B%2B.md
2228 - Makefile.mk: drop Windows support
2230 And DLL-support with it. This leaves `Makefile.mk` for MS-DOS and Amiga.
2235 Ref: https://github.com/curl/curl/pull/12221#issuecomment-1783761806
2236 Reviewed-by: Daniel Stenberg
2241 - cmdline-docs: use .IP consistently
2245 able to introduce our own easier-to-use-and-read syntax/formatting and
2252 - http: fix off-by-one error in request method length check
2260 - curl: show ipfs and ipns as supported "protocols"
2265 Also makes curl-config show the same list.
2267 Co-Authored-by: Jay Satiro
2268 Reported-by: Chara White
2269 Bug: https://curl.se/mail/archive-2023-12/0026.html
2272 - Revert "urldata: move async resolver state from easy handle to connectdata"
2276 We want the c-ares channel to be held in the easy handle, not per
2277 connection - for performance.
2283 - openssl: re-match LibreSSL deinit with init
2290 [1] https://github.com/curl/curl/pull/11611#issuecomment-1668654014
2292 Reported-by: Mike Hommey
2293 Reviewed-by: Daniel Stenberg
2299 - libssh: supress warnings without version check
2303 Follow-up from d21bd2190c46ad7fa
2307 - hostip: return error immediately when Curl_ip2addr() fails
2313 - libssh: improve the deprecation warning dismissal
2331 - test1474: removed
2336 - readwrite_data: loop less
2344 - it might call the progress callback much more seldom. Especially if
2347 - rate limiting becomes less exact
2349 - a single transfer might "starve out" other parallel transfers
2351 - QUIC timers for other connections can't be maintained correctly
2357 avoids the loop completely for when rate-limiting is in progress.
2360 Ref: https://curl.se/mail/lib-2023-12/0012.html
2365 - lib: eliminate `conn->cselect_bits`
2367 - use `data->state.dselect_bits` everywhere instead
2368 - remove `bool *comeback` parameter as non-zero
2369 `data->state.dselect_bits` will indicate that IO is
2374 - connect: refactor `Curl_timeleft()`
2376 - less local vars, "better" readability
2377 - added documentation
2383 - cookie: avoid fopen with empty file name
2389 - tests/server: delete workaround for old-mingw
2391 mingw-w64 1.0 comes with w32api v3.12, thus doesn't need this.
2393 Follow-up to 38029101e2d78ba125732b3bab6ec267b80a0e72 #11625
2395 Reviewed-by: Jay Satiro
2398 - cmake: delete obsolete TODOs more [ci skip]
2400 - manual completed: 898b012a9bf388590c4be7f526815b5ab74feca1 #1288
2401 - soname completed: 5de6848f104d7cb0017080e31216265ac19d0dde #10023
2402 - bunch of others that are completed
2403 - `NTLM_WB_ENABLED` is implemented in a basic form, and now also
2406 And this 'to-check' item:
2408 Q: "The cmake build selected to run gcc with -fPIC on my box while the
2420 autotools supports the double-pass mode only, and in that case
2423 Follow-up to 5d5dfdbd1a6c40bd75e982b66f49e1fa3a7eeae7 #12500
2425 Reviewed-by: Jay Satiro
2430 - CLIENT-WRITERS: design and use documentation
2436 - cmake: delete obsolete TODO items [ci skip]
2444 Q: "The gcc command line use neither -g nor any -O options. As a
2445 developer, I also treasure our configure scripts's --enable-debug
2450 - `Release` = `-O3` + no debug info
2451 - `MinSizeRel` = `-Os` + no debug info
2452 - `Debug` = `-O0` + debug info
2454 https://stackoverflow.com/questions/48754619/what-are-cmake-build-type-deb
2455 ug-release-relwithdebinfo-and-minsizerel/59314670#59314670
2456 https://cmake.org/cmake/help/latest/manual/cmake-buildsystem.7.html#defaul
2457 t-and-custom-configurations
2466 - CONNECTION-FILTERS: update documentation
2472 - lib: reduce use of strncpy
2474 - bearssl: select cipher without buffer copies
2475 - http_aws_sigv4: avoid strncpy, require exact timestamp length
2476 - http_aws_sigv4: use memcpy isntead of strncpy
2477 - openssl: avoid strncpy calls
2478 - schannel: check for 1.3 algos without buffer copies
2479 - strerror: avoid strncpy calls
2480 - telnet: avoid strncpy, return error on too long inputs
2481 - vtls: avoid strncpy in multissl_version()
2485 - CI/distcheck: run full tests
2493 - docs: clean up Protocols: for cmdline options
2499 - cmdline/gen: fix the sorting of the man page options
2502 extension, making "data" get placed after "data-binary" etc. Making the
2505 Reported-by: Boris Verkhovskiy
2506 Bug: https://curl.se/mail/archive-2023-12/0014.html
2511 - doh: remove unused local variable
2520 - build: fix Windows ADDRESS_FAMILY detection
2522 - Include winsock2.h for Windows ADDRESS_FAMILY detection.
2533 Co-authored-by: Viktor Szakats
2539 - lib: rename Curl_strndup to Curl_memdup0 to avoid misunderstanding
2548 - convsrctest.pl: removed: not used, not shipped in tarballs
2550 - tests: rename tests scripts to the test number
2559 - badsymbols.pl -> test1167.pl
2560 - check-deprecated.pl -> test1222.pl
2561 - check-translatable-options.pl -> test1544.pl
2562 - disable-scan.pl -> test1165.pl
2563 - error-codes.pl -> test1175.pl
2564 - errorcodes.pl -> test1477.pl
2565 - extern-scan.pl -> test1135.pl
2566 - manpage-scan.pl -> test1139.pl
2567 - manpage-syntax.pl -> test1173.pl
2568 - markdown-uppercase.pl -> test1275.pl
2569 - mem-include-scan.pl -> test1132.pl
2570 - nroff-scan.pl -> test1140.pl
2571 - option-check.pl -> test1276.pl
2572 - options-scan.pl -> test971.pl
2573 - symbol-scan.pl -> test1119.pl
2574 - version-scan.pl -> test1177.pl
2580 - sendf: fix compiler warning with CURL_DISABLE_HEADERS_API
2583 referenced - when CURL_DISABLE_HEADERS_API is defined.
2589 - tidy-up: whitespace
2595 - test_02_download: fix paramters to test_02_27
2597 - it is a special client that only ever uses http/2
2603 - vtls: remove the Curl_cft_ssl_proxy object if CURL_DISABLE_PROXY
2609 - lib: strndup/memdup instead of malloc, memcpy and null-terminate
2611 - bufref: use strndup
2612 - cookie: use strndup
2613 - formdata: use strndup
2614 - ftp: use strndup
2615 - gtls: use aprintf instead of malloc + strcpy * 2
2616 - http: use strndup
2617 - mbedtls: use strndup
2618 - md4: use memdup
2619 - ntlm: use memdup
2620 - ntlm_sspi: use strndup
2621 - pingpong: use memdup
2622 - rtsp: use strndup instead of malloc, memcpy and null-terminate
2623 - sectransp: use strndup
2624 - socks_gssapi.c: use memdup
2625 - vtls: use dynbuf instead of malloc, snprintf and memcpy
2626 - vtls: use strdup instead of malloc + memcpy
2627 - wolfssh: use strndup
2631 - strdup: remove the memchr check from Curl_strndup
2637 - ftp: handle the PORT parsing without allocation
2643 - RELEASE-NOTES: synced
2647 - url: for disabled protocols, mention if found in redirect
2664 Reported-by: Mauricio Scheffer
2670 - sectransp_ make TLSCipherNameForNumber() available in non-verbose config
2672 Reported-by: Cajus Pollmeier
2678 - lib: fix variable undeclared error caused by `infof` changes
2680 `--disable-verbose` yields `CURL_DISABLE_VERBOSE_STRINGS` defined.
2683 Follow-up to dac293c
2689 - tidy-up: fix yamllint whitespace issues in labeler.yml
2691 Follow-up to bda212911457c6fadfbba50be61afc4ca513fa56 #12466
2693 Reviewed-by: Dan Fandrich
2696 - tidy-up: fix yamllint whitespace issues
2702 - cmake: fix typo
2704 Follow-up to aace27b
2709 - dist: add tests/errorcodes.pl to the tarball
2713 Reported-by: Xi Ruoyao
2714 Follow-up to 0ca3a4ec9a7
2720 - github/labeler: update a missed key in the v5 upgrade
2722 Follow-up to ce03fe3ba
2728 - RELEASE-NOTES: synced
2734 - github/labeler: switch from the beta to labeler v5
2742 - DEPRECATE: remove NTLM_WB in June 2024
2744 Ref: https://curl.se/mail/lib-2023-12/0010.html
2748 Jacob Hoffman-Andrews (4 Dec 2023)
2750 - rustls: implement connect_blocking
2756 - examples/rtsp-options.c: add
2765 - ngtcp2: ignore errors on unknown streams
2767 - expecially in is_alive checks on connections, we might
2775 - docs: make all examples in all libcurl man pages compile
2779 - checksrc.pl: support #line instructions
2783 - GHA/man-examples: verify libcurl man page examples
2785 - verify-examples.pl: verify that all man page examples compile clean
2787 - RELEASE-NOTES: synced
2791 - http3: bump ngtcp2 and nghttp3 versions
2800 - CI/quiche: use `3.1.4+quic` consistently in CI workflows
2806 - test1545: disable deprecation warnings
2817 .0. Use curl_mime_init() [-Werror=deprecated-declarations]
2823 Follow-up to 07a3cd83e0456ca17dfd8c3104af7cf45b7a1ff5 #12421
2830 - INSTALL: update list of ports and CPU archs
2832 - symbols-in-versions: the CLOSEPOLICY options are deprecated
2838 - build: fix builds that disable protocols but not digest auth
2840 - Build base64 functions if digest auth is not disabled.
2850 - connect: reduce number of transportation providers
2852 Use only the ones necessary - the ones that are built-in. Saves a few
2859 - vtls: consistently use typedef names for OpenSSL structs
2876 - libcurl-security.3: fix typo
2884 - ngtcp2: fix races in stream handling
2886 - fix cases where ngtcp2 invokes callbacks on streams that
2894 - tool_writeout_json: fix JSON encoding of non-ascii bytes
2905 $ curl --variable 'v=“' --expand-write-out '{{v:json}}\n' file:///dev/nul
2914 Reported-by: iconoclasthero
2919 - cf-socket: TCP trace output local address used in connect
2925 - CURLINFO_PRETRANSFER_TIME_T.3: fix time explanation
2927 - Change CURLINFO_PRETRANSFER_TIME_T explanation to say that it
2928 includes protocol-specific instructions that trigger a transfer.
2936 Reported-by: eeverettrbx@users.noreply.github.com
2943 - multi: during ratelimit multi_getsock should return no sockets
2949 Ref: https://curl.se/mail/lib-2023-11/0056.html
2954 - transfer: abort pause send when connection is marked for closing
2956 This handles cases of some bi-directional "upgrade" scenarios
2965 - RELEASE-NOTES: synced
2967 - openssl: when a session-ID is reused, skip OCSP stapling
2970 Reported-by: Alexey Larikov
2973 - test1545: test doing curl_formadd twice with missing file
2979 - Curl_http_body: cleanup properly when Curl_getformdata errors
2981 Reported-by: yushicheng7788 on github
2982 Based-on-work-by: yushicheng7788 on github
2986 - test1477: verify that libcurl-errors.3 and public headers are synced
2994 - libcurl-errors.3: sync with current public headers
3000 - test459: fix for parallel runs
3002 - change warniing message to work better with varying filename
3004 - adapt test output check to new formatting
3006 Follow-up to 97ccc4479f77ba3191c6
3011 - tool_cb_prg: make the carriage return fit for wide progress bars
3023 Reported-by: Tim Hill
3027 - tool_parsecfg: make warning output propose double-quoting
3030 quoted, mention double-quotes as a possible remedy.
3034 Proposed-by: Jiehong on github
3040 - curl.rc: switch out the copyright symbol for plain ASCII
3044 libcurl.rc copyright symbol used to cause a "non-ascii 8-bit codepoint"
3047 Ref: https://github.com/curl/curl/commit/1ca62bb5#commitcomment-133474972
3049 Suggested-by: Robert Southee
3055 - conncache: use the closure handle when disconnecting surplus connections
3061 taint meta-data in the data handle.
3070 Reported-by: ohyeaah on github
3074 - RELEASE-NOTES: synced
3078 - quic: make eyeballers connect retries stop at weird replies
3080 - when a connect immediately goes into DRAINING state, do
3083 - When eyeballing, interpret CURLE_WEIRD_SERVER_REPLY as an
3086 - refs #11832 where connects were retried indefinitely until
3093 - CI: verify libcurl function SYNPOSIS sections
3095 With the .github/scripits/verify-synopsis.pl script
3099 - docs/libcurl: SYNSOPSIS cleanup
3101 - use the correct include file
3102 - make sure they are declared as in the header file
3103 - fix minor nroff syntax mistakes (missing .fi)
3105 These are verified by verify-synopsis.pl, which extracts the SYNPOSIS
3110 - sendf: fix comment typo
3112 - fopen: allocate the dir after fopen
3118 Follow-up to 73b65e94f35311
3124 - transfer: cleanup done+excess handling
3126 - add `SingleRequest->download_done` as indicator that
3128 - remove `stop_reading` bool from readwrite functions
3129 - move excess body handling into client download writer
3135 - fopen: create new file using old file's mode
3142 Reported-by: Loïc Yhuel
3146 - test1476: require proxy
3148 Follow-up from 323df4261c3542
3152 - fopen: create short(er) temporary file name
3157 Reported-by: Maksymilian Arciemowicz
3163 - tests: git ignore generated second-hsts.txt file
3167 Follow-up to 7cb03229d9e9c5
3173 - openssl: enable `infof_certstack` for 1.1 and LibreSSL 3.6
3181 Follow-up to b6e6d4ff8f253c8b8055bab9d4d6a10f9be109f3 #12030
3183 Reviewed-by: Daniel Stenberg
3188 - urldata: fix typo in comment
3190 - CI: codespell
3193 .github/scripts/codespell-ignore.txt
3197 - lib: fix comment typos
3203 - test1476: verify cookie PSL mixed case
3205 - cookie: lowercase the domain names before PSL checks
3207 Reported-by: Harry Sintonen
3213 - openssl: fix building with v3 `no-deprecated` + add CI test
3215 - build quictls with `no-deprecated` in CI to have test coverage for
3218 - don't call `OpenSSL_add_all_algorithms()`, `OpenSSL_add_all_digests()`.
3221 if built with option `no-deprecated`, causing build errors:
3225 s [-Wimplicit-function-declaration]
3228 -Wimplicit-function-declaration]
3230 Ref: https://ci.appveyor.com/project/curlorg/curl-for-win/builds/48587418?f
3234 Bug: https://github.com/curl/curl/issues/12380#issuecomment-1822944669
3235 Reviewed-by: Alex Bozarth
3237 - vquic/curl_ngtcp2: fix using `SSL_get_peer_certificate` with
3238 `no-deprecated` quictls 3 builds.
3243 et_peer_certificate'; did you mean 'SSL_get1_peer_certificate'? [-Wimplicit
3244 -function-declaration]
3249 - curl_ntlm_core: fix `-Wunused-parameter`, `-Wunused-variable` and
3250 `-Wunused-function` when trying to build curl with NTLM enabled but
3255 - curl.h: delete Symbian OS references
3261 Reviewed-by: Dan Fandrich
3262 Reviewed-by: Jay Satiro
3265 - windows: use built-in `_WIN32` macro to detect Windows
3281 grepping for `WIN32` remains useful to discover Windows-specific code.
3285 - extend `checksrc` to ensure we're not using `WIN32` anymore.
3287 - apply minor formatting here and there.
3289 - delete unnecessary checks for `!MSDOS` when `_WIN32` is present.
3291 Co-authored-by: Jay Satiro
3292 Reviewed-by: Daniel Stenberg
3298 - url: ConnectionExists revisited
3300 - have common pattern of `if not match, continue`
3301 - revert pages long if()s to return early
3302 - move dead connection check to later since it may
3304 - check multiuse also when NOT building with NGHTTP2
3305 - for MULTIUSE bundles, verify that the inspected
3313 - CURLMOPT_MAX_CONCURRENT_STREAMS: make sure the set value is within range
3321 - urldata: make maxconnects a 32 bit value
3327 - FEATURES: update the URL phrasing
3334 - wolfssh: remove redundant static prototypes
3336 vssh/wolfssh.c:346:18: error: redundant redeclaration of ‘wscp_recv’ [-We
3337 rror=redundant-decls]
3341 - setopt: remove superfluous use of ternary expressions
3345 - mime: store "form escape" as a single bit
3349 - setopt: check CURLOPT_TFTP_BLKSIZE range on set
3357 - build: add more picky warnings and fix them
3363 `-Wunused-macros` was too noisy to keep around, but fixed a few issues
3366 - autotools: reflect the more precisely-versioned clang warnings.
3367 Follow-up to 033f8e2a08eb1d3102f08c4d8c8e85470f8b460e #12324
3368 - autotools: sync between clang and gcc the way we set `no-multichar`.
3369 - autotools: avoid setting `-Wstrict-aliasing=3` twice.
3370 - autotools: disable `-Wmissing-noreturn` for MSYS gcc targets [2].
3371 It triggers in libtool-generated stub code.
3373 - lib/timeval: delete a redundant `!MSDOS` guard from a `WIN32` branch.
3375 - lib/curl_setup.h: delete duplicate declaration for `fileno`.
3377 (1999-12-29). This suggests this may not be needed anymore, but if
3378 it does, we may restore this for those specific (non-Windows) systems.
3379 - lib: delete unused macro `FTP_BUFFER_ALLOCSIZE` since
3381 - lib: delete unused macro `isxdigit_ascii` since
3383 - lib/mqtt: delete unused macro `MQTT_HEADER_LEN`.
3384 - lib/multi: delete unused macro `SH_READ`/`SH_WRITE`.
3385 - lib/hostip: add `noreturn` function attribute via new `CURL_NORETURN`
3387 - lib/mprintf: delete duplicate declaration for `Curl_dyn_vprintf`.
3388 - lib/rand: fix `-Wunreachable-code` and related fallouts [3].
3389 - lib/setopt: fix `-Wunreachable-code-break`.
3390 - lib/system_win32 and lib/timeval: fix double declarations for
3392 - lib/warnless: fix double declarations in CMake UNITY mode [5].
3393 This was due to force-disabling the header guard of `warnless.h` to
3398 - lib/vauth/digest: fix `-Wunreachable-code-break` [6].
3399 - lib/vssh/libssh2: fix `-Wunreachable-code-break` and delete redundant
3401 - lib/vtls/sectransp: fix `-Wunreachable-code-break` [7].
3402 - lib/vtls/sectransp: suppress `-Wunreachable-code`.
3404 known at compile-time, e.g.
3406 if(SecCertificateCopySubjectSummary) /* -> true */
3408 Likely fixable as a separate micro-project, but given SecureTransport
3410 - src/tool_help: delete duplicate declaration for `helptext`.
3411 - src/tool_xattr: fix `-Wunreachable-code`.
3412 - tests: delete duplicate declaration for `unitfail` [8].
3413 - tests: delete duplicate declaration for `strncasecompare`.
3414 - tests/libtest: delete duplicate declaration for `gethostname`.
3416 (2010-08-02).
3420 - tests/lib2305: delete duplicate declaration for
3422 - tests/h2-download: fix `-Wunreachable-code-break`.
3447 - transfer: avoid unreachable expression
3454 Follow-up to 1cd2f0072fa482e25baa2
3460 - transfer: readwrite improvements
3462 - changed header/chunk/handler->readwrite prototypes to accept `buf`,
3465 - eliminated `k->str` in SingleRequest
3466 - improved excess data handling to properly calculate with any body data
3468 - eliminated `k->badheader` enum to only be a bool
3474 - RELEASE-NOTES: synced
3478 - transfer: avoid calling the read callback again after EOF
3482 Bug: https://curl.se/mail/lib-2023-11/0017.html
3488 - doh: provide better return code for responses w/o addresses
3494 Reported-by: lRoccoon on github
3501 - HTTP/2, HTTP/3: handle detach of onoing transfers
3503 - refs #12356 where a UAF is reported when closing a connection
3505 - handle DETACH events same as DONE events in h2/h3 filters
3508 Reported-by: Paweł Wegner
3513 - autotools: stop setting `-std=gnu89` with `--enable-warnings`
3515 Do not alter the C standard when building with `--enable-warnings` when
3521 Also fix new warnings that appeared after removing `-std=gnu89`:
3523 - include: fix public curl headers to use the correct printf mask for
3524 `CURL_FORMAT_CURL_OFF_T` and `CURL_FORMAT_CURL_OFF_TU` with mingw-w64
3528 - conncache: fix printf format string [2].
3530 - http2: fix potential null pointer dereference [3].
3533 - libssh: fix printf format string in SFTP code [4].
3536 - libssh2: fix printf format string in SFTP code for MSVC.
3539 - unit1395: fix `argument is null` and related issues [5]:
3540 - stop calling `strcmp()` with NULL to avoid undefined behaviour.
3541 - fix checking results if some of them were NULL.
3542 - do not pass NULL to printf `%s`.
3544 - ci: keep a build job with `-std=gnu89` to continue testing for
3545 C89-compliance. We can apply this to other gcc jobs as needed.
3546 Ref: b23ce2cee7329bbf425f18b49973b7a5f23dfcb4 (2022-09-23) #9542
3549 ogs&jobId=ccf9cc6d-2ef1-5cf2-2c09-30f0c14f923b
3561 - autotools: fix/improve gcc and Apple clang version detection
3563 - Before this patch we expected `n.n` `-dumpversion` output, but Ubuntu
3564 may return `n-win32` (also with `-dumpfullversion`). Causing these
3572 Fix that by stripping any dash-suffix and handling a dotless (major-only)
3575 `9.3-posix`, `9.3-win32`, `6`, `9.3.0`, `11`, `11.2`, `11.2.0`
3578 - fix Apple clang version detection for releases between
3580 version was under-detected as 3.7 llvm/clang equivalent.
3582 - fix Apple clang version detection for 'Apple clang version 11.0.0'
3586 - display detected clang/gcc/icc compiler version.
3589 - https://github.com/libssh2/libssh2/commit/00a3b88c51cdb407fbbb347a2e38c5c7d
3592 - https://github.com/libssh2/libssh2/commit/89ccc83c7da73e7ca3a112e3500081319
3598 - autotools: delete LCC compiler support bits
3600 Follow-up to fd7ef00f4305a2919e6950def1cf83d0110a4acd #12222
3604 - cmake: add test for `DISABLE` options, add `CURL_DISABLE_HEADERS_API`
3606 - tests: verify CMake `DISABLE` options.
3608 Make an exception for 2 CMake-only ones, and one more that's
3611 - cmake: add support for `CURL_DISABLE_HEADERS_API`.
3613 Suggested-by: Daniel Stenberg
3614 Ref: https://github.com/curl/curl/pull/12345#pullrequestreview-1736238641
3618 Jacob Hoffman-Andrews (20 Nov 2023)
3620 - hyper: temporarily remove HTTP/2 support
3637 - schannel: fix unused variable warning
3639 Bug: https://github.com/curl/curl/pull/12349#issuecomment-1818000846
3640 Reported-by: Viktor Szakats
3646 - url: find scheme with a "perfect hash"
3657 - scripts: add schemetable.c
3659 This tool generates a scheme-matching table.
3669 - vtls/vquic, keep peer name information together
3671 - add `struct ssl_peer` to keep hostname, dispname and sni
3673 - allocate `sni` for use in VTLS backend
3674 - eliminate `Curl_ssl_snihost()` and its use of the download buffer
3675 - use ssl_peer in SSL and QUIC filters
3681 - build: always revert `#pragma GCC diagnostic` after use
3691 Reviewed-by: Marcel Raad
3694 - tidy-up: casing typos, delete unused Windows version aliases
3696 - cmake: fix casing of `UnixSockets` to match the rest of the codebase.
3698 - curl-compilers.m4: fix casing in a comment.
3700 - setup-win32: delete unused Windows version constant aliases.
3702 Reviewed-by: Marcel Raad
3705 - keylog: disable if unused
3711 - cmake: add `CURL_DISABLE_BINDLOCAL` option
3717 Reviewed-by: Daniel Stenberg
3720 - url: fix `-Wzero-length-array` with no protocols
3725 -Wc2x-extensions]
3728 ./lib/url.c:178:56: warning: zero size arrays are an extension [-Wzero-length
3729 -array]
3734 - url: fix builds with `CURL_DISABLE_HTTP`
3739 456 | Curl_mime_cleanpart(data->state.formp);
3747 - http: fix `-Wunused-parameter` with no auth and no proxy
3750 lib/http.c:734:26: warning: unused parameter 'proxy' [-Wunused-parameter]
3755 Reviewed-by: Marcel Raad
3760 - TODO: Some TLS options are not offered for HTTPS proxies
3765 - RELEASE-NOTES: synced
3767 - duphandle: make dupset() not return with pointers to old alloced data
3770 mid-function with lingering pointers to the old handle's allocated data,
3771 as that would lead to double-free in OOM situations.
3779 - http: fix `-Wunused-variable` compiler warning
3785 `CURL_DISABLE_NTLM` on non-Windows.
3788 ./curl/lib/http.c:737:12: warning: unused variable 'result' [-Wunused-variabl
3792 ./curl/lib/http.c:995:18: warning: variable 'availp' set but not used [-Wunus
3793 ed-but-set-variable]
3796 ./curl/lib/http.c:996:16: warning: variable 'authp' set but not used [-Wunuse
3797 d-but-set-variable]
3809 - tool: support bold headers in Windows
3811 - If virtual terminal processing is enabled in Windows then use ANSI
3814 Suggested-by: Gisle Vanem
3822 - build: fix libssh2 + `CURL_DISABLE_DIGEST_AUTH` + `CURL_DISABLE_AWS`
3824 Builds with libssh2 + `-DCURL_DISABLE_DIGEST_AUTH=ON` +
3825 `-DCURL_DISABLE_AWS=ON` in combination with either Schannel on Windows,
3826 or `-DCURL_DISABLE_NTLM=ON` on other operating systems failed while
3831 building for libssh2 v1.8.2 (2019-05-25) or older.
3841 In file included from ./curl/_x64-win-ucrt-cmake-llvm-bld/lib/CMakeFiles/libc
3859 - duphandle: also free 'outcurl->cookies' in error path
3861 Fixes memory-leak when OOM mid-function
3872 - config-win32: set `HAVE_SNPRINTF` for mingw-w64
3874 It's available in all mingw-w64 releases. We already pre-fill this
3879 - sasl: fix `-Wunused-function` compiler warning
3884 lib/curl_sasl.c:266:17: warning: unused function 'get_server_message' [-Wunus
3885 ed-function]
3893 Reviewed-by: Daniel Stenberg
3896 - build: picky warning updates
3898 - cmake: sync some picky gcc warnings with autotools.
3899 - cmake, autotools: add `-Wold-style-definition` for clang too.
3900 - cmake: more precise version info for old clang options.
3901 - cmake: use `IN LISTS` syntax in `foreach()`.
3903 Reviewed-by: Daniel Stenberg
3904 Reviewed-by: Marcel Raad
3909 - urldata: move cookielist from UserDefined to UrlState
3914 first copied and an error happens (think out of memory mid-function),
3915 the function would easily free the list *before* it was deep-copied,
3916 which could lead to a double-free.
3922 - autotools: avoid passing `LDFLAGS` twice to libcurl
3936 libtool: link: clang-15 --target=aarch64-unknown-linux-musl [...] /usr/lib/a
3937 arch64-linux-musl/crt1.o [...] /usr/lib/aarch64-linux-musl/crt1.o [...]
3938 ld.lld-15: error: duplicate symbol: _start
3940 >>> /usr/lib/aarch64-linux-musl/crt1.o:(.text+0x0)
3942 >>> /usr/lib/aarch64-linux-musl/crt1.o:(.text+0x0)
3944 clang: error: linker command failed with exit code 1 (use -v to see invocatio
3949 (2013-07-23) as a fix for bug https://curl.haxx.se/bug/view.cgi?id=1217.
3950 The patch was a works-for-me hack that ended up merged in curl:
3954 Perhaps the SUNPro 12 linker was sensitive to `-L` `-l` order, requiring
3955 `-L` first? This would be unusual and suggests a bug in either the
3974 - autotools: accept linker flags via `CURL_LDFLAGS_{LIB,BIN}`
3980 invocation with lib- and tool-specific custom linker flags.
3984 `-static-libtool-libs`) while building both shared and static libcurl.
3986 curl-for-win uses the above and some more.
3988 These options are already supported in `Makefile.mk`. CMake has built-in
3995 - tool_cb_hdr: add an additional parsing check
3997 - Don't dereference the past-the-end element when parsing the server's
3998 Content-disposition header.
4000 As 'p' is advanced it can point to the past-the-end element and prior
4003 Technically the past-the-end element is not out of bounds because dynbuf
4012 - .cirrus.yml: freebsd 14
4020 - easy: in duphandle, init the cookies for the new handle
4026 - duphandle: use strdup to clone *COPYPOSTFIELDS if size is not set
4028 Previously it would unconditionally use the size, which is set to -1
4035 - RELEASE-NOTES: synced
4037 - curl_easy_duphandle.3: clarify how HSTS and alt-svc are duped
4041 - urldata: move hstslist from 'set' to 'state'
4046 double-free when the second of the two involved easy handles were
4051 - test1900: verify duphandle with HSTS using multiple files
4057 - http: allow longer HTTP/2 request method names
4059 - Increase the maximum request method name length from 11 to 23.
4074 Ref: https://www.iana.org/assignments/http-methods/http-methods.xhtml
4080 - CURLOPT_CAINFO_BLOB.3: explain what CURL_BLOB_COPY does
4082 - Add an explanation of the CURL_BLOB_COPY flag to CURLOPT_CAINFO_BLOB
4091 - tidy-up: dedupe Windows system libs in cmake
4093 Reviewed-by: Daniel Stenberg
4098 - ci: test with latest quiche release (0.19.0)
4102 - quiche: use quiche_conn_peer_transport_params()
4113 - Makefile: generate the VC 14.20 project files at dist-time
4115 Follow-up to 28287092cc5a6d6ef8 (#12282)
4121 - misc: fix -Walloc-size warnings
4123 GCC 14 introduces a new -Walloc-size included in -Wextra which gives:
4128 r type ‘struct per_transfer’ with size ‘480’ [-Walloc-size]
4133 �struct var’ with size ‘32’ [-Walloc-size]
4151 - IPFS: bugfixes
4153 - Fixed endianness bug in gateway file parsing
4154 - Use IPFS_PATH in tests where IPFS_DATA was used
4155 - Fixed typos from traling -> trailing
4156 - Fixed broken link in IPFS.md
4158 Follow-up to 859e88f6533f9e
4160 Reported-by: Michael Kaufmann
4161 Bug: https://github.com/curl/curl/pull/12152#issuecomment-1798214137
4166 - VULN-DISCLOSURE-POLIC: remove broken link to hackerone
4174 - schannel: add CA cache support for files and memory blobs
4176 - Support CA bundle and blob caching.
4184 - RELEASE-NOTES: synced
4188 - cmake: option to disable install & drop `curlu` target when unused
4191 - adds the option `CURL_DISABLE_INSTALL` - to disable 'install' targets.
4192 - Removes the target `curlu` when the option `BUILD_TESTING` is set to
4193 `OFF` - to prevent it from being loaded in Visual Studio.
4199 - cmake: fix multiple include of CURL package
4223 Ref: https://cmake.org/cmake/help/latest/release/3.18.html#other-changes
4226 Assisted-by: Harry Mallon
4231 - tidy-up: use `OPENSSL_VERSION_NUMBER`
4237 define any version number in these implementations: BoringSSL, AWS-LC,
4245 Reviewed-by: Marcel Raad
4250 - resolve.d: drop a multi use-sentence
4254 Reported-by: 積丹尼 Dan Jacobson
4258 - content_encoding: make Curl_all_content_encodings allocless
4260 - Fixes a memory leak pointed out by Coverity
4261 - Also found by OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?
4263 - Avoids unncessary allocations
4265 Follow-up ad051e1cbec68b2456a22661b
4271 - vtls: use ALPN "http/1.1" for HTTP/1.x, including HTTP/1.0
4283 - Makefile.am: drop vc10, vc11 and vc12 projects from dist
4292 - projects: add VC14.20 project files
4303 - curl: move IPFS code into src/tool_ipfs.[ch]
4305 - convert ensure_trailing into ensure_trailing_slash
4306 - strdup the URL string to own it proper
4307 - use shorter variable names
4308 - combine some expressions
4309 - simplify error handling in ipfs_gateway()
4310 - add MAX_GATEWAY_URL_LEN + proper bailout if maximum is reached
4311 - ipfs-gateway.d polish and simplification
4312 - shorten ipfs error message + make them "synthetic"
4318 - build: delete support bits for obsolete Windows compilers
4320 - Pelles C: Unclear status, failed to obtain a fresh copy a few months
4321 ago. Possible website is HTTP-only. ~10 years ago I left this compiler
4324 - LCC: Last stable release in September 2002.
4325 - Salford C: Misses winsock2 support, possibly abandoned? Last mentioned
4327 - Borland C++: We dropped Borland C++ support in 2018.
4328 - MS Visual C++ 6.0: Released in 1998. curl already requires VS 2010
4333 - build: delete `HAVE_STDINT_H` and `HAVE_INTTYPES_H`
4350 - tool_operate: do not mix memory models
4357 Follow-up to 859e88f6533f9e1f890
4363 - lib: client writer, part 2, accounting + logging
4368 - documentation of sendf.h functions
4369 - move max decode stack checks back to content_encoding.c
4370 - define writer phase which was used as order before
4371 - introduce phases for monitoring inbetween decode phases
4372 - offering default implementations for init/write/close
4375 - always pass all writes through the writer stack
4376 - writers who only care about BODY data will pass other writes unchanged
4379 - RAW used for Curl_debug() logging of CURLINFO_DATA_IN
4380 - PROTOCOL used for updates to data->req.bytecount, max_filesize checks and
4382 - remove all updates of data->req.bytecount and calls to
4384 - adjust test457 expected output to no longer see the excess write
4390 - VULN-DISCLOSURE-POLICY: escape sequences are not a security flaw
4396 - rand: fix build error with autotools + LibreSSL
4413 limiting `arc4random` use for non-OpenSSL builds. OpenSSL builds provide
4419 LibreSSL publishing a non-namespaced `arc4random` tracked here:
4424 Reviewed-by: Daniel Stenberg
4430 - RELEASE-NOTES: synced
4432 - strdup: do Curl_strndup without strncpy
4434 To avoid (false positive) gcc-13 compiler warnings.
4436 Follow-up to 4855debd8a2c1cb
4438 Assisted-by: Jay Satiro
4439 Reported-by: Viktor Szakats
4444 - HTTP: fix empty-body warning
4446 This change fixes a compiler warning with gcc-12.2.0 when
4447 `-DCURL_DISABLE_BEARER_AUTH=ON` is used.
4451 ty body in an 'else' statement [-Wempty-body]
4459 - openssl: identify the "quictls" backend correctly
4470 - curl: improved IPFS and IPNS URL support
4495 Reported-by: Steven Allen
4501 - docs: KNOWN_BUGS cleanup
4503 * Remove other mention of hyper memory-leaks from `KNOWN_BUGS`.
4506 * Remove mention of aws-sigv4 sort query string from `KNOWN_BUGS`.
4509 * Remove mention of aws-sigv4 query empty value problems
4511 * Remove mention of aws-sigv4 missing amz-content-sha256
4514 - http_aws_sigv4: canonicalise valueless query params
4521 - docs: preserve the modification date when copying the prebuilt man page
4528 Reviewed-by: Dan Fandrich
4529 Reviewed-by: Daniel Stenberg
4535 - docs: remove bold from some man page SYNOPSIS sections
4541 - openssl: two multi pointer checks should probably rather be asserts
4551 - docs: add supported version for the json write-out
4559 - appveyor: make VS2008-built curl tool runnable
4568 - url: proxy ssl connection reuse fix
4570 - tunnel https proxy used for http: transfers does
4571 no check if proxy-ssl configuration matches
4572 - test cases added, test_10_12 fails on 8.4.0
4578 - curl_sspi: support more revocation error names in error messages
4580 - Add these revocation errors to sspi error list:
4590 Unknown error (0x80092013) - The revocation function was
4596 CRYPT_E_REVOCATION_OFFLINE (0x80092013) - The revocation function was
4600 Reported-by: Niracler Li
4604 - strdup: don't allow Curl_strndup to read past a null terminator
4606 - Use malloc + strncpy instead of Curl_memdup to dupe the string before
4616 Follow-up to d3b3ba35.
4622 - lib: add and use Curl_strndup()
4629 - CURPOST_POSTFIELDS.3: add CURLOPT_COPYPOSTFIELDS in SEE ALSO
4633 - pytest: use lower count in repeat tests
4635 - lower large iteration counts in some tests somewhat for
4642 - RELEASE-NOTES: synced
4644 - docs: clarify that curl passes on input unfiltered
4648 Reported-by: Ophir Lojkine
4652 - urlapi: when URL encoding the fragment, pass in the right length
4662 - vtls: late clone of connection ssl config
4664 - perform connection cache matching against `data->set.ssl.primary`
4666 - fully clone connection ssl config only when connection is used
4670 - msh3: error when built with CURL_DISABLE_SOCKETPAIR set
4672 Reported-by: Gisle Vanem
4678 - hsts: skip single-dot hostname
4680 Reported-by: Maksymilian Arciemowicz
4684 - vtls: fix build without proxy
4686 Follow-up to bf0e278a3c54bc7fee7360da17c
4690 - docs/example/keepalive.c: show TCP keep-alive options
4694 - lib1560: verify appending blank URL encoded query string
4696 - urlapi: skip appending NULL pointer query
4698 Reported-by: kirbyn17 on hackerone
4702 - lib1560: verify setting host to "" with and without URL encode
4704 - urlapi: avoid null deref if setting blank host to url encode
4706 Reported-by: kirbyn17 on hackerone
4710 - dynbuf: assert for NULL pointer inputs
4716 - HTTP3: ngtcp2 builds are no longer experimental
4724 - vtls: cleanup SSL config management
4726 - remove `Curl_ssl_get_config()`, no longer needed
4732 - libcurl-thread.3: simplify the TLS section
4739 - configure: better --disable-http
4741 - disable HTTPS-proxy as well, since it can't work without HTTP
4743 - curl_setup: when HTTP is disabled, also disable all features that are
4744 HTTP-only
4746 - version: HTTPS-proxy only exists if HTTP support exists
4750 - http: consider resume with CURLOPT_FAILONERRROR and 416 to be fine
4752 Finding a 'Content-Range:' in the response changed the handling.
4754 Add test case 1475 to verify -C - with 416 and Content-Range: header,
4755 which is almost exactly like test 194 which instead uses a fixed -C
4759 Reported-by: Smackd0wn
4761 Reported-by: Anubhav Rai
4766 - GHA: fix checkout of quictls repository to use correct branch name
4768 Follow-up to c868b0e30f10cd0ac7
4774 - docs/example/localport.c: show off CURLOPT_LOCALPORT
4778 - docs/examples/interface.c: show CURLOPT_INTERFACE use
4786 - build: fix compiler warning with auths disabled
4790 [-Wunused-function]
4796 Follow-up to e92edfbef64448ef461117769881f3ed776dec4e #11490
4800 - build: require Windows XP or newer
4808 Ref: https://github.com/curl/curl/pull/12221#issuecomment-1783761806
4811 - appveyor: bump one job to OpenSSL 3.1 (was 1.1.1)
4817 1.1.1 is EOL since 2023-09-11:
4818 https://www.openssl.org/blog/blog/2023/03/28/1.1.1-EOL/
4821 - add missing SSL-backend to job descriptions.
4822 - tidy up CPU in job descriptions.
4828 - RELEASE-NOTES: synced
4830 - GHA: bump ngtcp2, nghttp3, nghttp2 and quictls versions
4843 - wolfssl: add default case for wolfssl_connect_step1 switch
4849 - curl_setup: disallow Windows IPv6 builds missing getaddrinfo
4851 - On Windows if IPv6 is enabled but getaddrinfo is missing then #error
4869 - openssl: make CURLSSLOPT_NATIVE_CA import Windows intermediate CAs
4871 - If CURLSSLOPT_NATIVE_CA on Windows then import from intermediate CA
4891 - Makefile.mk: fix `-rtmp` option for non-Windows [ci skip]
4895 - asyn-ares: handle no connection in the addrinfo callback
4899 Follow-up from 56a4db2
4904 - hostip6: fix DEBUG_ADDRINFO builds
4906 - Removed unused and incorrect parameter from dump_addrinfo().
4908 Bug: https://github.com/curl/curl/commit/56a4db2e#commitcomment-131050442
4909 Reported-by: Gisle Vanem
4915 - Makefile.mk: restore `_mingw.h` for default `_WIN32_WINNT`
4917 In 8.4.0 we deleted `_mingw.h` as part of purging old-mingw support.
4918 Turns out `_mingw.h` had the side-effect of setting a default
4919 `_WIN32_WINNT` value expected by `lib/config-win32.h` to enable
4920 `getaddrinfo` support in `Makefile.mk` mingw-w64 builds. This caused
4931 Reported-by: zhengqwe on github
4932 Helped-by: Nico Rieck
4937 - hostip: silence compiler warning `-Wparentheses-equality`
4942 hostip.c:1336:22: warning: equality comparison with extraneous parentheses [-
4943 Wparentheses-equality]
4944 1336 | (a->ai_family == PF_INET)) {
4948 1336 | (a->ai_family == PF_INET)) {
4952 1336 | (a->ai_family == PF_INET)) {
4958 Follow-up to b651aba0962bb31353f55de4dc35f745952a1b10 #12145
4960 Reviewed-by: Daniel Stenberg
4965 - doh: use PIPEWAIT when HTTP/2 is attempted
4971 - setopt: remove outdated cookie comment
4977 - cfilter: provide call to tell connection to forget a socket
4979 - fixed libssh.c workaround for a socket being closed by
4981 - eliminate the terrible hack in cf-socket.c to guess when
4983 - fixes race in eyeballing when socket could have failed to
4988 - url: protocol handler lookup tidy-up
4990 - rename lookup to what it does
4991 - use ARRAYSIZE instead of NULL check for end
4992 - offer alternate lookup for 0-terminated strings
4998 - build: variadic macro tidy-ups
5000 - delete unused `HAVE_VARIADIC_MACROS_C99/GCC` feature checks.
5002 - delete duplicate `NULL` check in `Curl_trc_cf_infof()`.
5003 - fix compiler warning in `CURL_DISABLE_VERBOSE_STRINGS` builds.
5005 ./lib/cf-socket.c:122:41: warning: unused parameter 'data' [-Wunused-parame
5010 - fix `#ifdef` comments in `lib/curl_trc.{c,h}`.
5011 - fix indentation in some `infof()` calls.
5013 Follow-up to dac293cfb7026b1ca4175d88b80f1432d3d3c684 #12167
5015 Cherry-picked from #12105
5018 - cmake: speed up threads setup for Windows
5021 (with `ENABLE_THREADED_RESOLVER`). CMake built-in thread detection
5022 logic has this condition hard-coded for Windows as well (since at least
5027 built-in thread support when building for Windows.
5029 This saves 1-3 slow CMake configuration steps.
5031 Reviewed-by: Daniel Stenberg
5034 - cmake: speed up zstd detection
5038 stable release: v1.0.0 (2016-08-31).
5052 ab1b7427 (2016-08-12, committed)
5053 Ref: https://github.com/facebook/zstd/releases/tag/v0.8.1 (2016-08-18, first
5057 Reviewed-by: Daniel Stenberg
5062 - openssl: fix infof() to avoid compiler warning for %s with null
5065 ../lib/curl_trc.h:120:10: error: ‘%s’ directive argument is null [-Werror
5066 =format-overflow=]
5076 Follow-up to b6e6d4ff8f253c8b8055bab
5081 - lib: apache style infof and trace macros/functions
5083 - test for a simplified C99 variadic check
5084 - args to infof() in --disable-verbose are no longer disregarded but
5094 - RELEASE-NOTES: synced
5098 - urldata: move async resolver state from easy handle to connectdata
5100 - resolving is done for a connection, not for every transfer
5101 - save create/dup/free of a cares channel for each transfer
5102 - check values of setopt calls against a local channel if no
5109 - CURLOPT_WRITEFUNCTION.3: clarify what libcurl returns for CURL_WRITEFUNC_ERRO
5114 Reported-by: enWILLYado on github
5120 - autotools: update references to deleted `crypt-auth` option
5122 Delete leftovers of the `crypt-auth` `./configure` option and
5125 Follow-up to e92edfbef64448ef461117769881f3ed776dec4e #11490
5127 Reviewed-by: Daniel Stenberg
5132 - lib: introduce struct easy_poll_set for poll information
5161 not-yet-connection one. Each filter may add sockets and/or change
5171 * h2-proxy filter also has a flow control block on its tunnel stream,
5183 The most affected filters are http/2, ngtcp2, quiche and h2-proxy. TLS
5194 - tests/README: SOCKS tests are not using OpenSSH, it has its own server
5196 Follow-up to 04fd67555cc
5200 Jacob Hoffman-Andrews (25 Oct 2023)
5202 - tets: make test documentation more user-friendly
5222 - cmake: pre-fill rest of detection values for Windows
5225 when doing Windows builds with CMake. Do this by pre-filling well-known
5226 detection results for Windows and specifically for mingw-w64 and MSVC
5230 - pre-fill remaining detection values in Windows CMake builds.
5234 `lib/config-win32.h`.
5240 - 128 seconds -> 50 seconds VS2022 MSVC with OpenSSL (per CMake job):
5245 - 62 seconds -> 16 seconds VS2017 MINGW (per CMake job):
5251 The formula is about 1-3 seconds delay for each detection. Almost all
5252 of these trigger a full compile-link cycle behind the scenes, slow
5253 even today, both cross and native, mingw-w64 and apparently MSVC too.
5257 - stop detecting `idn2.h` if idn2 was deselected.
5260 - stop detecting `idn2.h` if idn2 was not found.
5264 - limit `ADDRESS_FAMILY` detection to Windows.
5266 - normalize `HAVE_WIN32_WINNT` value to lowercase `0x0a12` format.
5268 - pre-fill `HAVE_WIN32_WINNT`-dependent detection results.
5269 Saving 4 (slow) feature-detections in most builds: `getaddrinfo`,
5272 - fix pre-filled `HAVE_SYS_TIME_H`, `HAVE_SYS_PARAM_H`,
5273 `HAVE_GETTIMEOFDAY` for mingw-w64.
5278 - limit `HAVE_CLOCK_GETTIME_MONOTONIC_RAW` and
5279 `HAVE_CLOCK_GETTIME_MONOTONIC` detections to non-Windows.
5282 - reduce compiler warning noise in CMake internal logs:
5283 - fix to include `winsock2.h` before `windows.h`.
5285 - delete previous `-D_WINSOCKAPI_=` hack that aimed to fix the above.
5286 - cleanup `CMake/CurlTests.c` to emit less warnings.
5288 - delete redundant `HAVE_MACRO_SIGSETJMP` feature check.
5291 - delete 'experimental' marking from `CURL_USE_OPENSSL`.
5293 - show CMake version via `CMakeLists.txt`.
5294 Credit to the `zlib-ng` project for the idea:
5295 https://github.com/zlib-ng/zlib-ng/blob/61e181c8ae93dbf56040336179c9954078b
5298 - make `CMake/CurlTests.c` pass `checksrc`.
5300 - `CMake/WindowsCache.cmake` tidy-ups.
5302 - replace `WIN32` guard with `_WIN32` in `CMake/CurlTests.c`.
5308 - page-footer: clarify exit code 25
5310 - Clarify that curl tool exit code 25 means an upload failed to start.
5315 Reported-by: Emanuele Torre
5317 Ref: https://github.com/curl/curl/blob/curl-8_4_0/docs/libcurl/libcurl-errors
5318 .3#L113-L115
5325 - scripts/cijobs.pl: adjust for appveyor
5327 Follow-up to a1d73a6bb
5331 - OpenSSL: Include SIG and KEM algorithms in verbose
5337 important with the fast growing research into new quantum-safe
5344 Based-on-patch-by: Martin Schmatz <mrt@zurich.ibm.com>
5349 - http2: provide an error callback and failf the message
5353 header is used - as that header is then not displayed by curl itself.
5365 - BINDINGS: add V binding
5371 - configure: check for the fseeko declaration too
5376 build-time even when not actually available in run-time.
5378 Assisted-by: Viktor Szakats
5379 Reported-by: 12932 on github
5385 - cmake: fix OpenSSL quic detection in quiche builds
5395 Reported-by: Casey Bodley <cbodley@redhat.com>
5401 - RELEASE-NOTES: synced
5407 - test3103: add missing quotes around a test tag attribute
5411 - tool: fix --capath when proxy support is disabled
5413 After 95e8515ca0, --capath always sets CURLOPT_PROXY_CAPATH, which fails
5420 - openldap: move the alloc of ldapconninfo to *connect()
5430 - openldap: set the callback argument in oldap_do
5435 Reported-by: Dan Fandrich
5438 - gnutls: support CURLSSLOPT_NATIVE_CA
5447 Follow-up to 7b55279d1d856
5449 Co-authored-by: Jay Satiro
5455 - RTSP: improved RTP parser
5457 - fix HTTP header parsing to report incomplete
5459 - re-implement the RTP parser for interleave RTP
5462 - RTSP protocol handler "readwrite" implementation
5466 allows it to know when non-RTP bytes are "junk"
5468 - tested with #12035 and various small receive
5473 - http2: header conversion tightening
5475 - fold the code to convert dynhds to the nghttp2 structs
5477 - saves code duplication
5478 - pacifies compiler analyzers
5484 - curl_ntlm_wb: fix elif typo
5486 Reported-by: Manfred Schwarb
5487 Follow-up to d4314cdf65ae
5493 - test1683: remove commented-out check alternatives
5501 - hostip: show the list of IPs when resolving is done
5512 Co-authored-by: Jay Satiro
5517 - docs: fix function typo in curl_easy_option_next.3
5523 - vssh: remove the #ifdef for Curl_ssh_init, use empty macro
5527 - easy: remove duplicate wolfSSH init call
5533 - socks: make SOCKS5 use the CURLOPT_IPRESOLVE choice
5536 Reported-by: Ammar Faizi
5539 - urldata: move the 'internal' boolean to the state struct
5545 - url: don't touch the multi handle when closing internal handles
5547 Reported-by: Maksymilian Arciemowicz
5552 - getenv: PlayStation doesn't have getenv()
5558 - transfer: only reset the FTP wildcard engine in CLEAR state
5563 Reported-by: lkordos on github
5565 Bisect-by: Dan Fandrich
5571 - GHA: move mod_h2 version in CI to v2.0.25
5577 - ntlm_wb: use pipe instead of socketpair when possible
5581 - RELEASE-NOTES: synced
5583 - asyn-thread: use pipe instead of socketpair for IPC when available
5587 Helped-by: Viktor Szakats
5592 - tests: Fix Windows test helper tool search & use it for handle64
5595 Windows due to hard-coding the UNIX PATH separator character and not
5614 - multi: use pipe instead of socketpair to *wakeup()
5622 - build: fix 'threadsafe' feature detection for older gcc
5624 - Add 'threadsafe' to the feature list shown during build if POSIX
5627 This is a follow-up to 5adb6000 which added support for building a
5628 thread-safe libcurl with older versions of gcc where atomic is not
5631 Reported-by: Dan Fandrich
5632 Co-authored-by: Dan Fandrich
5639 - test729: verify socks4a with excessive proxy user name length
5641 - socks: better buffer size checks for socks4a user and hostname
5646 Reported-by: sd0 on hackerone
5649 - curl.h: on FreeBSD include sys/param.h instead of osreldate.h
5654 Reported-by: Faraz Fallahi
5659 - tool_operate: fix links in ipfs errors
5668 - cmake: replace `check_library_exists_concat()`
5696 - tool_cb_wrt: fix write output for very old Windows versions
5698 - Pass missing parameter for 'lpNumberOfCharsWritten' to WriteConsoleW()
5711 Ref: https://github.com/MicrosoftDocs/Console-Docs/issues/299
5718 - tool_urlglob: fix build for old gcc versions
5720 - Don't use __builtin_mul_overflow for GCC 4 and earlier.
5724 Ref: https://gcc.gnu.org/gcc-5/changes.html
5726 Reported-by: Dan Fandrich
5733 - docs/libcurl: fix three minor man page format mistakes
5735 Reported-by: Samuel Henrique
5741 - tests/server: add more SOCKS5 handshake error checking
5743 - Add additional checking for missing and too-short SOCKS5 handshake
5750 This issue was discovered in CI job 'memory-sanitizer' test results.
5757 Reported-by: Dan Fandrich
5764 - RELEASE-NOTES: synced
5768 - tool_getparam: limit --rate to be smaller than number of ms
5771 be higher than the number of milliseconds in the unit (ex: curl --rate
5783 - opts: fix two minor man page format mistakes
5787 - curl_trc: remove a bad assertion
5789 - Remove DEBUGASSERT that an internal handle must not have user
5792 This is a follow-up to 0dc40b2a. The user can distinguish their easy
5797 Bug: https://github.com/curl/curl/pull/12060#issuecomment-1754594697
5798 Reported-by: Daniel Stenberg
5804 - test613: stop showing an error on missing output file
5807 the log post-processing step, but the message was not captured by the
5813 - quic: manage connection idle timeouts
5815 - configure a 120s idle timeout on our side of the connection
5816 - track the timestamp when actual socket IO happens
5817 - check IO timestamp to our *and* the peer's idle timeouts
5820 Reported-by: calvin2021y on github
5826 - CI: ignore test 286 on Appveyor gcc 9 build
5837 - lib: fix gcc warning in printf call
5843 .../curl/lib/connect.c:696:27: warning: '%s' directive argument is null [-Wfo
5844 rmat-overflow=]
5846 Ref: https://github.com/curl/curl-for-win/actions/runs/6476161689/job/1758442
5850 Co-authored-by: Jay Satiro
5855 - http2: safer invocation of populate_binsettings
5862 positive values -- due to signed->unsigned conversion of the potentially
5864 values on error -- are not possible. But only because http2.c currently
5868 IVs without increasing the output buffer size, the overflow could become
5876 - openssl: avoid BN_num_bits() NULL pointer derefs
5878 Reported-by: icy17 on github
5882 - wolfssl: require WOLFSSL_SYS_CA_CERTS for loading system CA
5886 disabled and wolfSSL versions before 5.5.2 - which introduced this API
5891 - tool_urlglob: make multiply() bail out on negative values
5893 - Does not work correctly with negative values
5894 - use __builtin_mul_overflow() on gcc
5896 Reported-by: Torben Dury
5901 - cmake: fix CURL_DISABLE_GETOPTIONS
5903 - Add CURL_DISABLE_GETOPTIONS to curl_config.h.cmake.
5910 - easy_lock: add a pthread_mutex_t fallback
5919 - CI: add autotools, out-of-tree, debug build to distro check job
5922 autotools, out-of-tree, in debug mode.
5929 - http: avoid Expect: 100-continue if Upgrade: is used
5931 Reported-by: Daniel Jelinski
5937 - docs: use SOURCE_DATE_EPOCH for generated manpages
5945 - RELEASE-NOTES: synced
5951 - cmake: fix `HAVE_H_ERRNO_ASSIGNABLE` detection
5955 cross-builds and also actually detects this feature. It affected systems
5960 Follow-up to 04a3a377d83fd72c4cf7a96c9cb6d44785e33264 #11979
5964 Reported-by: Kartatz on Github
5965 Assisted-by: Kartatz on Github
5969 - build: add `src/.checksrc` to source tarball
5973 Bug: https://github.com/curl/curl/pull/11958#issuecomment-1757079071
5974 Reported-by: Romain Geissler
5982 - RELEASE-NOTES: synced
5984 - THANKS: add contributors from 8.4.0
5988 - socks: return error if hostname too long for remote resolve
5995 Bug: https://curl.se/docs/CVE-2023-38545.html
5999 - CI: remove slowed-network tests
6001 - remove these tests as they are currently not reliable in our CI
6012 - libcurl-env-dbg.3: move debug variables from libcurl-env.3
6014 - Move documentation of libcurl environment variables used only in debug
6015 builds from libcurl-env into a separate document libcurl-env-dbg.
6017 - Document more debug environment variables.
6030 - test670: increase the test timeout
6038 - MQTT: improve receive of ACKs
6040 - add `mq->recvbuf` to provide buffering of incomplete
6042 - continue ACK reading until sufficient bytes available
6043 - fixes test failures on low network receives
6049 - quic: fix BoringSSL build
6053 Bug: https://github.com/curl/curl/pull/12065#issuecomment-1752171885
6055 Follow-up to aa9a6a177017e4b74d33cdf85a3594900f4a7f81
6057 Co-authored-by: Jay Satiro
6058 Reviewed-by: Daniel Stenberg
6063 - test1540: improve reliability
6065 - print that bytes have been received on pausing, but not how many
6069 - test2302: improve reliability
6071 - make result print collected write data, unless
6073 - will show same result even when data arrives via
6080 - curl_easy_pause: set "in callback" true on exit if true
6085 Reported-by: Jay Satiro
6091 - h3: add support for ngtcp2 with AWS-LC builds
6094 curl 8.4.0-DEV (x86_64-apple-darwin) libcurl/8.4.0-DEV (SecureTransport) AWS-
6096 Release-Date: [unreleased]
6099 Features: alt-svc AsynchDNS HSTS HTTP2 HTTP3 HTTPS-proxy IPv6 Largefile Multi
6106 Reviewed-by: Daniel Stenberg
6109 - build: do not publish `HAVE_BORINGSSL`, `HAVE_AWSLC` macros
6113 Source code uses the built-in `OPENSSL_IS_AWSLC` and
6114 `OPENSSL_IS_BORINSSL` macros to detect BoringSSL and AWS-LC. No help is
6118 necessary for warning-free BoringSSL + Schannel builds. Ref: #1610 #2634
6121 CMake detects this to decide whether to use the BoringSSL-specific
6122 crypto lib with ngtcp2. It detects AWS-LC, but doesn't use the detection
6127 Reviewed-by: Daniel Stenberg
6128 Reviewed-by: Jay Satiro
6133 - CI: move distcheck job from Azure Pipelines to GitHub Actions
6140 Assisted-by: Philip Heiduck
6145 - url: fall back to http/https proxy env-variable if ws/wss not set
6147 Reported-by: Craig Andrews
6153 - cf-socket: simulate slow/blocked receives in debug
6155 add 2 env variables for non-UDP sockets:
6162 - http2: refused stream handling for retry
6164 - answer HTTP/2 streams refused via a GOAWAY from the server to
6168 Reported-by: black-desk on github
6174 - CURLOPT_DEBUGFUNCTION.3: warn about internal handles
6176 - Warn that the user's debug callback may be called with the handle
6183 This is a follow-up to f8cee8cc which changed DoH handles to inherit
6189 - url: fix typo
6193 - test458: verify --expand-output, expanding a file name accepting option
6197 - tool_getparam: accept variable expansion on file names too
6199 Reported-by: PBudmark on github
6203 - RELEASE-NOTES: synced
6205 - multi: do CURLM_CALL_MULTI_PERFORM at two more places
6211 Reported-by: Dan Fandrich.
6217 - GHA/linux: mbedtls 3.5.0 + minor dep bumps
6223 - CI: bump OpenLDAP package version on FreeBSD
6229 - docs/libcurl/opts/Makefile.inc: add missing manpage files
6235 - tests: fix a race condition in ftp server disconnect
6250 - appveyor: bump mingw-w64 job to gcc 13 (was: 8)
6258 It also adds a modern CMake version and OS env to our mingw-w64 builds.
6264 - openssl: use X509_ALGOR_get0 instead of reaching into X509_ALGOR
6274 - curl_easy_pause.3: mention it works within callbacks
6276 Reported-by: Maxim Dzhura
6277 Bug: https://curl.se/mail/lib-2023-10/0010.html
6280 - curl_easy_pause.3: mention h2/h3 buffering
6282 Asked-by: Maxim Dzhura
6283 Ref: https://curl.se/mail/lib-2023-10/0011.html
6289 - cmake: re-add missed C89 headers for specific detections
6293 missed to re-add these headers to the specific functions which need
6296 [1] Follow-up to 3795fcde995d96db641ddbcc8a04f9f0f03bef9f #11951
6297 [2] Follow-up to 96c29900bcec32dd6bc8e9857c8871ff4b8b8ed9 #11940
6303 - multi: set CURLM_CALL_MULTI_PERFORM after switch to DOING_MORE
6308 Reported-by: Dan Fandrich
6313 - test1903: actually verify the cookies after the test
6321 - test: add missing <feature>s
6325 - test1906: set a lower timeout since it's hit on Windows
6335 - RELEASE-NOTES: synced
6339 - idn: fix WinIDN null ptr deref on bad host
6341 - Return CURLE_URL_MALFORMAT if IDN hostname cannot be converted from
6342 UTF-8 to UTF-16.
6353 - tests: close the shell used to start sshd
6362 - base64: also build for curl
6366 defines BULDING_CURL to allow lib-side code to use it.
6368 Follow-up to 2e160c9c6525
6374 - tests: Fix zombie processes left behind by FTP tests.
6387 - github/labeler: improve labeler matches
6389 - test574: add a timeout to the test
6396 - tests: propagate errors in libtests
6402 - tests: set --expect100-timeout to improve test reliability
6413 - CI: ignore the "flaky" and "timing-dependent" test results in CMake
6424 Follow-up to 589dca761
6430 - cmake: improve OpenLDAP builds
6432 - cmake: detect OpenLDAP based on function `ldap_init_fd`.
6435 doesn't use this value. (it might need to be remove-listed in
6436 `scripts/cmp-config.pl` for future OpenLDAP test builds.)
6437 This also deletes existing self-declaration method via the
6438 CMake-specific `CURL_USE_OPENLDAP` configuration.
6440 - cmake: define `LDAP_DEPRECATED=1` for OpenLDAP.
6444 s not defined, evaluates to 0 [-Wundef]
6447 - cmake: delete LDAP TODO comment no longer relevant.
6451 - autotools: replace domain name `dummy` with `0.0.0.0` in LDAP feature
6458 - cmake: fix unity builds for more build combinations
6463 - OpenLDAP combined with any SSH backend.
6465 - MultiSSL with mbedTLS, OpenSSL, wolfSSL, SecureTransport.
6471 - tests: remove leading spaces from some tags
6483 - GHA: bump actions/checkout
6485 Follow-up to 2e0fa50fc16b9339f51e0a7bfff0352829323acb #11964
6486 Follow-up to c39585d9b7ef3cbfc1380812dec60e7b275b6af3 #12000
6490 - spelling: fix codespell 2.2.6 typos
6496 - GHA: add workflow to compare configure vs cmake outputs
6498 Uses scripts/cmp-config.pl two compare two curl_config.h files,
6507 - appveyor: enable test 571
6509 Follow-up from 8a940fd55c175f7 / #12013
6515 - build: alpha-sort source files for lib and src
6519 - cmake: delete old `HAVE_LDAP_URL_PARSE` logic
6523 Follow-up to 772f0d8edf1c3c2745543f42388ccec5a16ee2c0 #12006
6531 - tests: increase lib571 timeout from 3s to 30s
6533 - 3s is too short for our CI, making this test fail occasionally
6534 - test usually experiences no delay run locally, so 30s wont hurt
6540 - cmake: fix unity with Windows Unicode + TrackMemory
6555 Follow-up to d82b080f6374433ce7c98241329189ad2d3976f8 #12005
6556 Follow-up to 3f8fc25720900b14b7432f4bd93407ca15311719 #11095
6560 - cmake: disable unity mode with Windows Unicode + TrackMemory
6563 aka `-DCURLDEBUG`).
6567 without any command-line option. Interestingly this doesn't happen under
6581 Follow-up to 3f8fc25720900b14b7432f4bd93407ca15311719 #11095
6586 - cmake: tidy-up `NOT_NEED_LBER_H` detection
6588 Follow-up to 772f0d8edf1c3c2745543f42388ccec5a16ee2c0 #12006
6590 - appveyor: rewrite batch in PowerShell + CI improvements
6594 - rewrite MS-DOS batch build script in PowerShell.
6595 - move some bash operations into native PowerShell.
6596 - fixups for PowerShell insisting on failure when a command outputs
6598 - fix to actually run `curl -V` after every build.
6600 - also say why we skipped `curl -V` if we had to skip.
6601 - fix CMake warnings about unused configuration variables, by adapting
6603 - dedupe OpenSSL path into a variable.
6604 - disable `test1451` failing with a warning anyway due to missing python
6610 PowerShell is better than MS-DOS batches, so the hope is this makes it
6617 - enable tests for a "unity" build job.
6618 - speed-up CI initialization by using shallow clones of the curl repo.
6619 - speed-up CMake MSVC jobs with `TrackFileAccess=false`.
6620 - enable parallelism in `VisualStudioSolution` builds.
6621 - display CMake version before builds.
6622 - always show the CPU in job names.
6623 - tell which jobs are build-only in job names.
6624 - move `TESTING:` value next to `DISABLED_TESTS:` in two jobs.
6625 - add `config.log` (autotools) to dumped logs (need to enable manually).
6629 - use single-quotes in YAML like we do in other CI YAML files.
6635 - cmake: fix `HAVE_LDAP_SSL`, `HAVE_LDAP_URL_PARSE` on non-Windows
6637 - set `HAVE_LDAP_URL_PARSE` if `ldap_url_parse` function exists.
6642 - always set `HAVE_LDAP_SSL` if an LDAP backend is detected and
6647 - enable LDAP[S] for a CMake macOS CI job. Target OS X 10.9 (Mavericks)
6650 - always detect `HAVE_LDAP_SSL_H`, even with LDAPS explicitly disabled.
6654 - fix benign typo in variable name.
6660 - autotools: restore `HAVE_IOCTL_*` detections
6664 c3456652a0c72d1845d08df9769667db7e159949 (2022-08), because the
6679 - RELEASE-PROCEDURE.md: updated coming release dates
6681 - RELEASE-NOTES: synced
6685 - cmake: pre-cache `HAVE_POLL_FINE` on Windows
6692 - gha: bump actions to latest versions
6694 - actions@checkout@v4 (from v3 and v2)
6696 - fsfe/reuse-action@v2 (from v1)
6702 - h2: testcase and fix for pausing h2 streams
6704 - refs #11982 where it was noted that paused transfers may
6706 - made sample poc into tests/http/client/h2-pausing.c and
6711 Reported-by: Harry Sintonen
6715 - cmake: validate `CURL_DEFAULT_SSL_BACKEND` config value
6718 runtime as-is. This patch make sure that the selected default backend
6724 Follow-up to 26c7feb8b9d51a57fab3325571b4bbfa03b11af0 #11774
6728 - autotools: adjust `CURL_CA_PATH` value to CMake
6737 - cmake: detect `sys/wait.h` and `netinet/udp.h`
6745 - lib: provide and use Curl_hexencode
6751 - configure: check for the capath by default
6758 Assisted-by: Viktor Szakats
6761 - wolfssl: ignore errors in CA path
6773 Assisted-by: Juliusz Sosinowicz
6774 Assisted-by: Michael Osipov
6778 - create-dirs.d: clarify it also uses --output-dirs
6780 Reported-by: Robert Simpson
6786 - appveyor: fix yamlint issues, indent
6789 - use double quotes in all batch if statements.
6793 - cmake: detect `HAVE_CLOCK_GETTIME_MONOTONIC_RAW`
6801 - cmake: detect `HAVE_GETADDRINFO_THREADSAFE`
6809 autotools always runs all 3 probes for non-fast-tracked systems and
6813 OpenBSD is not fast-tracked and then gets blocklisted as a generic BSD
6814 system. I haven't double-checked if this is correct, but looks odd.
6820 - cmake: fix `HAVE_WRITABLE_ARGV` detection
6829 - appveyor: minor improvements
6831 - run `curl -V` after builds to see if they run and with what features.
6835 - copy libcurl DLL next to curl tool and tests binaries in shared mode.
6839 - list the DLLs and EXEs present after the builds.
6841 - add `DEBUG` variable for CMake builds to allow disabling it, for
6842 testing non-debug builds. (currently enabled for all)
6844 - add commented lines that dump CMake configuration logs for debugging
6845 build/auto-detection issues.
6847 - add gcc version to jobs where missing.
6849 - switch a job to the native MSYS2 mingw-w64 toolchain. This adds gcc 9
6852 - make `SHARED=OFF` and `OPENSSL=OFF` defaults global.
6854 - delete a duplicate backslash.
6858 - configure: replace adhoc domain with `localhost` in tests
6860 Reviewed-by: Daniel Stenberg
6863 - tidy-up: use more example domains
6868 Reviewed-by: Daniel Stenberg
6873 - runtests: display the test status if tests appear hung
6888 - github/labeler: remove workaround for labeler
6890 This was added due to what seemed to be a bug regarding the sync-labels:
6893 Follow-up to b2b0534e7
6897 - docs: upgrade an URL to HTTPS in `BINDINGS.md` [ci skip]
6901 - docs: replace made up domains with example.com
6905 - example.com was made for this purpose.
6907 - reduces the risk that one of those domains suddenly start hosting
6914 - acinclude.m4: Document proper system truststore on FreeBSD
6927 - FAQ: How do I upgrade curl.exe in Windows?
6936 - cmake: pre-cache `HAVE_BASENAME` for mingw-w64 and MSVC
6938 `basename` is present in mingw-w64, missing from MSVC. Pre-cache
6942 mingw-w64:
6944 b/curl_setup.h#L820-L825
6950 - cmake: add missing checks
6952 - check for arc4random. To make rand.c use it accordingly.
6953 - check for fcntl
6954 - fix fseek detection
6955 - add SIZEOF_CURL_SOCKET_T
6956 - fix USE_UNIX_SOCKETS
6957 - define HAVE_SNPRINTF to 1
6958 - check for fnmatch
6959 - check for sched_yield
6960 - remove HAVE_GETPPID duplicate from curl_config.h
6961 - add HAVE_SENDMSG
6965 Co-authored-by: Viktor Szakats
6968 - configure: remove unused checks
6970 - for sys/uio.h
6971 - for fork
6972 - for connect
6978 - lib: remove TIME_WITH_SYS_TIME
6985 - docs: update curl man page references
6987 Detected by the manpage-syntax update
6991 - manpage-syntax: verify curl man page references
7008 - cmake: add check for suseconds_t
7017 - tidy-up: whitespace fixes
7021 - cmake: detect TLS-SRP in OpenSSL/wolfSSL/GnuTLS
7023 With new option `CURL_DISABLE_SRP=ON` to force-disable it.
7027 - fix detecting GnuTLS.
7029 - add CMake GnuTLS CI job.
7030 - bump AppVeyor CMake OpenSSL MSVC job to OpenSSL 1.1.1 (from 1.0.2)
7031 TLS-SRP fails to detect with 1.0.2 due to an OpenSSL header bug.
7032 - fix compiler warning when building with GnuTLS and disabled TLS-SRP.
7033 - fix comment typos, whitespace.
7039 - tool: use our own stderr variable
7043 the curl-tool specific variable). This solution needed to override the
7051 leave `stderr` as-is. To avoid using `stderr` by mistake, add a
7056 Follow-up to 06133d3e9b8aeb9e9ca0b3370c246bdfbfc8619e
7057 Follow-up to 2f17a9b654121dd1ecf4fc043c6d08a9da3522db
7063 - connect: only start the happy eyeballs timer when needed
7072 - tool_operate: free 'gateway' correctly
7082 - lib: move handling of `data->req.writer_stack` into Curl_client_write()
7084 - move definitions from content_encoding.h to sendf.h
7085 - move create/cleanup/add code into sendf.c
7086 - installed content_encoding writers will always be called
7088 - Curl_client_cleanup() frees writers and tempbuffers from
7095 - multi: round the timeout up to prevent early wakeups
7108 - RELEASE-NOTES: spell out that IPFS is via gateway
7110 - RELEASE-NOTES: synced
7112 - tool_operate: avoid strlen() -1 on zero length content from file
7114 Follow-up to 65b563a96a226649ba12cb1e
7118 - tool_operate: fix memory mixups
7126 Follow-up to 65b563a96a226649ba12cb1e
7132 - curl-functions.m4: fixup recent bad edits
7134 Follow-up to 96c29900bcec32dd6bc8e9857c8871ff4b8b8ed9 #11940
7140 - curl-functions.m4: fix include line
7145 Follow-up to 96c29900bcec (#11940)
7149 - inet_ntop: add typecast to silence Coverity
7154 const" (8 bits, unsigned) is promoted in "src[i] << (1 - i % 2 << 3)" to
7155 type "int" (32 bits, signed), then sign-extended to type "unsigned long"
7156 (64 bits, unsigned). If "src[i] << (1 - i % 2 << 3)" is greater than
7159 111 words[i/2] |= (src[i] << ((1 - (i % 2)) << 3));
7170 - docs: adapt SEE ALSO sections to new requirements
7172 To please manpage-syntax.pl used by test 1173
7176 - manpage-syntax.pl: verify SEE ALSO syntax
7178 - Enforce a single reference per .BR line
7179 - Skip the quotes around the section number for example (3)
7180 - Insist on trailing commas on all lines except the last
7181 - Error on comma on the last SEE ALSO entry
7183 - List the entries alpha-sorted, not enforced just recommended
7187 - connect: expire the timeout when trying next
7194 Reported-by: Loïc Yhuel
7197 - http: remove wrong comment for http_should_fail
7199 Reported-by: Christian Schmitz
7205 - tool_setopt: remove unused function tool_setopt_flags
7214 - cmake: add feature checks for `memrchr` and `getifaddrs`
7216 - `HAVE_MEMRCHR` for `memrchr`.
7217 - `HAVE_GETIFADDRS` for `getifaddrs`.
7225 - cmake: move global headers to specific checks
7233 I've used autotools' `m4/curl-functions.m4` to figure out these
7243 - src/mkhelp: make generated code pass `checksrc`
7247 - tests: show which curl tool `runtests.pl` is using
7253 - CI/azure: make `MAKEFLAGS` global to parallelize all jobs
7257 th -j3)
7261 - CI/azure: migrate old mingw MSYS1 jobs to MSYS2
7265 Follow-up to 38029101e2d78ba125732b3bab6ec267b80a0e72
7271 - docs: add see also curl_multi_get_handles to some man pages
7273 Assisted-by: Jay Satiro
7279 - cmake: assume `_fseeki64` and no `fseeko` on Windows
7281 `_fseeki64` is present in mingw-w64 1.0 (2011-09-26) headers, and
7286 (mingw-w64 1.0 also offers `fseeko64`.)
7288 [1] https://github.com/curl/curl/pull/11944#issuecomment-1734995004
7290 Follow-up to 9c7165e96a3a9a2d0b7059c87c699b5ca8cdae93 #11918
7294 - build: delete checks for C89 standard headers
7303 Follow-up to 9c7165e96a3a9a2d0b7059c87c699b5ca8cdae93 #11918 (for `stdio.h` i
7310 - multiif.h: remove Curl_multi_dump declaration
7312 Follow-up to d850eea2 which removed the Curl_multi_dump definition.
7318 - config-win32: define HAVE__FSEEKI64
7320 Follow-up to 9c7165e9 which added an fseeko wrapper to the lib that
7325 - docs: explain how PINNEDPUBLICKEY is independent of VERIFYPEER
7327 - Explain that peer verification via CURLOPT_PINNEDPUBLICKEY takes place
7332 Bug: https://github.com/curl/curl/issues/2935#issuecomment-418371872
7333 Reported-by: claudiusaiz@users.noreply.github.com
7336 Reported-by: Hakan Sunay Halil
7342 - openssl: improve ssl shutdown handling
7344 - If SSL shutdown is not finished then make an additional call to
7347 - Fix http2 and h2-proxy filters to forward do_close() calls to the next
7354 Curl_conn_close -> cf_hc_close -> Curl_conn_cf_discard_chain ->
7359 Curl_conn_close -> cf_hc_close -> cf_h2_close -> cf_setup_close ->
7371 - multi: fix small timeouts
7382 - cmake: fix stderr initialization in unity builds
7388 Follow-up to 3f8fc25720900b14b7432f4bd93407ca15311719
7393 - cmake: fix missing `zlib.h` when compiling `libcurltool`
7403 cd .../curl/bld-cmake-llvm-x64/src && /usr/local/opt/llvm/bin/clang
7404 --target=x86_64-w64-mingw32 --sysroot=/usr/local/opt/mingw-w64/toolchain-x8
7406 -DCURLDEBUG -DCURL_STATICLIB -DHAVE_CONFIG_H -DUNICODE -DUNITTESTS -D_UNICO
7408 -I.../curl/include -I.../curl/lib -I.../curl/bld-cmake-llvm-x64/lib
7409 -I.../curl/bld-cmake-llvm-x64/include -I.../curl/src -Wno-unused-command-li
7410 ne-argument
7411 -D_UCRT -DDEBUGBUILD -DHAS_ALPN -DUSE_MANUAL=1 -fuse-ld=lld -Wl,-s -static
7412 -libgcc
7413 -lucrt [...] -O3 -DNDEBUG -municode -MD
7414 -MT src/CMakeFiles/curltool.dir/tool_hugehelp.c.obj
7415 -MF CMakeFiles/curltool.dir/tool_hugehelp.c.obj.d
7416 -o CMakeFiles/curltool.dir/tool_hugehelp.c.obj -c .../curl/bld-cmake-llvm-x
7418 .../curl/bld-cmake-llvm-x64/src/tool_hugehelp.c:6:10: fatal error: 'zlib.h' f
7424 Follow-up to 39e7c22bb459c2e818f079984989a26a09741860
7428 - cmake: fix duplicate symbols when linking tests
7430 The linker resolves this automatically in non-unity builds. In unity
7442 ../../lib/libcurlu-d.a(unity_0.c.obj): In function `curlx_convert_UTF8_to_wch
7446 ../../src/libcurltool-d.a(unity_0.c.obj):C:/projects/curl/lib/curl_multibyte.
7448 ../../lib/libcurlu-d.a(unity_0.c.obj): In function `curlx_convert_wchar_to_UT
7452 ../../src/libcurltool-d.a(unity_0.c.obj):C:/projects/curl/lib/curl_multibyte.
7454 ../../lib/libcurlu-d.a(unity_0.c.obj): In function `curlx_win32_open':
7457 ../../src/libcurltool-d.a(unity_0.c.obj):C:/projects/curl/lib/curl_multibyte.
7459 ../../lib/libcurlu-d.a(unity_0.c.obj): In function `curlx_win32_fopen':
7462 ../../src/libcurltool-d.a(unity_0.c.obj):C:/projects/curl/lib/curl_multibyte.
7464 ../../lib/libcurlu-d.a(unity_0.c.obj): In function `curlx_win32_stat':
7486 -DCMAKE_UNITY_BUILD=ON \
7487 -DENABLE_DEBUG=ON -DBUILD_TESTING=ON -DCMAKE_C_FLAGS=-DDEBUGBUILD \
7488 -DBUILD_SHARED_LIBS=ON \
7489 -DBUILD_STATIC_LIBS=OFF
7494 - cmake: lib `CURL_STATICLIB` fixes (Windows)
7496 - always define `CURL_STATICLIB` when building libcurl for Windows.
7507 - fix to omit `libcurl.def` when not hiding private symbols.
7511 - fix `ENABLED_DEBUG=ON` + shared curl tool Windows builds by also
7516 - delete `INTERFACE_COMPILE_DEFINITIONS "CURL_STATICLIB"` for "objects"
7519 Follow-up to 2ebc74c36a19a1700af394c16855ce144d9878e3
7521 - delete duplicate `BUILDING_LIBCURL` definitions.
7523 - fix `HIDES_CURL_PRIVATE_SYMBOLS` to not overwrite earlier build settings.
7525 Follow-up to 1199308dbc902c52be67fc805c72dd2582520d30
7531 - RELEASE-NOTES: synced
7535 - tests: fix log directory path in IPFS tests
7537 Hard-coding the log directory name fails with parallel tests.
7539 Follow-up to 65b563a96
7545 - curl_multi_get_handles: get easy handles from a multi handle
7551 - http: h1/h2 proxy unification
7553 - use shared code for setting up the CONNECT request
7555 - eliminate use of Curl_buffer_send() and other manipulations
7556 of `data->req` or `data->state.ulbuf`
7562 - lib: use wrapper for curl_mime_data fseek callback
7578 - configure: sort AC_CHECK_FUNCS
7584 - warnless: remove unused functions
7590 - GHA/linux: run singleuse to detect single-use global functions
7592 Use --unit for configure --enable-debug builds
7596 - singleuse: add scan for use in other source codes
7598 This should reduce false-positive to almost zero. Checks for presence in
7599 unit tests if --unit is specified, which is intended for debug builds
7604 - multi: remove Curl_multi_dump
7606 A debug-only function that is basically never used. Removed to ease the
7607 use of the singleuse script to detect non-static functions not used
7614 - tests: fix compiler warnings
7620 for non-static variable 'logdir' [-Wmissing-variable-declarations]
7628 for non-static variable 'loglockfile' [-Wmissing-variable-declarations]
7636 ion for non-static variable 'logdir' [-Wmissing-variable-declarations]
7644 here [-Wcomma]
7656 > 2147483647 is always false [-Wtautological-type-limit-compare]
7662 'long' > 2147483647 is always false [-Wtautological-type-limit-compare]
7669 > 2147483647 is always false [-Wtautological-type-limit-compare]
7675 2147483647 is always false [-Wtautological-type-limit-compare]
7685 'int', but argument has type 'size_t' (aka 'unsigned long') [-Wformat]
7696 - url: fix netrc info message
7698 - Fix netrc info message to use the generic ".netrc" filename if the
7701 - Update --netrc doc to add that recent versions of curl on Windows
7714 - wolfssh: do cleanup in Curl_ssh_cleanup
7720 - tool_listhelp: regenerated
7722 Polished the --ipfs-gateway description
7724 Fixed the --trace-config description
7732 - Makefile.mk: always set `CURL_STATICLIB` for lib (Windows)
7735 `-debug-dyn` builds work with `-DCURL_STATICLIB` set.
7743 - quic: set ciphers/curves the same way regular TLS does
7748 Reported-by: Karthikdasari0423 on github
7749 Assisted-by: Jay Satiro
7752 - test457: verify --max-filesize with chunked encoding
7754 - lib: let the max filesize option stop too big transfers too
7762 Reported-by: Elliot Killick
7763 Assisted-by: Jay Satiro
7768 - mingw: delete support for legacy mingw.org toolchain
7778 curl now relies on toolchains based on the mingw-w64 project:
7779 https://www.mingw-w64.org/ https://sourceforge.net/projects/mingw-w64/
7781 https://github.com/mstorsjo/llvm-mingw
7788 - curl: add support for the IPFS protocols:
7790 - ipfs://<cid>
7791 - ipns://<cid>
7805 - bufq: remove Curl_bufq_skip_and_shift (unused)
7809 - scripts/singleuse.pl: add curl_global_trace
7813 - cmake: fix unity symbol collisions in h2 builds
7817 Reviewed-by: Daniel Stenberg
7818 Reviewed-by: Jay Satiro
7823 - RELEASE-NOTES: synced
7827 - github/labeler: improve the match patterns
7835 - upload-file.d: describe the file name slash/backslash handling
7841 - libssh: cap SFTP packet size sent
7845 Signed-off-by: Jakub Jelen <jjelen@redhat.com>
7851 - curl.h: mark CURLSSLBACKEND_NSS as deprecated since 8.3.0
7855 - mailmap: unify Michael Osipov under a single email
7859 - docs: use CURLSSLBACKEND_NONE
7861 [ssl] use CURLSSLBACKEND_NONE instead of (curl_sslbackend)-1 in
7864 Signed-off-by: Ted Lyngmo <ted@lyncon.se>
7870 - github/labeler: give the sync-labels config item a default value
7877 Follow-up to dd12b452a
7880 - github/labeler: fix up more the labeler config format
7885 Follow-up to dd12b452a
7888 - github/labeler: fix indenting to try to appease labeller
7890 Follow-up to dd12b452a
7894 - libssh2: fix error message on failed pubkey-from-file
7896 - If libssh2_userauth_publickey_fromfile_ex returns -1 then show error
7897 message "SSH public key authentication failed: Reason unknown (-1)".
7899 When libssh2_userauth_publickey_fromfile_ex returns -1 it does so as a
7907 Bug: https://github.com/curl/curl/issues/11837#issue-1891827355
7908 Reported-by: consulion@users.noreply.github.com
7914 - pytest: exclude test_03_goaway in CI runs due to timing dependency
7918 - lib: disambiguate Curl_client_write flag semantics
7920 - use CLIENTWRITE_BODY *only* when data is actually body data
7921 - add CLIENTWRITE_INFO for meta data that is *not* a HEADER
7922 - debug assertions that BODY/INFO/HEADER is not used mixed
7923 - move `data->set.include_header` check into Curl_client_write
7925 - add special in FTP for `data->set.include_header` for historic,
7927 - move unpausing of client writes from easy.c to sendf.c, so that
7934 - tftpd: always use curl's own tftp.h
7937 and reports a stringop-overread warning:
7941 rom a region of size 0 [-Wstringop-overread]
7942 485 | return write(test->ofile, writebuf, count);
7966 - test1474: make precheck more robust on non-Solaris systems
7968 If uname -r returns something odd, perl could return an error code and
7973 - github/labeler: switch to the 5 beta version
7982 - lib: enable hmac for digest as well
7984 Previously a build that disabled NTLM and aws-sigv4 would fail to build
7987 Follow-up to e92edfbef64448ef
7990 Reported-by: Aleksander Mazur
7993 - idn: if idn2_check_version returns NULL, return error
7997 Reported-by: s0urc3_ on hackerone
8000 - http: fix CURL_DISABLE_BEARER_AUTH breakage
8005 Follow-up to e92edfbef64448ef461
8007 Reported-by: Aleksander Mazur
8012 - wolfssl: allow capath with CURLOPT_CAINFO_BLOB
8019 - wolfssl: use ssl_cafile/ssl_capath variables consistent with openssl.c
8025 - test1474: disable test on NetBSD, OpenBSD and Solaris 10
8031 Assisted-by: Christian Weisgerber
8032 Ref: https://curl.se/mail/lib-2023-09/0021.html
8037 - cmake, configure: also link with CoreServices
8048 - CI/azure: remove pip, wheel, cryptography, pyopenssl and impacket
8052 Ref: https://github.com/mback2k/curl-docker-winbuildenv/commit/2607a31bcab544
8059 - wolfssl: if CURLOPT_CAINFO_BLOB is set, ignore the CA files
8062 Reported-by: Michael Osipov
8065 - RELEASE-NOTES: synced
8067 - test3103: CURLOPT_COOKIELIST test
8069 - cookie: set ->running in cookie_init even if data is NULL
8076 Reported-by: wangp on github
8079 - test498: total header size for all redirects is larger than accepted
8081 - http: use per-request counter to check too large headers
8085 Follow-up to 3ee79c1674fd6
8091 Reported-by: Joshix-1 on github
8096 - THANKS: add Eric Murphy
8099 'reported-by' entry in the fix 267e14f1.
8103 - h2-proxy: remove left-over mistake in drain_tunnel()
8105 Left-over from 331b89a319
8107 Reported-by: 南宫雪珊
8113 - lib: failf/infof compiler warnings
8119 - rand: fix 'alnum': array is too small to include a terminating null character
8124 Follow-up to 3aa3cc9b052353b1
8126 Reported-by: Dan Fandrich
8132 - cmake: fix the help text to the static build option in CMakeLists.txt
8138 - MANUAL.md: change domain to example.com
8144 - doh: inherit DEBUGFUNCTION/DATA
8151 Reported-by: calvin2021y on github
8157 - http_aws_sigv4: fix sorting with empty parts
8159 When comparing with an empty part, the non-empty one is always
8160 considered greater-than. Previously, the two would be considered equal
8161 which would randomly place empty parts amongst non-empty ones. This
8168 - CI: ignore the "flaky" and "timing-dependent" test results
8180 - runtests: eliminate a warning on old perl versions
8185 - tests: log the test result code after each libtest
8192 - misc: better random strings
8200 The MIME multipart boundary used to be mere 64-bits of randomness due
8208 - cookie: reduce variable scope, add const
8210 - cookie: do not store the expire or max-age strings
8216 - cookie: remove unnecessary struct fields
8224 - RELEASE-NOTES: synced
8230 - test2600: remove special case handling for USE_ALARM_TIMEOUT
8236 The need for this special-case was removed in commit 8627416, which
8244 - SECURITY-PROCESS.md. call it vulnerability disclosure policy
8246 SECURITY-PROCESS.md -> VULN-DISCLOSURE-POLICY.md
8255 - quiche: fix build error with --with-ca-fallback
8257 - Fix build error when curl is built with --with-quiche
8258 and --with-ca-fallback.
8260 - Add --with-ca-fallback to the quiche CI job.
8267 - escape: replace Curl_isunreserved with ISUNRESERVED
8269 - Use the ALLCAPS version of the macro so that it is clear a macro is
8272 - Also capitalize macro isurlpuntcs => ISURLPUNTCS since it evaluates
8275 This is a follow-up to 291d225a which changed Curl_isunreserved into an
8286 - tests: increase the default server logs lock timeout
8296 - tests: increase TEST_HANG_TIMEOUT in two tests
8300 heavily-loaded machines.
8304 - test1056: disable on Windows
8307 ipv6-localhost (i.e. [::1%259999] is treated as [::1]). Maybe this is a bit
8313 - test587: add a slight delay after test
8326 - tests: stop overriding the lock timeout
8334 - tests: add some --expect100-timeout to reduce timing dependencies
8338 100-continue timeout triggered. Increase that 1 second to 999 seconds so
8343 - test661: return from test early in case of curl error
8345 - tests: add the timing-dependent keyword on several tests
8347 These are ones likely to fail on heavily-loaded machines that alter the
8351 - test1592: greatly increase the maximum test timeout
8354 as a fail-safe only, it didn't need to be short.
8358 - test: minor test cleanups
8363 - tests: quadruple the %FTPTIME2 and %FTPTIME3 timeouts
8370 - tests: improve SLOWDOWN test reliability by reducing sent data
8379 than half, which reduces the opportunity for test-breaking slowdowns by
8384 - test650: fix an end tag typo
8388 - tool_cb_wrt: fix debug assertion
8390 - Fix off-by-one out-of-bounds array index in Windows debug assertion.
8393 Reported-by: Gisle Vanem
8397 - ctype: add ISUNRESERVED()
8408 - RELEASE-NOTES: syn ced
8412 - THANKS: contributors from 8.3.0
8416 - cmake: set SIZEOF_LONG_LONG in curl_config.h
8424 - curl_ngtcp2: fix error message
8426 - http_aws_sigv4: handle no-value user header entries
8428 - Handle user headers in format 'name:' and 'name;' with no value.
8432 no-value header in the format 'name:' (note the semi-colon is converted
8438 Reported-by: apparentorder@users.noreply.github.com
8440 Ref: https://curl.se/docs/manpage.html#-H
8447 - CI: run pytest with the -v option
8455 - HTTP3: the msquic backend is not functional
8463 - aws_sigv4: the query canon code miscounted URL encoded input
8467 Follow-up to fc76a24c53b08cdf
8473 - quic: don't set SNI if hostname is an IP address
8480 Ref: https://www.rfc-editor.org/rfc/rfc6066#section-3
8487 - RELEASE-NOTES: synced
8491 - configure: fix `HAVE_TIME_T_UNSIGNED` check
8501 - THANKS-filter: pszlazak on github
8505 - include.d: explain headers not printed with --fail before 7.75.0
8507 Prior to 7.75.0 response headers were not printed if -f/--fail was used
8515 - http_aws_sigv4: skip the op if the query pair is zero bytes
8517 Follow-up to fc76a24c53b08cdf
8519 Spotted by OSS-Fuzz
8521 Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62175
8524 - cmdline-docs: use present tense, not future
8530 - cmdline-docs: make sure to phrase it as "added in ...."
8535 1 - consistency
8537 2 - to allow gen.pl to strip them out if deemed referring to too old
8544 - docs: mark --ssl-revoke-best-effort as Schannel specific
8550 - schannel: fix ordering of cert chain info
8552 - Use CERT_CONTEXT's pbCertEncoded to determine chain order.
8555 end-entity/server certificate in pbCertEncoded. We can use this pointer
8573 - digest: Use hostname to generate spn instead of realm
8575 In https://www.rfc-editor.org/rfc/rfc2831#section-2.1.2
8577 digest-uri-value should be serv-type "/" host , where host is:
8580 DNS host name must be the fully-qualified canonical name of the
8582 processing of the digest-uri.
8586 Note this change only affects the non-SSPI digest code. The digest code
8595 - docs: remove use of the word 'very'
8601 - curl_multi_remove_handle.3: clarify what happens with connection
8605 - RELEASE-NOTES: synced
8607 - test439: verify query canonization for aws-sigv4
8609 - tool_operate: make aws-sigv4 not require TLS to be used
8613 - http_aws_sigv4: canonicalize the query
8616 non-alphanumerical must be percent-encoded.
8619 Reported-by: John Walker
8624 - lib: add ability to disable auths individually
8632 - ngtcp2: fix handling of large requests
8634 - requests >64K are send in parts to the filter
8635 - fix parsing of the request to assemble it correctly
8637 - open a QUIC stream only when the complete request has
8642 - openssl: when CURLOPT_SSL_CTX_FUNCTION is registered, init x509 store before
8644 - we delay loading the x509 store to shorten the handshake time.
8647 - load the x509 store before invoking the app callback
8650 Reported-by: guoxinvmware on github
8655 - krb5: fix "implicit conversion loses integer precision" warnings
8663 - pytest: improvements
8665 - set CURL_CI for pytest runs in CI environments
8666 - exclude timing sensitive tests from CI runs
8667 - for failed results, list only the log and stat of
8670 - fix type in http.c comment
8674 - CI: move on to ngtcp2 v0.19.1
8680 - CI: run Circle macOS builds on x86 for now
8683 warnings e-mails to be sent to some PR pushers.
8689 - http3: adjust cast for ngtcp2 v0.19.0
8698 char') [-Wimplicit-int-conversion]
8713 - http: fix sending of large requests
8715 - refs #11342 where errors with git https interactions
8717 - problem was caused by 1st sends of size larger than 64KB
8719 - limit sending of 1st block to 64KB
8720 - adjust h2/h3 filters to cope with parsing the HTTP/1.1
8723 - introducing Curl_nwrite() as companion to Curl_write()
8729 - pytest: fix check for slow_network skips to only apply when intended
8735 - curl_url_get/set.3: add missing semicolon in SYNOPSIS
8737 - CURLOPT_URL.3: explain curl_url_set() uses the same parser
8739 - CURLOPT_URL.3: add two URL API calls in the see-also section
8743 - CI: add a 32-bit i686 Linux build
8745 This is done by cross-compiling under regular x86_64 Linux. Since the
8751 - tests: fix a type warning on 32-bit x86
8755 - tests: delete stray `.orig` file
8757 Follow-up to 331b89a319d0067fa1e6441719307cfef9c7960f
8762 - RELEASE-NOTES: synced
8766 - lib: silence compiler warning in inet_ntop6
8770 e [-Wcomma]
8784 - transfer: also stop the sending on closed connection
8787 also still sending (like a request-body) when disconnected and neither
8791 Reported-by: Oleg Jukovec
8796 - docs: change `sub-domain` to `subdomain`
8804 - multi: more efficient pollfd count for poll
8806 - do not use separate pollfds for sockets that have POLLIN+POLLOUT
8810 - http2: polish things around POST
8812 - added test cases for various code paths
8813 - fixed handling of blocked write when stream had
8815 - re-enabled DEBUGASSERT on send with smaller data size
8817 - in debug builds, environment variables can be set to simulate a slow
8818 network when sending data. cf-socket.c and vquic.c support
8834 - docs: add curl_global_trace to some SEE ALSO sections
8838 - os400: fix checksrc nits
8844 - hyper: remove `hyptransfer->endtask`
8849 address of any `foreach` task in `hyptransfer->endtask` before pushing
8864 removing the need for `hyptransfer->endtask`. This makes the code look
8872 - ws: fix spelling mistakes in examples and tests
8878 - tool_filetime: make -z work with file dates before 1970
8881 Reported-by: Harry Sintonen
8886 - build: fix portability of mancheck and checksrc targets
8893 - CI: adjust labeler match patterns for new & obsolete files
8895 - configure: trust pkg-config when it's used for zlib
8897 The library flags retrieved from pkg-config were later thrown out and
8898 harded-coded, which negates the whole reason to use pkg-config.
8899 Also, previously, the assumption was made that --libs-only-l and
8900 --libs-only-L are the full decomposition of --libs, which is untrue and
8902 better in that it uses --libs, although only if --libs-only-l returns
8905 Bug: https://curl.se/mail/lib-2023-08/0081.html
8906 Reported-by: Randall
8911 - CI/ngtcp2: clear wolfssl for when cache is ignored
8917 - RELEASE-NOTES: synced
8921 - hyper: fix a progress upload counter bug
8929 -Progress callback called with UL 8 out of 0[LF]
8930 -Progress callback called with UL 16 out of 0[LF]
8931 -Progress callback called with UL 26 out of 0[LF]
8932 -Progress callback called with UL 61 out of 0[LF]
8933 -Progress callback called with UL 66 out of 0[LF]
8939 -Progress callback called with UL 8 out of 0[LF]
8940 -Progress callback called with UL 16 out of 0[LF]
8941 -Progress callback called with UL 26 out of 0[LF]
8942 -Progress callback called with UL 61 out of 0[LF]
8943 -Progress callback called with UL 66 out of 0[LF]
8952 - awssiv4: avoid freeing the date pointer on error
8956 Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61908
8958 Follow-up to b137634ba3adb
8964 - CI: ngtcp2-linux: use separate caches for tls libraries
8970 - replace `master` as wolfssl-version with recent commit
8972 - wolfssl, use master again in CI
8974 - with the shared session update fix landed in master, it
8979 - tests: fix formatting errors in `FILEFORMAT.md`.
8988 - cmake: add support for `CURL_DEFAULT_SSL_BACKEND`
8993 `cmake [...] -DCURL_DEFAULT_SSL_BACKEND=mbedtls`
8996 schannel, secure-transport, wolfssl
8999 The value is case-insensitive.
9008 - sectransp: fix compiler warnings
9010 https://github.com/curl/curl-for-win/actions/runs/6037489221/job/16381860220#
9013 /Users/runner/work/curl-for-win/curl-for-win/curl/lib/vtls/sectransp.c:2435:1
9014 4: warning: unused variable 'success' [-Wunused-variable]
9017 /Users/runner/work/curl-for-win/curl-for-win/curl/lib/vtls/sectransp.c:3300:4
9018 4: warning: unused parameter 'sha256len' [-Wunused-parameter]
9025 - tidy-up: mostly whitespace nits
9027 - delete completed TODO from `./CMakeLists.txt`.
9028 - convert a C++ comment to C89 in `./CMake/CurlTests.c`.
9029 - delete duplicate EOLs from EOF.
9030 - add missing EOL at EOF.
9031 - delete whitespace at EOL (except from expected test results).
9032 - convert tabs to spaces.
9033 - convert CRLF EOLs to LF in GHA yaml.
9034 - text casing fixes in `./CMakeLists.txt`.
9035 - fix a codespell typo in `packages/OS400/initscript.sh`.
9041 - CI: remove Windows builds from Cirrus, without replacement
9050 - CI: switch macOS ARM build from Cirrus to Circle CI
9064 - CI: use the right variable for BSD make
9069 - CI: drop the FreeBSD 12.X build
9075 - CI: move the Alpine build from Cirrus to GHA
9082 - test_07_upload.py: fix test_07_34 curl args
9084 - Pass correct filename to --data-binary.
9086 Prior to this change --data-binary was passed an incorrect filename due
9095 - tests: document which tests fail due to hyper's lack of trailer support.
9099 - docs: removing "pausing transfers" from HYPER.md.
9107 - os400: handle CURL_TEMP_PRINTF() while building bind source
9111 - os400: build test servers
9113 Also fix a non-compliant main prototype in disabled.c.
9117 - tests: fix compilation error for os400
9126 - os400: make programs and command name configurable
9130 - os400: move build configuration parameters to a separate script
9137 - os400: implement CLI tool
9146 - lib: fix aws-sigv4 having date header twice in some cases
9148 When the user was providing the header X-XXX-Date, the header was
9149 re-added during signature computation, and we had it twice in the
9152 Reported-by: apparentorder@users.noreply.github.com
9154 Signed-off-by: Matthias Gatto <matthias.gatto@outscale.com>
9161 - multi: remove 'processing: <url>' debug message
9163 - Remove debug message added by e024d566.
9167 - ftp: fix temp write of ipv6 address
9169 - During the check to differentiate between a port and IPv6 address
9179 - tool: change some fopen failures from warnings to errors
9181 - Error on missing input file for --data, --data-binary,
9182 --data-urlencode, --header, --variable, --write-out.
9187 POST using `--data @filenametypo` would cause a zero length POST which
9192 - hostip: fix typo
9196 - tool: avoid including leading spaces in the Location hyperlink
9198 Co-authored-by: Dan Fandrich <dan@coneharvesters.com>
9204 - SECURITY-PROCESS.md: not a sec issue: Tricking user to run a cmdline
9208 - connect: stop halving the remaining timeout when less than 600 ms left
9226 This change stop doing the divided-by-two if the total time left is
9231 - asyn-ares: reduce timeout to 2000ms
9234 lower timeout is used by @c-ares itself by default starting next
9241 - misc: remove duplicate words
9247 - RELEASE-NOTES: synced
9249 - wolfSSL: avoid the OpenSSL compat API when not needed
9257 - lib: fix null ptr derefs and uninitialized vars (h2/h3)
9261 Assisted-by: Jay Satiro
9262 Assisted-by: Stefan Eissing
9267 - secureserver.pl: fix stunnel version parsing
9269 - Allow the stunnel minor-version version part to be zero.
9275 be caused by a minor-version part of 0, since the major-version part is
9280 - secureserver.pl: fix stunnel path quoting
9282 - Store the stunnel path in the private variable $stunnel unquoted and
9289 if(-x $stunnel or -x "$stunnel")
9300 - altsvc: accept and parse IPv6 addresses in response headers
9302 Store numerical IPv6 addresses in the alt-svc file with the brackets
9308 Reported-by: oliverpool on github
9311 - libtest: use curl_free() to free libcurl allocated data
9318 Reported-by: Nicholas Nethercote
9323 - disable.d: explain --disable not implemented prior to 7.50.0
9325 Option -q/--disable was added in 5.0 but only -q was actually
9326 implemented. Later --disable was implemented in e200034 (precedes
9329 Reported-by: pszlazak@users.noreply.github.com
9336 - hyper: fix ownership problems
9343 - In `start_CONNECT`, add a missing `hyper_clientconn_free` call on the
9345 - In `start_CONNECT`, add a missing `hyper_request_free` on the error
9347 - In `bodysend`, add a missing `hyper_body_free` on an early-exit path.
9348 - In `bodysend`, remove an unnecessary `hyper_body_free` on a different
9349 error path that would cause a double-free.
9362 - multi.h: the 'revents' field of curl_waitfd is supported
9366 Reported-by: Nicolás Ojeda Bär
9372 - tool_paramhlp: improve str2num(): avoid unnecessary call to strlen()
9378 - docs: mention critical files in same directories as curl saves
9382 Co-authored-by: Jay Satiro
9383 Reported-by: Harry Sintonen
9389 - OpenSSL: clear error queue after SSL_shutdown
9405 Co-authored-by: Satana de Sant'Ana <satana@skylittlesystem.org>
9411 - tests: update cookie expiry dates to far in the future
9421 - misc: fix spelling
9427 - cmdline-opts/page-header: clarify stronger that !opt == URL
9434 - tests/runner: fix %else handling
9439 Follow-up to 3d089c41ea9
9445 - docs: Remove mention of #10803 from `KNOWN_BUGS`.
9449 - c-hyper: fix another memory leak in `Curl_http`.
9459 - c-hyper: fix a memory leak in `Curl_http`.
9464 This is not terrifically clear from the hyper docs --
9466 not going to send it on a client" -- but a perusal of the hyper code
9479 - RELEASE-NOTES: synced
9483 - misc: spellfixes
9489 - tests: add support for nested %if conditions
9499 - time-cond.d: mention what happens on a missing file
9505 - docs/cmdline-opts: match the current output
9513 - lib: minor comment corrections
9515 - docs: rewrite to present tense
9520 + stick to "reuse" not "re-use"
9525 - urlapi: setting a blank URL ("") is not an ok URL
9529 Reported-by: ad0p on github
9532 - spelling: use 'reuse' not 're-use' in code and elsewhere
9540 - system.h: add CURL_OFF_T definitions on HP-UX with HP aCC
9542 HP-UX on IA64 provides two modes: 32 and 64 bit while 32 bit being the
9550 - tests: don't call HTTP errors OK in test cases
9555 - http: close the connection after a late 417 is received
9560 Assisted-by: Jay Satiro
9564 - runtests: slightly increase the longest log file displayed
9570 - tests: add delay command to the HTTP server
9576 - cirrus: install everthing with pkg, avoid pip
9578 Assisted-by: Sevan Janiyan
9582 - curl_url*.3: update function descriptions
9584 - expand and clarify several descriptions
9585 - avoid using future tense all over
9589 - RELEASE-NOTES: synced
9593 - CI/cirrus: disable python install on FreeBSD
9595 - python cryptography package does not build build FreeBSD
9596 - install just mentions "error"
9597 - this gets the build and the main test suite going again
9601 - test2600: fix flakiness on low cpu
9603 - refs #11355 where failures to to low cpu resources in CI
9605 - vastly extend CURLOPT_CONNECTTIMEOUT_MS and max durations
9607 - trigger Curl_expire() in test filter to allow re-checks before
9614 - tool_urlglob: use the correct format specifier for curl_off_t in msnprintf
9620 - test687/688: two more basic --xattr tests
9624 - cmdline-opts/docs: mentioned the negative option part
9626 ... for --no-alpn and --no-buffer in the same style done for other --no-
9635 - tool/var: also error when expansion result starts with NUL
9645 - tests: add 'large-time' as a testable feature
9654 - tests/Makefile: add check-translatable-options.pl to tarball
9658 Follow-up to ae806395abc8c
9660 - gen.pl: fix a long version generation mistake
9665 Follow-up to 439ff2052e219
9667 Reported-by: Lukas Tribus
9671 - lib: move mimepost data from ->req.p.http to ->state
9675 entire transfer and not only per single HTTP request. This re-enables
9679 The request struct is per-request data only.
9684 Reported-by: yushicheng7788 on github
9689 - os400: do not check translatable options at build time
9696 - test1554: check translatable string options in OS400 wrapper
9707 - unit3200: skip testing if function is not present
9712 - unit2600: fix build warning if built without verbose messages
9714 - test1608: make it build and get skipped without shuffle DNS support
9716 - lib: --disable-bindlocal builds curl without local binding support
9718 - test1304: build and skip without netrc support
9720 - lib: build fixups when built with most things disabled
9724 - workflows/macos.yml: disable zstd and alt-svc in the http-only build
9730 - bearssl: handshake fix, provide proper get_select_socks() implementation
9732 - bring bearssl handshake times down from +200ms down to other TLS backends
9733 - vtls: improve generic get_select_socks() implementation
9734 - tests: provide Apache with a suitable ssl session cache
9738 - tests: TLS session sharing test
9740 - test TLS session sharing with special test client
9741 - expect failure with wolfSSL
9742 - disable flaky wolfSSL test_02_07b
9748 - CURLOPT_*TIMEOUT*: extend and clarify
9752 - urlapi: return CURLUE_BAD_HOSTNAME if puny2idn encoding fails
9757 Pointed-out-by: Jacob Mealey
9762 - cmake: add GnuTLS option
9764 - Option to use GNUTLS was missing. Hence was not able to use GNUTLS
9771 - RELEASE-NOTES: synced
9773 - http: remove the p_pragma struct field
9781 - CURLINFO_CERTINFO.3: better explain curl_certinfo struct
9785 - CURLINFO_TLS_SSL_PTR.3: clarify a recommendation
9787 - Remove the out-of-date SSL backend list supported by
9795 - write-out.d: clarify %{time_starttransfer}
9801 - transfer: don't set TIMER_STARTTRANSFER on first send
9806 Reported-by: JazJas on github
9809 trrui-huawei (15 Aug 2023)
9811 - quiche: enable quiche to handle timeout events
9821 - quiche: adjust quiche `QUIC_IDLE_TIMEOUT` to 60s
9827 - KNOWN_BUGS: LDAPS requests to ActiveDirectory server hang
9831 - imap: add a check for failing strdup()
9833 - imap: remove the only sscanf() call in the IMAP code
9839 - imap: use a dynbuf in imap_atom
9847 - http: do not require a user name when using CURLAUTH_NEGOTIATE
9854 curl -u : --negotiate https://example.com/
9860 Signed-off-by: Marin Hannache <git@mareo.fr>
9861 Reported-by: Enrico Scholz
9868 - build: streamline non-UWP wincrypt detections
9870 - with CMake, use the variable `WINDOWS_STORE` to detect an UWP build
9871 and disable our non-UWP-compatible use the Windows crypto API. This
9879 - with autotools, drop the separate feature check for `wincrypt.h`. On
9886 Reviewed-by: Marcel Raad
9891 - docs/HYPER.md: update hyper build instructions
9893 Nightly Rust and `-Z unstable-options` are not needed.
9903 - RELEASE-NOTES: synced
9905 - urlapi: CURLU_PUNY2IDN - convert from punycode to IDN name
9907 Asssisted-by: Jay Satiro
9910 - spellcheck: adapt to backslashed minuses
9917 Follow-up to 439ff2052e
9921 - gen: escape more minus
9928 - cookie-jar.d: enphasize that this option is ONLY writing cookies
9930 Reported-by: Dan Jacobson
9931 Tweaked-by: Jay Satiro
9937 - docs/HYPER.md: document a workaround for a link error
9943 - schannel: verify hostname independent of verify cert
9953 Assisted-by: Daniel Stenberg
9955 Bug: https://curl.haxx.se/mail/lib-2018-10/0113.html
9956 Reported-by: Martin Galvan
9965 - curl_quiche: remove superfluous NULL check
9967 'stream' is always non-NULL at this point
9973 - curl/urlapi.h: tiny typo
9975 - github/labeler: make HYPER.md set Hyper and not TLS
9977 - docs/cmdline-opts/gen.pl: hide "added in" before 7.50.0
9990 - bug_report: require reporters to specify curl and os versions
9992 - Change curl version and os sections from single-line input to
9993 multi-line textarea.
9995 - Require curl version and os sections to be filled out before report
10002 - gen.pl: replace all single quotes with aq
10004 - this prevents man from using a unicode sequence for them
10005 - which then allows search to work properly
10011 - cmake: fix to use variable for the curl namespace
10016 Follow-up to 1199308dbc902c52be67fc805c72dd2582520d30 #11505
10018 Reported-by: balikalina on Github
10023 - cmake: allow `SHARE_LIB_OBJECT=ON` on all platforms
10039 - cmake: assume `wldap32` availability on Windows
10052 Reviewed-by: Jay Satiro
10057 - page-header: move up a URL paragraph from GLOBBING to URL
10059 - variable.d: output the function names table style
10065 - haproxy-clientip.d: remove backticks
10069 Follow-up to 0a75964d0d94a4
10073 - RELEASE-NOTES: synced
10075 - gen.pl: escape all dashes (ascii minus) to avoid unicode hyphens
10077 Reported-by: FC Stegerman
10081 - cmdline-opts/page-header: reorder, clean up
10083 - removed some unnecessary blurb to focus
10084 - moved up the more important URL details
10085 - put "globbing" into its own subtitle and moved down a little
10086 - mention the online man page in the version section
10090 - c-hyper: adjust the hyper to curlcode conversion
10094 - test2306: make it use a persistent connection
10102 - list-only.d: mention SFTP as supported protocol
10108 - request.d: use .TP for protocol "labels"
10114 - cf-haproxy: make CURLOPT_HAPROXY_CLIENT_IP set the *source* IP
10120 Reported-by: Markus Sommer
10124 - page-footer: QLOGDIR works with ngtcp2 and quiche
10133 - http3: quiche, handshake optimization, trace cleanup
10135 - load x509 store after clienthello
10136 - cleanup of tracing
10142 - ngtcp2: remove dead code
10152 - openssl: auto-detect `SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED`
10156 replacing the hard-wired fork-specific conditions.
10161 Follow-up to 94241a9e78397a2aaf89a213e6ada61e7de7ee02 #6721
10163 Reviewed-by: Jay Satiro
10166 - openssl: use `SSL_CTX_set_ciphersuites` with LibreSSL 3.4.1
10168 LibreSSL 3.4.1 (2021-10-14) added support for
10171 Ref: https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.4.1-relnotes.txt
10173 Reviewed-by: Jay Satiro
10176 - openssl: use `SSL_CTX_set_keylog_callback` with LibreSSL 3.5.0
10178 LibreSSL 3.5.0 (2022-02-24) added support for
10181 Ref: https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.5.0-relnotes.txt
10183 Reviewed-by: Jay Satiro
10186 - cmake: drop `HAVE_LIBWINMM` and `HAVE_LIBWS2_32` feature checks
10188 - `HAVE_LIBWINMM` was detected but unused. The `winmm` system library is
10193 - `HAVE_LIBWS2_32` detected `ws2_32` lib on Windows. This lib is present
10203 - crypto: ensure crypto initialization works
10208 Reported-by: Philippe Antoine on HackerOne
10209 Assisted-by: Jay Satiro
10210 Assisted-by: Daniel Stenberg
10216 - openssl: switch to modern init for LibreSSL 2.7.0+
10218 LibreSSL 2.7.0 (2018-03-21) introduced automatic initialization,
10223 Ref: https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.7.0-relnotes.txt
10225 Reviewed-by: Daniel Stenberg
10230 - gskit: remove
10234 - This is a niche TLS library, only running on some IBM systems
10235 - no regular curl contributors use this backend
10236 - no CI builds use or verify this backend
10237 - gskit, or the curl adaption for it, lacks many modern TLS features
10239 - build breakages in this code take weeks or more to get detected
10240 - fixing gskit code is mostly done "flying blind"
10243 been mentioned on the curl-library mailing list.
10250 - RELEASE-NOTES: synced
10254 - THANKS-filter: add a name typo
10258 - http3/ngtcp2: shorten handshake, trace cleanup
10260 - shorten handshake timing by delayed x509 store load (OpenSSL)
10262 - cleanup of trace output, align with HTTP/2 output
10268 - headers: accept leading whitespaces on first response header
10275 Reported-by: junsik on github
10279 - include/curl/mprintf.h: add __attribute__ for the prototypes
10281 - if gcc or clang is used
10282 - if __STDC_VERSION__ >= 199901L, which means greater than C90
10283 - if not using mingw
10284 - if CURL_NO_FMT_CHECKS is not defined
10288 - tests: fix bad printf format flags in test code
10290 - tests: fix header scan tools for attribute edits in mprintf.h
10292 - cf-socket: log successful interface bind
10300 - CURLOPT_SSL_VERIFYPEER.3: mention it does not load CA certs when disabled
10305 - CURLOPT_SSL_VERIFYPEER.3: add two more see also options
10311 - KNOWN_BUGS: aws-sigv4 does not behave well with AWS VPC Lattice
10317 - CI: use openssl 3.0.10+quic, nghttp3 0.14.0, ngtcp2 0.18.0
10323 - TODO: add *5* entries for aws-sigv4
10331 - TODO: LDAP Certificate-Based Authentication
10337 - http2: cleanup trace messages
10339 - more compact format with bracketed stream id
10340 - all frames traced in and out
10346 - tests/tftpd+mqttd: make variables static to silence picky warnings
10350 - docs/cmdline: remove repeated working for negotiate + ntlm
10356 - docs/cmdline: add small "warning" to verbose options
10364 - RELEASE-NOTES: synced
10366 - pingpong: don't use *bump_headersize
10370 Follow-up to 3ee79c1674fd6
10374 - urldata: remove spurious parenthesis to unbreak no-proxy build
10376 Follow-up to e12b39e13382
10380 - easy: don't call Curl_trc_opt() in disabled-verbose builds
10382 Follow-up to e12b39e133822c6a0
10386 - http: use %u for printfing int
10388 Follow-up to 3ee79c1674fd6f99e8efca5
10394 - vquic: show stringified messages for errno
10400 - trace: make tracing available in non-debug builds
10402 Add --trace-config to curl
10410 - TODO: remove "Support intermediate & root pinning for PINNEDPUBLICKEY"
10414 - TODO: add "WebSocket read callback"
10420 - test497: verify rejecting too large incoming headers
10422 - http: return error when receiving too large header set
10426 suggests that Chrome uses a 256-300 KB limit, while Firefox allows up to
10433 - http2: upgrade tests and add fix for non-existing stream
10435 - check in h2 filter recv that stream actually exists
10437 - add test for parallel, extreme h2 upgrades that fail if
10439 - add h2 upgrade upload test just for completeness
10445 - tests: ensure `libcurl.def` contains all exports
10452 - extend test suite XML `stdout` tag with the `loadfile` attribute.
10454 - fix `tests/extern-scan.pl` and `test1135` to include websocket API.
10456 - use all headers (sorted) in `test1135` instead of a manual list.
10458 - add options `--sort`, `--heading=` to `tests/extern-scan.pl`.
10460 - add `libcurl.def` to the auto-labeler GHA task.
10462 Follow-up to 2ebc74c36a19a1700af394c16855ce144d9878e3
10468 - url: change default value for CURLOPT_MAXREDIRS to 30
10476 - lib: fix a few *printf() flag mistakes
10478 Reported-by: Gisle Vanem
10484 - openssl: make aws-lc version support OCSP
10492 - tool: make the length argument an int for printf()-.* flags
10496 - tool_operate: fix memory leak when SSL_CERT_DIR is used
10500 Follow-up to 29bce9857a12b6cfa726a5
10504 - tool/var: free memory on OOM
10508 Follow-up to 2e160c9c652504e
10514 - gha: bump libressl and mbedtls versions
10520 - schannel: fix user-set legacy algorithms in Windows 10 & 11
10522 - If the user set a legacy algorithm list (CURLOPT_SSL_CIPHER_LIST) then
10525 - If the user set both a legacy algorithm list and a TLS 1.3 cipher list
10535 Reported-by: zhihaoy@users.noreply.github.com
10542 - variable.d: setting a variable again overwrites it
10544 Reported-by: Niall McGee
10550 - CURLOPT_PROXY_SSL_OPTIONS.3: sync formatting
10552 - Re-wrap CURLSSLOPT_ALLOW_BEAST description.
10556 - RELEASE-NOTES: synced
10558 - resolve: use PF_INET6 family lookups when CURL_IPRESOLVE_V6 is set
10563 Reported-by: Joseph Tharayil
10567 - docs: link to the website versions instead of markdowns
10572 Reported-by: Maurício Meneghini Fauth
10573 Fixes https://github.com/curl/curl-www/issues/272
10578 - cmake: cache more config and delete unused ones
10580 - cache more Windows config results for faster initialization.
10582 - delete unused config macros `HAVE_SYS_UTSNAME_H`, `HAVE_SSL_H`.
10584 - delete dead references to `sys/utsname.h`.
10588 - egd: delete feature detection and related source code
10590 EGD is Entropy Gathering Daemon, a socket-based entropy source supported
10591 by pre-OpenSSL v1.1 versions and now deprecated. curl also deprecated it
10598 source snippet, and the `--with-egd-socket=` `./configure` option.
10604 - tests: fix h3 server check and parallel instances
10606 - fix check for availability of nghttpx server
10607 - add `tcp` frontend config for same port as quic, as
10615 - docs/cmdline-opts: spellfixes, typos and polish
10621 - CI/spellcheck: build curl.1 and spellcheck it
10629 - misc: fix various typos
10635 - http2: avoid too early connection re-use/multiplexing
10641 Lots-of-debgging-by: Stefan Eissing
10642 Reported-by: Richard W.M. Jones
10643 Bug: https://curl.se/mail/lib-2023-07/0045.html
10646 - Revert "KNOWN_BUGS: build for iOS simulator on macOS 13.2 with Xcode 14"
10652 Reported-by: Ryan Schmidt
10653 Ref: https://github.com/curl/curl/issues/11215#issuecomment-1658729367
10657 - cmake: add support for single libcurl compilation pass
10665 libcurl at the same time, making these dual builds an almost zero-cost
10675 in curl-for-win, which generated a `libcurl.def` from `.h` files using
10679 libcurl API symbols up-to-date. This list seldom changes, so the cost
10684 - cmake: detect `SSL_set0_wbio` in OpenSSL
10689 Follow-up to f39472ea9f4f4e12cfbc0500c4580a8d52ce4a59