mirror of
https://github.com/curl/curl.git
synced 2026-04-14 22:01:41 +03:00
334 lines
15 KiB
Text
334 lines
15 KiB
Text
curl and libcurl 8.20.0
|
|
|
|
Public curl releases: 274
|
|
Command line options: 273
|
|
curl_easy_setopt() options: 308
|
|
Public functions in libcurl: 100
|
|
Authors: 1458
|
|
Contributors: 3636
|
|
|
|
This release includes the following changes:
|
|
|
|
o async-thrdd: use thread queue for resolving [144]
|
|
o build: make NTLM disabled by default [90]
|
|
o cmake: drop support for CMake 3.17 and older [108]
|
|
o lib: add thread pool and queue [74]
|
|
o lib: drop support for < c-ares 1.16.0 [64]
|
|
o lib: make SMB support opt-in [18]
|
|
o multi.h: add CURLMNWC_CLEAR_ALL [127]
|
|
o rtmp: drop support [91]
|
|
|
|
This release includes the following bugfixes:
|
|
|
|
o asyn-ares: drop orphaned variable references [86]
|
|
o asyn-ares: fix HTTPS-lookup when not on port 443 [100]
|
|
o asyn-thrdd: fix clang-tidy unused value warning [125]
|
|
o autotools: limit checksrc target to ignore non-repo test sources [12]
|
|
o badwords-all: exit with correct code on errors [50]
|
|
o badwords: combine the whitelisting into a single regex [1]
|
|
o badwords: detect the the and with with [51]
|
|
o badwords: only check comments and strings in source code [61]
|
|
o badwords: rework exceptions, fix many of them [15]
|
|
o build: assume `snprintf()` in `mprintf`, drop feature check [107]
|
|
o build: compiler warning silencing tidy-ups [4]
|
|
o build: drop `openssl` module dependency for BoringSSL from `libcurl.pc` [33]
|
|
o build: enable `-Wimplicit-int-enum-cast` compiler warning, fix issues [84]
|
|
o cf-https-connect: silence `-Wimplicit-int-enum-cast` with HTTPS-RR [63]
|
|
o cf-socket: avoid low risk integer overflow on ancient Solaris [56]
|
|
o cmake: add CMake Config-based dependency detection [87]
|
|
o cmake: add CMake Config-based dependency detection for c-ares, wolfSSL [134]
|
|
o cmake: document functions used from Windows system DLLs [103]
|
|
o cmake: resolve targets recursively when generating `libcurl.pc` [45]
|
|
o cmake: rework binutils ld hack to not read `LOCATION` property [41]
|
|
o config2setopts: make --capath work in proxy disabled builds [113]
|
|
o configure: fix `--with-ngtcp2=<path>` option for crypto libs [26]
|
|
o configure: fix LibreSSL ngtcp2 1.15.0+ crypto lib selection logic [3]
|
|
o configure: prefer dependency-specific variables over `$withval` [35]
|
|
o curl-wolfssl.m4: fix to use the correct value for pkg-config directory [36]
|
|
o curl.h: replace macros with C++-friendly method to enforce 3 args [110]
|
|
o curl_ctype.h: fix spelling in a couple of locally used macros [28]
|
|
o curl_get_line: error out on read errors [9]
|
|
o curl_get_line: fix potential infinite loop when filename is a directory [46]
|
|
o curl_ntlm_core: drop redundant PP condition [140]
|
|
o curl_sha512_256: support delegating to wolfSSL API [149]
|
|
o curl_version_info.md: clarify age details [69]
|
|
o CURLOPT_HAPROXY_CLIENT_IP.md: mention assuption on data format [96]
|
|
o curlx_now(), prevent zero timestamp [93]
|
|
o DEPRECATE: fix minor release number typo
|
|
o digest: pass in the user name quoted (as well) [34]
|
|
o dnscache: own source file, improvements [116]
|
|
o docs/lib: fix typos [53]
|
|
o docs: enable more compiler warnings for C snippets, fix 3 finds [71]
|
|
o docs: minor wording tweaks
|
|
o doh: fix memory-leak when doing a second DoH resolve [55]
|
|
o examples/websocket: fix to sleep more on Windows [92]
|
|
o examples: drop warning silencers no longer hit [14]
|
|
o examples: fix typo in comment [75]
|
|
o file: init fd to -1 to prevent close fd 0 on early failure [40]
|
|
o ftp: do not strdup DATA hostname [29]
|
|
o ftp: make the MDTM date parser stricter (again) [115]
|
|
o ftp: reject PWD responses containing control characters [95]
|
|
o gcc: guard `#pragma diagnostic` in core code for <4.6 [94]
|
|
o generate.bat: remove extra % from VC11 and VC12 runs
|
|
o genserv.pl: make external calls safe [119]
|
|
o getinfo: initialize `PureInfo` field `used_proxy` [43]
|
|
o gnutls: fix clang-tidy warning with !verbose [126]
|
|
o hostip: clear the sockaddr_in6 structure before use [20]
|
|
o hsts: when a dupe host adds subdomains, use that [130]
|
|
o http2: clear the h2 session at delete [99]
|
|
o HTTP3.md: drop outdated mentions of OpenSSL-QUIC [2]
|
|
o http: fix Curl_compareheader for multi value headers [11]
|
|
o http: make Curl_compareheader handle multiple commas in header
|
|
o imap: reset the UIDVALIDITY state between transfers [7]
|
|
o include: drop 'will' from public headers [73]
|
|
o ldap: drop duplicate `ldap_set_option()` on Windows [42]
|
|
o ldap: fix to initialize cleartext connection on Windows [49]
|
|
o lib: always use Curl_1st_fatal instead of Curl_1st_err [89]
|
|
o libssh2: fix error handling on quote errors [21]
|
|
o libtest: drop duplicate include [111]
|
|
o location/follow: mention netrc [138]
|
|
o md4, md5: switch to wolfCrypt API in wolfSSL builds [139]
|
|
o mk-ca-bundle.pl: make generated timestamps deterministic [44]
|
|
o multi: improve wakeup and wait code [118]
|
|
o netrc: find login-less password when user is given in URL [6]
|
|
o netrc: remove unused parsenetrc() macro for netrc-disabled [121]
|
|
o netrc: skip malformed macdef lines [67]
|
|
o openssl channel_binding: lookup digest algorithm without NID [117]
|
|
o openssl: drop obsolete SSLv2 logic [27]
|
|
o openssl: fix memory leaks in ECH code (OpenSSL 3) [78]
|
|
o openssl: trace count of found / imported Windows native CA roots [8]
|
|
o OS400: add new definitions to the ILE/RPG binding. [153]
|
|
o os400sys: fix typo in comment (symetry -> symmetry) [58]
|
|
o perl: harden external command invocations [133]
|
|
o progress: count amount of data "delivered" to application [66]
|
|
o protocol.h: fix the CURLPROTO_MASK [31]
|
|
o protocol: use scheme names lowercase [38]
|
|
o proxy: chunked response, error code [143]
|
|
o pytest: add additional quiche check for flaky test_05_01 [22]
|
|
o rand: use `BCryptGenRandom()` in UWP builds [88]
|
|
o ratelimit: reset on start [150]
|
|
o scripts: drop redundant double-quotes: `"$var"` -> `$var` (Perl) [109]
|
|
o scripts: harden / tidy up more Perl `system()` calls [70]
|
|
o sha256, sha512_256: switch to wolfCrypt API [147]
|
|
o sha256: support delegating to wolfSSL API [148]
|
|
o share: concurrency handling, easy updates [104]
|
|
o src: use ftruncate() unconditionally [128]
|
|
o sshserver.pl: harden more `system()` calls [81]
|
|
o sshserver.pl: pass command-line to `system()` safely [82]
|
|
o strerr: correct the strerror_s() return code condition [25]
|
|
o sws: fix potential OOB write [80]
|
|
o synctime: fix off-by-one read and write to a read-only buffer (Windows) [85]
|
|
o test459: switch to mode="warn" for stderr check [5]
|
|
o testcurl.pl: replace shell commands with Perl `rmtree()` [76]
|
|
o tests/unit/README: describe how to unit test static functions [60]
|
|
o tool: check for curlinfo->age when determining if ssh backend [77]
|
|
o tool: fix memory mixups [106]
|
|
o tool_cb_hdr: only truncate etags output when regular file [129]
|
|
o tool_cb_wrt: fix no-clobber error handling [39]
|
|
o tool_cfgable: free the SSL signature algorithms [62]
|
|
o tool_formparse: propagate my_get_line errors when reading headers [102]
|
|
o tool_getparam: use correct free function for libcurl memory [68]
|
|
o tool_ipfs: accept IPFS gateway URL without set port number [13]
|
|
o tool_msgs: avoid null pointer deref for early errors [98]
|
|
o tool_operate: drop the scheme-guessing in the -G handling [54]
|
|
o tool_operate: fix condition for loading `curl-ca-bundle.crt` (Windows) [79]
|
|
o tool_operate: fix memory-leak on failed uploads [124]
|
|
o tool_operate: fix minor memory-leak on early error [23]
|
|
o tool_operhlp: fix `add_file_name_to_url()` result on OOM [32]
|
|
o tool_operhlp: propagate low-level OOM in `add_file_name_to_url()` [112]
|
|
o tool_setopt: return error on OOM correctly [152]
|
|
o tool_urlglob: fix memory-leak on glob range overflow [19]
|
|
o top-complexity: prevent filename-based shell injection risk [101]
|
|
o transfer: enable custom methods again on next transfer [30]
|
|
o transfer: enhance secure check [10]
|
|
o url: do not reuse a non-tls starttls connection if new requires TLS [145]
|
|
o url: use the socks type for socks proxy [47]
|
|
o url: use URL for url even in comments [52]
|
|
o urlapi: fix handling of "file:///" [122]
|
|
o urlapi: make dedotdotify handle leading dots correctly [97]
|
|
o urlapi: verify the last letter of a scheme when set explicitly [16]
|
|
o urldata: connection bit ipv6_ip is wrong [59]
|
|
o urldata: import port types and conn destination format [57]
|
|
o urldata: make hstslist only present in HSTS builds [120]
|
|
o urldata: make speeder_c uint32 [37]
|
|
o urldata: remove trailers_state [17]
|
|
o wolfssl: document v5.0.0 (2021-11-01) as minimum required [151]
|
|
o wolfssl: fix handling of abrupt connection close [24]
|
|
o x509asn1: fix to return error in an error case from `encodeOID()` [83]
|
|
o x509asn1: fixed and adapted for ASN1tostr unit testing [48]
|
|
o x509asn1: improve encodeOID [72]
|
|
|
|
This release includes the following known bugs:
|
|
|
|
See https://curl.se/docs/knownbugs.html
|
|
|
|
For all changes ever done in curl:
|
|
|
|
See https://curl.se/changes.html
|
|
|
|
Planned upcoming removals include:
|
|
|
|
o local crypto implementations
|
|
o NTLM
|
|
o SMB
|
|
o TLS-SRP support
|
|
|
|
See https://curl.se/dev/deprecate.html
|
|
|
|
This release would not have looked like this without help, code, reports and
|
|
advice from friends like these:
|
|
|
|
am-perip on hackerone, Arkadi Vainbrand, Carlos Henrique Lima Melara,
|
|
crawfordxx, Dan Fandrich, Daniel Stenberg, Ercan Ermis, fds242 on github,
|
|
Flavio Amieiro, Harry Sintonen, Henrique Pereira, James Fuller,
|
|
Jason Stangroome, Kai Pastor, lg_oled77c5pua on hackerone,
|
|
m777m0 on hackerone, Marcel Raad, Martin Dürrmeier, Michael Hendricks,
|
|
Michael Kaufmann, Orgad Shaneh, Otis Cui Lei, Patrick Monnerat, Ray Satiro,
|
|
renovate[bot], Richard Tollerton, Rob Crittenden, Scott Boudreaux,
|
|
Sergey Fedorov, Stefan Eissing, Viktor Szakats, Vladimír Marek,
|
|
Yoshiro Yoneya
|
|
(33 contributors)
|
|
|
|
References to bug reports and discussions on issues:
|
|
|
|
[1] = https://curl.se/bug/?i=20880
|
|
[2] = https://curl.se/bug/?i=20914
|
|
[3] = https://curl.se/bug/?i=20889
|
|
[4] = https://curl.se/bug/?i=20908
|
|
[5] = https://curl.se/bug/?i=20910
|
|
[6] = https://curl.se/bug/?i=20950
|
|
[7] = https://curl.se/bug/?i=20962
|
|
[8] = https://curl.se/bug/?i=20899
|
|
[9] = https://curl.se/bug/?i=20958
|
|
[10] = https://curl.se/bug/?i=20951
|
|
[11] = https://curl.se/bug/?i=20894
|
|
[12] = https://curl.se/bug/?i=20898
|
|
[13] = https://curl.se/bug/?i=20957
|
|
[14] = https://curl.se/bug/?i=20896
|
|
[15] = https://curl.se/bug/?i=20886
|
|
[16] = https://curl.se/bug/?i=20893
|
|
[17] = https://curl.se/bug/?i=20960
|
|
[18] = https://curl.se/bug/?i=20846
|
|
[19] = https://curl.se/bug/?i=20956
|
|
[20] = https://curl.se/bug/?i=20885
|
|
[21] = https://curl.se/bug/?i=20883
|
|
[22] = https://curl.se/bug/?i=20952
|
|
[23] = https://curl.se/bug/?i=20954
|
|
[24] = https://curl.se/bug/?i=21002
|
|
[25] = https://curl.se/bug/?i=20955
|
|
[26] = https://curl.se/bug/?i=18022
|
|
[27] = https://curl.se/bug/?i=20945
|
|
[28] = https://curl.se/bug/?i=20810
|
|
[29] = https://curl.se/bug/?i=20953
|
|
[30] = https://curl.se/bug/?i=21037
|
|
[31] = https://curl.se/bug/?i=21031
|
|
[32] = https://curl.se/bug/?i=21011
|
|
[33] = https://curl.se/bug/?i=20926
|
|
[34] = https://curl.se/bug/?i=20940
|
|
[35] = https://curl.se/bug/?i=20944
|
|
[36] = https://curl.se/bug/?i=20943
|
|
[37] = https://curl.se/bug/?i=21036
|
|
[38] = https://curl.se/bug/?i=21033
|
|
[39] = https://curl.se/bug/?i=20939
|
|
[40] = https://curl.se/bug/?i=21029
|
|
[41] = https://curl.se/bug/?i=20839
|
|
[42] = https://curl.se/bug/?i=20930
|
|
[43] = https://curl.se/bug/?i=21020
|
|
[44] = https://curl.se/bug/?i=20528
|
|
[45] = https://curl.se/bug/?i=20840
|
|
[46] = https://curl.se/bug/?i=20823
|
|
[47] = https://curl.se/bug/?i=21025
|
|
[48] = https://curl.se/bug/?i=21013
|
|
[49] = https://curl.se/bug/?i=20927
|
|
[50] = https://curl.se/bug/?i=20934
|
|
[51] = https://curl.se/bug/?i=20934
|
|
[52] = https://curl.se/bug/?i=20935
|
|
[53] = https://curl.se/bug/?i=20933
|
|
[54] = https://curl.se/bug/?i=20992
|
|
[55] = https://curl.se/bug/?i=20929
|
|
[56] = https://curl.se/bug/?i=21111
|
|
[57] = https://curl.se/bug/?i=20918
|
|
[58] = https://curl.se/bug/?i=20923
|
|
[59] = https://curl.se/bug/?i=20919
|
|
[60] = https://curl.se/bug/?i=21018
|
|
[61] = https://curl.se/bug/?i=20909
|
|
[62] = https://curl.se/bug/?i=20915
|
|
[63] = https://curl.se/bug/?i=21057
|
|
[64] = https://curl.se/bug/?i=20911
|
|
[66] = https://curl.se/bug/?i=20787
|
|
[67] = https://curl.se/bug/?i=21049
|
|
[68] = https://curl.se/bug/?i=21075
|
|
[69] = https://curl.se/bug/?i=21052
|
|
[70] = https://curl.se/bug/?i=21007
|
|
[71] = https://curl.se/bug/?i=21006
|
|
[72] = https://curl.se/bug/?i=21003
|
|
[73] = https://curl.se/bug/?i=21005
|
|
[74] = https://curl.se/bug/?i=20916
|
|
[75] = https://curl.se/bug/?i=21001
|
|
[76] = https://curl.se/bug/?i=21053
|
|
[77] = https://curl.se/bug/?i=21050
|
|
[78] = https://curl.se/bug/?i=20993
|
|
[79] = https://curl.se/bug/?i=20989
|
|
[80] = https://curl.se/bug/?i=20988
|
|
[81] = https://curl.se/bug/?i=20997
|
|
[82] = https://curl.se/bug/?i=20996
|
|
[83] = https://curl.se/bug/?i=20991
|
|
[84] = https://curl.se/bug/?i=20990
|
|
[85] = https://curl.se/bug/?i=20987
|
|
[86] = https://curl.se/bug/?i=20999
|
|
[87] = https://curl.se/bug/?i=20814
|
|
[88] = https://curl.se/bug/?i=20983
|
|
[89] = https://curl.se/bug/?i=20980
|
|
[90] = https://curl.se/bug/?i=20698
|
|
[91] = https://curl.se/bug/?i=20673
|
|
[92] = https://curl.se/bug/?i=20978
|
|
[93] = https://curl.se/bug/?i=21034
|
|
[94] = https://curl.se/bug/?i=20892
|
|
[95] = https://curl.se/bug/?i=20949
|
|
[96] = https://curl.se/bug/?i=21042
|
|
[97] = https://curl.se/bug/?i=20974
|
|
[98] = https://curl.se/bug/?i=20967
|
|
[99] = https://curl.se/bug/?i=20975
|
|
[100] = https://curl.se/bug/?i=20966
|
|
[101] = https://curl.se/bug/?i=20969
|
|
[102] = https://curl.se/bug/?i=20963
|
|
[103] = https://curl.se/bug/?i=20965
|
|
[104] = https://curl.se/bug/?i=20870
|
|
[106] = https://curl.se/bug/?i=21099
|
|
[107] = https://curl.se/bug/?i=20763
|
|
[108] = https://curl.se/bug/?i=20407
|
|
[109] = https://curl.se/bug/?i=21009
|
|
[110] = https://curl.se/bug/?i=20709
|
|
[111] = https://curl.se/bug/?i=21046
|
|
[112] = https://curl.se/bug/?i=21011
|
|
[113] = https://curl.se/bug/?i=21063
|
|
[115] = https://curl.se/bug/?i=21041
|
|
[116] = https://curl.se/bug/?i=20864
|
|
[117] = https://curl.se/bug/?i=20590
|
|
[118] = https://curl.se/bug/?i=20832
|
|
[119] = https://curl.se/bug/?i=20971
|
|
[120] = https://curl.se/bug/?i=21068
|
|
[121] = https://curl.se/bug/?i=21067
|
|
[122] = https://curl.se/bug/?i=21070
|
|
[124] = https://curl.se/bug/?i=21062
|
|
[125] = https://curl.se/bug/?i=21061
|
|
[126] = https://curl.se/bug/?i=21060
|
|
[127] = https://curl.se/bug/?i=20968
|
|
[128] = https://curl.se/bug/?i=21109
|
|
[129] = https://curl.se/bug/?i=21103
|
|
[130] = https://curl.se/bug/?i=21108
|
|
[133] = https://curl.se/bug/?i=21097
|
|
[134] = https://curl.se/bug/?i=21098
|
|
[138] = https://curl.se/bug/?i=21091
|
|
[139] = https://curl.se/bug/?i=21093
|
|
[140] = https://curl.se/bug/?i=21096
|
|
[143] = https://curl.se/bug/?i=21084
|
|
[144] = https://curl.se/bug/?i=20936
|
|
[145] = https://curl.se/bug/?i=21082
|
|
[147] = https://curl.se/bug/?i=21090
|
|
[148] = https://curl.se/bug/?i=21078
|
|
[149] = https://curl.se/bug/?i=21077
|
|
[150] = https://curl.se/bug/?i=21086
|
|
[151] = https://curl.se/bug/?i=21080
|
|
[152] = https://curl.se/bug/?i=21083
|
|
[153] = https://curl.se/bug/?i=20672
|