libcurl: update to 8.2.1

2 files changed, 365 insertions, 361 deletions

diff --git a/libs/libcurl/docs/CHANGES b/libs/libcurl/docs/CHANGES
index 93b451ed04..c18d77996a 100644
--- a/libs/libcurl/docs/CHANGES
+++ b/libs/libcurl/docs/CHANGES
@@ -6,6 +6,364 @@
 

                                   Changelog

 

+Version 8.2.1 (26 Jul 2023)

+

+Daniel Stenberg (26 Jul 2023)

+

+- RELEASE-NOTES: synced

+

+  curl 8.2.1 release

+

+- THANKS: add contributors from 8.2.1

+

+- docs: provide more see also for cipher options

+

+  More cross references. Hide nroff errors.

+

+  Closes #11513

+

+- docs: mark two TLS options for TLS, not SSL

+

+  Closes #11514

+

+Brad Harder (25 Jul 2023)

+

+- curl_multi_wait.3: fix arg quoting to doc macro .BR

+

+  Closes #11511

+

+Daniel Stenberg (24 Jul 2023)

+

+- RELEASE-NOTES: synced

+

+Viktor Szakats (24 Jul 2023)

+

+- cmake: update ngtcp2 detection

+

+  Replace `OpenSSL` with `quictls` to follow the same change

+  in the v0.17.0 ngtcp2 release.

+

+  Follow-up to e0093b4b732f6495b0fb1cd6747cbfedcdcf63ed

+

+  Closes #11508

+

+Stefan Eissing (24 Jul 2023)

+

+- http: VLH, very large header test and fixes

+

+  - adding tests using very large passwords in auth

+  - fixes general http sending to treat h3 like h2, and

+    not like http1.1

+  - eliminate H2_HEADER max definitions and use the commmon

+    DYN_HTTP_REQUEST everywhere, different limits do not help

+  - fix http2 handling of requests denied by nghttp2 on send

+    to immediately report the refused stream

+

+  Closes #11509

+

+Andrei Rybak (23 Jul 2023)

+

+- CONTRIBUTE: drop mention of copyright year ranges

+

+  Year ranges in copyrights were dropped in commits [1] and [2].

+  Verification of year ranges in copyrights was dropped from script

+  'scripts/copyright.pl' in commit [3].  However, the corresponding

+  passages in file 'docs/CONTRIBUTE.md' weren't updated.

+

+  Drop mentions of copyright year ranges from 'docs/CONTRIBUTE.md'.

+

+  [1] 2bc1d775f (copyright: update all copyright lines and remove year

+      ranges, 2023-01-02)

+  [2] c46761bd8 (tests/http: remove year ranges from copyrights,

+      2023-03-14)

+  [3] 0e293bacb (copyright.pl: cease doing year verifications, 2023-01-28)

+

+  Closes #11504

+

+- CONTRIBUTE: fix syntax in commit message description

+

+  File 'docs/CONTRIBUTE.md' includes a description of how one should write

+  commit messages in the curl project.  Different possible parts of the

+  message are enclosed in square brackets.  One exception is the section

+  describing how the curl project doesn't use "Signed-off-by" commit

+  trailers [1], which is enclosed in an opening curly brace paired with a

+  closing square bracket.

+

+  Fix the enclosing square brackets in description of "Signed-off-by"

+  trailers in commit messages in file 'docs/CONTRIBUTE.md'.

+

+  [1] See description of option '--signoff' in Git documentation:

+      https://git-scm.com/docs/git-commit

+

+  Closes #11504

+

+Daniel Stenberg (23 Jul 2023)

+

+- src/mkhelp: strip off escape sequences

+

+  At some point the nroff command stopped stripping off escape sequences,

+  so then this script needs to do the job instead.

+

+  Reported-by: VictorVG on github

+  Fixes #11501

+  Closes #11503

+

+- KNOWN_BUGS: building for old macOS fails with gcc

+

+  Closes #11441

+

+Jacob Hoffman-Andrews (22 Jul 2023)

+

+- rustls: update rustls-ffi 0.10.0

+

+  This brings in version 0.21.0 of the upstream rustls implementation,

+  which notable includes support for IP address certificates.

+

+  Closes #10865

+

+Brad Harder (22 Jul 2023)

+

+- websocket: rename arguments/variables to match docs

+

+  Pedantry/semantic-alignment between functions, docs, comments with

+  respect to websocket protocol code; No functional change intended.

+

+  * "totalsize", "framesize" becomes "fragsize" (we deal in frame fragments).

+

+  * "sendflags" becomes "flags"

+

+  * use canonical CURL *handle

+

+  Closes #11493

+

+Jan Macku (21 Jul 2023)

+

+- bug_report: use issue forms instead of markdown template

+

+  Issue forms allow you to define web-like input forms using YAML

+  syntax. It allows you to guide the reporter to get the required

+  information.

+

+  Signed-off-by: Jan Macku <jamacku@redhat.com>

+  Closes #11474

+

+Daniel Stenberg (21 Jul 2023)

+

+- TODO: Obey Retry-After in redirects

+

+  (remove "Set custom client ip when using haproxy protocol" which was

+  shipped in 8.2.0)

+

+  Mentioned-by: Yair Lenga

+  Closes #11447

+

+- RELEASE-NOTES: synced

+

+Oliver Roberts (21 Jul 2023)

+

+- amissl: fix AmiSSL v5 detection

+

+  Due to changes in the AmiSSL SDK, the detection needed adjusting.

+

+  Closes #11477

+

+Alois Klink (21 Jul 2023)

+

+- unittest/makefile: remove unneeded unit1621_LDADD

+

+  The `unit1621_LDADD` variable has the exact same value as the `LDADD`

+  flag in `Makefile.am`, except without `@LDFLAGS@ @LIBCURL_LIBS@`.

+

+  This was originally added by [98e6629][], but I can't see any reason

+  why it exists, so we should remove it to clean things up.

+

+  [98e6629]: https://github.com/curl/curl/commit/98e6629154044e4ab1ee7cff8351c7

+  ebcb131e88

+

+  Closes #11494

+

+- unittest/makefile: remove unneeded unit1394_LDADD

+

+  These custom `unit1394_LDADD` and similar automake overrides are no

+  longer neded. They were originally added by added by [8dac7be][] for

+  metalink support, but are no longer after [265b14d][] removed metalink.

+

+  [8dac7be]: https://github.com/curl/curl/commit/8dac7be438512a8725d3c71e9139bd

+  fdcac1ed8c

+  [265b14d]: https://github.com/curl/curl/commit/265b14d6b37c4298bd5556fabcbc37

+  d36f911693

+

+  Closes #11494

+

+- cmake: add `libcurlu`/`libcurltool` for unit tests

+

+  Add a `libcurlu`/`libcurltool` static library that is compiled only for

+  unit tests. We use `EXCLUDE_FROM_ALL` to make sure that they're not

+  built by default, they're only built if unit tests are built.

+

+  These libraries allow us to compile every unit test with CMake.

+

+  Closes #11446

+

+Daniel Stenberg (21 Jul 2023)

+

+- test979: test -u with redirect to (the same) absolute host

+

+  Verifies #11492

+

+- transfer: do not clear the credentials on redirect to absolute URL

+

+  Makes test 979 work. Regression shipped in 8.2.0 from commit

+  dd4d1a26959f63a2c

+

+  Fixes #11486

+  Reported-by: Cloudogu Siebels

+  Closes #11492

+

+Jon Rumsey (20 Jul 2023)

+

+- os400: correct EXPECTED_STRING_LASTZEROTERMINATED

+

+  Correct EXPECTED_STRING_LASTZEROTERMINATED to account for

+  CURLOPT_HAPROXY_CLIENT_IP which requires EBCDIC to ASCII conversion when

+  passed into curl_easy_setopt().

+

+  Closes #11476

+

+Oliver Roberts (20 Jul 2023)

+

+- amissl: add missing signal.h include

+

+  In some environments, signal.h is already included, but not in others

+  which cause compilation to fail, so explictly include it.

+

+  Closes #11478

+

+- amigaos: fix sys/mbuf.h m_len macro clash

+

+  The updated Curl_http_req_make and Curl_http_req_make2 functions spawned

+  a parameter called m_len. The AmigaOS networking headers, derived from

+  NetBSD, contain "#define m_len m_hdr.mh_len" which clashes with

+  this. Since we do not actually use mbuf, force the include file to be

+  ignored, removing the clash.

+

+  Closes #11479

+

+Daniel Stenberg (20 Jul 2023)

+

+- socks: print ipv6 address within brackets

+

+  Fixes #11483

+  Closes #11484

+

+Christian Schmitz (20 Jul 2023)

+

+- libcurl-errors.3: add CURLUE_OK

+

+  Closes #11488

+

+Oliver Roberts (20 Jul 2023)

+

+- cfilters: rename close/connect functions to avoid clashes

+

+  Rename `close` and `connect` in `struct Curl_cftype` for

+  consistency and to avoid clashes with macros of the same name

+  (the standard AmigaOS networking connect() function is implemented

+  via a macro).

+

+  Closes #11491

+

+Stefan Eissing (20 Jul 2023)

+

+- http2: fix regression on upload EOF handling

+

+  - a regression introduced by c9ec85121110d7cbbbed2990024222c8f5b8afe5

+    where optimization of small POST bodies leads to a new code path

+    for such uploads that did not trigger the "done sending" event

+  - add triggering this event for early "upload_done" situations

+

+  Fixes #11485

+  Closes #11487

+  Reported-by: Aleksander Mazur

+

+Daniel Stenberg (19 Jul 2023)

+

+- configure: check for nghttp2_session_get_stream_local_window_size

+

+  The http2 code uses it now. Introduced in nghttp2 1.15.0 (Sep 2016)

+

+  Fixes #11470

+  Reported-by: Paul Howarth

+  Closes #11473

+

+Stefan Eissing (19 Jul 2023)

+

+- quiche: fix segfault and other things

+

+  - refs #11449 where a segfault is reported when IP Eyeballing did

+    not immediately connect but made several attempts

+  - The transfer initiating the eyeballing was initialized  too early,

+    leadding to references to the filter instance that was then

+    replaced in the subsequent eyeball attempts. That led to a use

+    after free in the buffer handling for the transfer

+  - transfers are initiated now more lazy (like in the ngtcp2 filter),

+    when the stream is actually opened

+  - suppress reporting on quiche event errors for "other" transfers

+    than the current one to not fail a transfer due to faults in

+    another one.

+  - revert recent return value handling for quiche_h3_recv_body()

+    to not indicate an error but an EAGAIN situation. We wish quiche

+    would document what functions return.

+

+  Fixes #11449

+  Closes #11469

+  Reported-by: ウさん

+

+Daniel Stenberg (19 Jul 2023)

+

+- hostip: return IPv6 first for localhost resolves

+

+  Fixes #11465

+  Reported-by: Chilledheart on github

+  Closes #11466

+

+Harry Sintonen (19 Jul 2023)

+

+- tool: fix tool_seek_cb build when SIZEOF_CURL_OFF_T > SIZEOF_OFF_T

+

+  - a variable was renamed, and some use of it wasn't. this fixes the

+    build.

+

+  Closes #11468

+

+Stefan Eissing (19 Jul 2023)

+

+- quiche: fix lookup of transfer at multi

+

+  - refs #11449 where weirdness in quiche multi connection tranfers was

+    observed

+  - fixes lookup of transfer for a quiche event to take the connection

+    into account

+  - formerly, a transfer with the same stream_id, but on another connection

+    could be found

+

+  Closes #11462

+

+Daniel Stenberg (19 Jul 2023)

+

+- RELEASE-NOTES: synced

+

+  bump to 8.2.1

+

+John Haugabook (19 Jul 2023)

+

+- ciphers.d: put URL in first column

+

+  This makes the URL turn into a link properly when "webified".

+

+  Fixes https://github.com/curl/curl-www/issues/270

+  Closes #11464

+

 Version 8.2.0 (19 Jul 2023)

 

 Daniel Stenberg (19 Jul 2023)

@@ -8654,364 +9012,3 @@ Jay Satiro (3 Jan 2023)
   Prior to this change http2_cfilter_add could return an uninitialized

   cfilter pointer in an OOM condition. In this case though, the pointer

   is discarded and not dereferenced so there was no risk of a crash.

-

-Stefan Eissing (3 Jan 2023)

-

-- cf-socket: keep sockaddr local in the socket filters

-

-  - copy `struct Curl_addrinfo` on filter setup into context

-  - remove `struct Curl_addrinfoi *` with `struct Curl_sockaddr_ex *` in

-    connectdata that is set and NULLed by the socket filter

-  - this means we have no reference to the resolver info in connectdata or

-    its filters

-  - trigger the CF_CTRL_CONN_INFO_UPDATE event when the complete filter

-    chain reaches connected status

-  - update easy handle connection information on CF_CTRL_DATA_SETUP event.

-

-  Closes #10213

-

-Daniel Stenberg (3 Jan 2023)

-

-- RELEASE-NOTES: synced

-

-- runtests: consider warnings fatal and error on them

-

-  To help us detect and fix warnings in this script easier and faster.

-

-  Assisted-by: Jakob Hirsch

-

-  Ref: #10206

-  Closes #10208

-

-- copyright: update all copyright lines and remove year ranges

-

-  - they are mostly pointless in all major jurisdictions

-  - many big corporations and projects already don't use them

-  - saves us from pointless churn

-  - git keeps history for us

-  - the year range is kept in COPYING

-

-  checksrc is updated to allow non-year using copyright statements

-

-  Closes #10205

-

-- docs/DEPRECATE.md: deprecate gskit

-

-  Ref: #10163

-

-  - This is a niche TLS library, only running on some IBM systems

-  - no regular curl contributors use this backend

-  - no CI builds use or verify this backend

-  - gskit, or the curl adaption for it, lacks many modern TLS features

-    making it an inferior solution

-  - build breakages in this code take weeks or more to get detected

-  - fixing gskit code is mostly done "flying blind"

-

-  Closes #10201

-

-- Revert "x509asn1: avoid freeing unallocated pointers"

-

-  This reverts commit 6b19247e794cfdf4ec63c5880d8f4f5485f653ab.

-

-  Fixes #10163

-  Closes #10207

-

-- ngtcp2: fix the build without 'sendmsg'

-

-  Follow-up from 71b7e0161032

-

-  Closes #10210

-

-- cmake: check for sendmsg

-

-  Used by ngtcp2

-

-  Closes #10211

-

-Timmy Schierling (2 Jan 2023)

-

-- runtest.pl: add expected fourth return value

-

-  Fixes warning in autobild log: "Use of uninitialized value $HTTP2TLSPORT

-  in substitution iterator at /tests/runtests.pl line 3516"

-

-  Closes #10206

-

-Daniel Stenberg (2 Jan 2023)

-

-- http2: when using printf %.*s, the length arg must be 'int'

-

-  Detected by Coverity CID 1518341

-

-  Closes #10203

-

-- cfilters: check for NULL before using pointer

-

-  Detected by Coverity CID 1518343

-

-  Closes #10202

-

-- http2: in connisdead check, attach the connection before reading

-

-  Otherwise data->conn is NULL and things go wrong.

-

-  This problem caused occastional failures in test 359, 1700 and more

-  depending on timing and the alignment of various planets.

-

-  Assisted-by: Stefan Eissing

-

-  Closes #10199

-

-Philip Heiduck (2 Jan 2023)

-

-- Linux CI: update some dependecies to latest tag

-

-  Closes #10195

-

-Daniel Stenberg (2 Jan 2023)

-

-- c-hyper: move down the Accept-Encoding header generation

-

-  To match the internal HTTP request header order so that test 1277 works

-  again.

-

-  Closes #10200

-

-- release-notes.pl: check fixes/closes lines better

-

-  To better skip lines that just happen to mention those words at the

-  start of a line without being instructions.

-

-- test1560: use a UTF8-using locale when run

-

-  There are odd cases that don't use UTF8 and then the IDN handling goes

-  wrong.

-

-  Reported-by: Marcel Raad

-  Fixes #10193

-  Closes #10196

-

-- cf-socket: fix build regression

-

-  Reported-by: Stephan Guilloux

-  Fixes #10190

-  Closes #10191

-

-- examples: remove the curlgtk.c example

-

-  - it does not add a lot of value

-  - we do not test-build it to verify because of its dependencies

-  - unclear for what GTK versions it works or not

-

-  Reported-by: odek86 on github

-

-  Fixes #10197

-  Closes #10198

-

-Andy Alt (2 Jan 2023)

-

-- docs: add link to GitHub Discussions

-

-  Closes #10171

-

-- GHA: ignore changes to md files for most workflows

-

-  Closes #10176

-

-Josh Brobst (2 Jan 2023)

-

-- http: decode transfer encoding first

-

-  The unencoding stack is added to as Transfer-Encoding and

-  Content-Encoding fields are encountered with no distinction between the

-  two, meaning the stack will be incorrect if, e.g., the message has both

-  fields and a non-chunked Transfer-Encoding comes first. This commit

-  fixes this by ordering the stack with transfer encodings first.

-

-  Reviewed-by: Patrick Monnerat

-  Closes #10187

-

-Daniel Stenberg (1 Jan 2023)

-

-- curl.h: mark CURLSSLBACKEND_MESALINK as deprecated

-

-  Follow-up since 223f26c28a340b36

-

-  Deprecated since 7.82.0

-

-  Closes #10189

-

-- curl_global_sslset.3: clarify the openssl situation

-

-  and add rustls

-

-  Closes #10188

-

-Cameron Blomquist (1 Jan 2023)

-

-- http: add additional condition for including stdint.h

-

-  stdint.h was only included in http.h when ENABLE_QUIC was defined, but

-  symbols from stdint.h are also used when USE_NGHTTP2 is defined. This

-  causes build errors when USE_NGHTTP2 is defined but ENABLE_QUIC is not.

-

-  Closes #10185

-

-Daniel Stenberg (31 Dec 2022)

-

-- urldata: cease storing TLS auth type

-

-  The only TLS auth type libcurl ever supported is SRP and that is the

-  default type. Since nobody ever sets any other type, there is no point

-  in wasting space to store the set type and code to check the type.

-

-  If TLS auth is used, SRP is now implied.

-

-  Closes #10181

-

-- vtls: use ALPN HTTP/1.0 when HTTP/1.0 is used

-

-  Previously libcurl would use the HTTP/1.1 ALPN id even when the

-  application specified HTTP/1.0.

-

-  Reported-by: William Tang

-  Ref: #10183

-

-Marcel Raad (30 Dec 2022)

-

-- lib670: make test.h the first include

-

-  As in all other lib tests. This avoids a macro redefinition warning for

-  `_FILE_OFFSET_BITS` visible in the autobuilds.

-

-  Closes https://github.com/curl/curl/pull/10182

-

-Stefan Eissing (30 Dec 2022)

-

-- lib: connect/h2/h3 refactor

-

-  Refactoring of connection setup and happy eyeballing. Move

-  nghttp2. ngtcp2, quiche and msh3 into connection filters.

-

-   - eyeballing cfilter that uses sub-filters for performing parallel connects

-   - socket cfilter for all transport types, including QUIC

-   - QUIC implementations in cfilter, can now participate in eyeballing

-   - connection setup is more dynamic in order to adapt to what filter did

-     really connect.  Relevant to see if a SSL filter needs to be added or

-     if SSL has already been provided

-   - HTTP/3 test cases similar to HTTP/2

-   - multiuse of parallel transfers for HTTP/3, tested for ngtcp2 and quiche

-

-   - Fix for data attach/detach in VTLS filters that could lead to crashes

-     during parallel transfers.

-   - Eliminating setup() methods in cfilters, no longer needed.

-   - Improving Curl_conn_is_alive() to replace Curl_connalive() and

-     integrated ssl alive checks into cfilter.

-   - Adding CF_CNTRL_CONN_INFO_UPDATE to tell filters to update

-     connection into and persist it at the easy handle.

-

-   - Several more cfilter related cleanups and moves:

-     - stream_weigth and dependency info is now wrapped in struct

-       Curl_data_priority

-     - Curl_data_priority members depend is available in HTTP2|HTTP3

-     - Curl_data_priority members depend on NGHTTP2 support

-     - handling init/reset/cleanup of priority part of url.c

-     - data->state.priority same struct, but shallow copy for compares only

-

-   - PROTOPT_STREAM has been removed

-     - Curl_conn_is_mulitplex() now available to check on capability

-

-   - Adding query method to connection filters.

-     - ngtcp2+quiche: implementing query for max concurrent transfers.

-

-   - Adding is_alive and keep_alive cfilter methods. Adding DATA_SETUP event.

-     - setting keepalive timestamp on connect

-     - DATA_SETUP is called after the connection has been completely

-       setup (but may not connected yet) to allow filters to initialize

-       data members they use.

-

-   - there is no socket to be had with msh3, it is unclear how select

-     shall work

-

-   - manual test via "curl --http3 https://curl.se" fail with "empty

-     reply from server".

-

-   - Various socket/conn related cleanups:

-     - Curl_socket is now Curl_socket_open and in cf-socket.c

-     - Curl_closesocket is now Curl_socket_close and in cf-socket.c

-     - Curl_ssl_use has been replaced with Cur_conn_is_ssl

-     - Curl_conn_tcp_accepted_set has been split into

-       Curl_conn_tcp_listen_set and Curl_conn_tcp_accepted_set

-       with a clearer purpose

-

-  Closes #10141

-

-Daniel Stenberg (30 Dec 2022)

-

-- RELEASE-NOTES: synced

-

-- docs/libcurl/curl_getdate.3: minor whitespace edit

-

-  To avoid a fccp quirk that made it render wrongly on the website

-

-- transfer: break the read loop when RECV is cleared

-

-  When the RECV bit is cleared because the response reading for this

-  transfer is complete, the read loop should be stopped. data_pending()

-  can otherwise still return TRUE and another read would be attempted.

-

-  Reported-by: Hide Ishikawa

-  Fixes #10172

-  Closes #10174

-

-- multihandle: turn bool struct fields into bits

-

-  Closes #10179

-

-Stefan Eissing (30 Dec 2022)

-

-- ftpserver: lower the normal DATA connect timeout to speed up torture tests

-

-  - tests/ftpserver.pl blocks when expecting a DATA connection from the

-    client.

-

-  - the previous 10 seconds were encountered repeatedly in torture tests

-    and let to long waits.

-

-  - 2 seconds should still be sufficient for current hw, but CI will show.

-

-  Closes #10178

-

-Nick Banks (28 Dec 2022)

-

-- msh3: add support for request payload

-

-  Closes #10136

-

-Stefan Eissing (28 Dec 2022)

-

-- openssl: remove attached easy handles from SSL instances

-

-   - keeping the "current" easy handle registered at SSL* is no longer

-     necessary, since the "calling" data object is already stored in the

-     cfilter's context (and used by other SSL backends from there).

-   - The "detach" of an easy handle that goes out of scope is then avoided.

-   - using SSL_set0_wbio for clear reference counting where available.

-

-  Closes #10151

-

-Daniel Stenberg (28 Dec 2022)

-

-- socketpair: allow localhost MITM sniffers

-

-  Windows allow programs to MITM connections to localhost. The previous

-  check here would detect that and error out. This new method writes data

-  to verify the pipe thus allowing MITM.

-

-  Reported-by: SerusDev on github

-  Fixes #10144

-  Closes #10169

-

-- HTTP3: mention what needs to be in place to remove EXPERIMENTAL label

-

-  Closes #10168

diff --git a/libs/libcurl/docs/THANKS b/libs/libcurl/docs/THANKS
index 9a0ea00fae..beca5197e1 100644
--- a/libs/libcurl/docs/THANKS
+++ b/libs/libcurl/docs/THANKS
@@ -124,6 +124,7 @@ Ali Khodkar
 Ali Utku Selen

 ALittleDruid on github

 Allen Pulsifer

+Alois Klink

 Alona Rossen

 Amaury Denoyelle

 amishmm on github

@@ -435,6 +436,7 @@ Cherish98 on github
 Chester Liu

 Chih-Chung Chang

 Chih-Hsuan Yen

+Chilledheart on github

 Chloe Kudryavtsev

 Chris "Bob Bob"

 Chris Araman

@@ -489,6 +491,7 @@ Clemens Gruber
 Cliff Crosland

 Clifford Wolf

 Clint Clayton

+Cloudogu Siebels

 Clément Notin

 cmfrolick on github

 codesniffer13 on github

@@ -1163,6 +1166,7 @@ Jan Ehrhardt
 Jan Engelhardt

 Jan Koen Annot

 Jan Kunder

+Jan Macku

 Jan Mazur

 Jan Schaumann

 Jan Schmidt

@@ -1302,6 +1306,7 @@ John E. Malmberg
 John Gardiner Myers

 John H. Ayad

 John Hascall

+John Haugabook

 John Janssen

 John Joseph Bachir

 John Kelly

@@ -2773,6 +2778,7 @@ Vicente Garcia
 Victor Magierski

 Victor Snezhko

 Victor Vieux

+VictorVG on github

 Vijay Panghal

 Vikram Saxena

 Viktor Szakats

@@ -2859,6 +2865,7 @@ xtonik on github
 xwxbug on github

 Xì Gà

 Yaakov Selkowitz

+Yair Lenga

 Yang Tse

 Yaobin Wen

 Yarram Sunil