summaryrefslogtreecommitdiff
path: root/libs/libcurl/docs/RELEASE-NOTES
diff options
context:
space:
mode:
Diffstat (limited to 'libs/libcurl/docs/RELEASE-NOTES')
-rw-r--r--libs/libcurl/docs/RELEASE-NOTES1139
1 files changed, 490 insertions, 649 deletions
diff --git a/libs/libcurl/docs/RELEASE-NOTES b/libs/libcurl/docs/RELEASE-NOTES
index c281f99b3e..28b7e6e5e6 100644
--- a/libs/libcurl/docs/RELEASE-NOTES
+++ b/libs/libcurl/docs/RELEASE-NOTES
@@ -1,333 +1,251 @@
-curl and libcurl 8.13.0
+curl and libcurl 8.14.0
- Public curl releases: 266
- Command line options: 268
- curl_easy_setopt() options: 307
+ Public curl releases: 267
+ Command line options: 269
+ curl_easy_setopt() options: 308
Public functions in libcurl: 96
- Contributors: 3378
+ Contributors: 3427
This release includes the following changes:
- o curl: add write-out variable 'tls_earlydata' [79]
- o curl: make --url support a file with URLs [104]
- o gnutls: set priority via --ciphers [167]
- o IMAP: add CURLOPT_UPLOAD_FLAGS and --upload-flags [124]
- o lib: add CURLFOLLOW_OBEYCODE and CURLFOLLOW_FIRSTONLY [147]
- o OpenSSL/quictls: add support for TLSv1.3 early data [150]
- o rustls: add support for CERTINFO [106]
- o rustls: add support for SSLKEYLOGFILE [282]
- o rustls: support ECH w/ DoH lookup for config [280]
- o rustls: support native platform verifier
- o var: add a '64dec' function that can base64 decode a string [78]
- o wolfssl: tls early data support [50]
+ o mqtt: send ping at upkeep interval [49]
+ o schannel: handle pkcs12 client certificates containing CA certificates [58]
+ o TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs [113]
+ o vquic: ngtcp2 + openssl support [96]
+ o wcurl: import v2025.04.20 script + docs [97]
+ o websocket: add option to disable auto-pong reply [52]
This release includes the following bugfixes:
- o addrinfo: add curl macro to avoid redefining foreign symbols [29]
- o asyn-thread: avoid the separate 'struct resdata' alloc [20]
- o asyn-thread: avoid the separate curl_mutex_t alloc [6]
- o asyn-thread: do not allocate thread_data separately [21]
- o asyn-thread: remove 'status' from struct Curl_async [36]
- o autotools: fix `dllmain.c` in unity builds [257]
- o autotools: fix `libtest` bundle to depend on `FIRSTFILES` [240]
- o autotools: use `CURLDEBUG` to exclude TrackMemory code from unity [253]
- o aws_sigv4: cannot be used for proxy [171]
- o aws_sigv4: merge repeated headers in canonical request [272]
- o aws_sigv4: use strparse more for parsing [55]
- o base64: drop `BUILDING_CURL` macro, always include in tests/server [234]
- o build: add Windows CE / CeGCC support, with CI jobs [87]
- o build: cmake multi-pkg-config detection improvements (brotli, ldap, mbedtls) [192]
- o build: do not apply curl debug macros to `tests/server` by default [254]
- o build: drop unused `getpart` tool [107]
- o build: enable -Wjump-misses-init for GCC 4.5+ [62]
- o build: enable `-Wcast-qual`, fix or silence compiler warnings [208]
- o build: fix compiler warnings in feature detections [39]
- o build: replace Curl_ prefix with curlx_ for functions used in servers [236]
- o build: set `-O3` and tune WinCE in CI, fix `getpart`, `vtls_scache` fallouts [137]
- o build: set `HAVE_STDINT_H` if `stdint.h` is available [155]
- o build: set `HAVE_WRITABLE_ARGV` for Apple cross-builds [8]
- o build: silence bogus `-Wconversion` warnings with gcc 5.1-5.4 [68]
- o build: silence mingw32ce C99 format warnings, simplify CI [143]
- o build: tidy-ups around `inet_pton` [180]
- o c-ares httpsrr: fix ifdef [223]
- o c-ares: error out for unsupported versions, drop unused macros [85]
- o ca-native.md: sync with CURLSSLOPT_NATIVE_CA [72]
- o cf-socket: deduplicate Windows Vista detection [11]
- o cf-socket: remove empty switch [75]
- o client writer: handle pause before decoding [61]
- o cmake: `CURL_LIBDIRS` improvements (upstreamed from vcpkg) [191]
- o cmake: `SHARE_LIB_OBJECT=ON` requires CMake 3.12 or newer [46]
- o cmake: add custom command scripts as dependencies where missing [298]
- o cmake: add pre-fill for Unix, enable in GHA/macos, verify pre-fills [42]
- o cmake: add shell completion support [261]
- o cmake: allow `CURL_STATIC_CRT` with shared libcurl and no curl exe [123]
- o cmake: allow `CURL_STATIC_CRT` with UCRT VS2015+ builds [134]
- o cmake: allow empty `IMPORT_LIB_SUFFIX`, add suffix collision detection [41]
- o cmake: avoid `-Wnonnull` warning in `HAVE_FSETXATTR_5` detection [81]
- o cmake: disable HTTPS-proxy as a feature if proxy is disabled [77]
- o cmake: drop `CURL_DISABLE_TESTS` option [94]
- o cmake: drop `HAVE_C_FLAG_Wno_long_double` logic for ancient Apple gcc [126]
- o cmake: drop `HAVE_IN_ADDR_T` from pre-fill too
- o cmake: drop two stray TLS feature checks for wolfSSL [9]
- o cmake: exclude `-MP` for `clang-cl` again [132]
- o cmake: fix `HAVE_ATOMIC`/`HAVE_STDATOMIC` pre-fill for clang-cl [28]
- o cmake: fix clang-tidy builds to verify tests, fix fallouts [289]
- o cmake: fix detection pre-fills for iOS [153]
- o cmake: fix ECH detection in custom-patched OpenSSL [32]
- o cmake: fix typo in ECH config error msg [246]
- o cmake: hide empty `MINGW64_VERSION` output for mingw32ce [114]
- o cmake: improve httpd detection for pytest [127]
- o cmake: mention 'insecure' in the debug build warning [15]
- o cmake: misc tidy-ups [38]
- o cmake: pre-fill known type sizes for Windows OSes [100]
- o cmake: replace CMAKE_COMPILER_IS_GNUCC with CMAKE_C_COMPILER_ID [232]
- o cmake: replace exec_program() with execute_process() [239]
- o cmake: restrict static CRT builds to static curl exe, test in CI [113]
- o cmake: sync cutoff version with autotools for picky option `-ftree-vrp` [99]
- o cmake: sync OpenSSL(-fork) feature checks with `./configure` [49]
- o cmake: unity mode optimization for non-`CURLDEBUG` `testdeps` targets [231]
- o CODE_STYLE: readability and banned functions [35]
- o config-win32: set `HAVE_STDINT_H` where available [264]
- o configure: call the blocking resolver "blocking", not "default" [220]
- o configure: fix ECH detection with MultiSSL [259]
- o configure: silence compiler warnings in feature checks, drop duplicates [86]
- o configure: tidy up shell completion rules [292]
- o configure: use `curl_cv_apple` variable [40]
- o conn: eliminate `conn->now` [293]
- o conn: fix connection reuse when SSL is optional [54]
- o conncache: eliminate `conn->destination_len` as premature optimization [294]
- o contributors.sh: lowercase 'github' for consistency [52]
- o contrithanks.sh: update docs/THANKS in place [119]
- o cookie: do prefix matching case-sensitively [82]
- o cookie: minor parser simplification [58]
- o cookie: simplify invalid_octets() [24]
- o core: stop redefining `E*` macros on Windows, map `EACCES`, related fixes [233]
- o curl.h: change some enums to defines with L suffix [84]
- o curl.h: convert CURLUSESSL* names to defines [146]
- o curl.h: stop defining non-curl `__has_declspec_attribute` [142]
- o curl.h: switch `CURL_HTTP_VERSION*` enums to long constants [160]
- o curl/system.h: drop leftover comment about 32 bit curl_off_t [305]
- o curl: add my_setopt_long() and _offt() [158]
- o curl_msh3: remove verify bypass from DEBUGBUILDs [43]
- o curl_setup: drop `ERANGE` (for WinCE), no longer used [249]
- o curl_setup_once: drop `E*` macro redefines unused (with winsock2) [164]
- o curl_setup_once: stop redefining `ENAMETOOLONG` to winsock2 error code [163]
- o curl_trc: fix build with CURL_DISABLE_VERBOSE_STRINGS [109]
- o curl_ws_recv.md: expand a little on the fragments the API delivers [251]
- o CURLMOPT_SOCKETFUNCTION.md: add advice for socket callback invocation[69]
- o CURLOPT_HTTPHEADER.md: add comments to the example [90]
- o CURLOPT_HTTPHEADER.md: rephrases [108]
- o curltime: use libcurl time functions in src and tests/server [247]
- o DISABLED: add 313 for sectransp (move from GHA/macos) [209]
- o docs/cmdline-opts: use imperative form [270]
- o docs: adapt to removed --with-random [177]
- o docs: add FD_ZERO to curl_multi_fdset example [19]
- o docs: bump `rustls` to 0.14.1 [111]
- o docs: correct argument names & URL redirection [4]
- o docs: minor edits to please the new spellchecker regime
- o docs: rework RUSTLS install instructions
- o docs: unify HTTP version style in --help output [139]
- o docs: vulnerabilities in debug code are not eligible for a bounty [118]
- o doh: improve HTTPS RR svcparams parsing [198]
- o doh: remove wrong but unreachable exit path from doh_decode_rdata_name [199]
- o dynbuf: assert init on free [295]
- o easy: drop `break` after `return` [300]
- o easy: fix warning about possible comma misuse [219]
- o eventfd: allow use on all CPUs [93]
- o examples: prefer `return` over `exit()` (cont.) [110]
- o ftp/sftp: strdup data info memory [237]
- o ftp: fix comment [135]
- o gnutls: fix connection state check on handshake [80]
- o gnutls: fix use of pkcs11 urls for keys/certs [122]
- o gtls: fix uninitialized variable [154]
- o hash: use single linked list for entries [57]
- o hostip: don't use alarm() for DoH resolves [214]
- o hostip: make CURLOPT_RESOLVE support replacing IPv6 addresses [47]
- o http2: add on_invalid_frame callback for error detection [174]
- o http2: detect session being closed on ingress handling [173]
- o http2: enhance error messages on Curl_dyn* upon receiving headers [149]
- o http2: fix stream assignemnt for pushes [302]
- o http2: reset stream on response header error [175]
- o HTTP3.md: only speak about minimal versions [18]
- o http: convert parsers to strparse [48]
- o http: fix NTLM info message typo [22]
- o http: fix the auth check [88]
- o http: make the RTSP version check stricter [73]
- o http: negotiation and room for alt-svc/https rr to navigate [64]
- o http: remove a HTTP method size restriction [241]
- o http: version negotiation [45]
- o http_chunks: replace a strofft call with curl_str_hex [138]
- o https-rr: implementation improvements [44]
- o httpsrr: fix port detection [51]
- o httpsrr: fix the HTTPS-RR threaded-resolver build combo [67]
- o INFRASTRUCTURE.md: add IRC and Matrix details [278]
- o INSTALL-CMAKE.md: CMake usage updates [101]
- o INSTALL-CMAKE.md: mention `ZLIB_USE_STATIC_LIBS` [112]
- o lib1156: pass longs to `curl_easy_setopt()` [159]
- o lib1560: test set path containing LR or CR [299]
- o lib2302: fix crash due to stack overflow on MSVC and clang Windows [228]
- o lib696: fix building on Windows in non-bundle mode [267]
- o lib: better optimized casecompare() and ncasecompare() [3]
- o lib: clear up CURLRES_ASYNCH vs USE_CURL_ASYNC use [215]
- o lib: fix two curlx_strtoofft invokes [128]
- o lib: rename curlx_strtoofft to Curl_str_numblanks() [218]
- o lib: replace while(ISBLANK()) loops with Curl_str_passblanks() [148]
- o lib: simplify more white space loops [60]
- o lib: strtoofft.h header cleanup [17]
- o lib: use Curl_str_* instead of strtok_r() [59]
- o lib: use Curl_str_number() for parsing decimal numbers [13]
- o libssh2: fix freeing of resources in disconnect [207]
- o libssh2: fix memory leak in `SSH_SFTP_REALPATH` state [224]
- o libssh2: fix to ignore `known_hosts` if SHA256 host public key is set [296]
- o libssh2: print user with verbose flag [125]
- o libssh2: show crypto backend in the verbose connect log [316]
- o libssh: fix freeing of resources in disconnect [206]
- o libssh: fix scp large file upload for 32-bit size_t systems [211]
- o libtest/first.c: remove the Test: stderr output for unity builds [301]
- o libtest/libprereq.c: set CURLOPT_FOLLOWLOCATION with a long [89]
- o managen: accept more markdown-quote-markers [243]
- o managen: correct the warning for un-escaped '<' and '>' [1]
- o mbedtls: re-enable an error check [288]
- o memdebug.h: avoid `-Wredundant-decls` with an extra guard [230]
- o memdebug: drop dynamic allocation from `curl_dbg_log()` [285]
- o mprintf: switch three number parsers to use strparse [221]
- o mqtt: convert sendleftovers to dynbuf [262]
- o msvc: drop support for VS2005 and older [96]
- o multi: call protocol handler done() if PROTOCONNECT or later [238]
- o multi: event based rework [74]
- o multi: kill off remaining internal handles in curl_multi_cleanup [248]
- o multi: start the loop over when handles are removed [129]
- o multi_ev: fixes regarding connection shutdowns [284]
- o ngtcp2: do not iterate over multi handles [194]
- o ntlm: merge ntlm.h into ntlm.c [235]
- o openssl-quic: do not iterate over multi handles [188]
- o openssl: check return value of X509_get0_pubkey [105]
- o openssl: drop support for old OpenSSL/LibreSSL versions [95]
- o openssl: fix crash on missing cert password [271]
- o openssl: fix pkcs11 URI checking for key files. [152]
- o openssl: remove bad `goto`s into other scope [63]
- o prox/preproxy.md: document argument within <brackets> [317]
- o pytest: test negotiate with http proxy [83]
- o quiche: do not iterate over multi handles [182]
- o RELEASE-PROCEDURE.md: explain release candidates [161]
- o request: clear sendbuf_hds_len when resetting request bufq [166]
- o resolve: fix building without Unix sockets and `CURLDEBUG` [213]
- o runtests: accept `CURL_DIRSUFFIX` without ending slash [133]
- o runtests: add feature-based filtering [268]
- o runtests: check and report if `diff` tool is missing [162]
- o runtests: drop logic calling the `handle` tool (Windows) [263]
- o runtests: drop recognizing 'winssl' as Schannel [102]
- o runtests: drop ref to unused external function
- o runtests: fix bundled test invocation with `-g` option [308]
- o runtests: fix SSH server not starting in cases, re-ignore failing vcpkg CI jobs [225]
- o runtests: fix test key format for libssh2 WinCNG (and others) [229]
- o runtests: generate certs dynamically, bump to EC-256, tidy up [279]
- o runtests: recognize AWS-LC as OpenSSL [103]
- o runtests: rewrite `genserv.sh` in Perl [312]
- o runtests: support multi-target cmake, drop workarounds from CI [116]
- o runtests: support running tests under wine or qemu (cont.) [309]
- o runtests: support running tests under wine or qemu [210]
- o runtests: use `setfacl` on Cygwin/MSYS, if present [291]
- o rustls: add ECH support w/ string ECH config [281]
- o rustls: cap maximum allowed CRL file size to 8MB [196]
- o rustls: support ECH GREASE
- o rustls: use client cert and key if available
- o schannel: deduplicate Windows Vista detection [98]
- o schannel: enable ALPN support under WINE 6.0+ [92]
- o schannel: enable ALPN with MinGW, fix ALPN for UWP builds [71]
- o schannel: guard ALPN init code to ALPN builds [91]
- o scripts/managen: fix option 'single' [31]
- o scripts/managen: fix parsing of markdown code sections [30]
- o scripts: update completion.pl to parse options from docs [266]
- o sectransp: add support for HTTP/2 in gcc builds [200]
- o sendf: client reader line conversion: do not change data->state.infilesize [244]
- o setopt: illegal CURLOPT_SOCKS5_AUTH should return error [185]
- o setopt: remove unnecessary void pointer typecasts [76]
- o setopt: setting PROXYUSERPWD after PROXYUSERNAME/PASSWORD is fine [197]
- o shutdowns: split shutdown handling from connection pool [156]
- o socks: remove bad assert from do_SOCKS5() [216]
- o src: avoid strdup on platforms not doing UTF-8 conversions [176]
- o src: cleanup ISBLANK vs ISSPACE [195]
- o src: remove Curl_ prefix from tool-specific function [205]
- o src: remove final uses of Curl_ symbol prefixes in tool code [242]
- o src: replace strto[u][ld] with curlx_str_ parsers [222]
- o ssh: consider sftp quote commands case sensitive [33]
- o sshserver.pl: adjust `AuthorizedKeysFile2` cutoff version [204]
- o sshserver.pl: use Perl `chmod` [311]
- o sshserver: fix excluding obsolete client config lines [212]
- o ssl session cache: add exportable flag [56]
- o SSLCERTS: list support for SSL_CERT_FILE and SSL_CERT_DIR [265]
- o strparse: make Curl_str_number() return error for no digits [14]
- o strparse: switch the API to work on 'const char *' [2]
- o strparse: switch to curl_off_t as base data type [7]
- o test1022: add support for rc releases [144]
- o test1167: catch #defines with extra whitespace [140]
- o test313: disable CRL test for Schannel due to lack of support and flakiness [310]
- o test313: disable via `<features>` for backends without CRL support [303]
- o test489: set output dir [186]
- o test612: SCP `rm` the uploaded remote file (not the local source), unignore in CI [297]
- o test613: make it pass on Windows, fix postprocess, unignore in CI [290]
- o test615: fix for Cygwin, unignore in CI [276]
- o tests/certs: cleanup [151]
- o tests/server: drop unused `base64.pl` [258]
- o tests/server: fix to check against winsock2 error codes on Windows [168]
- o tests/server: give global `path` variable a more descriptive name [255]
- o tests/server: make the signal handler signal-safe [269]
- o tests/server: replace `errno` with `SOCKERRNO` in sockfilt, socksd, sws [183]
- o tests/server: replace `strerror` with `sstrerror` in socksd
- o tests/server: support bundle binary [217]
- o tests/server: sync `wait_ms()` with the libcurl implementation [226]
- o tests/server: use `curlx_str_numblanks()` to avoid `errno` [250]
- o tests/servers.pm: remove unused variable 'portrange' [227]
- o tests: build non-debug unit tests with autotools, run them [287]
- o tests: fix comment in lib533 [121]
- o tests: fix enum/int confusion, fix autotools `CFLAGS` for `servers` [27]
- o tests: make sure 'commands.log' is generated in the correct logdir [172]
- o tests: mark tests 1631, 1632 flaky [157]
- o tests: reformat error messages to avoid tripping MSBuild [201]
- o tests: remove base64 encoded sections [260]
- o tests: Remove unused variables [245]
- o tests: replace remaining non-ASCII bytes with hex markup [283]
- o tftpd: prefix TFTP protocol error `E*` constants with `TFTP_` [189]
- o tidy-up: align MSYS2/Cygwin codepaths, follow Cygwin `MAX_PID` bump [97]
- o tidy-up: delete, comment or scope C macros reported unused [16]
- o tidy-up: drop unused `CURL_INADDR_NONE` macro and `in_addr_t` type [26]
- o tidy-up: use `CURL_ARRAYSIZE()` [37]
- o timediff: fix comment for curlx_mstotv() [25]
- o timediff: remove unnecessary double typecast [53]
- o tool_dirhie: create dir hierarchy without strtok [169]
- o tool_getparam: clear sensitive arguments better [66]
- o tool_getparam: do parse_upload_flags without the alloc/free [181]
- o tool_getparam: parse --trace-config without strdup()/free() [178]
- o tool_getparam: parse_header() without strtok [165]
- o tool_operate: change "1 retries" to "1 retry" [145]
- o tool_operate: fail SSH transfers without server auth [70]
- o tool_operate: fix pluralization of seconds [273]
- o tool_operate: remove unnecessary (long) typecasts [141]
- o tool_paramhlp: do --proto parsing without strtok [170]
- o tool_parsecfg: make my_get_line skip comments and newlines [130]
- o tool_setopt: reduce use of "code hiding" macros [203]
- o url: call protocol handler's disconnect in Curl_conn_free [193]
- o urlapi: fix redirect from file:// with query, and simplify [136]
- o urlapi: remove percent encoded dot sequences from the URL path [252]
- o urlapi: simplify junkscan [23]
- o urldata: remove 'hostname' from struct Curl_async [131]
- o variable.md: clarify 'trim' example [12]
- o vquic: obey IOV_MAX [275]
- o vtls: fix compiler warnings seen with gcc 7.3.0 and mbedTLS [187]
- o winbuild: reduce command-line length by dropping whitespace [117]
- o windows: do not use winsock2 `inet_ntop()`/`inet_pton()` [202]
- o windows: drop code and curl manifest targeting W2K and older [115]
- o windows: fix issues detected by clang-tidy, and some more [286]
- o wolfssh: fix freeing of resources in disconnect [184]
- o wolfssh: retrieve the error using wolfSSH_get_error [5]
- o wolfssl: fix CA certificate multiple location import [34]
- o wolfssl: fix unused variable warning [190]
- o wolfssl: warn if CA native import option is ignored [65]
- o wolfssl: when using PQ KEM, use ML-KEM, not Kyber [10]
- o ws: corrected curlws_cont to reflect its documented purpose [120]
- o ws: fix and extend CURLWS_CONT handling [256]
- o zlib: bump minimum to 1.2.5.2 (was: 1.2.0.4) [179]
+ o _SEEALSO.md: remove spaces around command and man page section [166]
+ o asny-thrdd: fix detach from running thread [191]
+ o asnyc-thrdd: explain how this is okay with a comment [200]
+ o asyn resolver code improvements [50]
+ o async-threaded resolver: use ref counter [10]
+ o async: DoH improvements [99]
+ o autotools: detect `wolfSSL_set_quic_use_legacy_code` like cmake does [104]
+ o autotools: install shell completion files on cross build [119]
+ o aws-sigv4: allow a blank string [86]
+ o build: check required rustls-ffi version [46]
+ o build: enable gcc-12/13+, clang-10+ picky warnings [147]
+ o build: enable gcc-15 picky warnings [133]
+ o certs: drop unused `default_bits` from `.prm` files [45]
+ o cf-https-connect: use the passed in dns struct pointer [64]
+ o cf-socket: fix FTP accept connect [153]
+ o cfilters: remove assert [120]
+ o cmake/FindNGTCP2: simplify multi-pkg-config detection [27]
+ o cmake: append picky warnings to `CMAKE_REQUIRED_FLAGS` as string [68]
+ o cmake: avoid 'target is imported but not globally visible' when consuming libcurl with old cmake [125]
+ o cmake: do not install `mk-ca-bundle` script and manpage [101]
+ o cmake: enable `-Wall` for MSVC when `PICKY_COMPILER=ON` [100]
+ o cmake: extend integration tests [139]
+ o cmake: fix `fish` install directory detection via `pkg-config` [123]
+ o cmake: fix nghttp3 static linking with `USE_OPENSSL_QUIC=ON` [79]
+ o cmake: fix option() and mark_as_advanced() mixed order [111]
+ o cmake: fix shell completion install when just one flavor is enabled [73]
+ o cmake: honor individual picky option overrides found in `CMAKE_C_FLAGS` [146]
+ o cmake: install shell completions for cross-builds [112]
+ o cmake: link `crypt32` for OpenSSL feature detection [105]
+ o cmake: merge `CURL_WERROR` logic into `PickyWarnings.cmake` [66]
+ o cmake: prefer `COMPILE_OPTIONS` over `CMAKE_C_FLAGS` for custom C options [72]
+ o cmake: quotes, whitespace, use `VERSION_GREATER_EQUAL` [33]
+ o cmake: revert `CURL_LTO` behavior for multi-config generators [74]
+ o cmake: set `BUILDING_LIBCURL` directly for unit test targets [174]
+ o cmake: stop deleting `-W<n>` from `CMAKE_C_FLAGS` (MSVC) [155]
+ o cmake: tidy up and document feature detections in dependencies [107]
+ o cmake: use `CMAKE_COMPILE_WARNING_AS_ERROR` if available [154]
+ o cmake: use `INCLUDE_DIRECTORIES` prop to specify local header dirs [47]
+ o cmake: use `LIB_NAME` in `curl-config.cmake.in` [148]
+ o cmake: use absolute paths for completion targets [40]
+ o cmake: use the `LINK_OPTIONS` property with CMake 3.13+ [78]
+ o configure: catch asking for double resolver without https-rr [82]
+ o configure: fix --disable-rt [20]
+ o configure: restore link checks [25]
+ o configure: suppress command not found for brew [235]
+ o conncache: make Curl_cpool_init return void [15]
+ o connect: shutdown timer fix [132]
+ o content_encoding: Transfer-Encoding parser improvements [31]
+ o CONTRIBUTE: add project guidelines for AI use [76]
+ o contrithanks.sh: drop set -e [6]
+ o cpool/cshutdown: force close connections under pressure [80]
+ o curl: fix memory leak when -h is used in config file [161]
+ o curl: only warn once for --manual in manual-disabled build [205]
+ o curl_get_line: handle lines ending on the buffer boundary [62]
+ o curl_krb5: only use functions if FTP is still enabled [21]
+ o curl_multibyte: fixup low-level calls, include in unity builds [55]
+ o curl_osslq: remove a leftover debug fprintf() call [140]
+ o curl_url_get.md: don't call it normalized [212]
+ o curl_version_info.md: clarify ssl_version for MultiSSL [145]
+ o CURLMOPT_TIMERFUNCTION.md: correct the example [162]
+ o CURLOPT_ERRORBUFFER.md: buffer is read only after curl takes ownership [93]
+ o CURLOPT_FOLLOWLOCATION.md: switch to GET => no body [208]
+ o CURLOPT_READFUNCTION.md: mention the seek callback [209]
+ o CURLOPT_XFERINFOFUNCTION.md: fix the callback return type in example [122]
+ o curlx: move the docs to docs/internals/ [184]
+ o DEPRECATE.md: drop support for VS2008 [214]
+ o DEPRECATE.md: drop Windows CE support [216]
+ o dist: drop duplicate entry from `CMAKE_DIST` [88]
+ o dns_entry: move from conn to data->state [178]
+ o Dockerfile: update debian:bookworm-slim Docker digest to 90522ee [211]
+ o docs/INSTALL.md: drop reference to removed configure option [83]
+ o docs/libcurl: fix type and prototype problems in examples [121]
+ o docs/libcurl: make examples build with picky compiler options [84]
+ o docs/libcurl: mention sensitive data/headers [206]
+ o docs: add missing return statement in examples [85]
+ o docs: fix incorrect shell substitution in docker run example command [51]
+ o docs: fix typo in retry.md [192]
+ o docs: update distros links
+ o doh: httpsrr fix [71]
+ o doh: make sure CURLOPT_PROTOCOLS is set a with a "long" arg [124]
+ o doh: reduce the DNS request buffer size [70]
+ o easy_reset: fix dohfor_mid member [63]
+ o ECH: reference the OpenSSL ECH feature branch [186]
+ o etag-save.md: mention how using both options is a good idea [108]
+ o eventfd: fix feature guards [24]
+ o formdata: cleanups [219]
+ o ftp: fix bug in failed init [179]
+ o ftp: fix race in upload handling [207]
+ o ftplistparser: add two overflow preventions [173]
+ o ftplistparser: split up into more functions [215]
+ o generate.bat: exclude curlinfo.c from legacy VS projects [175]
+ o genserv.pl: fail with a message if `openssl` is missing or failing [14]
+ o headers: enforce a max number of response header to accept [163]
+ o headers: set an error message on illegal response headers [181]
+ o hostip: fix build without threaded-resolver and without DoH [17]
+ o hostip: show the correct name on proxy resolve error [37]
+ o http2: fix stream window size after unpausing [34]
+ o HTTP3.md: fix incorrect variable placeholders [30]
+ o http: fix a build error when all auths are disabled [16]
+ o http: fix HTTP/2 handling of TE request header using "trailers" [130]
+ o http: in alt-svc negotiation only allow supported HTTP versions [59]
+ o http_aws_sigv4: add additional verbose log statements [39]
+ o http_aws_sigv4: improve sigv4 url encoding and canonicalization [240]
+ o http_chunks: narrow variable scope for 'trlen' [199]
+ o http_negotiate: fix non-SSL build with GSSAPI [23]
+ o https-connect: fix httpsrr target check [36]
+ o HTTPSRR.md: clarify somewhat [137]
+ o if2ip: build the function also if FTP is present [19]
+ o imap: remove redundant condition [196]
+ o INSTALL-CMAKE.md: fix typo
+ o INSTALL.md: update the minimal libcurl size example
+ o KNOWN_BUGS: fix link in sivg4 issue 16.3 [26]
+ o lib/src/docs/test: improve curl_easy_setopt() calls [116]
+ o lib1560: use hex notation, drop non-ASCII exception [182]
+ o lib3026: drop DLL pre-load perf mitigation for old mingw [222]
+ o lib: add const to clientwriter tables
+ o lib: drop curlx_getpid, use fake pid in SMB [172]
+ o lib: include files using known path [48]
+ o lib: make Curl_easyopts const [44]
+ o lib: unify conversions to/from hex [3]
+ o libcurl-tutorial.md: fix read callback explanation [118]
+ o libssh: add NULL check for Curl_meta_get() [201]
+ o libssh: fix memory leak [168]
+ o libssh: remove a condition that always equals false [202]
+ o libtest/first: stop defining MEMDEBUG_NODEFINES [32]
+ o libtests: define CURL_DISABLE_DEPRECATION first [177]
+ o make: clean tests better [60]
+ o mbedtls: TLS 1.3 is max when mbedtls has 1.3 support [109]
+ o metahash: add asserts to help analyzers [171]
+ o mk-ca-bundle.pl: follow redirects [53]
+ o mk-ca-bundle: switch URLs to GitHub versions [195]
+ o mkhelp: fix to not generate a line-ending space in some cases [103]
+ o mqtt: use conn/easy meta hash [141]
+ o multi: do transfer book keeping using mid [91]
+ o multi: init_do(): check result [114]
+ o netrc: avoid NULL deref on weird input [167]
+ o netrc: avoid strdup NULL [198]
+ o netrc: deal with null token better [150]
+ o ngtcp2: clarify ignoring of result [131]
+ o openssl-quic: avoid potential `-Wnull-dereference`, add assert [126]
+ o openssl-quic: fix printf mask [102]
+ o openssl-quic: fix shutdown when stream not open [11]
+ o openssl: enable builds for *both* engines and providers [115]
+ o openssl: set the cipher string before doing private cert [138]
+ o parsedate: provide Curl_wkday also for GnuTLS builds [13]
+ o processhelp.pm: always call `taskkill` with `-f` (force) [69]
+ o processhelp.pm: avoid potential endless loop, log more (Windows) [5]
+ o progress: avoid integer overflow when gathering total transfer size [128]
+ o pytest tls: extend coverage [217]
+ o pytest-xdist: pytest in parallel [204]
+ o pytest: add pinnedpubkey test cases [232]
+ o pytest: give parameterised tests better ids for read- and parsability [142]
+ o pytest: make test_07_22 more lenient to exit codes [90]
+ o quic: no local idle connection timeout, ngtcp2 keep-alive [61]
+ o rand: update comment on Curl_rand_bytes weak random [35]
+ o RELEASE-PROCEDURE.md: release candidate git tagging explained [143]
+ o rtsp: remove redundant condition [197]
+ o runtests: add retry option to reduce flakiness [106]
+ o runtests: fix indentation
+ o runtests: recognize lowercase `windows` in `curl -V` [77]
+ o runtests: remove server verification after start [89]
+ o runtests: split `SSH_PWD` into `SCP_PWD` and `SFTP_PWD`, and more [75]
+ o rustls: make max size of cert and key reasonable [41]
+ o sasl: give help when unable to select AUTH [213]
+ o scripts: completion.pl: sort the completion file for all shells [9]
+ o scripts: drop unused import, formatting [95]
+ o scripts: fix --opts-dir help in completion.pl
+ o scripts: fix perl indentation, whitespace, semicolons [127]
+ o sectransp: fix building for macOS Sierra and older [151]
+ o setopt: provide info for CURLE_BAD_FUNCTION_ARGUMENT [180]
+ o smb: avoid integer overflow on weird input date [129]
+ o socket: use accept4 when available [7]
+ o socketpair: support pipe2 where available [56]
+ o spacecheck.pl: check for non-ASCII chars, fix fallouts [187]
+ o spacecheck.pl: verify `tests/data/test*` for non-ASCII chars [189]
+ o src: drop strcase.[ch] from tool builds [157]
+ o src: include memdebug.h consistently with angle brackets <> [160]
+ o src: rename curlx_safefree to tool_safefree [164]
+ o test1173.pl: whitelist some option-looking names that aren't options [203]
+ o test1658: add unit test for the HTTPS RR decoder [28]
+ o test: make unittest 1308 into a libtest [4]
+ o tests/ech_tests.sh: sync shebang with rest of bash scripts [42]
+ o tests/FILEFORMAT.md: clarify %hex[] formatting [188]
+ o tests/FILEFORMAT.md: document the aws feature [156]
+ o tests/README.md: document --test-duphandle [8]
+ o tests/README.md: list the openssl tool among the prerequisites [12]
+ o tests/server/dnsd: basic DNS server for test suite [92]
+ o tests/server: check for `stream != NULL` in mqttd [194]
+ o tests/server: fix typo in comment
+ o tests/server: stop using libcurl string comparisons [185]
+ o tests/server: stop using libcurl's printf functions [190]
+ o tests/serverhelp: remove last remnants of http-pipe server [1]
+ o tests/tunit: make a separate directory for tool-based unit tests [54]
+ o tests: add aws feature to the related tests [159]
+ o tests: Add https-mtls server to force client auth [57]
+ o tests: fix some test tag mismatches
+ o tests: mark ipfs tests to require ipfs [2]
+ o tests: move a boolean variable out of the path section
+ o tests: prefer `--insecure` over `-k` [43]
+ o tests: provide all non-ascii data hex encoded [183]
+ o tests: remove some unused test case sections
+ o tests: require IPv6 for 1265, 1324, 2086 [87]
+ o tests: separate tunit tests from unit tests more [176]
+ o tests: stop using libcurl's strdup [170]
+ o tests: unify test case keywords
+ o tests: use a more portable null device path [38]
+ o TODO: remove "nicer lacking perl message" [117]
+ o tool_cb_write.c: handle EINTR on flush [65]
+ o tool_getparam: clear argument only when needed [98]
+ o tool_operate: make retrycheck() a separate function [218]
+ o tool_operate: when retrying, only truncate regular files [165]
+ o tool_paramhlp: avoid integer overflow in secs2ms() [152]
+ o tool_parsecfg: make get_line handle lines ending on the buffer boundary [81]
+ o typecheck-gcc.h: fix the typechecks [110]
+ o urlapi: redirecting to "" is considered fine [149]
+ o urlapi: remove unneeded guards around PUNY2IDN [193]
+ o urldata: remove the unused struct field 'hide_progress' [220]
+ o VERSIONS: list all past releases [22]
+ o vquic: consistent name for the stream struct across backends [135]
+ o vquic: init for every call to recvmsg [134]
+ o vtls: avoid NULL deref on bad PEM input [169]
+ o vtls: fix build with ssl but without http [18]
+ o VULN-DISCLOSURE-POLICY: use of weak algos [94]
+ o winbuild: add the deprecation warning to the README [29]
+ o winbuild: curl_get_line is not used for tool builds [158]
+ o windows: fix builds targeting WinXP, test it in CI [227]
+ o wolfssl: fix to enable ALPN when available [67]
+ o ws: fix the header replace check [144]
+ o ws: store protocol context as connection meta data [136]
This release includes the following known bugs:
@@ -340,340 +258,263 @@ For all changes ever done in curl:
Planned upcoming removals include:
o Support for the msh3 HTTP/3 backend
+ o Supporting curl builds using VS2008
+ o The Secure Transport and BearSSL TLS backends
o The winbuild build system
- o TLS libraries not supporting TLS 1.3
+ o Windows CE support
See https://curl.se/dev/deprecate.html
This release would not have looked like this without help, code, reports and
advice from friends like these:
- Abhinav Singhal, Anthony Hu, Aquila Macedo, Austin Moore, Ben Bodenmiller,
- Brian Inglis, Calvin Ruocco, Carlos Henrique Lima Melara, Catena cyber,
- Christian Schmitz, Dan Fandrich, Daniel McCarney, Daniel Stenberg,
- Dave Nicolson, Demi Marie Obenour, dependabot[bot], Derek Huang,
- Dexter Gerig, Ethan Wilkes, Gabriel Marin, Harry Sintonen, Jan Macku,
- Jeremy Drake, John Bampton, Joseph Chen, Justin Steventon, Kai Pastor,
- kayrus on github, kpcyrd on github, kriztalz, Lars Karlitski,
- Laurențiu Nicola, lf- on github, Marcel Raad, Marius Albrecht, Mark Phillips,
- Martxel, Michał Antoniak, Ondřej Hlavatý, Orgad Shaneh, Pavel Kropachev,
- Peng-Yu Chen, Peter Kokot, Philippe Antoine, qhill on github, Ray Satiro,
- renovate[bot], Rinku Das, rmg-x on github, Roman Zharkov, Ronald Crane,
- RubisetCie on github, saimen, Samuel Dionne-Riel, Samuel Henrique,
- Scott Talbert, Sergey, Stefan Eissing, stevenpackardblp on github,
- Tatsuhiro Tsujikawa, Teh Kok How, Tianyi Song, Timo Tijhof, tiymat,
- Viktor Szakats, Vulpes Vulpes, Weng Xuetian, Yedaya Katsman, Zenju on github,
- Zhang Wen, Zhaoming Luo
- (71 contributors)
+ Abhinav Singhal, Aditya Garg, Alberto Leiva Popper, Andreas Westin,
+ Andrei Florea, Andrew Kirillov, Andy Pan, antypanty on hackerone,
+ Arian van Putten, bo0tzz on github, Bo Anderson, Brendan Dolan-Gavitt,
+ Brian Chrzanowski, bruce.yoon, bsr13 on hackerone, calvin2021y on github,
+ Calvin Ruocco, Carlos Henrique Lima Melara, Christian Schmitz,
+ Christoph Jabs, Cole Helbling, Corinna Brandt, Dagobert Michelsen,
+ Dan Fandrich, Daniel Engberg, Daniel Fosco, Daniel McCarney, Daniel Stenberg,
+ Demi Marie Obenour, dependabot[bot], Dirk Feytons, epicmkirzinger on github,
+ Eric Knibbe, Fujii Hironori, gkarracer on github, Gordon Parke,
+ Graham Christensen, Harry Sintonen, Helmut Grohne, Hiroki Kurosawa,
+ Int64x86 on github, Jacob Mealey, Jake Yuesong Li, James Fuller,
+ Jean-Christophe Amiel, Jeroen Ooms, Jimmy Sjölund, Jixinqi,
+ Jochen Sprickerhof, Joe Cise, JoelAtWisetech on github, Joel Depooter,
+ Johan Eliasson, John Bampton, John Haugabook, Jonathan Rosa, Kai Pastor,
+ kkalganov on github, Maksim Ściepanienka, Manuel Strehl, Marius Kleidl,
+ Mathieu Garaud, Matt Jolly, Max Eliaser, mschroeder-fzj on github, NeimadTL,
+ Niall O'Reilly, Nigel Brittain, Nils Goroll, Pavel Kropachev, PleaseJustDont,
+ Rasmus Melchior Jacobsen, Ray Satiro, renovate[bot], Samuel Henrique,
+ Sarah Gooding, sbernatsky on github, Sergey, Sören Tempel, Stefan Eissing,
+ Stephen Farrell, Tal Regev, Thomas Klausner, Tomas Volf, Travis Lane,
+ Viktor Szakats, wolfsage on hackerone, x1sc0 on github, xiadnoring on github,
+ Yedaya Katsman, zopsicle on github
+ (91 contributors)
References to bug reports and discussions on issues:
- [1] = https://curl.se/bug/?i=16315
- [2] = https://curl.se/bug/?i=16316
- [3] = https://curl.se/bug/?i=16311
- [4] = https://curl.se/bug/?i=16334
- [5] = https://curl.se/bug/?i=16335
- [6] = https://curl.se/bug/?i=16323
- [7] = https://curl.se/bug/?i=16336
- [8] = https://curl.se/bug/?i=16338
- [9] = https://curl.se/bug/?i=16339
- [10] = https://curl.se/bug/?i=16337
- [11] = https://curl.se/bug/?i=16400
- [12] = https://curl.se/bug/?i=16346
- [13] = https://curl.se/bug/?i=16319
- [14] = https://curl.se/bug/?i=16319
- [15] = https://curl.se/bug/?i=16327
- [16] = https://curl.se/bug/?i=16279
- [17] = https://curl.se/bug/?i=16331
- [18] = https://curl.se/bug/?i=16320
- [19] = https://curl.se/bug/?i=16325
- [20] = https://curl.se/bug/?i=16321
- [21] = https://curl.se/bug/?i=16241
- [22] = https://curl.se/bug/?i=16305
- [23] = https://curl.se/bug/?i=16307
- [24] = https://curl.se/bug/?i=16306
- [25] = https://curl.se/bug/?i=16310
- [26] = https://curl.se/bug/?i=16318
- [27] = https://curl.se/bug/?i=16314
- [28] = https://curl.se/bug/?i=16313
- [29] = https://curl.se/bug/?i=16274
- [30] = https://curl.se/bug/?i=16345
- [31] = https://curl.se/bug/?i=16344
- [32] = https://curl.se/bug/?i=16354
- [33] = https://curl.se/bug/?i=16382
- [34] = https://curl.se/bug/?i=16391
- [35] = https://curl.se/bug/?i=16349
- [36] = https://curl.se/bug/?i=16347
- [37] = https://curl.se/bug/?i=16381
- [38] = https://curl.se/bug/?i=16238
- [39] = https://curl.se/bug/?i=16287
- [40] = https://curl.se/bug/?i=16340
- [41] = https://curl.se/bug/?i=16324
- [42] = https://curl.se/bug/?i=15841
- [43] = https://curl.se/bug/?i=16342
- [44] = https://curl.se/bug/?i=16132
- [45] = https://curl.se/bug/?i=16100
- [46] = https://curl.se/bug/?i=16375
- [47] = https://curl.se/bug/?i=16357
- [48] = https://curl.se/bug/?i=16436
- [49] = https://curl.se/bug/?i=16352
- [50] = https://curl.se/bug/?i=16167
- [51] = https://curl.se/bug/?i=16409
- [52] = https://curl.se/bug/?i=16443
- [53] = https://curl.se/bug/?i=16367
- [54] = https://curl.se/bug/?i=16384
- [55] = https://curl.se/bug/?i=16366
- [56] = https://curl.se/bug/?i=16322
- [57] = https://curl.se/bug/?i=16351
- [58] = https://curl.se/bug/?i=16362
- [59] = https://curl.se/bug/?i=16360
- [60] = https://curl.se/bug/?i=16363
- [61] = https://curl.se/bug/?i=16280
- [62] = https://curl.se/bug/?i=16252
- [63] = https://curl.se/bug/?i=16356
- [64] = https://curl.se/bug/?i=16117
- [65] = https://curl.se/bug/?i=16417
- [66] = https://curl.se/bug/?i=16396
- [67] = https://curl.se/bug/?i=16399
- [68] = https://curl.se/bug/?i=16398
- [69] = https://curl.se/bug/?i=16441
- [70] = https://curl.se/bug/?i=16205
- [71] = https://curl.se/bug/?i=16385
- [72] = https://curl.se/bug/?i=16373
- [73] = https://curl.se/bug/?i=16435
- [74] = https://curl.se/bug/?i=16308
- [75] = https://curl.se/bug/?i=16555
- [76] = https://curl.se/bug/?i=16426
- [77] = https://curl.se/bug/?i=16434
- [78] = https://curl.se/bug/?i=16330
- [79] = https://curl.se/bug/?i=15956
- [80] = https://curl.se/bug/?i=16423
- [81] = https://curl.se/bug/?i=16427
- [82] = https://curl.se/bug/?i=16494
- [83] = https://curl.se/bug/?i=14973
- [84] = https://curl.se/bug/?i=16482
- [85] = https://curl.se/bug/?i=16407
- [86] = https://curl.se/bug/?i=16377
- [87] = https://curl.se/bug/?i=15975
- [88] = https://curl.se/bug/?i=16419
- [89] = https://curl.se/bug/?i=16487
- [90] = https://curl.se/bug/?i=16488
- [91] = https://curl.se/bug/?i=16420
- [92] = https://curl.se/bug/?i=16393
- [93] = https://curl.se/bug/?i=16277
- [94] = https://curl.se/bug/?i=16134
- [95] = https://curl.se/bug/?i=16104
- [96] = https://curl.se/bug/?i=16004
- [97] = https://curl.se/bug/?i=16217
- [98] = https://curl.se/bug/?i=16408
- [99] = https://curl.se/bug/?i=16478
- [100] = https://curl.se/bug/?i=16464
- [101] = https://curl.se/bug/?i=16329
- [102] = https://curl.se/bug/?i=16467
- [103] = https://curl.se/bug/?i=16466
- [104] = https://curl.se/bug/?i=16099
- [105] = https://curl.se/bug/?i=16468
- [106] = https://curl.se/bug/?i=16459
- [107] = https://curl.se/bug/?i=16460
- [108] = https://curl.se/bug/?i=16461
- [109] = https://curl.se/bug/?i=16462
- [110] = https://curl.se/bug/?i=16524
- [111] = https://curl.se/bug/?i=16446
- [112] = https://curl.se/bug/?i=16457
- [113] = https://curl.se/bug/?i=16456
- [114] = https://curl.se/bug/?i=16455
- [115] = https://curl.se/bug/?i=16453
- [116] = https://curl.se/bug/?i=16452
- [117] = https://curl.se/bug/?i=16508
- [118] = https://curl.se/bug/?i=16527
- [119] = https://curl.se/bug/?i=16448
- [120] = https://curl.se/bug/?i=16512
- [121] = https://curl.se/bug/?i=16523
- [122] = https://curl.se/bug/?i=16249
- [123] = https://curl.se/bug/?i=16516
- [124] = https://curl.se/bug/?i=15970
- [125] = https://curl.se/bug/?i=16430
- [126] = https://curl.se/bug/?i=16513
- [127] = https://curl.se/bug/?i=16515
- [128] = https://curl.se/bug/?i=16548
- [129] = https://curl.se/bug/?i=16588
- [130] = https://curl.se/bug/?i=16590
- [131] = https://curl.se/bug/?i=16451
- [132] = https://curl.se/bug/?i=16550
- [133] = https://curl.se/bug/?i=16506
- [134] = https://curl.se/bug/?i=16522
- [135] = https://curl.se/bug/?i=16538
- [136] = https://curl.se/bug/?i=16498
- [137] = https://curl.se/bug/?i=16476
- [138] = https://curl.se/bug/?i=16546
- [139] = https://curl.se/bug/?i=16542
- [140] = https://curl.se/bug/?i=16496
- [141] = https://curl.se/bug/?i=16540
- [142] = https://curl.se/bug/?i=16491
- [143] = https://curl.se/bug/?i=16492
- [144] = https://curl.se/bug/?i=16626
- [145] = https://curl.se/bug/?i=16586
- [146] = https://curl.se/bug/?i=16539
- [147] = https://curl.se/bug/?i=16473
- [148] = https://curl.se/bug/?i=16520
- [149] = https://curl.se/bug/?i=16536
- [150] = https://curl.se/bug/?i=16477
- [151] = https://curl.se/bug/?i=16593
- [152] = https://curl.se/bug/?i=16591
- [153] = https://curl.se/bug/?i=16594
- [154] = https://curl.se/bug/?i=16625
- [155] = https://curl.se/bug/?i=16585
- [156] = https://curl.se/bug/?i=16508
- [157] = https://curl.se/bug/?i=16584
- [158] = https://curl.se/bug/?i=16669
- [159] = https://curl.se/bug/?i=16579
- [160] = https://curl.se/bug/?i=16580
- [161] = https://curl.se/bug/?i=16622
- [162] = https://curl.se/bug/?i=16578
- [163] = https://curl.se/bug/?i=16620
- [164] = https://curl.se/bug/?i=16553
- [165] = https://curl.se/bug/?i=16572
- [166] = https://curl.se/bug/?i=16573
- [167] = https://curl.se/bug/?i=16557
- [168] = https://curl.se/bug/?i=16553
- [169] = https://curl.se/bug/?i=16566
- [170] = https://curl.se/bug/?i=16567
- [171] = https://curl.se/bug/?i=16569
- [172] = https://curl.se/bug/?i=16568
- [173] = https://curl.se/bug/?i=16544
- [174] = https://curl.se/bug/?i=16544
- [175] = https://curl.se/bug/?i=16535
- [176] = https://curl.se/bug/?i=16560
- [177] = https://curl.se/bug/?i=16565
- [178] = https://curl.se/bug/?i=16559
- [179] = https://curl.se/bug/?i=16616
- [180] = https://curl.se/bug/?i=16563
- [181] = https://curl.se/bug/?i=16552
- [182] = https://curl.se/bug/?i=16607
- [183] = https://curl.se/bug/?i=16553
- [184] = https://curl.se/bug/?i=16668
- [185] = https://issues.oss-fuzz.com/issues/401430844
- [186] = https://curl.se/bug/?i=16670
- [187] = https://curl.se/bug/?i=16614
- [188] = https://curl.se/bug/?i=16611
- [189] = https://curl.se/bug/?i=16666
- [190] = https://curl.se/bug/?i=16608
- [191] = https://curl.se/bug/?i=16610
- [192] = https://curl.se/bug/?i=16479
- [193] = https://curl.se/bug/?i=16604
- [194] = https://curl.se/bug/?i=16606
- [195] = https://curl.se/bug/?i=16589
- [196] = https://curl.se/bug/?i=16716
- [197] = https://curl.se/bug/?i=16599
- [198] = https://curl.se/bug/?i=16598
- [199] = https://curl.se/bug/?i=16710
- [200] = https://curl.se/bug/?i=16581
- [201] = https://curl.se/bug/?i=16583
- [202] = https://curl.se/bug/?i=16577
- [203] = https://curl.se/bug/?i=16709
- [204] = https://curl.se/bug/?i=16787
- [205] = https://curl.se/bug/?i=16657
- [206] = https://curl.se/bug/?i=16659
- [207] = https://curl.se/bug/?i=16656
- [208] = https://curl.se/bug/?i=16142
- [209] = https://curl.se/bug/?i=16660
- [210] = https://curl.se/bug/?i=16785
- [211] = https://curl.se/bug/?i=16641
- [212] = https://curl.se/bug/?i=16784
- [213] = https://curl.se/bug/?i=16700
- [214] = https://curl.se/bug/?i=16649
- [215] = https://curl.se/bug/?i=16645
- [216] = https://issues.oss-fuzz.com/issues/401869346
- [217] = https://curl.se/bug/?i=15000
- [218] = https://curl.se/bug/?i=16642
- [219] = https://curl.se/bug/?i=16644
- [220] = https://curl.se/bug/?i=16646
- [221] = https://curl.se/bug/?i=16628
- [222] = https://curl.se/bug/?i=16634
- [223] = https://curl.se/bug/?i=16861
- [224] = https://curl.se/bug/?i=16636
- [225] = https://curl.se/bug/?i=16636
- [226] = https://curl.se/bug/?i=16627
- [227] = https://curl.se/bug/?i=16632
- [228] = https://curl.se/bug/?i=16630
- [229] = https://curl.se/bug/?i=16781
- [230] = https://curl.se/bug/?i=16696
- [231] = https://curl.se/bug/?i=16695
- [232] = https://curl.se/bug/?i=16797
- [233] = https://curl.se/bug/?i=16553
- [234] = https://curl.se/bug/?i=16691
- [235] = https://curl.se/bug/?i=16690
- [236] = https://curl.se/bug/?i=16689
- [237] = https://curl.se/bug/?i=16733
- [238] = https://curl.se/bug/?i=16681
- [239] = https://curl.se/bug/?i=16779
- [240] = https://curl.se/bug/?i=16726
- [241] = https://curl.se/bug/?i=16729
- [242] = https://curl.se/bug/?i=16678
- [243] = https://curl.se/bug/?i=16685
- [244] = https://issues.oss-fuzz.com/issues/402476456
- [245] = https://curl.se/bug/?i=16798
- [246] = https://curl.se/bug/?i=16786
- [247] = https://curl.se/bug/?i=16653
- [248] = https://curl.se/bug/?i=16674
- [249] = https://curl.se/bug/?i=16673
- [250] = https://curl.se/bug/?i=16671
- [251] = https://curl.se/bug/?i=16720
- [252] = https://curl.se/bug/?i=16869
- [253] = https://curl.se/bug/?i=16723
- [254] = https://curl.se/bug/?i=16705
- [255] = https://curl.se/bug/?i=16719
- [256] = https://curl.se/bug/?i=16687
- [257] = https://curl.se/bug/?i=16712
- [258] = https://curl.se/bug/?i=16713
- [259] = https://curl.se/bug/?i=16774
- [260] = https://curl.se/bug/?i=16816
- [261] = https://curl.se/bug/?i=16833
- [262] = https://curl.se/bug/?i=16823
- [263] = https://curl.se/bug/?i=16484
- [264] = https://curl.se/bug/?i=16759
- [265] = https://curl.se/bug/?i=16762
- [266] = https://curl.se/bug/?i=16072
- [267] = https://curl.se/bug/?i=16753
- [268] = https://curl.se/bug/?i=16533
- [269] = https://curl.se/bug/?i=16852
- [270] = https://curl.se/bug/?i=16879
- [271] = https://curl.se/bug/?i=16806
- [272] = https://curl.se/bug/?i=16743
- [273] = https://curl.se/bug/?i=16751
- [275] = https://curl.se/bug/?i=16846
- [276] = https://curl.se/bug/?i=16818
- [278] = https://curl.se/bug/?i=16809
- [279] = https://curl.se/bug/?i=16824
- [280] = https://curl.se/bug/?i=16828
- [281] = https://curl.se/bug/?i=16828
- [282] = https://curl.se/bug/?i=16828
- [283] = https://curl.se/bug/?i=16837
- [284] = https://curl.se/bug/?i=16782
- [285] = https://curl.se/bug/?i=16745
- [286] = https://curl.se/bug/?i=16777
- [287] = https://curl.se/bug/?i=16771
- [288] = https://curl.se/bug/?i=16766
- [289] = https://curl.se/bug/?i=16756
- [290] = https://curl.se/bug/?i=16791
- [291] = https://curl.se/bug/?i=16437
- [292] = https://curl.se/bug/?i=16836
- [293] = https://curl.se/bug/?i=16793
- [294] = https://curl.se/bug/?i=16792
- [295] = https://curl.se/bug/?i=16725
- [296] = https://curl.se/bug/?i=16805
- [297] = https://curl.se/bug/?i=16801
- [298] = https://curl.se/bug/?i=16835
- [299] = https://curl.se/bug/?i=16875
- [300] = https://curl.se/bug/?i=16873
- [301] = https://curl.se/bug/?i=16872
- [302] = https://curl.se/bug/?i=16881
- [303] = https://curl.se/bug/?i=16865
- [305] = https://curl.se/bug/?i=16867
- [308] = https://curl.se/bug/?i=16893
- [309] = https://curl.se/bug/?i=16863
- [310] = https://curl.se/bug/?i=16862
- [311] = https://curl.se/bug/?i=16859
- [312] = https://curl.se/bug/?i=16858
- [316] = https://curl.se/bug/?i=16790
- [317] = https://curl.se/bug/?i=16883
+ [1] = https://curl.se/bug/?i=16924
+ [2] = https://curl.se/bug/?i=16947
+ [3] = https://curl.se/bug/?i=16888
+ [4] = https://curl.se/bug/?i=16891
+ [5] = https://curl.se/bug/?i=16908
+ [6] = https://curl.se/bug/?i=16914
+ [7] = https://curl.se/bug/?i=16979
+ [8] = https://curl.se/bug/?i=16944
+ [9] = https://curl.se/bug/?i=16985
+ [10] = https://curl.se/bug/?i=16916
+ [11] = https://curl.se/bug/?i=16998
+ [12] = https://curl.se/bug/?i=16942
+ [13] = https://curl.se/bug/?i=16943
+ [14] = https://curl.se/bug/?i=16926
+ [15] = https://curl.se/bug/?i=16936
+ [16] = https://curl.se/bug/?i=16939
+ [17] = https://curl.se/bug/?i=16938
+ [18] = https://curl.se/bug/?i=16935
+ [19] = https://curl.se/bug/?i=16933
+ [20] = https://curl.se/bug/?i=16932
+ [21] = https://curl.se/bug/?i=16925
+ [22] = https://curl.se/bug/?i=16907
+ [23] = https://curl.se/bug/?i=16919
+ [24] = https://curl.se/mail/lib-2025-04/0000.html
+ [25] = https://curl.se/mail/lib-2025-04/0004.html
+ [26] = https://curl.se/bug/?i=17007
+ [27] = https://curl.se/bug/?i=16980
+ [28] = https://curl.se/bug/?i=16972
+ [29] = https://curl.se/bug/?i=16957
+ [30] = https://curl.se/bug/?i=17008
+ [31] = https://curl.se/bug/?i=16956
+ [32] = https://curl.se/bug/?i=16978
+ [33] = https://curl.se/bug/?i=17002
+ [34] = https://curl.se/bug/?i=16955
+ [35] = https://curl.se/bug/?i=16965
+ [36] = https://curl.se/bug/?i=16966
+ [37] = https://curl.se/bug/?i=16958
+ [38] = https://curl.se/bug/?i=16929
+ [39] = https://curl.se/bug/?i=16952
+ [40] = https://curl.se/bug/?i=16946
+ [41] = https://curl.se/bug/?i=16951
+ [42] = https://curl.se/bug/?i=17001
+ [43] = https://curl.se/bug/?i=16878
+ [44] = https://curl.se/bug/?i=16950
+ [45] = https://curl.se/bug/?i=16999
+ [46] = https://curl.se/bug/?i=16922
+ [47] = https://curl.se/bug/?i=16993
+ [48] = https://curl.se/bug/?i=16991
+ [49] = https://curl.se/bug/?i=16975
+ [50] = https://curl.se/bug/?i=16963
+ [51] = https://curl.se/bug/?i=16990
+ [52] = https://curl.se/bug/?i=16744
+ [53] = https://curl.se/bug/?i=16995
+ [54] = https://curl.se/bug/?i=16983
+ [55] = https://curl.se/bug/?i=16742
+ [56] = https://curl.se/bug/?i=16987
+ [57] = https://curl.se/bug/?i=16923
+ [58] = https://curl.se/bug/?i=16825
+ [59] = https://curl.se/bug/?i=17037
+ [60] = https://curl.se/bug/?i=16986
+ [61] = https://curl.se/bug/?i=17057
+ [62] = https://curl.se/bug/?i=17036
+ [63] = https://curl.se/bug/?i=17052
+ [64] = https://curl.se/bug/?i=17092
+ [65] = https://curl.se/bug/?i=17061
+ [66] = https://curl.se/bug/?i=17062
+ [67] = https://curl.se/bug/?i=17056
+ [68] = https://curl.se/bug/?i=17055
+ [69] = https://curl.se/bug/?i=17054
+ [70] = https://curl.se/bug/?i=17087
+ [71] = https://curl.se/bug/?i=17099
+ [72] = https://curl.se/bug/?i=17047
+ [73] = https://curl.se/bug/?i=16946
+ [74] = https://curl.se/bug/?i=17042
+ [75] = https://curl.se/bug/?i=17041
+ [76] = https://curl.se/bug/?i=17325
+ [77] = https://curl.se/bug/?i=17088
+ [78] = https://curl.se/bug/?i=17039
+ [79] = https://curl.se/bug/?i=17010
+ [80] = https://curl.se/bug/?i=17020
+ [81] = https://curl.se/bug/?i=17030
+ [82] = https://curl.se/bug/?i=17025
+ [83] = https://curl.se/bug/?i=17023
+ [84] = https://curl.se/bug/?i=17028
+ [85] = https://curl.se/bug/?i=17024
+ [86] = https://curl.se/bug/?i=17176
+ [87] = https://curl.se/bug/?i=17014
+ [88] = https://curl.se/bug/?i=17012
+ [89] = https://curl.se/bug/?i=17005
+ [90] = https://curl.se/bug/?i=17083
+ [91] = https://curl.se/bug/?i=16761
+ [92] = https://curl.se/bug/?i=17015
+ [93] = https://curl.se/bug/?i=17105
+ [94] = https://curl.se/bug/?i=17220
+ [95] = https://curl.se/bug/?i=17077
+ [96] = https://curl.se/bug/?i=17027
+ [97] = https://curl.se/bug/?i=17035
+ [98] = https://curl.se/bug/?i=17112
+ [99] = https://curl.se/bug/?i=16384
+ [100] = https://curl.se/bug/?i=17050
+ [101] = https://curl.se/bug/?i=17035
+ [102] = https://curl.se/bug/?i=17106
+ [103] = https://curl.se/bug/?i=17240
+ [104] = https://curl.se/bug/?i=17172
+ [105] = https://curl.se/bug/?i=17101
+ [106] = https://curl.se/bug/?i=17091
+ [107] = https://curl.se/bug/?i=17082
+ [108] = https://curl.se/bug/?i=17217
+ [109] = https://curl.se/bug/?i=17048
+ [110] = https://curl.se/bug/?i=17143
+ [111] = https://curl.se/bug/?i=17163
+ [112] = https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103938
+ [113] = https://curl.se/bug/?i=12982
+ [114] = https://curl.se/bug/?i=17139
+ [115] = https://curl.se/bug/?i=17165
+ [116] = https://curl.se/bug/?i=17160
+ [117] = https://curl.se/bug/?i=17233
+ [118] = https://curl.se/bug/?i=17138
+ [119] = https://curl.se/bug/?i=17159
+ [120] = https://curl.se/bug/?i=17211
+ [121] = https://curl.se/bug/?i=17231
+ [122] = https://curl.se/bug/?i=17228
+ [123] = https://curl.se/bug/?i=17147
+ [124] = https://curl.se/bug/?i=17142
+ [125] = https://curl.se/bug/?i=17140
+ [126] = https://curl.se/bug/?i=17107
+ [127] = https://curl.se/bug/?i=17209
+ [128] = https://curl.se/bug/?i=17207
+ [129] = https://curl.se/bug/?i=17206
+ [130] = https://curl.se/bug/?i=17122
+ [131] = https://curl.se/bug/?i=17354
+ [132] = https://curl.se/bug/?i=17130
+ [133] = https://curl.se/bug/?i=17199
+ [134] = https://curl.se/bug/?i=17120
+ [135] = https://curl.se/bug/?i=17113
+ [136] = https://curl.se/bug/?i=17146
+ [137] = https://curl.se/bug/?i=17204
+ [138] = https://curl.se/bug/?i=17227
+ [139] = https://curl.se/bug/?i=17203
+ [140] = https://curl.se/bug/?i=17198
+ [141] = https://curl.se/bug/?i=17221
+ [142] = https://curl.se/bug/?i=17340
+ [143] = https://curl.se/bug/?i=17177
+ [144] = https://curl.se/bug/?i=17170
+ [145] = https://curl.se/bug/?i=17308
+ [146] = https://curl.se/bug/?i=17197
+ [147] = https://curl.se/bug/?i=17196
+ [148] = https://curl.se/bug/?i=17195
+ [149] = https://curl.se/bug/?i=17188
+ [150] = https://curl.se/bug/?i=17351
+ [151] = https://curl.se/bug/?i=16581
+ [152] = https://curl.se/bug/?i=17184
+ [153] = https://curl.se/bug/?i=17186
+ [154] = https://curl.se/bug/?i=17183
+ [155] = https://curl.se/bug/?i=17179
+ [156] = https://curl.se/bug/?i=17350
+ [157] = https://curl.se/bug/?i=17289
+ [158] = https://curl.se/bug/?i=17286
+ [159] = https://curl.se/bug/?i=17347
+ [160] = https://curl.se/bug/?i=17284
+ [161] = https://curl.se/bug/?i=17306
+ [162] = https://curl.se/bug/?i=17301
+ [163] = https://curl.se/bug/?i=17281
+ [164] = https://curl.se/bug/?i=17270
+ [165] = https://curl.se/bug/?i=17371
+ [166] = https://curl.se/bug/?i=17348
+ [167] = https://curl.se/bug/?i=17275
+ [168] = https://curl.se/bug/?i=17346
+ [169] = https://curl.se/bug/?i=17274
+ [170] = https://curl.se/bug/?i=17297
+ [171] = https://curl.se/bug/?i=17268
+ [172] = https://curl.se/bug/?i=17298
+ [173] = https://curl.se/bug/?i=17397
+ [174] = https://curl.se/bug/?i=17264
+ [175] = https://curl.se/bug/?i=17263
+ [176] = https://curl.se/bug/?i=17259
+ [177] = https://curl.se/bug/?i=17373
+ [178] = https://curl.se/bug/?i=17383
+ [179] = https://curl.se/bug/?i=17258
+ [180] = https://curl.se/bug/?i=17337
+ [181] = https://curl.se/bug/?i=17330
+ [182] = https://curl.se/bug/?i=17334
+ [183] = https://curl.se/bug/?i=17331
+ [184] = https://curl.se/bug/?i=17333
+ [185] = https://curl.se/bug/?i=17328
+ [186] = https://curl.se/bug/?i=17251
+ [187] = https://curl.se/bug/?i=17247
+ [188] = https://curl.se/bug/?i=17332
+ [189] = https://curl.se/bug/?i=17329
+ [190] = https://curl.se/bug/?i=17294
+ [191] = https://curl.se/bug/?i=17256
+ [192] = https://curl.se/bug/?i=17443
+ [193] = https://curl.se/bug/?i=17364
+ [194] = https://curl.se/bug/?i=17294
+ [195] = https://curl.se/bug/?i=17321
+ [196] = https://curl.se/bug/?i=17318
+ [197] = https://curl.se/bug/?i=17317
+ [198] = https://curl.se/bug/?i=17319
+ [199] = https://curl.se/bug/?i=17316
+ [200] = https://curl.se/bug/?i=17365
+ [201] = https://curl.se/bug/?i=17359
+ [202] = https://curl.se/bug/?i=17358
+ [203] = https://curl.se/bug/?i=17361
+ [204] = https://curl.se/bug/?i=17295
+ [205] = https://curl.se/bug/?i=17441
+ [206] = https://curl.se/bug/?i=17353
+ [207] = https://curl.se/bug/?i=17394
+ [208] = https://curl.se/bug/?i=17454
+ [209] = https://curl.se/bug/?i=17455
+ [211] = https://curl.se/bug/?i=17416
+ [212] = https://curl.se/bug/?i=16829
+ [213] = https://curl.se/bug/?i=17420
+ [214] = https://curl.se/bug/?i=17380
+ [215] = https://curl.se/bug/?i=17384
+ [216] = https://curl.se/bug/?i=17379
+ [217] = https://curl.se/bug/?i=17382
+ [218] = https://curl.se/bug/?i=17381
+ [219] = https://curl.se/bug/?i=17370
+ [220] = https://curl.se/bug/?i=17430
+ [222] = https://curl.se/bug/?i=17414
+ [227] = https://curl.se/bug/?i=17415
+ [232] = https://curl.se/bug/?i=17412
+ [235] = https://curl.se/bug/?i=17407
+ [240] = https://curl.se/bug/?i=17129
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-14 04:00:53 +0000