From: Daniel Stenberg <daniel@haxx.se>
Date: Thu, 12 Oct 2023 07:09:49 +0000 (+0200)
Subject: RELEASE-NOTES: synced
X-Git-Tag: curl-8_5_0~263
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a20d7bd974d04065ee1d7e3de21a87e449d1c246;p=thirdparty%2Fcurl.git

RELEASE-NOTES: synced

Bumped to 8.4.1
---

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 0b331a4848..5aa9476f21 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -1,6 +1,6 @@
-curl and libcurl 8.4.0
+curl and libcurl 8.4.1
 
- Public curl releases:         252
+ Public curl releases:         253
  Command line options:         258
  curl_easy_setopt() options:   303
  Public functions in libcurl:  93
@@ -8,148 +8,12 @@ curl and libcurl 8.4.0
 
 This release includes the following changes:
 
- o curl: add support for the IPFS protocols via HTTP gateway [46]
- o curl_multi_get_handles: get easy handles from a multi handle [20]
- o mingw: delete support for legacy mingw.org toolchain [45]
 
 This release includes the following bugfixes:
 
- o acinclude.m4: Document proper system truststore on FreeBSD [83]
- o appveyor: fix yamlint issues, indent [67]
- o appveyor: rewrite batch in PowerShell + CI improvements [109]
- o autotools: adjust `CURL_CA_PATH` value to CMake [53]
- o autotools: restore `HAVE_IOCTL_*` detections [111]
- o base64: also build for curl [78]
- o bufq: remove Curl_bufq_skip_and_shift (unused) [47]
- o build: delete checks for C89 standard headers [65]
- o build: do not publish `HAVE_BORINGSSL`, `HAVE_AWSLC` macros [114]
- o cf-socket: simulate slow/blocked receives in debug [120]
- o cmake, configure: also link with CoreServices [32]
- o cmake: add check for suseconds_t [91]
- o cmake: add feature checks for `memrchr` and `getifaddrs` [57]
- o cmake: add missing checks [86]
- o cmake: delete old `HAVE_LDAP_URL_PARSE` logic [105]
- o cmake: detect `HAVE_CLOCK_GETTIME_MONOTONIC_RAW` [75]
- o cmake: detect `HAVE_GETADDRINFO_THREADSAFE` [76]
- o cmake: detect `sys/wait.h` and `netinet/udp.h` [61]
- o cmake: detect TLS-SRP in OpenSSL/wolfSSL/GnuTLS [93]
- o cmake: disable unity mode with Windows Unicode + TrackMemory [108]
- o cmake: fix `HAVE_LDAP_SSL`, `HAVE_LDAP_URL_PARSE` on non-Windows [110]
- o cmake: fix `HAVE_WRITABLE_ARGV` detection [77]
- o cmake: fix duplicate symbols when linking tests [73]
- o cmake: fix missing `zlib.h` when compiling `libcurltool` [72]
- o cmake: fix stderr initialization in unity builds [71]
- o cmake: fix the help text to the static build option in CMakeLists.txt [10]
- o cmake: fix unity builds for more build combinations [96]
- o cmake: fix unity symbol collisions in h2 builds [48]
- o cmake: fix unity with Windows Unicode + TrackMemory [107]
- o cmake: improve OpenLDAP builds [92]
- o cmake: lib `CURL_STATICLIB` fixes (Windows) [74]
- o cmake: move global headers to specific checks [58]
- o cmake: pre-cache `HAVE_BASENAME` for mingw-w64 and MSVC [85]
- o cmake: pre-cache `HAVE_POLL_FINE` on Windows [36]
- o cmake: tidy-up `NOT_NEED_LBER_H` detection
- o cmake: validate `CURL_DEFAULT_SSL_BACKEND` config value [50]
- o configure: check for the capath by default [63]
- o configure: remove unused checks [87]
- o configure: replace adhoc domain with `localhost` in tests [79]
- o configure: sort AC_CHECK_FUNCS
- o connect: expire the timeout when trying next [54]
- o connect: only start the happy eyeballs timer when needed [95]
- o cookie: do not store the expire or max-age strings [16]
- o cookie: remove unnecessary struct fields [17]
- o cookie: set ->running in cookie_init even if data is NULL [5]
- o create-dirs.d: clarify it also uses --output-dirs [66]
- o curl.h: mark CURLSSLBACKEND_NSS as deprecated since 8.3.0 [18]
- o curl_easy_pause.3: mention h2/h3 buffering [113]
- o curl_easy_pause.3: mention it works within callbacks [112]
- o curl_easy_pause: set "in callback" true on exit if true [100]
- o CURLOPT_DEBUGFUNCTION.3: warn about internal handles [122]
- o docs/libcurl/opts/Makefile.inc: add missing manpage files
- o docs: adapt SEE ALSO sections to new requirements [52]
- o docs: explain how PINNEDPUBLICKEY is independent of VERIFYPEER [68]
- o docs: replace made up domains with example.com [82]
- o docs: update curl man page references [89]
- o docs: use CURLSSLBACKEND_NONE [19]
- o doh: inherit DEBUGFUNCTION/DATA [12]
- o escape: replace Curl_isunreserved with ISUNRESERVED [2]
- o FAQ: How do I upgrade curl.exe in Windows? [84]
- o GHA/linux: run singleuse to detect single-use global functions [35]
- o GHA: add workflow to compare configure vs cmake outputs [102]
- o h2-proxy: remove left-over mistake in drain_tunnel() [7]
- o h2: testcase and fix for pausing h2 streams [49]
- o h3: add support for ngtcp2 with AWS-LC builds [103]
- o http2: refused stream handling for retry [121]
- o http: fix CURL_DISABLE_BEARER_AUTH breakage [28]
- o http: h1/h2 proxy unification [21]
- o http: remove wrong comment for http_should_fail [55]
- o http: use per-request counter to check too large headers [6]
- o http_aws_sigv4: fix sorting with empty parts [13]
- o idn: fix WinIDN null ptr deref on bad host [90]
- o idn: if idn2_check_version returns NULL, return error [27]
- o inet_ntop: add typecast to silence Coverity [51]
- o lib: disambiguate Curl_client_write flag semantics [24]
- o lib: enable hmac for digest as well [26]
- o lib: failf/infof compiler warnings [8]
- o lib: let the max filesize option stop too big transfers too [44]
- o lib: move handling of `data->req.writer_stack` into Curl_client_write() [97]
- o lib: provide and use Curl_hexencode [62]
- o lib: remove TIME_WITH_SYS_TIME [88]
- o lib: use wrapper for curl_mime_data fseek callback [30]
- o libssh2: fix error message on failed pubkey-from-file [22]
- o libssh: cap SFTP packet size sent [14]
- o Makefile.mk: always set `CURL_STATICLIB` for lib (Windows) [42]
- o MANUAL.md: change domain to example.com [11]
- o misc: better random strings [15]
- o MQTT: improve receive of ACKs [125]
- o multi: do CURLM_CALL_MULTI_PERFORM at two more places [99]
- o multi: fix small timeouts [70]
- o multi: remove Curl_multi_dump [37]
- o multi: round the timeout up to prevent early wakeups [98]
- o multi: set CURLM_CALL_MULTI_PERFORM after switch to DOING_MORE [115]
- o openssl: improve ssl shutdown handling [69]
- o openssl: use X509_ALGOR_get0 instead of reaching into X509_ALGOR [104]
- o pytest: exclude test_03_goaway in CI runs due to timing dependency [23]
- o quic: set ciphers/curves the same way regular TLS does [43]
- o quiche: fix build error with --with-ca-fallback [1]
- o RELEASE-PROCEDURE.md: updated coming release dates
- o runtests: display the test status if tests appear hung [81]
- o runtests: eliminate a warning on old perl versions
- o socks: return error if hostname too long for remote resolve [118]
- o src/mkhelp: make generated code pass `checksrc` [59]
- o test1056: disable on Windows
- o test1474: disable test on NetBSD, OpenBSD and Solaris 10 [31]
- o test1592: greatly increase the maximum test timeout
- o test1903: actually verify the cookies after the test [116]
- o test1906: set a lower timeout since it's hit on Windows [117]
- o test2600: remove special case handling for USE_ALARM_TIMEOUT [3]
- o test650: fix an end tag typo
- o test661: return from test early in case of curl error
- o test: add missing <feature>s
- o tests: close the shell used to start sshd [41]
- o tests: fix a race condition in ftp server disconnect [101]
- o tests: fix compiler warnings [38]
- o tests: Fix zombie processes left behind by FTP tests. [80]
- o tests: improve SLOWDOWN test reliability by reducing sent data
- o tests: increase lib571 timeout from 3s to 30s [106]
- o tests: log the test result code after each libtest
- o tests: propagate errors in libtests
- o tests: set --expect100-timeout to improve test reliability
- o tests: show which curl tool `runtests.pl` is using [60]
- o tests: stop overriding the lock timeout
- o tftpd: always use curl's own tftp.h [25]
- o tool: use our own stderr variable [94]
- o tool_cb_wrt: fix debug assertion [4]
- o tool_getparam: accept variable expansion on file names too [123]
- o tool_setopt: remove unused function tool_setopt_flags [56]
- o upload-file.d: describe the file name slash/backslash handling [9]
- o url: fall back to http/https proxy env-variable if ws/wss not set [119]
- o url: fix netrc info message [39]
- o warnless: remove unused functions [33]
- o wolfssh: do cleanup in Curl_ssh_cleanup [40]
- o wolfssl: allow capath with CURLOPT_CAINFO_BLOB [29]
- o wolfssl: if CURLOPT_CAINFO_BLOB is set, ignore the CA files [34]
- o wolfssl: ignore errors in CA path [64]
+ o cmake: fix `HAVE_H_ERRNO_ASSIGNABLE` detection [2]
+ o build: add `src/.checksrc` to source tarball [1]
+ --- new entries are listed above this ---
 
 This release includes the following known bugs:
 
@@ -164,143 +28,10 @@ Planned upcoming removals include:
 This release would not have looked like this without help, code, reports and
 advice from friends like these:
 
-  Aleksander Mazur, black-desk on github, calvin2021y on github,
-  Christian Schmitz, Christian Weisgerber, claudiusaiz on github,
-  consulion on github, Craig Andrews, Dan Fandrich, Daniel Stenberg,
-  David Benjamin, Douglas R. Reno, Eduard Strehlau, Elliot Killick,
-  Gisle Vanem, Hakan Sunay Halil, Harry Sintonen, Jakub Jelen, John Haugabook,
-  Joshix-1 on github, Juliusz Sosinowicz, Junho Choi,
-  Karthikdasari0423 on github, Lars Francke, Loïc Yhuel, Marc Hörsken,
-  Mark Gaiser, Mathias Fuchs, Maxim Dzhura, Michael Osipov, Natanael Copa,
-  Patrick Monnerat, PBudmark on github, Peter Wang, Philip Heiduck, Ray Satiro,
-  Robert Simpson, Ryan Schmidt, s0urc3_ on hackerone, Samuel Henrique,
-  Stefan Eissing, Ted Lyngmo, Viktor Szakats, vvb2060, w0x42 on hackerone,
-  南宫雪珊
-  (46 contributors)
+  Daniel Stenberg, Kartatz on Github, Romain Geissler, Viktor Szakats
+  (4 contributors)
 
 References to bug reports and discussions on issues:
 
- [1] = https://curl.se/bug/?i=11850
- [2] = https://curl.se/bug/?i=11846
- [3] = https://curl.se/bug/?i=11767
- [4] = https://github.com/curl/curl/commit/af3f4e41#r127212213
- [5] = https://curl.se/bug/?i=11875
- [6] = https://curl.se/bug/?i=11871
- [7] = https://curl.se/bug/?i=11877
- [8] = https://curl.se/bug/?i=11874
- [9] = https://curl.se/bug/?i=11911
- [10] = https://curl.se/bug/?i=11843
- [11] = https://curl.se/bug/?i=11866
- [12] = https://curl.se/bug/?i=11864
- [13] = https://curl.se/bug/?i=11855
- [14] = https://curl.se/bug/?i=11804
- [15] = https://curl.se/bug/?i=11838
- [16] = https://curl.se/bug/?i=11862
- [17] = https://curl.se/bug/?i=11862
- [18] = https://curl.se/bug/?i=11905
- [19] = https://curl.se/bug/?i=11909
- [20] = https://curl.se/bug/?i=11750
- [21] = https://curl.se/bug/?i=11808
- [22] = https://curl.se/bug/?i=11837
- [23] = https://curl.se/bug/?i=11860
- [24] = https://curl.se/bug/?i=11885
- [25] = https://curl.se/bug/?i=11897
- [26] = https://curl.se/bug/?i=11890
- [27] = https://curl.se/bug/?i=11898
- [28] = https://curl.se/bug/?i=11892
- [29] = https://curl.se/bug/?i=11886
- [30] = https://curl.se/bug/?i=11882
- [31] = https://curl.se/bug/?i=11888
- [32] = https://curl.se/bug/?i=11893
- [33] = https://curl.se/bug/?i=11932
- [34] = https://curl.se/bug/?i=11884
- [35] = https://curl.se/bug/?i=11932
- [36] = https://curl.se/bug/?i=12003
- [37] = https://curl.se/bug/?i=11931
- [38] = https://curl.se/bug/?i=11925
- [39] = https://curl.se/bug/?i=11904
- [40] = https://curl.se/bug/?i=11921
- [41] = https://curl.se/bug/?i=12032
- [42] = https://curl.se/bug/?i=11924
- [43] = https://curl.se/bug/?i=11796
- [44] = https://curl.se/bug/?i=11810
- [45] = https://curl.se/bug/?i=11625
- [46] = https://curl.se/bug/?i=8805
- [47] = https://curl.se/bug/?i=11915
- [48] = https://curl.se/bug/?i=11912
- [49] = https://curl.se/bug/?i=11982
- [50] = https://curl.se/bug/?i=11998
- [51] = https://curl.se/bug/?i=11960
- [52] = https://curl.se/bug/?i=11957
- [53] = https://curl.se/bug/?i=11997
- [54] = https://curl.se/bug/?i=11920
- [55] = https://curl.se/bug/?i=11941
- [56] = https://curl.se/bug/?i=11943
- [57] = https://curl.se/bug/?i=11954
- [58] = https://curl.se/bug/?i=11951
- [59] = https://curl.se/bug/?i=11955
- [60] = https://curl.se/bug/?i=11953
- [61] = https://curl.se/bug/?i=11996
- [62] = https://curl.se/bug/?i=11990
- [63] = https://curl.se/bug/?i=11987
- [64] = https://curl.se/bug/?i=11987
- [65] = https://curl.se/bug/?i=11940
- [66] = https://curl.se/bug/?i=11991
- [67] = https://curl.se/bug/?i=11994
- [68] = https://curl.se/bug/?i=2935
- [69] = https://curl.se/bug/?i=11858
- [70] = https://curl.se/bug/?i=11937
- [71] = https://curl.se/bug/?i=11929
- [72] = https://curl.se/bug/?i=11927
- [73] = https://curl.se/bug/?i=11926
- [74] = https://curl.se/bug/?i=11914
- [75] = https://curl.se/bug/?i=11981
- [76] = https://curl.se/bug/?i=11979
- [77] = https://curl.se/bug/?i=11978
- [78] = https://curl.se/bug/?i=12010
- [79] = https://curl.se/bug/?i=11988
- [80] = https://curl.se/bug/?i=12018
- [81] = https://curl.se/bug/?i=11980
- [82] = https://curl.se/bug/?i=11986
- [83] = https://curl.se/bug/?i=11985
- [84] = https://curl.se/bug/?i=11984
- [85] = https://curl.se/bug/?i=11974
- [86] = https://curl.se/bug/?i=11973
- [87] = https://curl.se/bug/?i=11973
- [88] = https://curl.se/bug/?i=11975
- [89] = https://curl.se/bug/?i=11963
- [90] = https://curl.se/bug/?i=11983
- [91] = https://curl.se/bug/?i=11977
- [92] = https://curl.se/bug/?i=12024
- [93] = https://curl.se/bug/?i=11967
- [94] = https://curl.se/bug/?i=11958
- [95] = https://curl.se/bug/?i=11939
- [96] = https://curl.se/bug/?i=12027
- [97] = https://curl.se/bug/?i=11908
- [98] = https://curl.se/bug/?i=11938
- [99] = https://curl.se/bug/?i=12033
- [100] = https://curl.se/bug/?i=12059
- [101] = https://curl.se/bug/?i=12002
- [102] = https://curl.se/bug/?i=11964
- [103] = https://curl.se/bug/?i=12066
- [104] = https://curl.se/bug/?i=12038
- [105] = https://curl.se/bug/?i=12015
- [106] = https://curl.se/bug/?i=12013
- [107] = https://curl.se/bug/?i=11928
- [108] = https://curl.se/bug/?i=12005
- [109] = https://curl.se/bug/?i=11999
- [110] = https://curl.se/bug/?i=12006
- [111] = https://curl.se/bug/?i=12008
- [112] = https://curl.se/mail/lib-2023-10/0010.html
- [113] = https://curl.se/bug/?i=12045
- [114] = https://curl.se/bug/?i=12065
- [115] = https://curl.se/bug/?i=12042
- [116] = https://curl.se/bug/?i=12041
- [117] = https://curl.se/bug/?i=12036
- [118] = https://curl.se/docs/CVE-2023-38545.html
- [119] = https://curl.se/bug/?i=12031
- [120] = https://curl.se/bug/?i=12035
- [121] = https://curl.se/bug/?i=12054
- [122] = https://curl.se/bug/?i=12034
- [123] = https://curl.se/bug/?i=12048
- [125] = https://curl.se/bug/?i=12071
+ [1] = https://curl.se/bug/?i=12084
+ [2] = https://curl.se/bug/?i=12093
diff --git a/include/curl/curlver.h b/include/curl/curlver.h
index 8988168447..32df66ba62 100644
--- a/include/curl/curlver.h
+++ b/include/curl/curlver.h
@@ -32,13 +32,13 @@
 
 /* This is the version number of the libcurl package from which this header
    file origins: */
-#define LIBCURL_VERSION "8.4.0-DEV"
+#define LIBCURL_VERSION "8.4.1-DEV"
 
 /* The numeric version number is also available "in parts" by using these
    defines: */
 #define LIBCURL_VERSION_MAJOR 8
 #define LIBCURL_VERSION_MINOR 4
-#define LIBCURL_VERSION_PATCH 0
+#define LIBCURL_VERSION_PATCH 1
 
 /* This is the numeric version of the libcurl version number, meant for easier
    parsing and comparisons by programs. The LIBCURL_VERSION_NUM define will
@@ -59,7 +59,7 @@
    CURL_VERSION_BITS() macro since curl's own configure script greps for it
    and needs it to contain the full number.
 */
-#define LIBCURL_VERSION_NUM 0x080400
+#define LIBCURL_VERSION_NUM 0x080401
 
 /*
  * This is the date and time when the full source package was created. The