From 26f79419eeb22b11cc2e305dc3fa92804b692a5b Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Thu, 1 Feb 2024 14:47:09 +0100
Subject: [PATCH] RELEASE-NOTES: synced

and bump to 8.6.1 for now
---
 RELEASE-NOTES          | 352 ++---------------------------------------
 include/curl/curlver.h |   6 +-
 2 files changed, 18 insertions(+), 340 deletions(-)

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 0bb5a8d43f..f7bd00460b 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -1,6 +1,6 @@
-curl and libcurl 8.6.0
+curl and libcurl 8.6.1
 
- Public curl releases:         254
+ Public curl releases:         255
  Command line options:         258
  curl_easy_setopt() options:   304
  Public functions in libcurl:  93
@@ -8,171 +8,15 @@ curl and libcurl 8.6.0
 
 This release includes the following changes:
 
- o add CURLE_TOO_LARGE [48]
- o add CURLINFO_QUEUE_TIME_T [76]
- o add CURLOPT_SERVER_RESPONSE_TIMEOUT_MS: add [39]
- o asyn-thread: use GetAddrInfoExW on >= Windows 8 [55]
- o configure: make libpsl detection failure cause error [109]
- o docs/cmdline: change to .md for cmdline docs [77]
- o docs: introduce "curldown" for libcurl man page format [102]
- o runtests: support -gl. Like -g but for lldb. [47]
 
 This release includes the following bugfixes:
 
- o altsvc: free 'as' when returning error [23]
- o appveyor: replace PowerShell with bash + parallel autotools [54]
- o appveyor: switch to out-of-tree builds [29]
- o asyn-ares: with modern c-ares, use its default timeout [127]
- o build: delete unused `HAVE_{GSSHEIMDAL,GSSMIT,HEIMDAL}` [4]
- o build: delete/replace clang warning pragmas [111]
- o build: enable missing OpenSSF-recommended warnings, with fixes [11]
- o build: fix `-Wconversion`/`-Wsign-conversion` warnings [26]
- o build: fix Windows ADDRESS_FAMILY detection [35]
- o build: more `-Wformat` fixes [40]
- o build: remove redundant `CURL_PULL_*` settings [8]
- o cf-h1-proxy: no CURLOPT_USERAGENT in CONNECT with hyper [133]
- o cf-socket: show errno in tcpkeepalive error messages [120]
- o CI/distcheck: run full tests [31]
- o cmake: add option to disable building docs
- o cmake: fix generation for system name iOS [53]
- o cmake: fix typo [5]
- o cmake: freshen up docs/INSTALL.cmake [101]
- o cmake: prefill/cache `HAVE_STRUCT_SOCKADDR_STORAGE` [45]
- o cmake: rework options to enable curl and libcurl docs [161]
- o cmake: when USE_MANUAL=YES, build the curl.1 man page [113]
- o cmdline-opts/write-out.d: remove spurious double quotes
- o cmdline-opts: update availability for the *-ca-native options [66]
- o cmdline/gen: fix the sorting of the man page options [33]
- o configure: add libngtcp2_crypto_boringssl detection [155]
- o configure: fix no default int compile error in ipv6 detection [69]
- o configure: when enabling QUIC, check that TLS supports QUIC [87]
- o connect: remove margin from eyeballer alloc [79]
- o content_encoding: change return code to typedef'ed enum [94]
- o cookie.d: document use of empty string to enable cookie engine [106]
- o cookie: avoid fopen with empty file name [24]
- o curl.h: CURLOPT_DNS_SERVERS is only available with c-ares [131]
- o curl: show ipfs and ipns as supported "protocols" [15]
- o curl_easy_getinfo.3: remove the wrong time value count [116]
- o curl_multi_fdset.3: remove mention of null pointer support [134]
- o CURLINFO_REFERER.3: clarify that it is the *request* header [70]
- o CURLOPT_AUTOREFERER.3: mention CURLINFO_REFERER
- o CURLOPT_POSTFIELDS.3: fix incorrect C string escape in example [27]
- o CURLOPT_SSH_*_KEYFILE: clarify [57]
- o dist: add tests/errorcodes.pl to the tarball [6]
- o docs: clean up Protocols: for cmdline options [32]
- o docs: describe and highlight super cookies [80]
- o docs: do not start lines/sentences with So, But nor And [140]
- o docs: install curl.1 with cmake [166]
- o docs: mention env vars not used by schannel [124]
- o doh: remove unused local variable [34]
- o examples: add four new examples [99]
- o file+ftp: use stack buffers instead of data->state.buffer [138]
- o ftp: handle the PORT parsing without allocation [44]
- o ftp: use dynbuf to store entrypath [83]
- o ftp: use memdup0 to store the OS from a SYST 215 response [82]
- o ftpserver.pl: send 213 SIZE response without spurious newline
- o gen.pl: support ## for doing .IP in table-like lists [105]
- o gen: do italics/bold for a range of letters, not just single word [78]
- o GHA: add a job scanning for "bad words" in markdown [164]
- o GHA: bump ngtcp2, gnutls, mod_h2, quiche [158]
- o gnutls: fix build with --disable-verbose [3]
- o haproxy-clientip.d: document the arg [68]
- o headers: make sure the trailing newline is not stored [97]
- o headers: remove assert from Curl_headers_push [115]
- o hostip: return error immediately when Curl_ip2addr() fails [19]
- o hsts: remove assert for zero length domain [96]
- o http2: improved on_stream_close/data_done handling [49]
- o http3/quiche: fix result code on a stream reset [91]
- o http3: initial support for OpenSSL 3.2 QUIC stack [110]
- o http: adjust_pollset fix [85]
- o http: check for "Host:" case insensitively [154]
- o http: fix off-by-one error in request method length check [14]
- o http: only act on 101 responses when they are HTTP/1.1 [98]
- o http: remove comment reference to a removed solution [156]
- o http: use stack scratch buffer [150]
- o http_proxy: a blank CURLOPT_USERAGENT should not be used in CONNECT [90]
- o krb5: add prototype to silence clang warnings on mvsnprintf() [119]
- o lib: add debug log outputs for CURLE_BAD_FUNCTION_ARGUMENT [62]
- o lib: error out on multissl + http3 [13]
- o lib: fix variable undeclared error caused by `infof` changes [2]
- o lib: reduce use of strncpy [30]
- o lib: rename Curl_strndup to Curl_memdup0 to avoid misunderstanding [36]
- o lib: replace readwrite with write_resp [137]
- o lib: strndup/memdup instead of malloc, memcpy and null-terminate [42]
- o libssh2: use `libssh2_session_callback_set2()` with v1.11.1 [103]
- o libssh: improve the deprecation warning dismissal [20]
- o libssh: supress warnings without version check [18]
- o Makefile.am: fix the MSVC project generation [22]
- o Makefile.mk: drop Windows support [12]
- o mbedtls: fix `-Wnull-dereference` and `-Wredundant-decls` [117]
- o mbedtls: free the entropy when threaded [46]
- o mime: use memdup0 instead of malloc + memcpy [63]
- o mksymbolsmanpage.pl: provide references to where the symbol is used
- o mprintf: overhaul and bugfixes [52]
- o mqtt: use stack scratch buffer for recv+publish [148]
- o multi: remove total timer reset in file_do() while fetching file:// [89]
- o ngtcp2: put h3 at the front of alpn [58]
- o ntlm_wb: do not use data->state.buffer any longer [151]
- o openldap: fix an LDAP crash [75]
- o openldap: fix STARTTLS [67]
- o openssl: re-match LibreSSL deinit with init [17]
- o openssl: when verifystatus fails, remove session id from cache [100]
- o OS400: sync ILE/RPG binding [114]
- o pingpong: stop using the download buffer [159]
- o pop3: replace calloc + memcpy with memdup0 [60]
- o pytest: scorecard tracking CPU and RSS [157]
- o quiche: return CURLE_HTTP3 on send to invalid stream [65]
- o readwrite_data: loop less [21]
- o Revert "urldata: move async resolver state from easy handle to connectdata" [16]
- o rtsp: deal with borked server responses [129]
- o runtests: for mode="text" on <stdout>, fix newlines on both parts [64]
- o sasl: make login option string override http auth [142]
- o schannel: fix `-Warith-conversion` gcc 13 warning [28]
- o sectransp: do verify_cert without memdup for blobs [93]
- o sectransp_ make TLSCipherNameForNumber() available in non-verbose config [1]
- o sendf: fix compiler warning with CURL_DISABLE_HEADERS_API [38]
- o setopt: clear mimepost when formp is freed [92]
- o setopt: use memdup0 when cloning COPYPOSTFIELDS [107]
- o socks: fix generic output string to say SOCKS instead of SOCKS4 [144]
- o socks: use own buffer instead of data->state.buffer [143]
- o ssh: fix namespace of two local macros [51]
- o ssh: use stack scratch buffer for seeks [146]
- o strerror: repair get_winsock_error() [56]
- o system.h: sync mingw `CURL_TYPEOF_CURL_SOCKLEN_T` with other compilers [9]
- o system_win32: fix a function pointer assignment warning [71]
- o telnet: use dynbuf instad of malloc for escape buffer [108]
- o telnet: use stack scratch buffer for do [149]
- o tests/server: delete workaround for old-mingw [25]
- o tests: avoid int/size_t conversion size/sign warnings [163]
- o tests: respect $TMPDIR when creating unix domain sockets [50]
- o tool: make parser reject blank arguments if not supported [86]
- o tool: prepend output_dir in header callback [95]
- o tool_getparam: bsearch cmdline options [74]
- o tool_getparam: do not try to expand without an argument [59]
- o tool_getparam: stop supporting `@filename` style for --cookie [121]
- o tool_listhelp: regenerate after recent .d updates [61]
- o tool_operate: make --remove-on-error only remove "real" files [125]
- o tool_operate: stop setting the file comment on Amiga [128]
- o transfer: adjust_pollset improvements [81]
- o transfer: fix upload rate limiting, add test cases [37]
- o transfer: make the select_bits_paused condition check both directions [104]
- o transfer: remove warning: Value stored to 'blen' is never read [136]
- o url: don't set default CA paths for Secure Transport backend [126]
- o url: for disabled protocols, mention if found in redirect [7]
- o urlapi: remove assert [162]
- o verify-examples.pl: fail verification on unescaped backslash [72]
- o version: show only the libpsl version, not its dependencies [130]
- o vquic: extract TLS setup into own source [88]
- o vtls: fix missing multissl version info [73]
- o vtls: receive max buffer [139]
- o vtls: remove the Curl_cft_ssl_proxy object if CURL_DISABLE_PROXY [41]
- o websockets: check for negative payload lengths [123]
- o websockets: refactor decode chain [122]
- o windows: delete redundant headers [43]
- o windows: simplify detecting and using system headers [10]
- o wolfssl: load certificate *chain* for PEM client certs [84]
- o x509asn1: remove code for WANT_VERIFYHOST [132]
- o x509asn1: switch from malloc to dynbuf [112]
+ o cmdline-docs/Makefile: avoid using a fixed temp file name [5]
+ o asyn-thread: use wakeup_close to close the read descriptor [1]
+ o ntml_wb: fix buffer type typo [2]
+ o tool_operate: do not set CURLOPT_QUICK_EXIT in debug builds [3]
+ o form-string.md: correct the example [4]
+ --- new entries are listed above this ---
 
 This release includes the following known bugs:
 
@@ -187,179 +31,13 @@ Planned upcoming removals include:
 This release would not have looked like this without help, code, reports and
 advice from friends like these:
 
-  Andy Alt, annalee, Baruch Siach, Ben, Boris Verkhovskiy, Brad Harder,
-  bubbleguuum on github, Cajus Pollmeier, calvin2021y on github, Chara White,
-  Chris Sauer, Dan Fandrich, Daniel Gustafsson, Daniel Stenberg,
-  dependabot[bot], Dmitry Karpov, Gabe, Geeknik Labs, Gisle Vanem,
-  Graham Campbell, Hans-Christian Egtvedt, Harry Sintonen, Haydar Alaidrus,
-  hgdagon on github, Hiroki Kurosawa, iAroc on github, ivanfywang,
-  janko-js on github, Jay Wu, Jess Lowe, Karthikdasari0423 on github,
-  Lealem Amedie, Lin Sun, Marcel Raad, Mark Huang, Mark Sinkovics,
-  Mauricio Scheffer, MichaÅ Antoniak, Mike Hommey, Mohammadreza Hendiani,
-  Ozan Cansel, Patrick Monnerat, Pavel Pavlov, promptfuzz_ on hackerone,
-  Ray Satiro, RevaliQaQ on github, Richard Levitte, Scarlett McAllister,
-  Sergey Bronnikov, Sergey Markelov, sfan5 on github, Stefan Eissing,
-  Tatsuhiko Miyagawa, Tatsuhiro Tsujikawa, Theo, Thomas Ferguson,
-  Viktor Szakats, Xi Ruoyao, Yadhu Krishna M, Yedaya Katsman, Yifei Kong,
-  YX Hao, zengwei, zengwei2000, ã¦ãã
-  (65 contributors)
+  Boris Verkhovskiy, Dan Fandrich, Daniel Stenberg, Jon Rumsey, Stefan Eissing
+  (5 contributors)
 
 References to bug reports and discussions on issues:
 
- [1] = https://curl.se/bug/?i=12474
- [2] = https://curl.se/bug/?i=12470
- [3] = https://curl.se/bug/?i=12505
- [4] = https://curl.se/bug/?i=12506
- [5] = https://curl.se/bug/?i=12464
- [6] = https://curl.se/bug/?i=12462
- [7] = https://curl.se/bug/?i=12466
- [8] = https://curl.se/bug/?i=12502
- [9] = https://curl.se/bug/?i=12501
- [10] = https://curl.se/bug/?i=12495
- [11] = https://curl.se/bug/?i=12489
- [12] = https://curl.se/bug/?i=12224
- [13] = https://curl.se/bug/?i=12807
- [14] = https://curl.se/bug/?i=12534
- [15] = https://curl.se/mail/archive-2023-12/0026.html
- [16] = https://curl.se/bug/?i=12524
- [17] = https://curl.se/bug/?i=12525
- [18] = https://curl.se/bug/?i=12523
- [19] = https://curl.se/bug/?i=12522
- [20] = https://curl.se/bug/?i=12519
- [21] = https://curl.se/bug/?i=12504
- [22] = https://curl.se/bug/?i=12564
- [23] = https://curl.se/bug/?i=12570
- [24] = https://curl.se/bug/?i=12514
- [25] = https://curl.se/bug/?i=12510
- [26] = https://curl.se/bug/?i=12557
- [27] = https://curl.se/bug/?i=12588
- [28] = https://curl.se/bug/?i=12616
- [29] = https://curl.se/bug/?i=12550
- [30] = https://curl.se/bug/?i=12499
- [31] = https://curl.se/bug/?i=12503
- [32] = https://curl.se/bug/?i=12496
- [33] = https://curl.se/mail/archive-2023-12/0014.html
- [34] = https://curl.se/bug/?i=12491
- [35] = https://curl.se/bug/?i=12441
- [36] = https://curl.se/bug/?i=12490
- [37] = https://curl.se/bug/?i=12559
- [38] = https://curl.se/bug/?i=12485
- [39] = https://curl.se/bug/?i=12369
- [40] = https://curl.se/bug/?i=12540
- [41] = https://curl.se/bug/?i=12459
- [42] = https://curl.se/bug/?i=12453
- [43] = https://curl.se/bug/?i=12539
- [44] = https://curl.se/bug/?i=12456
- [45] = https://curl.se/bug/?i=12537
- [46] = https://curl.se/bug/?i=12584
- [47] = https://curl.se/bug/?i=12547
- [48] = https://curl.se/bug/?i=12269
- [49] = https://curl.se/bug/?i=10936
- [50] = https://curl.se/bug/?i=12545
- [51] = https://curl.se/bug/?i=12544
- [52] = https://curl.se/bug/?i=12561
- [53] = https://curl.se/bug/?i=12515
- [54] = https://curl.se/bug/?i=12560
- [55] = https://curl.se/bug/?i=12481
- [56] = https://curl.se/bug/?i=12578
- [57] = https://curl.se/bug/?i=12554
- [58] = https://curl.se/bug/?i=12576
- [59] = https://curl.se/bug/?i=12565
- [60] = https://curl.se/bug/?i=12650
- [61] = https://curl.se/bug/?i=12612
- [62] = https://curl.se/bug/?i=12658
- [63] = https://curl.se/bug/?i=12649
- [64] = https://curl.se/bug/?i=12612
- [65] = https://curl.se/bug/?i=12590
- [66] = https://curl.se/bug/?i=12613
- [67] = https://curl.se/bug/?i=12610
- [68] = https://curl.se/bug/?i=12611
- [69] = https://curl.se/bug/?i=12607
- [70] = https://curl.se/bug/?i=12605
- [71] = https://curl.se/bug/?i=12581
- [72] = https://curl.se/bug/?i=12589
- [73] = https://curl.se/bug/?i=12599
- [74] = https://curl.se/bug/?i=12631
- [75] = https://curl.se/bug/?i=12593
- [76] = https://curl.se/bug/?i=12368
- [77] = https://curl.se/bug/?i=12751
- [78] = https://curl.se/bug/?i=12689
- [79] = https://curl.se/bug/?i=12647
- [80] = https://curl.se/bug/?i=12687
- [81] = https://curl.se/bug/?i=12640
- [82] = https://curl.se/bug/?i=12639
- [83] = https://curl.se/bug/?i=12638
- [84] = https://curl.se/bug/?i=12634
- [85] = https://curl.se/bug/?i=12632
- [86] = https://curl.se/bug/?i=12620
- [87] = https://curl.se/bug/?i=12683
- [88] = https://curl.se/bug/?i=12678
- [89] = https://curl.se/bug/?i=12682
- [90] = https://curl.se/bug/?i=12680
- [91] = https://curl.se/bug/?i=12629
- [92] = https://curl.se/bug/?i=12608
- [93] = https://curl.se/bug/?i=12679
- [94] = https://curl.se/bug/?i=12618
- [95] = https://curl.se/bug/?i=12614
- [96] = https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65661
- [97] = https://curl.se/mail/lib-2024-01/0019.html
- [98] = https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66184
- [99] = https://curl.se/bug/?i=12671
- [100] = https://curl.se/bug/?i=12760
- [101] = https://curl.se/bug/?i=12772
- [102] = https://curl.se/bug/?i=12730
- [103] = https://curl.se/bug/?i=12754
- [104] = https://curl.se/mail/lib-2024-01/0049.html
- [105] = https://curl.se/bug/?i=12667
- [106] = https://curl.se/bug/?i=12643
- [107] = https://curl.se/bug/?i=12651
- [108] = https://curl.se/bug/?i=12652
- [109] = https://curl.se/bug/?i=12661
- [110] = https://curl.se/bug/?i=12734
- [111] = https://curl.se/bug/?i=12812
- [112] = https://curl.se/bug/?i=12808
- [113] = https://curl.se/bug/?i=12742
- [114] = https://curl.se/bug/?i=12815
- [115] = https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65839
- [116] = https://curl.se/bug/?i=12727
- [117] = https://curl.se/bug/?i=12720
- [119] = https://curl.se/bug/?i=12803
- [120] = https://curl.se/bug/?i=12726
- [121] = https://curl.se/bug/?i=12645
- [122] = https://curl.se/bug/?i=12713
- [123] = https://curl.se/bug/?i=12707
- [124] = https://curl.se/bug/?i=12711
- [125] = https://curl.se/bug/?i=12710
- [126] = https://curl.se/bug/?i=12704
- [127] = https://curl.se/bug/?i=12703
- [128] = https://curl.se/bug/?i=12709
- [129] = https://curl.se/bug/?i=12701
- [130] = https://curl.se/bug/?i=12700
- [131] = https://curl.se/bug/?i=12695
- [132] = https://curl.se/bug/?i=12804
- [133] = https://curl.se/bug/?i=12697
- [134] = https://curl.se/bug/?i=12691
- [136] = https://curl.se/bug/?i=12693
- [137] = https://curl.se/bug/?i=12480
- [138] = https://curl.se/bug/?i=12789
- [139] = https://curl.se/bug/?i=12801
- [140] = https://curl.se/bug/?i=12802
- [142] = https://curl.se/bug/?i=10259
- [143] = https://curl.se/bug/?i=12788
- [144] = https://curl.se/bug/?i=12797
- [146] = https://curl.se/bug/?i=12794
- [148] = https://curl.se/bug/?i=12792
- [149] = https://curl.se/bug/?i=12793
- [150] = https://curl.se/bug/?i=12791
- [151] = https://curl.se/bug/?i=12787
- [154] = https://curl.se/bug/?i=12784
- [155] = https://curl.se/bug/?i=12724
- [156] = https://curl.se/bug/?i=12785
- [157] = https://curl.se/bug/?i=12765
- [158] = https://curl.se/bug/?i=12778
- [159] = https://curl.se/bug/?i=12757
- [161] = https://curl.se/bug/?i=12773
- [162] = https://curl.se/bug/?i=12775
- [163] = https://curl.se/bug/?i=12768
- [164] = https://curl.se/bug/?i=12764
- [166] = https://curl.se/bug/?i=12759
+ [1] = https://curl.se/bug/?i=12836
+ [2] = https://curl.se/bug/?i=12825
+ [3] = https://curl.se/bug/?i=12834
+ [4] = https://curl.se/bug/?i=12822
+ [5] = https://curl.se/bug/?i=12829
diff --git a/include/curl/curlver.h b/include/curl/curlver.h
index 316f39c4ec..ed78adca57 100644
--- a/include/curl/curlver.h
+++ b/include/curl/curlver.h
@@ -32,13 +32,13 @@
 
 /* This is the version number of the libcurl package from which this header
    file origins: */
-#define LIBCURL_VERSION "8.6.0-DEV"
+#define LIBCURL_VERSION "8.6.1-DEV"
 
 /* The numeric version number is also available "in parts" by using these
    defines: */
 #define LIBCURL_VERSION_MAJOR 8
 #define LIBCURL_VERSION_MINOR 6
-#define LIBCURL_VERSION_PATCH 0
+#define LIBCURL_VERSION_PATCH 1
 
 /* This is the numeric version of the libcurl version number, meant for easier
    parsing and comparisons by programs. The LIBCURL_VERSION_NUM define will
@@ -59,7 +59,7 @@
    CURL_VERSION_BITS() macro since curl's own configure script greps for it
    and needs it to contain the full number.
 */
-#define LIBCURL_VERSION_NUM 0x080600
+#define LIBCURL_VERSION_NUM 0x080601
 
 /*
  * This is the date and time when the full source package was created. The
-- 
2.47.3