Jing

What's new in this version:

Changed:
- curl: add --proxy-http2
- CURLPROXY_HTTPS2: for HTTPS proxy that may speak HTTP/2
- hostip: refuse to resolve the .onion TLD
- tool_writeout: add URL component variables

Fixed:
- amiga: Fix CA certificate paths for AmiSSL and MorphOS
- autotools: sync up clang picky warnings with cmake
- aws-sigv4.d: fix region identifier in example
- bufq: simplify since expression is always true
- cf-h1-proxy: skip an extra NULL assign
- cf-h2-proxy: fix processing ingress to stop too early
- cf-socket: add socket recv buffering for most tcp cases
- cf-socket: Disable socket receive buffer by default
- cf-socket: remove dead code discovered by PVS
- cf-socket: turn off IPV6_V6ONLY on Windows if it is supported
- checksrc: check for spaces before the colon of switch labels
- checksrc: find bad indentation in conditions without open brace
- checksrc: fix SPACEBEFOREPAREN for conditions starting with "*"
- ci: `-Wno-vla` no longer necessary
- CI: fix brew retries on GHA
- CI: Set minimal permissions on workflow ngtcp2-quictls.yml
- CI: skip Azure for commits which change only GHA
- CI: use another glob syntax for matching files on Appveyor
- cmake: bring in the network library on Haiku
- cmake: do not add zlib headers for openssl
- CMake: make config version 8 compatible with 7
- cmake: picky-linker fixes for openssl, ZLIB, H3 and more
- cmake: set SONAME for SunOS too
- cmake: speed up and extend picky clang/gcc options
- CMakeLists.txt: fix typo for Haiku detection
- compressed.d: clarify the words on "not notifying headers"
- config-dos.h: fix SIZEOF_CURL_OFF_T for MS-DOS/DJGPP
- configure: don't set HAVE_WRITABLE_ARGV on Windows
- configure: fix detection of apxs (for httpd)
- configure: make quiche require quiche_conn_send_ack_eliciting
- connect: fix https connection setup to treat ssl_mode correctly
- content_encoding: only do transfer-encoding compression if asked to
- cookie: address PVS nits
- cookie: clarify that init with data set to NULL reads no file
- curl: do NOT append file name to path for upload when there's a query
- curl_easy_getinfo.3: typo fix (duplicated "from the")
- curl_easy_unescape.3: rename the argument
- curl_path: bring back support for SFTP path ending in /~
- curl_url_set.3: mention that users can set content rather freely
- CURLOPT_IPRESOLVE.3: this for host names, not IP addresses
- data.d: emphasize no conversion
- digest: clear target buffer
- doc: curl_mime_init() strong easy binding was relaxed in 7.87.0
- docs/cmdline-opts: document the dotless config path
- docs/examples/protofeats.c: outputs all protocols and features
- docs/libcurl/curl_*escape.3: rename "url" argument to "input"/"string"
- docs/SECURITY-ADVISORY.md: how to write a curl security advisory
- docs: bump the minimum perl version to 5.6
- docs: clarify that more backends have HTTPS proxy support
- dynbuf: never allocate larger than "toobig"
- easy_cleanup: require a "good" handle to act
- ftp: fix 'portsock' variable was assigned the same value
- ftp: remove dead code
- ftplistparser: move out private data from public struct
- ftplistparser: replace realloc with dynbuf
- gen.pl: error on duplicated See-Also fields
- getpart: better handle case of file not found
- GHA-linux: add an address-sanitizer build
- GHA: add a memory-sanitizer job
- GHA: run all linux test jobs with valgrind
- GHA: suppress git clone output
- GIT-INFO: add --with-openssl
- gskit: various compile errors in OS400
- h2/h3: replace `state.drain` counter with `state.dselect_bits`
- hash: fix assigning same value
- headers: clear (possibly) lingering pointer in init
- hostcheck: fix host name wildcard checking
- hostip: add locks around use of global buffer for alarm()
- hostip: enforce a maximum DNS cache size independent of timeout value
- HTTP-COOKIES.md: mention the #HttpOnly_ prefix
- http2: always EXPIRE_RUN_NOW unpaused http/2 transfers
- http2: do flow window accounting for cancelled streams
- http2: enlarge the connection window
- http2: flow control and buffer improvements
- http2: move HTTP/2 stream vars into local context
- http2: pass `stream` to http2_handle_stream_close to avoid NULL checks
- http2: remove unused Curl_http2_strerror function declaration
- HTTP3/quiche: terminate h1 response header when no body is sent
- http3: check stream_ctx more thoroughly in all backends
- HTTP3: document the ngtcp2/nghttp3 versions to use for building curl
- http3: expire unpaused transfers in all HTTP/3 backends
- http3: improvements across backends
- http: free the url before storing a new copy
- http: skip a double NULL assign
- ipv4.d/ipv6.d: they are "mutex", not "boolean"
- KNOWN_BUGS: remove fixed or outdated issues, move non-bugs
- lib/cmake: add HAVE_WRITABLE_ARGV check
- lib/sha256.c: typo fix in comment (duplicated "is available")
- lib1560: verify that more bad host names are rejected
- lib: add `bufq` and `dynhds`
- lib: remove CURLX_NO_MEMORY_CALLBACKS
- lib: unify the upload/method handling
- lib: use correct printf flags for sockets and timediffs
- libssh2: fix crash in keyboard callback
- libssh2: free fingerprint better
- libssh: tell it to use SFTP non-blocking
- man pages: simplify the .TH sections
- MANUAL.md: add dict example for looking up a single definition
- md(4|5): don't use deprecated iOS functions
- md4: only build when used
- mime: skip NULL assigns after Curl_safefree()
- multi: add handle asserts in DEBUG builds
- multi: add multi-ignore logic to multi_socket_action
- multi: free up more data earleier in DONE
- multi: remove a few superfluous assigns
- multi: remove PENDING + MSGSENT handles from the main linked list
- ngtcp2: adapted to 0.15.0
- ngtcp2: adjust config and code checks for ngtcp2 without nghttp3
- noproxy: pointer to local array 'hostip' is stored outside scope
- ntlm: clear lm and nt response buffers before use
- openssl: interop with AWS-LC
- OS400: fix and complete ILE/RPG binding
- OS400: implement EBCDIC support for recent features
- OS400: improve vararg emulation
- OS400: provide ILE/RPG usage examples
- pingpong: fix compiler warning "assigning an enum to unsigned char"
- pytest: improvements for suitable curl and error output
- quiche: disable pacing while pacing is not actually performed
- quiche: Enable IDLE egress handling
- RELEASE-PROCEDURE: update to new schedule
- rtsp: convert mallocs to dynbuf for RTP buffering
- rtsp: skip malformed RTSP interleaved frame data
- rtsp: skip NULL assigns after Curl_safefree()
- runtests: die if curl version can be found
- runtests: don't start servers if -l is given
- runtests: fix -c option when run with valgrind
- runtests: fix quoting in Appveyor and Azure test integration
- runtests: lots of refactoring
- runtests: refactor into more packages
- runtests: show error message if file can't be written
- runtests: spawn a new process for the test runner
- rustls: fix error in recv handling
- schannel: add clarifying comment
- server/getpart: clear target buffer before load
- smb: remove double assign
- smbserver: remove temporary files before exit
- socketpair: verify with a random value
- ssh: Add support for libssh2 read timeout
- telnet: simplify the implementation of str_is_nonascii()
- test1169: fix so it works properly everywhere
- test1592: add flaky keyword
- test1960: point to the correct path for the precheck tool
- test303: kill server after test
- tests/http: add timeout to running curl in test cases
- tests/http: fix log formatting on wrong exit code
- tests/http: fix out-of-tree builds
- tests/http: improved httpd detection
- tests/http: more tests with specific clients
- tests/http: relax connection check in test_07_02
- tests/keywords.pl: remove
- tests/libtest/lib1900.c: remove
- tests/sshserver.pl: Define AddressFamily earlier
- tests: 1078 1288 1297 use valid IPv4 addresses
- tests: document that the unittest keyword is special
- tests: increase sws timeout for more robust testing
- tests: log a too-long Unix socket path in sws and socksd
- tests: make test_12_01 a bit more forgiving on connection counts
- tests: move pidfiles and portfiles under the log directory
- tests: move server config files under the pid dir
- tests: silence some Perl::Critic warnings in test suite
- tests: stop using strndup(), which isn't portable
- tests: switch to 3-argument open in test suite
- tests: turn perl modules into full packages
- tests: use %LOGDIR to refer to the log directory
- tool_cb_hdr: Fix 'Location:' formatting for early VTE terminals
- tool_operate: pass a long as CURLOPT_HEADEROPT argument
- tool_operate: refuse (--data or --form) and --continue-at combo
- transfer: refuse POSTFIELDS + RESUME_FROM combo
- transfer: skip extra assign
- url: fix null dispname for --connect-to option
- url: fix PVS nits
- url: remove call to Curl_llist_destroy in Curl_close
- urlapi: cleanups and improvements
- urlapi: detect and error on illegal IPv4 addresses
- urlapi: prevent setting invalid schemes with *url_set()
- urlapi: skip a pointless assign
- urlapi: URL encoding for the URL missed the fragment
- urldata: copy CURLOPT_AWS_SIGV4 value on handle duplication
- urldata: shrink *select_bits int => unsigned char
- vlts: use full buffer size when receiving data if possible
- vtls and h2 improvements
- Websocket: enhanced en-/decoding
- wolfssl.yml: bump to version 5.6.0
- write-out.d: Use response_code in example
- ws: handle reads before EAGAIN better