Pending RELEASE-NOTES for the upcoming release

This is work in progress and will change before the release goes public on 2024-11-06.

Changes:

• curl: --create-dirs works for --dump-header as well
• gtls: Add P12 format support
• ipfs: add options to disable
• TLS: TLSv1.3 earlydata support for curl
• WebSockets: make support official (non-experimental)

Bugfixes:

• alt-svc: honor data->state.httpwant
• altsvc: avoid using local buffer and memcpy
• asyn-ares: remove typecast, fix expire
• autotools: add support for 'unity' builds, enable in CI
• bearssl: avoid strpcy() when generating TLS version log message
• bearssl: improved session handling, test exceptions
• bufq: unwrite fix
• build: add `ldap` to `libcurl.pc` `Requires:`
• build: add pytest targets
• build: clarify CA embed is for curl tool, mark default, improve summary
• build: detect and use `_setmode()` with Cygwin/MSYS, also use on Windows
• build: disable warning `-Wunreachable-code-break`
• build: fix clang-cl builds, add CI job
• build: fix cross-compile check for poll with bionic
• build: fix possible `-Wformat-overflow` in lib557
• build: limit arc4random detection to no-SSL configs
• build: show if CA bundle to embed was found
• build: tidy up and improve versioned-symbols options
• build: tidy up deprecation suppression, enable warnings for clang
• certs: add missing `-CAcreateserial` option for LibreSSL
• checksrc: add check for spaces around logical AND operators
• checksrc: Added checks for colon operator in ternary expressions
• checksrc: check for spaces around '?', '>' and '<'
• ci: dump `curl_config.h` to log in all jobs
• CI: run with standard mod_http2
• cmake, Makefile.mk: use -isystem for headers, silence BearSSL issues
• cmake/FindCares: fix version detection for c-ares 1.34.1
• cmake/FindNGTCP2: use library path as hint for finding crypto module
• cmake: add missed variable to comment
• cmake: add native `pkg-config` detection for mbedTLS, MSH3, Quiche, Rustls, wolfSSL
• cmake: allow building tests in unity mode
• cmake: allow manual configuration for LDAP
• cmake: apply `WIN32_LEAN_AND_MEAN` to all feature checks
• cmake: avoid setting `BUILD_TESTING`
• cmake: clear package version after `pkg-config` detection
• cmake: delete unused NEED_LBER_H, HAVE_LDAP_H
• cmake: detect `HAVE_NETINET_IN6_H`, `HAVE_CLOSESOCKET_CAMEL`, `HAVE_PROTO_BSDSOCKET_H`
• cmake: detect GNU GSS
• cmake: disable default OpenSSL if BearSSL, GnuTLS or Rustls is enabled
• cmake: do not propagate unused `HAVE_GSSAPI_GSSAPI_KRB5_H` to C
• cmake: document `-D` and env build options
• cmake: drop obsolete items from `TODO` and `INSTALL-CMAKE`
• cmake: drop redundant assignments
• cmake: drop redundant zlib var, rename function (internals)
• cmake: expand CURL_USE_PKGCONFIG to non-cross MINGW
• cmake: fix broken dependency chain for cmdline-opts, tidy-ups
• cmake: fix compile warnings for clang-cl
• cmake: fix missing spacing in log message
• cmake: limit `CURL_STATIC_CRT` to MSVC
• cmake: make `test-ci` target skip building dependencies
• cmake: mark as advanced some internal Find* variables
• cmake: readd `generate-curl.1` dependency for `src` just in case
• cmake: replace `check_include_file_concat()` for LDAP and GSS detection
• cmake: replace `CURL_*_DIR` with `{PROJECT,CMAKE_CURRENT}_*_DIR`
• cmake: require quictls (or fork) when using msh3 on non-Windows
• cmake: separate target for examples, optimize CI, fix fallouts
• cmake: set version for `project()` and add CPack support
• cmake: stop adding dependency headers to global `CMAKE_REQUIRED_INCLUDES`
• cmake: sync torture test parallelism with autotools
• cmake: tidy up `CURL_DISABLE_FORM_API` initialization
• cmake: tidy up and shorten symbol hiding initialization
• cmake: tidy up line order
• cmake: tidy up picky warning initialization
• cmake: tidy-ups and rebase fixups
• cmake: tweaks around debug mode and hidden symbols
• cmake: untangle feature detection interdependencies
• cmake: use `list(APPEND)` on `CURL_INCLUDES`
• cmake: use OpenSSL for LDAP detection only if available
• cmake: use the `BSD` variable
• config: rename the OS define to CURL_OS to reduce collision risk
• configure: add GSS to `libcurl.pc` `Depends:`
• configure: catch Apple in more target triplets
• configure: drop duplicate feature checks for `poll()`, `if_nametoindex()`
• configure: drop unused bare `socket.h` detection
• configure: improve help string for some options
• conncache: find bundle again in case it is removed
• conncache: more efficient implementation of cpool_remove_bundle
• cookie: overhaul and cleanup
• curl-rustls.m4: set linker flags to allow rustls build on macos
• curl.h: remove the struct pointer for CURL/CURLSH/CURLM typedefs
• curl: add build options for safe/no CA bundle search (Windows)
• curl: detect ECH support dynamically, not at build time
• curl_addrinfo: support operating systems with only getaddrinfo(3)
• curl_multi_perform.md: fix typo
• curl_trc: fix build with verbose messages disabled
• curl_url_set.md: document HOST handling when URL is parsed
• curl_ws_recv.md: the 'meta' pointer is only returned on success
• curl_ws_recv: return recv 0 and point meta to NULL on all errors
• CURLMOPT_PIPELINING.md: clarify that CURLPIPE_NOTHING is not default
• CURLOPT_APPEND.md: goes for SFTP as well
• CURLOPT_HEADERFUNCTION.md: do not modify the passed in buffer
• DISABLED: disable test 1060 with hyper
• DISTROS: avoid use of "very"
• Dockerfile: update Docker digest to d830561
• docs/cmdline-opts: GnuTLS supports PKCS#11 URI in --cert option
• docs: clarify FTP over HTTP proxy functionality somewhat
• docs: fix a typo in some cipher options
• ech: spelling, whitespace, say `--ech` default config
• ftp: fix 0-length last write on upload from stdin
• ftp: move listen handling to socket filter
• GHA: optimize test prereq steps
• gnutls: use session cache for QUIC
• hsts: avoid the local buffer and memcpy on lookup
• hsts: improve subdomain handling
• hsts: support "implied LWS" properly around max-age
• http2: auto reset stream on server eos
• http_aws_sigv4: avoid local buffer and strcpy
• INSTALL-CMAKE.md: mention focus on shared libraries
• INSTALL-CMAKE: fix punctuation and a typo
• INSTALL.md: fix a typo that slipped in to RISC OS
• json.md: cli-option `--json` is an alias of `--data-binary`
• lib, src, tests: added space around ternary expressions
• lib/cw-out: initialize 'flush_all' directly
• lib/src: white space edits to comply better with code style
• lib: avoid assigning 'result' temporarily
• lib: fix disabled-verbose-strings + enable-debug build warnings
• lib: fix unity builds with BearSSL, MSH3, Quiche, OmniOS
• lib: move curl_path.[ch] into vssh/
• lib: msnprintf tidy-ups
• lib: remove Curl_ prefix from static functions
• lib: remove function pointer typecasts for hmac/sha256/md5
• lib: use bool/TRUE/FALSE properly
• libcurl/opts: improve phrasing for connection cap related options
• libssh.c: handle EGAINS during proto-connect correctly
• libssh2: delete duplicate `break`
• libssh2: put the readdir buffers into struct
• libssh2: use the Curl_* memory functions to avoid memdebug
• libssh2: use the filename buffer when getting the homedir
• libtests: generate the lib1521 atomically
• mbedTLS: fix handling of TLSv1.3 sessions
• mbedtls: handle session as blobs
• mk-lib1521: fix the long return code check
• mprintf: do not ignore length modifiers of `%o`, `%x`, `%X`
• mprintf: treat `%o` as unsigned, add tests for `%o`, `%x`, `%X`
• mqtt: fix mqtt.md wording and add clearer explanation
• multi.c: make stronger check for paused transfer before asserting
• multi.c: warn/assert on stall only without timer
• multi: avoid reading whole struct pointer from pointer
• multi: convert Curl_follow to static multi_follow
• multi: make curl_multi_cleanup invalidate magic latter
• multi: make multi_handle_timeout use the connect timeout
• multi: split multi_runsingle into sub functions
• negotiate: conditional check around GSS & SSL specific code
• netrc: cache the netrc file in memory
• ngtcp2: do not loop on recv
• ngtcp2: set max window size to 10x of initial (128KB)
• openssl quic: populate x509 store before handshake
• openssl: convert a memcpy to dynbuf use
• openssl: extend the OpenSSL error messages
• openssl: improve retries on shutdown
• openssl: remove two strcpy() calls
• OS400: don't delete source files when building with debug
• packages/OS400/curlmain: remove the strncpy calls
• processhelp.pm: improve taskkill calls (Windows)
• pytest: fix run against multissl curl
• pytest: improve pytest_07_42a reliability
• pytest: include `buildinfo.txt` in the output
• pytest: include curl version string and python platform in log
• pytest: show curl features and protocols
• quic: use send/recvmmsg when available
• quic: use the session cache with wolfSSL as well
• request: on shutdown send, proceed normally on timeout
• runtests.md: suggest a value for -j for torture tests
• runtests: add comment for handle64 pathsep requirement
• runtests: drop unused code for old/classic-mingw support
• runtests: pass single backslashes with Windows Perl
• runtests: use deterministic sort for `TESTINFO` lines
• schannel: fix TLS cert verification by IP SAN
• schannel: ignore error on recv beyond close notify
• schannel: reclassify extra-verbose schannel_recv messages
• select: use poll() if existing, avoid poll() with no sockets
• sendf: add condition to max-filesize check
• server/mqttd: fix two memory leaks
• setopt: avoid superfluous length checks before strcmp()
• setopt: return error for bad input to CURLOPT_RTSP_REQUEST
• setopt_cptr: make overflow check only done when needed
• singleuse: make `git grep` faster, add Apple `nm` support
• smb: do not redefine `getpid` on Windows
• smb: replace use of strcpy() with snprintf()
• socks_gssapi: switch to dynbuf from buffer with strcpy
• source: avoid use of 'very' in comments
• src/lib: remove redundant ternary operators
• src: guard for double declaration of `curl_ca_embed` in unity builds
• sws: fix unused static function with `TCP_NODELAY` undefined
• telnet: avoid two strcpy() by pointing to the strings instead
• test1035: convert host name back to utf8 as should be
• test1515: add tracing and more debug info
• test1540: add debug logging
• test190: replace %FTPTIME2 with a fixed value
• test1915: add tracing and connect timeout
• test1915: remove wrong comment
• test2502: add libtest debug tracing
• test504: fix handling on pending connect
• testrun: explicitly set proper IP address for stunnel listen/connect
• tests/http: fix ubuntu GnuTLS CI failures
• tests/scorecard: allow remote server test
• tests/server/util.c: remove use of strncpy
• tests/valgrind.pm: fix warnings with no valgrind report to show
• tests/valgrind.supp: remove a travis suppression, add a Debian
• tests: add and use `%PERL` variable to refer to the Perl binary
• tests: add codeset-utf8 as a feature
• tests: add file: tests with existing files
• tests: allow pytests to run in out-of-tree builds
• tests: capture stdin to get the vsftpd version number
• tests: change Python code style to pass ruff checks
• tests: check http/2 and http/3 server responsiveness
• tests: delete duplicate macro check
• tests: enable additional ruff Python lint options
• tests: fix `%POSIX_PWD` on native Windows Perl
• tests: fix callback signatures to please UndefinedBehaviorSanitizer
• tests: Fix FILEFORMAT <file name=""> directive
• tests: fix keyword for test1411
• tests: fix shell quoting on native Windows Perl
• tests: fix some Python typing issues
• tests: fixup `checkcmd` `PATH` on non-unixy platforms
• tests: improve mqtt server handling
• tests: introduce %CLIENT6IP-NB
• tests: let openssl generate random cert serials
• tests: libtests and unit tests need explicit #include memdebug
• tests: make precheck for HTTP on 127.0.0.1 into a feature
• tests: Only log warnings or worse by default in smbserver
• tests: postcheck is now in verify
• tests: remove all valgrind disable instructions
• tests: remove debug requirement on 38 tests
• tests: remove the %FTPTIME3 variable
• tests: replace `%PWD` with `%FILE_PWD` for `file://`
• tests: replace `%PWD` with `%SSH_PWD` in SCP/SFTP tests
• tests: replace hard-coded `/dev/null` with variable
• tests: simplify `pathhelp.pm`, avoid using external tools
• tests: speed up builds with single-binary test bundles
• tests: testrunner fairness
• tests: testrunner reliability improvements
• tests: use '-4' where needed
• tests: use a set for several of the curl_props
• tftp: avoid two memcpy/strcpy
• tidy-up: rename CURL_WINDOWS_APP to CURL_WINDOWS_UWP
• tls: avoid abusing CURLE_SSL_ENGINE_INITFAILED
• tool: support --show-headers AND --remote-header-name
• tool_doswin: simplify; remove unused options and strncpy calls
• tool_getparam: drop unused time() call
• tool_getparam: replace two uses of strncpy(), ban strncpy
• tool_operate: make --skip-existing work for --parallel
• tool_operate: reuse the schannel backend check
• tool_xattr: create the user.creator xattr attribute
• unit1307: tidy up Apple OS detection
• unit1660: fix unreachable code warning in no-SSL builds
• url: connection reuse on h3 connections
• url: use same credentials on redirect
• urlapi: drop unused header
• urlapi: normalize the IPv6 address
• version: minor cleanups
• version: say quictls in MSH3 builds
• vquic: fix compiler warning with gcc + MUSL
• vquic: recv_mmsg, use fewer, but larger buffers
• vtls: convert Curl_pin_peer_pubkey to use dynbuf
• vtls: convert pubkey_pem_to_der to use dynbuf
• warnless: remove curlx_sktosi and curlx_sitosk
• winbuild/README: consolidate command prompt section
• winbuild/README: document how to clean a build
• winbuild: add initial wolfSSL support
• winbuild: drop `gen_resp_file.bat`
• wolfssl: convert malloc + memcpys to dynbuf for cipher string
• wolfSSL: fix handling of TLSv1.3 sessions
• wolfssl: no more use of the OpenSSL API
• wolfssl: use old version API without openssl extra

Contributors:

ad-chaos on github, Aki Sakurai, Baruch Siach, Chris Stubbs, Colton Willey, Dan Fandrich, Daniel Stenberg, Denis Goleshchikhin, Deniz Sökmen, dependabot[bot], Dylam De La Torre, edmcln, elvinasp on github, Emanuel Komínek, Gabriel Marin, Ian Spence, Jeroen Ooms, jkamp-aws on github, John Haugabook, Jonas 'Sortie' Termansen, Jon Rumsey, Kai Pastor, Kazuho Oku, koujaz on github, lomberd2 on github, MacKenzie, Marwan Yassini, Max Dymond, Michael Kaufmann, Montg0mery on github, Moritz Knüsel, Nemos2024 on github, newfunction, Nicolas George, Pavel Kropachev, Pierre-Etienne Meunier, ralfjunker on github, Rasmus Melchior Jacobsen, Ray Satiro, renovate[bot], Robert Maynard, Sebastian Walz, Sinkevich Artem, Stefan Eissing, Tal Regev, Tatsuhiro Tsujikawa, Tobias Bora, Tobias Wendorff, Venkat Krishna R, Viktor Szakats, Vollstrecker on github, vvb2060 on github, Yedaya Katsman, zjyhjqs