                                  _   _ ____  _
                              ___| | | |  _ \| |
                             / __| | | | |_) | |
                            | (__| |_| |  _ <| |___
                             \___|\___/|_| \_\_____|

                                  Changelog

Version 7.88.1 (20 Feb 2023)

Daniel Stenberg (20 Feb 2023)

- RELEASE-NOTES: synced

  7.88.1 release

- THANKS: add contributors from 7.88.1

- socketpair: allow EWOULDBLOCK when reading the pair check bytes

  Reported-by: Gunamoi Software
  Co-authored-by: Jay Satiro
  Fixes #10561
  Closes #10562

Jay Satiro (18 Feb 2023)

- tool_operate: fix scanbuild compiler warning

  Prior to this change Azure CI scanbuild warned of a potential NULL
  pointer string passed to strtol when CURLDEBUG enabled, even though the
  way the code was written it wouldn't have happened.

  Bug: https://github.com/curl/curl/commit/5479d991#r101159711
  Reported-by: Marcel Raad

  Closes https://github.com/curl/curl/pull/10559

- curl_setup: Suppress OpenSSL 3 deprecation warnings

  - Define OPENSSL_SUPPRESS_DEPRECATED.

  OpenSSL 3 has deprecated some of the functions libcurl uses such as
  those with DES, MD5 and ENGINE prefix. We don't have replacements for
  those functions so the warnings were disabled in autotools and cmake
  builds, but still showed in other builds.

  Closes https://github.com/curl/curl/pull/10543

- build-openssl.bat: keep OpenSSL 3 engine binaries

  Prior to this change copying the OpenSSL 3 engine binaries failed
  because 'engines-1_1' (OpenSSL 1.1.x folder name) was erroneously used
  instead of 'engines-3'. The OpenSSL 3 builds would complete successfully
  but without the engine binaries.

  Closes https://github.com/curl/curl/pull/10542

ALittleDruid (18 Feb 2023)

- cmake: fix Windows check for CryptAcquireContext

  Check for CryptAcquireContext in windows.h and wincrypt.h only, since
  otherwise this check may fail due to third party headers not found.

  Closes https://github.com/curl/curl/pull/10353

Daniel Stenberg (19 Feb 2023)

- remote-header-name.d: mention that filename* is not supported

  and that you can use --clobber to allow overwriting.

  Ref: #10533
  Closes #10555

  Co-authored-by: Jay Satiro <raysatiro@yahoo.com>

Pierrick Charron (18 Feb 2023)

- CURLOPT_WS_OPTIONS.3: fix the availability version

  Closes #10557

Jacob Hoffman-Andrews (18 Feb 2023)

- GHA: update rustls dependency to 0.9.2

  This allows re-enabling test 312 for the rustls backend.

  Closes #10553

Philip Heiduck (18 Feb 2023)

- HTTP3.md: update git branches

  Closes #10554

Stefan Eissing (17 Feb 2023)

- urldata: remove `now` from struct SingleRequest - not needed

  Closes #10549

Daniel Stenberg (17 Feb 2023)

- lib1560: add IPv6 canonicalization tests

  Closes #10552

- RELEASE-NOTES: synced

- urlapi: do the port number extraction without using sscanf()

  - sscanf() is rather complex and slow, strchr() much simpler

  - the port number function does not need to fully verify the IPv6 address
    anyway as it is done later in the hostname_check() function and doing
    it twice is unnecessary.

  Closes #10541

Stefan Eissing (17 Feb 2023)

- setopt: allow HTTP3 when HTTP2 is not defined

  Reported-by: Karthikdasari0423 on github
  Fixes #10538
  Closes #10544

Jon Rumsey (17 Feb 2023)

- os400: correct Curl_os400_sendto()

  Add const qualifier to 5th argument of Curl_os400_sendto()

  Make OS400 wrapper for sendto match the normal prototype of sendto()
  with a const qualifier.

  Fixes #10539
  Closes #10548

Stefan Eissing (17 Feb 2023)

- tests-httpd: add proxy tests

  for direct and tunneling checks on http: and https:

  Closes #10519

Daniel Stenberg (17 Feb 2023)

- curl: make --silent work stand-alone

  - renamed the struct field to 'silent' to match the cmdline option
  - make --show-error toggle independently of --silent
  - make --silent independent of ->noprogress as well

  By doing this, the three options --silent, --no-progress-meter and
  --show-error should work independently of each other and also work with
  and without '--no-' prefix as documented.

  Reported-by: u20221022 on github
  Fixes #10535
  Closes #10536

- socks: allow using DoH to resolve host names

  For SOCKS modes where a local host resolve is done.

  It was previously disabled in 12d655d4561, but a few local tests seem to
  indicate that it works fine. Works now because of the SOCKS refactor of
  4a4b63daaa01ef59 that made it non-blocking.

  Reported-by: roughtex on github
  Fixes #10537
  Closes #10540

Stefan Eissing (17 Feb 2023)

- test: add test for HTTP/2 corruption as reported in #10525

  - adding test_02_20 for reproducing the situation
  - using recently released mod_h2 Apache module
  - skipping test if an older version is installed
  - adding installation of current mod_h2 to github pytest workflow

  This reproduces the error reliable (for me) on the lib/http2.c version
  of curl 7.88.0. And passes with the recent curl master.

  Closes #10534

Daniel Stenberg (16 Feb 2023)

- tool_operate: allow debug builds to set buffersize

  Using the CURL_BUFFERSIZE environment variable.

  Closes #10532

Stefan Eissing (16 Feb 2023)

- connnect: fix timeout handling to use full duration

  - connect timeout was used at half the configured value, if the
    destination had 1 ip version 4 and other version 6 addresses
    (or the other way around)
  - extended test2600 to reproduce these cases

  Reported-by: Michael Kaufmann
  Fixes #10514
  Closes #10517

Daniel Stenberg (16 Feb 2023)

- tool_getparam: make --get a true boolean

  To match how it is documented in the man page.

  Fixes #10527
  Reported-by: u20221022 on github
  Closes #10531

Harry Sintonen (16 Feb 2023)

- http:: include stdint.h more readily

  Closes #10516

Stefan Eissing (16 Feb 2023)

- tests: make the telnet server shut down a socket gracefully

  - test 1452 failed occasionally with ECONNRESET errnos in curl when the
    server closed the connection in an unclean state.

  Closes #10509

Harry Sintonen (16 Feb 2023)

- http2: set drain on stream end

  Ensure that on_frame_recv() stream end will trigger a read if there is
  pending data. Without this it could happen that the pending data is
  never consumed.

  This combined with https://github.com/curl/curl/pull/10529 should fix
  https://github.com/curl/curl/issues/10525

  Ref: https://github.com/curl/curl/issues/10525
  Closes #10530

Stefan Eissing (16 Feb 2023)

- http2: buffer/pausedata and output flush fix.

   * do not process pending input data when copying pausedata to the
     caller
   * return CURLE_AGAIN if the output buffer could not be completely
     written out.

  Ref: #10525
  Closes #10529

Marcel Raad (16 Feb 2023)

- krb5: silence cast-align warning

  Add an intermediate cast to `void *`, as done everywhere else when
  casting from `sockaddr *` to `sockaddr_in *`.

  Closes https://github.com/curl/curl/pull/10528

Daniel Stenberg (15 Feb 2023)

- RELEASE-NOTES: synced

  bumped to 7.88.1

- tests: make sure gnuserv-tls has SRP support before using it

  Reported-by: fundawang on github
  Fixes #10522
  Closes #10524

- runtests: fix "uninitialized value $port"

  by using a more appropriate variable

  Reported-by: fundawang on github
  Fixes #10518
  Closes #10520

Version 7.88.0 (15 Feb 2023)

Daniel Stenberg (15 Feb 2023)

- RELEASE-NOTES: synced

  7.88.0 release

- THANKS: added contributors from 7.88.0

- openssl: rename 'errcode_t' to 'sslerr_t'

  Turns out "/usr/include/et/com_err.h" typedefs this type (without proper
  variable scoping).

  comerr is the "common error description library" that apparently might be use
  d
  by krb5 code, which then makes this header get used in a curl build.

  Reported-by: Bruno Henrique Batista Cruz da Silva
  Fixed #10502
  Closes #10500

Dan Fandrich (13 Feb 2023)

- CONTRIBUTE: More formally specify the commit description

  This codifies what people have actually used in git commits over the
  past 6 years. I've left off some lesser-used headers that appear to
  duplicate others and tried to describe a consistent use for several
  others that were used more arbitrarily.

  This makes it easier for new committers to find out the kinds of things
  we want to acknowledge, makes it easier to perform statistical analysis
  on commits, and opens the possibility of performing lint checks on
  descriptions before submission.

  Reviewed-by: Daniel Stenberg
  Reviewed-by: Jay Satiro

  Closes #10478

Stefan Eissing (13 Feb 2023)

- openssl: test and fix for forward proxy handling (non-tunneling).

  - adding pytest test_10 cases for proxy httpd setup tests
  - fixing openssl bug in https: proxy hostname verification that
    used the hostname of the request and not the proxy name.

  Closes #10498

Daniel Stenberg (13 Feb 2023)

- cmdline-opts/Makefile: on error, do not leave a partial

  And support 'make V=1' to show the full command line

  Closes #10497

- curl.1: make help, version and manual sections "custom"

  Instead of using "multi: boolean", as these are slightly special as in
  they do are not enable/disable ones.

  Fixes #10490
  Reported-by: u20221022 on github
  Closes #10497

Stefan Eissing (13 Feb 2023)

- tests: add tests for HTTP/2 and HTTP/3 to verify the header API

  Test 2403 and 2503 check "header_json" output and therefore use of
  header-api

  Closes #10495

Philip Heiduck (13 Feb 2023)

- CI: update wolfssl / wolfssh to 5.5.4 / 1.4.12

  Closes #10493

Daniel Stenberg (13 Feb 2023)

- KNOW_BUGS: cleanups with some changed to TODOs

  - remove "Excessive HTTP/2 packets with TCP_NODELAY"

    This is not a bug. Rather room for improvement.

  I believe these have been fixed:

  - 17.4 Connection failures with parallel HTTP/2
  - 17.5 HTTP/2 connections through HTTPS proxy frequently stall

  - remove "FTPS needs session reuse"

  That is still true, but curl should also do session reuse now.

  - remove "ASCII FTP"

  It is documented behavior, and not single user has asked for extended
  functionality here the last decade or so.

  - remove "Passive transfer tries only one IP address"

  add as a TODO

  - remove "DoH leaks memory after followlocation"

  With a recipe on how to reproduce, this is pointless to keep around

  - remove "DoH does not inherit all transfer options"

  add it as a TODO

  Closes #10487

Tatsuhiro Tsujikawa (13 Feb 2023)

- GHA: bump ngtcp2 workflow dependencies

  Closes #10494

Patrick Monnerat (13 Feb 2023)

- content_encoding: do not reset stage counter for each header

  Test 418 verifies

  Closes #10492

Daniel Stenberg (13 Feb 2023)

- RELEASE-NOTES: synced

Jay Satiro (13 Feb 2023)

- multi: stop sending empty HTTP/3 UDP datagrams on Windows

  - Limit the 0-sized send procedure that is used to reset a SOCKET's
    FD_WRITE to TCP sockets only.

  Prior to this change the reset was used on UDP sockets as well, but
  unlike TCP sockets a 0-sized send actually sends out a datagram.

  Assisted-by: Marc Hörsken

  Ref: https://github.com/curl/curl/pull/9203

  Fixes https://github.com/curl/curl/issues/9086
  Closes https://github.com/curl/curl/pull/10430

Viktor Szakats (12 Feb 2023)

- h3: silence compiler warnings

  Reviewed-by: Daniel Stenberg
  Fixes #10485
  Closes #10486

Daniel Stenberg (12 Feb 2023)

- smb: return error on upload without size

  The protocol needs to know the size ahead of time, this is now a known
  restriction and not a bug.

  Also output a clearer error if the URL path does not contain proper
  share.

  Ref: #7896
  Closes #10484

Viktor Szakats (12 Feb 2023)

- windows: always use curl's basename() implementation

  The `basename()` [1][2] implementation provided by mingw-w64 [3] makes
  assumptions about input encoding and may break with non-ASCII strings.

  `basename()` was auto-detected with CMake, autotools and since
  68fa9bf3f5d7b4fcbb57619f70cb4aabb79a51f6 (2022-10-13), also in
  `Makefile.mk` after syncing its behaviour with the mainline build
  methods. A similar patch for curl-for-win broke official Windows
  builds earlier, in release 7.83.1_4 (2022-06-15).

  This patch forces all Windows builds to use curl's internal
  `basename()` implementation to avoid such problems.

  [1]: https://pubs.opengroup.org/onlinepubs/9699919799/utilities/basename.html
  [2]: https://www.man7.org/linux/man-pages/man3/basename.3.html
  [3]: https://sourceforge.net/p/mingw-w64/mingw-w64/ci/master/tree/mingw-w64-c
  rt/misc/basename.c

  Reported-by: UnicornZhang on Github
  Assisted-by: Cherish98 on Github
  Reviewed-by: Daniel Stenberg

  Fixes #10261
  Closes #10475

Philip Heiduck (12 Feb 2023)

- Linux CI: Bump rustls-ffi to v0.9.1

  Closes #10476

Daniel Stenberg (12 Feb 2023)

- libtest: build lib2305 with multibyte as well

  Fixes a build regression.

  Follow-up to 5a9a04d5567
  Reported-by: Viktor Szakats
  Ref: https://github.com/curl/curl/pull/10475#issuecomment-1426831800

  Closes #10477

Dmitry Atamanov (12 Feb 2023)

- cmake: fix dev warning due to mismatched arg

  The package name passed to find_package_handle_standard_args (BROTLI)
  does not match the name of the calling package (Brotli). This can lead
  to problems in calling code that expects find_package result variables
  (e.g., _FOUND) to follow a certain pattern.

  Closes https://github.com/curl/curl/pull/10471

James Keast (11 Feb 2023)

- setopt: Address undefined behaviour by checking for null

  This addresses undefined behaviour found using clang's UBsan:

  curl/lib/setopt.c:177:14: runtime error: applying non-zero offset 1 to null p
  ointer
  SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior curl/lib/setopt.c:177
  :14 in

  Closes #10472

Jacob Hoffman-Andrews (11 Feb 2023)

- rustls: improve error messages

  Changes numeric error codes into verbose error codes in two places.
  Adds a prefix indicating that the error came from rustls, and in some
  places which function it came from.

  Adds special handling for RUSTLS_RESULT_UNEXPECTED_EOF, since the
  default message of "Unexpected EOF" is insufficiently explanatory.

  Closes #10463

Daniel Stenberg (11 Feb 2023)

- openssl: remove dead code

  Follow-up to e8b00fcd6a

  Due to the new 'if(!nonblocking)' check on the block a level above,
  there is no need to check for it again within the same conditional.

  Detected by Coverity

  Closes #10473

- ngtcp2: replace removed define and stop using removed function

  They were removed upstream.

  Reported-by: Karthikdasari0423 on github
  Fixes #10469
  Closes #10474

- scripts/delta: show percent of number of files changed since last tag

- RELEASE-NOTES: synced

Stefan Eissing (10 Feb 2023)

- pytest: add a test case for PUSH related things.

  - checking that "103 Early Hints" are visible in curl's header dump file

  Closes #10452

Gregory Panakkal (10 Feb 2023)

- WEBSOCKET.md: typo

  Fixing missing slash for ws protocol scheme

  Closes #10464

Stefan Eissing (10 Feb 2023)

- vquic: stabilization and improvements

  vquic stabilization
  - udp send code shared between ngtcp2 and quiche
  - quiche handling of data and events improved

  ngtcp2 and pytest improvements
  - fixes handling of "drain" situations, discovered in scorecard
    tests with the Caddy server.
  - improvements in handling transfers that have already  data or
    are already closed to make an early return on recv

  pytest
  - adding caddy tests when available

  scorecard improvemnts.
  - using correct caddy port
  - allowing tests for only httpd or caddy

  Closes #10451

Philip Heiduck (10 Feb 2023)

- Linux CI: update some dependecies to latest tag

  Closes #10458

Daniel Stenberg (10 Feb 2023)

- test2305: send 3 frames, 4097 bytes each, as one message

  Receive them using a 256 bytes buffer in a loop.

- ws: fix recv of larger frames

   + remove 'oleft' from the struct
   + deal with "overflow data" in a separate dynbuf

  Reported-by: Mike Duglas
  Fixes #10438
  Closes #10447

- curl/websockets.h: extend the websocket frame struct

- sws: fix typo, indentation add more ws logging

- test2304: remove stdout verification

  This cripples the test somewhat but the check was bad since depending on
  timing it could exit before the output was done, making the test flaky.

Dan Fandrich (9 Feb 2023)

- CI: Add more labeler match patterns

- CI: Retry failed downloads to reduce spurious failures

  A temporary error with a remote server shouldn't cause a CI run to fail.
  Also, put a cap on the time to download to fail faster on a misbehaving
  server or connection and use HTTP compression where possible to reduce
  download times.

Daniel Stenberg (9 Feb 2023)

- no-clobber.d: only use long form options in man page text

  ... since they are expanded and the short-form gets mentioned
  automatically so if the short form is mentioned as well, it gets
  repeated.

  Fixes #10461
  Closes #10462
  Reported-by: Dan Fandrich

- GHA: enable websockets in the torture job

  Closes #10448

- header.d: add a header file example

  Closes #10455

Stefan Eissing (9 Feb 2023)

- HTTP/[23]: continue upload when state.drain is set

  - as reported in #10433, HTTP/2 uploads may stall when a response is
    received before the upload is done. This happens when the
    data->state.drain is set for such a transfer, as the special handling
    in transfer.c from then on only cared about downloads.
  - add continuation of uploads, if applicable, in this case.
  - add pytest case test_07_12_upload_seq_large to reproduce this scenario
    (although, current nghttp2 implementation is using drain less often)

  Reported-by: Lucas Pardue

  Fixes #10433
  Closes #10443

- http2: minor buffer and error path fixes

  - use memory buffer in full available size
  - fail receive of reset/errored streams early

  pytest:
  - make test_05 error cases more reliable

  Closes #10444

Federico Pellegrin (9 Feb 2023)

- openldap: fix missing sasl symbols at build in specific configs

  If curl is built with openldap support (USE_OPENLDAP=1) but does not
  have also some other protocol (IMAP/SMTP/POP3) enabled that brings
  in Curl_sasl_* functions, then the build will fail with undefined
  references to various symbols:

  ld: ../lib/.libs/libcurl.so: undefined reference to `Curl_sasl_decode_mech'
  ld: ../lib/.libs/libcurl.so: undefined reference to `Curl_sasl_parse_url_auth
  _option'
  ld: ../lib/.libs/libcurl.so: undefined reference to `Curl_sasl_cleanup'
  ld: ../lib/.libs/libcurl.so: undefined reference to `Curl_sasl_can_authentica
  te'
  ld: ../lib/.libs/libcurl.so: undefined reference to `Curl_sasl_continue'
  ld: ../lib/.libs/libcurl.so: undefined reference to `Curl_sasl_start'
  ld: ../lib/.libs/libcurl.so: undefined reference to `Curl_sasl_init'

  This was tracked down to these functions bein used in openldap.c but
  defined in curl_sasl.c and then forward in two vauth/ files to have
  a guard against a set of #define configurations that was now extended
  to cover also this case.

  Example configuration targeted that could reproduce the problem:

  curl 7.87.1-DEV () libcurl/7.87.1-DEV .... OpenLDAP/2.6.3
  Protocols: file ftp ftps http https ldap ldaps

  Closes #10445

Daniel Stenberg (9 Feb 2023)

- ws: use %Ou for outputting curl_off_t with info()

  Reported-by: Mike Duglas
  Fixes #10439
  Closes #10441

Jay Satiro (9 Feb 2023)

- curl_setup: Disable by default recv-before-send in Windows

  Prior to this change a workaround for Windows to recv before every send
  was enabled by default. The way it works is a recv is called before
  every send and saves the received data, in case send fails because in
  Windows apparently that can wipe out the socket's internal received
  data buffer.

  This feature has led to several bugs because the way libcurl operates
  it waits on a socket to read or to write, and may not at all times
  check for buffered receive data.

  Two recent significant bugs this workaround caused:
  - Broken Schannel TLS 1.3 connections (#9431)
  - HTTP/2 arbitrary hangs (#10253)

  The actual code remains though it is disabled by default. Though future
  changes to connection filter buffering could improve the situation IMO
  it's just not tenable to manage this workaround.

  Ref: https://github.com/curl/curl/issues/657
  Ref: https://github.com/curl/curl/pull/668
  Ref: https://github.com/curl/curl/pull/720

  Ref: https://github.com/curl/curl/issues/9431
  Ref: https://github.com/curl/curl/issues/10253

  Closes https://github.com/curl/curl/pull/10409

Stefan Eissing (8 Feb 2023)

- http2: aggregate small SETTINGS/PRIO/WIN_UPDATE frames

  add a small buffer to nghttp2 session sending in order to aggregate
  small SETTINGS/PRIO/WIN_UPDATE frames that nghttp2 "writes" to the
  callback individually.

  Ref: #10389
  Closes #10432

- openssl: store the CA after first send (ClientHello)

  move Curl_ssl_setup_x509_store() call after the first send (ClientHello)
  this gives time to parse CA anchors while waiting on the server reply

  Ref: #10389
  Closes #10432

Daniel Stenberg (8 Feb 2023)

- RELEASE-NOTES: synced

Anthony Hu (8 Feb 2023)

- wolfssl: remove deprecated post-quantum algorithms

  Closes #10440

John Bampton (8 Feb 2023)

- misc: fix spelling

  Closes #10437

Daniel Stenberg (7 Feb 2023)

- man pages: call the custom user pointer 'clientp' consistently

  The variable had a few different names. Now try to use 'clientp'
  consistently for all man pages using a custom pointer set by the
  application.

  Reported-by: Gerrit Renker

  Fixes #10434
  Closes #10435

- vtls: infof using %.*s needs to provide the length as int

  Fixes a Coverity warning.

  Closes #10436

Stefan Eissing (7 Feb 2023)

- vrls: addressing issues reported by coverity

  I believe the code was secure before this, but limiting the accepted
  name length to what is used in the structures should help Coverity's
  analysis.

  Closes #10431

Daniel Stenberg (7 Feb 2023)

- tool_operate: move the 'updated' variable

  This was already done by Dan Fandrich in the previous PR but somehow I
  lost that fixup.

  Follow-up to 349c5391f2121e

Dan Fandrich (7 Feb 2023)

- tool_operate: Fix error codes during DOS filename sanitize

  It would return CURLE_URL_MALFORMAT in an OOM condition.

  Closes #10414

- tool_operate: Fix error codes on bad URL & OOM

  curl would erroneously report CURLE_OUT_OF_MEMORY in some cases instead
  of CURLE_URL_MALFORMAT. In other cases, it would erroneously return
  CURLE_URL_MALFORMAT instead of CURLE_OUT_OF_MEMORY.  Add a test case to
  test the former condition.

  Fixes #10130
  Closes #10414

Daniel Stenberg (6 Feb 2023)

- setopt: use >, not >=, when checking if uarg is larger than uint-max

  Closes #10421

- vtls: fix failf() format argument type for %.*s handling

  Reported by Coverity

  Closes #10422

- openssl: fix "Improper use of negative value"

  By getting the socket first and returning error in case of bad socket.

  Detected by Coverity.

  Closes #10423

Dan Fandrich (6 Feb 2023)

- packages: Remove Android.mk from makefile

  This was missed in commit #44141512

  Ref: #10418

Daniel Stenberg (6 Feb 2023)

- curl_ws_send.3: clarify how to send multi-frame messages

Mike Duglas (6 Feb 2023)

- ws: fix multiframe send handling

  Fixes #10413
  Closes #10420

Daniel Stenberg (6 Feb 2023)

- unit2600: make sure numerical curl_easy_setopt sets long

  Follow-up to 671158242db3203

  Reported-by: Marcel Raad
  Fixes #10410
  Closes #10419

Andy Alt (6 Feb 2023)

- GHA: move Slackware test into matrix

  Closes #10412

Pronyushkin Petr (6 Feb 2023)

- urlapi: fix part of conditional expression is always true: qlen

  Closes #10408

- url: fix part of conditional expression is always true

  Closes #10407

Daniel Stenberg (6 Feb 2023)

- RELEASE-NOTES: synced

Philip Heiduck (6 Feb 2023)

- GHA/macos.yml: bump to gcc-12

  Closes #10415

Daniel Stenberg (6 Feb 2023)

- packages: remove Android, update README

  - Nobody builds curl for Android using this anymore
  - Refreshed the README and converted to markdown

  Reported-by: John Porter
  Fixes #10416
  Closes #10418

Kvarec Lezki (5 Feb 2023)

- fopen: remove unnecessary assignment

  [CWE-1164] V1048: The '* tempname' variable was assigned the same value.

  Ref: https://pvs-studio.com/en/docs/warnings/v1048/

  Closes https://github.com/curl/curl/pull/10398

Gisle Vanem (5 Feb 2023)

- libtest: add a sleep macro for Windows

  .. because sleep() is used in some libtests.

  Closes https://github.com/curl/curl/pull/10295

Kvarec Lezki (3 Feb 2023)

- http_aws_sigv4: remove typecasts from HMAC_SHA256 macro

  V220: Suspicious sequence of types castings: memsize -> 32-bit integer -> mem
  size.

  https://pvs-studio.com/en/docs/warnings/v220/

  Closes #10400

Daniel Stenberg (3 Feb 2023)

- mailmap: Thomas1664 on github

Thomas1664 on github (3 Feb 2023)

- CURLOPT_WRITEFUNCTION.3: fix memory leak in example

  Closes #10390

Kvarec Lezki (3 Feb 2023)

- doh: ifdef IPv6 code

  For disabled IPv6 a condition (conn->ip_version != CURL_IPRESOLVE_V4) is
  always false. https://pvs-studio.com/en/docs/warnings/v560/

  Closes #10397

Daniel Stenberg (3 Feb 2023)
