diff --git a/Makefile b/Makefile
index 6cd6f3deac..d7f1b55def 100644
--- a/Makefile
+++ b/Makefile
@@ -1,10 +1,10 @@
ROOT=.
# the latest stable version is:
-STABLE= 8.10.1
-RELDATE = "2024-09-18"
+STABLE= 8.11.0
+RELDATE = "2024-11-06"
# The planned *next* release is:
-NEXTDATE = "2024-11-06"
+NEXTDATE = "2015-01-08"
# generated file with binary package stats
STAT = packstat.t
diff --git a/_changes.html b/_changes.html
index 85351b2471..bb76787623 100644
--- a/_changes.html
+++ b/_changes.html
@@ -47,6 +47,287 @@
TITLE(All changes ever made)
+
+SUBTITLE(Fixed in 8.11.0 - November 6 2024)
+VULNBOX(8.11.0)
+ Changes:
+
+ Bugfixes:
+
+ BGF alt-svc: honor data->state.httpwant
+ BGF altsvc: avoid using local buffer and memcpy
+ BGF asyn-ares: remove typecast, fix expire
+ BGF autotools: add support for 'unity' builds, enable in CI
+ BGF bearssl: avoid strpcy() when generating TLS version log message
+ BGF bearssl: improved session handling, test exceptions
+ BGF bufq: unwrite fix
+ BGF build: add `ldap` to `libcurl.pc` `Requires:`
+ BGF build: add pytest targets
+ BGF build: clarify CA embed is for curl tool, mark default, improve summary
+ BGF build: detect and use `_setmode()` with Cygwin/MSYS, also use on Windows
+ BGF build: disable warning `-Wunreachable-code-break`
+ BGF build: fix clang-cl builds, add CI job
+ BGF build: fix cross-compile check for poll with bionic
+ BGF build: fix possible `-Wformat-overflow` in lib557
+ BGF build: limit arc4random detection to no-SSL configs
+ BGF build: show if CA bundle to embed was found
+ BGF build: tidy up and improve versioned-symbols options
+ BGF build: tidy up deprecation suppression, enable warnings for clang
+ BGF certs: add missing `-CAcreateserial` option for LibreSSL
+ BGF checksrc: add check for spaces around logical AND operators
+ BGF checksrc: Added checks for colon operator in ternary expressions
+ BGF checksrc: check for spaces around '?', '>' and '<'
+ BGF ci: dump `curl_config.h` to log in all jobs
+ BGF CI: run with standard mod_http2
+ BGF cmake, Makefile.mk: use -isystem for headers, silence BearSSL issues
+ BGF cmake/FindCares: fix version detection for c-ares 1.34.1
+ BGF cmake/FindNGTCP2: use library path as hint for finding crypto module
+ BGF cmake: add missed variable to comment
+ BGF cmake: add native `pkg-config` detection for mbedTLS, MSH3, Quiche, Rustls, wolfSSL
+ BGF cmake: allow building tests in unity mode
+ BGF cmake: apply `WIN32_LEAN_AND_MEAN` to all feature checks
+ BGF cmake: avoid setting `BUILD_TESTING`
+ BGF cmake: clear package version after `pkg-config` detection
+ BGF cmake: delete unused NEED_LBER_H, HAVE_LDAP_H
+ BGF cmake: detect `HAVE_NETINET_IN6_H`, `HAVE_CLOSESOCKET_CAMEL`, `HAVE_PROTO_BSDSOCKET_H`
+ BGF cmake: detect GNU GSS
+ BGF cmake: disable default OpenSSL if BearSSL, GnuTLS or Rustls is enabled
+ BGF cmake: do not propagate unused `HAVE_GSSAPI_GSSAPI_KRB5_H` to C
+ BGF cmake: document `-D` and env build options
+ BGF cmake: drop obsolete items from `TODO` and `INSTALL-CMAKE`
+ BGF cmake: drop redundant assignments
+ BGF cmake: drop redundant zlib var, rename function (internals)
+ BGF cmake: expand CURL_USE_PKGCONFIG to non-cross MINGW
+ BGF cmake: fix broken dependency chain for cmdline-opts, tidy-ups
+ BGF cmake: fix compile warnings for clang-cl
+ BGF cmake: fix missing spacing in log message
+ BGF cmake: limit `CURL_STATIC_CRT` to MSVC
+ BGF cmake: make `test-ci` target skip building dependencies
+ BGF cmake: mark as advanced some internal Find* variables
+ BGF cmake: readd `generate-curl.1` dependency for `src` just in case
+ BGF cmake: rename LDAP dependency config variables to match Find modules
+ BGF cmake: replace `check_include_file_concat()` for LDAP and GSS detection
+ BGF cmake: replace `CURL_*_DIR` with `{PROJECT,CMAKE_CURRENT}_*_DIR`
+ BGF cmake: require quictls (or fork) when using msh3 on non-Windows
+ BGF cmake: separate target for examples, optimize CI, fix fallouts
+ BGF cmake: set version for `project()` and add CPack support
+ BGF cmake: stop adding dependency headers to global `CMAKE_REQUIRED_INCLUDES`
+ BGF cmake: sync torture test parallelism with autotools
+ BGF cmake: tidy up `CURL_DISABLE_FORM_API` initialization
+ BGF cmake: tidy up and shorten symbol hiding initialization
+ BGF cmake: tidy up line order
+ BGF cmake: tidy up picky warning initialization
+ BGF cmake: tidy-ups and rebase fixups
+ BGF cmake: tweaks around debug mode and hidden symbols
+ BGF cmake: untangle feature detection interdependencies
+ BGF cmake: use `list(APPEND)` on `CURL_INCLUDES`
+ BGF cmake: use OpenSSL for LDAP detection only if available
+ BGF cmake: use the `BSD` variable
+ BGF config: rename the OS define to CURL_OS to reduce collision risk
+ BGF configure: add GSS to `libcurl.pc` `Depends:`
+ BGF configure: catch Apple in more target triplets
+ BGF configure: drop duplicate feature checks for `poll()`, `if_nametoindex()`
+ BGF configure: drop unused bare `socket.h` detection
+ BGF configure: improve help string for some options
+ BGF conncache: find bundle again in case it is removed
+ BGF conncache: more efficient implementation of cpool_remove_bundle
+ BGF cookie: overhaul and cleanup
+ BGF curl-rustls.m4: set linker flags to allow rustls build on macos
+ BGF curl.h: remove the struct pointer for CURL/CURLSH/CURLM typedefs
+ BGF curl: add build options for safe/no CA bundle search (Windows)
+ BGF curl: detect ECH support dynamically, not at build time
+ BGF curl_addrinfo: support operating systems with only getaddrinfo(3)
+ BGF curl_multi_perform.md: fix typo
+ BGF curl_trc: fix build with verbose messages disabled
+ BGF curl_url_set.md: document HOST handling when URL is parsed
+ BGF curl_ws_recv.md: the 'meta' pointer is only returned on success
+ BGF curl_ws_recv: return recv 0 and point meta to NULL on all errors
+ BGF CURLMOPT_PIPELINING.md: clarify that CURLPIPE_NOTHING is not default
+ BGF CURLOPT_APPEND.md: goes for SFTP as well
+ BGF CURLOPT_HEADERFUNCTION.md: do not modify the passed in buffer
+ BGF DISABLED: disable test 1060 with hyper
+ BGF DISTROS: avoid use of "very"
+ BGF Dockerfile: update Docker digest to d830561
+ BGF docs/cmdline-opts: GnuTLS supports PKCS#11 URI in --cert option
+ BGF docs: clarify FTP over HTTP proxy functionality somewhat
+ BGF docs: fix a typo in some cipher options
+ BGF ech: spelling, whitespace, say `--ech` default config
+ BGF ftp: fix 0-length last write on upload from stdin
+ BGF ftp: move listen handling to socket filter
+ BGF GHA: optimize test prereq steps
+ BGF gnutls: use session cache for QUIC
+ BGF hsts: avoid the local buffer and memcpy on lookup
+ BGF hsts: improve subdomain handling
+ BGF hsts: support "implied LWS" properly around max-age
+ BGF http2: auto reset stream on server eos
+ BGF http_aws_sigv4: avoid local buffer and strcpy
+ BGF INSTALL-CMAKE.md: mention focus on shared libraries
+ BGF INSTALL-CMAKE: fix punctuation and a typo
+ BGF INSTALL.md: fix a typo that slipped in to RISC OS
+ BGF json.md: cli-option `--json` is an alias of `--data-binary`
+ BGF lib, src, tests: added space around ternary expressions
+ BGF lib/cw-out: initialize 'flush_all' directly
+ BGF lib/src: white space edits to comply better with code style
+ BGF lib: avoid assigning 'result' temporarily
+ BGF lib: fix disabled-verbose-strings + enable-debug build warnings
+ BGF lib: fix unity builds with BearSSL, MSH3, Quiche, OmniOS
+ BGF lib: move curl_path.[ch] into vssh/
+ BGF lib: msnprintf tidy-ups
+ BGF lib: remove Curl_ prefix from static functions
+ BGF lib: remove function pointer typecasts for hmac/sha256/md5
+ BGF lib: use bool/TRUE/FALSE properly
+ BGF libcurl/opts: improve phrasing for connection cap related options
+ BGF libssh.c: handle EGAINS during proto-connect correctly
+ BGF libssh2: delete duplicate `break`
+ BGF libssh2: put the readdir buffers into struct
+ BGF libssh2: use the Curl_* memory functions to avoid memdebug
+ BGF libssh2: use the filename buffer when getting the homedir
+ BGF libtests: generate the lib1521 atomically
+ BGF mbedTLS: fix handling of TLSv1.3 sessions
+ BGF mbedtls: handle session as blobs
+ BGF mbedtls: remove failf() use from mbedtls_random
+ BGF mk-lib1521: fix the long return code check
+ BGF mprintf: do not ignore length modifiers of `%o`, `%x`, `%X`
+ BGF mprintf: treat `%o` as unsigned, add tests for `%o`, `%x`, `%X`
+ BGF mqtt: fix mqtt.md wording and add clearer explanation
+ BGF multi.c: make stronger check for paused transfer before asserting
+ BGF multi.c: warn/assert on stall only without timer
+ BGF multi: avoid reading whole struct pointer from pointer
+ BGF multi: convert Curl_follow to static multi_follow
+ BGF multi: make curl_multi_cleanup invalidate magic latter
+ BGF multi: make multi_handle_timeout use the connect timeout
+ BGF multi: split multi_runsingle into sub functions
+ BGF negotiate: conditional check around GSS & SSL specific code
+ BGF netrc: cache the netrc file in memory
+ BGF ngtcp2: do not loop on recv
+ BGF ngtcp2: set max window size to 10x of initial (128KB)
+ BGF openssl quic: populate x509 store before handshake
+ BGF openssl: convert a memcpy to dynbuf use
+ BGF openssl: extend the OpenSSL error messages
+ BGF openssl: improve retries on shutdown
+ BGF openssl: remove two strcpy() calls
+ BGF OS400: don't delete source files when building with debug
+ BGF packages/OS400/curlmain: remove the strncpy calls
+ BGF processhelp.pm: improve taskkill calls (Windows)
+ BGF pytest: fix run against multissl curl
+ BGF pytest: improve pytest_07_42a reliability
+ BGF pytest: include `buildinfo.txt` in the output
+ BGF pytest: include curl version string and python platform in log
+ BGF pytest: show curl features and protocols
+ BGF quic: use send/recvmmsg when available
+ BGF quic: use the session cache with wolfSSL as well
+ BGF request: on shutdown send, proceed normally on timeout
+ BGF runtests.md: suggest a value for -j for torture tests
+ BGF runtests: add comment for handle64 pathsep requirement
+ BGF runtests: drop unused code for old/classic-mingw support
+ BGF runtests: pass single backslashes with Windows Perl
+ BGF runtests: use deterministic sort for `TESTINFO` lines
+ BGF schannel: fix TLS cert verification by IP SAN
+ BGF schannel: ignore error on recv beyond close notify
+ BGF schannel: reclassify extra-verbose schannel_recv messages
+ BGF select: use poll() if existing, avoid poll() with no sockets
+ BGF sendf: add condition to max-filesize check
+ BGF server/mqttd: fix two memory leaks
+ BGF setopt: avoid superfluous length checks before strcmp()
+ BGF setopt: return error for bad input to CURLOPT_RTSP_REQUEST
+ BGF setopt_cptr: make overflow check only done when needed
+ BGF singleuse: make `git grep` faster, add Apple `nm` support
+ BGF smb: do not redefine `getpid` on Windows
+ BGF smb: replace use of strcpy() with snprintf()
+ BGF socks_gssapi: switch to dynbuf from buffer with strcpy
+ BGF source: avoid use of 'very' in comments
+ BGF src/lib: remove redundant ternary operators
+ BGF src: guard for double declaration of `curl_ca_embed` in unity builds
+ BGF sws: fix unused static function with `TCP_NODELAY` undefined
+ BGF telnet: avoid two strcpy() by pointing to the strings instead
+ BGF test1035: convert host name back to utf8 as should be
+ BGF test1515: add tracing and more debug info
+ BGF test1540: add debug logging
+ BGF test190: replace %FTPTIME2 with a fixed value
+ BGF test1915: add tracing and connect timeout
+ BGF test1915: remove wrong comment
+ BGF test2502: add libtest debug tracing
+ BGF test504: fix handling on pending connect
+ BGF testrun: explicitly set proper IP address for stunnel listen/connect
+ BGF tests/http: fix ubuntu GnuTLS CI failures
+ BGF tests/scorecard: allow remote server test
+ BGF tests/server/util.c: remove use of strncpy
+ BGF tests/valgrind.pm: fix warnings with no valgrind report to show
+ BGF tests/valgrind.supp: remove a travis suppression, add a Debian
+ BGF tests: add and use `%PERL` variable to refer to the Perl binary
+ BGF tests: add codeset-utf8 as a feature
+ BGF tests: add file: tests with existing files
+ BGF tests: allow pytests to run in out-of-tree builds
+ BGF tests: capture stdin to get the vsftpd version number
+ BGF tests: change Python code style to pass ruff checks
+ BGF tests: check http/2 and http/3 server responsiveness
+ BGF tests: delete duplicate macro check
+ BGF tests: enable additional ruff Python lint options
+ BGF tests: fix `%POSIX_PWD` on native Windows Perl
+ BGF tests: fix callback signatures to please UndefinedBehaviorSanitizer
+ BGF tests: Fix FILEFORMAT <file name=""> directive
+ BGF tests: fix keyword for test1411
+ BGF tests: fix shell quoting on native Windows Perl
+ BGF tests: fix some Python typing issues
+ BGF tests: fixup `checkcmd` `PATH` on non-unixy platforms
+ BGF tests: improve mqtt server handling
+ BGF tests: introduce %CLIENT6IP-NB
+ BGF tests: let openssl generate random cert serials
+ BGF tests: libtests and unit tests need explicit #include memdebug
+ BGF tests: make precheck for HTTP on 127.0.0.1 into a feature
+ BGF tests: Only log warnings or worse by default in smbserver
+ BGF tests: postcheck is now in verify
+ BGF tests: remove all valgrind disable instructions
+ BGF tests: remove debug requirement on 38 tests
+ BGF tests: remove the %FTPTIME3 variable
+ BGF tests: replace `%PWD` with `%FILE_PWD` for `file://`
+ BGF tests: replace `%PWD` with `%SSH_PWD` in SCP/SFTP tests
+ BGF tests: replace hard-coded `/dev/null` with variable
+ BGF tests: simplify `pathhelp.pm`, avoid using external tools
+ BGF tests: speed up builds with single-binary test bundles
+ BGF tests: testrunner fairness
+ BGF tests: testrunner reliability improvements
+ BGF tests: use '-4' where needed
+ BGF tests: use a set for several of the curl_props
+ BGF tftp: avoid two memcpy/strcpy
+ BGF tidy-up: rename CURL_WINDOWS_APP to CURL_WINDOWS_UWP
+ BGF tls: avoid abusing CURLE_SSL_ENGINE_INITFAILED
+ BGF tool: support --show-headers AND --remote-header-name
+ BGF tool_doswin: simplify; remove unused options and strncpy calls
+ BGF tool_getparam: drop unused time() call
+ BGF tool_getparam: replace two uses of strncpy(), ban strncpy
+ BGF tool_operate: make --skip-existing work for --parallel
+ BGF tool_operate: reuse the schannel backend check
+ BGF tool_xattr: create the user.creator xattr attribute
+ BGF unit1307: tidy up Apple OS detection
+ BGF unit1660: fix unreachable code warning in no-SSL builds
+ BGF url: connection reuse on h3 connections
+ BGF url: use same credentials on redirect
+ BGF urlapi: drop unused header
+ BGF urlapi: normalize the IPv6 address
+ BGF version: minor cleanups
+ BGF version: say quictls in MSH3 builds
+ BGF vquic: fix compiler warning with gcc + MUSL
+ BGF vquic: recv_mmsg, use fewer, but larger buffers
+ BGF vtls: convert Curl_pin_peer_pubkey to use dynbuf
+ BGF vtls: convert pubkey_pem_to_der to use dynbuf
+ BGF warnless: remove curlx_sktosi and curlx_sitosk
+ BGF winbuild/README: consolidate command prompt section
+ BGF winbuild/README: document how to clean a build
+ BGF winbuild: add initial wolfSSL support
+ BGF winbuild: drop `gen_resp_file.bat`
+ BGF wolfssl: convert malloc + memcpys to dynbuf for cipher string
+ BGF wolfSSL: fix handling of TLSv1.3 sessions
+ BGF wolfssl: no more use of the OpenSSL API
+ BGF wolfssl: use old version API without openssl extra
+
+
SUBTITLE(Fixed in 8.10.1 - September 18 2024)
RELEASEVIDEO(8.10.1, "https://youtu.be/xeB8AFSFvxo")
diff --git a/_newslog.html b/_newslog.html
index 76dada6ab8..a976fb434b 100644
--- a/_newslog.html
+++ b/_newslog.html
@@ -34,6 +34,20 @@
NCOLE
#endif
+NSUBJ(curl and libcurl 8.11.0)
+NDATE(November 6 2024)
+NCOLS
+
+The curl team proudly presents curl and
+libcurl version 8.11.0. See the
+full changelog.
+
+
+Pay special attention to the security
+vulnerability fixed in this version.
+
+NCOLE
+
NSUBJ(curl and libcurl 8.10.1)
NDATE(September 18 2024)
NCOLS