mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-04-09 18:45:54 +02:00
main
40 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Michael Tremer
|
c48872ef76 |
curl: Fix CVE-2023-38545
https://curl.se/docs/CVE-2023-38545.html Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
Adolf Belka
|
319fcaa4d7 |
curl: Update to version 8.2.1
- Update from version 8.2.0 to 8.2.1
- Update of rootfile not required
-Changelog
8.2.1
Bugfixes
o amigaos: fix sys/mbuf.h m_len macro clash [9]
o amissl: add missing signal.h include [8]
o amissl: fix AmiSSL v5 detection [2]
o cfilters: rename close/connect functions to avoid clashes [12]
o ciphers.d: put URL in first column [1]
o cmake: add `libcurlu`/`libcurltool` for unit tests [5]
o cmake: update ngtcp2 detection [4]
o configure: check for nghttp2_session_get_stream_local_window_size [14]
o CONTRIBUTE: drop mention of copyright year ranges [20]
o CONTRIBUTE: fix syntax in commit message description [21]
o curl_multi_wait.3: fix arg quoting to doc macro .BR [27]
o docs: mark two TLS options for TLS, not SSL [26]
o docs: provide more see also for cipher options [23]
o hostip: return IPv6 first for localhost resolves [16]
o http2: fix regression on upload EOF handling [13]
o http: VLH, very large header test and fixes [19]
o libcurl-errors.3: add CURLUE_OK [11]
o os400: correct EXPECTED_STRING_LASTZEROTERMINATED [7]
o quiche: fix lookup of transfer at multi [18]
o quiche: fix segfault and other things [15]
o rustls: update rustls-ffi 0.10.0 [24]
o socks: print ipv6 address within brackets [10]
o src/mkhelp: strip off escape sequences [22]
o tool: fix tool_seek_cb build when SIZEOF_CURL_OFF_T > SIZEOF_OFF_T [17]
o transfer: do not clear the credentials on redirect to absolute URL [6]
o unittest: remove unneeded *_LDADD [3]
o websocket: rename arguments/variables to match docs [25]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
d08ee8c8b6 |
curl: Update to version 8.2.0
- Update from version 8.1.0 to 8.2.0
- Update of rootfile
- Changelog
8.2.0
Changes:
curl: add --ca-native and --proxy-ca-native
curl: add --trace-ids
CURLOPT_MAIL_RCPT_ALLOWFAILS: replace CURLOPT_MAIL_RCPT_ALLLOWFAILS
haproxy: add --haproxy-clientip flag to set client IPs
lib: add CURLINFO_CONN_ID and CURLINFO_XFER_ID
Bugfixes:
bufq: make write/pass methods more robust
build: drop unused/redundant `HAVE_WINLDAP_H`
cf-socket: don't bypass fclosesocket callback if cancelled before connect
cf-socket: move ctx declaration under HAVE_GETPEERNAME
cf-socket: skip getpeername()/getsockname for TFTP
checksrc: modernise perl file open
checksrc: quote the file name to work with "funny" letters
CI: brew fix for openssl in default path
CI: don't install impacket if tests are not run
CI: enable parallel make in more builds
circleci: install impacket & wolfssl 5.6.0
cmake: add support for "unity" builds
cmake: make use of snprintf
cmake: stop CMake from quietly ignoring missing Brotli
configure: add check for ldap_init_fd
configure: fix run-compiler for old /bin/sh
configure: the --without forms of the options are also gone
connect-timeout.d: mention that the DNS lookup is included
curl.h: include <sys/select.h> for vxworks
curl: count uploaded data to stop at the originally given size
curl: return error when asked to use an unsupported HTTP version
curl_easy_nextheader.3: add missing open parenthesis examples
curl_log: evaluate log statement only when transfer is verbose
curl_mprintf.3: minor fix of the example
curl_pushheader_byname/bynum.3: document in their own man pages
curl_url_set: enforce the max string length check for all parts
CURLOPT_AWS_SIGV4.3: remove unused variable from example
CURLOPT_INFILESIZE.3: mention -1 triggers chunked
CURLOPT_MIMEPOST.3: clarify what setting to NULL means
CURLOPT_SSH_PRIVATE_KEYFILE.3: expand on the file search
docs/libcurl/libcurl.3: cleanups and improvements
docs: add more .IP after .RE to fix indentation of generate paragraphs
docs: fix missing parameter names in examples
docs: update CURLOPT_UPLOAD.3
docs: update HTTP3.md for newer ngtcp2 and nghttp3
docs: use a space after RFC when spelling out RFC numbers
example/connect-to: show CURLOPT_CONNECT_TO
example/crawler: also set CURLOPT_AUTOREFERER
example/crawler: make it use a few more options
example/default-scheme: set the default scheme for schemeless URLs
example/hsts-preload: show one way to HSTS preload
example/http2-download: set CURLOPT_BUFFERSIZE
example/ipv6: feature CURLOPT_ADDRESS_SCOPE in use
example/maxconnects: set maxconnect example
example/opensslthreadlock: remove
examples/ftpuploadresume.c: add use of CURLOPT_ACCEPTTIMEOUT_MS
examples/http-options: show how to send "OPTIONS *"
examples/https.c: use CURLOPT_CA_CACHE_TIMEOUT
examples/multi-debugcallback.c: avoid the bool typedef
examples/smtp-mime: use CURLOPT_MAIL_RCPT_ALLOWFAILS
examples/unixsocket.c: example using CURLOPT_UNIX_SOCKET_PATH
examples/websocket.c: websocket example using CONNECT_ONLY
examples: make use of CURLOPT_(REDIR_|)PROTOCOLS_STR
fopen: fix conversion warning on 32-bit Android
fopen: optimize
hostip.c: Move macOS-specific calls into global init call
HTTP/2: upload handling fixes
http2: better support for --limit-rate
http2: error stream resets with code CURLE_HTTP2_STREAM
http2: fix crash in handling stream weights
http2: fix variable type
http2: h2 and h2-PROXY connection alive check fixes
http2: raise header limitations above and beyond
http2: send HEADER & DATA together if possible
http2: treat initial SETTINGS as a WINDOW_UPDATE
HTTP3.md: update openssl version
http3/ngtcp2: upload EAGAIN handling
http: rectify the outgoing Cookie: header field size check
hyper: fix EOF handling on input
hyper: unslow
imap-append.c: update to make it more likely to work
imap: Provide method to disable SASL if it is advertised
krb5: add typecast to please Coverity
libcurl-url.3: also mention CURLUPART_ZONEID
libcurl-ws.3. WebSocket API overview
libssh2: provide error message when setting host key type fails
libssh2: use custom memory functions
ngtcp2: assigning timeout, but value is overwritten before used
ngtcp2: build with 0.17.0 and nghttp3 0.13.0
ngtcp2: use ever increasing timestamp in io
quiche: avoid NULL deref in debug logging
quiche: fix defects found in latest coverity report
quote.d: fix indentation of generated paragraphs
runtests: abort test run after failure without -a
runtests: better handle ^C during slow tests
runtests: consistently write the test check summary block
runtests: create multiple test runners when requested
runtests: include missing valgrind package
runtests: make test file directories in log/N
runtests: rename server command file
runtests: use more consistent failure lines
runtests: work around a perl without SIGUSR1
runtests; give each server a unique log lock file
scripts: Fix GHA matrix job detection in cijobs.pl
sectransp: fix EOF handling
system.h: remove __IBMC__/__IBMCPP__ guards and apply to all z/OS compiles
test2600: fix the description
test427: verify sending more cookies than fit in a 8190 bytes line
tests/http: Add mod_h2 directive `H2ProxyRequests`
tests/servers.pm: pick unused port number with a server socket
tests/servers: generate temp names in /tmp for unix domain sockets
tests: fix error messages & handling around sockets
tests: improve reliability of TFTP tests
testutil: allow multiple %-operators on the same line
timeval: use CLOCK_MONOTONIC_RAW if available
tls13-ciphers.d: include Schannel
tool: remove exclamation marks from error/warning messages
tool: remove newlines from all helpf/notef/warnf/errorf calls
tool_easysrc.h: correct `easysrc_perform` for `CURL_DISABLE_LIBCURL_OPTION`
tool_getparam: fix comment
tool_operate: allow cookie lines up to 8200 bytes
tool_parsecfg: accept line lengths up to 10M
tool_urlglob: use curl_off_t instead of longs
tool_writeout_json: fix encoding of control characters
transfer: clear credentials when redirecting to absolute URL
urlapi: have *set(PATH) prepend a slash if one is missing
urlapi: scheme must start with alpha
vtls: avoid memory leak if sha256 call fails
websocket-cb: example doing WebSocket download using callback
wolfssl: detect when TLS 1.2 support is not built into wolfssl
wolfssl: support setting CA certificates as blob
ws: make the curl_ws_meta() return pointer a const
8.1.2
Bugfixes:
configure: quote the assignments for run-compiler
configure: without pkg-config and no custom path, use -lnghttp2
curl: cache the --trace-time value for a second
http2: fix EOF handling on uploads with auth negotiation
http3: send EOF indicator early as possible
lib1560: verify more scheme guessing
lib: remove unused functions, make single-use static
libcurl.m4: remove trailing 'dnl' that causes this to break autoconf
libssh: when keyboard-interactive auth fails, try password
misc: fix spelling mistakes
page-header: mention curl version and how to figure out current release
page-header: minor wording polish in the URL segment
scripts/singleuse.pl: add more API calls
urlapi: remove superfluous host name check
8.1.1
Bugfixes:
cf-socket: completely remove the disabled USE_RECV_BEFORE_SEND_WORKAROUND
checksrc: disallow spaces before labels
cmake: avoid `list(PREPEND)` for compatibility
cmake: repair cross compiling
configure: fix --help alignment
configure: generate a script to run the compiler
curl_easy_getinfo: clarify on return data types
docs: document that curl_url_cleanup(NULL) is a safe no-op
hostip: move easy_lock.h include above curl_memory.h
http2: double http request parser max line length
http2: increase stream window size to 10 MB
http2: upload improvements
lib: fix conversion warnings with gcc on macOS
lib: rename struct 'http_req' to 'httpreq'
ngtcp2: fix compiler warning about possible null-deref
ngtcp2: proper handling of uint64_t when adjusting send buffer
os400: update chkstrings.c
runtests: handle interrupted reads from IPC pipes
runtests: use the correct fd after select
sectransp.c: make the code c89 compatible
select: avoid returning an error on EINTR from select() or poll()
test425: fix the log directory for the upload
url: provide better error message when URLs fail to parse
urlapi: allow numerical parts in the host name
vquic.c: make recvfrom_packets static, avoid compiler warning
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
579c5830aa |
curl: Update to version 8.1.0
- Update from version 7.88.1 to 8.1.0
- Update of rootfile not required
- Changelog
Fixed in 8.1.0 - May 17 2023
Changes:
curl: add --proxy-http2
CURLPROXY_HTTPS2: for HTTPS proxy that may speak HTTP/2
hostip: refuse to resolve the .onion TLD
tool_writeout: add URL component variables
Bugfixes:
amiga: Fix CA certificate paths for AmiSSL and MorphOS
autotools: sync up clang picky warnings with cmake
aws-sigv4.d: fix region identifier in example
bufq: simplify since expression is always true
cf-h1-proxy: skip an extra NULL assign
cf-h2-proxy: fix processing ingress to stop too early
cf-socket: add socket recv buffering for most tcp cases
cf-socket: Disable socket receive buffer by default
cf-socket: remove dead code discovered by PVS
cf-socket: turn off IPV6_V6ONLY on Windows if it is supported
checksrc: check for spaces before the colon of switch labels
checksrc: find bad indentation in conditions without open brace
checksrc: fix SPACEBEFOREPAREN for conditions starting with "*"
ci: `-Wno-vla` no longer necessary
CI: fix brew retries on GHA
CI: Set minimal permissions on workflow ngtcp2-quictls.yml
CI: skip Azure for commits which change only GHA
CI: use another glob syntax for matching files on Appveyor
cmake: bring in the network library on Haiku
cmake: do not add zlib headers for openssl
CMake: make config version 8 compatible with 7
cmake: picky-linker fixes for openssl, ZLIB, H3 and more
cmake: set SONAME for SunOS too
cmake: speed up and extend picky clang/gcc options
CMakeLists.txt: fix typo for Haiku detection
compressed.d: clarify the words on "not notifying headers"
config-dos.h: fix SIZEOF_CURL_OFF_T for MS-DOS/DJGPP
configure: don't set HAVE_WRITABLE_ARGV on Windows
configure: fix detection of apxs (for httpd)
configure: make quiche require quiche_conn_send_ack_eliciting
connect: fix https connection setup to treat ssl_mode correctly
content_encoding: only do transfer-encoding compression if asked to
cookie: address PVS nits
cookie: clarify that init with data set to NULL reads no file
curl: do NOT append file name to path for upload when there's a query
curl_easy_getinfo.3: typo fix (duplicated "from the")
curl_easy_unescape.3: rename the argument
curl_path: bring back support for SFTP path ending in /~
curl_url_set.3: mention that users can set content rather freely
CURLOPT_IPRESOLVE.3: this for host names, not IP addresses
data.d: emphasize no conversion
digest: clear target buffer
doc: curl_mime_init() strong easy binding was relaxed in 7.87.0
docs/cmdline-opts: document the dotless config path
docs/examples/protofeats.c: outputs all protocols and features
docs/libcurl/curl_*escape.3: rename "url" argument to "input"/"string"
docs/SECURITY-ADVISORY.md: how to write a curl security advisory
docs: bump the minimum perl version to 5.6
docs: clarify that more backends have HTTPS proxy support
dynbuf: never allocate larger than "toobig"
easy_cleanup: require a "good" handle to act
ftp: fix 'portsock' variable was assigned the same value
ftp: remove dead code
ftplistparser: move out private data from public struct
ftplistparser: replace realloc with dynbuf
gen.pl: error on duplicated See-Also fields
getpart: better handle case of file not found
GHA-linux: add an address-sanitizer build
GHA: add a memory-sanitizer job
GHA: run all linux test jobs with valgrind
GHA: suppress git clone output
GIT-INFO: add --with-openssl
gskit: various compile errors in OS400
h2/h3: replace `state.drain` counter with `state.dselect_bits`
hash: fix assigning same value
headers: clear (possibly) lingering pointer in init
hostcheck: fix host name wildcard checking
hostip: add locks around use of global buffer for alarm()
hostip: enforce a maximum DNS cache size independent of timeout value
HTTP-COOKIES.md: mention the #HttpOnly_ prefix
http2: always EXPIRE_RUN_NOW unpaused http/2 transfers
http2: do flow window accounting for cancelled streams
http2: enlarge the connection window
http2: flow control and buffer improvements
http2: move HTTP/2 stream vars into local context
http2: pass `stream` to http2_handle_stream_close to avoid NULL checks
http2: remove unused Curl_http2_strerror function declaration
HTTP3/quiche: terminate h1 response header when no body is sent
http3: check stream_ctx more thoroughly in all backends
HTTP3: document the ngtcp2/nghttp3 versions to use for building curl
http3: expire unpaused transfers in all HTTP/3 backends
http3: improvements across backends
http: free the url before storing a new copy
http: skip a double NULL assign
ipv4.d/ipv6.d: they are "mutex", not "boolean"
KNOWN_BUGS: remove fixed or outdated issues, move non-bugs
lib/cmake: add HAVE_WRITABLE_ARGV check
lib/sha256.c: typo fix in comment (duplicated "is available")
lib1560: verify that more bad host names are rejected
lib: add `bufq` and `dynhds`
lib: remove CURLX_NO_MEMORY_CALLBACKS
lib: unify the upload/method handling
lib: use correct printf flags for sockets and timediffs
libssh2: fix crash in keyboard callback
libssh2: free fingerprint better
libssh: tell it to use SFTP non-blocking
man pages: simplify the .TH sections
MANUAL.md: add dict example for looking up a single definition
md(4|5): don't use deprecated iOS functions
md4: only build when used
mime: skip NULL assigns after Curl_safefree()
multi: add handle asserts in DEBUG builds
multi: add multi-ignore logic to multi_socket_action
multi: free up more data earleier in DONE
multi: remove a few superfluous assigns
multi: remove PENDING + MSGSENT handles from the main linked list
ngtcp2: adapted to 0.15.0
ngtcp2: adjust config and code checks for ngtcp2 without nghttp3
noproxy: pointer to local array 'hostip' is stored outside scope
ntlm: clear lm and nt response buffers before use
openssl: interop with AWS-LC
OS400: fix and complete ILE/RPG binding
OS400: implement EBCDIC support for recent features
OS400: improve vararg emulation
OS400: provide ILE/RPG usage examples
pingpong: fix compiler warning "assigning an enum to unsigned char"
pytest: improvements for suitable curl and error output
quiche: disable pacing while pacing is not actually performed
quiche: Enable IDLE egress handling
RELEASE-PROCEDURE: update to new schedule
rtsp: convert mallocs to dynbuf for RTP buffering
rtsp: skip malformed RTSP interleaved frame data
rtsp: skip NULL assigns after Curl_safefree()
runtests: die if curl version can be found
runtests: don't start servers if -l is given
runtests: fix -c option when run with valgrind
runtests: fix quoting in Appveyor and Azure test integration
runtests: lots of refactoring
runtests: refactor into more packages
runtests: show error message if file can't be written
runtests: spawn a new process for the test runner
rustls: fix error in recv handling
schannel: add clarifying comment
server/getpart: clear target buffer before load
smb: remove double assign
smbserver: remove temporary files before exit
socketpair: verify with a random value
ssh: Add support for libssh2 read timeout
telnet: simplify the implementation of str_is_nonascii()
test1169: fix so it works properly everywhere
test1592: add flaky keyword
test1960: point to the correct path for the precheck tool
test303: kill server after test
tests/http: add timeout to running curl in test cases
tests/http: fix log formatting on wrong exit code
tests/http: fix out-of-tree builds
tests/http: improved httpd detection
tests/http: more tests with specific clients
tests/http: relax connection check in test_07_02
tests/keywords.pl: remove
tests/libtest/lib1900.c: remove
tests/sshserver.pl: Define AddressFamily earlier
tests: 1078 1288 1297 use valid IPv4 addresses
tests: document that the unittest keyword is special
tests: increase sws timeout for more robust testing
tests: log a too-long Unix socket path in sws and socksd
tests: make test_12_01 a bit more forgiving on connection counts
tests: move pidfiles and portfiles under the log directory
tests: move server config files under the pid dir
tests: silence some Perl::Critic warnings in test suite
tests: stop using strndup(), which isn't portable
tests: switch to 3-argument open in test suite
tests: turn perl modules into full packages
tests: use %LOGDIR to refer to the log directory
tool_cb_hdr: Fix 'Location:' formatting for early VTE terminals
tool_operate: pass a long as CURLOPT_HEADEROPT argument
tool_operate: refuse (--data or --form) and --continue-at combo
transfer: refuse POSTFIELDS + RESUME_FROM combo
transfer: skip extra assign
url: fix null dispname for --connect-to option
url: fix PVS nits
url: remove call to Curl_llist_destroy in Curl_close
urlapi: cleanups and improvements
urlapi: detect and error on illegal IPv4 addresses
urlapi: prevent setting invalid schemes with *url_set()
urlapi: skip a pointless assign
urlapi: URL encoding for the URL missed the fragment
urldata: copy CURLOPT_AWS_SIGV4 value on handle duplication
urldata: shrink *select_bits int => unsigned char
vlts: use full buffer size when receiving data if possible
vtls and h2 improvements
Websocket: enhanced en-/decoding
wolfssl.yml: bump to version 5.6.0
write-out.d: Use response_code in example
ws: handle reads before EAGAIN better
Fixed in 8.0.1 - March 20 2023
Bugfixes:
fix crash in curl_easy_cleanup
Fixed in 8.0.0 - March 20 2023
Changes:
build: remove support for curl_off_t < 8 bytes
Bugfixes:
.cirrus.yml: Bump to FreeBSD 13.2
aws_sigv4: fall back to UNSIGNED-PAYLOAD for sign_as_s3
BINDINGS: add Fortran binding
build: drop the use of XC_AMEND_DISTCLEAN
build: fix stdint/inttypes detection with non-autotools
cf-socket: fix handling of remote addr for accepted tcp sockets
cf-socket: if socket is already connected, return CURLE_OK
cf-socket: use port 80 when resolving name for local bind
CI: don't run CI jobs if only another CI was changed
CI: update ngtcp2 and nghttp2 for pytest
cmake: delete unused HAVE__STRTOI64
cmake: fix enabling LDAPS on Windows
cmake: skip CA-path/bundle auto-detection in cross-builds
connect: fix time_connect and time_appconnect timer statistics
cookie: don't load cookies again when flushing
cookie: parse without sscanf()
curl.h: require gcc 12.1 for the deprecation magic
curl: make -w's %{stderr} use the file set with --stderr
curl_path: create the new path with dynbuf
CURLOPT_PIPEWAIT: allow waited reuse also for subsequent connections
CURLOPT_PROXY.3: curl+NSS does not handle HTTPS over unix domain socket
CURLSHOPT_SHARE.3: HSTS sharing is not thread-safe
DEPRECATE: the original legacy mingw version 1
doc: fix compiler warning in libcurl.m4
docs/cmdline-opts: mark all global options
docs/SECURITY-PROCESS.md: updates
docs: extend the URL API descriptions
docs: note '--data-urlencode' option
DYNBUF.md: note Curl_dyn_add* calls Curl_dyn_free on failure
easy: remove infof() debug leftover from curl_easy_recv
examples/http3.c: use CURL_HTTP_VERSION_3
ftp: active mode with SSL, add the filter
ftp: add more conditions for connection reuse
ftp: allocate the wildcard struct on demand
ftp: make the EPSV response parser not use sscanf
ftp: replace sscanf for MDTM 213 response parsing
ftp: replace sscanf for PASV parsing
gssapi: align `gss_OID_desc` to silence ld warnings on macOS ventura
headers: make curl_easy_header and nextheader return different buffers
hostip: avoid sscanf and extra buffer copies
http2: fix error handling during parallel operations
http2: fix for http2-prior-knowledge when reusing connections
http2: fix handling of RST and GOAWAY to recognize partial transfers
http2: fix upload busy loop
http: don't send 100-continue for short PUT requests
http: fix unix domain socket use in https connects
http: rewrite the status line parser without sscanf
http_proxy: parse the status line without sscanf
idn: return error if the conversion ends up with a blank host
krb5: avoid sscanf for parsing
lib1560: test parsing URLs with ridiculously large fields
lib2305: deal with CURLE_AGAIN
lib517: verify time stamps without leading zeroes plus some more
lib: silence clang/gcc -Wvla warnings in brotli headers
lib: skip Curl_llist_destroy calls
libcurl-errors.3: add the CURLHcode errors from curl_easy_header.3
libssh2: only set the memory callbacks when debugging
libssh2: remove unused variable from libssh2's struct
libssh: use dynbuf instead of realloc
Makefile.mk: delete redundant `HAVE_LDAP_SSL` macro
Makefile.mk: fix -g option in debug mode
mqtt: on send error, return error
multi: make multi_perform ignore/unignore signals less often
multi: remove PENDING + MSGSENT handles from the main linked list
ngtcp2-gnutls.yml: bump to gnutls 3.8.0
ngtcp2: fix unwanted close of file descriptor 0
page-footer: add explanation for three missing exit codes
parsedate: parse strings without using sscanf()
parsedate: replace sscanf( for time stamp parsing
quic/schannel: fix compiler warnings
rand: use arc4random as fallback when available
rate.d: single URLs make no sense in --rate example
RELEASE-PROCEDURE.md: update coming release dates
rtsp: avoid sscanf for parsing
runtests: use a hash table for server port numbers
sectransp: fix compiler warning c89 mixed code/declaration
sectransp: make read_cert() use a dynbuf when loading
secure-transport: fix recv return code handling
select: stop treating POLLRDBAND as an error
setopt: move the CURLOPT_CHUNK_DATA pointer to the set struct
socket: detect "dead" connections better, e.g. not fit for reuse
src: silence wmain() warning for all build methods
telnet: only accept option arguments in ascii
telnet: parse NEW_ENVIRON without sscanf
telnet: parse telnet options without sscanf
telnet: parse the WS= argument without sscanf
test1470: test socks proxy using unix sockets and connect to https
test1960: verify CURL_SOCKOPT_ALREADY_CONNECTED
test2600: detect when ALARM_TIMEOUT is in use and adjust
test422: verify --next used without a prior URL
tests/http: add pytest to GHA and improve tests
tests: add `cookies` features
tests: add timeout, SLOWDOWN and DELAY keywords to tests
tests: fix gnutls-serv check
tests: fix MSVC unreachable code warnings in unit tests
tests: hack to build most unit tests under cmake
tests: HTTP server fixups
tests: keep cmake unit tests names in sync
tests: make CPPFLAGS common to all unit tests
tests: make first.c the same for both lib tests and unit tests
tests: support for imaps/pop3s/smtps protocols
tests: sync option lists in runtests.pl & its man page
tests: test secure mail protocols with explicit SSL requests
tests: use AM_CPPFILES to modify flags in unit tests
tests: use dynamic ports numbers in pytest suite
tool: dump headers even if file is write-only
tool: improve --stderr handling
tool_getparam: don't add a new node for just --no-remote-name
tool_getparam: error if --next is used without a prior URL
tool_operate: avoid fclose(NULL) on bad header dump file
tool_operate: propagate error codes for missing URL after --next
tool_progress: shut off progress meter for --silent in parallel
tool_writeout_json. fix the output for duplicate header names
transfer: limit Windows SO_SNDBUF updates to once a second
url: fix cookielist memleak when curl_easy_reset
url: fix logic in connection reuse to deny reuse on "unclean" connections
url: fix the SSH connection reuse check
url: only reuse connections with same GSS delegation
url: remove dummy protocol handler
urlapi: '%' is illegal in host names
urlapi: avoid mutating internals in getter routine
urlapi: parse IPv6 literals without ENABLE_IPV6
urlapi: take const args in _dup and _get functions
wildcard: remove files and move functions into ftplistparser.c
winbuild: fix makefile clean
wolfssl: add quic/ngtcp2 detection in cmake, and fix builds
wolfSSL: ressurect the BIO `io_result`
ws: keep the socket non-blocking
x509asn1.c: use correct format specifier for infof() call
x509asn1: use plain %x, not %lx, when the arg is an int
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
4de715dbe2 |
curl: Update to version 7.88.1
- Update from version 7.87.0 to 7.88.1
- Update of rootfile not required
- Patch removed as fix now built into source tarball
- Changelog
Fixed in 7.88.1 - February 20 2023
Bugfixes:
build-openssl.bat: keep OpenSSL 3 engine binaries
cmake: fix Windows check for CryptAcquireContext
connnect: fix timeout handling to use full duration
curl: make --silent work stand-alone
curl_setup: Suppress OpenSSL 3 deprecation warnings
CURLOPT_WS_OPTIONS.3: fix the availability version
GHA: update rustls dependency to 0.9.2
http2: buffer/pausedata and output flush fix.
http2: set drain on stream end
http: include stdint.h more readily
krb5: silence cast-align warning
lib1560: add IPv6 canonicalization tests
os400: correct Curl_os400_sendto()
remote-header-name.d: mention that filename* is not supported
runtests: fix "uninitialized value $port"
setopt: allow HTTP3 when HTTP2 is not defined
socketpair: allow EWOULDBLOCK when reading the pair check bytes
socks: allow using DoH to resolve host names
tests-httpd: add proxy tests
tests: make sure gnuserv-tls has SRP support before using it
tests: make the telnet server shut down a socket gracefully
tool_getparam: make --get a true boolean
tool_operate: allow debug builds to set buffersize
urlapi: do the port number extraction without using sscanf()
urldata: remove `now` from struct SingleRequest - not needed
Fixed in 7.88.0 - February 15 2023
Changes:
curl.h: add CURL_HTTP_VERSION_3ONLY
share: add sharing of HSTS cache among handles
src: add --http3-only
tool_operate: share HSTS between handles
urlapi: add CURLU_PUNYCODE
writeout: add %{certs} and %{num_certs}
Bugfixes:
cf-socket: fix build when not HAVE_GETPEERNAME
cf-socket: keep sockaddr local in the socket filters
cfilters:Curl_conn_get_select_socks: use the first non-connected filter
CI: add a workflow to automatically label pull requests
CI: add pytest GHA to CI test/tests-httpd on a HTTP/3 setup
CI: Retry failed downloads to reduce spurious failures
CI: update wolfssl / wolfssh to 5.5.4 / 1.4.12
cmake: bump requirement to 3.7
cmake: check for sendmsg
cmake: delete redundant macro definition `SECURITY_WIN32`
cmake: fix dev warning due to mismatched arg
cmake: fix the snprintf detection
cmake: remove deprecated symbols check
cmake: set SOVERSION also for macOS
cmake: use list APPEND syntax for CMAKE_REQUIRED_DEFINITIONS
cmdline-opts/Makefile: on error, do not leave a partial
CODEOWNERS: remove the peeps mentioned as CI owners
connect: fix access of pointer before NULL check
connect: fix build when not ENABLE_IPV6
connect: fix strategy testing for attempts, timeouts and happy-eyeball
connections: introduce http/3 happy eyeballs
content_encoding: do not reset stage counter for each header
CONTRIBUTE: More formally specify the commit description
cookies: fp is always not NULL
copyright.pl: cease doing year verifications
copyright: update all copyright lines and remove year ranges
curl.1: make help, version and manual sections "custom"
curl.h: allow up to 10M buffer size
curl.h: mark CURLSSLBACKEND_MESALINK as deprecated
curl/websockets.h: extend the websocket frame struct
curl: output warning at --verbose output for debug-enabled version
curl_free.3: fix return type of `curl_free`
curl_global_sslset.3: clarify the openssl situation
curl_log: for failf/infof and debug logging implementations
curl_setup: Disable by default recv-before-send in Windows
curl_version_info.3: fix typo
curl_ws_send.3: clarify how to send multi-frame messages
CURLOPT_HEADERDATA.3: warn DLL users must set write function
CURLOPT_READFUNCTION.3: the callback 'size' arg is always 1
CURLOPT_WRITEFUNCTION.3: fix memory leak in example
dict: URL decode the entire path always
docs/DEPRECATE.md: deprecate gskit
docs: add link to GitHub Discussions
docs: mention indirect effects of --insecure
docs: POSTFIELDSIZE must be set to -1 with read function
doh: ifdef IPv6 code
easyoptions: fix header printing in generation script
escape: hex decode with a lookup-table
escape: use table lookup when adding %-codes to output
examples: remove the curlgtk.c example
fopen: remove unnecessary assignment
ftpserver: lower the DATA connect timeout to speed up torture tests
GHA/macos.yml: bump to gcc-12
GHA/macos: use Xcode_14.0.1 for cmake builds
GHA: add job on Slackware 15.0
GHA: bump ngtcp2 workflow dependencies
GHA: enable websockets in the torture job
GHA: move the quiche job here from zuul
GHA: use designated ngtcp2 and its dependencies versions
haxproxy: send before TLS handhshake
header.d: add a header file example
hsts.d: explain hsts more
hsts: handle adding the same host name again
HTTP/[23]: continue upload when state.drain is set
http2: aggregate small SETTINGS/PRIO/WIN_UPDATE frames
http2: fix compiler warning due to uninitialized variable
http2: minor buffer and error path fixes
http2: when using printf %.*s, the length arg must be 'int'
HTTP3: mention what needs to be in place to remove EXPERIMENTAL label
http: add additional condition for including stdint.h
http: decode transfer encoding first
http: fix "part of conditional expression is always false"
http: remove the trace message "Mark bundle... multiuse"
http_aws_sigv4: remove typecasts from HMAC_SHA256 macro
http_proxy: do not assign data->req.p.http use local copy
INSTALL: document how to use multiple TLS backends
lib670: make test.h the first include
lib: connect/h2/h3 refactor
lib: fix typos
lib: fix typos in comments which repeat a word
libssh2: try sha2 algos for hostkey methods
libtest: add a sleep macro for Windows
Linux CI: update some dependecies to latest tag
Makefile.mk: fix wolfssl and mbedtls default paths
man pages: call the custom user pointer 'clientp' consistently
md4: fix build with GnuTLS + OpenSSL v1
misc: fix grammar and spelling
misc: fix spelling
misc: reduce struct and struct field sizes
msh3: add support for request payload
msh3: update to v0.5 Release
msh3: update to v0.6
multi: stop sending empty HTTP/3 UDP datagrams on Windows
multihandle: turn bool struct fields into bits
ngtcp2: add CURLOPT_SSL_CTX_FUNCTION support for openssl+wolfssl
ngtcp2: fix the build without 'sendmsg'
ngtcp2: replace removed define and stop using removed function
no-clobber.d: only use long form options in man page text
noproxy: support for space-separated names is deprecated
nss: implement data_pending method
openldap: fix missing sasl symbols at build in specific configs
openssl: adapt to boringssl's error code type
openssl: don't ignore CA paths when using Windows CA store (redux)
openssl: don't log raw record headers
openssl: make the BIO_METHOD a local variable in the connection filter
openssl: only use CA_BLOB if verifying peer
openssl: remove attached easy handles from SSL instances
openssl: store the CA after first send (ClientHello)
os400: fixes to make-lib.sh and initscript.sh
packages: remove Android, update README
release-notes.pl: check fixes/closes lines better
Revert "x509asn1: avoid freeing unallocated pointers"
runtest.pl: add expected fourth return value
runtests: tear down http2/http3 servers when https server is stopped
runtests: consider warnings fatal and error on them
runtests: fix detection of TLS backends
runtests: make 'mbedtls' a testable feature
rustls: improve error messages
scripts/delta: show percent of number of files changed since last tag
scripts: fix Appveyor job detection in cijobs.pl
scripts: set file mode +x on all perl and shell scripts
sectransp: fix for incomplete read/writes
SECURITY-PROCESS.md: document severity levels
setopt: Address undefined behaviour by checking for null
setopt: move the SHA256 opt within #ifdef libssh2
setopt: use >, not >=, when checking if uarg is larger than uint-max
smb: return error on upload without size
socketpair: allow localhost MITM sniffers
strdup: name it Curl_strdup
system.h: assume OS400 is always built with ILEC compiler
test1560: use a UTF8-using locale when run
test2304: remove stdout verification
tests-httpd: basic infra to run curl against an apache httpd
tests: add 3 new HTTP/2 test cases, plus https: support for nghttpx
tests: add tests for HTTP/2 and HTTP/3 to verify the header API
tests: avoid use of sha1 in certificates
tls: fixes for wolfssl + openssl combo builds
tool_getparam: fix hiding of command line secrets
tool_operate: fix `CURLOPT_SOCKS5_GSSAPI_NEC` type
tool_operate: fix error codes during DOS filename sanitize
tool_operate: fix error codes on bad URL & OOM
tool_operate: fix headerfile writing
tool_operate: repair --rate
transfer: break the read loop when RECV is cleared
typecheck: accept expressions for option/info parameters
url: fix part of conditional expression is always true
urlapi: avoid Curl_dyn_addf() for hex outputs
urlapi: fix part of conditional expression is always true: qlen
urlapi: skip path checks if path is just "/"
urlapi: skip the extra dedotdot alloc if no dot in path
urldata: cease storing TLS auth type
urldata: make 'ftp_create_missing_dirs' depend on FTP || SFTP
urldata: make set.http200aliases conditional on HTTP being present
urldata: move the cookefilelist to the 'set' struct
urldata: remove unused struct fields, made more conditional
vquic: stabilization and improvements
vtls: fix hostname handling in filters
vtls: manage current easy handle in nested cfilter calls
vtls: use ALPN HTTP/1.0 when HTTP/1.0 is used
winbuild: document that arm64 is supported
windows: always use curl's basename() implementation
wolfssl: remove deprecated post-quantum algorithms
workflows/linux.yml: merge 3 common packages
write-out.d: add 'since version' to %{header_json} documentation
write-out.d: clarify Windows % symbol escaping
ws: fix autoping handling
ws: fix multiframe send handling
ws: fix recv of larger frames
ws: remove bad assert
ws: unstick connect-only shutdown
ws: use %Ou for outputting curl_off_t with info()
x509asn1: fix compile errors and warnings
zuul: stop using this CI service
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
|
||
|
Adolf Belka
|
f5a57a8d6a |
curl: Update to version 7.87.0
- Update from version 7.86.0 to 7.87.0
- Update of rootfile
- version 7.87.0 changed hoiw it deals with deprecated typecheck expressions. This caused
zabbix_agentd build to fail. Curl developers created a commit to fix this in next
version release. Added as patch here. Should be able to be removed with next curl
update.
- Changelog
curl and libcurl 7.87.0
This release includes the following changes:
o curl: add --url-query [52]
o CURLOPT_QUICK_EXIT: don't wait for DNS thread on exit [75]
o lib: add CURL_WRITEFUNC_ERROR to signal write callback error [47]
o openssl: reduce CA certificate bundle reparsing by caching [11]
o version: add a feature names array to curl_version_info_data [67]
This release includes the following bugfixes:
o altsvc: fix rejection of negative port numbers [144]
o aws_sigv4: consult x-%s-content-sha256 for payload hash [102]
o aws_sigv4: fix typos in aws_sigv4.c [101]
o base64: better alloc size [124]
o base64: encode without using snprintf [123]
o base64: faster base64 decoding [120]
o build: assume assert.h is always available [111]
o build: assume errno.h is always available [110]
o c-hyper: CONNECT respones are not server responses [137]
o c-hyper: fix multi-request mechanism [115]
o CI: Change FreeBSD image from 12.3 to 12.4 [108]
o CI: LGTM.com will be shut down in December 2022 [112]
o ci: Remove zuul fuzzing job as it's superseded by CIFuzz
o cmake: check for cross-compile, not for toolchain [54]
o CMake: fix build with `CURL_USE_GSSAPI` [78]
o cmake: really enable warnings with clang [25]
o cmake: set the soname on the shared library [140]
o cmdline-opts/gen.pl: fix the linkifier [64]
o cmdline-opts/page-footer: remove long option nroff formatting
o config-mac: define HAVE_SYS_IOCTL_H [107]
o config-mac: fix typo: size_T -> size_t [125]
o config-mac: remove HAVE_SYS_SELECT_H [116]
o config-win32: fix SIZEOF_OFF_T for MSVC and old MinGW [41]
o configure: require fork for NTLM-WB [36]
o contributors.sh: actually use $CURLWWW instead of just setting it [129]
o cookie: compare cookie prefixes case insensitively [14]
o cookie: expire cookies at once when max-age is negative [45]
o cookie: open cookie jar as a binary file [89]
o curl-openssl.m4: do not add $prefix/include/openssl to CPPFLAGS [90]
o curl-rustls.m4: on macOS, rustls also needs the Security framework [44]
o curl.h: include <sys/select.h> on SerenityOS [104]
o curl.h: name all public function parameters [118]
o curl.h: reword comment to not use deprecated option [132]
o curl: override the numeric locale and set "C" by force [60]
o curl: timeout in the read callback [15]
o curl_endian: remove Curl_write64_le from header [81]
o curl_get_line: allow last line without newline char [88]
o curl_path: do not add '/' if homedir ends with one [4]
o curl_url_get.3: remove spurious backtick [127]
o curl_url_set.3: document CURLU_DISALLOW_USER [139]
o curl_url_set.3: fix typo [148]
o CURLMOPT_SOCKETFUNCTION.3: clarify CURL_POLL_REMOVE [1]
o CURLOPT_COOKIEFILE.3: advice => advise [131]
o CURLOPT_DEBUGFUNCTION.3: do not assume nul-termination in example [31]
o CURLOPT_DEBUGFUNCTION.3: emphasize that incoming data is "raw" [130]
o CURLOPT_POST.3: Explain setting to 0 changes request type [61]
o docs/curl_ws_send: Fixed typo in websocket docs [114]
o docs/EARLY-RELEASE.md: how to determine an early release [37]
o docs/examples: spell correction ('Retrieve') [119]
o docs/INSTALL.md: expand on static builds [62]
o docs/WEBSOCKET.md: explain the URL use [71]
o docs: add missing parameters for --retry flag [2]
o docs: add more "SEE ALSO" links to CA related pages [82]
o docs: explain the noproxy CIDR notation support [17]
o docs: extend the dump-header documentation [150]
o docs: remove performance note in CURLOPT_SSL_VERIFYPEER [13]
o examples/10-at-a-time: fix possible skipped final transfers [85]
o examples: update descriptions [83]
o ftp: support growing files with CURLOPT_IGNORE_CONTENT_LENGTH [96]
o gen.pl: do not generate CURLHELP bitmask lines > 79 characters [10]
o GHA: clarify workflows permissions, set least possible privilege [79]
o GHA: NSS use clang instead of clang-9 [103]
o gnutls: use common gnutls init and verify code for ngtcp2 [98]
o headers: add endif comments [51]
o HTTP-COOKIES.md: mention that http://localhost is a secure context [76]
o HTTP-COOKIES.md: update the 6265bis link to draft-11 [70]
o http: do not send PROXY more than once [46]
o http: fix the ::1 comparison for IPv6 localhost for cookies [155]
o http: set 'this_is_a_follow' in the Location: logic [40]
o http: use the IDN decoded name in HSTS checks [154]
o hyper: classify headers as CONNECT and 1XX [56]
o hyper: fix handling of hyper_task's when reusing the same address [33]
o idn: remove Curl_win32_ascii_to_idn [153]
o INSTALL: update operating systems and CPU archs [91]
o KNOWN_BUGS: remove eight entries [50]
o lib1560: add some basic IDN host name tests [151]
o lib: connection filters (cfilter) addition to curl: [43]
o lib: feature deprecation warnings in gcc >= 4.3 [58]
o lib: fix some type mismatches and remove unneeded typecasts [12]
o lib: parse numbers with fixed known base 10 [77]
o lib: remove bad set.opt_no_body assignments [42]
o lib: rewind BEFORE request instead of AFTER previous [65]
o lib: sync guard for Curl_getaddrinfo_ex() definition and use [6]
o lib: use size_t or int etc instead of longs [145]
o libcurl-errors.3: remove duplicate word [3]
o libssh2: return error when ssh_hostkeyfunc returns error [121]
o limit-rate.d: see also --rate
o log2changes.pl: wrap long lines at 80 columns [59]
o Makefile.mk: address minor issues [87]
o Makefile.mk: improve a GNU Make hack [122]
o Makefile.mk: portable Makefile.m32 [86]
o maketgz: set the right version in lib/libcurl.plist [53]
o mime: relax easy/mime structures binding [94]
o misc: Fix incorrect spelling [113]
o misc: remove duplicated include files [28]
o misc: typo and grammar fixes [23]
o negtelnetserver.py: have it call its close() method [68]
o netrc.d: provide mutext info [63]
o netware: remove leftover traces [80]
o noproxy: also match with adjacent comma [19]
o noproxy: guard against empty hostnames in noproxy check [136]
o noproxy: tailmatch like in 7.85.0 and earlier [35]
o nroff-scan.pl: detect double highlights
o ntlm: improve comment for encrypt_des [55]
o ntlm: silence ubsan warning about copying from null target_info pointer [69]
o openssl/mbedtls: use %d for outputing port with failf (int) [72]
o openssl: prefix errors with '[lib]/[version]: ' [105]
o os400: use platform socklen_t in Curl_getnameinfo_a [18]
o page-header: grammar improvement (display transfer rate) [126]
o proxy: refactor haproxy protocol handling as connection filter [57]
o README.md: remove badges and xmas-tree garnish [9]
o rtsp: fix RTSP auth [49]
o runtests: --no-debuginfod now disables DEBUGINFOD_URLS [100]
o runtests: do CRLF replacements per section only [97]
o scripts/checksrc.pl: detect duplicated include files [29]
o sendf: change Curl_read_plain to wrap Curl_recv_plain [48]
o sendf: remove unnecessary if condition [26]
o setup: do not require __MRC__ defined for Mac OS 9 builds [117]
o smb/telnet: do not free the protocol struct in *_done() [152]
o socks: fix username max size is 255 (0xFF) [146]
o spellcheck.words: remove 'github' as an accepted word [22]
o ssl-reqd.d: clarify that this is for upgrading connections only [138]
o strcase: use curl_str(n)equal for case insensitive matches [8]
o styled-output.d: this option does not work on Windows [93]
o system.h: fix socklen_t, curl_off_t, long long for Classic Mac OS [133]
o system.h: support 64-bit curl_off_t for NonStop 32-bit [21]
o test1421: fix typo [109]
o test3026: reduce runtime in legacy mingw builds [73]
o tests/sshserver.pl: re-enable ssh-rsa while using openssh 8.8+
o tests: add authorityInfoAccess to generated certs [99]
o tests: add HTTP/3 test case, custom location for proper nghttpx [106]
o tls: backends use connection filters for IO, enabling HTTPS-proxy [92]
o tool: determine the correct fopen option for -D [95]
o tool_cfgable: free the ssl_ec_curves on exit [142]
o tool_cfgable: make socks5_gssapi_nec a boolean [128]
o tool_formparse: avoid clobbering on function params [135]
o tool_getparam: make --no-get work as the opposite of --get [39]
o tool_operate: provide better errmsg for -G with bad URL [16]
o tool_operate: when aborting, make sure there is a non-NULL error buffer [20]
o tool_paramhlp: free the proto strings on exit [141]
o url: move back the IDN conversion of proxy names [74]
o urlapi: reject more bad letters from the host name: &+() [143]
o urldata: change port num storage to int and unsigned short [66]
o vms: remove SIZEOF_SHORT [134]
o vtls: fix build without proxy support [38]
o vtls: localization of state data in filters [84]
o WEBSOCKET.md: fix broken link [30]
o Websocket: fixes for partial frames and buffer updates [7]
o websockets: fix handling of partial frames [32]
o windows: fail early with a missing windres in autotools [5]
o windows: fix linking .rc to shared curl with autotools [24]
o winidn: drop WANT_IDN_PROTOTYPES [27]
o ws: if no connection is around, return error [149]
o ws: return CURLE_NOT_BUILT_IN when websockets not built in [34]
o x509asn1: avoid freeing unallocated pointers [147]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
|
||
|
Adolf Belka
|
8cb2214c3a |
curl: Update to version 7.86.0
- Update from version 7.84.0 to 7.86.0 - Update of rootfile - curl-7.84.0-easy_lock_h_include_sched_h_if_available_to_fix_build.patch removed as this is now built into the source tarball version - Changelog - is too large to inclkude here. The details can be found in the RELEASE_NOTES file in the source tarballs. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> |
||
Peter Müller
|
3890da81da |
curl: Fix build on armv6l
https://github.com/curl/curl/pull/9054 Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Adolf Belka
|
a0cd3eb0f0 |
curl: Update to version 7.84.0
- Update from version 7.83.1 to 7.84.0
- Update of rootfile
- Changelog
7.84.0 - June 27 2022
Changes:
curl: add --rate to set max request rate per time unit
curl: deprecate --random-file and --egd-file
curl_version_info: add CURL_VERSION_THREADSAFE
CURLINFO_CAPATH/CAINFO: get the default CA paths from libcurl
lib: make curl_global_init() threadsafe when possible
libssh2: add CURLOPT_SSH_HOSTKEYFUNCTION
opts: deprecate RANDOM_FILE and EGDSOCKET
socks: support unix sockets for socks proxy
Bugfixes:
aws-sigv4: fix potentional NULL pointer arithmetic
bindlocal: don't use a random port if port number would wrap
c-hyper: mark status line as status for Curl_client_write()
ci: avoid `cmake -Hpath`
CI: bump FreeBSD 13.0 to 13.1
ci: update github actions
cmake: add libpsl support
cmake: do not add libcurl.rc to the static libcurl library
cmake: enable curl.rc for all Windows targets
cmake: fix detecting libidn2
cmake: support adding a suffix to the OS value
configure: skip libidn2 detection when winidn is used
configure: use the SED value to invoke sed
configure: warn about rustls being experimental
content_encoding: return error on too many compression steps
cookie: address secure domain overlay
cookie: apply limits
copyright.pl: parse and use .reuse/dep5 for skips
copyright: make repository REUSE compliant
curl.1: add a few see also --tls-max
curl.1: mention exit code zero too
curl: re-enable --no-remote-name
curl_easy_pause.3: remove explanation of progress function
curl_getdate.3: document that some illegal dates pass through
Curl_parsenetrc: don't access local pwbuf outside of scope
curl_url_set.3: clarify by default using known schemes only
CURLOPT_ALTSVC.3: document the file format
CURLOPT_FILETIME.3: fix the protocols this works with
CURLOPT_HTTPHEADER.3: improve comment in example
CURLOPT_NETRC.3: document the .netrc file format
CURLOPT_PORT.3: We discourage using this option
CURLOPT_RANGE.3: remove ranged upload advice
digest: added detection of more syntax error in server headers
digest: tolerate missing "realm"
digest: unquote realm and nonce before processing
DISABLED: disable 1021 for hyper again
docs/cmdline-opts: add copyright and license identifier to each file
docs/CONTRIBUTE.md: document the 'needs-votes' concept
docs: clarify data replacement policy for MIME API
doh: remove UNITTEST macro definition
examples/crawler.c: use the curl license
examples: remove fopen.c and rtsp.c
FAQ: Clarify Windows double quote usage
fopen: add Curl_fopen() for better overwriting of files
ftp: restore protocol state after http proxy CONNECT
ftp: when failing to do a secure GSSAPI login, fail hard
GHA/hyper: enable debug in the build
gssapi: improve handling of errors from gss_display_status
gssapi: initialize gss_buffer_desc strings
headers api: remove EXPERIMENTAL tag
http2: always debug print stream id in decimal with %u
http2: reject overly many push-promise headers
http: restore header folding behavior
hyper: use 'alt-used'
krb5: return error properly on decode errors
lib: make more protocol specific struct fields #ifdefed
libcurl-security.3: add "Secrets in memory"
libcurl-security.3: document CRLF header injection
libssh: skip the fake-close when libssh does the right thing
links: update dead links to the curl-wiki
log2changes: do not indent empty lines [ci skip]
macos9: remove partial support
Makefile.am: fix portability issues
Makefile.m32: delete obsolete options, improve -On [ci skip]
Makefile.m32: delete two obsolete OpenSSL options [ci skip]
Makefile.m32: stop forcing XP target with ipv6 enabled [ci skip]
max-time.d: clarify max-time sets max transfer time
mprintf: ignore clang non-literal format string
netrc: check %USERPROFILE% as well on Windows
netrc: support quoted strings
ngtcp2: allow curl to send larger UDP datagrams
ngtcp2: correct use of ngtcp2 and nghttp3 signed integer types
ngtcp2: enable Linux GSO
ngtcp2: extend QUIC transport parameters buffer
ngtcp2: fix alert_read_func return value
ngtcp2: fix typo in preprocessor condition
ngtcp2: handle error from ngtcp2_conn_submit_crypto_data
ngtcp2: send appropriate connection close error code
ngtcp2: support boringssl crypto backend
ngtcp2: use helper funcs to simplify TLS handshake integration
ntlm: provide a fixed fake host name
projects: fix third-party SSL library build paths for Visual Studio
quic: add Curl_quic_idle
quiche: support ca-fallback
rand: stop detecting /dev/urandom in cross-builds
remote-name.d: mention --output-dir
runtests.pl: add the --repeat parameter to the --help output
runtests: fix skipping tests not done event-based
runtests: skip starting the ssh server if user name is lacking
scripts/copyright.pl: fix the exclusion to not ignore man pages
sectransp: check for a function defined when __BLOCKS__ is undefined
select: return error from "lethal" poll/select errors
server/sws: support spaces in the HTTP request path
speed-limit/time.d: mention these affect transfers in either direction
strcase: some optimisations
test 2081: add a valid reply for the second request
test 675: add missing CR so the test passes when run through Privoxy
test414: add the '--resolve' keyword
test681: verify --no-remote-name
tests 266, 116 and 1540: add a small write delay
tests/data/test1501: kill ftp server after slow LIST response
tests/getpart: fix getpartattr to work with "data" and "data2"
tests/server/sws.c: change the HTTP writedelay unit to milliseconds
test{440,441,493,977}: add "HTTP proxy" keywords
tool_getparam: fix --parallel-max maximum value constraint
tool_operate: make sure --fail-with-body works with --retry
transfer: fix potential NULL pointer dereference
transfer: maintain --path-as-is after redirects
transfer: upload performance; avoid tiny send
url: free old conn better on reuse
url: remove redundant #ifdefs in allocate_conn()
url: URL encode the path when extracted, if spaces were set
urlapi: make curl_url_set(url, CURLUPART_URL, NULL, 0) clear all parts
urlapi: support CURLU_URLENCODE for curl_url_get()
urldata: reduce size of a few struct fields
urldata: remove three unused booleans from struct UserDefined
urldata: store tcp_keepidle and tcp_keepintvl as ints
version: allow stricmp() for sorting the feature list
vtls: make curl_global_sslset thread-safe
wolfssh.h: removed
wolfssl: correct the failf() message when a handle can't be made
wolfSSL: explicitly use compatibility layer
x509asn1: mark msnprintf return as unchecked
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
|
||
|
Adolf Belka
|
247d9e685e |
curl: Update to version 7.83.1
- Update from version 7.83.0 to 7.83.1
- Update of rootfile not required
- Changelog
version 7.83.1
This release includes the following bugfixes:
o altsvc: fix host name matching for trailing dots [31]
o cirrus: Update to FreeBSD 12.3 [24]
o cirrus: Use pip for Python packages on FreeBSD [23]
o conn: fix typo 'connnection' -> 'connection' in two function names [1]
o cookies: make bad_domain() not consider a trailing dot fine [26]
o curl: free resource in error path [3]
o curl: guard against size_t wraparound in no-clobber code [4]
o CURLOPT_DOH_URL.3: mention the known bug [19]
o CURLOPT_HSTS*FUNCTION.3: document the involved structs as well [20]
o CURLOPT_SSH_AUTH_TYPES.3: fix the default [18]
o data/test376: set a proper name
o GHA/mbedtls: enabled nghttp2 in the build [11]
o gha: build msh3 [5]
o gskit: fixed bogus setsockopt calls [17]
o gskit: remove unused function set_callback [2]
o hsts: ignore trailing dots when comparing hosts names [28]
o HTTP-COOKIES: add missing CURLOPT_COOKIESESSION [40]
o http: move Curl_allow_auth_to_host() [9]
o http_proxy/hyper: handle closed connections [34]
o hyper: fix test 357 [32]
o Makefile: fix "make ca-firefox" [37]
o mbedtls: bail out if rng init fails [14]
o mbedtls: fix compile when h2-enabled [12]
o mbedtls: fix some error messages
o misc: use "autoreconf -fi" instead buildconf [22]
o msh3: get msh3 version from MsH3Version [6]
o msh3: print boolean value as text representation [10]
o msh3: psss remote_port to MsH3ConnectionOpen [7]
o ngtcp2: add ca-fallback support for OpenSSL backend [35]
o nss: return error if seemingly stuck in a cert loop [30]
o openssl: define HAVE_SSL_CTX_SET_EC_CURVES for libressl [8]
o post_per_transfer: remove the updated file name [27]
o sectransp: bail out if SSLSetPeerDomainName fails [33]
o tests/server: declare variable 'reqlogfile' static [39]
o tests: fix markdown formatting in README [38]
o test{898,974,976}: add 'HTTP proxy' keywords [16]
o tls: check more TLS details for connection reuse [25]
o url: check SSH config match on connection reuse [21]
o urlapi: address (harmless) UndefinedBehavior sanitizer warning [15]
o urlapi: reject percent-decoding host name into separator bytes [29]
o x509asn1: make do_pubkey handle EC public keys [13]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
|
||
|
Adolf Belka
|
f61ced49e9 |
curl: Update to version 7.83.0
- Update from 7.82.0 to 7.83.0
- Update of rootfile
- Changelog
7.83.0
Changes:
o curl: add %header{name} experimental support in -w handling
o curl: add %{header_json} experimental support in -w handling
o curl: add --no-clobber [28]
o curl: add --remove-on-error [11]
o header api: add curl_easy_header and curl_easy_nextheader [56]
o msh3: add support for QUIC and HTTP/3 using msh3 [84]
Bugfixes:
o appveyor: add Cygwin build [77]
o appveyor: only add MSYS2 to PATH where required [78]
o BearSSL: add CURLOPT_SSL_CIPHER_LIST support [27]
o BearSSL: add CURLOPT_SSL_CTX_FUNCTION support [26]
o BINDINGS.md: add Hollywood binding [34]
o CI: Do not use buildconf. Instead, just use: autoreconf -fi [42]
o CI: install Python package impacket to run SMB test 1451 [5]
o configure.ac: move -pthread CFLAGS setting back where it used to be [14]
o configure: bump the copyright year range int the generated output
o conncache: include the zone id in the "bundle" hashkey [112]
o connecache: remove duplicate connc->closure_handle check [90]
o connect: make Curl_getconnectinfo work with conn cache from share handle [22]
o connect: use TCP_KEEPALIVE only if TCP_KEEPIDLE is not defined [6]
o cookie.d: clarify when cookies are sent
o cookies: improve errorhandling for reading cookiefile [123]
o curl/system.h: update ifdef condition for MCST-LCC compiler [4]
o curl: error out if -T and -d are used for the same URL [99]
o curl: error out when options need features not present in libcurl [18]
o curl: escape '?' in generated --libcurl code [117]
o curl: fix segmentation fault for empty output file names. [60]
o curl_easy_header: fix typos in documentation [74]
o CURLINFO_PRIMARY_PORT.3: clarify which port this is [126]
o CURLOPT*TLSAUTH.3: they only work with OpenSSL or GnuTLS [105]
o CURLOPT_DISALLOW_USERNAME_IN_URL.3: use uppercase URL
o CURLOPT_PREQUOTE.3: only works for FTP file transfers, not dirs [79]
o CURLOPT_PROGRESSFUNCTION.3: fix typo in example [63]
o CURLOPT_UNRESTRICTED_AUTH.3: extended explanation [127]
o CURLSHOPT_UNLOCKFUNC.3: fix the callback prototype [9]
o docs/HYPER.md: updated to reflect current hyper build needs
o docs/opts: Mention Schannel client cert type is P12 [50]
o docs: Fix missing semicolon in example code [102]
o docs: lots of minor language polish [51]
o English: use American spelling consistently [95]
o fail.d: tweak the description [101]
o firefox-db2pem.sh: make the shell script safer [47]
o ftp: fix error message for partial file upload [61]
o gen.pl: change wording for mutexed options [98]
o GHA: add openssl3 jobs moved over from zuul [88]
o GHA: build hyper with nightly rustc [7]
o GHA: move bearssl jobs over from zuul [85]
o gha: move the event-based test over from Zuul [59]
o gtls: fix build for disabled TLS-SRP [48]
o http2: handle DONE called for the paused stream [69]
o http2: RST the stream if we stop it on our own will [67]
o http: avoid auth/cookie on redirects same host diff port [110]
o http: close the stream (not connection) on time condition abort [68]
o http: reject header contents with nul bytes [41]
o http: return error on colon-less HTTP headers [31]
o http: streamclose "already downloaded" [57]
o hyper: fix status_line() return code [13]
o hyper: fix tests 580 and 581 for hyper [107]
o hyper: no h2c support [33]
o infof: consistent capitalization of warning messages [103]
o ipv4/6.d: clarify that they are about using IP addresses [3]
o json.d: fix typo (overriden -> overridden) [24]
o keepalive-time.d: It takes many probes to detect brokenness [29]
o lib/warnless.[ch]: only check for WIN32 and ignore _WIN32 [45]
o lib670: avoid double check result [71]
o lib: #ifdef on USE_HTTP2 better [65]
o lib: fix some misuse of curlx_convert_wchar_to_UTF8 [38]
o lib: remove exclamation marks [100]
o libssh2: compare sha256 strings case sensitively [114]
o libssh2: make the md5 comparison fail if wrong length [111]
o libssh: fix build with old libssh versions [12]
o libssh: fix double close [124]
o libssh: Improve fix for missing SSH_S_ stat macros [10]
o libssh: unstick SFTP transfers when done event-based [58]
o macos: set .plist version in autoconf [122]
o mbedtls: remove 'protocols' array from backend when ALPN is not used [66]
o mbedtls: remove server_fd from backend [91]
o mk-ca-bundle.pl: Use stricter logic to process the certificates [39]
o mk-ca-bundle.vbs: delete this script in favor of mk-ca-bundle.pl [8]
o mlc_config.json: add file to ignore known troublesome URLs [35]
o mqtt: better handling of TCP disconnect mid-message [55]
o ngtcp2: add client certificate authentication for OpenSSL [15]
o ngtcp2: avoid busy loop in low CWND situation [119]
o ngtcp2: deal with sub-millisecond timeout [116]
o ngtcp2: disconnect the QUIC connection proper [19]
o ngtcp2: enlarge H3_SEND_SIZE [82]
o ngtcp2: fix HTTP/3 upload stall and avoid busy loop [83]
o ngtcp2: fix memory leak [80]
o ngtcp2: fix QUIC_IDLE_TIMEOUT [94]
o ngtcp2: make curl 1ms faster [93]
o ngtcp2: remove remote_addr which is not used in a meaningful way [81]
o ngtcp2: update to work after recent ngtcp2 updates [62]
o ngtcp2: use token when detecting :status header field [92]
o nonblock: restore setsockopt method to curlx_nonblock [20]
o openssl: check SSL_get_peer_cert_chain return value [1]
o openssl: enable CURLOPT_SSL_EC_CURVES with BoringSSL [23]
o openssl: fix CN check error code [21]
o options: remove mistaken space before paren in prototype
o perl: removed a double semicolon at end of line [64]
o pop3/smtp: return *WEIRD_SERVER_REPLY when not understood [43]
o projects/README: converted to markdown [76]
o projects: Update VC version names for VS2017, VS2022 [52]
o rtsp: don't let CSeq error override earlier errors [37]
o runtests: add 'bearssl' as testable feature [87]
o runtests: make 'oldlibssh' be before 0.9.4 [2]
o schannel: remove dead code that will never run [89]
o scripts/copyright.pl: ignore the new mlc_config.json file
o scripts: move three scripts from lib/ to scripts/ [44]
o test1135: sync with recent API updates [54]
o test1459: disable for oldlibssh [53]
o test375: fix line endings on Windows [40]
o test386: Fix an incorrect test markup tag
o test718: edited slightly to return better HTTP [32]
o tests/server/util.h: align WIN32 condition with util.c [46]
o tests: refactor server/socksd.c to support --unix-socket [96]
o timediff.[ch]: add curlx helper functions for timeval conversions [86]
o tls: make mbedtls and NSS check for h2, not nghttp2 [70]
o tool and tests: force flush of all buffers at end of program [17]
o tool_cb_hdr: Turn the Location: into a terminal hyperlink [30]
o tool_getparam: error out on missing -K file [115]
o tool_listhelp.c: uppercase URL
o tool_operate: fix a scan-build warning [16]
o tool_paramhlp: use feof(3) to identify EOF correctly when using fread(3) [97]
o transfer: redirects to other protocols or ports clear auth [109]
o unit1620: call global_init before calling Curl_open [125]
o url: check sasl additional parameters for connection reuse. [113]
o vtls: provide a unified APLN-disagree string for all backends [75]
o vtls: use a backend standard message for "ALPN: offers %s" [73]
o vtls: use a generic "ALPN, server accepted" message [72]
o winbuild/README.md: fixup dead link [36]
o winbuild: Add a Visual Studio example to the README [49]
o wolfssl: fix compiler error without IPv6 [25]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
|
||
|
Adolf Belka
|
ae4451a4c8 |
curl: Update to version 7.82.0
- Update from 7.81.0 to 7.82.0
- Update of rootfile not required
- Changelog
Versionl 7.82.0
This release includes the following changes:
o curl: add --json [67]
o mesalink: remove support [23]
This release includes the following bugfixes:
o appveyor: update images from VS 2019 to 2022
o appveyor: use VS 2017 image for the autotools builds
o azure-pipelines: add a build on Windows with libssh [154]
o bearssl: fix connect error on expired cert and no verify [132]
o bearssl: fix EXC_BAD_ACCESS on incomplete CA cert [131]
o bearssl: fix session resumption (session id) [133]
o build: enable -Warith-conversion
o build: fix -Wenum-conversion handling
o build: fix ngtcp2 crypto library detection [63]
o checkprefix: remove strlen calls [128]
o checksrc: fix typo in comment [34]
o CI: move 'distcheck' job from zuul to azure pipelines [60]
o CI: move scan-build job from Zuul to Azure Pipelines [59]
o CI: move the NSS job from zuul to GHA [84]
o ci: move the OpenSSL + c-ares job from Zuul to Circle CI [75]
o CI: move the rustls CI job to GHA from Zuul [8]
o CI: move two jobs from Zuul to Circle CI [73]
o CI: test building wolfssl with --enable-opensslextra [42]
o CI: workflows/wolfssl: install impacket [47]
o circleci: add a job using libssh [121]
o cirlceci: also run a c-ares job on arm with debug enabled [74]
o cmake: fix iOS CMake project generation error [13]
o cmdline-opts/gen.pl: fix option matching to improve references [50]
o config.d: Clarify _curlrc filename is still valid on Windows [95]
o configure.ac: use user-specified gssapi dir when using pkg-config [136]
o configure: change output for cross-compiled alt-svc support [140]
o configure: fix '--enable-code-coverage' typo [110]
o configure: remove support for "embedded ares" [82]
o configure: requires --with-nss-deprecated to build with NSS [114]
o configure: set CURL_LIBRARY_PATH for nghttp2 [58]
o configure: support specification of a nghttp2 library path [101]
o configure: use correct CFLAGS for threaded resolver with xlC on AIX [54]
o curl tool: erase some more sensitive command line arguments [22]
o curl-functions.m4: fix LIBRARY_PATH adjustment to avoid eval [5]
o curl-functions.m4: revert DYLD_LIBRARY_PATH tricks in CURL_RUN_IFELSE [9]
o curl-openssl: fix SRP check for OpenSSL 3.0 [86]
o curl-openssl: remove the OpenSSL headers and library versions check [35]
o curl.h: fix typo [129]
o curl: remove "separators" (when using globbed URLs) [32]
o curl_getdate.3: remove pointless .PP line [68]
o curl_multi_socket.3: remove callback and typical usage descriptions [7]
o curl_url_set.3: mention when CURLU_ALLOW_SPACE was added
o CURLMOPT_TIMERFUNCTION/DATA.3: fix the examples [27]
o CURLOPT_PROGRESSFUNCTION.3: fix example struct assignment [147]
o CURLOPT_RESOLVE.3: change example port to 443
o CURLOPT_XFERINFOFUNCTION.3: fix example struct assignment [153]
o CURLOPT_XFERINFOFUNCTION.3: fix typo in example [81]
o CURLSHOPT_LOCKFUNC.3: fix typo "relased" -> "released" [71]
o des: fix compile break for OpenSSL without DES [141]
o docs/cmdline-opts: add "mutexed" options for more http versions [25]
o docs/DEPRECATE: remove NPN support in August 2022 [64]
o docs: capitalize the name 'Netscape' [77]
o docs: document HTTP/2 not insisting on TLS 1.2 [49]
o docs: fix mandoc -T lint formatting complaints [2]
o docs: update IETF links to use datatracker [41]
o examples/curlx: support building with OpenSSL 1.1.0+ [148]
o examples/multi-app.c: call curl_multi_remove_handle as well [19]
o formdata: avoid size_t => long typecast overflows [37]
o ftp: provide error message for control bytes in path [66]
o gen.pl: terminate "example" sections better [4]
o gha: add a macOS CI job with libssh [142]
o gskit: Convert to using Curl_poll [111]
o gskit: Fix errors from Curl_strerror refactor [113]
o gskit: Fix initialization of Curl_ssl_gskit struct [112]
o h2/h3: allow CURLOPT_HTTPHEADER change ":scheme" [88]
o hostcheck: fixed to not touch used input strings [38]
o hostcheck: reduce strlen calls on chained certificates [92]
o hostip: avoid unused parameter error in Curl_resolv_check [144]
o http2: move two infof calls to debug-h2-only [145]
o http: make Curl_compareheader() take string length arguments too [87]
o if2ip: make Curl_ipv6_scope a blank macro when IPv6-disabled [104]
o KNOWN_BUGS: fix typo "libpsl"
o ldap: return CURLE_URL_MALFORMAT for bad URL [24]
o lib: remove support for CURL_DOES_CONVERSIONS [96]
o libssh2: don't typecast socket to int for libssh2_session_handshake [151]
o libssh: fix include files and defines use for Windows builds [156]
o Makefile.am: Generate VS 2022 projects
o maketgz: return error if 'make dist' fails [79]
o mbedtls: enable use of mbedtls without CRL support [57]
o mbedtls: enable use of mbedtls without filesystem functions support [100]
o mbedtls: fix CURLOPT_SSLCERT_BLOB (again)
o mbedtls: fix ssl_init error with mbedTLS 3.1.0+ [12]
o mbedtls: remove #include <mbedtls/certs.h> [56]
o mbedtls: return CURLcode result instead of a mbedtls error code [1]
o md5: check md5_init_func return value
o mime: use a define instead of the magic number 24 [89]
o misc: allow curl to build with wolfssl --enable-opensslextra [43]
o misc: remove BeOS code and references [30]
o misc: remove the final watcom references [29]
o misc: remove unused data when IPv6 is not supported [80]
o mqtt: free 'sendleftovers' in disconnect [115]
o mqtt: free any send leftover data when done [36]
o multi: allow user callbacks to call curl_multi_assign [126]
o multi: grammar fix in comment [69]
o multi: remember connection_id before returning connection to pool [76]
o multi: set in_callback for multi interface callbacks [28]
o netware: remove support [72]
o next.d. remove .fi/.nf as they are handled by gen.pl [3]
o ngtcp2: adapt to changed end of headers callback proto [39]
o ngtcp2: fix declaration of ‘result’ shadows a previous local [14]
o ngtcp2: Reset dynbuf when it is fully drained [143]
o nss: handshake callback during shutdown has no conn->bundle [55]
o ntlm: remove unused feature defines [117]
o openldap: fix compiler warning when built without SSL support [70]
o openldap: implement SASL authentication [16]
o openldap: pass string length arguments to client_write() [116]
o openssl.h: avoid including OpenSSL headers here [15]
o openssl: check if sessionid flag is enabled before retrieving session [125]
o openssl: check SSL_get_ex_data to prevent potential NULL dereference [40]
o openssl: check the return value of BIO_new_mem_buf() [18]
o openssl: fix `ctx_option_t` for OpenSSL v3+
o openssl: fix build for version < 1.1.0 [134]
o openssl: return error if TLS 1.3 is requested when not supported [45]
o os400: Add function wrapper for system command [138]
o os400: Add link to QADRT devkit to README.OS400 [137]
o os400: Default build to target current release [139]
o OS400: fix typos in rpg include file [149]
o projects: add support for Visual Studio 17 (2022) [124]
o projects: fix Visual Studio wolfSSL configurations
o projects: remove support for MSVC before VC10 (Visual Studio 2010) [123]
o quiche: after leaving h3_recving state, poll again [108]
o quiche: change qlog file extension to `.sqlog` [44]
o quiche: fix upload for bigger content-length [146]
o quiche: handle stream reset [83]
o quiche: remove two leftover debug infof() outputs
o quiche: verify the server cert on connect [33]
o quiche: when *recv_body() returns data, drain it before polling again [109]
o README.md: fix links [118]
o remote-header-name.d: clarify [10]
o runtests.pl: disable debuginfod [51]
o runtests.pl: properly print the test if it contains binary zeros
o runtests.pl: support the nonewline attribute for the data part [21]
o runtests.pl: tolerate test directories without Makefile.inc [98]
o runtests: allow client/file to specify multiple directories
o runtests: make 'rustls' a testable feature
o runtests: make 'wolfssl' a testable feature [6]
o runtests: set 'oldlibssh' for libssh versions before 0.9.5 [122]
o rustls: add CURLOPT_CAINFO_BLOB support [26]
o schannel: move the algIds array out of schannel.h [135]
o scripts/cijobs.pl: output data about all currect CI jobs [78]
o scripts/completion.pl: improve zsh completion [46]
o scripts/copyright.pl: support many provided file names on the cmdline
o scripts/delta: check the file delta for current branch
o sectransp: mark a 3DES cipher as weak [130]
o setopt: do bounds-check before strdup [99]
o setopt: fix the TLSAUTH #ifdefs for proxy-disabled builds [53]
o sha256: Fix minimum OpenSSL version [102]
o smb: pass socket for writing and reading data instead of FIRSTSOCKET [90]
o ssl: reduce allocated space for ssl backend when FTP is disabled [127]
o test3021: disable all msys2 path transformation
o test374: gif data without new line at the end [20]
o tests/disable-scan.pl: properly detect multiple symbols per line [94]
o tests/unit/Makefile.am: add NSS_LIBS to build with NSS fine [85]
o tool_findfile: check ~/.config/curlrc too [17]
o tool_getparam: DNS options that need c-ares now fail without it [31]
o TPF: drop support [97]
o unit1610: init SSL library before calling SHA256 functions [152]
o url: exclude zonefrom_url when no ipv6 is available [103]
o url: given a user in the URL, find pwd for that user in netrc [11]
o url: keep trailing dot in host name [62]
o url: make Curl_disconnect return void [48]
o urlapi: handle "redirects" smarter [119]
o urldata: CONN_IS_PROXIED replaces bits.proxy when proxy can be disabled [52]
o urldata: remove conn->bits.user_passwd [105]
o version_win32: fix warning for `CURL_WINDOWS_APP` [93]
o vtls: fix socket check conditions [150]
o vtls: pass on the right SNI name [61]
o vxworks: drop support [65]
o winbuild: add parameter WITH_SSH [120]
o wolfssl: return CURLE_AGAIN for the SSL_ERROR_NONE case [106]
o wolfssl: when SSL_read() returns zero, check the error [107]
o write-out.d: Fix num_headers formatting
o x509asn1: toggle off functions not needed for diff tls backends [91]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
|
||
|
Peter Müller
|
9a7e4d8506 |
Switch checksums from MD5 to BLAKE2
Historically, the MD5 checksums in our LFS files serve as a protection against broken downloads, or accidentally corrupted source files. While the sources are nowadays downloaded via HTTPS, it make sense to beef up integrity protection for them, since transparently intercepting TLS is believed to be feasible for more powerful actors, and the state of the public PKI ecosystem is clearly not helping. Therefore, this patch switches from MD5 to BLAKE2, updating all LFS files as well as make.sh to deal with this checksum algorithm. BLAKE2 is notably faster (and more secure) than SHA2, so the performance penalty introduced by this patch is negligible, if noticeable at all. In preparation of this patch, the toolchain files currently used have been supplied with BLAKE2 checksums as well on https://source.ipfire.org/. Cc: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Acked-by: Michael Tremer <michael.tremeripfire.org> |
||
|
Adolf Belka
|
593adc77a7 |
curl: Update to version 7.81.0
- Update from 7.80.0 to 7.81.0
- Update of rootfile
- Changelog
7.81.0
This release includes the following changes:
o mime: use percent-escaping for multipart form field and file names [1]
This release includes the following bugfixes:
o asyn-ares: ares_getaddrinfo needs no happy eyeballs timer [73]
o azure: make the "w/o HTTP/SMTP/IMAP" build disable SSL proper [12]
o BINDINGS: add cURL client for PostgreSQL [68]
o BINDINGS: add one from Everything curl and update a link
o checksrc: detect more kinds of NULL comparisons we avoid [105]
o CI: build examples for additional code verification [75]
o CI: bump job to use mbedtls 3.1.0 [90]
o cmake: don't set _USRDLL on a static Windows build [22]
o cmake: prevent dev warning due to mismatched arg [94]
o cmake: private identifiers use CURL_ instead of CMAKE_ prefix [40]
o config.d: update documentation to match the path search
o configure: add -lm to configure for rustls build. [13]
o configure: better diagnostics if hyper is built wrong [6]
o configure: don't enable TLS when --without-* flags are used [17]
o configure: fix runtime-lib detection on macOS [21]
o curl.1: require "see also" for every documented option [27]
o curl: improve error message for --head with -J [42]
o curl_easy_cleanup.3: remove from multi handle first [3]
o curl_easy_escape.3: call curl_easy_cleanup in example [58]
o curl_easy_unescape.3: call curl_easy_cleanup in example [57]
o curl_multi_init.3: fix EXAMPLE formatting
o curl_multi_perform/socket_action.3: clarify what errors mean [70]
o curl_share_setopt.3: split out options into their own manpages [14]
o CURLOPT_STDERR.3: does not work with libcurl as a win32 DLL [51]
o digest: compute user:realm:pass digest w/o userhash [45]
o docs/checksrc: Add documentation for STRERROR [18]
o docs/cmdline-opts: do not say "protocols: all" [26]
o docs/examples: workaround broken -Wno-pedantic-ms-format
o docs/HTTP3: describe how to setup a h3 reverse-proxy for testing [88]
o docs/INSTALL.md: typo fix : added missing "get" verb [31]
o docs/URL-SYNTAX.md: space is not fine in a given URL
o docs: add known bugs list to HTTP3.md [83]
o docs: address proselint nits [16]
o docs: consistent manpage SYNOPSIS [47]
o docs: fix dead links, remove ECH.md
o docs: fix typo in OpenSSL 3 build instructions [80]
o docs: Update the Reducing Size section
o example/progressfunc: remove code for old libcurls [78]
o examples/multi-single.c: remove WAITMS() [98]
o FAQ: typo fix : "yout" ➤ "your" [30]
o ftp: disable warning 4706 in MSVC [85]
o gen.pl: improve example output format [29]
o github workflow: add wolfssl (removed from zuul) [103]
o github/workflows: add mbedtls and mbedtls-clang (removed from zuul) [92]
o gtls: check return code for gnutls_alpn_set_protocols [86]
o hash: lazy-alloc the table in Curl_hash_add() [54]
o http2:set_transfer_url() return early on OOM [53]
o HTTP3: update quiche build instructions [37]
o http: enable haproxy support for hyper backend [20]
o http: Fix CURLOPT_HTTP200ALIASES [89]
o http_proxy: don't close the socket (too early) [100]
o insecure.d: detail its use for SFTP and SCP as well [32]
o insecure.d: expand and clarify [28]
o libcurl-multi.3: "SOCKS proxy handshakes" are not blocking
o libcurl-security.3: mention address and URL mitigations
o libssh2: fix error message for sha256 mismatch
o libtest: avoid "assignment within conditional expression" [84]
o lift: ignore is a deprecated config option, use ignoreRules [35]
o linkcheck.yml: add CI job that checks markdown links [82]
o m4/curl-compilers: tell clang -Wno-pointer-bool-conversion [99]
o Makefile.m32: rename -winssl option to -schannel and tidy up [33]
o mbedTLS: add support for CURLOPT_CAINFO_BLOB [44]
o mbedtls: fix CURLOPT_SSLCERT_BLOB [72]
o mbedtls: fix private member designations for v3.1.0 [93]
o misc: remove unused doh flags when CURL_DISABLE_DOH is defined [71]
o misc: s/e-mail/email [74]
o multi: cleanup the socket hash when destroying it [55]
o multi: handle errors returned from socket/timer callbacks [52]
o multi: shut down CONNECT in Curl_detach_connnection [2]
o netrc.d: edit the .netrc example to look nicer [24]
o ngtcp2: verify the server cert on connect (quictls) [102]
o ngtcp2: verify the server certificate for the gnutls case [101]
o nss:set_cipher don't clobber the cipher list [38]
o openldap: implement STARTTLS [56]
o openldap: process search query response messages one by one [50]
o openldap: several minor improvements [69]
o openldap: simplify ldif generation code [77]
o openssl: check the return value of BIO_new() [43]
o openssl: define HAVE_OPENSSL_VERSION for OpenSSL 1.1.0+
o openssl: remove `RSA_METHOD_FLAG_NO_CHECK` handling if unavailable
o openssl: remove usage of deprecated `SSL_get_peer_certificate`
o openssl: use non-deprecated API to read key parameters
o page-footer: add a mention of how to report bugs to the man page
o page-footer: document more environment variables [23]
o request.d: refer to 'method' rather than 'command' [59]
o retry-all-errors.d: make the example complete
o runtests: make the SSH library a testable feature
o rustls: read of zero bytes might be okay [9]
o rustls: remove comment about checking handshaking [15]
o rustls: remove incorrect EOF check [10]
o sha256/md5: return errors when init fails [79]
o socks5: use appropriate ATYP for numerical IP address host names [91]
o test1156: enable for hyper [65]
o test1156: fixup the stdout check for Windows [60]
o test1525: tweaked for hyper [64]
o test1526: enable for hyper [63]
o test1527: enable for hyper [62]
o test1528: enable for hyper [61]
o test1554: adjust for hyper [49]
o test1556: adjust for hyper [48]
o test302[12]: run only with the libssh2 backend [8]
o test661: enable for hyper [66]
o tests/CI.md: add more information on CI environments [39]
o tests/data/test302[12]: fix MSYS2 path conversion of hostpubsha256 [76]
o tftp: mark protocol as not possible to do over CONNECT [25]
o tool_findfile: updated search for a file in the homedir [46]
o tool_operate: only set SSH related libcurl options for SSH URLs [11]
o tool_operate: warn if too many output arguments were found [87]
o url.c: fix the SIGPIPE comment for Curl_close [4]
o url: check ssl_config when re-use proxy connection [81]
o url: reduce ssl backend count for CURL_DISABLE_PROXY builds [96]
o urlapi: accept port number zero [34]
o urlapi: if possible, shorten given numerical IPv6 addresses [95]
o urlapi: provide more detailed return codes [36]
o urlapi: reject short file URLs [41]
o version_win32: Check build number and platform id
o vtls/rustls: adapt to the updated rustls_version proto [19]
o writeout: fix %{http_version} for HTTP/3 [7]
o x509asn1: return early on errors [67]
o zuul.d: update rustls-ffi to version 0.8.2 [5]
o zuul: fix quiche build pointing to wrong Cargo [104]
This release includes the following known bugs:
o see docs/KNOWN_BUGS (https://curl.se/docs/knownbugs.html)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
|
||
|
Adolf Belka
|
e8e2841b1d |
curl: Update to version 7.80.0
- Update from 7.79.1 to 7.80.0 - Update of rootfile - Changelog is too long to include here. This update fixes 172 bugs the details of which can be found in the CHANGES file in the source tarball. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
be52d700f1 |
curl: Update to version 7.79.1
- Update from 7.78.0 to 7.79.1
- Update of rootfile not required
- Changelog
Fixed in 7.79.1 - September 22 2021
Bugfixes:
Curl_http2_setup: don't change connection data on repeat invokes
curl_multi_fdset: make FD_SET() not operate on sockets out of range
dist: provide lib/.checksrc in the tarball
FAQ: add GOPHERS + curl works on data, not files
hsts: CURLSTS_FAIL from hsts read callback should fail transfer
hsts: handle unlimited expiry
http: fix the broken >3 digit response code detection
strerror: use sys_errlist instead of strerror on Windows
test1184: disable
tests/sshserver.pl: make it work with openssh-8.7p1
Fixed in 7.79.0 - September 15 2021
Changes:
bearssl: support CURLOPT_CAINFO_BLOB
http: consider cookies over localhost to be secure
secure transport: support CURLINFO_CERTINFO
Bugfixes:
CVE-2021-22945: clear the leftovers pointer when sending succeeds
CVE-2021-22946: do not ignore --ssl-reqd
CVE-2021-22947: reject STARTTLS server response pipelining
ares: use ares_getaddrinfo()
asyn-ares.c: move all version number checks to the top
auth: do not append zero-terminator to authorisation id in kerberos
auth: properly handle byte order in kerberos security message
auth: use sasl authzid option in kerberos
auth: we do not support a security layer after kerberos authentication
BINDINGS.md: update links to use https where available
build: fix compiler warnings
c-hyper: deal with Expect: 100-continue combined with POSTFIELDS
c-hyper: fix header value passed to debug callback
c-hyper: handle HTTP/1.1 => HTTP/1.0 downgrade on reused connection
c-hyper: initial step for 100-continue support
c-hyper: initial support for "dumping" 1xx HTTP responses
c-hyper: remove the hyper_executor_poll() loop from Curl_http
CI/cirrus: reduce compile time with increased parallism
CI: use GitHub Container Registry instead of Docker Hub
cirrus: Add FreeBSD 13.0 job and disable sanitizer build
cmake: avoid poll() on macOS
cmake: sync CURL_DISABLE options
codeql: fix error "Resource not accessible by integration"
compressed.d: it's a request, not an order
config.d: escape the backslash properly
config.d: note that curlrc is used even when --config
config: get rid of the unused HAVE_SIG_ATOMIC_T et. al.
configure.ac: revert bad nghttp2 library detection improvements
configure: error out if both ngtcp2 and quiche are specified
configure: make --disable-hsts work
configure: set classic mingw minimum OS version to XP
configure: tweak nghttp2 library name fix
connect: get local port + ip also when reusing connections
connect: remove superfluous conditional
curl-openssl.m4: check lib64 for the pkg-config file
curl-openssl.m4: show correct output for OpenSSL v3
curl.1: mention "global" flags
curl.1: provide examples for each option
curl: add warning for ignored data after quoted form parameter
curl: add warning for incompatible parameters usage
curl: better error message when -O fails to get a good name
curl: stop retry if Retry-After: is longer than allowed
curl_easy_setopt.3: improve the string copy wording
Curl_hsts_loadcb: don't attempt to load if hsts wasn't inited
curl_setup.h: sync values for HTTP_ONLY
curl_url_get.3: clarify about path and query
CURLMOPT_TIMERFUNCTION.3: remove misplaced "time"
CURLOPT_DOH_URL.3: CURLOPT_OPENSOCKETFUNCTION is not inherited
CURLOPT_SSL_CTX_*.3: tidy up the example
CURLOPT_UNIX_SOCKET_PATH.3: remove nginx reference, add see also
docs/MQTT: update state of username/password support
docs: remove experimental mentions from HSTS and MQTT
docs: the security list is reached at security at curl.se now
easy: use a custom implementation of wcsdup on Windows
examples/*hiperfifo.c: fix calloc arguments to match function proto
examples/cookie_interface: avoid printfing time_t directly
examples/cookie_interface: fix scan-build printf warning
examples/ephiperfifo.c: simplify signal handler
FAQ: add two dev related questions
getparameter: fix the --local-port number parser
happy-eyeballs-timeout-ms.d: polish the wording
hostip: Make Curl_ipv6works function independent of getaddrinfo
http2: Curl_http2_setup needs to init stream data in all invokes
http2: revert a change that broke upgrade to h2c
http2: revert call the handle-closed function correctly on closed stream
http: disallow >3-digit response codes
http: ignore content-length if any transfer-encoding is used
http_proxy: clear 'sending' when the outgoing request is sent
http_proxy: fix the User-Agent inclusion in CONNECT
http_proxy: fix user-agent and custom headers for CONNECT with hyper
http_proxy: only wait for writable socket while sending request
INTERNALS: bump c-ares requirement to 1.16.0
INTERNALS: c-ares has a new home: c-ares.org
lib: don't use strerror()
libcurl-errors.3: clarify two CURLUcode errors
limit-rate.d: clarify base unit
mailing lists: move from cool.haxx.se to lists.haxx.se
mbedtls: avoid using a large buffer on the stack
mbedTLS: initial 3.0.0 support
mbedtls_threadlock: fix unused variable warning
mksymbolsmanpage.pl: Fix showing symbol's last used version
mksymbolsmanpage.pl: match symbols case insenitively
multi: fix compiler warning with `CURL_DISABLE_WAKEUP`
ngtcp2: compile with the latest ngtcp2 and nghttp3
ngtcp2: fix build with ngtcp2 and nghttp3
ngtcp2: remove the acked_crypto_offset struct field init
ngtcp2: replace deprecated functions with nghttp3_conn_shutdown_stream_read
ngtcp2: reset the oustanding send buffer again when drained
ngtcp2: rework the return value handling of ngtcp2_conn_writev_stream
ngtcp2: stop buffering crypto data
ngtcp2: utilize crypto API functions to simplify
openssl: annotate SSL3_MT_SUPPLEMENTAL_DATA
openssl: when creating a new context, there cannot be an old one
opt-docs: make sure all man pages have examples
opt-docs: verify man page sections + order
opts docs: unify phrasing in NAME header
output.d: add method to suppress response bodies
page-header: add GOPHERS, simplify wording in the 1st para
progress: fix a compile warning on some systems
progress: make trspeed avoid floats
runtests: add option -u to error on server unexpectedly alive
schannel: Work around typo in classic mingw macro
scripts: invoke interpreters through /usr/bin/env
setopt: enable CURLOPT_IGNORE_CONTENT_LENGTH for hyper
strerror.h: remove the #include from files not using it
symbols-in-versions: fix CURLSSLBACKEND_QSOSSL last used version
test1138: remove trailing space to make work with hyper
test1173: check references to libcurl options
test1280: CRLFify the response to please hyper
test1565: fix windows build errors
test365: verify response with chunked AND Content-Length headers
tests/*server.pl: flush output before executing subprocess
tests/*server.py: remove pidfile on server termination
tests/runtests.pl: cleanup copy&paste mistakes and unused code
tests/server/*.c: align handling of portfile argument and file
tests: adjust the tftpd output to work with hyper mode
tests: be explicit about using 'python3' instead of 'python'
tests: enable test 1129 for hyper builds
tests: make three tests pass until 2037
tool/tests: fix potential year 2038 issues
tool_operate: Fix --fail-early with parallel transfers
url: fix compiler warning in no-verbose builds
urlapi.c:seturl: assert URL instead of using if-check
vtls: fix typo in schannel_verify.c
winbuild/README.md: clarify GEN_PDB option
wolfssl: clean up wolfcrypt error queue
write-out.d: clarify size_download/upload
x509asn1: fix heap over-read when parsing x509 certificates
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
|
||
|
Adolf Belka
|
bfa7865ec5 |
curl: Update to version 7.78.0
- Update from 7.77.0 to 7.78.0
- Update of rootfile not required
- Changelog
Changes:
curl_url_set: reject spaces in URLs w/o CURLU_ALLOW_SPACE
CURLE_SETOPT_OPTION_SYNTAX: new error name for wrong setopt syntax
hostip: make 'localhost' return fixed values
mbedtls: add support for cert and key blob options
metalink: remove all support for it
mqtt: add support for username and password
Bugfixes:
--socks4[a]: clarify where the host name is resolved
ares: always store IPv6 addresses first
asyn-ares: remove check for 'data' in Curl_resolver_cancel
bearssl: explicitly initialize all fields of Curl_ssl
bearssl: remove incorrect const on variable that is modified
build: fix compiler warnings when CURL_DISABLE_VERBOSE_STRINGS
c-hyper: abort CONNECT response reading early on non 2xx responses
c-hyper: add support for transfer-encoding in the request
c-hyper: bail on too long response headers
c-hyper: clear NTLM auth buffer when request is issued
c-hyper: convert HYPERE_INVALID_PEER_MESSAGE to CURLE_UNSUPPORTED_PROTOCOL
c-hyper: fix NTLM on closed connection tested with test159
c-hyper: fix the uploaded field in progress callbacks
c-hyper: handle NULL from hyper_buf_copy()
c-hyper: support CURLINFO_STARTTRANSFER_TIME
c-hyper: support CURLOPT_HEADER
ccsidcurl: fix the compile errors
CI/cirrus: install impacket from PyPI instead of FreeBSD packages
CI: add bearssl build
CI: add Circle CI
CI: add jobs using Zuul
CI: delete --enable-hsts option (it is the default now)
CI: remove travis details
cleanup: spell DoH with a lowercase o
cmake: add CURL_DISABLE_NTLM option
cmake: avoid leaking absolute paths into exported config
cmake: fix IoctlSocket FIONBIO check
cmake: fix support for UnixSockets feature on Win32
cmake: remove libssh2 feature checks
cmake: try well-known send/recv signature for Apple
configure.ac: make non-executable
configure/cmake: remove checks for many unused functions
configure: add --disable-ntlm option
configure: disable RTSP when hyper is selected
configure: do not strip out debug flags
configure: fix nghttp2 library name for static builds
configure: inhibit the implicit-fallthrough warning on gcc-12
configure: rename get-easy-option configure option to get-easy-options
conn_shutdown: if closed during CONNECT cleanup properly
conncache: lowercase the hash key for better match
cookies: track expiration in jar to optimize removals
copyright: add boiler-plate headers to CI config files
crustls: bump crustls version and use new URL
curl.h: <sys/select.h> is supported by VxWorks7
curl.h: include sys/select.h for NuttX RTOS
curl: ignore blank --output-dir
curl_endian: remove the unused Curl_write64_le function
curl_multibyte: Remove local encoding fallbacks
Curl_ntlm_core_mk_nt_hash: fix OOM in error path
Curl_ssl_getsessionid: fail if no session cache exists
CURLOPT_WRITEFUNCTION.3: minor update of the example
docs/BINDINGS: fix outdated links
docs/examples: use curl_multi_poll() in multi examples
docs/INSTALL: remove mentions of configure --with-darwin-ssl
docs: document missing arguments to commands
docs: fix inconsistencies in EGDSOCKET documentation
docs: fix incorrect argument name reference
docs: Fix typos
docs: make docs for --etag-save match the program behaviour
docs: use --max-redirs instead of --max-redir
doh: (void)-prefix call to curl_easy_setopt
doh: fix wrong DEBUGASSERT for doh private_data
easy: during upkeep, attach Curl_easy to connections in the cache
examples/multi-single: fix scan-build warning
examples: length-limit two sscanf() uses of %s
examples: safer and more proper read callback logic
filecheck: quietly remove test-place/*~
formdata: avoid "Argument cannot be negative" warning
formdata: correct typecast in curl_mime_data call
GHA: add a linux-hyper job
GHA: add several libcurl tests to the hyper job
GHA: run the newly fixed tests with hyper
github: timeout jobs on macOS after 90 minutes
glob: pass an 'int' as len when using printf's %*s
gnutls: set the preferred TLS versions in correct order
GOVERNANCE: add 'user', 'committer' and 'contributor'
hostip: (macOS) free returned memory of SCDynamicStoreCopyProxies
hostip: bad CURLOPT_RESOLVE syntax now returns error
hsts: ignore numberical IP address hosts
HSTS: not experimental anymore
http2: clarify 'Using HTTP2' verbose message
http2: init recvbuf struct for pushed streams
http2_connisdead: handle trailing GOAWAY better
http: fix crash in rate-limited upload
http: make the haproxy support work with unix domain sockets
http_proxy: deal with non-200 CONNECT response with Hyper
hyper: propagate errors back up from read callbacks
HYPER: remove mentions of deprecated development branch
idn: fix libidn2 with windows unicode builds
infof: remove newline from format strings, always append it
lib: don't compare fd to FD_SETSIZE when using poll
lib: fix compiler warnings with CURL_DISABLE_NETRC
lib: fix type of len passed to *printf's %*s
lib: more %u for port and int for %*s fixes
lib: use %u instead of %ld for port number printf
libcurl-security.3: mention file descriptors and forks
libssh2: limit time a disconnect can take to 1 second
mbedtls: make mbedtls_strerror always work
mbedtls: Remove unnecessary include
mqtt: detect illegal and too large file size
mqtt: extend the error message for no topic
msnprintf: return number of printed characters excluding null byte
multi: add scan-build-6 work-around in curl_multi_fdset
multi: alter transfer timeout ordering
multi: do not switch off connect_only flag when closing
multi: fix crash in curl_multi_wait / curl_multi_poll
netrc: skip 'macdef' definitions
ngtcp2: disable TLSv1.3 compatible mode when using GnuTLS
openssl: avoid static variable for seed flag
openssl: don't remove session id entry in disassociate
pinnedpubkey.d: fix formatting for version support lists
proto.d: fix formatting for paragraphs after margin changes
quiche: use send() instead of sendto() to avoid macOS issue
Revert "c-hyper: handle body on HYPER_TASK_EMPTY"
Revert "ftp: Expression 'ftpc->wait_data_conn' is always false"
runtests: also find the last test in Makefile.inc
runtests: enable 'hyper mode' only for HTTP tests
runtests: init $VERSION to avoid warnings when using -l
runtests: parse data/Makefile.inc instead of using make
runtests: skip disabled tests unless -f is used
rustls: remove native_roots fallback
schannel: set ALPN length correctly for HTTP/2
SChannel: Use '_tcsncmp()' instead
sectransp: check for client certs by name first, then file
setopt: fix incorrect comments
socketpair: fix potential hangs
socks4: scan for the IPv4 address in resolve results
ssl: read pending close notify alert before closing the connection
sws: malloc request struct instead of using stack
telnet: fix option parser to not send uninitialized contents
test1116: hyper doesn't pass through "surprise-trailers"
test1147: hyper doesn't allow "crazy" request headers like built-in
test1151: added missing CRLF to work with hyper
test1216: adjusted for hyper mode
test1218: adjusted for hyper mode
test1230: adjust to work in hyper mode
test1340/1341: adjusted for hyper mode
test1438/1457: add HTTP keyword to make hyper mode work
test1514: add a CRLF to the response to make it correct
test1518: adjusted to work with hyper
test1519: adjusted to work with hyper
test1594/1595/1596: fix to work in hyper mode
test269: disable for hyper
test3010: work with hyper mode
test328: avoid a header-looking body to make hyper mode work
test339: CRLFify better to work in hyper mode
test347: CRLFify to work in hyper mode
test393: make Content-Length fit within 64 bit for hyper
test394: hyper returns a different error
test395: hyper cannot work around > 64 bit content-lengths like built-in
test433: adjust for hyper mode
test434: add HTTP keyword
test500: adjust to work with hyper mode
test566: adjust to work with hyper mode
test599: adjusted to work in hyper mode
test644: remove as duplicate of test 587
tests: fix Accept-Encoding strips to work with Hyper builds
TLS: prevent shutdown loops to get stuck
tool: make _lseeki64() macro work with the PellesC compiler
tool_help: document that --tlspassword takes a password
tool_help: remove unused define
url.c: remove two variable assigns that are never read
url: (void)-prefix a curl_url_get() call
url: bad CURLOPT_CONNECT_TO syntax now returns error
version: turn version number functions into returning void
vtls: exit addsessionid if no cache is inited
vtls: fix connection reuse checks for issuer cert and case sensitivity
vtls: only store TIMER_APPCONNECT for non-proxy connect
vtls: use free() not curl_free()
warnless: simplify type size handling
Win32: fix build with Watt-32
winbuild/README: VC should be set to 6 'or larger'
winbuild: support alternate nghttp2 static lib name
wolfssl: failing to set a session id is not reason to error out
write-out.d: clarify urlnum is not unique for de-globbed URLs
zuul: use the new rustls directory name
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
|
||
|
Adolf Belka
|
abcabf673e |
curl: Update to 7.77.0
- Update from 7.76.1 to 7.77.0 - Update rootfile - Changelog is too large to include here. It can be accesed at https://curl.se/changes.html There are 5 changes and 133 bug fixes of which 3 are related to CVE's Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
d5b6dfba96 |
curl: Update to 7.76.1
- Update from 7.75.0 to 7.76.1 - Update of rootfile - Changelog is too large to include here. Full details can be found in the CHANGES file in the source tarball Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
Matthias Fischer
|
2e4321c1f4 |
curl: Update to 7.75
For details see: https://curl.se/changes.html Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Peter Müller
|
a30f94ac4a |
curl: update to 7.73.0
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
Erik Kapfer
|
0d1054abc9 |
curl: Update to version 7.71.1
Several bugfixes and vulnerabilities has been fixed since the current available version 7.64.0 . For a full overview, the changelog is located in here --> https://curl.haxx.se/changes.html, a security problem overview in here --> https://curl.haxx.se/docs/security.html . Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Matthias Fischer
|
d5b7f82a40 |
curl: Update to 7.64.0
Hi, For details see: https://curl.haxx.se/changes.html This came rather unexpected - if I'd known, I'd have waited with 7.63.0. "Changes: cookies: leave secure cookies alone hostip: support wildcard hosts http: Implement trailing headers for chunked transfers http: added options for allowing HTTP/0.9 responses timeval: Use high resolution timestamps on Windows Bugfixes: CVE-2018-16890: NTLM type-2 out-of-bounds buffer read CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow CVE-2019-3823: SMTP end-of-response out-of-bounds read FAQ: remove mention of sourceforge for github OS400: handle memory error in list conversion OS400: upgrade ILE/RPG binding. README: add codacy code quality badge Revert http_negotiate: do not close connection THANKS: added several missing names from year <= 2000 build: make 'tidy' target work for metalink builds cmake: added checks for variadic macros cmake: updated check for HAVE_POLL_FINE to match autotools cmake: use lowercase for function name like the rest of the code configure: detect xlclang separately from clang configure: fix recv/send/select detection on Android configure: rewrite --enable-code-coverage conncache_unlock: avoid indirection by changing input argument type cookie: fix comment typo cookies: allow secure override when done over HTTPS cookies: extend domain checks to non psl builds cookies: skip custom cookies when redirecting cross-site curl --xattr: strip credentials from any URL that is stored curl -J: refuse to append to the destination file curl/urlapi.h: include "curl.h" first curl_multi_remove_handle() don't block terminating c-ares requests darwinssl: accept setting max-tls with default min-tls disconnect: separate connections and easy handles better disconnect: set conn->data for protocol disconnect docs/version.d: mention MultiSSL docs: fix the --tls-max description docs: use $(INSTALL_DATA) to install man page docs: use meaningless port number in CURLOPT_LOCALPORT example gopher: always include the entire gopher-path in request http2: clear pause stream id if it gets closed if2ip: remove unused function Curl_if_is_interface_name libssh: do not let libssh create socket libssh: enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION for libssh libssh: free sftp_canonicalize_path() data correctly libtest/stub_gssapi: use "real" snprintf mbedtls: use VERIFYHOST multi: multiplexing improvements multi: set the EXPIRE_*TIMEOUT timers at TIMER_STARTSINGLE time ntlm: fix NTMLv2 compliance ntlm_sspi: add support for channel binding openssl: adapt to 3.0.0, OpenSSL_version_num() is deprecated openssl: fix the SSL_get_tlsext_status_ocsp_resp call openvms: fix OpenSSL discovery on VAX openvms: fix typos in documentation os400: add a missing closing bracket os400: fix extra parameter syntax error pingpong: change default response timeout to 120 seconds pingpong: ignore regular timeout in disconnect phase printf: fix format specifiers runtests.pl: Fix perl call to include srcdir schannel: fix compiler warning schannel: preserve original certificate path parameter schannel: stop calling it "winssl" sigpipe: if mbedTLS is used, ignore SIGPIPE smb: fix incorrect path in request if connection reused ssh: log the libssh2 error message when ssh session startup fails test1558: verify CURLINFO_PROTOCOL on file:// transfer test1561: improve test name test1653: make it survive torture tests tests: allow tests to pass by 2037-02-12 tests: move objnames-* from lib into tests timediff: fix math for unsigned time_t timeval: Disable MSVC Analyzer GetTickCount warning tool_cb_prg: avoid integer overflow travis: added cmake build for osx urlapi: Fix port parsing of eol colon urlapi: distinguish possibly empty query urlapi: fix parsing ipv6 with zone index urldata: rename easy_conn to just conn winbuild: conditionally use /DZLIB_WINAPI wolfssl: fix memory-leak in threaded use spnego_sspi: add support for channel binding" Best, Matthias Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Matthias Fischer
|
d2b7811b15 |
curl: Update to 7.63.0
For details see: https://curl.haxx.se/changes.html Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
Peter Müller
|
eee037b890 |
update disclaimer in LFS files
Most of these files still used old dates and/or domain names for contact mail addresses. This is now replaced by an up-to-date copyright line. Just some housekeeping... :-) Signed-off-by: Peter Müller <peter.mueller@link38.eu> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Michael Tremer
|
4d888e6854 |
curl: Drop old compatibility symlink
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Peter Müller
|
dd48a7aac8 |
curl: update to 7.59.0
Update curl to 7.59.0 which fixes a number of bugs and some minor security issues. Signed-off-by: Peter Müller <peter.mueller@link38.eu> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
Marcel Lorenz
|
2a53bafffe |
curl: update to 7.49.1
https://curl.haxx.se/changes.html#7_49_1 Signed-off-by: Marcel Lorenz <marcel.lorenz@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
Sascha Kilian
|
cd4ca08231 |
Update: curl to 7.48.0
Signed-off-by: Sascha Kilian <sascha@sakisoft.de> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Michael Tremer
|
54206b6e35 |
curl: Fix certificate validation
curl did not find the certificate bundle so that server certificates could not be verified. Fixes #10995 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
Matthias Fischer
|
bdb1c52534 | curl: Update to 7.43.0 | ||
|
Matthias Fischer
|
6a71b0b013 | curl: Update to 7.40.0 | ||
|
Michael Tremer
|
f8c079150e |
curl: Update to 7.31.0.
Disable IPv6 in order to avoid that AAAA record resolution which may kill squidclamav. |
||
|
Michael Tremer
|
68053bcc1d |
curl: Update to 7.29.0.
Security fix for http://curl.haxx.se/docs/adv_20130206.html. |
||
Erik Kapfer
|
cd1da6ff45 | curl: Update to 7.24.0. | ||
Arne Fitzenreiter
|
a60b61eecb | Updated curl to 7.19.5 | ||
|
Arne Fitzenreiter
|
1772cfdee0 | Add curl symlink to made old binaries use new lib | ||
|
Arne Fitzenreiter
|
a35863c5df | Upgraded curl to current stable and add it to core28 | ||
ms
|
70df830214 |
Ein Paar Dateien fuer die GPLv3 angepasst.
git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@853 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8 |
||
|
ms
|
eac942d9e2 |
Nochma nen anderen Torrent-Client versuchen...
git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@650 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8 |