webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00
Code Issues Packages Projects Releases Wiki Activity
19,829 Commits 2 Branches 1 Tag
11f6226f6553e893c4b3530c0ce193f13485f46d
Commit Graph

34 Commits

Author SHA1 Message Date
Adolf Belka
8cb2214c3a curl: Update to version 7.86.0 
- Update from version 7.84.0 to 7.86.0
- Update of rootfile
- curl-7.84.0-easy_lock_h_include_sched_h_if_available_to_fix_build.patch removed as this
   is now built into the source tarball version
- Changelog - is too large to inclkude here. The details can be found in the RELEASE_NOTES
   file in the source tarballs.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-11-25 11:55:48 +00:00
Peter Müller
3890da81da curl: Fix build on armv6l 
https://github.com/curl/curl/pull/9054

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-09-15 19:36:29 +00:00
Adolf Belka
a0cd3eb0f0 curl: Update to version 7.84.0 
- Update from version 7.83.1 to 7.84.0
- Update of rootfile
- Changelog
	7.84.0 - June 27 2022
	 Changes:
	    curl: add --rate to set max request rate per time unit
	    curl: deprecate --random-file and --egd-file
	    curl_version_info: add CURL_VERSION_THREADSAFE
	    CURLINFO_CAPATH/CAINFO: get the default CA paths from libcurl
	    lib: make curl_global_init() threadsafe when possible
	    libssh2: add CURLOPT_SSH_HOSTKEYFUNCTION
	    opts: deprecate RANDOM_FILE and EGDSOCKET
	    socks: support unix sockets for socks proxy
	Bugfixes:
	    aws-sigv4: fix potentional NULL pointer arithmetic
	    bindlocal: don't use a random port if port number would wrap
	    c-hyper: mark status line as status for Curl_client_write()
	    ci: avoid `cmake -Hpath`
	    CI: bump FreeBSD 13.0 to 13.1
	    ci: update github actions
	    cmake: add libpsl support
	    cmake: do not add libcurl.rc to the static libcurl library
	    cmake: enable curl.rc for all Windows targets
	    cmake: fix detecting libidn2
	    cmake: support adding a suffix to the OS value
	    configure: skip libidn2 detection when winidn is used
	    configure: use the SED value to invoke sed
	    configure: warn about rustls being experimental
	    content_encoding: return error on too many compression steps
	    cookie: address secure domain overlay
	    cookie: apply limits
	    copyright.pl: parse and use .reuse/dep5 for skips
	    copyright: make repository REUSE compliant
	    curl.1: add a few see also --tls-max
	    curl.1: mention exit code zero too
	    curl: re-enable --no-remote-name
	    curl_easy_pause.3: remove explanation of progress function
	    curl_getdate.3: document that some illegal dates pass through
	    Curl_parsenetrc: don't access local pwbuf outside of scope
	    curl_url_set.3: clarify by default using known schemes only
	    CURLOPT_ALTSVC.3: document the file format
	    CURLOPT_FILETIME.3: fix the protocols this works with
	    CURLOPT_HTTPHEADER.3: improve comment in example
	    CURLOPT_NETRC.3: document the .netrc file format
	    CURLOPT_PORT.3: We discourage using this option
	    CURLOPT_RANGE.3: remove ranged upload advice
	    digest: added detection of more syntax error in server headers
	    digest: tolerate missing "realm"
	    digest: unquote realm and nonce before processing
	    DISABLED: disable 1021 for hyper again
	    docs/cmdline-opts: add copyright and license identifier to each file
	    docs/CONTRIBUTE.md: document the 'needs-votes' concept
	    docs: clarify data replacement policy for MIME API
	    doh: remove UNITTEST macro definition
	    examples/crawler.c: use the curl license
	    examples: remove fopen.c and rtsp.c
	    FAQ: Clarify Windows double quote usage
	    fopen: add Curl_fopen() for better overwriting of files
	    ftp: restore protocol state after http proxy CONNECT
	    ftp: when failing to do a secure GSSAPI login, fail hard
	    GHA/hyper: enable debug in the build
	    gssapi: improve handling of errors from gss_display_status
	    gssapi: initialize gss_buffer_desc strings
	    headers api: remove EXPERIMENTAL tag
	    http2: always debug print stream id in decimal with %u
	    http2: reject overly many push-promise headers
	    http: restore header folding behavior
	    hyper: use 'alt-used'
	    krb5: return error properly on decode errors
	    lib: make more protocol specific struct fields #ifdefed
	    libcurl-security.3: add "Secrets in memory"
	    libcurl-security.3: document CRLF header injection
	    libssh: skip the fake-close when libssh does the right thing
	    links: update dead links to the curl-wiki
	    log2changes: do not indent empty lines [ci skip]
	    macos9: remove partial support
	    Makefile.am: fix portability issues
	    Makefile.m32: delete obsolete options, improve -On [ci skip]
	    Makefile.m32: delete two obsolete OpenSSL options [ci skip]
	    Makefile.m32: stop forcing XP target with ipv6 enabled [ci skip]
	    max-time.d: clarify max-time sets max transfer time
	    mprintf: ignore clang non-literal format string
	    netrc: check %USERPROFILE% as well on Windows
	    netrc: support quoted strings
	    ngtcp2: allow curl to send larger UDP datagrams
	    ngtcp2: correct use of ngtcp2 and nghttp3 signed integer types
	    ngtcp2: enable Linux GSO
	    ngtcp2: extend QUIC transport parameters buffer
	    ngtcp2: fix alert_read_func return value
	    ngtcp2: fix typo in preprocessor condition
	    ngtcp2: handle error from ngtcp2_conn_submit_crypto_data
	    ngtcp2: send appropriate connection close error code
	    ngtcp2: support boringssl crypto backend
	    ngtcp2: use helper funcs to simplify TLS handshake integration
	    ntlm: provide a fixed fake host name
	    projects: fix third-party SSL library build paths for Visual Studio
	    quic: add Curl_quic_idle
	    quiche: support ca-fallback
	    rand: stop detecting /dev/urandom in cross-builds
	    remote-name.d: mention --output-dir
	    runtests.pl: add the --repeat parameter to the --help output
	    runtests: fix skipping tests not done event-based
	    runtests: skip starting the ssh server if user name is lacking
	    scripts/copyright.pl: fix the exclusion to not ignore man pages
	    sectransp: check for a function defined when __BLOCKS__ is undefined
	    select: return error from "lethal" poll/select errors
	    server/sws: support spaces in the HTTP request path
	    speed-limit/time.d: mention these affect transfers in either direction
	    strcase: some optimisations
	    test 2081: add a valid reply for the second request
	    test 675: add missing CR so the test passes when run through Privoxy
	    test414: add the '--resolve' keyword
	    test681: verify --no-remote-name
	    tests 266, 116 and 1540: add a small write delay
	    tests/data/test1501: kill ftp server after slow LIST response
	    tests/getpart: fix getpartattr to work with "data" and "data2"
	    tests/server/sws.c: change the HTTP writedelay unit to milliseconds
	    test{440,441,493,977}: add "HTTP proxy" keywords
	    tool_getparam: fix --parallel-max maximum value constraint
	    tool_operate: make sure --fail-with-body works with --retry
	    transfer: fix potential NULL pointer dereference
	    transfer: maintain --path-as-is after redirects
	    transfer: upload performance; avoid tiny send
	    url: free old conn better on reuse
	    url: remove redundant #ifdefs in allocate_conn()
	    url: URL encode the path when extracted, if spaces were set
	    urlapi: make curl_url_set(url, CURLUPART_URL, NULL, 0) clear all parts
	    urlapi: support CURLU_URLENCODE for curl_url_get()
	    urldata: reduce size of a few struct fields
	    urldata: remove three unused booleans from struct UserDefined
	    urldata: store tcp_keepidle and tcp_keepintvl as ints
	    version: allow stricmp() for sorting the feature list
	    vtls: make curl_global_sslset thread-safe
	    wolfssh.h: removed
	    wolfssl: correct the failf() message when a handle can't be made
	    wolfSSL: explicitly use compatibility layer
	    x509asn1: mark msnprintf return as unchecked

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
 2022-09-11 08:50:39 +00:00
Adolf Belka
247d9e685e curl: Update to version 7.83.1 
- Update from version 7.83.0 to 7.83.1
- Update of rootfile not required
- Changelog
   version 7.83.1
    This release includes the following bugfixes:
	 o altsvc: fix host name matching for trailing dots [31]
	 o cirrus: Update to FreeBSD 12.3 [24]
	 o cirrus: Use pip for Python packages on FreeBSD [23]
	 o conn: fix typo 'connnection' -> 'connection' in two function names [1]
	 o cookies: make bad_domain() not consider a trailing dot fine [26]
	 o curl: free resource in error path [3]
	 o curl: guard against size_t wraparound in no-clobber code [4]
	 o CURLOPT_DOH_URL.3: mention the known bug [19]
	 o CURLOPT_HSTS*FUNCTION.3: document the involved structs as well [20]
	 o CURLOPT_SSH_AUTH_TYPES.3: fix the default [18]
	 o data/test376: set a proper name
	 o GHA/mbedtls: enabled nghttp2 in the build [11]
	 o gha: build msh3 [5]
	 o gskit: fixed bogus setsockopt calls [17]
	 o gskit: remove unused function set_callback [2]
	 o hsts: ignore trailing dots when comparing hosts names [28]
	 o HTTP-COOKIES: add missing CURLOPT_COOKIESESSION [40]
	 o http: move Curl_allow_auth_to_host() [9]
	 o http_proxy/hyper: handle closed connections [34]
	 o hyper: fix test 357 [32]
	 o Makefile: fix "make ca-firefox" [37]
	 o mbedtls: bail out if rng init fails [14]
	 o mbedtls: fix compile when h2-enabled [12]
	 o mbedtls: fix some error messages
	 o misc: use "autoreconf -fi" instead buildconf [22]
	 o msh3: get msh3 version from MsH3Version [6]
	 o msh3: print boolean value as text representation [10]
	 o msh3: psss remote_port to MsH3ConnectionOpen [7]
	 o ngtcp2: add ca-fallback support for OpenSSL backend [35]
	 o nss: return error if seemingly stuck in a cert loop [30]
	 o openssl: define HAVE_SSL_CTX_SET_EC_CURVES for libressl [8]
	 o post_per_transfer: remove the updated file name [27]
	 o sectransp: bail out if SSLSetPeerDomainName fails [33]
	 o tests/server: declare variable 'reqlogfile' static [39]
	 o tests: fix markdown formatting in README [38]
	 o test{898,974,976}: add 'HTTP proxy' keywords [16]
	 o tls: check more TLS details for connection reuse [25]
	 o url: check SSH config match on connection reuse [21]
	 o urlapi: address (harmless) UndefinedBehavior sanitizer warning [15]
	 o urlapi: reject percent-decoding host name into separator bytes [29]
	 o x509asn1: make do_pubkey handle EC public keys [13]

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
 2022-05-30 19:10:46 +00:00
Adolf Belka
f61ced49e9 curl: Update to version 7.83.0 
- Update from 7.82.0 to 7.83.0
- Update of rootfile
- Changelog
   7.83.0
     Changes:
	 o curl: add %header{name} experimental support in -w handling
	 o curl: add %{header_json} experimental support in -w handling
	 o curl: add --no-clobber [28]
	 o curl: add --remove-on-error [11]
	 o header api: add curl_easy_header and curl_easy_nextheader [56]
	 o msh3: add support for QUIC and HTTP/3 using msh3 [84]
     Bugfixes:
	 o appveyor: add Cygwin build [77]
	 o appveyor: only add MSYS2 to PATH where required [78]
	 o BearSSL: add CURLOPT_SSL_CIPHER_LIST support [27]
	 o BearSSL: add CURLOPT_SSL_CTX_FUNCTION support [26]
	 o BINDINGS.md: add Hollywood binding [34]
	 o CI: Do not use buildconf. Instead, just use: autoreconf -fi [42]
	 o CI: install Python package impacket to run SMB test 1451 [5]
	 o configure.ac: move -pthread CFLAGS setting back where it used to be [14]
	 o configure: bump the copyright year range int the generated output
	 o conncache: include the zone id in the "bundle" hashkey [112]
	 o connecache: remove duplicate connc->closure_handle check [90]
	 o connect: make Curl_getconnectinfo work with conn cache from share handle [22]
	 o connect: use TCP_KEEPALIVE only if TCP_KEEPIDLE is not defined [6]
	 o cookie.d: clarify when cookies are sent
	 o cookies: improve errorhandling for reading cookiefile [123]
	 o curl/system.h: update ifdef condition for MCST-LCC compiler [4]
	 o curl: error out if -T and -d are used for the same URL [99]
	 o curl: error out when options need features not present in libcurl [18]
	 o curl: escape '?' in generated --libcurl code [117]
	 o curl: fix segmentation fault for empty output file names. [60]
	 o curl_easy_header: fix typos in documentation [74]
	 o CURLINFO_PRIMARY_PORT.3: clarify which port this is [126]
	 o CURLOPT*TLSAUTH.3: they only work with OpenSSL or GnuTLS [105]
	 o CURLOPT_DISALLOW_USERNAME_IN_URL.3: use uppercase URL
	 o CURLOPT_PREQUOTE.3: only works for FTP file transfers, not dirs [79]
	 o CURLOPT_PROGRESSFUNCTION.3: fix typo in example [63]
	 o CURLOPT_UNRESTRICTED_AUTH.3: extended explanation [127]
	 o CURLSHOPT_UNLOCKFUNC.3: fix the callback prototype [9]
	 o docs/HYPER.md: updated to reflect current hyper build needs
	 o docs/opts: Mention Schannel client cert type is P12 [50]
	 o docs: Fix missing semicolon in example code [102]
	 o docs: lots of minor language polish [51]
	 o English: use American spelling consistently [95]
	 o fail.d: tweak the description [101]
	 o firefox-db2pem.sh: make the shell script safer [47]
	 o ftp: fix error message for partial file upload [61]
	 o gen.pl: change wording for mutexed options [98]
	 o GHA: add openssl3 jobs moved over from zuul [88]
	 o GHA: build hyper with nightly rustc [7]
	 o GHA: move bearssl jobs over from zuul [85]
	 o gha: move the event-based test over from Zuul [59]
	 o gtls: fix build for disabled TLS-SRP [48]
	 o http2: handle DONE called for the paused stream [69]
	 o http2: RST the stream if we stop it on our own will [67]
	 o http: avoid auth/cookie on redirects same host diff port [110]
	 o http: close the stream (not connection) on time condition abort [68]
	 o http: reject header contents with nul bytes [41]
	 o http: return error on colon-less HTTP headers [31]
	 o http: streamclose "already downloaded" [57]
	 o hyper: fix status_line() return code [13]
	 o hyper: fix tests 580 and 581 for hyper [107]
	 o hyper: no h2c support [33]
	 o infof: consistent capitalization of warning messages [103]
	 o ipv4/6.d: clarify that they are about using IP addresses [3]
	 o json.d: fix typo (overriden -> overridden) [24]
	 o keepalive-time.d: It takes many probes to detect brokenness [29]
	 o lib/warnless.[ch]: only check for WIN32 and ignore _WIN32 [45]
	 o lib670: avoid double check result [71]
	 o lib: #ifdef on USE_HTTP2 better [65]
	 o lib: fix some misuse of curlx_convert_wchar_to_UTF8 [38]
	 o lib: remove exclamation marks [100]
	 o libssh2: compare sha256 strings case sensitively [114]
	 o libssh2: make the md5 comparison fail if wrong length [111]
	 o libssh: fix build with old libssh versions [12]
	 o libssh: fix double close [124]
	 o libssh: Improve fix for missing SSH_S_ stat macros [10]
	 o libssh: unstick SFTP transfers when done event-based [58]
	 o macos: set .plist version in autoconf [122]
	 o mbedtls: remove 'protocols' array from backend when ALPN is not used [66]
	 o mbedtls: remove server_fd from backend [91]
	 o mk-ca-bundle.pl: Use stricter logic to process the certificates [39]
	 o mk-ca-bundle.vbs: delete this script in favor of mk-ca-bundle.pl [8]
	 o mlc_config.json: add file to ignore known troublesome URLs [35]
	 o mqtt: better handling of TCP disconnect mid-message [55]
	 o ngtcp2: add client certificate authentication for OpenSSL [15]
	 o ngtcp2: avoid busy loop in low CWND situation [119]
	 o ngtcp2: deal with sub-millisecond timeout [116]
	 o ngtcp2: disconnect the QUIC connection proper [19]
	 o ngtcp2: enlarge H3_SEND_SIZE [82]
	 o ngtcp2: fix HTTP/3 upload stall and avoid busy loop [83]
	 o ngtcp2: fix memory leak [80]
	 o ngtcp2: fix QUIC_IDLE_TIMEOUT [94]
	 o ngtcp2: make curl 1ms faster [93]
	 o ngtcp2: remove remote_addr which is not used in a meaningful way [81]
	 o ngtcp2: update to work after recent ngtcp2 updates [62]
	 o ngtcp2: use token when detecting :status header field [92]
	 o nonblock: restore setsockopt method to curlx_nonblock [20]
	 o openssl: check SSL_get_peer_cert_chain return value [1]
	 o openssl: enable CURLOPT_SSL_EC_CURVES with BoringSSL [23]
	 o openssl: fix CN check error code [21]
	 o options: remove mistaken space before paren in prototype
	 o perl: removed a double semicolon at end of line [64]
	 o pop3/smtp: return *WEIRD_SERVER_REPLY when not understood [43]
	 o projects/README: converted to markdown [76]
	 o projects: Update VC version names for VS2017, VS2022 [52]
	 o rtsp: don't let CSeq error override earlier errors [37]
	 o runtests: add 'bearssl' as testable feature [87]
	 o runtests: make 'oldlibssh' be before 0.9.4 [2]
	 o schannel: remove dead code that will never run [89]
	 o scripts/copyright.pl: ignore the new mlc_config.json file
	 o scripts: move three scripts from lib/ to scripts/ [44]
	 o test1135: sync with recent API updates [54]
	 o test1459: disable for oldlibssh [53]
	 o test375: fix line endings on Windows [40]
	 o test386: Fix an incorrect test markup tag
	 o test718: edited slightly to return better HTTP [32]
	 o tests/server/util.h: align WIN32 condition with util.c [46]
	 o tests: refactor server/socksd.c to support --unix-socket [96]
	 o timediff.[ch]: add curlx helper functions for timeval conversions [86]
	 o tls: make mbedtls and NSS check for h2, not nghttp2 [70]
	 o tool and tests: force flush of all buffers at end of program [17]
	 o tool_cb_hdr: Turn the Location: into a terminal hyperlink [30]
	 o tool_getparam: error out on missing -K file [115]
	 o tool_listhelp.c: uppercase URL
	 o tool_operate: fix a scan-build warning [16]
	 o tool_paramhlp: use feof(3) to identify EOF correctly when using fread(3) [97]
	 o transfer: redirects to other protocols or ports clear auth [109]
	 o unit1620: call global_init before calling Curl_open [125]
	 o url: check sasl additional parameters for connection reuse. [113]
	 o vtls: provide a unified APLN-disagree string for all backends [75]
	 o vtls: use a backend standard message for "ALPN: offers %s" [73]
	 o vtls: use a generic "ALPN, server accepted" message [72]
	 o winbuild/README.md: fixup dead link [36]
	 o winbuild: Add a Visual Studio example to the README [49]
	 o wolfssl: fix compiler error without IPv6 [25]

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
 2022-05-01 08:35:05 +00:00
Adolf Belka
ae4451a4c8 curl: Update to version 7.82.0 
- Update from 7.81.0 to 7.82.0
- Update of rootfile not required
- Changelog
    Versionl 7.82.0
      This release includes the following changes:
	 o curl: add --json [67]
	 o mesalink: remove support [23]
      This release includes the following bugfixes:
	 o appveyor: update images from VS 2019 to 2022
	 o appveyor: use VS 2017 image for the autotools builds
	 o azure-pipelines: add a build on Windows with libssh [154]
	 o bearssl: fix connect error on expired cert and no verify [132]
	 o bearssl: fix EXC_BAD_ACCESS on incomplete CA cert [131]
	 o bearssl: fix session resumption (session id) [133]
	 o build: enable -Warith-conversion
	 o build: fix -Wenum-conversion handling
	 o build: fix ngtcp2 crypto library detection [63]
	 o checkprefix: remove strlen calls [128]
	 o checksrc: fix typo in comment [34]
	 o CI: move 'distcheck' job from zuul to azure pipelines [60]
	 o CI: move scan-build job from Zuul to Azure Pipelines [59]
	 o CI: move the NSS job from zuul to GHA [84]
	 o ci: move the OpenSSL + c-ares job from Zuul to Circle CI [75]
	 o CI: move the rustls CI job to GHA from Zuul [8]
	 o CI: move two jobs from Zuul to Circle CI [73]
	 o CI: test building wolfssl with --enable-opensslextra [42]
	 o CI: workflows/wolfssl: install impacket [47]
	 o circleci: add a job using libssh [121]
	 o cirlceci: also run a c-ares job on arm with debug enabled [74]
	 o cmake: fix iOS CMake project generation error [13]
	 o cmdline-opts/gen.pl: fix option matching to improve references [50]
	 o config.d: Clarify _curlrc filename is still valid on Windows [95]
	 o configure.ac: use user-specified gssapi dir when using pkg-config [136]
	 o configure: change output for cross-compiled alt-svc support [140]
	 o configure: fix '--enable-code-coverage' typo [110]
	 o configure: remove support for "embedded ares" [82]
	 o configure: requires --with-nss-deprecated to build with NSS [114]
	 o configure: set CURL_LIBRARY_PATH for nghttp2 [58]
	 o configure: support specification of a nghttp2 library path [101]
	 o configure: use correct CFLAGS for threaded resolver with xlC on AIX [54]
	 o curl tool: erase some more sensitive command line arguments [22]
	 o curl-functions.m4: fix LIBRARY_PATH adjustment to avoid eval [5]
	 o curl-functions.m4: revert DYLD_LIBRARY_PATH tricks in CURL_RUN_IFELSE [9]
	 o curl-openssl: fix SRP check for OpenSSL 3.0 [86]
	 o curl-openssl: remove the OpenSSL headers and library versions check [35]
	 o curl.h: fix typo [129]
	 o curl: remove "separators" (when using globbed URLs) [32]
	 o curl_getdate.3: remove pointless .PP line [68]
	 o curl_multi_socket.3: remove callback and typical usage descriptions [7]
	 o curl_url_set.3: mention when CURLU_ALLOW_SPACE was added
	 o CURLMOPT_TIMERFUNCTION/DATA.3: fix the examples [27]
	 o CURLOPT_PROGRESSFUNCTION.3: fix example struct assignment [147]
	 o CURLOPT_RESOLVE.3: change example port to 443
	 o CURLOPT_XFERINFOFUNCTION.3: fix example struct assignment [153]
	 o CURLOPT_XFERINFOFUNCTION.3: fix typo in example [81]
	 o CURLSHOPT_LOCKFUNC.3: fix typo "relased" -> "released" [71]
	 o des: fix compile break for OpenSSL without DES [141]
	 o docs/cmdline-opts: add "mutexed" options for more http versions [25]
	 o docs/DEPRECATE: remove NPN support in August 2022 [64]
	 o docs: capitalize the name 'Netscape' [77]
	 o docs: document HTTP/2 not insisting on TLS 1.2 [49]
	 o docs: fix mandoc -T lint formatting complaints [2]
	 o docs: update IETF links to use datatracker [41]
	 o examples/curlx: support building with OpenSSL 1.1.0+ [148]
	 o examples/multi-app.c: call curl_multi_remove_handle as well [19]
	 o formdata: avoid size_t => long typecast overflows [37]
	 o ftp: provide error message for control bytes in path [66]
	 o gen.pl: terminate "example" sections better [4]
	 o gha: add a macOS CI job with libssh [142]
	 o gskit: Convert to using Curl_poll [111]
	 o gskit: Fix errors from Curl_strerror refactor [113]
	 o gskit: Fix initialization of Curl_ssl_gskit struct [112]
	 o h2/h3: allow CURLOPT_HTTPHEADER change ":scheme" [88]
	 o hostcheck: fixed to not touch used input strings [38]
	 o hostcheck: reduce strlen calls on chained certificates [92]
	 o hostip: avoid unused parameter error in Curl_resolv_check [144]
	 o http2: move two infof calls to debug-h2-only [145]
	 o http: make Curl_compareheader() take string length arguments too [87]
	 o if2ip: make Curl_ipv6_scope a blank macro when IPv6-disabled [104]
	 o KNOWN_BUGS: fix typo "libpsl"
	 o ldap: return CURLE_URL_MALFORMAT for bad URL [24]
	 o lib: remove support for CURL_DOES_CONVERSIONS [96]
	 o libssh2: don't typecast socket to int for libssh2_session_handshake [151]
	 o libssh: fix include files and defines use for Windows builds [156]
	 o Makefile.am: Generate VS 2022 projects
	 o maketgz: return error if 'make dist' fails [79]
	 o mbedtls: enable use of mbedtls without CRL support [57]
	 o mbedtls: enable use of mbedtls without filesystem functions support [100]
	 o mbedtls: fix CURLOPT_SSLCERT_BLOB (again)
	 o mbedtls: fix ssl_init error with mbedTLS 3.1.0+ [12]
	 o mbedtls: remove #include <mbedtls/certs.h> [56]
	 o mbedtls: return CURLcode result instead of a mbedtls error code [1]
	 o md5: check md5_init_func return value
	 o mime: use a define instead of the magic number 24 [89]
	 o misc: allow curl to build with wolfssl --enable-opensslextra [43]
	 o misc: remove BeOS code and references [30]
	 o misc: remove the final watcom references [29]
	 o misc: remove unused data when IPv6 is not supported [80]
	 o mqtt: free 'sendleftovers' in disconnect [115]
	 o mqtt: free any send leftover data when done [36]
	 o multi: allow user callbacks to call curl_multi_assign [126]
	 o multi: grammar fix in comment [69]
	 o multi: remember connection_id before returning connection to pool [76]
	 o multi: set in_callback for multi interface callbacks [28]
	 o netware: remove support [72]
	 o next.d. remove .fi/.nf as they are handled by gen.pl [3]
	 o ngtcp2: adapt to changed end of headers callback proto [39]
	 o ngtcp2: fix declaration of ‘result’ shadows a previous local [14]
	 o ngtcp2: Reset dynbuf when it is fully drained [143]
	 o nss: handshake callback during shutdown has no conn->bundle [55]
	 o ntlm: remove unused feature defines [117]
	 o openldap: fix compiler warning when built without SSL support [70]
	 o openldap: implement SASL authentication [16]
	 o openldap: pass string length arguments to client_write() [116]
	 o openssl.h: avoid including OpenSSL headers here [15]
	 o openssl: check if sessionid flag is enabled before retrieving session [125]
	 o openssl: check SSL_get_ex_data to prevent potential NULL dereference [40]
	 o openssl: check the return value of BIO_new_mem_buf() [18]
	 o openssl: fix `ctx_option_t` for OpenSSL v3+
	 o openssl: fix build for version < 1.1.0 [134]
	 o openssl: return error if TLS 1.3 is requested when not supported [45]
	 o os400: Add function wrapper for system command [138]
	 o os400: Add link to QADRT devkit to README.OS400 [137]
	 o os400: Default build to target current release [139]
	 o OS400: fix typos in rpg include file [149]
	 o projects: add support for Visual Studio 17 (2022) [124]
	 o projects: fix Visual Studio wolfSSL configurations
	 o projects: remove support for MSVC before VC10 (Visual Studio 2010) [123]
	 o quiche: after leaving h3_recving state, poll again [108]
	 o quiche: change qlog file extension to `.sqlog` [44]
	 o quiche: fix upload for bigger content-length [146]
	 o quiche: handle stream reset [83]
	 o quiche: remove two leftover debug infof() outputs
	 o quiche: verify the server cert on connect [33]
	 o quiche: when *recv_body() returns data, drain it before polling again [109]
	 o README.md: fix links [118]
	 o remote-header-name.d: clarify [10]
	 o runtests.pl: disable debuginfod [51]
	 o runtests.pl: properly print the test if it contains binary zeros
	 o runtests.pl: support the nonewline attribute for the data part [21]
	 o runtests.pl: tolerate test directories without Makefile.inc [98]
	 o runtests: allow client/file to specify multiple directories
	 o runtests: make 'rustls' a testable feature
	 o runtests: make 'wolfssl' a testable feature [6]
	 o runtests: set 'oldlibssh' for libssh versions before 0.9.5 [122]
	 o rustls: add CURLOPT_CAINFO_BLOB support [26]
	 o schannel: move the algIds array out of schannel.h [135]
	 o scripts/cijobs.pl: output data about all currect CI jobs [78]
	 o scripts/completion.pl: improve zsh completion [46]
	 o scripts/copyright.pl: support many provided file names on the cmdline
	 o scripts/delta: check the file delta for current branch
	 o sectransp: mark a 3DES cipher as weak [130]
	 o setopt: do bounds-check before strdup [99]
	 o setopt: fix the TLSAUTH #ifdefs for proxy-disabled builds [53]
	 o sha256: Fix minimum OpenSSL version [102]
	 o smb: pass socket for writing and reading data instead of FIRSTSOCKET [90]
	 o ssl: reduce allocated space for ssl backend when FTP is disabled [127]
	 o test3021: disable all msys2 path transformation
	 o test374: gif data without new line at the end [20]
	 o tests/disable-scan.pl: properly detect multiple symbols per line [94]
	 o tests/unit/Makefile.am: add NSS_LIBS to build with NSS fine [85]
	 o tool_findfile: check ~/.config/curlrc too [17]
	 o tool_getparam: DNS options that need c-ares now fail without it [31]
	 o TPF: drop support [97]
	 o unit1610: init SSL library before calling SHA256 functions [152]
	 o url: exclude zonefrom_url when no ipv6 is available [103]
	 o url: given a user in the URL, find pwd for that user in netrc [11]
	 o url: keep trailing dot in host name [62]
	 o url: make Curl_disconnect return void [48]
	 o urlapi: handle "redirects" smarter [119]
	 o urldata: CONN_IS_PROXIED replaces bits.proxy when proxy can be disabled [52]
	 o urldata: remove conn->bits.user_passwd [105]
	 o version_win32: fix warning for `CURL_WINDOWS_APP` [93]
	 o vtls: fix socket check conditions [150]
	 o vtls: pass on the right SNI name [61]
	 o vxworks: drop support [65]
	 o winbuild: add parameter WITH_SSH [120]
	 o wolfssl: return CURLE_AGAIN for the SSL_ERROR_NONE case [106]
	 o wolfssl: when SSL_read() returns zero, check the error [107]
	 o write-out.d: Fix num_headers formatting
	 o x509asn1: toggle off functions not needed for diff tls backends [91]

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
 2022-04-06 17:14:06 +00:00
Peter Müller
9a7e4d8506 Switch checksums from MD5 to BLAKE2 
Historically, the MD5 checksums in our LFS files serve as a protection
against broken downloads, or accidentally corrupted source files.

While the sources are nowadays downloaded via HTTPS, it make sense to
beef up integrity protection for them, since transparently intercepting
TLS is believed to be feasible for more powerful actors, and the state
of the public PKI ecosystem is clearly not helping.

Therefore, this patch switches from MD5 to BLAKE2, updating all LFS
files as well as make.sh to deal with this checksum algorithm. BLAKE2 is
notably faster (and more secure) than SHA2, so the performance penalty
introduced by this patch is negligible, if noticeable at all.

In preparation of this patch, the toolchain files currently used have
been supplied with BLAKE2 checksums as well on
https://source.ipfire.org/.

Cc: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremeripfire.org>
 2022-04-02 14:19:25 +00:00
Adolf Belka
593adc77a7 curl: Update to version 7.81.0 
- Update from 7.80.0 to 7.81.0
- Update of rootfile
- Changelog
   7.81.0
    This release includes the following changes:
	 o mime: use percent-escaping for multipart form field and file names [1]
    This release includes the following bugfixes:
	 o asyn-ares: ares_getaddrinfo needs no happy eyeballs timer [73]
	 o azure: make the "w/o HTTP/SMTP/IMAP" build disable SSL proper [12]
	 o BINDINGS: add cURL client for PostgreSQL [68]
	 o BINDINGS: add one from Everything curl and update a link
	 o checksrc: detect more kinds of NULL comparisons we avoid [105]
	 o CI: build examples for additional code verification [75]
	 o CI: bump job to use mbedtls 3.1.0 [90]
	 o cmake: don't set _USRDLL on a static Windows build [22]
	 o cmake: prevent dev warning due to mismatched arg [94]
	 o cmake: private identifiers use CURL_ instead of CMAKE_ prefix [40]
	 o config.d: update documentation to match the path search
	 o configure: add -lm to configure for rustls build. [13]
	 o configure: better diagnostics if hyper is built wrong [6]
	 o configure: don't enable TLS when --without-* flags are used [17]
	 o configure: fix runtime-lib detection on macOS [21]
	 o curl.1: require "see also" for every documented option [27]
	 o curl: improve error message for --head with -J [42]
	 o curl_easy_cleanup.3: remove from multi handle first [3]
	 o curl_easy_escape.3: call curl_easy_cleanup in example [58]
	 o curl_easy_unescape.3: call curl_easy_cleanup in example [57]
	 o curl_multi_init.3: fix EXAMPLE formatting
	 o curl_multi_perform/socket_action.3: clarify what errors mean [70]
	 o curl_share_setopt.3: split out options into their own manpages [14]
	 o CURLOPT_STDERR.3: does not work with libcurl as a win32 DLL [51]
	 o digest: compute user:realm:pass digest w/o userhash [45]
	 o docs/checksrc: Add documentation for STRERROR [18]
	 o docs/cmdline-opts: do not say "protocols: all" [26]
	 o docs/examples: workaround broken -Wno-pedantic-ms-format
	 o docs/HTTP3: describe how to setup a h3 reverse-proxy for testing [88]
	 o docs/INSTALL.md: typo fix : added missing "get" verb [31]
	 o docs/URL-SYNTAX.md: space is not fine in a given URL
	 o docs: add known bugs list to HTTP3.md [83]
	 o docs: address proselint nits [16]
	 o docs: consistent manpage SYNOPSIS [47]
	 o docs: fix dead links, remove ECH.md
	 o docs: fix typo in OpenSSL 3 build instructions [80]
	 o docs: Update the Reducing Size section
	 o example/progressfunc: remove code for old libcurls [78]
	 o examples/multi-single.c: remove WAITMS() [98]
	 o FAQ: typo fix : "yout" ➤ "your" [30]
	 o ftp: disable warning 4706 in MSVC [85]
	 o gen.pl: improve example output format [29]
	 o github workflow: add wolfssl (removed from zuul) [103]
	 o github/workflows: add mbedtls and mbedtls-clang (removed from zuul) [92]
	 o gtls: check return code for gnutls_alpn_set_protocols [86]
	 o hash: lazy-alloc the table in Curl_hash_add() [54]
	 o http2:set_transfer_url() return early on OOM [53]
	 o HTTP3: update quiche build instructions [37]
	 o http: enable haproxy support for hyper backend [20]
	 o http: Fix CURLOPT_HTTP200ALIASES [89]
	 o http_proxy: don't close the socket (too early) [100]
	 o insecure.d: detail its use for SFTP and SCP as well [32]
	 o insecure.d: expand and clarify [28]
	 o libcurl-multi.3: "SOCKS proxy handshakes" are not blocking
	 o libcurl-security.3: mention address and URL mitigations
	 o libssh2: fix error message for sha256 mismatch
	 o libtest: avoid "assignment within conditional expression" [84]
	 o lift: ignore is a deprecated config option, use ignoreRules [35]
	 o linkcheck.yml: add CI job that checks markdown links [82]
	 o m4/curl-compilers: tell clang -Wno-pointer-bool-conversion [99]
	 o Makefile.m32: rename -winssl option to -schannel and tidy up [33]
	 o mbedTLS: add support for CURLOPT_CAINFO_BLOB [44]
	 o mbedtls: fix CURLOPT_SSLCERT_BLOB [72]
	 o mbedtls: fix private member designations for v3.1.0 [93]
	 o misc: remove unused doh flags when CURL_DISABLE_DOH is defined [71]
	 o misc: s/e-mail/email [74]
	 o multi: cleanup the socket hash when destroying it [55]
	 o multi: handle errors returned from socket/timer callbacks [52]
	 o multi: shut down CONNECT in Curl_detach_connnection [2]
	 o netrc.d: edit the .netrc example to look nicer [24]
	 o ngtcp2: verify the server cert on connect (quictls) [102]
	 o ngtcp2: verify the server certificate for the gnutls case [101]
	 o nss:set_cipher don't clobber the cipher list [38]
	 o openldap: implement STARTTLS [56]
	 o openldap: process search query response messages one by one [50]
	 o openldap: several minor improvements [69]
	 o openldap: simplify ldif generation code [77]
	 o openssl: check the return value of BIO_new() [43]
	 o openssl: define HAVE_OPENSSL_VERSION for OpenSSL 1.1.0+
	 o openssl: remove `RSA_METHOD_FLAG_NO_CHECK` handling if unavailable
	 o openssl: remove usage of deprecated `SSL_get_peer_certificate`
	 o openssl: use non-deprecated API to read key parameters
	 o page-footer: add a mention of how to report bugs to the man page
	 o page-footer: document more environment variables [23]
	 o request.d: refer to 'method' rather than 'command' [59]
	 o retry-all-errors.d: make the example complete
	 o runtests: make the SSH library a testable feature
	 o rustls: read of zero bytes might be okay [9]
	 o rustls: remove comment about checking handshaking [15]
	 o rustls: remove incorrect EOF check [10]
	 o sha256/md5: return errors when init fails [79]
	 o socks5: use appropriate ATYP for numerical IP address host names [91]
	 o test1156: enable for hyper [65]
	 o test1156: fixup the stdout check for Windows [60]
	 o test1525: tweaked for hyper [64]
	 o test1526: enable for hyper [63]
	 o test1527: enable for hyper [62]
	 o test1528: enable for hyper [61]
	 o test1554: adjust for hyper [49]
	 o test1556: adjust for hyper [48]
	 o test302[12]: run only with the libssh2 backend [8]
	 o test661: enable for hyper [66]
	 o tests/CI.md: add more information on CI environments [39]
	 o tests/data/test302[12]: fix MSYS2 path conversion of hostpubsha256 [76]
	 o tftp: mark protocol as not possible to do over CONNECT [25]
	 o tool_findfile: updated search for a file in the homedir [46]
	 o tool_operate: only set SSH related libcurl options for SSH URLs [11]
	 o tool_operate: warn if too many output arguments were found [87]
	 o url.c: fix the SIGPIPE comment for Curl_close [4]
	 o url: check ssl_config when re-use proxy connection [81]
	 o url: reduce ssl backend count for CURL_DISABLE_PROXY builds [96]
	 o urlapi: accept port number zero [34]
	 o urlapi: if possible, shorten given numerical IPv6 addresses [95]
	 o urlapi: provide more detailed return codes [36]
	 o urlapi: reject short file URLs [41]
	 o version_win32: Check build number and platform id
	 o vtls/rustls: adapt to the updated rustls_version proto [19]
	 o writeout: fix %{http_version} for HTTP/3 [7]
	 o x509asn1: return early on errors [67]
	 o zuul.d: update rustls-ffi to version 0.8.2 [5]
	 o zuul: fix quiche build pointing to wrong Cargo [104]
    This release includes the following known bugs:
	 o see docs/KNOWN_BUGS (https://curl.se/docs/knownbugs.html)

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
 2022-02-06 17:13:54 +00:00
Adolf Belka
e8e2841b1d curl: Update to version 7.80.0 
- Update from 7.79.1 to 7.80.0
- Update of rootfile
- Changelog is too long to include here.
   This update fixes 172 bugs the details of which can be found in the CHANGES file in
   the source tarball.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
 2021-12-03 18:22:28 +01:00
Adolf Belka
be52d700f1 curl: Update to version 7.79.1 
- Update from 7.78.0 to 7.79.1
- Update of rootfile not required
- Changelog
  Fixed in 7.79.1 - September 22 2021
   Bugfixes:
    Curl_http2_setup: don't change connection data on repeat invokes
    curl_multi_fdset: make FD_SET() not operate on sockets out of range
    dist: provide lib/.checksrc in the tarball
    FAQ: add GOPHERS + curl works on data, not files
    hsts: CURLSTS_FAIL from hsts read callback should fail transfer
    hsts: handle unlimited expiry
    http: fix the broken >3 digit response code detection
    strerror: use sys_errlist instead of strerror on Windows
    test1184: disable
    tests/sshserver.pl: make it work with openssh-8.7p1
  Fixed in 7.79.0 - September 15 2021
   Changes:
    bearssl: support CURLOPT_CAINFO_BLOB
    http: consider cookies over localhost to be secure
    secure transport: support CURLINFO_CERTINFO
   Bugfixes:
    CVE-2021-22945: clear the leftovers pointer when sending succeeds
    CVE-2021-22946: do not ignore --ssl-reqd
    CVE-2021-22947: reject STARTTLS server response pipelining
    ares: use ares_getaddrinfo()
    asyn-ares.c: move all version number checks to the top
    auth: do not append zero-terminator to authorisation id in kerberos
    auth: properly handle byte order in kerberos security message
    auth: use sasl authzid option in kerberos
    auth: we do not support a security layer after kerberos authentication
    BINDINGS.md: update links to use https where available
    build: fix compiler warnings
    c-hyper: deal with Expect: 100-continue combined with POSTFIELDS
    c-hyper: fix header value passed to debug callback
    c-hyper: handle HTTP/1.1 => HTTP/1.0 downgrade on reused connection
    c-hyper: initial step for 100-continue support
    c-hyper: initial support for "dumping" 1xx HTTP responses
    c-hyper: remove the hyper_executor_poll() loop from Curl_http
    CI/cirrus: reduce compile time with increased parallism
    CI: use GitHub Container Registry instead of Docker Hub
    cirrus: Add FreeBSD 13.0 job and disable sanitizer build
    cmake: avoid poll() on macOS
    cmake: sync CURL_DISABLE options
    codeql: fix error "Resource not accessible by integration"
    compressed.d: it's a request, not an order
    config.d: escape the backslash properly
    config.d: note that curlrc is used even when --config
    config: get rid of the unused HAVE_SIG_ATOMIC_T et. al.
    configure.ac: revert bad nghttp2 library detection improvements
    configure: error out if both ngtcp2 and quiche are specified
    configure: make --disable-hsts work
    configure: set classic mingw minimum OS version to XP
    configure: tweak nghttp2 library name fix
    connect: get local port + ip also when reusing connections
    connect: remove superfluous conditional
    curl-openssl.m4: check lib64 for the pkg-config file
    curl-openssl.m4: show correct output for OpenSSL v3
    curl.1: mention "global" flags
    curl.1: provide examples for each option
    curl: add warning for ignored data after quoted form parameter
    curl: add warning for incompatible parameters usage
    curl: better error message when -O fails to get a good name
    curl: stop retry if Retry-After: is longer than allowed
    curl_easy_setopt.3: improve the string copy wording
    Curl_hsts_loadcb: don't attempt to load if hsts wasn't inited
    curl_setup.h: sync values for HTTP_ONLY
    curl_url_get.3: clarify about path and query
    CURLMOPT_TIMERFUNCTION.3: remove misplaced "time"
    CURLOPT_DOH_URL.3: CURLOPT_OPENSOCKETFUNCTION is not inherited
    CURLOPT_SSL_CTX_*.3: tidy up the example
    CURLOPT_UNIX_SOCKET_PATH.3: remove nginx reference, add see also
    docs/MQTT: update state of username/password support
    docs: remove experimental mentions from HSTS and MQTT
    docs: the security list is reached at security at curl.se now
    easy: use a custom implementation of wcsdup on Windows
    examples/*hiperfifo.c: fix calloc arguments to match function proto
    examples/cookie_interface: avoid printfing time_t directly
    examples/cookie_interface: fix scan-build printf warning
    examples/ephiperfifo.c: simplify signal handler
    FAQ: add two dev related questions
    getparameter: fix the --local-port number parser
    happy-eyeballs-timeout-ms.d: polish the wording
    hostip: Make Curl_ipv6works function independent of getaddrinfo
    http2: Curl_http2_setup needs to init stream data in all invokes
    http2: revert a change that broke upgrade to h2c
    http2: revert call the handle-closed function correctly on closed stream
    http: disallow >3-digit response codes
    http: ignore content-length if any transfer-encoding is used
    http_proxy: clear 'sending' when the outgoing request is sent
    http_proxy: fix the User-Agent inclusion in CONNECT
    http_proxy: fix user-agent and custom headers for CONNECT with hyper
    http_proxy: only wait for writable socket while sending request
    INTERNALS: bump c-ares requirement to 1.16.0
    INTERNALS: c-ares has a new home: c-ares.org
    lib: don't use strerror()
    libcurl-errors.3: clarify two CURLUcode errors
    limit-rate.d: clarify base unit
    mailing lists: move from cool.haxx.se to lists.haxx.se
    mbedtls: avoid using a large buffer on the stack
    mbedTLS: initial 3.0.0 support
    mbedtls_threadlock: fix unused variable warning
    mksymbolsmanpage.pl: Fix showing symbol's last used version
    mksymbolsmanpage.pl: match symbols case insenitively
    multi: fix compiler warning with `CURL_DISABLE_WAKEUP`
    ngtcp2: compile with the latest ngtcp2 and nghttp3
    ngtcp2: fix build with ngtcp2 and nghttp3
    ngtcp2: remove the acked_crypto_offset struct field init
    ngtcp2: replace deprecated functions with nghttp3_conn_shutdown_stream_read
    ngtcp2: reset the oustanding send buffer again when drained
    ngtcp2: rework the return value handling of ngtcp2_conn_writev_stream
    ngtcp2: stop buffering crypto data
    ngtcp2: utilize crypto API functions to simplify
    openssl: annotate SSL3_MT_SUPPLEMENTAL_DATA
    openssl: when creating a new context, there cannot be an old one
    opt-docs: make sure all man pages have examples
    opt-docs: verify man page sections + order
    opts docs: unify phrasing in NAME header
    output.d: add method to suppress response bodies
    page-header: add GOPHERS, simplify wording in the 1st para
    progress: fix a compile warning on some systems
    progress: make trspeed avoid floats
    runtests: add option -u to error on server unexpectedly alive
    schannel: Work around typo in classic mingw macro
    scripts: invoke interpreters through /usr/bin/env
    setopt: enable CURLOPT_IGNORE_CONTENT_LENGTH for hyper
    strerror.h: remove the #include from files not using it
    symbols-in-versions: fix CURLSSLBACKEND_QSOSSL last used version
    test1138: remove trailing space to make work with hyper
    test1173: check references to libcurl options
    test1280: CRLFify the response to please hyper
    test1565: fix windows build errors
    test365: verify response with chunked AND Content-Length headers
    tests/*server.pl: flush output before executing subprocess
    tests/*server.py: remove pidfile on server termination
    tests/runtests.pl: cleanup copy&paste mistakes and unused code
    tests/server/*.c: align handling of portfile argument and file
    tests: adjust the tftpd output to work with hyper mode
    tests: be explicit about using 'python3' instead of 'python'
    tests: enable test 1129 for hyper builds
    tests: make three tests pass until 2037
    tool/tests: fix potential year 2038 issues
    tool_operate: Fix --fail-early with parallel transfers
    url: fix compiler warning in no-verbose builds
    urlapi.c:seturl: assert URL instead of using if-check
    vtls: fix typo in schannel_verify.c
    winbuild/README.md: clarify GEN_PDB option
    wolfssl: clean up wolfcrypt error queue
    write-out.d: clarify size_download/upload
    x509asn1: fix heap over-read when parsing x509 certificates

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2021-10-25 16:54:28 +00:00
Adolf Belka
bfa7865ec5 curl: Update to version 7.78.0 
- Update from 7.77.0 to 7.78.0
- Update of rootfile not required
- Changelog
  Changes:
    curl_url_set: reject spaces in URLs w/o CURLU_ALLOW_SPACE
    CURLE_SETOPT_OPTION_SYNTAX: new error name for wrong setopt syntax
    hostip: make 'localhost' return fixed values
    mbedtls: add support for cert and key blob options
    metalink: remove all support for it
    mqtt: add support for username and password
  Bugfixes:
    --socks4[a]: clarify where the host name is resolved
    ares: always store IPv6 addresses first
    asyn-ares: remove check for 'data' in Curl_resolver_cancel
    bearssl: explicitly initialize all fields of Curl_ssl
    bearssl: remove incorrect const on variable that is modified
    build: fix compiler warnings when CURL_DISABLE_VERBOSE_STRINGS
    c-hyper: abort CONNECT response reading early on non 2xx responses
    c-hyper: add support for transfer-encoding in the request
    c-hyper: bail on too long response headers
    c-hyper: clear NTLM auth buffer when request is issued
    c-hyper: convert HYPERE_INVALID_PEER_MESSAGE to CURLE_UNSUPPORTED_PROTOCOL
    c-hyper: fix NTLM on closed connection tested with test159
    c-hyper: fix the uploaded field in progress callbacks
    c-hyper: handle NULL from hyper_buf_copy()
    c-hyper: support CURLINFO_STARTTRANSFER_TIME
    c-hyper: support CURLOPT_HEADER
    ccsidcurl: fix the compile errors
    CI/cirrus: install impacket from PyPI instead of FreeBSD packages
    CI: add bearssl build
    CI: add Circle CI
    CI: add jobs using Zuul
    CI: delete --enable-hsts option (it is the default now)
    CI: remove travis details
    cleanup: spell DoH with a lowercase o
    cmake: add CURL_DISABLE_NTLM option
    cmake: avoid leaking absolute paths into exported config
    cmake: fix IoctlSocket FIONBIO check
    cmake: fix support for UnixSockets feature on Win32
    cmake: remove libssh2 feature checks
    cmake: try well-known send/recv signature for Apple
    configure.ac: make non-executable
    configure/cmake: remove checks for many unused functions
    configure: add --disable-ntlm option
    configure: disable RTSP when hyper is selected
    configure: do not strip out debug flags
    configure: fix nghttp2 library name for static builds
    configure: inhibit the implicit-fallthrough warning on gcc-12
    configure: rename get-easy-option configure option to get-easy-options
    conn_shutdown: if closed during CONNECT cleanup properly
    conncache: lowercase the hash key for better match
    cookies: track expiration in jar to optimize removals
    copyright: add boiler-plate headers to CI config files
    crustls: bump crustls version and use new URL
    curl.h: <sys/select.h> is supported by VxWorks7
    curl.h: include sys/select.h for NuttX RTOS
    curl: ignore blank --output-dir
    curl_endian: remove the unused Curl_write64_le function
    curl_multibyte: Remove local encoding fallbacks
    Curl_ntlm_core_mk_nt_hash: fix OOM in error path
    Curl_ssl_getsessionid: fail if no session cache exists
    CURLOPT_WRITEFUNCTION.3: minor update of the example
    docs/BINDINGS: fix outdated links
    docs/examples: use curl_multi_poll() in multi examples
    docs/INSTALL: remove mentions of configure --with-darwin-ssl
    docs: document missing arguments to commands
    docs: fix inconsistencies in EGDSOCKET documentation
    docs: fix incorrect argument name reference
    docs: Fix typos
    docs: make docs for --etag-save match the program behaviour
    docs: use --max-redirs instead of --max-redir
    doh: (void)-prefix call to curl_easy_setopt
    doh: fix wrong DEBUGASSERT for doh private_data
    easy: during upkeep, attach Curl_easy to connections in the cache
    examples/multi-single: fix scan-build warning
    examples: length-limit two sscanf() uses of %s
    examples: safer and more proper read callback logic
    filecheck: quietly remove test-place/*~
    formdata: avoid "Argument cannot be negative" warning
    formdata: correct typecast in curl_mime_data call
    GHA: add a linux-hyper job
    GHA: add several libcurl tests to the hyper job
    GHA: run the newly fixed tests with hyper
    github: timeout jobs on macOS after 90 minutes
    glob: pass an 'int' as len when using printf's %*s
    gnutls: set the preferred TLS versions in correct order
    GOVERNANCE: add 'user', 'committer' and 'contributor'
    hostip: (macOS) free returned memory of SCDynamicStoreCopyProxies
    hostip: bad CURLOPT_RESOLVE syntax now returns error
    hsts: ignore numberical IP address hosts
    HSTS: not experimental anymore
    http2: clarify 'Using HTTP2' verbose message
    http2: init recvbuf struct for pushed streams
    http2_connisdead: handle trailing GOAWAY better
    http: fix crash in rate-limited upload
    http: make the haproxy support work with unix domain sockets
    http_proxy: deal with non-200 CONNECT response with Hyper
    hyper: propagate errors back up from read callbacks
    HYPER: remove mentions of deprecated development branch
    idn: fix libidn2 with windows unicode builds
    infof: remove newline from format strings, always append it
    lib: don't compare fd to FD_SETSIZE when using poll
    lib: fix compiler warnings with CURL_DISABLE_NETRC
    lib: fix type of len passed to *printf's %*s
    lib: more %u for port and int for %*s fixes
    lib: use %u instead of %ld for port number printf
    libcurl-security.3: mention file descriptors and forks
    libssh2: limit time a disconnect can take to 1 second
    mbedtls: make mbedtls_strerror always work
    mbedtls: Remove unnecessary include
    mqtt: detect illegal and too large file size
    mqtt: extend the error message for no topic
    msnprintf: return number of printed characters excluding null byte
    multi: add scan-build-6 work-around in curl_multi_fdset
    multi: alter transfer timeout ordering
    multi: do not switch off connect_only flag when closing
    multi: fix crash in curl_multi_wait / curl_multi_poll
    netrc: skip 'macdef' definitions
    ngtcp2: disable TLSv1.3 compatible mode when using GnuTLS
    openssl: avoid static variable for seed flag
    openssl: don't remove session id entry in disassociate
    pinnedpubkey.d: fix formatting for version support lists
    proto.d: fix formatting for paragraphs after margin changes
    quiche: use send() instead of sendto() to avoid macOS issue
    Revert "c-hyper: handle body on HYPER_TASK_EMPTY"
    Revert "ftp: Expression 'ftpc->wait_data_conn' is always false"
    runtests: also find the last test in Makefile.inc
    runtests: enable 'hyper mode' only for HTTP tests
    runtests: init $VERSION to avoid warnings when using -l
    runtests: parse data/Makefile.inc instead of using make
    runtests: skip disabled tests unless -f is used
    rustls: remove native_roots fallback
    schannel: set ALPN length correctly for HTTP/2
    SChannel: Use '_tcsncmp()' instead
    sectransp: check for client certs by name first, then file
    setopt: fix incorrect comments
    socketpair: fix potential hangs
    socks4: scan for the IPv4 address in resolve results
    ssl: read pending close notify alert before closing the connection
    sws: malloc request struct instead of using stack
    telnet: fix option parser to not send uninitialized contents
    test1116: hyper doesn't pass through "surprise-trailers"
    test1147: hyper doesn't allow "crazy" request headers like built-in
    test1151: added missing CRLF to work with hyper
    test1216: adjusted for hyper mode
    test1218: adjusted for hyper mode
    test1230: adjust to work in hyper mode
    test1340/1341: adjusted for hyper mode
    test1438/1457: add HTTP keyword to make hyper mode work
    test1514: add a CRLF to the response to make it correct
    test1518: adjusted to work with hyper
    test1519: adjusted to work with hyper
    test1594/1595/1596: fix to work in hyper mode
    test269: disable for hyper
    test3010: work with hyper mode
    test328: avoid a header-looking body to make hyper mode work
    test339: CRLFify better to work in hyper mode
    test347: CRLFify to work in hyper mode
    test393: make Content-Length fit within 64 bit for hyper
    test394: hyper returns a different error
    test395: hyper cannot work around > 64 bit content-lengths like built-in
    test433: adjust for hyper mode
    test434: add HTTP keyword
    test500: adjust to work with hyper mode
    test566: adjust to work with hyper mode
    test599: adjusted to work in hyper mode
    test644: remove as duplicate of test 587
    tests: fix Accept-Encoding strips to work with Hyper builds
    TLS: prevent shutdown loops to get stuck
    tool: make _lseeki64() macro work with the PellesC compiler
    tool_help: document that --tlspassword takes a password
    tool_help: remove unused define
    url.c: remove two variable assigns that are never read
    url: (void)-prefix a curl_url_get() call
    url: bad CURLOPT_CONNECT_TO syntax now returns error
    version: turn version number functions into returning void
    vtls: exit addsessionid if no cache is inited
    vtls: fix connection reuse checks for issuer cert and case sensitivity
    vtls: only store TIMER_APPCONNECT for non-proxy connect
    vtls: use free() not curl_free()
    warnless: simplify type size handling
    Win32: fix build with Watt-32
    winbuild/README: VC should be set to 6 'or larger'
    winbuild: support alternate nghttp2 static lib name
    wolfssl: failing to set a session id is not reason to error out
    write-out.d: clarify urlnum is not unique for de-globbed URLs
    zuul: use the new rustls directory name

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2021-09-05 08:53:35 +00:00
Adolf Belka
abcabf673e curl: Update to 7.77.0 
- Update from 7.76.1 to 7.77.0
- Update rootfile
- Changelog is too large to include here. It can be accesed at
   https://curl.se/changes.html
   There are 5 changes and 133 bug fixes of which 3 are related to CVE's

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2021-05-31 12:40:11 +00:00
Adolf Belka
d5b6dfba96 curl: Update to 7.76.1 
- Update from 7.75.0 to 7.76.1
- Update of rootfile
- Changelog is too large to include here.
   Full details can be found in the CHANGES file in the source tarball

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2021-04-20 09:06:16 +00:00
Matthias Fischer
2e4321c1f4 curl: Update to 7.75 
For details see:
https://curl.se/changes.html

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2021-02-05 11:22:59 +00:00
Peter Müller
a30f94ac4a curl: update to 7.73.0 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-11-05 23:33:29 +00:00
Erik Kapfer
0d1054abc9 curl: Update to version 7.71.1 
Several bugfixes and vulnerabilities has been fixed since the current available version 7.64.0 .

For a full overview, the changelog is located in here --> https://curl.haxx.se/changes.html,
a security problem overview in here --> https://curl.haxx.se/docs/security.html .

Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-08-17 10:09:10 +00:00
Matthias Fischer
d5b7f82a40 curl: Update to 7.64.0 
Hi,

For details see:
https://curl.haxx.se/changes.html

This came rather unexpected - if I'd known, I'd have waited with 7.63.0.

"Changes:
cookies: leave secure cookies alone
hostip: support wildcard hosts
http: Implement trailing headers for chunked transfers
http: added options for allowing HTTP/0.9 responses
timeval: Use high resolution timestamps on Windows

Bugfixes:
CVE-2018-16890: NTLM type-2 out-of-bounds buffer read
CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow
CVE-2019-3823: SMTP end-of-response out-of-bounds read
FAQ: remove mention of sourceforge for github
OS400: handle memory error in list conversion
OS400: upgrade ILE/RPG binding.
README: add codacy code quality badge
Revert http_negotiate: do not close connection
THANKS: added several missing names from year <= 2000
build: make 'tidy' target work for metalink builds
cmake: added checks for variadic macros
cmake: updated check for HAVE_POLL_FINE to match autotools
cmake: use lowercase for function name like the rest of the code
configure: detect xlclang separately from clang
configure: fix recv/send/select detection on Android
configure: rewrite --enable-code-coverage
conncache_unlock: avoid indirection by changing input argument type
cookie: fix comment typo
cookies: allow secure override when done over HTTPS
cookies: extend domain checks to non psl builds
cookies: skip custom cookies when redirecting cross-site
curl --xattr: strip credentials from any URL that is stored
curl -J: refuse to append to the destination file
curl/urlapi.h: include "curl.h" first
curl_multi_remove_handle() don't block terminating c-ares requests
darwinssl: accept setting max-tls with default min-tls
disconnect: separate connections and easy handles better
disconnect: set conn->data for protocol disconnect
docs/version.d: mention MultiSSL
docs: fix the --tls-max description
docs: use $(INSTALL_DATA) to install man page
docs: use meaningless port number in CURLOPT_LOCALPORT example
gopher: always include the entire gopher-path in request
http2: clear pause stream id if it gets closed
if2ip: remove unused function Curl_if_is_interface_name
libssh: do not let libssh create socket
libssh: enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION for libssh
libssh: free sftp_canonicalize_path() data correctly
libtest/stub_gssapi: use "real" snprintf
mbedtls: use VERIFYHOST
multi: multiplexing improvements
multi: set the EXPIRE_*TIMEOUT timers at TIMER_STARTSINGLE time
ntlm: fix NTMLv2 compliance
ntlm_sspi: add support for channel binding
openssl: adapt to 3.0.0, OpenSSL_version_num() is deprecated
openssl: fix the SSL_get_tlsext_status_ocsp_resp call
openvms: fix OpenSSL discovery on VAX
openvms: fix typos in documentation
os400: add a missing closing bracket
os400: fix extra parameter syntax error
pingpong: change default response timeout to 120 seconds
pingpong: ignore regular timeout in disconnect phase
printf: fix format specifiers
runtests.pl: Fix perl call to include srcdir
schannel: fix compiler warning
schannel: preserve original certificate path parameter
schannel: stop calling it "winssl"
sigpipe: if mbedTLS is used, ignore SIGPIPE
smb: fix incorrect path in request if connection reused
ssh: log the libssh2 error message when ssh session startup fails
test1558: verify CURLINFO_PROTOCOL on file:// transfer
test1561: improve test name
test1653: make it survive torture tests
tests: allow tests to pass by 2037-02-12
tests: move objnames-* from lib into tests
timediff: fix math for unsigned time_t
timeval: Disable MSVC Analyzer GetTickCount warning
tool_cb_prg: avoid integer overflow
travis: added cmake build for osx
urlapi: Fix port parsing of eol colon
urlapi: distinguish possibly empty query
urlapi: fix parsing ipv6 with zone index
urldata: rename easy_conn to just conn
winbuild: conditionally use /DZLIB_WINAPI
wolfssl: fix memory-leak in threaded use
spnego_sspi: add support for channel binding"

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-13 11:27:53 +00:00
Matthias Fischer
d2b7811b15 curl: Update to 7.63.0 
For details see:
https://curl.haxx.se/changes.html

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 00:14:59 +00:00
Peter Müller
eee037b890 update disclaimer in LFS files 
Most of these files still used old dates and/or domain names for contact
mail addresses. This is now replaced by an up-to-date copyright line.

Just some housekeeping... :-)

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-09-10 19:20:36 +01:00
Michael Tremer
4d888e6854 curl: Drop old compatibility symlink 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-04-02 15:50:09 +01:00
Peter Müller
dd48a7aac8 curl: update to 7.59.0 
Update curl to 7.59.0 which fixes a number of bugs and
some minor security issues.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-03-26 19:03:29 +01:00
Marcel Lorenz
2a53bafffe curl: update to 7.49.1 
https://curl.haxx.se/changes.html#7_49_1

Signed-off-by: Marcel Lorenz <marcel.lorenz@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-07-14 23:24:56 +01:00
Sascha Kilian
cd4ca08231 Update: curl to 7.48.0 
Signed-off-by: Sascha Kilian <sascha@sakisoft.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-04-26 22:28:18 +01:00
Michael Tremer
54206b6e35 curl: Fix certificate validation 
curl did not find the certificate bundle so that server
certificates could not be verified.

Fixes #10995

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-12-19 14:12:29 +00:00
Matthias Fischer
bdb1c52534 curl: Update to 7.43.0 2015-06-26 18:07:49 +02:00
Matthias Fischer
6a71b0b013 curl: Update to 7.40.0 2015-01-19 20:16:41 +01:00
Michael Tremer
f8c079150e curl: Update to 7.31.0. 
Disable IPv6 in order to avoid that AAAA record resolution
which may kill squidclamav.
 2013-07-03 20:32:07 +02:00
Michael Tremer
68053bcc1d curl: Update to 7.29.0. 
Security fix for http://curl.haxx.se/docs/adv_20130206.html.
 2013-02-12 20:13:59 +01:00
Erik Kapfer
cd1da6ff45 curl: Update to 7.24.0. 2012-10-09 11:12:32 +02:00
Arne Fitzenreiter
a60b61eecb Updated curl to 7.19.5 2009-05-22 00:01:50 +02:00
Arne Fitzenreiter
1772cfdee0 Add curl symlink to made old binaries use new lib 2009-03-20 20:07:38 +01:00
Arne Fitzenreiter
a35863c5df Upgraded curl to current stable and add it to core28 2009-03-04 18:21:46 +01:00
ms
70df830214 Ein Paar Dateien fuer die GPLv3 angepasst. 
git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@853 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8
 2007-08-29 13:25:32 +00:00
ms
eac942d9e2 Nochma nen anderen Torrent-Client versuchen... 
git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@650 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8
 2007-06-27 23:53:47 +00:00