- Update from 7.81.0 to 7.82.0
- Update of rootfile not required
- Changelog
Versionl 7.82.0
This release includes the following changes:
o curl: add --json [67]
o mesalink: remove support [23]
This release includes the following bugfixes:
o appveyor: update images from VS 2019 to 2022
o appveyor: use VS 2017 image for the autotools builds
o azure-pipelines: add a build on Windows with libssh [154]
o bearssl: fix connect error on expired cert and no verify [132]
o bearssl: fix EXC_BAD_ACCESS on incomplete CA cert [131]
o bearssl: fix session resumption (session id) [133]
o build: enable -Warith-conversion
o build: fix -Wenum-conversion handling
o build: fix ngtcp2 crypto library detection [63]
o checkprefix: remove strlen calls [128]
o checksrc: fix typo in comment [34]
o CI: move 'distcheck' job from zuul to azure pipelines [60]
o CI: move scan-build job from Zuul to Azure Pipelines [59]
o CI: move the NSS job from zuul to GHA [84]
o ci: move the OpenSSL + c-ares job from Zuul to Circle CI [75]
o CI: move the rustls CI job to GHA from Zuul [8]
o CI: move two jobs from Zuul to Circle CI [73]
o CI: test building wolfssl with --enable-opensslextra [42]
o CI: workflows/wolfssl: install impacket [47]
o circleci: add a job using libssh [121]
o cirlceci: also run a c-ares job on arm with debug enabled [74]
o cmake: fix iOS CMake project generation error [13]
o cmdline-opts/gen.pl: fix option matching to improve references [50]
o config.d: Clarify _curlrc filename is still valid on Windows [95]
o configure.ac: use user-specified gssapi dir when using pkg-config [136]
o configure: change output for cross-compiled alt-svc support [140]
o configure: fix '--enable-code-coverage' typo [110]
o configure: remove support for "embedded ares" [82]
o configure: requires --with-nss-deprecated to build with NSS [114]
o configure: set CURL_LIBRARY_PATH for nghttp2 [58]
o configure: support specification of a nghttp2 library path [101]
o configure: use correct CFLAGS for threaded resolver with xlC on AIX [54]
o curl tool: erase some more sensitive command line arguments [22]
o curl-functions.m4: fix LIBRARY_PATH adjustment to avoid eval [5]
o curl-functions.m4: revert DYLD_LIBRARY_PATH tricks in CURL_RUN_IFELSE [9]
o curl-openssl: fix SRP check for OpenSSL 3.0 [86]
o curl-openssl: remove the OpenSSL headers and library versions check [35]
o curl.h: fix typo [129]
o curl: remove "separators" (when using globbed URLs) [32]
o curl_getdate.3: remove pointless .PP line [68]
o curl_multi_socket.3: remove callback and typical usage descriptions [7]
o curl_url_set.3: mention when CURLU_ALLOW_SPACE was added
o CURLMOPT_TIMERFUNCTION/DATA.3: fix the examples [27]
o CURLOPT_PROGRESSFUNCTION.3: fix example struct assignment [147]
o CURLOPT_RESOLVE.3: change example port to 443
o CURLOPT_XFERINFOFUNCTION.3: fix example struct assignment [153]
o CURLOPT_XFERINFOFUNCTION.3: fix typo in example [81]
o CURLSHOPT_LOCKFUNC.3: fix typo "relased" -> "released" [71]
o des: fix compile break for OpenSSL without DES [141]
o docs/cmdline-opts: add "mutexed" options for more http versions [25]
o docs/DEPRECATE: remove NPN support in August 2022 [64]
o docs: capitalize the name 'Netscape' [77]
o docs: document HTTP/2 not insisting on TLS 1.2 [49]
o docs: fix mandoc -T lint formatting complaints [2]
o docs: update IETF links to use datatracker [41]
o examples/curlx: support building with OpenSSL 1.1.0+ [148]
o examples/multi-app.c: call curl_multi_remove_handle as well [19]
o formdata: avoid size_t => long typecast overflows [37]
o ftp: provide error message for control bytes in path [66]
o gen.pl: terminate "example" sections better [4]
o gha: add a macOS CI job with libssh [142]
o gskit: Convert to using Curl_poll [111]
o gskit: Fix errors from Curl_strerror refactor [113]
o gskit: Fix initialization of Curl_ssl_gskit struct [112]
o h2/h3: allow CURLOPT_HTTPHEADER change ":scheme" [88]
o hostcheck: fixed to not touch used input strings [38]
o hostcheck: reduce strlen calls on chained certificates [92]
o hostip: avoid unused parameter error in Curl_resolv_check [144]
o http2: move two infof calls to debug-h2-only [145]
o http: make Curl_compareheader() take string length arguments too [87]
o if2ip: make Curl_ipv6_scope a blank macro when IPv6-disabled [104]
o KNOWN_BUGS: fix typo "libpsl"
o ldap: return CURLE_URL_MALFORMAT for bad URL [24]
o lib: remove support for CURL_DOES_CONVERSIONS [96]
o libssh2: don't typecast socket to int for libssh2_session_handshake [151]
o libssh: fix include files and defines use for Windows builds [156]
o Makefile.am: Generate VS 2022 projects
o maketgz: return error if 'make dist' fails [79]
o mbedtls: enable use of mbedtls without CRL support [57]
o mbedtls: enable use of mbedtls without filesystem functions support [100]
o mbedtls: fix CURLOPT_SSLCERT_BLOB (again)
o mbedtls: fix ssl_init error with mbedTLS 3.1.0+ [12]
o mbedtls: remove #include <mbedtls/certs.h> [56]
o mbedtls: return CURLcode result instead of a mbedtls error code [1]
o md5: check md5_init_func return value
o mime: use a define instead of the magic number 24 [89]
o misc: allow curl to build with wolfssl --enable-opensslextra [43]
o misc: remove BeOS code and references [30]
o misc: remove the final watcom references [29]
o misc: remove unused data when IPv6 is not supported [80]
o mqtt: free 'sendleftovers' in disconnect [115]
o mqtt: free any send leftover data when done [36]
o multi: allow user callbacks to call curl_multi_assign [126]
o multi: grammar fix in comment [69]
o multi: remember connection_id before returning connection to pool [76]
o multi: set in_callback for multi interface callbacks [28]
o netware: remove support [72]
o next.d. remove .fi/.nf as they are handled by gen.pl [3]
o ngtcp2: adapt to changed end of headers callback proto [39]
o ngtcp2: fix declaration of ‘result’ shadows a previous local [14]
o ngtcp2: Reset dynbuf when it is fully drained [143]
o nss: handshake callback during shutdown has no conn->bundle [55]
o ntlm: remove unused feature defines [117]
o openldap: fix compiler warning when built without SSL support [70]
o openldap: implement SASL authentication [16]
o openldap: pass string length arguments to client_write() [116]
o openssl.h: avoid including OpenSSL headers here [15]
o openssl: check if sessionid flag is enabled before retrieving session [125]
o openssl: check SSL_get_ex_data to prevent potential NULL dereference [40]
o openssl: check the return value of BIO_new_mem_buf() [18]
o openssl: fix `ctx_option_t` for OpenSSL v3+
o openssl: fix build for version < 1.1.0 [134]
o openssl: return error if TLS 1.3 is requested when not supported [45]
o os400: Add function wrapper for system command [138]
o os400: Add link to QADRT devkit to README.OS400 [137]
o os400: Default build to target current release [139]
o OS400: fix typos in rpg include file [149]
o projects: add support for Visual Studio 17 (2022) [124]
o projects: fix Visual Studio wolfSSL configurations
o projects: remove support for MSVC before VC10 (Visual Studio 2010) [123]
o quiche: after leaving h3_recving state, poll again [108]
o quiche: change qlog file extension to `.sqlog` [44]
o quiche: fix upload for bigger content-length [146]
o quiche: handle stream reset [83]
o quiche: remove two leftover debug infof() outputs
o quiche: verify the server cert on connect [33]
o quiche: when *recv_body() returns data, drain it before polling again [109]
o README.md: fix links [118]
o remote-header-name.d: clarify [10]
o runtests.pl: disable debuginfod [51]
o runtests.pl: properly print the test if it contains binary zeros
o runtests.pl: support the nonewline attribute for the data part [21]
o runtests.pl: tolerate test directories without Makefile.inc [98]
o runtests: allow client/file to specify multiple directories
o runtests: make 'rustls' a testable feature
o runtests: make 'wolfssl' a testable feature [6]
o runtests: set 'oldlibssh' for libssh versions before 0.9.5 [122]
o rustls: add CURLOPT_CAINFO_BLOB support [26]
o schannel: move the algIds array out of schannel.h [135]
o scripts/cijobs.pl: output data about all currect CI jobs [78]
o scripts/completion.pl: improve zsh completion [46]
o scripts/copyright.pl: support many provided file names on the cmdline
o scripts/delta: check the file delta for current branch
o sectransp: mark a 3DES cipher as weak [130]
o setopt: do bounds-check before strdup [99]
o setopt: fix the TLSAUTH #ifdefs for proxy-disabled builds [53]
o sha256: Fix minimum OpenSSL version [102]
o smb: pass socket for writing and reading data instead of FIRSTSOCKET [90]
o ssl: reduce allocated space for ssl backend when FTP is disabled [127]
o test3021: disable all msys2 path transformation
o test374: gif data without new line at the end [20]
o tests/disable-scan.pl: properly detect multiple symbols per line [94]
o tests/unit/Makefile.am: add NSS_LIBS to build with NSS fine [85]
o tool_findfile: check ~/.config/curlrc too [17]
o tool_getparam: DNS options that need c-ares now fail without it [31]
o TPF: drop support [97]
o unit1610: init SSL library before calling SHA256 functions [152]
o url: exclude zonefrom_url when no ipv6 is available [103]
o url: given a user in the URL, find pwd for that user in netrc [11]
o url: keep trailing dot in host name [62]
o url: make Curl_disconnect return void [48]
o urlapi: handle "redirects" smarter [119]
o urldata: CONN_IS_PROXIED replaces bits.proxy when proxy can be disabled [52]
o urldata: remove conn->bits.user_passwd [105]
o version_win32: fix warning for `CURL_WINDOWS_APP` [93]
o vtls: fix socket check conditions [150]
o vtls: pass on the right SNI name [61]
o vxworks: drop support [65]
o winbuild: add parameter WITH_SSH [120]
o wolfssl: return CURLE_AGAIN for the SSL_ERROR_NONE case [106]
o wolfssl: when SSL_read() returns zero, check the error [107]
o write-out.d: Fix num_headers formatting
o x509asn1: toggle off functions not needed for diff tls backends [91]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Historically, the MD5 checksums in our LFS files serve as a protection
against broken downloads, or accidentally corrupted source files.
While the sources are nowadays downloaded via HTTPS, it make sense to
beef up integrity protection for them, since transparently intercepting
TLS is believed to be feasible for more powerful actors, and the state
of the public PKI ecosystem is clearly not helping.
Therefore, this patch switches from MD5 to BLAKE2, updating all LFS
files as well as make.sh to deal with this checksum algorithm. BLAKE2 is
notably faster (and more secure) than SHA2, so the performance penalty
introduced by this patch is negligible, if noticeable at all.
In preparation of this patch, the toolchain files currently used have
been supplied with BLAKE2 checksums as well on
https://source.ipfire.org/.
Cc: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremeripfire.org>
- Update from 7.80.0 to 7.81.0
- Update of rootfile
- Changelog
7.81.0
This release includes the following changes:
o mime: use percent-escaping for multipart form field and file names [1]
This release includes the following bugfixes:
o asyn-ares: ares_getaddrinfo needs no happy eyeballs timer [73]
o azure: make the "w/o HTTP/SMTP/IMAP" build disable SSL proper [12]
o BINDINGS: add cURL client for PostgreSQL [68]
o BINDINGS: add one from Everything curl and update a link
o checksrc: detect more kinds of NULL comparisons we avoid [105]
o CI: build examples for additional code verification [75]
o CI: bump job to use mbedtls 3.1.0 [90]
o cmake: don't set _USRDLL on a static Windows build [22]
o cmake: prevent dev warning due to mismatched arg [94]
o cmake: private identifiers use CURL_ instead of CMAKE_ prefix [40]
o config.d: update documentation to match the path search
o configure: add -lm to configure for rustls build. [13]
o configure: better diagnostics if hyper is built wrong [6]
o configure: don't enable TLS when --without-* flags are used [17]
o configure: fix runtime-lib detection on macOS [21]
o curl.1: require "see also" for every documented option [27]
o curl: improve error message for --head with -J [42]
o curl_easy_cleanup.3: remove from multi handle first [3]
o curl_easy_escape.3: call curl_easy_cleanup in example [58]
o curl_easy_unescape.3: call curl_easy_cleanup in example [57]
o curl_multi_init.3: fix EXAMPLE formatting
o curl_multi_perform/socket_action.3: clarify what errors mean [70]
o curl_share_setopt.3: split out options into their own manpages [14]
o CURLOPT_STDERR.3: does not work with libcurl as a win32 DLL [51]
o digest: compute user:realm:pass digest w/o userhash [45]
o docs/checksrc: Add documentation for STRERROR [18]
o docs/cmdline-opts: do not say "protocols: all" [26]
o docs/examples: workaround broken -Wno-pedantic-ms-format
o docs/HTTP3: describe how to setup a h3 reverse-proxy for testing [88]
o docs/INSTALL.md: typo fix : added missing "get" verb [31]
o docs/URL-SYNTAX.md: space is not fine in a given URL
o docs: add known bugs list to HTTP3.md [83]
o docs: address proselint nits [16]
o docs: consistent manpage SYNOPSIS [47]
o docs: fix dead links, remove ECH.md
o docs: fix typo in OpenSSL 3 build instructions [80]
o docs: Update the Reducing Size section
o example/progressfunc: remove code for old libcurls [78]
o examples/multi-single.c: remove WAITMS() [98]
o FAQ: typo fix : "yout" ➤ "your" [30]
o ftp: disable warning 4706 in MSVC [85]
o gen.pl: improve example output format [29]
o github workflow: add wolfssl (removed from zuul) [103]
o github/workflows: add mbedtls and mbedtls-clang (removed from zuul) [92]
o gtls: check return code for gnutls_alpn_set_protocols [86]
o hash: lazy-alloc the table in Curl_hash_add() [54]
o http2:set_transfer_url() return early on OOM [53]
o HTTP3: update quiche build instructions [37]
o http: enable haproxy support for hyper backend [20]
o http: Fix CURLOPT_HTTP200ALIASES [89]
o http_proxy: don't close the socket (too early) [100]
o insecure.d: detail its use for SFTP and SCP as well [32]
o insecure.d: expand and clarify [28]
o libcurl-multi.3: "SOCKS proxy handshakes" are not blocking
o libcurl-security.3: mention address and URL mitigations
o libssh2: fix error message for sha256 mismatch
o libtest: avoid "assignment within conditional expression" [84]
o lift: ignore is a deprecated config option, use ignoreRules [35]
o linkcheck.yml: add CI job that checks markdown links [82]
o m4/curl-compilers: tell clang -Wno-pointer-bool-conversion [99]
o Makefile.m32: rename -winssl option to -schannel and tidy up [33]
o mbedTLS: add support for CURLOPT_CAINFO_BLOB [44]
o mbedtls: fix CURLOPT_SSLCERT_BLOB [72]
o mbedtls: fix private member designations for v3.1.0 [93]
o misc: remove unused doh flags when CURL_DISABLE_DOH is defined [71]
o misc: s/e-mail/email [74]
o multi: cleanup the socket hash when destroying it [55]
o multi: handle errors returned from socket/timer callbacks [52]
o multi: shut down CONNECT in Curl_detach_connnection [2]
o netrc.d: edit the .netrc example to look nicer [24]
o ngtcp2: verify the server cert on connect (quictls) [102]
o ngtcp2: verify the server certificate for the gnutls case [101]
o nss:set_cipher don't clobber the cipher list [38]
o openldap: implement STARTTLS [56]
o openldap: process search query response messages one by one [50]
o openldap: several minor improvements [69]
o openldap: simplify ldif generation code [77]
o openssl: check the return value of BIO_new() [43]
o openssl: define HAVE_OPENSSL_VERSION for OpenSSL 1.1.0+
o openssl: remove `RSA_METHOD_FLAG_NO_CHECK` handling if unavailable
o openssl: remove usage of deprecated `SSL_get_peer_certificate`
o openssl: use non-deprecated API to read key parameters
o page-footer: add a mention of how to report bugs to the man page
o page-footer: document more environment variables [23]
o request.d: refer to 'method' rather than 'command' [59]
o retry-all-errors.d: make the example complete
o runtests: make the SSH library a testable feature
o rustls: read of zero bytes might be okay [9]
o rustls: remove comment about checking handshaking [15]
o rustls: remove incorrect EOF check [10]
o sha256/md5: return errors when init fails [79]
o socks5: use appropriate ATYP for numerical IP address host names [91]
o test1156: enable for hyper [65]
o test1156: fixup the stdout check for Windows [60]
o test1525: tweaked for hyper [64]
o test1526: enable for hyper [63]
o test1527: enable for hyper [62]
o test1528: enable for hyper [61]
o test1554: adjust for hyper [49]
o test1556: adjust for hyper [48]
o test302[12]: run only with the libssh2 backend [8]
o test661: enable for hyper [66]
o tests/CI.md: add more information on CI environments [39]
o tests/data/test302[12]: fix MSYS2 path conversion of hostpubsha256 [76]
o tftp: mark protocol as not possible to do over CONNECT [25]
o tool_findfile: updated search for a file in the homedir [46]
o tool_operate: only set SSH related libcurl options for SSH URLs [11]
o tool_operate: warn if too many output arguments were found [87]
o url.c: fix the SIGPIPE comment for Curl_close [4]
o url: check ssl_config when re-use proxy connection [81]
o url: reduce ssl backend count for CURL_DISABLE_PROXY builds [96]
o urlapi: accept port number zero [34]
o urlapi: if possible, shorten given numerical IPv6 addresses [95]
o urlapi: provide more detailed return codes [36]
o urlapi: reject short file URLs [41]
o version_win32: Check build number and platform id
o vtls/rustls: adapt to the updated rustls_version proto [19]
o writeout: fix %{http_version} for HTTP/3 [7]
o x509asn1: return early on errors [67]
o zuul.d: update rustls-ffi to version 0.8.2 [5]
o zuul: fix quiche build pointing to wrong Cargo [104]
This release includes the following known bugs:
o see docs/KNOWN_BUGS (https://curl.se/docs/knownbugs.html)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 7.79.1 to 7.80.0
- Update of rootfile
- Changelog is too long to include here.
This update fixes 172 bugs the details of which can be found in the CHANGES file in
the source tarball.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 7.78.0 to 7.79.1
- Update of rootfile not required
- Changelog
Fixed in 7.79.1 - September 22 2021
Bugfixes:
Curl_http2_setup: don't change connection data on repeat invokes
curl_multi_fdset: make FD_SET() not operate on sockets out of range
dist: provide lib/.checksrc in the tarball
FAQ: add GOPHERS + curl works on data, not files
hsts: CURLSTS_FAIL from hsts read callback should fail transfer
hsts: handle unlimited expiry
http: fix the broken >3 digit response code detection
strerror: use sys_errlist instead of strerror on Windows
test1184: disable
tests/sshserver.pl: make it work with openssh-8.7p1
Fixed in 7.79.0 - September 15 2021
Changes:
bearssl: support CURLOPT_CAINFO_BLOB
http: consider cookies over localhost to be secure
secure transport: support CURLINFO_CERTINFO
Bugfixes:
CVE-2021-22945: clear the leftovers pointer when sending succeeds
CVE-2021-22946: do not ignore --ssl-reqd
CVE-2021-22947: reject STARTTLS server response pipelining
ares: use ares_getaddrinfo()
asyn-ares.c: move all version number checks to the top
auth: do not append zero-terminator to authorisation id in kerberos
auth: properly handle byte order in kerberos security message
auth: use sasl authzid option in kerberos
auth: we do not support a security layer after kerberos authentication
BINDINGS.md: update links to use https where available
build: fix compiler warnings
c-hyper: deal with Expect: 100-continue combined with POSTFIELDS
c-hyper: fix header value passed to debug callback
c-hyper: handle HTTP/1.1 => HTTP/1.0 downgrade on reused connection
c-hyper: initial step for 100-continue support
c-hyper: initial support for "dumping" 1xx HTTP responses
c-hyper: remove the hyper_executor_poll() loop from Curl_http
CI/cirrus: reduce compile time with increased parallism
CI: use GitHub Container Registry instead of Docker Hub
cirrus: Add FreeBSD 13.0 job and disable sanitizer build
cmake: avoid poll() on macOS
cmake: sync CURL_DISABLE options
codeql: fix error "Resource not accessible by integration"
compressed.d: it's a request, not an order
config.d: escape the backslash properly
config.d: note that curlrc is used even when --config
config: get rid of the unused HAVE_SIG_ATOMIC_T et. al.
configure.ac: revert bad nghttp2 library detection improvements
configure: error out if both ngtcp2 and quiche are specified
configure: make --disable-hsts work
configure: set classic mingw minimum OS version to XP
configure: tweak nghttp2 library name fix
connect: get local port + ip also when reusing connections
connect: remove superfluous conditional
curl-openssl.m4: check lib64 for the pkg-config file
curl-openssl.m4: show correct output for OpenSSL v3
curl.1: mention "global" flags
curl.1: provide examples for each option
curl: add warning for ignored data after quoted form parameter
curl: add warning for incompatible parameters usage
curl: better error message when -O fails to get a good name
curl: stop retry if Retry-After: is longer than allowed
curl_easy_setopt.3: improve the string copy wording
Curl_hsts_loadcb: don't attempt to load if hsts wasn't inited
curl_setup.h: sync values for HTTP_ONLY
curl_url_get.3: clarify about path and query
CURLMOPT_TIMERFUNCTION.3: remove misplaced "time"
CURLOPT_DOH_URL.3: CURLOPT_OPENSOCKETFUNCTION is not inherited
CURLOPT_SSL_CTX_*.3: tidy up the example
CURLOPT_UNIX_SOCKET_PATH.3: remove nginx reference, add see also
docs/MQTT: update state of username/password support
docs: remove experimental mentions from HSTS and MQTT
docs: the security list is reached at security at curl.se now
easy: use a custom implementation of wcsdup on Windows
examples/*hiperfifo.c: fix calloc arguments to match function proto
examples/cookie_interface: avoid printfing time_t directly
examples/cookie_interface: fix scan-build printf warning
examples/ephiperfifo.c: simplify signal handler
FAQ: add two dev related questions
getparameter: fix the --local-port number parser
happy-eyeballs-timeout-ms.d: polish the wording
hostip: Make Curl_ipv6works function independent of getaddrinfo
http2: Curl_http2_setup needs to init stream data in all invokes
http2: revert a change that broke upgrade to h2c
http2: revert call the handle-closed function correctly on closed stream
http: disallow >3-digit response codes
http: ignore content-length if any transfer-encoding is used
http_proxy: clear 'sending' when the outgoing request is sent
http_proxy: fix the User-Agent inclusion in CONNECT
http_proxy: fix user-agent and custom headers for CONNECT with hyper
http_proxy: only wait for writable socket while sending request
INTERNALS: bump c-ares requirement to 1.16.0
INTERNALS: c-ares has a new home: c-ares.org
lib: don't use strerror()
libcurl-errors.3: clarify two CURLUcode errors
limit-rate.d: clarify base unit
mailing lists: move from cool.haxx.se to lists.haxx.se
mbedtls: avoid using a large buffer on the stack
mbedTLS: initial 3.0.0 support
mbedtls_threadlock: fix unused variable warning
mksymbolsmanpage.pl: Fix showing symbol's last used version
mksymbolsmanpage.pl: match symbols case insenitively
multi: fix compiler warning with `CURL_DISABLE_WAKEUP`
ngtcp2: compile with the latest ngtcp2 and nghttp3
ngtcp2: fix build with ngtcp2 and nghttp3
ngtcp2: remove the acked_crypto_offset struct field init
ngtcp2: replace deprecated functions with nghttp3_conn_shutdown_stream_read
ngtcp2: reset the oustanding send buffer again when drained
ngtcp2: rework the return value handling of ngtcp2_conn_writev_stream
ngtcp2: stop buffering crypto data
ngtcp2: utilize crypto API functions to simplify
openssl: annotate SSL3_MT_SUPPLEMENTAL_DATA
openssl: when creating a new context, there cannot be an old one
opt-docs: make sure all man pages have examples
opt-docs: verify man page sections + order
opts docs: unify phrasing in NAME header
output.d: add method to suppress response bodies
page-header: add GOPHERS, simplify wording in the 1st para
progress: fix a compile warning on some systems
progress: make trspeed avoid floats
runtests: add option -u to error on server unexpectedly alive
schannel: Work around typo in classic mingw macro
scripts: invoke interpreters through /usr/bin/env
setopt: enable CURLOPT_IGNORE_CONTENT_LENGTH for hyper
strerror.h: remove the #include from files not using it
symbols-in-versions: fix CURLSSLBACKEND_QSOSSL last used version
test1138: remove trailing space to make work with hyper
test1173: check references to libcurl options
test1280: CRLFify the response to please hyper
test1565: fix windows build errors
test365: verify response with chunked AND Content-Length headers
tests/*server.pl: flush output before executing subprocess
tests/*server.py: remove pidfile on server termination
tests/runtests.pl: cleanup copy&paste mistakes and unused code
tests/server/*.c: align handling of portfile argument and file
tests: adjust the tftpd output to work with hyper mode
tests: be explicit about using 'python3' instead of 'python'
tests: enable test 1129 for hyper builds
tests: make three tests pass until 2037
tool/tests: fix potential year 2038 issues
tool_operate: Fix --fail-early with parallel transfers
url: fix compiler warning in no-verbose builds
urlapi.c:seturl: assert URL instead of using if-check
vtls: fix typo in schannel_verify.c
winbuild/README.md: clarify GEN_PDB option
wolfssl: clean up wolfcrypt error queue
write-out.d: clarify size_download/upload
x509asn1: fix heap over-read when parsing x509 certificates
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Update from 7.77.0 to 7.78.0
- Update of rootfile not required
- Changelog
Changes:
curl_url_set: reject spaces in URLs w/o CURLU_ALLOW_SPACE
CURLE_SETOPT_OPTION_SYNTAX: new error name for wrong setopt syntax
hostip: make 'localhost' return fixed values
mbedtls: add support for cert and key blob options
metalink: remove all support for it
mqtt: add support for username and password
Bugfixes:
--socks4[a]: clarify where the host name is resolved
ares: always store IPv6 addresses first
asyn-ares: remove check for 'data' in Curl_resolver_cancel
bearssl: explicitly initialize all fields of Curl_ssl
bearssl: remove incorrect const on variable that is modified
build: fix compiler warnings when CURL_DISABLE_VERBOSE_STRINGS
c-hyper: abort CONNECT response reading early on non 2xx responses
c-hyper: add support for transfer-encoding in the request
c-hyper: bail on too long response headers
c-hyper: clear NTLM auth buffer when request is issued
c-hyper: convert HYPERE_INVALID_PEER_MESSAGE to CURLE_UNSUPPORTED_PROTOCOL
c-hyper: fix NTLM on closed connection tested with test159
c-hyper: fix the uploaded field in progress callbacks
c-hyper: handle NULL from hyper_buf_copy()
c-hyper: support CURLINFO_STARTTRANSFER_TIME
c-hyper: support CURLOPT_HEADER
ccsidcurl: fix the compile errors
CI/cirrus: install impacket from PyPI instead of FreeBSD packages
CI: add bearssl build
CI: add Circle CI
CI: add jobs using Zuul
CI: delete --enable-hsts option (it is the default now)
CI: remove travis details
cleanup: spell DoH with a lowercase o
cmake: add CURL_DISABLE_NTLM option
cmake: avoid leaking absolute paths into exported config
cmake: fix IoctlSocket FIONBIO check
cmake: fix support for UnixSockets feature on Win32
cmake: remove libssh2 feature checks
cmake: try well-known send/recv signature for Apple
configure.ac: make non-executable
configure/cmake: remove checks for many unused functions
configure: add --disable-ntlm option
configure: disable RTSP when hyper is selected
configure: do not strip out debug flags
configure: fix nghttp2 library name for static builds
configure: inhibit the implicit-fallthrough warning on gcc-12
configure: rename get-easy-option configure option to get-easy-options
conn_shutdown: if closed during CONNECT cleanup properly
conncache: lowercase the hash key for better match
cookies: track expiration in jar to optimize removals
copyright: add boiler-plate headers to CI config files
crustls: bump crustls version and use new URL
curl.h: <sys/select.h> is supported by VxWorks7
curl.h: include sys/select.h for NuttX RTOS
curl: ignore blank --output-dir
curl_endian: remove the unused Curl_write64_le function
curl_multibyte: Remove local encoding fallbacks
Curl_ntlm_core_mk_nt_hash: fix OOM in error path
Curl_ssl_getsessionid: fail if no session cache exists
CURLOPT_WRITEFUNCTION.3: minor update of the example
docs/BINDINGS: fix outdated links
docs/examples: use curl_multi_poll() in multi examples
docs/INSTALL: remove mentions of configure --with-darwin-ssl
docs: document missing arguments to commands
docs: fix inconsistencies in EGDSOCKET documentation
docs: fix incorrect argument name reference
docs: Fix typos
docs: make docs for --etag-save match the program behaviour
docs: use --max-redirs instead of --max-redir
doh: (void)-prefix call to curl_easy_setopt
doh: fix wrong DEBUGASSERT for doh private_data
easy: during upkeep, attach Curl_easy to connections in the cache
examples/multi-single: fix scan-build warning
examples: length-limit two sscanf() uses of %s
examples: safer and more proper read callback logic
filecheck: quietly remove test-place/*~
formdata: avoid "Argument cannot be negative" warning
formdata: correct typecast in curl_mime_data call
GHA: add a linux-hyper job
GHA: add several libcurl tests to the hyper job
GHA: run the newly fixed tests with hyper
github: timeout jobs on macOS after 90 minutes
glob: pass an 'int' as len when using printf's %*s
gnutls: set the preferred TLS versions in correct order
GOVERNANCE: add 'user', 'committer' and 'contributor'
hostip: (macOS) free returned memory of SCDynamicStoreCopyProxies
hostip: bad CURLOPT_RESOLVE syntax now returns error
hsts: ignore numberical IP address hosts
HSTS: not experimental anymore
http2: clarify 'Using HTTP2' verbose message
http2: init recvbuf struct for pushed streams
http2_connisdead: handle trailing GOAWAY better
http: fix crash in rate-limited upload
http: make the haproxy support work with unix domain sockets
http_proxy: deal with non-200 CONNECT response with Hyper
hyper: propagate errors back up from read callbacks
HYPER: remove mentions of deprecated development branch
idn: fix libidn2 with windows unicode builds
infof: remove newline from format strings, always append it
lib: don't compare fd to FD_SETSIZE when using poll
lib: fix compiler warnings with CURL_DISABLE_NETRC
lib: fix type of len passed to *printf's %*s
lib: more %u for port and int for %*s fixes
lib: use %u instead of %ld for port number printf
libcurl-security.3: mention file descriptors and forks
libssh2: limit time a disconnect can take to 1 second
mbedtls: make mbedtls_strerror always work
mbedtls: Remove unnecessary include
mqtt: detect illegal and too large file size
mqtt: extend the error message for no topic
msnprintf: return number of printed characters excluding null byte
multi: add scan-build-6 work-around in curl_multi_fdset
multi: alter transfer timeout ordering
multi: do not switch off connect_only flag when closing
multi: fix crash in curl_multi_wait / curl_multi_poll
netrc: skip 'macdef' definitions
ngtcp2: disable TLSv1.3 compatible mode when using GnuTLS
openssl: avoid static variable for seed flag
openssl: don't remove session id entry in disassociate
pinnedpubkey.d: fix formatting for version support lists
proto.d: fix formatting for paragraphs after margin changes
quiche: use send() instead of sendto() to avoid macOS issue
Revert "c-hyper: handle body on HYPER_TASK_EMPTY"
Revert "ftp: Expression 'ftpc->wait_data_conn' is always false"
runtests: also find the last test in Makefile.inc
runtests: enable 'hyper mode' only for HTTP tests
runtests: init $VERSION to avoid warnings when using -l
runtests: parse data/Makefile.inc instead of using make
runtests: skip disabled tests unless -f is used
rustls: remove native_roots fallback
schannel: set ALPN length correctly for HTTP/2
SChannel: Use '_tcsncmp()' instead
sectransp: check for client certs by name first, then file
setopt: fix incorrect comments
socketpair: fix potential hangs
socks4: scan for the IPv4 address in resolve results
ssl: read pending close notify alert before closing the connection
sws: malloc request struct instead of using stack
telnet: fix option parser to not send uninitialized contents
test1116: hyper doesn't pass through "surprise-trailers"
test1147: hyper doesn't allow "crazy" request headers like built-in
test1151: added missing CRLF to work with hyper
test1216: adjusted for hyper mode
test1218: adjusted for hyper mode
test1230: adjust to work in hyper mode
test1340/1341: adjusted for hyper mode
test1438/1457: add HTTP keyword to make hyper mode work
test1514: add a CRLF to the response to make it correct
test1518: adjusted to work with hyper
test1519: adjusted to work with hyper
test1594/1595/1596: fix to work in hyper mode
test269: disable for hyper
test3010: work with hyper mode
test328: avoid a header-looking body to make hyper mode work
test339: CRLFify better to work in hyper mode
test347: CRLFify to work in hyper mode
test393: make Content-Length fit within 64 bit for hyper
test394: hyper returns a different error
test395: hyper cannot work around > 64 bit content-lengths like built-in
test433: adjust for hyper mode
test434: add HTTP keyword
test500: adjust to work with hyper mode
test566: adjust to work with hyper mode
test599: adjusted to work in hyper mode
test644: remove as duplicate of test 587
tests: fix Accept-Encoding strips to work with Hyper builds
TLS: prevent shutdown loops to get stuck
tool: make _lseeki64() macro work with the PellesC compiler
tool_help: document that --tlspassword takes a password
tool_help: remove unused define
url.c: remove two variable assigns that are never read
url: (void)-prefix a curl_url_get() call
url: bad CURLOPT_CONNECT_TO syntax now returns error
version: turn version number functions into returning void
vtls: exit addsessionid if no cache is inited
vtls: fix connection reuse checks for issuer cert and case sensitivity
vtls: only store TIMER_APPCONNECT for non-proxy connect
vtls: use free() not curl_free()
warnless: simplify type size handling
Win32: fix build with Watt-32
winbuild/README: VC should be set to 6 'or larger'
winbuild: support alternate nghttp2 static lib name
wolfssl: failing to set a session id is not reason to error out
write-out.d: clarify urlnum is not unique for de-globbed URLs
zuul: use the new rustls directory name
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Update from 7.76.1 to 7.77.0
- Update rootfile
- Changelog is too large to include here. It can be accesed at
https://curl.se/changes.html
There are 5 changes and 133 bug fixes of which 3 are related to CVE's
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 7.75.0 to 7.76.1
- Update of rootfile
- Changelog is too large to include here.
Full details can be found in the CHANGES file in the source tarball
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Hi,
For details see:
https://curl.haxx.se/changes.html
This came rather unexpected - if I'd known, I'd have waited with 7.63.0.
"Changes:
cookies: leave secure cookies alone
hostip: support wildcard hosts
http: Implement trailing headers for chunked transfers
http: added options for allowing HTTP/0.9 responses
timeval: Use high resolution timestamps on Windows
Bugfixes:
CVE-2018-16890: NTLM type-2 out-of-bounds buffer read
CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow
CVE-2019-3823: SMTP end-of-response out-of-bounds read
FAQ: remove mention of sourceforge for github
OS400: handle memory error in list conversion
OS400: upgrade ILE/RPG binding.
README: add codacy code quality badge
Revert http_negotiate: do not close connection
THANKS: added several missing names from year <= 2000
build: make 'tidy' target work for metalink builds
cmake: added checks for variadic macros
cmake: updated check for HAVE_POLL_FINE to match autotools
cmake: use lowercase for function name like the rest of the code
configure: detect xlclang separately from clang
configure: fix recv/send/select detection on Android
configure: rewrite --enable-code-coverage
conncache_unlock: avoid indirection by changing input argument type
cookie: fix comment typo
cookies: allow secure override when done over HTTPS
cookies: extend domain checks to non psl builds
cookies: skip custom cookies when redirecting cross-site
curl --xattr: strip credentials from any URL that is stored
curl -J: refuse to append to the destination file
curl/urlapi.h: include "curl.h" first
curl_multi_remove_handle() don't block terminating c-ares requests
darwinssl: accept setting max-tls with default min-tls
disconnect: separate connections and easy handles better
disconnect: set conn->data for protocol disconnect
docs/version.d: mention MultiSSL
docs: fix the --tls-max description
docs: use $(INSTALL_DATA) to install man page
docs: use meaningless port number in CURLOPT_LOCALPORT example
gopher: always include the entire gopher-path in request
http2: clear pause stream id if it gets closed
if2ip: remove unused function Curl_if_is_interface_name
libssh: do not let libssh create socket
libssh: enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION for libssh
libssh: free sftp_canonicalize_path() data correctly
libtest/stub_gssapi: use "real" snprintf
mbedtls: use VERIFYHOST
multi: multiplexing improvements
multi: set the EXPIRE_*TIMEOUT timers at TIMER_STARTSINGLE time
ntlm: fix NTMLv2 compliance
ntlm_sspi: add support for channel binding
openssl: adapt to 3.0.0, OpenSSL_version_num() is deprecated
openssl: fix the SSL_get_tlsext_status_ocsp_resp call
openvms: fix OpenSSL discovery on VAX
openvms: fix typos in documentation
os400: add a missing closing bracket
os400: fix extra parameter syntax error
pingpong: change default response timeout to 120 seconds
pingpong: ignore regular timeout in disconnect phase
printf: fix format specifiers
runtests.pl: Fix perl call to include srcdir
schannel: fix compiler warning
schannel: preserve original certificate path parameter
schannel: stop calling it "winssl"
sigpipe: if mbedTLS is used, ignore SIGPIPE
smb: fix incorrect path in request if connection reused
ssh: log the libssh2 error message when ssh session startup fails
test1558: verify CURLINFO_PROTOCOL on file:// transfer
test1561: improve test name
test1653: make it survive torture tests
tests: allow tests to pass by 2037-02-12
tests: move objnames-* from lib into tests
timediff: fix math for unsigned time_t
timeval: Disable MSVC Analyzer GetTickCount warning
tool_cb_prg: avoid integer overflow
travis: added cmake build for osx
urlapi: Fix port parsing of eol colon
urlapi: distinguish possibly empty query
urlapi: fix parsing ipv6 with zone index
urldata: rename easy_conn to just conn
winbuild: conditionally use /DZLIB_WINAPI
wolfssl: fix memory-leak in threaded use
spnego_sspi: add support for channel binding"
Best,
Matthias
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Most of these files still used old dates and/or domain names for contact
mail addresses. This is now replaced by an up-to-date copyright line.
Just some housekeeping... :-)
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Update curl to 7.59.0 which fixes a number of bugs and
some minor security issues.
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
curl did not find the certificate bundle so that server
certificates could not be verified.
Fixes#10995
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
