bpfire

mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-16 05:53:00 +02:00

Author	SHA1	Message	Date
Adolf Belka	b1be6000fe	curl: Update to version 8.9.1 - Update from version 8.8.0 to 8.9.1 - Update of rootfile - Changelog 8.9.1 Bugfixes: cmake: detect `libssh` via `pkg-config` cmake: detect `nettle` when building with GnuTLS cmake: drop `if(PKG_CONFIG_FOUND)` guard for `pkg_check_modules()` configure: limit `__builtin_available` test to Darwin connect: fix connection shutdown for event based processing contrithanks.sh: use -F with -v to match lines as strings curl: more defensive socket code for --ip-tos CURLOPT_SSL_CTX_FUNCTION.md: mention CA caching CURLSHOPT_SHARE.md: mention sessions/cookies as not thread-safe example/multi-uv: remove the use of globals ftpserver.pl: make POP3 LIST serve content from the test file GHA/windows: increase timeout for vcpkg build step lib: survive some NULL input args macos: fix Apple SDK bug workaround for non-macOS targets misc: cleanup after removing years from copyright os400: build cli manual. os400: workaround an IBM ASCII run-time library bug RELEASE-PROCEDURE.md: remove the initial build step runtests: fold timing details with GHA, sync `-r` tflags tests: provide FTP directory contents in the test file tidy-up: URL updates TODO: thread-safe sharing transfer: speed limiting fix for 32bit systems vtls: avoid forward declaration in MultiSSL builds wolfSSL: allow wolfSSL's implementation of kyber to be used wolfssl: avoid calling get_cached_x509_store if store is uncachable wolfssl: CA store share fix x509asn1: unittests and fixes for gtime2str 8.9.0 Changes: curl: add --ip-tos (IP Type of Service / Traffic Class) curl: add --mptcp curl: add --vlan-priority curl: add -w '%{num_retries}' gnutls: support CA caching mbedtls: support CURLOPT_CERTINFO noproxy: patterns need to be comma separated socket: support binding to interface AND IP tcpkeepalive: add CURLOPT_TCP_KEEPCNT and --keepalive-cnt urlapi: add CURLU_NO_GUESS_SCHEME wolfssl: support CA caching Bugfixes: (lib)curl.rc: set debug flag also for `CURLDEBUG` and `UNITTESTS` asyn-thread: avoid using GetAddrInfoExW with impersonation aws-sigv4: url encode the canonical path BINDINGS: update java link to one that exists build: add Debug, TrackMemory, ECH to feature list build: add more supported attributes to the IAR compiler build: fix llvm 16 or older + Xcode 15 or newer, and gcc build: fix llvm 17 and older + macOS SDK 14.4 and newer build: sync warning options between autotools, cmake & compilers build: tidy up `__builtin_available` feature checks (Apple) build: untangle `CURLDEBUG` and `DEBUGBUILD` macros build: use `#error` instead of invalid syntax cd2nroff: convert two warnings to errors cd2nroff: use an empty "##" to signal end of .IP sequence cf-socket: improve SO_SNDBUF update for Winsock cf-socket: optimize curlx_nonblock() and check its return error cf-socket: remove obsolete recvbuf cf-socket: remove two "useless" assignments cfilters: make Curl_conn_connect always assign 'done' cmake: add CURL_USE_GSASL option with detection + CI test cmake: allow `ENABLE_CURLDEBUG=OFF` with `ENABLE_DEBUG=ON` cmake: allow SOVERSION override with `CURL_LIBCURL_SOVERSION` cmake: alpha-sort feature list cmake: always build unit tests with the `testdeps` target cmake: bring `curl-config.cmake` closer to `FindCURL` cmake: create `configurehelp.pm` like autotools does cmake: delete unused `HAVE_LIBSSH2`, `HAVE_LIBSOCKET` macros cmake: detect `libidn2` also via `pkg-config` cmake: enable SOVERSION for Cygwin and `CMAKE_DLL_NAME_WITH_SOVERSION` cmake: fix `-Wredundant-decls` in unity/mingw-w64 builds cmake: fix brotli lib order cmake: fix building `unit1600` due to missing `ssl/openssl.h` cmake: fix building in unity mode cmake: fix building with both md4 and md5 in unity mode cmake: fix builds with detected libidn2 lib but undetected header cmake: fix feature and protocol lists for SecureTransport cmake: fix quotes when appending multiple options (SecureTransport) cmake: fix test 1013 with websockets enabled and no TLS cmake: improve wolfSSL detection cmake: show protocols, then features cmake: stop setting SOVERSION for the static lib target cmake: sync CA bundle/path detection with autotools cmake: sync protocol/feature list with `curl -V` output cmake: use `APPLE` instead of `CMAKE_SYSTEM_NAME` string cmake: whitespace, formatting/tidy-up in comments cmdline-docs: "added in" cleanups cmdline-docs: fix `--proxy-ca-native` example + tidy-ups cmdline-opts/_PROTOCOLS.md: mention WS(S) cmdline-opts/ech.md: shorten the help text cmdline-opts/fail.md: expand and clarify cmdline-opts/interface.md: expand the documentation cmdline-opts: category cleanup cmdline-opts: expand the parallel explanations cmdline-opts: shorten six help texts cmdline: expand proxy option explanations code: language cleanup in comments configure: CA bundle/path detection fixes configure: fix `SystemConfiguration` detection configure: fix pkg-config library name 'libnghttp3' configure: fix pkg-config names (zstd, ngtcp2) configure: limit `SystemConfiguration` test to non-c-ares, IPv6 builds configure: remove 'deeper' checks for `AC_CHECK_FUNCS` configure: require a QUIC library if nghttp3 is used configure: sort feature list, lowercase protocols, use backticks configure: use `$EGREP` in place of `grep -E` configure: use AC_MSG_WARN for TLS/experimental warning texts connect-to.md: expand with examples connection: shutdown TLS (for FTP) better cookie-jar.md: see also --junk-session-cookies curl-config: revert to backticks to support old target envs curl: allow etag and content-disposition for 3xx reply curl: bsearch the --write-out variable name curl: check for --disable case sensitively* curl: list categories in --help curl: make warnings and other messages aware of terminal width curl: output "flying saucers" with leading carriage return curl_easy_escape: elaborate a little on encoding a URL curl_mprintf.md: add missing comma curl_multi_poll.md: expand the example with an custom file descriptor curl_str[n]equal.md: tidy up text to make them stand-alone curl_url_set.md: libcurl only parses :// URLs curl_url_set: elaborate on scheme guessing curldown: make 'added-in:' a mandatory header field CURLOPT_CONNECTTIMEOUT: clarify, document the milliseond version CURLOPT_ECH.md: remove repeated 'if' CURLOPT_NETRC.md: clarify what it does on Windows CURLOPT_RESOLVE.md: mention hostname can be wildcard ('') CURLOPT_SSL_VERIFYHOST.md: refresh CURLOPT_TLSAUTH_PASSWORD/USERNAME.md: language fixups DISTROS: add a link to the list archive DISTROS: add AlmaLinux package source link DISTROS: add MSYS2 (native) links docs/cmdline-opts: fix mail-auth example TLD typo docs/cmdline-opts: remove two superfluous "Added in" mentions docs/libcurl: polish the single-line descriptions docs/Makefile.am: make curl-config.1 install docs: reference non deprecated libcurl options docs: start markdown headers with capital letter where applicable doh-insecure.md: expand doh: fix cleanup doh: fix leak and zero-length HTTPS RR crash dump-header.md: mention minus for stdout examples/threaded-ssl: remove locking callback code examples: add missing binaries to .gitignore examples: delete unused includes examples: fix compiling with MSVC examples: suppress deprecation warnings locally FEATURES.md: refresh file: separate fake headers and body with a stand-alone CRLF ftp: remove redundant null pointer check in loop condition get.d: clarify the explanation GHA/windows: add MSVC wolfSSL job with test GHA/windows: ignore FTP test results for old-mingw-w64 GHA: add MSVC UWP job, expand jobs with more options GHA: detect and warn for more English contractions GHA: disable MQTT and WebSocket tests in Windows jobs GHA: disable TFTP tests in Windows jobs GHA: enable tests 1139, 1177, 1477 on Windows GHA: improve vcpkg cache, add BoringSSL ECH and LibreSSL MSVC jobs GHA: unify http3 workflows into one GHA: use vcpkg to install packages for MSVC jobs GIT-INFO.md: remove version requirements gnutls: improve TLS shutdown gnutls: pass in SNI name, not hostname when checking cert help: add flags to output and ssh categories hostip: skip error check for infallible function call http/3: add shutdown support http/3: resume upload on ack if we have more data to send http: remove "struct HTTP" http: write last header line late idn: fix ß with AppleIDN idn: make macidn fail before trying conversion if name too long idn: tweak buffer use when converting with macidn lib/v: tidy up types and casts lib: add a few DEBUGASSERT(data) to aid code analyzers lib: add failure reason on bind errors lib: fix gcc warning in certain debug builds lib: fix thread entry point to return `DWORD` on WinCE lib: graceful connection shutdown lib: prefer `var = time(NULL)` over `time(&var)` lib: tidy up types and casts lib: xfer_setup and non-blocking shutdown libcurl-docs: make option lists alpha-sorted libcurl-easy.md: now more* than 300 options libcurl.pc: add `Requires.private`, `Requires` for static linking libcurl.pc: add more `Requires.private`/`Requires` dependencies libssh: remove CURLOPT_SSL_VERIFYHOST check macos: add workaround for gcc, non-c-ares, IPv6, compile error macos: undo `availability` macro enabled by Homebrew gcc managen: "added in" fixes managen: cleanups to generate nicer-looking output managen: error on trailing blank lines in input files managen: fix removing backticks from subtitles managen: insert final .fi for files ending with a quote managen: introduce "Multi: per-URL" managen: only output .RE for manpage output managen: output tabs for each 8 leading spaces managen: warn on excessively long help texts MANUAL.md: wrap two example urls that overrun styling mbedtls: check version before getting tls version mbedtls: check version for cipher id mbedtls: correct the error message for cert blob parsing failure mbedtls: send close-notify on close mbedtls: v3.6.0 workarounds md4: fix compilation with OpenSSL 1.x with md4 disabled misc: fix typos mk-ca-bundle.pl: delay 'curl -V' execution until it is needed multi: add multi->proto_hash, a key-value store for protocol data multi: do a final progress update on connect failure multi: fix multi_wait() timeout handling multi: fix pollset during RESOLVING phase multi: multi_getsock(), check correct socket ngtcp2+quictls: fix cert-status use noproxy: test bad ipv6 net size first openssl/gnutls: rectify the TLS version checks for QUIC openssl: fix %-specifier in infof() call openssl: fix hostname handling when using ECH openssl: stop duplicate ssl key logging for legacy OpenSSL os400: make it compilable again pytest: add ftp upload tests pytest: include testenv/vsftpd.py in dist tarball quic: enable UDP GRO quic: openssl quic, cmake and doc version update to 3.3.0 quic: require at least OpenSSL 3.3 for QUIC quic: update to quiche 0.22.0 quiche: fix operand of ‘?:’ changes signedness request.md: language fix request: change the struct field bodywrites to a bool, only for hyper reuse: switch to REUSE 3.2 and REUSE.toml runtests: show name and keywords for failed tests in summary runtests: sort test IDs in summary lines runtests: support %DATEfor YYYY-MM-DD of right now runtests: support %VERNUM runtests: support crlf="yes" for the <stderr> section sectransp: fix `HAVE_BUILTIN_AVAILABLE` checks to not emit warnings sectransp: fix clang compiler warnings, stop silencing them sectransp: remove large cipher table sectransp: use common code for cipher suite lookup sendf: fix CRLF conversion of input smtp: for starttls, do full upgrade socket: change TCP keepalive from ms to seconds on DragonFly BSD socket: use SOCK_NONBLOCK to eliminate extra system call socketpair: add `eventfd` and use `SOCK_NONBLOCK` for `socketpair()` src/Makefile.am: remove SUBDIRS assignment system_win32: add missing curl.h include tcpkeepalive: support TCP keep-alive parameters on Solaris <11.4 test1119: adapt for `.md` input test1139: scan .md files instead of .3 ones test1175: scan libcurl-errors.md, not the generated .3 version test1486: verify that write-out.md and tool_writeout.c are in sync test2600: disable on win32 test: add test1484, for HEAD with content test: add test1546, chunked not last transfer encoding tests/scripts: call it 'manpage' (single word) tests: add pytest for --ciphers and --tls13-ciphers options tests: delete `CharConv` remains tests: delete redundant `!MSDOS` guard tests: extend user/password parsing test1620 tests: fix sshd IdentityFile path for MinGW/Cygwin tests: fix sshd UserKnownHostsFile path for MinGW/Cygwin tests: include current directory when running test Perl commands tests: log "Throwing away" messages before throwing away tests: run with "--trace-config all" to provide even more info tests: sync feature names with `curl -V` tests: test_17_ssl_use.py clarify mbedTLS TLSv1.3 support tests: use exec when spawning nghttpx tidy-up: use consistent casing for Windows directories TODO: remove some old, clarify, add something tool_cb_hdr: return error for failed header writes tool_operate: avoid explicitly setting verifypeer to 1 tool_operate: simplify return code handling from url_proto() tool_writeout: get certinfo only when needing it trace-ascii.md: mention "%" for stderr transfer: avoid polling socket every transfer loop transfer: conn close on paused upload transfer: do not use EXPIRE_NOW while blocked transfer: remove curl_upload_refill_watermark, no longer used transfer: set CSELECT_IN if there is data pending unit2604: use 'unitfail' instead of 'error' variable url: allow DoH transfers to override max connection limit urlapi: remove unused definition of HOST_BAD variable.md: make example use expand verify-synopsis.pl: work with .md files vms: fixed language in comment vtls: deprioritize Secure Transport vtls: replace addsessionid with set_sessionid winbuild: fix PE version info debug flag winbuild: MS-DOS batch tidy-ups winbuild: remove outdated WIN32 defines windows: fix UWP builds, add GHA job winsock: move SO_SNDBUF update into cf-socket wolfssl: assume key_file equal to clientcert if no key_file wolfssl: use larger error buffer when formatting errors x509asn1: add some common ECDSA OIDs x509asn1: ASN1tostr() should fail when 'constructed' is set x509asn1: fallback to dotted OID representation x509asn1: make Curl_extract_certinfo store error message x509asn1: prevent NULL dereference x509asn1: remove superfluous free() x509asn1: remove two static variables Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2024-08-14 09:07:56 +00:00
Adolf Belka	4748e517ea	curl: Update to version 8.8.0 - Update from version 8.2.1 to 8.8.0 - Update of rootfile - Removal of patch as the content now included in the source tarball. - Changelog 8.8.0 Changes: curl_version_info: provide librtmp version file: add support for directory listings idn: add native AppleIDN (icucore) support for macOS/iOS lib: add curl_multi_waitfds mbedTLS: implement CURLOPT_SSL_CIPHER_LIST option NTLM_WB: drop support TLS: add support for ECH (Encrypted Client Hello) urlapi: add CURLU_GET_EMPTY for empty queries and fragments Bugfixes: appveyor: drop unnecessary `--clean-first` cmake option appveyor: guard against crash-build with VS2008 appveyor: make gcc 6 mingw64 job build-only asyn-thread: fix curl_global_cleanup crash in Windows asyn-thread: fix Curl_thread_create result check autotools: delete unused functions autotools: fix `HAVE_IOCTLSOCKET_FIONBIO` test for gcc 14 autotools: only probe for SGI MIPS compilers on IRIX bearssl: fix compiler warnings bearssl: use common code for cipher suite lookup bufq: remove duplicate word in comment BUG-BOUNTY.md: clarify the third party situation build: prefer `USE_IPV6` macro internally (was: `ENABLE_IPV6`) build: remove MacOSX-Framework script cd2nroff/manage: use UTC when SOURCE_DATE_EPOCH is set cf-https-connect: use timeouts as unsigned ints cf-socket: don't try getting local IP without socket cf-socket: remove references to l_ip, l_port ci: add curl-for-win builds: Linux MUSL, macOS, Windows cmake: add `BUILD_EXAMPLES` option to build examples cmake: add librtmp/rtmpdump option and detection cmake: check fseeko after detecting HAVE_FILE_OFFSET_BITS cmake: do not pass linker flags to the static library tool cmake: enable `-pedantic-errors` for clang when `CURL_WERROR=ON` cmake: FindNGHTTP2 add static lib name to find_library call cmake: fix `CURL_WERROR=ON` for old CMake and use it in GHA/linux-old cmake: fix `HAVE_IOCTLSOCKET_FIONBIO` test with gcc 14 cmake: fixup `DEPENDS` filename cmake: forward `USE_LIBRTMP` option to C cmake: generate misc manpages and install `mk-ca-bundle.pl` cmake: initialize `BUILD_TESTING` before first use cmake: speed up libcurl doc building again cmake: tidy-up to use `WORKING_DIRECTORY` cmake: use namespaced custom target names cmdline-docs: fix make install with configure --disable-docs configure: error on missing perl if docs or manual is enabled configure: make --disable-docs imply --disable-manual content_encoding: brotli and others, pass through 0-length writes content_encoding: ignore duplicate chunked encoding content_encoding: reject transfer-encoding after chunked contrithanks: honor `CURLWWW` variable curl-confopts.m4: define CARES_NO_DEPRECATED when c-ares is used curl.h: change CURL_SSLVERSION_* from enum to defines curl: make --help adapt to the terminal width curl: use curl_getenv instead of the curlx_ version Curl_creader_read: init two variables to avoid using them uninited curl_easy_pause.md: use correct defines in example curl_getdate.md: document two-digit year handling curl_global_trace.md: shorten the description curl_multibyte: remove access() function wrapper for Windows curl_path: make Curl_get_pathname use dynbuf curl_setup.h: add support for IAR compiler curl_setup.h: detect 'inline' support curl_sha512_256: do not use workaround for NetBSD when not needed curl_sha512_256: fix detection of OpenSSL 1.1.1 or later curl_url_get.md: clarify queries and fragments and CURLU_GET_EMPTY CURLINFO_REQUEST_SIZE: fixed, add tests for transfer infos reported CURLOPT_WRITEFUNCTION.md: fix the callback proto in the example cw-out: improved error handling DEPRECATE.md: TLS libraries without 1.3 support digest: replace strcpy for empty string with simple assignment dist: `set -eu`, fix shellcheck, make reproducible and smaller tarballs dist: add files missing from release tarball dist: add reproducible dir entries to tarballs dist: do not require Perl in `maketgz` dist: remove the curl-config.1 from the tarball dist: verify tarball reproducibility in CI DISTROS: add patch and issues link for curl-for-win DISTROS: Cygwin updates dllmain: Call OpenSSL thread cleanup for Windows and Cygwin doc: pytest `--repeat` -> `--count` docs/cmdline-opts: invoke managen using a relative path docs/cmdline-opts: mention STARTTLS for --ssl and --ssl-reqd docs: add CURLOPT_NOPROGRESS to CURLOPT_XFERINFOFUNCTION example docs: clarify CURLOPT_MAXFILESIZE and CURLOPT_MAXFILESIZE_LARGE docs: fix some CURLINFO examples doh: fix typo in comment doh: remove unused function prototype dynbuf: fix returncode on memory error examples: fix/silence `-Wsign-conversion` EXPERIMENTAL: add graduation requirements for each feature file: remove useless assignment ftp: add tracing support ftp: fix build for CURL_DISABLE_VERBOSE_STRINGS ftp: fix socket leak on rare error GHA: add NetBSD, OpenBSD, FreeBSD/arm64 and OmniOS jobs GHA: add shellcheck job and fix warnings, shell tidy-ups GHA: add valgrind to a wolfSSL build GHA: on macOS remove $HOME/.curlrc GHA: pin dependencies gnutls: lazy init the trust settings h3/ngtcp2: improve error handling hash: change 'slots' to size_t from int hash: delete unused debug function hsts: explicitly skip blank lines hsts: remove single-use single-line function http tests: in CI skip test_02_23* for quiche http2 + ngtcp2: pass CURLcode errors from callbacks http2, http3: decouple stream state from easy handle http2: emit RST when client write fails http3: quiche+ngtcp2 improvements http: acknowledge a returned error code http: HEAD response body tolerance http: reject HTTP major version switch mid connection http: remove redundant check http: with chunked POST forced, disable length check on read callback http_aws_sigv4: remove useless assignment idn: make Curl_idnconvert_hostname() use Curl_idn_decode() if2ip: make the buf_size arg a size_t INSTALL-CMAKE.md: explain `cmake -G <generator-name>` krb5: use dynbuf ldap: fix unused variables (seen on OmniOS) lib/cf-h1-proxy: silence compiler warnings (gcc 14) lib: add trace support for client reads and writes lib: bump hash sizes to `size_t` lib: clear the easy handle's saved errno before transfer lib: fix compiler warnings (gcc) lib: make protocol handlers store scheme name lowercase lib: merge `ENABLE_QUIC` C macro into `USE_HTTP3` lib: remove two instances of "only only" messages lib: silence `-Wsign-conversion` in base64, strcase, mprintf lib: silence warnings on comma misuse lib: use `#error` instead of invalid syntax in `curl_setup_once.h` lib: use multi instead of multi_easy for the active multi libcurl-opts: mention pipelining less libssh2: delete redundant feature guard libssh2: replace `access()` with `stat()` libssh2: set length to 0 if strdup failed m4: fix rustls pkg-config codepath MAIL-ETIQUETTE: convert to markdown makefile: remove the sorting from the vc-ide action maketgz: put docs/RELEASE-TOOL.md into the tarball managen: fix the option sort order mbedtls: call mbedtls_ssl_setup() after RNG callback is set mbedtls: cut off trailing newlines from debug logs mbedtls: fix building with v3 in CMake Unity mode mbedtls: support TLS 1.3 mime: avoid using access() misc: fix typos misc: fix typos, quoting and spelling mprintf: check fputc error rather than matching returned character mqtt: when Curl_xfer_recv returns error, don't use nread multi: avoid memory-leak risk multi: introduce SETUP state for better timeouts multi: multi_wait improvements multi: remove the unused Curl_preconnect function multi: remove useless assignment multi: timeout handles even without connection openldap: create ldap URLs correctly for IPv6 addresses openssl: do not set SSL_MODE_RELEASE_BUFFERS openssl: revert keylog_callback support for LibreSSL OS400: fix shellcheck warnings in scripts projects: drop MSVC project files for recent versions pytest: add DELETE tests, check server version pytest: fixes for recent python, add FTP tests quic: fixup duplicate static function name (for cmake unity) quiche: expire all active transfers on connection close quiche: trust its timeout handling RELEASE-PROCEDURE: mention an initial working build request: make Curl_req_init return void request: paused upload on completed download, assess connection reuse: add copyright + license info to individual docs/.md files ROADMAP: remove completed entries, mention websocket rustls: fix handshake done handling rustls: fix partial send handling rustls: remove incorrect SSLSUPP_TLS13_CIPHERSUITES flag rustsls: fix error code on receive sendf: fix two typos in comments sendf: useless assignment in cr_lc_read() setopt: acknowledge errors proper for CURLOPT_COOKIEJAR setopt: make the setstropt_userpwd args compulsory setopt: remove check for 'option' that is always true setopt: warn on Curl_setopt() uses not using the return value smtp: result of Curl_bufq_cread was not used socket: remove redundant call to getsockname socketpair: fix compilation when USE_UNIX_SOCKETS is not defined src: tidy up types, add necessary casts telnet: check return code from fileno() tests/http: fix compiler warning tests: add -q as first option when invoking curl for tests tests: check caddy server version to match test expectations tests: enable test 1117 for hyper tests: fix feature case in test1481 tests: fix test 1167 to skip digit-only symbols tests: make the unit test result type `CURLcode` tests: Mark tftpd timer function as noreturn tests: tidy up types in server code tls: fix SecureTransport + BearSSL cmake unity builds tls: remove EXAMPLEs from deprecated options tls: use shared init code for TCP+QUIC tool: move tool_ftruncate64 to tool_util.c tool_cb_rea: limit rate unpause for -T . uploads tool_cfgable: free {proxy_}cipher13_list on exit tool_getparam: output warning for leading unicode quote character tool_getparam: remove two redundant conditions tool_operate: don't truncate the etag save file by default tool_operate: init vars unconditionally in post_per_transfer tool_paramhlp: remove duplicate assign tool_xattr: "guess" URL scheme if none is provided tool_xattr: in debug builds, act normally if CURL_FAKE_XATTR is not set transfer: remove useless assignment url: do not URL decode proxy crendentials url: fix use of an uninitialized variable url: make parse_login_details use memdup0 url: remove duplicate call to Curl_conncache_remove_conn when pruning urlapi: allow setting port number zero urlapi: fix relative redirects to fragment-only urldata: remove fields not used depending on used features vauth: make two functions void that always just returned OK version: use msnprintf instead of strncpy vquic-tls: use correct cert name check API for wolfSSL vquic: use CURL_FORMAT_CURL_OFF_T for 64 bit printf output vtls: TLS session storage overhaul wakeup_create: use FD_CLOEXEC/SOCK_CLOEXEC warnless: delete orphan declarations websocket: avoid memory leak in error path winbuild: add ENABLE_WEBSOCKETS option winbuild: use $(RC) correctly wolfssl: plug memory leak in wolfssl_connect_step2() x509asn1: return error on missing OID 8.7.1 Bugfixes: Fixed empty tool_hugehelp.c file 8.7.0 Changes: configure: add --disable-docs flag CURLINFO_USED_PROXY: return bool whether the proxy was used digest: support SHA-512/256 DoH: add trace configuration write-out: add '%{proxy_used}' Bugfixes: ALTSVC.md: correct a typo asyn-ares: fix data race warning asyn-thread: use wakeup_close to close the read descriptor badwords: use hostname, not host name BINDINGS: add mcurl, the python binding bufq: writing into a softlimit queue cannot be partial c-hyper: add header collection writer in hyper builds cd2nroff: gen: make `\>` in input to render as plain '>' in output cd2nroff: remove backticks from titles checksrc.pl: fix handling .checksrc with CRLF cmake: add USE_OPENSSL_QUIC support cmake: add warning for using TLS libraries without 1.3 support cmake: enable `ENABLE_CURL_MANUAL` by default cmake: fix `CURL_WINDOWS_SSPI=ON` with Schannel disabled cmake: fix function description in comment cmake: fix install for older CMake versions cmake: fix libcurl.pc and curl-config library specifications cmdline-docs/Makefile: avoid using a fixed temp file name cmdline-docs: quote and angle bracket cleanup cmdline-opts/_EXITCODES: sync with libcurl-errors cmdline-opts/_VARIABLES.md: improve the description cmdline-opts/_VERSION: provide %VERSION correctly cmdline-opts: shorter help texts configure: add pkg-config support to rustls detection configure: add warning for using TLS libraries without 1.3 support configure: build & install shell completions when enabled configure: do not link with nghttp3 unless necessary configure: Don't build shell completions when disabled configure: Don't make shell completions without perl configure: find libpsl with pkg-config connect.c: fix typo CONTRIBUTE: update the section on documentation format cookie.md: provide an example sending a fixed cookie cookie: if psl fails, reject the cookie curl: exit on config file parser errors curl: make --libcurl output better CURLOPT_SSLVERSION curl: when allocating variables, add the name into the struct curl_setup.h: add curl_uint64_t internal type curldown: fix email address in Copyright CURLMOPT_MAX: mention what happens if changed mid-transfer CURLOPT_INTERFACE.md: remove spurious amp, add see-also CURLOPT_POSTQUOTE.md: fix typo CURLOPT_SSL_CTX_FUNCTION.md: no promises of lifetime after return CURLOPT_WRITEFUNCTION.md: typo fix digest: add check for hashing error dist: make sure the http tests are in the tarball DISTROS: add document with distro pointers docs/libcurl: add TLS backend info for all TLS options docs/libcurl: generate PROTOCOLS from meta-data docs: add missing slashes to SChannel client certificate documentation docs: add necessary setup for nghttp3 docs: ascii version of manpage without nroff docs: dist curl.1 and install without perl docs: make curldown do angle brackets like markdown docs: make each libcurl man specify protocol(s) docs: make sure curl.1 is included in dist tarballs docs: update minimal binary size in INSTALL.md docs: use present tense examples: use present tense in comments file: use xfer buf for file:// transfers fopen: fix narrowing conversion warning on 32-bit Android form-string.md: correct the example ftp: do lineend conversions in client writer ftp: fix socket wait activity in ftp_domore_getsock ftp: tracing improvements ftp: treat a 226 arriving before data as a signal to read data gen.pl: make the "manpageification" faster gen: make `\>` in input to render as plain '>' in output getparam: make --ftp-ssl work again GHA/linux: add sysctl trick to work-around GitHub runner issue GIT-INFO: convert to markdown GOVERNANCE: document the core team header.md: remove backslash, make nicer markdown HTTP/2: write response directly http2, http3: return CURLE_PARTIAL_FILE when bytes were received http2: fix push discard http2: memory errors in the push callbacks are fatal http2: minor tweaks to optimize two struct sizes http2: push headers better cleanup http2: remove the third (unused) argument from http2_data_done() HTTP3.md: adjust the OpenSSL QUIC install instructions http: better error message for HTTP/1.x response without status line http: improve response header handling, save cpu cycles http: move headers collecting to writer http: remove stale comment about rewindbeforesend http: separate response parsing from response action http_chunks: fix the accounting of consumed bytes http_chunks: remove unused 'endptr' variable https-proxy: use IP address and cert with ip in alt names hyper: implement unpausing via client reader ipv6.md: mention IPv4 mapped addresses KNOWN_BUGS: POP3 issue when reading small chunks lib1598: fix `CURLOPT_POSTFIELDSIZE` usage lib582: remove code causing warning that is never run lib: add `void ctx` to reader/writer instances lib: convert Curl_get_line to use dynbuf lib: Curl_read/Curl_write clarifications lib: enhance client reader resume + rewind lib: initialize output pointers to NULL before calling strto[ff,l,ul] lib: keep conn IP information together lib: move 'done' parameter to SingleRequests lib: remove curl_mimepart object when CURL_DISABLE_MIME libcurl-docs: cleanups libcurl-security.md: Active FTP passes on the local IP address libssh/libssh2: return error on too big range MANUAL.md: fix typo mbedtls: fix building when MBEDTLS_X509_REMOVE_INFO flag is defined mbedtls: fix pytest for newer versions mbedtls: properly cleanup the thread-shared entropy mbedtls: use mbedtls_ssl_conf_{min\|max}_tls_version md4: include strdup.h for the memdup proto mime: add client reader misc: fix typos in docs and lib mkhelp: simplify the generated hugehelp program mprintf: fix format prefix I32/I64 for windows compilers multi: add xfer_buf to multi handle multi: fix multi_sock handling of select_bits multi: make add_handle free any multi_easy ngtcp2: no recvbuf for stream ntml_wb: fix buffer type typo OpenSSL QUIC: adapt to v3.3.x openssl-quic: check on Windows that socket conv to int is possible openssl-quic: fix BIO leak and Windows warning openssl-quic: fix unity build, casing, indentation OS400: avoid using awk in the build scripts paramhlp: fix CRLF-stripping files with "-d @file" proxy1.0.md: fix example pytest: adapt to API change request: clarify message when request has been sent off rustls: make curl compile with 0.12.0 schannel: fix hang on unexpected server close scripts: fix cijobs.pl for Azure and GHA sendf: ignore response body to HEAD setopt: fix check for CURLOPT_PROXY_TLSAUTH_TYPE value setopt: fix disabling all protocols sha512_256: add support for GnuTLS and OpenSSL smtp: fix STARTTLS SPONSORS: describe the basics strtoofft: fix the overflow check test 1541: verify getinfo values on first header callback test1165: improve pattern matching tests: support setting/using blank content env variables TIMER_STARTTRANSFER: set the same for everyone TLS: start shutdown only when peer did not already close TODO: update 13.11 with more information tool_cb_hdr: only parse etag + content-disposition for 2xx tool_getparam: accept a blank -w "" tool_getparam: handle non-existing (out of range) short-options tool_operate: change precedence of server Retry-After time tool_operate: do not set CURLOPT_QUICK_EXIT in debug builds trace-config.md: remove the mutexed options list transfer.c: break receive loop in speed limited transfers transfer: improve Windows SO_SNDBUF update limit urldata: move authneg bit from conn to Curl_easy version: allow building with ancient libpsl vquic-tls: fix the error code returned for bad CA file vtls: fix tls proxy peer verification vtls: revert "receive max buffer" + add test case VULN-DISCLOSURE-POLICY.md: update detail about CVE requests websocket: fix curl_ws_recv() wolfSSL: do not call the stub function wolfSSL_BIO_set_init() write-out.md: clarify error handling details 8.6.0 Changes: add CURLE_TOO_LARGE add CURLINFO_QUEUE_TIME_T add CURLOPT_SERVER_RESPONSE_TIMEOUT_MS: add asyn-thread: use GetAddrInfoExW on >= Windows 8 configure: make libpsl detection failure cause error docs/cmdline: change to .md for cmdline docs docs: introduce "curldown" for libcurl man page format runtests: support -gl. Like -g but for lldb. Bugfixes: altsvc: free 'as' when returning error appveyor: replace PowerShell with bash + parallel autotools appveyor: switch to out-of-tree builds asyn-ares: with modern c-ares, use its default timeout build: delete unused `HAVE_{GSSHEIMDAL,GSSMIT,HEIMDAL}` build: delete/replace clang warning pragmas build: enable missing OpenSSF-recommended warnings, with fixes build: fix `-Wconversion`/`-Wsign-conversion` warnings build: fix Windows ADDRESS_FAMILY detection build: more `-Wformat` fixes build: remove redundant `CURL_PULL_` settings cf-h1-proxy: no CURLOPT_USERAGENT in CONNECT with hyper cf-socket: show errno in tcpkeepalive error messages CI/distcheck: run full tests cmake: add option to disable building docs cmake: fix generation for system name iOS cmake: fix typo cmake: freshen up docs/INSTALL.cmake cmake: prefill/cache `HAVE_STRUCT_SOCKADDR_STORAGE` cmake: rework options to enable curl and libcurl docs cmake: when USE_MANUAL=YES, build the curl.1 man page cmdline-opts/write-out.d: remove spurious double quotes cmdline-opts: update availability for the -ca-native options cmdline/gen: fix the sorting of the man page options configure: add libngtcp2_crypto_boringssl detection configure: fix no default int compile error in ipv6 detection configure: when enabling QUIC, check that TLS supports QUIC connect: remove margin from eyeballer alloc content_encoding: change return code to typedef'ed enum cookie.d: document use of empty string to enable cookie engine cookie: avoid fopen with empty file name curl.h: CURLOPT_DNS_SERVERS is only available with c-ares curl: show ipfs and ipns as supported "protocols" curl_easy_getinfo.3: remove the wrong time value count curl_multi_fdset.3: remove mention of null pointer support CURLINFO_REFERER.3: clarify that it is the request header CURLOPT_AUTOREFERER.3: mention CURLINFO_REFERER CURLOPT_POSTFIELDS.3: fix incorrect C string escape in example CURLOPT_SSH__KEYFILE: clarify dist: add tests/errorcodes.pl to the tarball docs: clean up Protocols: for cmdline options docs: describe and highlight super cookies docs: do not start lines/sentences with So, But nor And docs: install curl.1 with cmake docs: mention env vars not used by schannel doh: remove unused local variable examples: add four new examples file+ftp: use stack buffers instead of data->state.buffer ftp: handle the PORT parsing without allocation ftp: use dynbuf to store entrypath ftp: use memdup0 to store the OS from a SYST 215 response ftpserver.pl: send 213 SIZE response without spurious newline gen.pl: support ## for doing .IP in table-like lists gen: do italics/bold for a range of letters, not just single word GHA: add a job scanning for "bad words" in markdown GHA: bump ngtcp2, gnutls, mod_h2, quiche gnutls: fix build with --disable-verbose haproxy-clientip.d: document the arg headers: make sure the trailing newline is not stored headers: remove assert from Curl_headers_push hostip: return error immediately when Curl_ip2addr() fails hsts: remove assert for zero length domain http2: improved on_stream_close/data_done handling http3/quiche: fix result code on a stream reset http3: initial support for OpenSSL 3.2 QUIC stack http: adjust_pollset fix http: check for "Host:" case insensitively http: fix off-by-one error in request method length check http: only act on 101 responses when they are HTTP/1.1 http: remove comment reference to a removed solution http: use stack scratch buffer http_proxy: a blank CURLOPT_USERAGENT should not be used in CONNECT krb5: add prototype to silence clang warnings on mvsnprintf() lib: add debug log outputs for CURLE_BAD_FUNCTION_ARGUMENT lib: error out on multissl + http3 lib: fix variable undeclared error caused by `infof` changes lib: reduce use of strncpy lib: rename Curl_strndup to Curl_memdup0 to avoid misunderstanding lib: replace readwrite with write_resp lib: strndup/memdup instead of malloc, memcpy and null-terminate libssh2: use `libssh2_session_callback_set2()` with v1.11.1 libssh: improve the deprecation warning dismissal libssh: supress warnings without version check Makefile.am: fix the MSVC project generation Makefile.mk: drop Windows support mbedtls: fix `-Wnull-dereference` and `-Wredundant-decls` mbedtls: free the entropy when threaded mime: use memdup0 instead of malloc + memcpy mksymbolsmanpage.pl: provide references to where the symbol is used mprintf: overhaul and bugfixes mqtt: use stack scratch buffer for recv+publish multi: remove total timer reset in file_do() while fetching file:// ngtcp2: put h3 at the front of alpn ntlm_wb: do not use data->state.buffer any longer openldap: fix an LDAP crash openldap: fix STARTTLS openssl: re-match LibreSSL deinit with init openssl: when verifystatus fails, remove session id from cache OS400: sync ILE/RPG binding pingpong: stop using the download buffer pop3: replace calloc + memcpy with memdup0 pytest: scorecard tracking CPU and RSS quiche: return CURLE_HTTP3 on send to invalid stream readwrite_data: loop less Revert "urldata: move async resolver state from easy handle to connectdata" rtsp: deal with borked server responses runtests: for mode="text" on <stdout>, fix newlines on both parts sasl: make login option string override http auth schannel: fix `-Warith-conversion` gcc 13 warning sectransp: do verify_cert without memdup for blobs sectransp_ make TLSCipherNameForNumber() available in non-verbose config sendf: fix compiler warning with CURL_DISABLE_HEADERS_API setopt: clear mimepost when formp is freed setopt: use memdup0 when cloning COPYPOSTFIELDS socks: fix generic output string to say SOCKS instead of SOCKS4 socks: use own buffer instead of data->state.buffer ssh: fix namespace of two local macros ssh: use stack scratch buffer for seeks strerror: repair get_winsock_error() system.h: sync mingw `CURL_TYPEOF_CURL_SOCKLEN_T` with other compilers system_win32: fix a function pointer assignment warning telnet: use dynbuf instad of malloc for escape buffer telnet: use stack scratch buffer for do tests/server: delete workaround for old-mingw tests: avoid int/size_t conversion size/sign warnings tests: respect $TMPDIR when creating unix domain sockets tool: make parser reject blank arguments if not supported tool: prepend output_dir in header callback tool_getparam: bsearch cmdline options tool_getparam: do not try to expand without an argument tool_getparam: stop supporting `@filename` style for --cookie tool_listhelp: regenerate after recent .d updates tool_operate: make --remove-on-error only remove "real" files tool_operate: stop setting the file comment on Amiga transfer: adjust_pollset improvements transfer: fix upload rate limiting, add test cases transfer: make the select_bits_paused condition check both directions transfer: remove warning: Value stored to 'blen' is never read url: don't set default CA paths for Secure Transport backend url: for disabled protocols, mention if found in redirect urlapi: remove assert verify-examples.pl: fail verification on unescaped backslash version: show only the libpsl version, not its dependencies vquic: extract TLS setup into own source vtls: fix missing multissl version info vtls: receive max buffer vtls: remove the Curl_cft_ssl_proxy object if CURL_DISABLE_PROXY websockets: check for negative payload lengths websockets: refactor decode chain windows: delete redundant headers windows: simplify detecting and using system headers wolfssl: load certificate chain* for PEM client certs x509asn1: remove code for WANT_VERIFYHOST x509asn1: switch from malloc to dynbuf 8.5.0 Changes: gnutls: support CURLSSLOPT_NATIVE_CA HTTP3: ngtcp2 builds are no longer experimental Bugfixes: appveyor: make VS2008-built curl tool runnable asyn-thread: use pipe instead of socketpair for IPC when available autotools: accept linker flags via `CURL_LDFLAGS_{LIB,BIN}` autotools: avoid passing `LDFLAGS` twice to libcurl autotools: delete LCC compiler support bits autotools: fix/improve gcc and Apple clang version detection autotools: stop setting `-std=gnu89` with `--enable-warnings` autotools: update references to deleted `crypt-auth` option BINDINGS: add V binding build: add `src/.checksrc` to source tarball build: add more picky warnings and fix them build: always revert `#pragma GCC diagnostic` after use build: delete `HAVE_STDINT_H` and `HAVE_INTTYPES_H` build: delete support bits for obsolete Windows compilers build: fix 'threadsafe' feature detection for older gcc build: fix builds that disable protocols but not digest auth build: fix compiler warning with auths disabled build: fix libssh2 + `CURL_DISABLE_DIGEST_AUTH` + `CURL_DISABLE_AWS` build: picky warning updates build: require Windows XP or newer cfilter: provide call to tell connection to forget a socket CI: add autotools, out-of-tree, debug build to distro check job CI: ignore test 286 on Appveyor gcc 9 build cmake: add `CURL_DISABLE_BINDLOCAL` option cmake: add test for `DISABLE` options, add `CURL_DISABLE_HEADERS_API` cmake: dedupe Windows system libs cmake: fix `HAVE_H_ERRNO_ASSIGNABLE` detection cmake: fix CURL_DISABLE_GETOPTIONS cmake: fix multiple include of CURL package cmake: fix OpenSSL quic detection in quiche builds cmake: option to disable install & drop `curlu` target when unused cmake: pre-fill rest of detection values for Windows cmake: replace `check_library_exists_concat()` cmake: speed up threads setup for Windows cmake: speed up zstd detection config-win32: set `HAVE_SNPRINTF` for mingw-w64 configure: better --disable-http configure: check for the fseeko declaration too conncache: use the closure handle when disconnecting surplus connections content_encoding: make Curl_all_content_encodings allocless cookie: lowercase the domain names before PSL checks curl.h: delete Symbian OS references curl.h: on FreeBSD include sys/param.h instead of osreldate.h curl.rc: switch out the copyright symbol for plain ASCII curl: improved IPFS and IPNS URL support curl_easy_duphandle.3: clarify how HSTS and alt-svc are duped Curl_http_body: cleanup properly when Curl_getformdata errors curl_setup: disallow Windows IPv6 builds missing getaddrinfo curl_sspi: support more revocation error names in error messages CURLINFO_PRETRANSFER_TIME_T.3: fix time explanation CURLMOPT_MAX_CONCURRENT_STREAMS: make sure the set value is within range CURLOPT_CAINFO_BLOB.3: explain what CURL_BLOB_COPY does CURLOPT_WRITEFUNCTION.3: clarify libcurl returns for CURL_WRITEFUNC_ERROR CURPOST_POSTFIELDS.3: add CURLOPT_COPYPOSTFIELDS in SEE ALSO docs/example/keepalive.c: show TCP keep-alive options docs/example/localport.c: show off CURLOPT_LOCALPORT docs/examples/interface.c: show CURLOPT_INTERFACE use docs/libcurl: fix three minor man page format mistakes docs/libcurl: SYNSOPSIS cleanup docs: add supported version for the json write-out docs: clarify that curl passes on input unfiltered docs: fix function typo in curl_easy_option_next.3 docs: KNOWN_BUGS cleanup docs: preserve the modification date when copying the prebuilt man page docs: remove bold from some man page SYNOPSIS sections docs: use SOURCE_DATE_EPOCH for generated manpages doh: provide better return code for responses w/o addresses doh: use PIPEWAIT when HTTP/2 is attempted duphandle: also free 'outcurl->cookies' in error path duphandle: make dupset() not return with pointers to old alloced data duphandle: use strdup to clone COPYPOSTFIELDS if size is not set easy: in duphandle, init the cookies for the new handle easy: remove duplicate wolfSSH init call easy_lock: add a pthread_mutex_t fallback fopen: create new file using old file's mode fopen: create short(er) temporary file name getenv: PlayStation doesn't have getenv() GHA: move mod_h2 version in CI to v2.0.25 hostip: show the list of IPs when resolving is done hostip: silence compiler warning `-Wparentheses-equality` hsts: skip single-dot hostname HTTP/2, HTTP/3: handle detach of onoing transfers http2: header conversion tightening http2: provide an error callback and failf the message http2: safer invocation of populate_binsettings http: allow longer HTTP/2 request method names http: avoid Expect: 100-continue if Upgrade: is used http: consider resume with CURLOPT_FAILONERRROR and 416 to be fine http: fix `-Wunused-parameter` with no auth and no proxy http: fix `-Wunused-variable` compiler warning http: fix empty-body warning http_aws_sigv4: canonicalise valueless query params hyper: temporarily remove HTTP/2 support INSTALL: update list of ports and CPU archs IPFS: fix IPFS_PATH and file parsing keylog: disable if unused lib: add and use Curl_strndup() lib: apache style infof and trace macros/functions lib: fix gcc warning in printf call libcurl-errors.3: sync with current public headers libcurl-thread.3: simplify the TLS section Makefile.am: drop vc10, vc11 and vc12 projects from dist Makefile.mk: fix `-rtmp` option for non-Windows mime: store "form escape" as a single bit misc: fix -Walloc-size warnings msh3: error when built with CURL_DISABLE_SOCKETPAIR set multi: during ratelimit multi_getsock should return no sockets multi: use pipe instead of socketpair to wakeup() ngtcp2: fix races in stream handling ntlm_wb: use pipe instead of socketpair when possible openldap: move the alloc of ldapconninfo to connect() openldap: set the callback argument in oldap_do openssl: avoid BN_num_bits() NULL pointer derefs openssl: fix building with v3 `no-deprecated` + add CI test openssl: fix infof() to avoid compiler warning for %s with null openssl: identify the "quictls" backend correctly openssl: include SIG and KEM algorithms in verbose openssl: make CURLSSLOPT_NATIVE_CA import Windows intermediate CAs openssl: two multi pointer checks should probably rather be asserts openssl: when a session-ID is reused, skip OCSP stapling page-footer: clarify exit code 25 projects: add VC14.20 project files pytest: use lower count in repeat tests quic: make eyeballers connect retries stop at weird replies quic: manage connection idle timeouts quiche: use quiche_conn_peer_transport_params() rand: fix build error with autotools + LibreSSL resolve.d: drop a multi use-sentence RTSP: improved RTP parser sasl: fix `-Wunused-function` compiler warning schannel: add CA cache support for files and memory blobs setopt: check CURLOPT_TFTP_BLKSIZE range on set setopt: remove outdated cookie comment setopt: remove superfluous use of ternary expressions socks: better buffer size checks for socks4a user and hostname socks: make SOCKS5 use the CURLOPT_IPRESOLVE choice symbols-in-versions: the CLOSEPOLICY options are deprecated test1683: remove commented-out check alternatives test3103: add missing quotes around a test tag attribute test613: stop showing an error on missing output file tests/README: SOCKS tests are not using OpenSSH, it has its own server tests/server: add more SOCKS5 handshake error checking tests: Fix Windows test helper tool search & use it for handle64 tidy-up: casing typos, delete unused Windows version aliases tool: fix --capath when proxy support is disabled tool: support bold headers in Windows tool_cb_hdr: add an additional parsing check tool_cb_prg: make the carriage return fit for wide progress bars tool_cb_wrt: fix write output for very old Windows versions tool_getparam: limit --rate to be smaller than number of ms tool_operate: do not mix memory models tool_operate: fix links in ipfs errors tool_parsecfg: make warning output propose double-quoting tool_urlglob: fix build for old gcc versions tool_urlglob: make multiply() bail out on negative values tool_writeout_json: fix JSON encoding of non-ascii bytes transfer: abort pause send when connection is marked for closing transfer: avoid calling the read callback again after EOF transfer: only reset the FTP wildcard engine in CLEAR state url: don't touch the multi handle when closing internal handles url: find scheme with a "perfect hash" url: fix `-Wzero-length-array` with no protocols url: fix builds with `CURL_DISABLE_HTTP` url: protocol handler lookup tidy-up url: proxy ssl connection reuse fix urlapi: avoid null deref if setting blank host to url encode urlapi: skip appending NULL pointer query urlapi: when URL encoding the fragment, pass in the right length urldata: make maxconnects a 32 bit value urldata: move async resolver state from easy handle to connectdata urldata: move cookielist from UserDefined to UrlState urldata: move hstslist from 'set' to 'state' urldata: move the 'internal' boolean to the state struct vssh: remove the #ifdef for Curl_ssh_init, use empty macro vtls: cleanup SSL config management vtls: consistently use typedef names for OpenSSL structs vtls: late clone of connection ssl config vtls: use ALPN "http/1.1" for HTTP/1.x, including HTTP/1.0 VULN-DISCLOSURE-POLICY: escape sequences are not a security flaw windows: use built-in `_WIN32` macro to detect Windows wolfssh: remove redundant static prototypes wolfssl: add default case for wolfssl_connect_step1 switch wolfssl: require WOLFSSL_SYS_CA_CERTS for loading system CA 8.4.0 Changes: curl: add support for the IPFS protocols via HTTP gateway curl_multi_get_handles: get easy handles from a multi handle mingw: delete support for legacy mingw.org toolchain Bugfixes: acinclude.m4: Document proper system truststore on FreeBSD appveyor: fix yamlint issues, indent appveyor: rewrite batch in PowerShell + CI improvements autotools: adjust `CURL_CA_PATH` value to CMake autotools: restore `HAVE_IOCTL_` detections base64: also build for curl bufq: remove Curl_bufq_skip_and_shift (unused) build: delete checks for C89 standard headers build: do not publish `HAVE_BORINGSSL`, `HAVE_AWSLC` macros cf-socket: simulate slow/blocked receives in debug cmake, configure: also link with CoreServices cmake: add check for suseconds_t cmake: add feature checks for `memrchr` and `getifaddrs` cmake: add missing checks cmake: delete old `HAVE_LDAP_URL_PARSE` logic cmake: detect `HAVE_CLOCK_GETTIME_MONOTONIC_RAW` cmake: detect `HAVE_GETADDRINFO_THREADSAFE` cmake: detect `sys/wait.h` and `netinet/udp.h` cmake: detect TLS-SRP in OpenSSL/wolfSSL/GnuTLS cmake: disable unity mode with Windows Unicode + TrackMemory cmake: fix `HAVE_LDAP_SSL`, `HAVE_LDAP_URL_PARSE` on non-Windows cmake: fix `HAVE_WRITABLE_ARGV` detection cmake: fix duplicate symbols when linking tests cmake: fix missing `zlib.h` when compiling `libcurltool` cmake: fix stderr initialization in unity builds cmake: fix the help text to the static build option in CMakeLists.txt cmake: fix unity builds for more build combinations cmake: fix unity symbol collisions in h2 builds cmake: fix unity with Windows Unicode + TrackMemory cmake: improve OpenLDAP builds cmake: lib `CURL_STATICLIB` fixes (Windows) cmake: move global headers to specific checks cmake: pre-cache `HAVE_BASENAME` for mingw-w64 and MSVC cmake: pre-cache `HAVE_POLL_FINE` on Windows cmake: tidy-up `NOT_NEED_LBER_H` detection cmake: validate `CURL_DEFAULT_SSL_BACKEND` config value configure: check for the capath by default configure: remove unused checks configure: replace adhoc domain with `localhost` in tests configure: sort AC_CHECK_FUNCS connect: expire the timeout when trying next connect: only start the happy eyeballs timer when needed cookie: do not store the expire or max-age strings cookie: remove unnecessary struct fields cookie: set ->running in cookie_init even if data is NULL create-dirs.d: clarify it also uses --output-dirs curl.h: mark CURLSSLBACKEND_NSS as deprecated since 8.3.0 curl_easy_pause.3: mention h2/h3 buffering curl_easy_pause.3: mention it works within callbacks curl_easy_pause: set "in callback" true on exit if true CURLOPT_DEBUGFUNCTION.3: warn about internal handles docs/libcurl/opts/Makefile.inc: add missing manpage files docs: adapt SEE ALSO sections to new requirements docs: explain how PINNEDPUBLICKEY is independent of VERIFYPEER docs: replace made up domains with example.com docs: update curl man page references docs: use CURLSSLBACKEND_NONE doh: inherit DEBUGFUNCTION/DATA escape: replace Curl_isunreserved with ISUNRESERVED FAQ: How do I upgrade curl.exe in Windows? GHA/linux: run singleuse to detect single-use global functions GHA: add workflow to compare configure vs cmake outputs h2-proxy: remove left-over mistake in drain_tunnel() h2: testcase and fix for pausing h2 streams h3: add support for ngtcp2 with AWS-LC builds http2: refused stream handling for retry http: fix CURL_DISABLE_BEARER_AUTH breakage http: h1/h2 proxy unification http: remove wrong comment for http_should_fail http: use per-request counter to check too large headers http_aws_sigv4: fix sorting with empty parts idn: fix WinIDN null ptr deref on bad host idn: if idn2_check_version returns NULL, return error inet_ntop: add typecast to silence Coverity lib: disambiguate Curl_client_write flag semantics lib: enable hmac for digest as well lib: failf/infof compiler warnings lib: let the max filesize option stop too big transfers too lib: move handling of `data->req.writer_stack` into Curl_client_write() lib: provide and use Curl_hexencode lib: remove TIME_WITH_SYS_TIME lib: use wrapper for curl_mime_data fseek callback libssh2: fix error message on failed pubkey-from-file libssh: cap SFTP packet size sent Makefile.mk: always set `CURL_STATICLIB` for lib (Windows) MANUAL.md: change domain to example.com misc: better random strings MQTT: improve receive of ACKs multi: do CURLM_CALL_MULTI_PERFORM at two more places multi: fix small timeouts multi: remove Curl_multi_dump multi: round the timeout up to prevent early wakeups multi: set CURLM_CALL_MULTI_PERFORM after switch to DOING_MORE openssl: improve ssl shutdown handling openssl: use X509_ALGOR_get0 instead of reaching into X509_ALGOR pytest: exclude test_03_goaway in CI runs due to timing dependency quic: set ciphers/curves the same way regular TLS does quiche: fix build error with --with-ca-fallback RELEASE-PROCEDURE.md: updated coming release dates runtests: display the test status if tests appear hung runtests: eliminate a warning on old perl versions socks: return error if hostname too long for remote resolve src/mkhelp: make generated code pass `checksrc` test1056: disable on Windows test1474: disable test on NetBSD, OpenBSD and Solaris 10 test1592: greatly increase the maximum test timeout test1903: actually verify the cookies after the test test1906: set a lower timeout since it's hit on Windows test2600: remove special case handling for USE_ALARM_TIMEOUT test650: fix an end tag typo test661: return from test early in case of curl error test: add missing <feature>s tests: close the shell used to start sshd tests: fix a race condition in ftp server disconnect tests: fix compiler warnings tests: Fix zombie processes left behind by FTP tests. tests: improve SLOWDOWN test reliability by reducing sent data tests: increase lib571 timeout from 3s to 30s tests: log the test result code after each libtest tests: propagate errors in libtests tests: set --expect100-timeout to improve test reliability tests: show which curl tool `runtests.pl` is using tests: stop overriding the lock timeout tftpd: always use curl's own tftp.h tool: use our own stderr variable tool_cb_wrt: fix debug assertion tool_getparam: accept variable expansion on file names too tool_setopt: remove unused function tool_setopt_flags upload-file.d: describe the file name slash/backslash handling url: fall back to http/https proxy env-variable if ws/wss not set url: fix netrc info message warnless: remove unused functions wolfssh: do cleanup in Curl_ssh_cleanup wolfssl: allow capath with CURLOPT_CAINFO_BLOB wolfssl: if CURLOPT_CAINFO_BLOB is set, ignore the CA files wolfssl: ignore errors in CA path 8.3.0 Changes: curl: make %output{} in -w specify a file to write to gskit: remove lib: --disable-bindlocal builds curl without local binding support nss: remove support for this TLS library tool: add "variable" support trace: make tracing available in non-debug builds url: change default value for CURLOPT_MAXREDIRS to 30 urlapi: CURLU_PUNY2IDN - convert from punycode to IDN name wolfssl: support loading system CA certificates Bugfixes: altsvc: accept and parse IPv6 addresses in response headers asyn-ares: reduce timeout to 2000ms aws-sigv4: canonicalize the query aws-sigv4: fix having date header twice in some cases aws-sigv4: handle no-value user header entries bearssl: don't load CA certs when peer verification is disabled bearssl: handshake fix, provide proper get_select_socks() implementation build: fix portability of mancheck and checksrc targets build: streamline non-UWP wincrypt detections c-hyper: adjust the hyper to curlcode conversion c-hyper: fix memory leaks in `Curl_http` cf-haproxy: make CURLOPT_HAPROXY_CLIENT_IP set the source IP cf-socket: log successful interface bind CI/cirrus: disable python install on FreeBSD CI: add a 32-bit i686 Linux build CI: add caching to many jobs CI: move on to ngtcp2 v0.19.1 CI: move the Alpine build from Cirrus to GHA CI: ngtcp2-linux: use separate caches for tls libraries CI: remove Windows builds from Cirrus, without replacement CI: switch macOS ARM build from Cirrus to Circle CI CI: use master again for wolfssl cirrus: install everthing with pkg, avoid pip cmake: add GnuTLS option cmake: add support for `CURL_DEFAULT_SSL_BACKEND` cmake: add support for single libcurl compilation pass cmake: allow `SHARE_LIB_OBJECT=ON` on all platforms cmake: assume `wldap32` availability on Windows cmake: cache more config and delete unused ones cmake: detect `SSL_set0_wbio` in OpenSSL cmake: drop `HAVE_LIBWINMM` and `HAVE_LIBWS2_32` feature checks cmake: fix to use variable for the curl namespace cmake: fixup H2 duplicate symbols for unity builds cmake: set SIZEOF_LONG_LONG in curl_config.h cmake: support building static and shared libcurl in one go cmdline-docs: make sure to phrase it as "added in ...." cmdline-docs: use present tense, not future cmdline-opts/docs: mention the negative option part cmdline-opts/page-header: clarify stronger that !opt == URL cmdline-opts/page-header: reorder, clean up configure, cmake, lib: more form api deprecation configure: fix `HAVE_TIME_T_UNSIGNED` check configure: trust pkg-config when it's used for zlib configure: use the pkg-config --libs-only-l flag for libssh2 connect: stop halving the remaining timeout when less than 600 ms left cookie-jar.d: emphasize that this option is ONLY writing cookies crypto: ensure crypto initialization works curl_url_get/set.3: add missing semicolon in SYNOPSIS CURLINFO_CERTINFO.3: better explain curl_certinfo struct CURLINFO_TLS_SSL_PTR.3: clarify a recommendation CURLOPT_TIMEOUT: extend and clarify CURLOPT_SSL_VERIFYPEER.3: mention it does not load CA certs when disabled CURLOPT_URL.3: add two URL API calls in the see-also section CURLOPT_URL.3: explain curl_url_set() uses the same parser digest: Use hostname to generate spn instead of realm disable.d: explain --disable not implemented prior to 7.50.0 docs/cmdline-opts/gen.pl: hide "added in" before 7.50.0 docs/cmdline-opts: match the current output docs/cmdline-opts: spellfixes, typos and polish docs/cmdline: add small "warning" to verbose options docs/cmdline: remove repeated working for negotiate + ntlm docs/HYPER.md: document a workaround for a link error docs: add curl_global_trace to some SEE ALSO sections docs: link to the website versions instead of markdowns docs: mark --ssl-revoke-best-effort as Schannel specific docs: mention critical files in same directories as curl saves docs: removing "pausing transfers" from HYPER.md. docs: rewrite to present tense easy: remove #ifdefs to make code easier on the eye egd: delete feature detection and related source code ftp: fix temp write of ipv6 address gen.pl: escape all dashes (ascii minus) to avoid unicode hyphens gen.pl: replace all single quotes with aq GHA: adding quiche workflow headers: accept leading whitespaces on first response header http2: avoid too early connection re-use/multiplexing http2: cleanup trace messages http2: disable asssertion blocking OSSFuzz testing http2: fix in h2 proxy tunnel: progress in ingress on sending http2: polish things around POST http2: upgrade tests and add fix for non-existing stream http3/ngtcp2: shorten handshake, trace cleanup http3: quiche, handshake optimization, trace cleanup http: close the connection after a late 417 is received http: do not require a user name when using CURLAUTH_NEGOTIATE http: fix sending of large requests http: remove the p_pragma struct field http: return error when receiving too large header set hyper: fix a progress upload counter bug hyper: fix ownership problems hyper: remove `hyptransfer->endtask` imap: add a check for failing strdup() imap: remove the only sscanf() call in the IMAP code include.d: explain headers not printed with --fail before 7.75.0 include/curl/mprintf.h: add __attribute__ for the prototypes krb5: fix "implicit conversion loses integer precision" warnings lib: add ability to disable auths individually lib: build fixups when built with most things disabled lib: fix a few printf() flag mistakes lib: fix null ptr derefs and uninitialized vars (h2/h3) lib: move mimepost data from ->req.p.http to ->state libtest: use curl_free() to free libcurl allocated data list-only.d: mention SFTP as supported protocol macOS: fix target detection more misc: fix various typos multi.h: the 'revents' field of curl_waitfd is supported multi: more efficient pollfd count for poll multi: remove 'processing: <url>' debug message ngtcp2: fix handling of large requests openssl: auto-detect `SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED` openssl: clear error queue after SSL_shutdown openssl: make aws-lc version support OCSP openssl: Support async cert verify callback openssl: switch to modern init for LibreSSL 2.7.0+ openssl: use `SSL_CTX_set_ciphersuites` with LibreSSL 3.4.1 openssl: use `SSL_CTX_set_keylog_callback` with LibreSSL 3.5.0 openssl: when CURLOPT_SSL_CTX_FUNCTION is registered, init x509 store before os400: build test servers os400: do not check translatable options at build time os400: implement CLI tool page-footer: QLOGDIR works with ngtcp2 and quiche page-header: move up a URL paragraph from GLOBBING to URL pytest: fix check for slow_network skips to only apply when intended quic: don't set SNI if hostname is an IP address quiche: adjust quiche `QUIC_IDLE_TIMEOUT` to 60s quiche: enable quiche to handle timeout events resolve: use PF_INET6 family lookups when CURL_IPRESOLVE_V6 is set revert "schannel: reverse the order of certinfo insertions" schannel: fix ordering of cert chain info schannel: fix user-set legacy algorithms in Windows 10 & 11 schannel: verify hostname independent of verify cert sectransp: fix compiler warnings sectransp: prevent CFRelease() of NULL secureserver.pl: fix stunnel path quoting secureserver.pl: fix stunnel version parsing SECURITY-PROCESS.md: not a sec issue: Tricking user to run a cmdline system.h: add CURL_OFF_T definitions on HP-UX with HP aCC test1304: build and skip without netrc support test1554: check translatable string options in OS400 wrapper test1608: make it build and get skipped without shuffle DNS support test687/688: two more basic --xattr tests tests/tftpd+mqttd: make variables static to silence picky warnings tests: add 'large-time' as a testable feature tests: add support for nested %if conditions tests: don't call HTTP errors OK in test cases tests: ensure `libcurl.def` contains all exports tests: fix h3 server check and parallel instances tests: TLS session sharing test tests: update cookie expiry dates to far in the future time-cond.d: mention what happens on a missing file tool: avoid including leading spaces in the Location hyperlink tool: change some fopen failures from warnings to errors tool: make the length argument an int for printf()-. flags tool_cb_wrt: fix invalid unicode for windows console tool_filetime: make -z work with file dates before 1970 tool_operate: allow both SSL_CERT_FILE and SSL_CERT_DIR tool_operate: make aws-sigv4 not require TLS to be used tool_paramhlp: improve str2num(): avoid unnecessary call to strlen() tool_urlglob: use the correct format specifier for curl_off_t in msnprintf transfer: also stop the sending on closed connection transfer: don't set TIMER_STARTTRANSFER on first send unit2600: fix build warning if built without verbose messages url: remove infof() output for "still name resolving" urlapi: fix heap buffer overflow urlapi: make sure zoneid is also duplicated in curl_url_dup urlapi: return CURLUE_BAD_HOSTNAME if puny2idn encoding fails urlapi: setting a blank URL ("") is not an ok URL vquic: show stringified messages for errno vtls: clarify "ALPN: offers" message winbuild: improve check for static zlib wolfSSL: avoid the OpenSSL compat API when not needed workflows/macos.yml: disable zstd and alt-svc in the http-only build write-out.d: clarify %{time_starttransfer} ws: fix spelling mistakes in examples and tests Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2024-07-02 09:06:23 +00:00
Michael Tremer	c48872ef76	curl: Fix CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2023-10-11 07:47:47 +00:00
Adolf Belka	319fcaa4d7	curl: Update to version 8.2.1 - Update from version 8.2.0 to 8.2.1 - Update of rootfile not required -Changelog 8.2.1 Bugfixes o amigaos: fix sys/mbuf.h m_len macro clash [9] o amissl: add missing signal.h include [8] o amissl: fix AmiSSL v5 detection [2] o cfilters: rename close/connect functions to avoid clashes [12] o ciphers.d: put URL in first column [1] o cmake: add `libcurlu`/`libcurltool` for unit tests [5] o cmake: update ngtcp2 detection [4] o configure: check for nghttp2_session_get_stream_local_window_size [14] o CONTRIBUTE: drop mention of copyright year ranges [20] o CONTRIBUTE: fix syntax in commit message description [21] o curl_multi_wait.3: fix arg quoting to doc macro .BR [27] o docs: mark two TLS options for TLS, not SSL [26] o docs: provide more see also for cipher options [23] o hostip: return IPv6 first for localhost resolves [16] o http2: fix regression on upload EOF handling [13] o http: VLH, very large header test and fixes [19] o libcurl-errors.3: add CURLUE_OK [11] o os400: correct EXPECTED_STRING_LASTZEROTERMINATED [7] o quiche: fix lookup of transfer at multi [18] o quiche: fix segfault and other things [15] o rustls: update rustls-ffi 0.10.0 [24] o socks: print ipv6 address within brackets [10] o src/mkhelp: strip off escape sequences [22] o tool: fix tool_seek_cb build when SIZEOF_CURL_OFF_T > SIZEOF_OFF_T [17] o transfer: do not clear the credentials on redirect to absolute URL [6] o unittest: remove unneeded *_LDADD [3] o websocket: rename arguments/variables to match docs [25] Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2023-07-31 09:19:10 +00:00
Adolf Belka	d08ee8c8b6	curl: Update to version 8.2.0 - Update from version 8.1.0 to 8.2.0 - Update of rootfile - Changelog 8.2.0 Changes: curl: add --ca-native and --proxy-ca-native curl: add --trace-ids CURLOPT_MAIL_RCPT_ALLOWFAILS: replace CURLOPT_MAIL_RCPT_ALLLOWFAILS haproxy: add --haproxy-clientip flag to set client IPs lib: add CURLINFO_CONN_ID and CURLINFO_XFER_ID Bugfixes: bufq: make write/pass methods more robust build: drop unused/redundant `HAVE_WINLDAP_H` cf-socket: don't bypass fclosesocket callback if cancelled before connect cf-socket: move ctx declaration under HAVE_GETPEERNAME cf-socket: skip getpeername()/getsockname for TFTP checksrc: modernise perl file open checksrc: quote the file name to work with "funny" letters CI: brew fix for openssl in default path CI: don't install impacket if tests are not run CI: enable parallel make in more builds circleci: install impacket & wolfssl 5.6.0 cmake: add support for "unity" builds cmake: make use of snprintf cmake: stop CMake from quietly ignoring missing Brotli configure: add check for ldap_init_fd configure: fix run-compiler for old /bin/sh configure: the --without forms of the options are also gone connect-timeout.d: mention that the DNS lookup is included curl.h: include <sys/select.h> for vxworks curl: count uploaded data to stop at the originally given size curl: return error when asked to use an unsupported HTTP version curl_easy_nextheader.3: add missing open parenthesis examples curl_log: evaluate log statement only when transfer is verbose curl_mprintf.3: minor fix of the example curl_pushheader_byname/bynum.3: document in their own man pages curl_url_set: enforce the max string length check for all parts CURLOPT_AWS_SIGV4.3: remove unused variable from example CURLOPT_INFILESIZE.3: mention -1 triggers chunked CURLOPT_MIMEPOST.3: clarify what setting to NULL means CURLOPT_SSH_PRIVATE_KEYFILE.3: expand on the file search docs/libcurl/libcurl.3: cleanups and improvements docs: add more .IP after .RE to fix indentation of generate paragraphs docs: fix missing parameter names in examples docs: update CURLOPT_UPLOAD.3 docs: update HTTP3.md for newer ngtcp2 and nghttp3 docs: use a space after RFC when spelling out RFC numbers example/connect-to: show CURLOPT_CONNECT_TO example/crawler: also set CURLOPT_AUTOREFERER example/crawler: make it use a few more options example/default-scheme: set the default scheme for schemeless URLs example/hsts-preload: show one way to HSTS preload example/http2-download: set CURLOPT_BUFFERSIZE example/ipv6: feature CURLOPT_ADDRESS_SCOPE in use example/maxconnects: set maxconnect example example/opensslthreadlock: remove examples/ftpuploadresume.c: add use of CURLOPT_ACCEPTTIMEOUT_MS examples/http-options: show how to send "OPTIONS " examples/https.c: use CURLOPT_CA_CACHE_TIMEOUT examples/multi-debugcallback.c: avoid the bool typedef examples/smtp-mime: use CURLOPT_MAIL_RCPT_ALLOWFAILS examples/unixsocket.c: example using CURLOPT_UNIX_SOCKET_PATH examples/websocket.c: websocket example using CONNECT_ONLY examples: make use of CURLOPT_(REDIR_\|)PROTOCOLS_STR fopen: fix conversion warning on 32-bit Android fopen: optimize hostip.c: Move macOS-specific calls into global init call HTTP/2: upload handling fixes http2: better support for --limit-rate http2: error stream resets with code CURLE_HTTP2_STREAM http2: fix crash in handling stream weights http2: fix variable type http2: h2 and h2-PROXY connection alive check fixes http2: raise header limitations above and beyond http2: send HEADER & DATA together if possible http2: treat initial SETTINGS as a WINDOW_UPDATE HTTP3.md: update openssl version http3/ngtcp2: upload EAGAIN handling http: rectify the outgoing Cookie: header field size check hyper: fix EOF handling on input hyper: unslow imap-append.c: update to make it more likely to work imap: Provide method to disable SASL if it is advertised krb5: add typecast to please Coverity libcurl-url.3: also mention CURLUPART_ZONEID libcurl-ws.3. WebSocket API overview libssh2: provide error message when setting host key type fails libssh2: use custom memory functions ngtcp2: assigning timeout, but value is overwritten before used ngtcp2: build with 0.17.0 and nghttp3 0.13.0 ngtcp2: use ever increasing timestamp in io quiche: avoid NULL deref in debug logging quiche: fix defects found in latest coverity report quote.d: fix indentation of generated paragraphs runtests: abort test run after failure without -a runtests: better handle ^C during slow tests runtests: consistently write the test check summary block runtests: create multiple test runners when requested runtests: include missing valgrind package runtests: make test file directories in log/N runtests: rename server command file runtests: use more consistent failure lines runtests: work around a perl without SIGUSR1 runtests; give each server a unique log lock file scripts: Fix GHA matrix job detection in cijobs.pl sectransp: fix EOF handling system.h: remove __IBMC__/__IBMCPP__ guards and apply to all z/OS compiles test2600: fix the description test427: verify sending more cookies than fit in a 8190 bytes line tests/http: Add mod_h2 directive `H2ProxyRequests` tests/servers.pm: pick unused port number with a server socket tests/servers: generate temp names in /tmp for unix domain sockets tests: fix error messages & handling around sockets tests: improve reliability of TFTP tests testutil: allow multiple %-operators on the same line timeval: use CLOCK_MONOTONIC_RAW if available tls13-ciphers.d: include Schannel tool: remove exclamation marks from error/warning messages tool: remove newlines from all helpf/notef/warnf/errorf calls tool_easysrc.h: correct `easysrc_perform` for `CURL_DISABLE_LIBCURL_OPTION` tool_getparam: fix comment tool_operate: allow cookie lines up to 8200 bytes tool_parsecfg: accept line lengths up to 10M tool_urlglob: use curl_off_t instead of longs tool_writeout_json: fix encoding of control characters transfer: clear credentials when redirecting to absolute URL urlapi: have set(PATH) prepend a slash if one is missing urlapi: scheme must start with alpha vtls: avoid memory leak if sha256 call fails websocket-cb: example doing WebSocket download using callback wolfssl: detect when TLS 1.2 support is not built into wolfssl wolfssl: support setting CA certificates as blob ws: make the curl_ws_meta() return pointer a const 8.1.2 Bugfixes: configure: quote the assignments for run-compiler configure: without pkg-config and no custom path, use -lnghttp2 curl: cache the --trace-time value for a second http2: fix EOF handling on uploads with auth negotiation http3: send EOF indicator early as possible lib1560: verify more scheme guessing lib: remove unused functions, make single-use static libcurl.m4: remove trailing 'dnl' that causes this to break autoconf libssh: when keyboard-interactive auth fails, try password misc: fix spelling mistakes page-header: mention curl version and how to figure out current release page-header: minor wording polish in the URL segment scripts/singleuse.pl: add more API calls urlapi: remove superfluous host name check 8.1.1 Bugfixes: cf-socket: completely remove the disabled USE_RECV_BEFORE_SEND_WORKAROUND checksrc: disallow spaces before labels cmake: avoid `list(PREPEND)` for compatibility cmake: repair cross compiling configure: fix --help alignment configure: generate a script to run the compiler curl_easy_getinfo: clarify on return data types docs: document that curl_url_cleanup(NULL) is a safe no-op hostip: move easy_lock.h include above curl_memory.h http2: double http request parser max line length http2: increase stream window size to 10 MB http2: upload improvements lib: fix conversion warnings with gcc on macOS lib: rename struct 'http_req' to 'httpreq' ngtcp2: fix compiler warning about possible null-deref ngtcp2: proper handling of uint64_t when adjusting send buffer os400: update chkstrings.c runtests: handle interrupted reads from IPC pipes runtests: use the correct fd after select sectransp.c: make the code c89 compatible select: avoid returning an error on EINTR from select() or poll() test425: fix the log directory for the upload url: provide better error message when URLs fail to parse urlapi: allow numerical parts in the host name vquic.c: make recvfrom_packets static, avoid compiler warning Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2023-07-26 16:09:00 +00:00
Adolf Belka	579c5830aa	curl: Update to version 8.1.0 - Update from version 7.88.1 to 8.1.0 - Update of rootfile not required - Changelog Fixed in 8.1.0 - May 17 2023 Changes: curl: add --proxy-http2 CURLPROXY_HTTPS2: for HTTPS proxy that may speak HTTP/2 hostip: refuse to resolve the .onion TLD tool_writeout: add URL component variables Bugfixes: amiga: Fix CA certificate paths for AmiSSL and MorphOS autotools: sync up clang picky warnings with cmake aws-sigv4.d: fix region identifier in example bufq: simplify since expression is always true cf-h1-proxy: skip an extra NULL assign cf-h2-proxy: fix processing ingress to stop too early cf-socket: add socket recv buffering for most tcp cases cf-socket: Disable socket receive buffer by default cf-socket: remove dead code discovered by PVS cf-socket: turn off IPV6_V6ONLY on Windows if it is supported checksrc: check for spaces before the colon of switch labels checksrc: find bad indentation in conditions without open brace checksrc: fix SPACEBEFOREPAREN for conditions starting with "" ci: `-Wno-vla` no longer necessary CI: fix brew retries on GHA CI: Set minimal permissions on workflow ngtcp2-quictls.yml CI: skip Azure for commits which change only GHA CI: use another glob syntax for matching files on Appveyor cmake: bring in the network library on Haiku cmake: do not add zlib headers for openssl CMake: make config version 8 compatible with 7 cmake: picky-linker fixes for openssl, ZLIB, H3 and more cmake: set SONAME for SunOS too cmake: speed up and extend picky clang/gcc options CMakeLists.txt: fix typo for Haiku detection compressed.d: clarify the words on "not notifying headers" config-dos.h: fix SIZEOF_CURL_OFF_T for MS-DOS/DJGPP configure: don't set HAVE_WRITABLE_ARGV on Windows configure: fix detection of apxs (for httpd) configure: make quiche require quiche_conn_send_ack_eliciting connect: fix https connection setup to treat ssl_mode correctly content_encoding: only do transfer-encoding compression if asked to cookie: address PVS nits cookie: clarify that init with data set to NULL reads no file curl: do NOT append file name to path for upload when there's a query curl_easy_getinfo.3: typo fix (duplicated "from the") curl_easy_unescape.3: rename the argument curl_path: bring back support for SFTP path ending in /~ curl_url_set.3: mention that users can set content rather freely CURLOPT_IPRESOLVE.3: this for host names, not IP addresses data.d: emphasize no conversion digest: clear target buffer doc: curl_mime_init() strong easy binding was relaxed in 7.87.0 docs/cmdline-opts: document the dotless config path docs/examples/protofeats.c: outputs all protocols and features docs/libcurl/curl_escape.3: rename "url" argument to "input"/"string" docs/SECURITY-ADVISORY.md: how to write a curl security advisory docs: bump the minimum perl version to 5.6 docs: clarify that more backends have HTTPS proxy support dynbuf: never allocate larger than "toobig" easy_cleanup: require a "good" handle to act ftp: fix 'portsock' variable was assigned the same value ftp: remove dead code ftplistparser: move out private data from public struct ftplistparser: replace realloc with dynbuf gen.pl: error on duplicated See-Also fields getpart: better handle case of file not found GHA-linux: add an address-sanitizer build GHA: add a memory-sanitizer job GHA: run all linux test jobs with valgrind GHA: suppress git clone output GIT-INFO: add --with-openssl gskit: various compile errors in OS400 h2/h3: replace `state.drain` counter with `state.dselect_bits` hash: fix assigning same value headers: clear (possibly) lingering pointer in init hostcheck: fix host name wildcard checking hostip: add locks around use of global buffer for alarm() hostip: enforce a maximum DNS cache size independent of timeout value HTTP-COOKIES.md: mention the #HttpOnly_ prefix http2: always EXPIRE_RUN_NOW unpaused http/2 transfers http2: do flow window accounting for cancelled streams http2: enlarge the connection window http2: flow control and buffer improvements http2: move HTTP/2 stream vars into local context http2: pass `stream` to http2_handle_stream_close to avoid NULL checks http2: remove unused Curl_http2_strerror function declaration HTTP3/quiche: terminate h1 response header when no body is sent http3: check stream_ctx more thoroughly in all backends HTTP3: document the ngtcp2/nghttp3 versions to use for building curl http3: expire unpaused transfers in all HTTP/3 backends http3: improvements across backends http: free the url before storing a new copy http: skip a double NULL assign ipv4.d/ipv6.d: they are "mutex", not "boolean" KNOWN_BUGS: remove fixed or outdated issues, move non-bugs lib/cmake: add HAVE_WRITABLE_ARGV check lib/sha256.c: typo fix in comment (duplicated "is available") lib1560: verify that more bad host names are rejected lib: add `bufq` and `dynhds` lib: remove CURLX_NO_MEMORY_CALLBACKS lib: unify the upload/method handling lib: use correct printf flags for sockets and timediffs libssh2: fix crash in keyboard callback libssh2: free fingerprint better libssh: tell it to use SFTP non-blocking man pages: simplify the .TH sections MANUAL.md: add dict example for looking up a single definition md(4\|5): don't use deprecated iOS functions md4: only build when used mime: skip NULL assigns after Curl_safefree() multi: add handle asserts in DEBUG builds multi: add multi-ignore logic to multi_socket_action multi: free up more data earleier in DONE multi: remove a few superfluous assigns multi: remove PENDING + MSGSENT handles from the main linked list ngtcp2: adapted to 0.15.0 ngtcp2: adjust config and code checks for ngtcp2 without nghttp3 noproxy: pointer to local array 'hostip' is stored outside scope ntlm: clear lm and nt response buffers before use openssl: interop with AWS-LC OS400: fix and complete ILE/RPG binding OS400: implement EBCDIC support for recent features OS400: improve vararg emulation OS400: provide ILE/RPG usage examples pingpong: fix compiler warning "assigning an enum to unsigned char" pytest: improvements for suitable curl and error output quiche: disable pacing while pacing is not actually performed quiche: Enable IDLE egress handling RELEASE-PROCEDURE: update to new schedule rtsp: convert mallocs to dynbuf for RTP buffering rtsp: skip malformed RTSP interleaved frame data rtsp: skip NULL assigns after Curl_safefree() runtests: die if curl version can be found runtests: don't start servers if -l is given runtests: fix -c option when run with valgrind runtests: fix quoting in Appveyor and Azure test integration runtests: lots of refactoring runtests: refactor into more packages runtests: show error message if file can't be written runtests: spawn a new process for the test runner rustls: fix error in recv handling schannel: add clarifying comment server/getpart: clear target buffer before load smb: remove double assign smbserver: remove temporary files before exit socketpair: verify with a random value ssh: Add support for libssh2 read timeout telnet: simplify the implementation of str_is_nonascii() test1169: fix so it works properly everywhere test1592: add flaky keyword test1960: point to the correct path for the precheck tool test303: kill server after test tests/http: add timeout to running curl in test cases tests/http: fix log formatting on wrong exit code tests/http: fix out-of-tree builds tests/http: improved httpd detection tests/http: more tests with specific clients tests/http: relax connection check in test_07_02 tests/keywords.pl: remove tests/libtest/lib1900.c: remove tests/sshserver.pl: Define AddressFamily earlier tests: 1078 1288 1297 use valid IPv4 addresses tests: document that the unittest keyword is special tests: increase sws timeout for more robust testing tests: log a too-long Unix socket path in sws and socksd tests: make test_12_01 a bit more forgiving on connection counts tests: move pidfiles and portfiles under the log directory tests: move server config files under the pid dir tests: silence some Perl::Critic warnings in test suite tests: stop using strndup(), which isn't portable tests: switch to 3-argument open in test suite tests: turn perl modules into full packages tests: use %LOGDIR to refer to the log directory tool_cb_hdr: Fix 'Location:' formatting for early VTE terminals tool_operate: pass a long as CURLOPT_HEADEROPT argument tool_operate: refuse (--data or --form) and --continue-at combo transfer: refuse POSTFIELDS + RESUME_FROM combo transfer: skip extra assign url: fix null dispname for --connect-to option url: fix PVS nits url: remove call to Curl_llist_destroy in Curl_close urlapi: cleanups and improvements urlapi: detect and error on illegal IPv4 addresses urlapi: prevent setting invalid schemes with url_set() urlapi: skip a pointless assign urlapi: URL encoding for the URL missed the fragment urldata: copy CURLOPT_AWS_SIGV4 value on handle duplication urldata: shrink select_bits int => unsigned char vlts: use full buffer size when receiving data if possible vtls and h2 improvements Websocket: enhanced en-/decoding wolfssl.yml: bump to version 5.6.0 write-out.d: Use response_code in example ws: handle reads before EAGAIN better Fixed in 8.0.1 - March 20 2023 Bugfixes: fix crash in curl_easy_cleanup Fixed in 8.0.0 - March 20 2023 Changes: build: remove support for curl_off_t < 8 bytes Bugfixes: .cirrus.yml: Bump to FreeBSD 13.2 aws_sigv4: fall back to UNSIGNED-PAYLOAD for sign_as_s3 BINDINGS: add Fortran binding build: drop the use of XC_AMEND_DISTCLEAN build: fix stdint/inttypes detection with non-autotools cf-socket: fix handling of remote addr for accepted tcp sockets cf-socket: if socket is already connected, return CURLE_OK cf-socket: use port 80 when resolving name for local bind CI: don't run CI jobs if only another CI was changed CI: update ngtcp2 and nghttp2 for pytest cmake: delete unused HAVE__STRTOI64 cmake: fix enabling LDAPS on Windows cmake: skip CA-path/bundle auto-detection in cross-builds connect: fix time_connect and time_appconnect timer statistics cookie: don't load cookies again when flushing cookie: parse without sscanf() curl.h: require gcc 12.1 for the deprecation magic curl: make -w's %{stderr} use the file set with --stderr curl_path: create the new path with dynbuf CURLOPT_PIPEWAIT: allow waited reuse also for subsequent connections CURLOPT_PROXY.3: curl+NSS does not handle HTTPS over unix domain socket CURLSHOPT_SHARE.3: HSTS sharing is not thread-safe DEPRECATE: the original legacy mingw version 1 doc: fix compiler warning in libcurl.m4 docs/cmdline-opts: mark all global options docs/SECURITY-PROCESS.md: updates docs: extend the URL API descriptions docs: note '--data-urlencode' option DYNBUF.md: note Curl_dyn_add* calls Curl_dyn_free on failure easy: remove infof() debug leftover from curl_easy_recv examples/http3.c: use CURL_HTTP_VERSION_3 ftp: active mode with SSL, add the filter ftp: add more conditions for connection reuse ftp: allocate the wildcard struct on demand ftp: make the EPSV response parser not use sscanf ftp: replace sscanf for MDTM 213 response parsing ftp: replace sscanf for PASV parsing gssapi: align `gss_OID_desc` to silence ld warnings on macOS ventura headers: make curl_easy_header and nextheader return different buffers hostip: avoid sscanf and extra buffer copies http2: fix error handling during parallel operations http2: fix for http2-prior-knowledge when reusing connections http2: fix handling of RST and GOAWAY to recognize partial transfers http2: fix upload busy loop http: don't send 100-continue for short PUT requests http: fix unix domain socket use in https connects http: rewrite the status line parser without sscanf http_proxy: parse the status line without sscanf idn: return error if the conversion ends up with a blank host krb5: avoid sscanf for parsing lib1560: test parsing URLs with ridiculously large fields lib2305: deal with CURLE_AGAIN lib517: verify time stamps without leading zeroes plus some more lib: silence clang/gcc -Wvla warnings in brotli headers lib: skip Curl_llist_destroy calls libcurl-errors.3: add the CURLHcode errors from curl_easy_header.3 libssh2: only set the memory callbacks when debugging libssh2: remove unused variable from libssh2's struct libssh: use dynbuf instead of realloc Makefile.mk: delete redundant `HAVE_LDAP_SSL` macro Makefile.mk: fix -g option in debug mode mqtt: on send error, return error multi: make multi_perform ignore/unignore signals less often multi: remove PENDING + MSGSENT handles from the main linked list ngtcp2-gnutls.yml: bump to gnutls 3.8.0 ngtcp2: fix unwanted close of file descriptor 0 page-footer: add explanation for three missing exit codes parsedate: parse strings without using sscanf() parsedate: replace sscanf( for time stamp parsing quic/schannel: fix compiler warnings rand: use arc4random as fallback when available rate.d: single URLs make no sense in --rate example RELEASE-PROCEDURE.md: update coming release dates rtsp: avoid sscanf for parsing runtests: use a hash table for server port numbers sectransp: fix compiler warning c89 mixed code/declaration sectransp: make read_cert() use a dynbuf when loading secure-transport: fix recv return code handling select: stop treating POLLRDBAND as an error setopt: move the CURLOPT_CHUNK_DATA pointer to the set struct socket: detect "dead" connections better, e.g. not fit for reuse src: silence wmain() warning for all build methods telnet: only accept option arguments in ascii telnet: parse NEW_ENVIRON without sscanf telnet: parse telnet options without sscanf telnet: parse the WS= argument without sscanf test1470: test socks proxy using unix sockets and connect to https test1960: verify CURL_SOCKOPT_ALREADY_CONNECTED test2600: detect when ALARM_TIMEOUT is in use and adjust test422: verify --next used without a prior URL tests/http: add pytest to GHA and improve tests tests: add `cookies` features tests: add timeout, SLOWDOWN and DELAY keywords to tests tests: fix gnutls-serv check tests: fix MSVC unreachable code warnings in unit tests tests: hack to build most unit tests under cmake tests: HTTP server fixups tests: keep cmake unit tests names in sync tests: make CPPFLAGS common to all unit tests tests: make first.c the same for both lib tests and unit tests tests: support for imaps/pop3s/smtps protocols tests: sync option lists in runtests.pl & its man page tests: test secure mail protocols with explicit SSL requests tests: use AM_CPPFILES to modify flags in unit tests tests: use dynamic ports numbers in pytest suite tool: dump headers even if file is write-only tool: improve --stderr handling tool_getparam: don't add a new node for just --no-remote-name tool_getparam: error if --next is used without a prior URL tool_operate: avoid fclose(NULL) on bad header dump file tool_operate: propagate error codes for missing URL after --next tool_progress: shut off progress meter for --silent in parallel tool_writeout_json. fix the output for duplicate header names transfer: limit Windows SO_SNDBUF updates to once a second url: fix cookielist memleak when curl_easy_reset url: fix logic in connection reuse to deny reuse on "unclean" connections url: fix the SSH connection reuse check url: only reuse connections with same GSS delegation url: remove dummy protocol handler urlapi: '%' is illegal in host names urlapi: avoid mutating internals in getter routine urlapi: parse IPv6 literals without ENABLE_IPV6 urlapi: take const args in _dup and _get functions wildcard: remove files and move functions into ftplistparser.c winbuild: fix makefile clean wolfssl: add quic/ngtcp2 detection in cmake, and fix builds wolfSSL: ressurect the BIO `io_result` ws: keep the socket non-blocking x509asn1.c: use correct format specifier for infof() call x509asn1: use plain %x, not %lx, when the arg is an int Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2023-06-15 09:34:12 +00:00
Adolf Belka	4de715dbe2	curl: Update to version 7.88.1 - Update from version 7.87.0 to 7.88.1 - Update of rootfile not required - Patch removed as fix now built into source tarball - Changelog Fixed in 7.88.1 - February 20 2023 Bugfixes: build-openssl.bat: keep OpenSSL 3 engine binaries cmake: fix Windows check for CryptAcquireContext connnect: fix timeout handling to use full duration curl: make --silent work stand-alone curl_setup: Suppress OpenSSL 3 deprecation warnings CURLOPT_WS_OPTIONS.3: fix the availability version GHA: update rustls dependency to 0.9.2 http2: buffer/pausedata and output flush fix. http2: set drain on stream end http: include stdint.h more readily krb5: silence cast-align warning lib1560: add IPv6 canonicalization tests os400: correct Curl_os400_sendto() remote-header-name.d: mention that filename* is not supported runtests: fix "uninitialized value $port" setopt: allow HTTP3 when HTTP2 is not defined socketpair: allow EWOULDBLOCK when reading the pair check bytes socks: allow using DoH to resolve host names tests-httpd: add proxy tests tests: make sure gnuserv-tls has SRP support before using it tests: make the telnet server shut down a socket gracefully tool_getparam: make --get a true boolean tool_operate: allow debug builds to set buffersize urlapi: do the port number extraction without using sscanf() urldata: remove `now` from struct SingleRequest - not needed Fixed in 7.88.0 - February 15 2023 Changes: curl.h: add CURL_HTTP_VERSION_3ONLY share: add sharing of HSTS cache among handles src: add --http3-only tool_operate: share HSTS between handles urlapi: add CURLU_PUNYCODE writeout: add %{certs} and %{num_certs} Bugfixes: cf-socket: fix build when not HAVE_GETPEERNAME cf-socket: keep sockaddr local in the socket filters cfilters:Curl_conn_get_select_socks: use the first non-connected filter CI: add a workflow to automatically label pull requests CI: add pytest GHA to CI test/tests-httpd on a HTTP/3 setup CI: Retry failed downloads to reduce spurious failures CI: update wolfssl / wolfssh to 5.5.4 / 1.4.12 cmake: bump requirement to 3.7 cmake: check for sendmsg cmake: delete redundant macro definition `SECURITY_WIN32` cmake: fix dev warning due to mismatched arg cmake: fix the snprintf detection cmake: remove deprecated symbols check cmake: set SOVERSION also for macOS cmake: use list APPEND syntax for CMAKE_REQUIRED_DEFINITIONS cmdline-opts/Makefile: on error, do not leave a partial CODEOWNERS: remove the peeps mentioned as CI owners connect: fix access of pointer before NULL check connect: fix build when not ENABLE_IPV6 connect: fix strategy testing for attempts, timeouts and happy-eyeball connections: introduce http/3 happy eyeballs content_encoding: do not reset stage counter for each header CONTRIBUTE: More formally specify the commit description cookies: fp is always not NULL copyright.pl: cease doing year verifications copyright: update all copyright lines and remove year ranges curl.1: make help, version and manual sections "custom" curl.h: allow up to 10M buffer size curl.h: mark CURLSSLBACKEND_MESALINK as deprecated curl/websockets.h: extend the websocket frame struct curl: output warning at --verbose output for debug-enabled version curl_free.3: fix return type of `curl_free` curl_global_sslset.3: clarify the openssl situation curl_log: for failf/infof and debug logging implementations curl_setup: Disable by default recv-before-send in Windows curl_version_info.3: fix typo curl_ws_send.3: clarify how to send multi-frame messages CURLOPT_HEADERDATA.3: warn DLL users must set write function CURLOPT_READFUNCTION.3: the callback 'size' arg is always 1 CURLOPT_WRITEFUNCTION.3: fix memory leak in example dict: URL decode the entire path always docs/DEPRECATE.md: deprecate gskit docs: add link to GitHub Discussions docs: mention indirect effects of --insecure docs: POSTFIELDSIZE must be set to -1 with read function doh: ifdef IPv6 code easyoptions: fix header printing in generation script escape: hex decode with a lookup-table escape: use table lookup when adding %-codes to output examples: remove the curlgtk.c example fopen: remove unnecessary assignment ftpserver: lower the DATA connect timeout to speed up torture tests GHA/macos.yml: bump to gcc-12 GHA/macos: use Xcode_14.0.1 for cmake builds GHA: add job on Slackware 15.0 GHA: bump ngtcp2 workflow dependencies GHA: enable websockets in the torture job GHA: move the quiche job here from zuul GHA: use designated ngtcp2 and its dependencies versions haxproxy: send before TLS handhshake header.d: add a header file example hsts.d: explain hsts more hsts: handle adding the same host name again HTTP/[23]: continue upload when state.drain is set http2: aggregate small SETTINGS/PRIO/WIN_UPDATE frames http2: fix compiler warning due to uninitialized variable http2: minor buffer and error path fixes http2: when using printf %.*s, the length arg must be 'int' HTTP3: mention what needs to be in place to remove EXPERIMENTAL label http: add additional condition for including stdint.h http: decode transfer encoding first http: fix "part of conditional expression is always false" http: remove the trace message "Mark bundle... multiuse" http_aws_sigv4: remove typecasts from HMAC_SHA256 macro http_proxy: do not assign data->req.p.http use local copy INSTALL: document how to use multiple TLS backends lib670: make test.h the first include lib: connect/h2/h3 refactor lib: fix typos lib: fix typos in comments which repeat a word libssh2: try sha2 algos for hostkey methods libtest: add a sleep macro for Windows Linux CI: update some dependecies to latest tag Makefile.mk: fix wolfssl and mbedtls default paths man pages: call the custom user pointer 'clientp' consistently md4: fix build with GnuTLS + OpenSSL v1 misc: fix grammar and spelling misc: fix spelling misc: reduce struct and struct field sizes msh3: add support for request payload msh3: update to v0.5 Release msh3: update to v0.6 multi: stop sending empty HTTP/3 UDP datagrams on Windows multihandle: turn bool struct fields into bits ngtcp2: add CURLOPT_SSL_CTX_FUNCTION support for openssl+wolfssl ngtcp2: fix the build without 'sendmsg' ngtcp2: replace removed define and stop using removed function no-clobber.d: only use long form options in man page text noproxy: support for space-separated names is deprecated nss: implement data_pending method openldap: fix missing sasl symbols at build in specific configs openssl: adapt to boringssl's error code type openssl: don't ignore CA paths when using Windows CA store (redux) openssl: don't log raw record headers openssl: make the BIO_METHOD a local variable in the connection filter openssl: only use CA_BLOB if verifying peer openssl: remove attached easy handles from SSL instances openssl: store the CA after first send (ClientHello) os400: fixes to make-lib.sh and initscript.sh packages: remove Android, update README release-notes.pl: check fixes/closes lines better Revert "x509asn1: avoid freeing unallocated pointers" runtest.pl: add expected fourth return value runtests: tear down http2/http3 servers when https server is stopped runtests: consider warnings fatal and error on them runtests: fix detection of TLS backends runtests: make 'mbedtls' a testable feature rustls: improve error messages scripts/delta: show percent of number of files changed since last tag scripts: fix Appveyor job detection in cijobs.pl scripts: set file mode +x on all perl and shell scripts sectransp: fix for incomplete read/writes SECURITY-PROCESS.md: document severity levels setopt: Address undefined behaviour by checking for null setopt: move the SHA256 opt within #ifdef libssh2 setopt: use >, not >=, when checking if uarg is larger than uint-max smb: return error on upload without size socketpair: allow localhost MITM sniffers strdup: name it Curl_strdup system.h: assume OS400 is always built with ILEC compiler test1560: use a UTF8-using locale when run test2304: remove stdout verification tests-httpd: basic infra to run curl against an apache httpd tests: add 3 new HTTP/2 test cases, plus https: support for nghttpx tests: add tests for HTTP/2 and HTTP/3 to verify the header API tests: avoid use of sha1 in certificates tls: fixes for wolfssl + openssl combo builds tool_getparam: fix hiding of command line secrets tool_operate: fix `CURLOPT_SOCKS5_GSSAPI_NEC` type tool_operate: fix error codes during DOS filename sanitize tool_operate: fix error codes on bad URL & OOM tool_operate: fix headerfile writing tool_operate: repair --rate transfer: break the read loop when RECV is cleared typecheck: accept expressions for option/info parameters url: fix part of conditional expression is always true urlapi: avoid Curl_dyn_addf() for hex outputs urlapi: fix part of conditional expression is always true: qlen urlapi: skip path checks if path is just "/" urlapi: skip the extra dedotdot alloc if no dot in path urldata: cease storing TLS auth type urldata: make 'ftp_create_missing_dirs' depend on FTP \|\| SFTP urldata: make set.http200aliases conditional on HTTP being present urldata: move the cookefilelist to the 'set' struct urldata: remove unused struct fields, made more conditional vquic: stabilization and improvements vtls: fix hostname handling in filters vtls: manage current easy handle in nested cfilter calls vtls: use ALPN HTTP/1.0 when HTTP/1.0 is used winbuild: document that arm64 is supported windows: always use curl's basename() implementation wolfssl: remove deprecated post-quantum algorithms workflows/linux.yml: merge 3 common packages write-out.d: add 'since version' to %{header_json} documentation write-out.d: clarify Windows % symbol escaping ws: fix autoping handling ws: fix multiframe send handling ws: fix recv of larger frames ws: remove bad assert ws: unstick connect-only shutdown ws: use %Ou for outputting curl_off_t with info() x509asn1: fix compile errors and warnings zuul: stop using this CI service Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>	2023-03-05 15:09:33 +00:00
Adolf Belka	f5a57a8d6a	curl: Update to version 7.87.0 - Update from version 7.86.0 to 7.87.0 - Update of rootfile - version 7.87.0 changed hoiw it deals with deprecated typecheck expressions. This caused zabbix_agentd build to fail. Curl developers created a commit to fix this in next version release. Added as patch here. Should be able to be removed with next curl update. - Changelog curl and libcurl 7.87.0 This release includes the following changes: o curl: add --url-query [52] o CURLOPT_QUICK_EXIT: don't wait for DNS thread on exit [75] o lib: add CURL_WRITEFUNC_ERROR to signal write callback error [47] o openssl: reduce CA certificate bundle reparsing by caching [11] o version: add a feature names array to curl_version_info_data [67] This release includes the following bugfixes: o altsvc: fix rejection of negative port numbers [144] o aws_sigv4: consult x-%s-content-sha256 for payload hash [102] o aws_sigv4: fix typos in aws_sigv4.c [101] o base64: better alloc size [124] o base64: encode without using snprintf [123] o base64: faster base64 decoding [120] o build: assume assert.h is always available [111] o build: assume errno.h is always available [110] o c-hyper: CONNECT respones are not server responses [137] o c-hyper: fix multi-request mechanism [115] o CI: Change FreeBSD image from 12.3 to 12.4 [108] o CI: LGTM.com will be shut down in December 2022 [112] o ci: Remove zuul fuzzing job as it's superseded by CIFuzz o cmake: check for cross-compile, not for toolchain [54] o CMake: fix build with `CURL_USE_GSSAPI` [78] o cmake: really enable warnings with clang [25] o cmake: set the soname on the shared library [140] o cmdline-opts/gen.pl: fix the linkifier [64] o cmdline-opts/page-footer: remove long option nroff formatting o config-mac: define HAVE_SYS_IOCTL_H [107] o config-mac: fix typo: size_T -> size_t [125] o config-mac: remove HAVE_SYS_SELECT_H [116] o config-win32: fix SIZEOF_OFF_T for MSVC and old MinGW [41] o configure: require fork for NTLM-WB [36] o contributors.sh: actually use $CURLWWW instead of just setting it [129] o cookie: compare cookie prefixes case insensitively [14] o cookie: expire cookies at once when max-age is negative [45] o cookie: open cookie jar as a binary file [89] o curl-openssl.m4: do not add $prefix/include/openssl to CPPFLAGS [90] o curl-rustls.m4: on macOS, rustls also needs the Security framework [44] o curl.h: include <sys/select.h> on SerenityOS [104] o curl.h: name all public function parameters [118] o curl.h: reword comment to not use deprecated option [132] o curl: override the numeric locale and set "C" by force [60] o curl: timeout in the read callback [15] o curl_endian: remove Curl_write64_le from header [81] o curl_get_line: allow last line without newline char [88] o curl_path: do not add '/' if homedir ends with one [4] o curl_url_get.3: remove spurious backtick [127] o curl_url_set.3: document CURLU_DISALLOW_USER [139] o curl_url_set.3: fix typo [148] o CURLMOPT_SOCKETFUNCTION.3: clarify CURL_POLL_REMOVE [1] o CURLOPT_COOKIEFILE.3: advice => advise [131] o CURLOPT_DEBUGFUNCTION.3: do not assume nul-termination in example [31] o CURLOPT_DEBUGFUNCTION.3: emphasize that incoming data is "raw" [130] o CURLOPT_POST.3: Explain setting to 0 changes request type [61] o docs/curl_ws_send: Fixed typo in websocket docs [114] o docs/EARLY-RELEASE.md: how to determine an early release [37] o docs/examples: spell correction ('Retrieve') [119] o docs/INSTALL.md: expand on static builds [62] o docs/WEBSOCKET.md: explain the URL use [71] o docs: add missing parameters for --retry flag [2] o docs: add more "SEE ALSO" links to CA related pages [82] o docs: explain the noproxy CIDR notation support [17] o docs: extend the dump-header documentation [150] o docs: remove performance note in CURLOPT_SSL_VERIFYPEER [13] o examples/10-at-a-time: fix possible skipped final transfers [85] o examples: update descriptions [83] o ftp: support growing files with CURLOPT_IGNORE_CONTENT_LENGTH [96] o gen.pl: do not generate CURLHELP bitmask lines > 79 characters [10] o GHA: clarify workflows permissions, set least possible privilege [79] o GHA: NSS use clang instead of clang-9 [103] o gnutls: use common gnutls init and verify code for ngtcp2 [98] o headers: add endif comments [51] o HTTP-COOKIES.md: mention that http://localhost is a secure context [76] o HTTP-COOKIES.md: update the 6265bis link to draft-11 [70] o http: do not send PROXY more than once [46] o http: fix the ::1 comparison for IPv6 localhost for cookies [155] o http: set 'this_is_a_follow' in the Location: logic [40] o http: use the IDN decoded name in HSTS checks [154] o hyper: classify headers as CONNECT and 1XX [56] o hyper: fix handling of hyper_task's when reusing the same address [33] o idn: remove Curl_win32_ascii_to_idn [153] o INSTALL: update operating systems and CPU archs [91] o KNOWN_BUGS: remove eight entries [50] o lib1560: add some basic IDN host name tests [151] o lib: connection filters (cfilter) addition to curl: [43] o lib: feature deprecation warnings in gcc >= 4.3 [58] o lib: fix some type mismatches and remove unneeded typecasts [12] o lib: parse numbers with fixed known base 10 [77] o lib: remove bad set.opt_no_body assignments [42] o lib: rewind BEFORE request instead of AFTER previous [65] o lib: sync guard for Curl_getaddrinfo_ex() definition and use [6] o lib: use size_t or int etc instead of longs [145] o libcurl-errors.3: remove duplicate word [3] o libssh2: return error when ssh_hostkeyfunc returns error [121] o limit-rate.d: see also --rate o log2changes.pl: wrap long lines at 80 columns [59] o Makefile.mk: address minor issues [87] o Makefile.mk: improve a GNU Make hack [122] o Makefile.mk: portable Makefile.m32 [86] o maketgz: set the right version in lib/libcurl.plist [53] o mime: relax easy/mime structures binding [94] o misc: Fix incorrect spelling [113] o misc: remove duplicated include files [28] o misc: typo and grammar fixes [23] o negtelnetserver.py: have it call its close() method [68] o netrc.d: provide mutext info [63] o netware: remove leftover traces [80] o noproxy: also match with adjacent comma [19] o noproxy: guard against empty hostnames in noproxy check [136] o noproxy: tailmatch like in 7.85.0 and earlier [35] o nroff-scan.pl: detect double highlights o ntlm: improve comment for encrypt_des [55] o ntlm: silence ubsan warning about copying from null target_info pointer [69] o openssl/mbedtls: use %d for outputing port with failf (int) [72] o openssl: prefix errors with '[lib]/[version]: ' [105] o os400: use platform socklen_t in Curl_getnameinfo_a [18] o page-header: grammar improvement (display transfer rate) [126] o proxy: refactor haproxy protocol handling as connection filter [57] o README.md: remove badges and xmas-tree garnish [9] o rtsp: fix RTSP auth [49] o runtests: --no-debuginfod now disables DEBUGINFOD_URLS [100] o runtests: do CRLF replacements per section only [97] o scripts/checksrc.pl: detect duplicated include files [29] o sendf: change Curl_read_plain to wrap Curl_recv_plain [48] o sendf: remove unnecessary if condition [26] o setup: do not require __MRC__ defined for Mac OS 9 builds [117] o smb/telnet: do not free the protocol struct in *_done() [152] o socks: fix username max size is 255 (0xFF) [146] o spellcheck.words: remove 'github' as an accepted word [22] o ssl-reqd.d: clarify that this is for upgrading connections only [138] o strcase: use curl_str(n)equal for case insensitive matches [8] o styled-output.d: this option does not work on Windows [93] o system.h: fix socklen_t, curl_off_t, long long for Classic Mac OS [133] o system.h: support 64-bit curl_off_t for NonStop 32-bit [21] o test1421: fix typo [109] o test3026: reduce runtime in legacy mingw builds [73] o tests/sshserver.pl: re-enable ssh-rsa while using openssh 8.8+ o tests: add authorityInfoAccess to generated certs [99] o tests: add HTTP/3 test case, custom location for proper nghttpx [106] o tls: backends use connection filters for IO, enabling HTTPS-proxy [92] o tool: determine the correct fopen option for -D [95] o tool_cfgable: free the ssl_ec_curves on exit [142] o tool_cfgable: make socks5_gssapi_nec a boolean [128] o tool_formparse: avoid clobbering on function params [135] o tool_getparam: make --no-get work as the opposite of --get [39] o tool_operate: provide better errmsg for -G with bad URL [16] o tool_operate: when aborting, make sure there is a non-NULL error buffer [20] o tool_paramhlp: free the proto strings on exit [141] o url: move back the IDN conversion of proxy names [74] o urlapi: reject more bad letters from the host name: &+() [143] o urldata: change port num storage to int and unsigned short [66] o vms: remove SIZEOF_SHORT [134] o vtls: fix build without proxy support [38] o vtls: localization of state data in filters [84] o WEBSOCKET.md: fix broken link [30] o Websocket: fixes for partial frames and buffer updates [7] o websockets: fix handling of partial frames [32] o windows: fail early with a missing windres in autotools [5] o windows: fix linking .rc to shared curl with autotools [24] o winidn: drop WANT_IDN_PROTOTYPES [27] o ws: if no connection is around, return error [149] o ws: return CURLE_NOT_BUILT_IN when websockets not built in [34] o x509asn1: avoid freeing unallocated pointers [147] Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>	2022-12-29 11:23:41 +00:00
Adolf Belka	8cb2214c3a	curl: Update to version 7.86.0 - Update from version 7.84.0 to 7.86.0 - Update of rootfile - curl-7.84.0-easy_lock_h_include_sched_h_if_available_to_fix_build.patch removed as this is now built into the source tarball version - Changelog - is too large to inclkude here. The details can be found in the RELEASE_NOTES file in the source tarballs. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>	2022-11-25 11:55:48 +00:00
Peter Müller	3890da81da	curl: Fix build on armv6l https://github.com/curl/curl/pull/9054 Signed-off-by: Peter Müller <peter.mueller@ipfire.org>	2022-09-15 19:36:29 +00:00
Adolf Belka	a0cd3eb0f0	curl: Update to version 7.84.0 - Update from version 7.83.1 to 7.84.0 - Update of rootfile - Changelog 7.84.0 - June 27 2022 Changes: curl: add --rate to set max request rate per time unit curl: deprecate --random-file and --egd-file curl_version_info: add CURL_VERSION_THREADSAFE CURLINFO_CAPATH/CAINFO: get the default CA paths from libcurl lib: make curl_global_init() threadsafe when possible libssh2: add CURLOPT_SSH_HOSTKEYFUNCTION opts: deprecate RANDOM_FILE and EGDSOCKET socks: support unix sockets for socks proxy Bugfixes: aws-sigv4: fix potentional NULL pointer arithmetic bindlocal: don't use a random port if port number would wrap c-hyper: mark status line as status for Curl_client_write() ci: avoid `cmake -Hpath` CI: bump FreeBSD 13.0 to 13.1 ci: update github actions cmake: add libpsl support cmake: do not add libcurl.rc to the static libcurl library cmake: enable curl.rc for all Windows targets cmake: fix detecting libidn2 cmake: support adding a suffix to the OS value configure: skip libidn2 detection when winidn is used configure: use the SED value to invoke sed configure: warn about rustls being experimental content_encoding: return error on too many compression steps cookie: address secure domain overlay cookie: apply limits copyright.pl: parse and use .reuse/dep5 for skips copyright: make repository REUSE compliant curl.1: add a few see also --tls-max curl.1: mention exit code zero too curl: re-enable --no-remote-name curl_easy_pause.3: remove explanation of progress function curl_getdate.3: document that some illegal dates pass through Curl_parsenetrc: don't access local pwbuf outside of scope curl_url_set.3: clarify by default using known schemes only CURLOPT_ALTSVC.3: document the file format CURLOPT_FILETIME.3: fix the protocols this works with CURLOPT_HTTPHEADER.3: improve comment in example CURLOPT_NETRC.3: document the .netrc file format CURLOPT_PORT.3: We discourage using this option CURLOPT_RANGE.3: remove ranged upload advice digest: added detection of more syntax error in server headers digest: tolerate missing "realm" digest: unquote realm and nonce before processing DISABLED: disable 1021 for hyper again docs/cmdline-opts: add copyright and license identifier to each file docs/CONTRIBUTE.md: document the 'needs-votes' concept docs: clarify data replacement policy for MIME API doh: remove UNITTEST macro definition examples/crawler.c: use the curl license examples: remove fopen.c and rtsp.c FAQ: Clarify Windows double quote usage fopen: add Curl_fopen() for better overwriting of files ftp: restore protocol state after http proxy CONNECT ftp: when failing to do a secure GSSAPI login, fail hard GHA/hyper: enable debug in the build gssapi: improve handling of errors from gss_display_status gssapi: initialize gss_buffer_desc strings headers api: remove EXPERIMENTAL tag http2: always debug print stream id in decimal with %u http2: reject overly many push-promise headers http: restore header folding behavior hyper: use 'alt-used' krb5: return error properly on decode errors lib: make more protocol specific struct fields #ifdefed libcurl-security.3: add "Secrets in memory" libcurl-security.3: document CRLF header injection libssh: skip the fake-close when libssh does the right thing links: update dead links to the curl-wiki log2changes: do not indent empty lines [ci skip] macos9: remove partial support Makefile.am: fix portability issues Makefile.m32: delete obsolete options, improve -On [ci skip] Makefile.m32: delete two obsolete OpenSSL options [ci skip] Makefile.m32: stop forcing XP target with ipv6 enabled [ci skip] max-time.d: clarify max-time sets max transfer time mprintf: ignore clang non-literal format string netrc: check %USERPROFILE% as well on Windows netrc: support quoted strings ngtcp2: allow curl to send larger UDP datagrams ngtcp2: correct use of ngtcp2 and nghttp3 signed integer types ngtcp2: enable Linux GSO ngtcp2: extend QUIC transport parameters buffer ngtcp2: fix alert_read_func return value ngtcp2: fix typo in preprocessor condition ngtcp2: handle error from ngtcp2_conn_submit_crypto_data ngtcp2: send appropriate connection close error code ngtcp2: support boringssl crypto backend ngtcp2: use helper funcs to simplify TLS handshake integration ntlm: provide a fixed fake host name projects: fix third-party SSL library build paths for Visual Studio quic: add Curl_quic_idle quiche: support ca-fallback rand: stop detecting /dev/urandom in cross-builds remote-name.d: mention --output-dir runtests.pl: add the --repeat parameter to the --help output runtests: fix skipping tests not done event-based runtests: skip starting the ssh server if user name is lacking scripts/copyright.pl: fix the exclusion to not ignore man pages sectransp: check for a function defined when __BLOCKS__ is undefined select: return error from "lethal" poll/select errors server/sws: support spaces in the HTTP request path speed-limit/time.d: mention these affect transfers in either direction strcase: some optimisations test 2081: add a valid reply for the second request test 675: add missing CR so the test passes when run through Privoxy test414: add the '--resolve' keyword test681: verify --no-remote-name tests 266, 116 and 1540: add a small write delay tests/data/test1501: kill ftp server after slow LIST response tests/getpart: fix getpartattr to work with "data" and "data2" tests/server/sws.c: change the HTTP writedelay unit to milliseconds test{440,441,493,977}: add "HTTP proxy" keywords tool_getparam: fix --parallel-max maximum value constraint tool_operate: make sure --fail-with-body works with --retry transfer: fix potential NULL pointer dereference transfer: maintain --path-as-is after redirects transfer: upload performance; avoid tiny send url: free old conn better on reuse url: remove redundant #ifdefs in allocate_conn() url: URL encode the path when extracted, if spaces were set urlapi: make curl_url_set(url, CURLUPART_URL, NULL, 0) clear all parts urlapi: support CURLU_URLENCODE for curl_url_get() urldata: reduce size of a few struct fields urldata: remove three unused booleans from struct UserDefined urldata: store tcp_keepidle and tcp_keepintvl as ints version: allow stricmp() for sorting the feature list vtls: make curl_global_sslset thread-safe wolfssh.h: removed wolfssl: correct the failf() message when a handle can't be made wolfSSL: explicitly use compatibility layer x509asn1: mark msnprintf return as unchecked Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>	2022-09-11 08:50:39 +00:00
Adolf Belka	247d9e685e	curl: Update to version 7.83.1 - Update from version 7.83.0 to 7.83.1 - Update of rootfile not required - Changelog version 7.83.1 This release includes the following bugfixes: o altsvc: fix host name matching for trailing dots [31] o cirrus: Update to FreeBSD 12.3 [24] o cirrus: Use pip for Python packages on FreeBSD [23] o conn: fix typo 'connnection' -> 'connection' in two function names [1] o cookies: make bad_domain() not consider a trailing dot fine [26] o curl: free resource in error path [3] o curl: guard against size_t wraparound in no-clobber code [4] o CURLOPT_DOH_URL.3: mention the known bug [19] o CURLOPT_HSTS*FUNCTION.3: document the involved structs as well [20] o CURLOPT_SSH_AUTH_TYPES.3: fix the default [18] o data/test376: set a proper name o GHA/mbedtls: enabled nghttp2 in the build [11] o gha: build msh3 [5] o gskit: fixed bogus setsockopt calls [17] o gskit: remove unused function set_callback [2] o hsts: ignore trailing dots when comparing hosts names [28] o HTTP-COOKIES: add missing CURLOPT_COOKIESESSION [40] o http: move Curl_allow_auth_to_host() [9] o http_proxy/hyper: handle closed connections [34] o hyper: fix test 357 [32] o Makefile: fix "make ca-firefox" [37] o mbedtls: bail out if rng init fails [14] o mbedtls: fix compile when h2-enabled [12] o mbedtls: fix some error messages o misc: use "autoreconf -fi" instead buildconf [22] o msh3: get msh3 version from MsH3Version [6] o msh3: print boolean value as text representation [10] o msh3: psss remote_port to MsH3ConnectionOpen [7] o ngtcp2: add ca-fallback support for OpenSSL backend [35] o nss: return error if seemingly stuck in a cert loop [30] o openssl: define HAVE_SSL_CTX_SET_EC_CURVES for libressl [8] o post_per_transfer: remove the updated file name [27] o sectransp: bail out if SSLSetPeerDomainName fails [33] o tests/server: declare variable 'reqlogfile' static [39] o tests: fix markdown formatting in README [38] o test{898,974,976}: add 'HTTP proxy' keywords [16] o tls: check more TLS details for connection reuse [25] o url: check SSH config match on connection reuse [21] o urlapi: address (harmless) UndefinedBehavior sanitizer warning [15] o urlapi: reject percent-decoding host name into separator bytes [29] o x509asn1: make do_pubkey handle EC public keys [13] Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>	2022-05-30 19:10:46 +00:00
Adolf Belka	f61ced49e9	curl: Update to version 7.83.0 - Update from 7.82.0 to 7.83.0 - Update of rootfile - Changelog 7.83.0 Changes: o curl: add %header{name} experimental support in -w handling o curl: add %{header_json} experimental support in -w handling o curl: add --no-clobber [28] o curl: add --remove-on-error [11] o header api: add curl_easy_header and curl_easy_nextheader [56] o msh3: add support for QUIC and HTTP/3 using msh3 [84] Bugfixes: o appveyor: add Cygwin build [77] o appveyor: only add MSYS2 to PATH where required [78] o BearSSL: add CURLOPT_SSL_CIPHER_LIST support [27] o BearSSL: add CURLOPT_SSL_CTX_FUNCTION support [26] o BINDINGS.md: add Hollywood binding [34] o CI: Do not use buildconf. Instead, just use: autoreconf -fi [42] o CI: install Python package impacket to run SMB test 1451 [5] o configure.ac: move -pthread CFLAGS setting back where it used to be [14] o configure: bump the copyright year range int the generated output o conncache: include the zone id in the "bundle" hashkey [112] o connecache: remove duplicate connc->closure_handle check [90] o connect: make Curl_getconnectinfo work with conn cache from share handle [22] o connect: use TCP_KEEPALIVE only if TCP_KEEPIDLE is not defined [6] o cookie.d: clarify when cookies are sent o cookies: improve errorhandling for reading cookiefile [123] o curl/system.h: update ifdef condition for MCST-LCC compiler [4] o curl: error out if -T and -d are used for the same URL [99] o curl: error out when options need features not present in libcurl [18] o curl: escape '?' in generated --libcurl code [117] o curl: fix segmentation fault for empty output file names. [60] o curl_easy_header: fix typos in documentation [74] o CURLINFO_PRIMARY_PORT.3: clarify which port this is [126] o CURLOPTTLSAUTH.3: they only work with OpenSSL or GnuTLS [105] o CURLOPT_DISALLOW_USERNAME_IN_URL.3: use uppercase URL o CURLOPT_PREQUOTE.3: only works for FTP file transfers, not dirs [79] o CURLOPT_PROGRESSFUNCTION.3: fix typo in example [63] o CURLOPT_UNRESTRICTED_AUTH.3: extended explanation [127] o CURLSHOPT_UNLOCKFUNC.3: fix the callback prototype [9] o docs/HYPER.md: updated to reflect current hyper build needs o docs/opts: Mention Schannel client cert type is P12 [50] o docs: Fix missing semicolon in example code [102] o docs: lots of minor language polish [51] o English: use American spelling consistently [95] o fail.d: tweak the description [101] o firefox-db2pem.sh: make the shell script safer [47] o ftp: fix error message for partial file upload [61] o gen.pl: change wording for mutexed options [98] o GHA: add openssl3 jobs moved over from zuul [88] o GHA: build hyper with nightly rustc [7] o GHA: move bearssl jobs over from zuul [85] o gha: move the event-based test over from Zuul [59] o gtls: fix build for disabled TLS-SRP [48] o http2: handle DONE called for the paused stream [69] o http2: RST the stream if we stop it on our own will [67] o http: avoid auth/cookie on redirects same host diff port [110] o http: close the stream (not connection) on time condition abort [68] o http: reject header contents with nul bytes [41] o http: return error on colon-less HTTP headers [31] o http: streamclose "already downloaded" [57] o hyper: fix status_line() return code [13] o hyper: fix tests 580 and 581 for hyper [107] o hyper: no h2c support [33] o infof: consistent capitalization of warning messages [103] o ipv4/6.d: clarify that they are about using IP addresses [3] o json.d: fix typo (overriden -> overridden) [24] o keepalive-time.d: It takes many probes to detect brokenness [29] o lib/warnless.[ch]: only check for WIN32 and ignore _WIN32 [45] o lib670: avoid double check result [71] o lib: #ifdef on USE_HTTP2 better [65] o lib: fix some misuse of curlx_convert_wchar_to_UTF8 [38] o lib: remove exclamation marks [100] o libssh2: compare sha256 strings case sensitively [114] o libssh2: make the md5 comparison fail if wrong length [111] o libssh: fix build with old libssh versions [12] o libssh: fix double close [124] o libssh: Improve fix for missing SSH_S_ stat macros [10] o libssh: unstick SFTP transfers when done event-based [58] o macos: set .plist version in autoconf [122] o mbedtls: remove 'protocols' array from backend when ALPN is not used [66] o mbedtls: remove server_fd from backend [91] o mk-ca-bundle.pl: Use stricter logic to process the certificates [39] o mk-ca-bundle.vbs: delete this script in favor of mk-ca-bundle.pl [8] o mlc_config.json: add file to ignore known troublesome URLs [35] o mqtt: better handling of TCP disconnect mid-message [55] o ngtcp2: add client certificate authentication for OpenSSL [15] o ngtcp2: avoid busy loop in low CWND situation [119] o ngtcp2: deal with sub-millisecond timeout [116] o ngtcp2: disconnect the QUIC connection proper [19] o ngtcp2: enlarge H3_SEND_SIZE [82] o ngtcp2: fix HTTP/3 upload stall and avoid busy loop [83] o ngtcp2: fix memory leak [80] o ngtcp2: fix QUIC_IDLE_TIMEOUT [94] o ngtcp2: make curl 1ms faster [93] o ngtcp2: remove remote_addr which is not used in a meaningful way [81] o ngtcp2: update to work after recent ngtcp2 updates [62] o ngtcp2: use token when detecting :status header field [92] o nonblock: restore setsockopt method to curlx_nonblock [20] o openssl: check SSL_get_peer_cert_chain return value [1] o openssl: enable CURLOPT_SSL_EC_CURVES with BoringSSL [23] o openssl: fix CN check error code [21] o options: remove mistaken space before paren in prototype o perl: removed a double semicolon at end of line [64] o pop3/smtp: return WEIRD_SERVER_REPLY when not understood [43] o projects/README: converted to markdown [76] o projects: Update VC version names for VS2017, VS2022 [52] o rtsp: don't let CSeq error override earlier errors [37] o runtests: add 'bearssl' as testable feature [87] o runtests: make 'oldlibssh' be before 0.9.4 [2] o schannel: remove dead code that will never run [89] o scripts/copyright.pl: ignore the new mlc_config.json file o scripts: move three scripts from lib/ to scripts/ [44] o test1135: sync with recent API updates [54] o test1459: disable for oldlibssh [53] o test375: fix line endings on Windows [40] o test386: Fix an incorrect test markup tag o test718: edited slightly to return better HTTP [32] o tests/server/util.h: align WIN32 condition with util.c [46] o tests: refactor server/socksd.c to support --unix-socket [96] o timediff.[ch]: add curlx helper functions for timeval conversions [86] o tls: make mbedtls and NSS check for h2, not nghttp2 [70] o tool and tests: force flush of all buffers at end of program [17] o tool_cb_hdr: Turn the Location: into a terminal hyperlink [30] o tool_getparam: error out on missing -K file [115] o tool_listhelp.c: uppercase URL o tool_operate: fix a scan-build warning [16] o tool_paramhlp: use feof(3) to identify EOF correctly when using fread(3) [97] o transfer: redirects to other protocols or ports clear auth [109] o unit1620: call global_init before calling Curl_open [125] o url: check sasl additional parameters for connection reuse. [113] o vtls: provide a unified APLN-disagree string for all backends [75] o vtls: use a backend standard message for "ALPN: offers %s" [73] o vtls: use a generic "ALPN, server accepted" message [72] o winbuild/README.md: fixup dead link [36] o winbuild: Add a Visual Studio example to the README [49] o wolfssl: fix compiler error without IPv6 [25] Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>	2022-05-01 08:35:05 +00:00
Adolf Belka	ae4451a4c8	curl: Update to version 7.82.0 - Update from 7.81.0 to 7.82.0 - Update of rootfile not required - Changelog Versionl 7.82.0 This release includes the following changes: o curl: add --json [67] o mesalink: remove support [23] This release includes the following bugfixes: o appveyor: update images from VS 2019 to 2022 o appveyor: use VS 2017 image for the autotools builds o azure-pipelines: add a build on Windows with libssh [154] o bearssl: fix connect error on expired cert and no verify [132] o bearssl: fix EXC_BAD_ACCESS on incomplete CA cert [131] o bearssl: fix session resumption (session id) [133] o build: enable -Warith-conversion o build: fix -Wenum-conversion handling o build: fix ngtcp2 crypto library detection [63] o checkprefix: remove strlen calls [128] o checksrc: fix typo in comment [34] o CI: move 'distcheck' job from zuul to azure pipelines [60] o CI: move scan-build job from Zuul to Azure Pipelines [59] o CI: move the NSS job from zuul to GHA [84] o ci: move the OpenSSL + c-ares job from Zuul to Circle CI [75] o CI: move the rustls CI job to GHA from Zuul [8] o CI: move two jobs from Zuul to Circle CI [73] o CI: test building wolfssl with --enable-opensslextra [42] o CI: workflows/wolfssl: install impacket [47] o circleci: add a job using libssh [121] o cirlceci: also run a c-ares job on arm with debug enabled [74] o cmake: fix iOS CMake project generation error [13] o cmdline-opts/gen.pl: fix option matching to improve references [50] o config.d: Clarify _curlrc filename is still valid on Windows [95] o configure.ac: use user-specified gssapi dir when using pkg-config [136] o configure: change output for cross-compiled alt-svc support [140] o configure: fix '--enable-code-coverage' typo [110] o configure: remove support for "embedded ares" [82] o configure: requires --with-nss-deprecated to build with NSS [114] o configure: set CURL_LIBRARY_PATH for nghttp2 [58] o configure: support specification of a nghttp2 library path [101] o configure: use correct CFLAGS for threaded resolver with xlC on AIX [54] o curl tool: erase some more sensitive command line arguments [22] o curl-functions.m4: fix LIBRARY_PATH adjustment to avoid eval [5] o curl-functions.m4: revert DYLD_LIBRARY_PATH tricks in CURL_RUN_IFELSE [9] o curl-openssl: fix SRP check for OpenSSL 3.0 [86] o curl-openssl: remove the OpenSSL headers and library versions check [35] o curl.h: fix typo [129] o curl: remove "separators" (when using globbed URLs) [32] o curl_getdate.3: remove pointless .PP line [68] o curl_multi_socket.3: remove callback and typical usage descriptions [7] o curl_url_set.3: mention when CURLU_ALLOW_SPACE was added o CURLMOPT_TIMERFUNCTION/DATA.3: fix the examples [27] o CURLOPT_PROGRESSFUNCTION.3: fix example struct assignment [147] o CURLOPT_RESOLVE.3: change example port to 443 o CURLOPT_XFERINFOFUNCTION.3: fix example struct assignment [153] o CURLOPT_XFERINFOFUNCTION.3: fix typo in example [81] o CURLSHOPT_LOCKFUNC.3: fix typo "relased" -> "released" [71] o des: fix compile break for OpenSSL without DES [141] o docs/cmdline-opts: add "mutexed" options for more http versions [25] o docs/DEPRECATE: remove NPN support in August 2022 [64] o docs: capitalize the name 'Netscape' [77] o docs: document HTTP/2 not insisting on TLS 1.2 [49] o docs: fix mandoc -T lint formatting complaints [2] o docs: update IETF links to use datatracker [41] o examples/curlx: support building with OpenSSL 1.1.0+ [148] o examples/multi-app.c: call curl_multi_remove_handle as well [19] o formdata: avoid size_t => long typecast overflows [37] o ftp: provide error message for control bytes in path [66] o gen.pl: terminate "example" sections better [4] o gha: add a macOS CI job with libssh [142] o gskit: Convert to using Curl_poll [111] o gskit: Fix errors from Curl_strerror refactor [113] o gskit: Fix initialization of Curl_ssl_gskit struct [112] o h2/h3: allow CURLOPT_HTTPHEADER change ":scheme" [88] o hostcheck: fixed to not touch used input strings [38] o hostcheck: reduce strlen calls on chained certificates [92] o hostip: avoid unused parameter error in Curl_resolv_check [144] o http2: move two infof calls to debug-h2-only [145] o http: make Curl_compareheader() take string length arguments too [87] o if2ip: make Curl_ipv6_scope a blank macro when IPv6-disabled [104] o KNOWN_BUGS: fix typo "libpsl" o ldap: return CURLE_URL_MALFORMAT for bad URL [24] o lib: remove support for CURL_DOES_CONVERSIONS [96] o libssh2: don't typecast socket to int for libssh2_session_handshake [151] o libssh: fix include files and defines use for Windows builds [156] o Makefile.am: Generate VS 2022 projects o maketgz: return error if 'make dist' fails [79] o mbedtls: enable use of mbedtls without CRL support [57] o mbedtls: enable use of mbedtls without filesystem functions support [100] o mbedtls: fix CURLOPT_SSLCERT_BLOB (again) o mbedtls: fix ssl_init error with mbedTLS 3.1.0+ [12] o mbedtls: remove #include <mbedtls/certs.h> [56] o mbedtls: return CURLcode result instead of a mbedtls error code [1] o md5: check md5_init_func return value o mime: use a define instead of the magic number 24 [89] o misc: allow curl to build with wolfssl --enable-opensslextra [43] o misc: remove BeOS code and references [30] o misc: remove the final watcom references [29] o misc: remove unused data when IPv6 is not supported [80] o mqtt: free 'sendleftovers' in disconnect [115] o mqtt: free any send leftover data when done [36] o multi: allow user callbacks to call curl_multi_assign [126] o multi: grammar fix in comment [69] o multi: remember connection_id before returning connection to pool [76] o multi: set in_callback for multi interface callbacks [28] o netware: remove support [72] o next.d. remove .fi/.nf as they are handled by gen.pl [3] o ngtcp2: adapt to changed end of headers callback proto [39] o ngtcp2: fix declaration of ‘result’ shadows a previous local [14] o ngtcp2: Reset dynbuf when it is fully drained [143] o nss: handshake callback during shutdown has no conn->bundle [55] o ntlm: remove unused feature defines [117] o openldap: fix compiler warning when built without SSL support [70] o openldap: implement SASL authentication [16] o openldap: pass string length arguments to client_write() [116] o openssl.h: avoid including OpenSSL headers here [15] o openssl: check if sessionid flag is enabled before retrieving session [125] o openssl: check SSL_get_ex_data to prevent potential NULL dereference [40] o openssl: check the return value of BIO_new_mem_buf() [18] o openssl: fix `ctx_option_t` for OpenSSL v3+ o openssl: fix build for version < 1.1.0 [134] o openssl: return error if TLS 1.3 is requested when not supported [45] o os400: Add function wrapper for system command [138] o os400: Add link to QADRT devkit to README.OS400 [137] o os400: Default build to target current release [139] o OS400: fix typos in rpg include file [149] o projects: add support for Visual Studio 17 (2022) [124] o projects: fix Visual Studio wolfSSL configurations o projects: remove support for MSVC before VC10 (Visual Studio 2010) [123] o quiche: after leaving h3_recving state, poll again [108] o quiche: change qlog file extension to `.sqlog` [44] o quiche: fix upload for bigger content-length [146] o quiche: handle stream reset [83] o quiche: remove two leftover debug infof() outputs o quiche: verify the server cert on connect [33] o quiche: when *recv_body() returns data, drain it before polling again [109] o README.md: fix links [118] o remote-header-name.d: clarify [10] o runtests.pl: disable debuginfod [51] o runtests.pl: properly print the test if it contains binary zeros o runtests.pl: support the nonewline attribute for the data part [21] o runtests.pl: tolerate test directories without Makefile.inc [98] o runtests: allow client/file to specify multiple directories o runtests: make 'rustls' a testable feature o runtests: make 'wolfssl' a testable feature [6] o runtests: set 'oldlibssh' for libssh versions before 0.9.5 [122] o rustls: add CURLOPT_CAINFO_BLOB support [26] o schannel: move the algIds array out of schannel.h [135] o scripts/cijobs.pl: output data about all currect CI jobs [78] o scripts/completion.pl: improve zsh completion [46] o scripts/copyright.pl: support many provided file names on the cmdline o scripts/delta: check the file delta for current branch o sectransp: mark a 3DES cipher as weak [130] o setopt: do bounds-check before strdup [99] o setopt: fix the TLSAUTH #ifdefs for proxy-disabled builds [53] o sha256: Fix minimum OpenSSL version [102] o smb: pass socket for writing and reading data instead of FIRSTSOCKET [90] o ssl: reduce allocated space for ssl backend when FTP is disabled [127] o test3021: disable all msys2 path transformation o test374: gif data without new line at the end [20] o tests/disable-scan.pl: properly detect multiple symbols per line [94] o tests/unit/Makefile.am: add NSS_LIBS to build with NSS fine [85] o tool_findfile: check ~/.config/curlrc too [17] o tool_getparam: DNS options that need c-ares now fail without it [31] o TPF: drop support [97] o unit1610: init SSL library before calling SHA256 functions [152] o url: exclude zonefrom_url when no ipv6 is available [103] o url: given a user in the URL, find pwd for that user in netrc [11] o url: keep trailing dot in host name [62] o url: make Curl_disconnect return void [48] o urlapi: handle "redirects" smarter [119] o urldata: CONN_IS_PROXIED replaces bits.proxy when proxy can be disabled [52] o urldata: remove conn->bits.user_passwd [105] o version_win32: fix warning for `CURL_WINDOWS_APP` [93] o vtls: fix socket check conditions [150] o vtls: pass on the right SNI name [61] o vxworks: drop support [65] o winbuild: add parameter WITH_SSH [120] o wolfssl: return CURLE_AGAIN for the SSL_ERROR_NONE case [106] o wolfssl: when SSL_read() returns zero, check the error [107] o write-out.d: Fix num_headers formatting o x509asn1: toggle off functions not needed for diff tls backends [91] Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>	2022-04-06 17:14:06 +00:00
Peter Müller	9a7e4d8506	Switch checksums from MD5 to BLAKE2 Historically, the MD5 checksums in our LFS files serve as a protection against broken downloads, or accidentally corrupted source files. While the sources are nowadays downloaded via HTTPS, it make sense to beef up integrity protection for them, since transparently intercepting TLS is believed to be feasible for more powerful actors, and the state of the public PKI ecosystem is clearly not helping. Therefore, this patch switches from MD5 to BLAKE2, updating all LFS files as well as make.sh to deal with this checksum algorithm. BLAKE2 is notably faster (and more secure) than SHA2, so the performance penalty introduced by this patch is negligible, if noticeable at all. In preparation of this patch, the toolchain files currently used have been supplied with BLAKE2 checksums as well on https://source.ipfire.org/. Cc: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Acked-by: Michael Tremer <michael.tremeripfire.org>	2022-04-02 14:19:25 +00:00
Adolf Belka	593adc77a7	curl: Update to version 7.81.0 - Update from 7.80.0 to 7.81.0 - Update of rootfile - Changelog 7.81.0 This release includes the following changes: o mime: use percent-escaping for multipart form field and file names [1] This release includes the following bugfixes: o asyn-ares: ares_getaddrinfo needs no happy eyeballs timer [73] o azure: make the "w/o HTTP/SMTP/IMAP" build disable SSL proper [12] o BINDINGS: add cURL client for PostgreSQL [68] o BINDINGS: add one from Everything curl and update a link o checksrc: detect more kinds of NULL comparisons we avoid [105] o CI: build examples for additional code verification [75] o CI: bump job to use mbedtls 3.1.0 [90] o cmake: don't set _USRDLL on a static Windows build [22] o cmake: prevent dev warning due to mismatched arg [94] o cmake: private identifiers use CURL_ instead of CMAKE_ prefix [40] o config.d: update documentation to match the path search o configure: add -lm to configure for rustls build. [13] o configure: better diagnostics if hyper is built wrong [6] o configure: don't enable TLS when --without-* flags are used [17] o configure: fix runtime-lib detection on macOS [21] o curl.1: require "see also" for every documented option [27] o curl: improve error message for --head with -J [42] o curl_easy_cleanup.3: remove from multi handle first [3] o curl_easy_escape.3: call curl_easy_cleanup in example [58] o curl_easy_unescape.3: call curl_easy_cleanup in example [57] o curl_multi_init.3: fix EXAMPLE formatting o curl_multi_perform/socket_action.3: clarify what errors mean [70] o curl_share_setopt.3: split out options into their own manpages [14] o CURLOPT_STDERR.3: does not work with libcurl as a win32 DLL [51] o digest: compute user:realm:pass digest w/o userhash [45] o docs/checksrc: Add documentation for STRERROR [18] o docs/cmdline-opts: do not say "protocols: all" [26] o docs/examples: workaround broken -Wno-pedantic-ms-format o docs/HTTP3: describe how to setup a h3 reverse-proxy for testing [88] o docs/INSTALL.md: typo fix : added missing "get" verb [31] o docs/URL-SYNTAX.md: space is not fine in a given URL o docs: add known bugs list to HTTP3.md [83] o docs: address proselint nits [16] o docs: consistent manpage SYNOPSIS [47] o docs: fix dead links, remove ECH.md o docs: fix typo in OpenSSL 3 build instructions [80] o docs: Update the Reducing Size section o example/progressfunc: remove code for old libcurls [78] o examples/multi-single.c: remove WAITMS() [98] o FAQ: typo fix : "yout" ➤ "your" [30] o ftp: disable warning 4706 in MSVC [85] o gen.pl: improve example output format [29] o github workflow: add wolfssl (removed from zuul) [103] o github/workflows: add mbedtls and mbedtls-clang (removed from zuul) [92] o gtls: check return code for gnutls_alpn_set_protocols [86] o hash: lazy-alloc the table in Curl_hash_add() [54] o http2:set_transfer_url() return early on OOM [53] o HTTP3: update quiche build instructions [37] o http: enable haproxy support for hyper backend [20] o http: Fix CURLOPT_HTTP200ALIASES [89] o http_proxy: don't close the socket (too early) [100] o insecure.d: detail its use for SFTP and SCP as well [32] o insecure.d: expand and clarify [28] o libcurl-multi.3: "SOCKS proxy handshakes" are not blocking o libcurl-security.3: mention address and URL mitigations o libssh2: fix error message for sha256 mismatch o libtest: avoid "assignment within conditional expression" [84] o lift: ignore is a deprecated config option, use ignoreRules [35] o linkcheck.yml: add CI job that checks markdown links [82] o m4/curl-compilers: tell clang -Wno-pointer-bool-conversion [99] o Makefile.m32: rename -winssl option to -schannel and tidy up [33] o mbedTLS: add support for CURLOPT_CAINFO_BLOB [44] o mbedtls: fix CURLOPT_SSLCERT_BLOB [72] o mbedtls: fix private member designations for v3.1.0 [93] o misc: remove unused doh flags when CURL_DISABLE_DOH is defined [71] o misc: s/e-mail/email [74] o multi: cleanup the socket hash when destroying it [55] o multi: handle errors returned from socket/timer callbacks [52] o multi: shut down CONNECT in Curl_detach_connnection [2] o netrc.d: edit the .netrc example to look nicer [24] o ngtcp2: verify the server cert on connect (quictls) [102] o ngtcp2: verify the server certificate for the gnutls case [101] o nss:set_cipher don't clobber the cipher list [38] o openldap: implement STARTTLS [56] o openldap: process search query response messages one by one [50] o openldap: several minor improvements [69] o openldap: simplify ldif generation code [77] o openssl: check the return value of BIO_new() [43] o openssl: define HAVE_OPENSSL_VERSION for OpenSSL 1.1.0+ o openssl: remove `RSA_METHOD_FLAG_NO_CHECK` handling if unavailable o openssl: remove usage of deprecated `SSL_get_peer_certificate` o openssl: use non-deprecated API to read key parameters o page-footer: add a mention of how to report bugs to the man page o page-footer: document more environment variables [23] o request.d: refer to 'method' rather than 'command' [59] o retry-all-errors.d: make the example complete o runtests: make the SSH library a testable feature o rustls: read of zero bytes might be okay [9] o rustls: remove comment about checking handshaking [15] o rustls: remove incorrect EOF check [10] o sha256/md5: return errors when init fails [79] o socks5: use appropriate ATYP for numerical IP address host names [91] o test1156: enable for hyper [65] o test1156: fixup the stdout check for Windows [60] o test1525: tweaked for hyper [64] o test1526: enable for hyper [63] o test1527: enable for hyper [62] o test1528: enable for hyper [61] o test1554: adjust for hyper [49] o test1556: adjust for hyper [48] o test302[12]: run only with the libssh2 backend [8] o test661: enable for hyper [66] o tests/CI.md: add more information on CI environments [39] o tests/data/test302[12]: fix MSYS2 path conversion of hostpubsha256 [76] o tftp: mark protocol as not possible to do over CONNECT [25] o tool_findfile: updated search for a file in the homedir [46] o tool_operate: only set SSH related libcurl options for SSH URLs [11] o tool_operate: warn if too many output arguments were found [87] o url.c: fix the SIGPIPE comment for Curl_close [4] o url: check ssl_config when re-use proxy connection [81] o url: reduce ssl backend count for CURL_DISABLE_PROXY builds [96] o urlapi: accept port number zero [34] o urlapi: if possible, shorten given numerical IPv6 addresses [95] o urlapi: provide more detailed return codes [36] o urlapi: reject short file URLs [41] o version_win32: Check build number and platform id o vtls/rustls: adapt to the updated rustls_version proto [19] o writeout: fix %{http_version} for HTTP/3 [7] o x509asn1: return early on errors [67] o zuul.d: update rustls-ffi to version 0.8.2 [5] o zuul: fix quiche build pointing to wrong Cargo [104] This release includes the following known bugs: o see docs/KNOWN_BUGS (https://curl.se/docs/knownbugs.html) Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>	2022-02-06 17:13:54 +00:00
Adolf Belka	e8e2841b1d	curl: Update to version 7.80.0 - Update from 7.79.1 to 7.80.0 - Update of rootfile - Changelog is too long to include here. This update fixes 172 bugs the details of which can be found in the CHANGES file in the source tarball. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>	2021-12-03 18:22:28 +01:00
Adolf Belka	be52d700f1	curl: Update to version 7.79.1 - Update from 7.78.0 to 7.79.1 - Update of rootfile not required - Changelog Fixed in 7.79.1 - September 22 2021 Bugfixes: Curl_http2_setup: don't change connection data on repeat invokes curl_multi_fdset: make FD_SET() not operate on sockets out of range dist: provide lib/.checksrc in the tarball FAQ: add GOPHERS + curl works on data, not files hsts: CURLSTS_FAIL from hsts read callback should fail transfer hsts: handle unlimited expiry http: fix the broken >3 digit response code detection strerror: use sys_errlist instead of strerror on Windows test1184: disable tests/sshserver.pl: make it work with openssh-8.7p1 Fixed in 7.79.0 - September 15 2021 Changes: bearssl: support CURLOPT_CAINFO_BLOB http: consider cookies over localhost to be secure secure transport: support CURLINFO_CERTINFO Bugfixes: CVE-2021-22945: clear the leftovers pointer when sending succeeds CVE-2021-22946: do not ignore --ssl-reqd CVE-2021-22947: reject STARTTLS server response pipelining ares: use ares_getaddrinfo() asyn-ares.c: move all version number checks to the top auth: do not append zero-terminator to authorisation id in kerberos auth: properly handle byte order in kerberos security message auth: use sasl authzid option in kerberos auth: we do not support a security layer after kerberos authentication BINDINGS.md: update links to use https where available build: fix compiler warnings c-hyper: deal with Expect: 100-continue combined with POSTFIELDS c-hyper: fix header value passed to debug callback c-hyper: handle HTTP/1.1 => HTTP/1.0 downgrade on reused connection c-hyper: initial step for 100-continue support c-hyper: initial support for "dumping" 1xx HTTP responses c-hyper: remove the hyper_executor_poll() loop from Curl_http CI/cirrus: reduce compile time with increased parallism CI: use GitHub Container Registry instead of Docker Hub cirrus: Add FreeBSD 13.0 job and disable sanitizer build cmake: avoid poll() on macOS cmake: sync CURL_DISABLE options codeql: fix error "Resource not accessible by integration" compressed.d: it's a request, not an order config.d: escape the backslash properly config.d: note that curlrc is used even when --config config: get rid of the unused HAVE_SIG_ATOMIC_T et. al. configure.ac: revert bad nghttp2 library detection improvements configure: error out if both ngtcp2 and quiche are specified configure: make --disable-hsts work configure: set classic mingw minimum OS version to XP configure: tweak nghttp2 library name fix connect: get local port + ip also when reusing connections connect: remove superfluous conditional curl-openssl.m4: check lib64 for the pkg-config file curl-openssl.m4: show correct output for OpenSSL v3 curl.1: mention "global" flags curl.1: provide examples for each option curl: add warning for ignored data after quoted form parameter curl: add warning for incompatible parameters usage curl: better error message when -O fails to get a good name curl: stop retry if Retry-After: is longer than allowed curl_easy_setopt.3: improve the string copy wording Curl_hsts_loadcb: don't attempt to load if hsts wasn't inited curl_setup.h: sync values for HTTP_ONLY curl_url_get.3: clarify about path and query CURLMOPT_TIMERFUNCTION.3: remove misplaced "time" CURLOPT_DOH_URL.3: CURLOPT_OPENSOCKETFUNCTION is not inherited CURLOPT_SSL_CTX_.3: tidy up the example CURLOPT_UNIX_SOCKET_PATH.3: remove nginx reference, add see also docs/MQTT: update state of username/password support docs: remove experimental mentions from HSTS and MQTT docs: the security list is reached at security at curl.se now easy: use a custom implementation of wcsdup on Windows examples/hiperfifo.c: fix calloc arguments to match function proto examples/cookie_interface: avoid printfing time_t directly examples/cookie_interface: fix scan-build printf warning examples/ephiperfifo.c: simplify signal handler FAQ: add two dev related questions getparameter: fix the --local-port number parser happy-eyeballs-timeout-ms.d: polish the wording hostip: Make Curl_ipv6works function independent of getaddrinfo http2: Curl_http2_setup needs to init stream data in all invokes http2: revert a change that broke upgrade to h2c http2: revert call the handle-closed function correctly on closed stream http: disallow >3-digit response codes http: ignore content-length if any transfer-encoding is used http_proxy: clear 'sending' when the outgoing request is sent http_proxy: fix the User-Agent inclusion in CONNECT http_proxy: fix user-agent and custom headers for CONNECT with hyper http_proxy: only wait for writable socket while sending request INTERNALS: bump c-ares requirement to 1.16.0 INTERNALS: c-ares has a new home: c-ares.org lib: don't use strerror() libcurl-errors.3: clarify two CURLUcode errors limit-rate.d: clarify base unit mailing lists: move from cool.haxx.se to lists.haxx.se mbedtls: avoid using a large buffer on the stack mbedTLS: initial 3.0.0 support mbedtls_threadlock: fix unused variable warning mksymbolsmanpage.pl: Fix showing symbol's last used version mksymbolsmanpage.pl: match symbols case insenitively multi: fix compiler warning with `CURL_DISABLE_WAKEUP` ngtcp2: compile with the latest ngtcp2 and nghttp3 ngtcp2: fix build with ngtcp2 and nghttp3 ngtcp2: remove the acked_crypto_offset struct field init ngtcp2: replace deprecated functions with nghttp3_conn_shutdown_stream_read ngtcp2: reset the oustanding send buffer again when drained ngtcp2: rework the return value handling of ngtcp2_conn_writev_stream ngtcp2: stop buffering crypto data ngtcp2: utilize crypto API functions to simplify openssl: annotate SSL3_MT_SUPPLEMENTAL_DATA openssl: when creating a new context, there cannot be an old one opt-docs: make sure all man pages have examples opt-docs: verify man page sections + order opts docs: unify phrasing in NAME header output.d: add method to suppress response bodies page-header: add GOPHERS, simplify wording in the 1st para progress: fix a compile warning on some systems progress: make trspeed avoid floats runtests: add option -u to error on server unexpectedly alive schannel: Work around typo in classic mingw macro scripts: invoke interpreters through /usr/bin/env setopt: enable CURLOPT_IGNORE_CONTENT_LENGTH for hyper strerror.h: remove the #include from files not using it symbols-in-versions: fix CURLSSLBACKEND_QSOSSL last used version test1138: remove trailing space to make work with hyper test1173: check references to libcurl options test1280: CRLFify the response to please hyper test1565: fix windows build errors test365: verify response with chunked AND Content-Length headers tests/server.pl: flush output before executing subprocess tests/server.py: remove pidfile on server termination tests/runtests.pl: cleanup copy&paste mistakes and unused code tests/server/*.c: align handling of portfile argument and file tests: adjust the tftpd output to work with hyper mode tests: be explicit about using 'python3' instead of 'python' tests: enable test 1129 for hyper builds tests: make three tests pass until 2037 tool/tests: fix potential year 2038 issues tool_operate: Fix --fail-early with parallel transfers url: fix compiler warning in no-verbose builds urlapi.c:seturl: assert URL instead of using if-check vtls: fix typo in schannel_verify.c winbuild/README.md: clarify GEN_PDB option wolfssl: clean up wolfcrypt error queue write-out.d: clarify size_download/upload x509asn1: fix heap over-read when parsing x509 certificates Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-10-25 16:54:28 +00:00
Adolf Belka	bfa7865ec5	curl: Update to version 7.78.0 - Update from 7.77.0 to 7.78.0 - Update of rootfile not required - Changelog Changes: curl_url_set: reject spaces in URLs w/o CURLU_ALLOW_SPACE CURLE_SETOPT_OPTION_SYNTAX: new error name for wrong setopt syntax hostip: make 'localhost' return fixed values mbedtls: add support for cert and key blob options metalink: remove all support for it mqtt: add support for username and password Bugfixes: --socks4[a]: clarify where the host name is resolved ares: always store IPv6 addresses first asyn-ares: remove check for 'data' in Curl_resolver_cancel bearssl: explicitly initialize all fields of Curl_ssl bearssl: remove incorrect const on variable that is modified build: fix compiler warnings when CURL_DISABLE_VERBOSE_STRINGS c-hyper: abort CONNECT response reading early on non 2xx responses c-hyper: add support for transfer-encoding in the request c-hyper: bail on too long response headers c-hyper: clear NTLM auth buffer when request is issued c-hyper: convert HYPERE_INVALID_PEER_MESSAGE to CURLE_UNSUPPORTED_PROTOCOL c-hyper: fix NTLM on closed connection tested with test159 c-hyper: fix the uploaded field in progress callbacks c-hyper: handle NULL from hyper_buf_copy() c-hyper: support CURLINFO_STARTTRANSFER_TIME c-hyper: support CURLOPT_HEADER ccsidcurl: fix the compile errors CI/cirrus: install impacket from PyPI instead of FreeBSD packages CI: add bearssl build CI: add Circle CI CI: add jobs using Zuul CI: delete --enable-hsts option (it is the default now) CI: remove travis details cleanup: spell DoH with a lowercase o cmake: add CURL_DISABLE_NTLM option cmake: avoid leaking absolute paths into exported config cmake: fix IoctlSocket FIONBIO check cmake: fix support for UnixSockets feature on Win32 cmake: remove libssh2 feature checks cmake: try well-known send/recv signature for Apple configure.ac: make non-executable configure/cmake: remove checks for many unused functions configure: add --disable-ntlm option configure: disable RTSP when hyper is selected configure: do not strip out debug flags configure: fix nghttp2 library name for static builds configure: inhibit the implicit-fallthrough warning on gcc-12 configure: rename get-easy-option configure option to get-easy-options conn_shutdown: if closed during CONNECT cleanup properly conncache: lowercase the hash key for better match cookies: track expiration in jar to optimize removals copyright: add boiler-plate headers to CI config files crustls: bump crustls version and use new URL curl.h: <sys/select.h> is supported by VxWorks7 curl.h: include sys/select.h for NuttX RTOS curl: ignore blank --output-dir curl_endian: remove the unused Curl_write64_le function curl_multibyte: Remove local encoding fallbacks Curl_ntlm_core_mk_nt_hash: fix OOM in error path Curl_ssl_getsessionid: fail if no session cache exists CURLOPT_WRITEFUNCTION.3: minor update of the example docs/BINDINGS: fix outdated links docs/examples: use curl_multi_poll() in multi examples docs/INSTALL: remove mentions of configure --with-darwin-ssl docs: document missing arguments to commands docs: fix inconsistencies in EGDSOCKET documentation docs: fix incorrect argument name reference docs: Fix typos docs: make docs for --etag-save match the program behaviour docs: use --max-redirs instead of --max-redir doh: (void)-prefix call to curl_easy_setopt doh: fix wrong DEBUGASSERT for doh private_data easy: during upkeep, attach Curl_easy to connections in the cache examples/multi-single: fix scan-build warning examples: length-limit two sscanf() uses of %s examples: safer and more proper read callback logic filecheck: quietly remove test-place/~ formdata: avoid "Argument cannot be negative" warning formdata: correct typecast in curl_mime_data call GHA: add a linux-hyper job GHA: add several libcurl tests to the hyper job GHA: run the newly fixed tests with hyper github: timeout jobs on macOS after 90 minutes glob: pass an 'int' as len when using printf's %s gnutls: set the preferred TLS versions in correct order GOVERNANCE: add 'user', 'committer' and 'contributor' hostip: (macOS) free returned memory of SCDynamicStoreCopyProxies hostip: bad CURLOPT_RESOLVE syntax now returns error hsts: ignore numberical IP address hosts HSTS: not experimental anymore http2: clarify 'Using HTTP2' verbose message http2: init recvbuf struct for pushed streams http2_connisdead: handle trailing GOAWAY better http: fix crash in rate-limited upload http: make the haproxy support work with unix domain sockets http_proxy: deal with non-200 CONNECT response with Hyper hyper: propagate errors back up from read callbacks HYPER: remove mentions of deprecated development branch idn: fix libidn2 with windows unicode builds infof: remove newline from format strings, always append it lib: don't compare fd to FD_SETSIZE when using poll lib: fix compiler warnings with CURL_DISABLE_NETRC lib: fix type of len passed to printf's %s lib: more %u for port and int for %*s fixes lib: use %u instead of %ld for port number printf libcurl-security.3: mention file descriptors and forks libssh2: limit time a disconnect can take to 1 second mbedtls: make mbedtls_strerror always work mbedtls: Remove unnecessary include mqtt: detect illegal and too large file size mqtt: extend the error message for no topic msnprintf: return number of printed characters excluding null byte multi: add scan-build-6 work-around in curl_multi_fdset multi: alter transfer timeout ordering multi: do not switch off connect_only flag when closing multi: fix crash in curl_multi_wait / curl_multi_poll netrc: skip 'macdef' definitions ngtcp2: disable TLSv1.3 compatible mode when using GnuTLS openssl: avoid static variable for seed flag openssl: don't remove session id entry in disassociate pinnedpubkey.d: fix formatting for version support lists proto.d: fix formatting for paragraphs after margin changes quiche: use send() instead of sendto() to avoid macOS issue Revert "c-hyper: handle body on HYPER_TASK_EMPTY" Revert "ftp: Expression 'ftpc->wait_data_conn' is always false" runtests: also find the last test in Makefile.inc runtests: enable 'hyper mode' only for HTTP tests runtests: init $VERSION to avoid warnings when using -l runtests: parse data/Makefile.inc instead of using make runtests: skip disabled tests unless -f is used rustls: remove native_roots fallback schannel: set ALPN length correctly for HTTP/2 SChannel: Use '_tcsncmp()' instead sectransp: check for client certs by name first, then file setopt: fix incorrect comments socketpair: fix potential hangs socks4: scan for the IPv4 address in resolve results ssl: read pending close notify alert before closing the connection sws: malloc request struct instead of using stack telnet: fix option parser to not send uninitialized contents test1116: hyper doesn't pass through "surprise-trailers" test1147: hyper doesn't allow "crazy" request headers like built-in test1151: added missing CRLF to work with hyper test1216: adjusted for hyper mode test1218: adjusted for hyper mode test1230: adjust to work in hyper mode test1340/1341: adjusted for hyper mode test1438/1457: add HTTP keyword to make hyper mode work test1514: add a CRLF to the response to make it correct test1518: adjusted to work with hyper test1519: adjusted to work with hyper test1594/1595/1596: fix to work in hyper mode test269: disable for hyper test3010: work with hyper mode test328: avoid a header-looking body to make hyper mode work test339: CRLFify better to work in hyper mode test347: CRLFify to work in hyper mode test393: make Content-Length fit within 64 bit for hyper test394: hyper returns a different error test395: hyper cannot work around > 64 bit content-lengths like built-in test433: adjust for hyper mode test434: add HTTP keyword test500: adjust to work with hyper mode test566: adjust to work with hyper mode test599: adjusted to work in hyper mode test644: remove as duplicate of test 587 tests: fix Accept-Encoding strips to work with Hyper builds TLS: prevent shutdown loops to get stuck tool: make _lseeki64() macro work with the PellesC compiler tool_help: document that --tlspassword takes a password tool_help: remove unused define url.c: remove two variable assigns that are never read url: (void)-prefix a curl_url_get() call url: bad CURLOPT_CONNECT_TO syntax now returns error version: turn version number functions into returning void vtls: exit addsessionid if no cache is inited vtls: fix connection reuse checks for issuer cert and case sensitivity vtls: only store TIMER_APPCONNECT for non-proxy connect vtls: use free() not curl_free() warnless: simplify type size handling Win32: fix build with Watt-32 winbuild/README: VC should be set to 6 'or larger' winbuild: support alternate nghttp2 static lib name wolfssl: failing to set a session id is not reason to error out write-out.d: clarify urlnum is not unique for de-globbed URLs zuul: use the new rustls directory name Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-09-05 08:53:35 +00:00
Adolf Belka	abcabf673e	curl: Update to 7.77.0 - Update from 7.76.1 to 7.77.0 - Update rootfile - Changelog is too large to include here. It can be accesed at https://curl.se/changes.html There are 5 changes and 133 bug fixes of which 3 are related to CVE's Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2021-05-31 12:40:11 +00:00
Adolf Belka	d5b6dfba96	curl: Update to 7.76.1 - Update from 7.75.0 to 7.76.1 - Update of rootfile - Changelog is too large to include here. Full details can be found in the CHANGES file in the source tarball Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2021-04-20 09:06:16 +00:00
Matthias Fischer	2e4321c1f4	curl: Update to 7.75 For details see: https://curl.se/changes.html Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2021-02-05 11:22:59 +00:00
Peter Müller	a30f94ac4a	curl: update to 7.73.0 Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-11-05 23:33:29 +00:00
Erik Kapfer	0d1054abc9	curl: Update to version 7.71.1 Several bugfixes and vulnerabilities has been fixed since the current available version 7.64.0 . For a full overview, the changelog is located in here --> https://curl.haxx.se/changes.html, a security problem overview in here --> https://curl.haxx.se/docs/security.html . Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 10:09:10 +00:00
Matthias Fischer	d5b7f82a40	curl: Update to 7.64.0 Hi, For details see: https://curl.haxx.se/changes.html This came rather unexpected - if I'd known, I'd have waited with 7.63.0. "Changes: cookies: leave secure cookies alone hostip: support wildcard hosts http: Implement trailing headers for chunked transfers http: added options for allowing HTTP/0.9 responses timeval: Use high resolution timestamps on Windows Bugfixes: CVE-2018-16890: NTLM type-2 out-of-bounds buffer read CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow CVE-2019-3823: SMTP end-of-response out-of-bounds read FAQ: remove mention of sourceforge for github OS400: handle memory error in list conversion OS400: upgrade ILE/RPG binding. README: add codacy code quality badge Revert http_negotiate: do not close connection THANKS: added several missing names from year <= 2000 build: make 'tidy' target work for metalink builds cmake: added checks for variadic macros cmake: updated check for HAVE_POLL_FINE to match autotools cmake: use lowercase for function name like the rest of the code configure: detect xlclang separately from clang configure: fix recv/send/select detection on Android configure: rewrite --enable-code-coverage conncache_unlock: avoid indirection by changing input argument type cookie: fix comment typo cookies: allow secure override when done over HTTPS cookies: extend domain checks to non psl builds cookies: skip custom cookies when redirecting cross-site curl --xattr: strip credentials from any URL that is stored curl -J: refuse to append to the destination file curl/urlapi.h: include "curl.h" first curl_multi_remove_handle() don't block terminating c-ares requests darwinssl: accept setting max-tls with default min-tls disconnect: separate connections and easy handles better disconnect: set conn->data for protocol disconnect docs/version.d: mention MultiSSL docs: fix the --tls-max description docs: use $(INSTALL_DATA) to install man page docs: use meaningless port number in CURLOPT_LOCALPORT example gopher: always include the entire gopher-path in request http2: clear pause stream id if it gets closed if2ip: remove unused function Curl_if_is_interface_name libssh: do not let libssh create socket libssh: enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION for libssh libssh: free sftp_canonicalize_path() data correctly libtest/stub_gssapi: use "real" snprintf mbedtls: use VERIFYHOST multi: multiplexing improvements multi: set the EXPIRE_TIMEOUT timers at TIMER_STARTSINGLE time ntlm: fix NTMLv2 compliance ntlm_sspi: add support for channel binding openssl: adapt to 3.0.0, OpenSSL_version_num() is deprecated openssl: fix the SSL_get_tlsext_status_ocsp_resp call openvms: fix OpenSSL discovery on VAX openvms: fix typos in documentation os400: add a missing closing bracket os400: fix extra parameter syntax error pingpong: change default response timeout to 120 seconds pingpong: ignore regular timeout in disconnect phase printf: fix format specifiers runtests.pl: Fix perl call to include srcdir schannel: fix compiler warning schannel: preserve original certificate path parameter schannel: stop calling it "winssl" sigpipe: if mbedTLS is used, ignore SIGPIPE smb: fix incorrect path in request if connection reused ssh: log the libssh2 error message when ssh session startup fails test1558: verify CURLINFO_PROTOCOL on file:// transfer test1561: improve test name test1653: make it survive torture tests tests: allow tests to pass by 2037-02-12 tests: move objnames- from lib into tests timediff: fix math for unsigned time_t timeval: Disable MSVC Analyzer GetTickCount warning tool_cb_prg: avoid integer overflow travis: added cmake build for osx urlapi: Fix port parsing of eol colon urlapi: distinguish possibly empty query urlapi: fix parsing ipv6 with zone index urldata: rename easy_conn to just conn winbuild: conditionally use /DZLIB_WINAPI wolfssl: fix memory-leak in threaded use spnego_sspi: add support for channel binding" Best, Matthias Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-13 11:27:53 +00:00
Matthias Fischer	d2b7811b15	curl: Update to 7.63.0 For details see: https://curl.haxx.se/changes.html Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 00:14:59 +00:00
Peter Müller	eee037b890	update disclaimer in LFS files Most of these files still used old dates and/or domain names for contact mail addresses. This is now replaced by an up-to-date copyright line. Just some housekeeping... :-) Signed-off-by: Peter Müller <peter.mueller@link38.eu> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-09-10 19:20:36 +01:00
Michael Tremer	4d888e6854	curl: Drop old compatibility symlink Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-04-02 15:50:09 +01:00
Peter Müller	dd48a7aac8	curl: update to 7.59.0 Update curl to 7.59.0 which fixes a number of bugs and some minor security issues. Signed-off-by: Peter Müller <peter.mueller@link38.eu> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-03-26 19:03:29 +01:00
Marcel Lorenz	2a53bafffe	curl: update to 7.49.1 https://curl.haxx.se/changes.html#7_49_1 Signed-off-by: Marcel Lorenz <marcel.lorenz@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-07-14 23:24:56 +01:00
Sascha Kilian	cd4ca08231	Update: curl to 7.48.0 Signed-off-by: Sascha Kilian <sascha@sakisoft.de> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-04-26 22:28:18 +01:00
Michael Tremer	54206b6e35	curl: Fix certificate validation curl did not find the certificate bundle so that server certificates could not be verified. Fixes #10995 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2015-12-19 14:12:29 +00:00
Matthias Fischer	bdb1c52534	curl: Update to 7.43.0	2015-06-26 18:07:49 +02:00
Matthias Fischer	6a71b0b013	curl: Update to 7.40.0	2015-01-19 20:16:41 +01:00
Michael Tremer	f8c079150e	curl: Update to 7.31.0. Disable IPv6 in order to avoid that AAAA record resolution which may kill squidclamav.	2013-07-03 20:32:07 +02:00
Michael Tremer	68053bcc1d	curl: Update to 7.29.0. Security fix for http://curl.haxx.se/docs/adv_20130206.html.	2013-02-12 20:13:59 +01:00
Erik Kapfer	cd1da6ff45	curl: Update to 7.24.0.	2012-10-09 11:12:32 +02:00
Arne Fitzenreiter	a60b61eecb	Updated curl to 7.19.5	2009-05-22 00:01:50 +02:00
Arne Fitzenreiter	1772cfdee0	Add curl symlink to made old binaries use new lib	2009-03-20 20:07:38 +01:00
Arne Fitzenreiter	a35863c5df	Upgraded curl to current stable and add it to core28	2009-03-04 18:21:46 +01:00
ms	70df830214	Ein Paar Dateien fuer die GPLv3 angepasst. git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@853 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8	2007-08-29 13:25:32 +00:00
ms	eac942d9e2	Nochma nen anderen Torrent-Client versuchen... git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@650 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8	2007-06-27 23:53:47 +00:00

42 Commits