mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-04-09 18:45:54 +02:00
579c5830aa
- Update from version 7.88.1 to 8.1.0
- Update of rootfile not required
- Changelog
Fixed in 8.1.0 - May 17 2023
Changes:
curl: add --proxy-http2
CURLPROXY_HTTPS2: for HTTPS proxy that may speak HTTP/2
hostip: refuse to resolve the .onion TLD
tool_writeout: add URL component variables
Bugfixes:
amiga: Fix CA certificate paths for AmiSSL and MorphOS
autotools: sync up clang picky warnings with cmake
aws-sigv4.d: fix region identifier in example
bufq: simplify since expression is always true
cf-h1-proxy: skip an extra NULL assign
cf-h2-proxy: fix processing ingress to stop too early
cf-socket: add socket recv buffering for most tcp cases
cf-socket: Disable socket receive buffer by default
cf-socket: remove dead code discovered by PVS
cf-socket: turn off IPV6_V6ONLY on Windows if it is supported
checksrc: check for spaces before the colon of switch labels
checksrc: find bad indentation in conditions without open brace
checksrc: fix SPACEBEFOREPAREN for conditions starting with "*"
ci: `-Wno-vla` no longer necessary
CI: fix brew retries on GHA
CI: Set minimal permissions on workflow ngtcp2-quictls.yml
CI: skip Azure for commits which change only GHA
CI: use another glob syntax for matching files on Appveyor
cmake: bring in the network library on Haiku
cmake: do not add zlib headers for openssl
CMake: make config version 8 compatible with 7
cmake: picky-linker fixes for openssl, ZLIB, H3 and more
cmake: set SONAME for SunOS too
cmake: speed up and extend picky clang/gcc options
CMakeLists.txt: fix typo for Haiku detection
compressed.d: clarify the words on "not notifying headers"
config-dos.h: fix SIZEOF_CURL_OFF_T for MS-DOS/DJGPP
configure: don't set HAVE_WRITABLE_ARGV on Windows
configure: fix detection of apxs (for httpd)
configure: make quiche require quiche_conn_send_ack_eliciting
connect: fix https connection setup to treat ssl_mode correctly
content_encoding: only do transfer-encoding compression if asked to
cookie: address PVS nits
cookie: clarify that init with data set to NULL reads no file
curl: do NOT append file name to path for upload when there's a query
curl_easy_getinfo.3: typo fix (duplicated "from the")
curl_easy_unescape.3: rename the argument
curl_path: bring back support for SFTP path ending in /~
curl_url_set.3: mention that users can set content rather freely
CURLOPT_IPRESOLVE.3: this for host names, not IP addresses
data.d: emphasize no conversion
digest: clear target buffer
doc: curl_mime_init() strong easy binding was relaxed in 7.87.0
docs/cmdline-opts: document the dotless config path
docs/examples/protofeats.c: outputs all protocols and features
docs/libcurl/curl_*escape.3: rename "url" argument to "input"/"string"
docs/SECURITY-ADVISORY.md: how to write a curl security advisory
docs: bump the minimum perl version to 5.6
docs: clarify that more backends have HTTPS proxy support
dynbuf: never allocate larger than "toobig"
easy_cleanup: require a "good" handle to act
ftp: fix 'portsock' variable was assigned the same value
ftp: remove dead code
ftplistparser: move out private data from public struct
ftplistparser: replace realloc with dynbuf
gen.pl: error on duplicated See-Also fields
getpart: better handle case of file not found
GHA-linux: add an address-sanitizer build
GHA: add a memory-sanitizer job
GHA: run all linux test jobs with valgrind
GHA: suppress git clone output
GIT-INFO: add --with-openssl
gskit: various compile errors in OS400
h2/h3: replace `state.drain` counter with `state.dselect_bits`
hash: fix assigning same value
headers: clear (possibly) lingering pointer in init
hostcheck: fix host name wildcard checking
hostip: add locks around use of global buffer for alarm()
hostip: enforce a maximum DNS cache size independent of timeout value
HTTP-COOKIES.md: mention the #HttpOnly_ prefix
http2: always EXPIRE_RUN_NOW unpaused http/2 transfers
http2: do flow window accounting for cancelled streams
http2: enlarge the connection window
http2: flow control and buffer improvements
http2: move HTTP/2 stream vars into local context
http2: pass `stream` to http2_handle_stream_close to avoid NULL checks
http2: remove unused Curl_http2_strerror function declaration
HTTP3/quiche: terminate h1 response header when no body is sent
http3: check stream_ctx more thoroughly in all backends
HTTP3: document the ngtcp2/nghttp3 versions to use for building curl
http3: expire unpaused transfers in all HTTP/3 backends
http3: improvements across backends
http: free the url before storing a new copy
http: skip a double NULL assign
ipv4.d/ipv6.d: they are "mutex", not "boolean"
KNOWN_BUGS: remove fixed or outdated issues, move non-bugs
lib/cmake: add HAVE_WRITABLE_ARGV check
lib/sha256.c: typo fix in comment (duplicated "is available")
lib1560: verify that more bad host names are rejected
lib: add `bufq` and `dynhds`
lib: remove CURLX_NO_MEMORY_CALLBACKS
lib: unify the upload/method handling
lib: use correct printf flags for sockets and timediffs
libssh2: fix crash in keyboard callback
libssh2: free fingerprint better
libssh: tell it to use SFTP non-blocking
man pages: simplify the .TH sections
MANUAL.md: add dict example for looking up a single definition
md(4|5): don't use deprecated iOS functions
md4: only build when used
mime: skip NULL assigns after Curl_safefree()
multi: add handle asserts in DEBUG builds
multi: add multi-ignore logic to multi_socket_action
multi: free up more data earleier in DONE
multi: remove a few superfluous assigns
multi: remove PENDING + MSGSENT handles from the main linked list
ngtcp2: adapted to 0.15.0
ngtcp2: adjust config and code checks for ngtcp2 without nghttp3
noproxy: pointer to local array 'hostip' is stored outside scope
ntlm: clear lm and nt response buffers before use
openssl: interop with AWS-LC
OS400: fix and complete ILE/RPG binding
OS400: implement EBCDIC support for recent features
OS400: improve vararg emulation
OS400: provide ILE/RPG usage examples
pingpong: fix compiler warning "assigning an enum to unsigned char"
pytest: improvements for suitable curl and error output
quiche: disable pacing while pacing is not actually performed
quiche: Enable IDLE egress handling
RELEASE-PROCEDURE: update to new schedule
rtsp: convert mallocs to dynbuf for RTP buffering
rtsp: skip malformed RTSP interleaved frame data
rtsp: skip NULL assigns after Curl_safefree()
runtests: die if curl version can be found
runtests: don't start servers if -l is given
runtests: fix -c option when run with valgrind
runtests: fix quoting in Appveyor and Azure test integration
runtests: lots of refactoring
runtests: refactor into more packages
runtests: show error message if file can't be written
runtests: spawn a new process for the test runner
rustls: fix error in recv handling
schannel: add clarifying comment
server/getpart: clear target buffer before load
smb: remove double assign
smbserver: remove temporary files before exit
socketpair: verify with a random value
ssh: Add support for libssh2 read timeout
telnet: simplify the implementation of str_is_nonascii()
test1169: fix so it works properly everywhere
test1592: add flaky keyword
test1960: point to the correct path for the precheck tool
test303: kill server after test
tests/http: add timeout to running curl in test cases
tests/http: fix log formatting on wrong exit code
tests/http: fix out-of-tree builds
tests/http: improved httpd detection
tests/http: more tests with specific clients
tests/http: relax connection check in test_07_02
tests/keywords.pl: remove
tests/libtest/lib1900.c: remove
tests/sshserver.pl: Define AddressFamily earlier
tests: 1078 1288 1297 use valid IPv4 addresses
tests: document that the unittest keyword is special
tests: increase sws timeout for more robust testing
tests: log a too-long Unix socket path in sws and socksd
tests: make test_12_01 a bit more forgiving on connection counts
tests: move pidfiles and portfiles under the log directory
tests: move server config files under the pid dir
tests: silence some Perl::Critic warnings in test suite
tests: stop using strndup(), which isn't portable
tests: switch to 3-argument open in test suite
tests: turn perl modules into full packages
tests: use %LOGDIR to refer to the log directory
tool_cb_hdr: Fix 'Location:' formatting for early VTE terminals
tool_operate: pass a long as CURLOPT_HEADEROPT argument
tool_operate: refuse (--data or --form) and --continue-at combo
transfer: refuse POSTFIELDS + RESUME_FROM combo
transfer: skip extra assign
url: fix null dispname for --connect-to option
url: fix PVS nits
url: remove call to Curl_llist_destroy in Curl_close
urlapi: cleanups and improvements
urlapi: detect and error on illegal IPv4 addresses
urlapi: prevent setting invalid schemes with *url_set()
urlapi: skip a pointless assign
urlapi: URL encoding for the URL missed the fragment
urldata: copy CURLOPT_AWS_SIGV4 value on handle duplication
urldata: shrink *select_bits int => unsigned char
vlts: use full buffer size when receiving data if possible
vtls and h2 improvements
Websocket: enhanced en-/decoding
wolfssl.yml: bump to version 5.6.0
write-out.d: Use response_code in example
ws: handle reads before EAGAIN better
Fixed in 8.0.1 - March 20 2023
Bugfixes:
fix crash in curl_easy_cleanup
Fixed in 8.0.0 - March 20 2023
Changes:
build: remove support for curl_off_t < 8 bytes
Bugfixes:
.cirrus.yml: Bump to FreeBSD 13.2
aws_sigv4: fall back to UNSIGNED-PAYLOAD for sign_as_s3
BINDINGS: add Fortran binding
build: drop the use of XC_AMEND_DISTCLEAN
build: fix stdint/inttypes detection with non-autotools
cf-socket: fix handling of remote addr for accepted tcp sockets
cf-socket: if socket is already connected, return CURLE_OK
cf-socket: use port 80 when resolving name for local bind
CI: don't run CI jobs if only another CI was changed
CI: update ngtcp2 and nghttp2 for pytest
cmake: delete unused HAVE__STRTOI64
cmake: fix enabling LDAPS on Windows
cmake: skip CA-path/bundle auto-detection in cross-builds
connect: fix time_connect and time_appconnect timer statistics
cookie: don't load cookies again when flushing
cookie: parse without sscanf()
curl.h: require gcc 12.1 for the deprecation magic
curl: make -w's %{stderr} use the file set with --stderr
curl_path: create the new path with dynbuf
CURLOPT_PIPEWAIT: allow waited reuse also for subsequent connections
CURLOPT_PROXY.3: curl+NSS does not handle HTTPS over unix domain socket
CURLSHOPT_SHARE.3: HSTS sharing is not thread-safe
DEPRECATE: the original legacy mingw version 1
doc: fix compiler warning in libcurl.m4
docs/cmdline-opts: mark all global options
docs/SECURITY-PROCESS.md: updates
docs: extend the URL API descriptions
docs: note '--data-urlencode' option
DYNBUF.md: note Curl_dyn_add* calls Curl_dyn_free on failure
easy: remove infof() debug leftover from curl_easy_recv
examples/http3.c: use CURL_HTTP_VERSION_3
ftp: active mode with SSL, add the filter
ftp: add more conditions for connection reuse
ftp: allocate the wildcard struct on demand
ftp: make the EPSV response parser not use sscanf
ftp: replace sscanf for MDTM 213 response parsing
ftp: replace sscanf for PASV parsing
gssapi: align `gss_OID_desc` to silence ld warnings on macOS ventura
headers: make curl_easy_header and nextheader return different buffers
hostip: avoid sscanf and extra buffer copies
http2: fix error handling during parallel operations
http2: fix for http2-prior-knowledge when reusing connections
http2: fix handling of RST and GOAWAY to recognize partial transfers
http2: fix upload busy loop
http: don't send 100-continue for short PUT requests
http: fix unix domain socket use in https connects
http: rewrite the status line parser without sscanf
http_proxy: parse the status line without sscanf
idn: return error if the conversion ends up with a blank host
krb5: avoid sscanf for parsing
lib1560: test parsing URLs with ridiculously large fields
lib2305: deal with CURLE_AGAIN
lib517: verify time stamps without leading zeroes plus some more
lib: silence clang/gcc -Wvla warnings in brotli headers
lib: skip Curl_llist_destroy calls
libcurl-errors.3: add the CURLHcode errors from curl_easy_header.3
libssh2: only set the memory callbacks when debugging
libssh2: remove unused variable from libssh2's struct
libssh: use dynbuf instead of realloc
Makefile.mk: delete redundant `HAVE_LDAP_SSL` macro
Makefile.mk: fix -g option in debug mode
mqtt: on send error, return error
multi: make multi_perform ignore/unignore signals less often
multi: remove PENDING + MSGSENT handles from the main linked list
ngtcp2-gnutls.yml: bump to gnutls 3.8.0
ngtcp2: fix unwanted close of file descriptor 0
page-footer: add explanation for three missing exit codes
parsedate: parse strings without using sscanf()
parsedate: replace sscanf( for time stamp parsing
quic/schannel: fix compiler warnings
rand: use arc4random as fallback when available
rate.d: single URLs make no sense in --rate example
RELEASE-PROCEDURE.md: update coming release dates
rtsp: avoid sscanf for parsing
runtests: use a hash table for server port numbers
sectransp: fix compiler warning c89 mixed code/declaration
sectransp: make read_cert() use a dynbuf when loading
secure-transport: fix recv return code handling
select: stop treating POLLRDBAND as an error
setopt: move the CURLOPT_CHUNK_DATA pointer to the set struct
socket: detect "dead" connections better, e.g. not fit for reuse
src: silence wmain() warning for all build methods
telnet: only accept option arguments in ascii
telnet: parse NEW_ENVIRON without sscanf
telnet: parse telnet options without sscanf
telnet: parse the WS= argument without sscanf
test1470: test socks proxy using unix sockets and connect to https
test1960: verify CURL_SOCKOPT_ALREADY_CONNECTED
test2600: detect when ALARM_TIMEOUT is in use and adjust
test422: verify --next used without a prior URL
tests/http: add pytest to GHA and improve tests
tests: add `cookies` features
tests: add timeout, SLOWDOWN and DELAY keywords to tests
tests: fix gnutls-serv check
tests: fix MSVC unreachable code warnings in unit tests
tests: hack to build most unit tests under cmake
tests: HTTP server fixups
tests: keep cmake unit tests names in sync
tests: make CPPFLAGS common to all unit tests
tests: make first.c the same for both lib tests and unit tests
tests: support for imaps/pop3s/smtps protocols
tests: sync option lists in runtests.pl & its man page
tests: test secure mail protocols with explicit SSL requests
tests: use AM_CPPFILES to modify flags in unit tests
tests: use dynamic ports numbers in pytest suite
tool: dump headers even if file is write-only
tool: improve --stderr handling
tool_getparam: don't add a new node for just --no-remote-name
tool_getparam: error if --next is used without a prior URL
tool_operate: avoid fclose(NULL) on bad header dump file
tool_operate: propagate error codes for missing URL after --next
tool_progress: shut off progress meter for --silent in parallel
tool_writeout_json. fix the output for duplicate header names
transfer: limit Windows SO_SNDBUF updates to once a second
url: fix cookielist memleak when curl_easy_reset
url: fix logic in connection reuse to deny reuse on "unclean" connections
url: fix the SSH connection reuse check
url: only reuse connections with same GSS delegation
url: remove dummy protocol handler
urlapi: '%' is illegal in host names
urlapi: avoid mutating internals in getter routine
urlapi: parse IPv6 literals without ENABLE_IPV6
urlapi: take const args in _dup and _get functions
wildcard: remove files and move functions into ftplistparser.c
winbuild: fix makefile clean
wolfssl: add quic/ngtcp2 detection in cmake, and fix builds
wolfSSL: ressurect the BIO `io_result`
ws: keep the socket non-blocking
x509asn1.c: use correct format specifier for infof() call
x509asn1: use plain %x, not %lx, when the arg is an int
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
IPFire 2.x - The Open Source Firewall
What is IPFire?
IPFire is a hardened, versatile, state-of-the-art Open Source firewall based on Linux. Its ease of use, high performance in any scenario and extensibility make it usable for everyone. For a full list of features have a look here.
This repository contains the source code of IPFire 2.x which is used to build the whole distribution from scratch, since IPFire is not based on any other distribution.
Where can I get IPFire?
Just head over to https://www.ipfire.org/download
How do I use this software?
We have a long and detailed wiki located here which should answers most of your questions.
But I have some questions left. Where can I get support?
You can ask your question at our community located here. A complete list of our support channels can be found here.
How can I contribute?
We have another document for this. Please look here.