From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.haj.ipfire.org (localhost [IPv6:::1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4fpWN11PTHz37CJ for ; Sun, 05 Apr 2026 12:04:17 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (Client CN "mail01.haj.ipfire.org", Issuer "R12" (not verified)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4fpWMp3yNSz34CL for ; Sun, 05 Apr 2026 12:04:06 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4fpWMm4gQZz6V5; Sun, 05 Apr 2026 12:04:04 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1775390644; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Uq08H7QrZyeLYhtvgJ9CO1vZD+UVrOc17U0TZDveYNo=; b=O3r4e8IBOyqXa7MwgG/PcXrRXnoOp7kJuqqgbsY7h4MB4ozh1k8E3hqqoXBW6rii2ux87z pTCVYpHJpTwIs0Cg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1775390644; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Uq08H7QrZyeLYhtvgJ9CO1vZD+UVrOc17U0TZDveYNo=; b=k9wt1PjbFGMc0fRw3AiSUrWTgdrq5VoRlw0kahJ7ehofocNCH30kL+FZhz2doOn0ZH9zew dhJTJsh7hK2BroZkqI18OSXMBfUXXvbkVYY3hoISoM1cVXg/h25zTiJn9u+B2Emyfg7cU0 g5Xk6TXZFBVZpU88Iz85CH1fpUjDq8xn9yCRfn1A8oGlh/d343Ib90brqYsxCsZthMGiTI V3EG9Fz/ogkC8JRwtrU3me45Lqj7V3LmEHi+CiMh1qlj7BJ7ikmnooWB4FP63y8dWHeCVI 5nkmWOmV6YR9nGxuuWvEEqMWeQVfELcDmYMKNfUyIraaQB5Xq+jE/tHX0KrOMg== From: Adolf Belka To: development@lists.ipfire.org Cc: Adolf Belka Subject: [PATCH] curl: Update to version 8.19.0 Date: Sun, 5 Apr 2026 14:03:36 +0200 Message-ID: <20260405120354.137211-19-adolf.belka@ipfire.org> In-Reply-To: <20260405120354.137211-1-adolf.belka@ipfire.org> References: <20260405120354.137211-1-adolf.belka@ipfire.org> Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit - Update from version 8.18.0 to 8.19.0 - No change to rootfile - Changelog 8.19.0 Changes: o we stopped the bug bounty [23] o cmake: add `CURL_BUILD_EVERYTHING` option [51] o initial support for MQTTS [81] o tool: support fractions for --limit-rate and --max-filesize [79] o tool_cb_hdr: with -J, use the redirect name as a backup [147] o vquic: drop support for OpenSSL-QUIC [80] o windows: add build option to use the native CA store [82] o windows: bump minimum to Vista (from XP) [12] Bugfixes: o altsvc: only accept 17 byte dates from files [22] o asyn-ares: abort with OOM error when Curl_dnscache_mk_entry fails [107] o async-ares: blocking resolve timeout handling, better [239] o badwords: move into ./scripts, speed up [187] o build: add missing `GENERATEDCERTS` files [210] o build: adjust minimum version for some clang picky warnings [211] o build: check `MSG_NOSIGNAL` directly, drop detection and interim macro [26] o build: constify `memchr()`/`strchr()`/etc result variables (cont.) [85] o build: detect and include `inttypes.h` again [13] o build: do not include wolfSSL header in `curl_setup.h` [215] o build: drop duplicate C includes [54] o build: drop global suppression of `-Wformat-nonliteral`, fix fallouts [19] o build: drop unused `snprintf()` feature check on Windows [261] o build: fix `-Wunused-macros` warnings, and related tidy-ups [176] o build: fix building rare combinations [109] o build: fully omit verbose strings and code when disabled [113] o build: globally suppress DJGPP warnings in `FD_SET()` [56] o build: merge TrackMemory (`CURLDEBUG`) into debug-enabled option [46] o build: move curl stat struct type to the curlx namespace [156] o build: opt-in MSVC to C99-style verbose logging logic [108] o build: require POSIX `strdup()` [159] o build: tidy up and dedupe `strdup` functions [162] o cf-socket: ignore SOCK_CLOEXEC etc for socktype equality checks [226] o cf-socket: use SOCK_CLOEXEC in socket_open when available [130] o checksrc-all.pl: skip non-repository files [144] o checksrc: do not apply `BANNEDFUNC` to struct member functions [35] o checksrc: warn for leading spaces before the preprocessor hash [72] o clang-tidy: add missing and delete redundant parentheses [155] o clang-tidy: add more missing parentheses in macro values [224] o clang-tidy: avoid/silence `bugprone-not-null-terminated-result` [222] o clang-tidy: check `bugprone-macro-parentheses`, fix fallouts [212] o clang-tidy: drop redundant conditions reported by `misc-redundant-expression` [217] o clang-tidy: enable `bugprone-signed-char-misuse`, fix fallouts [227] o clang-tidy: enable more checks [225] o clang-tidy: enable scanning headers [205] o clang-tidy: fix issues found with build-fuzzing [275] o clang-tidy: silence more minor issues found by v22 [276] o cmake/FindMbedTLS: add workaround for missing static MSVC `mbedcrypto.lib` 4.0.0 [174] o cmake: add `CURL_DROP_UNUSED` option to reduce binary sizes [105] o cmake: add native clang-tidy support for tests, with concatenated sources [223] o cmake: always build curlu and curltool test libs in unity mode [190] o cmake: always define `CURL::win32_winsock` on Windows in `curl-config.cmake` [104] o cmake: convert `curl_add_clang_tidy_test_target()` macro to function [281] o cmake: enable binutils ld workaround for all toolchains at build-time [57] o cmake: fix `LOCATION` property access condition (debug) [241] o cmake: fix `LOCATION` property read errors in target debug function [243] o cmake: fix building with `CMAKE_FIND_PACKAGE_PREFER_CONFIG=ON` [254] o cmake: fix confusing error when a dependency is undetected in `curl-config.cmake` [169] o cmake: fix logic for openssl/zlib binutils ld workaround [71] o cmake: fix passing system header directories to clang-tidy for tests [221] o cmake: fix system include directory position for clang-tidy in tests [284] o cmake: improve clang-tidy test command-line reproduction [242] o cmake: minor fixes to test targets after prev [214] o cmake: normalize uppercase hex winver (for display) [191] o cmake: omit `curl.rc` from curltool lib [209] o cmake: reference OpenSSL and ZLIB imported targets only when enabled [41] o cmake: replace internal option with a new `tt` (test tools) target [220] o cmake: silence potential unused var warnings in C++ test snippet [201] o cmake: silence silly Apple clang warnings in C89 mode, test in CI [14] o cmake: silence useless compiler warnings triggered by the FASTBuild generator [43] o cmake: skip binutils ld hack if zlib/openssl target is not `IMPORTED` [90] o cmake: warn for invalid `CURL_TARGET_WINDOWS_VERSION` values [192] o cmke: add `*_USE_STATIC_LIBS` options for 9 dependencies [49] o config-plan9: set `HAVE_STDINT_H` again [17] o config2setopts: acknowledge OOM error from CURLOPT_MIMEPOST [120] o config2setopts: fix for --disable-aws build configuration [34] o configure: drop always true `if` check (Windows) [250] o content_encoding: return 'identity' if none other exists [235] o curl: add -I and -i to -h important [135] o curl: limit Windows-specific code to Windows builds, other tidy-ups [48] o curl_easy_nextheader.md: a new transfer invalidates 'prev' [69] o curl_get_line: drop single-use macro [93] o curl_multi_perform.md: resolve inconsistency [143] o curl_ntlm_core: merge two `#if` blocks [177] o curl_setup.h: drop extra header guard for internal include [91] o curl_setup.h: merge back single-use internal header `curl_setup_once.h` [78] o curl_setup.h: simplify curl memory macro mappings [163] o curl_setup_once: allow CURL_DEBUGASSERT for customization [125] o CURLINFO_CONTENT_LENGTH_DOWNLOAD_T.md: fix available protocols [97] o curlx: drop unused `curlx_saferealloc()` [161] o digest: escape double quotes and backslashes in realm and nonce [83] o digest: fix memory leak in auth_create_digest_http_message() [263] o digest: handle quotes in the path [50] o docs/INSTALL: update configure details [45] o docs/libcurl: unify WARNING use [89] o docs: add LibreELEC to DISTROS.md o docs: add reproducible example for generating man page [95] o docs: avoid starting sentences with However, [175] o docs: avoid using the word 'magic' [256] o docs: clarify --ipv4 and --ipv6 [149] o docs: document the need for a 64-bit type and stdint.h [118] o docs: drop basically [229] o docs: explicitly call out Slowloris as not a security flaw [6] o docs: fix grammar nitpicks [128] o docs: handle error in `curl_global_init*` examples [204] o docs: replace instances of the vague qualifier 'quite' [171] o docs: reword explanation of --variable option [150] o docs: some nitpicks [277] o docs: use dot instead of comma at end of sentences [168] o easy: reset errorbuf on eyeballing success [179] o easy: reset pausing when resetting request [218] o examples/usercertinmem: use modern OpenSSL API, drop mentions of RSA [188] o examples: improve OpenSSL certificate examples [248] o examples: omit forward declarations, apply misc fixes [60] o FAQ: syntax improvements [230] o fopen.h: simplify curl memory macro mappings [160] o ftp: replace a `curlx_free()` with `curlx_dyn_free()` [86] o ftp: split ftp_state_use_port into sub functions [172] o GOVERNANCE.md: Post-Daniel BDFL [31] o gss: exclude verbose error logic from non-verbose builds [122] o h2+h3: align stream close handling [131] o hostip.c: fix leak of addrinfo [11] o hostip6: remove debug-only code [24] o hostip: fix unreachable code in rare build configuration [74] o http/3: add description for known server error codes [15] o http1: fix potential NULL dereference in `Curl_h1_req_parse_read()` [268] o http: only send bearer if auth is allowed [228] o http_aws_sigv4: fix query normalization of %2b [117] o imap: add a check for Curl_meta_get() [157] o imap: check `imap_sendf()` printf masks at compile-time [67] o imap: skip literals inside quoted strings [30] o include: avoid recursive macros [182] o include: mask computed auth/proto bitmasks to 32 bits [145] o INSTALL-CMAKE.md: document Apple framework options [53] o INSTALL.md: fix typo [278] o INSTALL.md: suggest `-Wl,-dead_strip` for Apple targets [68] o KNOWN_BUGS.md: absolute Unix domain filename for SOCKS on Windows [37] o ldap: silence clang-tidy v22 warning [279] o ldap: silence potential unused variable warning (OS400) [55] o lib: delete unused local includes [181] o lib: disable websockets early if no http [140] o lib: make sigpipe handling more lazy [52] o lib: reorder protocol functions to avoid forward declarations (email) [76] o lib: reorder protocol functions to avoid forward declarations (ftp) [75] o lib: reorder protocol functions to avoid forward declarations (misc cont.) [66] o lib: reorder protocol functions to avoid forward declarations (misc) [77] o lib: reorder protocol functions to avoid forward declarations (ssh) [65] o lib: separate scheme info from protocol implementation [42] o lib: skip compiling code with features disabled [189] o lib: use (u)int64_t instead of long long [39] o libcurl docs: reduce 'since ...' in descriptions [28] o libcurl-security.md: fix typos and add a point about URLs o libtests: drop two redundant `memset()`s [110] o Makefile.am: delete RPM targets referencing non-existent files [9] o Makefile.am: drop stray VC project files from dist [5] o managen: silence Perl warnings [141] o mbedtls: guard TLS 1.3 + session tickets usage inside ifdef [260] o mbedtls: no pinnedpubkey wo MBEDTLS_SSL_KEEP_PEER_CERTIFICATE [29] o mbedtls: remove newline from failf() call [25] o mbedtls: split mbed_connect_step1 into sub functions [166] o md4, md5: drop redundant forward declarations [64] o md4, md5: replace custom types with `uint32_t` [111] o memdebug: include `backtrace.h` as system header [148] o mime: drop fallback for unused `R_OK` macro [58] o mimepost: allocate main struct on-demand [20] o mk-ca-bundle.pl: drop support for obsolete/insecure fingerprint algos [138] o mod_curltest: silence unused argument compiler warning [63] o mprintf: drop old sprintf fallback [7] o mprintf: rename internal enum to avoid collision with AmigaOS symbol [183] o mprintf: silence clang-tidy `readability-suspicious-call-argument` [262] o mprintf: use `_snprintf()` when compiled with VS2013 and older [280] o mqtt: better too-big-message-check [73] o mqtt: fix EOF handling [231] o mqtt: verify Remaining Length for CONNACK and PUBACK [153] o msvc: drop exception, make `BIT()` a bitfield with Visual Studio [2] o msvc: VS2026: unlock picky warning in cmake, test in CI [198] o multi: avoid a theoretical 32-bit wrap [186] o multi: fix unreachable code compiler warning [264] o multi: probe for IPv6 functionality in multi_init() [114] o multi: split multi_runsingle into sub functions [197] o multi: update timer unconditionally in multi_remove_handle [158] o ngtcp2: stabilize recv [18] o noproxy: simplify, don't mix const non-const in strchr() [88] o openldap: avoid forward declarations in ldaps code [62] o openssl+ech: workaround for insecure handshakes [238] o openssl: adapt to OpenSSL master adding const to more APIs [253] o OpenSSL: check reuse of sessions for verify status [142] o openssl: disable local keylog feature if built-in upstream [178] o openssl: fix compiler warning with OpenSSL master [193] o openssl: fix potential NULL dereference when loading certs (Windows) [165] o openssl: fix potential OOB read in debug/verbose logging [216] o plan9: drop special build and orphaned references [33] o proxy-auth: additional tests [232] o pytest: remove 03_02 [127] o quiche: use PRIu64 for outputting the stream id [184] o rand: drop impossible preprocessor branches (wincrypt) [246] o rand: drop scan-build silencer [245] o ratelimit: download finetune [16] o request.h: rename parameter 'buf' to 'req' in Curl_req_send [219] o REUSE: drop broken reference to `MAIL-ETIQUETTE` [59] o rtsp: fix assertion failure on zero-length RTP payload [180] o rtspd: fix to check `realloc()` result [173] o runtests: pass config filename to stunnel in native format (Windows) [94] o schannel: refactor: reduce variable scopes, fix comment, fix indent [196] o send: drop `CURL_UNCONST()` from buffer argument on most platforms [116] o setopt: fix checking range for CURLOPT_MAXCONNECTS [92] o setopt: refuse blobs with zero length [167] o setup-os400.h: drop no longer used custom type `u_int32_t` [112] o sigpipe: unset SA_SIGINFO since it is using sa_handler [40] o silent.md: also mention it shuts off warning messages [213] o smb: free the path in the request struct properly [137] o smb: include arpa/inet.h for NonStop [195] o socket: check result of SO_NOSIGPIPE [124] o socketpair: clear 'err' when retrying due to EINTR [233] o socketpair: set SO_NOSIGPIPE where possible [103] o socks: ensure DNS is freed in failure cases. [247] o src: simplify declaring `curl_ca_embed` [185] o ssh: dedupe state change function [99] o stop using the word 'just' [257] o sws: prevent "connection monitor" to say disconnect twice o synctime: fix use of uninitialized buffer on non-Windows [234] o system_win32: replace manual init code with `curlx_now_init()` call [170] o tests/server/sockfilt: avoid possible endless loop on Windows [101] o tests/server: drop unused `curlx/version_win32.c` [151] o tests/server: fix to clear the complete `srvr_sockaddr_union_t` variable [207] o tests/server: tidy-up error messages (Windows) [102] o tests: avoid assignment in `if` conditions in `first.h` [126] o tests: convert base64 data to %b64[] [87] o tftp: correct the filename length check [70] o timeout handling: auto-detect effective timeout [121] o tls: add new SSLSUPP flags for several options [32] o tls: remove checks for DEFAULT [136] o tool: enable header separation for HTTPS proxies [106] o tool: improve config error messaging [208] o tool: improve error/warning messages when output filename sanitization fails [36] o tool: rename curl handle and result variable in `--libcurl`-generated code [146] o tool: return code variable consistency [84] o tool_cb_hdr: suppress header output when --out-null [10] o tool_cb_prg: drop duplicate preprocessor logic [119] o tool_dirhie: drop superfluous `F_OK` fallback (Windows) [8] o tool_doswin: avoid memory-leak with CURL_FN_SANITIZE_* [236] o tool_doswin: avoid Windowsisms in socket code (cont.) [134] o tool_doswin: avoid Windowsisms in socket code [139] o tool_doswin: document `ENABLE_VIRTUAL_TERMINAL_PROCESSING` toolchain support [44] o tool_getparam: avoid `-Wcomma` with Apple clang in C89 mode [38] o tool_operate: remove 'else' for VMS [3] o tool_operate: reset the URL --url-query between --next [237] o typos: silence false positives found in C code [164] o unit3205: suppress two clang-tidy false positives [206] o URL-SYNTAX.md: fix port number mistakes for IMAP and LDAP [200] o url.c: code/comment cleanup around conn creation [132] o url.h: fix `-Wdocumentation` [61] o url: fix reuse of connections using HTTP Negotiate [100] o urlapi: use U_CURLU_URLDECODE when toggling it off unsigned [255] o urldata.h: remove two forward-declared structs not used [4] o urldata: byebye `conn->hostname_resolve` [240] o urldata: change 'keep_post' into three distinct bitfields [21] o urldata: convert 'long' fields to fixed variable types [47] o urldata: switch to uint* types [1] o usercertinmem: use the correct cert BIO [249] o verbose.md: explain the { and } prefixes [96] o vquic: fix unused variable warning reported by clang-tidy [152] o vquic: handle SOCKEMSGSIZE correctly [129] o vtls: dedupe common on-session-reuse logic [98] o vtls: use ALPN http/1.0 & http/1.1 for HTTP/1.0 requests [123] o VULN-DISCLOSURE-POLICY.md: push reports to the web form [154] o VULN-DISCLOSURE-POLICY.md: use hackerone [202] o winapi: use FormatMessageA instead of FormatMessageW [115] o windows: `USE_WINSOCK` to guard winsock2 code (where missing) [133] o windows: determine `RtlVerifyVersionInfo` address on global init [258] o windows: tidy up `wincrypt.h` / BoringSSL/AWS-LC coexist workaround [203] o wolfssl: fix build without USE_BIO_CHAIN [27] o ws/tftp: include header file even when protocol disabled [194] o x509asn1: make encodeOID stop on too long input [199] Signed-off-by: Adolf Belka --- lfs/curl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lfs/curl b/lfs/curl index eda7cfec1..3498e12fd 100644 --- a/lfs/curl +++ b/lfs/curl @@ -24,7 +24,7 @@ include Config -VER = 8.18.0 +VER = 8.19.0 THISAPP = curl-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 16e1539616c1800dfa08a5bd3e38ff75d2906a4a574b1541509c69200aebe680b0a5efdf1b1e0c89f3cccb6001bfe1c1459b9fd815053c964e1a1434be1e2e0e +$(DL_FILE)_BLAKE2 = d4a943af9a109893112876784dbe106276317e6cd5a2663f4de143c93abb4e266945fa65b4a5fa842f99240c961b027a1b2492e3e32f5247a91c394895e2b8b0 install : $(TARGET) -- 2.53.0