From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH] curl: Update to version 8.8.0
Date: Fri, 07 Jun 2024 11:30:21 +0100 [thread overview]
Message-ID: <3C9AE99D-6247-45BD-AFB8-DFB7348147E5@ipfire.org> (raw)
In-Reply-To: <20240606135032.549882-1-adolf.belka@ipfire.org>
[-- Attachment #1: Type: text/plain, Size: 67712 bytes --]
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
> On 6 Jun 2024, at 14:50, Adolf Belka <adolf.belka(a)ipfire.org> wrote:
>
> - Update from version 8.2.1 to 8.8.0
> - Update of rootfile
> - Removal of patch as the content now included in the source tarball.
> - Changelog
> 8.8.0
> Changes:
> curl_version_info: provide librtmp version
> file: add support for directory listings
> idn: add native AppleIDN (icucore) support for macOS/iOS
> lib: add curl_multi_waitfds
> mbedTLS: implement CURLOPT_SSL_CIPHER_LIST option
> NTLM_WB: drop support
> TLS: add support for ECH (Encrypted Client Hello)
> urlapi: add CURLU_GET_EMPTY for empty queries and fragments
> Bugfixes:
> appveyor: drop unnecessary `--clean-first` cmake option
> appveyor: guard against crash-build with VS2008
> appveyor: make gcc 6 mingw64 job build-only
> asyn-thread: fix curl_global_cleanup crash in Windows
> asyn-thread: fix Curl_thread_create result check
> autotools: delete unused functions
> autotools: fix `HAVE_IOCTLSOCKET_FIONBIO` test for gcc 14
> autotools: only probe for SGI MIPS compilers on IRIX
> bearssl: fix compiler warnings
> bearssl: use common code for cipher suite lookup
> bufq: remove duplicate word in comment
> BUG-BOUNTY.md: clarify the third party situation
> build: prefer `USE_IPV6` macro internally (was: `ENABLE_IPV6`)
> build: remove MacOSX-Framework script
> cd2nroff/manage: use UTC when SOURCE_DATE_EPOCH is set
> cf-https-connect: use timeouts as unsigned ints
> cf-socket: don't try getting local IP without socket
> cf-socket: remove references to l_ip, l_port
> ci: add curl-for-win builds: Linux MUSL, macOS, Windows
> cmake: add `BUILD_EXAMPLES` option to build examples
> cmake: add librtmp/rtmpdump option and detection
> cmake: check fseeko after detecting HAVE_FILE_OFFSET_BITS
> cmake: do not pass linker flags to the static library tool
> cmake: enable `-pedantic-errors` for clang when `CURL_WERROR=ON`
> cmake: FindNGHTTP2 add static lib name to find_library call
> cmake: fix `CURL_WERROR=ON` for old CMake and use it in GHA/linux-old
> cmake: fix `HAVE_IOCTLSOCKET_FIONBIO` test with gcc 14
> cmake: fixup `DEPENDS` filename
> cmake: forward `USE_LIBRTMP` option to C
> cmake: generate misc manpages and install `mk-ca-bundle.pl`
> cmake: initialize `BUILD_TESTING` before first use
> cmake: speed up libcurl doc building again
> cmake: tidy-up to use `WORKING_DIRECTORY`
> cmake: use namespaced custom target names
> cmdline-docs: fix make install with configure --disable-docs
> configure: error on missing perl if docs or manual is enabled
> configure: make --disable-docs imply --disable-manual
> content_encoding: brotli and others, pass through 0-length writes
> content_encoding: ignore duplicate chunked encoding
> content_encoding: reject transfer-encoding after chunked
> contrithanks: honor `CURLWWW` variable
> curl-confopts.m4: define CARES_NO_DEPRECATED when c-ares is used
> curl.h: change CURL_SSLVERSION_* from enum to defines
> curl: make --help adapt to the terminal width
> curl: use curl_getenv instead of the curlx_ version
> Curl_creader_read: init two variables to avoid using them uninited
> curl_easy_pause.md: use correct defines in example
> curl_getdate.md: document two-digit year handling
> curl_global_trace.md: shorten the description
> curl_multibyte: remove access() function wrapper for Windows
> curl_path: make Curl_get_pathname use dynbuf
> curl_setup.h: add support for IAR compiler
> curl_setup.h: detect 'inline' support
> curl_sha512_256: do not use workaround for NetBSD when not needed
> curl_sha512_256: fix detection of OpenSSL 1.1.1 or later
> curl_url_get.md: clarify queries and fragments and CURLU_GET_EMPTY
> CURLINFO_REQUEST_SIZE: fixed, add tests for transfer infos reported
> CURLOPT_WRITEFUNCTION.md: fix the callback proto in the example
> cw-out: improved error handling
> DEPRECATE.md: TLS libraries without 1.3 support
> digest: replace strcpy for empty string with simple assignment
> dist: `set -eu`, fix shellcheck, make reproducible and smaller tarballs
> dist: add files missing from release tarball
> dist: add reproducible dir entries to tarballs
> dist: do not require Perl in `maketgz`
> dist: remove the curl-config.1 from the tarball
> dist: verify tarball reproducibility in CI
> DISTROS: add patch and issues link for curl-for-win
> DISTROS: Cygwin updates
> dllmain: Call OpenSSL thread cleanup for Windows and Cygwin
> doc: pytest `--repeat` -> `--count`
> docs/cmdline-opts: invoke managen using a relative path
> docs/cmdline-opts: mention STARTTLS for --ssl and --ssl-reqd
> docs: add CURLOPT_NOPROGRESS to CURLOPT_XFERINFOFUNCTION example
> docs: clarify CURLOPT_MAXFILESIZE and CURLOPT_MAXFILESIZE_LARGE
> docs: fix some CURLINFO examples
> doh: fix typo in comment
> doh: remove unused function prototype
> dynbuf: fix returncode on memory error
> examples: fix/silence `-Wsign-conversion`
> EXPERIMENTAL: add graduation requirements for each feature
> file: remove useless assignment
> ftp: add tracing support
> ftp: fix build for CURL_DISABLE_VERBOSE_STRINGS
> ftp: fix socket leak on rare error
> GHA: add NetBSD, OpenBSD, FreeBSD/arm64 and OmniOS jobs
> GHA: add shellcheck job and fix warnings, shell tidy-ups
> GHA: add valgrind to a wolfSSL build
> GHA: on macOS remove $HOME/.curlrc
> GHA: pin dependencies
> gnutls: lazy init the trust settings
> h3/ngtcp2: improve error handling
> hash: change 'slots' to size_t from int
> hash: delete unused debug function
> hsts: explicitly skip blank lines
> hsts: remove single-use single-line function
> http tests: in CI skip test_02_23* for quiche
> http2 + ngtcp2: pass CURLcode errors from callbacks
> http2, http3: decouple stream state from easy handle
> http2: emit RST when client write fails
> http3: quiche+ngtcp2 improvements
> http: acknowledge a returned error code
> http: HEAD response body tolerance
> http: reject HTTP major version switch mid connection
> http: remove redundant check
> http: with chunked POST forced, disable length check on read callback
> http_aws_sigv4: remove useless assignment
> idn: make Curl_idnconvert_hostname() use Curl_idn_decode()
> if2ip: make the buf_size arg a size_t
> INSTALL-CMAKE.md: explain `cmake -G <generator-name>`
> krb5: use dynbuf
> ldap: fix unused variables (seen on OmniOS)
> lib/cf-h1-proxy: silence compiler warnings (gcc 14)
> lib: add trace support for client reads and writes
> lib: bump hash sizes to `size_t`
> lib: clear the easy handle's saved errno before transfer
> lib: fix compiler warnings (gcc)
> lib: make protocol handlers store scheme name lowercase
> lib: merge `ENABLE_QUIC` C macro into `USE_HTTP3`
> lib: remove two instances of "only only" messages
> lib: silence `-Wsign-conversion` in base64, strcase, mprintf
> lib: silence warnings on comma misuse
> lib: use `#error` instead of invalid syntax in `curl_setup_once.h`
> lib: use multi instead of multi_easy for the active multi
> libcurl-opts: mention pipelining less
> libssh2: delete redundant feature guard
> libssh2: replace `access()` with `stat()`
> libssh2: set length to 0 if strdup failed
> m4: fix rustls pkg-config codepath
> MAIL-ETIQUETTE: convert to markdown
> makefile: remove the sorting from the vc-ide action
> maketgz: put docs/RELEASE-TOOL.md into the tarball
> managen: fix the option sort order
> mbedtls: call mbedtls_ssl_setup() after RNG callback is set
> mbedtls: cut off trailing newlines from debug logs
> mbedtls: fix building with v3 in CMake Unity mode
> mbedtls: support TLS 1.3
> mime: avoid using access()
> misc: fix typos
> misc: fix typos, quoting and spelling
> mprintf: check fputc error rather than matching returned character
> mqtt: when Curl_xfer_recv returns error, don't use nread
> multi: avoid memory-leak risk
> multi: introduce SETUP state for better timeouts
> multi: multi_wait improvements
> multi: remove the unused Curl_preconnect function
> multi: remove useless assignment
> multi: timeout handles even without connection
> openldap: create ldap URLs correctly for IPv6 addresses
> openssl: do not set SSL_MODE_RELEASE_BUFFERS
> openssl: revert keylog_callback support for LibreSSL
> OS400: fix shellcheck warnings in scripts
> projects: drop MSVC project files for recent versions
> pytest: add DELETE tests, check server version
> pytest: fixes for recent python, add FTP tests
> quic: fixup duplicate static function name (for cmake unity)
> quiche: expire all active transfers on connection close
> quiche: trust its timeout handling
> RELEASE-PROCEDURE: mention an initial working build
> request: make Curl_req_init return void
> request: paused upload on completed download, assess connection
> reuse: add copyright + license info to individual docs/*.md files
> ROADMAP: remove completed entries, mention websocket
> rustls: fix handshake done handling
> rustls: fix partial send handling
> rustls: remove incorrect SSLSUPP_TLS13_CIPHERSUITES flag
> rustsls: fix error code on receive
> sendf: fix two typos in comments
> sendf: useless assignment in cr_lc_read()
> setopt: acknowledge errors proper for CURLOPT_COOKIEJAR
> setopt: make the setstropt_userpwd args compulsory
> setopt: remove check for 'option' that is always true
> setopt: warn on Curl_set*opt() uses not using the return value
> smtp: result of Curl_bufq_cread was not used
> socket: remove redundant call to getsockname
> socketpair: fix compilation when USE_UNIX_SOCKETS is not defined
> src: tidy up types, add necessary casts
> telnet: check return code from fileno()
> tests/http: fix compiler warning
> tests: add -q as first option when invoking curl for tests
> tests: check caddy server version to match test expectations
> tests: enable test 1117 for hyper
> tests: fix feature case in test1481
> tests: fix test 1167 to skip digit-only symbols
> tests: make the unit test result type `CURLcode`
> tests: Mark tftpd timer function as noreturn
> tests: tidy up types in server code
> tls: fix SecureTransport + BearSSL cmake unity builds
> tls: remove EXAMPLEs from deprecated options
> tls: use shared init code for TCP+QUIC
> tool: move tool_ftruncate64 to tool_util.c
> tool_cb_rea: limit rate unpause for -T . uploads
> tool_cfgable: free {proxy_}cipher13_list on exit
> tool_getparam: output warning for leading unicode quote character
> tool_getparam: remove two redundant conditions
> tool_operate: don't truncate the etag save file by default
> tool_operate: init vars unconditionally in post_per_transfer
> tool_paramhlp: remove duplicate assign
> tool_xattr: "guess" URL scheme if none is provided
> tool_xattr: in debug builds, act normally if CURL_FAKE_XATTR is not set
> transfer: remove useless assignment
> url: do not URL decode proxy crendentials
> url: fix use of an uninitialized variable
> url: make parse_login_details use memdup0
> url: remove duplicate call to Curl_conncache_remove_conn when pruning
> urlapi: allow setting port number zero
> urlapi: fix relative redirects to fragment-only
> urldata: remove fields not used depending on used features
> vauth: make two functions void that always just returned OK
> version: use msnprintf instead of strncpy
> vquic-tls: use correct cert name check API for wolfSSL
> vquic: use CURL_FORMAT_CURL_OFF_T for 64 bit printf output
> vtls: TLS session storage overhaul
> wakeup_create: use FD_CLOEXEC/SOCK_CLOEXEC
> warnless: delete orphan declarations
> websocket: avoid memory leak in error path
> winbuild: add ENABLE_WEBSOCKETS option
> winbuild: use $(RC) correctly
> wolfssl: plug memory leak in wolfssl_connect_step2()
> x509asn1: return error on missing OID
> 8.7.1
> Bugfixes:
> Fixed empty tool_hugehelp.c file
> 8.7.0
> Changes:
> configure: add --disable-docs flag
> CURLINFO_USED_PROXY: return bool whether the proxy was used
> digest: support SHA-512/256
> DoH: add trace configuration
> write-out: add '%{proxy_used}'
> Bugfixes:
> ALTSVC.md: correct a typo
> asyn-ares: fix data race warning
> asyn-thread: use wakeup_close to close the read descriptor
> badwords: use hostname, not host name
> BINDINGS: add mcurl, the python binding
> bufq: writing into a softlimit queue cannot be partial
> c-hyper: add header collection writer in hyper builds
> cd2nroff: gen: make `\>` in input to render as plain '>' in output
> cd2nroff: remove backticks from titles
> checksrc.pl: fix handling .checksrc with CRLF
> cmake: add USE_OPENSSL_QUIC support
> cmake: add warning for using TLS libraries without 1.3 support
> cmake: enable `ENABLE_CURL_MANUAL` by default
> cmake: fix `CURL_WINDOWS_SSPI=ON` with Schannel disabled
> cmake: fix function description in comment
> cmake: fix install for older CMake versions
> cmake: fix libcurl.pc and curl-config library specifications
> cmdline-docs/Makefile: avoid using a fixed temp file name
> cmdline-docs: quote and angle bracket cleanup
> cmdline-opts/_EXITCODES: sync with libcurl-errors
> cmdline-opts/_VARIABLES.md: improve the description
> cmdline-opts/_VERSION: provide %VERSION correctly
> cmdline-opts: shorter help texts
> configure: add pkg-config support to rustls detection
> configure: add warning for using TLS libraries without 1.3 support
> configure: build & install shell completions when enabled
> configure: do not link with nghttp3 unless necessary
> configure: Don't build shell completions when disabled
> configure: Don't make shell completions without perl
> configure: find libpsl with pkg-config
> connect.c: fix typo
> CONTRIBUTE: update the section on documentation format
> cookie.md: provide an example sending a fixed cookie
> cookie: if psl fails, reject the cookie
> curl: exit on config file parser errors
> curl: make --libcurl output better CURLOPT_*SSLVERSION
> curl: when allocating variables, add the name into the struct
> curl_setup.h: add curl_uint64_t internal type
> curldown: fix email address in Copyright
> CURLMOPT_MAX*: mention what happens if changed mid-transfer
> CURLOPT_INTERFACE.md: remove spurious amp, add see-also
> CURLOPT_POSTQUOTE.md: fix typo
> CURLOPT_SSL_CTX_FUNCTION.md: no promises of lifetime after return
> CURLOPT_WRITEFUNCTION.md: typo fix
> digest: add check for hashing error
> dist: make sure the http tests are in the tarball
> DISTROS: add document with distro pointers
> docs/libcurl: add TLS backend info for all TLS options
> docs/libcurl: generate PROTOCOLS from meta-data
> docs: add missing slashes to SChannel client certificate documentation
> docs: add necessary setup for nghttp3
> docs: ascii version of manpage without nroff
> docs: dist curl*.1 and install without perl
> docs: make curldown do angle brackets like markdown
> docs: make each libcurl man specify protocol(s)
> docs: make sure curl.1 is included in dist tarballs
> docs: update minimal binary size in INSTALL.md
> docs: use present tense
> examples: use present tense in comments
> file: use xfer buf for file:// transfers
> fopen: fix narrowing conversion warning on 32-bit Android
> form-string.md: correct the example
> ftp: do lineend conversions in client writer
> ftp: fix socket wait activity in ftp_domore_getsock
> ftp: tracing improvements
> ftp: treat a 226 arriving before data as a signal to read data
> gen.pl: make the "manpageification" faster
> gen: make `\>` in input to render as plain '>' in output
> getparam: make --ftp-ssl work again
> GHA/linux: add sysctl trick to work-around GitHub runner issue
> GIT-INFO: convert to markdown
> GOVERNANCE: document the core team
> header.md: remove backslash, make nicer markdown
> HTTP/2: write response directly
> http2, http3: return CURLE_PARTIAL_FILE when bytes were received
> http2: fix push discard
> http2: memory errors in the push callbacks are fatal
> http2: minor tweaks to optimize two struct sizes
> http2: push headers better cleanup
> http2: remove the third (unused) argument from http2_data_done()
> HTTP3.md: adjust the OpenSSL QUIC install instructions
> http: better error message for HTTP/1.x response without status line
> http: improve response header handling, save cpu cycles
> http: move headers collecting to writer
> http: remove stale comment about rewindbeforesend
> http: separate response parsing from response action
> http_chunks: fix the accounting of consumed bytes
> http_chunks: remove unused 'endptr' variable
> https-proxy: use IP address and cert with ip in alt names
> hyper: implement unpausing via client reader
> ipv6.md: mention IPv4 mapped addresses
> KNOWN_BUGS: POP3 issue when reading small chunks
> lib1598: fix `CURLOPT_POSTFIELDSIZE` usage
> lib582: remove code causing warning that is never run
> lib: add `void *ctx` to reader/writer instances
> lib: convert Curl_get_line to use dynbuf
> lib: Curl_read/Curl_write clarifications
> lib: enhance client reader resume + rewind
> lib: initialize output pointers to NULL before calling strto[ff,l,ul]
> lib: keep conn IP information together
> lib: move 'done' parameter to SingleRequests
> lib: remove curl_mimepart object when CURL_DISABLE_MIME
> libcurl-docs: cleanups
> libcurl-security.md: Active FTP passes on the local IP address
> libssh/libssh2: return error on too big range
> MANUAL.md: fix typo
> mbedtls: fix building when MBEDTLS_X509_REMOVE_INFO flag is defined
> mbedtls: fix pytest for newer versions
> mbedtls: properly cleanup the thread-shared entropy
> mbedtls: use mbedtls_ssl_conf_{min|max}_tls_version
> md4: include strdup.h for the memdup proto
> mime: add client reader
> misc: fix typos in docs and lib
> mkhelp: simplify the generated hugehelp program
> mprintf: fix format prefix I32/I64 for windows compilers
> multi: add xfer_buf to multi handle
> multi: fix multi_sock handling of select_bits
> multi: make add_handle free any multi_easy
> ngtcp2: no recvbuf for stream
> ntml_wb: fix buffer type typo
> OpenSSL QUIC: adapt to v3.3.x
> openssl-quic: check on Windows that socket conv to int is possible
> openssl-quic: fix BIO leak and Windows warning
> openssl-quic: fix unity build, casing, indentation
> OS400: avoid using awk in the build scripts
> paramhlp: fix CRLF-stripping files with "-d @file"
> proxy1.0.md: fix example
> pytest: adapt to API change
> request: clarify message when request has been sent off
> rustls: make curl compile with 0.12.0
> schannel: fix hang on unexpected server close
> scripts: fix cijobs.pl for Azure and GHA
> sendf: ignore response body to HEAD
> setopt: fix check for CURLOPT_PROXY_TLSAUTH_TYPE value
> setopt: fix disabling all protocols
> sha512_256: add support for GnuTLS and OpenSSL
> smtp: fix STARTTLS
> SPONSORS: describe the basics
> strtoofft: fix the overflow check
> test 1541: verify getinfo values on first header callback
> test1165: improve pattern matching
> tests: support setting/using blank content env variables
> TIMER_STARTTRANSFER: set the same for everyone
> TLS: start shutdown only when peer did not already close
> TODO: update 13.11 with more information
> tool_cb_hdr: only parse etag + content-disposition for 2xx
> tool_getparam: accept a blank -w ""
> tool_getparam: handle non-existing (out of range) short-options
> tool_operate: change precedence of server Retry-After time
> tool_operate: do not set CURLOPT_QUICK_EXIT in debug builds
> trace-config.md: remove the mutexed options list
> transfer.c: break receive loop in speed limited transfers
> transfer: improve Windows SO_SNDBUF update limit
> urldata: move authneg bit from conn to Curl_easy
> version: allow building with ancient libpsl
> vquic-tls: fix the error code returned for bad CA file
> vtls: fix tls proxy peer verification
> vtls: revert "receive max buffer" + add test case
> VULN-DISCLOSURE-POLICY.md: update detail about CVE requests
> websocket: fix curl_ws_recv()
> wolfSSL: do not call the stub function wolfSSL_BIO_set_init()
> write-out.md: clarify error handling details
> 8.6.0
> Changes:
> add CURLE_TOO_LARGE
> add CURLINFO_QUEUE_TIME_T
> add CURLOPT_SERVER_RESPONSE_TIMEOUT_MS: add
> asyn-thread: use GetAddrInfoExW on >= Windows 8
> configure: make libpsl detection failure cause error
> docs/cmdline: change to .md for cmdline docs
> docs: introduce "curldown" for libcurl man page format
> runtests: support -gl. Like -g but for lldb.
> Bugfixes:
> altsvc: free 'as' when returning error
> appveyor: replace PowerShell with bash + parallel autotools
> appveyor: switch to out-of-tree builds
> asyn-ares: with modern c-ares, use its default timeout
> build: delete unused `HAVE_{GSSHEIMDAL,GSSMIT,HEIMDAL}`
> build: delete/replace clang warning pragmas
> build: enable missing OpenSSF-recommended warnings, with fixes
> build: fix `-Wconversion`/`-Wsign-conversion` warnings
> build: fix Windows ADDRESS_FAMILY detection
> build: more `-Wformat` fixes
> build: remove redundant `CURL_PULL_*` settings
> cf-h1-proxy: no CURLOPT_USERAGENT in CONNECT with hyper
> cf-socket: show errno in tcpkeepalive error messages
> CI/distcheck: run full tests
> cmake: add option to disable building docs
> cmake: fix generation for system name iOS
> cmake: fix typo
> cmake: freshen up docs/INSTALL.cmake
> cmake: prefill/cache `HAVE_STRUCT_SOCKADDR_STORAGE`
> cmake: rework options to enable curl and libcurl docs
> cmake: when USE_MANUAL=YES, build the curl.1 man page
> cmdline-opts/write-out.d: remove spurious double quotes
> cmdline-opts: update availability for the *-ca-native options
> cmdline/gen: fix the sorting of the man page options
> configure: add libngtcp2_crypto_boringssl detection
> configure: fix no default int compile error in ipv6 detection
> configure: when enabling QUIC, check that TLS supports QUIC
> connect: remove margin from eyeballer alloc
> content_encoding: change return code to typedef'ed enum
> cookie.d: document use of empty string to enable cookie engine
> cookie: avoid fopen with empty file name
> curl.h: CURLOPT_DNS_SERVERS is only available with c-ares
> curl: show ipfs and ipns as supported "protocols"
> curl_easy_getinfo.3: remove the wrong time value count
> curl_multi_fdset.3: remove mention of null pointer support
> CURLINFO_REFERER.3: clarify that it is the *request* header
> CURLOPT_AUTOREFERER.3: mention CURLINFO_REFERER
> CURLOPT_POSTFIELDS.3: fix incorrect C string escape in example
> CURLOPT_SSH_*_KEYFILE: clarify
> dist: add tests/errorcodes.pl to the tarball
> docs: clean up Protocols: for cmdline options
> docs: describe and highlight super cookies
> docs: do not start lines/sentences with So, But nor And
> docs: install curl.1 with cmake
> docs: mention env vars not used by schannel
> doh: remove unused local variable
> examples: add four new examples
> file+ftp: use stack buffers instead of data->state.buffer
> ftp: handle the PORT parsing without allocation
> ftp: use dynbuf to store entrypath
> ftp: use memdup0 to store the OS from a SYST 215 response
> ftpserver.pl: send 213 SIZE response without spurious newline
> gen.pl: support ## for doing .IP in table-like lists
> gen: do italics/bold for a range of letters, not just single word
> GHA: add a job scanning for "bad words" in markdown
> GHA: bump ngtcp2, gnutls, mod_h2, quiche
> gnutls: fix build with --disable-verbose
> haproxy-clientip.d: document the arg
> headers: make sure the trailing newline is not stored
> headers: remove assert from Curl_headers_push
> hostip: return error immediately when Curl_ip2addr() fails
> hsts: remove assert for zero length domain
> http2: improved on_stream_close/data_done handling
> http3/quiche: fix result code on a stream reset
> http3: initial support for OpenSSL 3.2 QUIC stack
> http: adjust_pollset fix
> http: check for "Host:" case insensitively
> http: fix off-by-one error in request method length check
> http: only act on 101 responses when they are HTTP/1.1
> http: remove comment reference to a removed solution
> http: use stack scratch buffer
> http_proxy: a blank CURLOPT_USERAGENT should not be used in CONNECT
> krb5: add prototype to silence clang warnings on mvsnprintf()
> lib: add debug log outputs for CURLE_BAD_FUNCTION_ARGUMENT
> lib: error out on multissl + http3
> lib: fix variable undeclared error caused by `infof` changes
> lib: reduce use of strncpy
> lib: rename Curl_strndup to Curl_memdup0 to avoid misunderstanding
> lib: replace readwrite with write_resp
> lib: strndup/memdup instead of malloc, memcpy and null-terminate
> libssh2: use `libssh2_session_callback_set2()` with v1.11.1
> libssh: improve the deprecation warning dismissal
> libssh: supress warnings without version check
> Makefile.am: fix the MSVC project generation
> Makefile.mk: drop Windows support
> mbedtls: fix `-Wnull-dereference` and `-Wredundant-decls`
> mbedtls: free the entropy when threaded
> mime: use memdup0 instead of malloc + memcpy
> mksymbolsmanpage.pl: provide references to where the symbol is used
> mprintf: overhaul and bugfixes
> mqtt: use stack scratch buffer for recv+publish
> multi: remove total timer reset in file_do() while fetching file://
> ngtcp2: put h3 at the front of alpn
> ntlm_wb: do not use data->state.buffer any longer
> openldap: fix an LDAP crash
> openldap: fix STARTTLS
> openssl: re-match LibreSSL deinit with init
> openssl: when verifystatus fails, remove session id from cache
> OS400: sync ILE/RPG binding
> pingpong: stop using the download buffer
> pop3: replace calloc + memcpy with memdup0
> pytest: scorecard tracking CPU and RSS
> quiche: return CURLE_HTTP3 on send to invalid stream
> readwrite_data: loop less
> Revert "urldata: move async resolver state from easy handle to connectdata"
> rtsp: deal with borked server responses
> runtests: for mode="text" on <stdout>, fix newlines on both parts
> sasl: make login option string override http auth
> schannel: fix `-Warith-conversion` gcc 13 warning
> sectransp: do verify_cert without memdup for blobs
> sectransp_ make TLSCipherNameForNumber() available in non-verbose config
> sendf: fix compiler warning with CURL_DISABLE_HEADERS_API
> setopt: clear mimepost when formp is freed
> setopt: use memdup0 when cloning COPYPOSTFIELDS
> socks: fix generic output string to say SOCKS instead of SOCKS4
> socks: use own buffer instead of data->state.buffer
> ssh: fix namespace of two local macros
> ssh: use stack scratch buffer for seeks
> strerror: repair get_winsock_error()
> system.h: sync mingw `CURL_TYPEOF_CURL_SOCKLEN_T` with other compilers
> system_win32: fix a function pointer assignment warning
> telnet: use dynbuf instad of malloc for escape buffer
> telnet: use stack scratch buffer for do
> tests/server: delete workaround for old-mingw
> tests: avoid int/size_t conversion size/sign warnings
> tests: respect $TMPDIR when creating unix domain sockets
> tool: make parser reject blank arguments if not supported
> tool: prepend output_dir in header callback
> tool_getparam: bsearch cmdline options
> tool_getparam: do not try to expand without an argument
> tool_getparam: stop supporting `@filename` style for --cookie
> tool_listhelp: regenerate after recent .d updates
> tool_operate: make --remove-on-error only remove "real" files
> tool_operate: stop setting the file comment on Amiga
> transfer: adjust_pollset improvements
> transfer: fix upload rate limiting, add test cases
> transfer: make the select_bits_paused condition check both directions
> transfer: remove warning: Value stored to 'blen' is never read
> url: don't set default CA paths for Secure Transport backend
> url: for disabled protocols, mention if found in redirect
> urlapi: remove assert
> verify-examples.pl: fail verification on unescaped backslash
> version: show only the libpsl version, not its dependencies
> vquic: extract TLS setup into own source
> vtls: fix missing multissl version info
> vtls: receive max buffer
> vtls: remove the Curl_cft_ssl_proxy object if CURL_DISABLE_PROXY
> websockets: check for negative payload lengths
> websockets: refactor decode chain
> windows: delete redundant headers
> windows: simplify detecting and using system headers
> wolfssl: load certificate *chain* for PEM client certs
> x509asn1: remove code for WANT_VERIFYHOST
> x509asn1: switch from malloc to dynbuf
> 8.5.0
> Changes:
> gnutls: support CURLSSLOPT_NATIVE_CA
> HTTP3: ngtcp2 builds are no longer experimental
> Bugfixes:
>
> appveyor: make VS2008-built curl tool runnable
> asyn-thread: use pipe instead of socketpair for IPC when available
> autotools: accept linker flags via `CURL_LDFLAGS_{LIB,BIN}`
> autotools: avoid passing `LDFLAGS` twice to libcurl
> autotools: delete LCC compiler support bits
> autotools: fix/improve gcc and Apple clang version detection
> autotools: stop setting `-std=gnu89` with `--enable-warnings`
> autotools: update references to deleted `crypt-auth` option
> BINDINGS: add V binding
> build: add `src/.checksrc` to source tarball
> build: add more picky warnings and fix them
> build: always revert `#pragma GCC diagnostic` after use
> build: delete `HAVE_STDINT_H` and `HAVE_INTTYPES_H`
> build: delete support bits for obsolete Windows compilers
> build: fix 'threadsafe' feature detection for older gcc
> build: fix builds that disable protocols but not digest auth
> build: fix compiler warning with auths disabled
> build: fix libssh2 + `CURL_DISABLE_DIGEST_AUTH` + `CURL_DISABLE_AWS`
> build: picky warning updates
> build: require Windows XP or newer
> cfilter: provide call to tell connection to forget a socket
> CI: add autotools, out-of-tree, debug build to distro check job
> CI: ignore test 286 on Appveyor gcc 9 build
> cmake: add `CURL_DISABLE_BINDLOCAL` option
> cmake: add test for `DISABLE` options, add `CURL_DISABLE_HEADERS_API`
> cmake: dedupe Windows system libs
> cmake: fix `HAVE_H_ERRNO_ASSIGNABLE` detection
> cmake: fix CURL_DISABLE_GETOPTIONS
> cmake: fix multiple include of CURL package
> cmake: fix OpenSSL quic detection in quiche builds
> cmake: option to disable install & drop `curlu` target when unused
> cmake: pre-fill rest of detection values for Windows
> cmake: replace `check_library_exists_concat()`
> cmake: speed up threads setup for Windows
> cmake: speed up zstd detection
> config-win32: set `HAVE_SNPRINTF` for mingw-w64
> configure: better --disable-http
> configure: check for the fseeko declaration too
> conncache: use the closure handle when disconnecting surplus connections
> content_encoding: make Curl_all_content_encodings allocless
> cookie: lowercase the domain names before PSL checks
> curl.h: delete Symbian OS references
> curl.h: on FreeBSD include sys/param.h instead of osreldate.h
> curl.rc: switch out the copyright symbol for plain ASCII
> curl: improved IPFS and IPNS URL support
> curl_easy_duphandle.3: clarify how HSTS and alt-svc are duped
> Curl_http_body: cleanup properly when Curl_getformdata errors
> curl_setup: disallow Windows IPv6 builds missing getaddrinfo
> curl_sspi: support more revocation error names in error messages
> CURLINFO_PRETRANSFER_TIME_T.3: fix time explanation
> CURLMOPT_MAX_CONCURRENT_STREAMS: make sure the set value is within range
> CURLOPT_CAINFO_BLOB.3: explain what CURL_BLOB_COPY does
> CURLOPT_WRITEFUNCTION.3: clarify libcurl returns for CURL_WRITEFUNC_ERROR
> CURPOST_POSTFIELDS.3: add CURLOPT_COPYPOSTFIELDS in SEE ALSO
> docs/example/keepalive.c: show TCP keep-alive options
> docs/example/localport.c: show off CURLOPT_LOCALPORT
> docs/examples/interface.c: show CURLOPT_INTERFACE use
> docs/libcurl: fix three minor man page format mistakes
> docs/libcurl: SYNSOPSIS cleanup
> docs: add supported version for the json write-out
> docs: clarify that curl passes on input unfiltered
> docs: fix function typo in curl_easy_option_next.3
> docs: KNOWN_BUGS cleanup
> docs: preserve the modification date when copying the prebuilt man page
> docs: remove bold from some man page SYNOPSIS sections
> docs: use SOURCE_DATE_EPOCH for generated manpages
> doh: provide better return code for responses w/o addresses
> doh: use PIPEWAIT when HTTP/2 is attempted
> duphandle: also free 'outcurl->cookies' in error path
> duphandle: make dupset() not return with pointers to old alloced data
> duphandle: use strdup to clone *COPYPOSTFIELDS if size is not set
> easy: in duphandle, init the cookies for the new handle
> easy: remove duplicate wolfSSH init call
> easy_lock: add a pthread_mutex_t fallback
> fopen: create new file using old file's mode
> fopen: create short(er) temporary file name
> getenv: PlayStation doesn't have getenv()
> GHA: move mod_h2 version in CI to v2.0.25
> hostip: show the list of IPs when resolving is done
> hostip: silence compiler warning `-Wparentheses-equality`
> hsts: skip single-dot hostname
> HTTP/2, HTTP/3: handle detach of onoing transfers
> http2: header conversion tightening
> http2: provide an error callback and failf the message
> http2: safer invocation of populate_binsettings
> http: allow longer HTTP/2 request method names
> http: avoid Expect: 100-continue if Upgrade: is used
> http: consider resume with CURLOPT_FAILONERRROR and 416 to be fine
> http: fix `-Wunused-parameter` with no auth and no proxy
> http: fix `-Wunused-variable` compiler warning
> http: fix empty-body warning
> http_aws_sigv4: canonicalise valueless query params
> hyper: temporarily remove HTTP/2 support
> INSTALL: update list of ports and CPU archs
> IPFS: fix IPFS_PATH and file parsing
> keylog: disable if unused
> lib: add and use Curl_strndup()
> lib: apache style infof and trace macros/functions
> lib: fix gcc warning in printf call
> libcurl-errors.3: sync with current public headers
> libcurl-thread.3: simplify the TLS section
> Makefile.am: drop vc10, vc11 and vc12 projects from dist
> Makefile.mk: fix `-rtmp` option for non-Windows
> mime: store "form escape" as a single bit
> misc: fix -Walloc-size warnings
> msh3: error when built with CURL_DISABLE_SOCKETPAIR set
> multi: during ratelimit multi_getsock should return no sockets
> multi: use pipe instead of socketpair to *wakeup()
> ngtcp2: fix races in stream handling
> ntlm_wb: use pipe instead of socketpair when possible
> openldap: move the alloc of ldapconninfo to *connect()
> openldap: set the callback argument in oldap_do
> openssl: avoid BN_num_bits() NULL pointer derefs
> openssl: fix building with v3 `no-deprecated` + add CI test
> openssl: fix infof() to avoid compiler warning for %s with null
> openssl: identify the "quictls" backend correctly
> openssl: include SIG and KEM algorithms in verbose
> openssl: make CURLSSLOPT_NATIVE_CA import Windows intermediate CAs
> openssl: two multi pointer checks should probably rather be asserts
> openssl: when a session-ID is reused, skip OCSP stapling
> page-footer: clarify exit code 25
> projects: add VC14.20 project files
> pytest: use lower count in repeat tests
> quic: make eyeballers connect retries stop at weird replies
> quic: manage connection idle timeouts
> quiche: use quiche_conn_peer_transport_params()
> rand: fix build error with autotools + LibreSSL
> resolve.d: drop a multi use-sentence
> RTSP: improved RTP parser
> sasl: fix `-Wunused-function` compiler warning
> schannel: add CA cache support for files and memory blobs
> setopt: check CURLOPT_TFTP_BLKSIZE range on set
> setopt: remove outdated cookie comment
> setopt: remove superfluous use of ternary expressions
> socks: better buffer size checks for socks4a user and hostname
> socks: make SOCKS5 use the CURLOPT_IPRESOLVE choice
> symbols-in-versions: the CLOSEPOLICY options are deprecated
> test1683: remove commented-out check alternatives
> test3103: add missing quotes around a test tag attribute
> test613: stop showing an error on missing output file
> tests/README: SOCKS tests are not using OpenSSH, it has its own server
> tests/server: add more SOCKS5 handshake error checking
> tests: Fix Windows test helper tool search & use it for handle64
> tidy-up: casing typos, delete unused Windows version aliases
> tool: fix --capath when proxy support is disabled
> tool: support bold headers in Windows
> tool_cb_hdr: add an additional parsing check
> tool_cb_prg: make the carriage return fit for wide progress bars
> tool_cb_wrt: fix write output for very old Windows versions
> tool_getparam: limit --rate to be smaller than number of ms
> tool_operate: do not mix memory models
> tool_operate: fix links in ipfs errors
> tool_parsecfg: make warning output propose double-quoting
> tool_urlglob: fix build for old gcc versions
> tool_urlglob: make multiply() bail out on negative values
> tool_writeout_json: fix JSON encoding of non-ascii bytes
> transfer: abort pause send when connection is marked for closing
> transfer: avoid calling the read callback again after EOF
> transfer: only reset the FTP wildcard engine in CLEAR state
> url: don't touch the multi handle when closing internal handles
> url: find scheme with a "perfect hash"
> url: fix `-Wzero-length-array` with no protocols
> url: fix builds with `CURL_DISABLE_HTTP`
> url: protocol handler lookup tidy-up
> url: proxy ssl connection reuse fix
> urlapi: avoid null deref if setting blank host to url encode
> urlapi: skip appending NULL pointer query
> urlapi: when URL encoding the fragment, pass in the right length
> urldata: make maxconnects a 32 bit value
> urldata: move async resolver state from easy handle to connectdata
> urldata: move cookielist from UserDefined to UrlState
> urldata: move hstslist from 'set' to 'state'
> urldata: move the 'internal' boolean to the state struct
> vssh: remove the #ifdef for Curl_ssh_init, use empty macro
> vtls: cleanup SSL config management
> vtls: consistently use typedef names for OpenSSL structs
> vtls: late clone of connection ssl config
> vtls: use ALPN "http/1.1" for HTTP/1.x, including HTTP/1.0
> VULN-DISCLOSURE-POLICY: escape sequences are not a security flaw
> windows: use built-in `_WIN32` macro to detect Windows
> wolfssh: remove redundant static prototypes
> wolfssl: add default case for wolfssl_connect_step1 switch
> wolfssl: require WOLFSSL_SYS_CA_CERTS for loading system CA
> 8.4.0
> Changes:
> curl: add support for the IPFS protocols via HTTP gateway
> curl_multi_get_handles: get easy handles from a multi handle
> mingw: delete support for legacy mingw.org toolchain
> Bugfixes:
> acinclude.m4: Document proper system truststore on FreeBSD
> appveyor: fix yamlint issues, indent
> appveyor: rewrite batch in PowerShell + CI improvements
> autotools: adjust `CURL_CA_PATH` value to CMake
> autotools: restore `HAVE_IOCTL_*` detections
> base64: also build for curl
> bufq: remove Curl_bufq_skip_and_shift (unused)
> build: delete checks for C89 standard headers
> build: do not publish `HAVE_BORINGSSL`, `HAVE_AWSLC` macros
> cf-socket: simulate slow/blocked receives in debug
> cmake, configure: also link with CoreServices
> cmake: add check for suseconds_t
> cmake: add feature checks for `memrchr` and `getifaddrs`
> cmake: add missing checks
> cmake: delete old `HAVE_LDAP_URL_PARSE` logic
> cmake: detect `HAVE_CLOCK_GETTIME_MONOTONIC_RAW`
> cmake: detect `HAVE_GETADDRINFO_THREADSAFE`
> cmake: detect `sys/wait.h` and `netinet/udp.h`
> cmake: detect TLS-SRP in OpenSSL/wolfSSL/GnuTLS
> cmake: disable unity mode with Windows Unicode + TrackMemory
> cmake: fix `HAVE_LDAP_SSL`, `HAVE_LDAP_URL_PARSE` on non-Windows
> cmake: fix `HAVE_WRITABLE_ARGV` detection
> cmake: fix duplicate symbols when linking tests
> cmake: fix missing `zlib.h` when compiling `libcurltool`
> cmake: fix stderr initialization in unity builds
> cmake: fix the help text to the static build option in CMakeLists.txt
> cmake: fix unity builds for more build combinations
> cmake: fix unity symbol collisions in h2 builds
> cmake: fix unity with Windows Unicode + TrackMemory
> cmake: improve OpenLDAP builds
> cmake: lib `CURL_STATICLIB` fixes (Windows)
> cmake: move global headers to specific checks
> cmake: pre-cache `HAVE_BASENAME` for mingw-w64 and MSVC
> cmake: pre-cache `HAVE_POLL_FINE` on Windows
> cmake: tidy-up `NOT_NEED_LBER_H` detection
> cmake: validate `CURL_DEFAULT_SSL_BACKEND` config value
> configure: check for the capath by default
> configure: remove unused checks
> configure: replace adhoc domain with `localhost` in tests
> configure: sort AC_CHECK_FUNCS
> connect: expire the timeout when trying next
> connect: only start the happy eyeballs timer when needed
> cookie: do not store the expire or max-age strings
> cookie: remove unnecessary struct fields
> cookie: set ->running in cookie_init even if data is NULL
> create-dirs.d: clarify it also uses --output-dirs
> curl.h: mark CURLSSLBACKEND_NSS as deprecated since 8.3.0
> curl_easy_pause.3: mention h2/h3 buffering
> curl_easy_pause.3: mention it works within callbacks
> curl_easy_pause: set "in callback" true on exit if true
> CURLOPT_DEBUGFUNCTION.3: warn about internal handles
> docs/libcurl/opts/Makefile.inc: add missing manpage files
> docs: adapt SEE ALSO sections to new requirements
> docs: explain how PINNEDPUBLICKEY is independent of VERIFYPEER
> docs: replace made up domains with example.com
> docs: update curl man page references
> docs: use CURLSSLBACKEND_NONE
> doh: inherit DEBUGFUNCTION/DATA
> escape: replace Curl_isunreserved with ISUNRESERVED
> FAQ: How do I upgrade curl.exe in Windows?
> GHA/linux: run singleuse to detect single-use global functions
> GHA: add workflow to compare configure vs cmake outputs
> h2-proxy: remove left-over mistake in drain_tunnel()
> h2: testcase and fix for pausing h2 streams
> h3: add support for ngtcp2 with AWS-LC builds
> http2: refused stream handling for retry
> http: fix CURL_DISABLE_BEARER_AUTH breakage
> http: h1/h2 proxy unification
> http: remove wrong comment for http_should_fail
> http: use per-request counter to check too large headers
> http_aws_sigv4: fix sorting with empty parts
> idn: fix WinIDN null ptr deref on bad host
> idn: if idn2_check_version returns NULL, return error
> inet_ntop: add typecast to silence Coverity
> lib: disambiguate Curl_client_write flag semantics
> lib: enable hmac for digest as well
> lib: failf/infof compiler warnings
> lib: let the max filesize option stop too big transfers too
> lib: move handling of `data->req.writer_stack` into Curl_client_write()
> lib: provide and use Curl_hexencode
> lib: remove TIME_WITH_SYS_TIME
> lib: use wrapper for curl_mime_data fseek callback
> libssh2: fix error message on failed pubkey-from-file
> libssh: cap SFTP packet size sent
> Makefile.mk: always set `CURL_STATICLIB` for lib (Windows)
> MANUAL.md: change domain to example.com
> misc: better random strings
> MQTT: improve receive of ACKs
> multi: do CURLM_CALL_MULTI_PERFORM at two more places
> multi: fix small timeouts
> multi: remove Curl_multi_dump
> multi: round the timeout up to prevent early wakeups
> multi: set CURLM_CALL_MULTI_PERFORM after switch to DOING_MORE
> openssl: improve ssl shutdown handling
> openssl: use X509_ALGOR_get0 instead of reaching into X509_ALGOR
> pytest: exclude test_03_goaway in CI runs due to timing dependency
> quic: set ciphers/curves the same way regular TLS does
> quiche: fix build error with --with-ca-fallback
> RELEASE-PROCEDURE.md: updated coming release dates
> runtests: display the test status if tests appear hung
> runtests: eliminate a warning on old perl versions
> socks: return error if hostname too long for remote resolve
> src/mkhelp: make generated code pass `checksrc`
> test1056: disable on Windows
> test1474: disable test on NetBSD, OpenBSD and Solaris 10
> test1592: greatly increase the maximum test timeout
> test1903: actually verify the cookies after the test
> test1906: set a lower timeout since it's hit on Windows
> test2600: remove special case handling for USE_ALARM_TIMEOUT
> test650: fix an end tag typo
> test661: return from test early in case of curl error
> test: add missing <feature>s
> tests: close the shell used to start sshd
> tests: fix a race condition in ftp server disconnect
> tests: fix compiler warnings
> tests: Fix zombie processes left behind by FTP tests.
> tests: improve SLOWDOWN test reliability by reducing sent data
> tests: increase lib571 timeout from 3s to 30s
> tests: log the test result code after each libtest
> tests: propagate errors in libtests
> tests: set --expect100-timeout to improve test reliability
> tests: show which curl tool `runtests.pl` is using
> tests: stop overriding the lock timeout
> tftpd: always use curl's own tftp.h
> tool: use our own stderr variable
> tool_cb_wrt: fix debug assertion
> tool_getparam: accept variable expansion on file names too
> tool_setopt: remove unused function tool_setopt_flags
> upload-file.d: describe the file name slash/backslash handling
> url: fall back to http/https proxy env-variable if ws/wss not set
> url: fix netrc info message
> warnless: remove unused functions
> wolfssh: do cleanup in Curl_ssh_cleanup
> wolfssl: allow capath with CURLOPT_CAINFO_BLOB
> wolfssl: if CURLOPT_CAINFO_BLOB is set, ignore the CA files
> wolfssl: ignore errors in CA path
> 8.3.0
> Changes:
> curl: make %output{} in -w specify a file to write to
> gskit: remove
> lib: --disable-bindlocal builds curl without local binding support
> nss: remove support for this TLS library
> tool: add "variable" support
> trace: make tracing available in non-debug builds
> url: change default value for CURLOPT_MAXREDIRS to 30
> urlapi: CURLU_PUNY2IDN - convert from punycode to IDN name
> wolfssl: support loading system CA certificates
> Bugfixes:
> altsvc: accept and parse IPv6 addresses in response headers
> asyn-ares: reduce timeout to 2000ms
> aws-sigv4: canonicalize the query
> aws-sigv4: fix having date header twice in some cases
> aws-sigv4: handle no-value user header entries
> bearssl: don't load CA certs when peer verification is disabled
> bearssl: handshake fix, provide proper get_select_socks() implementation
> build: fix portability of mancheck and checksrc targets
> build: streamline non-UWP wincrypt detections
> c-hyper: adjust the hyper to curlcode conversion
> c-hyper: fix memory leaks in `Curl_http`
> cf-haproxy: make CURLOPT_HAPROXY_CLIENT_IP set the *source* IP
> cf-socket: log successful interface bind
> CI/cirrus: disable python install on FreeBSD
> CI: add a 32-bit i686 Linux build
> CI: add caching to many jobs
> CI: move on to ngtcp2 v0.19.1
> CI: move the Alpine build from Cirrus to GHA
> CI: ngtcp2-linux: use separate caches for tls libraries
> CI: remove Windows builds from Cirrus, without replacement
> CI: switch macOS ARM build from Cirrus to Circle CI
> CI: use master again for wolfssl
> cirrus: install everthing with pkg, avoid pip
> cmake: add GnuTLS option
> cmake: add support for `CURL_DEFAULT_SSL_BACKEND`
> cmake: add support for single libcurl compilation pass
> cmake: allow `SHARE_LIB_OBJECT=ON` on all platforms
> cmake: assume `wldap32` availability on Windows
> cmake: cache more config and delete unused ones
> cmake: detect `SSL_set0_wbio` in OpenSSL
> cmake: drop `HAVE_LIBWINMM` and `HAVE_LIBWS2_32` feature checks
> cmake: fix to use variable for the curl namespace
> cmake: fixup H2 duplicate symbols for unity builds
> cmake: set SIZEOF_LONG_LONG in curl_config.h
> cmake: support building static and shared libcurl in one go
> cmdline-docs: make sure to phrase it as "added in ...."
> cmdline-docs: use present tense, not future
> cmdline-opts/docs: mention the negative option part
> cmdline-opts/page-header: clarify stronger that !opt == URL
> cmdline-opts/page-header: reorder, clean up
> configure, cmake, lib: more form api deprecation
> configure: fix `HAVE_TIME_T_UNSIGNED` check
> configure: trust pkg-config when it's used for zlib
> configure: use the pkg-config --libs-only-l flag for libssh2
> connect: stop halving the remaining timeout when less than 600 ms left
> cookie-jar.d: emphasize that this option is ONLY writing cookies
> crypto: ensure crypto initialization works
> curl_url_get/set.3: add missing semicolon in SYNOPSIS
> CURLINFO_CERTINFO.3: better explain curl_certinfo struct
> CURLINFO_TLS_SSL_PTR.3: clarify a recommendation
> CURLOPT_*TIMEOUT*: extend and clarify
> CURLOPT_SSL_VERIFYPEER.3: mention it does not load CA certs when disabled
> CURLOPT_URL.3: add two URL API calls in the see-also section
> CURLOPT_URL.3: explain curl_url_set() uses the same parser
> digest: Use hostname to generate spn instead of realm
> disable.d: explain --disable not implemented prior to 7.50.0
> docs/cmdline-opts/gen.pl: hide "added in" before 7.50.0
> docs/cmdline-opts: match the current output
> docs/cmdline-opts: spellfixes, typos and polish
> docs/cmdline: add small "warning" to verbose options
> docs/cmdline: remove repeated working for negotiate + ntlm
> docs/HYPER.md: document a workaround for a link error
> docs: add curl_global_trace to some SEE ALSO sections
> docs: link to the website versions instead of markdowns
> docs: mark --ssl-revoke-best-effort as Schannel specific
> docs: mention critical files in same directories as curl saves
> docs: removing "pausing transfers" from HYPER.md.
> docs: rewrite to present tense
> easy: remove #ifdefs to make code easier on the eye
> egd: delete feature detection and related source code
> ftp: fix temp write of ipv6 address
> gen.pl: escape all dashes (ascii minus) to avoid unicode hyphens
> gen.pl: replace all single quotes with aq
> GHA: adding quiche workflow
> headers: accept leading whitespaces on first response header
> http2: avoid too early connection re-use/multiplexing
> http2: cleanup trace messages
> http2: disable asssertion blocking OSSFuzz testing
> http2: fix in h2 proxy tunnel: progress in ingress on sending
> http2: polish things around POST
> http2: upgrade tests and add fix for non-existing stream
> http3/ngtcp2: shorten handshake, trace cleanup
> http3: quiche, handshake optimization, trace cleanup
> http: close the connection after a late 417 is received
> http: do not require a user name when using CURLAUTH_NEGOTIATE
> http: fix sending of large requests
> http: remove the p_pragma struct field
> http: return error when receiving too large header set
> hyper: fix a progress upload counter bug
> hyper: fix ownership problems
> hyper: remove `hyptransfer->endtask`
> imap: add a check for failing strdup()
> imap: remove the only sscanf() call in the IMAP code
> include.d: explain headers not printed with --fail before 7.75.0
> include/curl/mprintf.h: add __attribute__ for the prototypes
> krb5: fix "implicit conversion loses integer precision" warnings
> lib: add ability to disable auths individually
> lib: build fixups when built with most things disabled
> lib: fix a few *printf() flag mistakes
> lib: fix null ptr derefs and uninitialized vars (h2/h3)
> lib: move mimepost data from ->req.p.http to ->state
> libtest: use curl_free() to free libcurl allocated data
> list-only.d: mention SFTP as supported protocol
> macOS: fix target detection more
> misc: fix various typos
> multi.h: the 'revents' field of curl_waitfd is supported
> multi: more efficient pollfd count for poll
> multi: remove 'processing: <url>' debug message
> ngtcp2: fix handling of large requests
> openssl: auto-detect `SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED`
> openssl: clear error queue after SSL_shutdown
> openssl: make aws-lc version support OCSP
> openssl: Support async cert verify callback
> openssl: switch to modern init for LibreSSL 2.7.0+
> openssl: use `SSL_CTX_set_ciphersuites` with LibreSSL 3.4.1
> openssl: use `SSL_CTX_set_keylog_callback` with LibreSSL 3.5.0
> openssl: when CURLOPT_SSL_CTX_FUNCTION is registered, init x509 store before
> os400: build test servers
> os400: do not check translatable options at build time
> os400: implement CLI tool
> page-footer: QLOGDIR works with ngtcp2 and quiche
> page-header: move up a URL paragraph from GLOBBING to URL
> pytest: fix check for slow_network skips to only apply when intended
> quic: don't set SNI if hostname is an IP address
> quiche: adjust quiche `QUIC_IDLE_TIMEOUT` to 60s
> quiche: enable quiche to handle timeout events
> resolve: use PF_INET6 family lookups when CURL_IPRESOLVE_V6 is set
> revert "schannel: reverse the order of certinfo insertions"
> schannel: fix ordering of cert chain info
> schannel: fix user-set legacy algorithms in Windows 10 & 11
> schannel: verify hostname independent of verify cert
> sectransp: fix compiler warnings
> sectransp: prevent CFRelease() of NULL
> secureserver.pl: fix stunnel path quoting
> secureserver.pl: fix stunnel version parsing
> SECURITY-PROCESS.md: not a sec issue: Tricking user to run a cmdline
> system.h: add CURL_OFF_T definitions on HP-UX with HP aCC
> test1304: build and skip without netrc support
> test1554: check translatable string options in OS400 wrapper
> test1608: make it build and get skipped without shuffle DNS support
> test687/688: two more basic --xattr tests
> tests/tftpd+mqttd: make variables static to silence picky warnings
> tests: add 'large-time' as a testable feature
> tests: add support for nested %if conditions
> tests: don't call HTTP errors OK in test cases
> tests: ensure `libcurl.def` contains all exports
> tests: fix h3 server check and parallel instances
> tests: TLS session sharing test
> tests: update cookie expiry dates to far in the future
> time-cond.d: mention what happens on a missing file
> tool: avoid including leading spaces in the Location hyperlink
> tool: change some fopen failures from warnings to errors
> tool: make the length argument an int for printf()-.* flags
> tool_cb_wrt: fix invalid unicode for windows console
> tool_filetime: make -z work with file dates before 1970
> tool_operate: allow both SSL_CERT_FILE and SSL_CERT_DIR
> tool_operate: make aws-sigv4 not require TLS to be used
> tool_paramhlp: improve str2num(): avoid unnecessary call to strlen()
> tool_urlglob: use the correct format specifier for curl_off_t in msnprintf
> transfer: also stop the sending on closed connection
> transfer: don't set TIMER_STARTTRANSFER on first send
> unit2600: fix build warning if built without verbose messages
> url: remove infof() output for "still name resolving"
> urlapi: fix heap buffer overflow
> urlapi: make sure zoneid is also duplicated in curl_url_dup
> urlapi: return CURLUE_BAD_HOSTNAME if puny2idn encoding fails
> urlapi: setting a blank URL ("") is not an ok URL
> vquic: show stringified messages for errno
> vtls: clarify "ALPN: offers" message
> winbuild: improve check for static zlib
> wolfSSL: avoid the OpenSSL compat API when not needed
> workflows/macos.yml: disable zstd and alt-svc in the http-only build
> write-out.d: clarify %{time_starttransfer}
> ws: fix spelling mistakes in examples and tests
>
> Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
> ---
> config/rootfiles/common/curl | 14 ++++++-
> lfs/curl | 7 ++--
> ...15d8aee6c1045be932a34fe6107c2f5ed147.patch | 38 -------------------
> 3 files changed, 16 insertions(+), 43 deletions(-)
> delete mode 100644 src/patches/curl-8.4.0-fb4415d8aee6c1045be932a34fe6107c2f5ed147.patch
>
> diff --git a/config/rootfiles/common/curl b/config/rootfiles/common/curl
> index 4559aaaa8..362e047e2 100644
> --- a/config/rootfiles/common/curl
> +++ b/config/rootfiles/common/curl
> @@ -19,7 +19,6 @@ usr/lib/libcurl.so.4
> usr/lib/libcurl.so.4.8.0
> #usr/lib/pkgconfig/libcurl.pc
> #usr/share/aclocal/libcurl.m4
> -#usr/share/man/man1/curl-config.1
> #usr/share/man/man1/curl.1
> #usr/share/man/man3/CURLINFO_ACTIVESOCKET.3
> #usr/share/man/man3/CURLINFO_APPCONNECT_TIME.3
> @@ -30,6 +29,7 @@ usr/lib/libcurl.so.4.8.0
> #usr/share/man/man3/CURLINFO_CONDITION_UNMET.3
> #usr/share/man/man3/CURLINFO_CONNECT_TIME.3
> #usr/share/man/man3/CURLINFO_CONNECT_TIME_T.3
> +#usr/share/man/man3/CURLINFO_CONN_ID.3
> #usr/share/man/man3/CURLINFO_CONTENT_LENGTH_DOWNLOAD.3
> #usr/share/man/man3/CURLINFO_CONTENT_LENGTH_DOWNLOAD_T.3
> #usr/share/man/man3/CURLINFO_CONTENT_LENGTH_UPLOAD.3
> @@ -61,6 +61,7 @@ usr/lib/libcurl.so.4.8.0
> #usr/share/man/man3/CURLINFO_PROXYAUTH_AVAIL.3
> #usr/share/man/man3/CURLINFO_PROXY_ERROR.3
> #usr/share/man/man3/CURLINFO_PROXY_SSL_VERIFYRESULT.3
> +#usr/share/man/man3/CURLINFO_QUEUE_TIME_T.3
> #usr/share/man/man3/CURLINFO_REDIRECT_COUNT.3
> #usr/share/man/man3/CURLINFO_REDIRECT_TIME.3
> #usr/share/man/man3/CURLINFO_REDIRECT_TIME_T.3
> @@ -90,6 +91,8 @@ usr/lib/libcurl.so.4.8.0
> #usr/share/man/man3/CURLINFO_TLS_SSL_PTR.3
> #usr/share/man/man3/CURLINFO_TOTAL_TIME.3
> #usr/share/man/man3/CURLINFO_TOTAL_TIME_T.3
> +#usr/share/man/man3/CURLINFO_USED_PROXY.3
> +#usr/share/man/man3/CURLINFO_XFER_ID.3
> #usr/share/man/man3/CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE.3
> #usr/share/man/man3/CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE.3
> #usr/share/man/man3/CURLMOPT_MAXCONNECTS.3
> @@ -159,6 +162,7 @@ usr/lib/libcurl.so.4.8.0
> #usr/share/man/man3/CURLOPT_DOH_SSL_VERIFYPEER.3
> #usr/share/man/man3/CURLOPT_DOH_SSL_VERIFYSTATUS.3
> #usr/share/man/man3/CURLOPT_DOH_URL.3
> +#usr/share/man/man3/CURLOPT_ECH.3
> #usr/share/man/man3/CURLOPT_EGDSOCKET.3
> #usr/share/man/man3/CURLOPT_ERRORBUFFER.3
> #usr/share/man/man3/CURLOPT_EXPECT_100_TIMEOUT_MS.3
> @@ -301,6 +305,7 @@ usr/lib/libcurl.so.4.8.0
> #usr/share/man/man3/CURLOPT_PROXY_TLSAUTH_USERNAME.3
> #usr/share/man/man3/CURLOPT_PROXY_TRANSFER_MODE.3
> #usr/share/man/man3/CURLOPT_PUT.3
> +#usr/share/man/man3/CURLOPT_QUICK_EXIT.3
> #usr/share/man/man3/CURLOPT_QUOTE.3
> #usr/share/man/man3/CURLOPT_RANDOM_FILE.3
> #usr/share/man/man3/CURLOPT_RANGE.3
> @@ -326,6 +331,7 @@ usr/lib/libcurl.so.4.8.0
> #usr/share/man/man3/CURLOPT_SEEKDATA.3
> #usr/share/man/man3/CURLOPT_SEEKFUNCTION.3
> #usr/share/man/man3/CURLOPT_SERVER_RESPONSE_TIMEOUT.3
> +#usr/share/man/man3/CURLOPT_SERVER_RESPONSE_TIMEOUT_MS.3
> #usr/share/man/man3/CURLOPT_SERVICE_NAME.3
> #usr/share/man/man3/CURLOPT_SHARE.3
> #usr/share/man/man3/CURLOPT_SOCKOPTDATA.3
> @@ -335,6 +341,8 @@ usr/lib/libcurl.so.4.8.0
> #usr/share/man/man3/CURLOPT_SOCKS5_GSSAPI_SERVICE.3
> #usr/share/man/man3/CURLOPT_SSH_AUTH_TYPES.3
> #usr/share/man/man3/CURLOPT_SSH_COMPRESSION.3
> +#usr/share/man/man3/CURLOPT_SSH_HOSTKEYDATA.3
> +#usr/share/man/man3/CURLOPT_SSH_HOSTKEYFUNCTION.3
> #usr/share/man/man3/CURLOPT_SSH_HOST_PUBLIC_KEY_MD5.3
> #usr/share/man/man3/CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256.3
> #usr/share/man/man3/CURLOPT_SSH_KEYDATA.3
> @@ -442,6 +450,7 @@ usr/lib/libcurl.so.4.8.0
> #usr/share/man/man3/curl_global_init.3
> #usr/share/man/man3/curl_global_init_mem.3
> #usr/share/man/man3/curl_global_sslset.3
> +#usr/share/man/man3/curl_global_trace.3
> #usr/share/man/man3/curl_mime_addpart.3
> #usr/share/man/man3/curl_mime_data.3
> #usr/share/man/man3/curl_mime_data_cb.3
> @@ -459,6 +468,7 @@ usr/lib/libcurl.so.4.8.0
> #usr/share/man/man3/curl_multi_assign.3
> #usr/share/man/man3/curl_multi_cleanup.3
> #usr/share/man/man3/curl_multi_fdset.3
> +#usr/share/man/man3/curl_multi_get_handles.3
> #usr/share/man/man3/curl_multi_info_read.3
> #usr/share/man/man3/curl_multi_init.3
> #usr/share/man/man3/curl_multi_perform.3
> @@ -471,6 +481,7 @@ usr/lib/libcurl.so.4.8.0
> #usr/share/man/man3/curl_multi_strerror.3
> #usr/share/man/man3/curl_multi_timeout.3
> #usr/share/man/man3/curl_multi_wait.3
> +#usr/share/man/man3/curl_multi_waitfds.3
> #usr/share/man/man3/curl_multi_wakeup.3
> #usr/share/man/man3/curl_pushheader_byname.3
> #usr/share/man/man3/curl_pushheader_bynum.3
> @@ -495,6 +506,7 @@ usr/lib/libcurl.so.4.8.0
> #usr/share/man/man3/curl_ws_recv.3
> #usr/share/man/man3/curl_ws_send.3
> #usr/share/man/man3/libcurl-easy.3
> +#usr/share/man/man3/libcurl-env-dbg.3
> #usr/share/man/man3/libcurl-env.3
> #usr/share/man/man3/libcurl-errors.3
> #usr/share/man/man3/libcurl-multi.3
> diff --git a/lfs/curl b/lfs/curl
> index a4fa21b1c..edb9a8201 100644
> --- a/lfs/curl
> +++ b/lfs/curl
> @@ -1,7 +1,7 @@
> ###############################################################################
> # #
> # IPFire.org - A linux based firewall #
> -# Copyright (C) 2007-2023 IPFire Team <info(a)ipfire.org> #
> +# Copyright (C) 2007-2024 IPFire Team <info(a)ipfire.org> #
> # #
> # This program is free software: you can redistribute it and/or modify #
> # it under the terms of the GNU General Public License as published by #
> @@ -24,7 +24,7 @@
>
> include Config
>
> -VER = 8.2.1
> +VER = 8.8.0
>
> THISAPP = curl-$(VER)
> DL_FILE = $(THISAPP).tar.xz
> @@ -40,7 +40,7 @@ objects = $(DL_FILE)
>
> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>
> -$(DL_FILE)_BLAKE2 = 77c0b067935397afb3961378f2fe349fa988c6379c1ab7437c5d5f967710b2e9ba7aec91df8fe58a8b26c00c0164d4db9bd095ca27d1bf52b768c8d83cc0ecaf
> +$(DL_FILE)_BLAKE2 = c14903bad4cbd1752a5335afa6bcc78be1a484692fce0e0a6c2061963e0e6b4e56defb8332cef32d0dbddb481ad0443b71faf3a52a6e9d945c89ecbce373d2a3
>
> install : $(TARGET)
>
> @@ -70,7 +70,6 @@ $(subst %,%_BLAKE2,$(objects)) :
> $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
> @$(PREBUILD)
> @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar xf $(DIR_DL)/$(DL_FILE)
> - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/curl-8.4.0-fb4415d8aee6c1045be932a34fe6107c2f5ed147.patch
> cd $(DIR_APP) && ./configure \
> --prefix=/usr \
> --disable-ipv6 \
> diff --git a/src/patches/curl-8.4.0-fb4415d8aee6c1045be932a34fe6107c2f5ed147.patch b/src/patches/curl-8.4.0-fb4415d8aee6c1045be932a34fe6107c2f5ed147.patch
> deleted file mode 100644
> index 0de35055f..000000000
> --- a/src/patches/curl-8.4.0-fb4415d8aee6c1045be932a34fe6107c2f5ed147.patch
> +++ /dev/null
> @@ -1,38 +0,0 @@
> -From fb4415d8aee6c1045be932a34fe6107c2f5ed147 Mon Sep 17 00:00:00 2001
> -From: Jay Satiro <raysatiro(a)yahoo.com>
> -Date: Wed, 11 Oct 2023 07:34:19 +0200
> -Subject: [PATCH] socks: return error if hostname too long for remote resolve
> -
> -Prior to this change the state machine attempted to change the remote
> -resolve to a local resolve if the hostname was longer than 255
> -characters. Unfortunately that did not work as intended and caused a
> -security issue.
> -
> -Bug: https://curl.se/docs/CVE-2023-38545.html
> -
> -diff --git a/lib/socks.c b/lib/socks.c
> -index c492d663c4738..a7b5ab07e47d0 100644
> ---- a/lib/socks.c
> -+++ b/lib/socks.c
> -@@ -587,9 +587,9 @@ static CURLproxycode do_SOCKS5(struct Curl_cfilter *cf,
> -
> - /* RFC1928 chapter 5 specifies max 255 chars for domain name in packet */
> - if(!socks5_resolve_local && hostname_len > 255) {
> -- infof(data, "SOCKS5: server resolving disabled for hostnames of "
> -- "length > 255 [actual len=%zu]", hostname_len);
> -- socks5_resolve_local = TRUE;
> -+ failf(data, "SOCKS5: the destination hostname is too long to be "
> -+ "resolved remotely by the proxy.");
> -+ return CURLPX_LONG_HOSTNAME;
> - }
> -
> - if(auth & ~(CURLAUTH_BASIC | CURLAUTH_GSSAPI))
> -@@ -903,7 +903,7 @@ static CURLproxycode do_SOCKS5(struct Curl_cfilter *cf,
> - }
> - else {
> - socksreq[len++] = 3;
> -- socksreq[len++] = (char) hostname_len; /* one byte address length */
> -+ socksreq[len++] = (unsigned char) hostname_len; /* one byte length */
> - memcpy(&socksreq[len], sx->hostname, hostname_len); /* w/o NULL */
> - len += hostname_len;
> - }
> --
> 2.45.2
>
prev parent reply other threads:[~2024-06-07 10:30 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-06-06 13:50 Adolf Belka
2024-06-06 13:50 ` [PATCH] mdadm: Update to version 4.3 Adolf Belka
2024-06-07 10:30 ` Michael Tremer
2024-06-07 10:30 ` Michael Tremer [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3C9AE99D-6247-45BD-AFB8-DFB7348147E5@ipfire.org \
--to=michael.tremer@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox