Development June 2024

development@lists.ipfire.org

11 participants
41 discussions

[PATCH 1/3] libid3tag: Update to version 0.16.3
by Adolf Belka 07 Jun '24

07 Jun '24

- Update from version 0.15.1b to 0.16.3 - Update of rootfile - A new fork has been made of the libid3tag. This is now being managed by Tenacity. The latest version has a library change so that any package using the old version will work with the new one. - Changelog 0.16.3 This release fixes backwards compatibility issues with libid3tag 0.15.1b. #8 - Define a separate library soversion, which is set to 0 to preserve ABI compatibility. Note: no functionality was changed in this release. This and the previous release are identical in terms of functionality. Compatibility With the changes listed above, libid3tag is both source compatible and binary (ABI) compatible with programs linked against libid3tag 0.15.1b. We will continue to guarantee this compatibility for as long as we can. Existing libid3tag 0.15.1b packages can be easily switched to this version without breakage. Reporting Issues or Contributing Patches Our version of libid3tag contains all kinds of integrated packages plus our own tweaks. However, if you have a patch or two that haven't been integrated into our fork yet, please feel free to open a pull request. Just like Tenacity, we aim to have libid3tag packaged and working on as many platforms as we can without patches. 0.16.2 Fix null pointer dereference in id3_ucs4_length (CVE-2017-11550) 0.16.1 Fix exported CMake config file Fix pkgconfig file name to match Linux distro packages (id3tag instead of libid3tag). 0.16.0 Add CMake build system Remove autotools build system Install pkgconfig and CMake config files Apply patches from Debian, Fedora, Arch, and Gentoo Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org> --- config/rootfiles/packages/libid3tag | 9 ++++++--- lfs/libid3tag | 21 ++++++++++----------- 2 files changed, 16 insertions(+), 14 deletions(-) diff --git a/config/rootfiles/packages/libid3tag b/config/rootfiles/packages/libid3tag index 575804c01..c3aa25ed3 100644 --- a/config/rootfiles/packages/libid3tag +++ b/config/rootfiles/packages/libid3tag @@ -1,7 +1,10 @@ #usr/include/id3tag.h -#usr/lib/libid3tag.a -#usr/lib/libid3tag.la +#usr/lib/cmake/id3tag +#usr/lib/cmake/id3tag/id3tagConfig.cmake +#usr/lib/cmake/id3tag/id3tagConfigVersion.cmake +#usr/lib/cmake/id3tag/id3tagTargets-noconfig.cmake +#usr/lib/cmake/id3tag/id3tagTargets.cmake #usr/lib/libid3tag.so usr/lib/libid3tag.so.0 -usr/lib/libid3tag.so.0.3.0 +usr/lib/libid3tag.so.0.16.3 #usr/lib/pkgconfig/id3tag.pc diff --git a/lfs/libid3tag b/lfs/libid3tag index 5ce682662..b7f1ff19d 100644 --- a/lfs/libid3tag +++ b/lfs/libid3tag @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team <info(a)ipfire.org> # +# Copyright (C) 2007-2024 IPFire Team <info(a)ipfire.org> # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -26,15 +26,15 @@ include Config SUMMARY = ID3 Tag Manipulation Library -VER = 0.15.1b +VER = 0.16.3 THISAPP = libid3tag-$(VER) DL_FILE = $(THISAPP).tar.gz DL_FROM = $(URL_IPFIRE) -DIR_APP = $(DIR_SRC)/$(THISAPP) +DIR_APP = $(DIR_SRC)/$(PROG) TARGET = $(DIR_INFO)/$(THISAPP) PROG = libid3tag -PAK_VER = 3 +PAK_VER = 4 DEPS = @@ -48,7 +48,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = a4e4e66177eae9aaa251c71d605034488fdd9a0a207a41a41f85793ecbb763dd4a4c8f01183eb45a5c8563c4ad120e73b29578fd4c3bb8e467e39c5427b530b5 +$(DL_FILE)_BLAKE2 = 58a4ce211aebef4b2f1f0e1a7214e2804e71d2cea805d3c275812978fb702148c5b435c289f9e83fd81fa1970bf83b7b8e772ed24843bcae7519fff455b50c15 install : $(TARGET) @@ -82,11 +82,10 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) $(UPDATE_AUTOMAKE) - # install id3tag pkgconfig file - install -v -m 644 ${DIR_SRC}/config/libid3tag/id3tag.pc \ - /usr/lib/pkgconfig/id3tag.pc - cd $(DIR_APP) && ./configure --prefix=/usr - cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE) - cd $(DIR_APP) && make install + cd $(DIR_APP) && mkdir build + cd $(DIR_APP)/build && cmake .. \ + -DCMAKE_INSTALL_PREFIX=/usr + cd $(DIR_APP)/build && make $(MAKETUNING) + cd $(DIR_APP)/build && make install @rm -rf $(DIR_APP) @$(POSTBUILD) -- 2.45.2

2 5

[PATCH] curl: Update to version 8.8.0
by Adolf Belka 07 Jun '24

07 Jun '24

- Update from version 8.2.1 to 8.8.0 - Update of rootfile - Removal of patch as the content now included in the source tarball. - Changelog 8.8.0 Changes: curl_version_info: provide librtmp version file: add support for directory listings idn: add native AppleIDN (icucore) support for macOS/iOS lib: add curl_multi_waitfds mbedTLS: implement CURLOPT_SSL_CIPHER_LIST option NTLM_WB: drop support TLS: add support for ECH (Encrypted Client Hello) urlapi: add CURLU_GET_EMPTY for empty queries and fragments Bugfixes: appveyor: drop unnecessary `--clean-first` cmake option appveyor: guard against crash-build with VS2008 appveyor: make gcc 6 mingw64 job build-only asyn-thread: fix curl_global_cleanup crash in Windows asyn-thread: fix Curl_thread_create result check autotools: delete unused functions autotools: fix `HAVE_IOCTLSOCKET_FIONBIO` test for gcc 14 autotools: only probe for SGI MIPS compilers on IRIX bearssl: fix compiler warnings bearssl: use common code for cipher suite lookup bufq: remove duplicate word in comment BUG-BOUNTY.md: clarify the third party situation build: prefer `USE_IPV6` macro internally (was: `ENABLE_IPV6`) build: remove MacOSX-Framework script cd2nroff/manage: use UTC when SOURCE_DATE_EPOCH is set cf-https-connect: use timeouts as unsigned ints cf-socket: don't try getting local IP without socket cf-socket: remove references to l_ip, l_port ci: add curl-for-win builds: Linux MUSL, macOS, Windows cmake: add `BUILD_EXAMPLES` option to build examples cmake: add librtmp/rtmpdump option and detection cmake: check fseeko after detecting HAVE_FILE_OFFSET_BITS cmake: do not pass linker flags to the static library tool cmake: enable `-pedantic-errors` for clang when `CURL_WERROR=ON` cmake: FindNGHTTP2 add static lib name to find_library call cmake: fix `CURL_WERROR=ON` for old CMake and use it in GHA/linux-old cmake: fix `HAVE_IOCTLSOCKET_FIONBIO` test with gcc 14 cmake: fixup `DEPENDS` filename cmake: forward `USE_LIBRTMP` option to C cmake: generate misc manpages and install `mk-ca-bundle.pl` cmake: initialize `BUILD_TESTING` before first use cmake: speed up libcurl doc building again cmake: tidy-up to use `WORKING_DIRECTORY` cmake: use namespaced custom target names cmdline-docs: fix make install with configure --disable-docs configure: error on missing perl if docs or manual is enabled configure: make --disable-docs imply --disable-manual content_encoding: brotli and others, pass through 0-length writes content_encoding: ignore duplicate chunked encoding content_encoding: reject transfer-encoding after chunked contrithanks: honor `CURLWWW` variable curl-confopts.m4: define CARES_NO_DEPRECATED when c-ares is used curl.h: change CURL_SSLVERSION_* from enum to defines curl: make --help adapt to the terminal width curl: use curl_getenv instead of the curlx_ version Curl_creader_read: init two variables to avoid using them uninited curl_easy_pause.md: use correct defines in example curl_getdate.md: document two-digit year handling curl_global_trace.md: shorten the description curl_multibyte: remove access() function wrapper for Windows curl_path: make Curl_get_pathname use dynbuf curl_setup.h: add support for IAR compiler curl_setup.h: detect 'inline' support curl_sha512_256: do not use workaround for NetBSD when not needed curl_sha512_256: fix detection of OpenSSL 1.1.1 or later curl_url_get.md: clarify queries and fragments and CURLU_GET_EMPTY CURLINFO_REQUEST_SIZE: fixed, add tests for transfer infos reported CURLOPT_WRITEFUNCTION.md: fix the callback proto in the example cw-out: improved error handling DEPRECATE.md: TLS libraries without 1.3 support digest: replace strcpy for empty string with simple assignment dist: `set -eu`, fix shellcheck, make reproducible and smaller tarballs dist: add files missing from release tarball dist: add reproducible dir entries to tarballs dist: do not require Perl in `maketgz` dist: remove the curl-config.1 from the tarball dist: verify tarball reproducibility in CI DISTROS: add patch and issues link for curl-for-win DISTROS: Cygwin updates dllmain: Call OpenSSL thread cleanup for Windows and Cygwin doc: pytest `--repeat` -> `--count` docs/cmdline-opts: invoke managen using a relative path docs/cmdline-opts: mention STARTTLS for --ssl and --ssl-reqd docs: add CURLOPT_NOPROGRESS to CURLOPT_XFERINFOFUNCTION example docs: clarify CURLOPT_MAXFILESIZE and CURLOPT_MAXFILESIZE_LARGE docs: fix some CURLINFO examples doh: fix typo in comment doh: remove unused function prototype dynbuf: fix returncode on memory error examples: fix/silence `-Wsign-conversion` EXPERIMENTAL: add graduation requirements for each feature file: remove useless assignment ftp: add tracing support ftp: fix build for CURL_DISABLE_VERBOSE_STRINGS ftp: fix socket leak on rare error GHA: add NetBSD, OpenBSD, FreeBSD/arm64 and OmniOS jobs GHA: add shellcheck job and fix warnings, shell tidy-ups GHA: add valgrind to a wolfSSL build GHA: on macOS remove $HOME/.curlrc GHA: pin dependencies gnutls: lazy init the trust settings h3/ngtcp2: improve error handling hash: change 'slots' to size_t from int hash: delete unused debug function hsts: explicitly skip blank lines hsts: remove single-use single-line function http tests: in CI skip test_02_23* for quiche http2 + ngtcp2: pass CURLcode errors from callbacks http2, http3: decouple stream state from easy handle http2: emit RST when client write fails http3: quiche+ngtcp2 improvements http: acknowledge a returned error code http: HEAD response body tolerance http: reject HTTP major version switch mid connection http: remove redundant check http: with chunked POST forced, disable length check on read callback http_aws_sigv4: remove useless assignment idn: make Curl_idnconvert_hostname() use Curl_idn_decode() if2ip: make the buf_size arg a size_t INSTALL-CMAKE.md: explain `cmake -G <generator-name>` krb5: use dynbuf ldap: fix unused variables (seen on OmniOS) lib/cf-h1-proxy: silence compiler warnings (gcc 14) lib: add trace support for client reads and writes lib: bump hash sizes to `size_t` lib: clear the easy handle's saved errno before transfer lib: fix compiler warnings (gcc) lib: make protocol handlers store scheme name lowercase lib: merge `ENABLE_QUIC` C macro into `USE_HTTP3` lib: remove two instances of "only only" messages lib: silence `-Wsign-conversion` in base64, strcase, mprintf lib: silence warnings on comma misuse lib: use `#error` instead of invalid syntax in `curl_setup_once.h` lib: use multi instead of multi_easy for the active multi libcurl-opts: mention pipelining less libssh2: delete redundant feature guard libssh2: replace `access()` with `stat()` libssh2: set length to 0 if strdup failed m4: fix rustls pkg-config codepath MAIL-ETIQUETTE: convert to markdown makefile: remove the sorting from the vc-ide action maketgz: put docs/RELEASE-TOOL.md into the tarball managen: fix the option sort order mbedtls: call mbedtls_ssl_setup() after RNG callback is set mbedtls: cut off trailing newlines from debug logs mbedtls: fix building with v3 in CMake Unity mode mbedtls: support TLS 1.3 mime: avoid using access() misc: fix typos misc: fix typos, quoting and spelling mprintf: check fputc error rather than matching returned character mqtt: when Curl_xfer_recv returns error, don't use nread multi: avoid memory-leak risk multi: introduce SETUP state for better timeouts multi: multi_wait improvements multi: remove the unused Curl_preconnect function multi: remove useless assignment multi: timeout handles even without connection openldap: create ldap URLs correctly for IPv6 addresses openssl: do not set SSL_MODE_RELEASE_BUFFERS openssl: revert keylog_callback support for LibreSSL OS400: fix shellcheck warnings in scripts projects: drop MSVC project files for recent versions pytest: add DELETE tests, check server version pytest: fixes for recent python, add FTP tests quic: fixup duplicate static function name (for cmake unity) quiche: expire all active transfers on connection close quiche: trust its timeout handling RELEASE-PROCEDURE: mention an initial working build request: make Curl_req_init return void request: paused upload on completed download, assess connection reuse: add copyright + license info to individual docs/*.md files ROADMAP: remove completed entries, mention websocket rustls: fix handshake done handling rustls: fix partial send handling rustls: remove incorrect SSLSUPP_TLS13_CIPHERSUITES flag rustsls: fix error code on receive sendf: fix two typos in comments sendf: useless assignment in cr_lc_read() setopt: acknowledge errors proper for CURLOPT_COOKIEJAR setopt: make the setstropt_userpwd args compulsory setopt: remove check for 'option' that is always true setopt: warn on Curl_set*opt() uses not using the return value smtp: result of Curl_bufq_cread was not used socket: remove redundant call to getsockname socketpair: fix compilation when USE_UNIX_SOCKETS is not defined src: tidy up types, add necessary casts telnet: check return code from fileno() tests/http: fix compiler warning tests: add -q as first option when invoking curl for tests tests: check caddy server version to match test expectations tests: enable test 1117 for hyper tests: fix feature case in test1481 tests: fix test 1167 to skip digit-only symbols tests: make the unit test result type `CURLcode` tests: Mark tftpd timer function as noreturn tests: tidy up types in server code tls: fix SecureTransport + BearSSL cmake unity builds tls: remove EXAMPLEs from deprecated options tls: use shared init code for TCP+QUIC tool: move tool_ftruncate64 to tool_util.c tool_cb_rea: limit rate unpause for -T . uploads tool_cfgable: free {proxy_}cipher13_list on exit tool_getparam: output warning for leading unicode quote character tool_getparam: remove two redundant conditions tool_operate: don't truncate the etag save file by default tool_operate: init vars unconditionally in post_per_transfer tool_paramhlp: remove duplicate assign tool_xattr: "guess" URL scheme if none is provided tool_xattr: in debug builds, act normally if CURL_FAKE_XATTR is not set transfer: remove useless assignment url: do not URL decode proxy crendentials url: fix use of an uninitialized variable url: make parse_login_details use memdup0 url: remove duplicate call to Curl_conncache_remove_conn when pruning urlapi: allow setting port number zero urlapi: fix relative redirects to fragment-only urldata: remove fields not used depending on used features vauth: make two functions void that always just returned OK version: use msnprintf instead of strncpy vquic-tls: use correct cert name check API for wolfSSL vquic: use CURL_FORMAT_CURL_OFF_T for 64 bit printf output vtls: TLS session storage overhaul wakeup_create: use FD_CLOEXEC/SOCK_CLOEXEC warnless: delete orphan declarations websocket: avoid memory leak in error path winbuild: add ENABLE_WEBSOCKETS option winbuild: use $(RC) correctly wolfssl: plug memory leak in wolfssl_connect_step2() x509asn1: return error on missing OID 8.7.1 Bugfixes: Fixed empty tool_hugehelp.c file 8.7.0 Changes: configure: add --disable-docs flag CURLINFO_USED_PROXY: return bool whether the proxy was used digest: support SHA-512/256 DoH: add trace configuration write-out: add '%{proxy_used}' Bugfixes: ALTSVC.md: correct a typo asyn-ares: fix data race warning asyn-thread: use wakeup_close to close the read descriptor badwords: use hostname, not host name BINDINGS: add mcurl, the python binding bufq: writing into a softlimit queue cannot be partial c-hyper: add header collection writer in hyper builds cd2nroff: gen: make `\>` in input to render as plain '>' in output cd2nroff: remove backticks from titles checksrc.pl: fix handling .checksrc with CRLF cmake: add USE_OPENSSL_QUIC support cmake: add warning for using TLS libraries without 1.3 support cmake: enable `ENABLE_CURL_MANUAL` by default cmake: fix `CURL_WINDOWS_SSPI=ON` with Schannel disabled cmake: fix function description in comment cmake: fix install for older CMake versions cmake: fix libcurl.pc and curl-config library specifications cmdline-docs/Makefile: avoid using a fixed temp file name cmdline-docs: quote and angle bracket cleanup cmdline-opts/_EXITCODES: sync with libcurl-errors cmdline-opts/_VARIABLES.md: improve the description cmdline-opts/_VERSION: provide %VERSION correctly cmdline-opts: shorter help texts configure: add pkg-config support to rustls detection configure: add warning for using TLS libraries without 1.3 support configure: build & install shell completions when enabled configure: do not link with nghttp3 unless necessary configure: Don't build shell completions when disabled configure: Don't make shell completions without perl configure: find libpsl with pkg-config connect.c: fix typo CONTRIBUTE: update the section on documentation format cookie.md: provide an example sending a fixed cookie cookie: if psl fails, reject the cookie curl: exit on config file parser errors curl: make --libcurl output better CURLOPT_*SSLVERSION curl: when allocating variables, add the name into the struct curl_setup.h: add curl_uint64_t internal type curldown: fix email address in Copyright CURLMOPT_MAX*: mention what happens if changed mid-transfer CURLOPT_INTERFACE.md: remove spurious amp, add see-also CURLOPT_POSTQUOTE.md: fix typo CURLOPT_SSL_CTX_FUNCTION.md: no promises of lifetime after return CURLOPT_WRITEFUNCTION.md: typo fix digest: add check for hashing error dist: make sure the http tests are in the tarball DISTROS: add document with distro pointers docs/libcurl: add TLS backend info for all TLS options docs/libcurl: generate PROTOCOLS from meta-data docs: add missing slashes to SChannel client certificate documentation docs: add necessary setup for nghttp3 docs: ascii version of manpage without nroff docs: dist curl*.1 and install without perl docs: make curldown do angle brackets like markdown docs: make each libcurl man specify protocol(s) docs: make sure curl.1 is included in dist tarballs docs: update minimal binary size in INSTALL.md docs: use present tense examples: use present tense in comments file: use xfer buf for file:// transfers fopen: fix narrowing conversion warning on 32-bit Android form-string.md: correct the example ftp: do lineend conversions in client writer ftp: fix socket wait activity in ftp_domore_getsock ftp: tracing improvements ftp: treat a 226 arriving before data as a signal to read data gen.pl: make the "manpageification" faster gen: make `\>` in input to render as plain '>' in output getparam: make --ftp-ssl work again GHA/linux: add sysctl trick to work-around GitHub runner issue GIT-INFO: convert to markdown GOVERNANCE: document the core team header.md: remove backslash, make nicer markdown HTTP/2: write response directly http2, http3: return CURLE_PARTIAL_FILE when bytes were received http2: fix push discard http2: memory errors in the push callbacks are fatal http2: minor tweaks to optimize two struct sizes http2: push headers better cleanup http2: remove the third (unused) argument from http2_data_done() HTTP3.md: adjust the OpenSSL QUIC install instructions http: better error message for HTTP/1.x response without status line http: improve response header handling, save cpu cycles http: move headers collecting to writer http: remove stale comment about rewindbeforesend http: separate response parsing from response action http_chunks: fix the accounting of consumed bytes http_chunks: remove unused 'endptr' variable https-proxy: use IP address and cert with ip in alt names hyper: implement unpausing via client reader ipv6.md: mention IPv4 mapped addresses KNOWN_BUGS: POP3 issue when reading small chunks lib1598: fix `CURLOPT_POSTFIELDSIZE` usage lib582: remove code causing warning that is never run lib: add `void *ctx` to reader/writer instances lib: convert Curl_get_line to use dynbuf lib: Curl_read/Curl_write clarifications lib: enhance client reader resume + rewind lib: initialize output pointers to NULL before calling strto[ff,l,ul] lib: keep conn IP information together lib: move 'done' parameter to SingleRequests lib: remove curl_mimepart object when CURL_DISABLE_MIME libcurl-docs: cleanups libcurl-security.md: Active FTP passes on the local IP address libssh/libssh2: return error on too big range MANUAL.md: fix typo mbedtls: fix building when MBEDTLS_X509_REMOVE_INFO flag is defined mbedtls: fix pytest for newer versions mbedtls: properly cleanup the thread-shared entropy mbedtls: use mbedtls_ssl_conf_{min|max}_tls_version md4: include strdup.h for the memdup proto mime: add client reader misc: fix typos in docs and lib mkhelp: simplify the generated hugehelp program mprintf: fix format prefix I32/I64 for windows compilers multi: add xfer_buf to multi handle multi: fix multi_sock handling of select_bits multi: make add_handle free any multi_easy ngtcp2: no recvbuf for stream ntml_wb: fix buffer type typo OpenSSL QUIC: adapt to v3.3.x openssl-quic: check on Windows that socket conv to int is possible openssl-quic: fix BIO leak and Windows warning openssl-quic: fix unity build, casing, indentation OS400: avoid using awk in the build scripts paramhlp: fix CRLF-stripping files with "-d @file" proxy1.0.md: fix example pytest: adapt to API change request: clarify message when request has been sent off rustls: make curl compile with 0.12.0 schannel: fix hang on unexpected server close scripts: fix cijobs.pl for Azure and GHA sendf: ignore response body to HEAD setopt: fix check for CURLOPT_PROXY_TLSAUTH_TYPE value setopt: fix disabling all protocols sha512_256: add support for GnuTLS and OpenSSL smtp: fix STARTTLS SPONSORS: describe the basics strtoofft: fix the overflow check test 1541: verify getinfo values on first header callback test1165: improve pattern matching tests: support setting/using blank content env variables TIMER_STARTTRANSFER: set the same for everyone TLS: start shutdown only when peer did not already close TODO: update 13.11 with more information tool_cb_hdr: only parse etag + content-disposition for 2xx tool_getparam: accept a blank -w "" tool_getparam: handle non-existing (out of range) short-options tool_operate: change precedence of server Retry-After time tool_operate: do not set CURLOPT_QUICK_EXIT in debug builds trace-config.md: remove the mutexed options list transfer.c: break receive loop in speed limited transfers transfer: improve Windows SO_SNDBUF update limit urldata: move authneg bit from conn to Curl_easy version: allow building with ancient libpsl vquic-tls: fix the error code returned for bad CA file vtls: fix tls proxy peer verification vtls: revert "receive max buffer" + add test case VULN-DISCLOSURE-POLICY.md: update detail about CVE requests websocket: fix curl_ws_recv() wolfSSL: do not call the stub function wolfSSL_BIO_set_init() write-out.md: clarify error handling details 8.6.0 Changes: add CURLE_TOO_LARGE add CURLINFO_QUEUE_TIME_T add CURLOPT_SERVER_RESPONSE_TIMEOUT_MS: add asyn-thread: use GetAddrInfoExW on >= Windows 8 configure: make libpsl detection failure cause error docs/cmdline: change to .md for cmdline docs docs: introduce "curldown" for libcurl man page format runtests: support -gl. Like -g but for lldb. Bugfixes: altsvc: free 'as' when returning error appveyor: replace PowerShell with bash + parallel autotools appveyor: switch to out-of-tree builds asyn-ares: with modern c-ares, use its default timeout build: delete unused `HAVE_{GSSHEIMDAL,GSSMIT,HEIMDAL}` build: delete/replace clang warning pragmas build: enable missing OpenSSF-recommended warnings, with fixes build: fix `-Wconversion`/`-Wsign-conversion` warnings build: fix Windows ADDRESS_FAMILY detection build: more `-Wformat` fixes build: remove redundant `CURL_PULL_*` settings cf-h1-proxy: no CURLOPT_USERAGENT in CONNECT with hyper cf-socket: show errno in tcpkeepalive error messages CI/distcheck: run full tests cmake: add option to disable building docs cmake: fix generation for system name iOS cmake: fix typo cmake: freshen up docs/INSTALL.cmake cmake: prefill/cache `HAVE_STRUCT_SOCKADDR_STORAGE` cmake: rework options to enable curl and libcurl docs cmake: when USE_MANUAL=YES, build the curl.1 man page cmdline-opts/write-out.d: remove spurious double quotes cmdline-opts: update availability for the *-ca-native options cmdline/gen: fix the sorting of the man page options configure: add libngtcp2_crypto_boringssl detection configure: fix no default int compile error in ipv6 detection configure: when enabling QUIC, check that TLS supports QUIC connect: remove margin from eyeballer alloc content_encoding: change return code to typedef'ed enum cookie.d: document use of empty string to enable cookie engine cookie: avoid fopen with empty file name curl.h: CURLOPT_DNS_SERVERS is only available with c-ares curl: show ipfs and ipns as supported "protocols" curl_easy_getinfo.3: remove the wrong time value count curl_multi_fdset.3: remove mention of null pointer support CURLINFO_REFERER.3: clarify that it is the *request* header CURLOPT_AUTOREFERER.3: mention CURLINFO_REFERER CURLOPT_POSTFIELDS.3: fix incorrect C string escape in example CURLOPT_SSH_*_KEYFILE: clarify dist: add tests/errorcodes.pl to the tarball docs: clean up Protocols: for cmdline options docs: describe and highlight super cookies docs: do not start lines/sentences with So, But nor And docs: install curl.1 with cmake docs: mention env vars not used by schannel doh: remove unused local variable examples: add four new examples file+ftp: use stack buffers instead of data->state.buffer ftp: handle the PORT parsing without allocation ftp: use dynbuf to store entrypath ftp: use memdup0 to store the OS from a SYST 215 response ftpserver.pl: send 213 SIZE response without spurious newline gen.pl: support ## for doing .IP in table-like lists gen: do italics/bold for a range of letters, not just single word GHA: add a job scanning for "bad words" in markdown GHA: bump ngtcp2, gnutls, mod_h2, quiche gnutls: fix build with --disable-verbose haproxy-clientip.d: document the arg headers: make sure the trailing newline is not stored headers: remove assert from Curl_headers_push hostip: return error immediately when Curl_ip2addr() fails hsts: remove assert for zero length domain http2: improved on_stream_close/data_done handling http3/quiche: fix result code on a stream reset http3: initial support for OpenSSL 3.2 QUIC stack http: adjust_pollset fix http: check for "Host:" case insensitively http: fix off-by-one error in request method length check http: only act on 101 responses when they are HTTP/1.1 http: remove comment reference to a removed solution http: use stack scratch buffer http_proxy: a blank CURLOPT_USERAGENT should not be used in CONNECT krb5: add prototype to silence clang warnings on mvsnprintf() lib: add debug log outputs for CURLE_BAD_FUNCTION_ARGUMENT lib: error out on multissl + http3 lib: fix variable undeclared error caused by `infof` changes lib: reduce use of strncpy lib: rename Curl_strndup to Curl_memdup0 to avoid misunderstanding lib: replace readwrite with write_resp lib: strndup/memdup instead of malloc, memcpy and null-terminate libssh2: use `libssh2_session_callback_set2()` with v1.11.1 libssh: improve the deprecation warning dismissal libssh: supress warnings without version check Makefile.am: fix the MSVC project generation Makefile.mk: drop Windows support mbedtls: fix `-Wnull-dereference` and `-Wredundant-decls` mbedtls: free the entropy when threaded mime: use memdup0 instead of malloc + memcpy mksymbolsmanpage.pl: provide references to where the symbol is used mprintf: overhaul and bugfixes mqtt: use stack scratch buffer for recv+publish multi: remove total timer reset in file_do() while fetching file:// ngtcp2: put h3 at the front of alpn ntlm_wb: do not use data->state.buffer any longer openldap: fix an LDAP crash openldap: fix STARTTLS openssl: re-match LibreSSL deinit with init openssl: when verifystatus fails, remove session id from cache OS400: sync ILE/RPG binding pingpong: stop using the download buffer pop3: replace calloc + memcpy with memdup0 pytest: scorecard tracking CPU and RSS quiche: return CURLE_HTTP3 on send to invalid stream readwrite_data: loop less Revert "urldata: move async resolver state from easy handle to connectdata" rtsp: deal with borked server responses runtests: for mode="text" on <stdout>, fix newlines on both parts sasl: make login option string override http auth schannel: fix `-Warith-conversion` gcc 13 warning sectransp: do verify_cert without memdup for blobs sectransp_ make TLSCipherNameForNumber() available in non-verbose config sendf: fix compiler warning with CURL_DISABLE_HEADERS_API setopt: clear mimepost when formp is freed setopt: use memdup0 when cloning COPYPOSTFIELDS socks: fix generic output string to say SOCKS instead of SOCKS4 socks: use own buffer instead of data->state.buffer ssh: fix namespace of two local macros ssh: use stack scratch buffer for seeks strerror: repair get_winsock_error() system.h: sync mingw `CURL_TYPEOF_CURL_SOCKLEN_T` with other compilers system_win32: fix a function pointer assignment warning telnet: use dynbuf instad of malloc for escape buffer telnet: use stack scratch buffer for do tests/server: delete workaround for old-mingw tests: avoid int/size_t conversion size/sign warnings tests: respect $TMPDIR when creating unix domain sockets tool: make parser reject blank arguments if not supported tool: prepend output_dir in header callback tool_getparam: bsearch cmdline options tool_getparam: do not try to expand without an argument tool_getparam: stop supporting `@filename` style for --cookie tool_listhelp: regenerate after recent .d updates tool_operate: make --remove-on-error only remove "real" files tool_operate: stop setting the file comment on Amiga transfer: adjust_pollset improvements transfer: fix upload rate limiting, add test cases transfer: make the select_bits_paused condition check both directions transfer: remove warning: Value stored to 'blen' is never read url: don't set default CA paths for Secure Transport backend url: for disabled protocols, mention if found in redirect urlapi: remove assert verify-examples.pl: fail verification on unescaped backslash version: show only the libpsl version, not its dependencies vquic: extract TLS setup into own source vtls: fix missing multissl version info vtls: receive max buffer vtls: remove the Curl_cft_ssl_proxy object if CURL_DISABLE_PROXY websockets: check for negative payload lengths websockets: refactor decode chain windows: delete redundant headers windows: simplify detecting and using system headers wolfssl: load certificate *chain* for PEM client certs x509asn1: remove code for WANT_VERIFYHOST x509asn1: switch from malloc to dynbuf 8.5.0 Changes: gnutls: support CURLSSLOPT_NATIVE_CA HTTP3: ngtcp2 builds are no longer experimental Bugfixes: appveyor: make VS2008-built curl tool runnable asyn-thread: use pipe instead of socketpair for IPC when available autotools: accept linker flags via `CURL_LDFLAGS_{LIB,BIN}` autotools: avoid passing `LDFLAGS` twice to libcurl autotools: delete LCC compiler support bits autotools: fix/improve gcc and Apple clang version detection autotools: stop setting `-std=gnu89` with `--enable-warnings` autotools: update references to deleted `crypt-auth` option BINDINGS: add V binding build: add `src/.checksrc` to source tarball build: add more picky warnings and fix them build: always revert `#pragma GCC diagnostic` after use build: delete `HAVE_STDINT_H` and `HAVE_INTTYPES_H` build: delete support bits for obsolete Windows compilers build: fix 'threadsafe' feature detection for older gcc build: fix builds that disable protocols but not digest auth build: fix compiler warning with auths disabled build: fix libssh2 + `CURL_DISABLE_DIGEST_AUTH` + `CURL_DISABLE_AWS` build: picky warning updates build: require Windows XP or newer cfilter: provide call to tell connection to forget a socket CI: add autotools, out-of-tree, debug build to distro check job CI: ignore test 286 on Appveyor gcc 9 build cmake: add `CURL_DISABLE_BINDLOCAL` option cmake: add test for `DISABLE` options, add `CURL_DISABLE_HEADERS_API` cmake: dedupe Windows system libs cmake: fix `HAVE_H_ERRNO_ASSIGNABLE` detection cmake: fix CURL_DISABLE_GETOPTIONS cmake: fix multiple include of CURL package cmake: fix OpenSSL quic detection in quiche builds cmake: option to disable install & drop `curlu` target when unused cmake: pre-fill rest of detection values for Windows cmake: replace `check_library_exists_concat()` cmake: speed up threads setup for Windows cmake: speed up zstd detection config-win32: set `HAVE_SNPRINTF` for mingw-w64 configure: better --disable-http configure: check for the fseeko declaration too conncache: use the closure handle when disconnecting surplus connections content_encoding: make Curl_all_content_encodings allocless cookie: lowercase the domain names before PSL checks curl.h: delete Symbian OS references curl.h: on FreeBSD include sys/param.h instead of osreldate.h curl.rc: switch out the copyright symbol for plain ASCII curl: improved IPFS and IPNS URL support curl_easy_duphandle.3: clarify how HSTS and alt-svc are duped Curl_http_body: cleanup properly when Curl_getformdata errors curl_setup: disallow Windows IPv6 builds missing getaddrinfo curl_sspi: support more revocation error names in error messages CURLINFO_PRETRANSFER_TIME_T.3: fix time explanation CURLMOPT_MAX_CONCURRENT_STREAMS: make sure the set value is within range CURLOPT_CAINFO_BLOB.3: explain what CURL_BLOB_COPY does CURLOPT_WRITEFUNCTION.3: clarify libcurl returns for CURL_WRITEFUNC_ERROR CURPOST_POSTFIELDS.3: add CURLOPT_COPYPOSTFIELDS in SEE ALSO docs/example/keepalive.c: show TCP keep-alive options docs/example/localport.c: show off CURLOPT_LOCALPORT docs/examples/interface.c: show CURLOPT_INTERFACE use docs/libcurl: fix three minor man page format mistakes docs/libcurl: SYNSOPSIS cleanup docs: add supported version for the json write-out docs: clarify that curl passes on input unfiltered docs: fix function typo in curl_easy_option_next.3 docs: KNOWN_BUGS cleanup docs: preserve the modification date when copying the prebuilt man page docs: remove bold from some man page SYNOPSIS sections docs: use SOURCE_DATE_EPOCH for generated manpages doh: provide better return code for responses w/o addresses doh: use PIPEWAIT when HTTP/2 is attempted duphandle: also free 'outcurl->cookies' in error path duphandle: make dupset() not return with pointers to old alloced data duphandle: use strdup to clone *COPYPOSTFIELDS if size is not set easy: in duphandle, init the cookies for the new handle easy: remove duplicate wolfSSH init call easy_lock: add a pthread_mutex_t fallback fopen: create new file using old file's mode fopen: create short(er) temporary file name getenv: PlayStation doesn't have getenv() GHA: move mod_h2 version in CI to v2.0.25 hostip: show the list of IPs when resolving is done hostip: silence compiler warning `-Wparentheses-equality` hsts: skip single-dot hostname HTTP/2, HTTP/3: handle detach of onoing transfers http2: header conversion tightening http2: provide an error callback and failf the message http2: safer invocation of populate_binsettings http: allow longer HTTP/2 request method names http: avoid Expect: 100-continue if Upgrade: is used http: consider resume with CURLOPT_FAILONERRROR and 416 to be fine http: fix `-Wunused-parameter` with no auth and no proxy http: fix `-Wunused-variable` compiler warning http: fix empty-body warning http_aws_sigv4: canonicalise valueless query params hyper: temporarily remove HTTP/2 support INSTALL: update list of ports and CPU archs IPFS: fix IPFS_PATH and file parsing keylog: disable if unused lib: add and use Curl_strndup() lib: apache style infof and trace macros/functions lib: fix gcc warning in printf call libcurl-errors.3: sync with current public headers libcurl-thread.3: simplify the TLS section Makefile.am: drop vc10, vc11 and vc12 projects from dist Makefile.mk: fix `-rtmp` option for non-Windows mime: store "form escape" as a single bit misc: fix -Walloc-size warnings msh3: error when built with CURL_DISABLE_SOCKETPAIR set multi: during ratelimit multi_getsock should return no sockets multi: use pipe instead of socketpair to *wakeup() ngtcp2: fix races in stream handling ntlm_wb: use pipe instead of socketpair when possible openldap: move the alloc of ldapconninfo to *connect() openldap: set the callback argument in oldap_do openssl: avoid BN_num_bits() NULL pointer derefs openssl: fix building with v3 `no-deprecated` + add CI test openssl: fix infof() to avoid compiler warning for %s with null openssl: identify the "quictls" backend correctly openssl: include SIG and KEM algorithms in verbose openssl: make CURLSSLOPT_NATIVE_CA import Windows intermediate CAs openssl: two multi pointer checks should probably rather be asserts openssl: when a session-ID is reused, skip OCSP stapling page-footer: clarify exit code 25 projects: add VC14.20 project files pytest: use lower count in repeat tests quic: make eyeballers connect retries stop at weird replies quic: manage connection idle timeouts quiche: use quiche_conn_peer_transport_params() rand: fix build error with autotools + LibreSSL resolve.d: drop a multi use-sentence RTSP: improved RTP parser sasl: fix `-Wunused-function` compiler warning schannel: add CA cache support for files and memory blobs setopt: check CURLOPT_TFTP_BLKSIZE range on set setopt: remove outdated cookie comment setopt: remove superfluous use of ternary expressions socks: better buffer size checks for socks4a user and hostname socks: make SOCKS5 use the CURLOPT_IPRESOLVE choice symbols-in-versions: the CLOSEPOLICY options are deprecated test1683: remove commented-out check alternatives test3103: add missing quotes around a test tag attribute test613: stop showing an error on missing output file tests/README: SOCKS tests are not using OpenSSH, it has its own server tests/server: add more SOCKS5 handshake error checking tests: Fix Windows test helper tool search & use it for handle64 tidy-up: casing typos, delete unused Windows version aliases tool: fix --capath when proxy support is disabled tool: support bold headers in Windows tool_cb_hdr: add an additional parsing check tool_cb_prg: make the carriage return fit for wide progress bars tool_cb_wrt: fix write output for very old Windows versions tool_getparam: limit --rate to be smaller than number of ms tool_operate: do not mix memory models tool_operate: fix links in ipfs errors tool_parsecfg: make warning output propose double-quoting tool_urlglob: fix build for old gcc versions tool_urlglob: make multiply() bail out on negative values tool_writeout_json: fix JSON encoding of non-ascii bytes transfer: abort pause send when connection is marked for closing transfer: avoid calling the read callback again after EOF transfer: only reset the FTP wildcard engine in CLEAR state url: don't touch the multi handle when closing internal handles url: find scheme with a "perfect hash" url: fix `-Wzero-length-array` with no protocols url: fix builds with `CURL_DISABLE_HTTP` url: protocol handler lookup tidy-up url: proxy ssl connection reuse fix urlapi: avoid null deref if setting blank host to url encode urlapi: skip appending NULL pointer query urlapi: when URL encoding the fragment, pass in the right length urldata: make maxconnects a 32 bit value urldata: move async resolver state from easy handle to connectdata urldata: move cookielist from UserDefined to UrlState urldata: move hstslist from 'set' to 'state' urldata: move the 'internal' boolean to the state struct vssh: remove the #ifdef for Curl_ssh_init, use empty macro vtls: cleanup SSL config management vtls: consistently use typedef names for OpenSSL structs vtls: late clone of connection ssl config vtls: use ALPN "http/1.1" for HTTP/1.x, including HTTP/1.0 VULN-DISCLOSURE-POLICY: escape sequences are not a security flaw windows: use built-in `_WIN32` macro to detect Windows wolfssh: remove redundant static prototypes wolfssl: add default case for wolfssl_connect_step1 switch wolfssl: require WOLFSSL_SYS_CA_CERTS for loading system CA 8.4.0 Changes: curl: add support for the IPFS protocols via HTTP gateway curl_multi_get_handles: get easy handles from a multi handle mingw: delete support for legacy mingw.org toolchain Bugfixes: acinclude.m4: Document proper system truststore on FreeBSD appveyor: fix yamlint issues, indent appveyor: rewrite batch in PowerShell + CI improvements autotools: adjust `CURL_CA_PATH` value to CMake autotools: restore `HAVE_IOCTL_*` detections base64: also build for curl bufq: remove Curl_bufq_skip_and_shift (unused) build: delete checks for C89 standard headers build: do not publish `HAVE_BORINGSSL`, `HAVE_AWSLC` macros cf-socket: simulate slow/blocked receives in debug cmake, configure: also link with CoreServices cmake: add check for suseconds_t cmake: add feature checks for `memrchr` and `getifaddrs` cmake: add missing checks cmake: delete old `HAVE_LDAP_URL_PARSE` logic cmake: detect `HAVE_CLOCK_GETTIME_MONOTONIC_RAW` cmake: detect `HAVE_GETADDRINFO_THREADSAFE` cmake: detect `sys/wait.h` and `netinet/udp.h` cmake: detect TLS-SRP in OpenSSL/wolfSSL/GnuTLS cmake: disable unity mode with Windows Unicode + TrackMemory cmake: fix `HAVE_LDAP_SSL`, `HAVE_LDAP_URL_PARSE` on non-Windows cmake: fix `HAVE_WRITABLE_ARGV` detection cmake: fix duplicate symbols when linking tests cmake: fix missing `zlib.h` when compiling `libcurltool` cmake: fix stderr initialization in unity builds cmake: fix the help text to the static build option in CMakeLists.txt cmake: fix unity builds for more build combinations cmake: fix unity symbol collisions in h2 builds cmake: fix unity with Windows Unicode + TrackMemory cmake: improve OpenLDAP builds cmake: lib `CURL_STATICLIB` fixes (Windows) cmake: move global headers to specific checks cmake: pre-cache `HAVE_BASENAME` for mingw-w64 and MSVC cmake: pre-cache `HAVE_POLL_FINE` on Windows cmake: tidy-up `NOT_NEED_LBER_H` detection cmake: validate `CURL_DEFAULT_SSL_BACKEND` config value configure: check for the capath by default configure: remove unused checks configure: replace adhoc domain with `localhost` in tests configure: sort AC_CHECK_FUNCS connect: expire the timeout when trying next connect: only start the happy eyeballs timer when needed cookie: do not store the expire or max-age strings cookie: remove unnecessary struct fields cookie: set ->running in cookie_init even if data is NULL create-dirs.d: clarify it also uses --output-dirs curl.h: mark CURLSSLBACKEND_NSS as deprecated since 8.3.0 curl_easy_pause.3: mention h2/h3 buffering curl_easy_pause.3: mention it works within callbacks curl_easy_pause: set "in callback" true on exit if true CURLOPT_DEBUGFUNCTION.3: warn about internal handles docs/libcurl/opts/Makefile.inc: add missing manpage files docs: adapt SEE ALSO sections to new requirements docs: explain how PINNEDPUBLICKEY is independent of VERIFYPEER docs: replace made up domains with example.com docs: update curl man page references docs: use CURLSSLBACKEND_NONE doh: inherit DEBUGFUNCTION/DATA escape: replace Curl_isunreserved with ISUNRESERVED FAQ: How do I upgrade curl.exe in Windows? GHA/linux: run singleuse to detect single-use global functions GHA: add workflow to compare configure vs cmake outputs h2-proxy: remove left-over mistake in drain_tunnel() h2: testcase and fix for pausing h2 streams h3: add support for ngtcp2 with AWS-LC builds http2: refused stream handling for retry http: fix CURL_DISABLE_BEARER_AUTH breakage http: h1/h2 proxy unification http: remove wrong comment for http_should_fail http: use per-request counter to check too large headers http_aws_sigv4: fix sorting with empty parts idn: fix WinIDN null ptr deref on bad host idn: if idn2_check_version returns NULL, return error inet_ntop: add typecast to silence Coverity lib: disambiguate Curl_client_write flag semantics lib: enable hmac for digest as well lib: failf/infof compiler warnings lib: let the max filesize option stop too big transfers too lib: move handling of `data->req.writer_stack` into Curl_client_write() lib: provide and use Curl_hexencode lib: remove TIME_WITH_SYS_TIME lib: use wrapper for curl_mime_data fseek callback libssh2: fix error message on failed pubkey-from-file libssh: cap SFTP packet size sent Makefile.mk: always set `CURL_STATICLIB` for lib (Windows) MANUAL.md: change domain to example.com misc: better random strings MQTT: improve receive of ACKs multi: do CURLM_CALL_MULTI_PERFORM at two more places multi: fix small timeouts multi: remove Curl_multi_dump multi: round the timeout up to prevent early wakeups multi: set CURLM_CALL_MULTI_PERFORM after switch to DOING_MORE openssl: improve ssl shutdown handling openssl: use X509_ALGOR_get0 instead of reaching into X509_ALGOR pytest: exclude test_03_goaway in CI runs due to timing dependency quic: set ciphers/curves the same way regular TLS does quiche: fix build error with --with-ca-fallback RELEASE-PROCEDURE.md: updated coming release dates runtests: display the test status if tests appear hung runtests: eliminate a warning on old perl versions socks: return error if hostname too long for remote resolve src/mkhelp: make generated code pass `checksrc` test1056: disable on Windows test1474: disable test on NetBSD, OpenBSD and Solaris 10 test1592: greatly increase the maximum test timeout test1903: actually verify the cookies after the test test1906: set a lower timeout since it's hit on Windows test2600: remove special case handling for USE_ALARM_TIMEOUT test650: fix an end tag typo test661: return from test early in case of curl error test: add missing <feature>s tests: close the shell used to start sshd tests: fix a race condition in ftp server disconnect tests: fix compiler warnings tests: Fix zombie processes left behind by FTP tests. tests: improve SLOWDOWN test reliability by reducing sent data tests: increase lib571 timeout from 3s to 30s tests: log the test result code after each libtest tests: propagate errors in libtests tests: set --expect100-timeout to improve test reliability tests: show which curl tool `runtests.pl` is using tests: stop overriding the lock timeout tftpd: always use curl's own tftp.h tool: use our own stderr variable tool_cb_wrt: fix debug assertion tool_getparam: accept variable expansion on file names too tool_setopt: remove unused function tool_setopt_flags upload-file.d: describe the file name slash/backslash handling url: fall back to http/https proxy env-variable if ws/wss not set url: fix netrc info message warnless: remove unused functions wolfssh: do cleanup in Curl_ssh_cleanup wolfssl: allow capath with CURLOPT_CAINFO_BLOB wolfssl: if CURLOPT_CAINFO_BLOB is set, ignore the CA files wolfssl: ignore errors in CA path 8.3.0 Changes: curl: make %output{} in -w specify a file to write to gskit: remove lib: --disable-bindlocal builds curl without local binding support nss: remove support for this TLS library tool: add "variable" support trace: make tracing available in non-debug builds url: change default value for CURLOPT_MAXREDIRS to 30 urlapi: CURLU_PUNY2IDN - convert from punycode to IDN name wolfssl: support loading system CA certificates Bugfixes: altsvc: accept and parse IPv6 addresses in response headers asyn-ares: reduce timeout to 2000ms aws-sigv4: canonicalize the query aws-sigv4: fix having date header twice in some cases aws-sigv4: handle no-value user header entries bearssl: don't load CA certs when peer verification is disabled bearssl: handshake fix, provide proper get_select_socks() implementation build: fix portability of mancheck and checksrc targets build: streamline non-UWP wincrypt detections c-hyper: adjust the hyper to curlcode conversion c-hyper: fix memory leaks in `Curl_http` cf-haproxy: make CURLOPT_HAPROXY_CLIENT_IP set the *source* IP cf-socket: log successful interface bind CI/cirrus: disable python install on FreeBSD CI: add a 32-bit i686 Linux build CI: add caching to many jobs CI: move on to ngtcp2 v0.19.1 CI: move the Alpine build from Cirrus to GHA CI: ngtcp2-linux: use separate caches for tls libraries CI: remove Windows builds from Cirrus, without replacement CI: switch macOS ARM build from Cirrus to Circle CI CI: use master again for wolfssl cirrus: install everthing with pkg, avoid pip cmake: add GnuTLS option cmake: add support for `CURL_DEFAULT_SSL_BACKEND` cmake: add support for single libcurl compilation pass cmake: allow `SHARE_LIB_OBJECT=ON` on all platforms cmake: assume `wldap32` availability on Windows cmake: cache more config and delete unused ones cmake: detect `SSL_set0_wbio` in OpenSSL cmake: drop `HAVE_LIBWINMM` and `HAVE_LIBWS2_32` feature checks cmake: fix to use variable for the curl namespace cmake: fixup H2 duplicate symbols for unity builds cmake: set SIZEOF_LONG_LONG in curl_config.h cmake: support building static and shared libcurl in one go cmdline-docs: make sure to phrase it as "added in ...." cmdline-docs: use present tense, not future cmdline-opts/docs: mention the negative option part cmdline-opts/page-header: clarify stronger that !opt == URL cmdline-opts/page-header: reorder, clean up configure, cmake, lib: more form api deprecation configure: fix `HAVE_TIME_T_UNSIGNED` check configure: trust pkg-config when it's used for zlib configure: use the pkg-config --libs-only-l flag for libssh2 connect: stop halving the remaining timeout when less than 600 ms left cookie-jar.d: emphasize that this option is ONLY writing cookies crypto: ensure crypto initialization works curl_url_get/set.3: add missing semicolon in SYNOPSIS CURLINFO_CERTINFO.3: better explain curl_certinfo struct CURLINFO_TLS_SSL_PTR.3: clarify a recommendation CURLOPT_*TIMEOUT*: extend and clarify CURLOPT_SSL_VERIFYPEER.3: mention it does not load CA certs when disabled CURLOPT_URL.3: add two URL API calls in the see-also section CURLOPT_URL.3: explain curl_url_set() uses the same parser digest: Use hostname to generate spn instead of realm disable.d: explain --disable not implemented prior to 7.50.0 docs/cmdline-opts/gen.pl: hide "added in" before 7.50.0 docs/cmdline-opts: match the current output docs/cmdline-opts: spellfixes, typos and polish docs/cmdline: add small "warning" to verbose options docs/cmdline: remove repeated working for negotiate + ntlm docs/HYPER.md: document a workaround for a link error docs: add curl_global_trace to some SEE ALSO sections docs: link to the website versions instead of markdowns docs: mark --ssl-revoke-best-effort as Schannel specific docs: mention critical files in same directories as curl saves docs: removing "pausing transfers" from HYPER.md. docs: rewrite to present tense easy: remove #ifdefs to make code easier on the eye egd: delete feature detection and related source code ftp: fix temp write of ipv6 address gen.pl: escape all dashes (ascii minus) to avoid unicode hyphens gen.pl: replace all single quotes with aq GHA: adding quiche workflow headers: accept leading whitespaces on first response header http2: avoid too early connection re-use/multiplexing http2: cleanup trace messages http2: disable asssertion blocking OSSFuzz testing http2: fix in h2 proxy tunnel: progress in ingress on sending http2: polish things around POST http2: upgrade tests and add fix for non-existing stream http3/ngtcp2: shorten handshake, trace cleanup http3: quiche, handshake optimization, trace cleanup http: close the connection after a late 417 is received http: do not require a user name when using CURLAUTH_NEGOTIATE http: fix sending of large requests http: remove the p_pragma struct field http: return error when receiving too large header set hyper: fix a progress upload counter bug hyper: fix ownership problems hyper: remove `hyptransfer->endtask` imap: add a check for failing strdup() imap: remove the only sscanf() call in the IMAP code include.d: explain headers not printed with --fail before 7.75.0 include/curl/mprintf.h: add __attribute__ for the prototypes krb5: fix "implicit conversion loses integer precision" warnings lib: add ability to disable auths individually lib: build fixups when built with most things disabled lib: fix a few *printf() flag mistakes lib: fix null ptr derefs and uninitialized vars (h2/h3) lib: move mimepost data from ->req.p.http to ->state libtest: use curl_free() to free libcurl allocated data list-only.d: mention SFTP as supported protocol macOS: fix target detection more misc: fix various typos multi.h: the 'revents' field of curl_waitfd is supported multi: more efficient pollfd count for poll multi: remove 'processing: <url>' debug message ngtcp2: fix handling of large requests openssl: auto-detect `SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED` openssl: clear error queue after SSL_shutdown openssl: make aws-lc version support OCSP openssl: Support async cert verify callback openssl: switch to modern init for LibreSSL 2.7.0+ openssl: use `SSL_CTX_set_ciphersuites` with LibreSSL 3.4.1 openssl: use `SSL_CTX_set_keylog_callback` with LibreSSL 3.5.0 openssl: when CURLOPT_SSL_CTX_FUNCTION is registered, init x509 store before os400: build test servers os400: do not check translatable options at build time os400: implement CLI tool page-footer: QLOGDIR works with ngtcp2 and quiche page-header: move up a URL paragraph from GLOBBING to URL pytest: fix check for slow_network skips to only apply when intended quic: don't set SNI if hostname is an IP address quiche: adjust quiche `QUIC_IDLE_TIMEOUT` to 60s quiche: enable quiche to handle timeout events resolve: use PF_INET6 family lookups when CURL_IPRESOLVE_V6 is set revert "schannel: reverse the order of certinfo insertions" schannel: fix ordering of cert chain info schannel: fix user-set legacy algorithms in Windows 10 & 11 schannel: verify hostname independent of verify cert sectransp: fix compiler warnings sectransp: prevent CFRelease() of NULL secureserver.pl: fix stunnel path quoting secureserver.pl: fix stunnel version parsing SECURITY-PROCESS.md: not a sec issue: Tricking user to run a cmdline system.h: add CURL_OFF_T definitions on HP-UX with HP aCC test1304: build and skip without netrc support test1554: check translatable string options in OS400 wrapper test1608: make it build and get skipped without shuffle DNS support test687/688: two more basic --xattr tests tests/tftpd+mqttd: make variables static to silence picky warnings tests: add 'large-time' as a testable feature tests: add support for nested %if conditions tests: don't call HTTP errors OK in test cases tests: ensure `libcurl.def` contains all exports tests: fix h3 server check and parallel instances tests: TLS session sharing test tests: update cookie expiry dates to far in the future time-cond.d: mention what happens on a missing file tool: avoid including leading spaces in the Location hyperlink tool: change some fopen failures from warnings to errors tool: make the length argument an int for printf()-.* flags tool_cb_wrt: fix invalid unicode for windows console tool_filetime: make -z work with file dates before 1970 tool_operate: allow both SSL_CERT_FILE and SSL_CERT_DIR tool_operate: make aws-sigv4 not require TLS to be used tool_paramhlp: improve str2num(): avoid unnecessary call to strlen() tool_urlglob: use the correct format specifier for curl_off_t in msnprintf transfer: also stop the sending on closed connection transfer: don't set TIMER_STARTTRANSFER on first send unit2600: fix build warning if built without verbose messages url: remove infof() output for "still name resolving" urlapi: fix heap buffer overflow urlapi: make sure zoneid is also duplicated in curl_url_dup urlapi: return CURLUE_BAD_HOSTNAME if puny2idn encoding fails urlapi: setting a blank URL ("") is not an ok URL vquic: show stringified messages for errno vtls: clarify "ALPN: offers" message winbuild: improve check for static zlib wolfSSL: avoid the OpenSSL compat API when not needed workflows/macos.yml: disable zstd and alt-svc in the http-only build write-out.d: clarify %{time_starttransfer} ws: fix spelling mistakes in examples and tests Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org> --- config/rootfiles/common/curl | 14 ++++++- lfs/curl | 7 ++-- ...15d8aee6c1045be932a34fe6107c2f5ed147.patch | 38 ------------------- 3 files changed, 16 insertions(+), 43 deletions(-) delete mode 100644 src/patches/curl-8.4.0-fb4415d8aee6c1045be932a34fe6107c2f5ed147.patch diff --git a/config/rootfiles/common/curl b/config/rootfiles/common/curl index 4559aaaa8..362e047e2 100644 --- a/config/rootfiles/common/curl +++ b/config/rootfiles/common/curl @@ -19,7 +19,6 @@ usr/lib/libcurl.so.4 usr/lib/libcurl.so.4.8.0 #usr/lib/pkgconfig/libcurl.pc #usr/share/aclocal/libcurl.m4 -#usr/share/man/man1/curl-config.1 #usr/share/man/man1/curl.1 #usr/share/man/man3/CURLINFO_ACTIVESOCKET.3 #usr/share/man/man3/CURLINFO_APPCONNECT_TIME.3 @@ -30,6 +29,7 @@ usr/lib/libcurl.so.4.8.0 #usr/share/man/man3/CURLINFO_CONDITION_UNMET.3 #usr/share/man/man3/CURLINFO_CONNECT_TIME.3 #usr/share/man/man3/CURLINFO_CONNECT_TIME_T.3 +#usr/share/man/man3/CURLINFO_CONN_ID.3 #usr/share/man/man3/CURLINFO_CONTENT_LENGTH_DOWNLOAD.3 #usr/share/man/man3/CURLINFO_CONTENT_LENGTH_DOWNLOAD_T.3 #usr/share/man/man3/CURLINFO_CONTENT_LENGTH_UPLOAD.3 @@ -61,6 +61,7 @@ usr/lib/libcurl.so.4.8.0 #usr/share/man/man3/CURLINFO_PROXYAUTH_AVAIL.3 #usr/share/man/man3/CURLINFO_PROXY_ERROR.3 #usr/share/man/man3/CURLINFO_PROXY_SSL_VERIFYRESULT.3 +#usr/share/man/man3/CURLINFO_QUEUE_TIME_T.3 #usr/share/man/man3/CURLINFO_REDIRECT_COUNT.3 #usr/share/man/man3/CURLINFO_REDIRECT_TIME.3 #usr/share/man/man3/CURLINFO_REDIRECT_TIME_T.3 @@ -90,6 +91,8 @@ usr/lib/libcurl.so.4.8.0 #usr/share/man/man3/CURLINFO_TLS_SSL_PTR.3 #usr/share/man/man3/CURLINFO_TOTAL_TIME.3 #usr/share/man/man3/CURLINFO_TOTAL_TIME_T.3 +#usr/share/man/man3/CURLINFO_USED_PROXY.3 +#usr/share/man/man3/CURLINFO_XFER_ID.3 #usr/share/man/man3/CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE.3 #usr/share/man/man3/CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE.3 #usr/share/man/man3/CURLMOPT_MAXCONNECTS.3 @@ -159,6 +162,7 @@ usr/lib/libcurl.so.4.8.0 #usr/share/man/man3/CURLOPT_DOH_SSL_VERIFYPEER.3 #usr/share/man/man3/CURLOPT_DOH_SSL_VERIFYSTATUS.3 #usr/share/man/man3/CURLOPT_DOH_URL.3 +#usr/share/man/man3/CURLOPT_ECH.3 #usr/share/man/man3/CURLOPT_EGDSOCKET.3 #usr/share/man/man3/CURLOPT_ERRORBUFFER.3 #usr/share/man/man3/CURLOPT_EXPECT_100_TIMEOUT_MS.3 @@ -301,6 +305,7 @@ usr/lib/libcurl.so.4.8.0 #usr/share/man/man3/CURLOPT_PROXY_TLSAUTH_USERNAME.3 #usr/share/man/man3/CURLOPT_PROXY_TRANSFER_MODE.3 #usr/share/man/man3/CURLOPT_PUT.3 +#usr/share/man/man3/CURLOPT_QUICK_EXIT.3 #usr/share/man/man3/CURLOPT_QUOTE.3 #usr/share/man/man3/CURLOPT_RANDOM_FILE.3 #usr/share/man/man3/CURLOPT_RANGE.3 @@ -326,6 +331,7 @@ usr/lib/libcurl.so.4.8.0 #usr/share/man/man3/CURLOPT_SEEKDATA.3 #usr/share/man/man3/CURLOPT_SEEKFUNCTION.3 #usr/share/man/man3/CURLOPT_SERVER_RESPONSE_TIMEOUT.3 +#usr/share/man/man3/CURLOPT_SERVER_RESPONSE_TIMEOUT_MS.3 #usr/share/man/man3/CURLOPT_SERVICE_NAME.3 #usr/share/man/man3/CURLOPT_SHARE.3 #usr/share/man/man3/CURLOPT_SOCKOPTDATA.3 @@ -335,6 +341,8 @@ usr/lib/libcurl.so.4.8.0 #usr/share/man/man3/CURLOPT_SOCKS5_GSSAPI_SERVICE.3 #usr/share/man/man3/CURLOPT_SSH_AUTH_TYPES.3 #usr/share/man/man3/CURLOPT_SSH_COMPRESSION.3 +#usr/share/man/man3/CURLOPT_SSH_HOSTKEYDATA.3 +#usr/share/man/man3/CURLOPT_SSH_HOSTKEYFUNCTION.3 #usr/share/man/man3/CURLOPT_SSH_HOST_PUBLIC_KEY_MD5.3 #usr/share/man/man3/CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256.3 #usr/share/man/man3/CURLOPT_SSH_KEYDATA.3 @@ -442,6 +450,7 @@ usr/lib/libcurl.so.4.8.0 #usr/share/man/man3/curl_global_init.3 #usr/share/man/man3/curl_global_init_mem.3 #usr/share/man/man3/curl_global_sslset.3 +#usr/share/man/man3/curl_global_trace.3 #usr/share/man/man3/curl_mime_addpart.3 #usr/share/man/man3/curl_mime_data.3 #usr/share/man/man3/curl_mime_data_cb.3 @@ -459,6 +468,7 @@ usr/lib/libcurl.so.4.8.0 #usr/share/man/man3/curl_multi_assign.3 #usr/share/man/man3/curl_multi_cleanup.3 #usr/share/man/man3/curl_multi_fdset.3 +#usr/share/man/man3/curl_multi_get_handles.3 #usr/share/man/man3/curl_multi_info_read.3 #usr/share/man/man3/curl_multi_init.3 #usr/share/man/man3/curl_multi_perform.3 @@ -471,6 +481,7 @@ usr/lib/libcurl.so.4.8.0 #usr/share/man/man3/curl_multi_strerror.3 #usr/share/man/man3/curl_multi_timeout.3 #usr/share/man/man3/curl_multi_wait.3 +#usr/share/man/man3/curl_multi_waitfds.3 #usr/share/man/man3/curl_multi_wakeup.3 #usr/share/man/man3/curl_pushheader_byname.3 #usr/share/man/man3/curl_pushheader_bynum.3 @@ -495,6 +506,7 @@ usr/lib/libcurl.so.4.8.0 #usr/share/man/man3/curl_ws_recv.3 #usr/share/man/man3/curl_ws_send.3 #usr/share/man/man3/libcurl-easy.3 +#usr/share/man/man3/libcurl-env-dbg.3 #usr/share/man/man3/libcurl-env.3 #usr/share/man/man3/libcurl-errors.3 #usr/share/man/man3/libcurl-multi.3 diff --git a/lfs/curl b/lfs/curl index a4fa21b1c..edb9a8201 100644 --- a/lfs/curl +++ b/lfs/curl @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team <info(a)ipfire.org> # +# Copyright (C) 2007-2024 IPFire Team <info(a)ipfire.org> # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 8.2.1 +VER = 8.8.0 THISAPP = curl-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 77c0b067935397afb3961378f2fe349fa988c6379c1ab7437c5d5f967710b2e9ba7aec91df8fe58a8b26c00c0164d4db9bd095ca27d1bf52b768c8d83cc0ecaf +$(DL_FILE)_BLAKE2 = c14903bad4cbd1752a5335afa6bcc78be1a484692fce0e0a6c2061963e0e6b4e56defb8332cef32d0dbddb481ad0443b71faf3a52a6e9d945c89ecbce373d2a3 install : $(TARGET) @@ -70,7 +70,6 @@ $(subst %,%_BLAKE2,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar xf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/curl-8.4.0-fb4415d8aee6c1045be932a34fe6107c2f5ed147.patch cd $(DIR_APP) && ./configure \ --prefix=/usr \ --disable-ipv6 \ diff --git a/src/patches/curl-8.4.0-fb4415d8aee6c1045be932a34fe6107c2f5ed147.patch b/src/patches/curl-8.4.0-fb4415d8aee6c1045be932a34fe6107c2f5ed147.patch deleted file mode 100644 index 0de35055f..000000000 --- a/src/patches/curl-8.4.0-fb4415d8aee6c1045be932a34fe6107c2f5ed147.patch +++ /dev/null @@ -1,38 +0,0 @@ -From fb4415d8aee6c1045be932a34fe6107c2f5ed147 Mon Sep 17 00:00:00 2001 -From: Jay Satiro <raysatiro(a)yahoo.com> -Date: Wed, 11 Oct 2023 07:34:19 +0200 -Subject: [PATCH] socks: return error if hostname too long for remote resolve - -Prior to this change the state machine attempted to change the remote -resolve to a local resolve if the hostname was longer than 255 -characters. Unfortunately that did not work as intended and caused a -security issue. - -Bug: https://curl.se/docs/CVE-2023-38545.html - -diff --git a/lib/socks.c b/lib/socks.c -index c492d663c4738..a7b5ab07e47d0 100644 ---- a/lib/socks.c -+++ b/lib/socks.c -@@ -587,9 +587,9 @@ static CURLproxycode do_SOCKS5(struct Curl_cfilter *cf, - - /* RFC1928 chapter 5 specifies max 255 chars for domain name in packet */ - if(!socks5_resolve_local && hostname_len > 255) { -- infof(data, "SOCKS5: server resolving disabled for hostnames of " -- "length > 255 [actual len=%zu]", hostname_len); -- socks5_resolve_local = TRUE; -+ failf(data, "SOCKS5: the destination hostname is too long to be " -+ "resolved remotely by the proxy."); -+ return CURLPX_LONG_HOSTNAME; - } - - if(auth & ~(CURLAUTH_BASIC | CURLAUTH_GSSAPI)) -@@ -903,7 +903,7 @@ static CURLproxycode do_SOCKS5(struct Curl_cfilter *cf, - } - else { - socksreq[len++] = 3; -- socksreq[len++] = (char) hostname_len; /* one byte address length */ -+ socksreq[len++] = (unsigned char) hostname_len; /* one byte length */ - memcpy(&socksreq[len], sx->hostname, hostname_len); /* w/o NULL */ - len += hostname_len; - } -- 2.45.2

2 3

[PATCH] kernel: reset asix88179 twice like in older kernels
by Arne Fitzenreiter 04 Jun '24

04 Jun '24

the kernel developers has removed a reset at bring the device fist up to save time. At my test's this result in not detecting the link correct. This readd the reset and at my tests the device has worked. fixes #13692 Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org> --- lfs/linux | 3 +++ .../linux/linux-6.6.32-asix88179_reset.patch | 17 +++++++++++++++++ 2 files changed, 20 insertions(+) create mode 100644 src/patches/linux/linux-6.6.32-asix88179_reset.patch diff --git a/lfs/linux b/lfs/linux index ca3b05119..3f5e60838 100644 --- a/lfs/linux +++ b/lfs/linux @@ -133,6 +133,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) # https://bugzilla.ipfire.org/show_bug.cgi?id=12760 cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-5.15-NFQUEUE-Hold-RCU-read-lock-while-calling-nf_reinject.patch + # reset ax88179 twice like in older kernels + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-6.6.32-asix88179_reset.patch + # Fix external module compile cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-6.0-fix_external_module_build.patch diff --git a/src/patches/linux/linux-6.6.32-asix88179_reset.patch b/src/patches/linux/linux-6.6.32-asix88179_reset.patch new file mode 100644 index 000000000..f0e7d09f1 --- /dev/null +++ b/src/patches/linux/linux-6.6.32-asix88179_reset.patch @@ -0,0 +1,17 @@ +diff -Naur linux-6.6.32.org/drivers/net/usb/ax88179_178a.c linux-6.6.32/drivers/net/usb/ax88179_178a.c +--- linux-6.6.32.org/drivers/net/usb/ax88179_178a.c 2024-05-25 16:22:56.000000000 +0200 ++++ linux-6.6.32/drivers/net/usb/ax88179_178a.c 2024-06-04 10:45:18.113453100 +0200 +@@ -1678,10 +1678,10 @@ + { + struct ax88179_data *ax179_data = dev->driver_priv; + +- if (ax179_data->initialized) ++// if (ax179_data->initialized) + ax88179_reset(dev); +- else +- ax179_data->initialized = 1; ++// else ++// ax179_data->initialized = 1; + + return 0; + } -- 2.39.2

2 1

CU 186 testing: AX88179 USB LAN adapter broken
by Charles Brown 04 Jun '24

04 Jun '24

With the issue reported in Bug# 13692, would it be possible to revert the kernel to 6.6.15 in CU 186?

2 4

[PATCH] fetchmail: Update to version 6.4.38
by Adolf Belka 03 Jun '24

03 Jun '24

- Update from version 6.4.36 to 6.4.38 - Update of rootfile not required - Changelog 6.4.38 # BREAKING CHANGES: * Tighten OpenSSL and wolfSSL version requirements again. See README.SSL. Distributors providing older versions that they backport security fixes for may want to patch socket.c but remember to redirect support to your distribution's support channels. The fetchmail maintainer only supports functionally unmodified builds with publicly available SSL/TLS library versions. fetchmail will refuse to build against OpenSSL 1.0.2 older than 1.0.2u, or wolfSSL older than 5.6.2. It will warn about OpenSSL older than 3.0.9, or between 3.1.0 and 3.1.4, or wolfSSL older than 5.6.6. # TRANSLATIONS: language translations were updated by these fine people: (in reverse alphabetical order of language codes): * ru: Kirill Isakov [Russian] * eo: Keith Bowes [Esperanto] Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org> --- lfs/fetchmail | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lfs/fetchmail b/lfs/fetchmail index 6b2dda18a..dbba637ba 100644 --- a/lfs/fetchmail +++ b/lfs/fetchmail @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team <info(a)ipfire.org> # +# Copyright (C) 2007-2024 IPFire Team <info(a)ipfire.org> # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -26,7 +26,7 @@ include Config SUMMARY = Full-Featured POP and IMAP Mail Retrieval Daemon -VER = 6.4.36 +VER = 6.4.38 THISAPP = fetchmail-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = fetchmail -PAK_VER = 15 +PAK_VER = 16 DEPS = @@ -48,7 +48,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = eb2f68d8e9254bd1cabb20aa8058326ee1c1e6819fc2ce011943708018b455d4259a2cf21d6eec0a4898ee1768c14f32d3617302ad418ccfbf6746c75c92c1fa +$(DL_FILE)_BLAKE2 = 6bb743b0e1f47143f69e3790ba2ad8849d2ec216c5fd7cc427a737e00183f2e3a65007df9dc5ffdebd991bd13e079a501519b271d02b1fd75151032d74e84dd2 install : $(TARGET) -- 2.45.1

1 4

[PATCH] intel-microcode: Update to version 20240531
by Adolf Belka 03 Jun '24

03 Jun '24

- Update from version 20240514 to 20240531 - Update of rootfile not required - Changelog 20240531 Update for functional issues. Refer to https://cdrdv2.intel.com/v1/dl/getContent/336562 Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org> --- lfs/intel-microcode | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lfs/intel-microcode b/lfs/intel-microcode index a1f7d6737..8cf0af29c 100644 --- a/lfs/intel-microcode +++ b/lfs/intel-microcode @@ -24,7 +24,7 @@ include Config -VER = 20240514 +VER = 20240531 THISAPP = Intel-Linux-Processor-Microcode-Data-Files-microcode-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -41,7 +41,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 2a3a357ecf8d9f17fd20cd651386e5687fbbca8a3a323caf846e7c84d440241c3c99cadd00016642c8d11f297c1d2ab63c54ea062644839b74f84d66b04c703e +$(DL_FILE)_BLAKE2 = 6a2c5ee6b6f3543b28f3753b30812e360bad50776b4f81e32a832e2169f38c11f8d5108ce0a81ddcdf1ecf7557baf1fd62c053a365f39a33ded5fd5018580b1f install : $(TARGET) -- 2.45.1

2 1

Fwd: [intel/Intel-Linux-Processor-Microcode-Data-Files] Release microcode-20240531 - microcode-20240531 Release
by Michael Tremer 03 Jun '24

03 Jun '24

Is anyone free to grab this one? Doesn’t sound too urgent to me, but we should have it updated of course. -Michael > Begin forwarded message: > > From: NayeliRico <notifications(a)github.com> > Subject: [intel/Intel-Linux-Processor-Microcode-Data-Files] Release microcode-20240531 - microcode-20240531 Release > Date: 1 June 2024 at 01:44:55 BST > To: intel/Intel-Linux-Processor-Microcode-Data-Files <Intel-Linux-Processor-Microcode-Data-Files(a)noreply.github.com> > Cc: Subscribed <subscribed(a)noreply.github.com> > Reply-To: intel/Intel-Linux-Processor-Microcode-Data-Files <noreply(a)github.com> > > > microcode-20240531 Release <https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/release…> > Repository: intel/Intel-Linux-Processor-Microcode-Data-Files <https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files> · Tag: microcode-20240531 <https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/tree/mi…> · Commit: 5278dfc <https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/commit/…> · Released by: NayeliRico <https://github.com/NayeliRico> > Release Notes > > microcode-20240531 <https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/release…> > Purpose > > Update for functional issues. Refer to Intel® Pentium® Silver and Intel® Celeron® Processor Specification Update <https://cdrdv2.intel.com/v1/dl/getContent/336562> > New Platforms > > Processor Stepping F-M-S/PI Old Ver New Ver Products > Updated Platforms > > Processor Stepping F-M-S/PI Old Ver New Ver Products > GLK B0 06-7a-01/01 00000040 00000042 Pentium Silver N/J5xxx, Celeron N/J4xxx > — > This release has 2 assets: > > Source code (zip) > Source code (tar.gz) > Visit the release page <https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/release…> to download them. > > — > You are receiving this because you are watching this repository. > View it on GitHub <https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/release…> or unsubscribe <https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/unsubsc…> from all notifications for this repository. >

2 2

[PATCH] rsync: Update to version 3.3.0
by Adolf Belka 03 Jun '24

03 Jun '24

- Update from version 3.2.7 to 3.3.0 - Update of rootfile not required - Changelog 3.3.0 ### BUG FIXES: - Fixed a bug with `--sparse --inplace` where a trailing gap in the source file would not clear out the trailing data in the destination file. - Fixed an buffer overflow in the checksum2 code if SHA1 is being used for the checksum2 algorithm. - Fixed an issue when rsync is compiled using `_FORTIFY_SOURCE` so that the extra tests don't complain about a strlcpy() limit value (which was too large, even though it wasn't possible for the larger value to cause an overflow). - Add a backtick to the list of characters that the filename quoting needs to escape using backslashes. - Fixed a string-comparison issue in the internal handling of `--progress` (a locale such as tr_TR.utf-8 needed the internal triggering of `--info` options to use upper-case flag names to ensure that they match). - Make sure that a local transfer marks the sender side as trusted. - Change the argv handling to work with a newer popt library -- one that likes to free more data than it used to. - Rsync now calls `OpenSSL_add_all_algorithms()` when compiled against an older openssl library. - Fixed a problem in the daemon auth for older protocols (29 and before) if the openssl library is being used to compute MD4 checksums. - Fixed `rsync -VV` on Cygwin -- it needed a flush of stdout. - Fixed an old stats bug that counted devices as symlinks. ### ENHANCEMENTS: - Enhanced rrsync with the `-no-overwrite` option that allows you to ensure that existing files on your restricted but writable directory can't be modified. - Enhanced the manpages to mark links with .UR & .UE. If your nroff doesn't support these idioms, touch the file `.md2man-force` in the source directory so that `md-convert` gets called with the `--force-link-text` option, and that should ensure that your manpages are still readable even with the ignored markup. - Some manpage improvements on the handling of [global] modules. - Changed the mapfrom & mapto perl scripts (in the support dir) into a single python script named idmap. Converted a couple more perl scripts into python. - Changed the mnt-excl perl script (in the support dir) into a python script. ### DEVELOPER RELATED: - Updated config.guess (timestamp 2023-01-01) and config.sub (timestamp 2023-01-21). Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org> --- lfs/rsync | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lfs/rsync b/lfs/rsync index 7e5543704..fcbcd0ab9 100644 --- a/lfs/rsync +++ b/lfs/rsync @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2022 IPFire Team <info(a)ipfire.org> # +# Copyright (C) 2007-2024 IPFire Team <info(a)ipfire.org> # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -26,7 +26,7 @@ include Config SUMMARY = Versatile tool for fast incremental file transfer -VER = 3.2.7 +VER = 3.3.0 THISAPP = rsync-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = rsync -PAK_VER = 18 +PAK_VER = 19 DEPS = @@ -48,7 +48,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 1b910b321e8d6b49af9f26bef813509f0da12dedd6857897de136d3617c68d38368ce05de13b9b0ef35a5452dca141ebdcdfb6af8456151d0ca0ad546452b504 +$(DL_FILE)_BLAKE2 = 75a3cc50452086aebd16f42d7a309c173cbc1ea156227afb10d2106d0b9043e973676995b8199d22840775ae3df8db97d1c0de5f3aa58afa130c5b1348c3f825 install : $(TARGET) -- 2.45.1

1 0

[PATCH] postfix: Update to version 3.9.0
by Adolf Belka 03 Jun '24

03 Jun '24

- Update from version 3.8.4 to 3.9.0 - Update of rootfile - With version 3.9.0 the option smtpd_forbid_bare_newline default value is now yes. With previous versions the default value was no but to prevent the possibility of an smtp smuggling attack the option should be yes. Previous version therefore actively set the value to yes and added it to the main.cf file when being installed. With version 3.9.0 the default value is now yes so the option no longer needs to be added into main.cf, so smtp smuggling attack is protected by default now. - Removed the section from the install.sh file that added the option into main.cf with version 3.8.4. From 3.9.0 onwards the default value is yes so no longer needs to be actively added into main.cf - Changelog is too large to paste here. It can be read in the file RELEASE_NOTES in the source tarball. Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org> --- config/rootfiles/packages/postfix | 1 + lfs/postfix | 8 ++++---- src/paks/postfix/install.sh | 4 ---- 3 files changed, 5 insertions(+), 8 deletions(-) diff --git a/config/rootfiles/packages/postfix b/config/rootfiles/packages/postfix index 23e1efb25..b77a5b42a 100644 --- a/config/rootfiles/packages/postfix +++ b/config/rootfiles/packages/postfix @@ -96,6 +96,7 @@ usr/sbin/sendmail.postfix #usr/share/man/man5/lmdb_table.5 #usr/share/man/man5/master.5 #usr/share/man/man5/memcache_table.5 +#usr/share/man/man5/mongodb_table.5 #usr/share/man/man5/mysql_table.5 #usr/share/man/man5/nisplus_table.5 #usr/share/man/man5/pcre_table.5 diff --git a/lfs/postfix b/lfs/postfix index 7f2625a4e..497168267 100644 --- a/lfs/postfix +++ b/lfs/postfix @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team <info(a)ipfire.org> # +# Copyright (C) 2007-2024 IPFire Team <info(a)ipfire.org> # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -26,7 +26,7 @@ include Config SUMMARY = A fast, secure, and flexible mailer -VER = 3.8.4 +VER = 3.9.0 THISAPP = postfix-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = postfix -PAK_VER = 44 +PAK_VER = 45 DEPS = @@ -70,7 +70,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 200ce3d72444da05e42fc8627002d53d68c1b3d78b7f74b0130ac958c23d16454783ef4849a8c9a4e3cba8ae36646e921f7e94ac4fb819b597e1a5ab1a875272 +$(DL_FILE)_BLAKE2 = e07a525d9cbea43d3ed11f3d672452cf94f88ca7bbaf3c3254bf5be4ef675a1797a5fff2444c0db60c6eb53e43734a388a91faed72bb2fb4e3e5a353535602b0 install : $(TARGET) diff --git a/src/paks/postfix/install.sh b/src/paks/postfix/install.sh index 2e04e74a8..830970e1e 100644 --- a/src/paks/postfix/install.sh +++ b/src/paks/postfix/install.sh @@ -25,10 +25,6 @@ extract_files restore_backup ${NAME} -# change main.cf parameter from default value to prevent smtp smuggling attack -# will not be required once postfix-3.9.x is released as default will then be yes -postconf -e 'smtpd_forbid_bare_newline = yes' - postalias /etc/aliases # Set postfix's hostname postconf -e "myhostname=$(hostname -f)" -- 2.45.1

2 1

First patch series for the roadmap item "Get rid of CONFIG_TYPE in the network config"
by Jonatan Schlag 03 Jun '24

03 Jun '24

Hi list, This is the first patch series for the roadmap item: https://www.ipfire.org/docs/roadmap/get-rid-of-configtype-in-network-config . This patch series introduces a bash testing library and a function readhash, which we will use in every bash script which needs to read our config files. As this patch set is already massive, I thought it might be better to discuss the function first before I introduce it in every script. Otherwise, we would talk about 50 patches and not 21. This amount would be somehow not reviewable. If this patch series get merged, fine. If you want to wait for all the patches also fine, but as told, this will get a huge patch set. Patches in this series are: [PATCH 01/21] test: Add bash lib for colors [PATCH 02/21] tests: Add bash lib [PATCH 03/21] tests/lib.sh: Add function [PATCH 04/21] tests/lib.sh: Add check if variable exists to [PATCH 05/21] tests/lib.sh: Add logging functions [PATCH 06/21] tests/lib.sh: adjust to pytest logging style [PATCH 07/21] tests/lib.sh: Fix check if array is defined [PATCH 08/21] test_that_key_in_arry_has_value: Check if the key is [PATCH 09/21] tests/lib.sh: Use namref to access an array [PATCH 10/21] test_that_key_in_arry_has_value: Check if a key in an [PATCH 11/21] tests: Add function to test the ouput of a bash [PATCH 12/21] initscript functions: add readhash [PATCH 13/21] initscript fkt: ignore blank lines in readhash [PATCH 14/21] test: Add functions test_that_array_is_defined [PATCH 15/21] tests: Add functions test_that_array_doesnt_have_key [PATCH 16/21] initscripts fkt: Ignore comments in readhash [PATCH 17/21] initscripts fkt: ignore invalid keys in readhash [PATCH 18/21] initscripts fkt: readhash should only parse lines with [PATCH 19/21] initscripts fkt: Check for invalid values in readhash [PATCH 20/21] initscripts fkt: keep readhash compatible with older [PATCH 21/21] initscripts fkt: Fix shebang Greetings Jonatan

2 37

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Development June 2024