- Update from 7.78.0 to 7.79.1 - Update of rootfile not required - Changelog Fixed in 7.79.1 - September 22 2021 Bugfixes: Curl_http2_setup: don't change connection data on repeat invokes curl_multi_fdset: make FD_SET() not operate on sockets out of range dist: provide lib/.checksrc in the tarball FAQ: add GOPHERS + curl works on data, not files hsts: CURLSTS_FAIL from hsts read callback should fail transfer hsts: handle unlimited expiry http: fix the broken >3 digit response code detection strerror: use sys_errlist instead of strerror on Windows test1184: disable tests/sshserver.pl: make it work with openssh-8.7p1 Fixed in 7.79.0 - September 15 2021 Changes: bearssl: support CURLOPT_CAINFO_BLOB http: consider cookies over localhost to be secure secure transport: support CURLINFO_CERTINFO Bugfixes: CVE-2021-22945: clear the leftovers pointer when sending succeeds CVE-2021-22946: do not ignore --ssl-reqd CVE-2021-22947: reject STARTTLS server response pipelining ares: use ares_getaddrinfo() asyn-ares.c: move all version number checks to the top auth: do not append zero-terminator to authorisation id in kerberos auth: properly handle byte order in kerberos security message auth: use sasl authzid option in kerberos auth: we do not support a security layer after kerberos authentication BINDINGS.md: update links to use https where available build: fix compiler warnings c-hyper: deal with Expect: 100-continue combined with POSTFIELDS c-hyper: fix header value passed to debug callback c-hyper: handle HTTP/1.1 => HTTP/1.0 downgrade on reused connection c-hyper: initial step for 100-continue support c-hyper: initial support for "dumping" 1xx HTTP responses c-hyper: remove the hyper_executor_poll() loop from Curl_http CI/cirrus: reduce compile time with increased parallism CI: use GitHub Container Registry instead of Docker Hub cirrus: Add FreeBSD 13.0 job and disable sanitizer build cmake: avoid poll() on macOS cmake: sync CURL_DISABLE options codeql: fix error "Resource not accessible by integration" compressed.d: it's a request, not an order config.d: escape the backslash properly config.d: note that curlrc is used even when --config config: get rid of the unused HAVE_SIG_ATOMIC_T et. al. configure.ac: revert bad nghttp2 library detection improvements configure: error out if both ngtcp2 and quiche are specified configure: make --disable-hsts work configure: set classic mingw minimum OS version to XP configure: tweak nghttp2 library name fix connect: get local port + ip also when reusing connections connect: remove superfluous conditional curl-openssl.m4: check lib64 for the pkg-config file curl-openssl.m4: show correct output for OpenSSL v3 curl.1: mention "global" flags curl.1: provide examples for each option curl: add warning for ignored data after quoted form parameter curl: add warning for incompatible parameters usage curl: better error message when -O fails to get a good name curl: stop retry if Retry-After: is longer than allowed curl_easy_setopt.3: improve the string copy wording Curl_hsts_loadcb: don't attempt to load if hsts wasn't inited curl_setup.h: sync values for HTTP_ONLY curl_url_get.3: clarify about path and query CURLMOPT_TIMERFUNCTION.3: remove misplaced "time" CURLOPT_DOH_URL.3: CURLOPT_OPENSOCKETFUNCTION is not inherited CURLOPT_SSL_CTX_*.3: tidy up the example CURLOPT_UNIX_SOCKET_PATH.3: remove nginx reference, add see also docs/MQTT: update state of username/password support docs: remove experimental mentions from HSTS and MQTT docs: the security list is reached at security at curl.se now easy: use a custom implementation of wcsdup on Windows examples/*hiperfifo.c: fix calloc arguments to match function proto examples/cookie_interface: avoid printfing time_t directly examples/cookie_interface: fix scan-build printf warning examples/ephiperfifo.c: simplify signal handler FAQ: add two dev related questions getparameter: fix the --local-port number parser happy-eyeballs-timeout-ms.d: polish the wording hostip: Make Curl_ipv6works function independent of getaddrinfo http2: Curl_http2_setup needs to init stream data in all invokes http2: revert a change that broke upgrade to h2c http2: revert call the handle-closed function correctly on closed stream http: disallow >3-digit response codes http: ignore content-length if any transfer-encoding is used http_proxy: clear 'sending' when the outgoing request is sent http_proxy: fix the User-Agent inclusion in CONNECT http_proxy: fix user-agent and custom headers for CONNECT with hyper http_proxy: only wait for writable socket while sending request INTERNALS: bump c-ares requirement to 1.16.0 INTERNALS: c-ares has a new home: c-ares.org lib: don't use strerror() libcurl-errors.3: clarify two CURLUcode errors limit-rate.d: clarify base unit mailing lists: move from cool.haxx.se to lists.haxx.se mbedtls: avoid using a large buffer on the stack mbedTLS: initial 3.0.0 support mbedtls_threadlock: fix unused variable warning mksymbolsmanpage.pl: Fix showing symbol's last used version mksymbolsmanpage.pl: match symbols case insenitively multi: fix compiler warning with `CURL_DISABLE_WAKEUP` ngtcp2: compile with the latest ngtcp2 and nghttp3 ngtcp2: fix build with ngtcp2 and nghttp3 ngtcp2: remove the acked_crypto_offset struct field init ngtcp2: replace deprecated functions with nghttp3_conn_shutdown_stream_read ngtcp2: reset the oustanding send buffer again when drained ngtcp2: rework the return value handling of ngtcp2_conn_writev_stream ngtcp2: stop buffering crypto data ngtcp2: utilize crypto API functions to simplify openssl: annotate SSL3_MT_SUPPLEMENTAL_DATA openssl: when creating a new context, there cannot be an old one opt-docs: make sure all man pages have examples opt-docs: verify man page sections + order opts docs: unify phrasing in NAME header output.d: add method to suppress response bodies page-header: add GOPHERS, simplify wording in the 1st para progress: fix a compile warning on some systems progress: make trspeed avoid floats runtests: add option -u to error on server unexpectedly alive schannel: Work around typo in classic mingw macro scripts: invoke interpreters through /usr/bin/env setopt: enable CURLOPT_IGNORE_CONTENT_LENGTH for hyper strerror.h: remove the #include from files not using it symbols-in-versions: fix CURLSSLBACKEND_QSOSSL last used version test1138: remove trailing space to make work with hyper test1173: check references to libcurl options test1280: CRLFify the response to please hyper test1565: fix windows build errors test365: verify response with chunked AND Content-Length headers tests/*server.pl: flush output before executing subprocess tests/*server.py: remove pidfile on server termination tests/runtests.pl: cleanup copy&paste mistakes and unused code tests/server/*.c: align handling of portfile argument and file tests: adjust the tftpd output to work with hyper mode tests: be explicit about using 'python3' instead of 'python' tests: enable test 1129 for hyper builds tests: make three tests pass until 2037 tool/tests: fix potential year 2038 issues tool_operate: Fix --fail-early with parallel transfers url: fix compiler warning in no-verbose builds urlapi.c:seturl: assert URL instead of using if-check vtls: fix typo in schannel_verify.c winbuild/README.md: clarify GEN_PDB option wolfssl: clean up wolfcrypt error queue write-out.d: clarify size_download/upload x509asn1: fix heap over-read when parsing x509 certificates
Signed-off-by: Adolf Belka adolf.belka@ipfire.org --- lfs/curl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lfs/curl b/lfs/curl index 1d516664c..70465bb35 100644 --- a/lfs/curl +++ b/lfs/curl @@ -24,7 +24,7 @@
include Config
-VER = 7.78.0 +VER = 7.79.1
THISAPP = curl-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 419c2461366cf404160a820f7a902b7e +$(DL_FILE)_MD5 = 74d3c4ca8aaa6c0619806d6e246e65fb
install : $(TARGET)