2023-03-20 08:45:57 by Thomas Klausner | Files touched by this commit (2) | |
Log message:
curl: update to 8.0.0.
Exactly one month since the previous release, we are happy to give
you curl 8.0.0 released on curl’s official 25th birthday.
This a major version number bump but without any ground-breaking
changes or fireworks. We decided it was about time to reset the
minor number down to more a manageable level and doing it exactly
on curl’s 25th birthday made it extra fun. There is no API nor ABI
break in this version.
We disclose six new vulnerabilities today, five of them at severity
Low and one of them at Medium.
CVE-2023-27533: TELNET option IAC injection
CVE-2023-27534: SFTP path ~ resolving discrepancy
CVE-2023-27535: FTP too eager connection reuse
CVE-2023-27536: GSS delegation too eager connection re-use
CVE-2023-27537: HSTS double-free
CVE-2023-27538: SSH connection too eager reuse still
|
2023-02-20 09:25:57 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message:
curl: updated to 7.88.1
Fixed in 7.88.1 - February 20 2023
Bugfixes:
build-openssl.bat: keep OpenSSL 3 engine binaries
cmake: fix Windows check for CryptAcquireContext
connnect: fix timeout handling to use full duration
curl: make --silent work stand-alone
curl_setup: Suppress OpenSSL 3 deprecation warnings
CURLOPT_WS_OPTIONS.3: fix the availability version
GHA: update rustls dependency to 0.9.2
http2: buffer/pausedata and output flush fix.
http2: set drain on stream end
http: include stdint.h more readily
krb5: silence cast-align warning
lib1560: add IPv6 canonicalization tests
os400: correct Curl_os400_sendto()
remote-header-name.d: mention that filename* is not supported
runtests: fix "uninitialized value $port"
setopt: allow HTTP3 when HTTP2 is not defined
socketpair: allow EWOULDBLOCK when reading the pair check bytes
socks: allow using DoH to resolve host names
tests-httpd: add proxy tests
tests: make sure gnuserv-tls has SRP support before using it
tests: make the telnet server shut down a socket gracefully
tool_getparam: make --get a true boolean
tool_operate: allow debug builds to set buffersize
urlapi: do the port number extraction without using sscanf()
urldata: remove `now` from struct SingleRequest - not needed
|
2023-02-15 09:11:33 by Thomas Klausner | Files touched by this commit (2) | |
Log message:
curl: update to 7.88.0.
curl and libcurl 7.87.1
This release includes the following changes:
o curl.h: add CURL_HTTP_VERSION_3ONLY [82]
o share: add sharing of HSTS cache among handles [7]
o src: add --http3-only [81]
o tool_operate: share HSTS between handles
o urlapi: add CURLU_PUNYCODE [25]
o writeout: add %{certs} and %{num_certs} [33]
This release includes the following bugfixes:
o cf-socket: fix build when not HAVE_GETPEERNAME [89]
o cf-socket: keep sockaddr local in the socket filters [69]
o cfilters:Curl_conn_get_select_socks: use the first non-connected filter [24]
o CI: add a workflow to automatically label pull requests [102]
o CI: add pytest GHA to CI test/tests-httpd on a HTTP/3 setup [109]
o CI: Retry failed downloads to reduce spurious failures
o CI: update wolfssl / wolfssh to 5.5.4 / 1.4.12 [167]
o cmake: bump requirement to 3.7 [23]
o cmake: check for sendmsg [39]
o cmake: delete redundant macro definition `SECURITY_WIN32` [91]
o cmake: fix dev warning due to mismatched arg [160]
o cmake: fix the snprintf detection [5]
o cmake: remove deprecated symbols check [96]
o cmake: set SOVERSION also for macOS [68]
o cmake: use list APPEND syntax for CMAKE_REQUIRED_DEFINITIONS [94]
o cmdline-opts/Makefile: on error, do not leave a partial [163]
o CODEOWNERS: remove the peeps mentioned as CI owners [128]
o connect: fix access of pointer before NULL check [83]
o connect: fix build when not ENABLE_IPV6 [88]
o connect: fix strategy testing for attempts, timeouts and happy-eyeball [110]
o connections: introduce http/3 happy eyeballs [127]
o content_encoding: do not reset stage counter for each header [170]
o CONTRIBUTE: More formally specify the commit description [158]
o cookies: fp is always not NULL [104]
o copyright.pl: cease doing year verifications [74]
o copyright: update all copyright lines and remove year ranges [35]
o curl.1: make help, version and manual sections "custom" [165]
o curl.h: allow up to 10M buffer size [76]
o curl.h: mark CURLSSLBACKEND_MESALINK as deprecated [52]
o curl/websockets.h: extend the websocket frame struct
o curl: output warning at --verbose output for debug-enabled version [80]
o curl_free.3: fix return type of `curl_free` [113]
o curl_global_sslset.3: clarify the openssl situation [53]
o curl_log: for failf/infof and debug logging implementations [87]
o curl_setup: Disable by default recv-before-send in Windows [154]
o curl_version_info.3: fix typo [100]
o curl_ws_send.3: clarify how to send multi-frame messages
o CURLOPT_HEADERDATA.3: warn DLL users must set write function [45]
o CURLOPT_READFUNCTION.3: the callback 'size' arg is always 1 [73]
o CURLOPT_WRITEFUNCTION.3: fix memory leak in example [122]
o dict: URL decode the entire path always [120]
o docs/DEPRECATE.md: deprecate gskit [36]
o docs: add link to GitHub Discussions [49]
o docs: mention indirect effects of --insecure [19]
o docs: POSTFIELDSIZE must be set to -1 with read function [97]
o doh: ifdef IPv6 code [123]
o easyoptions: fix header printing in generation script [84]
o escape: hex decode with a lookup-table [107]
o escape: use table lookup when adding %-codes to output [105]
o examples: remove the curlgtk.c example [48]
o fopen: remove unnecessary assignment [111]
o ftpserver: lower the DATA connect timeout to speed up torture tests [27]
o GHA/macos.yml: bump to gcc-12 [106]
o GHA/macos: use Xcode_14.0.1 for cmake builds [132]
o GHA: add job on Slackware 15.0 [58]
o GHA: bump ngtcp2 workflow dependencies [169]
o GHA: enable websockets in the torture job [148]
o GHA: move the quiche job here from zuul [75]
o GHA: use designated ngtcp2 and its dependencies versions [77]
o haxproxy: send before TLS handhshake [34]
o header.d: add a header file example [149]
o hsts.d: explain hsts more [78]
o hsts: handle adding the same host name again
o HTTP/[23]: continue upload when state.drain is set [150]
o http2: aggregate small SETTINGS/PRIO/WIN_UPDATE frames [155]
o http2: fix compiler warning due to uninitialized variable
o http2: minor buffer and error path fixes [151]
o http2: when using printf %.*s, the length arg must be 'int' [41]
o HTTP3: mention what needs to be in place to remove EXPERIMENTAL label [31]
o http: add additional condition for including stdint.h [54]
o http: decode transfer encoding first [51]
o http: fix "part of conditional expression is always false" [125]
o http: remove the trace message "Mark bundle... multiuse" [6]
o http_aws_sigv4: remove typecasts from HMAC_SHA256 macro [121]
o http_proxy: do not assign data->req.p.http use local copy [59]
o INSTALL: document how to use multiple TLS backends [103]
o lib670: make test.h the first include [56]
o lib: connect/h2/h3 refactor [57]
o lib: fix typos [99]
o lib: fix typos in comments which repeat a word [67]
o libssh2: try sha2 algos for hostkey methods [2]
o libtest: add a sleep macro for Windows [115]
o Linux CI: update some dependecies to latest tag [44]
o Makefile.mk: fix wolfssl and mbedtls default paths [21]
o man pages: call the custom user pointer 'clientp' consistently [135]
o md4: fix build with GnuTLS + OpenSSL v1 [12]
o misc: fix grammar and spelling [14]
o misc: fix spelling [134]
o misc: reduce struct and struct field sizes [65]
o msh3: add support for request payload [28]
o msh3: update to v0.5 Release [17]
o msh3: update to v0.6 [60]
o multi: stop sending empty HTTP/3 UDP datagrams on Windows [136]
o multihandle: turn bool struct fields into bits [26]
o ngtcp2: add CURLOPT_SSL_CTX_FUNCTION support for openssl+wolfssl [62]
o ngtcp2: fix the build without 'sendmsg' [38]
o ngtcp2: replace removed define and stop using removed function [164]
o no-clobber.d: only use long form options in man page text [145]
o noproxy: support for space-separated names is deprecated [66]
o nss: implement data_pending method [43]
o openldap: fix missing sasl symbols at build in specific configs [152]
o openssl: adapt to boringssl's error code type [118]
o openssl: don't ignore CA paths when using Windows CA store (redux) [101]
o openssl: don't log raw record headers [93]
o openssl: make the BIO_METHOD a local variable in the connection filter [79]
o openssl: only use CA_BLOB if verifying peer [112]
o openssl: remove attached easy handles from SSL instances [29]
o openssl: store the CA after first send (ClientHello) [156]
o os400: fixes to make-lib.sh and initscript.sh [71]
o packages: remove Android, update README [108]
o release-notes.pl: check fixes/closes lines better
o Revert "x509asn1: avoid freeing unallocated pointers" [37]
o runtest.pl: add expected fourth return value [40]
o runtests: tear down http2/http3 servers when https server is stopped [8]
o runtests: consider warnings fatal and error on them [32]
o runtests: fix detection of TLS backends [50]
o runtests: make 'mbedtls' a testable feature
o rustls: improve error messages [162]
o scripts/delta: show percent of number of files changed since last tag
o scripts: fix Appveyor job detection in cijobs.pl
o scripts: set file mode +x on all perl and shell scripts [63]
o sectransp: fix for incomplete read/writes [61]
o SECURITY-PROCESS.md: document severity levels [20]
o setopt: Address undefined behaviour by checking for null [161]
o setopt: move the SHA256 opt within #ifdef libssh2 [42]
o setopt: use >, not >=, when checking if uarg is larger than uint-max [140]
o smb: return error on upload without size [142]
o socketpair: allow localhost MITM sniffers [30]
o strdup: name it Curl_strdup [16]
o system.h: assume OS400 is always built with ILEC compiler [95]
o test1560: use a UTF8-using locale when run [46]
o test2304: remove stdout verification
o tests-httpd: basic infra to run curl against an apache httpd [72]
o tests: add 3 new HTTP/2 test cases, plus https: support for nghttpx [9]
o tests: add tests for HTTP/2 and HTTP/3 to verify the header API [166]
o tests: avoid use of sha1 in certificates [4]
o tls: fixes for wolfssl + openssl combo builds [133]
o tool_getparam: fix hiding of command line secrets [85]
o tool_operate: fix `CURLOPT_SOCKS5_GSSAPI_NEC` type [1]
o tool_operate: fix error codes during DOS filename sanitize [138]
o tool_operate: fix error codes on bad URL & OOM [139]
o tool_operate: fix headerfile writing [64]
o tool_operate: repair --rate [119]
o transfer: break the read loop when RECV is cleared [22]
o typecheck: accept expressions for option/info parameters [3]
o url: fix part of conditional expression is always true [147]
o urlapi: avoid Curl_dyn_addf() for hex outputs [130]
o urlapi: fix part of conditional expression is always true: qlen [146]
o urlapi: skip path checks if path is just "/" [131]
o urlapi: skip the extra dedotdot alloc if no dot in path [126]
o urldata: cease storing TLS auth type [55]
o urldata: make 'ftp_create_missing_dirs' depend on FTP || SFTP [13]
o urldata: make set.http200aliases conditional on HTTP being present [11]
o urldata: move the cookefilelist to the 'set' struct [15]
o urldata: remove unused struct fields, made more conditional [10]
o vquic: stabilization and improvements [141]
o vtls: fix hostname handling in filters [98]
o vtls: manage current easy handle in nested cfilter calls [90]
o vtls: use ALPN HTTP/1.0 when HTTP/1.0 is used
o winbuild: document that arm64 is supported [92]
o windows: always use curl's basename() implementation [157]
o wolfssl: remove deprecated post-quantum algorithms [124]
o workflows/linux.yml: merge 3 common packages [18]
o write-out.d: add 'since version' to %{header_json} documentation [129]
o write-out.d: clarify Windows % symbol escaping [86]
o ws: fix autoping handling [70]
o ws: fix multiframe send handling [143]
o ws: fix recv of larger frames [144]
o ws: remove bad assert [117]
o ws: unstick connect-only shutdown [116]
o ws: use %Ou for outputting curl_off_t with info() [153]
o x509asn1: fix compile errors and warnings [47]
o zuul: stop using this CI service [114]
|
2022-12-21 08:52:06 by Thomas Klausner | Files touched by this commit (3) | |
Log message:
curl: update to 7.87.0.
Security fix release.
curl and libcurl 7.87.0
Public curl releases: 212
Command line options: 249
curl_easy_setopt() options: 302
Public functions in libcurl: 91
Contributors: 2771
This release includes the following changes:
o curl: add --url-query [52]
o CURLOPT_QUICK_EXIT: don't wait for DNS thread on exit [75]
o lib: add CURL_WRITEFUNC_ERROR to signal write callback error [47]
o openssl: reduce CA certificate bundle reparsing by caching [11]
o version: add a feature names array to curl_version_info_data [67]
This release includes the following bugfixes:
o altsvc: fix rejection of negative port numbers [144]
o aws_sigv4: consult x-%s-content-sha256 for payload hash [102]
o aws_sigv4: fix typos in aws_sigv4.c [101]
o base64: better alloc size [124]
o base64: encode without using snprintf [123]
o base64: faster base64 decoding [120]
o build: assume assert.h is always available [111]
o build: assume errno.h is always available [110]
o c-hyper: CONNECT respones are not server responses [137]
o c-hyper: fix multi-request mechanism [115]
o CI: Change FreeBSD image from 12.3 to 12.4 [108]
o CI: LGTM.com will be shut down in December 2022 [112]
o ci: Remove zuul fuzzing job as it's superseded by CIFuzz
o cmake: check for cross-compile, not for toolchain [54]
o CMake: fix build with `CURL_USE_GSSAPI` [78]
o cmake: really enable warnings with clang [25]
o cmake: set the soname on the shared library [140]
o cmdline-opts/gen.pl: fix the linkifier [64]
o cmdline-opts/page-footer: remove long option nroff formatting
o config-mac: define HAVE_SYS_IOCTL_H [107]
o config-mac: fix typo: size_T -> size_t [125]
o config-mac: remove HAVE_SYS_SELECT_H [116]
o config-win32: fix SIZEOF_OFF_T for MSVC and old MinGW [41]
o configure: require fork for NTLM-WB [36]
o contributors.sh: actually use $CURLWWW instead of just setting it [129]
o cookie: compare cookie prefixes case insensitively [14]
o cookie: expire cookies at once when max-age is negative [45]
o cookie: open cookie jar as a binary file [89]
o curl-openssl.m4: do not add $prefix/include/openssl to CPPFLAGS [90]
o curl-rustls.m4: on macOS, rustls also needs the Security framework [44]
o curl.h: include <sys/select.h> on SerenityOS [104]
o curl.h: name all public function parameters [118]
o curl.h: reword comment to not use deprecated option [132]
o curl: override the numeric locale and set "C" by force [60]
o curl: timeout in the read callback [15]
o curl_endian: remove Curl_write64_le from header [81]
o curl_get_line: allow last line without newline char [88]
o curl_path: do not add '/' if homedir ends with one [4]
o curl_url_get.3: remove spurious backtick [127]
o curl_url_set.3: document CURLU_DISALLOW_USER [139]
o curl_url_set.3: fix typo [148]
o CURLMOPT_SOCKETFUNCTION.3: clarify CURL_POLL_REMOVE [1]
o CURLOPT_COOKIEFILE.3: advice => advise [131]
o CURLOPT_DEBUGFUNCTION.3: do not assume nul-termination in example [31]
o CURLOPT_DEBUGFUNCTION.3: emphasize that incoming data is "raw" [130]
o CURLOPT_POST.3: Explain setting to 0 changes request type [61]
o docs/curl_ws_send: Fixed typo in websocket docs [114]
o docs/EARLY-RELEASE.md: how to determine an early release [37]
o docs/examples: spell correction ('Retrieve') [119]
o docs/INSTALL.md: expand on static builds [62]
o docs/WEBSOCKET.md: explain the URL use [71]
o docs: add missing parameters for --retry flag [2]
o docs: add more "SEE ALSO" links to CA related pages [82]
o docs: explain the noproxy CIDR notation support [17]
o docs: extend the dump-header documentation [150]
o docs: remove performance note in CURLOPT_SSL_VERIFYPEER [13]
o examples/10-at-a-time: fix possible skipped final transfers [85]
o examples: update descriptions [83]
o ftp: support growing files with CURLOPT_IGNORE_CONTENT_LENGTH [96]
o gen.pl: do not generate CURLHELP bitmask lines > 79 characters [10]
o GHA: clarify workflows permissions, set least possible privilege [79]
o GHA: NSS use clang instead of clang-9 [103]
o gnutls: use common gnutls init and verify code for ngtcp2 [98]
o headers: add endif comments [51]
o HTTP-COOKIES.md: mention that http://localhost is a secure context [76]
o HTTP-COOKIES.md: update the 6265bis link to draft-11 [70]
o http: do not send PROXY more than once [46]
o http: fix the ::1 comparison for IPv6 localhost for cookies [155]
o http: set 'this_is_a_follow' in the Location: logic [40]
o http: use the IDN decoded name in HSTS checks [154]
o hyper: classify headers as CONNECT and 1XX [56]
o hyper: fix handling of hyper_task's when reusing the same address [33]
o idn: remove Curl_win32_ascii_to_idn [153]
o INSTALL: update operating systems and CPU archs [91]
o KNOWN_BUGS: remove eight entries [50]
o lib1560: add some basic IDN host name tests [151]
o lib: connection filters (cfilter) addition to curl: [43]
o lib: feature deprecation warnings in gcc >= 4.3 [58]
o lib: fix some type mismatches and remove unneeded typecasts [12]
o lib: parse numbers with fixed known base 10 [77]
o lib: remove bad set.opt_no_body assignments [42]
o lib: rewind BEFORE request instead of AFTER previous [65]
o lib: sync guard for Curl_getaddrinfo_ex() definition and use [6]
o lib: use size_t or int etc instead of longs [145]
o libcurl-errors.3: remove duplicate word [3]
o libssh2: return error when ssh_hostkeyfunc returns error [121]
o limit-rate.d: see also --rate
o log2changes.pl: wrap long lines at 80 columns [59]
o Makefile.mk: address minor issues [87]
o Makefile.mk: improve a GNU Make hack [122]
o Makefile.mk: portable Makefile.m32 [86]
o maketgz: set the right version in lib/libcurl.plist [53]
o mime: relax easy/mime structures binding [94]
o misc: Fix incorrect spelling [113]
o misc: remove duplicated include files [28]
o misc: typo and grammar fixes [23]
o negtelnetserver.py: have it call its close() method [68]
o netrc.d: provide mutext info [63]
o netware: remove leftover traces [80]
o noproxy: also match with adjacent comma [19]
o noproxy: guard against empty hostnames in noproxy check [136]
o noproxy: tailmatch like in 7.85.0 and earlier [35]
o nroff-scan.pl: detect double highlights
o ntlm: improve comment for encrypt_des [55]
o ntlm: silence ubsan warning about copying from null target_info pointer [69]
o openssl/mbedtls: use %d for outputing port with failf (int) [72]
o openssl: prefix errors with '[lib]/[version]: ' [105]
o os400: use platform socklen_t in Curl_getnameinfo_a [18]
o page-header: grammar improvement (display transfer rate) [126]
o proxy: refactor haproxy protocol handling as connection filter [57]
o README.md: remove badges and xmas-tree garnish [9]
o rtsp: fix RTSP auth [49]
o runtests: --no-debuginfod now disables DEBUGINFOD_URLS [100]
o runtests: do CRLF replacements per section only [97]
o scripts/checksrc.pl: detect duplicated include files [29]
o sendf: change Curl_read_plain to wrap Curl_recv_plain [48]
o sendf: remove unnecessary if condition [26]
o setup: do not require __MRC__ defined for Mac OS 9 builds [117]
o smb/telnet: do not free the protocol struct in *_done() [152]
o socks: fix username max size is 255 (0xFF) [146]
o spellcheck.words: remove 'github' as an accepted word [22]
o ssl-reqd.d: clarify that this is for upgrading connections only [138]
o strcase: use curl_str(n)equal for case insensitive matches [8]
o styled-output.d: this option does not work on Windows [93]
o system.h: fix socklen_t, curl_off_t, long long for Classic Mac OS [133]
o system.h: support 64-bit curl_off_t for NonStop 32-bit [21]
o test1421: fix typo [109]
o test3026: reduce runtime in legacy mingw builds [73]
o tests/sshserver.pl: re-enable ssh-rsa while using openssh 8.8+
o tests: add authorityInfoAccess to generated certs [99]
o tests: add HTTP/3 test case, custom location for proper nghttpx [106]
o tls: backends use connection filters for IO, enabling HTTPS-proxy [92]
o tool: determine the correct fopen option for -D [95]
o tool_cfgable: free the ssl_ec_curves on exit [142]
o tool_cfgable: make socks5_gssapi_nec a boolean [128]
o tool_formparse: avoid clobbering on function params [135]
o tool_getparam: make --no-get work as the opposite of --get [39]
o tool_operate: provide better errmsg for -G with bad URL [16]
o tool_operate: when aborting, make sure there is a non-NULL error buffer [20]
o tool_paramhlp: free the proto strings on exit [141]
o url: move back the IDN conversion of proxy names [74]
o urlapi: reject more bad letters from the host name: &+() [143]
o urldata: change port num storage to int and unsigned short [66]
o vms: remove SIZEOF_SHORT [134]
o vtls: fix build without proxy support [38]
o vtls: localization of state data in filters [84]
o WEBSOCKET.md: fix broken link [30]
o Websocket: fixes for partial frames and buffer updates [7]
o websockets: fix handling of partial frames [32]
o windows: fail early with a missing windres in autotools [5]
o windows: fix linking .rc to shared curl with autotools [24]
o winidn: drop WANT_IDN_PROTOTYPES [27]
o ws: if no connection is around, return error [149]
o ws: return CURLE_NOT_BUILT_IN when websockets not built in [34]
o x509asn1: avoid freeing unallocated pointers [147]
|
2022-10-26 12:32:08 by Thomas Klausner | Files touched by this commit (687) |
Log message:
*: bump PKGREVISION for libunistring shlib major bump
|
2022-10-26 09:44:01 by Thomas Klausner | Files touched by this commit (3) | |
Log message:
curl: update to 7.86.0.
Changes:
NPN: remove support for and use of
Websockets: initial support
Bugfixes:
altsvc: reject bad port numbers
altsvc: use 'h3' for h3
amiga: do not hardcode openssl/zlib into the os config
amiga: set SIZEOF_CURL_OFF_T=8 by default
amigaos: add missing curl header
asyn-ares: set hint flags when calling ares_getaddrinfo
autotools: allow --enable-symbol-hiding with windows
autotools: allow unix sockets on Windows
autotools: reduce brute-force when detecting recv/send arg list
aws_sigv4: fix header computation
bearssl: make it proper C89 compliant
CI/GHA: cancel outdated CI runs on new PR changes
CI/GHA: merge msh3 and openssl3 builds into linux workflow
cirrus-ci: add macOS build with m1
cirrus: use make LDFLAGS=-all-static instead of curl_LDFLAGS
cli tool: do not use disabled protocols
cmake: add missing inet_ntop check
cmake: add the check of HAVE_SOCKETPAIR
cmake: define BUILDING_LIBCURL in lib/CMakeLists, not config.h
cmake: delete duplicate HAVE_GETADDRINFO test
cmake: enable more detection on Windows
cmake: fix original MinGW builds
cmake: improve usability of CMake build as a sub-project
cmake: set HAVE_GETADDRINFO_THREADSAFE on Windows
cmake: set HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID on Windows
cmake: sync HAVE_SIGNAL detection with autotools
cmdline/docs: add a required 'multi' keyword for each option
configure: correct the wording when checking grep -E
configure: deprecate builds with small curl_off_t
configure: fail if '--without-ssl' + explicit parameter for an ssl lib
configure: the ngtcp2 option should default to 'no'
connect: change verbose IPv6 address:port to [address]:port
connect: fix builds without AF_INET6
connect: fix Curl_updateconninfo for TRNSPRT_UNIX
connect: fix the wrong error message on connect failures
content_encoding: use writer struct subclasses for different encodings
cookie: reject cookie names or content with TAB characters
ctype: remove all use of <ctype.h>, use our own versions
curl-compilers.m4: for gcc + want warnings, set gnu89 standard
curl-compilers.m4: use -O2 as default optimize for clang
curl-wolfssl.m4: error out if wolfSSL is not usable
curl.h: fix mention of wrong error code in comment
curl/add_file_name_to_url: use the libcurl URL parser
curl/add_parallel_transfers: better error handling
curl/get_url_file_name: use libcurl URL parser
curl: warn for --ssl use, considered insecure
curl_ctype: convert to macros-only
curl_easy_pause.3: unpausing is as fast as possible
curl_escape.3: fix typo
curl_setup: disable use of FLOSS for 64-bit NonStop builds
curl_setup: include curl.h after platform setup headers
curl_setup: include only system.h instead of curl.h
curl_strequal.3: fix argument typo
curl_url_set.3: document CURLU_APPENDQUERY proper
CURLMOPT_PIPELINING.3: dedup manpage xref
CURLOPT_ACCEPT_ENCODING.3: remove "four" as they are five
CURLOPT_AUTOREFERER.3: highlight the privacy leak risk
CURLOPT_COOKIEFILE: insist on "" for enable-without-file
CURLOPT_COOKIELIST.3: fix formatting mistake
CURLOPT_DNS_INTERFACE.3: mention it works for almost all protocols
CURLOPT_MIMEPOST.3: add an (inline) example
CURLOPT_POSTFIELDS.3: refer to CURLOPT_MIMEPOST
CURLOPT_PROXY_SSLCERT_BLOB.3: this is for HTTPS proxies
CURLOPT_WILDCARDMATCH.3: Fix backslash escaping under single quotes
CURLSHOPT_UNLOCKFUNC.3: the callback has no 'access' argument
DEPRECATE.md: Support for systems without 64 bit data types
docs/examples: avoid deprecated options in examples where possible
docs/INSTALL: update Android Instructions for newer NDKs
docs/libcurl/symbols-in-versions: add several missing symbols
docs: 100+ spellfixes
docs: correct missing uppercase in Markdown files
docs: document more server names for test files
docs: fix deprecation versions inconsistencies
docs: make sure libcurl opts examples pass in long arguments
docs: remove mentions of deprecated '--without-openssl' parameter
docs: tag curl options better in man pages
docs: tell about disabled protocols in CURLOPT_*PROTOCOLS_STR.
docs: update sourceforge project links
easy: fix the #include order
easy: fix the altsvc init for curl_easy_duphandle
easy_lock: check for HAVE_STDATOMIC_H as well
examples/chkspeed: improve portability
formdata: fix warning: 'CURLformoption' is promoted to 'int'
ftp: ignore a 550 response to MDTM
ftp: remove redundant if
functypes: provide the recv and send arg and return types
getparameter: return PARAM_MANUAL_REQUESTED for -M even when disabled
GHA: build tests in a separate step from the running of them
GHA: run proselint on markdown files
github: initial CODEOWNERS setup for CI configuration
header: define public API functions as extern c
headers: reset the requests counter at transfer start
hostip: guard PF_INET6 use
hostip: lazily wait to figure out if IPv6 works until needed
http, vauth: always provide Curl_allow_auth_to_host() functionality
http2: make nghttp2 less picky about field whitespace
HTTP3.md: update Caddy example
http: try parsing Retry-After: as a number first
http_proxy: restore the protocol pointer on error
httpput-postfields.c: shorten string for C89 compliance
ldap: delete stray CURL_HAS_MOZILLA_LDAP reference
lib1560: extended to verify detect/reject of unknown schemes
lib517: fix C89 constant signedness
lib: add missing limits.h includes
lib: add required Win32 setup definitions in setup-win32.h
lib: prepare the incoming of additional protocols
lib: sanitize conditional exclusion around MIME
lib: set more flags in config-win32.h
lib: the number four in a sequence is the "fourth"
libssh: if sftp_init fails, don't get the sftp error code
Makefile.m32: deduplicate build rules
Makefile.m32: drop CROSSPREFIX and our CC/AR defaults
Makefile.m32: exclude libs & libpaths for shared mode exes
Makefile.m32: fix regression with tool_hugehelp
Makefile.m32: major rework
Makefile.m32: reintroduce CROSSPREFIX and -W -Wall
Makefile.m32: support more options
manpage-syntax.pl: all libcurl option symbols should be \fI-tagged
manpages: Fix spelling of "allows to" -> "allows one to"
misc: ISSPACE() => ISBLANK()
misc: use the term "null-terminate" consistently
mprintf: reject two kinds of precision for the same argument
mprintf: use snprintf if available
mqtt: return error for too long topic
mqtt: spell out CONNECT in comments
msh3: change the static_assert to make the code C89
netrc: compare user name case sensitively
netrc: replace fgets with Curl_get_line
netrc: use the URL-decoded user
ngtcp2: fix build errors due to changes in ngtcp2 library
ngtcp2: fix C89 compliance nit
noproxy: support proxies specified using cidr notation
openssl: make certinfo available for QUIC
README.md: add GHA status badges for Linux and macOS builds
RELEASE-PROCEDURE.md: mention patch releases
resolve: make forced IPv4 resolve only use A queries
runtests: fix uninitialized value on ignored tests
schannel: ban server ALPN change during recv renegotiation
schannel: don't reset recv/send function pointers on renegotiation
schannel: when importing PFX, disable key persistence
scripts: use `grep -E` instead of `egrep`
setopt: use the handler table for protocol name to number conversions
setopt: when POST is set, reset the 'upload' field
setup-win32: no longer define UNICODE/_UNICODE implicitly
single_transfer: use the libcurl URL parser when appending query parts
smb: replace CURL_WIN32 with WIN32
strcase: add and use Curl_timestrcmp
strerror: improve two URL API error messages
symbol-scan.pl: also check for LIBCURL* symbols
symbol-scan.pl: scan and verify .3 man pages
symbols-in-versions: add missing LIBCURL* symbols
symbols-in-versions: CURLOPT_ENCODING is deprecated since 7.21.6
test1119: scan all public headers
test1275: verify uppercase after period in markdown
test972: verify the output without using external tool
tests/certs/scripts: insert standard curl source headers
tests/Makefile: remove run time stats from ci-test
tests: avoid CreateThread if _beginthreadex is available
tests: fix tag syntax errors in test files
tests: skip mime/form tests when mime is not built-in
tidy-up: delete parallel/unused feature flags
tidy-up: delete unused HAVE_STRUCT_POLLFD
TODO: provide the error body from a CONNECT response
tool: avoid generating ambiguous escaped characters in --libcurl
tool: remove dead code
tool: reorganize function c_escape around a dynbuf
tool_hugehelp: make hugehelp a blank macro when disabled
tool_main: exit at once if out of file descriptors
tool_operate: avoid a few #ifdefs for disabled-libcurl builds
tool_operate: more transfer cleanup after parallel transfer fail
tool_operate: prevent over-queuing in parallel mode
tool_operate: reduce errorbuffer allocs
tool_paramhelp: asserts verify maximum sizes for string loading
tool_paramhelp: make the max argument a 'double'
tool_progress: remove 'Qd' from the parallel progress bar
tool_setopt: use better English in --libcurl source comments
tool_xattr: save the original URL, not the final redirected one
unit test 1655: make it C89-compliant
url: a zero-length userinfo part in the URL is still a (blank) user
url: allow non-HTTPS HSTS-matching for debug builds
url: rename function due to name-clash in Watt-32
url: use IDN decoded names for HSTS checks
urlapi: detect scheme better when not guessing
urlapi: fix parsing URL without slash with CURLU_URLENCODE
urlapi: leaner with fewer allocs
urlapi: reject more bad characters from the host name field
winbuild/MakefileBuild.vc: handle spaces in libssh(2) include paths
winbuild: use NMake batch-rules for compilation
windows: add .rc support to autotools builds
windows: adjust name of two internal public functions
windows: autotools .rc warnings fixup
wolfSSL: fix session management bug.
|
2022-09-01 09:05:39 by Adam Ciarcinski | Files touched by this commit (4) | |
Log message:
curl: updated to 7.85.0
7.85.0
Changes:
quic: add support via wolfSSL
schannel: Add TLS 1.3 support
setopt: add CURLOPT_PROTOCOLS_STR and CURLOPT_REDIR_PROTOCOLS_STR
Bugfixes:
amigaos: fix threaded resolver on AmigaOS 4.x
amissl: allow AmiSSL to be used with AmigaOS 4.x builds
amissl: make AmiSSL v5 a minimum requirement
asyn-ares: make a single alloc out of hostname + async data
asyn-thread: fix socket leak on OOM
asyn-thread: make getaddrinfo_complete return CURLcode
base64: base64url encoding has no padding
BUGS.md: improve language
build: improve OS string in CMake and `config-win32.h`
cert.d: clarify that escape character works for file paths
cirrus.yml: replace py38-pip with py39-pip
cirrus/freebsd-ci: bootstrap the pip installer
cmake: add detection of threadsafe feature
cmake: do not force Windows target versions
cmake: fix build for mingw cross compile
cmake: link curl to its dependencies with PRIVATE
cmake: remove APPEND in export(TARGETS)
cmake: set feature PSL if present
cmake: support ngtcp2 boringssl backend
cmdline-opts/gen.pl: improve performance
config: remove the check for and use of SIZEOF_SHORT
configure: -pthread not available on AmigaOS 4.x
configure: check for the stdatomic.h header in configure
configure: fix --disable-headers-api
configure: fix broken m4 syntax in TLS options
configure: fixup bsdsocket detection code for AmigaOS 4.x
configure: if asked to use TLS, fail if no TLS lib was detected
configure: introduce CURL_SIZEOF
connect: add quic connection information
connect: close the happy eyeballs loser connection when using QUIC
connect: revert the use of IP*_RECVERR
connect: set socktype/protocol correctly
cookie: reject cookies with "control bytes"
cookie: treat a blank domain in Set-Cookie: as non-existing
cookie: use %zu to infof() for size_t values
curl-compilers.m4: make icc use -diag* options and disable two warnings
curl-config: quote directories with potential space
curl-confopts: remove leftover AC_REQUIREs
curl-functions.m4: check whether atomics can link
curl-wolfssl.m4: add options header when building test code
curl.h: CURLE_CONV_FAILED is obsoleted
curl.h: include <sys/select.h> on SunOS
curl: output warning when a cookie is dropped due to size
curl: writeout: fix repeated header outputs
Curl_close: call Curl_resolver_cancel to avoid memory-leak
curl_easy_header: Add CURLH_PSEUDO to sanity check
curl_mime_data.3: polish the wording
curl_multi_timeout.3: clarify usage
CURLINFO_SPEED_UPLOAD/DOWNLOAD.3: fix examples
CURLOPT_BUFFERSIZE.3: add upload buffersize to see also
CURLOPT_CONNECT_ONLY.3: clarify multi API use
CURLOPT_SERVER_RESPONSE_TIMEOUT: the new name
digest: fix memory leak, fix not quoted 'opaque'
digest: fix missing increment of 'nc' value for auth-int
digest: pass over leading spaces in qop values
digest: reject broken header with session protocol but without qop
docs/cmdline-opts/gen.pl: encode leading single and double quotes
docs/cmdline-opts: fix example and categories for --form-escape
docs/cmdline: mark fail and fail-with-body as mutually exclusive
docs: add dns category to --resolve
docs: explain curl_easy_escape/unescape curl handle is ignored
docs: remove him/her/he/she from documentation
doh: move doh related struct definitions to doh.h
doh: use https protocol by default
easy_lock.h: include sched.h if available to fix build
easy_lock.h: use __asm__ instead of asm to fix build
easy_lock: fix build for mingw
easy_lock: fix build with icc
easy_lock: fix the #ifdef conditional for ia32_pause
easy_lock: switch to using atomic_int instead of bool
easyoptions: fix icc warning
escape: remove outdated comment
examples/curlx.c: remove
file: add handling of native AmigaOS paths
file: fix icc enumerated type mixed with another type warning
ftp: use a correct expire ID for timer expiry
getinfo: return better error on NULL as first argument
GHA: add two Intel compiler CI jobs
GHA: move libressl CI from zuul to GitHub
gha: move over ngtcp2-gnutls CI job from zuul
GHA: mv CI torture test from Zuul
h2h3: fix overriding the 'TE: Trailers' header
hostip: resolve *.localhost to 127.0.0.1/::1
HTTP3.md: update to msh3 v0.4.0
http: typecast the httpreq assignment to avoid icc compiler warning
http_aws_sigv4.c: remove two unusued includes
http_chunks: remove an assign + typecast
hyper: customize test1274 to how hyper unfolds headers
hyper: enable obs-folded multiline headers
hyper: use wakers for curl pause/resume
imap: use ISALNUM() for alphanumeric checks
ldap: adapt to conn->port now being an 'int'
lib/curl_path.c: add ISC to license expression
lib3026: reduce the number of threads to 100
libcurl-security.3: fix typo on macro "SH_"
libssh2: make atime/mtime date overflow return error
libssh2: provide symlink name in SFTP dir listing
libssh: ignore deprecation warnings
libssh: make atime/mtime date overflow return error
Makefile.m32: add `CURL_RC` and `CURL_STRIP` variables [ci skip]
Makefile.m32: add `NGTCP2_LIBS` option [ci skip]
makefile.m32: add support for custom ARCH [ci skip]
Makefile.m32: allow -nghttp3/-ngtcp2 without -ssl [ci skip]
Makefile.m32: do not set the libcurl.rc debug flag [ci skip]
Makefile.m32: stop trying to build libcares.a [ci skip]
memdebug: add annotation attributes
mprintf: fix *dyn_vprintf() when out-of-memory
mprintf: make dprintf_formatf never return negative
msh3: fix the QUIC disconnect function
multi: fix the return code from Curl_pgrsDone()
multi: have curl_multi_remove_handle close CONNECT_ONLY transfer
multi: use a pipe instead of a socketpair on apple platforms
multi: use larger dns hash table for multi interface
multi_wait: fix and improve Curl_poll error handling on Windows
multi_wait: fix skipping to populate revents for extra_fds
netrc.d: remove spurious quote
netrc: Use the password from lines without login
ngtcp2: Fix build error due to change in nghttp3 prototypes
ngtcp2: fix incompatible function pointer types
ngtcp2: Fix missing initialization of nghttp3_nv.flags
ngtcp2: fix stall or busy loop on STOP_SENDING with upload data
ngtcp2: implement cb_h3_stop_sending and cb_h3_reset_stream callbacks
openssl: add `CURL_BORINGSSL_VERSION` to identify BoringSSL
openssl: add cert path in error message
openssl: add details to "unable to set client certificate" error
openssl: fix BoringSSL symbol conflicts with LDAP and Schannel
quiche: fix build failure
select: do not return fatal error on EINTR from poll()
sendf: fix paused header writes since after the header API
sendf: make Curl_debug a void function
sendf: skip storing HTTP headers if HTTP disabled
sendf: store the header type in an usigned char to avoid icc warnings
splay: avoid using -1 in unsigned variable
test3026: add support for Windows using native Win32 threads
test3026: require 'threadsafe'
test44[2-4]: add '--resolve' to the keywords
tests/server/sockfilt.c: avoid race condition without a mutex
tests: fix http2 tests to use CRLF headers
tests: several enumerated type cleanups
THANKS: merged two entries for Evgeny Grin
tidy-up: delete unused build configuration macros
tool: reintroduce set file comment code for AmigaOS
tool_cfgable: make 'synthetic_error' a plain bool
tool_formparse: fix variable may be used before its value is set
tool_getparam: make --doh-url "" switch it off
tool_getparam: repair cleanarg
tool_operate: better cleanup of easy handle in exit path
tool_paramhlp: fix "enumerated type mixed with another type"
tool_paramhlp: make check_protocol return ParameterError
tool_progress: avoid division by zero in parallel progress meter
tool_writeout: fix enumerated type mixed with another type
trace: 0x7F character is non-printable
unit1303: four tests should have TRUE for 'connecting'
url: enumerated type mixed with another type
url: really use the user provided in the url when netrc entry exists
url: reject URLs with hostnames longer than 65535 bytes
url: treat missing usernames in netrc as empty
urldata: change second proxytype field to unsigned char to match
urldata: make 'negnpn' use less storage
urldata: make state.httpreq an unsigned char
urldata: make three *_proto struct fields smaller
urldata: move smaller fields down in connectdata struct
urldata: reduce size of several struct fields
vtls: make Curl_ssl_backend() return the enum type curl_sslbackend
windows: improve random source
|
2022-08-17 12:09:55 by Tobias Nygren | Files touched by this commit (3) |
Log message:
curl: SunOS build fix. Reported upstream. Bump.
|
2022-06-28 13:38:00 by Thomas Klausner | Files touched by this commit (3952) |
Log message:
*: recursive bump for perl 5.36
|
2022-06-27 09:50:13 by Thomas Klausner | Files touched by this commit (3) | |
Log message:
curl: update to 7.84.0.
Security fix release.
This release includes the following changes:
o curl: add --rate to set max request rate per time unit [69]
o curl: deprecate --random-file and --egd-file [12]
o curl_version_info: add CURL_VERSION_THREADSAFE [100]
o CURLINFO_CAPATH/CAINFO: get the default CA paths from libcurl [9]
o lib: make curl_global_init() threadsafe when possible [101]
o libssh2: add CURLOPT_SSH_HOSTKEYFUNCTION [78]
o opts: deprecate RANDOM_FILE and EGDSOCKET [13]
o socks: support unix sockets for socks proxy [2]
This release includes the following bugfixes:
o aws-sigv4: fix potentional NULL pointer arithmetic [48]
o bindlocal: don't use a random port if port number would wrap [14]
o c-hyper: mark status line as status for Curl_client_write() [58]
o ci: avoid `cmake -Hpath` [114]
o CI: bump FreeBSD 13.0 to 13.1 [127]
o ci: update github actions [36]
o cmake: add libpsl support [3]
o cmake: do not add libcurl.rc to the static libcurl library [53]
o cmake: enable curl.rc for all Windows targets [55]
o cmake: fix detecting libidn2 [56]
o cmake: support adding a suffix to the OS value [54]
o configure: skip libidn2 detection when winidn is used [89]
o configure: use the SED value to invoke sed [28]
o configure: warn about rustls being experimental [103]
o content_encoding: return error on too many compression steps [106]
o cookie: address secure domain overlay [7]
o cookie: apply limits [83]
o copyright.pl: parse and use .reuse/dep5 for skips [105]
o copyright: make repository REUSE compliant [119]
o curl.1: add a few see also --tls-max [52]
o curl.1: mention exit code zero too [44]
o curl: re-enable --no-remote-name [31]
o curl_easy_pause.3: remove explanation of progress function [97]
o curl_getdate.3: document that some illegal dates pass through [34]
o Curl_parsenetrc: don't access local pwbuf outside of scope [27]
o curl_url_set.3: clarify by default using known schemes only [120]
o CURLOPT_ALTSVC.3: document the file format [118]
o CURLOPT_FILETIME.3: fix the protocols this works with
o CURLOPT_HTTPHEADER.3: improve comment in example [66]
o CURLOPT_NETRC.3: document the .netrc file format
o CURLOPT_PORT.3: We discourage using this option [92]
o CURLOPT_RANGE.3: remove ranged upload advice [99]
o digest: added detection of more syntax error in server headers [81]
o digest: tolerate missing "realm" [80]
o digest: unquote realm and nonce before processing [82]
o DISABLED: disable 1021 for hyper again
o docs/cmdline-opts: add copyright and license identifier to each file [112]
o docs/CONTRIBUTE.md: document the 'needs-votes' concept [79]
o docs: clarify data replacement policy for MIME API [16]
o doh: remove UNITTEST macro definition [67]
o examples/crawler.c: use the curl license [73]
o examples: remove fopen.c and rtsp.c [76]
o FAQ: Clarify Windows double quote usage [42]
o fopen: add Curl_fopen() for better overwriting of files [72]
o ftp: restore protocol state after http proxy CONNECT [110]
o ftp: when failing to do a secure GSSAPI login, fail hard [62]
o GHA/hyper: enable debug in the build
o gssapi: improve handling of errors from gss_display_status [45]
o gssapi: initialize gss_buffer_desc strings
o headers api: remove EXPERIMENTAL tag [35]
o http2: always debug print stream id in decimal with %u [46]
o http2: reject overly many push-promise headers [63]
o http: restore header folding behavior [64]
o hyper: use 'alt-used' [71]
o krb5: return error properly on decode errors [107]
o lib: make more protocol specific struct fields #ifdefed [84]
o libcurl-security.3: add "Secrets in memory" [30]
o libcurl-security.3: document CRLF header injection [98]
o libssh: skip the fake-close when libssh does the right thing [102]
o links: update dead links to the curl-wiki [21]
o log2changes: do not indent empty lines [ci skip] [37]
o macos9: remove partial support [22]
o Makefile.am: fix portability issues [1]
o Makefile.m32: delete obsolete options, improve -On [ci skip] [65]
o Makefile.m32: delete two obsolete OpenSSL options [ci skip] [39]
o Makefile.m32: stop forcing XP target with ipv6 enabled [ci skip] [116]
o max-time.d: clarify max-time sets max transfer time [70]
o mprintf: ignore clang non-literal format string [19]
o netrc: check %USERPROFILE% as well on Windows [77]
o netrc: support quoted strings [33]
o ngtcp2: allow curl to send larger UDP datagrams [29]
o ngtcp2: correct use of ngtcp2 and nghttp3 signed integer types [25]
o ngtcp2: enable Linux GSO [91]
o ngtcp2: extend QUIC transport parameters buffer [4]
o ngtcp2: fix alert_read_func return value [26]
o ngtcp2: fix typo in preprocessor condition [121]
o ngtcp2: handle error from ngtcp2_conn_submit_crypto_data [5]
o ngtcp2: send appropriate connection close error code [6]
o ngtcp2: support boringssl crypto backend [17]
o ngtcp2: use helper funcs to simplify TLS handshake integration [68]
o ntlm: provide a fixed fake host name [32]
o projects: fix third-party SSL library build paths for Visual Studio [125]
o quic: add Curl_quic_idle [18]
o quiche: support ca-fallback [49]
o rand: stop detecting /dev/urandom in cross-builds [113]
o remote-name.d: mention --output-dir [88]
o runtests.pl: add the --repeat parameter to the --help output [43]
o runtests: fix skipping tests not done event-based [95]
o runtests: skip starting the ssh server if user name is lacking [104]
o scripts/copyright.pl: fix the exclusion to not ignore man pages [75]
o sectransp: check for a function defined when __BLOCKS__ is undefined [20]
o select: return error from "lethal" poll/select errors [93]
o server/sws: support spaces in the HTTP request path
o speed-limit/time.d: mention these affect transfers in either direction [74]
o strcase: some optimisations [8]
o test 2081: add a valid reply for the second request [60]
o test 675: add missing CR so the test passes when run through Privoxy [61]
o test414: add the '--resolve' keyword [23]
o test681: verify --no-remote-name [90]
o tests 266, 116 and 1540: add a small write delay
o tests/data/test1501: kill ftp server after slow LIST response [59]
o tests/getpart: fix getpartattr to work with "data" and "data2"
o tests/server/sws.c: change the HTTP writedelay unit to milliseconds [47]
o test{440,441,493,977}: add "HTTP proxy" keywords [40]
o tool_getparam: fix --parallel-max maximum value constraint [51]
o tool_operate: make sure --fail-with-body works with --retry [24]
o transfer: fix potential NULL pointer dereference [15]
o transfer: maintain --path-as-is after redirects [96]
o transfer: upload performance; avoid tiny send [124]
o url: free old conn better on reuse [41]
o url: remove redundant #ifdefs in allocate_conn()
o url: URL encode the path when extracted, if spaces were set
o urlapi: make curl_url_set(url, CURLUPART_URL, NULL, 0) clear all parts [126]
o urlapi: support CURLU_URLENCODE for curl_url_get()
o urldata: reduce size of a few struct fields [86]
o urldata: remove three unused booleans from struct UserDefined [87]
o urldata: store tcp_keepidle and tcp_keepintvl as ints [85]
o version: allow stricmp() for sorting the feature list [57]
o vtls: make curl_global_sslset thread-safe [94]
o wolfssh.h: removed [10]
o wolfssl: correct the failf() message when a handle can't be made [38]
o wolfSSL: explicitly use compatibility layer [11]
o x509asn1: mark msnprintf return as unchecked [50]
|