Next | Query returned 340 messages, browsing 61 to 70 | Previous

History of commit frequency

CVS Commit History:


   2021-09-27 20:53:44 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
curl: updated to 7.79.1

Fixed in 7.79.1

Bugfixes:

Curl_http2_setup: don't change connection data on repeat invokes
curl_multi_fdset: make FD_SET() not operate on sockets out of range
dist: provide lib/.checksrc in the tarball
FAQ: add GOPHERS + curl works on data, not files
hsts: CURLSTS_FAIL from hsts read callback should fail transfer
hsts: handle unlimited expiry
http: fix the broken >3 digit response code detection
strerror: use sys_errlist instead of strerror on Windows
test1184: disable
tests/sshserver.pl: make it work with openssh-8.7p1
   2021-09-15 08:26:01 by Thomas Klausner | Files touched by this commit (3) | Package updated
Log message:
curl: update to 7.79.0.

This release includes the following changes:

 o bearssl: support CURLOPT_CAINFO_BLOB [3]
 o http: consider cookies over localhost to be secure [24]
 o secure transport: support CURLINFO_CERTINFO [63]

This release includes the following bugfixes:

 o CVE-2021-22945: clear the leftovers pointer when sending succeeds [112]
 o CVE-2021-22946: do not ignore --ssl-reqd [111]
 o CVE-2021-22947: reject STARTTLS server response pipelining [110]
 o ares: use ares_getaddrinfo() [51]
 o asyn-ares.c: move all version number checks to the top
 o auth: do not append zero-terminator to authorisation id in kerberos [32]
 o auth: properly handle byte order in kerberos security message [36]
 o auth: use sasl authzid option in kerberos [34]
 o auth: we do not support a security layer after kerberos authentication [35]
 o BINDINGS.md: update links to use https where available [50]
 o build: fix compiler warnings [39]
 o c-hyper: deal with Expect: 100-continue combined with POSTFIELDS [66]
 o c-hyper: fix header value passed to debug callback [46]
 o c-hyper: handle HTTP/1.1 => HTTP/1.0 downgrade on reused connection [65]
 o c-hyper: initial step for 100-continue support [43]
 o c-hyper: initial support for "dumping" 1xx HTTP responses [40]
 o c-hyper: remove the hyper_executor_poll() loop from Curl_http [13]
 o CI/cirrus: reduce compile time with increased parallism [19]
 o CI: use GitHub Container Registry instead of Docker Hub [47]
 o cirrus: Add FreeBSD 13.0 job and disable sanitizer build [128]
 o cmake: avoid poll() on macOS [59]
 o cmake: sync CURL_DISABLE options [55]
 o codeql: fix error "Resource not accessible by integration" [61]
 o compressed.d: it's a request, not an order [21]
 o config.d: escape the backslash properly [81]
 o config.d: note that curlrc is used even when --config [107]
 o config: get rid of the unused HAVE_SIG_ATOMIC_T et. al.
 o configure.ac: revert bad nghttp2 library detection improvements [9]
 o configure: error out if both ngtcp2 and quiche are specified [30]
 o configure: make --disable-hsts work [106]
 o configure: set classic mingw minimum OS version to XP [83]
 o configure: tweak nghttp2 library name fix [2]
 o connect: get local port + ip also when reusing connections [95]
 o connect: remove superfluous conditional [23]
 o curl-openssl.m4: check lib64 for the pkg-config file [14]
 o curl-openssl.m4: show correct output for OpenSSL v3 [75]
 o curl.1: mention "global" flags [7]
 o curl.1: provide examples for each option [99]
 o curl: add warning for ignored data after quoted form parameter [60]
 o curl: add warning for incompatible parameters usage [102]
 o curl: better error message when -O fails to get a good name [88]
 o curl: stop retry if Retry-After: is longer than allowed [104]
 o curl_easy_setopt.3: improve the string copy wording [89]
 o Curl_hsts_loadcb: don't attempt to load if hsts wasn't inited [116]
 o curl_setup.h: sync values for HTTP_ONLY [82]
 o curl_url_get.3: clarify about path and query [45]
 o CURLMOPT_TIMERFUNCTION.3: remove misplaced "time" [5]
 o CURLOPT_DOH_URL.3: CURLOPT_OPENSOCKETFUNCTION is not inherited [8]
 o CURLOPT_SSL_CTX_*.3: tidy up the example [15]
 o CURLOPT_UNIX_SOCKET_PATH.3: remove nginx reference, add see also [90]
 o docs/MQTT: update state of username/password support [4]
 o docs: remove experimental mentions from HSTS and MQTT [93]
 o docs: the security list is reached at security at curl.se now [124]
 o easy: use a custom implementation of wcsdup on Windows [31]
 o examples/*hiperfifo.c: fix calloc arguments to match function proto [103]
 o examples/cookie_interface: avoid printfing time_t directly [18]
 o examples/cookie_interface: fix scan-build printf warning [16]
 o examples/ephiperfifo.c: simplify signal handler [42]
 o FAQ: add two dev related questions [108]
 o getparameter: fix the --local-port number parser [58]
 o happy-eyeballs-timeout-ms.d: polish the wording [10]
 o hostip: Make Curl_ipv6works function independent of getaddrinfo [26]
 o http2: Curl_http2_setup needs to init stream data in all invokes [119]
 o http2: revert a change that broke upgrade to h2c [57]
 o http2: revert call the handle-closed function correctly on closed stream [25]
 o http: disallow >3-digit response codes [80]
 o http: ignore content-length if any transfer-encoding is used [101]
 o http_proxy: clear 'sending' when the outgoing request is sent [6]
 o http_proxy: fix the User-Agent inclusion in CONNECT [115]
 o http_proxy: fix user-agent and custom headers for CONNECT with hyper [38]
 o http_proxy: only wait for writable socket while sending request [78]
 o INTERNALS: bump c-ares requirement to 1.16.0
 o INTERNALS: c-ares has a new home: c-ares.org
 o lib: don't use strerror() [127]
 o libcurl-errors.3: clarify two CURLUcode errors [72]
 o limit-rate.d: clarify base unit [17]
 o mailing lists: move from cool.haxx.se to lists.haxx.se
 o mbedtls: avoid using a large buffer on the stack [105]
 o mbedTLS: initial 3.0.0 support [33]
 o mbedtls_threadlock: fix unused variable warning [11]
 o mksymbolsmanpage.pl: Fix showing symbol's last used version [76]
 o mksymbolsmanpage.pl: match symbols case insenitively [77]
 o multi: fix compiler warning with `CURL_DISABLE_WAKEUP` [96]
 o ngtcp2: compile with the latest ngtcp2 and nghttp3 [12]
 o ngtcp2: fix build with ngtcp2 and nghttp3 [117]
 o ngtcp2: remove the acked_crypto_offset struct field init [64]
 o ngtcp2: replace deprecated functions with nghttp3_conn_shutdown_stream_read [28]
 o ngtcp2: reset the oustanding send buffer again when drained [53]
 o ngtcp2: rework the return value handling of ngtcp2_conn_writev_stream [29]
 o ngtcp2: stop buffering crypto data [85]
 o ngtcp2: utilize crypto API functions to simplify [52]
 o openssl: annotate SSL3_MT_SUPPLEMENTAL_DATA [98]
 o openssl: when creating a new context, there cannot be an old one [48]
 o opt-docs: make sure all man pages have examples [92]
 o opt-docs: verify man page sections + order [91]
 o opts docs: unify phrasing in NAME header [126]
 o output.d: add method to suppress response bodies [49]
 o page-header: add GOPHERS, simplify wording in the 1st para [94]
 o progress: fix a compile warning on some systems [54]
 o progress: make trspeed avoid floats [100]
 o runtests: add option -u to error on server unexpectedly alive [125]
 o schannel: Work around typo in classic mingw macro [84]
 o scripts: invoke interpreters through /usr/bin/env [68]
 o setopt: enable CURLOPT_IGNORE_CONTENT_LENGTH for hyper [70]
 o strerror.h: remove the #include from files not using it
 o symbols-in-versions: fix CURLSSLBACKEND_QSOSSL last used version [73]
 o test1138: remove trailing space to make work with hyper [71]
 o test1173: check references to libcurl options [69]
 o test1280: CRLFify the response to please hyper [86]
 o test1565: fix windows build errors [27]
 o test365: verify response with chunked AND Content-Length headers
 o tests/*server.pl: flush output before executing subprocess [41]
 o tests/*server.py: remove pidfile on server termination [1]
 o tests/runtests.pl: cleanup copy&paste mistakes and unused code
 o tests/server/*.c: align handling of portfile argument and file [56]
 o tests: adjust the tftpd output to work with hyper mode [97]
 o tests: be explicit about using 'python3' instead of 'python' [67]
 o tests: enable test 1129 for hyper builds [87]
 o tests: make three tests pass until 2037 [22]
 o tool/tests: fix potential year 2038 issues [20]
 o tool_operate: Fix --fail-early with parallel transfers [62]
 o url: fix compiler warning in no-verbose builds [120]
 o urlapi.c:seturl: assert URL instead of using if-check [74]
 o vtls: fix typo in schannel_verify.c [44]
 o winbuild/README.md: clarify GEN_PDB option
 o wolfssl: clean up wolfcrypt error queue [79]
 o write-out.d: clarify size_download/upload [118]
 o x509asn1: fix heap over-read when parsing x509 certificates [37]
   2021-07-21 11:32:04 by Leonardo Taccari | Files touched by this commit (3) | Package updated
Log message:
curl: Update to 7.78.0

Changes:
7.78.0
------
This release includes the following changes:

 o curl_url_set: reject spaces in URLs w/o CURLU_ALLOW_SPACE
 o CURLE_SETOPT_OPTION_SYNTAX: new error name for wrong setopt syntax
 o hostip: make 'localhost' return fixed values
 o mbedtls: add support for cert and key blob options
 o metalink: remove all support for it
 o mqtt: add support for username and password

This release includes the following bugfixes:

 o --socks4[a]: clarify where the host name is resolved
 o ares: always store IPv6 addresses first
 o asyn-ares: remove check for 'data' in Curl_resolver_cancel
 o bearssl: explicitly initialize all fields of Curl_ssl
 o bearssl: remove incorrect const on variable that is modified
 o build: fix compiler warnings when CURL_DISABLE_VERBOSE_STRINGS
 o c-hyper: abort CONNECT response reading early on non 2xx responses
 o c-hyper: add support for transfer-encoding in the request
 o c-hyper: bail on too long response headers
 o c-hyper: clear NTLM auth buffer when request is issued
 o c-hyper: convert HYPERE_INVALID_PEER_MESSAGE to CURLE_UNSUPPORTED_PROTOCOL
 o c-hyper: fix NTLM on closed connection tested with test159
 o c-hyper: fix the uploaded field in progress callbacks
 o c-hyper: handle NULL from hyper_buf_copy()
 o c-hyper: support CURLINFO_STARTTRANSFER_TIME
 o c-hyper: support CURLOPT_HEADER
 o ccsidcurl: fix the compile errors
 o CI/cirrus: install impacket from PyPI instead of FreeBSD packages
 o CI: add bearssl build
 o CI: add Circle CI
 o CI: add jobs using Zuul
 o CI: delete --enable-hsts option (it is the default now)
 o CI: remove travis details
 o cleanup: spell DoH with a lowercase o
 o cmake: add CURL_DISABLE_NTLM option
 o cmake: avoid leaking absolute paths into exported config
 o cmake: fix IoctlSocket FIONBIO check
 o cmake: fix support for UnixSockets feature on Win32
 o cmake: remove libssh2 feature checks
 o cmake: try well-known send/recv signature for Apple
 o configure.ac: make non-executable
 o configure/cmake: remove checks for many unused functions
 o configure: add --disable-ntlm option
 o configure: disable RTSP when hyper is selected
 o configure: do not strip out debug flags
 o configure: fix nghttp2 library name for static builds
 o configure: inhibit the implicit-fallthrough warning on gcc-12
 o configure: rename get-easy-option configure option to get-easy-options
 o conn_shutdown: if closed during CONNECT cleanup properly
 o conncache: lowercase the hash key for better match
 o cookies: track expiration in jar to optimize removals
 o copyright: add boiler-plate headers to CI config files
 o crustls: bump crustls version and use new URL
 o curl.h: <sys/select.h> is supported by VxWorks7
 o curl.h: include sys/select.h for NuttX RTOS
 o curl: ignore blank --output-dir
 o curl_endian: remove the unused Curl_write64_le function
 o curl_multibyte: Remove local encoding fallbacks
 o Curl_ntlm_core_mk_nt_hash: fix OOM in error path
 o Curl_ssl_getsessionid: fail if no session cache exists
 o CURLOPT_WRITEFUNCTION.3: minor update of the example
 o docs/BINDINGS: fix outdated links
 o docs/examples: use curl_multi_poll() in multi examples
 o docs/INSTALL: remove mentions of configure --with-darwin-ssl
 o docs: document missing arguments to commands
 o docs: fix inconsistencies in EGDSOCKET documentation
 o docs: fix incorrect argument name reference
 o docs: Fix typos
 o docs: make docs for --etag-save match the program behaviour
 o docs: use --max-redirs instead of --max-redir
 o doh: (void)-prefix call to curl_easy_setopt
 o doh: fix wrong DEBUGASSERT for doh private_data
 o easy: during upkeep, attach Curl_easy to connections in the cache
 o examples/multi-single: fix scan-build warning
 o examples: length-limit two sscanf() uses of %s
 o examples: safer and more proper read callback logic
 o filecheck: quietly remove test-place/*~
 o formdata: avoid "Argument cannot be negative" warning
 o formdata: correct typecast in curl_mime_data call
 o GHA: add a linux-hyper job
 o GHA: add several libcurl tests to the hyper job
 o GHA: run the newly fixed tests with hyper
 o github: timeout jobs on macOS after 90 minutes
 o glob: pass an 'int' as len when using printf's %*s
 o gnutls: set the preferred TLS versions in correct order
 o GOVERNANCE: add 'user', 'committer' and 'contributor'
 o hostip: (macOS) free returned memory of SCDynamicStoreCopyProxies
 o hostip: bad CURLOPT_RESOLVE syntax now returns error
 o hsts: ignore numberical IP address hosts
 o HSTS: not experimental anymore
 o http2: clarify 'Using HTTP2' verbose message
 o http2: init recvbuf struct for pushed streams
 o http2_connisdead: handle trailing GOAWAY better
 o http: fix crash in rate-limited upload
 o http: make the haproxy support work with unix domain sockets
 o http_proxy: deal with non-200 CONNECT response with Hyper
 o hyper: propagate errors back up from read callbacks
 o HYPER: remove mentions of deprecated development branch
 o idn: fix libidn2 with windows unicode builds
 o infof: remove newline from format strings, always append it
 o lib: don't compare fd to FD_SETSIZE when using poll
 o lib: fix compiler warnings with CURL_DISABLE_NETRC
 o lib: fix type of len passed to *printf's %*s
 o lib: more %u for port and int for %*s fixes
 o lib: use %u instead of %ld for port number printf
 o libcurl-security.3: mention file descriptors and forks
 o libssh2: limit time a disconnect can take to 1 second
 o mbedtls: make mbedtls_strerror always work
 o mbedtls: Remove unnecessary include
 o mqtt: detect illegal and too large file size
 o mqtt: extend the error message for no topic
 o msnprintf: return number of printed characters excluding null byte
 o multi: add scan-build-6 work-around in curl_multi_fdset
 o multi: alter transfer timeout ordering
 o multi: do not switch off connect_only flag when closing
 o multi: fix crash in curl_multi_wait / curl_multi_poll
 o netrc: skip 'macdef' definitions
 o ngtcp2: disable TLSv1.3 compatible mode when using GnuTLS
 o openssl: avoid static variable for seed flag
 o openssl: don't remove session id entry in disassociate
 o pinnedpubkey.d: fix formatting for version support lists
 o proto.d: fix formatting for paragraphs after margin changes
 o quiche: use send() instead of sendto() to avoid macOS issue
 o Revert "c-hyper: handle body on HYPER_TASK_EMPTY"
 o Revert "ftp: Expression 'ftpc->wait_data_conn' is always false"
 o runtests: also find the last test in Makefile.inc
 o runtests: enable 'hyper mode' only for HTTP tests
 o runtests: init $VERSION to avoid warnings when using -l
 o runtests: parse data/Makefile.inc instead of using make
 o runtests: skip disabled tests unless -f is used
 o rustls: remove native_roots fallback
 o schannel: set ALPN length correctly for HTTP/2
 o SChannel: Use '_tcsncmp()' instead
 o sectransp: check for client certs by name first, then file
 o setopt: fix incorrect comments
 o socketpair: fix potential hangs
 o socks4: scan for the IPv4 address in resolve results
 o ssl: read pending close notify alert before closing the connection
 o sws: malloc request struct instead of using stack
 o telnet: fix option parser to not send uninitialized contents
 o test1116: hyper doesn't pass through "surprise-trailers"
 o test1147: hyper doesn't allow "crazy" request headers like built-in
 o test1151: added missing CRLF to work with hyper
 o test1216: adjusted for hyper mode
 o test1218: adjusted for hyper mode
 o test1230: adjust to work in hyper mode
 o test1340/1341: adjusted for hyper mode
 o test1438/1457: add HTTP keyword to make hyper mode work
 o test1514: add a CRLF to the response to make it correct
 o test1518: adjusted to work with hyper
 o test1519: adjusted to work with hyper
 o test1594/1595/1596: fix to work in hyper mode
 o test269: disable for hyper
 o test3010: work with hyper mode
 o test328: avoid a header-looking body to make hyper mode work
 o test339: CRLFify better to work in hyper mode
 o test347: CRLFify to work in hyper mode
 o test393: make Content-Length fit within 64 bit for hyper
 o test394: hyper returns a different error
 o test395: hyper cannot work around > 64 bit content-lengths like built-in
 o test433: adjust for hyper mode
 o test434: add HTTP keyword
 o test500: adjust to work with hyper mode
 o test566: adjust to work with hyper mode
 o test599: adjusted to work in hyper mode
 o test644: remove as duplicate of test 587
 o tests: fix Accept-Encoding strips to work with Hyper builds
 o TLS: prevent shutdown loops to get stuck
 o tool: make _lseeki64() macro work with the PellesC compiler
 o tool_help: document that --tlspassword takes a password
 o tool_help: remove unused define
 o url.c: remove two variable assigns that are never read
 o url: (void)-prefix a curl_url_get() call
 o url: bad CURLOPT_CONNECT_TO syntax now returns error
 o version: turn version number functions into returning void
 o vtls: exit addsessionid if no cache is inited
 o vtls: fix connection reuse checks for issuer cert and case sensitivity
 o vtls: only store TIMER_APPCONNECT for non-proxy connect
 o vtls: use free() not curl_free()
 o warnless: simplify type size handling
 o Win32: fix build with Watt-32
 o winbuild/README: VC should be set to 6 'or larger'
 o winbuild: support alternate nghttp2 static lib name
 o wolfssl: failing to set a session id is not reason to error out
 o write-out.d: clarify urlnum is not unique for de-globbed URLs
 o zuul: use the new rustls directory name
   2021-05-26 09:54:17 by Thomas Klausner | Files touched by this commit (3) | Package updated
Log message:
curl: update to 7.77.0.

curl and libcurl 7.77.0

This release includes the following changes:

 o configure: make the TLS library choice(s) explicit [3]
 o curl: ignore options asking for SSLv2 or SSLv3 [10]
 o hsts: enable by default [8]
 o SSL: support in-memory CA certs for some backends [85]
 o vtls: refuse setting any SSL version [9]

This release includes the following bugfixes:

 o CVE-2021-22297: schannel cipher selection surprise [132]
 o CVE-2021-22298: TELNET stack contents disclosure [131]
 o CVE-2021-22901: TLS session caching disaster [130]
 o AmigaOS: add functions definitions for SHA256 [126]
 o build: fix compilation for Windows UWP platform [82]
 o c-hyper: don't write to set.writeheader if null [67]
 o c-hyper: fix handling of zero-byte chunk from hyper [39]
 o c-hyper: handle body on HYPER_TASK_EMPTY [104]
 o checksrc: complain on == NULL or != 0 checks in conditions [20]
 o CI/cirrus: add shared and static Windows release builds [102]
 o cmake: add CURL_ENABLE_EXPORT_TARGET option [133]
 o cmake: check for getppid and utimes [87]
 o cmake: detect CURL_SA_FAMILY_T [124]
 o cmake: fix two invokes result in different curl_config.h [123]
 o cmake: make libcurl output filename configurable [41]
 o cmake: Use multithreaded compilation on VS 2008+ [122]
 o config: remove now-unused macros [107]
 o configure: if asked for, fail if ldap is not found [109]
 o configure: provide --with-openssl, deprecate --with-ssl [15]
 o conn: add 'attach' to protocol handler, make libssh2 use it [119]
 o connect: use CURL_SA_FAMILY_T for portability [34]
 o ConnectionExists: respect requests for h1 connections better
 o cookie: CURLOPT_COOKIEFILE set to NULL switches off cookies [1]
 o curl-wolfssl.m4: without custom include path, assume /usr/include [116]
 o curl: include libmetalink version in --version output [111]
 o Curl_http_header: check for colon when matching Persistent-Auth [51]
 o Curl_http_input_auth: require valid separator after negotiation type [52]
 o Curl_input_digest: require space after Digest [50]
 o curl_mprintf.3: add description [73]
 o curl_setup: provide the shutdown flags wider [33]
 o curl_url_set.3: add memory management information [38]
 o CURLcode: add CURLE_SSL_CLIENTCERT [47]
 o CURLOPT_CAPATH.3: defaults to a path, not NULL [103]
 o CURLOPT_IPRESOLVE: preventing wrong IP version from being used [125]
 o CURLOPT_POSTFIELDS.3: clarify how it gets the size of the data [40]
 o data_pending: check only SECONDARY socket for FTP(S) transfers [117]
 o docs/TheArtOfHttpScripting: fix markdown links [129]
 o docs: camelcase it like GitHub everywhere [62]
 o docs: cookies from HTTP headers need domain set [121]
 o docs: fix typo in fail-with-body doc [63]
 o docs: improve INTERNALS.md regarding getsock cb [105]
 o docs: replace dots with dashes in markdown enums [101]
 o easy: ignore sigpipe in curl_easy_send [69]
 o FILEFORMAT: mention sectransp as a feature [89]
 o GIT-INFO: suggest using autoreconf instead of buildconf [96]
 o github: add a workflow with libssh2 on macOS using cmake [81]
 o github: inhibit deprecated declarations for clang on macOS [118]
 o GnuTLS: don't allow TLS 1.3 for versions that don't support it [77]
 o gnutls: make setting only the MAX TLS allowed version work [83]
 o gskit: fix CURL_DISABLE_PROXY build [57]
 o gskit: fix undefined reference to 'conn' [58]
 o hostip.h: remove declaration of unimplemented function [108]
 o hostip: remove the debug code for LocalHost [113]
 o http2: call the handle-closed function correctly on closed stream [37]
 o http2: fix a resource leak in push_promise() [54]
 o http2: fix resource leaks in set_transfer_url() [55]
 o http2: make sure pause is done on HTTP [120]
 o http2: move the stream error field to the per-transfer storage [36]
 o http2: skip immediate parsing of payload following protocol switch [90]
 o http2: use nghttp2_session_upgrade2 instead of nghttp2_session_upgrade [91]
 o HTTP3.md: fix nghttp2's HTTP/3 server port [21]
 o HTTP3.md: make the ngtcp2 build use the quictls fork [98]
 o http: deal with partial CONNECT sends [97]
 o http: fix the check for 'Authorization' with Bearer [53]
 o http: limit the initial send amount to used upload buffer size [99]
 o http: reset the header buffer when sending the request [61]
 o http: use offsets inst of integer literals for header parsing [95]
 o INSTALL: add IBM i specific quirks [75]
 o krb5/name_to_level: replace checkprefix with curl_strequal [49]
 o krb5: don't use 'static' to store PBSZ size response [23]
 o krb5: remove the unused 'overhead' function [35]
 o lib/hostip6.c: make NAT64 address synthesis on macOS work [135]
 o lib1564.c: enable last wakeup test part on Windows [26]
 o lib: fix 0-length Curl_client_write calls [60]
 o lib: fix some misuse of curlx_convert_UTF8_to_tchar [64]
 o libcurl-security.3: be careful of setuid [66]
 o libcurl-security.3: don't try to filter IPv4 hosts based on the URL [71]
 o libcurl.3: mention the URL API [76]
 o libssh2: fix Value stored to 'sshp' is never read [13]
 o libssh2: ignore timeout during disconnect [45]
 o libssh: fix "empty expression statement has no effect" warnings [7]
 o libtest: remove lib530.c [88]
 o m4: add security frameworks on Mac when compiling rustls [31]
 o multi: don't close connection HTTP_1_1_REQUIRED
 o multi: fix slow write/upload performance on Windows [27]
 o multi: reduce Win32 API calls to improve performance [28]
 o ngtcp2: fix the cb_acked_stream_data_offset proto [46]
 o NSS: add ciphers to map [30]
 o NSS: make colons, commas and spaces valid separators in cipher list [106]
 o nss_set_blocking: avoid static for sock_opt [72]
 o ntlm: precaution against super huge type2 offsets [65]
 o openldap: protect SSL-specific code with proper #ifdef [12]
 o openldap: replace ldap_ prefix on private functions [84]
 o openssl: fix build error with OpenSSL < 1.0.2 [4]
 o openssl: remove unneeded cast for CertOpenSystemStore() [93]
 o os400: additional support for options metadata [24]
 o progress: fix scan-build-11 warnings [92]
 o progress: reset limit_size variables at transfer start [114]
 o progress: when possible, calculate transfer speeds with microseconds [48]
 o README.md: delete Codacy UTM parameters [5]
 o Revert "Revert 'multi: implement wait using winsock events'" [26]
 o rustls: only return CURLE_AGAIN when TLS session is fully drained [2]
 o rustls: use ALPN [56]
 o sasl: use 'unsigned short' to store mechanism [112]
 o schannel: Disable auto credentials; add an option to enable it [18]
 o schannel: Support strong crypto option [44]
 o sectransp: allow cipher name to be specified [29]
 o sectransp: fix EXC_BAD_ACCESS caused by uninitialized buffer [136]
 o sigpipe: ignore SIGPIPE when using wolfSSL as well [70]
 o sockfilt: avoid getting stuck waiting for writable socket [80]
 o sockfilt: fix invalid increment of handles index variable nfd [79]
 o sws: #ifdef S_IFSOCK use [32]
 o sws: allow HTTP requests up to 2MB in size [100]
 o test server: take care of siginterrupt() deprecation [25]
 o test2100: make it run with and require IPv6 [127]
 o tests/disable-scan.pl: also scan all m4 files [17]
 o tests/getpart: generate output URL encoded for better diffs [128]
 o tests: ignore case of chunked hex numbers in tests [86]
 o tls: add USE_HTTP2 define [59]
 o tool_getparam: handle failure of curlx_convert_tchar_to_UTF8() [78]
 o tool_getparam: replace (in-place) '%20' by '+' according to RFC1866 [14]
 o tool_operate: don't discard failed parallel transfer result [16]
 o tool_writeout: fix the HTTP_CODE json output [11]
 o travis: disable the failing libssh build [94]
 o URL-SYNTAX: update IDNA section for WHATWG spec changes [74]
 o urlapi: "normalize" numerical IPv4 host names [6]
 o vauth: factor base64 conversions out of authentication procedures [22]
 o version: add gsasl_version to curl_version_info_data [43]
 o version: add OpenLDAP version in the output [110]
 o vtls: deduplicate some DISABLE_PROXY ifdefs [19]
 o vtls: reset ssl use flag upon negotiation failure [42]
 o wolfssl: handle SSL_write() returns 0 for error [68]
 o wolfssl: remove SSLv3 support leftovers [115]
   2021-05-24 21:56:06 by Thomas Klausner | Files touched by this commit (3575)
Log message:
*: recursive bump for perl 5.34
   2021-04-21 15:25:34 by Adam Ciarcinski | Files touched by this commit (864)
Log message:
revbump for boost-libs
   2021-04-14 21:29:43 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
curl: updated to 7.76.1

7.76.1
Bugfixes:

configure: disable min version set for Darwin
configure: include <time.h> unconditionally
configure: remove use of RETSIGTYPE
docs/HTTP3.md: update the build instruction using gnutls
examples/hiperfifo.c: check event_initialized before delete
file: support GETing directories again
github/workflow: add "security-extended" to codeql-analysis.yml
h2: allow 100 streams by default
hostip: fix builds that disable all asynchronous DNS
http_proxy: only loop on 407 + close if we have credentials
install: add instructions for Apple Darwin platforms
lib: remove unused HAVE_INET_NTOA_R* defines
libssh: get rid of PATH_MAX
ngtcp2+gnutls: clear credentials when freed
ngtcp2: Use ALPN h3-29 for now
ntlm: fix negotiated flags usage
ntlm: support version 2 on 32-bit platforms
openssl: fix CURLOPT_SSLCERT_BLOB without CURLOPT_SSLCERT_KEY
TLS: fix HTTP/2 selection
tool_progress: fix progress meter final update in parallel mode
typecheck-gcc: make the ssl-ctx-cb check use SSL_CTX pointers
   2021-03-31 11:52:31 by Leonardo Taccari | Files touched by this commit (3) | Package updated
Log message:
curl: Update to 7.76.0

Changes:
7.76.0
======
This release includes the following changes:

 o cookies: Support multiple -b parameters
 o curl: add --fail-with-body
 o doh: add options to disable ssl verification
 o http: add support to read and store the referrer header
 o sasl: support SCRAM-SHA-1 and SCRAM-SHA-256 via libgsasl
 o vtls: initial implementation of rustls backend

This release includes the following bugfixes:

 o CVE-2021-22876: strip credentials from the auto-referer header field
 o CVE-2021-22890: add 'isproxy' argument to Curl_ssl_get/addsessionid()
 o asyn-ares: use consistent resolve error message
 o BUG-BOUNTY: removed the cooperation mention
 o build: delete unused feature guards
 o build: fix --disable-dateparse
 o build: fix --disable-http-auth
 o build: remove all traces of USE_BLOCKING_SOCKETS
 o c-hyper: Remove superfluous pointer check
 o c-hyper: support automatic content-encoding
 o CI/azure: disable test 433 on azure-ubuntu
 o CI/azure: replace python-impacket with python3-impacket
 o ci: stop building on freebsd-12-1
 o cmake: fix import library name for non-MS compiler on Windows
 o cmake: use CMAKE_INSTALL_INCLUDEDIR indirection
 o cmake: support WinIDN
 o config: fix building SMB with configure using Win32 Crypto
 o config: fix detection of restricted Windows App environment
 o configure: fail if --with-quiche is used and quiche isn't found
 o configure: make AC_TRY_* into AC_*_IFELSE
 o configure: make hyper opt-in, and fail if missing
 o configure: only add OpenSSL paths if they are defined
 o configure: provide Largefile feature for curl-config
 o configure: remove use of deprecated macros
 o configure: s/AC_HELP_STRING/AS_HELP_STRING
 o cookies: Fix potential NULL pointer deref with PSL
 o curl: set CURLOPT_NEW_FILE_PERMS if requested
 o curl_easy_setopt.3: add curl_easy_option* functions to SEE ALSO
 o curl_multibyte: always return a heap-allocated copy of string
 o curl_multibyte: fall back to local code page stat/access on Windows
 o Curl_timeleft: check both timeouts during connect
 o curl_url_set.3: mention CURLU_PATH_AS_IS
 o CURLOPT_QUOTE.3: clarify that libcurl doesn't parse what's sent
 o docs/HTTP2: remove the outdated remark about multiplexing for the tool
 o docs/Makefile.inc: format to be update-friendly
 o docs: add CURLOPT_CURLU to 'See also' in curl_url_ functions
 o docs: add missing Arg tag to --stderr
 o docs: Add SSL backend names to CURL_SSL_BACKEND
 o docs: clarify timeouts for queued transfers in multi API
 o docs: Explain DOH transfers inherit some SSL settings
 o docs: fix FILE example url in --metalink documentation
 o docs: make gen.pl support *italic* and **bold**
 o doh: Fix sharing user's resolve list with DOH handles
 o doh: Inherit CURLOPT_STDERR from user's easy handle
 o dynbuf: bump the max HTTP request to 1MB
 o examples: Remove threaded-shared-conn.c due to bug
 o file: Support unicode urls on windows
 o ftp: add 'list_only' to the transfer state struct
 o ftp: add 'prefer_ascii' to the transfer state struct
 o FTP: allow SIZE to fail when doing (resumed) upload
 o ftp: avoid SIZE when asking for a TYPE A file
 o ftp: fix Codacy/cppcheck warning about null pointer arithmetic
 o ftp: fix memory leak in ftp_done
 o ftp: never set data->set.ftp_append outside setopt
 o gen.pl: quote "bare" minuses in the nroff curl.1
 o github: add torture-ftp for FTP-only torture testing
 o gnutls: assume nettle crypto support
 o gskit: correct the gskit_send() prototype
 o hostip: fix build with sync resolver
 o hostip: fix crash in sync resolver builds that use DOH
 o hsts: remove unused defines
 o http2: don't set KEEP_SEND when there's no more data to be sent
 o http2: fail if connection terminated without END_STREAM
 o http: cap body data amount during send speed limiting
 o http: do not add a referrer header with empty value
 o http: make 416 not fail with resume + CURLOPT_FAILONERRROR
 o http: remove superfluous NULL assign
 o http: strip default port from URL sent to proxy
 o http: use credentials from transfer, not connection
 o ldap: use correct memory free function
 o lib1536: check ptr against NULL before dereferencing it
 o lib1537: check ptr against NULL before dereferencing it
 o lib: remove 'conn->data' completely
 o libssh2: kdb_callback: get the right struct pointer
 o libssh2:ssh_connect: clear session pointer after free
 o memdebug: close debug logfile explicitly on exit
 o mingw: enable using strcasecmp()
 o multi: close the connection when h2=>h1 downgrading
 o multi: do once-per-transfer inits in before_perform in DID state
 o multi: rename the multi transfer states
 o multi: update pending list when removing handle
 o ngtcp2: adapt to the new recv_datagram callback
 o ngtcp2: clarify calculation precedence
 o ngtcp2: Fix build error due to change in ngtcp2_addr_init
 o ngtcp2: sync with recent API updates
 o openldap: avoid NULL pointer dereferences
 o openssl: adapt to v3's new const for a few API calls
 o openssl: ensure to check SSL_CTX_set_alpn_protos return values
 o openssl: remove get_ssl_version_txt in favor of SSL_get_version
 o openssl: set the transfer pointer for logging early
 o OS400: update for CURLOPT_AWS_SIGV4
 o parse_proxy: fix a memory leak in the OOM path
 o pathhelp.pm: fix use of pwd -L in Msys environment
 o projects: Update VS projects for OpenSSL 1.1.x
 o quiche: fix build error: use 'int' for port number
 o quiche: fix crash when failing to connect
 o retry-all-errors.d: Explain curl errors versus HTTP response errors
 o retry.d: Clarify transient 5xx HTTP response codes
 o runtests.pl: add %TESTNUMBER variable to make copying tests more convenient
 o runtests.pl: add a -P option to specify an external proxy
 o runtests.pl: kill processes locking test log files
 o setopt: error on CURLOPT_HTTP09_ALLOWED set true with Hyper
 o test1188: change error to check for: --fail HTTP status
 o test220/314: adjust to run with Hyper
 o test304: header CRLF cleanup to work with Hyper
 o test306: make it not run with Hyper
 o tests: disable .curlrc in more environments
 o tests: use %TESTNUMBER instead of fixed number
 o tftp: remove the 3600 second default timeout
 o time: enable 64-bit time_t in supported mingw environments
 o tool_help: add missing argument for --create-file-mode
 o tool_help: Increase space between option and description
 o tool_operate: bail if set CURLOPT_HTTP09_ALLOWED returns error
 o travis: add a rustls build
 o travis: bump wolfssl to 4.7.0
 o travis: only build wolfssl when needed
 o travis: split "torture" into a separate "events" build
 o travis: switch ngtcp2 build over to quictls
 o travis: use ubuntu nghttp2 package instead of build our own
 o url.c: use consistent error message for failed resolve
 o url: fix memory leak if OOM in the HSTS handling
 o url: fix possible use-after-free in default protocol
 o urldata: don't touch data->set.httpversion at run-time
 o urldata: fix build without HTTP and MQTT
 o urldata: make 'actions[]' use unsigned char instead of int
 o urldata: merge "struct DynamicStatic" into "struct UrlState"
 o urldata: remove the 'rtspversion' field
 o urldata: remove the _ORIG suffix from string names
 o version.d: Add missing features to the features list
 o wolfssl: don't store a NULL sessionid
   2021-03-02 00:31:31 by Greg Troxel | Files touched by this commit (1)
Log message:
www/curl: Accomodate SSLCERTBUNDLE

Rather than letting openssl perform default validation, curl passes in
an explicit request to...  use the certificates in the default
location.  In cases where SSLCERTBUNDLE is defined (because the system
uses a bundle instead of the traditonal directory of trust anchors),
pass that to curl's configure.

As proposed on tech-pkg by Thomas Orgis, without objections.
   2021-02-03 14:17:18 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
curl: updated to 7.75.0

Changes:

curl: add --create-file-mode [mode]
curl: add new variables to --write-out
dns: extend CURLOPT_RESOLVE syntax for adding non-permanent entries
gopher: implement secure gopher protocol
http: add Hyper as new optional HTTP backend
http: introduce AWS HTTP v4 Signature support

Bugfixes:

badsymbols.pl: add verbose mode -v
badsymbols.pl: ignore stand-alone single hash lines
BUG-BOUNTY: minor language updates
build: fix djgpp builds
cleanup: fix empty expression statement has no effect
cmake: Add an option to disable libidn2
cmake: enable gophers correctly in curl-config
cmake: expose CURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG
cmdline-opts/gen.pl: return hard on errors
cmdline-opts/retry.d: mention response code 429 as well
configure: set -Wextra-semi-stmt for clang with --enable-debug
connect: defer port selection until connect() time
connect: mark intentional ignores of setsockopt return values
connect: on linux, enable reporting of all ICMP errors on UDP sockets
connect: zero variable on stack to silence valgrind complaint
cookie: avoid the C1001 internal compiler error with MSVC 14
curl.1: fix typo microsft -> microsoft
curl: fix handling of -q option
curl: include the file name in --xattr/--remote-time error msgs
curl: move fprintf outputs to warnf
Curl_chunker: shrink the struct
curl_easy_pause.3: add multiplexed pause effects
CURLINFO_PRETRANSFER_TIME.3: clarify
CURLOPT_URL.3: remove scheme specific details
digest_sspi: Show InitializeSecurityContext errors in verbose mode
docs/examples: adjust prototypes for CURLOPT_READFUNCTION
docs/URL-SYNTAX: the URL syntax curl accepts and works with
docs: enable syntax highlighting in several docs files
docs: fix line length bug in gen.pl
docs: fix typos in NEW-PROTOCOL.md
docs: fix wrong documentation in help.d
docs: remove redundant "better" in --fail help
doh: allocate state struct on demand
examples/libtest: add .checksrc to dist
examples: remove superfluous asterisk uses
failf: remove newline from formatting strings
file: don't provide content-length for directories
getinfo: build with disabled HTTP support
gitattributes: Set batch files to CRLF line endings on checkout
h2: do not wait for RECV on paused transfers
HISTORY: added dates to early history
http: empty reply connection are not left intact
http: get CURLOPT_REQUEST_TARGET working with a HTTP proxy
http: have CURLOPT_FAILONERROR fail after all headers
http: make providing Proxy-Connection header not cause duplicated headers
http: show the request as headers even when split-sending
http_chunks: correct and clarify a comment on hexnumber length
http_proxy: Fix CONNECT chunked encoding race condition
httpauth: make multi-request auth work with custom port
INSTALL: now at 85 operating systems
INSTALL: update the list known OSes and CPU archs curl has run on
lib/unit tests: add missing curl_global_cleanup() calls
lib1564/5: verify that curl_multi_wakeup returns OK
lib: pass in 'struct Curl_easy *' to most functions
lib: remove Curl_ prefix from many static functions
lib: save a bit of space with some structure packing
libssh2: fix "Value stored to 'readdir_len' is never read"
libssh2: move data from connection object to transfer object
libssh: avoid plain free() of libssh-memory
mime: make sure setting MIMEPOST to NULL resets properly
misc: assorted typo fixes
misc: fix "warning: empty expression statement has no effect"
misc: fix typos
mk-ca-bundle.pl: deterministic output when using -t
mqtt: deal with 0 byte reads correctly
mqtt: handle POST/PUBLISH without a set POSTFIELDSIZE
multi: set the PRETRANSFER time-stamp when we switch to PERFORM
multi: skip DONE state if there's no connection left for ftp wildcard
multi: when erroring in TOOFAST state, act as for PERFORM
multi_runsingle: bail out early on data->conn == NULL
ngtcp2: Fix http3 upload stall
ngtcp2: Fix stack buffer overflow
ngtcp2: make it build it current master again
nss: get the run-time version instead of build-time
openssl: lowercase the hostname before using it for SNI
OS400: update ccsidcurl.c
pretransfer: setup the User-Agent header here
quiche: remove fprintf() leftover
Revert "CI/github: work-around for brew breakage on macOS"
runtests: add 'wakeup' as a feature
runtests: add support for %if [feature] conditions
runtests: preprocess DISABLED to allow conditionals
schannel: plug a memory-leak
schannel_verify: fix safefree call typo
select: convert Curl_select() to private static function
socks: use the download buffer instead
speedcheck: exclude paused transfers
strerror: skip errnum >= 0 assertion on windows
test1522: add debug tracing
test1633: set appropriate name
test179: use consistent header line endings
test410: verify HTTPS GET with a 49K request header
tests/mqttd: extract the client id from the correct offset
tests: make --libcurl tests only test FTP options if ftp enabled
tool_doswin: Restore original console settings on CTRL signal
tool_operate: fix the suppression logic of some error messages
tool_operate: spellfix a comment
tooĺ_writeout: fix the -w time output units
transfer: fix GCC 10 warning with flag '-Wint-in-bool-context'
travis: build ngtcp2 --with-gnutls
travis: limit the tests with quiche builds to HTTPS and FTPS only
travis: restrict the openssl3 job to only run https and ftps tests
url: if IDNA conversion fails, fallback to Transitional
urldata: make magic be the first struct field
urldata: remove 'local_ip' from the connectdata struct
urldata: remove duplicate 'upkeep_interval_ms' from connectdata
urldata: remove duplicate port number storage
urldata: remove the duplicate 'ip_addr_str' field
urldata: store ip version in a single byte
vtls: remove md5sum
warnless: remove curlx_ultosi
wolfssl: add SECURE_RENEGOTIATION support
wolfssl: Support wolfSSL builds missing TLS 1.1

Next | Query returned 340 messages, browsing 61 to 70 | Previous