|
|
|
|
Changelog for libcurl4-32bit-8.0.1-1.1.x86_64.rpm :
* Tue Mar 21 2023 Pedro Monreal - Update to 8.0.1: * Bugfixes: - fix crash in curl_easy_cleanup * Mon Mar 20 2023 Pedro Monreal - Update to 8.0.0: * Security fixes: - TELNET option IAC injection [bsc#1209209, CVE-2023-27533] - SFTP path ~ resolving discrepancy [bsc#1209210, CVE-2023-27534] - FTP too eager connection reuse [bsc#1209211, CVE-2023-27535] - GSS delegation too eager connection re-use [bsc#1209212, CVE-2023-27536] - HSTS double-free [bsc#1209213, CVE-2023-27537] - SSH connection too eager reuse still [bsc#1209214, CVE-2023-27538] * Changes: - build: remove support for curl_off_t < 8 bytes * Bugfixes: - aws_sigv4: fall back to UNSIGNED-PAYLOAD for sign_as_s3 - BINDINGS: add Fortran binding - cf-socket: use port 80 when resolving name for local bind - cookie: don\'t load cookies again when flushing - curl_path: create the new path with dynbuf - CURLSHOPT_SHARE.3: HSTS sharing is not thread-safe - DYNBUF.md: note Curl_dyn_add * calls Curl_dyn_free on failure - ftp: active mode with SSL, add the filter - hostip: avoid sscanf and extra buffer copies - http2: fix for http2-prior-knowledge when reusing connections - http2: fix handling of RST and GOAWAY to recognize partial transfers - http: don\'t send 100-continue for short PUT requests - http: fix unix domain socket use in https connects - libssh: use dynbuf instead of realloc - ngtcp2-gnutls.yml: bump to gnutls 3.8.0 - sectransp: make read_cert() use a dynbuf when loading - telnet: only accept option arguments in ascii - telnet: parse telnet options without sscanf - url: fix the SSH connection reuse check - url: only reuse connections with same GSS delegation - urlapi: \'%\' is illegal in host names - ws: keep the socket non-blocking * Rebase libcurl-ocloexec.patch * Mon Feb 20 2023 Guillaume GARDET - Update to 7.88.1: * Bugfix release- Drop upstreamed patch: * curl-fix-uninitialized-value-in-tests.patch * Wed Feb 15 2023 Pedro Monreal - Update to 7.88.0: [bsc#1207990, CVE-2023-23914] [bsc#1207991, CVE-2023-23915] [bsc#1207992, CVE-2023-23916] * Security fixes: - CVE-2023-23914: HSTS ignored on multiple requests - CVE-2023-23915: HSTS amnesia with --parallel - CVE-2023-23916: HTTP multi-header compression denial of service * Changes: - curl.h: add CURL_HTTP_VERSION_3ONLY - share: add sharing of HSTS cache among handles - src: add --http3-only - tool_operate: share HSTS between handles - urlapi: add CURLU_PUNYCODE - writeout: add %{certs} and %{num_certs} * Bugfixes: - cf-socket: keep sockaddr local in the socket filters - cfilters:Curl_conn_get_select_socks: use the first non-connected filter - curl.h: allow up to 10M buffer size - curl.h: mark CURLSSLBACKEND_MESALINK as deprecated - curl/websockets.h: extend the websocket frame struct - curl: output warning at --verbose output for debug-enabled version - curl_free.3: fix return type of `curl_free` - curl_log: for failf/infof and debug logging implementations - dict: URL decode the entire path always - docs/DEPRECATE.md: deprecate gskit - easyoptions: fix header printing in generation script - haxproxy: send before TLS handhshake - hsts.d: explain hsts more - hsts: handle adding the same host name again - HTTP/[23]: continue upload when state.drain is set - http: decode transfer encoding first - http_aws_sigv4: remove typecasts from HMAC_SHA256 macro - http_proxy: do not assign data->req.p.http use local copy - lib: connect/h2/h3 refactor - libssh2: try sha2 algos for hostkey methods - md4: fix build with GnuTLS + OpenSSL v1 - ngtcp2: replace removed define and stop using removed function - noproxy: support for space-separated names is deprecated - nss: implement data_pending method - openldap: fix missing sasl symbols at build in specific configs - openssl: adapt to boringssl\'s error code type - openssl: don\'t ignore CA paths when using Windows CA store (redux) - openssl: don\'t log raw record headers - openssl: make the BIO_METHOD a local variable in the connection filter - openssl: only use CA_BLOB if verifying peer - openssl: remove attached easy handles from SSL instances - openssl: store the CA after first send (ClientHello) - setopt: use >, not >=, when checking if uarg is larger than uint-max - smb: return error on upload without size - socketpair: allow localhost MITM sniffers - strdup: name it Curl_strdup - tool_getparam: fix hiding of command line secrets - tool_operate: fix error codes on bad URL & OOM - tool_operate: repair --rate - transfer: break the read loop when RECV is cleared - typecheck: accept expressions for option/info parameters - urlapi: avoid Curl_dyn_addf() for hex outputs - urlapi: skip path checks if path is just \"/\" - urlapi: skip the extra dedotdot alloc if no dot in path - urldata: cease storing TLS auth type - urldata: make \'ftp_create_missing_dirs\' depend on FTP || SFTP - urldata: make set.http200aliases conditional on HTTP being present - urldata: move the cookefilelist to the \'set\' struct - urldata: remove unused struct fields, made more conditional - vquic: stabilization and improvements - vtls: fix hostname handling in filters - vtls: manage current easy handle in nested cfilter calls - vtls: use ALPN HTTP/1.0 when HTTP/1.0 is used * Rebase libcurl-ocloexec.patch * Fix regression tests: f1d09231adfc695d15995b9ef2c8c6e568c28091 - runtests: fix \"uninitialized value $port\" - Add curl-fix-uninitialized-value-in-tests.patch * Wed Dec 21 2022 David Anes - Update to 7.87.0: * Security fixes: - CVE-2022-43551, bsc#1206308: another HSTS bypass via IDN - CVE-2022-43552, bsc#1206309: HTTP Proxy deny use-after-free * Changes - curl: add --url-query - CURLOPT_QUICK_EXIT: don\'t wait for DNS thread on exit - lib: add CURL_WRITEFUNC_ERROR to signal write callback error - openssl: reduce CA certificate bundle reparsing by caching - version: add a feature names array to curl_version_info_data * Bugfixes - altsvc: fix rejection of negative port numbers - aws_sigv4: consult x-%s-content-sha256 for payload hash - aws_sigv4: fix typos in aws_sigv4.c - base64: better alloc size - base64: encode without using snprintf - base64: faster base64 decoding - build: assume assert.h is always available - build: assume errno.h is always available - c-hyper: CONNECT respones are not server responses - c-hyper: fix multi-request mechanism - CI: Change FreeBSD image from 12.3 to 12.4 - CI: LGTM.com will be shut down in December 2022 - ci: Remove zuul fuzzing job as it\'s superseded by CIFuzz - cmake: check for cross-compile, not for toolchain - CMake: fix build with `CURL_USE_GSSAPI` - cmake: really enable warnings with clang - cmake: set the soname on the shared library - cmdline-opts/gen.pl: fix the linkifier - cmdline-opts/page-footer: remove long option nroff formatting - config-mac: define HAVE_SYS_IOCTL_H - config-mac: fix typo: size_T -> size_t - config-mac: remove HAVE_SYS_SELECT_H - config-win32: fix SIZEOF_OFF_T for MSVC and old MinGW - configure: require fork for NTLM-WB - contributors.sh: actually use $CURLWWW instead of just setting it - cookie: compare cookie prefixes case insensitively - cookie: expire cookies at once when max-age is negative - cookie: open cookie jar as a binary file - curl-openssl.m4: do not add $prefix/include/openssl to CPPFLAGS - curl-rustls.m4: on macOS, rustls also needs the Security framework - curl.h: include on SerenityOS - curl.h: name all public function parameters - curl.h: reword comment to not use deprecated option - curl: override the numeric locale and set \"C\" by force - curl: timeout in the read callback - curl_endian: remove Curl_write64_le from header - curl_get_line: allow last line without newline char - curl_path: do not add \'/\' if homedir ends with one - curl_url_get.3: remove spurious backtick - curl_url_set.3: document CURLU_DISALLOW_USER - curl_url_set.3: fix typo - CURLMOPT_SOCKETFUNCTION.3: clarify CURL_POLL_REMOVE - CURLOPT_COOKIEFILE.3: advice => advise - CURLOPT_DEBUGFUNCTION.3: do not assume nul-termination in example - CURLOPT_DEBUGFUNCTION.3: emphasize that incoming data is \"raw\" - CURLOPT_POST.3: Explain setting to 0 changes request type - docs/curl_ws_send: Fixed typo in websocket docs - docs/EARLY-RELEASE.md: how to determine an early release - docs/examples: spell correction (\'Retrieve\') - docs/INSTALL.md: expand on static builds - docs/WEBSOCKET.md: explain the URL use - docs: add missing parameters for --retry flag - docs: add more \"SEE ALSO\" links to CA related pages - docs: explain the noproxy CIDR notation support - docs: extend the dump-header documentation - docs: remove performance note in CURLOPT_SSL_VERIFYPEER - examples/10-at-a-time: fix possible skipped final transfers - examples: update descriptions - ftp: support growing files with CURLOPT_IGNORE_CONTENT_LENGTH - gen.pl: do not generate CURLHELP bitmask lines > 79 characters - GHA: clarify workflows permissions, set least possible privilege - GHA: NSS use clang instead of clang-9 - gnutls: use common gnutls init and verify code for ngtcp2 - headers: add endif comments - HTTP-COOKIES.md: mention that http://localhost is a secure context - HTTP-COOKIES.md: update the 6265bis link to draft-11 - http: do not send PROXY more than once - http: fix the ::1 comparison for IPv6 localhost for cookies - http: set \'this_is_a_follow\' in the Location: logic - http: use the IDN decoded name in HSTS checks - hyper: classify headers as CONNECT and 1XX - hyper: fix handling of hyper_task\'s when reusing the same address - idn: remove Curl_win32_ascii_to_idn - INSTALL: update operating systems and CPU archs - KNOWN_BUGS: remove eight entries - lib1560: add some basic IDN host name tests - lib: connection filters (cfilter) addition to curl: - lib: feature deprecation warnings in gcc >= 4.3 - lib: fix some type mismatches and remove unneeded typecasts - lib: parse numbers with fixed known base 10 - lib: remove bad set.opt_no_body assignments - lib: rewind BEFORE request instead of AFTER previous - lib: sync guard for Curl_getaddrinfo_ex() definition and use - lib: use size_t or int etc instead of longs - libcurl-errors.3: remove duplicate word - libssh2: return error when ssh_hostkeyfunc returns error - limit-rate.d: see also --rate - log2changes.pl: wrap long lines at 80 columns - Makefile.mk: address minor issues - Makefile.mk: improve a GNU Make hack - Makefile.mk: portable Makefile.m32 - maketgz: set the right version in lib/libcurl.plist - mime: relax easy/mime structures binding - misc: Fix incorrect spelling - misc: remove duplicated include files - misc: typo and grammar fixes - negtelnetserver.py: have it call its close() method - netrc.d: provide mutext info - netware: remove leftover traces - noproxy: also match with adjacent comma - noproxy: guard against empty hostnames in noproxy check - noproxy: tailmatch like in 7.85.0 and earlier - nroff-scan.pl: detect double highlights - ntlm: improve comment for encrypt_des - ntlm: silence ubsan warning about copying from null target_info pointer - openssl/mbedtls: use %d for outputing port with failf (int) - openssl: prefix errors with \'[lib]/[version]: \' - os400: use platform socklen_t in Curl_getnameinfo_a - page-header: grammar improvement (display transfer rate) - proxy: refactor haproxy protocol handling as connection filter - README.md: remove badges and xmas-tree garnish - rtsp: fix RTSP auth - runtests: --no-debuginfod now disables DEBUGINFOD_URLS - runtests: do CRLF replacements per section only - scripts/checksrc.pl: detect duplicated include files - sendf: change Curl_read_plain to wrap Curl_recv_plain - sendf: remove unnecessary if condition - setup: do not require __MRC__ defined for Mac OS 9 builds - smb/telnet: do not free the protocol struct in *_done() - socks: fix username max size is 255 (0xFF) - spellcheck.words: remove \'github\' as an accepted word - ssl-reqd.d: clarify that this is for upgrading connections only - strcase: use curl_str(n)equal for case insensitive matches - styled-output.d: this option does not work on Windows - system.h: fix socklen_t, curl_off_t, long long for Classic Mac OS - system.h: support 64-bit curl_off_t for NonStop 32-bit - test1421: fix typo - test3026: reduce runtime in legacy mingw builds - tests/sshserver.pl: re-enable ssh-rsa while using openssh 8.8+ - tests: add authorityInfoAccess to generated certs - tests: add HTTP/3 test case, custom location for proper nghttpx - tls: backends use connection filters for IO, enabling HTTPS-proxy - tool: determine the correct fopen option for -D - tool_cfgable: free the ssl_ec_curves on exit - tool_cfgable: make socks5_gssapi_nec a boolean - tool_formparse: avoid clobbering on function params - tool_getparam: make --no-get work as the opposite of --get - tool_operate: provide better errmsg for -G with bad URL - tool_operate: when aborting, make sure there is a non-NULL error buffer - tool_paramhlp: free the proto strings on exit - url: move back the IDN conversion of proxy names - urlapi: reject more bad letters from the host name: &+() - urldata: change port num storage to int and unsigned short - vms: remove SIZEOF_SHORT - vtls: fix build without proxy support - vtls: localization of state data in filters - WEBSOCKET.md: fix broken link - Websocket: fixes for partial frames and buffer updates - websockets: fix handling of partial frames - windows: fail early with a missing windres in autotools - windows: fix linking .rc to shared curl with autotools - winidn: drop WANT_IDN_PROTOTYPES - ws: if no connection is around, return error - ws: return CURLE_NOT_BUILT_IN when websockets not built in - x509asn1: avoid freeing unallocated pointers * Wed Nov 16 2022 Luciano Santos - Add 1.50.0 as the minimum libnghttp2 build requirement version as a bandaid. Curl\'s 7.86.0 release introduces the use of nghttp2_option_set_no_rfc9113_leading_and_trailing_ws_validation, introduced by nghttp2 1.50.0 release, without introducing a check for the function/right version in their build scripts. This will make Zypper/cURL unusable in some corner cases where users installing something that requires libcurl4 before doing full system upgrade, thus updating the cURL stack, but not libnghttp2\'s. Background: boo#1204983, Factory mailing list threadd: \"? broken dependency in curl and/or *zyp * ?\", and forums thread: Curl-is-broken-after-an-update-which-subsequently-breaks-zypper. * Wed Oct 26 2022 Pedro Monreal - Update to 7.86.0: * Security fixes: - POST following PUT confusion [bsc#1204383, CVE-2022-32221] - .netrc parser out-of-bounds access [bsc#1204384, CVE-2022-35260] - HTTP proxy double-free [bsc#1204385, CVE-2022-42915] - HSTS bypass via IDN [bsc#1204386, CVE-2022-42916] * Changes: - NPN: remove support for and use of - Websockets: initial support * Bugfixes: - altsvc: reject bad port numbers - autotools: reduce brute-force when detecting recv/send arg list - aws_sigv4: fix header computation - cli tool: do not use disabled protocols - connect: change verbose IPv6 address:port to [address]:port - connect: fix builds without AF_INET6 - connect: fix Curl_updateconninfo for TRNSPRT_UNIX - connect: fix the wrong error message on connect failures - content_encoding: use writer struct subclasses for different encodings - cookie: reject cookie names or content with TAB characters - curl/add_file_name_to_url: use the libcurl URL parser - curl/get_url_file_name: use libcurl URL parser - curl: warn for --ssl use, considered insecure - docs/libcurl/symbols-in-versions: add several missing symbols - ftp: ignore a 550 response to MDTM - functypes: provide the recv and send arg and return types - getparameter: return PARAM_MANUAL_REQUESTED for -M even when disabled - header: define public API functions as extern c - headers: reset the requests counter at transfer start - hostip: guard PF_INET6 use - hostip: lazily wait to figure out if IPv6 works until needed - http, vauth: always provide Curl_allow_auth_to_host() functionality - http2: make nghttp2 less picky about field whitespace - http: try parsing Retry-After: as a number first - http_proxy: restore the protocol pointer on error - lib: add missing limits.h includes - lib: prepare the incoming of additional protocols - lib: sanitize conditional exclusion around MIME - libssh: if sftp_init fails, don\'t get the sftp error code - mprintf: reject two kinds of precision for the same argument - mqtt: return error for too long topic - netrc: compare user name case sensitively - netrc: replace fgets with Curl_get_line - netrc: use the URL-decoded user - ngtcp2: fix build errors due to changes in ngtcp2 library - noproxy: support proxies specified using cidr notation - openssl: make certinfo available for QUIC - resolve: make forced IPv4 resolve only use A queries - schannel: ban server ALPN change during recv renegotiation - schannel: don\'t reset recv/send function pointers on renegotiation - schannel: when importing PFX, disable key persistence - setopt: use the handler table for protocol name to number conversions - setopt: when POST is set, reset the \'upload\' field - single_transfer: use the libcurl URL parser when appending query parts - smb: replace CURL_WIN32 with WIN32 - tool: avoid generating ambiguous escaped characters in --libcurl - tool_main: exit at once if out of file descriptors - tool_operate: more transfer cleanup after parallel transfer fail - tool_operate: prevent over-queuing in parallel mode - tool_paramhelp: asserts verify maximum sizes for string loading - tool_xattr: save the original URL, not the final redirected one - url: a zero-length userinfo part in the URL is still a (blank) user - url: allow non-HTTPS HSTS-matching for debug builds - url: rename function due to name-clash in Watt-32 - url: use IDN decoded names for HSTS checks - urlapi: detect scheme better when not guessing - urlapi: fix parsing URL without slash with CURLU_URLENCODE - urlapi: reject more bad characters from the host name field * Remove patch upstream: - connect-fix-Curl_updateconninfo-for-TRNSPRT_UNIX.patch * Sat Oct 08 2022 Vasily Ulyanov - Update connection info when using UNIX socket as endpoint connect-fix-Curl_updateconninfo-for-TRNSPRT_UNIX.patch * Fri Sep 30 2022 Pedro Monreal - Change the deprecated configure option --enable-hidden-symbols to the new --enable-symbol-hiding. * Wed Aug 31 2022 Pedro Monreal - Update to 7.85.0: * Security fixes: [bsc#1202593, CVE-2022-35252] - control code in cookie denial of service * Changes: - quic: add support via wolfSSL - schannel: Add TLS 1.3 support - setopt: add CURLOPT_PROTOCOLS_STR and CURLOPT_REDIR_PROTOCOLS_STR * Bugfixes: - asyn-thread: fix socket leak on OOM - asyn-thread: make getaddrinfo_complete return CURLcode - base64: base64url encoding has no padding - configure: fix broken m4 syntax in TLS options - configure: if asked to use TLS, fail if no TLS lib was detected - connect: add quic connection information - connect: set socktype/protocol correctly - cookie: reject cookies with \"control bytes\" - cookie: treat a blank domain in Set-Cookie: as non-existing - curl: output warning when a cookie is dropped due to size - Curl_close: call Curl_resolver_cancel to avoid memory-leak - digest: fix memory leak, fix not quoted \'opaque\' - digest: fix missing increment of \'nc\' value for auth-int - digest: pass over leading spaces in qop values - digest: reject broken header with session protocol but without qop - doh: use https protocol by default - easy_lock.h: include sched.h if available to fix build - easy_lock.h: use __asm__ instead of asm to fix build - easy_lock: switch to using atomic_int instead of bool - ftp: use a correct expire ID for timer expiry - h2h3: fix overriding the \'TE: Trailers\' header - hostip: resolve *.localhost to 127.0.0.1/::1 - HTTP3.md: update to msh3 v0.4.0 - hyper: use wakers for curl pause/resume - lib3026: reduce the number of threads to 100 - libssh2: make atime/mtime date overflow return error - libssh2: provide symlink name in SFTP dir listing - multi: have curl_multi_remove_handle close CONNECT_ONLY transfer - multi: use larger dns hash table for multi interface - multi_wait: fix skipping to populate revents for extra_fds - netrc: Use the password from lines without login - ngtcp2: Fix build error due to change in nghttp3 prototypes - ngtcp2: fix stall or busy loop on STOP_SENDING with upload data - ngtcp2: implement cb_h3_stop_sending and cb_h3_reset_stream callbacks - openssl: add \'CURL_BORINGSSL_VERSION\' to identify BoringSSL - openssl: add cert path in error message - openssl: add details to \"unable to set client certificate\" error - openssl: fix BoringSSL symbol conflicts with LDAP and Schannel - select: do not return fatal error on EINTR from poll() - sendf: fix paused header writes since after the header API - sendf: skip storing HTTP headers if HTTP disabled - url: really use the user provided in the url when netrc entry exists - url: reject URLs with hostnames longer than 65535 bytes - url: treat missing usernames in netrc as empty - urldata: reduce size of several struct fields - vtls: make Curl_ssl_backend() return the enum type curl_sslbackend * Remove tests-for-32bit.patch fixed in the update * Rebase libcurl-ocloexec.patch * Sun Jul 24 2022 Dirk Müller - add tests-for-32bit.patch to fix testsuite on 32bit platforms * Mon Jun 27 2022 David Anes - Update to 7.84.0: * Security fixes: - (bsc#1200737, CVE-2022-32208): FTP-KRB bad message verification - (bsc#1200736, CVE-2022-32207): Unpreserved file permissions - (bsc#1200735, CVE-2022-32206): HTTP compression denial of service - (bsc#1200734, CVE-2022-32205): Set-Cookie denial of service * Changes: - curl: add --rate to set max request rate per time unit - curl: deprecate --random-file and --egd-file - curl_version_info: add CURL_VERSION_THREADSAFE - CURLINFO_CAPATH/CAINFO: get the default CA paths from libcurl - lib: make curl_global_init() threadsafe when possible - libssh2: add CURLOPT_SSH_HOSTKEYFUNCTION - opts: deprecate RANDOM_FILE and EGDSOCKET - socks: support unix sockets for socks proxy * Bugfixes: - aws-sigv4: fix potentional NULL pointer arithmetic - bindlocal: don\'t use a random port if port number would wrap - c-hyper: mark status line as status for Curl_client_write() - ci: avoid `cmake -Hpath` - CI: bump FreeBSD 13.0 to 13.1 - ci: update github actions - cmake: add libpsl support - cmake: do not add libcurl.rc to the static libcurl library - cmake: enable curl.rc for all Windows targets - cmake: fix detecting libidn2 - cmake: support adding a suffix to the OS value - configure: skip libidn2 detection when winidn is used - configure: use the SED value to invoke sed - configure: warn about rustls being experimental - content_encoding: return error on too many compression steps - cookie: address secure domain overlay - cookie: apply limits - copyright.pl: parse and use .reuse/dep5 for skips - copyright: make repository REUSE compliant - curl.1: add a few see also --tls-max - curl.1: mention exit code zero too - curl: re-enable --no-remote-name - curl_easy_pause.3: remove explanation of progress function - curl_getdate.3: document that some illegal dates pass through - Curl_parsenetrc: don\'t access local pwbuf outside of scope - curl_url_set.3: clarify by default using known schemes only - CURLOPT_ALTSVC.3: document the file format - CURLOPT_FILETIME.3: fix the protocols this works with - CURLOPT_HTTPHEADER.3: improve comment in example - CURLOPT_NETRC.3: document the .netrc file format - CURLOPT_PORT.3: We discourage using this option - CURLOPT_RANGE.3: remove ranged upload advice - digest: added detection of more syntax error in server headers - digest: tolerate missing \"realm\" - digest: unquote realm and nonce before processing - DISABLED: disable 1021 for hyper again - docs/cmdline-opts: add copyright and license identifier to each file - docs/CONTRIBUTE.md: document the \'needs-votes\' concept - docs: clarify data replacement policy for MIME API - doh: remove UNITTEST macro definition - examples/crawler.c: use the curl license - examples: remove fopen.c and rtsp.c - FAQ: Clarify Windows double quote usage - fopen: add Curl_fopen() for better overwriting of files - ftp: restore protocol state after http proxy CONNECT - ftp: when failing to do a secure GSSAPI login, fail hard - GHA/hyper: enable debug in the build - gssapi: improve handling of errors from gss_display_status - gssapi: initialize gss_buffer_desc strings - headers api: remove EXPERIMENTAL tag - http2: always debug print stream id in decimal with %u - http2: reject overly many push-promise headers - http: restore header folding behavior - hyper: use \'alt-used\' - krb5: return error properly on decode errors - lib: make more protocol specific struct fields #ifdefed - libcurl-security.3: add \"Secrets in memory\" - libcurl-security.3: document CRLF header injection - libssh: skip the fake-close when libssh does the right thing - links: update dead links to the curl-wiki - log2changes: do not indent empty lines [ci skip] - macos9: remove partial support - Makefile.am: fix portability issues - Makefile.m32: delete obsolete options, improve -On [ci skip] - Makefile.m32: delete two obsolete OpenSSL options [ci skip] - Makefile.m32: stop forcing XP target with ipv6 enabled [ci skip] - max-time.d: clarify max-time sets max transfer time - mprintf: ignore clang non-literal format string - netrc: check %USERPROFILE% as well on Windows - netrc: support quoted strings - ngtcp2: allow curl to send larger UDP datagrams - ngtcp2: correct use of ngtcp2 and nghttp3 signed integer types - ngtcp2: enable Linux GSO - ngtcp2: extend QUIC transport parameters buffer - ngtcp2: fix alert_read_func return value - ngtcp2: fix typo in preprocessor condition - ngtcp2: handle error from ngtcp2_conn_submit_crypto_data - ngtcp2: send appropriate connection close error code - ngtcp2: support boringssl crypto backend - ngtcp2: use helper funcs to simplify TLS handshake integration - ntlm: provide a fixed fake host name - projects: fix third-party SSL library build paths for Visual Studio - quic: add Curl_quic_idle - quiche: support ca-fallback - rand: stop detecting /dev/urandom in cross-builds - remote-name.d: mention --output-dir - runtests.pl: add the --repeat parameter to the --help output - runtests: fix skipping tests not done event-based - runtests: skip starting the ssh server if user name is lacking - scripts/copyright.pl: fix the exclusion to not ignore man pages - sectransp: check for a function defined when __BLOCKS__ is undefined - select: return error from \"lethal\" poll/select errors - server/sws: support spaces in the HTTP request path - speed-limit/time.d: mention these affect transfers in either direction - strcase: some optimisations - test 2081: add a valid reply for the second request - test 675: add missing CR so the test passes when run through Privoxy - test414: add the \'--resolve\' keyword - test681: verify --no-remote-name - tests 266, 116 and 1540: add a small write delay - tests/data/test1501: kill ftp server after slow LIST response - tests/getpart: fix getpartattr to work with \"data\" and \"data2\" - tests/server/sws.c: change the HTTP writedelay unit to milliseconds - test{440,441,493,977}: add \"HTTP proxy\" keywords - tool_getparam: fix --parallel-max maximum value constraint - tool_operate: make sure --fail-with-body works with --retry - transfer: fix potential NULL pointer dereference - transfer: maintain --path-as-is after redirects - transfer: upload performance; avoid tiny send - url: free old conn better on reuse - url: remove redundant #ifdefs in allocate_conn() - url: URL encode the path when extracted, if spaces were set - urlapi: make curl_url_set(url, CURLUPART_URL, NULL, 0) clear all parts - urlapi: support CURLU_URLENCODE for curl_url_get() - urldata: reduce size of a few struct fields - urldata: remove three unused booleans from struct UserDefined - urldata: store tcp_keepidle and tcp_keepintvl as ints - version: allow stricmp() for sorting the feature list - vtls: make curl_global_sslset thread-safe - wolfssh.h: removed - wolfssl: correct the failf() message when a handle can\'t be made - wolfSSL: explicitly use compatibility layer - x509asn1: mark msnprintf return as unchecked * Wed May 11 2022 David Anes - Update to 7.83.1: * Security fixes: - (bsc#1199225, CVE-2022-30115) HSTS bypass via trailing dot - (bsc#1199224, CVE-2022-27782) TLS and SSH connection too eager reuse - (bsc#1199223, CVE-2022-27781) CERTINFO never-ending busy-loop - (bsc#1199222, CVE-2022-27780) percent-encoded path separator in URL host - (bsc#1199221, CVE-2022-27779) cookie for trailing dot TLD - (bsc#1199220, CVE-2022-27778) removes wrong file on error * Bugfixes: - altsvc: fix host name matching for trailing dots - cirrus: Update to FreeBSD 12.3 - cirrus: Use pip for Python packages on FreeBSD - conn: fix typo \'connnection\' -> \'connection\' in two function names - cookies: make bad_domain() not consider a trailing dot fine - curl: free resource in error path - curl: guard against size_t wraparound in no-clobber code - CURLOPT_DOH_URL.3: mention the known bug - CURLOPT_HSTS *FUNCTION.3: document the involved structs as well - CURLOPT_SSH_AUTH_TYPES.3: fix the default - data/test376: set a proper name - GHA/mbedtls: enabled nghttp2 in the build - gha: build msh3 - gskit: fixed bogus setsockopt calls - gskit: remove unused function set_callback - hsts: ignore trailing dots when comparing hosts names - HTTP-COOKIES: add missing CURLOPT_COOKIESESSION - http: move Curl_allow_auth_to_host() - http_proxy/hyper: handle closed connections - hyper: fix test 357 - Makefile: fix \"make ca-firefox\" - mbedtls: bail out if rng init fails - mbedtls: fix compile when h2-enabled - mbedtls: fix some error messages - misc: use \"autoreconf -fi\" instead buildconf - msh3: get msh3 version from MsH3Version - msh3: print boolean value as text representation - msh3: psss remote_port to MsH3ConnectionOpen - ngtcp2: add ca-fallback support for OpenSSL backend - nss: return error if seemingly stuck in a cert loop - openssl: define HAVE_SSL_CTX_SET_EC_CURVES for libressl - post_per_transfer: remove the updated file name - sectransp: bail out if SSLSetPeerDomainName fails - tests/server: declare variable \'reqlogfile\' static - tests: fix markdown formatting in README - test{898,974,976}: add \'HTTP proxy\' keywords - tls: check more TLS details for connection reuse - url: check SSH config match on connection reuse - urlapi: address (harmless) UndefinedBehavior sanitizer warning - urlapi: reject percent-decoding host name into separator bytes - x509asn1: make do_pubkey handle EC public keys * Fri Apr 22 2022 David Anes - Patches rework: * Refreshed all patches as -p1. * Use autopatch macro. * Renamed: - dont-mess-with-rpmoptflags.diff -> dont-mess-with-rpmoptflags.patch * Removed (already upstream): - curl-fix-verifyhost.patch- Update to 7.83.0: * Security fixes: - (bsc#1198766, CVE-2022-27776) Auth/cookie leak on redirect - (bsc#1198723, CVE-2022-27775) Bad local IPv6 connection reuse - (bsc#1198608, CVE-2022-27774) Credential leak on redirect - (bsc#1198614, CVE-2022-22576) OAUTH2 bearer bypass in connection re-use * Changes: - curl: add %header{name} experimental support in -w handling - curl: add %{header_json} experimental support in -w handling - curl: add --no-clobber - curl: add --remove-on-error - header api: add curl_easy_header and curl_easy_nextheader - msh3: add support for QUIC and HTTP/3 using msh3 * Bugfixes: - appveyor: add Cygwin build - appveyor: only add MSYS2 to PATH where required - BearSSL: add CURLOPT_SSL_CIPHER_LIST support - BearSSL: add CURLOPT_SSL_CTX_FUNCTION support - BINDINGS.md: add Hollywood binding - CI: Do not use buildconf. Instead, just use: autoreconf -fi - CI: install Python package impacket to run SMB test 1451 - configure.ac: move -pthread CFLAGS setting back where it used to be - configure: bump the copyright year range int the generated output - conncache: include the zone id in the \"bundle\" hashkey - connecache: remove duplicate connc->closure_handle check - connect: make Curl_getconnectinfo work with conn cache from share handle - connect: use TCP_KEEPALIVE only if TCP_KEEPIDLE is not defined - cookie.d: clarify when cookies are sent - cookies: improve errorhandling for reading cookiefile - curl/system.h: update ifdef condition for MCST-LCC compiler - curl: error out if -T and -d are used for the same URL - curl: error out when options need features not present in libcurl - curl: escape \'?\' in generated --libcurl code - curl: fix segmentation fault for empty output file names. - curl_easy_header: fix typos in documentation - CURLINFO_PRIMARY_PORT.3: clarify which port this is - CURLOPT *TLSAUTH.3: they only work with OpenSSL or GnuTLS - CURLOPT_DISALLOW_USERNAME_IN_URL.3: use uppercase URL - CURLOPT_PREQUOTE.3: only works for FTP file transfers, not dirs - CURLOPT_PROGRESSFUNCTION.3: fix typo in example - CURLOPT_UNRESTRICTED_AUTH.3: extended explanation - CURLSHOPT_UNLOCKFUNC.3: fix the callback prototype - docs/HYPER.md: updated to reflect current hyper build needs - docs/opts: Mention Schannel client cert type is P12 - docs: Fix missing semicolon in example code - docs: lots of minor language polish - English: use American spelling consistently - fail.d: tweak the description - firefox-db2pem.sh: make the shell script safer - ftp: fix error message for partial file upload - gen.pl: change wording for mutexed options - GHA: add openssl3 jobs moved over from zuul - GHA: build hyper with nightly rustc - GHA: move bearssl jobs over from zuul - gha: move the event-based test over from Zuul - gtls: fix build for disabled TLS-SRP - http2: handle DONE called for the paused stream - http2: RST the stream if we stop it on our own will - http: avoid auth/cookie on redirects same host diff port - http: close the stream (not connection) on time condition abort - http: reject header contents with nul bytes - http: return error on colon-less HTTP headers - http: streamclose \"already downloaded\" - hyper: fix status_line() return code - hyper: fix tests 580 and 581 for hyper - hyper: no h2c support - infof: consistent capitalization of warning messages - ipv4/6.d: clarify that they are about using IP addresses - json.d: fix typo (overriden -> overridden) - keepalive-time.d: It takes many probes to detect brokenness - lib/warnless.[ch]: only check for WIN32 and ignore _WIN32 - lib670: avoid double check result - lib: #ifdef on USE_HTTP2 better - lib: fix some misuse of curlx_convert_wchar_to_UTF8 - lib: remove exclamation marks - libssh2: compare sha256 strings case sensitively - libssh2: make the md5 comparison fail if wrong length - libssh: fix build with old libssh versions - libssh: fix double close - libssh: Improve fix for missing SSH_S_ stat macros - libssh: unstick SFTP transfers when done event-based - macos: set .plist version in autoconf - mbedtls: remove \'protocols\' array from backend when ALPN is not used - mbedtls: remove server_fd from backend - mk-ca-bundle.pl: Use stricter logic to process the certificates - mk-ca-bundle.vbs: delete this script in favor of mk-ca-bundle.pl - mlc_config.json: add file to ignore known troublesome URLs - mqtt: better handling of TCP disconnect mid-message - ngtcp2: add client certificate authentication for OpenSSL - ngtcp2: avoid busy loop in low CWND situation - ngtcp2: deal with sub-millisecond timeout - ngtcp2: disconnect the QUIC connection proper - ngtcp2: enlarge H3_SEND_SIZE - ngtcp2: fix HTTP/3 upload stall and avoid busy loop - ngtcp2: fix memory leak - ngtcp2: fix QUIC_IDLE_TIMEOUT - ngtcp2: make curl 1ms faster - ngtcp2: remove remote_addr which is not used in a meaningful way - ngtcp2: update to work after recent ngtcp2 updates - ngtcp2: use token when detecting :status header field - nonblock: restore setsockopt method to curlx_nonblock - openssl: check SSL_get_peer_cert_chain return value - openssl: enable CURLOPT_SSL_EC_CURVES with BoringSSL - openssl: fix CN check error code - options: remove mistaken space before paren in prototype - perl: removed a double semicolon at end of line - pop3/smtp: return *WEIRD_SERVER_REPLY when not understood - projects/README: converted to markdown - projects: Update VC version names for VS2017, VS2022 - rtsp: don\'t let CSeq error override earlier errors - runtests: add \'bearssl\' as testable feature - runtests: make \'oldlibssh\' be before 0.9.4 - schannel: remove dead code that will never run - scripts/copyright.pl: ignore the new mlc_config.json file - scripts: move three scripts from lib/ to scripts/ - test1135: sync with recent API updates - test1459: disable for oldlibssh - test375: fix line endings on Windows - test386: Fix an incorrect test markup tag - test718: edited slightly to return better HTTP - tests/server/util.h: align WIN32 condition with util.c - tests: refactor server/socksd.c to support --unix-socket - timediff.[ch]: add curlx helper functions for timeval conversions - tls: make mbedtls and NSS check for h2, not nghttp2 - tool and tests: force flush of all buffers at end of program - tool_cb_hdr: Turn the Location: into a terminal hyperlink - tool_getparam: error out on missing -K file - tool_listhelp.c: uppercase URL - tool_operate: fix a scan-build warning - tool_paramhlp: use feof(3) to identify EOF correctly when using fread(3) - transfer: redirects to other protocols or ports clear auth - unit1620: call global_init before calling Curl_open - url: check sasl additional parameters for connection reuse. - vtls: provide a unified APLN-disagree string for all backends - vtls: use a backend standard message for \"ALPN: offers %s\" - vtls: use a generic \"ALPN, server accepted\" message - winbuild/README.md: fixup dead link - winbuild: Add a Visual Studio example to the README - wolfssl: fix compiler error without IPv6 * Fri Mar 11 2022 Pedro Monreal - Fix: openssl: fix CN check error code * Add curl-fix-verifyhost.patch * Mon Mar 07 2022 Paolo Stivanin - Update to 7.82.0: * curl: add --json command line option * curl: make it so that sensitive command line arguments do not show as easily in the output of ps(1) * curl_multi_socket.3: remove callback and typical usage descriptions * ftp: provide error message for control bytes in path * ldap: return CURLE_URL_MALFORMAT for bad URL * lib: remove support for CURL_DOES_CONVERSIONS * mqtt: plug some memory leaks * multi: allow user callbacks to call curl_multi_assign * multi: remember connection_id before returning connection to pool * multi: set in_callback for multi interface callbacks * netware: remove support * ngtcp2: adapt to changed end of headers callback proto * openldap: implement SASL authentication * openssl: return error if TLS 1.3 is requested when not supported * sectransp: mark a 3DES cipher as weak * smb: pass socket for writing and reading data instead of FIRSTSOCKET * tool_getparam: DNS options that need c-ares now fail without it * TPF: drop support * url: given a user in the URL, find pwd for that user in netrc * url: keep trailing dot in host name * urlapi: handle \"redirects\" smarter * urldata: CONN_IS_PROXIED replaces bits.proxy when proxy can be disabled * urldata: remove conn->bits.user_passwd * Sun Jan 09 2022 Dirk Müller - update to 7.81.0: * mime: use percent-escaping for multipart form field and file names * asyn-ares: ares_getaddrinfo needs no happy eyeballs timer * azure: make the \"w/o HTTP/SMTP/IMAP\" build disable SSL proper * BINDINGS: add cURL client for PostgreSQL * BINDINGS: add one from Everything curl and update a link * checksrc: detect more kinds of NULL comparisons we avoid * CI: build examples for additional code verification * CI: bump job to use mbedtls 3.1.0 * cmake: don\'t set _USRDLL on a static Windows build * cmake: prevent dev warning due to mismatched arg * cmake: private identifiers use CURL_ instead of CMAKE_ prefix * config.d: update documentation to match the path search * configure: add -lm to configure for rustls build. * configure: better diagnostics if hyper is built wrong * configure: don\'t enable TLS when --without- * flags are used * configure: fix runtime-lib detection on macOS * curl.1: require \"see also\" for every documented option * curl: improve error message for --head with -J * curl_easy_cleanup.3: remove from multi handle first * curl_easy_escape.3: call curl_easy_cleanup in example * curl_easy_unescape.3: call curl_easy_cleanup in example * curl_multi_init.3: fix EXAMPLE formatting * curl_multi_perform/socket_action.3: clarify what errors mean * curl_share_setopt.3: split out options into their own manpages * CURLOPT_STDERR.3: does not work with libcurl as a win32 DLL * digest: compute user:realm:pass digest w/o userhash * docs/checksrc: Add documentation for STRERROR * docs/cmdline-opts: do not say \"protocols: all\" * docs/examples: workaround broken -Wno-pedantic-ms-format * docs/HTTP3: describe how to setup a h3 reverse-proxy for testing * docs/INSTALL.md: typo fix : added missing \"get\" verb * docs/URL-SYNTAX.md: space is not fine in a given URL * docs: add known bugs list to HTTP3.md * docs: address proselint nits * docs: consistent manpage SYNOPSIS * docs: fix dead links, remove ECH.md * docs: fix typo in OpenSSL 3 build instructions * docs: Update the Reducing Size section * example/progressfunc: remove code for old libcurls * examples/multi-single.c: remove WAITMS() * FAQ: typo fix : \"yout\" ➤ \"your\" * ftp: disable warning 4706 in MSVC * gen.pl: improve example output format * github workflow: add wolfssl (removed from zuul) * github/workflows: add mbedtls and mbedtls-clang (removed from zuul) * gtls: check return code for gnutls_alpn_set_protocols * hash: lazy-alloc the table in Curl_hash_add() * http2:set_transfer_url() return early on OOM * HTTP3: update quiche build instructions * http: enable haproxy support for hyper backend * http: Fix CURLOPT_HTTP200ALIASES * http_proxy: don\'t close the socket (too early) * insecure.d: detail its use for SFTP and SCP as well * insecure.d: expand and clarify * libcurl-multi.3: \"SOCKS proxy handshakes\" are not blocking * libcurl-security.3: mention address and URL mitigations * libssh2: fix error message for sha256 mismatch * libtest: avoid \"assignment within conditional expression\" * lift: ignore is a deprecated config option, use ignoreRules * linkcheck.yml: add CI job that checks markdown links * m4/curl-compilers: tell clang -Wno-pointer-bool-conversion * Makefile.m32: rename -winssl option to -schannel and tidy up * mbedTLS: add support for CURLOPT_CAINFO_BLOB * mbedtls: fix CURLOPT_SSLCERT_BLOB * mbedtls: fix private member designations for v3.1.0 * misc: remove unused doh flags when CURL_DISABLE_DOH is defined * misc: s/e-mail/email * multi: cleanup the socket hash when destroying it * multi: handle errors returned from socket/timer callbacks * multi: shut down CONNECT in Curl_detach_connnection * netrc.d: edit the .netrc example to look nicer * ngtcp2: verify the server cert on connect (quictls) * ngtcp2: verify the server certificate for the gnutls case * nss:set_cipher don\'t clobber the cipher list * openldap: implement STARTTLS * openldap: process search query response messages one by one * openldap: several minor improvements * openldap: simplify ldif generation code * openssl: check the return value of BIO_new() * openssl: define HAVE_OPENSSL_VERSION for OpenSSL 1.1.0+ * openssl: remove `RSA_METHOD_FLAG_NO_CHECK` handling if unavailable * openssl: remove usage of deprecated `SSL_get_peer_certificate` * openssl: use non-deprecated API to read key parameters * page-footer: add a mention of how to report bugs to the man page * page-footer: document more environment variables * request.d: refer to \'method\' rather than \'command\' * retry-all-errors.d: make the example complete * runtests: make the SSH library a testable feature * rustls: read of zero bytes might be okay * rustls: remove comment about checking handshaking * rustls: remove incorrect EOF check * sha256/md5: return errors when init fails * socks5: use appropriate ATYP for numerical IP address host names * test1156: enable for hyper * test1156: fixup the stdout check for Windows * test1525: tweaked for hyper * test1526: enable for hyper * test1527: enable for hyper * test1528: enable for hyper * test1554: adjust for hyper * test1556: adjust for hyper * test302[12]: run only with the libssh2 backend * test661: enable for hyper * tests/CI.md: add more information on CI environments * tests/data/test302[12]: fix MSYS2 path conversion of hostpubsha256 * tftp: mark protocol as not possible to do over CONNECT * tool_findfile: updated search for a file in the homedir * tool_operate: only set SSH related libcurl options for SSH URLs * tool_operate: warn if too many output arguments were found * url.c: fix the SIGPIPE comment for Curl_close * url: check ssl_config when re-use proxy connection * url: reduce ssl backend count for CURL_DISABLE_PROXY builds * urlapi: accept port number zero * urlapi: if possible, shorten given numerical IPv6 addresses * urlapi: provide more detailed return codes * urlapi: reject short file URLs * version_win32: Check build number and platform id * vtls/rustls: adapt to the updated rustls_version proto * writeout: fix %{http_version} for HTTP/3 * x509asn1: return early on errors * zuul.d: update rustls-ffi to version 0.8.2 * zuul: fix quiche build pointing to wrong Cargo * Tue Nov 16 2021 Pedro Monreal - Update to 7.80.0: * Changes: - CURLOPT_MAXLIFETIME_CONN: maximum allowed lifetime for conn reuse - CURLOPT_PREREQFUNCTION: add new callback - libssh2: add SHA256 fingerprint support - urlapi: add curl_url_strerror() * Bugfixes: - aws-sigv4: make signature work when post data is binary - c-hyper: don\'t abort CONNECT responses early when auth-in-progress - c-hyper: make CURLOPT_SUPPRESS_CONNECT_HEADERS work - cmake: add CURL_ENABLE_SSL option - cmake: with OpenSSL, define OPENSSL_SUPPRESS_DEPRECATED - configure.ac: replace krb5-config with pkg-config - configure: when hyper is selected, deselect nghttp2 - curl-confopts.m4: remove --enable/disable-hidden-symbols - curl-openssl.m4: modify library order for openssl linking - curl_ntlm_core: use OpenSSL only if DES is available - Curl_updateconninfo: store addresses for QUIC connections too - ftp: make the MKD retry to retry once per directory - http: fix Basic auth with empty name field in URL - http: reject HTTP response codes < 100 - http: remove assert that breaks hyper - http: set content length earlier - imap: display quota information - libssh2: Get the version at runtime if possible - md5: fix compilation with OpenSSL 3.0 API - ngtcp2: advertise h3 as well as h3-29 - ngtcp2: compile with the latest nghttp3 - ngtcp2: use latest QUIC TLS RFC9001 - NTLM: use DES_set_key_unchecked with OpenSSL - openssl: if verifypeer is not requested, skip the CA loading - openssl: with OpenSSL 1.1.0+ a failed RAND_status means goaway - schannel: fix memory leak due to failed SSL connection - sendf: accept zero-length data in Curl_client_write() - sha256: use high-level EVP interface for OpenSSL - sws: fix memory leak on exit - tool_operate: a failed etag save now only fails that transfer - url: check the return value of curl_url() - url: set \"k->size\" -1 at start of request - urlapi: skip a strlen(), pass in zero - urlapi: URL decode percent-encoded host names - vtls: Fix a memory leak if an SSL session cannot be added to the cache - wolfssl: use for SHA256, MD4, MD5, and setting DES odd parity * Use --with-openssl configure option, --with-ssl is now deprecated * Wed Sep 22 2021 Pedro Monreal - Update to 7.79.1: * Bugfixes: - Curl_http2_setup: don\'t change connection data on repeat invokes - curl_multi_fdset: make FD_SET() not operate on sockets out of range - dist: provide lib/.checksrc in the tarball - FAQ: add GOPHERS + curl works on data, not files - hsts: CURLSTS_FAIL from hsts read callback should fail transfer - hsts: handle unlimited expiry - http: fix the broken >3 digit response code detection - strerror: use sys_errlist instead of strerror on Windows - test1184: disable: https://github.com/curl/curl/issues/7725 - tests/sshserver.pl: make it work with openssh-8.7p1 * Wed Sep 15 2021 Pedro Monreal - Temporarily disable flaky test 1184 * See https://github.com/curl/curl/issues/7725 * Wed Sep 15 2021 Pedro Monreal - Update to 7.79.0: [bsc#1190213, CVE-2021-22945] [bsc#1190373, CVE-2021-22946] [bsc#1190374, CVE-2021-22947] * Changes: - bearssl: support CURLOPT_CAINFO_BLOB - http: consider cookies over localhost to be secure - secure transport: support CURLINFO_CERTINFO * Bugfixes: - CVE-2021-22945: clear the leftovers pointer when sending succeeds - CVE-2021-22946: do not ignore --ssl-reqd - CVE-2021-22947: reject STARTTLS server response pipelining - auth: do not append zero-terminator to authorisation id in kerberos - auth: properly handle byte order in kerberos security message - auth: use sasl authzid option in kerberos - auth: we do not support a security layer after kerberos authentication - c-hyper: deal with Expect: 100-continue combined with POSTFIELDS - c-hyper: handle HTTP/1.1 => HTTP/1.0 downgrade on reused connection - c-hyper: initial step for 100-continue support - c-hyper: initial support for \"dumping\" 1xx HTTP responses - curl-openssl.m4: show correct output for OpenSSL v3 - docs/MQTT: update state of username/password support - docs: the security list is reached at security at curl.se now - getparameter: fix the --local-port number parser - hostip: Make Curl_ipv6works function independent of getaddrinfo - http_proxy: fix the User-Agent inclusion in CONNECT - http_proxy: fix user-agent and custom headers for CONNECT with hyper - http_proxy: only wait for writable socket while sending request - mailing lists: move from cool.haxx.se to lists.haxx.se - mbedtls: avoid using a large buffer on the stack - mbedTLS: initial 3.0.0 support - ngtcp2: remove the acked_crypto_offset struct field init - ngtcp2: replace deprecated functions with nghttp3_conn_shutdown_stream_read - ngtcp2: reset the oustanding send buffer again when drained - ngtcp2: rework the return value handling of ngtcp2_conn_writev_stream - ngtcp2: stop buffering crypto data - ngtcp2: utilize crypto API functions to simplify - openssl: when creating a new context, there cannot be an old one - scripts: invoke interpreters through /usr/bin/env - tests/runtests.pl: cleanup copy&paste mistakes and unused code - tests: be explicit about using \'python3\' instead of \'python\' - tool/tests: fix potential year 2038 issues - tool_operate: Fix --fail-early with parallel transfers - x509asn1: fix heap over-read when parsing x509 certificates * Rebase libcurl-ocloexec.patch * Wed Jul 21 2021 Pedro Monreal - Update to 7.78.0: [bsc#1188217, CVE-2021-22922][bsc#1188218, CVE-2021-22923] [bsc#1188219, CVE-2021-22924][bsc#1188220, CVE-2021-22925] * Changes: - curl_url_set: reject spaces in URLs w/o CURLU_ALLOW_SPACE - CURLE_SETOPT_OPTION_SYNTAX: new error name for wrong setopt syntax - hostip: make \'localhost\' return fixed values - mbedtls: add support for cert and key blob options - metalink: remove all support for it - mqtt: add support for username and password * Bugfixes: - ares: always store IPv6 addresses first - c-hyper: abort CONNECT response reading early on non 2xx responses - c-hyper: add support for transfer-encoding in the request - c-hyper: bail on too long response headers - c-hyper: clear NTLM auth buffer when request is issued - c-hyper: fix NTLM on closed connection tested with test159 - conncache: lowercase the hash key for better match - curl_multibyte: Remove local encoding fallbacks - Curl_ntlm_core_mk_nt_hash: fix OOM in error path - Curl_ssl_getsessionid: fail if no session cache exists - easy: during upkeep, attach Curl_easy to connections in the cache - gnutls: set the preferred TLS versions in correct order - hsts: ignore numberical IP address hosts - HSTS: not experimental anymore - http2: init recvbuf struct for pushed streams - http: fix crash in rate-limited upload - http: make the haproxy support work with unix domain sockets - http_proxy: deal with non-200 CONNECT response with Hyper - lib: don\'t compare fd to FD_SETSIZE when using poll - lib: fix compiler warnings with CURL_DISABLE_NETRC - lib: fix type of len passed to *printf\'s % *s - lib: more %u for port and int for % *s fixes - lib: use %u instead of %ld for port number printf - libssh2: limit time a disconnect can take to 1 second - mqtt: detect illegal and too large file size - msnprintf: return number of printed characters excluding null byte - multi: add scan-build-6 work-around in curl_multi_fdset - multi: alter transfer timeout ordering - multi: do not switch off connect_only flag when closing - multi: fix crash in curl_multi_wait / curl_multi_poll - ngtcp2: disable TLSv1.3 compatible mode when using GnuTLS - openssl: avoid static variable for seed flag - openssl: don\'t remove session id entry in disassociate - socketpair: fix potential hangs - socks4: scan for the IPv4 address in resolve results - ssl: read pending close notify alert before closing the connection - telnet: fix option parser to not send uninitialized contents - TLS: prevent shutdown loops to get stuck - vtls: exit addsessionid if no cache is inited - vtls: fix connection reuse checks for issuer cert and case sensitivity * Wed May 26 2021 Pedro Monreal - Update to 7.77.0: [bsc#1186114, CVE-2021-22898] [bsc#1186115, bsc#1185579, CVE-2021-22901] * Security fixes: - CVE-2021-22297: schannel cipher selection surprise - CVE-2021-22298: TELNET stack contents disclosure - CVE-2021-22901: TLS session caching disaster * Changes: - configure: make the TLS library choice(s) explicit - curl: ignore options asking for SSLv2 or SSLv3 - hsts: enable by default - SSL: support in-memory CA certs for some backends - vtls: refuse setting any SSL version * Bugfixes: - configure: provide --with-openssl, deprecate --with-ssl - cookie: CURLOPT_COOKIEFILE set to NULL switches off cookies - curl: include libmetalink version in --version output - data_pending: check only SECONDARY socket for FTP(S) transfers - gnutls: don\'t allow TLS 1.3 for versions that don\'t support it - gnutls: make setting only the MAX TLS allowed version work - http2: fix resource leaks in set_transfer_url() and push_promise() - http: limit the initial send amount to used upload buffer size - rustls: only return CURLE_AGAIN when TLS session is fully drained - rustls: use ALPN - schannel: Disable auto credentials; add an option to enable it - schannel: Support strong crypto option - sectransp: allow cipher name to be specified - sockfilt: avoid getting stuck waiting for writable socket * Sun Apr 25 2021 Dirk Müller - update to 7.76.1: - ngtcp2: Use ALPN h3-29 for now - TODO: remove 18.22 --fail-with-body * Wed Mar 31 2021 Pedro Monreal - Update to 7.76.0 * Security fixes: - [bsc#1183933, CVE-2021-22876]: strip credentials from the auto-referer header field - [bsc#1183934, CVE-2021-22890]: add \'isproxy\' argument to Curl_ssl_get/addsessionid() * Changes: - cookies: Support multiple -b parameters - curl: add --fail-with-body - doh: add options to disable ssl verification - http: add support to read and store the referrer header - sasl: support SCRAM-SHA-1 and SCRAM-SHA-256 via libgsasl - vtls: initial implementation of rustls backend * Bugfixes: - CVE-2021-22876: strip credentials from the auto-referer header field - CVE-2021-22890: add \'isproxy\' argument to Curl_ssl_get/addsessionid() - c-hyper: support automatic content-encoding - configure: only add OpenSSL paths if they are defined - configure: provide Largefile feature for curl-config - curl: set CURLOPT_NEW_FILE_PERMS if requested - doh: Fix sharing user\'s resolve list with DOH handles - doh: Inherit CURLOPT_STDERR from user\'s easy handle - dynbuf: bump the max HTTP request to 1MB - ftp: add \'list_only\' to the transfer state struct - ftp: add \'prefer_ascii\' to the transfer state struct - ftp: allow SIZE to fail when doing (resumed) upload - ftp: avoid SIZE when asking for a TYPE A file - ftp: fix memory leak in ftp_done - ftp: never set data->set.ftp_append outside setopt - gnutls: assume nettle crypto support - http2: don\'t set KEEP_SEND when there\'s no more data to be sent - http2: fail if connection terminated without END_STREAM - http: do not add a referrer header with empty value - http: strip default port from URL sent to proxy - http: use credentials from transfer, not connection - lib: remove \'conn->data\' completely - multi: close the connection when h2=>h1 downgrading - multi: do once-per-transfer inits in before_perform in DID state - multi: rename the multi transfer states - multi: update pending list when removing handle - ngtcp2: adapt to the new recv_datagram callback - ngtcp2: clarify calculation precedence - ngtcp2: sync with recent API updates - openssl: adapt to v3\'s new const for a few API calls - openssl: ensure to check SSL_CTX_set_alpn_protos return values - openssl: remove get_ssl_version_txt in favor of SSL_get_version - parse_proxy: fix a memory leak in the OOM path - url: fix memory leak if OOM in the HSTS handling - url: fix possible use-after-free in default protocol - urldata: don\'t touch data->set.httpversion at run-time - urldata: merge \"struct DynamicStatic\" into \"struct UrlState\" - urldata: remove the \'rtspversion\' field - urldata: remove the _ORIG suffix from string names - wolfssl: don\'t store a NULL sessionid * Thu Mar 04 2021 Cristian Rodríguez - Harden build, enable full RELRO- Never allow undefined symbols anywhere. * Thu Feb 04 2021 Pedro Monreal - Update to 7.75.0 * Changes: - curl: add --create-file-mode [mode] - curl: add new variables to --write-out - dns: extend CURLOPT_RESOLVE syntax for adding non-permanent entries - gopher: implement secure gopher protocol - http: add Hyper as new optional HTTP backend - http: introduce AWS HTTP v4 Signature support * Bugfixes: - cmake: Add an option to disable libidn2 - cmake: enable gophers correctly in curl-config - cmake: expose CURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG - digest_sspi: Show InitializeSecurityContext errors in verbose mode - getinfo: build with disabled HTTP support - http: get CURLOPT_REQUEST_TARGET working with a HTTP proxy - http_proxy: Fix CONNECT chunked encoding race condition - httpauth: make multi-request auth work with custom port - lib: pass in \'struct Curl_easy *\' to most functions - lib: remove Curl_ prefix from many static functions - lib: save a bit of space with some structure packing - libssh: avoid plain free() of libssh-memory - mime: make sure setting MIMEPOST to NULL resets properly - multi_runsingle: bail out early on data->conn == NULL - ngtcp2: Fix http3 upload stall - ngtcp2: Fix stack buffer overflow - openssl: lowercase the hostname before using it for SNI - socks: use the download buffer instead - speedcheck: exclude paused transfers - tooĺ_writeout: fix the -w time output units - url: if IDNA conversion fails, fallback to Transitional- Refresh libcurl-ocloexec.patch * Fri Dec 18 2020 Cristian Rodríguez - Enable zstd and brotli support * Mon Dec 14 2020 Pedro Monreal - Update to 7.74.0 * Changes: hsts: add experimental support for Strict-Transport-Security * Bugfixes: - Inferior OCSP verification [bsc#1179593, CVE-2020-8286] - FTP wildcard stack overflow [bsc#1179399, CVE-2020-8285] - trusting FTP PASV responses [bsc#1179398, CVE-2020-8284] - Revert \"multi: implement wait using winsock events\" - openssl: free mem_buf in error path - ntlm: avoid malloc(0) on zero length user and domain - ngtcp2: use the minimal version of QUIC supported by ngtcp2 - ngtcp2: advertise h3 ALPN unconditionally - file: avoid duplicated code sequence - openssl: guard against OOM on context creation - docs: document the 8MB input string limit for curl_easy_escape and curl_easy_setopt() - hsts: add read/write callbacks - hsts: add support for Strict-Transport-Security - alt-svc: enable by default - checksrc: warn on empty line before open brace - connect: repair build without ipv6 availability - curl.se: new home - ftp: retry getpeername for FTP with TCP_FASTOPEN - gnutls: fix memory leaks (certfields memory wasn\'t released) - http: pass correct header size to debug callback for chunked post - libssh2: fix transport over HTTPS proxy - openssl: guard against OOM on context creation - openssl: use OPENSSL_init_ssl() with >= 1.1.0 - Revert \"multi: implement wait using winsock events\" - socks: check for DNS entries with the right port number - tool_operate: --retry for HTTP 408 responses too - tool_operate: bail out proper on errors during parallel transfers - urlapi: don\'t accept blank port number field without scheme - urlapi: URL encode a \'+\' in the query part - vquic/ngtcp2.h: define local_addr as sockaddr_storage- Update check section: * runtests now supports dynamically base64 encoded sections in tests * Replace env interpreter for perl and python3- Remove curl-use_OPENSSL_config.patch since the OpenSSL initialization has been updated to use OPENSSL_init_ssl() with >= 1.1.0 * Tue Oct 20 2020 Pedro Monreal - Update patches to fix compiling warnings: * curl-disabled-redirect-protocol-message.patch * libcurl-ocloexec.patch- Enable test 1165 * Wed Oct 14 2020 Pedro Monreal - Update to 7.73.0 * Changes: - curl: add --output-dir - curl: support XDG_CONFIG_HOME to find .curlrc - curl: update --help with categories - curl_easy_option_ *: new API for meta-data about easy options - CURLE_PROXY: new error code - mqtt: enable by default - sftp: add new quote commands \'atime\' and \'mtime\' - ssh: add the option CURLKHSTAT_FINE_REPLACE - tls: add CURLOPT_SSL_EC_CURVES and --curves * Bugfixes: - base64: also build for smtp, pop3 and imap - cleanups: avoid curl_ on local variables - configure: let --enable-debug set -Wenum-conversion with gcc >= 10 - conn: check for connection being dead before reuse - curl: in retry output don\'t call all problems \"transient\" - curl: make checkpasswd, file2memory, file2string and glob_match_url use dynbuf - curl: retry delays in parallel mode no longer sleeps blocking - curl: use curlx_dynbuf for realloc when loading config files - curl:parallel_transfers: make sure retry readds the transfer - curl_get_line: build only if cookies or alt-svc are enabled - Curl_pgrsTime - return new time to avoid timeout integer overflow - Curl_send: return error when pre_receive_plain can\'t malloc - dynbuf: make sure Curl_dyn_tail() zero terminates - etag: save and use the full received contents - ftp: a 550 response to SIZE returns CURLE_REMOTE_FILE_NOT_FOUND - ftp: avoid risk of reading uninitialized integers - ftp: get rid of the PPSENDF macro - ftp: make a 552 response return CURLE_REMOTE_DISK_FULL - ftp: separate FTPS from FTP over \"HTTPS proxy\" - HTTP/3: update to OpenSSL_1_1_1g-quic-draft-29 - http: consolidate nghttp2_session_mem_recv() call paths - http_proxy: do not count proxy headers in the header bytecount - http_proxy: do not crash with HTTPS_PROXY and NO_PROXY set - imap: make imap_send use dynbuf for the send buffer management - imap: set cselect_bits to CURL_CSELECT_IN initially - lib1560: verify \"redirect\" to double-slash leading URL - lib: make Curl_gethostname accept a const pointer - libssh2: handle the SSH protocols done over HTTPS proxy - libssh2: pass on the error from ssh_force_knownhost_key_type - memdebug: remove 9 year old unused debug function - multi: expand pre-check for socket readiness - ngtcp2: adapt to new NGTCP2_PROTO_VER_MAX define - ngtcp2: adapt to the new pkt_info arguments - openssl: avoid error conditions when importing native CA - openssl: consider ALERT_CERTIFICATE_EXPIRED a failed verification - parsedate: tune the date to epoch conversion - pause: only trigger a reread if the unpause sticks - pingpong: use a dynbuf for the *_pp_sendf() function - runtests: allow creating files without newlines - runtests: allow generating a binary sequence from hex - runtests: clear pid variables when failing to start a server - schannel: fix memory leak when using get_cert_location - schannel: return CURLE_PEER_FAILED_VERIFICATION for untrusted root - sectransp: make it build with --disable-proxy - select.h: make socket validation macros test for INVALID_SOCKET - select: align poll emulation to return all relevant events - select: fix poll-based check not detecting connect failure - select: simplify return code handling for poll and select - setopt: if the buffer exists, refuse the new BUFFERSIZE - setopt: return CURLE_BAD_FUNCTION_ARGUMENT on bad argument - socketpair: allow CURL_DISABLE_SOCKETPAIR - sockfilt: handle FD_CLOSE winsock event on write socket - symbian: drop support - tests: remove pipelining tests - tls: fix SRP detection by using the proper #ifdefs - tls: provide the CApath verbose log on its own line - tool_setopt: escape binary data to hex, not octal - url: use blank credentials when using proxy w/o username and password - urlapi: use more Curl_safefree - vtls: deduplicate client certificates in ssl_config_data * Wed Aug 19 2020 Pedro Monreal Gonzalez - Update to 7.72.0 [bsc#1175109, CVE-2020-8231] * Changes: - content_encoding: add zstd decoding support - CURL_PUSH_ERROROUT: allow the push callback to fail the parent stream - CURLINFO_EFFECTIVE_METHOD: added * Bugfixes: - CVE-2020-8231: libcurl: wrong connect-only connection - curl-config: ignore REQUIRE_LIB_DEPS in --libs output - curl: improve the existing file check with -J - curl_multi_setopt: fix compiler warning \"result is always false\" - curl_version_info.3: CURL_VERSION_KERBEROS4 is deprecated - docs: Add video link to docs/CONTRIBUTE.md - docs: clarify MAX_SEND/RECV_SPEED functionality - ftp: don\'t do ssl_shutdown instead of ssl_close - ftpserver: don\'t verify SMTP MAIL FROM names - getinfo: reset retry-after value in initinfo - gnutls: repair the build with \'CURL_DISABLE_PROXY\' - gtls: survive not being able to get name/issuer - h2: repair trailer handling - http2: close the http2 connection when no more requests may be sent - http2: fix nghttp2_strerror -> nghttp2_http2_strerror in debug messages - libssh2: s/ssherr/sftperr/ - mprintf: Fix dollar string handling - mprintf: Fix stack overflows - multi_remove_handle: close unused connect-only connections - ngtcp2: adapt to error code rename - ngtcp2: adjust to recent sockaddr updates - ngtcp2: update to modified qlog callback prototype - ntlm: free target_info before (re-)malloc - page-header: provide protocol details in the curl.1 man page - quiche: handle calling disconnect twice - setopt: unset NOBODY switches to GET if still HEAD - smtp_parse_address: handle blank input string properly - socks: use size_t for size variable - tls-max.d: this option is only for TLS-using connections - tlsv1.3.d. only for TLS-using connections - tool_getparam: make --krb option work again - transfer: fix data_pending for builds with both h2 and h3 enabled - transfer: fix memory-leak with CURLOPT_CURLU in a duped handle - transfer: move retrycount from connect struct to easy handle - url: fix CURLU and location following * Wed Jul 01 2020 Pedro Monreal Gonzalez - Update to 7.71.1 * Bugfixes: - Curl_inet_ntop: always check the return code - CURLOPT_READFUNCTION.3: provide the upload data size up front - escape: make the URL decode able to reject only %00-bytes - escape: zero length input should return a zero length output - examples/multithread.c: call curl_global_cleanup() - http2: set the correct URL in pushed transfers - http: fix proxy auth with blank password - mbedtls: fix build with disabled proxy support - ngtcp2: sync with current master - Revert \"multi: implement wait using winsock events\" - sendf: improve the message on client write errors - terminology: call them null-terminated strings - tool_cb_hdr: Fix etag warning output and return code - url: allow user + password to contain \"control codes\" for HTTP(S) - vtls: compare cert blob when finding a connection to reuse * Wed Jun 24 2020 Pedro Monreal Gonzalez - Update to 7.71.0 [bsc#1173026, CVE-2020-8169][bsc#1173027, CVE-2020-8177] * Changes: - CURLOPT_SSL_OPTIONS: optional use of Windows\' CA store (with openssl) - setopt: add CURLOPT_PROXY_ISSUERCERT(_BLOB) for coherency - setopt: support certificate options in memory with struct curl_blob - tool: Add option --retry-all-errors to retry on any error * Bugfixes: - *_sspi: fix bad uses of CURLE_NOT_BUILT_IN - altsvc: bump to h3-29 - altsvc: fix \'dsthost\' may be used uninitialized in this function - altsvc: fix parser for lines ending with CRLF - altsvc: remove the num field from the altsvc struct - asyn- *: remove support for never-used NULL entry pointers - azure: use matrix strategy to avoid configuration redundancy - build: disable more code/data when built without proxy support - buildconf: remove -print from the find command that removes files - checksrc: enhance the ASTERISKSPACE and update code accordingly - cirrus: disable SFTP and SCP tests - CMake: add ENABLE_ALT_SVC option - CMake: add HTTP/3 support (ngtcp2+nghttp3, quiche) - CMake: add libssh build support - configure: fix pthread check with static boringssl - configure: for wolfSSL, check for the DES func needed for NTLM - configure: only strip first -L from LDFLAGS - configure: repair the check if argv can be written to - configure: the wolfssh backend does not provide SCP - connect: improve happy eyeballs handling - connect: make happy eyeballs work for QUIC (again) - curl: remove -J \"informational\" written on stdout - Curl_addrinfo: use one malloc instead of three - dynbuf: introduce internal generic dynamic buffer functions - easy: fix dangling pointer on easy_perform fail - examples/ephiperfifo: turn off interval when setting timerfd - examples/http2-down/upload: add error checks - FILEFORMAT: add more features that tests can depend on - FILEFORMAT: describe verify/stderr - ftp: make domore_getsock() return the secondary socket properly - ftp: mark return-ignoring calls to Curl_GetFTPResponse with (void) - ftp: shut down the secondary connection properly when SSL is used - GnuTLS: Backend support for CURLINFO_SSL_VERIFYRESULT - hostip: make Curl_printable_address not return anything - http2: keep trying to send pending frames after req.upload_done - http2: simplify and clean up trailer handling - http: move header storage to Curl_easy from connectdata - libssh2: improved error output for wrong quote syntax - libssh2: keep sftp errors as \'unsigned long\' - libssh2: set the expected total size in SCP upload init - multi: add defensive check on data->multi->num_alive - multi: implement wait using winsock events - ngtcp2: cleanup memory when failing to connect - ngtcp2: fix build with current ngtcp2 master implementing draft 28 - ngtcp2: fix happy eyeballs quic connect crash - ngtcp2: introduce qlog support - ngtcp2: never call fprintf() in lib code in release version - ngtcp2: update with recent API changes - ntlm: enable NTLM support with wolfSSL - OpenSSL: have CURLOPT_CRLFILE imply CURLSSLOPT_NO_PARTIALCHAIN - openssl: set FLAG_TRUSTED_FIRST unconditionally - projects: Add crypt32.lib to dependencies for all OpenSSL configs - quiche: clean up memory properly when failing to connect - quiche: enable qlog output - quiche: update SSLKEYLOGFILE support - Revert \"ssh: ignore timeouts during disconnect\" - select: fix overflow protection in Curl_socket_check - sendf: make failf() use the mvsnprintf() return code - server/sws: fix asan warning on use of uninitialized variable - server/util: fix logmsg format using curl_off_t argument - sha256: fixed potentially uninitialized variable - share: don not set the share flag it something fails - sockfilt: make select_ws stop waiting on exit signal event - socks: detect connection close during handshake - socks: fix expected length of SOCKS5 reply - socks: remove unreachable breaks in socks.c and mime.c - source cleanup: remove all custom typedef structs - timeouts: change millisecond timeouts to timediff_t from time_t - timeouts: move ms timeouts to timediff_t from int and long - tool_cfgable: free login_options at exit - tool_getparam: -i is not OK if -J is used - tool_getparam: fix memory leak in parse_args - tool_operate: fixed potentially uninitialized variables - tool_paramhlp: fixed potentially uninitialized strtol() variable - transfer: close connection after excess data has been read - typecheck-gcc.h: CURLINFO_PRIVATE does not need a \'char *\' - unit1604.c: fix implicit conv from \'SANITIZEcode\' to \'CURLcode\' - url: accept \"any length\" credentials for proxy auth - url: alloc the download buffer at transfer start - url: make the updated credentials URL-encoded in the URL - url: reject too long input when parsing credentials - url: sort the protocol schemes in rough popularity order - urlapi: accept :: as a valid IPv6 address - urldata: leave the HTTP method untouched in the set. * struct - urlglob: treat literal IPv6 addresses with zone IDs as a host name - user-agent.d: spell out what happens given a blank argument - vauth/cleartext: fix theoretical integer overflow - version.d: expanded and alpha-sorted - vtls: Extract and simplify key log file handling from OpenSSL - wolfssl: add SSLKEYLOGFILE support - wording: avoid blacklist/whitelist stereotypes - write-out.d: added \"response_code\" * Fri Jun 12 2020 Dominique Leuenberger - Change with-gssapi configure parameter: krb5 is changing location in the future: ask krb5-config about the correct prefix values. * Wed Apr 29 2020 Paolo Stivanin - Update to 7.70.0 * Changes: - curl: add --ssl-revoke-best-effort to allow a \"best effort\" revocation check - mqtt: add new experimental protocol - schannel: add \"best effort\" revocation check option: CURLSSLOPT_REVOKE_BEST_EFFORT - writeout: support to generate JSON output with \'%{json}\' * Bugfixes: - gnutls: Don\'t skip really long certificate fields - gnutls: ensure TLS 1.3 when SRP isn\'t requested - lib: never define CURL_CA_BUNDLE with a getenv - libcurl-multi.3: added missing full stop - libssh: avoid options override by configuration files - libssh: Use new ECDSA key types to check known hosts - tons of other fixes * Thu Mar 12 2020 Pedro Monreal Gonzalez - Update to 7.69.1 * Bugfixes: - ares: store dns parameters for duphandle - cirrus-ci: disable the FreeBSD 13 builds - curl_share_setopt.3: Note sharing cookies doesn\'t enable the engine - lib1564: reduce number of mid-wait wakeup calls - libssh: Fix matching user-specified MD5 hex key - MANUAL: update a dict-using command line - mime: do not perform more than one read in a row - mime: fix the binary encoder to handle large data properly - mime: latch last read callback status - multi: skip EINTR check on wakeup socket if it was closed - pause: bail out on bad input - pause: force a connection recheck after unpausing (take 2) - pause: return early for calls that don\'t change pause state - runtests.1: rephrase how to specify what tests to run - runtests: fix missing use of exe_ext helper function - seek: fix fall back for missing ftruncate on Windows - sftp: fix segfault regression introduced by #4747 in 7.69.0 - sha256: Added SecureTransport implementation - sha256: Added WinCrypt implementation - socks4: fix host resolve regression - socks5: host name resolv regression fix - tests/server: fix missing use of exe_ext helper function - tests: fix static ip:port instead of dynamic values being used - tests: make sleeping portable by avoiding select - unit1612: fix the inclusion and compilation of the HMAC unit test - urldata: remove the \'stream_was_rewound\' connectdata struct member - version: make curl_version * thread-safe without using global context * Mon Mar 09 2020 Andreas Schwab - ignore_runtests_failure.patch: remove, no longer needed * Wed Mar 04 2020 Pedro Monreal Gonzalez - Update to 7.69.0 * Changes: - polarssl: removed - smtp: add CURLOPT_MAIL_RCPT_ALLLOWFAILS and --mail-rcpt-allowfails - wolfSSH: new SSH backend * Bugfixes: - altsvc: improved header parser - altsvc: keep a copy of the file name to survive handle reset - altsvc: make saving the cache an atomic operation - altsvc: use h3-27 - azure: disable brotli on the macos debug-builds - build: remove all HAVE_OPENSSL_ENGINE_H defines - cleanup: fix several comment typos - cleanup: fix typos and wording in docs and comments - cmake: add support for CMAKE_LTO option - cmake: clean up and improve build procedures - cmake: Show HTTPS-proxy in the features output - cmake: use check_symbol_exists also for inet_pton - configure.ac: fix comments about --with-quiche - configure: disable metalink if mbedTLS is specified - configure: disable metalink support for incompatible SSL/TLS - conn: do not reuse connection if SOCKS proxy credentials differ - conncache: removed unused Curl_conncache_bundle_size() - connect: remove some spurious infof() calls - connection reuse: respect the max_concurrent_streams limits - cookie: check __Secure- and __Host- case sensitively - cookies: make saving atomic with a rename - create-dirs.d: mention the mode - curl: avoid using strlen for testing if a string is empty - curl: error on --alt-svc use w/o support - curl: let -D merge headers in one file again - curl: make #0 not output the full URL - curl: make the -# spaceship bar not wrap the line - curl: remove \'config\' field from OutStruct - curl:progressbarinit: ignore column width from terminals < 20 - curl_escape.3: add a link to curl_free - curl_getenv.3: fix the memory handling description - curl_global_init: assume the EINTR bit by default - curl_global_init: move the IPv6 works status bool to multi handle - CURLINFO_COOKIELIST.3: Fix example - CURLOPT_ALTSVC_CTRL.3: fix the DEFAULT wording - CURLOPT_PROXY_SSL_OPTIONS.3: Sync with CURLOPT_SSL_OPTIONS.3 - CURLOPT_REDIR_PROTOCOLS.3: update the DEFAULT section - data.d: remove \"Multiple files can also be specified\" - digest: do not quote algorithm in HTTP authorisation - docs/HTTP3: add --enable-alt-svc to curl\'s configure - docs/HTTP3: update the OpenSSL branch to use for ngtcp2 - docs: fix typo on CURLINFO_RETRY_AFTER - easy: remove dead code - form.d: fix two minor typos - ftp: convert \'sock_accepted\' to a plain boolean - ftp: remove superfluous checking for crlf in user or pwd - ftp: shrink temp buffers used for PORT - github: Instructions to post \"uname -a\" on Unix systems in issues - GnuTLS: always send client cert - gtls: fixed compilation when using GnuTLS < 3.5.0 - hostip: move code to resolve IP address literals to \'Curl_resolv\' - HTTP-COOKIES: describe the cookie file format - HTTP-COOKIES: mention that a trailing newline is required - http2: make pausing/unpausing set/clear local stream window - http2: now requires nghttp2 >= 1.12.0 - http: added 417 response treatment - http: increase EXPECT_100_THRESHOLD to 1Mb - http: mark POSTs with no body as \"upload done\" from the start - http: move \"oauth_bearer\" from connectdata to Curl_easy - include: remove non-curl prefixed defines - KNOWN_BUGS: Multiple methods in a single WWW-Authenticate: header - libssh2: add support for forcing a hostkey type - libssh2: fix variable type - libssh: improve known hosts handling - llist: removed unused Curl_llist_move() - location.d: the method change is from POST to GET only - md4: fixed compilation issues when using GNU TLS gcrypt - md4: use init/update/final functions in Secure Transport - md5: added implementation for mbedTLS - mk-ca-bundle: add support for CKA_NSS_SERVER_DISTRUST_AFTER - multi: change curl_multi_wait/poll to error on negative timeout - multi: fix outdated comment - multi: if Curl_readwrite sets \'comeback\' use expire, not loop - multi_done: if multiplexed, make conn->data point to another transfer - multi_wait: stop loop when sread() returns zero - ngtcp2: add error code for QUIC connection errors - ngtcp2: fixed to only use AF_INET6 when ENABLE_IPV6 - ngtcp2: update to git master and its draft-25 support - ntlm: removed the dependency on the TLS libaries when using MD5 - ntlm_wb: use Curl_socketpair() for greater portability - oauth2-bearer.d: works for HTTP too - openssl: make CURLINFO_CERTINFO not truncate x509v3 fields - openssl: remove redundant assignment - os400: fixed the build - pause: force-drain the transfer on unpause - quiche: update to draft-25 - README: mention that the docs is in docs/ - runtests: make random seed fixed for a month - runtests: restore the command log - schannel_verify: Fix alt names manual verify for UNICODE builds - sha256: use crypto implementations when available - singleuse.pl: support new API functions, fix curl_dbg_ handling - smtp: support the SMTPUTF8 extension - smtp: support UTF-8 based host names in MAIL FROM - SOCKS: make the connect phase non-blocking - strcase: turn Curl_raw_tolower into static - strerror: increase STRERROR_LEN 128 -> 256 - test1323: added missing \'unit test\' feature requirement - tests: add a unit test for MD4 digest generation - tests: add a unit test for SHA256 digest generation - tests: add a unit test for the HMAC hash generation - tests: deduce the tool name from the test case for unit tests - tests: fix Python 3 compatibility of smbserver.py - tool_dirhie: allow directory traversal during creation - tool_homedir: change GetEnv() to use libcurl\'s curl_getenv() - url: include the failure reason when curl_win32_idn_to_ascii() fails - urlapi: guess scheme properly with credentials given - urldata: do string enums without #ifdefs for build scripts - vtls: refactor Curl_multissl_version to make the code clearer- Refresh patches: * curl-secure-getenv.patch * libcurl-ocloexec.patch * Tue Feb 18 2020 Dominique Leuenberger - Eliminate curl-mini: The reason for this to exist was that cmake pulled in curl into too many places, causing build cycles. A new cmake-mini was generated, eliminating that need. * Wed Jan 08 2020 Pedro Monreal Gonzalez - Update to 7.68.0 * Changes: - TLS: add BearSSL vtls implementation - XFERINFOFUNCTION: support CURL_PROGRESSFUNC_CONTINUE - curl: add --etag-compare and --etag-save - curl: add --parallel-immediate - multi: add curl_multi_wakeup() - openssl: CURLSSLOPT_NO_PARTIALCHAIN can disable partial cert chains * Bugfixes: - CVE-2019-15601: file: on Windows, refuse paths that start with \\\\ - Azure Pipelines: add several builds - CMake: add support for building with the NSS vtls backend - CURL-DISABLE: initial docs for the CURL_DISABLE_ * defines - CURLOPT_HEADERFUNCTION.3: Document that size is always 1 - CURLOPT_QUOTE.3: fix typos - CURLOPT_READFUNCTION.3: fix the example - CURLOPT_URL.3: \"curl supports SMB version 1 (only)\" - CURLOPT_VERBOSE.3: see also ERRORBUFFER - HISTORY: added cmake, HTTP/3 and parallel downloads with curl - HISTORY: the SMB(S) support landed in 2014 - INSTALL.md: provide Android build instructions - KNOWN_BUGS: Connection information when using TCP Fast Open - KNOWN_BUGS: LDAP on Windows doesn\'t work correctly - KNOWN_BUGS: TLS session cache doesn\'t work with TFO - OPENSOCKETFUNCTION.3: correct the purpose description - TrackMemory tests: always remove CR before LF - altsvc: bump to h3-24 - altsvc: make the save function ignore NULL filenames - build: Disable Visual Studio warning \"conditional expression is constant\" - build: fix for CURL_DISABLE_DOH - checksrc.bat: Add a check for vquic and vssh directories - checksrc: repair the copyrightyear check - cirrus-ci: enable clang sanitizers on freebsd 13 - cirrus: Drop the FreeBSD 10.4 build - config-win32: cpu-machine-OS for Windows on ARM - configure: avoid unportable `==\' test(1) operator - configure: enable IPv6 support without `getaddrinfo` - configure: fix typo in help text - conncache: CONNECT_ONLY connections assumed always in-use - conncache: fix multi-thread use of shared connection cache - copyrights: fix copyright year range - create_conn: prefer multiplexing to using new connections - curl -w: handle a blank input file correctly - curl.h: add two missing defines for \"pre ISO C\" compilers - curl/parseconfig: fix mem-leak - curl/parseconfig: use curl_free() to free memory allocated by libcurl - curl: cleanup multi handle on failure - curl: fix --upload-file . hangs if delay in STDIN - curl: fix -T globbing - curl: improved cleanup in upload error path - curl: make a few char pointers point to const char instead - curl: properly free mimepost data - curl: show better error message when no homedir is found - curl: show error for --http3 if libcurl lacks support - curl_setup_once: consistently use WHILE_FALSE in macros - define: remove HAVE_ENGINE_LOAD_BUILTIN_ENGINES, not used anymore - docs: Change \'experiemental\' to \'experimental\' - docs: TLS SRP doesn\'t work with TLS 1.3 - docs: fix several typos - docs: mention CURL_MAX_INPUT_LENGTH restrictions - doh: improved both encoding and decoding - doh: make it behave when built without proxy support - examples/postinmemory.c: Call curl_global_cleanup always - examples/url2file.c: corrected erroneous comment - examples: add multi-poll.c - global_init: undo the \"intialized\" bump in case of failure - hostip: suppress compiler warning - http_ntlm: Remove duplicate NSS initialisation - lib: Move lib/ssh.h -> lib/vssh/ssh.h - lib: fix compiler warnings with `CURL_DISABLE_VERBOSE_STRINGS` - lib: fix warnings found when porting to NuttX - lib: remove ASSIGNWITHINCONDITION exceptions, use our code style - lib: remove erroneous +x file permission on some c files - libssh2: add support for ECDSA and ed25519 knownhost keys - multi.h: remove INITIAL_MAX_CONCURRENT_STREAMS from public header - multi: free sockhash on OOM - multi_poll: avoid busy-loop when called without easy handles attached - ngtcp2: Support the latest update key callback type - ngtcp2: fix thread-safety bug in error-handling - ngtcp2: free used resources on disconnect - ngtcp2: handle key updates as ngtcp2 master branch tells us - ngtcp2: increase QUIC window size when data is consumed - ngtcp2: use overflow buffer for extra HTTP/3 data - ntlm: USE_WIN32_CRYPTO check removed to get USE_NTLM2SESSION set - ntlm_wb: fix double-free in OOM - openssl: Revert to less sensitivity for SYSCALL errors - openssl: improve error message for SYSCALL during connect - openssl: prevent recursive function calls from ctx callbacks - openssl: retrieve reported LibreSSL version at runtime - openssl: set X509_V_FLAG_PARTIAL_CHAIN by default - parsedate: offer a getdate_capped() alternative - pause: avoid updating socket if done was already called - projects: Fix Visual Studio projects SSH builds - projects: Fix Visual Studio wolfSSL configurations - quiche: reject HTTP/3 headers in the wrong order - remove_handle: clear expire timers after multi_done() - runtests: --repeat=[num] to repeat tests - runtests: introduce --shallow to reduce huge torture tests - schannel: fix --tls-max for when min is --tlsv1 or default - setopt: Fix ALPN / NPN user option when built without HTTP2 - strerror: Add Curl_winapi_strerror for Win API specific errors - strerror: Fix an error looking up some Windows error strings - strerror: Fix compiler warning \"empty expression\" - system.h: fix for MCST lcc compiler - test/sws: search for \"Testno:\" header unconditionally if no testno - test1175: verify symbols-in-versions and libcurl-errors.3 in sync - test1270: a basic -w redirect_url test - test1456: remove the use of a fixed local port number - test1558: use double slash after file: - test1560: require IPv6 for IPv6 aware URL parsing - tests/lib1557: fix mem-leak in OOM - tests/lib1559: fix mem-leak in OOM - tests/lib1591: free memory properly on OOM, in the trailers callback - tests/unit1607: fix mem-leak in OOM - tests/unit1609: fix mem-leak in OOM - tests/unit1620: fix bad free in OOM - tests: Change NTLM tests to require SSL - tests: Fix bounce requests with truncated writes - tests: fix build with `CURL_DISABLE_DOH` - tests: fix permissions of ssh keys in WSL - tests: make it possible to set executable extensions - tests: make sure checksrc runs on header files too - tests: set LC_ALL=en_US.UTF-8 instead of blank in several tests - tests: use DoH feature for DoH tests - tests: use \\r\ for log messages in WSL - tool_operate: fix mem leak when failed config parse - travis: Fix error detection - travis: abandon coveralls, it is not reliable - travis: build ngtcp2 with --enable-lib-only - travis: export the CC/CXX variables when set - vtls: make BearSSL possible to set with CURL_SSL_BACKEND - winbuild: Define CARES_STATICLIB when WITH_CARES=static - winbuild: Document CURL_STATICLIB requirement for static libcurl- Remove curl-expire-clear.patch
|
|
|