Adolf Belka [Tue, 18 Jun 2024 10:48:58 +0000 (12:48 +0200)]
zstd: Update to version 1.5.6
- Update from version 1.5.5 to 1.5.6
- Update of rootfile
- Changelog
1.5.6 (Mar 2024)
api: Promote `ZSTD_c_targetCBlockSize` to Stable API by @felixhandte
api: new `ZSTD_d_maxBlockSize` experimental parameter, to reduce streaming decompression memory, by @terrelln
perf: improve performance of param `ZSTD_c_targetCBlockSize`, by @Cyan4973
perf: improved compression of arrays of integers at high compression, by @Cyan4973
lib: reduce binary size with selective built-time exclusion, by @felixhandte
lib: improved huffman speed on small data and linux kernel, by @terrelln
lib: accept dictionaries with partial literal tables, by @terrelln
lib: fix CCtx size estimation with external sequence producer, by @embg
lib: fix corner case decoder behaviors, by @Cyan4973 and @aimuz
lib: fix zdict prototype mismatch in static_only mode, by @ldv-alt
lib: fix several bugs in magicless-format decoding, by @embg
cli: add common compressed file types to `--exclude-compressed`` by @daniellerozenblit
cli: fix mixing `-c` and `-o` commands with `--rm`, by @Cyan4973
cli: fix erroneous exclusion of hidden files with `--output-dir-mirror` by @felixhandte
cli: improved time accuracy on BSD, by @felixhandte
cli: better errors on argument parsing, by @KapJI
tests: better compatibility with older versions of `grep`, by @Cyan4973
tests: lorem ipsum generator as default backup content, by @Cyan4973
build: cmake improvements by @terrelln, @sighingnow, @gjasny, @JohanMabille, @Saverio976, @gruenich, @teo-tsirpanis
build: bazel support, by @jondo2010
build: fix cross-compiling for AArch64 with lld by @jcelerier
build: fix Apple platform compatibility, by @nidhijaju
build: fix Visual 2012 and lower compatibility, by @Cyan4973
build: improve win32 support, by @DimitriPapadopoulos
build: better C90 compliance for zlibWrapper, by @emaste
port: make: fat binaries on macos, by @mredig
port: ARM64EC compatibility for Windows, by @dunhor
port: QNX support by @klausholstjacobsen
port: MSYS2 and Cygwin makefile installation and test support, by @QBos07
port: risc-v support validation in CI, by @Cyan4973
port: sparc64 support validation in CI, by @Cyan4973
port: AIX compatibility, by @likema
port: HP-UX compatibility, by @likema
doc: Improved specification accuracy, by @elasota
bug: Fix and deprecate ZSTD_generateSequences (#3981)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 18 Jun 2024 10:48:57 +0000 (12:48 +0200)]
xfsprogs: Update to version 6.8.0
- Update from version 6.5.0 to 6.8.0
- Update of rootfile
- Changelog
There is no changelog for this package. Change details can be found from the git commit
log https://git.kernel.org/pub/scm/fs/xfs/xfsprogs-dev.git/log/
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 18 Jun 2024 10:48:56 +0000 (12:48 +0200)]
traceroute: Update to version 2.1.5
- Update from version 2.1.2 to 2.1.5
- Update of rootfile not required
- Update of traceroute patch as the source tarball has version number specified in its
directory structure.
- Changelog
2.1.5
* Fix rfc5837 parsing (Francois Rigault)
2.1.4
* Parse interface information (rfc5837) for ICMP extensions
* Add `fastopen' tcp module option (cookie negotiation only)
* Complete tcp module option `mss' to discover possible mss clamping
along the path being traced (idea and testing from Francois Rigault).
The argument is optional now.
Changed mss is printed once in a form of `M=NUM' at the first probe
it was detected on. (Actually, the mss clamping performed by
some previous hop).
Note, some routers may return too short original fragment
in the time exceeded message, making the check impossible.
Besides that the responses may come in a different order.
All this can lead to a later place of the report
(using -N 1 can help for the order).
* Complete tcp module option `info' to print returned tcp header options too
(all those that can be set or altered by `-O' for tcp module).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 18 Jun 2024 10:48:55 +0000 (12:48 +0200)]
tmux: Update to version 3.4
- Update from version 3.3a to 3.4
- Update of rootfile not required
- Changelog
3.4
* Add options keep-last and keep-group to destroy-unattached to keep the last
session whether in a group.
* Don't allow paste-buffer into dead panes.
* Add -t to source-file.
* Rewrite combined character handling to be more consistent and to support
newer Unicode combined characters.
* Add basic support for SIXEL if built with --enable-sixel.
* Add a session, pane and user mouse range types for the status line and add
format variables for mouse_status_line and mouse_status_range so they can be
associated with different commands in the key bindings.
* Add flag (-o) to next-prompt/previous-prompt to go to OSC 133 command output.
* Add options and flags for menu styles (menu-style, menu-border-style) similar
to those existing for popups.
* Add support for marking lines with a shell prompt based on the OSC 133 extension.
* Check for libterminfo for NetBSD.
* Add "us" to styles for underscore colour.
* Add flags (-c and -y) to change the confirm key and default behaviour of
confirm-before.
* Use ncurses' new tparm_s function (added in 6.4-20230424) instead of tparm so
it does not object to string arguments in c apabilities it doesn't already
know. Also ignore errors from tparm if using previous ncurses versions.
* Set default lock command to vlock on Linux if present at build time.
* Discard mouse sequences that have the right form but actually are invalid.
* Add support for spawning panes in separate cgroups with systemd and a
configure flag (--disable-cgroups) to turn off.
* Add a format (pane_unseen_changes) to show if there are unseen changes while
in a mode.
* Remove old buffer when renaming rather than complaining.
* Add an L modifier like P, W, S to loop over clients.
* Add -f to list-clients like the other list commands.
* Extend display-message to work for control clients.
* Add a flag to display-menu to select the manu item selected when the menu is
open.
* Have tmux recognise pasted text wrapped in bracket paste sequences, rather
than only forwarding them to the program inside.
* Have client return 1 if process is interrupted to an input pane.
* Query the client terminal for foreground and background colours and if OSC 10
or 11 is received but no colour has been set inside tmux, return the colour
from the first attached client.
* Add send-keys -K to handle keys directly as if typed (so look up in key
table).
* Process escape sequences in show-buffer.
* Add a -l flag to display-message to disable format expansion.
* Add paste-buffer-deleted notification and fix name of paste-buffer-changed.
* Do not attempt to connect to the socket as a client if systemd is active.
* Add scroll-top and scroll-bottom commands to scroll so cursor is at top or
bottom.
* Add a -T flag to capture-pane to stop at the last used cell instead of the
full width. Restore the previous behaviour by making it default to off unless
-J is used.
* Add message-line option to control where message and prompt go.
* Notification when a when a paste buffer is deleted.
* Add a Nobr terminfo(5) capability to tell tmux the terminal does not use bright
colours for bold.
* Change g and G to go to top and bottom in menus.
* Add a third state "all" to allow-passthrough to work even in invisible panes.
* Add support for OSC 8 hyperlinks.
* Store the time lines are scrolled into history and display in copy mode.
* Add a %config-error reply to control mode for configuration file errors since
reporting them in view mode is useless.
* A new feature flag (ignorefkeys) to ignore terminfo(5) function key
definitions for rxvt.
* Pass through first argument to OSC 52 (which clipboards to set) if the
application provides it.
* Expand arguments to send-keys, capture-pane, split-window, join-pane where it
makes sense to do so.
* Ignore named buffers when choosing a buffer if one is not specified by the user.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 18 Jun 2024 10:48:53 +0000 (12:48 +0200)]
iw: Update to version 6.9
- Update from version 5.19 to 6.9
- Update of rootfile not required
- Changelog
There is no changelog available for this package. Details of changes can be found in
the git commit log https://git.kernel.org/pub/scm/linux/kernel/git/jberg/iw.git/log/
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 17 Jun 2024 14:06:10 +0000 (16:06 +0200)]
utfcpp: Required for build of latest version of taglib
- lfs copies the required headers to the /usr/include directory.
- rootfile has all entries commented out as utfcpp is only required for the build.
- Added utfcpp into make.sh prior to taglib.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 17 Jun 2024 11:12:36 +0000 (13:12 +0200)]
dns.cgi: Remove the decode and encode lines as now integrated in header.pl
- decode and encode lines have now been integrated into the cleanhtml subroutine in
header.pl so that all uses of cleanhtml will be able to handle diacritical characters
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 17 Jun 2024 11:12:35 +0000 (13:12 +0200)]
header.pl: Add utf-8 handling into cleanhtml command
- existing cleanhtml command does not handle diacritical charcters such as umlauts, acute,
grave and circumflex accents.
- In bug 12395 the problem was resolved by adding decode before and encode after the
cleanhtml command in dns.cgi
- Suggestion from @Michael Tremer was to add the decode and encode sections into the
actual cleanhtml subroutine in header.pl
- This patch submission is the execution of that suggestion.
- This will ensure that whenever cleanhtml is used for any remark in a WUI page it will
handle diacritical charcters.
- Tested out on my vm testbed system and confirmed to be working when cleanhtml has the
encode and decode lines.
- Combined with this patch is another one that changes the dns.cgi to remove the decode
and encode entries added into the cgi code.
Suggested-by: Michael Tremer <michael.tremer@ipfire.org> Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Sun, 16 Jun 2024 15:36:00 +0000 (15:36 +0000)]
strongswan: Create firewall rules for outgoing IPsec traffic as well
This will avoid outgoing IPsec traffic being dropped by IPFire itself,
if the default firewall behavior for outgoing traffic is set to
"blocked", and no appropriate rules have been manually configured in the
web interface.
To ensure configured IPsec tunnels will always work flawlessly,
regardless of the firewall default policy and any manually created
firewall rules, create and delete outgoing iptables rules accordingly
when bringing an IPsec connection up or down.
Tested-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Sun, 16 Jun 2024 14:02:00 +0000 (14:02 +0000)]
sysctl: Disable bpf() calls from unprivileged users without toggle option
According to the Linux kernel documentation, enabling BPF_UNPRIV_DEFAULT_OFF
(which was done in 69dde418f11dc0085cbe061b90f6c002d6d6cce2) will cause
the sysctl kernel.unprivileged_bpf_disabled to default to 2. This
prohibits calls to bpf() from unprivileged users by default, but allows
for such calls to be allowed again during runtime, by setting
kernel.unprivileged_bpf_disabled to 0.
There is no legitimate reason why this should be possible on IPFire,
which is why this patch sets kernel.unprivileged_bpf_disabled to 1
during startup, causing the same effect as 2, but without any option to
revert this setting during runtime. This fixes a Lynis warning.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Changes in version 0.4.8.12 - 2024-06-06
This is a minor release with couple bugfixes affecting conflux and logging.
We also have the return of faravahar directory authority with new keys and
address.
o Minor feature (dirauth):
- Add back faravahar with a new address and new keys. Closes 40689.
o Minor features (fallbackdir):
- Regenerate fallback directories generated on June 06, 2024.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2024/06/06.
o Minor bugfix (circuit):
- Remove a log_warn being triggered by a protocol violation that
already emits a protocol warning log. Fixes bug 40932; bugfix
on 0.4.8.1-alpha.
o Minor bugfixes (conflux):
- Avoid a potential hard assert (crash) when sending a cell on a
Conflux set. Fixes bug 40921; bugfix on 0.4.8.1-alpha.
- Make sure we don't process a closed circuit when packaging data.
This lead to a non fatal BUG() spamming logs. Fixes bug 40908;
bugfix on 0.4.8.1-alpha.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 11 Jun 2024 15:11:50 +0000 (17:11 +0200)]
ppp: Fix definition of directory for pid files
- When ppp was updated from version 2.5.0 to e1266c7 I missed that a new configure option
was introduced. This is --with-runtime-dir=DIR.
- If this option is used then the run time directory for the pid files is defined by that
DIR entry. If the option is not used then the pid directory is fixed as /var/run/pppd/
- Even if the --runstatedir=DIR option is used then it is ignored if the
--with-runtime-dir=DIR option is used or not used even though both effectively deal
with the same aspect.
- Some users in the forum had noticed that they had log messages saying that pid files
could not be created because the files or directories did not exist. The pid files
were being tried to be stored in /var/run/pppd/ but the pppd directory did not exist.
- This patch submission adds the --with-runtime-dir=/var/run option to the ppp configure
command. This basically makes ppp act the same as it used to do previously with version
2.5.0 and earlier.
- Changing IPFire to use /var/run/pppd/ is not a good idea as then there are several
locations in IPFire that specify the pid directory location to /var/run/ as hard coded
path. All of these locations would need to be identified and changed.
- Leaving IPFire to use /var/run means that only the ppp configure command needs to be
modified.
- I hope that @adamgibbo and @markadewwet will be able to test out this change in CU187
Testing when it is accepted. Those two users have got the pid error messages.
- Even if the ppp pid file can not be stored ppp will still successfully start. However
the likelihood is that stoppinf ppp will not work as would be expected. This patch
ensures that ppp will be able to store its pid files asa required whyen starting up.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Mon, 10 Jun 2024 10:24:00 +0000 (10:24 +0000)]
ca-certificates: Update root CA certificates bundle
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Robin Roevens [Sat, 8 Jun 2024 20:04:56 +0000 (22:04 +0200)]
zabbix_agentd: Update to 6.0.30 (LTS)
- Update from version 6.0.27 to 6.0.30
- Update of rootfile not required
Bugs fixed:
- ZBX-23853: Fixed duplicate agent check timestamps when time shifts back due to system clock synchronization
Full changelogs since 6.0.27:
- https://www.zabbix.com/rn/rn6.0.28
- https://www.zabbix.com/rn/rn6.0.29
- https://www.zabbix.com/rn/rn6.0.30 Reviewed-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 7 Jun 2024 12:47:41 +0000 (14:47 +0200)]
hplip: Update to version 3.23.12
- Update from version 3.23.5 to 3.23.12
- Update of rootfile
- Changelog
3.23.12
Added support for the following new Printers:
HP OfficeJet Pro 9130b series
HP OfficeJet Pro 9120b series
HP OfficeJet Pro 9110b series
HP Color LaserJet Enterprise Flow MFP X58045z
HP Color LaserJet Enterprise Flow MFP X58045zs
HP Color LaserJet Enterprise MFP X58045dn
HP Color LaserJet Enterprise MFP X58045
HP LaserJet Pro P1106 plus
HP LaserJet Pro P1108 plus
3.23.8
Added support for following new Distro's:
OpenSuse 15.5
Fedora 38
Ubuntu 23.04
Added support for the following new Printers:
HP Color LaserJet Pro MFP 4301dwe
HP Color LaserJet Pro MFP 4301fdne
HP Color LaserJet Pro MFP 4301fdwe
HP Color LaserJet Pro MFP 4301cdwe
HP Color LaserJet Pro MFP 4301cfdne
HP Color LaserJet Pro MFP 4301cfdwe
HP Color LaserJet Pro MFP 4302dwe
HP Color LaserJet Pro MFP 4302fdne
HP Color LaserJet Pro MFP 4302fdwe
HP Color LaserJet Pro MFP 4302cdwe
HP Color LaserJet Pro MFP 4302fdn
HP Color LaserJet Pro MFP 4302fdw
HP Color LaserJet Pro MFP 4303dw
HP Color LaserJet Pro MFP 4303fdn
HP Color LaserJet Pro MFP 4303fdw
HP Color LaserJet Pro MFP 4303cdw
HP Color LaserJet Pro MFP 4303cfdn
HP Color LaserJet Pro MFP 4303cfdw
HP Color LaserJet Pro 4201dne
HP Color LaserJet Pro 4201dwe
HP Color LaserJet Pro 4201cdne
HP Color LaserJet Pro 4201cdwe
HP Color LaserJet Pro 4202dne
HP Color LaserJet Pro 4202dwe
HP Color LaserJet Pro 4202dn
HP Color LaserJet Pro 4202dw
HP Color LaserJet Pro 4203dn
HP Color LaserJet Pro 4203dw
HP Color LaserJet Pro 4203cdn
HP Color LaserJet Pro 4203cdw
HP DeskJet 2800 All-in-One Printer series
HP DeskJet 2800e All-in-One Printer series
HP DeskJet Ink Advantage 2800 All-in-One Printer series
HP DeskJet 4200 All-in-One Printer series
HP DeskJet 4200e All-in-One Printer series
HP DeskJet Ink Advantage 4200 All-in-One Printer series
HP DeskJet Ink Advantage Ultra 4900 All-in-One Printer series
Known issues:
1. USB print feature is not working properly with FW version 6.17.X.X for
HP Color LaserJet Pro MFP 4303 devices
2. An I/O error is observed when attempting to add a HP Color LaserJet
Pro MFP 4303series device via wireless option.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 7 Jun 2024 12:47:40 +0000 (14:47 +0200)]
ethtool: Update to version 6.9
- Update from version 6.7 to 6.9
- Update of rootfile not required
- Changelog
6.9
* Feature: support for rx-flow-hash gtp (-N)
* Feature: support for RSS input transformation (-X)
* Fix: typo in coalescing output (-c)
* Fix: document all debugging flags in man page
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 6 Jun 2024 16:48:43 +0000 (18:48 +0200)]
mpd: Ship to use new libid3tag library
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 6 Jun 2024 16:48:42 +0000 (18:48 +0200)]
minidlna: Ship to use new libid3tag library
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 6 Jun 2024 16:48:41 +0000 (18:48 +0200)]
libid3tag: Update to version 0.16.3
- Update from version 0.15.1b to 0.16.3
- Update of rootfile
- A new fork has been made of the libid3tag. This is now being managed by Tenacity.
The latest version has a library change so that any package using the old version will
work with the new one.
- Changelog
0.16.3
This release fixes backwards compatibility issues with libid3tag 0.15.1b.
#8 - Define a separate library soversion, which is set to 0 to preserve ABI
compatibility.
Note: no functionality was changed in this release. This and the previous release
are identical in terms of functionality.
Compatibility
With the changes listed above, libid3tag is both source compatible and
binary (ABI) compatible with programs linked against libid3tag 0.15.1b.
We will continue to guarantee this compatibility for as long as we can.
Existing libid3tag 0.15.1b packages can be easily switched to this
version without breakage.
Reporting Issues or Contributing Patches
Our version of libid3tag contains all kinds of integrated packages plus
our own tweaks. However, if you have a patch or two that haven't been
integrated into our fork yet, please feel free to open a pull request.
Just like Tenacity, we aim to have libid3tag packaged and working on as
many platforms as we can without patches.
0.16.2
Fix null pointer dereference in id3_ucs4_length (CVE-2017-11550)
0.16.1
Fix exported CMake config file
Fix pkgconfig file name to match Linux distro packages
(id3tag instead of libid3tag).
0.16.0
Add CMake build system
Remove autotools build system
Install pkgconfig and CMake config files
Apply patches from Debian, Fedora, Arch, and Gentoo
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 6 Jun 2024 13:50:32 +0000 (15:50 +0200)]
mdadm: Update to version 4.3
- Update from version 4.2 to 4.3
- Update or rootfile not required
- Changelog
4.3
No logfile information available. Details can be found from the git commit log
https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/log/
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 6 Jun 2024 13:50:31 +0000 (15:50 +0200)]
curl: Update to version 8.8.0
- Update from version 8.2.1 to 8.8.0
- Update of rootfile
- Removal of patch as the content now included in the source tarball.
- Changelog
8.8.0
Changes:
curl_version_info: provide librtmp version
file: add support for directory listings
idn: add native AppleIDN (icucore) support for macOS/iOS
lib: add curl_multi_waitfds
mbedTLS: implement CURLOPT_SSL_CIPHER_LIST option
NTLM_WB: drop support
TLS: add support for ECH (Encrypted Client Hello)
urlapi: add CURLU_GET_EMPTY for empty queries and fragments
Bugfixes:
appveyor: drop unnecessary `--clean-first` cmake option
appveyor: guard against crash-build with VS2008
appveyor: make gcc 6 mingw64 job build-only
asyn-thread: fix curl_global_cleanup crash in Windows
asyn-thread: fix Curl_thread_create result check
autotools: delete unused functions
autotools: fix `HAVE_IOCTLSOCKET_FIONBIO` test for gcc 14
autotools: only probe for SGI MIPS compilers on IRIX
bearssl: fix compiler warnings
bearssl: use common code for cipher suite lookup
bufq: remove duplicate word in comment
BUG-BOUNTY.md: clarify the third party situation
build: prefer `USE_IPV6` macro internally (was: `ENABLE_IPV6`)
build: remove MacOSX-Framework script
cd2nroff/manage: use UTC when SOURCE_DATE_EPOCH is set
cf-https-connect: use timeouts as unsigned ints
cf-socket: don't try getting local IP without socket
cf-socket: remove references to l_ip, l_port
ci: add curl-for-win builds: Linux MUSL, macOS, Windows
cmake: add `BUILD_EXAMPLES` option to build examples
cmake: add librtmp/rtmpdump option and detection
cmake: check fseeko after detecting HAVE_FILE_OFFSET_BITS
cmake: do not pass linker flags to the static library tool
cmake: enable `-pedantic-errors` for clang when `CURL_WERROR=ON`
cmake: FindNGHTTP2 add static lib name to find_library call
cmake: fix `CURL_WERROR=ON` for old CMake and use it in GHA/linux-old
cmake: fix `HAVE_IOCTLSOCKET_FIONBIO` test with gcc 14
cmake: fixup `DEPENDS` filename
cmake: forward `USE_LIBRTMP` option to C
cmake: generate misc manpages and install `mk-ca-bundle.pl`
cmake: initialize `BUILD_TESTING` before first use
cmake: speed up libcurl doc building again
cmake: tidy-up to use `WORKING_DIRECTORY`
cmake: use namespaced custom target names
cmdline-docs: fix make install with configure --disable-docs
configure: error on missing perl if docs or manual is enabled
configure: make --disable-docs imply --disable-manual
content_encoding: brotli and others, pass through 0-length writes
content_encoding: ignore duplicate chunked encoding
content_encoding: reject transfer-encoding after chunked
contrithanks: honor `CURLWWW` variable
curl-confopts.m4: define CARES_NO_DEPRECATED when c-ares is used
curl.h: change CURL_SSLVERSION_* from enum to defines
curl: make --help adapt to the terminal width
curl: use curl_getenv instead of the curlx_ version
Curl_creader_read: init two variables to avoid using them uninited
curl_easy_pause.md: use correct defines in example
curl_getdate.md: document two-digit year handling
curl_global_trace.md: shorten the description
curl_multibyte: remove access() function wrapper for Windows
curl_path: make Curl_get_pathname use dynbuf
curl_setup.h: add support for IAR compiler
curl_setup.h: detect 'inline' support
curl_sha512_256: do not use workaround for NetBSD when not needed
curl_sha512_256: fix detection of OpenSSL 1.1.1 or later
curl_url_get.md: clarify queries and fragments and CURLU_GET_EMPTY
CURLINFO_REQUEST_SIZE: fixed, add tests for transfer infos reported
CURLOPT_WRITEFUNCTION.md: fix the callback proto in the example
cw-out: improved error handling
DEPRECATE.md: TLS libraries without 1.3 support
digest: replace strcpy for empty string with simple assignment
dist: `set -eu`, fix shellcheck, make reproducible and smaller tarballs
dist: add files missing from release tarball
dist: add reproducible dir entries to tarballs
dist: do not require Perl in `maketgz`
dist: remove the curl-config.1 from the tarball
dist: verify tarball reproducibility in CI
DISTROS: add patch and issues link for curl-for-win
DISTROS: Cygwin updates
dllmain: Call OpenSSL thread cleanup for Windows and Cygwin
doc: pytest `--repeat` -> `--count`
docs/cmdline-opts: invoke managen using a relative path
docs/cmdline-opts: mention STARTTLS for --ssl and --ssl-reqd
docs: add CURLOPT_NOPROGRESS to CURLOPT_XFERINFOFUNCTION example
docs: clarify CURLOPT_MAXFILESIZE and CURLOPT_MAXFILESIZE_LARGE
docs: fix some CURLINFO examples
doh: fix typo in comment
doh: remove unused function prototype
dynbuf: fix returncode on memory error
examples: fix/silence `-Wsign-conversion`
EXPERIMENTAL: add graduation requirements for each feature
file: remove useless assignment
ftp: add tracing support
ftp: fix build for CURL_DISABLE_VERBOSE_STRINGS
ftp: fix socket leak on rare error
GHA: add NetBSD, OpenBSD, FreeBSD/arm64 and OmniOS jobs
GHA: add shellcheck job and fix warnings, shell tidy-ups
GHA: add valgrind to a wolfSSL build
GHA: on macOS remove $HOME/.curlrc
GHA: pin dependencies
gnutls: lazy init the trust settings
h3/ngtcp2: improve error handling
hash: change 'slots' to size_t from int
hash: delete unused debug function
hsts: explicitly skip blank lines
hsts: remove single-use single-line function
http tests: in CI skip test_02_23* for quiche
http2 + ngtcp2: pass CURLcode errors from callbacks
http2, http3: decouple stream state from easy handle
http2: emit RST when client write fails
http3: quiche+ngtcp2 improvements
http: acknowledge a returned error code
http: HEAD response body tolerance
http: reject HTTP major version switch mid connection
http: remove redundant check
http: with chunked POST forced, disable length check on read callback
http_aws_sigv4: remove useless assignment
idn: make Curl_idnconvert_hostname() use Curl_idn_decode()
if2ip: make the buf_size arg a size_t
INSTALL-CMAKE.md: explain `cmake -G <generator-name>`
krb5: use dynbuf
ldap: fix unused variables (seen on OmniOS)
lib/cf-h1-proxy: silence compiler warnings (gcc 14)
lib: add trace support for client reads and writes
lib: bump hash sizes to `size_t`
lib: clear the easy handle's saved errno before transfer
lib: fix compiler warnings (gcc)
lib: make protocol handlers store scheme name lowercase
lib: merge `ENABLE_QUIC` C macro into `USE_HTTP3`
lib: remove two instances of "only only" messages
lib: silence `-Wsign-conversion` in base64, strcase, mprintf
lib: silence warnings on comma misuse
lib: use `#error` instead of invalid syntax in `curl_setup_once.h`
lib: use multi instead of multi_easy for the active multi
libcurl-opts: mention pipelining less
libssh2: delete redundant feature guard
libssh2: replace `access()` with `stat()`
libssh2: set length to 0 if strdup failed
m4: fix rustls pkg-config codepath
MAIL-ETIQUETTE: convert to markdown
makefile: remove the sorting from the vc-ide action
maketgz: put docs/RELEASE-TOOL.md into the tarball
managen: fix the option sort order
mbedtls: call mbedtls_ssl_setup() after RNG callback is set
mbedtls: cut off trailing newlines from debug logs
mbedtls: fix building with v3 in CMake Unity mode
mbedtls: support TLS 1.3
mime: avoid using access()
misc: fix typos
misc: fix typos, quoting and spelling
mprintf: check fputc error rather than matching returned character
mqtt: when Curl_xfer_recv returns error, don't use nread
multi: avoid memory-leak risk
multi: introduce SETUP state for better timeouts
multi: multi_wait improvements
multi: remove the unused Curl_preconnect function
multi: remove useless assignment
multi: timeout handles even without connection
openldap: create ldap URLs correctly for IPv6 addresses
openssl: do not set SSL_MODE_RELEASE_BUFFERS
openssl: revert keylog_callback support for LibreSSL
OS400: fix shellcheck warnings in scripts
projects: drop MSVC project files for recent versions
pytest: add DELETE tests, check server version
pytest: fixes for recent python, add FTP tests
quic: fixup duplicate static function name (for cmake unity)
quiche: expire all active transfers on connection close
quiche: trust its timeout handling
RELEASE-PROCEDURE: mention an initial working build
request: make Curl_req_init return void
request: paused upload on completed download, assess connection
reuse: add copyright + license info to individual docs/*.md files
ROADMAP: remove completed entries, mention websocket
rustls: fix handshake done handling
rustls: fix partial send handling
rustls: remove incorrect SSLSUPP_TLS13_CIPHERSUITES flag
rustsls: fix error code on receive
sendf: fix two typos in comments
sendf: useless assignment in cr_lc_read()
setopt: acknowledge errors proper for CURLOPT_COOKIEJAR
setopt: make the setstropt_userpwd args compulsory
setopt: remove check for 'option' that is always true
setopt: warn on Curl_set*opt() uses not using the return value
smtp: result of Curl_bufq_cread was not used
socket: remove redundant call to getsockname
socketpair: fix compilation when USE_UNIX_SOCKETS is not defined
src: tidy up types, add necessary casts
telnet: check return code from fileno()
tests/http: fix compiler warning
tests: add -q as first option when invoking curl for tests
tests: check caddy server version to match test expectations
tests: enable test 1117 for hyper
tests: fix feature case in test1481
tests: fix test 1167 to skip digit-only symbols
tests: make the unit test result type `CURLcode`
tests: Mark tftpd timer function as noreturn
tests: tidy up types in server code
tls: fix SecureTransport + BearSSL cmake unity builds
tls: remove EXAMPLEs from deprecated options
tls: use shared init code for TCP+QUIC
tool: move tool_ftruncate64 to tool_util.c
tool_cb_rea: limit rate unpause for -T . uploads
tool_cfgable: free {proxy_}cipher13_list on exit
tool_getparam: output warning for leading unicode quote character
tool_getparam: remove two redundant conditions
tool_operate: don't truncate the etag save file by default
tool_operate: init vars unconditionally in post_per_transfer
tool_paramhlp: remove duplicate assign
tool_xattr: "guess" URL scheme if none is provided
tool_xattr: in debug builds, act normally if CURL_FAKE_XATTR is not set
transfer: remove useless assignment
url: do not URL decode proxy crendentials
url: fix use of an uninitialized variable
url: make parse_login_details use memdup0
url: remove duplicate call to Curl_conncache_remove_conn when pruning
urlapi: allow setting port number zero
urlapi: fix relative redirects to fragment-only
urldata: remove fields not used depending on used features
vauth: make two functions void that always just returned OK
version: use msnprintf instead of strncpy
vquic-tls: use correct cert name check API for wolfSSL
vquic: use CURL_FORMAT_CURL_OFF_T for 64 bit printf output
vtls: TLS session storage overhaul
wakeup_create: use FD_CLOEXEC/SOCK_CLOEXEC
warnless: delete orphan declarations
websocket: avoid memory leak in error path
winbuild: add ENABLE_WEBSOCKETS option
winbuild: use $(RC) correctly
wolfssl: plug memory leak in wolfssl_connect_step2()
x509asn1: return error on missing OID
8.7.1
Bugfixes:
Fixed empty tool_hugehelp.c file
8.7.0
Changes:
configure: add --disable-docs flag
CURLINFO_USED_PROXY: return bool whether the proxy was used
digest: support SHA-512/256
DoH: add trace configuration
write-out: add '%{proxy_used}'
Bugfixes:
ALTSVC.md: correct a typo
asyn-ares: fix data race warning
asyn-thread: use wakeup_close to close the read descriptor
badwords: use hostname, not host name
BINDINGS: add mcurl, the python binding
bufq: writing into a softlimit queue cannot be partial
c-hyper: add header collection writer in hyper builds
cd2nroff: gen: make `\>` in input to render as plain '>' in output
cd2nroff: remove backticks from titles
checksrc.pl: fix handling .checksrc with CRLF
cmake: add USE_OPENSSL_QUIC support
cmake: add warning for using TLS libraries without 1.3 support
cmake: enable `ENABLE_CURL_MANUAL` by default
cmake: fix `CURL_WINDOWS_SSPI=ON` with Schannel disabled
cmake: fix function description in comment
cmake: fix install for older CMake versions
cmake: fix libcurl.pc and curl-config library specifications
cmdline-docs/Makefile: avoid using a fixed temp file name
cmdline-docs: quote and angle bracket cleanup
cmdline-opts/_EXITCODES: sync with libcurl-errors
cmdline-opts/_VARIABLES.md: improve the description
cmdline-opts/_VERSION: provide %VERSION correctly
cmdline-opts: shorter help texts
configure: add pkg-config support to rustls detection
configure: add warning for using TLS libraries without 1.3 support
configure: build & install shell completions when enabled
configure: do not link with nghttp3 unless necessary
configure: Don't build shell completions when disabled
configure: Don't make shell completions without perl
configure: find libpsl with pkg-config
connect.c: fix typo
CONTRIBUTE: update the section on documentation format
cookie.md: provide an example sending a fixed cookie
cookie: if psl fails, reject the cookie
curl: exit on config file parser errors
curl: make --libcurl output better CURLOPT_*SSLVERSION
curl: when allocating variables, add the name into the struct
curl_setup.h: add curl_uint64_t internal type
curldown: fix email address in Copyright
CURLMOPT_MAX*: mention what happens if changed mid-transfer
CURLOPT_INTERFACE.md: remove spurious amp, add see-also
CURLOPT_POSTQUOTE.md: fix typo
CURLOPT_SSL_CTX_FUNCTION.md: no promises of lifetime after return
CURLOPT_WRITEFUNCTION.md: typo fix
digest: add check for hashing error
dist: make sure the http tests are in the tarball
DISTROS: add document with distro pointers
docs/libcurl: add TLS backend info for all TLS options
docs/libcurl: generate PROTOCOLS from meta-data
docs: add missing slashes to SChannel client certificate documentation
docs: add necessary setup for nghttp3
docs: ascii version of manpage without nroff
docs: dist curl*.1 and install without perl
docs: make curldown do angle brackets like markdown
docs: make each libcurl man specify protocol(s)
docs: make sure curl.1 is included in dist tarballs
docs: update minimal binary size in INSTALL.md
docs: use present tense
examples: use present tense in comments
file: use xfer buf for file:// transfers
fopen: fix narrowing conversion warning on 32-bit Android
form-string.md: correct the example
ftp: do lineend conversions in client writer
ftp: fix socket wait activity in ftp_domore_getsock
ftp: tracing improvements
ftp: treat a 226 arriving before data as a signal to read data
gen.pl: make the "manpageification" faster
gen: make `\>` in input to render as plain '>' in output
getparam: make --ftp-ssl work again
GHA/linux: add sysctl trick to work-around GitHub runner issue
GIT-INFO: convert to markdown
GOVERNANCE: document the core team
header.md: remove backslash, make nicer markdown
HTTP/2: write response directly
http2, http3: return CURLE_PARTIAL_FILE when bytes were received
http2: fix push discard
http2: memory errors in the push callbacks are fatal
http2: minor tweaks to optimize two struct sizes
http2: push headers better cleanup
http2: remove the third (unused) argument from http2_data_done()
HTTP3.md: adjust the OpenSSL QUIC install instructions
http: better error message for HTTP/1.x response without status line
http: improve response header handling, save cpu cycles
http: move headers collecting to writer
http: remove stale comment about rewindbeforesend
http: separate response parsing from response action
http_chunks: fix the accounting of consumed bytes
http_chunks: remove unused 'endptr' variable
https-proxy: use IP address and cert with ip in alt names
hyper: implement unpausing via client reader
ipv6.md: mention IPv4 mapped addresses
KNOWN_BUGS: POP3 issue when reading small chunks
lib1598: fix `CURLOPT_POSTFIELDSIZE` usage
lib582: remove code causing warning that is never run
lib: add `void *ctx` to reader/writer instances
lib: convert Curl_get_line to use dynbuf
lib: Curl_read/Curl_write clarifications
lib: enhance client reader resume + rewind
lib: initialize output pointers to NULL before calling strto[ff,l,ul]
lib: keep conn IP information together
lib: move 'done' parameter to SingleRequests
lib: remove curl_mimepart object when CURL_DISABLE_MIME
libcurl-docs: cleanups
libcurl-security.md: Active FTP passes on the local IP address
libssh/libssh2: return error on too big range
MANUAL.md: fix typo
mbedtls: fix building when MBEDTLS_X509_REMOVE_INFO flag is defined
mbedtls: fix pytest for newer versions
mbedtls: properly cleanup the thread-shared entropy
mbedtls: use mbedtls_ssl_conf_{min|max}_tls_version
md4: include strdup.h for the memdup proto
mime: add client reader
misc: fix typos in docs and lib
mkhelp: simplify the generated hugehelp program
mprintf: fix format prefix I32/I64 for windows compilers
multi: add xfer_buf to multi handle
multi: fix multi_sock handling of select_bits
multi: make add_handle free any multi_easy
ngtcp2: no recvbuf for stream
ntml_wb: fix buffer type typo
OpenSSL QUIC: adapt to v3.3.x
openssl-quic: check on Windows that socket conv to int is possible
openssl-quic: fix BIO leak and Windows warning
openssl-quic: fix unity build, casing, indentation
OS400: avoid using awk in the build scripts
paramhlp: fix CRLF-stripping files with "-d @file"
proxy1.0.md: fix example
pytest: adapt to API change
request: clarify message when request has been sent off
rustls: make curl compile with 0.12.0
schannel: fix hang on unexpected server close
scripts: fix cijobs.pl for Azure and GHA
sendf: ignore response body to HEAD
setopt: fix check for CURLOPT_PROXY_TLSAUTH_TYPE value
setopt: fix disabling all protocols
sha512_256: add support for GnuTLS and OpenSSL
smtp: fix STARTTLS
SPONSORS: describe the basics
strtoofft: fix the overflow check
test 1541: verify getinfo values on first header callback
test1165: improve pattern matching
tests: support setting/using blank content env variables
TIMER_STARTTRANSFER: set the same for everyone
TLS: start shutdown only when peer did not already close
TODO: update 13.11 with more information
tool_cb_hdr: only parse etag + content-disposition for 2xx
tool_getparam: accept a blank -w ""
tool_getparam: handle non-existing (out of range) short-options
tool_operate: change precedence of server Retry-After time
tool_operate: do not set CURLOPT_QUICK_EXIT in debug builds
trace-config.md: remove the mutexed options list
transfer.c: break receive loop in speed limited transfers
transfer: improve Windows SO_SNDBUF update limit
urldata: move authneg bit from conn to Curl_easy
version: allow building with ancient libpsl
vquic-tls: fix the error code returned for bad CA file
vtls: fix tls proxy peer verification
vtls: revert "receive max buffer" + add test case
VULN-DISCLOSURE-POLICY.md: update detail about CVE requests
websocket: fix curl_ws_recv()
wolfSSL: do not call the stub function wolfSSL_BIO_set_init()
write-out.md: clarify error handling details
8.6.0
Changes:
add CURLE_TOO_LARGE
add CURLINFO_QUEUE_TIME_T
add CURLOPT_SERVER_RESPONSE_TIMEOUT_MS: add
asyn-thread: use GetAddrInfoExW on >= Windows 8
configure: make libpsl detection failure cause error
docs/cmdline: change to .md for cmdline docs
docs: introduce "curldown" for libcurl man page format
runtests: support -gl. Like -g but for lldb.
Bugfixes:
altsvc: free 'as' when returning error
appveyor: replace PowerShell with bash + parallel autotools
appveyor: switch to out-of-tree builds
asyn-ares: with modern c-ares, use its default timeout
build: delete unused `HAVE_{GSSHEIMDAL,GSSMIT,HEIMDAL}`
build: delete/replace clang warning pragmas
build: enable missing OpenSSF-recommended warnings, with fixes
build: fix `-Wconversion`/`-Wsign-conversion` warnings
build: fix Windows ADDRESS_FAMILY detection
build: more `-Wformat` fixes
build: remove redundant `CURL_PULL_*` settings
cf-h1-proxy: no CURLOPT_USERAGENT in CONNECT with hyper
cf-socket: show errno in tcpkeepalive error messages
CI/distcheck: run full tests
cmake: add option to disable building docs
cmake: fix generation for system name iOS
cmake: fix typo
cmake: freshen up docs/INSTALL.cmake
cmake: prefill/cache `HAVE_STRUCT_SOCKADDR_STORAGE`
cmake: rework options to enable curl and libcurl docs
cmake: when USE_MANUAL=YES, build the curl.1 man page
cmdline-opts/write-out.d: remove spurious double quotes
cmdline-opts: update availability for the *-ca-native options
cmdline/gen: fix the sorting of the man page options
configure: add libngtcp2_crypto_boringssl detection
configure: fix no default int compile error in ipv6 detection
configure: when enabling QUIC, check that TLS supports QUIC
connect: remove margin from eyeballer alloc
content_encoding: change return code to typedef'ed enum
cookie.d: document use of empty string to enable cookie engine
cookie: avoid fopen with empty file name
curl.h: CURLOPT_DNS_SERVERS is only available with c-ares
curl: show ipfs and ipns as supported "protocols"
curl_easy_getinfo.3: remove the wrong time value count
curl_multi_fdset.3: remove mention of null pointer support
CURLINFO_REFERER.3: clarify that it is the *request* header
CURLOPT_AUTOREFERER.3: mention CURLINFO_REFERER
CURLOPT_POSTFIELDS.3: fix incorrect C string escape in example
CURLOPT_SSH_*_KEYFILE: clarify
dist: add tests/errorcodes.pl to the tarball
docs: clean up Protocols: for cmdline options
docs: describe and highlight super cookies
docs: do not start lines/sentences with So, But nor And
docs: install curl.1 with cmake
docs: mention env vars not used by schannel
doh: remove unused local variable
examples: add four new examples
file+ftp: use stack buffers instead of data->state.buffer
ftp: handle the PORT parsing without allocation
ftp: use dynbuf to store entrypath
ftp: use memdup0 to store the OS from a SYST 215 response
ftpserver.pl: send 213 SIZE response without spurious newline
gen.pl: support ## for doing .IP in table-like lists
gen: do italics/bold for a range of letters, not just single word
GHA: add a job scanning for "bad words" in markdown
GHA: bump ngtcp2, gnutls, mod_h2, quiche
gnutls: fix build with --disable-verbose
haproxy-clientip.d: document the arg
headers: make sure the trailing newline is not stored
headers: remove assert from Curl_headers_push
hostip: return error immediately when Curl_ip2addr() fails
hsts: remove assert for zero length domain
http2: improved on_stream_close/data_done handling
http3/quiche: fix result code on a stream reset
http3: initial support for OpenSSL 3.2 QUIC stack
http: adjust_pollset fix
http: check for "Host:" case insensitively
http: fix off-by-one error in request method length check
http: only act on 101 responses when they are HTTP/1.1
http: remove comment reference to a removed solution
http: use stack scratch buffer
http_proxy: a blank CURLOPT_USERAGENT should not be used in CONNECT
krb5: add prototype to silence clang warnings on mvsnprintf()
lib: add debug log outputs for CURLE_BAD_FUNCTION_ARGUMENT
lib: error out on multissl + http3
lib: fix variable undeclared error caused by `infof` changes
lib: reduce use of strncpy
lib: rename Curl_strndup to Curl_memdup0 to avoid misunderstanding
lib: replace readwrite with write_resp
lib: strndup/memdup instead of malloc, memcpy and null-terminate
libssh2: use `libssh2_session_callback_set2()` with v1.11.1
libssh: improve the deprecation warning dismissal
libssh: supress warnings without version check
Makefile.am: fix the MSVC project generation
Makefile.mk: drop Windows support
mbedtls: fix `-Wnull-dereference` and `-Wredundant-decls`
mbedtls: free the entropy when threaded
mime: use memdup0 instead of malloc + memcpy
mksymbolsmanpage.pl: provide references to where the symbol is used
mprintf: overhaul and bugfixes
mqtt: use stack scratch buffer for recv+publish
multi: remove total timer reset in file_do() while fetching file://
ngtcp2: put h3 at the front of alpn
ntlm_wb: do not use data->state.buffer any longer
openldap: fix an LDAP crash
openldap: fix STARTTLS
openssl: re-match LibreSSL deinit with init
openssl: when verifystatus fails, remove session id from cache
OS400: sync ILE/RPG binding
pingpong: stop using the download buffer
pop3: replace calloc + memcpy with memdup0
pytest: scorecard tracking CPU and RSS
quiche: return CURLE_HTTP3 on send to invalid stream
readwrite_data: loop less
Revert "urldata: move async resolver state from easy handle to connectdata"
rtsp: deal with borked server responses
runtests: for mode="text" on <stdout>, fix newlines on both parts
sasl: make login option string override http auth
schannel: fix `-Warith-conversion` gcc 13 warning
sectransp: do verify_cert without memdup for blobs
sectransp_ make TLSCipherNameForNumber() available in non-verbose config
sendf: fix compiler warning with CURL_DISABLE_HEADERS_API
setopt: clear mimepost when formp is freed
setopt: use memdup0 when cloning COPYPOSTFIELDS
socks: fix generic output string to say SOCKS instead of SOCKS4
socks: use own buffer instead of data->state.buffer
ssh: fix namespace of two local macros
ssh: use stack scratch buffer for seeks
strerror: repair get_winsock_error()
system.h: sync mingw `CURL_TYPEOF_CURL_SOCKLEN_T` with other compilers
system_win32: fix a function pointer assignment warning
telnet: use dynbuf instad of malloc for escape buffer
telnet: use stack scratch buffer for do
tests/server: delete workaround for old-mingw
tests: avoid int/size_t conversion size/sign warnings
tests: respect $TMPDIR when creating unix domain sockets
tool: make parser reject blank arguments if not supported
tool: prepend output_dir in header callback
tool_getparam: bsearch cmdline options
tool_getparam: do not try to expand without an argument
tool_getparam: stop supporting `@filename` style for --cookie
tool_listhelp: regenerate after recent .d updates
tool_operate: make --remove-on-error only remove "real" files
tool_operate: stop setting the file comment on Amiga
transfer: adjust_pollset improvements
transfer: fix upload rate limiting, add test cases
transfer: make the select_bits_paused condition check both directions
transfer: remove warning: Value stored to 'blen' is never read
url: don't set default CA paths for Secure Transport backend
url: for disabled protocols, mention if found in redirect
urlapi: remove assert
verify-examples.pl: fail verification on unescaped backslash
version: show only the libpsl version, not its dependencies
vquic: extract TLS setup into own source
vtls: fix missing multissl version info
vtls: receive max buffer
vtls: remove the Curl_cft_ssl_proxy object if CURL_DISABLE_PROXY
websockets: check for negative payload lengths
websockets: refactor decode chain
windows: delete redundant headers
windows: simplify detecting and using system headers
wolfssl: load certificate *chain* for PEM client certs
x509asn1: remove code for WANT_VERIFYHOST
x509asn1: switch from malloc to dynbuf
8.5.0
Changes:
gnutls: support CURLSSLOPT_NATIVE_CA
HTTP3: ngtcp2 builds are no longer experimental
Bugfixes:
appveyor: make VS2008-built curl tool runnable
asyn-thread: use pipe instead of socketpair for IPC when available
autotools: accept linker flags via `CURL_LDFLAGS_{LIB,BIN}`
autotools: avoid passing `LDFLAGS` twice to libcurl
autotools: delete LCC compiler support bits
autotools: fix/improve gcc and Apple clang version detection
autotools: stop setting `-std=gnu89` with `--enable-warnings`
autotools: update references to deleted `crypt-auth` option
BINDINGS: add V binding
build: add `src/.checksrc` to source tarball
build: add more picky warnings and fix them
build: always revert `#pragma GCC diagnostic` after use
build: delete `HAVE_STDINT_H` and `HAVE_INTTYPES_H`
build: delete support bits for obsolete Windows compilers
build: fix 'threadsafe' feature detection for older gcc
build: fix builds that disable protocols but not digest auth
build: fix compiler warning with auths disabled
build: fix libssh2 + `CURL_DISABLE_DIGEST_AUTH` + `CURL_DISABLE_AWS`
build: picky warning updates
build: require Windows XP or newer
cfilter: provide call to tell connection to forget a socket
CI: add autotools, out-of-tree, debug build to distro check job
CI: ignore test 286 on Appveyor gcc 9 build
cmake: add `CURL_DISABLE_BINDLOCAL` option
cmake: add test for `DISABLE` options, add `CURL_DISABLE_HEADERS_API`
cmake: dedupe Windows system libs
cmake: fix `HAVE_H_ERRNO_ASSIGNABLE` detection
cmake: fix CURL_DISABLE_GETOPTIONS
cmake: fix multiple include of CURL package
cmake: fix OpenSSL quic detection in quiche builds
cmake: option to disable install & drop `curlu` target when unused
cmake: pre-fill rest of detection values for Windows
cmake: replace `check_library_exists_concat()`
cmake: speed up threads setup for Windows
cmake: speed up zstd detection
config-win32: set `HAVE_SNPRINTF` for mingw-w64
configure: better --disable-http
configure: check for the fseeko declaration too
conncache: use the closure handle when disconnecting surplus connections
content_encoding: make Curl_all_content_encodings allocless
cookie: lowercase the domain names before PSL checks
curl.h: delete Symbian OS references
curl.h: on FreeBSD include sys/param.h instead of osreldate.h
curl.rc: switch out the copyright symbol for plain ASCII
curl: improved IPFS and IPNS URL support
curl_easy_duphandle.3: clarify how HSTS and alt-svc are duped
Curl_http_body: cleanup properly when Curl_getformdata errors
curl_setup: disallow Windows IPv6 builds missing getaddrinfo
curl_sspi: support more revocation error names in error messages
CURLINFO_PRETRANSFER_TIME_T.3: fix time explanation
CURLMOPT_MAX_CONCURRENT_STREAMS: make sure the set value is within range
CURLOPT_CAINFO_BLOB.3: explain what CURL_BLOB_COPY does
CURLOPT_WRITEFUNCTION.3: clarify libcurl returns for CURL_WRITEFUNC_ERROR
CURPOST_POSTFIELDS.3: add CURLOPT_COPYPOSTFIELDS in SEE ALSO
docs/example/keepalive.c: show TCP keep-alive options
docs/example/localport.c: show off CURLOPT_LOCALPORT
docs/examples/interface.c: show CURLOPT_INTERFACE use
docs/libcurl: fix three minor man page format mistakes
docs/libcurl: SYNSOPSIS cleanup
docs: add supported version for the json write-out
docs: clarify that curl passes on input unfiltered
docs: fix function typo in curl_easy_option_next.3
docs: KNOWN_BUGS cleanup
docs: preserve the modification date when copying the prebuilt man page
docs: remove bold from some man page SYNOPSIS sections
docs: use SOURCE_DATE_EPOCH for generated manpages
doh: provide better return code for responses w/o addresses
doh: use PIPEWAIT when HTTP/2 is attempted
duphandle: also free 'outcurl->cookies' in error path
duphandle: make dupset() not return with pointers to old alloced data
duphandle: use strdup to clone *COPYPOSTFIELDS if size is not set
easy: in duphandle, init the cookies for the new handle
easy: remove duplicate wolfSSH init call
easy_lock: add a pthread_mutex_t fallback
fopen: create new file using old file's mode
fopen: create short(er) temporary file name
getenv: PlayStation doesn't have getenv()
GHA: move mod_h2 version in CI to v2.0.25
hostip: show the list of IPs when resolving is done
hostip: silence compiler warning `-Wparentheses-equality`
hsts: skip single-dot hostname
HTTP/2, HTTP/3: handle detach of onoing transfers
http2: header conversion tightening
http2: provide an error callback and failf the message
http2: safer invocation of populate_binsettings
http: allow longer HTTP/2 request method names
http: avoid Expect: 100-continue if Upgrade: is used
http: consider resume with CURLOPT_FAILONERRROR and 416 to be fine
http: fix `-Wunused-parameter` with no auth and no proxy
http: fix `-Wunused-variable` compiler warning
http: fix empty-body warning
http_aws_sigv4: canonicalise valueless query params
hyper: temporarily remove HTTP/2 support
INSTALL: update list of ports and CPU archs
IPFS: fix IPFS_PATH and file parsing
keylog: disable if unused
lib: add and use Curl_strndup()
lib: apache style infof and trace macros/functions
lib: fix gcc warning in printf call
libcurl-errors.3: sync with current public headers
libcurl-thread.3: simplify the TLS section
Makefile.am: drop vc10, vc11 and vc12 projects from dist
Makefile.mk: fix `-rtmp` option for non-Windows
mime: store "form escape" as a single bit
misc: fix -Walloc-size warnings
msh3: error when built with CURL_DISABLE_SOCKETPAIR set
multi: during ratelimit multi_getsock should return no sockets
multi: use pipe instead of socketpair to *wakeup()
ngtcp2: fix races in stream handling
ntlm_wb: use pipe instead of socketpair when possible
openldap: move the alloc of ldapconninfo to *connect()
openldap: set the callback argument in oldap_do
openssl: avoid BN_num_bits() NULL pointer derefs
openssl: fix building with v3 `no-deprecated` + add CI test
openssl: fix infof() to avoid compiler warning for %s with null
openssl: identify the "quictls" backend correctly
openssl: include SIG and KEM algorithms in verbose
openssl: make CURLSSLOPT_NATIVE_CA import Windows intermediate CAs
openssl: two multi pointer checks should probably rather be asserts
openssl: when a session-ID is reused, skip OCSP stapling
page-footer: clarify exit code 25
projects: add VC14.20 project files
pytest: use lower count in repeat tests
quic: make eyeballers connect retries stop at weird replies
quic: manage connection idle timeouts
quiche: use quiche_conn_peer_transport_params()
rand: fix build error with autotools + LibreSSL
resolve.d: drop a multi use-sentence
RTSP: improved RTP parser
sasl: fix `-Wunused-function` compiler warning
schannel: add CA cache support for files and memory blobs
setopt: check CURLOPT_TFTP_BLKSIZE range on set
setopt: remove outdated cookie comment
setopt: remove superfluous use of ternary expressions
socks: better buffer size checks for socks4a user and hostname
socks: make SOCKS5 use the CURLOPT_IPRESOLVE choice
symbols-in-versions: the CLOSEPOLICY options are deprecated
test1683: remove commented-out check alternatives
test3103: add missing quotes around a test tag attribute
test613: stop showing an error on missing output file
tests/README: SOCKS tests are not using OpenSSH, it has its own server
tests/server: add more SOCKS5 handshake error checking
tests: Fix Windows test helper tool search & use it for handle64
tidy-up: casing typos, delete unused Windows version aliases
tool: fix --capath when proxy support is disabled
tool: support bold headers in Windows
tool_cb_hdr: add an additional parsing check
tool_cb_prg: make the carriage return fit for wide progress bars
tool_cb_wrt: fix write output for very old Windows versions
tool_getparam: limit --rate to be smaller than number of ms
tool_operate: do not mix memory models
tool_operate: fix links in ipfs errors
tool_parsecfg: make warning output propose double-quoting
tool_urlglob: fix build for old gcc versions
tool_urlglob: make multiply() bail out on negative values
tool_writeout_json: fix JSON encoding of non-ascii bytes
transfer: abort pause send when connection is marked for closing
transfer: avoid calling the read callback again after EOF
transfer: only reset the FTP wildcard engine in CLEAR state
url: don't touch the multi handle when closing internal handles
url: find scheme with a "perfect hash"
url: fix `-Wzero-length-array` with no protocols
url: fix builds with `CURL_DISABLE_HTTP`
url: protocol handler lookup tidy-up
url: proxy ssl connection reuse fix
urlapi: avoid null deref if setting blank host to url encode
urlapi: skip appending NULL pointer query
urlapi: when URL encoding the fragment, pass in the right length
urldata: make maxconnects a 32 bit value
urldata: move async resolver state from easy handle to connectdata
urldata: move cookielist from UserDefined to UrlState
urldata: move hstslist from 'set' to 'state'
urldata: move the 'internal' boolean to the state struct
vssh: remove the #ifdef for Curl_ssh_init, use empty macro
vtls: cleanup SSL config management
vtls: consistently use typedef names for OpenSSL structs
vtls: late clone of connection ssl config
vtls: use ALPN "http/1.1" for HTTP/1.x, including HTTP/1.0
VULN-DISCLOSURE-POLICY: escape sequences are not a security flaw
windows: use built-in `_WIN32` macro to detect Windows
wolfssh: remove redundant static prototypes
wolfssl: add default case for wolfssl_connect_step1 switch
wolfssl: require WOLFSSL_SYS_CA_CERTS for loading system CA
8.4.0
Changes:
curl: add support for the IPFS protocols via HTTP gateway
curl_multi_get_handles: get easy handles from a multi handle
mingw: delete support for legacy mingw.org toolchain
Bugfixes:
acinclude.m4: Document proper system truststore on FreeBSD
appveyor: fix yamlint issues, indent
appveyor: rewrite batch in PowerShell + CI improvements
autotools: adjust `CURL_CA_PATH` value to CMake
autotools: restore `HAVE_IOCTL_*` detections
base64: also build for curl
bufq: remove Curl_bufq_skip_and_shift (unused)
build: delete checks for C89 standard headers
build: do not publish `HAVE_BORINGSSL`, `HAVE_AWSLC` macros
cf-socket: simulate slow/blocked receives in debug
cmake, configure: also link with CoreServices
cmake: add check for suseconds_t
cmake: add feature checks for `memrchr` and `getifaddrs`
cmake: add missing checks
cmake: delete old `HAVE_LDAP_URL_PARSE` logic
cmake: detect `HAVE_CLOCK_GETTIME_MONOTONIC_RAW`
cmake: detect `HAVE_GETADDRINFO_THREADSAFE`
cmake: detect `sys/wait.h` and `netinet/udp.h`
cmake: detect TLS-SRP in OpenSSL/wolfSSL/GnuTLS
cmake: disable unity mode with Windows Unicode + TrackMemory
cmake: fix `HAVE_LDAP_SSL`, `HAVE_LDAP_URL_PARSE` on non-Windows
cmake: fix `HAVE_WRITABLE_ARGV` detection
cmake: fix duplicate symbols when linking tests
cmake: fix missing `zlib.h` when compiling `libcurltool`
cmake: fix stderr initialization in unity builds
cmake: fix the help text to the static build option in CMakeLists.txt
cmake: fix unity builds for more build combinations
cmake: fix unity symbol collisions in h2 builds
cmake: fix unity with Windows Unicode + TrackMemory
cmake: improve OpenLDAP builds
cmake: lib `CURL_STATICLIB` fixes (Windows)
cmake: move global headers to specific checks
cmake: pre-cache `HAVE_BASENAME` for mingw-w64 and MSVC
cmake: pre-cache `HAVE_POLL_FINE` on Windows
cmake: tidy-up `NOT_NEED_LBER_H` detection
cmake: validate `CURL_DEFAULT_SSL_BACKEND` config value
configure: check for the capath by default
configure: remove unused checks
configure: replace adhoc domain with `localhost` in tests
configure: sort AC_CHECK_FUNCS
connect: expire the timeout when trying next
connect: only start the happy eyeballs timer when needed
cookie: do not store the expire or max-age strings
cookie: remove unnecessary struct fields
cookie: set ->running in cookie_init even if data is NULL
create-dirs.d: clarify it also uses --output-dirs
curl.h: mark CURLSSLBACKEND_NSS as deprecated since 8.3.0
curl_easy_pause.3: mention h2/h3 buffering
curl_easy_pause.3: mention it works within callbacks
curl_easy_pause: set "in callback" true on exit if true
CURLOPT_DEBUGFUNCTION.3: warn about internal handles
docs/libcurl/opts/Makefile.inc: add missing manpage files
docs: adapt SEE ALSO sections to new requirements
docs: explain how PINNEDPUBLICKEY is independent of VERIFYPEER
docs: replace made up domains with example.com
docs: update curl man page references
docs: use CURLSSLBACKEND_NONE
doh: inherit DEBUGFUNCTION/DATA
escape: replace Curl_isunreserved with ISUNRESERVED
FAQ: How do I upgrade curl.exe in Windows?
GHA/linux: run singleuse to detect single-use global functions
GHA: add workflow to compare configure vs cmake outputs
h2-proxy: remove left-over mistake in drain_tunnel()
h2: testcase and fix for pausing h2 streams
h3: add support for ngtcp2 with AWS-LC builds
http2: refused stream handling for retry
http: fix CURL_DISABLE_BEARER_AUTH breakage
http: h1/h2 proxy unification
http: remove wrong comment for http_should_fail
http: use per-request counter to check too large headers
http_aws_sigv4: fix sorting with empty parts
idn: fix WinIDN null ptr deref on bad host
idn: if idn2_check_version returns NULL, return error
inet_ntop: add typecast to silence Coverity
lib: disambiguate Curl_client_write flag semantics
lib: enable hmac for digest as well
lib: failf/infof compiler warnings
lib: let the max filesize option stop too big transfers too
lib: move handling of `data->req.writer_stack` into Curl_client_write()
lib: provide and use Curl_hexencode
lib: remove TIME_WITH_SYS_TIME
lib: use wrapper for curl_mime_data fseek callback
libssh2: fix error message on failed pubkey-from-file
libssh: cap SFTP packet size sent
Makefile.mk: always set `CURL_STATICLIB` for lib (Windows)
MANUAL.md: change domain to example.com
misc: better random strings
MQTT: improve receive of ACKs
multi: do CURLM_CALL_MULTI_PERFORM at two more places
multi: fix small timeouts
multi: remove Curl_multi_dump
multi: round the timeout up to prevent early wakeups
multi: set CURLM_CALL_MULTI_PERFORM after switch to DOING_MORE
openssl: improve ssl shutdown handling
openssl: use X509_ALGOR_get0 instead of reaching into X509_ALGOR
pytest: exclude test_03_goaway in CI runs due to timing dependency
quic: set ciphers/curves the same way regular TLS does
quiche: fix build error with --with-ca-fallback
RELEASE-PROCEDURE.md: updated coming release dates
runtests: display the test status if tests appear hung
runtests: eliminate a warning on old perl versions
socks: return error if hostname too long for remote resolve
src/mkhelp: make generated code pass `checksrc`
test1056: disable on Windows
test1474: disable test on NetBSD, OpenBSD and Solaris 10
test1592: greatly increase the maximum test timeout
test1903: actually verify the cookies after the test
test1906: set a lower timeout since it's hit on Windows
test2600: remove special case handling for USE_ALARM_TIMEOUT
test650: fix an end tag typo
test661: return from test early in case of curl error
test: add missing <feature>s
tests: close the shell used to start sshd
tests: fix a race condition in ftp server disconnect
tests: fix compiler warnings
tests: Fix zombie processes left behind by FTP tests.
tests: improve SLOWDOWN test reliability by reducing sent data
tests: increase lib571 timeout from 3s to 30s
tests: log the test result code after each libtest
tests: propagate errors in libtests
tests: set --expect100-timeout to improve test reliability
tests: show which curl tool `runtests.pl` is using
tests: stop overriding the lock timeout
tftpd: always use curl's own tftp.h
tool: use our own stderr variable
tool_cb_wrt: fix debug assertion
tool_getparam: accept variable expansion on file names too
tool_setopt: remove unused function tool_setopt_flags
upload-file.d: describe the file name slash/backslash handling
url: fall back to http/https proxy env-variable if ws/wss not set
url: fix netrc info message
warnless: remove unused functions
wolfssh: do cleanup in Curl_ssh_cleanup
wolfssl: allow capath with CURLOPT_CAINFO_BLOB
wolfssl: if CURLOPT_CAINFO_BLOB is set, ignore the CA files
wolfssl: ignore errors in CA path
8.3.0
Changes:
curl: make %output{} in -w specify a file to write to
gskit: remove
lib: --disable-bindlocal builds curl without local binding support
nss: remove support for this TLS library
tool: add "variable" support
trace: make tracing available in non-debug builds
url: change default value for CURLOPT_MAXREDIRS to 30
urlapi: CURLU_PUNY2IDN - convert from punycode to IDN name
wolfssl: support loading system CA certificates
Bugfixes:
altsvc: accept and parse IPv6 addresses in response headers
asyn-ares: reduce timeout to 2000ms
aws-sigv4: canonicalize the query
aws-sigv4: fix having date header twice in some cases
aws-sigv4: handle no-value user header entries
bearssl: don't load CA certs when peer verification is disabled
bearssl: handshake fix, provide proper get_select_socks() implementation
build: fix portability of mancheck and checksrc targets
build: streamline non-UWP wincrypt detections
c-hyper: adjust the hyper to curlcode conversion
c-hyper: fix memory leaks in `Curl_http`
cf-haproxy: make CURLOPT_HAPROXY_CLIENT_IP set the *source* IP
cf-socket: log successful interface bind
CI/cirrus: disable python install on FreeBSD
CI: add a 32-bit i686 Linux build
CI: add caching to many jobs
CI: move on to ngtcp2 v0.19.1
CI: move the Alpine build from Cirrus to GHA
CI: ngtcp2-linux: use separate caches for tls libraries
CI: remove Windows builds from Cirrus, without replacement
CI: switch macOS ARM build from Cirrus to Circle CI
CI: use master again for wolfssl
cirrus: install everthing with pkg, avoid pip
cmake: add GnuTLS option
cmake: add support for `CURL_DEFAULT_SSL_BACKEND`
cmake: add support for single libcurl compilation pass
cmake: allow `SHARE_LIB_OBJECT=ON` on all platforms
cmake: assume `wldap32` availability on Windows
cmake: cache more config and delete unused ones
cmake: detect `SSL_set0_wbio` in OpenSSL
cmake: drop `HAVE_LIBWINMM` and `HAVE_LIBWS2_32` feature checks
cmake: fix to use variable for the curl namespace
cmake: fixup H2 duplicate symbols for unity builds
cmake: set SIZEOF_LONG_LONG in curl_config.h
cmake: support building static and shared libcurl in one go
cmdline-docs: make sure to phrase it as "added in ...."
cmdline-docs: use present tense, not future
cmdline-opts/docs: mention the negative option part
cmdline-opts/page-header: clarify stronger that !opt == URL
cmdline-opts/page-header: reorder, clean up
configure, cmake, lib: more form api deprecation
configure: fix `HAVE_TIME_T_UNSIGNED` check
configure: trust pkg-config when it's used for zlib
configure: use the pkg-config --libs-only-l flag for libssh2
connect: stop halving the remaining timeout when less than 600 ms left
cookie-jar.d: emphasize that this option is ONLY writing cookies
crypto: ensure crypto initialization works
curl_url_get/set.3: add missing semicolon in SYNOPSIS
CURLINFO_CERTINFO.3: better explain curl_certinfo struct
CURLINFO_TLS_SSL_PTR.3: clarify a recommendation
CURLOPT_*TIMEOUT*: extend and clarify
CURLOPT_SSL_VERIFYPEER.3: mention it does not load CA certs when disabled
CURLOPT_URL.3: add two URL API calls in the see-also section
CURLOPT_URL.3: explain curl_url_set() uses the same parser
digest: Use hostname to generate spn instead of realm
disable.d: explain --disable not implemented prior to 7.50.0
docs/cmdline-opts/gen.pl: hide "added in" before 7.50.0
docs/cmdline-opts: match the current output
docs/cmdline-opts: spellfixes, typos and polish
docs/cmdline: add small "warning" to verbose options
docs/cmdline: remove repeated working for negotiate + ntlm
docs/HYPER.md: document a workaround for a link error
docs: add curl_global_trace to some SEE ALSO sections
docs: link to the website versions instead of markdowns
docs: mark --ssl-revoke-best-effort as Schannel specific
docs: mention critical files in same directories as curl saves
docs: removing "pausing transfers" from HYPER.md.
docs: rewrite to present tense
easy: remove #ifdefs to make code easier on the eye
egd: delete feature detection and related source code
ftp: fix temp write of ipv6 address
gen.pl: escape all dashes (ascii minus) to avoid unicode hyphens
gen.pl: replace all single quotes with aq
GHA: adding quiche workflow
headers: accept leading whitespaces on first response header
http2: avoid too early connection re-use/multiplexing
http2: cleanup trace messages
http2: disable asssertion blocking OSSFuzz testing
http2: fix in h2 proxy tunnel: progress in ingress on sending
http2: polish things around POST
http2: upgrade tests and add fix for non-existing stream
http3/ngtcp2: shorten handshake, trace cleanup
http3: quiche, handshake optimization, trace cleanup
http: close the connection after a late 417 is received
http: do not require a user name when using CURLAUTH_NEGOTIATE
http: fix sending of large requests
http: remove the p_pragma struct field
http: return error when receiving too large header set
hyper: fix a progress upload counter bug
hyper: fix ownership problems
hyper: remove `hyptransfer->endtask`
imap: add a check for failing strdup()
imap: remove the only sscanf() call in the IMAP code
include.d: explain headers not printed with --fail before 7.75.0
include/curl/mprintf.h: add __attribute__ for the prototypes
krb5: fix "implicit conversion loses integer precision" warnings
lib: add ability to disable auths individually
lib: build fixups when built with most things disabled
lib: fix a few *printf() flag mistakes
lib: fix null ptr derefs and uninitialized vars (h2/h3)
lib: move mimepost data from ->req.p.http to ->state
libtest: use curl_free() to free libcurl allocated data
list-only.d: mention SFTP as supported protocol
macOS: fix target detection more
misc: fix various typos
multi.h: the 'revents' field of curl_waitfd is supported
multi: more efficient pollfd count for poll
multi: remove 'processing: <url>' debug message
ngtcp2: fix handling of large requests
openssl: auto-detect `SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED`
openssl: clear error queue after SSL_shutdown
openssl: make aws-lc version support OCSP
openssl: Support async cert verify callback
openssl: switch to modern init for LibreSSL 2.7.0+
openssl: use `SSL_CTX_set_ciphersuites` with LibreSSL 3.4.1
openssl: use `SSL_CTX_set_keylog_callback` with LibreSSL 3.5.0
openssl: when CURLOPT_SSL_CTX_FUNCTION is registered, init x509 store before
os400: build test servers
os400: do not check translatable options at build time
os400: implement CLI tool
page-footer: QLOGDIR works with ngtcp2 and quiche
page-header: move up a URL paragraph from GLOBBING to URL
pytest: fix check for slow_network skips to only apply when intended
quic: don't set SNI if hostname is an IP address
quiche: adjust quiche `QUIC_IDLE_TIMEOUT` to 60s
quiche: enable quiche to handle timeout events
resolve: use PF_INET6 family lookups when CURL_IPRESOLVE_V6 is set
revert "schannel: reverse the order of certinfo insertions"
schannel: fix ordering of cert chain info
schannel: fix user-set legacy algorithms in Windows 10 & 11
schannel: verify hostname independent of verify cert
sectransp: fix compiler warnings
sectransp: prevent CFRelease() of NULL
secureserver.pl: fix stunnel path quoting
secureserver.pl: fix stunnel version parsing
SECURITY-PROCESS.md: not a sec issue: Tricking user to run a cmdline
system.h: add CURL_OFF_T definitions on HP-UX with HP aCC
test1304: build and skip without netrc support
test1554: check translatable string options in OS400 wrapper
test1608: make it build and get skipped without shuffle DNS support
test687/688: two more basic --xattr tests
tests/tftpd+mqttd: make variables static to silence picky warnings
tests: add 'large-time' as a testable feature
tests: add support for nested %if conditions
tests: don't call HTTP errors OK in test cases
tests: ensure `libcurl.def` contains all exports
tests: fix h3 server check and parallel instances
tests: TLS session sharing test
tests: update cookie expiry dates to far in the future
time-cond.d: mention what happens on a missing file
tool: avoid including leading spaces in the Location hyperlink
tool: change some fopen failures from warnings to errors
tool: make the length argument an int for printf()-.* flags
tool_cb_wrt: fix invalid unicode for windows console
tool_filetime: make -z work with file dates before 1970
tool_operate: allow both SSL_CERT_FILE and SSL_CERT_DIR
tool_operate: make aws-sigv4 not require TLS to be used
tool_paramhlp: improve str2num(): avoid unnecessary call to strlen()
tool_urlglob: use the correct format specifier for curl_off_t in msnprintf
transfer: also stop the sending on closed connection
transfer: don't set TIMER_STARTTRANSFER on first send
unit2600: fix build warning if built without verbose messages
url: remove infof() output for "still name resolving"
urlapi: fix heap buffer overflow
urlapi: make sure zoneid is also duplicated in curl_url_dup
urlapi: return CURLUE_BAD_HOSTNAME if puny2idn encoding fails
urlapi: setting a blank URL ("") is not an ok URL
vquic: show stringified messages for errno
vtls: clarify "ALPN: offers" message
winbuild: improve check for static zlib
wolfSSL: avoid the OpenSSL compat API when not needed
workflows/macos.yml: disable zstd and alt-svc in the http-only build
write-out.d: clarify %{time_starttransfer}
ws: fix spelling mistakes in examples and tests
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 3 Jun 2024 14:47:31 +0000 (16:47 +0200)]
wsdd: Update to version 0.8
- Update from version 0.7.1 to 0.8
- Update of rootfile not required
- Changelog
0.8
### Added
- Support for OpenBSD (tested on riscv64 with OpenBSD 7.4)
- Configuration files for firewalld (#186). Thanks to Ondrej Holy.
- Show device type and allow filtering in API's `list` command (#189). Thanks to Ondrej Holy.
- Add option `--metadata-timeout` to set the timeout for the HTTP-based metadata exchange (closes #83)
### Changed
- The employed UUID is now read from `/etc/{machine-id,hostid}` before falling by back to the UUID derivation from the host name.
### Fixed
- Handle addresses with zone id by ignoring the interface part (#184)
- Do not crash with asyncio future error when non-existing interface is provided (#201)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 3 Jun 2024 14:47:29 +0000 (16:47 +0200)]
gnutls: Update to version 3.8.5
- Update from version 3.8.3 to 3.8.5
- Update of rootfile
- Changelog
3.8.5
** libgnutls: Due to majority of usages and implementations of
RSA decryption with PKCS#1 v1.5 padding being incorrect,
leaving them vulnerable to Marvin attack, the RSAES-PKCS1-v1_5
is being deprecated (encryption and decryption) and will be
disabled in the future. A new option `allow-rsa-pkcs1-encrypt`
has been added into the system-wide library configuration which
allows to enable/disable the RSAES-PKCS1-v1_5. Currently, the
RSAES-PKCS1-v1_5 is enabled by default.
** libgnutls: Added support for RIPEMD160 and PBES1-DES-SHA1 for
backward compatibility with GCR.
** libgnutls: A couple of memory related issues have been fixed in RSA PKCS#1
v1.5 decryption error handling and deterministic ECDSA with earlier
versions of GMP. These were a regression introduced in the 3.8.4
release. See #1535 and !1827.
** build: Fixed a bug where building gnutls statically failed due
to a duplicate definition of nettle_rsa_compute_root_tr().
** API and ABI modifications:
GNUTLS_PKCS_PBES1_DES_SHA1: New enum member of gnutls_pkcs_encrypt_flags_t
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 3 Jun 2024 14:47:27 +0000 (16:47 +0200)]
fetchmail: Update to version 6.4.38
- Update from version 6.4.36 to 6.4.38
- Update of rootfile not required
- Changelog
6.4.38
# BREAKING CHANGES:
* Tighten OpenSSL and wolfSSL version requirements again. See README.SSL.
Distributors providing older versions that they backport security fixes for
may want to patch socket.c but remember to redirect support to your
distribution's support channels.
The fetchmail maintainer only supports functionally unmodified builds with
publicly available SSL/TLS library versions.
fetchmail will refuse to build against OpenSSL 1.0.2 older than 1.0.2u,
or wolfSSL older than 5.6.2. It will warn about OpenSSL older than 3.0.9,
or between 3.1.0 and 3.1.4, or wolfSSL older than 5.6.6.
# TRANSLATIONS: language translations were updated by these fine people:
(in reverse alphabetical order of language codes):
* ru: Kirill Isakov [Russian]
* eo: Keith Bowes [Esperanto]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 20240514 to 20240531
- Update of rootfile not required
- Changelog 20240531
Update for functional issues. Refer to
https://cdrdv2.intel.com/v1/dl/getContent/336562
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 2 Jun 2024 14:02:21 +0000 (16:02 +0200)]
oath-toolkit: Update to version 2.6.11
- Update from version 2.6.9 to 2.6.11
- Update of rootfile not required
- Changelog
2.6.11
** liboath: Handle invalid base32 encoded secrets. Fixes: #41.
The gnulib update in version 2.6.10 made the base32 encoding functions
reject invalid encodings, but it appears as if these are wildly used.
We now accept invalid encodings again. Thanks to Dorancé Martínez and
Seres Bendegúz for reports.
2.6.10
** Building from git uses a ./bootstrap script instead of 'make bootstrap'.
** Build fixes for Windows.
In particular, don't use filenames "aux.h" and "aux.c" which interact
badly with the AUX special filename.
** Build fixes for Arch Linux.
** Various build fixes including updated gnulib files.
One remaining gnulib self-test disabled.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Tue, 28 May 2024 15:41:44 +0000 (17:41 +0200)]
sqlite: Update to version 3.46.0
- Update from version 3.45.3 to 3.46.0
- Update of rootfile not required
- Changelog
3.46.0
Enhance PRAGMA optimize in multiple ways, to make it simpler to use:
PRAGMA optimize automatically implements a temporary analysis limit to prevent
excess runtime on large databases.
Added the new 0x10000 bitmask option to check for updates on all tables.
Automatically re-analyze tables that do not have sqlite_stat1 entries.
Enhancements to the date and time functions:
The strftime() SQL function now supports %G, %g, %U, and %V.
New modifiers 'ceiling' and 'floor' control the algorithm used to resolve
ambiguous dates when shifting a date by an integer number of months and/or
years.
The 'utc' and 'localtime' modifiers are now no-ops if SQLite knows that the
time is already in UTC or in the localtime, respectively.
Add support for underscore ("_") characters between digits in numeric literals.
Add the json_pretty() SQL function.
Query planner improvements:
The "VALUES-as-coroutine" optimization enables INSERT statements with
thousands of rows in the VALUES clause to parse and run in about half the
time and using about half as much memory.
Allow the use of an index for queries like
"SELECT count(DISTINCT col) FROM ...", even if the index records are not
smaller than the table records.
Improved recognition of cases where the value of an SQL function is constant
because all its arguments are constant.
Enhance the WHERE-clause push-down optimization so that it is able to push
down WHERE clause terms containing uncorrelated subqueries.
Allocate additional memory from the heap for the SQL parser stack if that stack
overflows, rather than reporting a "parser stack overflow" error.
JSON changes:
Allow ASCII control characters within JSON5 string literals.
Fix the -> and ->> operators so that when the right-hand side operand is a
string that looks like an integer it is still treated as a string, because
that is what PostgreSQL does.
Allow large hexadecimal literals to be used as the DEFAULT value to a table column.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Tue, 28 May 2024 15:41:43 +0000 (17:41 +0200)]
dhcpcd: Update to version 10.0.8
- Update from version 10.0.6 to 10.0.8
- Update of rootfile not required
- Changelog
10.0.8
Fixed compile without ARP
Fixed closefrom test for glibc
Fixed spelling of ADVERTISEMENT
10.0.7
DHCP: use request_time, fallback_time and ipv4ll_time rather than reboot
timeout
DHCP6: Wait for IRT to elapse before requesting advertisments
DHCPv6: Don't re-INFORM if the RA changes
privsep: Reduce fd use
dhcpcd: Add support for arp persist defence by @pradeep-brightsign in #273
Move dhcp(v4) packet size check earlier by @pemensik in #295
Define the Azure Endpoint and other site-specific options by @lparkes in #299
add RFC4191 support by @goertzenator in #297
dhcpcd: Respect IPV6_PREFERRED_ONLY flag regardless of state by @taoyl-g
in #307
Fix time_offset to be int to match RFC-2132 by @ColinMcInnes in #319
hooks/30-hostname: Exit with 0 if setting hostname is not needed by @bdrung
in #320
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Tue, 21 May 2024 14:56:27 +0000 (16:56 +0200)]
whois: Update to version 5.5.23
- Update from version 5.5.21 to 5.5.23
- Update of rootfile not required
- Changelog
5.5.23
* Updated the .sc, .新加坡 (.xn--yfro4i67o, Singapore) and .சிங்கப்பூர்
(.xn--clchc0ea0b2g2a9gcd, Singapore) TLD servers.
5.5.22
* Fixed a segmentation fault with --no-recursion.
* Updated the .bm and .vi TLD servers.
* Removed 4 new gTLDs which are no longer active.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Tue, 21 May 2024 14:56:26 +0000 (16:56 +0200)]
vim: Update to version 9.1
- Update from version 9.0 to 9.1
- Update of rootfile
- Update of hardening crash patch
- Changelog can be found at https://www.vim.org/vim-9.1-released.php
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Tue, 21 May 2024 14:56:25 +0000 (16:56 +0200)]
util-linux: Update to version 2.40.1
- Update from version 2.39.3 to 2.40.1
- Update of rootfile
- liblastlog2 is enabled by default and requires sqlite3. Added --disable-liblastlog2
to configure
- Changelog
2.40.1
README.licensing/flock:
- Add MIT license mention [Richard Purdie]
agetty:
- Don't override TERM passed by the user [Daan De Meyer]
- fix resource leak [Karel Zak]
- make reload code more robust [Karel Zak]
all_syscalls:
- don't hardcode AWK invocation [Thomas Weißschuh]
- don't warn during cleanup [Thomas Weißschuh]
- fail if any step fails [Thomas Weißschuh]
- use sed to extract defines from headers [Thomas Weißschuh]
autotools:
- distribute pam_lastlog2/meson.build [Thomas Weißschuh]
bcachefs:
- Remove BCACHEFS_SB_MAX_SIZE & check [Tony Asleson]
build-sys:
- release++ (v2.40.1-rc1) [Karel Zak]
cal:
- use unsigned int to follow union with unsigned int [Karel Zak]
docs:
- add COPYING.MIT [Karel Zak]
- fix GPL name typo [Karel Zak]
- update AUTHORS file [Karel Zak]
- update v2.40.1-ReleaseNotes [Karel Zak]
findmnt:
- always zero-terminate SOURCES data [Thomas Weißschuh]
- revise the code for -I and -D option [Masatake YAMATO]
fsck.minix:
- fix possible overrun [Karel Zak]
getopt:
- remove free-before-exit [Karel Zak]
hwclock:
- free temporary variable before return [Karel Zak]
- initialize parser variables [Karel Zak]
lastlog2:
- begin descriptions of options with a lowercase letter [Benno Schulenberg]
lib/pager:
libblkid:
- Fix segfault when blkid.conf doesn't exist [Karel Zak]
- topology/ioctl correctly handle kernel types [Thomas Weißschuh]
- topology/ioctl simplify ioctl handling [Thomas Weißschuh]
libfdisk:
- add initializer to geometry [Karel Zak]
libmount:
- Fix access check for utab in context [Karel Zak]
- fix comment typo for mnt_fs_get_comment() [Tianjia Zhang]
- fix possible memory leak [Karel Zak]
- fix umount --read-only [Karel Zak]
libsmartcols:
- fix column reduction [Karel Zak]
- reset wrap after calculation [Karel Zak]
libuuid:
- (man) fix function declarations [CismonX]
losetup:
- losetup.8 Clarify --direct-io [Colin Walters]
lsblk:
- simplify SOURCES code [Karel Zak]
lsclocks:
- fix FD leak [Karel Zak]
lsfd:
- (man) fix license name [Jakub Wilk]
- add LSFD_DEBUG env var for debugging [Masatake YAMATO]
lslocks:
- don't abort gathering per-process information even if opening a /proc/[0-9]* fails [Masatake YAMATO]
- remove a unused local variable [Masatake YAMATO]
lsns:
- fix netns use [Karel Zak]
- report with warnx if a namespace related ioctl fails with ENOSYS [Masatake YAMATO]
- tolerate lsns_ioctl(fd, NS_GET_{PARENT,USERNS}) failing with ENOSYS [Masatake YAMATO]
meson:
- Add build-blkdiscard option [Jordan Williams]
- Add build-blkpr option [Jordan Williams]
- Add build-blkzone option [Jordan Williams]
- Add build-blockdev option [Jordan Williams]
- Add build-chcpu option [Jordan Williams]
- Add build-dmesg option [Jordan Williams]
- Add build-enosys option [Jordan Williams]
- Add build-fadvise option [Jordan Williams]
- Add build-fsfreeze option [Jordan Williams]
- Add build-ipcmk option [Jordan Williams]
- Add build-ldattach option [Jordan Williams]
- Add build-lsclocks option [Jordan Williams]
- Add build-lsfd option and make rt dependency optional [Jordan Williams]
- Add build-rtcwake option [Jordan Williams]
- Add build-script option [Jordan Williams]
- Add build-scriptlive option [Jordan Williams]
- Add build-setarch option [Jordan Williams]
- Add have_pty variable to check if pty is available [Jordan Williams]
- Add missing check for build-ipcrm option [Jordan Williams]
- Define _DARWIN_C_SOURCE on macOS as is done in Autotools [Jordan Williams]
- Don't define HAVE_ENVIRON_DECL when environ is unavailable [Jordan Williams]
- Fix build by default and install behavior for build-pipesz option [Jordan Williams]
- Fix false positive detection of mempcpy on macOS [Jordan Williams]
- Only build libmount when required [Jordan Williams]
- Only pick up the rt library once [Jordan Williams]
- Only require the crypt library when necessary [Jordan Williams]
- Only use the --version-script linker flag where it is supported [Jordan Williams]
- Remove libblkid dependency on libmount [Jordan Williams]
- Remove lingering mq_libs variable [Jordan Williams]
- Require pty for the su and runuser executables [Jordan Williams]
- Require the seminfo type for ipcmk, ipcrm, and ipcs [Jordan Williams]
- Use has_type instead of sizeof to detect cpu_set_t type [Jordan Williams]
- Use libblkid as a dependency [Jordan Williams]
- Use libmount as a dependency [Jordan Williams]
- respect c_args/CFLAGS when generating syscalls [Karel Zak]
pam_lastlog2:
- link against liblastlog [Thomas Weißschuh]
po:
- merge changes [Karel Zak]
- update cs.po (from translationproject.org) [Petr Písař]
- update fr.po (from translationproject.org) [Frédéric Marchal]
- update hr.po (from translationproject.org) [Božidar Putanec]
- update ja.po (from translationproject.org) [Takeshi Hamasaki]
- update ko.po (from translationproject.org) [Seong-ho Cho]
- update pl.po (from translationproject.org) [Jakub Bogusz]
- update ro.po (from translationproject.org) [Remus-Gabriel Chelu]
- update uk.po (from translationproject.org) [Yuri Chornoivan]
po-man:
- merge changes [Karel Zak]
- update de.po (from translationproject.org) [Mario Blättermann]
- update ko.po (from translationproject.org) [Seong-ho Cho]
- update ro.po (from translationproject.org) [Remus-Gabriel Chelu]
strutils.h:
- Include strings.h header for strncasecmp function [Jordan Williams]
tests:
- (lsfd mkfds-multiplexing) skip if /proc/$pid/syscall is broken [Masatake YAMATO]
- (lsns ioctl_ns) add more debug print [Masatake YAMATO]
- (lsns ioctl_ns) record stdout/stderr for debugging the case [Masatake YAMATO]
- (test_mkfds sockdiag) verify the recieved message to detect whether the socket is usable or not [Masatake YAMATO]
textual:
- fix some typos and inconsistencies in usage and error messages [Benno Schulenberg]
wall:
- check sysconf() returnvalue [Karel Zak]
- fix possible memory leak [Karel Zak]
- make sure unsigned variable not underflow [Karel Zak]
xalloc.h:
- Include stdio.h header for vasprintf function [Jordan Williams]
2.40
The log is quite large. Details can be seen by viewing the v.2.40-ReleaseNotes file
in the Documentation/releases directory tree in the source tarball.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Tue, 21 May 2024 14:56:24 +0000 (16:56 +0200)]
shadow: Update to version 4.15.1
- Update from version 4.15.0 to 4.15.1
- Update of rootfile not required
- Changelog
4.15.1
The main point of this release is to fix a bug that caused spurious error
messages about unknown login.defs configuration options
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Tue, 21 May 2024 14:56:23 +0000 (16:56 +0200)]
psmisc: Update to version 23.7
- Update from version 23.6 to 23.7
- Update of roiotfile not required
- Changelog
23.7
* build-sys: Make disable-statx work
* fuser: Fallback to stat() if no statx() Debian 1030747 #48
* fuser: silently ignore EACCES when scanning proc directories
* killall: small formatting fixes Debian #1037231
* pstree: Do not assume root PID #49
* pslog: include config.h #51 !36
* misc: Update gettext to 0.21
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Tue, 21 May 2024 14:56:22 +0000 (16:56 +0200)]
pcre2: Update to version 10.43
- Update from version 10.42 to 10.43
- Update of rootfile
- Changelog
10.43
There are quite a lot of changes in this release (see ChangeLog and git log for
a list). Those that are not bugfixes or code tidies are:
* The JIT code no longer supports ARMv5 architecture.
* A new function pcre2_get_match_data_heapframes_size() for finer heap control.
* New option flags to restrict the interaction between ASCII and non-ASCII
characters for caseless matching and \d and friends. There are also new
pattern constructs to control these flags from within a pattern.
* Upgrade to Unicode 15.0.0.
* Treat a NULL pattern with zero length as an empty string.
* Added support for limited-length variable-length lookbehind assertions, with
a default maximum length of 255 characters (same as Perl) but with a function
to adjust the limit.
* Support for LoongArch in JIT.
* Perl changed the meaning of (for example) {,3} which did not used to be
recognized as a quantifier. Now it means {0,3} and PCRE2 has also changed.
Note that {,} is still not a quantifier.
* Following Perl, allow spaces and tabs after { and before } in all Perl-
compatible items that use braces, and also around commas in quantifiers. The
one exception in PCRE2 is \u{...}, which is from ECMAScript, not Perl, and
PCRE2 follows ECMAScript usage.
* Changed the meaning of \w and its synonyms and derivatives (\b and \B) in UCP
mode to follow Perl. It now matches characters whose general categories are L
or N or whose particular categories are Mn (non-spacing mark) or Pc
(combining punctuation).
* Changed the default meaning of [:xdigit:] in UCP mode to follow Perl. It now
matches the "fullwidth" versions of hex digits. PCRE2_EXTRA_ASCII_DIGIT can
be used to keep it ASCII only.
* Make PCRE2_UCP the default in UTF mode in pcre2grep and add -no_ucp,
--case-restrict and --posix-digit.
* Add --group-separator and --no-group-separator to pcre2grep.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Tue, 21 May 2024 14:56:20 +0000 (16:56 +0200)]
man-pages: Update to version 6.8
- Update from 5.13 to 6.8
- Update of rootfile
- make on its own no longer needed. It goes straight to make install
- Changelog can be seen by reviewing the Changes file in each source tarball.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Tue, 21 May 2024 14:56:19 +0000 (16:56 +0200)]
lzip: Update to version 1.24.1
- Update from version 1.24 to 1.24.1
- Update of rootfile not required
- Changelog
1.24.1
main.cc: Fix compilation failure on MinGW because of mkdir.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Mon, 20 May 2024 13:35:25 +0000 (15:35 +0200)]
screen: Update to version 4.9.1
- Update from version 4.9.0 to 4.9.1
- Update of rootfile
- Changelog
4.9.1
* Support stop/parity bits on serial port (#23952)
* Add needed system headers in checks and return values
for implicit function declarations
* Fixes:
- Avoid zombies after shell exit (#25089)
- Missed signal sending permission check on failed
query messages (CVE-2023-24626)
- manpage fixes
- source code fixes during cleanup
- UTF-8 encoding can emit invalid UTF-8 sequences
for out of range unicode values (#62097)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Mon, 20 May 2024 13:35:24 +0000 (15:35 +0200)]
pam: Update to version 1.6.1
- Update from version 1.6.0 to 1.6.1
- Update of rootfile
- Removal of patch for as changes now incorporated in source tarball.
- Changelog
1.6.1
build: fail if specified configure options cannot be satisfied.
pam_env: fixed --disable-econf --enable-vendordir support.
pam_unix: do not warn if password aging is disabled.
pam_unix: try to set uid to 0 before unix_chkpwd invocation.
pam_unix: allow empty passwords with non-empty hashes.
Multiple minor bug fixes, build fixes, portability fixes,
documentation improvements, and translation updates.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Mon, 20 May 2024 13:35:23 +0000 (15:35 +0200)]
kbd: Update to version 2.6.4
- Update from version 2.5.1 to 2.6.4
- Update of rootfile
- Changelog
2.6.4
Use AX_ADD_FORTIFY_SOURCE to avoid redefining _FORTIFY_SOURCE by
@thesamesam in #103
Do not look up include files in the current working directory by
@DaanDeMeyer in #105
2.6.3
libkfont:
Don't look for fonts in the current directory.
showkey:
Add parameter to allow to change timeout.
po:
Update po files.
2.6.2
loadkeys:
Don't look for keymap in the current directory.
keymaps:
Add colemak mod-dh keymaps.
2.6.1
libkfont:
Fix font saving from linux kernel if KD_FONT_OP_GET_TALL is available.
Respect font height when writing psf2 header.
keymaps:
Create new 'mac-fr' layout for contemporary French Macs.
2.6.0
libkfont:
Leverage KD_FONT_OP_GET/SET_TALL font operations. The new
KD_FONT_OP_GET/SET_TALL font operations allow to load fonts taller
than 32 pixels by dropping the VGA-specific vertical pitch limitation
(requires kernel 6.2 or later).
Use threadsafe strtok_r.
Increase soname version.
setvtrgb:
Fix read from pipe. The pipe is not rewindable, but we don't really
need to rewind() but we need to unread one character.
keymaps:
i386/dvorak/dvorak-de.map: Add dvorak-de.map from console-data.
i386/qwerty/is-latin1.map: the circumflex should also be available in
its original level-3 position.
i386/qwerty/la-latin1.map: Convert the characters expressed in Latin-1
to the named constants, to ease up transition to Unicode.
pine/en.map: New version of pinephone keyboard map file.
unimaps:
Add mapping for U+25CF. The unicode maps in font files like
eurlatgr.psfu and cp850-8x16.psfu have an entry for U+25CF, but the
plaintext unimap files do not.
tests:
Use strace to track syscalls. Now strace is powerful enough to show
ioctls specific to console configuration.
po:
Update translations (from translationproject.org).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Mon, 20 May 2024 13:35:22 +0000 (15:35 +0200)]
jq: Update to version 1.7.1
- Update from version 1.7 to 1.7.1
- Update of rootfile not required
- Changelog
1.7.1
## Security
- CVE-2023-50246: Fix heap buffer overflow in jvp\_literal\_number\_literal
- CVE-2023-50268: fix stack-buffer-overflow if comparing nan with payload
## CLI changes
- Make the default background color more suitable for bright backgrounds.
@mjarosie @taoky @nicowilliams @itchyny #2904
- Allow passing the inline jq script after `--`. @emanuele6 #2919
- Restrict systems operations on OpenBSD and remove unused `mkstemp`.
@klemensn #2934
- Fix possible uninitialised value dereference if `jq_init()` fails.
@emanuele6 @nicowilliams #2935
## Language changes
- Simplify `paths/0` and `paths/1`. @asheiduk @emanuele6 #2946
- Reject `U+001F` in string literals. @torsten-schenk @itchyny @wader #2911
- Remove unused nref accumulator in `block_bind_library`. @emanuele6 #2914
- Remove a bunch of unused variables, and useless assignments.
@emanuele6 #2914
- main.c: Remove unused EXIT\_STATUS\_EXACT option. @emanuele6 #2915
- Actually use the number correctly casted from double to int as index.
@emanuele6 #2916
- src/builtin.c: remove unnecessary jv\_copy-s in
type\_error/type\_error2. @emanuele6 #2937
- Remove undefined behavior caught by LLVM 10 UBSAN. @Gaelan @emanuele6
#2926
- Convert decnum to binary64 (double) instead of decimal64. This makes
jq behave like the JSON specification suggests and more similar to
other languages. @wader @leonid-s-usov #2949
- Fix memory leaks on invalid input for `ltrimstr/1` and `rtrimstr/1`.
@emanuele6 #2977
- Fix memory leak on failed get for `setpath/2`. @emanuele6 #2970
- Fix nan from json parsing also for nans with payload that start with
'n'. @emanuele6 #2985
- Allow carriage return characters in comments. @emanuele6 #2942 #2984
## Documentation changes
- Generate links in the man page. @emanuele6 #2931
- Standardize arch types to AMD64 & ARM64 from index page download
dropdown. @owenthereal #2884
## libjq
- Add extern C for C++. @rockwotj #2953
## Build and test changes
- Fix incorrect syntax for checksum file. @kamontat @wader #2899
- Remove `-dirty` version suffix for windows release build. @itchyny #2888
- Make use of `od` in tests more compatible. @nabijaczleweli @emanuele6
@nicowilliams #2922
- Add dependabot. @yeikel #2889
- Extend fuzzing setup to fuzz parser and and JSON serializer.
@DavidKorczynski @emanuele6 #2952
- Keep releasing executables with legacy names. @itchyny #2951
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Update from version 20240125 to 20240502
- Update of rootfile not required
- Changelog - update of iana-etc files
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Mon, 20 May 2024 13:35:20 +0000 (15:35 +0200)]
ed: Update to version 1.20.2
- Update from version 1.20 to 1.20.2
- Update of root filr not required
- Changelog
1.20.2
A bug has been fixed that made global commands like 'g/x/s/x/x', with the last
delimiter omitted, print every substituted line twice.
(Bug introduced in 1.18. Reported by Douglas McIlroy).
1.20.1
New command-line options '+line', '+/RE', and '+?RE' have been implemented to
set the current line to the line number specified or to the first or last line
matching the regular expression 'RE'.
(Suggested by Matthew Polk and John Cowan).
File names containing control characters 1 to 31 are now rejected unless they
are allowed with the command-line option '--unsafe-names'.
File names containing control characters 1 to 31 are now printed using octal
escape sequences.
Ed now rejects file names ending with a slash.
Intervening commands that don't set the modified flag no longer make a second
'e' or 'q' command fail with a 'buffer modified' warning.
Tilde expansion is now performed on file names supplied to commands; if a file
name starts with '~/', the tilde (~) is expanded to the contents of the
variable HOME. (Suggested by John Cowan).
Ed now warns the first time that a command modifies a buffer loaded from a
read-only file. (Suggested by Dan Jacobson).
It has been documented that 'e' creates an empty buffer if file does not exist.
It has been documented that 'f' sets the default filename, whether or not its
argument names an existing file.
The description of the exit status has been improved in '--help' and in the
manual.
The variable MAKEINFO has been added to configure and Makefile.in.
It has been documented in INSTALL that when choosing a C standard, the POSIX
features need to be enabled explicitly:
./configure CFLAGS+='--std=c99 -D_POSIX_C_SOURCE=2'
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Mon, 20 May 2024 13:35:19 +0000 (15:35 +0200)]
cpio: Update to version 2.15
- Updatre from version 2.14 to 2.15
- Update of rootfile
- Changelog
2.15
* Fix operation of --no-absolute-filenames --make-directories
* Restore access and modification times of symlinks in copy-in
and copy-pass modes.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Fri, 7 Jun 2024 16:01:07 +0000 (16:01 +0000)]
OpenVPN: Move the OpenSSL configuration file out of /var/ipfire
We should not have any configuration files that we share in this place,
therefore this patch is moving it into /usr/share/openvpn where we
should be able to update it without any issues.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 29 May 2024 19:03:13 +0000 (21:03 +0200)]
nut: Update to version 2.8.2
- Update from version 2.8.1 to 2.8.2
- Update of rootfile
- Changelog
2.8.2
- Fix fallout of development in NUT v2.8.0 and/or v2.8.1:
* dstate machinery: a segmentation fault (null pointer dereference) was
possible with `INSTCMD` processing of commands without parameters nor
`TRACKING` identifier. [#2155]
* USB bus number detection for libusb-1.0 builds was overly zealous and
wrongly considered zero values as an error. [#2198]
* `upsmon` recognition of `CAL` state could linger after the calibration
activity was completed by the hardware, which led to mis-processing of
shutdown triggers. Also, notification was added to report "finished
calibration". [issue #2168, PR #2169]
* `upsmon` recognition of `OFF` state as a trigger for FSD (forced shut
down) criticality considered also the input line state, which may be
an independently evolving circumstance. [issue #2278, PR #2279]
* `upsmon` support for `POLLFAIL_LOG_THROTTLE_MAX` did not neuter the
applied setting when live-reloading configuration, so commenting it
away in `upsmon.conf` did not have the effect of resetting the logging
frequency to default. It also did not reset the counters to certainly
follow the new configuration for existing faults. [issue #2207, PR #2209]
* `upsmon` support for `POLLFAIL_LOG_THROTTLE_MAX` had an off-by-one error
(e.g. reporting "Data stale" or "Driver not connected" every 30 sec with
`POLLFAIL_LOG_THROTTLE_MAX 5` and `POLLFREQ 5` settings). [#2207]
* Drivers running with non-default user account (e.g. with `user=root`
in their configuration) failed to apply group ownership and permissions
to their Unix socket file for interaction with the local data server.
[#2185, #2096]
* Dispatcher script `scripts/python/app/NUT-Monitor` referenced `py3qt3`
instead of the correct `py3qt5`. It also tries to check both `py2gtk2`
and `py3qt5` implementations verbosely, even if one is not installed.
[#2199, #2201]
* Set the `DesktopFileName` in `scripts/python/app/NUT-Monitor-py3qt5`,
this binds the application with the desktop file and allow the Open
Desktop compatible implementation to display the proper icon and
application name. [#2205]
* Original recipe for `apc_modbus` strictly required USB support even if
building NUT without it. [#2262]
* Builds requested with a specific C/C++ language standard revision via
`CFLAGS` and `CXXFLAGS` should again be honoured. [PR #2306]
* Allow requesting detailed debug builds (with disabled optimizations for
binaries to best match the source code) for supported compilers using
`configure` script option `--with-debuginfo`. Note that default autoconf
behavior usually embeds moderate optimizations and debug information on
its own. [PR #2310]
* A fix applied among clean-ups between NUT v2.7.4 and v2.8.0 releases
backfired for `usbhid-ups` subdriver `belkin-hid` which in practice
relied on the broken older behavior; more details in its entry below.
[PR #2371]
- nut-usbinfo.pl, nut-scanner and libnutscan:
* Library API version for `libnutscan` was bumped from 2.2.0 to 2.5.0
during evolution of this NUT release.
* USB VendorID:ProductID support list files generated by the script for
different OS frameworks now include a comment with other possibly
compatible driver names, where the respective file format allows for
comments.
* Added the concept of `alt_driver_names` in `nutscan_device_t` structure
for ability to suggest a comment with other possibly compatible driver
names in configuration snippets generated by `nut-scanner`; practical
support implemented for USB connected drivers.
* Added the concept of commented-away suggested option values `comment_tag`
and a method to `nutscan_add_commented_option_to_device()`, instead of
hacks in prepared config data which broke some use-cases. [#2221]
* Command-line option `-U` for USB scan can now be specified several times
to increase the detail level about hardware link to the device (this was
previously always suggested, but may be not reliable if USB enumeration
gets changed over time). [#2221]
* Added generation of FreeBSD/pfSense quirks for USB devices supported
by NUT (may get installed to `$datadir` e.g. `/usr/local/share/nut`
and need to be pasted into your `/boot/loader.conf.local`). [#2159]
* nut-scanner now avoids creating ambiguous `nutdevN` device section names
when called separately to scan different media buses (one at a time).
Now the "bus" name would be embedded (e.g. non-colliding `nutdev-usb1`
and `nutdev-snmp1`). [#2247]
* nut-scanner can now discover NUT simulated devices (`.dev` and `.seq`
files) located in your sysconfig directory, and prepare configuration
sections with the simulation driver (currently `dummy-ups`). [#2246]
* nut-scanner now reports `dummy-ups` as driver when scanning NUT "bus"
with Old or Avahi method. [#2236, #2245]
- upsd: Fixed conditions for "no listening interface available" diagnosis
to check how many listeners we succeeded with, not whether the first one
succeeded or not. If not all requested (non-localhost) listeners were
available, default to fail the daemon start-up attempt; support for an
`ALLOW_NOT_ALL_LISTENERS` setting was added to control this behavior. [#723]
- NUT CI improvements:
* Added publishing recipes for PyNUT client bindings for NUT, so it ends
up in the link:https://pypi.org/project/PyNUTClient[PyPI repository].
[#2158]
* Added support for new `ccache` namespace concept, where possible. [#2256]
* Fixed an issue for builds configured `--without-usb`. [#2263]
* Added a fallback for `libgd` discovery (for CGI etc. builds). [#2287]
* Made `aspell` TeX module detection more reliable. [#2206]
* Fixed recipes for completely out-of-tree builds to pass with documentation
generation and checking on all tested "make" implementations. [#2318]
* Various other recipe and documentation clean-up efforts. [#2284, #2269,
#2261]
- main driver core codebase:
* Help users of drivers that can be built to support optionally USB and
other media (like `nutdrv_qx` built for serial-only support), and built
in fact without USB support but used for USB devices, with some more
information to make troubleshooting easier. [issue #2259, PR #2260]
* Driver programs with debug tracing support via `-D` CLI option and/or
the `NUT_DEBUG_LEVEL` environment variable now check those earlier in
their life-time, so that initialization routine can be debugged. [#2259]
* Multiple USB-capable drivers got options to customize `usb_config_index`
`usb_hid_rep_index`, `usb_hid_desc_index`, `usb_hid_ep_in` and
`usb_hid_ep_out` hardware connection settings via `ups.conf` options.
This is treated as experimental, not all code paths may be actually
using such values from `struct usb_communication_subdriver_t` rather
than hard-coded defaults. Discovery of correct values is up to the
user at the moment (using `lsusb`, internet search, luck...) [#2149]
- nut-driver-enumerator (NDE) service/script:
* The optional daemon mode (primarily useful for systems which monitor
a large and dynamic population of power devices) was enhanced with a
`--daemon-after` variant which parses the configuration once before
daemonization and this has a chance to fail while not forked off, as
well as to allow only completing the service unit initialization when
everything is actually ready to work (so further dependencies can start
at the proper time). [#682]
* Also applied other optimizations to the script implementation. [#682]
- powerpanel text driver now handles status responses in any format and should
support most devices. [#2156]
- tripplite_usb driver now allows any device to match if a particular Unit ID
was not specified in `ups.conf`. [PR #2297, issues #2282 and #2258]
- snmp-ups driver:
* added support for Eaton EMP002 sensor for ATS16 NM2 sub-driver. [#2286]
* mapping table updates for apc-mib sub-driver. [#2264]
- usbhid-ups driver:
* `arduino-hid` subdriver was enhanced from "initial bare bones" experimental
set of mapped data points to support some 20 more mappings to make it more
useful as an UPS driver, not just a controller developer sandbox. [#2188]
* `cps-hid` subdriver now supports devices branded as Cyber Energy and built
by cooperation with Cyber Power Systems. [#2312]
* `belkin-hid` subdriver now supports Liebert PSI5 devices which have a
different numeric reading scale than earlier handled models. [issue #2271,
PR #2272, PR #2369] Generally the wrong-scale processing was addressed,
including a regression in NUT v2.8.0 which led to zero values
in voltage data points which NUT v2.7.4 reported well [#2371]
* The `onlinedischarge` configuration flag name was too ambiguous and got
deprecated (will be supported but no longer promoted by documentation),
introducing `onlinedischarge_onbattery` as the meaningful alias. [#2213]
* Logged notifications about `OL+DISCHRG` state should now be throttled
(see the driver manual page for more details) [#2214, #2215]:
- If `battery.charge` is available, make the message when entering the
state and then only if the charge differs from that when we posted
the earlier message (e.g. really discharging) and is under
`onlinedischarge_log_throttle_hovercharge` value (defaults to 100%);
- Also can throttle to a time frequency configurable by a new option
`onlinedischarge_log_throttle_sec`, by default 30 sec if `battery.charge`
is not reported by the device (should be frequent by default, in case
the UPS-reported state combination does reflect a bad power condition).
- nutdrv_qx driver:
* Fixed handling of `battery_voltage_reports_one_pack` configuration flag
introduced in NUT v2.8.1. [originally by PR #1279; fixed by PR #2324,
issue #2325]
- Various code and documentation fixes for NSS crypto support. [#2274, #2268]
- Laid foundations for the SmartNUT effort (aiming to integrate drivers with
some other backends than the networked NUT data server process).
- Eaton contributed recipes and scripts used to create the IPP for Unix
bundle (aka Eaton IPSS Unix or UPP), a freely available value-added
packaging of NUT distributed as the UPS software companion for OSes
where their more complex UPS monitoring/management tools had not been
ported. This allows for delivery of NUT packages with an interactive
installer and some system integration scripts (events, notifications,
status, shutdown daemon...), and was contributed to the NUT upstream
project by Eaton -- provided "as is" at the moment, and may later serve
as foundation or inspiration for new NUT features. [#2288]
- nutconf (C++ library and tool to read and manage NUT configuration files)
was started in the open by Eaton employees and used in the IPP installer,
but the code lingered in a side branch. It was now brushed up to our common
best practices and added to the main codebase. As of this import, there are
known deficiencies in Windows platform support, as well as some un-awareness
about configuration key words which appeared in NUT since 2013. [#2290]
- The `tools/gitlog2changelog.py.in` script was revised, in particular to
convert section titles (with contributor names coming from Git metadata)
into plain ASCII character set, for `dblatex` versions which do not allow
diacritics and other kinds of non-trivial characters in sections. This can
cause successful builds of `ChangeLog.pdf` file on more platforms, but at
expense of a semi-cosmetic difference in those names. [PR #2360, PR #2366]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Sun, 2 Jun 2024 10:14:16 +0000 (12:14 +0200)]
postfix: Update to version 3.9.0
- Update from version 3.8.4 to 3.9.0
- Update of rootfile
- With version 3.9.0 the option smtpd_forbid_bare_newline default value is now yes. With
previous versions the default value was no but to prevent the possibility of an smtp
smuggling attack the option should be yes. Previous version therefore actively set
the value to yes and added it to the main.cf file when being installed. With version
3.9.0 the default value is now yes so the option no longer needs to be added into
main.cf, so smtp smuggling attack is protected by default now.
- Removed the section from the install.sh file that added the option into main.cf with
version 3.8.4. From 3.9.0 onwards the default value is yes so no longer needs to be
actively added into main.cf
- Changelog is too large to paste here. It can be read in the file RELEASE_NOTES in the
source tarball.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Wed, 29 May 2024 16:01:01 +0000 (18:01 +0200)]
samba: Update to version 4.20.1
- This v2 version increments the PAK_VER number
- Update from version 4.19.5 to 4.20.1
- Update of rootfile
- Changelog
4.20.1
* BUG 15630: dns update debug message is too noisy.
* BUG 15635: Do not fail PAC validation for RFC8009 checksums types.
* BUG 15605: Improve performance of lookup_groupmem() in idmap_ad.
* BUG 15636: Smbcacls incorrectly propagates inheritance with Inherit-Only
flag.
* BUG 15611: http library doesn't support 'chunked transfer encoding'.
* BUG 15600: Provide a systemd service file for the background queue daemon.
4.20.0
The changelog is too large to show here. Details can be found at
https://www.samba.org/samba/history/samba-4.20.0.html
I did not identify any changes related to how samba is configured in IPFire
4.19.6
* BUG 15527: fd_handle_destructor() panics within an smbd_smb2_close() if
vfs_stat_fsp() fails in fd_close().
* BUG 15588: samba-gpupdate: Correctly implement site support.
* BUG 15527: fd_handle_destructor() panics within an smbd_smb2_close() if
vfs_stat_fsp() fails in fd_close().
* BUG 15588: samba-gpupdate: Correctly implement site support.
* BUG 15599: libgpo: Segfault in python bindings.
* BUG 15580: Packet marshalling push support missing for
CTDB_CONTROL_TCP_CLIENT_DISCONNECTED and
CTDB_CONTROL_TCP_CLIENT_PASSED.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Mon, 3 Jun 2024 09:50:56 +0000 (11:50 +0200)]
rsync: Update to version 3.3.0
- Update from version 3.2.7 to 3.3.0
- Update of rootfile not required
- Changelog
3.3.0
### BUG FIXES:
- Fixed a bug with `--sparse --inplace` where a trailing gap in the source
file would not clear out the trailing data in the destination file.
- Fixed an buffer overflow in the checksum2 code if SHA1 is being used for
the checksum2 algorithm.
- Fixed an issue when rsync is compiled using `_FORTIFY_SOURCE` so that the
extra tests don't complain about a strlcpy() limit value (which was too
large, even though it wasn't possible for the larger value to cause an
overflow).
- Add a backtick to the list of characters that the filename quoting needs
to escape using backslashes.
- Fixed a string-comparison issue in the internal handling of `--progress`
(a locale such as tr_TR.utf-8 needed the internal triggering of `--info`
options to use upper-case flag names to ensure that they match).
- Make sure that a local transfer marks the sender side as trusted.
- Change the argv handling to work with a newer popt library -- one that
likes to free more data than it used to.
- Rsync now calls `OpenSSL_add_all_algorithms()` when compiled against an
older openssl library.
- Fixed a problem in the daemon auth for older protocols (29 and before)
if the openssl library is being used to compute MD4 checksums.
- Fixed `rsync -VV` on Cygwin -- it needed a flush of stdout.
- Fixed an old stats bug that counted devices as symlinks.
### ENHANCEMENTS:
- Enhanced rrsync with the `-no-overwrite` option that allows you to ensure
that existing files on your restricted but writable directory can't be
modified.
- Enhanced the manpages to mark links with .UR & .UE. If your nroff doesn't
support these idioms, touch the file `.md2man-force` in the source
directory so that `md-convert` gets called with the `--force-link-text`
option, and that should ensure that your manpages are still readable
even with the ignored markup.
- Some manpage improvements on the handling of [global] modules.
- Changed the mapfrom & mapto perl scripts (in the support dir) into a
single python script named idmap. Converted a couple more perl scripts
into python.
- Changed the mnt-excl perl script (in the support dir) into a python
script.
### DEVELOPER RELATED:
- Updated config.guess (timestamp 2023-01-01) and config.sub (timestamp
2023-01-21).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Mon, 3 Jun 2024 14:47:28 +0000 (16:47 +0200)]
git: Update to version 2.45.2
- Update from version 2.44.0 to 2.45.2
- Update of rootfile not required
- Changelog
2.45.2
In preparing security fixes for four CVEs, we made overly aggressive
"defense in depth" changes that broke legitimate use cases like 'git
lfs' and 'git annex.' This release is to revert these misguided, if
well-intentioned, changes that were shipped in 2.45.1 and were not
direct security fixes.
send-email: drop FakeTerm hack
send-email: avoid creating more than one Term::ReadLine object
ci: drop mention of BREW_INSTALL_PACKAGES variable
ci: avoid bare "gcc" for osx-gcc job
ci: stop installing "gcc-13" for osx-gcc
hook: plug a new memory leak
init: use the correct path of the templates directory again
Revert "core.hooksPath: add some protection while cloning"
tests: verify that `clone -c core.hooksPath=/dev/null` works again
clone: drop the protections where hooks aren't run
Revert "Add a helper function to compare file contents"
Revert "fsck: warn about symlink pointing inside a gitdir"
2.45.1
This release merges up the fix that appears in v2.39.4,
v2.40.2, v2.41.1, v2.42.2, v2.43.4 and v2.44.1 to address the
security issues CVE-2024-32002, CVE-2024-32004, CVE-2024-32020,
CVE-2024-32021 and CVE-2024-32465; see the release notes for
these versions for details.
2.45.0
Backward Compatibility Notes
UI, Workflows & Features
* Integrate the reftable code into the refs framework as a backend.
With "git init --ref-format=reftable", hopefully it would be a lot
more efficient to manage a repository with many references.
* "git checkout -p" and friends learned that that "@" is a synonym
for "HEAD".
* Variants of vimdiff learned to honor mergetool.<variant>.layout
settings.
* "git reflog" learned a "list" subcommand that enumerates known reflogs.
* When a merge conflicted at a submodule, merge-ort backend used to
unconditionally give a lengthy message to suggest how to resolve
it. Now the message can be squelched as an advice message.
* "git for-each-ref" learned "--include-root-refs" option to show
even the stuff outside the 'refs/' hierarchy.
* "git rev-list --missing=print" has learned to optionally take
"--allow-missing-tips", which allows the objects at the starting
points to be missing.
* "git merge-tree" has learned that the three trees involved in the
3-way merge only need to be trees, not necessarily commits.
* "git log --merge" learned to pay attention to CHERRY_PICK_HEAD and
other kinds of *_HEAD pseudorefs.
* Platform specific tweaks for OS/390 has been added to
config.mak.uname.
* Users with safe.bareRepository=explicit can still work from within
$GIT_DIR of a seconary worktree (which resides at .git/worktrees/$name/)
of the primary worktree without explicitly specifying the $GIT_DIR
environment variable or the --git-dir=<path> option.
* The output format for dates "iso-strict" has been tweaked to show
a time in the Zulu timezone with "Z" suffix, instead of "+00:00".
* "git diff" and friends learned two extra configuration variables,
diff.srcPrefix and diff.dstPrefix.
* The status.showUntrackedFiles configuration variable had a name
that tempts users to set a Boolean value expressed in our usual
"false", "off", and "0", but it only took "no". This has been
corrected so "true" and its synonyms are taken as "normal", while
"false" and its synonyms are taken as "no".
* Remove an ancient and not well maintained Hg-to-git migration
script from contrib/.
* Hints that suggest what to do after resolving conflicts can now be
squelched by disabling advice.mergeConflict.
* Allow git-cherry-pick(1) to automatically drop redundant commits via
a new `--empty` option, similar to the `--empty` options for
git-rebase(1) and git-am(1). Includes a soft deprecation of
`--keep-redundant-commits` as well as some related docs changes and
sequencer code cleanup.
* "git config" learned "--comment=<message>" option to leave a
comment immediately after the "variable = value" on the same line
in the configuration file.
* core.commentChar used to be limited to a single byte, but has been
updated to allow an arbitrary multi-byte sequence.
* "git add -p" and other "interactive hunk selection" UI has learned to
skip showing the hunk immediately after it has already been shown, and
an additional action to explicitly ask to reshow the current hunk.
* "git pack-refs" learned the "--auto" option, which defers the decision of
whether and how to pack to the ref backend. This is used by the reftable
backend to avoid repacking of an already-optimal ref database. The new mode
is triggered from "git gc --auto".
* "git add -u <pathspec>" and "git commit [-i] <pathspec>" did not
diagnose a pathspec element that did not match any files in certain
situations, unlike "git add <pathspec>" did.
* The userdiff patterns for C# has been updated.
* Git writes a "waiting for your editor" message on an incomplete
line after launching an editor, and then append another error
message on the same line if the editor errors out. It now clears
the "waiting for..." line before giving the error message.
* The filename used for rejected hunks "git apply --reject" creates
was limited to PATH_MAX, which has been lifted.
* When "git bisect" reports the commit it determined to be the
culprit, we used to show it in a format that does not honor common
UI tweaks, like log.date and log.decorate. The code has been
taught to use "git show" to follow more customizations.
Performance, Internal Implementation, Development Support etc.
* The code to iterate over refs with the reftable backend has seen
some optimization.
* More tests that are marked as "ref-files only" have been updated to
improve test coverage of reftable backend.
* Some parts of command line completion script (in contrib/) have
been micro-optimized.
* The way placeholders are to be marked-up in documentation have been
specified; use "_<placeholder>_" to typeset the word inside a pair
of <angle-brackets> emphasized.
* "git --no-lazy-fetch cmd" allows to run "cmd" while disabling lazy
fetching of objects from the promisor remote, which may be handy
for debugging.
* The implementation in "git clean" that makes "-n" and "-i" ignore
clean.requireForce has been simplified, together with the
documentation.
* Uses of xwrite() helper have been audited and updated for better
error checking and simpler code.
* Some trace2 events that lacked def_param have learned to show it,
enriching the output.
* The parse-options code that deals with abbreviated long option
names have been cleaned up.
* The code in reftable backend that creates new table files works
better with the tempfile framework to avoid leaving cruft after a
failure.
* The reftable code has its own custom binary search function whose
comparison callback has an unusual interface, which caused the
binary search to degenerate into a linear search, which has been
corrected.
* The code to iterate over reflogs in the reftable has been optimized
to reduce memory allocation and deallocation.
* Work to support a repository that work with both SHA-1 and SHA-256
hash algorithms has started.
* A new fuzz target that exercises config parsing code has been
added.
* Fix the way recently added tests interpolate variables defined
outside them, and document the best practice to help future
developers.
* Introduce an experimental protocol for contributors to propose the
topic description to be used in the "What's cooking" report, the
merge commit message for the topic, and in the release notes and
document it in the SubmittingPatches document.
* The t/README file now gives a hint on running individual tests in
the "t/" directory with "make t<num>-*.sh t<num>-*.sh".
(merge 8d383806fc pb/test-scripts-are-build-targets later to maint).
* The "hint:" messages given by the advice mechanism, when given a
message with a blank line, left a line with trailing whitespace,
which has been cleansed.
* Documentation rules has been explicitly described how to mark-up
literal parts and a few manual pages have been updated as examples.
* The .editorconfig file has been taught that a Makefile uses HT
indentation.
* t-prio-queue test has been cleaned up by using C99 compound
literals; this is meant to also serve as a weather-balloon to smoke
out folks with compilers who have trouble compiling code that uses
the feature.
* Windows binary used to decide the use of unix-domain socket at
build time, but it learned to make the decision at runtime instead.
* The "shared repository" test in the t0610 reftable test failed
under restrictive umask setting (e.g. 007), which has been
corrected.
* Document and apply workaround for a buggy version of dash that
mishandles "local var=val" construct.
* The codepaths that reach date_mode_from_type() have been updated to
pass "struct date_mode" by value to make them thread safe.
* The strategy to compact multiple tables of reftables after many
operations accumulate many entries has been improved to avoid
accumulating too many tables uncollected.
* The code to iterate over reftable blocks has seen some optimization
to reduce memory allocation and deallocation.
* The way "git fast-import" handles paths described in its input has
been tightened up and more clearly documented.
* The cvsimport tests required that the platform understands
traditional timezone notations like CST6CDT, which has been
updated to work on those systems as long as they understand
POSIX notation with explicit tz transition dates.
* The code to format trailers have been cleaned up.
2.44.0
* "git apply" on a filesystem without filemode support have learned
to take a hint from what is in the index for the path, even when
not working with the "--index" or "--cached" option, when checking
the executable bit match what is required by the preimage in the
patch.
(merge 45b625142d cp/apply-core-filemode later to maint).
* "git column" has been taught to reject negative padding value, as
it would lead to nonsense behaviour including division by zero.
(merge 76fb807faa kh/column-reject-negative-padding later to maint).
* "git am --help" now tells readers what actions are available in
"git am --whitespace=<action>", in addition to saying that the
option is passed through to the underlying "git apply".
(merge a171dac734 jc/am-whitespace-doc later to maint).
* "git tag --column" failed to check the exit status of its "git
column" invocation, which has been corrected.
(merge 92e66478fc rj/tag-column-fix later to maint).
* Credential helper based on libsecret (in contrib/) has been updated
to handle an empty password correctly.
(merge 8f1f2023b7 mh/libsecret-empty-password-fix later to maint).
* "git difftool --dir-diff" learned to honor the "--trust-exit-code"
option; it used to always exit with 0 and signalled success.
(merge eb84c8b6ce ps/difftool-dir-diff-exit-code later to maint).
* The code incorrectly attempted to use textconv cache when asked,
even when we are not running in a repository, which has been
corrected.
(merge affe355fe7 jk/textconv-cache-outside-repo-fix later to maint).
* Remove an empty file that shouldn't have been added in the first
place.
(merge 4f66942215 js/remove-cruft-files later to maint).
* The logic to access reflog entries by date and number had ugly
corner cases at the boundaries, which have been cleaned up.
(merge 5edd126720 jk/reflog-special-cases-fix later to maint).
* An error message from "git upload-pack", which responds to "git
fetch" requests, had a trailing NUL in it, which has been
corrected.
(merge 3f4c7a0805 sg/upload-pack-error-message-fix later to maint).
* Clarify wording in the CodingGuidelines that requires <git-compat-util.h>
to be the first header file.
(merge 4e89f0e07c jc/doc-compat-util later to maint).
* "git commit -v --cleanup=scissors" used to add the scissors line
twice in the log message buffer, which has been corrected.
(merge e90cc075cc jt/commit-redundant-scissors-fix later to maint).
* A custom remote helper no longer cannot access the newly created
repository during "git clone", which is a regression in Git 2.44.
This has been corrected.
(merge 199f44cb2e ps/remote-helper-repo-initialization-fix later to maint).
* Various parts of upload-pack have been updated to bound the resource
consumption relative to the size of the repository to protect from
abusive clients.
(merge 6cd05e768b jk/upload-pack-bounded-resources later to maint).
* The upload-pack program, when talking over v2, accepted the
packfile-uris protocol extension from the client, even if it did
not advertise the capability, which has been corrected.
(merge a922bfa3b5 jk/upload-pack-v2-capability-cleanup later to maint).
* Make sure failure return from merge_bases_many() is properly caught.
(merge 25fd20eb44 js/merge-base-with-missing-commit later to maint).
* FSMonitor client code was confused when FSEvents were given in a
different case on a case-insensitive filesystem, which has been
corrected.
(merge 29c139ce78 jh/fsmonitor-icase-corner-case-fix later to maint).
* The "core.commentChar" configuration variable only allows an ASCII
character, which was not clearly documented, which has been
corrected.
(merge fb7c556f58 kh/doc-commentchar-is-a-byte later to maint).
* With release 2.44 we got rid of all uses of test_i18ngrep and there
is no in-flight topic that adds a new use of it. Make a call to
test_i18ngrep a hard failure, so that we can remove it at the end
of this release cycle.
(merge 381a83dfa3 jc/test-i18ngrep later to maint).
* The command line completion script (in contrib/) learned to
complete "git reflog" better.
(merge 1284f9cc11 rj/complete-reflog later to maint).
* The logic to complete the command line arguments to "git worktree"
subcommand (in contrib/) has been updated to correctly honor things
like "git -C dir" etc.
(merge 3574816d98 rj/complete-worktree-paths-fix later to maint).
* When git refuses to create a branch because the proposed branch
name is not a valid refname, an advice message is given to refer
the user to exact naming rules.
(merge 8fbd903e58 kh/branch-ref-syntax-advice later to maint).
* Code simplification by getting rid of code that sets an environment
variable that is no longer used.
(merge 72a8d3f027 pw/rebase-i-ignore-cherry-pick-help-environment later to maint).
* The code to find the effective end of log messages can fall into an
endless loop, which has been corrected.
(merge 2541cba2d6 fs/find-end-of-log-message-fix later to maint).
* Mark-up used in the documentation has been improved for
consistency.
(merge 45d5ed3e50 ja/doc-markup-fixes later to maint).
* The status.showUntrackedFiles configuration variable was
incorrectly documented to accept "false", which has been corrected.
* Leaks from "git restore" have been plugged.
(merge 2f64da0790 rj/restore-plug-leaks later to maint).
* "git bugreport --no-suffix" was not supported and instead
segfaulted, which has been corrected.
(merge b3b57c69da js/bugreport-no-suffix-fix later to maint).
* The documentation for "%(trailers[:options])" placeholder in the
"--pretty" option of commands in the "git log" family has been
updated.
(merge bff85a338c bl/doc-key-val-sep-fix later to maint).
* "git checkout --conflict=bad" reported a bad conflictStyle as if it
were given to a configuration variable; it has been corrected to
report that the command line option is bad.
(merge 5a99c1ac1a pw/checkout-conflict-errorfix later to maint).
* Code clean-up in the "git log" machinery that implements custom log
message formatting.
(merge 1c10b8e5b0 jk/pretty-subject-cleanup later to maint).
* "git config" corrupted literal HT characters written in the
configuration file as part of a value, which has been corrected.
(merge e6895c3f97 ds/config-internal-whitespace-fix later to maint).
* A unit test for reftable code tried to enumerate all files in a
directory after reftable operations and expected to see nothing but
the files it wanted to leave there, but was fooled by .nfs* cruft
files left, which has been corrected.
(merge 0068aa7946 ps/reftable-unit-test-nfs-workaround later to maint).
* The implementation and documentation of "object-format" option
exchange between the Git itself and its remote helpers did not
quite match, which has been corrected.
* The "--pretty=<shortHand>" option of the commands in the "git log"
family, defined as "[pretty] shortHand = <expansion>" should have
been looked up case insensitively, but was not, which has been
corrected.
(merge f999d5188b bl/pretty-shorthand-config-fix later to maint).
* "git apply" failed to extract the filename the patch applied to,
when the change was about an empty file created in or deleted from
a directory whose name ends with a SP, which has been corrected.
(merge 776ffd1a30 jc/apply-parse-diff-git-header-names-fix later to maint).
* Update a more recent tutorial doc.
(merge 95ab557b4b dg/myfirstobjectwalk-updates later to maint).
* The test script had an incomplete and ineffective attempt to avoid
clobbering the testing user's real crontab (and its equivalents),
which has been completed.
(merge 73cb87773b es/test-cron-safety later to maint).
* Use advice_if_enabled() API to rewrite a simple pattern to
call advise() after checking advice_enabled().
(merge 6412d01527 rj/use-adv-if-enabled later to maint).
* Another "set -u" fix for the bash prompt (in contrib/) script.
(merge d7805bc743 vs/complete-with-set-u-fix later to maint).
* "git checkout/switch --detach foo", after switching to the detached
HEAD state, gave the tracking information for the 'foo' branch,
which was pointless.
* "git apply" has been updated to lift the hardcoded pathname length
limit, which in turn allowed a mksnpath() function that is no
longer used.
(merge 708f7e0590 rs/apply-lift-path-length-limit later to maint).
* A file descriptor leak in an error codepath, used when "git apply
--reject" fails to create the *.rej file, has been corrected.
(merge 2b1f456adf rs/apply-reject-fd-leakfix later to maint).
* A config parser callback function fell through instead of returning
after recognising and processing a variable, wasting cycles, which
has been corrected.
(merge a816ccd642 ds/fetch-config-parse-microfix later to maint).
* Fix was added to work around a regression in libcURL 8.7.0 (which has
already been fixed in their tip of the tree).
(merge 92a209bf24 jk/libcurl-8.7-regression-workaround later to maint).
* The variable that holds the value read from the core.excludefile
configuration variable used to leak, which has been corrected.
(merge 0e0fefb29f jc/unleak-core-excludesfile later to maint).
* vreportf(), which is used by error() and friends, has been taught
to give the error message printf-format string when its vsnprintf()
call fails, instead of showing nothing useful to identify the
nature of the error.
(merge c63adab961 rs/usage-fallback-to-show-message-format later to maint).
* Adjust to an upcoming changes to GNU make that breaks our Makefiles.
(merge 227b8fd902 tb/make-indent-conditional-with-non-spaces later to maint).
* Git 2.44 introduced a regression that makes the updated code to
barf in repositories with multi-pack index written by older
versions of Git, which has been corrected.
* When .git/rr-cache/ rerere database gets corrupted or rerere is fed to
work on a file with conflicted hunks resolved incompletely, the rerere
machinery got confused and segfaulted, which has been corrected.
(merge 167395bb47 mr/rerere-crash-fix later to maint).
* The "receive-pack" program (which responds to "git push") was not
converted to run "git maintenance --auto" when other codepaths that
used to run "git gc --auto" were updated, which has been corrected.
(merge 7bf3057d9c ps/run-auto-maintenance-in-receive-pack later to maint).
* Other code cleanup, docfix, build fix, etc.
(merge f0e578c69c rs/use-xstrncmpz later to maint).
(merge 83e6eb7d7a ba/credential-test-clean-fix later to maint).
(merge 64562d784d jb/doc-interactive-singlekey-do-not-need-perl later to maint).
(merge c431a235e2 cp/t9146-use-test-path-helpers later to maint).
(merge 82d75402d5 ds/doc-send-email-capitalization later to maint).
(merge 41bff66e35 jc/doc-add-placeholder-fix later to maint).
(merge 6835f0efe9 jw/remote-doc-typofix later to maint).
(merge 244001aa20 hs/rebase-not-in-progress later to maint).
(merge 2ca6c07db2 jc/no-include-of-compat-util-from-headers later to maint).
(merge 87bd7fbb9c rs/fetch-simplify-with-starts-with later to maint).
(merge f39addd0d9 rs/name-rev-with-mempool later to maint).
(merge 9a97b43e03 rs/submodule-prefix-simplify later to maint).
(merge 40b8076462 ak/rebase-autosquash later to maint).
(merge 3223204456 eg/add-uflags later to maint).
(merge 5f78d52dce es/config-doc-sort-sections later to maint).
(merge 781fb7b4c2 as/option-names-in-messages later to maint).
(merge 51d41dc243 jk/doc-remote-helpers-markup-fix later to maint).
(merge e1aaf309db pb/ci-win-artifact-names-fix later to maint).
(merge ad538c61da jc/index-pack-fsck-levels later to maint).
(merge 67471bc704 ja/doc-formatting-fix later to maint).
(merge 86f9ce7dd6 bl/doc-config-fixes later to maint).
(merge 0d527842b7 az/grep-group-error-message-update later to maint).
(merge 7c43bdf07b rs/strbuf-expand-bad-format later to maint).
(merge 8b68b48d5c ds/typofix-core-config-doc later to maint).
(merge 39bb692152 rs/imap-send-use-xsnprintf later to maint).
(merge 8d320cec60 jc/t2104-style-fixes later to maint).
(merge b4454d5a7b pw/t3428-cleanup later to maint).
(merge 84a7c33a4b pf/commitish-committish later to maint).
(merge 8882ee9d68 la/mailmap-entry later to maint).
(merge 44bdba2fa6 rs/no-openssl-compilation-fix-on-macos later to maint).
(merge f412d72c19 yb/replay-doc-linkfix later to maint).
(merge 5da40be8d7 xx/rfc2822-date-format-in-doc later to maint).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
projects / ipfire-2.x.git / log
