curl: Update to version 8.2.1 - Update from version 8.2.0 to 8.2.1 - Update of rootfile not required -Changelog 8.2.1 Bugfixes o amigaos: fix sys/mbuf.h m_len macro clash [9] o amissl: add missing signal.h include [8] o amissl: fix AmiSSL v5 detection [2] o cfilters: rename close/connect functions to avoid clashes [12] o ciphers.d: put URL in first column [1] o cmake: add `libcurlu`/`libcurltool` for unit tests [5] o cmake: update ngtcp2 detection [4] o configure: check for nghttp2_session_get_stream_local_window_size [14] o CONTRIBUTE: drop mention of copyright year ranges [20] o CONTRIBUTE: fix syntax in commit message description [21] o curl_multi_wait.3: fix arg quoting to doc macro .BR [27] o docs: mark two TLS options for TLS, not SSL [26] o docs: provide more see also for cipher options [23] o hostip: return IPv6 first for localhost resolves [16] o http2: fix regression on upload EOF handling [13] o http: VLH, very large header test and fixes [19] o libcurl-errors.3: add CURLUE_OK [11] o os400: correct EXPECTED_STRING_LASTZEROTERMINATED [7] o quiche: fix lookup of transfer at multi [18] o quiche: fix segfault and other things [15] o rustls: update rustls-ffi 0.10.0 [24] o socks: print ipv6 address within brackets [10] o src/mkhelp: strip off escape sequences [22] o tool: fix tool_seek_cb build when SIZEOF_CURL_OFF_T > SIZEOF_OFF_T [17] o transfer: do not clear the credentials on redirect to absolute URL [6] o unittest: remove unneeded *_LDADD [3] o websocket: rename arguments/variables to match docs [25] Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
curl: Update to version 8.2.0 - Update from version 8.1.0 to 8.2.0 - Update of rootfile - Changelog 8.2.0 Changes: curl: add --ca-native and --proxy-ca-native curl: add --trace-ids CURLOPT_MAIL_RCPT_ALLOWFAILS: replace CURLOPT_MAIL_RCPT_ALLLOWFAILS haproxy: add --haproxy-clientip flag to set client IPs lib: add CURLINFO_CONN_ID and CURLINFO_XFER_ID Bugfixes: bufq: make write/pass methods more robust build: drop unused/redundant `HAVE_WINLDAP_H` cf-socket: don't bypass fclosesocket callback if cancelled before connect cf-socket: move ctx declaration under HAVE_GETPEERNAME cf-socket: skip getpeername()/getsockname for TFTP checksrc: modernise perl file open checksrc: quote the file name to work with "funny" letters CI: brew fix for openssl in default path CI: don't install impacket if tests are not run CI: enable parallel make in more builds circleci: install impacket & wolfssl 5.6.0 cmake: add support for "unity" builds cmake: make use of snprintf cmake: stop CMake from quietly ignoring missing Brotli configure: add check for ldap_init_fd configure: fix run-compiler for old /bin/sh configure: the --without forms of the options are also gone connect-timeout.d: mention that the DNS lookup is included curl.h: include <sys/select.h> for vxworks curl: count uploaded data to stop at the originally given size curl: return error when asked to use an unsupported HTTP version curl_easy_nextheader.3: add missing open parenthesis examples curl_log: evaluate log statement only when transfer is verbose curl_mprintf.3: minor fix of the example curl_pushheader_byname/bynum.3: document in their own man pages curl_url_set: enforce the max string length check for all parts CURLOPT_AWS_SIGV4.3: remove unused variable from example CURLOPT_INFILESIZE.3: mention -1 triggers chunked CURLOPT_MIMEPOST.3: clarify what setting to NULL means CURLOPT_SSH_PRIVATE_KEYFILE.3: expand on the file search docs/libcurl/libcurl.3: cleanups and improvements docs: add more .IP after .RE to fix indentation of generate paragraphs docs: fix missing parameter names in examples docs: update CURLOPT_UPLOAD.3 docs: update HTTP3.md for newer ngtcp2 and nghttp3 docs: use a space after RFC when spelling out RFC numbers example/connect-to: show CURLOPT_CONNECT_TO example/crawler: also set CURLOPT_AUTOREFERER example/crawler: make it use a few more options example/default-scheme: set the default scheme for schemeless URLs example/hsts-preload: show one way to HSTS preload example/http2-download: set CURLOPT_BUFFERSIZE example/ipv6: feature CURLOPT_ADDRESS_SCOPE in use example/maxconnects: set maxconnect example example/opensslthreadlock: remove examples/ftpuploadresume.c: add use of CURLOPT_ACCEPTTIMEOUT_MS examples/http-options: show how to send "OPTIONS *" examples/https.c: use CURLOPT_CA_CACHE_TIMEOUT examples/multi-debugcallback.c: avoid the bool typedef examples/smtp-mime: use CURLOPT_MAIL_RCPT_ALLOWFAILS examples/unixsocket.c: example using CURLOPT_UNIX_SOCKET_PATH examples/websocket.c: websocket example using CONNECT_ONLY examples: make use of CURLOPT_(REDIR_|)PROTOCOLS_STR fopen: fix conversion warning on 32-bit Android fopen: optimize hostip.c: Move macOS-specific calls into global init call HTTP/2: upload handling fixes http2: better support for --limit-rate http2: error stream resets with code CURLE_HTTP2_STREAM http2: fix crash in handling stream weights http2: fix variable type http2: h2 and h2-PROXY connection alive check fixes http2: raise header limitations above and beyond http2: send HEADER & DATA together if possible http2: treat initial SETTINGS as a WINDOW_UPDATE HTTP3.md: update openssl version http3/ngtcp2: upload EAGAIN handling http: rectify the outgoing Cookie: header field size check hyper: fix EOF handling on input hyper: unslow imap-append.c: update to make it more likely to work imap: Provide method to disable SASL if it is advertised krb5: add typecast to please Coverity libcurl-url.3: also mention CURLUPART_ZONEID libcurl-ws.3. WebSocket API overview libssh2: provide error message when setting host key type fails libssh2: use custom memory functions ngtcp2: assigning timeout, but value is overwritten before used ngtcp2: build with 0.17.0 and nghttp3 0.13.0 ngtcp2: use ever increasing timestamp in io quiche: avoid NULL deref in debug logging quiche: fix defects found in latest coverity report quote.d: fix indentation of generated paragraphs runtests: abort test run after failure without -a runtests: better handle ^C during slow tests runtests: consistently write the test check summary block runtests: create multiple test runners when requested runtests: include missing valgrind package runtests: make test file directories in log/N runtests: rename server command file runtests: use more consistent failure lines runtests: work around a perl without SIGUSR1 runtests; give each server a unique log lock file scripts: Fix GHA matrix job detection in cijobs.pl sectransp: fix EOF handling system.h: remove __IBMC__/__IBMCPP__ guards and apply to all z/OS compiles test2600: fix the description test427: verify sending more cookies than fit in a 8190 bytes line tests/http: Add mod_h2 directive `H2ProxyRequests` tests/servers.pm: pick unused port number with a server socket tests/servers: generate temp names in /tmp for unix domain sockets tests: fix error messages & handling around sockets tests: improve reliability of TFTP tests testutil: allow multiple %-operators on the same line timeval: use CLOCK_MONOTONIC_RAW if available tls13-ciphers.d: include Schannel tool: remove exclamation marks from error/warning messages tool: remove newlines from all helpf/notef/warnf/errorf calls tool_easysrc.h: correct `easysrc_perform` for `CURL_DISABLE_LIBCURL_OPTION` tool_getparam: fix comment tool_operate: allow cookie lines up to 8200 bytes tool_parsecfg: accept line lengths up to 10M tool_urlglob: use curl_off_t instead of longs tool_writeout_json: fix encoding of control characters transfer: clear credentials when redirecting to absolute URL urlapi: have *set(PATH) prepend a slash if one is missing urlapi: scheme must start with alpha vtls: avoid memory leak if sha256 call fails websocket-cb: example doing WebSocket download using callback wolfssl: detect when TLS 1.2 support is not built into wolfssl wolfssl: support setting CA certificates as blob ws: make the curl_ws_meta() return pointer a const 8.1.2 Bugfixes: configure: quote the assignments for run-compiler configure: without pkg-config and no custom path, use -lnghttp2 curl: cache the --trace-time value for a second http2: fix EOF handling on uploads with auth negotiation http3: send EOF indicator early as possible lib1560: verify more scheme guessing lib: remove unused functions, make single-use static libcurl.m4: remove trailing 'dnl' that causes this to break autoconf libssh: when keyboard-interactive auth fails, try password misc: fix spelling mistakes page-header: mention curl version and how to figure out current release page-header: minor wording polish in the URL segment scripts/singleuse.pl: add more API calls urlapi: remove superfluous host name check 8.1.1 Bugfixes: cf-socket: completely remove the disabled USE_RECV_BEFORE_SEND_WORKAROUND checksrc: disallow spaces before labels cmake: avoid `list(PREPEND)` for compatibility cmake: repair cross compiling configure: fix --help alignment configure: generate a script to run the compiler curl_easy_getinfo: clarify on return data types docs: document that curl_url_cleanup(NULL) is a safe no-op hostip: move easy_lock.h include above curl_memory.h http2: double http request parser max line length http2: increase stream window size to 10 MB http2: upload improvements lib: fix conversion warnings with gcc on macOS lib: rename struct 'http_req' to 'httpreq' ngtcp2: fix compiler warning about possible null-deref ngtcp2: proper handling of uint64_t when adjusting send buffer os400: update chkstrings.c runtests: handle interrupted reads from IPC pipes runtests: use the correct fd after select sectransp.c: make the code c89 compatible select: avoid returning an error on EINTR from select() or poll() test425: fix the log directory for the upload url: provide better error message when URLs fail to parse urlapi: allow numerical parts in the host name vquic.c: make recvfrom_packets static, avoid compiler warning Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
curl: Update to version 8.1.0 - Update from version 7.88.1 to 8.1.0 - Update of rootfile not required - Changelog Fixed in 8.1.0 - May 17 2023 Changes: curl: add --proxy-http2 CURLPROXY_HTTPS2: for HTTPS proxy that may speak HTTP/2 hostip: refuse to resolve the .onion TLD tool_writeout: add URL component variables Bugfixes: amiga: Fix CA certificate paths for AmiSSL and MorphOS autotools: sync up clang picky warnings with cmake aws-sigv4.d: fix region identifier in example bufq: simplify since expression is always true cf-h1-proxy: skip an extra NULL assign cf-h2-proxy: fix processing ingress to stop too early cf-socket: add socket recv buffering for most tcp cases cf-socket: Disable socket receive buffer by default cf-socket: remove dead code discovered by PVS cf-socket: turn off IPV6_V6ONLY on Windows if it is supported checksrc: check for spaces before the colon of switch labels checksrc: find bad indentation in conditions without open brace checksrc: fix SPACEBEFOREPAREN for conditions starting with "*" ci: `-Wno-vla` no longer necessary CI: fix brew retries on GHA CI: Set minimal permissions on workflow ngtcp2-quictls.yml CI: skip Azure for commits which change only GHA CI: use another glob syntax for matching files on Appveyor cmake: bring in the network library on Haiku cmake: do not add zlib headers for openssl CMake: make config version 8 compatible with 7 cmake: picky-linker fixes for openssl, ZLIB, H3 and more cmake: set SONAME for SunOS too cmake: speed up and extend picky clang/gcc options CMakeLists.txt: fix typo for Haiku detection compressed.d: clarify the words on "not notifying headers" config-dos.h: fix SIZEOF_CURL_OFF_T for MS-DOS/DJGPP configure: don't set HAVE_WRITABLE_ARGV on Windows configure: fix detection of apxs (for httpd) configure: make quiche require quiche_conn_send_ack_eliciting connect: fix https connection setup to treat ssl_mode correctly content_encoding: only do transfer-encoding compression if asked to cookie: address PVS nits cookie: clarify that init with data set to NULL reads no file curl: do NOT append file name to path for upload when there's a query curl_easy_getinfo.3: typo fix (duplicated "from the") curl_easy_unescape.3: rename the argument curl_path: bring back support for SFTP path ending in /~ curl_url_set.3: mention that users can set content rather freely CURLOPT_IPRESOLVE.3: this for host names, not IP addresses data.d: emphasize no conversion digest: clear target buffer doc: curl_mime_init() strong easy binding was relaxed in 7.87.0 docs/cmdline-opts: document the dotless config path docs/examples/protofeats.c: outputs all protocols and features docs/libcurl/curl_*escape.3: rename "url" argument to "input"/"string" docs/SECURITY-ADVISORY.md: how to write a curl security advisory docs: bump the minimum perl version to 5.6 docs: clarify that more backends have HTTPS proxy support dynbuf: never allocate larger than "toobig" easy_cleanup: require a "good" handle to act ftp: fix 'portsock' variable was assigned the same value ftp: remove dead code ftplistparser: move out private data from public struct ftplistparser: replace realloc with dynbuf gen.pl: error on duplicated See-Also fields getpart: better handle case of file not found GHA-linux: add an address-sanitizer build GHA: add a memory-sanitizer job GHA: run all linux test jobs with valgrind GHA: suppress git clone output GIT-INFO: add --with-openssl gskit: various compile errors in OS400 h2/h3: replace `state.drain` counter with `state.dselect_bits` hash: fix assigning same value headers: clear (possibly) lingering pointer in init hostcheck: fix host name wildcard checking hostip: add locks around use of global buffer for alarm() hostip: enforce a maximum DNS cache size independent of timeout value HTTP-COOKIES.md: mention the #HttpOnly_ prefix http2: always EXPIRE_RUN_NOW unpaused http/2 transfers http2: do flow window accounting for cancelled streams http2: enlarge the connection window http2: flow control and buffer improvements http2: move HTTP/2 stream vars into local context http2: pass `stream` to http2_handle_stream_close to avoid NULL checks http2: remove unused Curl_http2_strerror function declaration HTTP3/quiche: terminate h1 response header when no body is sent http3: check stream_ctx more thoroughly in all backends HTTP3: document the ngtcp2/nghttp3 versions to use for building curl http3: expire unpaused transfers in all HTTP/3 backends http3: improvements across backends http: free the url before storing a new copy http: skip a double NULL assign ipv4.d/ipv6.d: they are "mutex", not "boolean" KNOWN_BUGS: remove fixed or outdated issues, move non-bugs lib/cmake: add HAVE_WRITABLE_ARGV check lib/sha256.c: typo fix in comment (duplicated "is available") lib1560: verify that more bad host names are rejected lib: add `bufq` and `dynhds` lib: remove CURLX_NO_MEMORY_CALLBACKS lib: unify the upload/method handling lib: use correct printf flags for sockets and timediffs libssh2: fix crash in keyboard callback libssh2: free fingerprint better libssh: tell it to use SFTP non-blocking man pages: simplify the .TH sections MANUAL.md: add dict example for looking up a single definition md(4|5): don't use deprecated iOS functions md4: only build when used mime: skip NULL assigns after Curl_safefree() multi: add handle asserts in DEBUG builds multi: add multi-ignore logic to multi_socket_action multi: free up more data earleier in DONE multi: remove a few superfluous assigns multi: remove PENDING + MSGSENT handles from the main linked list ngtcp2: adapted to 0.15.0 ngtcp2: adjust config and code checks for ngtcp2 without nghttp3 noproxy: pointer to local array 'hostip' is stored outside scope ntlm: clear lm and nt response buffers before use openssl: interop with AWS-LC OS400: fix and complete ILE/RPG binding OS400: implement EBCDIC support for recent features OS400: improve vararg emulation OS400: provide ILE/RPG usage examples pingpong: fix compiler warning "assigning an enum to unsigned char" pytest: improvements for suitable curl and error output quiche: disable pacing while pacing is not actually performed quiche: Enable IDLE egress handling RELEASE-PROCEDURE: update to new schedule rtsp: convert mallocs to dynbuf for RTP buffering rtsp: skip malformed RTSP interleaved frame data rtsp: skip NULL assigns after Curl_safefree() runtests: die if curl version can be found runtests: don't start servers if -l is given runtests: fix -c option when run with valgrind runtests: fix quoting in Appveyor and Azure test integration runtests: lots of refactoring runtests: refactor into more packages runtests: show error message if file can't be written runtests: spawn a new process for the test runner rustls: fix error in recv handling schannel: add clarifying comment server/getpart: clear target buffer before load smb: remove double assign smbserver: remove temporary files before exit socketpair: verify with a random value ssh: Add support for libssh2 read timeout telnet: simplify the implementation of str_is_nonascii() test1169: fix so it works properly everywhere test1592: add flaky keyword test1960: point to the correct path for the precheck tool test303: kill server after test tests/http: add timeout to running curl in test cases tests/http: fix log formatting on wrong exit code tests/http: fix out-of-tree builds tests/http: improved httpd detection tests/http: more tests with specific clients tests/http: relax connection check in test_07_02 tests/keywords.pl: remove tests/libtest/lib1900.c: remove tests/sshserver.pl: Define AddressFamily earlier tests: 1078 1288 1297 use valid IPv4 addresses tests: document that the unittest keyword is special tests: increase sws timeout for more robust testing tests: log a too-long Unix socket path in sws and socksd tests: make test_12_01 a bit more forgiving on connection counts tests: move pidfiles and portfiles under the log directory tests: move server config files under the pid dir tests: silence some Perl::Critic warnings in test suite tests: stop using strndup(), which isn't portable tests: switch to 3-argument open in test suite tests: turn perl modules into full packages tests: use %LOGDIR to refer to the log directory tool_cb_hdr: Fix 'Location:' formatting for early VTE terminals tool_operate: pass a long as CURLOPT_HEADEROPT argument tool_operate: refuse (--data or --form) and --continue-at combo transfer: refuse POSTFIELDS + RESUME_FROM combo transfer: skip extra assign url: fix null dispname for --connect-to option url: fix PVS nits url: remove call to Curl_llist_destroy in Curl_close urlapi: cleanups and improvements urlapi: detect and error on illegal IPv4 addresses urlapi: prevent setting invalid schemes with *url_set() urlapi: skip a pointless assign urlapi: URL encoding for the URL missed the fragment urldata: copy CURLOPT_AWS_SIGV4 value on handle duplication urldata: shrink *select_bits int => unsigned char vlts: use full buffer size when receiving data if possible vtls and h2 improvements Websocket: enhanced en-/decoding wolfssl.yml: bump to version 5.6.0 write-out.d: Use response_code in example ws: handle reads before EAGAIN better Fixed in 8.0.1 - March 20 2023 Bugfixes: fix crash in curl_easy_cleanup Fixed in 8.0.0 - March 20 2023 Changes: build: remove support for curl_off_t < 8 bytes Bugfixes: .cirrus.yml: Bump to FreeBSD 13.2 aws_sigv4: fall back to UNSIGNED-PAYLOAD for sign_as_s3 BINDINGS: add Fortran binding build: drop the use of XC_AMEND_DISTCLEAN build: fix stdint/inttypes detection with non-autotools cf-socket: fix handling of remote addr for accepted tcp sockets cf-socket: if socket is already connected, return CURLE_OK cf-socket: use port 80 when resolving name for local bind CI: don't run CI jobs if only another CI was changed CI: update ngtcp2 and nghttp2 for pytest cmake: delete unused HAVE__STRTOI64 cmake: fix enabling LDAPS on Windows cmake: skip CA-path/bundle auto-detection in cross-builds connect: fix time_connect and time_appconnect timer statistics cookie: don't load cookies again when flushing cookie: parse without sscanf() curl.h: require gcc 12.1 for the deprecation magic curl: make -w's %{stderr} use the file set with --stderr curl_path: create the new path with dynbuf CURLOPT_PIPEWAIT: allow waited reuse also for subsequent connections CURLOPT_PROXY.3: curl+NSS does not handle HTTPS over unix domain socket CURLSHOPT_SHARE.3: HSTS sharing is not thread-safe DEPRECATE: the original legacy mingw version 1 doc: fix compiler warning in libcurl.m4 docs/cmdline-opts: mark all global options docs/SECURITY-PROCESS.md: updates docs: extend the URL API descriptions docs: note '--data-urlencode' option DYNBUF.md: note Curl_dyn_add* calls Curl_dyn_free on failure easy: remove infof() debug leftover from curl_easy_recv examples/http3.c: use CURL_HTTP_VERSION_3 ftp: active mode with SSL, add the filter ftp: add more conditions for connection reuse ftp: allocate the wildcard struct on demand ftp: make the EPSV response parser not use sscanf ftp: replace sscanf for MDTM 213 response parsing ftp: replace sscanf for PASV parsing gssapi: align `gss_OID_desc` to silence ld warnings on macOS ventura headers: make curl_easy_header and nextheader return different buffers hostip: avoid sscanf and extra buffer copies http2: fix error handling during parallel operations http2: fix for http2-prior-knowledge when reusing connections http2: fix handling of RST and GOAWAY to recognize partial transfers http2: fix upload busy loop http: don't send 100-continue for short PUT requests http: fix unix domain socket use in https connects http: rewrite the status line parser without sscanf http_proxy: parse the status line without sscanf idn: return error if the conversion ends up with a blank host krb5: avoid sscanf for parsing lib1560: test parsing URLs with ridiculously large fields lib2305: deal with CURLE_AGAIN lib517: verify time stamps without leading zeroes plus some more lib: silence clang/gcc -Wvla warnings in brotli headers lib: skip Curl_llist_destroy calls libcurl-errors.3: add the CURLHcode errors from curl_easy_header.3 libssh2: only set the memory callbacks when debugging libssh2: remove unused variable from libssh2's struct libssh: use dynbuf instead of realloc Makefile.mk: delete redundant `HAVE_LDAP_SSL` macro Makefile.mk: fix -g option in debug mode mqtt: on send error, return error multi: make multi_perform ignore/unignore signals less often multi: remove PENDING + MSGSENT handles from the main linked list ngtcp2-gnutls.yml: bump to gnutls 3.8.0 ngtcp2: fix unwanted close of file descriptor 0 page-footer: add explanation for three missing exit codes parsedate: parse strings without using sscanf() parsedate: replace sscanf( for time stamp parsing quic/schannel: fix compiler warnings rand: use arc4random as fallback when available rate.d: single URLs make no sense in --rate example RELEASE-PROCEDURE.md: update coming release dates rtsp: avoid sscanf for parsing runtests: use a hash table for server port numbers sectransp: fix compiler warning c89 mixed code/declaration sectransp: make read_cert() use a dynbuf when loading secure-transport: fix recv return code handling select: stop treating POLLRDBAND as an error setopt: move the CURLOPT_CHUNK_DATA pointer to the set struct socket: detect "dead" connections better, e.g. not fit for reuse src: silence wmain() warning for all build methods telnet: only accept option arguments in ascii telnet: parse NEW_ENVIRON without sscanf telnet: parse telnet options without sscanf telnet: parse the WS= argument without sscanf test1470: test socks proxy using unix sockets and connect to https test1960: verify CURL_SOCKOPT_ALREADY_CONNECTED test2600: detect when ALARM_TIMEOUT is in use and adjust test422: verify --next used without a prior URL tests/http: add pytest to GHA and improve tests tests: add `cookies` features tests: add timeout, SLOWDOWN and DELAY keywords to tests tests: fix gnutls-serv check tests: fix MSVC unreachable code warnings in unit tests tests: hack to build most unit tests under cmake tests: HTTP server fixups tests: keep cmake unit tests names in sync tests: make CPPFLAGS common to all unit tests tests: make first.c the same for both lib tests and unit tests tests: support for imaps/pop3s/smtps protocols tests: sync option lists in runtests.pl & its man page tests: test secure mail protocols with explicit SSL requests tests: use AM_CPPFILES to modify flags in unit tests tests: use dynamic ports numbers in pytest suite tool: dump headers even if file is write-only tool: improve --stderr handling tool_getparam: don't add a new node for just --no-remote-name tool_getparam: error if --next is used without a prior URL tool_operate: avoid fclose(NULL) on bad header dump file tool_operate: propagate error codes for missing URL after --next tool_progress: shut off progress meter for --silent in parallel tool_writeout_json. fix the output for duplicate header names transfer: limit Windows SO_SNDBUF updates to once a second url: fix cookielist memleak when curl_easy_reset url: fix logic in connection reuse to deny reuse on "unclean" connections url: fix the SSH connection reuse check url: only reuse connections with same GSS delegation url: remove dummy protocol handler urlapi: '%' is illegal in host names urlapi: avoid mutating internals in getter routine urlapi: parse IPv6 literals without ENABLE_IPV6 urlapi: take const args in _dup and _get functions wildcard: remove files and move functions into ftplistparser.c winbuild: fix makefile clean wolfssl: add quic/ngtcp2 detection in cmake, and fix builds wolfSSL: ressurect the BIO `io_result` ws: keep the socket non-blocking x509asn1.c: use correct format specifier for infof() call x509asn1: use plain %x, not %lx, when the arg is an int Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
curl: Update to version 7.88.1 - Update from version 7.87.0 to 7.88.1 - Update of rootfile not required - Patch removed as fix now built into source tarball - Changelog Fixed in 7.88.1 - February 20 2023 Bugfixes: build-openssl.bat: keep OpenSSL 3 engine binaries cmake: fix Windows check for CryptAcquireContext connnect: fix timeout handling to use full duration curl: make --silent work stand-alone curl_setup: Suppress OpenSSL 3 deprecation warnings CURLOPT_WS_OPTIONS.3: fix the availability version GHA: update rustls dependency to 0.9.2 http2: buffer/pausedata and output flush fix. http2: set drain on stream end http: include stdint.h more readily krb5: silence cast-align warning lib1560: add IPv6 canonicalization tests os400: correct Curl_os400_sendto() remote-header-name.d: mention that filename* is not supported runtests: fix "uninitialized value $port" setopt: allow HTTP3 when HTTP2 is not defined socketpair: allow EWOULDBLOCK when reading the pair check bytes socks: allow using DoH to resolve host names tests-httpd: add proxy tests tests: make sure gnuserv-tls has SRP support before using it tests: make the telnet server shut down a socket gracefully tool_getparam: make --get a true boolean tool_operate: allow debug builds to set buffersize urlapi: do the port number extraction without using sscanf() urldata: remove `now` from struct SingleRequest - not needed Fixed in 7.88.0 - February 15 2023 Changes: curl.h: add CURL_HTTP_VERSION_3ONLY share: add sharing of HSTS cache among handles src: add --http3-only tool_operate: share HSTS between handles urlapi: add CURLU_PUNYCODE writeout: add %{certs} and %{num_certs} Bugfixes: cf-socket: fix build when not HAVE_GETPEERNAME cf-socket: keep sockaddr local in the socket filters cfilters:Curl_conn_get_select_socks: use the first non-connected filter CI: add a workflow to automatically label pull requests CI: add pytest GHA to CI test/tests-httpd on a HTTP/3 setup CI: Retry failed downloads to reduce spurious failures CI: update wolfssl / wolfssh to 5.5.4 / 1.4.12 cmake: bump requirement to 3.7 cmake: check for sendmsg cmake: delete redundant macro definition `SECURITY_WIN32` cmake: fix dev warning due to mismatched arg cmake: fix the snprintf detection cmake: remove deprecated symbols check cmake: set SOVERSION also for macOS cmake: use list APPEND syntax for CMAKE_REQUIRED_DEFINITIONS cmdline-opts/Makefile: on error, do not leave a partial CODEOWNERS: remove the peeps mentioned as CI owners connect: fix access of pointer before NULL check connect: fix build when not ENABLE_IPV6 connect: fix strategy testing for attempts, timeouts and happy-eyeball connections: introduce http/3 happy eyeballs content_encoding: do not reset stage counter for each header CONTRIBUTE: More formally specify the commit description cookies: fp is always not NULL copyright.pl: cease doing year verifications copyright: update all copyright lines and remove year ranges curl.1: make help, version and manual sections "custom" curl.h: allow up to 10M buffer size curl.h: mark CURLSSLBACKEND_MESALINK as deprecated curl/websockets.h: extend the websocket frame struct curl: output warning at --verbose output for debug-enabled version curl_free.3: fix return type of `curl_free` curl_global_sslset.3: clarify the openssl situation curl_log: for failf/infof and debug logging implementations curl_setup: Disable by default recv-before-send in Windows curl_version_info.3: fix typo curl_ws_send.3: clarify how to send multi-frame messages CURLOPT_HEADERDATA.3: warn DLL users must set write function CURLOPT_READFUNCTION.3: the callback 'size' arg is always 1 CURLOPT_WRITEFUNCTION.3: fix memory leak in example dict: URL decode the entire path always docs/DEPRECATE.md: deprecate gskit docs: add link to GitHub Discussions docs: mention indirect effects of --insecure docs: POSTFIELDSIZE must be set to -1 with read function doh: ifdef IPv6 code easyoptions: fix header printing in generation script escape: hex decode with a lookup-table escape: use table lookup when adding %-codes to output examples: remove the curlgtk.c example fopen: remove unnecessary assignment ftpserver: lower the DATA connect timeout to speed up torture tests GHA/macos.yml: bump to gcc-12 GHA/macos: use Xcode_14.0.1 for cmake builds GHA: add job on Slackware 15.0 GHA: bump ngtcp2 workflow dependencies GHA: enable websockets in the torture job GHA: move the quiche job here from zuul GHA: use designated ngtcp2 and its dependencies versions haxproxy: send before TLS handhshake header.d: add a header file example hsts.d: explain hsts more hsts: handle adding the same host name again HTTP/[23]: continue upload when state.drain is set http2: aggregate small SETTINGS/PRIO/WIN_UPDATE frames http2: fix compiler warning due to uninitialized variable http2: minor buffer and error path fixes http2: when using printf %.*s, the length arg must be 'int' HTTP3: mention what needs to be in place to remove EXPERIMENTAL label http: add additional condition for including stdint.h http: decode transfer encoding first http: fix "part of conditional expression is always false" http: remove the trace message "Mark bundle... multiuse" http_aws_sigv4: remove typecasts from HMAC_SHA256 macro http_proxy: do not assign data->req.p.http use local copy INSTALL: document how to use multiple TLS backends lib670: make test.h the first include lib: connect/h2/h3 refactor lib: fix typos lib: fix typos in comments which repeat a word libssh2: try sha2 algos for hostkey methods libtest: add a sleep macro for Windows Linux CI: update some dependecies to latest tag Makefile.mk: fix wolfssl and mbedtls default paths man pages: call the custom user pointer 'clientp' consistently md4: fix build with GnuTLS + OpenSSL v1 misc: fix grammar and spelling misc: fix spelling misc: reduce struct and struct field sizes msh3: add support for request payload msh3: update to v0.5 Release msh3: update to v0.6 multi: stop sending empty HTTP/3 UDP datagrams on Windows multihandle: turn bool struct fields into bits ngtcp2: add CURLOPT_SSL_CTX_FUNCTION support for openssl+wolfssl ngtcp2: fix the build without 'sendmsg' ngtcp2: replace removed define and stop using removed function no-clobber.d: only use long form options in man page text noproxy: support for space-separated names is deprecated nss: implement data_pending method openldap: fix missing sasl symbols at build in specific configs openssl: adapt to boringssl's error code type openssl: don't ignore CA paths when using Windows CA store (redux) openssl: don't log raw record headers openssl: make the BIO_METHOD a local variable in the connection filter openssl: only use CA_BLOB if verifying peer openssl: remove attached easy handles from SSL instances openssl: store the CA after first send (ClientHello) os400: fixes to make-lib.sh and initscript.sh packages: remove Android, update README release-notes.pl: check fixes/closes lines better Revert "x509asn1: avoid freeing unallocated pointers" runtest.pl: add expected fourth return value runtests: tear down http2/http3 servers when https server is stopped runtests: consider warnings fatal and error on them runtests: fix detection of TLS backends runtests: make 'mbedtls' a testable feature rustls: improve error messages scripts/delta: show percent of number of files changed since last tag scripts: fix Appveyor job detection in cijobs.pl scripts: set file mode +x on all perl and shell scripts sectransp: fix for incomplete read/writes SECURITY-PROCESS.md: document severity levels setopt: Address undefined behaviour by checking for null setopt: move the SHA256 opt within #ifdef libssh2 setopt: use >, not >=, when checking if uarg is larger than uint-max smb: return error on upload without size socketpair: allow localhost MITM sniffers strdup: name it Curl_strdup system.h: assume OS400 is always built with ILEC compiler test1560: use a UTF8-using locale when run test2304: remove stdout verification tests-httpd: basic infra to run curl against an apache httpd tests: add 3 new HTTP/2 test cases, plus https: support for nghttpx tests: add tests for HTTP/2 and HTTP/3 to verify the header API tests: avoid use of sha1 in certificates tls: fixes for wolfssl + openssl combo builds tool_getparam: fix hiding of command line secrets tool_operate: fix `CURLOPT_SOCKS5_GSSAPI_NEC` type tool_operate: fix error codes during DOS filename sanitize tool_operate: fix error codes on bad URL & OOM tool_operate: fix headerfile writing tool_operate: repair --rate transfer: break the read loop when RECV is cleared typecheck: accept expressions for option/info parameters url: fix part of conditional expression is always true urlapi: avoid Curl_dyn_addf() for hex outputs urlapi: fix part of conditional expression is always true: qlen urlapi: skip path checks if path is just "/" urlapi: skip the extra dedotdot alloc if no dot in path urldata: cease storing TLS auth type urldata: make 'ftp_create_missing_dirs' depend on FTP || SFTP urldata: make set.http200aliases conditional on HTTP being present urldata: move the cookefilelist to the 'set' struct urldata: remove unused struct fields, made more conditional vquic: stabilization and improvements vtls: fix hostname handling in filters vtls: manage current easy handle in nested cfilter calls vtls: use ALPN HTTP/1.0 when HTTP/1.0 is used winbuild: document that arm64 is supported windows: always use curl's basename() implementation wolfssl: remove deprecated post-quantum algorithms workflows/linux.yml: merge 3 common packages write-out.d: add 'since version' to %{header_json} documentation write-out.d: clarify Windows % symbol escaping ws: fix autoping handling ws: fix multiframe send handling ws: fix recv of larger frames ws: remove bad assert ws: unstick connect-only shutdown ws: use %Ou for outputting curl_off_t with info() x509asn1: fix compile errors and warnings zuul: stop using this CI service Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
curl: Update to version 7.87.0 - Update from version 7.86.0 to 7.87.0 - Update of rootfile - version 7.87.0 changed hoiw it deals with deprecated typecheck expressions. This caused zabbix_agentd build to fail. Curl developers created a commit to fix this in next version release. Added as patch here. Should be able to be removed with next curl update. - Changelog curl and libcurl 7.87.0 This release includes the following changes: o curl: add --url-query [52] o CURLOPT_QUICK_EXIT: don't wait for DNS thread on exit [75] o lib: add CURL_WRITEFUNC_ERROR to signal write callback error [47] o openssl: reduce CA certificate bundle reparsing by caching [11] o version: add a feature names array to curl_version_info_data [67] This release includes the following bugfixes: o altsvc: fix rejection of negative port numbers [144] o aws_sigv4: consult x-%s-content-sha256 for payload hash [102] o aws_sigv4: fix typos in aws_sigv4.c [101] o base64: better alloc size [124] o base64: encode without using snprintf [123] o base64: faster base64 decoding [120] o build: assume assert.h is always available [111] o build: assume errno.h is always available [110] o c-hyper: CONNECT respones are not server responses [137] o c-hyper: fix multi-request mechanism [115] o CI: Change FreeBSD image from 12.3 to 12.4 [108] o CI: LGTM.com will be shut down in December 2022 [112] o ci: Remove zuul fuzzing job as it's superseded by CIFuzz o cmake: check for cross-compile, not for toolchain [54] o CMake: fix build with `CURL_USE_GSSAPI` [78] o cmake: really enable warnings with clang [25] o cmake: set the soname on the shared library [140] o cmdline-opts/gen.pl: fix the linkifier [64] o cmdline-opts/page-footer: remove long option nroff formatting o config-mac: define HAVE_SYS_IOCTL_H [107] o config-mac: fix typo: size_T -> size_t [125] o config-mac: remove HAVE_SYS_SELECT_H [116] o config-win32: fix SIZEOF_OFF_T for MSVC and old MinGW [41] o configure: require fork for NTLM-WB [36] o contributors.sh: actually use $CURLWWW instead of just setting it [129] o cookie: compare cookie prefixes case insensitively [14] o cookie: expire cookies at once when max-age is negative [45] o cookie: open cookie jar as a binary file [89] o curl-openssl.m4: do not add $prefix/include/openssl to CPPFLAGS [90] o curl-rustls.m4: on macOS, rustls also needs the Security framework [44] o curl.h: include <sys/select.h> on SerenityOS [104] o curl.h: name all public function parameters [118] o curl.h: reword comment to not use deprecated option [132] o curl: override the numeric locale and set "C" by force [60] o curl: timeout in the read callback [15] o curl_endian: remove Curl_write64_le from header [81] o curl_get_line: allow last line without newline char [88] o curl_path: do not add '/' if homedir ends with one [4] o curl_url_get.3: remove spurious backtick [127] o curl_url_set.3: document CURLU_DISALLOW_USER [139] o curl_url_set.3: fix typo [148] o CURLMOPT_SOCKETFUNCTION.3: clarify CURL_POLL_REMOVE [1] o CURLOPT_COOKIEFILE.3: advice => advise [131] o CURLOPT_DEBUGFUNCTION.3: do not assume nul-termination in example [31] o CURLOPT_DEBUGFUNCTION.3: emphasize that incoming data is "raw" [130] o CURLOPT_POST.3: Explain setting to 0 changes request type [61] o docs/curl_ws_send: Fixed typo in websocket docs [114] o docs/EARLY-RELEASE.md: how to determine an early release [37] o docs/examples: spell correction ('Retrieve') [119] o docs/INSTALL.md: expand on static builds [62] o docs/WEBSOCKET.md: explain the URL use [71] o docs: add missing parameters for --retry flag [2] o docs: add more "SEE ALSO" links to CA related pages [82] o docs: explain the noproxy CIDR notation support [17] o docs: extend the dump-header documentation [150] o docs: remove performance note in CURLOPT_SSL_VERIFYPEER [13] o examples/10-at-a-time: fix possible skipped final transfers [85] o examples: update descriptions [83] o ftp: support growing files with CURLOPT_IGNORE_CONTENT_LENGTH [96] o gen.pl: do not generate CURLHELP bitmask lines > 79 characters [10] o GHA: clarify workflows permissions, set least possible privilege [79] o GHA: NSS use clang instead of clang-9 [103] o gnutls: use common gnutls init and verify code for ngtcp2 [98] o headers: add endif comments [51] o HTTP-COOKIES.md: mention that http://localhost is a secure context [76] o HTTP-COOKIES.md: update the 6265bis link to draft-11 [70] o http: do not send PROXY more than once [46] o http: fix the ::1 comparison for IPv6 localhost for cookies [155] o http: set 'this_is_a_follow' in the Location: logic [40] o http: use the IDN decoded name in HSTS checks [154] o hyper: classify headers as CONNECT and 1XX [56] o hyper: fix handling of hyper_task's when reusing the same address [33] o idn: remove Curl_win32_ascii_to_idn [153] o INSTALL: update operating systems and CPU archs [91] o KNOWN_BUGS: remove eight entries [50] o lib1560: add some basic IDN host name tests [151] o lib: connection filters (cfilter) addition to curl: [43] o lib: feature deprecation warnings in gcc >= 4.3 [58] o lib: fix some type mismatches and remove unneeded typecasts [12] o lib: parse numbers with fixed known base 10 [77] o lib: remove bad set.opt_no_body assignments [42] o lib: rewind BEFORE request instead of AFTER previous [65] o lib: sync guard for Curl_getaddrinfo_ex() definition and use [6] o lib: use size_t or int etc instead of longs [145] o libcurl-errors.3: remove duplicate word [3] o libssh2: return error when ssh_hostkeyfunc returns error [121] o limit-rate.d: see also --rate o log2changes.pl: wrap long lines at 80 columns [59] o Makefile.mk: address minor issues [87] o Makefile.mk: improve a GNU Make hack [122] o Makefile.mk: portable Makefile.m32 [86] o maketgz: set the right version in lib/libcurl.plist [53] o mime: relax easy/mime structures binding [94] o misc: Fix incorrect spelling [113] o misc: remove duplicated include files [28] o misc: typo and grammar fixes [23] o negtelnetserver.py: have it call its close() method [68] o netrc.d: provide mutext info [63] o netware: remove leftover traces [80] o noproxy: also match with adjacent comma [19] o noproxy: guard against empty hostnames in noproxy check [136] o noproxy: tailmatch like in 7.85.0 and earlier [35] o nroff-scan.pl: detect double highlights o ntlm: improve comment for encrypt_des [55] o ntlm: silence ubsan warning about copying from null target_info pointer [69] o openssl/mbedtls: use %d for outputing port with failf (int) [72] o openssl: prefix errors with '[lib]/[version]: ' [105] o os400: use platform socklen_t in Curl_getnameinfo_a [18] o page-header: grammar improvement (display transfer rate) [126] o proxy: refactor haproxy protocol handling as connection filter [57] o README.md: remove badges and xmas-tree garnish [9] o rtsp: fix RTSP auth [49] o runtests: --no-debuginfod now disables DEBUGINFOD_URLS [100] o runtests: do CRLF replacements per section only [97] o scripts/checksrc.pl: detect duplicated include files [29] o sendf: change Curl_read_plain to wrap Curl_recv_plain [48] o sendf: remove unnecessary if condition [26] o setup: do not require __MRC__ defined for Mac OS 9 builds [117] o smb/telnet: do not free the protocol struct in *_done() [152] o socks: fix username max size is 255 (0xFF) [146] o spellcheck.words: remove 'github' as an accepted word [22] o ssl-reqd.d: clarify that this is for upgrading connections only [138] o strcase: use curl_str(n)equal for case insensitive matches [8] o styled-output.d: this option does not work on Windows [93] o system.h: fix socklen_t, curl_off_t, long long for Classic Mac OS [133] o system.h: support 64-bit curl_off_t for NonStop 32-bit [21] o test1421: fix typo [109] o test3026: reduce runtime in legacy mingw builds [73] o tests/sshserver.pl: re-enable ssh-rsa while using openssh 8.8+ o tests: add authorityInfoAccess to generated certs [99] o tests: add HTTP/3 test case, custom location for proper nghttpx [106] o tls: backends use connection filters for IO, enabling HTTPS-proxy [92] o tool: determine the correct fopen option for -D [95] o tool_cfgable: free the ssl_ec_curves on exit [142] o tool_cfgable: make socks5_gssapi_nec a boolean [128] o tool_formparse: avoid clobbering on function params [135] o tool_getparam: make --no-get work as the opposite of --get [39] o tool_operate: provide better errmsg for -G with bad URL [16] o tool_operate: when aborting, make sure there is a non-NULL error buffer [20] o tool_paramhlp: free the proto strings on exit [141] o url: move back the IDN conversion of proxy names [74] o urlapi: reject more bad letters from the host name: &+() [143] o urldata: change port num storage to int and unsigned short [66] o vms: remove SIZEOF_SHORT [134] o vtls: fix build without proxy support [38] o vtls: localization of state data in filters [84] o WEBSOCKET.md: fix broken link [30] o Websocket: fixes for partial frames and buffer updates [7] o websockets: fix handling of partial frames [32] o windows: fail early with a missing windres in autotools [5] o windows: fix linking .rc to shared curl with autotools [24] o winidn: drop WANT_IDN_PROTOTYPES [27] o ws: if no connection is around, return error [149] o ws: return CURLE_NOT_BUILT_IN when websockets not built in [34] o x509asn1: avoid freeing unallocated pointers [147] Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
curl: Update to version 7.86.0 - Update from version 7.84.0 to 7.86.0 - Update of rootfile - curl-7.84.0-easy_lock_h_include_sched_h_if_available_to_fix_build.patch removed as this is now built into the source tarball version - Changelog - is too large to inclkude here. The details can be found in the RELEASE_NOTES file in the source tarballs. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
curl: Update to version 7.84.0 - Update from version 7.83.1 to 7.84.0 - Update of rootfile - Changelog 7.84.0 - June 27 2022 Changes: curl: add --rate to set max request rate per time unit curl: deprecate --random-file and --egd-file curl_version_info: add CURL_VERSION_THREADSAFE CURLINFO_CAPATH/CAINFO: get the default CA paths from libcurl lib: make curl_global_init() threadsafe when possible libssh2: add CURLOPT_SSH_HOSTKEYFUNCTION opts: deprecate RANDOM_FILE and EGDSOCKET socks: support unix sockets for socks proxy Bugfixes: aws-sigv4: fix potentional NULL pointer arithmetic bindlocal: don't use a random port if port number would wrap c-hyper: mark status line as status for Curl_client_write() ci: avoid `cmake -Hpath` CI: bump FreeBSD 13.0 to 13.1 ci: update github actions cmake: add libpsl support cmake: do not add libcurl.rc to the static libcurl library cmake: enable curl.rc for all Windows targets cmake: fix detecting libidn2 cmake: support adding a suffix to the OS value configure: skip libidn2 detection when winidn is used configure: use the SED value to invoke sed configure: warn about rustls being experimental content_encoding: return error on too many compression steps cookie: address secure domain overlay cookie: apply limits copyright.pl: parse and use .reuse/dep5 for skips copyright: make repository REUSE compliant curl.1: add a few see also --tls-max curl.1: mention exit code zero too curl: re-enable --no-remote-name curl_easy_pause.3: remove explanation of progress function curl_getdate.3: document that some illegal dates pass through Curl_parsenetrc: don't access local pwbuf outside of scope curl_url_set.3: clarify by default using known schemes only CURLOPT_ALTSVC.3: document the file format CURLOPT_FILETIME.3: fix the protocols this works with CURLOPT_HTTPHEADER.3: improve comment in example CURLOPT_NETRC.3: document the .netrc file format CURLOPT_PORT.3: We discourage using this option CURLOPT_RANGE.3: remove ranged upload advice digest: added detection of more syntax error in server headers digest: tolerate missing "realm" digest: unquote realm and nonce before processing DISABLED: disable 1021 for hyper again docs/cmdline-opts: add copyright and license identifier to each file docs/CONTRIBUTE.md: document the 'needs-votes' concept docs: clarify data replacement policy for MIME API doh: remove UNITTEST macro definition examples/crawler.c: use the curl license examples: remove fopen.c and rtsp.c FAQ: Clarify Windows double quote usage fopen: add Curl_fopen() for better overwriting of files ftp: restore protocol state after http proxy CONNECT ftp: when failing to do a secure GSSAPI login, fail hard GHA/hyper: enable debug in the build gssapi: improve handling of errors from gss_display_status gssapi: initialize gss_buffer_desc strings headers api: remove EXPERIMENTAL tag http2: always debug print stream id in decimal with %u http2: reject overly many push-promise headers http: restore header folding behavior hyper: use 'alt-used' krb5: return error properly on decode errors lib: make more protocol specific struct fields #ifdefed libcurl-security.3: add "Secrets in memory" libcurl-security.3: document CRLF header injection libssh: skip the fake-close when libssh does the right thing links: update dead links to the curl-wiki log2changes: do not indent empty lines [ci skip] macos9: remove partial support Makefile.am: fix portability issues Makefile.m32: delete obsolete options, improve -On [ci skip] Makefile.m32: delete two obsolete OpenSSL options [ci skip] Makefile.m32: stop forcing XP target with ipv6 enabled [ci skip] max-time.d: clarify max-time sets max transfer time mprintf: ignore clang non-literal format string netrc: check %USERPROFILE% as well on Windows netrc: support quoted strings ngtcp2: allow curl to send larger UDP datagrams ngtcp2: correct use of ngtcp2 and nghttp3 signed integer types ngtcp2: enable Linux GSO ngtcp2: extend QUIC transport parameters buffer ngtcp2: fix alert_read_func return value ngtcp2: fix typo in preprocessor condition ngtcp2: handle error from ngtcp2_conn_submit_crypto_data ngtcp2: send appropriate connection close error code ngtcp2: support boringssl crypto backend ngtcp2: use helper funcs to simplify TLS handshake integration ntlm: provide a fixed fake host name projects: fix third-party SSL library build paths for Visual Studio quic: add Curl_quic_idle quiche: support ca-fallback rand: stop detecting /dev/urandom in cross-builds remote-name.d: mention --output-dir runtests.pl: add the --repeat parameter to the --help output runtests: fix skipping tests not done event-based runtests: skip starting the ssh server if user name is lacking scripts/copyright.pl: fix the exclusion to not ignore man pages sectransp: check for a function defined when __BLOCKS__ is undefined select: return error from "lethal" poll/select errors server/sws: support spaces in the HTTP request path speed-limit/time.d: mention these affect transfers in either direction strcase: some optimisations test 2081: add a valid reply for the second request test 675: add missing CR so the test passes when run through Privoxy test414: add the '--resolve' keyword test681: verify --no-remote-name tests 266, 116 and 1540: add a small write delay tests/data/test1501: kill ftp server after slow LIST response tests/getpart: fix getpartattr to work with "data" and "data2" tests/server/sws.c: change the HTTP writedelay unit to milliseconds test{440,441,493,977}: add "HTTP proxy" keywords tool_getparam: fix --parallel-max maximum value constraint tool_operate: make sure --fail-with-body works with --retry transfer: fix potential NULL pointer dereference transfer: maintain --path-as-is after redirects transfer: upload performance; avoid tiny send url: free old conn better on reuse url: remove redundant #ifdefs in allocate_conn() url: URL encode the path when extracted, if spaces were set urlapi: make curl_url_set(url, CURLUPART_URL, NULL, 0) clear all parts urlapi: support CURLU_URLENCODE for curl_url_get() urldata: reduce size of a few struct fields urldata: remove three unused booleans from struct UserDefined urldata: store tcp_keepidle and tcp_keepintvl as ints version: allow stricmp() for sorting the feature list vtls: make curl_global_sslset thread-safe wolfssh.h: removed wolfssl: correct the failf() message when a handle can't be made wolfSSL: explicitly use compatibility layer x509asn1: mark msnprintf return as unchecked Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
curl: Update to version 7.83.1 - Update from version 7.83.0 to 7.83.1 - Update of rootfile not required - Changelog version 7.83.1 This release includes the following bugfixes: o altsvc: fix host name matching for trailing dots [31] o cirrus: Update to FreeBSD 12.3 [24] o cirrus: Use pip for Python packages on FreeBSD [23] o conn: fix typo 'connnection' -> 'connection' in two function names [1] o cookies: make bad_domain() not consider a trailing dot fine [26] o curl: free resource in error path [3] o curl: guard against size_t wraparound in no-clobber code [4] o CURLOPT_DOH_URL.3: mention the known bug [19] o CURLOPT_HSTS*FUNCTION.3: document the involved structs as well [20] o CURLOPT_SSH_AUTH_TYPES.3: fix the default [18] o data/test376: set a proper name o GHA/mbedtls: enabled nghttp2 in the build [11] o gha: build msh3 [5] o gskit: fixed bogus setsockopt calls [17] o gskit: remove unused function set_callback [2] o hsts: ignore trailing dots when comparing hosts names [28] o HTTP-COOKIES: add missing CURLOPT_COOKIESESSION [40] o http: move Curl_allow_auth_to_host() [9] o http_proxy/hyper: handle closed connections [34] o hyper: fix test 357 [32] o Makefile: fix "make ca-firefox" [37] o mbedtls: bail out if rng init fails [14] o mbedtls: fix compile when h2-enabled [12] o mbedtls: fix some error messages o misc: use "autoreconf -fi" instead buildconf [22] o msh3: get msh3 version from MsH3Version [6] o msh3: print boolean value as text representation [10] o msh3: psss remote_port to MsH3ConnectionOpen [7] o ngtcp2: add ca-fallback support for OpenSSL backend [35] o nss: return error if seemingly stuck in a cert loop [30] o openssl: define HAVE_SSL_CTX_SET_EC_CURVES for libressl [8] o post_per_transfer: remove the updated file name [27] o sectransp: bail out if SSLSetPeerDomainName fails [33] o tests/server: declare variable 'reqlogfile' static [39] o tests: fix markdown formatting in README [38] o test{898,974,976}: add 'HTTP proxy' keywords [16] o tls: check more TLS details for connection reuse [25] o url: check SSH config match on connection reuse [21] o urlapi: address (harmless) UndefinedBehavior sanitizer warning [15] o urlapi: reject percent-decoding host name into separator bytes [29] o x509asn1: make do_pubkey handle EC public keys [13] Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
curl: Update to version 7.83.0 - Update from 7.82.0 to 7.83.0 - Update of rootfile - Changelog 7.83.0 Changes: o curl: add %header{name} experimental support in -w handling o curl: add %{header_json} experimental support in -w handling o curl: add --no-clobber [28] o curl: add --remove-on-error [11] o header api: add curl_easy_header and curl_easy_nextheader [56] o msh3: add support for QUIC and HTTP/3 using msh3 [84] Bugfixes: o appveyor: add Cygwin build [77] o appveyor: only add MSYS2 to PATH where required [78] o BearSSL: add CURLOPT_SSL_CIPHER_LIST support [27] o BearSSL: add CURLOPT_SSL_CTX_FUNCTION support [26] o BINDINGS.md: add Hollywood binding [34] o CI: Do not use buildconf. Instead, just use: autoreconf -fi [42] o CI: install Python package impacket to run SMB test 1451 [5] o configure.ac: move -pthread CFLAGS setting back where it used to be [14] o configure: bump the copyright year range int the generated output o conncache: include the zone id in the "bundle" hashkey [112] o connecache: remove duplicate connc->closure_handle check [90] o connect: make Curl_getconnectinfo work with conn cache from share handle [22] o connect: use TCP_KEEPALIVE only if TCP_KEEPIDLE is not defined [6] o cookie.d: clarify when cookies are sent o cookies: improve errorhandling for reading cookiefile [123] o curl/system.h: update ifdef condition for MCST-LCC compiler [4] o curl: error out if -T and -d are used for the same URL [99] o curl: error out when options need features not present in libcurl [18] o curl: escape '?' in generated --libcurl code [117] o curl: fix segmentation fault for empty output file names. [60] o curl_easy_header: fix typos in documentation [74] o CURLINFO_PRIMARY_PORT.3: clarify which port this is [126] o CURLOPT*TLSAUTH.3: they only work with OpenSSL or GnuTLS [105] o CURLOPT_DISALLOW_USERNAME_IN_URL.3: use uppercase URL o CURLOPT_PREQUOTE.3: only works for FTP file transfers, not dirs [79] o CURLOPT_PROGRESSFUNCTION.3: fix typo in example [63] o CURLOPT_UNRESTRICTED_AUTH.3: extended explanation [127] o CURLSHOPT_UNLOCKFUNC.3: fix the callback prototype [9] o docs/HYPER.md: updated to reflect current hyper build needs o docs/opts: Mention Schannel client cert type is P12 [50] o docs: Fix missing semicolon in example code [102] o docs: lots of minor language polish [51] o English: use American spelling consistently [95] o fail.d: tweak the description [101] o firefox-db2pem.sh: make the shell script safer [47] o ftp: fix error message for partial file upload [61] o gen.pl: change wording for mutexed options [98] o GHA: add openssl3 jobs moved over from zuul [88] o GHA: build hyper with nightly rustc [7] o GHA: move bearssl jobs over from zuul [85] o gha: move the event-based test over from Zuul [59] o gtls: fix build for disabled TLS-SRP [48] o http2: handle DONE called for the paused stream [69] o http2: RST the stream if we stop it on our own will [67] o http: avoid auth/cookie on redirects same host diff port [110] o http: close the stream (not connection) on time condition abort [68] o http: reject header contents with nul bytes [41] o http: return error on colon-less HTTP headers [31] o http: streamclose "already downloaded" [57] o hyper: fix status_line() return code [13] o hyper: fix tests 580 and 581 for hyper [107] o hyper: no h2c support [33] o infof: consistent capitalization of warning messages [103] o ipv4/6.d: clarify that they are about using IP addresses [3] o json.d: fix typo (overriden -> overridden) [24] o keepalive-time.d: It takes many probes to detect brokenness [29] o lib/warnless.[ch]: only check for WIN32 and ignore _WIN32 [45] o lib670: avoid double check result [71] o lib: #ifdef on USE_HTTP2 better [65] o lib: fix some misuse of curlx_convert_wchar_to_UTF8 [38] o lib: remove exclamation marks [100] o libssh2: compare sha256 strings case sensitively [114] o libssh2: make the md5 comparison fail if wrong length [111] o libssh: fix build with old libssh versions [12] o libssh: fix double close [124] o libssh: Improve fix for missing SSH_S_ stat macros [10] o libssh: unstick SFTP transfers when done event-based [58] o macos: set .plist version in autoconf [122] o mbedtls: remove 'protocols' array from backend when ALPN is not used [66] o mbedtls: remove server_fd from backend [91] o mk-ca-bundle.pl: Use stricter logic to process the certificates [39] o mk-ca-bundle.vbs: delete this script in favor of mk-ca-bundle.pl [8] o mlc_config.json: add file to ignore known troublesome URLs [35] o mqtt: better handling of TCP disconnect mid-message [55] o ngtcp2: add client certificate authentication for OpenSSL [15] o ngtcp2: avoid busy loop in low CWND situation [119] o ngtcp2: deal with sub-millisecond timeout [116] o ngtcp2: disconnect the QUIC connection proper [19] o ngtcp2: enlarge H3_SEND_SIZE [82] o ngtcp2: fix HTTP/3 upload stall and avoid busy loop [83] o ngtcp2: fix memory leak [80] o ngtcp2: fix QUIC_IDLE_TIMEOUT [94] o ngtcp2: make curl 1ms faster [93] o ngtcp2: remove remote_addr which is not used in a meaningful way [81] o ngtcp2: update to work after recent ngtcp2 updates [62] o ngtcp2: use token when detecting :status header field [92] o nonblock: restore setsockopt method to curlx_nonblock [20] o openssl: check SSL_get_peer_cert_chain return value [1] o openssl: enable CURLOPT_SSL_EC_CURVES with BoringSSL [23] o openssl: fix CN check error code [21] o options: remove mistaken space before paren in prototype o perl: removed a double semicolon at end of line [64] o pop3/smtp: return *WEIRD_SERVER_REPLY when not understood [43] o projects/README: converted to markdown [76] o projects: Update VC version names for VS2017, VS2022 [52] o rtsp: don't let CSeq error override earlier errors [37] o runtests: add 'bearssl' as testable feature [87] o runtests: make 'oldlibssh' be before 0.9.4 [2] o schannel: remove dead code that will never run [89] o scripts/copyright.pl: ignore the new mlc_config.json file o scripts: move three scripts from lib/ to scripts/ [44] o test1135: sync with recent API updates [54] o test1459: disable for oldlibssh [53] o test375: fix line endings on Windows [40] o test386: Fix an incorrect test markup tag o test718: edited slightly to return better HTTP [32] o tests/server/util.h: align WIN32 condition with util.c [46] o tests: refactor server/socksd.c to support --unix-socket [96] o timediff.[ch]: add curlx helper functions for timeval conversions [86] o tls: make mbedtls and NSS check for h2, not nghttp2 [70] o tool and tests: force flush of all buffers at end of program [17] o tool_cb_hdr: Turn the Location: into a terminal hyperlink [30] o tool_getparam: error out on missing -K file [115] o tool_listhelp.c: uppercase URL o tool_operate: fix a scan-build warning [16] o tool_paramhlp: use feof(3) to identify EOF correctly when using fread(3) [97] o transfer: redirects to other protocols or ports clear auth [109] o unit1620: call global_init before calling Curl_open [125] o url: check sasl additional parameters for connection reuse. [113] o vtls: provide a unified APLN-disagree string for all backends [75] o vtls: use a backend standard message for "ALPN: offers %s" [73] o vtls: use a generic "ALPN, server accepted" message [72] o winbuild/README.md: fixup dead link [36] o winbuild: Add a Visual Studio example to the README [49] o wolfssl: fix compiler error without IPv6 [25] Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
curl: Update to version 7.82.0 - Update from 7.81.0 to 7.82.0 - Update of rootfile not required - Changelog Versionl 7.82.0 This release includes the following changes: o curl: add --json [67] o mesalink: remove support [23] This release includes the following bugfixes: o appveyor: update images from VS 2019 to 2022 o appveyor: use VS 2017 image for the autotools builds o azure-pipelines: add a build on Windows with libssh [154] o bearssl: fix connect error on expired cert and no verify [132] o bearssl: fix EXC_BAD_ACCESS on incomplete CA cert [131] o bearssl: fix session resumption (session id) [133] o build: enable -Warith-conversion o build: fix -Wenum-conversion handling o build: fix ngtcp2 crypto library detection [63] o checkprefix: remove strlen calls [128] o checksrc: fix typo in comment [34] o CI: move 'distcheck' job from zuul to azure pipelines [60] o CI: move scan-build job from Zuul to Azure Pipelines [59] o CI: move the NSS job from zuul to GHA [84] o ci: move the OpenSSL + c-ares job from Zuul to Circle CI [75] o CI: move the rustls CI job to GHA from Zuul [8] o CI: move two jobs from Zuul to Circle CI [73] o CI: test building wolfssl with --enable-opensslextra [42] o CI: workflows/wolfssl: install impacket [47] o circleci: add a job using libssh [121] o cirlceci: also run a c-ares job on arm with debug enabled [74] o cmake: fix iOS CMake project generation error [13] o cmdline-opts/gen.pl: fix option matching to improve references [50] o config.d: Clarify _curlrc filename is still valid on Windows [95] o configure.ac: use user-specified gssapi dir when using pkg-config [136] o configure: change output for cross-compiled alt-svc support [140] o configure: fix '--enable-code-coverage' typo [110] o configure: remove support for "embedded ares" [82] o configure: requires --with-nss-deprecated to build with NSS [114] o configure: set CURL_LIBRARY_PATH for nghttp2 [58] o configure: support specification of a nghttp2 library path [101] o configure: use correct CFLAGS for threaded resolver with xlC on AIX [54] o curl tool: erase some more sensitive command line arguments [22] o curl-functions.m4: fix LIBRARY_PATH adjustment to avoid eval [5] o curl-functions.m4: revert DYLD_LIBRARY_PATH tricks in CURL_RUN_IFELSE [9] o curl-openssl: fix SRP check for OpenSSL 3.0 [86] o curl-openssl: remove the OpenSSL headers and library versions check [35] o curl.h: fix typo [129] o curl: remove "separators" (when using globbed URLs) [32] o curl_getdate.3: remove pointless .PP line [68] o curl_multi_socket.3: remove callback and typical usage descriptions [7] o curl_url_set.3: mention when CURLU_ALLOW_SPACE was added o CURLMOPT_TIMERFUNCTION/DATA.3: fix the examples [27] o CURLOPT_PROGRESSFUNCTION.3: fix example struct assignment [147] o CURLOPT_RESOLVE.3: change example port to 443 o CURLOPT_XFERINFOFUNCTION.3: fix example struct assignment [153] o CURLOPT_XFERINFOFUNCTION.3: fix typo in example [81] o CURLSHOPT_LOCKFUNC.3: fix typo "relased" -> "released" [71] o des: fix compile break for OpenSSL without DES [141] o docs/cmdline-opts: add "mutexed" options for more http versions [25] o docs/DEPRECATE: remove NPN support in August 2022 [64] o docs: capitalize the name 'Netscape' [77] o docs: document HTTP/2 not insisting on TLS 1.2 [49] o docs: fix mandoc -T lint formatting complaints [2] o docs: update IETF links to use datatracker [41] o examples/curlx: support building with OpenSSL 1.1.0+ [148] o examples/multi-app.c: call curl_multi_remove_handle as well [19] o formdata: avoid size_t => long typecast overflows [37] o ftp: provide error message for control bytes in path [66] o gen.pl: terminate "example" sections better [4] o gha: add a macOS CI job with libssh [142] o gskit: Convert to using Curl_poll [111] o gskit: Fix errors from Curl_strerror refactor [113] o gskit: Fix initialization of Curl_ssl_gskit struct [112] o h2/h3: allow CURLOPT_HTTPHEADER change ":scheme" [88] o hostcheck: fixed to not touch used input strings [38] o hostcheck: reduce strlen calls on chained certificates [92] o hostip: avoid unused parameter error in Curl_resolv_check [144] o http2: move two infof calls to debug-h2-only [145] o http: make Curl_compareheader() take string length arguments too [87] o if2ip: make Curl_ipv6_scope a blank macro when IPv6-disabled [104] o KNOWN_BUGS: fix typo "libpsl" o ldap: return CURLE_URL_MALFORMAT for bad URL [24] o lib: remove support for CURL_DOES_CONVERSIONS [96] o libssh2: don't typecast socket to int for libssh2_session_handshake [151] o libssh: fix include files and defines use for Windows builds [156] o Makefile.am: Generate VS 2022 projects o maketgz: return error if 'make dist' fails [79] o mbedtls: enable use of mbedtls without CRL support [57] o mbedtls: enable use of mbedtls without filesystem functions support [100] o mbedtls: fix CURLOPT_SSLCERT_BLOB (again) o mbedtls: fix ssl_init error with mbedTLS 3.1.0+ [12] o mbedtls: remove #include <mbedtls/certs.h> [56] o mbedtls: return CURLcode result instead of a mbedtls error code [1] o md5: check md5_init_func return value o mime: use a define instead of the magic number 24 [89] o misc: allow curl to build with wolfssl --enable-opensslextra [43] o misc: remove BeOS code and references [30] o misc: remove the final watcom references [29] o misc: remove unused data when IPv6 is not supported [80] o mqtt: free 'sendleftovers' in disconnect [115] o mqtt: free any send leftover data when done [36] o multi: allow user callbacks to call curl_multi_assign [126] o multi: grammar fix in comment [69] o multi: remember connection_id before returning connection to pool [76] o multi: set in_callback for multi interface callbacks [28] o netware: remove support [72] o next.d. remove .fi/.nf as they are handled by gen.pl [3] o ngtcp2: adapt to changed end of headers callback proto [39] o ngtcp2: fix declaration of ‘result’ shadows a previous local [14] o ngtcp2: Reset dynbuf when it is fully drained [143] o nss: handshake callback during shutdown has no conn->bundle [55] o ntlm: remove unused feature defines [117] o openldap: fix compiler warning when built without SSL support [70] o openldap: implement SASL authentication [16] o openldap: pass string length arguments to client_write() [116] o openssl.h: avoid including OpenSSL headers here [15] o openssl: check if sessionid flag is enabled before retrieving session [125] o openssl: check SSL_get_ex_data to prevent potential NULL dereference [40] o openssl: check the return value of BIO_new_mem_buf() [18] o openssl: fix `ctx_option_t` for OpenSSL v3+ o openssl: fix build for version < 1.1.0 [134] o openssl: return error if TLS 1.3 is requested when not supported [45] o os400: Add function wrapper for system command [138] o os400: Add link to QADRT devkit to README.OS400 [137] o os400: Default build to target current release [139] o OS400: fix typos in rpg include file [149] o projects: add support for Visual Studio 17 (2022) [124] o projects: fix Visual Studio wolfSSL configurations o projects: remove support for MSVC before VC10 (Visual Studio 2010) [123] o quiche: after leaving h3_recving state, poll again [108] o quiche: change qlog file extension to `.sqlog` [44] o quiche: fix upload for bigger content-length [146] o quiche: handle stream reset [83] o quiche: remove two leftover debug infof() outputs o quiche: verify the server cert on connect [33] o quiche: when *recv_body() returns data, drain it before polling again [109] o README.md: fix links [118] o remote-header-name.d: clarify [10] o runtests.pl: disable debuginfod [51] o runtests.pl: properly print the test if it contains binary zeros o runtests.pl: support the nonewline attribute for the data part [21] o runtests.pl: tolerate test directories without Makefile.inc [98] o runtests: allow client/file to specify multiple directories o runtests: make 'rustls' a testable feature o runtests: make 'wolfssl' a testable feature [6] o runtests: set 'oldlibssh' for libssh versions before 0.9.5 [122] o rustls: add CURLOPT_CAINFO_BLOB support [26] o schannel: move the algIds array out of schannel.h [135] o scripts/cijobs.pl: output data about all currect CI jobs [78] o scripts/completion.pl: improve zsh completion [46] o scripts/copyright.pl: support many provided file names on the cmdline o scripts/delta: check the file delta for current branch o sectransp: mark a 3DES cipher as weak [130] o setopt: do bounds-check before strdup [99] o setopt: fix the TLSAUTH #ifdefs for proxy-disabled builds [53] o sha256: Fix minimum OpenSSL version [102] o smb: pass socket for writing and reading data instead of FIRSTSOCKET [90] o ssl: reduce allocated space for ssl backend when FTP is disabled [127] o test3021: disable all msys2 path transformation o test374: gif data without new line at the end [20] o tests/disable-scan.pl: properly detect multiple symbols per line [94] o tests/unit/Makefile.am: add NSS_LIBS to build with NSS fine [85] o tool_findfile: check ~/.config/curlrc too [17] o tool_getparam: DNS options that need c-ares now fail without it [31] o TPF: drop support [97] o unit1610: init SSL library before calling SHA256 functions [152] o url: exclude zonefrom_url when no ipv6 is available [103] o url: given a user in the URL, find pwd for that user in netrc [11] o url: keep trailing dot in host name [62] o url: make Curl_disconnect return void [48] o urlapi: handle "redirects" smarter [119] o urldata: CONN_IS_PROXIED replaces bits.proxy when proxy can be disabled [52] o urldata: remove conn->bits.user_passwd [105] o version_win32: fix warning for `CURL_WINDOWS_APP` [93] o vtls: fix socket check conditions [150] o vtls: pass on the right SNI name [61] o vxworks: drop support [65] o winbuild: add parameter WITH_SSH [120] o wolfssl: return CURLE_AGAIN for the SSL_ERROR_NONE case [106] o wolfssl: when SSL_read() returns zero, check the error [107] o write-out.d: Fix num_headers formatting o x509asn1: toggle off functions not needed for diff tls backends [91] Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Switch checksums from MD5 to BLAKE2 Historically, the MD5 checksums in our LFS files serve as a protection against broken downloads, or accidentally corrupted source files. While the sources are nowadays downloaded via HTTPS, it make sense to beef up integrity protection for them, since transparently intercepting TLS is believed to be feasible for more powerful actors, and the state of the public PKI ecosystem is clearly not helping. Therefore, this patch switches from MD5 to BLAKE2, updating all LFS files as well as make.sh to deal with this checksum algorithm. BLAKE2 is notably faster (and more secure) than SHA2, so the performance penalty introduced by this patch is negligible, if noticeable at all. In preparation of this patch, the toolchain files currently used have been supplied with BLAKE2 checksums as well on https://source.ipfire.org/. Cc: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Acked-by: Michael Tremer <michael.tremeripfire.org>
curl: Update to version 7.81.0 - Update from 7.80.0 to 7.81.0 - Update of rootfile - Changelog 7.81.0 This release includes the following changes: o mime: use percent-escaping for multipart form field and file names [1] This release includes the following bugfixes: o asyn-ares: ares_getaddrinfo needs no happy eyeballs timer [73] o azure: make the "w/o HTTP/SMTP/IMAP" build disable SSL proper [12] o BINDINGS: add cURL client for PostgreSQL [68] o BINDINGS: add one from Everything curl and update a link o checksrc: detect more kinds of NULL comparisons we avoid [105] o CI: build examples for additional code verification [75] o CI: bump job to use mbedtls 3.1.0 [90] o cmake: don't set _USRDLL on a static Windows build [22] o cmake: prevent dev warning due to mismatched arg [94] o cmake: private identifiers use CURL_ instead of CMAKE_ prefix [40] o config.d: update documentation to match the path search o configure: add -lm to configure for rustls build. [13] o configure: better diagnostics if hyper is built wrong [6] o configure: don't enable TLS when --without-* flags are used [17] o configure: fix runtime-lib detection on macOS [21] o curl.1: require "see also" for every documented option [27] o curl: improve error message for --head with -J [42] o curl_easy_cleanup.3: remove from multi handle first [3] o curl_easy_escape.3: call curl_easy_cleanup in example [58] o curl_easy_unescape.3: call curl_easy_cleanup in example [57] o curl_multi_init.3: fix EXAMPLE formatting o curl_multi_perform/socket_action.3: clarify what errors mean [70] o curl_share_setopt.3: split out options into their own manpages [14] o CURLOPT_STDERR.3: does not work with libcurl as a win32 DLL [51] o digest: compute user:realm:pass digest w/o userhash [45] o docs/checksrc: Add documentation for STRERROR [18] o docs/cmdline-opts: do not say "protocols: all" [26] o docs/examples: workaround broken -Wno-pedantic-ms-format o docs/HTTP3: describe how to setup a h3 reverse-proxy for testing [88] o docs/INSTALL.md: typo fix : added missing "get" verb [31] o docs/URL-SYNTAX.md: space is not fine in a given URL o docs: add known bugs list to HTTP3.md [83] o docs: address proselint nits [16] o docs: consistent manpage SYNOPSIS [47] o docs: fix dead links, remove ECH.md o docs: fix typo in OpenSSL 3 build instructions [80] o docs: Update the Reducing Size section o example/progressfunc: remove code for old libcurls [78] o examples/multi-single.c: remove WAITMS() [98] o FAQ: typo fix : "yout" ➤ "your" [30] o ftp: disable warning 4706 in MSVC [85] o gen.pl: improve example output format [29] o github workflow: add wolfssl (removed from zuul) [103] o github/workflows: add mbedtls and mbedtls-clang (removed from zuul) [92] o gtls: check return code for gnutls_alpn_set_protocols [86] o hash: lazy-alloc the table in Curl_hash_add() [54] o http2:set_transfer_url() return early on OOM [53] o HTTP3: update quiche build instructions [37] o http: enable haproxy support for hyper backend [20] o http: Fix CURLOPT_HTTP200ALIASES [89] o http_proxy: don't close the socket (too early) [100] o insecure.d: detail its use for SFTP and SCP as well [32] o insecure.d: expand and clarify [28] o libcurl-multi.3: "SOCKS proxy handshakes" are not blocking o libcurl-security.3: mention address and URL mitigations o libssh2: fix error message for sha256 mismatch o libtest: avoid "assignment within conditional expression" [84] o lift: ignore is a deprecated config option, use ignoreRules [35] o linkcheck.yml: add CI job that checks markdown links [82] o m4/curl-compilers: tell clang -Wno-pointer-bool-conversion [99] o Makefile.m32: rename -winssl option to -schannel and tidy up [33] o mbedTLS: add support for CURLOPT_CAINFO_BLOB [44] o mbedtls: fix CURLOPT_SSLCERT_BLOB [72] o mbedtls: fix private member designations for v3.1.0 [93] o misc: remove unused doh flags when CURL_DISABLE_DOH is defined [71] o misc: s/e-mail/email [74] o multi: cleanup the socket hash when destroying it [55] o multi: handle errors returned from socket/timer callbacks [52] o multi: shut down CONNECT in Curl_detach_connnection [2] o netrc.d: edit the .netrc example to look nicer [24] o ngtcp2: verify the server cert on connect (quictls) [102] o ngtcp2: verify the server certificate for the gnutls case [101] o nss:set_cipher don't clobber the cipher list [38] o openldap: implement STARTTLS [56] o openldap: process search query response messages one by one [50] o openldap: several minor improvements [69] o openldap: simplify ldif generation code [77] o openssl: check the return value of BIO_new() [43] o openssl: define HAVE_OPENSSL_VERSION for OpenSSL 1.1.0+ o openssl: remove `RSA_METHOD_FLAG_NO_CHECK` handling if unavailable o openssl: remove usage of deprecated `SSL_get_peer_certificate` o openssl: use non-deprecated API to read key parameters o page-footer: add a mention of how to report bugs to the man page o page-footer: document more environment variables [23] o request.d: refer to 'method' rather than 'command' [59] o retry-all-errors.d: make the example complete o runtests: make the SSH library a testable feature o rustls: read of zero bytes might be okay [9] o rustls: remove comment about checking handshaking [15] o rustls: remove incorrect EOF check [10] o sha256/md5: return errors when init fails [79] o socks5: use appropriate ATYP for numerical IP address host names [91] o test1156: enable for hyper [65] o test1156: fixup the stdout check for Windows [60] o test1525: tweaked for hyper [64] o test1526: enable for hyper [63] o test1527: enable for hyper [62] o test1528: enable for hyper [61] o test1554: adjust for hyper [49] o test1556: adjust for hyper [48] o test302[12]: run only with the libssh2 backend [8] o test661: enable for hyper [66] o tests/CI.md: add more information on CI environments [39] o tests/data/test302[12]: fix MSYS2 path conversion of hostpubsha256 [76] o tftp: mark protocol as not possible to do over CONNECT [25] o tool_findfile: updated search for a file in the homedir [46] o tool_operate: only set SSH related libcurl options for SSH URLs [11] o tool_operate: warn if too many output arguments were found [87] o url.c: fix the SIGPIPE comment for Curl_close [4] o url: check ssl_config when re-use proxy connection [81] o url: reduce ssl backend count for CURL_DISABLE_PROXY builds [96] o urlapi: accept port number zero [34] o urlapi: if possible, shorten given numerical IPv6 addresses [95] o urlapi: provide more detailed return codes [36] o urlapi: reject short file URLs [41] o version_win32: Check build number and platform id o vtls/rustls: adapt to the updated rustls_version proto [19] o writeout: fix %{http_version} for HTTP/3 [7] o x509asn1: return early on errors [67] o zuul.d: update rustls-ffi to version 0.8.2 [5] o zuul: fix quiche build pointing to wrong Cargo [104] This release includes the following known bugs: o see docs/KNOWN_BUGS (https://curl.se/docs/knownbugs.html) Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
curl: Update to version 7.80.0 - Update from 7.79.1 to 7.80.0 - Update of rootfile - Changelog is too long to include here. This update fixes 172 bugs the details of which can be found in the CHANGES file in the source tarball. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
curl: Update to version 7.79.1 - Update from 7.78.0 to 7.79.1 - Update of rootfile not required - Changelog Fixed in 7.79.1 - September 22 2021 Bugfixes: Curl_http2_setup: don't change connection data on repeat invokes curl_multi_fdset: make FD_SET() not operate on sockets out of range dist: provide lib/.checksrc in the tarball FAQ: add GOPHERS + curl works on data, not files hsts: CURLSTS_FAIL from hsts read callback should fail transfer hsts: handle unlimited expiry http: fix the broken >3 digit response code detection strerror: use sys_errlist instead of strerror on Windows test1184: disable tests/sshserver.pl: make it work with openssh-8.7p1 Fixed in 7.79.0 - September 15 2021 Changes: bearssl: support CURLOPT_CAINFO_BLOB http: consider cookies over localhost to be secure secure transport: support CURLINFO_CERTINFO Bugfixes: CVE-2021-22945: clear the leftovers pointer when sending succeeds CVE-2021-22946: do not ignore --ssl-reqd CVE-2021-22947: reject STARTTLS server response pipelining ares: use ares_getaddrinfo() asyn-ares.c: move all version number checks to the top auth: do not append zero-terminator to authorisation id in kerberos auth: properly handle byte order in kerberos security message auth: use sasl authzid option in kerberos auth: we do not support a security layer after kerberos authentication BINDINGS.md: update links to use https where available build: fix compiler warnings c-hyper: deal with Expect: 100-continue combined with POSTFIELDS c-hyper: fix header value passed to debug callback c-hyper: handle HTTP/1.1 => HTTP/1.0 downgrade on reused connection c-hyper: initial step for 100-continue support c-hyper: initial support for "dumping" 1xx HTTP responses c-hyper: remove the hyper_executor_poll() loop from Curl_http CI/cirrus: reduce compile time with increased parallism CI: use GitHub Container Registry instead of Docker Hub cirrus: Add FreeBSD 13.0 job and disable sanitizer build cmake: avoid poll() on macOS cmake: sync CURL_DISABLE options codeql: fix error "Resource not accessible by integration" compressed.d: it's a request, not an order config.d: escape the backslash properly config.d: note that curlrc is used even when --config config: get rid of the unused HAVE_SIG_ATOMIC_T et. al. configure.ac: revert bad nghttp2 library detection improvements configure: error out if both ngtcp2 and quiche are specified configure: make --disable-hsts work configure: set classic mingw minimum OS version to XP configure: tweak nghttp2 library name fix connect: get local port + ip also when reusing connections connect: remove superfluous conditional curl-openssl.m4: check lib64 for the pkg-config file curl-openssl.m4: show correct output for OpenSSL v3 curl.1: mention "global" flags curl.1: provide examples for each option curl: add warning for ignored data after quoted form parameter curl: add warning for incompatible parameters usage curl: better error message when -O fails to get a good name curl: stop retry if Retry-After: is longer than allowed curl_easy_setopt.3: improve the string copy wording Curl_hsts_loadcb: don't attempt to load if hsts wasn't inited curl_setup.h: sync values for HTTP_ONLY curl_url_get.3: clarify about path and query CURLMOPT_TIMERFUNCTION.3: remove misplaced "time" CURLOPT_DOH_URL.3: CURLOPT_OPENSOCKETFUNCTION is not inherited CURLOPT_SSL_CTX_*.3: tidy up the example CURLOPT_UNIX_SOCKET_PATH.3: remove nginx reference, add see also docs/MQTT: update state of username/password support docs: remove experimental mentions from HSTS and MQTT docs: the security list is reached at security at curl.se now easy: use a custom implementation of wcsdup on Windows examples/*hiperfifo.c: fix calloc arguments to match function proto examples/cookie_interface: avoid printfing time_t directly examples/cookie_interface: fix scan-build printf warning examples/ephiperfifo.c: simplify signal handler FAQ: add two dev related questions getparameter: fix the --local-port number parser happy-eyeballs-timeout-ms.d: polish the wording hostip: Make Curl_ipv6works function independent of getaddrinfo http2: Curl_http2_setup needs to init stream data in all invokes http2: revert a change that broke upgrade to h2c http2: revert call the handle-closed function correctly on closed stream http: disallow >3-digit response codes http: ignore content-length if any transfer-encoding is used http_proxy: clear 'sending' when the outgoing request is sent http_proxy: fix the User-Agent inclusion in CONNECT http_proxy: fix user-agent and custom headers for CONNECT with hyper http_proxy: only wait for writable socket while sending request INTERNALS: bump c-ares requirement to 1.16.0 INTERNALS: c-ares has a new home: c-ares.org lib: don't use strerror() libcurl-errors.3: clarify two CURLUcode errors limit-rate.d: clarify base unit mailing lists: move from cool.haxx.se to lists.haxx.se mbedtls: avoid using a large buffer on the stack mbedTLS: initial 3.0.0 support mbedtls_threadlock: fix unused variable warning mksymbolsmanpage.pl: Fix showing symbol's last used version mksymbolsmanpage.pl: match symbols case insenitively multi: fix compiler warning with `CURL_DISABLE_WAKEUP` ngtcp2: compile with the latest ngtcp2 and nghttp3 ngtcp2: fix build with ngtcp2 and nghttp3 ngtcp2: remove the acked_crypto_offset struct field init ngtcp2: replace deprecated functions with nghttp3_conn_shutdown_stream_read ngtcp2: reset the oustanding send buffer again when drained ngtcp2: rework the return value handling of ngtcp2_conn_writev_stream ngtcp2: stop buffering crypto data ngtcp2: utilize crypto API functions to simplify openssl: annotate SSL3_MT_SUPPLEMENTAL_DATA openssl: when creating a new context, there cannot be an old one opt-docs: make sure all man pages have examples opt-docs: verify man page sections + order opts docs: unify phrasing in NAME header output.d: add method to suppress response bodies page-header: add GOPHERS, simplify wording in the 1st para progress: fix a compile warning on some systems progress: make trspeed avoid floats runtests: add option -u to error on server unexpectedly alive schannel: Work around typo in classic mingw macro scripts: invoke interpreters through /usr/bin/env setopt: enable CURLOPT_IGNORE_CONTENT_LENGTH for hyper strerror.h: remove the #include from files not using it symbols-in-versions: fix CURLSSLBACKEND_QSOSSL last used version test1138: remove trailing space to make work with hyper test1173: check references to libcurl options test1280: CRLFify the response to please hyper test1565: fix windows build errors test365: verify response with chunked AND Content-Length headers tests/*server.pl: flush output before executing subprocess tests/*server.py: remove pidfile on server termination tests/runtests.pl: cleanup copy&paste mistakes and unused code tests/server/*.c: align handling of portfile argument and file tests: adjust the tftpd output to work with hyper mode tests: be explicit about using 'python3' instead of 'python' tests: enable test 1129 for hyper builds tests: make three tests pass until 2037 tool/tests: fix potential year 2038 issues tool_operate: Fix --fail-early with parallel transfers url: fix compiler warning in no-verbose builds urlapi.c:seturl: assert URL instead of using if-check vtls: fix typo in schannel_verify.c winbuild/README.md: clarify GEN_PDB option wolfssl: clean up wolfcrypt error queue write-out.d: clarify size_download/upload x509asn1: fix heap over-read when parsing x509 certificates Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
curl: Update to version 7.78.0 - Update from 7.77.0 to 7.78.0 - Update of rootfile not required - Changelog Changes: curl_url_set: reject spaces in URLs w/o CURLU_ALLOW_SPACE CURLE_SETOPT_OPTION_SYNTAX: new error name for wrong setopt syntax hostip: make 'localhost' return fixed values mbedtls: add support for cert and key blob options metalink: remove all support for it mqtt: add support for username and password Bugfixes: --socks4[a]: clarify where the host name is resolved ares: always store IPv6 addresses first asyn-ares: remove check for 'data' in Curl_resolver_cancel bearssl: explicitly initialize all fields of Curl_ssl bearssl: remove incorrect const on variable that is modified build: fix compiler warnings when CURL_DISABLE_VERBOSE_STRINGS c-hyper: abort CONNECT response reading early on non 2xx responses c-hyper: add support for transfer-encoding in the request c-hyper: bail on too long response headers c-hyper: clear NTLM auth buffer when request is issued c-hyper: convert HYPERE_INVALID_PEER_MESSAGE to CURLE_UNSUPPORTED_PROTOCOL c-hyper: fix NTLM on closed connection tested with test159 c-hyper: fix the uploaded field in progress callbacks c-hyper: handle NULL from hyper_buf_copy() c-hyper: support CURLINFO_STARTTRANSFER_TIME c-hyper: support CURLOPT_HEADER ccsidcurl: fix the compile errors CI/cirrus: install impacket from PyPI instead of FreeBSD packages CI: add bearssl build CI: add Circle CI CI: add jobs using Zuul CI: delete --enable-hsts option (it is the default now) CI: remove travis details cleanup: spell DoH with a lowercase o cmake: add CURL_DISABLE_NTLM option cmake: avoid leaking absolute paths into exported config cmake: fix IoctlSocket FIONBIO check cmake: fix support for UnixSockets feature on Win32 cmake: remove libssh2 feature checks cmake: try well-known send/recv signature for Apple configure.ac: make non-executable configure/cmake: remove checks for many unused functions configure: add --disable-ntlm option configure: disable RTSP when hyper is selected configure: do not strip out debug flags configure: fix nghttp2 library name for static builds configure: inhibit the implicit-fallthrough warning on gcc-12 configure: rename get-easy-option configure option to get-easy-options conn_shutdown: if closed during CONNECT cleanup properly conncache: lowercase the hash key for better match cookies: track expiration in jar to optimize removals copyright: add boiler-plate headers to CI config files crustls: bump crustls version and use new URL curl.h: <sys/select.h> is supported by VxWorks7 curl.h: include sys/select.h for NuttX RTOS curl: ignore blank --output-dir curl_endian: remove the unused Curl_write64_le function curl_multibyte: Remove local encoding fallbacks Curl_ntlm_core_mk_nt_hash: fix OOM in error path Curl_ssl_getsessionid: fail if no session cache exists CURLOPT_WRITEFUNCTION.3: minor update of the example docs/BINDINGS: fix outdated links docs/examples: use curl_multi_poll() in multi examples docs/INSTALL: remove mentions of configure --with-darwin-ssl docs: document missing arguments to commands docs: fix inconsistencies in EGDSOCKET documentation docs: fix incorrect argument name reference docs: Fix typos docs: make docs for --etag-save match the program behaviour docs: use --max-redirs instead of --max-redir doh: (void)-prefix call to curl_easy_setopt doh: fix wrong DEBUGASSERT for doh private_data easy: during upkeep, attach Curl_easy to connections in the cache examples/multi-single: fix scan-build warning examples: length-limit two sscanf() uses of %s examples: safer and more proper read callback logic filecheck: quietly remove test-place/*~ formdata: avoid "Argument cannot be negative" warning formdata: correct typecast in curl_mime_data call GHA: add a linux-hyper job GHA: add several libcurl tests to the hyper job GHA: run the newly fixed tests with hyper github: timeout jobs on macOS after 90 minutes glob: pass an 'int' as len when using printf's %*s gnutls: set the preferred TLS versions in correct order GOVERNANCE: add 'user', 'committer' and 'contributor' hostip: (macOS) free returned memory of SCDynamicStoreCopyProxies hostip: bad CURLOPT_RESOLVE syntax now returns error hsts: ignore numberical IP address hosts HSTS: not experimental anymore http2: clarify 'Using HTTP2' verbose message http2: init recvbuf struct for pushed streams http2_connisdead: handle trailing GOAWAY better http: fix crash in rate-limited upload http: make the haproxy support work with unix domain sockets http_proxy: deal with non-200 CONNECT response with Hyper hyper: propagate errors back up from read callbacks HYPER: remove mentions of deprecated development branch idn: fix libidn2 with windows unicode builds infof: remove newline from format strings, always append it lib: don't compare fd to FD_SETSIZE when using poll lib: fix compiler warnings with CURL_DISABLE_NETRC lib: fix type of len passed to *printf's %*s lib: more %u for port and int for %*s fixes lib: use %u instead of %ld for port number printf libcurl-security.3: mention file descriptors and forks libssh2: limit time a disconnect can take to 1 second mbedtls: make mbedtls_strerror always work mbedtls: Remove unnecessary include mqtt: detect illegal and too large file size mqtt: extend the error message for no topic msnprintf: return number of printed characters excluding null byte multi: add scan-build-6 work-around in curl_multi_fdset multi: alter transfer timeout ordering multi: do not switch off connect_only flag when closing multi: fix crash in curl_multi_wait / curl_multi_poll netrc: skip 'macdef' definitions ngtcp2: disable TLSv1.3 compatible mode when using GnuTLS openssl: avoid static variable for seed flag openssl: don't remove session id entry in disassociate pinnedpubkey.d: fix formatting for version support lists proto.d: fix formatting for paragraphs after margin changes quiche: use send() instead of sendto() to avoid macOS issue Revert "c-hyper: handle body on HYPER_TASK_EMPTY" Revert "ftp: Expression 'ftpc->wait_data_conn' is always false" runtests: also find the last test in Makefile.inc runtests: enable 'hyper mode' only for HTTP tests runtests: init $VERSION to avoid warnings when using -l runtests: parse data/Makefile.inc instead of using make runtests: skip disabled tests unless -f is used rustls: remove native_roots fallback schannel: set ALPN length correctly for HTTP/2 SChannel: Use '_tcsncmp()' instead sectransp: check for client certs by name first, then file setopt: fix incorrect comments socketpair: fix potential hangs socks4: scan for the IPv4 address in resolve results ssl: read pending close notify alert before closing the connection sws: malloc request struct instead of using stack telnet: fix option parser to not send uninitialized contents test1116: hyper doesn't pass through "surprise-trailers" test1147: hyper doesn't allow "crazy" request headers like built-in test1151: added missing CRLF to work with hyper test1216: adjusted for hyper mode test1218: adjusted for hyper mode test1230: adjust to work in hyper mode test1340/1341: adjusted for hyper mode test1438/1457: add HTTP keyword to make hyper mode work test1514: add a CRLF to the response to make it correct test1518: adjusted to work with hyper test1519: adjusted to work with hyper test1594/1595/1596: fix to work in hyper mode test269: disable for hyper test3010: work with hyper mode test328: avoid a header-looking body to make hyper mode work test339: CRLFify better to work in hyper mode test347: CRLFify to work in hyper mode test393: make Content-Length fit within 64 bit for hyper test394: hyper returns a different error test395: hyper cannot work around > 64 bit content-lengths like built-in test433: adjust for hyper mode test434: add HTTP keyword test500: adjust to work with hyper mode test566: adjust to work with hyper mode test599: adjusted to work in hyper mode test644: remove as duplicate of test 587 tests: fix Accept-Encoding strips to work with Hyper builds TLS: prevent shutdown loops to get stuck tool: make _lseeki64() macro work with the PellesC compiler tool_help: document that --tlspassword takes a password tool_help: remove unused define url.c: remove two variable assigns that are never read url: (void)-prefix a curl_url_get() call url: bad CURLOPT_CONNECT_TO syntax now returns error version: turn version number functions into returning void vtls: exit addsessionid if no cache is inited vtls: fix connection reuse checks for issuer cert and case sensitivity vtls: only store TIMER_APPCONNECT for non-proxy connect vtls: use free() not curl_free() warnless: simplify type size handling Win32: fix build with Watt-32 winbuild/README: VC should be set to 6 'or larger' winbuild: support alternate nghttp2 static lib name wolfssl: failing to set a session id is not reason to error out write-out.d: clarify urlnum is not unique for de-globbed URLs zuul: use the new rustls directory name Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
curl: Update to 7.77.0 - Update from 7.76.1 to 7.77.0 - Update rootfile - Changelog is too large to include here. It can be accesed at https://curl.se/changes.html There are 5 changes and 133 bug fixes of which 3 are related to CVE's Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
curl: Update to 7.76.1 - Update from 7.75.0 to 7.76.1 - Update of rootfile - Changelog is too large to include here. Full details can be found in the CHANGES file in the source tarball Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>