Paul Howarth's Blog
| << < 2025 / 11 > >> | ||||||
|---|---|---|---|---|---|---|
| Mon | Tue | Wed | Thu | Fri | Sat | Sun |
| 1 | 2 | |||||
| 3 | 4 | 5 | 6 | 7 | 8 | 9 |
| 10 | 11 | 12 | 13 | 14 | 15 | 16 |
| 17 | 18 | 19 | 20 | 21 | 22 | 23 |
| 24 | 25 | 26 | 27 | 28 | 29 | 30 |
Recent Entries
Friday 14th November 2025
Weird subversion issue
When trying to commit an update, I got an unusual error message:
$ svn commit -m "curl: remove bundled wcurl utility that was added in 8.14.0~rc1; use wcurl package instead" Sending curl.spec Transmitting file data .done Committing transaction... svn: E000001: Commit failed (details follow): svn: E000001: Can't set permissions on '/srv/subversion/repos/cfo-repo/db/revs/16'
And on the server:
[Fri Nov 14 08:46:29.118678 2025] [dav:error] [pid 2980579:tid 2980723] [client fd00:cf0::21:51042] Can't set permissions on '/srv/subversion/repos/cfo-repo/db/revs/16' [500, #1] [Fri Nov 14 08:46:29.118682 2025] [dav:error] [pid 2980579:tid 2980723] [client fd00:cf0::21:51042] Can't set permissions on '/srv/subversion/repos/cfo-repo/db/revs/16': Operation not permitted [500, #1]
Now normally I would see the Operation not permitted error and think that it must be an SELinux issue but that wasn't the case as there were no denials logged and setenforce 0 made no difference.
Looking at the server, I could see that /srv/subversion/repos/cfo-repo/db/revs/16 was a newly-created directory and in fact the current revision was 15999 so it had created a new directory 16 to hold the next 1000 revision data and had issues setting permissions on that directory. The strange thing was that the owner, group, permissions and SELinux attributes for the new directory were exactly the same as for the other directories under /srv/subversion/repos/cfo-repo/db/revs.
I came across a very similar issue reported nearly a year ago: https://lists.apache.org/thread/llm5mfpvnr4378oz6wfor9cytbr65vc5
The workaround for that issue also worked for me, namely make a commit in the repository as root on the server, then fix the permissions of the modified files so that the web server can change them in future. On the server:
# svn mkdir -m "Work around 'Operation not permitted' error" file:///srv/subversion/repos/cfo-repo/curl/trunk/newdir Committing transaction... Committed revision 16000. # cd /srv # find subversion/repos/cfo-repo/db -user root -ls 2624917 4 drwxr-sr-x 2 root apache 4096 Nov 14 10:33 subversion/repos/cfo-repo/db/revprops/16 2624919 4 -rw-r--r-- 1 root apache 136 Nov 14 10:33 subversion/repos/cfo-repo/db/revprops/16/16000 2139271 4 -rw-r--r-- 1 root apache 6 Nov 14 10:33 subversion/repos/cfo-repo/db/current 2139132 4 -rw-r--r-- 1 root apache 4 Nov 14 10:33 subversion/repos/cfo-repo/db/txn-current 2138912 40 -rw-r--r-- 1 root apache 38443 Nov 14 10:33 subversion/repos/cfo-repo/db/revs/16/16000 # chown apache:apache subversion/repos/cfo-repo/db/revprops/16 subversion/repos/cfo-repo/db/revprops/16/16000 subversion/repos/cfo-repo/db/current subversion/repos/cfo-repo/db/txn-current subversion/repos/cfo-repo/db/revs/16/16000 # restorecon -rvF subversion/repos/cfo-repo/db Relabeled /srv/subversion/repos/cfo-repo/db/revprops/16 from unconfined_u:object_r:httpd_sys_rw_content_t:s0 to system_u:object_r:httpd_sys_rw_content_t:s0 Relabeled /srv/subversion/repos/cfo-repo/db/revprops/16/16000 from unconfined_u:object_r:httpd_sys_rw_content_t:s0 to system_u:object_r:httpd_sys_rw_content_t:s0 Relabeled /srv/subversion/repos/cfo-repo/db/current from unconfined_u:object_r:httpd_sys_rw_content_t:s0 to system_u:object_r:httpd_sys_rw_content_t:s0 Relabeled /srv/subversion/repos/cfo-repo/db/txn-current from unconfined_u:object_r:httpd_sys_rw_content_t:s0 to system_u:object_r:httpd_sys_rw_content_t:s0 Relabeled /srv/subversion/repos/cfo-repo/db/revs/16/16000 from unconfined_u:object_r:httpd_sys_rw_content_t:s0 to system_u:object_r:httpd_sys_rw_content_t:s0
Then back on the client:
$ svn update Updating '.': A newdir Updated to revision 16000. $ svn remove newdir D newdir $ svn status M curl.spec D newdir $ svn commit -m "curl: remove bundled wcurl utility that was added in 8.14.0~rc1; use wcurl package instead" Sending curl.spec Deleting newdir Transmitting file data .done Committing transaction... Committed revision 16001.
Thursday 6th November 2025
Local Packages
Updated curl to 8.17.0:
- build: Drop Heimdal support
- build: Drop the winbuild build system
- krb5: Drop support for Kerberos FTP
libssh2: Up the minimum requirement to 1.9.0
- multi: Add notifications API
- progress: Expand to use 6 characters per size
ssl: Support Apple SecTrust configurations
tool_getparam: Add --knownhosts
vssh: Drop support for wolfSSH (addresses CVE-2025-10966)
wcurl: Import v2025.11.04
write-out: Make %header{} able to output all occurrences of a header
- ares: Fix leak in tracing
asyn-ares: Remove wrong comment about the callback argument
- asyn-ares: Use the duped hostname pointer for all calls
- asyn-thrdd resolver: Clear timeout when done
asyn-thrdd: Drop pthread_cancel
autotools: Add support for libgsasl auto-detection via pkg-config
autotools: Capitalize Rustls in the log output
autotools: Drop detection of ancient OpenSSL libs RSAglue and rsaref
autotools: Fix duplicate UNIX and BSD flags in buildinfo.txt
autotools: Fix silly mistake in clang detection for buildinfo.txt
autotools: Make --enable-code-coverage support llvm/clang
autotools: Merge 'if's in GnuTLS/OpenSSL feature detection
- aws-lc: Re-enable large read-ahead with v1.61.0 again
base64: Accept zero length argument to base64_encode
build: Address some -Weverything warnings, update picky warnings
build: Avoid overriding system open and stat symbols
build: Avoid overriding system symbols for fopen functions
build: Avoid overriding system symbols for socket functions
build: Show llvm/clang in platform flags and buildinfo.txt
- c-ares: When resolving failed, persist error
- cf-h2-proxy: Break loop on edge case
- cf-ip-happy: Mention unix domain path, not port number
cf-socket: Always check Curl_cf_socket_peek() return code
- cf-socket: Check params and remove accept procondition
cf-socket: Make set_local_ip void, and remove failf()
cf-socket: Set FD_CLOEXEC on all sockets opened
cf-socket: Tweak a memcpy() to read better
cf-socket: Use the right byte order for ports in bindlocal
- cfilter: Unlink and discard
cfilters: Check return code from Curl_pollset_set_out_only()
checksrc: Allow disabling warnings on FIXME/TODO comments
checksrc: Catch banned functions when preceded by (
checksrc: Fix possible endless loop when detecting BANNEDFUNC
checksrc: Fix possible endless loops in the banned function logic
checksrc: Fix to handle ) predecing a banned function
checksrc: Reduce directory-specific exceptions
CI.md: Refresh
cmake/FindGSS: Dedupe pkg-config module strings
cmake/FindGSS: Drop wrong header check for GNU GSS
cmake/FindGSS: Fix pkg-config fallback logic for CMake <3.16
cmake/FindGSS: Simplify/de-dupe lib setup
cmake/FindGSS: Whitespace/formatting
cmake: Add and use local FindGnuTLS module
cmake: Add CURL_CODE_COVERAGE option
- cmake: Build the "all" examples source list dynamically
- cmake: Clang detection tidy-ups
- cmake: Drop exclamation in comment looking like a name
cmake: Fix 'HAVE_GNUTLS_SRP' detection after adding local FindGnuTLS module
cmake: Fix building docs when the base directory contains .3
cmake: Fix Linux pre-fill 'HAVE_POSIX_STRERROR_R' (when '_CURL_PREFILL=ON')
cmake: Fix Linux pre-fills for non-glibc (when '_CURL_PREFILL=ON')
- cmake: Minor Heimdal flavour detection fix
- cmake: Pre-fill three more type sizes on Windows
- cmake: Say 'absolute path' in option descriptions and docs
- cmake: Support building some complicated examples, build them in CI
cmake: Use modern alternatives for get_filename_component()
cmake: Use more COMPILER_OPTIONS, LINK_OPTIONS / LINK_FLAGS
- cmdline-docs: Extended, clarified, refreshed
cmdline-opts/_PROGRESS.md: Explain the suffixes
configure: Add "-mt" for pthread support on HP-UX
- conn: Fix hostname move on connection reuse
conncache: Prevent integer overflow in maxconnects calculation
connect: For CONNECT_ONLY, CURLOPT_TIMEOUT does not apply
connect: Remove redundant condition in shutdown start
- cookie: Avoid saving a cookie file if no transfer was done
cookie: Only count accepted cookies in Curl_cookie_add
- cookie: Remove the temporary file on (all) errors
cpool: Make bundle->dest an array; fix UB
curl.h: Remove incorrect comment about CURLOPT_PINNEDPUBLICKEY
curl_easy_getinfo: Error code on NULL arg
curl_easy_setopt.md: Add missing CURLOPT_POSTFIELDS
curl_mem_undef.h: Limit to CURLDEBUG for non-memalloc overrides
curl_ngtcp2: Fix '-Wunreachable-code' with H3 !verbose !unity clang
curl_osslq: Error out properly if BIO_ADDR_rawmake() fails
curl_path: Make sure just whitespace is illegal
Curl_resolv: Fix comment: 'entry' argument is not optional
curl_slist_append.md: Clarify that a NULL pointer is not acceptable
curl_threads: Delete WinCE fallback branch
CURLINFO_FTP_ENTRY_PATH.md: This is for SFTP as well
CURLOPT_COOKIEFILE.md: Clarify when the cookies are loaded
CURLOPT_COPYPOSTFIELDS.md: Used with MQTT and RTSP as well
CURLOPT_HEADER/WRITEFUNCTION.md: Drop '* size' since size is always 1
CURLOPT_MAXLIFETIME_CONN: Make default 24 hours
CURLOPT_POSTFIELDSIZE*: These also work for MQTT and RTSP
CURLOPT_SERVER_RESPONSE_TIMEOUT*: Add default and see-also
CURLOPT_SSL_VERIFYHOST.md: Add see-also to two other VERIFYHOST options
CURLOPT_TIMECONDITION.md: Works for FILE and FTP as well
cw-out: Fix EAGAIN handling on pause
cw-out: Unify the error handling pattern in cw_out_do_write
digest_sspi: Fix two memory leaks in error branches
dist: Do not distribute CI.md
docs/cmdline-opts: Drop double quotes from GLOBBING and URL examples
docs/libcurl: Clarify some timeout option behaviour
docs/libcurl: Remove ancient version references
docs/libcurl: Use lowercase must
- docs: Expand on quoting rules for file names in SFTP quote
- docs: Fix/tidy code fences
- doh: Clean up resources on error paths
doswin: CloseHandle the thread on shutdown
easy_getinfo: Check magic, Curl_close safety
ECH.md: Make OpenSSL branch clone instructions work
examples/chkspeed: Portable printing when outputting curl_off_t values
examples/http2-serverpush: Fix file handle leaks
examples/sessioninfo: Cast printf string mask length to int
examples/sessioninfo: Do not disable security
examples/synctime: Fix null termination assumptions
examples/synctime: Make the sscanf not overflow the local buffer
examples/usercertinmem: Avoid stripping const
examples/websocket: Fix use of uninitialized rlen
examples: Call curl_global_cleanup() where missing
- examples: Check more errors, fix cleanups, scope variables
examples: Drop unused curl/mprintf.h includes
- examples: Fix build issues in 'complicated' examples
- examples: Fix more potential resource leaks, and more
- examples: Fix two build issues surfaced with WinCE
- examples: Fix two issues found by CodeQL
examples: Fix two more cases of stat() TOCTOU
- examples: Improve global init, error checks and returning errors
examples: Replace casts with 'curl_off_t' printf masks
examples: Return curl_easy_perform() results
firefox-db2pem.sh: Add macOS support, tidy-ups
form.md: Drop reference to MANUAL
- ftp: Add extra buffer length check
- ftp: Check errors on remote ip for data connection
ftp: Fix ftp_do_more returning with *completep unset
ftp: Fix port number range loop for PORT commands
ftp: Fix the 213 scanner memchr buffer limit argument
ftp: Improve fragile check for first digit > 3
- ftp: Reduce size of some struct fields
ftp: Remove 'newhost' and 'newport' from the ftp_conn struct
- ftp: Remove misleading comments
ftp: Remove the retr_size_saved struct field
ftp: Remove the state_saved struct field
ftp: Replace strstr() in ;type= handling
- ftp: Simplify the 150/126 size scanner
- gnutls: Check conversion of peer cert chain
- gnutls: Fix re-handshake comments
gssapi: Make channel binding conditional on GSS_C_CHANNEL_BOUND_FLAG
- gtls: Avoid potential use of uninitialized variable in trace output
gtls: Check the return value of gnutls_pubkey_init()
header.md: See-also --proxy-header and vice versa
- hmac: Free memory properly on errors
- hostip: Don't store negative resolves due unrelated errors
hostip: Fix infof() output for non-ipv6 builds using IPv6 address
hostip: Remove leftover INT_MAX check in Curl_dnscache_prune
- http2: Check push header names by length first
http2: Clean up pushed newhandle on fail
- http2: Ingress handling edge cases
- HTTP3: Clarify the status for "old" OpenSSL, not current
http: Check the return value of strdup
http: Fix '-Wunreachable-code' in !websockets !unity builds
http: Fix '-Wunused-variable' in !alt-svc !proxy !ws builds
- http: Handle user-defined connection headers
http: Look for trailing 'type=' in ftp:// without strstr
http: Make Content-Length parser more WHATWG
http: Only accept ';' as a separator for custom headers
http: Return error for a second Location: header
http_aws_sigv4: Check the return value of curl_maprintf()
http_proxy: Fix adding custom proxy headers
- httpsrr: Free old pointers when storing new
- httpsrr: Send HTTPS query to the right target
imap: Fix custom FETCH commands to handle literal responses
imap: Parse and use UIDVALIDITY as a number
- imap: Treat capabilities case insensitively
INSTALL-CMAKE.md: Add manual configuration examples
INSTALL-CMAKE.md: Document useful build targets
INSTALL-CMAKE.md: Fix descriptions for LDAP dependency options
INSTALL: Update the list of known operating systems
INTERNALS: Drop Winsock 2.2 from the dependency list
- ip-happy: Do not set unnecessary timeout
- ip-happy: Prevent event-based stall on retry
- kerberos: Bump minimum to 1.3 (2003-07-08), drop legacy logic
kerberos: Drop logic for MIT Kerberos <1.2.3 (pre-2002) versions
kerberos: Stop including gssapi/gssapi_generic.h
krb5: Fix output_token allocators in the GSS debug stub (Windows)
- krb5: Return appropriate error on send failures
krb5_gssapi: Fix memory leak on error path
krb5_sspi: The chlg argument is not optional
- ldap: Avoid null pointer dereference on failure
- ldap: Do not base64 encode zero length string
ldap: Do not pass a \n to failf()
- ldap: Tidy-up types, fix error code confusion
lib1514: Fix return code mixup
- lib: Delete unused crypto header includes
- lib: Drop unused include and duplicate guards
- lib: Fix build error with verbose strings disabled
lib: Remove newlines from failf() calls
- lib: Remove personal names from comments
- lib: SSL connection reuse
lib: Stop NULL-checking conn->passwd and ->user
- lib: Upgrade/multiplex handling
libcurl-multi.md: Added curl_multi_get_offt mention
libcurl-security.md: Mention long-running connections
libssh/libssh2: Reject quote command lines with too much data
libssh/sftp: Fix resume corruption by avoiding O_APPEND with rresume
libssh2/sftp: Fix resume corruption by avoiding O_APPEND with rresume
libssh2/sftp_realpath: Change state consistently
- libssh2: Avoid risking using an uninitialized local struct field
libssh2: Bail out on chgrp and chown number parsing errors
libssh2: Clarify that sshp->path is always at least one byte
- libssh2: Drop two redundant null-terminations
libssh2: Error check and null-terminate in ssh_state_sftp_readdir_link()
libssh2: Fix EAGAIN return in ssh_state_auth_agent
libssh2: Fix return code for EAGAIN
libssh2: Use sockindex consistently
libssh: Acknowledge SSH_AGAIN in the SFTP state machine
- libssh: Catch a resume point larger than the size
libssh: Clarify myssh_block2waitfor
- libssh: Drop two unused assignments
libssh: Error on bad chgrp number
libssh: Error on bad chown number and store the value
- libssh: Fix range parsing error handling mistake
libssh: Make atime and mtime cap the timestamp instead of wrap
libssh: React on errors from ssh_scp_read
libssh: Return out of memory correctly if aprintf fails
libssh: Return the proper error for readdir problems
Makefile.example: Bump default example from FTP to HTTPS
Makefile.example: Fix option order
Makefile.example: Make default options more likely to work
Makefile.example: Simplify and make it configurable
managen: Ignore version mentions < 7.66.0
managen: Render better manpage references/links
managen: Strict protocol check
managen: Verify the options used in example lines
- mbedtls: Add support for 4.0.0
- mbedtls: Check result of setting ALPN
mbedtls: Fix building with <3.6.1
- mbedtls: Fix building with sha-256 missing from PSA
mbedtls: Handle WANT_WRITE from mbedtls_ssl_read()
md4: Drop mbedtls implementation (not available in mbedtls v3+)
mdlinkcheck: Reject URLs containing quotes
memdup0: Handle edge case
- mime: Fix unpausing of readers
mime: Fix use of fseek()
multi.h: Add CURLMINFO_LASTENTRY
multi: Check the return value of strdup()
multi_ev: Remove unnecessary data check that confuses analysers
netrc: When the cached file is discarded, unmark it as loaded
nghttp3: Return NGHTTP3_ERR_CALLBACK_FAILURE from recv_header
ngtcp2: Add a comment explaining write result handling
ngtcp2: Adopt ngtcp2_conn_get_stream_user_data if available
ngtcp2: Check error code on connect failure
ngtcp2: Close just-opened QUIC stream when submit_request fails
ngtcp2: Compare idle timeout in ms to avoid overflow
ngtcp2: Fix early return
ngtcp2: Fix handling of blocked stream data
ngtcp2: Fix returns when TLS verify failed
ngtcp2: Overwrite rate-limits defaults
- noproxy: Fix the IPV6 network mask pattern match
- NTLM: Disable if DES support missing from OpenSSL or mbedTLS
- ntlm: Improved error path on bad incoming NTLM TYPE3 message
- openldap/ldap: Check for binary attribute case insensitively
- openldap: Avoid indexing the result at -1 for blank responses
openldap: Check ber_sockbuf_add_io() return code
openldap: Check ldap_get_option() return codes
openldap: Do not pass newline to infof()
- openldap: Fix memory-leak in error path
- openldap: Fix memory-leak on oldap_do's exit path
- openldap: Limit max incoming size
- openssl-quic: Check results better
openssl-quic: Handle error in SSL_get_stream_read_error_code
- openssl-quic: Ignore unexpected streams opened by server
- openssl: Better return code checks when logging cert data
openssl: Call SSL_get_error() with proper error
openssl: Check CURL_SSLVERSION_MAX_DEFAULT properly
- openssl: Clear retry flag on x509 error
- openssl: Combine all the x509-store flags
openssl: Fail if more than MAX_ALLOWED_CERT_AMOUNT certs
openssl: Fail the transfer if ossl_certchain() fails
- openssl: Fix build for v1.0.2
- openssl: Fix peer certificate leak in channel binding
- openssl: Fix resource leak in provider error path
openssl: Fix unable do typo in failf() calls
openssl: Free UI_METHOD on exit path
openssl: Make the asn1_object_dump name null terminated
- openssl: Only try engine/provider if a cert file/name is provided
openssl: Set io_need always
openssl: Skip session resumption when verifystatus is set
- os400: Document threads handling in code
- OS400: Fix a use-after-free/double-free case
osslq: Set idle timeout to 0
pingpong: Remove two old leftover debug infof() calls
pop3: Check for CAPA responses case insensitively
pop3: Fix CAPA response termination detection
pop3: Function could get the ->transfer field wrong
- pytest: Skip specific tests for no-verbose builds
- quic: Fix min TLS version handling
quic: Ignore EMSGSIZE on receive
quic: Improve UDP GRO receives
quic: Remove data_idle handling
- quiche: Fix possible leaks on teardown
- quiche: Fix verbose message when ip quadruple cannot be obtained
- quiche: Handle tls fail correctly
- quiche: When ingress processing fails, return that error code
rtsp: Use explicit postfieldsize if specified
runtests: Tag tests that require curl verbose strings
- rustls: Exit on error
rustls: Fix clang-tidy warning
rustls: Fix comment describing cr_recv()
rustls: Limit snprintf proper in cr_keylog_log_cb()
rustls: Make read_file_into not reject good files
rustls: Pass the correct result to rustls_failf
- rustls: Typecast variable for safer trace output
rustls: Use %zu for size_t in failf() format string
- sasl: Clear cancelled mechanism instead of toggling it
- schannel: Assign result before using it
- schannel: Fix memory leak
schannel: Handle Curl_conn_cf_send() errors better
- schannel: Lower the maximum allowed time to block to 7 seconds
schannel: Properly close the certfile on error
schannel_verify: Do not call infof with an appended \n
schannel_verify: Fix mem-leak in Curl_verify_host
schannel_verify: Use more human friendly error messages
- scp/sftp: Fix disconnect
scripts: Pass -- before passing xargs
setopt: Accept *_SSL_VERIFYHOST set to 2L
setopt: Allow CURLOPT_DNS_CACHE_TIMEOUT set to -1
- setopt: Fix unused variable warning in minimal build
setopt: Make CURLOPT_MAXREDIRS accept -1 (again)
singleuse.pl: Fix string warning
- smb: Adjust buffer size checks
smb: Transfer debugassert to real check
smtp: Check EHLO responses case insensitively
- smtp: Fix EOB handling
- smtp: Return value ignored
socks: Advance iobuf instead of reset
- socks: Avoid UAF risk in error path
- socks: Deny server basic-auth if not configured
- socks: Handle error in verbose trace gracefully
- socks: Handle premature close
socks: Make Curl_blockread_all return CURLcode
socks: Properly maintain the status of 'done'
- socks: Rewwork, cleaning up socks state handling
socks_gssapi: Also reset buffer length after free
socks_gssapi: Make the gss_context a local variable
socks_gssapi: Reject too long tokens
socks_gssapi: Remove superfluous releases of the gss_recv_token
socks_gssapi: Remove the forced "no protection"
socks_gssapi: Replace 'gss_release_buffer()' with curl free
socks_sspi: Bail out on too long fields
socks_sspi: Fix memory clean-up calls
socks_sspi: Remove the enforced mode clearing
socks_sspi: Restore non-blocking socket on error paths
socks_sspi: Use the correct free function
socksd: Remove --bindonly mention, there is no such option
spelling: Fix new finds by typos-cli 1.39.0
- src/var: Remove dead code
- ssl-session-cache: Check use on config and availability
ssl-sessions.md: Mark option experimental
strerror: Drop workaround for SalfordC win32 header bug
sws: Fix checking sscanf() return value
- sws: Pass in socket reference to allow function to close it
tcp-nodelay.md: Expand the documentation
- telnet: Ignore empty suboptions
telnet: Make bad_option() consider NULL a bad option too
- telnet: Make printsub require another byte input
telnet: Print DISPlay LOCation in printsub without mutating buffer
- telnet: Refuse IAC codes in content
telnet: Return error if WSAEventSelect fails
telnet: Return error on crazy TTYPE or XDISPLOC lengths
- telnet: Send failure logged but not returned
telnet: Use pointer[0] for "unknown" option instead of pointer[i]
test1100: Fix missing '<protocol>' section
tests/libtest/cli*: Fix init/deinit, leaks, and more
tests/server: Drop pointless memory allocation overrides
tests/server: Drop unsafe open() override in signal handler (Windows)
tftp: Check and act on tftp_set_timeouts() returning error
tftp: Check for trailing ";mode=" in URL without strstr
- tftp: Default timeout per block is now 15 seconds
- tftp: Error requests for blank filenames
tftp: Handle tftp_multi_statemach() return code
- tftp: Pin the first used address
tftp: Propagate expired timer from tftp_state_timeout()
- tftp: Return error if it hits an illegal state
tftp: Return error when sendto() fails
thread: errno on thread creation
- tidy-up: Assortment of small fixes
- tidy-up: Avoid using the reserved macro namespace
tidy-up: fcntl.h includes
tidy-up: Update MS links, allow long URLs via checksrc
- tidy-up: URLs
time-cond.md: Refer to the singular curl_getdate man page
- TLS: IP address verification, extend test
TODO: Fix a typo
TODO: Remove already implemented or bad items
- tool: Fix exponential retry delay
tool_cb_hdr: Fix fwrite check in header callback
tool_cb_hdr: Size is always 1
tool_cb_rea: Use poll instead of select if available
tool_cfgable: Remove superfluous free calls
tool_doswin: Fix to use curl socket functions
tool_filetime: Cap crazy file times instead of erroring
tool_filetime: Replace cast with the fitting printf mask (Windows)
tool_formparse: Rewrite the headers file parser
tool_getparam/set_rate: Skip the multiplication on overflow
tool_getparam: Always disable "lib-ids" for tracing
tool_getparam: Make --fail and --fail-with-body override each other
tool_getparam: Warn if provided header looks malformed
tool_ipfs: Check the return value of curl_url_get for gwpath
tool_ipfs: Simplify the ipfs gateway logic
tool_msgs: Make errorf() show if --show-error
tool_operate: Improve wording in retry message
tool_operate: Keep failed partial download for retry auto-resume
tool_operate: Keep the progress meter for --out-null
tool_operate: Move the checks that skip ca cert detection
tool_operate: Retry on HTTP response codes 522 and 524
tool_operate: Return error on strdup() failure
tool_paramhlp: Remove outdated comment in str2tls_max()
tool_parsecfg: Detect and error on recursive --config use
tool_progress: Handle possible integer overflows
tool_progress: Make max5data() use an algorithm
- transfer: Avoid busy loop with tiny speed limit
- transfer: Fix retry for empty downloads on reuse
- transfer: Reset retry count on each request
unit1323: Sync time types and printf masks, drop casts
unit1664: Drop casts, expand masks to full values
url: Make Curl_init_userdefined return void
urldata: FILE is not a list-only protocol
urldata: Make 'retrycount' a single byte
- urldata: Make redirect counter 16 bit
vauth/digest: Improve the digest parser
- version: Add GSS backend name and version
vquic: Fix idle-timeout checks (ms<-->ns), 64-bit log and honour 0=no-timeout
vquic: Fix recvmsg loop for max_pkts
- vquic: Handling of I/O improvements
vquic: Sending non-gso packets fix for EAGAIN
- vtls: ALPN setting, check proto parameter
vtls: Check final cfilter node in find_ssl_filter
vtls: Drop duplicate 'CURL_SHA256_DIGEST_LENGTH' definition
- vtls: Properly handle SSL shutdown timeout
vtls: Remove call to PKCS12_PBE_add()
vtls: Unify the error handling in ssl_cf_connect()
vtls_int.h: Clarify data_pending
vtls_scache: Fix race condition
windows: Replace _beginthreadex() with CreateThread()
- windows: Stop passing unused, optional argument for Win9x compatibility
- windows: Use consistent format when showing error codes
- windows: Use native error code types more
- wolfssl: Check BIO read parameters
- wolfssl: Clear variable to avoid uninitialized use
- wolfssl: Fix error check in shutdown
wolfssl: Fix resource leak in verify_pinned error paths
wolfssl: No double get_error() detail
- ws: Clarify an error message
- ws: Fix some edge cases
- ws: Fix type conversion check
ws: Reject curl_ws_recv called with NULL buffer with a buflen
Tuesday 4th November 2025
Fedora Project
Updated perl-PPI to 1.284 in Rawhide:
Local Packages
Updated perl-PPI to 1.284 as per the Fedora version
Updated unrar to 7.20 beta 1
Sunday 2nd November 2025
Fedora Project
Updated perl-URI (5.34) in F-43 and Rawhide to obsolete the existing perl-URI-ws package, whose functionality is now included in perl-URI itself (Bug #2411728, Bug #2411834)
Saturday 1st November 2025
Fedora Project
Updated perl-Business-ISBN-Data to 20251101.001 in Rawhide:
- Data update for 2025-11-01
Other Entries
Local Packages refers to my local package repository at http://www.city-fan.org/ftp/contrib/