Wednesday 5th September 2018
Local Packages
Updated curl to 7.61.1:
Fix NTLM password overflow via integer overflow (CVE-2018-14618)
CURLINFO_SIZE_UPLOAD: Fix missing counter update
CURLOPT_ACCEPT_ENCODING.3: List them comma-separated
CURLOPT_SSL_CTX_FUNCTION.3: Might cause accidental connection reuse
Curl_getoff_all_pipelines: Improved for multiplexed
DEPRECATE: Remove release date from 7.62.0
- HTTP: Don't attempt to needlessly decompress redirect body
INTERNALS: Require GnuTLS ≥ 2.11.3
README.md: Add LGTM.com code quality grade for C/C++
SSLCERTS: Improve the openssl command line
Silence GCC 8 cast-function-type warnings
ares: Check for NULL in completed-callback
- asyn-thread: Remove unused macro
auth: Only pick CURLAUTH_BEARER if we have a Bearer token
- auth: Pick Bearer authentication whenever a token is available
cmake: CMake config files are defining CURL_STATICLIB for static builds
cmake: Respect BUILD_SHARED_LIBS
- cmake: Update scripts to use consistent style
- cmake: Bumped minimum version to 3.4
cmake: Link curl to the OpenSSL targets instead of library absolute paths
configure: Conditionally enable pedantic-errors
configure: Fix for -lpthread detection with OpenSSL and pkg-config
conn: Remove the boolean 'inuse' field
content_encoding: Accept up to 4 unknown trailer bytes after raw deflate data
- cookie tests: Treat files as text
- cookies: Support creation-time attribute for cookies
curl: Fix segfault when -H @headerfile is empty
curl: Add http code 408 to transient list for --retry
- curl: Fix time-of-check, time-of-use race in directory creation
curl: Use Content-Disposition before the "URL end" for -OJ
- curl: Warn the user if a given file name looks like an option
curl_threads: Silence bad-function-cast warning
- darwinssl: Add support for ALPN negotiation
docs/CURLOPT_URL: Fix indentation
docs/CURLOPT_WRITEFUNCTION: Size is always 1
docs/SECURITY-PROCESS: Mention bounty, drop pre-notify
docs/examples: Add hiperfifo example using linux epoll/timerfd
docs: Add disallow-username-in-url.d and haproxy-protocol.d to dist
docs: Clarify NO_PROXY environment variable functionality
- docs: Improved the manual pages of some callbacks
docs: Mention NULL is fine input to several functions
formdata: Remove unused macro HTTPPOST_CONTENTTYPE_DEFAULT
gopher: Do not translate '?' to '%09'
- header output: Switch off all styles, not just unbold
- hostip: Fix unused variable warning
http2: Use correct format identifier for stream_id
http2: Abort the send_callback if not set up yet
http2: Avoid set_stream_user_data() before stream is assigned
http2: Check nghttp2_session_set_stream_user_data return code
http2: Clear the drain counter in Curl_http2_done
http2: Make sure to send after RST_STREAM
- http2: Separate easy handle from connections better
http: Fix for tiny "HTTP/0.9" response
http_proxy: Remove unused macro SELECT_TIMEOUT
lib/Makefile: Only do symbol hiding if told to
lib1502: Fix memory leak in torture test
lib1522: Fix curl_easy_setopt argument type
libcurl-thread.3: Expand somewhat on the NO_SIGNAL motivation
mime: Check Curl_rand_hex's return code
multi: Always do the COMPLETED procedure/state
- openssl: Assume engine support in 1.0.0 or later
- openssl: Fix debug messages
- projects: Improve Windows perl detection in batch scripts
- retry: Return error if rewind was necessary but didn't happen
reuse_conn(): Memory leak - free old_conn->options
- schannel: Client certificate store opening fix
schannel: Enable CALG_TLS1PRF for w32api ≥ 5.1
- schannel: Fix MinGW compile break
- sftp: Don't send post-quote sequence when retrying a connection
- smb: Fix memory leak on early failure
- smb: Fix memory-leak in URL parse error path
- smb_getsock: Always wait for write socket too
- ssh-libssh: Fix infinite connect loop on invalid private key
- ssh-libssh: Reduce excessive verbose output about pubkey auth
ssh-libssh: Use FALLTHROUGH to silence gcc8
- ssl: Set engine implicitly when a PKCS#11 URI is provided
sws: Handle EINTR when calling select()
system_win32: Fix version checking
telnet: Remove unused macros TELOPTS and TELCMDS
test1143: Disable MSYS2's POSIX path conversion
test1148: Disable if decimal separator is not point
test1307: (fnmatch testing) disabled
test1422: Add required file feature
test1531: Add timeout
test1540: Remove unused macro TEST_HANG_TIMEOUT
test214: Disable MSYS2's POSIX path conversion for URL
test320: Treat curl320.out file as binary
tests/http_pipe.py: Use /usr/bin/env to find python
tests: Don't use Windows path %PWD for SSH tests
- tests: Fixes for Windows line endings
tool_operate: Fix setting proxy TLS 1.3 ciphers
- travis: Build darwinssl on macos 10.12 to fix linker errors
travis: Execute "set -eo pipefail" for coverage build
travis: Run a 'make checksrc' too
- travis: Update to GCC-8
- travis: Verify that man pages can be regenerated
upload: Allocate upload buffer on-demand
upload: Change default UPLOAD_BUFSIZE to 64KB
urldata: Remove unused pipe_broke struct field
- vtls: Re-instantiate engine on duplicated handles
- windows: Implement send buffer tuning
wolfSSL/CyaSSL: Fix memory leak in Curl_cyassl_random