#acl PaulHowarth:read,write,admin,revert,delete All:read === Wednesday 5th September 2018 === ==== Local Packages ==== * Updated `curl` to 7.61.1: * Fix NTLM password overflow via integer overflow ([[CVE:2018-14618|CVE-2018-14618]]) * `CURLINFO_SIZE_UPLOAD`: Fix missing counter update * `CURLOPT_ACCEPT_ENCODING.3`: List them comma-separated * `CURLOPT_SSL_CTX_FUNCTION.3`: Might cause accidental connection reuse * `Curl_getoff_all_pipelines`: Improved for multiplexed * `DEPRECATE`: Remove release date from 7.62.0 * HTTP: Don't attempt to needlessly decompress redirect body * `INTERNALS`: Require GnuTLS ≥ 2.11.3 * `README.md`: Add LGTM.com code quality grade for C/C++ * `SSLCERTS`: Improve the `openssl` command line * Silence GCC 8 `cast-function-type` warnings * ares: Check for `NULL` in completed-callback * asyn-thread: Remove unused macro * auth: Only pick `CURLAUTH_BEARER` if we ''have'' a Bearer token * auth: Pick Bearer authentication whenever a token is available * cmake: CMake config files are defining `CURL_STATICLIB` for static builds * cmake: Respect `BUILD_SHARED_LIBS` * cmake: Update scripts to use consistent style * cmake: Bumped minimum version to 3.4 * cmake: Link `curl` to the OpenSSL targets instead of library absolute paths * `configure`: Conditionally enable `pedantic-errors` * `configure`: Fix for `-lpthread` detection with OpenSSL and `pkg-config` * `conn`: Remove the boolean '`inuse`' field * `content_encoding`: Accept up to 4 unknown trailer bytes after raw deflate data * cookie tests: Treat files as text * cookies: Support creation-time attribute for cookies * curl: Fix segfault when `-H @headerfile` is empty * curl: Add http code 408 to transient list for `--retry` * curl: Fix time-of-check, time-of-use race in directory creation * curl: Use `Content-Disposition` before the "URL end" for `-OJ` * curl: Warn the user if a given file name looks like an option * `curl_threads`: Silence `bad-function-cast` warning * darwinssl: Add support for ALPN negotiation * `docs/CURLOPT_URL`: Fix indentation * `docs/CURLOPT_WRITEFUNCTION`: Size is always 1 * `docs/SECURITY-PROCESS`: Mention bounty, drop pre-notify * `docs/examples`: Add hiperfifo example using linux `epoll`/`timerfd` * docs: Add `disallow-username-in-url.d` and `haproxy-protocol.d` to dist * docs: Clarify `NO_PROXY` environment variable functionality * docs: Improved the manual pages of some callbacks * docs: Mention `NULL` is fine input to several functions * formdata: Remove unused macro `HTTPPOST_CONTENTTYPE_DEFAULT` * gopher: Do not translate '`?`' to '`%09`' * header output: Switch off all styles, not just unbold * hostip: Fix unused variable warning * http2: Use correct format identifier for `stream_id` * http2: Abort the `send_callback` if not set up yet * http2: Avoid `set_stream_user_data()` before stream is assigned * http2: Check `nghttp2_session_set_stream_user_data` return code * http2: Clear the drain counter in `Curl_http2_done` * http2: Make sure to send after `RST_STREAM` * http2: Separate easy handle from connections better * http: Fix for tiny "`HTTP/0.9`" response * `http_proxy`: Remove unused macro `SELECT_TIMEOUT` * `lib/Makefile`: Only do symbol hiding if told to * `lib1502`: Fix memory leak in torture test * `lib1522`: Fix `curl_easy_setopt` argument type * `libcurl-thread.3`: Expand somewhat on the `NO_SIGNAL` motivation * mime: Check `Curl_rand_hex`'s return code * multi: Always do the `COMPLETED` procedure/state * openssl: Assume engine support in 1.0.0 or later * openssl: Fix debug messages * projects: Improve Windows perl detection in batch scripts * retry: Return error if rewind was necessary but didn't happen * `reuse_conn()`: Memory leak - free `old_conn->options` * schannel: Client certificate store opening fix * schannel: Enable `CALG_TLS1PRF` for w32api ≥ 5.1 * schannel: Fix MinGW compile break * sftp: Don't send post-quote sequence when retrying a connection * smb: Fix memory leak on early failure * smb: Fix memory-leak in URL parse error path * smb_getsock: Always wait for write socket too * ssh-libssh: Fix infinite connect loop on invalid private key * ssh-libssh: Reduce excessive verbose output about pubkey auth * ssh-libssh: Use `FALLTHROUGH` to silence gcc8 * ssl: Set engine implicitly when a PKCS#11 URI is provided * sws: Handle `EINTR` when calling `select()` * `system_win32`: Fix version checking * telnet: Remove unused macros `TELOPTS` and `TELCMDS` * `test1143`: Disable MSYS2's POSIX path conversion * `test1148`: Disable if decimal separator is not point * `test1307`: (`fnmatch` testing) disabled * `test1422`: Add required file feature * `test1531`: Add timeout * `test1540`: Remove unused macro `TEST_HANG_TIMEOUT` * `test214`: Disable MSYS2's POSIX path conversion for URL * `test320`: Treat `curl320.out` file as binary * `tests/http_pipe.py`: Use `/usr/bin/env` to find python * tests: Don't use Windows path `%PWD` for SSH tests * tests: Fixes for Windows line endings * `tool_operate`: Fix setting proxy TLS 1.3 ciphers * travis: Build darwinssl on macos 10.12 to fix linker errors * travis: Execute "`set -eo pipefail`" for coverage build * travis: Run a '`make checksrc`' too * travis: Update to GCC-8 * travis: Verify that man pages can be regenerated * `upload`: Allocate upload buffer on-demand * `upload`: Change default `UPLOAD_BUFSIZE` to 64KB * `urldata`: Remove unused `pipe_broke` struct field * vtls: Re-instantiate engine on duplicated handles * windows: Implement send buffer tuning * wolfSSL/CyaSSL: Fix memory leak in `Curl_cyassl_random` ----