#acl PaulHowarth:read,write,admin,revert,delete All:read === Wednesday 22nd May 2019 === ==== Fedora Project ==== * Updated `perl-Test-Spelling` to 0.23 in Rawhide: * Fixed some documentation errors * Added unicode support ([[https://github.com/genio/test-spelling/pull/10|GH#10]]) * Bump Perl prereq to 5.8 now that we support unicode * Don't inherit from `Exporter` ([[https://github.com/genio/test-spelling/pull/9|GH#9]]) * Bump `Exporter` prereq to 5.57 ==== Local Packages ==== * Updated `curl` to 7.65.0: * `CURLOPT_DNS_USE_GLOBAL_CACHE`: removed * `CURLOPT_MAXAGE_CONN`: Set the maximum allowed age for connection reuse * pipelining: Removed * [[CVE:2019-5435|CVE-2019-5435]]: Integer overflows in `curl_url_set` * [[CVE:CVE-2019-5436|CVE-2019-5436]]: tftp: Use the current `blksize` for `recvfrom()` * `--config`: Clarify that initial `:` and `=` might need quoting * !AppVeyor: Enable testing for WinSSL build * `CURLMOPT_TIMERFUNCTION.3`: Warn about the recursive risk * `CURLOPT_ADDRESS_SCOPE`: Fix range check and more * `CURLOPT_CAINFO.3`: With Schannel, you want Windows 8 or later * `CURLOPT_CHUNK_BGN_FUNCTION.3`: Document the `struct` and `time` value * `CURLOPT_READFUNCTION.3`: See also `CURLOPT_UPLOAD_BUFFERSIZE` * `CURL_MAX_INPUT_LENGTH`: Largest acceptable string input size * `Curl_disconnect`: Treat all `CONNECT_ONLY` connections as "dead" * `INTERNALS`: Add code highlighting * OS400/ccsidcurl: Replace use of `Curl_vsetopt` * OpenSSL: Report `-fips` in version if OpenSSL is built with FIPS * `README.md`: Fix `no-consecutive-blank-lines` Codacy warning * VC15 project: Remove !MinimalRebuild * VS projects: Use Unicode for VC10+ * `WRITEFUNCTION`: Add missing `set_in_callback` around `callback` * altsvc: Fix building with cookies disabled * auth: Rename the various authentication clean up functions * base64: Build conditionally if there are users * `build-openssl.bat`: Fixed support for OpenSSL v1.1.0+ * build: Fix "clarify calculation precedence" warnings * `checksrc.bat`: Ignore `snprintf` warnings in `docs/examples` * cirrus: Customize the disabled tests per FreeBSD version * cleanup: Remove `FIXME` and `TODO` comments * cmake: Avoid linking executable for some tests with `cmake` 3.6+ * cmake: Clear `CMAKE_REQUIRED_LIBRARIES` after each use * cmake: Rename `CMAKE_USE_DARWINSSL` to `CMAKE_USE_SECTRANSP` * cmake: Set `SSL_BACKENDS` * `configure`: Avoid unportable '`==`' `test(1)` operator * `configure`: Error out if OpenSSL wasn't detected when asked for * `configure`: Fix default location for `fish` completions * cookie: Guard against possible NULL pointer dereference * curl: Make code work with protocol-disabled `libcurl` * curl: Report error for "`--no-`" on non-boolean options * `curl_easy_getinfo.3`: Fix minor formatting mistake * `curlver.h`: Use parenthesis in `CURL_VERSION_BITS` macro * `docs/BUG-BOUNTY`: Bug bounty time * `docs/INSTALL`: Fix broken link * `docs/RELEASE-PROCEDURE`: Link to live iCalendar * documentation: Fix several typos * doh: Acknowledge `CURL_DISABLE_DOH` * doh: Disable DOH for the cases it doesn't work * examples: Remove unused variables * ftplistparser: Fix LGTM alert "Empty block without comment" * hostip: Acknowledge `CURL_DISABLE_SHUFFLE_DNS` * http: Ignore HTTP/2 prior knowledge setting for HTTP proxies * http: Acknowledge `CURL_DISABLE_HTTP_AUTH` * http: Mark bundle as not for multiuse on < HTTP/2 response * http_digest: Don't expose functions when HTTP and Crypto Auth are disabled * http_negotiate: Do not treat failure of `gss_init_sec_context()` as fatal * http_ntlm: Corrected the name of the include guard * http_ntlm_wb: Handle auth for only a single request * http_ntlm_wb: Return the correct error on receiving an empty auth message * `lib509`: Add missing include for `strdup` * `lib557`: Initialize variables * makedebug: Fix `ERRORLEVEL` detection after running `where.exe` * mbedtls: Enable use of EC keys * mime: Acknowledge `CURL_DISABLE_MIME` * multi: Improved `HTTP_1_1_REQUIRED` handling * netrc: Acknowledge `CURL_DISABLE_NETRC` * nss: Allow fifos and character devices for certificates * nss: Provide more specific error messages on failed init * ntlm: Fix misaligned function comments for `Curl_auth_ntlm_cleanup` * ntlm: Support the NT response in the type-3 when OpenSSL doesn't include MD4 * openssl: Mark connection for close on TLS `close_notify` * openvms: Remove pre-processor for !SecureTransport * openvms: Remove pre-processors for Windows * parse_proxy: Use the URL parser API * parsedate: Disabled on `CURL_DISABLE_PARSEDATE` * pingpong: Disable more when no pingpong protocols are enabled * `polarssl_threadlock`: Remove conditionally unused code * progress: Acknowledge `CURL_DISABLE_PROGRESS_METER` * proxy: Acknowledge `DISABLE_PROXY` more * resolve: Apply Happy Eyeballs philosophy to parallel `c-ares` queries * revert "multi: Support verbose conncache closure handle" * sasl: Don't send `authcid` as `authzid` for the `PLAIN` mechanism as per RFC 4616 * sasl: Only enable if there's a protocol enabled using it * scripts: Fix typos * singleipconnect: Show port in the verbose "Trying ..." message * smtp: Fix compiler warning * socks5: User name and passwords must be shorter than 256 * socks: Fix error message * socksd: New SOCKS 4+5 server for tests * spnego_gssapi: Fix return code on `gss_init_sec_context()` failure * ssh-libssh: Remove unused variable * ssh: Define `USE_SSH` if SSH is enabled (any backend) * ssh: Move variable declaration to where it's used * `test1002`: Correct the name * `test2100`: Fix typos in test description * `tests/server/util`: Fix Windows Unicode build * tests: Run global cleanup at end of tests * tests: Make Impacket (SMB server) Python 3 compatible * `tool_cb_wrt`: Fix `bad-function-cast` warning * `tool_formparse`: Remove redundant assignment * `tool_help`: Warn if `curl` and `libcurl` versions do not match * `tool_help`: include `` for `strcasecmp` * transfer: Fix LGTM alert "Comparison is always true" * travis: Add an osx http-only build * travis: Allow builds on branches named "ci" * travis: Install dependencies only when needed * travis: Update some builds do Xenial * travis: Updated mesalink builds * url: Always clone the `CUROPT_CURLU` handle * url: Convert the zone id from a IPv6 URL to correct scope id * urlapi: Add `CURLUPART_ZONEID` to `set` and `get` * urlapi: Increase supported scheme length to 40 bytes * urlapi: Require a non-zero host name length when parsing URL * urlapi: Stricter `CURLUPART_PORT` parsing * urlapi: Strip off zone id from numerical IPv6 addresses * urlapi: urlencode characters above 0x7f correctly * `vauth/cleartext`: Update the `PLAIN` login to match RFC 4616 * `vauth/oauth2`: Fix `OAUTHBEARER` token generation * `vauth`: Fix incorrect function description for `Curl_auth_user_contains_domain` * vtls: Fix potential `ssl_buffer` stack overflow * wildcard: Disable from build when FTP isn't present * winbuild: Support MultiSSL builds * xattr: Skip unittest on unsupported platforms * Updated `perl-Test-Spelling` to 0.23 as per the Fedora version ----