#acl PaulHowarth:read,write,admin,revert,delete All:read === Wednesday 11th September 2019 === ==== Fedora Project ==== * Branched and built `perl-Log-Dispatch` (2.68) for EPEL-8 * Branched and built `perl-Log-Dispatch-FileRotate` (1.36) for EPEL-8 ==== Local Packages ==== * Updated `curl` to 7.66.0: * [[CVE:2019-5481|CVE-2019-5481]]: FTP-KRB double-`free` * [[CVE:2019-5482|CVE-2019-5482]]: TFTP small blocksize heap buffer overflow * `CURLINFO_RETRY_AFTER`: Parse the `Retry-After` header value * HTTP3: Initial (experimental still not working) support * `curl`: `--sasl-authzid` added to support `CURLOPT_SASL_AUTHZID` from the tool * `curl`: Support parallel transfers with `-Z` * `curl_multi_poll`: A sister to `curl_multi_wait()` that waits more * sasl: Implement SASL authorisation identity via `CURLOPT_SASL_AUTHZID` * CI: Remove duplicate configure flag for LGTM.com * CMake: Remove needless newlines at end of gss variables * CMake: Use platform dependent name for `dlopen()` library * `CURLINFO` docs: Mention that in redirects times are added * `CURLOPT_ALTSVC.3`: Use a "" file name to not load from a file * `CURLOPT_ALTSVC_CTRL.3`: Remove `CURLALTSVC_ALTUSED` * `CURLOPT_HEADERFUNCTION.3`: Clarify * `CURLOPT_HTTP_VERSION`: Setting this to 3 forces HTTP/3 use directly * `CURLOPT_READFUNCTION.3`: Provide inline example * `CURLOPT_SSL_VERIFYHOST`: Treat the value 1 as 2 * `Curl_addr2string`: Take an `addrlen` argument too * `Curl_fillreadbuffer`: Avoid double-`free` trailer buf on error * HTTP: Use chunked Transfer-Encoding for HTTP_POST if size unknown * alt-svc: Add protocol version selection masking * alt-svc: Fix removal of expired cache entry * alt-svc: Make it use `h3-22` with `ngtcp2` as well * alt-svc: More liberal ALPN name parsing * alt-svc: Send `Alt-Used:` in redirected requests * alt-svc: With quiche, use the quiche h3 alpn string * appveyor: Pass on `-k` to `make` * asyn-thread: Create a socketpair to `wait` on * build-openssl: Fix build with Visual Studio 2019 * cleanup: Move functions out of `url.c` and make them static * cleanup: Remove the '`numsocks`' argument used in many places * `configure`: Avoid undefined `check_for_ca_bundle` * `curl.h`: Add `CURL_HTTP_VERSION_3` to the version enum * `curl.h`: Fix outdated comment * `curl`: Cap the maximum allowed values for retry time arguments * `curl`: Handle a `libcurl` build without `netrc` support * `curl`: Make use of `CURLINFO_RETRY_AFTER` when retrying * `curl`: Remove outdated comment * `curl`: Use `.curlrc` (with a dot) on Windows * `curl`: Use `CURLINFO_PROTOCOL` to check for HTTP(s) * `curl_global_init_mem.3`: Mention it was added in 7.12.0 * `curl_version`: Bump string buffer size to 250 * `curl_version_info.3`: Mentioned ALTSVC and HTTP3 * `curl_version_info`: Offer quic (and h3) library info * `curl_version_info`: Provide nghttp2 details * defines: Avoid underscore-prefixed defines * `docs/ALTSVC`: Remove what works and the experimental explanation * `docs/EXPERIMENTAL`: Explain what it means and what's experimental now * `docs/MANUAL.md`: Converted to markdown from plain text * `docs/examples/curlx`: Fix errors * docs: `s/curl_debug/curl_dbg_debug` in comments and docs * easy: Resize receive buffer on easy handle reset * examples: Avoid reserved names in hiperfifo examples * examples: Add `http3.c`, `altsvc.c` and `http3-present.c` * `getenv`: Support up to 4K environment variable contents on Windows * http09: Disable HTTP/0.9 by default in both tool and library * http2: When marked for closure and wanted to `close == OK` * `http2_recv`: Trigger another read when the last data is returned * http: Fix use of credentials from URL when using HTTP proxy * `http_negotiate`: Improve handling of `gss_init_sec_context()` failures * md4: Use our own MD4 when no crypto libraries are available * multi: Call `detach_connection` before `Curl_disconnect` * `netrc`: Make the code try "`.netrc`" on Windows * nss: Use TLSv1.3 as default if supported * openssl: Build warning free with boringssl * openssl: Use `SSL_CTX_set__proto_version()` when available * plan9: Add support for running on Plan 9 * progress: Reset download/uploaded counter between transfers * `readwrite_data`: Repair setting the `TIMER_STARTTRANSFER` stamp * scp: Fix directory name length used in `memcpy` * smb: Initialize `*msg` to `NULL` in `smb_send_and_recv()` * smtp: Check for and bail out on too short `EHLO` response * source: Remove names from source comments * `spnego_sspi`: Add typecast to fix build warning * `src/makefile`: Fix uncompressed `hugehelp.c` generation * ssh-libssh: Do not specify `O_APPEND` when not in append mode * ssh: Move code into `vssh` for SSH backends * sspi: Fix memory leaks * tests: Replace outdated test case numbering documentation * tftp: Return error when packet is too small for options * timediff: Make it 64 bit (if possible) even with 32 bit `time_t` * travis: Reduce number of torture tests in 'coverage' * url: Make use of new HTTP version if `alt-svc` has one * urlapi: Verify the IPv6 numerical address * urldata: Avoid 'generic', use dedicated pointers * vauth: Use `CURLE_AUTH_ERROR` for auth function errors * Updated `glib` (1.2.10) to fix building in C99 mode * Updated `gtk+` (1.2.10) to fix building in C99 mode * Updated `libxslt` (1.1.33) to drop Python 2 bindings from Fedora 31 onwards ([[RedHatBugzilla:1738016|Bug #1738016]]) * Updated `perl-File-Find-Rule-Perl` (1.15) to fix wrong date in changelog entry ----