PaulHowarth/Blog/2020-12-09

Wednesday 9th December 2020

Local Packages

  • Updated curl to 7.74.0:

    • hsts: Add experimental support for Strict-Transport-Security

    • CVE-2020-8286: Inferior OCSP verification

    • CVE-2020-8285: FTP wildcard stack overflow

    • CVE-2020-8284: Trusting FTP PASV responses

    • acinclude: Detect manually set minimum macos/ipod version

    • alt-svc: Enable (in the build) by default

    • alt-svc: Minimize variable scope and avoid "DEAD_STORE"

    • asyn: Use 'struct thread_data *' instead of 'void *'

    • checksrc: Warn on empty line before open brace

    • CI/appveyor: Disable test 571 in two cmake builds

    • CI/azure: Improve on flakiness by avoiding libtool wrappers

    • CI/tests: Enable test target on TravisCI for CMake builds

    • CI/travis: Add brotli and zstd to the libssh2 build

    • cirrus: Build with FreeBSD 12.2 in CirrusCI
    • cmake: Call the feature unixsockets without dash

    • cmake: Check for linux/tcp.h

    • cmake: Correctly handle linker flags for static libs

    • cmake: Don't pass -fvisibility=hidden to clang-cl on Windows

    • cmake: Don't use reserved target name 'test'

    • cmake: Make BUILD_TESTING dependent option

    • cmake: Make CURL_ZLIB a tri-state variable

    • cmake: Set the unicode feature in curl-config on Windows

    • cmake: Store IDN2 information in curl_config.h

    • cmake: Use libcurl.rc in all Windows builds

    • configure: Pass -pthread to Libs.private for pkg-config

    • configure: Use pkgconfig to find openSSL when cross-compiling

    • connect: Repair build without ipv6 availability

    • curl.1: Add an "OUTPUT" section at the top of the manpage

    • curl.se: New home

    • curl: Add compatibility for Amiga and GCC 6.5

    • curl: Only warn not fail, if not finding the home dir

    • curl_easy_escape: Limit output string length to 3 * max input

    • Curl_pgrsStartNow: Init speed limit time stamps at start

    • curl_setup: USE_RESOLVE_ON_IPS is for Apple native resolver use

    • curl_url_set.3: Fix typo in the RETURN VALUE section

    • CURLOPT_DNS_USE_GLOBAL_CACHE.3: Fix typo

    • CURLOPT_HSTS.3: Document the file format

    • CURLOPT_NOBODY.3: Fix typo

    • CURLOPT_TCP_NODELAY.3: Fix comment in example code

    • CURLOPT_URL.3: Clarify SCP/SFTP URLs are for uploads as well

    • docs: Document the 8MB input string limit
    • docs: Fix typos and markup in ETag manpage sections
    • docs: Fix various typos in documentation

    • examples/httpput: Remove use of CURLOPT_PUT

    • FAQ: Refreshed
    • file: Avoid duplicated code sequence

    • ftp: Retry getpeername for FTP with TCP_FASTOPEN

    • gnutls: Fix memory leaks (certfields memory wasn't released)

    • header.d: Mention the "Transfer-Encoding: chunked" handling

    • HISTORY: The new domain

    • http3: Fix two build errors, silence warnings
    • http3: Use the master branch of GnuTLS for testing

    • http: Pass correct header size to debug callback for chunked post

    • http_proxy: Use enum with state names for 'keepon'

    • httpput-postfields.c: New example doing PUT with POSTFIELDS

    • infof/failf calls: Fix format specifiers

    • libssh2: Fix build with disabled proxy support

    • libssh2: Fix transport over HTTPS proxy

    • libssh2: Require version 1.0 or later

    • Makefile.m32: Add support for HTTP/3 via ngtcp2+nghttp3

    • Makefile.m32: Add support for UNICODE builds

    • mqttd: fclose test file when done

    • NEW-PROTOCOL: Document what needs to be done to add one

    • ngtcp2: Adapt to recent nghttp3 updates

    • ngtcp2: Advertise h3 ALPN unconditionally

    • ngtcp2: Fix build error due to symbol name change

    • ngtcp2: Use the minimal version of QUIC supported by ngtcp2

    • ntlm: Avoid malloc(0) on zero length user and domain

    • openssl: Acknowledge SRP disabling in configure properly

    • openssl: Free mem_buf in error path

    • openssl: Guard against OOM on context creation

    • openssl: Use OPENSSL_init_ssl() with ≥ 1.1.0

    • os400: Sync libcurl API options

    • packages/OS400: Make the source code-style compliant

    • quiche: Close the connection

    • quiche: Remove 'static' from local buffer

    • range.d: Clarify that curl will not parse multipart responses

    • range.d: Fix typo

    • Revert "multi: implement wait using winsock events"

    • rtsp: Error out on empty Session ID, unified the code
    • rtsp: Fixed Session ID comparison to refuse prefix
    • rtsp: Fixed the RTST Session ID mismatch in test 570

    • runtests: Return error if no tests ran

    • runtests: Revert the mistaken edit of $CURL

    • runtests: Show keywords when no tests ran

    • scripts/completion.pl: Parse all opts

    • socks: Check for DNS entries with the right port number

    • src/tool_filetime: Disable -Wformat on mingw for this file

    • strerror: Use 'const' as the string should never be modified

    • test122[12]: Remove these two tests

    • test506: Make it not run in c-ares builds

    • tests/*server.py: Close log file after each log line

    • tests/server/tftpd.c: Close upload file right after transfer

    • tests/util.py: Fix compatibility with Python 2

    • tests: Add missing global_init/cleanup calls

    • tests: Fix some http/2 tests for older versions of nghttpx

    • tool_debug_cb: Do not assume zero-terminated data

    • tool_help: Make "output" description less confusing

    • tool_operate: --retry for HTTP 408 responses too

    • tool_operate: Bail out properly on errors during parallel transfers

    • tool_operate: Fix compiler warning when --libcurl is disabled

    • tool_writeout: Use off_t getinfo-types instead of doubles

    • travis: Use ninja-build for CMake builds

    • travis: Use valgrind when running tests for debug builds

    • urlapi: Don't accept blank port number field without scheme

    • urlapi: URL encode a '+' in the query part

    • urldata: Remove 'void *protop' and create the union 'p'

    • vquic/ngtcp2.h: Define local_addr as sockaddr_storage

Recent