Wednesday 9th December 2020
Local Packages
Updated curl to 7.74.0:
hsts: Add experimental support for Strict-Transport-Security
CVE-2020-8286: Inferior OCSP verification
CVE-2020-8285: FTP wildcard stack overflow
CVE-2020-8284: Trusting FTP PASV responses
acinclude: Detect manually set minimum macos/ipod version
- alt-svc: Enable (in the build) by default
alt-svc: Minimize variable scope and avoid "DEAD_STORE"
asyn: Use 'struct thread_data *' instead of 'void *'
checksrc: Warn on empty line before open brace
- CI/appveyor: Disable test 571 in two cmake builds
CI/azure: Improve on flakiness by avoiding libtool wrappers
- CI/tests: Enable test target on TravisCI for CMake builds
CI/travis: Add brotli and zstd to the libssh2 build
- cirrus: Build with FreeBSD 12.2 in CirrusCI
- cmake: Call the feature unixsockets without dash
cmake: Check for linux/tcp.h
- cmake: Correctly handle linker flags for static libs
cmake: Don't pass -fvisibility=hidden to clang-cl on Windows
cmake: Don't use reserved target name 'test'
cmake: Make BUILD_TESTING dependent option
cmake: Make CURL_ZLIB a tri-state variable
cmake: Set the unicode feature in curl-config on Windows
cmake: Store IDN2 information in curl_config.h
cmake: Use libcurl.rc in all Windows builds
configure: Pass -pthread to Libs.private for pkg-config
configure: Use pkgconfig to find openSSL when cross-compiling
connect: Repair build without ipv6 availability
curl.1: Add an "OUTPUT" section at the top of the manpage
curl.se: New home
curl: Add compatibility for Amiga and GCC 6.5
curl: Only warn not fail, if not finding the home dir
curl_easy_escape: Limit output string length to 3 * max input
Curl_pgrsStartNow: Init speed limit time stamps at start
curl_setup: USE_RESOLVE_ON_IPS is for Apple native resolver use
curl_url_set.3: Fix typo in the RETURN VALUE section
CURLOPT_DNS_USE_GLOBAL_CACHE.3: Fix typo
CURLOPT_HSTS.3: Document the file format
CURLOPT_NOBODY.3: Fix typo
CURLOPT_TCP_NODELAY.3: Fix comment in example code
CURLOPT_URL.3: Clarify SCP/SFTP URLs are for uploads as well
- docs: Document the 8MB input string limit
- docs: Fix typos and markup in ETag manpage sections
- docs: Fix various typos in documentation
examples/httpput: Remove use of CURLOPT_PUT
- FAQ: Refreshed
- file: Avoid duplicated code sequence
ftp: Retry getpeername for FTP with TCP_FASTOPEN
gnutls: Fix memory leaks (certfields memory wasn't released)
header.d: Mention the "Transfer-Encoding: chunked" handling
HISTORY: The new domain
- http3: Fix two build errors, silence warnings
- http3: Use the master branch of GnuTLS for testing
http: Pass correct header size to debug callback for chunked post
http_proxy: Use enum with state names for 'keepon'
httpput-postfields.c: New example doing PUT with POSTFIELDS
infof/failf calls: Fix format specifiers
libssh2: Fix build with disabled proxy support
libssh2: Fix transport over HTTPS proxy
libssh2: Require version 1.0 or later
Makefile.m32: Add support for HTTP/3 via ngtcp2+nghttp3
Makefile.m32: Add support for UNICODE builds
mqttd: fclose test file when done
NEW-PROTOCOL: Document what needs to be done to add one
ngtcp2: Adapt to recent nghttp3 updates
ngtcp2: Advertise h3 ALPN unconditionally
ngtcp2: Fix build error due to symbol name change
ngtcp2: Use the minimal version of QUIC supported by ngtcp2
ntlm: Avoid malloc(0) on zero length user and domain
openssl: Acknowledge SRP disabling in configure properly
openssl: Free mem_buf in error path
- openssl: Guard against OOM on context creation
openssl: Use OPENSSL_init_ssl() with ≥ 1.1.0
os400: Sync libcurl API options
packages/OS400: Make the source code-style compliant
- quiche: Close the connection
quiche: Remove 'static' from local buffer
range.d: Clarify that curl will not parse multipart responses
range.d: Fix typo
Revert "multi: implement wait using winsock events"
- rtsp: Error out on empty Session ID, unified the code
- rtsp: Fixed Session ID comparison to refuse prefix
- rtsp: Fixed the RTST Session ID mismatch in test 570
runtests: Return error if no tests ran
runtests: Revert the mistaken edit of $CURL
runtests: Show keywords when no tests ran
scripts/completion.pl: Parse all opts
- socks: Check for DNS entries with the right port number
src/tool_filetime: Disable -Wformat on mingw for this file
strerror: Use 'const' as the string should never be modified
test122[12]: Remove these two tests
test506: Make it not run in c-ares builds
tests/*server.py: Close log file after each log line
tests/server/tftpd.c: Close upload file right after transfer
tests/util.py: Fix compatibility with Python 2
tests: Add missing global_init/cleanup calls
tests: Fix some http/2 tests for older versions of nghttpx
tool_debug_cb: Do not assume zero-terminated data
tool_help: Make "output" description less confusing
tool_operate: --retry for HTTP 408 responses too
tool_operate: Bail out properly on errors during parallel transfers
tool_operate: Fix compiler warning when --libcurl is disabled
tool_writeout: Use off_t getinfo-types instead of doubles
travis: Use ninja-build for CMake builds
travis: Use valgrind when running tests for debug builds
urlapi: Don't accept blank port number field without scheme
urlapi: URL encode a '+' in the query part
urldata: Remove 'void *protop' and create the union 'p'
vquic/ngtcp2.h: Define local_addr as sockaddr_storage