PaulHowarth/Blog/2021-03-31

Wednesday 31st March 2021

Fedora Project

• Updated perl-Net-CIDR to 0.21 in F-34 and Rawhide:

  • Update perldoc to emphasize proper usage of ciddrvalidate()

Local Packages

• Updated curl to 7.76.0:

  • cookies: Support multiple -b parameters

  • curl: Add --fail-with-body

  • doh: Add options to disable ssl verification
  • http: Add support to read and store the referrer header

  • sasl: Support SCRAM-SHA-1 and SCRAM-SHA-256 via libgsasl

  • vtls: Initial implementation of rustls backend

  • CVE-2021-22876: Strip credentials from the auto-referer header field

  • CVE-2021-22890: Add 'isproxy' argument to Curl_ssl_get/addsessionid()

  • asyn-ares: Use consistent resolve error message

  • BUG-BOUNTY: Removed the cooperation mention

  • build: Delete unused feature guards

  • build: Fix --disable-dateparse

  • build: Fix --disable-http-auth

  • build: Remove all traces of USE_BLOCKING_SOCKETS

  • c-hyper: Remove superfluous pointer check

  • c-hyper: Support automatic content-encoding

  • CI/azure: Disable test 433 on azure-ubuntu

  • CI/azure: Replace python-impacket with python3-impacket

  • ci: Stop building on freebsd-12-1

  • cmake: Fix import library name for non-MS compiler on Windows

  • cmake: Use CMAKE_INSTALL_INCLUDEDIR indirection

  • cmake: Support WinIDN

  • config: Fix building SMB with configure using Win32 Crypto

  • config: Fix detection of restricted Windows App environment

  • configure: Fail if --with-quiche is used and quiche isn't found

  • configure: Make AC_TRY_* into AC_*_IFELSE

  • configure: Make hyper opt-in, and fail if missing

  • configure: Only add OpenSSL paths if they are defined

  • configure: Provide Largefile feature for curl-config

  • configure: Remove use of deprecated macros

  • configure: s/AC_HELP_STRING/AS_HELP_STRING/

  • cookies: Fix potential NULL pointer deref with PSL

  • curl: Set CURLOPT_NEW_FILE_PERMS if requested

  • curl_easy_setopt.3: Add curl_easy_option* functions to SEE ALSO

  • curl_multibyte: Always return a heap-allocated copy of string

  • curl_multibyte: Fall back to local code page stat/access on Windows

  • Curl_timeleft: Check both timeouts during connect

  • curl_url_set.3: Mention CURLU_PATH_AS_IS

  • CURLOPT_QUOTE.3: Clarify that libcurl doesn't parse what's sent

  • docs/HTTP2: Remove the outdated remark about multiplexing for the tool

  • docs/Makefile.inc: Format to be update-friendly

  • docs: Add CURLOPT_CURLU to 'See also' in curl_url_ functions

  • docs: Add missing Arg tag to --stderr

  • docs: Add SSL backend names to CURL_SSL_BACKEND

  • docs: Clarify timeouts for queued transfers in multi API

  • docs: Explain DOH transfers inherit some SSL settings

  • docs: Fix FILE example URL in --metalink documentation

  • docs: Make gen.pl support *italic* and **bold**

  • doh: Fix sharing user's resolve list with DOH handles

  • doh: Inherit CURLOPT_STDERR from user's easy handle

  • dynbuf: Bump the max HTTP request to 1MB

  • examples: Remove threaded-shared-conn.c due to bug

  • file: Support unicode URLs on windows

  • ftp: Add 'list_only' to the transfer state struct

  • ftp: Add 'prefer_ascii' to the transfer state struct

  • ftp: Allow SIZE to fail when doing (resumed) upload

  • ftp: Avoid SIZE when asking for a TYPE A file

  • ftp: Fix Codacy/cppcheck warning about null pointer arithmetic

  • ftp: Fix memory leak in ftp_done

  • ftp: Never set data->set.ftp_append outside setopt

  • gen.pl: Quote "bare" minuses in the nroff curl.1

  • github: Add torture-ftp for FTP-only torture testing

  • gnutls: Assume nettle crypto support

  • gskit: Correct the gskit_send() prototype

  • hostip: Fix build with sync resolver

  • hostip: Fix crash in sync resolver builds that use DOH

  • hsts: Remove unused defines

  • http2: Don't set KEEP_SEND when there's no more data to be sent

  • http2: Fail if connection terminated without END_STREAM

  • http: Cap body data amount during send speed limiting
  • http: Do not add a referrer header with empty value

  • http: Make 416 not fail with resume + CURLOPT_FAILONERRROR

  • http: Remove superfluous NULL assign
  • http: Strip default port from URL sent to proxy
  • http: Use credentials from transfer, not connection

  • ldap: Use correct memory free function

  • lib1536: Check ptr against NULL before dereferencing it

  • lib1537: Check ptr against NULL before dereferencing it

  • lib: Remove 'conn->data' completely

  • libssh2: kdb_callback: Get the right struct pointer

  • libssh2: ssh_connect: Clear session pointer after free

  • memdebug: Close debug logfile explicitly on exit

  • mingw: Enable using strcasecmp()

  • multi: Close the connection when h2=>h1 downgrading

  • multi: Do once-per-transfer inits in before_perform in DID state

  • multi: Rename the multi transfer states

  • multi: Update pending list when removing handle

  • ngtcp2: Adapt to the new recv_datagram callback

  • ngtcp2: Clarify calculation precedence

  • ngtcp2: Fix build error due to change in ngtcp2_addr_init

  • ngtcp2: Sync with recent API updates

  •  openldap: Avoid NULL pointer dereferences

  • openssl: Adapt to v3's new const for a few API calls

  • openssl: Ensure to check SSL_CTX_set_alpn_protos return values

  • openssl: Remove get_ssl_version_txt in favour of SSL_get_version

  • openssl: Set the transfer pointer for logging early

  • OS400: Update for CURLOPT_AWS_SIGV4

  • parse_proxy: Fix a memory leak in the OOM path

  • pathhelp.pm: Fix use of pwd -L in Msys environment

  • projects: Update VS projects for OpenSSL 1.1.x

  • quiche: Fix build error: use 'int' for port number

  • quiche: Fix crash when failing to connect

  • retry-all-errors.d: Explain curl errors versus HTTP response errors

  • retry.d: Clarify transient 5xx HTTP response codes

  • runtests.pl: Add %TESTNUMBER variable to make copying tests more convenient

  • runtests.pl: Add a -P option to specify an external proxy

  • runtests.pl: Kill processes locking test log files

  • setopt: Error on CURLOPT_HTTP09_ALLOWED set true with Hyper

  • test1188: Change error to check for: --fail HTTP status

  • test220/314: Adjust to run with Hyper

  • test304: Header CRLF clean-up to work with Hyper

  • test306: Make it not run with Hyper

  • tests: Disable .curlrc in more environments

  • tests: Use %TESTNUMBER instead of fixed number

  • tftp: Remove the 3600 second default timeout

  • time: Enable 64-bit time_t in supported mingw environments

  • tool_help: Add missing argument for --create-file-mode

  • tool_help: Increase space between option and description

  • tool_operate: Bail if set CURLOPT_HTTP09_ALLOWED returns error

  • travis: Add a rustls build

  • travis: Bump wolfssl to 4.7.0
  • travis: Only build wolfssl when needed
  • travis: Split "torture" into a separate "events" build

  • travis: Switch ngtcp2 build over to quictls

  • travis: Use ubuntu nghttp2 package instead of build our own

  • url.c: Use consistent error message for failed resolve

  • url: Fix memory leak if OOM in the HSTS handling

  • url: Fix possible use-after-free in default protocol

  • urldata: Don't touch data->set.httpversion at run-time

  • urldata: Fix build without HTTP and MQTT

  • urldata: Make 'actions[]' use unsigned char instead of int

  • urldata: Merge "struct DynamicStatic" into "struct UrlState"

  • urldata: Remove the 'rtspversion' field

  • urldata: Remove the _ORIG suffix from string names

  • version.d: Add missing features to the features list

  • wolfssl: Don't store a NULL sessionid

• Updated perl-Moose to 2.2015:

  • A test has been rewritten so as to remove IO::String from the prerequisite list (GH#179)

  • Optional prereq on List::SomeUtils has been replaced with List::Util 1.56

• Updated perl-Net-CIDR to 0.21 as per the Fedora version