#acl PaulHowarth:read,write,admin,revert,delete All:read
=== Wednesday 26th May 2021 ===
==== Fedora Project ====
* Updated `perl-DateTime-Format-MySQL` to 0.0701 in Rawhide:
* If microseconds are set on provided `DateTime` object to time_format, use them ([[CPAN:136549|CPAN RT#136549]])
* Updated `perl-IO-Socket-SSL` to 2.071 in Rawhide:
* Fix `t/nonblock.t` race on some systems (fixes [[https://github.com/noxxi/p5-io-socket-ssl/issues/102|GH#102]], maybe [[https://github.com/noxxi/p5-io-socket-ssl/issues/98|GH#98]] too)
==== Local Packages ====
* Updated `curl` to 7.77.0:
* [[CVE:2021-22297|CVE-2021-22297]]: `schannel` cipher selection surprise
* [[CVE:2021-22298|CVE-2021-22298]]: TELNET stack contents disclosure
* [[CVE:2021-22901|CVE-2021-22901]]: TLS session caching disaster
* `configure`: Make the TLS library choice(s) explicit
* `curl`: Ignore options asking for SSLv2 or SSLv3
* hsts: Enable by default
* SSL: Support in-memory CA certs for some backends
* vtls: Refuse setting any SSL version
* AmigaOS: Add functions definitions for SHA256
* build: Fix compilation for Windows UWP platform
* c-hyper: Don't write to `set.writeheader` if null
* c-hyper: Fix handling of zero-byte chunk from hyper
* c-hyper: Handle body on `HYPER_TASK_EMPTY`
* `checksrc`: Complain on `== NULL` or `!= 0` checks in conditions
* CI/cirrus: Add shared and static Windows release builds
* cmake: Add `CURL_ENABLE_EXPORT_TARGET` option
* cmake: Check for `getppid` and `utimes`
* cmake: Detect `CURL_SA_FAMILY_T`
* cmake: Fix two invokes result in different `curl_config.h`
* cmake: Make `libcurl` output filename configurable
* cmake: Use multi-threaded compilation on VS 2008+
* config: Remove now-unused macros
* `configure`: If asked for, fail if ldap is not found
* `configure`: Provide `--with-openssl`, deprecate `--with-ssl`
* conn: Add '`attach`' to protocol handler, make `libssh2` use it
* connect: Use `CURL_SA_FAMILY_T` for portability
* `ConnectionExists`: Respect requests for h1 connections better
* cookie: `CURLOPT_COOKIEFILE` set to `NULL` switches off cookies
* `curl-wolfssl.m4`: Without custom include path, assume `/usr/include`
* `curl`: Include `libmetalink` version in `--version` output
* `Curl_http_header`: Check for colon when matching `Persistent-Auth`
* `Curl_http_input_auth`: Require valid separator after negotiation type
* `Curl_input_digest`: Require space after `Digest`
* `curl_mprintf.3`: Add description
* `curl_setup`: Provide the shutdown flags wider
* `curl_url_set.3`: Add memory management information
* `CURLcode`: Add `CURLE_SSL_CLIENTCERT`
* `CURLOPT_CAPATH.3`: Defaults to a path, not `NULL`
* `CURLOPT_IPRESOLVE`: Preventing wrong IP version from being used
* `CURLOPT_POSTFIELDS.3`: Clarify how it gets the size of the data
* `data_pending`: Check only `SECONDARY` socket for FTP(S) transfers
* `docs/TheArtOfHttpScripting`: Fix markdown links
* docs: !CamelCase it like !GitHub everywhere
* docs: Cookies from HTTP headers need domain set
* docs: Fix typo in `fail-with-body` doc
* docs: Improve `INTERNALS.md` regarding `getsock` callback
* docs: Replace dots with dashes in markdown enums
* `easy`: Ignore `sigpipe` in `curl_easy_send`
* `FILEFORMAT`: Mention `sectransp` as a feature
* `GIT-INFO`: Suggest using `autoreconf` instead of `buildconf`
* !GitHub: Add a workflow with `libssh2` on macOS using `cmake`
* !GitHub: Inhibit deprecated declarations for clang on macOS
* GnuTLS: Don't allow TLS 1.3 for versions that don't support it
* GnuTLS: Make setting only the `MAX` TLS allowed version work
* `gskit`: Fix `CURL_DISABLE_PROXY` build
* `gskit`: Fix undefined reference to '`conn`'
* `hostip.h`: Remove declaration of unimplemented function
* hostip: Remove the debug code for `LocalHost`
* http2: Call the handle-closed function correctly on closed stream
* http2: Fix a resource leak in `push_promise()`
* http2: Fix resource leaks in `set_transfer_url()`
* http2: Make sure pause is done on HTTP
* http2: Move the stream error field to the per-transfer storage
* http2: Skip immediate parsing of payload following protocol switch
* http2: Use `nghttp2_session_upgrade2` instead of `nghttp2_session_upgrade`
* `HTTP3.md`: Fix `nghttp2`'s HTTP/3 server port
* `HTTP3.md`: Make the `ngtcp2` build use the `quictls` fork
* http: Deal with partial `CONNECT` sends
* http: Fix the check for '`Authorization`' with `Bearer`
* http: Limit the initial send amount to used upload buffer size
* http: Reset the header buffer when sending the request
* http: Use offsets inst of integer literals for header parsing
* `INSTALL`: Add `IBM i` specific quirks
* `krb5/name_to_level`: Replace `checkprefix` with `curl_strequal`
* krb5: Don't use '`static`' to store `PBSZ` size response
* krb5: Remove the unused '`overhead`' function
* `lib/hostip6.c`: Make NAT64 address synthesis on macOS work
* `lib1564.c`: Enable last wakeup test part on Windows
* lib: Fix 0-length `Curl_client_write` calls
* lib: Fix some misuse of `curlx_convert_UTF8_to_tchar`
* `libcurl-security.3`: Be careful of `setuid`
* `libcurl-security.3`: Don't try to filter IPv4 hosts based on the URL
* `libcurl.3`: Mention the URL API
* `libssh2`: Fix Value stored to '`sshp`' is never read
* `libssh2`: Ignore timeout during disconnect
* `libssh`: Fix "empty expression statement has no effect" warnings
* `libtest`: Remove `lib530.c`
* m4: Add security frameworks on Mac when compiling `rustls`
* `multi`: Don't close connection `HTTP_1_1_REQUIRED`
* `multi`: Fix slow write/upload performance on Windows
* `multi`: Reduce Win32 API calls to improve performance
* `ngtcp2`: Fix the `cb_acked_stream_data_offset` proto
* NSS: Add ciphers to map
* NSS: Make colons, commas and spaces valid separators in cipher list
* `nss_set_blocking`: Avoid `static` for `sock_opt`
* ntlm: Precaution against super huge type2 offsets
* `openldap`: Protect SSL-specific code with proper `#ifdef`
* `openldap`: Replace `ldap_` prefix on private functions
* `openssl`: fix build error with OpenSSL < 1.0.2
* `openssl`: Remove unneeded cast for `CertOpenSystemStore()`
* os400: Additional support for options metadata
* progress: Fix `scan-build-11` warnings
* progress: Reset `limit_size` variables at transfer start
* progress: When possible, calculate transfer speeds with microseconds
* `README.md`: Delete Codacy UTM parameters
* Revert "Revert 'multi: implement wait using winsock events'"
* `rustls`: Only return `CURLE_AGAIN` when TLS session is fully drained
* `rustls`: Use ALPN
* sasl: Use '`unsigned short`' to store mechanism
* `schannel`: Disable auto credentials; add an option to enable it
* `schannel`: Support strong crypto option
* `sectransp`: Allow cipher name to be specified
* `sectransp`: Fix `EXC_BAD_ACCESS` caused by uninitialized buffer
* `sigpipe`: Ignore `SIGPIPE` when using wolfSSL as well
* `sockfilt`: Avoid getting stuck waiting for writeable socket
* `sockfilt`: Fix invalid increment of handles index variable `nfd`
* sws: `#ifdef S_IFSOCK` use
* sws: Allow HTTP requests up to 2MB in size
* test server: Take care of `siginterrupt()` deprecation
* `test2100`: Make it run with and require IPv6
* `tests/disable-scan.pl`: Also scan all m4 files
* `tests/getpart`: Generate output URL encoded for better diffs
* tests: Ignore case of chunked hex numbers in tests
* tls: Add `USE_HTTP2` define
* `tool_getparam`: Handle failure of `curlx_convert_tchar_to_UTF8()`
* `tool_getparam`: Replace (in-place) '`%20`' by '`+`' according to RFC1866
* `tool_operate`: Don't discard failed parallel transfer result
* `tool_writeout`: Fix the `HTTP_CODE` json output
* travis: Disable the failing `libssh` build
* `URL-SYNTAX`: Update IDNA section for WHATWG spec changes
* `urlapi`: "normalize" numerical IPv4 host names
* `vauth`: Factor base64 conversions out of authentication procedures
* version: Add `gsasl_version` to `curl_version_info_data`
* version: Add `OpenLDAP` version in the output
* `vtls`: Deduplicate some `DISABLE_PROXY` `ifdef`s
* `vtls`: Reset ssl use flag upon negotiation failure
* wolfssl: Handle `SSL_write()` returns `0` for error
* wolfssl: Remove SSLv3 support leftovers
. I added this patch to kill the `gophers` server after testing that protocol, so that the port it uses can be re-used by later tests:
. {{{
There is only one gophers test, so kill the server when done with it.
This frees up the port, which was needed for curl-7.77.0 on Centos 7
(x86_64) where test 3001 wanted to reuse the port.
--- tests/data/test1272
+++ tests/data/test1272
@@ -22,6 +22,9 @@ iMenu results error.host 1
gophers
+
+gophers
+
Gophers index
}}}
* Rebuilt `libxml2` (2.9.12) to sync with Rawhide
* Updated `perl-DateTime-Format-MySQL` to 0.0701 as per the Fedora version
* Updated `perl-Exception-Base` (0.2501) to avoid perl critic test, which fails on recent perls with built-in `catch`
* Updated `perl-IO-Socket-SSL` to 2.071 as per the Fedora version
* Updated `perl-Module-CoreList` to 5.20210521:
* Updated for v5.35.0
* Updated `perl-Test-Needs` to 0.002009:
* Fix tests when `@INC` includes directories that shouldn't have their archname or version subdirectories added
* Fix test compatibility with Windows
* Fix warnings from `Test::Builder` if `Test::Needs` is loaded first, and is used to check for a Test module
* Fix location in code reported when a module check fails
* Support short forms of perl versions
* Support perl versions greater than 5
* Fix handling of v-string versions on perl 5.6
* Updated Rawhide repository with Perl packages rebuilt for Perl 5.34.0
----