Wednesday 21st July 2021
Fedora Project
Updated geoipupdate to 4.8.0 in Rawhide:
- Go 1.13 or greater is now required
- In verbose mode, we now print a message before each HTTP request; previously we would not print anything for retried requests
- Expected response errors no longer cause request retries; for example, we no longer retry the download request if the database subscription has lapsed
Local Packages
Updated curl to 7.78.0:
curl_url_set: Reject spaces in URLs without CURLU_ALLOW_SPACE
CURLE_SETOPT_OPTION_SYNTAX: New error name for wrong setopt syntax
hostip: Make 'localhost' return fixed values
- mbedtls: Add support for cert and key blob options
metalink: Remove all support for it (CVE-2021-22922, CVE-2021-22923)
mqtt: Add support for username and password
--socks4[a]: Clarify where the host name is resolved
- ares: Always store IPv6 addresses first
asyn-ares: Remove check for 'data' in Curl_resolver_cancel
bearssl: Explicitly initialize all fields of Curl_ssl
bearssl: Remove incorrect const on variable that is modified
build: Fix compiler warnings when CURL_DISABLE_VERBOSE_STRINGS
c-hyper: Abort CONNECT response reading early on non 2xx responses
c-hyper: Add support for transfer-encoding in the request
- c-hyper: Bail on too long response headers
- c-hyper: Clear NTLM auth buffer when request is issued
c-hyper: Convert HYPERE_INVALID_PEER_MESSAGE to CURLE_UNSUPPORTED_PROTOCOL
c-hyper: Fix NTLM on closed connection tested with test159
- c-hyper: Fix the uploaded field in progress callbacks
c-hyper: Handle NULL from hyper_buf_copy()
c-hyper: Support CURLINFO_STARTTRANSFER_TIME
c-hyper: Support CURLOPT_HEADER
ccsidcurl: Fix the compile errors
CI/cirrus: Install impacket from PyPI instead of FreeBSD packages
- CI: Add bearssl build
- CI: Add Circle CI
- CI: Add jobs using Zuul
CI: Delete --enable-hsts option (it is the default now)
- CI: Remove travis details
cleanup: Spell DoH with a lowercase o
cmake: Add CURL_DISABLE_NTLM option
- cmake: Avoid leaking absolute paths into exported config
cmake: Fix IoctlSocket FIONBIO check
cmake: Fix support for UnixSockets feature on Win32
cmake: Remove libssh2 feature checks
cmake: Try well-known send/recv signature for Apple
configure.ac: Make non-executable
configure/cmake: Remove checks for many unused functions
configure: Add --disable-ntlm option
configure: Disable RTSP when hyper is selected
configure: Do not strip out debug flags
configure: Fix nghttp2 library name for static builds
configure: Inhibit the implicit-fallthrough warning on gcc-12
configure: Rename get-easy-option configure option to get-easy-options
conn_shutdown: If closed during CONNECT, clean up properly
conncache: Lowercase the hash key for better match
- cookies: Track expiration in jar to optimize removals
- copyright: Add boiler-plate headers to CI config files
crustls: Bump crustls version and use new URL
curl.h: <sys/select.h> is supported by VxWorks7
curl.h: include sys/select.h for NuttX RTOS
curl: Ignore blank --output-dir
curl_endian: Remove the unused Curl_write64_le function
curl_multibyte: Remove local encoding fallbacks
Curl_ntlm_core_mk_nt_hash: Fix OOM in error path
Curl_ssl_getsessionid: Fail if no session cache exists
CURLOPT_WRITEFUNCTION.3: Minor update of the example
docs/BINDINGS: Fix outdated links
docs/examples: Use curl_multi_poll() in multi examples
docs/INSTALL: Remove mentions of configure --with-darwin-ssl
- docs: Document missing arguments to commands
docs: Fix inconsistencies in EGDSOCKET documentation
- docs: Fix incorrect argument name reference
- docs: Fix typos
docs: Make docs for --etag-save match the program behaviour
docs: Use --max-redirs instead of --max-redir
doh: (void)-prefix call to curl_easy_setopt
doh: Fix wrong DEBUGASSERT for doh private_data
easy: During upkeep, attach Curl_easy to connections in the cache
examples/multi-single: Fix scan-build warning
examples: length-limit two sscanf() uses of %s
- examples: Safer and more proper read callback logic
filecheck: Quietly remove test-place/*~
formdata: Avoid "Argument cannot be negative" warning
formdata: Correct typecast in curl_mime_data call
GHA: Add a linux-hyper job
GHA: Add several libcurl tests to the hyper job
GHA: Run the newly fixed tests with hyper
GitHub: Timeout jobs on macOS after 90 minutes
glob: Pass an 'int' as length when using printf's %*s
- gnutls: Set the preferred TLS versions in correct order
GOVERNANCE: Add 'user', 'committer' and 'contributor'
hostip: (macOS) free returned memory of SCDynamicStoreCopyProxies
hostip: Bad CURLOPT_RESOLVE syntax now returns error
- hsts: Ignore numerical IP address hosts
- HSTS: Not experimental anymore
- http2: Clarify 'Using HTTP2' verbose message
http2: init recvbuf struct for pushed streams
http2_connisdead: Handle trailing GOAWAY better
- http: Fix crash in rate-limited upload
http: Make the haproxy support work with unix domain sockets
http_proxy: Deal with non-200 CONNECT response with hyper
- hyper: Propagate errors back up from read callbacks
- hyper: Remove mentions of deprecated development branch
idn: Fix libidn2 with windows unicode builds
infof: Remove newline from format strings, always append it
lib: Don't compare fd to FD_SETSIZE when using poll
lib: Fix compiler warnings with CURL_DISABLE_NETRC
lib: Fix type of length passed to *printf's %*s
lib: More %u for port and int for %*s fixes
lib: Use %u instead of %ld for port number printf
libcurl-security.3: Mention file descriptors and forks
libssh2: Limit time a disconnect can take to 1 second
mbedtls: Make mbedtls_strerror always work
- mbedtls: Remove unnecessary include
- mqtt: Detect illegal and too large file size
- mqtt: Extend the error message for no topic
msnprintf: Return number of printed characters excluding null byte
multi: Add scan-build-6 work-around in curl_multi_fdset
multi: Alter transfer timeout ordering
multi: Do not switch off connect_only flag when closing
multi: Fix crash in curl_multi_wait/curl_multi_poll
netrc: Skip 'macdef' definitions
ngtcp2: Disable TLSv1.3 compatible mode when using GnuTLS
- openssl: Avoid static variable for seed flag
openssl: Don't remove session id entry in disassociate
pinnedpubkey.d: Fix formatting for version support lists
proto.d: Fix formatting for paragraphs after margin changes
quiche: Use send() instead of sendto() to avoid macOS issue
- Revert "c-hyper: handle body on HYPER_TASK_EMPTY"
Revert "ftp: Expression 'ftpc->wait_data_conn' is always false"
runtests: Also find the last test in Makefile.inc
runtests: Enable 'hyper mode' only for HTTP tests
runtests: init $VERSION to avoid warnings when using -l
runtests: Parse data/Makefile.inc instead of using make
runtests: Skip disabled tests unless -f is used
rustls: Remove native_roots fallback
- schannel: Set ALPN length correctly for HTTP/2
SChannel: Use '_tcsncmp()' instead
sectransp: Check for client certs by name first, then file (CVE-2021-22926)
setopt: Fix incorrect comments
socketpair: Fix potential hangs
- socks4: Scan for the IPv4 address in resolve results
- ssl: Read pending close notify alert before closing the connection
sws: malloc request struct instead of using stack
telnet: Fix option parser to not send uninitialized contents (CVE-2021-22925)
test1116: hyper doesn't pass through "surprise-trailers"
test1147: hyper doesn't allow "crazy" request headers like built-in
test1151: Added missing CRLF to work with hyper
test1216: Adjusted for hyper mode
test1218: Adjusted for hyper mode
test1230: Adjust to work in hyper mode
test1340/1341: Adjusted for hyper mode
test1438/1457: Add HTTP keyword to make hyper mode work
test1514: Add a CRLF to the response to make it correct
test1518: Adjusted to work with hyper
test1519: Adjusted to work with hyper
test1594/1595/1596: Fix to work in hyper mode
test269: Disable for hyper
test3010: Work with hyper mode
test328: Avoid a header-looking body to make hyper mode work
test339: CRLFify better to work in hyper mode
test347: CRLFify to work in hyper mode
test393: Make Content-Length fit within 64 bit for hyper
test394: hyper returns a different error
test395: hyper cannot work around > 64 bit content-lengths like built-in
test433: Adjust for hyper mode
test434: Add HTTP keyword
test500: Adjust to work with hyper mode
test566: Adjust to work with hyper mode
test599: Adjusted to work in hyper mode
test644: Remove as duplicate of test 587
tests: Fix Accept-Encoding strips to work with hyper builds
- TLS: Prevent shutdown loops to get stuck
tool: Make _lseeki64() macro work with the PellesC compiler
tool_help: Document that --tlspassword takes a password
tool_help: Remove unused define
url.c: Remove two variable assigns that are never read
url: (void)-prefix a curl_url_get() call
url: Bad CURLOPT_CONNECT_TO syntax now returns error
version: Turn version number functions into returning void
vtls: exit addsessionid if no cache is inited
vtls: Fix connection reuse checks for issuer cert and case sensitivity (CVE-2021-22924)
vtls: Only store TIMER_APPCONNECT for non-proxy connect
vtls: Use free() not curl_free()
warnless: Simplify type size handling
- Win32: Fix build with Watt-32
winbuild/README: VC should be set to 6 'or larger'
winbuild: Support alternate nghttp2 static lib name
- wolfssl: Failing to set a session id is not reason to error out
write-out.d: Clarify urlnum is not unique for de-globbed URLs
- zuul: Use the new rustls directory name
Updated geoipupdate to 4.8.0 as per the Fedora version
Updated java-1.8.0-oracle to Java SE 8 Update 301
Bugfix and security update; see release notes at https://www.oracle.com/java/technologies/javase/8u301-relnotes.html