#acl PaulHowarth:read,write,admin,revert,delete All:read === Wednesday 21st July 2021 === ==== Fedora Project ==== * Updated `geoipupdate` to 4.8.0 in Rawhide: * Go 1.13 or greater is now required * In verbose mode, we now print a message before each HTTP request; previously we would not print anything for retried requests * Expected response errors no longer cause request retries; for example, we no longer retry the download request if the database subscription has lapsed ==== Local Packages ==== * Updated `curl` to 7.78.0: * `curl_url_set`: Reject spaces in URLs without `CURLU_ALLOW_SPACE` * `CURLE_SETOPT_OPTION_SYNTAX`: New error name for wrong `setopt` syntax * `hostip`: Make '`localhost`' return fixed values * mbedtls: Add support for cert and key blob options * `metalink`: Remove all support for it ([[CVE:2021-22922|CVE-2021-22922]], [[CVE:2021-22923|CVE-2021-22923]]) * `mqtt`: Add support for username and password * `--socks4[a]`: Clarify where the host name is resolved * ares: Always store IPv6 addresses first * `asyn-ares`: Remove check for '`data`' in `Curl_resolver_cancel` * bearssl: Explicitly initialize all fields of `Curl_ssl` * bearssl: Remove incorrect `const` on variable that is modified * build: Fix compiler warnings when `CURL_DISABLE_VERBOSE_STRINGS` * c-hyper: Abort `CONNECT` response reading early on non 2xx responses * c-hyper: Add support for `transfer-encoding` in the request * c-hyper: Bail on too long response headers * c-hyper: Clear NTLM auth buffer when request is issued * c-hyper: Convert `HYPERE_INVALID_PEER_MESSAGE` to `CURLE_UNSUPPORTED_PROTOCOL` * c-hyper: Fix NTLM on closed connection tested with `test159` * c-hyper: Fix the uploaded field in progress callbacks * c-hyper: Handle `NULL` from `hyper_buf_copy()` * c-hyper: Support `CURLINFO_STARTTRANSFER_TIME` * c-hyper: Support `CURLOPT_HEADER` * `ccsidcurl`: Fix the compile errors * CI/cirrus: Install `impacket` from PyPI instead of FreeBSD packages * CI: Add bearssl build * CI: Add Circle CI * CI: Add jobs using Zuul * CI: Delete `--enable-hsts` option (it is the default now) * CI: Remove travis details * cleanup: Spell `DoH` with a lowercase `o` * cmake: Add `CURL_DISABLE_NTLM` option * cmake: Avoid leaking absolute paths into exported config * cmake: Fix `IoctlSocket` `FIONBIO` check * cmake: Fix support for `UnixSockets` feature on Win32 * cmake: Remove `libssh2` feature checks * cmake: Try well-known `send`/`recv` signature for Apple * `configure.ac`: Make non-executable * `configure`/cmake: Remove checks for many unused functions * `configure`: Add `--disable-ntlm` option * `configure`: Disable RTSP when hyper is selected * `configure`: Do not strip out debug flags * `configure`: Fix `nghttp2` library name for static builds * `configure`: Inhibit the `implicit-fallthrough` warning on `gcc`-12 * `configure`: Rename `get-easy-option` `configure` option to `get-easy-options` * `conn_shutdown`: If closed during `CONNECT`, clean up properly * `conncache`: Lowercase the hash key for better match * cookies: Track expiration in jar to optimize removals * copyright: Add boiler-plate headers to CI config files * crustls: Bump `crustls` version and use new URL * `curl.h`: `` is supported by !VxWorks7 * `curl.h`: include `sys/select.h` for NuttX RTOS * `curl`: Ignore blank `--output-dir` * `curl_endian`: Remove the unused `Curl_write64_le` function * `curl_multibyte`: Remove local encoding fallbacks * `Curl_ntlm_core_mk_nt_hash`: Fix OOM in error path * `Curl_ssl_getsessionid`: Fail if no session cache exists * `CURLOPT_WRITEFUNCTION.3`: Minor update of the example * `docs/BINDINGS`: Fix outdated links * `docs/examples`: Use `curl_multi_poll()` in `multi` examples * `docs/INSTALL`: Remove mentions of `configure --with-darwin-ssl` * docs: Document missing arguments to commands * docs: Fix inconsistencies in `EGDSOCKET` documentation * docs: Fix incorrect argument name reference * docs: Fix typos * docs: Make docs for `--etag-save` match the program behaviour * docs: Use `--max-redirs` instead of `--max-redir` * doh: `(void)`-prefix call to `curl_easy_setopt` * doh: Fix wrong `DEBUGASSERT` for doh `private_data` * `easy`: During upkeep, attach `Curl_easy` to connections in the cache * `examples/multi-single`: Fix scan-build warning * examples: length-limit two `sscanf()` uses of `%s` * examples: Safer and more proper read callback logic * filecheck: Quietly remove `test-place/*~` * `formdata`: Avoid "Argument cannot be negative" warning * `formdata`: Correct typecast in `curl_mime_data` call * GHA: Add a `linux-hyper` job * GHA: Add several `libcurl` tests to the `hyper` job * GHA: Run the newly fixed tests with `hyper` * !GitHub: Timeout jobs on macOS after 90 minutes * glob: Pass an '`int`' as length when using `printf`'s `%*s` * gnutls: Set the preferred TLS versions in correct order * `GOVERNANCE`: Add 'user', 'committer' and 'contributor' * `hostip`: (macOS) free returned memory of `SCDynamicStoreCopyProxies` * `hostip`: Bad `CURLOPT_RESOLVE` syntax now returns error * hsts: Ignore numerical IP address hosts * HSTS: Not experimental anymore * http2: Clarify 'Using HTTP2' verbose message * http2: init `recvbuf` struct for pushed streams * `http2_connisdead`: Handle trailing `GOAWAY` better * http: Fix crash in rate-limited upload * http: Make the `haproxy` support work with unix domain sockets * `http_proxy`: Deal with non-200 `CONNECT` response with `hyper` * hyper: Propagate errors back up from read callbacks * hyper: Remove mentions of deprecated development branch * idn: Fix `libidn2` with windows unicode builds * `infof`: Remove newline from format strings, always append it * lib: Don't compare `fd` to `FD_SETSIZE` when using `poll` * lib: Fix compiler warnings with `CURL_DISABLE_NETRC` * lib: Fix type of length passed to `*printf`'s `%*s` * lib: More `%u` for port and `int` for `%*s` fixes * lib: Use `%u` instead of `%ld` for port number `printf` * `libcurl-security.3`: Mention file descriptors and forks * `libssh2`: Limit time a disconnect can take to 1 second * mbedtls: Make `mbedtls_strerror` always work * mbedtls: Remove unnecessary include * mqtt: Detect illegal and too large file size * mqtt: Extend the error message for no topic * `msnprintf`: Return number of printed characters excluding null byte * `multi`: Add scan-build-6 work-around in `curl_multi_fdset` * `multi`: Alter transfer timeout ordering * `multi`: Do not switch off `connect_only` flag when closing * `multi`: Fix crash in `curl_multi_wait`/`curl_multi_poll` * `netrc`: Skip '`macdef`' definitions * `ngtcp2`: Disable TLSv1.3 compatible mode when using GnuTLS * openssl: Avoid static variable for seed flag * openssl: Don't remove session id entry in `disassociate` * `pinnedpubkey.d`: Fix formatting for version support lists * `proto.d`: Fix formatting for paragraphs after margin changes * quiche: Use `send()` instead of `sendto()` to avoid macOS issue * Revert "c-hyper: handle body on HYPER_TASK_EMPTY" * Revert "ftp: Expression 'ftpc->wait_data_conn' is always false" * `runtests`: Also find the last test in `Makefile.inc` * `runtests`: Enable 'hyper mode' only for HTTP tests * `runtests`: init `$VERSION` to avoid warnings when using `-l` * `runtests`: Parse `data/Makefile.inc` instead of using `make` * `runtests`: Skip disabled tests unless `-f` is used * rustls: Remove `native_roots` fallback * schannel: Set ALPN length correctly for HTTP/2 * SChannel: Use '`_tcsncmp()`' instead * `sectransp`: Check for client certs by name first, then file ([[CVE:2021-22926|CVE-2021-22926]]) * `setopt`: Fix incorrect comments * `socketpair`: Fix potential hangs * socks4: Scan for the IPv4 address in resolve results * ssl: Read pending close notify alert before closing the connection * sws: `malloc` request struct instead of using stack * telnet: Fix option parser to not send uninitialized contents ([[CVE:2021-22925|CVE-2021-22925]]) * `test1116`: `hyper` doesn't pass through "surprise-trailers" * `test1147`: `hyper` doesn't allow "crazy" request headers like built-in * `test1151`: Added missing CRLF to work with `hyper` * `test1216`: Adjusted for `hyper` mode * `test1218`: Adjusted for `hyper` mode * `test1230`: Adjust to work in `hyper` mode * `test1340`/`1341`: Adjusted for `hyper` mode * `test1438`/`1457`: Add `HTTP` keyword to make `hyper` mode work * `test1514`: Add a CRLF to the response to make it correct * `test1518`: Adjusted to work with `hyper` * `test1519`: Adjusted to work with `hyper` * `test1594`/`1595`/`1596`: Fix to work in `hyper` mode * `test269`: Disable for `hyper` * `test3010`: Work with `hyper` mode * `test328`: Avoid a header-looking body to make `hyper` mode work * `test339`: `CRLFify` better to work in `hyper` mode * `test347`: `CRLFify` to work in `hyper` mode * `test393`: Make `Content-Length` fit within 64 bit for `hyper` * `test394`: `hyper` returns a different error * `test395`: `hyper` cannot work around > 64 bit content-lengths like built-in * `test433`: Adjust for `hyper` mode * `test434`: Add `HTTP` keyword * `test500`: Adjust to work with `hyper` mode * `test566`: Adjust to work with `hyper` mode * `test599`: Adjusted to work in `hyper` mode * `test644`: Remove as duplicate of test 587 * tests: Fix `Accept-Encoding` strips to work with `hyper` builds * TLS: Prevent shutdown loops to get stuck * tool: Make `_lseeki64()` macro work with the PellesC compiler * `tool_help`: Document that `--tlspassword` takes a password * `tool_help`: Remove unused define * `url.c`: Remove two variable assigns that are never read * `url`: `(void)`-prefix a `curl_url_get()` call * `url`: Bad `CURLOPT_CONNECT_TO` syntax now returns error * version: Turn version number functions into returning `void` * vtls: exit `addsessionid` if no cache is inited * vtls: Fix connection reuse checks for issuer cert and case sensitivity ([[CVE:2021-22924|CVE-2021-22924]]) * vtls: Only store `TIMER_APPCONNECT` for non-proxy connect * vtls: Use `free()` not `curl_free()` * `warnless`: Simplify type size handling * Win32: Fix build with Watt-32 * `winbuild/README`: VC should be set to 6 'or larger' * winbuild: Support alternate `nghttp2` static lib name * wolfssl: Failing to set a session id is not reason to error out * `write-out.d`: Clarify `urlnum` is not unique for de-globbed URLs * zuul: Use the new rustls directory name * Updated `geoipupdate` to 4.8.0 as per the Fedora version * Updated `java-1.8.0-oracle` to Java SE 8 Update 301 * Bugfix and security update; see release notes at https://www.oracle.com/java/technologies/javase/8u301-relnotes.html ----