Wednesday 15th September 2021
Fedora Project
Updated perl-Net-SSLeay (1.90) in Rawhide to add fixes (mainly from upstream) for OpenSSL 3.0.0
Local Packages
Updated curl to 7.79.0:
bearssl: Support CURLOPT_CAINFO_BLOB
- http: Consider cookies over localhost to be secure
secure transport: Support CURLINFO_CERTINFO
CVE-2021-22945: Clear the leftovers pointer when sending succeeds
CVE-2021-22946: Do not ignore --ssl-reqd
CVE-2021-22947: Reject STARTTLS server response pipelining
ares: Use ares_getaddrinfo()
asyn-ares.c: Move all version number checks to the top
- auth: Do not append zero-terminator to authorisation id in kerberos
- auth: Properly handle byte order in kerberos security message
- auth: Use sasl authzid option in kerberos
- auth: We do not support a security layer after kerberos authentication
BINDINGS.md: Update links to use https where available
- build: Fix compiler warnings
c-hyper: Deal with Expect: 100-continue combined with POSTFIELDS
- c-hyper: Fix header value passed to debug callback
- c-hyper: Handle HTTP/1.1 ⇒ HTTP/1.0 downgrade on reused connection
c-hyper: Initial step for 100-continue support
c-hyper: Initial support for "dumping" 1xx HTTP responses
c-hyper: Remove the hyper_executor_poll() loop from Curl_http
- CI/cirrus: Reduce compile time with increased parallelism
CI: Use GitHub Container Registry instead of Docker Hub
- cirrus: Add FreeBSD 13.0 job and disable sanitizer build
cmake: Avoid poll() on macOS
cmake: Sync CURL_DISABLE options
- codeql: Fix error "Resource not accessible by integration"
compressed.d: It's a request, not an order
config.d: Escape the backslash properly
config.d: Note that curlrc is used even when --config
config: Get rid of the unused HAVE_SIG_ATOMIC_T et. al.
configure.ac: Revert bad nghttp2 library detection improvements
configure: Error out if both ngtcp2 and quiche are specified
configure: Make --disable-hsts work
configure: Set classic mingw minimum OS version to XP
configure: Tweak nghttp2 library name fix
connect: Get local port + ip also when reusing connections
- connect: Remove superfluous conditional
curl-openssl.m4: Check lib64 for the pkg-config file
curl-openssl.m4: Show correct output for OpenSSL v3
curl.1: Mention "global" flags
curl.1: Provide examples for each option
curl: Add warning for ignored data after quoted form parameter
curl: Add warning for incompatible parameters usage
curl: Better error message when -O fails to get a good name
curl: Stop retry if Retry-After: is longer than allowed
curl_easy_setopt.3: Improve the string copy wording
Curl_hsts_loadcb: Don't attempt to load if hsts wasn't inited
curl_setup.h: Sync values for HTTP_ONLY
curl_url_get.3: Clarify about path and query
CURLMOPT_TIMERFUNCTION.3: Remove misplaced "time"
CURLOPT_DOH_URL.3: CURLOPT_OPENSOCKETFUNCTION is not inherited
CURLOPT_SSL_CTX_*.3: Tidy up the example
CURLOPT_UNIX_SOCKET_PATH.3: Remove nginx reference, add see also
docs/MQTT: Update state of username/password support
- docs: Remove experimental mentions from HSTS and MQTT
- docs: The security list is reached at security at curl.se now
easy: Use a custom implementation of wcsdup on Windows
examples/*hiperfifo.c: Fix calloc arguments to match function proto
examples/cookie_interface: Avoid printfing time_t directly
examples/cookie_interface: Fix scan-build printf warning
examples/ephiperfifo.c: Simplify signal handler
FAQ: Add two dev related questions
getparameter: Fix the --local-port number parser
happy-eyeballs-timeout-ms.d: Polish the wording
hostip: Make Curl_ipv6works function independent of getaddrinfo
http2: Curl_http2_setup needs to init stream data in all invokes
- http2: Revert a change that broke upgrade to h2c
- http2: Revert call the handle-closed function correctly on closed stream
http: Disallow >3-digit response codes
- http: Ignore content-length if any transfer-encoding is used
http_proxy: Clear 'sending' when the outgoing request is sent
http_proxy: Fix the User-Agent inclusion in CONNECT
http_proxy: Fix user-agent and custom headers for CONNECT with hyper
http_proxy: Only wait for writeable socket while sending request
INTERNALS: Bump c-ares requirement to 1.16.0
INTERNALS: c-ares has a new home: c-ares.org
lib: Don't use strerror()
libcurl-errors.3: Clarify two CURLUcode errors
limit-rate.d: Clarify base unit
mailing lists: Move from cool.haxx.se to lists.haxx.se
- mbedtls: Avoid using a large buffer on the stack
- mbedTLS: Initial 3.0.0 support
mbedtls_threadlock: Fix unused variable warning
mksymbolsmanpage.pl: Fix showing symbol's last used version
mksymbolsmanpage.pl: Match symbols case insensitively
multi: Fix compiler warning with 'CURL_DISABLE_WAKEUP'
- ngtcp2: Compile with the latest ngtcp2 and nghttp3
- ngtcp2: Fix build with ngtcp2 and nghttp3
ngtcp2: Remove the acked_crypto_offset struct field init
ngtcp2: Replace deprecated functions with nghttp3_conn_shutdown_stream_read
- ngtcp2: Reset the outstanding send buffer again when drained
ngtcp2: Rework the return value handling of ngtcp2_conn_writev_stream
- ngtcp2: Stop buffering crypto data
- ngtcp2: Utilize crypto API functions to simplify
openssl: Annotate SSL3_MT_SUPPLEMENTAL_DATA
- openssl: When creating a new context, there cannot be an old one
- opt-docs: Make sure all man pages have examples
- opt-docs: Verify man page sections + order
opts docs: Unify phrasing in NAME header
output.d: Add method to suppress response bodies
page-header: Add GOPHERS, simplify wording in the 1st paragraph
- progress: Fix a compile warning on some systems
progress: Make trspeed avoid floats
runtests: Add option -u to error on server unexpectedly alive
- schannel: Work around typo in classic mingw macro
scripts: Invoke interpreters through /usr/bin/env
setopt: Enable CURLOPT_IGNORE_CONTENT_LENGTH for hyper
strerror.h: Remove the #include from files not using it
symbols-in-versions: Fix CURLSSLBACKEND_QSOSSL last used version
test1138: Remove trailing space to make work with hyper
test1173: Check references to libcurl options
test1280: CRLFify the response to please hyper
test1565: Fix Windows build errors
test365: Verify response with chunked and Content-Length headers
tests/*server.pl: Flush output before executing subprocess
tests/*server.py: Remove pidfile on server termination
tests/runtests.pl: Clean-up copy-and-paste mistakes and unused code
tests/server/*.c: Align handling of portfile argument and file
tests: Adjust the tftpd output to work with hyper mode
tests: Be explicit about using 'python3' instead of 'python'
- tests: Enable test 1129 for hyper builds
- tests: Make three tests pass until 2037
tool/tests: Fix potential year 2038 issues
tool_operate: Fix --fail-early with parallel transfers
- url: Fix compiler warning in no-verbose builds
urlapi.c: seturl: Assert URL instead of using if-check
vtls: Fix typo in schannel_verify.c
winbuild/README.md: Clarify GEN_PDB option
- wolfssl: clean up wolfcrypt error queue
write-out.d: Clarify size_download/upload
- x509asn1: Fix heap over-read when parsing x509 certificates
Updated perl-Net-SSLeay (1.90) as per the Fedora version