#acl PaulHowarth:read,write,admin,revert,delete All:read === Wednesday 15th September 2021 === ==== Fedora Project ==== * Updated `perl-Net-SSLeay` (1.90) in Rawhide to add fixes (mainly from upstream) for OpenSSL 3.0.0 ==== Local Packages ==== * Updated `curl` to 7.79.0: * bearssl: Support `CURLOPT_CAINFO_BLOB` * http: Consider cookies over localhost to be secure * secure transport: Support `CURLINFO_CERTINFO` * [[CVE:2021-22945|CVE-2021-22945]]: Clear the leftovers pointer when sending succeeds * [[CVE:2021-22946|CVE-2021-22946]]: Do not ignore `--ssl-reqd` * [[CVE:2021-22947|CVE-2021-22947]]: Reject `STARTTLS` server response pipelining * ares: Use `ares_getaddrinfo()` * `asyn-ares.c`: Move all version number checks to the top * auth: Do not append zero-terminator to authorisation id in kerberos * auth: Properly handle byte order in kerberos security message * auth: Use sasl authzid option in kerberos * auth: We do not support a security layer after kerberos authentication * `BINDINGS.md`: Update links to use https where available * build: Fix compiler warnings * c-hyper: Deal with `Expect: 100-continue` combined with `POSTFIELDS` * c-hyper: Fix header value passed to debug callback * c-hyper: Handle HTTP/1.1 ⇒ HTTP/1.0 downgrade on reused connection * c-hyper: Initial step for `100-continue` support * c-hyper: Initial support for "dumping" `1xx` HTTP responses * c-hyper: Remove the `hyper_executor_poll()` loop from `Curl_http` * CI/cirrus: Reduce compile time with increased parallelism * CI: Use !GitHub Container Registry instead of Docker Hub * cirrus: Add FreeBSD 13.0 job and disable sanitizer build * cmake: Avoid `poll()` on macOS * cmake: Sync `CURL_DISABLE` options * codeql: Fix error "Resource not accessible by integration" * `compressed.d`: It's a request, not an order * `config.d`: Escape the backslash properly * `config.d`: Note that `curlrc` is used even when `--config` * config: Get rid of the unused `HAVE_SIG_ATOMIC_T` et. al. * `configure.ac`: Revert bad `nghttp2` library detection improvements * `configure`: Error out if both `ngtcp2` and `quiche` are specified * `configure`: Make `--disable-hsts` work * `configure`: Set classic mingw minimum OS version to XP * `configure`: Tweak `nghttp2` library name fix * `connect`: Get local port + ip also when reusing connections * connect: Remove superfluous conditional * `curl-openssl.m4`: Check `lib64` for the `pkg-config` file * `curl-openssl.m4`: Show correct output for OpenSSL v3 * `curl.1`: Mention "global" flags * `curl.1`: Provide examples for each option * `curl`: Add warning for ignored data after quoted form parameter * `curl`: Add warning for incompatible parameters usage * `curl`: Better error message when `-O` fails to get a good name * `curl`: Stop retry if `Retry-After:` is longer than allowed * `curl_easy_setopt.3`: Improve the string copy wording * `Curl_hsts_loadcb`: Don't attempt to load if hsts wasn't inited * `curl_setup.h`: Sync values for `HTTP_ONLY` * `curl_url_get.3`: Clarify about path and query * `CURLMOPT_TIMERFUNCTION.3`: Remove misplaced "time" * `CURLOPT_DOH_URL.3`: `CURLOPT_OPENSOCKETFUNCTION` is not inherited * `CURLOPT_SSL_CTX_*.3`: Tidy up the example * `CURLOPT_UNIX_SOCKET_PATH.3`: Remove `nginx` reference, add see also * `docs/MQTT`: Update state of username/password support * docs: Remove experimental mentions from HSTS and MQTT * docs: The security list is reached at security at curl.se now * easy: Use a custom implementation of `wcsdup` on Windows * `examples/*hiperfifo.c`: Fix `calloc` arguments to match function proto * `examples/cookie_interface`: Avoid `printf`ing `time_t` directly * `examples/cookie_interface`: Fix scan-build `printf` warning * `examples/ephiperfifo.c`: Simplify signal handler * `FAQ`: Add two dev related questions * `getparameter`: Fix the `--local-port` number parser * `happy-eyeballs-timeout-ms.d`: Polish the wording * hostip: Make `Curl_ipv6works` function independent of `getaddrinfo` * http2: `Curl_http2_setup` needs to init stream data in all invokes * http2: Revert a change that broke upgrade to h2c * http2: Revert call the handle-closed function correctly on closed stream * http: Disallow >3-digit response codes * http: Ignore content-length if any transfer-encoding is used * `http_proxy`: Clear 'sending' when the outgoing request is sent * `http_proxy`: Fix the User-Agent inclusion in `CONNECT` * `http_proxy`: Fix user-agent and custom headers for `CONNECT` with hyper * `http_proxy`: Only wait for writeable socket while sending request * `INTERNALS`: Bump `c-ares` requirement to 1.16.0 * `INTERNALS`: `c-ares` has a new home: `c-ares.org` * lib: Don't use `strerror()` * `libcurl-errors.3`: Clarify two `CURLUcode` errors * `limit-rate.d`: Clarify base unit * mailing lists: Move from `cool.haxx.se` to `lists.haxx.se` * mbedtls: Avoid using a large buffer on the stack * mbedTLS: Initial 3.0.0 support * `mbedtls_threadlock`: Fix unused variable warning * `mksymbolsmanpage.pl`: Fix showing symbol's last used version * `mksymbolsmanpage.pl`: Match symbols case insensitively * multi: Fix compiler warning with '`CURL_DISABLE_WAKEUP`' * ngtcp2: Compile with the latest ngtcp2 and nghttp3 * ngtcp2: Fix build with ngtcp2 and nghttp3 * ngtcp2: Remove the `acked_crypto_offset` struct field `init` * ngtcp2: Replace deprecated functions with `nghttp3_conn_shutdown_stream_read` * ngtcp2: Reset the outstanding send buffer again when drained * ngtcp2: Rework the return value handling of `ngtcp2_conn_writev_stream` * ngtcp2: Stop buffering crypto data * ngtcp2: Utilize crypto API functions to simplify * openssl: Annotate `SSL3_MT_SUPPLEMENTAL_DATA` * openssl: When creating a new context, there cannot be an old one * opt-docs: Make sure all man pages have examples * opt-docs: Verify man page sections + order * opts docs: Unify phrasing in `NAME` header * `output.d`: Add method to suppress response bodies * page-header: Add `GOPHERS`, simplify wording in the 1st paragraph * progress: Fix a compile warning on some systems * progress: Make `trspeed` avoid floats * `runtests`: Add option `-u` to error on server unexpectedly alive * schannel: Work around typo in classic mingw macro * scripts: Invoke interpreters through `/usr/bin/env` * setopt: Enable `CURLOPT_IGNORE_CONTENT_LENGTH` for hyper * `strerror.h`: Remove the `#include` from files not using it * symbols-in-versions: Fix `CURLSSLBACKEND_QSOSSL` last used version * `test1138`: Remove trailing space to make work with hyper * `test1173`: Check references to `libcurl` options * `test1280`: CRLFify the response to please hyper * `test1565`: Fix Windows build errors * `test365`: Verify response with chunked '''and''' Content-Length headers * `tests/*server.pl`: Flush output before executing subprocess * `tests/*server.py`: Remove pidfile on server termination * `tests/runtests.pl`: Clean-up copy-and-paste mistakes and unused code * `tests/server/*.c`: Align handling of `portfile` argument and file * tests: Adjust the `tftpd` output to work with hyper mode * tests: Be explicit about using '`python3`' instead of '`python`' * tests: Enable test 1129 for hyper builds * tests: Make three tests pass until 2037 * `tool/tests`: Fix potential year 2038 issues * `tool_operate`: Fix `--fail-early` with parallel transfers * url: Fix compiler warning in no-verbose builds * `urlapi.c`: seturl: Assert URL instead of using if-check * vtls: Fix typo in `schannel_verify.c` * `winbuild/README.md`: Clarify `GEN_PDB` option * wolfssl: clean up wolfcrypt error queue * `write-out.d`: Clarify `size_download`/`upload` * x509asn1: Fix heap over-read when parsing x509 certificates * Updated `perl-Net-SSLeay` (1.90) as per the Fedora version ----