PaulHowarth/Blog/2022-04-27

Wednesday 27th April 2022

Local Packages

  • Updated curl to 7.83.0:

    • curl: Add %header{name} experimental support in -w handling

    • curl: Add %{header_json} experimental support in -w handling

    • curl: Add --no-clobber

    • curl: Add --remove-on-error

    • header api: Add curl_easy_header and curl_easy_nextheader

    • msh3: Add support for QUIC and HTTP/3 using msh3

    • appveyor: Add Cygwin build
    • appveyor: Only add MSYS2 to PATH where required

    • BearSSL: Add CURLOPT_SSL_CIPHER_LIST support

    • BearSSL: Add CURLOPT_SSL_CTX_FUNCTION support

    • BINDINGS.md: Add Hollywood binding

    • CI: Do not use buildconf; instead, just use: autoreconf -fi

    • CI: Install Python package impacket to run SMB test 1451

    • configure.ac: Move -pthread CFLAGS setting back where it used to be

    • configure: Bump the copyright year range in the generated output

    • conncache: Include the zone id in the "bundle" hashkey (CVE-2022-27775)

    • connecache: Remove duplicate connc->closure_handle check

    • connect: Make Curl_getconnectinfo work with conn cache from share handle

    • connect: Use TCP_KEEPALIVE only if TCP_KEEPIDLE is not defined

    • cookie.d: Clarify when cookies are sent

    • cookies: Improve error handling for reading cookiefile

    • curl/system.h: Update ifdef condition for MCST-LCC compiler

    • curl: Error out if -T and -d are used for the same URL

    • curl: Error out when options need features not present in libcurl

    • curl: Escape '?' in generated --libcurl code

    • curl: Fix segmentation fault for empty output file names

    • curl_easy_header: Fix typos in documentation

    • CURLINFO_PRIMARY_PORT.3: Clarify which port this is

    • CURLOPT*TLSAUTH.3: They only work with OpenSSL or GnuTLS

    • CURLOPT_DISALLOW_USERNAME_IN_URL.3: Use uppercase URL

    • CURLOPT_PREQUOTE.3: Only works for FTP file transfers, not dirs

    • CURLOPT_PROGRESSFUNCTION.3: Fix typo in example

    • CURLOPT_UNRESTRICTED_AUTH.3: Extended explanation

    • CURLSHOPT_UNLOCKFUNC.3: Fix the callback prototype

    • docs/HYPER.md: Updated to reflect current hyper build needs

    • docs/opts: Mention Schannel client cert type is P12

    • docs: Fix missing semicolon in example code
    • docs: Lots of minor language polish
    • English: Use American spelling consistently

    • fail.d: Tweak the description

    • firefox-db2pem.sh: Make the shell script safer

    • ftp: Fix error message for partial file upload

    • gen.pl: Change wording for mutexed options

    • GHA: Add openssl3 jobs moved over from Zuul
    • GHA: Build hyper with nightly rustc
    • GHA: Move bearssl jobs over from Zuul
    • GHA: Move the event-based test over from Zuul
    • gtls: Fix build for disabled TLS-SRP

    • http2: Handle DONE called for the paused stream

    • http2: RST the stream if we stop it on our own will

    • http: Avoid auth/cookie on redirects same host diff port (CVE-2022-27776)

    • http: Close the stream (not connection) on time condition abort
    • http: Reject header contents with nul bytes
    • http: Return error on colon-less HTTP headers
    • http: streamclose "already downloaded"

    • hyper: Fix status_line() return code

    • hyper: Fix tests 580 and 581 for hyper
    • hyper: No h2c support
    • infof: Consistent capitalization of warning messages

    • ipv4/6.d: Clarify that they are about using IP addresses

    • json.d: Fix typo (overriden → overridden)

    • keepalive-time.d: It takes many probes to detect brokenness

    • lib/warnless.[ch]: Only check for WIN32 and ignore _WIN32

    • lib670: Avoid double check result

    • lib: #ifdef on USE_HTTP2 better

    • lib: Fix some misuse of curlx_convert_wchar_to_UTF8

    • lib: Remove exclamation marks
    • libssh2: Compare sha256 strings case sensitively
    • libssh2: Make the md5 comparison fail if wrong length
    • libssh: Fix build with old libssh versions
    • libssh: Fix double close

    • libssh: Improve fix for missing SSH_S_ stat macros

    • libssh: Unstick SFTP transfers when done event-based

    • macos: Set .plist version in autoconf

    • mbedtls: Remove 'protocols' array from backend when ALPN is not used

    • mbedtls: Remove server_fd from backend

    • mk-ca-bundle.pl: Use stricter logic to process the certificates

    • mk-ca-bundle.vbs: Delete this script in favor of mk-ca-bundle.pl

    • mlc_config.json: Add file to ignore known troublesome URLs

    • mqtt: Better handling of TCP disconnect mid-message
    • ngtcp2: Add client certificate authentication for OpenSSL

    • ngtcp2: Avoid busy loop in low CWND situation

    • ngtcp2: Deal with sub-millisecond timeout
    • ngtcp2: Disconnect the QUIC connection properly

    • ngtcp2: Enlarge H3_SEND_SIZE

    • ngtcp2: Fix HTTP/3 upload stall and avoid busy loop
    • ngtcp2: Fix memory leak

    • ngtcp2: Fix QUIC_IDLE_TIMEOUT

    • ngtcp2: Make curl 1ms faster

    • ngtcp2: Remove remote_addr, which is not used in a meaningful way

    • ngtcp2: Update to work after recent ngtcp2 updates

    • ngtcp2: Use token when detecting :status header field

    • nonblock: Restore setsockopt method to curlx_nonblock

    • openssl: Check SSL_get_peer_cert_chain return value

    • openssl: Enable CURLOPT_SSL_EC_CURVES with BoringSSL

    • openssl: Fix CN check error code
    • options: Remove mistaken space before paren in prototype
    • perl: Removed a double semicolon at end of line

    • pop3/smtp: return *WEIRD_SERVER_REPLY when not understood

    • projects/README: Converted to markdown

    • projects: Update VC version names for VS2017, VS2022

    • rtsp: Don't let CSeq error override earlier errors

    • runtests: Add 'bearssl' as testable feature
    • runtests: Make 'oldlibssh' be before 0.9.4
    • schannel: Remove dead code that will never run

    • scripts/copyright.pl: Ignore the new mlc_config.json file

    • scripts: Move three scripts from lib/ to scripts/

    • test1135: Sync with recent API updates

    • test1459: Disable for oldlibssh

    • test375: Fix line endings on Windows

    • test386: Fix an incorrect test markup tag

    • test718: Edited slightly to return better HTTP

    • tests/server/util.h: Align WIN32 condition with util.c

    • tests: Refactor server/socksd.c to support --unix-socket

    • timediff.[ch]: Add curlx helper functions for timeval conversions

    • tls: Make mbedtls and NSS check for h2, not nghttp2

    • tool and tests: Force flush of all buffers at end of program

    • tool_cb_hdr: Turn the Location: into a terminal hyperlink

    • tool_getparam: Error out on missing -K file

    • tool_listhelp.c: Uppercase URL

    • tool_operate: Fix a scan-build warning

    • tool_paramhlp: Use feof(3) to identify EOF correctly when using fread(3)

    • transfer: Redirects to other protocols or ports clear auth (CVE-2022-27774)

    • unit1620: Call global_init before calling Curl_open

    • url: Check sasl additional parameters for connection reuse (CVE-2022-22576)

    • vtls: Provide a unified ALPN-disagree string for all backends
    • vtls: Use a backend standard message for "ALPN: offers %s"
    • vtls: Use a generic "ALPN, server accepted" message

    • winbuild/README.md: Fix up dead link

    • winbuild: Add a Visual Studio example to the README

    • wolfssl: Fix compiler error without IPv6

  • Cleaned up and rebuilt demoroniser

  • Cleaned up and rebuilt plusnet-fttc

Recent