PaulHowarth/Blog/2022-05-11

Wednesday 11th May 2022

Local Packages

  • Updated curl to 7.83.1

    • altsvc: Fix host name matching for trailing dots

    • cirrus: Update to FreeBSD 12.3

    • cirrus: Use pip for Python packages on FreeBSD

    • conn: Fix typo 'connnection' → 'connection' in two function names

    • cookies: Make bad_domain() not consider a trailing dot fine (CVE-2022-27779)

    • curl: Free resource in error path

    • curl: Guard against size_t wraparound in no-clobber code

    • CURLOPT_DOH_URL.3: Mention the known bug

    • CURLOPT_HSTS*FUNCTION.3: Document the involved structs as well

    • CURLOPT_SSH_AUTH_TYPES.3: Fix the default

    • data/test376: Set a proper name

    • GHA/mbedtls: Enabled nghttp2 in the build
    • gha: Build msh3

    • gskit: Fixed bogus setsockopt calls

    • gskit: Remove unused function set_callback

    • hsts: Ignore trailing dots when comparing hosts' names (CVE-2022-30115)

    • HTTP-COOKIES: Add missing CURLOPT_COOKIESESSION

    • http: Move Curl_allow_auth_to_host()

    • http_proxy/hyper: Handle closed connections
    • hyper: Fix test 357

    • Makefile: Fix "make ca-firefox"

    • mbedtls: Bail out if rng init fails
    • mbedtls: Fix compile when h2-enabled
    • mbedtls: Fix some error messages

    • misc: Use "autoreconf -fi" instead of buildconf

    • msh3: Get msh3 version from MsH3Version

    • msh3: Print boolean value as text representation

    • msh3: Pass remote_port to MsH3ConnectionOpen

    • ngtcp2: Add ca-fallback support for OpenSSL backend

    • nss: Return error if seemingly stuck in a cert loop (CVE-2022-27781)

    • openssl: Define HAVE_SSL_CTX_SET_EC_CURVES for libressl

    • post_per_transfer: Remove the updated file name (CVE-2022-27778)

    • sectransp: Bail out if SSLSetPeerDomainName fails

    • tests/server: Declare variable 'reqlogfile' static

    • tests: Fix markdown formatting in README

    • test{898,974,976}: Add 'HTTP proxy' keywords

    • tls: Check more TLS details for connection reuse (CVE-2022-27782)

    • url: Check SSH config match on connection reuse (CVE-2022-27782)

    • urlapi: Address (harmless) UndefinedBehavior sanitizer warning

    • urlapi: Reject percent-decoding host name into separator bytes (CVE-2022-27780)

    • x509asn1: Make do_pubkey handle EC public keys

  • I skipped failing test977 on EL-7 for now (GH#8834)

  • Updated nmap (7.92) to revert the previous close-on-EOF change as it would do more harm than good

Recent