Wednesday 11th May 2022
Local Packages
Updated curl to 7.83.1
altsvc: Fix host name matching for trailing dots
- cirrus: Update to FreeBSD 12.3
cirrus: Use pip for Python packages on FreeBSD
conn: Fix typo 'connnection' → 'connection' in two function names
cookies: Make bad_domain() not consider a trailing dot fine (CVE-2022-27779)
curl: Free resource in error path
curl: Guard against size_t wraparound in no-clobber code
CURLOPT_DOH_URL.3: Mention the known bug
CURLOPT_HSTS*FUNCTION.3: Document the involved structs as well
CURLOPT_SSH_AUTH_TYPES.3: Fix the default
data/test376: Set a proper name
- GHA/mbedtls: Enabled nghttp2 in the build
- gha: Build msh3
gskit: Fixed bogus setsockopt calls
gskit: Remove unused function set_callback
hsts: Ignore trailing dots when comparing hosts' names (CVE-2022-30115)
HTTP-COOKIES: Add missing CURLOPT_COOKIESESSION
http: Move Curl_allow_auth_to_host()
- http_proxy/hyper: Handle closed connections
- hyper: Fix test 357
Makefile: Fix "make ca-firefox"
- mbedtls: Bail out if rng init fails
- mbedtls: Fix compile when h2-enabled
- mbedtls: Fix some error messages
misc: Use "autoreconf -fi" instead of buildconf
msh3: Get msh3 version from MsH3Version
- msh3: Print boolean value as text representation
msh3: Pass remote_port to MsH3ConnectionOpen
- ngtcp2: Add ca-fallback support for OpenSSL backend
nss: Return error if seemingly stuck in a cert loop (CVE-2022-27781)
openssl: Define HAVE_SSL_CTX_SET_EC_CURVES for libressl
post_per_transfer: Remove the updated file name (CVE-2022-27778)
sectransp: Bail out if SSLSetPeerDomainName fails
tests/server: Declare variable 'reqlogfile' static
tests: Fix markdown formatting in README
test{898,974,976}: Add 'HTTP proxy' keywords
tls: Check more TLS details for connection reuse (CVE-2022-27782)
url: Check SSH config match on connection reuse (CVE-2022-27782)
urlapi: Address (harmless) UndefinedBehavior sanitizer warning
urlapi: Reject percent-decoding host name into separator bytes (CVE-2022-27780)
x509asn1: Make do_pubkey handle EC public keys
I skipped failing test977 on EL-7 for now (GH#8834)
Updated nmap (7.92) to revert the previous close-on-EOF change as it would do more harm than good