#acl PaulHowarth:read,write,admin,revert,delete All:read === Monday 27th June 2022 === ==== Local Packages ==== * Updated `curl` to 7.84.0: * curl: Add `--rate` to set max request rate per time unit * curl: Deprecate `--random-file` and `--egd-file` * `curl_version_info`: Add `CURL_VERSION_THREADSAFE` * `CURLINFO_CAPATH/CAINFO`: Get the default CA paths from `libcurl` * lib: Make `curl_global_init()` thread-safe when possible * `libssh2`: Add `CURLOPT_SSH_HOSTKEYFUNCTION` * opts: Deprecate `RANDOM_FILE` and `EGDSOCKET` * socks: Support unix sockets for socks proxy * `aws-sigv4`: Fix potential `NULL` pointer arithmetic * `bindlocal`: Don't use a random port if port number would wrap * `c-hyper`: Mark status line as status for `Curl_client_write()` * ci: Avoid '`cmake -Hpath`' * ci: Bump FreeBSD 13.0 to 13.1 * ci: Update !GitHub actions * cmake: Add `libpsl` support * cmake: Do not add `libcurl.rc` to the static `libcurl` library * cmake: Enable `curl.rc` for all Windows targets * cmake: Fix detecting `libidn2` * cmake: Support adding a suffix to the OS value * `configure`: Skip `libidn2` detection when `winidn` is used * `configure`: Use the `SED` value to invoke `sed` * `configure`: Warn about `rustls` being experimental * `content_encoding`: Return error on too many compression steps ([[CVE:2022-32206|CVE-2022-32206]]) * cookie: Address secure domain overlay * cookie: Apply limits ([[CVE:2022-32205|CVE-2022-32205]]) * `copyright.pl`: Parse and use `.reuse/dep5` for skips * copyright: Make repository `REUSE` compliant * `curl.1`: Add a few see also `--tls-max` * `curl.1`: Mention exit code zero too * curl: Re-enable `--no-remote-name` * `curl_easy_pause.3`: Remove explanation of progress function * `curl_getdate.3`: Document that some illegal dates pass through * `Curl_parsenetrc`: Don't access local `pwbuf` outside of scope * `curl_url_set.3`: Clarify by default using known schemes only * `CURLOPT_ALTSVC.3`: Document the file format * `CURLOPT_FILETIME.3`: Fix the protocols this works with * `CURLOPT_HTTPHEADER.3`: Improve comment in example * `CURLOPT_NETRC.3`: Document the `.netrc` file format * `CURLOPT_PORT.3`: We discourage using this option * `CURLOPT_RANGE.3`: Remove ranged upload advice * digest: Added detection of more syntax errors in server headers * digest: Tolerate missing "realm" * digest: Unquote realm and nonce before processing * `DISABLED`: Disable 1021 for hyper again * `docs/cmdline-opts`: Add copyright and license identifier to each file * `docs/CONTRIBUTE.md`: Document the 'needs-votes' concept * docs: Clarify data replacement policy for MIME API * doh: Remove `UNITTEST` macro definition * `examples/crawler.c`: Use the `curl` license * examples: Remove `fopen.c` and `rtsp.c` * FAQ: Clarify Windows double quote usage * `fopen`: Add `Curl_fopen()` for better overwriting of files ([[CVE:2022-32207|CVE-2022-32207]]) * ftp: Restore protocol state after http proxy `CONNECT` * ftp: When failing to do a secure GSSAPI login, fail hard * GHA/hyper: Enable debug in the build * gssapi: Improve handling of errors from `gss_display_status` * gssapi: Initialize `gss_buffer_desc` strings * headers API: Remove `EXPERIMENTAL` tag * http2: Always debug print stream id in decimal with `%u` * http2: Reject overly many push-promise headers * http: Restore header folding behaviour * hyper: Use '`alt-used`' * krb5: Return error properly on decode errors ([[CVE:2022-32208|CVE-2022-32208]]) * lib: Make more protocol specific struct fields `#ifdef`ed * `libcurl-security.3`: Add "Secrets in memory" * `libcurl-security.3`: Document CRLF header injection * `libssh`: Skip the fake-close when `libssh` does the right thing * links: Update dead links to the curl-wiki * `log2changes`: Do not indent empty lines * macos9: Remove partial support * `Makefile.am`: Fix portability issues * `Makefile.m32`: Delete obsolete options, improve `-On` * `Makefile.m32`: Delete two obsolete OpenSSL options * `Makefile.m32`: Stop forcing XP target with ipv6 enabled * `max-time.d`: Clarify max-time sets max transfer time * `mprintf`: Ignore clang non-literal format string * `netrc`: Check `%USERPROFILE%` as well on Windows * `netrc`: Support quoted strings * `ngtcp2`: Allow `curl` to send larger UDP datagrams * `ngtcp2`: Correct use of `ngtcp2` and `nghttp3` signed integer types * `ngtcp2`: Enable Linux GSO * `ngtcp2`: Extend QUIC transport parameters buffer * `ngtcp2`: Fix `alert_read_func` return value * `ngtcp2`: Fix typo in preprocessor condition * `ngtcp2`: Handle error from `ngtcp2_conn_submit_crypto_data` * `ngtcp2`: Send appropriate connection close error code * `ngtcp2`: Support boringssl crypto backend * `ngtcp2`: Use helper funcs to simplify TLS handshake integration * ntlm: Provide a fixed fake host name * projects: Fix third-party SSL library build paths for Visual Studio * quic: Add `Curl_quic_idle` * quiche: Support ca-fallback * rand: Stop detecting `/dev/urandom` in cross-builds * `remote-name.d`: Mention `--output-dir` * `runtests.pl`: Add the `--repeat` parameter to the `--help` output * `runtests`: Fix skipping tests not done event-based * `runtests`: Skip starting the ssh server if user name is lacking * `scripts/copyright.pl`: fix the exclusion to not ignore man pages * `sectransp`: Check for a function defined when `__BLOCKS__` is undefined * select: Return error from "lethal" poll/select errors * `server/sws`: Support spaces in the HTTP request path * `speed-limit/time.d`: Mention these affect transfers in either direction * `strcase`: Some optimizations * test2081: Add a valid reply for the second request * test675: Add missing CR so the test passes when run through Privoxy * test414: Add the '`--resolve`' keyword * test681: Verify `--no-remote-name` * tests 266, 116 and 1540: Add a small write delay * `tests/data/test1501`: Kill ftp server after slow `LIST` response * `tests/getpart`: Fix `getpartattr` to work with "`data`" and "`data2`" * `tests/server/sws.c`: Change the HTTP `writedelay` unit to milliseconds * test{440,441,493,977}: Add "HTTP proxy" keywords * `tool_getparam`: Fix `--parallel-max` maximum value constraint * `tool_operate`: Make sure `--fail-with-body` works with `--retry` * transfer: Fix potential NULL pointer dereference * transfer: Maintain `--path-as-is` after redirects * transfer: Upload performance; avoid tiny send * url: Free old conn better on reuse * url: Remove redundant `#ifdef`s in `allocate_conn()` * url: URL encode the path when extracted, if spaces were set * urlapi: Make `curl_url_set(url, CURLUPART_URL, NULL, 0)` clear all parts * urlapi: Support `CURLU_URLENCODE` for `curl_url_get()` * urldata: Reduce size of a few struct fields * urldata: Remove three unused booleans from `struct UserDefined` * urldata: Store `tcp_keepidle` and `tcp_keepintvl` as ints * version: Allow `stricmp()` for sorting the feature list * vtls: Make `curl_global_sslset` thread-safe * `wolfssh.h`: Removed * wolfSSL: Correct the `failf()` message when a handle can't be made * wolfSSL: Explicitly use compatibility layer * `x509asn1`: Mark `msnprintf` return as unchecked . I had to disable flaky test 3026 for now * Updated `libidn` update to 1.41: * Bump `LT_REVISION` for new release; it was mistakenly left at the same value since 1.38 * Add version number related self-checks * Updated `perl-Compress-Raw-Zlib` to 2.202: * `Z_NULL` should be '`UV`' rather than '`PV`' ([[https://github.com/pmqs/Compress-Raw-Zlib/issues/17|GH#17]]) ----