Wednesday 26th October 2022
Local Packages
Updated curl to 7.86.0:
- NPN: Remove support for and use of
- Websockets: Initial support
- altsvc: Reject bad port numbers
altsvc: Use 'h3' for h3
amiga: Do not hard-code openssl/zlib into the os config
amiga: Set SIZEOF_CURL_OFF_T=8 by default
- amigaos: Add missing curl header
asyn-ares: Set hint flags when calling ares_getaddrinfo
autotools: Allow --enable-symbol-hiding with Windows
- autotools: Allow unix sockets on Windows
autotools: Reduce brute-force when detecting recv/send arg list
aws_sigv4: Fix header computation
- bearssl: Make it properly C89 compliant
- CI/GHA: Cancel outdated CI runs on new PR changes
CI/GHA: Merge msh3 and openssl3 builds into linux workflow
- cirrus-ci: Add macOS build with m1
cirrus: Use make LDFLAGS=-all-static instead of curl_LDFLAGS
- cli tool: Do not use disabled protocols
cmake: Add missing inet_ntop check
cmake: Add the check of HAVE_SOCKETPAIR
cmake: Define BUILDING_LIBCURL in lib/CMakeLists, not config.h
cmake: Delete duplicate HAVE_GETADDRINFO test
- cmake: Enable more detection on Windows
- cmake: Fix original MinGW builds
- cmake: Improve usability of CMake build as a sub-project
cmake: Set HAVE_GETADDRINFO_THREADSAFE on Windows
cmake: Set HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID on Windows
cmake: Sync HAVE_SIGNAL detection with autotools
cmdline/docs: Add a required 'multi' keyword for each option
configure: Correct the wording when checking grep -E
configure: Deprecate builds with small curl_off_t
configure: Fail if '--without-ssl' + explicit parameter for an ssl lib
configure: The ngtcp2 option should default to 'no'
- connect: Change verbose IPv6 address:port to [address]:port
connect: Fix builds without AF_INET6
connect: Fix Curl_updateconninfo for TRNSPRT_UNIX
connect: Fix the wrong error message on connect failures
- content_encoding: Use writer struct subclasses for different encodings
- cookie: Reject cookie names or content with TAB characters
ctype: Remove all use of <ctype.h>, use our own versions
curl-compilers.m4: For gcc + want warnings, set gnu89 standard
curl-compilers.m4: Use -O2 as default optimize for clang
curl-wolfssl.m4: Error out if wolfSSL is not usable
curl.h: Fix mention of wrong error code in comment
curl/add_file_name_to_url: Use the libcurl URL parser
curl/add_parallel_transfers: Better error handling
curl/get_url_file_name: Use libcurl URL parser
curl: Warn for --ssl use, considered insecure
curl_ctype: Convert to macros-only
curl_easy_pause.3: Unpausing is as fast as possible
curl_escape.3: Fix typo
curl_setup: Disable use of FLOSS for 64-bit NonStop builds
curl_setup: Include curl.h after platform setup headers
curl_setup: Include only system.h instead of curl.h
curl_strequal.3: Fix argument typo
curl_url_set.3: Document CURLU_APPENDQUERY properly
CURLMOPT_PIPELINING.3: De-dupe manpage xref
CURLOPT_ACCEPT_ENCODING.3: Remove "four" as they are five
CURLOPT_AUTOREFERER.3: Highlight the privacy leak risk
CURLOPT_COOKIEFILE: Insist on "" for enable-without-file
CURLOPT_COOKIELIST.3: Fix formatting mistake
CURLOPT_DNS_INTERFACE.3: Mention it works for almost all protocols
CURLOPT_MIMEPOST.3: Add an (inline) example
CURLOPT_POSTFIELDS.3: Refer to CURLOPT_MIMEPOST
CURLOPT_PROXY_SSLCERT_BLOB.3: This is for HTTPS proxies
CURLOPT_WILDCARDMATCH.3: Fix backslash escaping under single quotes
CURLSHOPT_UNLOCKFUNC.3: The callback has no 'access' argument
DEPRECATE.md: Support for systems without 64 bit data types
docs/examples: Avoid deprecated options in examples where possible
docs/INSTALL: Update Android instructions for newer NDKs
docs/libcurl/symbols-in-versions: Add several missing symbols
- docs: 100+ spelling fixes
- docs: Correct missing uppercase in Markdown files
- docs: Document more server names for test files
- docs: Fix deprecation version inconsistencies
docs: Make sure libcurl opts examples pass in long arguments
docs: Remove mentions of deprecated '--without-openssl' parameter
- docs: Tag curl options better in man pages
docs: Tell about disabled protocols in CURLOPT_*PROTOCOLS_STR
- docs: Update sourceforge project links
easy: Fix the #include order
easy: Fix the altsvc init for curl_easy_duphandle
easy_lock: Check for HAVE_STDATOMIC_H as well
examples/chkspeed: Improve portability
formdata: Fix warning: 'CURLformoption' is promoted to 'int'
ftp: Ignore a 550 response to MDTM
ftp: Remove redundant if
functypes: Provide the recv and send arg and return types
getparameter: Return PARAM_MANUAL_REQUESTED for -M even when disabled
- GHA: Build tests in a separate step from the running of them
GHA: Run proselint on markdown files
GitHub: Initial CODEOWNERS setup for CI configuration
header: Define public API functions as extern c
- headers: Reset the requests counter at transfer start
hostip: Guard PF_INET6 use
- hostip: Lazily wait to figure out if IPv6 works until needed
http, vauth: Always provide Curl_allow_auth_to_host() functionality
http2: Make nghttp2 less picky about field whitespace
HTTP3.md: Update Caddy example
http: Try parsing Retry-After: as a number first
http_proxy: Restore the protocol pointer on error (CVE-2022-42915)
httpput-postfields.c: Shorten string for C89 compliance
ldap: Delete stray CURL_HAS_MOZILLA_LDAP reference
- lib1560: Extended to verify detect/reject of unknown schemes
- lib517: Fix C89 constant signedness
lib: Add missing limits.h includes
lib: Add required Win32 setup definitions in setup-win32.h
- lib: Prepare the incoming of additional protocols
- lib: Sanitize conditional exclusion around MIME
lib: Set more flags in config-win32.h
- lib: The number four in a sequence is the "fourth"
libssh: If sftp_init fails, don't get the sftp error code
Makefile.m32: De-duplicate build rules
Makefile.m32: Drop CROSSPREFIX and our CC/AR defaults
Makefile.m32: Exclude libs and libpaths for shared mode executables
Makefile.m32: Fix regression with tool_hugehelp
Makefile.m32: Major rework
Makefile.m32: Reintroduce CROSSPREFIX and -W -Wall
Makefile.m32: Support more options
manpage-syntax.pl: All libcurl option symbols should be \fI-tagged
- manpages: Fix spelling of "allows to" → "allows one to"
misc: ISSPACE() → ISBLANK()
- misc: Use the term "null-terminate" consistently
- mprintf: Reject two kinds of precision for the same argument
mprintf: Use snprintf if available
- mqtt: Return error for too long topic
mqtt: Spell out CONNECT in comments
msh3: Change the static_assert to make the code C89
- netrc: Compare user name case sensitively
netrc: Replace fgets with Curl_get_line (CVE-2022-35260)
- netrc: Use the URL-decoded user
ngtcp2: Fix build errors due to changes in ngtcp2 library
- ngtcp2: Fix C89 compliance nit
- noproxy: Support proxies specified using CIDR notation
- openssl: Make certinfo available for QUIC
README.md: Add GHA status badges for Linux and macOS builds
RELEASE-PROCEDURE.md: Mention patch releases
resolve: Make forced IPv4 resolve only use A queries
- runtests: Fix uninitialized value on ignored tests
schannel: Ban server ALPN change during recv renegotiation
schannel: Don't reset recv/send function pointers on renegotiation
- schannel: When importing PFX, disable key persistence
scripts: Use 'grep -E' instead of 'egrep'
- setopt: Use the handler table for protocol name to number conversions
setopt: When POST is set, reset the 'upload' field (CVE-2022-32221)
setup-win32: No longer define UNICODE/_UNICODE implicitly
single_transfer: Use the libcurl URL parser when appending query parts
smb: Replace CURL_WIN32 with WIN32
strcase: Add and use Curl_timestrcmp
- strerror: Improve two URL API error messages
symbol-scan.pl: Also check for LIBCURL* symbols
symbol-scan.pl: Scan and verify .3 man pages
symbols-in-versions: Add missing LIBCURL* symbols
symbols-in-versions: CURLOPT_ENCODING is deprecated since 7.21.6
- test1119: Scan all public headers
- test1275: Verify uppercase after period in markdown
- test972: Verify the output without using external tool
tests/certs/scripts: Insert standard curl source headers
tests/Makefile: Remove run time stats from ci-test
tests: Avoid CreateThread if _beginthreadex is available
- tests: Fix tag syntax errors in test files
- tests: Skip mime/form tests when mime is not built-in
- tidy-up: Delete parallel/unused feature flags
tidy-up: Delete unused HAVE_STRUCT_POLLFD
TODO: Provide the error body from a CONNECT response
tool: Avoid generating ambiguous escaped characters in --libcurl
- tool: Remove dead code
tool: Reorganize function c_escape around a dynbuf
tool_hugehelp: Make hugehelp a blank macro when disabled
tool_main: Exit at once if out of file descriptors
tool_operate: Avoid a few #ifdefs for disabled-libcurl builds
tool_operate: More transfer clean-up after parallel transfer fail
tool_operate: Prevent over-queuing in parallel mode
tool_operate: Reduce errorbuffer allocs
tool_paramhelp: Asserts verify maximum sizes for string loading
tool_paramhelp: Make the max argument a 'double'
tool_progress: Remove 'Qd' from the parallel progress bar
tool_setopt: Use better English in --libcurl source comments
tool_xattr: Save the original URL, not the final redirected one
- unit test 1655: Make it C89-compliant
url: A zero-length userinfo part in the URL is still a (blank) user
- url: Allow non-HTTPS HSTS-matching for debug builds
- url: Rename function due to name-clash in Watt-32
url: Use IDN decoded names for HSTS checks (CVE-2022-42916)
- urlapi: Detect scheme better when not guessing
urlapi: Fix parsing URL without slash with CURLU_URLENCODE
urlapi: Leaner with fewer allocs
- urlapi: Reject more bad characters from the host name field
winbuild/MakefileBuild.vc: Handle spaces in libssh(2) include paths
winbuild: Use NMake batch-rules for compilation
windows: Add .rc support to autotools builds
- windows: Adjust name of two internal public functions
windows: Autotools .rc warnings fixup
- wolfSSL: Fix session management bug
Updated unrar to 6.20 beta 1