Friday 23rd December 2022
Local Packages
Updated curl to 7.87.0:
curl: Add --url-query
CURLOPT_QUICK_EXIT: Don't wait for DNS thread on exit
lib: Add CURL_WRITEFUNC_ERROR to signal write callback error
- openssl: Reduce CA certificate bundle reparsing by caching
version: Add a feature names array to curl_version_info_data
- altsvc: Fix rejection of negative port numbers
aws_sigv4: Consult x-%s-content-sha256 for payload hash
aws_sigv4: Fix typos in aws_sigv4.c
base64: Better alloc size
base64: Encode without using snprintf
base64: Faster base64 decoding
build: Assume assert.h is always available
build: Assume errno.h is always available
c-hyper: CONNECT responses are not server responses
- c-hyper: Fix multi-request mechanism
- CI: Change FreeBSD image from 12.3 to 12.4
- CI: LGTM.com will be shut down in December 2022
CI: Remove zuul fuzzing job as it's superseded by CIFuzz
- cmake: Check for cross-compile, not for toolchain
cmake: Fix build with 'CURL_USE_GSSAPI'
- cmake: Really enable warnings with clang
- cmake: Set the soname on the shared library
cmdline-opts/gen.pl: Fix the linkifier
cmdline-opts/page-footer: Remove long option nroff formatting
config-mac: Define HAVE_SYS_IOCTL_H
config-mac: Fix typo: size_T → size_t
config-mac: Remove HAVE_SYS_SELECT_H
config-win32: Fix SIZEOF_OFF_T for MSVC and old MinGW
configure: Require fork for NTLM-WB
contributors.sh: Actually use $CURLWWW instead of just setting it
- cookie: Compare cookie prefixes case insensitively
- cookie: Expire cookies at once when max-age is negative
- cookie: Open cookie jar as a binary file
curl-openssl.m4: Do not add $prefix/include/openssl to CPPFLAGS
curl-rustls.m4: On macOS, rustls also needs the Security framework
curl.h: Include <sys/select.h> on SerenityOS
curl.h: Name all public function parameters
curl.h: Reword comment to not use deprecated option
curl: Override the numeric locale and set "C" by force
curl: Timeout in the read callback
curl_endian: Remove Curl_write64_le from header
curl_get_line: Allow last line without newline char
curl_path: Do not add '/' if homedir ends with one
curl_url_get.3: Remove spurious backtick
curl_url_set.3: Document CURLU_DISALLOW_USER
curl_url_set.3: Fix typo
CURLMOPT_SOCKETFUNCTION.3: Clarify CURL_POLL_REMOVE
CURLOPT_COOKIEFILE.3: Advice ⇒ advise
CURLOPT_DEBUGFUNCTION.3: Do not assume nul-termination in example
CURLOPT_DEBUGFUNCTION.3: Emphasize that incoming data is "raw"
CURLOPT_POST.3: Explain setting to 0 changes request type
docs/curl_ws_send: Fixed typo in websocket docs
docs/EARLY-RELEASE.md: How to determine an early release
docs/examples: Spelling correction ('Retrieve')
docs/INSTALL.md: Expand on static builds
docs/WEBSOCKET.md: Explain the URL use
docs: Add missing parameters for --retry flag
- docs: Add more "SEE ALSO" links to CA related pages
docs: Explain the noproxy CIDR notation support
- docs: Extend the dump-header documentation
docs: Remove performance note in CURLOPT_SSL_VERIFYPEER
examples/10-at-a-time: Fix possible skipped final transfers
- examples: Update descriptions
ftp: Support growing files with CURLOPT_IGNORE_CONTENT_LENGTH
gen.pl: Do not generate CURLHELP bitmask lines > 79 characters
- GHA: Clarify workflows permissions, set least possible privilege
- GHA: NSS use clang instead of clang-9
gnutls: Use common gnutls init and verify code for ngtcp2
headers: Add endif comments
HTTP-COOKIES.md: Mention that http://localhost is a secure context
HTTP-COOKIES.md: Update the 6265bis link to draft-11
http: Do not send PROXY more than once
http: Fix the ::1 comparison for IPv6 localhost for cookies
http: Set 'this_is_a_follow' in the Location: logic
http: Use the IDN decoded name in HSTS checks (CVE-2022-43551)
hyper: Classify headers as CONNECT and 1XX
hyper: Fix handling of hyper_task-s when reusing the same address
idn: Remove Curl_win32_ascii_to_idn
INSTALL: Update operating systems and CPU archs
KNOWN_BUGS: Remove eight entries
lib1560: Add some basic IDN host name tests
lib: Connection filters (cfilter) addition to curl
lib: Feature deprecation warnings in gcc ≥ 4.3
- lib: Fix some type mismatches and remove unneeded typecasts
- lib: Parse numbers with fixed known base 10
lib: Remove bad set.opt_no_body assignments
lib: Rewind before request instead of after previous
lib: Sync guard for Curl_getaddrinfo_ex() definition and use
lib: Use size_t or int etc. instead of longs
libcurl-errors.3: Remove duplicate word
libssh2: Return error when ssh_hostkeyfunc returns error
limit-rate.d: See also --rate
log2changes.pl: Wrap long lines at 80 columns
Makefile.mk: Address minor issues
Makefile.mk: Improve a GNU Make hack
Makefile.mk: Portable Makefile.m32
maketgz: Set the right version in `lib/libcurl.plist
- mime: Relax easy/mime structures binding
- misc: Fix incorrect spelling
- misc: Remove duplicated include files
- misc: Typo and grammar fixes
negtelnetserver.py: Have it call its close() method
netrc.d: Provide mutext info
- netware: Remove leftover traces
- noproxy: Also match with adjacent comma
- noproxy: Guard against empty hostnames in noproxy check
- noproxy: Tailmatch like in 7.85.0 and earlier
nroff-scan.pl: Detect double highlights
ntlm: Improve comment for encrypt_des
ntlm: Silence ubsan warning about copying from null target_info pointer
openssl/mbedtls: Use %d for outputting port with failf (int)
- openssl: Prefix errors with '[lib]/[version]: '
os400: Use platform socklen_t in Curl_getnameinfo_a
- page-header: Grammar improvement (display transfer rate)
proxy: Refactor haproxy protocol handling as connection filter
README.md: Remove badges and xmas-tree garnish
- rtsp: Fix RTSP auth
runtests: --no-debuginfod now disables DEBUGINFOD_URLS
runtests: Do CRLF replacements per section only
scripts/checksrc.pl: Detect duplicated include files
sendf: Change Curl_read_plain to wrap Curl_recv_plain
sendf: Remove unnecessary if condition
setup: Do not require __MRC__ defined for Mac OS 9 builds
smb/telnet: Do not free the protocol struct in *_done() (CVE-2022-43552)
socks: Fix username max size is 255 (0xFF)
spellcheck.words: Remove 'github' as an accepted word
ssl-reqd.d: Clarify that this is for upgrading connections only
strcase: Use curl_str(n)equal for case insensitive matches
styled-output.d: This option does not work on Windows
system.h: Fix socklen_t, curl_off_t, long long for Classic Mac OS
system.h: Support 64-bit curl_off_t for NonStop 32-bit
test1421: Fix typo
test3026: Reduce runtime in legacy mingw builds
tests/sshserver.pl: Re-enable ssh-rsa while using openssh 8.8+
tests: Add authorityInfoAccess to generated certs
- tests: Add HTTP/3 test case, custom location for proper nghttpx
- tls: Backends use connection filters for IO, enabling HTTPS-proxy
tool: Determine the correct fopen option for -D
tool_cfgable: Free the ssl_ec_curves on exit
tool_cfgable: Make socks5_gssapi_nec a boolean
tool_formparse: Avoid clobbering on function params
tool_getparam: Make --no-get work as the opposite of --get
tool_operate: Provide better errmsg for -G with bad URL
tool_operate: When aborting, make sure there is a non-NULL error buffer
tool_paramhlp: Free the proto strings on exit
- url: Move back the IDN conversion of proxy names
urlapi: Reject more bad letters from the host name: &+()
urldata: Change port num storage to int and unsigned short
vms: Remove SIZEOF_SHORT
- vtls: Fix build without proxy support
- vtls: Localization of state data in filters
WEBSOCKET.md: Fix broken link
- Websocket: Fixes for partial frames and buffer updates
- websockets: Fix handling of partial frames
- windows: Fail early with a missing windres in autotools
windows: Fix linking .rc to shared curl with autotools
winidn: Drop WANT_IDN_PROTOTYPES
- ws: If no connection is around, return error
ws: Return CURLE_NOT_BUILT_IN when websockets not built in
x509asn1: Avoid freeing unallocated pointers
I added a patch to fix the test certificates for EL-9 compatibility (GH#10135, GH#10153)