Wednesday 15th February 2023
Fedora Project
Updated perl-parent to 0.241 in F-38 and Rawhide:
- Actually include the changes documented for version 0.240
Local Packages
Updated curl to 7.88.0:
curl.h: Add CURL_HTTP_VERSION_3ONLY
share: Add sharing of HSTS cache among handles (CVE-2023-23914)
src: Add --http3-only
tool_operate: Share HSTS between handles (CVE-2023-23915)
urlapi: Add CURLU_PUNYCODE
writeout: Add %{certs} and %{num_certs}
cf-socket: Fix build when not HAVE_GETPEERNAME
cf-socket: Keep sockaddr local in the socket filters
cfilters: Curl_conn_get_select_socks: Use the first non-connected filter
- CI: Add a workflow to automatically label pull requests
CI: Add pytest GHA to CI test/tests-httpd on a HTTP/3 setup
- CI: Retry failed downloads to reduce spurious failures
- CI: Update wolfssl / wolfssh to 5.5.4 / 1.4.12
- cmake: Bump requirement to 3.7
cmake: Check for sendmsg
cmake: Delete redundant macro definition 'SECURITY_WIN32'
- cmake: Fix dev warning due to mismatched arg
cmake: Fix the snprintf detection
- cmake: Remove deprecated symbols check
cmake: Set SOVERSION also for macOS
cmake: Use list APPEND syntax for CMAKE_REQUIRED_DEFINITIONS
cmdline-opts/Makefile: On error, do not leave a partial
CODEOWNERS: Remove the peeps mentioned as CI owners
connect: Fix access of pointer before NULL check
connect: Fix build when not ENABLE_IPV6
connect: Fix strategy testing for attempts, timeouts and happy-eyeball
- connections: Introduce http/3 happy eyeballs
content_encoding: Do not reset stage counter for each header (CVE-2023-23916)
CONTRIBUTE: More formally specify the commit description
cookies: fp is always not NULL
copyright.pl: Cease doing year verifications
- copyright: Update all copyright lines and remove year ranges
curl.1: Make help, version and manual sections "custom"
curl.h: Allow up to 10M buffer size
curl.h: Mark CURLSSLBACKEND_MESALINK as deprecated
curl/websockets.h: Extend the websocket frame struct
curl: Output warning at --verbose output for debug-enabled version
curl_free.3: Fix return type of 'curl_free'
curl_global_sslset.3: Clarify the openssl situation
curl_log: For failf/infof and debug logging implementations
curl_setup: Disable by default recv-before-send in Windows
curl_version_info.3: Fix typo
curl_ws_send.3: Clarify how to send multi-frame messages
CURLOPT_HEADERDATA.3: Warn DLL users must set write function
CURLOPT_READFUNCTION.3: The callback 'size' arg is always 1
CURLOPT_WRITEFUNCTION.3: Fix memory leak in example
dict: URL decode the entire path always
docs/DEPRECATE.md: Deprecate gskit
docs: Add link to GitHub Discussions
docs: Mention indirect effects of --insecure
docs: POSTFIELDSIZE must be set to -1 with read function
doh: ifdef IPv6 code
- easyoptions: Fix header printing in generation script
- escape: Hex decode with a lookup-table
escape: Use table lookup when adding %-codes to output
examples: Remove the curlgtk.c example
fopen: Remove unnecessary assignment
ftpserver: Lower the DATA connect timeout to speed up torture tests
GHA/macos.yml: Bump to gcc-12
GHA/macos: Use Xcode_14.0.1 for cmake builds
GHA: Add job on Slackware 15.0
GHA: Bump ngtcp2 workflow dependencies
GHA: Enable websockets in the torture job
GHA: Move the quiche job here from zuul
GHA: Use designated ngtcp2 and its dependencies versions
haxproxy: Send before TLS handshake
header.d: Add a header file example
hsts.d: Explain HSTS more
- hsts: Handle adding the same host name again
HTTP/[23]: Continue upload when state.drain is set
http2: Aggregate small SETTINGS/PRIO/WIN_UPDATE frames
http2: Fix compiler warning due to uninitialized variable
http2: Minor buffer and error path fixes
http2: When using printf %.*s, the length arg must be 'int'
HTTP3: Mention what needs to be in place to remove EXPERIMENTAL label
http: Add additional condition for including stdint.h
http: Decode transfer encoding first
http: Fix "part of conditional expression is always false"
http: Remove the trace message "Mark bundle... multiuse"
http_aws_sigv4: Remove typecasts from HMAC_SHA256 macro
http_proxy: Do not assign data->req.p.http, use local copy
INSTALL: Document how to use multiple TLS backends
lib670: Make test.h the first include
lib: connect/h2/h3 refactor
- lib: Fix typos
- lib: Fix typos in comments that repeat a word
libssh2: Try sha2 algos for hostkey methods
libtest: Add a sleep macro for Windows
- Linux CI: Update some dependencies to latest tag
Makefile.mk: Fix wolfssl and mbedtls default paths
man pages: Call the custom user pointer 'clientp' consistently
- md4: Fix build with GnuTLS + OpenSSL v1
- misc: Fix grammar and spelling
- misc: Fix spelling
- misc: Reduce struct and struct field sizes
- msh3: Add support for request payload
- msh3: Update to v0.5 Release
- msh3: Update to v0.6
- multi: Stop sending empty HTTP/3 UDP datagrams on Windows
multihandle: Turn bool struct fields into bits
ngtcp2: Add CURLOPT_SSL_CTX_FUNCTION support for openssl+wolfssl
ngtcp2: Fix the build without 'sendmsg'
ngtcp2: Replace removed define and stop using removed function
no-clobber.d: Only use long form options in man page text
noproxy: Support for space-separated names is deprecated
nss: Implement data_pending method
openldap: Fix missing sasl symbols at build in specific configs
openssl: Adapt to boringssl's error code type
openssl: Don't ignore CA paths when using Windows CA store (redux)
openssl: Don't log raw record headers
openssl: Make the BIO_METHOD a local variable in the connection filter
openssl: Only use CA_BLOB if verifying peer
openssl: Remove attached easy handles from SSL instances
openssl: Store the CA after first send (ClientHello)
os400: Fixes to make-lib.sh and initscript.sh
packages: Remove Android, update README
release-notes.pl: Check fixes/closes lines better
- Revert "x509asn1: avoid freeing unallocated pointers"
runtest.pl: Add expected fourth return value
runtests: Tear down http2/http3 servers when https server is stopped
runtests: Consider warnings fatal and error on them
runtests: Fix detection of TLS backends
runtests: Make 'mbedtls' a testable feature
rustls: Improve error messages
scripts/delta: Show percent of number of files changed since last tag
scripts: Fix Appveyor job detection in cijobs.pl
scripts: Set file mode +x on all perl and shell scripts
- sectransp: Fix for incomplete read/writes
SECURITY-PROCESS.md: Document severity levels
setopt: Address undefined behaviour by checking for null
setopt: Move the SHA256 opt within #ifdef libssh2
setopt: Use >, not >=, when checking if uarg is larger than uint-max
- smb: Return error on upload without size
- socketpair: Allow localhost MITM sniffers
strdup: Name it Curl_strdup
system.h: Assume OS400 is always built with ILEC compiler
test1560: Use a UTF8-using locale when run
test2304: Remove stdout verification
tests-httpd: Basic infra to run curl against an apache httpd
tests: Add 3 new HTTP/2 test cases, plus https: support for nghttpx
tests: Add tests for HTTP/2 and HTTP/3 to verify the header API
tests: Avoid use of sha1 in certificates
- tls: Fixes for wolfssl + openssl combo builds
tool_getparam: Fix hiding of command line secrets
tool_operate: Fix 'CURLOPT_SOCKS5_GSSAPI_NEC' type
tool_operate: Fix error codes during DOS filename sanitize
tool_operate: Fix error codes on bad URL and OOM
tool_operate: Fix headerfile writing
tool_operate: Repair --rate
transfer: Break the read loop when RECV is cleared
typecheck: Accept expressions for option/info parameters
- url: Fix part of conditional expression is always true
urlapi: Avoid Curl_dyn_addf() for hex outputs
urlapi: Fix part of conditional expression is always true: qlen
urlapi: Skip path checks if path is just "/"
urlapi: Skip the extra dedotdot alloc if no dot in path
urldata: Cease storing TLS auth type
urldata: Make 'ftp_create_missing_dirs' depend on FTP || SFTP
urldata: Make set.http200aliases conditional on HTTP being present
urldata: Move the cookefilelist to the 'set' struct
urldata: Remove unused struct fields, made more conditional
vquic: Stabilization and improvements
- vtls: Fix hostname handling in filters
vtls: Manage current easy handle in nested cfilter calls
- vtls: Use ALPN HTTP/1.0 when HTTP/1.0 is used
winbuild: Document that arm64 is supported
Windows: Always use curl's basename() implementation
- wolfssl: Remove deprecated post-quantum algorithms
workflows/linux.yml: Merge 3 common packages
write-out.d: Add 'since version' to %{header_json} documentation
write-out.d: Clarify Windows % symbol escaping
ws: Fix autoping handling
ws: Fix multiframe send handling
ws: Fix recv of larger frames
- ws: Remove bad assert
ws: Unstick connect-only shutdown
ws: Use %Ou for outputting curl_off_t with info()
x509asn1: Fix compile errors and warnings
- zuul: Stop using this CI service
I added a patch from Fedora to disable the upstream warnings-as-fatal behaviour in runtests.pl since the tests do actually generate some warnings that need to be fixed upstream
Updated perl-parent to 0.241 as per the Fedora version