#acl PaulHowarth:read,write,admin,revert,delete All:read

=== Wednesday 17th May 2023 ===

==== Fedora Project ====

 * Updated `perl-Test-Valgrind` (1.19) in Rawhide to use SPDX-format license tag
 * Updated `perl-Test-Warnings` (0.031) in Rawhide to use SPDX-format license tag
 * Updated `perl-Test2-Plugin-NoWarnings` (0.09) in Rawhide to use SPDX-format license tag
 * Updated `perl-Types-Serialiser` (1.01) in Rawhide to use SPDX-format license tag and avoid use of deprecated patch syntax
 * Updated `perl-Unicode-UTF8` (0.62) in Rawhide to use SPDX-format license tag

==== Local Packages ====

 * Updated `curl` to 8.1.0:
  * `curl`: Add `--proxy-http2`
  * `CURLPROXY_HTTPS2`: For HTTPS proxy that may speak HTTP/2
  * `hostip`: Refuse to resolve the `.onion` TLD
  * `tool_writeout`: Add URL component variables
  * amiga: Fix CA certificate paths for AmiSSL and MorphOS
  * autotools: Sync up clang picky warnings with cmake
  * `aws-sigv4.d`: Fix region identifier in example
  * `bufq`: Simplify since expression is always true
  * `cf-h1-proxy`: Skip an extra `NULL` assign
  * `cf-h2-proxy`: Fix processing ingress to stop too early
  * cf-socket: Add socket `recv` buffering for most tcp cases
  * cf-socket: Disable socket receive buffer by default
  * cf-socket: Remove dead code discovered by PVS
  * cf-socket: Turn off `IPV6_V6ONLY` on Windows if it is supported
  * `checksrc`: Check for spaces before the colon of switch labels
  * `checksrc`: Find bad indentation in conditions without open brace
  * `checksrc`: Fix `SPACEBEFOREPAREN` for conditions starting with "`*`"
  * ci: '`-Wno-vla`' no longer necessary
  * CI: Fix brew retries on GHA
  * CI: Set minimal permissions on workflow `ngtcp2-quictls.yml`
  * CI: Skip Azure for commits that change only GHA
  * CI: Use another glob syntax for matching files on Appveyor
  * cmake: Bring in the network library on Haiku
  * cmake: Do not add `zlib` headers for openssl
  * CMake: Make config version 8 compatible with 7
  * cmake: Picky-linker fixes for openssl, ZLIB, H3 and more
  * cmake: Set SONAME for SunOS too
  * cmake: Speed up and extend picky `clang`/`gcc` options
  * `CMakeLists.txt`: Fix typo for Haiku detection
  * `compressed.d`: Clarify the words on "not notifying headers"
  * `config-dos.h`: Fix `SIZEOF_CURL_OFF_T` for MS-DOS/DJGPP
  * `configure`: Don't set `HAVE_WRITABLE_ARGV` on Windows
  * `configure`: Fix detection of `apxs` (for `httpd`)
  * `configure`: Make quiche require `quiche_conn_send_ack_eliciting`
  * `connect`: Fix https connection setup to treat `ssl_mode` correctly
  * `content_encoding`: Only do `transfer-encoding` compression if asked to
  * cookie: Address PVS nits
  * cookie: Clarify that init with data set to `NULL` reads no file
  * `curl`: Do ''not'' append file name to path for upload when there's a query
  * `curl_easy_getinfo.3`: Typo fix (duplicated "from the")
  * `curl_easy_unescape.3`: Rename the argument
  * `curl_path`: Bring back support for SFTP path ending in `/~`
  * `curl_url_set.3`: Mention that users can set content rather freely
  * `CURLOPT_IPRESOLVE.3`: This for host names, not IP addresses
  * `data.d`: Emphasize no conversion
  * digest: Clear target buffer
  * doc: `curl_mime_init()` strong easy binding was relaxed in 7.87.0
  * `docs/cmdline-opts`: Document the dotless config path
  * `docs/examples/protofeats.c`: Outputs all protocols and features
  * `docs/libcurl/curl_*escape.3`: Rename "url" argument to "input"/"string"
  * `docs/SECURITY-ADVISORY.md`: How to write a curl security advisory
  * docs: Bump the minimum perl version to 5.6
  * docs: Clarify that more backends have HTTPS proxy support
  * `dynbuf`: Never allocate larger than "toobig"
  * `easy_cleanup`: Require a "good" handle to act
  * ftp: Fix '`portsock`' variable was assigned the same value
  * ftp: Remove dead code
  * `ftplistparser`: Move out private data from public struct
  * `ftplistparser`: Replace `realloc` with `dynbuf`
  * `gen.pl`: Error on duplicated `See-Also` fields
  * `getpart`: Better handle case of file not found
  * GHA-linux: Add an address-sanitizer build
  * GHA: Add a memory-sanitizer job
  * GHA: Run all linux test jobs with `valgrind`
  * GHA: Suppress `git clone` output
  * `GIT-INFO`: Add `--with-openssl`
  * gskit: Various compile errors in OS400
  * h2/h3: Replace '`state.drain`' counter with '`state.dselect_bits`'
  * hash: Fix assigning same value
  * headers: Clear (possibly) lingering pointer in init
  * `hostcheck`: Fix host name wildcard checking ([[CVE:2023-28321|CVE-2023-28321]])
  * `hostip`: Add locks around use of global buffer for `alarm()` ([[CVE:2023-28320|CVE-2023-28320]])
  * `hostip`: Enforce a maximum DNS cache size independent of timeout value
  * `HTTP-COOKIES.md`: Mention the `#HttpOnly_` prefix
  * http2: Always `EXPIRE_RUN_NOW` unpaused http/2 transfers
  * http2: Do flow window accounting for cancelled streams
  * http2: Enlarge the connection window
  * http2: Flow control and buffer improvements
  * http2: Move HTTP/2 stream vars into local context
  * http2: Pass '`stream`' to `http2_handle_stream_close` to avoid `NULL` checks
  * http2: Remove unused `Curl_http2_strerror` function declaration
  * HTTP3/quiche: Terminate h1 response header when no body is sent
  * http3: Check `stream_ctx` more thoroughly in all backends
  * HTTP3: Document the ngtcp2/nghttp3 versions to use for building `curl`
  * http3: Expire unpaused transfers in all HTTP/3 backends
  * http3: Improvements across backends
  * http: Free the url before storing a new copy
  * http: Skip a double `NULL` assign
  * `ipv4.d`/`ipv6.d`: They are "mutex", not "boolean"
  * `KNOWN_BUGS`: Remove fixed or outdated issues, move non-bugs
  * `lib/cmake`: Add `HAVE_WRITABLE_ARGV` check
  * `lib/sha256.c`: Typo fix in comment (duplicated "is available")
  * `lib1560`: Verify that more bad host names are rejected
  * lib: Add '`bufq`' and '`dynhds`'
  * lib: Remove `CURLX_NO_MEMORY_CALLBACKS`
  * lib: Unify the upload/method handling ([[CVE:2023-28322|CVE-2023-28322]])
  * lib: Use correct `printf` flags for sockets and timediffs
  * `libssh2`: Fix crash in keyboard callback
  * `libssh2`: Free fingerprint better ([[CVE:2023-28319|CVE-2023-28319]])
  * `libssh`: Tell it to use SFTP non-blocking
  * man pages: Simplify the `.TH` sections
  * `MANUAL.md`: Add `dict` example for looking up a single definition
  * `md(4|5)`: Don't use deprecated iOS functions
  * `md4`: Only build when used
  * mime: Skip `NULL` assigns after `Curl_safefree()`
  * multi: Add handle asserts in `DEBUG` builds
  * multi: Add multi-ignore logic to `multi_socket_action`
  * multi: Free up more data earlier in `DONE`
  * multi: Remove a few superfluous assigns
  * multi: Remove `PENDING` + `MSGSENT` handles from the main linked list
  * ngtcp2: Adapted to 0.15.0
  * ngtcp2: Adjust config and code checks for ngtcp2 without nghttp3
  * `noproxy`: Pointer to local array '`hostip`' is stored outside scope
  * ntlm: Clear `lm` and `nt` response buffers before use
  * openssl: Interop with AWS-LC
  * OS400: Fix and complete ILE/RPG binding
  * OS400: Implement EBCDIC support for recent features
  * OS400: Improve `vararg` emulation
  * OS400: Provide ILE/RPG usage examples
  * `pingpong`: Fix compiler warning "assigning an enum to unsigned char"
  * `pytest`: Improvements for suitable `curl` and error output
  * quiche: Disable pacing while pacing is not actually performed
  * quiche: Enable `IDLE` egress handling
  * `RELEASE-PROCEDURE`: Update to new schedule
  * rtsp: Convert `malloc`s to `dynbuf` for RTP buffering
  * rtsp: Skip malformed RTSP interleaved frame data
  * rtsp: Skip `NULL` assigns after `Curl_safefree()`
  * `runtests`: Die if `curl` version can be found
  * `runtests`: Don't start servers if `-l` is given
  * `runtests`: Fix `-c` option when run with `valgrind`
  * `runtests`: Fix quoting in Appveyor and Azure test integration
  * `runtests`: Lots of refactoring
  * `runtests`: Refactor into more packages
  * `runtests`: Show error message if file can't be written
  * `runtests`: Spawn a new process for the test runner
  * `rustls`: Fix error in `recv` handling
  * schannel: Add clarifying comment
  * `server/getpart`: Clear target buffer before load
  * smb: Remove double assign
  * smbserver: Remove temporary files before exit
  * socketpair: Verify with a random value
  * ssh: Add support for `libssh2` read timeout
  * telnet: Simplify the implementation of `str_is_nonascii()`
  * `test1169`: Fix so it works properly everywhere
  * `test1592`: Add `flaky` keyword
  * `test1960`: Point to the correct path for the `precheck` tool
  * `test303`: Kill server after test
  * `tests/http`: Add timeout to running `curl` in test cases
  * `tests/http`: Fix log formatting on wrong exit code
  * `tests/http`: Fix out-of-tree builds
  * `tests/http`: Improved `httpd` detection
  * `tests/http`: More tests with specific clients
  * `tests/http`: Relax connection check in `test_07_02`
  * `tests/keywords.pl`: Remove
  * `tests/libtest/lib1900.c`: Remove
  * `tests/sshserver.pl`: Define `AddressFamily` earlier
  * tests: 1078 1288 1297 use valid IPv4 addresses
  * tests: Document that the `unittest` keyword is special
  * tests: Increase sws timeout for more robust testing
  * tests: Log a too-long Unix socket path in `sws` and `socksd`
  * tests: Make `test_12_01` a bit more forgiving on connection counts
  * tests: Move pidfiles and portfiles under the log directory
  * tests: Move server config files under the pid dir
  * tests: Silence some `Perl::Critic` warnings in test suite
  * tests: Stop using `strndup()`, which isn't portable
  * tests: Switch to 3-argument `open` in test suite
  * tests: Turn perl modules into full packages
  * tests: Use `%LOGDIR` to refer to the log directory
  * `tool_cb_hdr`: Fix '`Location:`' formatting for early VTE terminals
  * `tool_operate`: Pass a `long` as `CURLOPT_HEADEROPT` argument
  * `tool_operate`: Refuse (`--data` or `--form`) and `--continue-at` combo
  * `transfer`: Refuse `POSTFIELDS` + `RESUME_FROM` combo
  * transfer: Skip extra assign
  * url: Fix null dispname for `--connect-to` option
  * url: Fix PVS nits
  * url: Remove call to `Curl_llist_destroy` in `Curl_close`
  * urlapi: Clean-ups and improvements
  * urlapi: Detect and error on illegal IPv4 addresses
  * urlapi: Prevent setting invalid schemes with `*url_set()`
  * urlapi: Skip a pointless assign
  * urlapi: URL encoding for the URL missed the fragment
  * urldata: Copy `CURLOPT_AWS_SIGV4` value on handle duplication
  * urldata: Shrink `*select_bits` `int => unsigned char`
  * vlts: Use full buffer size when receiving data if possible
  * vtls and h2 improvements
  * Websocket: Enhanced en-/decoding
  * `wolfssl.yml`: Bump to version 5.6.0
  * `write-out.d`: use `response_code` in example
  * ws: Handle reads before `EAGAIN` better
 * Updated `perl-Test-Valgrind` (1.19) as per the Fedora version
 * Updated `perl-Test-Warnings` (0.031) as per the Fedora version
 * Updated `perl-Test2-Plugin-NoWarnings` (0.09) as per the Fedora version
 * Updated `perl-Types-Serialiser` (1.01) as per the Fedora version
 * Updated `perl-Unicode-UTF8` (0.62) as per the Fedora version

----