Wednesday 17th May 2023
Fedora Project
Updated perl-Test-Valgrind (1.19) in Rawhide to use SPDX-format license tag
Updated perl-Test-Warnings (0.031) in Rawhide to use SPDX-format license tag
Updated perl-Test2-Plugin-NoWarnings (0.09) in Rawhide to use SPDX-format license tag
Updated perl-Types-Serialiser (1.01) in Rawhide to use SPDX-format license tag and avoid use of deprecated patch syntax
Updated perl-Unicode-UTF8 (0.62) in Rawhide to use SPDX-format license tag
Local Packages
Updated curl to 8.1.0:
curl: Add --proxy-http2
CURLPROXY_HTTPS2: For HTTPS proxy that may speak HTTP/2
hostip: Refuse to resolve the .onion TLD
tool_writeout: Add URL component variables
- amiga: Fix CA certificate paths for AmiSSL and MorphOS
- autotools: Sync up clang picky warnings with cmake
aws-sigv4.d: Fix region identifier in example
bufq: Simplify since expression is always true
cf-h1-proxy: Skip an extra NULL assign
cf-h2-proxy: Fix processing ingress to stop too early
cf-socket: Add socket recv buffering for most tcp cases
- cf-socket: Disable socket receive buffer by default
- cf-socket: Remove dead code discovered by PVS
cf-socket: Turn off IPV6_V6ONLY on Windows if it is supported
checksrc: Check for spaces before the colon of switch labels
checksrc: Find bad indentation in conditions without open brace
checksrc: Fix SPACEBEFOREPAREN for conditions starting with "*"
ci: '-Wno-vla' no longer necessary
- CI: Fix brew retries on GHA
CI: Set minimal permissions on workflow ngtcp2-quictls.yml
- CI: Skip Azure for commits that change only GHA
- CI: Use another glob syntax for matching files on Appveyor
- cmake: Bring in the network library on Haiku
cmake: Do not add zlib headers for openssl
- CMake: Make config version 8 compatible with 7
- cmake: Picky-linker fixes for openssl, ZLIB, H3 and more
- cmake: Set SONAME for SunOS too
cmake: Speed up and extend picky clang/gcc options
CMakeLists.txt: Fix typo for Haiku detection
compressed.d: Clarify the words on "not notifying headers"
config-dos.h: Fix SIZEOF_CURL_OFF_T for MS-DOS/DJGPP
configure: Don't set HAVE_WRITABLE_ARGV on Windows
configure: Fix detection of apxs (for httpd)
configure: Make quiche require quiche_conn_send_ack_eliciting
connect: Fix https connection setup to treat ssl_mode correctly
content_encoding: Only do transfer-encoding compression if asked to
- cookie: Address PVS nits
cookie: Clarify that init with data set to NULL reads no file
curl: Do not append file name to path for upload when there's a query
curl_easy_getinfo.3: Typo fix (duplicated "from the")
curl_easy_unescape.3: Rename the argument
curl_path: Bring back support for SFTP path ending in /~
curl_url_set.3: Mention that users can set content rather freely
CURLOPT_IPRESOLVE.3: This for host names, not IP addresses
data.d: Emphasize no conversion
- digest: Clear target buffer
doc: curl_mime_init() strong easy binding was relaxed in 7.87.0
docs/cmdline-opts: Document the dotless config path
docs/examples/protofeats.c: Outputs all protocols and features
docs/libcurl/curl_*escape.3: Rename "url" argument to "input"/"string"
docs/SECURITY-ADVISORY.md: How to write a curl security advisory
- docs: Bump the minimum perl version to 5.6
- docs: Clarify that more backends have HTTPS proxy support
dynbuf: Never allocate larger than "toobig"
easy_cleanup: Require a "good" handle to act
ftp: Fix 'portsock' variable was assigned the same value
- ftp: Remove dead code
ftplistparser: Move out private data from public struct
ftplistparser: Replace realloc with dynbuf
gen.pl: Error on duplicated See-Also fields
getpart: Better handle case of file not found
- GHA-linux: Add an address-sanitizer build
- GHA: Add a memory-sanitizer job
GHA: Run all linux test jobs with valgrind
GHA: Suppress git clone output
GIT-INFO: Add --with-openssl
- gskit: Various compile errors in OS400
h2/h3: Replace 'state.drain' counter with 'state.dselect_bits'
- hash: Fix assigning same value
- headers: Clear (possibly) lingering pointer in init
hostcheck: Fix host name wildcard checking (CVE-2023-28321)
hostip: Add locks around use of global buffer for alarm() (CVE-2023-28320)
hostip: Enforce a maximum DNS cache size independent of timeout value
HTTP-COOKIES.md: Mention the #HttpOnly_ prefix
http2: Always EXPIRE_RUN_NOW unpaused http/2 transfers
- http2: Do flow window accounting for cancelled streams
- http2: Enlarge the connection window
- http2: Flow control and buffer improvements
- http2: Move HTTP/2 stream vars into local context
http2: Pass 'stream' to http2_handle_stream_close to avoid NULL checks
http2: Remove unused Curl_http2_strerror function declaration
- HTTP3/quiche: Terminate h1 response header when no body is sent
http3: Check stream_ctx more thoroughly in all backends
HTTP3: Document the ngtcp2/nghttp3 versions to use for building curl
- http3: Expire unpaused transfers in all HTTP/3 backends
- http3: Improvements across backends
- http: Free the url before storing a new copy
http: Skip a double NULL assign
ipv4.d/ipv6.d: They are "mutex", not "boolean"
KNOWN_BUGS: Remove fixed or outdated issues, move non-bugs
lib/cmake: Add HAVE_WRITABLE_ARGV check
lib/sha256.c: Typo fix in comment (duplicated "is available")
lib1560: Verify that more bad host names are rejected
lib: Add 'bufq' and 'dynhds'
lib: Remove CURLX_NO_MEMORY_CALLBACKS
lib: Unify the upload/method handling (CVE-2023-28322)
lib: Use correct printf flags for sockets and timediffs
libssh2: Fix crash in keyboard callback
libssh2: Free fingerprint better (CVE-2023-28319)
libssh: Tell it to use SFTP non-blocking
man pages: Simplify the .TH sections
MANUAL.md: Add dict example for looking up a single definition
md(4|5): Don't use deprecated iOS functions
md4: Only build when used
mime: Skip NULL assigns after Curl_safefree()
multi: Add handle asserts in DEBUG builds
multi: Add multi-ignore logic to multi_socket_action
multi: Free up more data earlier in DONE
- multi: Remove a few superfluous assigns
multi: Remove PENDING + MSGSENT handles from the main linked list
- ngtcp2: Adapted to 0.15.0
- ngtcp2: Adjust config and code checks for ngtcp2 without nghttp3
noproxy: Pointer to local array 'hostip' is stored outside scope
ntlm: Clear lm and nt response buffers before use
- openssl: Interop with AWS-LC
- OS400: Fix and complete ILE/RPG binding
- OS400: Implement EBCDIC support for recent features
OS400: Improve vararg emulation
- OS400: Provide ILE/RPG usage examples
pingpong: Fix compiler warning "assigning an enum to unsigned char"
pytest: Improvements for suitable curl and error output
- quiche: Disable pacing while pacing is not actually performed
quiche: Enable IDLE egress handling
RELEASE-PROCEDURE: Update to new schedule
rtsp: Convert mallocs to dynbuf for RTP buffering
- rtsp: Skip malformed RTSP interleaved frame data
rtsp: Skip NULL assigns after Curl_safefree()
runtests: Die if curl version can be found
runtests: Don't start servers if -l is given
runtests: Fix -c option when run with valgrind
runtests: Fix quoting in Appveyor and Azure test integration
runtests: Lots of refactoring
runtests: Refactor into more packages
runtests: Show error message if file can't be written
runtests: Spawn a new process for the test runner
rustls: Fix error in recv handling
- schannel: Add clarifying comment
server/getpart: Clear target buffer before load
- smb: Remove double assign
- smbserver: Remove temporary files before exit
- socketpair: Verify with a random value
ssh: Add support for libssh2 read timeout
telnet: Simplify the implementation of str_is_nonascii()
test1169: Fix so it works properly everywhere
test1592: Add flaky keyword
test1960: Point to the correct path for the precheck tool
test303: Kill server after test
tests/http: Add timeout to running curl in test cases
tests/http: Fix log formatting on wrong exit code
tests/http: Fix out-of-tree builds
tests/http: Improved httpd detection
tests/http: More tests with specific clients
tests/http: Relax connection check in test_07_02
tests/keywords.pl: Remove
tests/libtest/lib1900.c: Remove
tests/sshserver.pl: Define AddressFamily earlier
- tests: 1078 1288 1297 use valid IPv4 addresses
tests: Document that the unittest keyword is special
- tests: Increase sws timeout for more robust testing
tests: Log a too-long Unix socket path in sws and socksd
tests: Make test_12_01 a bit more forgiving on connection counts
- tests: Move pidfiles and portfiles under the log directory
- tests: Move server config files under the pid dir
tests: Silence some Perl::Critic warnings in test suite
tests: Stop using strndup(), which isn't portable
tests: Switch to 3-argument open in test suite
- tests: Turn perl modules into full packages
tests: Use %LOGDIR to refer to the log directory
tool_cb_hdr: Fix 'Location:' formatting for early VTE terminals
tool_operate: Pass a long as CURLOPT_HEADEROPT argument
tool_operate: Refuse (--data or --form) and --continue-at combo
transfer: Refuse POSTFIELDS + RESUME_FROM combo
- transfer: Skip extra assign
url: Fix null dispname for --connect-to option
- url: Fix PVS nits
url: Remove call to Curl_llist_destroy in Curl_close
- urlapi: Clean-ups and improvements
- urlapi: Detect and error on illegal IPv4 addresses
urlapi: Prevent setting invalid schemes with *url_set()
- urlapi: Skip a pointless assign
- urlapi: URL encoding for the URL missed the fragment
urldata: Copy CURLOPT_AWS_SIGV4 value on handle duplication
urldata: Shrink *select_bits int => unsigned char
- vlts: Use full buffer size when receiving data if possible
- vtls and h2 improvements
- Websocket: Enhanced en-/decoding
wolfssl.yml: Bump to version 5.6.0
write-out.d: use response_code in example
ws: Handle reads before EAGAIN better
Updated perl-Test-Valgrind (1.19) as per the Fedora version
Updated perl-Test-Warnings (0.031) as per the Fedora version
Updated perl-Test2-Plugin-NoWarnings (0.09) as per the Fedora version
Updated perl-Types-Serialiser (1.01) as per the Fedora version
Updated perl-Unicode-UTF8 (0.62) as per the Fedora version