Wednesday 13th September 2023
Fedora Project
Updated perltidy to 20230912 in F-39 and Rawhide:
Remove a syntax error check that could cause an incorrect error message when List::Gather::gather was used (GH#124)
Local Packages
Updated curl to 8.3.0:
curl: Make %output{} in -w specify a file to write to
- gskit: Remove
lib: --disable-bindlocal builds curl without local binding support
- nss: Remove support for this TLS library
- tool: Add "variable" support
- trace: Make tracing available in non-debug builds
url: Change default value for CURLOPT_MAXREDIRS to 30
urlapi: CURLU_PUNY2IDN - convert from punycode to IDN name
- wolfssl: Support loading system CA certificates
- altsvc: Accept and parse IPv6 addresses in response headers
- asyn-ares: Reduce timeout to 2000ms
- aws-sigv4: Canonicalize the query
- aws-sigv4: Fix having date header twice in some cases
- aws-sigv4: Handle no-value user header entries
- bearssl: Don't load CA certs when peer verification is disabled
bearssl: Handshake fix, provide proper get_select_socks() implementation
build: Fix portability of mancheck and checksrc targets
- build: Streamline non-UWP wincrypt detections
c-hyper: Adjust the hyper to curlcode conversion
c-hyper: Fix memory leaks in 'Curl_http'
cf-haproxy: Make CURLOPT_HAPROXY_CLIENT_IP set the source IP
- cf-socket: Log successful interface bind
CI/cirrus: Disable python install on FreeBSD
- CI: Add a 32-bit i686 Linux build
- CI: Add caching to many jobs
CI: Move on to ngtcp2 v0.19.1
- CI: Move the Alpine build from Cirrus to GHA
- CI: ngtcp2-linux: Use separate caches for tls libraries
- CI: Remove Windows builds from Cirrus, without replacement
- CI: Switch macOS ARM build from Cirrus to Circle CI
CI: Use master again for wolfssl
cirrus: Install everything with pkg, avoid pip
- cmake: Add GnuTLS option
cmake: Add support for 'CURL_DEFAULT_SSL_BACKEND'
cmake: Add support for single libcurl compilation pass
cmake: Allow 'SHARE_LIB_OBJECT=ON' on all platforms
cmake: Assume 'wldap32' availability on Windows
- cmake: Cache more config and delete unused ones
cmake: Detect 'SSL_set0_wbio' in OpenSSL
cmake: Drop 'HAVE_LIBWINMM' and 'HAVE_LIBWS2_32' feature checks
cmake: Fix to use variable for the curl namespace
- cmake: Fixup H2 duplicate symbols for unity builds
cmake: Set SIZEOF_LONG_LONG in curl_config.h
cmake: Support building static and shared libcurl in one go
- cmdline-docs: Make sure to phrase it as "added in ...."
- cmdline-docs: Use present tense, not future
- cmdline-opts/docs: Mention the negative option part
cmdline-opts/page-header: Clarify stronger that !opt == URL
- cmdline-opts/page-header: Reorder, clean up
- configure, cmake, lib: More form API deprecation
configure: Fix 'HAVE_TIME_T_UNSIGNED' check
configure: Trust pkg-config when it's used for zlib
configure: Use the pkg-config --libs-only-l flag for libssh2
connect: Stop halving the remaining timeout when less than 600 ms left
cookie-jar.d: Emphasize that this option is only writing cookies
- crypto: Ensure crypto initialization works
curl_url_get/set.3: Add missing semicolon in SYNOPSIS
CURLINFO_CERTINFO.3: Better explain curl_certinfo struct
CURLINFO_TLS_SSL_PTR.3: Clarify a recommendation
CURLOPT_*TIMEOUT*: Extend and clarify
CURLOPT_SSL_VERIFYPEER.3: Mention it does not load CA certs when disabled
CURLOPT_URL.3: Add two URL API calls in the see-also section
CURLOPT_URL.3: Explain curl_url_set() uses the same parser
- digest: Use hostname to generate spn instead of realm
disable.d: Explain --disable not implemented prior to 7.50.0
docs/cmdline-opts/gen.pl: Hide "added in" before 7.50.0
docs/cmdline-opts: Match the current output
docs/cmdline-opts: Spellfixes, typos and polish
docs/cmdline: Add small "warning" to verbose options
docs/cmdline: Remove repeated working for negotiate + ntlm
docs/HYPER.md: Document a workaround for a link error
docs: Add curl_global_trace to some SEE ALSO sections
- docs: Link to the website versions instead of markdowns
docs: Mark --ssl-revoke-best-effort as Schannel specific
docs: Mention critical files in same directories as curl saves
docs: Removing "pausing transfers" from HYPER.md
- docs: Rewrite to present tense
easy: Remove #ifdefs to make code easier on the eye
egd: Delete feature detection and related source code
- ftp: Fix temp write of ipv6 address
gen.pl: Escape all dashes (ascii minus) to avoid unicode hyphens
gen.pl: Replace all single quotes with aq
- GHA: Adding quiche workflow
- headers: Accept leading whitespaces on first response header
- http2: Avoid too early connection re-use/multiplexing
- http2: Clean up trace messages
- http2: Disable assertion blocking OSSFuzz testing
http2: Fix in h2 proxy tunnel: progress in ingress on sending
http2: Polish things around POST
- http2: Upgrade tests and add fix for non-existing stream
- http3/ngtcp2: Shorten handshake, trace clean up
- http3: Quiche, handshake optimization, trace clean up
- http: Close the connection after a late 417 is received
http: Do not require a user name when using CURLAUTH_NEGOTIATE
- http: Fix sending of large requests
http: Remove the p_pragma struct field
http: Return error when receiving too large header set (CVE-2023-38039)
- hyper: Fix a progress upload counter bug
- hyper: Fix ownership problems
hyper: Remove 'hyptransfer->endtask'
imap: Add a check for failing strdup()
imap: Remove the only sscanf() call in the IMAP code
include.d: Explain headers not printed with --fail before 7.75.0
include/curl/mprintf.h: Add __attribute__ for the prototypes
- krb5: Fix "implicit conversion loses integer precision" warnings
- lib: Add ability to disable auths individually
- lib: Build fixups when built with most things disabled
lib: Fix a few *printf() flag mistakes
- lib: Fix null ptr derefs and uninitialized vars (h2/h3)
lib: Move mimepost data from ->req.p.http to ->state
libtest: Use curl_free() to free libcurl allocated data
list-only.d: Mention SFTP as supported protocol
- macOS: Fix target detection more
- misc: Fix various typos
multi.h: The 'revents' field of curl_waitfd is supported
multi: More efficient pollfd count for poll
multi: Remove 'processing: <url>' debug message
ngtcp2: Fix handling of large requests
openssl: Auto-detect 'SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED'
openssl: Clear error queue after SSL_shutdown
- openssl: Make aws-lc version support OCSP
- openssl: Support async cert verify callback
- openssl: Switch to modern init for LibreSSL 2.7.0+
openssl: Use 'SSL_CTX_set_ciphersuites' with LibreSSL 3.4.1
openssl: Use 'SSL_CTX_set_keylog_callback' with LibreSSL 3.5.0
openssl: When CURLOPT_SSL_CTX_FUNCTION is registered, init x509 store before
- os400: Build test servers
- os400: Do not check translatable options at build time
- os400: Implement CLI tool
page-footer: QLOGDIR works with ngtcp2 and quiche
page-header: Move up a URL paragraph from GLOBBING to URL
pytest: Fix check for slow_network skips to only apply when intended
- quic: Don't set SNI if hostname is an IP address
quiche: Adjust quiche 'QUIC_IDLE_TIMEOUT' to 60s
- quiche: Enable quiche to handle timeout events
resolve: Use PF_INET6 family lookups when CURL_IPRESOLVE_V6 is set
Revert "schannel: reverse the order of certinfo insertions"
- schannel: Fix ordering of cert chain info
- schannel: Fix user-set legacy algorithms in Windows 10 and 11
- schannel: Verify hostname independent of verify cert
- sectransp: Fix compiler warnings
sectransp: Prevent CFRelease() of NULL
secureserver.pl: Fix stunnel path quoting
secureserver.pl: Fix stunnel version parsing
SECURITY-PROCESS.md: Not a sec issue: Tricking user to run a cmdline
system.h: Add CURL_OFF_T definitions on HP-UX with HP aCC
test1304: Build and skip without netrc support
test1554: Check translatable string options in OS400 wrapper
test1608: Make it build and get skipped without shuffle DNS support
test687/688: Two more basic --xattr tests
tests/tftpd+mqttd: Make variables static to silence picky warnings
tests: Add 'large-time' as a testable feature
tests: Add support for nested %if conditions
- tests: Don't call HTTP errors OK in test cases
tests: Ensure 'libcurl.def' contains all exports
- tests: Fix h3 server check and parallel instances
- tests: TLS session sharing test
- tests: Update cookie expiry dates to far in the future
time-cond.d: Mention what happens on a missing file
tool: Avoid including leading spaces in the Location hyperlink
tool: Change some fopen failures from warnings to errors
tool: Make the length argument an int for printf()-.* flags
tool_cb_wrt: Fix invalid unicode for windows console
tool_filetime: Make -z work with file dates before 1970
tool_operate: Allow both SSL_CERT_FILE and SSL_CERT_DIR
tool_operate: Make aws-sigv4 not require TLS to be used
tool_paramhlp: Improve str2num(): Avoid unnecessary call to strlen()
tool_urlglob: Use the correct format specifier for curl_off_t in msnprintf
- transfer: Also stop the sending on closed connection
transfer: Don't set TIMER_STARTTRANSFER on first send
unit2600: Fix build warning if built without verbose messages
url: Remove infof() output for "still name resolving"
urlapi: Fix heap buffer overflow
urlapi: Make sure zoneid is also duplicated in curl_url_dup
urlapi: Return CURLUE_BAD_HOSTNAME if puny2idn encoding fails
urlapi: Setting a blank URL ("") is not an ok URL
vquic: Show stringified messages for errno
- vtls: Clarify "ALPN: offers" message
winbuild: Improve check for static zlib
- wolfSSL: Avoid the OpenSSL compat API when not needed
workflows/macos.yml: Disable zstd and alt-svc in the http-only build
write-out.d: Clarify %{time_starttransfer}
- ws: Fix spelling mistakes in examples and tests
I dropped support for EL < 8 and Fedora < 27 with this build since the native curl versions there use NSS and I don't want to replace them with an openssl-based version, which would be too risky from a compatibility perspective; I intend to keep the builds for those old distributions at version 8.2.1 and will apply patches for CVEs until the EL-7 end of life next June
Updated perl-Perl-Tidy to 20230912 as per the Fedora perltidy package