#acl PaulHowarth:read,write,admin,revert,delete All:read === Wednesday 13th September 2023 === ==== Fedora Project ==== * Updated `perltidy` to 20230912 in F-39 and Rawhide: * Remove a syntax error check that could cause an incorrect error message when `List::Gather::gather` was used ([[https://github.com/perltidy/perltidy/issues/124|GH#124]]) ==== Local Packages ==== * Updated `curl` to 8.3.0: * `curl`: Make `%output{}` in `-w` specify a file to write to * gskit: Remove * lib: `--disable-bindlocal` builds `curl` without local binding support * nss: Remove support for this TLS library * tool: Add "variable" support * trace: Make tracing available in non-debug builds * url: Change default value for `CURLOPT_MAXREDIRS` to 30 * `urlapi`: `CURLU_PUNY2IDN` - convert from punycode to IDN name * wolfssl: Support loading system CA certificates * altsvc: Accept and parse IPv6 addresses in response headers * asyn-ares: Reduce timeout to 2000ms * aws-sigv4: Canonicalize the query * aws-sigv4: Fix having date header twice in some cases * aws-sigv4: Handle no-value user header entries * bearssl: Don't load CA certs when peer verification is disabled * bearssl: Handshake fix, provide proper `get_select_socks()` implementation * build: Fix portability of `mancheck` and `checksrc` targets * build: Streamline non-UWP wincrypt detections * c-hyper: Adjust the `hyper` to `curlcode` conversion * c-hyper: Fix memory leaks in '`Curl_http`' * cf-haproxy: Make `CURLOPT_HAPROXY_CLIENT_IP` set the ''source'' IP * cf-socket: Log successful interface bind * CI/cirrus: Disable `python` install on FreeBSD * CI: Add a 32-bit i686 Linux build * CI: Add caching to many jobs * CI: Move on to `ngtcp2` v0.19.1 * CI: Move the Alpine build from Cirrus to GHA * CI: ngtcp2-linux: Use separate caches for tls libraries * CI: Remove Windows builds from Cirrus, without replacement * CI: Switch macOS ARM build from Cirrus to Circle CI * CI: Use `master` again for wolfssl * cirrus: Install everything with pkg, avoid `pip` * cmake: Add GnuTLS option * cmake: Add support for '`CURL_DEFAULT_SSL_BACKEND`' * cmake: Add support for single `libcurl` compilation pass * cmake: Allow '`SHARE_LIB_OBJECT=ON`' on all platforms * cmake: Assume '`wldap32`' availability on Windows * cmake: Cache more config and delete unused ones * cmake: Detect '`SSL_set0_wbio`' in OpenSSL * cmake: Drop '`HAVE_LIBWINMM`' and '`HAVE_LIBWS2_32`' feature checks * cmake: Fix to use variable for the `curl` namespace * cmake: Fixup H2 duplicate symbols for unity builds * cmake: Set `SIZEOF_LONG_LONG` in `curl_config.h` * cmake: Support building static and shared `libcurl` in one go * cmdline-docs: Make sure to phrase it as "added in ...." * cmdline-docs: Use present tense, not future * cmdline-opts/docs: Mention the negative option part * cmdline-opts/page-header: Clarify stronger that `!opt == URL` * cmdline-opts/page-header: Reorder, clean up * configure, cmake, lib: More form API deprecation * configure: Fix '`HAVE_TIME_T_UNSIGNED`' check * configure: Trust `pkg-config` when it's used for `zlib` * configure: Use the `pkg-config --libs-only-l` flag for `libssh2` * `connect`: Stop halving the remaining timeout when less than 600 ms left * `cookie-jar.d`: Emphasize that this option is ''only'' writing cookies * crypto: Ensure crypto initialization works * `curl_url_get`/`set.3`: Add missing semicolon in `SYNOPSIS` * `CURLINFO_CERTINFO.3`: Better explain `curl_certinfo` struct * `CURLINFO_TLS_SSL_PTR.3`: Clarify a recommendation * `CURLOPT_*TIMEOUT*`: Extend and clarify * `CURLOPT_SSL_VERIFYPEER.3`: Mention it does not load CA certs when disabled * `CURLOPT_URL.3`: Add two URL API calls in the see-also section * `CURLOPT_URL.3`: Explain `curl_url_set()` uses the same parser * digest: Use hostname to generate spn instead of realm * `disable.d`: Explain `--disable` not implemented prior to 7.50.0 * `docs/cmdline-opts/gen.pl`: Hide "added in" before 7.50.0 * `docs/cmdline-opts`: Match the current output * `docs/cmdline-opts`: Spellfixes, typos and polish * `docs/cmdline`: Add small "warning" to verbose options * `docs/cmdline`: Remove repeated working for negotiate + ntlm * `docs/HYPER.md`: Document a workaround for a link error * docs: Add `curl_global_trace` to some `SEE ALSO` sections * docs: Link to the website versions instead of markdowns * docs: Mark `--ssl-revoke-best-effort` as `Schannel` specific * docs: Mention critical files in same directories as `curl` saves * docs: Removing "pausing transfers" from `HYPER.md` * docs: Rewrite to present tense * easy: Remove `#ifdefs` to make code easier on the eye * `egd`: Delete feature detection and related source code * ftp: Fix temp write of ipv6 address * `gen.pl`: Escape all dashes (ascii minus) to avoid unicode hyphens * `gen.pl`: Replace all single quotes with `aq` * GHA: Adding quiche workflow * headers: Accept leading whitespaces on first response header * http2: Avoid too early connection re-use/multiplexing * http2: Clean up trace messages * http2: Disable assertion blocking OSSFuzz testing * http2: Fix in `h2` proxy tunnel: progress in ingress on sending * http2: Polish things around `POST` * http2: Upgrade tests and add fix for non-existing stream * http3/ngtcp2: Shorten handshake, trace clean up * http3: Quiche, handshake optimization, trace clean up * http: Close the connection after a late 417 is received * http: Do not require a user name when using `CURLAUTH_NEGOTIATE` * http: Fix sending of large requests * http: Remove the `p_pragma` struct field * http: Return error when receiving too large header set ([[CVE:CVE-2023-38039|CVE-2023-38039]]) * hyper: Fix a progress upload counter bug * hyper: Fix ownership problems * hyper: Remove '`hyptransfer->endtask`' * imap: Add a check for failing `strdup()` * imap: Remove the only `sscanf()` call in the `IMAP` code * `include.d`: Explain headers not printed with `--fail` before 7.75.0 * `include/curl/mprintf.h`: Add `__attribute__` for the prototypes * krb5: Fix "implicit conversion loses integer precision" warnings * lib: Add ability to disable auths individually * lib: Build fixups when built with most things disabled * lib: Fix a few `*printf()` flag mistakes * lib: Fix null ptr derefs and uninitialized vars (h2/h3) * lib: Move `mimepost` data from `->req.p.http` to `->state` * libtest: Use `curl_free()` to free `libcurl` allocated data * `list-only.d`: Mention SFTP as supported protocol * macOS: Fix target detection more * misc: Fix various typos * `multi.h`: The '`revents`' field of `curl_waitfd` is supported * multi: More efficient `pollfd` count for `poll` * multi: Remove '`processing: `' debug message * `ngtcp2`: Fix handling of large requests * openssl: Auto-detect '`SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED`' * openssl: Clear error queue after `SSL_shutdown` * openssl: Make aws-lc version support OCSP * openssl: Support async cert verify callback * openssl: Switch to modern init for LibreSSL 2.7.0+ * openssl: Use '`SSL_CTX_set_ciphersuites`' with LibreSSL 3.4.1 * openssl: Use '`SSL_CTX_set_keylog_callback`' with LibreSSL 3.5.0 * openssl: When `CURLOPT_SSL_CTX_FUNCTION` is registered, init x509 store before * os400: Build test servers * os400: Do not check translatable options at build time * os400: Implement CLI tool * page-footer: `QLOGDIR` works with `ngtcp2` and `quiche` * page-header: Move up a URL paragraph from `GLOBBING` to `URL` * `pytest`: Fix check for `slow_network` skips to only apply when intended * quic: Don't set SNI if hostname is an IP address * quiche: Adjust quiche '`QUIC_IDLE_TIMEOUT`' to 60s * quiche: Enable quiche to handle timeout events * resolve: Use `PF_INET6` family lookups when `CURL_IPRESOLVE_V6` is set * Revert "`schannel: reverse the order of certinfo insertions`" * schannel: Fix ordering of cert chain info * schannel: Fix user-set legacy algorithms in Windows 10 and 11 * schannel: Verify hostname independent of verify cert * sectransp: Fix compiler warnings * sectransp: Prevent `CFRelease()` of `NULL` * `secureserver.pl`: Fix `stunnel` path quoting * `secureserver.pl`: Fix `stunnel` version parsing * `SECURITY-PROCESS.md`: Not a sec issue: Tricking user to run a cmdline * `system.h`: Add `CURL_OFF_T` definitions on HP-UX with HP aCC * `test1304`: Build and skip without `netrc` support * `test1554`: Check translatable string options in OS400 wrapper * `test1608`: Make it build and get skipped without shuffle DNS support * `test687`/`688`: Two more basic `--xattr` tests * `tests/tftpd`+`mqttd`: Make variables static to silence picky warnings * tests: Add '`large-time`' as a testable feature * tests: Add support for nested `%if` conditions * tests: Don't call HTTP errors OK in test cases * tests: Ensure '`libcurl.def`' contains all exports * tests: Fix h3 server check and parallel instances * tests: TLS session sharing test * tests: Update cookie expiry dates to far in the future * `time-cond.d`: Mention what happens on a missing file * tool: Avoid including leading spaces in the `Location` hyperlink * tool: Change some `fopen` failures from warnings to errors * tool: Make the length argument an `int` for `printf()-.*` flags * `tool_cb_wrt`: Fix invalid unicode for windows console * `tool_filetime`: Make `-z` work with file dates before 1970 * `tool_operate`: Allow both `SSL_CERT_FILE` and `SSL_CERT_DIR` * `tool_operate`: Make aws-sigv4 not require TLS to be used * `tool_paramhlp`: Improve `str2num()`: Avoid unnecessary call to `strlen()` * `tool_urlglob`: Use the correct format specifier for `curl_off_t` in `msnprintf` * transfer: Also stop the sending on closed connection * transfer: Don't set `TIMER_STARTTRANSFER` on first send * `unit2600`: Fix build warning if built without verbose messages * url: Remove `infof()` output for "still name resolving" * `urlapi`: Fix heap buffer overflow * `urlapi`: Make sure zoneid is also duplicated in `curl_url_dup` * `urlapi`: Return `CURLUE_BAD_HOSTNAME` if puny2idn encoding fails * `urlapi`: Setting a blank URL ("") is not an ok URL * vquic: Show stringified messages for `errno` * vtls: Clarify "ALPN: offers" message * winbuild: Improve check for static `zlib` * wolfSSL: Avoid the OpenSSL compat API when not needed * `workflows/macos.yml`: Disable `zstd` and `alt-svc` in the http-only build * `write-out.d`: Clarify `%{time_starttransfer}` * ws: Fix spelling mistakes in examples and tests . I dropped support for EL < 8 and Fedora < 27 with this build since the native `curl` versions there use NSS and I don't want to replace them with an openssl-based version, which would be too risky from a compatibility perspective; I intend to keep the builds for those old distributions at version 8.2.1 and will apply patches for CVEs until the EL-7 end of life next June * Updated `perl-Perl-Tidy` to 20230912 as per the Fedora `perltidy` package ----