#acl PaulHowarth:read,write,admin,revert,delete All:read === Wednesday 11th October 2023 === ==== Local Packages ==== * Updated `curl` (8.2.1) to fix cookie injection with none file ([[CVE:2023-38546|CVE-2023-38546]]) and SOCKS5 heap buffer overflow ([[CVE:2023-38545|CVE-2023-38545]]) * Updated `curl` to 8.4.0: * `curl`: Add support for the IPFS protocols via HTTP gateway * `curl_multi_get_handles`: Get easy handles from a multi handle * mingw: Delete support for legacy `mingw.org` toolchain * `acinclude.m4`: Document proper system truststore on FreeBSD * appveyor: Fix `yamlint` issues, indent * appveyor: Rewrite batch in !PowerShell + CI improvements * autotools: Adjust '`CURL_CA_PATH`' value to CMake * autotools: Restore '`HAVE_IOCTL_*`' detections * base64: Also build for `curl` * `bufq`: Remove `Curl_bufq_skip_and_shift` (unused) * build: Delete checks for C89 standard headers * build: Do not publish '`HAVE_BORINGSSL`', '`HAVE_AWSLC`' macros * cf-socket: Simulate slow/blocked receives in debug * cmake, configure: Also link with `CoreServices` * cmake: Add check for `suseconds_t` * cmake: Add feature checks for '`memrchr`' and '`getifaddrs`' * cmake: Add missing checks * cmake: Delete old '`HAVE_LDAP_URL_PARSE`' logic * cmake: Detect '`HAVE_CLOCK_GETTIME_MONOTONIC_RAW`' * cmake: Detect '`HAVE_GETADDRINFO_THREADSAFE`' * cmake: Detect '`sys/wait.h`' and '`netinet/udp.h`' * cmake: Detect TLS-SRP in OpenSSL/wolfSSL/GnuTLS * cmake: Disable unity mode with Windows Unicode + !TrackMemory * cmake: Fix '`HAVE_LDAP_SSL`', '`HAVE_LDAP_URL_PARSE`' on non-Windows * cmake: Fix '`HAVE_WRITABLE_ARGV`' detection * cmake: Fix duplicate symbols when linking tests * cmake: Fix missing '`zlib.h`' when compiling '`libcurltool`' * cmake: Fix `stderr` initialization in unity builds * cmake: Fix the help text to the static build option in `CMakeLists.txt` * cmake: Fix unity builds for more build combinations * cmake: Fix unity symbol collisions in h2 builds * cmake: Fix unity with Windows Unicode + !TrackMemory * cmake: Improve OpenLDAP builds * cmake: lib '`CURL_STATICLIB`' fixes (Windows) * cmake: Move global headers to specific checks * cmake: Pre-cache '`HAVE_BASENAME`' for mingw-w64 and MSVC * cmake: Pre-cache '`HAVE_POLL_FINE`' on Windows * cmake: Tidy-up '`NOT_NEED_LBER_H`' detection * cmake: Validate '`CURL_DEFAULT_SSL_BACKEND`' config value * configure: Check for the `capath` by default * configure: Remove unused checks * configure: Replace adhoc domain with 'localhost' in tests * configure: Sort `AC_CHECK_FUNCS` * `connect`: Expire the timeout when trying next * `connect`: Only start the happy eyeballs timer when needed * cookie: Do not store the expire or max-age strings * cookie: Remove unnecessary struct fields ([[CVE:2023-38546|CVE-2023-38546]]) * cookie: Set `->running` in `cookie_init` even if data is `NULL` * `create-dirs.d`: Clarify it also uses `--output-dirs` * `curl.h`: Mark `CURLSSLBACKEND_NSS` as deprecated since 8.3.0 * `curl_easy_pause.3`: Mention h2/h3 buffering * `curl_easy_pause.3`: Mention it works within callbacks * `curl_easy_pause`: Set "in callback" true on exit if true * `CURLOPT_DEBUGFUNCTION.3`: Warn about internal handles * `docs/libcurl/opts/Makefile.inc`: Add missing manpage files * docs: Adapt `SEE ALSO` sections to new requirements * docs: Explain how `PINNEDPUBLICKEY` is independent of `VERIFYPEER` * docs: Replace made up domains with `example.com` * docs: Update `curl` man page references * docs: Use `CURLSSLBACKEND_NONE` * doh: Inherit `DEBUGFUNCTION/DATA` * escape: Replace `Curl_isunreserved` with `ISUNRESERVED` * FAQ: How do I upgrade `curl.exe` in Windows? * GHA/linux: Run `singleuse` to detect single-use global functions * GHA: Add workflow to compare configure vs. cmake outputs * h2-proxy: Remove left-over mistake in `drain_tunnel()` * h2: Test case and fix for pausing h2 streams * h3: Add support for `ngtcp2` with AWS-LC builds * http2: Refused stream handling for retry * http: Fix `CURL_DISABLE_BEARER_AUTH` breakage * http: h1/h2 proxy unification * http: Remove wrong comment for `http_should_fail` * http: Use per-request counter to check too large headers * `http_aws_sigv4`: Fix sorting with empty parts * idn: Fix WinIDN null ptr deref on bad host * idn: If `idn2_check_version` returns `NULL`, return error * `inet_ntop`: Add typecast to silence Coverity * lib: Disambiguate `Curl_client_write` flag semantics * lib: Enable hmac for digest as well * lib: `failf`/`infof` compiler warnings * lib: Let the max filesize option stop too big transfers too * lib: Move handling of '`data->req.writer_stack`' into `Curl_client_write()` * lib: Provide and use `Curl_hexencode` * lib: Remove `TIME_WITH_SYS_TIME` * lib: Use wrapper for `curl_mime_data` `fseek` callback * `libssh2`: Fix error message on failed pubkey-from-file * `libssh`: Cap SFTP packet size sent * `Makefile.mk`: Always set '`CURL_STATICLIB`' for lib (Windows) * `MANUAL.md`: Change domain to `example.com` * misc: Better random strings * MQTT: Improve receive of ACKs * multi: Do `CURLM_CALL_MULTI_PERFORM` at two more places * multi: Fix small timeouts * multi: Remove `Curl_multi_dump` * multi: Round the timeout up to prevent early wakeups * multi: Set `CURLM_CALL_MULTI_PERFORM` after switch to `DOING_MORE` * openssl: Improve ssl shutdown handling * openssl: Use `X509_ALGOR_get0` instead of reaching into `X509_ALGOR` * `pytest`: Exclude `test_03_goaway` in CI runs due to timing dependency * quic: Set ciphers/curves the same way regular TLS does * quiche: Fix build error with `--with-ca-fallback` * `RELEASE-PROCEDURE.md`: Updated coming release dates * `runtests`: Display the test status if tests appear hung * `runtests`: Eliminate a warning on old perl versions * socks: Return error if hostname too long for remote resolve ([[CVE:2023-38545|CVE-2023-38545]]) * `src/mkhelp`: Make generated code pass '`checksrc`' * `test1056`: Disable on Windows * `test1474`: Disable test on NetBSD, OpenBSD and Solaris 10 * `test1592`: Greatly increase the maximum test timeout * `test1903`: Actually verify the cookies after the test * `test1906`: Set a lower timeout since it's hit on Windows * `test2600`: Remove special case handling for `USE_ALARM_TIMEOUT` * `test650`: Fix an end tag typo * `test661`: Return from test early in case of `curl` error * test: Add missing ``s * tests: Close the shell used to start `sshd` * tests: Fix a race condition in ftp server disconnect * tests: Fix compiler warnings * tests: Fix zombie processes left behind by FTP tests * tests: Improve `SLOWDOWN` test reliability by reducing sent data * tests: Increase `lib571` timeout from 3s to 30s * tests: Log the test result code after each `libtest` * tests: Propagate errors in libtests * tests: Set `--expect100-timeout` to improve test reliability * tests: Show which `curl` tool '`runtests.pl`' is using * tests: Stop overriding the lock timeout * `tftpd`: Always use `curl`'s own `tftp.h` * tool: Use our own `stderr` variable * `tool_cb_wrt`: Fix debug assertion * `tool_getparam`: Accept variable expansion on file names too * `tool_setopt`: Remove unused function `tool_setopt_flags` * `upload-file.d`: Describe the file name slash/backslash handling * url: Fall back to http/https proxy env-variable if `ws`/`wss` not set * url: Fix `netrc` info message * warnless: Remove unused functions * wolfssh: Do cleanup in `Curl_ssh_cleanup` * wolfssl: Allow `capath` with `CURLOPT_CAINFO_BLOB` * wolfssl: If `CURLOPT_CAINFO_BLOB` is set, ignore the CA files * wolfssl: Ignore errors in CA path ----