PaulHowarth/Blog/2024-07-24

Wednesday 24th July 2024

Local Packages

• Updated curl to 8.9.0:

  • curl: Add --ip-tos (IP Type of Service/Traffic Class)

  • curl: Add --mptcp

  • curl: Add --vlan-priority

  • curl: Add -w %{num_retries}

  • gnutls: Support CA caching

  • mbedtls: Support CURLOPT_CERTINFO

  • noproxy: Patterns need to be comma-separated

  • socket: Support binding to interface and IP

  • tcpkeepalive: Add CURLOPT_TCP_KEEPCNT and --keepalive-cnt

  • urlapi: Add CURLU_NO_GUESS_SCHEME

  • wolfssl: Support CA caching

  • (lib)curl.rc: Set debug flag also for 'CURLDEBUG' and 'UNITTESTS'

  • asyn-thread: Avoid using GetAddrInfoExW with impersonation

  • aws-sigv4: URL encode the canonical path

  • BINDINGS: Update java link to one that exists

  • build: Add Debug, TrackMemory, ECH to feature list

  • build: Add more supported attributes to the IAR compiler
  • build: Fix llvm 16 or older + Xcode 15 or newer, and gcc
  • build: Fix llvm 17 and older + macOS SDK 14.4 and newer
  • build: Sync warning options between autotools, cmake and compilers

  • build: Tidy up '__builtin_available' feature checks (Apple)

  • build: Untangle 'CURLDEBUG' and 'DEBUGBUILD' macros

  • build: Use '#error' instead of invalid syntax

  • cd2nroff: Convert two warnings to errors

  • cd2nroff: Use an empty "##" to signal end of .IP sequence

  • cf-socket: Improve SO_SNDBUF update for Winsock

  • cf-socket: Optimize curlx_nonblock() and check its return error

  • cf-socket: Remove obsolete recvbuf

  • cf-socket: Remove two "useless" assignments

  • cfilters: Make Curl_conn_connect always assign 'done'

  • cmake: Add CURL_USE_GSASL option with detection + CI test

  • cmake: Allow 'ENABLE_CURLDEBUG=OFF' with 'ENABLE_DEBUG=ON'

  • cmake: Allow SOVERSION override with 'CURL_LIBCURL_SOVERSION'

  • cmake: Alpha-sort feature list

  • cmake: Always build unit tests with the 'testdeps' target

  • cmake: Bring 'curl-config.cmake' closer to 'FindCURL'

  • cmake: Create 'configurehelp.pm' like autotools does

  • cmake: Delete unused 'HAVE_LIBSSH2', 'HAVE_LIBSOCKET' macros

  • cmake: Detect 'libidn2' also via 'pkg-config'

  • cmake: Enable SOVERSION for Cygwin and 'CMAKE_DLL_NAME_WITH_SOVERSION'

  • cmake: Fix '-Wredundant-decls' in unity/mingw-w64 builds

  • cmake: Fix brotli lib order

  • cmake: Fix building 'unit1600' due to missing 'ssl/openssl.h'

  • cmake: Fix building in unity mode
  • cmake: Fix building with both md4 and md5 in unity mode

  • cmake: Fix builds with detected libidn2 lib but undetected header

  • cmake: Fix feature and protocol lists for SecureTransport

  • cmake: Fix quotes when appending multiple options (SecureTransport)

  • cmake: Fix test 1013 with websockets enabled and no TLS
  • cmake: Improve wolfSSL detection
  • cmake: Show protocols, then features

  • cmake: Stop setting SOVERSION for the static lib target

  • cmake: Sync CA bundle/path detection with autotools

  • cmake: Sync protocol/feature list with 'curl -V' output

  • cmake: Use 'APPLE' instead of 'CMAKE_SYSTEM_NAME' string
  • cmake: Whitespace, formatting/tidy-up in comments
  • cmdline-docs: "added in" clean-ups

  • cmdline-docs: Fix '--proxy-ca-native' example and tidy-ups

  • cmdline-opts/_PROTOCOLS.md: Mention WS(S)

  • cmdline-opts/ech.md: Shorten the help text

  • cmdline-opts/fail.md: Expand and clarify

  • cmdline-opts/interface.md: Expand the documentation

  • cmdline-opts: Category clean-up
  • cmdline-opts: Expand the parallel explanations
  • cmdline-opts: Shorten six help texts
  • cmdline: Expand proxy option explanations
  • code: Language clean-up in comments
  • configure: CA bundle/path detection fixes

  • configure: Fix 'SystemConfiguration' detection

  • configure: Fix pkg-config library name 'libnghttp3'

  • configure: Fix pkg-config names (zstd, ngtcp2*)

  • configure: Limit 'SystemConfiguration' test to non-c-ares, IPv6 builds

  • configure: Remove 'deeper' checks for 'AC_CHECK_FUNCS'

  • configure: Require a QUIC library if nghttp3 is used

  • configure: Sort feature list, lowercase protocols, use backticks

  • configure: Use '$EGREP' in place of 'grep -E'

  • configure: Use AC_MSG_WARN for TLS/experimental warning texts

  • connect-to.md: Expand with examples

  • connection: Shutdown TLS (for FTP) better

  • cookie-jar.md: See also --junk-session-cookies

  • curl-config: Revert to backticks to support old target envs

  • curl: Allow etag and content-disposition for 3xx reply

  • curl: bsearch the --write-out variable name

  • curl: Check for --disable case-sensitively

  • curl: List categories in --help

  • curl: Make warnings and other messages aware of terminal width

  • curl: Output "flying saucers" with leading carriage return

  • curl_easy_escape: Elaborate a little on encoding a URL

  • curl_mprintf.md: Add missing comma

  • curl_multi_poll.md: Expand the example with an custom file descriptor

  • curl_str[n]equal.md: Tidy up text to make them stand-alone

  • curl_url_set.md: libcurl only parses :// URLs

  • curl_url_set: Elaborate on scheme guessing

  • curldown: Make 'added-in:' a mandatory header field

  • CURLOPT_CONNECTTIMEOUT*: Clarify, document the millisecond version

  • CURLOPT_ECH.md: Remove repeated 'if'

  • CURLOPT_NETRC.md: Clarify what it does on Windows

  • CURLOPT_RESOLVE.md: Mention hostname can be wildcard ('*')

  • CURLOPT_SSL_VERIFYHOST.md: Refresh

  • CURLOPT_TLSAUTH_PASSWORD/USERNAME.md: Language fixups

  • DISTROS: Add a link to the list archive

  • DISTROS: Add AlmaLinux package source link

  • DISTROS: Add MSYS2 (native) links

  • docs/cmdline-opts: Fix mail-auth example TLD typo

  • docs/cmdline-opts: Remove two superfluous "Added in" mentions

  • docs/libcurl: Polish the single-line descriptions

  • docs/Makefile.am: Make curl-config.1 install

  • docs: Reference non deprecated libcurl options

  • docs: Start markdown headers with capital letter where applicable

  • doh-insecure.md: Expand

  • doh: Fix clean-up
  • doh: Fix leak and zero-length HTTPS RR crash

  • dump-header.md: Mention minus for stdout

  • examples/threaded-ssl: Remove locking callback code

  • examples: Add missing binaries to .gitignore

  • examples: Delete unused includes
  • examples: Fix compiling with MSVC
  • examples: Suppress deprecation warnings locally

  • FEATURES.md: Refresh

  • file: Separate fake headers and body with a stand-alone CRLF
  • ftp: Remove redundant null pointer check in loop condition

  • get.d: Clarify the explanation

  • GHA/windows: Add MSVC wolfSSL job with test
  • GHA/windows: Ignore FTP test results for old-mingw-w64
  • GHA: Add MSVC UWP job, expand jobs with more options
  • GHA: Detect and warn for more English contractions

  • GHA: Disable MQTT and WebSocket tests in Windows jobs

  • GHA: Disable TFTP tests in Windows jobs
  • GHA: Enable tests 1139, 1177, 1477 on Windows
  • GHA: Improve vcpkg cache, add BoringSSL ECH and LibreSSL MSVC jobs
  • GHA: Unify http3 workflows into one
  • GHA: Use vcpkg to install packages for MSVC jobs

  • GIT-INFO.md: Remove version requirements

  • gnutls: Improve TLS shutdown
  • gnutls: Pass in SNI name, not hostname when checking cert
  • help: Add flags to output and ssh categories
  • hostip: Skip error check for infallible function call
  • http/3: Add shutdown support
  • http/3: Resume upload on ack if we have more data to send
  • http: Remove "struct HTTP"
  • http: Write last header line late
  • idn: Fix ß with AppleIDN
  • idn: Make macidn fail before trying conversion if name too long

  • idn: Tweak buffer use when converting with macidn (CVE-2024-6874)

  • lib/v*: Tidy up types and casts

  • lib: Add a few DEBUGASSERT(data) to aid code analyzers

  • lib: Add failure reason on bind errors
  • lib: Fix gcc warning in certain debug builds
  • lib: Fix thread entry point to return 'DWORD' on WinCE
  • lib: Graceful connection shutdown

  • lib: Prefer 'var = time(NULL)' over 'time(&var)'

  • lib: Tidy up types and casts

  • lib: xfer_setup and non-blocking shutdown

  • libcurl-docs: Make option lists alpha-sorted

  • libcurl-easy.md: Now more than 300 options

  • libcurl.pc: Add 'Requires.private', 'Requires' for static linking

  • libcurl.pc: Add more 'Requires.private'/'Requires' dependencies

  • libssh: Remove CURLOPT_SSL_VERIFYHOST check

  • macos: Add workaround for gcc, non-c-ares, IPv6, compile error
  • macos: Undo 'availability' macro enabled by Homebrew gcc
  • managen: "added in" fixes
  • managen: Clean-ups to generate nicer-looking output
  • managen: Error on trailing blank lines in input files
  • managen: Fix removing backticks from subtitles

  • managen: Insert final .fi for files ending with a quote

  • managen: Introduce "Multi: per-URL"

  • managen: Only output .RE for manpage output

  • managen: Output tabs for each 8 leading spaces
  • managen: Warn on excessively long help texts

  • MANUAL.md: Wrap two example urls that overrun styling

  • mbedtls: Check version before getting tls version
  • mbedtls: Check version for cipher id
  • mbedtls: Correct the error message for cert blob parsing failure
  • mbedtls: Send close-notify on close
  • mbedtls: v3.6.0 workarounds
  • md4: Fix compilation with OpenSSL 1.x with md4 disabled
  • misc: Fix typos

  • mk-ca-bundle.pl: Delay 'curl -V' execution until it is needed

  • multi: Add multi->proto_hash, a key-value store for protocol data

  • multi: Do a final progress update on connect failure

  • multi: Fix multi_wait() timeout handling

  • multi: Fix pollset during RESOLVING phase

  • multi: multi_getsock(), check correct socket

  • ngtcp2+quictls: Fix cert-status use

  • noproxy: Test bad ipv6 net size first
  • openssl/gnutls: Rectify the TLS version checks for QUIC

  • openssl: Fix %-specifier in infof() call

  • openssl: Fix hostname handling when using ECH
  • openssl: Stop duplicate ssl key logging for legacy OpenSSL
  • os400: Make it compilable again
  • pytest: Add ftp upload tests

  • pytest: Include testenv/vsftpd.py in dist tarball

  • quic: Enable UDP GRO
  • quic: openssl quic, cmake and doc version update to 3.3.0
  • quic: Require at least OpenSSL 3.3 for QUIC
  • quic: Update to quiche 0.22.0

  • quiche: Fix operand of ‘?:’ changes signedness

  • request.md: Language fix

  • request: Change the struct field bodywrites to a bool, only for hyper

  • reuse: Switch to REUSE 3.2 and REUSE.toml

  • runtests: Show name and keywords for failed tests in summary
  • runtests: Sort test IDs in summary lines

  • runtests: Support %DATE for YYYY-MM-DD of right now

  • runtests: Support %VERNUM

  • runtests: Support crlf="yes" for the <stderr> section

  • sectransp: Fix 'HAVE_BUILTIN_AVAILABLE' checks to not emit warnings

  • sectransp: Fix clang compiler warnings, stop silencing them
  • sectransp: Remove large cipher table
  • sectransp: Use common code for cipher suite lookup
  • sendf: Fix CRLF conversion of input
  • smtp: For starttls, do full upgrade

  • socket: Change TCP keepalive from ms to seconds on DragonFly BSD

  • socket: Use SOCK_NONBLOCK to eliminate extra system call

  • socketpair: Add 'eventfd' and use 'SOCK_NONBLOCK' for 'socketpair()'

  • src/Makefile.am: Remove SUBDIRS assignment

  • system_win32: Add missing curl.h include

  • tcpkeepalive: Support TCP keep-alive parameters on Solaris <11.4

  • test1119: Adapt for '.md' input

  • test1139: Scan .md files instead of .3 ones

  • test1175: Scan libcurl-errors.md, not the generated .3 version

  • test1486: Verify that write-out.md and tool_writeout.c are in sync

  • test2600: Disable on win32

  • test: Add test1484, for HEAD with content

  • test: Add test1546, chunked not last transfer encoding

  • tests/scripts: Call it 'manpage' (single word)

  • tests: Add pytest for --ciphers and --tls13-ciphers options

  • tests: Delete 'CharConv' remains

  • tests: Delete redundant '!MSDOS' guard

  • tests: Extend user/password parsing test1620

  • tests: Fix sshd IdentityFile path for MinGW/Cygwin

  • tests: Fix sshd UserKnownHostsFile path for MinGW/Cygwin

  • tests: Include current directory when running test Perl commands
  • tests: Log "Throwing away" messages before throwing away

  • tests: Run with "--trace-config all" to provide even more info

  • tests: Sync feature names with 'curl -V'

  • tests: test_17_ssl_use.py clarify mbedTLS TLSv1.3 support

  • tests: Use exec when spawning nghttpx

  • tidy-up: Use consistent casing for Windows directories

  • TODO: Remove some old, clarify, add something

  • tool_cb_hdr: Return error for failed header writes

  • tool_operate: Avoid explicitly setting verifypeer to 1

  • tool_operate: Simplify return code handling from url_proto()

  • tool_writeout: Get certinfo only when needing it

  • trace-ascii.md: Mention "%" for stderr

  • transfer: Avoid polling socket every transfer loop
  • transfer: conn close on paused upload

  • transfer: Do not use EXPIRE_NOW while blocked

  • transfer: Remove curl_upload_refill_watermark, no longer used

  • transfer: Set CSELECT_IN if there is data pending

  • unit2604: Use 'unitfail' instead of 'error' variable

  • url: Allow DoH transfers to override max connection limit

  • urlapi: Remove unused definition of HOST_BAD

  • variable.md: Make example use expand

  • verify-synopsis.pl: Work with .md files

  • vms: Fixed language in comment
  • vtls: Deprioritize Secure Transport

  • vtls: Replace addsessionid with set_sessionid

  • winbuild: Fix PE version info debug flag
  • winbuild: MS-DOS batch tidy-ups
  • winbuild: Remove outdated WIN32 defines
  • windows: Fix UWP builds, add GHA job

  • winsock: Move SO_SNDBUF update into cf-socket

  • wolfssl: Assume key_file equal to clientcert if no key_file

  • wolfssl: Use larger error buffer when formatting errors

  • x509asn1: Add some common ECDSA OIDs

  • x509asn1: ASN1tostr() should fail when 'constructed' is set

  • x509asn1: Fallback to dotted OID representation

  • x509asn1: Make Curl_extract_certinfo store error message

  • x509asn1: Prevent NULL dereference

  • x509asn1: Remove superfluous free() (CVE-2024-6197)

  • x509asn1: Remove two static variables