PaulHowarth/Blog/2024-09-11

Wednesday 11th September 2024

Fedora Project

  • Branched and built perl-Crypt-Cracklib (1.7) for EPEL-10

  • Branched and built perl-Digest-BubbleBabble (0.02) for EPEL-10

  • Branched and built perl-Email-Abstract (3.010) for EPEL-10

  • Branched and built perl-Geography-Countries (2009041301) for EPEL-10

  • Branched and built perl-Mail-Message (3.011, bootstrap build) for EPEL-10

  • Updated perl-Mail-Message to 3.015 (non bootstrap build) in EPEL-10

  • Branched and built perl-Mail-Transport (3.005) for EPEL-10

  • Branched and built perl-Perl-Critic-Pulp (99) for EPEL-10

  • Branched and built perl-Spreadsheet-ParseExcel (0.66) for EPEL-10

  • Branched and built perl-Test-Perl-Critic (1.04) for EPEL-10

  • Branched and built perl-User-Identity (1.02) for EPEL-10

Local Packages

  • Updated curl to 8.10.0:

    • autotools: Add '--enable-windows-unicode' option

    • curl: --help [option] displays documentation for given cmdline option

    • curl: Add --skip-existing

    • curl: For -O, use "default" as filename when the URL has none

    • curl: Make --rate accept "number of units"

    • curl: Make --show-headers the same as --include

    • curl: Support --dump-header % to direct to stderr

    • curl: Support embedding a CA bundle and --dump-ca-embed

    • curl: Support repeated use of the verbose option; -vv etc.

    • curl: Use libuv for parallel transfers with --test-event

    • getinfo: Add CURLINFO_POSTTRANSFER_TIME_T

    • mbedtls: Add CURLOPT_TLS13_CIPHERS support

    • rustls: Add support for setting TLS version and ciphers

    • vtls: Stop offering alpn http/1.1 for http2-prior-knowledge

    • wolfssl: Add CURLOPT_TLS13_CIPHERS support

    • wolfssl: Add support for ssl cert blob / ssl key blob options

    • asyn-thread: Stop using GetAddrInfoExW on Windows

    • autotools: Fix MS-DOS builds
    • autotools: Fix typo in tests/data target
    • aws_sigv4: Fix canon order for headers with same prefix
    • bearssl: Fix setting tls version
    • bearssl: Improve shutdown handling
    • BINDINGS: Add zig binding

    • build: Add 'iphlpapi' lib for libssh on Windows

    • build: Add 'poll()' detection for cross-builds

    • build: Add options to disable SHA-512/256 hash algo

    • build: Check OS-native IDN first, then libidn2

    • build: Delete unused 'REQUIRE_LIB_DEPS'

    • build: Drop unused 'NROFF' reference

    • build: Drop unused feature-detection code for Apple 'poll()'

    • build: Generate 'buildinfo.txt' for test logs

    • build: Improve compiler version detection portability

    • build: Make 'CURL_FORMAT_CURL_OFF_T[U]' work with mingw-w64 ≤ 7.0.0 - build: Silence C4232 MSVC warnings in vcpkg ngtcp2 builds

    • build: Use -Wno-format-overflow

    • buildconf.bat: Fix tool_hugehelp.c generation

    • cf-socket: Fix pollset for listening

    • cf-socket: Prevent KEEPALIVE_FACTOR being set to 1000 for Windows

    • cfilters: Send flush

    • CHANGES: Rename to CHANGES.md, no longer generated

    • CI: Enable parallel testing in CI builds
    • ci: Update actions/upload-artifact digest to 89ef406

    • cmake: 'Libs.private' improvements

    • cmake: Add 'CURL_USE_PKGCONFIG' option

    • cmake: Add Linux CI job, fix pytest with cmake

    • cmake: Add math library when using wolfssl and ngtcp2

    • cmake: Add missing 'pkg-config' hints to Find modules

    • cmake: Add missing version detection to Find modules

    • cmake: Add rustls
    • cmake: Add support for versioned symbols option
    • cmake: Add wolfSSH support

    • cmake: Allow 'pkg-config' in more envs

    • cmake: Clean up header paths

    • cmake: Default 'CURL_DISABLE_LDAPS' to the value of 'CURL_DISABLE_LDAP'

    • cmake: Delete MSVC warning suppression for tests/server

    • cmake: Detect 'nghttp2' via 'pkg-config', enable by default

    • cmake: Detect and show VCPKG in platform flags
    • cmake: distcheck for files in CMake subdir

    • cmake: Drop custom 'CMakeOutput.log'/'CMakeError.log' logs

    • cmake: Drop libssh CONFIG-style detection

    • cmake: Drop no-op 'tests/data/CMakeLists.txt'

    • cmake: Drop reference to undefined variable

    • cmake: Drop unused 'HAVE_IDNA_STRERROR'

    • cmake: Drop unused internal variable
    • cmake: Exclude tests/http/clients builds by default

    • cmake: Fix 'GSS_VERSION' for Heimdal found via pkg-config

    • cmake: Fix 'pkg-config'-based detection in 'FindGSS.cmake'

    • cmake: Fix and tidy up c-ares builds, enable in more CI jobs

    • cmake: Fix find rustls

    • cmake: Fix up linking libgsasl when detected via CMake-native

    • cmake: Honour custom 'CMAKE_UNITY_BUILD_BATCH_SIZE'

    • cmake: Limit 'pkg-config' to UNIX and MSVC+vcpkg by default

    • cmake: Limit libidn2 'pkg-config' detection to 'UNIX'

    • cmake: Migrate dependency detections to Find modules

    • cmake: More small tidy-ups and fixes

    • cmake: Rename wolfSSL and zstd config variables to uppercase

    • cmake: Respect cflags/libdirs of native pkg-config detections

    • cmake: Show CMake platform/compiler flags

    • cmake: Show warning if libpsl is not found

    • cmake: Sync code between test/example targets

    • cmake: Sync up formatting in Find modules

    • cmake: TLS 1.3 warning only for bearssl and sectransp

    • cmake: Update 'curl-config.cmake.in' template var list

    • cmake: Update list of "advanced" variables

    • cmake: Use numeric comparison for 'HAVE_WIN32_WINNT'

    • cmdline-opts: Language fix for expect100-timeout.md and max-time.md

    • configure: Delete unused 'CURL_DEFINE_UNQUOTED' function

    • configure: Delete unused 'HAVE_OPENSSL3' macro

    • configure: Delete unused 'm4/xc-translit.m4'

    • configure: Detect AppleIDN
    • configure: Fail if PSL is not disabled but not found
    • configure: Fix WinIDN builds targeting old Windows

    • configure: Remove USE_EXPLICIT_LIB_DEPS

    • configure: Replace non-portable grep -o with awk

    • connect: Always prefer ipv6 in IP eyeballing
    • connect: Limit update IP info
    • cookie.md: Try to articulate the two different uses this option has
    • curl: Allow 500MB data URL encode strings

    • curl: Find curlrc in XDG_CONFIG_HOME without leading dot

    • curl: Fix --proxy-pinnedpubkey

    • curl: Fix the -w urle.* variables

    • curl: Make the progress bar detect terminal width changes
    • curl: Warn on unsupported SSL options

    • Curl_rand_bytes to control env override

    • curl_sha512_256: Fix symbol collisions with nettle library

    • CURLMOPT_SOCKETFUNCTION.md: Expand on the easy argument

    • CURLOPT_XFERINFOFUNCTION: Clarify the callback return codes

    • dist: Add missing 'docs/examples/CMakeLists.txt'

    • dist: Add missing 'FindNettle.cmake'

    • dist: Add missing 'lib/optiontable.pl'

    • dist: Add missing 'test_*.py' scripts

    • dist: Drop buildconf
    • dist: Fix reproducible build from release tarball

    • dmaketgz: Only run 'make distclean' if Makefile exists

    • docs/SSLCERTS: Rewrite

    • docs: Add description of effect of --location-trusted on cookie

    • docs: Document the (weak) random value situation in rustls builds
    • docs: Fix some examples in man pages
    • docs: Improve cipher options documentation

    • docs: Mention "@-" in more places

    • docs: Remove ALTSVC.md, HSTS.md, HTTP2.md and PARALLEL-TRANSFERS.md

    • docs: Update CIPHERS.md

    • doh-url.md: Point out DOH server IP pinning

    • doh: Remove redundant checks

    • easy: Fix curl_easy_upkeep for shared connection caches

    • escape: Allow curl_easy_escape to generate 3*input length output

    • FEATURES.md: Fix typo

    • ftp: Always offer line end conversions
    • ftp: Flush pingpong before response
    • getinfo: Return zero for unsupported options (when disabled)
    • GHA/windows: Enable MulitSSL in an MSVC job
    • GHA: Scan git repository and detect unvetted binary files
    • gnutls/wolfssl: Improve error message when certificate fails
    • gnutls: Send all data

    • gtls: Fix OCSP stapling management (CVE-2024-8096)

    • haproxy: Send though next filter
    • hash: Provide asserts to verify API use
    • http/2: Simplify eos/blocked handling
    • http2+h3 filters: Fix ctx init

    • http2: Fix GOAWAY message sent to server

    • http2: Improve rate limiting of downloads
    • http2: Improved upload eos handling

    • http3.md: Mention how the fallback can be h1 or h2

    • hyper: Call Curl_req_set_upload_done()

    • idn: More strictly check AppleIDN errors
    • idn: Support non-UTF-8 input under AppleIDN

    • INSTALL.md: MultiSSL and QUIC are mutually exclusive

    • KNOWN_BUGS: "special characters" in URL works with aws-sigv4

    • krb5: Add Linux/macOS CI tests, fix cmake GSS detection

    • krb5: Fix '-Wcast-align'

    • lib: Add eos flag to send methods
    • lib: Avoid macro collisions between wolfSSL and GnuTLS headers

    • lib: Convert some debugf()s into traces

    • lib: Delete stray undefs for 'vsnprintf', 'vsprintf'

    • lib: Fix AIX build issues
    • lib: Fix building with wolfSSL without DES support

    • lib: Make SSPI global symbols use Curl_ prefix

    • lib: Prefer 'CURL_SHA256_DIGEST_LENGTH' over the unprefixed name

    • lib: Remove the final strncpy() calls

    • lib: Remove use of RANDOM_FILE

    • libcurl.def: Move from / into lib

    • libcurl.pc: Add 'Cflags.private'

    • libcurl.pc: Add reference to 'libgsasl'

    • libcurl/docs: Expand on redirect following and secrets to other hosts

    • llist: Remove direct struct accesses, use only functions

    • Makefile.dist: Fix 'ca-firefox' target

    • Makefile.mk: Fix up enabling libidn2

    • Makefile: Remove 'scripts' duplicate from DIST_SUBDIRS

    • maketgz: Accept option to include latest commit hash

    • maketgz: Fix RELEASE-TOOLS.md for daily tarballs

    • maketgz: Move from / into scripts

    • managen: Fix superfluous leading blank line in quoted sections
    • managen: In man output, remove the leading space from examples
    • managen: Word wrap long example lines in ASCII output
    • manpage: Ensure a maximum width for the text version

    • max-filesize.md: Mention zero disables the limit

    • mbedtls: Add more informative logging
    • mbedtls: Fix setting tls version

    • mbedtls: No longer use MBEDTLS_SSL_VERIFY_OPTIONAL

    • mime: Avoid infinite loop in client reader

    • mk-ca-bundle.pl: Include a link to the caextract webpage

    • multi: Make the "general" list of easy handles a Curl_llist

    • multi: On socket callback error, remove socket hash entry nonetheless

    • ngtcp2/osslq: Remove NULL pointer dereferences

    • ngtcp2: Use NGHTTP3 prefix instead of NGTCP2 for errors in h3 callbacks

    • openssl quic: Fix memory leak
    • openssl: certinfo errors now fail correctly
    • openssl: Fix the data race when sharing an SSL session between threads
    • openssl: Improve shutdown handling
    • pingpong: Drain the input buffer when reading responses
    • POP3: Fix multi-line responses

    • pop3: Use the protocol handler ->write_resp

    • printf: Fix mingw-w64 format checks

    • progress: ratelimit/progress tweaks

    • pytests: Add tests for HEAD requests in all HTTP versions

    • rand: Only provide weak random when needed

    • runtests: If DISABLED cannot be read, error out

    • runtests: Log ignored but passed tests

    • runtests: Remove "has_textaware"

    • rustls: Fix setting tls version
    • rustls: Make all tests pass

    • schannel: Avoid malloc for CAinfo_blob_digest

    • scorecard: Tweak request measurements

    • sectransp: Fix setting tls version

    • SECURITY: Mention OpenSSF best practices gold badge

    • setopt: Allow CURLOPT_INTERFACE to be set to NULL

    • setopt: Let CURLOPT_ECH set to NULL reset to default

    • setopt: Make CURLOPT_TFTP_BLKSIZE accept bad values

    • sha256: Fix symbol collision between nettle (GnuTLS) and OpenSSL

    • share: Don't reinitialize conncache
    • sigpipe: Init the struct so that first apply ignores
    • smb: Convert superfluous assign into assert
    • smtp: Add tracing feature

    • splay: Use access functions, add asserts, use Curl_timediff

    • spnego_gssapi: Implement TLS channel bindings for openssl

    • src: Delete 'curlx_m*printf()' aliases

    • src: Fix potential macro confusion in cmake unity builds
    • src: Namespace symbols clashing with lib
    • src: Replace copy of printf mappings with an include

    • ssh: Deduplicate SSH backend includes (and fix libssh cmake unity build)

    • system_win32: Fix typo

    • test httpd: Tweak cipher list

    • test1521: Verify setting options to NULL better
    • test1707: Output diff more for debugging differences in CI outputs
    • test556: Improve robustness
    • test579: Improve robustness
    • test587: Improve robustness
    • test649: Improve robustness
    • test677: Improve robustness

    • tests/runner: Only allow [!A-Za-z0-9_-] in %if feature names

    • tests: Constrain http pytest to tests/http directory
    • tests: Don't mangle output if hostname or type unknown
    • tests: Ignore QUIT from FTP protocol comparisons

    • tests: Provide docs as curldown, not nroff

    • tidy-up: Misc build, tests, 'lib/macos.c'

    • tidy-up: OS names
    • tool_operhlp: Fix "potentially uninitialized local variable 'pc' used"
    • tool_paramhlp: Bump maximum post data size in memory to 16GB

    • transfer: Curl_sendrecv() and event related improvements

    • transfer: Remove comments, add asserts
    • transfer: Skip EOS read when download done

    • url: dns_entry related improvements

    • url: Fix connection reuse for HTTP/2 upgrades
    • urlapi: Verify URL *decoded* hostname when set

    • urldata: Introduce 'data->mid', a unique identifier inside a multi

    • urldata: Remove 'scratch' from the UrlState struct

    • urldata: Remove crlf_conversions counter

    • urldata: Remove proxy_connect_closed bit

    • verify-release: Shell script that verifies a release tarball

    • version: Fix shadowing a 'libssh.h' symbol

    • vtls: Add SSLSUPP_CIPHER_LIST

    • vtls: Fix MSVC 'cast truncates constant value' warning
    • vtls: Fix static function name collisions between TLS backends
    • vtls: Init ssl peer only once
    • websocket: Introduce blocking sends
    • wolfssl: Avoid taking cached x509 store ref if sslctx already using it

    • wolfssl: Fix CURLOPT_SSLVERSION

    • wolfssl: Fix setting tls version
    • wolfssl: Improve shutdown handling

    • ws: Flags to opcodes should ignore CURLWS_CONT flag

    • x509asn1: Raise size limit for x509 certification information

  • Updated perl-Net-DNS to 1.46:

    • Resync with IANA DNS Parameters registry

    • Revise documentation for Packet.pm and Header.pm

    • Random ID cache moved from header->id to packet->encode

    • Restructure resolver method inheritance tree

Recent