#acl PaulHowarth:read,write,admin,revert,delete All:read === Wednesday 6th November 2024 === ==== Fedora Project ==== * Updated `perl-Business-ISBN-Data` to 20241105.001 in Rawhide: * Data update for 20241105 * Updated `perl-URI` to 5.31 (no changes) in Rawhide ==== Local Packages ==== * Updated `curl` to 8.11.0: * curl: `--create-dirs` works for `--dump-header` as well * gtls: Add P12 format support * ipfs: Add options to disable * TLS: TLSv1.3 earlydata support for curl * !WebSockets: Make support official (non-experimental) * alt-svc: Honour `data->state.httpwant` * altsvc: Avoid using local buffer and `memcpy` * `asyn-ares`: Remove typecast, fix expire * autotools: Add support for '`unity`' builds, enable in CI * bearssl: Avoid `strpcy()` when generating TLS version log message * bearssl: Improved session handling, test exceptions * `bufq`: Unwrite fix * build: Add '`ldap`' to '`libcurl.pc`' '`Requires:`' * build: Add `pytest` targets * build: Clarify CA embed is for curl tool, mark default, improve summary * build: Detect and use '`_setmode()`' with Cygwin/MSYS, also use on Windows * build: Disable warning '`-Wunreachable-code-break`' * build: Fix `clang-cl` builds, add CI job * build: Fix cross-compile check for poll with bionic * build: Fix possible '`-Wformat-overflow`' in `lib557` * build: Limit `arc4random` detection to no-SSL configs * build: Show if CA bundle to embed was found * build: Tidy up and improve versioned-symbols options * build: Tidy up deprecation suppression, enable warnings for clang * certs: Add missing '`-CAcreateserial`' option for LibreSSL * `checksrc`: Add check for spaces around logical AND operators * `checksrc`: Added checks for colon operator in ternary expressions * checksrc: Check for spaces around '`?`', '`>`' and '`<`' * ci: Dump '`curl_config.h`' to log in all jobs * CI: Run with standard `mod_http2` * cmake, `Makefile.mk`: Use `-isystem` for headers, silence BearSSL issues * cmake/`FindCares`: Fix version detection for `c-ares` 1.34.1 * cmake/`FindNGTCP2`: Use library path as hint for finding crypto module * cmake: Add missed variable to comment * cmake: Add native '`pkg-config`' detection for mbedTLS, MSH3, Quiche, Rustls, wolfSSL * cmake: Allow building tests in unity mode * cmake: Apply '`WIN32_LEAN_AND_MEAN`' to all feature checks * cmake: Avoid setting '`BUILD_TESTING`' * cmake: Clear package version after '`pkg-config`' detection * cmake: Delete unused `NEED_LBER_H`, `HAVE_LDAP_H` * cmake: Detect '`HAVE_NETINET_IN6_H`', '`HAVE_CLOSESOCKET_CAMEL`', '`HAVE_PROTO_BSDSOCKET_H`' * cmake: Detect `GNU GSS` * cmake: Disable default OpenSSL if BearSSL, GnuTLS or Rustls is enabled * cmake: Do not propagate unused '`HAVE_GSSAPI_GSSAPI_KRB5_H`' to C * cmake: Document '`-D`' and env build options * cmake: Drop obsolete items from '`TODO`' and '`INSTALL-CMAKE`' * cmake: Drop redundant assignments * cmake: Drop redundant `zlib` var, rename function (internals) * cmake: Expand `CURL_USE_PKGCONFIG` to non-cross MINGW * cmake: Fix broken dependency chain for cmdline-opts, tidy-ups * cmake: Fix compile warnings for `clang-cl` * cmake: Fix missing spacing in log message * cmake: Limit '`CURL_STATIC_CRT`' to MSVC * cmake: Make '`test-ci`' target skip building dependencies * cmake: Mark as advanced some internal `Find*` variables * cmake: Re-add '`generate-curl.1`' dependency for '`src`' just in case * cmake: Rename LDAP dependency config variables to match `Find` modules * cmake: Replace '`check_include_file_concat()`' for LDAP and GSS detection * cmake: Replace '`CURL_*_DIR`' with '`{PROJECT,CMAKE_CURRENT}_*_DIR`' * cmake: Require `quictls` (or `fork`) when using `msh3` on non-Windows * cmake: Separate target for examples, optimize CI, fix fallouts * cmake: Set version for '`project()`' and add CPack support * cmake: Stop adding dependency headers to global '`CMAKE_REQUIRED_INCLUDES`' * cmake: Sync torture test parallelism with autotools * cmake: Tidy up '`CURL_DISABLE_FORM_API`' initialization * cmake: Tidy up and shorten symbol hiding initialization * cmake: Tidy up line order * cmake: Tidy up picky warning initialization * cmake: Tidy-ups and rebase fixups * cmake: Tweaks around debug mode and hidden symbols * cmake: Untangle feature detection interdependencies * cmake: Use '`list(APPEND)`' on '`CURL_INCLUDES`' * cmake: Use OpenSSL for LDAP detection only if available * cmake: Use the '`BSD`' variable * config: Rename the OS define to `CURL_OS` to reduce collision risk * configure: Add GSS to '`libcurl.pc`' '`Depends:`' * configure: Catch Apple in more target triplets * configure: Drop duplicate feature checks for '`poll()`', '`if_nametoindex()`' * configure: Drop unused bare '`socket.h`' detection * configure: Improve help string for some options * `conncache`: Find bundle again in case it is removed * `conncache`: More efficient implementation of `cpool_remove_bundle` * cookie: Overhaul and clean-up * `curl-rustls.m4`: Set linker flags to allow rustls build on macos * `curl.h`: Remove the struct pointer for `CURL`/`CURLSH`/`CURLM` typedefs * curl: Add build options for safe/no CA bundle search (Windows) * curl: Detect ECH support dynamically, not at build time * `curl_addrinfo`: Support operating systems with only `getaddrinfo(3)` * `curl_multi_perform.md`: Fix typo * `curl_trc`: Fix build with verbose messages disabled * `curl_url_set.md`: Document `HOST` handling when URL is parsed * `curl_ws_recv.md`: The '`meta`' pointer is only returned on success * `curl_ws_recv`: Return `recv 0` and point `meta` to `NULL` on all errors * `CURLMOPT_PIPELINING.md`: Clarify that `CURLPIPE_NOTHING` is not default * `CURLOPT_APPEND.md`: Goes for SFTP as well * `CURLOPT_HEADERFUNCTION.md`: Do not modify the passed in buffer * `DISABLED`: Disable test 1060 with hyper * `DISTROS`: Avoid use of "very" * Dockerfile: Update Docker digest to `d830561` * `docs/cmdline-opts`: GnuTLS supports PKCS#11 URI in `--cert` option * docs: Clarify FTP over HTTP proxy functionality somewhat * docs: Fix a typo in some cipher options * ech: Spelling, whitespace, say '`--ech`' default config * ftp: Fix 0-length last write on upload from stdin * ftp: Move listen handling to socket filter * GHA: Optimize test prereq steps * gnutls: Use session cache for QUIC * hsts: Avoid the local buffer and `memcpy` on lookup * hsts: Improve subdomain handling ([[CVE:2024-9681|CVE-2024-9681]]) * hsts: Support "implied LWS" properly around max-age * http2: Auto reset stream on server eos * `http_aws_sigv4`: Avoid local buffer and `strcpy` * `INSTALL-CMAKE.md`: Mention focus on shared libraries * `INSTALL-CMAKE`: Fix punctuation and a typo * `INSTALL.md`: Fix a typo that slipped in to RISC OS * `json.md`: Cli-option '`--json`' is an alias of '`--data-binary`' * `lib`, `src`, `tests`: Added space around ternary expressions * `lib/cw-out`: Initialize '`flush_all`' directly * `lib/src`: White space edits to comply better with code style * lib: Avoid assigning '`result`' temporarily * lib: Fix `disabled-verbose-strings` + `enable-debug` build warnings * lib: Fix unity builds with BearSSL, MSH3, Quiche, OmniOS * lib: Move `curl_path.[ch]` into `vssh/` * lib: `msnprintf` tidy-ups * lib: Remove `Curl_` prefix from static functions * lib: Remove function pointer typecasts for hmac/sha256/md5 * lib: Use `bool`/`TRUE`/`FALSE` properly * `libcurl/opts`: Improve phrasing for connection cap related options * `libssh.c`: Handle `EAGAIN`S during proto-connect correctly * libssh2: Delete duplicate '`break`' * libssh2: Put the `readdir` buffers into struct * libssh2: Use the `Curl_*` memory functions to avoid `memdebug` * libssh2: Use the filename buffer when getting the homedir * libtests: Generate the `lib1521` atomically * mbedTLS: Fix handling of TLSv1.3 sessions * mbedtls: Handle session as blobs * mbedtls: Remove `failf()` use from `mbedtls_random` * `mk-lib1521`: Fix the long return code check * `mprintf`: Do not ignore length modifiers of '`%o`', '`%x`', '`%X`' * `mprintf`: Treat '`%o`' as `unsigned`, add tests for '`%o`', '`%x`', '`%X`' * mqtt: Fix `mqtt.md` wording and add clearer explanation * `multi.c`: Make stronger check for paused transfer before asserting * `multi.c`: `warn`/`assert` on stall only without timer * multi: Avoid reading whole struct pointer from pointer * multi: Convert `Curl_follow` to static `multi_follow` * multi: Make `curl_multi_cleanup` invalidate magic latter * multi: Make `multi_handle_timeout` use the `connect` timeout * multi: Split `multi_runsingle` into sub functions * negotiate: Conditional check around GSS & SSL specific code * `netrc`: Cache the `netrc` file in memory * `ngtcp2`: Do not loop on `recv` * `ngtcp2`: Set max window size to 10x of initial (128KB) * openssl quic: Populate x509 store before handshake * openssl: Convert a `memcpy` to `dynbuf` use * openssl: Extend the OpenSSL error messages * openssl: Improve retries on shutdown * openssl: Remove two `strcpy()` calls * OS400: Don't delete source files when building with debug * `packages/OS400/curlmain`: Remove the `strncpy` calls * `processhelp.pm`: Improve `taskkill` calls (Windows) * pytest: Fix run against multissl curl * pytest: Improve `pytest_07_42a` reliability * pytest: Include '`buildinfo.txt`' in the output * pytest: Include curl version string and python platform in log * pytest: Show curl features and protocols * quic: Use `send`/`recvmmsg` when available * quic: Use the session cache with wolfSSL as well * request: On shutdown send, proceed normally on timeout * `runtests.md`: Suggest a value for `-j` for torture tests * runtests: Add comment for handle64 pathsep requirement * runtests: Drop unused code for old/classic-mingw support * runtests: Pass single backslashes with Windows Perl * runtests: Use deterministic sort for '`TESTINFO`' lines * schannel: Fix TLS cert verification by IP SAN * schannel: Ignore error on `recv` beyond close notify * schannel: Reclassify extra-verbose `schannel_recv` messages * select: Use `poll()` if existing, avoid `poll()` with no sockets * sendf: Add condition to max-filesize check * server/mqttd: Fix two memory leaks * setopt: Avoid superfluous length checks before `strcmp()` * setopt: Return error for bad input to `CURLOPT_RTSP_REQUEST` * `setopt_cptr`: Make overflow check only done when needed * singleuse: Make '`git grep`' faster, add Apple '`nm`' support * smb: Do not redefine '`getpid`' on Windows * smb: Replace use of `strcpy()` with `snprintf()` * `socks_gssapi`: Switch to `dynbuf` from buffer with `strcpy` * source: Avoid use of '`very`' in comments * `src`/`lib`: Remove redundant ternary operators * src: Guard for double declaration of '`curl_ca_embed`' in unity builds * sws: Fix unused static function with '`TCP_NODELAY`' undefined * telnet: Avoid two `strcpy()` by pointing to the strings instead * `test1035`: Convert host name back to utf8 as should be * `test1515`: Add tracing and more debug info * `test1540`: Add debug logging * `test190`: Replace `%FTPTIME2` with a fixed value * `test1915`: Add tracing and connect timeout * `test1915`: Remove wrong comment * `test2502`: Add `libtest` debug tracing * `test504`: Fix handling on pending connect * testrun: Explicitly set proper IP address for `stunnel` listen/connect * tests/http: Fix ubuntu GnuTLS CI failures * tests/scorecard: Allow remote server test * `tests/server/util.c`: Remove use of `strncpy` * `tests/valgrind.pm`: Fix warnings with no valgrind report to show * `tests/valgrind.supp`: Remove a travis suppression, add a Debian * tests: Add and use '`%PERL`' variable to refer to the Perl binary * tests: Add `codeset-utf8` as a feature * tests: Add `file:` tests with existing files * tests: Allow pytests to run in out-of-tree builds * tests: Capture stdin to get the `vsftpd` version number * tests: Change Python code style to pass `ruff` checks * tests: Check http/2 and http/3 server responsiveness * tests: Delete duplicate macro check * tests: Enable additional `ruff` Python lint options * tests: Fix '`%POSIX_PWD`' on native Windows Perl * tests: Fix callback signatures to please `UndefinedBehaviorSanitizer` * tests: Fix `FILEFORMAT ` directive * tests: Fix keyword for `test1411` * tests: Fix shell quoting on native Windows Perl * tests: Fix some Python typing issues * tests: Fixup '`checkcmd`' '`PATH`' on non-unixy platforms * tests: Improve mqtt server handling * tests: Introduce `%CLIENT6IP-NB` * tests: Let openssl generate random cert serials * tests: libtests and unit tests need explicit `#include memdebug` * tests: Make precheck for HTTP on 127.0.0.1 into a feature * tests: Only log warnings or worse by default in `smbserver` * tests: `postcheck` is now in verify * tests: Remove all valgrind disable instructions * tests: Remove debug requirement on 38 tests * tests: Remove the `%FTPTIME3` variable * tests: Replace '`%PWD`' with '`%FILE_PWD`' for '`file://`' * tests: Replace '`%PWD`' with '`%SSH_PWD`' in SCP/SFTP tests * tests: Replace hard-coded '`/dev/null`' with variable * tests: Simplify '`pathhelp.pm`', avoid using external tools * tests: Speed up builds with single-binary test bundles * tests: Testrunner fairness * tests: Testrunner reliability improvements * tests: Use '`-4`' where needed * tests: Use a set for several of the `curl_props` * tftp: Avoid two `memcpy`/`strcpy` * tidy-up: Rename `CURL_WINDOWS_APP` to `CURL_WINDOWS_UWP` * tls: Avoid abusing `CURLE_SSL_ENGINE_INITFAILED` * tool: Support `--show-headers` '''and''' `--remote-header-name` * `tool_doswin`: Simplify; remove unused options and `strncpy` calls * `tool_getparam`: Drop unused `time()` call * `tool_getparam`: Replace two uses of `strncpy()`, ban `strncpy` * `tool_operate`: Make `--skip-existing` work for `--parallel` * `tool_operate`: Reuse the schannel backend check * `tool_xattr`: Create the `user.creator` xattr attribute * `unit1307`: Tidy up Apple OS detection * `unit1660`: Fix unreachable code warning in no-SSL builds * url: Connection reuse on h3 connections * url: Use same credentials on redirect * urlapi: Drop unused header * urlapi: Normalize the IPv6 address * version: Minor clean-ups * version: Say quictls in MSH3 builds * vquic: Fix compiler warning with `gcc` + MUSL * vquic: `recv_mmsg`, use fewer, but larger buffers * vtls: Convert `Curl_pin_peer_pubkey` to use `dynbuf` * vtls: Convert `pubkey_pem_to_der` to use `dynbuf` * warnless: Remove `curlx_sktosi` and `curlx_sitosk` * `winbuild/README`: Consolidate command prompt section * `winbuild/README`: Document how to clean a build * winbuild: Add initial wolfSSL support * winbuild: Drop '`gen_resp_file.bat`' * wolfssl: Convert `malloc` + `memcpy`s to `dynbuf` for cipher string * wolfSSL: Fix handling of TLSv1.3 sessions * wolfssl: No more use of the OpenSSL API * wolfssl: Use old version API without openssl extra ----