Paul's Blog Entries for November 2024
Sunday 3rd November 2024
Fedora Project
Updated perl-Authen-Radius to 0.33 in Rawhide:
Support for Message-Authenticator of type 'octets' (CPAN RT#154336)
Updated perl-DateTime-Format-HTTP to 0.43 in Rawhide:
Don't use vars, use our or my
Wednesday 6th November 2024
Fedora Project
Updated perl-Business-ISBN-Data to 20241105.001 in Rawhide:
- Data update for 20241105
Updated perl-URI to 5.31 (no changes) in Rawhide
Local Packages
Updated curl to 8.11.0:
curl: --create-dirs works for --dump-header as well
- gtls: Add P12 format support
- ipfs: Add options to disable
- TLS: TLSv1.3 earlydata support for curl
WebSockets: Make support official (non-experimental)
alt-svc: Honour data->state.httpwant
altsvc: Avoid using local buffer and memcpy
asyn-ares: Remove typecast, fix expire
autotools: Add support for 'unity' builds, enable in CI
bearssl: Avoid strpcy() when generating TLS version log message
- bearssl: Improved session handling, test exceptions
bufq: Unwrite fix
build: Add 'ldap' to 'libcurl.pc' 'Requires:'
build: Add pytest targets
- build: Clarify CA embed is for curl tool, mark default, improve summary
build: Detect and use '_setmode()' with Cygwin/MSYS, also use on Windows
build: Disable warning '-Wunreachable-code-break'
build: Fix clang-cl builds, add CI job
- build: Fix cross-compile check for poll with bionic
build: Fix possible '-Wformat-overflow' in lib557
build: Limit arc4random detection to no-SSL configs
- build: Show if CA bundle to embed was found
- build: Tidy up and improve versioned-symbols options
- build: Tidy up deprecation suppression, enable warnings for clang
certs: Add missing '-CAcreateserial' option for LibreSSL
checksrc: Add check for spaces around logical AND operators
checksrc: Added checks for colon operator in ternary expressions
checksrc: Check for spaces around '?', '>' and '<'
ci: Dump 'curl_config.h' to log in all jobs
CI: Run with standard mod_http2
cmake, Makefile.mk: Use -isystem for headers, silence BearSSL issues
cmake/FindCares: Fix version detection for c-ares 1.34.1
cmake/FindNGTCP2: Use library path as hint for finding crypto module
- cmake: Add missed variable to comment
cmake: Add native 'pkg-config' detection for mbedTLS, MSH3, Quiche, Rustls, wolfSSL
- cmake: Allow building tests in unity mode
cmake: Apply 'WIN32_LEAN_AND_MEAN' to all feature checks
cmake: Avoid setting 'BUILD_TESTING'
cmake: Clear package version after 'pkg-config' detection
cmake: Delete unused NEED_LBER_H, HAVE_LDAP_H
cmake: Detect 'HAVE_NETINET_IN6_H', 'HAVE_CLOSESOCKET_CAMEL', 'HAVE_PROTO_BSDSOCKET_H'
cmake: Detect GNU GSS
- cmake: Disable default OpenSSL if BearSSL, GnuTLS or Rustls is enabled
cmake: Do not propagate unused 'HAVE_GSSAPI_GSSAPI_KRB5_H' to C
cmake: Document '-D' and env build options
cmake: Drop obsolete items from 'TODO' and 'INSTALL-CMAKE'
- cmake: Drop redundant assignments
cmake: Drop redundant zlib var, rename function (internals)
cmake: Expand CURL_USE_PKGCONFIG to non-cross MINGW
- cmake: Fix broken dependency chain for cmdline-opts, tidy-ups
cmake: Fix compile warnings for clang-cl
- cmake: Fix missing spacing in log message
cmake: Limit 'CURL_STATIC_CRT' to MSVC
cmake: Make 'test-ci' target skip building dependencies
cmake: Mark as advanced some internal Find* variables
cmake: Re-add 'generate-curl.1' dependency for 'src' just in case
cmake: Rename LDAP dependency config variables to match Find modules
cmake: Replace 'check_include_file_concat()' for LDAP and GSS detection
cmake: Replace 'CURL_*_DIR' with '{PROJECT,CMAKE_CURRENT}_*_DIR'
cmake: Require quictls (or fork) when using msh3 on non-Windows
- cmake: Separate target for examples, optimize CI, fix fallouts
cmake: Set version for 'project()' and add CPack support
cmake: Stop adding dependency headers to global 'CMAKE_REQUIRED_INCLUDES'
- cmake: Sync torture test parallelism with autotools
cmake: Tidy up 'CURL_DISABLE_FORM_API' initialization
- cmake: Tidy up and shorten symbol hiding initialization
- cmake: Tidy up line order
- cmake: Tidy up picky warning initialization
- cmake: Tidy-ups and rebase fixups
- cmake: Tweaks around debug mode and hidden symbols
- cmake: Untangle feature detection interdependencies
cmake: Use 'list(APPEND)' on 'CURL_INCLUDES'
- cmake: Use OpenSSL for LDAP detection only if available
cmake: Use the 'BSD' variable
config: Rename the OS define to CURL_OS to reduce collision risk
configure: Add GSS to 'libcurl.pc' 'Depends:'
- configure: Catch Apple in more target triplets
configure: Drop duplicate feature checks for 'poll()', 'if_nametoindex()'
configure: Drop unused bare 'socket.h' detection
- configure: Improve help string for some options
conncache: Find bundle again in case it is removed
conncache: More efficient implementation of cpool_remove_bundle
- cookie: Overhaul and clean-up
curl-rustls.m4: Set linker flags to allow rustls build on macos
curl.h: Remove the struct pointer for CURL/CURLSH/CURLM typedefs
- curl: Add build options for safe/no CA bundle search (Windows)
- curl: Detect ECH support dynamically, not at build time
curl_addrinfo: Support operating systems with only getaddrinfo(3)
curl_multi_perform.md: Fix typo
curl_trc: Fix build with verbose messages disabled
curl_url_set.md: Document HOST handling when URL is parsed
curl_ws_recv.md: The 'meta' pointer is only returned on success
curl_ws_recv: Return recv 0 and point meta to NULL on all errors
CURLMOPT_PIPELINING.md: Clarify that CURLPIPE_NOTHING is not default
CURLOPT_APPEND.md: Goes for SFTP as well
CURLOPT_HEADERFUNCTION.md: Do not modify the passed in buffer
DISABLED: Disable test 1060 with hyper
DISTROS: Avoid use of "very"
Dockerfile: Update Docker digest to d830561
docs/cmdline-opts: GnuTLS supports PKCS#11 URI in --cert option
- docs: Clarify FTP over HTTP proxy functionality somewhat
- docs: Fix a typo in some cipher options
ech: Spelling, whitespace, say '--ech' default config
- ftp: Fix 0-length last write on upload from stdin
- ftp: Move listen handling to socket filter
- GHA: Optimize test prereq steps
- gnutls: Use session cache for QUIC
hsts: Avoid the local buffer and memcpy on lookup
hsts: Improve subdomain handling (CVE-2024-9681)
- hsts: Support "implied LWS" properly around max-age
- http2: Auto reset stream on server eos
http_aws_sigv4: Avoid local buffer and strcpy
INSTALL-CMAKE.md: Mention focus on shared libraries
INSTALL-CMAKE: Fix punctuation and a typo
INSTALL.md: Fix a typo that slipped in to RISC OS
json.md: Cli-option '--json' is an alias of '--data-binary'
lib, src, tests: Added space around ternary expressions
lib/cw-out: Initialize 'flush_all' directly
lib/src: White space edits to comply better with code style
lib: Avoid assigning 'result' temporarily
lib: Fix disabled-verbose-strings + enable-debug build warnings
- lib: Fix unity builds with BearSSL, MSH3, Quiche, OmniOS
lib: Move curl_path.[ch] into vssh/
lib: msnprintf tidy-ups
lib: Remove Curl_ prefix from static functions
- lib: Remove function pointer typecasts for hmac/sha256/md5
lib: Use bool/TRUE/FALSE properly
libcurl/opts: Improve phrasing for connection cap related options
libssh.c: Handle EAGAINS during proto-connect correctly
libssh2: Delete duplicate 'break'
libssh2: Put the readdir buffers into struct
libssh2: Use the Curl_* memory functions to avoid memdebug
- libssh2: Use the filename buffer when getting the homedir
libtests: Generate the lib1521 atomically
- mbedTLS: Fix handling of TLSv1.3 sessions
- mbedtls: Handle session as blobs
mbedtls: Remove failf() use from mbedtls_random
mk-lib1521: Fix the long return code check
mprintf: Do not ignore length modifiers of '%o', '%x', '%X'
mprintf: Treat '%o' as unsigned, add tests for '%o', '%x', '%X'
mqtt: Fix mqtt.md wording and add clearer explanation
multi.c: Make stronger check for paused transfer before asserting
multi.c: warn/assert on stall only without timer
- multi: Avoid reading whole struct pointer from pointer
multi: Convert Curl_follow to static multi_follow
multi: Make curl_multi_cleanup invalidate magic latter
multi: Make multi_handle_timeout use the connect timeout
multi: Split multi_runsingle into sub functions
negotiate: Conditional check around GSS & SSL specific code
netrc: Cache the netrc file in memory
ngtcp2: Do not loop on recv
ngtcp2: Set max window size to 10x of initial (128KB)
- openssl quic: Populate x509 store before handshake
openssl: Convert a memcpy to dynbuf use
- openssl: Extend the OpenSSL error messages
- openssl: Improve retries on shutdown
openssl: Remove two strcpy() calls
- OS400: Don't delete source files when building with debug
packages/OS400/curlmain: Remove the strncpy calls
processhelp.pm: Improve taskkill calls (Windows)
- pytest: Fix run against multissl curl
pytest: Improve pytest_07_42a reliability
pytest: Include 'buildinfo.txt' in the output
- pytest: Include curl version string and python platform in log
- pytest: Show curl features and protocols
quic: Use send/recvmmsg when available
- quic: Use the session cache with wolfSSL as well
- request: On shutdown send, proceed normally on timeout
runtests.md: Suggest a value for -j for torture tests
- runtests: Add comment for handle64 pathsep requirement
- runtests: Drop unused code for old/classic-mingw support
- runtests: Pass single backslashes with Windows Perl
runtests: Use deterministic sort for 'TESTINFO' lines
- schannel: Fix TLS cert verification by IP SAN
schannel: Ignore error on recv beyond close notify
schannel: Reclassify extra-verbose schannel_recv messages
select: Use poll() if existing, avoid poll() with no sockets
- sendf: Add condition to max-filesize check
- server/mqttd: Fix two memory leaks
setopt: Avoid superfluous length checks before strcmp()
setopt: Return error for bad input to CURLOPT_RTSP_REQUEST
setopt_cptr: Make overflow check only done when needed
singleuse: Make 'git grep' faster, add Apple 'nm' support
smb: Do not redefine 'getpid' on Windows
smb: Replace use of strcpy() with snprintf()
socks_gssapi: Switch to dynbuf from buffer with strcpy
source: Avoid use of 'very' in comments
src/lib: Remove redundant ternary operators
src: Guard for double declaration of 'curl_ca_embed' in unity builds
sws: Fix unused static function with 'TCP_NODELAY' undefined
telnet: Avoid two strcpy() by pointing to the strings instead
test1035: Convert host name back to utf8 as should be
test1515: Add tracing and more debug info
test1540: Add debug logging
test190: Replace %FTPTIME2 with a fixed value
test1915: Add tracing and connect timeout
test1915: Remove wrong comment
test2502: Add libtest debug tracing
test504: Fix handling on pending connect
testrun: Explicitly set proper IP address for stunnel listen/connect
- tests/http: Fix ubuntu GnuTLS CI failures
- tests/scorecard: Allow remote server test
tests/server/util.c: Remove use of strncpy
tests/valgrind.pm: Fix warnings with no valgrind report to show
tests/valgrind.supp: Remove a travis suppression, add a Debian
tests: Add and use '%PERL' variable to refer to the Perl binary
tests: Add codeset-utf8 as a feature
tests: Add file: tests with existing files
- tests: Allow pytests to run in out-of-tree builds
tests: Capture stdin to get the vsftpd version number
tests: Change Python code style to pass ruff checks
- tests: Check http/2 and http/3 server responsiveness
- tests: Delete duplicate macro check
tests: Enable additional ruff Python lint options
tests: Fix '%POSIX_PWD' on native Windows Perl
tests: Fix callback signatures to please UndefinedBehaviorSanitizer
tests: Fix FILEFORMAT <file name=""> directive
tests: Fix keyword for test1411
- tests: Fix shell quoting on native Windows Perl
- tests: Fix some Python typing issues
tests: Fixup 'checkcmd' 'PATH' on non-unixy platforms
- tests: Improve mqtt server handling
tests: Introduce %CLIENT6IP-NB
- tests: Let openssl generate random cert serials
tests: libtests and unit tests need explicit #include memdebug
- tests: Make precheck for HTTP on 127.0.0.1 into a feature
tests: Only log warnings or worse by default in smbserver
tests: postcheck is now in verify
- tests: Remove all valgrind disable instructions
- tests: Remove debug requirement on 38 tests
tests: Remove the %FTPTIME3 variable
tests: Replace '%PWD' with '%FILE_PWD' for 'file://'
tests: Replace '%PWD' with '%SSH_PWD' in SCP/SFTP tests
tests: Replace hard-coded '/dev/null' with variable
tests: Simplify 'pathhelp.pm', avoid using external tools
- tests: Speed up builds with single-binary test bundles
- tests: Testrunner fairness
- tests: Testrunner reliability improvements
tests: Use '-4' where needed
tests: Use a set for several of the curl_props
tftp: Avoid two memcpy/strcpy
tidy-up: Rename CURL_WINDOWS_APP to CURL_WINDOWS_UWP
tls: Avoid abusing CURLE_SSL_ENGINE_INITFAILED
tool: Support --show-headers and --remote-header-name
tool_doswin: Simplify; remove unused options and strncpy calls
tool_getparam: Drop unused time() call
tool_getparam: Replace two uses of strncpy(), ban strncpy
tool_operate: Make --skip-existing work for --parallel
tool_operate: Reuse the schannel backend check
tool_xattr: Create the user.creator xattr attribute
unit1307: Tidy up Apple OS detection
unit1660: Fix unreachable code warning in no-SSL builds
- url: Connection reuse on h3 connections
- url: Use same credentials on redirect
- urlapi: Drop unused header
- urlapi: Normalize the IPv6 address
- version: Minor clean-ups
- version: Say quictls in MSH3 builds
vquic: Fix compiler warning with gcc + MUSL
vquic: recv_mmsg, use fewer, but larger buffers
vtls: Convert Curl_pin_peer_pubkey to use dynbuf
vtls: Convert pubkey_pem_to_der to use dynbuf
warnless: Remove curlx_sktosi and curlx_sitosk
winbuild/README: Consolidate command prompt section
winbuild/README: Document how to clean a build
- winbuild: Add initial wolfSSL support
winbuild: Drop 'gen_resp_file.bat'
wolfssl: Convert malloc + memcpys to dynbuf for cipher string
- wolfSSL: Fix handling of TLSv1.3 sessions
- wolfssl: No more use of the OpenSSL API
- wolfssl: Use old version API without openssl extra
Thursday 7th November 2024
Fedora Project
Updated perl-Business-ISBN-Data to 20241107.001 in Rawhide:
- Data update for 20241107
Local Packages
Rebuilt check (0.15.2) for the October 2024 EL-10 mass rebuild
Rebuilt Judy (1.0.5) for the October 2024 EL-10 mass rebuild
Updated unrar to 7.10 beta 1
Friday 8th November 2024
Fedora Project
Updated perl-Getopt-Long-Descriptive to 0.115 in Rawhide:
Cope with the user forgetting the first argument, generally "%c %o", to 'describe_options', by assuming they meant that value exactly
Saturday 9th November 2024
Local Packages
Updated perl-Net-DNS to 1.48:
SVCB: Add tls-supported-groups parameter
Fix failures in 01-resolver.t dry tests
Sunday 10th November 2024
Local Packages
Updated perl-Term-Table (0023) not to unbundle Object::HashBase from F-41 onwards (module in Perl Core)
Monday 11th November 2024
Fedora Project
Branched and built perl-Authen-DigestMD5 (0.04) for EPEL-10
Local Packages
Updated c-ares to 1.34.3:
- This is a bugfix release
- Changes:
Build the release package in an automated way so we can provide provenance as per SLSA3 (https://slsa.dev/) (GH#906)
- Bugfixes:
Some upstream servers are non-compliant with EDNS options; re-send queries without EDNS (GH#911)
Android: ≤7 needs sys/system_properties.h
Android: CMake needs '-D_GNU_SOURCE' and others (GH#914)
TSAN warns on missing lock, but lock isn't actually necessary (GH#915)
'ares_getaddrinfo()' for 'AF_UNSPEC' should retry IPv4 if only IPv6 is received
'ares_send()' shouldn't return 'ARES_EBADRESP', it's 'ARES_EBADQUERY'
Fix typos in man pages (GH#905)
Tuesday 12th November 2024
Fedora Project
Updated perl-Business-ISBN-Data to 20241112.001 in Rawhide:
- Data update for 20241112
Updated perl-Text-CSV_XS to 1.57 in Rawhide:
Add on_error callback to csv()
Retain runtime error from csv()
Local Packages
Updated perl-Text-CSV_XS to 1.57 as per the Fedora version
Wednesday 13th November 2024
Local Packages
Updated perl-HTTP-Tiny to 0.090:
Find the certificate bundle via IO::Socket::SSL rather than implementing it in HTTP::Tiny
- When encoding form data, given a hashref with an arrayref value, preserve the order of the values in the arrayref rather than sorting
Fix internal link to "TLS/SSL SUPPORT" section in POD
Friday 15th November 2024
Fedora Project
Updated perl-Class-MethodMaker to 2.25 in Rawhide:
Deterministic hash key order, needed for reproducible builds (GH#6)
Updated perl-Test-utf8 to 1.03 in Rawhide:
Fix tests to adapt to Perl removing apostrophe as package separator (CPAN RT#154915)
Upgraded distro files like packaged Module::Install version and META.yml, to avoid other looming Perl deprecation issues
Local Packages
Updated perl-Test-utf8 to 1.03 as per the Fedora version
Monday 18th November 2024
Fedora Project
Updated perl-MailTools to 2.22 in Rawhide:
To/Cc/Bcc/From fields may appear only once (GH#4)
Updated proftpd (1.3.6e) in EPEL-8 to fix RADIUS Message-Authenticator verification in mod_radius (GH#1840, Bug #2325448)
Local Packages
Updated perl-MailTools to 2.22 as per the Fedora version
Tuesday 19th November 2024
Fedora Project
Updated geoipupdate to 7.1.0 in Rawhide:
Allow the 'Host' configuration directive and the 'GEOIPUPDATE_HOST' environment variable to accept a value with the scheme set; if not set, it will continue to default to 'https://' (GH#310)
Export 'HTTPError' to enable fine-grained error handling for users of 'github.com/maxmind/geoipupdate/client' (GH#341)
Updated proftpd (1.3.8b) in EPEL-9 to fix RADIUS Message-Authenticator verification in mod_radius (GH#1840)
Local Packages
Updated geoipupdate to 7.1.0 as per the Fedora version
Updated proftpd (1.3.8b) to fix RADIUS Message-Authenticator verification in mod_radius (GH#1840, Bug #2325448)
Wednesday 20th November 2024
Fedora Project
Branched and built perl-Devel-CheckBin (0.04) for EPEL-9
Local Packages
Updated perl-Module-CoreList to 5.20241120:
- Updated for v5.41.6
Thursday 21st November 2024
Fedora Project
Updated proftpd (1.3.8b) in Rawhide to fix RADIUS Message-Authenticator verification in mod_radius (GH#1840, Bug #2325448)
Friday 22nd November 2024
Fedora Project
Branched and built perl-File-LibMagic (1.23) for EPEL-10
Local Packages
Updated davfs2 to 1.7.1:
The project has been moved to github, which will make it easier to track issues, receive PR requests, implement CI, etc.
Hide password prompt when -o username=myname is specified
- Fix segfault on prop query on backup node
- Fix autoload fuse module
Saturday 23rd November 2024
Fedora Project
Branched and built bluefish (2.2.16) for EPEL-10
Updated perl-Business-ISBN-Data to 20241123.001 in Rawhide:
- Data update for 2024-11-22
Tuesday 26th November 2024
Fedora Project
Updated perl-MetaCPAN-Client to 2.033000 in Rawhide:
Remove backpan_directory option (GH#127)
Branched and built perl-Net-CIDR-Lite (0.22) for EPEL-10
Branched and built perl-Net-DNS-Resolver-Programmable (0.009) for EPEL-10
Local Packages
Updated perl-IO-Socket-IP to 0.43:
Swapped unit tests from Test::More to Test2::V0
Fixed some documentation typos (CPAN RT#157201)
Updated perl-MetaCPAN-Client to 2.033000 as per the Fedora version
Wednesday 27th November 2024
Fedora Project
Updated perl-Mail-Message to 3.016 in Rawhide:
When (illegally) multiple attributes with the same name are used in a single header line, then the last is returned, just like Apple and Outlook do (originally returned the first) (GH#20)
Thursday 28th November 2024
Fedora Project
Updated perl-Finance-Quote to 1.64 in Rawhide:
Update AlphaVantage.pm (GH#447)
Fix to Stooq.pm (GH#445)
Updated ASX.pm (GH#404)
Added more fields to CSE.pm and exposed all labels
Changed parsing in Comdirect.pm (GH#413)
Complete rewrite of OnVista.pm (GH#414)
Minor fix to FinanceAPI decoding JSON (GH#434)
- Modified YahooJSON to deal with "nan" as dividend yield in JSON
New CurrencyRates module, CurrencyRates/FinanceAPI (GH#427)
Fixed Bourso.pm (GH#417)
Allowed Currency Rates modules Fixer.pm and OpenExchange.pm to read their API keys from environment variables (GH#426)
- Removed references to IEXCloud (IEX ended support for all products at the end of August 2024)
Friday 29th November 2024
Fedora Project
Updated perl-parent to 0.243 in Rawhide:
- Reinstate test for apostrophe as package separator, as that package separator is allowed again (no code change, only tests have been amended)
Local Packages
Updated libgpg-error to 1.51:
Allow initialization of new Windows threads to utf8 mode (https://dev.gnupg.org/T7185)
Add GPGRT_PROCESS_ALLOW_SET_FG for gpgrt_process_spawn
Add new spawn function to modify the environment (https://dev.gnupg.org/T7307)
Fix missing environ var for macOS and others (https://dev.gnupg.org/T7169, https://dev.gnupg.org/T7307)
Fix forgotten _gpgrt_post_syscall on create pipe failure
Let gpgrt_poll return an error for a closed fd
Fix build error introduced by C-committee stupidity (https://dev.gnupg.org/T7344)
Updated perl-parent to 0.243 as per the Fedora version
Saturday 30th November 2024
Fedora Project
Updated perl-Business-ISBN-Data to 20241130.001 in Rawhide:
- Data update for 2024-11-30
Previous Month: October 2024
Next Month: December 2024