| Message ID | 20240606135032.549882-1-adolf.belka@ipfire.org |
|---|---|
| State | New |
| Headers |
Return-Path: <development-bounces@lists.ipfire.org> Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature ECDSA (secp384r1) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4Vw5MK1SrVz3wxV for <patchwork@web04.haj.ipfire.org>; Thu, 6 Jun 2024 13:50:53 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature ECDSA (secp384r1) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4Vw5M81bb7z1rT; Thu, 6 Jun 2024 13:50:44 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4Vw5M66VPSz32xB; Thu, 6 Jun 2024 13:50:42 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature ECDSA (secp384r1) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4Vw5M427Jzz30Sl for <development@lists.ipfire.org>; Thu, 6 Jun 2024 13:50:40 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4Vw5M16cT2z1Hw; Thu, 6 Jun 2024 13:50:37 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1717681838; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=uLBiWZVkxoHQa9LZCXWG7N6FIrqGLJBdiZX+WJ4Hp90=; b=Zr3WPaoHDmPEURFvNKoEwJYNRGc3FhmwvCqXGVatA9pnzbUCfEMk+I6PZQ35UIrYH0Znru GvKyBKp5aiuV6WDA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1717681838; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=uLBiWZVkxoHQa9LZCXWG7N6FIrqGLJBdiZX+WJ4Hp90=; b=U4iBD4+pyK2AeS7SAVuYVha7yzCCEVZ34yBcyk4R8ZFi8SjOfkykHCc/Ls5chjO9iPZEMW zaAcbudQWQjW6aASwgimculqtI5KYZJcFcnNUx5ltA2PejAEuqj/oUgeQeVbqa4A2c7TUK Iv6pQm6H7KymZ+DBOXcRjwgnwqzpJ1sK1EtxbZFL7CS1V+gnxRWPN4EBsXd1HNcqeqhH5X uwYI9nGrXYEmMYOTNcFk5E7cesS/TwPepgePTQB28XL+QcsirovlU8lWEgQN8246wJFXVU 4StxaxTOauqI/6een0cr5wk9rYL62aCvFgZZ81YtcTouzPKAODilGyLUh+lCsQ== From: Adolf Belka <adolf.belka@ipfire.org> To: development@lists.ipfire.org Subject: [PATCH] curl: Update to version 8.8.0 Date: Thu, 6 Jun 2024 15:50:31 +0200 Message-ID: <20240606135032.549882-1-adolf.belka@ipfire.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-ID-Hash: 3C5O7AN75VFVHJGEFCNF7BSXYOOJVMWY X-Message-ID-Hash: 3C5O7AN75VFVHJGEFCNF7BSXYOOJVMWY X-MailFrom: adolf.belka@ipfire.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.8 Precedence: list List-Id: IPFire development talk <development.lists.ipfire.org> Archived-At: <https://lists.ipfire.org/hyperkitty/list/development@lists.ipfire.org/message/3C5O7AN75VFVHJGEFCNF7BSXYOOJVMWY/> List-Archive: <https://lists.ipfire.org/hyperkitty/list/development@lists.ipfire.org/> List-Help: <mailto:development-request@lists.ipfire.org?subject=help> List-Owner: <mailto:development-owner@lists.ipfire.org> List-Post: <mailto:development@lists.ipfire.org> List-Subscribe: <mailto:development-join@lists.ipfire.org> List-Unsubscribe: <mailto:development-leave@lists.ipfire.org> |
| Series |
curl: Update to version 8.8.0
|
|
Commit Message
Adolf Belka
June 6, 2024, 1:50 p.m. UTC
- Update from version 8.2.1 to 8.8.0
- Update of rootfile
- Removal of patch as the content now included in the source tarball.
- Changelog
8.8.0
Changes:
curl_version_info: provide librtmp version
file: add support for directory listings
idn: add native AppleIDN (icucore) support for macOS/iOS
lib: add curl_multi_waitfds
mbedTLS: implement CURLOPT_SSL_CIPHER_LIST option
NTLM_WB: drop support
TLS: add support for ECH (Encrypted Client Hello)
urlapi: add CURLU_GET_EMPTY for empty queries and fragments
Bugfixes:
appveyor: drop unnecessary `--clean-first` cmake option
appveyor: guard against crash-build with VS2008
appveyor: make gcc 6 mingw64 job build-only
asyn-thread: fix curl_global_cleanup crash in Windows
asyn-thread: fix Curl_thread_create result check
autotools: delete unused functions
autotools: fix `HAVE_IOCTLSOCKET_FIONBIO` test for gcc 14
autotools: only probe for SGI MIPS compilers on IRIX
bearssl: fix compiler warnings
bearssl: use common code for cipher suite lookup
bufq: remove duplicate word in comment
BUG-BOUNTY.md: clarify the third party situation
build: prefer `USE_IPV6` macro internally (was: `ENABLE_IPV6`)
build: remove MacOSX-Framework script
cd2nroff/manage: use UTC when SOURCE_DATE_EPOCH is set
cf-https-connect: use timeouts as unsigned ints
cf-socket: don't try getting local IP without socket
cf-socket: remove references to l_ip, l_port
ci: add curl-for-win builds: Linux MUSL, macOS, Windows
cmake: add `BUILD_EXAMPLES` option to build examples
cmake: add librtmp/rtmpdump option and detection
cmake: check fseeko after detecting HAVE_FILE_OFFSET_BITS
cmake: do not pass linker flags to the static library tool
cmake: enable `-pedantic-errors` for clang when `CURL_WERROR=ON`
cmake: FindNGHTTP2 add static lib name to find_library call
cmake: fix `CURL_WERROR=ON` for old CMake and use it in GHA/linux-old
cmake: fix `HAVE_IOCTLSOCKET_FIONBIO` test with gcc 14
cmake: fixup `DEPENDS` filename
cmake: forward `USE_LIBRTMP` option to C
cmake: generate misc manpages and install `mk-ca-bundle.pl`
cmake: initialize `BUILD_TESTING` before first use
cmake: speed up libcurl doc building again
cmake: tidy-up to use `WORKING_DIRECTORY`
cmake: use namespaced custom target names
cmdline-docs: fix make install with configure --disable-docs
configure: error on missing perl if docs or manual is enabled
configure: make --disable-docs imply --disable-manual
content_encoding: brotli and others, pass through 0-length writes
content_encoding: ignore duplicate chunked encoding
content_encoding: reject transfer-encoding after chunked
contrithanks: honor `CURLWWW` variable
curl-confopts.m4: define CARES_NO_DEPRECATED when c-ares is used
curl.h: change CURL_SSLVERSION_* from enum to defines
curl: make --help adapt to the terminal width
curl: use curl_getenv instead of the curlx_ version
Curl_creader_read: init two variables to avoid using them uninited
curl_easy_pause.md: use correct defines in example
curl_getdate.md: document two-digit year handling
curl_global_trace.md: shorten the description
curl_multibyte: remove access() function wrapper for Windows
curl_path: make Curl_get_pathname use dynbuf
curl_setup.h: add support for IAR compiler
curl_setup.h: detect 'inline' support
curl_sha512_256: do not use workaround for NetBSD when not needed
curl_sha512_256: fix detection of OpenSSL 1.1.1 or later
curl_url_get.md: clarify queries and fragments and CURLU_GET_EMPTY
CURLINFO_REQUEST_SIZE: fixed, add tests for transfer infos reported
CURLOPT_WRITEFUNCTION.md: fix the callback proto in the example
cw-out: improved error handling
DEPRECATE.md: TLS libraries without 1.3 support
digest: replace strcpy for empty string with simple assignment
dist: `set -eu`, fix shellcheck, make reproducible and smaller tarballs
dist: add files missing from release tarball
dist: add reproducible dir entries to tarballs
dist: do not require Perl in `maketgz`
dist: remove the curl-config.1 from the tarball
dist: verify tarball reproducibility in CI
DISTROS: add patch and issues link for curl-for-win
DISTROS: Cygwin updates
dllmain: Call OpenSSL thread cleanup for Windows and Cygwin
doc: pytest `--repeat` -> `--count`
docs/cmdline-opts: invoke managen using a relative path
docs/cmdline-opts: mention STARTTLS for --ssl and --ssl-reqd
docs: add CURLOPT_NOPROGRESS to CURLOPT_XFERINFOFUNCTION example
docs: clarify CURLOPT_MAXFILESIZE and CURLOPT_MAXFILESIZE_LARGE
docs: fix some CURLINFO examples
doh: fix typo in comment
doh: remove unused function prototype
dynbuf: fix returncode on memory error
examples: fix/silence `-Wsign-conversion`
EXPERIMENTAL: add graduation requirements for each feature
file: remove useless assignment
ftp: add tracing support
ftp: fix build for CURL_DISABLE_VERBOSE_STRINGS
ftp: fix socket leak on rare error
GHA: add NetBSD, OpenBSD, FreeBSD/arm64 and OmniOS jobs
GHA: add shellcheck job and fix warnings, shell tidy-ups
GHA: add valgrind to a wolfSSL build
GHA: on macOS remove $HOME/.curlrc
GHA: pin dependencies
gnutls: lazy init the trust settings
h3/ngtcp2: improve error handling
hash: change 'slots' to size_t from int
hash: delete unused debug function
hsts: explicitly skip blank lines
hsts: remove single-use single-line function
http tests: in CI skip test_02_23* for quiche
http2 + ngtcp2: pass CURLcode errors from callbacks
http2, http3: decouple stream state from easy handle
http2: emit RST when client write fails
http3: quiche+ngtcp2 improvements
http: acknowledge a returned error code
http: HEAD response body tolerance
http: reject HTTP major version switch mid connection
http: remove redundant check
http: with chunked POST forced, disable length check on read callback
http_aws_sigv4: remove useless assignment
idn: make Curl_idnconvert_hostname() use Curl_idn_decode()
if2ip: make the buf_size arg a size_t
INSTALL-CMAKE.md: explain `cmake -G <generator-name>`
krb5: use dynbuf
ldap: fix unused variables (seen on OmniOS)
lib/cf-h1-proxy: silence compiler warnings (gcc 14)
lib: add trace support for client reads and writes
lib: bump hash sizes to `size_t`
lib: clear the easy handle's saved errno before transfer
lib: fix compiler warnings (gcc)
lib: make protocol handlers store scheme name lowercase
lib: merge `ENABLE_QUIC` C macro into `USE_HTTP3`
lib: remove two instances of "only only" messages
lib: silence `-Wsign-conversion` in base64, strcase, mprintf
lib: silence warnings on comma misuse
lib: use `#error` instead of invalid syntax in `curl_setup_once.h`
lib: use multi instead of multi_easy for the active multi
libcurl-opts: mention pipelining less
libssh2: delete redundant feature guard
libssh2: replace `access()` with `stat()`
libssh2: set length to 0 if strdup failed
m4: fix rustls pkg-config codepath
MAIL-ETIQUETTE: convert to markdown
makefile: remove the sorting from the vc-ide action
maketgz: put docs/RELEASE-TOOL.md into the tarball
managen: fix the option sort order
mbedtls: call mbedtls_ssl_setup() after RNG callback is set
mbedtls: cut off trailing newlines from debug logs
mbedtls: fix building with v3 in CMake Unity mode
mbedtls: support TLS 1.3
mime: avoid using access()
misc: fix typos
misc: fix typos, quoting and spelling
mprintf: check fputc error rather than matching returned character
mqtt: when Curl_xfer_recv returns error, don't use nread
multi: avoid memory-leak risk
multi: introduce SETUP state for better timeouts
multi: multi_wait improvements
multi: remove the unused Curl_preconnect function
multi: remove useless assignment
multi: timeout handles even without connection
openldap: create ldap URLs correctly for IPv6 addresses
openssl: do not set SSL_MODE_RELEASE_BUFFERS
openssl: revert keylog_callback support for LibreSSL
OS400: fix shellcheck warnings in scripts
projects: drop MSVC project files for recent versions
pytest: add DELETE tests, check server version
pytest: fixes for recent python, add FTP tests
quic: fixup duplicate static function name (for cmake unity)
quiche: expire all active transfers on connection close
quiche: trust its timeout handling
RELEASE-PROCEDURE: mention an initial working build
request: make Curl_req_init return void
request: paused upload on completed download, assess connection
reuse: add copyright + license info to individual docs/*.md files
ROADMAP: remove completed entries, mention websocket
rustls: fix handshake done handling
rustls: fix partial send handling
rustls: remove incorrect SSLSUPP_TLS13_CIPHERSUITES flag
rustsls: fix error code on receive
sendf: fix two typos in comments
sendf: useless assignment in cr_lc_read()
setopt: acknowledge errors proper for CURLOPT_COOKIEJAR
setopt: make the setstropt_userpwd args compulsory
setopt: remove check for 'option' that is always true
setopt: warn on Curl_set*opt() uses not using the return value
smtp: result of Curl_bufq_cread was not used
socket: remove redundant call to getsockname
socketpair: fix compilation when USE_UNIX_SOCKETS is not defined
src: tidy up types, add necessary casts
telnet: check return code from fileno()
tests/http: fix compiler warning
tests: add -q as first option when invoking curl for tests
tests: check caddy server version to match test expectations
tests: enable test 1117 for hyper
tests: fix feature case in test1481
tests: fix test 1167 to skip digit-only symbols
tests: make the unit test result type `CURLcode`
tests: Mark tftpd timer function as noreturn
tests: tidy up types in server code
tls: fix SecureTransport + BearSSL cmake unity builds
tls: remove EXAMPLEs from deprecated options
tls: use shared init code for TCP+QUIC
tool: move tool_ftruncate64 to tool_util.c
tool_cb_rea: limit rate unpause for -T . uploads
tool_cfgable: free {proxy_}cipher13_list on exit
tool_getparam: output warning for leading unicode quote character
tool_getparam: remove two redundant conditions
tool_operate: don't truncate the etag save file by default
tool_operate: init vars unconditionally in post_per_transfer
tool_paramhlp: remove duplicate assign
tool_xattr: "guess" URL scheme if none is provided
tool_xattr: in debug builds, act normally if CURL_FAKE_XATTR is not set
transfer: remove useless assignment
url: do not URL decode proxy crendentials
url: fix use of an uninitialized variable
url: make parse_login_details use memdup0
url: remove duplicate call to Curl_conncache_remove_conn when pruning
urlapi: allow setting port number zero
urlapi: fix relative redirects to fragment-only
urldata: remove fields not used depending on used features
vauth: make two functions void that always just returned OK
version: use msnprintf instead of strncpy
vquic-tls: use correct cert name check API for wolfSSL
vquic: use CURL_FORMAT_CURL_OFF_T for 64 bit printf output
vtls: TLS session storage overhaul
wakeup_create: use FD_CLOEXEC/SOCK_CLOEXEC
warnless: delete orphan declarations
websocket: avoid memory leak in error path
winbuild: add ENABLE_WEBSOCKETS option
winbuild: use $(RC) correctly
wolfssl: plug memory leak in wolfssl_connect_step2()
x509asn1: return error on missing OID
8.7.1
Bugfixes:
Fixed empty tool_hugehelp.c file
8.7.0
Changes:
configure: add --disable-docs flag
CURLINFO_USED_PROXY: return bool whether the proxy was used
digest: support SHA-512/256
DoH: add trace configuration
write-out: add '%{proxy_used}'
Bugfixes:
ALTSVC.md: correct a typo
asyn-ares: fix data race warning
asyn-thread: use wakeup_close to close the read descriptor
badwords: use hostname, not host name
BINDINGS: add mcurl, the python binding
bufq: writing into a softlimit queue cannot be partial
c-hyper: add header collection writer in hyper builds
cd2nroff: gen: make `\>` in input to render as plain '>' in output
cd2nroff: remove backticks from titles
checksrc.pl: fix handling .checksrc with CRLF
cmake: add USE_OPENSSL_QUIC support
cmake: add warning for using TLS libraries without 1.3 support
cmake: enable `ENABLE_CURL_MANUAL` by default
cmake: fix `CURL_WINDOWS_SSPI=ON` with Schannel disabled
cmake: fix function description in comment
cmake: fix install for older CMake versions
cmake: fix libcurl.pc and curl-config library specifications
cmdline-docs/Makefile: avoid using a fixed temp file name
cmdline-docs: quote and angle bracket cleanup
cmdline-opts/_EXITCODES: sync with libcurl-errors
cmdline-opts/_VARIABLES.md: improve the description
cmdline-opts/_VERSION: provide %VERSION correctly
cmdline-opts: shorter help texts
configure: add pkg-config support to rustls detection
configure: add warning for using TLS libraries without 1.3 support
configure: build & install shell completions when enabled
configure: do not link with nghttp3 unless necessary
configure: Don't build shell completions when disabled
configure: Don't make shell completions without perl
configure: find libpsl with pkg-config
connect.c: fix typo
CONTRIBUTE: update the section on documentation format
cookie.md: provide an example sending a fixed cookie
cookie: if psl fails, reject the cookie
curl: exit on config file parser errors
curl: make --libcurl output better CURLOPT_*SSLVERSION
curl: when allocating variables, add the name into the struct
curl_setup.h: add curl_uint64_t internal type
curldown: fix email address in Copyright
CURLMOPT_MAX*: mention what happens if changed mid-transfer
CURLOPT_INTERFACE.md: remove spurious amp, add see-also
CURLOPT_POSTQUOTE.md: fix typo
CURLOPT_SSL_CTX_FUNCTION.md: no promises of lifetime after return
CURLOPT_WRITEFUNCTION.md: typo fix
digest: add check for hashing error
dist: make sure the http tests are in the tarball
DISTROS: add document with distro pointers
docs/libcurl: add TLS backend info for all TLS options
docs/libcurl: generate PROTOCOLS from meta-data
docs: add missing slashes to SChannel client certificate documentation
docs: add necessary setup for nghttp3
docs: ascii version of manpage without nroff
docs: dist curl*.1 and install without perl
docs: make curldown do angle brackets like markdown
docs: make each libcurl man specify protocol(s)
docs: make sure curl.1 is included in dist tarballs
docs: update minimal binary size in INSTALL.md
docs: use present tense
examples: use present tense in comments
file: use xfer buf for file:// transfers
fopen: fix narrowing conversion warning on 32-bit Android
form-string.md: correct the example
ftp: do lineend conversions in client writer
ftp: fix socket wait activity in ftp_domore_getsock
ftp: tracing improvements
ftp: treat a 226 arriving before data as a signal to read data
gen.pl: make the "manpageification" faster
gen: make `\>` in input to render as plain '>' in output
getparam: make --ftp-ssl work again
GHA/linux: add sysctl trick to work-around GitHub runner issue
GIT-INFO: convert to markdown
GOVERNANCE: document the core team
header.md: remove backslash, make nicer markdown
HTTP/2: write response directly
http2, http3: return CURLE_PARTIAL_FILE when bytes were received
http2: fix push discard
http2: memory errors in the push callbacks are fatal
http2: minor tweaks to optimize two struct sizes
http2: push headers better cleanup
http2: remove the third (unused) argument from http2_data_done()
HTTP3.md: adjust the OpenSSL QUIC install instructions
http: better error message for HTTP/1.x response without status line
http: improve response header handling, save cpu cycles
http: move headers collecting to writer
http: remove stale comment about rewindbeforesend
http: separate response parsing from response action
http_chunks: fix the accounting of consumed bytes
http_chunks: remove unused 'endptr' variable
https-proxy: use IP address and cert with ip in alt names
hyper: implement unpausing via client reader
ipv6.md: mention IPv4 mapped addresses
KNOWN_BUGS: POP3 issue when reading small chunks
lib1598: fix `CURLOPT_POSTFIELDSIZE` usage
lib582: remove code causing warning that is never run
lib: add `void *ctx` to reader/writer instances
lib: convert Curl_get_line to use dynbuf
lib: Curl_read/Curl_write clarifications
lib: enhance client reader resume + rewind
lib: initialize output pointers to NULL before calling strto[ff,l,ul]
lib: keep conn IP information together
lib: move 'done' parameter to SingleRequests
lib: remove curl_mimepart object when CURL_DISABLE_MIME
libcurl-docs: cleanups
libcurl-security.md: Active FTP passes on the local IP address
libssh/libssh2: return error on too big range
MANUAL.md: fix typo
mbedtls: fix building when MBEDTLS_X509_REMOVE_INFO flag is defined
mbedtls: fix pytest for newer versions
mbedtls: properly cleanup the thread-shared entropy
mbedtls: use mbedtls_ssl_conf_{min|max}_tls_version
md4: include strdup.h for the memdup proto
mime: add client reader
misc: fix typos in docs and lib
mkhelp: simplify the generated hugehelp program
mprintf: fix format prefix I32/I64 for windows compilers
multi: add xfer_buf to multi handle
multi: fix multi_sock handling of select_bits
multi: make add_handle free any multi_easy
ngtcp2: no recvbuf for stream
ntml_wb: fix buffer type typo
OpenSSL QUIC: adapt to v3.3.x
openssl-quic: check on Windows that socket conv to int is possible
openssl-quic: fix BIO leak and Windows warning
openssl-quic: fix unity build, casing, indentation
OS400: avoid using awk in the build scripts
paramhlp: fix CRLF-stripping files with "-d @file"
proxy1.0.md: fix example
pytest: adapt to API change
request: clarify message when request has been sent off
rustls: make curl compile with 0.12.0
schannel: fix hang on unexpected server close
scripts: fix cijobs.pl for Azure and GHA
sendf: ignore response body to HEAD
setopt: fix check for CURLOPT_PROXY_TLSAUTH_TYPE value
setopt: fix disabling all protocols
sha512_256: add support for GnuTLS and OpenSSL
smtp: fix STARTTLS
SPONSORS: describe the basics
strtoofft: fix the overflow check
test 1541: verify getinfo values on first header callback
test1165: improve pattern matching
tests: support setting/using blank content env variables
TIMER_STARTTRANSFER: set the same for everyone
TLS: start shutdown only when peer did not already close
TODO: update 13.11 with more information
tool_cb_hdr: only parse etag + content-disposition for 2xx
tool_getparam: accept a blank -w ""
tool_getparam: handle non-existing (out of range) short-options
tool_operate: change precedence of server Retry-After time
tool_operate: do not set CURLOPT_QUICK_EXIT in debug builds
trace-config.md: remove the mutexed options list
transfer.c: break receive loop in speed limited transfers
transfer: improve Windows SO_SNDBUF update limit
urldata: move authneg bit from conn to Curl_easy
version: allow building with ancient libpsl
vquic-tls: fix the error code returned for bad CA file
vtls: fix tls proxy peer verification
vtls: revert "receive max buffer" + add test case
VULN-DISCLOSURE-POLICY.md: update detail about CVE requests
websocket: fix curl_ws_recv()
wolfSSL: do not call the stub function wolfSSL_BIO_set_init()
write-out.md: clarify error handling details
8.6.0
Changes:
add CURLE_TOO_LARGE
add CURLINFO_QUEUE_TIME_T
add CURLOPT_SERVER_RESPONSE_TIMEOUT_MS: add
asyn-thread: use GetAddrInfoExW on >= Windows 8
configure: make libpsl detection failure cause error
docs/cmdline: change to .md for cmdline docs
docs: introduce "curldown" for libcurl man page format
runtests: support -gl. Like -g but for lldb.
Bugfixes:
altsvc: free 'as' when returning error
appveyor: replace PowerShell with bash + parallel autotools
appveyor: switch to out-of-tree builds
asyn-ares: with modern c-ares, use its default timeout
build: delete unused `HAVE_{GSSHEIMDAL,GSSMIT,HEIMDAL}`
build: delete/replace clang warning pragmas
build: enable missing OpenSSF-recommended warnings, with fixes
build: fix `-Wconversion`/`-Wsign-conversion` warnings
build: fix Windows ADDRESS_FAMILY detection
build: more `-Wformat` fixes
build: remove redundant `CURL_PULL_*` settings
cf-h1-proxy: no CURLOPT_USERAGENT in CONNECT with hyper
cf-socket: show errno in tcpkeepalive error messages
CI/distcheck: run full tests
cmake: add option to disable building docs
cmake: fix generation for system name iOS
cmake: fix typo
cmake: freshen up docs/INSTALL.cmake
cmake: prefill/cache `HAVE_STRUCT_SOCKADDR_STORAGE`
cmake: rework options to enable curl and libcurl docs
cmake: when USE_MANUAL=YES, build the curl.1 man page
cmdline-opts/write-out.d: remove spurious double quotes
cmdline-opts: update availability for the *-ca-native options
cmdline/gen: fix the sorting of the man page options
configure: add libngtcp2_crypto_boringssl detection
configure: fix no default int compile error in ipv6 detection
configure: when enabling QUIC, check that TLS supports QUIC
connect: remove margin from eyeballer alloc
content_encoding: change return code to typedef'ed enum
cookie.d: document use of empty string to enable cookie engine
cookie: avoid fopen with empty file name
curl.h: CURLOPT_DNS_SERVERS is only available with c-ares
curl: show ipfs and ipns as supported "protocols"
curl_easy_getinfo.3: remove the wrong time value count
curl_multi_fdset.3: remove mention of null pointer support
CURLINFO_REFERER.3: clarify that it is the *request* header
CURLOPT_AUTOREFERER.3: mention CURLINFO_REFERER
CURLOPT_POSTFIELDS.3: fix incorrect C string escape in example
CURLOPT_SSH_*_KEYFILE: clarify
dist: add tests/errorcodes.pl to the tarball
docs: clean up Protocols: for cmdline options
docs: describe and highlight super cookies
docs: do not start lines/sentences with So, But nor And
docs: install curl.1 with cmake
docs: mention env vars not used by schannel
doh: remove unused local variable
examples: add four new examples
file+ftp: use stack buffers instead of data->state.buffer
ftp: handle the PORT parsing without allocation
ftp: use dynbuf to store entrypath
ftp: use memdup0 to store the OS from a SYST 215 response
ftpserver.pl: send 213 SIZE response without spurious newline
gen.pl: support ## for doing .IP in table-like lists
gen: do italics/bold for a range of letters, not just single word
GHA: add a job scanning for "bad words" in markdown
GHA: bump ngtcp2, gnutls, mod_h2, quiche
gnutls: fix build with --disable-verbose
haproxy-clientip.d: document the arg
headers: make sure the trailing newline is not stored
headers: remove assert from Curl_headers_push
hostip: return error immediately when Curl_ip2addr() fails
hsts: remove assert for zero length domain
http2: improved on_stream_close/data_done handling
http3/quiche: fix result code on a stream reset
http3: initial support for OpenSSL 3.2 QUIC stack
http: adjust_pollset fix
http: check for "Host:" case insensitively
http: fix off-by-one error in request method length check
http: only act on 101 responses when they are HTTP/1.1
http: remove comment reference to a removed solution
http: use stack scratch buffer
http_proxy: a blank CURLOPT_USERAGENT should not be used in CONNECT
krb5: add prototype to silence clang warnings on mvsnprintf()
lib: add debug log outputs for CURLE_BAD_FUNCTION_ARGUMENT
lib: error out on multissl + http3
lib: fix variable undeclared error caused by `infof` changes
lib: reduce use of strncpy
lib: rename Curl_strndup to Curl_memdup0 to avoid misunderstanding
lib: replace readwrite with write_resp
lib: strndup/memdup instead of malloc, memcpy and null-terminate
libssh2: use `libssh2_session_callback_set2()` with v1.11.1
libssh: improve the deprecation warning dismissal
libssh: supress warnings without version check
Makefile.am: fix the MSVC project generation
Makefile.mk: drop Windows support
mbedtls: fix `-Wnull-dereference` and `-Wredundant-decls`
mbedtls: free the entropy when threaded
mime: use memdup0 instead of malloc + memcpy
mksymbolsmanpage.pl: provide references to where the symbol is used
mprintf: overhaul and bugfixes
mqtt: use stack scratch buffer for recv+publish
multi: remove total timer reset in file_do() while fetching file://
ngtcp2: put h3 at the front of alpn
ntlm_wb: do not use data->state.buffer any longer
openldap: fix an LDAP crash
openldap: fix STARTTLS
openssl: re-match LibreSSL deinit with init
openssl: when verifystatus fails, remove session id from cache
OS400: sync ILE/RPG binding
pingpong: stop using the download buffer
pop3: replace calloc + memcpy with memdup0
pytest: scorecard tracking CPU and RSS
quiche: return CURLE_HTTP3 on send to invalid stream
readwrite_data: loop less
Revert "urldata: move async resolver state from easy handle to connectdata"
rtsp: deal with borked server responses
runtests: for mode="text" on <stdout>, fix newlines on both parts
sasl: make login option string override http auth
schannel: fix `-Warith-conversion` gcc 13 warning
sectransp: do verify_cert without memdup for blobs
sectransp_ make TLSCipherNameForNumber() available in non-verbose config
sendf: fix compiler warning with CURL_DISABLE_HEADERS_API
setopt: clear mimepost when formp is freed
setopt: use memdup0 when cloning COPYPOSTFIELDS
socks: fix generic output string to say SOCKS instead of SOCKS4
socks: use own buffer instead of data->state.buffer
ssh: fix namespace of two local macros
ssh: use stack scratch buffer for seeks
strerror: repair get_winsock_error()
system.h: sync mingw `CURL_TYPEOF_CURL_SOCKLEN_T` with other compilers
system_win32: fix a function pointer assignment warning
telnet: use dynbuf instad of malloc for escape buffer
telnet: use stack scratch buffer for do
tests/server: delete workaround for old-mingw
tests: avoid int/size_t conversion size/sign warnings
tests: respect $TMPDIR when creating unix domain sockets
tool: make parser reject blank arguments if not supported
tool: prepend output_dir in header callback
tool_getparam: bsearch cmdline options
tool_getparam: do not try to expand without an argument
tool_getparam: stop supporting `@filename` style for --cookie
tool_listhelp: regenerate after recent .d updates
tool_operate: make --remove-on-error only remove "real" files
tool_operate: stop setting the file comment on Amiga
transfer: adjust_pollset improvements
transfer: fix upload rate limiting, add test cases
transfer: make the select_bits_paused condition check both directions
transfer: remove warning: Value stored to 'blen' is never read
url: don't set default CA paths for Secure Transport backend
url: for disabled protocols, mention if found in redirect
urlapi: remove assert
verify-examples.pl: fail verification on unescaped backslash
version: show only the libpsl version, not its dependencies
vquic: extract TLS setup into own source
vtls: fix missing multissl version info
vtls: receive max buffer
vtls: remove the Curl_cft_ssl_proxy object if CURL_DISABLE_PROXY
websockets: check for negative payload lengths
websockets: refactor decode chain
windows: delete redundant headers
windows: simplify detecting and using system headers
wolfssl: load certificate *chain* for PEM client certs
x509asn1: remove code for WANT_VERIFYHOST
x509asn1: switch from malloc to dynbuf
8.5.0
Changes:
gnutls: support CURLSSLOPT_NATIVE_CA
HTTP3: ngtcp2 builds are no longer experimental
Bugfixes:
appveyor: make VS2008-built curl tool runnable
asyn-thread: use pipe instead of socketpair for IPC when available
autotools: accept linker flags via `CURL_LDFLAGS_{LIB,BIN}`
autotools: avoid passing `LDFLAGS` twice to libcurl
autotools: delete LCC compiler support bits
autotools: fix/improve gcc and Apple clang version detection
autotools: stop setting `-std=gnu89` with `--enable-warnings`
autotools: update references to deleted `crypt-auth` option
BINDINGS: add V binding
build: add `src/.checksrc` to source tarball
build: add more picky warnings and fix them
build: always revert `#pragma GCC diagnostic` after use
build: delete `HAVE_STDINT_H` and `HAVE_INTTYPES_H`
build: delete support bits for obsolete Windows compilers
build: fix 'threadsafe' feature detection for older gcc
build: fix builds that disable protocols but not digest auth
build: fix compiler warning with auths disabled
build: fix libssh2 + `CURL_DISABLE_DIGEST_AUTH` + `CURL_DISABLE_AWS`
build: picky warning updates
build: require Windows XP or newer
cfilter: provide call to tell connection to forget a socket
CI: add autotools, out-of-tree, debug build to distro check job
CI: ignore test 286 on Appveyor gcc 9 build
cmake: add `CURL_DISABLE_BINDLOCAL` option
cmake: add test for `DISABLE` options, add `CURL_DISABLE_HEADERS_API`
cmake: dedupe Windows system libs
cmake: fix `HAVE_H_ERRNO_ASSIGNABLE` detection
cmake: fix CURL_DISABLE_GETOPTIONS
cmake: fix multiple include of CURL package
cmake: fix OpenSSL quic detection in quiche builds
cmake: option to disable install & drop `curlu` target when unused
cmake: pre-fill rest of detection values for Windows
cmake: replace `check_library_exists_concat()`
cmake: speed up threads setup for Windows
cmake: speed up zstd detection
config-win32: set `HAVE_SNPRINTF` for mingw-w64
configure: better --disable-http
configure: check for the fseeko declaration too
conncache: use the closure handle when disconnecting surplus connections
content_encoding: make Curl_all_content_encodings allocless
cookie: lowercase the domain names before PSL checks
curl.h: delete Symbian OS references
curl.h: on FreeBSD include sys/param.h instead of osreldate.h
curl.rc: switch out the copyright symbol for plain ASCII
curl: improved IPFS and IPNS URL support
curl_easy_duphandle.3: clarify how HSTS and alt-svc are duped
Curl_http_body: cleanup properly when Curl_getformdata errors
curl_setup: disallow Windows IPv6 builds missing getaddrinfo
curl_sspi: support more revocation error names in error messages
CURLINFO_PRETRANSFER_TIME_T.3: fix time explanation
CURLMOPT_MAX_CONCURRENT_STREAMS: make sure the set value is within range
CURLOPT_CAINFO_BLOB.3: explain what CURL_BLOB_COPY does
CURLOPT_WRITEFUNCTION.3: clarify libcurl returns for CURL_WRITEFUNC_ERROR
CURPOST_POSTFIELDS.3: add CURLOPT_COPYPOSTFIELDS in SEE ALSO
docs/example/keepalive.c: show TCP keep-alive options
docs/example/localport.c: show off CURLOPT_LOCALPORT
docs/examples/interface.c: show CURLOPT_INTERFACE use
docs/libcurl: fix three minor man page format mistakes
docs/libcurl: SYNSOPSIS cleanup
docs: add supported version for the json write-out
docs: clarify that curl passes on input unfiltered
docs: fix function typo in curl_easy_option_next.3
docs: KNOWN_BUGS cleanup
docs: preserve the modification date when copying the prebuilt man page
docs: remove bold from some man page SYNOPSIS sections
docs: use SOURCE_DATE_EPOCH for generated manpages
doh: provide better return code for responses w/o addresses
doh: use PIPEWAIT when HTTP/2 is attempted
duphandle: also free 'outcurl->cookies' in error path
duphandle: make dupset() not return with pointers to old alloced data
duphandle: use strdup to clone *COPYPOSTFIELDS if size is not set
easy: in duphandle, init the cookies for the new handle
easy: remove duplicate wolfSSH init call
easy_lock: add a pthread_mutex_t fallback
fopen: create new file using old file's mode
fopen: create short(er) temporary file name
getenv: PlayStation doesn't have getenv()
GHA: move mod_h2 version in CI to v2.0.25
hostip: show the list of IPs when resolving is done
hostip: silence compiler warning `-Wparentheses-equality`
hsts: skip single-dot hostname
HTTP/2, HTTP/3: handle detach of onoing transfers
http2: header conversion tightening
http2: provide an error callback and failf the message
http2: safer invocation of populate_binsettings
http: allow longer HTTP/2 request method names
http: avoid Expect: 100-continue if Upgrade: is used
http: consider resume with CURLOPT_FAILONERRROR and 416 to be fine
http: fix `-Wunused-parameter` with no auth and no proxy
http: fix `-Wunused-variable` compiler warning
http: fix empty-body warning
http_aws_sigv4: canonicalise valueless query params
hyper: temporarily remove HTTP/2 support
INSTALL: update list of ports and CPU archs
IPFS: fix IPFS_PATH and file parsing
keylog: disable if unused
lib: add and use Curl_strndup()
lib: apache style infof and trace macros/functions
lib: fix gcc warning in printf call
libcurl-errors.3: sync with current public headers
libcurl-thread.3: simplify the TLS section
Makefile.am: drop vc10, vc11 and vc12 projects from dist
Makefile.mk: fix `-rtmp` option for non-Windows
mime: store "form escape" as a single bit
misc: fix -Walloc-size warnings
msh3: error when built with CURL_DISABLE_SOCKETPAIR set
multi: during ratelimit multi_getsock should return no sockets
multi: use pipe instead of socketpair to *wakeup()
ngtcp2: fix races in stream handling
ntlm_wb: use pipe instead of socketpair when possible
openldap: move the alloc of ldapconninfo to *connect()
openldap: set the callback argument in oldap_do
openssl: avoid BN_num_bits() NULL pointer derefs
openssl: fix building with v3 `no-deprecated` + add CI test
openssl: fix infof() to avoid compiler warning for %s with null
openssl: identify the "quictls" backend correctly
openssl: include SIG and KEM algorithms in verbose
openssl: make CURLSSLOPT_NATIVE_CA import Windows intermediate CAs
openssl: two multi pointer checks should probably rather be asserts
openssl: when a session-ID is reused, skip OCSP stapling
page-footer: clarify exit code 25
projects: add VC14.20 project files
pytest: use lower count in repeat tests
quic: make eyeballers connect retries stop at weird replies
quic: manage connection idle timeouts
quiche: use quiche_conn_peer_transport_params()
rand: fix build error with autotools + LibreSSL
resolve.d: drop a multi use-sentence
RTSP: improved RTP parser
sasl: fix `-Wunused-function` compiler warning
schannel: add CA cache support for files and memory blobs
setopt: check CURLOPT_TFTP_BLKSIZE range on set
setopt: remove outdated cookie comment
setopt: remove superfluous use of ternary expressions
socks: better buffer size checks for socks4a user and hostname
socks: make SOCKS5 use the CURLOPT_IPRESOLVE choice
symbols-in-versions: the CLOSEPOLICY options are deprecated
test1683: remove commented-out check alternatives
test3103: add missing quotes around a test tag attribute
test613: stop showing an error on missing output file
tests/README: SOCKS tests are not using OpenSSH, it has its own server
tests/server: add more SOCKS5 handshake error checking
tests: Fix Windows test helper tool search & use it for handle64
tidy-up: casing typos, delete unused Windows version aliases
tool: fix --capath when proxy support is disabled
tool: support bold headers in Windows
tool_cb_hdr: add an additional parsing check
tool_cb_prg: make the carriage return fit for wide progress bars
tool_cb_wrt: fix write output for very old Windows versions
tool_getparam: limit --rate to be smaller than number of ms
tool_operate: do not mix memory models
tool_operate: fix links in ipfs errors
tool_parsecfg: make warning output propose double-quoting
tool_urlglob: fix build for old gcc versions
tool_urlglob: make multiply() bail out on negative values
tool_writeout_json: fix JSON encoding of non-ascii bytes
transfer: abort pause send when connection is marked for closing
transfer: avoid calling the read callback again after EOF
transfer: only reset the FTP wildcard engine in CLEAR state
url: don't touch the multi handle when closing internal handles
url: find scheme with a "perfect hash"
url: fix `-Wzero-length-array` with no protocols
url: fix builds with `CURL_DISABLE_HTTP`
url: protocol handler lookup tidy-up
url: proxy ssl connection reuse fix
urlapi: avoid null deref if setting blank host to url encode
urlapi: skip appending NULL pointer query
urlapi: when URL encoding the fragment, pass in the right length
urldata: make maxconnects a 32 bit value
urldata: move async resolver state from easy handle to connectdata
urldata: move cookielist from UserDefined to UrlState
urldata: move hstslist from 'set' to 'state'
urldata: move the 'internal' boolean to the state struct
vssh: remove the #ifdef for Curl_ssh_init, use empty macro
vtls: cleanup SSL config management
vtls: consistently use typedef names for OpenSSL structs
vtls: late clone of connection ssl config
vtls: use ALPN "http/1.1" for HTTP/1.x, including HTTP/1.0
VULN-DISCLOSURE-POLICY: escape sequences are not a security flaw
windows: use built-in `_WIN32` macro to detect Windows
wolfssh: remove redundant static prototypes
wolfssl: add default case for wolfssl_connect_step1 switch
wolfssl: require WOLFSSL_SYS_CA_CERTS for loading system CA
8.4.0
Changes:
curl: add support for the IPFS protocols via HTTP gateway
curl_multi_get_handles: get easy handles from a multi handle
mingw: delete support for legacy mingw.org toolchain
Bugfixes:
acinclude.m4: Document proper system truststore on FreeBSD
appveyor: fix yamlint issues, indent
appveyor: rewrite batch in PowerShell + CI improvements
autotools: adjust `CURL_CA_PATH` value to CMake
autotools: restore `HAVE_IOCTL_*` detections
base64: also build for curl
bufq: remove Curl_bufq_skip_and_shift (unused)
build: delete checks for C89 standard headers
build: do not publish `HAVE_BORINGSSL`, `HAVE_AWSLC` macros
cf-socket: simulate slow/blocked receives in debug
cmake, configure: also link with CoreServices
cmake: add check for suseconds_t
cmake: add feature checks for `memrchr` and `getifaddrs`
cmake: add missing checks
cmake: delete old `HAVE_LDAP_URL_PARSE` logic
cmake: detect `HAVE_CLOCK_GETTIME_MONOTONIC_RAW`
cmake: detect `HAVE_GETADDRINFO_THREADSAFE`
cmake: detect `sys/wait.h` and `netinet/udp.h`
cmake: detect TLS-SRP in OpenSSL/wolfSSL/GnuTLS
cmake: disable unity mode with Windows Unicode + TrackMemory
cmake: fix `HAVE_LDAP_SSL`, `HAVE_LDAP_URL_PARSE` on non-Windows
cmake: fix `HAVE_WRITABLE_ARGV` detection
cmake: fix duplicate symbols when linking tests
cmake: fix missing `zlib.h` when compiling `libcurltool`
cmake: fix stderr initialization in unity builds
cmake: fix the help text to the static build option in CMakeLists.txt
cmake: fix unity builds for more build combinations
cmake: fix unity symbol collisions in h2 builds
cmake: fix unity with Windows Unicode + TrackMemory
cmake: improve OpenLDAP builds
cmake: lib `CURL_STATICLIB` fixes (Windows)
cmake: move global headers to specific checks
cmake: pre-cache `HAVE_BASENAME` for mingw-w64 and MSVC
cmake: pre-cache `HAVE_POLL_FINE` on Windows
cmake: tidy-up `NOT_NEED_LBER_H` detection
cmake: validate `CURL_DEFAULT_SSL_BACKEND` config value
configure: check for the capath by default
configure: remove unused checks
configure: replace adhoc domain with `localhost` in tests
configure: sort AC_CHECK_FUNCS
connect: expire the timeout when trying next
connect: only start the happy eyeballs timer when needed
cookie: do not store the expire or max-age strings
cookie: remove unnecessary struct fields
cookie: set ->running in cookie_init even if data is NULL
create-dirs.d: clarify it also uses --output-dirs
curl.h: mark CURLSSLBACKEND_NSS as deprecated since 8.3.0
curl_easy_pause.3: mention h2/h3 buffering
curl_easy_pause.3: mention it works within callbacks
curl_easy_pause: set "in callback" true on exit if true
CURLOPT_DEBUGFUNCTION.3: warn about internal handles
docs/libcurl/opts/Makefile.inc: add missing manpage files
docs: adapt SEE ALSO sections to new requirements
docs: explain how PINNEDPUBLICKEY is independent of VERIFYPEER
docs: replace made up domains with example.com
docs: update curl man page references
docs: use CURLSSLBACKEND_NONE
doh: inherit DEBUGFUNCTION/DATA
escape: replace Curl_isunreserved with ISUNRESERVED
FAQ: How do I upgrade curl.exe in Windows?
GHA/linux: run singleuse to detect single-use global functions
GHA: add workflow to compare configure vs cmake outputs
h2-proxy: remove left-over mistake in drain_tunnel()
h2: testcase and fix for pausing h2 streams
h3: add support for ngtcp2 with AWS-LC builds
http2: refused stream handling for retry
http: fix CURL_DISABLE_BEARER_AUTH breakage
http: h1/h2 proxy unification
http: remove wrong comment for http_should_fail
http: use per-request counter to check too large headers
http_aws_sigv4: fix sorting with empty parts
idn: fix WinIDN null ptr deref on bad host
idn: if idn2_check_version returns NULL, return error
inet_ntop: add typecast to silence Coverity
lib: disambiguate Curl_client_write flag semantics
lib: enable hmac for digest as well
lib: failf/infof compiler warnings
lib: let the max filesize option stop too big transfers too
lib: move handling of `data->req.writer_stack` into Curl_client_write()
lib: provide and use Curl_hexencode
lib: remove TIME_WITH_SYS_TIME
lib: use wrapper for curl_mime_data fseek callback
libssh2: fix error message on failed pubkey-from-file
libssh: cap SFTP packet size sent
Makefile.mk: always set `CURL_STATICLIB` for lib (Windows)
MANUAL.md: change domain to example.com
misc: better random strings
MQTT: improve receive of ACKs
multi: do CURLM_CALL_MULTI_PERFORM at two more places
multi: fix small timeouts
multi: remove Curl_multi_dump
multi: round the timeout up to prevent early wakeups
multi: set CURLM_CALL_MULTI_PERFORM after switch to DOING_MORE
openssl: improve ssl shutdown handling
openssl: use X509_ALGOR_get0 instead of reaching into X509_ALGOR
pytest: exclude test_03_goaway in CI runs due to timing dependency
quic: set ciphers/curves the same way regular TLS does
quiche: fix build error with --with-ca-fallback
RELEASE-PROCEDURE.md: updated coming release dates
runtests: display the test status if tests appear hung
runtests: eliminate a warning on old perl versions
socks: return error if hostname too long for remote resolve
src/mkhelp: make generated code pass `checksrc`
test1056: disable on Windows
test1474: disable test on NetBSD, OpenBSD and Solaris 10
test1592: greatly increase the maximum test timeout
test1903: actually verify the cookies after the test
test1906: set a lower timeout since it's hit on Windows
test2600: remove special case handling for USE_ALARM_TIMEOUT
test650: fix an end tag typo
test661: return from test early in case of curl error
test: add missing <feature>s
tests: close the shell used to start sshd
tests: fix a race condition in ftp server disconnect
tests: fix compiler warnings
tests: Fix zombie processes left behind by FTP tests.
tests: improve SLOWDOWN test reliability by reducing sent data
tests: increase lib571 timeout from 3s to 30s
tests: log the test result code after each libtest
tests: propagate errors in libtests
tests: set --expect100-timeout to improve test reliability
tests: show which curl tool `runtests.pl` is using
tests: stop overriding the lock timeout
tftpd: always use curl's own tftp.h
tool: use our own stderr variable
tool_cb_wrt: fix debug assertion
tool_getparam: accept variable expansion on file names too
tool_setopt: remove unused function tool_setopt_flags
upload-file.d: describe the file name slash/backslash handling
url: fall back to http/https proxy env-variable if ws/wss not set
url: fix netrc info message
warnless: remove unused functions
wolfssh: do cleanup in Curl_ssh_cleanup
wolfssl: allow capath with CURLOPT_CAINFO_BLOB
wolfssl: if CURLOPT_CAINFO_BLOB is set, ignore the CA files
wolfssl: ignore errors in CA path
8.3.0
Changes:
curl: make %output{} in -w specify a file to write to
gskit: remove
lib: --disable-bindlocal builds curl without local binding support
nss: remove support for this TLS library
tool: add "variable" support
trace: make tracing available in non-debug builds
url: change default value for CURLOPT_MAXREDIRS to 30
urlapi: CURLU_PUNY2IDN - convert from punycode to IDN name
wolfssl: support loading system CA certificates
Bugfixes:
altsvc: accept and parse IPv6 addresses in response headers
asyn-ares: reduce timeout to 2000ms
aws-sigv4: canonicalize the query
aws-sigv4: fix having date header twice in some cases
aws-sigv4: handle no-value user header entries
bearssl: don't load CA certs when peer verification is disabled
bearssl: handshake fix, provide proper get_select_socks() implementation
build: fix portability of mancheck and checksrc targets
build: streamline non-UWP wincrypt detections
c-hyper: adjust the hyper to curlcode conversion
c-hyper: fix memory leaks in `Curl_http`
cf-haproxy: make CURLOPT_HAPROXY_CLIENT_IP set the *source* IP
cf-socket: log successful interface bind
CI/cirrus: disable python install on FreeBSD
CI: add a 32-bit i686 Linux build
CI: add caching to many jobs
CI: move on to ngtcp2 v0.19.1
CI: move the Alpine build from Cirrus to GHA
CI: ngtcp2-linux: use separate caches for tls libraries
CI: remove Windows builds from Cirrus, without replacement
CI: switch macOS ARM build from Cirrus to Circle CI
CI: use master again for wolfssl
cirrus: install everthing with pkg, avoid pip
cmake: add GnuTLS option
cmake: add support for `CURL_DEFAULT_SSL_BACKEND`
cmake: add support for single libcurl compilation pass
cmake: allow `SHARE_LIB_OBJECT=ON` on all platforms
cmake: assume `wldap32` availability on Windows
cmake: cache more config and delete unused ones
cmake: detect `SSL_set0_wbio` in OpenSSL
cmake: drop `HAVE_LIBWINMM` and `HAVE_LIBWS2_32` feature checks
cmake: fix to use variable for the curl namespace
cmake: fixup H2 duplicate symbols for unity builds
cmake: set SIZEOF_LONG_LONG in curl_config.h
cmake: support building static and shared libcurl in one go
cmdline-docs: make sure to phrase it as "added in ...."
cmdline-docs: use present tense, not future
cmdline-opts/docs: mention the negative option part
cmdline-opts/page-header: clarify stronger that !opt == URL
cmdline-opts/page-header: reorder, clean up
configure, cmake, lib: more form api deprecation
configure: fix `HAVE_TIME_T_UNSIGNED` check
configure: trust pkg-config when it's used for zlib
configure: use the pkg-config --libs-only-l flag for libssh2
connect: stop halving the remaining timeout when less than 600 ms left
cookie-jar.d: emphasize that this option is ONLY writing cookies
crypto: ensure crypto initialization works
curl_url_get/set.3: add missing semicolon in SYNOPSIS
CURLINFO_CERTINFO.3: better explain curl_certinfo struct
CURLINFO_TLS_SSL_PTR.3: clarify a recommendation
CURLOPT_*TIMEOUT*: extend and clarify
CURLOPT_SSL_VERIFYPEER.3: mention it does not load CA certs when disabled
CURLOPT_URL.3: add two URL API calls in the see-also section
CURLOPT_URL.3: explain curl_url_set() uses the same parser
digest: Use hostname to generate spn instead of realm
disable.d: explain --disable not implemented prior to 7.50.0
docs/cmdline-opts/gen.pl: hide "added in" before 7.50.0
docs/cmdline-opts: match the current output
docs/cmdline-opts: spellfixes, typos and polish
docs/cmdline: add small "warning" to verbose options
docs/cmdline: remove repeated working for negotiate + ntlm
docs/HYPER.md: document a workaround for a link error
docs: add curl_global_trace to some SEE ALSO sections
docs: link to the website versions instead of markdowns
docs: mark --ssl-revoke-best-effort as Schannel specific
docs: mention critical files in same directories as curl saves
docs: removing "pausing transfers" from HYPER.md.
docs: rewrite to present tense
easy: remove #ifdefs to make code easier on the eye
egd: delete feature detection and related source code
ftp: fix temp write of ipv6 address
gen.pl: escape all dashes (ascii minus) to avoid unicode hyphens
gen.pl: replace all single quotes with aq
GHA: adding quiche workflow
headers: accept leading whitespaces on first response header
http2: avoid too early connection re-use/multiplexing
http2: cleanup trace messages
http2: disable asssertion blocking OSSFuzz testing
http2: fix in h2 proxy tunnel: progress in ingress on sending
http2: polish things around POST
http2: upgrade tests and add fix for non-existing stream
http3/ngtcp2: shorten handshake, trace cleanup
http3: quiche, handshake optimization, trace cleanup
http: close the connection after a late 417 is received
http: do not require a user name when using CURLAUTH_NEGOTIATE
http: fix sending of large requests
http: remove the p_pragma struct field
http: return error when receiving too large header set
hyper: fix a progress upload counter bug
hyper: fix ownership problems
hyper: remove `hyptransfer->endtask`
imap: add a check for failing strdup()
imap: remove the only sscanf() call in the IMAP code
include.d: explain headers not printed with --fail before 7.75.0
include/curl/mprintf.h: add __attribute__ for the prototypes
krb5: fix "implicit conversion loses integer precision" warnings
lib: add ability to disable auths individually
lib: build fixups when built with most things disabled
lib: fix a few *printf() flag mistakes
lib: fix null ptr derefs and uninitialized vars (h2/h3)
lib: move mimepost data from ->req.p.http to ->state
libtest: use curl_free() to free libcurl allocated data
list-only.d: mention SFTP as supported protocol
macOS: fix target detection more
misc: fix various typos
multi.h: the 'revents' field of curl_waitfd is supported
multi: more efficient pollfd count for poll
multi: remove 'processing: <url>' debug message
ngtcp2: fix handling of large requests
openssl: auto-detect `SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED`
openssl: clear error queue after SSL_shutdown
openssl: make aws-lc version support OCSP
openssl: Support async cert verify callback
openssl: switch to modern init for LibreSSL 2.7.0+
openssl: use `SSL_CTX_set_ciphersuites` with LibreSSL 3.4.1
openssl: use `SSL_CTX_set_keylog_callback` with LibreSSL 3.5.0
openssl: when CURLOPT_SSL_CTX_FUNCTION is registered, init x509 store before
os400: build test servers
os400: do not check translatable options at build time
os400: implement CLI tool
page-footer: QLOGDIR works with ngtcp2 and quiche
page-header: move up a URL paragraph from GLOBBING to URL
pytest: fix check for slow_network skips to only apply when intended
quic: don't set SNI if hostname is an IP address
quiche: adjust quiche `QUIC_IDLE_TIMEOUT` to 60s
quiche: enable quiche to handle timeout events
resolve: use PF_INET6 family lookups when CURL_IPRESOLVE_V6 is set
revert "schannel: reverse the order of certinfo insertions"
schannel: fix ordering of cert chain info
schannel: fix user-set legacy algorithms in Windows 10 & 11
schannel: verify hostname independent of verify cert
sectransp: fix compiler warnings
sectransp: prevent CFRelease() of NULL
secureserver.pl: fix stunnel path quoting
secureserver.pl: fix stunnel version parsing
SECURITY-PROCESS.md: not a sec issue: Tricking user to run a cmdline
system.h: add CURL_OFF_T definitions on HP-UX with HP aCC
test1304: build and skip without netrc support
test1554: check translatable string options in OS400 wrapper
test1608: make it build and get skipped without shuffle DNS support
test687/688: two more basic --xattr tests
tests/tftpd+mqttd: make variables static to silence picky warnings
tests: add 'large-time' as a testable feature
tests: add support for nested %if conditions
tests: don't call HTTP errors OK in test cases
tests: ensure `libcurl.def` contains all exports
tests: fix h3 server check and parallel instances
tests: TLS session sharing test
tests: update cookie expiry dates to far in the future
time-cond.d: mention what happens on a missing file
tool: avoid including leading spaces in the Location hyperlink
tool: change some fopen failures from warnings to errors
tool: make the length argument an int for printf()-.* flags
tool_cb_wrt: fix invalid unicode for windows console
tool_filetime: make -z work with file dates before 1970
tool_operate: allow both SSL_CERT_FILE and SSL_CERT_DIR
tool_operate: make aws-sigv4 not require TLS to be used
tool_paramhlp: improve str2num(): avoid unnecessary call to strlen()
tool_urlglob: use the correct format specifier for curl_off_t in msnprintf
transfer: also stop the sending on closed connection
transfer: don't set TIMER_STARTTRANSFER on first send
unit2600: fix build warning if built without verbose messages
url: remove infof() output for "still name resolving"
urlapi: fix heap buffer overflow
urlapi: make sure zoneid is also duplicated in curl_url_dup
urlapi: return CURLUE_BAD_HOSTNAME if puny2idn encoding fails
urlapi: setting a blank URL ("") is not an ok URL
vquic: show stringified messages for errno
vtls: clarify "ALPN: offers" message
winbuild: improve check for static zlib
wolfSSL: avoid the OpenSSL compat API when not needed
workflows/macos.yml: disable zstd and alt-svc in the http-only build
write-out.d: clarify %{time_starttransfer}
ws: fix spelling mistakes in examples and tests
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
config/rootfiles/common/curl | 14 ++++++-
lfs/curl | 7 ++--
...15d8aee6c1045be932a34fe6107c2f5ed147.patch | 38 -------------------
3 files changed, 16 insertions(+), 43 deletions(-)
delete mode 100644 src/patches/curl-8.4.0-fb4415d8aee6c1045be932a34fe6107c2f5ed147.patch
Comments
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> > On 6 Jun 2024, at 14:50, Adolf Belka <adolf.belka@ipfire.org> wrote: > > - Update from version 8.2.1 to 8.8.0 > - Update of rootfile > - Removal of patch as the content now included in the source tarball. > - Changelog > 8.8.0 > Changes: > curl_version_info: provide librtmp version > file: add support for directory listings > idn: add native AppleIDN (icucore) support for macOS/iOS > lib: add curl_multi_waitfds > mbedTLS: implement CURLOPT_SSL_CIPHER_LIST option > NTLM_WB: drop support > TLS: add support for ECH (Encrypted Client Hello) > urlapi: add CURLU_GET_EMPTY for empty queries and fragments > Bugfixes: > appveyor: drop unnecessary `--clean-first` cmake option > appveyor: guard against crash-build with VS2008 > appveyor: make gcc 6 mingw64 job build-only > asyn-thread: fix curl_global_cleanup crash in Windows > asyn-thread: fix Curl_thread_create result check > autotools: delete unused functions > autotools: fix `HAVE_IOCTLSOCKET_FIONBIO` test for gcc 14 > autotools: only probe for SGI MIPS compilers on IRIX > bearssl: fix compiler warnings > bearssl: use common code for cipher suite lookup > bufq: remove duplicate word in comment > BUG-BOUNTY.md: clarify the third party situation > build: prefer `USE_IPV6` macro internally (was: `ENABLE_IPV6`) > build: remove MacOSX-Framework script > cd2nroff/manage: use UTC when SOURCE_DATE_EPOCH is set > cf-https-connect: use timeouts as unsigned ints > cf-socket: don't try getting local IP without socket > cf-socket: remove references to l_ip, l_port > ci: add curl-for-win builds: Linux MUSL, macOS, Windows > cmake: add `BUILD_EXAMPLES` option to build examples > cmake: add librtmp/rtmpdump option and detection > cmake: check fseeko after detecting HAVE_FILE_OFFSET_BITS > cmake: do not pass linker flags to the static library tool > cmake: enable `-pedantic-errors` for clang when `CURL_WERROR=ON` > cmake: FindNGHTTP2 add static lib name to find_library call > cmake: fix `CURL_WERROR=ON` for old CMake and use it in GHA/linux-old > cmake: fix `HAVE_IOCTLSOCKET_FIONBIO` test with gcc 14 > cmake: fixup `DEPENDS` filename > cmake: forward `USE_LIBRTMP` option to C > cmake: generate misc manpages and install `mk-ca-bundle.pl` > cmake: initialize `BUILD_TESTING` before first use > cmake: speed up libcurl doc building again > cmake: tidy-up to use `WORKING_DIRECTORY` > cmake: use namespaced custom target names > cmdline-docs: fix make install with configure --disable-docs > configure: error on missing perl if docs or manual is enabled > configure: make --disable-docs imply --disable-manual > content_encoding: brotli and others, pass through 0-length writes > content_encoding: ignore duplicate chunked encoding > content_encoding: reject transfer-encoding after chunked > contrithanks: honor `CURLWWW` variable > curl-confopts.m4: define CARES_NO_DEPRECATED when c-ares is used > curl.h: change CURL_SSLVERSION_* from enum to defines > curl: make --help adapt to the terminal width > curl: use curl_getenv instead of the curlx_ version > Curl_creader_read: init two variables to avoid using them uninited > curl_easy_pause.md: use correct defines in example > curl_getdate.md: document two-digit year handling > curl_global_trace.md: shorten the description > curl_multibyte: remove access() function wrapper for Windows > curl_path: make Curl_get_pathname use dynbuf > curl_setup.h: add support for IAR compiler > curl_setup.h: detect 'inline' support > curl_sha512_256: do not use workaround for NetBSD when not needed > curl_sha512_256: fix detection of OpenSSL 1.1.1 or later > curl_url_get.md: clarify queries and fragments and CURLU_GET_EMPTY > CURLINFO_REQUEST_SIZE: fixed, add tests for transfer infos reported > CURLOPT_WRITEFUNCTION.md: fix the callback proto in the example > cw-out: improved error handling > DEPRECATE.md: TLS libraries without 1.3 support > digest: replace strcpy for empty string with simple assignment > dist: `set -eu`, fix shellcheck, make reproducible and smaller tarballs > dist: add files missing from release tarball > dist: add reproducible dir entries to tarballs > dist: do not require Perl in `maketgz` > dist: remove the curl-config.1 from the tarball > dist: verify tarball reproducibility in CI > DISTROS: add patch and issues link for curl-for-win > DISTROS: Cygwin updates > dllmain: Call OpenSSL thread cleanup for Windows and Cygwin > doc: pytest `--repeat` -> `--count` > docs/cmdline-opts: invoke managen using a relative path > docs/cmdline-opts: mention STARTTLS for --ssl and --ssl-reqd > docs: add CURLOPT_NOPROGRESS to CURLOPT_XFERINFOFUNCTION example > docs: clarify CURLOPT_MAXFILESIZE and CURLOPT_MAXFILESIZE_LARGE > docs: fix some CURLINFO examples > doh: fix typo in comment > doh: remove unused function prototype > dynbuf: fix returncode on memory error > examples: fix/silence `-Wsign-conversion` > EXPERIMENTAL: add graduation requirements for each feature > file: remove useless assignment > ftp: add tracing support > ftp: fix build for CURL_DISABLE_VERBOSE_STRINGS > ftp: fix socket leak on rare error > GHA: add NetBSD, OpenBSD, FreeBSD/arm64 and OmniOS jobs > GHA: add shellcheck job and fix warnings, shell tidy-ups > GHA: add valgrind to a wolfSSL build > GHA: on macOS remove $HOME/.curlrc > GHA: pin dependencies > gnutls: lazy init the trust settings > h3/ngtcp2: improve error handling > hash: change 'slots' to size_t from int > hash: delete unused debug function > hsts: explicitly skip blank lines > hsts: remove single-use single-line function > http tests: in CI skip test_02_23* for quiche > http2 + ngtcp2: pass CURLcode errors from callbacks > http2, http3: decouple stream state from easy handle > http2: emit RST when client write fails > http3: quiche+ngtcp2 improvements > http: acknowledge a returned error code > http: HEAD response body tolerance > http: reject HTTP major version switch mid connection > http: remove redundant check > http: with chunked POST forced, disable length check on read callback > http_aws_sigv4: remove useless assignment > idn: make Curl_idnconvert_hostname() use Curl_idn_decode() > if2ip: make the buf_size arg a size_t > INSTALL-CMAKE.md: explain `cmake -G <generator-name>` > krb5: use dynbuf > ldap: fix unused variables (seen on OmniOS) > lib/cf-h1-proxy: silence compiler warnings (gcc 14) > lib: add trace support for client reads and writes > lib: bump hash sizes to `size_t` > lib: clear the easy handle's saved errno before transfer > lib: fix compiler warnings (gcc) > lib: make protocol handlers store scheme name lowercase > lib: merge `ENABLE_QUIC` C macro into `USE_HTTP3` > lib: remove two instances of "only only" messages > lib: silence `-Wsign-conversion` in base64, strcase, mprintf > lib: silence warnings on comma misuse > lib: use `#error` instead of invalid syntax in `curl_setup_once.h` > lib: use multi instead of multi_easy for the active multi > libcurl-opts: mention pipelining less > libssh2: delete redundant feature guard > libssh2: replace `access()` with `stat()` > libssh2: set length to 0 if strdup failed > m4: fix rustls pkg-config codepath > MAIL-ETIQUETTE: convert to markdown > makefile: remove the sorting from the vc-ide action > maketgz: put docs/RELEASE-TOOL.md into the tarball > managen: fix the option sort order > mbedtls: call mbedtls_ssl_setup() after RNG callback is set > mbedtls: cut off trailing newlines from debug logs > mbedtls: fix building with v3 in CMake Unity mode > mbedtls: support TLS 1.3 > mime: avoid using access() > misc: fix typos > misc: fix typos, quoting and spelling > mprintf: check fputc error rather than matching returned character > mqtt: when Curl_xfer_recv returns error, don't use nread > multi: avoid memory-leak risk > multi: introduce SETUP state for better timeouts > multi: multi_wait improvements > multi: remove the unused Curl_preconnect function > multi: remove useless assignment > multi: timeout handles even without connection > openldap: create ldap URLs correctly for IPv6 addresses > openssl: do not set SSL_MODE_RELEASE_BUFFERS > openssl: revert keylog_callback support for LibreSSL > OS400: fix shellcheck warnings in scripts > projects: drop MSVC project files for recent versions > pytest: add DELETE tests, check server version > pytest: fixes for recent python, add FTP tests > quic: fixup duplicate static function name (for cmake unity) > quiche: expire all active transfers on connection close > quiche: trust its timeout handling > RELEASE-PROCEDURE: mention an initial working build > request: make Curl_req_init return void > request: paused upload on completed download, assess connection > reuse: add copyright + license info to individual docs/*.md files > ROADMAP: remove completed entries, mention websocket > rustls: fix handshake done handling > rustls: fix partial send handling > rustls: remove incorrect SSLSUPP_TLS13_CIPHERSUITES flag > rustsls: fix error code on receive > sendf: fix two typos in comments > sendf: useless assignment in cr_lc_read() > setopt: acknowledge errors proper for CURLOPT_COOKIEJAR > setopt: make the setstropt_userpwd args compulsory > setopt: remove check for 'option' that is always true > setopt: warn on Curl_set*opt() uses not using the return value > smtp: result of Curl_bufq_cread was not used > socket: remove redundant call to getsockname > socketpair: fix compilation when USE_UNIX_SOCKETS is not defined > src: tidy up types, add necessary casts > telnet: check return code from fileno() > tests/http: fix compiler warning > tests: add -q as first option when invoking curl for tests > tests: check caddy server version to match test expectations > tests: enable test 1117 for hyper > tests: fix feature case in test1481 > tests: fix test 1167 to skip digit-only symbols > tests: make the unit test result type `CURLcode` > tests: Mark tftpd timer function as noreturn > tests: tidy up types in server code > tls: fix SecureTransport + BearSSL cmake unity builds > tls: remove EXAMPLEs from deprecated options > tls: use shared init code for TCP+QUIC > tool: move tool_ftruncate64 to tool_util.c > tool_cb_rea: limit rate unpause for -T . uploads > tool_cfgable: free {proxy_}cipher13_list on exit > tool_getparam: output warning for leading unicode quote character > tool_getparam: remove two redundant conditions > tool_operate: don't truncate the etag save file by default > tool_operate: init vars unconditionally in post_per_transfer > tool_paramhlp: remove duplicate assign > tool_xattr: "guess" URL scheme if none is provided > tool_xattr: in debug builds, act normally if CURL_FAKE_XATTR is not set > transfer: remove useless assignment > url: do not URL decode proxy crendentials > url: fix use of an uninitialized variable > url: make parse_login_details use memdup0 > url: remove duplicate call to Curl_conncache_remove_conn when pruning > urlapi: allow setting port number zero > urlapi: fix relative redirects to fragment-only > urldata: remove fields not used depending on used features > vauth: make two functions void that always just returned OK > version: use msnprintf instead of strncpy > vquic-tls: use correct cert name check API for wolfSSL > vquic: use CURL_FORMAT_CURL_OFF_T for 64 bit printf output > vtls: TLS session storage overhaul > wakeup_create: use FD_CLOEXEC/SOCK_CLOEXEC > warnless: delete orphan declarations > websocket: avoid memory leak in error path > winbuild: add ENABLE_WEBSOCKETS option > winbuild: use $(RC) correctly > wolfssl: plug memory leak in wolfssl_connect_step2() > x509asn1: return error on missing OID > 8.7.1 > Bugfixes: > Fixed empty tool_hugehelp.c file > 8.7.0 > Changes: > configure: add --disable-docs flag > CURLINFO_USED_PROXY: return bool whether the proxy was used > digest: support SHA-512/256 > DoH: add trace configuration > write-out: add '%{proxy_used}' > Bugfixes: > ALTSVC.md: correct a typo > asyn-ares: fix data race warning > asyn-thread: use wakeup_close to close the read descriptor > badwords: use hostname, not host name > BINDINGS: add mcurl, the python binding > bufq: writing into a softlimit queue cannot be partial > c-hyper: add header collection writer in hyper builds > cd2nroff: gen: make `\>` in input to render as plain '>' in output > cd2nroff: remove backticks from titles > checksrc.pl: fix handling .checksrc with CRLF > cmake: add USE_OPENSSL_QUIC support > cmake: add warning for using TLS libraries without 1.3 support > cmake: enable `ENABLE_CURL_MANUAL` by default > cmake: fix `CURL_WINDOWS_SSPI=ON` with Schannel disabled > cmake: fix function description in comment > cmake: fix install for older CMake versions > cmake: fix libcurl.pc and curl-config library specifications > cmdline-docs/Makefile: avoid using a fixed temp file name > cmdline-docs: quote and angle bracket cleanup > cmdline-opts/_EXITCODES: sync with libcurl-errors > cmdline-opts/_VARIABLES.md: improve the description > cmdline-opts/_VERSION: provide %VERSION correctly > cmdline-opts: shorter help texts > configure: add pkg-config support to rustls detection > configure: add warning for using TLS libraries without 1.3 support > configure: build & install shell completions when enabled > configure: do not link with nghttp3 unless necessary > configure: Don't build shell completions when disabled > configure: Don't make shell completions without perl > configure: find libpsl with pkg-config > connect.c: fix typo > CONTRIBUTE: update the section on documentation format > cookie.md: provide an example sending a fixed cookie > cookie: if psl fails, reject the cookie > curl: exit on config file parser errors > curl: make --libcurl output better CURLOPT_*SSLVERSION > curl: when allocating variables, add the name into the struct > curl_setup.h: add curl_uint64_t internal type > curldown: fix email address in Copyright > CURLMOPT_MAX*: mention what happens if changed mid-transfer > CURLOPT_INTERFACE.md: remove spurious amp, add see-also > CURLOPT_POSTQUOTE.md: fix typo > CURLOPT_SSL_CTX_FUNCTION.md: no promises of lifetime after return > CURLOPT_WRITEFUNCTION.md: typo fix > digest: add check for hashing error > dist: make sure the http tests are in the tarball > DISTROS: add document with distro pointers > docs/libcurl: add TLS backend info for all TLS options > docs/libcurl: generate PROTOCOLS from meta-data > docs: add missing slashes to SChannel client certificate documentation > docs: add necessary setup for nghttp3 > docs: ascii version of manpage without nroff > docs: dist curl*.1 and install without perl > docs: make curldown do angle brackets like markdown > docs: make each libcurl man specify protocol(s) > docs: make sure curl.1 is included in dist tarballs > docs: update minimal binary size in INSTALL.md > docs: use present tense > examples: use present tense in comments > file: use xfer buf for file:// transfers > fopen: fix narrowing conversion warning on 32-bit Android > form-string.md: correct the example > ftp: do lineend conversions in client writer > ftp: fix socket wait activity in ftp_domore_getsock > ftp: tracing improvements > ftp: treat a 226 arriving before data as a signal to read data > gen.pl: make the "manpageification" faster > gen: make `\>` in input to render as plain '>' in output > getparam: make --ftp-ssl work again > GHA/linux: add sysctl trick to work-around GitHub runner issue > GIT-INFO: convert to markdown > GOVERNANCE: document the core team > header.md: remove backslash, make nicer markdown > HTTP/2: write response directly > http2, http3: return CURLE_PARTIAL_FILE when bytes were received > http2: fix push discard > http2: memory errors in the push callbacks are fatal > http2: minor tweaks to optimize two struct sizes > http2: push headers better cleanup > http2: remove the third (unused) argument from http2_data_done() > HTTP3.md: adjust the OpenSSL QUIC install instructions > http: better error message for HTTP/1.x response without status line > http: improve response header handling, save cpu cycles > http: move headers collecting to writer > http: remove stale comment about rewindbeforesend > http: separate response parsing from response action > http_chunks: fix the accounting of consumed bytes > http_chunks: remove unused 'endptr' variable > https-proxy: use IP address and cert with ip in alt names > hyper: implement unpausing via client reader > ipv6.md: mention IPv4 mapped addresses > KNOWN_BUGS: POP3 issue when reading small chunks > lib1598: fix `CURLOPT_POSTFIELDSIZE` usage > lib582: remove code causing warning that is never run > lib: add `void *ctx` to reader/writer instances > lib: convert Curl_get_line to use dynbuf > lib: Curl_read/Curl_write clarifications > lib: enhance client reader resume + rewind > lib: initialize output pointers to NULL before calling strto[ff,l,ul] > lib: keep conn IP information together > lib: move 'done' parameter to SingleRequests > lib: remove curl_mimepart object when CURL_DISABLE_MIME > libcurl-docs: cleanups > libcurl-security.md: Active FTP passes on the local IP address > libssh/libssh2: return error on too big range > MANUAL.md: fix typo > mbedtls: fix building when MBEDTLS_X509_REMOVE_INFO flag is defined > mbedtls: fix pytest for newer versions > mbedtls: properly cleanup the thread-shared entropy > mbedtls: use mbedtls_ssl_conf_{min|max}_tls_version > md4: include strdup.h for the memdup proto > mime: add client reader > misc: fix typos in docs and lib > mkhelp: simplify the generated hugehelp program > mprintf: fix format prefix I32/I64 for windows compilers > multi: add xfer_buf to multi handle > multi: fix multi_sock handling of select_bits > multi: make add_handle free any multi_easy > ngtcp2: no recvbuf for stream > ntml_wb: fix buffer type typo > OpenSSL QUIC: adapt to v3.3.x > openssl-quic: check on Windows that socket conv to int is possible > openssl-quic: fix BIO leak and Windows warning > openssl-quic: fix unity build, casing, indentation > OS400: avoid using awk in the build scripts > paramhlp: fix CRLF-stripping files with "-d @file" > proxy1.0.md: fix example > pytest: adapt to API change > request: clarify message when request has been sent off > rustls: make curl compile with 0.12.0 > schannel: fix hang on unexpected server close > scripts: fix cijobs.pl for Azure and GHA > sendf: ignore response body to HEAD > setopt: fix check for CURLOPT_PROXY_TLSAUTH_TYPE value > setopt: fix disabling all protocols > sha512_256: add support for GnuTLS and OpenSSL > smtp: fix STARTTLS > SPONSORS: describe the basics > strtoofft: fix the overflow check > test 1541: verify getinfo values on first header callback > test1165: improve pattern matching > tests: support setting/using blank content env variables > TIMER_STARTTRANSFER: set the same for everyone > TLS: start shutdown only when peer did not already close > TODO: update 13.11 with more information > tool_cb_hdr: only parse etag + content-disposition for 2xx > tool_getparam: accept a blank -w "" > tool_getparam: handle non-existing (out of range) short-options > tool_operate: change precedence of server Retry-After time > tool_operate: do not set CURLOPT_QUICK_EXIT in debug builds > trace-config.md: remove the mutexed options list > transfer.c: break receive loop in speed limited transfers > transfer: improve Windows SO_SNDBUF update limit > urldata: move authneg bit from conn to Curl_easy > version: allow building with ancient libpsl > vquic-tls: fix the error code returned for bad CA file > vtls: fix tls proxy peer verification > vtls: revert "receive max buffer" + add test case > VULN-DISCLOSURE-POLICY.md: update detail about CVE requests > websocket: fix curl_ws_recv() > wolfSSL: do not call the stub function wolfSSL_BIO_set_init() > write-out.md: clarify error handling details > 8.6.0 > Changes: > add CURLE_TOO_LARGE > add CURLINFO_QUEUE_TIME_T > add CURLOPT_SERVER_RESPONSE_TIMEOUT_MS: add > asyn-thread: use GetAddrInfoExW on >= Windows 8 > configure: make libpsl detection failure cause error > docs/cmdline: change to .md for cmdline docs > docs: introduce "curldown" for libcurl man page format > runtests: support -gl. Like -g but for lldb. > Bugfixes: > altsvc: free 'as' when returning error > appveyor: replace PowerShell with bash + parallel autotools > appveyor: switch to out-of-tree builds > asyn-ares: with modern c-ares, use its default timeout > build: delete unused `HAVE_{GSSHEIMDAL,GSSMIT,HEIMDAL}` > build: delete/replace clang warning pragmas > build: enable missing OpenSSF-recommended warnings, with fixes > build: fix `-Wconversion`/`-Wsign-conversion` warnings > build: fix Windows ADDRESS_FAMILY detection > build: more `-Wformat` fixes > build: remove redundant `CURL_PULL_*` settings > cf-h1-proxy: no CURLOPT_USERAGENT in CONNECT with hyper > cf-socket: show errno in tcpkeepalive error messages > CI/distcheck: run full tests > cmake: add option to disable building docs > cmake: fix generation for system name iOS > cmake: fix typo > cmake: freshen up docs/INSTALL.cmake > cmake: prefill/cache `HAVE_STRUCT_SOCKADDR_STORAGE` > cmake: rework options to enable curl and libcurl docs > cmake: when USE_MANUAL=YES, build the curl.1 man page > cmdline-opts/write-out.d: remove spurious double quotes > cmdline-opts: update availability for the *-ca-native options > cmdline/gen: fix the sorting of the man page options > configure: add libngtcp2_crypto_boringssl detection > configure: fix no default int compile error in ipv6 detection > configure: when enabling QUIC, check that TLS supports QUIC > connect: remove margin from eyeballer alloc > content_encoding: change return code to typedef'ed enum > cookie.d: document use of empty string to enable cookie engine > cookie: avoid fopen with empty file name > curl.h: CURLOPT_DNS_SERVERS is only available with c-ares > curl: show ipfs and ipns as supported "protocols" > curl_easy_getinfo.3: remove the wrong time value count > curl_multi_fdset.3: remove mention of null pointer support > CURLINFO_REFERER.3: clarify that it is the *request* header > CURLOPT_AUTOREFERER.3: mention CURLINFO_REFERER > CURLOPT_POSTFIELDS.3: fix incorrect C string escape in example > CURLOPT_SSH_*_KEYFILE: clarify > dist: add tests/errorcodes.pl to the tarball > docs: clean up Protocols: for cmdline options > docs: describe and highlight super cookies > docs: do not start lines/sentences with So, But nor And > docs: install curl.1 with cmake > docs: mention env vars not used by schannel > doh: remove unused local variable > examples: add four new examples > file+ftp: use stack buffers instead of data->state.buffer > ftp: handle the PORT parsing without allocation > ftp: use dynbuf to store entrypath > ftp: use memdup0 to store the OS from a SYST 215 response > ftpserver.pl: send 213 SIZE response without spurious newline > gen.pl: support ## for doing .IP in table-like lists > gen: do italics/bold for a range of letters, not just single word > GHA: add a job scanning for "bad words" in markdown > GHA: bump ngtcp2, gnutls, mod_h2, quiche > gnutls: fix build with --disable-verbose > haproxy-clientip.d: document the arg > headers: make sure the trailing newline is not stored > headers: remove assert from Curl_headers_push > hostip: return error immediately when Curl_ip2addr() fails > hsts: remove assert for zero length domain > http2: improved on_stream_close/data_done handling > http3/quiche: fix result code on a stream reset > http3: initial support for OpenSSL 3.2 QUIC stack > http: adjust_pollset fix > http: check for "Host:" case insensitively > http: fix off-by-one error in request method length check > http: only act on 101 responses when they are HTTP/1.1 > http: remove comment reference to a removed solution > http: use stack scratch buffer > http_proxy: a blank CURLOPT_USERAGENT should not be used in CONNECT > krb5: add prototype to silence clang warnings on mvsnprintf() > lib: add debug log outputs for CURLE_BAD_FUNCTION_ARGUMENT > lib: error out on multissl + http3 > lib: fix variable undeclared error caused by `infof` changes > lib: reduce use of strncpy > lib: rename Curl_strndup to Curl_memdup0 to avoid misunderstanding > lib: replace readwrite with write_resp > lib: strndup/memdup instead of malloc, memcpy and null-terminate > libssh2: use `libssh2_session_callback_set2()` with v1.11.1 > libssh: improve the deprecation warning dismissal > libssh: supress warnings without version check > Makefile.am: fix the MSVC project generation > Makefile.mk: drop Windows support > mbedtls: fix `-Wnull-dereference` and `-Wredundant-decls` > mbedtls: free the entropy when threaded > mime: use memdup0 instead of malloc + memcpy > mksymbolsmanpage.pl: provide references to where the symbol is used > mprintf: overhaul and bugfixes > mqtt: use stack scratch buffer for recv+publish > multi: remove total timer reset in file_do() while fetching file:// > ngtcp2: put h3 at the front of alpn > ntlm_wb: do not use data->state.buffer any longer > openldap: fix an LDAP crash > openldap: fix STARTTLS > openssl: re-match LibreSSL deinit with init > openssl: when verifystatus fails, remove session id from cache > OS400: sync ILE/RPG binding > pingpong: stop using the download buffer > pop3: replace calloc + memcpy with memdup0 > pytest: scorecard tracking CPU and RSS > quiche: return CURLE_HTTP3 on send to invalid stream > readwrite_data: loop less > Revert "urldata: move async resolver state from easy handle to connectdata" > rtsp: deal with borked server responses > runtests: for mode="text" on <stdout>, fix newlines on both parts > sasl: make login option string override http auth > schannel: fix `-Warith-conversion` gcc 13 warning > sectransp: do verify_cert without memdup for blobs > sectransp_ make TLSCipherNameForNumber() available in non-verbose config > sendf: fix compiler warning with CURL_DISABLE_HEADERS_API > setopt: clear mimepost when formp is freed > setopt: use memdup0 when cloning COPYPOSTFIELDS > socks: fix generic output string to say SOCKS instead of SOCKS4 > socks: use own buffer instead of data->state.buffer > ssh: fix namespace of two local macros > ssh: use stack scratch buffer for seeks > strerror: repair get_winsock_error() > system.h: sync mingw `CURL_TYPEOF_CURL_SOCKLEN_T` with other compilers > system_win32: fix a function pointer assignment warning > telnet: use dynbuf instad of malloc for escape buffer > telnet: use stack scratch buffer for do > tests/server: delete workaround for old-mingw > tests: avoid int/size_t conversion size/sign warnings > tests: respect $TMPDIR when creating unix domain sockets > tool: make parser reject blank arguments if not supported > tool: prepend output_dir in header callback > tool_getparam: bsearch cmdline options > tool_getparam: do not try to expand without an argument > tool_getparam: stop supporting `@filename` style for --cookie > tool_listhelp: regenerate after recent .d updates > tool_operate: make --remove-on-error only remove "real" files > tool_operate: stop setting the file comment on Amiga > transfer: adjust_pollset improvements > transfer: fix upload rate limiting, add test cases > transfer: make the select_bits_paused condition check both directions > transfer: remove warning: Value stored to 'blen' is never read > url: don't set default CA paths for Secure Transport backend > url: for disabled protocols, mention if found in redirect > urlapi: remove assert > verify-examples.pl: fail verification on unescaped backslash > version: show only the libpsl version, not its dependencies > vquic: extract TLS setup into own source > vtls: fix missing multissl version info > vtls: receive max buffer > vtls: remove the Curl_cft_ssl_proxy object if CURL_DISABLE_PROXY > websockets: check for negative payload lengths > websockets: refactor decode chain > windows: delete redundant headers > windows: simplify detecting and using system headers > wolfssl: load certificate *chain* for PEM client certs > x509asn1: remove code for WANT_VERIFYHOST > x509asn1: switch from malloc to dynbuf > 8.5.0 > Changes: > gnutls: support CURLSSLOPT_NATIVE_CA > HTTP3: ngtcp2 builds are no longer experimental > Bugfixes: > > appveyor: make VS2008-built curl tool runnable > asyn-thread: use pipe instead of socketpair for IPC when available > autotools: accept linker flags via `CURL_LDFLAGS_{LIB,BIN}` > autotools: avoid passing `LDFLAGS` twice to libcurl > autotools: delete LCC compiler support bits > autotools: fix/improve gcc and Apple clang version detection > autotools: stop setting `-std=gnu89` with `--enable-warnings` > autotools: update references to deleted `crypt-auth` option > BINDINGS: add V binding > build: add `src/.checksrc` to source tarball > build: add more picky warnings and fix them > build: always revert `#pragma GCC diagnostic` after use > build: delete `HAVE_STDINT_H` and `HAVE_INTTYPES_H` > build: delete support bits for obsolete Windows compilers > build: fix 'threadsafe' feature detection for older gcc > build: fix builds that disable protocols but not digest auth > build: fix compiler warning with auths disabled > build: fix libssh2 + `CURL_DISABLE_DIGEST_AUTH` + `CURL_DISABLE_AWS` > build: picky warning updates > build: require Windows XP or newer > cfilter: provide call to tell connection to forget a socket > CI: add autotools, out-of-tree, debug build to distro check job > CI: ignore test 286 on Appveyor gcc 9 build > cmake: add `CURL_DISABLE_BINDLOCAL` option > cmake: add test for `DISABLE` options, add `CURL_DISABLE_HEADERS_API` > cmake: dedupe Windows system libs > cmake: fix `HAVE_H_ERRNO_ASSIGNABLE` detection > cmake: fix CURL_DISABLE_GETOPTIONS > cmake: fix multiple include of CURL package > cmake: fix OpenSSL quic detection in quiche builds > cmake: option to disable install & drop `curlu` target when unused > cmake: pre-fill rest of detection values for Windows > cmake: replace `check_library_exists_concat()` > cmake: speed up threads setup for Windows > cmake: speed up zstd detection > config-win32: set `HAVE_SNPRINTF` for mingw-w64 > configure: better --disable-http > configure: check for the fseeko declaration too > conncache: use the closure handle when disconnecting surplus connections > content_encoding: make Curl_all_content_encodings allocless > cookie: lowercase the domain names before PSL checks > curl.h: delete Symbian OS references > curl.h: on FreeBSD include sys/param.h instead of osreldate.h > curl.rc: switch out the copyright symbol for plain ASCII > curl: improved IPFS and IPNS URL support > curl_easy_duphandle.3: clarify how HSTS and alt-svc are duped > Curl_http_body: cleanup properly when Curl_getformdata errors > curl_setup: disallow Windows IPv6 builds missing getaddrinfo > curl_sspi: support more revocation error names in error messages > CURLINFO_PRETRANSFER_TIME_T.3: fix time explanation > CURLMOPT_MAX_CONCURRENT_STREAMS: make sure the set value is within range > CURLOPT_CAINFO_BLOB.3: explain what CURL_BLOB_COPY does > CURLOPT_WRITEFUNCTION.3: clarify libcurl returns for CURL_WRITEFUNC_ERROR > CURPOST_POSTFIELDS.3: add CURLOPT_COPYPOSTFIELDS in SEE ALSO > docs/example/keepalive.c: show TCP keep-alive options > docs/example/localport.c: show off CURLOPT_LOCALPORT > docs/examples/interface.c: show CURLOPT_INTERFACE use > docs/libcurl: fix three minor man page format mistakes > docs/libcurl: SYNSOPSIS cleanup > docs: add supported version for the json write-out > docs: clarify that curl passes on input unfiltered > docs: fix function typo in curl_easy_option_next.3 > docs: KNOWN_BUGS cleanup > docs: preserve the modification date when copying the prebuilt man page > docs: remove bold from some man page SYNOPSIS sections > docs: use SOURCE_DATE_EPOCH for generated manpages > doh: provide better return code for responses w/o addresses > doh: use PIPEWAIT when HTTP/2 is attempted > duphandle: also free 'outcurl->cookies' in error path > duphandle: make dupset() not return with pointers to old alloced data > duphandle: use strdup to clone *COPYPOSTFIELDS if size is not set > easy: in duphandle, init the cookies for the new handle > easy: remove duplicate wolfSSH init call > easy_lock: add a pthread_mutex_t fallback > fopen: create new file using old file's mode > fopen: create short(er) temporary file name > getenv: PlayStation doesn't have getenv() > GHA: move mod_h2 version in CI to v2.0.25 > hostip: show the list of IPs when resolving is done > hostip: silence compiler warning `-Wparentheses-equality` > hsts: skip single-dot hostname > HTTP/2, HTTP/3: handle detach of onoing transfers > http2: header conversion tightening > http2: provide an error callback and failf the message > http2: safer invocation of populate_binsettings > http: allow longer HTTP/2 request method names > http: avoid Expect: 100-continue if Upgrade: is used > http: consider resume with CURLOPT_FAILONERRROR and 416 to be fine > http: fix `-Wunused-parameter` with no auth and no proxy > http: fix `-Wunused-variable` compiler warning > http: fix empty-body warning > http_aws_sigv4: canonicalise valueless query params > hyper: temporarily remove HTTP/2 support > INSTALL: update list of ports and CPU archs > IPFS: fix IPFS_PATH and file parsing > keylog: disable if unused > lib: add and use Curl_strndup() > lib: apache style infof and trace macros/functions > lib: fix gcc warning in printf call > libcurl-errors.3: sync with current public headers > libcurl-thread.3: simplify the TLS section > Makefile.am: drop vc10, vc11 and vc12 projects from dist > Makefile.mk: fix `-rtmp` option for non-Windows > mime: store "form escape" as a single bit > misc: fix -Walloc-size warnings > msh3: error when built with CURL_DISABLE_SOCKETPAIR set > multi: during ratelimit multi_getsock should return no sockets > multi: use pipe instead of socketpair to *wakeup() > ngtcp2: fix races in stream handling > ntlm_wb: use pipe instead of socketpair when possible > openldap: move the alloc of ldapconninfo to *connect() > openldap: set the callback argument in oldap_do > openssl: avoid BN_num_bits() NULL pointer derefs > openssl: fix building with v3 `no-deprecated` + add CI test > openssl: fix infof() to avoid compiler warning for %s with null > openssl: identify the "quictls" backend correctly > openssl: include SIG and KEM algorithms in verbose > openssl: make CURLSSLOPT_NATIVE_CA import Windows intermediate CAs > openssl: two multi pointer checks should probably rather be asserts > openssl: when a session-ID is reused, skip OCSP stapling > page-footer: clarify exit code 25 > projects: add VC14.20 project files > pytest: use lower count in repeat tests > quic: make eyeballers connect retries stop at weird replies > quic: manage connection idle timeouts > quiche: use quiche_conn_peer_transport_params() > rand: fix build error with autotools + LibreSSL > resolve.d: drop a multi use-sentence > RTSP: improved RTP parser > sasl: fix `-Wunused-function` compiler warning > schannel: add CA cache support for files and memory blobs > setopt: check CURLOPT_TFTP_BLKSIZE range on set > setopt: remove outdated cookie comment > setopt: remove superfluous use of ternary expressions > socks: better buffer size checks for socks4a user and hostname > socks: make SOCKS5 use the CURLOPT_IPRESOLVE choice > symbols-in-versions: the CLOSEPOLICY options are deprecated > test1683: remove commented-out check alternatives > test3103: add missing quotes around a test tag attribute > test613: stop showing an error on missing output file > tests/README: SOCKS tests are not using OpenSSH, it has its own server > tests/server: add more SOCKS5 handshake error checking > tests: Fix Windows test helper tool search & use it for handle64 > tidy-up: casing typos, delete unused Windows version aliases > tool: fix --capath when proxy support is disabled > tool: support bold headers in Windows > tool_cb_hdr: add an additional parsing check > tool_cb_prg: make the carriage return fit for wide progress bars > tool_cb_wrt: fix write output for very old Windows versions > tool_getparam: limit --rate to be smaller than number of ms > tool_operate: do not mix memory models > tool_operate: fix links in ipfs errors > tool_parsecfg: make warning output propose double-quoting > tool_urlglob: fix build for old gcc versions > tool_urlglob: make multiply() bail out on negative values > tool_writeout_json: fix JSON encoding of non-ascii bytes > transfer: abort pause send when connection is marked for closing > transfer: avoid calling the read callback again after EOF > transfer: only reset the FTP wildcard engine in CLEAR state > url: don't touch the multi handle when closing internal handles > url: find scheme with a "perfect hash" > url: fix `-Wzero-length-array` with no protocols > url: fix builds with `CURL_DISABLE_HTTP` > url: protocol handler lookup tidy-up > url: proxy ssl connection reuse fix > urlapi: avoid null deref if setting blank host to url encode > urlapi: skip appending NULL pointer query > urlapi: when URL encoding the fragment, pass in the right length > urldata: make maxconnects a 32 bit value > urldata: move async resolver state from easy handle to connectdata > urldata: move cookielist from UserDefined to UrlState > urldata: move hstslist from 'set' to 'state' > urldata: move the 'internal' boolean to the state struct > vssh: remove the #ifdef for Curl_ssh_init, use empty macro > vtls: cleanup SSL config management > vtls: consistently use typedef names for OpenSSL structs > vtls: late clone of connection ssl config > vtls: use ALPN "http/1.1" for HTTP/1.x, including HTTP/1.0 > VULN-DISCLOSURE-POLICY: escape sequences are not a security flaw > windows: use built-in `_WIN32` macro to detect Windows > wolfssh: remove redundant static prototypes > wolfssl: add default case for wolfssl_connect_step1 switch > wolfssl: require WOLFSSL_SYS_CA_CERTS for loading system CA > 8.4.0 > Changes: > curl: add support for the IPFS protocols via HTTP gateway > curl_multi_get_handles: get easy handles from a multi handle > mingw: delete support for legacy mingw.org toolchain > Bugfixes: > acinclude.m4: Document proper system truststore on FreeBSD > appveyor: fix yamlint issues, indent > appveyor: rewrite batch in PowerShell + CI improvements > autotools: adjust `CURL_CA_PATH` value to CMake > autotools: restore `HAVE_IOCTL_*` detections > base64: also build for curl > bufq: remove Curl_bufq_skip_and_shift (unused) > build: delete checks for C89 standard headers > build: do not publish `HAVE_BORINGSSL`, `HAVE_AWSLC` macros > cf-socket: simulate slow/blocked receives in debug > cmake, configure: also link with CoreServices > cmake: add check for suseconds_t > cmake: add feature checks for `memrchr` and `getifaddrs` > cmake: add missing checks > cmake: delete old `HAVE_LDAP_URL_PARSE` logic > cmake: detect `HAVE_CLOCK_GETTIME_MONOTONIC_RAW` > cmake: detect `HAVE_GETADDRINFO_THREADSAFE` > cmake: detect `sys/wait.h` and `netinet/udp.h` > cmake: detect TLS-SRP in OpenSSL/wolfSSL/GnuTLS > cmake: disable unity mode with Windows Unicode + TrackMemory > cmake: fix `HAVE_LDAP_SSL`, `HAVE_LDAP_URL_PARSE` on non-Windows > cmake: fix `HAVE_WRITABLE_ARGV` detection > cmake: fix duplicate symbols when linking tests > cmake: fix missing `zlib.h` when compiling `libcurltool` > cmake: fix stderr initialization in unity builds > cmake: fix the help text to the static build option in CMakeLists.txt > cmake: fix unity builds for more build combinations > cmake: fix unity symbol collisions in h2 builds > cmake: fix unity with Windows Unicode + TrackMemory > cmake: improve OpenLDAP builds > cmake: lib `CURL_STATICLIB` fixes (Windows) > cmake: move global headers to specific checks > cmake: pre-cache `HAVE_BASENAME` for mingw-w64 and MSVC > cmake: pre-cache `HAVE_POLL_FINE` on Windows > cmake: tidy-up `NOT_NEED_LBER_H` detection > cmake: validate `CURL_DEFAULT_SSL_BACKEND` config value > configure: check for the capath by default > configure: remove unused checks > configure: replace adhoc domain with `localhost` in tests > configure: sort AC_CHECK_FUNCS > connect: expire the timeout when trying next > connect: only start the happy eyeballs timer when needed > cookie: do not store the expire or max-age strings > cookie: remove unnecessary struct fields > cookie: set ->running in cookie_init even if data is NULL > create-dirs.d: clarify it also uses --output-dirs > curl.h: mark CURLSSLBACKEND_NSS as deprecated since 8.3.0 > curl_easy_pause.3: mention h2/h3 buffering > curl_easy_pause.3: mention it works within callbacks > curl_easy_pause: set "in callback" true on exit if true > CURLOPT_DEBUGFUNCTION.3: warn about internal handles > docs/libcurl/opts/Makefile.inc: add missing manpage files > docs: adapt SEE ALSO sections to new requirements > docs: explain how PINNEDPUBLICKEY is independent of VERIFYPEER > docs: replace made up domains with example.com > docs: update curl man page references > docs: use CURLSSLBACKEND_NONE > doh: inherit DEBUGFUNCTION/DATA > escape: replace Curl_isunreserved with ISUNRESERVED > FAQ: How do I upgrade curl.exe in Windows? > GHA/linux: run singleuse to detect single-use global functions > GHA: add workflow to compare configure vs cmake outputs > h2-proxy: remove left-over mistake in drain_tunnel() > h2: testcase and fix for pausing h2 streams > h3: add support for ngtcp2 with AWS-LC builds > http2: refused stream handling for retry > http: fix CURL_DISABLE_BEARER_AUTH breakage > http: h1/h2 proxy unification > http: remove wrong comment for http_should_fail > http: use per-request counter to check too large headers > http_aws_sigv4: fix sorting with empty parts > idn: fix WinIDN null ptr deref on bad host > idn: if idn2_check_version returns NULL, return error > inet_ntop: add typecast to silence Coverity > lib: disambiguate Curl_client_write flag semantics > lib: enable hmac for digest as well > lib: failf/infof compiler warnings > lib: let the max filesize option stop too big transfers too > lib: move handling of `data->req.writer_stack` into Curl_client_write() > lib: provide and use Curl_hexencode > lib: remove TIME_WITH_SYS_TIME > lib: use wrapper for curl_mime_data fseek callback > libssh2: fix error message on failed pubkey-from-file > libssh: cap SFTP packet size sent > Makefile.mk: always set `CURL_STATICLIB` for lib (Windows) > MANUAL.md: change domain to example.com > misc: better random strings > MQTT: improve receive of ACKs > multi: do CURLM_CALL_MULTI_PERFORM at two more places > multi: fix small timeouts > multi: remove Curl_multi_dump > multi: round the timeout up to prevent early wakeups > multi: set CURLM_CALL_MULTI_PERFORM after switch to DOING_MORE > openssl: improve ssl shutdown handling > openssl: use X509_ALGOR_get0 instead of reaching into X509_ALGOR > pytest: exclude test_03_goaway in CI runs due to timing dependency > quic: set ciphers/curves the same way regular TLS does > quiche: fix build error with --with-ca-fallback > RELEASE-PROCEDURE.md: updated coming release dates > runtests: display the test status if tests appear hung > runtests: eliminate a warning on old perl versions > socks: return error if hostname too long for remote resolve > src/mkhelp: make generated code pass `checksrc` > test1056: disable on Windows > test1474: disable test on NetBSD, OpenBSD and Solaris 10 > test1592: greatly increase the maximum test timeout > test1903: actually verify the cookies after the test > test1906: set a lower timeout since it's hit on Windows > test2600: remove special case handling for USE_ALARM_TIMEOUT > test650: fix an end tag typo > test661: return from test early in case of curl error > test: add missing <feature>s > tests: close the shell used to start sshd > tests: fix a race condition in ftp server disconnect > tests: fix compiler warnings > tests: Fix zombie processes left behind by FTP tests. > tests: improve SLOWDOWN test reliability by reducing sent data > tests: increase lib571 timeout from 3s to 30s > tests: log the test result code after each libtest > tests: propagate errors in libtests > tests: set --expect100-timeout to improve test reliability > tests: show which curl tool `runtests.pl` is using > tests: stop overriding the lock timeout > tftpd: always use curl's own tftp.h > tool: use our own stderr variable > tool_cb_wrt: fix debug assertion > tool_getparam: accept variable expansion on file names too > tool_setopt: remove unused function tool_setopt_flags > upload-file.d: describe the file name slash/backslash handling > url: fall back to http/https proxy env-variable if ws/wss not set > url: fix netrc info message > warnless: remove unused functions > wolfssh: do cleanup in Curl_ssh_cleanup > wolfssl: allow capath with CURLOPT_CAINFO_BLOB > wolfssl: if CURLOPT_CAINFO_BLOB is set, ignore the CA files > wolfssl: ignore errors in CA path > 8.3.0 > Changes: > curl: make %output{} in -w specify a file to write to > gskit: remove > lib: --disable-bindlocal builds curl without local binding support > nss: remove support for this TLS library > tool: add "variable" support > trace: make tracing available in non-debug builds > url: change default value for CURLOPT_MAXREDIRS to 30 > urlapi: CURLU_PUNY2IDN - convert from punycode to IDN name > wolfssl: support loading system CA certificates > Bugfixes: > altsvc: accept and parse IPv6 addresses in response headers > asyn-ares: reduce timeout to 2000ms > aws-sigv4: canonicalize the query > aws-sigv4: fix having date header twice in some cases > aws-sigv4: handle no-value user header entries > bearssl: don't load CA certs when peer verification is disabled > bearssl: handshake fix, provide proper get_select_socks() implementation > build: fix portability of mancheck and checksrc targets > build: streamline non-UWP wincrypt detections > c-hyper: adjust the hyper to curlcode conversion > c-hyper: fix memory leaks in `Curl_http` > cf-haproxy: make CURLOPT_HAPROXY_CLIENT_IP set the *source* IP > cf-socket: log successful interface bind > CI/cirrus: disable python install on FreeBSD > CI: add a 32-bit i686 Linux build > CI: add caching to many jobs > CI: move on to ngtcp2 v0.19.1 > CI: move the Alpine build from Cirrus to GHA > CI: ngtcp2-linux: use separate caches for tls libraries > CI: remove Windows builds from Cirrus, without replacement > CI: switch macOS ARM build from Cirrus to Circle CI > CI: use master again for wolfssl > cirrus: install everthing with pkg, avoid pip > cmake: add GnuTLS option > cmake: add support for `CURL_DEFAULT_SSL_BACKEND` > cmake: add support for single libcurl compilation pass > cmake: allow `SHARE_LIB_OBJECT=ON` on all platforms > cmake: assume `wldap32` availability on Windows > cmake: cache more config and delete unused ones > cmake: detect `SSL_set0_wbio` in OpenSSL > cmake: drop `HAVE_LIBWINMM` and `HAVE_LIBWS2_32` feature checks > cmake: fix to use variable for the curl namespace > cmake: fixup H2 duplicate symbols for unity builds > cmake: set SIZEOF_LONG_LONG in curl_config.h > cmake: support building static and shared libcurl in one go > cmdline-docs: make sure to phrase it as "added in ...." > cmdline-docs: use present tense, not future > cmdline-opts/docs: mention the negative option part > cmdline-opts/page-header: clarify stronger that !opt == URL > cmdline-opts/page-header: reorder, clean up > configure, cmake, lib: more form api deprecation > configure: fix `HAVE_TIME_T_UNSIGNED` check > configure: trust pkg-config when it's used for zlib > configure: use the pkg-config --libs-only-l flag for libssh2 > connect: stop halving the remaining timeout when less than 600 ms left > cookie-jar.d: emphasize that this option is ONLY writing cookies > crypto: ensure crypto initialization works > curl_url_get/set.3: add missing semicolon in SYNOPSIS > CURLINFO_CERTINFO.3: better explain curl_certinfo struct > CURLINFO_TLS_SSL_PTR.3: clarify a recommendation > CURLOPT_*TIMEOUT*: extend and clarify > CURLOPT_SSL_VERIFYPEER.3: mention it does not load CA certs when disabled > CURLOPT_URL.3: add two URL API calls in the see-also section > CURLOPT_URL.3: explain curl_url_set() uses the same parser > digest: Use hostname to generate spn instead of realm > disable.d: explain --disable not implemented prior to 7.50.0 > docs/cmdline-opts/gen.pl: hide "added in" before 7.50.0 > docs/cmdline-opts: match the current output > docs/cmdline-opts: spellfixes, typos and polish > docs/cmdline: add small "warning" to verbose options > docs/cmdline: remove repeated working for negotiate + ntlm > docs/HYPER.md: document a workaround for a link error > docs: add curl_global_trace to some SEE ALSO sections > docs: link to the website versions instead of markdowns > docs: mark --ssl-revoke-best-effort as Schannel specific > docs: mention critical files in same directories as curl saves > docs: removing "pausing transfers" from HYPER.md. > docs: rewrite to present tense > easy: remove #ifdefs to make code easier on the eye > egd: delete feature detection and related source code > ftp: fix temp write of ipv6 address > gen.pl: escape all dashes (ascii minus) to avoid unicode hyphens > gen.pl: replace all single quotes with aq > GHA: adding quiche workflow > headers: accept leading whitespaces on first response header > http2: avoid too early connection re-use/multiplexing > http2: cleanup trace messages > http2: disable asssertion blocking OSSFuzz testing > http2: fix in h2 proxy tunnel: progress in ingress on sending > http2: polish things around POST > http2: upgrade tests and add fix for non-existing stream > http3/ngtcp2: shorten handshake, trace cleanup > http3: quiche, handshake optimization, trace cleanup > http: close the connection after a late 417 is received > http: do not require a user name when using CURLAUTH_NEGOTIATE > http: fix sending of large requests > http: remove the p_pragma struct field > http: return error when receiving too large header set > hyper: fix a progress upload counter bug > hyper: fix ownership problems > hyper: remove `hyptransfer->endtask` > imap: add a check for failing strdup() > imap: remove the only sscanf() call in the IMAP code > include.d: explain headers not printed with --fail before 7.75.0 > include/curl/mprintf.h: add __attribute__ for the prototypes > krb5: fix "implicit conversion loses integer precision" warnings > lib: add ability to disable auths individually > lib: build fixups when built with most things disabled > lib: fix a few *printf() flag mistakes > lib: fix null ptr derefs and uninitialized vars (h2/h3) > lib: move mimepost data from ->req.p.http to ->state > libtest: use curl_free() to free libcurl allocated data > list-only.d: mention SFTP as supported protocol > macOS: fix target detection more > misc: fix various typos > multi.h: the 'revents' field of curl_waitfd is supported > multi: more efficient pollfd count for poll > multi: remove 'processing: <url>' debug message > ngtcp2: fix handling of large requests > openssl: auto-detect `SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED` > openssl: clear error queue after SSL_shutdown > openssl: make aws-lc version support OCSP > openssl: Support async cert verify callback > openssl: switch to modern init for LibreSSL 2.7.0+ > openssl: use `SSL_CTX_set_ciphersuites` with LibreSSL 3.4.1 > openssl: use `SSL_CTX_set_keylog_callback` with LibreSSL 3.5.0 > openssl: when CURLOPT_SSL_CTX_FUNCTION is registered, init x509 store before > os400: build test servers > os400: do not check translatable options at build time > os400: implement CLI tool > page-footer: QLOGDIR works with ngtcp2 and quiche > page-header: move up a URL paragraph from GLOBBING to URL > pytest: fix check for slow_network skips to only apply when intended > quic: don't set SNI if hostname is an IP address > quiche: adjust quiche `QUIC_IDLE_TIMEOUT` to 60s > quiche: enable quiche to handle timeout events > resolve: use PF_INET6 family lookups when CURL_IPRESOLVE_V6 is set > revert "schannel: reverse the order of certinfo insertions" > schannel: fix ordering of cert chain info > schannel: fix user-set legacy algorithms in Windows 10 & 11 > schannel: verify hostname independent of verify cert > sectransp: fix compiler warnings > sectransp: prevent CFRelease() of NULL > secureserver.pl: fix stunnel path quoting > secureserver.pl: fix stunnel version parsing > SECURITY-PROCESS.md: not a sec issue: Tricking user to run a cmdline > system.h: add CURL_OFF_T definitions on HP-UX with HP aCC > test1304: build and skip without netrc support > test1554: check translatable string options in OS400 wrapper > test1608: make it build and get skipped without shuffle DNS support > test687/688: two more basic --xattr tests > tests/tftpd+mqttd: make variables static to silence picky warnings > tests: add 'large-time' as a testable feature > tests: add support for nested %if conditions > tests: don't call HTTP errors OK in test cases > tests: ensure `libcurl.def` contains all exports > tests: fix h3 server check and parallel instances > tests: TLS session sharing test > tests: update cookie expiry dates to far in the future > time-cond.d: mention what happens on a missing file > tool: avoid including leading spaces in the Location hyperlink > tool: change some fopen failures from warnings to errors > tool: make the length argument an int for printf()-.* flags > tool_cb_wrt: fix invalid unicode for windows console > tool_filetime: make -z work with file dates before 1970 > tool_operate: allow both SSL_CERT_FILE and SSL_CERT_DIR > tool_operate: make aws-sigv4 not require TLS to be used > tool_paramhlp: improve str2num(): avoid unnecessary call to strlen() > tool_urlglob: use the correct format specifier for curl_off_t in msnprintf > transfer: also stop the sending on closed connection > transfer: don't set TIMER_STARTTRANSFER on first send > unit2600: fix build warning if built without verbose messages > url: remove infof() output for "still name resolving" > urlapi: fix heap buffer overflow > urlapi: make sure zoneid is also duplicated in curl_url_dup > urlapi: return CURLUE_BAD_HOSTNAME if puny2idn encoding fails > urlapi: setting a blank URL ("") is not an ok URL > vquic: show stringified messages for errno > vtls: clarify "ALPN: offers" message > winbuild: improve check for static zlib > wolfSSL: avoid the OpenSSL compat API when not needed > workflows/macos.yml: disable zstd and alt-svc in the http-only build > write-out.d: clarify %{time_starttransfer} > ws: fix spelling mistakes in examples and tests > > Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> > --- > config/rootfiles/common/curl | 14 ++++++- > lfs/curl | 7 ++-- > ...15d8aee6c1045be932a34fe6107c2f5ed147.patch | 38 ------------------- > 3 files changed, 16 insertions(+), 43 deletions(-) > delete mode 100644 src/patches/curl-8.4.0-fb4415d8aee6c1045be932a34fe6107c2f5ed147.patch > > diff --git a/config/rootfiles/common/curl b/config/rootfiles/common/curl > index 4559aaaa8..362e047e2 100644 > --- a/config/rootfiles/common/curl > +++ b/config/rootfiles/common/curl > @@ -19,7 +19,6 @@ usr/lib/libcurl.so.4 > usr/lib/libcurl.so.4.8.0 > #usr/lib/pkgconfig/libcurl.pc > #usr/share/aclocal/libcurl.m4 > -#usr/share/man/man1/curl-config.1 > #usr/share/man/man1/curl.1 > #usr/share/man/man3/CURLINFO_ACTIVESOCKET.3 > #usr/share/man/man3/CURLINFO_APPCONNECT_TIME.3 > @@ -30,6 +29,7 @@ usr/lib/libcurl.so.4.8.0 > #usr/share/man/man3/CURLINFO_CONDITION_UNMET.3 > #usr/share/man/man3/CURLINFO_CONNECT_TIME.3 > #usr/share/man/man3/CURLINFO_CONNECT_TIME_T.3 > +#usr/share/man/man3/CURLINFO_CONN_ID.3 > #usr/share/man/man3/CURLINFO_CONTENT_LENGTH_DOWNLOAD.3 > #usr/share/man/man3/CURLINFO_CONTENT_LENGTH_DOWNLOAD_T.3 > #usr/share/man/man3/CURLINFO_CONTENT_LENGTH_UPLOAD.3 > @@ -61,6 +61,7 @@ usr/lib/libcurl.so.4.8.0 > #usr/share/man/man3/CURLINFO_PROXYAUTH_AVAIL.3 > #usr/share/man/man3/CURLINFO_PROXY_ERROR.3 > #usr/share/man/man3/CURLINFO_PROXY_SSL_VERIFYRESULT.3 > +#usr/share/man/man3/CURLINFO_QUEUE_TIME_T.3 > #usr/share/man/man3/CURLINFO_REDIRECT_COUNT.3 > #usr/share/man/man3/CURLINFO_REDIRECT_TIME.3 > #usr/share/man/man3/CURLINFO_REDIRECT_TIME_T.3 > @@ -90,6 +91,8 @@ usr/lib/libcurl.so.4.8.0 > #usr/share/man/man3/CURLINFO_TLS_SSL_PTR.3 > #usr/share/man/man3/CURLINFO_TOTAL_TIME.3 > #usr/share/man/man3/CURLINFO_TOTAL_TIME_T.3 > +#usr/share/man/man3/CURLINFO_USED_PROXY.3 > +#usr/share/man/man3/CURLINFO_XFER_ID.3 > #usr/share/man/man3/CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE.3 > #usr/share/man/man3/CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE.3 > #usr/share/man/man3/CURLMOPT_MAXCONNECTS.3 > @@ -159,6 +162,7 @@ usr/lib/libcurl.so.4.8.0 > #usr/share/man/man3/CURLOPT_DOH_SSL_VERIFYPEER.3 > #usr/share/man/man3/CURLOPT_DOH_SSL_VERIFYSTATUS.3 > #usr/share/man/man3/CURLOPT_DOH_URL.3 > +#usr/share/man/man3/CURLOPT_ECH.3 > #usr/share/man/man3/CURLOPT_EGDSOCKET.3 > #usr/share/man/man3/CURLOPT_ERRORBUFFER.3 > #usr/share/man/man3/CURLOPT_EXPECT_100_TIMEOUT_MS.3 > @@ -301,6 +305,7 @@ usr/lib/libcurl.so.4.8.0 > #usr/share/man/man3/CURLOPT_PROXY_TLSAUTH_USERNAME.3 > #usr/share/man/man3/CURLOPT_PROXY_TRANSFER_MODE.3 > #usr/share/man/man3/CURLOPT_PUT.3 > +#usr/share/man/man3/CURLOPT_QUICK_EXIT.3 > #usr/share/man/man3/CURLOPT_QUOTE.3 > #usr/share/man/man3/CURLOPT_RANDOM_FILE.3 > #usr/share/man/man3/CURLOPT_RANGE.3 > @@ -326,6 +331,7 @@ usr/lib/libcurl.so.4.8.0 > #usr/share/man/man3/CURLOPT_SEEKDATA.3 > #usr/share/man/man3/CURLOPT_SEEKFUNCTION.3 > #usr/share/man/man3/CURLOPT_SERVER_RESPONSE_TIMEOUT.3 > +#usr/share/man/man3/CURLOPT_SERVER_RESPONSE_TIMEOUT_MS.3 > #usr/share/man/man3/CURLOPT_SERVICE_NAME.3 > #usr/share/man/man3/CURLOPT_SHARE.3 > #usr/share/man/man3/CURLOPT_SOCKOPTDATA.3 > @@ -335,6 +341,8 @@ usr/lib/libcurl.so.4.8.0 > #usr/share/man/man3/CURLOPT_SOCKS5_GSSAPI_SERVICE.3 > #usr/share/man/man3/CURLOPT_SSH_AUTH_TYPES.3 > #usr/share/man/man3/CURLOPT_SSH_COMPRESSION.3 > +#usr/share/man/man3/CURLOPT_SSH_HOSTKEYDATA.3 > +#usr/share/man/man3/CURLOPT_SSH_HOSTKEYFUNCTION.3 > #usr/share/man/man3/CURLOPT_SSH_HOST_PUBLIC_KEY_MD5.3 > #usr/share/man/man3/CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256.3 > #usr/share/man/man3/CURLOPT_SSH_KEYDATA.3 > @@ -442,6 +450,7 @@ usr/lib/libcurl.so.4.8.0 > #usr/share/man/man3/curl_global_init.3 > #usr/share/man/man3/curl_global_init_mem.3 > #usr/share/man/man3/curl_global_sslset.3 > +#usr/share/man/man3/curl_global_trace.3 > #usr/share/man/man3/curl_mime_addpart.3 > #usr/share/man/man3/curl_mime_data.3 > #usr/share/man/man3/curl_mime_data_cb.3 > @@ -459,6 +468,7 @@ usr/lib/libcurl.so.4.8.0 > #usr/share/man/man3/curl_multi_assign.3 > #usr/share/man/man3/curl_multi_cleanup.3 > #usr/share/man/man3/curl_multi_fdset.3 > +#usr/share/man/man3/curl_multi_get_handles.3 > #usr/share/man/man3/curl_multi_info_read.3 > #usr/share/man/man3/curl_multi_init.3 > #usr/share/man/man3/curl_multi_perform.3 > @@ -471,6 +481,7 @@ usr/lib/libcurl.so.4.8.0 > #usr/share/man/man3/curl_multi_strerror.3 > #usr/share/man/man3/curl_multi_timeout.3 > #usr/share/man/man3/curl_multi_wait.3 > +#usr/share/man/man3/curl_multi_waitfds.3 > #usr/share/man/man3/curl_multi_wakeup.3 > #usr/share/man/man3/curl_pushheader_byname.3 > #usr/share/man/man3/curl_pushheader_bynum.3 > @@ -495,6 +506,7 @@ usr/lib/libcurl.so.4.8.0 > #usr/share/man/man3/curl_ws_recv.3 > #usr/share/man/man3/curl_ws_send.3 > #usr/share/man/man3/libcurl-easy.3 > +#usr/share/man/man3/libcurl-env-dbg.3 > #usr/share/man/man3/libcurl-env.3 > #usr/share/man/man3/libcurl-errors.3 > #usr/share/man/man3/libcurl-multi.3 > diff --git a/lfs/curl b/lfs/curl > index a4fa21b1c..edb9a8201 100644 > --- a/lfs/curl > +++ b/lfs/curl > @@ -1,7 +1,7 @@ > ############################################################################### > # # > # IPFire.org - A linux based firewall # > -# Copyright (C) 2007-2023 IPFire Team <info@ipfire.org> # > +# Copyright (C) 2007-2024 IPFire Team <info@ipfire.org> # > # # > # This program is free software: you can redistribute it and/or modify # > # it under the terms of the GNU General Public License as published by # > @@ -24,7 +24,7 @@ > > include Config > > -VER = 8.2.1 > +VER = 8.8.0 > > THISAPP = curl-$(VER) > DL_FILE = $(THISAPP).tar.xz > @@ -40,7 +40,7 @@ objects = $(DL_FILE) > > $(DL_FILE) = $(DL_FROM)/$(DL_FILE) > > -$(DL_FILE)_BLAKE2 = 77c0b067935397afb3961378f2fe349fa988c6379c1ab7437c5d5f967710b2e9ba7aec91df8fe58a8b26c00c0164d4db9bd095ca27d1bf52b768c8d83cc0ecaf > +$(DL_FILE)_BLAKE2 = c14903bad4cbd1752a5335afa6bcc78be1a484692fce0e0a6c2061963e0e6b4e56defb8332cef32d0dbddb481ad0443b71faf3a52a6e9d945c89ecbce373d2a3 > > install : $(TARGET) > > @@ -70,7 +70,6 @@ $(subst %,%_BLAKE2,$(objects)) : > $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) > @$(PREBUILD) > @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar xf $(DIR_DL)/$(DL_FILE) > - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/curl-8.4.0-fb4415d8aee6c1045be932a34fe6107c2f5ed147.patch > cd $(DIR_APP) && ./configure \ > --prefix=/usr \ > --disable-ipv6 \ > diff --git a/src/patches/curl-8.4.0-fb4415d8aee6c1045be932a34fe6107c2f5ed147.patch b/src/patches/curl-8.4.0-fb4415d8aee6c1045be932a34fe6107c2f5ed147.patch > deleted file mode 100644 > index 0de35055f..000000000 > --- a/src/patches/curl-8.4.0-fb4415d8aee6c1045be932a34fe6107c2f5ed147.patch > +++ /dev/null > @@ -1,38 +0,0 @@ > -From fb4415d8aee6c1045be932a34fe6107c2f5ed147 Mon Sep 17 00:00:00 2001 > -From: Jay Satiro <raysatiro@yahoo.com> > -Date: Wed, 11 Oct 2023 07:34:19 +0200 > -Subject: [PATCH] socks: return error if hostname too long for remote resolve > - > -Prior to this change the state machine attempted to change the remote > -resolve to a local resolve if the hostname was longer than 255 > -characters. Unfortunately that did not work as intended and caused a > -security issue. > - > -Bug: https://curl.se/docs/CVE-2023-38545.html > - > -diff --git a/lib/socks.c b/lib/socks.c > -index c492d663c4738..a7b5ab07e47d0 100644 > ---- a/lib/socks.c > -+++ b/lib/socks.c > -@@ -587,9 +587,9 @@ static CURLproxycode do_SOCKS5(struct Curl_cfilter *cf, > - > - /* RFC1928 chapter 5 specifies max 255 chars for domain name in packet */ > - if(!socks5_resolve_local && hostname_len > 255) { > -- infof(data, "SOCKS5: server resolving disabled for hostnames of " > -- "length > 255 [actual len=%zu]", hostname_len); > -- socks5_resolve_local = TRUE; > -+ failf(data, "SOCKS5: the destination hostname is too long to be " > -+ "resolved remotely by the proxy."); > -+ return CURLPX_LONG_HOSTNAME; > - } > - > - if(auth & ~(CURLAUTH_BASIC | CURLAUTH_GSSAPI)) > -@@ -903,7 +903,7 @@ static CURLproxycode do_SOCKS5(struct Curl_cfilter *cf, > - } > - else { > - socksreq[len++] = 3; > -- socksreq[len++] = (char) hostname_len; /* one byte address length */ > -+ socksreq[len++] = (unsigned char) hostname_len; /* one byte length */ > - memcpy(&socksreq[len], sx->hostname, hostname_len); /* w/o NULL */ > - len += hostname_len; > - } > -- > 2.45.2 >
diff --git a/config/rootfiles/common/curl b/config/rootfiles/common/curl index 4559aaaa8..362e047e2 100644 --- a/config/rootfiles/common/curl +++ b/config/rootfiles/common/curl @@ -19,7 +19,6 @@ usr/lib/libcurl.so.4 usr/lib/libcurl.so.4.8.0 #usr/lib/pkgconfig/libcurl.pc #usr/share/aclocal/libcurl.m4 -#usr/share/man/man1/curl-config.1 #usr/share/man/man1/curl.1 #usr/share/man/man3/CURLINFO_ACTIVESOCKET.3 #usr/share/man/man3/CURLINFO_APPCONNECT_TIME.3 @@ -30,6 +29,7 @@ usr/lib/libcurl.so.4.8.0 #usr/share/man/man3/CURLINFO_CONDITION_UNMET.3 #usr/share/man/man3/CURLINFO_CONNECT_TIME.3 #usr/share/man/man3/CURLINFO_CONNECT_TIME_T.3 +#usr/share/man/man3/CURLINFO_CONN_ID.3 #usr/share/man/man3/CURLINFO_CONTENT_LENGTH_DOWNLOAD.3 #usr/share/man/man3/CURLINFO_CONTENT_LENGTH_DOWNLOAD_T.3 #usr/share/man/man3/CURLINFO_CONTENT_LENGTH_UPLOAD.3 @@ -61,6 +61,7 @@ usr/lib/libcurl.so.4.8.0 #usr/share/man/man3/CURLINFO_PROXYAUTH_AVAIL.3 #usr/share/man/man3/CURLINFO_PROXY_ERROR.3 #usr/share/man/man3/CURLINFO_PROXY_SSL_VERIFYRESULT.3 +#usr/share/man/man3/CURLINFO_QUEUE_TIME_T.3 #usr/share/man/man3/CURLINFO_REDIRECT_COUNT.3 #usr/share/man/man3/CURLINFO_REDIRECT_TIME.3 #usr/share/man/man3/CURLINFO_REDIRECT_TIME_T.3 @@ -90,6 +91,8 @@ usr/lib/libcurl.so.4.8.0 #usr/share/man/man3/CURLINFO_TLS_SSL_PTR.3 #usr/share/man/man3/CURLINFO_TOTAL_TIME.3 #usr/share/man/man3/CURLINFO_TOTAL_TIME_T.3 +#usr/share/man/man3/CURLINFO_USED_PROXY.3 +#usr/share/man/man3/CURLINFO_XFER_ID.3 #usr/share/man/man3/CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE.3 #usr/share/man/man3/CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE.3 #usr/share/man/man3/CURLMOPT_MAXCONNECTS.3 @@ -159,6 +162,7 @@ usr/lib/libcurl.so.4.8.0 #usr/share/man/man3/CURLOPT_DOH_SSL_VERIFYPEER.3 #usr/share/man/man3/CURLOPT_DOH_SSL_VERIFYSTATUS.3 #usr/share/man/man3/CURLOPT_DOH_URL.3 +#usr/share/man/man3/CURLOPT_ECH.3 #usr/share/man/man3/CURLOPT_EGDSOCKET.3 #usr/share/man/man3/CURLOPT_ERRORBUFFER.3 #usr/share/man/man3/CURLOPT_EXPECT_100_TIMEOUT_MS.3 @@ -301,6 +305,7 @@ usr/lib/libcurl.so.4.8.0 #usr/share/man/man3/CURLOPT_PROXY_TLSAUTH_USERNAME.3 #usr/share/man/man3/CURLOPT_PROXY_TRANSFER_MODE.3 #usr/share/man/man3/CURLOPT_PUT.3 +#usr/share/man/man3/CURLOPT_QUICK_EXIT.3 #usr/share/man/man3/CURLOPT_QUOTE.3 #usr/share/man/man3/CURLOPT_RANDOM_FILE.3 #usr/share/man/man3/CURLOPT_RANGE.3 @@ -326,6 +331,7 @@ usr/lib/libcurl.so.4.8.0 #usr/share/man/man3/CURLOPT_SEEKDATA.3 #usr/share/man/man3/CURLOPT_SEEKFUNCTION.3 #usr/share/man/man3/CURLOPT_SERVER_RESPONSE_TIMEOUT.3 +#usr/share/man/man3/CURLOPT_SERVER_RESPONSE_TIMEOUT_MS.3 #usr/share/man/man3/CURLOPT_SERVICE_NAME.3 #usr/share/man/man3/CURLOPT_SHARE.3 #usr/share/man/man3/CURLOPT_SOCKOPTDATA.3 @@ -335,6 +341,8 @@ usr/lib/libcurl.so.4.8.0 #usr/share/man/man3/CURLOPT_SOCKS5_GSSAPI_SERVICE.3 #usr/share/man/man3/CURLOPT_SSH_AUTH_TYPES.3 #usr/share/man/man3/CURLOPT_SSH_COMPRESSION.3 +#usr/share/man/man3/CURLOPT_SSH_HOSTKEYDATA.3 +#usr/share/man/man3/CURLOPT_SSH_HOSTKEYFUNCTION.3 #usr/share/man/man3/CURLOPT_SSH_HOST_PUBLIC_KEY_MD5.3 #usr/share/man/man3/CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256.3 #usr/share/man/man3/CURLOPT_SSH_KEYDATA.3 @@ -442,6 +450,7 @@ usr/lib/libcurl.so.4.8.0 #usr/share/man/man3/curl_global_init.3 #usr/share/man/man3/curl_global_init_mem.3 #usr/share/man/man3/curl_global_sslset.3 +#usr/share/man/man3/curl_global_trace.3 #usr/share/man/man3/curl_mime_addpart.3 #usr/share/man/man3/curl_mime_data.3 #usr/share/man/man3/curl_mime_data_cb.3 @@ -459,6 +468,7 @@ usr/lib/libcurl.so.4.8.0 #usr/share/man/man3/curl_multi_assign.3 #usr/share/man/man3/curl_multi_cleanup.3 #usr/share/man/man3/curl_multi_fdset.3 +#usr/share/man/man3/curl_multi_get_handles.3 #usr/share/man/man3/curl_multi_info_read.3 #usr/share/man/man3/curl_multi_init.3 #usr/share/man/man3/curl_multi_perform.3 @@ -471,6 +481,7 @@ usr/lib/libcurl.so.4.8.0 #usr/share/man/man3/curl_multi_strerror.3 #usr/share/man/man3/curl_multi_timeout.3 #usr/share/man/man3/curl_multi_wait.3 +#usr/share/man/man3/curl_multi_waitfds.3 #usr/share/man/man3/curl_multi_wakeup.3 #usr/share/man/man3/curl_pushheader_byname.3 #usr/share/man/man3/curl_pushheader_bynum.3 @@ -495,6 +506,7 @@ usr/lib/libcurl.so.4.8.0 #usr/share/man/man3/curl_ws_recv.3 #usr/share/man/man3/curl_ws_send.3 #usr/share/man/man3/libcurl-easy.3 +#usr/share/man/man3/libcurl-env-dbg.3 #usr/share/man/man3/libcurl-env.3 #usr/share/man/man3/libcurl-errors.3 #usr/share/man/man3/libcurl-multi.3 diff --git a/lfs/curl b/lfs/curl index a4fa21b1c..edb9a8201 100644 --- a/lfs/curl +++ b/lfs/curl @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team <info@ipfire.org> # +# Copyright (C) 2007-2024 IPFire Team <info@ipfire.org> # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 8.2.1 +VER = 8.8.0 THISAPP = curl-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 77c0b067935397afb3961378f2fe349fa988c6379c1ab7437c5d5f967710b2e9ba7aec91df8fe58a8b26c00c0164d4db9bd095ca27d1bf52b768c8d83cc0ecaf +$(DL_FILE)_BLAKE2 = c14903bad4cbd1752a5335afa6bcc78be1a484692fce0e0a6c2061963e0e6b4e56defb8332cef32d0dbddb481ad0443b71faf3a52a6e9d945c89ecbce373d2a3 install : $(TARGET) @@ -70,7 +70,6 @@ $(subst %,%_BLAKE2,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar xf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/curl-8.4.0-fb4415d8aee6c1045be932a34fe6107c2f5ed147.patch cd $(DIR_APP) && ./configure \ --prefix=/usr \ --disable-ipv6 \ diff --git a/src/patches/curl-8.4.0-fb4415d8aee6c1045be932a34fe6107c2f5ed147.patch b/src/patches/curl-8.4.0-fb4415d8aee6c1045be932a34fe6107c2f5ed147.patch deleted file mode 100644 index 0de35055f..000000000 --- a/src/patches/curl-8.4.0-fb4415d8aee6c1045be932a34fe6107c2f5ed147.patch +++ /dev/null @@ -1,38 +0,0 @@ -From fb4415d8aee6c1045be932a34fe6107c2f5ed147 Mon Sep 17 00:00:00 2001 -From: Jay Satiro <raysatiro@yahoo.com> -Date: Wed, 11 Oct 2023 07:34:19 +0200 -Subject: [PATCH] socks: return error if hostname too long for remote resolve - -Prior to this change the state machine attempted to change the remote -resolve to a local resolve if the hostname was longer than 255 -characters. Unfortunately that did not work as intended and caused a -security issue. - -Bug: https://curl.se/docs/CVE-2023-38545.html - -diff --git a/lib/socks.c b/lib/socks.c -index c492d663c4738..a7b5ab07e47d0 100644 ---- a/lib/socks.c -+++ b/lib/socks.c -@@ -587,9 +587,9 @@ static CURLproxycode do_SOCKS5(struct Curl_cfilter *cf, - - /* RFC1928 chapter 5 specifies max 255 chars for domain name in packet */ - if(!socks5_resolve_local && hostname_len > 255) { -- infof(data, "SOCKS5: server resolving disabled for hostnames of " -- "length > 255 [actual len=%zu]", hostname_len); -- socks5_resolve_local = TRUE; -+ failf(data, "SOCKS5: the destination hostname is too long to be " -+ "resolved remotely by the proxy."); -+ return CURLPX_LONG_HOSTNAME; - } - - if(auth & ~(CURLAUTH_BASIC | CURLAUTH_GSSAPI)) -@@ -903,7 +903,7 @@ static CURLproxycode do_SOCKS5(struct Curl_cfilter *cf, - } - else { - socksreq[len++] = 3; -- socksreq[len++] = (char) hostname_len; /* one byte address length */ -+ socksreq[len++] = (unsigned char) hostname_len; /* one byte length */ - memcpy(&socksreq[len], sx->hostname, hostname_len); /* w/o NULL */ - len += hostname_len; - }