From patchwork Tue Aug 13 16:19:38 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 7992 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4WjxSC6W1nz3wwl for ; Tue, 13 Aug 2024 16:20:11 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "E5" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4WjxSC2vdSz3nB; Tue, 13 Aug 2024 16:20:11 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4WjxSC2LnZz344G; Tue, 13 Aug 2024 16:20:11 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4WjxS738dgz33Gg for ; Tue, 13 Aug 2024 16:20:07 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4WjxS66px6z10m; Tue, 13 Aug 2024 16:20:06 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1723566007; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=xakb3Qa0L1/F84+p4yeJBiGDPrpVX1EXzx1R1nVLuGM=; b=ljGl1VdgPt/Uj3q9YRwCUOzz0fBfdZCCpdDxveAInP6Lh+3PsEyxbq5P4bbtT0O5RIBmn7 abA/HOSgvum+PbAQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1723566007; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=xakb3Qa0L1/F84+p4yeJBiGDPrpVX1EXzx1R1nVLuGM=; b=GAwJuc/SKbqKEPXlZe+Ho3vA4Q0UnBf6XDEKUGm1e1ItEevkR29sVftsyf85mA7p3uPtqa mO21J+P/+6MJIevelKvnjf8uGZOTALI3MirNtJ3TakUN3jn8XClEUrpKp+Cm8P8ymKPPvg o+WVei/5epZz9zHGX2RXIAk2WCEJDPgt8v/arWFZ0TBhRHx1wgLXf7XMBpnOcbeEBE6tSy LsR2p14cNvXfl17aYhnADW18+L9LIhuV7LsyriZQAadHjtkS+zN5Ff0PnSopDgxEtIEk5o h0TkcgxMV08JLV9VpUtaiBGGM9ub79MxKG8H2EhgL9PpVOZguHfKUdE7p9zXBw== From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH] curl: Update to version 8.9.1 Date: Tue, 13 Aug 2024 18:19:38 +0200 Message-ID: <20240813162000.1113995-3-adolf.belka@ipfire.org> In-Reply-To: <20240813162000.1113995-1-adolf.belka@ipfire.org> References: <20240813162000.1113995-1-adolf.belka@ipfire.org> MIME-Version: 1.0 Message-ID-Hash: N6SLYYF3UWZARBDO66QLTAFEQ2UG4MCM X-Message-ID-Hash: N6SLYYF3UWZARBDO66QLTAFEQ2UG4MCM X-MailFrom: adolf.belka@ipfire.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.8 Precedence: list List-Id: IPFire development talk Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: - Update from version 8.8.0 to 8.9.1 - Update of rootfile - Changelog 8.9.1 Bugfixes: cmake: detect `libssh` via `pkg-config` cmake: detect `nettle` when building with GnuTLS cmake: drop `if(PKG_CONFIG_FOUND)` guard for `pkg_check_modules()` configure: limit `__builtin_available` test to Darwin connect: fix connection shutdown for event based processing contrithanks.sh: use -F with -v to match lines as strings curl: more defensive socket code for --ip-tos CURLOPT_SSL_CTX_FUNCTION.md: mention CA caching CURLSHOPT_SHARE.md: mention sessions/cookies as not thread-safe example/multi-uv: remove the use of globals ftpserver.pl: make POP3 LIST serve content from the test file GHA/windows: increase timeout for vcpkg build step lib: survive some NULL input args macos: fix Apple SDK bug workaround for non-macOS targets misc: cleanup after removing years from copyright os400: build cli manual. os400: workaround an IBM ASCII run-time library bug RELEASE-PROCEDURE.md: remove the initial build step runtests: fold timing details with GHA, sync `-r` tflags tests: provide FTP directory contents in the test file tidy-up: URL updates TODO: thread-safe sharing transfer: speed limiting fix for 32bit systems vtls: avoid forward declaration in MultiSSL builds wolfSSL: allow wolfSSL's implementation of kyber to be used wolfssl: avoid calling get_cached_x509_store if store is uncachable wolfssl: CA store share fix x509asn1: unittests and fixes for gtime2str 8.9.0 Changes: curl: add --ip-tos (IP Type of Service / Traffic Class) curl: add --mptcp curl: add --vlan-priority curl: add -w '%{num_retries}' gnutls: support CA caching mbedtls: support CURLOPT_CERTINFO noproxy: patterns need to be comma separated socket: support binding to interface *AND* IP tcpkeepalive: add CURLOPT_TCP_KEEPCNT and --keepalive-cnt urlapi: add CURLU_NO_GUESS_SCHEME wolfssl: support CA caching Bugfixes: (lib)curl.rc: set debug flag also for `CURLDEBUG` and `UNITTESTS` asyn-thread: avoid using GetAddrInfoExW with impersonation aws-sigv4: url encode the canonical path BINDINGS: update java link to one that exists build: add Debug, TrackMemory, ECH to feature list build: add more supported attributes to the IAR compiler build: fix llvm 16 or older + Xcode 15 or newer, and gcc build: fix llvm 17 and older + macOS SDK 14.4 and newer build: sync warning options between autotools, cmake & compilers build: tidy up `__builtin_available` feature checks (Apple) build: untangle `CURLDEBUG` and `DEBUGBUILD` macros build: use `#error` instead of invalid syntax cd2nroff: convert two warnings to errors cd2nroff: use an empty "##" to signal end of .IP sequence cf-socket: improve SO_SNDBUF update for Winsock cf-socket: optimize curlx_nonblock() and check its return error cf-socket: remove obsolete recvbuf cf-socket: remove two "useless" assignments cfilters: make Curl_conn_connect always assign 'done' cmake: add CURL_USE_GSASL option with detection + CI test cmake: allow `ENABLE_CURLDEBUG=OFF` with `ENABLE_DEBUG=ON` cmake: allow SOVERSION override with `CURL_LIBCURL_SOVERSION` cmake: alpha-sort feature list cmake: always build unit tests with the `testdeps` target cmake: bring `curl-config.cmake` closer to `FindCURL` cmake: create `configurehelp.pm` like autotools does cmake: delete unused `HAVE_LIBSSH2`, `HAVE_LIBSOCKET` macros cmake: detect `libidn2` also via `pkg-config` cmake: enable SOVERSION for Cygwin and `CMAKE_DLL_NAME_WITH_SOVERSION` cmake: fix `-Wredundant-decls` in unity/mingw-w64 builds cmake: fix brotli lib order cmake: fix building `unit1600` due to missing `ssl/openssl.h` cmake: fix building in unity mode cmake: fix building with both md4 and md5 in unity mode cmake: fix builds with detected libidn2 lib but undetected header cmake: fix feature and protocol lists for SecureTransport cmake: fix quotes when appending multiple options (SecureTransport) cmake: fix test 1013 with websockets enabled and no TLS cmake: improve wolfSSL detection cmake: show protocols, then features cmake: stop setting SOVERSION for the static lib target cmake: sync CA bundle/path detection with autotools cmake: sync protocol/feature list with `curl -V` output cmake: use `APPLE` instead of `CMAKE_SYSTEM_NAME` string cmake: whitespace, formatting/tidy-up in comments cmdline-docs: "added in" cleanups cmdline-docs: fix `--proxy-ca-native` example + tidy-ups cmdline-opts/_PROTOCOLS.md: mention WS(S) cmdline-opts/ech.md: shorten the help text cmdline-opts/fail.md: expand and clarify cmdline-opts/interface.md: expand the documentation cmdline-opts: category cleanup cmdline-opts: expand the parallel explanations cmdline-opts: shorten six help texts cmdline: expand proxy option explanations code: language cleanup in comments configure: CA bundle/path detection fixes configure: fix `SystemConfiguration` detection configure: fix pkg-config library name 'libnghttp3' configure: fix pkg-config names (zstd, ngtcp2*) configure: limit `SystemConfiguration` test to non-c-ares, IPv6 builds configure: remove 'deeper' checks for `AC_CHECK_FUNCS` configure: require a QUIC library if nghttp3 is used configure: sort feature list, lowercase protocols, use backticks configure: use `$EGREP` in place of `grep -E` configure: use AC_MSG_WARN for TLS/experimental warning texts connect-to.md: expand with examples connection: shutdown TLS (for FTP) better cookie-jar.md: see also --junk-session-cookies curl-config: revert to backticks to support old target envs curl: allow etag and content-disposition for 3xx reply curl: bsearch the --write-out variable name curl: check for --disable case *sensitively* curl: list categories in --help curl: make warnings and other messages aware of terminal width curl: output "flying saucers" with leading carriage return curl_easy_escape: elaborate a little on encoding a URL curl_mprintf.md: add missing comma curl_multi_poll.md: expand the example with an custom file descriptor curl_str[n]equal.md: tidy up text to make them stand-alone curl_url_set.md: libcurl only parses :// URLs curl_url_set: elaborate on scheme guessing curldown: make 'added-in:' a mandatory header field CURLOPT_CONNECTTIMEOUT*: clarify, document the milliseond version CURLOPT_ECH.md: remove repeated 'if' CURLOPT_NETRC.md: clarify what it does on Windows CURLOPT_RESOLVE.md: mention hostname can be wildcard ('*') CURLOPT_SSL_VERIFYHOST.md: refresh CURLOPT_TLSAUTH_PASSWORD/USERNAME.md: language fixups DISTROS: add a link to the list archive DISTROS: add AlmaLinux package source link DISTROS: add MSYS2 (native) links docs/cmdline-opts: fix mail-auth example TLD typo docs/cmdline-opts: remove two superfluous "Added in" mentions docs/libcurl: polish the single-line descriptions docs/Makefile.am: make curl-config.1 install docs: reference non deprecated libcurl options docs: start markdown headers with capital letter where applicable doh-insecure.md: expand doh: fix cleanup doh: fix leak and zero-length HTTPS RR crash dump-header.md: mention minus for stdout examples/threaded-ssl: remove locking callback code examples: add missing binaries to .gitignore examples: delete unused includes examples: fix compiling with MSVC examples: suppress deprecation warnings locally FEATURES.md: refresh file: separate fake headers and body with a stand-alone CRLF ftp: remove redundant null pointer check in loop condition get.d: clarify the explanation GHA/windows: add MSVC wolfSSL job with test GHA/windows: ignore FTP test results for old-mingw-w64 GHA: add MSVC UWP job, expand jobs with more options GHA: detect and warn for more English contractions GHA: disable MQTT and WebSocket tests in Windows jobs GHA: disable TFTP tests in Windows jobs GHA: enable tests 1139, 1177, 1477 on Windows GHA: improve vcpkg cache, add BoringSSL ECH and LibreSSL MSVC jobs GHA: unify http3 workflows into one GHA: use vcpkg to install packages for MSVC jobs GIT-INFO.md: remove version requirements gnutls: improve TLS shutdown gnutls: pass in SNI name, not hostname when checking cert help: add flags to output and ssh categories hostip: skip error check for infallible function call http/3: add shutdown support http/3: resume upload on ack if we have more data to send http: remove "struct HTTP" http: write last header line late idn: fix ß with AppleIDN idn: make macidn fail before trying conversion if name too long idn: tweak buffer use when converting with macidn lib/v*: tidy up types and casts lib: add a few DEBUGASSERT(data) to aid code analyzers lib: add failure reason on bind errors lib: fix gcc warning in certain debug builds lib: fix thread entry point to return `DWORD` on WinCE lib: graceful connection shutdown lib: prefer `var = time(NULL)` over `time(&var)` lib: tidy up types and casts lib: xfer_setup and non-blocking shutdown libcurl-docs: make option lists alpha-sorted libcurl-easy.md: now *more* than 300 options libcurl.pc: add `Requires.private`, `Requires` for static linking libcurl.pc: add more `Requires.private`/`Requires` dependencies libssh: remove CURLOPT_SSL_VERIFYHOST check macos: add workaround for gcc, non-c-ares, IPv6, compile error macos: undo `availability` macro enabled by Homebrew gcc managen: "added in" fixes managen: cleanups to generate nicer-looking output managen: error on trailing blank lines in input files managen: fix removing backticks from subtitles managen: insert final .fi for files ending with a quote managen: introduce "Multi: per-URL" managen: only output .RE for manpage output managen: output tabs for each 8 leading spaces managen: warn on excessively long help texts MANUAL.md: wrap two example urls that overrun styling mbedtls: check version before getting tls version mbedtls: check version for cipher id mbedtls: correct the error message for cert blob parsing failure mbedtls: send close-notify on close mbedtls: v3.6.0 workarounds md4: fix compilation with OpenSSL 1.x with md4 disabled misc: fix typos mk-ca-bundle.pl: delay 'curl -V' execution until it is needed multi: add multi->proto_hash, a key-value store for protocol data multi: do a final progress update on connect failure multi: fix multi_wait() timeout handling multi: fix pollset during RESOLVING phase multi: multi_getsock(), check correct socket ngtcp2+quictls: fix cert-status use noproxy: test bad ipv6 net size first openssl/gnutls: rectify the TLS version checks for QUIC openssl: fix %-specifier in infof() call openssl: fix hostname handling when using ECH openssl: stop duplicate ssl key logging for legacy OpenSSL os400: make it compilable again pytest: add ftp upload tests pytest: include testenv/vsftpd.py in dist tarball quic: enable UDP GRO quic: openssl quic, cmake and doc version update to 3.3.0 quic: require at least OpenSSL 3.3 for QUIC quic: update to quiche 0.22.0 quiche: fix operand of ‘?:’ changes signedness request.md: language fix request: change the struct field bodywrites to a bool, only for hyper reuse: switch to REUSE 3.2 and REUSE.toml runtests: show name and keywords for failed tests in summary runtests: sort test IDs in summary lines runtests: support %DATEfor YYYY-MM-DD of right now runtests: support %VERNUM runtests: support crlf="yes" for the section sectransp: fix `HAVE_BUILTIN_AVAILABLE` checks to not emit warnings sectransp: fix clang compiler warnings, stop silencing them sectransp: remove large cipher table sectransp: use common code for cipher suite lookup sendf: fix CRLF conversion of input smtp: for starttls, do full upgrade socket: change TCP keepalive from ms to seconds on DragonFly BSD socket: use SOCK_NONBLOCK to eliminate extra system call socketpair: add `eventfd` and use `SOCK_NONBLOCK` for `socketpair()` src/Makefile.am: remove SUBDIRS assignment system_win32: add missing curl.h include tcpkeepalive: support TCP keep-alive parameters on Solaris <11.4 test1119: adapt for `.md` input test1139: scan .md files instead of .3 ones test1175: scan libcurl-errors.md, not the generated .3 version test1486: verify that write-out.md and tool_writeout.c are in sync test2600: disable on win32 test: add test1484, for HEAD with content test: add test1546, chunked not last transfer encoding tests/scripts: call it 'manpage' (single word) tests: add pytest for --ciphers and --tls13-ciphers options tests: delete `CharConv` remains tests: delete redundant `!MSDOS` guard tests: extend user/password parsing test1620 tests: fix sshd IdentityFile path for MinGW/Cygwin tests: fix sshd UserKnownHostsFile path for MinGW/Cygwin tests: include current directory when running test Perl commands tests: log "Throwing away" messages before throwing away tests: run with "--trace-config all" to provide even more info tests: sync feature names with `curl -V` tests: test_17_ssl_use.py clarify mbedTLS TLSv1.3 support tests: use exec when spawning nghttpx tidy-up: use consistent casing for Windows directories TODO: remove some old, clarify, add something tool_cb_hdr: return error for failed header writes tool_operate: avoid explicitly setting verifypeer to 1 tool_operate: simplify return code handling from url_proto() tool_writeout: get certinfo only when needing it trace-ascii.md: mention "%" for stderr transfer: avoid polling socket every transfer loop transfer: conn close on paused upload transfer: do not use EXPIRE_NOW while blocked transfer: remove curl_upload_refill_watermark, no longer used transfer: set CSELECT_IN if there is data pending unit2604: use 'unitfail' instead of 'error' variable url: allow DoH transfers to override max connection limit urlapi: remove unused definition of HOST_BAD variable.md: make example use expand verify-synopsis.pl: work with .md files vms: fixed language in comment vtls: deprioritize Secure Transport vtls: replace addsessionid with set_sessionid winbuild: fix PE version info debug flag winbuild: MS-DOS batch tidy-ups winbuild: remove outdated WIN32 defines windows: fix UWP builds, add GHA job winsock: move SO_SNDBUF update into cf-socket wolfssl: assume key_file equal to clientcert if no key_file wolfssl: use larger error buffer when formatting errors x509asn1: add some common ECDSA OIDs x509asn1: ASN1tostr() should fail when 'constructed' is set x509asn1: fallback to dotted OID representation x509asn1: make Curl_extract_certinfo store error message x509asn1: prevent NULL dereference x509asn1: remove superfluous free() x509asn1: remove two static variables Signed-off-by: Adolf Belka --- config/rootfiles/common/curl | 2 ++ lfs/curl | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/config/rootfiles/common/curl b/config/rootfiles/common/curl index 362e047e2..02789e64b 100644 --- a/config/rootfiles/common/curl +++ b/config/rootfiles/common/curl @@ -19,6 +19,7 @@ usr/lib/libcurl.so.4 usr/lib/libcurl.so.4.8.0 #usr/lib/pkgconfig/libcurl.pc #usr/share/aclocal/libcurl.m4 +#usr/share/man/man1/curl-config.1 #usr/share/man/man1/curl.1 #usr/share/man/man3/CURLINFO_ACTIVESOCKET.3 #usr/share/man/man3/CURLINFO_APPCONNECT_TIME.3 @@ -378,6 +379,7 @@ usr/lib/libcurl.so.4.8.0 #usr/share/man/man3/CURLOPT_SUPPRESS_CONNECT_HEADERS.3 #usr/share/man/man3/CURLOPT_TCP_FASTOPEN.3 #usr/share/man/man3/CURLOPT_TCP_KEEPALIVE.3 +#usr/share/man/man3/CURLOPT_TCP_KEEPCNT.3 #usr/share/man/man3/CURLOPT_TCP_KEEPIDLE.3 #usr/share/man/man3/CURLOPT_TCP_KEEPINTVL.3 #usr/share/man/man3/CURLOPT_TCP_NODELAY.3 diff --git a/lfs/curl b/lfs/curl index edb9a8201..7652f5d37 100644 --- a/lfs/curl +++ b/lfs/curl @@ -24,7 +24,7 @@ include Config -VER = 8.8.0 +VER = 8.9.1 THISAPP = curl-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = c14903bad4cbd1752a5335afa6bcc78be1a484692fce0e0a6c2061963e0e6b4e56defb8332cef32d0dbddb481ad0443b71faf3a52a6e9d945c89ecbce373d2a3 +$(DL_FILE)_BLAKE2 = 6e38e20e2b03ab5bfbb8d9797442dfdd9644fc80d7b1f7c1efb1f44e0d730524e82ccf7413b2c6f4555bd61ae42f91ec7c0201e2c0d563811c85164aa234aada install : $(TARGET)