| Message ID | 20250511101311.7315-1-adolf.belka@ipfire.org |
|---|---|
| State | New |
| Headers |
Return-Path: <development+bounces-368-patchwork=ipfire.org@lists.ipfire.org> Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4ZwJTz1vwtz3x4T for <patchwork@web04.haj.ipfire.org>; Sun, 11 May 2025 10:13:27 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "E5" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4ZwJTy2JNFz6R2 for <patchwork@ipfire.org>; Sun, 11 May 2025 10:13:26 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4ZwJTt75F9z34Jm for <patchwork@ipfire.org>; Sun, 11 May 2025 10:13:22 +0000 (UTC) X-Original-To: development@lists.ipfire.org Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4ZwJTr17x3z2xLY for <development@lists.ipfire.org>; Sun, 11 May 2025 10:13:20 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4ZwJTn4vZczm7; Sun, 11 May 2025 10:13:17 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1746958397; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=LIaqhQ8m2UczIpF4uPoSgPJI0aeENybC+qDfITQDLf0=; b=9t3PnYHchGgPqCqQJfKmz5Baorq5nfTmrSn2CZtzAjpgprY1lXfvqWNt7pYzGahdB+AF1l 0R11PAhu1CNIs1Cw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1746958397; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=LIaqhQ8m2UczIpF4uPoSgPJI0aeENybC+qDfITQDLf0=; b=R6Fh/1wCCU8iFuPPiL/GLcbNBGyn2IFbeNymMrTn4YfN4iiN3yh37P2KFcqN100+l5Rrgb Yp05Lmh0gp+eHq9xiQ5do1vxIL4eB9FW4dSqGUCE5GmNUKZ9Eh9ti2lkevBLPF0x3mSG+T e5OoHavLPxgpxvdoFNNq0UB77R2pLb4mc9KTQibDcrrkgBBV4Y8tqomkMKeOTq1yRGJuZv 29NGo+j+tkZXOfJ3Su14fkC076JhWQWEzSfMdgaUWPjUnuion+ko7t/eHS6g1xFj8sD6Kf gSqmZFayYfexqnhDYWjuqa+KL7fhOEqKMJ590+SVh7aeFgMG3zXblXujtrrAIg== From: Adolf Belka <adolf.belka@ipfire.org> To: development@lists.ipfire.org Cc: Adolf Belka <adolf.belka@ipfire.org> Subject: [PATCH 1/9] curl: Update to version 8.13.0 Date: Sun, 11 May 2025 12:12:56 +0200 Message-ID: <20250511101311.7315-1-adolf.belka@ipfire.org> Precedence: list List-Id: <development.lists.ipfire.org> List-Subscribe: <https://lists.ipfire.org/>, <mailto:development+subscribe@lists.ipfire.org?subject=subscribe> List-Unsubscribe: <https://lists.ipfire.org/>, <mailto:development+unsubscribe@lists.ipfire.org?subject=unsubscribe> List-Post: <mailto:development@lists.ipfire.org> List-Help: <mailto:development+help@lists.ipfire.org?subject=help> Sender: <development@lists.ipfire.org> Mail-Followup-To: <development@lists.ipfire.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit |
| Series |
[1/9] curl: Update to version 8.13.0
|
|
Commit Message
Adolf Belka
May 11, 2025, 10:12 a.m. UTC
- Update from version 8.11.0 to 8.13.0
- Update of rootfile
- Knock on effect of this update is to require a newer version of cmake due to changes
in some variable from curl that cmake uses.
- This therefore the first of a patch set.
- Changelog
8.13.0
Changes:
curl: add write-out variable 'tls_earlydata'
curl: make --url support a file with URLs
gnutls: set priority via --ciphers
IMAP: add CURLOPT_UPLOAD_FLAGS and --upload-flags
lib: add CURLFOLLOW_OBEYCODE and CURLFOLLOW_FIRSTONLY
OpenSSL/quictls: add support for TLSv1.3 early data
rustls: add support for CERTINFO
rustls: add support for SSLKEYLOGFILE
rustls: support ECH w/ DoH lookup for config
rustls: support native platform verifier
var: add a '64dec' function that can base64 decode a string
wolfssl: tls early data support
Bugfixes:
addrinfo: add curl macro to avoid redefining foreign symbols
asyn-thread: avoid the separate 'struct resdata' alloc
asyn-thread: avoid the separate curl_mutex_t alloc
asyn-thread: do not allocate thread_data separately
asyn-thread: remove 'status' from struct Curl_async
autotools: fix `dllmain.c` in unity builds
autotools: fix `libtest` bundle to depend on `FIRSTFILES`
autotools: use `CURLDEBUG` to exclude TrackMemory code from unity
aws_sigv4: cannot be used for proxy
aws_sigv4: merge repeated headers in canonical request
aws_sigv4: use strparse more for parsing
base64: drop `BUILDING_CURL` macro, always include in tests/server
build: add Windows CE / CeGCC support, with CI jobs
build: cmake multi-pkg-config detection improvements (brotli, ldap, mbedtls)
build: do not apply curl debug macros to `tests/server` by default
build: drop unused `getpart` tool
build: enable -Wjump-misses-init for GCC 4.5+
build: enable `-Wcast-qual`, fix or silence compiler warnings
build: fix compiler warnings in feature detections
build: replace Curl_ prefix with curlx_ for functions used in servers
build: set `-O3` and tune WinCE in CI, fix `getpart`, `vtls_scache` fallouts
build: set `HAVE_STDINT_H` if `stdint.h` is available
build: set `HAVE_WRITABLE_ARGV` for Apple cross-builds
build: silence bogus `-Wconversion` warnings with gcc 5.1-5.4
build: silence mingw32ce C99 format warnings, simplify CI
build: tidy-ups around `inet_pton`
c-ares httpsrr: fix ifdef
c-ares: error out for unsupported versions, drop unused macros
ca-native.md: sync with CURLSSLOPT_NATIVE_CA
cf-socket: deduplicate Windows Vista detection
cf-socket: remove empty switch
client writer: handle pause before decoding
cmake: `CURL_LIBDIRS` improvements (upstreamed from vcpkg)
cmake: `SHARE_LIB_OBJECT=ON` requires CMake 3.12 or newer
cmake: add custom command scripts as dependencies where missing
cmake: add pre-fill for Unix, enable in GHA/macos, verify pre-fills
cmake: add shell completion support
cmake: allow `CURL_STATIC_CRT` with shared libcurl and no curl exe
cmake: allow `CURL_STATIC_CRT` with UCRT VS2015+ builds
cmake: allow empty `IMPORT_LIB_SUFFIX`, add suffix collision detection
cmake: avoid `-Wnonnull` warning in `HAVE_FSETXATTR_5` detection
cmake: disable HTTPS-proxy as a feature if proxy is disabled
cmake: drop `CURL_DISABLE_TESTS` option
cmake: drop `HAVE_C_FLAG_Wno_long_double` logic for ancient Apple gcc
cmake: drop `HAVE_IN_ADDR_T` from pre-fill too
cmake: drop two stray TLS feature checks for wolfSSL
cmake: exclude `-MP` for `clang-cl` again
cmake: fix `HAVE_ATOMIC`/`HAVE_STDATOMIC` pre-fill for clang-cl
cmake: fix clang-tidy builds to verify tests, fix fallouts
cmake: fix detection pre-fills for iOS
cmake: fix ECH detection in custom-patched OpenSSL
cmake: fix typo in ECH config error msg
cmake: hide empty `MINGW64_VERSION` output for mingw32ce
cmake: improve httpd detection for pytest
cmake: mention 'insecure' in the debug build warning
cmake: misc tidy-ups
cmake: pre-fill known type sizes for Windows OSes
cmake: replace CMAKE_COMPILER_IS_GNUCC with CMAKE_C_COMPILER_ID
cmake: replace exec_program() with execute_process()
cmake: restrict static CRT builds to static curl exe, test in CI
cmake: sync cutoff version with autotools for picky option `-ftree-vrp`
cmake: sync OpenSSL(-fork) feature checks with `./configure`
cmake: unity mode optimization for non-`CURLDEBUG` `testdeps` targets
CODE_STYLE: readability and banned functions
config-win32: set `HAVE_STDINT_H` where available
configure: call the blocking resolver "blocking", not "default"
configure: fix ECH detection with MultiSSL
configure: silence compiler warnings in feature checks, drop duplicates
configure: tidy up shell completion rules
configure: use `curl_cv_apple` variable
conn: eliminate `conn->now`
conn: fix connection reuse when SSL is optional
conncache: eliminate `conn->destination_len` as premature optimization
contributors.sh: lowercase 'github' for consistency
contrithanks.sh: update docs/THANKS in place
cookie: do prefix matching case-sensitively
cookie: minor parser simplification
cookie: simplify invalid_octets()
core: stop redefining `E*` macros on Windows, map `EACCES`, related fixes
curl.h: change some enums to defines with L suffix
curl.h: convert CURLUSESSL* names to defines
curl.h: stop defining non-curl `__has_declspec_attribute`
curl.h: switch `CURL_HTTP_VERSION*` enums to long constants
curl/system.h: drop leftover comment about 32 bit curl_off_t
curl: add my_setopt_long() and _offt()
curl_msh3: remove verify bypass from DEBUGBUILDs
curl_setup: drop `ERANGE` (for WinCE), no longer used
curl_setup_once: drop `E*` macro redefines unused (with winsock2)
curl_setup_once: stop redefining `ENAMETOOLONG` to winsock2 error code
curl_trc: fix build with CURL_DISABLE_VERBOSE_STRINGS
curl_ws_recv.md: expand a little on the fragments the API delivers
CURLMOPT_SOCKETFUNCTION.md: add advice for socket callback invocation
CURLOPT_HTTPHEADER.md: add comments to the example
CURLOPT_HTTPHEADER.md: rephrases
curltime: use libcurl time functions in src and tests/server
DISABLED: add 313 for sectransp (move from GHA/macos)
docs/cmdline-opts: use imperative form
docs: adapt to removed --with-random
docs: add FD_ZERO to curl_multi_fdset example
docs: bump `rustls` to 0.14.1
docs: correct argument names & URL redirection
docs: minor edits to please the new spellchecker regime
docs: rework RUSTLS install instructions
docs: unify HTTP version style in --help output
docs: vulnerabilities in debug code are not eligible for a bounty
doh: improve HTTPS RR svcparams parsing
doh: remove wrong but unreachable exit path from doh_decode_rdata_name
dynbuf: assert init on free
easy: drop `break` after `return`
easy: fix warning about possible comma misuse
eventfd: allow use on all CPUs
examples: prefer `return` over `exit()` (cont.)
ftp/sftp: strdup data info memory
ftp: fix comment
gnutls: fix connection state check on handshake
gnutls: fix use of pkcs11 urls for keys/certs
gtls: fix uninitialized variable
hash: use single linked list for entries
hostip: don't use alarm() for DoH resolves
hostip: make CURLOPT_RESOLVE support replacing IPv6 addresses
http2: add on_invalid_frame callback for error detection
http2: detect session being closed on ingress handling
http2: enhance error messages on Curl_dyn* upon receiving headers
http2: fix stream assignemnt for pushes
http2: reset stream on response header error
HTTP3.md: only speak about minimal versions
http: convert parsers to strparse
http: fix NTLM info message typo
http: fix the auth check
http: make the RTSP version check stricter
http: negotiation and room for alt-svc/https rr to navigate
http: remove a HTTP method size restriction
http: version negotiation
http_chunks: replace a strofft call with curl_str_hex
https-rr: implementation improvements
httpsrr: fix port detection
httpsrr: fix the HTTPS-RR threaded-resolver build combo
INFRASTRUCTURE.md: add IRC and Matrix details
INSTALL-CMAKE.md: CMake usage updates
INSTALL-CMAKE.md: mention `ZLIB_USE_STATIC_LIBS`
lib1156: pass longs to `curl_easy_setopt()`
lib1560: test set path containing LR or CR
lib2302: fix crash due to stack overflow on MSVC and clang Windows
lib696: fix building on Windows in non-bundle mode
lib: better optimized casecompare() and ncasecompare()
lib: clear up CURLRES_ASYNCH vs USE_CURL_ASYNC use
lib: fix two curlx_strtoofft invokes
lib: rename curlx_strtoofft to Curl_str_numblanks()
lib: replace while(ISBLANK()) loops with Curl_str_passblanks()
lib: simplify more white space loops
lib: strtoofft.h header cleanup
lib: use Curl_str_* instead of strtok_r()
lib: use Curl_str_number() for parsing decimal numbers
libssh2: fix freeing of resources in disconnect
libssh2: fix memory leak in `SSH_SFTP_REALPATH` state
libssh2: fix to ignore `known_hosts` if SHA256 host public key is set
libssh2: print user with verbose flag
libssh2: show crypto backend in the verbose connect log
libssh: fix freeing of resources in disconnect
libssh: fix scp large file upload for 32-bit size_t systems
libtest/first.c: remove the Test: stderr output for unity builds
libtest/libprereq.c: set CURLOPT_FOLLOWLOCATION with a long
managen: accept more markdown-quote-markers
managen: correct the warning for un-escaped '<' and '>'
mbedtls: re-enable an error check
memdebug.h: avoid `-Wredundant-decls` with an extra guard
memdebug: drop dynamic allocation from `curl_dbg_log()`
mprintf: switch three number parsers to use strparse
mqtt: convert sendleftovers to dynbuf
msvc: drop support for VS2005 and older
multi: call protocol handler done() if PROTOCONNECT or later
multi: event based rework
multi: kill off remaining internal handles in curl_multi_cleanup
multi: start the loop over when handles are removed
multi_ev: fixes regarding connection shutdowns
ngtcp2: do not iterate over multi handles
ntlm: merge ntlm.h into ntlm.c
openssl-quic: do not iterate over multi handles
openssl: check return value of X509_get0_pubkey
openssl: drop support for old OpenSSL/LibreSSL versions
openssl: fix crash on missing cert password
openssl: fix pkcs11 URI checking for key files.
openssl: remove bad `goto`s into other scope
prox/preproxy.md: document argument within <brackets>
pytest: test negotiate with http proxy
quiche: do not iterate over multi handles
RELEASE-PROCEDURE.md: explain release candidates
request: clear sendbuf_hds_len when resetting request bufq
resolve: fix building without Unix sockets and `CURLDEBUG`
runtests: accept `CURL_DIRSUFFIX` without ending slash
runtests: add feature-based filtering
runtests: check and report if `diff` tool is missing
runtests: drop logic calling the `handle` tool (Windows)
runtests: drop recognizing 'winssl' as Schannel
runtests: drop ref to unused external function
runtests: fix bundled test invocation with `-g` option
runtests: fix SSH server not starting in cases, re-ignore failing vcpkg CI jobs
runtests: fix test key format for libssh2 WinCNG (and others)
runtests: generate certs dynamically, bump to EC-256, tidy up
runtests: recognize AWS-LC as OpenSSL
runtests: rewrite `genserv.sh` in Perl
runtests: support multi-target cmake, drop workarounds from CI
runtests: support running tests under wine or qemu (cont.)
runtests: support running tests under wine or qemu
runtests: use `setfacl` on Cygwin/MSYS, if present
rustls: add ECH support w/ string ECH config
rustls: cap maximum allowed CRL file size to 8MB
rustls: support ECH GREASE
rustls: use client cert and key if available
schannel: deduplicate Windows Vista detection
schannel: enable ALPN support under WINE 6.0+
schannel: enable ALPN with MinGW, fix ALPN for UWP builds
schannel: guard ALPN init code to ALPN builds
scripts/managen: fix option 'single'
scripts/managen: fix parsing of markdown code sections
scripts: update completion.pl to parse options from docs
sectransp: add support for HTTP/2 in gcc builds
sendf: client reader line conversion: do not change data->state.infilesize
setopt: illegal CURLOPT_SOCKS5_AUTH should return error
setopt: remove unnecessary void pointer typecasts
setopt: setting PROXYUSERPWD after PROXYUSERNAME/PASSWORD is fine
shutdowns: split shutdown handling from connection pool
socks: remove bad assert from do_SOCKS5()
src: avoid strdup on platforms not doing UTF-8 conversions
src: cleanup ISBLANK vs ISSPACE
src: remove Curl_ prefix from tool-specific function
src: remove final uses of Curl_ symbol prefixes in tool code
src: replace strto[u][ld] with curlx_str_ parsers
ssh: consider sftp quote commands case sensitive
sshserver.pl: adjust `AuthorizedKeysFile2` cutoff version
sshserver.pl: use Perl `chmod`
sshserver: fix excluding obsolete client config lines
ssl session cache: add exportable flag
SSLCERTS: list support for SSL_CERT_FILE and SSL_CERT_DIR
strparse: make Curl_str_number() return error for no digits
strparse: switch the API to work on 'const char *'
strparse: switch to curl_off_t as base data type
test1022: add support for rc releases
test1167: catch #defines with extra whitespace
test313: disable CRL test for Schannel due to lack of support and flakiness
test313: disable via `<features>` for backends without CRL support
test489: set output dir
test612: SCP `rm` the uploaded remote file (not the local source), unignore in CI
test613: make it pass on Windows, fix postprocess, unignore in CI
test615: fix for Cygwin, unignore in CI
tests/certs: cleanup
tests/server: drop unused `base64.pl`
tests/server: fix to check against winsock2 error codes on Windows
tests/server: give global `path` variable a more descriptive name
tests/server: make the signal handler signal-safe
tests/server: replace `errno` with `SOCKERRNO` in sockfilt, socksd, sws
tests/server: replace `strerror` with `sstrerror` in socksd
tests/server: support bundle binary
tests/server: sync `wait_ms()` with the libcurl implementation
tests/server: use `curlx_str_numblanks()` to avoid `errno`
tests/servers.pm: remove unused variable 'portrange'
tests: build non-debug unit tests with autotools, run them
tests: fix comment in lib533
tests: fix enum/int confusion, fix autotools `CFLAGS` for `servers`
tests: make sure 'commands.log' is generated in the correct logdir
tests: mark tests 1631, 1632 flaky
tests: reformat error messages to avoid tripping MSBuild
tests: remove base64 encoded sections
tests: Remove unused variables
tests: replace remaining non-ASCII bytes with hex markup
tftpd: prefix TFTP protocol error `E*` constants with `TFTP_`
tidy-up: align MSYS2/Cygwin codepaths, follow Cygwin `MAX_PID` bump
tidy-up: delete, comment or scope C macros reported unused
tidy-up: drop unused `CURL_INADDR_NONE` macro and `in_addr_t` type
tidy-up: use `CURL_ARRAYSIZE()`
timediff: fix comment for curlx_mstotv()
timediff: remove unnecessary double typecast
tool_dirhie: create dir hierarchy without strtok
tool_getparam: clear sensitive arguments better
tool_getparam: do parse_upload_flags without the alloc/free
tool_getparam: parse --trace-config without strdup()/free()
tool_getparam: parse_header() without strtok
tool_operate: change "1 retries" to "1 retry"
tool_operate: fail SSH transfers without server auth
tool_operate: fix pluralization of seconds
tool_operate: remove unnecessary (long) typecasts
tool_paramhlp: do --proto parsing without strtok
tool_parsecfg: make my_get_line skip comments and newlines
tool_setopt: reduce use of "code hiding" macros
url: call protocol handler's disconnect in Curl_conn_free
urlapi: fix redirect from file:// with query, and simplify
urlapi: remove percent encoded dot sequences from the URL path
urlapi: simplify junkscan
urldata: remove 'hostname' from struct Curl_async
variable.md: clarify 'trim' example
vquic: obey IOV_MAX
vtls: fix compiler warnings seen with gcc 7.3.0 and mbedTLS
winbuild: reduce command-line length by dropping whitespace
windows: do not use winsock2 `inet_ntop()`/`inet_pton()`
windows: drop code and curl manifest targeting W2K and older
windows: fix issues detected by clang-tidy, and some more
wolfssh: fix freeing of resources in disconnect
wolfssh: retrieve the error using wolfSSH_get_error
wolfssl: fix CA certificate multiple location import
wolfssl: fix unused variable warning
wolfssl: warn if CA native import option is ignored
wolfssl: when using PQ KEM, use ML-KEM, not Kyber
ws: corrected curlws_cont to reflect its documented purpose
ws: fix and extend CURLWS_CONT handling
zlib: bump minimum to 1.2.5.2 (was: 1.2.0.4)
8.12.1
Bugfixes:
all: remove FIXME and TODO comments
asyn-thread: fix build with `CURL_DISABLE_SOCKETPAIR`
asyn-thread: fix HTTPS RR crash
asyn-thread: fix the returned bitmask from Curl_resolver_getsock
asyn-thread: survive a c-ares channel set to NULL
build: add tool_hugehelp.c into IBMi build
checksrc.pl: warn on FIXME/TODO comments
cmake/Find: set `<Modulename>_FOUND` for compatibility when found via
`pkg-config`
cmake: add integration tests, run them in CI
cmake: always reference OpenSSL and ZLIB via imported targets
cmake: avoid unnecessary `-L` for implicit link dirs
cmake: drop `LDAP_DEPRECATED=1` macro, to sync with autotools
cmake: fix `HAVE_GETHOSTBYNAME_R_*` detections with `CURL_WERROR=ON`
cmake: fix to detect `HAVE_OPENSSL_SRP` in MSVC UWP builds
cmake: fix/add missing feature detections for Windows/MS-DOS
cmake: initialize variables where missing
cmake: lib order fixes for picky linkers (e.g. binutils `ld`)
cmake: normalize before matching paths with syspaths
cmake: respect `GNUTLS_CFLAGS` when detected via `pkg-config`
cmake: respect `GNUTLS_LIBRARY_DIRS` in `libcurl.pc` and `curl-config`
cmake: save a line with `CMAKE_C_IMPLICIT_LINK_DIRECTORIES` exclusion
cmake: tidy up string append and list prepend syntax
configure/cmake: check for realpath
configure/cmake: set asyn-rr a feature only if httpsrr is enabled
content_encoding: #error on too old zlib
curl_global_sslset.md: Add SSL backend names
CURLOPT_SSH_KNOWNHOSTS.md: strongly recommend using this
CURLSHOPT_SHARE.md: adjust for the new SSL session cache
docs: better explain multi-part byte range behavior
docs: use valid example domain names
generate.bat: remove curl_get_line.c from the curlx file list
header.md: mention `Authorization:` and `Cookie:` special treatment
imap: TLS upgrade fix
INTERNALS: fix c-ares, as we actually support 1.6.0 or later
ldap: drop support for legacy Novell LDAP SDK
lib: include necessary headers for `inet_ntop`/`inet_pton`
lib: silence LibreSSL collision warning on non-MSVC Windows
libssh2: comparison is always true because rc <= -1
libssh2: raise lowest supported version to 1.2.8
libssh: drop support for libssh older than 0.9.0
libssh: silence `-Wconversion` with a cast (Windows 32-bit)
netrc: return code cleanup, fix missing file error
openssl-quic: ignore ciphers for h3
openssl: fix out of scope variables in goto
pop3: TLS upgrade fix
runtests: fix the disabling of the memory tracking
runtests: quote commands to support paths with spaces
scache: add magic checks
smb: silence `-Warray-bounds` with gcc 13+
smtp: TLS upgrade fix
SPONSORS.md: clarify that we don't promise goods or services
test1516: avoid failure due to spaces in path
test2080: simplify, avoid the null byte
tests: fix test 558, 1330 for MSVC, allow TrackMemory with MSVC in cmake
tidy-up: make per-file `ARRAYSIZE` macros global as `CURL_ARRAYSIZE`
tool_cfgable: sort struct fields by size, use bitfields for booleans
tool_getparam: add "TLS required" flag for each such option
tool_progress: fix percent output of large parallel transfers
tool_ssls: switch to tool-specific get_line function
verbose.md: mention how carriage-return might occur in headers
vquic: make the "disable GSO" use infof, not failf
vtls: fix multissl-init
vtsl: eliminate 'data->state.ssl_scache'
wakeup_write: make sure the eventfd write sends eight bytes
wolfssl: silence compiler warning (MSVC 2019), simplify existing
8.12.0
Changes:
curl: add byte range support to --variable reading from file
curl: make --etag-save acknowledge --create-dirs
getinfo: fix CURLINFO_QUEUE_TIME_T and add 'time_queue' var
getinfo: provide info which auth was used for HTTP and proxy
hyper: drop support
openssl: add support to use keys and certificates from PKCS#11 provider
QUIC: 0RTT for gnutls via CURLSSLOPT_EARLYDATA
vtls: feature ssls-export for SSL session im-/export
Bugfixes:
altsvc: avoid integer overflow in expire calculation
altsvc: return error on dot-only name
android: add CI jobs, buildinfo, cmake docs, disable `CURL_USE_PKGCONFIG`
by default
asyn-ares: acknowledge CURLOPT_DNS_SERVERS set to NULL
asyn-ares: fix memory leak
asyn-ares: initial HTTPS resolve support
asyn-thread: use c-ares to resolve HTTPS RR
async-thread: avoid closing eventfd twice
autotools: add support for mingw UWP builds
autotools: silence gcc warnings in libtool code
binmode: convert to macro and use it from tests
build: delete `-Wsign-conversion` related FIXMEs
build: drop `-Winline` picky warning
build: drop `tool_hugehelp.c.cvs`, tidy up macros, drop `buildconf.bat`
build: drop unused feature macros, update exception list
build: fix `-Wtrampolines` picky warning for gcc 4.x versions
build: fix compiling with GCC 4.x versions
build: fix the tidy targets for autotools
build: fix unsigned `time_t` detection for cmake, MS-DOS, AmigaOS
build: replace configure check with PP condition (Android <21)
build: stop detecting `sched_yield()` on Windows
c-ares: fix/tidy-up macro initializations, avoid a deprecated function
cd2nroff: do not insist on quoted <> within backticks
cd2nroff: support "none" as a TLS backend
cf-https-connect: look into httpsrr alpns when available
cf-socket: error if address can't be copied
cfilters: kill connection filter events attach+detach
checksrc.bat: remove explicit SNPRINTF bypass
checksrc: ban use of sscanf()
checksrc: check for return with parens around a value/name
checksrc: exclude generated bundle files to avoid race condition
checksrc: fix the return() checker
checksrc: introduce 'banfunc' to ban specific functions
cmake/Find: add `iphlpapi` for c-ares, omit syslibs if dep not found
cmake/FindLDAP: avoid empty 'Requires' item when omitting `pkg-config` module
cmake/FindLDAP: avoid framework locations for libs too (Apple)
cmake/FindLibpsl: protect against `pkg-config` "half-detection"
cmake/FindLibssh: sync header comment with other modules
cmake/FindMbedTLS: drop lib duplicates early
cmake: add `librtmp` Find module
cmake: add LDAP Find module
cmake: add native `pkg-config` detection for remaining Find modules
cmake: allow `CURL_LTO` regardless of `CURL_BUILD_TYPE`, enable in CI
cmake: clang-cl improvements
cmake: delete accidental debug message
cmake: deprecate winbuild, add migration guide from legacy build methods
cmake: detect mingw-w64 version, pre-fill `HAVE_STRTOK_R`
cmake: do not store `MINGW64_VERSION` in cache
cmake: drop `CURL_USE_PKGCONFIG` from `curl-config.cmake.in`
cmake: drop `fseeko()` pre-fill and check for Windows
cmake: drop duplicate Windows cache value
cmake: drop redundant FOUND checks (libgsasl, libssh, libuv)
cmake: drop redundant opening/closing `.*` from `MATCH` expressions
cmake: drop unused `HAVE_SYS_XATTR_H` detection
cmake: drop VS2010 "Dialog Hell" workaround added in 2013
cmake: extend zlib's `AUTO` option to brotli, zstd and enable if found
cmake: fix `net/in.h` detection for MS-DOS
cmake: improve `curl_dumpvars()` and move to `Utilities.cmake`
cmake: make libpsl required by default
cmake: make system libraries `dl`, `m`, `pthread` customizable
cmake: move `pkg-config` names to Find modules
cmake: move GSS init before feature detections
cmake: move mingw UWP workaround from GHA to `CMakeLists.txt`
cmake: namespace functions and macros
cmake: optimize out 4 picky warning option detections with gcc
cmake: pick a better IPv6 feature flag when assembling the feature list
cmake: pre-fill `HAVE_STDATOMIC_H`, `HAVE_ATOMIC` for mingw-w64
cmake: pre-fill `HAVE_STDINT_H` on Windows
cmake: prefer dash-style MSVC options
cmake: publish/check supported protocols/features via `CURLConfig.cmake`
cmake: replace `unset(VAR)` with `set(VAR "")` for init
cmake: sync OpenSSL QUIC fork detection with autotools
cmake: use `CMAKE_REQUIRED_LINK_DIRECTORIES`
cmake: use `STREQUAL` to detect Linux
cmake: warn for OpenSSL versions missing TLS 1.3 support
cmdline-opts/version.md: describe multissl, mention SSLS-EXPORT
completion.pl: add completion for paths after @ for fish
config-mac: drop `MACOS_SSL_SUPPORT` macro
config: drop unused code and variables
configure: do not inline 'dnl' comments
configure: drop unused detections and macros
configure: streamline Windows large file feature check
configure: UWP and Android follow-up fixes
conncache: count shutdowns against host and max limits
conncache: result_cb comment removed from function docs
content_encoding: drop support for zlib before 1.2.0.4
content_encoding: namespace GZIP flag constants
content_encoding: put the decomp buffers into the writer structs
content_encoding: support use of custom libzstd memory functions
cookie: cap expire times to 400 days
cookie: fix crash in netscape cookie parsing
cookie: parse only the exact expire date
curl-functions.m4: fix indentation in `CURL_SIZEOF()`
curl: return error if etag options are used with multiple URLs
curl_multi_fdset: include the shutdown connections in the set
curl_multi_waitfds.md: tidy up the example
curl_multibyte: support Windows paths longer than MAX_PATH
curl_setup: fix missing `ADDRESS_FAMILY` type in rare build cases
curl_sha512_256: rename symbols to the curl namespace
curl_url_set.md: adjust the added-in to 7.62.0
curl_ws_recv.md: fix typo
CURLOPT_CONNECT_ONLY.md: an easy handle with this option set cannot be reused
CURLOPT_PROXY.md: clarify the crendential support in proxy URLs
CURLOPT_RESOLVE.md: fix wording
CURLOPT_SEEKFUNCTION.md: used for FTP, HTTP and SFTP (only)
docs/BUGS.md: remove leading space from a link
docs/cmdline-opts/_ENVIRONMENT.md: minor language fix
docs/cmdline-opts/location.md: fix typos for location flag
docs/HTTP-COOKIES.md: link to more information
docs/HTTPSRR.md: initial HTTPS RR documentation
docs/libcurl/opts: clarify the return values
docs/libcurl: return value overhall
docs/TLS-SESSIONS: fix typo, the->they
docs: document the behavior of -- in the curl command line
docs: use lowercase curl and libcurl
doh: cleanups and extended HTTPS RR code
doh: send HTTPS RR requests for all HTTP(S) transfers
easy: allow connect-only handle reuse with easy_perform
easy: make curl_easy_perform() return error if connection still there
easy_lock: use Sleep(1) for thread yield on old Windows
ECH: update APIs to those agreed with OpenSSL maintainers
examples/block-ip: drop redundant `memory.h` include
examples/block-ip: show how to block IP addresses
examples/complicated: fix warnings, bump deprecated callback, tidy up
examples/synctime.c: remove references to dead URLs and functionality
examples: make them compile with compatibility functions disabled (Windows)
examples: use return according to code style
file: drop `OPEN_NEEDS_ARG3` option
file: fix Android compiler warning
gitignore: add generated unity sources for lib and src
GnuTLS: fix 'time_appconnect' for early data
hash: add asserts in hash_element_dtor()
HTTP/2: strip TE request header
http2: fix data_pending check
http2: fix value stored to 'result' is never read
http: fix build with `CURL_DISABLE_COOKIES`
http: ignore invalid Retry-After times
http_aws_sigv4: Fix invalid compare function handling zero-length pairs
https-connect: start next immediately on failure
INFRASTRUCTURE.md: project infra
INSTALL-CMAKE.md: fix punctuation
INSTALL.md: add CMake examples for macOS and iOS
INSTALL.md: document VS2008 and mingw-w64
INTERNALS.md: sync wolfSSL version requirement with source code
lib517: extend the getdate test with quotes and leading "junk"
lib: clarify 'conn->httpversion'
lib: redirect handling by protocol handler
lib: remove `__EMX__` guards
lib: replace `inline` redefine with `CURL_INLINE` macro
lib: supress deprecation warnings in apple builds
lib: TLS session ticket caching reworked
libcurl/opts: do not save files in dirs where attackers have access
Makefile.dist: delete
Makefile.mk: drop in favour of autotools and cmake (MS-DOS, AmigaOS3)
mbedtls: fix handling of blocked sends
mbedtls: PSA can be used independently of TLS 1.3 (avoid runtime errors)
mime: explicitly rewind subparts at attachment time.
mprintf: fix integer handling in float precision
mprintf: terminate snprintf output on windows
msvc: add missing push/pop for warning pragmas
msvc: assume `_INTEGRAL_MAX_BITS >= 64`
msvc: drop checks for ancient versions
msvc: fix building with `HAVE_INET_NTOP` and MSVC <=1900
msvc: require VS2005 for large file support
msvc: tidy up `_CRT_*_NO_DEPRECATE` definitions
multi: fix curl_multi_waitfds reporting of fd_count
multi: fix return code for an already-removed easy handle
multihandle: add an ssl_scache here
multissl: auto-enable `OPENSSL_COEXIST` for wolfSSL + OpenSSL
multissl: make openssl + wolfssl builds work
netrc: 'default' with no credentials is not a match
netrc: fix password-only entries
netrc: restore _netrc fallback logic
ngtcp2: fix memory leak on connect failure
ngtcp2: fix two cases of value stored never read
openssl: define `HAVE_KEYLOG_CALLBACK` before use
openssl: drop unused `HAVE_SSL_GET_SHUTDOWN` macro
openssl: fix ECH logic
osslq: use SSL_poll to determine writeability of QUIC streams
projects/Windows: remove wolfSSL from legacy projects
projects: fix `INSTALL-CMAKE.md` references
pytest: remove 'repeat' parameter
pytest: use httpd/apache2 directly, no apachectl
RELEASE-PROCEDURE.md: mention how to publish security advisories
runtests.pl: fix precedence issue
scripts/mdlinkcheck: markdown link checker
sectransp: free certificate on error
select: avoid a NULL deref in cwfds_add_sock
smb: fix compiler warning
src: add `CURL_STRICMP()` macro, use `_stricmp()` on Windows
src: drop support for `CURL_TESTDIR` debug env
src: omit hugehelp and ca-embed from libcurltool
ssl session cache: change cache dimensions
strparse: string parsing helper functions
symbols-in-versions: update version for LIBCURL_VERSION and
LIBCURL_VERSION_NUM
system.h: add 64-bit curl_off_t definitions for NonStop
system.h: drop compilers lacking 64-bit integer type (Windows/MS-DOS)
system.h: drop duplicate and no-op code
system.h: fix indentation
telnet: handle single-byte input option
test1960: don't close the socket too early
test483: require cookie support
tests/http/clients: use proper sleep() call on NonStop
tests: change the behavior of swsbounce
tests: stop promoting perl warnings to fatal errors
TheArtOfHttpScripting.md: rewrite double 'that'
tidy-up: `curl_setup.h`, `curl_setup_once.h`, `config-win32ce.h`
tidy-up: drop parenthesis around `return` expression
tidy-up: drop parenthesis around `return` values
tidy-up: extend `CURL_O_BINARY` to lib and tests
TLS: check connection for SSL use, not handler
tool_formparse.c: make curlx_uztoso a static in here
tool_formparse: accept digits in --form type= strings
tool_getparam: ECH param parsing refix
tool_getparam: fail --hostpubsha256 if libssh2 is not used
tool_getparam: fix "Ignored Return Value"
tool_getparam: fix memory leak on error in parse_ech
tool_getparam: fix the ECH parser
tool_operate: make --etag-compare always accept a non-existing file
transfer: fix CURLOPT_CURLU override logic
urlapi: fix redirect to a new fragment or query (only)
urldata: tweak the UserDefined struct
variable.md: mention --expand-variable for variables to variables
variable.md: show function use with examples
version: fix the IDN feature for winidn and appleidn
vquic: fix 4th function call argument is an uninitialized value
vquic: make vquic_send_packets not return without setting psent
vtls: fix default SSL backend as a fallback
vtls: only remember the expiry timestamp in session cache
vtls: remove 'detach/attach' functions from TLS handler struct
vtls: remove unusued 'check_cxn' from TLS handler struct
vtls: replace "none"-functions with NULL pointers
VULN-DISCLOSURE-POLICY.md: mention the not setting CVSS
VULN-DISCLOSURE-POLICY: on legacy dependencies
websocket: fix message send corruption
windows: drop dupe macros, detect `CURL_OS` for WinCE ARM, indentation
windows: drop redundant `USE_WIN32_SMALL_FILES` macro
windows: drop two missed `buildconf.bat` references
windows: merge `config-win32ce.h` into `config-win32.h`
ws-docs: extend WebSocket documentation
ws-docs: remove the outdated texts saying ws support is experimental
ws: reject frames with unknown reserved bits set
x509asn1: add parse recursion limit
8.11.1
Bugfixes:
build: fix ECH to always enable HTTPS RR
build: fix MSVC UWP builds
build: omit certain deps from `libcurl.pc` unless found via `pkg-config`
build: use `_fseeki64()` on Windows, drop detections
cmake: do not echo most inherited `LDFLAGS` to config files
cmake: drop cmake args list from `buildinfo.txt`
cmake: include `wolfssl/options.h` first
cmake: remove legacy unused IMMEDIATE keyword
cmake: restore cmake args list in `buildinfo.txt`
cmake: set `CURL_STATICLIB` for static lib when `SHARE_LIB_OBJECT=OFF`
cmake: sync GSS config code with other deps
cmake: typo in comment
cmake: work around `ios.toolchain.cmake` breaking feature-detections
cmakelint: fix to check root `CMakeLists.txt`
cmdline/ech.md: formatting cleanups
configure: add FIXMEs for disabled pkg-config references
configure: do not echo most inherited `LDFLAGS` to config files
configure: replace `$#` shell syntax
cookie: treat cookie name case sensitively
curl-rustls.m4: keep existing `CPPFLAGS`/`LDFLAGS` when detected
curl.h: mark two error codes as obsolete
curl: --continue-at is mutually exclusive with --no-clobber
curl: --continue-at is mutually exclusive with --range
curl: --continue-at is mutually exclusive with --remove-on-error
curl: --test-duphandle in debug builds runs "duphandled"
curl: do more command line parsing in sub functions
curl: rename struct var to fix AIX build
curl: use realtime in trace timestamps
curl_multi_socket_all.md: soften the deprecation warning
CURLOPT_PREREQFUNCTION.md: add result code on failure
digest: produce a shorter cnonce in Digest headers
DISTROS: update Alt Linux links
dmaketgz: use --no-cache when building docker image
docs: bring back ALTSVC.md and HSTS.md
docs: document default `User-Agent`
docs: suggest --ssl-reqd instead of --ftp-ssl
duphandle: also init netrc
ECH: enable support for the AWS-LC backend
hostip: don't use the resolver for FQDN localhost
http_negotiate: allow for a one byte larger channel binding buffer
http_proxy: move dynhds_add_custom here from http.c
KNOWN_BUGS: setting a disabled option should return CURLE_NOT_BUILT_IN
krb5: fix socket/sockindex confusion, MSVC compiler warnings
lib: fixes for wolfSSL OPENSSL_COEXIST
libssh: use libssh sftp_aio to upload file
libssh: when using IPv6 numerical address, add brackets
macos: disable gcc `availability` workaround as needed
mbedtls: call psa_crypt_init() in global init
mime: fix reader stall on small read lengths
mk-ca-bundle: remove CKA_NSS_SERVER_DISTRUST_AFTER conditions
mprintf: fix the integer overflow checks
multi: add clarifying comment for wakeup_write()
multi: fix callback for `CURLMOPT_TIMERFUNCTION` not being called again
when...
netrc: address several netrc parser flaws
netrc: support large file, longer lines, longer tokens
nghttp2: use custom memory functions
OpenSSL: improvde error message on expired certificate
openssl: remove three "Useless Assignments"
openssl: stop using SSL_CTX_ function prefix for our functions
os400: Fix IBMi builds
os400: Fix IBMi EBCDIC conversion of arguments
pytest: add test for use of CURLMOPT_MAX_HOST_CONNECTIONS
rtsp: check EOS in the RTSP receive and return an error code
schannel: remove TLS 1.3 ciphersuite-list support
setopt: fix CURLOPT_HTTP_CONTENT_DECODING
setopt: fix missing options for builds without HTTP & MQTT
show-headers.md: clarify the headers are saved with the data
socket: handle binding to "host!<ip>"
socketpair: fix enabling `USE_EVENTFD`
strtok: use namespaced `strtok_r` macro instead of redefining it
tests: add the ending time stamp in testcurl.pl
tests: re-enable 2086, and 472, 1299, 1613 for Windows
TODO: consider OCSP stapling by default
tool_formparse: remove use of sscanf()
tool_getparam: parse --localport without using sscanf
tool_getpass: fix UWP `-Wnull-dereference`
tool_getpass: replace `getch()` call with `_getch()` on Windows
tool_urlglob: parse character globbing range without sscanf
vtls: fix compile warning when ALPN is not available
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
config/rootfiles/common/curl | 5 +++++
lfs/curl | 6 +++---
2 files changed, 8 insertions(+), 3 deletions(-)
diff --git a/config/rootfiles/common/curl b/config/rootfiles/common/curl index 7d0f47756..f27d3b939 100644 --- a/config/rootfiles/common/curl +++ b/config/rootfiles/common/curl @@ -45,6 +45,7 @@ usr/lib/libcurl.so.4.8.0 #usr/share/man/man3/CURLINFO_FTP_ENTRY_PATH.3 #usr/share/man/man3/CURLINFO_HEADER_SIZE.3 #usr/share/man/man3/CURLINFO_HTTPAUTH_AVAIL.3 +#usr/share/man/man3/CURLINFO_HTTPAUTH_USED.3 #usr/share/man/man3/CURLINFO_HTTP_CONNECTCODE.3 #usr/share/man/man3/CURLINFO_HTTP_VERSION.3 #usr/share/man/man3/CURLINFO_LASTSOCKET.3 @@ -62,6 +63,7 @@ usr/lib/libcurl.so.4.8.0 #usr/share/man/man3/CURLINFO_PRIVATE.3 #usr/share/man/man3/CURLINFO_PROTOCOL.3 #usr/share/man/man3/CURLINFO_PROXYAUTH_AVAIL.3 +#usr/share/man/man3/CURLINFO_PROXYAUTH_USED.3 #usr/share/man/man3/CURLINFO_PROXY_ERROR.3 #usr/share/man/man3/CURLINFO_PROXY_SSL_VERIFYRESULT.3 #usr/share/man/man3/CURLINFO_QUEUE_TIME_T.3 @@ -406,6 +408,7 @@ usr/lib/libcurl.so.4.8.0 #usr/share/man/man3/CURLOPT_UPKEEP_INTERVAL_MS.3 #usr/share/man/man3/CURLOPT_UPLOAD.3 #usr/share/man/man3/CURLOPT_UPLOAD_BUFFERSIZE.3 +#usr/share/man/man3/CURLOPT_UPLOAD_FLAGS.3 #usr/share/man/man3/CURLOPT_URL.3 #usr/share/man/man3/CURLOPT_USERAGENT.3 #usr/share/man/man3/CURLOPT_USERNAME.3 @@ -440,6 +443,8 @@ usr/lib/libcurl.so.4.8.0 #usr/share/man/man3/curl_easy_reset.3 #usr/share/man/man3/curl_easy_send.3 #usr/share/man/man3/curl_easy_setopt.3 +#usr/share/man/man3/curl_easy_ssls_export.3 +#usr/share/man/man3/curl_easy_ssls_import.3 #usr/share/man/man3/curl_easy_strerror.3 #usr/share/man/man3/curl_easy_unescape.3 #usr/share/man/man3/curl_easy_upkeep.3 diff --git a/lfs/curl b/lfs/curl index c3d5d2762..a6cb3bb3d 100644 --- a/lfs/curl +++ b/lfs/curl @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2024 IPFire Team <info@ipfire.org> # +# Copyright (C) 2007-2025 IPFire Team <info@ipfire.org> # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 8.11.0 +VER = 8.13.0 THISAPP = curl-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 3db13ed558bee332e07e1eab878b5ecae14cd049c115eea3a25fcb78cf28aadfe577dc224df75b62844529994ec478a9a74fed5c9bae338f809d231420ae5d0a +$(DL_FILE)_BLAKE2 = 6869634ad50f015d5c7526699034d5a3f27d9588bc32eacc8080dbd6c690f63b1f25cee40d3fdf8fd9dd8535c305ea9c5edf1d5a02bc6d9ce60fd8c88230aca0 install : $(TARGET)