From patchwork Sun May 11 10:12:56 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 8719 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4ZwJTz1vwtz3x4T for ; Sun, 11 May 2025 10:13:27 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "E5" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4ZwJTy2JNFz6R2 for ; Sun, 11 May 2025 10:13:26 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4ZwJTt75F9z34Jm for ; Sun, 11 May 2025 10:13:22 +0000 (UTC) X-Original-To: development@lists.ipfire.org Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4ZwJTr17x3z2xLY for ; Sun, 11 May 2025 10:13:20 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4ZwJTn4vZczm7; Sun, 11 May 2025 10:13:17 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1746958397; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=LIaqhQ8m2UczIpF4uPoSgPJI0aeENybC+qDfITQDLf0=; b=9t3PnYHchGgPqCqQJfKmz5Baorq5nfTmrSn2CZtzAjpgprY1lXfvqWNt7pYzGahdB+AF1l 0R11PAhu1CNIs1Cw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1746958397; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=LIaqhQ8m2UczIpF4uPoSgPJI0aeENybC+qDfITQDLf0=; b=R6Fh/1wCCU8iFuPPiL/GLcbNBGyn2IFbeNymMrTn4YfN4iiN3yh37P2KFcqN100+l5Rrgb Yp05Lmh0gp+eHq9xiQ5do1vxIL4eB9FW4dSqGUCE5GmNUKZ9Eh9ti2lkevBLPF0x3mSG+T e5OoHavLPxgpxvdoFNNq0UB77R2pLb4mc9KTQibDcrrkgBBV4Y8tqomkMKeOTq1yRGJuZv 29NGo+j+tkZXOfJ3Su14fkC076JhWQWEzSfMdgaUWPjUnuion+ko7t/eHS6g1xFj8sD6Kf gSqmZFayYfexqnhDYWjuqa+KL7fhOEqKMJ590+SVh7aeFgMG3zXblXujtrrAIg== From: Adolf Belka To: development@lists.ipfire.org Cc: Adolf Belka Subject: [PATCH 1/9] curl: Update to version 8.13.0 Date: Sun, 11 May 2025 12:12:56 +0200 Message-ID: <20250511101311.7315-1-adolf.belka@ipfire.org> Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 - Update from version 8.11.0 to 8.13.0 - Update of rootfile - Knock on effect of this update is to require a newer version of cmake due to changes in some variable from curl that cmake uses. - This therefore the first of a patch set. - Changelog 8.13.0 Changes: curl: add write-out variable 'tls_earlydata' curl: make --url support a file with URLs gnutls: set priority via --ciphers IMAP: add CURLOPT_UPLOAD_FLAGS and --upload-flags lib: add CURLFOLLOW_OBEYCODE and CURLFOLLOW_FIRSTONLY OpenSSL/quictls: add support for TLSv1.3 early data rustls: add support for CERTINFO rustls: add support for SSLKEYLOGFILE rustls: support ECH w/ DoH lookup for config rustls: support native platform verifier var: add a '64dec' function that can base64 decode a string wolfssl: tls early data support Bugfixes: addrinfo: add curl macro to avoid redefining foreign symbols asyn-thread: avoid the separate 'struct resdata' alloc asyn-thread: avoid the separate curl_mutex_t alloc asyn-thread: do not allocate thread_data separately asyn-thread: remove 'status' from struct Curl_async autotools: fix `dllmain.c` in unity builds autotools: fix `libtest` bundle to depend on `FIRSTFILES` autotools: use `CURLDEBUG` to exclude TrackMemory code from unity aws_sigv4: cannot be used for proxy aws_sigv4: merge repeated headers in canonical request aws_sigv4: use strparse more for parsing base64: drop `BUILDING_CURL` macro, always include in tests/server build: add Windows CE / CeGCC support, with CI jobs build: cmake multi-pkg-config detection improvements (brotli, ldap, mbedtls) build: do not apply curl debug macros to `tests/server` by default build: drop unused `getpart` tool build: enable -Wjump-misses-init for GCC 4.5+ build: enable `-Wcast-qual`, fix or silence compiler warnings build: fix compiler warnings in feature detections build: replace Curl_ prefix with curlx_ for functions used in servers build: set `-O3` and tune WinCE in CI, fix `getpart`, `vtls_scache` fallouts build: set `HAVE_STDINT_H` if `stdint.h` is available build: set `HAVE_WRITABLE_ARGV` for Apple cross-builds build: silence bogus `-Wconversion` warnings with gcc 5.1-5.4 build: silence mingw32ce C99 format warnings, simplify CI build: tidy-ups around `inet_pton` c-ares httpsrr: fix ifdef c-ares: error out for unsupported versions, drop unused macros ca-native.md: sync with CURLSSLOPT_NATIVE_CA cf-socket: deduplicate Windows Vista detection cf-socket: remove empty switch client writer: handle pause before decoding cmake: `CURL_LIBDIRS` improvements (upstreamed from vcpkg) cmake: `SHARE_LIB_OBJECT=ON` requires CMake 3.12 or newer cmake: add custom command scripts as dependencies where missing cmake: add pre-fill for Unix, enable in GHA/macos, verify pre-fills cmake: add shell completion support cmake: allow `CURL_STATIC_CRT` with shared libcurl and no curl exe cmake: allow `CURL_STATIC_CRT` with UCRT VS2015+ builds cmake: allow empty `IMPORT_LIB_SUFFIX`, add suffix collision detection cmake: avoid `-Wnonnull` warning in `HAVE_FSETXATTR_5` detection cmake: disable HTTPS-proxy as a feature if proxy is disabled cmake: drop `CURL_DISABLE_TESTS` option cmake: drop `HAVE_C_FLAG_Wno_long_double` logic for ancient Apple gcc cmake: drop `HAVE_IN_ADDR_T` from pre-fill too cmake: drop two stray TLS feature checks for wolfSSL cmake: exclude `-MP` for `clang-cl` again cmake: fix `HAVE_ATOMIC`/`HAVE_STDATOMIC` pre-fill for clang-cl cmake: fix clang-tidy builds to verify tests, fix fallouts cmake: fix detection pre-fills for iOS cmake: fix ECH detection in custom-patched OpenSSL cmake: fix typo in ECH config error msg cmake: hide empty `MINGW64_VERSION` output for mingw32ce cmake: improve httpd detection for pytest cmake: mention 'insecure' in the debug build warning cmake: misc tidy-ups cmake: pre-fill known type sizes for Windows OSes cmake: replace CMAKE_COMPILER_IS_GNUCC with CMAKE_C_COMPILER_ID cmake: replace exec_program() with execute_process() cmake: restrict static CRT builds to static curl exe, test in CI cmake: sync cutoff version with autotools for picky option `-ftree-vrp` cmake: sync OpenSSL(-fork) feature checks with `./configure` cmake: unity mode optimization for non-`CURLDEBUG` `testdeps` targets CODE_STYLE: readability and banned functions config-win32: set `HAVE_STDINT_H` where available configure: call the blocking resolver "blocking", not "default" configure: fix ECH detection with MultiSSL configure: silence compiler warnings in feature checks, drop duplicates configure: tidy up shell completion rules configure: use `curl_cv_apple` variable conn: eliminate `conn->now` conn: fix connection reuse when SSL is optional conncache: eliminate `conn->destination_len` as premature optimization contributors.sh: lowercase 'github' for consistency contrithanks.sh: update docs/THANKS in place cookie: do prefix matching case-sensitively cookie: minor parser simplification cookie: simplify invalid_octets() core: stop redefining `E*` macros on Windows, map `EACCES`, related fixes curl.h: change some enums to defines with L suffix curl.h: convert CURLUSESSL* names to defines curl.h: stop defining non-curl `__has_declspec_attribute` curl.h: switch `CURL_HTTP_VERSION*` enums to long constants curl/system.h: drop leftover comment about 32 bit curl_off_t curl: add my_setopt_long() and _offt() curl_msh3: remove verify bypass from DEBUGBUILDs curl_setup: drop `ERANGE` (for WinCE), no longer used curl_setup_once: drop `E*` macro redefines unused (with winsock2) curl_setup_once: stop redefining `ENAMETOOLONG` to winsock2 error code curl_trc: fix build with CURL_DISABLE_VERBOSE_STRINGS curl_ws_recv.md: expand a little on the fragments the API delivers CURLMOPT_SOCKETFUNCTION.md: add advice for socket callback invocation CURLOPT_HTTPHEADER.md: add comments to the example CURLOPT_HTTPHEADER.md: rephrases curltime: use libcurl time functions in src and tests/server DISABLED: add 313 for sectransp (move from GHA/macos) docs/cmdline-opts: use imperative form docs: adapt to removed --with-random docs: add FD_ZERO to curl_multi_fdset example docs: bump `rustls` to 0.14.1 docs: correct argument names & URL redirection docs: minor edits to please the new spellchecker regime docs: rework RUSTLS install instructions docs: unify HTTP version style in --help output docs: vulnerabilities in debug code are not eligible for a bounty doh: improve HTTPS RR svcparams parsing doh: remove wrong but unreachable exit path from doh_decode_rdata_name dynbuf: assert init on free easy: drop `break` after `return` easy: fix warning about possible comma misuse eventfd: allow use on all CPUs examples: prefer `return` over `exit()` (cont.) ftp/sftp: strdup data info memory ftp: fix comment gnutls: fix connection state check on handshake gnutls: fix use of pkcs11 urls for keys/certs gtls: fix uninitialized variable hash: use single linked list for entries hostip: don't use alarm() for DoH resolves hostip: make CURLOPT_RESOLVE support replacing IPv6 addresses http2: add on_invalid_frame callback for error detection http2: detect session being closed on ingress handling http2: enhance error messages on Curl_dyn* upon receiving headers http2: fix stream assignemnt for pushes http2: reset stream on response header error HTTP3.md: only speak about minimal versions http: convert parsers to strparse http: fix NTLM info message typo http: fix the auth check http: make the RTSP version check stricter http: negotiation and room for alt-svc/https rr to navigate http: remove a HTTP method size restriction http: version negotiation http_chunks: replace a strofft call with curl_str_hex https-rr: implementation improvements httpsrr: fix port detection httpsrr: fix the HTTPS-RR threaded-resolver build combo INFRASTRUCTURE.md: add IRC and Matrix details INSTALL-CMAKE.md: CMake usage updates INSTALL-CMAKE.md: mention `ZLIB_USE_STATIC_LIBS` lib1156: pass longs to `curl_easy_setopt()` lib1560: test set path containing LR or CR lib2302: fix crash due to stack overflow on MSVC and clang Windows lib696: fix building on Windows in non-bundle mode lib: better optimized casecompare() and ncasecompare() lib: clear up CURLRES_ASYNCH vs USE_CURL_ASYNC use lib: fix two curlx_strtoofft invokes lib: rename curlx_strtoofft to Curl_str_numblanks() lib: replace while(ISBLANK()) loops with Curl_str_passblanks() lib: simplify more white space loops lib: strtoofft.h header cleanup lib: use Curl_str_* instead of strtok_r() lib: use Curl_str_number() for parsing decimal numbers libssh2: fix freeing of resources in disconnect libssh2: fix memory leak in `SSH_SFTP_REALPATH` state libssh2: fix to ignore `known_hosts` if SHA256 host public key is set libssh2: print user with verbose flag libssh2: show crypto backend in the verbose connect log libssh: fix freeing of resources in disconnect libssh: fix scp large file upload for 32-bit size_t systems libtest/first.c: remove the Test: stderr output for unity builds libtest/libprereq.c: set CURLOPT_FOLLOWLOCATION with a long managen: accept more markdown-quote-markers managen: correct the warning for un-escaped '<' and '>' mbedtls: re-enable an error check memdebug.h: avoid `-Wredundant-decls` with an extra guard memdebug: drop dynamic allocation from `curl_dbg_log()` mprintf: switch three number parsers to use strparse mqtt: convert sendleftovers to dynbuf msvc: drop support for VS2005 and older multi: call protocol handler done() if PROTOCONNECT or later multi: event based rework multi: kill off remaining internal handles in curl_multi_cleanup multi: start the loop over when handles are removed multi_ev: fixes regarding connection shutdowns ngtcp2: do not iterate over multi handles ntlm: merge ntlm.h into ntlm.c openssl-quic: do not iterate over multi handles openssl: check return value of X509_get0_pubkey openssl: drop support for old OpenSSL/LibreSSL versions openssl: fix crash on missing cert password openssl: fix pkcs11 URI checking for key files. openssl: remove bad `goto`s into other scope prox/preproxy.md: document argument within pytest: test negotiate with http proxy quiche: do not iterate over multi handles RELEASE-PROCEDURE.md: explain release candidates request: clear sendbuf_hds_len when resetting request bufq resolve: fix building without Unix sockets and `CURLDEBUG` runtests: accept `CURL_DIRSUFFIX` without ending slash runtests: add feature-based filtering runtests: check and report if `diff` tool is missing runtests: drop logic calling the `handle` tool (Windows) runtests: drop recognizing 'winssl' as Schannel runtests: drop ref to unused external function runtests: fix bundled test invocation with `-g` option runtests: fix SSH server not starting in cases, re-ignore failing vcpkg CI jobs runtests: fix test key format for libssh2 WinCNG (and others) runtests: generate certs dynamically, bump to EC-256, tidy up runtests: recognize AWS-LC as OpenSSL runtests: rewrite `genserv.sh` in Perl runtests: support multi-target cmake, drop workarounds from CI runtests: support running tests under wine or qemu (cont.) runtests: support running tests under wine or qemu runtests: use `setfacl` on Cygwin/MSYS, if present rustls: add ECH support w/ string ECH config rustls: cap maximum allowed CRL file size to 8MB rustls: support ECH GREASE rustls: use client cert and key if available schannel: deduplicate Windows Vista detection schannel: enable ALPN support under WINE 6.0+ schannel: enable ALPN with MinGW, fix ALPN for UWP builds schannel: guard ALPN init code to ALPN builds scripts/managen: fix option 'single' scripts/managen: fix parsing of markdown code sections scripts: update completion.pl to parse options from docs sectransp: add support for HTTP/2 in gcc builds sendf: client reader line conversion: do not change data->state.infilesize setopt: illegal CURLOPT_SOCKS5_AUTH should return error setopt: remove unnecessary void pointer typecasts setopt: setting PROXYUSERPWD after PROXYUSERNAME/PASSWORD is fine shutdowns: split shutdown handling from connection pool socks: remove bad assert from do_SOCKS5() src: avoid strdup on platforms not doing UTF-8 conversions src: cleanup ISBLANK vs ISSPACE src: remove Curl_ prefix from tool-specific function src: remove final uses of Curl_ symbol prefixes in tool code src: replace strto[u][ld] with curlx_str_ parsers ssh: consider sftp quote commands case sensitive sshserver.pl: adjust `AuthorizedKeysFile2` cutoff version sshserver.pl: use Perl `chmod` sshserver: fix excluding obsolete client config lines ssl session cache: add exportable flag SSLCERTS: list support for SSL_CERT_FILE and SSL_CERT_DIR strparse: make Curl_str_number() return error for no digits strparse: switch the API to work on 'const char *' strparse: switch to curl_off_t as base data type test1022: add support for rc releases test1167: catch #defines with extra whitespace test313: disable CRL test for Schannel due to lack of support and flakiness test313: disable via `` for backends without CRL support test489: set output dir test612: SCP `rm` the uploaded remote file (not the local source), unignore in CI test613: make it pass on Windows, fix postprocess, unignore in CI test615: fix for Cygwin, unignore in CI tests/certs: cleanup tests/server: drop unused `base64.pl` tests/server: fix to check against winsock2 error codes on Windows tests/server: give global `path` variable a more descriptive name tests/server: make the signal handler signal-safe tests/server: replace `errno` with `SOCKERRNO` in sockfilt, socksd, sws tests/server: replace `strerror` with `sstrerror` in socksd tests/server: support bundle binary tests/server: sync `wait_ms()` with the libcurl implementation tests/server: use `curlx_str_numblanks()` to avoid `errno` tests/servers.pm: remove unused variable 'portrange' tests: build non-debug unit tests with autotools, run them tests: fix comment in lib533 tests: fix enum/int confusion, fix autotools `CFLAGS` for `servers` tests: make sure 'commands.log' is generated in the correct logdir tests: mark tests 1631, 1632 flaky tests: reformat error messages to avoid tripping MSBuild tests: remove base64 encoded sections tests: Remove unused variables tests: replace remaining non-ASCII bytes with hex markup tftpd: prefix TFTP protocol error `E*` constants with `TFTP_` tidy-up: align MSYS2/Cygwin codepaths, follow Cygwin `MAX_PID` bump tidy-up: delete, comment or scope C macros reported unused tidy-up: drop unused `CURL_INADDR_NONE` macro and `in_addr_t` type tidy-up: use `CURL_ARRAYSIZE()` timediff: fix comment for curlx_mstotv() timediff: remove unnecessary double typecast tool_dirhie: create dir hierarchy without strtok tool_getparam: clear sensitive arguments better tool_getparam: do parse_upload_flags without the alloc/free tool_getparam: parse --trace-config without strdup()/free() tool_getparam: parse_header() without strtok tool_operate: change "1 retries" to "1 retry" tool_operate: fail SSH transfers without server auth tool_operate: fix pluralization of seconds tool_operate: remove unnecessary (long) typecasts tool_paramhlp: do --proto parsing without strtok tool_parsecfg: make my_get_line skip comments and newlines tool_setopt: reduce use of "code hiding" macros url: call protocol handler's disconnect in Curl_conn_free urlapi: fix redirect from file:// with query, and simplify urlapi: remove percent encoded dot sequences from the URL path urlapi: simplify junkscan urldata: remove 'hostname' from struct Curl_async variable.md: clarify 'trim' example vquic: obey IOV_MAX vtls: fix compiler warnings seen with gcc 7.3.0 and mbedTLS winbuild: reduce command-line length by dropping whitespace windows: do not use winsock2 `inet_ntop()`/`inet_pton()` windows: drop code and curl manifest targeting W2K and older windows: fix issues detected by clang-tidy, and some more wolfssh: fix freeing of resources in disconnect wolfssh: retrieve the error using wolfSSH_get_error wolfssl: fix CA certificate multiple location import wolfssl: fix unused variable warning wolfssl: warn if CA native import option is ignored wolfssl: when using PQ KEM, use ML-KEM, not Kyber ws: corrected curlws_cont to reflect its documented purpose ws: fix and extend CURLWS_CONT handling zlib: bump minimum to 1.2.5.2 (was: 1.2.0.4) 8.12.1 Bugfixes: all: remove FIXME and TODO comments asyn-thread: fix build with `CURL_DISABLE_SOCKETPAIR` asyn-thread: fix HTTPS RR crash asyn-thread: fix the returned bitmask from Curl_resolver_getsock asyn-thread: survive a c-ares channel set to NULL build: add tool_hugehelp.c into IBMi build checksrc.pl: warn on FIXME/TODO comments cmake/Find: set `_FOUND` for compatibility when found via `pkg-config` cmake: add integration tests, run them in CI cmake: always reference OpenSSL and ZLIB via imported targets cmake: avoid unnecessary `-L` for implicit link dirs cmake: drop `LDAP_DEPRECATED=1` macro, to sync with autotools cmake: fix `HAVE_GETHOSTBYNAME_R_*` detections with `CURL_WERROR=ON` cmake: fix to detect `HAVE_OPENSSL_SRP` in MSVC UWP builds cmake: fix/add missing feature detections for Windows/MS-DOS cmake: initialize variables where missing cmake: lib order fixes for picky linkers (e.g. binutils `ld`) cmake: normalize before matching paths with syspaths cmake: respect `GNUTLS_CFLAGS` when detected via `pkg-config` cmake: respect `GNUTLS_LIBRARY_DIRS` in `libcurl.pc` and `curl-config` cmake: save a line with `CMAKE_C_IMPLICIT_LINK_DIRECTORIES` exclusion cmake: tidy up string append and list prepend syntax configure/cmake: check for realpath configure/cmake: set asyn-rr a feature only if httpsrr is enabled content_encoding: #error on too old zlib curl_global_sslset.md: Add SSL backend names CURLOPT_SSH_KNOWNHOSTS.md: strongly recommend using this CURLSHOPT_SHARE.md: adjust for the new SSL session cache docs: better explain multi-part byte range behavior docs: use valid example domain names generate.bat: remove curl_get_line.c from the curlx file list header.md: mention `Authorization:` and `Cookie:` special treatment imap: TLS upgrade fix INTERNALS: fix c-ares, as we actually support 1.6.0 or later ldap: drop support for legacy Novell LDAP SDK lib: include necessary headers for `inet_ntop`/`inet_pton` lib: silence LibreSSL collision warning on non-MSVC Windows libssh2: comparison is always true because rc <= -1 libssh2: raise lowest supported version to 1.2.8 libssh: drop support for libssh older than 0.9.0 libssh: silence `-Wconversion` with a cast (Windows 32-bit) netrc: return code cleanup, fix missing file error openssl-quic: ignore ciphers for h3 openssl: fix out of scope variables in goto pop3: TLS upgrade fix runtests: fix the disabling of the memory tracking runtests: quote commands to support paths with spaces scache: add magic checks smb: silence `-Warray-bounds` with gcc 13+ smtp: TLS upgrade fix SPONSORS.md: clarify that we don't promise goods or services test1516: avoid failure due to spaces in path test2080: simplify, avoid the null byte tests: fix test 558, 1330 for MSVC, allow TrackMemory with MSVC in cmake tidy-up: make per-file `ARRAYSIZE` macros global as `CURL_ARRAYSIZE` tool_cfgable: sort struct fields by size, use bitfields for booleans tool_getparam: add "TLS required" flag for each such option tool_progress: fix percent output of large parallel transfers tool_ssls: switch to tool-specific get_line function verbose.md: mention how carriage-return might occur in headers vquic: make the "disable GSO" use infof, not failf vtls: fix multissl-init vtsl: eliminate 'data->state.ssl_scache' wakeup_write: make sure the eventfd write sends eight bytes wolfssl: silence compiler warning (MSVC 2019), simplify existing 8.12.0 Changes: curl: add byte range support to --variable reading from file curl: make --etag-save acknowledge --create-dirs getinfo: fix CURLINFO_QUEUE_TIME_T and add 'time_queue' var getinfo: provide info which auth was used for HTTP and proxy hyper: drop support openssl: add support to use keys and certificates from PKCS#11 provider QUIC: 0RTT for gnutls via CURLSSLOPT_EARLYDATA vtls: feature ssls-export for SSL session im-/export Bugfixes: altsvc: avoid integer overflow in expire calculation altsvc: return error on dot-only name android: add CI jobs, buildinfo, cmake docs, disable `CURL_USE_PKGCONFIG` by default asyn-ares: acknowledge CURLOPT_DNS_SERVERS set to NULL asyn-ares: fix memory leak asyn-ares: initial HTTPS resolve support asyn-thread: use c-ares to resolve HTTPS RR async-thread: avoid closing eventfd twice autotools: add support for mingw UWP builds autotools: silence gcc warnings in libtool code binmode: convert to macro and use it from tests build: delete `-Wsign-conversion` related FIXMEs build: drop `-Winline` picky warning build: drop `tool_hugehelp.c.cvs`, tidy up macros, drop `buildconf.bat` build: drop unused feature macros, update exception list build: fix `-Wtrampolines` picky warning for gcc 4.x versions build: fix compiling with GCC 4.x versions build: fix the tidy targets for autotools build: fix unsigned `time_t` detection for cmake, MS-DOS, AmigaOS build: replace configure check with PP condition (Android <21) build: stop detecting `sched_yield()` on Windows c-ares: fix/tidy-up macro initializations, avoid a deprecated function cd2nroff: do not insist on quoted <> within backticks cd2nroff: support "none" as a TLS backend cf-https-connect: look into httpsrr alpns when available cf-socket: error if address can't be copied cfilters: kill connection filter events attach+detach checksrc.bat: remove explicit SNPRINTF bypass checksrc: ban use of sscanf() checksrc: check for return with parens around a value/name checksrc: exclude generated bundle files to avoid race condition checksrc: fix the return() checker checksrc: introduce 'banfunc' to ban specific functions cmake/Find: add `iphlpapi` for c-ares, omit syslibs if dep not found cmake/FindLDAP: avoid empty 'Requires' item when omitting `pkg-config` module cmake/FindLDAP: avoid framework locations for libs too (Apple) cmake/FindLibpsl: protect against `pkg-config` "half-detection" cmake/FindLibssh: sync header comment with other modules cmake/FindMbedTLS: drop lib duplicates early cmake: add `librtmp` Find module cmake: add LDAP Find module cmake: add native `pkg-config` detection for remaining Find modules cmake: allow `CURL_LTO` regardless of `CURL_BUILD_TYPE`, enable in CI cmake: clang-cl improvements cmake: delete accidental debug message cmake: deprecate winbuild, add migration guide from legacy build methods cmake: detect mingw-w64 version, pre-fill `HAVE_STRTOK_R` cmake: do not store `MINGW64_VERSION` in cache cmake: drop `CURL_USE_PKGCONFIG` from `curl-config.cmake.in` cmake: drop `fseeko()` pre-fill and check for Windows cmake: drop duplicate Windows cache value cmake: drop redundant FOUND checks (libgsasl, libssh, libuv) cmake: drop redundant opening/closing `.*` from `MATCH` expressions cmake: drop unused `HAVE_SYS_XATTR_H` detection cmake: drop VS2010 "Dialog Hell" workaround added in 2013 cmake: extend zlib's `AUTO` option to brotli, zstd and enable if found cmake: fix `net/in.h` detection for MS-DOS cmake: improve `curl_dumpvars()` and move to `Utilities.cmake` cmake: make libpsl required by default cmake: make system libraries `dl`, `m`, `pthread` customizable cmake: move `pkg-config` names to Find modules cmake: move GSS init before feature detections cmake: move mingw UWP workaround from GHA to `CMakeLists.txt` cmake: namespace functions and macros cmake: optimize out 4 picky warning option detections with gcc cmake: pick a better IPv6 feature flag when assembling the feature list cmake: pre-fill `HAVE_STDATOMIC_H`, `HAVE_ATOMIC` for mingw-w64 cmake: pre-fill `HAVE_STDINT_H` on Windows cmake: prefer dash-style MSVC options cmake: publish/check supported protocols/features via `CURLConfig.cmake` cmake: replace `unset(VAR)` with `set(VAR "")` for init cmake: sync OpenSSL QUIC fork detection with autotools cmake: use `CMAKE_REQUIRED_LINK_DIRECTORIES` cmake: use `STREQUAL` to detect Linux cmake: warn for OpenSSL versions missing TLS 1.3 support cmdline-opts/version.md: describe multissl, mention SSLS-EXPORT completion.pl: add completion for paths after @ for fish config-mac: drop `MACOS_SSL_SUPPORT` macro config: drop unused code and variables configure: do not inline 'dnl' comments configure: drop unused detections and macros configure: streamline Windows large file feature check configure: UWP and Android follow-up fixes conncache: count shutdowns against host and max limits conncache: result_cb comment removed from function docs content_encoding: drop support for zlib before 1.2.0.4 content_encoding: namespace GZIP flag constants content_encoding: put the decomp buffers into the writer structs content_encoding: support use of custom libzstd memory functions cookie: cap expire times to 400 days cookie: fix crash in netscape cookie parsing cookie: parse only the exact expire date curl-functions.m4: fix indentation in `CURL_SIZEOF()` curl: return error if etag options are used with multiple URLs curl_multi_fdset: include the shutdown connections in the set curl_multi_waitfds.md: tidy up the example curl_multibyte: support Windows paths longer than MAX_PATH curl_setup: fix missing `ADDRESS_FAMILY` type in rare build cases curl_sha512_256: rename symbols to the curl namespace curl_url_set.md: adjust the added-in to 7.62.0 curl_ws_recv.md: fix typo CURLOPT_CONNECT_ONLY.md: an easy handle with this option set cannot be reused CURLOPT_PROXY.md: clarify the crendential support in proxy URLs CURLOPT_RESOLVE.md: fix wording CURLOPT_SEEKFUNCTION.md: used for FTP, HTTP and SFTP (only) docs/BUGS.md: remove leading space from a link docs/cmdline-opts/_ENVIRONMENT.md: minor language fix docs/cmdline-opts/location.md: fix typos for location flag docs/HTTP-COOKIES.md: link to more information docs/HTTPSRR.md: initial HTTPS RR documentation docs/libcurl/opts: clarify the return values docs/libcurl: return value overhall docs/TLS-SESSIONS: fix typo, the->they docs: document the behavior of -- in the curl command line docs: use lowercase curl and libcurl doh: cleanups and extended HTTPS RR code doh: send HTTPS RR requests for all HTTP(S) transfers easy: allow connect-only handle reuse with easy_perform easy: make curl_easy_perform() return error if connection still there easy_lock: use Sleep(1) for thread yield on old Windows ECH: update APIs to those agreed with OpenSSL maintainers examples/block-ip: drop redundant `memory.h` include examples/block-ip: show how to block IP addresses examples/complicated: fix warnings, bump deprecated callback, tidy up examples/synctime.c: remove references to dead URLs and functionality examples: make them compile with compatibility functions disabled (Windows) examples: use return according to code style file: drop `OPEN_NEEDS_ARG3` option file: fix Android compiler warning gitignore: add generated unity sources for lib and src GnuTLS: fix 'time_appconnect' for early data hash: add asserts in hash_element_dtor() HTTP/2: strip TE request header http2: fix data_pending check http2: fix value stored to 'result' is never read http: fix build with `CURL_DISABLE_COOKIES` http: ignore invalid Retry-After times http_aws_sigv4: Fix invalid compare function handling zero-length pairs https-connect: start next immediately on failure INFRASTRUCTURE.md: project infra INSTALL-CMAKE.md: fix punctuation INSTALL.md: add CMake examples for macOS and iOS INSTALL.md: document VS2008 and mingw-w64 INTERNALS.md: sync wolfSSL version requirement with source code lib517: extend the getdate test with quotes and leading "junk" lib: clarify 'conn->httpversion' lib: redirect handling by protocol handler lib: remove `__EMX__` guards lib: replace `inline` redefine with `CURL_INLINE` macro lib: supress deprecation warnings in apple builds lib: TLS session ticket caching reworked libcurl/opts: do not save files in dirs where attackers have access Makefile.dist: delete Makefile.mk: drop in favour of autotools and cmake (MS-DOS, AmigaOS3) mbedtls: fix handling of blocked sends mbedtls: PSA can be used independently of TLS 1.3 (avoid runtime errors) mime: explicitly rewind subparts at attachment time. mprintf: fix integer handling in float precision mprintf: terminate snprintf output on windows msvc: add missing push/pop for warning pragmas msvc: assume `_INTEGRAL_MAX_BITS >= 64` msvc: drop checks for ancient versions msvc: fix building with `HAVE_INET_NTOP` and MSVC <=1900 msvc: require VS2005 for large file support msvc: tidy up `_CRT_*_NO_DEPRECATE` definitions multi: fix curl_multi_waitfds reporting of fd_count multi: fix return code for an already-removed easy handle multihandle: add an ssl_scache here multissl: auto-enable `OPENSSL_COEXIST` for wolfSSL + OpenSSL multissl: make openssl + wolfssl builds work netrc: 'default' with no credentials is not a match netrc: fix password-only entries netrc: restore _netrc fallback logic ngtcp2: fix memory leak on connect failure ngtcp2: fix two cases of value stored never read openssl: define `HAVE_KEYLOG_CALLBACK` before use openssl: drop unused `HAVE_SSL_GET_SHUTDOWN` macro openssl: fix ECH logic osslq: use SSL_poll to determine writeability of QUIC streams projects/Windows: remove wolfSSL from legacy projects projects: fix `INSTALL-CMAKE.md` references pytest: remove 'repeat' parameter pytest: use httpd/apache2 directly, no apachectl RELEASE-PROCEDURE.md: mention how to publish security advisories runtests.pl: fix precedence issue scripts/mdlinkcheck: markdown link checker sectransp: free certificate on error select: avoid a NULL deref in cwfds_add_sock smb: fix compiler warning src: add `CURL_STRICMP()` macro, use `_stricmp()` on Windows src: drop support for `CURL_TESTDIR` debug env src: omit hugehelp and ca-embed from libcurltool ssl session cache: change cache dimensions strparse: string parsing helper functions symbols-in-versions: update version for LIBCURL_VERSION and LIBCURL_VERSION_NUM system.h: add 64-bit curl_off_t definitions for NonStop system.h: drop compilers lacking 64-bit integer type (Windows/MS-DOS) system.h: drop duplicate and no-op code system.h: fix indentation telnet: handle single-byte input option test1960: don't close the socket too early test483: require cookie support tests/http/clients: use proper sleep() call on NonStop tests: change the behavior of swsbounce tests: stop promoting perl warnings to fatal errors TheArtOfHttpScripting.md: rewrite double 'that' tidy-up: `curl_setup.h`, `curl_setup_once.h`, `config-win32ce.h` tidy-up: drop parenthesis around `return` expression tidy-up: drop parenthesis around `return` values tidy-up: extend `CURL_O_BINARY` to lib and tests TLS: check connection for SSL use, not handler tool_formparse.c: make curlx_uztoso a static in here tool_formparse: accept digits in --form type= strings tool_getparam: ECH param parsing refix tool_getparam: fail --hostpubsha256 if libssh2 is not used tool_getparam: fix "Ignored Return Value" tool_getparam: fix memory leak on error in parse_ech tool_getparam: fix the ECH parser tool_operate: make --etag-compare always accept a non-existing file transfer: fix CURLOPT_CURLU override logic urlapi: fix redirect to a new fragment or query (only) urldata: tweak the UserDefined struct variable.md: mention --expand-variable for variables to variables variable.md: show function use with examples version: fix the IDN feature for winidn and appleidn vquic: fix 4th function call argument is an uninitialized value vquic: make vquic_send_packets not return without setting psent vtls: fix default SSL backend as a fallback vtls: only remember the expiry timestamp in session cache vtls: remove 'detach/attach' functions from TLS handler struct vtls: remove unusued 'check_cxn' from TLS handler struct vtls: replace "none"-functions with NULL pointers VULN-DISCLOSURE-POLICY.md: mention the not setting CVSS VULN-DISCLOSURE-POLICY: on legacy dependencies websocket: fix message send corruption windows: drop dupe macros, detect `CURL_OS` for WinCE ARM, indentation windows: drop redundant `USE_WIN32_SMALL_FILES` macro windows: drop two missed `buildconf.bat` references windows: merge `config-win32ce.h` into `config-win32.h` ws-docs: extend WebSocket documentation ws-docs: remove the outdated texts saying ws support is experimental ws: reject frames with unknown reserved bits set x509asn1: add parse recursion limit 8.11.1 Bugfixes: build: fix ECH to always enable HTTPS RR build: fix MSVC UWP builds build: omit certain deps from `libcurl.pc` unless found via `pkg-config` build: use `_fseeki64()` on Windows, drop detections cmake: do not echo most inherited `LDFLAGS` to config files cmake: drop cmake args list from `buildinfo.txt` cmake: include `wolfssl/options.h` first cmake: remove legacy unused IMMEDIATE keyword cmake: restore cmake args list in `buildinfo.txt` cmake: set `CURL_STATICLIB` for static lib when `SHARE_LIB_OBJECT=OFF` cmake: sync GSS config code with other deps cmake: typo in comment cmake: work around `ios.toolchain.cmake` breaking feature-detections cmakelint: fix to check root `CMakeLists.txt` cmdline/ech.md: formatting cleanups configure: add FIXMEs for disabled pkg-config references configure: do not echo most inherited `LDFLAGS` to config files configure: replace `$#` shell syntax cookie: treat cookie name case sensitively curl-rustls.m4: keep existing `CPPFLAGS`/`LDFLAGS` when detected curl.h: mark two error codes as obsolete curl: --continue-at is mutually exclusive with --no-clobber curl: --continue-at is mutually exclusive with --range curl: --continue-at is mutually exclusive with --remove-on-error curl: --test-duphandle in debug builds runs "duphandled" curl: do more command line parsing in sub functions curl: rename struct var to fix AIX build curl: use realtime in trace timestamps curl_multi_socket_all.md: soften the deprecation warning CURLOPT_PREREQFUNCTION.md: add result code on failure digest: produce a shorter cnonce in Digest headers DISTROS: update Alt Linux links dmaketgz: use --no-cache when building docker image docs: bring back ALTSVC.md and HSTS.md docs: document default `User-Agent` docs: suggest --ssl-reqd instead of --ftp-ssl duphandle: also init netrc ECH: enable support for the AWS-LC backend hostip: don't use the resolver for FQDN localhost http_negotiate: allow for a one byte larger channel binding buffer http_proxy: move dynhds_add_custom here from http.c KNOWN_BUGS: setting a disabled option should return CURLE_NOT_BUILT_IN krb5: fix socket/sockindex confusion, MSVC compiler warnings lib: fixes for wolfSSL OPENSSL_COEXIST libssh: use libssh sftp_aio to upload file libssh: when using IPv6 numerical address, add brackets macos: disable gcc `availability` workaround as needed mbedtls: call psa_crypt_init() in global init mime: fix reader stall on small read lengths mk-ca-bundle: remove CKA_NSS_SERVER_DISTRUST_AFTER conditions mprintf: fix the integer overflow checks multi: add clarifying comment for wakeup_write() multi: fix callback for `CURLMOPT_TIMERFUNCTION` not being called again when... netrc: address several netrc parser flaws netrc: support large file, longer lines, longer tokens nghttp2: use custom memory functions OpenSSL: improvde error message on expired certificate openssl: remove three "Useless Assignments" openssl: stop using SSL_CTX_ function prefix for our functions os400: Fix IBMi builds os400: Fix IBMi EBCDIC conversion of arguments pytest: add test for use of CURLMOPT_MAX_HOST_CONNECTIONS rtsp: check EOS in the RTSP receive and return an error code schannel: remove TLS 1.3 ciphersuite-list support setopt: fix CURLOPT_HTTP_CONTENT_DECODING setopt: fix missing options for builds without HTTP & MQTT show-headers.md: clarify the headers are saved with the data socket: handle binding to "host!" socketpair: fix enabling `USE_EVENTFD` strtok: use namespaced `strtok_r` macro instead of redefining it tests: add the ending time stamp in testcurl.pl tests: re-enable 2086, and 472, 1299, 1613 for Windows TODO: consider OCSP stapling by default tool_formparse: remove use of sscanf() tool_getparam: parse --localport without using sscanf tool_getpass: fix UWP `-Wnull-dereference` tool_getpass: replace `getch()` call with `_getch()` on Windows tool_urlglob: parse character globbing range without sscanf vtls: fix compile warning when ALPN is not available Signed-off-by: Adolf Belka --- config/rootfiles/common/curl | 5 +++++ lfs/curl | 6 +++--- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/config/rootfiles/common/curl b/config/rootfiles/common/curl index 7d0f47756..f27d3b939 100644 --- a/config/rootfiles/common/curl +++ b/config/rootfiles/common/curl @@ -45,6 +45,7 @@ usr/lib/libcurl.so.4.8.0 #usr/share/man/man3/CURLINFO_FTP_ENTRY_PATH.3 #usr/share/man/man3/CURLINFO_HEADER_SIZE.3 #usr/share/man/man3/CURLINFO_HTTPAUTH_AVAIL.3 +#usr/share/man/man3/CURLINFO_HTTPAUTH_USED.3 #usr/share/man/man3/CURLINFO_HTTP_CONNECTCODE.3 #usr/share/man/man3/CURLINFO_HTTP_VERSION.3 #usr/share/man/man3/CURLINFO_LASTSOCKET.3 @@ -62,6 +63,7 @@ usr/lib/libcurl.so.4.8.0 #usr/share/man/man3/CURLINFO_PRIVATE.3 #usr/share/man/man3/CURLINFO_PROTOCOL.3 #usr/share/man/man3/CURLINFO_PROXYAUTH_AVAIL.3 +#usr/share/man/man3/CURLINFO_PROXYAUTH_USED.3 #usr/share/man/man3/CURLINFO_PROXY_ERROR.3 #usr/share/man/man3/CURLINFO_PROXY_SSL_VERIFYRESULT.3 #usr/share/man/man3/CURLINFO_QUEUE_TIME_T.3 @@ -406,6 +408,7 @@ usr/lib/libcurl.so.4.8.0 #usr/share/man/man3/CURLOPT_UPKEEP_INTERVAL_MS.3 #usr/share/man/man3/CURLOPT_UPLOAD.3 #usr/share/man/man3/CURLOPT_UPLOAD_BUFFERSIZE.3 +#usr/share/man/man3/CURLOPT_UPLOAD_FLAGS.3 #usr/share/man/man3/CURLOPT_URL.3 #usr/share/man/man3/CURLOPT_USERAGENT.3 #usr/share/man/man3/CURLOPT_USERNAME.3 @@ -440,6 +443,8 @@ usr/lib/libcurl.so.4.8.0 #usr/share/man/man3/curl_easy_reset.3 #usr/share/man/man3/curl_easy_send.3 #usr/share/man/man3/curl_easy_setopt.3 +#usr/share/man/man3/curl_easy_ssls_export.3 +#usr/share/man/man3/curl_easy_ssls_import.3 #usr/share/man/man3/curl_easy_strerror.3 #usr/share/man/man3/curl_easy_unescape.3 #usr/share/man/man3/curl_easy_upkeep.3 diff --git a/lfs/curl b/lfs/curl index c3d5d2762..a6cb3bb3d 100644 --- a/lfs/curl +++ b/lfs/curl @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2024 IPFire Team # +# Copyright (C) 2007-2025 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 8.11.0 +VER = 8.13.0 THISAPP = curl-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 3db13ed558bee332e07e1eab878b5ecae14cd049c115eea3a25fcb78cf28aadfe577dc224df75b62844529994ec478a9a74fed5c9bae338f809d231420ae5d0a +$(DL_FILE)_BLAKE2 = 6869634ad50f015d5c7526699034d5a3f27d9588bc32eacc8080dbd6c690f63b1f25cee40d3fdf8fd9dd8535c305ea9c5edf1d5a02bc6d9ce60fd8c88230aca0 install : $(TARGET)