From patchwork Thu Jun 6 13:50:31 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 7845 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature ECDSA (secp384r1) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4Vw5MK1SrVz3wxV for ; Thu, 6 Jun 2024 13:50:53 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature ECDSA (secp384r1) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4Vw5M81bb7z1rT; Thu, 6 Jun 2024 13:50:44 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4Vw5M66VPSz32xB; Thu, 6 Jun 2024 13:50:42 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature ECDSA (secp384r1) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4Vw5M427Jzz30Sl for ; Thu, 6 Jun 2024 13:50:40 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4Vw5M16cT2z1Hw; Thu, 6 Jun 2024 13:50:37 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1717681838; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=uLBiWZVkxoHQa9LZCXWG7N6FIrqGLJBdiZX+WJ4Hp90=; b=Zr3WPaoHDmPEURFvNKoEwJYNRGc3FhmwvCqXGVatA9pnzbUCfEMk+I6PZQ35UIrYH0Znru GvKyBKp5aiuV6WDA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1717681838; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=uLBiWZVkxoHQa9LZCXWG7N6FIrqGLJBdiZX+WJ4Hp90=; b=U4iBD4+pyK2AeS7SAVuYVha7yzCCEVZ34yBcyk4R8ZFi8SjOfkykHCc/Ls5chjO9iPZEMW zaAcbudQWQjW6aASwgimculqtI5KYZJcFcnNUx5ltA2PejAEuqj/oUgeQeVbqa4A2c7TUK Iv6pQm6H7KymZ+DBOXcRjwgnwqzpJ1sK1EtxbZFL7CS1V+gnxRWPN4EBsXd1HNcqeqhH5X uwYI9nGrXYEmMYOTNcFk5E7cesS/TwPepgePTQB28XL+QcsirovlU8lWEgQN8246wJFXVU 4StxaxTOauqI/6een0cr5wk9rYL62aCvFgZZ81YtcTouzPKAODilGyLUh+lCsQ== From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH] curl: Update to version 8.8.0 Date: Thu, 6 Jun 2024 15:50:31 +0200 Message-ID: <20240606135032.549882-1-adolf.belka@ipfire.org> MIME-Version: 1.0 Message-ID-Hash: 3C5O7AN75VFVHJGEFCNF7BSXYOOJVMWY X-Message-ID-Hash: 3C5O7AN75VFVHJGEFCNF7BSXYOOJVMWY X-MailFrom: adolf.belka@ipfire.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.8 Precedence: list List-Id: IPFire development talk Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: - Update from version 8.2.1 to 8.8.0 - Update of rootfile - Removal of patch as the content now included in the source tarball. - Changelog 8.8.0 Changes: curl_version_info: provide librtmp version file: add support for directory listings idn: add native AppleIDN (icucore) support for macOS/iOS lib: add curl_multi_waitfds mbedTLS: implement CURLOPT_SSL_CIPHER_LIST option NTLM_WB: drop support TLS: add support for ECH (Encrypted Client Hello) urlapi: add CURLU_GET_EMPTY for empty queries and fragments Bugfixes: appveyor: drop unnecessary `--clean-first` cmake option appveyor: guard against crash-build with VS2008 appveyor: make gcc 6 mingw64 job build-only asyn-thread: fix curl_global_cleanup crash in Windows asyn-thread: fix Curl_thread_create result check autotools: delete unused functions autotools: fix `HAVE_IOCTLSOCKET_FIONBIO` test for gcc 14 autotools: only probe for SGI MIPS compilers on IRIX bearssl: fix compiler warnings bearssl: use common code for cipher suite lookup bufq: remove duplicate word in comment BUG-BOUNTY.md: clarify the third party situation build: prefer `USE_IPV6` macro internally (was: `ENABLE_IPV6`) build: remove MacOSX-Framework script cd2nroff/manage: use UTC when SOURCE_DATE_EPOCH is set cf-https-connect: use timeouts as unsigned ints cf-socket: don't try getting local IP without socket cf-socket: remove references to l_ip, l_port ci: add curl-for-win builds: Linux MUSL, macOS, Windows cmake: add `BUILD_EXAMPLES` option to build examples cmake: add librtmp/rtmpdump option and detection cmake: check fseeko after detecting HAVE_FILE_OFFSET_BITS cmake: do not pass linker flags to the static library tool cmake: enable `-pedantic-errors` for clang when `CURL_WERROR=ON` cmake: FindNGHTTP2 add static lib name to find_library call cmake: fix `CURL_WERROR=ON` for old CMake and use it in GHA/linux-old cmake: fix `HAVE_IOCTLSOCKET_FIONBIO` test with gcc 14 cmake: fixup `DEPENDS` filename cmake: forward `USE_LIBRTMP` option to C cmake: generate misc manpages and install `mk-ca-bundle.pl` cmake: initialize `BUILD_TESTING` before first use cmake: speed up libcurl doc building again cmake: tidy-up to use `WORKING_DIRECTORY` cmake: use namespaced custom target names cmdline-docs: fix make install with configure --disable-docs configure: error on missing perl if docs or manual is enabled configure: make --disable-docs imply --disable-manual content_encoding: brotli and others, pass through 0-length writes content_encoding: ignore duplicate chunked encoding content_encoding: reject transfer-encoding after chunked contrithanks: honor `CURLWWW` variable curl-confopts.m4: define CARES_NO_DEPRECATED when c-ares is used curl.h: change CURL_SSLVERSION_* from enum to defines curl: make --help adapt to the terminal width curl: use curl_getenv instead of the curlx_ version Curl_creader_read: init two variables to avoid using them uninited curl_easy_pause.md: use correct defines in example curl_getdate.md: document two-digit year handling curl_global_trace.md: shorten the description curl_multibyte: remove access() function wrapper for Windows curl_path: make Curl_get_pathname use dynbuf curl_setup.h: add support for IAR compiler curl_setup.h: detect 'inline' support curl_sha512_256: do not use workaround for NetBSD when not needed curl_sha512_256: fix detection of OpenSSL 1.1.1 or later curl_url_get.md: clarify queries and fragments and CURLU_GET_EMPTY CURLINFO_REQUEST_SIZE: fixed, add tests for transfer infos reported CURLOPT_WRITEFUNCTION.md: fix the callback proto in the example cw-out: improved error handling DEPRECATE.md: TLS libraries without 1.3 support digest: replace strcpy for empty string with simple assignment dist: `set -eu`, fix shellcheck, make reproducible and smaller tarballs dist: add files missing from release tarball dist: add reproducible dir entries to tarballs dist: do not require Perl in `maketgz` dist: remove the curl-config.1 from the tarball dist: verify tarball reproducibility in CI DISTROS: add patch and issues link for curl-for-win DISTROS: Cygwin updates dllmain: Call OpenSSL thread cleanup for Windows and Cygwin doc: pytest `--repeat` -> `--count` docs/cmdline-opts: invoke managen using a relative path docs/cmdline-opts: mention STARTTLS for --ssl and --ssl-reqd docs: add CURLOPT_NOPROGRESS to CURLOPT_XFERINFOFUNCTION example docs: clarify CURLOPT_MAXFILESIZE and CURLOPT_MAXFILESIZE_LARGE docs: fix some CURLINFO examples doh: fix typo in comment doh: remove unused function prototype dynbuf: fix returncode on memory error examples: fix/silence `-Wsign-conversion` EXPERIMENTAL: add graduation requirements for each feature file: remove useless assignment ftp: add tracing support ftp: fix build for CURL_DISABLE_VERBOSE_STRINGS ftp: fix socket leak on rare error GHA: add NetBSD, OpenBSD, FreeBSD/arm64 and OmniOS jobs GHA: add shellcheck job and fix warnings, shell tidy-ups GHA: add valgrind to a wolfSSL build GHA: on macOS remove $HOME/.curlrc GHA: pin dependencies gnutls: lazy init the trust settings h3/ngtcp2: improve error handling hash: change 'slots' to size_t from int hash: delete unused debug function hsts: explicitly skip blank lines hsts: remove single-use single-line function http tests: in CI skip test_02_23* for quiche http2 + ngtcp2: pass CURLcode errors from callbacks http2, http3: decouple stream state from easy handle http2: emit RST when client write fails http3: quiche+ngtcp2 improvements http: acknowledge a returned error code http: HEAD response body tolerance http: reject HTTP major version switch mid connection http: remove redundant check http: with chunked POST forced, disable length check on read callback http_aws_sigv4: remove useless assignment idn: make Curl_idnconvert_hostname() use Curl_idn_decode() if2ip: make the buf_size arg a size_t INSTALL-CMAKE.md: explain `cmake -G ` krb5: use dynbuf ldap: fix unused variables (seen on OmniOS) lib/cf-h1-proxy: silence compiler warnings (gcc 14) lib: add trace support for client reads and writes lib: bump hash sizes to `size_t` lib: clear the easy handle's saved errno before transfer lib: fix compiler warnings (gcc) lib: make protocol handlers store scheme name lowercase lib: merge `ENABLE_QUIC` C macro into `USE_HTTP3` lib: remove two instances of "only only" messages lib: silence `-Wsign-conversion` in base64, strcase, mprintf lib: silence warnings on comma misuse lib: use `#error` instead of invalid syntax in `curl_setup_once.h` lib: use multi instead of multi_easy for the active multi libcurl-opts: mention pipelining less libssh2: delete redundant feature guard libssh2: replace `access()` with `stat()` libssh2: set length to 0 if strdup failed m4: fix rustls pkg-config codepath MAIL-ETIQUETTE: convert to markdown makefile: remove the sorting from the vc-ide action maketgz: put docs/RELEASE-TOOL.md into the tarball managen: fix the option sort order mbedtls: call mbedtls_ssl_setup() after RNG callback is set mbedtls: cut off trailing newlines from debug logs mbedtls: fix building with v3 in CMake Unity mode mbedtls: support TLS 1.3 mime: avoid using access() misc: fix typos misc: fix typos, quoting and spelling mprintf: check fputc error rather than matching returned character mqtt: when Curl_xfer_recv returns error, don't use nread multi: avoid memory-leak risk multi: introduce SETUP state for better timeouts multi: multi_wait improvements multi: remove the unused Curl_preconnect function multi: remove useless assignment multi: timeout handles even without connection openldap: create ldap URLs correctly for IPv6 addresses openssl: do not set SSL_MODE_RELEASE_BUFFERS openssl: revert keylog_callback support for LibreSSL OS400: fix shellcheck warnings in scripts projects: drop MSVC project files for recent versions pytest: add DELETE tests, check server version pytest: fixes for recent python, add FTP tests quic: fixup duplicate static function name (for cmake unity) quiche: expire all active transfers on connection close quiche: trust its timeout handling RELEASE-PROCEDURE: mention an initial working build request: make Curl_req_init return void request: paused upload on completed download, assess connection reuse: add copyright + license info to individual docs/*.md files ROADMAP: remove completed entries, mention websocket rustls: fix handshake done handling rustls: fix partial send handling rustls: remove incorrect SSLSUPP_TLS13_CIPHERSUITES flag rustsls: fix error code on receive sendf: fix two typos in comments sendf: useless assignment in cr_lc_read() setopt: acknowledge errors proper for CURLOPT_COOKIEJAR setopt: make the setstropt_userpwd args compulsory setopt: remove check for 'option' that is always true setopt: warn on Curl_set*opt() uses not using the return value smtp: result of Curl_bufq_cread was not used socket: remove redundant call to getsockname socketpair: fix compilation when USE_UNIX_SOCKETS is not defined src: tidy up types, add necessary casts telnet: check return code from fileno() tests/http: fix compiler warning tests: add -q as first option when invoking curl for tests tests: check caddy server version to match test expectations tests: enable test 1117 for hyper tests: fix feature case in test1481 tests: fix test 1167 to skip digit-only symbols tests: make the unit test result type `CURLcode` tests: Mark tftpd timer function as noreturn tests: tidy up types in server code tls: fix SecureTransport + BearSSL cmake unity builds tls: remove EXAMPLEs from deprecated options tls: use shared init code for TCP+QUIC tool: move tool_ftruncate64 to tool_util.c tool_cb_rea: limit rate unpause for -T . uploads tool_cfgable: free {proxy_}cipher13_list on exit tool_getparam: output warning for leading unicode quote character tool_getparam: remove two redundant conditions tool_operate: don't truncate the etag save file by default tool_operate: init vars unconditionally in post_per_transfer tool_paramhlp: remove duplicate assign tool_xattr: "guess" URL scheme if none is provided tool_xattr: in debug builds, act normally if CURL_FAKE_XATTR is not set transfer: remove useless assignment url: do not URL decode proxy crendentials url: fix use of an uninitialized variable url: make parse_login_details use memdup0 url: remove duplicate call to Curl_conncache_remove_conn when pruning urlapi: allow setting port number zero urlapi: fix relative redirects to fragment-only urldata: remove fields not used depending on used features vauth: make two functions void that always just returned OK version: use msnprintf instead of strncpy vquic-tls: use correct cert name check API for wolfSSL vquic: use CURL_FORMAT_CURL_OFF_T for 64 bit printf output vtls: TLS session storage overhaul wakeup_create: use FD_CLOEXEC/SOCK_CLOEXEC warnless: delete orphan declarations websocket: avoid memory leak in error path winbuild: add ENABLE_WEBSOCKETS option winbuild: use $(RC) correctly wolfssl: plug memory leak in wolfssl_connect_step2() x509asn1: return error on missing OID 8.7.1 Bugfixes: Fixed empty tool_hugehelp.c file 8.7.0 Changes: configure: add --disable-docs flag CURLINFO_USED_PROXY: return bool whether the proxy was used digest: support SHA-512/256 DoH: add trace configuration write-out: add '%{proxy_used}' Bugfixes: ALTSVC.md: correct a typo asyn-ares: fix data race warning asyn-thread: use wakeup_close to close the read descriptor badwords: use hostname, not host name BINDINGS: add mcurl, the python binding bufq: writing into a softlimit queue cannot be partial c-hyper: add header collection writer in hyper builds cd2nroff: gen: make `\>` in input to render as plain '>' in output cd2nroff: remove backticks from titles checksrc.pl: fix handling .checksrc with CRLF cmake: add USE_OPENSSL_QUIC support cmake: add warning for using TLS libraries without 1.3 support cmake: enable `ENABLE_CURL_MANUAL` by default cmake: fix `CURL_WINDOWS_SSPI=ON` with Schannel disabled cmake: fix function description in comment cmake: fix install for older CMake versions cmake: fix libcurl.pc and curl-config library specifications cmdline-docs/Makefile: avoid using a fixed temp file name cmdline-docs: quote and angle bracket cleanup cmdline-opts/_EXITCODES: sync with libcurl-errors cmdline-opts/_VARIABLES.md: improve the description cmdline-opts/_VERSION: provide %VERSION correctly cmdline-opts: shorter help texts configure: add pkg-config support to rustls detection configure: add warning for using TLS libraries without 1.3 support configure: build & install shell completions when enabled configure: do not link with nghttp3 unless necessary configure: Don't build shell completions when disabled configure: Don't make shell completions without perl configure: find libpsl with pkg-config connect.c: fix typo CONTRIBUTE: update the section on documentation format cookie.md: provide an example sending a fixed cookie cookie: if psl fails, reject the cookie curl: exit on config file parser errors curl: make --libcurl output better CURLOPT_*SSLVERSION curl: when allocating variables, add the name into the struct curl_setup.h: add curl_uint64_t internal type curldown: fix email address in Copyright CURLMOPT_MAX*: mention what happens if changed mid-transfer CURLOPT_INTERFACE.md: remove spurious amp, add see-also CURLOPT_POSTQUOTE.md: fix typo CURLOPT_SSL_CTX_FUNCTION.md: no promises of lifetime after return CURLOPT_WRITEFUNCTION.md: typo fix digest: add check for hashing error dist: make sure the http tests are in the tarball DISTROS: add document with distro pointers docs/libcurl: add TLS backend info for all TLS options docs/libcurl: generate PROTOCOLS from meta-data docs: add missing slashes to SChannel client certificate documentation docs: add necessary setup for nghttp3 docs: ascii version of manpage without nroff docs: dist curl*.1 and install without perl docs: make curldown do angle brackets like markdown docs: make each libcurl man specify protocol(s) docs: make sure curl.1 is included in dist tarballs docs: update minimal binary size in INSTALL.md docs: use present tense examples: use present tense in comments file: use xfer buf for file:// transfers fopen: fix narrowing conversion warning on 32-bit Android form-string.md: correct the example ftp: do lineend conversions in client writer ftp: fix socket wait activity in ftp_domore_getsock ftp: tracing improvements ftp: treat a 226 arriving before data as a signal to read data gen.pl: make the "manpageification" faster gen: make `\>` in input to render as plain '>' in output getparam: make --ftp-ssl work again GHA/linux: add sysctl trick to work-around GitHub runner issue GIT-INFO: convert to markdown GOVERNANCE: document the core team header.md: remove backslash, make nicer markdown HTTP/2: write response directly http2, http3: return CURLE_PARTIAL_FILE when bytes were received http2: fix push discard http2: memory errors in the push callbacks are fatal http2: minor tweaks to optimize two struct sizes http2: push headers better cleanup http2: remove the third (unused) argument from http2_data_done() HTTP3.md: adjust the OpenSSL QUIC install instructions http: better error message for HTTP/1.x response without status line http: improve response header handling, save cpu cycles http: move headers collecting to writer http: remove stale comment about rewindbeforesend http: separate response parsing from response action http_chunks: fix the accounting of consumed bytes http_chunks: remove unused 'endptr' variable https-proxy: use IP address and cert with ip in alt names hyper: implement unpausing via client reader ipv6.md: mention IPv4 mapped addresses KNOWN_BUGS: POP3 issue when reading small chunks lib1598: fix `CURLOPT_POSTFIELDSIZE` usage lib582: remove code causing warning that is never run lib: add `void *ctx` to reader/writer instances lib: convert Curl_get_line to use dynbuf lib: Curl_read/Curl_write clarifications lib: enhance client reader resume + rewind lib: initialize output pointers to NULL before calling strto[ff,l,ul] lib: keep conn IP information together lib: move 'done' parameter to SingleRequests lib: remove curl_mimepart object when CURL_DISABLE_MIME libcurl-docs: cleanups libcurl-security.md: Active FTP passes on the local IP address libssh/libssh2: return error on too big range MANUAL.md: fix typo mbedtls: fix building when MBEDTLS_X509_REMOVE_INFO flag is defined mbedtls: fix pytest for newer versions mbedtls: properly cleanup the thread-shared entropy mbedtls: use mbedtls_ssl_conf_{min|max}_tls_version md4: include strdup.h for the memdup proto mime: add client reader misc: fix typos in docs and lib mkhelp: simplify the generated hugehelp program mprintf: fix format prefix I32/I64 for windows compilers multi: add xfer_buf to multi handle multi: fix multi_sock handling of select_bits multi: make add_handle free any multi_easy ngtcp2: no recvbuf for stream ntml_wb: fix buffer type typo OpenSSL QUIC: adapt to v3.3.x openssl-quic: check on Windows that socket conv to int is possible openssl-quic: fix BIO leak and Windows warning openssl-quic: fix unity build, casing, indentation OS400: avoid using awk in the build scripts paramhlp: fix CRLF-stripping files with "-d @file" proxy1.0.md: fix example pytest: adapt to API change request: clarify message when request has been sent off rustls: make curl compile with 0.12.0 schannel: fix hang on unexpected server close scripts: fix cijobs.pl for Azure and GHA sendf: ignore response body to HEAD setopt: fix check for CURLOPT_PROXY_TLSAUTH_TYPE value setopt: fix disabling all protocols sha512_256: add support for GnuTLS and OpenSSL smtp: fix STARTTLS SPONSORS: describe the basics strtoofft: fix the overflow check test 1541: verify getinfo values on first header callback test1165: improve pattern matching tests: support setting/using blank content env variables TIMER_STARTTRANSFER: set the same for everyone TLS: start shutdown only when peer did not already close TODO: update 13.11 with more information tool_cb_hdr: only parse etag + content-disposition for 2xx tool_getparam: accept a blank -w "" tool_getparam: handle non-existing (out of range) short-options tool_operate: change precedence of server Retry-After time tool_operate: do not set CURLOPT_QUICK_EXIT in debug builds trace-config.md: remove the mutexed options list transfer.c: break receive loop in speed limited transfers transfer: improve Windows SO_SNDBUF update limit urldata: move authneg bit from conn to Curl_easy version: allow building with ancient libpsl vquic-tls: fix the error code returned for bad CA file vtls: fix tls proxy peer verification vtls: revert "receive max buffer" + add test case VULN-DISCLOSURE-POLICY.md: update detail about CVE requests websocket: fix curl_ws_recv() wolfSSL: do not call the stub function wolfSSL_BIO_set_init() write-out.md: clarify error handling details 8.6.0 Changes: add CURLE_TOO_LARGE add CURLINFO_QUEUE_TIME_T add CURLOPT_SERVER_RESPONSE_TIMEOUT_MS: add asyn-thread: use GetAddrInfoExW on >= Windows 8 configure: make libpsl detection failure cause error docs/cmdline: change to .md for cmdline docs docs: introduce "curldown" for libcurl man page format runtests: support -gl. Like -g but for lldb. Bugfixes: altsvc: free 'as' when returning error appveyor: replace PowerShell with bash + parallel autotools appveyor: switch to out-of-tree builds asyn-ares: with modern c-ares, use its default timeout build: delete unused `HAVE_{GSSHEIMDAL,GSSMIT,HEIMDAL}` build: delete/replace clang warning pragmas build: enable missing OpenSSF-recommended warnings, with fixes build: fix `-Wconversion`/`-Wsign-conversion` warnings build: fix Windows ADDRESS_FAMILY detection build: more `-Wformat` fixes build: remove redundant `CURL_PULL_*` settings cf-h1-proxy: no CURLOPT_USERAGENT in CONNECT with hyper cf-socket: show errno in tcpkeepalive error messages CI/distcheck: run full tests cmake: add option to disable building docs cmake: fix generation for system name iOS cmake: fix typo cmake: freshen up docs/INSTALL.cmake cmake: prefill/cache `HAVE_STRUCT_SOCKADDR_STORAGE` cmake: rework options to enable curl and libcurl docs cmake: when USE_MANUAL=YES, build the curl.1 man page cmdline-opts/write-out.d: remove spurious double quotes cmdline-opts: update availability for the *-ca-native options cmdline/gen: fix the sorting of the man page options configure: add libngtcp2_crypto_boringssl detection configure: fix no default int compile error in ipv6 detection configure: when enabling QUIC, check that TLS supports QUIC connect: remove margin from eyeballer alloc content_encoding: change return code to typedef'ed enum cookie.d: document use of empty string to enable cookie engine cookie: avoid fopen with empty file name curl.h: CURLOPT_DNS_SERVERS is only available with c-ares curl: show ipfs and ipns as supported "protocols" curl_easy_getinfo.3: remove the wrong time value count curl_multi_fdset.3: remove mention of null pointer support CURLINFO_REFERER.3: clarify that it is the *request* header CURLOPT_AUTOREFERER.3: mention CURLINFO_REFERER CURLOPT_POSTFIELDS.3: fix incorrect C string escape in example CURLOPT_SSH_*_KEYFILE: clarify dist: add tests/errorcodes.pl to the tarball docs: clean up Protocols: for cmdline options docs: describe and highlight super cookies docs: do not start lines/sentences with So, But nor And docs: install curl.1 with cmake docs: mention env vars not used by schannel doh: remove unused local variable examples: add four new examples file+ftp: use stack buffers instead of data->state.buffer ftp: handle the PORT parsing without allocation ftp: use dynbuf to store entrypath ftp: use memdup0 to store the OS from a SYST 215 response ftpserver.pl: send 213 SIZE response without spurious newline gen.pl: support ## for doing .IP in table-like lists gen: do italics/bold for a range of letters, not just single word GHA: add a job scanning for "bad words" in markdown GHA: bump ngtcp2, gnutls, mod_h2, quiche gnutls: fix build with --disable-verbose haproxy-clientip.d: document the arg headers: make sure the trailing newline is not stored headers: remove assert from Curl_headers_push hostip: return error immediately when Curl_ip2addr() fails hsts: remove assert for zero length domain http2: improved on_stream_close/data_done handling http3/quiche: fix result code on a stream reset http3: initial support for OpenSSL 3.2 QUIC stack http: adjust_pollset fix http: check for "Host:" case insensitively http: fix off-by-one error in request method length check http: only act on 101 responses when they are HTTP/1.1 http: remove comment reference to a removed solution http: use stack scratch buffer http_proxy: a blank CURLOPT_USERAGENT should not be used in CONNECT krb5: add prototype to silence clang warnings on mvsnprintf() lib: add debug log outputs for CURLE_BAD_FUNCTION_ARGUMENT lib: error out on multissl + http3 lib: fix variable undeclared error caused by `infof` changes lib: reduce use of strncpy lib: rename Curl_strndup to Curl_memdup0 to avoid misunderstanding lib: replace readwrite with write_resp lib: strndup/memdup instead of malloc, memcpy and null-terminate libssh2: use `libssh2_session_callback_set2()` with v1.11.1 libssh: improve the deprecation warning dismissal libssh: supress warnings without version check Makefile.am: fix the MSVC project generation Makefile.mk: drop Windows support mbedtls: fix `-Wnull-dereference` and `-Wredundant-decls` mbedtls: free the entropy when threaded mime: use memdup0 instead of malloc + memcpy mksymbolsmanpage.pl: provide references to where the symbol is used mprintf: overhaul and bugfixes mqtt: use stack scratch buffer for recv+publish multi: remove total timer reset in file_do() while fetching file:// ngtcp2: put h3 at the front of alpn ntlm_wb: do not use data->state.buffer any longer openldap: fix an LDAP crash openldap: fix STARTTLS openssl: re-match LibreSSL deinit with init openssl: when verifystatus fails, remove session id from cache OS400: sync ILE/RPG binding pingpong: stop using the download buffer pop3: replace calloc + memcpy with memdup0 pytest: scorecard tracking CPU and RSS quiche: return CURLE_HTTP3 on send to invalid stream readwrite_data: loop less Revert "urldata: move async resolver state from easy handle to connectdata" rtsp: deal with borked server responses runtests: for mode="text" on , fix newlines on both parts sasl: make login option string override http auth schannel: fix `-Warith-conversion` gcc 13 warning sectransp: do verify_cert without memdup for blobs sectransp_ make TLSCipherNameForNumber() available in non-verbose config sendf: fix compiler warning with CURL_DISABLE_HEADERS_API setopt: clear mimepost when formp is freed setopt: use memdup0 when cloning COPYPOSTFIELDS socks: fix generic output string to say SOCKS instead of SOCKS4 socks: use own buffer instead of data->state.buffer ssh: fix namespace of two local macros ssh: use stack scratch buffer for seeks strerror: repair get_winsock_error() system.h: sync mingw `CURL_TYPEOF_CURL_SOCKLEN_T` with other compilers system_win32: fix a function pointer assignment warning telnet: use dynbuf instad of malloc for escape buffer telnet: use stack scratch buffer for do tests/server: delete workaround for old-mingw tests: avoid int/size_t conversion size/sign warnings tests: respect $TMPDIR when creating unix domain sockets tool: make parser reject blank arguments if not supported tool: prepend output_dir in header callback tool_getparam: bsearch cmdline options tool_getparam: do not try to expand without an argument tool_getparam: stop supporting `@filename` style for --cookie tool_listhelp: regenerate after recent .d updates tool_operate: make --remove-on-error only remove "real" files tool_operate: stop setting the file comment on Amiga transfer: adjust_pollset improvements transfer: fix upload rate limiting, add test cases transfer: make the select_bits_paused condition check both directions transfer: remove warning: Value stored to 'blen' is never read url: don't set default CA paths for Secure Transport backend url: for disabled protocols, mention if found in redirect urlapi: remove assert verify-examples.pl: fail verification on unescaped backslash version: show only the libpsl version, not its dependencies vquic: extract TLS setup into own source vtls: fix missing multissl version info vtls: receive max buffer vtls: remove the Curl_cft_ssl_proxy object if CURL_DISABLE_PROXY websockets: check for negative payload lengths websockets: refactor decode chain windows: delete redundant headers windows: simplify detecting and using system headers wolfssl: load certificate *chain* for PEM client certs x509asn1: remove code for WANT_VERIFYHOST x509asn1: switch from malloc to dynbuf 8.5.0 Changes: gnutls: support CURLSSLOPT_NATIVE_CA HTTP3: ngtcp2 builds are no longer experimental Bugfixes: appveyor: make VS2008-built curl tool runnable asyn-thread: use pipe instead of socketpair for IPC when available autotools: accept linker flags via `CURL_LDFLAGS_{LIB,BIN}` autotools: avoid passing `LDFLAGS` twice to libcurl autotools: delete LCC compiler support bits autotools: fix/improve gcc and Apple clang version detection autotools: stop setting `-std=gnu89` with `--enable-warnings` autotools: update references to deleted `crypt-auth` option BINDINGS: add V binding build: add `src/.checksrc` to source tarball build: add more picky warnings and fix them build: always revert `#pragma GCC diagnostic` after use build: delete `HAVE_STDINT_H` and `HAVE_INTTYPES_H` build: delete support bits for obsolete Windows compilers build: fix 'threadsafe' feature detection for older gcc build: fix builds that disable protocols but not digest auth build: fix compiler warning with auths disabled build: fix libssh2 + `CURL_DISABLE_DIGEST_AUTH` + `CURL_DISABLE_AWS` build: picky warning updates build: require Windows XP or newer cfilter: provide call to tell connection to forget a socket CI: add autotools, out-of-tree, debug build to distro check job CI: ignore test 286 on Appveyor gcc 9 build cmake: add `CURL_DISABLE_BINDLOCAL` option cmake: add test for `DISABLE` options, add `CURL_DISABLE_HEADERS_API` cmake: dedupe Windows system libs cmake: fix `HAVE_H_ERRNO_ASSIGNABLE` detection cmake: fix CURL_DISABLE_GETOPTIONS cmake: fix multiple include of CURL package cmake: fix OpenSSL quic detection in quiche builds cmake: option to disable install & drop `curlu` target when unused cmake: pre-fill rest of detection values for Windows cmake: replace `check_library_exists_concat()` cmake: speed up threads setup for Windows cmake: speed up zstd detection config-win32: set `HAVE_SNPRINTF` for mingw-w64 configure: better --disable-http configure: check for the fseeko declaration too conncache: use the closure handle when disconnecting surplus connections content_encoding: make Curl_all_content_encodings allocless cookie: lowercase the domain names before PSL checks curl.h: delete Symbian OS references curl.h: on FreeBSD include sys/param.h instead of osreldate.h curl.rc: switch out the copyright symbol for plain ASCII curl: improved IPFS and IPNS URL support curl_easy_duphandle.3: clarify how HSTS and alt-svc are duped Curl_http_body: cleanup properly when Curl_getformdata errors curl_setup: disallow Windows IPv6 builds missing getaddrinfo curl_sspi: support more revocation error names in error messages CURLINFO_PRETRANSFER_TIME_T.3: fix time explanation CURLMOPT_MAX_CONCURRENT_STREAMS: make sure the set value is within range CURLOPT_CAINFO_BLOB.3: explain what CURL_BLOB_COPY does CURLOPT_WRITEFUNCTION.3: clarify libcurl returns for CURL_WRITEFUNC_ERROR CURPOST_POSTFIELDS.3: add CURLOPT_COPYPOSTFIELDS in SEE ALSO docs/example/keepalive.c: show TCP keep-alive options docs/example/localport.c: show off CURLOPT_LOCALPORT docs/examples/interface.c: show CURLOPT_INTERFACE use docs/libcurl: fix three minor man page format mistakes docs/libcurl: SYNSOPSIS cleanup docs: add supported version for the json write-out docs: clarify that curl passes on input unfiltered docs: fix function typo in curl_easy_option_next.3 docs: KNOWN_BUGS cleanup docs: preserve the modification date when copying the prebuilt man page docs: remove bold from some man page SYNOPSIS sections docs: use SOURCE_DATE_EPOCH for generated manpages doh: provide better return code for responses w/o addresses doh: use PIPEWAIT when HTTP/2 is attempted duphandle: also free 'outcurl->cookies' in error path duphandle: make dupset() not return with pointers to old alloced data duphandle: use strdup to clone *COPYPOSTFIELDS if size is not set easy: in duphandle, init the cookies for the new handle easy: remove duplicate wolfSSH init call easy_lock: add a pthread_mutex_t fallback fopen: create new file using old file's mode fopen: create short(er) temporary file name getenv: PlayStation doesn't have getenv() GHA: move mod_h2 version in CI to v2.0.25 hostip: show the list of IPs when resolving is done hostip: silence compiler warning `-Wparentheses-equality` hsts: skip single-dot hostname HTTP/2, HTTP/3: handle detach of onoing transfers http2: header conversion tightening http2: provide an error callback and failf the message http2: safer invocation of populate_binsettings http: allow longer HTTP/2 request method names http: avoid Expect: 100-continue if Upgrade: is used http: consider resume with CURLOPT_FAILONERRROR and 416 to be fine http: fix `-Wunused-parameter` with no auth and no proxy http: fix `-Wunused-variable` compiler warning http: fix empty-body warning http_aws_sigv4: canonicalise valueless query params hyper: temporarily remove HTTP/2 support INSTALL: update list of ports and CPU archs IPFS: fix IPFS_PATH and file parsing keylog: disable if unused lib: add and use Curl_strndup() lib: apache style infof and trace macros/functions lib: fix gcc warning in printf call libcurl-errors.3: sync with current public headers libcurl-thread.3: simplify the TLS section Makefile.am: drop vc10, vc11 and vc12 projects from dist Makefile.mk: fix `-rtmp` option for non-Windows mime: store "form escape" as a single bit misc: fix -Walloc-size warnings msh3: error when built with CURL_DISABLE_SOCKETPAIR set multi: during ratelimit multi_getsock should return no sockets multi: use pipe instead of socketpair to *wakeup() ngtcp2: fix races in stream handling ntlm_wb: use pipe instead of socketpair when possible openldap: move the alloc of ldapconninfo to *connect() openldap: set the callback argument in oldap_do openssl: avoid BN_num_bits() NULL pointer derefs openssl: fix building with v3 `no-deprecated` + add CI test openssl: fix infof() to avoid compiler warning for %s with null openssl: identify the "quictls" backend correctly openssl: include SIG and KEM algorithms in verbose openssl: make CURLSSLOPT_NATIVE_CA import Windows intermediate CAs openssl: two multi pointer checks should probably rather be asserts openssl: when a session-ID is reused, skip OCSP stapling page-footer: clarify exit code 25 projects: add VC14.20 project files pytest: use lower count in repeat tests quic: make eyeballers connect retries stop at weird replies quic: manage connection idle timeouts quiche: use quiche_conn_peer_transport_params() rand: fix build error with autotools + LibreSSL resolve.d: drop a multi use-sentence RTSP: improved RTP parser sasl: fix `-Wunused-function` compiler warning schannel: add CA cache support for files and memory blobs setopt: check CURLOPT_TFTP_BLKSIZE range on set setopt: remove outdated cookie comment setopt: remove superfluous use of ternary expressions socks: better buffer size checks for socks4a user and hostname socks: make SOCKS5 use the CURLOPT_IPRESOLVE choice symbols-in-versions: the CLOSEPOLICY options are deprecated test1683: remove commented-out check alternatives test3103: add missing quotes around a test tag attribute test613: stop showing an error on missing output file tests/README: SOCKS tests are not using OpenSSH, it has its own server tests/server: add more SOCKS5 handshake error checking tests: Fix Windows test helper tool search & use it for handle64 tidy-up: casing typos, delete unused Windows version aliases tool: fix --capath when proxy support is disabled tool: support bold headers in Windows tool_cb_hdr: add an additional parsing check tool_cb_prg: make the carriage return fit for wide progress bars tool_cb_wrt: fix write output for very old Windows versions tool_getparam: limit --rate to be smaller than number of ms tool_operate: do not mix memory models tool_operate: fix links in ipfs errors tool_parsecfg: make warning output propose double-quoting tool_urlglob: fix build for old gcc versions tool_urlglob: make multiply() bail out on negative values tool_writeout_json: fix JSON encoding of non-ascii bytes transfer: abort pause send when connection is marked for closing transfer: avoid calling the read callback again after EOF transfer: only reset the FTP wildcard engine in CLEAR state url: don't touch the multi handle when closing internal handles url: find scheme with a "perfect hash" url: fix `-Wzero-length-array` with no protocols url: fix builds with `CURL_DISABLE_HTTP` url: protocol handler lookup tidy-up url: proxy ssl connection reuse fix urlapi: avoid null deref if setting blank host to url encode urlapi: skip appending NULL pointer query urlapi: when URL encoding the fragment, pass in the right length urldata: make maxconnects a 32 bit value urldata: move async resolver state from easy handle to connectdata urldata: move cookielist from UserDefined to UrlState urldata: move hstslist from 'set' to 'state' urldata: move the 'internal' boolean to the state struct vssh: remove the #ifdef for Curl_ssh_init, use empty macro vtls: cleanup SSL config management vtls: consistently use typedef names for OpenSSL structs vtls: late clone of connection ssl config vtls: use ALPN "http/1.1" for HTTP/1.x, including HTTP/1.0 VULN-DISCLOSURE-POLICY: escape sequences are not a security flaw windows: use built-in `_WIN32` macro to detect Windows wolfssh: remove redundant static prototypes wolfssl: add default case for wolfssl_connect_step1 switch wolfssl: require WOLFSSL_SYS_CA_CERTS for loading system CA 8.4.0 Changes: curl: add support for the IPFS protocols via HTTP gateway curl_multi_get_handles: get easy handles from a multi handle mingw: delete support for legacy mingw.org toolchain Bugfixes: acinclude.m4: Document proper system truststore on FreeBSD appveyor: fix yamlint issues, indent appveyor: rewrite batch in PowerShell + CI improvements autotools: adjust `CURL_CA_PATH` value to CMake autotools: restore `HAVE_IOCTL_*` detections base64: also build for curl bufq: remove Curl_bufq_skip_and_shift (unused) build: delete checks for C89 standard headers build: do not publish `HAVE_BORINGSSL`, `HAVE_AWSLC` macros cf-socket: simulate slow/blocked receives in debug cmake, configure: also link with CoreServices cmake: add check for suseconds_t cmake: add feature checks for `memrchr` and `getifaddrs` cmake: add missing checks cmake: delete old `HAVE_LDAP_URL_PARSE` logic cmake: detect `HAVE_CLOCK_GETTIME_MONOTONIC_RAW` cmake: detect `HAVE_GETADDRINFO_THREADSAFE` cmake: detect `sys/wait.h` and `netinet/udp.h` cmake: detect TLS-SRP in OpenSSL/wolfSSL/GnuTLS cmake: disable unity mode with Windows Unicode + TrackMemory cmake: fix `HAVE_LDAP_SSL`, `HAVE_LDAP_URL_PARSE` on non-Windows cmake: fix `HAVE_WRITABLE_ARGV` detection cmake: fix duplicate symbols when linking tests cmake: fix missing `zlib.h` when compiling `libcurltool` cmake: fix stderr initialization in unity builds cmake: fix the help text to the static build option in CMakeLists.txt cmake: fix unity builds for more build combinations cmake: fix unity symbol collisions in h2 builds cmake: fix unity with Windows Unicode + TrackMemory cmake: improve OpenLDAP builds cmake: lib `CURL_STATICLIB` fixes (Windows) cmake: move global headers to specific checks cmake: pre-cache `HAVE_BASENAME` for mingw-w64 and MSVC cmake: pre-cache `HAVE_POLL_FINE` on Windows cmake: tidy-up `NOT_NEED_LBER_H` detection cmake: validate `CURL_DEFAULT_SSL_BACKEND` config value configure: check for the capath by default configure: remove unused checks configure: replace adhoc domain with `localhost` in tests configure: sort AC_CHECK_FUNCS connect: expire the timeout when trying next connect: only start the happy eyeballs timer when needed cookie: do not store the expire or max-age strings cookie: remove unnecessary struct fields cookie: set ->running in cookie_init even if data is NULL create-dirs.d: clarify it also uses --output-dirs curl.h: mark CURLSSLBACKEND_NSS as deprecated since 8.3.0 curl_easy_pause.3: mention h2/h3 buffering curl_easy_pause.3: mention it works within callbacks curl_easy_pause: set "in callback" true on exit if true CURLOPT_DEBUGFUNCTION.3: warn about internal handles docs/libcurl/opts/Makefile.inc: add missing manpage files docs: adapt SEE ALSO sections to new requirements docs: explain how PINNEDPUBLICKEY is independent of VERIFYPEER docs: replace made up domains with example.com docs: update curl man page references docs: use CURLSSLBACKEND_NONE doh: inherit DEBUGFUNCTION/DATA escape: replace Curl_isunreserved with ISUNRESERVED FAQ: How do I upgrade curl.exe in Windows? GHA/linux: run singleuse to detect single-use global functions GHA: add workflow to compare configure vs cmake outputs h2-proxy: remove left-over mistake in drain_tunnel() h2: testcase and fix for pausing h2 streams h3: add support for ngtcp2 with AWS-LC builds http2: refused stream handling for retry http: fix CURL_DISABLE_BEARER_AUTH breakage http: h1/h2 proxy unification http: remove wrong comment for http_should_fail http: use per-request counter to check too large headers http_aws_sigv4: fix sorting with empty parts idn: fix WinIDN null ptr deref on bad host idn: if idn2_check_version returns NULL, return error inet_ntop: add typecast to silence Coverity lib: disambiguate Curl_client_write flag semantics lib: enable hmac for digest as well lib: failf/infof compiler warnings lib: let the max filesize option stop too big transfers too lib: move handling of `data->req.writer_stack` into Curl_client_write() lib: provide and use Curl_hexencode lib: remove TIME_WITH_SYS_TIME lib: use wrapper for curl_mime_data fseek callback libssh2: fix error message on failed pubkey-from-file libssh: cap SFTP packet size sent Makefile.mk: always set `CURL_STATICLIB` for lib (Windows) MANUAL.md: change domain to example.com misc: better random strings MQTT: improve receive of ACKs multi: do CURLM_CALL_MULTI_PERFORM at two more places multi: fix small timeouts multi: remove Curl_multi_dump multi: round the timeout up to prevent early wakeups multi: set CURLM_CALL_MULTI_PERFORM after switch to DOING_MORE openssl: improve ssl shutdown handling openssl: use X509_ALGOR_get0 instead of reaching into X509_ALGOR pytest: exclude test_03_goaway in CI runs due to timing dependency quic: set ciphers/curves the same way regular TLS does quiche: fix build error with --with-ca-fallback RELEASE-PROCEDURE.md: updated coming release dates runtests: display the test status if tests appear hung runtests: eliminate a warning on old perl versions socks: return error if hostname too long for remote resolve src/mkhelp: make generated code pass `checksrc` test1056: disable on Windows test1474: disable test on NetBSD, OpenBSD and Solaris 10 test1592: greatly increase the maximum test timeout test1903: actually verify the cookies after the test test1906: set a lower timeout since it's hit on Windows test2600: remove special case handling for USE_ALARM_TIMEOUT test650: fix an end tag typo test661: return from test early in case of curl error test: add missing s tests: close the shell used to start sshd tests: fix a race condition in ftp server disconnect tests: fix compiler warnings tests: Fix zombie processes left behind by FTP tests. tests: improve SLOWDOWN test reliability by reducing sent data tests: increase lib571 timeout from 3s to 30s tests: log the test result code after each libtest tests: propagate errors in libtests tests: set --expect100-timeout to improve test reliability tests: show which curl tool `runtests.pl` is using tests: stop overriding the lock timeout tftpd: always use curl's own tftp.h tool: use our own stderr variable tool_cb_wrt: fix debug assertion tool_getparam: accept variable expansion on file names too tool_setopt: remove unused function tool_setopt_flags upload-file.d: describe the file name slash/backslash handling url: fall back to http/https proxy env-variable if ws/wss not set url: fix netrc info message warnless: remove unused functions wolfssh: do cleanup in Curl_ssh_cleanup wolfssl: allow capath with CURLOPT_CAINFO_BLOB wolfssl: if CURLOPT_CAINFO_BLOB is set, ignore the CA files wolfssl: ignore errors in CA path 8.3.0 Changes: curl: make %output{} in -w specify a file to write to gskit: remove lib: --disable-bindlocal builds curl without local binding support nss: remove support for this TLS library tool: add "variable" support trace: make tracing available in non-debug builds url: change default value for CURLOPT_MAXREDIRS to 30 urlapi: CURLU_PUNY2IDN - convert from punycode to IDN name wolfssl: support loading system CA certificates Bugfixes: altsvc: accept and parse IPv6 addresses in response headers asyn-ares: reduce timeout to 2000ms aws-sigv4: canonicalize the query aws-sigv4: fix having date header twice in some cases aws-sigv4: handle no-value user header entries bearssl: don't load CA certs when peer verification is disabled bearssl: handshake fix, provide proper get_select_socks() implementation build: fix portability of mancheck and checksrc targets build: streamline non-UWP wincrypt detections c-hyper: adjust the hyper to curlcode conversion c-hyper: fix memory leaks in `Curl_http` cf-haproxy: make CURLOPT_HAPROXY_CLIENT_IP set the *source* IP cf-socket: log successful interface bind CI/cirrus: disable python install on FreeBSD CI: add a 32-bit i686 Linux build CI: add caching to many jobs CI: move on to ngtcp2 v0.19.1 CI: move the Alpine build from Cirrus to GHA CI: ngtcp2-linux: use separate caches for tls libraries CI: remove Windows builds from Cirrus, without replacement CI: switch macOS ARM build from Cirrus to Circle CI CI: use master again for wolfssl cirrus: install everthing with pkg, avoid pip cmake: add GnuTLS option cmake: add support for `CURL_DEFAULT_SSL_BACKEND` cmake: add support for single libcurl compilation pass cmake: allow `SHARE_LIB_OBJECT=ON` on all platforms cmake: assume `wldap32` availability on Windows cmake: cache more config and delete unused ones cmake: detect `SSL_set0_wbio` in OpenSSL cmake: drop `HAVE_LIBWINMM` and `HAVE_LIBWS2_32` feature checks cmake: fix to use variable for the curl namespace cmake: fixup H2 duplicate symbols for unity builds cmake: set SIZEOF_LONG_LONG in curl_config.h cmake: support building static and shared libcurl in one go cmdline-docs: make sure to phrase it as "added in ...." cmdline-docs: use present tense, not future cmdline-opts/docs: mention the negative option part cmdline-opts/page-header: clarify stronger that !opt == URL cmdline-opts/page-header: reorder, clean up configure, cmake, lib: more form api deprecation configure: fix `HAVE_TIME_T_UNSIGNED` check configure: trust pkg-config when it's used for zlib configure: use the pkg-config --libs-only-l flag for libssh2 connect: stop halving the remaining timeout when less than 600 ms left cookie-jar.d: emphasize that this option is ONLY writing cookies crypto: ensure crypto initialization works curl_url_get/set.3: add missing semicolon in SYNOPSIS CURLINFO_CERTINFO.3: better explain curl_certinfo struct CURLINFO_TLS_SSL_PTR.3: clarify a recommendation CURLOPT_*TIMEOUT*: extend and clarify CURLOPT_SSL_VERIFYPEER.3: mention it does not load CA certs when disabled CURLOPT_URL.3: add two URL API calls in the see-also section CURLOPT_URL.3: explain curl_url_set() uses the same parser digest: Use hostname to generate spn instead of realm disable.d: explain --disable not implemented prior to 7.50.0 docs/cmdline-opts/gen.pl: hide "added in" before 7.50.0 docs/cmdline-opts: match the current output docs/cmdline-opts: spellfixes, typos and polish docs/cmdline: add small "warning" to verbose options docs/cmdline: remove repeated working for negotiate + ntlm docs/HYPER.md: document a workaround for a link error docs: add curl_global_trace to some SEE ALSO sections docs: link to the website versions instead of markdowns docs: mark --ssl-revoke-best-effort as Schannel specific docs: mention critical files in same directories as curl saves docs: removing "pausing transfers" from HYPER.md. docs: rewrite to present tense easy: remove #ifdefs to make code easier on the eye egd: delete feature detection and related source code ftp: fix temp write of ipv6 address gen.pl: escape all dashes (ascii minus) to avoid unicode hyphens gen.pl: replace all single quotes with aq GHA: adding quiche workflow headers: accept leading whitespaces on first response header http2: avoid too early connection re-use/multiplexing http2: cleanup trace messages http2: disable asssertion blocking OSSFuzz testing http2: fix in h2 proxy tunnel: progress in ingress on sending http2: polish things around POST http2: upgrade tests and add fix for non-existing stream http3/ngtcp2: shorten handshake, trace cleanup http3: quiche, handshake optimization, trace cleanup http: close the connection after a late 417 is received http: do not require a user name when using CURLAUTH_NEGOTIATE http: fix sending of large requests http: remove the p_pragma struct field http: return error when receiving too large header set hyper: fix a progress upload counter bug hyper: fix ownership problems hyper: remove `hyptransfer->endtask` imap: add a check for failing strdup() imap: remove the only sscanf() call in the IMAP code include.d: explain headers not printed with --fail before 7.75.0 include/curl/mprintf.h: add __attribute__ for the prototypes krb5: fix "implicit conversion loses integer precision" warnings lib: add ability to disable auths individually lib: build fixups when built with most things disabled lib: fix a few *printf() flag mistakes lib: fix null ptr derefs and uninitialized vars (h2/h3) lib: move mimepost data from ->req.p.http to ->state libtest: use curl_free() to free libcurl allocated data list-only.d: mention SFTP as supported protocol macOS: fix target detection more misc: fix various typos multi.h: the 'revents' field of curl_waitfd is supported multi: more efficient pollfd count for poll multi: remove 'processing: ' debug message ngtcp2: fix handling of large requests openssl: auto-detect `SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED` openssl: clear error queue after SSL_shutdown openssl: make aws-lc version support OCSP openssl: Support async cert verify callback openssl: switch to modern init for LibreSSL 2.7.0+ openssl: use `SSL_CTX_set_ciphersuites` with LibreSSL 3.4.1 openssl: use `SSL_CTX_set_keylog_callback` with LibreSSL 3.5.0 openssl: when CURLOPT_SSL_CTX_FUNCTION is registered, init x509 store before os400: build test servers os400: do not check translatable options at build time os400: implement CLI tool page-footer: QLOGDIR works with ngtcp2 and quiche page-header: move up a URL paragraph from GLOBBING to URL pytest: fix check for slow_network skips to only apply when intended quic: don't set SNI if hostname is an IP address quiche: adjust quiche `QUIC_IDLE_TIMEOUT` to 60s quiche: enable quiche to handle timeout events resolve: use PF_INET6 family lookups when CURL_IPRESOLVE_V6 is set revert "schannel: reverse the order of certinfo insertions" schannel: fix ordering of cert chain info schannel: fix user-set legacy algorithms in Windows 10 & 11 schannel: verify hostname independent of verify cert sectransp: fix compiler warnings sectransp: prevent CFRelease() of NULL secureserver.pl: fix stunnel path quoting secureserver.pl: fix stunnel version parsing SECURITY-PROCESS.md: not a sec issue: Tricking user to run a cmdline system.h: add CURL_OFF_T definitions on HP-UX with HP aCC test1304: build and skip without netrc support test1554: check translatable string options in OS400 wrapper test1608: make it build and get skipped without shuffle DNS support test687/688: two more basic --xattr tests tests/tftpd+mqttd: make variables static to silence picky warnings tests: add 'large-time' as a testable feature tests: add support for nested %if conditions tests: don't call HTTP errors OK in test cases tests: ensure `libcurl.def` contains all exports tests: fix h3 server check and parallel instances tests: TLS session sharing test tests: update cookie expiry dates to far in the future time-cond.d: mention what happens on a missing file tool: avoid including leading spaces in the Location hyperlink tool: change some fopen failures from warnings to errors tool: make the length argument an int for printf()-.* flags tool_cb_wrt: fix invalid unicode for windows console tool_filetime: make -z work with file dates before 1970 tool_operate: allow both SSL_CERT_FILE and SSL_CERT_DIR tool_operate: make aws-sigv4 not require TLS to be used tool_paramhlp: improve str2num(): avoid unnecessary call to strlen() tool_urlglob: use the correct format specifier for curl_off_t in msnprintf transfer: also stop the sending on closed connection transfer: don't set TIMER_STARTTRANSFER on first send unit2600: fix build warning if built without verbose messages url: remove infof() output for "still name resolving" urlapi: fix heap buffer overflow urlapi: make sure zoneid is also duplicated in curl_url_dup urlapi: return CURLUE_BAD_HOSTNAME if puny2idn encoding fails urlapi: setting a blank URL ("") is not an ok URL vquic: show stringified messages for errno vtls: clarify "ALPN: offers" message winbuild: improve check for static zlib wolfSSL: avoid the OpenSSL compat API when not needed workflows/macos.yml: disable zstd and alt-svc in the http-only build write-out.d: clarify %{time_starttransfer} ws: fix spelling mistakes in examples and tests Signed-off-by: Adolf Belka Reviewed-by: Michael Tremer --- config/rootfiles/common/curl | 14 ++++++- lfs/curl | 7 ++-- ...15d8aee6c1045be932a34fe6107c2f5ed147.patch | 38 ------------------- 3 files changed, 16 insertions(+), 43 deletions(-) delete mode 100644 src/patches/curl-8.4.0-fb4415d8aee6c1045be932a34fe6107c2f5ed147.patch diff --git a/config/rootfiles/common/curl b/config/rootfiles/common/curl index 4559aaaa8..362e047e2 100644 --- a/config/rootfiles/common/curl +++ b/config/rootfiles/common/curl @@ -19,7 +19,6 @@ usr/lib/libcurl.so.4 usr/lib/libcurl.so.4.8.0 #usr/lib/pkgconfig/libcurl.pc #usr/share/aclocal/libcurl.m4 -#usr/share/man/man1/curl-config.1 #usr/share/man/man1/curl.1 #usr/share/man/man3/CURLINFO_ACTIVESOCKET.3 #usr/share/man/man3/CURLINFO_APPCONNECT_TIME.3 @@ -30,6 +29,7 @@ usr/lib/libcurl.so.4.8.0 #usr/share/man/man3/CURLINFO_CONDITION_UNMET.3 #usr/share/man/man3/CURLINFO_CONNECT_TIME.3 #usr/share/man/man3/CURLINFO_CONNECT_TIME_T.3 +#usr/share/man/man3/CURLINFO_CONN_ID.3 #usr/share/man/man3/CURLINFO_CONTENT_LENGTH_DOWNLOAD.3 #usr/share/man/man3/CURLINFO_CONTENT_LENGTH_DOWNLOAD_T.3 #usr/share/man/man3/CURLINFO_CONTENT_LENGTH_UPLOAD.3 @@ -61,6 +61,7 @@ usr/lib/libcurl.so.4.8.0 #usr/share/man/man3/CURLINFO_PROXYAUTH_AVAIL.3 #usr/share/man/man3/CURLINFO_PROXY_ERROR.3 #usr/share/man/man3/CURLINFO_PROXY_SSL_VERIFYRESULT.3 +#usr/share/man/man3/CURLINFO_QUEUE_TIME_T.3 #usr/share/man/man3/CURLINFO_REDIRECT_COUNT.3 #usr/share/man/man3/CURLINFO_REDIRECT_TIME.3 #usr/share/man/man3/CURLINFO_REDIRECT_TIME_T.3 @@ -90,6 +91,8 @@ usr/lib/libcurl.so.4.8.0 #usr/share/man/man3/CURLINFO_TLS_SSL_PTR.3 #usr/share/man/man3/CURLINFO_TOTAL_TIME.3 #usr/share/man/man3/CURLINFO_TOTAL_TIME_T.3 +#usr/share/man/man3/CURLINFO_USED_PROXY.3 +#usr/share/man/man3/CURLINFO_XFER_ID.3 #usr/share/man/man3/CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE.3 #usr/share/man/man3/CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE.3 #usr/share/man/man3/CURLMOPT_MAXCONNECTS.3 @@ -159,6 +162,7 @@ usr/lib/libcurl.so.4.8.0 #usr/share/man/man3/CURLOPT_DOH_SSL_VERIFYPEER.3 #usr/share/man/man3/CURLOPT_DOH_SSL_VERIFYSTATUS.3 #usr/share/man/man3/CURLOPT_DOH_URL.3 +#usr/share/man/man3/CURLOPT_ECH.3 #usr/share/man/man3/CURLOPT_EGDSOCKET.3 #usr/share/man/man3/CURLOPT_ERRORBUFFER.3 #usr/share/man/man3/CURLOPT_EXPECT_100_TIMEOUT_MS.3 @@ -301,6 +305,7 @@ usr/lib/libcurl.so.4.8.0 #usr/share/man/man3/CURLOPT_PROXY_TLSAUTH_USERNAME.3 #usr/share/man/man3/CURLOPT_PROXY_TRANSFER_MODE.3 #usr/share/man/man3/CURLOPT_PUT.3 +#usr/share/man/man3/CURLOPT_QUICK_EXIT.3 #usr/share/man/man3/CURLOPT_QUOTE.3 #usr/share/man/man3/CURLOPT_RANDOM_FILE.3 #usr/share/man/man3/CURLOPT_RANGE.3 @@ -326,6 +331,7 @@ usr/lib/libcurl.so.4.8.0 #usr/share/man/man3/CURLOPT_SEEKDATA.3 #usr/share/man/man3/CURLOPT_SEEKFUNCTION.3 #usr/share/man/man3/CURLOPT_SERVER_RESPONSE_TIMEOUT.3 +#usr/share/man/man3/CURLOPT_SERVER_RESPONSE_TIMEOUT_MS.3 #usr/share/man/man3/CURLOPT_SERVICE_NAME.3 #usr/share/man/man3/CURLOPT_SHARE.3 #usr/share/man/man3/CURLOPT_SOCKOPTDATA.3 @@ -335,6 +341,8 @@ usr/lib/libcurl.so.4.8.0 #usr/share/man/man3/CURLOPT_SOCKS5_GSSAPI_SERVICE.3 #usr/share/man/man3/CURLOPT_SSH_AUTH_TYPES.3 #usr/share/man/man3/CURLOPT_SSH_COMPRESSION.3 +#usr/share/man/man3/CURLOPT_SSH_HOSTKEYDATA.3 +#usr/share/man/man3/CURLOPT_SSH_HOSTKEYFUNCTION.3 #usr/share/man/man3/CURLOPT_SSH_HOST_PUBLIC_KEY_MD5.3 #usr/share/man/man3/CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256.3 #usr/share/man/man3/CURLOPT_SSH_KEYDATA.3 @@ -442,6 +450,7 @@ usr/lib/libcurl.so.4.8.0 #usr/share/man/man3/curl_global_init.3 #usr/share/man/man3/curl_global_init_mem.3 #usr/share/man/man3/curl_global_sslset.3 +#usr/share/man/man3/curl_global_trace.3 #usr/share/man/man3/curl_mime_addpart.3 #usr/share/man/man3/curl_mime_data.3 #usr/share/man/man3/curl_mime_data_cb.3 @@ -459,6 +468,7 @@ usr/lib/libcurl.so.4.8.0 #usr/share/man/man3/curl_multi_assign.3 #usr/share/man/man3/curl_multi_cleanup.3 #usr/share/man/man3/curl_multi_fdset.3 +#usr/share/man/man3/curl_multi_get_handles.3 #usr/share/man/man3/curl_multi_info_read.3 #usr/share/man/man3/curl_multi_init.3 #usr/share/man/man3/curl_multi_perform.3 @@ -471,6 +481,7 @@ usr/lib/libcurl.so.4.8.0 #usr/share/man/man3/curl_multi_strerror.3 #usr/share/man/man3/curl_multi_timeout.3 #usr/share/man/man3/curl_multi_wait.3 +#usr/share/man/man3/curl_multi_waitfds.3 #usr/share/man/man3/curl_multi_wakeup.3 #usr/share/man/man3/curl_pushheader_byname.3 #usr/share/man/man3/curl_pushheader_bynum.3 @@ -495,6 +506,7 @@ usr/lib/libcurl.so.4.8.0 #usr/share/man/man3/curl_ws_recv.3 #usr/share/man/man3/curl_ws_send.3 #usr/share/man/man3/libcurl-easy.3 +#usr/share/man/man3/libcurl-env-dbg.3 #usr/share/man/man3/libcurl-env.3 #usr/share/man/man3/libcurl-errors.3 #usr/share/man/man3/libcurl-multi.3 diff --git a/lfs/curl b/lfs/curl index a4fa21b1c..edb9a8201 100644 --- a/lfs/curl +++ b/lfs/curl @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 8.2.1 +VER = 8.8.0 THISAPP = curl-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 77c0b067935397afb3961378f2fe349fa988c6379c1ab7437c5d5f967710b2e9ba7aec91df8fe58a8b26c00c0164d4db9bd095ca27d1bf52b768c8d83cc0ecaf +$(DL_FILE)_BLAKE2 = c14903bad4cbd1752a5335afa6bcc78be1a484692fce0e0a6c2061963e0e6b4e56defb8332cef32d0dbddb481ad0443b71faf3a52a6e9d945c89ecbce373d2a3 install : $(TARGET) @@ -70,7 +70,6 @@ $(subst %,%_BLAKE2,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar xf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/curl-8.4.0-fb4415d8aee6c1045be932a34fe6107c2f5ed147.patch cd $(DIR_APP) && ./configure \ --prefix=/usr \ --disable-ipv6 \ diff --git a/src/patches/curl-8.4.0-fb4415d8aee6c1045be932a34fe6107c2f5ed147.patch b/src/patches/curl-8.4.0-fb4415d8aee6c1045be932a34fe6107c2f5ed147.patch deleted file mode 100644 index 0de35055f..000000000 --- a/src/patches/curl-8.4.0-fb4415d8aee6c1045be932a34fe6107c2f5ed147.patch +++ /dev/null @@ -1,38 +0,0 @@ -From fb4415d8aee6c1045be932a34fe6107c2f5ed147 Mon Sep 17 00:00:00 2001 -From: Jay Satiro -Date: Wed, 11 Oct 2023 07:34:19 +0200 -Subject: [PATCH] socks: return error if hostname too long for remote resolve - -Prior to this change the state machine attempted to change the remote -resolve to a local resolve if the hostname was longer than 255 -characters. Unfortunately that did not work as intended and caused a -security issue. - -Bug: https://curl.se/docs/CVE-2023-38545.html - -diff --git a/lib/socks.c b/lib/socks.c -index c492d663c4738..a7b5ab07e47d0 100644 ---- a/lib/socks.c -+++ b/lib/socks.c -@@ -587,9 +587,9 @@ static CURLproxycode do_SOCKS5(struct Curl_cfilter *cf, - - /* RFC1928 chapter 5 specifies max 255 chars for domain name in packet */ - if(!socks5_resolve_local && hostname_len > 255) { -- infof(data, "SOCKS5: server resolving disabled for hostnames of " -- "length > 255 [actual len=%zu]", hostname_len); -- socks5_resolve_local = TRUE; -+ failf(data, "SOCKS5: the destination hostname is too long to be " -+ "resolved remotely by the proxy."); -+ return CURLPX_LONG_HOSTNAME; - } - - if(auth & ~(CURLAUTH_BASIC | CURLAUTH_GSSAPI)) -@@ -903,7 +903,7 @@ static CURLproxycode do_SOCKS5(struct Curl_cfilter *cf, - } - else { - socksreq[len++] = 3; -- socksreq[len++] = (char) hostname_len; /* one byte address length */ -+ socksreq[len++] = (unsigned char) hostname_len; /* one byte length */ - memcpy(&socksreq[len], sx->hostname, hostname_len); /* w/o NULL */ - len += hostname_len; - }