From patchwork Fri Sep 13 16:25:16 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 8107 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4X506213X6z3wxl for ; Fri, 13 Sep 2024 16:25:30 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "E6" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4X505z1bVcz2ry; Fri, 13 Sep 2024 16:25:27 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4X505y6Rgpz3475; Fri, 13 Sep 2024 16:25:26 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4X505w2b3Bz2ybk for ; Fri, 13 Sep 2024 16:25:24 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4X505v2tr4zQF; Fri, 13 Sep 2024 16:25:23 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1726244723; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=EawqQ2z4b2/AAHgog4YjRnBO5bTOVAVY81A1YJyK9Zg=; b=CcZV9vp8iUypGFWfoq5s6E4RxYST3bZsZ5jmjzthlH+OT1TmZIswx7lQKAP644r/KMwTT2 QuqrqG12h7WEVPBA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1726244723; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=EawqQ2z4b2/AAHgog4YjRnBO5bTOVAVY81A1YJyK9Zg=; b=lrp7MGu2LWiii6bQJ7MN3NH/k15NhftXLULHqnZu6BDVOhyoyJrEVXTq/fqeqdl4vhj267 PI1CPtUUV+vN8DZvwfhd1NhDUsjrgRGkQnfrsEckGJS7uptNZF3IIdbIlWO7oZ2VfMINwS cjjUbCJ8dQ1YJ3C/ADyiHUWzQpV6sUEc5ja6T4/dQtGBj7pZxSNhBET1jIy0fhLBMYXQ6p Q0aQgyCTDkSAQg1ae9RasX+iZBeou+oig/z3lSf9Z2p/XCQVHR8buvPu7ytrE6Wuj71kBQ Kaz53pkCGYH0VQURVv21o6AFDyqxFSszqMZ9eFDCtTdyLjt2AD/6giZxJ8LmeQ== From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH] curl: Update to version 8.10.0 Date: Fri, 13 Sep 2024 18:25:16 +0200 Message-ID: <20240913162520.2352467-1-adolf.belka@ipfire.org> MIME-Version: 1.0 Message-ID-Hash: OJIUXXFISUWCDW66GO6OKA7V35HMIWN4 X-Message-ID-Hash: OJIUXXFISUWCDW66GO6OKA7V35HMIWN4 X-MailFrom: adolf.belka@ipfire.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.8 Precedence: list List-Id: IPFire development talk Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: - Update from vesion 8.9.1 to 8.10.0 - Update of rootfile - In previous versions if libpsl was not found then the build excluded it. Now it needs to be explicitly disabled otherwise the build will stop with a warning that it could not be found. - Changelog 8.10.0 changes: o autotools: add `--enable-windows-unicode` option [103] o curl: --help [option] displays documentation for given cmdline option [19] o curl: add --skip-existing [54] o curl: for -O, use "default" as filename when the URL has none [34] o curl: make --rate accept "number of units" [4] o curl: make --show-headers the same as --include [6] o curl: support --dump-header % to direct to stderr [31] o curl: support embedding a CA bundle and --dump-ca-embed [20] o curl: support repeated use of the verbose option; -vv etc [35] o curl: use libuv for parallel transfers with --test-event [82] o getinfo: add CURLINFO_POSTTRANSFER_TIME_T [87] o mbedtls: add CURLOPT_TLS13_CIPHERS support [78] o rustls: add support for setting TLS version and ciphers [113] o vtls: stop offering alpn http/1.1 for http2-prior-knowledge [53] o wolfssl: add CURLOPT_TLS13_CIPHERS support [76] o wolfssl: add support for ssl cert blob / ssl key blob options [50] bugfixes: o asyn-thread: stop using GetAddrInfoExW on Windows [241] o autotools: fix MS-DOS builds [249] o autotools: fix typo in tests/data target [30] o aws_sigv4: fix canon order for headers with same prefix [74] o bearssl: fix setting tls version [203] o bearssl: improve shutdown handling [45] o BINDINGS: add zig binding [100] o build: add `iphlpapi` lib for libssh on Windows [166] o build: add `poll()` detection for cross-builds [244] o build: add options to disable SHA-512/256 hash algo [239] o build: check OS-native IDN first, then libidn2 [223] o build: delete unused `REQUIRE_LIB_DEPS` [226] o build: drop unused `NROFF` reference [253] o build: drop unused feature-detection code for Apple `poll()` [227] o build: generate `buildinfo.txt` for test logs [256] o build: improve compiler version detection portability o build: make `CURL_FORMAT_CURL_OFF_T[U]` work with mingw-w64 <=7.0.0 [207] o build: silence C4232 MSVC warnings in vcpkg ngtcp2 builds [137] o build: use -Wno-format-overflow [195] o buildconf.bat: fix tool_hugehelp.c generation [173] o cf-socket: fix pollset for listening [179] o cf-socket: prevent KEEPALIVE_FACTOR being set to 1000 for Windows [185] o cfilters: send flush [13] o CHANGES: rename to CHANGES.md, no longer generated [40] o CI: enable parallel testing in CI builds [18] o ci: Update actions/upload-artifact digest to 89ef406 [24] o cmake: `Libs.private` improvements [215] o cmake: add `CURL_USE_PKGCONFIG` option [138] o cmake: add Linux CI job, fix pytest with cmake [71] o cmake: add math library when using wolfssl and ngtcp2 [66] o cmake: add missing `pkg-config` hints to Find modules [158] o cmake: add missing version detection to Find modules [170] o cmake: add rustls [116] o cmake: add support for versioned symbols option [51] o cmake: add wolfSSH support [117] o cmake: allow `pkg-config` in more envs [147] o cmake: cleanup header paths [59] o cmake: default `CURL_DISABLE_LDAPS` to the value of `CURL_DISABLE_LDAP` [231] o cmake: delete MSVC warning suppression for tests/server [101] o cmake: detect `nghttp2` via `pkg-config`, enable by default [21] o cmake: detect and show VCPKG in platform flags [84] o cmake: distcheck for files in CMake subdir [9] o cmake: drop custom `CMakeOutput.log`/`CMakeError.log` logs [27] o cmake: drop libssh CONFIG-style detection [167] o cmake: drop no-op `tests/data/CMakeLists.txt` [26] o cmake: drop reference to undefined variable [25] o cmake: drop unused `HAVE_IDNA_STRERROR` [62] o cmake: drop unused internal variable [22] o cmake: exclude tests/http/clients builds by default [110] o cmake: fix `GSS_VERSION` for Heimdal found via pkg-config [77] o cmake: fix `pkg-config`-based detection in `FindGSS.cmake` [94] o cmake: fix and tidy up c-ares builds, enable in more CI jobs [156] o cmake: fix find rustls [148] o cmake: fixup linking libgsasl when detected via CMake-native o cmake: honor custom `CMAKE_UNITY_BUILD_BATCH_SIZE` [163] o cmake: limit `pkg-config` to UNIX and MSVC+vcpkg by default [188] o cmake: limit libidn2 `pkg-config` detection to `UNIX` [109] o cmake: migrate dependency detections to Find modules [183] o cmake: more small tidy-ups and fixes [80] o cmake: rename wolfSSL and zstd config variables to uppercase [151] o cmake: respect cflags/libdirs of native pkg-config detections [175] o cmake: show CMake platform/compiler flags [63] o cmake: show warning if libpsl is not found [154] o cmake: sync code between test/example targets [234] o cmake: sync up formatting in Find modules [129] o cmake: TLS 1.3 warning only for bearssl and sectranp [118] o cmake: update `curl-config.cmake.in` template var list o cmake: update list of "advanced" variables [119] o cmake: use numeric comparison for `HAVE_WIN32_WINNT` [69] o cmdline-opts: language fix for expect100-timeout.md and max-time.md [192] o configure: delete unused `CURL_DEFINE_UNQUOTED` function [224] o configure: delete unused `HAVE_OPENSSL3` macro [225] o configure: delete unused `m4/xc-translit.m4` [114] o configure: detect AppleIDN [70] o configure: fail if PSL is not disabled but not found [46] o configure: fix WinIDN builds targeting old Windows [210] o configure: remove USE_EXPLICIT_LIB_DEPS [199] o configure: replace nonportable grep -o with awk [111] o connect: always prefer ipv6 in IP eyeballing [209] o connect: limit update IP info [191] o cookie.md: try to articulate the two different uses this option has [92] o curl: allow 500MB data URL encode strings [38] o curl: find curlrc in XDG_CONFIG_HOME without leading dot [186] o curl: fix --proxy-pinnedpubkey [91] o curl: fix the -w urle.* variables [153] o curl: make the progress bar detect terminal width changes [169] o curl: warn on unsupported SSL options [106] o Curl_rand_bytes to control env override [17] o curl_sha512_256: fix symbol collisions with nettle library [131] o CURLMOPT_SOCKETFUNCTION.md: expand on the easy argument [216] o CURLOPT_XFERINFOFUNCTION: clarify the callback return codes [141] o dist: add missing `docs/examples/CMakeLists.txt` [58] o dist: add missing `FindNettle.cmake` [11] o dist: add missing `lib/optiontable.pl` [115] o dist: add missing `test_*.py` scripts [102] o dist: drop buildconf [65] o dist: fix reproducible build from release tarball [36] o dmaketgz: only run 'make distclean' if Makefile exists o docs/SSLCERTS: rewrite [174] o docs: add description of effect of --location-trusted on cookie [157] o docs: document the (weak) random value situation in rustls builds [252] o docs: fix some examples in man pages o docs: improve cipher options documentation [159] o docs: mention "@-" in more places [67] o docs: remove ALTSVC.md, HSTS.md, HTTP2.md and PARALLEL-TRANSFERS.md [105] o docs: update CIPHERS.md [140] o doh-url.md: point out DOH server IP pinning [37] o doh: remove redundant checks [242] o easy: fix curl_easy_upkeep for shared connection caches [52] o escape: allow curl_easy_escape to generate 3*input length output [39] o FEATURES.md: fix typo [180] o ftp: always offer line end conversions [219] o ftp: flush pingpong before response [73] o getinfo: return zero for unsupported options (when disabled) [189] o GHA/windows: enable MulitSSL in an MSVC job [2] o GHA: scan git repository and detect unvetted binary files [3] o gnutls/wolfssl: improve error message when certificate fails [125] o gnutls: send all data [230] o gtls: fix OCSP stapling management [206] o haproxy: send though next filter [222] o hash: provide asserts to verify API use [96] o http/2: simplify eos/blocked handling [90] o http2+h3 filters: fix ctx init [142] o http2: fix GOAWAY message sent to server [171] o http2: improve rate limiting of downloads [33] o http2: improved upload eos handling [41] o http3.md: mention how the fallback can be h1 or h2 [194] o hyper: call Curl_req_set_upload_done() [126] o idn: more strictly check AppleIDN errors [98] o idn: support non-UTF-8 input under AppleIDN [99] o INSTALL.md: MultiSSL and QUIC are mutually exclusive [7] o KNOWN_BUGS: "special characers" in URL works with aws-sigv4 [81] o krb5: add Linux/macOS CI tests, fix cmake GSS detection [83] o krb5: fix `-Wcast-align` [95] o lib: add eos flag to send methods [14] o lib: avoid macro collisions between wolfSSL and GnuTLS headers [133] o lib: convert some debugf()s into traces [8] o lib: delete stray undefs for `vsnprintf`, `vsprintf` [152] o lib: fix AIX build issues [112] o lib: fix building with wolfSSL without DES support [134] o lib: make SSPI global symbols use Curl_ prefix [251] o lib: prefer `CURL_SHA256_DIGEST_LENGTH` over the unprefixed name [132] o lib: remove the final strncpy() calls [240] o lib: remove use of RANDOM_FILE [235] o libcurl.def: move from / into lib [238] o libcurl.pc: add `Cflags.private` [10] o libcurl.pc: add reference to `libgsasl` [150] o libcurl/docs: expand on redirect following and secrets to other hosts [85] o llist: remove direct struct accesses, use only functions [72] o Makefile.dist: fix `ca-firefox` target [254] o Makefile.mk: fixup enabling libidn2 [61] o Makefile: remove 'scripts' duplicate from DIST_SUBDIRS o maketgz: accept option to include latest commit hash [5] o maketgz: fix RELEASE-TOOLS.md for daily tarballs [243] o maketgz: move from / into scripts [237] o managen: fix superfluous leading blank line in quoted sections [211] o managen: in man output, remove the leading space from examples [198] o managen: wordwrap long example lines in ASCII output [143] o manpage: ensure a maximum width for the text version [75] o max-filesize.md: mention zero disables the limit [93] o mbedtls: add more informative logging [162] o mbedtls: fix setting tls version [200] o mbedtls: no longer use MBEDTLS_SSL_VERIFY_OPTIONAL [181] o mime: avoid inifite loop in client reader [155] o mk-ca-bundle.pl: include a link to the caextract webpage [68] o multi: make the "general" list of easy handles a Curl_llist [97] o multi: on socket callback error, remove socket hash entry nonetheless [149] o ngtcp2/osslq: remove NULL pointer dereferences [213] o ngtcp2: use NGHTTP3 prefix instead of NGTCP2 for errors in h3 callbacks [79] o openssl quic: fix memory leak [229] o openssl: certinfo errors now fail correctly [250] o openssl: fix the data race when sharing an SSL session between threads [221] o openssl: improve shutdown handling [44] o pingpong: drain the input buffer when reading responses [193] o POP3: fix multi-line responses [168] o pop3: use the protocol handler ->write_resp [220] o printf: fix mingw-w64 format checks [228] o progress: ratelimit/progress tweaks [32] o pytests: add tests for HEAD requests in all HTTP versions [42] o rand: only provide weak random when needed [233] o runtests: if DISABLED cannot be read, error out [56] o runtests: log ignored but passed tests [130] o runtests: remove "has_textaware" [217] o rustls: fix setting tls version [202] o rustls: make all tests pass [1] o schannel: avoid malloc for CAinfo_blob_digest [247] o scorecard: tweak request measurements [139] o sectransp: fix setting tls version [204] o SECURITY: mention OpenSSF best practices gold badge [161] o setopt: allow CURLOPT_INTERFACE to be set to NULL [165] o setopt: let CURLOPT_ECH set to NULL reset to default [187] o setopt: make CURLOPT_TFTP_BLKSIZE accept bad values [184] o sha256: fix symbol collision between nettle (GnuTLS) and OpenSSL [135] o share: don't reinitialize conncache [214] o sigpipe: init the struct so that first apply ignores [49] o smb: convert superflous assign into assert [246] o smtp: add tracing feature [120] o splay: use access functions, add asserts, use Curl_timediff [121] o spnego_gssapi: implement TLS channel bindings for openssl [146] o src: delete `curlx_m*printf()` aliases [197] o src: fix potential macro confusion in cmake unity builds [208] o src: namespace symbols clashing with lib [248] o src: replace copy of printf mappings with an include [190] o ssh: deduplicate SSH backend includes (and fix libssh cmake unity build) [177] o system_win32: fix typo o test httpd: tweak cipher list [124] o test1521: verify setting options to NULL better [182] o test1707: output diff more for debugging differences in CI outputs o test556: improve robustness [64] o test579: improve robustness [60] o test587: improve robustness [123] o test649: improve robustness [122] o test677: improve robustness [47] o tests/runner: only allow [!A-Za-z0-9_-] in %if feature names [55] o tests: constrain http pytest to tests/http directory [205] o tests: don't mangle output if hostname or type unknown o tests: ignore QUIT from FTP protocol comparisons [108] o tests: provide docs as curldown, not nroff [12] o tidy-up: misc build, tests, `lib/macos.c` [172] o tidy-up: OS names [57] o tool_operhlp: fix "potentially uninitialized local variable 'pc' used" [48] o tool_paramhlp: bump maximum post data size in memory to 16GB [128] o transfer: Curl_sendrecv() and event related improvements [164] o transfer: remove comments, add asserts [218] o transfer: skip EOS read when download done [196] o url: dns_entry related improvements [16] o url: fix connection reuse for HTTP/2 upgrades [236] o urlapi: verify URL *decoded* hostname when set [160] o urldata: introduce `data->mid`, a unique identifier inside a multi [127] o urldata: remove 'scratch' from the UrlState struct [86] o urldata: remove crlf_conversions counter [232] o urldata: remove proxy_connect_closed bit [178] o verify-release: shell script that verifies a release tarball [29] o version: fix shadowing a `libssh.h` symbol [176] o vtls: add SSLSUPP_CIPHER_LIST [107] o vtls: fix MSVC 'cast truncates constant value' warning [23] o vtls: fix static function name collisions between TLS backends [136] o vtls: init ssl peer only once [15] o websocket: introduce blocking sends [145] o wolfssl: avoid taking cached x509 store ref if sslctx already using it [88] o wolfssl: fix CURLOPT_SSLVERSION [144] o wolfssl: fix setting tls version [201] o wolfssl: improve shutdown handling [43] o ws: flags to opcodes should ignore CURLWS_CONT flag [104] o x509asn1: raise size limit for x509 certification information [28] Signed-off-by: Adolf Belka --- config/rootfiles/common/curl | 1 + lfs/curl | 17 +++++++++-------- 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/config/rootfiles/common/curl b/config/rootfiles/common/curl index 02789e64b..be5ba351d 100644 --- a/config/rootfiles/common/curl +++ b/config/rootfiles/common/curl @@ -53,6 +53,7 @@ usr/lib/libcurl.so.4.8.0 #usr/share/man/man3/CURLINFO_NAMELOOKUP_TIME_T.3 #usr/share/man/man3/CURLINFO_NUM_CONNECTS.3 #usr/share/man/man3/CURLINFO_OS_ERRNO.3 +#usr/share/man/man3/CURLINFO_POSTTRANSFER_TIME_T.3 #usr/share/man/man3/CURLINFO_PRETRANSFER_TIME.3 #usr/share/man/man3/CURLINFO_PRETRANSFER_TIME_T.3 #usr/share/man/man3/CURLINFO_PRIMARY_IP.3 diff --git a/lfs/curl b/lfs/curl index 7652f5d37..4b901cad7 100644 --- a/lfs/curl +++ b/lfs/curl @@ -24,7 +24,7 @@ include Config -VER = 8.9.1 +VER = 8.10.0 THISAPP = curl-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 6e38e20e2b03ab5bfbb8d9797442dfdd9644fc80d7b1f7c1efb1f44e0d730524e82ccf7413b2c6f4555bd61ae42f91ec7c0201e2c0d563811c85164aa234aada +$(DL_FILE)_BLAKE2 = 18b438c0e4e7b0b698a1fee16406c611124e3d137349869dd8dbb43b5ba45163c6a053e02f665e627424c96e18f8499c13ebe1eeb4c1441936d0183d28696ae6 install : $(TARGET) @@ -71,12 +71,13 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar xf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && ./configure \ - --prefix=/usr \ - --disable-ipv6 \ - --disable-static \ - --enable-threaded-resolver \ - --with-ca-bundle=/etc/ssl/certs/ca-bundle.crt \ - --with-openssl + --prefix=/usr \ + --disable-ipv6 \ + --disable-static \ + --enable-threaded-resolver \ + --with-ca-bundle=/etc/ssl/certs/ca-bundle.crt \ + --with-openssl \ + --without-libpsl cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install @rm -rf $(DIR_APP)