From patchwork Tue Jun 3 12:18:31 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 8810 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4bBVB21ff4z3xSm for ; Tue, 3 Jun 2025 12:18:50 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "E5" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4bBV9w5PBLz6f5 for ; Tue, 3 Jun 2025 12:18:44 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4bBV9v1qgQz35Z9 for ; Tue, 3 Jun 2025 12:18:43 +0000 (UTC) X-Original-To: development@lists.ipfire.org Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4bBV9r2VK5z2y97 for ; Tue, 3 Jun 2025 12:18:40 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4bBV9q2sDKzld; Tue, 3 Jun 2025 12:18:39 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1748953119; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=ih0hK4eC1aoqJqk9Z92Sjqeu4xwfmxaB6GHw7lbjSj0=; b=gQ5Xdb+cJyok7hO/dE/fJ4WmC66yLbWd+KZ7NesRyAQj7AKI2BA9H4dx67DhzxcTuT/9ei e+sNKHOGCWvvCVCw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1748953119; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=ih0hK4eC1aoqJqk9Z92Sjqeu4xwfmxaB6GHw7lbjSj0=; b=uJKR4+OvqS5MElI2molR7zwKVCdKNch5pFtnLLYwDoKaVC/F7fB3cG/ewtzODQbWQxDS0Y 1h0bdqdQq6oYhUfaer6FZwy8wpp1rKcKALomxDnSp8qou6ja31HqY9fNQS8hZa3XM2u85C IbXBw6aO536Bed3jVf/sR0mrW2Zu5g46dRDvcAAD95YmARtpuEpK9VSRL0vLiw1QWxGPjI ZIwbkd/y8tMwaB5ZgMRaoV+w+xj6UmX62l0z1a3yjbb1dEqqSBTbmO6uHbaQg5+XpvYWne rYafQyEQFevaWShE8vjAKGJL7O/9OkvLDtRaxgyMb9D7or2U+CFgNxBbaNcXgw== From: Adolf Belka To: development@lists.ipfire.org Cc: Adolf Belka Subject: [PATCH] curl: Update to version 8.14.0 Date: Tue, 3 Jun 2025 14:18:31 +0200 Message-ID: <20250603121835.3299551-1-adolf.belka@ipfire.org> Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 - Update from version 8.13.0 to 8.14.0 - Update of rootfile - Changelog 8.14.0 Changes: mqtt: send ping at upkeep interval schannel: handle pkcs12 client certificates containing CA certificates TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs vquic: ngtcp2 + openssl support wcurl: import v2025.04.20 script + docs websocket: add option to disable auto-pong reply Bugfixes: _SEEALSO.md: remove spaces around command and man page section asny-thrdd: fix detach from running thread asnyc-thrdd: explain how this is okay with a comment asyn resolver code improvements async-threaded resolver: use ref counter async: DoH improvements autotools: detect `wolfSSL_set_quic_use_legacy_code` like cmake does autotools: install shell completion files on cross build aws-sigv4: allow a blank string build: check required rustls-ffi version build: enable gcc-12/13+, clang-10+ picky warnings build: enable gcc-15 picky warnings certs: drop unused `default_bits` from `.prm` files cf-https-connect: use the passed in dns struct pointer cf-socket: fix FTP accept connect cfilters: remove assert cmake/FindNGTCP2: simplify multi-pkg-config detection cmake: append picky warnings to `CMAKE_REQUIRED_FLAGS` as string cmake: avoid 'target is imported but not globally visible' when consuming libcurl with old cmake cmake: do not install `mk-ca-bundle` script and manpage cmake: enable `-Wall` for MSVC when `PICKY_COMPILER=ON` cmake: extend integration tests cmake: fix `fish` install directory detection via `pkg-config` cmake: fix nghttp3 static linking with `USE_OPENSSL_QUIC=ON` cmake: fix option() and mark_as_advanced() mixed order cmake: fix shell completion install when just one flavor is enabled cmake: honor individual picky option overrides found in `CMAKE_C_FLAGS` cmake: install shell completions for cross-builds cmake: link `crypt32` for OpenSSL feature detection cmake: merge `CURL_WERROR` logic into `PickyWarnings.cmake` cmake: prefer `COMPILE_OPTIONS` over `CMAKE_C_FLAGS` for custom C options cmake: quotes, whitespace, use `VERSION_GREATER_EQUAL` cmake: revert `CURL_LTO` behavior for multi-config generators cmake: set `BUILDING_LIBCURL` directly for unit test targets cmake: stop deleting `-W` from `CMAKE_C_FLAGS` (MSVC) cmake: tidy up and document feature detections in dependencies cmake: use `CMAKE_COMPILE_WARNING_AS_ERROR` if available cmake: use `INCLUDE_DIRECTORIES` prop to specify local header dirs cmake: use `LIB_NAME` in `curl-config.cmake.in` cmake: use absolute paths for completion targets cmake: use the `LINK_OPTIONS` property with CMake 3.13+ configure: catch asking for double resolver without https-rr configure: fix --disable-rt configure: restore link checks configure: suppress command not found for brew conncache: make Curl_cpool_init return void connect: shutdown timer fix content_encoding: Transfer-Encoding parser improvements CONTRIBUTE: add project guidelines for AI use contrithanks.sh: drop set -e cpool/cshutdown: force close connections under pressure curl: fix memory leak when -h is used in config file curl: only warn once for --manual in manual-disabled build curl_get_line: handle lines ending on the buffer boundary curl_krb5: only use functions if FTP is still enabled curl_multibyte: fixup low-level calls, include in unity builds curl_osslq: remove a leftover debug fprintf() call curl_version_info.md: clarify ssl_version for MultiSSL CURLMOPT_TIMERFUNCTION.md: correct the example CURLOPT_ERRORBUFFER.md: buffer is read only after curl takes ownership CURLOPT_FOLLOWLOCATION.md: switch to GET => no body CURLOPT_READFUNCTION.md: mention the seek callback CURLOPT_XFERINFOFUNCTION.md: fix the callback return type in example curlx: move the docs to docs/internals/ DEPRECATE.md: drop support for VS2008 DEPRECATE.md: drop Windows CE support dist: drop duplicate entry from `CMAKE_DIST` dns_entry: move from conn to data->state Dockerfile: update debian:bookworm-slim Docker digest to 90522ee docs/INSTALL.md: drop reference to removed configure option docs/libcurl: fix type and prototype problems in examples docs/libcurl: make examples build with picky compiler options docs/libcurl: mention sensitive data/headers docs: add missing return statement in examples docs: fix incorrect shell substitution in docker run example command docs: fix typo in retry.md docs: update distros links doh: httpsrr fix doh: make sure CURLOPT_PROTOCOLS is set a with a "long" arg doh: reduce the DNS request buffer size easy_reset: fix dohfor_mid member ECH: reference the OpenSSL ECH feature branch etag-save.md: mention how using both options is a good idea eventfd: fix feature guards formdata: cleanups ftp: fix bug in failed init ftp: fix race in upload handling ftplistparser: add two overflow preventions ftplistparser: split up into more functions generate.bat: exclude curlinfo.c from legacy VS projects genserv.pl: fail with a message if `openssl` is missing or failing headers: enforce a max number of response header to accept headers: set an error message on illegal response headers hostip: fix build without threaded-resolver and without DoH hostip: show the correct name on proxy resolve error http2: fix stream window size after unpausing HTTP3.md: fix incorrect variable placeholders http: fix a build error when all auths are disabled http: fix HTTP/2 handling of TE request header using "trailers" http: in alt-svc negotiation only allow supported HTTP versions http_aws_sigv4: add additional verbose log statements http_aws_sigv4: improve sigv4 url encoding and canonicalization http_chunks: narrow variable scope for 'trlen' http_negotiate: fix non-SSL build with GSSAPI https-connect: fix httpsrr target check HTTPSRR.md: clarify somewhat if2ip: build the function also if FTP is present imap: remove redundant condition INSTALL-CMAKE.md: fix typo INSTALL.md: update the minimal libcurl size example KNOWN_BUGS: fix link in sivg4 issue 16.3 lib/src/docs/test: improve curl_easy_setopt() calls lib1560: use hex notation, drop non-ASCII exception lib3026: drop DLL pre-load perf mitigation for old mingw lib: add const to clientwriter tables lib: drop curlx_getpid, use fake pid in SMB lib: include files using known path lib: make Curl_easyopts const lib: unify conversions to/from hex libcurl-tutorial.md: fix read callback explanation libssh: add NULL check for Curl_meta_get() libssh: fix memory leak libssh: remove a condition that always equals false libtest/first: stop defining MEMDEBUG_NODEFINES libtests: define CURL_DISABLE_DEPRECATION first make: clean tests better mbedtls: TLS 1.3 is max when mbedtls has 1.3 support metahash: add asserts to help analyzers mk-ca-bundle.pl: follow redirects mk-ca-bundle: switch URLs to GitHub versions mkhelp: fix to not generate a line-ending space in some cases mqtt: use conn/easy meta hash multi: do transfer book keeping using mid multi: init_do(): check result netrc: avoid NULL deref on weird input netrc: avoid strdup NULL netrc: deal with null token better ngtcp2: clarify ignoring of result openssl-quic: avoid potential `-Wnull-dereference`, add assert openssl-quic: fix printf mask openssl-quic: fix shutdown when stream not open openssl: enable builds for *both* engines and providers openssl: set the cipher string before doing private cert parsedate: provide Curl_wkday also for GnuTLS builds processhelp.pm: always call `taskkill` with `-f` (force) processhelp.pm: avoid potential endless loop, log more (Windows) progress: avoid integer overflow when gathering total transfer size pytest tls: extend coverage pytest-xdist: pytest in parallel pytest: add pinnedpubkey test cases pytest: give parameterised tests better ids for read- and parsability pytest: make test_07_22 more lenient to exit codes quic: no local idle connection timeout, ngtcp2 keep-alive rand: update comment on Curl_rand_bytes weak random RELEASE-PROCEDURE.md: release candidate git tagging explained rtsp: remove redundant condition runtests: add retry option to reduce flakiness runtests: fix indentation runtests: recognize lowercase `windows` in `curl -V` runtests: remove server verification after start runtests: split `SSH_PWD` into `SCP_PWD` and `SFTP_PWD`, and more rustls: make max size of cert and key reasonable sasl: give help when unable to select AUTH scripts: completion.pl: sort the completion file for all shells scripts: drop unused import, formatting scripts: fix --opts-dir help in completion.pl scripts: fix perl indentation, whitespace, semicolons sectransp: fix building for macOS Sierra and older setopt: provide info for CURLE_BAD_FUNCTION_ARGUMENT smb: avoid integer overflow on weird input date socket: use accept4 when available socketpair: support pipe2 where available spacecheck.pl: check for non-ASCII chars, fix fallouts spacecheck.pl: verify `tests/data/test*` for non-ASCII chars src: drop strcase.[ch] from tool builds src: include memdebug.h consistently with angle brackets <> src: rename curlx_safefree to tool_safefree test1173.pl: whitelist some option-looking names that aren't options test1658: add unit test for the HTTPS RR decoder test: make unittest 1308 into a libtest tests/ech_tests.sh: sync shebang with rest of bash scripts tests/FILEFORMAT.md: clarify %hex[] formatting tests/FILEFORMAT.md: document the aws feature tests/README.md: document --test-duphandle tests/README.md: list the openssl tool among the prerequisites tests/server/dnsd: basic DNS server for test suite tests/server: check for `stream != NULL` in mqttd tests/server: fix typo in comment tests/server: stop using libcurl string comparisons tests/server: stop using libcurl's printf functions tests/serverhelp: remove last remnants of http-pipe server tests/tunit: make a separate directory for tool-based unit tests tests: add aws feature to the related tests tests: Add https-mtls server to force client auth tests: fix some test tag mismatches tests: mark ipfs tests to require ipfs tests: move a boolean variable out of the path section tests: prefer `--insecure` over `-k` tests: provide all non-ascii data hex encoded tests: remove some unused test case sections tests: require IPv6 for 1265, 1324, 2086 tests: separate tunit tests from unit tests more tests: stop using libcurl's strdup tests: unify test case keywords tests: use a more portable null device path TODO: remove "nicer lacking perl message" tool_cb_write.c: handle EINTR on flush tool_getparam: clear argument only when needed tool_operate: make retrycheck() a separate function tool_operate: when retrying, only truncate regular files tool_paramhlp: avoid integer overflow in secs2ms() tool_parsecfg: make get_line handle lines ending on the buffer boundary typecheck-gcc.h: fix the typechecks urlapi: redirecting to "" is considered fine urlapi: remove unneeded guards around PUNY2IDN urldata: remove the unused struct field 'hide_progress' VERSIONS: list all past releases vquic: consistent name for the stream struct across backends vquic: init for every call to recvmsg vtls: avoid NULL deref on bad PEM input vtls: fix build with ssl but without http VULN-DISCLOSURE-POLICY: use of weak algos winbuild: add the deprecation warning to the README winbuild: curl_get_line is not used for tool builds windows: fix builds targeting WinXP, test it in CI wolfssl: fix to enable ALPN when available ws: fix the header replace check ws: store protocol context as connection meta data Signed-off-by: Adolf Belka --- config/rootfiles/common/curl | 3 +++ lfs/curl | 4 ++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/config/rootfiles/common/curl b/config/rootfiles/common/curl index f27d3b939..ad9f8397b 100644 --- a/config/rootfiles/common/curl +++ b/config/rootfiles/common/curl @@ -1,5 +1,6 @@ usr/bin/curl #usr/bin/curl-config +#usr/bin/wcurl #usr/include/curl #usr/include/curl/curl.h #usr/include/curl/curlver.h @@ -21,6 +22,7 @@ usr/lib/libcurl.so.4.8.0 #usr/share/aclocal/libcurl.m4 #usr/share/man/man1/curl-config.1 #usr/share/man/man1/curl.1 +#usr/share/man/man1/wcurl.1 #usr/share/man/man3/CURLINFO_ACTIVESOCKET.3 #usr/share/man/man3/CURLINFO_APPCONNECT_TIME.3 #usr/share/man/man3/CURLINFO_APPCONNECT_TIME_T.3 @@ -373,6 +375,7 @@ usr/lib/libcurl.so.4.8.0 #usr/share/man/man3/CURLOPT_SSL_FALSESTART.3 #usr/share/man/man3/CURLOPT_SSL_OPTIONS.3 #usr/share/man/man3/CURLOPT_SSL_SESSIONID_CACHE.3 +#usr/share/man/man3/CURLOPT_SSL_SIGNATURE_ALGORITHMS.3 #usr/share/man/man3/CURLOPT_SSL_VERIFYHOST.3 #usr/share/man/man3/CURLOPT_SSL_VERIFYPEER.3 #usr/share/man/man3/CURLOPT_SSL_VERIFYSTATUS.3 diff --git a/lfs/curl b/lfs/curl index a6cb3bb3d..e436991cd 100644 --- a/lfs/curl +++ b/lfs/curl @@ -24,7 +24,7 @@ include Config -VER = 8.13.0 +VER = 8.14.0 THISAPP = curl-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 6869634ad50f015d5c7526699034d5a3f27d9588bc32eacc8080dbd6c690f63b1f25cee40d3fdf8fd9dd8535c305ea9c5edf1d5a02bc6d9ce60fd8c88230aca0 +$(DL_FILE)_BLAKE2 = d8b7d58e6923366265a1d95d3a6f14002729dfb95d88b17ec925d096bd199b206f6c9645e1e4be3bc2d295e8898c35990eda6f45329396f38753725907e402a1 install : $(TARGET)