From patchwork Mon May 4 17:40:56 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 9803 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature ECDSA (secp384r1 raw public key) server-digest SHA384 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail01.haj.ipfire.org", Issuer "R12" (not verified)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4g8TTJ3pz3z3wkB for ; Mon, 04 May 2026 17:41:08 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [IPv6:2001:678:b28::201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (Client CN "mail02.haj.ipfire.org", Issuer "E8" (not verified)) by mail01.ipfire.org (Postfix) with ESMTPS id 4g8TTH2Ghzz76X for ; Mon, 04 May 2026 17:41:07 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [IPv6:::1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4g8TTG6bKdz32c1 for ; Mon, 04 May 2026 17:41:06 +0000 (UTC) X-Original-To: development@lists.ipfire.org Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature ECDSA (secp384r1 raw public key) server-digest SHA384 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail01.haj.ipfire.org", Issuer "R12" (not verified)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4g8TTD1mjyz2xMF for ; Mon, 04 May 2026 17:41:04 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4g8TTC0Phjz3Lp; Mon, 04 May 2026 17:41:02 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1777916463; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=1focHAzpIslxRbJqbC8W9GyMSjlMa1Q77xjIemlYP1s=; b=cFebzN5kpC4Ah1ElEALCuQCyhEfAcSMnnuVLJGYjvo5gOOWQbdmQK9q9OUq4cYzCJUSc9R Oi3qoT/2teCZd3BA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1777916463; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=1focHAzpIslxRbJqbC8W9GyMSjlMa1Q77xjIemlYP1s=; b=MY34T5kIZyKOQq5vuBdNb1A8Hh7w/0hFAgbV8J06Icg5Lz5UzrL80Ieq7WDuU9PRi1+GNC IqwSEVnbB9JuC8GssjOPh6vTcfaJbWq0DvhCgd5DRRdZN4+Hanzxa0h/Lp4E1xXJqV1SR6 yWevOBpaJRQAhRgVDAzmono7ZS9Dz8IAbjgQpFfGMrW3coOZdhx+Vjkmm4421IakK0aSTp jJuw+QLLblh07WywTDZ2VrTf8nR6bKUKAfohrCYf9as/m6XIuz0YS+KEwN7esaF5jFSIBB Zz8elNiU3dbjHGeJi5sW7zo7HPcHIIuKtqmxB9zvWCafj77ni4NVL4WBqA2Iyw== From: Adolf Belka To: development@lists.ipfire.org Cc: Adolf Belka Subject: [PATCH] curl: Update to version 8.20.0 Date: Mon, 4 May 2026 19:40:56 +0200 Message-ID: <20260504174059.3648098-1-adolf.belka@ipfire.org> Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 - Update from version 8.19.0 to 8.20.0 - Update of rootfile - Changelog 8.20.0 Changes: async-thrdd: use thread queue for resolving build: make NTLM disabled by default cmake: drop support for CMake 3.17 and older lib: add thread pool and queue lib: drop support for < c-ares 1.16.0 lib: make SMB support opt-in multi.h: add CURLMNWC_CLEAR_ALL rtmp: drop support Bugfixes: altsvc: cap the list at 5,000 entries altsvc: drop the prio field from the struct altsvc: skip expired entries read from file asyn-ares: connect async asyn-ares: drop orphaned variable references asyn-ares: fix HTTPS-lookup when not on port 443 asyn-thrdd: drop redundant `result` check asyn-thrdd: fix clang-tidy unused value warning async-ares: fix query counter handling autotools: limit checksrc target to ignore non-repo test sources badwords-all: exit with correct code on errors badwords: combine the whitelisting into a single regex badwords: detect the the and with with badwords: only check comments and strings in source code badwords: rework exceptions, fix many of them boringssl: fix more coexist cases with Schannel/WinCrypt build: adjust/add casts to fix `-Wformat-signedness` build: assume `snprintf()` in `mprintf`, drop feature check build: compiler warning silencing tidy-ups build: drop `openssl` module dependency for BoringSSL from `libcurl.pc` build: drop duplicate `pthread.h` includes build: drop redundant `USE_QUICHE` guards build: enable `-Wimplicit-int-enum-cast` compiler warning, fix issues build: fix `-Wformat-signedness` by adjusting printf masks build: link `bcrypt.lib` via vcxproj files build: skip detecting `pipe2()` for Apple targets cf-https-connect: silence `-Wimplicit-int-enum-cast` with HTTPS-RR cf-https-connect: silence `-Wimplicit-int-enum-cast` with HTTPS-RR cf-ip-happy: limit concurrent attempts cf-socket: avoid low risk integer overflow on ancient Solaris cfilters: fix Curl_pollset_poll() return code mixup clang-tidy: avoid assignments in `if` expressions clang-tidy: enable more checks, fix fallouts cmake: add CMake Config-based dependency detection cmake: add CMake Config-based dependency detection for c-ares, wolfSSL cmake: document functions used from Windows system DLLs cmake: enable pthreads for BoringSSL/AWS-LC cmake: resolve targets recursively when generating `libcurl.pc` cmake: rework binutils ld hack to not read `LOCATION` property cmake: silence bad library `Threads::Threads` warning cmake: use `AIX` built-in variable (with CMake 4.0+) config2setopts: make --capath work in proxy disabled builds configure: fix `--with-ngtcp2=` option for crypto libs configure: fix LibreSSL ngtcp2 1.15.0+ crypto lib selection logic configure: prefer dependency-specific variables over `$withval` configure: remove superfluous experimental warning for HTTP/3 configure: silence useless clang warnings in C89 builds configure: tidy up comments connect: fix typo on error message cookie: fix rejection when tabs in value curl-wolfssl.m4: fix to use the correct value for pkg-config directory curl.h: replace macros with C++-friendly method to enforce 3 args curl_ctype.h: fix spelling in a couple of locally used macros curl_get_line: error out on read errors curl_get_line: fix potential infinite loop when filename is a directory curl_ngtcp2: extend and update callbacks for 1.22.0+ curl_ntlm_core: drop redundant PP condition curl_ntlm_core: use wolfCrypt DES API with wolfSSL curl_setup.h: drop stray/unused `USE_OPENSSL_QUIC` guard curl_sha512_256: support delegating to wolfSSL API curl_version_info.md: clarify age details CURLOPT_HAPROXY_CLIENT_IP.md: mention assumption on data format CURLOPT_RTSP_SESSION_ID.md: clarify reuse "dangers" CURLOPT_RTSP_SESSION_ID.md: expand the comment CURLOPT_RTSP_SESSION_ID.md: minor language fix CURLOPT_SOCKS5_AUTH.md: an access property CURLOPT_SSL_CTX_FUNCTION.md: expand on effects connection reuse CURLOPT_UPLOAD_FLAGS.md: expand curlx_now(), prevent zero timestamp DEPRECATE: fix minor release number typo digest: pass in the username quoted (as well) dns: https-eyeballing async dnscache: own source file, improvements docs/cmdline-opts: tidy up retry-connrefused docs/lib: fix typos docs/libcurl: improve easy setopt examples docs: clarify retry-max-time timing docs: CURLOPT_LOGIN_OPTIONS is a login property docs: enable more compiler warnings for C snippets, fix 3 finds docs: list more dependencies for running Python HTTP tests docs: mention more zip bomb precautions docs: minor wording tweaks docs: noproxy wants the punycoded hostname version docs: SSH host verification is done at connect time docs: use the correct CURLOPT_WRITEFUNCTION signature doh: fix memory-leak when doing a second DoH resolve doh: remove superfluous doh_req check examples/websocket: fix to sleep more on Windows examples: drop warning silencers no longer hit examples: fix typo in comment file: init fd to -1 to prevent close fd 0 on early failure fopen: for temp files, inherit permissions only for owner ftp: do not strdup DATA hostname ftp: make the MDTM date parser stricter (again) ftp: reject PWD responses containing control characters gcc: guard `#pragma diagnostic` in core code for <4.6 generate.bat: remove extra % from VC11 and VC12 runs genserv.pl: make external calls safe getinfo: initialize `PureInfo` field `used_proxy` getinfo: repair CURLINFO_TLS_SESSION gnutls: fix clang-tidy warning with !verbose gtls: fail for large files in `load_file()` h3: HTTPS-RR use in HTTP/3 Happy Eyeballs: add resolution time delay haproxy: use correct ip version on client supplied address hostip: clear the sockaddr_in6 structure before use hostip: init the curl_jmpenv_lock appropriately hostip: resolve user supplied ip addresses HSTS: cap the list hsts: make the HSTS read callback handle name dupes hsts: skip expired HSTS entries read from file hsts: when a dupe host adds subdomains, use that http2: clear the h2 session at delete http2: prevent secure schemes pushed over insecure connections http2: return error on OOM in push headers HTTP3.md: drop outdated mentions of OpenSSL-QUIC http: clear credentials better on redirect http: clear digest nonce on cross-origin redirect http: clear the proxy credentials as well on port or scheme change http: fix auth_used and auth_avail http: fix Curl_compareheader for multi value headers http: make Curl_compareheader handle multiple commas in header http: on 303, switch to GET http: use header_has_value() instead of duplicate code imap: reset the UIDVALIDITY state between transfers include: drop badword from public headers INSTALL.md: update Cygwin instructions keylog.h: replace literal number with macro in declaration keylog: drop unused/redundant includes and guards ldap: drop duplicate `ldap_set_option()` on Windows ldap: fix to initialize cleartext connection on Windows lib1560: fix comment typo lib1960: fix test failure lib: accept larger input to md5/hmac/sha256/sha512 functions lib: always use Curl_1st_fatal instead of Curl_1st_err lib: fix typos in comments lib: make resolving HTTPS DNS records reliable: lib: minor comment typos lib: move request specific allocations to the request struct lib: replace `PRI*32` printf masks with C89 ones libssh2: allocate libssh2-friendly memory in kbd_callback libssh2: fix error handling on quote errors libssh: fix 64-bit printf mask for mingw-w64 <=6.0.0 libssh: fix `-Wsign-compare` in 32-bit builds libssh: path length precaution libssh: propagate error back in SFTP function libtest: drop duplicate include location/follow: mention netrc man: fix argument type for `CURLSHOPT_[UN]SHARE` options mbedtls: cleanup more without care for 'initialized' mbedtls: fix ECJPAKE matching mbedtls: remove failf() call with first argument as NULL md4, md5: switch to wolfCrypt API in wolfSSL builds mime: only allow 40 levels of calls misc: fix code quality findings mk-ca-bundle.pl: make `ca-bundle.crt` timestamp match `certdata.txt`'s multi: enhance pending handles fairness multi: fix connection retry for non-http multi: improve wakeup and wait code netrc: find login-less password when user is given in URL netrc: remove unused parsenetrc() macro for netrc-disabled netrc: skip malformed macdef lines openssl channel_binding: lookup digest algorithm without NID openssl: drop obsolete SSLv2 logic openssl: fix build with 4.0.0-beta1 no-deprecated openssl: fix memory leaks in ECH code (OpenSSL 3) openssl: fix unused variable warnings in !verbose builds openssl: trace count of found / imported Windows native CA roots OS400: add new definitions to the ILE/RPG binding. os400sys: fix typo in comment (symmetry) parsedate: bsearch the time zones parsedate: fix wrong treatment of "military time zones" parsedate: refactor perl: harden external command invocations progress: count amount of data "delivered" to application protocol.h: fix the CURLPROTO_MASK protocol: disable connection reuse for SMB(S) protocol: use scheme names lowercase proxy: chunked response, error code pytest: add additional quiche check for flaky test_05_01 pytest: check 429 handling rand: use `BCryptGenRandom()` in UWP builds ratelimit: reset on start request: reset resp_trailer in new requests runtests: skip setting ed25519 SSH key format rustls: fix memory leak on repeated SSLKEYLOGFILE fails rustls: handle EOF during initial handshake schannel: increase renegotiation timeout to 60 seconds scripts: drop redundant double-quotes: `"$var"` -> `$var` (Perl) scripts: harden / tidy up more Perl `system()` calls sendf: fix CR detection if no LF is in the chunk setopt: fix typos in comments setopt: move CURLOPT_CURLU setup connection filter: mark as setup sha256, sha512_256: switch to wolfCrypt API sha256: support delegating to wolfSSL API share: concurrency handling, easy updates share: do bitshifts after the type is checked to be valid socks: reject zero-length GSSAPI/SSPI tokens from proxy socks: use dns filter for resolving spelling: fix typos src: use ftruncate() unconditionally sshserver.pl: harden more `system()` calls sshserver.pl: pass command-line to `system()` safely strerr: correct the strerror_s() return code condition sws: fix potential OOB write synctime: fix off-by-one read and write to a read-only buffer (Windows) test 766: flag as timing-dependent test1675: unit tests for URL API helper functions test459: switch to mode="warn" for stderr check testcurl.pl: replace shell commands with Perl `rmtree()` tests/unit/README: describe how to unit test static functions tests: avoid infinite recursion for `make check` tests: use %b64[] instead of "raw" base64 tool: check for curlinfo->age when determining if ssh backend tool: fix memory mixups tool: fix retries in parallel mode tool: fix two more allocator mismatches tool_cb_hdr: only truncate etags output when regular file tool_cb_rea: make waitfd() return void tool_cb_wrt: fix no-clobber error handling tool_cfgable: free the SSL signature algorithms tool_formparse: propagate my_get_line errors when reading headers tool_getparam: use correct free function for libcurl memory tool_ipfs: accept IPFS gateway URL without set port number tool_msgs: avoid null pointer deref for early errors tool_operate: actually apply the --parallel-max-host limit tool_operate: drop the scheme-guessing in the -G handling tool_operate: fix condition for loading `curl-ca-bundle.crt` (Windows) tool_operate: fix memory-leak on failed uploads tool_operate: fix minor memory-leak on early error tool_operate: reset the upload glob counter for next URL tool_operhlp: fix `add_file_name_to_url()` result on OOM tool_operhlp: iterate through all slashes to find name tool_operhlp: propagate low-level OOM in `add_file_name_to_url()` tool_setopt: return error on OOM correctly tool_urlglob: fix memory-leak on glob range overflow top-complexity: prevent filename-based shell injection risk transfer: clear the old autoreferer transfer: clear the URL pointer in OOM to avoid UAF transfer: enable custom methods again on next transfer transfer: enhance secure check unit1675: fix `-Wformat-signedness` url: do not reuse a non-tls starttls connection if new requires TLS url: improve connection reuse on negotiate url: init req.no_body in DO so that it works for h2 push url: set default upload flags to CURLULFLAG_SEEN url: use the socks type for socks proxy url: use URL for lowercase URL even in comments urlapi: fix handling of "file:///" urlapi: make dedotdotify handle leading dots correctly urlapi: same origin tests urlapi: stop extracting hostname from file:// URLs on Windows urlapi: verify the last letter of a scheme when set explicitly urldata.h: fix typo and lingering backtick urldata: connection bit ipv6_ip is wrong urldata: import port types and conn destination format urldata: make hstslist only present in HSTS builds urldata: make speeder_c uint32 urldata: move cookiehost to struct SingleRequest urldata: remove trailers_state vquic: fix variable name in fallback code vtls: fix comment typos and tidy up a type vtls: log when key logging is enabled. vtls_scache: check reentrancy vtls_scache: include cert_blob independently of verifypeer wolfssl: document v5.0.0 (2021-11-01) as minimum required wolfssl: fix `-Wmissing-prototypes` wolfssl: fix handling of abrupt connection close ws: fix a blocking curl_ws_send() to report written length correctly x509asn1: fix to return error in an error case from `encodeOID()` x509asn1: fixed and adapted for ASN1tostr unit testing x509asn1: improve encodeOID 8.19.0 Changes: BUG-BOUNTY.md: we stop the bug-bounty end of Jan 2026 cmake: add `CURL_BUILD_EVERYTHING` option mqtt: initial support for MQTTS tool: support fractions for --limit-rate and --max-filesize tool_cb_hdr: with -J, use the redirect name as a backup vquic: drop support for OpenSSL-QUIC windows: add build option to use the native CA store windows: bump minimum to Vista (from XP) Bugfixes: altsvc: only accept 17 byte dates from files asyn-ares: abort with OOM error when Curl_dnscache_mk_entry fails async-ares: blocking resolve timeout handling, better badwords: move into ./scripts, speed up build: add missing `GENERATEDCERTS` files build: adjust minimum version for some clang picky warnings build: check `MSG_NOSIGNAL` directly, drop detection and interim macro build: constify `memchr()`/`strchr()`/etc result variables (cont.) build: detect and include `inttypes.h` again build: do not include wolfSSL header in `curl_setup.h` build: drop duplicate C includes build: drop global suppression of `-Wformat-nonliteral`, fix fallouts build: drop unused `snprintf()` feature check on Windows build: fix `-Wunused-macros` warnings, and related tidy-ups build: fix building rare combinations build: fully omit verbose strings and code when disabled build: globally suppress DJGPP warnings in `FD_SET()` build: merge TrackMemory (`CURLDEBUG`) into debug-enabled option build: move curl stat struct type to the curlx namespace build: opt-in MSVC to C99-style verbose logging logic build: require POSIX `strdup()` build: tidy up and dedupe `strdup` functions cf-socket: ignore SOCK_CLOEXEC etc for socktype equality checks cf-socket: use SOCK_CLOEXEC in socket_open when available checksrc-all.pl: skip non-repository files checksrc: do not apply `BANNEDFUNC` to struct member functions checksrc: warn for leading spaces before the preprocessor hash clang-tidy: add missing and delete redundant parentheses clang-tidy: add more missing parentheses in macro values clang-tidy: avoid/silence `bugprone-not-null-terminated-result` clang-tidy: check `bugprone-macro-parentheses`, fix fallouts clang-tidy: drop redundant conditions reported by `misc-redundant-expression` clang-tidy: enable `bugprone-signed-char-misuse`, fix fallouts clang-tidy: enable more checks clang-tidy: enable scanning headers clang-tidy: fix issues found with build-fuzzing clang-tidy: silence more minor issues found by v22 cmake/FindMbedTLS: add workaround for missing static MSVC `mbedcrypto.lib` 4.0.0 cmake: add `CURL_DROP_UNUSED` option to reduce binary sizes cmake: add native clang-tidy support for tests, with concatenated sources cmake: always build curlu and curltool test libs in unity mode cmake: always define `CURL::win32_winsock` on Windows in `curl-config.cmake` cmake: convert `curl_add_clang_tidy_test_target()` macro to function cmake: enable binutils ld workaround for all toolchains at build-time cmake: fix `LOCATION` property access condition (debug) cmake: fix `LOCATION` property read errors in target debug function cmake: fix building with `CMAKE_FIND_PACKAGE_PREFER_CONFIG=ON` cmake: fix confusing error when a dependency is undetected in `curl-config.cmake` cmake: fix logic for openssl/zlib binutils ld workaround cmake: fix passing system header directories to clang-tidy for tests cmake: fix system include directory position for clang-tidy in tests cmake: improve clang-tidy test command-line reproduction cmake: minor fixes to test targets after prev cmake: normalize uppercase hex winver (for display) cmake: omit `curl.rc` from curltool lib cmake: reference OpenSSL and ZLIB imported targets only when enabled cmake: replace internal option with a new `tt` (test tools) target cmake: silence potential unused var warnings in C++ test snippet cmake: silence silly Apple clang warnings in C89 mode, test in CI cmake: silence useless compiler warnings triggered by the FASTBuild generator cmake: skip binutils ld hack if zlib/openssl target is not `IMPORTED` cmake: warn for invalid `CURL_TARGET_WINDOWS_VERSION` values cmke: add `*_USE_STATIC_LIBS` options for 9 dependencies config-plan9: set `HAVE_STDINT_H` again config2setopts: acknowledge OOM error from CURLOPT_MIMEPOST config2setopts: fix for --disable-aws build configuration configure: drop always true `if` check (Windows) content_encoding: return 'identity' if none other exists curl: add -I and -i to -h important curl: limit Windows-specific code to Windows builds, other tidy-ups curl_easy_nextheader.md: a new transfer invalidates 'prev' curl_get_line: drop single-use macro curl_multi_perform.md: resolve inconsistency curl_ntlm_core: merge two `#if` blocks curl_setup.h: drop extra header guard for internal include curl_setup.h: merge back single-use internal header `curl_setup_once.h` curl_setup.h: simplify curl memory macro mappings curl_setup_once: allow CURL_DEBUGASSERT for customization CURLINFO_CONTENT_LENGTH_DOWNLOAD_T.md: fix available protocols curlx: drop unused `curlx_saferealloc()` digest: escape double quotes and backslashes in realm and nonce digest: fix memory leak in auth_create_digest_http_message() digest: handle quotes in the path docs/INSTALL: update configure details docs/libcurl: unify WARNING use docs: add LibreELEC to DISTROS.md docs: add reproducible example for generating man page docs: avoid starting sentences with However, docs: avoid using the word 'magic' docs: clarify --ipv4 and --ipv6 docs: document the need for a 64-bit type and stdint.h docs: drop basically docs: explicitly call out Slowloris as not a security flaw docs: fix grammar nitpicks docs: handle error in `curl_global_init*` examples docs: replace instances of the vague qualifier 'quite' docs: reword explanation of --variable option docs: some nitpicks docs: use dot instead of comma at end of sentences easy: reset errorbuf on eyeballing success easy: reset pausing when resetting request examples/usercertinmem: use modern OpenSSL API, drop mentions of RSA examples: improve OpenSSL certificate examples examples: omit forward declarations, apply misc fixes FAQ: syntax improvements fopen.h: simplify curl memory macro mappings ftp: replace a `curlx_free()` with `curlx_dyn_free()` ftp: split ftp_state_use_port into sub functions GOVERNANCE.md: Post-Daniel BDFL gss: exclude verbose error logic from non-verbose builds h2+h3: align stream close handling hostip.c: fix leak of addrinfo hostip6: remove debug-only code hostip: fix unreachable code in rare build configuration http/3: add description for known server error codes http1: fix potential NULL dereference in `Curl_h1_req_parse_read()` http: only send bearer if auth is allowed http_aws_sigv4: fix query normalization of %2b imap: add a check for Curl_meta_get() imap: check `imap_sendf()` printf masks at compile-time imap: skip literals inside quoted strings include: avoid recursive macros include: mask computed auth/proto bitmasks to 32 bits INSTALL-CMAKE.md: document Apple framework options INSTALL.md: fix typo INSTALL.md: suggest `-Wl,-dead_strip` for Apple targets KNOWN_BUGS.md: absolute Unix domain filename for SOCKS on Windows ldap: silence clang-tidy v22 warning ldap: silence potential unused variable warning (OS400) lib: delete unused local includes lib: disable websockets early if no http lib: make sigpipe handling more lazy lib: reorder protocol functions to avoid forward declarations (email) lib: reorder protocol functions to avoid forward declarations (ftp) lib: reorder protocol functions to avoid forward declarations (misc cont.) lib: reorder protocol functions to avoid forward declarations (misc) lib: reorder protocol functions to avoid forward declarations (ssh) lib: separate scheme info from protocol implementation lib: skip compiling code with features disabled lib: use (u)int64_t instead of long long libcurl docs: reduce 'since ...' in descriptions libcurl-security.md: fix typos and add a point about URLs libtests: drop two redundant `memset()`s Makefile.am: delete RPM targets referencing non-existent files Makefile.am: drop stray VC project files from dist managen: silence Perl warnings mbedtls: guard TLS 1.3 + session tickets usage inside ifdef mbedtls: no pinnedpubkey wo MBEDTLS_SSL_KEEP_PEER_CERTIFICATE mbedtls: remove newline from failf() call mbedtls: split mbed_connect_step1 into sub functions md4, md5: drop redundant forward declarations md4, md5: replace custom types with `uint32_t` memdebug: include `backtrace.h` as system header mime: drop fallback for unused `R_OK` macro mimepost: allocate main struct on-demand mk-ca-bundle.pl: drop support for obsolete/insecure fingerprint algos mod_curltest: silence unused argument compiler warning mprintf: drop old sprintf fallback mprintf: rename internal enum to avoid collision with AmigaOS symbol mprintf: silence clang-tidy `readability-suspicious-call-argument` mprintf: use `_snprintf()` when compiled with VS2013 and older mqtt: better too-big-message-check mqtt: fix EOF handling mqtt: verify Remaining Length for CONNACK and PUBACK msvc: drop exception, make `BIT()` a bitfield with Visual Studio msvc: VS2026: unlock picky warning in cmake, test in CI multi: avoid a theoretical 32-bit wrap multi: fix unreachable code compiler warning multi: probe for IPv6 functionality in multi_init() multi: split multi_runsingle into sub functions multi: update timer unconditionally in multi_remove_handle ngtcp2: stabilize recv noproxy: simplify, don't mix const non-const in strchr() openldap: avoid forward declarations in ldaps code openssl+ech: workaround for insecure handshakes openssl: adapt to OpenSSL master adding const to more APIs OpenSSL: check reuse of sessions for verify status openssl: disable local keylog feature if built-in upstream openssl: fix compiler warning with OpenSSL master openssl: fix potential NULL dereference when loading certs (Windows) openssl: fix potential OOB read in debug/verbose logging plan9: drop special build and orphaned references proxy-auth: additional tests pytest: remove 03_02 quiche: use PRIu64 for outputting the stream id rand: drop impossible preprocessor branches (wincrypt) rand: drop scan-build silencer ratelimit: download finetune request.h: rename parameter 'buf' to 'req' in Curl_req_send REUSE: drop broken reference to `MAIL-ETIQUETTE` rtsp: fix assertion failure on zero-length RTP payload rtspd: fix to check `realloc()` result runtests: pass config filename to stunnel in native format (Windows) schannel: refactor: reduce variable scopes, fix comment, fix indent send: drop `CURL_UNCONST()` from buffer argument on most platforms setopt: fix checking range for CURLOPT_MAXCONNECTS setopt: refuse blobs with zero length setup-os400.h: drop no longer used custom type `u_int32_t` sigpipe: unset SA_SIGINFO since it is using sa_handler silent.md: also mention it shuts off warning messages smb: free the path in the request struct properly smb: include arpa/inet.h for NonStop socket: check result of SO_NOSIGPIPE socketpair: clear 'err' when retrying due to EINTR socketpair: set SO_NOSIGPIPE where possible socks: ensure DNS is freed in failure cases. src: simplify declaring `curl_ca_embed` ssh: dedupe state change function stop using the word 'just' sws: prevent "connection monitor" to say disconnect twice synctime: fix use of uninitialized buffer on non-Windows system_win32: replace manual init code with `curlx_now_init()` call tests/server/sockfilt: avoid possible endless loop on Windows tests/server: drop unused `curlx/version_win32.c` tests/server: fix to clear the complete `srvr_sockaddr_union_t` variable tests/server: tidy-up error messages (Windows) tests: avoid assignment in `if` conditions in `first.h` tests: convert base64 data to %b64[] tftp: correct the filename length check timeout handling: auto-detect effective timeout tls: add new SSLSUPP flags for several options tls: remove checks for DEFAULT tool: enable header separation for HTTPS proxies tool: improve config error messaging tool: improve error/warning messages when output filename sanitization fails tool: rename curl handle and result variable in `--libcurl`-generated code tool: return code variable consistency tool_cb_hdr: suppress header output when --out-null tool_cb_prg: drop duplicate preprocessor logic tool_dirhie: drop superfluous `F_OK` fallback (Windows) tool_doswin: avoid memory-leak with CURL_FN_SANITIZE_* tool_doswin: avoid Windowsisms in socket code (cont.) tool_doswin: avoid Windowsisms in socket code tool_doswin: document `ENABLE_VIRTUAL_TERMINAL_PROCESSING` toolchain support tool_getparam: avoid `-Wcomma` with Apple clang in C89 mode tool_operate: remove 'else' for VMS tool_operate: reset the URL --url-query between --next typos: silence false positives found in C code unit3205: suppress two clang-tidy false positives URL-SYNTAX.md: fix port number mistakes for IMAP and LDAP url.c: code/comment cleanup around conn creation url.h: fix `-Wdocumentation` url: fix reuse of connections using HTTP Negotiate urlapi: use U_CURLU_URLDECODE when toggling it off unsigned urldata.h: remove two forward-declared structs not used urldata: byebye `conn->hostname_resolve` urldata: change 'keep_post' into three distinct bitfields urldata: convert 'long' fields to fixed variable types urldata: switch to uint* types usercertinmem: use the correct cert BIO verbose.md: explain the { and } prefixes vquic: fix unused variable warning reported by clang-tidy vquic: handle SOCKEMSGSIZE correctly vtls: dedupe common on-session-reuse logic vtls: use ALPN http/1.0 & http/1.1 for HTTP/1.0 requests VULN-DISCLOSURE-POLICY.md: push reports to the web form VULN-DISCLOSURE-POLICY.md: use hackerone winapi: use FormatMessageA instead of FormatMessageW windows: `USE_WINSOCK` to guard winsock2 code (where missing) windows: determine `RtlVerifyVersionInfo` address on global init windows: tidy up `wincrypt.h` / BoringSSL/AWS-LC coexist workaround wolfssl: fix build without USE_BIO_CHAIN ws/tftp: include header file even when protocol disabled x509asn1: make encodeOID stop on too long input Signed-off-by: Adolf Belka --- config/rootfiles/common/curl | 3 +++ lfs/curl | 4 ++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/config/rootfiles/common/curl b/config/rootfiles/common/curl index 9eb01f389..96daee9e6 100644 --- a/config/rootfiles/common/curl +++ b/config/rootfiles/common/curl @@ -82,6 +82,7 @@ usr/lib/libcurl.so.4.8.0 #usr/share/man/man3/CURLINFO_RTSP_SERVER_CSEQ.3 #usr/share/man/man3/CURLINFO_RTSP_SESSION_ID.3 #usr/share/man/man3/CURLINFO_SCHEME.3 +#usr/share/man/man3/CURLINFO_SIZE_DELIVERED.3 #usr/share/man/man3/CURLINFO_SIZE_DOWNLOAD.3 #usr/share/man/man3/CURLINFO_SIZE_DOWNLOAD_T.3 #usr/share/man/man3/CURLINFO_SIZE_UPLOAD.3 @@ -120,6 +121,8 @@ usr/lib/libcurl.so.4.8.0 #usr/share/man/man3/CURLMOPT_PIPELINING_SITE_BL.3 #usr/share/man/man3/CURLMOPT_PUSHDATA.3 #usr/share/man/man3/CURLMOPT_PUSHFUNCTION.3 +#usr/share/man/man3/CURLMOPT_QUICK_EXIT.3 +#usr/share/man/man3/CURLMOPT_RESOLVE_THREADS_MAX.3 #usr/share/man/man3/CURLMOPT_SOCKETDATA.3 #usr/share/man/man3/CURLMOPT_SOCKETFUNCTION.3 #usr/share/man/man3/CURLMOPT_TIMERDATA.3 diff --git a/lfs/curl b/lfs/curl index 3498e12fd..3e5b78ecc 100644 --- a/lfs/curl +++ b/lfs/curl @@ -24,7 +24,7 @@ include Config -VER = 8.19.0 +VER = 8.20.0 THISAPP = curl-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = d4a943af9a109893112876784dbe106276317e6cd5a2663f4de143c93abb4e266945fa65b4a5fa842f99240c961b027a1b2492e3e32f5247a91c394895e2b8b0 +$(DL_FILE)_BLAKE2 = 5b61a1099212af9b3c18629fd0b6c93881014e7b02ed5171021a2a074a87786ff8f8e94a47c53c3ca83354cfbe74f7d917cae819c97011c0ff9e4ace014e01c2 install : $(TARGET)