6143 lines
286 KiB
Plaintext
6143 lines
286 KiB
Plaintext
-------------------------------------------------------------------
|
||
Wed Mar 27 18:32:08 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
|
||
|
||
- Security fix: [bsc#1221666, CVE-2024-2379]
|
||
* curl: QUIC certificate check bypass with wolfSSL
|
||
* Add curl-CVE-2024-2379.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Mar 27 18:21:59 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
|
||
|
||
- Security fix: [bsc#1221668, CVE-2024-2466]
|
||
* curl: TLS certificate check bypass with mbedTLS
|
||
* Add curl-CVE-2024-2466.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Mar 22 13:55:01 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
|
||
|
||
- Security fix: [bsc#1221665, CVE-2024-2004]
|
||
* Usage of disabled protocol
|
||
* Add curl-CVE-2024-2004.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Mar 21 12:27:30 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
|
||
|
||
- Security fix: [bsc#1221667, CVE-2024-2398]
|
||
* curl: HTTP/2 push headers memory-leak
|
||
* Add curl-CVE-2024-2398.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jan 31 09:11:56 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
|
||
|
||
- Update to 8.6.0: [bsc#1219149, CVE-2024-0853]
|
||
* Security fixes:
|
||
- CVE-2024-0853: OCSP verification bypass with TLS session reuse
|
||
* Changes:
|
||
- add CURLE_TOO_LARGE, CURLINFO_QUEUE_TIME_T
|
||
* Bugfixes:
|
||
- altsvc: free 'as' when returning error
|
||
- asyn-ares: with modern c-ares, use its default timeout
|
||
- cf-socket: show errno in tcpkeepalive error messages
|
||
- cmdline-opts: update availability for the *-ca-native options
|
||
- configure: when enabling QUIC, check that TLS supports QUIC
|
||
- content_encoding: change return code to typedef'ed enum
|
||
- curl: show ipfs and ipns as supported "protocols"
|
||
- CURLINFO_REFERER.3: clarify that it is the *request* header
|
||
- dist: add tests/errorcodes.pl to the tarball
|
||
- gen.pl: support ## for doing .IP in table-like lists
|
||
- GHA: bump ngtcp2, gnutls, mod_h2, quiche
|
||
- hostip: return error immediately when Curl_ip2addr() fails
|
||
- http3/quiche: fix result code on a stream reset
|
||
- http3: initial support for OpenSSL 3.2 QUIC stack
|
||
- http: check for "Host:" case insensitively
|
||
- http: fix off-by-one error in request method length check
|
||
- http: only act on 101 responses when they are HTTP/1.1
|
||
- lib: add debug log outputs for CURLE_BAD_FUNCTION_ARGUMENT
|
||
- lib: error out on multissl + http3
|
||
- lib: fix variable undeclared error caused by `infof` changes
|
||
- lib: rename Curl_strndup to Curl_memdup0 to avoid misunderstanding
|
||
- lib: strndup/memdup instead of malloc, memcpy and null-terminate
|
||
- libssh2: use `libssh2_session_callback_set2()` with v1.11.1
|
||
- ngtcp2: put h3 at the front of alpn
|
||
- openldap: fix an LDAP crash
|
||
- openldap: fix STARTTLS
|
||
- openssl: re-match LibreSSL deinit with init
|
||
- rtsp: deal with borked server responses
|
||
- sasl: make login option string override http auth
|
||
- tool: prepend output_dir in header callback
|
||
- tool_getparam: stop supporting `@filename` style for --cookie
|
||
- transfer: fix upload rate limiting, add test cases
|
||
- url: don't set default CA paths for Secure Transport backend
|
||
- url: for disabled protocols, mention if found in redirect
|
||
- vquic: extract TLS setup into own source
|
||
- websockets: check for negative payload lengths
|
||
* Remove patches fixed upstream:
|
||
- curl-adjust-pollset-fix.patch
|
||
- curl-tests-errorcodes.patch
|
||
* Rebase dont-mess-with-rpmoptflags.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jan 5 17:54:08 UTC 2024 - Michael Pujos <pujos.michael@gmail.com>
|
||
|
||
- Added curl-adjust-pollset-fix.patch to fix broken MPD http streaming:
|
||
https://github.com/curl/curl/issues/12632
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Dec 6 09:51:20 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
|
||
|
||
- Update to 8.5.0:
|
||
* Security fixes:
|
||
- [bsc#1217573, CVE-2023-46218] cookie mixed case PSL bypass
|
||
- [bsc#1217574, CVE-2023-46219] HSTS long file name clears contents
|
||
* Changes:
|
||
- gnutls: support CURLSSLOPT_NATIVE_CA
|
||
- HTTP3: ngtcp2 builds are no longer experimental
|
||
* Bugfixes:
|
||
- asyn-thread: use pipe instead of socketpair for IPC when available
|
||
- cmake: fix OpenSSL quic detection in quiche builds
|
||
- conncache: use the closure handle when disconnecting surplus connections
|
||
- content_encoding: make Curl_all_content_encodings allocless
|
||
- cookie: lowercase the domain names before PSL checks
|
||
- Curl_http_body: cleanup properly when Curl_getformdata errors
|
||
- CURLMOPT_MAX_CONCURRENT_STREAMS: make sure the set value is within range
|
||
- doh: provide better return code for responses w/o addresses
|
||
- doh: use PIPEWAIT when HTTP/2 is attempted
|
||
- duphandle: also free 'outcurl->cookies' in error path
|
||
- duphandle: make dupset() not return with pointers to old alloced data
|
||
- duphandle: use strdup to clone *COPYPOSTFIELDS if size is not set
|
||
- easy: in duphandle, init the cookies for the new handle
|
||
- easy_lock: add a pthread_mutex_t fallback
|
||
- fopen: create new file using old file's mode
|
||
- fopen: create short(er) temporary file name
|
||
- getenv: PlayStation doesn't have getenv()
|
||
- hostip: show the list of IPs when resolving is done
|
||
- hsts: skip single-dot hostname
|
||
- HTTP/2, HTTP/3: handle detach of onoing transfers
|
||
- http: allow longer HTTP/2 request method names
|
||
- hyper: temporarily remove HTTP/2 support
|
||
- IPFS: fix IPFS_PATH and file parsing
|
||
- multi: during ratelimit multi_getsock should return no sockets
|
||
- multi: use pipe instead of socketpair to *wakeup()
|
||
- ngtcp2: fix races in stream handling
|
||
- ntlm_wb: use pipe instead of socketpair when possible
|
||
- openssl: avoid BN_num_bits() NULL pointer derefs
|
||
- openssl: fix building with v3 `no-deprecated` + add CI test
|
||
- openssl: fix infof() to avoid compiler warning for %s with null
|
||
- openssl: identify the "quictls" backend correctly
|
||
- openssl: include SIG and KEM algorithms in verbose
|
||
- openssl: two multi pointer checks should probably rather be asserts
|
||
- openssl: when a session-ID is reused, skip OCSP stapling
|
||
- quic: make eyeballers connect retries stop at weird replies
|
||
- quic: manage connection idle timeouts
|
||
- setopt: check CURLOPT_TFTP_BLKSIZE range on set
|
||
- socks: better buffer size checks for socks4a user and hostname
|
||
- socks: make SOCKS5 use the CURLOPT_IPRESOLVE choice
|
||
- tool: fix --capath when proxy support is disabled
|
||
- tool_getparam: limit --rate to be smaller than number of ms
|
||
- transfer: abort pause send when connection is marked for closing
|
||
- transfer: avoid calling the read callback again after EOF
|
||
- transfer: only reset the FTP wildcard engine in CLEAR state
|
||
- url: don't touch the multi handle when closing internal handles
|
||
- urlapi: avoid null deref if setting blank host to url encode
|
||
- urlapi: skip appending NULL pointer query
|
||
- urlapi: when URL encoding the fragment, pass in the right length
|
||
- vtls: cleanup SSL config management
|
||
- vtls: consistently use typedef names for OpenSSL structs
|
||
- vtls: late clone of connection ssl config
|
||
- vtls: use ALPN "http/1.1" for HTTP/1.x, including HTTP/1.0
|
||
* Rebase curl-secure-getenv.patch
|
||
* Add curl-tests-errorcodes.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Oct 11 06:33:28 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
|
||
|
||
- Update to 8.4.0:
|
||
* Security fixes:
|
||
- SOCKS5 heap buffer overflow [bsc#1215888, CVE-2023-38545]
|
||
- cookie injection with none file [bsc#1215889, CVE-2023-38546]
|
||
* Changes:
|
||
- curl: add support for the IPFS protocols via HTTP gateway
|
||
- curl_multi_get_handles: get easy handles from a multi handle
|
||
- mingw: delete support for legacy mingw.org toolchain
|
||
* Bugfixes:
|
||
- base64: also build for curl
|
||
- cf-socket: simulate slow/blocked receives in debug
|
||
- configure: check for the capath by default
|
||
- connect: expire the timeout when trying next
|
||
- connect: only start the happy eyeballs timer when needed
|
||
- cookie: do not store the expire or max-age strings
|
||
- cookie: remove unnecessary struct fields
|
||
- cookie: set ->running in cookie_init even if data is NULL
|
||
- create-dirs.d: clarify it also uses --output-dirs
|
||
- http2: refused stream handling for retry
|
||
- http: h1/h2 proxy unification
|
||
- http: use per-request counter to check too large headers
|
||
- idn: if idn2_check_version returns NULL, return error
|
||
- lib: enable hmac for digest as well
|
||
- lib: let the max filesize option stop too big transfers too
|
||
- lib: move handling of 'data->req.writer_stack' into Curl_client_write()
|
||
- lib: provide and use Curl_hexencode
|
||
- lib: use wrapper for curl_mime_data fseek callback
|
||
- libssh2: fix error message on failed pubkey-from-file
|
||
- libssh: cap SFTP packet size sent
|
||
- MQTT: improve receive of ACKs
|
||
- multi: do CURLM_CALL_MULTI_PERFORM at two more places
|
||
- multi: round the timeout up to prevent early wakeups
|
||
- openssl: improve ssl shutdown handling
|
||
- openssl: use X509_ALGOR_get0 instead of reaching into X509_ALGOR
|
||
- pytest: exclude test_03_goaway in CI runs due to timing dependency
|
||
- quic: set ciphers/curves the same way regular TLS does
|
||
- quiche: fix build error with --with-ca-fallback
|
||
- socks: return error if hostname too long for remote resolve
|
||
- tftpd: always use curl's own tftp.h
|
||
- tool_getparam: accept variable expansion on file names too
|
||
- upload-file.d: describe the file name slash/backslash handling
|
||
- url: fall back to http/https proxy env-variable if ws/wss not set
|
||
- url: fix netrc info message
|
||
- wolfssh: do cleanup in Curl_ssh_cleanup
|
||
- wolfssl: allow capath with CURLOPT_CAINFO_BLOB
|
||
- wolfssl: if CURLOPT_CAINFO_BLOB is set, ignore the CA files
|
||
- wolfssl: ignore errors in CA path
|
||
* Rebase libcurl-ocloexec.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Sep 13 06:45:33 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
|
||
|
||
- Update to 8.3.0: [bsc#1215026, CVE-2023-38039]
|
||
* Changes:
|
||
- curl: make %output{} in -w specify a file to write to
|
||
- gskit: remove
|
||
- lib: --disable-bindlocal builds curl without local binding support
|
||
- nss: remove support for this TLS library
|
||
- tool: add "variable" support
|
||
- trace: make tracing available in non-debug builds
|
||
- url: change default value for CURLOPT_MAXREDIRS to 30
|
||
- urlapi: CURLU_PUNY2IDN - convert from punycode to IDN name
|
||
* Bugfixes:
|
||
- altsvc: accept and parse IPv6 addresses in response headers
|
||
- asyn-ares: reduce timeout to 2000ms
|
||
- aws-sigv4: canonicalize the query
|
||
- aws-sigv4: fix having date header twice in some cases
|
||
- aws-sigv4: handle no-value user header entries
|
||
- c-hyper: adjust the hyper to curlcode conversion
|
||
- c-hyper: fix memory leaks in `Curl_http`
|
||
- cf-haproxy: make CURLOPT_HAPROXY_CLIENT_IP set the *source* IP
|
||
- cf-socket: log successful interface bind
|
||
- cmake: add GnuTLS option
|
||
- cmake: add support for `CURL_DEFAULT_SSL_BACKEND`
|
||
- cmake: detect `SSL_set0_wbio` in OpenSSL
|
||
- configure: trust pkg-config when it's used for zlib
|
||
- configure: use the pkg-config --libs-only-l flag for libssh2
|
||
- connect: stop halving the remaining timeout when less than 600 ms left
|
||
- crypto: ensure crypto initialization works
|
||
- digest: Use hostname to generate spn instead of realm
|
||
- ftp: fix temp write of ipv6 address
|
||
- headers: accept leading whitespaces on first response header
|
||
- http2: fix in h2 proxy tunnel: progress in ingress on sending
|
||
- http3/ngtcp2: shorten handshake, trace cleanup
|
||
- http3: quiche, handshake optimization, trace cleanup
|
||
- http: close the connection after a late 417 is received
|
||
- http: fix sending of large requests
|
||
- http: return error when receiving too large header set
|
||
- lib: fix null ptr derefs and uninitialized vars (h2/h3)
|
||
- lib: move mimepost data from ->req.p.http to ->state
|
||
- list-only.d: mention SFTP as supported protocol
|
||
- ngtcp2: fix handling of large requests
|
||
- openssl: auto-detect `SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED`
|
||
- openssl: clear error queue after SSL_shutdown
|
||
- openssl: make aws-lc version support OCSP
|
||
- openssl: Support async cert verify callback
|
||
- openssl: switch to modern init for LibreSSL 2.7.0+
|
||
- openssl: when CURLOPT_SSL_CTX_FUNCTION is registered, init x509 store before
|
||
- quic: don't set SNI if hostname is an IP address
|
||
- quiche: adjust quiche `QUIC_IDLE_TIMEOUT` to 60s
|
||
- quiche: enable quiche to handle timeout events
|
||
- resolve: use PF_INET6 family lookups when CURL_IPRESOLVE_V6 is set
|
||
- schannel: verify hostname independent of verify cert
|
||
- tool_filetime: make -z work with file dates before 1970
|
||
- tool_operate: allow both SSL_CERT_FILE and SSL_CERT_DIR
|
||
- tool_operate: make aws-sigv4 not require TLS to be used
|
||
- transfer: also stop the sending on closed connection
|
||
- urlapi: fix heap buffer overflow
|
||
- urlapi: setting a blank URL ("") is not an ok URL
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jul 28 08:54:52 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
|
||
|
||
- Update to 8.2.1:
|
||
* Bugfixes:
|
||
- cfilters: rename close/connect functions to avoid clashes
|
||
- ciphers.d: put URL in first column
|
||
- cmake: add 'libcurlu'/'libcurltool' for unit tests
|
||
- cmake: update ngtcp2 detection
|
||
- configure: check for nghttp2_session_get_stream_local_window_size
|
||
- docs: mark two TLS options for TLS, not SSL
|
||
- docs: provide more see also for cipher options
|
||
- hostip: return IPv6 first for localhost resolves
|
||
- http2: fix regression on upload EOF handling
|
||
- http: VLH, very large header test and fixes
|
||
- libcurl-errors.3: add CURLUE_OK
|
||
- os400: correct EXPECTED_STRING_LASTZEROTERMINATED
|
||
- quiche: fix lookup of transfer at multi
|
||
- quiche: fix segfault and other things
|
||
- rustls: update rustls-ffi 0.10.0
|
||
- socks: print ipv6 address within brackets
|
||
- src/mkhelp: strip off escape sequences
|
||
- tool: fix tool_seek_cb build when SIZEOF_CURL_OFF_T > SIZEOF_OFF_T
|
||
- transfer: do not clear the credentials on redirect to absolute URL
|
||
- unittest: remove unneeded *_LDADD
|
||
- websocket: rename arguments/variables to match docs
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jul 19 06:22:14 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
|
||
|
||
- Update to 8.2.0 [bsc#1213237, CVE-2023-32001]
|
||
* Security fix:
|
||
- CVE-2023-32001: fopen race condition
|
||
* Changes:
|
||
- curl: add --ca-native and --proxy-ca-native
|
||
- curl: add --trace-ids
|
||
- CURLOPT_MAIL_RCPT_ALLOWFAILS: replace CURLOPT_MAIL_RCPT_ALLLOWFAILS
|
||
- haproxy: add --haproxy-clientip flag to set client IPs
|
||
- lib: add CURLINFO_CONN_ID and CURLINFO_XFER_ID
|
||
* Bugfixes:
|
||
- cf-socket: don't bypass fclosesocket callback if cancelled before connect
|
||
- cf-socket: skip getpeername()/getsockname for TFTP
|
||
- curl: count uploaded data to stop at the originally given size
|
||
- curl: return error when asked to use an unsupported HTTP version
|
||
- http2: fix crash in handling stream weights
|
||
- http2: send HEADER & DATA together if possible
|
||
- http3/ngtcp2: upload EAGAIN handling
|
||
- http: rectify the outgoing Cookie: header field size check
|
||
- hyper: fix EOF handling on input
|
||
- imap: Provide method to disable SASL if it is advertised
|
||
- libssh2: provide error message when setting host key type fails
|
||
- libssh2: use custom memory functions
|
||
- ngtcp2: assigning timeout, but value is overwritten before used
|
||
- quiche: avoid NULL deref in debug logging
|
||
- sectransp: fix EOF handling
|
||
- system.h: remove __IBMC__/__IBMCPP__ guards and apply to all z/OS compiles
|
||
- timeval: use CLOCK_MONOTONIC_RAW if available
|
||
- tls13-ciphers.d: include Schannel
|
||
- tool_easysrc.h: correct `easysrc_perform` for `CURL_DISABLE_LIBCURL_OPTION`
|
||
- tool_operate: allow cookie lines up to 8200 bytes
|
||
- tool_parsecfg: accept line lengths up to 10M
|
||
- tool_writeout_json: fix encoding of control characters
|
||
- transfer: clear credentials when redirecting to absolute URL
|
||
- urlapi: have *set(PATH) prepend a slash if one is missing
|
||
- urlapi: scheme must start with alpha
|
||
- vtls: avoid memory leak if sha256 call fails
|
||
- websocket-cb: example doing WebSocket download using callback
|
||
- ws: make the curl_ws_meta() return pointer a const
|
||
|
||
-------------------------------------------------------------------
|
||
Tue May 30 09:08:35 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
|
||
|
||
- Update to 8.1.2:
|
||
* Bugfixes:
|
||
- configure: quote the assignments for run-compiler
|
||
- configure: without pkg-config and no custom path, use -lnghttp2
|
||
- curl: cache the --trace-time value for a second
|
||
- http2: fix EOF handling on uploads with auth negotiation
|
||
- http3: send EOF indicator early as possible
|
||
- lib1560: verify more scheme guessing
|
||
- lib: remove unused functions, make single-use static
|
||
- libcurl.m4: remove trailing 'dnl' that causes this to break autoconf
|
||
- libssh: when keyboard-interactive auth fails, try password
|
||
- misc: fix spelling mistakes
|
||
- page-header: mention curl version and how to figure out current release
|
||
- page-header: minor wording polish in the URL segment
|
||
- scripts/singleuse.pl: add more API calls
|
||
- urlapi: remove superfluous host name check
|
||
|
||
-------------------------------------------------------------------
|
||
Tue May 23 10:14:39 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
|
||
|
||
- Update to 8.1.1:
|
||
* Bugfixes:
|
||
- cf-socket: completely remove the disabled
|
||
USE_RECV_BEFORE_SEND_WORKAROUND
|
||
- checksrc: disallow spaces before labels
|
||
- curl_easy_getinfo: clarify on return data types
|
||
- docs: document that curl_url_cleanup(NULL) is a safe no-op
|
||
- hostip: move easy_lock.h include above curl_memory.h
|
||
- http2: double http request parser max line length
|
||
- http2: increase stream window size to 10 MB
|
||
- lib: rename struct 'http_req' to 'httpreq'
|
||
- ngtcp2: proper handling of uint64_t when adjusting send buffer
|
||
- sectransp.c: make the code c89 compatible
|
||
- select: avoid returning an error on EINTR from select() or poll()
|
||
- url: provide better error message when URLs fail to parse
|
||
- urlapi: allow numerical parts in the host name
|
||
|
||
-------------------------------------------------------------------
|
||
Wed May 17 08:13:32 UTC 2023 - David Anes <david.anes@suse.com>
|
||
|
||
- Update to 8.1.0:
|
||
* Security fixes:
|
||
- UAF in SSH sha256 fingerprint [bsc#1211230, CVE-2023-28319]
|
||
- siglongjmp race condition [bsc#1211231, CVE-2023-28320]
|
||
- IDN wildcard match [bsc#1211232, CVE-2023-28321]
|
||
- POST-after-PUT confusion [bsc#1211233, CVE-2023-28322]
|
||
- See also: https://curl.se/docs/security.html
|
||
* Changes:
|
||
- curl: add --proxy-http2
|
||
- CURLPROXY_HTTPS2: for HTTPS proxy that may speak HTTP/2
|
||
- hostip: refuse to resolve the .onion TLD
|
||
- tool_writeout: add URL component variables
|
||
* Bugfixes:
|
||
- See full changelog here: https://curl.se/changes.html#8_1_0
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Mar 21 08:44:52 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
|
||
|
||
- Update to 8.0.1:
|
||
* Bugfixes:
|
||
- fix crash in curl_easy_cleanup
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Mar 20 07:19:32 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
|
||
|
||
- Update to 8.0.0:
|
||
* Security fixes:
|
||
- TELNET option IAC injection [bsc#1209209, CVE-2023-27533]
|
||
- SFTP path ~ resolving discrepancy [bsc#1209210, CVE-2023-27534]
|
||
- FTP too eager connection reuse [bsc#1209211, CVE-2023-27535]
|
||
- GSS delegation too eager connection re-use [bsc#1209212, CVE-2023-27536]
|
||
- HSTS double-free [bsc#1209213, CVE-2023-27537]
|
||
- SSH connection too eager reuse still [bsc#1209214, CVE-2023-27538]
|
||
* Changes:
|
||
- build: remove support for curl_off_t < 8 bytes
|
||
* Bugfixes:
|
||
- aws_sigv4: fall back to UNSIGNED-PAYLOAD for sign_as_s3
|
||
- BINDINGS: add Fortran binding
|
||
- cf-socket: use port 80 when resolving name for local bind
|
||
- cookie: don't load cookies again when flushing
|
||
- curl_path: create the new path with dynbuf
|
||
- CURLSHOPT_SHARE.3: HSTS sharing is not thread-safe
|
||
- DYNBUF.md: note Curl_dyn_add* calls Curl_dyn_free on failure
|
||
- ftp: active mode with SSL, add the filter
|
||
- hostip: avoid sscanf and extra buffer copies
|
||
- http2: fix for http2-prior-knowledge when reusing connections
|
||
- http2: fix handling of RST and GOAWAY to recognize partial transfers
|
||
- http: don't send 100-continue for short PUT requests
|
||
- http: fix unix domain socket use in https connects
|
||
- libssh: use dynbuf instead of realloc
|
||
- ngtcp2-gnutls.yml: bump to gnutls 3.8.0
|
||
- sectransp: make read_cert() use a dynbuf when loading
|
||
- telnet: only accept option arguments in ascii
|
||
- telnet: parse telnet options without sscanf
|
||
- url: fix the SSH connection reuse check
|
||
- url: only reuse connections with same GSS delegation
|
||
- urlapi: '%' is illegal in host names
|
||
- ws: keep the socket non-blocking
|
||
* Rebase libcurl-ocloexec.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Feb 20 10:35:11 UTC 2023 - Guillaume GARDET <guillaume.gardet@opensuse.org>
|
||
|
||
- Update to 7.88.1:
|
||
* Bugfix release
|
||
- Drop upstreamed patch:
|
||
* curl-fix-uninitialized-value-in-tests.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Feb 15 08:39:24 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
|
||
|
||
- Update to 7.88.0: [bsc#1207990, CVE-2023-23914]
|
||
[bsc#1207991, CVE-2023-23915] [bsc#1207992, CVE-2023-23916]
|
||
* Security fixes:
|
||
- CVE-2023-23914: HSTS ignored on multiple requests
|
||
- CVE-2023-23915: HSTS amnesia with --parallel
|
||
- CVE-2023-23916: HTTP multi-header compression denial of service
|
||
* Changes:
|
||
- curl.h: add CURL_HTTP_VERSION_3ONLY
|
||
- share: add sharing of HSTS cache among handles
|
||
- src: add --http3-only
|
||
- tool_operate: share HSTS between handles
|
||
- urlapi: add CURLU_PUNYCODE
|
||
- writeout: add %{certs} and %{num_certs}
|
||
* Bugfixes:
|
||
- cf-socket: keep sockaddr local in the socket filters
|
||
- cfilters:Curl_conn_get_select_socks: use the first non-connected filter
|
||
- curl.h: allow up to 10M buffer size
|
||
- curl.h: mark CURLSSLBACKEND_MESALINK as deprecated
|
||
- curl/websockets.h: extend the websocket frame struct
|
||
- curl: output warning at --verbose output for debug-enabled version
|
||
- curl_free.3: fix return type of `curl_free`
|
||
- curl_log: for failf/infof and debug logging implementations
|
||
- dict: URL decode the entire path always
|
||
- docs/DEPRECATE.md: deprecate gskit
|
||
- easyoptions: fix header printing in generation script
|
||
- haxproxy: send before TLS handhshake
|
||
- hsts.d: explain hsts more
|
||
- hsts: handle adding the same host name again
|
||
- HTTP/[23]: continue upload when state.drain is set
|
||
- http: decode transfer encoding first
|
||
- http_aws_sigv4: remove typecasts from HMAC_SHA256 macro
|
||
- http_proxy: do not assign data->req.p.http use local copy
|
||
- lib: connect/h2/h3 refactor
|
||
- libssh2: try sha2 algos for hostkey methods
|
||
- md4: fix build with GnuTLS + OpenSSL v1
|
||
- ngtcp2: replace removed define and stop using removed function
|
||
- noproxy: support for space-separated names is deprecated
|
||
- nss: implement data_pending method
|
||
- openldap: fix missing sasl symbols at build in specific configs
|
||
- openssl: adapt to boringssl's error code type
|
||
- openssl: don't ignore CA paths when using Windows CA store (redux)
|
||
- openssl: don't log raw record headers
|
||
- openssl: make the BIO_METHOD a local variable in the connection filter
|
||
- openssl: only use CA_BLOB if verifying peer
|
||
- openssl: remove attached easy handles from SSL instances
|
||
- openssl: store the CA after first send (ClientHello)
|
||
- setopt: use >, not >=, when checking if uarg is larger than uint-max
|
||
- smb: return error on upload without size
|
||
- socketpair: allow localhost MITM sniffers
|
||
- strdup: name it Curl_strdup
|
||
- tool_getparam: fix hiding of command line secrets
|
||
- tool_operate: fix error codes on bad URL & OOM
|
||
- tool_operate: repair --rate
|
||
- transfer: break the read loop when RECV is cleared
|
||
- typecheck: accept expressions for option/info parameters
|
||
- urlapi: avoid Curl_dyn_addf() for hex outputs
|
||
- urlapi: skip path checks if path is just "/"
|
||
- urlapi: skip the extra dedotdot alloc if no dot in path
|
||
- urldata: cease storing TLS auth type
|
||
- urldata: make 'ftp_create_missing_dirs' depend on FTP || SFTP
|
||
- urldata: make set.http200aliases conditional on HTTP being present
|
||
- urldata: move the cookefilelist to the 'set' struct
|
||
- urldata: remove unused struct fields, made more conditional
|
||
- vquic: stabilization and improvements
|
||
- vtls: fix hostname handling in filters
|
||
- vtls: manage current easy handle in nested cfilter calls
|
||
- vtls: use ALPN HTTP/1.0 when HTTP/1.0 is used
|
||
* Rebase libcurl-ocloexec.patch
|
||
* Fix regression tests: f1d09231adfc695d15995b9ef2c8c6e568c28091
|
||
- runtests: fix "uninitialized value $port"
|
||
- Add curl-fix-uninitialized-value-in-tests.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Dec 21 08:19:23 UTC 2022 - David Anes <david.anes@suse.com>
|
||
|
||
- Update to 7.87.0:
|
||
* Security fixes:
|
||
- CVE-2022-43551, bsc#1206308: another HSTS bypass via IDN
|
||
- CVE-2022-43552, bsc#1206309: HTTP Proxy deny use-after-free
|
||
* Changes
|
||
- curl: add --url-query
|
||
- CURLOPT_QUICK_EXIT: don't wait for DNS thread on exit
|
||
- lib: add CURL_WRITEFUNC_ERROR to signal write callback error
|
||
- openssl: reduce CA certificate bundle reparsing by caching
|
||
- version: add a feature names array to curl_version_info_data
|
||
* Bugfixes
|
||
- altsvc: fix rejection of negative port numbers
|
||
- aws_sigv4: consult x-%s-content-sha256 for payload hash
|
||
- aws_sigv4: fix typos in aws_sigv4.c
|
||
- base64: better alloc size
|
||
- base64: encode without using snprintf
|
||
- base64: faster base64 decoding
|
||
- build: assume assert.h is always available
|
||
- build: assume errno.h is always available
|
||
- c-hyper: CONNECT respones are not server responses
|
||
- c-hyper: fix multi-request mechanism
|
||
- CI: Change FreeBSD image from 12.3 to 12.4
|
||
- CI: LGTM.com will be shut down in December 2022
|
||
- ci: Remove zuul fuzzing job as it's superseded by CIFuzz
|
||
- cmake: check for cross-compile, not for toolchain
|
||
- CMake: fix build with `CURL_USE_GSSAPI`
|
||
- cmake: really enable warnings with clang
|
||
- cmake: set the soname on the shared library
|
||
- cmdline-opts/gen.pl: fix the linkifier
|
||
- cmdline-opts/page-footer: remove long option nroff formatting
|
||
- config-mac: define HAVE_SYS_IOCTL_H
|
||
- config-mac: fix typo: size_T -> size_t
|
||
- config-mac: remove HAVE_SYS_SELECT_H
|
||
- config-win32: fix SIZEOF_OFF_T for MSVC and old MinGW
|
||
- configure: require fork for NTLM-WB
|
||
- contributors.sh: actually use $CURLWWW instead of just setting it
|
||
- cookie: compare cookie prefixes case insensitively
|
||
- cookie: expire cookies at once when max-age is negative
|
||
- cookie: open cookie jar as a binary file
|
||
- curl-openssl.m4: do not add $prefix/include/openssl to CPPFLAGS
|
||
- curl-rustls.m4: on macOS, rustls also needs the Security framework
|
||
- curl.h: include <sys/select.h> on SerenityOS
|
||
- curl.h: name all public function parameters
|
||
- curl.h: reword comment to not use deprecated option
|
||
- curl: override the numeric locale and set "C" by force
|
||
- curl: timeout in the read callback
|
||
- curl_endian: remove Curl_write64_le from header
|
||
- curl_get_line: allow last line without newline char
|
||
- curl_path: do not add '/' if homedir ends with one
|
||
- curl_url_get.3: remove spurious backtick
|
||
- curl_url_set.3: document CURLU_DISALLOW_USER
|
||
- curl_url_set.3: fix typo
|
||
- CURLMOPT_SOCKETFUNCTION.3: clarify CURL_POLL_REMOVE
|
||
- CURLOPT_COOKIEFILE.3: advice => advise
|
||
- CURLOPT_DEBUGFUNCTION.3: do not assume nul-termination in example
|
||
- CURLOPT_DEBUGFUNCTION.3: emphasize that incoming data is "raw"
|
||
- CURLOPT_POST.3: Explain setting to 0 changes request type
|
||
- docs/curl_ws_send: Fixed typo in websocket docs
|
||
- docs/EARLY-RELEASE.md: how to determine an early release
|
||
- docs/examples: spell correction ('Retrieve')
|
||
- docs/INSTALL.md: expand on static builds
|
||
- docs/WEBSOCKET.md: explain the URL use
|
||
- docs: add missing parameters for --retry flag
|
||
- docs: add more "SEE ALSO" links to CA related pages
|
||
- docs: explain the noproxy CIDR notation support
|
||
- docs: extend the dump-header documentation
|
||
- docs: remove performance note in CURLOPT_SSL_VERIFYPEER
|
||
- examples/10-at-a-time: fix possible skipped final transfers
|
||
- examples: update descriptions
|
||
- ftp: support growing files with CURLOPT_IGNORE_CONTENT_LENGTH
|
||
- gen.pl: do not generate CURLHELP bitmask lines > 79 characters
|
||
- GHA: clarify workflows permissions, set least possible privilege
|
||
- GHA: NSS use clang instead of clang-9
|
||
- gnutls: use common gnutls init and verify code for ngtcp2
|
||
- headers: add endif comments
|
||
- HTTP-COOKIES.md: mention that http://localhost is a secure context
|
||
- HTTP-COOKIES.md: update the 6265bis link to draft-11
|
||
- http: do not send PROXY more than once
|
||
- http: fix the ::1 comparison for IPv6 localhost for cookies
|
||
- http: set 'this_is_a_follow' in the Location: logic
|
||
- http: use the IDN decoded name in HSTS checks
|
||
- hyper: classify headers as CONNECT and 1XX
|
||
- hyper: fix handling of hyper_task's when reusing the same address
|
||
- idn: remove Curl_win32_ascii_to_idn
|
||
- INSTALL: update operating systems and CPU archs
|
||
- KNOWN_BUGS: remove eight entries
|
||
- lib1560: add some basic IDN host name tests
|
||
- lib: connection filters (cfilter) addition to curl:
|
||
- lib: feature deprecation warnings in gcc >= 4.3
|
||
- lib: fix some type mismatches and remove unneeded typecasts
|
||
- lib: parse numbers with fixed known base 10
|
||
- lib: remove bad set.opt_no_body assignments
|
||
- lib: rewind BEFORE request instead of AFTER previous
|
||
- lib: sync guard for Curl_getaddrinfo_ex() definition and use
|
||
- lib: use size_t or int etc instead of longs
|
||
- libcurl-errors.3: remove duplicate word
|
||
- libssh2: return error when ssh_hostkeyfunc returns error
|
||
- limit-rate.d: see also --rate
|
||
- log2changes.pl: wrap long lines at 80 columns
|
||
- Makefile.mk: address minor issues
|
||
- Makefile.mk: improve a GNU Make hack
|
||
- Makefile.mk: portable Makefile.m32
|
||
- maketgz: set the right version in lib/libcurl.plist
|
||
- mime: relax easy/mime structures binding
|
||
- misc: Fix incorrect spelling
|
||
- misc: remove duplicated include files
|
||
- misc: typo and grammar fixes
|
||
- negtelnetserver.py: have it call its close() method
|
||
- netrc.d: provide mutext info
|
||
- netware: remove leftover traces
|
||
- noproxy: also match with adjacent comma
|
||
- noproxy: guard against empty hostnames in noproxy check
|
||
- noproxy: tailmatch like in 7.85.0 and earlier
|
||
- nroff-scan.pl: detect double highlights
|
||
- ntlm: improve comment for encrypt_des
|
||
- ntlm: silence ubsan warning about copying from null target_info pointer
|
||
- openssl/mbedtls: use %d for outputing port with failf (int)
|
||
- openssl: prefix errors with '[lib]/[version]: '
|
||
- os400: use platform socklen_t in Curl_getnameinfo_a
|
||
- page-header: grammar improvement (display transfer rate)
|
||
- proxy: refactor haproxy protocol handling as connection filter
|
||
- README.md: remove badges and xmas-tree garnish
|
||
- rtsp: fix RTSP auth
|
||
- runtests: --no-debuginfod now disables DEBUGINFOD_URLS
|
||
- runtests: do CRLF replacements per section only
|
||
- scripts/checksrc.pl: detect duplicated include files
|
||
- sendf: change Curl_read_plain to wrap Curl_recv_plain
|
||
- sendf: remove unnecessary if condition
|
||
- setup: do not require __MRC__ defined for Mac OS 9 builds
|
||
- smb/telnet: do not free the protocol struct in *_done()
|
||
- socks: fix username max size is 255 (0xFF)
|
||
- spellcheck.words: remove 'github' as an accepted word
|
||
- ssl-reqd.d: clarify that this is for upgrading connections only
|
||
- strcase: use curl_str(n)equal for case insensitive matches
|
||
- styled-output.d: this option does not work on Windows
|
||
- system.h: fix socklen_t, curl_off_t, long long for Classic Mac OS
|
||
- system.h: support 64-bit curl_off_t for NonStop 32-bit
|
||
- test1421: fix typo
|
||
- test3026: reduce runtime in legacy mingw builds
|
||
- tests/sshserver.pl: re-enable ssh-rsa while using openssh 8.8+
|
||
- tests: add authorityInfoAccess to generated certs
|
||
- tests: add HTTP/3 test case, custom location for proper nghttpx
|
||
- tls: backends use connection filters for IO, enabling HTTPS-proxy
|
||
- tool: determine the correct fopen option for -D
|
||
- tool_cfgable: free the ssl_ec_curves on exit
|
||
- tool_cfgable: make socks5_gssapi_nec a boolean
|
||
- tool_formparse: avoid clobbering on function params
|
||
- tool_getparam: make --no-get work as the opposite of --get
|
||
- tool_operate: provide better errmsg for -G with bad URL
|
||
- tool_operate: when aborting, make sure there is a non-NULL error buffer
|
||
- tool_paramhlp: free the proto strings on exit
|
||
- url: move back the IDN conversion of proxy names
|
||
- urlapi: reject more bad letters from the host name: &+()
|
||
- urldata: change port num storage to int and unsigned short
|
||
- vms: remove SIZEOF_SHORT
|
||
- vtls: fix build without proxy support
|
||
- vtls: localization of state data in filters
|
||
- WEBSOCKET.md: fix broken link
|
||
- Websocket: fixes for partial frames and buffer updates
|
||
- websockets: fix handling of partial frames
|
||
- windows: fail early with a missing windres in autotools
|
||
- windows: fix linking .rc to shared curl with autotools
|
||
- winidn: drop WANT_IDN_PROTOTYPES
|
||
- ws: if no connection is around, return error
|
||
- ws: return CURLE_NOT_BUILT_IN when websockets not built in
|
||
- x509asn1: avoid freeing unallocated pointers
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Nov 16 03:09:27 UTC 2022 - Luciano Santos <luc14n0@opensuse.org>
|
||
|
||
- Add 1.50.0 as the minimum libnghttp2 build requirement version as
|
||
a bandaid. Curl's 7.86.0 release introduces the use of
|
||
nghttp2_option_set_no_rfc9113_leading_and_trailing_ws_validation,
|
||
introduced by nghttp2 1.50.0 release, without introducing a check
|
||
for the function/right version in their build scripts. This will
|
||
make Zypper/cURL unusable in some corner cases where users
|
||
installing something that requires libcurl4 before doing full
|
||
system upgrade, thus updating the cURL stack, but not
|
||
libnghttp2's. Background: boo#1204983, Factory mailing list
|
||
threadd:
|
||
"? broken dependency in curl and/or *zyp* ?", and forums thread:
|
||
Curl-is-broken-after-an-update-which-subsequently-breaks-zypper.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Oct 26 07:51:51 UTC 2022 - Pedro Monreal <pmonreal@suse.com>
|
||
|
||
- Update to 7.86.0:
|
||
* Security fixes:
|
||
- POST following PUT confusion [bsc#1204383, CVE-2022-32221]
|
||
- .netrc parser out-of-bounds access [bsc#1204384, CVE-2022-35260]
|
||
- HTTP proxy double-free [bsc#1204385, CVE-2022-42915]
|
||
- HSTS bypass via IDN [bsc#1204386, CVE-2022-42916]
|
||
* Changes:
|
||
- NPN: remove support for and use of
|
||
- Websockets: initial support
|
||
* Bugfixes:
|
||
- altsvc: reject bad port numbers
|
||
- autotools: reduce brute-force when detecting recv/send arg list
|
||
- aws_sigv4: fix header computation
|
||
- cli tool: do not use disabled protocols
|
||
- connect: change verbose IPv6 address:port to [address]:port
|
||
- connect: fix builds without AF_INET6
|
||
- connect: fix Curl_updateconninfo for TRNSPRT_UNIX
|
||
- connect: fix the wrong error message on connect failures
|
||
- content_encoding: use writer struct subclasses for different encodings
|
||
- cookie: reject cookie names or content with TAB characters
|
||
- curl/add_file_name_to_url: use the libcurl URL parser
|
||
- curl/get_url_file_name: use libcurl URL parser
|
||
- curl: warn for --ssl use, considered insecure
|
||
- docs/libcurl/symbols-in-versions: add several missing symbols
|
||
- ftp: ignore a 550 response to MDTM
|
||
- functypes: provide the recv and send arg and return types
|
||
- getparameter: return PARAM_MANUAL_REQUESTED for -M even when disabled
|
||
- header: define public API functions as extern c
|
||
- headers: reset the requests counter at transfer start
|
||
- hostip: guard PF_INET6 use
|
||
- hostip: lazily wait to figure out if IPv6 works until needed
|
||
- http, vauth: always provide Curl_allow_auth_to_host() functionality
|
||
- http2: make nghttp2 less picky about field whitespace
|
||
- http: try parsing Retry-After: as a number first
|
||
- http_proxy: restore the protocol pointer on error
|
||
- lib: add missing limits.h includes
|
||
- lib: prepare the incoming of additional protocols
|
||
- lib: sanitize conditional exclusion around MIME
|
||
- libssh: if sftp_init fails, don't get the sftp error code
|
||
- mprintf: reject two kinds of precision for the same argument
|
||
- mqtt: return error for too long topic
|
||
- netrc: compare user name case sensitively
|
||
- netrc: replace fgets with Curl_get_line
|
||
- netrc: use the URL-decoded user
|
||
- ngtcp2: fix build errors due to changes in ngtcp2 library
|
||
- noproxy: support proxies specified using cidr notation
|
||
- openssl: make certinfo available for QUIC
|
||
- resolve: make forced IPv4 resolve only use A queries
|
||
- schannel: ban server ALPN change during recv renegotiation
|
||
- schannel: don't reset recv/send function pointers on renegotiation
|
||
- schannel: when importing PFX, disable key persistence
|
||
- setopt: use the handler table for protocol name to number conversions
|
||
- setopt: when POST is set, reset the 'upload' field
|
||
- single_transfer: use the libcurl URL parser when appending query parts
|
||
- smb: replace CURL_WIN32 with WIN32
|
||
- tool: avoid generating ambiguous escaped characters in --libcurl
|
||
- tool_main: exit at once if out of file descriptors
|
||
- tool_operate: more transfer cleanup after parallel transfer fail
|
||
- tool_operate: prevent over-queuing in parallel mode
|
||
- tool_paramhelp: asserts verify maximum sizes for string loading
|
||
- tool_xattr: save the original URL, not the final redirected one
|
||
- url: a zero-length userinfo part in the URL is still a (blank) user
|
||
- url: allow non-HTTPS HSTS-matching for debug builds
|
||
- url: rename function due to name-clash in Watt-32
|
||
- url: use IDN decoded names for HSTS checks
|
||
- urlapi: detect scheme better when not guessing
|
||
- urlapi: fix parsing URL without slash with CURLU_URLENCODE
|
||
- urlapi: reject more bad characters from the host name field
|
||
* Remove patch upstream:
|
||
- connect-fix-Curl_updateconninfo-for-TRNSPRT_UNIX.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Oct 8 17:06:50 UTC 2022 - Vasily Ulyanov <vasily.ulyanov@suse.com>
|
||
|
||
- Update connection info when using UNIX socket as endpoint
|
||
connect-fix-Curl_updateconninfo-for-TRNSPRT_UNIX.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Sep 30 12:35:59 UTC 2022 - Pedro Monreal <pmonreal@suse.com>
|
||
|
||
- Change the deprecated configure option --enable-hidden-symbols
|
||
to the new --enable-symbol-hiding.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Aug 31 07:34:20 UTC 2022 - Pedro Monreal <pmonreal@suse.com>
|
||
|
||
- Update to 7.85.0:
|
||
* Security fixes: [bsc#1202593, CVE-2022-35252]
|
||
- control code in cookie denial of service
|
||
* Changes:
|
||
- quic: add support via wolfSSL
|
||
- schannel: Add TLS 1.3 support
|
||
- setopt: add CURLOPT_PROTOCOLS_STR and CURLOPT_REDIR_PROTOCOLS_STR
|
||
* Bugfixes:
|
||
- asyn-thread: fix socket leak on OOM
|
||
- asyn-thread: make getaddrinfo_complete return CURLcode
|
||
- base64: base64url encoding has no padding
|
||
- configure: fix broken m4 syntax in TLS options
|
||
- configure: if asked to use TLS, fail if no TLS lib was detected
|
||
- connect: add quic connection information
|
||
- connect: set socktype/protocol correctly
|
||
- cookie: reject cookies with "control bytes"
|
||
- cookie: treat a blank domain in Set-Cookie: as non-existing
|
||
- curl: output warning when a cookie is dropped due to size
|
||
- Curl_close: call Curl_resolver_cancel to avoid memory-leak
|
||
- digest: fix memory leak, fix not quoted 'opaque'
|
||
- digest: fix missing increment of 'nc' value for auth-int
|
||
- digest: pass over leading spaces in qop values
|
||
- digest: reject broken header with session protocol but without qop
|
||
- doh: use https protocol by default
|
||
- easy_lock.h: include sched.h if available to fix build
|
||
- easy_lock.h: use __asm__ instead of asm to fix build
|
||
- easy_lock: switch to using atomic_int instead of bool
|
||
- ftp: use a correct expire ID for timer expiry
|
||
- h2h3: fix overriding the 'TE: Trailers' header
|
||
- hostip: resolve *.localhost to 127.0.0.1/::1
|
||
- HTTP3.md: update to msh3 v0.4.0
|
||
- hyper: use wakers for curl pause/resume
|
||
- lib3026: reduce the number of threads to 100
|
||
- libssh2: make atime/mtime date overflow return error
|
||
- libssh2: provide symlink name in SFTP dir listing
|
||
- multi: have curl_multi_remove_handle close CONNECT_ONLY transfer
|
||
- multi: use larger dns hash table for multi interface
|
||
- multi_wait: fix skipping to populate revents for extra_fds
|
||
- netrc: Use the password from lines without login
|
||
- ngtcp2: Fix build error due to change in nghttp3 prototypes
|
||
- ngtcp2: fix stall or busy loop on STOP_SENDING with upload data
|
||
- ngtcp2: implement cb_h3_stop_sending and cb_h3_reset_stream callbacks
|
||
- openssl: add 'CURL_BORINGSSL_VERSION' to identify BoringSSL
|
||
- openssl: add cert path in error message
|
||
- openssl: add details to "unable to set client certificate" error
|
||
- openssl: fix BoringSSL symbol conflicts with LDAP and Schannel
|
||
- select: do not return fatal error on EINTR from poll()
|
||
- sendf: fix paused header writes since after the header API
|
||
- sendf: skip storing HTTP headers if HTTP disabled
|
||
- url: really use the user provided in the url when netrc entry exists
|
||
- url: reject URLs with hostnames longer than 65535 bytes
|
||
- url: treat missing usernames in netrc as empty
|
||
- urldata: reduce size of several struct fields
|
||
- vtls: make Curl_ssl_backend() return the enum type curl_sslbackend
|
||
* Remove tests-for-32bit.patch fixed in the update
|
||
* Rebase libcurl-ocloexec.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Jul 24 19:37:01 UTC 2022 - Dirk Müller <dmueller@suse.com>
|
||
|
||
- add tests-for-32bit.patch to fix testsuite on 32bit platforms
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jun 27 14:36:10 UTC 2022 - David Anes <david.anes@suse.com>
|
||
|
||
- Update to 7.84.0:
|
||
* Security fixes:
|
||
- (bsc#1200737, CVE-2022-32208): FTP-KRB bad message verification
|
||
- (bsc#1200736, CVE-2022-32207): Unpreserved file permissions
|
||
- (bsc#1200735, CVE-2022-32206): HTTP compression denial of service
|
||
- (bsc#1200734, CVE-2022-32205): Set-Cookie denial of service
|
||
* Changes:
|
||
- curl: add --rate to set max request rate per time unit
|
||
- curl: deprecate --random-file and --egd-file
|
||
- curl_version_info: add CURL_VERSION_THREADSAFE
|
||
- CURLINFO_CAPATH/CAINFO: get the default CA paths from libcurl
|
||
- lib: make curl_global_init() threadsafe when possible
|
||
- libssh2: add CURLOPT_SSH_HOSTKEYFUNCTION
|
||
- opts: deprecate RANDOM_FILE and EGDSOCKET
|
||
- socks: support unix sockets for socks proxy
|
||
* Bugfixes:
|
||
- aws-sigv4: fix potentional NULL pointer arithmetic
|
||
- bindlocal: don't use a random port if port number would wrap
|
||
- c-hyper: mark status line as status for Curl_client_write()
|
||
- ci: avoid `cmake -Hpath`
|
||
- CI: bump FreeBSD 13.0 to 13.1
|
||
- ci: update github actions
|
||
- cmake: add libpsl support
|
||
- cmake: do not add libcurl.rc to the static libcurl library
|
||
- cmake: enable curl.rc for all Windows targets
|
||
- cmake: fix detecting libidn2
|
||
- cmake: support adding a suffix to the OS value
|
||
- configure: skip libidn2 detection when winidn is used
|
||
- configure: use the SED value to invoke sed
|
||
- configure: warn about rustls being experimental
|
||
- content_encoding: return error on too many compression steps
|
||
- cookie: address secure domain overlay
|
||
- cookie: apply limits
|
||
- copyright.pl: parse and use .reuse/dep5 for skips
|
||
- copyright: make repository REUSE compliant
|
||
- curl.1: add a few see also --tls-max
|
||
- curl.1: mention exit code zero too
|
||
- curl: re-enable --no-remote-name
|
||
- curl_easy_pause.3: remove explanation of progress function
|
||
- curl_getdate.3: document that some illegal dates pass through
|
||
- Curl_parsenetrc: don't access local pwbuf outside of scope
|
||
- curl_url_set.3: clarify by default using known schemes only
|
||
- CURLOPT_ALTSVC.3: document the file format
|
||
- CURLOPT_FILETIME.3: fix the protocols this works with
|
||
- CURLOPT_HTTPHEADER.3: improve comment in example
|
||
- CURLOPT_NETRC.3: document the .netrc file format
|
||
- CURLOPT_PORT.3: We discourage using this option
|
||
- CURLOPT_RANGE.3: remove ranged upload advice
|
||
- digest: added detection of more syntax error in server headers
|
||
- digest: tolerate missing "realm"
|
||
- digest: unquote realm and nonce before processing
|
||
- DISABLED: disable 1021 for hyper again
|
||
- docs/cmdline-opts: add copyright and license identifier to each file
|
||
- docs/CONTRIBUTE.md: document the 'needs-votes' concept
|
||
- docs: clarify data replacement policy for MIME API
|
||
- doh: remove UNITTEST macro definition
|
||
- examples/crawler.c: use the curl license
|
||
- examples: remove fopen.c and rtsp.c
|
||
- FAQ: Clarify Windows double quote usage
|
||
- fopen: add Curl_fopen() for better overwriting of files
|
||
- ftp: restore protocol state after http proxy CONNECT
|
||
- ftp: when failing to do a secure GSSAPI login, fail hard
|
||
- GHA/hyper: enable debug in the build
|
||
- gssapi: improve handling of errors from gss_display_status
|
||
- gssapi: initialize gss_buffer_desc strings
|
||
- headers api: remove EXPERIMENTAL tag
|
||
- http2: always debug print stream id in decimal with %u
|
||
- http2: reject overly many push-promise headers
|
||
- http: restore header folding behavior
|
||
- hyper: use 'alt-used'
|
||
- krb5: return error properly on decode errors
|
||
- lib: make more protocol specific struct fields #ifdefed
|
||
- libcurl-security.3: add "Secrets in memory"
|
||
- libcurl-security.3: document CRLF header injection
|
||
- libssh: skip the fake-close when libssh does the right thing
|
||
- links: update dead links to the curl-wiki
|
||
- log2changes: do not indent empty lines [ci skip]
|
||
- macos9: remove partial support
|
||
- Makefile.am: fix portability issues
|
||
- Makefile.m32: delete obsolete options, improve -On [ci skip]
|
||
- Makefile.m32: delete two obsolete OpenSSL options [ci skip]
|
||
- Makefile.m32: stop forcing XP target with ipv6 enabled [ci skip]
|
||
- max-time.d: clarify max-time sets max transfer time
|
||
- mprintf: ignore clang non-literal format string
|
||
- netrc: check %USERPROFILE% as well on Windows
|
||
- netrc: support quoted strings
|
||
- ngtcp2: allow curl to send larger UDP datagrams
|
||
- ngtcp2: correct use of ngtcp2 and nghttp3 signed integer types
|
||
- ngtcp2: enable Linux GSO
|
||
- ngtcp2: extend QUIC transport parameters buffer
|
||
- ngtcp2: fix alert_read_func return value
|
||
- ngtcp2: fix typo in preprocessor condition
|
||
- ngtcp2: handle error from ngtcp2_conn_submit_crypto_data
|
||
- ngtcp2: send appropriate connection close error code
|
||
- ngtcp2: support boringssl crypto backend
|
||
- ngtcp2: use helper funcs to simplify TLS handshake integration
|
||
- ntlm: provide a fixed fake host name
|
||
- projects: fix third-party SSL library build paths for Visual Studio
|
||
- quic: add Curl_quic_idle
|
||
- quiche: support ca-fallback
|
||
- rand: stop detecting /dev/urandom in cross-builds
|
||
- remote-name.d: mention --output-dir
|
||
- runtests.pl: add the --repeat parameter to the --help output
|
||
- runtests: fix skipping tests not done event-based
|
||
- runtests: skip starting the ssh server if user name is lacking
|
||
- scripts/copyright.pl: fix the exclusion to not ignore man pages
|
||
- sectransp: check for a function defined when __BLOCKS__ is undefined
|
||
- select: return error from "lethal" poll/select errors
|
||
- server/sws: support spaces in the HTTP request path
|
||
- speed-limit/time.d: mention these affect transfers in either direction
|
||
- strcase: some optimisations
|
||
- test 2081: add a valid reply for the second request
|
||
- test 675: add missing CR so the test passes when run through Privoxy
|
||
- test414: add the '--resolve' keyword
|
||
- test681: verify --no-remote-name
|
||
- tests 266, 116 and 1540: add a small write delay
|
||
- tests/data/test1501: kill ftp server after slow LIST response
|
||
- tests/getpart: fix getpartattr to work with "data" and "data2"
|
||
- tests/server/sws.c: change the HTTP writedelay unit to milliseconds
|
||
- test{440,441,493,977}: add "HTTP proxy" keywords
|
||
- tool_getparam: fix --parallel-max maximum value constraint
|
||
- tool_operate: make sure --fail-with-body works with --retry
|
||
- transfer: fix potential NULL pointer dereference
|
||
- transfer: maintain --path-as-is after redirects
|
||
- transfer: upload performance; avoid tiny send
|
||
- url: free old conn better on reuse
|
||
- url: remove redundant #ifdefs in allocate_conn()
|
||
- url: URL encode the path when extracted, if spaces were set
|
||
- urlapi: make curl_url_set(url, CURLUPART_URL, NULL, 0) clear all parts
|
||
- urlapi: support CURLU_URLENCODE for curl_url_get()
|
||
- urldata: reduce size of a few struct fields
|
||
- urldata: remove three unused booleans from struct UserDefined
|
||
- urldata: store tcp_keepidle and tcp_keepintvl as ints
|
||
- version: allow stricmp() for sorting the feature list
|
||
- vtls: make curl_global_sslset thread-safe
|
||
- wolfssh.h: removed
|
||
- wolfssl: correct the failf() message when a handle can't be made
|
||
- wolfSSL: explicitly use compatibility layer
|
||
- x509asn1: mark msnprintf return as unchecked
|
||
|
||
-------------------------------------------------------------------
|
||
Wed May 11 07:11:50 UTC 2022 - David Anes <david.anes@suse.com>
|
||
|
||
- Update to 7.83.1:
|
||
* Security fixes:
|
||
- (bsc#1199225, CVE-2022-30115) HSTS bypass via trailing dot
|
||
- (bsc#1199224, CVE-2022-27782) TLS and SSH connection too eager reuse
|
||
- (bsc#1199223, CVE-2022-27781) CERTINFO never-ending busy-loop
|
||
- (bsc#1199222, CVE-2022-27780) percent-encoded path separator in URL host
|
||
- (bsc#1199221, CVE-2022-27779) cookie for trailing dot TLD
|
||
- (bsc#1199220, CVE-2022-27778) removes wrong file on error
|
||
* Bugfixes:
|
||
- altsvc: fix host name matching for trailing dots
|
||
- cirrus: Update to FreeBSD 12.3
|
||
- cirrus: Use pip for Python packages on FreeBSD
|
||
- conn: fix typo 'connnection' -> 'connection' in two function names
|
||
- cookies: make bad_domain() not consider a trailing dot fine
|
||
- curl: free resource in error path
|
||
- curl: guard against size_t wraparound in no-clobber code
|
||
- CURLOPT_DOH_URL.3: mention the known bug
|
||
- CURLOPT_HSTS*FUNCTION.3: document the involved structs as well
|
||
- CURLOPT_SSH_AUTH_TYPES.3: fix the default
|
||
- data/test376: set a proper name
|
||
- GHA/mbedtls: enabled nghttp2 in the build
|
||
- gha: build msh3
|
||
- gskit: fixed bogus setsockopt calls
|
||
- gskit: remove unused function set_callback
|
||
- hsts: ignore trailing dots when comparing hosts names
|
||
- HTTP-COOKIES: add missing CURLOPT_COOKIESESSION
|
||
- http: move Curl_allow_auth_to_host()
|
||
- http_proxy/hyper: handle closed connections
|
||
- hyper: fix test 357
|
||
- Makefile: fix "make ca-firefox"
|
||
- mbedtls: bail out if rng init fails
|
||
- mbedtls: fix compile when h2-enabled
|
||
- mbedtls: fix some error messages
|
||
- misc: use "autoreconf -fi" instead buildconf
|
||
- msh3: get msh3 version from MsH3Version
|
||
- msh3: print boolean value as text representation
|
||
- msh3: psss remote_port to MsH3ConnectionOpen
|
||
- ngtcp2: add ca-fallback support for OpenSSL backend
|
||
- nss: return error if seemingly stuck in a cert loop
|
||
- openssl: define HAVE_SSL_CTX_SET_EC_CURVES for libressl
|
||
- post_per_transfer: remove the updated file name
|
||
- sectransp: bail out if SSLSetPeerDomainName fails
|
||
- tests/server: declare variable 'reqlogfile' static
|
||
- tests: fix markdown formatting in README
|
||
- test{898,974,976}: add 'HTTP proxy' keywords
|
||
- tls: check more TLS details for connection reuse
|
||
- url: check SSH config match on connection reuse
|
||
- urlapi: address (harmless) UndefinedBehavior sanitizer warning
|
||
- urlapi: reject percent-decoding host name into separator bytes
|
||
- x509asn1: make do_pubkey handle EC public keys
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Apr 22 11:39:46 UTC 2022 - David Anes <david.anes@suse.com>
|
||
|
||
- Patches rework:
|
||
* Refreshed all patches as -p1.
|
||
* Use autopatch macro.
|
||
* Renamed:
|
||
- dont-mess-with-rpmoptflags.diff -> dont-mess-with-rpmoptflags.patch
|
||
* Removed (already upstream):
|
||
- curl-fix-verifyhost.patch
|
||
|
||
- Update to 7.83.0:
|
||
* Security fixes:
|
||
- (bsc#1198766, CVE-2022-27776) Auth/cookie leak on redirect
|
||
- (bsc#1198723, CVE-2022-27775) Bad local IPv6 connection reuse
|
||
- (bsc#1198608, CVE-2022-27774) Credential leak on redirect
|
||
- (bsc#1198614, CVE-2022-22576) OAUTH2 bearer bypass in connection re-use
|
||
* Changes:
|
||
- curl: add %header{name} experimental support in -w handling
|
||
- curl: add %{header_json} experimental support in -w handling
|
||
- curl: add --no-clobber
|
||
- curl: add --remove-on-error
|
||
- header api: add curl_easy_header and curl_easy_nextheader
|
||
- msh3: add support for QUIC and HTTP/3 using msh3
|
||
* Bugfixes:
|
||
- appveyor: add Cygwin build
|
||
- appveyor: only add MSYS2 to PATH where required
|
||
- BearSSL: add CURLOPT_SSL_CIPHER_LIST support
|
||
- BearSSL: add CURLOPT_SSL_CTX_FUNCTION support
|
||
- BINDINGS.md: add Hollywood binding
|
||
- CI: Do not use buildconf. Instead, just use: autoreconf -fi
|
||
- CI: install Python package impacket to run SMB test 1451
|
||
- configure.ac: move -pthread CFLAGS setting back where it used to be
|
||
- configure: bump the copyright year range int the generated output
|
||
- conncache: include the zone id in the "bundle" hashkey
|
||
- connecache: remove duplicate connc->closure_handle check
|
||
- connect: make Curl_getconnectinfo work with conn cache from share handle
|
||
- connect: use TCP_KEEPALIVE only if TCP_KEEPIDLE is not defined
|
||
- cookie.d: clarify when cookies are sent
|
||
- cookies: improve errorhandling for reading cookiefile
|
||
- curl/system.h: update ifdef condition for MCST-LCC compiler
|
||
- curl: error out if -T and -d are used for the same URL
|
||
- curl: error out when options need features not present in libcurl
|
||
- curl: escape '?' in generated --libcurl code
|
||
- curl: fix segmentation fault for empty output file names.
|
||
- curl_easy_header: fix typos in documentation
|
||
- CURLINFO_PRIMARY_PORT.3: clarify which port this is
|
||
- CURLOPT*TLSAUTH.3: they only work with OpenSSL or GnuTLS
|
||
- CURLOPT_DISALLOW_USERNAME_IN_URL.3: use uppercase URL
|
||
- CURLOPT_PREQUOTE.3: only works for FTP file transfers, not dirs
|
||
- CURLOPT_PROGRESSFUNCTION.3: fix typo in example
|
||
- CURLOPT_UNRESTRICTED_AUTH.3: extended explanation
|
||
- CURLSHOPT_UNLOCKFUNC.3: fix the callback prototype
|
||
- docs/HYPER.md: updated to reflect current hyper build needs
|
||
- docs/opts: Mention Schannel client cert type is P12
|
||
- docs: Fix missing semicolon in example code
|
||
- docs: lots of minor language polish
|
||
- English: use American spelling consistently
|
||
- fail.d: tweak the description
|
||
- firefox-db2pem.sh: make the shell script safer
|
||
- ftp: fix error message for partial file upload
|
||
- gen.pl: change wording for mutexed options
|
||
- GHA: add openssl3 jobs moved over from zuul
|
||
- GHA: build hyper with nightly rustc
|
||
- GHA: move bearssl jobs over from zuul
|
||
- gha: move the event-based test over from Zuul
|
||
- gtls: fix build for disabled TLS-SRP
|
||
- http2: handle DONE called for the paused stream
|
||
- http2: RST the stream if we stop it on our own will
|
||
- http: avoid auth/cookie on redirects same host diff port
|
||
- http: close the stream (not connection) on time condition abort
|
||
- http: reject header contents with nul bytes
|
||
- http: return error on colon-less HTTP headers
|
||
- http: streamclose "already downloaded"
|
||
- hyper: fix status_line() return code
|
||
- hyper: fix tests 580 and 581 for hyper
|
||
- hyper: no h2c support
|
||
- infof: consistent capitalization of warning messages
|
||
- ipv4/6.d: clarify that they are about using IP addresses
|
||
- json.d: fix typo (overriden -> overridden)
|
||
- keepalive-time.d: It takes many probes to detect brokenness
|
||
- lib/warnless.[ch]: only check for WIN32 and ignore _WIN32
|
||
- lib670: avoid double check result
|
||
- lib: #ifdef on USE_HTTP2 better
|
||
- lib: fix some misuse of curlx_convert_wchar_to_UTF8
|
||
- lib: remove exclamation marks
|
||
- libssh2: compare sha256 strings case sensitively
|
||
- libssh2: make the md5 comparison fail if wrong length
|
||
- libssh: fix build with old libssh versions
|
||
- libssh: fix double close
|
||
- libssh: Improve fix for missing SSH_S_ stat macros
|
||
- libssh: unstick SFTP transfers when done event-based
|
||
- macos: set .plist version in autoconf
|
||
- mbedtls: remove 'protocols' array from backend when ALPN is not used
|
||
- mbedtls: remove server_fd from backend
|
||
- mk-ca-bundle.pl: Use stricter logic to process the certificates
|
||
- mk-ca-bundle.vbs: delete this script in favor of mk-ca-bundle.pl
|
||
- mlc_config.json: add file to ignore known troublesome URLs
|
||
- mqtt: better handling of TCP disconnect mid-message
|
||
- ngtcp2: add client certificate authentication for OpenSSL
|
||
- ngtcp2: avoid busy loop in low CWND situation
|
||
- ngtcp2: deal with sub-millisecond timeout
|
||
- ngtcp2: disconnect the QUIC connection proper
|
||
- ngtcp2: enlarge H3_SEND_SIZE
|
||
- ngtcp2: fix HTTP/3 upload stall and avoid busy loop
|
||
- ngtcp2: fix memory leak
|
||
- ngtcp2: fix QUIC_IDLE_TIMEOUT
|
||
- ngtcp2: make curl 1ms faster
|
||
- ngtcp2: remove remote_addr which is not used in a meaningful way
|
||
- ngtcp2: update to work after recent ngtcp2 updates
|
||
- ngtcp2: use token when detecting :status header field
|
||
- nonblock: restore setsockopt method to curlx_nonblock
|
||
- openssl: check SSL_get_peer_cert_chain return value
|
||
- openssl: enable CURLOPT_SSL_EC_CURVES with BoringSSL
|
||
- openssl: fix CN check error code
|
||
- options: remove mistaken space before paren in prototype
|
||
- perl: removed a double semicolon at end of line
|
||
- pop3/smtp: return *WEIRD_SERVER_REPLY when not understood
|
||
- projects/README: converted to markdown
|
||
- projects: Update VC version names for VS2017, VS2022
|
||
- rtsp: don't let CSeq error override earlier errors
|
||
- runtests: add 'bearssl' as testable feature
|
||
- runtests: make 'oldlibssh' be before 0.9.4
|
||
- schannel: remove dead code that will never run
|
||
- scripts/copyright.pl: ignore the new mlc_config.json file
|
||
- scripts: move three scripts from lib/ to scripts/
|
||
- test1135: sync with recent API updates
|
||
- test1459: disable for oldlibssh
|
||
- test375: fix line endings on Windows
|
||
- test386: Fix an incorrect test markup tag
|
||
- test718: edited slightly to return better HTTP
|
||
- tests/server/util.h: align WIN32 condition with util.c
|
||
- tests: refactor server/socksd.c to support --unix-socket
|
||
- timediff.[ch]: add curlx helper functions for timeval conversions
|
||
- tls: make mbedtls and NSS check for h2, not nghttp2
|
||
- tool and tests: force flush of all buffers at end of program
|
||
- tool_cb_hdr: Turn the Location: into a terminal hyperlink
|
||
- tool_getparam: error out on missing -K file
|
||
- tool_listhelp.c: uppercase URL
|
||
- tool_operate: fix a scan-build warning
|
||
- tool_paramhlp: use feof(3) to identify EOF correctly when using fread(3)
|
||
- transfer: redirects to other protocols or ports clear auth
|
||
- unit1620: call global_init before calling Curl_open
|
||
- url: check sasl additional parameters for connection reuse.
|
||
- vtls: provide a unified APLN-disagree string for all backends
|
||
- vtls: use a backend standard message for "ALPN: offers %s"
|
||
- vtls: use a generic "ALPN, server accepted" message
|
||
- winbuild/README.md: fixup dead link
|
||
- winbuild: Add a Visual Studio example to the README
|
||
- wolfssl: fix compiler error without IPv6
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Mar 11 16:36:50 UTC 2022 - Pedro Monreal <pmonreal@suse.com>
|
||
|
||
- Fix: openssl: fix CN check error code
|
||
* Add curl-fix-verifyhost.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Mar 7 08:01:26 UTC 2022 - Paolo Stivanin <info@paolostivanin.com>
|
||
|
||
- Update to 7.82.0:
|
||
* curl: add --json command line option
|
||
* curl: make it so that sensitive command line arguments do not
|
||
show as easily in the output of ps(1)
|
||
* curl_multi_socket.3: remove callback and typical usage descriptions
|
||
* ftp: provide error message for control bytes in path
|
||
* ldap: return CURLE_URL_MALFORMAT for bad URL
|
||
* lib: remove support for CURL_DOES_CONVERSIONS
|
||
* mqtt: plug some memory leaks
|
||
* multi: allow user callbacks to call curl_multi_assign
|
||
* multi: remember connection_id before returning connection to pool
|
||
* multi: set in_callback for multi interface callbacks
|
||
* netware: remove support
|
||
* ngtcp2: adapt to changed end of headers callback proto
|
||
* openldap: implement SASL authentication
|
||
* openssl: return error if TLS 1.3 is requested when not supported
|
||
* sectransp: mark a 3DES cipher as weak
|
||
* smb: pass socket for writing and reading data instead of FIRSTSOCKET
|
||
* tool_getparam: DNS options that need c-ares now fail without it
|
||
* TPF: drop support
|
||
* url: given a user in the URL, find pwd for that user in netrc
|
||
* url: keep trailing dot in host name
|
||
* urlapi: handle "redirects" smarter
|
||
* urldata: CONN_IS_PROXIED replaces bits.proxy when proxy can be disabled
|
||
* urldata: remove conn->bits.user_passwd
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Jan 9 21:24:30 UTC 2022 - Dirk Müller <dmueller@suse.com>
|
||
|
||
- update to 7.81.0:
|
||
* mime: use percent-escaping for multipart form field and file names
|
||
* asyn-ares: ares_getaddrinfo needs no happy eyeballs timer
|
||
* azure: make the "w/o HTTP/SMTP/IMAP" build disable SSL proper
|
||
* BINDINGS: add cURL client for PostgreSQL
|
||
* BINDINGS: add one from Everything curl and update a link
|
||
* checksrc: detect more kinds of NULL comparisons we avoid
|
||
* CI: build examples for additional code verification
|
||
* CI: bump job to use mbedtls 3.1.0
|
||
* cmake: don't set _USRDLL on a static Windows build
|
||
* cmake: prevent dev warning due to mismatched arg
|
||
* cmake: private identifiers use CURL_ instead of CMAKE_ prefix
|
||
* config.d: update documentation to match the path search
|
||
* configure: add -lm to configure for rustls build.
|
||
* configure: better diagnostics if hyper is built wrong
|
||
* configure: don't enable TLS when --without-* flags are used
|
||
* configure: fix runtime-lib detection on macOS
|
||
* curl.1: require "see also" for every documented option
|
||
* curl: improve error message for --head with -J
|
||
* curl_easy_cleanup.3: remove from multi handle first
|
||
* curl_easy_escape.3: call curl_easy_cleanup in example
|
||
* curl_easy_unescape.3: call curl_easy_cleanup in example
|
||
* curl_multi_init.3: fix EXAMPLE formatting
|
||
* curl_multi_perform/socket_action.3: clarify what errors mean
|
||
* curl_share_setopt.3: split out options into their own manpages
|
||
* CURLOPT_STDERR.3: does not work with libcurl as a win32 DLL
|
||
* digest: compute user:realm:pass digest w/o userhash
|
||
* docs/checksrc: Add documentation for STRERROR
|
||
* docs/cmdline-opts: do not say "protocols: all"
|
||
* docs/examples: workaround broken -Wno-pedantic-ms-format
|
||
* docs/HTTP3: describe how to setup a h3 reverse-proxy for testing
|
||
* docs/INSTALL.md: typo fix : added missing "get" verb
|
||
* docs/URL-SYNTAX.md: space is not fine in a given URL
|
||
* docs: add known bugs list to HTTP3.md
|
||
* docs: address proselint nits
|
||
* docs: consistent manpage SYNOPSIS
|
||
* docs: fix dead links, remove ECH.md
|
||
* docs: fix typo in OpenSSL 3 build instructions
|
||
* docs: Update the Reducing Size section
|
||
* example/progressfunc: remove code for old libcurls
|
||
* examples/multi-single.c: remove WAITMS()
|
||
* FAQ: typo fix : "yout" ➤ "your"
|
||
* ftp: disable warning 4706 in MSVC
|
||
* gen.pl: improve example output format
|
||
* github workflow: add wolfssl (removed from zuul)
|
||
* github/workflows: add mbedtls and mbedtls-clang (removed from zuul)
|
||
* gtls: check return code for gnutls_alpn_set_protocols
|
||
* hash: lazy-alloc the table in Curl_hash_add()
|
||
* http2:set_transfer_url() return early on OOM
|
||
* HTTP3: update quiche build instructions
|
||
* http: enable haproxy support for hyper backend
|
||
* http: Fix CURLOPT_HTTP200ALIASES
|
||
* http_proxy: don't close the socket (too early)
|
||
* insecure.d: detail its use for SFTP and SCP as well
|
||
* insecure.d: expand and clarify
|
||
* libcurl-multi.3: "SOCKS proxy handshakes" are not blocking
|
||
* libcurl-security.3: mention address and URL mitigations
|
||
* libssh2: fix error message for sha256 mismatch
|
||
* libtest: avoid "assignment within conditional expression"
|
||
* lift: ignore is a deprecated config option, use ignoreRules
|
||
* linkcheck.yml: add CI job that checks markdown links
|
||
* m4/curl-compilers: tell clang -Wno-pointer-bool-conversion
|
||
* Makefile.m32: rename -winssl option to -schannel and tidy up
|
||
* mbedTLS: add support for CURLOPT_CAINFO_BLOB
|
||
* mbedtls: fix CURLOPT_SSLCERT_BLOB
|
||
* mbedtls: fix private member designations for v3.1.0
|
||
* misc: remove unused doh flags when CURL_DISABLE_DOH is defined
|
||
* misc: s/e-mail/email
|
||
* multi: cleanup the socket hash when destroying it
|
||
* multi: handle errors returned from socket/timer callbacks
|
||
* multi: shut down CONNECT in Curl_detach_connnection
|
||
* netrc.d: edit the .netrc example to look nicer
|
||
* ngtcp2: verify the server cert on connect (quictls)
|
||
* ngtcp2: verify the server certificate for the gnutls case
|
||
* nss:set_cipher don't clobber the cipher list
|
||
* openldap: implement STARTTLS
|
||
* openldap: process search query response messages one by one
|
||
* openldap: several minor improvements
|
||
* openldap: simplify ldif generation code
|
||
* openssl: check the return value of BIO_new()
|
||
* openssl: define HAVE_OPENSSL_VERSION for OpenSSL 1.1.0+
|
||
* openssl: remove `RSA_METHOD_FLAG_NO_CHECK` handling if unavailable
|
||
* openssl: remove usage of deprecated `SSL_get_peer_certificate`
|
||
* openssl: use non-deprecated API to read key parameters
|
||
* page-footer: add a mention of how to report bugs to the man page
|
||
* page-footer: document more environment variables
|
||
* request.d: refer to 'method' rather than 'command'
|
||
* retry-all-errors.d: make the example complete
|
||
* runtests: make the SSH library a testable feature
|
||
* rustls: read of zero bytes might be okay
|
||
* rustls: remove comment about checking handshaking
|
||
* rustls: remove incorrect EOF check
|
||
* sha256/md5: return errors when init fails
|
||
* socks5: use appropriate ATYP for numerical IP address host names
|
||
* test1156: enable for hyper
|
||
* test1156: fixup the stdout check for Windows
|
||
* test1525: tweaked for hyper
|
||
* test1526: enable for hyper
|
||
* test1527: enable for hyper
|
||
* test1528: enable for hyper
|
||
* test1554: adjust for hyper
|
||
* test1556: adjust for hyper
|
||
* test302[12]: run only with the libssh2 backend
|
||
* test661: enable for hyper
|
||
* tests/CI.md: add more information on CI environments
|
||
* tests/data/test302[12]: fix MSYS2 path conversion of hostpubsha256
|
||
* tftp: mark protocol as not possible to do over CONNECT
|
||
* tool_findfile: updated search for a file in the homedir
|
||
* tool_operate: only set SSH related libcurl options for SSH URLs
|
||
* tool_operate: warn if too many output arguments were found
|
||
* url.c: fix the SIGPIPE comment for Curl_close
|
||
* url: check ssl_config when re-use proxy connection
|
||
* url: reduce ssl backend count for CURL_DISABLE_PROXY builds
|
||
* urlapi: accept port number zero
|
||
* urlapi: if possible, shorten given numerical IPv6 addresses
|
||
* urlapi: provide more detailed return codes
|
||
* urlapi: reject short file URLs
|
||
* version_win32: Check build number and platform id
|
||
* vtls/rustls: adapt to the updated rustls_version proto
|
||
* writeout: fix %{http_version} for HTTP/3
|
||
* x509asn1: return early on errors
|
||
* zuul.d: update rustls-ffi to version 0.8.2
|
||
* zuul: fix quiche build pointing to wrong Cargo
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Nov 16 16:16:49 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
|
||
|
||
- Update to 7.80.0:
|
||
* Changes:
|
||
- CURLOPT_MAXLIFETIME_CONN: maximum allowed lifetime for conn reuse
|
||
- CURLOPT_PREREQFUNCTION: add new callback
|
||
- libssh2: add SHA256 fingerprint support
|
||
- urlapi: add curl_url_strerror()
|
||
* Bugfixes:
|
||
- aws-sigv4: make signature work when post data is binary
|
||
- c-hyper: don't abort CONNECT responses early when auth-in-progress
|
||
- c-hyper: make CURLOPT_SUPPRESS_CONNECT_HEADERS work
|
||
- cmake: add CURL_ENABLE_SSL option
|
||
- cmake: with OpenSSL, define OPENSSL_SUPPRESS_DEPRECATED
|
||
- configure.ac: replace krb5-config with pkg-config
|
||
- configure: when hyper is selected, deselect nghttp2
|
||
- curl-confopts.m4: remove --enable/disable-hidden-symbols
|
||
- curl-openssl.m4: modify library order for openssl linking
|
||
- curl_ntlm_core: use OpenSSL only if DES is available
|
||
- Curl_updateconninfo: store addresses for QUIC connections too
|
||
- ftp: make the MKD retry to retry once per directory
|
||
- http: fix Basic auth with empty name field in URL
|
||
- http: reject HTTP response codes < 100
|
||
- http: remove assert that breaks hyper
|
||
- http: set content length earlier
|
||
- imap: display quota information
|
||
- libssh2: Get the version at runtime if possible
|
||
- md5: fix compilation with OpenSSL 3.0 API
|
||
- ngtcp2: advertise h3 as well as h3-29
|
||
- ngtcp2: compile with the latest nghttp3
|
||
- ngtcp2: use latest QUIC TLS RFC9001
|
||
- NTLM: use DES_set_key_unchecked with OpenSSL
|
||
- openssl: if verifypeer is not requested, skip the CA loading
|
||
- openssl: with OpenSSL 1.1.0+ a failed RAND_status means goaway
|
||
- schannel: fix memory leak due to failed SSL connection
|
||
- sendf: accept zero-length data in Curl_client_write()
|
||
- sha256: use high-level EVP interface for OpenSSL
|
||
- sws: fix memory leak on exit
|
||
- tool_operate: a failed etag save now only fails that transfer
|
||
- url: check the return value of curl_url()
|
||
- url: set "k->size" -1 at start of request
|
||
- urlapi: skip a strlen(), pass in zero
|
||
- urlapi: URL decode percent-encoded host names
|
||
- vtls: Fix a memory leak if an SSL session cannot be added to the cache
|
||
- wolfssl: use for SHA256, MD4, MD5, and setting DES odd parity
|
||
* Use --with-openssl configure option, --with-ssl is now deprecated
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Sep 22 11:17:15 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
|
||
|
||
- Update to 7.79.1:
|
||
* Bugfixes:
|
||
- Curl_http2_setup: don't change connection data on repeat invokes
|
||
- curl_multi_fdset: make FD_SET() not operate on sockets out of range
|
||
- dist: provide lib/.checksrc in the tarball
|
||
- FAQ: add GOPHERS + curl works on data, not files
|
||
- hsts: CURLSTS_FAIL from hsts read callback should fail transfer
|
||
- hsts: handle unlimited expiry
|
||
- http: fix the broken >3 digit response code detection
|
||
- strerror: use sys_errlist instead of strerror on Windows
|
||
- test1184: disable: https://github.com/curl/curl/issues/7725
|
||
- tests/sshserver.pl: make it work with openssh-8.7p1
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Sep 15 15:08:18 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
|
||
|
||
- Temporarily disable flaky test 1184
|
||
* See https://github.com/curl/curl/issues/7725
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Sep 15 06:21:42 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
|
||
|
||
- Update to 7.79.0: [bsc#1190213, CVE-2021-22945]
|
||
[bsc#1190373, CVE-2021-22946] [bsc#1190374, CVE-2021-22947]
|
||
* Changes:
|
||
- bearssl: support CURLOPT_CAINFO_BLOB
|
||
- http: consider cookies over localhost to be secure
|
||
- secure transport: support CURLINFO_CERTINFO
|
||
* Bugfixes:
|
||
- CVE-2021-22945: clear the leftovers pointer when sending succeeds
|
||
- CVE-2021-22946: do not ignore --ssl-reqd
|
||
- CVE-2021-22947: reject STARTTLS server response pipelining
|
||
- auth: do not append zero-terminator to authorisation id in kerberos
|
||
- auth: properly handle byte order in kerberos security message
|
||
- auth: use sasl authzid option in kerberos
|
||
- auth: we do not support a security layer after kerberos authentication
|
||
- c-hyper: deal with Expect: 100-continue combined with POSTFIELDS
|
||
- c-hyper: handle HTTP/1.1 => HTTP/1.0 downgrade on reused connection
|
||
- c-hyper: initial step for 100-continue support
|
||
- c-hyper: initial support for "dumping" 1xx HTTP responses
|
||
- curl-openssl.m4: show correct output for OpenSSL v3
|
||
- docs/MQTT: update state of username/password support
|
||
- docs: the security list is reached at security at curl.se now
|
||
- getparameter: fix the --local-port number parser
|
||
- hostip: Make Curl_ipv6works function independent of getaddrinfo
|
||
- http_proxy: fix the User-Agent inclusion in CONNECT
|
||
- http_proxy: fix user-agent and custom headers for CONNECT with hyper
|
||
- http_proxy: only wait for writable socket while sending request
|
||
- mailing lists: move from cool.haxx.se to lists.haxx.se
|
||
- mbedtls: avoid using a large buffer on the stack
|
||
- mbedTLS: initial 3.0.0 support
|
||
- ngtcp2: remove the acked_crypto_offset struct field init
|
||
- ngtcp2: replace deprecated functions with nghttp3_conn_shutdown_stream_read
|
||
- ngtcp2: reset the oustanding send buffer again when drained
|
||
- ngtcp2: rework the return value handling of ngtcp2_conn_writev_stream
|
||
- ngtcp2: stop buffering crypto data
|
||
- ngtcp2: utilize crypto API functions to simplify
|
||
- openssl: when creating a new context, there cannot be an old one
|
||
- scripts: invoke interpreters through /usr/bin/env
|
||
- tests/runtests.pl: cleanup copy&paste mistakes and unused code
|
||
- tests: be explicit about using 'python3' instead of 'python'
|
||
- tool/tests: fix potential year 2038 issues
|
||
- tool_operate: Fix --fail-early with parallel transfers
|
||
- x509asn1: fix heap over-read when parsing x509 certificates
|
||
* Rebase libcurl-ocloexec.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jul 21 06:50:22 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
|
||
|
||
- Update to 7.78.0:
|
||
[bsc#1188217, CVE-2021-22922][bsc#1188218, CVE-2021-22923]
|
||
[bsc#1188219, CVE-2021-22924][bsc#1188220, CVE-2021-22925]
|
||
* Changes:
|
||
- curl_url_set: reject spaces in URLs w/o CURLU_ALLOW_SPACE
|
||
- CURLE_SETOPT_OPTION_SYNTAX: new error name for wrong setopt syntax
|
||
- hostip: make 'localhost' return fixed values
|
||
- mbedtls: add support for cert and key blob options
|
||
- metalink: remove all support for it
|
||
- mqtt: add support for username and password
|
||
* Bugfixes:
|
||
- ares: always store IPv6 addresses first
|
||
- c-hyper: abort CONNECT response reading early on non 2xx responses
|
||
- c-hyper: add support for transfer-encoding in the request
|
||
- c-hyper: bail on too long response headers
|
||
- c-hyper: clear NTLM auth buffer when request is issued
|
||
- c-hyper: fix NTLM on closed connection tested with test159
|
||
- conncache: lowercase the hash key for better match
|
||
- curl_multibyte: Remove local encoding fallbacks
|
||
- Curl_ntlm_core_mk_nt_hash: fix OOM in error path
|
||
- Curl_ssl_getsessionid: fail if no session cache exists
|
||
- easy: during upkeep, attach Curl_easy to connections in the cache
|
||
- gnutls: set the preferred TLS versions in correct order
|
||
- hsts: ignore numberical IP address hosts
|
||
- HSTS: not experimental anymore
|
||
- http2: init recvbuf struct for pushed streams
|
||
- http: fix crash in rate-limited upload
|
||
- http: make the haproxy support work with unix domain sockets
|
||
- http_proxy: deal with non-200 CONNECT response with Hyper
|
||
- lib: don't compare fd to FD_SETSIZE when using poll
|
||
- lib: fix compiler warnings with CURL_DISABLE_NETRC
|
||
- lib: fix type of len passed to *printf's %*s
|
||
- lib: more %u for port and int for %*s fixes
|
||
- lib: use %u instead of %ld for port number printf
|
||
- libssh2: limit time a disconnect can take to 1 second
|
||
- mqtt: detect illegal and too large file size
|
||
- msnprintf: return number of printed characters excluding null byte
|
||
- multi: add scan-build-6 work-around in curl_multi_fdset
|
||
- multi: alter transfer timeout ordering
|
||
- multi: do not switch off connect_only flag when closing
|
||
- multi: fix crash in curl_multi_wait / curl_multi_poll
|
||
- ngtcp2: disable TLSv1.3 compatible mode when using GnuTLS
|
||
- openssl: avoid static variable for seed flag
|
||
- openssl: don't remove session id entry in disassociate
|
||
- socketpair: fix potential hangs
|
||
- socks4: scan for the IPv4 address in resolve results
|
||
- ssl: read pending close notify alert before closing the connection
|
||
- telnet: fix option parser to not send uninitialized contents
|
||
- TLS: prevent shutdown loops to get stuck
|
||
- vtls: exit addsessionid if no cache is inited
|
||
- vtls: fix connection reuse checks for issuer cert and case sensitivity
|
||
|
||
-------------------------------------------------------------------
|
||
Wed May 26 07:47:00 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
|
||
|
||
- Update to 7.77.0: [bsc#1186114, CVE-2021-22898]
|
||
[bsc#1186115, bsc#1185579, CVE-2021-22901]
|
||
* Security fixes:
|
||
- CVE-2021-22297: schannel cipher selection surprise
|
||
- CVE-2021-22298: TELNET stack contents disclosure
|
||
- CVE-2021-22901: TLS session caching disaster
|
||
* Changes:
|
||
- configure: make the TLS library choice(s) explicit
|
||
- curl: ignore options asking for SSLv2 or SSLv3
|
||
- hsts: enable by default
|
||
- SSL: support in-memory CA certs for some backends
|
||
- vtls: refuse setting any SSL version
|
||
* Bugfixes:
|
||
- configure: provide --with-openssl, deprecate --with-ssl
|
||
- cookie: CURLOPT_COOKIEFILE set to NULL switches off cookies
|
||
- curl: include libmetalink version in --version output
|
||
- data_pending: check only SECONDARY socket for FTP(S) transfers
|
||
- gnutls: don't allow TLS 1.3 for versions that don't support it
|
||
- gnutls: make setting only the MAX TLS allowed version work
|
||
- http2: fix resource leaks in set_transfer_url() and push_promise()
|
||
- http: limit the initial send amount to used upload buffer size
|
||
- rustls: only return CURLE_AGAIN when TLS session is fully drained
|
||
- rustls: use ALPN
|
||
- schannel: Disable auto credentials; add an option to enable it
|
||
- schannel: Support strong crypto option
|
||
- sectransp: allow cipher name to be specified
|
||
- sockfilt: avoid getting stuck waiting for writable socket
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Apr 25 21:14:40 UTC 2021 - Dirk Müller <dmueller@suse.com>
|
||
|
||
- update to 7.76.1:
|
||
- ngtcp2: Use ALPN h3-29 for now
|
||
- TODO: remove 18.22 --fail-with-body
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Mar 31 08:40:06 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
|
||
|
||
- Update to 7.76.0
|
||
* Security fixes:
|
||
- [bsc#1183933, CVE-2021-22876]: strip credentials from the
|
||
auto-referer header field
|
||
- [bsc#1183934, CVE-2021-22890]: add 'isproxy' argument to
|
||
Curl_ssl_get/addsessionid()
|
||
* Changes:
|
||
- cookies: Support multiple -b parameters
|
||
- curl: add --fail-with-body
|
||
- doh: add options to disable ssl verification
|
||
- http: add support to read and store the referrer header
|
||
- sasl: support SCRAM-SHA-1 and SCRAM-SHA-256 via libgsasl
|
||
- vtls: initial implementation of rustls backend
|
||
* Bugfixes:
|
||
- CVE-2021-22876: strip credentials from the auto-referer header field
|
||
- CVE-2021-22890: add 'isproxy' argument to Curl_ssl_get/addsessionid()
|
||
- c-hyper: support automatic content-encoding
|
||
- configure: only add OpenSSL paths if they are defined
|
||
- configure: provide Largefile feature for curl-config
|
||
- curl: set CURLOPT_NEW_FILE_PERMS if requested
|
||
- doh: Fix sharing user's resolve list with DOH handles
|
||
- doh: Inherit CURLOPT_STDERR from user's easy handle
|
||
- dynbuf: bump the max HTTP request to 1MB
|
||
- ftp: add 'list_only' to the transfer state struct
|
||
- ftp: add 'prefer_ascii' to the transfer state struct
|
||
- ftp: allow SIZE to fail when doing (resumed) upload
|
||
- ftp: avoid SIZE when asking for a TYPE A file
|
||
- ftp: fix memory leak in ftp_done
|
||
- ftp: never set data->set.ftp_append outside setopt
|
||
- gnutls: assume nettle crypto support
|
||
- http2: don't set KEEP_SEND when there's no more data to be sent
|
||
- http2: fail if connection terminated without END_STREAM
|
||
- http: do not add a referrer header with empty value
|
||
- http: strip default port from URL sent to proxy
|
||
- http: use credentials from transfer, not connection
|
||
- lib: remove 'conn->data' completely
|
||
- multi: close the connection when h2=>h1 downgrading
|
||
- multi: do once-per-transfer inits in before_perform in DID state
|
||
- multi: rename the multi transfer states
|
||
- multi: update pending list when removing handle
|
||
- ngtcp2: adapt to the new recv_datagram callback
|
||
- ngtcp2: clarify calculation precedence
|
||
- ngtcp2: sync with recent API updates
|
||
- openssl: adapt to v3's new const for a few API calls
|
||
- openssl: ensure to check SSL_CTX_set_alpn_protos return values
|
||
- openssl: remove get_ssl_version_txt in favor of SSL_get_version
|
||
- parse_proxy: fix a memory leak in the OOM path
|
||
- url: fix memory leak if OOM in the HSTS handling
|
||
- url: fix possible use-after-free in default protocol
|
||
- urldata: don't touch data->set.httpversion at run-time
|
||
- urldata: merge "struct DynamicStatic" into "struct UrlState"
|
||
- urldata: remove the 'rtspversion' field
|
||
- urldata: remove the _ORIG suffix from string names
|
||
- wolfssl: don't store a NULL sessionid
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Mar 4 17:46:40 UTC 2021 - Cristian Rodríguez <crrodriguez@opensuse.org>
|
||
|
||
- Harden build, enable full RELRO
|
||
- Never allow undefined symbols anywhere.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Feb 4 11:20:22 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
|
||
|
||
- Update to 7.75.0
|
||
* Changes:
|
||
- curl: add --create-file-mode [mode]
|
||
- curl: add new variables to --write-out
|
||
- dns: extend CURLOPT_RESOLVE syntax for adding non-permanent entries
|
||
- gopher: implement secure gopher protocol
|
||
- http: add Hyper as new optional HTTP backend
|
||
- http: introduce AWS HTTP v4 Signature support
|
||
* Bugfixes:
|
||
- cmake: Add an option to disable libidn2
|
||
- cmake: enable gophers correctly in curl-config
|
||
- cmake: expose CURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG
|
||
- digest_sspi: Show InitializeSecurityContext errors in verbose mode
|
||
- getinfo: build with disabled HTTP support
|
||
- http: get CURLOPT_REQUEST_TARGET working with a HTTP proxy
|
||
- http_proxy: Fix CONNECT chunked encoding race condition
|
||
- httpauth: make multi-request auth work with custom port
|
||
- lib: pass in 'struct Curl_easy *' to most functions
|
||
- lib: remove Curl_ prefix from many static functions
|
||
- lib: save a bit of space with some structure packing
|
||
- libssh: avoid plain free() of libssh-memory
|
||
- mime: make sure setting MIMEPOST to NULL resets properly
|
||
- multi_runsingle: bail out early on data->conn == NULL
|
||
- ngtcp2: Fix http3 upload stall
|
||
- ngtcp2: Fix stack buffer overflow
|
||
- openssl: lowercase the hostname before using it for SNI
|
||
- socks: use the download buffer instead
|
||
- speedcheck: exclude paused transfers
|
||
- tooĺ_writeout: fix the -w time output units
|
||
- url: if IDNA conversion fails, fallback to Transitional
|
||
- Refresh libcurl-ocloexec.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Dec 18 20:04:33 UTC 2020 - Cristian Rodríguez <crrodriguez@opensuse.org>
|
||
|
||
- Enable zstd and brotli support
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Dec 14 15:25:07 UTC 2020 - Pedro Monreal <pmonreal@suse.com>
|
||
|
||
- Update to 7.74.0
|
||
* Changes:
|
||
hsts: add experimental support for Strict-Transport-Security
|
||
* Bugfixes:
|
||
- Inferior OCSP verification [bsc#1179593, CVE-2020-8286]
|
||
- FTP wildcard stack overflow [bsc#1179399, CVE-2020-8285]
|
||
- trusting FTP PASV responses [bsc#1179398, CVE-2020-8284]
|
||
- Revert "multi: implement wait using winsock events"
|
||
- openssl: free mem_buf in error path
|
||
- ntlm: avoid malloc(0) on zero length user and domain
|
||
- ngtcp2: use the minimal version of QUIC supported by ngtcp2
|
||
- ngtcp2: advertise h3 ALPN unconditionally
|
||
- file: avoid duplicated code sequence
|
||
- openssl: guard against OOM on context creation
|
||
- docs: document the 8MB input string limit for curl_easy_escape
|
||
and curl_easy_setopt()
|
||
- hsts: add read/write callbacks
|
||
- hsts: add support for Strict-Transport-Security
|
||
- alt-svc: enable by default
|
||
- checksrc: warn on empty line before open brace
|
||
- connect: repair build without ipv6 availability
|
||
- curl.se: new home
|
||
- ftp: retry getpeername for FTP with TCP_FASTOPEN
|
||
- gnutls: fix memory leaks (certfields memory wasn't released)
|
||
- http: pass correct header size to debug callback for chunked post
|
||
- libssh2: fix transport over HTTPS proxy
|
||
- openssl: guard against OOM on context creation
|
||
- openssl: use OPENSSL_init_ssl() with >= 1.1.0
|
||
- Revert "multi: implement wait using winsock events"
|
||
- socks: check for DNS entries with the right port number
|
||
- tool_operate: --retry for HTTP 408 responses too
|
||
- tool_operate: bail out proper on errors during parallel transfers
|
||
- urlapi: don't accept blank port number field without scheme
|
||
- urlapi: URL encode a '+' in the query part
|
||
- vquic/ngtcp2.h: define local_addr as sockaddr_storage
|
||
- Update check section:
|
||
* runtests now supports dynamically base64 encoded sections in tests
|
||
* Replace env interpreter for perl and python3
|
||
- Remove curl-use_OPENSSL_config.patch since the OpenSSL initialization
|
||
has been updated to use OPENSSL_init_ssl() with >= 1.1.0
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Oct 20 10:33:34 UTC 2020 - Pedro Monreal <pmonreal@suse.com>
|
||
|
||
- Update patches to fix compiling warnings:
|
||
* curl-disabled-redirect-protocol-message.patch
|
||
* libcurl-ocloexec.patch
|
||
- Enable test 1165
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Oct 14 21:29:48 UTC 2020 - Pedro Monreal <pmonreal@suse.com>
|
||
|
||
- Update to 7.73.0
|
||
* Changes:
|
||
- curl: add --output-dir
|
||
- curl: support XDG_CONFIG_HOME to find .curlrc
|
||
- curl: update --help with categories
|
||
- curl_easy_option_*: new API for meta-data about easy options
|
||
- CURLE_PROXY: new error code
|
||
- mqtt: enable by default
|
||
- sftp: add new quote commands 'atime' and 'mtime'
|
||
- ssh: add the option CURLKHSTAT_FINE_REPLACE
|
||
- tls: add CURLOPT_SSL_EC_CURVES and --curves
|
||
* Bugfixes:
|
||
- base64: also build for smtp, pop3 and imap
|
||
- cleanups: avoid curl_ on local variables
|
||
- configure: let --enable-debug set -Wenum-conversion with gcc >= 10
|
||
- conn: check for connection being dead before reuse
|
||
- curl: in retry output don't call all problems "transient"
|
||
- curl: make checkpasswd, file2memory, file2string and
|
||
glob_match_url use dynbuf
|
||
- curl: retry delays in parallel mode no longer sleeps blocking
|
||
- curl: use curlx_dynbuf for realloc when loading config files
|
||
- curl:parallel_transfers: make sure retry readds the transfer
|
||
- curl_get_line: build only if cookies or alt-svc are enabled
|
||
- Curl_pgrsTime - return new time to avoid timeout integer overflow
|
||
- Curl_send: return error when pre_receive_plain can't malloc
|
||
- dynbuf: make sure Curl_dyn_tail() zero terminates
|
||
- etag: save and use the full received contents
|
||
- ftp: a 550 response to SIZE returns CURLE_REMOTE_FILE_NOT_FOUND
|
||
- ftp: avoid risk of reading uninitialized integers
|
||
- ftp: get rid of the PPSENDF macro
|
||
- ftp: make a 552 response return CURLE_REMOTE_DISK_FULL
|
||
- ftp: separate FTPS from FTP over "HTTPS proxy"
|
||
- HTTP/3: update to OpenSSL_1_1_1g-quic-draft-29
|
||
- http: consolidate nghttp2_session_mem_recv() call paths
|
||
- http_proxy: do not count proxy headers in the header bytecount
|
||
- http_proxy: do not crash with HTTPS_PROXY and NO_PROXY set
|
||
- imap: make imap_send use dynbuf for the send buffer management
|
||
- imap: set cselect_bits to CURL_CSELECT_IN initially
|
||
- lib1560: verify "redirect" to double-slash leading URL
|
||
- lib: make Curl_gethostname accept a const pointer
|
||
- libssh2: handle the SSH protocols done over HTTPS proxy
|
||
- libssh2: pass on the error from ssh_force_knownhost_key_type
|
||
- memdebug: remove 9 year old unused debug function
|
||
- multi: expand pre-check for socket readiness
|
||
- ngtcp2: adapt to new NGTCP2_PROTO_VER_MAX define
|
||
- ngtcp2: adapt to the new pkt_info arguments
|
||
- openssl: avoid error conditions when importing native CA
|
||
- openssl: consider ALERT_CERTIFICATE_EXPIRED a failed verification
|
||
- parsedate: tune the date to epoch conversion
|
||
- pause: only trigger a reread if the unpause sticks
|
||
- pingpong: use a dynbuf for the *_pp_sendf() function
|
||
- runtests: allow creating files without newlines
|
||
- runtests: allow generating a binary sequence from hex
|
||
- runtests: clear pid variables when failing to start a server
|
||
- schannel: fix memory leak when using get_cert_location
|
||
- schannel: return CURLE_PEER_FAILED_VERIFICATION for untrusted root
|
||
- sectransp: make it build with --disable-proxy
|
||
- select.h: make socket validation macros test for INVALID_SOCKET
|
||
- select: align poll emulation to return all relevant events
|
||
- select: fix poll-based check not detecting connect failure
|
||
- select: simplify return code handling for poll and select
|
||
- setopt: if the buffer exists, refuse the new BUFFERSIZE
|
||
- setopt: return CURLE_BAD_FUNCTION_ARGUMENT on bad argument
|
||
- socketpair: allow CURL_DISABLE_SOCKETPAIR
|
||
- sockfilt: handle FD_CLOSE winsock event on write socket
|
||
- symbian: drop support
|
||
- tests: remove pipelining tests
|
||
- tls: fix SRP detection by using the proper #ifdefs
|
||
- tls: provide the CApath verbose log on its own line
|
||
- tool_setopt: escape binary data to hex, not octal
|
||
- url: use blank credentials when using proxy w/o username and password
|
||
- urlapi: use more Curl_safefree
|
||
- vtls: deduplicate client certificates in ssl_config_data
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Aug 19 07:47:34 UTC 2020 - Pedro Monreal Gonzalez <pmonreal@suse.com>
|
||
|
||
- Update to 7.72.0 [bsc#1175109, CVE-2020-8231]
|
||
* Changes:
|
||
- content_encoding: add zstd decoding support
|
||
- CURL_PUSH_ERROROUT: allow the push callback to fail the parent stream
|
||
- CURLINFO_EFFECTIVE_METHOD: added
|
||
* Bugfixes:
|
||
- CVE-2020-8231: libcurl: wrong connect-only connection
|
||
- curl-config: ignore REQUIRE_LIB_DEPS in --libs output
|
||
- curl: improve the existing file check with -J
|
||
- curl_multi_setopt: fix compiler warning "result is always false"
|
||
- curl_version_info.3: CURL_VERSION_KERBEROS4 is deprecated
|
||
- docs: Add video link to docs/CONTRIBUTE.md
|
||
- docs: clarify MAX_SEND/RECV_SPEED functionality
|
||
- ftp: don't do ssl_shutdown instead of ssl_close
|
||
- ftpserver: don't verify SMTP MAIL FROM names
|
||
- getinfo: reset retry-after value in initinfo
|
||
- gnutls: repair the build with 'CURL_DISABLE_PROXY'
|
||
- gtls: survive not being able to get name/issuer
|
||
- h2: repair trailer handling
|
||
- http2: close the http2 connection when no more requests may be sent
|
||
- http2: fix nghttp2_strerror -> nghttp2_http2_strerror in debug messages
|
||
- libssh2: s/ssherr/sftperr/
|
||
- mprintf: Fix dollar string handling
|
||
- mprintf: Fix stack overflows
|
||
- multi_remove_handle: close unused connect-only connections
|
||
- ngtcp2: adapt to error code rename
|
||
- ngtcp2: adjust to recent sockaddr updates
|
||
- ngtcp2: update to modified qlog callback prototype
|
||
- ntlm: free target_info before (re-)malloc
|
||
- page-header: provide protocol details in the curl.1 man page
|
||
- quiche: handle calling disconnect twice
|
||
- setopt: unset NOBODY switches to GET if still HEAD
|
||
- smtp_parse_address: handle blank input string properly
|
||
- socks: use size_t for size variable
|
||
- tls-max.d: this option is only for TLS-using connections
|
||
- tlsv1.3.d. only for TLS-using connections
|
||
- tool_getparam: make --krb option work again
|
||
- transfer: fix data_pending for builds with both h2 and h3 enabled
|
||
- transfer: fix memory-leak with CURLOPT_CURLU in a duped handle
|
||
- transfer: move retrycount from connect struct to easy handle
|
||
- url: fix CURLU and location following
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jul 1 12:59:25 UTC 2020 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
|
||
|
||
- Update to 7.71.1
|
||
* Bugfixes:
|
||
- Curl_inet_ntop: always check the return code
|
||
- CURLOPT_READFUNCTION.3: provide the upload data size up front
|
||
- escape: make the URL decode able to reject only %00-bytes
|
||
- escape: zero length input should return a zero length output
|
||
- examples/multithread.c: call curl_global_cleanup()
|
||
- http2: set the correct URL in pushed transfers
|
||
- http: fix proxy auth with blank password
|
||
- mbedtls: fix build with disabled proxy support
|
||
- ngtcp2: sync with current master
|
||
- Revert "multi: implement wait using winsock events"
|
||
- sendf: improve the message on client write errors
|
||
- terminology: call them null-terminated strings
|
||
- tool_cb_hdr: Fix etag warning output and return code
|
||
- url: allow user + password to contain "control codes" for HTTP(S)
|
||
- vtls: compare cert blob when finding a connection to reuse
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jun 24 07:13:22 UTC 2020 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
|
||
|
||
- Update to 7.71.0 [bsc#1173026, CVE-2020-8169][bsc#1173027, CVE-2020-8177]
|
||
* Changes:
|
||
- CURLOPT_SSL_OPTIONS: optional use of Windows' CA store (with openssl)
|
||
- setopt: add CURLOPT_PROXY_ISSUERCERT(_BLOB) for coherency
|
||
- setopt: support certificate options in memory with struct curl_blob
|
||
- tool: Add option --retry-all-errors to retry on any error
|
||
* Bugfixes:
|
||
- *_sspi: fix bad uses of CURLE_NOT_BUILT_IN
|
||
- altsvc: bump to h3-29
|
||
- altsvc: fix 'dsthost' may be used uninitialized in this function
|
||
- altsvc: fix parser for lines ending with CRLF
|
||
- altsvc: remove the num field from the altsvc struct
|
||
- asyn-*: remove support for never-used NULL entry pointers
|
||
- azure: use matrix strategy to avoid configuration redundancy
|
||
- build: disable more code/data when built without proxy support
|
||
- buildconf: remove -print from the find command that removes files
|
||
- checksrc: enhance the ASTERISKSPACE and update code accordingly
|
||
- cirrus: disable SFTP and SCP tests
|
||
- CMake: add ENABLE_ALT_SVC option
|
||
- CMake: add HTTP/3 support (ngtcp2+nghttp3, quiche)
|
||
- CMake: add libssh build support
|
||
- configure: fix pthread check with static boringssl
|
||
- configure: for wolfSSL, check for the DES func needed for NTLM
|
||
- configure: only strip first -L from LDFLAGS
|
||
- configure: repair the check if argv can be written to
|
||
- configure: the wolfssh backend does not provide SCP
|
||
- connect: improve happy eyeballs handling
|
||
- connect: make happy eyeballs work for QUIC (again)
|
||
- curl: remove -J "informational" written on stdout
|
||
- Curl_addrinfo: use one malloc instead of three
|
||
- dynbuf: introduce internal generic dynamic buffer functions
|
||
- easy: fix dangling pointer on easy_perform fail
|
||
- examples/ephiperfifo: turn off interval when setting timerfd
|
||
- examples/http2-down/upload: add error checks
|
||
- FILEFORMAT: add more features that tests can depend on
|
||
- FILEFORMAT: describe verify/stderr
|
||
- ftp: make domore_getsock() return the secondary socket properly
|
||
- ftp: mark return-ignoring calls to Curl_GetFTPResponse with (void)
|
||
- ftp: shut down the secondary connection properly when SSL is used
|
||
- GnuTLS: Backend support for CURLINFO_SSL_VERIFYRESULT
|
||
- hostip: make Curl_printable_address not return anything
|
||
- http2: keep trying to send pending frames after req.upload_done
|
||
- http2: simplify and clean up trailer handling
|
||
- http: move header storage to Curl_easy from connectdata
|
||
- libssh2: improved error output for wrong quote syntax
|
||
- libssh2: keep sftp errors as 'unsigned long'
|
||
- libssh2: set the expected total size in SCP upload init
|
||
- multi: add defensive check on data->multi->num_alive
|
||
- multi: implement wait using winsock events
|
||
- ngtcp2: cleanup memory when failing to connect
|
||
- ngtcp2: fix build with current ngtcp2 master implementing draft 28
|
||
- ngtcp2: fix happy eyeballs quic connect crash
|
||
- ngtcp2: introduce qlog support
|
||
- ngtcp2: never call fprintf() in lib code in release version
|
||
- ngtcp2: update with recent API changes
|
||
- ntlm: enable NTLM support with wolfSSL
|
||
- OpenSSL: have CURLOPT_CRLFILE imply CURLSSLOPT_NO_PARTIALCHAIN
|
||
- openssl: set FLAG_TRUSTED_FIRST unconditionally
|
||
- projects: Add crypt32.lib to dependencies for all OpenSSL configs
|
||
- quiche: clean up memory properly when failing to connect
|
||
- quiche: enable qlog output
|
||
- quiche: update SSLKEYLOGFILE support
|
||
- Revert "ssh: ignore timeouts during disconnect"
|
||
- select: fix overflow protection in Curl_socket_check
|
||
- sendf: make failf() use the mvsnprintf() return code
|
||
- server/sws: fix asan warning on use of uninitialized variable
|
||
- server/util: fix logmsg format using curl_off_t argument
|
||
- sha256: fixed potentially uninitialized variable
|
||
- share: don not set the share flag it something fails
|
||
- sockfilt: make select_ws stop waiting on exit signal event
|
||
- socks: detect connection close during handshake
|
||
- socks: fix expected length of SOCKS5 reply
|
||
- socks: remove unreachable breaks in socks.c and mime.c
|
||
- source cleanup: remove all custom typedef structs
|
||
- timeouts: change millisecond timeouts to timediff_t from time_t
|
||
- timeouts: move ms timeouts to timediff_t from int and long
|
||
- tool_cfgable: free login_options at exit
|
||
- tool_getparam: -i is not OK if -J is used
|
||
- tool_getparam: fix memory leak in parse_args
|
||
- tool_operate: fixed potentially uninitialized variables
|
||
- tool_paramhlp: fixed potentially uninitialized strtol() variable
|
||
- transfer: close connection after excess data has been read
|
||
- typecheck-gcc.h: CURLINFO_PRIVATE does not need a 'char *'
|
||
- unit1604.c: fix implicit conv from 'SANITIZEcode' to 'CURLcode'
|
||
- url: accept "any length" credentials for proxy auth
|
||
- url: alloc the download buffer at transfer start
|
||
- url: make the updated credentials URL-encoded in the URL
|
||
- url: reject too long input when parsing credentials
|
||
- url: sort the protocol schemes in rough popularity order
|
||
- urlapi: accept :: as a valid IPv6 address
|
||
- urldata: leave the HTTP method untouched in the set.* struct
|
||
- urlglob: treat literal IPv6 addresses with zone IDs as a host name
|
||
- user-agent.d: spell out what happens given a blank argument
|
||
- vauth/cleartext: fix theoretical integer overflow
|
||
- version.d: expanded and alpha-sorted
|
||
- vtls: Extract and simplify key log file handling from OpenSSL
|
||
- wolfssl: add SSLKEYLOGFILE support
|
||
- wording: avoid blacklist/whitelist stereotypes
|
||
- write-out.d: added "response_code"
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jun 12 09:07:50 UTC 2020 - Dominique Leuenberger <dimstar@opensuse.org>
|
||
|
||
- Change with-gssapi configure parameter: krb5 is changing location
|
||
in the future: ask krb5-config about the correct prefix values.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Apr 29 07:45:48 UTC 2020 - Paolo Stivanin <info@paolostivanin.com>
|
||
|
||
- Update to 7.70.0
|
||
* Changes:
|
||
- curl: add --ssl-revoke-best-effort to allow a "best effort" revocation check
|
||
- mqtt: add new experimental protocol
|
||
- schannel: add "best effort" revocation check option: CURLSSLOPT_REVOKE_BEST_EFFORT
|
||
- writeout: support to generate JSON output with '%{json}'
|
||
* Bugfixes:
|
||
- gnutls: Don't skip really long certificate fields
|
||
- gnutls: ensure TLS 1.3 when SRP isn't requested
|
||
- lib: never define CURL_CA_BUNDLE with a getenv
|
||
- libcurl-multi.3: added missing full stop
|
||
- libssh: avoid options override by configuration files
|
||
- libssh: Use new ECDSA key types to check known hosts
|
||
- tons of other fixes
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Mar 12 22:07:26 UTC 2020 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
|
||
|
||
- Update to 7.69.1
|
||
* Bugfixes:
|
||
- ares: store dns parameters for duphandle
|
||
- cirrus-ci: disable the FreeBSD 13 builds
|
||
- curl_share_setopt.3: Note sharing cookies doesn't enable the engine
|
||
- lib1564: reduce number of mid-wait wakeup calls
|
||
- libssh: Fix matching user-specified MD5 hex key
|
||
- MANUAL: update a dict-using command line
|
||
- mime: do not perform more than one read in a row
|
||
- mime: fix the binary encoder to handle large data properly
|
||
- mime: latch last read callback status
|
||
- multi: skip EINTR check on wakeup socket if it was closed
|
||
- pause: bail out on bad input
|
||
- pause: force a connection recheck after unpausing (take 2)
|
||
- pause: return early for calls that don't change pause state
|
||
- runtests.1: rephrase how to specify what tests to run
|
||
- runtests: fix missing use of exe_ext helper function
|
||
- seek: fix fall back for missing ftruncate on Windows
|
||
- sftp: fix segfault regression introduced by #4747 in 7.69.0
|
||
- sha256: Added SecureTransport implementation
|
||
- sha256: Added WinCrypt implementation
|
||
- socks4: fix host resolve regression
|
||
- socks5: host name resolv regression fix
|
||
- tests/server: fix missing use of exe_ext helper function
|
||
- tests: fix static ip:port instead of dynamic values being used
|
||
- tests: make sleeping portable by avoiding select
|
||
- unit1612: fix the inclusion and compilation of the HMAC unit test
|
||
- urldata: remove the 'stream_was_rewound' connectdata struct member
|
||
- version: make curl_version* thread-safe without using global context
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Mar 9 12:54:08 UTC 2020 - Andreas Schwab <schwab@suse.de>
|
||
|
||
- ignore_runtests_failure.patch: remove, no longer needed
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Mar 4 08:56:45 UTC 2020 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
|
||
|
||
- Update to 7.69.0
|
||
* Changes:
|
||
- polarssl: removed
|
||
- smtp: add CURLOPT_MAIL_RCPT_ALLLOWFAILS and --mail-rcpt-allowfails
|
||
- wolfSSH: new SSH backend
|
||
* Bugfixes:
|
||
- altsvc: improved header parser
|
||
- altsvc: keep a copy of the file name to survive handle reset
|
||
- altsvc: make saving the cache an atomic operation
|
||
- altsvc: use h3-27
|
||
- azure: disable brotli on the macos debug-builds
|
||
- build: remove all HAVE_OPENSSL_ENGINE_H defines
|
||
- cleanup: fix several comment typos
|
||
- cleanup: fix typos and wording in docs and comments
|
||
- cmake: add support for CMAKE_LTO option
|
||
- cmake: clean up and improve build procedures
|
||
- cmake: Show HTTPS-proxy in the features output
|
||
- cmake: use check_symbol_exists also for inet_pton
|
||
- configure.ac: fix comments about --with-quiche
|
||
- configure: disable metalink if mbedTLS is specified
|
||
- configure: disable metalink support for incompatible SSL/TLS
|
||
- conn: do not reuse connection if SOCKS proxy credentials differ
|
||
- conncache: removed unused Curl_conncache_bundle_size()
|
||
- connect: remove some spurious infof() calls
|
||
- connection reuse: respect the max_concurrent_streams limits
|
||
- cookie: check __Secure- and __Host- case sensitively
|
||
- cookies: make saving atomic with a rename
|
||
- create-dirs.d: mention the mode
|
||
- curl: avoid using strlen for testing if a string is empty
|
||
- curl: error on --alt-svc use w/o support
|
||
- curl: let -D merge headers in one file again
|
||
- curl: make #0 not output the full URL
|
||
- curl: make the -# spaceship bar not wrap the line
|
||
- curl: remove 'config' field from OutStruct
|
||
- curl:progressbarinit: ignore column width from terminals < 20
|
||
- curl_escape.3: add a link to curl_free
|
||
- curl_getenv.3: fix the memory handling description
|
||
- curl_global_init: assume the EINTR bit by default
|
||
- curl_global_init: move the IPv6 works status bool to multi handle
|
||
- CURLINFO_COOKIELIST.3: Fix example
|
||
- CURLOPT_ALTSVC_CTRL.3: fix the DEFAULT wording
|
||
- CURLOPT_PROXY_SSL_OPTIONS.3: Sync with CURLOPT_SSL_OPTIONS.3
|
||
- CURLOPT_REDIR_PROTOCOLS.3: update the DEFAULT section
|
||
- data.d: remove "Multiple files can also be specified"
|
||
- digest: do not quote algorithm in HTTP authorisation
|
||
- docs/HTTP3: add --enable-alt-svc to curl's configure
|
||
- docs/HTTP3: update the OpenSSL branch to use for ngtcp2
|
||
- docs: fix typo on CURLINFO_RETRY_AFTER
|
||
- easy: remove dead code
|
||
- form.d: fix two minor typos
|
||
- ftp: convert 'sock_accepted' to a plain boolean
|
||
- ftp: remove superfluous checking for crlf in user or pwd
|
||
- ftp: shrink temp buffers used for PORT
|
||
- github: Instructions to post "uname -a" on Unix systems in issues
|
||
- GnuTLS: always send client cert
|
||
- gtls: fixed compilation when using GnuTLS < 3.5.0
|
||
- hostip: move code to resolve IP address literals to 'Curl_resolv'
|
||
- HTTP-COOKIES: describe the cookie file format
|
||
- HTTP-COOKIES: mention that a trailing newline is required
|
||
- http2: make pausing/unpausing set/clear local stream window
|
||
- http2: now requires nghttp2 >= 1.12.0
|
||
- http: added 417 response treatment
|
||
- http: increase EXPECT_100_THRESHOLD to 1Mb
|
||
- http: mark POSTs with no body as "upload done" from the start
|
||
- http: move "oauth_bearer" from connectdata to Curl_easy
|
||
- include: remove non-curl prefixed defines
|
||
- KNOWN_BUGS: Multiple methods in a single WWW-Authenticate: header
|
||
- libssh2: add support for forcing a hostkey type
|
||
- libssh2: fix variable type
|
||
- libssh: improve known hosts handling
|
||
- llist: removed unused Curl_llist_move()
|
||
- location.d: the method change is from POST to GET only
|
||
- md4: fixed compilation issues when using GNU TLS gcrypt
|
||
- md4: use init/update/final functions in Secure Transport
|
||
- md5: added implementation for mbedTLS
|
||
- mk-ca-bundle: add support for CKA_NSS_SERVER_DISTRUST_AFTER
|
||
- multi: change curl_multi_wait/poll to error on negative timeout
|
||
- multi: fix outdated comment
|
||
- multi: if Curl_readwrite sets 'comeback' use expire, not loop
|
||
- multi_done: if multiplexed, make conn->data point to another transfer
|
||
- multi_wait: stop loop when sread() returns zero
|
||
- ngtcp2: add error code for QUIC connection errors
|
||
- ngtcp2: fixed to only use AF_INET6 when ENABLE_IPV6
|
||
- ngtcp2: update to git master and its draft-25 support
|
||
- ntlm: removed the dependency on the TLS libaries when using MD5
|
||
- ntlm_wb: use Curl_socketpair() for greater portability
|
||
- oauth2-bearer.d: works for HTTP too
|
||
- openssl: make CURLINFO_CERTINFO not truncate x509v3 fields
|
||
- openssl: remove redundant assignment
|
||
- os400: fixed the build
|
||
- pause: force-drain the transfer on unpause
|
||
- quiche: update to draft-25
|
||
- README: mention that the docs is in docs/
|
||
- runtests: make random seed fixed for a month
|
||
- runtests: restore the command log
|
||
- schannel_verify: Fix alt names manual verify for UNICODE builds
|
||
- sha256: use crypto implementations when available
|
||
- singleuse.pl: support new API functions, fix curl_dbg_ handling
|
||
- smtp: support the SMTPUTF8 extension
|
||
- smtp: support UTF-8 based host names in MAIL FROM
|
||
- SOCKS: make the connect phase non-blocking
|
||
- strcase: turn Curl_raw_tolower into static
|
||
- strerror: increase STRERROR_LEN 128 -> 256
|
||
- test1323: added missing 'unit test' feature requirement
|
||
- tests: add a unit test for MD4 digest generation
|
||
- tests: add a unit test for SHA256 digest generation
|
||
- tests: add a unit test for the HMAC hash generation
|
||
- tests: deduce the tool name from the test case for unit tests
|
||
- tests: fix Python 3 compatibility of smbserver.py
|
||
- tool_dirhie: allow directory traversal during creation
|
||
- tool_homedir: change GetEnv() to use libcurl's curl_getenv()
|
||
- url: include the failure reason when curl_win32_idn_to_ascii() fails
|
||
- urlapi: guess scheme properly with credentials given
|
||
- urldata: do string enums without #ifdefs for build scripts
|
||
- vtls: refactor Curl_multissl_version to make the code clearer
|
||
- Refresh patches:
|
||
* curl-secure-getenv.patch
|
||
* libcurl-ocloexec.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Feb 18 14:11:29 UTC 2020 - Dominique Leuenberger <dimstar@opensuse.org>
|
||
|
||
- Eliminate curl-mini: The reason for this to exist was that cmake
|
||
pulled in curl into too many places, causing build cycles. A new
|
||
cmake-mini was generated, eliminating that need.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jan 8 09:54:50 UTC 2020 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
|
||
|
||
- Update to 7.68.0
|
||
* Changes:
|
||
- TLS: add BearSSL vtls implementation
|
||
- XFERINFOFUNCTION: support CURL_PROGRESSFUNC_CONTINUE
|
||
- curl: add --etag-compare and --etag-save
|
||
- curl: add --parallel-immediate
|
||
- multi: add curl_multi_wakeup()
|
||
- openssl: CURLSSLOPT_NO_PARTIALCHAIN can disable partial cert chains
|
||
* Bugfixes:
|
||
- CVE-2019-15601: file: on Windows, refuse paths that start with \\
|
||
- Azure Pipelines: add several builds
|
||
- CMake: add support for building with the NSS vtls backend
|
||
- CURL-DISABLE: initial docs for the CURL_DISABLE_* defines
|
||
- CURLOPT_HEADERFUNCTION.3: Document that size is always 1
|
||
- CURLOPT_QUOTE.3: fix typos
|
||
- CURLOPT_READFUNCTION.3: fix the example
|
||
- CURLOPT_URL.3: "curl supports SMB version 1 (only)"
|
||
- CURLOPT_VERBOSE.3: see also ERRORBUFFER
|
||
- HISTORY: added cmake, HTTP/3 and parallel downloads with curl
|
||
- HISTORY: the SMB(S) support landed in 2014
|
||
- INSTALL.md: provide Android build instructions
|
||
- KNOWN_BUGS: Connection information when using TCP Fast Open
|
||
- KNOWN_BUGS: LDAP on Windows doesn't work correctly
|
||
- KNOWN_BUGS: TLS session cache doesn't work with TFO
|
||
- OPENSOCKETFUNCTION.3: correct the purpose description
|
||
- TrackMemory tests: always remove CR before LF
|
||
- altsvc: bump to h3-24
|
||
- altsvc: make the save function ignore NULL filenames
|
||
- build: Disable Visual Studio warning "conditional expression is constant"
|
||
- build: fix for CURL_DISABLE_DOH
|
||
- checksrc.bat: Add a check for vquic and vssh directories
|
||
- checksrc: repair the copyrightyear check
|
||
- cirrus-ci: enable clang sanitizers on freebsd 13
|
||
- cirrus: Drop the FreeBSD 10.4 build
|
||
- config-win32: cpu-machine-OS for Windows on ARM
|
||
- configure: avoid unportable `==' test(1) operator
|
||
- configure: enable IPv6 support without `getaddrinfo`
|
||
- configure: fix typo in help text
|
||
- conncache: CONNECT_ONLY connections assumed always in-use
|
||
- conncache: fix multi-thread use of shared connection cache
|
||
- copyrights: fix copyright year range
|
||
- create_conn: prefer multiplexing to using new connections
|
||
- curl -w: handle a blank input file correctly
|
||
- curl.h: add two missing defines for "pre ISO C" compilers
|
||
- curl/parseconfig: fix mem-leak
|
||
- curl/parseconfig: use curl_free() to free memory allocated by libcurl
|
||
- curl: cleanup multi handle on failure
|
||
- curl: fix --upload-file . hangs if delay in STDIN
|
||
- curl: fix -T globbing
|
||
- curl: improved cleanup in upload error path
|
||
- curl: make a few char pointers point to const char instead
|
||
- curl: properly free mimepost data
|
||
- curl: show better error message when no homedir is found
|
||
- curl: show error for --http3 if libcurl lacks support
|
||
- curl_setup_once: consistently use WHILE_FALSE in macros
|
||
- define: remove HAVE_ENGINE_LOAD_BUILTIN_ENGINES, not used anymore
|
||
- docs: Change 'experiemental' to 'experimental'
|
||
- docs: TLS SRP doesn't work with TLS 1.3
|
||
- docs: fix several typos
|
||
- docs: mention CURL_MAX_INPUT_LENGTH restrictions
|
||
- doh: improved both encoding and decoding
|
||
- doh: make it behave when built without proxy support
|
||
- examples/postinmemory.c: Call curl_global_cleanup always
|
||
- examples/url2file.c: corrected erroneous comment
|
||
- examples: add multi-poll.c
|
||
- global_init: undo the "intialized" bump in case of failure
|
||
- hostip: suppress compiler warning
|
||
- http_ntlm: Remove duplicate NSS initialisation
|
||
- lib: Move lib/ssh.h -> lib/vssh/ssh.h
|
||
- lib: fix compiler warnings with `CURL_DISABLE_VERBOSE_STRINGS`
|
||
- lib: fix warnings found when porting to NuttX
|
||
- lib: remove ASSIGNWITHINCONDITION exceptions, use our code style
|
||
- lib: remove erroneous +x file permission on some c files
|
||
- libssh2: add support for ECDSA and ed25519 knownhost keys
|
||
- multi.h: remove INITIAL_MAX_CONCURRENT_STREAMS from public header
|
||
- multi: free sockhash on OOM
|
||
- multi_poll: avoid busy-loop when called without easy handles attached
|
||
- ngtcp2: Support the latest update key callback type
|
||
- ngtcp2: fix thread-safety bug in error-handling
|
||
- ngtcp2: free used resources on disconnect
|
||
- ngtcp2: handle key updates as ngtcp2 master branch tells us
|
||
- ngtcp2: increase QUIC window size when data is consumed
|
||
- ngtcp2: use overflow buffer for extra HTTP/3 data
|
||
- ntlm: USE_WIN32_CRYPTO check removed to get USE_NTLM2SESSION set
|
||
- ntlm_wb: fix double-free in OOM
|
||
- openssl: Revert to less sensitivity for SYSCALL errors
|
||
- openssl: improve error message for SYSCALL during connect
|
||
- openssl: prevent recursive function calls from ctx callbacks
|
||
- openssl: retrieve reported LibreSSL version at runtime
|
||
- openssl: set X509_V_FLAG_PARTIAL_CHAIN by default
|
||
- parsedate: offer a getdate_capped() alternative
|
||
- pause: avoid updating socket if done was already called
|
||
- projects: Fix Visual Studio projects SSH builds
|
||
- projects: Fix Visual Studio wolfSSL configurations
|
||
- quiche: reject HTTP/3 headers in the wrong order
|
||
- remove_handle: clear expire timers after multi_done()
|
||
- runtests: --repeat=[num] to repeat tests
|
||
- runtests: introduce --shallow to reduce huge torture tests
|
||
- schannel: fix --tls-max for when min is --tlsv1 or default
|
||
- setopt: Fix ALPN / NPN user option when built without HTTP2
|
||
- strerror: Add Curl_winapi_strerror for Win API specific errors
|
||
- strerror: Fix an error looking up some Windows error strings
|
||
- strerror: Fix compiler warning "empty expression"
|
||
- system.h: fix for MCST lcc compiler
|
||
- test/sws: search for "Testno:" header unconditionally if no testno
|
||
- test1175: verify symbols-in-versions and libcurl-errors.3 in sync
|
||
- test1270: a basic -w redirect_url test
|
||
- test1456: remove the use of a fixed local port number
|
||
- test1558: use double slash after file:
|
||
- test1560: require IPv6 for IPv6 aware URL parsing
|
||
- tests/lib1557: fix mem-leak in OOM
|
||
- tests/lib1559: fix mem-leak in OOM
|
||
- tests/lib1591: free memory properly on OOM, in the trailers callback
|
||
- tests/unit1607: fix mem-leak in OOM
|
||
- tests/unit1609: fix mem-leak in OOM
|
||
- tests/unit1620: fix bad free in OOM
|
||
- tests: Change NTLM tests to require SSL
|
||
- tests: Fix bounce requests with truncated writes
|
||
- tests: fix build with `CURL_DISABLE_DOH`
|
||
- tests: fix permissions of ssh keys in WSL
|
||
- tests: make it possible to set executable extensions
|
||
- tests: make sure checksrc runs on header files too
|
||
- tests: set LC_ALL=en_US.UTF-8 instead of blank in several tests
|
||
- tests: use DoH feature for DoH tests
|
||
- tests: use \r\n for log messages in WSL
|
||
- tool_operate: fix mem leak when failed config parse
|
||
- travis: Fix error detection
|
||
- travis: abandon coveralls, it is not reliable
|
||
- travis: build ngtcp2 with --enable-lib-only
|
||
- travis: export the CC/CXX variables when set
|
||
- vtls: make BearSSL possible to set with CURL_SSL_BACKEND
|
||
- winbuild: Define CARES_STATICLIB when WITH_CARES=static
|
||
- winbuild: Document CURL_STATICLIB requirement for static libcurl
|
||
- Remove curl-expire-clear.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Nov 14 16:55:18 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
|
||
|
||
- Fix segfault in zypper ref: [bsc#1156481]
|
||
* remove_handle: clear expire timers after multi_done()
|
||
* Add patch curl-expire-clear.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Nov 6 15:52:24 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
|
||
|
||
- Update spec file with spec-cleaner
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Nov 6 09:36:43 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
|
||
|
||
- Update to 7.67.0
|
||
* Changes:
|
||
- curl: added --no-progress-meter
|
||
- setopt: CURLMOPT_MAX_CONCURRENT_STREAMS is new
|
||
- urlapi: CURLU_NO_AUTHORITY allows empty authority/host part
|
||
* Bugfixes:
|
||
- BINDINGS: five new bindings addded
|
||
- CURLOPT_TIMEOUT.3: Clarify transfer timeout time includes queue time
|
||
- CURLOPT_TIMEOUT.3: remove the mention of "minutes"
|
||
- ESNI: initial build/setup support
|
||
- FTP: FTPFILE_NOCWD: avoid redundant CWDs
|
||
- FTP: allow "rubbish" prepended to the SIZE response
|
||
- FTP: remove trailing slash from path for LIST/MLSD
|
||
- FTP: skip CWD to entry dir when target is absolute
|
||
- FTP: url-decode path before evaluation
|
||
- HTTP3.md: move -p for mkdir, remove -j for make
|
||
- HTTP3: fix invalid use of sendto for connected UDP socket
|
||
- HTTP3: fix prefix parameter for ngtcp2 build
|
||
- HTTP3: show an --alt-svc using example too
|
||
- INSTALL: add missing space for configure commands
|
||
- INSTALL: add vcpkg installation instructions
|
||
- altsvc: accept quoted ma and persist values
|
||
- altsvc: both backends run h3-23 now
|
||
- appveyor: Add MSVC ARM64 build
|
||
- appveyor: Use two parallel compilation on appveyor with CMake
|
||
- appveyor: add --disable-proxy autotools build
|
||
- appveyor: publish artifacts on appveyor
|
||
- appveyor: upgrade VS2017 to VS2019
|
||
- asyn-thread: make use of Curl_socketpair() where available
|
||
- asyn-thread: s/AF_LOCAL/AF_UNIX for Solaris
|
||
- build: Remove unused HAVE_LIBSSL and HAVE_LIBCRYPTO defines
|
||
- checksrc: fix uninitialized variable warning
|
||
- chunked-encoding: stop hiding the CURLE_BAD_CONTENT_ENCODING error
|
||
- cirrus: Switch the FreeBSD 11.x build to 11.3 and add a 13.0 build
|
||
- cirrus: switch off blackhole status on the freebsd CI machines
|
||
- cleanups: 21 various PVS-Studio warnings
|
||
- configure: only say ipv6 enabled when the variable is set
|
||
- configure: remove all cyassl references
|
||
- conn-reuse: requests wanting NTLM can reuse non-NTLM connections
|
||
- connect: return CURLE_OPERATION_TIMEDOUT for errno == ETIMEDOUT
|
||
- connect: silence sign-compare warning
|
||
- cookie: avoid harmless use after free
|
||
- cookie: pass in the correct cookie amount to qsort()
|
||
- cookies: change argument type for Curl_flush_cookies
|
||
- cookies: using a share with cookies shouldn't enable the cookie engine
|
||
- copyrights: update copyright notices to 2019
|
||
- curl: create easy handles on-demand and not ahead of time
|
||
- curl: ensure HTTP 429 triggers --retry
|
||
- curl: exit the create_transfers loop on errors
|
||
- curl: fix memory leaked by parse_metalink()
|
||
- curl: load large files with -d @ much faster
|
||
- docs/HTTP3: fix `--with-ssl` ngtcp2 configure flag
|
||
- docs: added multi-event.c example
|
||
- docs: disambiguate CURLUPART_HOST is for host name (ie no port)
|
||
- docs: note on failed handles not being counted by curl_multi_perform
|
||
- doh: allow only http and https in debug mode
|
||
- doh: avoid truncating DNS QTYPE to lower octet
|
||
- doh: clean up dangling DOH memory on easy close
|
||
- doh: fix (harmless) buffer overrun
|
||
- doh: fix undefined behaviour and open up for gcc and clang optimization
|
||
- doh: return early if there is no time left
|
||
- examples/sslbackend: fix -Wchar-subscripts warning
|
||
- gnutls: make gnutls_bye() not wait for response on shutdown
|
||
- http2: expire a timeout at end of stream
|
||
- http2: prevent dup'ed handles to send dummy PRIORITY frames
|
||
- http2: relax verification of :authority in push promise requests
|
||
- http2_recv: a closed stream trumps pause state
|
||
- http: lowercase headernames for HTTP/2 and HTTP/3
|
||
- ldap: Stop using wide char version of ldapp_err2string
|
||
- ldap: fix OOM error on missing query string
|
||
- mbedtls: add error message for cert validity starting in the future
|
||
- mime: when disabled, avoid C99 macro
|
||
- ngtcp2: adapt to API change
|
||
- ngtcp2: compile with latest ngtcp2 + nghttp3 draft-23
|
||
- ngtcp2: remove fprintf() calls
|
||
- openssl: close_notify on the FTP data connection doesn't mean closure
|
||
- openssl: use strerror on SSL_ERROR_SYSCALL
|
||
- os400: getpeername() and getsockname() return ebcdic AF_UNIX sockaddr
|
||
- parsedate: fix date parsing disabled builds
|
||
- quiche: don't close connection at end of stream
|
||
- quiche: persist connection details (fixes -I with --http3)
|
||
- quiche: set 'drain' when returning without having drained the queues
|
||
- quiche: update HTTP/3 config creation to new API
|
||
- redirect: handle redirects to absolute URLs containing spaces
|
||
- runtests: get textaware info from curl instead of perl
|
||
- schannel: reverse the order of certinfo insertions
|
||
- schannel_verify: Fix concurrent openings of CA file
|
||
- security: silence conversion warning
|
||
- setopt: handle ALTSVC set to NULL
|
||
- setopt: make it easier to add new enum values
|
||
- setopt: store CURLOPT_RTSP_SERVER_CSEQ correctly
|
||
- smb: check for full size message before reading message details
|
||
- smbserver: fix Python 3 compatibility
|
||
- socks: Fix destination host shown on SOCKS5 error
|
||
- test1162: disable MSYS2's POSIX path conversion
|
||
- test1591: fix spelling of http feature
|
||
- tests: add 'connect to non-listen' keywords
|
||
- tests: fix narrowing conversion warnings
|
||
- tests: fix the test 3001 cert failures
|
||
- tests: makes tests succeed when using --disable-proxy
|
||
- tests: use %FILE_PWD for file:// URLs
|
||
- tests: use port 2 instead of 60000 for a safer non-listening port
|
||
- tool_operate: Fix retry sleep time shown to user when Retry-After
|
||
- url: Curl_free_request_state() should also free doh handles
|
||
- url: don't set appconnect time for non-ssl/non-ssh connections
|
||
- url: fix the NULL hostname compiler warning
|
||
- url: normalize CURLINFO_EFFECTIVE_URL
|
||
- url: only reuse TLS connections with matching pinning
|
||
- urlapi: avoid index underflow for short ipv6 hostnames
|
||
- urlapi: fix URL encoding when setting a full URL
|
||
- urlapi: question mark within fragment is still fragment
|
||
- urldata: use 'bool' for the bit type on MSVC compilers
|
||
- vtls: fix narrowing conversion warnings
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Sep 11 08:17:06 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
|
||
|
||
- Update to 7.66.0 [bsc#1149496, CVE-2019-5482][bsc#1149495, CVE-2019-5481]
|
||
* Changes:
|
||
- CURLINFO_RETRY_AFTER: parse the Retry-After header value
|
||
- HTTP3: initial (experimental still not working) support
|
||
- curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the tool
|
||
- curl: support parallel transfers with -Z
|
||
- curl_multi_poll: a sister to curl_multi_wait() that waits more
|
||
- sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID
|
||
* Bugfixes:
|
||
- CVE-2019-5481: FTP-KRB double-free
|
||
- CVE-2019-5482: TFTP small blocksize heap buffer overflow
|
||
- CMake: remove needless newlines at end of gss variables
|
||
- CMake: use platform dependent name for dlopen() library
|
||
- CURLINFO docs: mention that in redirects times are added
|
||
- CURLOPT_ALTSVC.3: use a "" file name to not load from a file
|
||
- CURLOPT_ALTSVC_CTRL.3: remove CURLALTSVC_ALTUSED
|
||
- CURLOPT_HEADERFUNCTION.3: clarify
|
||
- CURLOPT_HTTP_VERSION: seting this to 3 forces HTTP/3 use directly
|
||
- CURLOPT_READFUNCTION.3: provide inline example
|
||
- CURLOPT_SSL_VERIFYHOST: treat the value 1 as 2
|
||
- Curl_addr2string: take an addrlen argument too
|
||
- Curl_fillreadbuffer: avoid double-free trailer buf on error
|
||
- HTTP: use chunked Transfer-Encoding for HTTP_POST if size unknown
|
||
- alt-svc: add protocol version selection masking
|
||
- alt-svc: fix removal of expired cache entry
|
||
- alt-svc: make it use h3-22 with ngtcp2 as well
|
||
- alt-svc: more liberal ALPN name parsing
|
||
- alt-svc: send Alt-Used: in redirected requests
|
||
- alt-svc: with quiche, use the quiche h3 alpn string
|
||
- asyn-thread: create a socketpair to wait on
|
||
- cleanup: move functions out of url.c and make them static
|
||
- cleanup: remove the 'numsocks' argument used in many places
|
||
- configure: avoid undefined check_for_ca_bundle
|
||
- curl.h: add CURL_HTTP_VERSION_3 to the version enum
|
||
- curl: cap the maximum allowed values for retry time arguments
|
||
- curl: handle a libcurl build without netrc support
|
||
- curl: make use of CURLINFO_RETRY_AFTER when retrying
|
||
- curl: use CURLINFO_PROTOCOL to check for HTTP(s)
|
||
- curl_global_init_mem.3: mention it was added in 7.12.0
|
||
- curl_version: bump string buffer size to 250
|
||
- curl_version_info.3: mentioned ALTSVC and HTTP3
|
||
- curl_version_info: offer quic (and h3) library info
|
||
- curl_version_info: provide nghttp2 details
|
||
- defines: avoid underscore-prefixed defines
|
||
- docs/ALTSVC: remove what works and the experimental explanation
|
||
- docs/EXPERIMENTAL: explain what it means and what's experimental now
|
||
- docs/MANUAL.md: converted to markdown from plain text
|
||
- docs/examples/curlx: fix errors
|
||
- docs: s/curl_debug/curl_dbg_debug in comments and docs
|
||
- easy: resize receive buffer on easy handle reset
|
||
- examples: Avoid reserved names in hiperfifo examples
|
||
- examples: add http3.c, altsvc.c and http3-present.c
|
||
- http09: disable HTTP/0.9 by default in both tool and library
|
||
- http2: when marked for closure and wanted to close == OK
|
||
- http2_recv: trigger another read when the last data is returned
|
||
- http: fix use of credentials from URL when using HTTP proxy
|
||
- http_negotiate: improve handling of gss_init_sec_context() failures
|
||
- md4: Use our own MD4 when no crypto libraries are available
|
||
- multi: call detach_connection before Curl_disconnect
|
||
- nss: use TLSv1.3 as default if supported
|
||
- openssl: build warning free with boringssl
|
||
- openssl: use SSL_CTX_set__proto_version() when available
|
||
- plan9: add support for running on Plan 9
|
||
- progress: reset download/uploaded counter between transfers
|
||
- readwrite_data: repair setting the TIMER_STARTTRANSFER stamp
|
||
- scp: fix directory name length used in memcpy
|
||
- smb: init *msg to NULL in smb_send_and_recv()
|
||
- smtp: check for and bail out on too short EHLO response
|
||
- source: remove names from source comments
|
||
- spnego_sspi: add typecast to fix build warning
|
||
- src/makefile: fix uncompressed hugehelp.c generation
|
||
- ssh-libssh: do not specify O_APPEND when not in append mode
|
||
- ssh: move code into vssh for SSH backends
|
||
- sspi: fix memory leaks
|
||
- tests: Replace outdated test case numbering documentation
|
||
- tftp: return error when packet is too small for options
|
||
- timediff: make it 64 bit (if possible) even with 32 bit time_t
|
||
- travis: reduce number of torture tests in 'coverage'
|
||
- url: make use of new HTTP version if alt-svc has one
|
||
- urlapi: verify the IPv6 numerical address
|
||
- urldata: avoid 'generic', use dedicated pointers
|
||
- vauth: Use CURLE_AUTH_ERROR for auth function errors
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jul 19 13:51:15 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
|
||
|
||
- Update to 7.65.3
|
||
* progress: make the progress meter appear again
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jul 17 09:07:25 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
|
||
|
||
- Update to 7.65.2
|
||
* Bugfixes:
|
||
- CIPHERS.md: Explain Schannel error SEC_E_ALGORITHM_MISMATCH
|
||
- CMake: Fix finding Brotli on case-sensitive file systems
|
||
- CURLOPT_RANGE.3: Caution against using it for HTTP PUT
|
||
- CURLOPT_SEEKDATA.3: fix variable name
|
||
- bindlocal: detect and avoid IP version mismatches in bind()
|
||
- build: fix Codacy warnings
|
||
- c-ares: honor port numbers in CURLOPT_DNS_SERVERS
|
||
- config-os400: add getpeername and getsockname defines
|
||
- configure: --disable-progress-meter
|
||
- configure: fix --disable-code-coverage
|
||
- configure: more --disable switches to toggle off individual features
|
||
- configure: remove CURL_DISABLE_TLS_SRP
|
||
- conn_maxage: move the check to prune_dead_connections()
|
||
- curl: skip CURLOPT_PROXY_CAPATH for disabled-proxy builds
|
||
- docs: Explain behavior change in --tlsv1. options since 7.54
|
||
- docs: Fix links to OpenSSL docs
|
||
- docs: fix string suggesting HTTP/2 is not the default
|
||
- headers: Remove no longer exported functions
|
||
- http2: call done_sending on end of upload
|
||
- http2: don't call stream-close on already closed streams
|
||
- http2: remove CURL_DISABLE_TYPECHECK define
|
||
- http: allow overriding timecond with custom header
|
||
- http: clarify header buffer size calculation
|
||
- krb5: fix compiler warning
|
||
- lib: Use UTF-8 encoding in comments
|
||
- libcurl: Restrict redirect schemes to HTTP, HTTPS, FTP and FTPS
|
||
- multi: enable multiplexing by default (again)
|
||
- multi: fix the transfer hashes in the socket hash entries
|
||
- multi: make sure 'data' can present in several sockhash entries
|
||
- netrc: Return the correct error code when out of memory
|
||
- nss: don't set unused parameter
|
||
- nss: inspect returnvalue of token check
|
||
- nss: only cache valid CRL entries
|
||
- openssl: define HAVE_SSL_GET_SHUTDOWN based on version number
|
||
- openssl: disable engine if OPENSSL_NO_UI_CONSOLE is defined
|
||
- openssl: fix pubkey/signature algorithm detection in certinfo
|
||
- os400: make vsetopt() non-static as Curl_vsetopt() for os400 support
|
||
- quote.d: asterisk prefix works for SFTP as well
|
||
- runtests: keep logfiles around by default
|
||
- runtests: report single test time + total duration
|
||
- test1165: verify that CURL_DISABLE_ symbols are in sync
|
||
- test1521: adapt to SLISTPOINT
|
||
- test1523: test CURLOPT_LOW_SPEED_LIMIT
|
||
- test153: fix content-length to avoid occasional hang
|
||
- test188/189: fix Content-Length
|
||
- tests: have runtests figure out disabled features
|
||
- tests: support non-localhost HOSTIP for dict/smb servers
|
||
- tests: update fixed IP for hostip/clientip split
|
||
- tool_cb_prg: Fix integer overflow in progress bar
|
||
- typecheck: CURLOPT_CONNECT_TO takes an slist too
|
||
- typecheck: add 3 missing strings and a callback data pointer
|
||
- unit1654: cleanup on memory failure
|
||
- unpause: trigger a timeout for event-based transfers
|
||
- url: Fix CURLOPT_MAXAGE_CONN time comparison
|
||
- Rebased patch curl-use_OPENSSL_config.patch
|
||
- Disable new added failing test1165
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jun 5 15:34:01 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
|
||
|
||
- Update to 7.65.1
|
||
* Bugfixes:
|
||
- CURLOPT_LOW_SPEED_* repaired
|
||
- NTLM: reset proxy "multipass" state when CONNECT request is done
|
||
- PolarSSL: deprecate support step 1. Removed from configure
|
||
- cmake: check for if_nametoindex()
|
||
- cmake: support CMAKE_OSX_ARCHITECTURES when detecting SIZEOF variables
|
||
- conncache: Remove the DEBUGASSERT on length check
|
||
- conncache: make "bundles" per host name when doing proxy tunnels
|
||
- curl_share_setopt.3: improve wording
|
||
- dump-header.d: spell out that no headers == empty file
|
||
- example/http2-download: fix format specifier
|
||
- examples: cleanups and compiler warning fixes
|
||
- http2: Stop drain from being permanently set
|
||
- http: don't parse body-related headers in bodyless responses
|
||
- md4: build correctly with openssl without MD4
|
||
- md4: include the mbedtls config.h to get the MD4 info
|
||
- multi: track users of a socket better
|
||
- nss: allow to specify TLS 1.3 ciphers if supported by NSS
|
||
- parse_proxy: make sure portptr is initialized
|
||
- parse_proxy: use the IPv6 zone id if given
|
||
- sectransp: handle errSSLPeerAuthCompleted from SSLRead()
|
||
- singlesocket: use separate variable for inner loop
|
||
- ssl: Update outdated "openssl-only" comments for supported backends
|
||
- tests: add HAProxy keywords
|
||
- tests: make test 1420 and 1406 work with rtsp-disabled libcurl
|
||
- tls13-docs: mention it is only for OpenSSL >= 1.1.1
|
||
- tool_setopt: for builds with disabled-proxy, skip all proxy setopts()
|
||
- url: fix bad feature-disable #ifdef
|
||
- url: use correct port in ConnectionExists()
|
||
|
||
-------------------------------------------------------------------
|
||
Wed May 22 11:41:49 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
|
||
|
||
- Update to 7.65.0 [bsc#1135176, CVE-2019-5435][bsc#1135170, CVE-2019-5436]
|
||
* Changes:
|
||
- CURLOPT_DNS_USE_GLOBAL_CACHE: removed
|
||
- CURLOPT_MAXAGE_CONN: set the maximum allowed age for conn reuse
|
||
- pipelining: removed
|
||
* Bugfixes:
|
||
- CVE-2019-5435: Integer overflows in curl_url_set
|
||
- CVE-2019-5436: tftp: use the current blksize for recvfrom()
|
||
- --config: clarify that initial : and = might need quoting
|
||
- CURLMOPT_TIMERFUNCTION.3: warn about the recursive risk
|
||
- CURLOPT_ADDRESS_SCOPE: fix range check and more
|
||
- CURLOPT_CHUNK_BGN_FUNCTION.3: document the struct and time value
|
||
- CURLOPT_READFUNCTION.3: see also CURLOPT_UPLOAD_BUFFERSIZE
|
||
- CURL_MAX_INPUT_LENGTH: largest acceptable string input size
|
||
- Curl_disconnect: treat all CONNECT_ONLY connections as "dead"
|
||
- OS400/ccsidcurl: replace use of Curl_vsetopt
|
||
- OpenSSL: Report -fips in version if OpenSSL is built with FIPS
|
||
- WRITEFUNCTION: add missing set_in_callback around callback
|
||
- altsvc: Fix building with cookies disabled
|
||
- auth: Rename the various authentication clean up functions
|
||
- base64: build conditionally if there are users
|
||
- cmake: avoid linking executable for some tests with cmake 3.6+
|
||
- cmake: clear CMAKE_REQUIRED_LIBRARIES after each use
|
||
- cmake: set SSL_BACKENDS
|
||
- configure: avoid unportable '==' test(1) operator
|
||
- configure: error out if OpenSSL wasn't detected when asked for
|
||
- configure: fix default location for fish completions
|
||
- cookie: Guard against possible NULL ptr deref
|
||
- curl: make code work with protocol-disabled libcurl
|
||
- curl: report error for "--no-" on non-boolean options
|
||
- curlver.h: use parenthesis in CURL_VERSION_BITS macro
|
||
- docs/INSTALL: fix broken link
|
||
- doh: acknowledge CURL_DISABLE_DOH
|
||
- doh: disable DOH for the cases it doesn't work
|
||
- examples: remove unused variables
|
||
- ftplistparser: fix LGTM alert "Empty block without comment"
|
||
- hostip: acknowledge CURL_DISABLE_SHUFFLE_DNS
|
||
- http: Ignore HTTP/2 prior knowledge setting for HTTP proxies
|
||
- http: acknowledge CURL_DISABLE_HTTP_AUTH
|
||
- http: mark bundle as not for multiuse on < HTTP/2 response
|
||
- http_digest: Don't expose functions when HTTP and Crypto Auth are disabled
|
||
- http_negotiate: do not treat failure of gss_init_sec_context() as fatal
|
||
- http_ntlm: Corrected the name of the include guard
|
||
- http_ntlm_wb: Handle auth for only a single request
|
||
- http_ntlm_wb: Return the correct error on receiving an empty auth message
|
||
- lib509: add missing include for strdup
|
||
- lib557: initialize variables
|
||
- mbedtls: enable use of EC keys
|
||
- mime: acknowledge CURL_DISABLE_MIME
|
||
- multi: improved HTTP_1_1_REQUIRED handling
|
||
- netrc: acknowledge CURL_DISABLE_NETRC
|
||
- nss: allow fifos and character devices for certificates
|
||
- nss: provide more specific error messages on failed init
|
||
- ntlm: Fix misaligned function comments for Curl_auth_ntlm_cleanup
|
||
- ntlm: Support the NT response in the type-3 when OpenSSL doesn't include MD4
|
||
- openssl: mark connection for close on TLS close_notify
|
||
- openvms: Remove pre-processor for SecureTransport
|
||
- parse_proxy: use the URL parser API
|
||
- parsedate: disabled on CURL_DISABLE_PARSEDATE
|
||
- pingpong: disable more when no pingpong protocols are enabled
|
||
- polarssl_threadlock: remove conditionally unused code
|
||
- progress: acknowledge CURL_DISABLE_PROGRESS_METER
|
||
- proxy: acknowledge DISABLE_PROXY more
|
||
- resolve: apply Happy Eyeballs philosophy to parallel c-ares queries
|
||
- revert "multi: support verbose conncache closure handle"
|
||
- sasl: Don't send authcid as authzid for the PLAIN mechanism as per RFC 4616
|
||
- sasl: only enable if there's a protocol enabled using it
|
||
- singleipconnect: show port in the verbose "Trying ..." message
|
||
- socks5: user name and passwords must be shorter than 256
|
||
- socks: fix error message
|
||
- socksd: new SOCKS 4+5 server for tests
|
||
- spnego_gssapi: fix return code on gss_init_sec_context() failure
|
||
- ssh-libssh: remove unused variable
|
||
- ssh: define USE_SSH if SSH is enabled (any backend)
|
||
- ssh: move variable declaration to where it's used
|
||
- test1002: correct the name
|
||
- test2100: Fix typos in test description
|
||
- tests: Run global cleanup at end of tests
|
||
- tests: make Impacket (SMB server) Python 3 compatible
|
||
- tool_cb_wrt: fix bad-function-cast warning
|
||
- tool_formparse: remove redundant assignment
|
||
- tool_help: Warn if curl and libcurl versions do not match
|
||
- tool_help: include for strcasecmp
|
||
- url: always clone the CUROPT_CURLU handle
|
||
- url: convert the zone id from a IPv6 URL to correct scope id
|
||
- urlapi: add CURLUPART_ZONEID to set and get
|
||
- urlapi: increase supported scheme length to 40 bytes
|
||
- urlapi: require a non-zero host name length when parsing URL
|
||
- urlapi: stricter CURLUPART_PORT parsing
|
||
- urlapi: strip off zone id from numerical IPv6 addresses
|
||
- urlapi: urlencode characters above 0x7f correctly
|
||
- vauth/cleartext: update the PLAIN login to match RFC 4616
|
||
- vauth/oauth2: Fix OAUTHBEARER token generation
|
||
- vauth: Fix incorrect function description for Curl_auth_user_contains_domain
|
||
- vtls: fix potential ssl_buffer stack overflow
|
||
- wildcard: disable from build when FTP isn't present
|
||
- xattr: skip unittest on unsupported platforms
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Apr 9 12:11:46 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
|
||
|
||
- Install curl.fish completions file from curl rather than from the fish package
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Apr 9 11:41:07 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
|
||
|
||
- update to version 7.64.1
|
||
* Changes:
|
||
- alt-svc: experiemental support added
|
||
- configure: add --with-amissl
|
||
* Bugfixes:
|
||
- AppVeyor: switch VS 2015 builds to VS 2017 image
|
||
- CURLU: fix NULL dereference when used over proxy
|
||
- Curl_easy: remove req.maxfd - never used!
|
||
- Curl_resolv: fix a gcc -Werror=maybe-uninitialized warning
|
||
- DoH: inherit some SSL options from user's easy handle
|
||
- Secure Transport: no more "darwinssl"
|
||
- Secure Transport: tvOS 11 is required for ALPN support
|
||
- cirrus: Added FreeBSD builds using Cirrus CI
|
||
- cleanup: make local functions static
|
||
- cli tool: do not use mime.h private structures
|
||
- cmdline-opts/proxytunnel.d: the option tunnnels all protocols
|
||
- configure: add additional libraries to check for LDAP support
|
||
- configure: remove the unused fdopen macro
|
||
- configure: show features as well in the final summary
|
||
- conncache: use conn->data to know if a transfer owns it
|
||
- connection: never reuse CONNECT_ONLY connections
|
||
- connection_check: restore original conn->data after the check
|
||
- connection_check: set ->data to the transfer doing the check
|
||
- cookie: Add support for cookie prefixes
|
||
- cookies: dotless names can set cookies again
|
||
- cookies: fix NULL dereference if flushing cookies with no CookieInfo set
|
||
- curl.1: --user and --proxy-user are hidden from ps output
|
||
- curl.1: mark the argument to --cookie as
|
||
- curl.h: use __has_declspec_attribute for shared builds
|
||
- curl: display --version features sorted alphabetically
|
||
- curl: fix FreeBSD compiler warning in the --xattr code
|
||
- curl: remove MANUAL from -M output
|
||
- curl_easy_duphandle.3: clarify that a duped handle has no shares
|
||
- curl_multi_remove_handle.3: use at any time, just not from within callbacks
|
||
- curl_url.3: this API is not experimental anymore
|
||
- dns: release sharelock as soon as possible
|
||
- docs: update max-redirs.d phrasing
|
||
- examples/10-at-a-time.c: improve readability and simplify
|
||
- examples/cacertinmem.c: use multiple certificates for loading CA-chain
|
||
- examples/crawler: Fix the Accept-Encoding setting
|
||
- examples/ephiperfifo.c: various fixes
|
||
- examples/externalsocket: add missing close socket calls
|
||
- examples/http2-download: cleaned up
|
||
- examples/http2-serverpush: add some sensible error checks
|
||
- examples/http2-upload: cleaned up
|
||
- examples/httpcustomheader: Value stored to 'res' is never read
|
||
- examples/postinmemory: Potential leak of memory pointed to by 'chunk.memory'
|
||
- examples/sftpuploadresume: Value stored to 'result' is never read
|
||
- examples: only include
|
||
- examples: remove recursive calls to curl_multi_socket_action
|
||
- examples: remove superfluous null-pointer checks
|
||
- file: fix "Checking if unsigned variable 'readcount' is less than zero."
|
||
- fnmatch: disable if FTP is disabled
|
||
- gnutls: remove call to deprecated gnutls_compression_get_name
|
||
- gopher: remove check for path == NULL
|
||
- gssapi: fix deprecated header warnings
|
||
- hostip: make create_hostcache_id avoid alloc + free
|
||
- http2: multi_connchanged() moved from multi.c, only used for h2
|
||
- http2: verify :athority in push promise requests
|
||
- http: make adding a blank header thread-safe
|
||
- http: send payload when (proxy) authentication is done
|
||
- http: set state.infilesize when sending multipart formposts
|
||
- makefile: make checksrc and hugefile commands "silent"
|
||
- mbedtls: make it build even if MBEDTLS_VERSION_C isn't set
|
||
- mbedtls: release sessionid resources on error
|
||
- memdebug: log pointer before freeing its data
|
||
- memdebug: make debug-specific functions use curl_dbg_ prefix
|
||
- mime: put the boundary buffer into the curl_mime struct
|
||
- multi: call multi_done on connect timeouts, fixes CURLINFO_TOTAL_TIME
|
||
- multi: remove verbose "Expire in" ... messages
|
||
- multi: removed unused code for request retries
|
||
- multi: support verbose conncache closure handle
|
||
- negotiate: fix for HTTP POST with Negotiate
|
||
- openssl: add support for TLS ASYNC state
|
||
- openssl: if cert type is ENG and no key specified, key is ENG too
|
||
- pretransfer: don't strlen() POSTFIELDS set for GET requests
|
||
- rand: Fix a mismatch between comments in source and header
|
||
- runtests: detect "schannel" as an alias for "winssl"
|
||
- schannel: be quiet - remove verbose output
|
||
- schannel: close TLS before removing conn from cache
|
||
- schannel: support CALG_ECDH_EPHEM algorithm
|
||
- scripts/completion.pl: also generate fish completion file
|
||
- singlesocket: fix the 'sincebefore' placement
|
||
- source: fix two 'nread' may be used uninitialized warnings
|
||
- ssh: fix Condition '!status' is always true
|
||
- ssh: loop the state machine if not done and not blocking
|
||
- strerror: make the strerror function use local buffers
|
||
- test578: make it read data from the correct test
|
||
- tests: Fixed XML validation errors in some test files
|
||
- tests: add stderr comparison to the test suite
|
||
- tests: fix multiple may be used uninitialized warnings
|
||
- threaded-resolver: shutdown the resolver thread without error message
|
||
- tool_cb_wrt: fix writing to Windows null device NUL
|
||
- tool_getpass: termios.h is present on AmigaOS 3, but no tcgetattr/tcsetattr
|
||
- tool_operate: build on AmigaOS
|
||
- tool_operate: fix typecheck warning
|
||
- transfer.c: do not compute length of undefined hex buffer
|
||
- travis: add build using gnutls
|
||
- travis: add scan-build
|
||
- travis: bump the used wolfSSL version to 4.0.0
|
||
- travis: enable valgrind for the iconv tests
|
||
- travis: use updated compiler versions: clang 7 and gcc 8
|
||
- unit1307: require FTP support
|
||
- unit1651: survive curl_easy_init() fails
|
||
- url/idnconvert: remove scan for <= 32 ascii values
|
||
- url: change conn shutdown order to ensure SOCKETFUNCTION callbacks
|
||
- urlapi: reduce variable scope, remove unreachable 'break'
|
||
- urldata: convert bools to bitfields and move to end
|
||
- urldata: simplify bytecounters
|
||
- urlglob: Argument with 'nonnull' attribute passed null
|
||
- version.c: silent scan-build even when librtmp is not enabled
|
||
- vtls: rename some of the SSL functions
|
||
- wolfssl: stop custom-adding curves
|
||
- x509asn1: "Dereference of null pointer"
|
||
- x509asn1: cleanup and unify code layout
|
||
- zsh.pl: escape ':' character
|
||
- zsh.pl: update regex to better match curl -h output
|
||
- Dropped patches fixed upstream:
|
||
* 0001-connection_check-set-data-to-the-transfer-doing-the-.patch
|
||
* 0002-connection_check-restore-original-conn-data-after-th.patch
|
||
* curl-singlesocket-sincebefore-placement.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Mar 18 10:34:14 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
|
||
|
||
- Fix variable placement that wasn't properly reset within a loop
|
||
missing to notify sockets. [bsc#1129083, bsc#1129470]
|
||
* Added curl-singlesocket-sincebefore-placement.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Mar 8 16:10:39 UTC 2019 - Fabian Vogt <fvogt@suse.com>
|
||
|
||
- Add patches to fix use-after-free (boo#1127849):
|
||
* 0001-connection_check-set-data-to-the-transfer-doing-the-.patch
|
||
* 0002-connection_check-restore-original-conn-data-after-th.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Feb 27 08:53:31 UTC 2019 - Stephan Kulow <coolo@suse.com>
|
||
|
||
- BuildRequire libcurl4-mini for !bootstrap to avoid build cycles
|
||
due to cmake pulling libcurl4
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Feb 6 09:16:58 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
|
||
|
||
- update to version 7.64.0
|
||
[bcs#1123371, CVE-2018-16890][bcs#1123377, CVE-2019-3822]
|
||
[bcs#1123378, CVE-2019-3823]
|
||
* Changes:
|
||
- cookies: leave secure cookies alone
|
||
- hostip: support wildcard hosts
|
||
- http: Implement trailing headers for chunked transfers
|
||
- http: added options for allowing HTTP/0.9 responses
|
||
- timeval: Use high resolution timestamps on Windows
|
||
* Bugfixes:
|
||
- CVE-2018-16890: NTLM type-2 out-of-bounds buffer read
|
||
- CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow
|
||
- CVE-2019-3823: SMTP end-of-response out-of-bounds read
|
||
- FAQ: remove mention of sourceforge for github
|
||
- OS400: handle memory error in list conversion
|
||
- OS400: upgrade ILE/RPG binding.
|
||
- README: add codacy code quality badge
|
||
- Revert http_negotiate: do not close connection
|
||
- THANKS: added several missing names from year <= 2000
|
||
- build: make 'tidy' target work for metalink builds
|
||
- cmake: added checks for variadic macros
|
||
- cmake: updated check for HAVE_POLL_FINE to match autotools
|
||
- cmake: use lowercase for function name like the rest of the code
|
||
- configure: detect xlclang separately from clang
|
||
- configure: fix recv/send/select detection on Android
|
||
- configure: rewrite --enable-code-coverage
|
||
- conncache_unlock: avoid indirection by changing input argument type
|
||
- cookie: fix comment typo
|
||
- cookies: allow secure override when done over HTTPS
|
||
- cookies: extend domain checks to non psl builds
|
||
- cookies: skip custom cookies when redirecting cross-site
|
||
- curl --xattr: strip credentials from any URL that is stored
|
||
- curl -J: refuse to append to the destination file
|
||
- curl/urlapi.h: include "curl.h" first
|
||
- curl_multi_remove_handle() don't block terminating c-ares requests
|
||
- darwinssl: accept setting max-tls with default min-tls
|
||
- disconnect: separate connections and easy handles better
|
||
- disconnect: set conn->data for protocol disconnect
|
||
- docs/version.d: mention MultiSSL
|
||
- docs: fix the --tls-max description
|
||
- docs: use $(INSTALL_DATA) to install man page
|
||
- docs: use meaningless port number in CURLOPT_LOCALPORT example
|
||
- gopher: always include the entire gopher-path in request
|
||
- http2: clear pause stream id if it gets closed
|
||
- if2ip: remove unused function Curl_if_is_interface_name
|
||
- libssh: do not let libssh create socket
|
||
- libssh: enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION for libssh
|
||
- libssh: free sftp_canonicalize_path() data correctly
|
||
- libtest/stub_gssapi: use "real" snprintf
|
||
- mbedtls: use VERIFYHOST
|
||
- multi: multiplexing improvements
|
||
- multi: set the EXPIRE_*TIMEOUT timers at TIMER_STARTSINGLE time
|
||
- ntlm: fix NTMLv2 compliance
|
||
- ntlm_sspi: add support for channel binding
|
||
- openssl: adapt to 3.0.0, OpenSSL_version_num() is deprecated
|
||
- openssl: fix the SSL_get_tlsext_status_ocsp_resp call
|
||
- openvms: fix OpenSSL discovery on VAX
|
||
- openvms: fix typos in documentation
|
||
- os400: add a missing closing bracket
|
||
- os400: fix extra parameter syntax error
|
||
- pingpong: change default response timeout to 120 seconds
|
||
- pingpong: ignore regular timeout in disconnect phase
|
||
- printf: fix format specifiers
|
||
- runtests.pl: Fix perl call to include srcdir
|
||
- schannel: fix compiler warning
|
||
- schannel: preserve original certificate path parameter
|
||
- schannel: stop calling it "winssl"
|
||
- sigpipe: if mbedTLS is used, ignore SIGPIPE
|
||
- smb: fix incorrect path in request if connection reused
|
||
- ssh: log the libssh2 error message when ssh session startup fails
|
||
- test1558: verify CURLINFO_PROTOCOL on file:// transfer
|
||
- test1561: improve test name
|
||
- test1653: make it survive torture tests
|
||
- tests: allow tests to pass by 2037-02-12
|
||
- tests: move objnames-* from lib into tests
|
||
- timediff: fix math for unsigned time_t
|
||
- timeval: Disable MSVC Analyzer GetTickCount warning
|
||
- tool_cb_prg: avoid integer overflow
|
||
- travis: added cmake build for osx
|
||
- urlapi: Fix port parsing of eol colon
|
||
- urlapi: distinguish possibly empty query
|
||
- urlapi: fix parsing ipv6 with zone index
|
||
- urldata: rename easy_conn to just conn
|
||
- winbuild: conditionally use /DZLIB_WINAPI
|
||
- wolfssl: fix memory-leak in threaded use
|
||
- spnego_sspi: add support for channel binding
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jan 28 18:47:00 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
|
||
|
||
- Fix wrong summary, curl is at version 7, not 4.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jan 18 15:18:57 UTC 2019 - Vítězslav Čížek <vcizek@suse.com>
|
||
|
||
- Provide libcurl4 = %version in the mini library package
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Dec 27 04:44:48 UTC 2018 - sean@suspend.net
|
||
|
||
- Update to version 7.63.0
|
||
Changes:
|
||
* curl: add %{stderr} and %{stdout} for --write-out
|
||
* curl: add undocumented option --dump-module-paths for w32
|
||
* setopt: add CURLOPT_CURLU
|
||
|
||
Bugfixes:
|
||
* (lib)curl.rc: fixup for minor bugs
|
||
* CURLINFO_REDIRECT_URL: extract the Location: header field unvalidated
|
||
* CURLOPT_HEADERFUNCTION.3: match 'nitems' name in synopsis/desc
|
||
* CURLOPT_WRITEFUNCTION.3: spell out that it gets called many times
|
||
* Curl_follow: accept non-supported schemes for "fake" redirects
|
||
* KNOWN_BUGS: add --proxy-any connection issue
|
||
* NTLM: Remove redundant ifdef USE_OPENSSL
|
||
* NTLM: force the connection to HTTP/1.1
|
||
* OS400: add URL API ccsid wrappers and sync ILE/RPG bindings
|
||
* SECURITY-PROCESS: bountygraph shuts down again
|
||
* TODO: Have the URL API offer IDN decoding
|
||
* ares: remove fd from multi fd set when ares is about to close the fd
|
||
* axtls: removed
|
||
* checksrc: add COPYRIGHTYEAR check
|
||
* cmake: fix MIT/Heimdal Kerberos detection
|
||
* configure: include all libraries in ssl-libs fetch
|
||
* configure: show CFLAGS, LDFLAGS etc in summary
|
||
* connect: fix building for recent versions of Minix
|
||
* cookies: create the cookiejar even if no cookies to save
|
||
* cookies: expire "Max-Age=0" immediately
|
||
* curl: --local-port range was not "including"
|
||
* curl: fix --local-port integer overflow
|
||
* curl: fix memory leak reading --writeout from file
|
||
* curl: fixed UTF-8 in current console code page (Win)
|
||
* curl_easy_perform: fix timeout handling
|
||
* curl_global_sslset(): id == -1 is not necessarily an error
|
||
* curl_multibyte: fix a malloc overcalculation
|
||
* curle: move deprecated error code to ifndef block
|
||
* docs: curl_formadd field and file names are now escaped
|
||
* docs: escape "\n" codes
|
||
* doh: fix memory leak in OOM situation
|
||
* doh: make it work for h2-disabled builds too
|
||
* examples/ephiperfifo: report error when epoll_ctl fails
|
||
* ftp: avoid unsigned int overflows in FTP listing parser
|
||
* host names: allow trailing dot in name resolve, then strip it
|
||
* http2: Upon HTTP_1_1_REQUIRED, retry the request with HTTP/1.1
|
||
* http: don't set CURLINFO_CONDIITON_UNMET for http status code 204
|
||
* http: fix HTTP DIgest auth to include query in URI
|
||
* http_negotiate: do not close connection until negotiation is completed
|
||
* impacket: add LICENSE
|
||
* infof: clearly indicate truncation
|
||
* ldap: fix LDAP URL parsing regressions
|
||
* libcurl: stop reading from paused transfers
|
||
* mprintf: avoid unsigned integer overflow warning
|
||
* netrc: don't ignore the login name specified with "--user"
|
||
* nss: Fall back to latest supported SSL version
|
||
* nss: Fix compatibility with nss versions 3.14 to 3.15
|
||
* nss: fix fallthrough comment to fix picky compiler warning
|
||
* nss: remove version selecting dead code
|
||
* nss: set default max-tls to 1.3/1.2
|
||
* openssl: Remove SSLEAY leftovers
|
||
* openssl: do not log excess "TLS app data" lines for TLS 1.3
|
||
* openssl: do not use file BIOs if not requested
|
||
* openssl: fix unused variable compiler warning with old openssl
|
||
* openssl: support session resume with TLS 1.3
|
||
* openvms: fix example name
|
||
* os400: Add curl_easy_conn_upkeep() to ILE/RPG binding
|
||
* os400: add CURLOPT_CURLU to ILE/RPG binding
|
||
* os400: fix return type of curl_easy_pause() in ILE/RPG binding
|
||
* packages: remove old leftover files and dirs
|
||
* pop3: only do APOP with a valid timestamp
|
||
* runtests: use the local curl for verifying
|
||
* schannel: be consistent in Schannel capitalization
|
||
* schannel: better CURLOPT_CERTINFO support
|
||
* schannel: use Curl_prefix for global private symbols
|
||
* snprintf: renamed and now we only use msnprintf()
|
||
* ssl: fix compilation with OpenSSL 0.9.7
|
||
* ssl: replace all internal uses of CURLE_SSL_CACERT
|
||
* symbols-in-versions: add missing CURLU_symbols
|
||
* test328: verify Content-Encoding: none
|
||
* tests: disable SO_EXCLUSIVEADDRUSE for stunnel/Win
|
||
* tests: drop http_pipe.py script no longer used
|
||
* tests: drop http_pipe.py script no longer used
|
||
* tool_cb_wrt: Silence function cast compiler warning
|
||
* tool_doswin: Fix uninitialized field warning
|
||
* travis: build with clang sanitizers
|
||
* travis: remove curl before a normal build
|
||
* url: a short host name + port is not a scheme
|
||
* url: fix IPv6 numeral address parser
|
||
* urlapi: only skip encoding the first '=' with APPENDQUERY set
|
||
- refreshed curl-disabled-redirect-protocol-message.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Oct 31 09:23:37 UTC 2018 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
|
||
|
||
- Update to version 7.62.0
|
||
Changes:
|
||
* multiplex: enable by default
|
||
* url: default to CURL_HTTP_VERSION_2TLS if built h2-enabled
|
||
* setopt: add CURLOPT_DOH_URL
|
||
* curl: --doh-url added
|
||
* setopt: add CURLOPT_UPLOAD_BUFFERSIZE: set upload buffer size
|
||
* imap: change from "FETCH" to "UID FETCH"
|
||
* configure: add option to disable automatic OpenSSL config loading
|
||
* upkeep: add a connection upkeep API: curl_easy_upkeep()
|
||
* URL-API: added five new functions
|
||
* vtls: MesaLink is a new TLS backend
|
||
Bugfixes:
|
||
* CVE-2018-16839: SASL password overflow via integer overflow [bsc#1112758]
|
||
* CVE-2018-16840: use-after-free in handle close [bsc#1113029]
|
||
* CVE-2018-16842: warning message out-of-buffer read [bsc#1113660]
|
||
* CURLOPT_DNS_USE_GLOBAL_CACHE: deprecated
|
||
* Curl_dedotdotify(): always nul terminate returned string
|
||
* Curl_follow: Always free the passed new URL
|
||
* Curl_http2_done: fix memleak in error path
|
||
* Curl_retry_request: fix memory leak
|
||
* Curl_saferealloc: Fixed typo in docblock
|
||
* FILE: fix CURLOPT_NOBODY and CURLOPT_HEADER output
|
||
* GnutTLS: TLS 1.3 support
|
||
* SECURITY-PROCESS: mention the bountygraph program
|
||
* VS projects: add USE_IPV6:
|
||
* certs: generate tests certs with sha256 digest algorithm
|
||
* checksrc: enable strict mode and warnings
|
||
* checksrc: handle zero scoped ignore commands
|
||
* cmake: Backport to work with CMake 3.0 again
|
||
* cmake: Improve config installation
|
||
* cmake: add support for transitive ZLIB target
|
||
* cmake: disable -Wpedantic-ms-format
|
||
* cmake: don't require OpenSSL if USE_OPENSSL=OFF
|
||
* cmake: fixed path used in generation of docs/tests
|
||
* cmake: remove unused *SOCKLEN_T variables
|
||
* cmake: suppress MSVC warning C4127 for libtest
|
||
* cmake: test and set missed defines during configuration
|
||
* config: Remove unused SIZEOF_VOIDP
|
||
* configure: force-use -lpthreads on HPUX
|
||
* configure: remove CURL_CONFIGURE_CURL_SOCKLEN_T
|
||
* configure: s/AC_RUN_IFELSE/CURL_RUN_IFELSE
|
||
* cookies: Remove redundant expired check
|
||
* cookies: fix leak when writing cookies to file
|
||
* curl-config.in: remove dependency on bc
|
||
* curl.1: --ipv6 mutexes ipv4 (fixed typo)
|
||
* curl: update the documentation of --tlsv1.0
|
||
* curl_multi_wait: call getsock before figuring out timeout
|
||
* curl_ntlm_wb: check aprintf() return codes
|
||
* data-binary.d: clarify default content-type is x-www-form-urlencoded
|
||
* docs/CIPHERS: Mention the options used to set TLS 1.3 ciphers
|
||
* docs/CIPHERS: fix the TLS 1.3 cipher names
|
||
* docs/CIPHERS: mention the colon separation for OpenSSL
|
||
* docs/examples: URL updates
|
||
* docs: add "see also" links for SSL options
|
||
* example/asiohiper: insert warning comment about its status
|
||
* example/htmltidy: fix include paths of tidy libraries
|
||
* examples/http2-pushinmemory: receive HTTP/2 pushed files in memory
|
||
* examples/parseurl.c: show off the URL API
|
||
* examples: Fix memory leaks from realloc errors
|
||
* examples: do not wait when no transfers are running
|
||
* ftp: include command in Curl_ftpsend sendbuffer
|
||
* gskit: make sure to terminate version string
|
||
* gtls: Values stored to but never read
|
||
* hostip: fix check on Curl_shuffle_addr return value
|
||
* http2: fix memory leaks on error-path
|
||
* http: fix memleak in rewind error path
|
||
* krb5: fix memory leak in krb_auth
|
||
* memory: add missing curl_printf header
|
||
* memory: ensure to check allocation results
|
||
* multi: Fix error handling in the SENDPROTOCONNECT state
|
||
* multi: fix memory leak in content encoding related error path
|
||
* multi: make the closure handle "inherit" CURLOPT_NOSIGNAL
|
||
* netrc: free temporary strings if memory allocation fails
|
||
* nss: try to connect even if libnssckbi.so fails to load
|
||
* ntlm_wb: Fix memory leaks in ntlm_wb_response
|
||
* ntlm_wb: bail out if the response gets overly large
|
||
* openssl: assume engine support in 0.9.8 or later
|
||
* openssl: enable TLS 1.3 post-handshake auth
|
||
* openssl: fix gcc8 warning
|
||
* openssl: load built-in engines too
|
||
* openssl: make 'done' a proper boolean
|
||
* openssl: output the correct cipher list on TLS 1.3 error
|
||
* openssl: return CURLE_PEER_FAILED_VERIFICATION on failure to parse issuer
|
||
* openssl: show "proper" version number for libressl builds
|
||
* pipelining: deprecated
|
||
* rand: add comment to skip a clang-tidy false positive
|
||
* rtmp: fix for compiling with lwIP
|
||
* runtests: ignore disabled even when ranges are given
|
||
* schannel: unified error code handling
|
||
* sendf: Fix whitespace in infof/failf concatenation
|
||
* ssh: free the session on init failures
|
||
* ssl: deprecate CURLE_SSL_CACERT in favour of a unified error code
|
||
* system.h: use proper setting with Sun C++ as well
|
||
* test1299: use single quotes around asterisk
|
||
* test1452: mark as flaky
|
||
* test1651: unit test Curl_extract_certinfo()
|
||
* test320: strip out more HTML when comparing
|
||
* tests/negtelnetserver.py: fix Python2-ism in neg TELNET server
|
||
* tests: add unit tests for url.c
|
||
* tool_cb_hdr: handle failure of rename()
|
||
* travis: add a "make tidy" build that runs clang-tidy
|
||
* travis: add build for "configure --disable-verbose"
|
||
* travis: bump the Secure Transport build to use xcode
|
||
* travis: make distcheck scan for BOM markers
|
||
* unit1300: fix stack-use-after-scope AddressSanitizer warning
|
||
* urldata: Fix "connecting" comment
|
||
* urlglob: improve error message on bad globs
|
||
* vtls: fix ssl version "or later" behavior change for many backends
|
||
* x509asn1: Fix SAN IP address verification
|
||
* x509asn1: always check return code from getASN1Element()
|
||
* x509asn1: return CURLE_PEER_FAILED_VERIFICATION on failure to parse cert
|
||
* x509asn1: suppress left shift on signed value
|
||
- Rebased patches after update:
|
||
* curl-disabled-redirect-protocol-message.patch
|
||
* curl-use_OPENSSL_config.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Sep 5 07:12:59 UTC 2018 - Karol Babioch <kbabioch@suse.com>
|
||
|
||
- Update to version 7.61.1
|
||
Bugfixes:
|
||
* CVE-2018-14618: NTLM password overflow via integer overflow (bsc#1106019)
|
||
* CURLINFO_SIZE_UPLOAD: fix missing counter update
|
||
* CURLOPT_ACCEPT_ENCODING.3: list them comma-separated
|
||
* CURLOPT_SSL_CTX_FUNCTION.3: might cause accidental connection reuse
|
||
* Curl_getoff_all_pipelines: improved for multiplexed
|
||
* DEPRECATE: remove release date from 7.62.0
|
||
* HTTP: Don't attempt to needlessly decompress redirect body
|
||
* INTERNALS: require GnuTLS >= 2.11.3
|
||
* README.md: add LGTM.com code quality grade for C/C++
|
||
* SSLCERTS: improve the openssl command line
|
||
* Silence GCC 8 cast-function-type warnings
|
||
* ares: check for NULL in completed-callback
|
||
* asyn-thread: Remove unused macro
|
||
* auth: only pick CURLAUTH_BEARER if we *have* a Bearer token
|
||
* auth: pick Bearer authentication whenever a token is available
|
||
* cmake: CMake config files are defining CURL_STATICLIB for static builds
|
||
* cmake: Respect BUILD_SHARED_LIBS
|
||
* cmake: Update scripts to use consistent style
|
||
* cmake: bumped minimum version to 3.4
|
||
* cmake: link curl to the OpenSSL targets instead of lib absolute paths
|
||
* configure: conditionally enable pedantic-errors
|
||
* configure: fix for -lpthread detection with OpenSSL and pkg-config
|
||
* conn: remove the boolean 'inuse' field
|
||
* content_encoding: accept up to 4 unknown trailer bytes after raw deflate data
|
||
* cookie tests: treat files as text
|
||
* cookies: support creation-time attribute for cookies
|
||
* curl: Fix segfault when -H @headerfile is empty
|
||
* curl: add http code 408 to transient list for --retry
|
||
* curl: fix time-of-check, time-of-use race in dir creation
|
||
* curl: use Content-Disposition before the "URL end" for -OJ
|
||
* curl: warn the user if a given file name looks like an option
|
||
* curl_threads: silence bad-function-cast warning
|
||
* darwinssl: add support for ALPN negotiation
|
||
* docs/CURLOPT_URL: fix indentation
|
||
* docs/CURLOPT_WRITEFUNCTION: size is always 1
|
||
* docs/SECURITY-PROCESS: mention bounty, drop pre-notify
|
||
* docs/examples: add hiperfifo example using linux epoll/timerfd
|
||
* docs: add disallow-username-in-url.d and haproxy-protocol.d to dist
|
||
* docs: clarify NO_PROXY env variable functionality
|
||
* docs: improved the manual pages of some callbacks
|
||
* docs: mention NULL is fine input to several functions
|
||
* formdata: Remove unused macro HTTPPOST_CONTENTTYPE_DEFAULT
|
||
* gopher: Do not translate `?' to `%09'
|
||
* header output: switch off all styles, not just unbold
|
||
* hostip: fix unused variable warning
|
||
* http2: Use correct format identifier for stream_id
|
||
* http2: abort the send_callback if not setup yet
|
||
* http2: avoid set_stream_user_data() before stream is assigned
|
||
* http2: check nghttp2_session_set_stream_user_data return code
|
||
* http2: clear the drain counter in Curl_http2_done
|
||
* http2: make sure to send after RST_STREAM
|
||
* http2: separate easy handle from connections better
|
||
* http: fix for tiny "HTTP/0.9" response
|
||
* http_proxy: Remove unused macro SELECT_TIMEOUT
|
||
* lib/Makefile: only do symbol hiding if told to
|
||
* lib1502: fix memory leak in torture test
|
||
* lib1522: fix curl_easy_setopt argument type
|
||
* libcurl-thread.3: expand somewhat on the NO_SIGNAL motivation
|
||
* mime: check Curl_rand_hex's return code
|
||
* multi: always do the COMPLETED procedure/state
|
||
* openssl: assume engine support in 1.0.0 or later
|
||
* openssl: fix debug messages
|
||
* projects: Improve Windows perl detection in batch scripts
|
||
* retry: return error if rewind was necessary but didn't happen
|
||
* reuse_conn(): memory leak - free old_conn->options
|
||
* schannel: client certificate store opening fix
|
||
* schannel: enable CALG_TLS1PRF for w32api >= 5.1
|
||
* schannel: fix MinGW compile break
|
||
* sftp: don't send post-qoute sequence when retrying a connection
|
||
* smb: fix memory leak on early failure
|
||
* smb: fix memory-leak in URL parse error path
|
||
* smb_getsock: always wait for write socket too
|
||
* ssh-libssh: fix infinite connect loop on invalid private key
|
||
* ssh-libssh: reduce excessive verbose output about pubkey auth
|
||
* ssh-libssh: use FALLTHROUGH to silence gcc8
|
||
* ssl: set engine implicitly when a PKCS#11 URI is provided
|
||
* sws: handle EINTR when calling select()
|
||
* system_win32: fix version checking
|
||
* telnet: Remove unused macros TELOPTS and TELCMDS
|
||
* test1143: disable MSYS2's POSIX path conversion
|
||
* test1148: disable if decimal separator is not point
|
||
* test1307: (fnmatch testing) disabled
|
||
* test1422: add required file feature
|
||
* test1531: Add timeout
|
||
* test1540: Remove unused macro TEST_HANG_TIMEOUT
|
||
* test214: disable MSYS2's POSIX path conversion for URL
|
||
* test320: treat curl320.out file as binary
|
||
* tests/http_pipe.py: Use /usr/bin/env to find python
|
||
* tests: Don't use Windows path %PWD for SSH tests
|
||
* tests: fixes for Windows line endlings
|
||
* tool_operate: Fix setting proxy TLS 1.3 ciphers
|
||
* travis: build darwinssl on macos 10.12 to fix linker errors
|
||
* travis: execute "set -eo pipefail" for coverage build
|
||
* travis: run a 'make checksrc' too
|
||
* travis: update to GCC-8
|
||
* travis: verify that man pages can be regenerated
|
||
* upload: allocate upload buffer on-demand
|
||
* upload: change default UPLOAD_BUFSIZE to 64KB
|
||
* urldata: remove unused pipe_broke struct field
|
||
* vtls: reinstantiate engine on duplicated handles
|
||
* windows: implement send buffer tuning
|
||
* wolfSSL/CyaSSL: Fix memory leak in Curl_cyassl_random
|
||
- Remove patch included upstream:
|
||
* curl-switch-off-all-styles.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Aug 22 12:32:50 UTC 2018 - kbabioch@suse.com
|
||
|
||
- Added curl-switch-off-all-styles.patch: Fix output of wrong escape sequences,
|
||
which might mess up the terminal (bsc#1105624)
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jul 17 13:56:05 UTC 2018 - pgajdos@suse.com
|
||
|
||
- Update to version 7.61.0
|
||
[bsc#1099793, CVE-2018-0500]
|
||
Changes:
|
||
* getinfo: add microsecond precise timers for seven intervals
|
||
* curl: show headers in bold, switch off with --no-styled-output
|
||
* httpauth: add support for Bearer tokens
|
||
* Add CURLOPT_TLS13_CIPHERS and CURLOPT_PROXY_TLS13_CIPHERS
|
||
* curl: --tls13-ciphers and --proxy-tls13-ciphers
|
||
* Add CURLOPT_DISALLOW_USERNAME_IN_URL
|
||
* curl: --disallow-username-in-url
|
||
Bugfixes:
|
||
* CVE-2018-0500: smtp: fix SMTP send buffer overflow
|
||
* schannel: disable client cert option if APIs not available
|
||
* schannel: disable manual verify if APIs not available
|
||
* tests/libtest/Makefile: Do not unconditionally add gcc-specific flags
|
||
* openssl: acknowledge --tls-max for default version too
|
||
* stub_gssapi: fix 'unused parameter' warnings
|
||
* examples/progressfunc: make it build on both new and old libcurls
|
||
* docs: mention it is HA Proxy protocol "version 1"
|
||
* curl_fnmatch: only allow two asterisks for matching
|
||
* docs: clarify CURLOPT_HTTPGET
|
||
* configure: replace a AC_TRY_RUN with CURL_RUN_IFELSE
|
||
* configure: do compile-time SIZEOF checks instead of run-time
|
||
* checksrc: make sure sizeof() is used *with* parentheses
|
||
* CURLOPT_ACCEPT_ENCODING.3: add brotli and clarify a bit
|
||
* schannel: make CAinfo parsing resilient to CR/LF
|
||
* tftp: make sure error is zero terminated before printfing it
|
||
* http resume: skip body if http code 416 (range error) is ignored
|
||
* configure: add basic test of --with-ssl prefix
|
||
* cmake: set -d postfix for debug builds
|
||
* multi: provide a socket to wait for in Curl_protocol_getsock
|
||
* content_encoding: handle zlib versions too old for Z_BLOCK
|
||
* winbuild: only delete OUTFILE if it exists
|
||
* winbuild: In MakefileBuild.vc fix typo DISTDIR->DIRDIST
|
||
* schannel: add failf calls for client certificate failures
|
||
* cmake: Fix the test for fsetxattr and strerror_r
|
||
* curl.1: Fix cmdline-opts reference errors
|
||
* cmdline-opts/gen.pl: warn if mutexes: or see-also: list non-existing options
|
||
* cmake: check for getpwuid_r
|
||
* configure: fix ssh2 linking when built with a static mbedtls
|
||
* psl: use latest psl and refresh it periodically
|
||
* fnmatch: insist on escaped bracket to match
|
||
* KNOWN_BUGS: restore text regarding #2101
|
||
* INSTALL: LDFLAGS=-Wl,-R/usr/local/ssl/lib
|
||
* configure: override AR_FLAGS to silence warning
|
||
* os400: implement mime api EBCDIC wrappers
|
||
* curl.rc: embed manifest for correct Windows version detection
|
||
* strictness: correct {infof, failf} format specifiers
|
||
* tests: update .gitignore for libtests
|
||
* configure: check for declaration of getpwuid_r
|
||
* fnmatch: use the system one if available
|
||
* CURLOPT_RESOLVE: always purge old entry first
|
||
* multi: remove a potentially bad DEBUGF()
|
||
* curl_addrinfo: use same #ifdef conditions in source as header
|
||
* build: remove the Borland specific makefiles
|
||
* axTLS: not considered fit for use
|
||
* cmdline-opts/cert-type.d: mention "p12" as a recognized type
|
||
* system.h: add support for IBM xlc C compiler
|
||
* tests/libtest: Add lib1521 to nodist_SOURCES
|
||
* mk-ca-bundle.pl: leave certificate name untouched
|
||
* boringssl + schannel: undef X509_NAME in lib/schannel.h
|
||
* openssl: assume engine support in 1.0.1 or later
|
||
* cppcheck: fix warnings
|
||
* test 46: make test pass after year 2025
|
||
* schannel: support selecting ciphers
|
||
* Curl_debug: remove dead printhost code
|
||
* test 1455: unflakified
|
||
* Curl_init_do: handle NULL connection pointer passed in
|
||
* progress: remove a set of unused defines
|
||
* mk-ca-bundle.pl: make -u delete certdata.txt if found not changed
|
||
* GOVERNANCE.md: explains how this project is run
|
||
* configure: use pkg-config for c-ares detection
|
||
* configure: enhance ability to build with static openssl
|
||
* maketgz: fix sed issues on OSX
|
||
* multi: fix memory leak when stopped during name resolve
|
||
* CURLOPT_INTERFACE.3: interface names not supported on Windows
|
||
* url: fix dangling conn->data pointer
|
||
* cmake: allow multiple SSL backends
|
||
* system.h: fix for gcc on 32 bit OpenServer
|
||
* ConnectionExists: make sure conn->data is set when "taking" a connection
|
||
* multi: fix crash due to dangling entry in connect-pending list
|
||
* CURLOPT_SSL_VERIFYPEER.3: Add performance note
|
||
* netrc: use a larger buffer to support longer passwords
|
||
* url: check Curl_conncache_add_conn return code
|
||
* configure: Add dependent libraries after crypto
|
||
* easy_perform: faster local name resolves by using *multi_timeout()
|
||
* getnameinfo: not used, removed all configure checks
|
||
* travis: add a build using the synchronous name resolver
|
||
* CURLINFO_TLS_SSL_PTR.3: improve the example
|
||
* openssl: allow TLS 1.3 by default
|
||
* openssl: make the requested TLS version the *minimum* wanted
|
||
* openssl: Remove some dead code
|
||
* telnet: fix clang warnings
|
||
* DEPRECATE: new doc describing planned item removals
|
||
* example/crawler.c: simple crawler based on libxml2
|
||
* libssh: goto DISCONNECT state on error, not SESSION_FREE
|
||
* CMake: Remove unused functions
|
||
* darwinssl: allow High Sierra users to build the code using GCC
|
||
* scripts: include _curl as part of CLEANFILES
|
||
* examples: fix -Wformat warnings
|
||
* curl_setup: include <winerror.h> before <windows.h>
|
||
* schannel: make more cipher options conditional
|
||
* CMake: remove redundant and old end-of-block syntax
|
||
* post303.d: clarify that this is an RFC violation
|
||
- refreshed libcurl-ocloexec.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Fri May 18 11:47:00 UTC 2018 - vcizek@suse.com
|
||
|
||
- Use OPENSSL_config instead of CONF_modules_load_file() to avoid
|
||
crashes due to openssl engines conflicts (bsc#1086367)
|
||
* add curl-use_OPENSSL_config.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed May 16 08:41:48 UTC 2018 - pmonrealgonzalez@suse.com
|
||
|
||
- Update to version 7.60.0
|
||
[bsc#1092094, CVE-2018-1000300][bsc#1092098, CVE-2018-1000301]
|
||
Changes:
|
||
* Add CURLOPT_HAPROXYPROTOCOL, support for the HAProxy PROXY protocol
|
||
* Add --haproxy-protocol for the command line tool
|
||
* Add CURLOPT_DNS_SHUFFLE_ADDRESSES, shuffle returned IP addresses
|
||
Bugfixes:
|
||
* FTP: shutdown response buffer overflow CVE-2018-1000300
|
||
* RTSP: bad headers buffer over-read CVE-2018-1000301
|
||
* FTP: fix typo in recursive callback detection for seeking
|
||
* test1208: marked flaky
|
||
* HTTP: make header-less responses still count correct body size
|
||
* user-agent.d:: mention --proxy-header as well
|
||
* http2: fixes typo
|
||
* cleanup: misc typos in strings and comments
|
||
* rate-limit: use three second window to better handle high speeds
|
||
* examples/hiperfifo.c: improved
|
||
* pause: when changing pause state, update socket state
|
||
* multi: improved pending transfers handling => improved performance
|
||
* curl_version_info.3: fix ssl_version description
|
||
* add_handle/easy_perform: clear errorbuffer on start if set
|
||
* cmake: add support for brotli
|
||
* parsedate: support UT timezone
|
||
* vauth/ntlm.h: fix the #ifdef header guard
|
||
* lib/curl_path.h: added #ifdef header guard
|
||
* vauth/cleartext: fix integer overflow check
|
||
* CURLINFO_COOKIELIST.3: made the example not leak memory
|
||
* cookie.d: mention that "-" as filename means stdin
|
||
* CURLINFO_SSL_VERIFYRESULT.3: fixed the example
|
||
* http2: read pending frames (including GOAWAY) in connection-check
|
||
* timeval: remove compilation warning by casting
|
||
* cmake: avoid warn-as-error during config checks
|
||
* travis-ci: enable -Werror for CMake builds
|
||
* openldap: fix for NULL return from ldap_get_attribute_ber()
|
||
* threaded resolver: track resolver time and set suitable timeout values
|
||
* cmake: Add advapi32 as explicit link library for win32
|
||
* docs: fix CURLINFO_*_T examples use of CURL_FORMAT_CURL_OFF_T
|
||
* test1148: set a fixed locale for the test
|
||
* cookies: when reading from a file, only remove_expired once
|
||
* cookie: store cookies per top-level-domain-specific hash table
|
||
* openssl: fix build with LibreSSL 2.7
|
||
* tls: fix mbedTLS 2.7.0 build + handle sha256 failures
|
||
* openssl: RESTORED verify locations when verifypeer==0
|
||
* file: restore old behavior for file:////foo/bar URLs
|
||
* FTP: allow PASV on IPv6 connections when a proxy is being used
|
||
* build-openssl.bat: allow custom paths for VS and perl
|
||
* winbuild: make the clean target work without build-type
|
||
* build-openssl.bat: Refer to VS2017 as VC14.1 instead of VC15
|
||
* curl: retry on FTP 4xx, ignore other protocols
|
||
* configure: detect (and use) sa_family_t
|
||
* examples/sftpuploadresume: Fix Windows large file seek
|
||
* build: cleanup to fix clang warnings/errors
|
||
* winbuild: updated the documentation
|
||
* lib: silence null-dereference warnings
|
||
* travis: bump to clang 6 and gcc 7
|
||
* travis: build libpsl and make builds use it
|
||
* proxy: show getenv proxy use in verbose output
|
||
* duphandle: make sure CURLOPT_RESOLVE is duplicated
|
||
* all: Refactor malloc+memset to use calloc
|
||
* checksrc: Fix typo
|
||
* system.h: Add sparcv8plus to oracle/sunpro 32-bit detection
|
||
* vauth: Fix typo
|
||
* ssh: show libSSH2 error code when closing fails
|
||
* test1148: tolerate progress updates better
|
||
* urldata: make service names unconditional
|
||
* configure: keep LD_LIBRARY_PATH changes local
|
||
* ntlm_sspi: fix authentication using Credential Manager
|
||
* schannel: add client certificate authentication
|
||
* winbuild: Support custom devel paths for each dependency
|
||
* schannel: add support for CURLOPT_CAINFO
|
||
* http2: handle on_begin_headers() called more than once
|
||
* openssl: support OpenSSL 1.1.1 verbose-mode trace messages
|
||
* openssl: fix subjectAltName check on non-ASCII platforms
|
||
* http2: avoid strstr() on data not zero terminated
|
||
* http2: clear the "drain counter" when a stream is closed
|
||
* http2: handle GOAWAY properly
|
||
* tool_help: clarify --max-time unit of time is seconds
|
||
* curl.1: clarify that options and URLs can be mixed
|
||
* http2: convert an assert to run-time check
|
||
* curl_global_sslset: always provide available backends
|
||
* ftplistparser: keep state between invokes
|
||
* Curl_memchr: zero length input can't match
|
||
* examples/sftpuploadresume: typecast fseek argument to long
|
||
* examples/http2-upload: expand buffer to avoid silly warning
|
||
* ctype: restore character classification for non-ASCII platforms
|
||
* mime: avoid NULL pointer dereference risk
|
||
* cookies: ensure that we have cookies before writing jar
|
||
* os400.c: fix checksrc warnings
|
||
* configure: provide --with-wolfssl as an alias for --with-cyassl
|
||
* cyassl: adapt to libraries without TLS 1.0 support built-in
|
||
* http2: get rid of another strstr
|
||
* checksrc: force indentation of lines after an else
|
||
* cookies: remove unused macro
|
||
* CURLINFO_PROTOCOL.3: mention the existing defined names
|
||
* tests: provide 'manual' as a feature to optionally require
|
||
* travis: enable libssh2 on both macos and Linux
|
||
* CURLOPT_URL.3: added ENCODING section
|
||
* wolfssl: Fix non-blocking connect
|
||
* vtls: don't define MD5_DIGEST_LENGTH for wolfssl
|
||
* docs: remove extraneous commas in man pages
|
||
* URL: fix ASCII dependency in strcpy_url and strlen_url
|
||
* ssh-libssh.c: fix left shift compiler warning
|
||
* configure: only check for CA bundle for file-using SSL backends
|
||
* travis: add an mbedtls build
|
||
* http: don't set the "rewind" flag when not uploading anything
|
||
* configure: put CURLDEBUG and DEBUGBUILD in lib/curl_config.h
|
||
* transfer: don't unset writesockfd on setup of multiplexed conns
|
||
* vtls: use unified "supports" bitfield member in backends
|
||
* URLs: fix one more http url
|
||
* travis: add a build using WolfSSL
|
||
* openssl: change FILE ops to BIO ops
|
||
* travis: add build using NSS
|
||
* smb: reject negative file sizes
|
||
* cookies: accept parameter names as cookie name
|
||
* http2: getsock fix for uploads
|
||
* all over: fixed format specifiers
|
||
* http2: use the correct function pointer typedef
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Mar 14 14:23:22 UTC 2018 - pmonrealgonzalez@suse.com
|
||
|
||
- Added message about protocol redirection not supported or
|
||
disabled to the function findprotocol() [bsc#1076446]
|
||
* Added curl-disabled-redirect-protocol-message.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Mar 14 13:08:33 UTC 2018 - pmonrealgonzalez@suse.com
|
||
|
||
- Update to version 7.59.0
|
||
[bsc#1084521, CVE-2018-1000120][bsc#1084524, CVE-2018-1000121]
|
||
[bsc#1084532, CVE-2018-1000122]
|
||
Changes:
|
||
* curl: add --proxy-pinnedpubkey
|
||
* added: CURLOPT_TIMEVALUE_LARGE and CURLINFO_FILETIME_T
|
||
* CURLOPT_RESOLVE: Add support for multiple IP addresses per entry
|
||
* Add option CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS
|
||
* Add new tool option --happy-eyeballs-timeout-ms
|
||
* Add CURLOPT_RESOLVER_START_FUNCTION and CURLOPT_RESOLVER_START_DATA
|
||
Bugfixes:
|
||
* openldap: check ldap_get_attribute_ber() results for NULL before using
|
||
* FTP: reject path components with control codes
|
||
* readwrite: make sure excess reads don't go beyond buffer end
|
||
* lib555: drop text conversion and encode data as ascii codes
|
||
* lib517: make variable static to avoid compiler warning
|
||
* lib544: sync ascii code data with textual data
|
||
* GSKit: restore pinnedpubkey functionality
|
||
* darwinssl: Don't import client certificates into Keychain on macOS
|
||
* parsedate: fix date parsing for systems with 32 bit long
|
||
* openssl: fix pinned public key build error in FIPS mode
|
||
* SChannel/WinSSL: Implement public key pinning
|
||
* cookies: remove verbose "cookie size:" output
|
||
* progress-bar: don't use stderr explicitly, use bar->out
|
||
* build: open VC15 projects with VS 2017
|
||
* curl_ctype: private is*() type macros and functions
|
||
* configure: set PATH_SEPARATOR to colon for PATH w/o separator
|
||
* curl_easy_reset: clear digest auth state
|
||
* curl/curl.h: fix comment typo for CURLOPT_DNS_LOCAL_IP6
|
||
* range: commonize FTP and FILE range handling
|
||
* progress-bar docs: update to match implementation
|
||
* fnmatch: do not match the empty string with a character set
|
||
* fnmatch: accept an alphanum to be followed by a non-alphanum in char set
|
||
* build: fix termios issue on android cross-compile
|
||
* getdate: return -1 for out of range
|
||
* formdata: use the mime-content type function
|
||
* openssl: Don't add verify locations when verifypeer==0
|
||
* fnmatch: optimize processing of consecutive *s and ?s pattern characters
|
||
* schannel: fix compiler warnings
|
||
* content_encoding: Add "none" alias to "identity"
|
||
* get_posix_time: only check for overflows if they can happen
|
||
* http_chunks: don't write chunks twice with CURLOPT_HTTP_TRANSFER_DECODING
|
||
* README: language fix
|
||
* sha256: build with OpenSSL < 0.9.8
|
||
* smtp: fix processing of initial dot in data
|
||
* --tlsauthtype: works only if libcurl is built with TLS-SRP support
|
||
* tests: new tests for http raw mode
|
||
* libcurl-security.3: man page discussion security concerns when using libcurl
|
||
* curl_gssapi: make sure this file too uses our *printf()
|
||
* BINDINGS: fix curb link (and remove ruby-curl-multi)
|
||
* nss: use PK11_CreateManagedGenericObject() if available
|
||
* travis: add build with iconv enabled
|
||
* ssh: add two missing state names
|
||
* CURLOPT_HEADERFUNCTION.3: mention folded headers
|
||
* http: fix the max header length detection logic
|
||
* header callback: don't chop headers into smaller pieces
|
||
* CURLOPT_HEADER.3: clarify problems with different data sizes
|
||
* curl --version: show PSL if the run-time lib has it enabled
|
||
* examples/sftpuploadresume: resume upload via CURLOPT_APPEND
|
||
* Return error if called recursively from within callbacks
|
||
* sasl: prefer PLAIN mechanism over LOGIN
|
||
* winbuild: Use CALL to run batch scripts
|
||
* curl_share_setopt.3: connection cache is shared within multi handles
|
||
* projects/README: remove reference to dead IDN link/package
|
||
* lib655: silence compiler warning
|
||
* configure: Fix version check for OpenSSL 1.1.1
|
||
* docs/MANUAL: formfind.pl is not accessible on the site anymore
|
||
* unit1307: proper cleanup on OOM to fix torture tests
|
||
* curl_ctype: fix macro redefinition warnings
|
||
* build: get CFLAGS (including -werror) used for examples and tests
|
||
* NO_PROXY: fix for IPv6 numericals in the URL
|
||
* krb5: use nondeprecated functions
|
||
* http2: mark the connection for close on GOAWAY
|
||
* limit-rate: kick in even before "limit" data has been received
|
||
* HTTP: allow "header;" to replace an internal header with a blank one
|
||
* http2: verbose output new MAX_CONCURRENT_STREAMS values
|
||
* SECURITY: distros' max embargo time is 14 days
|
||
* curl tool: accept --compressed also if Brotli is enabled and zlib is not
|
||
* WolfSSL: adding TLSv1.3
|
||
* checksrc.pl: add -i and -m options
|
||
* CURLOPT_COOKIEFILE.3: "-" as file name means stdin
|
||
|
||
- Refreshed patch libcurl-ocloexec.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Feb 20 09:48:49 UTC 2018 - tchvatal@suse.com
|
||
|
||
- Sort a bit with spec-cleaner
|
||
- Install license with the library
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jan 25 12:23:48 UTC 2018 - normand@linux.vnet.ibm.com
|
||
|
||
- ignore all test failures for PowerPC as bypass boo#1075219
|
||
(not only the 1501 previously skipped)
|
||
* Added patch ignore_runtests_failure.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jan 24 11:41:36 UTC 2018 - asn@cryptomilk.org
|
||
|
||
- Build curl with libssh.org
|
||
libssh offers a lot more features than libssh2, for example:
|
||
* Key Exchange Methods: curve25519-sha256@libssh.org
|
||
* Hostkey Types: ssh-ed25519
|
||
* Authentication: gssapi-with-mic
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jan 24 10:31:58 UTC 2018 - pmonrealgonzalez@suse.com
|
||
|
||
- Update to version 7.58.0
|
||
[bsc#1076360,CVE-2018-1000005][bsc#1077001,CVE-2018-1000007]
|
||
Changes:
|
||
* new libssh-powered SSH SCP/SFTP back-end
|
||
* curl-config: add --ssl-backends
|
||
Bugfixes:
|
||
* http2: fix incorrect trailer buffer size
|
||
* http: prevent custom Authorization headers in redirects
|
||
* travis: add boringssl build
|
||
* examples/xmlstream.c: don't switch off CURL_GLOBAL_SSL
|
||
* SSL: Avoid magic allocation of SSL backend specific data
|
||
* lib: don't export all symbols, just everything curl_*
|
||
* libssh2: send the correct CURLE error code on scp file not found
|
||
* libssh2: return CURLE_UPLOAD_FAILED on failure to upload
|
||
* openssl: enable pkcs12 in boringssl builds
|
||
* libssh2: remove dead code from SSH_SFTP_QUOTE
|
||
* sasl_getmesssage: make sure we have a long enough string to pass
|
||
* conncache: fix several lock issues
|
||
* threaded-shared-conn.c: new example
|
||
* conncache: only allow multiplexing within same multi handle
|
||
* configure: check for netinet/in6.h
|
||
* URL: tolerate backslash after drive letter for FILE:
|
||
* openldap: add commented out debug possibilities
|
||
* include: get netinet/in.h before linux/tcp.h
|
||
* CONNECT: keep close connection flag in http_connect_state struct
|
||
* BINDINGS: another PostgreSQL client
|
||
* curl: limit -# update frequency for unknown total size
|
||
* configure: add AX_CODE_COVERAGE only if using gcc
|
||
* curl.h: remove incorrect comment about ERRORBUFFER
|
||
* openssl: improve data-pending check for https proxy
|
||
* curl: remove __EMX__ #ifdefs
|
||
* CURLOPT_PRIVATE.3: fix grammar
|
||
* sftp: allow quoted commands to use relative paths
|
||
* CURLOPT_DNS_CACHE_TIMEOUT.3: see also CURLOPT_RESOLVE
|
||
* RESOLVE: output verbose text when trying to set a duplicate name
|
||
* multi_done: prune DNS cache
|
||
* tests: update .gitignore for libtests
|
||
* tests: mark data files as non-executable in git
|
||
* CURLOPT_DNS_LOCAL_IP4.3: fixed the "SEE ALSO" to not self-reference
|
||
* curl.1: documented two missing valid exit codes
|
||
* curl.1: mention http:// and https:// as valid proxy prefixes
|
||
* vtls: replaced getenv() with curl_getenv()
|
||
* setopt: less *or equal* than INT_MAX/1000 should be fine
|
||
* examples/smtp-mail.c: use separate defines for options and mail
|
||
* curl: support >256 bytes warning messsages
|
||
* conncache: fix a return code
|
||
* krb5: fix a potential access of uninitialized memory
|
||
* rand: add a clang-analyzer work-around
|
||
* CURLOPT_READFUNCTION.3: refer to argument with correct name
|
||
* brotli: allow compiling with version 0.6.0
|
||
* content_encoding: rework zlib_inflate
|
||
* curl_easy_reset: release mime-related data
|
||
* examples/rtsp: fix error handling macros
|
||
* curl: Support size modifiers for --max-filesize
|
||
* examples/cacertinmem: ignore cert-already-exists error
|
||
* brotli: data at the end of content can be lost
|
||
* curl_version_info.3: call the argument 'age'
|
||
* openssl: fix memory leak of SSLKEYLOGFILE filename
|
||
* build: remove HAVE_LIMITS_H check
|
||
* --mail-rcpt: fix short-text description
|
||
* scripts: allow all perl scripts to be run directly
|
||
* progress: calculate transfer speed on milliseconds if possible
|
||
* system.h: check __LONG_MAX__ for defining curl_off_t
|
||
* easy: fix connection ownership in curl_easy_pause
|
||
* setopt: reintroduce non-static Curl_vsetopt() for OS400 support
|
||
* setopt: fix SSLVERSION to allow CURL_SSLVERSION_MAX_ values
|
||
* configure.ac: append extra linker flags instead of prepending them
|
||
* HTTP: bail out on negative Content-Length: values
|
||
* docs: comment about CURLE_READ_ERROR returned by curl_mime_filedata
|
||
* mime: clone mime tree upon easy handle duplication
|
||
* openssl: enable SSLKEYLOGFILE support by default
|
||
* smtp/pop3/imap_get_message: decrease the data length too...
|
||
* CURLOPT_TCP_NODELAY.3: fix typo
|
||
* SMB: fix numeric constant suffix and variable types
|
||
* ftp-wildcard: fix matching an empty string with "*[^a]"
|
||
* curl_fnmatch: only allow 5 '*' sections in a single pattern
|
||
* openssl: fix potential memory leak in SSLKEYLOGFILE logic
|
||
* SSH: Fix state machine for ssh-agent authentication
|
||
* examples/url2file.c: add missing curl_global_cleanup() call
|
||
* http2: don't close connection when single transfer is stopped
|
||
* libcurl-env.3: first version
|
||
* curl: progress bar refresh, get width using ioctl()
|
||
* CONNECT_TO: fail attempt to set an IPv6 numerical without IPv6 support
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jan 9 17:55:14 UTC 2018 - normand@linux.vnet.ibm.com
|
||
|
||
- disable 1501 test for PowerPC as byass boo#1075219
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Nov 29 10:43:55 UTC 2017 - pmonrealgonzalez@suse.com
|
||
|
||
- Update to version 7.57.0 [bsc#1069226, CVE-2017-8816]
|
||
[bsc#1069222, CVE-2017-8817] [bsc#1069714, CVE-2017-8818]
|
||
Changes:
|
||
* auth: add support for RFC7616 - HTTP Digest access authentication
|
||
* share: add support for sharing the connection cache
|
||
* HTTP: implement Brotli content encoding
|
||
Bugfixes:
|
||
* CVE-2017-8816: NTLM buffer overflow via integer overflow
|
||
* CVE-2017-8817: FTP wildcard out of bounds read
|
||
* CVE-2017-8818: SSL out of buffer access
|
||
* curl_mime_filedata.3: fix typos
|
||
* libtest: Add required test libraries for lib1552 and lib1553
|
||
* fix time diffs for systems using unsigned time_t
|
||
* ftplistparser: memory leak fix: free temporary memory always
|
||
* multi: allow table handle sizes to be overridden
|
||
* wildcards: don't use with non-supported protocols
|
||
* curl_fnmatch: return error on illegal wildcard pattern
|
||
* transfer: Fix chunked-encoding upload too early exit
|
||
* resolvers: only include anything if needed
|
||
* setopt: fix CURLOPT_SSH_AUTH_TYPES option read
|
||
* Curl_timeleft: change return type to timediff_t
|
||
* cmake: Export libcurl and curl targets to use by other cmake projects
|
||
* curl: in -F option arg, comma is a delimiter for files only
|
||
* curl: improved ";type=" handling in -F option arguments
|
||
* timeval: use mach_absolute_time() on MacOS
|
||
* curlx: the timeval functions are no longer provided as curlx_*
|
||
* mkhelp.pl: do not generate comment with current date
|
||
* memdebug: use send/recv signature for curl_dosend/curl_dorecv
|
||
* cookie: avoid NULL dereference
|
||
* url: fix CURLOPT_POSTFIELDSIZE arg value check to allow -1
|
||
* include: remove conncache.h inclusion from where its not needed
|
||
* CURLOPT_MAXREDIRS: allow -1 as a value
|
||
* tests: Fixed torture tests on tests 556 and 650
|
||
* http2: Fixed OOM handling in upgrade request
|
||
* url: fix CURLOPT_DNS_CACHE_TIMEOUT arg value check to allow -1
|
||
* CURLOPT_INFILESIZE: accept -1
|
||
* curl: pass through [] in URLs instead of calling globbing error
|
||
* curl: speed up handling of many URLs
|
||
* ntlm: avoid malloc(0) for zero length passwords
|
||
* url: remove faulty arg value check from CURLOPT_SSH_AUTH_TYPES
|
||
* HTTP: support multiple Content-Encodings
|
||
* travis: add a job with brotli enabled
|
||
* url: remove unncessary NULL-check
|
||
* fnmatch: remove dead code
|
||
* connect: store IPv6 connection status after valid connection
|
||
* imap: deal with commands case insensitively
|
||
* --interface: add support for Linux VRF
|
||
* content_encoding: fix inflate_stream for no bytes available
|
||
* cmake: Add missing setmode check
|
||
* connect.c: remove executable bit on file
|
||
* SMB: fix uninitialized local variable
|
||
* zlib/brotli: only include header files in modules needing them
|
||
* URL: return error on malformed URLs with junk after IPv6 bracket
|
||
* openssl: fix too broad use of HAVE_OPAQUE_EVP_PKEY
|
||
* macOS: Fix missing connectx function with Xcode version older than 9.0
|
||
* --resolve: allow IP address within [] brackets
|
||
* examples/curlx: Fix code style
|
||
* ntlm: remove unnecessary NULL-check to please scan-build
|
||
* Curl_llist_remove: fix potential NULL pointer deref
|
||
* mime: fix "Value stored to 'sz' is never read" scan-build error
|
||
* openssl: fix "Value stored to 'rc' is never read" scan-build error
|
||
* http2: fix "Value stored to 'hdbuf' is never read" scan-build error
|
||
* http2: fix "Value stored to 'end' is never read" scan-build error
|
||
* Curl_open: fix OOM return error correctly
|
||
* url: reject ASCII control characters and space in host names
|
||
* examples/rtsp: clear RANGE again after use
|
||
* connect: improve the bind error message
|
||
* make: fix "make distclean"
|
||
* connect: add support for new TCP Fast Open API on Linux
|
||
* metalink: fix memory-leak and NULL pointer dereference
|
||
* URL: update "file:" URL handling
|
||
* ssh: remove check for a NULL pointer
|
||
* global_init: ignore CURL_GLOBAL_SSL's absense
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Oct 23 09:12:11 UTC 2017 - pmonrealgonzalez@suse.com
|
||
|
||
- Update to version 7.56.1 [bsc#1063824]
|
||
Bugfixes:
|
||
* imap: if a FETCH response has no size, don't call write
|
||
callback [CVE-2017-1000257]
|
||
* ftp: UBsan fixup 'pointer index expression overflowed
|
||
* failf: skip the sprintf() if there are no consumers
|
||
* fuzzer: move to using external curl-fuzzer
|
||
* lib/Makefile.m32: allow customizing dll suffixes
|
||
* docs: fix typo in curl_mime_data_cb man page
|
||
* darwinssl: add support for TLSv1.3
|
||
* build: fix --disable-crypto-auth
|
||
* openssl: fix build without HAVE_OPAQUE_EVP_PKEY
|
||
* strtoofft: Remove extraneous null check
|
||
* multi_cleanup: call DONE on handles that never got that
|
||
* tests: added flaky keyword to tests 587 and 644
|
||
* pingpong: return error when trying to send without connection
|
||
* remove_handle: call multi_done() first, then clear dns cache pointer
|
||
* mime: be tolerant about setting the same header list twice in a part
|
||
* mime: improve unbinding top multipart from easy handle
|
||
* mime: avoid resetting a part's encoder when part's contents change
|
||
* mime: refuse to add subparts to one of their own descendants
|
||
* RTSP: avoid integer overflow on funny RTSP responses
|
||
* curl: don't pass semicolons when parsing Content-Disposition
|
||
* openssl: enable PKCS12 support for !BoringSSL
|
||
* FAQ: s/CURLOPT_PROGRESSFUNCTION/CURLOPT_XFERINFOFUNCTION
|
||
* CURLOPT_NOPROGRESS.3: also refer to xferinfofunction
|
||
* CURLOPT_XFERINFODATA.3: fix duplicate see also
|
||
* test298: verify --ftp-method nowcwd with URL encoded path
|
||
* FTP: URL decode path for dir listing in nocwd mode
|
||
* smtp_done: fix memory leak on send failure
|
||
* ftpserver: support case insensitive commands
|
||
* test950; verify SMTP with custom request
|
||
* openssl: don't use old BORINGSSL_YYYYMM macros
|
||
* setopt: update current connection SSL verify params
|
||
* curl: reimplement stdin buffering in -F option
|
||
* mime: keep "text/plain" content type if user-specified
|
||
* mime: fix the content reader to handle >16K data properly
|
||
* configure: remove the C++ compiler check
|
||
* memdebug: trace send, recv and socket
|
||
* runtests: use valgrind for torture as well
|
||
* ldap: silence clang warning
|
||
* makefile.m32: allow to override gcc, ar and ranlib
|
||
* setopt: avoid integer overflows when setting millsecond values
|
||
* setopt: range check most long options
|
||
* ftp: reject illegal IP/port in PASV 227 response
|
||
* mime: do not reuse previously computed multipart size
|
||
* vtls: change struct Curl_ssl `close' field name to `close_one'
|
||
* os400: add missing symbols in config file
|
||
* mime: limit bas64-encoded lines length to 76 characters
|
||
* mk-ca-bundle: Remove URL for aurora
|
||
* mk-ca-bundle: Fix URL for NSS
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Oct 5 16:15:04 UTC 2017 - pmonrealgonzalez@suse.com
|
||
|
||
- Update to 7.56.0 [bsc#1061876, CVE-2017-1000254]
|
||
Changes:
|
||
* curl: enable compression for SCP/SFTP with --compressed-ssh
|
||
* libcurl: enable compression for SCP/SFTP with CURLOPT_SSH_COMPRESSION
|
||
* vtls: added dynamic changing SSL backend with curl_global_sslset()
|
||
* new MIME API, curl_mime_init() and friends
|
||
* openssl: initial SSLKEYLOGFILE implementation
|
||
Security fixes:
|
||
* CVE-2017-1000254 FTP PWD response parser out of bounds read
|
||
Bugfixes:
|
||
* FTP: zero terminate the entry path even on bad input
|
||
* examples/ftpuploadresume.c: use portable code
|
||
* runtests: match keywords case insensitively
|
||
* strtoofft: reduce integer overflow risks globally
|
||
* zsh.pl: produce a working completion script again
|
||
* cmake: remove dead code for CURL_DISABLE_RTMP
|
||
* progress: Track total times following redirects
|
||
* configure: fix --disable-threaded-resolver
|
||
* configure: fix clang version detection
|
||
* darwinssi: fix error: variable length array used
|
||
* configure: check for __builtin_available() availability
|
||
* http_proxy: fix build error for CURL_DOES_CONVERSIONS
|
||
* examples/ftpuploadresume: checksrc compliance
|
||
* ftp: fix CWD when doing multicwd then nocwd on same connection
|
||
* system.h: remove all CURL_SIZEOF_* defines
|
||
* http: Don't wait on CONNECT when there is no proxy
|
||
* system.h: check for __ppc__ as well
|
||
* http2_recv: return error better on fatal h2 errors
|
||
* tftp: fix memory leak on too long filename
|
||
* system.h: fix build for hppa
|
||
* cmake: enable picky compiler options with clang and gcc
|
||
* makefile.m32: add support for libidn2
|
||
* curl: shorten and clean up CA cert verification error message
|
||
* imap: support PREAUTH
|
||
* CURLOPT_USERPWD.3: see also CURLOPT_PROXYUSERPWD
|
||
* examples/threaded-ssl: mention that this is for openssl before 1.1
|
||
* tests: Make sure libtests & unittests call curl_global_cleanup()
|
||
* system.h: include sys/poll.h for AIX
|
||
* darwinssl: handle long strings in TLS certs
|
||
* strtooff: fix build for systems with long long but no strtoll
|
||
* asyn-thread: Improved cleanup after OOM situations
|
||
* curl.h: CURLSSLBACKEND_WOLFSSL used wrong value
|
||
* unit1301: fix error message on first test
|
||
* ossfuzz: moving towards the ideal integration
|
||
* http: fix a memory leakage in checkrtspprefix()
|
||
* examples/post-callback: stop returning one byte at a time
|
||
* schannel: return CURLE_SSL_CACERT on failed verification
|
||
* http-proxy: treat all 2xx as CONNECT success
|
||
* openssl: use OpenSSL's default ciphers by default
|
||
* runtests.pl: support attribute "nonewline" in part verify/upload
|
||
* configure: remove --enable-soname-bump and SONAME_BUMP
|
||
* vtls: fix WolfSSL 3.12 build problems
|
||
* http-proxy: when not doing CONNECT, that phase is done immediately
|
||
* configure: fix curl_off_t check's include order
|
||
* configure: use -Wno-varargs on clang 3.9[.X] debug builds
|
||
* rtsp: do not call fwrite() with NULL pointer FILE *
|
||
* mbedtls: enable CA path processing
|
||
* checksrc: verify more code style rules
|
||
* HTTP proxy: on connection re-use, still use the new remote port
|
||
* tests: add initial gssapi test using stub implementation
|
||
* rtsp: Segfault when using WRITEDATA
|
||
* docs: clarify the CURLOPT_INTERLEAVE* options behavior
|
||
* non-ascii: use iconv() with 'char **' argument
|
||
* server/getpart: provide dummy function to build conversion enabled
|
||
* conversions: fix several compiler warnings
|
||
* openssl: add missing includes
|
||
* schannel: Support partial send for when data is too large
|
||
* socks: fix incorrect port number in SOCKS4 error message
|
||
* curl: fix integer overflow in timeout options
|
||
* cookies: reject oversized cookies instead of truncating
|
||
* cookies: use lock when using CURLINFO_COOKIELIST
|
||
* curl: check fseek() return code and bail on error
|
||
* examples/post-callback: use long for CURLOPT_POSTFIELDSIZE
|
||
* openssl: only verify RSA private key if supported
|
||
* tests: make the imap server not verify user+password
|
||
* imap: quote atoms properly when escaping characters
|
||
* tests: fix a compiler warning in test 643
|
||
* file_range: avoid integer overflow when figuring out byte range
|
||
* reuse_conn: don't copy flags that are known to be equal
|
||
* http: fix adding custom empty headers to repeated requests
|
||
* docs: link CURLOPT_CONNECTTIMEOUT and CURLOPT_CONNECTTIMEOUT_MS
|
||
* connect: fix race condition with happy eyeballs timeout
|
||
* cookie: fix memory leak if path was set twice in header
|
||
* vtls: compare and clone ssl configs properly
|
||
* proxy: read the "no_proxy" variable only if necessary
|
||
|
||
- Refreshed patches:
|
||
* libcurl-ocloexec.patch
|
||
|
||
- Removed patches fixed upstream:
|
||
* curl-man3.patch
|
||
* ppc-build.patch
|
||
* curl-http-Don-t-wait-on-CONNECT-when-there-is-no-proxy.patch
|
||
* curl-disable-test1427-i586.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Aug 29 17:33:29 UTC 2017 - zaitor@opensuse.org
|
||
|
||
- Add curl-http-Don-t-wait-on-CONNECT-when-there-is-no-proxy.patch:
|
||
Fix NetworkManagers connectivity test.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Aug 28 16:15:30 UTC 2017 - schwab@suse.de
|
||
|
||
- ppc-build.patch: Fix build for powerpc
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Aug 10 11:08:46 UTC 2017 - pmonrealgonzalez@suse.com
|
||
|
||
- Upstream fix to build libcurl man3 pages
|
||
* Added patch curl-man3.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Aug 10 10:53:23 UTC 2017 - pmonrealgonzalez@suse.com
|
||
|
||
- Disabled test1425 that fails in i586 architecture
|
||
* Added patch curl-disable-test1427-i586.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Aug 9 09:34:25 UTC 2017 - pmonrealgonzalez@suse.com
|
||
|
||
- Update to 7.55.0
|
||
Changes:
|
||
* curl: allow --header and --proxy-header read from file
|
||
* getinfo: provide sizes as curl_off_t
|
||
* curl: prevent binary output spewed to terminal
|
||
* curl: added --request-target
|
||
* curl: added --socks5-{basic,gssapi}: control socks5 auth
|
||
* libcurl: added CURLOPT_REQUEST_TARGET
|
||
* libcurl: added CURLOPT_SOCKS5_AUTH
|
||
Bugfixes:
|
||
* Security Fixes:
|
||
- glob: do not parse after a strtoul() overflow range
|
||
(CVE-2017-1000101, bsc#1051643)
|
||
- tftp: reject file name lengths that don't fit
|
||
(CVE-2017-1000100, bsc#1051644)
|
||
- file: output the correct buffer to the user
|
||
(CVE-2017-1000099, bsc#1051645)
|
||
* includes: remove curl/curlbuild.h and curl/curlrules.h
|
||
* dist: make the hugehelp.c not get regenerated unnecessarily
|
||
* timers: store internal time stamps as time_t instead of doubles
|
||
* progress: let "current speed" be UL + DL speeds combined
|
||
* http-proxy: do the HTTP CONNECT process entirely non-blocking
|
||
* lib/curl_setup.h: remove CURL_WANTS_CA_BUNDLE_ENV
|
||
* fuzz: bring oss-fuzz initial code converted to C89
|
||
* configure: disable nghttp2 too if HTTP has been disabled
|
||
* mk-ca-bundle.pl: Check curl's exit code after certdata download
|
||
* test1148: verify the -# progressbar
|
||
* tests: stabilize test 2032 and 2033
|
||
* HTTPS-Proxy: don't offer h2 for https proxy connections
|
||
* http-proxy: only attempt FTP over HTTP proxy
|
||
* curl-compilers.m4: enable vla warning for clang
|
||
* curl-compilers.m4: enable double-promotion warning
|
||
* curl-compilers.m4: enable missing-variable-declarations clang
|
||
warning
|
||
* curl-compilers.m4: enable comma clang warning
|
||
* CURLOPT_PREQUOTE: not supported for SFTP
|
||
* http2: fix OOM crash
|
||
* PIPELINING_SERVER_BL: cleanup the internal list use
|
||
* mkhelp.pl: fix script name in usage text
|
||
* lib1521: add curl_easy_getinfo calls to the test set
|
||
* travis: do the distcheck test build out-of-tree as well
|
||
* if2ip: fix compiler warning in ISO C90 mode
|
||
* lib: fix the djgpp build
|
||
* typecheck-gcc: add support for CURLINFO_OFF_T
|
||
* travis: enable typecheck-gcc warnings
|
||
* maketgz: switch to xz instead of lzma
|
||
* CURLINFO_REDIRECT_URL.3: mention the CURLOPT_MAXREDIRS case
|
||
* curl/system.h: add check for XTENSA for 32bit gcc
|
||
* test1537: fixed memory leak on OOM
|
||
* test1521: fix compiler warnings
|
||
* curl: fix memory leak on test 1147 OOM
|
||
* libtest/make: generate lib1521.c dynamically at build-time
|
||
* curl_strequal.3: fix typo in SYNOPSIS
|
||
* progress: prevent resetting t_starttransfer
|
||
* openssl: improve fallback seed of PRNG with a time based hash
|
||
* http2: improved PING frame handling
|
||
* test1450: add simple testing for DICT
|
||
* make: build the docs subdir only from within src
|
||
* gtls: fix build when sizeof(long) < sizeof(void *)
|
||
* url: make the original string get used on subsequent transfers
|
||
* timeval.c: Use long long constant type for timeval assignment
|
||
* tool_sleep: typecast to avoid macos compiler warning
|
||
* travis.yml: use --enable-werror on debug builds
|
||
* test1451: add SMB support to the testbed
|
||
* configure: remove checks for 5 functions never used
|
||
* configure: try ldap/lber in reversed order first
|
||
* smb: fix build for djgpp/MSDOS
|
||
* travis: install nghttp2 on linux builds
|
||
* smb: add support for CURLOPT_FILETIME
|
||
* select.h: avoid macro redefinition harder
|
||
* runtests: support "threaded-resolver" as a feature
|
||
* test506: skip if threaded-resolver
|
||
* cmake: remove spurious "-l" from linker flags
|
||
* cmake: add CURL_WERROR for enabling "warning as errors"
|
||
* memdebug: don't setbuf() if the file open failed
|
||
* curl_easy_escape.3: mention the (lack of) encoding
|
||
* test1452: add telnet negotiation
|
||
* CURLOPT_POSTFIELDS.3: explain the 100-continue magic better
|
||
* cmake: offer CMAKE_DEBUG_POSTFIX when building with MSVC
|
||
* tests/valgrind.supp: supress OpenSSL false positive seen on
|
||
travis
|
||
* curl_setup_once: Remove ERRNO/SET_ERRNO macros
|
||
* rtspd: fix MSVC level 4 warning
|
||
* sockfilt: suppress conversion warning with explicit cast
|
||
* libtest: fix MSVC warning C4706
|
||
* tests/server/resolve.c: fix deprecation warning
|
||
* nss: fix a possible use-after-free in SelectClientCert()
|
||
* checksrc: escape open brace in regex
|
||
* multi: mention integer overflow risk if using > 500 million
|
||
sockets
|
||
* timeval: struct curltime is a struct timeval replacement
|
||
* curl_rtmp: fix a compiler warning
|
||
* include.d: clarify that it concerns the response headers
|
||
* cmake: support make uninstall
|
||
* include.d: clarify --include is only for response headers
|
||
* libcurl: Stop using error codes defined under CURL_NO_OLDIES
|
||
* http: fix response code parser to avoid integer overflow
|
||
* configure: fix the check for IdnToUnicode
|
||
* multi: fix request timer management
|
||
* curl_threads: fix MSVC compiler warning
|
||
* cmake: set MSVC warning level to 4
|
||
* netrc: skip lines starting with '#'
|
||
* FTP: skip unnecessary CWD when in nocwd mode
|
||
* gssapi: fix memory leak of output token in multi round context
|
||
* getparameter: avoid returning uninitialized 'usedarg'
|
||
* curl (debug build) easy_events: make event data static
|
||
* curl: detect and bail out early on parameter integer overflows
|
||
|
||
- Removed patch curl-invalid-free.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jun 28 13:50:08 UTC 2017 - dimstar@opensuse.org
|
||
|
||
- Update License to 'curl' as per review on OBS sr#505976.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jun 23 10:49:11 UTC 2017 - dimstar@opensuse.org
|
||
|
||
- Have the -mini packages conflict the real ones.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jun 20 11:30:01 UTC 2017 - idonmez@suse.com
|
||
|
||
- Add curl-invalid-free.patch to fix an invalid free in
|
||
curl_multi_setopt function.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jun 14 11:19:16 UTC 2017 - idonmez@suse.com
|
||
|
||
- Update to 7.54.1
|
||
Changes:
|
||
* curl now shows release date in --version output
|
||
Bugfixes:
|
||
* Fixes CVE-2017-9502: default protocol drive letter
|
||
buffer overflow bsc#1044243
|
||
* openssl: fix memory leak in servercert
|
||
* curl: set a 100K buffer size by default
|
||
* nss: do not leak PKCS #11 slot while loading a key
|
||
* nss: load libnssckbi.so if no other trust is specified
|
||
* curl: use utimes instead of obsolescent utime when available
|
||
* url: fixed a memory leak on OOM while setting CURLOPT_BUFFERSIZE
|
||
* CURLOPT_BUFFERSIZE: 1024 bytes is now the minimum size
|
||
* curl: non-boolean command line args reject --no- prefixes
|
||
* telnet: Write full buffer instead of byte-by-byte
|
||
* curl: remove --environment and tool_writeenv.c
|
||
* curl: generate the --help output
|
||
* curl.1: clarify --config
|
||
* curl.1: mention --oauth2-bearer's argument
|
||
* ssh: fix memory leak in disconnect due to timeout
|
||
* redirect: store the "would redirect to" URL when max redirs is reached
|
||
* file: make speedcheck use current time for checks
|
||
* urlglob: fix division by zero
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jun 13 13:08:21 UTC 2017 - lnussel@suse.de
|
||
|
||
- Create curl-mini for bootstrapping (boo#1042919)
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Apr 19 08:17:17 UTC 2017 - idonmez@suse.com
|
||
|
||
- Update to 7.54.0
|
||
Changes:
|
||
* Add CURL_SSLVERSION_MAX_* constants to CURLOPT_SSLVERSION
|
||
* Add --max-tls
|
||
* Add CURLOPT_SUPPRESS_CONNECT_HEADERS
|
||
* Add --suppress-connect-headers
|
||
Bugfixes:
|
||
* CVE-2017-7468: switch off SSL session id when client cert is used
|
||
* bsc#1033413
|
||
* tests: use consistent environment variables for setting charset
|
||
* proxy: fixed a memory leak on OOM
|
||
* ftp: removed an erroneous free in an OOM path
|
||
* ftp: fixed a NULL pointer dereference on OOM
|
||
* gopher: fixed detection of an error condition from Curl_urldecode
|
||
* url: fix unix-socket support for proxy-disabled builds
|
||
* fix potential use of uninitialized variables
|
||
* ares: return error at once if timed out before name resolve starts
|
||
* URL: return error on malformed URLs with junk after port number
|
||
* http2: Fix assertion error on redirect with CL=0
|
||
* --insecure: clarify that this option is for server connections
|
||
* authneg: clear auth.multi flag at http_done
|
||
* curl_easy_reset: Also reset the authentication state
|
||
* proxy: skip SSL initialization for closed connections
|
||
* http_proxy: ignore TE and CL in CONNECT 2xx responses
|
||
* multi: fix streamclose() crash in debug mode
|
||
* openssl: fall back on SSL_ERROR_* string when no error detail
|
||
* asiohiper: make sure socket is open in event_cb
|
||
* curl: check for end of input in writeout backslash handling
|
||
* openssl: exclude DSA code when OPENSSL_NO_DSA is defined
|
||
* http: Fix proxy connection reuse with basic-auth
|
||
* pause: handle mixed types of data when paused
|
||
* http: do not treat FTPS over CONNECT as HTTPS
|
||
* conncache: make hashkey avoid malloc
|
||
* multi: fix queueing of pending easy handles
|
||
* low_speed_limit: improved function for longer time periods
|
||
* nss: load CA certificates even with --insecure
|
||
* Curl_expire_latest: ignore already expired timers
|
||
* http2: fix handle leak in error path
|
||
* openssl: make SSL_ERROR_to_str more future-proof
|
||
* openssl: fix thread-safety bugs in error-handling
|
||
* openssl: don't try to print nonexistant peer private keys
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Feb 24 11:42:10 UTC 2017 - idonmez@suse.com
|
||
|
||
- Update to 7.53.1
|
||
Bugfixes:
|
||
* url: Improve CURLOPT_PROXY_CAPATH error handling
|
||
* urldata: include curl_sspi.h when Windows SSPI is enabled
|
||
* formdata: check for EOF when reading from stdin
|
||
* tests: Set CHARSET & LANG to UTF-8 in 1035, 2046 and 2047
|
||
* url: Default the proxy CA bundle location to CURL_CA_BUNDLE
|
||
* rand: added missing #ifdef HAVE_FCNTL_H around fcntl.h header
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Feb 22 09:49:12 UTC 2017 - idonmez@suse.com
|
||
|
||
- Update to 7.53.0
|
||
Changes:
|
||
* unix_socket: added --abstract-unix-socket and
|
||
CURLOPT_ABSTRACT_UNIX_SOCKET
|
||
* CURLOPT_BUFFERSIZE: support enlarging receive buffer
|
||
|
||
Bugfixes:
|
||
* CVE-2017-2629: make SSL_VERIFYSTATUS work again
|
||
* gnutls-random: check return code for failed random
|
||
* openssl-random: check return code when asking for random
|
||
* http: remove "Curl_http_done: called premature" message
|
||
* cyassl: use time_t instead of long for timeout
|
||
* build-wolfssl: Sync config with wolfSSL 3.10
|
||
* ftp-gss: check for init before use
|
||
* configure: accept --with-libidn2 instead
|
||
* ftp: failure to resolve proxy should return that error code
|
||
* curl.1: add three more exit codes
|
||
* docs/ciphers: link to our own new page about ciphers
|
||
* vtls: s/SSLEAY/OPENSSL - fixes multi_socket timeouts with openssl
|
||
* darwinssl: fix iOS build
|
||
* darwinssl: fix CFArrayRef leak
|
||
* cmake: use crypt32.lib when building with OpenSSL on windows
|
||
* curl_formadd.3: CURLFORM_CONTENTSLENGTH not needed when chunked
|
||
* digest_sspi: copy terminating NUL as well
|
||
* curl: fix --remote-time incorrect times on Windows
|
||
* curl.1: several updates and corrections
|
||
* content_encoding: change return code on a failure
|
||
* curl.h: CURLE_FUNCTION_NOT_FOUND is no longer in use
|
||
* docs: TCP_KEEPALIVE start and interval default to 60
|
||
* darwinssl: --insecure overrides --cacert if both settings are in use
|
||
* TheArtOfHttpScripting: grammar
|
||
* CIPHERS.md: document GSKit ciphers
|
||
* wolfssl: support setting cipher list
|
||
* wolfssl: display negotiated SSL version and cipher
|
||
* lib506: fix build for Open Watcom
|
||
* asiohiper: improved socket handling
|
||
* examples: make the C++ examples follow our code style too
|
||
* tests/sws: retry send() on EWOULDBLOCK
|
||
* cmake: Fix passing _WINSOCKAPI_ macro to compiler
|
||
* smtp: Fix STARTTLS denied error message
|
||
* imap/pop3: don't print response character in STARTTLS denied messages
|
||
* rand: make it work without TLS backing
|
||
* url: fix parsing for when 'file' is the default protocol
|
||
* url: allow file://X:/path URLs on windows again
|
||
* gnutls: check for alpn and ocsp in configure
|
||
* IDN: Use TR46 'non-transitional' for toASCII translations
|
||
* url: Fix NO_PROXY env var to work properly with --proxy option
|
||
* CURLOPT_PREQUOTE.3: takes a struct curl_slist*, not a char*
|
||
* docs: Add note about libcurl copying strings to CURLOPT_* manpages
|
||
* curl: reset the easy handle at --next
|
||
* --next docs: --trace and --trace-ascii are also global
|
||
* --write-out docs: 'time_total' is not always shown with ms precision
|
||
* http: print correct HTTP string in verbose output when using HTTP/2
|
||
* docs: improved language in README.md HISTORY.md CONTRIBUTE.md
|
||
* http2: disable server push if not requested
|
||
* nss: use the correct lock in nss_find_slot_by_name()
|
||
* usercertinmem.c: improve the short description
|
||
* CURLOPT_CONNECT_TO: Fix compile warnings
|
||
* docs: non-blocking SSL handshake is now supported with NSS
|
||
* *.rc: escape non-ASCII/non-UTF-8 character for clarity
|
||
* mbedTLS: fix multi interface non-blocking handshake
|
||
* PolarSSL: fix multi interface non-blocking handshake
|
||
* VC: remove the makefile.vc6 build infra
|
||
* telnet: fix windows compiler warnings
|
||
* cookies: do not assume a valid domain has a dot
|
||
* polarssl: fix hangs
|
||
* gnutls: disable TLS session tickets
|
||
* mbedtls: disable TLS session tickets
|
||
* mbedtls: implement CTR-DRBG and HAVEGE random generators
|
||
* openssl: Don't use certificate after transferring ownership
|
||
* cmake: Support curl --xattr when built with cmake
|
||
* OS400: Fix symbols
|
||
* docs: Add more HTTPS proxy documentation
|
||
* docs: use more HTTPS links
|
||
* cmdline-opts: Fixed build and test in out of source tree builds
|
||
* CHANGES.0: removed
|
||
* schannel: Remove incorrect SNI disabled message
|
||
* darwinssl: Avoid parsing certificates when not in verbose mode
|
||
* test552: Fix typos
|
||
* telnet: Fix typos
|
||
* transfer: only retry nobody-requests for HTTP
|
||
* http2: reset push header counter fixes crash
|
||
* nss: make FTPS work with --proxytunnel
|
||
* test1139: Added the --manual keyword since the manual is required
|
||
* polarssl, mbedtls: Fix detection of pending data
|
||
* http_proxy: Fix tiny memory leak upon edge case connecting to proxy
|
||
* URL: only accept ";options" in SMTP/POP3/IMAP URL schemes
|
||
* curl.1: ftp.sunet.se is no longer an FTP mirror
|
||
* tool_operate: Show HTTPS-Proxy options on CURLE_SSL_CACERT
|
||
* http2: fix memory-leak when denying push streams
|
||
* configure: Allow disabling pthreads, fall back on Win32 threads
|
||
* curl: fix typo in time condition warning message
|
||
* axtls: adapt to API changes
|
||
* tool_urlglob: Allow a glob range with the same start and stop
|
||
* winbuild: add note on auto-detection of MACHINE in Makefile.vc
|
||
* http: fix missing 'Content-Length: 0' while negotiating auth
|
||
* proxy: fix hostname resolution and IDN conversion
|
||
* docs: fix timeout handling in multi-uv example
|
||
* digest_sspi: Fix nonce-count generation in HTTP digest
|
||
* sftp: improved checks for create dir failures
|
||
* smb: use getpid replacement for windows UWP builds
|
||
* digest_sspi: Handle 'stale=TRUE' directive in HTTP digest
|
||
- Remove curl-7.52.1-idn-fixes.patch, fixed upstream.
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Feb 5 22:33:33 UTC 2017 - astieger@suse.com
|
||
|
||
- build with libidn2 for IDNA2008 support
|
||
FATE#321897 CVE-2016-8625 bsc#1005649
|
||
add curl-7.52.1-idn-fixes.patch to fix test, among other things
|
||
- re-enable tests that are no longer failing,
|
||
remove curl-disable_failing_tests.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Dec 23 07:37:40 UTC 2016 - idonmez@suse.com
|
||
|
||
- Update to 7.52.1
|
||
Bugfixes:
|
||
* CVE-2016-9594: unititialized random bsc#1016738
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Dec 21 07:10:10 UTC 2016 - idonmez@suse.com
|
||
|
||
- Update to 7.52.0
|
||
Changes:
|
||
* nss: map CURL_SSLVERSION_DEFAULT to NSS default
|
||
* vtls: support TLS 1.3 via CURL_SSLVERSION_TLSv1_3
|
||
* curl: introduce the --tlsv1.3 option to force TLS 1.3
|
||
* curl: Add --retry-connrefused
|
||
* proxy: Support HTTPS proxy and SOCKS+HTTP(s)
|
||
* add CURLINFO_SCHEME, CURLINFO_PROTOCOL, and %{scheme}
|
||
* curl: add --fail-early
|
||
Bugfixes:
|
||
* CVE-2016-9586: printf floating point buffer overflow
|
||
* curl -w: added more decimal digits to timing counters
|
||
* easy: Initialize info variables on easy init and duphandle
|
||
* http2: Don't send header fields prohibited by HTTP/2 spec
|
||
* ssh: check md5 fingerprints case insensitively (regression)
|
||
* openssl: initial TLS 1.3 adaptions
|
||
* SPNEGO: Fix memory leak when authentication fails
|
||
* realloc: use Curl_saferealloc to avoid common mistakes
|
||
* openssl: make sure to fail in the unlikely event that PRNG
|
||
seeding fails
|
||
* URL-parser: for file://[host]/ URLs, the [host] must be localhost
|
||
* timeval: prefer time_t to hold seconds instead of long
|
||
* glob: fix [a-c] globbing regression
|
||
* curl.1: Clarify --dump-header only writes received headers
|
||
* http2: Fix address sanitizer memcpy warning
|
||
* http2: Use huge HTTP/2 windows
|
||
* connects: Don't mix unix domain sockets with regular ones
|
||
* url: Fix conn reuse for local ports and interfaces
|
||
* x509: Limit ASN.1 structure sizes to 256K
|
||
* http2: check nghttp2_session_set_local_window_size exists
|
||
* http2: Fix crashes when parent stream gets aborted
|
||
* CURLOPT_CONNECT_TO: Skip non-matching "connect-to" entries
|
||
* URL parser: reject non-numerical port numbers
|
||
* CONNECT: reject TE or CL in 2xx responses
|
||
* CONNECT: read responses one byte at a time
|
||
* curl: support zero-length argument strings in config files
|
||
* openssl: don't use OpenSSL's ERR_PACK
|
||
* curl.1: generated with the new man page system
|
||
* curl_easy_recv: Improve documentation and example program
|
||
* Curl_getconnectinfo: avoid checking if the connection is closed
|
||
* CIPHERS.md: attempt to document TLS cipher names
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Nov 2 07:15:44 UTC 2016 - idonmez@suse.com
|
||
|
||
- Update to 7.51.0
|
||
Changes:
|
||
* nss: additional cipher suites are now accepted by
|
||
CURLOPT_SSL_CIPHER_LIST
|
||
* New option: CURLOPT_KEEP_SENDING_ON_ERROR
|
||
Bugfixes:
|
||
* CVE-2016-8615: cookie injection for other servers
|
||
* CVE-2016-8616: case insensitive password comparison
|
||
* CVE-2016-8617: OOB write via unchecked multiplication
|
||
* CVE-2016-8618: double-free in curl_maprintf
|
||
* CVE-2016-8619: double-free in krb5 code
|
||
* CVE-2016-8620: glob parser write/read out of bounds
|
||
* CVE-2016-8621: curl_getdate read out of bounds
|
||
* CVE-2016-8622: URL unescape heap overflow via integer truncation
|
||
* CVE-2016-8623: Use-after-free via shared cookies
|
||
* CVE-2016-8624: invalid URL parsing with '#'
|
||
* CVE-2016-8625: IDNA 2003 makes curl use wrong host
|
||
* openssl: fix per-thread memory leak using 1.0.1 or 1.0.2
|
||
* http: accept "Transfer-Encoding: chunked" for HTTP/2 as well
|
||
* LICENSE-MIXING.md: update with mbedTLS dual licensing
|
||
* examples/imap-append: Set size of data to be uploaded
|
||
* test2048: fix url
|
||
* darwinssl: disable RC4 cipher-suite support
|
||
* CURLOPT_PINNEDPUBLICKEY.3: fix the AVAILABILITY formatting
|
||
* openssl: don’t call CRYTPO_cleanup_all_ex_data
|
||
* libressl: fix version output
|
||
* easy: Reset all statistical session info in curl_easy_reset
|
||
* curl_global_cleanup.3: don't unload the lib with sub threads running
|
||
* dist: add CurlSymbolHiding.cmake to the tarball
|
||
* docs: Remove that --proto is just used for initial retrieval
|
||
* configure: Fixed builds with libssh2 in a custom location
|
||
* curl.1: --trace supports % for sending to stderr!
|
||
* cookies: same domain handling changed to match browser behavior
|
||
* formpost: trying to attach a directory no longer crashes
|
||
* CURLOPT_DEBUGFUNCTION.3: fixed unused argument warning
|
||
* formpost: avoid silent snprintf() truncation
|
||
* ftp: fix Curl_ftpsendf
|
||
* mprintf: return error on too many arguments
|
||
* smb: properly check incoming packet boundaries
|
||
* GIT-INFO: remove the Mac 10.1-specific details
|
||
* resolve: add error message when resolving using SIGALRM
|
||
* cmake: add nghttp2 support
|
||
* dist: remove PDF and HTML converted docs from the releases
|
||
* configure: disable poll() in macOS builds
|
||
* vtls: only re-use session-ids using the same scheme
|
||
* pipelining: skip to-be-closed connections when pipelining
|
||
* win: fix Universal Windows Platform build
|
||
* curl: do not set CURLOPT_SSLENGINE to DEFAULT automatically
|
||
* maketgz: make it support "only" generating version info
|
||
* Curl_socket_check: add extra check to avoid integer overflow
|
||
* gopher: properly return error for poll failures
|
||
* curl: set INTERLEAVEDATA too
|
||
* polarssl: clear thread array at init
|
||
* polarssl: fix unaligned SSL session-id lock
|
||
* polarssl: reduce #ifdef madness with a macro
|
||
* curl_multi_add_handle: set timeouts in closure handles
|
||
* configure: set min version flags for builds on mac
|
||
* INSTALL: converted to markdown => INSTALL.md
|
||
* curl_multi_remove_handle: fix a double-free
|
||
* multi: fix inifinte loop in curl_multi_cleanup()
|
||
* nss: fix tight loop in non-blocking TLS handhsake over proxy
|
||
* mk-ca-bundle: Change URL retrieval to HTTPS-only by default
|
||
* mbedtls: stop using deprecated include file
|
||
* docs: fix req->data in multi-uv example
|
||
* configure: Fix test syntax for monotonic clock_gettime
|
||
* CURLMOPT_MAX_PIPELINE_LENGTH.3: Clarify it's not for HTTP/2
|
||
- Refresh libcurl-ocloexec.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Sep 14 07:13:02 UTC 2016 - idonmez@suse.com
|
||
|
||
- update to 7.50.3
|
||
Bugfixes:
|
||
* CVE-2016-7167: escape and unescape integer overflows
|
||
* mk-ca-bundle.pl: use SHA256 instead of SHA1
|
||
* checksrc: detect strtok() use
|
||
* errors: new alias CURLE_WEIRD_SERVER_REPLY
|
||
* http2: support > 64bit sized uploads
|
||
* openssl: fix bad memory free (regression)
|
||
* CMake: hide private library symbols
|
||
* http: refuse to pass on response body when NO_NODY is set
|
||
* cmake: fix curl-config --static-libs
|
||
* mbedtls: switch off NTLM in build if md4 isn't available
|
||
* curl: --create-dirs on windows groks both forward and
|
||
backward slashes
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Sep 8 08:31:40 UTC 2016 - idonmez@suse.com
|
||
|
||
- update to 7.50.2
|
||
Bugfixes:
|
||
* mbedtls: Added support for NTLM
|
||
* SSH: fixed SFTP/SCP transfer problems
|
||
* multi: make Curl_expire() work with 0 ms timeouts
|
||
* mk-ca-bundle.pl: -m keeps ca cert meta data in output
|
||
* TFTP: Fix upload problem with piped input
|
||
* CURLOPT_TCP_NODELAY: now enabled by default
|
||
* mbedtls: set verbose TLS debug when MBEDTLS_DEBUG is defined
|
||
* http2: always wait for readable socket
|
||
* cmake: Enable win32 large file support by default
|
||
* cmake: Enable win32 threaded resolver by default
|
||
* winbuild: Avoid setting redundant CFLAGS to compile commands
|
||
* curl.h: make CURL_NO_OLDIES define CURL_STRICTER
|
||
* docs: make more markdown files use .md extension
|
||
* docs: CONTRIBUTE and LICENSE-MIXING were converted to markdown
|
||
* winbuild: Allow changing C compiler via environment variable CC
|
||
* rtsp: accept any RTSP session id
|
||
* HTTP: retry failed HEAD requests on reused connections too
|
||
* configure: add zlib search with pkg-config
|
||
* openssl: accept subjectAltName iPAddress if no dNSName match
|
||
* MANUAL: Remove invalid link to LDAP documentation
|
||
* socks: improved connection procedure
|
||
* proxy: reject attempts to use unsupported proxy schemes
|
||
* proxy: bring back use of "Proxy-Connection:"
|
||
* curl: allow "pkcs11:" prefix for client certificates
|
||
* spnego_sspi: fix memory leak in case *outlen is zero
|
||
* SOCKS: improve verbose output of SOCKS5 connection sequence
|
||
* SOCKS: display the hostname returned by the SOCKS5 proxy server
|
||
* http/sasl: Query authentication mechanism supported by SSPI before using
|
||
* sasl: Don't use GSSAPI authentication when domain name not specified
|
||
* win: Basic support for Universal Windows Platform apps
|
||
* nss: fix incorrect use of a previously loaded certificate from file,
|
||
https://curl.haxx.se/docs/adv_20160907.html
|
||
* nss: work around race condition in PK11_FindSlotByName()
|
||
* ftp: fix wrong poll on the secondary socket
|
||
* openssl: build warning-free with 1.1.0 (again)
|
||
* HTTP: stop parsing headers when switching to unknown protocols
|
||
* test219: Add http as a required feature
|
||
* TLS: random file/egd doesn't have to match for conn reuse
|
||
* schannel: Disable ALPN for Wine since it is causing problems
|
||
* http2: make sure stream errors don't needlessly close the connection
|
||
* http2: return CURLE_HTTP2_STREAM for unexpected stream close
|
||
* darwinssl: --cainfo is intended for backward compatibility only
|
||
* speed caps: not based on average speeds anymore
|
||
* configure: make the cpp -P detection not clobber CPPFLAGS
|
||
* http2: use named define instead of magic constant in read callback
|
||
* http2: skip the content-length parsing, detect unknown size
|
||
* http2: return EOF when done uploading without known size
|
||
* darwinssl: test for errSecSuccess in PKCS12 import rather than noErr
|
||
* openssl: fix CURLINFO_SSL_VERIFYRESULT
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Aug 5 12:41:43 UTC 2016 - pjanouch@suse.de
|
||
|
||
- update to 7.50.1
|
||
Bugfixes:
|
||
* TLS: switch off SSL session id when client cert is used
|
||
* TLS: only reuse connections with the same client cert
|
||
* curl_multi_cleanup: clear connection pointer for easy handles
|
||
* include the CURLINFO_HTTP_VERSION man page into the release tarball
|
||
* include the http2-server.pl script in the release tarball
|
||
* test558: fix test by stripping file paths from FD lines
|
||
* spnego: Corrected miss-placed * in Curl_auth_spnego_cleanup() declaration
|
||
* tests: Fix for http/2 feature
|
||
* cmake: Fix for schannel support
|
||
* curl.h: make public types void * again
|
||
* win32: fix a potential memory leak in Curl_load_library
|
||
* travis: fix OSX build by re-installing libtool
|
||
* mbedtls: Fix debug function name
|
||
- removed 0001-tests-distribute-the-http2-server.pl-script-too.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jul 21 09:30:30 UTC 2016 - vcizek@suse.com
|
||
|
||
- update to 7.50.0
|
||
Changes:
|
||
* http: add CURLINFO_HTTP_VERSION and %{http_version}
|
||
Bugfixes:
|
||
* openssl: fix build with OPENSSL_NO_COMP
|
||
* cmake: Added missing mbedTLS support
|
||
* URL parser: allow URLs to use one, two or three slashes
|
||
* curl: fix -q [regression]
|
||
* openssl: Use correct buffer sizes for error messages
|
||
* curl: fix SIGSEGV while parsing URL with too many globs
|
||
* vtls: fix ssl session cache race condition
|
||
* http: Fix HTTP/2 connection reuse [regression]
|
||
* checksrc: Add LoadLibrary to the banned functions list
|
||
* configure: occasional ignorance of --enable-symbol-hiding with GCC
|
||
* http2: test17xx are the first real HTTP/2 tests
|
||
* resolve: add support for IPv6 DNS64/NAT64 Networks on OS X + iOS
|
||
* curl_multi_socket_action.3: rewording
|
||
* CURLOPT_POSTFIELDS.3: Clarify what happens when set empty
|
||
* cmake: Fix build with winldap
|
||
* openssl: fix cert check with non-DNS name fields present
|
||
* curl.1: mention the units for the progress meter
|
||
* openssl: use more 'const' to fix build warnings with 1.1.0 branch
|
||
* cmake: now using BUILD_TESTING=ON/OFF
|
||
* vtls: Only call add/getsession if session id is enabled
|
||
* headers: forward declare CURL, CURLM and CURLSH as structs
|
||
* configure: improve detection of CA bundle path on FreeBSD
|
||
* SFTP: set a generic error when no SFTP one exists
|
||
* curl_global_init.3: expand on the SSL and WIN32 bits purpose
|
||
* conn: don't free easy handle data in handler->disconnect
|
||
* cookie.c: Fix misleading indentation
|
||
* library: Fix memory leaks found during static analysis
|
||
* CURLMOPT_SOCKETFUNCTION.3: fix typo
|
||
* curl_global_init: moved the "IPv6 works" check here
|
||
* connect: disable TFO on Linux when using SSL
|
||
* vauth: Fixed memory leak due to function returning without free
|
||
- refresh libcurl-ocloexec.patch
|
||
- disable tests 1139 and 1140 which fail due to missing manpage
|
||
* add curl-disable_failing_tests.patch
|
||
- ship http2_server.pl for testing
|
||
* add 0001-tests-distribute-the-http2-server.pl-script-too.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jun 14 11:47:27 UTC 2016 - astieger@suse.com
|
||
|
||
- curl 7.49.1:
|
||
* http2: use HTTP/2 in the HTTP/1.1-alike response
|
||
* ssh: fix build for libssh2 before 1.2.6
|
||
* a number of bug and build fixes
|
||
- curl 7.49.0:
|
||
* schannel: Add ALPN support
|
||
* SSH: support CURLINFO_FILETIME
|
||
* SSH: new CURLOPT_QUOTE command "statvfs"
|
||
* wolfssl: Add ALPN support
|
||
* http2: added --http2-prior-knowledge
|
||
* http2: added CURL_HTTP_VERSION_2_PRIOR_KNOWLEDGE
|
||
* libcurl: added CURLOPT_CONNECT_TO
|
||
* curl: added --connect-to
|
||
* libcurl: added CURLOPT_TCP_FASTOPEN
|
||
* curl: added --tcp-fastopen
|
||
* curl: remove support for --ftpport, -http-request and --socks
|
||
* a number of bug and build fixes
|
||
- update upstream signing key and download URLs
|
||
- 0001-Fix-invalid-Network-is-unreachable-errors.patch is upstream
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jun 6 10:18:29 UTC 2016 - idonmez@suse.com
|
||
|
||
- Depend on libssh2 >= 1.6.0 since curl depends on the
|
||
libssh2_scp_recv2 symbol now. Fixes boo#983170
|
||
|
||
-------------------------------------------------------------------
|
||
Thu May 5 18:53:47 UTC 2016 - alarrosa@suse.com
|
||
|
||
- Add 0001-Fix-invalid-Network-is-unreachable-errors.patch.
|
||
Fixes "Network is unreachable" errors in valid situations when ipv6
|
||
is not available but ipv4 is working fine. This also fixes the same
|
||
error from happening in applications using libcurl4 (like zypper).
|
||
(bsc#915846)
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Mar 31 17:25:29 UTC 2016 - idonmez@suse.com
|
||
|
||
- Update to 7.48.0
|
||
* configure: --with-ca-fallback: use built-in TLS CA fallback
|
||
* TFTP: add --tftp-no-options to expose CURLOPT_TFTP_NO_OPTIONS
|
||
* getinfo: CURLINFO_TLS_SSL_PTR supersedes CURLINFO_TLS_SESSION
|
||
* Lots of bugfixes, see https://curl.haxx.se/changes.html#7_48_0
|
||
- Drop curl-7.41.0-use-openssl-s-built-in-verify-path-as-fallback.diff,
|
||
superseded by --with-ca-fallback configure option.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Mar 17 10:58:24 UTC 2016 - astieger@suse.com
|
||
|
||
- curl 7.47.1:
|
||
* getredirect.c: fix variable name
|
||
* tool_doswin: silence unused function warning
|
||
* curl.1: Explain remote-name behavior if file already exists
|
||
* sasl_sspi: Fix memory leak in domain populate
|
||
* openssl: Fix signed/unsigned mismatch warning in X509V3_ext
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jan 29 21:17:56 UTC 2016 - mpluskal@suse.com
|
||
|
||
- Enable PSL (Publix Suffix List)
|
||
- Make building more verbose
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jan 27 13:10:50 UTC 2016 - vcizek@suse.com
|
||
|
||
- update to 7.47.0
|
||
* fixes CVE-2016-0755 (bsc#962983)
|
||
(NTLM credentials not-checked for proxy connection re-use)
|
||
* drop curl-fix-zsh-completion.patch (upstream)
|
||
Changes:
|
||
* version: Add flag CURL_VERSION_PSL for libpsl
|
||
* http: added CURL_HTTP_VERSION_2TLS to do HTTP/2 for HTTPS only
|
||
* curl: use 2TLS by default
|
||
* curl --expect100-timeout: added
|
||
* Add .dir-locals and set c-basic-offset to 2 (for emacs)
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jan 6 13:18:33 UTC 2016 - idonmez@suse.com
|
||
|
||
- Fix path to curl in zsh.pl to unbreak _curl completion
|
||
* curl-fix-zsh-completion.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Dec 2 12:18:24 UTC 2015 - idonmez@suse.com
|
||
|
||
- Update to 7.46.0
|
||
* Added CURLOPT_STREAM_DEPENDS
|
||
* Added CURLOPT_STREAM_DEPENDS_E
|
||
* Added CURLOPT_STREAM_WEIGHT
|
||
* Added CURLFORM_CONTENTLEN
|
||
* oauth2: Added support for OAUTHBEARER SASL mechanism to IMAP,
|
||
POP3 and SNMP
|
||
* Many bugfixes, see http://curl.haxx.se/changes.html#7_46_0 for the
|
||
complete list.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Oct 19 09:35:04 UTC 2015 - vcizek@suse.com
|
||
|
||
- revert the curl-config change for bsc#900419 until we have a better
|
||
fix, because it was breaking builds of other packages
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Oct 18 21:43:16 UTC 2015 - crrodriguez@opensuse.org
|
||
|
||
- Enable HTTP/2 support, buildrequires pkgconfig(libnghttp2)
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Oct 10 06:58:35 UTC 2015 - mpluskal@suse.com
|
||
|
||
- Update to 7.45.0
|
||
* added CURLOPT_DEFAULT_PROTOCOL
|
||
* added new tool option --proto-default
|
||
* getinfo: added CURLINFO_ACTIVESOCKET
|
||
* turned CURLINFO_* option docs as stand-alone man pages
|
||
* curl: point out unnecessary uses of -X in verbose mode
|
||
- Drop curl-disable_failing_tests.patch as it is now part of
|
||
upstream
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Aug 26 07:29:40 UTC 2015 - vcizek@suse.com
|
||
|
||
- drop a hack that made curl-config print only -lcurl (bsc#900419)
|
||
* --as-needed is used by default now
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Aug 14 09:02:40 UTC 2015 - vcizek@suse.com
|
||
|
||
- update to 7.44.0
|
||
http2: added CURLMOPT_PUSHFUNCTION and CURLMOPT_PUSHDATA
|
||
examples: added http2-serverpush.c
|
||
http2: added curl_pushheader_byname() and curl_pushheader_bynum()
|
||
docs: added CODE_OF_CONDUCT.md
|
||
curl: Add --ssl-no-revoke to disable certificate revocation checks
|
||
libcurl: New value CURLSSLOPT_NO_REVOKE for CURLOPT_SSL_OPTIONS
|
||
makefile: Added support for VC14
|
||
- dropped unexpire-test46.patch (upstream)
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Aug 11 10:02:18 UTC 2015 - schwab@suse.de
|
||
|
||
- unexpire-test46.patch: Unexpire test 46
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jul 31 08:22:39 UTC 2015 - normand@linux.vnet.ibm.com
|
||
|
||
- do not run flaky tests for any architecture (bnc#940009)
|
||
at least test 1510 do fail for i586 and ppc64le
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jul 3 08:29:55 UTC 2015 - vcizek@suse.com
|
||
|
||
- fix a typo in curl-secure-getenv.patch (bsc#936676)
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jun 19 13:07:44 UTC 2015 - mpluskal@suse.com
|
||
|
||
- Update to 7.43.0
|
||
* Added CURLOPT_PROXY_SERVICE_NAME
|
||
* Added CURLOPT_SERVICE_NAME
|
||
* New curl option: --proxy-service-name
|
||
* Mew curl option: --service-name
|
||
* New curl option: --data-raw
|
||
* Added CURLOPT_PIPEWAIT
|
||
* Added support for multiplexing transfers using HTTP/2, enable
|
||
this with the new CURLPIPE_MULTIPLEX bit for
|
||
CURLMOPT_PIPELINING
|
||
* HTTP/2: requires nghttp2 1.0.0 or later
|
||
* scripts: add zsh.pl for generating zsh completion
|
||
* curl.h: add CURL_HTTP_VERSION_2
|
||
* CVE-2015-3236: lingering HTTP credentials in connection re-use
|
||
* CVE-2015-3237: SMB send off unrelated memory contents
|
||
- Disable HTTP/2 as it would create build cycle
|
||
|
||
-------------------------------------------------------------------
|
||
Wed May 20 15:18:12 UTC 2015 - vcizek@suse.com
|
||
|
||
- enable HTTP/2 support
|
||
- make the testsuite failure fatal
|
||
* added curl-disable_failing_tests.patch
|
||
* added groff to BuildRequires to enable builtin manual (test 1026)
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Apr 29 08:32:11 UTC 2015 - vcizek@suse.com
|
||
|
||
- update to 7.42.1
|
||
* fixes CVE-2015-3153 (bnc#928533)
|
||
- sensitive HTTP server headers also sent to proxies
|
||
- rename curl-devel to libcurl-devel in baselibs.conf
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Apr 22 08:03:02 UTC 2015 - vcizek@suse.com
|
||
|
||
- update to 7.42.0
|
||
* refresh libcurl-ocloexec.patch
|
||
- fixes security vulnerabilities:
|
||
* CVE-2015-3143 (bnc#927556)
|
||
- Re-using authenticated connection when unauthenticated
|
||
* CVE-2015-3144 (bnc#927608)
|
||
- host name out of boundary memory access
|
||
* CVE-2015-3145 (bnc#927607)
|
||
- cookie parser out of boundary memory access
|
||
* CVE-2015-3148 (bnc#927746)
|
||
- Negotiate not treated as connection-oriented
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Mar 24 12:49:35 UTC 2015 - lnussel@suse.de
|
||
|
||
- don't hardcode /etc/ssl/certs. Use openssl's default instead
|
||
(curl-7.41.0-use-openssl-s-built-in-verify-path-as-fallback.diff)
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Feb 26 09:37:22 UTC 2015 - sor.alexei@meowr.ru
|
||
|
||
- update to 7.41.0:
|
||
* Changes:
|
||
NetWare build: added TLS-SRP enabled build
|
||
winbuild: Added option to build with c-ares
|
||
Added --cert-status
|
||
Added CURLOPT_SSL_VERIFYSTATUS
|
||
sasl: implement EXTERNAL authentication mechanism
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Feb 14 18:29:37 UTC 2015 - mpluskal@suse.com
|
||
|
||
- Re-enable metalink supoort
|
||
- Use pkgconfig() style dependencies
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jan 8 09:55:11 UTC 2015 - vcizek@suse.com
|
||
|
||
- update to 7.40.0:
|
||
* fixes CVE-2014-8150 (bnc#911363)
|
||
* Changes:
|
||
http_digest: Added support for Windows SSPI based authentication
|
||
version info: Added Kerberos V5 to the supported features
|
||
Makefile: Added VC targets for WinIDN
|
||
config-win32: Introduce build targets for VS2012+
|
||
SSL: Add PEM format support for public key pinning
|
||
smtp: Added support for the conversion of Unix newlines during mail send
|
||
smb: Added initial support for the SMB/CIFS protocol
|
||
Added support for HTTP over unix domain sockets,
|
||
via CURLOPT_UNIX_SOCKET_PATH and --unix-socket
|
||
sasl: Added support for GSS-API based Kerberos V5 authentication
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jan 1 23:08:25 UTC 2015 - meissner@suse.com
|
||
|
||
- build with PIE
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Nov 14 15:29:07 UTC 2014 - vcizek@suse.com
|
||
|
||
- update to 7.39.0:
|
||
- changes:
|
||
SSLv3 is disabled by default
|
||
CURLOPT_COOKIELIST: Added "RELOAD" command
|
||
build: Added WinIDN build configuration options to Visual Studio projects
|
||
ssh: improve key file search
|
||
SSL: public key pinning. Use CURLOPT_PINNEDPUBLICKEY and --pinnedpubkey
|
||
vtls: remove QsoSSL support, use gskit!
|
||
mk-ca-bundle: added SHA-384 signature algorithm
|
||
docs: added many examples for libcurl opts and other doc improvements
|
||
build: Added VC ssh2 target to main Makefile
|
||
MinGW: Added support to build with nghttp2
|
||
NetWare: Added support to build with nghttp2
|
||
build: added Watcom support to build with WinSSL
|
||
build: Added optional specific version generation of VC project files
|
||
... and a bunch of bugfixes
|
||
- refreshed libcurl-ocloexec.patch
|
||
- removed gpg-offline verification
|
||
- spec-cleaned curl.spec
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Oct 23 15:13:30 UTC 2014 - crrodriguez@opensuse.org
|
||
|
||
- Ensure the curl command line tool always require
|
||
the same libcurl it was used for build, even expert users
|
||
got confused.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Sep 10 09:07:59 UTC 2014 - vcizek@suse.com
|
||
|
||
- update to 7.38.0
|
||
* fixes CVE-2014-3613 (bnc#894575) and CVE-2014-3620 (bnc#895991)
|
||
* cookie leaks with IP address as domain and TLDs respectively
|
||
Changes:
|
||
supports HTTP/2 draft-14
|
||
CURLE_HTTP2 is a new error code
|
||
CURLAUTH_NEGOTIATE is a new auth define
|
||
CURL_VERSION_GSSAPI is a new capability bit
|
||
no longer use fbopenssl for anything
|
||
schannel: use CryptGenRandom for random numbers
|
||
axtls: define curlssl_random using axTLS's PRNG
|
||
cyassl: use RNG_GenerateBlock to generate a good random number
|
||
findprotocol: show unsupported protocol within quotes
|
||
version: detect and show LibreSSL
|
||
version: detect and show BoringSSL
|
||
imap/pop3/smtp: Kerberos (SASL GSSAPI) authentication via Windows SSPI
|
||
http2: requires nghttp2 0.6.0 or later
|
||
Bugfixes:
|
||
SECURITY ADVISORY: cookie leak with IP address as domain
|
||
SECURITY ADVISORY: cookie leak for TLDs
|
||
And many other fixes
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Aug 28 21:59:59 UTC 2014 - andreas.stieger@gmx.de
|
||
|
||
- curl 7.37.1:
|
||
This release includes many bugfixes and the following changes:
|
||
* bits.close: introduce connection close tracking
|
||
* darwinssl: Add support for --cacert
|
||
* polarssl: add ALPN support
|
||
* docs: Added new option man pages
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jun 12 11:45:03 UTC 2014 - vcizek@suse.com
|
||
|
||
- update to 7.37.0
|
||
This release includes many bugfixes and the following changes:
|
||
* URL parser: IPv6 zone identifiers are now supported
|
||
* CURLOPT_PROXYHEADER: set headers for proxy-only
|
||
* CURLOPT_HEADEROPT: added
|
||
* curl: add --proxy-header
|
||
* sasl: Added support for DIGEST-MD5 via Windows SSPI
|
||
* sasl: Added DIGEST-MD5 qop-option validation in native challange handling
|
||
* imap: Expanded mailbox SEARCH support to use URL query strings [7]
|
||
* imap: Extended FETCH support to include PARTIAL URL specifier [7]
|
||
* nss: implement non-blocking SSL handshake
|
||
* build: Reworked Visual Studio project files
|
||
* poll: enable poll on darwin13
|
||
* mk-ca-bundle: added -p
|
||
* libtests: add a wait_ms() function
|
||
- dropped patches:
|
||
* curl-mkhelp.patch (upstream)
|
||
* curl-test815.patch (upstream)
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Apr 11 06:51:54 UTC 2014 - vcizek@suse.com
|
||
|
||
- remove the useless BuildRequires that were meant for debugging only
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Apr 9 11:40:19 UTC 2014 - vcizek@suse.com
|
||
|
||
- update to 7.36
|
||
* fixes CVE-2014-0138 (bnc#868627) and CVE-2014-0139 (bnc#868629)
|
||
* NEW FEATURES:
|
||
ntlm: Added support for NTLMv2
|
||
tool: Added support for URL specific options
|
||
openssl: add ALPN support
|
||
gtls: add ALPN support
|
||
nss: add ALPN and NPN support
|
||
added CURLOPT_EXPECT_100_TIMEOUT_MS
|
||
tool: add --no-alpn and --no-npn
|
||
added CURLOPT_SSL_ENABLE_NPN and CURLOPT_SSL_ENABLE_ALPN
|
||
http2: build with current nghttp2 version
|
||
openssl: info message with SSL version used
|
||
* dropped curl-test172_cookie_expiration.patch (upstream)
|
||
* added patches to make it build:
|
||
- curl-mkhelp.patch
|
||
- curl-test815.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Mar 13 13:53:08 CET 2014 - kukuk@suse.de
|
||
|
||
- Disable BuildRequires for openssh, only needed for test suite,
|
||
but the test suite isn't able to start sshd anyways.
|
||
Solves the problem that openssh checkins triggers a nearly full
|
||
rebuild, too.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Feb 4 15:17:18 UTC 2014 - vcizek@suse.com
|
||
|
||
- update to 7.35.0
|
||
* security fix:
|
||
CVE-2014-0015: re-use of wrong HTTP NTLM connection (bnc#858673)
|
||
* changes:
|
||
imap/pop3/smtp: Added support for SASL authentication downgrades
|
||
imap/pop3/smtp: Extended the login options to support multiple auth mechanisms
|
||
TheArtOfHttpScripting: major update, converted layout and more
|
||
mprintf: Added support for I, I32 and I64 size specifiers
|
||
makefile: Added support for VC7, VC11 and VC12
|
||
SSL: protocol version can be specified more precisely
|
||
imap/pop3/smtp: Added graceful cancellation of SASL authentication
|
||
Add "Happy Eyeballs" for IPv4/IPv6 dual connect attempts
|
||
base64: Added validation of base64 input strings when decoding
|
||
curl_easy_setopt: Added the ability to set the login options separately
|
||
smtp: Added support for additional SMTP commands
|
||
curl_easy_getinfo: Added CURLINFO_TLS_SESSION for accessing TLS internals
|
||
nss: allow to use TLS > 1.0 if built against recent NSS
|
||
SECURITY: added this document to describe our security processes
|
||
parseconfig: warn if unquoted white spaces are detected
|
||
* and many bugfixes
|
||
- fix test failure because of an expired cookie (bnc#862144)
|
||
* added curl-test172_cookie_expiration.patch
|
||
- refresh libcurl-ocloexec.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Nov 29 15:30:23 UTC 2013 - vcizek@suse.com
|
||
|
||
- update to 7.33.0
|
||
* fixes CVE-2013-4545 (bnc#849596)
|
||
= curl: ssl cert checks unclear behaviour
|
||
o test code for testing the event based API
|
||
o CURLM_ADDED_ALREADY: new error code
|
||
o test TFTP server: support "writedelay" within <servercmd>
|
||
o krb4 support has been removed
|
||
o imap/pop3/smtp: added basic SASL XOAUTH2 support
|
||
o Pass password to OpenSSL engine by user interface
|
||
o c-ares: Add support for various DNS binding options
|
||
o cookies: add expiration
|
||
o curl: added --oauth2-bearer option
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Aug 12 05:29:34 UTC 2013 - crrodriguez@opensuse.org
|
||
|
||
- curl 7.32.0
|
||
* curl: allow timeouts to accept decimal values
|
||
* CURLOPT_XFERINFOFUNCTION: introducing a new progress callback
|
||
* SIGPIPE: ignored while inside the library
|
||
* OpenSSL: check for read errors
|
||
* configure: automake 1.14 compatibility tweak
|
||
* curl_multi_wait: set revents for extra fds
|
||
* global dns cache: didn't work (regression)
|
||
* mk-ca-bundle.1: don't install on make install
|
||
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jul 1 18:56:33 UTC 2013 - coolo@suse.com
|
||
|
||
- avoid cycle between curl and krb5 by using krb5-mini-devel
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jun 24 14:00:11 UTC 2013 - vcizek@suse.com
|
||
|
||
- update to 7.31.0
|
||
* includes fix for CVE-2013-2174 (bnc#824517)
|
||
* SECURITY VULNERABILITY: curl_easy_unescape() may parse data
|
||
beyond the end of the input buffer [26]
|
||
* Changes:
|
||
darwinssl: add TLS session resumption
|
||
darwinssl: add TLS crypto authentication
|
||
imap/pop3/smtp: Added support for ;auth= in the URL
|
||
imap/pop3/smtp: Added support for ;auth= to CURLOPT_USERPWD
|
||
usercertinmem.c: add example showing user cert in memory
|
||
url: Added smtp and pop3 hostnames to the protocol detection list
|
||
imap/pop3/smtp: Added support for enabling the SASL initial response
|
||
curl -E: allow to use ':' in certificate nicknames
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Apr 12 11:36:47 UTC 2013 - vcizek@suse.com
|
||
|
||
- update to 7.30.0
|
||
includes security fixes for CVE-2013-0249 and CVE-2013-1944
|
||
(bugs bnc#814655 and bnc#802411 respectively)
|
||
(dropped curl-CVE-2013-0249.patch)
|
||
- Changes:
|
||
imap: Changed response tag generation to be completely unique
|
||
imap: Added support for SASL-IR extension
|
||
imap: Added support for the list command
|
||
imap: Added support for the append command
|
||
imap: Added custom request parsing
|
||
imap: Added support to the fetch command for UID and SECTION properties
|
||
imap: Added parsing and verification of the UIDVALIDITY mailbox attribute
|
||
imap/pop3/smtp: Added support for the STARTTLS capability
|
||
checksrc: ban use of sprintf, vsprintf, strcat, strncat and gets
|
||
curl_global_init() now accepts the CURL_GLOBAL_ACK_EINTR flag
|
||
Added CURLMOPT_MAX_HOST_CONNECTIONS, CURLMOPT_MAX_TOTAL_CONNECTIONS
|
||
for new multi interface connection handling
|
||
Added CURLMOPT_MAX_PIPELINE_LENGTH, CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE,
|
||
CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE, CURLMOPT_PIPELINING_SITE_BL
|
||
and CURLMOPT_PIPELI NING_SERVER_BL for new pipelining control
|
||
test: offer "automake" output and check for perl better
|
||
always-multi: always use non-blocking internals
|
||
imap: Added support for sasl digest-md5 authentication
|
||
imap: Added support for sasl cram-md5 authentication
|
||
imap: Added support for sasl ntlm authentication
|
||
imap: Added support for sasl login authentication
|
||
imap: Added support for sasl plain text authentication
|
||
imap: Added support for login disabled server capability
|
||
mk-ca-bundle: add -f, support passing to stdout and more
|
||
writeout: -w now supports remote_ip/port and local_ip/port
|
||
- refreshed patches
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Feb 17 17:04:34 UTC 2013 - crrodriguez@opensuse.org
|
||
|
||
- Add curl-secure-getenv.patch: Use secure_getenv if available.
|
||
libcurl might be linked to a program where "secure execution" is
|
||
required.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Feb 7 10:54:15 UTC 2013 - vcizek@suse.com
|
||
|
||
- fixed CVE-2013-0249 (bnc#802411)
|
||
- refreshed patches
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jan 11 21:34:38 CET 2013 - sbrabec@suse.cz
|
||
|
||
- Break build loop and make GPG signature verification optional.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Nov 27 20:05:00 CET 2012 - sbrabec@suse.cz
|
||
|
||
- Verify GPG signature.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Nov 20 23:43:24 UTC 2012 - crrodriguez@opensuse.org
|
||
|
||
- Curl 7.28.1
|
||
* FTP: prevent the multi interface from blocking Obsoletes
|
||
curl-ftp-prevent-the-multi-interface-from-blocking.patch
|
||
* don't send '#' fragments when using proxy
|
||
* OpenSSL: Disable SSL/TLS compression - avoid the "CRIME" attack
|
||
* TFTP: handle resend
|
||
* memory leak: CURLOPT_RESOLVE with multi interface
|
||
* SSL: Several SSL-backend related fixes
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Nov 4 19:57:33 UTC 2012 - gber@opensuse.org
|
||
|
||
- added curl-ftp-prevent-the-multi-interface-from-blocking.patch in
|
||
order to prevent the multi interface from blocking when using ftp
|
||
and the remote end responds very slowly (sf#3579064)
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Jul 29 22:14:25 UTC 2012 - crrodriguez@opensuse.org
|
||
|
||
- Curl 7.27.0
|
||
* support metalinks
|
||
* Add sasl authentication support
|
||
* various bugfixes
|
||
- Fix previous change, _GNU_SOURCE --> AC_USE_SYSTEM_EXTENSIONS
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jul 9 13:12:24 UTC 2012 - dnh@opensuse.org
|
||
|
||
- define _GNU_SOURCE for oS/SLES <= 11.4, as O_CLOEXEC is
|
||
defined inside a ifdef __USE_GNU
|
||
|
||
-------------------------------------------------------------------
|
||
Sat May 12 23:24:56 UTC 2012 - jengelh@inai.de
|
||
|
||
- Update to new upstream release 7.25.0
|
||
* Added CURLOPT_TCP_KEEPALIVE, CURLOPT_TCP_KEEPIDLE,
|
||
CURLOPT_TCP_KEEPINTVL
|
||
* use new library-side TCP_KEEPALIVE options
|
||
* Added a new CURLOPT_MAIL_AUTH option
|
||
* Added support for --mail-auth
|
||
* (for more see the shipped CHANGES file)
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Feb 8 00:45:18 UTC 2012 - crrodriguez@opensuse.org
|
||
|
||
- Problem with the c-ares backend, workaround for [bnc#745534]
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Feb 2 18:47:10 UTC 2012 - crrodriguez@opensuse.org
|
||
|
||
- Update to version curl 7.24.0
|
||
- refresh patches to fix broken build
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jan 18 13:49:56 CET 2012 - dmueller@suse.de
|
||
|
||
- use the rpmoptflags unconditionally, don't do own compiler flag
|
||
magic. Fixes debuginfo package built
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Dec 28 10:30:28 UTC 2011 - mmarek@suse.cz
|
||
|
||
- Package /usr/share/aclocal to avoid build dependency on automake.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Nov 30 22:39:35 UTC 2011 - crrodriguez@opensuse.org
|
||
|
||
- Use O_CLOEXEC in library code.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Nov 29 11:51:38 UTC 2011 - jengelh@medozas.de
|
||
|
||
- Remove redundant/unwanted tags/section (cf. specfile guidelines)
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Nov 29 08:20:23 UTC 2011 - idoenmez@suse.de
|
||
|
||
- Use original source tarball
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Nov 28 12:00:00 UTC 2011 - opensuse@dstoecker.de
|
||
|
||
- Update to version 7.23.1:
|
||
+ Empty headers can be sent in HTTP requests by terminating with a semicolon
|
||
+ SSL session sharing support added to curl_share_setopt()
|
||
+ Added support to MAIL FROM for the optional SIZE parameter
|
||
+ smtp: Added support for NTLM authentication
|
||
+ curl tool: code split into tool_*.[ch] files
|
||
+ lots of bugfixes
|
||
-------------------------------------------------------------------
|
||
Mon Oct 3 15:44:17 UTC 2011 - dimstar@opensuse.org
|
||
|
||
- Update to version 7.22.0:
|
||
+ Added CURLOPT_GSSAPI_DELEGATION
|
||
+ Added support for NTLM delegation to Samba's winbind daemon
|
||
helper ntlm_auth
|
||
+ Display notes from setup file in testcurl.pl
|
||
+ BSD-style lwIP TCP/IP stack experimental support on Windows
|
||
+ OpenSSL: Use SSL_MODE_RELEASE_BUFFERS if available
|
||
+ --delegation was added to set CURLOPT_GSSAPI_DELEGATION
|
||
+ nss: start with no database if the selected database is broken
|
||
+ telnet: allow programatic use on Windows
|
||
+ for a list of bugfixes, see
|
||
http://curl.haxx.se/changes.html#7_22_0
|
||
- Drop curl-openssl-release-buffers.patch: fixed upstream.
|
||
- Add curl-fix-m4.patch: Use 'x' in configure scripts. Fixes issues
|
||
when configure is run with -Werror -Wall.
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Sep 18 00:10:42 UTC 2011 - jengelh@medozas.de
|
||
|
||
- Remove redundant tags/sections from specfile
|
||
- Use %_smp_mflags for parallel build
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Sep 16 17:22:44 UTC 2011 - jengelh@medozas.de
|
||
|
||
- Add curl-devel to baselibs
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Aug 15 05:05:01 UTC 2011 - crrodriguez@opensuse.org
|
||
|
||
- Use SSL_MODE_RELEASE_BUFFERS if available, accepted
|
||
in upstream as commit 3d919440c80333c496fb
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jul 12 06:46:02 UTC 2011 - coolo@novell.com
|
||
|
||
- remove support for old suse_versions
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jul 11 11:40:17 CEST 2011 - pth@suse.de
|
||
|
||
- Update to 7.21.7:
|
||
- Fix libcurl inappropriate GSSAPI delegation. Full details at
|
||
http://curl.haxx.se/docs/adv_20110623.html
|
||
- Some other minor fixes.
|
||
|
||
- Use the lzma compressed tarball provided upstreams.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri May 20 16:25:34 UTC 2011 - crrodriguez@opensuse.org
|
||
|
||
- remove unintented LDFLAGS from the spec file
|
||
|
||
-------------------------------------------------------------------
|
||
Fri May 20 15:37:54 UTC 2011 - crrodriguez@opensuse.org
|
||
|
||
- Update to 7.21.6
|
||
* curl-config: fix --version
|
||
* use HTTPS properly after CONNECT
|
||
* SFTP: close file before post quote operations
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Apr 14 17:02:19 UTC 2011 - crrodriguez@opensuse.org
|
||
|
||
- bnc#598574 has been fixed in upstream commit 8ab137b2bc9630ce20f4
|
||
already, so enable c-ares support again.
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Apr 9 20:42:27 UTC 2011 - crrodriguez@opensuse.org
|
||
|
||
- Support openSSL compiled without SSLv2 support
|
||
- Update to version 7.21.4
|
||
* SMTP: add brackets for MAIL FROM
|
||
* multi: connect fail => use next IP address
|
||
* pubkey_show: allocate buffer to fit any-size result
|
||
* Curl_do: avoid using stale conn pointer
|
||
* tftpd test server: avoid buffer overflow report from glibc
|
||
* OpenSSL get_cert_chain: support larger data sets
|
||
* SCP/SFTP transfers: acknowledge speedcheck
|
||
* connect problem: use UDP correctly
|
||
* OpenSSL: improved error message on SSL_CTX_new failures
|
||
* HTTP: memory leak on multiple Location:
|
||
* curl.1: typo in -v description
|
||
* CURLOPT_SOCKOPTFUNCTION: return proper error code --keepalive-time
|
||
* file: add support for CURLOPT_TIMECONDITION
|
||
* multi: fix CURLM_STATE_TOOFAST for multi_socket
|
||
-------------------------------------------------------------------
|
||
Fri Oct 22 16:37:03 UTC 2010 - cristian.rodriguez@opensuse.org
|
||
|
||
- Update to version 7.21.2
|
||
* curl -T: ignore file size of special files
|
||
* Added GOPHER protocol support
|
||
* Added mk-ca-bundle.vbs script
|
||
* c-ares build now requires c-ares >= 1.6.0
|
||
* --remote-header-name security vulnerability fixed
|
||
* multi: support the timeouts correctly, fixes known bug #62
|
||
* multi: use timeouts properly for MAX_RECV/SEND_SPEED
|
||
* negotiation: Wrong proxy authorization
|
||
* multi: avoid sending multiple complete messages
|
||
* cmdline: make -F type= accept ;charset=
|
||
* RESUME_FROM: clarify what ftp uploads do
|
||
* http: handle trailer headers in all chunked responses
|
||
* Curl_is_connected: use correct errno
|
||
* progress: callback for POSTs less than MAX_INITIAL_POST_SIZE
|
||
* Link curl and the test apps with -lrt explicitly when necessary
|
||
* chunky parser: only rewind stream internally if needed
|
||
* remote-header-name: don't output filename when NULL
|
||
* Curl_timeleft: avoid returning "no timeout" by mistake
|
||
* timeout: use the correct start value as offset
|
||
* FTP: fix wrong timeout trigger
|
||
* rtsp: avoid SIGSEGV on malformed header
|
||
* LDAP: Support for tunnelling queries through HTTP proxy
|
||
* curl_easy_duphandle: clone the c-ares handle correctly
|
||
* support URL containing colon without trailing port number
|
||
* parsedate: allow time specified without seconds
|
||
* curl_easy_escape: don't escape "unreserved" characters
|
||
* SFTP: avoid downloading negative sizes
|
||
* Lots of GSS/KRB FTP fixes
|
||
* TFTP: Work around tftpd-hpa upload bug
|
||
* libcurl.m4: several fixes
|
||
* HTTP: remove special case for 416
|
||
* globbing: fix crash on unballanced open brace
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jun 2 14:12:54 UTC 2010 - lnussel@suse.de
|
||
|
||
- allowing switching to nss instead of openssl via bcond
|
||
|
||
-------------------------------------------------------------------
|
||
Mon May 10 01:12:22 UTC 2010 - crrodriguez@opensuse.org
|
||
|
||
- disable c-ares support while bnc598574 is fixed.
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Apr 24 10:58:50 UTC 2010 - coolo@novell.com
|
||
|
||
- buildrequire pkg-config to fix provides
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Apr 23 00:53:19 UTC 2010 - crrodriguez@opensuse.org
|
||
|
||
- Update to libcurl 7.20.1
|
||
* off-by-one in the chunked encoding trailer parser
|
||
* CURLOPT_CERTINFO memory leak
|
||
* threaded resolver double free when closing curl handle
|
||
* url_multi_remove_handle() caused use after free
|
||
* SSL possible double free when reusing curl handle
|
||
* alarm()-based DNS timeout bug
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Mar 24 18:39:57 UTC 2010 - crrodriguez@opensuse.org
|
||
|
||
- enable libssh2 support unconditionally.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Mar 10 13:46:45 UTC 2010 - crrodriguez@opensuse.org
|
||
|
||
- enable libcares support unconditionally.
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Feb 13 21:39:56 CET 2010 - dimstar@opensuse.org
|
||
|
||
- Update to version 7.20.0:
|
||
* support SSL_FILETYPE_ENGINE for client certificate
|
||
* curl-config can now show the arguments used when building curl
|
||
* non-blocking TFTP
|
||
* send Expect: 100-continue for POSTs with unknown sizes
|
||
* added support for IMAP(S), POP3(S), SMTP(S) and RTSP
|
||
* added new curl_easy_setopt() options for SMTP and RTSP
|
||
* added --mail-from and --mail-rcpt for SMTP
|
||
* VMS build system enhancements
|
||
* added support for the PRET ftp command
|
||
* curl supports --ssl and --ssl-reqd
|
||
* added -J/--remote-header-name for using server-provided
|
||
filename with -O
|
||
* enhanced asynchronous DNS lookups
|
||
* symbol CURL_FORMAT_OFF_T is obsoleted
|
||
* many bugfixes
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jan 26 11:33:14 CET 2010 - mmarek@suse.cz
|
||
|
||
- updated to 7.19.7
|
||
* -T. is now for non-blocking uploading from stdin
|
||
* SYST handling on FTP for OS/400 FTP server cases
|
||
* libcurl refuses to read a single HTTP header longer than 100K
|
||
* added the --crlfile option to curl
|
||
* many bugfixes
|
||
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jan 11 11:38:16 CET 2010 - meissner@suse.de
|
||
|
||
- add baselibs.conf as source
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Aug 13 21:30:37 CEST 2009 - mmarek@suse.cz
|
||
|
||
- updated to 7.19.6
|
||
* CURLOPT_FTPPORT (and curl's -P/--ftpport) support port ranges
|
||
* Added CURLOPT_SSH_KNOWNHOSTS, CURLOPT_SSH_KEYFUNCTION,
|
||
CURLOPT_SSH_KEYDATA
|
||
* CURLOPT_QUOTE, CURLOPT_POSTQUOTE and CURLOPT_PREQUOTE can be
|
||
told to ignore error responses when used with FTP
|
||
* fixed CVE-2009-2417 (matching certificates with embedded NUL
|
||
bytes)
|
||
* many other bugfixes
|
||
|
||
-------------------------------------------------------------------
|
||
Tue May 19 15:03:25 CEST 2009 - mmarek@suse.cz
|
||
|
||
- remove the Obsoletes: curl-ca-bundle, it breaks parallel
|
||
installation of older libcurl packages (bnc#484044).
|
||
|
||
-------------------------------------------------------------------
|
||
Tue May 19 15:00:02 CEST 2009 - mmarek@suse.cz
|
||
|
||
- updated to 7.19.5
|
||
* libcurl now closes all dead connections whenever you attempt to
|
||
open a new connection
|
||
* libssh2's version number can now be figured out run-time
|
||
instead of using the build-time fixed number
|
||
* CURLOPT_SEEKFUNCTION may now return CURL_SEEKFUNC_CANTSEEK
|
||
* curl can now upload with resume even when reading from a pipe
|
||
* a build-time configured curl_socklen_t is now used instead of
|
||
socklen_t
|
||
- by default, don't abort if the testsuite fails.
|
||
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Mar 5 11:12:41 CET 2009 - mmarek@suse.cz
|
||
|
||
- don't run autoreconf -fi as it breaks on older distros and
|
||
upstream uses recent autotools already.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Mar 2 15:44:14 CET 2009 - mmarek@suse.cz
|
||
|
||
- updated to 7.19.4
|
||
* don't follow redirects to file:// and scp:// by default; add
|
||
new curl_easy_setopt options CURLOPT_PROTOCOLS and
|
||
CURLOPT_REDIR_PROTOCOLS to specify which protocols are allowed
|
||
and which protocols are allowed to redirect to (bnc#475103,
|
||
CVE-2009-0037)
|
||
* Added CURLOPT_NOPROXY and the corresponding --noproxy
|
||
* the OpenSSL-specific code disables TICKET (rfc5077) which is
|
||
enabled by default in openssl 0.9.8j
|
||
* Added CURLOPT_TFTP_BLKSIZE
|
||
* Added CURLOPT_SOCKS5_GSSAPI_SERVICE and
|
||
CURLOPT_SOCKS5_GSSAPI_NEC - with the corresponding curl options
|
||
--socks5-gssapi-service and --socks5-gssapi-nec
|
||
* Improved IPv6 support when built with with c-ares >= 1.6.1
|
||
* Added CURLPROXY_HTTP_1_0 and --proxy1.0
|
||
* Added docs/libcurl/symbols-in-versions
|
||
* Added CURLINFO_CONDITION_UNMET
|
||
* Added support for Digest and NTLM authentication using GnuTLS
|
||
* CURLOPT_FTP_CREATE_MISSING_DIRS can now be set to 2 to retry
|
||
the CWD even when MKD fails
|
||
* GnuTLS initing moved to curl_global_init()
|
||
* CURLAUTH_DIGEST_IE bit added for CURLOPT_HTTPAUTH and
|
||
CURLOPT_PROXYAUTH
|
||
* pkg-config can now show supported_protocols and
|
||
supported_features
|
||
* Added CURLOPT_CERTINFO and CURLINFO_CERTINFO
|
||
* Added CURLOPT_POSTREDIR
|
||
* Better detect HTTP 1.0 servers and don't do HTTP 1.1 requests
|
||
on them
|
||
* configure --disable-proxy disables proxy support
|
||
* Added CURLOPT_USERNAME and CURLOPT_PASSWORD
|
||
* --interface now works with IPv6 connections on glibc systems
|
||
* Added CURLOPT_PROXYUSERNAME and CURLOPT_PROXYPASSWORD
|
||
|
||
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Dec 10 12:34:56 CET 2008 - olh@suse.de
|
||
|
||
- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade
|
||
(bnc#437293)
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Oct 30 12:34:56 CET 2008 - olh@suse.de
|
||
|
||
- obsolete old -XXbit packages (bnc#437293)
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Sep 15 11:26:06 CEST 2008 - mmarek@suse.cz
|
||
|
||
- only buildrequire stunnel when built --with stunnel
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Sep 11 09:20:08 CEST 2008 - mmarek@suse.cz
|
||
|
||
- test 279 no longer fails with runtests.pl -b <num>
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Sep 2 14:23:51 CEST 2008 - mmarek@suse.cz
|
||
|
||
- updated to 7.19.0
|
||
* curl_off_t gets its size/typedef somewhat differently than
|
||
before. This _may_ cause an ABI change for you. See
|
||
/usr/share/doc/packages/curl/README.curl_off_t for a full
|
||
explanation. (Should not affect our package as it has LFS
|
||
enabled)
|
||
* Added CURLINFO_PRIMARY_IP
|
||
* Added CURLOPT_CRLFILE and CURLE_SSL_CRL_BADFILE
|
||
* Added CURLOPT_ISSUERCERT and CURLE_SSL_ISSUER_ERROR
|
||
* curl's option parser for boolean options reworked
|
||
* Added --remote-name-all
|
||
* Added CURLINFO_APPCONNECT_TIME
|
||
* Added test selection by key word in runtests.pl
|
||
* the curl tool's -w option support the %{ssl_verify_result}
|
||
variable
|
||
* Added CURLOPT_ADDRESS_SCOPE and scope parsing of the URL
|
||
according to RFC4007
|
||
* Support --append on SFTP uploads (not with OpenSSH, though)
|
||
* Added curlbuild.h and curlrules.h to the external library
|
||
interface
|
||
* lots of bugfixes
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jun 4 18:05:43 CEST 2008 - mmarek@suse.cz
|
||
|
||
- updated to 7.18.2
|
||
* CURLFORM_STREAM was added
|
||
* CURLOPT_NOBODY is now supported over SFTP
|
||
* curl can now run on Symbian OS
|
||
* curl -w redirect_url and CURLINFO_REDIRECT_URL
|
||
* added curl_easy_send() and curl_easy_recv()
|
||
* some bugfixes
|
||
|
||
-------------------------------------------------------------------
|
||
Sat May 17 19:22:10 CEST 2008 - coolo@suse.de
|
||
|
||
- fix renaming of xxbit packages
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Apr 28 11:30:24 CEST 2008 - mmarek@suse.cz
|
||
|
||
- disable c-ares support again until bnc#381709 is fixed
|
||
- build with libssh2 support in the devel:libraries:c_c++ project
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Apr 11 14:22:20 CEST 2008 - mmarek@suse.cz
|
||
|
||
- build with c-ares support
|
||
- fixed build for older dists
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de
|
||
|
||
- added baselibs.conf file to build xxbit packages
|
||
for multilib support
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Apr 2 13:53:43 CEST 2008 - mmarek@suse.de
|
||
|
||
- obsolete curl-ca-bundle by the library package
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Mar 31 10:16:30 CEST 2008 - mmarek@suse.cz
|
||
|
||
- updated to 7.18.1
|
||
* minor fixes since last update
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Mar 21 17:42:35 CET 2008 - mmarek@suse.cz
|
||
|
||
- updated to cvs snapshot 20080321
|
||
* added support for HttpOnly cookies
|
||
* we no longer distribute or install a ca cert bundle
|
||
* SSLv2 is now disabled by default for SSL operations
|
||
* the test509-style setting URL in callback is officially no
|
||
longer supported
|
||
* support a full chain of certificates in a given PKCS12
|
||
certificate
|
||
* resumed transfers work with SFTP
|
||
* added type checking macros for curl_easy_setopt() and
|
||
curl_easy_getinfo(), watch out for new warnings in code using
|
||
libcurl (needs gcc-4.3 and currently only works in C mode)
|
||
* curl_easy_setopt(), curl_easy_getinfo(), curl_share_setopt()
|
||
and curl_multi_setopt() uses are now checked to use exactly
|
||
three arguments
|
||
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Mar 10 11:03:56 CET 2008 - mmarek@suse.cz
|
||
|
||
- clean up curl-config --libs output, thanks to Cristian Rodríguez
|
||
for pointing it out
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Mar 7 11:03:25 CET 2008 - mmarek@suse.cz
|
||
|
||
- build with gssapi support (thanks to Michael Calmer)
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Feb 18 15:00:12 CET 2008 - mmarek@suse.cz
|
||
|
||
- removed Requires: openssl-certs - doesn't exist on older dists
|
||
and is required by libopenssl otherwise
|
||
- allow to build the package even if the testsuite fails
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Feb 8 10:21:10 CET 2008 - mmarek@suse.cz
|
||
|
||
- use /etc/ssl/certs instead of own curl-ca-bundle.crt
|
||
* more up-to-date ca cert collection (bnc#334690)
|
||
* allows for easier updates of ca certs
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jan 29 10:01:27 CET 2008 - mmarek@suse.cz
|
||
|
||
- updated to 7.18.0
|
||
* --data-urlencode
|
||
* CURLOPT_PROXY_TRANSFER_MODE
|
||
* --no-keepalive - now curl does connections with keep-alive
|
||
enabled by default
|
||
* --socks4a added (proxy type CURLPROXY_SOCKS4A for libcurl)
|
||
* --socks5-hostname added (CURLPROXY_SOCKS5_HOSTNAME for libcurl)
|
||
* curl_easy_pause()
|
||
* CURLOPT_SEEKFUNCTION and CURLOPT_SEEKDATA
|
||
* --keepalive-time
|
||
* curl --help output was re-ordered
|
||
* bugfixes
|
||
- fixed test553 to work with different port number
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jan 10 16:21:34 CET 2008 - mmarek@suse.cz
|
||
|
||
- only print -lcurl in curl-config to reduce dependencies
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Dec 11 17:59:57 CET 2007 - mmarek@suse.cz
|
||
|
||
- backported the CURLOPT_PROXY_TRANSFER_MODE patch [#306272#c26]
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Nov 16 12:06:39 CET 2007 - mmarek@suse.cz
|
||
|
||
- fixed the testsuite on hosts that have no IPv6 support [#341994]
|
||
curl-testsuite-safely-skip-http-ipv6.patch
|
||
curl-testsuite-remember-broken-servers.patch
|
||
- added stunnel to BuildRequires to enable SSL tests
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Oct 30 09:14:04 CET 2007 - mmarek@suse.cz
|
||
|
||
- updated to 7.17.1
|
||
* automatically append ";type=<a|i>" when using HTTP proxies for
|
||
FTP urls [#306272]
|
||
* improved NSS support
|
||
* added --proxy-negotiate
|
||
* added --post301 and CURLOPT_POST301
|
||
* builds with c-ares 1.5.0
|
||
* added CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 and --hostpubmd5
|
||
* renamed CURLE_SSL_PEER_CERTIFICATE to
|
||
CURLE_PEER_FAILED_VERIFICATION
|
||
* added CURLOPT_OPENSOCKETFUNCTION and CURLOPT_OPENSOCKETDATA
|
||
* CULROPT_COOKIELIST supports "FLUSH"
|
||
* added CURLOPT_COPYPOSTFIELDS
|
||
* added --static-libs to curl-config
|
||
* many bugfixes, inc. fix for bug #332917
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Oct 11 16:19:56 CEST 2007 - mszeredi@suse.de
|
||
|
||
- Add missing dependency (openldap2-devel) for libcurl-devel
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Oct 8 17:28:01 CEST 2007 - mmarek@suse.cz
|
||
|
||
- updated to 7.17.0
|
||
* curl_easy_setopt() now allocates strings passed to it
|
||
* LDAP libraries are now linked "regularly" and not with dlopen
|
||
(the strict-aliasing patch can go away)
|
||
* HTTP transfers have the download size info "available" earlier
|
||
* FTP transfers have the download size info "available" earlier
|
||
* several error codes and options were marked as obsolete and
|
||
subject to future removal (set CURL_NO_OLDIES to see if your
|
||
application is using them)
|
||
* some bugfixes (see /usr/share/doc/packages/curl/RELEASE-NOTES)
|
||
- added fixes for some post-7.17 bugs
|
||
- removed some less useful %%doc files
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Sep 14 09:20:35 CEST 2007 - mmarek@suse.cz
|
||
|
||
- set transfer mode (binary/ascii) when retrieving ftp:// urls via
|
||
an http proxy (curl-ftp-httpproxy.patch) [#306272]
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Aug 29 12:25:59 CEST 2007 - mmarek@suse.cz
|
||
|
||
- s/openssl-devel/libopenssl-devel/ [#305815]
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Aug 3 13:53:05 CEST 2007 - mmarek@suse.cz
|
||
|
||
- updated to 7.16.4
|
||
* added CURLOPT_NEW_FILE_PERMS and CURLOPT_NEW_DIRECTORY_PERMS
|
||
* improved hashing of sockets for the multi_socket API
|
||
* ftp kerberos5 support added
|
||
* some bugfixes (see /usr/share/doc/packages/curl/RELEASE-NOTES)
|
||
- fixed libcurl-devel Provides: [#293401]
|
||
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jul 9 10:35:48 CEST 2007 - mmarek@suse.cz
|
||
|
||
- updated to 7.16.3
|
||
* many bugfixes
|
||
* support for running multiple testsuites in paralell
|
||
- removed lfs patch leftover
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jun 4 10:16:40 CEST 2007 - mmarek@suse.cz
|
||
|
||
- install libcurl.m4 [#275462]
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jun 1 11:57:28 CEST 2007 - dmueller@suse.de
|
||
|
||
- fix obsoletes for alpha3 update
|
||
- fix ldconfig call
|
||
|
||
-------------------------------------------------------------------
|
||
Wed May 23 16:22:39 CEST 2007 - bk@suse.de
|
||
|
||
- updated to 7.16.2 (lots of fixes, fixes a segfault in git-http)
|
||
|
||
-------------------------------------------------------------------
|
||
Fri May 4 14:55:41 CEST 2007 - mmarek@suse.cz
|
||
|
||
- also avoid non-versioned obsoletes
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Apr 16 10:49:55 CEST 2007 - mmarek@suse.de
|
||
|
||
- avoid non-versioned provides
|
||
- removed old curl_ssl provides/obsoletes from 7.1 times
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Apr 2 17:38:04 CEST 2007 - rguenther@suse.de
|
||
|
||
- split off libcurl4 and curl-ca-bundle packages, rename curl-devel
|
||
to libcurl-devel
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Mar 31 18:53:00 CEST 2007 - rguenther@suse.de
|
||
|
||
- add zlib-devel BuildRequires
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Feb 16 16:07:34 CET 2007 - mmarek@suse.cz
|
||
|
||
- better patch for #246179
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Feb 16 14:04:38 CET 2007 - mmarek@suse.cz
|
||
|
||
- fix CURLOPT_RANGE reset for ftp transfers
|
||
[#246179] (ftp_range.patch)
|
||
- updated to 7.16.1 (other bugfixes)
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jan 26 09:55:19 CET 2007 - mmarek@suse.cz
|
||
|
||
- remove libcurl.a and libcurl.la (rationale: there are security
|
||
updates of curl from time to time, so statically linking it is
|
||
not acceptable)
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jan 25 15:36:29 CET 2007 - mmarek@suse.cz
|
||
|
||
- fixed strict aliasing warnings
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Dec 19 14:59:34 CET 2006 - mmarek@suse.cz
|
||
|
||
- updated to 7.16.0
|
||
* removed CURLOPT_SOURCE_* options and --3p* command line option
|
||
(breaks python-curl atm)
|
||
* for a complete list of changes, see
|
||
/usr/share/doc/packages/curl/RELEASE-NOTES
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Aug 15 11:23:58 CEST 2006 - mmarek@suse.cz
|
||
|
||
- configure with --enable-hidden-symbols to compile libcurl with
|
||
-fvisibility=hidden, exporting only symbols from the API
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Aug 15 10:41:28 CEST 2006 - mmarek@suse.cz
|
||
|
||
- updated to version 7.15.5
|
||
* added --ftp-ssl-reqd
|
||
* modified the prototype for the socket callback set with
|
||
CURLMOPT_SOCKETFUNCTION
|
||
* added curl_multi_assign()
|
||
* added CURLOPT_FTP_ALTERNATIVE_TO_USER and --ftp-alternative-to-user
|
||
* added a vcproj file for building libcurl
|
||
* added curl_formget()
|
||
* added CURLOPT_MAX_SEND_SPEED_LARGE and CURLOPT_MAX_RECV_SPEED_LARGE
|
||
* Made -K on a file that couldn't be read cause a warning to be displayed
|
||
* some bugfixes
|
||
- dropped epsv-firewall.patch which was intergrated in 7.15.2
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Jul 1 21:28:06 CEST 2006 - cthiel@suse.de
|
||
|
||
- update to version 7.15.4, changes & fixes for this version:
|
||
* NTLM2 session response support
|
||
* CURLOPT_COOKIELIST set to "SESS" clears all session cookies
|
||
* CURLINFO_LASTSOCKET returned sockets are now checked more before
|
||
returned
|
||
* curl-config got a --checkfor option to compare version numbers
|
||
* line end conversions for FTP ASCII transfers
|
||
* curl_multi_socket() API added (still mostly untested)
|
||
* conversion callback options for EBCDIC <=> ASCII conversions
|
||
* added CURLINFO_FTP_ENTRY_PATH
|
||
* less blocking for the multi interface during (Open)SSL connect
|
||
negotiation
|
||
* builds fine on cygwin
|
||
* md5-sess with Digest authentication
|
||
* dict with letters such as space in a word
|
||
* dict with url-encoded words in the URL
|
||
* libcurl.m4 when default=yes but no libcurl was found
|
||
* numerous bugs fixed in the TFTP code
|
||
* possible memory leak when adding easy handles to multi stack
|
||
* TFTP works in a more portable fashion (== on more platforms)
|
||
* WSAGetLastError() is now used (better) on Windows
|
||
* GnuTLS non-block case that could cause data trashing
|
||
* deflate code survives lack of zlib header
|
||
* CURLOPT_INTERFACE works with hostname
|
||
* configure runs fine with ICC
|
||
* closed control connection with FTP when easy handle was removed from
|
||
multi
|
||
* curl --trace crash when built with VS2005
|
||
* SSL connect time-out
|
||
* improved NTLM functionality
|
||
* following redirects with more than one question mark in source URL
|
||
* fixed debug build crash with -d
|
||
* generates a fine AIX Toolbox RPM spec
|
||
* treat FTP AUTH failures properly
|
||
* TFTP transfers could trash data
|
||
* -d + -G combo crash
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jun 14 17:36:10 CEST 2006 - mmarek@suse.cz
|
||
|
||
- fixed syntax error in configure
|
||
|
||
-------------------------------------------------------------------
|
||
Sun May 28 16:16:33 CEST 2006 - cthiel@suse.de
|
||
|
||
- update to version 7.15.3, changes & fixes for this version:
|
||
* added docs for --ftp-method and CURLOPT_FTP_FILEMETHOD
|
||
* TFTP Packet Buffer Overflow Vulnerability (CVE-2006-1061)
|
||
* properly detecting problems with sending the FTP command USER
|
||
* wrong error message shown when certificate verification failed
|
||
* multi-part formpost with multi interface crash
|
||
* the CURLFTPSSL_CONTROL setting for CURLOPT_FTP_SSL is acknowledged
|
||
* "SSL: couldn't set callback" is now treated as a less serious problem
|
||
* Interix build fix
|
||
* fixed curl "hang" when out of file handles at start
|
||
* prevent FTP uploads to URLs with trailing slash
|
||
|
||
- changes & fixes in 7.15.2
|
||
* Support for SOCKS4 proxies (added --socks4)
|
||
* CURLOPT_CONNECT_ONLY and CURLINFO_LASTSOCKET added
|
||
* CURLOPT_LOCALPORT and CURLOPT_LOCALPORTRANGE (--local-port) added
|
||
* Dropped support for the LPRT ftp command
|
||
* Gopher is now officially abandoned as a protocol (lib)curl tries to
|
||
support
|
||
* curl_global_init() and curl_global_cleanup() are now using a refcount so
|
||
that it is now legal to call them multiple times. See updated info for
|
||
details
|
||
* two bugs concerning using curl_multi_remove_handle() before the transfer
|
||
was complete
|
||
* multi-pass authentication and compressed content
|
||
* minor format string mistake in the GSS/Negotiate code
|
||
* cached DNS entries could remain in the cache too long
|
||
* improved GnuTLS check in configure
|
||
* re-used FTP connections when the second request didn't do a transfer
|
||
* plain --limit-rate [num] means bytes
|
||
* re-creating a dead connection is no longer counted internally as a
|
||
followed redirect and thus prevents a weird error that would occur if a
|
||
FTP connection died on an attempted re-use
|
||
* Try PASV after failing to connect to the port the EPSV response
|
||
contained
|
||
* -P [IP] with non-local address with ipv6-enabled curl
|
||
* -P [hostname] with ipv6-disabled curl
|
||
* libcurl.m4 was updated
|
||
* configure no longer warns if the current path contains a space
|
||
* test suite kill race condition
|
||
* FTP_SKIP_PASV_IP and FTP_USE_EPSV when doing FTP over HTTP proxy
|
||
* Doing a second request with FTP on the same bath path, would make
|
||
libcurl confuse what current working directory it had
|
||
* FTP over HTTP proxy now sends the second CONNECT properly
|
||
* numerous compiler warnings and build quirks for various compilers have
|
||
been addressed
|
||
* supports name and passwords up to 255 bytes long, embedded in URLs
|
||
* the HTTP_ONLY define disables the TFTP support
|
||
|
||
- removed curl-7.15.1-CVE-2006-1061.patch, included upstream
|
||
- removed curl-7.15.1-aliasing.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Mar 14 12:35:53 CET 2006 - mmarek@suse.cz
|
||
|
||
- fix buffer overflow in TFTP code
|
||
[#157874] (CVE-2006-1061.patch)
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Feb 15 02:53:15 CET 2006 - ro@suse.de
|
||
|
||
- added libidn-devel to requires of devel package
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Feb 13 16:32:40 CET 2006 - mmarek@suse.cz
|
||
|
||
- build with libidn support
|
||
[#150313]
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jan 27 01:07:37 CET 2006 - mls@suse.de
|
||
|
||
- converted neededforbuild to BuildRequires
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jan 23 17:20:59 CET 2006 - mmarek@suse.cz
|
||
|
||
- fallback to PASV if some firewall doesn't let an EPSV connection
|
||
trough
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jan 12 15:45:18 CET 2006 - mmarek@suse.cz
|
||
|
||
- build with -fstack-protector
|
||
- add dependency on curl = %%{version} to curl-devel
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jan 10 15:24:29 CET 2006 - mmarek@suse.cz
|
||
|
||
- remove non-existent path /usr/ssl, which caused -L/usr/ssl/lib to
|
||
appeared in curl-config output
|
||
- use make -j
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Dec 13 13:23:13 CET 2005 - mmarek@suse.cz
|
||
|
||
- updated to 7.15.1, fixing previous vulnerabilities
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Oct 13 16:00:00 CEST 2005 - mmarek@suse.cz
|
||
|
||
- fix stack buffer overflow in lib/http_ntlm.c [#128065]
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Oct 10 14:20:12 CEST 2005 - mmarek@suse.cz
|
||
|
||
- updated to 7.14.1
|
||
- updated curl-7.14.1-aliasing.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jun 20 16:38:34 CEST 2005 - anicka@suse.cz
|
||
|
||
- update to 7.14.0
|
||
- remove obsolete patch curl-ntlm.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Apr 12 16:37:59 CEST 2005 - tcrhak@suse.cz
|
||
|
||
- packaged curl-ca-bundle.crt (bug #64301)
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Feb 24 10:07:13 CET 2005 - meissner@suse.de
|
||
|
||
- enable make test. fixed test 241 to use ::1 directly.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Feb 22 10:46:21 CET 2005 - mcihar@suse.cz
|
||
|
||
- fix buffer overflow in NTLM (bug #65752)
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Feb 8 18:36:38 CET 2005 - mcihar@suse.cz
|
||
|
||
- update to 7.13.0
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Aug 11 11:31:07 CEST 2004 - tcrhak@suse.cz
|
||
|
||
- update to 7.12.0
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Apr 28 19:57:41 CEST 2004 - tcrhak@suse.cz
|
||
|
||
- strict aliasing fix
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Mar 16 17:31:01 CET 2004 - tcrhak@suse.cz
|
||
|
||
- fix for lfs for in transfer.c (bug #36040)
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Feb 25 19:29:05 CET 2004 - tcrhak@suse.cz
|
||
|
||
- ignore leading slashes of url-path in URLs like
|
||
ftp://user@name//url-path, i.e don't change to the
|
||
root directory (RFC 1738, bug #34471)
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Feb 10 17:39:28 CET 2004 - tcrhak@suse.cz
|
||
|
||
- update to version 7.11.0
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Jan 10 16:13:21 CET 2004 - adrian@suse.de
|
||
|
||
- add %defattr and %run_ldconfig
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Nov 05 16:20:21 CET 2003 - tcrhak@suse.cz
|
||
|
||
- added large file support, patch lfs [bug #32411]
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Sep 04 17:48:46 CEST 2003 - tcrhak@suse.cz
|
||
|
||
- require zlib-devel, openssl-devel and glibc-devel in curl-devel [bug #29881]
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Aug 08 09:39:30 CEST 2003 - tcrhak@suse.cz
|
||
|
||
- terminate array of directory components by NULL (bug #28351, patch dirs)
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jul 23 19:36:56 CEST 2003 - tcrhak@suse.cz
|
||
|
||
- update to version 7.10.5
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jun 3 01:24:42 CEST 2003 - ro@suse.de
|
||
|
||
- remove unpackaged files from buildroot
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Nov 27 17:27:13 CET 2002 - tcrhak@suse.cz
|
||
|
||
- update to version 7.10.2
|
||
- moved curl-config.1.gz to the devel subpackage [bug #21966]
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Jul 13 17:25:58 CEST 2002 - tcrhak@suse.cz
|
||
|
||
- update to version 7.9.8
|
||
- added automake
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jan 18 17:45:31 CET 2002 - tcrhak@suse.cz
|
||
|
||
- used macros %{_lib} and %{_libdir}
|
||
- update to 7.9.2
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Oct 19 08:38:40 CEST 2001 - ro@suse.de
|
||
|
||
- do not pack shared library into both, main and devel package
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Oct 8 11:35:52 CEST 2001 - tcrhak@suse.cz
|
||
|
||
- update to version 7.9
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Sep 21 11:46:09 CEST 2001 - adostal@suse.cz
|
||
|
||
- fix manual in man.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Aug 21 16:10:10 CEST 2001 - adostal@suse.cz
|
||
|
||
- update to version 7.8.1
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jul 18 10:21:13 CEST 2001 - adostal@suse.cz
|
||
|
||
- files devel fixed
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jul 2 17:51:34 CEST 2001 - adostal@suse.cz
|
||
|
||
- update to version 7.8
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jun 13 17:33:41 CEST 2001 - ro@suse.de
|
||
|
||
- fixed to compile with new autoconf
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Apr 9 14:39:03 CEST 2001 - cihlar@suse.cz
|
||
|
||
- update to version 7.7.1
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Mar 6 10:03:05 CET 2001 - cihlar@suse.cz
|
||
|
||
- update to version 7.6.1
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jan 3 09:13:15 CET 2001 - cihlar@suse.cz
|
||
|
||
- fixed Provides and Obsoletes also for curl-devel
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Dec 19 07:16:38 CET 2000 - cihlar@suse.cz
|
||
|
||
- fixed name
|
||
- added Obsoletes: curl_ssl
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Dec 18 15:13:25 CET 2000 - cihlar@suse.cz
|
||
|
||
- changed to ssl support
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Nov 16 14:25:18 CET 2000 - cihlar@suse.cz
|
||
|
||
- renamed curldev -> curl-devel
|
||
- update to version 7.4.2
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Oct 17 09:16:16 CEST 2000 - cihlar@suse.cz
|
||
|
||
- update to version 7.4.1 - security bug fixed
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Aug 30 09:34:32 CEST 2000 - cihlar@suse.cz
|
||
|
||
- package created
|
||
|