From f53a55e58dd7733f1176a0ac268b2df576778970 Mon Sep 17 00:00:00 2001 From: dartraiden Date: Wed, 26 Jul 2023 15:20:15 +0300 Subject: libcurl: update to 8.2.1 --- libs/libcurl/docs/CHANGES | 719 +++++++++++++++++++++++----------------------- 1 file changed, 358 insertions(+), 361 deletions(-) (limited to 'libs/libcurl/docs/CHANGES') diff --git a/libs/libcurl/docs/CHANGES b/libs/libcurl/docs/CHANGES index 93b451ed04..c18d77996a 100644 --- a/libs/libcurl/docs/CHANGES +++ b/libs/libcurl/docs/CHANGES @@ -6,6 +6,364 @@ Changelog +Version 8.2.1 (26 Jul 2023) + +Daniel Stenberg (26 Jul 2023) + +- RELEASE-NOTES: synced + + curl 8.2.1 release + +- THANKS: add contributors from 8.2.1 + +- docs: provide more see also for cipher options + + More cross references. Hide nroff errors. + + Closes #11513 + +- docs: mark two TLS options for TLS, not SSL + + Closes #11514 + +Brad Harder (25 Jul 2023) + +- curl_multi_wait.3: fix arg quoting to doc macro .BR + + Closes #11511 + +Daniel Stenberg (24 Jul 2023) + +- RELEASE-NOTES: synced + +Viktor Szakats (24 Jul 2023) + +- cmake: update ngtcp2 detection + + Replace `OpenSSL` with `quictls` to follow the same change + in the v0.17.0 ngtcp2 release. + + Follow-up to e0093b4b732f6495b0fb1cd6747cbfedcdcf63ed + + Closes #11508 + +Stefan Eissing (24 Jul 2023) + +- http: VLH, very large header test and fixes + + - adding tests using very large passwords in auth + - fixes general http sending to treat h3 like h2, and + not like http1.1 + - eliminate H2_HEADER max definitions and use the commmon + DYN_HTTP_REQUEST everywhere, different limits do not help + - fix http2 handling of requests denied by nghttp2 on send + to immediately report the refused stream + + Closes #11509 + +Andrei Rybak (23 Jul 2023) + +- CONTRIBUTE: drop mention of copyright year ranges + + Year ranges in copyrights were dropped in commits [1] and [2]. + Verification of year ranges in copyrights was dropped from script + 'scripts/copyright.pl' in commit [3]. However, the corresponding + passages in file 'docs/CONTRIBUTE.md' weren't updated. + + Drop mentions of copyright year ranges from 'docs/CONTRIBUTE.md'. + + [1] 2bc1d775f (copyright: update all copyright lines and remove year + ranges, 2023-01-02) + [2] c46761bd8 (tests/http: remove year ranges from copyrights, + 2023-03-14) + [3] 0e293bacb (copyright.pl: cease doing year verifications, 2023-01-28) + + Closes #11504 + +- CONTRIBUTE: fix syntax in commit message description + + File 'docs/CONTRIBUTE.md' includes a description of how one should write + commit messages in the curl project. Different possible parts of the + message are enclosed in square brackets. One exception is the section + describing how the curl project doesn't use "Signed-off-by" commit + trailers [1], which is enclosed in an opening curly brace paired with a + closing square bracket. + + Fix the enclosing square brackets in description of "Signed-off-by" + trailers in commit messages in file 'docs/CONTRIBUTE.md'. + + [1] See description of option '--signoff' in Git documentation: + https://git-scm.com/docs/git-commit + + Closes #11504 + +Daniel Stenberg (23 Jul 2023) + +- src/mkhelp: strip off escape sequences + + At some point the nroff command stopped stripping off escape sequences, + so then this script needs to do the job instead. + + Reported-by: VictorVG on github + Fixes #11501 + Closes #11503 + +- KNOWN_BUGS: building for old macOS fails with gcc + + Closes #11441 + +Jacob Hoffman-Andrews (22 Jul 2023) + +- rustls: update rustls-ffi 0.10.0 + + This brings in version 0.21.0 of the upstream rustls implementation, + which notable includes support for IP address certificates. + + Closes #10865 + +Brad Harder (22 Jul 2023) + +- websocket: rename arguments/variables to match docs + + Pedantry/semantic-alignment between functions, docs, comments with + respect to websocket protocol code; No functional change intended. + + * "totalsize", "framesize" becomes "fragsize" (we deal in frame fragments). + + * "sendflags" becomes "flags" + + * use canonical CURL *handle + + Closes #11493 + +Jan Macku (21 Jul 2023) + +- bug_report: use issue forms instead of markdown template + + Issue forms allow you to define web-like input forms using YAML + syntax. It allows you to guide the reporter to get the required + information. + + Signed-off-by: Jan Macku + Closes #11474 + +Daniel Stenberg (21 Jul 2023) + +- TODO: Obey Retry-After in redirects + + (remove "Set custom client ip when using haproxy protocol" which was + shipped in 8.2.0) + + Mentioned-by: Yair Lenga + Closes #11447 + +- RELEASE-NOTES: synced + +Oliver Roberts (21 Jul 2023) + +- amissl: fix AmiSSL v5 detection + + Due to changes in the AmiSSL SDK, the detection needed adjusting. + + Closes #11477 + +Alois Klink (21 Jul 2023) + +- unittest/makefile: remove unneeded unit1621_LDADD + + The `unit1621_LDADD` variable has the exact same value as the `LDADD` + flag in `Makefile.am`, except without `@LDFLAGS@ @LIBCURL_LIBS@`. + + This was originally added by [98e6629][], but I can't see any reason + why it exists, so we should remove it to clean things up. + + [98e6629]: https://github.com/curl/curl/commit/98e6629154044e4ab1ee7cff8351c7 + ebcb131e88 + + Closes #11494 + +- unittest/makefile: remove unneeded unit1394_LDADD + + These custom `unit1394_LDADD` and similar automake overrides are no + longer neded. They were originally added by added by [8dac7be][] for + metalink support, but are no longer after [265b14d][] removed metalink. + + [8dac7be]: https://github.com/curl/curl/commit/8dac7be438512a8725d3c71e9139bd + fdcac1ed8c + [265b14d]: https://github.com/curl/curl/commit/265b14d6b37c4298bd5556fabcbc37 + d36f911693 + + Closes #11494 + +- cmake: add `libcurlu`/`libcurltool` for unit tests + + Add a `libcurlu`/`libcurltool` static library that is compiled only for + unit tests. We use `EXCLUDE_FROM_ALL` to make sure that they're not + built by default, they're only built if unit tests are built. + + These libraries allow us to compile every unit test with CMake. + + Closes #11446 + +Daniel Stenberg (21 Jul 2023) + +- test979: test -u with redirect to (the same) absolute host + + Verifies #11492 + +- transfer: do not clear the credentials on redirect to absolute URL + + Makes test 979 work. Regression shipped in 8.2.0 from commit + dd4d1a26959f63a2c + + Fixes #11486 + Reported-by: Cloudogu Siebels + Closes #11492 + +Jon Rumsey (20 Jul 2023) + +- os400: correct EXPECTED_STRING_LASTZEROTERMINATED + + Correct EXPECTED_STRING_LASTZEROTERMINATED to account for + CURLOPT_HAPROXY_CLIENT_IP which requires EBCDIC to ASCII conversion when + passed into curl_easy_setopt(). + + Closes #11476 + +Oliver Roberts (20 Jul 2023) + +- amissl: add missing signal.h include + + In some environments, signal.h is already included, but not in others + which cause compilation to fail, so explictly include it. + + Closes #11478 + +- amigaos: fix sys/mbuf.h m_len macro clash + + The updated Curl_http_req_make and Curl_http_req_make2 functions spawned + a parameter called m_len. The AmigaOS networking headers, derived from + NetBSD, contain "#define m_len m_hdr.mh_len" which clashes with + this. Since we do not actually use mbuf, force the include file to be + ignored, removing the clash. + + Closes #11479 + +Daniel Stenberg (20 Jul 2023) + +- socks: print ipv6 address within brackets + + Fixes #11483 + Closes #11484 + +Christian Schmitz (20 Jul 2023) + +- libcurl-errors.3: add CURLUE_OK + + Closes #11488 + +Oliver Roberts (20 Jul 2023) + +- cfilters: rename close/connect functions to avoid clashes + + Rename `close` and `connect` in `struct Curl_cftype` for + consistency and to avoid clashes with macros of the same name + (the standard AmigaOS networking connect() function is implemented + via a macro). + + Closes #11491 + +Stefan Eissing (20 Jul 2023) + +- http2: fix regression on upload EOF handling + + - a regression introduced by c9ec85121110d7cbbbed2990024222c8f5b8afe5 + where optimization of small POST bodies leads to a new code path + for such uploads that did not trigger the "done sending" event + - add triggering this event for early "upload_done" situations + + Fixes #11485 + Closes #11487 + Reported-by: Aleksander Mazur + +Daniel Stenberg (19 Jul 2023) + +- configure: check for nghttp2_session_get_stream_local_window_size + + The http2 code uses it now. Introduced in nghttp2 1.15.0 (Sep 2016) + + Fixes #11470 + Reported-by: Paul Howarth + Closes #11473 + +Stefan Eissing (19 Jul 2023) + +- quiche: fix segfault and other things + + - refs #11449 where a segfault is reported when IP Eyeballing did + not immediately connect but made several attempts + - The transfer initiating the eyeballing was initialized too early, + leadding to references to the filter instance that was then + replaced in the subsequent eyeball attempts. That led to a use + after free in the buffer handling for the transfer + - transfers are initiated now more lazy (like in the ngtcp2 filter), + when the stream is actually opened + - suppress reporting on quiche event errors for "other" transfers + than the current one to not fail a transfer due to faults in + another one. + - revert recent return value handling for quiche_h3_recv_body() + to not indicate an error but an EAGAIN situation. We wish quiche + would document what functions return. + + Fixes #11449 + Closes #11469 + Reported-by: ウさん + +Daniel Stenberg (19 Jul 2023) + +- hostip: return IPv6 first for localhost resolves + + Fixes #11465 + Reported-by: Chilledheart on github + Closes #11466 + +Harry Sintonen (19 Jul 2023) + +- tool: fix tool_seek_cb build when SIZEOF_CURL_OFF_T > SIZEOF_OFF_T + + - a variable was renamed, and some use of it wasn't. this fixes the + build. + + Closes #11468 + +Stefan Eissing (19 Jul 2023) + +- quiche: fix lookup of transfer at multi + + - refs #11449 where weirdness in quiche multi connection tranfers was + observed + - fixes lookup of transfer for a quiche event to take the connection + into account + - formerly, a transfer with the same stream_id, but on another connection + could be found + + Closes #11462 + +Daniel Stenberg (19 Jul 2023) + +- RELEASE-NOTES: synced + + bump to 8.2.1 + +John Haugabook (19 Jul 2023) + +- ciphers.d: put URL in first column + + This makes the URL turn into a link properly when "webified". + + Fixes https://github.com/curl/curl-www/issues/270 + Closes #11464 + Version 8.2.0 (19 Jul 2023) Daniel Stenberg (19 Jul 2023) @@ -8654,364 +9012,3 @@ Jay Satiro (3 Jan 2023) Prior to this change http2_cfilter_add could return an uninitialized cfilter pointer in an OOM condition. In this case though, the pointer is discarded and not dereferenced so there was no risk of a crash. - -Stefan Eissing (3 Jan 2023) - -- cf-socket: keep sockaddr local in the socket filters - - - copy `struct Curl_addrinfo` on filter setup into context - - remove `struct Curl_addrinfoi *` with `struct Curl_sockaddr_ex *` in - connectdata that is set and NULLed by the socket filter - - this means we have no reference to the resolver info in connectdata or - its filters - - trigger the CF_CTRL_CONN_INFO_UPDATE event when the complete filter - chain reaches connected status - - update easy handle connection information on CF_CTRL_DATA_SETUP event. - - Closes #10213 - -Daniel Stenberg (3 Jan 2023) - -- RELEASE-NOTES: synced - -- runtests: consider warnings fatal and error on them - - To help us detect and fix warnings in this script easier and faster. - - Assisted-by: Jakob Hirsch - - Ref: #10206 - Closes #10208 - -- copyright: update all copyright lines and remove year ranges - - - they are mostly pointless in all major jurisdictions - - many big corporations and projects already don't use them - - saves us from pointless churn - - git keeps history for us - - the year range is kept in COPYING - - checksrc is updated to allow non-year using copyright statements - - Closes #10205 - -- docs/DEPRECATE.md: deprecate gskit - - Ref: #10163 - - - This is a niche TLS library, only running on some IBM systems - - no regular curl contributors use this backend - - no CI builds use or verify this backend - - gskit, or the curl adaption for it, lacks many modern TLS features - making it an inferior solution - - build breakages in this code take weeks or more to get detected - - fixing gskit code is mostly done "flying blind" - - Closes #10201 - -- Revert "x509asn1: avoid freeing unallocated pointers" - - This reverts commit 6b19247e794cfdf4ec63c5880d8f4f5485f653ab. - - Fixes #10163 - Closes #10207 - -- ngtcp2: fix the build without 'sendmsg' - - Follow-up from 71b7e0161032 - - Closes #10210 - -- cmake: check for sendmsg - - Used by ngtcp2 - - Closes #10211 - -Timmy Schierling (2 Jan 2023) - -- runtest.pl: add expected fourth return value - - Fixes warning in autobild log: "Use of uninitialized value $HTTP2TLSPORT - in substitution iterator at /tests/runtests.pl line 3516" - - Closes #10206 - -Daniel Stenberg (2 Jan 2023) - -- http2: when using printf %.*s, the length arg must be 'int' - - Detected by Coverity CID 1518341 - - Closes #10203 - -- cfilters: check for NULL before using pointer - - Detected by Coverity CID 1518343 - - Closes #10202 - -- http2: in connisdead check, attach the connection before reading - - Otherwise data->conn is NULL and things go wrong. - - This problem caused occastional failures in test 359, 1700 and more - depending on timing and the alignment of various planets. - - Assisted-by: Stefan Eissing - - Closes #10199 - -Philip Heiduck (2 Jan 2023) - -- Linux CI: update some dependecies to latest tag - - Closes #10195 - -Daniel Stenberg (2 Jan 2023) - -- c-hyper: move down the Accept-Encoding header generation - - To match the internal HTTP request header order so that test 1277 works - again. - - Closes #10200 - -- release-notes.pl: check fixes/closes lines better - - To better skip lines that just happen to mention those words at the - start of a line without being instructions. - -- test1560: use a UTF8-using locale when run - - There are odd cases that don't use UTF8 and then the IDN handling goes - wrong. - - Reported-by: Marcel Raad - Fixes #10193 - Closes #10196 - -- cf-socket: fix build regression - - Reported-by: Stephan Guilloux - Fixes #10190 - Closes #10191 - -- examples: remove the curlgtk.c example - - - it does not add a lot of value - - we do not test-build it to verify because of its dependencies - - unclear for what GTK versions it works or not - - Reported-by: odek86 on github - - Fixes #10197 - Closes #10198 - -Andy Alt (2 Jan 2023) - -- docs: add link to GitHub Discussions - - Closes #10171 - -- GHA: ignore changes to md files for most workflows - - Closes #10176 - -Josh Brobst (2 Jan 2023) - -- http: decode transfer encoding first - - The unencoding stack is added to as Transfer-Encoding and - Content-Encoding fields are encountered with no distinction between the - two, meaning the stack will be incorrect if, e.g., the message has both - fields and a non-chunked Transfer-Encoding comes first. This commit - fixes this by ordering the stack with transfer encodings first. - - Reviewed-by: Patrick Monnerat - Closes #10187 - -Daniel Stenberg (1 Jan 2023) - -- curl.h: mark CURLSSLBACKEND_MESALINK as deprecated - - Follow-up since 223f26c28a340b36 - - Deprecated since 7.82.0 - - Closes #10189 - -- curl_global_sslset.3: clarify the openssl situation - - and add rustls - - Closes #10188 - -Cameron Blomquist (1 Jan 2023) - -- http: add additional condition for including stdint.h - - stdint.h was only included in http.h when ENABLE_QUIC was defined, but - symbols from stdint.h are also used when USE_NGHTTP2 is defined. This - causes build errors when USE_NGHTTP2 is defined but ENABLE_QUIC is not. - - Closes #10185 - -Daniel Stenberg (31 Dec 2022) - -- urldata: cease storing TLS auth type - - The only TLS auth type libcurl ever supported is SRP and that is the - default type. Since nobody ever sets any other type, there is no point - in wasting space to store the set type and code to check the type. - - If TLS auth is used, SRP is now implied. - - Closes #10181 - -- vtls: use ALPN HTTP/1.0 when HTTP/1.0 is used - - Previously libcurl would use the HTTP/1.1 ALPN id even when the - application specified HTTP/1.0. - - Reported-by: William Tang - Ref: #10183 - -Marcel Raad (30 Dec 2022) - -- lib670: make test.h the first include - - As in all other lib tests. This avoids a macro redefinition warning for - `_FILE_OFFSET_BITS` visible in the autobuilds. - - Closes https://github.com/curl/curl/pull/10182 - -Stefan Eissing (30 Dec 2022) - -- lib: connect/h2/h3 refactor - - Refactoring of connection setup and happy eyeballing. Move - nghttp2. ngtcp2, quiche and msh3 into connection filters. - - - eyeballing cfilter that uses sub-filters for performing parallel connects - - socket cfilter for all transport types, including QUIC - - QUIC implementations in cfilter, can now participate in eyeballing - - connection setup is more dynamic in order to adapt to what filter did - really connect. Relevant to see if a SSL filter needs to be added or - if SSL has already been provided - - HTTP/3 test cases similar to HTTP/2 - - multiuse of parallel transfers for HTTP/3, tested for ngtcp2 and quiche - - - Fix for data attach/detach in VTLS filters that could lead to crashes - during parallel transfers. - - Eliminating setup() methods in cfilters, no longer needed. - - Improving Curl_conn_is_alive() to replace Curl_connalive() and - integrated ssl alive checks into cfilter. - - Adding CF_CNTRL_CONN_INFO_UPDATE to tell filters to update - connection into and persist it at the easy handle. - - - Several more cfilter related cleanups and moves: - - stream_weigth and dependency info is now wrapped in struct - Curl_data_priority - - Curl_data_priority members depend is available in HTTP2|HTTP3 - - Curl_data_priority members depend on NGHTTP2 support - - handling init/reset/cleanup of priority part of url.c - - data->state.priority same struct, but shallow copy for compares only - - - PROTOPT_STREAM has been removed - - Curl_conn_is_mulitplex() now available to check on capability - - - Adding query method to connection filters. - - ngtcp2+quiche: implementing query for max concurrent transfers. - - - Adding is_alive and keep_alive cfilter methods. Adding DATA_SETUP event. - - setting keepalive timestamp on connect - - DATA_SETUP is called after the connection has been completely - setup (but may not connected yet) to allow filters to initialize - data members they use. - - - there is no socket to be had with msh3, it is unclear how select - shall work - - - manual test via "curl --http3 https://curl.se" fail with "empty - reply from server". - - - Various socket/conn related cleanups: - - Curl_socket is now Curl_socket_open and in cf-socket.c - - Curl_closesocket is now Curl_socket_close and in cf-socket.c - - Curl_ssl_use has been replaced with Cur_conn_is_ssl - - Curl_conn_tcp_accepted_set has been split into - Curl_conn_tcp_listen_set and Curl_conn_tcp_accepted_set - with a clearer purpose - - Closes #10141 - -Daniel Stenberg (30 Dec 2022) - -- RELEASE-NOTES: synced - -- docs/libcurl/curl_getdate.3: minor whitespace edit - - To avoid a fccp quirk that made it render wrongly on the website - -- transfer: break the read loop when RECV is cleared - - When the RECV bit is cleared because the response reading for this - transfer is complete, the read loop should be stopped. data_pending() - can otherwise still return TRUE and another read would be attempted. - - Reported-by: Hide Ishikawa - Fixes #10172 - Closes #10174 - -- multihandle: turn bool struct fields into bits - - Closes #10179 - -Stefan Eissing (30 Dec 2022) - -- ftpserver: lower the normal DATA connect timeout to speed up torture tests - - - tests/ftpserver.pl blocks when expecting a DATA connection from the - client. - - - the previous 10 seconds were encountered repeatedly in torture tests - and let to long waits. - - - 2 seconds should still be sufficient for current hw, but CI will show. - - Closes #10178 - -Nick Banks (28 Dec 2022) - -- msh3: add support for request payload - - Closes #10136 - -Stefan Eissing (28 Dec 2022) - -- openssl: remove attached easy handles from SSL instances - - - keeping the "current" easy handle registered at SSL* is no longer - necessary, since the "calling" data object is already stored in the - cfilter's context (and used by other SSL backends from there). - - The "detach" of an easy handle that goes out of scope is then avoided. - - using SSL_set0_wbio for clear reference counting where available. - - Closes #10151 - -Daniel Stenberg (28 Dec 2022) - -- socketpair: allow localhost MITM sniffers - - Windows allow programs to MITM connections to localhost. The previous - check here would detect that and error out. This new method writes data - to verify the pipe thus allowing MITM. - - Reported-by: SerusDev on github - Fixes #10144 - Closes #10169 - -- HTTP3: mention what needs to be in place to remove EXPERIMENTAL label - - Closes #10168 -- cgit v1.2.3