Opened 8 months ago

Closed 8 months ago

#21650 closed enhancement (fixed)

curl-8.14.0

Reported by: Douglas R. Reno Owned by: Bruce Dubbs
Priority: normal Milestone: 12.4
Component: BOOK Version: git
Severity: normal Keywords:
Cc:

Description

New minor version that came out earlier today

Whoever does this update will need to also apply a patch to fix a regression: https://github.com/curl/curl/issues/17473

Upstream suggests distro maintainers like us patch it alongside the implementation of curl-8.14.0. Patch can be found at https://github.com/curl/curl/pull/17475

The two CVEs that are fixed in this release are also not applicable to us as we do not use WolfSSL as our TLS backend.

Change History (3)

comment:1 by Bruce Dubbs, 8 months ago

Owner: changed from blfs-book to Bruce Dubbs
Status: newassigned

comment:2 by Bruce Dubbs, 8 months ago

curl and libcurl 8.14.0

This release includes the following changes:

  • mqtt: send ping at upkeep interval
  • schannel: handle pkcs12 client certificates containing CA certificates
  • TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs
  • vquic: ngtcp2 + openssl support
  • wcurl: import v2025.04.20 script + docs
  • websocket: add option to disable auto-pong reply

This release includes the following bugfixes:

  • _SEEALSO.md: remove spaces around command and man page section
  • asny-thrdd: fix detach from running thread
  • asnyc-thrdd: explain how this is okay with a comment
  • asyn resolver code improvements
  • async-threaded resolver: use ref counter
  • async: DoH improvements
  • autotools: detect wolfSSL_set_quic_use_legacy_code like cmake does
  • autotools: install shell completion files on cross build
  • aws-sigv4: allow a blank string
  • build: check required rustls-ffi version
  • build: enable gcc-12/13+, clang-10+ picky warnings
  • build: enable gcc-15 picky warnings
  • certs: drop unused default_bits from .prm files
  • cf-https-connect: use the passed in dns struct pointer
  • cf-socket: fix FTP accept connect
  • cfilters: remove assert
  • cmake/FindNGTCP2: simplify multi-pkg-config detection
  • cmake: append picky warnings to CMAKE_REQUIRED_FLAGS as string
  • cmake: avoid 'target is imported but not globally visible' when consuming libcurl with old cmake
  • cmake: do not install mk-ca-bundle script and manpage
  • cmake: enable -Wall for MSVC when PICKY_COMPILER=ON
  • cmake: extend integration tests
  • cmake: fix fish install directory detection via pkg-config
  • cmake: fix nghttp3 static linking with USE_OPENSSL_QUIC=ON
  • cmake: fix option() and mark_as_advanced() mixed order
  • cmake: fix shell completion install when just one flavor is enabled
  • cmake: honor individual picky option overrides found in CMAKE_C_FLAGS
  • cmake: install shell completions for cross-builds
  • cmake: link crypt32 for OpenSSL feature detection
  • cmake: merge CURL_WERROR logic into PickyWarnings.cmake
  • cmake: prefer COMPILE_OPTIONS over CMAKE_C_FLAGS for custom C options
  • cmake: quotes, whitespace, use VERSION_GREATER_EQUAL
  • cmake: revert CURL_LTO behavior for multi-config generators
  • cmake: set BUILDING_LIBCURL directly for unit test targets
  • cmake: stop deleting -W<n> from CMAKE_C_FLAGS (MSVC)
  • cmake: tidy up and document feature detections in dependencies
  • cmake: use CMAKE_COMPILE_WARNING_AS_ERROR if available
  • cmake: use INCLUDE_DIRECTORIES prop to specify local header dirs
  • cmake: use LIB_NAME in curl-config.cmake.in
  • cmake: use absolute paths for completion targets
  • cmake: use the LINK_OPTIONS property with CMake 3.13+
  • configure: catch asking for double resolver without https-rr
  • configure: fix --disable-rt
  • configure: restore link checks
  • configure: suppress command not found for brew
  • conncache: make Curl_cpool_init return void
  • connect: shutdown timer fix
  • content_encoding: Transfer-Encoding parser improvements
  • CONTRIBUTE: add project guidelines for AI use
  • contrithanks.sh: drop set -e
  • cpool/cshutdown: force close connections under pressure
  • curl: fix memory leak when -h is used in config file
  • curl: only warn once for --manual in manual-disabled build
  • curl_get_line: handle lines ending on the buffer boundary
  • curl_krb5: only use functions if FTP is still enabled
  • curl_multibyte: fixup low-level calls, include in unity builds
  • curl_osslq: remove a leftover debug fprintf() call
  • curl_url_get.md: don't call it normalized
  • curl_version_info.md: clarify ssl_version for MultiSSL
  • CURLMOPT_TIMERFUNCTION.md: correct the example
  • CURLOPT_ERRORBUFFER.md: buffer is read only after curl takes ownership
  • CURLOPT_FOLLOWLOCATION.md: switch to GET => no body
  • CURLOPT_READFUNCTION.md: mention the seek callback
  • CURLOPT_XFERINFOFUNCTION.md: fix the callback return type in example
  • curlx: move the docs to docs/internals/
  • DEPRECATE.md: drop support for VS2008
  • DEPRECATE.md: drop Windows CE support
  • dist: drop duplicate entry from CMAKE_DIST
  • dns_entry: move from conn to data->state
  • Dockerfile: update debian:bookworm-slim Docker digest to 90522ee
  • docs/INSTALL.md: drop reference to removed configure option
  • docs/libcurl: fix type and prototype problems in examples
  • docs/libcurl: make examples build with picky compiler options
  • docs/libcurl: mention sensitive data/headers
  • docs: add missing return statement in examples
  • docs: fix incorrect shell substitution in docker run example command
  • docs: fix typo in retry.md
  • docs: update distros links
  • doh: httpsrr fix
  • doh: make sure CURLOPT_PROTOCOLS is set a with a "long" arg
  • doh: reduce the DNS request buffer size
  • easy_reset: fix dohfor_mid member
  • ECH: reference the OpenSSL ECH feature branch
  • etag-save.md: mention how using both options is a good idea
  • eventfd: fix feature guards
  • formdata: cleanups- ftp: fix race in upload handling
  • ftplistparser: add two overflow preventions
  • ftplistparser: split up into more functions
  • generate.bat: exclude curlinfo.c from legacy VS projects
  • genserv.pl: fail with a message if openssl is missing or failing
  • headers: enforce a max number of response header to accept
  • headers: set an error message on illegal response headers
  • hostip: fix build without threaded-resolver and without DoH
  • hostip: show the correct name on proxy resolve error
  • http2: fix stream window size after unpausing
  • HTTP3.md: fix incorrect variable placeholders
  • http: fix a build error when all auths are disabled
  • http: fix HTTP/2 handling of TE request header using "trailers"
  • http: in alt-svc negotiation only allow supported HTTP versions
  • http_aws_sigv4: add additional verbose log statements
  • http_aws_sigv4: improve sigv4 url encoding and canonicalization
  • http_chunks: narrow variable scope for 'trlen'
  • http_negotiate: fix non-SSL build with GSSAPI
  • https-connect: fix httpsrr target check
  • HTTPSRR.md: clarify somewhat
  • if2ip: build the function also if FTP is present
  • imap: remove redundant condition
  • INSTALL-CMAKE.md: fix typo
  • INSTALL.md: update the minimal libcurl size example
  • KNOWN_BUGS: fix link in sivg4 issue 16.3
  • lib/src/docs/test: improve curl_easy_setopt() calls
  • lib1560: use hex notation, drop non-ASCII exception
  • lib3026: drop DLL pre-load perf mitigation for old mingw
  • lib: add const to clientwriter tables
  • lib: drop curlx_getpid, use fake pid in SMB
  • lib: include files using known path
  • lib: make Curl_easyopts const
  • lib: unify conversions to/from hex
  • libcurl-tutorial.md: fix read callback explanation
  • libssh: add NULL check for Curl_meta_get()
  • libssh: fix memory leak
  • libssh: remove a condition that always equals false
  • libtest/first: stop defining MEMDEBUG_NODEFINES
  • libtests: define CURL_DISABLE_DEPRECATION first
  • make: clean tests better
  • mbedtls: TLS 1.3 is max when mbedtls has 1.3 support
  • metahash: add asserts to help analyzers
  • mk-ca-bundle.pl: follow redirects
  • mk-ca-bundle: switch URLs to GitHub versions
  • mkhelp: fix to not generate a line-ending space in some cases
  • mqtt: use conn/easy meta hash
  • multi: do transfer book keeping using mid
  • multi: init_do(): check result
  • netrc: avoid NULL deref on weird input
  • netrc: avoid strdup NULL
  • netrc: deal with null token better
  • ngtcp2: clarify ignoring of result
  • openssl-quic: avoid potential -Wnull-dereference, add assert
  • openssl-quic: fix printf mask
  • openssl-quic: fix shutdown when stream not open
  • openssl: enable builds for *both* engines and providers
  • openssl: set the cipher string before doing private cert
  • parsedate: provide Curl_wkday also for GnuTLS builds
  • processhelp.pm: always call taskkill with -f (force)
  • processhelp.pm: avoid potential endless loop, log more (Windows)
  • progress: avoid integer overflow when gathering total transfer size
  • pytest tls: extend coverage
  • pytest-xdist: pytest in parallel
  • pytest: add pinnedpubkey test cases
  • pytest: give parameterised tests better ids for read- and parsability
  • pytest: make test_07_22 more lenient to exit codes
  • quic: no local idle connection timeout, ngtcp2 keep-alive
  • rand: update comment on Curl_rand_bytes weak random
  • RELEASE-PROCEDURE.md: release candidate git tagging explained
  • rtsp: remove redundant condition
  • runtests: add retry option to reduce flakiness
  • runtests: fix indentation
  • runtests: recognize lowercase windows in curl -V
  • runtests: remove server verification after start
  • runtests: split SSH_PWD into SCP_PWD and SFTP_PWD, and more
  • rustls: make max size of cert and key reasonable
  • sasl: give help when unable to select AUTH
  • scripts: completion.pl: sort the completion file for all shells
  • scripts: drop unused import, formatting
  • scripts: fix --opts-dir help in completion.pl
  • scripts: fix perl indentation, whitespace, semicolons
  • sectransp: fix building for macOS Sierra and older
  • setopt: provide info for CURLE_BAD_FUNCTION_ARGUMENT
  • smb: avoid integer overflow on weird input date
  • socket: use accept4 when available
  • socketpair: support pipe2 where available
  • spacecheck.pl: check for non-ASCII chars, fix fallouts
  • spacecheck.pl: verify tests/data/test* for non-ASCII chars
  • src: drop strcase.
  • src: include memdebug.h consistently with angle brackets <>
  • src: rename curlx_safefree to tool_safefree
  • test1173.pl: whitelist some option-looking names that aren't options
  • test1658: add unit test for the HTTPS RR decoder
  • test: make unittest 1308 into a libtest
  • tests/ech_tests.sh: sync shebang with rest of bash scripts
  • tests/FILEFORMAT.md: clarify %hex
  • tests/FILEFORMAT.md: document the aws feature
  • tests/README.md: document --test-duphandle
  • tests/README.md: list the openssl tool among the prerequisites
  • tests/server/dnsd: basic DNS server for test suite
  • tests/server: check for stream != NULL in mqttd
  • tests/server: fix typo in comment
  • tests/server: stop using libcurl string comparisons
  • tests/server: stop using libcurl's printf functions
  • tests/serverhelp: remove last remnants of http-pipe server
  • tests/tunit: make a separate directory for tool-based unit tests
  • tests: add aws feature to the related tests
  • tests: Add https-mtls server to force client auth
  • tests: fix some test tag mismatches
  • tests: mark ipfs tests to require ipfs
  • tests: move a boolean variable out of the path section
  • tests: prefer --insecure over -k
  • tests: provide all non-ascii data hex encoded
  • tests: remove some unused test case sections
  • tests: require IPv6 for 1265, 1324, 2086
  • tests: separate tunit tests from unit tests more
  • tests: stop using libcurl's strdup
  • tests: unify test case keywords
  • tests: use a more portable null device path
  • TODO: remove "nicer lacking perl message"
  • tool_cb_write.c: handle EINTR on flush
  • tool_getparam: clear argument only when needed
  • tool_operate: make retrycheck() a separate function
  • tool_operate: when retrying, only truncate regular files
  • tool_paramhlp: avoid integer overflow in secs2ms()
  • tool_parsecfg: make get_line handle lines ending on the buffer boundary
  • typecheck-gcc.h: fix the typechecks
  • urlapi: redirecting to "" is considered fine
  • urlapi: remove unneeded guards around PUNY2IDN
  • urldata: remove the unused struct field 'hide_progress'
  • VERSIONS: list all past releases
  • vquic: consistent name for the stream struct across backends
  • vquic: init for every call to recvmsg
  • vtls: avoid NULL deref on bad PEM input
  • vtls: fix build with ssl but without http
  • VULN-DISCLOSURE-POLICY: use of weak algos
  • winbuild: add the deprecation warning to the README
  • winbuild: curl_get_line is not used for tool builds
  • windows: fix builds targeting WinXP, test it in CI
  • wolfssl: fix to enable ALPN when available
  • ws: fix the header replace check
  • ws: store protocol context as connection meta data

Planned upcoming removals include:

  • Support for the msh3 HTTP/3 backend
  • Supporting curl builds using VS2008
  • The Secure Transport and BearSSL TLS backends
  • The winbuild build system
  • Windows CE support
  • ftp: fix bug in failed init

comment:3 by Bruce Dubbs, 8 months ago

Resolution: fixed
Status: assignedclosed

Fixed at commit 6cbbb1fdd4.

Note: See TracTickets for help on using tickets.