commit 01782a41f8feea008b92ea3e349c15dc7994588b Author: Michael Tremer Date: Mon Oct 7 10:22:33 2024 +0000 core189: Ship ncat This is required for the new Unbound/DHCP Leases bridge to work. Signed-off-by: Michael Tremer commit 7eec7e2c8b99bfe577d5b9cbd0bc0559f52f8020 Author: Michael Tremer Date: Mon Oct 7 10:18:57 2024 +0000 ncat: Make this package part of the core system The nc command is required for the Unbound/DHCP leases bridge. Signed-off-by: Michael Tremer commit 74f5f41372571c29b80db217a3d852ef0e613c6f Author: Michael Tremer Date: Fri Oct 4 11:46:22 2024 +0000 core189: Ship and restart Unbound Signed-off-by: Michael Tremer commit b38609d64d0ea20f510d6a692d7114d9d331bd77 Author: Matthias Fischer Date: Fri Oct 4 10:41:17 2024 +0200 unbound: Update to 1.21.1 For details see: https://nlnetlabs.nl/projects/unbound/download/#unbound-1-21-1 "Fix CVE-2024-8508, unbounded name compression could lead to denial of service." Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit a7ac62f4a67fa2016edc27735cec71bc1474c2b7 Author: Michael Tremer Date: Thu Sep 26 20:40:04 2024 +0000 ovpnmain.cgi: Remove using dropped &General::getlastip() function Signed-off-by: Michael Tremer commit 0555434effc70080d8278ca3db38fef51bba1efa Author: Michael Tremer Date: Thu Sep 26 14:13:10 2024 +0000 header.pl: Force browsers to reload rrdimage.js Signed-off-by: Michael Tremer commit d1a3fd9e0debf994055a410fbc7e5ba7c7c074b0 Author: Michael Tremer Date: Sun Sep 22 14:33:03 2024 +0000 ovpnmain.cgi: Fix IP address calculation with static pools Signed-off-by: Michael Tremer commit 84b04cb6d38eb0ca0fca426e4d6e0c0a2c467d9e Author: Michael Tremer Date: Tue Sep 24 08:53:40 2024 +0000 core189: Ship suricata changes Signed-off-by: Michael Tremer commit d99826dc71146a6d019341892d6f2d7b69ee2407 Author: Michael Tremer Date: Tue Sep 24 10:33:22 2024 +0200 suricata: Enable scanning IPsec packets Signed-off-by: Michael Tremer commit e5da7dea66167602b9255ac6b77d9ab32398a23d Author: Michael Tremer Date: Sun Sep 22 17:22:48 2024 +0200 ids.cgi: Add UI to enable scanning on IPsec Signed-off-by: Michael Tremer commit db151ad716beefcb9ab9fadd2bb3ac9934748793 Author: Michael Tremer Date: Sun Sep 22 17:08:03 2024 +0200 suricata: Add support for zones having multiple interfaces Signed-off-by: Michael Tremer commit 09831e9ca9c27b024d305f40655298d8106cdf5c Author: Michael Tremer Date: Sun Sep 22 17:06:21 2024 +0200 suricata: Split marking packets off into a separate chain This is required so that we can have different policies for incoming and outgoing packets. Signed-off-by: Michael Tremer commit 75a89ddf4aaccaf397e320a98bf1ecf65c78cff4 Author: Michael Tremer Date: Sat Sep 21 17:55:09 2024 +0200 suricata: Clear IPS bits after use Signed-off-by: Michael Tremer commit 6826eed0a4a892bf6ef24abd312bad474568c988 Author: Michael Tremer Date: Sat Sep 21 12:39:32 2024 +0200 suricata: Always count the whitelisted packets Even if there are no rules, if this does not exist, collectd will be unhappy and we cannot generate the graph. Signed-off-by: Michael Tremer commit 4efa4c4b714f117cb561201f7f6c122cb7da624a Author: Michael Tremer Date: Sat Sep 21 12:37:09 2024 +0200 ids.cgi: Don't show the graph if there is no RRD data Signed-off-by: Michael Tremer commit 0c5a683b7ed3cb268648c573bcbeead20f824e95 Author: Michael Tremer Date: Sat Sep 21 12:34:56 2024 +0200 ids.cgi: Fix empty states of tables Signed-off-by: Michael Tremer commit d98d10f7df7bd8715b338c6c3b30801f65243977 Author: Michael Tremer Date: Sat Sep 21 12:28:50 2024 +0200 graphs.pl: Fix suricata graph name Signed-off-by: Michael Tremer commit cf44d8d149dbda8aa8dccd89dd5e3ff75af628b9 Author: Michael Tremer Date: Tue Sep 17 04:04:07 2024 +0200 firewall: Move the IPS back to INPUT/FORWARD/OUTPUT We cannot use the PREROUTING/POSTROUTING chains here because Suricata will fail to track NAT-ed connections. Signed-off-by: Michael Tremer commit 5da15c5d3b1772f133d10a309d99b3588b98be0f Author: Michael Tremer Date: Fri Sep 13 10:12:30 2024 +0200 suricata: Track whitelisted traffic and add it to the IPS graph Signed-off-by: Michael Tremer commit 4721fac3c88069d5ca426f6be750f9b860efecaa Author: Michael Tremer Date: Wed Sep 11 00:43:59 2024 +0200 IPS: Ada a graph that shows the IPS throughput This graph is split into three parts. One shows bypassed packets, the next one shows the actually scanned packets and lastly we show the total throughput. Signed-off-by: Michael Tremer commit a85924cc2534c65eb10b800375ade8a5bb311dc1 Author: Michael Tremer Date: Tue Sep 10 23:45:53 2024 +0200 suricata: Collect metrics on scanned and bypassed packets Signed-off-by: Michael Tremer commit 8b73307b15a74b3e0781cfb3430298403e849ed6 Author: Michael Tremer Date: Tue Sep 10 23:23:38 2024 +0200 suricata: Force Suricata to write a PID file again The PID file does not get written when Suricata is not being started in daemon mode and therefore we need to pass it as a command line parameter. The initscript should not deal with the PID file when starting but needs it to terminate the process and to check the process status. The web UI can use the PID file again. Signed-off-by: Michael Tremer commit 63f4b3a7bc4bd80b036c02f2483fd82ac5810aca Author: Michael Tremer Date: Tue Sep 10 23:23:18 2024 +0200 suricata: Fix syntax error in watcher script Signed-off-by: Michael Tremer commit 0d38ebeb059cca9f97316f4980ee4437110ddf55 Author: Michael Tremer Date: Tue Sep 10 23:17:20 2024 +0200 suricata: Remove debugging code Signed-off-by: Michael Tremer commit 525ff6d74dac833854dde69a152e98f1b5fd14d2 Author: Michael Tremer Date: Tue Sep 10 11:37:38 2024 +0200 firewall: Move the IPS after the NAT marking This is because we might still land in the scenario where Suricata crashes and NFQUEUE will simply ACCEPT all packets which will terminate the processing of the mangle table. Therefore the NFQUEUE rule should be the last one so that we never skip any of the other processing. Signed-off-by: Michael Tremer commit 2438c6c2497015e92e823ecd2fbe9071a2cda575 Author: Michael Tremer Date: Tue Sep 10 11:35:18 2024 +0200 ids.cgi: Fix detection for the Suricata process We don't seem to have a PID file any more. Signed-off-by: Michael Tremer commit d3db0465703fe15855b02c3487859c8ca5a0db2b Author: Michael Tremer Date: Tue Sep 10 11:24:01 2024 +0200 ids.cgi: Remove box from the top section Signed-off-by: Michael Tremer commit d2f7d18e338975fa5d6a6f89b3eb86378e124612 Author: Michael Tremer Date: Tue Sep 10 11:22:59 2024 +0200 ids.cgi: Sort whitelist entries Signed-off-by: Michael Tremer commit 891702cad16def266ab4ab1e8dde79367dd3d140 Author: Michael Tremer Date: Tue Sep 10 11:17:33 2024 +0200 ids.cgi: Use new-style table for whitelist entries Signed-off-by: Michael Tremer commit 119cb837067ab16f6bf6ea88f512f8f8c38ea49c Author: Michael Tremer Date: Tue Sep 10 11:09:58 2024 +0200 ids.cgi: Use new style tables for rulesets Signed-off-by: Michael Tremer commit 50f3e2a534d99ad4606535709e02f40ac89260fd Author: Michael Tremer Date: Tue Sep 10 11:01:52 2024 +0200 suricata: Fix broken spacing in the settings section Signed-off-by: Michael Tremer commit 1b7d1abdf0978be4dfd57f339313ce811322aaf9 Author: Michael Tremer Date: Tue Sep 10 10:50:15 2024 +0200 suricata: Add option to scan WireGuard Signed-off-by: Michael Tremer commit 72d501f9235e290c974b2e4207b822b164d3a2fc Author: Michael Tremer Date: Tue Sep 10 10:42:11 2024 +0200 suricata: Don't load /var/ipfire/ethernet/settings We no longer need this directly as it is being pulled in from the network functions. Signed-off-by: Michael Tremer commit eb3156ed6b4a1de646259295db47c6cbeaa438ae Author: Michael Tremer Date: Tue Sep 10 10:41:19 2024 +0200 suricata: Remove superfluous bits from the initscript I don't know why these hacks are here. Signed-off-by: Michael Tremer commit 79cce701a94fb903e94838faf4c2e1016a24ba62 Author: Michael Tremer Date: Tue Sep 10 10:40:28 2024 +0200 suricata: Restore the interface selection Signed-off-by: Michael Tremer commit 7e1c564ec8f25cb00c49a5ceecdb004c0b186555 Author: Michael Tremer Date: Mon Sep 9 23:08:11 2024 +0200 suricata: Start the new watcher in the background Signed-off-by: Michael Tremer commit 17887e69a82dc92880136940ccdff1254c612233 Author: Michael Tremer Date: Mon Sep 9 20:09:22 2024 +0200 suricata: Add a watcher to restart on unexpected termination This patch adds a watcher process that will restart suricata when it is being killed by SIGKILL (e.g. by the OOM killer) or after a SEGV. Signed-off-by: Michael Tremer commit e088c2115843cb6d70ea5bc21af818f5dbd7e822 Author: Michael Tremer Date: Mon Sep 9 19:38:47 2024 +0200 suricata: Be more efficient with marks This patch changes that we introduce a new mark which allows us to identify any newly bypassed connections and permanently store the bypass flag. We also only restore marks from the connection tracking when a packet has no marks, yet. Tested-by: Adolf Belka Signed-off-by: Michael Tremer commit 54a58a2891910ece5174ec8f20504ae2f80841e2 Author: Michael Tremer Date: Mon Sep 9 19:37:56 2024 +0200 suricata: Replace removed CPU count function Signed-off-by: Michael Tremer commit 84a73d5f3997be2f1907c5eb4ad7a7069611ab4a Author: Michael Tremer Date: Mon Sep 9 12:46:23 2024 +0200 suricata: Add whitelist to iptables This allows us to workaround better against any problems in Suricata because we never send any whitelisted packets to the IPS in the first place. Signed-off-by: Michael Tremer commit 655a95803a2fdc16ed7541b0c368620bb23d7740 Author: Michael Tremer Date: Mon Sep 9 11:58:50 2024 +0200 suricata: Remove some unused constants Signed-off-by: Michael Tremer commit 50d987cc2194945be50030fde179e293f692135d Author: Michael Tremer Date: Mon Sep 9 11:55:34 2024 +0200 suricata: Use getconf to determine the number of processors Signed-off-by: Michael Tremer commit 7e5ec5699886664686d05ef3d7dc3006d162b5a7 Author: Michael Tremer Date: Mon Sep 9 11:54:04 2024 +0200 initscripts: Fix bash function definitions in suricata Signed-off-by: Michael Tremer commit 558dcc66e632fe12b566edc4e39c519cdbc1b6a0 Author: Michael Tremer Date: Mon Sep 9 11:49:30 2024 +0200 suricata: Move the IPS into the mangle table This should make the IPS more efficient, we should have fewer rules and the IPS will now sit at the edge of the networking stack as it will see packets immediately when they come and and just before they leave. Signed-off-by: Michael Tremer commit fc1537434f007977161c2ba46b823d276b8c5d7c Author: Michael Tremer Date: Mon Sep 23 21:22:22 2024 +0000 core189: Ship cURL This fixes a leaked SIGPIPE that makes transmission crash. Signed-off-by: Michael Tremer commit 853e1e41e9efc3e219c4967caa6cf81c7cbcb047 Author: Adolf Belka Date: Fri Sep 13 18:25:16 2024 +0200 curl: Update to version 8.10.0 - Update from vesion 8.9.1 to 8.10.0 - Update of rootfile - In previous versions if libpsl was not found then the build excluded it. Now it needs to be explicitly disabled otherwise the build will stop with a warning that it could not be found. - Changelog 8.10.0 changes: o autotools: add `--enable-windows-unicode` option [103] o curl: --help [option] displays documentation for given cmdline option [19] o curl: add --skip-existing [54] o curl: for -O, use "default" as filename when the URL has none [34] o curl: make --rate accept "number of units" [4] o curl: make --show-headers the same as --include [6] o curl: support --dump-header % to direct to stderr [31] o curl: support embedding a CA bundle and --dump-ca-embed [20] o curl: support repeated use of the verbose option; -vv etc [35] o curl: use libuv for parallel transfers with --test-event [82] o getinfo: add CURLINFO_POSTTRANSFER_TIME_T [87] o mbedtls: add CURLOPT_TLS13_CIPHERS support [78] o rustls: add support for setting TLS version and ciphers [113] o vtls: stop offering alpn http/1.1 for http2-prior-knowledge [53] o wolfssl: add CURLOPT_TLS13_CIPHERS support [76] o wolfssl: add support for ssl cert blob / ssl key blob options [50] bugfixes: o asyn-thread: stop using GetAddrInfoExW on Windows [241] o autotools: fix MS-DOS builds [249] o autotools: fix typo in tests/data target [30] o aws_sigv4: fix canon order for headers with same prefix [74] o bearssl: fix setting tls version [203] o bearssl: improve shutdown handling [45] o BINDINGS: add zig binding [100] o build: add `iphlpapi` lib for libssh on Windows [166] o build: add `poll()` detection for cross-builds [244] o build: add options to disable SHA-512/256 hash algo [239] o build: check OS-native IDN first, then libidn2 [223] o build: delete unused `REQUIRE_LIB_DEPS` [226] o build: drop unused `NROFF` reference [253] o build: drop unused feature-detection code for Apple `poll()` [227] o build: generate `buildinfo.txt` for test logs [256] o build: improve compiler version detection portability o build: make `CURL_FORMAT_CURL_OFF_T[U]` work with mingw-w64 <=7.0.0 [207] o build: silence C4232 MSVC warnings in vcpkg ngtcp2 builds [137] o build: use -Wno-format-overflow [195] o buildconf.bat: fix tool_hugehelp.c generation [173] o cf-socket: fix pollset for listening [179] o cf-socket: prevent KEEPALIVE_FACTOR being set to 1000 for Windows [185] o cfilters: send flush [13] o CHANGES: rename to CHANGES.md, no longer generated [40] o CI: enable parallel testing in CI builds [18] o ci: Update actions/upload-artifact digest to 89ef406 [24] o cmake: `Libs.private` improvements [215] o cmake: add `CURL_USE_PKGCONFIG` option [138] o cmake: add Linux CI job, fix pytest with cmake [71] o cmake: add math library when using wolfssl and ngtcp2 [66] o cmake: add missing `pkg-config` hints to Find modules [158] o cmake: add missing version detection to Find modules [170] o cmake: add rustls [116] o cmake: add support for versioned symbols option [51] o cmake: add wolfSSH support [117] o cmake: allow `pkg-config` in more envs [147] o cmake: cleanup header paths [59] o cmake: default `CURL_DISABLE_LDAPS` to the value of `CURL_DISABLE_LDAP` [231] o cmake: delete MSVC warning suppression for tests/server [101] o cmake: detect `nghttp2` via `pkg-config`, enable by default [21] o cmake: detect and show VCPKG in platform flags [84] o cmake: distcheck for files in CMake subdir [9] o cmake: drop custom `CMakeOutput.log`/`CMakeError.log` logs [27] o cmake: drop libssh CONFIG-style detection [167] o cmake: drop no-op `tests/data/CMakeLists.txt` [26] o cmake: drop reference to undefined variable [25] o cmake: drop unused `HAVE_IDNA_STRERROR` [62] o cmake: drop unused internal variable [22] o cmake: exclude tests/http/clients builds by default [110] o cmake: fix `GSS_VERSION` for Heimdal found via pkg-config [77] o cmake: fix `pkg-config`-based detection in `FindGSS.cmake` [94] o cmake: fix and tidy up c-ares builds, enable in more CI jobs [156] o cmake: fix find rustls [148] o cmake: fixup linking libgsasl when detected via CMake-native o cmake: honor custom `CMAKE_UNITY_BUILD_BATCH_SIZE` [163] o cmake: limit `pkg-config` to UNIX and MSVC+vcpkg by default [188] o cmake: limit libidn2 `pkg-config` detection to `UNIX` [109] o cmake: migrate dependency detections to Find modules [183] o cmake: more small tidy-ups and fixes [80] o cmake: rename wolfSSL and zstd config variables to uppercase [151] o cmake: respect cflags/libdirs of native pkg-config detections [175] o cmake: show CMake platform/compiler flags [63] o cmake: show warning if libpsl is not found [154] o cmake: sync code between test/example targets [234] o cmake: sync up formatting in Find modules [129] o cmake: TLS 1.3 warning only for bearssl and sectranp [118] o cmake: update `curl-config.cmake.in` template var list o cmake: update list of "advanced" variables [119] o cmake: use numeric comparison for `HAVE_WIN32_WINNT` [69] o cmdline-opts: language fix for expect100-timeout.md and max-time.md [192] o configure: delete unused `CURL_DEFINE_UNQUOTED` function [224] o configure: delete unused `HAVE_OPENSSL3` macro [225] o configure: delete unused `m4/xc-translit.m4` [114] o configure: detect AppleIDN [70] o configure: fail if PSL is not disabled but not found [46] o configure: fix WinIDN builds targeting old Windows [210] o configure: remove USE_EXPLICIT_LIB_DEPS [199] o configure: replace nonportable grep -o with awk [111] o connect: always prefer ipv6 in IP eyeballing [209] o connect: limit update IP info [191] o cookie.md: try to articulate the two different uses this option has [92] o curl: allow 500MB data URL encode strings [38] o curl: find curlrc in XDG_CONFIG_HOME without leading dot [186] o curl: fix --proxy-pinnedpubkey [91] o curl: fix the -w urle.* variables [153] o curl: make the progress bar detect terminal width changes [169] o curl: warn on unsupported SSL options [106] o Curl_rand_bytes to control env override [17] o curl_sha512_256: fix symbol collisions with nettle library [131] o CURLMOPT_SOCKETFUNCTION.md: expand on the easy argument [216] o CURLOPT_XFERINFOFUNCTION: clarify the callback return codes [141] o dist: add missing `docs/examples/CMakeLists.txt` [58] o dist: add missing `FindNettle.cmake` [11] o dist: add missing `lib/optiontable.pl` [115] o dist: add missing `test_*.py` scripts [102] o dist: drop buildconf [65] o dist: fix reproducible build from release tarball [36] o dmaketgz: only run 'make distclean' if Makefile exists o docs/SSLCERTS: rewrite [174] o docs: add description of effect of --location-trusted on cookie [157] o docs: document the (weak) random value situation in rustls builds [252] o docs: fix some examples in man pages o docs: improve cipher options documentation [159] o docs: mention "@-" in more places [67] o docs: remove ALTSVC.md, HSTS.md, HTTP2.md and PARALLEL-TRANSFERS.md [105] o docs: update CIPHERS.md [140] o doh-url.md: point out DOH server IP pinning [37] o doh: remove redundant checks [242] o easy: fix curl_easy_upkeep for shared connection caches [52] o escape: allow curl_easy_escape to generate 3*input length output [39] o FEATURES.md: fix typo [180] o ftp: always offer line end conversions [219] o ftp: flush pingpong before response [73] o getinfo: return zero for unsupported options (when disabled) [189] o GHA/windows: enable MulitSSL in an MSVC job [2] o GHA: scan git repository and detect unvetted binary files [3] o gnutls/wolfssl: improve error message when certificate fails [125] o gnutls: send all data [230] o gtls: fix OCSP stapling management [206] o haproxy: send though next filter [222] o hash: provide asserts to verify API use [96] o http/2: simplify eos/blocked handling [90] o http2+h3 filters: fix ctx init [142] o http2: fix GOAWAY message sent to server [171] o http2: improve rate limiting of downloads [33] o http2: improved upload eos handling [41] o http3.md: mention how the fallback can be h1 or h2 [194] o hyper: call Curl_req_set_upload_done() [126] o idn: more strictly check AppleIDN errors [98] o idn: support non-UTF-8 input under AppleIDN [99] o INSTALL.md: MultiSSL and QUIC are mutually exclusive [7] o KNOWN_BUGS: "special characers" in URL works with aws-sigv4 [81] o krb5: add Linux/macOS CI tests, fix cmake GSS detection [83] o krb5: fix `-Wcast-align` [95] o lib: add eos flag to send methods [14] o lib: avoid macro collisions between wolfSSL and GnuTLS headers [133] o lib: convert some debugf()s into traces [8] o lib: delete stray undefs for `vsnprintf`, `vsprintf` [152] o lib: fix AIX build issues [112] o lib: fix building with wolfSSL without DES support [134] o lib: make SSPI global symbols use Curl_ prefix [251] o lib: prefer `CURL_SHA256_DIGEST_LENGTH` over the unprefixed name [132] o lib: remove the final strncpy() calls [240] o lib: remove use of RANDOM_FILE [235] o libcurl.def: move from / into lib [238] o libcurl.pc: add `Cflags.private` [10] o libcurl.pc: add reference to `libgsasl` [150] o libcurl/docs: expand on redirect following and secrets to other hosts [85] o llist: remove direct struct accesses, use only functions [72] o Makefile.dist: fix `ca-firefox` target [254] o Makefile.mk: fixup enabling libidn2 [61] o Makefile: remove 'scripts' duplicate from DIST_SUBDIRS o maketgz: accept option to include latest commit hash [5] o maketgz: fix RELEASE-TOOLS.md for daily tarballs [243] o maketgz: move from / into scripts [237] o managen: fix superfluous leading blank line in quoted sections [211] o managen: in man output, remove the leading space from examples [198] o managen: wordwrap long example lines in ASCII output [143] o manpage: ensure a maximum width for the text version [75] o max-filesize.md: mention zero disables the limit [93] o mbedtls: add more informative logging [162] o mbedtls: fix setting tls version [200] o mbedtls: no longer use MBEDTLS_SSL_VERIFY_OPTIONAL [181] o mime: avoid inifite loop in client reader [155] o mk-ca-bundle.pl: include a link to the caextract webpage [68] o multi: make the "general" list of easy handles a Curl_llist [97] o multi: on socket callback error, remove socket hash entry nonetheless [149] o ngtcp2/osslq: remove NULL pointer dereferences [213] o ngtcp2: use NGHTTP3 prefix instead of NGTCP2 for errors in h3 callbacks [79] o openssl quic: fix memory leak [229] o openssl: certinfo errors now fail correctly [250] o openssl: fix the data race when sharing an SSL session between threads [221] o openssl: improve shutdown handling [44] o pingpong: drain the input buffer when reading responses [193] o POP3: fix multi-line responses [168] o pop3: use the protocol handler ->write_resp [220] o printf: fix mingw-w64 format checks [228] o progress: ratelimit/progress tweaks [32] o pytests: add tests for HEAD requests in all HTTP versions [42] o rand: only provide weak random when needed [233] o runtests: if DISABLED cannot be read, error out [56] o runtests: log ignored but passed tests [130] o runtests: remove "has_textaware" [217] o rustls: fix setting tls version [202] o rustls: make all tests pass [1] o schannel: avoid malloc for CAinfo_blob_digest [247] o scorecard: tweak request measurements [139] o sectransp: fix setting tls version [204] o SECURITY: mention OpenSSF best practices gold badge [161] o setopt: allow CURLOPT_INTERFACE to be set to NULL [165] o setopt: let CURLOPT_ECH set to NULL reset to default [187] o setopt: make CURLOPT_TFTP_BLKSIZE accept bad values [184] o sha256: fix symbol collision between nettle (GnuTLS) and OpenSSL [135] o share: don't reinitialize conncache [214] o sigpipe: init the struct so that first apply ignores [49] o smb: convert superflous assign into assert [246] o smtp: add tracing feature [120] o splay: use access functions, add asserts, use Curl_timediff [121] o spnego_gssapi: implement TLS channel bindings for openssl [146] o src: delete `curlx_m*printf()` aliases [197] o src: fix potential macro confusion in cmake unity builds [208] o src: namespace symbols clashing with lib [248] o src: replace copy of printf mappings with an include [190] o ssh: deduplicate SSH backend includes (and fix libssh cmake unity build) [177] o system_win32: fix typo o test httpd: tweak cipher list [124] o test1521: verify setting options to NULL better [182] o test1707: output diff more for debugging differences in CI outputs o test556: improve robustness [64] o test579: improve robustness [60] o test587: improve robustness [123] o test649: improve robustness [122] o test677: improve robustness [47] o tests/runner: only allow [!A-Za-z0-9_-] in %if feature names [55] o tests: constrain http pytest to tests/http directory [205] o tests: don't mangle output if hostname or type unknown o tests: ignore QUIT from FTP protocol comparisons [108] o tests: provide docs as curldown, not nroff [12] o tidy-up: misc build, tests, `lib/macos.c` [172] o tidy-up: OS names [57] o tool_operhlp: fix "potentially uninitialized local variable 'pc' used" [48] o tool_paramhlp: bump maximum post data size in memory to 16GB [128] o transfer: Curl_sendrecv() and event related improvements [164] o transfer: remove comments, add asserts [218] o transfer: skip EOS read when download done [196] o url: dns_entry related improvements [16] o url: fix connection reuse for HTTP/2 upgrades [236] o urlapi: verify URL *decoded* hostname when set [160] o urldata: introduce `data->mid`, a unique identifier inside a multi [127] o urldata: remove 'scratch' from the UrlState struct [86] o urldata: remove crlf_conversions counter [232] o urldata: remove proxy_connect_closed bit [178] o verify-release: shell script that verifies a release tarball [29] o version: fix shadowing a `libssh.h` symbol [176] o vtls: add SSLSUPP_CIPHER_LIST [107] o vtls: fix MSVC 'cast truncates constant value' warning [23] o vtls: fix static function name collisions between TLS backends [136] o vtls: init ssl peer only once [15] o websocket: introduce blocking sends [145] o wolfssl: avoid taking cached x509 store ref if sslctx already using it [88] o wolfssl: fix CURLOPT_SSLVERSION [144] o wolfssl: fix setting tls version [201] o wolfssl: improve shutdown handling [43] o ws: flags to opcodes should ignore CURLWS_CONT flag [104] o x509asn1: raise size limit for x509 certification information [28] Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 1d66bc478b7491930560135390be902c08ebc8df Author: Michael Tremer Date: Mon Sep 23 19:44:42 2024 +0000 web: Fix reloading graphs Suggested-by: Leo-Andres Hofmann Signed-off-by: Michael Tremer commit aab8f48aae5f9cb6335cb3d8c1ca29f86e915ad2 Author: Michael Tremer Date: Mon Sep 23 19:35:24 2024 +0000 make.sh: Flag rootfiles that have lines starting with + or - Signed-off-by: Michael Tremer commit 8ce034f7d2e3099e6d7a6382b9b86f0af8dfb2ba Author: Michael Tremer Date: Mon Sep 23 17:43:10 2024 +0000 core189: Ship libfdt (from dtc) Signed-off-by: Michael Tremer commit 025fb3b2d29b535bf6e5efd32732348b1ad0aecb Author: Michael Tremer Date: Mon Sep 23 14:39:04 2024 +0000 core189: Ship ntp because of OpenSSL mismatch warning Signed-off-by: Michael Tremer