Fwd: Re: [RELEASE] curl 7.56.0

[Michael Felt]

My bad - sent to wrong list.
Now to the correct list! :)



-------- Forwarded Message --------
Subject:        Re: [RELEASE] curl 7.56.0
Date:   Thu, 12 Oct 2017 19:10:53 +0200
From:   Michael Felt <mich...@felt.demon.nl>
To:     Daniel Stenberg <dan...@haxx.se>, sudo-work...@sudo.ws



On 12/10/2017 18:04, Michael Felt wrote:

On 04/10/2017 08:06, Daniel Stenberg wrote:

Hi friends!

Another release is out. This time with some intersting news, 89 bugfixes and a special attention on the security vulnerability (see separate mail).

Download curl as always from https://curl.haxx.se/

FYI: I do not remember a dependency on gmake aka GNU make before.

b) still looking, but get this error:

"/usr/include/openssl/crypto.h", line 518.44: 1506-275 (S) Unexpected text free_func encountered. "/usr/include/openssl/crypto.h", line 523.47: 1506-275 (S) Unexpected text free_func encountered. "/usr/include/openssl/asn1.h", line 925.46: 1506-275 (S) Unexpected text free_func encountered. "/usr/include/openssl/asn1.h", line 1079.49: 1506-275 (S) Unexpected text free_func encountered. "/usr/include/openssl/objects.h", line 1009.31: 1506-275 (S) Unexpected text free_func encountered. "/usr/include/openssl/ec.h", line 858.41: 1506-275 (S) Unexpected text free_func encountered. "/usr/include/openssl/ec.h", line 870.44: 1506-275 (S) Unexpected text free_func encountered.

p.s. I just did a make clean; make of curl-7.54.1 - and no errors - so
something in the curl-code is making life interesting for/to me.
I cannot compare with 7.55 - as I was never able to get that to build
either.

The lowest level message I can get re: free_text shows up in:
"/usr/include/openssl/crypto.h", line 366.14: 1506-455 (I)
defined(CRYPTO_MDEBUG_ALL) evaluates to 0.
"/usr/include/openssl/crypto.h", line 366.43: 1506-455 (I)
defined(CRYPTO_MDEBUG_TIME) evaluates to 0.
"/usr/include/openssl/crypto.h", line 366.73: 1506-455 (I)
defined(CRYPTO_MDEBUG_THREAD) evaluates to 0.
"/usr/include/openssl/crypto.h", line 366.3: 1506-454 (I) if condition
evaluates to 0.
"/usr/include/openssl/crypto.h", line 366.3: 1506-464 (I) Begin skipping
tokens.
"/usr/include/openssl/crypto.h", line 367.4: 1506-460 (I) ifndef nesting
level is 11.
"/usr/include/openssl/crypto.h", line 369.4: 1506-460 (I) endif nesting
level is 11.
"/usr/include/openssl/crypto.h", line 370.3: 1506-460 (I) endif nesting
level is 10.
"/usr/include/openssl/crypto.h", line 370.3: 1506-456 (I) Stop skipping
tokens.
"/usr/include/openssl/crypto.h", line 428.44: 1506-492 (I) Redefinition
of free_func hides previous definition.
"/usr/include/openssl/crypto.h", line 477.3: 1506-460 (I) ifndef nesting
level is 10.
"/usr/include/openssl/crypto.h", line 477.3: 1506-454 (I) ifndef
condition evaluates to 1.
"/usr/include/openssl/crypto.h", line 481.3: 1506-460 (I) endif nesting
level is 10.
"/usr/include/openssl/crypto.h", line 518.44: 1506-275 (S) Unexpected
text free_func encountered.
"/usr/include/openssl/crypto.h", line 523.47: 1506-275 (S) Unexpected
text free_func encountered.
"http_ntlm.lst" The cursor is at line 8118 of 16207 --50%-- .


rmichael@x071:[/data/prj/aixtools]ls -l curl*/lib/http*lst
-rw-r--r-- 1 root felt 1393402 Oct 12 16:50 curl-7.54.1/lib/http_ntlm.lst
-rw-r--r-- 1 root felt 1391345 Oct 12 16:54 curl-7.56.0/lib/http_ntlm.lst

I can send the entire diff of the two files - but what might be
interesting is:

-"/usr/include/sys/stat.h", line 63.14: 1506-455 (I)
defined(_LARGE_FILES) evaluates to 0.
-"/usr/include/sys/stat.h", line 63.40: 1506-455 (I) defined(_KERNEL)
evaluates to 0.
-"/usr/include/sys/stat.h", line 63.2: 1506-454 (I) if condition
evaluates to 1.
+"/usr/include/sys/stat.h", line 63.14: 1506-455 (I)
defined(_LARGE_FILES) evaluates to 1.
+"/usr/include/sys/stat.h", line 63.2: 1506-454 (I) if condition
evaluates to 0.
+"/usr/include/sys/stat.h", line 63.2: 1506-464 (I) Begin skipping tokens.
 "/usr/include/sys/stat.h", line 73.2: 1506-460 (I) ifdef nesting level
is 8.
-"/usr/include/sys/stat.h", line 73.2: 1506-454 (I) ifdef condition
evaluates to 0.
-"/usr/include/sys/stat.h", line 73.2: 1506-464 (I) Begin skipping tokens.
 "/usr/include/sys/stat.h", line 76.2: 1506-460 (I) else nesting level
is 8.
-"/usr/include/sys/stat.h", line 76.2: 1506-456 (I) Stop skipping tokens.
 "/usr/include/sys/stat.h", line 78.2: 1506-460 (I) endif nesting level
is 8.
 "/usr/include/sys/stat.h", line 81.2: 1506-460 (I) ifdef nesting level
is 8.
-"/usr/include/sys/stat.h", line 81.2: 1506-454 (I) ifdef condition
evaluates to 0.
-"/usr/include/sys/stat.h", line 81.2: 1506-464 (I) Begin skipping tokens.
 "/usr/include/sys/stat.h", line 86.2: 1506-460 (I) else nesting level
is 8.
-"/usr/include/sys/stat.h", line 86.2: 1506-456 (I) Stop skipping tokens.
 "/usr/include/sys/stat.h", line 89.2: 1506-460 (I) endif nesting level
is 8.
 "/usr/include/sys/stat.h", line 94.2: 1506-460 (I) ifndef nesting
level is 8.
-"/usr/include/sys/stat.h", line 94.2: 1506-454 (I) ifndef condition
evaluates to 0.
-"/usr/include/sys/stat.h", line 94.2: 1506-464 (I) Begin skipping tokens.
 "/usr/include/sys/stat.h", line 96.2: 1506-460 (I) else nesting level
is 8.
-"/usr/include/sys/stat.h", line 96.2: 1506-456 (I) Stop skipping tokens.
 "/usr/include/sys/stat.h", line 98.2: 1506-460 (I) endif nesting level
is 8.
 "/usr/include/sys/stat.h", line 116.2: 1506-460 (I) ifdef nesting
level is 8.
-"/usr/include/sys/stat.h", line 116.2: 1506-454 (I) ifdef condition
evaluates to 1.
 "/usr/include/sys/stat.h", line 119.2: 1506-460 (I) endif nesting
level is 8.
 "/usr/include/sys/stat.h", line 122.2: 1506-460 (I) endif nesting
level is 7.
+"/usr/include/sys/stat.h", line 122.2: 1506-456 (I) Stop skipping tokens.
 "/usr/include/sys/stat.h", line 124.2: 1506-460 (I) ifdef nesting
level is 7.
 "/usr/include/sys/stat.h", line 124.2: 1506-454 (I) ifdef condition
evaluates to 0.
 "/usr/include/sys/stat.h", line 124.2: 1506-464 (I) Begin skipping tokens.
@@ -3971,21 +3960,20 @@
 "/usr/include/sys/stat.h", line 167.2: 1506-460 (I) endif nesting
level is 7.
 "/usr/include/sys/stat.h", line 167.2: 1506-456 (I) Stop skipping tokens.
 "/usr/include/sys/stat.h", line 170.2: 1506-460 (I) if nesting level is 7.
-"/usr/include/sys/stat.h", line 170.13: 1506-455 (I)
defined(_LARGE_FILES) evaluates to 0.
-"/usr/include/sys/stat.h", line 170.38: 1506-455 (I)
defined(_LARGE_FILE_API) evaluates to 1.
+"/usr/include/sys/stat.h", line 170.13: 1506-455 (I)
defined(_LARGE_FILES) evaluates to 1.

Question: is the processing of _LARGE_FILES during configure changed?

I do not notice anything 'exciting' when I compare the two Makefiles
using diff -u

Maybe you have something you would like to look at - I could add an
attachment later.

Michael

I do not think it is the version of openssl (this is 1.0.2j)

root@x064:[/data/prj/aixtools/curl-7.56.0]lslpp -w | grep openssl.h
  /usr/include/openssl/hmac.h openssl.base          File

root@x064:[/data/prj/aixtools/curl-7.56.0]lslpp -w "/usr/include/openssl/crypto.h"

  File Fileset               Type

----------------------------------------------------------------------------

  /usr/include/openssl/crypto.h openssl.base          File
root@x064:[/data/prj/aixtools/curl-7.56.0]lslpp -L openssl.base

  Fileset                      Level  State  Type  Description (Uninstaller) ----------------------------------------------------------------------------   openssl.base            1.0.2.1000    C     F    Open Secure Socket Layer

  +511  /*

  +512   * CRYPTO_set_mem_functions includes CRYPTO_set_locked_mem_functions -- call

  +513   * the latter last if you need different functions
  +514   */

  +515  int CRYPTO_set_mem_functions(void *(*m) (size_t), void *(*r) (void *, size_t),

  +516                               void (*f) (void *));
  +517  int CRYPTO_set_locked_mem_functions(void *(*m) (size_t),
  +518                                      void (*free_func) (void *));

  +519  int CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const char *, int),   +520                                  void *(*r) (void *, size_t, const char *,   +521                                              int), void (*f) (void *));   +522  int CRYPTO_set_locked_mem_ex_functions(void *(*m) (size_t, const char *, int),   +523                                         void (*free_func) (void *)); "/usr/include/openssl/crypto.h" The cursor is at line 523 of 677 --77%-- .

Curl and libcurl 7.56.0

 Public curl releases:         169
 Command line options:         211
 curl_easy_setopt() options:   249
 Public functions in libcurl:  74
 Contributors:                 1618

This release includes the following changes:

 o curl: enable compression for SCP/SFTP with --compressed-ssh [11]

 o libcurl: enable compression for SCP/SFTP with CURLOPT_SSH_COMPRESSION [11]  o vtls: added dynamic changing SSL backend with curl_global_sslset() [28]

 o new MIME API, curl_mime_init() and friends [32]
 o openssl: initial SSLKEYLOGFILE implementation [36]

This release includes the following bugfixes:

 o FTP: zero terminate the entry path even on bad input [67]
 o examples/ftpuploadresume.c: use portable code
 o runtests: match keywords case insensitively
 o travis: build the examples too [1]
 o strtoofft: reduce integer overflow risks globally [2]
 o zsh.pl: produce a working completion script again [3]
 o cmake: remove dead code for CURL_DISABLE_RTMP [4]
 o progress: Track total times following redirects [5]
 o configure: fix --disable-threaded-resolver [6]
 o cmake: remove dead code for DISABLED_THREADSAFE [7]
 o configure: fix clang version detection
 o darwinssi: fix error: variable length array used
 o travis: add metalink to some osx builds [8]
 o configure: check for __builtin_available() availability [9]
 o http_proxy: fix build error for CURL_DOES_CONVERSIONS [10]
 o examples/ftpuploadresume: checksrc compliance
 o ftp: fix CWD when doing multicwd then nocwd on same connection [12]
 o system.h: remove all CURL_SIZEOF_* defines [13]
 o http: Don't wait on CONNECT when there is no proxy [14]
 o system.h: check for __ppc__ as well [15]
 o http2_recv: return error better on fatal h2 errors [16]
 o scripts/contri*sh: use "git log --use-mailmap"
 o tftp: fix memory leak on too long filename [17]
 o system.h: fix build for hppa [18]
 o cmake: enable picky compiler options with clang and gcc [19]
 o makefile.m32: add support for libidn2 [20]
 o curl: turn off MinGW CRT's globbing [21]
 o request-target.d: mention added in 7.55.0
 o curl: shorten and clean up CA cert verification error message [22]
 o imap: support PREAUTH [23]
 o CURLOPT_USERPWD.3: see also CURLOPT_PROXYUSERPWD
 o examples/threaded-ssl: mention that this is for openssl before 1.1
 o winbuild: fix embedded manifest option [24]
 o tests: Make sure libtests & unittests call curl_global_cleanup()
 o system.h: include sys/poll.h for AIX [25]
 o darwinssl: handle long strings in TLS certs [26]
 o strtooff: fix build for systems with long long but no strtoll [27]
 o asyn-thread: Improved cleanup after OOM situations
 o HELP-US.md: "How to get started helping out in the curl project" [29]
 o curl.h: CURLSSLBACKEND_WOLFSSL used wrong value [30]
 o unit1301: fix error message on first test
 o ossfuzz: moving towards the ideal integration [31]
 o http: fix a memory leakage in checkrtspprefix()
 o examples/post-callback: stop returning one byte at a time
 o schannel: return CURLE_SSL_CACERT on failed verification [33]
 o MAIL-ETIQUETTE: added "1.9 Your emails are public"
 o http-proxy: treat all 2xx as CONNECT success [34]
 o openssl: use OpenSSL's default ciphers by default [35]
 o runtests.pl: support attribute "nonewline" in part verify/upload
 o configure: remove --enable-soname-bump and SONAME_BUMP [37]
 o travis: add c-ares enabled builds linux + osx [38]
 o vtls: fix WolfSSL 3.12 build problems [39]

 o http-proxy: when not doing CONNECT, that phase is done immediately [40]

 o configure: fix curl_off_t check's include order [41]
 o configure: use -Wno-varargs on clang 3.9[.X] debug builds
 o rtsp: do not call fwrite() with NULL pointer FILE * [42]
 o mbedtls: enable CA path processing [43]
 o travis: add build without HTTP/SMTP/IMAP
 o checksrc: verify more code style rules [44]
 o HTTP proxy: on connection re-use, still use the new remote port [45]
 o tests: add initial gssapi test using stub implementation [46]
 o rtsp: Segfault when using WRITEDATA [47]
 o docs: clarify the CURLOPT_INTERLEAVE* options behavior
 o non-ascii: use iconv() with 'char **' argument [48]
 o server/getpart: provide dummy function to build conversion enabled
 o conversions: fix several compiler warnings
 o openssl: add missing includes [49]
 o schannel: Support partial send for when data is too large [50]
 o socks: fix incorrect port number in SOCKS4 error message [51]
 o curl: fix integer overflow in timeout options [52]
 o travis: on mac, don't install openssl or libidn [53]
 o cookies: reject oversized cookies instead of truncating [54]
 o cookies: use lock when using CURLINFO_COOKIELIST [55]
 o curl: check fseek() return code and bail on error
 o examples/post-callback: use long for CURLOPT_POSTFIELDSIZE
 o openssl: only verify RSA private key if supported [56]
 o tests: make the imap server not verify user+password [57]
 o imap: quote atoms properly when escaping characters [58]
 o tests: fix a compiler warning in test 643
 o file_range: avoid integer overflow when figuring out byte range [59]
 o curl.h: include <sys/select.h> on cygwin too [60]
 o reuse_conn: don't copy flags that are known to be equal [61]
 o http: fix adding custom empty headers to repeated requests [62]
 o docs: clarify the use of environment variables for proxy [63]
 o docs: link CURLOPT_CONNECTTIMEOUT and CURLOPT_CONNECTTIMEOUT_MS [64]
 o connect: fix race condition with happy eyeballs timeout [65]
 o cookie: fix memory leak if path was set twice in header [66]
 o vtls: compare and clone ssl configs properly [68]
 o proxy: read the "no_proxy" variable only if necessary [69]

This release includes the following known bugs:

 o see docs/KNOWN_BUGS (https://curl.haxx.se/docs/knownbugs.html)

This release would not have looked like this without help, code, reports and

advice from friends like these:

  Anders Bakken, Andrei Karas, Benbuck Nason, Ben Greear, Benjamin Sergeant,   Bill Pyne, Brian Carpenter, Dan Fandrich, Daniel Stenberg, David Benjamin,

  Dirk Feytons, Even Rouault, Frank Denis, Gergely Nagy, Gisle Vanem,
  Ian Fette, imilli on github, Isaac Boukris, Jackarain on github,
  Jakub Zakrzewski, Jan Alexander Steffens, Johannes Schindelin,
  John David Anglin, joshhe on github, Kamil Dudka, Kevin Smith,
  Lawrence Wagerfield, Maksim Stsepanenka, Marc Aldorasi, Marcel Raad,
  Max Dymond, Michael Kaufmann, Michael Smith, Nick Zitzmann,
  Nicolas Morey-Chaisemartin, Oli Kingshott, Patrick Monnerat, Pavel P,

  Peter Lamare, Peter Wu, Ray Satiro, Rich Gray, Ryan Schmidt, Ryan Winograd,

  SBKarr on github, Tatsuhiro Tsujikawa, Viktor Szakáts,
  (47 contributors)

        Thanks! (and sorry if I forgot to mention someone)

References to bug reports and discussions on issues:

 [1] = https://curl.haxx.se/bug/?i=1777
 [2] = https://curl.haxx.se/bug/?i=1758
 [3] = https://curl.haxx.se/bug/?i=1779
 [4] = https://curl.haxx.se/bug/?i=1785
 [5] = https://curl.haxx.se/bug/?i=1602
 [6] = https://curl.haxx.se/bug/?i=1784
 [7] = https://curl.haxx.se/bug/?i=1786
 [8] = https://curl.haxx.se/bug/?i=1790
 [9] = https://curl.haxx.se/bug/?i=1788
 [10] = https://curl.haxx.se/bug/?i=1793
 [11] = https://curl.haxx.se/bug/?i=1735
 [12] = https://curl.haxx.se/bug/?i=1782
 [13] = https://curl.haxx.se/bug/?i=1767
 [14] = https://curl.haxx.se/bug/?i=1803
 [15] = https://curl.haxx.se/bug/?i=1797
 [16] = https://curl.haxx.se/bug/?i=1021
 [17] = https://curl.haxx.se/bug/?i=1808
 [18] = https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872502#10
 [19] = https://curl.haxx.se/bug/?i=1799
 [20] = https://curl.haxx.se/bug/?i=1815
 [21] = https://curl.haxx.se/bug/?i=1751
 [22] = https://curl.haxx.se/bug/?i=1810
 [23] = https://curl.haxx.se/bug/?i=1818
 [24] = https://curl.haxx.se/bug/?i=1832
 [25] = https://curl.haxx.se/bug/?i=1828
 [26] = https://curl.haxx.se/bug/?i=1823
 [27] = https://curl.haxx.se/bug/?i=1829
 [28] = https://curl.haxx.se/libcurl/c/curl_global_sslset.html
 [29] = https://curl.haxx.se/bug/?i=1837
 [30] = https://curl.haxx.se/mail/lib-2017-08/0120.html
 [31] = https://curl.haxx.se/bug/?i=1842
 [32] = https://curl.haxx.se/bug/?i=1839
 [33] = https://curl.haxx.se/bug/?i=1858
 [34] = https://curl.haxx.se/bug/?i=1859
 [35] = https://curl.haxx.se/bug/?i=1846
 [36] = https://curl.haxx.se/bug/?i=1866
 [37] = https://curl.haxx.se/bug/?i=1861
 [38] = https://curl.haxx.se/bug/?i=1868
 [39] = https://curl.haxx.se/bug/?i=1865
 [40] = https://curl.haxx.se/bug/?i=1853
 [41] = https://curl.haxx.se/bug/?i=1870
 [42] = https://curl.haxx.se/bug/?i=1874
 [43] = https://curl.haxx.se/bug/?i=1877
 [44] = https://curl.haxx.se/bug/?i=1878
 [45] = https://curl.haxx.se/bug/?i=1887
 [46] = https://curl.haxx.se/bug/?i=1687
 [47] = https://curl.haxx.se/bug/?i=1880
 [48] = https://curl.haxx.se/mail/lib-2017-09/0031.html
 [49] = https://curl.haxx.se/bug/?i=1891
 [50] = https://curl.haxx.se/bug/?i=1890
 [51] = https://curl.haxx.se/bug/?i=1892
 [52] = https://curl.haxx.se/bug/?i=1893
 [53] = https://curl.haxx.se/bug/?i=1895
 [54] = https://curl.haxx.se/bug/?i=1894
 [55] = https://curl.haxx.se/bug/?i=1896
 [56] = https://curl.haxx.se/bug/?i=1904
 [57] = https://curl.haxx.se/bug/?i=1902
 [58] = https://curl.haxx.se/bug/?i=1902
 [59] = https://curl.haxx.se/bug/?i=1908
 [60] = https://curl.haxx.se/bug/?i=1925
 [61] = https://curl.haxx.se/bug/?i=1918
 [62] = https://curl.haxx.se/bug/?i=1920
 [63] = https://curl.haxx.se/bug/?i=1921
 [64] = https://curl.haxx.se/bug/?i=1922
 [65] = https://curl.haxx.se/bug/?i=1928
 [66] = https://curl.haxx.se/bug/?i=1932
 [67] = https://curl.haxx.se/docs/adv_20171004.html
 [68] = https://curl.haxx.se/bug/?i=1917
 [69] = https://curl.haxx.se/bug/?i=1919


-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html