| _ _ ____ _ |
| ___| | | | _ \| | |
| / __| | | | |_) | | |
| | (__| |_| | _ <| |___ |
| \___|\___/|_| \_\_____| |
| |
| Changelog |
| |
| Version 7.80.0 (10 Nov 2021) |
| |
| Daniel Stenberg (10 Nov 2021) |
| - RELEASE-NOTES: synced |
| |
| for curl 7.80.0 |
| |
| - THANKS: add contributors from the 7.80.0 cycle |
| |
| - [Tatsuhiro Tsujikawa brought this change] |
| |
| ngtcp2: advertise h3 as well as h3-29 |
| |
| Advertise h3 as well as h3-29 since some servers out there require h3 |
| for QUIC v1. |
| |
| Closes #7979 |
| |
| - [Tatsuhiro Tsujikawa brought this change] |
| |
| ngtcp2: use QUIC v1 consistently |
| |
| Since we switched to v1 quic_transport_parameters codepoint in #7960 |
| with quictls, lets use QUIC v1 consistently. |
| |
| Closes #7979 |
| |
| - [Tatsuhiro Tsujikawa brought this change] |
| |
| ngtcp2: compile with the latest nghttp3 |
| |
| Closes #7978 |
| |
| Marc Hoersken (9 Nov 2021) |
| - tests: add Schannel-specific tests and disable unsupported ones |
| |
| Adds Schannel variants of SSLpinning tests that include the option |
| --ssl-revoke-best-effort to ignore certificate revocation check |
| failures which is required due to our custom test CA certificate. |
| |
| Disable the original variants if the Schannel backend is enabled. |
| |
| Also skip all IDN tests which are broken while using an msys shell. |
| |
| This is a step to simplify test exclusions for Windows and MinGW. |
| |
| Reviewed-by: Jay Satiro |
| Reviewed-by: Marcel Raad |
| Reviewed-by: Daniel Stenberg |
| Closes #7968 |
| |
| Daniel Stenberg (8 Nov 2021) |
| - docs: NAME fixes in easy option man pages |
| |
| Closes #7975 |
| |
| - [Roger Young brought this change] |
| |
| ftp: make the MKD retry to retry once per directory |
| |
| Reported-by: Roger Young |
| Fixes #7967 |
| Closes #7976 |
| |
| - tool_operate: reorder code to avoid compiler warning |
| |
| tool_operate.c(889) : warning C4701: potentially uninitialized local |
| variable 'per' use |
| |
| Follow-up to cc71d352651a0d95 |
| Reported-by: Marc Hörsken |
| Bug: https://github.com/curl/curl/pull/7922#issuecomment-963042676 |
| Closes #7971 |
| |
| - curl_easy_perform.3: add a para about recv and send data |
| |
| Reported-by: Godwin Stewart |
| Fixes #7973 |
| Closes #7974 |
| |
| - tool_operate: fclose stream only if fopened |
| |
| Fixes torture test failures |
| Follow-up to cc71d352651 |
| |
| Closes #7972 |
| |
| - libcurl-easy.3: language polish |
| |
| - limit-rate.d: this is average over several seconds |
| |
| Closes #7970 |
| |
| - docs: reduce/avoid English contractions |
| |
| You're => You are |
| Hasn't => Has not |
| Doesn't => Does not |
| Don't => Do not |
| You'll => You will |
| etc |
| |
| Closes #7930 |
| |
| - tool_operate: fix torture leaks with etags |
| |
| Spotted by torture testing 343 344 345 347. |
| |
| Follow-up from cc71d352651a0 |
| Pointed-out-by: Dan Fandrich |
| |
| Closes #7969 |
| |
| - [Amaury Denoyelle brought this change] |
| |
| ngtcp2: support latest QUIC TLS RFC9001 |
| |
| QUIC Transport Parameters Extension has been changed between draft-29 |
| and latest RFC9001. Most notably, its identifier has been updated from |
| 0xffa5 to 0x0039. The version is selected through the QUIC TLS library |
| via the legacy codepoint. |
| |
| Disable the usage of legacy codepoint in curl to switch to latest |
| RFC9001. This is required to be able to keep up with latest QUIC |
| implementations. |
| |
| Acked-by: Tatsuhiro Tsujikawa |
| Closes #7960 |
| |
| - test1173: make manpage-syntax.pl spot \n errors in examples |
| |
| - man pages: fix backslash-n in examples |
| |
| ... to be proper backslash-backslash-n sequences to render nicely in man |
| and on website. |
| |
| Follow-up to 24155569d8a |
| Reported-by: Sergey Markelov |
| |
| Fixes https://github.com/curl/curl-www/issues/163 |
| Closes #7962 |
| |
| - scripts/release-notes.pl: use out of repo links verbatim in refs |
| |
| - tool_operate: a failed etag save now only fails that transfer |
| |
| When failing to create the output file for saving an etag, only fail |
| that particular single transfer and allow others to follow. |
| |
| In a serial transfer setup, if no transfer at all is done due to them |
| all being skipped because of this error, curl will output an error |
| message and return exit code 26. |
| |
| Added test 369 and 370 to verify. |
| |
| Reported-by: Earnestly on github |
| Ref: #7942 |
| Closes #7945 |
| |
| - [Kevin Burke brought this change] |
| |
| .github: retry macos "brew install" command on failure |
| |
| Previously we saw errors attempting to run "brew install", see |
| https://github.com/curl/curl/runs/4095721123?check_suite_focus=true for |
| an example, since this command is idempotent, it is safe to run again. |
| |
| Closes #7955 |
| |
| - CURLOPT_ALTSVC_CTRL.3: mention conn reuse is preferred |
| |
| Ref: https://github.com/curl/curl/discussions/7954 |
| |
| Closes #7957 |
| |
| - RELEASE-NOTES: synced |
| |
| - zuul: pin the quiche build to use an older cmake-rs |
| |
| The latest cmake-rs assumes cmake's --parallel works. That was added in |
| cmake 3.12, but a lot of our CI builds run on Ubuntu Bionic which only |
| has cmake 3.10. |
| |
| Fixes #7927 |
| Closes #7952 |
| |
| - [Marc Hoersken brought this change] |
| |
| Revert "src/tool_filetime: disable -Wformat on mingw for this file" |
| |
| This reverts commit 7c88fe375b15c44d77bccc9ab733b8069d228e6f. |
| |
| Follow up to #6535 as the pragma is obsolete with warnf |
| |
| Closes #7941 |
| |
| Jay Satiro (2 Nov 2021) |
| - schannel: fix memory leak due to failed SSL connection |
| |
| - Call schannel_shutdown if the SSL connection fails. |
| |
| Prior to this change schannel_shutdown (which shuts down the SSL |
| connection as well as memory cleanup) was not called when the SSL |
| connection failed (eg due to failed handshake). |
| |
| Co-authored-by: Gisle Vanem |
| |
| Fixes https://github.com/curl/curl/issues/7877 |
| Closes https://github.com/curl/curl/pull/7878 |
| |
| Daniel Stenberg (2 Nov 2021) |
| - Curl_updateconninfo: store addresses for QUIC connections too |
| |
| So that CURLINFO_PRIMARY_IP etc work for HTTP/3 like for other HTTP |
| versions. |
| |
| Reported-by: Jerome Mao |
| Fixes #7939 |
| Closes #7944 |
| |
| - [Sergio Durigan Junior brought this change] |
| |
| curl.1: fix typos in the manpage |
| |
| s/transfering/transferring/ |
| s/transfered/transferred/ |
| |
| Signed-off-by: Sergio Durigan Junior <sergiodj@sergiodj.net> |
| Closes #7937 |
| |
| Marc Hoersken (1 Nov 2021) |
| - tests/smbserver.py: fix compatibility with impacket 0.9.23+ |
| |
| impacket now performs sanity checks if the requested and to |
| be served file path actually is inside the real share path. |
| |
| Ref: https://github.com/SecureAuthCorp/impacket/pull/1066 |
| |
| Fixes #7924 |
| Closes #7935 |
| |
| Daniel Stenberg (1 Nov 2021) |
| - docs: reduce use of "very" |
| |
| "Very" should be avoided in most texts. If intensifiers are needed, try |
| find better words instead. |
| |
| Closes #7936 |
| |
| - [Tatsuhiro Tsujikawa brought this change] |
| |
| ngtcp2: specify the missing required callback functions |
| |
| Closes #7929 |
| |
| - CURLOPT_[PROXY]_SSL_CIPHER_LIST.3: bold instead of quote |
| |
| Bold the example ciphers instead of using single quotes, which then also |
| avoids the problem of how to use single quotes when first in a line. |
| |
| Also rephrased the pages a little. |
| |
| Reported-by: Sergio Durigan Junior |
| Ref: #7928 |
| Closes #7934 |
| |
| - gen.pl: replace leading single quotes with \(aq |
| |
| ... and allow single quotes to be used "normally" in the .d files. |
| |
| Makes the output curl.1 use better nroff. |
| |
| Reported-by: Sergio Durigan Junior |
| Ref: #7928 |
| Closes #7933 |
| |
| Marc Hoersken (1 Nov 2021) |
| - tests: kill some test servers afterwards to avoid locked logfiles |
| |
| Reviewed-by: Daniel Stenberg |
| Closes #7925 |
| |
| Daniel Stenberg (1 Nov 2021) |
| - smooth-gtk-thread.c: enhance the mutex lock use |
| |
| Reported-by: ryancaicse on github |
| Fixes #7926 |
| Closes #7931 |
| |
| Marc Hoersken (31 Oct 2021) |
| - CI/runtests.pl: restore -u flag, but remove it from CI runs |
| |
| This makes it possible to use -u again for local testing, |
| but removes the flag from CI config files and make targets. |
| |
| Reviewed-by: Daniel Stenberg |
| |
| Partially reverts #7841 |
| Closes #7921 |
| |
| Daniel Stenberg (29 Oct 2021) |
| - [Jonathan Cardoso Machado brought this change] |
| |
| CURLOPT_HSTSWRITEFUNCTION.3: using CURLOPT_HSTS_CTRL is required |
| |
| Closes #7923 |
| |
| - [Axel Morawietz brought this change] |
| |
| imap: display quota information |
| |
| Show response to "GETQUOTAROOT INBOX" command. |
| |
| Closes #6973 |
| |
| - RELEASE-NOTES: synced |
| |
| - [Boris Rasin brought this change] |
| |
| cmake: fix error getting LOCATION property on non-imported target |
| |
| Closes #7885 |
| |
| - [x2018 brought this change] |
| |
| url: check the return value of curl_url() |
| |
| Closes #7917 |
| |
| - [Roy Li brought this change] |
| |
| configure.ac: replace krb5-config with pkg-config |
| |
| The rationale is that custom *-config tools don't work well when |
| cross-compiling or using sysroots (such as when using Yocto project) and |
| require custom fixing for each of them; pkg-config on the other hand |
| works similarly everywhere. |
| |
| Signed-off-by: Roy Li <rongqing.li@windriver.com> |
| Signed-off-by: Alexander Kanavin <alex@linutronix.de> |
| |
| Closes #7916 |
| |
| - test1160: edited to work with hyper |
| |
| Closes #7912 |
| |
| - data/DISABLED: enable tests that now work with hyper |
| |
| Closes #7911 |
| |
| - test559: add 'HTTP' in keywords |
| |
| Makes it run fine with hyper |
| |
| Closes #7911 |
| |
| - test552: updated to work with hyper |
| |
| Closes #7911 |
| |
| Marc Hoersken (27 Oct 2021) |
| - github: fix incomplete permission to label PRs for Hacktoberfest |
| |
| Unfortunately the GitHub API requires a token with write permission |
| for both issues and pull-requests to edit labels on even just PRs. |
| |
| Follow up to #7897 |
| |
| Daniel Stenberg (27 Oct 2021) |
| - opt-manpages: use 'Added in' instead of 'Since' |
| |
| Closes #7913 |
| |
| Marc Hoersken (27 Oct 2021) |
| - github: fix missing permission to label PRs for Hacktoberfest |
| |
| Follow up to #7897 |
| |
| Test references to see if permissions are now sufficient: |
| |
| Closes #7832 |
| Closes #7897 |
| |
| - CI: more use of test-ci make target and verbose output |
| |
| Replace test-nonflaky with test-ci and enable verbose output |
| in all remaining CIs except Zuul which is customized a lot. |
| |
| Reviewed-by: Daniel Stenberg |
| Reviewed-by: Jay Satiro |
| |
| Follow up to #7785 |
| Closes #7832 |
| |
| - github: add support for Hacktoberfest using labels |
| |
| Automatically add hacktoberfest-accepted label to PRs opened between |
| September 30th and November 1st once a commit with a close reference |
| to it is pushed onto the master branch. |
| |
| With this workflow we can participate in Hacktoberfest while not |
| relying on GitHub to identify PRs as merged due to our rebasing. |
| |
| Requires hacktoberfest-accepted labels to exist for PRs on the |
| participating repository. Also requires hacktoberfest topic on |
| the participating repository to avoid applying to forked repos. |
| |
| Reviewed-by: Daniel Stenberg |
| |
| Fixes #7865 |
| Closes #7897 |
| |
| Daniel Stenberg (27 Oct 2021) |
| - http: reject HTTP response codes < 100 |
| |
| ... which then also includes negative ones as test 1430 uses. |
| |
| This makes native + hyper backend act identically on this and therefore |
| test 1430 can now be enabled when building with hyper. Adjust test 1431 |
| as well. |
| |
| Closes #7909 |
| |
| - [Kerem Kat brought this change] |
| |
| docs: fix typo in CURLOPT_TRAILERFUNCTION example |
| |
| Closes #7910 |
| |
| - docs/HYPER: remove some remaining issues, add HTTP/0.9 limitation |
| |
| - configure: when hyper is selected, deselect nghttp2 |
| |
| Closes #7908 |
| |
| - [Patrick Monnerat brought this change] |
| |
| sendf: accept zero-length data in Curl_client_write() |
| |
| Historically, Curl_client_write() used a length value of 0 as a marker |
| for a null-terminated data string. This feature has been removed in |
| commit f4b85d2. To detect leftover uses of the feature, a DEBUGASSERT |
| statement rejecting a length with value 0 was introduced, effectively |
| precluding use of this function with zero-length data. |
| |
| The current commit removes the DEBUGASSERT and makes the function to |
| return immediately if length is 0. |
| |
| A direct effect is to fix trying to output a zero-length distinguished |
| name in openldap. |
| |
| Another DEBUGASSERT statement is also rephrased for better readability. |
| |
| Closes #7898 |
| |
| - hyper: disable test 1294 since hyper doesn't allow such crazy headers |
| |
| Closes #7905 |
| |
| - c-hyper: make CURLOPT_SUPPRESS_CONNECT_HEADERS work |
| |
| Verified by the enabled test 1288 |
| |
| Closes #7905 |
| |
| - test1287: make work on hyper |
| |
| Closes #7905 |
| |
| - test1266/1267: disabled on hyper: no HTTP/0.9 support |
| |
| Closes #7905 |
| |
| Viktor Szakats (25 Oct 2021) |
| - Makefile.m32: fix to not require OpenSSL with -libssh2 or -rtmp options |
| |
| Previously, -libssh2/-rtmp options assumed that OpenSSL is also enabled |
| (and then failed with an error when not finding expected OpenSSL headers), |
| but this isn't necessarly true, e.g. when building both libssh2 and curl |
| against Schannel. This patch makes sure to only enable the OpenSSL backend |
| with -libssh2/-rtmp, when there was no SSL option explicitly selected. |
| |
| - Re-implement the logic as a single block of script. |
| - Also fix an indentation while there. |
| |
| Assisted-by: Jay Satiro |
| |
| Closes #7895 |
| |
| Daniel Stenberg (25 Oct 2021) |
| - docs: consistent use of "Added in" |
| |
| Make them all say "Added in [version]" without using 'curl' or 'libcurl' |
| in that phrase. |
| |
| - man pages: require all to use the same section header order |
| |
| This is the same order we already enforce among the options' man pages: |
| consistency is good. Add lots of previously missing examples. |
| |
| Adjust the manpage-syntax script for this purpose, used in test 1173. |
| |
| Closes #7904 |
| |
| - [David Hu brought this change] |
| |
| docs/HTTP3: improve build instructions |
| |
| 1. If writing to a system path if the command is not prefixed with |
| `sudo` it will cause a permission denied error |
| |
| 2. The patched OpenSSL branch has been updated to `openssl-3.0.0+quic` |
| to match upstream OpenSSL version. |
| |
| 3. We should not disable GnuTLS docs. |
| |
| Updated some commands about `make install` |
| |
| Closes #7842 |
| |
| - [Ricardo Martins brought this change] |
| |
| CMake: restore support for SecureTransport on iOS |
| |
| Restore support for building curl for iOS with SecureTransport enabled. |
| |
| Closes #7501 |
| |
| - tests: enable more tests with hyper |
| |
| Adjusted 1144, 1164 and 1176. |
| |
| Closes #7900 |
| |
| - docs: provide "RETURN VALUE" section for more func manpages |
| |
| Three were missing, one used a non-standard name for the header. |
| |
| Closes #7902 |
| |
| Jay Satiro (25 Oct 2021) |
| - curl_multi_socket_action.3: add a "RETURN VALUE" section |
| |
| .. because it may not be immediately clear to the user what |
| curl_multi_socket_action returns. |
| |
| Ref: https://curl.se/mail/lib-2021-10/0035.html |
| |
| Closes https://github.com/curl/curl/pull/7901 |
| |
| Daniel Stenberg (24 Oct 2021) |
| - RELEASE-NOTES: synced |
| |
| - [Samuel Henrique brought this change] |
| |
| tests: use python3 in test 1451 |
| |
| This is a continuation of commit ec91b5a69000bea0794bbb3 in which |
| changing this test was missed. There are no other python2 leftovers |
| now. |
| |
| Based on a Debian patch originally written by Alessandro Ghedini |
| <ghedo@debian.org> |
| |
| Closes #7899 |
| |
| - [Eddie Lumpkin brought this change] |
| |
| lib: fixing comment spelling typos in lib files |
| |
| Closes #7894 |
| Signed-off-by: ewlumpkin <ewlumpkin@gmail.com> |
| |
| - openssl: if verifypeer is not requested, skip the CA loading |
| |
| It was previously done mostly to show a match/non-match in the verbose |
| output even when verification was not asked for. This change skips the |
| loading of the CA certs unless verifypeer is set to save memory and CPU. |
| |
| Closes #7892 |
| |
| - curl-confopts.m4: remove --enable/disable-hidden-symbols |
| |
| These configure options have been saying "deprecated" since 9e24b9c7af |
| (April 2012). It was about time we remove them. |
| |
| Closes #7891 |
| |
| - c-hyper: don't abort CONNECT responses early when auth-in-progress |
| |
| ... and make sure to stop ignoring the body once the CONNECT is done. |
| |
| This should make test 206 work proper again and not be flaky. |
| |
| Closes #7889 |
| |
| - hyper: does not support disabling CURLOPT_HTTP_TRANSFER_DECODING |
| |
| Simply because hyper doesn't have this ability. Mentioned in docs now. |
| |
| Skip test 326 then |
| |
| Closes #7889 |
| |
| - test262: don't attempt with hyper |
| |
| This test verifies that curl works with binary zeroes in HTTP response |
| headers and hyper refuses such. They're not kosher http. |
| |
| Closes #7889 |
| |
| - c-hyper: make test 217 run |
| |
| Closes #7889 |
| |
| - DISABLED: enable test 209+213 for hyper |
| |
| Follow-up to 823d3ab855c |
| |
| Closes #7889 |
| |
| - test207: accept a different error code for hyper |
| |
| It returns HYPERE_UNEXPECTED_EOF for this case which we convert to the |
| somewhat generic CURLE_RECV_ERROR. |
| |
| Closes #7889 |
| |
| - [Érico Nogueira brought this change] |
| |
| INSTALL: update symbol hiding option |
| |
| --enable-hidden-symbols was deprecated in |
| 9e24b9c7afbcb81120af4cf3f6cdee49a06d8224. |
| |
| Closes #7890 |
| |
| - http_proxy: multiple CONNECT with hyper done better |
| |
| Enabled test 206 |
| |
| Closes #7888 |
| |
| - hyper: pass the CONNECT line to the debug callback |
| |
| Closes #7887 |
| |
| - mailmap: Malik Idrees Hasan Khan |
| |
| Jay Satiro (21 Oct 2021) |
| - [Malik Idrees Hasan Khan brought this change] |
| |
| build: fix typos |
| |
| Closes https://github.com/curl/curl/pull/7886 |
| |
| - URL-SYNTAX: add IMAP UID SEARCH example |
| |
| - Explain the difference between IMAP search via URL (which returns |
| message sequence numbers) and IMAP search via custom request (which |
| can return UID numbers if prefixed with UID, eg "UID SEARCH ..."). |
| |
| Bug: https://github.com/curl/curl/issues/7626 |
| Reported-by: orycho@users.noreply.github.com |
| |
| Ref: https://github.com/curl/curl/issues/2789 |
| |
| Closes https://github.com/curl/curl/pull/7881 |
| |
| Daniel Stenberg (20 Oct 2021) |
| - manpage: adjust the asterisk in some SYNOPSIS sections |
| |
| Closes #7884 |
| |
| - curl_multi_perform.3: polish wording |
| |
| - simplify the example by using curl_multi_poll |
| |
| - mention curl_multi_add_handle in the text |
| |
| - cut out the description of pre-7.20.0 return code behavior - that version |
| is now more than eleven years old and is basically no longer out there |
| |
| - adjust the "typical usage" to mention curl_multi_poll |
| |
| Closes #7883 |
| |
| - docs/THANKS: removed on request |
| |
| - FAQ: polish the explanation of libcurl |
| |
| - curl_easy_perform.3: minor wording tweak |
| |
| - [Erik Stenlund brought this change] |
| |
| mime: mention CURL_DISABLE_MIME in comment |
| |
| CURL_DISABLE_MIME is not mentioned in the comment describing the if else |
| preprocessor directive. |
| |
| Closes #7882 |
| |
| - tls: remove newline from three infof() calls |
| |
| Follow-up to e7416cf |
| |
| Reported-by: billionai on github |
| Fixes #7879 |
| Closes #7880 |
| |
| - RELEASE-NOTES: synced |
| |
| - curl_gssapi: fix build warnings by removing const |
| |
| Follow-up to 20e980f85b0ea6 |
| |
| In #7875 these inits were modified but I get two warnings that these new |
| typecasts are necessary for. |
| |
| Closes #7876 |
| |
| - [Bo Anderson brought this change] |
| |
| curl_gssapi: fix link error on macOS Monterey |
| |
| Fixes #7657 |
| Closes #7875 |
| |
| - test1185: verify checksrc |
| |
| Closes #7866 |
| |
| - checksrc: improve the SPACESEMICOLON error message |
| |
| and adjust the MULTISPACE one to use plural |
| |
| Closes #7866 |
| |
| - url: set "k->size" -1 at start of request |
| |
| The size of the transfer is unknown at that point. |
| |
| Fixes #7871 |
| Closes #7872 |
| |
| Daniel Gustafsson (18 Oct 2021) |
| - doh: remove experimental code for DoH with GET |
| |
| The code for sending DoH requests with GET was never enabled in a way |
| such that it could be used or tested. As there haven't been requests |
| for this feature, and since it at this is effectively dead, remove it |
| and favor reimplementing the feature in case anyone is interested. |
| |
| Closes #7870 |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| Daniel Stenberg (18 Oct 2021) |
| - cirrus: remove FreeBSD 11.4 from the matrix |
| |
| It has reached End-Of-Life and causes some LDAP CI issues. |
| |
| Closes #7869 |
| |
| - cirrus: switch to openldap24-client |
| |
| ... as it seems openldap-client doesn't exist anymore. |
| |
| Reported-by: Jay Satiro |
| Fixes #7868 |
| Closes #7869 |
| |
| - checksrc: ignore preprocessor lines |
| |
| In order to check the actual code better, checksrc now ignores |
| everything that look like preprocessor instructions. It also means |
| that code in macros are now longer checked. |
| |
| Note that some rules then still don't need to be followed when code is |
| exactly below a cpp instruction. |
| |
| Removes two checksrc exceptions we needed previously because of |
| preprocessor lines being checked. |
| |
| Reported-by: Marcel Raad |
| Fixes #7863 |
| Closes #7864 |
| |
| - urlapi: skip a strlen(), pass in zero |
| |
| ... to let curl_easy_escape() itself do the strlen. This avoids a (false |
| positive) Coverity warning and it avoids us having to store the strlen() |
| return value in an int variable. |
| |
| Reviewed-by: Daniel Gustafsson |
| Closes #7862 |
| |
| - misc: update copyright years |
| |
| - examples/htmltidy: correct wrong printf() use |
| |
| ... and update the includes to match how current htmltidy wants them |
| used. |
| |
| Reported-by: Stathis Kapnidis |
| Fixes #7860 |
| Closes #7861 |
| |
| Jay Satiro (15 Oct 2021) |
| - http: set content length earlier |
| |
| - Make content length (ie download size) accessible to the user in the |
| header callback, but only after all headers have been processed (ie |
| only in the final call to the header callback). |
| |
| Background: |
| |
| For a long time the content length could be retrieved in the header |
| callback via CURLINFO_CONTENT_LENGTH_DOWNLOAD_T as soon as it was parsed |
| by curl. |
| |
| Changes were made in 8a16e54 (precedes 7.79.0) to ignore content length |
| if any transfer encoding is used. A side effect of that was that |
| content length was not set by libcurl until after the header callback |
| was called the final time, because until all headers are processed it |
| cannot be determined if content length is valid. |
| |
| This change keeps the same intention --all headers must be processed-- |
| but now the content length is available before the final call to the |
| header function that indicates all headers have been processed (ie |
| a blank header). |
| |
| Bug: https://github.com/curl/curl/commit/8a16e54#r57374914 |
| Reported-by: sergio-nsk@users.noreply.github.com |
| |
| Co-authored-by: Daniel Stenberg |
| |
| Fixes https://github.com/curl/curl/issues/7804 |
| Closes https://github.com/curl/curl/pull/7803 |
| |
| Daniel Stenberg (15 Oct 2021) |
| - [Abhinav Singh brought this change] |
| |
| aws-sigv4: make signature work when post data is binary |
| |
| User sets the post fields size for binary data. Hence, we should not be |
| using strlen on it. |
| |
| Added test 1937 and 1938 to verify. |
| |
| Closes #7844 |
| |
| - [a1346054 brought this change] |
| |
| MacOSX-Framework: remove redundant ';' |
| |
| Closes #7859 |
| |
| - RELEASE-NOTES: synced |
| |
| - openssl: with OpenSSL 1.1.0+ a failed RAND_status means goaway |
| |
| One reason we know it can fail is if a provider is used that doesn't do |
| a proper job or is wrongly configured. |
| |
| Reported-by: Michael Baentsch |
| Fixes #7840 |
| Closes #7856 |
| |
| Marcel Raad (14 Oct 2021) |
| - [Ryan Mast brought this change] |
| |
| cmake: add CURL_ENABLE_SSL option and make CMAKE_USE_* SSL backend options depend on it |
| |
| Closes https://github.com/curl/curl/pull/7822 |
| |
| Daniel Stenberg (14 Oct 2021) |
| - http: remove assert that breaks hyper |
| |
| Reported-by: Jay Satiro |
| Fixes #7852 |
| Closes #7855 |
| |
| - http_proxy: fix one more result assign for hyper |
| |
| and remove the bad assert again, since it was run even with no error! |
| |
| Closes #7854 |
| |
| Jay Satiro (14 Oct 2021) |
| - sws: fix memory leak on exit |
| |
| - Free the allocated http request struct on cleanup. |
| |
| Prior to this change if sws was built with leak sanitizer it would |
| report a memory leak error during testing. |
| |
| Closes https://github.com/curl/curl/pull/7849 |
| |
| Daniel Stenberg (14 Oct 2021) |
| - c-hyper: make Curl_http propagate errors better |
| |
| Pass on better return codes when errors occur within Curl_http instead |
| of insisting that CURLE_OUT_OF_MEMORY is the only possible one. |
| |
| Pointed-out-by: Jay Satiro |
| Closes #7851 |
| |
| - http_proxy: make hyper CONNECT() return the correct error code |
| |
| For every 'goto error', make sure the result variable holds the error |
| code for what went wrong. |
| |
| Reported-by: Rafał Mikrut |
| Fixes #7825 |
| Closes #7846 |
| |
| - docs/Makefile.am: repair 'make html' |
| |
| by removing index.html which isn't around anymore |
| |
| Closes #7853 |
| |
| - [Борис Верховский brought this change] |
| |
| curl: correct grammar in generated libcurl code |
| |
| Closes #7802 |
| |
| - tests: disable test 2043 |
| |
| It uses revoked.badssl.com which now is expired and therefor this now |
| permafails. We should not use external sites for tests, this test should |
| be converted to use our own infra. |
| |
| Closes #7845 |
| |
| - runtests: split out ignored tests |
| |
| Report ignore tests separately from the actual fails. |
| |
| Don't exit non-zero if test servers couldn't get killed. |
| |
| Assisted-by: Jay Satiro |
| |
| Fixes #7818 |
| Closes #7841 |
| |
| - http2: make getsock not wait for write if there's no remote window |
| |
| While uploading, check for remote window availability in the getsock |
| function so that we don't wait for a writable socket if no data can be |
| sent. |
| |
| Reported-by: Steini2000 on github |
| Fixes #7821 |
| Closes #7839 |
| |
| - test368: verify dash is appended for "-r [num]" |
| |
| Follow-up to 8758a26f8878 |
| |
| - [Борис Верховский brought this change] |
| |
| curl: actually append "-" to --range without number only |
| |
| Closes #7837 |
| |
| - RELEASE-NOTES: synced |
| |
| - urlapi: URL decode percent-encoded host names |
| |
| The host name is stored decoded and can be encoded when used to extract |
| the full URL. By default when extracting the URL, the host name will not |
| be URL encoded to work as similar as possible as before. When not URL |
| encoding the host name, the '%' character will however still be encoded. |
| |
| Getting the URL with the CURLU_URLENCODE flag set will percent encode |
| the host name part. |
| |
| As a bonus, setting the host name part with curl_url_set() no longer |
| accepts a name that contains space, CR or LF. |
| |
| Test 1560 has been extended to verify percent encodings. |
| |
| Reported-by: Noam Moshe |
| Reported-by: Sharon Brizinov |
| Reported-by: Raul Onitza-Klugman |
| Reported-by: Kirill Efimov |
| Fixes #7830 |
| Closes #7834 |
| |
| Marc Hoersken (8 Oct 2021) |
| - CI/makefiles: introduce dedicated test target |
| |
| Make it easy to use the same set of test flags |
| throughout all current and future CI builds. |
| |
| Reviewed-by: Jay Satiro |
| |
| Follow up to #7690 |
| Closes #7785 |
| |
| Daniel Stenberg (8 Oct 2021) |
| - maketgz: redirect updatemanpages.pl output to /dev/null |
| |
| - CURLOPT_HTTPHEADER.3: add descripion for specific headers |
| |
| Settting Host: or Transfer-Encoding: chunked actually have special |
| meanings to libcurl. This change tries to document them |
| |
| Closes #7829 |
| |
| - c-hyper: use hyper_request_set_uri_parts to make h2 better |
| |
| and make sure to not send Host: over h2. |
| |
| Fixes #7679 |
| Reported-by: David Cook |
| Closes #7827 |
| |
| - [Michael Afanasiev brought this change] |
| |
| curl-openssl.m4: modify library order for openssl linking |
| |
| lcrypto may depend on lz, and configure corrently fails with when |
| statically linking as the order is "-lz -lcrypto". This commit switches |
| the order to "-lcrypto -lz". |
| |
| Closes #7826 |
| |
| Marcel Raad (7 Oct 2021) |
| - sha256: use high-level EVP interface for OpenSSL |
| |
| Available since OpenSSL 0.9.7. The low-level SHA256 interface is |
| deprecated in OpenSSL v3, and its usage was discouraged even before. |
| |
| Closes https://github.com/curl/curl/pull/7808 |
| |
| - curl_ntlm_core: use OpenSSL only if DES is available |
| |
| This selects another SSL backend then if available, or otherwise at |
| least gives a meaningful error message. |
| |
| Closes https://github.com/curl/curl/pull/7808 |
| |
| - md5: fix compilation with OpenSSL 3.0 API |
| |
| Only use OpenSSL's MD5 code if it's available. |
| |
| Also fix wolfSSL build with `NO_MD5`, in which case neither the |
| wolfSSL/OpenSSL implementation nor the fallback implementation was |
| used. |
| |
| Closes https://github.com/curl/curl/pull/7808 |
| |
| Daniel Stenberg (7 Oct 2021) |
| - print_category: printf %*s needs an int argument |
| |
| ... not a size_t! |
| |
| Detected by Coverity: CID 1492331. |
| Closes #7823 |
| |
| Jay Satiro (7 Oct 2021) |
| - version_win32: use actual version instead of manifested version |
| |
| - Use RtlVerifyVersionInfo instead of VerifyVersionInfo, when possible. |
| |
| Later versions of Windows have normal version functions that compare and |
| return versions based on the way the application is manifested, instead |
| of the actual version of Windows the application is running on. We |
| prefer the actual version of Windows so we'll now call the Rtl variant |
| of version functions (RtlVerifyVersionInfo) which does a proper |
| comparison of the actual version. |
| |
| Reported-by: Wyatt O'Day |
| |
| Ref: https://github.com/curl/curl/pull/7727 |
| |
| Fixes https://github.com/curl/curl/issues/7742 |
| Closes https://github.com/curl/curl/pull/7810 |
| |
| Daniel Stenberg (6 Oct 2021) |
| - RELEASE-NOTES: synced |
| |
| - http: fix Basic auth with empty name field in URL |
| |
| Add test 367 to verify. |
| |
| Reported-by: Rick Lane |
| Fixes #7819 |
| Closes #7820 |
| |
| - [Jeffrey Tolar brought this change] |
| |
| CURLOPT_MAXLIFETIME_CONN: maximum allowed lifetime for conn reuse |
| |
| ... and close connections that are too old instead of reusing them. |
| |
| By default, this behavior is disabled. |
| |
| Bug: https://curl.se/mail/lib-2021-09/0058.html |
| Closes #7751 |
| |
| Daniel Gustafsson (6 Oct 2021) |
| - docs/examples: add missing binaries to gitignore |
| |
| Commit f65d7889b added getreferrer, and commit ae8e11ed5 multi-legacy, |
| both of which missed adding .gitignore clauses for the built binaries. |
| |
| Closes #7817 |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| Daniel Stenberg (5 Oct 2021) |
| - [Josip Medved brought this change] |
| |
| HTTP3: fix the HTTP/3 Explained book link |
| |
| Closes #7813 |
| |
| - [Lucas Holt brought this change] |
| |
| misc: fix a few issues on MidnightBSD |
| |
| Closes #7812 |
| |
| Daniel Gustafsson (4 Oct 2021) |
| - [8U61ife brought this change] |
| |
| tool_main: fix typo in comment |
| |
| Closes: #7811 |
| Reviewed-by: Daniel Gustafsson <daniel@yesql.se> |
| |
| Daniel Stenberg (4 Oct 2021) |
| - [Ryan Mast brought this change] |
| |
| BINDINGS: URL updates |
| |
| For cpr, BBHTTP, Eiffel, Harbour, Haskell, Mono, and Rust |
| |
| Closes #7809 |
| |
| - scripts/delta: hide a git error message we don't care about |
| |
| fatal: path 'src/tool_listhelp.c' exists on disk, but not in [tag] |
| |
| - [Patrick Monnerat brought this change] |
| |
| sasl: binary messages |
| |
| Capabilities of sasl module are extended to exchange messages in binary |
| as an alternative to base64. |
| |
| If http authentication flags have been set, those are used as sasl |
| default preferred mechanisms. |
| |
| Closes #6930 |
| |
| - [Hayden Roche brought this change] |
| |
| wolfssl: use for SHA256, MD4, MD5, and setting DES odd parity |
| |
| Prior to this commit, OpenSSL could be used for all these functions, but |
| not wolfSSL. This commit makes it so wolfSSL will be used if USE_WOLFSSL |
| is defined. |
| |
| Closes #7806 |
| |
| - scripts/delta: count command line options in the new file |
| |
| ... which makes the shown delta number wrong until next release. |
| |
| - RELEASE-NOTES: synced |
| |
| - print_category: print help descriptions aligned |
| |
| Adjust the description position to make an aligned column when doing |
| help listings, which is more pleasing to the eye. |
| |
| Suggested-by: Gisle Vanem |
| Closes #7792 |
| |
| - lib/mk-ca-bundle.pl: skip certs passed Not Valid After date |
| |
| With this change applied, the now expired 'DST Root CA X3' cert will no |
| longer be included in the output. |
| |
| Details: https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/ |
| |
| Closes #7801 |
| |
| - tool_listhelp: easier to generate with gen.pl |
| |
| tool_listhelp.c is now a separate file with only the command line --help |
| output, exactly as generated by gen.pl. This makes it easier to generate |
| updates according to what's in the docs/cmdline-opts docs. |
| |
| cd $srcroot/docs/cmdline-opts |
| ./gen.pl listhelp *.d > $srcroot/src/tool_listhelp.c |
| |
| With a configure build, this also works: |
| |
| make -C src listhelp |
| |
| Closes #7787 |
| |
| - [Anthony Hu brought this change] |
| |
| wolfssl: allow setting of groups/curves |
| |
| In particular, the quantum safe KEM and hybrid curves if wolfSSL is |
| built to support them. |
| |
| Closes #7728 |
| |
| - [Jan Mazur brought this change] |
| |
| connnect: use sysaddr_un fron sys/un.h or custom-defined for windows |
| |
| Closes #7737 |
| |
| Jay Satiro (30 Sep 2021) |
| - [Rikard Falkeborn brought this change] |
| |
| hostip: Move allocation to clarify there is no memleak |
| |
| By just glancing at the code, it looks like there is a memleak if the |
| call to Curl_inet_pton() fails. Looking closer, it is clear that the |
| call to Curl_inet_pton() can not fail, so the code will never leak |
| memory. However, we can make this obvious by moving the allocation |
| after the if-statement. |
| |
| Closes https://github.com/curl/curl/pull/7796 |
| |
| Daniel Stenberg (30 Sep 2021) |
| - gen.pl: make the output date format work better |
| |
| Follow-up to 15910dfd143dd |
| |
| The previous strftime format used didn't work correctly on Windows, so |
| change to %B %d %Y which today looks like "September 29 2021". |
| |
| Reported-by: Gisle Vanem |
| Bug: #7782 |
| Closes #7793 |
| |
| - typecheck-gcc.h: add CURLOPT_PREREQDATA awareness |
| |
| Follow-up to a517378de58358a |
| |
| To make test 1912 happy again |
| |
| Closes #7799 |
| |
| Marcel Raad (29 Sep 2021) |
| - configure: remove `HAVE_WINSOCK_H` definition |
| |
| It's not used anymore. |
| |
| Closes https://github.com/curl/curl/pull/7795 |
| |
| - CMake: remove `HAVE_WINSOCK_H` definition |
| |
| It's not used anymore. |
| |
| Closes https://github.com/curl/curl/pull/7795 |
| |
| - config: remove `HAVE_WINSOCK_H` definition |
| |
| It's not used anymore. |
| |
| Closes https://github.com/curl/curl/pull/7795 |
| |
| - lib: remove `HAVE_WINSOCK_H` usage |
| |
| WinSock v1 is not supported anymore. Exclusively use `HAVE_WINSOCK2_H` |
| instead. |
| |
| Closes https://github.com/curl/curl/pull/7795 |
| |
| Daniel Stenberg (29 Sep 2021) |
| - easyoptions: add the two new PRE* options |
| |
| Follow-up to a517378de58358a |
| |
| Also fix optiontable.pl to do the correct remainder on the entry. |
| |
| Reported-by: Gisle Vanem |
| Bug: https://github.com/curl/curl/commit/a517378de58358a85b7cfe9efecb56051268f629#commitcomment-57224830 |
| Closes #7791 |
| |
| - Revert "build: remove checks for WinSock 1" |
| |
| Due to CI issues |
| |
| This reverts commit c2ea04f92b00b6271627cb218647527b5a50f2fc. |
| |
| Closes #7790 |
| |
| Daniel Gustafsson (29 Sep 2021) |
| - lib: avoid fallthrough cases in switch statements |
| |
| Commit b5a434f7f0ee4d64857f8592eced5b9007d83620 inhibits the warning |
| on implicit fallthrough cases, since the current coding of indicating |
| fallthrough with comments is falling out of fashion with new compilers. |
| This attempts to make the issue smaller by rewriting fallthroughs to no |
| longer fallthrough, via either breaking the cases or turning switch |
| statements into if statements. |
| |
| lib/content_encoding.c: the fallthrough codepath is simply copied |
| into the case as it's a single line. |
| lib/http_ntlm.c: the fallthrough case skips a state in the state- |
| machine and fast-forwards to NTLMSTATE_LAST. Do this before the |
| switch statement instead to set up the states that we actually |
| want. |
| lib/http_proxy.c: the fallthrough is just falling into exiting the |
| switch statement which can be done easily enough in the case. |
| lib/mime.c: switch statement rewritten as if statement. |
| lib/pop3.c: the fallthrough case skips to the next state in the |
| statemachine, do this explicitly instead. |
| lib/urlapi.c: switch statement rewritten as if statement. |
| lib/vssh/wolfssh.c: the fallthrough cases fast-forwards the state |
| machine, do this by running another iteration of the switch |
| statement instead. |
| lib/vtls/gtls.c: switch statement rewritten as if statement. |
| lib/vtls/nss.c: the fallthrough codepath is simply copied into the |
| case as it's a single line. Also twiddle a comment to not be |
| inside a non-brace if statement. |
| |
| Closes: #7322 |
| See-also: #7295 |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| Marcel Raad (28 Sep 2021) |
| - config-win32ce: enable WinSock 2 |
| |
| WinSock 2.2 is supported by Windows CE .NET 4.1 (from 2002, out of |
| support since 2013). |
| |
| Ref: https://docs.microsoft.com/en-us/previous-versions/windows/embedded/ms899586(v=msdn.10) |
| |
| Closes https://github.com/curl/curl/pull/7778 |
| |
| - externalsocket: use WinSock 2.2 |
| |
| That's the only version we support. |
| |
| Closes https://github.com/curl/curl/pull/7778 |
| |
| - build: remove checks for WinSock 1 |
| |
| It's not supported anymore. |
| |
| Closes https://github.com/curl/curl/pull/7778 |
| |
| Daniel Stenberg (28 Sep 2021) |
| - scripts/copyright: .muse is .lift now |
| |
| And update 5 files with old copyright year range |
| |
| - cmdline-opts: made the 'Added:' field mandatory |
| |
| Since "too old" versions are no longer included in the generated man |
| page, this field is now mandatory so that it won't be forgotten and then |
| not included in the documentation. |
| |
| Closes #7786 |
| |
| - curl.1: remove mentions of really old version changes |
| |
| To make the man page more readable, this change removes all references |
| to changes in support/versions etc that happened before 7.30.0 from the |
| curl.1 output file. 7.30.0 was released on Apr 12 2013. This particular |
| limit is a bit arbitrary but was fairly easy to grep for. |
| |
| It is handled like this: the 'Added' keyword is only used in output if |
| it refers to 7.30.0 or later. All occurances of "(Added in $VERSION)" in |
| description will be stripped out if the mentioned $VERSION is from |
| before 7.30.0. It is therefore important that the "Added in..." |
| references are always written exactly like that - and on a single line, |
| not split over two. |
| |
| This change removes about 80 version number references from curl.1, down |
| to 138 from 218. |
| |
| Closes #7786 |
| |
| - RELEASE-NOTES: synced |
| |
| - tool_cb_prg: make resumed upload progress bar show better |
| |
| This is a regression that was *probably* injected in the larger progress |
| bar overhaul in 2018. |
| |
| Reported-by: beslick5 on github |
| Fixes #7760 |
| Closes #7777 |
| |
| - gen.pl: insert the current date and version in generated man page |
| |
| Reported-by: Gisle Vanem |
| Ref: #7780 |
| Closes #7782 |
| |
| - NTLM: use DES_set_key_unchecked with OpenSSL |
| |
| ... as the previously used function DES_set_key() will in some cases |
| reject using a key that it deems "weak" which will cause curl to |
| continue using the unitialized buffer content as key instead. |
| |
| Assisted-by: Harry Sintonen |
| Fixes #7779 |
| Closes #7781 |
| |
| Marc Hoersken (27 Sep 2021) |
| - CI: align make and test flags in various config files |
| |
| 1. Use Makefile target to run tests in autotools builds on AppVeyor. |
| 2. Disable testing of SCP protocol on native Windows environments. |
| 3. Remove redundant parameters -a -p from target test-nonflaky. |
| 4. Don't use -vc parameter which is reserved for debugging. |
| |
| Replaces #7591 |
| Closes #7690 |
| |
| Daniel Stenberg (27 Sep 2021) |
| - mailmap: unify Max! |
| |
| - [Max Dymond brought this change] |
| |
| CURLOPT_PREREQFUNCTION: add new callback |
| |
| Triggered before a request is made but after a connection is set up |
| |
| Changes: |
| |
| - callback: Update docs and callback for pre-request callback |
| - Add documentation for CURLOPT_PREREQDATA and CURLOPT_PREREQFUNCTION, |
| - Add redirect test and callback failure test |
| - Note that the function may be called multiple times on a redirection |
| - Disable new 2086 test due to Windows weirdness |
| |
| Closes #7477 |
| |
| - KNOWN_BUGS: HTTP/2 connections through HTTPS proxy frequently stall |
| |
| Closes #6936 |
| |
| - TODO: make configure use --cache-file more and better |
| |
| Closes #7753 |
| |
| - [Sergey Markelov brought this change] |
| |
| urlapi: support UNC paths in file: URLs on Windows |
| |
| - file://host.name/path/file.txt is a valid UNC path |
| \\host.name\path\files.txt to a non-local file transformed into URI |
| (RFC 8089 Appendix E.3) |
| |
| - UNC paths on other OSs must be smb: URLs |
| |
| Closes #7366 |
| |
| - [Gleb Ivanovsky brought this change] |
| |
| urlapi: add curl_url_strerror() |
| |
| Add curl_url_strerror() to convert CURLUcode into readable string and |
| facilitate easier troubleshooting in programs using URL API. |
| Extend CURLUcode with CURLU_LAST for iteration in unit tests. |
| Update man pages with a mention of new function. |
| Update example code and tests with new functionality where it fits. |
| |
| Closes #7605 |
| |
| - RELEASE-NOTES: synced |
| |
| - [Mats Lindestam brought this change] |
| |
| libssh2: add SHA256 fingerprint support |
| |
| Added support for SHA256 fingerprint in command line curl and in |
| libcurl. |
| |
| Closes #7646 |
| |
| - libcurl.rc: switch out the copyright symbol for plain ASCII |
| |
| Reported-by: Vitaly Varyvdin |
| Assisted-by: Viktor Szakats |
| Fixes #7765 |
| Closes #7776 |
| |
| - [Jun-ya Kato brought this change] |
| |
| ngtcp2: fix QUIC transport parameter version |
| |
| fix inappropriate version setting for QUIC transport parameters. |
| this patch keeps curl with ngtcp2 uses QUIC draft version (h3-29). |
| |
| Closes #7771 |
| |
| - examples/imap-append: fix end-of-data check |
| |
| Reported-by: Alexander Chuykov |
| Fixes #7774 |
| Closes #7775 |
| |
| Michael Kaufmann (24 Sep 2021) |
| - vtls: Fix a memory leak if an SSL session cannot be added to the cache |
| |
| On connection shutdown, a new TLS session ticket may arrive after the |
| SSL session cache has already been destructed. In this case, the new |
| SSL session cannot be added to the SSL session cache. |
| |
| The callers of Curl_ssl_addsessionid() need to know whether the SSL |
| session has been added to the cache. If it has not been added, the |
| reference counter of the SSL session must not be incremented, or memory |
| used by the SSL session must be freed. This is now possible with the new |
| output parameter "added" of Curl_ssl_addsessionid(). |
| |
| Fixes #7683 |
| Closes #7752 |
| |
| Daniel Stenberg (24 Sep 2021) |
| - [Momoka Yamamoto brought this change] |
| |
| HTTP3.md: use 'autoreconf -fi' instead of buildconf |
| |
| buildconf is not used since #5853 |
| |
| Closes #7746 |
| |
| - GIT-INFO: rephrase to adapt to s/buildconf/autoreconf |
| |
| - [h1zzz brought this change] |
| |
| llist: remove redundant code, branch will not be executed |
| |
| Closes #7770 |
| |
| - [tlahn brought this change] |
| |
| HTTP-COOKIES.md: remove duplicate 'each' |
| |
| Closes #7772 |
| |
| Jay Satiro (24 Sep 2021) |
| - [Joel Depooter brought this change] |
| |
| libssh2: Get the version at runtime if possible |
| |
| Previously this code used a compile time constant, meaning that libcurl |
| always reported the libssh2 version that libcurl was built with. This |
| could differ from the libssh2 version actually being used. The new code |
| uses the CURL_LIBSSH2_VERSION macro, which is defined in ssh.h. The |
| macro calls the libssh2_version function if it is available, otherwise |
| it falls back to the compile time version. |
| |
| Closes https://github.com/curl/curl/pull/7768 |
| |
| - [Joel Depooter brought this change] |
| |
| schannel: fix typo |
| |
| Closes https://github.com/curl/curl/pull/7769 |
| |
| Daniel Stenberg (23 Sep 2021) |
| - cmake: with OpenSSL, define OPENSSL_SUPPRESS_DEPRECATED |
| |
| To avoid the "... is deprecated" warnings brought by OpenSSL v3. |
| (We need to address the underlying code at some point of course.) |
| |
| Assisted-by: Jakub Zakrzewski |
| Closes #7767 |
| |
| - curl-openssl: pass argument to sed single-quoted |
| |
| ... instead of using an escaped double-quote. This is an attempt to make |
| this work better with ksh that otherwise would insist on a double |
| escape! |
| |
| Reported-by: Randall S. Becker |
| Fixes #7758 |
| Closes #7764 |
| |
| - RELEASE-NOTES: synced |
| |
| Bumped curlver to 7.80.0-dev |
| |
| - [a1346054 brought this change] |
| |
| misc: fix typos in docs and comments |
| |
| No user facing output from curl/libcurl is changed by this, just |
| comments. |
| |
| Closes #7747 |
| |
| - [Thomas M. DuBuisson brought this change] |
| |
| ci: update Lift config to match requirements of curl build |
| |
| Also renamed Muse -> Lift, the new tool name. |
| |
| Closes #7761 |
| |
| - [Rikard Falkeborn brought this change] |
| |
| cleanup: constify unmodified static structs |
| |
| Constify a number of static structs that are never modified. Make them |
| const to show this. |
| |
| Closes #7759 |
| |
| Version 7.79.1 (22 Sep 2021) |
| |
| Daniel Stenberg (22 Sep 2021) |
| - RELEASE-NOTES: synced |
| |
| curl 7.79.1 release |
| |
| - THANKS: added names from the 7.79.1 release |
| |
| - test897: verify delivery of IMAP post-body header content |
| |
| The "content" is delivered as "body" by curl, but the envelope continues |
| after the body and the rest of it should be delivered as header. |
| |
| The IMAP server can now get 'POSTFETCH' set to include more data to |
| include after the body and test 897 is done to verify that such "extra" |
| header data is in fact delivered by curl as header. |
| |
| Ref: #7284 but fails to reproduce the issue |
| |
| Closes #7748 |
| |
| - KNOWN_BUGS: connection migration doesn't work |
| |
| Closes #7695 |
| |
| - RELEASE-NOTES: synced |
| |
| - http: fix the broken >3 digit response code detection |
| |
| When the "reason phrase" in the HTTP status line starts with a digit, |
| that was treated as the forth response code digit and curl would claim |
| the response to be non-compliant. |
| |
| Added test 1466 to verify this case. |
| |
| Regression brought by 5dc594e44f73b17 |
| Reported-by: Glenn de boer |
| Fixes #7738 |
| Closes #7739 |
| |
| Jay Satiro (17 Sep 2021) |
| - strerror: use sys_errlist instead of strerror on Windows |
| |
| - Change Curl_strerror to use sys_errlist[errnum] instead of strerror to |
| retrieve the error message on Windows. |
| |
| Windows' strerror writes to a static buffer and is not thread-safe. |
| |
| Follow-up to 2f0bb86 which removed most instances of strerror in favor |
| of calling Curl_strerror (which calls strerror_r for other platforms). |
| |
| Ref: https://github.com/curl/curl/pull/7685 |
| Ref: https://github.com/curl/curl/commit/2f0bb86 |
| |
| Closes https://github.com/curl/curl/pull/7735 |
| |
| Daniel Stenberg (16 Sep 2021) |
| - dist: provide lib/.checksrc in the tarball |
| |
| So that debug builds work (checksrc really) |
| |
| Reported-by: Marcel Raad |
| Reported-by: tawmoto on github |
| Fixes #7733 |
| Closes #7734 |
| |
| - TODO: Improve documentation about fork safety |
| |
| Closes #6968 |
| |
| - hsts: CURLSTS_FAIL from hsts read callback should fail transfer |
| |
| ... and have CURLE_ABORTED_BY_CALLBACK returned. |
| |
| Extended test 1915 to verify. |
| |
| Reported-by: Jonathan Cardoso |
| Fixes #7726 |
| Closes #7729 |
| |
| - test1184: disable |
| |
| The test should be fine and it works for me repeated when run manually, |
| but clearly it causes CI failures and it needs more research. |
| |
| Reported-by: RiderALT on github |
| Fixes #7725 |
| Closes #7732 |
| |
| - Curl_http2_setup: don't change connection data on repeat invokes |
| |
| Regression from 3cb8a748670ab88c (releasde in 7.79.0). That change moved |
| transfer oriented inits to before the check but also erroneously moved a |
| few connection oriented ones, which causes problems. |
| |
| Reported-by: Evangelos Foutras |
| Fixes #7730 |
| Closes #7731 |
| |
| - RELEASE-NOTES: synced |
| |
| and bump to 7.79.1 |
| |
| Kamil Dudka (16 Sep 2021) |
| - tests/sshserver.pl: make it work with openssh-8.7p1 |
| |
| ... by not using options with no argument where an argument is required: |
| |
| === Start of file tests/log/ssh_server.log |
| curl_sshd_config line 6: no argument after keyword "DenyGroups" |
| curl_sshd_config line 7: no argument after keyword "AllowGroups" |
| curl_sshd_config line 10: Deprecated option AuthorizedKeysFile2 |
| curl_sshd_config line 29: Deprecated option KeyRegenerationInterval |
| curl_sshd_config line 39: Deprecated option RhostsRSAAuthentication |
| curl_sshd_config line 40: Deprecated option RSAAuthentication |
| curl_sshd_config line 41: Deprecated option ServerKeyBits |
| curl_sshd_config line 45: Deprecated option UseLogin |
| curl_sshd_config line 56: no argument after keyword "AcceptEnv" |
| curl_sshd_config: terminating, 3 bad configuration options |
| === End of file tests/log/ssh_server.log |
| |
| === Start of file log/sftp_server.log |
| curl_sftp_config line 33: Unsupported option "rhostsrsaauthentication" |
| curl_sftp_config line 34: Unsupported option "rsaauthentication" |
| curl_sftp_config line 52: no argument after keyword "sendenv" |
| curl_sftp_config: terminating, 1 bad configuration options |
| Connection closed. |
| Connection closed |
| === End of file log/sftp_server.log |
| |
| Closes #7724 |
| |
| Daniel Stenberg (15 Sep 2021) |
| - hsts: handle unlimited expiry |
| |
| When setting a blank expire string, meaning unlimited, curl would pass |
| TIME_T_MAX to getime_r() when creating the output, while on 64 bit |
| systems such a large value cannot be convetered to a tm struct making |
| curl to exit the loop with an error instead. It can't be converted |
| because the year it would represent doesn't fit in the 'int tm_year' |
| field! |
| |
| Starting now, unlimited expiry is instead handled differently by using a |
| human readable expiry date spelled out as "unlimited" instead of trying |
| to use a distant actual date. |
| |
| Test 1660 and 1915 have been updated to help verify this change. |
| |
| Reported-by: Jonathan Cardoso |
| Fixes #7720 |
| Closes #7721 |
| |
| - curl_multi_fdset: make FD_SET() not operate on sockets out of range |
| |
| The VALID_SOCK() macro was made to only check for FD_SETSIZE if curl was |
| built to use select(), even though the curl_multi_fdset() function |
| always and unconditionally uses FD_SET and needs the check. |
| |
| Reported-by: 0xee on github |
| Fixes #7718 |
| Closes #7719 |
| |
| - FAQ: add GOPHERS + curl works on data, not files |
| |
| Version 7.79.0 (14 Sep 2021) |
| |
| Daniel Stenberg (14 Sep 2021) |
| - RELEASE-NOTES: synced |
| |
| For the 7.79.0 release |
| |
| - THANKS: add contributors from 7.79.0 release cycle |
| |
| - FAQ: add two dev related questions |
| |
| 8.1 Why does curl use C89? |
| 8.2 Will curl be rewritten? |
| |
| Spell-checked-by: Paul Johnson |
| Closes #7715 |
| |
| - zuul.d/jobs: disable three tests for *-openssl-disable-proxy |
| |
| ... as they mysteriously seem to permfail without being related to |
| proxy. |
| |
| Closes #7714 |
| |
| - [Patrick Monnerat brought this change] |
| |
| ftp,imap,pop3,smtp: reject STARTTLS server response pipelining |
| |
| If a server pipelines future responses within the STARTTLS response, the |
| former are preserved in the pingpong cache across TLS negotiation and |
| used as responses to the encrypted commands. |
| |
| This fix detects pipelined STARTTLS responses and rejects them with an |
| error. |
| |
| CVE-2021-22947 |
| |
| Bug: https://curl.se/docs/CVE-2021-22947.html |
| |
| - [Patrick Monnerat brought this change] |
| |
| ftp,imap,pop3: do not ignore --ssl-reqd |
| |
| In imap and pop3, check if TLS is required even when capabilities |
| request has failed. |
| |
| In ftp, ignore preauthentication (230 status of server greeting) if TLS |
| is required. |
| |
| Bug: https://curl.se/docs/CVE-2021-22946.html |
| |
| CVE-2021-22946 |
| |
| - [z2_ on hackerone brought this change] |
| |
| mqtt: clear the leftovers pointer when sending succeeds |
| |
| CVE-2021-22945 |
| |
| Bug: https://curl.se/docs/CVE-2021-22945.html |
| |
| - zuul: bump the rustls job to use v0.7.2 |
| |
| ... and add -lm when using a rust library. |
| |
| Closes #7701 |
| |
| - RELEASE-PROCEDURE: add release dates from now to 8.0.0 in 2023 |
| |
| - SECURITY-PROCESS: tweak a little to match current practices |
| |
| Closes #7713 |
| |
| - http_proxy: fix the User-Agent inclusion in CONNECT |
| |
| It should not refer to the uagent string that is allocated and created |
| for the end server http request, as that pointer may be cleared on |
| subsequent CONNECT requests. |
| |
| Added test case 1184 to verify. |
| |
| Reported-by: T200proX7 on github |
| Fixes #7705 |
| Closes #7707 |
| |
| - Curl_hsts_loadcb: don't attempt to load if hsts wasn't inited |
| |
| Reported-by: Jonathan Cardoso |
| Fixes #7710 |
| Closes #7711 |
| |
| - [Tatsuhiro Tsujikawa brought this change] |
| |
| ngtcp2: fix build with ngtcp2 and nghttp3 |
| |
| ngtcp2_conn_client_new and nghttp3_conn_client_new are now macros. |
| Check the wrapped functions instead. |
| |
| ngtcp2_stream_close callback now takes flags parameter. |
| |
| Closes #7709 |
| |
| - write-out.d: clarify size_download/upload |
| |
| They show the number of "body" bytes transfered. |
| Fixes #7702 |
| Closes #7706 |
| |
| - http2: Curl_http2_setup needs to init stream data in all invokes |
| |
| Thus function was written to avoid doing multiple connection data |
| initializations, which is fine, but since it also initiates stream |
| related data it is crucial that it doesn't skip those even if called |
| again for the same connection. Solved by moving the stream |
| initializations before the "doing-it-again" check. |
| |
| Reported-by: Inho Oh |
| Fixes #7630 |
| Closes #7692 |
| |
| - url: fix compiler warning in no-verbose builds |
| |
| Follow-up from 2f0bb864c12 |
| |
| Closes #7700 |
| |
| - non-ascii: fix build errors from strerror fix |
| |
| Follow-up to 2f0bb864c12 |
| |
| Closes #7697 |
| |
| - parse_args: redo the warnings for --remote-header-name combos |
| |
| ... to avoid the memory leak risk pointed out by scan-build. |
| |
| Follow-up from 7a3e981781d6c18a |
| |
| Closes #7698 |
| |
| - ngtcp2: adapt to new size defintions upstream |
| |
| Reviewed-by: Tatsuhiro Tsujikawa |
| Closes #7699 |
| |
| - rustls: add strerror.h include |
| |
| Follow-up to 2f0bb864c12 |
| |
| - docs: the security list is reached at security at curl.se now |
| |
| Also update the FAQ section a bit to encourage users to rather submit |
| security issues on hackerone than sending email. |
| |
| Closes #7689 |
| |
| Marc Hoersken (9 Sep 2021) |
| - runtests: add option -u to error on server unexpectedly alive |
| |
| Let's try to actually handle the server unexpectedly alive |
| case by first making them visible on CI builds as failures. |
| |
| This is needed to detect issues with killing of the test |
| servers completely including nested process chains with |
| multiple PIDs per test server (including bash and perl). |
| |
| On Windows/cygwin platforms this is especially helpful with |
| debugging PID mixups due to cygwin using its own PID space. |
| |
| Reviewed-by: Daniel Stenberg |
| Closes #7180 |
| |
| Daniel Stenberg (9 Sep 2021) |
| - opts docs: unify phrasing in NAME header |
| |
| - avoid writing "set ..." or "enable/disable ..." or "specify ..." |
| *All* options for curl_easy_setopt() are about setting or enabling |
| things and most of the existing options didn't use that way of |
| description. |
| |
| - start with lowercase letter, unless abbreviation. For consistency. |
| |
| - Some additional touch-ups |
| |
| Closes #7688 |
| |
| - strerror.h: remove the #include from files not using it |
| |
| - lib: don't use strerror() |
| |
| We have and provide Curl_strerror() internally for a reason: strerror() |
| is not necessarily thread-safe so we should always try to avoid it. |
| |
| Extended checksrc to warn for this, but feature the check disabled by |
| default and only enable it in lib/ |
| |
| Closes #7685 |
| |
| Daniel Gustafsson (8 Sep 2021) |
| - cirrus: Add FreeBSD 13.0 job and disable sanitizer build |
| |
| As alluded to the in the now removed comment, a 13.0 image became |
| available and is now ready to be used. |
| |
| The sanitizer builds were running on the 12.1 image which since has |
| been removed from the config, leaving the builds not running at all. |
| When enabled it turns out that they don't actually work due to very |
| long timeouts in executing the tests, so keep the disabled for now |
| but a bit more controlled. |
| |
| Closes #7592 |
| |
| Daniel Stenberg (8 Sep 2021) |
| - copyrights: update copyright year ranges |
| |
| - RELEASE-NOTES: synced |
| |
| - INTERNALS: c-ares has a new home: c-ares.org |
| |
| - docs: remove experimental mentions from HSTS and MQTT |
| |
| Reported-by: Jonathan Cardoso |
| Bug: https://github.com/curl/curl/pull/6700#issuecomment-913792863 |
| Closes #7681 |
| |
| - [Cao ZhenXiang brought this change] |
| |
| curl: add warning for incompatible parameters usage |
| |
| --continue-at - and --remote-header-name are known incompatible parameters |
| |
| Closes #7674 |
| |
| - [git-bruh brought this change] |
| |
| examples/*hiperfifo.c: fix calloc arguments to match function proto |
| |
| Closes #7678 |
| |
| - INTERNALS: bump c-ares requirement to 1.16.0 |
| |
| Since ba904db0705c93 we use ares_getaddrinfo, added in c-ares 1.16.0 |
| |
| - curl: stop retry if Retry-After: is longer than allowed |
| |
| If Retry-After: specifies a period that is longer than what fits within |
| --retry-max-time, then stop retrying immediately. |
| |
| Added test 366 to verify. |
| |
| Reported-by: Kari Pahula |
| Fixes #7675 |
| Closes #7676 |
| |
| - [Michał Antoniak brought this change] |
| |
| mbedtls: avoid using a large buffer on the stack |
| |
| Use dynamic memory allocation for the buffer used in checking "pinned |
| public key". The PUB_DER_MAX_BYTES parameter with default settings is |
| set to a value greater than 2kB. |
| |
| Co-authored-by: Daniel Stenberg |
| Closes #7586 |
| |
| - configure: make --disable-hsts work |
| |
| The AC_ARG_ENABLE() macro itself uses a variable called |
| 'enable_[option]', so when our script also used a variable with that |
| name for the purpose of storing what the user wants, it also |
| accidentally made it impossible to switch off the feature with |
| --disable-hsts. Fix this by renaming our variable. |
| |
| Reported-by: Michał Antoniak |
| Fixes #7669 |
| Closes #7672 |
| |
| Jay Satiro (5 Sep 2021) |
| - config.d: note that curlrc is used even when --config |
| |
| Bug: https://github.com/curl/curl/pull/7666#issuecomment-912214751 |
| Reported-by: Viktor Szakats |
| |
| Closes https://github.com/curl/curl/pull/7667 |
| |
| Daniel Stenberg (4 Sep 2021) |
| - RELEASE-NOTES: synced |
| |
| - test1173: check references to libcurl options |
| |
| ... that they refer to actual existing libcurl options. |
| |
| Reviewed-by: Daniel Gustafsson |
| Closes #7656 |
| |
| - CURLOPT_UNIX_SOCKET_PATH.3: remove nginx reference, add see also |
| |
| Closes #7656 |
| |
| - opt-docs: verify man page sections + order |
| |
| In every libcurl option man page there are now 8 mandatory sections that |
| must use the right name in the correct order and test 1173 verifies |
| this. Only 14 man pages needed adjustments. |
| |
| The sections and the order is as follows: |
| |
| - NAME |
| - SYNOPSIS |
| - DESCRIPTION |
| - PROTOCOLS |
| - EXAMPLE |
| - AVAILABILITY |
| - RETURN VALUE |
| - SEE ALSO |
| |
| Reviewed-by: Daniel Gustafsson |
| Closes #7656 |
| |
| - opt-docs: make sure all man pages have examples |
| |
| Extended manpage-syntax.pl (run by test 1173) to check that every man |
| page for a libcurl option has an EXAMPLE section that is more than two |
| lines. Then fixed all errors it found and added examples. |
| |
| Reviewed-by: Daniel Gustafsson |
| Closes #7656 |
| |
| - get.d: provide more useful examples |
| |
| Closes #7668 |
| |
| - page-header: add GOPHERS, simplify wording in the 1st para |
| |
| Closes #7665 |
| |
| - connect: get local port + ip also when reusing connections |
| |
| Regression. In d6a37c23a3c (7.75.0) we removed the duplicated storage |
| (connection + easy handle), so this info needs be extracted again even |
| for re-used connections. |
| |
| Add test 435 to verify |
| |
| Reported-by: Max Dymond |
| Fixes #7660 |
| Closes #7662 |
| |
| Marcel Raad (2 Sep 2021) |
| - multi: fix compiler warning with `CURL_DISABLE_WAKEUP` |
| |
| `use_wakeup` is unused in this case. |
| |
| Closes https://github.com/curl/curl/pull/7661 |
| |
| Daniel Stenberg (1 Sep 2021) |
| - tests: adjust the tftpd output to work with hyper mode |
| |
| By making them look less like http headers, the hyper mode "tweak" |
| doesn't interfere. |
| |
| Enable test 2002 and 2003 in hyper builds (and 1280 which is unrelated |
| but should be enabled). |
| |
| Closes #7658 |
| |
| Daniel Gustafsson (1 Sep 2021) |
| - [Gisle Vanem brought this change] |
| |
| openssl: annotate SSL3_MT_SUPPLEMENTAL_DATA |
| |
| This adds support for the previously unhandled supplemental data which |
| in -v output was printed like: |
| |
| TLSv1.2 (IN), TLS header, Unknown (23): |
| |
| These will now be printed with proper annotation: |
| |
| TLSv1.2 (OUT), TLS header, Supplemental data (23): |
| |
| Closes #7652 |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| Daniel Stenberg (1 Sep 2021) |
| - curl.1: provide examples for each option |
| |
| The file format for each option now features a "Example:" header that |
| can provide one or more examples that get rendered appropriately in the |
| output. All options MUST have at least one example or gen.pl complains |
| at build-time. |
| |
| This fix also does a few other minor format and consistency cleanups. |
| |
| Closes #7654 |
| |
| - progress: make trspeed avoid floats |
| |
| and compiler warnings for data conversions. |
| |
| Reported-by: Michał Antoniak |
| Fixes #7645 |
| Closes #7653 |
| |
| - test365: verify response with chunked AND Content-Length headers |
| |
| - http: ignore content-length if any transfer-encoding is used |
| |
| Fixes #7643 |
| Closes #7649 |
| |
| - RELEASE-NOTES: synced |
| |
| - Revert "http2: skip immediate parsing of payload following protocol switch" |
| |
| This reverts commit 455a63c66f188598275e87d32de2c4e8e26b80cb. |
| |
| Reported-by: Tk Xiong |
| Fixes #7633 |
| Closes #7648 |
| |
| - KNOWN_BUGS: HTTP/3 doesn't support client certs |
| |
| Closes #7625 |
| |
| - mailing lists: move from cool.haxx.se to lists.haxx.se |
| |
| - http_proxy: only wait for writable socket while sending request |
| |
| Otherwise it would wait socket writability even after the entire CONNECT |
| request has sent and make curl basically busy-loop while waiting for a |
| response to come back. |
| |
| The previous fix attempt in #7484 (c27a70a591a4) was inadequate. |
| |
| Reported-by: zloi-user on github |
| Reported-by: Oleguer Llopart |
| Fixes #7589 |
| Closes #7647 |
| |
| - http: disallow >3-digit response codes |
| |
| Make the built-in HTTP parser behave similar to hyper and reject any |
| HTTP response using more than 3 digits for the response code. |
| |
| Updated test 1432 accordingly. |
| Enabled test 1432 in the hyper builds. |
| |
| Closes #7641 |
| |
| - [Tatsuhiro Tsujikawa brought this change] |
| |
| ngtcp2: stop buffering crypto data |
| |
| Stop buffering crypto data because libngtcp2 now buffers submitted |
| crypto data. |
| |
| Closes #7637 |
| |
| - test1280: CRLFify the response to please hyper |
| |
| Closes #7639 |
| |
| - tests: enable test 1129 for hyper builds |
| |
| Closes #7638 |
| |
| - curl: better error message when -O fails to get a good name |
| |
| Due to how this currently works internally, it needs a working initial |
| file name to store contents in, so it may still fail even with -J is |
| used (and thus accepting a name from content-disposition:) if the file |
| name part of the URL isn't "good enough". |
| |
| Fixes #7628 |
| Closes #7635 |
| |
| - curl_easy_setopt: tweak the string copy wording |
| |
| Reported-by: Yaobin Wen |
| Fixes #7632 |
| Closes #7634 |
| |
| - RELEASE-NOTES: synced |
| |
| - [Don J Olmstead brought this change] |
| |
| cmake: sync CURL_DISABLE options |
| |
| Adds the full listing of CURL_DISABLE options to the CMake build. Moves |
| all option code, except for CURL_DISABLE_OPENSSL_AUTO_LOA_CONFIG which |
| resides near OpenSSL configuration, to the same block of code. Also |
| sorts the options here and in the cmake config header. |
| |
| Additionally sorted the CURL-DISABLE listing and fixed the |
| CURL_DISABLE_POP3 option. |
| |
| Closes #7624 |
| |
| Jay Satiro (25 Aug 2021) |
| - KNOWN_BUGS: FTPS upload data loss with TLS 1.3 |
| |
| Bug: https://github.com/curl/curl/issues/6149 |
| Reported-by: Bylon2@users.noreply.github.com |
| |
| Closes https://github.com/curl/curl/pull/7623 |
| |
| Daniel Stenberg (24 Aug 2021) |
| - cmake: avoid poll() on macOS |
| |
| ... like we do in configure builds. Since poll() on macOS is not |
| reliable enough. |
| |
| Reported-by: marc-groundctl |
| Fixes #7595 |
| Closes #7619 |
| |
| - c-hyper: handle HTTP/1.1 => HTTP/1.0 downgrade on reused connection |
| |
| Enable test 1074 |
| |
| Closes #7617 |
| |
| - c-hyper: deal with Expect: 100-continue combined with POSTFIELDS |
| |
| Enable test 1130 and 1131 |
| |
| Closes #7616 |
| |
| - [a1346054 brought this change] |
| |
| tests: be explicit about using 'python3' instead of 'python' |
| |
| This fixes running tests in virtualenvs (or on distros) that no longer |
| have a symlink from python to python2 or python3. |
| |
| Closes #7602 |
| |
| - [a1346054 brought this change] |
| |
| scripts: invoke interpreters through /usr/bin/env |
| |
| Closes #7602 |
| |
| - DISABLED: enable 11 more tests for hyper builds |
| |
| Closes #7612 |
| |
| - setopt: enable CURLOPT_IGNORE_CONTENT_LENGTH for hyper |
| |
| Since this option is also used for FTP, it needs to work to set for |
| applications even if hyper doesn't support it for HTTP. Verified by test |
| 1137. |
| |
| Updated docs to specify that the option doesn't work for HTTP when using |
| the hyper backend. |
| |
| Closes #7614 |
| |
| - test1138: remove trailing space to make work with hyper |
| |
| Closes #7613 |
| |
| - libcurl-errors.3: clarify two CURLUcode errors |
| |
| CURLUE_BAD_HANDLE and CURLUE_BAD_PARTPOINTER should be for "bad" or |
| wrong pointers in a generic sense, not just for NULL pointers. |
| |
| Reviewed-by: Jay Satiro |
| |
| Ref: #7605 |
| Closes #7611 |
| |
| Jay Satiro (23 Aug 2021) |
| - symbols-in-versions: fix CURLSSLBACKEND_QSOSSL last used version |
| |
| ... and also change the 'Removed' column name to 'Last' since that |
| column is for the last version to contain the symbol. |
| |
| Closes https://github.com/curl/curl/pull/7609 |
| |
| Daniel Stenberg (23 Aug 2021) |
| - urlapi.c:seturl: assert URL instead of using if-check |
| |
| There's no code flow possible where this can happen. The assert makes |
| sure it also won't be introduced undetected in the future. |
| |
| Closes #7610 |
| |
| - curl-openssl.m4: show correct output for OpenSSL v3 |
| |
| Using 3.0.0 versions configure should now show this: |
| |
| checking for OpenSSL headers version... 3.0.0 - 0x300 |
| checking for OpenSSL library version... 3.0.0 |
| checking for OpenSSL headers and library versions matching... yes |
| |
| This output doesn't actually change what configure generates but is only |
| "cosmetic". |
| |
| Reported-by: Randall S. Becker |
| Fixes #7606 |
| Closes #7608 |
| |
| Jay Satiro (22 Aug 2021) |
| - mksymbolsmanpage.pl: Fix showing symbol's last used version |
| |
| Prior to this change the symbol's deprecated version was erroneously |
| shown as its last used version. |
| |
| Bug: https://github.com/curl/curl/commit/4e53b94#commitcomment-55239509 |
| Reported-by: i-ky@users.noreply.github.com |
| |
| Daniel Stenberg (21 Aug 2021) |
| - mksymbolsmanpage.pl: match symbols case insenitively |
| |
| Follow-up to 4e53b9430c750 which made this bug show. |
| |
| Reported-by: i-ky |
| Bug: https://github.com/curl/curl/commit/4e53b9430c7504de8984796e2a2091ec16f27136#commitcomment-55239253 |
| Closes #7607 |
| |
| - asyn-ares: call ares_freeaddrinfo() to clean up addrinfo results |
| |
| As this leaks memory otherwise |
| |
| Follow-up to ba904db0705c931 |
| |
| Closes #7599 |
| |
| - [Ehren Bendler brought this change] |
| |
| wolfssl: clean up wolfcrypt error queue |
| |
| If wolfSSL is built in certain ways (OPENSSL_EXTRA or Debug), the error |
| queue gets added on to for each session and never freed. Fix it by |
| calling ERR_clear_error() like in vtls/openssl when needed. This func is |
| a no-op in wolfcrypt if the error queue is not enabled. |
| |
| Closes #7594 |
| |
| - man pages: remove trailing whitespaces |
| |
| Extended test 1173 (via the manpage-syntax.pl script) to detect and warn |
| for them. |
| |
| Ref: #7602 |
| Reported-by: a1346054 on github |
| Closes #7604 |
| |
| - mailmap: add Gleb Ivanovsky |
| |
| - config.d: escape the backslash properly |
| |
| Closes #7603 |
| |
| - [Don J Olmstead brought this change] |
| |
| curl_setup.h: sync values for HTTP_ONLY |
| |
| The values for HTTP_ONLY differed between CMakeLists.txt and |
| curl_setup.h. Sync them and sort the values in curl_setup.h to make it |
| easier to spot differences. |
| |
| Closes #7601 |
| |
| Jay Satiro (21 Aug 2021) |
| - configure: set classic mingw minimum OS version to XP |
| |
| - If the user has not specified a minimum OS version (via WINVER or |
| _WIN32_WINNT macros) then set it to Windows XP. |
| |
| Prior to this change classic MinGW defaulted the minimum OS version |
| to Windows NT 4.0 which is way too old. At least Windows XP is needed |
| for getaddrinfo (which resolves hostnames to IPv6 addresses). |
| |
| Ref: https://github.com/curl/curl/issues/7483#issuecomment-891597034 |
| |
| Closes https://github.com/curl/curl/pull/7581 |
| |
| - schannel: Work around typo in classic mingw macro |
| |
| - Define ALG_CLASS_DHASH (the typo from the include) to ALG_CLASS_HASH. |
| |
| Prior to this change there was an incomplete fix to ignore the |
| CALG_TLS1PRF macro on those versions of MinGW where it uses the |
| ALG_CLASS_DHASH typoed macro. |
| |
| Ref: 48cf45c |
| Ref: https://osdn.net/projects/mingw/ticket/38391 |
| Ref: https://github.com/curl/curl/issues/2924 |
| |
| Closes https://github.com/curl/curl/pull/7580 |
| |
| Daniel Stenberg (20 Aug 2021) |
| - RELEASE-NOTES: synced |
| |
| - http_proxy: fix user-agent and custom headers for CONNECT with hyper |
| |
| Enable test 287 |
| |
| Closes #7598 |
| |
| - c-hyper: initial support for "dumping" 1xx HTTP responses |
| |
| With the use hyper_request_on_informational() |
| |
| Enable test 155 and 158 |
| |
| Closes #7597 |
| |
| Marc Hoersken (18 Aug 2021) |
| - tests/*server.pl: flush output before executing subprocess |
| |
| Also avoid shell processes staying around by using exec. |
| This is necessary to avoid output data being buffering |
| inside the process chain of Perl, Bash/Shell and our |
| test server binaries. On non-Windows systems the exec |
| will also make the subprocess replace the intermediate |
| shell, but on Windows it will at least bind the processes |
| together since there is no real fork or exec available. |
| |
| See: https://cygwin.com/cygwin-ug-net/highlights.html |
| and: https://docs.microsoft.com/cpp/c-runtime-library/exec-wexec-functions |
| Ref: https://github.com/curl/curl/pull/7530#issuecomment-900949010 |
| |
| Reviewed-by: Daniel Stenberg |
| Reviewed-by: Jay Satiro |
| Closes #7530 |
| |
| - CI: use GitHub Container Registry instead of Docker Hub |
| |
| Avoid limits on Docker Hub and improve image pull/download speed. |
| |
| Closes #7587 |
| |
| Daniel Stenberg (18 Aug 2021) |
| - openssl: when creating a new context, there cannot be an old one |
| |
| Remove the previous handling that would call SSL_CTX_free(), and instead |
| add an assert that halts a debug build if there ever is a context |
| already set at this point. |
| |
| Closes #7585 |
| |
| Jay Satiro (18 Aug 2021) |
| - KNOWN_BUGS: Renegotiate from server may cause hang for OpenSSL backend |
| |
| Closes https://github.com/curl/curl/issues/6785 |
| |
| Viktor Szakats (17 Aug 2021) |
| - docs/BINDINGS: URL update |
| |
| Marc Hoersken (17 Aug 2021) |
| - tests/server/*.c: align handling of portfile argument and file |
| |
| 1. Call the internal variable portname (like pidname) everywhere. |
| 2. Have a variable wroteportfile (like wrotepidfile) everywhere. |
| 3. Make sure the file is cleaned up on exit (like pidfile). |
| 4. Add parameter --portfile to usage outputs everywhere. |
| |
| Reviewed-by: Daniel Stenberg |
| |
| Replaces #7523 |
| Closes #7574 |
| |
| Daniel Gustafsson (17 Aug 2021) |
| - KNOWN_BUGS: Fix a number of typos in KNOWN_BUGS |
| |
| Fixes a set of typos found in section 11.3. |
| |
| Daniel Stenberg (17 Aug 2021) |
| - getparameter: fix the --local-port number parser |
| |
| It could previously get tricked into parsing the uninitialized stack |
| based buffer. |
| |
| Reported-by: Brian Carpenter |
| Closes #7582 |
| |
| - KNOWN_BUGS: Can't use Secure Transport with Crypto Token Kit |
| |
| Closes #7048 |
| |
| - [Jan Verbeek brought this change] |
| |
| curl: add warning for ignored data after quoted form parameter |
| |
| In an argument like `-F 'x=@/etc/hostname;filename="foo"abc'` the `abc` |
| is ignored. This adds a warning if the ignored data isn't all |
| whitespace. |
| |
| Closes #7394 |
| |
| Jay Satiro (17 Aug 2021) |
| - codeql: fix error "Resource not accessible by integration" |
| |
| - Enable codeql writing security-events. |
| |
| GitHub set the default permissions to read, apparently since earlier |
| this year. |
| |
| Ref: https://github.com/github/codeql-action/issues/464 |
| Ref: https://github.blog/changelog/2021-04-20-github-actions-control-permissions-for-github_token/ |
| |
| Fixes https://github.com/curl/curl/issues/7575 |
| Closes https://github.com/curl/curl/pull/7576 |
| |
| - tool_operate: Fix --fail-early with parallel transfers |
| |
| - Abort via progress callback to fail early during parallel transfers. |
| |
| When a critical error occurs during a transfer (eg --fail-early |
| constraint) then other running transfers will be aborted via progress |
| callback and finish with error CURLE_ABORTED_BY_CALLBACK (42). In this |
| case, the callback error does not become the most recent error and a |
| custom error message is used for those transfers: |
| |
| curld --fail --fail-early --parallel |
| https://httpbin.org/status/404 https://httpbin.org/delay/10 |
| |
| curl: (22) The requested URL returned error: 404 |
| curl: (42) Transfer aborted due to critical error in another transfer |
| |
| > echo %ERRORLEVEL% |
| 22 |
| |
| Fixes https://github.com/curl/curl/issues/6939 |
| Closes https://github.com/curl/curl/pull/6984 |
| |
| Daniel Stenberg (17 Aug 2021) |
| - [Sergey Markelov brought this change] |
| |
| sectransp: support CURLINFO_CERTINFO |
| |
| Fixes #4130 |
| Closes #7372 |
| |
| - ngtcp2: remove the acked_crypto_offset struct field init |
| |
| ... as it is gone from the API upstream. |
| |
| Closes #7578 |
| |
| - misc: update incorrect copyright year ranges |
| |
| Closes #7577 |
| |
| - KNOWN_BUGS: HTTP/3 quiche upload large file fails |
| |
| Closes #7532 |
| |
| - KNOWN_BUGS: CMake build with MIT Kerberos does not work |
| |
| Closes #6904 |
| |
| - TODO: add asynch getaddrinfo support |
| |
| Closes #6746 |
| |
| - RELEASE-NOTES: synced |
| |
| - [Artur Sinila brought this change] |
| |
| http2: revert call the handle-closed function correctly on closed stream |
| |
| Reverts 252790c5335a221 |
| |
| Assisted-by: Gergely Nagy |
| Fixes #7400 |
| Closes #7525 |
| |
| - [Patrick Monnerat brought this change] |
| |
| auth: do not append zero-terminator to authorisation id in kerberos |
| |
| RFC4752 Section 3.1 states "The authorization identity is not terminated |
| with a zero-valued (%x00) octet". Although a comment in code said it may |
| be needed anyway, nothing confirms it. In addition, servers may consider |
| it as part of the identity, causing a failure. |
| |
| Closes #7008 |
| |
| - [Patrick Monnerat brought this change] |
| |
| auth: use sasl authzid option in kerberos |
| |
| ... instead of deriving it from active ticket. |
| Closes #7008 |
| |
| - [Patrick Monnerat brought this change] |
| |
| auth: we do not support a security layer after kerberos authentication |
| |
| Closes #7008 |
| |
| - [Patrick Monnerat brought this change] |
| |
| auth: properly handle byte order in kerberos security message |
| |
| Closes #7008 |
| |
| - [z2_ brought this change] |
| |
| x509asn1: fix heap over-read when parsing x509 certificates |
| |
| Assisted-by: Patrick Monnerat |
| Closes #7536 |
| |
| - KNOWN_BUGS: Disconnects don't do verbose |
| |
| Closes #6995 |
| |
| - mailmap: fixup Michał Antoniak |
| |
| - [Michał Antoniak brought this change] |
| |
| build: fix compiler warnings |
| |
| For when CURL_DISABLE_VERBOSE_STRINGS and DEBUGBUILD flags are both |
| active. |
| |
| - socks.c : warning C4100: 'lineno': unreferenced formal parameter |
| (co-authored by Daniel Stenberg) |
| |
| - mbedtls.c: warning C4189: 'port': local variable is initialized but |
| not referenced |
| |
| - schannel.c: warning C4189: 'hostname': local variable is initialized |
| but not referenced |
| |
| Cloes #7528 |
| |
| - [Gleb Ivanovsky brought this change] |
| |
| CODE_STYLE-md: fix bold font style |
| |
| Markdown gets confused with abundance of asterisks, so use underscores |
| instead. |
| |
| Reviewed-by: Daniel Gustafsson |
| Closes #7569 |
| |
| - [Gleb Ivanovsky brought this change] |
| |
| CODE_STYLE-md: add missing comma |
| |
| Reviewed-by: Daniel Gustafsson |
| Closes #7570 |
| |
| - [Daniel Gustafsson brought this change] |
| |
| examples/ephiperfifo.c: simplify signal handler |
| |
| The signal handler registered for SIGINT is only handling SIGINT |
| so there isn't much need for inspecting the signo. While there, |
| rename the handler to be more specific. |
| |
| g_should_exit should really be of sig_atomic_t type, but relying |
| on autoconf in the examples seems like a bad idea so keep that |
| for now. |
| |
| Reviewed-by: Daniel Stenberg |
| Closes #7310 |
| |
| - c-hyper: initial step for 100-continue support |
| |
| Enabled test 154 |
| |
| Closes #7568 |
| |
| - [Ikko Ashimine brought this change] |
| |
| vtls: fix typo in schannel_verify.c |
| |
| occurence -> occurrence |
| |
| Closes #7566 |
| |
| - [Emil Engler brought this change] |
| |
| curl_url_get.3: clarify about path and query |
| |
| The current man-page lacks some details regarding the obtained path and |
| query. |
| |
| Closes #7563 |
| |
| - c-hyper: fix header value passed to debug callback |
| |
| Closes #7567 |
| |
| Viktor Szakats (12 Aug 2021) |
| - cleanup: URL updates |
| |
| - replace broken URL with the one it was most probably pointing to |
| when added (lib/tftp.c) |
| - replace broken URL with archive.org link (lib/curl_ntlm_wb.c) |
| - delete unnecessary protocol designator from archive.org URL |
| (docs/BINDINGS.md) |
| |
| Closes #7562 |
| |
| Daniel Stenberg (12 Aug 2021) |
| - [April King brought this change] |
| |
| DEPRECATE.md: linkify curl-library mailing list |
| |
| Closes #7561 |
| |
| - [Barry Pollard brought this change] |
| |
| output.d: add method to suppress response bodies |
| |
| Closes #7560 |
| |
| - TODO: remove 'c-ares deviates on http://1346569778' |
| |
| Fixed since 56a037cc0ad1b2 (7.77.0) |
| |
| - [Colin O'Dell brought this change] |
| |
| BINDINGS.md: update links to use https where available |
| |
| Closes #7558 |
| |
| - asyn-ares.c: move all version number checks to the top |
| |
| ... and use #ifdef [feature] in the code as per our guidelines. |
| |
| - ares: use ares_getaddrinfo() |
| |
| ares_getaddrinfo() is the getaddrinfo() cloned provided by c-ares, introduced |
| in version 1.16.0. |
| |
| With older c-ares versions, curl invokes ares_gethostbyname() twice - once for |
| IPv4 and once for IPv6 to resolve both addresses, and then combines the |
| returned results. |
| |
| Reported-by: jjandesmet |
| Fixes #7364 |
| Closes #7552 |
| |
| - [Tatsuhiro Tsujikawa brought this change] |
| |
| ngtcp2: utilize crypto API functions to simplify |
| |
| Closes #7551 |
| |
| - [megatronking brought this change] |
| |
| ngtcp2: reset the oustanding send buffer again when drained |
| |
| Closes #7538 |
| |
| Michael Kaufmann (10 Aug 2021) |
| - progress: fix a compile warning on some systems |
| |
| lib/progress.c:380:40: warning: conversion to 'long double' from |
| 'curl_off_t {aka long long int}' may alter its value [-Wconversion] |
| |
| Closes #7549 |
| |
| Daniel Stenberg (10 Aug 2021) |
| - RELEASE-NOTES: synced |
| |
| - http: consider cookies over localhost to be secure |
| |
| Updated test31. |
| Added test 392 to verify secure cookies used for http://localhost |
| |
| Reviewed-by: Daniel Gustafsson |
| Fixes #6733 |
| Closes #7263 |
| |
| - TODO: erase secrets from heap/stack after use |
| |
| Closes #7268 |
| |
| Jay Satiro (10 Aug 2021) |
| - hostip: Make Curl_ipv6works function independent of getaddrinfo |
| |
| - Do not assume IPv6 is not working when getaddrinfo is not present. |
| |
| The check to see if IPv6 actually works is now independent of whether |
| there is any resolver that can potentially resolve a hostname to IPv6. |
| |
| Prior to this change if getaddrinfo() was not found at compile time then |
| Curl_ipv6works() would be defined as a macro that returns FALSE. |
| |
| When getaddrinfo is not found then libcurl is built with CURLRES_IPV4 |
| defined instead of CURLRES_IPV6, meaning that it cannot do IPv6 lookups |
| in the traditional way. With this commit if libcurl is built with IPv6 |
| support (ENABLE_IPV6) but without getaddrinfo (CURLRES_IPV6), and the |
| IPv6 stack is actually working, then it is possible for libcurl to |
| resolve IPv6 addresses by using DoH. |
| |
| Ref: https://github.com/curl/curl/issues/7483#issuecomment-890765378 |
| |
| Closes https://github.com/curl/curl/pull/7529 |
| |
| - test1565: fix windows build errors |
| |
| - Use our wait_ms() instead of sleep() since Windows doesn't have the |
| latter. |
| |
| - Use a separate variable to keep track of whether the pthread_t thread |
| id is valid. |
| |
| On Windows pthread_t is not an integer type. pthread offers no macro for |
| invalid pthread_t thread id, so validity is kept track of separately. |
| |
| Closes https://github.com/curl/curl/pull/7527 |
| |
| - [Jeremy Falcon brought this change] |
| |
| winbuild/README.md: clarify GEN_PDB option |
| |
| - Document that GEN_PDB option creates an external database. |
| |
| Ref: https://github.com/curl/curl/issues/7502 |
| |
| Daniel Stenberg (9 Aug 2021) |
| - [Tatsuhiro Tsujikawa brought this change] |
| |
| ngtcp2: replace deprecated functions with nghttp3_conn_shutdown_stream_read |
| |
| Closes #7546 |
| |
| - [Tatsuhiro Tsujikawa brought this change] |
| |
| ngtcp2: rework the return value handling of ngtcp2_conn_writev_stream |
| |
| Rework the return value handling of ngtcp2_conn_writev_stream and treat |
| NGTCP2_ERR_STREAM_SHUT_WR separately. |
| |
| Closes #7546 |
| |
| - configure: error out if both ngtcp2 and quiche are specified |
| |
| Reported-by: Vincent Grande |
| See #7539 |
| Closes #7545 |
| |
| - [Jeff Mears brought this change] |
| |
| easy: use a custom implementation of wcsdup on Windows |
| |
| ... so that malloc/free overrides from curl_global_init are used for |
| wcsdup correctly. |
| |
| Closes #7540 |
| |
| - zuul: add an mbedtls3 CI job |
| |
| Closes #7544 |
| |
| - [Benau brought this change] |
| |
| mbedTLS: initial 3.0.0 support |
| |
| Closes #7428 |
| |
| - RELEASE-NOTES: synced |
| |
| - configure.ac: revert bad nghttp2 library detection improvements |
| |
| This reverts commit b4b34db65f9f8, 673753344c5f and 29c7cf79e8b. |
| |
| The logic is now back to assuming that the nghttp2 lib is called nghttp2 and |
| nothing else. |
| |
| Reported-by: Rui Pinheiro |
| Reported-by: Alex Crichton |
| Fixes #7514 |
| Closes #7515 |
| |
| - happy-eyeballs-timeout-ms.d: polish the wording |
| |
| Reported-by: Josh Soref |
| Fixes #7433 |
| Closes #7542 |
| |
| - [modbw brought this change] |
| |
| mbedtls_threadlock: fix unused variable warning |
| |
| Closes #7393 |
| |
| - [Tatsuhiro Tsujikawa brought this change] |
| |
| ngtcp2: compile with the latest ngtcp2 and nghttp3 |
| |
| Closes #7541 |
| |
| Marc Hoersken (31 Jul 2021) |
| - CI/cirrus: reduce compile time with increased parallism |
| |
| Cirrus CI VMs have 2 CPUs, let's use them also for Windows builds. |
| |
| Reviewed-by: Daniel Stenberg |
| Closes #7505 |
| |
| Daniel Stenberg (30 Jul 2021) |
| - [Bin Lan brought this change] |
| |
| tool/tests: fix potential year 2038 issues |
| |
| The length of 'long' in a 32-bit system is 32 bits, which cannot be used |
| to save timestamps after 2038. Most operating systems have extended |
| time_t to 64 bits. |
| |
| Remove the castings to long. |
| |
| Closes #7466 |
| |
| - compressed.d: it's a request, not an order |
| |
| Clarified |
| |
| Reported-by: Dan Jacobson |
| Reviewed-by: Daniel Gustafsson |
| Fixes #7516 |
| Closes #7517 |
| |
| - [Bernhard M. Wiedemann brought this change] |
| |
| tests: make three tests pass until 2037 |
| |
| after 2038 something in test1915 fails on 32-bit OSes |
| |
| Closes #7512 |
| |
| Daniel Gustafsson (30 Jul 2021) |
| - connect: remove superfluous conditional |
| |
| Commit dbd16c3e2 cleaned up the logic for traversing the addrinfos, |
| but the move left a conditional on ai which no longer is needed as |
| the while loop reevaluation will cover it. |
| |
| Closes #7511 |
| Reviewed-by: Carlo Marcelo Arenas Belón |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| Daniel Stenberg (29 Jul 2021) |
| - RELEASE-NOTES: synced |
| |
| and bump curlver to 7.79.0 for next release |
| |
| Marc Hoersken (29 Jul 2021) |
| - tests/*server.py: remove pidfile on server termination |
| |
| Avoid pidfile leaking/laying around after server already exited. |
| |
| Reviewed-by: Daniel Stenberg |
| Closes #7506 |
| |
| Daniel Gustafsson (27 Jul 2021) |
| - tool_main: fix typo in comment |
| |
| The referred to library is NSPR, so fix the switched around characters. |
| |
| Daniel Stenberg (28 Jul 2021) |
| - [Aleksandr Krotov brought this change] |
| |
| bearssl: support CURLOPT_CAINFO_BLOB |
| |
| Closes #7468 |
| |
| - curl.1: mention "global" flags |
| |
| Mention options that are "global". A global command line option is one |
| that doesn't get reset at --next uses and therefore don't need to be |
| used again. |
| |
| Reported-by: Josh Soref |
| |
| Fixes #7457 |
| Closes #7510 |
| |
| - CURLOPT_DOH_URL.3: CURLOPT_OPENSOCKETFUNCTION is not inherited |
| |
| Reported-by: Daniel Woelfel |
| Fixes #7441 |
| Closes #7509 |
| |
| - KNOWN_BUGS: add more HTTP/3 problems |
| |
| Closes #7351 |
| Closes #7339 |
| Closes #7125 |
| |
| Marc Hoersken (27 Jul 2021) |
| - CI/azure: reduce compile time with increased parallism |
| |
| Azure Pipelines CI VMs have 2 CPUs, let's use them. |
| |
| Closes #7489 |
| |
| Jay Satiro (27 Jul 2021) |
| - [Josh Soref brought this change] |
| |
| docs: fix grammar |
| |
| Fixes https://github.com/curl/curl/issues/7444 |
| Fixes https://github.com/curl/curl/issues/7451 |
| Fixes https://github.com/curl/curl/issues/7465 |
| Closes https://github.com/curl/curl/pull/7495 |
| |
| - mail-rcpt.d: fix grammar |
| |
| Remove confusing sentence that says to specify an e-mail address for |
| mail transfer, since that's implied. |
| |
| Reported-by: Josh Soref |
| |
| Fixes https://github.com/curl/curl/issues/7452 |
| Closes https://github.com/curl/curl/pull/7495 |
| |
| Daniel Stenberg (27 Jul 2021) |
| - c-hyper: remove the hyper_executor_poll() loop from Curl_http |
| |
| 1. it's superfluous |
| 2. it didn't work identically to the Curl_hyper_stream one which could |
| cause problems like #7486 |
| |
| Pointed-out-by: David Cook |
| Closes #7499 |
| |
| - curl-openssl.m4: check lib64 for the pkg-config file |
| |
| OpenSSL recently started putting the libs in $prefix/lib64 on 'make |
| install', so we check that directory for pkg-config data if the 'lib' |
| check fails. |
| |
| Closes #7503 |
| |
| - CURLOPT_SSL_CTX_*.3: tidy up the example |
| |
| Use the proper code style. Don't store return codes that aren't read. |
| Copy the same example into CURLOPT_SSL_CTX_FUNCTION.3 as well. |
| |
| Closes #7500 |
| |
| - example/cookie_interface: fix scan-build printf warning |
| |
| Follow-up to 4b79c4fb565 |
| |
| Fixes #7497 |
| Closes #7498 |
| |
| - [Josh Soref brought this change] |
| |
| limit-rate.d: clarify base unit |
| |
| Fixes #7439 |
| Closes #7494 |
| |
| - [Carlo Marcelo Arenas Belón brought this change] |
| |
| examples/cookie_interface: avoid printfing time_t directly |
| |
| time_t representation is undefined and varies on bitsize and signedness, |
| and as of C11 could be even non integer. |
| |
| instead of casting to unsigned long (which would truncate in systems |
| with a 32bit long after 2106) use difftime to get the elapsed time as a |
| double and print that (without decimals) instead. |
| |
| alternatively a cast to curl_off_t and its corresponding print |
| formatting could have been used (at least in POSIX) but portability and |
| curl agnostic code was prioritized. |
| |
| Closes #7490 |
| |
| Marc Hoersken (25 Jul 2021) |
| - tests/servers: remove obsolete pid variable |
| |
| Variable is not used since pidfile handling moved to util.[ch] |
| |
| Reviewed-by: Jay Satiro |
| Closes #7482 |
| |
| - tests/servers: use our platform-aware pid for server verification |
| |
| The pid used for server verification is later stored as pid2 in |
| the hash of running test servers and therefore used for shutdown. |
| |
| The pid used for shutdown must be the platform-aware (Win32) pid |
| to avoid leaking test servers while running them using Cygwin/msys. |
| |
| Reviewed-by: Jay Satiro |
| Closes #7481 |
| |
| - tests/runtests.pl: cleanup copy&paste mistakes and unused code |
| |
| Reviewed-by: Jay Satiro |
| Part of #7481 |
| |
| Daniel Stenberg (25 Jul 2021) |
| - RELEASE-NOTES: synced |
| |
| bumped to 7.78.1 for next release |
| |
| - http_proxy: clear 'sending' when the outgoing request is sent |
| |
| ... so that Curl_connect_getsock() will know how to wait for the socket |
| to become readable and not writable after the entire CONNECT request has |
| been issued. |
| |
| Regression added in 7.77.0 |
| |
| Reported-by: zloi-user on github |
| Assisted-by: Jay Satiro |
| Fixes #7155 |
| Closes #7484 |
| |
| Jay Satiro (25 Jul 2021) |
| - [Josh Soref brought this change] |
| |
| openssl: fix grammar |
| |
| Closes https://github.com/curl/curl/pull/7480 |
| |
| - configure.ac: tweak nghttp2 library name fix again |
| |
| - Change extraction to handle multiple library names returned by |
| pkg-config (eg a possible scenario with pkg-config --static). |
| |
| Ref: https://github.com/curl/curl/pull/7472 |
| |
| Closes https://github.com/curl/curl/pull/7485 |
| |
| Dan Fandrich (23 Jul 2021) |
| - Get rid of the unused HAVE_SIG_ATOMIC_T et. al. |
| |
| It was added in 2006 but I see no evidence it was ever used. |
| |
| Jay Satiro (23 Jul 2021) |
| - docs: change max-filesize caveat again |
| |
| - Add protocols field to max-filesize.d. |
| |
| - Revert wording on unknown file size caveat and do not discuss specific |
| protocols in that section. |
| |
| Partial revert of ecf0225. All max-filesize options now have the list of |
| protocols and it's clearer just to have that list without discussing |
| specific protocols in the caveat. |
| |
| Reported-by: Josh Soref |
| |
| Ref: https://github.com/curl/curl/issues/7453#issuecomment-884128762 |
| |
| Daniel Stenberg (22 Jul 2021) |
| - [Christian Weisgerber brought this change] |
| |
| configure: tweak nghttp2 library name fix |
| |
| commit 29c7cf79e8b44cf (shipped in 7.78.0) introduced a problem by |
| assuming that LIB_H2 does not have any leading whitespace. At least |
| OpenBSD's native pkg-config can produce such whitespace, though: |
| |
| $ pkg-config --libs-only-l libnghttp2 |
| -lnghttp2 |
| |
| As a result, the configure check for libnghttp2 will erroneously fail. |
| |
| Bug: https://curl.se/mail/lib-2021-07/0050.html |
| Closes #7472 |
| |
| - [Bastian Krause brought this change] |
| |
| docs/MQTT: update state of username/password support |
| |
| PR #7243 implemented username/password support for MQTT, so let's drop |
| these items from the caveats. |
| |
| Signed-off-by: Bastian Krause <bst@pengutronix.de> |
| |
| Closes #7474 |
| |
| - [Oleg Pudeyev brought this change] |
| |
| CURLMOPT_TIMERFUNCTION.3: remove misplaced "time" |
| |
| Closes #7470 |
| |
| Version 7.78.0 (21 Jul 2021) |
| |
| Daniel Stenberg (21 Jul 2021) |
| - RELEASE-NOTES: synced |
| |
| curl 7.78.0 release |
| |
| - winbuild/MakefileBuild.vc: bump copyright year |
| |
| Jay Satiro (21 Jul 2021) |
| - docs: mention max-filesize options also apply to MQTT transfers |
| |
| Also make it clearer that the caveat 'if the file size is unknown it |
| the option will have no effect' may apply to protocols other than FTP |
| and HTTP. |
| |
| Reported-by: Josh Soref |
| |
| Fixes https://github.com/curl/curl/issues/7453 |
| |
| - [Josh Soref brought this change] |
| |
| docs/cmdline: fix grammar and typos |
| |
| - [Josh Soref brought this change] |
| |
| dump-header.d: Drop suggestion to use for cookie storage |
| |
| Since --cookie-jar is the preferred way to store cookies, no longer |
| suggest using --dump-header to do so. |
| |
| Co-authored-by: Daniel Stenberg |
| |
| Closes https://github.com/curl/curl/issues/7414 |
| |
| - [Josh Soref brought this change] |
| |
| doc/cmdline: fix grammar and typos |
| |
| Closes https://github.com/curl/curl/pull/7454 |
| Closes https://github.com/curl/curl/pull/7455 |
| Closes https://github.com/curl/curl/pull/7456 |
| Closes https://github.com/curl/curl/pull/7459 |
| Closes https://github.com/curl/curl/pull/7460 |
| Closes https://github.com/curl/curl/pull/7461 |
| Closes https://github.com/curl/curl/pull/7462 |
| Closes https://github.com/curl/curl/pull/7463 |
| |
| Daniel Stenberg (20 Jul 2021) |
| - vtls: fix connection reuse checks for issuer cert and case sensitivity |
| |
| CVE-2021-22924 |
| |
| Reported-by: Harry Sintonen |
| Bug: https://curl.se/docs/CVE-2021-22924.html |
| |
| - sectransp: check for client certs by name first, then file |
| |
| CVE-2021-22926 |
| |
| Bug: https://curl.se/docs/CVE-2021-22926.html |
| |
| Assisted-by: Daniel Gustafsson |
| Reported-by: Harry Sintonen |
| |
| - telnet: fix option parser to not send uninitialized contents |
| |
| CVS-2021-22925 |
| |
| Reported-by: Red Hat Product Security |
| Bug: https://curl.se/docs/CVE-2021-22925.html |
| |
| Jay Satiro (20 Jul 2021) |
| - connect: fix wrong format specifier in connect error string |
| |
| 0842175 (not in any release) used the wrong format specifier (long int) |
| for timediff_t. On an OS such as Windows libcurl's timediff_t (usually |
| 64-bit) is bigger than long int (32-bit). In 32-bit Windows builds the |
| upper 32-bits of the timediff_t were erroneously then used by the next |
| format specifier. Usually since the timeout isn't larger than 32-bits |
| this would result in null as a pointer to the string with the reason for |
| the connection failing. On other OSes or maybe other compilers it could |
| probably result in garbage values (ie crash on deref). |
| |
| Before: |
| Failed to connect to localhost port 12345 after 1201 ms: (nil) |
| |
| After: |
| Failed to connect to localhost port 12345 after 1203 ms: Connection refused |
| |
| Closes https://github.com/curl/curl/pull/7449 |
| |
| - winbuild: support alternate nghttp2 static lib name |
| |
| - Support both nghttp2.lib and nghttp2_static.lib for static nghttp2. |
| |
| nghttp2 briefly changed its static lib name to nghttp2_static, but then |
| made the _static suffix optional. |
| |
| Ref: https://github.com/nghttp2/nghttp2/pull/1394 |
| Ref: https://github.com/nghttp2/nghttp2/pull/1418 |
| Ref: https://github.com/nghttp2/nghttp2/issues/1466 |
| |
| Reported-by: Pierre Yager |
| |
| Fixes https://github.com/curl/curl/issues/7446 |
| Closes https://github.com/curl/curl/pull/7447 |
| |
| - [Josh Soref brought this change] |
| |
| docs/cmdline: fix grammar and typos |
| |
| Closes https://github.com/curl/curl/pull/7432 |
| Closes https://github.com/curl/curl/pull/7436 |
| Closes https://github.com/curl/curl/pull/7438 |
| Closes https://github.com/curl/curl/pull/7440 |
| Closes https://github.com/curl/curl/pull/7445 |
| |
| - [Josh Soref brought this change] |
| |
| delegation.d: mention what happens when used multiple times |
| |
| Closes https://github.com/curl/curl/pull/7408 |
| |
| - [Josh Soref brought this change] |
| |
| create-file-mode.d: mention what happens when used multiple times |
| |
| Closes https://github.com/curl/curl/pull/7407 |
| |
| - [Josh Soref brought this change] |
| |
| config.d: split comments and option-per line |
| |
| Closes https://github.com/curl/curl/pull/7405 |
| |
| Daniel Stenberg (19 Jul 2021) |
| - misc: copyright year range updates |
| |
| - mailmap: add Tobias and Timur |
| |
| Daniel Gustafsson (18 Jul 2021) |
| - [Josh Soref brought this change] |
| |
| docs: spell out directories instead of dirs in create-dirs |
| |
| Write out directories rather than using the dirs abbrevation. Also |
| use plural form consistently, even if the code in the end might just |
| create a single directory. |
| |
| Closes #7406 |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| Reviewed-by: Daniel Gustafsson <daniel@yesql.se> |
| |
| - [Tobias Nyholm brought this change] |
| |
| docs: correct spelling errors and a broken link |
| |
| Update grammar and spelling in docs and source code comments. |
| |
| Closes: #7427 |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| Marc Hoersken (18 Jul 2021) |
| - CI/cirrus: install impacket from PyPI instead of FreeBSD packages |
| |
| Availability of impacket as FreeBSD package is too flaky. |
| |
| Stick to legacy version of cryptography which still |
| supports OpenSSL version 1.0.2 due to FreeBSD 11. |
| |
| Reviewed-by: Daniel Stenberg |
| |
| Closes #7418 |
| |
| Daniel Stenberg (18 Jul 2021) |
| - [Josh Soref brought this change] |
| |
| docs/cmdline: mention what happens when used multiple times |
| |
| For --dns-ipv4-addr, --dns-ipv6-addr and --dns-servers |
| |
| Closes #7410 |
| Closes #7411 |
| Closes #7412 |
| |
| - [Michał Antoniak brought this change] |
| |
| lib: fix compiler warnings with CURL_DISABLE_NETRC |
| |
| warning C4189: 'netrc_user_changed': local variable is initialized but |
| not referenced |
| |
| warning C4189: 'netrc_passwd_changed': local variable is initialized but |
| not referenced |
| |
| Closes #7423 |
| |
| - disable-epsv.d: remove duplicate "(FTP)" |
| |
| ... since the tooling adds that to the output based on the "Protocols:" |
| tag. |
| |
| - [Max Zettlmeißl brought this change] |
| |
| docs: make the documentation for --etag-save match the program behaviour |
| |
| When using curl with the option `--etag-save` I expected it to save the |
| ETag without its surrounding quotes, as stated by the documentation in |
| the repository and by the generated man pages. |
| |
| My first endeavour was to fix the program, but while investigating the |
| history of the relevant parts, I discovered that curl once saved the |
| ETag without the quotes. This was undone by Daniel Stenberg in commit |
| `98c94596f5928840177b6bd3c7b0f0dd03a431af`, therefore I decided that in |
| this case the documentation should be adjusted to match the behaviour of |
| curl. |
| |
| The changed save behaviour also made parts of the `--etag-compare` |
| documentation wrong or superfluous, so I adjusted those accordingly. |
| |
| Closes #7429 |
| |
| - [Josh Soref brought this change] |
| |
| write-out.d: add missing periods |
| |
| Closes #7404 |
| |
| - [Josie Huddleston brought this change] |
| |
| easy: during upkeep, attach Curl_easy to connections in the cache |
| |
| During the protocol-specific parts of connection upkeep, some code |
| assumes that the data->conn pointer already is set correctly. However, |
| there's currently no guarantee of that in the code. |
| |
| This fix temporarily attaches each connection to the Curl_easy object |
| before performing the protocol-specific connection check on it, in a |
| similar manner to the connection checking in extract_if_dead(). |
| |
| Fixes #7386 |
| Closes #7387 |
| Reported-by: Josie Huddleston |
| |
| - [Josh Soref brought this change] |
| |
| cleanup: spell DoH with a lowercase o |
| |
| Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> |
| |
| Closes #7413 |
| |
| - [Josh Soref brought this change] |
| |
| TheArtOfHttpScripting: polish |
| |
| - add missing backticks and comma |
| |
| - fix proxy description: |
| |
| * example proxy isn't local |
| * locally doesn't really make sense |
| |
| Closes #7416 |
| |
| - [Josh Soref brought this change] |
| |
| form.d: add examples of `,`/`;` for file[name] |
| |
| Fixes #7415 |
| Closes #7417 |
| |
| - [Michał Antoniak brought this change] |
| |
| mbedtls: Remove unnecessary include |
| |
| - curl_setup.h: all references to mbedtls_md4* functions and structures |
| are in the md4.c. This file already includes the <mbedtls/md4.h> file |
| along with the file existence control (defined (MBEDTLS_MD4_C)) |
| |
| - curl_ntlm_core.c: unnecessary include - repeated below |
| |
| Closes #7419 |
| |
| - RELEASE-NOTES: synced |
| |
| Jay Satiro (16 Jul 2021) |
| - [User Sg brought this change] |
| |
| multi: fix crash in curl_multi_wait / curl_multi_poll |
| |
| Appears to have been caused by 51c0ebc (precedes 7.77.0) which added a |
| VALID_SOCK check to one of the loops through the sockets but not the |
| other. |
| |
| Reported-by: sylgal@users.noreply.github.com |
| Authored-by: sylgal@users.noreply.github.com |
| |
| Fixes https://github.com/curl/curl/issues/7379 |
| Closes https://github.com/curl/curl/pull/7389 |
| |
| - [Daniel Gustafsson brought this change] |
| |
| tool_help: remove unused define |
| |
| The PRINT_LINES_PAUSE macro is no longer used, and has been mostly |
| cleaned out but one occurrence remained. |
| |
| Closes https://github.com/curl/curl/pull/7380 |
| |
| - [Sergey Markelov brought this change] |
| |
| build: fix compiler warnings when CURL_DISABLE_VERBOSE_STRINGS |
| |
| fix compiler warnings about unused variables and parameters when |
| built with --disable-verbose. |
| |
| Closes https://github.com/curl/curl/pull/7377 |
| |
| - [Andrea Pappacoda brought this change] |
| |
| build: fix IoctlSocket FIONBIO check |
| |
| Prior to this change HAVE_IOCTLSOCKET_CAMEL_FIONBIO mistakenly checked |
| for (lowercase) ioctlsocket when it should have checked for IoctlSocket. |
| |
| Closes https://github.com/curl/curl/pull/7375 |
| |
| - [Timur Artikov brought this change] |
| |
| configure: fix nghttp2 library name for static builds |
| |
| Don't hardcode the nghttp2 library name, |
| because it can vary, be "nghttp2_static" for example. |
| |
| Fixes https://github.com/curl/curl/issues/7367 |
| Closes https://github.com/curl/curl/pull/7368 |
| |
| Gisle Vanem (16 Jul 2021) |
| - [PellesC] fix _lseeki64() macro |
| |
| - [SChannel] Use '_tcsncmp()' instead |
| |
| Revert previous change for PellesC. |
| |
| Instead replace all use of `_tcsnccmp()` with `_tcsncmp()`. |
| |
| - [PellesC] missing '_tcsnccmp' |
| |
| PellesC compiler does not have this macro in it's `<tchar.h>` |
| |
| Daniel Gustafsson (14 Jul 2021) |
| - TODO: add mention of mbedTLS 3 incompatibilities |
| |
| Wyatt OʼDay reported in #7385 that mbedTLS isn't backwards compatible |
| and curl no longer builds with it. Document the need to fix our support |
| until so has been done. |
| |
| Closes #7390 |
| Fixes #7385 |
| Reported-by: Wyatt OʼDay |
| Reviewed-by: Jay Satiro <raysatiro@yahoo.com> |
| |
| - docs: fix inconsistencies in EGDSOCKET documentation |
| |
| Only the OpenSSL backend actually use the EGDSOCKET, and also use |
| TLS consistently rather than mixing SSL and TLS. While there, also |
| fix a minor spelling nit. |
| |
| Closes: #7391 |
| Reviewed-by: Jay Satiro <raysatiro@yahoo.com> |
| |
| - [Борис Верховский brought this change] |
| |
| docs: document missing arguments to commands |
| |
| This is a followup to commit f410b9e538129e77607fef1 fixing a few |
| more commands which takes arguments. |
| |
| Closes #7382 |
| Reviewed-by: Daniel Gustafsson <daniel@yesql.se> |
| |
| - [Randolf J brought this change] |
| |
| docs: fix incorrect argument name reference |
| |
| The documentation for the read callback was erroneously referencing |
| the nitems argument by nmemb. The error was introduced in commit |
| ce0881edee3c7. |
| |
| Closes #7383 |
| Reviewed-by: Daniel Gustafsson <daniel@yesql.se> |
| |
| - [Борис Верховский brought this change] |
| |
| tool_help: Document that --tlspassword takes a password |
| |
| Closes #7378 |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| - scripts: Fix typo in release-notes instructions |
| |
| The command to run had a typo in the pathname which prevented copy |
| pasting it to work, which has annoyed me enough to fix this now. |
| |
| - RELEASE-NOTES: synced |
| |
| Jay Satiro (10 Jul 2021) |
| - write-out.d: Clarify urlnum is not unique for de-globbed URLs |
| |
| Reported-by: Коваленко Анатолий Викторович |
| |
| Fixes https://github.com/curl/curl/issues/7342 |
| Closes https://github.com/curl/curl/pull/7369 |
| |
| Daniel Gustafsson (3 Jul 2021) |
| - [William Desportes brought this change] |
| |
| docs: Fix typos |
| |
| Closes: #7370 |
| Reviewed-by: Daniel Gustafsson <daniel@yesql.se> |
| |
| Daniel Stenberg (8 Jul 2021) |
| - [Jonathan Wernberg brought this change] |
| |
| Revert "ftp: Expression 'ftpc->wait_data_conn' is always false" |
| |
| The reverted commit introduced a logic error in code that was |
| correct. |
| |
| The client using libcurl would notice the error since FTP file |
| uploads in active transfer mode would somtimes complete with |
| success despite no transfer having been performed and the |
| "uploaded" file thus not being on the remote server afterwards. |
| |
| The FTP server would notice the error because it receives a |
| RST on the data connection it has established with the client |
| before any data was transferred at all. |
| |
| The logic error happens if the STOR response from the server have |
| arrived by the time ftp_multi_statemach() in the affected code path |
| is called, but the incoming data connection have not arrived yet. |
| In that case, the processing of the STOR response will cause |
| 'ftpc->wait_data_conn' to be set to TRUE, contradicting the comment |
| in the code. Since 'complete' will also be set, later logic would |
| believe the transfer was done. |
| |
| In most cases, the STOR response will not have arrived yet when |
| the affected code path is executed, or the incoming connection will |
| also have arrived, and thus the error would not express itself. |
| But if the speed difference of the device using libcurl and the |
| FTP server is exactly right, the error may happen as often as in |
| one out of hundred file transfers. |
| |
| This reverts commit 49f3117a238b6eac0e22a32f50699a9eddcb66ab. |
| |
| Bug: https://curl.se/mail/lib-2021-07/0025.html |
| Closes #7362 |
| |
| - msnprintf: return number of printed characters excluding null byte |
| |
| ... even when the output is "capped" by the maximum length argument. |
| |
| Clarified in the docs. |
| |
| Closes #7361 |
| |
| - infof: remove newline from format strings, always append it |
| |
| - the data needs to be "line-based" anyway since it's also passed to the |
| debug callback/application |
| |
| - it makes infof() work like failf() and consistency is good |
| |
| - there's an assert that triggers on newlines in the format string |
| |
| - Also removes a few instances of "..." |
| |
| - Removes the code that would append "..." to the end of the data *iff* |
| it was truncated in infof() |
| |
| Closes #7357 |
| |
| - examples/multi-single: fix scan-build warning |
| |
| warning: Value stored to 'mc' during its initialization is never read |
| |
| Follow-up to ae8e11ed5fd2ce |
| |
| Closes #7360 |
| |
| - wolfssl: failing to set a session id is not reason to error out |
| |
| ... as it is *probably* just timed out. |
| |
| Reported-by: Francisco Munoz |
| |
| Closes #7358 |
| |
| - docs/examples: use curl_multi_poll() in multi examples |
| |
| The API is soon two years old and deserves being shown as the primary |
| way to drive multi code as it makes it much easier to write code. |
| |
| multi-poll: removed |
| |
| multi-legacy: add to show how we did multi API use before |
| curl_multi_wait/poll. |
| |
| Closes #7352 |
| |
| - KNOWN_BUGS: flaky Windows CI builds |
| |
| Closes #6972 |
| |
| - RELEASE-NOTES: synced |
| |
| - test1147: hyper doesn't allow "crazy" request headers like built-in |
| |
| ... so strip that from the test. |
| |
| Closes #7349 |
| |
| - c-hyper: bail on too long response headers |
| |
| To match with built-in behaviors. Makes test 1154 work. |
| |
| Closes #7350 |
| |
| - test1151: added missing CRLF to work with hyper |
| |
| Closes #7350 |
| |
| - c-hyper: add support for transfer-encoding in the request |
| |
| Closes #7348 |
| |
| - [Andrea Pappacoda brought this change] |
| |
| cmake: remove libssh2 feature checks |
| |
| libssh2 features are detected based on version since commit |
| 9dbbba997608f7c3c5de1c627c77c8cd2aa85b73 |
| |
| Closes #7343 |
| |
| - test1116: hyper doesn't pass through "surprise-trailers" |
| |
| Closes #7344 |
| |
| - socks4: scan for the IPv4 address in resolve results |
| |
| Follow-up to 84d2839740 which changed the resolving to always resolve |
| both address families, but since SOCKS4 only supports IPv4 it should |
| scan for and use the first available IPv4 address. |
| |
| Reported-by: shithappens2016 on github |
| Fixes #7345 |
| Closes #7346 |
| |
| Jay Satiro (5 Jul 2021) |
| - proto.d: fix formatting for paragraphs after margin changes |
| |
| Closes https://github.com/curl/curl/pull/7341 |
| |
| - pinnedpubkey.d: fix formatting for version support lists |
| |
| Closes https://github.com/curl/curl/pull/7340 |
| |
| Daniel Stenberg (2 Jul 2021) |
| - TODO: "Support in-memory certs/ca certs/keys" done |
| |
| Has been suppored for a while now with the *BLOB options. |
| |
| - examples: safer and more proper read callback logic |
| |
| The same callback code is used in: |
| |
| imap-append.c |
| smtp-authzid.c |
| smtp-mail.c |
| smtp-multi.c |
| smtp-ssl.c |
| smtp-tls.c |
| |
| It should not assume that it can copy full lines into the buffer as it |
| will encourage sloppy coding practices. Instead use byte-wise logic and |
| check/acknowledge the buffer size appropriately. |
| |
| Reported-by: Harry Sintonen |
| Fixes #7330 |
| Closes #7331 |
| |
| - test1519: adjusted to work with hyper |
| |
| Closes #7333 |
| |
| - test1518: adjusted to work with hyper |
| |
| ... by making sure the stdout output doesn't look like HTTP headers. |
| |
| Closes #7333 |
| |
| - test1514: add a CRLF to the response to make it correct |
| |
| Makes hyper accept it fine instead returning HYPERE_UNEXPECTED_EOF on |
| us. |
| |
| Closes #7334 |
| |
| - formdata: avoid "Argument cannot be negative" warning |
| |
| ... when converting a curl_off_t to size_t, by using |
| CURL_ZERO_TERMINATED before passing the argument to the function. |
| |
| Detected by Coverity CID 1486590. |
| |
| Closes #7328 |
| Assisted-by: Daniel Gustafsson |
| |
| - lib: more %u for port and int for %*s fixes |
| |
| Detected by Coverity |
| |
| Closes #7329 |
| |
| - doh: (void)-prefix call to curl_easy_setopt |
| |
| - lib: fix type of len passed to *printf's %*s |
| |
| ... it needs to be 'int'. Detected by Coverity CID 1486611 (etc) |
| |
| Closes #7326 |
| |
| - lib: use %u instead of %ld for port number printf |
| |
| Follow-up to 764c6bd3bf which changed the type of some port number |
| fields. Detected by Coverity (CID 1486624) etc. |
| |
| Closes #7325 |
| |
| - version: turn version number functions into returning void |
| |
| ... as we never use the return codes from them. |
| |
| Reviewed-by: Daniel Gustafsson |
| Closes #7319 |
| |
| - mqtt: extend the error message for no topic |
| |
| ... and mention that it needs URL encoding. |
| |
| Reported-by: Peter Körner |
| Fixes #7316 |
| Closes #7317 |
| |
| - formdata: correct typecast in curl_mime_data call |
| |
| Coverity pointed out it the mismatch. CID 1486590 |
| |
| Closes #7327 |
| |
| - url: (void)-prefix a curl_url_get() call |
| |
| Coverity (CID 1486645) pointed out a use of curl_url_get() in the |
| parse_proxy function where the return code wasn't checked. A |
| (void)-prefix makes the intention obvious. |
| |
| Closes #7320 |
| |
| - glob: pass an 'int' as len when using printf's %*s |
| |
| Detected by Coverity CID 1486629. |
| |
| Closes #7324 |
| |
| - vtls: use free() not curl_free() |
| |
| curl_free() is provided for users of the API to free returned data, |
| there's no need to use it internally. |
| |
| Closes #7318 |
| |
| - zuul: use the new rustls directory name |
| |
| Follow-up to 6d972c8b1cbb3 which missed updating this directory name. |
| |
| Also no longer call it crustls in the docs and bump to rusttls-ffi 0.7.1 |
| |
| Closes #7311 |
| |
| Jay Satiro (29 Jun 2021) |
| - http: fix crash in rate-limited upload |
| |
| - Don't set the size of the piece of data to send to the rate limit if |
| that limit is larger than the buffer size that will hold the piece. |
| |
| Prior to this change if CURLOPT_MAX_SEND_SPEED_LARGE |
| (curl tool: --limit-rate) was set then it was possible that a temporary |
| buffer used for uploading could be written to out of bounds. A likely |
| scenario for this would be a non-trivial amount of post data combined |
| with a rate limit larger than CURLOPT_UPLOAD_BUFFERSIZE (default 64k). |
| |
| The bug was introduced in 24e469f which is in releases since 7.76.0. |
| |
| perl -e "print '0' x 200000" > tmp |
| curl --limit-rate 128k -d @tmp httpbin.org/post |
| |
| Reported-by: Richard Marion |
| |
| Fixes https://github.com/curl/curl/issues/7308 |
| Closes https://github.com/curl/curl/pull/7315 |
| |
| Daniel Stenberg (29 Jun 2021) |
| - copyright: add boiler-plate headers to CI config files |
| |
| And whitelist .zuul.ignore |
| |
| Closes #7314 |
| |
| - CI: remove travis details |
| |
| Rename still used leftovers to "zuul" as that's now the CI using them. |
| |
| Closes #7313 |
| |
| - RELEASE-NOTES: synced |
| |
| - openssl: avoid static variable for seed flag |
| |
| Avoid the race condition risk by instead storing the "seeded" flag in |
| the multi handle. Modern OpenSSL versions handle the seeding itself so |
| doing the seeding once per multi-handle instead of once per process is |
| less of an issue. |
| |
| Reported-by: Gerrit Renker |
| Fixes #7296 |
| Closes #7306 |
| |
| - configure: inhibit the implicit-fallthrough warning on gcc-12 |
| |
| ... since it no longer acknowledges the comment markup we use for that |
| purpose. |
| |
| Reported-by: Younes El-karama |
| Fixes #7295 |
| Closes #7307 |
| |
| Daniel Gustafsson (28 Jun 2021) |
| - [Andrei Rybak brought this change] |
| |
| misc: fix typos in comments which repeat a word |
| |
| Fix typos in code comments which repeat various words. In trivial |
| cases, just delete the repeated word. Reword the affected sentence in |
| "lib/url.c" for it to make sense. |
| |
| Closes #7303 |
| Reviewed-by: Daniel Gustafsson <daniel@yesql.se> |
| |
| Daniel Stenberg (27 Jun 2021) |
| - lib677: make it survive torture testing |
| |
| Follow-up to a5ab72d5edd7 |
| |
| Closes #7300 |
| |
| - [Tommy Chiang brought this change] |
| |
| docs/BINDINGS: fix outdated links |
| |
| * luacurl page is now not accessible, fix it with wayback machine page |
| * Scheme one seems not providing https now, change it back to http one |
| |
| Closes #7301 |
| |
| - [Jacob Hoffman-Andrews brought this change] |
| |
| curstls: bump crustls version and use new URL |
| |
| crustls moved to https://github.com/rustls/rustls-ffi. This also bumps |
| the expected version to 0.7.0. |
| |
| Closes #7297 |
| |
| - RELEASE-NOTES: synced |
| |
| - examples: length-limit two sscanf() uses of %s |
| |
| Reported-by: Jishan Shaikh |
| Fixes #7293 |
| Closes #7294 |
| |
| - [Richard Whitehouse brought this change] |
| |
| multi: alter transfer timeout ordering |
| |
| - Check whether a connection has succeded before checking whether it's |
| timed out. |
| |
| This means if we've connected quickly, but subsequently been |
| descheduled, we allow the connection to succeed. Note, if we timeout, |
| but between checking the timeout, and connecting to the server the |
| connection succeeds, we will allow it to go ahead. This is viewed as |
| an acceptable trade off. |
| |
| - Add additional failf logging around failed connection attempts to |
| propogate the cause up to the caller. |
| |
| Co-Authored-by: Martin Howarth |
| Closes #7178 |
| |
| - test677: IMAP CONNECT_ONLY, custom command and then exit |
| |
| Adjusted ftpserver.pl to add support for the IMAP IDLE command |
| |
| Adjusted test 660 to sync with the fix |
| |
| - multi: do not switch off connect_only flag when closing |
| |
| ... as it made protocol specific disconnect commands wrongly get used. |
| |
| Bug: https://curl.se/mail/lib-2021-06/0024.html |
| Reported-by: Aleksander Mazur |
| Closes #7288 |
| |
| - http: make the haproxy support work with unix domain sockets |
| |
| ... it should then pass on "PROXY UNKNOWN" since it doesn't know the |
| involved IP addresses. |
| |
| Reported-by: Valentín Gutiérrez |
| Fixes #7290 |
| Closes #7291 |
| |
| - [Xiang Xiao brought this change] |
| |
| curl.h: include sys/select.h for NuttX RTOS |
| |
| Closes #7287 |
| |
| - [Bin Meng brought this change] |
| |
| curl.h: remove the execution bit |
| |
| The execution bit of curl.h file was wrongly added: |
| |
| commit 2621025d6f96 ("curl.h: <sys/select.h> is supported by VxWorks7") |
| |
| and should be removed. |
| |
| Follow-up to 2621025d6f96 ("curl.h: <sys/select.h> is supported by VxWorks7") |
| Signed-off-by: Bin Meng <bmeng.cn@gmail.com> |
| Closes #7286 |
| |
| - [Bin Lan brought this change] |
| |
| curl.h: <sys/select.h> is supported by VxWorks7 |
| |
| Closes #7285 |
| |
| - [Bachue Zhou brought this change] |
| |
| quiche: use send() instead of sendto() to avoid macOS issue |
| |
| sendto() always returns "Socket is already connected" error on macos |
| |
| Closes #7260 |
| |
| - [Li Xinwei brought this change] |
| |
| cmake: fix support for UnixSockets feature on Win32 |
| |
| Move the definition of sockaddr_un struct from config-win32.h to |
| curl_setup.h, so that it could be shared by all build systems. |
| |
| Add ADDRESS_FAMILY typedef for old mingw, now old mingw can also use |
| unix sockets. |
| |
| Also fix the build of tests/server/sws.c on Win32 when USE_UNIX_SOCKETS |
| is defined. |
| |
| Closes #7034 |
| |
| - [Gregory Muchka brought this change] |
| |
| hostip: (macOS) free returned memory of SCDynamicStoreCopyProxies |
| |
| From Apples documentation on SCDynamicStoreCopyProxies, "Return Value: A |
| dictionary of key-value pairs that represent the current internet proxy |
| settings, or NULL if no proxy settings have been defined or if an error |
| occurred. You must release the returned value." |
| |
| Failure to release the returned value of SCDynamicStoreCopyProxies can |
| result in a memory leak. |
| |
| Source: https://developer.apple.com/documentation/systemconfiguration/1517088-scdynamicstorecopyproxies |
| |
| Closes #7265 |
| |
| - RELEASE-NOTES: synced |
| |
| Jay Satiro (21 Jun 2021) |
| - vtls: fix warning due to function prototype mismatch |
| |
| b09c8ee changed the function prototype. Caught by Visual Studio. |
| |
| - curl_multibyte: Remove local encoding fallbacks |
| |
| - If the UTF-8 to UTF-16 conversion fails in Windows Unicode builds then |
| no longer fall back to assuming the string is in a local encoding. |
| |
| Background: |
| |
| Some functions in Windows Unicode builds must convert UTF-8 to UTF-16 to |
| pass to the Windows CRT API wide-character functions since in Windows |
| UTF-8 is not a valid locale (or at least 99% of the time right now). |
| |
| Prior to this change if the Unicode encoding conversion failed then |
| libcurl would assume, for backwards compatibility with applications that |
| may have written their code for non-Unicode builds, attempt to convert |
| the string from local encoding to UTF-16. |
| |
| That type of "best effort" could theoretically cause some type of |
| security or other problem if a string that was locally encoded was also |
| valid UTF-8, and therefore an unexpected UTF-8 to UTF-16 conversion |
| could occur. |
| |
| Ref: https://github.com/curl/curl/pull/7246 |
| |
| Closes https://github.com/curl/curl/pull/7257 |
| |
| Daniel Stenberg (20 Jun 2021) |
| - curl_endian: remove the unused Curl_write64_le function |
| |
| The last usage was removed in cca455a36 |
| |
| Closes #7280 |
| |
| - vtls: only store TIMER_APPCONNECT for non-proxy connect |
| |
| Introducing a 'isproxy' argument to the connect function so that it |
| knows wether to store the time stamp or not. |
| |
| Reported-by: Yongkang Huang |
| Fixes #7274 |
| Closes #7274 |
| |
| - gnutls: set the preferred TLS versions in correct order |
| |
| Regression since 781864bedbc57 (curl 7.77.0) |
| |
| Reported-by: civodul on github |
| Assisted-by: Nikos Mavrogiannopoulos |
| Fixes #7277 |
| Closes #7278 |
| |
| - [Gergely Nagy brought this change] |
| |
| configure/cmake: remove checks for unused gethostbyaddr and gethostbyaddr_r |
| |
| Closes #7276 |
| |
| - [Gergely Nagy brought this change] |
| |
| configure/cmake: remove checks for unused inet_ntoa and inet_ntoa_r |
| |
| Closes #7276 |
| |
| - [Gergely Nagy brought this change] |
| |
| configure/cmake: remove unused define HAVE_PERROR |
| |
| Closes #7276 |
| |
| - [Gergely Nagy brought this change] |
| |
| configure: remove unused check for gai_strerror |
| |
| Closes #7276 |
| |
| - [Gergely Nagy brought this change] |
| |
| configure/cmake: remove unused define HAVE_FREEIFADDRS |
| |
| Closes #7276 |
| |
| - [Gergely Nagy brought this change] |
| |
| configure/cmake: remove unused define HAVE_FORK |
| |
| Closes #7276 |
| |
| - [Gergely Nagy brought this change] |
| |
| configure/cmake: remove unused define HAVE_FDOPEN |
| |
| Closes #7276 |
| |
| - [Gergely Nagy brought this change] |
| |
| configure/cmake: remove checks for unused sgtty.h |
| |
| Closes #7276 |
| |
| - [Gergely Nagy brought this change] |
| |
| configure/cmake: remove remaining checks for rsa.h |
| |
| Closes #7276 |
| |
| - [Gergely Nagy brought this change] |
| |
| configure/cmake: remove remaining checks for err.h |
| |
| Closes #7276 |
| |
| - [Gergely Nagy brought this change] |
| |
| configure/cmake: remove remaining checks for crypto.h |
| |
| Closes #7276 |
| |
| - [Gergely Nagy brought this change] |
| |
| configure/cmake: remove checks for unused getservbyport_r |
| |
| Closes #7276 |
| |
| - --socks4[a]: clarify where the host name is resolved |
| |
| Closes #7273 |
| |
| - libcurl-security.3: mention file descriptors and forks |
| |
| ... and move the security report section last. |
| |
| Reported-by: Harry Sintonen |
| Closes #7270 |
| |
| - [Alex Xu (Hello71) brought this change] |
| |
| configure.ac: make non-executable |
| |
| it needs to be processed by autoconf or autoreconf, and doesn't have a |
| suitable shebang to be directly executed. other projects normally set |
| configure.ac -x. |
| |
| Closes #7272 |
| |
| - configure: do not strip out debug flags |
| |
| To allow users to set them when invoking configure without using |
| --with-debug. |
| |
| Reported-by: Alex Xu |
| Fixes #7216 |
| Closes #7267 |
| |
| - libssh2: limit time a disconnect can take to 1 second |
| |
| Closes #7271 |
| |
| - TLS: prevent shutdown loops to get stuck |
| |
| ... by making sure the loops are only allowed to read the shutdown |
| traffic a limited number of times. |
| |
| Reported-by: Harry Sintonen |
| Closes #7271 |
| |
| - hyper: propagate errors back up from read callbacks |
| |
| Makes test 513 work with hyper |
| |
| Closes #7266 |
| |
| - KNOWN_BUGS: Negotiate on Windows fails |
| |
| Closes #5881 |
| |
| - KNOWN_BUGS: renames instead of locking for atomic operations |
| |
| Closes #6882 |
| Closes #6884 |
| |
| - zuul: add two missing CI jobs |
| |
| ... that were configured, just not run |
| |
| Closes #7261 |
| |
| Viktor Szakats (15 Jun 2021) |
| - idn: fix libidn2 with windows unicode builds |
| |
| Unicode Windows builds use UTF-8 strings internally in libcurl, |
| so make sure to call the UTF-8 flavour of the libidn2 API. Also |
| document that Windows builds with libidn2 and UNICODE do expect |
| CURLOPT_URL as an UTF-8 string. |
| |
| Reported-by: dEajL3kA on github |
| Assisted-by: Jay Satiro |
| Reviewed-by: Marcel Raad |
| Closes #7246 |
| Fixes #7228 |
| |
| Daniel Stenberg (15 Jun 2021) |
| - curl_url_set: reject spaces in URLs w/o CURLU_ALLOW_SPACE |
| |
| They were never officially allowed and slipped in only due to sloppy |
| parsing. Spaces (ascii 32) should be correctly encoded (to %20) before |
| being part of a URL. |
| |
| The new flag bit CURLU_ALLOW_SPACE when a full URL is set, makes libcurl |
| allow spaces. |
| |
| Updated test 1560 to verify. |
| |
| Closes #7073 |
| |
| - RELEASE-NOTES: synced |
| |
| ... and bump to version 7.78.0 for the next planned release. |
| |
| Jay Satiro (15 Jun 2021) |
| - docs: Remove outdated curl tool limitation |
| |
| - Document that HTTP/2 multiplexing is supported by the curl tool when |
| parallel transfers are used. |
| |
| Supported since 7.66.0 via --parallel, but the doc wasn't updated. |
| |
| Closes https://github.com/curl/curl/pull/7259 |
| |
| - http2: Clarify 'Using HTTP2' verbose message |
| |
| - Change phrasing from multi-use to multiplexing since the former may |
| not be as well understood. |
| |
| Before: * Using HTTP2, server supports multi-use |
| |
| After: * Using HTTP2, server supports multiplexing |
| |
| Bug: https://github.com/curl/curl/discussions/7255 |
| Reported-by: David Hu |
| |
| Closes https://github.com/curl/curl/pull/7258 |
| |
| Daniel Stenberg (14 Jun 2021) |
| - winbuild/README: VC should be set to 6 'or larger' |
| |
| Previously it listed all versions up to 15 (missing 16) but this new |
| phrasing is more open ended. |
| |
| Reported-by: Hugh Macdonald |
| Fixes #7253 |
| Closes #7254 |
| |
| - [Jacob Hoffman-Andrews brought this change] |
| |
| rustls: remove native_roots fallback |
| |
| For the commandline tool, we expect to be passed |
| SSL_CONN_CONFIG(CAfile); for library use, the use should pass a set of |
| trusted roots (like in other TLS backends). |
| |
| This also removes a dependency on Security.framework when building on |
| macOS. |
| |
| Closes #7250 |
| |
| - [Albin Vass brought this change] |
| |
| travis: remove jobs that have migrated to zuul |
| |
| Closes #7245 |
| |
| - [Mohammed Naser brought this change] |
| |
| CI: add jobs using Zuul |
| |
| It also includes a few changes to get the builds going: |
| - Added autoconf to common dependencies |
| - Added automake to common dependencies |
| - Added libtool to common dependencies |
| - Added libssl-dev to common dependencies |
| |
| Co-authored-by: Albin Vass |
| |
| Closes #7245 |
| |
| - netrc: skip 'macdef' definitions |
| |
| Add test 494 to verify |
| |
| Reported-by: Harry Sintonen |
| Fixes #7238 |
| Closes #7244 |
| |
| - multi: add scan-build-6 work-around in curl_multi_fdset |
| |
| scan-build-6 otherwise warns, saying: warning: The left operand of '>=' |
| is a garbage value otherwise, which is false. |
| |
| Later scan-builds don't claim this on the same code. |
| |
| Closes #7248 |
| |
| - asyn-ares: remove check for 'data' in Curl_resolver_cancel |
| |
| It implied it would survive a NULL in there which it won't. Instead do |
| an assert. |
| |
| Pointed out by scan-build. |
| |
| Closes #7248 |
| |
| - url.c: remove two variable assigns that are never read |
| |
| Pointed out by scan-build |
| |
| Closes #7248 |
| |
| - [Gealber Morales brought this change] |
| |
| mqtt: add support for username and password |
| |
| Minor-edits-by: Daniel Stenberg |
| Added test 2200 to 2205 |
| |
| Closes #7243 |
| |
| - travis: remove the arm job |
| |
| We do it on circle CI instead |
| |
| - CI: add .circleci/config.yml |
| |
| Assisted-by: Gabriel Simmer |
| |
| Closes #7239 |
| |
| - RELEASE-NOTES: synced |
| |
| - runtests: init $VERSION to avoid warnings when using -l |
| |
| - openssl: don't remove session id entry in disassociate |
| |
| When a connection is disassociated from a transfer, the Session ID entry |
| should remain. |
| |
| Regression since 7f4a9a9 (shipped in libcurl 7.77.0) |
| Reported-by: Gergely Nagy |
| Reported-by: Paul Groke |
| |
| Fixes #7222 |
| Closes #7230 |
| |
| - single_transfer: ignore blank --output-dir |
| |
| ... as otherwise it creates a rather unexpected target directory with a |
| leading slash. |
| |
| Reported-by: Harry Sintonen |
| Fixes #7218 |
| Closes #7233 |
| |
| - tests: update README about servers and port numbers |
| |
| Closes #7242 |
| |
| - conn_shutdown: if closed during CONNECT cleanup properly |
| |
| Reported-by: Alex Xu |
| Reported-by: Phil E. Taylor |
| |
| Fixes #7236 |
| Closes #7237 |
| |
| - [Christian Weisgerber brought this change] |
| |
| sws: malloc request struct instead of using stack |
| |
| ... 2MB requests is otherwise just too big for some systems. |
| |
| (The allocations are not freed properly.) |
| |
| Bug: https://curl.se/mail/lib-2021-06/0018.html |
| |
| Closes #7235 |
| |
| - [Mark Swaanenburg brought this change] |
| |
| lib: don't compare fd to FD_SETSIZE when using poll |
| |
| FD_SETSIZE is irrelevant when using poll. So ensuring that the file |
| descriptor is smaller than FD_SETSIZE in VALID_SOCK, can cause |
| multi_wait to ignore perfectly valid file descriptors and simply wait |
| for 1s to avoid hammering the CPU in a busy loop. |
| |
| Fixes #7240 |
| Closes #7241 |
| |
| - [zhangxiuhua brought this change] |
| |
| doh: fix wrong DEBUGASSERT for doh private_data |
| |
| Closes #7227 |
| |
| - [yb999 brought this change] |
| |
| tests: update README.md with a missing single quote |
| |
| Closes #7231 |
| |
| - GHA: run all tests for hyper too |
| |
| As it lists disabled ones in DISABLED now |
| |
| Closes #7209 |
| |
| - tests/data/DISABLED: add tests not working with hyper |
| |
| The goal is to remove them all from here over time. |
| |
| Closes #7209 |
| |
| - runtests: also find the last test in Makefile.inc |
| |
| Closes #7209 |
| |
| - test3010: work with hyper mode |
| |
| Closes #7209 |
| |
| - configure: disable RTSP when hyper is selected |
| |
| Makes test 1013 work |
| |
| Closes #7209 |
| |
| - test1594/1595/1596: fix to work in hyper mode |
| |
| Closes #7209 |
| |
| - test1438/1457: add HTTP keyword to make hyper mode work |
| |
| Closes #7209 |
| |
| - test1340/1341: adjusted for hyper mode |
| |
| Closes #7209 |
| |
| - test1218: adjusted for hyper mode |
| |
| Closes #7209 |
| |
| - test1216: adjusted for hyper mode |
| |
| Closes #7209 |
| |
| - test1230: adjust to work in hyper mode |
| |
| Closes #7209 |
| |
| - c-hyper: abort CONNECT response reading early on non 2xx responses |
| |
| Fixes test 493 |
| |
| Closes #7209 |
| |
| - test434: add HTTP keyword |
| |
| Closes #7209 |
| |
| - test599: adjusted to work in hyper mode |
| |
| Closes #7209 |
| |
| - c-hyper: fix the uploaded field in progress callbacks |
| |
| Makes test 578 work |
| |
| Closes #7209 |
| |
| - test566: adjust to work with hyper mode |
| |
| Closes #7209 |
| |
| - [Fawad Mirza brought this change] |
| |
| CURLOPT_WRITEFUNCTION.3: minor update of the example |
| |
| Safely avoid chunk.size garbage value if declared non globally. |
| |
| Closes #7219 |
| |
| - [Bastian Krause brought this change] |
| |
| configure: rename get-easy-option configure option to get-easy-options |
| |
| "get-easy-options" is the configure option advertised by the help text |
| anyway, so use that. |
| |
| Fixes #7211 |
| Closes #7213 |
| |
| Follow-up to ad691b191 ("configure: added --disable-get-easy-options") |
| Suggested-by: Daniel Stenberg <daniel@haxx.se> |
| Signed-off-by: Bastian Krause <bst@pengutronix.de> |
| |
| - runtests: skip disabled tests unless -f is used |
| |
| To make it easier to write ranges like '115 to 229' without that |
| explicitly enabling tests that are listed in DISABLED, this makes |
| runtests always skip disabled tests unless the -f command line option is |
| used. |
| |
| Previously the code attempted to not run such tests, but didn't do it |
| correctly. |
| |
| Closes #7212 |
| |
| - [Jun-ya Kato brought this change] |
| |
| ngtcp2: disable TLSv1.3 compatible mode when using GnuTLS |
| |
| The latest GnuTLS-3.7.2 implements disable switch for TLSv1.3 compatible |
| mode for middle box but it is enabled by default, which is unnecessary |
| for QUIC. |
| |
| Fixes #6896 |
| Closes #7202 |
| |
| - test644: remove as duplicate of test 587 |
| |
| Closes #7208 |
| |
| Daniel Gustafsson (8 Jun 2021) |
| - RELEASE-NOTES: synced |
| |
| - cookies: track expiration in jar to optimize removals |
| |
| Removing expired cookies needs to be a fast operation since we want to |
| be able to perform it often and speculatively. By tracking the timestamp |
| of the next known expiration we can exit early in case the timestamp is |
| in the future. |
| |
| Closes: #7172 |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| Daniel Stenberg (7 Jun 2021) |
| - GHA: add several libcurl tests to the hyper job |
| |
| 500 to 512 |
| |
| - test500: adjust to work with hyper mode |
| |
| - c-hyper: support CURLINFO_STARTTRANSFER_TIME |
| |
| Closes #7204 |
| |
| - c-hyper: support CURLOPT_HEADER |
| |
| When enabled, the headers are passed to the body write callback as well. |
| |
| Like in test 500 |
| |
| Closes #7204 |
| |
| - GHA: run the newly fixed tests with hyper |
| |
| Closes #7205 |
| |
| - test433: adjust for hyper mode |
| |
| Closes #7205 |
| |
| - test395: hyper cannot work around > 64 bit content-lengths like built-in |
| |
| Closes #7205 |
| |
| - test394: hyper returns a different error |
| |
| Closes #7205 |
| |
| - test393: make Content-Length fit within 64 bit for hyper |
| |
| Closes #7205 |
| |
| - test347: CRLFify to work in hyper mode |
| |
| Closes #7205 |
| |
| - test339: CRLFify better to work in hyper mode |
| |
| Closes #7205 |
| |
| - travis: remove the hyper build |
| |
| - GHA: add a linux-hyper job |
| |
| Closes #7206 |
| |
| - test328: avoid a header-looking body to make hyper mode work |
| |
| The test still works the same, just modified two bytes in the content. |
| |
| Closes #7203 |
| |
| - release-notes.pl: also spot common 'closes' typo |
| |
| - metalink: remove |
| |
| Warning: this will make existing curl command lines that use metalink to |
| stop working. |
| |
| Reasons for removal: |
| |
| 1. We've found several security problems and issues involving the |
| metalink support in curl. The issues are not detailed here. When |
| working on those, it become apparent to the team that several of the |
| problems are due to the system design, metalink library API and what |
| the metalink RFC says. They are very hard to fix on the curl side |
| only. |
| |
| 2. The metalink usage with curl was only very briefly documented and was |
| not following the "normal" curl usage pattern in several ways, making |
| it surprising and non-intuitive which could lead to further security |
| issues. |
| |
| 3. The metalink library was last updated 6 years ago and wasn't so |
| active the years before that either. An unmaintained library means |
| there's a security problem waiting to happen. This is probably reason |
| enough. |
| |
| 4. Metalink requires an XML parsing library, which is complex code (even |
| the smaller alternatives) and to this day often gets security |
| updates. |
| |
| 5. Metalink is not a widely used curl feature. In the 2020 curl user |
| survey, only 1.4% of the responders said that they'd are using it. In |
| 2021 that number was 1.2%. Searching the web also show very few |
| traces of it being used, even with other tools. |
| |
| 6. The torrent format and associated technology clearly won for |
| downloading large files from multiple sources in parallel. |
| |
| Cloes #7176 |
| |
| - docs/INSTALL: remove mentions of configure --with-darwin-ssl |
| |
| ... as it isn't supported since a while back. |
| |
| Make configure fail with a warning if used. |
| |
| Reported-by: Vadim Grinshpun |
| Bug: https://curl.se/mail/lib-2021-06/0008.html |
| Closes #7200 |
| |
| - RELEASE-NOTES: synced |
| |
| - [Gregor Jasny brought this change] |
| |
| cmake: Avoid leaking absolute paths into exported config |
| |
| The `find_libarary` command resolves the library or framework |
| into an absolute path. In case of system frameworks which are |
| located within an Xcode-provided SDK this results in the Xcode |
| path and SDK version being part of the library path. |
| |
| Because those library paths end up in the exported CMake config |
| importing curl will fail once the Xcode location or SDK version |
| changes: |
| |
| ```cmake |
| set_target_properties(CURL::libcurl PROPERTIES |
| INTERFACE_INCLUDE_DIRECTORIES "${_IMPORT_PREFIX}/include" |
| INTERFACE_LINK_LIBRARIES "lber;ldap;/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX11.3.sdk/System/Library/Frameworks/SystemConfiguration.framework;OpenSSL::SSL;OpenSSL::Crypto;ZLIB::ZLIB" |
| ) |
| ``` |
| |
| A work-around is to link against system-level frameworks with |
| `-framework XYZ`. In case of `SystemConfiguration` we might be able |
| to omit the lookup-check because we could assume the framework is |
| always present. |
| |
| Closes #7152 |
| |
| - [Shikha Sharma brought this change] |
| |
| http2_connisdead: handle trailing GOAWAY better |
| |
| When checking the connection the input processing returns error |
| immediately, we now consider that a dead connnection. |
| |
| Bug: https://curl.se/mail/lib-2021-06/0001.html |
| Closes #7192 |
| |
| - [Dmitry Karpov brought this change] |
| |
| ares: always store IPv6 addresses first |
| |
| Trying dual-stack on some embedded platform, I noticed that quite |
| frequently (20%) libCurl starts from IPv4 regardless the Happy Eyeballs |
| timeout value. After debugging this issue, I noticed that this happens |
| if c-ares resolver response for IPv6 family comes before IPv4 (which was |
| randomly happening in my tests). |
| |
| In such cases, because libCurl puts the last resolver response on top of |
| the address list, when IPv4 resolver response comes after IPv6 one - the |
| IPv4 family starts the connection phase instead of IPv6 family. |
| |
| The solution for this issue is to always put IPv6 addresses on top of |
| the address list, regardless the order of resolver responses. |
| |
| Bug: https://curl.se/mail/lib-2021-06/0003.html |
| |
| Closes #7188 |
| |
| - Revert "Revert "socketpair: fix potential hangs"" |
| |
| This reverts commit 3e70c3430a370a31eff2c1d8fea29edaca8f1127. |
| |
| Thus brings back the change from #7144 as was originally landed in |
| c769d1eab4de8b |
| |
| Closes #7144 (again) |
| |
| - [Ebe Janchivdorj brought this change] |
| |
| schannel: move code out of SChannel_connect_step1 |
| |
| Reviewed-by: Marc Hoersken |
| Closes #7168 |
| |
| - tests/data/Makefile.inc: error: trailing backslash on last line |
| |
| Follow-up to d8dcb399b8009d |
| |
| - TODO: Support rate-limiting for MQTT |
| |
| - [Dmitry Kostjuchenko brought this change] |
| |
| warnless: simplify type size handling |
| |
| By using sizeof(T), existing defines and relying on the compiler to |
| define the required signed/unsigned mask. |
| |
| Closes #7181 |
| |
| Gisle Vanem (4 Jun 2021) |
| - [Win32] Fix for USE_WATT32 |
| |
| My Watt-32 tcp/ip stack works on Windows but it does not have `WSAIoctl()` |
| |
| Daniel Stenberg (4 Jun 2021) |
| - [Alexis Vachette brought this change] |
| |
| url: bad CURLOPT_CONNECT_TO syntax now returns error |
| |
| Added test 3020 to verify |
| |
| Closes #7183 |
| |
| - github: remove the cmake macOS gcc-8 jobs |
| |
| They're too similar to the gcc-9 ones to be useful (and seems to not |
| work anymore). |
| |
| Closes #7187 |
| |
| - test269: disable for hyper |
| |
| --ignore-content-length / CURLOPT_IGNORE_CONTENT_LENGTH doesn't work |
| with hyper. |
| |
| Closes #7184 |
| |
| - runtests: enable 'hyper mode' only for HTTP tests |
| |
| The 'hyper mode' makes line-ending checks work in the test suite for |
| when hyper is used. Now it also requires that HTTP or HTTPS are |
| mentioned as keywords to be enabled so that it doesn't wrongly adjusts |
| tests for other protocols. |
| |
| This makes test 271 (TFTP) work again in hyper enabled builds. |
| |
| Closes #7185 |
| |
| - [Alexis Vachette brought this change] |
| |
| hostip: bad CURLOPT_RESOLVE syntax now returns error |
| |
| Added test 3019 |
| Fixes #7170 |
| Closes #7174 |
| |
| Daniel Gustafsson (3 Jun 2021) |
| - cookies: fix typo and expand comment |
| |
| Fix a typo in the sorting comment, and while in there elaborate slightly |
| on why creationtime can be used as a tiebreaker. |
| |
| - cookies: remove unused header |
| |
| Commit 1c1d9f1affbd3367bcb24062e261d0ea5d185e3a removed the last use |
| for the inet_pton.h headerfile, this removes the inclusion of the |
| header. |
| |
| Closes: #7182 |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| Daniel Stenberg (3 Jun 2021) |
| - Revert "socketpair: fix potential hangs" |
| |
| This reverts commit c769d1eab4de8b9f1bd84d992c63692fdc43c5be. |
| |
| See #7144 for details |
| |
| - [Paul Groke brought this change] |
| |
| socketpair: fix potential hangs |
| |
| Fixes potential hang in accept by using select + non-blocking accept. |
| |
| Fixes potential hang in peer check by replacing the send/recv check with |
| a getsockname/getpeername check. |
| |
| Adds length check for returned sockaddr data. |
| |
| Closes #7144 |
| |
| - runtests: parse data/Makefile.inc instead of using make |
| |
| The warning about missing entries in that file then doesn't require that |
| the Makefile has been regenerated which was confusing. |
| |
| The scan for the test num is a little more error prone than before |
| (since now it doesn't actually verify that it is legitimate Makefile |
| syntax), but I think it is good enough. |
| |
| Closes #7177 |
| |
| - [Harry Sintonen brought this change] |
| |
| filecheck: quietly remove test-place/*~ |
| |
| Closes #7179 |
| |
| - CURLE_SETOPT_OPTION_SYNTAX: new error name for wrong setopt syntax |
| |
| For options that pass in lists or strings that are subsequently parsed |
| and must be correct. This broadens the scope for the option previously |
| known as CURLE_TELNET_OPTION_SYNTAX but the old name is of course still |
| provided as a #define for existing applications. |
| |
| Closes #7175 |
| |
| - tests: fix Accept-Encoding strips to work with Hyper builds |
| |
| The previous strip also removed the CR which turned problematic. |
| |
| valgrind.supp: add zstd suppression using hyper |
| |
| Reported-and-analyzed-by: Kevin Burke |
| Fixes #7169 |
| Closes #7171 |
| |
| - github: timeout jobs on macOS after 90 minutes |
| |
| Assisted-by: Marc Hoersken |
| Closes #7173 |
| |
| - [Harry Sintonen brought this change] |
| |
| mqtt: detect illegal and too large file size |
| |
| Add test 3017 and 3018 to verify. |
| Closes #7166 |
| |
| - [Abhinav Singh brought this change] |
| |
| cmake: add CURL_DISABLE_NTLM option |
| |
| Closes #7028 |
| |
| - [Abhinav Singh brought this change] |
| |
| configure: add --disable-ntlm option |
| |
| Closes #7028 |
| |
| - [Abhinav Singh brought this change] |
| |
| define: re-add CURL_DISABLE_NTLM and corresponding ifdefs |
| |
| This flag will be further exposed by adding build options. |
| |
| Reverts #6809 |
| Closes #7028 |
| |
| - RELEASE-NOTES: synced |
| |
| Viktor Szakats (1 Jun 2021) |
| - travis: delete --enable-hsts option (it is the default now) [ci skip] |
| |
| Reviewed-by: Daniel Stenberg |
| Closes #7167 |
| |
| Daniel Stenberg (1 Jun 2021) |
| - hostip: fix 3 coverity complaints |
| |
| Follow-up to 1a0ebf6632f889eed |
| |
| - Check the return code to Curl_inet_pton() in two instances, even |
| though we know the input is valid so the functions won't fail. |
| |
| - Clear the 'struct sockaddr_in' struct before use so that the |
| 'sin_zero' field isn't left uninitialized. |
| |
| Detected by Coverity. |
| Assisted-by: Harry Sintonen |
| Closes #7163 |
| |
| - c-hyper: fix NTLM on closed connection tested with test159 |
| |
| Closes #7154 |
| |
| - conncache: lowercase the hash key for better match |
| |
| As host names are case insensitive, the use of case sensitive hashing |
| caused unnecesary cache misses and therefore lost performance. This |
| lowercases the hash key. |
| |
| Reported-by: Harry Sintonen |
| Fixes #7159 |
| Closes #7161 |
| |
| - mbedtls: make mbedtls_strerror always work |
| |
| If the function doesn't exist, provide a macro that just clears the |
| error message. Removes #ifdef uses from the code. |
| |
| Closes #7162 |
| |
| - vtls: exit addsessionid if no cache is inited |
| |
| Follow-up to b249592d29ae0 |
| |
| Avoids NULL pointer derefs. |
| |
| Closes #7165 |
| |
| - [Harry Sintonen brought this change] |
| |
| Curl_ntlm_core_mk_nt_hash: fix OOM in error path |
| |
| Closes #7164 |
| |
| Michael Kaufmann (1 Jun 2021) |
| - ssl: read pending close notify alert before closing the connection |
| |
| This avoids a TCP reset (RST) if the server initiates a connection |
| shutdown by sending an SSL close notify alert and then closes the TCP |
| connection. |
| |
| For SSL connections, usually the server announces that it will close the |
| connection with an SSL close notify alert. curl should read this alert. |
| If curl does not read this alert and just closes the connection, some |
| operating systems close the TCP connection with an RST flag. |
| |
| See RFC 1122, section 4.2.2.13 |
| |
| If curl reads the close notify alert, the TCP connection is closed |
| normally with a FIN flag. |
| |
| The new code is similar to existing code in the "SSL shutdown" function: |
| try to read an alert (non-blocking), and ignore any read errors. |
| |
| Closes #7095 |
| |
| Daniel Stenberg (1 Jun 2021) |
| - [Laurent Dufresne brought this change] |
| |
| setopt: fix incorrect comments |
| |
| Closes #7157 |
| |
| - [Laurent Dufresne brought this change] |
| |
| mbedtls: add support for cert and key blob options |
| |
| CURLOPT_SSLCERT_BLOB and CURLOPT_SSLKEY_BLOB weren't usable with |
| mbedtls backend, so the support was added. |
| |
| Closes #7157 |
| |
| - [Gregor Jasny brought this change] |
| |
| cmake: try well-known send/recv signature for Apple |
| |
| The CMake `try_compile` command is especially slow for |
| the Xcode generator. With this patch applied it first tests |
| for the currently used (and Open Group specified) send/recv |
| signature. In case this fails testing falls-back to the |
| permutations. |
| |
| speed-up: |
| |
| ``` |
| time cmake .. -GNinja -DCMAKE_USE_SECTRANSP=ON -DHTTP_ONLY=ON -DCMAKE_USE_LIBSSH2=OFF |
| before: 11.64s user 11.09s system 55% cpu 40.754 total |
| after: 7.84s user 6.57s system 51% cpu 28.074 total |
| ``` |
| |
| ``` |
| time cmake .. -GXcode -DCMAKE_USE_SECTRANSP=ON -DHTTP_ONLY=ON -DCMAKE_USE_LIBSSH2=OFF |
| before: 217.07s user 104.15s system 60% cpu 8:51.79 total |
| after: 108.76s user 51.80s system 58% cpu 4:32.58 total |
| ``` |
| |
| Closes #7158 |
| |
| - http2: init recvbuf struct for pushed streams |
| |
| Debug builds would warn that these structs were not initialized properly |
| for pushed streams. |
| |
| Ref: #7148 |
| Closes #7153 |
| |
| - Curl_ssl_getsessionid: fail if no session cache exists |
| |
| This function might get called for an easy handle for which the session |
| cache hasn't been setup. It now just returns a "miss" in that case. |
| |
| Reported-by: Christoph M. Becker |
| Fixes #7148 |
| Closes #7153 |
| |
| - GOVERNANCE: add 'user', 'committer' and 'contributor' |
| |
| As those are commonly used terms in the project. |
| |
| Closes #7151 |
| |
| - URL-SYNTAX.md: document the new 'localhost' treatment |
| |
| - hostip: make 'localhost' return fixed values |
| |
| Resolving the case insensitive host name 'localhost' now returns the |
| addresses 127.0.0.1 and (if IPv6 is enabled) ::1 without using any |
| resolver. |
| |
| This removes the risk that users accidentally resolves 'localhost' to |
| something else. By making sure 'localhost' is always local, we can |
| assume a "secure context" for such transfers (for cookies etc). |
| |
| Closes #7039 |
| |
| Daniel Gustafsson (31 May 2021) |
| - docs: fix typos |
| |
| Daniel Stenberg (30 May 2021) |
| - hsts: ignore numberical IP address hosts |
| |
| Also, use a single function library-wide for detecting if a given hostname is |
| a numerical IP address. |
| |
| Reported-by: Harry Sintonen |
| Fixes #7146 |
| Closes #7149 |
| |
| - test178: adjust for hyper |
| |
| Hyper returns the same error for wrong HTTP version as for negative |
| content-length. Test 178 verifies that negative content-length is |
| rejected but the hyper backend will return a different error for it (and |
| without any helpful message telling why the message was bad). It will |
| also not return any headers at all for the response, not even the ones |
| that arrived before the error. |
| |
| Closes #7147 |
| |
| - HYPER: remove mentions of deprecated development branch |
| |
| - c-hyper: handle NULL from hyper_buf_copy() |
| |
| Closes #7143 |
| |
| - HSTS: not experimental anymore |
| |
| - [Douglas R. Reno brought this change] |
| |
| INSTALL: use correct extension for CURL-DISABLE.md |
| |
| In INSTALL.MD, it's currently set to CURL-DISABLE-md instead of |
| CURL-DISABLE.md. This generates a 404 on the cURL website as well as |
| when viewing the docs through Github. |
| |
| Closes #7142 |
| |
| - travis: run tests 1 - 153 with hyper |
| |
| - c-hyper: convert HYPERE_INVALID_PEER_MESSAGE to CURLE_UNSUPPORTED_PROTOCOL |
| |
| Makes test 129 work (HTTP/1.2 response). |
| |
| Closes #7141 |
| |
| - http_proxy: deal with non-200 CONNECT response with Hyper |
| |
| Makes test 94 and 95 work |
| |
| Closes #7141 |
| |
| - c-hyper: clear NTLM auth buffer when request is issued |
| |
| To prevent previous ones to get reused on subsequent requests. Matches |
| how the built-in HTTP code works. Makes test 90 to 93 work. |
| |
| Add test 90 to 93 in travis. |
| |
| Closes #7139 |
| |
| - [Joel Depooter brought this change] |
| |
| schannel: set ALPN length correctly for HTTP/2 |
| |
| In a3268eca792f1 this code was changed to use the ALPN_H2 constant |
| instead of the NGHTTP2_PROTO_ALPN constant. However, these constants are |
| not the same. The nghttp2 constant included the length of the string, |
| like this: "\x2h2". The ALPN_H2 constant is just "h2". Therefore we need |
| to re-add the length of the string to the ALPN buffer. |
| |
| Closes #7138 |
| |
| - travis: run tests 1-89 in the hyper build |
| |
| Closes #7137 |
| |
| - Revert "c-hyper: handle body on HYPER_TASK_EMPTY" |
| |
| This reverts commit c3eefa95c31f55657f0af422e8268d738f689066. |
| |
| Reported-by: Kevin Burke |
| Fixes #7122 |
| Closes #7136 |
| |
| - [Jon Rumsey brought this change] |
| |
| ccsidcurl: fix the compile errors |
| |
| Looks like the declaration of cpp shoule be const char ** and return |
| null if convert_version_info_string fails. |
| |
| Fixes #7134 |
| Closes #7135 |
| |
| - [Viktor Szakats brought this change] |
| |
| docs: use --max-redirs instead of --max-redir |
| |
| For consistency. |
| |
| Closes #7130 |
| |
| - RELEASE-NOTES: synced |
| |
| ... and bump to 7.77.1 |
| |
| - [Michael Forney brought this change] |
| |
| travis: add bearssl build |
| |
| Closes #7133 |
| |
| - [Michael Forney brought this change] |
| |
| bearssl: explicitly initialize all fields of Curl_ssl |
| |
| Also, add comments like the other vtls backends. |
| |
| Closes #7133 |
| |
| - [Michael Forney brought this change] |
| |
| bearssl: remove incorrect const on variable that is modified |
| |
| hostname may be set to NULL later on in this function if it is an |
| IP address. |
| |
| Closes #7133 |
| |
| Version 7.77.0 (26 May 2021) |
| |
| Daniel Stenberg (26 May 2021) |
| - RELEASE-NOTES: synced |
| |
| - THANKS: added contributors from 7.77.0 cycle |
| |
| - copyright: update copyright year ranges to 2021 |
| |
| - [Radek Zajic brought this change] |
| |
| hostip: fix broken macOS/CMake/GCC builds |
| |
| Follow-up to 31f631a142d855f06 |
| |
| Fixes #7128 |
| Closes #7129 |
| |
| - TODO: netrc caching and sharing |
| |
| URL: https://curl.se/mail/archive-2021-05/0018.html |
| |
| - [Orgad Shaneh brought this change] |
| |
| setopt: streamline ssl option code |
| |
| Make it use the same style as the code next to it |
| |
| Closes #7123 |
| |
| - [Radek Zajic brought this change] |
| |
| lib/hostip6.c: make NAT64 address synthesis on macOS work |
| |
| Closes #7121 |
| |
| - [ejanchivdorj brought this change] |
| |
| sectransp: fix EXC_BAD_ACCESS caused by uninitialized buffer |
| |
| When the SecCertificateCopyCommonName function fails, it leaves |
| common_name in a invalid state so CFStringCompare uses the invalid |
| result, causing EXC_BAD_ACCESS. |
| |
| The fix is to check the return value of the function before using the |
| name. |
| |
| Closes #7126 |
| |
| - [Paweł Wegner brought this change] |
| |
| CMake: add CURL_ENABLE_EXPORT_TARGET option |
| |
| install(EXPORT ...) causes trouble when embedding curl dependencies |
| which don't provide install(EXPORT ...) targets (e.g libressl and |
| nghttp2) with cmake's add_subdirectory. |
| |
| Reviewed-by: Jakub Zakrzewski |
| Closes #7060 |
| |
| - [Alessandro Ghedini brought this change] |
| |
| quiche: update for network path aware API |
| |
| Latest version of quiche requires the application to pass the peer |
| address of received packets, and it provides the address for outgoing |
| packets back. |
| |
| Closes #7120 |
| |
| - [Jacob Hoffman-Andrews brought this change] |
| |
| rustls: switch read_tls and write_tls to callbacks |
| |
| And update to 0.6.0, including a rename from session to connection for |
| many fields. |
| |
| Closes #7071 |
| |
| - [Koichi Shiraishi brought this change] |
| |
| sectransp: fix 7f4a9a9b2a49 commit about missing comma |
| |
| Follow-up to 7f4a9a9b2a495 |
| |
| Closes #7119 |
| |
| - [Harry Sintonen brought this change] |
| |
| openssl: associate/detach the transfer from connection |
| |
| CVE-2021-22901 |
| |
| Bug: https://curl.se/docs/CVE-2021-22901.html |
| |
| - [Harry Sintonen brought this change] |
| |
| telnet: check sscanf() for correct number of matches |
| |
| CVE-2021-22898 |
| |
| Bug: https://curl.se/docs/CVE-2021-22898.html |
| |
| - schannel: don't use static to store selected ciphers |
| |
| CVE-2021-22897 |
| |
| Bug: https://curl.se/docs/CVE-2021-22897.html |
| |
| - docs/tests: remove freenode references |
| |
| - RELEASE-NOTES: synced |
| |
| - [Sergey Markelov brought this change] |
| |
| NSS: make colons, commas and spaces valid separators in cipher list |
| |
| Fixes #7110 |
| Closes #7115 |
| |
| - curl: include libmetalink version in --version output |
| |
| Closes #7112 |
| |
| Jay Satiro (21 May 2021) |
| - [Matias N. Goldberg brought this change] |
| |
| cmake: Use multithreaded compilation on VS 2008+ |
| |
| Multithreaded compilation has been supported since at least VS 2005 and |
| been robustly stable since at least VS 2008 |
| |
| Closes https://github.com/curl/curl/pull/7109 |
| |
| Daniel Stenberg (21 May 2021) |
| - [Matias N. Goldberg brought this change] |
| |
| cmake: fix two invokes result in different curl_config.h |
| |
| Fixes #7100 |
| Closes #7101 |
| |
| Reviewed-by: Jakub Zakrzewski |
| Signed-off-by: Matias N. Goldberg <dark_sylinc@yahoo.com.ar> |
| |
| - [Peng-Yu Chen brought this change] |
| |
| cmake: detect CURL_SA_FAMILY_T |
| |
| Fixes #7049 |
| Closes #7065 |
| |
| - [Lucas Clemente Vella brought this change] |
| |
| CURLOPT_IPRESOLVE: preventing wrong IP version from being used |
| |
| In some situations, it was possible that a transfer was setup to |
| use an specific IP version, but due do DNS caching or connection |
| reuse, it ended up using a different IP version from requested. |
| |
| This commit changes the effect of CURLOPT_IPRESOLVE from simply |
| restricting address resolution to preventing the wrong connection |
| type being used, when choosing a connection from the pool, and |
| to restricting what addresses could be used when establishing |
| a new connection. |
| |
| It is important that all addresses versions are resolved, even if |
| not used in that transfer in particular, because the result is |
| cached, and could be useful for a different transfer with a |
| different CURLOPT_IPRESOLVE setting. |
| |
| Closes #6853 |
| |
| - [Oliver Urbann brought this change] |
| |
| AmigaOS: add functions definitions for SHA256 |
| |
| AmiSSL replaces many functions with macros. Curl requires pointer |
| to some of these functions. Thus, we have to encapsulate these macros: |
| SHA256_Init, SHA256_Update, SHA256_Final, X509_INFO_free. |
| |
| Bug: https://github.com/jens-maus/amissl/issues/15 |
| Co-authored-by: Daniel Stenberg <daniel@haxx.se> |
| |
| Closes #7099 |
| |
| - test2100: make it run with and require IPv6 |
| |
| Closes #7083 |
| |
| - tests/getpart: generate output URL encoded for better diffs |
| |
| Closes #7083 |
| |
| - [Ryan Beck-Buysse brought this change] |
| |
| docs/TheArtOfHttpScripting: fix markdown links |
| |
| extra parens cause the links to be incorrectly formatted |
| and inconsistent with the rest of the document. |
| |
| Signed-off-by: Ryan Beck-Buysse <rbuysse@gmail.com> |
| Closes #7097 |
| |
| - RELEASE-NOTES: synced |
| |
| - [Emil Engler brought this change] |
| |
| docs: replace dots with dashes in markdown enums |
| |
| We use dashes instead of dots nearly everywhere except for those few |
| cases. This commit addresses this issues and brings more coherency into |
| it. |
| |
| Closes #7093 |
| |
| - [Emil Engler brought this change] |
| |
| docs: improve INTERNALS.md regarding getsock cb |
| |
| This adds the I/O prefix to indicate that those "actions" are kind-of |
| related to those found in select(2) or poll(2) (reading/writing). |
| |
| It also adds a note where the prototypes of those functions can be found |
| in the source code. |
| |
| Closes #7092 |
| |
| - [Emil Engler brought this change] |
| |
| docs: document attach in INTERNALS.md |
| |
| The new field in the Curl_handler struct still lacks documentation. This |
| adds it it from the information extracted from lib/urldata.h:797 |
| |
| Closes #7091 |
| |
| - [Marc Aldorasi brought this change] |
| |
| config: remove now-unused macros |
| |
| Closes #7094 |
| |
| - [Marc Aldorasi brought this change] |
| |
| hostip.h: remove declaration of unimplemented function |
| |
| Closes #7094 |
| |
| - h3: add 'attach' callback to protocol handlers |
| |
| Follow-up to 0c55fbab45be |
| |
| Reviewed-by: Emil Engler |
| Closes #7090 |
| |
| - wolfssl: remove SSLv3 support leftovers |
| |
| Closes #7088 |
| |
| - curl-wolfssl.m4: without custom include path, assume /usr/include |
| |
| ... so that we can point out the root of the OpenSSL emulation headers. |
| Previously this used the '$includedir' variable which is wrong since |
| that defaults to the dir where the current configure invoke will install |
| the built libcurl headers: /usr/local by default. |
| |
| Fixes #7085 |
| Reported-by: Joel Jakobsson |
| Closes #7087 |
| |
| - [Joel Depooter brought this change] |
| |
| data_pending: check only SECONDARY socket for FTP(S) transfers |
| |
| Check the FIRST for all other protocols. |
| |
| This fixes a timeout in an ftps download. The server sends a TLS |
| close_notify message in the same packet as the file data. The |
| close_notify seems to not be handled in the schannel_recv function, so |
| libcurl is not aware that the server has closed the connection. Thus |
| libcurl ends up waiting for action on the socket until a timeout is |
| reached. With the secondary socket check added to the data_pending |
| function, the close_notify is properly handled, and the ftps transfer |
| terminates as expected. |
| |
| Fixes #7068 |
| Closes #7069 |
| |
| - github: inhibit deprecated declarations for clang on macOS |
| |
| ... as they otherwise cause ldap build errors in the CI. |
| |
| Fixes #7081 |
| Closes #7082 |
| |
| - conn: add 'attach' to protocol handler, make libssh2 use it |
| |
| The libssh2 backend has SSH session associated with the connection but |
| the callback context is the easy handle, so when a connection gets |
| attached to a transfer, the protocol handler now allows for a custom |
| function to get used to set things up correctly. |
| |
| Reported-by: Michael O'Farrell |
| Fixes #6898 |
| Closes #7078 |
| |
| - http2: make sure pause is done on HTTP |
| |
| Since the function is called for any protocol, we can't assume that the |
| HTTP struct is there without first making sure it is HTTP. |
| |
| Reported-by: Denis Goleshchikhin |
| Fixes #7079 |
| Closes #7080 |
| |
| - docs: cookies from HTTP headers need domain set |
| |
| ... or the cookies won't get sent. Push users to using the "Netscape" |
| format instead, which curl uses when saving a cookie "jar". |
| |
| Reported-by: Martin Dorey |
| Reviewed-by: Daniel Gustafsson |
| Fixes #6723 |
| Closes #7077 |
| |
| - RELEASE-NOTES: synced |
| |
| - github: add a workflow with libssh2 on macOS using cmake |
| |
| Closes #7047 |
| |
| - sws: allow HTTP requests up to 2MB in size |
| |
| To allow tests with slightly larger payloads. Like #7071 ... |
| |
| Closes #7075 |
| |
| Marc Hoersken (16 May 2021) |
| - CI/azure: increase verbosity and fix outdated task names |
| |
| Closes #7063 |
| |
| - CI/cirrus: add shared and static Windows release builds |
| |
| Azure Pipelines is currently being used for debug builds, |
| let's also run some non-debug (release) Windows builds and |
| make use of previously underutilized Cirrus CI for that. |
| |
| Reviewed-by: Marcel Raad |
| |
| Closes #6991 |
| |
| Daniel Stenberg (16 May 2021) |
| - CURLOPT_CAPATH.3: defaults to a path, not NULL |
| |
| Reported-by: Andrew Barnert |
| |
| Closes #7062 |
| |
| - [Jacob Hoffman-Andrews brought this change] |
| |
| c-hyper: handle body on HYPER_TASK_EMPTY |
| |
| Some of the time, we get a HYPER_TASK_EMPTY response before the status |
| line, headers, and body have been read. Previously, that would cause us |
| to poll again, leading to a 1 second timeout. |
| |
| The HYPER_TASK_EMPTY docs say: |
| |
| The value of this task is null (does not imply an error). |
| |
| So, if we receive a HYPER_TASK_EMPTY, continue on with processing the |
| response. |
| |
| Reported-by: Kevin Burke |
| Fixes #7064 |
| Closes #7070 |
| |
| - [Ikko Ashimine brought this change] |
| |
| tool_getparam: fix comment typo in tool_getparam.c |
| |
| enfore -> enforce |
| |
| Closes #7074 |
| |
| - mem-include-scan.pl: require a non-word letter before memory funcs |
| |
| ... so that ldap_memfree() for example doesn't match the scan for free. |
| |
| Closes #7061 |
| |
| - version: free the openldap info correctly |
| |
| ... to avoid memory leaks. |
| |
| Follow-up to: bf0feae7768d9 |
| Closes #7061 |
| |
| - dupset: remove totally off comment |
| |
| Closes #7067 |
| |
| - configure: if asked for, fail if ldap is not found |
| |
| Reported-by: Jakub Zakrzewski |
| Fixes #7053 |
| Closes #7055 |
| |
| - version: add OpenLDAP version in the output |
| |
| Assisted-by: Howard Chu |
| Closes #7054 |
| |
| Jay Satiro (13 May 2021) |
| - [Joel Depooter brought this change] |
| |
| schannel: Ensure the security context request flags are always set |
| |
| As of commit 54e7475, these flags would only be set when using a new |
| credential handle. When re-using an existing credential handle, the |
| flags would not be set. |
| |
| Closes https://github.com/curl/curl/pull/7051 |
| |
| Dan Fandrich (12 May 2021) |
| - tests: Fix some tag matching issues in a number of tests |
| |
| Daniel Stenberg (12 May 2021) |
| - sasl: use 'unsigned short' to store mechanism |
| |
| ... saves a few bytes of struct size in memory and it only uses |
| 10 bits anyway. |
| |
| Closes #7045 |
| |
| - hostip: remove the debug code for LocalHost |
| |
| The Curl_resolv() had special code (when built in debug mode) for when |
| resolving the host name "LocalHost" (using that exact casing). It would |
| then get the host name from the --interface option instead. |
| |
| This development-only feature was not used by anything (anymore) and we |
| have the --resolve feature if we want to play similar tricks properly |
| going forward. |
| |
| Closes #7044 |
| |
| - progress: reset limit_size variables at transfer start |
| |
| Otherwise the old value would linger from a previous use and would mess |
| up the network speed cap logic. |
| |
| Reported-by: Ymir1711 on github |
| |
| Fixes #7042 |
| Closes #7043 |
| |
| - RELEASE-NOTES: synced |
| |
| - [Daniel Gustafsson brought this change] |
| |
| cookies: use CURLcode for cookie_output reporting |
| |
| Writing the cookie file has multiple error conditions, and was using an |
| int with magic numbers to report the different error (which in turn were |
| disregarded anyways). This moves reporting to use a CURLcode value. |
| |
| Lightly-touched-by: Daniel Stenberg |
| |
| Closes #7037 |
| Closes #6749 |
| |
| - [Daniel Gustafsson brought this change] |
| |
| cookies: make use of string duplication function |
| |
| strstore() is defined as a strdup which ensures to free the target |
| pointer before duping the source char * into it. Make use of it in |
| two more cases where it can simplify the code. |
| |
| - [Daniel Gustafsson brought this change] |
| |
| cookies: refactor comments |
| |
| Comments in the cookie code were a bit all over the place in terms of |
| style and wording. This takes a stab at cleaning them up by keeping to |
| a single style and overall shape. Some comments are moved a little and |
| some removed alltogether due to being redundant. No functional changes |
| have been made, |
| |
| - [Peng-Yu Chen brought this change] |
| |
| http2: skip immediate parsing of payload following protocol switch |
| |
| This is considered not harmful as a following http2_recv shall be |
| called very soon. |
| |
| This is considered helpful in the specific situation where some |
| servers (e.g. nghttpx v1.43.0) may fulfill stream 1 immediately |
| following the return of HTTP status 101, other than waiting for |
| the client-side connection preface to arrive. |
| |
| Fixes #7036 |
| Closes #7040 |
| |
| - [Peng-Yu Chen brought this change] |
| |
| http2: use nghttp2_session_upgrade2 instead of nghttp2_session_upgrade |
| |
| Following the upstream deprecation of nghttp2_session_upgrade. |
| |
| Also provides further checks for requests with the HEAD method. |
| |
| Closes #7041 |
| |
| - progress/trspeed: use a local convenient pointer to beautify code |
| |
| The function becomes easier to read and understand with less repetition. |
| |
| - trspeed: use long double for transfer speed calculation |
| |
| - progress: move transfer speed calc into function |
| |
| This silences two scan-build-11 warnings: "The result of the '/' |
| expression is undefined" |
| |
| Bug: https://curl.se/mail/lib-2021-05/0022.html |
| Closes #7035 |
| |
| - [Cameron Cawley brought this change] |
| |
| openssl: remove unneeded cast for CertOpenSystemStore() |
| |
| Closes #7025 |
| |
| - travis: disable the libssh build |
| |
| It can't run on focal and causes warnings on bionic. Since the focal |
| failure started rather suddenly a while ago, we can suspect it might be |
| temporary. |
| |
| Added "bring back the build" to the TODO document. |
| |
| Fixes #7011 |
| Closes #7012 |
| |
| - [Peng-Yu Chen brought this change] |
| |
| http: use calculated offsets inst of integer literals for header parsing |
| |
| Assumed to be a minor coding style improvement with no behavior change. |
| |
| A modern compiler is expected to have the calculation optimized during |
| compilation. It may be deemed okay even if that's not the case, since |
| the added overhead is considered very low. |
| |
| Closes #7032 |
| |
| - [Peng-Yu Chen brought this change] |
| |
| GIT-INFO: suggest using autoreconf instead of buildconf |
| |
| Follow-up to 85868537d |
| |
| Closes #7033 |
| |
| - http: deal with partial CONNECT sends |
| |
| Also added 'CURL_SMALLSENDS' to make Curl_write() send short packets, |
| which helped verifying this even more. |
| |
| Add test 363 to verify. |
| |
| Reported-by: ustcqidi on github |
| Fixes #6950 |
| Closes #7024 |
| |
| - HTTP3: make the ngtcp2 build use the quictls fork |
| |
| ... as ngtcp2 itself documents the build this way. |
| |
| Closes #7031 |
| |
| - http: limit the initial send amount to used upload buffer size |
| |
| Previously this logic would cap the send to CURL_MAX_WRITE_SIZE bytes, |
| but for the situations where a larger upload buffer has been set, this |
| function can benefit from sending more bytes. With default size used, |
| this does the same as before. |
| |
| Also changed the storage of the size to an 'unsigned int' as it is not |
| allowed to be set larger than 2M. |
| |
| Also added cautions to the man pages about changing buffer sizes in |
| run-time. |
| |
| Closes #7022 |
| |
| - RELEASE-NOTES: synced |
| |
| - ngtcp2: fix the cb_acked_stream_data_offset proto |
| |
| The 'datalen' value should be 64 bit, not size_t! |
| |
| Reported-by: Dmitry Karpov |
| Bug: https://curl.se/mail/lib-2021-05/0019.html |
| Closes #7027 |
| |
| - progress: when possible, calculate transfer speeds with microseconds |
| |
| ... this improves precision, especially for transfers in the few or even |
| sub millisecond range. |
| |
| Reported-by: J. Bromley |
| Fixes #7017 |
| Closes #7020 |
| |
| - http: reset the header buffer when sending the request |
| |
| A reused transfer handle could otherwise reuse the previous leftover |
| buffer and havoc would ensue. |
| |
| Reported-by: sergio-nsk on github |
| Fixes #7018 |
| Closes #7021 |
| |
| - curl_mprintf.3: add description |
| |
| These functions have existed in the API since the dawn of time. It is |
| about time we describe how they work, even if we discourage users from |
| using them. |
| |
| Closes #7010 |
| |
| - [Timothy Gu brought this change] |
| |
| URL-SYNTAX: update IDNA section for WHATWG spec changes |
| |
| WHATWG URL has dictated the use of Nontransitional Processing (IDNA |
| 2008) for several years now. Chrome (and derivatives) still use |
| Transitional Processing, but Firefox and Safari have both switched. |
| |
| Also document the fact that winidn functions differently from libidn2 |
| here. |
| |
| Closes #7026 |
| |
| - [Calvin Buckley brought this change] |
| |
| INSTALL: add IBM i specific quirks |
| |
| Fixes #6830 |
| Closes #7013 |
| |
| - libcurl.3: mention the URL API |
| |
| To make it easier to find. Also a minor polish of libcurl-url.3 |
| |
| Closes #7009 |
| |
| - GnuTLS: don't allow TLS 1.3 for versions that don't support it |
| |
| Follow-up to 781864bedbc5 |
| |
| ... as they don't understand it and will return error at us! |
| |
| Closes #7014 |
| |
| Kamil Dudka (6 May 2021) |
| - tool_getparam: handle failure of curlx_convert_tchar_to_UTF8() |
| |
| Reported by GCC analyzer: |
| |
| Error: GCC_ANALYZER_WARNING (CWE-476): |
| src/tool_getparam.c: scope_hint: In function 'parse_args' |
| src/tool_getparam.c:2318:38: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL 'orig_opt' |
| lib/curlx.h:56: included_from: Included from here. |
| src/tool_getparam.c:28: included_from: Included from here. |
| lib/curl_multibyte.h:70:51: note: in definition of macro 'curlx_convert_tchar_to_UTF8' |
| src/tool_getparam.c:2316:16: note: in expansion of macro 'curlx_convert_tchar_to_UTF8' |
| |
| Reviewed-by: Marcel Raad |
| Reviewed-by: Daniel Stenberg |
| Closes #7023 |
| |
| Daniel Stenberg (6 May 2021) |
| - scripts/delta: also show total number of days |
| |
| Marc Hoersken (5 May 2021) |
| - sockfilt: fix invalid increment of handles index variable nfd |
| |
| Only increment the array index if we actually stored a handle. |
| |
| Follow up to e917492048f4b85a0fd58a033d10072fc7666c3b |
| Closes #6992 |
| |
| - sockfilt: avoid getting stuck waiting for writable socket |
| |
| Reset FD_WRITE event using the same approach as in multi.c |
| |
| Follow up to b36442b24305f3cda7c13cc64b46838995a4985b |
| Closes #6992 |
| |
| Jay Satiro (5 May 2021) |
| - test678: Fix for Windows multibyte builds |
| |
| Follow-up to 77fc385 from yesterday. |
| |
| Bug: https://github.com/curl/curl/pull/6662#issuecomment-832966557 |
| Reported-by: Marc Hörsken |
| |
| - [Dmitry Kostjuchenko brought this change] |
| |
| build: fix compilation for Windows UWP platform |
| |
| - Include afunix.h which is necessary for sockaddr_un when |
| USE_UNIX_SOCKETS is defined on Windows. |
| |
| Closes https://github.com/curl/curl/pull/7006 |
| |
| Daniel Stenberg (5 May 2021) |
| - gnutls: make setting only the MAX TLS allowed version work |
| |
| Previously, settting only the max allowed TLS version, leaving the |
| minimum one at default, didn't actually set it and left it to default |
| (TLS 1.3) too! |
| |
| As a bonus, this change also removes the dead code handling of SSLv3 |
| since that version can't be set anymore (since eff614fb0242cb). |
| |
| Reported-by: Daniel Carpenter |
| Fixes #6998 |
| Closes #7000 |
| |
| - openldap: replace ldap_ prefix on private functions |
| |
| Since openldap itself uses that prefix and with OpenĹDAP 2.5.4 (at |
| least) there's a symbol collision because of that. |
| |
| The private functions now use the 'oldap_' prefix where it previously |
| used 'ldap_'. |
| |
| Reported-by: 3eka on github |
| Fixes #7004 |
| Closes #7005 |
| |
| Jay Satiro (5 May 2021) |
| - http2: fix potentially uninitialized variable |
| |
| introduced several days ago in 3193170. caught by visual studio linker. |
| |
| - [Gilles Vollant brought this change] |
| |
| SSL: support in-memory CA certs for some backends |
| |
| - New options CURLOPT_CAINFO_BLOB and CURLOPT_PROXY_CAINFO_BLOB to |
| specify in-memory PEM certificates for OpenSSL, Schannel (Windows) |
| and Secure Transport (Apple) SSL backends. |
| |
| Prior to this change PEM certificates could only be imported from a file |
| and not from memory. |
| |
| Co-authored-by: moparisthebest@users.noreply.github.com |
| |
| Ref: https://github.com/curl/curl/pull/4679 |
| Ref: https://github.com/curl/curl/pull/5677 |
| Ref: https://github.com/curl/curl/pull/6109 |
| |
| Closes https://github.com/curl/curl/pull/6662 |
| |
| Daniel Stenberg (4 May 2021) |
| - [David Cook brought this change] |
| |
| tests: ignore case of chunked hex numbers in tests |
| |
| When hyper is used, it emits uppercase hexadecimal numbers for chunked |
| encoding lengths. Without hyper, lowercase hexadecimal numbers are used. |
| This change adds preprocessor statements to tests where this is an |
| issue, and adapts the fixtures to match. |
| |
| Closes #6987 |
| |
| - cmake: check for getppid and utimes |
| |
| ... as they're checked for in the configure script and are used by |
| source code. |
| |
| Removed checks for perror, setvbuf and strlcat since those defines are |
| not checked for in source code. |
| |
| Bonus: removed HAVE_STRLCPY from a few config-*.h files since that |
| symbol is not used in source code. |
| |
| Closes #6997 |
| |
| - libtest: remove lib530.c |
| |
| Follow up from e50a877df when test 530 was removed. Since then this |
| source file has not been used/needed. |
| |
| Closes #6999 |
| |
| - FILEFORMAT: mention sectransp as a feature |
| |
| Been supported since at least 40259ca65 |
| |
| Closes #7001 |
| |
| - RELEASE-NOTES: synced |
| |
| - libssh2: ignore timeout during disconnect |
| |
| ... to avoid memory leaks! |
| |
| libssh2 is tricky as we have to deal with the non-blockiness even in |
| close and shutdown cases. In the cases when we shutdown after a timeout |
| already expired, it is crucial that curl doen't let the timeout abort |
| the shutdown process as that then leaks memory! |
| |
| Reported-by: Benjamin Riefenstahl |
| Fixes #6990 |
| |
| - KNOWN_BUGS: add two HTTP/2 bugs |
| |
| - KNOWN_BUGS: add three HTTP/3 issues |
| |
| ... and moved the HTTP/2 issues to its own section |
| |
| Closes #6606 |
| Closes #6510 |
| Closes #6494 |
| |
| - [ejanchivdorj brought this change] |
| |
| CURLcode: add CURLE_SSL_CLIENTCERT |
| |
| When a TLS server requests a client certificate during handshake and |
| none can be provided, libcurl now returns this new error code |
| CURLE_SSL_CLIENTCERT |
| |
| Only supported by Secure Transport and OpenSSL for TLS 1.3 so far. |
| |
| Closes #6721 |
| |
| - [Tobias Gabriel brought this change] |
| |
| .github/FUNDING: add link to GitHub sponsors |
| |
| Closes #6985 |
| |
| - [Harry Sintonen brought this change] |
| |
| krb5/name_to_level: replace checkprefix with curl_strequal |
| |
| Closes #6993 |
| |
| - [Harry Sintonen brought this change] |
| |
| Curl_input_digest: require space after Digest |
| |
| Closes #6993 |
| |
| - [Harry Sintonen brought this change] |
| |
| Curl_http_header: check for colon when matching Persistent-Auth |
| |
| Closes #6993 |
| |
| - [Harry Sintonen brought this change] |
| |
| Curl_http_input_auth: require valid separator after negotiation type |
| |
| Closes #6993 |
| |
| - http: fix the check for 'Authorization' with Bearer |
| |
| The code would wrongly check for it using an additional colon. |
| |
| Reported-by: Blake Burkhart |
| Closes #6988 |
| |
| - [Kamil Dudka brought this change] |
| |
| http2: fix a resource leak in push_promise() |
| |
| ... detected by Coverity: |
| |
| Error: RESOURCE_LEAK (CWE-772): |
| lib/http2.c:532: alloc_fn: Storage is returned from allocation function "duphandle". |
| lib/http2.c:532: var_assign: Assigning: "newhandle" = storage returned from "duphandle(data)". |
| lib/http2.c:552: noescape: Resource "newhandle" is not freed or pointed-to in "set_transfer_url". |
| lib/http2.c:555: leaked_storage: Variable "newhandle" going out of scope leaks the storage it points to. |
| |
| Closes #6986 |
| |
| - [Kamil Dudka brought this change] |
| |
| http2: fix resource leaks in set_transfer_url() |
| |
| ... detected by Coverity: |
| |
| Error: RESOURCE_LEAK (CWE-772): |
| lib/http2.c:480: alloc_fn: Storage is returned from allocation function "curl_url". [Note: The source code implementation of the function has been overridden by a builtin model.] |
| lib/http2.c:480: var_assign: Assigning: "u" = storage returned from "curl_url()". |
| lib/http2.c:486: noescape: Resource "u" is not freed or pointed-to in "curl_url_set". [Note: The source code implementation of the function has been overridden by a builtin model.] |
| lib/http2.c:488: leaked_storage: Variable "u" going out of scope leaks the storage it points to. |
| |
| Error: RESOURCE_LEAK (CWE-772): |
| lib/http2.c:480: alloc_fn: Storage is returned from allocation function "curl_url". [Note: The source code implementation of the function has been overridden by a builtin model.] |
| lib/http2.c:480: var_assign: Assigning: "u" = storage returned from "curl_url()". |
| lib/http2.c:493: noescape: Resource "u" is not freed or pointed-to in "curl_url_set". [Note: The source code implementation of the function has been overridden by a builtin model.] |
| lib/http2.c:495: leaked_storage: Variable "u" going out of scope leaks the storage it points to. |
| |
| Error: RESOURCE_LEAK (CWE-772): |
| lib/http2.c:480: alloc_fn: Storage is returned from allocation function "curl_url". [Note: The source code implementation of the function has been overridden by a builtin model.] |
| lib/http2.c:480: var_assign: Assigning: "u" = storage returned from "curl_url()". |
| lib/http2.c:500: noescape: Resource "u" is not freed or pointed-to in "curl_url_set". [Note: The source code implementation of the function has been overridden by a builtin model.] |
| lib/http2.c:502: leaked_storage: Variable "u" going out of scope leaks the storage it points to. |
| |
| Error: RESOURCE_LEAK (CWE-772): |
| lib/http2.c:480: alloc_fn: Storage is returned from allocation function "curl_url". [Note: The source code implementation of the function has been overridden by a builtin model.] |
| lib/http2.c:480: var_assign: Assigning: "u" = storage returned from "curl_url()". |
| lib/http2.c:505: noescape: Resource "u" is not freed or pointed-to in "curl_url_get". [Note: The source code implementation of the function has been overridden by a builtin model.] |
| lib/http2.c:507: leaked_storage: Variable "u" going out of scope leaks the storage it points to. |
| |
| Closes #6986 |
| |
| - [Jacob Hoffman-Andrews brought this change] |
| |
| rustls: use ALPN |
| |
| Update required rustls to 0.5.0 |
| |
| Closes #6960 |
| |
| - [Michał Antoniak brought this change] |
| |
| gskit: fix CURL_DISABLE_PROXY build |
| |
| Removed localfd and remotefd from ssl_backend_data (ued only with proxy |
| connection). Function pipe_ssloverssl return always 0, when proxy is not |
| used. |
| |
| Closes #6981 |
| |
| - [Michał Antoniak brought this change] |
| |
| gskit: fix undefined reference to 'conn' |
| |
| Closes #6980 |
| |
| - [Jacob Hoffman-Andrews brought this change] |
| |
| tls: add USE_HTTP2 define |
| |
| This abstracts across the two HTTP/2 backends: nghttp2 and Hyper. |
| |
| Add our own define for the "h2" ALPN protocol, so TLS backends can use |
| it without depending on a specific HTTP backend. |
| |
| Closes #6959 |
| |
| - [Jacob Hoffman-Andrews brought this change] |
| |
| lib: fix 0-length Curl_client_write calls |
| |
| Closes #6954 |
| |
| - [Jacob Hoffman-Andrews brought this change] |
| |
| lib: remove strlen call from Curl_client_write |
| |
| At all call sites with an explicit 0 len, pass an appropriate nonzero |
| len. |
| |
| Closes #6954 |
| |
| - [Ayushman Singh Chauhan brought this change] |
| |
| docs: camelcase it like GitHub everywhere |
| |
| Closes #6979 |
| |
| Jay Satiro (27 Apr 2021) |
| - [Lucas Servén Marín brought this change] |
| |
| docs: fix typo in fail-with-body doc |
| |
| This commit fixes a small typo in the documentation for the |
| --fail-with-body flag. |
| |
| Closes https://github.com/curl/curl/pull/6977 |
| |
| - lib: fix some misuse of curlx_convert_UTF8_to_tchar |
| |
| curlx_convert_UTF8_to_tchar must be freed by curlx_unicodefree, but |
| prior to this change some uses mistakenly called free. |
| |
| I've reviewed all other uses of curlx_convert_UTF8_to_tchar and |
| curlx_convert_tchar_to_UTF8. |
| |
| Bug: https://github.com/curl/curl/pull/6602#issuecomment-825236763 |
| Reported-by: sergio-nsk@users.noreply.github.com |
| |
| Closes https://github.com/curl/curl/pull/6938 |
| |
| Daniel Stenberg (27 Apr 2021) |
| - ntlm: precaution against super huge type2 offsets |
| |
| ... which otherwise caused an integer overflow and circumvented the if() |
| conditional size check. |
| |
| Detected by OSS-Fuzz |
| Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33720 |
| Assisted-by: Max Dymond |
| Closes #6975 |
| |
| - c-hyper: fix unused variable ‘wrote’ |
| |
| - libcurl-security.3: be careful of setuid |
| |
| Reported-by: Harry Sintonen |
| Closes #6970 |
| |
| - [Kevin Burke brought this change] |
| |
| c-hyper: don't write to set.writeheader if null |
| |
| Previously if a caller set CURLOPT_WRITEFUNCTION but did not set a |
| CURLOPT_HEADERDATA buffer, Hyper would still attempt to write headers to |
| the data->set.writeheader header buffer, even though it is null. This |
| led to NPE segfaults attempting to use libcurl+Hyper with Git, for |
| example. |
| |
| Instead, process the client write for the status line using the same |
| logic we use to process the client write for the later HTTP headers, |
| which contains the appropriate guard logic. As a side benefit, |
| data->set.writeheader is now only read in one file instead of two. |
| |
| Fixes #6619 |
| Fixes abetterinternet/crustls#49 |
| Fixes hyperium/hyper#2438 |
| Closes #6971 |
| |
| - wolfssl: handle SSL_write() returns 0 for error |
| |
| Reported-by: Timo Lange |
| |
| Closes #6967 |
| |
| - easy: ignore sigpipe in curl_easy_send |
| |
| Closes #6965 |
| |
| - sigpipe: ignore SIGPIPE when using wolfSSL as well |
| |
| Closes #6966 |
| |
| - libcurl-security.3: don't try to filter IPv4 hosts based on the URL |
| |
| Closes #6942 |
| |
| - [Harry Sintonen brought this change] |
| |
| nss_set_blocking: avoid static for sock_opt |
| |
| Reviewed-by: Kamil Dudka |
| Closes #6945 |
| |
| - RELEASE-NOTES: synced |
| |
| - [Yusuke Nakamura brought this change] |
| |
| docs/HTTP3.md: fix nghttp2's HTTP/3 server port |
| |
| Port 8443 does not work now. |
| Correct origin is in the quicwg's wiki. |
| https://github.com/quicwg/base-drafts/wiki/Implementations#ngtcp2 |
| |
| Closes #6964 |
| |
| - krb5: don't use 'static' to store PBSZ size response |
| |
| ... because it makes the knowledge and usage cross-transfer in funny and |
| unexpected ways. |
| |
| Reported-by: Harry Sintonen |
| Closes #6963 |
| |
| - [Kevin Burke brought this change] |
| |
| m4: add security frameworks on Mac when compiling rustls |
| |
| Previously compiling rustls on Mac would only complete if you also |
| compiled the SecureTransport TLS backend, which curl would prefer to |
| the Rust backend. |
| |
| Appending these flags to LDFLAGS makes it possible to compile the |
| Rustls backend on Mac without the SecureTransport backend, which means |
| this patch will make it possible for Mac users to use the Rustls |
| backend for TLS. |
| |
| Reviewed-by: Jacob Hoffman-Andrews |
| |
| Fixes #6955 |
| Cloes #6956 |
| |
| - krb5: remove the unused 'overhead' function |
| |
| Closes #6947 |
| |
| - [Johann150 brought this change] |
| |
| curl_url_set.3: add memory management information |
| |
| wording taken from man page for CURLOPT_URL.3 |
| |
| As far as I can see, the URL part is either malloc'ed before due to |
| encoding or it is strdup'ed. |
| |
| Closes #6953 |
| |
| - [Jacob Hoffman-Andrews brought this change] |
| |
| c-hpyer: fix handling of zero-byte chunk from hyper |
| |
| Closes #6951 |
| |
| - CURLOPT_POSTFIELDS.3: clarify how it gets the size of the data |
| |
| Ref: https://curl.se/mail/lib-2021-04/0085.html |
| Closes #6943 |
| |
| - [Ralph Langendam brought this change] |
| |
| cmake: make libcurl output filename configurable |
| |
| Reviewed-by: Jakub Zakrzewski |
| Closes #6933 |
| |
| - [Patrick Monnerat brought this change] |
| |
| vtls: reset ssl use flag upon negotiation failure |
| |
| Fixes the segfault in ldaps disconnect. |
| |
| Reported-by: Illarion Taev |
| Fixes #6934 |
| Closes #6937 |
| |
| - configure: fix typo in TLS error message |
| |
| Reported-by: Pontus Lundkvist |
| |
| - README: link to the commercial support option |
| |
| Jay Satiro (22 Apr 2021) |
| - [Martin Halle brought this change] |
| |
| version: add gsasl_version to curl_version_info_data |
| |
| - Add gsasl_version string and bump to CURLVERSION_TENTH. |
| |
| Ref: https://curl.se/mail/lib-2021-04/0003.html |
| |
| Closes https://github.com/curl/curl/pull/6843 |
| |
| - [Morten Minde Neergaard brought this change] |
| |
| schannel: Support strong crypto option |
| |
| - Support enabling strong crypto via optional user cipher list when |
| USE_STRONG_CRYPTO or SCH_USE_STRONG_CRYPTO is in the list. |
| |
| MSDN says SCH_USE_STRONG_CRYPTO "Instructs Schannel to disable known |
| weak cryptographic algorithms, cipher suites, and SSL/TLS protocol |
| versions that may be otherwise enabled for better interoperability." |
| |
| Ref: https://curl.se/mail/lib-2021-02/0066.html |
| Ref: https://curl.se/docs/manpage.html#--ciphers |
| Ref: https://curl.se/libcurl/c/CURLOPT_SSL_CIPHER_LIST.html |
| Ref: https://docs.microsoft.com/en-us/windows/win32/api/schannel/ns-schannel-schannel_cred |
| |
| Closes https://github.com/curl/curl/pull/6734 |
| |
| Daniel Stenberg (22 Apr 2021) |
| - RELEASE-NOTES: synced |
| |
| - ci: adapt to configure requiring an explicit TLS choice |
| |
| - configure: split out each TLS library detector into its own function |
| |
| ... and put those functions in separate m4 files per TLS library. |
| |
| - configure: make the TLS library choice(s) explicit |
| |
| configure no longer tries to find a TLS library by default, but all |
| libraries are now equal: the user needs to explicitly ask what TLS |
| library or libraries to use. |
| |
| If no TLS library is selected, configure will error out unless |
| --without-ssl is explicitly used to request a built without TLS (as that |
| is very rare these days). |
| |
| Removes: --with-winssl, --with-darwinssl and all --without-* options for |
| TLS libraries. |
| |
| Closes #6897 |
| |
| - tests/disable-scan.pl: also scan all m4 files |
| |
| Fixes test 1165 when functions are moved from configure.ac to files in |
| m4/ |
| |
| Jay Satiro (22 Apr 2021) |
| - schannel: Disable auto credentials; add an option to enable it |
| |
| - Disable auto credentials by default. This is a breaking change |
| for clients that are using it, wittingly or not. |
| |
| - New libcurl ssl option value CURLSSLOPT_AUTO_CLIENT_CERT tells libcurl |
| to automatically locate and use a client certificate for |
| authentication, when requested by the server. |
| |
| - New curl tool options --ssl-auto-client-cert and |
| --proxy-ssl-auto-client-cert map to CURLSSLOPT_AUTO_CLIENT_CERT. |
| |
| This option is only supported for Schannel (the native Windows SSL |
| library). Prior to this change Schannel would, with no notification to |
| the client, attempt to locate a client certificate and send it to the |
| server, when requested by the server. Since the server can request any |
| certificate that supports client authentication in the OS certificate |
| store it could be a privacy violation and unexpected. |
| |
| Fixes https://github.com/curl/curl/issues/2262 |
| Reported-by: Jeroen Ooms |
| Assisted-by: Wes Hinsley |
| Assisted-by: Rich FitzJohn |
| |
| Ref: https://curl.se/mail/lib-2021-02/0066.html |
| Reported-by: Morten Minde Neergaard |
| |
| Closes https://github.com/curl/curl/pull/6673 |
| |
| Daniel Stenberg (22 Apr 2021) |
| - [Michał Antoniak brought this change] |
| |
| vtls: deduplicate some DISABLE_PROXY ifdefs |
| |
| continue from #5735 |
| |
| - using SSL_HOST_NAME, SSL_HOST_DISPNAME, SSL_PINNED_PUB_KEY for other |
| tls backend |
| |
| - create SSL_HOST_PORT |
| |
| Closes #6660 |
| |
| Jay Satiro (22 Apr 2021) |
| - OS400: fix typo |
| |
| CURLVERSION_HEIGHTH -> CURLVERSION_EIGHTH |
| |
| Daniel Stenberg (22 Apr 2021) |
| - checksrc: complain on == NULL or != 0 checks in conditions |
| |
| ... to make them all consistenly use if(!var) and if(var) |
| |
| Also added a few missing warnings to the documentation. |
| |
| Closes #6912 |
| |
| - tidy-up: make conditional checks more consistent |
| |
| ... remove '== NULL' and '!= 0' |
| |
| Closes #6912 |
| |
| - [Patrick Monnerat brought this change] |
| |
| vauth: factor base64 conversions out of authentication procedures |
| |
| Input challenges and returned messages are now in binary. |
| Conversions from/to base64 are performed by callers (currently curl_sasl.c |
| and http_ntlm.c). |
| |
| Closes #6654 |
| |
| - [Patrick Monnerat brought this change] |
| |
| bufref: buffer reference support |
| |
| A struct bufref holds a buffer pointer, a data size and a destructor. |
| When freed or its contents are changed, the previous buffer is implicitly |
| released by the associated destructor. The data size, although not used |
| internally, allows binary data support. |
| |
| A unit test checks its handling methods: test 1661 |
| |
| Closes #6654 |
| |
| - [Patrick Monnerat brought this change] |
| |
| os400: additional support for options metadata |
| |
| New functions curl_easy_option_by_name_ccsid() and |
| curl_easy_option_get_name_ccsid() allows accessing metadata in alternate |
| character encoding. |
| |
| This commit also updates curl_version_info_ccsid() to handle info version 9 |
| and adds recent definitions to the ILE/RPG include file. |
| |
| Documentation updated accordingly. |
| |
| Reviewed-by: Jon Rumsey |
| Closes #6574 |
| |
| - [Patrick Monnerat brought this change] |
| |
| test server: take care of siginterrupt() deprecation |
| |
| Closes #6529 |
| |
| Marc Hoersken (21 Apr 2021) |
| - lib1564.c: enable last wakeup test part on Windows |
| |
| Suggested-by: Gergely Nagy |
| Reviewed-by: Jay Satiro |
| Reviewed-by: Marcel Raad |
| |
| Closes #6245 |
| |
| - multi: fix slow write/upload performance on Windows |
| |
| Reset FD_WRITE by sending zero bytes which is permissible |
| and will be treated by implementations as successful send. |
| |
| Without this we won't be notified in case a socket is still |
| writable if we already received such a notification and did |
| not send any data afterwards on the socket. This would lead |
| to waiting forever on a writable socket being writable again. |
| |
| Assisted-by: Tommy Odom |
| Reviewed-by: Jay Satiro |
| Reviewed-by: Marcel Raad |
| Tested-by: tmkk on github |
| |
| Bug: #6146 |
| Closes #6245 |
| |
| - multi: reduce Win32 API calls to improve performance |
| |
| 1. Consolidate pre-checks into a single Curl_poll call: |
| |
| This is an attempt to restructure the code in Curl_multi_wait |
| in such a way that less syscalls are made by removing individual |
| calls to Curl_socket_check via SOCKET_READABLE/SOCKET_WRITABLE. |
| |
| 2. Avoid resetting the WinSock event multiple times: |
| |
| We finally call WSAResetEvent anyway, so specifying it as |
| an optional parameter to WSAEnumNetworkEvents is redundant. |
| |
| 3. Wakeup directly in case no sockets are being monitoring: |
| |
| Fix the WinSock based implementation to skip extra waiting by |
| not sleeping in case no sockets are to be waited on and just |
| the WinSock event is being monitored for wakeup functionality. |
| |
| Assisted-by: Tommy Odom |
| Reviewed-by: Jay Satiro |
| Reviewed-by: Marcel Raad |
| |
| Bug: #6146 |
| Closes #6245 |
| |
| - Revert "Revert 'multi: implement wait using winsock events'" |
| |
| This reverts commit 2260e0ebe6d45529495231b3e37a0c58fb92a6a2, |
| also restoring previous follow up changes which were reverted. |
| |
| Authored-by: rcombs on github |
| Authored-by: Marc Hörsken |
| Reviewed-by: Jay Satiro |
| Reviewed-by: Marcel Raad |
| |
| Restores #5634 |
| Reverts #6281 |
| Part of #6245 |
| |
| Daniel Stenberg (21 Apr 2021) |
| - Revert "cmake: make libcurl library output name configurable" |
| |
| This reverts commit 1cba36d2166c396f987eea587cf92671b27acb92. |
| |
| CMake provides properties that can be set on a target to rename the |
| output artifact without changing the name of a target. |
| |
| Ref: #6899 |
| |
| - [Michael Kolechkin brought this change] |
| |
| sectransp: allow cipher name to be specified |
| |
| Add parser for CURLOPT_SSL_CIPHER_LIST option for Secure Transport (ST) |
| back-end. Similar to NSS and GSKit back-ends, new code parses string |
| value and configures ST library to use those ciphers for communication. |
| Create cipher spec data structure and initialize the array of specs with |
| cipher number, name, alias, and 'weak' flag. |
| |
| Mark triple-DES ciphers as 'weak', and exclude them from the default |
| ciphers list. |
| |
| Closes #6464 |
| |
| - [Michael Kolechkin brought this change] |
| |
| NSS: add ciphers to map |
| |
| Add cipher names to the `cipherlist` map, based on the list of ciphers |
| implemented by the NSS in the source code file |
| https://github.com/nss-dev/nss/blob/master/lib/ssl/sslenum.c |
| |
| Closes #6670 |
| |
| - http2: remove DEBUG_HTTP2 |
| |
| Accidentally committed in 605e84235 |
| |
| - [Ralph Langendam brought this change] |
| |
| cmake: make libcurl library output name configurable |
| |
| Closes #6899 |
| |
| - sws: #ifdef S_IFSOCK use |
| |
| SCO OpenServer 5.0.7 does not define S_IFSOCK. |
| |
| Reported-by: Kevin R. Bulgrien |
| Bug: https://curl.se/mail/lib-2021-04/0074.html |
| Closes #6926 |
| |
| - curl_setup: provide the shutdown flags wider |
| |
| By using #ifdef on the symbol names to work on anything that don't |
| provide them. SCO OpenServer 5.0.7, sys/socket.h does not define either |
| SHUT_RDWR, SHUT_RD, and SHUT_WR. |
| |
| Reported-by: Kevin R. Bulgrien |
| Bug: https://curl.se/mail/lib-2021-04/0073.html |
| Closes #6925 |
| |
| - connect: use CURL_SA_FAMILY_T for portability |
| |
| Reported-by: Kevin R. Bulgrien |
| Bug: https://curl.se/mail/lib-2021-04/0071.html |
| |
| Closes #6918 |
| |
| - urlapi: make sure no +/- signs are accepted in IPv4 numericals |
| |
| Follow-up to 56a037cc0ad1b2. Extends test 1560 to verify. |
| |
| Reported-by: Tuomas Siipola |
| Fixes #6916 |
| Closes #6917 |
| |
| - ConnectionExists: respect requests for h1 connections better |
| |
| ... for situations when multiplexing isn't enabled on the h2 connection |
| and h1 is explicitly requested for the transfer. |
| |
| Assisted-by: Gergely Nagy |
| |
| - multi: don't close connection HTTP_1_1_REQUIRED |
| |
| The ConnectionExists() function will note that the new transfer wants |
| less then h2 and that it can't multiplex it and therefor opt to open a |
| new connection instead. |
| |
| - http2: move the stream error field to the per-transfer storage |
| |
| Storing a stream error in the per-connection struct was an error that lead to |
| race conditions as subsequent stream handling could overwrite the error code |
| before it was used for the stream with the actual problem. |
| |
| Closes #6910 |
| |
| - http2: call the handle-closed function correctly on closed stream |
| |
| This was this one condition where the stream could be closed due to an |
| error and the function would still wrongly just return 0 for it. |
| |
| Reported-by: Gergely Nagy |
| Fixes #6862 |
| Closes #6910 |
| |
| - test1660: check the created HSTS file as text mode |
| |
| Closes #6922 |
| |
| - RELEASE-NOTES: synced |
| |
| - test 493: require https in curl to run |
| |
| Closes #6927 |
| |
| Jay Satiro (20 Apr 2021) |
| - tool_operate: don't discard failed parallel transfer result |
| |
| - Save a parallel transfer's result code only when it fails and the |
| transfer is not being retried. |
| |
| Prior to this change the result code was always set which meant that a |
| failed result could be erroneously discarded if a different transfer |
| later had a successful result (CURLE_OK). |
| |
| Before: |
| |
| > curl --fail -Z https://httpbin.org/status/404 https://httpbin.org/delay/10 |
| > echo %ERRORLEVEL% |
| 0 |
| |
| After: |
| |
| > curl --fail -Z https://httpbin.org/status/404 https://httpbin.org/delay/10 |
| > echo %ERRORLEVEL% |
| 22 |
| |
| Closes #xxxx |
| |
| - [Georeth Zhou brought this change] |
| |
| openssl: fix build error with OpenSSL < 1.0.2 |
| |
| Closes https://github.com/curl/curl/pull/6920 |
| |
| Viktor Szakats (19 Apr 2021) |
| - README.md: delete Codacy UTM parameters & follow permanent redirect [ci skip] |
| |
| UTM parameters leak referrer and various marketing/tracking information |
| even if these would normally be stripped by website or client policy. |
| This link also works fine without them. Also took the opportunity to |
| update the URL to the one pointed to by the previous one via permanent |
| redirect. |
| |
| Reviewed-by: Daniel Stenberg |
| Closes #6919 |
| |
| Daniel Stenberg (19 Apr 2021) |
| - urlapi: "normalize" numerical IPv4 host names |
| |
| When the host name in a URL is given as an IPv4 numerical address, the |
| address can be specified with dotted numericals in four different ways: |
| a32, a.b24, a.b.c16 or a.b.c.d and each part can be specified in |
| decimal, octal (0-prefixed) or hexadecimal (0x-prefixed). |
| |
| Instead of passing on the name as-is and leaving the handling to the |
| underlying name functions, which made them not work with c-ares but work |
| with getaddrinfo, this change now makes the curl URL API itself detect |
| and "normalize" host names specified as IPv4 numericals. |
| |
| The WHATWG URL Spec says this is an okay way to specify a host name in a |
| URL. RFC 3896 does not allow them, but curl didn't prevent them before |
| and it seems other RFC 3896-using tools have not either. Host names used |
| like this are widely supported by other tools as well due to the |
| handling being done by getaddrinfo and friends. |
| |
| I decided to add the functionality into the URL API itself so that all |
| users of these functions get the benefits, when for example wanting to |
| compare two URLs. Also, it makes curl built to use c-ares now support |
| them as well and make curl builds more consistent. |
| |
| The normalization makes HTTPS and virtual hosted HTTP work fine even |
| when curl gets the address specified using one of the "obscure" formats. |
| |
| Test 1560 is extended to verify. |
| |
| Fixes #6863 |
| Closes #6871 |
| |
| - libssh: fix "empty expression statement has no effect" warnings |
| |
| ... by fixing macros to do-while constructs and moving out the calls to |
| "break" outside of the actual macro. It also fixes the problem where the |
| macro was used witin a loop and the break didn't do right. |
| |
| Reported-by: Emil Engler |
| Fixes #6847 |
| Closes #6909 |
| |
| - hsts: enable by default |
| |
| No longer considered experimental. |
| |
| Closes #6700 |
| |
| - vtls: refuse setting any SSL version |
| |
| ... previously they were supported if a TLS library would (unexpectedly) |
| still support them, but from this change they will be refused already in |
| curl_easy_setopt(). SSLv2 and SSLv3 have been known to be insecure for |
| many years now. |
| |
| Closes #6773 |
| |
| - curl: ignore options asking for SSLv2 or SSLv3 |
| |
| Instead output a warning about it and continue with the defaults. |
| |
| These SSL versions are typically not supported by the TLS libraries since a |
| long time back already since they are inherently insecure and broken. Asking |
| for them to be used will just cause an error to be returned slightly later. |
| |
| In the unlikely event that a user's TLS library actually still supports these |
| protocol versions, this change might make the request a little less insecure. |
| |
| Closes #6772 |
| |
| - test972: verify the json output with jsonlint |
| |
| Make sure one of the azure jobs has jsonlint installed so that the test |
| runs there. |
| |
| Ref: #6905 |
| |
| - [Jay Satiro brought this change] |
| |
| tool_writeout: fix the HTTP_CODE json output |
| |
| Update test 970 accordingly. |
| |
| Reported-by: Michal Rus |
| Fixes #6905 |
| Closes #6906 |
| |
| - openldap: protect SSL-specific code with proper #ifdef |
| |
| Closes #6901 |
| |
| - libssh2: fix Value stored to 'sshp' is never read |
| |
| Pointed out by scan-build |
| |
| Closes #6900 |
| |
| - [Victor Vieux brought this change] |
| |
| tool_getparam: replace (in-place) '%20' by '+' according to RFC1866 |
| |
| Signed-off-by: Victor Vieux <victorvieux@gmail.com> |
| |
| Closes #6895 |
| |
| - configure: provide --with-openssl, deprecate --with-ssl |
| |
| Makes the option more explicit. |
| |
| Closes #6887 |
| |
| - RELEASE-NOTES: synced |
| |
| and bumped curlver to 7.77.0 |
| |
| - [Javier Blazquez brought this change] |
| |
| rustls: only return CURLE_AGAIN when TLS session is fully drained |
| |
| The code in cr_recv was returning prematurely as soon as the socket |
| reported no more data to read. However, this could be leaving some |
| unread plaintext data in the rustls session from a previous call, |
| causing causing the transfer to hang if the socket never receives |
| further data. |
| |
| We need to ensure that the session is fully drained of plaintext data |
| before returning CURLE_AGAIN to the caller. |
| |
| Reviewed-by: Jacob Hoffman-Andrews |
| Closes #6894 |
| |
| - cookie: CURLOPT_COOKIEFILE set to NULL switches off cookies |
| |
| Add test 676 to verify that setting CURLOPT_COOKIEFILE to NULL again clears |
| the cookiejar from memory. |
| |
| Reported-by: Stefan Karpinski |
| Fixes #6889 |
| Closes #6891 |
| |
| Version 7.76.1 (14 Apr 2021) |
| |
| Daniel Stenberg (14 Apr 2021) |
| - RELEASE-NOTES: synced |
| |
| curl 7.76.1 release |
| |
| - THANKS: add names from 7.76.1 |
| |
| - misc: update copyright year ranges to match latest updates |
| |
| - [Tatsuhiro Tsujikawa brought this change] |
| |
| ngtcp2: Use ALPN h3-29 for now |
| |
| Fixes #6864 |
| Cloes #6886 |
| |
| Jay Satiro (11 Apr 2021) |
| - TODO: remove 18.22 --fail-with-body |
| |
| --fail-with-body was added in 8a964cb (precedes curl-7_76_0). |
| |
| Daniel Stenberg (10 Apr 2021) |
| - [Jürgen Gmach brought this change] |
| |
| src/tool_vms.c: remove duplicated word in comment |
| |
| Closes #6881 |
| |
| - configure: fix CURL_DARWIN_CFLAGS use |
| |
| The macro name change was not completely done. |
| |
| Follow-up to 5d2c384452543c |
| Bug: https://github.com/curl/curl/commit/5d2c384452543c7b6c9fb02eaa0afc84fd5ab941#commitcomment-49315187 |
| Reported-by: Marcel Raad |
| Closes #6878 |
| |
| - [Anthony Shaw brought this change] |
| |
| github/workflow: add "security-extended" to codeql-analysis.yml |
| |
| Extends the CodeQL code scan. |
| |
| Closes #6815 |
| |
| - [Jochem Broekhoff brought this change] |
| |
| examples/hiperfifo.c: check event_initialized before delete |
| |
| If event_del is called with the event struct (still) zeroed out, a |
| segmentation fault may occur. event_initialized checks whether the |
| event struct is nonzero. |
| |
| Closes #6876 |
| |
| - [Patrick Monnerat brought this change] |
| |
| ntlm: fix negotiated flags usage |
| |
| According to Microsoft document MS-NLMP, current flags usage is not |
| accurate: flag NTLMFLAG_NEGOTIATE_NTLM2_KEY controls the use of |
| extended security in an NTLM authentication message and NTLM version 2 |
| cannot be negotiated within the protocol. |
| |
| The solution implemented here is: if the extended security flag is set, |
| prefer using NTLM version 2 (as a server featuring extended security |
| should also support version 2). If version 2 has been disabled at |
| compile time, use extended security. |
| |
| Tests involving NTLM are adjusted to this new behavior. |
| |
| Fixes #6813 |
| Closes #6849 |
| |
| - [Patrick Monnerat brought this change] |
| |
| ntlm: support version 2 on 32-bit platforms |
| |
| Closes #6849 |
| |
| - [Patrick Monnerat brought this change] |
| |
| curl_ntlm_core.h: simplify conditionals for USE_NTLM2SESSION |
| |
| ... as !defined(CURL_DISABLE_CRYPTO_AUTH) is a prerequisite for the |
| whole NTLM. |
| |
| Closes #6849 |
| |
| - lib: remove unused HAVE_INET_NTOA_R* defines |
| |
| Closes #6867 |
| |
| - [Michael Forney brought this change] |
| |
| configure: include <time.h> unconditionally |
| |
| In 2682e5f5, several instances of AC_HEADER_TIME were removed since |
| it is a deprecated autoconf macro. However, this was the macro that |
| defined TIME_WITH_SYS_TIME, which was used to indicate that <time.h> |
| can be included alongside <sys/time.h>. TIME_WITH_SYS_TIME is still |
| used in the configure test body and since it is no longer defined, |
| <time.h> is *not* included on systems that have <sys/time.h>. |
| |
| In particular, at least on musl libc and glibc, <sys/time.h> does |
| not implicitly include <time.h> and does not declare clock_gettime, |
| gmtime_r, or localtime_r. This causes configure to fail to detect |
| those functions. |
| |
| The AC_HEADER_TIME macro deprecation text says |
| |
| > All current systems provide time.h; it need not be checked for. |
| > Not all systems provide sys/time.h, but those that do, all allow |
| > you to include it and time.h simultaneously. |
| |
| So, to fix this issue, simply include <time.h> unconditionally when |
| testing for time-related functions and in libcurl, and don't bother |
| checking for it. |
| |
| Closes #6859 |
| |
| - [Michael Forney brought this change] |
| |
| configure: remove use of RETSIGTYPE |
| |
| This was previously defined by the obsolete AC_TYPE_SIGNAL macro, |
| which was removed in 2682e5f5. The deprecation text says |
| |
| > Your code may safely assume C89 semantics that RETSIGTYPE is void. |
| |
| So, remove it and just use void instead. |
| |
| Closes #6861 |
| |
| - [Muhammed Yavuz Nuzumlalı brought this change] |
| |
| install: add instructions for Apple Darwin platforms |
| |
| Closes #6860 |
| |
| - [Muhammed Yavuz Nuzumlalı brought this change] |
| |
| configure: disable min version set for Darwin |
| |
| Fixes #6838 |
| Closes #6860 |
| |
| - [David Hu brought this change] |
| |
| docs/HTTP3.md: update the build instruction using gnutls |
| |
| In ngtcp2 the `with-gnutls` option is disabled by default, which will |
| cause `curl` unable to be `make` because of lacking the libraries |
| needed. |
| |
| Closes #6857 |
| |
| - RELEASE-NOTES: synced |
| |
| - typecheck-gcc: make the ssl-ctx-cb check use SSL_CTX pointers |
| |
| ... and not values. |
| |
| Reported-by: locpyl-tidnyd on github |
| Fixes #6818 |
| Closes #6819 |
| |
| - ngtcp2+gnutls: clear credentials when freed |
| |
| ... to avoid double-free. |
| |
| Reported-by: Kenneth Davidson |
| Fixes #6824 |
| Closes #6856 |
| |
| Jay Satiro (5 Apr 2021) |
| - [Cherish98 brought this change] |
| |
| tool_progress: Fix progress meter in parallel mode |
| |
| Make sure the total amount of DL/UL bytes are counted before the |
| transfer finalizes. Otherwise if a transfer finishes too quick, its |
| total numbers are not added, and results in a DL%/UL% that goes above |
| 100%. |
| |
| Detail: |
| |
| progress_meter() is called periodically, and it may not catch a |
| transfer's total bytes if the value was unknown during the last call, |
| and the transfer is finished and deleted (i.e., lost) during the next |
| call. |
| |
| Closes https://github.com/curl/curl/pull/6840 |
| |
| - [Emil Engler brought this change] |
| |
| libssh: get rid of PATH_MAX |
| |
| This removes the last occurrence of PATH_MAX inside our libssh |
| implementation by calculating the path length from the string length of |
| the two components. |
| |
| Closes #6829 |
| |
| Daniel Stenberg (5 Apr 2021) |
| - http_proxy: only loop on 407 + close if we have credentials |
| |
| ... to fix the retry-loop. |
| |
| Add test 718 to verify. |
| |
| Reported-by: Daniel Kurečka |
| Fixes #6828 |
| Closes #6850 |
| |
| - h2: allow 100 streams by default |
| |
| instead of 13, before the server has told how many streams it |
| accepts. The server can always reject new streams anyway if we go above |
| what it accepts. |
| |
| Ref: #6826 |
| Closes #6852 |
| |
| - [Luke Granger-Brown brought this change] |
| |
| file: support GETing directories again |
| |
| After 957bc1881e686f9714c4e6a01bf33535091f0e21, we no longer compute an |
| expected_size for directories. This has the upshot that when we compare |
| even an empty Range with the available size, we fail. |
| |
| This brings back the previous behaviour, which was to succeed, but with |
| empty content. This also removes the "Accept-ranges: bytes" header, |
| which is nonsensical on directories. |
| |
| Adds test 3016 |
| Fixes #6845 |
| Closes #6846 |
| |
| - RELEASE-NOTES: synced |
| |
| and bumped to 7.76.1 |
| |
| - TLS: fix HTTP/2 selection |
| |
| for GnuTLS, BearSSL, mbedTLS, NSS, SChannnel, Secure Transport and |
| wolfSSL... |
| |
| Regression since 88dd1a8a115b1f5ece (shipped in 7.76.0) |
| Reported-by: Kenneth Davidson |
| Reported-by: romamik om github |
| Fixes #6825 |
| Closes #6827 |
| |
| Jay Satiro (2 Apr 2021) |
| - hostip: Fix for builds that disable all asynchronous DNS |
| |
| - Define Curl_resolver_error function only when USE_CURL_ASYNC. |
| |
| Prior to this change building curl without an asynchronous resolver |
| backend (c-ares or threaded) and without DoH (DNS-over-HTTPS, which is |
| also asynchronous but independent of resolver backend) would cause a |
| build error since Curl_resolver_error is called by and evaluates |
| variables only available in asynchronous builds. |
| |
| Reported-by: Benbuck Nason |
| |
| Fixes https://github.com/curl/curl/issues/6831 |
| Closes https://github.com/curl/curl/pull/6832 |
| |
| Daniel Stenberg (31 Mar 2021) |
| - [Gilles Vollant brought this change] |
| |
| openssl: Fix CURLOPT_SSLCERT_BLOB without CURLOPT_SSLCERT_KEY |
| |
| Reported-by: Christian Schmitz |
| Fixes #6816 |
| Closes #6820 |
| |
| Version 7.76.0 (31 Mar 2021) |
| |
| Daniel Stenberg (31 Mar 2021) |
| - RELEASE-NOTES: synced |
| |
| curl 7.76.0 release |
| |
| - THANKS: added names from 7.76.0 |
| |
| - CURLOPT_AUTOREFERER.3: clarify that it sets the full URL |
| |
| ... some users may not want that! |
| |
| - define: remove CURL_DISABLE_NTLM ifdefs |
| |
| It was never defined anywhere. Fixed disable-scan (test 1165) to also |
| scan headers, which found this issue. |
| |
| Closes #6809 |
| |
| - vtls: fix addsessionid for non-proxy builds |
| |
| Follow-up to b09c8ee15771c61 |
| Fixes #6812 |
| Closes #6811 |
| |
| - [Li Xinwei brought this change] |
| |
| cmake: support WinIDN |
| |
| Closes #6807 |
| |
| - transfer: clear 'referer' in declaration |
| |
| To silence (false positive) compiler warnings about it. |
| |
| Follow-up to 7214288898f5625 |
| |
| Reviewed-by: Marcel Raad |
| Closes #6810 |
| |
| - [Marc Hoersken brought this change] |
| |
| config: fix SSPI enabling NTLM if crypto auth is disabled |
| |
| Avoid enabling NTLM feature based upon Windows SSPI |
| being enabled in case that crypto auth is disabled. |
| |
| Reported-by: Marcel Raad |
| |
| Follow-up to #6277 |
| Fixes #6803 |
| Closes #6808 |
| |
| - HISTORY: add two 2021 events |
| |
| - vtls: add 'isproxy' argument to Curl_ssl_get/addsessionid() |
| |
| To make sure we set and extract the correct session. |
| |
| Reported-by: Mingtao Yang |
| Bug: https://curl.se/docs/CVE-2021-22890.html |
| |
| CVE-2021-22890 |
| |
| - [Viktor Szakats brought this change] |
| |
| transfer: strip credentials from the auto-referer header field |
| |
| Added test 2081 to verify. |
| |
| CVE-2021-22876 |
| |
| Bug: https://curl.se/docs/CVE-2021-22876.html |
| |
| - curl_sasl: fix compiler error with --disable-crypto-auth |
| |
| ... if libgsasl was found. |
| |
| Closes #6806 |
| |
| - [Patrick Monnerat brought this change] |
| |
| ldap: only set the callback ptr for TLS context when TLS is used |
| |
| Follow-up to a5eee22e594c2460f |
| Fixes #6804 |
| Closes #6805 |
| |
| - copyright: update copyright year ranges to 2021 |
| |
| Reviewed-by: Emil Engler |
| Closes #6802 |
| |
| - send_speed: simplify the checks for if a speed limit is set |
| |
| ... as we know the value cannot be set to negative: enforced by |
| setopt() |
| |
| - http: cap body data amount during send speed limiting |
| |
| By making sure never to send off more than the allowed number of bytes |
| per second the speed limit logic is given more room to actually work. |
| |
| Reported-by: Fabian Keil |
| Bug: https://curl.se/mail/lib-2021-03/0042.html |
| Closes #6797 |
| |
| - urldata: merge "struct DynamicStatic" into "struct UrlState" |
| |
| Both were used for the same purposes and there was no logical separation |
| between them. Combined, this also saves 16 bytes in less holes in my |
| test build. |
| |
| Closes #6798 |
| |
| - tests/README.md: mentioned that en_US.UTF-8 is required |
| |
| Reported-by: Oumph on github |
| Fixes #6768 |
| |
| - HISTORY: fixed the Mac OS X 10.1 release date |
| |
| Based on what Wikipedia says |
| |
| Jay Satiro (26 Mar 2021) |
| - examples: Remove threaded-shared-conn.c due to bug |
| |
| Known bug 11.11 is the shared object's connection cache is not thread |
| safe, so we should not have an example for it. |
| |
| Ref: https://github.com/curl/curl/issues/4915 |
| Ref: https://curl.se/docs/knownbugs.html#A_shared_connection_cache_is_not |
| |
| Closes https://github.com/curl/curl/pull/6795 |
| |
| - KNOWN_BUGS: Update 11.9 - DoH option inheritance |
| |
| - Add description: Explain that some options aren't inherited because |
| they are not relevant for the DoH SSL connections or may result in |
| unexpected behavior. |
| |
| - Remove the reference to #4578 (SSL verify options not inherited) since |
| that was fixed by #6597 (separate DoH-specific options for verify). |
| |
| - Explain that DoH-specific options (those created by #6597) are |
| available: CURLOPT_DOH_SSL_VERIFYHOST, CURLOPT_DOH_SSL_VERIFYPEER and |
| CURLOPT_DOH_SSL_VERIFYSTATUS. |
| |
| - Add a reference to #6605 and explain that the user's debug function is |
| not inherited because it would be unexpected to pass internal handles |
| (ie DoH handles) to the user's callback. |
| |
| Closes https://github.com/curl/curl/issues/6605 |
| |
| Daniel Stenberg (26 Mar 2021) |
| - curl_easy_setopt.3: add curl_easy_option* functions to SEE ALSO |
| |
| - [Jean-Philippe Menil brought this change] |
| |
| openssl: ensure to check SSL_CTX_set_alpn_protos return values |
| |
| SSL_CTX_set_alpn_protos() return 0 on success, and non-0 on failure |
| |
| Signed-off-by: Jean-Philippe Menil <jpmenil@gmail.com> |
| |
| Closes #6794 |
| |
| - multi: close the connection when h2=>h1 downgrading |
| |
| Otherwise libcurl is likely to reuse the connection again in the next |
| attempt since the connection reuse logic doesn't take downgrades into |
| account. |
| |
| Reported-by: Anthony Ramine |
| Fixes #6788 |
| Closes #6793 |
| |
| - openssl: set the transfer pointer for logging early |
| |
| Otherwise, the transfer will be NULL in the trace function when the |
| early handshake details arrive and then curl won't show them. |
| |
| Regresssion in 7.75.0 |
| |
| Reported-by: David Hu |
| Fixes #6783 |
| Closes #6792 |
| |
| - RELEASE-NOTES: synced |
| |
| - TODO: Custom progress meter update interval |
| |
| Ref: https://stackoverflow.com/q/66789977/93747 |
| |
| - docs/ABI: tighten up the language |
| |
| Make the promises more firm |
| |
| Closes #6786 |
| |
| - openldap: disconnect better |
| |
| Instead of clearing the callback argument in disconnect, set it to the |
| (new) transfer to make sure the correct data is passed to the callbacks. |
| |
| Follow-up to e467ea3bd937f38 |
| Assisted-by: Patrick Monnerat |
| Closes #6787 |
| |
| - libssh2: kdb_callback: get the right struct pointer |
| |
| After the recent conn/data refactor in this source file, this function |
| was mistakenly still getting the old struct pointer which would lead to |
| crash on servers with keyboard-interactive auth enabled. |
| |
| Follow-up to a304051620b92e12b (shipped in 7.75.0) |
| |
| Reported-by: Christian Schmitz |
| Fixes #6691 |
| Closes #6782 |
| |
| - tftp: remove unused struct fields |
| |
| Follow-up to d3d90ad9c00530d |
| |
| Closes #6781 |
| |
| - openldap: avoid NULL pointer dereferences |
| |
| Follow-up to a59c33ceffb8f78 |
| Reported-by: Patrick Monnerat |
| Fixes #6676 |
| Closes #6780 |
| |
| - http: strip default port from URL sent to proxy |
| |
| To make sure the Host: header and the URL provide the same authority |
| portion when sent to the proxy, strip the default port number from the |
| URL if one was provided. |
| |
| Reported-by: Michael Brown |
| Fixes #6769 |
| Closes #6778 |
| |
| - azure: disable test 433 on azure-ubuntu |
| |
| Something in that environment sets XDG_CONFIG_HOME for us in a way that |
| breaks the test. |
| |
| Reported-by: Marc Hörsken |
| Fixes #6739 |
| Closes #6777 |
| |
| - tftp: remove the 3600 second default timeout |
| |
| ... it was never meant to be there. |
| |
| Reported-by: Tomas Berger |
| Fixes #6774 |
| Closes #6776 |
| |
| - docs: make gen.pl support *italic* and **bold** |
| |
| Remove some nroffisms from the cmdline doc files to simplify editing, |
| and instead support this markdown style. |
| |
| Closes #6771 |
| |
| - ngtcp2: sync with recent API updates |
| |
| Closes #6770 |
| |
| - RELEASE-NOTES: synced |
| |
| - libssh2:ssh_connect: clear session pointer after free |
| |
| If libssh2_knownhost_init() returns NULL, like in an OOM situation, the |
| ssh session was freed but the pointer wasn't cleared which made libcurl |
| later call libssh2 to cleanup using the stale pointer. |
| |
| Fixes #6764 |
| Closes #6766 |
| |
| - [Jacob Hoffman-Andrews brought this change] |
| |
| docs: document version of crustls dependency |
| |
| This also pins a specific release in the Travis test so future |
| API-breaking changins in crustls won't break curl builds. |
| |
| Add RUSTLS documentation to release tarball. |
| |
| Enable running tests for rustls, minus FTP tests (require |
| connect_blocking, which rustls doesn't implement) and 313 (requires CRL |
| handling). |
| |
| Closes #6763 |
| |
| - [Jacob Hoffman-Andrews brought this change] |
| |
| rustls: Handle close_notify. |
| |
| If we get a close_notify, treat that as EOF. If we get an EOF from the |
| TCP stream, treat that as an error (because we should have ended the |
| connection earlier, when we got a close_notify). |
| |
| Closes #6763 |
| |
| - docs: clarify timeouts for queued transfers in multi API |
| |
| Closes #6758 |
| |
| - ftpserver: only load the preprocessed test file |
| |
| We always preprocess and tests are no longer sensible to load "raw" |
| |
| Closes #6738 |
| |
| - tests: use %TESTNUMBER instead of fixed number |
| |
| This makes the tests easier to copy and relocate to other test numbers |
| without having to update content. |
| |
| Closes #6738 |
| |
| - KNOWN_BUGS: CURLOPT_OPENSOCKETPAIRFUNCTION is missing |
| |
| Closes #5747 |
| |
| - TODO: provide timing info for each redirect |
| |
| Closes #6743 |
| |
| Jay Satiro (17 Mar 2021) |
| - docs: Add SSL backend names to CURL_SSL_BACKEND |
| |
| - Document the names that can be used with CURL_SSL_BACKEND: |
| bearssl, gnutls, gskit, mbedtls, mesalink, nss, openssl, rustls, |
| schannel, secure-transport, wolfssl |
| |
| Ref: https://github.com/curl/curl/issues/2209#issuecomment-360623286 |
| Ref: https://github.com/curl/curl/issues/6717#issuecomment-800745201 |
| |
| Closes https://github.com/curl/curl/pull/6755 |
| |
| - docs: Explain DOH transfers inherit some SSL settings |
| |
| - Document in DOH that some SSL settings are inherited but DOH hostname |
| and peer verification are not and are controlled separately. |
| |
| - Document that CURLOPT_SSL_CTX_FUNCTION is inherited by DOH handles but |
| we're considering changing behavior to no longer inherit it. Request |
| feedback. |
| |
| Closes https://github.com/curl/curl/pull/6688 |
| |
| Daniel Stenberg (17 Mar 2021) |
| - http: make 416 not fail with resume + CURLOPT_FAILONERRROR |
| |
| When asked to resume a download, libcurl will convert that to HTTP logic |
| and if then the entire file is already transferred it will result in a |
| 416 response from the HTTP server. With CURLOPT_FAILONERRROR set in that |
| scenario, it should *not* lead to an error return. |
| |
| Updated test 1156, added test 1273 |
| |
| Reported-by: Jonathan Watt |
| Fixes #6740 |
| Closes #6753 |
| |
| - Curl_timeleft: check both timeouts during connect |
| |
| The duration of a connect and the total transfer are calculated from two |
| different time-stamps. It can end up with the total timeout triggering |
| before the connect timeout expires and we should make sure to |
| acknowledge whichever timeout that is reached first. |
| |
| This is especially notable when a transfer first sits in PENDING, as |
| that time is counted in the total time but the connect timeout is based |
| on the time since the handle changed to the CONNECT state. |
| |
| The CONNECTTIMEOUT is per connect attempt. The TIMEOUT is for the entire |
| operation. |
| |
| Fixes #6744 |
| Closes #6745 |
| Reported-by: Andrei Bica |
| Assisted-by: Jay Satiro |
| |
| - configure: remove use of deprecated macros |
| |
| AC_HEADER_TIME, AC_HEADER_STDC and AC_TYPE_SIGNAL |
| |
| - configure: make AC_TRY_* into AC_*_IFELSE |
| |
| ... as the former versions are deprecated. |
| |
| - configure: s/AC_HELP_STRING/AS_HELP_STRING |
| |
| AC_HELP_STRING is deprecated in 2.70+ and I believe AS_HELP_STRING works |
| already since 2.59 so bump the minimum required version to that. |
| |
| Reported-by: Emil Engler |
| Fixes #6647 |
| Closes #6748 |
| |
| - RELEASE-NOTES: synced |
| |
| - travis: use ubuntu nghttp2 package instead of build our own |
| |
| Closes #6751 |
| |
| - travis: bump wolfssl to 4.7.0 |
| |
| - travis: only build wolfssl when needed |
| |
| Closes #6751 |
| |
| - [Jacob Hoffman-Andrews brought this change] |
| |
| rustls: allocate a buffer for TLS data. |
| |
| Previously, rustls was using an on-stack array for TLS data. However, |
| crustls has an (unusual) requirement that buffers it deals with are |
| initialized before writing to them. By using calloc, we can ensure the |
| buffer is initialized once and then reuse it across calls. |
| |
| Closes #6742 |
| |
| - travis: add a rustls build |
| |
| ... that doesn't run any tests (yet) |
| |
| Closes #6750 |
| |
| - HTTP2: remove the outdated remark about multiplexing for the tool |
| |
| - [Robert Ronto brought this change] |
| |
| http2: don't set KEEP_SEND when there's no more data to be sent |
| |
| this should fix an issue where curl sometimes doesn't send out a request |
| with authorization info after a 401 is received over http2 |
| |
| Closes #6747 |
| |
| Marc Hoersken (15 Mar 2021) |
| - config: fix building SMB with configure using Win32 Crypto |
| |
| Align conditions for NTLM features between CMake and configure |
| builds by differentiating between USE_NTLM and USE_CURL_NTLM_CORE, |
| just like curl_setup.h does internally to detect support of: |
| |
| - USE_NTLM: required for NTLM crypto authentication feature |
| - USE_CURL_NTLM_CORE: required for SMB protocol |
| |
| Implement USE_WIN32_CRYPTO detection by checking for Crypt functions |
| in wincrypt.h which are not available in the Windows App environment. |
| |
| Link advapi32 and crypt32 for Crypto API and Schannel SSL backend. |
| Fix condition of Schannel SSL backend in CMake build accordingly. |
| |
| Reviewed-by: Marcel Raad |
| |
| Closes #6277 |
| |
| - config: fix detection of restricted Windows App environment |
| |
| Move the detection of the restricted Windows App environment |
| in curl_setup.h before the definition of USE_WIN32_CRYPTO |
| via included config-win32.h in case no build system is used. |
| |
| Reviewed-by: Marcel Raad |
| |
| Part of #6277 |
| |
| Daniel Stenberg (15 Mar 2021) |
| - HISTORY: curl 7.7.2 was the first version used in Mac OS X 10.1 |
| |
| - gen.pl: quote "bare" minuses in the nroff curl.1 |
| |
| Reported-by: Alejandro Colomar |
| Fixes #6698 |
| Closes #6722 |
| |
| Daniel Gustafsson (14 Mar 2021) |
| - hsts: remove unused defines |
| |
| MAX_HSTS_SUBLEN and MAX_HSTS_SUBLENSTR were unused from the initial commit, |
| and mostly likely leftovers from early development. Remove as they're not |
| used for anything. |
| |
| Closes #6741 |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| Daniel Stenberg (12 Mar 2021) |
| - github: add torture-ftp for FTP-only torture testing |
| |
| and at 20% to try to keep the run-time reasonable |
| |
| Closes #6728 |
| |
| - travis: split "torture" into a separate "events" build as well |
| |
| Run torture without FTP and reducing coverage to 20% |
| |
| For some reason the torture tests now run a lot slower on travis and run |
| into the 50 minute limit all the time. |
| |
| Closes #6728 |
| |
| - ftp: fix memory leak in ftp_done |
| |
| If after a transfer is complete Curl_GetFTPResponse() returns an error, |
| curl would not free the ftp->pathalloc block. |
| |
| Found by torture-testing test 576 |
| |
| Closes #6737 |
| |
| - [oxalica brought this change] |
| |
| http2: fail if connection terminated without END_STREAM |
| |
| Closes #6736 |
| |
| - RELEASE-NOTES: synced |
| |
| - [Jacob Hoffman-Andrews brought this change] |
| |
| rustls: support CURLOPT_SSL_VERIFYPEER |
| |
| This requires the latest main branch of crustls, which provides |
| rustls_client_config_builder_dangerous_set_certificate_verifier and |
| rustls_client_config_builder_set_enable_sni. |
| |
| This refactors the session setup into its own function, and adds a new |
| function cr_hostname_is_ip. Because crustls doesn't support verification |
| of IP addresses, special handling is needed: We disable SNI and set a |
| placeholder hostname (which never actually gets sent on the wire). |
| |
| Closes #6719 |
| |
| Daniel Gustafsson (12 Mar 2021) |
| - cookies: Fix potential NULL pointer deref with PSL |
| |
| Curl_cookie_init can be called with data being NULL, and this can in turn |
| be passed to Curl_cookie_add, meaning that both functions must be careful |
| to only use data where it's checked for being a NULL pointer. The libpsl |
| support code does however dereference data without checking, so if we are |
| indeed having an unset data pointer we cannot PSL check the cookiedomain. |
| |
| This is currently not a reachable dereference, as the only caller with a |
| NULL data isn't passing a file to initialize cookies from, but since the |
| API has this contract let's ensure we hold it. |
| |
| Closes #6731 |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| Daniel Stenberg (12 Mar 2021) |
| - [Michael Hordijk brought this change] |
| |
| configure: only add OpenSSL paths if they are defined |
| |
| Add paths for OpenSSL compiling and linking only if they have been |
| defined. If they haven't been defined, we'll assume that the paths are |
| already available to the toolchain. |
| |
| Closes #6730 |
| |
| Jay Satiro (12 Mar 2021) |
| - retry.d: Clarify transient 5xx HTTP response codes |
| |
| - Clarify the only 5xx response codes that are treated as transient are |
| 500, 502, 503 and 504. |
| |
| Prior to this change it said it treated all 5xx as transient, but the |
| code says otherwise. |
| |
| Ref: https://github.com/curl/curl/blob/curl-7_75_0/src/tool_operate.c#L462-L495 |
| |
| Closes https://github.com/curl/curl/pull/6724 |
| |
| - retry-all-errors.d: Explain curl errors versus HTTP response errors |
| |
| - Add a paragraph explaining that curl does not consider HTTP response |
| errors as curl errors, and how that behavior can be modified by using |
| --retry and --fail. |
| |
| The --retry-all-errors doc says "Retry on any error" which some users |
| may find misleading without the added explanation. |
| |
| Ref: https://curl.se/docs/faq.html#Why_do_I_get_downloaded_data_eve |
| Ref: https://curl.se/docs/faq.html#curl_doesn_t_return_error_for_HT |
| |
| Reported-by: Lawrence Gripper |
| |
| Fixes https://github.com/curl/curl/issues/6712 |
| Closes https://github.com/curl/curl/pull/6720 |
| |
| Daniel Stenberg (11 Mar 2021) |
| - travis: switch ngtcp2 build over to quictls |
| |
| The ngtcp2 project switched over to using the quictls OpenSSL fork |
| instead of their own patched OpenSSL. We follow suit. |
| |
| Closes #6729 |
| |
| - test220/314: adjust to run with Hyper |
| |
| - c-hyper: support automatic content-encoding |
| |
| Closes #6727 |
| |
| - http: remove superfluous NULL assign |
| |
| Closes #6727 |
| |
| - tool_operate: bail if set CURLOPT_HTTP09_ALLOWED returns error |
| |
| Closes #6727 |
| |
| - setopt: error on CURLOPT_HTTP09_ALLOWED set true with Hyper |
| |
| Not supported. |
| |
| Closes #6727 |
| |
| - test306: make it not run with Hyper |
| |
| ... as it tests HTTP/0.9 which Hyper doesn't support. |
| |
| - test304: header CRLF cleanup to work with Hyper |
| |
| - FTP: allow SIZE to fail when doing (resumed) upload |
| |
| Added test 362 to verify. |
| |
| Reported-by: Jordan Brown |
| Regression since 7ea2e1d0c5a7f (7.73.0) |
| Fixes #6715 |
| Closes #6725 |
| |
| - configure: provide Largefile feature for curl-config |
| |
| ... as cmake now does it correctly, and make test1014 check for it |
| |
| Closes #6702 |
| |
| - config: remove CURL_SIZEOF_CURL_OFF_T use only SIZEOF_CURL_OFF_T |
| |
| Make the code consistently use a single name for the size of the |
| "curl_off_t" type. |
| |
| Closes #6702 |
| |
| Jay Satiro (10 Mar 2021) |
| - [Jun-ya Kato brought this change] |
| |
| ngtcp2: Fix build error due to change in ngtcp2_addr_init |
| |
| ngtcp2/ngtcp2@b8d90a9 changed the function prototype. |
| |
| Closes https://github.com/curl/curl/pull/6716 |
| |
| Daniel Stenberg (10 Mar 2021) |
| - [ejanchivdorj brought this change] |
| |
| multi: update pending list when removing handle |
| |
| when removing a handle, most of the lists are updated but pending list |
| is not updated. Updating now. |
| |
| Closes #6713 |
| |
| - [kokke brought this change] |
| |
| lib1536: check ptr against NULL before dereferencing it |
| |
| Closes #6710 |
| |
| - [kokke brought this change] |
| |
| lib1537: check ptr against NULL before dereferencing it |
| |
| Fixes #6707 |
| Closes #6708 |
| |
| - travis: make torture tests skip TLS-SRP tests |
| |
| ... as it seems to often hang. |
| |
| Also: skip the "normal" tests as they're already run by many other |
| builds. |
| |
| Closes #6705 |
| |
| - openssl: adapt to v3's new const for a few API calls |
| |
| Closes #6703 |
| |
| - quiche: fix crash when failing to connect |
| |
| Reported-by: ウさん |
| Fixes #6664 |
| Closes #6701 |
| |
| - RELEASE-NOTES: synced |
| |
| Fixed the release counter and added a missing contributor |
| |
| - RELEASE-NOTES: synced |
| |
| - dynbuf: bump the max HTTP request to 1MB |
| |
| Raised from 128KB to allow longer request headers. |
| |
| Reported-by: Carl Zogheib |
| Fixes #6681 |
| Closes #6685 |
| |
| Jay Satiro (6 Mar 2021) |
| - schannel: Evaluate CURLOPT_SSL_OPTIONS via SSL_SET_OPTION macro |
| |
| - Change use of those options from CURLOPT_SSL_OPTIONS that are not |
| already evaluated via SSL_SET_OPTION in schannel and secure transport |
| to use that instead of data->set.ssl.optname. |
| |
| Example: |
| |
| Evaluate SSL_SET_OPTION(no_revoke) instead of data->set.ssl.no_revoke. |
| |
| This change is because options set via CURLOPT_SSL_OPTIONS |
| (data->set.ssl.optname) are separate from those set for HTTPS proxy via |
| CURLOPT_PROXY_SSL_OPTIONS (data->set.proxy_ssl.optname). The |
| SSL_SET_OPTION macro determines whether the connection is for HTTPS |
| proxy and based on that which option to evaluate. |
| |
| Since neither Schannel nor Secure Transport backends currently support |
| HTTPS proxy in libcurl, this change is for posterity and has no other |
| effect. |
| |
| Closes https://github.com/curl/curl/pull/6690 |
| |
| - [kokke brought this change] |
| |
| c-hyper: Remove superfluous pointer check |
| |
| `n` pointer is never NULL once set. Found by static analysis. |
| |
| Ref: https://github.com/curl/curl/issues/6696 |
| |
| Closes https://github.com/curl/curl/pull/6697 |
| |
| - version.d: Add missing features to the features list |
| |
| - Add missing entries for gsasl, Kerberos, NTLM_WB, TrackMemory, |
| Unicode and zstd. |
| |
| - Remove krb4 since it's no longer a feature. |
| |
| Reported-by: Ádler Jonas Gross |
| |
| Fixes https://github.com/curl/curl/issues/6677 |
| Closes https://github.com/curl/curl/pull/6687 |
| |
| - [Vladimir Varlamov brought this change] |
| |
| docs: add missing Arg tag to --stderr |
| |
| Prior to this change the required argument was not shown. |
| |
| curl.1 before: --stderr |
| curl.1 after: --stderr <file> |
| |
| curl --help before: |
| --stderr Where to redirect stderr |
| |
| curl --help after: |
| --stderr <file> Where to redirect stderr |
| |
| Closes https://github.com/curl/curl/pull/6692 |
| |
| - projects: Update VS projects for OpenSSL 1.1.x |
| |
| - Update VS project templates to use the OpenSSL lib names and include |
| directories for OpenSSL 1.1.x. |
| |
| This change means the VS project files will now build only with OpenSSL |
| 1.1.x when an OpenSSL configuration is chosen. Prior to this change the |
| project files built only with OpenSSL 1.0.x (end-of-life) when an |
| OpenSSL configuration was chosen. |
| |
| The template changes in this commit were made by script: |
| |
| libeay32.lib => libcrypto.lib |
| ssleay32.lib => libssl.lib |
| ..\..\..\..\..\openssl\inc32 => ..\..\..\..\..\openssl\include |
| |
| And since the output directory now contains the includes it's prepended: |
| ..\..\..\..\..\openssl\build\Win{32,64}\VC{6..15}\{DLL,LIB} |
| {Debug,Release}\include |
| |
| - Change build-openssl.bat to copy the build's include directory to the |
| output directory (as seen above). |
| |
| Each build has its own opensslconf.h which is different so we can't just |
| include the source include directory any longer. |
| |
| Note the include directory in the output directory is a full copy from |
| the build so technically we don't need to include the OpenSSL source |
| include directory in the template. However, I left it last in case the |
| user made a custom OpenSSL build using the old method which would put |
| opensslconf in the OpenSSL source include directory. |
| |
| - Change build-openssl.bat to use a temporary install directory that is |
| different from the temporary build directory. |
| |
| For OpenSSL 1.1.x the temporary paths must be separate not a descendant |
| of the other, otherwise pdb files will be lost between builds. |
| |
| Ref: https://curl.se/mail/lib-2018-10/0049.html |
| Ref: https://gist.github.com/jay/125191c35bbeb894444eff827651f755 |
| Ref; https://github.com/openssl/openssl/issues/10005 |
| |
| Fixes https://github.com/curl/curl/issues/984 |
| Closes https://github.com/curl/curl/pull/6675 |
| |
| - doh: Inherit CURLOPT_STDERR from user's easy handle |
| |
| Prior to this change if the user set their easy handle's error stream |
| to something other than stderr it was not inherited by the doh handles, |
| which meant that they would still write to the default standard error |
| stream (stderr) for verbose output. |
| |
| Bug: https://github.com/curl/curl/issues/6605 |
| Reported-by: arvids-kokins-bidstack@users.noreply.github.com |
| |
| Closes https://github.com/curl/curl/pull/6661 |
| |
| Marc Hoersken (1 Mar 2021) |
| - CI/azure: replace python-impacket with python3-impacket |
| |
| As of this month Azure DevOps uses Ubuntu 20.04 LTS which |
| no longer supports Python 2 and instead ships Python 3. |
| |
| Closes #6678 |
| |
| - runtests.pl: kill processes locking test log files |
| |
| Introduce a new runtests.pl command option: -rm |
| |
| For now only required and implemented for Windows. |
| Ignore stunnel logs due to long running processes. |
| |
| Requires Sysinternals handle[64].exe to be on PATH. |
| |
| Reviewed-by: Jay Satiro |
| |
| Ref: #6058 |
| Closes #6179 |
| |
| - pathhelp.pm: fix use of pwd -L in Msys environment |
| |
| While Msys2 has a pwd binary which supports -L, |
| Msys1 only has a shell built-in with that feature. |
| |
| Reviewed-by: Jay Satiro |
| |
| Part of #6179 |
| |
| Daniel Gustafsson (1 Mar 2021) |
| - ldap: use correct memory free function |
| |
| unescaped is coming from Curl_urldecode and not a unicode conversion |
| function, so reclaiming its memory should be performed with a normal |
| call to free rather than curlx_unicodefree. In reality, this is the |
| same thing as curlx_unicodefree is implemented as a call to free but |
| that's not guaranteed to always hold. Using the curlx macro present |
| issues with memory debugging as well. |
| |
| Closes #6671 |
| Reviewed-by: Jay Satiro <raysatiro@yahoo.com> |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| - url: fix typo in comment |
| |
| Correct a small typo which snuck in with a304051620. |
| |
| Jay Satiro (28 Feb 2021) |
| - tool_help: Increase space between option and description |
| |
| - Increase the minimum number of spaces between the option and the |
| description from 1 to 2. |
| |
| Before: |
| ~~~ |
| -u, --user <user:password> Server user and password |
| -A, --user-agent <name> Send User-Agent <name> to server |
| -v, --verbose Make the operation more talkative |
| -V, --version Show version number and quit |
| -w, --write-out <format> Use output FORMAT after completion |
| --xattr Store metadata in extended file attributes |
| ~~~ |
| |
| After: |
| ~~~ |
| -u, --user <user:password> Server user and password |
| -A, --user-agent <name> Send User-Agent <name> to server |
| -v, --verbose Make the operation more talkative |
| -V, --version Show version number and quit |
| -w, --write-out <format> Use output FORMAT after completion |
| --xattr Store metadata in extended file attributes |
| ~~~ |
| |
| Closes https://github.com/curl/curl/pull/6674 |
| |
| Daniel Stenberg (27 Feb 2021) |
| - curl: set CURLOPT_NEW_FILE_PERMS if requested |
| |
| The --create-file-mode code logic accepted the value but never actually |
| passed it on to libcurl! |
| |
| Follow-up to a7696c73436f (shipped in 7.75.0) |
| Reported-by: Johannes Lesr |
| Fixes #6657 |
| Closes #6666 |
| |
| - tool_operate: check argc before accessing argv[1] |
| |
| Follow-up to 09363500b |
| Reported-by: Emil Engler |
| Reviewed-by: Daniel Gustafsson |
| Closes #6668 |
| |
| Daniel Gustafsson (26 Feb 2021) |
| - [Jean-Philippe Menil brought this change] |
| |
| openssl: remove get_ssl_version_txt in favor of SSL_get_version |
| |
| openssl: use SSL_get_version to get connection protocol |
| |
| Replace our bespoke get_ssl_version_txt in favor of SSL_get_version. |
| We can get rid of few lines of code, since SSL_get_version achieve |
| the exact same thing |
| |
| Closes #6665 |
| Reviewed-by: Daniel Gustafsson <daniel@yesql.se> |
| Signed-off-by: Jean-Philippe Menil <jpmenil@gmail.com> |