| _ _ ____ _ |
| ___| | | | _ \| | |
| / __| | | | |_) | | |
| | (__| |_| | _ <| |___ |
| \___|\___/|_| \_\_____| |
| |
| Changelog |
| |
| Version 7.66.0 (10 Sep 2019) |
| |
| Daniel Stenberg (10 Sep 2019) |
| - RELEASE-NOTES: curl 7.66.0 |
| |
| - THANKS: from the 7.66.0 release |
| |
| - curl: make sure the parallel transfers do them all |
| |
| The logic could erroneously break the loop too early before all |
| transfers had been transferred. |
| |
| Reported-by: Tom van der Woerdt |
| Fixes #4316 |
| Closes #4317 |
| |
| - urlapi: one colon is enough for the strspn() input (typo) |
| |
| - urlapi: verify the IPv6 numerical address |
| |
| It needs to parse correctly. Otherwise it could be tricked into letting |
| through a-f using host names that libcurl would then resolve. Like |
| '[ab.be]'. |
| |
| Reported-by: Thomas Vegas |
| Closes #4315 |
| |
| - [Clément Notin brought this change] |
| |
| openssl: use SSL_CTX_set_<min|max>_proto_version() when available |
| |
| OpenSSL 1.1.0 adds SSL_CTX_set_<min|max>_proto_version() that we now use |
| when available. Existing code is preserved for older versions of |
| OpenSSL. |
| |
| Closes #4304 |
| |
| - [Clément Notin brought this change] |
| |
| openssl: indent, re-organize and add comments |
| |
| - [migueljcrum brought this change] |
| |
| sspi: fix memory leaks |
| |
| Closes #4299 |
| |
| - travis: disable ngtcp2 builds (again) |
| |
| - Curl_fillreadbuffer: avoid double-free trailer buf on error |
| |
| Reviewed-by: Jay Satiro |
| Reported-by: Thomas Vegas |
| |
| Closes #4307 |
| |
| - tool_setopt: handle a libcurl build without netrc support |
| |
| Reported-by: codesniffer13 on github |
| Fixes #4302 |
| Closes #4305 |
| |
| - security:read_data fix bad realloc() |
| |
| ... that could end up a double-free |
| |
| CVE-2019-5481 |
| Bug: https://curl.haxx.se/docs/CVE-2019-5481.html |
| |
| - [Thomas Vegas brought this change] |
| |
| tftp: Alloc maximum blksize, and use default unless OACK is received |
| |
| Fixes potential buffer overflow from 'recvfrom()', should the server |
| return an OACK without blksize. |
| |
| Bug: https://curl.haxx.se/docs/CVE-2019-5482.html |
| CVE-2019-5482 |
| |
| - [Thomas Vegas brought this change] |
| |
| tftp: return error when packet is too small for options |
| |
| - KNOWN_BUGS/TODO: cleanup and remove outdated issues |
| |
| - RELEASE-NOTES: synced |
| |
| - netrc: free 'home' on error |
| |
| Follow-up to f9c7ba9096ec2 |
| |
| Coverity CID 1453474 |
| |
| Closes #4291 |
| |
| - urldata: avoid 'generic', use dedicated pointers |
| |
| For the 'proto' union within the connectdata struct. |
| |
| Closes #4290 |
| |
| - cleanup: move functions out of url.c and make them static |
| |
| Closes #4289 |
| |
| - smtp: check for and bail out on too short EHLO response |
| |
| Otherwise, a three byte response would make the smtp_state_ehlo_resp() |
| function misbehave. |
| |
| Credit to OSS-Fuzz |
| Bug: https://crbug.com/oss-fuzz/16918 |
| |
| Assisted-by: Max Dymond |
| |
| Closes #4287 |
| |
| - smb: init *msg to NULL in smb_send_and_recv() |
| |
| ... it might otherwise return OK from this function leaving that pointer |
| uninitialized. |
| |
| Bug: https://crbug.com/oss-fuzz/16907 |
| |
| Closes #4286 |
| |
| - ROADMAP: updated after recent user poll |
| |
| In rough prio order |
| |
| - THANKS: remove duplicate |
| |
| - Curl_addr2string: take an addrlen argument too |
| |
| This allows the function to figure out if a unix domain socket has a |
| file name or not associated with it! When a socket is created with |
| socketpair(), as done in the fuzzer testing, the path struct member is |
| uninitialized and must not be accessed. |
| |
| Bug: https://crbug.com/oss-fuzz/16699 |
| |
| Closes #4283 |
| |
| - [Rolf Eike Beer brought this change] |
| |
| CMake: remove needless newlines at end of gss variables |
| |
| - [Rolf Eike Beer brought this change] |
| |
| CI: remove duplicate configure flag for LGTM.com |
| |
| - [Rolf Eike Beer brought this change] |
| |
| CMake: use platform dependent name for dlopen() library |
| |
| Closes #4279 |
| |
| - quiche: expire when poll returned data |
| |
| ... to make sure we continue draining the queue until empty |
| |
| Closes #4281 |
| |
| - quiche: decrease available buffer size, don't assign it! |
| |
| Found-by: Jeremy Lainé |
| |
| - RELEASE-NOTES: synced |
| |
| - [Kyohei Kadota brought this change] |
| |
| curl: fix include conditions |
| |
| - [Kyohei Kadota brought this change] |
| |
| plan9: fix installation instructions |
| |
| Closes #4276 |
| |
| - ngtcp2: on h3 stream close, call expire |
| |
| ... to trigger a new read to detect the stream close! |
| |
| Closes #4275 |
| |
| - [Tatsuhiro Tsujikawa brought this change] |
| |
| ngtcp2: build latest ngtcp2 and ngtcp2_crypto_openssl |
| |
| Closes #4278 |
| |
| - ngtcp2: set flow control window to stream buffer size |
| |
| Closes #4274 |
| |
| - [Christopher Head brought this change] |
| |
| CURLOPT_HEADERFUNCTION.3: clarify |
| |
| Closes #4273 |
| |
| - CURLINFO docs: mention that in redirects times are added |
| |
| Suggested-by: Brandon Dong |
| Fixes #4250 |
| Closes #4269 |
| |
| - travis: enable ngtcp2 builds again |
| |
| Switched to the openssl-quic-draft-22 openssl branch. |
| |
| Closes #4271 |
| |
| - HTTP3: switched openssl branch to use |
| |
| - [Tatsuhiro Tsujikawa brought this change] |
| |
| ngtcp2: Build with latest ngtcp2 and ngtcp2_crypto_openssl |
| |
| Closes #4270 |
| |
| - http2: when marked for closure and wanted to close == OK |
| |
| It could otherwise return an error even when closed correctly if GOAWAY |
| had been received previously. |
| |
| Reported-by: Tom van der Woerdt |
| Fixes #4267 |
| Closes #4268 |
| |
| - RELEASE-NOTES: synced |
| |
| - build-openssl: fix build with Visual Studio 2019 |
| |
| Reviewed-by: Marcel Raad |
| Contributed-by: osabc on github |
| Fixes #4188 |
| Closes #4266 |
| |
| Kamil Dudka (26 Aug 2019) |
| - vauth: return CURLE_AUTH_ERROR on gss_init_sec_context() failure |
| |
| This is a follow-up to https://github.com/curl/curl/pull/3864 . |
| |
| Closes #4224 |
| |
| Daniel Stenberg (26 Aug 2019) |
| - KNOWN_BUGS: USE_UNIX_SOCKETS on Windows |
| |
| Closes #4040 |
| |
| - quiche: send the HTTP body correctly on callback uploads |
| |
| Closes #4265 |
| |
| - travis: disable ngtcp2 builds (temporarily) |
| |
| Just too many API changes right now |
| |
| Closes #4264 |
| |
| - ngtcp2: add support for SSLKEYLOGFILE |
| |
| Closes #4260 |
| |
| - ngtcp2: improve h3 response receiving |
| |
| Closes #4259 |
| |
| - ngtcp2: use nghttp3_version() |
| |
| - ngtcp2: sync with upstream API changes |
| |
| Assisted-by: Tatsuhiro Tsujikawa |
| |
| - [Kyle Abramowitz brought this change] |
| |
| scp: fix directory name length used in memcpy |
| |
| Fix read off end of array due to bad pointer math in getworkingpath for |
| SCP home directory case. |
| |
| Closes #4258 |
| |
| - http: the 'closed' struct field is used by both ngh2 and ngh3 |
| |
| and remove 'header_recvbuf', not used for anything |
| |
| Reported-by: Jeremy Lainé |
| |
| Closes #4257 |
| |
| - ngtcp2: accept upload via callback |
| |
| Closes #4256 |
| |
| - defines: avoid underscore-prefixed defines |
| |
| Double-underscored or underscore plus uppercase letter at least. |
| |
| ... as they're claimed to be reserved. |
| |
| Reported-by: patnyb on github |
| |
| Fixes #4254 |
| Closes #4255 |
| |
| - travis: add a build using ngtcp2 + nghttp3 (and a patched OpenSSL) |
| |
| Runs no tests |
| |
| Closes #4253 |
| |
| - travis: bump to using nghttp2 version 1.39.2 |
| |
| Closes #4252 |
| |
| - [Gisle Vanem brought this change] |
| |
| docs/examples/curlx: fix errors |
| |
| Initialise 'mimetype' and require the -p12 arg. |
| |
| Closes #4248 |
| |
| - cleanup: remove DOT_CHAR completely |
| |
| Follow-up to f9c7ba9096ec |
| |
| The use of DOT_CHAR for ".ssh" was probably a mistake and is removed |
| now. |
| |
| Pointed-out-by: Gisle Vanem |
| Bug: https://github.com/curl/curl/pull/4230#issuecomment-522960638 |
| |
| Closes #4247 |
| |
| - spnego_sspi: add typecast to fix build warning |
| |
| Reported in build "Win32 target on Debian Stretch (64-bit) - |
| i686-w64-mingw32 - gcc-20170516" |
| |
| Closes #4245 |
| |
| - openssl: build warning free with boringssl |
| |
| Closes #4244 |
| |
| - curl: make --libcurl use CURL_HTTP_VERSION_3 |
| |
| Closes #4243 |
| |
| - ngtcp2: make postfields-set posts work |
| |
| Closes #4242 |
| |
| - http: remove chunked-encoding and expect header use for HTTP/3 |
| |
| - [Alessandro Ghedini brought this change] |
| |
| configure: use pkg-config to detect quiche |
| |
| This removes the need to hard-code the quiche target path in |
| configure.ac. |
| |
| This depends on https://github.com/cloudflare/quiche/pull/128 |
| |
| Closes #4237 |
| |
| - CURLOPT_SSL_VERIFYHOST: treat the value 1 as 2 |
| |
| For a long time (since 7.28.1) we've returned error when setting the |
| value to 1 to make applications notice that we stopped supported the old |
| behavior for 1. Starting now, we treat 1 and 2 exactly the same. |
| |
| Closes #4241 |
| |
| - curl: use .curlrc (with a dot) on Windows as well |
| |
| Fall-back to _curlrc if the dot-version is missing. |
| |
| Co-Authored-By: Steve Holme |
| |
| Closes #4230 |
| |
| - netrc: make the code try ".netrc" on Windows as well |
| |
| ... but fall back and try "_netrc" too if the dot version didn't work. |
| |
| Co-Authored-By: Steve Holme |
| |
| - ngtcp2: use ngtcp2_version() to get the run-time version |
| |
| ... which of course doesn't have to be the same used at build-time. |
| |
| Function just recently merged in ngtcp2. |
| |
| - ngtcp2: move the h3 initing to immediately after the rx key |
| |
| To fix a segfault and to better deal with 0-RTT |
| |
| Assisted-by: Tatsuhiro Tsujikawa |
| |
| - [Alessandro Ghedini brought this change] |
| |
| quiche: register debug callback once and earlier |
| |
| The quiche debug callback is global and can only be initialized once, so |
| make sure we don't do it multiple times (e.g. if multiple requests are |
| executed). |
| |
| In addition this initializes the callback before the connection is |
| created, so we get logs for the handshake as well. |
| |
| Closes #4236 |
| |
| - ssh: add a generic Curl_ssh_version function for SSH backends |
| |
| Closes #4235 |
| |
| - base64: check for SSH, not specific SSH backends |
| |
| - vssh: move ssh init/cleanup functions into backend code |
| |
| - vssh: create directory for SSH backend code |
| |
| - TODO/ROADMAP: remove "refuse downgrade redirects" and HTTP/3 |
| |
| HTTP3 is now already in full progress |
| |
| Downgrade redirects can be achived almost exactly like that by setting |
| CURLOPT_REDIR_PROTOCOLS. |
| |
| - RELEASE-NOTES: synced |
| |
| - travis: add a quiche build |
| |
| Closes #4207 |
| |
| - http: fix use of credentials from URL when using HTTP proxy |
| |
| When a username and password are provided in the URL, they were wrongly |
| removed from the stored URL so that subsequent uses of the same URL |
| wouldn't find the crendentials. This made doing HTTP auth with multiple |
| connections (like Digest) mishave. |
| |
| Regression from 46e164069d1a5230 (7.62.0) |
| |
| Test case 335 added to verify. |
| |
| Reported-by: Mike Crowe |
| |
| Fixes #4228 |
| Closes #4229 |
| |
| - [Mike Crowe brought this change] |
| |
| tests: Replace outdated test case numbering documentation |
| |
| Tests are no longer grouped by numeric range[1]. Let's stop saying that |
| and provide some alternative advice for numbering tests. |
| |
| [1] https://curl.haxx.se/mail/lib-2019-08/0043.html |
| |
| Closes #4227 |
| |
| - travis: reduce number of torture tests in 'coverage' |
| |
| ... to make it complete in time. This cut seems not almost not affect |
| the coverage percentage and yet completes within 35 minutes on travis |
| where the previous runs recently always timed out after 50. |
| |
| Closes #4223 |
| |
| - [Igor Makarov brought this change] |
| |
| configure: use -lquiche to link to quiche |
| |
| Closes #4226 |
| |
| - ngtcp2: provide the callbacks as a static struct |
| |
| ... instead of having them in quicsocket |
| |
| - [Tatsuhiro Tsujikawa brought this change] |
| |
| ngtcp2: add missing nghttp3_conn_add_write_offset call |
| |
| Closes #4225 |
| |
| - [Tatsuhiro Tsujikawa brought this change] |
| |
| ngtcp2: deal with stream close |
| |
| - [Tatsuhiro Tsujikawa brought this change] |
| |
| ngtcp2: Consume QUIC STREAM data properly |
| |
| - [Tatsuhiro Tsujikawa brought this change] |
| |
| ngtcp2: don't reinitialize SSL on Retry |
| |
| - multi: getsock improvements for QUIC connecting |
| |
| - connect: connections are persistent by default for HTTP/3 |
| |
| - quiche: happy eyeballs |
| |
| Closes #4220 |
| |
| - ngtcp2: do QUIC connections happy-eyeballs friendly |
| |
| - curl_version: bump string buffer size to 250 |
| |
| With HTTP/3 libs and plenty TLS libs, I manged to hit the limit (which |
| causes a truncated output). |
| |
| - CURLOPT_ALTSVC.3: use a "" file name to not load from a file |
| |
| Jay Satiro (14 Aug 2019) |
| - vauth: Use CURLE_AUTH_ERROR for auth function errors |
| |
| - Add new error code CURLE_AUTH_ERROR. |
| |
| Prior to this change auth function errors were signaled by |
| CURLE_OUT_OF_MEMORY and CURLE_RECV_ERROR, and neither one was |
| technically correct. |
| |
| Ref: https://github.com/curl/curl/pull/3848 |
| |
| Co-authored-by: Dominik Hölzl |
| |
| Closes https://github.com/curl/curl/pull/3864 |
| |
| Daniel Stenberg (13 Aug 2019) |
| - curl_version_info: make the quic_version a const |
| |
| Follow-up from 1a2df1518ad8653f |
| |
| Closes #4222 |
| |
| - examples: add http3.c, altsvc.c and http3-present.c |
| |
| Closes #4221 |
| |
| Peter Wu (13 Aug 2019) |
| - nss: use TLSv1.3 as default if supported |
| |
| SSL_VersionRangeGetDefault returns (TLSv1.0, TLSv1.2) as supported |
| range in NSS 3.45. It looks like the intention is to raise the minimum |
| version rather than lowering the maximum, so adjust accordingly. Note |
| that the caller (nss_setup_connect) initializes the version range to |
| (TLSv1.0, TLSv1.3), so there is no need to check for >= TLSv1.0 again. |
| |
| Closes #4187 |
| Reviewed-by: Daniel Stenberg |
| Reviewed-by: Kamil Dudka |
| |
| Daniel Stenberg (13 Aug 2019) |
| - quic.h: remove unused proto |
| |
| - curl_version_info.3: mentioned ALTSVC and HTTP3 |
| |
| ... and sorted the list alphabetically |
| |
| - lib/quic.c: unused - removed |
| |
| - CURLOPT_ALTSVC_CTRL.3: remove CURLALTSVC_ALTUSED |
| |
| Follow-up to 98c3f148 that removed it from the header file |
| |
| - [Junho Choi brought this change] |
| |
| docs/HTTP3: simplify quiche build instruction |
| |
| Use --recursive to get boringssl in one line |
| |
| Closes #4219 |
| |
| - altsvc: make it use h3-22 with ngtcp2 as well |
| |
| - ngtcp2: initial h3 request work |
| |
| Closes #4217 |
| |
| - curl_version_info: offer quic (and h3) library info |
| |
| Closes #4216 |
| |
| - HTTP3: use ngtcp2's draft-22 branch |
| |
| - RELEASE-NOTES: synced |
| |
| - CURLOPT_READFUNCTION.3: provide inline example |
| |
| ... instead of mentioning one in another place |
| |
| - [Tatsuhiro Tsujikawa brought this change] |
| |
| ngtcp2: send HTTP/3 request with nghttp3 |
| |
| This commit makes sending HTTP/3 request with nghttp3 work. It |
| minimally receives HTTP response and calls nghttp3 callbacks, but no |
| processing is made at the moment. |
| |
| Closes #4215 |
| |
| - nghttp3: initial h3 template code added |
| |
| - nghttp3: required when ngtcp2 is used for QUIC |
| |
| - checked for by configure |
| - updated docs/HTTP3.md |
| - shown in the version string |
| |
| Closes #4210 |
| |
| - [Eric Wong brought this change] |
| |
| asyn-thread: issue CURL_POLL_REMOVE before closing socket |
| |
| This avoids EBADF errors from EPOLL_CTL_DEL operations in the |
| ephiperfifo.c example. EBADF is dangerous in multi-threaded |
| applications where I rely on epoll_ctl to operate on the same |
| epoll description from different threads. |
| |
| Follow-up to eb9a604f8d7db8 |
| |
| Bug: https://curl.haxx.se/mail/lib-2019-08/0026.html |
| Closes #4211 |
| |
| - [Carlo Marcelo Arenas Belón brought this change] |
| |
| configure: avoid undefined check_for_ca_bundle |
| |
| instead of using a "greater than 0" test, check for variable being |
| set, as it is always set to 1, and could be left unset if non of |
| OPENSSL MBEDTLS GNUTLS WOLFSSL is being configured for. |
| |
| Closes #4213 |
| |
| - [Tatsuhiro Tsujikawa brought this change] |
| |
| ngtcp2: Send ALPN h3-22 |
| |
| Closes #4212 |
| |
| - [Tatsuhiro Tsujikawa brought this change] |
| |
| ngtcp2: use ngtcp2_settings_default and specify initial_ts |
| |
| - curl_global_init_mem.3: mention it was added in 7.12.0 |
| |
| - [Tatsuhiro Tsujikawa brought this change] |
| |
| ngtcp2: make the QUIC handshake work |
| |
| Closes #4209 |
| |
| - [Alex Mayorga brought this change] |
| |
| HTTP3.md: Update quiche build instructions |
| |
| Added cloning for quiche and BoringSSL and modified the build |
| instructions so they work on a clean folder. |
| |
| Closes #4208 |
| |
| - CURLOPT_H3: removed |
| |
| There's no use for this anymore and it was never in a release. |
| |
| Closes #4206 |
| |
| - http3: make connection reuse work |
| |
| Closes #4204 |
| |
| - quiche: add SSLKEYLOGFILE support |
| |
| - cleanup: s/curl_debug/curl_dbg_debug in comments and docs |
| |
| Leftovers from the function rename back in 76b63489495 |
| |
| Reported-by: Gisle Vanem |
| Bug: https://github.com/curl/curl/commit/f3e0f071b14fcb46a453f69bdf4e062bcaacf362#com |
| mitcomment-34601751 |
| |
| Closes #4203 |
| |
| - RELEASE-NOTES: synced |
| |
| - alt-svc: add protocol version selection masking |
| |
| So that users can mask in/out specific HTTP versions when Alt-Svc is |
| used. |
| |
| - Removed "h2c" and updated test case accordingly |
| - Changed how the altsvc struct is laid out |
| - Added ifdefs to make the unittest run even in a quiche-tree |
| |
| Closes #4201 |
| |
| - http3: fix the HTTP/3 in the request, make alt-svc set right versions |
| |
| Closes #4200 |
| |
| - alt-svc: send Alt-Used: in redirected requests |
| |
| RFC 7838 section 5: |
| |
| When using an alternative service, clients SHOULD include an Alt-Used |
| header field in all requests. |
| |
| Removed CURLALTSVC_ALTUSED again (feature is still EXPERIMENTAL thus |
| this is deemed ok). |
| |
| You can disable sending this header just like you disable any other HTTP |
| header in libcurl. |
| |
| Closes #4199 |
| |
| - CURLOPT_HTTP_VERSION: seting this to 3 forces HTTP/3 use directly |
| |
| Even though it cannot fall-back to a lower HTTP version automatically. The |
| safer way to upgrade remains via CURLOPT_ALTSVC. |
| |
| CURLOPT_H3 no longer has any bits that do anything and might be removed |
| before we remove the experimental label. |
| |
| Updated the curl tool accordingly to use "--http3". |
| |
| Closes #4197 |
| |
| - docs/ALTSVC: remove what works and the experimental explanation |
| |
| Also, put the TODO items at the bottom. |
| |
| Closes #4198 |
| |
| - docs/EXPERIMENTAL: explain what it means and what's experimental now |
| |
| - curl: make use of CURLINFO_RETRY_AFTER when retrying |
| |
| If a Retry-After: header was used in the response, that value overrides |
| other retry timing options. |
| |
| Fixes #3794 |
| Closes #4195 |
| |
| - curl: use CURLINFO_PROTOCOL to check for HTTP(s) |
| |
| ... instead of CURLINFO_EFFECTIVE_URL to avoid string operations. |
| |
| - CURLINFO_RETRY_AFTER: parse the Retry-After header value |
| |
| This is only the libcurl part that provides the information. There's no |
| user of the parsed value. This change includes three new tests for the |
| parser. |
| |
| Ref: #3794 |
| |
| - docs/ALTSVC.md: first basic file format description |
| |
| - curl: have -w's 'http_version' show '3' for HTTP/3 |
| |
| Closes #4196 |
| |
| - curl.h: add CURL_HTTP_VERSION_3 to the version enum |
| |
| It can't be set for CURLOPT_HTTP_VERSION, but it can be extracted with |
| CURLINFO_HTTP_VERSION. |
| |
| - quiche: make use of the connection timeout API properly |
| |
| - quiche: make POSTFIELDS posts work |
| |
| - quiche: improved error handling and memory cleanups |
| |
| - quiche: flush egress in h3_stream_recv() too |
| |
| - RELEASE-NOTES: synced |
| |
| Jay Satiro (6 Aug 2019) |
| - [Patrick Monnerat brought this change] |
| |
| os400: take care of CURLOPT_SASL_AUTHZID in curl_easy_setopt_ccsid(). |
| |
| Ref: https://github.com/curl/curl/issues/3653 |
| Ref: https://github.com/curl/curl/pull/3790 |
| |
| NOTE: This commit was cherry-picked and is part of a series of commits |
| that added the authzid feature for upcoming 7.66.0. The series was |
| temporarily reverted in db8ec1f so that it would not ship in a 7.65.x |
| patch release. |
| |
| Closes https://github.com/curl/curl/pull/4186 |
| |
| - tests: Fix the line endings for the SASL alt-auth tests |
| |
| - Change data and protocol sections to CRLF line endings. |
| |
| Prior to this change the tests would fail or hang, which is because |
| certain sections such as protocol require CRLF line endings. |
| |
| Follow-up to grandparent commit which added the tests. |
| |
| Ref: https://github.com/curl/curl/issues/3653 |
| Ref: https://github.com/curl/curl/pull/3790 |
| |
| NOTE: This commit was cherry-picked and is part of a series of commits |
| that added the authzid feature for upcoming 7.66.0. The series was |
| temporarily reverted in db8ec1f so that it would not ship in a 7.65.x |
| patch release. |
| |
| Closes https://github.com/curl/curl/pull/4186 |
| |
| - [Steve Holme brought this change] |
| |
| examples: Added SASL PLAIN authorisation identity (authzid) examples |
| |
| Ref: https://github.com/curl/curl/issues/3653 |
| Ref: https://github.com/curl/curl/pull/3790 |
| |
| NOTE: This commit was cherry-picked and is part of a series of commits |
| that added the authzid feature for upcoming 7.66.0. The series was |
| temporarily reverted in db8ec1f so that it would not ship in a 7.65.x |
| patch release. |
| |
| Closes https://github.com/curl/curl/pull/4186 |
| |
| - [Steve Holme brought this change] |
| |
| curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the tool |
| |
| Ref: https://github.com/curl/curl/issues/3653 |
| Ref: https://github.com/curl/curl/pull/3790 |
| |
| NOTE: This commit was cherry-picked and is part of a series of commits |
| that added the authzid feature for upcoming 7.66.0. The series was |
| temporarily reverted in db8ec1f so that it would not ship in a 7.65.x |
| patch release. |
| |
| Closes https://github.com/curl/curl/pull/4186 |
| |
| - [Steve Holme brought this change] |
| |
| sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID |
| |
| Added the ability for the calling program to specify the authorisation |
| identity (authzid), the identity to act as, in addition to the |
| authentication identity (authcid) and password when using SASL PLAIN |
| authentication. |
| |
| Fixes #3653 |
| Closes #3790 |
| |
| NOTE: This commit was cherry-picked and is part of a series of commits |
| that added the authzid feature for upcoming 7.66.0. The series was |
| temporarily reverted in db8ec1f so that it would not ship in a 7.65.x |
| patch release. |
| |
| Closes https://github.com/curl/curl/pull/4186 |
| |
| Daniel Stenberg (6 Aug 2019) |
| - docs/HTTP3: refreshed as it is now in master and HTTP/3 can be tested |
| |
| - [Yiming Jing brought this change] |
| |
| mesalink: implement client authentication |
| |
| Closes #4184 |
| |
| - curl_multi_poll: a sister to curl_multi_wait() that waits more |
| |
| Repeatedly we see problems where using curl_multi_wait() is difficult or |
| just awkward because if it has no file descriptor to wait for |
| internally, it returns immediately and leaves it to the caller to wait |
| for a small amount of time in order to avoid occasional busy-looping. |
| |
| This is often missed or misunderstood, leading to underperforming |
| applications. |
| |
| This change introduces curl_multi_poll() as a replacement drop-in |
| function that accepts the exact same set of arguments. This function |
| works identically to curl_multi_wait() - EXCEPT - for the case when |
| there's nothing to wait for internally, as then this function will by |
| itself wait for a "suitable" short time before it returns. This |
| effectiely avoids all risks of busy-looping and should also make it less |
| likely that apps "over-wait". |
| |
| This also changes the curl tool to use this funtion internally when |
| doing parallel transfers and changes curl_easy_perform() to use it |
| internally. |
| |
| Closes #4163 |
| |
| - quiche:h3_stream_recv return 0 at end of stream |
| |
| ... and remove some verbose messages we don't need. Made transfers from |
| facebook.com work better. |
| |
| - altsvc: make quiche use h3-22 now |
| |
| - quiche: show the actual version number |
| |
| - quiche: first working HTTP/3 request |
| |
| - enable debug log |
| - fix use of quiche API |
| - use download buffer |
| - separate header/body |
| |
| Closes #4193 |
| |
| - http09: disable HTTP/0.9 by default in both tool and library |
| |
| As the plan has been laid out in DEPRECATED. Update docs accordingly and |
| verify in test 1174. Now requires the option to be set to allow HTTP/0.9 |
| responses. |
| |
| Closes #4191 |
| |
| - quiche: initial h3 request send/receive |
| |
| - lib/Makefile.am: make checksrc run in vquic too |
| |
| - altsvc: fix removal of expired cache entry |
| |
| Closes #4192 |
| |
| - RELEASE-NOTES: synced |
| |
| Steve Holme (4 Aug 2019) |
| - md4: Use our own MD4 implementation when no crypto libraries are available |
| |
| Closes #3780 |
| |
| - md4: No need to include Curl_md4.h for each TLS library |
| |
| - md4: No need for the NTLM code to call Curl_md4it() for each TLS library |
| |
| As the NTLM code no longer calls any of TLS libraries' specific MD4 |
| functions, there is no need to call this function for each #ifdef. |
| |
| - md4: Move the mbed TLS MD4 implementation out of the NTLM code |
| |
| - md4: Move the WinCrypt implementation out of the NTLM code |
| |
| - md4: Move the SecureTransport implementation out of the NTLM code |
| |
| - md4: Use the Curl_md4it() function for OpenSSL based NTLM |
| |
| - md4: Move the GNU TLS gcrypt MD4 implementation out of the NTLM code |
| |
| - md4: Move the GNU TLS Nettle MD4 implementation out of the NTLM code |
| |
| Jay Satiro (4 Aug 2019) |
| - OS400: Add CURLOPT_H3 symbols |
| |
| Follow-up to 3af0e76 which added experimental H3 support. |
| |
| Closes https://github.com/curl/curl/pull/4185 |
| |
| Daniel Stenberg (3 Aug 2019) |
| - url: make use of new HTTP version if alt-svc has one |
| |
| - url: set conn->transport to default TCP at init time |
| |
| - altsvc: with quiche, use the quiche h3 alpn string |
| |
| Closes #4183 |
| |
| - alt-svc: more liberal ALPN name parsing |
| |
| Allow pretty much anything to be part of the ALPN identifier. In |
| particular minus, which is used for "h3-20" (in-progress HTTP/3 |
| versions) etc. |
| |
| Updated test 356. |
| Closes #4182 |
| |
| - quiche: use the proper HTTP/3 ALPN |
| |
| - quiche: add failf() calls for two error cases |
| |
| To aid debugging |
| |
| Closes #4181 |
| |
| - mailmap: added Kyohei Kadota |
| |
| Kamil Dudka (1 Aug 2019) |
| - http_negotiate: improve handling of gss_init_sec_context() failures |
| |
| If HTTPAUTH_GSSNEGOTIATE was used for a POST request and |
| gss_init_sec_context() failed, the POST request was sent |
| with empty body. This commit also restores the original |
| behavior of `curl --fail --negotiate`, which was changed |
| by commit 6c6035532383e300c712e4c1cd9fdd749ed5cf59. |
| |
| Add regression tests 2077 and 2078 to cover this. |
| |
| Fixes #3992 |
| Closes #4171 |
| |
| Daniel Stenberg (1 Aug 2019) |
| - mailmap: added 4 more names |
| |
| Evgeny Grin, Peter Pih, Anton Malov and Marquis de Muesli |
| |
| - mailmap: add Giorgos Oikonomou |
| |
| - src/makefile: fix uncompressed hugehelp.c generation |
| |
| Regression from 5cf5d57ab9 (7.64.1) |
| |
| Fixed-by: Lance Ware |
| Fixes #4176 |
| Closes #4177 |
| |
| - appveyor: pass on -k to make |
| |
| - timediff: make it 64 bit (if possible) even with 32 bit time_t |
| |
| ... to make it hold microseconds too. |
| |
| Fixes #4165 |
| Closes #4168 |
| |
| - ROADMAP: parallel transfers are merged now |
| |
| - getenv: support up to 4K environment variable contents on windows |
| |
| Reported-by: Michal Čaplygin |
| Fixes #4174 |
| Closes #4175 |
| |
| - [Kyohei Kadota brought this change] |
| |
| plan9: add support for running on Plan 9 |
| |
| Closes #3701 |
| |
| - [Kyohei Kadota brought this change] |
| |
| ntlm: explicit type casting |
| |
| - [Justin brought this change] |
| |
| curl.h: fix outdated comment |
| |
| Closes #4167 |
| |
| - curl: remove outdated comment |
| |
| Turned bad with commit b8894085000 |
| |
| Reported-by: niallor on github |
| Fixes #4172 |
| Closes #4173 |
| |
| - cleanup: remove the 'numsocks' argument used in many places |
| |
| It was used (intended) to pass in the size of the 'socks' array that is |
| also passed to these functions, but was rarely actually checked/used and |
| the array is defined to a fixed size of MAX_SOCKSPEREASYHANDLE entries |
| that should be used instead. |
| |
| Closes #4169 |
| |
| - readwrite_data: repair setting the TIMER_STARTTRANSFER stamp |
| |
| Regression, broken in commit 65eb65fde64bd5f (curl 7.64.1) |
| |
| Reported-by: Jonathan Cardoso Machado |
| Assisted-by: Jay Satiro |
| |
| Fixes #4136 |
| Closes #4162 |
| |
| - mailmap: Amit Katyal |
| |
| - asyn-thread: removed unused variable |
| |
| Follow-up to eb9a604f. Mistake caused by me when I edited the commit |
| before push... |
| |
| - RELEASE-NOTES: synced |
| |
| - [Amit Katyal brought this change] |
| |
| asyn-thread: create a socketpair to wait on |
| |
| Closes #4157 |
| |
| - curl: cap the maximum allowed values for retry time arguments |
| |
| ... to avoid integer overflows later when multiplying with 1000 to |
| convert seconds to milliseconds. |
| |
| Added test 1269 to verify. |
| |
| Reported-by: Jason Lee |
| Closes #4166 |
| |
| - progress: reset download/uploaded counter |
| |
| ... to make CURLOPT_MAX_RECV_SPEED_LARGE and |
| CURLOPT_MAX_SEND_SPEED_LARGE work correctly on subsequent transfers that |
| reuse the same handle. |
| |
| Fixed-by: Ironbars13 on github |
| Fixes #4084 |
| Closes #4161 |
| |
| - http2_recv: trigger another read when the last data is returned |
| |
| ... so that end-of-stream is detected properly. |
| |
| Reported-by: Tom van der Woerdt |
| Fixes #4043 |
| Closes #4160 |
| |
| - curl: avoid uncessary libcurl timeouts (in parallel mode) |
| |
| When curl_multi_wait() returns OK without file descriptors to wait for, |
| it might already have done a long timeout. |
| |
| Closes #4159 |
| |
| - [Balazs Kovacsics brought this change] |
| |
| HTTP: use chunked Transfer-Encoding for HTTP_POST if size unknown |
| |
| If using the read callback for HTTP_POST, and POSTFIELDSIZE is not set, |
| automatically add a Transfer-Encoding: chunked header, same as it is |
| already done for HTTP_PUT, HTTP_POST_FORM and HTTP_POST_MIME. Update |
| test 1514 according to the new behaviour. |
| |
| Closes #4138 |
| |
| Jay Satiro (29 Jul 2019) |
| - [Daniel Stenberg brought this change] |
| |
| winbuild: add vquic to list of build directories |
| |
| This fixes the winbuild build method which broke several days ago |
| when experimental quic support was added in 3af0e76. |
| |
| Reported-by: Michael Lee |
| |
| Fixes https://github.com/curl/curl/issues/4158 |
| |
| - easy: resize receive buffer on easy handle reset |
| |
| - In curl_easy_reset attempt to resize the receive buffer to its default |
| size. If realloc fails then continue using the previous size. |
| |
| Prior to this change curl_easy_reset did not properly handle resetting |
| the receive buffer (data->state.buffer). It reset the variable holding |
| its size (data->set.buffer_size) to the default size (READBUFFER_SIZE) |
| but then did not actually resize the buffer. If a user resized the |
| buffer by using CURLOPT_BUFFERSIZE to set the size smaller than the |
| default, later called curl_easy_reset and attempted to reuse the handle |
| then a heap overflow would very likely occur during that handle's next |
| transfer. |
| |
| Reported-by: Felix Hädicke |
| |
| Fixes https://github.com/curl/curl/issues/4143 |
| Closes https://github.com/curl/curl/pull/4145 |
| |
| - [Brad Spencer brought this change] |
| |
| examples: Avoid reserved names in hiperfifo examples |
| |
| - Trade in __attribute__((unused)) for the classic (void)x to silence |
| unused symbols. |
| |
| Because the classic way is not gcc specific. Also because the prior |
| method mapped to symbol _Unused, which starts with _ and a capital |
| letter which is reserved. |
| |
| Assisted-by: The Infinnovation team |
| |
| Bug: https://github.com/curl/curl/issues/4120#issuecomment-512542108 |
| |
| Closes https://github.com/curl/curl/pull/4153 |
| |
| Daniel Stenberg (25 Jul 2019) |
| - RELEASE-NOTES: synced |
| |
| - [Felix Hädicke brought this change] |
| |
| ssh-libssh: do not specify O_APPEND when not in append mode |
| |
| Specifying O_APPEND in conjunction with O_TRUNC and O_CREAT does not |
| make much sense. And this combination of flags is not accepted by all |
| SFTP servers (at least not Apache SSHD). |
| |
| Fixes #4147 |
| Closes #4148 |
| |
| - [Gergely Nagy brought this change] |
| |
| multi: call detach_connection before Curl_disconnect |
| |
| Curl_disconnect bails out if conn->easyq is not empty, detach_connection |
| needs to be called first to remove the current easy from the queue. |
| |
| Fixes #4144 |
| Closes #4151 |
| |
| Jay Satiro (23 Jul 2019) |
| - tool_operate: fix implicit call to easysrc_cleanup |
| |
| easysrc_cleanup is only defined when CURL_DISABLE_LIBCURL_OPTION is not |
| defined, and prior to this change would be called regardless. |
| |
| Bug: https://github.com/curl/curl/pull/3804#issuecomment-513922637 |
| Reported-by: Marcel Raad |
| |
| Closes https://github.com/curl/curl/pull/4142 |
| |
| Daniel Stenberg (22 Jul 2019) |
| - curl:create_transfers check return code from curl_easy_setopt |
| |
| From commit b8894085 |
| |
| Pointed out by Coverity CID 1451703 |
| |
| Closes #4134 |
| |
| - HTTP3: initial (experimental) support |
| |
| USe configure --with-ngtcp2 or --with-quiche |
| |
| Using either option will enable a HTTP3 build. |
| Co-authored-by: Alessandro Ghedini <alessandro@ghedini.me> |
| |
| Closes #3500 |
| |
| - curl: remove dead code |
| |
| The loop never loops (since b889408500), pointed out by Coverity (CID |
| 1451702) |
| |
| Closes #4133 |
| |
| - docs/PARALLEL-TRANSFERS: correct the version number |
| |
| - docs/PARALLEL-TRANSFERS: added |
| |
| - curl: support parallel transfers |
| |
| This is done by making sure each individual transfer is first added to a |
| linked list as then they can be performed serially, or at will, in |
| parallel. |
| |
| Closes #3804 |
| |
| - docs/MANUAL.md: converted to markdown from plain text |
| |
| ... will make it render as a nicer web page. |
| |
| Closes #4131 |
| |
| - curl_version_info: provide nghttp2 details |
| |
| Introducing CURLVERSION_SIXTH with nghttp2 info. |
| |
| Closes #4121 |
| |
| - bump: start working on 7.66.0 |
| |
| - source: remove names from source comments |
| |
| Several reasons: |
| |
| - we can't add everyone who's helping out so its unfair to just a few |
| selected ones. |
| - we already list all helpers in THANKS and in RELEASE-NOTES for each |
| release |
| - we don't want to give the impression that some parts of the code is |
| "owned" or "controlled" by specific persons |
| |
| Assisted-by: Daniel Gustafsson |
| Closes #4129 |
| |
| Version 7.65.3 (19 Jul 2019) |
| |
| Daniel Stenberg (19 Jul 2019) |
| - RELEASE-NOTES: 7.65.3 |
| |
| - THANKS: 7.65.3 status |
| |
| - progress: make the progress meter appear again |
| |
| Fix regression caused by 21080e1 |
| |
| Reported-by: Chih-Hsuan Yen |
| Fixes #4122 |
| Closes #4124 |
| |
| - version: bump to 7.65.3 |
| |
| - RELEASE-NOTES: Contributors or now 1990 |
| |
| Version 7.65.2 (17 Jul 2019) |
| |
| Daniel Stenberg (17 Jul 2019) |
| - RELEASE-NOTES: 7.65.2 |
| |
| - THANKS: add contributors from 7.65.2 |
| |
| Jay Satiro (17 Jul 2019) |
| - [aasivov brought this change] |
| |
| cmake: Fix finding Brotli on case-sensitive file systems |
| |
| - Find package "Brotli" instead of "BROTLI" since the former is the |
| casing used for CMake/FindBrotli.cmake, and otherwise find_package |
| may fail on a case-sensitive file system. |
| |
| Fixes https://github.com/curl/curl/issues/4117 |
| |
| - CURLOPT_RANGE.3: Caution against using it for HTTP PUT |
| |
| AFAICT CURLOPT_RANGE does not support ranged HTTP PUT uploads so I've |
| cautioned against using it for that purpose and included a workaround. |
| |
| Bug: https://curl.haxx.se/mail/lib-2019-04/0075.html |
| Reported-by: Christopher Head |
| |
| Closes https://github.com/curl/curl/issues/3814 |
| |
| - [Stefano Simonelli brought this change] |
| |
| CURLOPT_SEEKDATA.3: fix variable name |
| |
| Closes https://github.com/curl/curl/pull/4118 |
| |
| - [Giorgos Oikonomou brought this change] |
| |
| CIPHERS.md: Explain Schannel error SEC_E_ALGORITHM_MISMATCH |
| |
| If the SSL backend is Schannel and the user specifies an Schannel CALG_ |
| that is not supported by the protocol or the server then curl returns |
| CURLE_SSL_CONNECT_ERROR (35) SEC_E_ALGORITHM_MISMATCH. |
| |
| Fixes https://github.com/curl/curl/issues/3389 |
| Closes https://github.com/curl/curl/pull/4106 |
| |
| - [Daniel Gustafsson brought this change] |
| |
| nss: inspect returnvalue of token check |
| |
| PK11_IsPresent() checks for the token for the given slot is available, |
| and sets needlogin flags for the PK11_Authenticate() call. Should it |
| return false, we should however treat it as an error and bail out. |
| |
| Closes https://github.com/curl/curl/pull/4110 |
| |
| - docs: Explain behavior change in --tlsv1. options since 7.54 |
| |
| Since 7.54 --tlsv1. options use the specified version or later, however |
| older versions of curl documented it as using just the specified version |
| which may or may not have happened depending on the TLS library. |
| Document this discrepancy to allay confusion for users familiar with the |
| old documentation that expect just the specified version. |
| |
| Fixes https://github.com/curl/curl/issues/4097 |
| Closes https://github.com/curl/curl/pull/4119 |
| |
| - libcurl: Restrict redirect schemes (follow-up) |
| |
| - Allow FTPS on redirect. |
| |
| - Update default allowed redirect protocols in documentation. |
| |
| Follow-up to 6080ea0. |
| |
| Ref: https://github.com/curl/curl/pull/4094 |
| |
| Closes https://github.com/curl/curl/pull/4115 |
| |
| Daniel Stenberg (16 Jul 2019) |
| - test1173: make it also check all libcurl option man pages |
| |
| ... and adjust those that cause errors |
| |
| Closes #4116 |
| |
| - curl: only accept COLUMNS less than 10000 |
| |
| ... as larger values would rather indicate something silly (and could |
| potentially cause buffer problems). |
| |
| Reported-by: pendrek at hackerone |
| Closes #4114 |
| |
| - dist: add manpage-syntax.pl |
| |
| follow-up to 7fb66c403 |
| |
| - test1173: detect some basic man page format mistakes |
| |
| Triggered by PR #4111 |
| |
| Closes #4113 |
| |
| Jay Satiro (15 Jul 2019) |
| - [Bjarni Ingi Gislason brought this change] |
| |
| docs: Fix missing lines caused by undefined macros |
| |
| - Escape apostrophes at line start. |
| |
| Some lines begin with a "'" (apostrophe, single quote), which is then |
| interpreted as a control character in *roff. |
| |
| Such lines are interpreted as being a call to a macro, and if |
| undefined, the lines are removed from the output. |
| |
| Bug: https://bugs.debian.org/926352 |
| Signed-off-by: Bjarni Ingi Gislason <bjarniig@rhi.hi.is> |
| |
| Submitted-by: Alessandro Ghedini |
| |
| Closes https://github.com/curl/curl/pull/4111 |
| |
| Daniel Stenberg (14 Jul 2019) |
| - libcurl-security.3: update to new CURLOPT_REDIR_PROTOCOLS defaults |
| |
| follow-up to 6080ea098 |
| |
| - [Linos Giannopoulos brought this change] |
| |
| libcurl: Add testcase for gopher redirects |
| |
| The testcase ensures that redirects to CURLPROTO_GOPHER won't be |
| allowed, by default, in the future. Also, curl is being used |
| for convenience while keeping the testcases DRY. |
| |
| The expected error code is CURLE_UNSUPPORTED_PROTOCOL when the client is |
| redirected to CURLPROTO_GOPHER |
| |
| Signed-off-by: Linos Giannopoulos <lgian@skroutz.gr> |
| |
| - [Linos Giannopoulos brought this change] |
| |
| libcurl: Restrict redirect schemes |
| |
| All protocols except for CURLPROTO_FILE/CURLPROTO_SMB and their TLS |
| counterpart were allowed for redirect. This vastly broadens the |
| exploitation surface in case of a vulnerability such as SSRF [1], where |
| libcurl-based clients are forced to make requests to arbitrary hosts. |
| |
| For instance, CURLPROTO_GOPHER can be used to smuggle any TCP-based |
| protocol by URL-encoding a payload in the URI. Gopher will open a TCP |
| connection and send the payload. |
| |
| Only HTTP/HTTPS and FTP are allowed. All other protocols have to be |
| explicitly enabled for redirects through CURLOPT_REDIR_PROTOCOLS. |
| |
| [1]: https://www.acunetix.com/blog/articles/server-side-request-forgery-vulnerability/ |
| |
| Signed-off-by: Linos Giannopoulos <lgian@skroutz.gr> |
| |
| Closes #4094 |
| |
| - [Zenju brought this change] |
| |
| openssl: define HAVE_SSL_GET_SHUTDOWN based on version number |
| |
| Closes #4100 |
| |
| - [Peter Simonyi brought this change] |
| |
| http: allow overriding timecond with custom header |
| |
| With CURLOPT_TIMECONDITION set, a header is automatically added (e.g. |
| If-Modified-Since). Allow this to be replaced or suppressed with |
| CURLOPT_HTTPHEADER. |
| |
| Fixes #4103 |
| Closes #4109 |
| |
| Jay Satiro (11 Jul 2019) |
| - [Juergen Hoetzel brought this change] |
| |
| smb: Use the correct error code for access denied on file open |
| |
| - Return CURLE_REMOTE_ACCESS_DENIED for SMB access denied on file open. |
| |
| Prior to this change CURLE_REMOTE_FILE_NOT_FOUND was returned instead. |
| |
| Closes https://github.com/curl/curl/pull/4095 |
| |
| - [Daniel Gustafsson brought this change] |
| |
| DEPRECATE: fixup versions and spelling |
| |
| Correctly set the July 17 version to 7.65.2, and update spelling to |
| be consistent. Also fix a typo. |
| |
| Closes https://github.com/curl/curl/pull/4107 |
| |
| - [Gisle Vanem brought this change] |
| |
| system_win32: fix clang warning |
| |
| - Declare variable in header as extern. |
| |
| Bug: https://github.com/curl/curl/commit/48b9ea4#commitcomment-34084597 |
| |
| Daniel Gustafsson (10 Jul 2019) |
| - headers: Remove no longer exported functions |
| |
| There were a leftover few prototypes of Curl_ functions that we used to |
| export but no longer do, this removes those prototypes and cleans up any |
| comments still referring to them. |
| |
| Curl_write32_le(), Curl_strcpy_url(), Curl_strlen_url(), Curl_up_free() |
| Curl_concat_url(), Curl_detach_connnection(), Curl_http_setup_conn() |
| were made static in 05b100aee247bb9bec8e9a1b0166496aa4248d1c. |
| Curl_http_perhapsrewind() made static in 574aecee208f79d391f10d57520b3. |
| |
| For the remainder, I didn't trawl the Git logs hard enough to capture |
| their exact time of deletion, but they were all gone: Curl_splayprint(), |
| Curl_http2_send_request(), Curl_global_host_cache_dtor(), |
| Curl_scan_cache_used(), Curl_hostcache_destroy(), Curl_second_connect(), |
| Curl_http_auth_stage() and Curl_close_connections(). |
| |
| Closes #4096 |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| - CMake: fix typos and spelling |
| |
| - [Kyle Edwards brought this change] |
| |
| CMake: Convert errant elseif() to else() |
| |
| CMake interprets an elseif() with no arguments as elseif(FALSE), |
| resulting in the elseif() block not being executed. That is not what |
| was intended here. Change the empty elseif() to an else() as it was |
| intended. |
| |
| Closes #4101 |
| Reported-by: Artalus <artalus-mail@yandex.ru> |
| Reviewed-by: Daniel Gustafsson <daniel@yesql.se> |
| |
| - buildconf: fix header filename |
| |
| The header file inclusion had a typo, it should be .h and not .hd. |
| Fix by renaming. |
| |
| Fixes #4102 |
| Reported-by: AceCrow on Github |
| |
| - [Jan Chren brought this change] |
| |
| configure: fix --disable-code-coverage |
| |
| This fixes the case when --disable-code-coverage supplied to ./configure |
| would result in coverage="yes" being set. |
| |
| Closes #4099 |
| Reviewed-by: Daniel Gustafsson <daniel@yesql.se> |
| |
| - cleanup: fix typo in comment |
| |
| - RELEASE-NOTES: synced |
| |
| Jay Satiro (6 Jul 2019) |
| - [Daniel Gustafsson brought this change] |
| |
| nss: support using libnss on macOS |
| |
| The file suffix for dynamically loadable objects on macOS is .dylib, |
| which need to be added for the module definitions in order to get the |
| NSS TLS backend to work properly on macOS. |
| |
| Closes https://github.com/curl/curl/pull/4046 |
| |
| - [Daniel Gustafsson brought this change] |
| |
| nss: don't set unused parameter |
| |
| The value of the maxPTDs parameter to PR_Init() has since at least |
| NSPR 2.1, which was released sometime in 1998, been marked ignored |
| as is accordingly not used in the initialization code. Setting it |
| to a value when calling PR_Init() is thus benign, but indicates an |
| intent which may be misleading. Reset the value to zero to improve |
| clarity. |
| |
| Closes https://github.com/curl/curl/pull/4054 |
| |
| - [Daniel Gustafsson brought this change] |
| |
| nss: only cache valid CRL entries |
| |
| Change the logic around such that we only keep CRLs that NSS actually |
| ended up caching around for later deletion. If CERT_CacheCRL() fails |
| then there is little point in delaying the freeing of the CRL as it |
| is not used. |
| |
| Closes https://github.com/curl/curl/pull/4053 |
| |
| - [Gergely Nagy brought this change] |
| |
| lib: Use UTF-8 encoding in comments |
| |
| Some editors and IDEs assume that source files use UTF-8 file encodings. |
| It also fixes the build with MSVC when /utf-8 command line option is |
| used (this option is mandatory for some other open-source projects, this |
| is useful when using the same options is desired for building all |
| libraries of a project). |
| |
| Closes https://github.com/curl/curl/pull/4087 |
| |
| - [Caleb Raitto brought this change] |
| |
| CURLOPT_HEADEROPT.3: Fix example |
| |
| Fix an issue where example builds a curl_slist, but fails to actually |
| use it, or free it. |
| |
| Closes https://github.com/curl/curl/pull/4090 |
| |
| - [Shankar Jadhavar brought this change] |
| |
| winbuild: Change Makefile to honor ENABLE_OPENSSL_AUTO_LOAD_CONFIG |
| |
| - Made changes so that ENABLE_OPENSSL_AUTO_LOAD_CONFIG will be honored. |
| |
| - Also removed some ^M chars from file. |
| |
| Prior to this change while building on Windows platform even if we pass |
| the ENABLE_OPENSSL_AUTO_LOAD_CONFIG option with value as "no" it does |
| not set the CURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG flag. |
| |
| Closes https://github.com/curl/curl/pull/4086 |
| |
| Daniel Stenberg (4 Jul 2019) |
| - doh-url.d: added in 7.62.0 |
| |
| Jay Satiro (30 Jun 2019) |
| - docs: Fix links to OpenSSL docs |
| |
| OpenSSL changed their manual locations and does not redirect to the new |
| locations. |
| |
| Bug: https://curl.haxx.se/mail/lib-2019-06/0056.html |
| Reported-by: Daniel Stenberg |
| |
| Daniel Stenberg (26 Jun 2019) |
| - [Gaël PORTAY brought this change] |
| |
| curl_multi_wait.3: escape backslash in example |
| |
| The backslash in the character Line Feed must be escaped. |
| |
| The current man-page outputs the code as following: |
| |
| fprintf(stderr, "curl_multi failed, code %d.0, mc); |
| |
| The commit fixes it as follow: |
| |
| fprintf(stderr, "curl_multi failed, code %d\n", mc); |
| |
| Closes #4079 |
| |
| - openssl: disable engine if OPENSSL_NO_UI_CONSOLE is defined |
| |
| ... since that needs UI_OpenSSL() which isn't provided when OpenSSL is |
| built with OPENSSL_NO_UI_CONSOLE which happens when OpenSSL is built for |
| UWP (with "VC-WIN32-UWP"). |
| |
| Reported-by: Vasily Lobaskin |
| Fixes #4073 |
| Closes #4077 |
| |
| - test1521: adapt to SLISTPOINT |
| |
| The header now has the slist-using options marked as SLISTPOINT so this |
| makes sure test 1521 understands that. |
| |
| Follow-up to ae99b4de1c443ae989 |
| |
| Closes #4074 |
| |
| - win32: make DLL loading a no-op for UWP |
| |
| Reported-by: Michael Brehm |
| Fixes #4060 |
| Closes #4072 |
| |
| - [1ocalhost brought this change] |
| |
| configure: fix typo '--disable-http-uath' |
| |
| Closes #4076 |
| |
| - [Niklas Hambüchen brought this change] |
| |
| docs: fix string suggesting HTTP/2 is not the default |
| |
| Commit 25fd1057c9c86e3 made HTTP2 the default, and further down in the |
| man page that new default is mentioned, but the section at the top |
| contradicted it until now. |
| |
| Also remove claim that setting the HTTP version is not sensible. |
| |
| Closes #4075 |
| |
| - RELEASE-NOTES: synced |
| |
| - [Stephan Szabo brought this change] |
| |
| tests: update fixed IP for hostip/clientip split |
| |
| These tests give differences for me on linux when using a hostip |
| pointing to the external ip address for the local machine. |
| |
| Closes #4070 |
| |
| Daniel Gustafsson (24 Jun 2019) |
| - http: clarify header buffer size calculation |
| |
| The header buffer size calculation can from static analysis seem to |
| overlow as it performs an addition between two size_t variables and |
| stores the result in a size_t variable. Overflow is however guarded |
| against elsewhere since the input to the addition is regulated by |
| the maximum read buffer size. Clarify this with a comment since the |
| question was asked. |
| |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| Daniel Stenberg (24 Jun 2019) |
| - KNOWN_BUGS: Don't clear digest for single realm |
| |
| Closes #3267 |
| |
| - KNOWN_BUGS: Schannel disable CURLOPT_SSL_VERIFYPEER and verify hostname |
| |
| Closes #3284 |
| |
| - http2: call done_sending on end of upload |
| |
| To make sure a HTTP/2 stream registers the end of stream. |
| |
| Bug #4043 made me find this problem but this fix doesn't correct the |
| reported issue. |
| |
| Closes #4068 |
| |
| - [James Brown brought this change] |
| |
| c-ares: honor port numbers in CURLOPT_DNS_SERVERS |
| |
| By using ares_set_servers_ports_csv on new enough c-ares. |
| |
| Fixes #4066 |
| Closes #4067 |
| |
| Daniel Gustafsson (24 Jun 2019) |
| - CURLMOPT_SOCKETFUNCTION.3: fix typo |
| |
| Daniel Stenberg (24 Jun 2019) |
| - [Koen Dergent brought this change] |
| |
| curl: skip CURLOPT_PROXY_CAPATH for disabled-proxy builds |
| |
| Closes #4061 |
| |
| - test153: fix content-length to avoid occasional hang |
| |
| Closes #4065 |
| |
| - RELEASE-NOTES: synced |
| |
| - multi: enable multiplexing by default (again) |
| |
| It was originally made default in d7c4213bd0c (7.62.0) but mistakenly |
| reverted in commit 2f44e94efb3d (7.65.0). Now enabled again. |
| |
| Closes #4051 |
| |
| - typecheck: add 3 missing strings and a callback data pointer |
| |
| Closes #4050 |
| |
| - tests: add disable-scan.pl to dist |
| |
| follow-up from 29177f422a5 |
| |
| Closes #4059 |
| |
| - http2: don't call stream-close on already closed streams |
| |
| Closes #4055 |
| |
| Marcel Raad (20 Jun 2019) |
| - travis: enable alt-svc for coverage build |
| |
| Closes |
| |
| - travis: enable libssh2 for coverage build |
| |
| It was enabled by default before commit c92d2e14cfb. |
| |
| Disable torture tests 600 and 601 because of |
| https://github.com/curl/curl/issues/1678. |
| |
| Closes |
| |
| - travis: disable threaded resolver for coverage build |
| |
| This enables more tests. |
| |
| Closes |
| |
| - travis: enable brotli for all xenial jobs |
| |
| There's no need for a separate job, and no need to build it from source |
| with Xenial. |
| |
| Closes |
| |
| - travis: enable warnings-as-errors for coverage build |
| |
| Closes |
| |
| GitHub (20 Jun 2019) |
| - [Gisle Vanem brought this change] |
| |
| system_win32: fix typo |
| |
| Daniel Stenberg (20 Jun 2019) |
| - typecheck: CURLOPT_CONNECT_TO takes an slist too |
| |
| Additionally, add an alias in curl.h for slist-using options so that |
| we can grep/parse those out at will. |
| |
| Closes #4042 |
| |
| - [Stephan Szabo brought this change] |
| |
| tests: support non-localhost HOSTIP for dict/smb servers |
| |
| smbserver.py/dictserver.py were explicitly using localhost/127.0.0.1 for |
| binding the server which when we were running the tests with a separate |
| HOSTIP and CLIENTIP had failures verifying the server from the device we |
| were testing. |
| |
| This changes them to take the address from runtests.py and default to |
| localhost/127.0.0.1 if none is given. |
| |
| Closes #4048 |
| |
| - test1523: basic test of CURLOPT_LOW_SPEED_LIMIT |
| |
| - configure: --disable-progress-meter |
| |
| Builds libcurl without support for the built-in progress meter. |
| |
| Closes #4023 |
| |
| - curl: improved skip-setopt-options when built with disabled features |
| |
| Reduces #ifdefs in src/tool_operate.c |
| |
| Follow-up from 4e86f2fc4e6 |
| Closes #3936 |
| |
| Steve Holme (18 Jun 2019) |
| - netrc: Return the correct error code when out of memory |
| |
| Introduced in 763c5178. |
| |
| Closes #4036 |
| |
| Daniel Stenberg (18 Jun 2019) |
| - config-os400: add getpeername and getsockname defines |
| |
| Reported-by: jonrumsey on github |
| Fixes #4037 |
| Closes #4039 |
| |
| - runtests: keep logfiles around by default |
| |
| Make '-k' a no-op. The singletest function now clears the log directory |
| BEFORE each individual test and not after, which makes it possible to |
| always keep the logfiles around after a test has been run. No need to |
| specify -k anymore. Keeping the option parsing around to work with users |
| of old habits. |
| |
| Some tests also didn't work properly when -k was used (since the old |
| logs would be kep when a new test starts) which this change also fixes. |
| |
| Closes #4035 |
| |
| - [Gergely Nagy brought this change] |
| |
| openssl: fix pubkey/signature algorithm detection in certinfo |
| |
| Certinfo gives the same result for all OpenSSL versions. |
| Also made printing RSA pubkeys consistent with older versions. |
| |
| Reported-by: Michael Wallner |
| Fixes #3706 |
| Closes #4030 |
| |
| - conn_maxage: move the check to prune_dead_connections() |
| |
| ... and avoid the locking issue. |
| |
| Reported-by: Kunal Ekawde |
| Fixes #4029 |
| Closes #4032 |
| |
| - tests: have runtests figure out disabled features |
| |
| ... so that runtests can skip individual test cases that test features |
| that are explicitly disabled in this build. This new logic is intended |
| for disabled features that aren't otherwise easily visible through the |
| curl_version_info() or other API calls. |
| |
| tests/server/disabled is a newly built executable that will output a |
| list of disabled features. Outputs nothing for a default build. |
| |
| Closes #3950 |
| |
| - test188/189: fix Content-Length |
| |
| This cures the flaky test results |
| |
| Closes #4034 |
| |
| - [Thomas Gamper brought this change] |
| |
| winbuild: use WITH_PREFIX if given |
| |
| Closes #4031 |
| |
| Daniel Gustafsson (17 Jun 2019) |
| - openssl: remove outdated comment |
| |
| OpenSSL used to call exit(1) on syntax errors in OPENSSL_config(), |
| which is why we switched to CONF_modules_load_file() and introduced |
| a comment stating why. This behavior was however changed in OpenSSL |
| commit abdd677125f3a9e3082f8c5692203590fdb9b860, so remove the now |
| outdated and incorrect comment. The mentioned commit also declares |
| OPENSSL_config() deprecated so keep the current coding. |
| |
| Closes #4033 |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| Daniel Stenberg (16 Jun 2019) |
| - RELEASE-NOTES: synced |
| |
| Patrick Monnerat (16 Jun 2019) |
| - os400: make vsetopt() non-static as Curl_vsetopt() for os400 support. |
| |
| Use it in curl_easy_setopt_ccsid(). |
| |
| Reported-by: jonrumsey on github |
| Fixes #3833 |
| Closes #4028 |
| |
| Daniel Stenberg (15 Jun 2019) |
| - runtests: report single test time + total duration |
| |
| ... after each successful test. |
| |
| Closes #4027 |
| |
| - multi: fix the transfer hash function |
| |
| Follow-up from 8b987cc7eb |
| |
| Reported-by: Tom van der Woerdt |
| Fixes #4018 |
| Closes #4024 |
| |
| - unit1654: cleanup on memory failure |
| |
| ... to make it handle torture tests properly. |
| |
| Reported-by: Marcel Raad |
| Fixes #4021 |
| Closes #4022 |
| |
| Marcel Raad (13 Jun 2019) |
| - krb5: fix compiler warning |
| |
| Even though the variable was used in a DEBUGASSERT, GCC 8 warned in |
| debug mode: |
| krb5.c:324:17: error: unused variable 'maj' [-Werror=unused-variable] |
| |
| Just suppress the warning and declare the variable unconditionally |
| instead of only for DEBUGBUILD (which also missed the check for |
| HAVE_ASSERT_H). |
| |
| Closes https://github.com/curl/curl/pull/4020 |
| |
| Daniel Stenberg (13 Jun 2019) |
| - quote.d: asterisk prefix works for SFTP as well |
| |
| Reported-by: Ben Voris |
| Fixes #4017 |
| Closes #4019 |
| |
| - multi: fix the transfer hashes in the socket hash entries |
| |
| - The transfer hashes weren't using the correct keys so removing entries |
| failed. |
| |
| - Simplified the iteration logic over transfers sharing the same socket and |
| they now simply are set to expire and thus get handled in the "regular" |
| timer loop instead. |
| |
| Reported-by: Tom van der Woerdt |
| Fixes #4012 |
| Closes #4014 |
| |
| Jay Satiro (12 Jun 2019) |
| - [Cliff Crosland brought this change] |
| |
| url: Fix CURLOPT_MAXAGE_CONN time comparison |
| |
| Old connections are meant to expire from the connection cache after |
| CURLOPT_MAXAGE_CONN seconds. However, they actually expire after 1000x |
| that value. This occurs because a time value measured in milliseconds is |
| accidentally divided by 1M instead of by 1,000. |
| |
| Closes https://github.com/curl/curl/pull/4013 |
| |
| Daniel Stenberg (11 Jun 2019) |
| - test1165: verify that CURL_DISABLE_ symbols are in sync |
| |
| between configure.ac and source code. They should be possible to switch |
| on/off in configure AND be used in source code. |
| |
| - configure: remove CURL_DISABLE_TLS_SRP |
| |
| It isn't used by code so stop providing the define. |
| |
| Closes #4010 |
| |
| - Revert "cmake: add SMB to list of disabled protocols if HTTP_ONLY is specified" |
| |
| This reverts commit 36738caeb78603ce24e3ea089a167b8c216fb938. |
| |
| Apparently several of the appveyor windows builds broke. |
| |
| - [sergey-raevskiy brought this change] |
| |
| cmake: add SMB to list of disabled protocols if HTTP_ONLY is specified |
| |
| Reviewed-by: Jakub Zakrzewski |
| Closes #3770 |
| |
| - RELEASE-NOTES: synced |
| |
| - http2: remove CURL_DISABLE_TYPECHECK define |
| |
| ... in http2-less builds as it served no use. |
| |
| - configure: more --disable switches to toggle off individual features |
| |
| ... actual support in the code for disabling these has already landed. |
| |
| Closes #4009 |
| |
| - wolfssl: fix key pinning build error |
| |
| follow-up from deb9462ff2de8 |
| |
| - CURLMOPT_SOCKETFUNCTION.3: clarified |
| |
| Moved away the callback explanation from curl_multi_socket_action.3 and |
| expanded it somewhat. |
| |
| Closes #4006 |
| |
| - wolfssl: fixup for SNI use |
| |
| follow-up from deb9462ff2de8 |
| |
| Closes #4007 |
| |
| - CURLOPT_CAINFO.3: polished wording |
| |
| Clarify the functionality when built to use Schannel and Secure |
| Transport and stop calling it the "recommended" or "preferred" way and |
| instead rather call it the default. |
| |
| Removed the reference to the ssl comparison table as it isn't necessary. |
| |
| Reported-by: Richard Alcock |
| Bug: https://curl.haxx.se/mail/lib-2019-06/0019.html |
| Closes #4005 |
| |
| GitHub (10 Jun 2019) |
| - [Daniel Stenberg brought this change] |
| |
| SECURITY.md: created |
| |
| Brief security policy description for use/display on github. |
| |
| Daniel Gustafsson (10 Jun 2019) |
| - tool_cb_prg: Fix integer overflow in progress bar |
| |
| Commit 61faa0b420c236480bc9ef6fd52b4ecc1e0f8d17 fixed the progress bar |
| width calculation to avoid integer overflow, but failed to account for |
| the fact that initial_size is initialized to -1 when the file size is |
| retrieved from the remote on an upload, causing another signed integer |
| overflow. Fix by separately checking for this case before the width |
| calculation. |
| |
| Closes #3984 |
| Reported-by: Brian Carpenter (Geeknik Labs) |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| Daniel Stenberg (10 Jun 2019) |
| - wolfssl: refer to it as wolfSSL only |
| |
| Remove support for, references to and use of "cyaSSL" from the source |
| and docs. wolfSSL is the current name and there's no point in keeping |
| references to ancient history. |
| |
| Assisted-by: Daniel Gustafsson |
| |
| Closes #3903 |
| |
| - RELEASE-NOTES: synced |
| |
| - bindlocal: detect and avoid IP version mismatches in bind() |
| |
| Reported-by: Alex Grebenschikov |
| Fixes #3993 |
| Closes #4002 |
| |
| - multi: make sure 'data' can present in several sockhash entries |
| |
| Since more than one socket can be used by each transfer at a given time, |
| each sockhash entry how has its own hash table with transfers using that |
| socket. |
| |
| In addition, the sockhash entry can now be marked 'blocked = TRUE'" |
| which then makes the delete function just set 'removed = TRUE' instead |
| of removing it "for real", as a way to not rip out the carpet under the |
| feet of a parent function that iterates over the transfers of that same |
| sockhash entry. |
| |
| Reported-by: Tom van der Woerdt |
| Fixes #3961 |
| Fixes #3986 |
| Fixes #3995 |
| Fixes #4004 |
| Closes #3997 |
| |
| - [Sorcus brought this change] |
| |
| libcurl-tutorial.3: Fix small typo (mutipart -> multipart) |
| |
| Fixed-by: MrSorcus on github |
| Closes #4000 |
| |
| - unpause: trigger a timeout for event-based transfers |
| |
| ... so that timeouts or other state machine actions get going again |
| after a changing pause state. For example, if the last delivery was |
| paused there's no pending socket activity. |
| |
| Reported-by: sstruchtrup on github |
| Fixes #3994 |
| Closes #4001 |
| |
| Marcel Raad (9 Jun 2019) |
| - travis: use xenial LLVM package for scan-build |
| |
| I missed that in commit 99a49d6. |
| |
| - travis: update scan-build job to xenial |
| |
| Closes https://github.com/curl/curl/pull/3999 |
| |
| Daniel Stenberg (8 Jun 2019) |
| - bump: start working on 7.65.2 |
| |
| Marcel Raad (5 Jun 2019) |
| - examples/htmltitle: use C++ casts between pointer types |
| |
| Compilers and static analyzers warn about using C-style casts here. |
| |
| Closes https://github.com/curl/curl/pull/3975 |
| |
| - examples/fopen: fix comparison |
| |
| As want is size_t, (file->buffer_pos - want) is unsigned, so checking |
| if it's less than zero makes no sense. |
| Check if file->buffer_pos is less than want instead to avoid the |
| unsigned integer wraparound. |
| |
| Closes https://github.com/curl/curl/pull/3975 |
| |
| - build: fix Codacy warnings |
| |
| Reduce variable scopes and remove redundant variable stores. |
| |
| Closes https://github.com/curl/curl/pull/3975 |
| |
| - sws: remove unused variables |
| |
| Unused since commit 2f44e94. |
| |
| Closes https://github.com/curl/curl/pull/3975 |
| |
| Version 7.65.1 (4 Jun 2019) |
| |
| Daniel Stenberg (4 Jun 2019) |
| - RELEASE-NOTES: 7.65.1 |
| |
| - THANKS: new contributors from 7.65.1 |
| |
| Steve Holme (4 Jun 2019) |
| - [Frank Gevaerts brought this change] |
| |
| ssl: Update outdated "openssl-only" comments for supported backends |
| |
| These are for features that used to be openssl-only but were expanded |
| over time to support other SSL backends. |
| |
| Closes #3985 |
| |
| Daniel Stenberg (4 Jun 2019) |
| - curl_share_setopt.3: improve wording [ci ship] |
| |
| Reported-by: Carlos ORyan |
| |
| Steve Holme (4 Jun 2019) |
| - tool_parsecfg: Use correct return type for GetModuleFileName() |
| |
| GetModuleFileName() returns a DWORD which is a typedef of an unsigned |
| long and not an int. |
| |
| Closes #3980 |
| |
| Daniel Stenberg (3 Jun 2019) |
| - TODO: "at least N milliseconds between requests" [ci skip] |
| |
| Suggested-by: dkwolfe4 on github |
| Closes #3920 |
| |
| Steve Holme (2 Jun 2019) |
| - tests/server/.gitignore: Add socksd to the ignore list |
| |
| Missed in 04fd6755. |
| |
| Closes #3978 |
| |
| - tool_parsecfg: Fix control flow issue (DEADCODE) |
| |
| Follow-up to 8144ba38. |
| |
| Detected by Coverity CID 1445663 |
| Closes #3976 |
| |
| Daniel Stenberg (2 Jun 2019) |
| - [Sergey Ogryzkov brought this change] |
| |
| NTLM: reset proxy "multipass" state when CONNECT request is done |
| |
| Closes #3972 |
| |
| - test334: verify HTTP 204 response with chunked coding header |
| |
| Verifies that a bodyless response don't parse this content-related |
| header. |
| |
| - [Michael Kaufmann brought this change] |
| |
| http: don't parse body-related headers bodyless responses |
| |
| Responses with status codes 1xx, 204 or 304 don't have a response body. For |
| these, don't parse these headers: |
| |
| - Content-Encoding |
| - Content-Length |
| - Content-Range |
| - Last-Modified |
| - Transfer-Encoding |
| |
| This change ensures that HTTP/2 upgrades work even if a |
| "Content-Length: 0" or a "Transfer-Encoding: chunked" header is present. |
| |
| Co-authored-by: Daniel Stenberg |
| Closes #3702 |
| Fixes #3968 |
| Closes #3977 |
| |
| - tls13-docs: mention it is only for OpenSSL >= 1.1.1 |
| |
| Reported-by: Jay Satiro |
| Co-authored-by: Jay Satiro |
| Fixes #3938 |
| Closes #3946 |
| |
| - dump-header.d: spell out that no headers == empty file [ci skip] |
| |
| Reported-by: wesinator at github |
| Fixes #3964 |
| Closes #3974 |
| |
| - singlesocket: use separate variable for inner loop |
| |
| An inner loop within the singlesocket() function wrongly re-used the |
| variable for the outer loop which then could cause an infinite |
| loop. Change to using a separate variable! |
| |
| Reported-by: Eric Wu |
| Fixes #3970 |
| Closes #3973 |
| |
| - RELEASE-NOTES: synced |
| |
| - [Josie Huddleston brought this change] |
| |
| http2: Stop drain from being permanently set on |
| |
| Various functions called within Curl_http2_done() can have the |
| side-effect of setting the Easy connection into drain mode (by calling |
| drain_this()). However, the last time we unset this for a transfer (by |
| calling drained_transfer()) is at the beginning of Curl_http2_done(). |
| If the Curl_easy is reused for another transfer, it is then stuck in |
| drain mode permanently, which in practice makes it unable to write any |
| data in the new transfer. |
| |
| This fix moves the last call to drained_transfer() to later in |
| Curl_http2_done(), after the functions that could potentially call for a |
| drain. |
| |
| Fixes #3966 |
| Closes #3967 |
| Reported-by: Josie-H |
| |
| Steve Holme (29 May 2019) |
| - conncache: Remove the DEBUGASSERT on length check |
| |
| We trust the calling code as this is an internal function. |
| |
| Closes #3962 |
| |
| Jay Satiro (29 May 2019) |
| - [Gisle Vanem brought this change] |
| |
| system_win32: fix function prototype |
| |
| - Change if_nametoindex parameter type from char * to const char *. |
| |
| Follow-up to 09eef8af from this morning. |
| |
| Bug: https://github.com/curl/curl/commit/09eef8af#r33716067 |
| |
| Marcel Raad (29 May 2019) |
| - appveyor: add Visual Studio solution build |
| |
| Closes https://github.com/curl/curl/pull/3941 |
| |
| - appveyor: add support for other build systems |
| |
| Introduce BUILD_SYSTEM variable, which is currently always CMake. |
| |
| Closes https://github.com/curl/curl/pull/3941 |
| |
| Steve Holme (29 May 2019) |
| - url: Load if_nametoindex() dynamically from iphlpapi.dll on Windows |
| |
| This fixes the static dependency on iphlpapi.lib and allows curl to |
| build for targets prior to Windows Vista. |
| |
| This partially reverts 170bd047. |
| |
| Fixes #3960 |
| Closes #3958 |
| |
| Daniel Stenberg (29 May 2019) |
| - http: fix "error: equality comparison with extraneous parentheses" |
| |
| - parse_proxy: make sure portptr is initialized |
| |
| Reported-by: Benbuck Nason |
| |
| fixes #3959 |
| |
| - url: default conn->port to the same as conn->remote_port |
| |
| ... so that it has a sensible value when ConnectionExists() is called which |
| needs it set to differentiate host "bundles" correctly on port number! |
| |
| Also, make conncache:hashkey() use correct port for bundles that are proxy vs |
| host connections. |
| |
| Probably a regression from 7.62.0 |
| |
| Reported-by: Tom van der Woerdt |
| Fixes #3956 |
| Closes #3957 |
| |
| - conncache: make "bundles" per host name when doing proxy tunnels |
| |
| Only HTTP proxy use where multiple host names can be used over the same |
| connection should use the proxy host name for bundles. |
| |
| Reported-by: Tom van der Woerdt |
| Fixes #3951 |
| Closes #3955 |
| |
| - multi: track users of a socket better |
| |
| They need to be removed from the socket hash linked list with more care. |
| |
| When sh_delentry() is called to remove a sockethash entry, remove all |
| individual transfers from the list first. To enable this, each Curl_easy struct |
| now stores a pointer to the sockethash entry to know how to remove itself. |
| |
| Reported-by: Tom van der Woerdt and Kunal Ekawde |
| |
| Fixes #3952 |
| Fixes #3904 |
| Closes #3953 |
| |
| Steve Holme (28 May 2019) |
| - curl-win32.h: Enable Unix Domain Sockets based on the Windows SDK version |
| |
| Microsoft added support for Unix Domain Sockets in Windows 10 1803 |
| (RS4). Rather than expect the user to enable Unix Domain Sockets by |
| uncommenting the #define that was added in 0fd6221f we use the RS4 |
| pre-processor variable that is present in newer versions of the |
| Windows SDK. |
| |
| Closes #3939 |
| |
| Daniel Stenberg (28 May 2019) |
| - [Jonas Vautherin brought this change] |
| |
| cmake: support CMAKE_OSX_ARCHITECTURES when detecting SIZEOF variables |
| |
| Closes #3945 |
| |
| Marcel Raad (27 May 2019) |
| - HAProxy tests: add keywords |
| |
| Add the proxy and haproxy keywords in order to be able to exclude or |
| run these specific tests. |
| |
| Closes https://github.com/curl/curl/pull/3949 |
| |
| Daniel Stenberg (27 May 2019) |
| - [Maksim Stsepanenka brought this change] |
| |
| tests: make test 1420 and 1406 work with rtsp-disabled libcurl |
| |
| Closes #3948 |
| |
| Kamil Dudka (27 May 2019) |
| - [Hubert Kario brought this change] |
| |
| nss: allow to specify TLS 1.3 ciphers if supported by NSS |
| |
| Closes #3916 |
| |
| Daniel Stenberg (26 May 2019) |
| - RELEASE-NOTES: synced |
| |
| - [Jay Satiro brought this change] |
| |
| Revert all SASL authzid (new feature) commits |
| |
| - Revert all commits related to the SASL authzid feature since the next |
| release will be a patch release, 7.65.1. |
| |
| Prior to this change CURLOPT_SASL_AUTHZID / --sasl-authzid was destined |
| for the next release, assuming it would be a feature release 7.66.0. |
| However instead the next release will be a patch release, 7.65.1 and |
| will not contain any new features. |
| |
| After the patch release after the reverted commits can be restored by |
| using cherry-pick: |
| |
| git cherry-pick a14d72c a9499ff 8c1cc36 c2a8d52 0edf690 |
| |
| Details for all reverted commits: |
| |
| Revert "os400: take care of CURLOPT_SASL_AUTHZID in curl_easy_setopt_ccsid()." |
| |
| This reverts commit 0edf6907ae37e2020722e6f61229d8ec64095b0a. |
| |
| Revert "tests: Fix the line endings for the SASL alt-auth tests" |
| |
| This reverts commit c2a8d52a1356a722ff9f4aeb983cd4eaf80ef221. |
| |
| Revert "examples: Added SASL PLAIN authorisation identity (authzid) examples" |
| |
| This reverts commit 8c1cc369d0c7163c6dcc91fd38edfea1f509ae75. |
| |
| Revert "curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the tool" |
| |
| This reverts commit a9499ff136d89987af885e2d7dff0a066a3e5817. |
| |
| Revert "sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID" |
| |
| This reverts commit a14d72ca2fec5d4eb5a043936e4f7ce08015c177. |
| |
| - [dbrowndan brought this change] |
| |
| FAQ: more minor updates and spelling fixes |
| |
| Closes #3937 |
| |
| - RELEASE-NOTES: synced |
| |
| - sectransp: handle errSSLPeerAuthCompleted from SSLRead() |
| |
| Reported-by: smuellerDD on github |
| Fixes #3932 |
| Closes #3933 |
| |
| GitHub (24 May 2019) |
| - [Gisle Vanem brought this change] |
| |
| Fix typo. |
| |
| Daniel Stenberg (23 May 2019) |
| - tool_setopt: for builds with disabled-proxy, skip all proxy setopts() |
| |
| Reported-by: Marcel Raad |
| Fixes #3926 |
| Closes #3929 |
| |
| Steve Holme (23 May 2019) |
| - winbuild: Use two space indentation |
| |
| Closes #3930 |
| |
| GitHub (23 May 2019) |
| - [Gisle Vanem brought this change] |
| |
| tool_parse_cfg: Avoid 2 fopen() for WIN32 |
| |
| Using the memdebug.h mem-leak feature, I noticed 2 calls like: |
| FILE tool_parsecfg.c:70 fopen("c:\Users\Gisle\AppData\Roaming\_curlrc","rt") |
| FILE tool_parsecfg.c:114 fopen("c:\Users\Gisle\AppData\Roaming\_curlrc","rt") |
| |
| No need for 'fopen(), 'fclose()' and a 'fopen()' yet again. |
| |
| Daniel Stenberg (23 May 2019) |
| - md4: include the mbedtls config.h to get the MD4 info |
| |
| - md4: build correctly with openssl without MD4 |
| |
| Reported-by: elsamuko at github |
| Fixes #3921 |
| Closes #3922 |
| |
| Patrick Monnerat (23 May 2019) |
| - os400: take care of CURLOPT_SASL_AUTHZID in curl_easy_setopt_ccsid(). |
| |
| Daniel Stenberg (23 May 2019) |
| - .github/FUNDING: mention our opencollective "home" [ci skip] |
| |
| Marcel Raad (23 May 2019) |
| - [Zenju brought this change] |
| |
| config-win32: add support for if_nametoindex and getsockname |
| |
| Closes https://github.com/curl/curl/pull/3923 |
| |
| Jay Satiro (23 May 2019) |
| - tests: Fix the line endings for the SASL alt-auth tests |
| |
| - Change data and protocol sections to CRLF line endings. |
| |
| Prior to this change the tests would fail or hang, which is because |
| certain sections such as protocol require CRLF line endings. |
| |
| Follow-up to a9499ff from today which added the tests. |
| |
| Ref: https://github.com/curl/curl/pull/3790 |
| |
| Daniel Stenberg (23 May 2019) |
| - url: fix bad #ifdef |
| |
| Regression since e91e48161235272ff485. |
| |
| Reported-by: Tom Greenslade |
| Fixes #3924 |
| Closes #3925 |
| |
| - Revert "progress: CURL_DISABLE_PROGRESS_METER" |
| |
| This reverts commit 3b06e68b7734cb10a555f9d7e804dd5d808236a4. |
| |
| Clearly this change wasn't good enough as it broke CURLOPT_LOW_SPEED_LIMIT + |
| CURLOPT_LOW_SPEED_TIME |
| |
| Reported-by: Dave Reisner |
| |
| Fixes #3927 |
| Closes #3928 |
| |
| Steve Holme (22 May 2019) |
| - examples: Added SASL PLAIN authorisation identity (authzid) examples |
| |
| - curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the tool |
| |
| - sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID |
| |
| Added the ability for the calling program to specify the authorisation |
| identity (authzid), the identity to act as, in addition to the |
| authentication identity (authcid) and password when using SASL PLAIN |
| authentication. |
| |
| Fixed #3653 |
| Closes #3790 |
| |
| Marc Hoersken (22 May 2019) |
| - tests: add support to test against OpenSSH for Windows |
| |
| Testing against OpenSSH for Windows requires v7.7.0.0 or newer |
| due to the use of AllowUsers and DenyUsers. For more info see: |
| https://github.com/PowerShell/Win32-OpenSSH/wiki/sshd_config |
| |
| Daniel Stenberg (22 May 2019) |
| - bump: start on the next release |
| |
| Marcel Raad (22 May 2019) |
| - examples: fix "clarify calculation precedence" warnings |
| |
| Closes https://github.com/curl/curl/pull/3919 |
| |
| - hiperfifo: remove unused variable |
| |
| Closes https://github.com/curl/curl/pull/3919 |
| |
| - examples: remove dead variable stores |
| |
| Closes https://github.com/curl/curl/pull/3919 |
| |
| - examples: reduce variable scopes |
| |
| Closes https://github.com/curl/curl/pull/3919 |
| |
| - http2-download: fix format specifier |
| |
| Closes https://github.com/curl/curl/pull/3919 |
| |
| Daniel Stenberg (22 May 2019) |
| - PolarSSL: deprecate support step 1. Removed from configure. |
| |
| Also removed mentions from most docs. |
| |
| Discussed: https://curl.haxx.se/mail/lib-2019-05/0045.html |
| |
| Closes #3888 |
| |
| - configure/cmake: check for if_nametoindex() |
| |
| - adds the check to cmake |
| |
| - fixes the configure check to work for cross-compiled windows builds |
| |
| Closes #3917 |
| |
| - parse_proxy: use the IPv6 zone id if given |
| |
| If the proxy string is given as an IPv6 numerical address with a zone |
| id, make sure to use that for the connect to the proxy. |
| |
| Reported-by: Edmond Yu |
| |
| Fixes #3482 |
| Closes #3918 |
| |
| Version 7.65.0 (22 May 2019) |
| |
| Daniel Stenberg (22 May 2019) |
| - RELEASE-NOTES: 7.65.0 release |
| |
| - THANKS: from the 7.65.0 release-notes |
| |
| - url: convert the zone id from a IPv6 URL to correct scope id |
| |
| Reported-by: GitYuanQu on github |
| Fixes #3902 |
| Closes #3914 |
| |
| - configure: detect getsockname and getpeername on windows too |
| |
| Made detection macros for these two functions in the same style as other |
| functions possibly in winsock in the hope this will work better to |
| detect these functions when cross-compiling for Windows. |
| |
| Follow-up to e91e4816123 |
| |
| Fixes #3913 |
| Closes #3915 |
| |
| Marcel Raad (21 May 2019) |
| - examples: remove unused variables |
| |
| Fixes Codacy/CppCheck warnings. |
| |
| Closes |
| |
| Daniel Gustafsson (21 May 2019) |
| - udpateconninfo: mark variable unused |
| |
| When compiling without getpeername() or getsockname(), the sockfd |
| paramter to Curl_udpateconninfo() became unused after commit e91e481612 |
| added ifdef guards. |
| |
| Closes #3910 |
| Fixes https://curl.haxx.se/dev/log.cgi?id=20190520172441-32196 |
| Reviewed-by: Marcel Raad, Daniel Stenberg |
| |
| - ftp: move ftp_ccc in under featureflag |
| |
| Commit e91e48161235272ff485ff32bd048c53af731f43 moved ftp_ccc in under |
| the FTP featureflag in the UserDefined struct, but vtls callsites were |
| still using it unprotected. |
| |
| Closes #3912 |
| Fixes: https://curl.haxx.se/dev/log.cgi?id=20190520044705-29865 |
| Reviewed-by: Daniel Stenberg, Marcel Raad |
| |
| Daniel Stenberg (20 May 2019) |
| - curl: report error for "--no-" on non-boolean options |
| |
| Reported-by: Olen Andoni |
| Fixes #3906 |
| Closes #3907 |
| |
| - [Guy Poizat brought this change] |
| |
| mbedtls: enable use of EC keys |
| |
| Closes #3892 |
| |
| - lib1560: add tests for parsing URL with too long scheme |
| |
| Ref: #3905 |
| |
| - [Omar Ramadan brought this change] |
| |
| urlapi: increase supported scheme length to 40 bytes |
| |
| The longest currently registered URI scheme at IANA is 36 bytes long. |
| |
| Closes #3905 |
| Closes #3900 |
| |
| Marcel Raad (20 May 2019) |
| - lib: reduce variable scopes |
| |
| Fixes Codacy/CppCheck warnings. |
| |
| Closes https://github.com/curl/curl/pull/3872 |
| |
| - tool_formparse: remove redundant assignment |
| |
| Just initialize word_begin with the correct value. |
| |
| Closes https://github.com/curl/curl/pull/3873 |
| |
| - ssh: move variable declaration to where it's used |
| |
| This way, we need only one call to free. |
| |
| Closes https://github.com/curl/curl/pull/3873 |
| |
| - ssh-libssh: remove unused variable |
| |
| sock was only used to be assigned to fd_read. |
| |
| Closes https://github.com/curl/curl/pull/3873 |
| |
| Daniel Stenberg (20 May 2019) |
| - test332: verify the blksize fix |
| |
| - tftp: use the current blksize for recvfrom() |
| |
| bug: https://curl.haxx.se/docs/CVE-2019-5436.html |
| Reported-by: l00p3r on hackerone |
| CVE-2019-5436 |
| |
| Daniel Gustafsson (19 May 2019) |
| - version: make ssl_version buffer match for multi_ssl |
| |
| When running a multi TLS backend build the version string needs more |
| buffer space. Make the internal ssl_buffer stack buffer match the one |
| in Curl_multissl_version() to allow for the longer string. For single |
| TLS backend builds there is no use in extended to buffer. This is a |
| fallout from #3863 which fixes up the multi_ssl string generation to |
| avoid a buffer overflow when the buffer is too small. |
| |
| Closes #3875 |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| Steve Holme (18 May 2019) |
| - http_ntlm_wb: Handle auth for only a single request |
| |
| Currently when the server responds with 401 on NTLM authenticated |
| connection (re-used) we consider it to have failed. However this is |
| legitimate and may happen when for example IIS is set configured to |
| 'authPersistSingleRequest' or when the request goes thru a proxy (with |
| 'via' header). |
| |
| Implemented by imploying an additional state once a connection is |
| re-used to indicate that if we receive 401 we need to restart |
| authentication. |
| |
| Missed in fe6049f0. |
| |
| - http_ntlm_wb: Cleanup handshake after clean NTLM failure |
| |
| Missed in 50b87c4e. |
| |
| - http_ntlm_wb: Return the correct error on receiving an empty auth message |
| |
| Missed in fe20826b as it wasn't implemented in http.c in b4d6db83. |
| |
| Closes #3894 |
| |
| Daniel Stenberg (18 May 2019) |
| - curl: make code work with protocol-disabled libcurl |
| |
| Closes #3844 |
| |
| - libcurl: #ifdef away more code for disabled features/protocols |
| |
| - progress: CURL_DISABLE_PROGRESS_METER |
| |
| - hostip: CURL_DISABLE_SHUFFLE_DNS |
| |
| - netrc: CURL_DISABLE_NETRC |
| |
| Viktor Szakats (16 May 2019) |
| - docs: Markdown and misc improvements [ci skip] |
| |
| Approved-by: Daniel Stenberg |
| Closes #3896 |
| |
| - docs/RELEASE-PROCEDURE: link to live iCalendar [ci skip] |
| |
| Ref: https://github.com/curl/curl/commit/0af41b40b2c7bd379b2251cbe7cd618e21fa0ea1#commitcomment-33563135 |
| Approved-by: Daniel Stenberg |
| Closes #3895 |
| |
| Daniel Stenberg (16 May 2019) |
| - travis: add an osx http-only build |
| |
| Closes #3887 |
| |
| - cleanup: remove FIXME and TODO comments |
| |
| They serve very little purpose and mostly just add noise. Most of them |
| have been around for a very long time. I read them all before removing |
| or rephrasing them. |
| |
| Ref: #3876 |
| Closes #3883 |
| |
| - curl: don't set FTP options for FTP-disabled builds |
| |
| ... since libcurl has started to be totally unaware of options for |
| disabled protocols they now return error. |
| |
| Bug: https://github.com/curl/curl/commit/c9c5304dd4747cbe75d2f24be85920d572fcb5b8#commitcomment-33533937 |
| |
| Reported-by: Marcel Raad |
| Closes #3886 |
| |
| Steve Holme (16 May 2019) |
| - http_ntlm_wb: Move the type-2 message processing into a dedicated function |
| |
| This brings the code inline with the other HTTP authentication mechanisms. |
| |
| Closes #3890 |
| |
| Daniel Stenberg (15 May 2019) |
| - RELEASE-NOTES: synced |
| |
| - docs/RELEASE-PROCEDURE: updated coming releases dates [ci skip] |
| |
| - CURLOPT_READFUNCTION.3: see also CURLOPT_UPLOAD_BUFFERSIZE [ci skip] |
| |
| Reported-by: Roy Bellingan |
| Bug: #3885 |
| |
| - parse_proxy: use the URL parser API |
| |
| As we treat a given proxy as a URL we should use the unified URL parser |
| to extract the parts out of it. |
| |
| Closes #3878 |
| |
| Steve Holme (15 May 2019) |
| - http_negotiate: Move the Negotiate state out of the negotiatedata structure |
| |
| Given that this member variable is not used by the SASL based protocols |
| there is no need to have it here. |
| |
| Closes #3882 |
| |
| - http_ntlm: Move the NTLM state out of the ntlmdata structure |
| |
| Given that this member variable is not used by the SASL based protocols |
| there is no need to have it here. |
| |
| - url: Move the negotiate state type into a dedicated enum |
| |
| - url: Remove duplicate clean up of the winbind variables in conn_shutdown() |
| |
| Given that Curl_disconnect() calls Curl_http_auth_cleanup_ntlm() prior |
| to calling conn_shutdown() and it in turn performs this, there is no |
| need to perform the same action in conn_shutdown(). |
| |
| Closes #3881 |
| |
| Daniel Stenberg (14 May 2019) |
| - urlapi: require a non-zero host name length when parsing URL |
| |
| Updated test 1560 to verify. |
| |
| Closes #3880 |
| |
| - configure: error out if OpenSSL wasn't detected when asked for |
| |
| If --with-ssl is used and configure still couldn't enable SSL this |
| creates an error instead of just silently ignoring the fact. |
| |
| Suggested-by: Isaiah Norton |
| Fixes #3824 |
| Closes #3830 |
| |
| Daniel Gustafsson (14 May 2019) |
| - imap: Fix typo in comment |
| |
| Steve Holme (14 May 2019) |
| - url: Remove unnecessary initialisation from allocate_conn() |
| |
| No need to set variables to zero as calloc() does this for us. |
| |
| Closes #3879 |
| |
| Daniel Stenberg (14 May 2019) |
| - CURLOPT_CAINFO.3: with Schannel, you want Windows 8 or later [ci skip] |
| |
| Clues-provided-by: Jay Satiro |
| Clues-provided-by: Jeroen Ooms |
| Fixes #3711 |
| Closes #3874 |
| |
| Daniel Gustafsson (13 May 2019) |
| - vtls: fix potential ssl_buffer stack overflow |
| |
| In Curl_multissl_version() it was possible to overflow the passed in |
| buffer if the generated version string exceeded the size of the buffer. |
| Fix by inverting the logic, and also make sure to not exceed the local |
| buffer during the string generation. |
| |
| Closes #3863 |
| Reported-by: nevv on HackerOne/curl |
| Reviewed-by: Jay Satiro |
| Reviewed-by: Daniel Stenberg |
| |
| Daniel Stenberg (13 May 2019) |
| - RELEASE-NOTES: synced |
| |
| - appveyor: also build "/ci" branches like travis |
| |
| - pingpong: disable more when no pingpong enabled |
| |
| - proxy: acknowledge DISABLE_PROXY more |
| |
| - parsedate: CURL_DISABLE_PARSEDATE |
| |
| - sasl: only enable if there's a protocol enabled using it |
| |
| - mime: acknowledge CURL_DISABLE_MIME |
| |
| - wildcard: disable from build when FTP isn't present |
| |
| - http: CURL_DISABLE_HTTP_AUTH |
| |
| - base64: build conditionally if there are users |
| |
| - doh: CURL_DISABLE_DOH |
| |
| Steve Holme (12 May 2019) |
| - auth: Rename the various authentication clean up functions |
| |
| For consistency and to a avoid confusion. |
| |
| Closes #3869 |
| |
| Daniel Stenberg (12 May 2019) |
| - [Jay Satiro brought this change] |
| |
| docs/INSTALL: fix broken link [ci skip] |
| |
| Reported-by: Joombalaya on github |
| Fixes #3818 |
| |
| Marcel Raad (12 May 2019) |
| - easy: fix another "clarify calculation precedence" warning |
| |
| I missed this one in commit 6b3dde7fe62ea5a557fd1fd323fac2bcd0c2e9be. |
| |
| - build: fix "clarify calculation precedence" warnings |
| |
| Codacy/CppCheck warns about this. Consistently use parentheses as we |
| already do in some places to silence the warning. |
| |
| Closes https://github.com/curl/curl/pull/3866 |
| |
| - cmake: restore C89 compatibility of CurlTests.c |
| |
| I broke it in d1b5cf830bfe169745721b21245d2217d2c2453e and |
| 97de97daefc2ed084c91eff34af2426f2e55e134. |
| |
| Reported-by: Viktor Szakats |
| Ref: https://github.com/curl/curl/commit/97de97daefc2ed084c91eff34af2426f2e55e134#commitcomment-33499044 |
| Closes https://github.com/curl/curl/pull/3868 |
| |
| Steve Holme (11 May 2019) |
| - http_ntlm: Corrected the name of the include guard |
| |
| Missed in f0bdd72c. |
| |
| Closes #3867 |
| |
| - http_digest: Don't expose functions when HTTP and Crypto Auth are disabled |
| |
| Closes #3861 |
| |
| - http_negotiate: Don't expose functions when HTTP is disabled |
| |
| Daniel Stenberg (11 May 2019) |
| - SECURITY-PROCESS: fix links [ci skip] |
| |
| Marcel Raad (11 May 2019) |
| - CMake: suppress unused variable warnings |
| |
| I missed these in commit d1b5cf830bfe169745721b21245d2217d2c2453e. |
| |
| Daniel Stenberg (11 May 2019) |
| - doh: disable DOH for the cases it doesn't work |
| |
| Due to limitations in Curl_resolver_wait_resolv(), it doesn't work for |
| DOH resolves. This fix disables DOH for those. |
| |
| Limitation added to KNOWN_BUGS. |
| |
| Fixes #3850 |
| Closes #3857 |
| |
| Jay Satiro (11 May 2019) |
| - checksrc.bat: Ignore snprintf warnings in docs/examples |
| |
| .. because we allow snprintf use in docs/examples. |
| |
| Closes https://github.com/curl/curl/pull/3862 |
| |
| Steve Holme (10 May 2019) |
| - vauth: Fix incorrect function description for Curl_auth_user_contains_domain() |
| |
| ...and misalignment of these comments. From a78c61a4. |
| |
| Closes #3860 |
| |
| Jay Satiro (10 May 2019) |
| - Revert "multi: support verbose conncache closure handle" |
| |
| This reverts commit b0972bc. |
| |
| - No longer show verbose output for the conncache closure handle. |
| |
| The offending commit was added so that the conncache closure handle |
| would inherit verbose mode from the user's easy handle. (Note there is |
| no way for the user to set options for the closure handle which is why |
| that was necessary.) Other debug settings such as the debug function |
| were not also inherited since we determined that could lead to crashes |
| if the user's per-handle private data was used on an unexpected handle. |
| |
| The reporter here says he has a debug function to capture the verbose |
| output, and does not expect or want any output to stderr; however |
| because the conncache closure handle does not inherit the debug function |
| the verbose output for that handle does go to stderr. |
| |
| There are other plausible scenarios as well such as the user redirects |
| stderr on their handle, which is also not inherited since it could lead |
| to crashes when used on an unexpected handle. |
| |
| Short of allowing the user to set options for the conncache closure |
| handle I don't think there's much we can safely do except no longer |
| inherit the verbose setting. |
| |
| Bug: https://curl.haxx.se/mail/lib-2019-05/0021.html |
| Reported-by: Kristoffer Gleditsch |
| |
| Ref: https://github.com/curl/curl/pull/3598 |
| Ref: https://github.com/curl/curl/pull/3618 |
| |
| Closes https://github.com/curl/curl/pull/3856 |
| |
| Steve Holme (10 May 2019) |
| - ntlm: Fix misaligned function comments for Curl_auth_ntlm_cleanup() |
| |
| From 6012fa5a. |
| |
| Closes #3858 |
| |
| Daniel Stenberg (9 May 2019) |
| - BUG-BOUNTY: minor formatting fixes [ci skip] |
| |
| - RELEASE-NOTES: synced |
| |
| - BUG-BOUNTY.md: add the Dropbox "bonus" extra payout ability [ci skip] |
| |
| Closes #3839 |
| |
| Kamil Dudka (9 May 2019) |
| - http_negotiate: do not treat failure of gss_init_sec_context() as fatal |
| |
| Fixes #3726 |
| Closes #3849 |
| |
| - spnego_gssapi: fix return code on gss_init_sec_context() failure |
| |
| Fixes #3726 |
| Closes #3849 |
| |
| Steve Holme (9 May 2019) |
| - gen_resp_file.bat: Removed unnecessary @ from all but the first command |
| |
| There is need to use @ on every command once echo has been turned off. |
| |
| Closes #3854 |
| |
| Jay Satiro (8 May 2019) |
| - http: Ignore HTTP/2 prior knowledge setting for HTTP proxies |
| |
| - Do not switch to HTTP/2 for an HTTP proxy that is not tunnelling to |
| the destination host. |
| |
| We already do something similar for HTTPS proxies by not sending h2. [1] |
| |
| Prior to this change setting CURL_HTTP_VERSION_2_PRIOR_KNOWLEDGE would |
| incorrectly use HTTP/2 to talk to the proxy, which is not something we |
| support (yet?). Also it's debatable whether or not that setting should |
| apply to HTTP/2 proxies. |
| |
| [1]: https://github.com/curl/curl/commit/17c5d05 |
| |
| Bug: https://github.com/curl/curl/issues/3570 |
| Bug: https://github.com/curl/curl/issues/3832 |
| |
| Closes https://github.com/curl/curl/pull/3853 |
| |
| Marcel Raad (8 May 2019) |
| - travis: update mesalink build to xenial |
| |
| Closes https://github.com/curl/curl/pull/3842 |
| |
| Daniel Stenberg (8 May 2019) |
| - [Ricky Leverence brought this change] |
| |
| OpenSSL: Report -fips in version if OpenSSL is built with FIPS |
| |
| Older versions of OpenSSL report FIPS availabilty via an OPENSSL_FIPS |
| define. It uses this define to determine whether to publish -fips at |
| the end of the version displayed. Applications that utilize the version |
| reported by OpenSSL will see a mismatch if they compare it to what curl |
| reports, as curl is not modifying the version in the same way. This |
| change simply adds a check to see if OPENSSL_FIPS is defined, and will |
| alter the reported version to match what OpenSSL itself provides. This |
| only appears to be applicable in versions of OpenSSL <1.1.1 |
| |
| Closes #3771 |
| |
| Kamil Dudka (7 May 2019) |
| - [Frank Gevaerts brought this change] |
| |
| nss: allow fifos and character devices for certificates. |
| |
| Currently you can do things like --cert <(cat ./cert.crt) with (at least) the |
| openssl backend, but that doesn't work for nss because is_file rejects fifos. |
| |
| I don't actually know if this is sufficient, nss might do things internally |
| (like seeking back) that make this not work, so actual testing is needed. |
| |
| Closes #3807 |
| |
| Daniel Gustafsson (6 May 2019) |
| - test2100: Fix typos in test description |
| |
| Daniel Stenberg (6 May 2019) |
| - ssh: define USE_SSH if SSH is enabled (any backend) |
| |
| Closes #3846 |
| |
| Steve Holme (5 May 2019) |
| - winbuild: Add our standard copyright header to the winbuild batch files |
| |
| - makedebug: Fix ERRORLEVEL detection after running where.exe |
| |
| Closes #3838 |
| |
| Daniel Stenberg (5 May 2019) |
| - urlapi: add CURLUPART_ZONEID to set and get |
| |
| The zoneid can be used with IPv6 numerical addresses. |
| |
| Updated test 1560 to verify. |
| |
| Closes #3834 |
| |
| - [Taiyu Len brought this change] |
| |
| WRITEFUNCTION: add missing set_in_callback around callback |
| |
| Closes #3837 |
| |
| - RELEASE-NOTES: synced |
| |
| - CURLMOPT_TIMERFUNCTION.3: warn about the recursive risk [ci skip] |
| |
| Reported-by: Ricardo Gomes |
| |
| Bug: #3537 |
| Closes #3836 |
| |
| - CURLOPT_CHUNK_BGN_FUNCTION.3: document the struct and time value |
| |
| The time field in the curl_fileinfo struct will always be zero. No code |
| was ever implemented to actually convert the date string to a time_t. |
| |
| Fixes #3829 |
| Closes #3835 |
| |
| - OS400/ccsidcurl.c: code style fixes |
| |
| - OS400/ccsidcurl: replace use of Curl_vsetopt |
| |
| (and make the code style comply) |
| |
| Fixes #3833 |
| |
| - urlapi: strip off scope id from numerical IPv6 addresses |
| |
| ... to make the host name "usable". Store the scope id and put it back |
| when extracting a URL out of it. |
| |
| Also makes curl_url_set() syntax check CURLUPART_HOST. |
| |
| Fixes #3817 |
| Closes #3822 |
| |
| - RELEASE-NOTES: synced |
| |
| - multiif.h: remove unused protos |
| |
| ... for functions related to pipelining. Those functions were removed in |
| 2f44e94efb3df. |
| |
| Closes #3828 |
| |
| - [Yiming Jing brought this change] |
| |
| travis: mesalink: temporarily disable test 3001 |
| |
| ... due to SHA-1 signatures in test certs |
| |
| - [Yiming Jing brought this change] |
| |
| travis: upgrade the MesaLink TLS backend to v1.0.0 |
| |
| Closes #3823 |
| Closes #3776 |
| |
| - ConnectionExists: improve non-multiplexing use case |
| |
| - better log output |
| |
| - make sure multiplex is enabled for it to be used |
| |
| - multi: provide Curl_multiuse_state to update information |
| |
| As soon as a TLS backend gets ALPN conformation about the specific HTTP |
| version it can now set the multiplex situation for the "bundle" and |
| trigger moving potentially queued up transfers to the CONNECT state. |
| |
| - process_pending_handles: mark queued transfers as previously pending |
| |
| With transfers being queued up, we only move one at a a time back to the |
| CONNECT state but now we mark moved transfers so that when a moved |
| transfer is confirmed "successful" (it connected) it will trigger the |
| move of another pending transfer. Previously, it would otherwise wait |
| until the transfer was done before doing this. This makes queued up |
| pending transfers get processed (much) faster. |
| |
| - http: mark bundle as not for multiuse on < HTTP/2 response |
| |
| Fixes #3813 |
| Closes #3815 |
| |
| Daniel Gustafsson (1 May 2019) |
| - cookie: Guard against possible NULL ptr deref |
| |
| In case the name pointer isn't set (due to memory pressure most likely) |
| we need to skip the prefix matching and reject with a badcookie to avoid |
| a possible NULL pointer dereference. |
| |
| Closes #3820 #3821 |
| Reported-by: Jonathan Moerman |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| Patrick Monnerat (30 Apr 2019) |
| - os400: Add CURLOPT_MAXAGE_CONN to ILE/RPG bindings |
| |
| Kamil Dudka (29 Apr 2019) |
| - nss: provide more specific error messages on failed init |
| |
| Closes #3808 |
| |
| Daniel Stenberg (29 Apr 2019) |
| - [Reed Loden brought this change] |
| |
| docs: minor polish to the bug bounty / security docs |
| |
| Closes #3811 |
| |
| - CURL_MAX_INPUT_LENGTH: largest acceptable string input size |
| |
| This limits all accepted input strings passed to libcurl to be less than |
| CURL_MAX_INPUT_LENGTH (8000000) bytes, for these API calls: |
| curl_easy_setopt() and curl_url_set(). |
| |
| The 8000000 number is arbitrary picked and is meant to detect mistakes |
| or abuse, not to limit actual practical use cases. By limiting the |
| acceptable string lengths we also reduce the risk of integer overflows |
| all over. |
| |
| NOTE: This does not apply to `CURLOPT_POSTFIELDS`. |
| |
| Test 1559 verifies. |
| |
| Closes #3805 |
| |
| - [Tseng Jun brought this change] |
| |
| curlver.h: use parenthesis in CURL_VERSION_BITS macro |
| |
| Closes #3809 |
| |
| Marcel Raad (27 Apr 2019) |
| - [Simon Warta brought this change] |
| |
| cmake: rename CMAKE_USE_DARWINSSL to CMAKE_USE_SECTRANSP |
| |
| Closes https://github.com/curl/curl/pull/3769 |
| |
| Steve Holme (23 Apr 2019) |
| - ntlm: Missed pre-processor || (or) during rebase for cd15acd0 |
| |
| - ntlm: Support the NT response in the type-3 when OpenSSL doesn't include MD4 |
| |
| Just like we do for mbed TLS, use our local implementation of MD4 when |
| OpenSSL doesn't support it. This allows a type-3 message to include the |
| NT response. |
| |
| Daniel Gustafsson (23 Apr 2019) |
| - INTERNALS: fix misindentation of ToC item |
| |
| Kerberos was incorrectly indented as a subsection under FTP, which is |
| incorrect as they are both top level sections. A fix for this was first |
| attempted in commit fef38a0898322f285401c5ff2f5e7c90dbf3be63 but that |
| was a few paddles short of being complete. |
| |
| - [Aron Bergman brought this change] |
| |
| INTERNALS: Add structs to ToC |
| |
| Add the subsections under "Structs in libcurl" to the table of contents. |
| |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| Reviewed-by: Daniel Gustafsson <daniel@yesql.se> |
| |
| - [Aron Bergman brought this change] |
| |
| INTERNALS: Add code highlighting |
| |
| Make all struct members under the Curl_handler section |
| print in monospace font. |
| |
| Closes #3801 |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| Reviewed-by: Daniel Gustafsson <daniel@yesql.se> |
| |
| Daniel Stenberg (22 Apr 2019) |
| - docs/BUG-BOUNTY: bug bounty time [skip ci] |
| |
| Introducing the curl bug bounty program on hackerone. We now recommend |
| filing security issues directly in the hackerone ticket system which |
| only is readable to curl security team members. |
| |
| Assisted-by: Daniel Gustafsson |
| |
| Closes #3488 |
| |
| Steve Holme (22 Apr 2019) |
| - sasl: Don't send authcid as authzid for the PLAIN mechanism as per RFC 4616 |
| |
| RFC 4616 specifies the authzid is optional in the client authentication |
| message and that the server will derive the authorisation identity |
| (authzid) from the authentication identity (authcid) when not specified |
| by the client. |
| |
| Jay Satiro (22 Apr 2019) |
| - [Gisle Vanem brought this change] |
| |
| memdebug: fix variable name |
| |
| Follow-up to 76b6348 which renamed logfile as curl_dbg_logfile. |
| |
| Ref: https://github.com/curl/curl/commit/76b6348#r33259088 |
| |
| Steve Holme (21 Apr 2019) |
| - vauth/cleartext: Don't send the authzid if it is empty |
| |
| Follow up to 762a292f. |
| |
| Daniel Stenberg (21 Apr 2019) |
| - test 196,197,198: add 'retry' keyword [skip ci] |
| |
| - RELEASE-NOTES: synced |
| |
| - CURLOPT_MAXAGE_CONN: set the maximum allowed age for conn reuse |
| |
| ... and disconnect too old ones instead of trying to reuse. |
| |
| Default max age is set to 118 seconds. |
| |
| Ref: #3722 |
| Closes #3782 |
| |
| Daniel Gustafsson (20 Apr 2019) |
| - [Po-Chuan Hsieh brought this change] |
| |
| altsvc: Fix building with cookies disables |
| |
| ALTSVC requires Curl_get_line which is defined in lib/cookie.c inside a #if |
| check of HTTP and COOKIES. That makes Curl_get_line undefined if COOKIES is |
| disabled. Fix by splitting out the function into a separate file which can |
| be included where needed. |
| |
| Closes #3717 |
| Reviewed-by: Daniel Gustafsson <daniel@yesql.se> |
| Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com> |
| |
| Daniel Stenberg (20 Apr 2019) |
| - test1002: correct the name [skip ci] |
| |
| - test660: verify CONNECT_ONLY with IMAP |
| |
| which basically just makes sure LOGOUT is *not* issued on disconnect |
| |
| - Curl_disconnect: treat all CONNECT_ONLY connections as "dead" |
| |
| Since the connection has been used by the "outside" we don't know the |
| state of it anymore and curl should not use it anymore. |
| |
| Bug: https://curl.haxx.se/mail/lib-2019-04/0052.html |
| |
| Closes #3795 |
| |
| - multi: fix the statenames (follow-up fix from 2f44e94efb3df8e) |
| |
| The list of names must be in sync with the defined states in the header |
| file! |
| |
| Steve Holme (16 Apr 2019) |
| - openvms: Remove pre-processors for Windows as VMS cannot support them |
| |
| - openvms: Remove pre-processor for SecureTransport as VMS cannot support it |
| |
| Fixes #3768 |
| Closes #3785 |
| |
| Jay Satiro (16 Apr 2019) |
| - TODO: Add issue link to an existing entry |
| |
| Daniel Stenberg (16 Apr 2019) |
| - RELEASE-NOTES: synced |
| |
| Jay Satiro (16 Apr 2019) |
| - tool_help: Warn if curl and libcurl versions do not match |
| |
| .. because functionality may be affected if the versions differ. |
| |
| This commit implements TODO 18.7 "warning if curl version is not in sync |
| with libcurl version". |
| |
| Ref: https://github.com/curl/curl/blob/curl-7_64_1/docs/TODO#L1028-L1033 |
| |
| Closes https://github.com/curl/curl/pull/3774 |
| |
| Steve Holme (16 Apr 2019) |
| - md5: Update the function signature following d84da52d |
| |
| - md5: Forgot to update the code alignment in d84da52d |
| |
| - md5: Return CURLcode from the internally accessible functions |
| |
| Following 28f826b3 to return CURLE_OK instead of numeric 0. |
| |
| Daniel Gustafsson (15 Apr 2019) |
| - tests: Run global cleanup at end of tests |
| |
| Make sure to run curl_global_cleanup() when shutting down the test |
| suite to release any resources allocated in the SSL setup. This is |
| clearly visible when running tests with PolarSSL where the thread |
| lock calloc() memory which isn't released when not running cleanup. |
| Below is an excerpt from the autobuild logs: |
| |
| ==12368== 96 bytes in 1 blocks are possibly lost in loss record 1 of 2 |
| ==12368== at 0x4837B65: calloc (vg_replace_malloc.c:752) |
| ==12368== by 0x11A76E: curl_dbg_calloc (memdebug.c:205) |
| ==12368== by 0x145CDF: Curl_polarsslthreadlock_thread_setup |
| (polarssl_threadlock.c:54) |
| ==12368== by 0x145B37: Curl_polarssl_init (polarssl.c:865) |
| ==12368== by 0x14129D: Curl_ssl_init (vtls.c:171) |
| ==12368== by 0x118B4C: global_init (easy.c:158) |
| ==12368== by 0x118BF5: curl_global_init (easy.c:221) |
| ==12368== by 0x118D0B: curl_easy_init (easy.c:299) |
| ==12368== by 0x114E96: test (lib1906.c:32) |
| ==12368== by 0x115495: main (first.c:174) |
| |
| Closes #3783 |
| Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com> |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| Marcel Raad (15 Apr 2019) |
| - travis: use mbedtls from Xenial |
| |
| No need to build it from source anymore. |
| |
| Closes https://github.com/curl/curl/pull/3779 |
| |
| - travis: use libpsl from Xenial |
| |
| This makes building libpsl and libidn2 from source unnecessary and |
| removes the need for the autopoint and libunistring-dev packages. |
| |
| Closes https://github.com/curl/curl/pull/3779 |
| |
| Daniel Stenberg (15 Apr 2019) |
| - runtests: start socksd like other servers |
| |
| ... without a $srcdir prefix. Triggered by the failures in several |
| autobuilds. |
| |
| Closes #3781 |
| |
| Daniel Gustafsson (14 Apr 2019) |
| - socksd: Fix typos |
| |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| - socksd: Properly decorate static variables |
| |
| Mark global variables static to avoid compiler warning in Clang when |
| using -Wmissing-variable-declarations. |
| |
| Closes #3778 |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| Steve Holme (14 Apr 2019) |
| - md(4|5): Fixed indentation oddities with the importation of replacement code |
| |
| The indentation from 211d5329 and 57d6d253 was a little strange as |
| parts didn't align correctly, uses 4 spaces rather than 2. Checked |
| the indentation of the original source so it aligns, albeit, using |
| curl style. |
| |
| - md5: Code style to return CURLE_OK rather than numeric 0 |
| |
| - md5: Corrected code style for some pointer arguments |
| |
| Marcel Raad (13 Apr 2019) |
| - travis: update some builds to xenial |
| |
| Xenial comes with more up-to-date software versions and more available |
| packages, some of which we currently build from source. Unfortunately, |
| some builds would fail with Xenial because of assertion failures in |
| Valgrind when using OpenSSL, so leave these at Trusty. |
| |
| Closes https://github.com/curl/curl/pull/3777 |
| |
| Daniel Stenberg (13 Apr 2019) |
| - test: make tests and test scripts use socksd for SOCKS |
| |
| Make all SOCKS tests use socksd instead of ssh. |
| |
| - socksd: new SOCKS 4+5 server for tests |
| |
| Closes #3752 |
| |
| - singleipconnect: show port in the verbose "Trying ..." message |
| |
| To aid debugging better. |
| |
| - [tmilburn brought this change] |
| |
| CURLOPT_ADDRESS_SCOPE: fix range check and more |
| |
| Commit 9081014 fixed most of the confusing issues between scope id and |
| scope however 844896d added bad limits checking assuming that the scope |
| is being set and not the scope id. |
| |
| I have fixed the documentation so it all refers to scope ids. |
| |
| In addition Curl_if2ip refered to the scope id as remote_scope_id which |
| is incorrect, so I renamed it to local_scope_id. |
| |
| Adjusted-by: Daniel Stenberg |
| |
| Closes #3655 |
| Closes #3765 |
| Fixes #3713 |
| |
| - urlapi: stricter CURLUPART_PORT parsing |
| |
| Only allow well formed decimal numbers in the input. |
| |
| Document that the number MUST be between 1 and 65535. |
| |
| Add tests to test 1560 to verify the above. |
| |
| Ref: https://github.com/curl/curl/issues/3753 |
| Closes #3762 |
| |
| Jay Satiro (13 Apr 2019) |
| - [Jan Ehrhardt brought this change] |
| |
| winbuild: Support MultiSSL builds |
| |
| - Remove the lines in winbuild/Makefile.vc that generate an error with |
| multiple SSL backends. |
| |
| - Add /DCURL_WITH_MULTI_SSL in winbuild/MakefileBuild.vc if multiple SSL |
| backends are set. |
| |
| Closes https://github.com/curl/curl/pull/3772 |
| |
| Daniel Stenberg (12 Apr 2019) |
| - travis: remove mesalink builds (temporarily?) |
| |
| Since the mesalink build started to fail on travis, even though we build |
| a fixed release version, we disable it to prevent it from blocking |
| progress. |
| |
| Closes #3767 |
| |
| - openssl: mark connection for close on TLS close_notify |
| |
| Without this, detecting and avoid reusing a closed TLS connection |
| (without a previous GOAWAY) when doing HTTP/2 is tricky. |
| |
| Reported-by: Tom van der Woerdt |
| Fixes #3750 |
| Closes #3763 |
| |
| - RELEASE-NOTES: synced |
| |
| Steve Holme (11 Apr 2019) |
| - vauth/cleartext: Update the PLAIN login function signature to match RFC 4616 |
| |
| Functionally this doesn't change anything as we still use the username |
| for both the authorisation identity and the authentication identity. |
| |
| Closes #3757 |
| |
| Daniel Stenberg (11 Apr 2019) |
| - test1906: verify CURLOPT_CURLU + CURLOPT_PORT usage |
| |
| Based-on-code-by: Poul T Lomholt |
| |
| - url: always clone the CUROPT_CURLU handle |
| |
| Since a few code paths actually update that data. |
| |
| Fixes #3753 |
| Closes #3761 |
| |
| Reported-by: Poul T Lomholt |
| |
| - CURLOPT_DNS_USE_GLOBAL_CACHE: remove |
| |
| Remove the code too. The functionality has been disabled in code since |
| 7.62.0. Setting this option will from now on simply be ignored and have |
| no function. |
| |
| Closes #3654 |
| |
| Marcel Raad (11 Apr 2019) |
| - travis: install libgnutls28-dev only for --with-gnutls build |
| |
| Reduces the time needed for the other jobs a little. |
| |
| Closes https://github.com/curl/curl/pull/3721 |
| |
| - travis: install libnss3-dev only for --with-nss build |
| |
| Reduces the time needed for the other jobs a little. |
| |
| Closes https://github.com/curl/curl/pull/3721 |
| |
| - travis: install libssh2-dev only for --with-libssh2 build |
| |
| Reduces the time needed for the other jobs a little. |
| |
| Closes https://github.com/curl/curl/pull/3721 |
| |
| - travis: install libssh-dev only for --with-libssh build |
| |
| Reduces the time needed for the other jobs a little. |
| |
| Closes https://github.com/curl/curl/pull/3721 |
| |
| - travis: install krb5-user only for --with-gssapi build |
| |
| Reduces the time needed for the other jobs a little. |
| |
| Closes https://github.com/curl/curl/pull/3721 |
| |
| - travis: install lcov only for the coverage job |
| |
| Reduces the time needed for the other jobs a little. |
| |
| Closes https://github.com/curl/curl/pull/3721 |
| |
| - travis: install clang only when needed |
| |
| This reduces the GCC job runtimes a little and it's needed to |
| selectively update clang builds to xenial. |
| |
| Closes https://github.com/curl/curl/pull/3721 |
| |
| - AppVeyor: enable testing for WinSSL build |
| |
| Closes https://github.com/curl/curl/pull/3725 |
| |
| - build: fix Codacy/CppCheck warnings |
| |
| - remove unused variables |
| - declare conditionally used variables conditionally |
| - suppress unused variable warnings in the CMake tests |
| - remove dead variable stores |
| - consistently use WIN32 macro to detect Windows |
| |
| Closes https://github.com/curl/curl/pull/3739 |
| |
| - polarssl_threadlock: remove conditionally unused code |
| |
| Make functions no-ops if neither both USE_THREADS_POSIX and |
| HAVE_PTHREAD_H nor both USE_THREADS_WIN32 and HAVE_PROCESS_H are |
| defined. Previously, if only one of them was defined, there was either |
| code compiled that did nothing useful or the wrong header included for |
| the functions used. |
| |
| Also, move POLARSSL_MUTEX_T define to implementation file as it's not |
| used externally. |
| |
| Closes https://github.com/curl/curl/pull/3739 |
| |
| - lib557: initialize variables |
| |
| These variables are only conditionally initialized. |
| |
| Closes https://github.com/curl/curl/pull/3739 |
| |
| - lib509: add missing include for strdup |
| |
| Closes https://github.com/curl/curl/pull/3739 |
| |
| - README.md: fix no-consecutive-blank-lines Codacy warning |
| |
| Consistently use one blank line between blocks. |
| |
| Closes https://github.com/curl/curl/pull/3739 |
| |
| - tests/server/util: fix Windows Unicode build |
| |
| Always use the ANSI version of FormatMessage as we don't have the |
| curl_multibyte gear available here. |
| |
| Closes https://github.com/curl/curl/pull/3758 |
| |
| Daniel Stenberg (11 Apr 2019) |
| - curl_easy_getinfo.3: fix minor formatting mistake |
| |
| Daniel Gustafsson (11 Apr 2019) |
| - xattr: skip unittest on unsupported platforms |
| |
| The stripcredentials unittest fails to compile on platforms without |
| xattr support, for example the Solaris member in the buildfarm which |
| fails with the following: |
| |
| CC unit1621-unit1621.o |
| CC ../libtest/unit1621-first.o |
| CCLD unit1621 |
| Undefined first referenced |
| symbol in file |
| stripcredentials unit1621-unit1621.o |
| goto problem 2 |
| ld: fatal: symbol referencing errors. No output written to .libs/unit1621 |
| collect2: error: ld returned 1 exit status |
| gmake[2]: *** [Makefile:996: unit1621] Error 1 |
| |
| Fix by excluding the test on such platforms by using the reverse |
| logic from where stripcredentials() is defined. |
| |
| Closes #3759 |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| Steve Holme (11 Apr 2019) |
| - emailL Added reference to RFC8314 for implicit TLS |
| |
| - README: Schannel, stop calling it "winssl" |
| |
| Stick to "Schannel" everywhere - follow up to 180501cb. |
| |
| Jakub Zakrzewski (10 Apr 2019) |
| - cmake: clear CMAKE_REQUIRED_LIBRARIES after each use |
| |
| This fixes GSSAPI builds with the libraries in a non-standard location. |
| The testing for recv() were failing because it failed to link |
| the Kerberos libraries, which are not needed for this or subsequent |
| tests. |
| |
| fixes #3743 |
| closes #3744 |
| |
| - cmake: avoid linking executable for some tests with cmake 3.6+ |
| |
| With CMAKE_TRY_COMPILE_TARGET_TYPE set to STATIC_LIBRARY, the try_compile() |
| (which is used by check_c_source_compiles()) will build static library |
| instead of executable. This avoids linking additional libraries in and thus |
| speeds up those checks a little. |
| |
| This commit also avoids #3743 (GSSAPI build errors) on itself with cmake |
| 3.6 or above. That issue was fixed separately for all versions. |
| |
| Ref: #3744 |
| |
| - cmake: minor cleanup |
| |
| - Remove nneeded include_regular_expression. |
| It was setting what is already a default. |
| |
| - Remove duplicated include. |
| |
| - Don't check for pre-3.0.0 CMake version. |
| We already require at least 3.0.0, so it's just clutter. |
| |
| Ref: #3744 |
| |
| Steve Holme (8 Apr 2019) |
| - build-openssl.bat: Fixed support for OpenSSL v1.1.0+ |
| |
| - build-openssl.bat: Perfer the use of if statements rather than goto (where possible) |
| |
| - build-openssl.bat: Perform the install for each build type directly after the build |
| |
| - build-openssl.bat: Split the install of static and shared build types |
| |
| - build-openssl.bat: Split the building of static and shared build types |
| |
| - build-openssl.bat: Move the installation into a separate function |
| |
| - build-openssl.bat: Move the build step into a separate function |
| |
| - build-openssl.bat: Move the OpenSSL configuration into a separate function |
| |
| - build-openssl.bat: Fixed the BUILD_CONFIG variable not being initialised |
| |
| Should the parent environment set this variable then the build might |
| not be performed as the user intended. |
| |
| Daniel Stenberg (8 Apr 2019) |
| - socks: fix error message |
| |
| - config.d: clarify that initial : and = might need quoting [skip ci] |
| |
| Fixes #3738 |
| Closes #3749 |
| |
| - RELEASE-NOTES: synced |
| |
| bumped to 7.65.0 for next release |
| |
| - socks5: user name and passwords must be shorter than 256 |
| |
| bytes... since the protocol needs to store the length in a single byte field. |
| |
| Reported-by: XmiliaH on github |
| Fixes #3737 |
| Closes #3740 |
| |
| - [Jakub Zakrzewski brought this change] |
| |
| test: urlapi: urlencode characters above 0x7f correctly |
| |
| - [Jakub Zakrzewski brought this change] |
| |
| urlapi: urlencode characters above 0x7f correctly |
| |
| fixes #3741 |
| Closes #3742 |
| |
| - [Even Rouault brought this change] |
| |
| multi_runsingle(): fix use-after-free |
| |
| Fixes #3745 |
| Closes #3746 |
| |
| The following snippet |
| ``` |
| |
| int main() |
| { |
| CURL* hCurlHandle = curl_easy_init(); |
| curl_easy_setopt(hCurlHandle, CURLOPT_URL, "http://example.com"); |
| curl_easy_setopt(hCurlHandle, CURLOPT_PROXY, "1"); |
| curl_easy_perform(hCurlHandle); |
| curl_easy_cleanup(hCurlHandle); |
| return 0; |
| } |
| ``` |
| triggers the following Valgrind warning |
| |
| ``` |
| ==4125== Invalid read of size 8 |
| ==4125== at 0x4E7D1EE: Curl_llist_remove (llist.c:97) |
| ==4125== by 0x4E7EF5C: detach_connnection (multi.c:798) |
| ==4125== by 0x4E80545: multi_runsingle (multi.c:1451) |
| ==4125== by 0x4E8197C: curl_multi_perform (multi.c:2072) |
| ==4125== by 0x4E766A0: easy_transfer (easy.c:625) |
| ==4125== by 0x4E76915: easy_perform (easy.c:719) |
| ==4125== by 0x4E7697C: curl_easy_perform (easy.c:738) |
| ==4125== by 0x4008BE: main (in /home/even/curl/test) |
| ==4125== Address 0x9b3d1d0 is 1,120 bytes inside a block of size 1,600 free'd |
| ==4125== at 0x4C2ECF0: free (vg_replace_malloc.c:530) |
| ==4125== by 0x4E62C36: conn_free (url.c:756) |
| ==4125== by 0x4E62D34: Curl_disconnect (url.c:818) |
| ==4125== by 0x4E48DF9: Curl_once_resolved (hostip.c:1097) |
| ==4125== by 0x4E8052D: multi_runsingle (multi.c:1446) |
| ==4125== by 0x4E8197C: curl_multi_perform (multi.c:2072) |
| ==4125== by 0x4E766A0: easy_transfer (easy.c:625) |
| ==4125== by 0x4E76915: easy_perform (easy.c:719) |
| ==4125== by 0x4E7697C: curl_easy_perform (easy.c:738) |
| ==4125== by 0x4008BE: main (in /home/even/curl/test) |
| ==4125== Block was alloc'd at |
| ==4125== at 0x4C2F988: calloc (vg_replace_malloc.c:711) |
| ==4125== by 0x4E6438E: allocate_conn (url.c:1654) |
| ==4125== by 0x4E685B4: create_conn (url.c:3496) |
| ==4125== by 0x4E6968F: Curl_connect (url.c:4023) |
| ==4125== by 0x4E802E7: multi_runsingle (multi.c:1368) |
| ==4125== by 0x4E8197C: curl_multi_perform (multi.c:2072) |
| ==4125== by 0x4E766A0: easy_transfer (easy.c:625) |
| ==4125== by 0x4E76915: easy_perform (easy.c:719) |
| ==4125== by 0x4E7697C: curl_easy_perform (easy.c:738) |
| ==4125== by 0x4008BE: main (in /home/even/curl/test) |
| ``` |
| |
| This has been bisected to commit 2f44e94 |
| |
| Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14109 |
| Credit to OSS Fuzz |
| |
| - pipelining: removed |
| |
| As previously planned and documented in DEPRECATE.md, all pipelining |
| code is removed. |
| |
| Closes #3651 |
| |
| - [cclauss brought this change] |
| |
| tests: make Impacket (SMB server) Python 3 compatible |
| |
| Closes #3731 |
| Fixes #3289 |
| |
| Marcel Raad (6 Apr 2019) |
| - [Simon Warta brought this change] |
| |
| cmake: set SSL_BACKENDS |
| |
| This groups all SSL backends into the feature "SSL" and sets the |
| SSL_BACKENDS analogue to configure.ac |
| |
| Closes https://github.com/curl/curl/pull/3736 |
| |
| - [Simon Warta brought this change] |
| |
| cmake: don't run SORT on empty list |
| |
| In case of an empty list, SORTing leads to the cmake error "list |
| sub-command SORT requires list to be present." |
| |
| Closes https://github.com/curl/curl/pull/3736 |
| |
| Daniel Gustafsson (5 Apr 2019) |
| - [Eli Schwartz brought this change] |
| |
| configure: fix default location for fish completions |
| |
| Fish defines a vendor completions directory for completions that are not |
| installed as part of the fish project itself, and the vendor completions |
| are preferred if they exist. This prevents trying to overwrite the |
| builtin curl.fish completion (or creating file conflicts in distro |
| packaging). |
| |
| Prefer the pkg-config defined location exported by fish, if it can be |
| found, and fall back to the correct directory defined by most systems. |
| |
| Closes #3723 |
| Reviewed-by: Daniel Gustafsson |
| |
| Marcel Raad (5 Apr 2019) |
| - ftplistparser: fix LGTM alert "Empty block without comment" |
| |
| Removing the block is consistent with line 954/957. |
| |
| Closes https://github.com/curl/curl/pull/3732 |
| |
| - transfer: fix LGTM alert "Comparison is always true" |
| |
| Just remove the redundant condition, which also makes it clear that |
| k->buf is always 0-terminated if this break is not hit. |
| |
| Closes https://github.com/curl/curl/pull/3732 |
| |
| Jay Satiro (4 Apr 2019) |
| - [Rikard Falkeborn brought this change] |
| |
| smtp: fix compiler warning |
| |
| - Fix clang string-plus-int warning. |
| |
| Clang 8 warns about adding a string to an int does not append to the |
| string. Indeed it doesn't, but that was not the intention either. Use |
| array indexing as suggested to silence the warning. There should be no |
| functional changes. |
| |
| (In other words clang warns about "foo"+2 but not &"foo"[2] so use the |
| latter.) |
| |
| smtp.c:1221:29: warning: adding 'int' to a string does not append to the |
| string [-Wstring-plus-int] |
| eob = strdup(SMTP_EOB + 2); |
| ~~~~~~~~~~~~~~~~^~~~ |
| |
| Closes https://github.com/curl/curl/pull/3729 |
| |
| Marcel Raad (4 Apr 2019) |
| - VS projects: use Unicode for VC10+ |
| |
| All Windows APIs have been natively UTF-16 since Windows 2000 and the |
| non-Unicode variants are just wrappers around them. Only Windows 9x |
| doesn't understand Unicode without the UnicoWS DLL. As later Visual |
| Studio versions cannot target Windows 9x anyway, using the ANSI API |
| doesn't really have any benefit there. |
| |
| This avoids issues like KNOWN_BUGS 6.5. |
| |
| Ref: https://github.com/curl/curl/issues/2120 |
| Closes https://github.com/curl/curl/pull/3720 |
| |
| Daniel Gustafsson (3 Apr 2019) |
| - RELEASE-NOTES: synced |
| |
| Bump the version in progress to 7.64.2, if we merge any "change" |
| before the cut-off date we can update the version. |
| |
| - [Tim Rühsen brought this change] |
| |
| documentation: Fix several typos |
| |
| Closes #3724 |
| Reviewed-by: Jakub Zakrzewski |
| Reviewed-by: Daniel Gustafsson |
| |
| Jay Satiro (2 Apr 2019) |
| - [Mert Yazıcıoğlu brought this change] |
| |
| vauth/oauth2: Fix OAUTHBEARER token generation |
| |
| OAUTHBEARER tokens were incorrectly generated in a format similar to |
| XOAUTH2 tokens. These changes make OAUTHBEARER tokens conform to the |
| RFC7628. |
| |
| Fixes: #2487 |
| Reported-by: Paolo Mossino |
| |
| Closes https://github.com/curl/curl/pull/3377 |
| |
| Marcel Raad (2 Apr 2019) |
| - tool_cb_wrt: fix bad-function-cast warning |
| |
| Commit f5bc578f4cdfdc6c708211dfc2962a0e9d79352d reintroduced the |
| warning fixed in commit 2f5f31bb57d68b54e03bffcd9648aece1fe564f8. |
| Extend fhnd's scope and reuse that variable instead of calling |
| _get_osfhandle a second time to fix the warning again. |
| |
| Closes https://github.com/curl/curl/pull/3718 |
| |
| - VC15 project: remove MinimalRebuild |
| |
| Already done in commit d5cfefd0ea8e331b884186bff484210fad36e345 for the |
| library project, but I forgot the tool project template. Now also |
| removed for that. |
| |
| Dan Fandrich (1 Apr 2019) |
| - cirrus: Customize the disabled tests per FreeBSD version |
| |
| Try to run as many test cases as possible on each OS version. |
| 12.0 passes 13 more tests than the older versions, so we might as well |
| run them. |
| |
| Daniel Stenberg (1 Apr 2019) |
| - tool_help: include <strings.h> for strcasecmp |
| |
| Reported-by: Wyatt O'Day |
| Fixes #3715 |
| Closes #3716 |
| |
| Daniel Gustafsson (31 Mar 2019) |
| - scripts: fix typos |
| |
| Dan Fandrich (28 Mar 2019) |
| - travis: allow builds on branches named "ci" |
| |
| This allows a way to test changes other than through PRs. |
| |
| Daniel Stenberg (27 Mar 2019) |
| - [Brad Spencer brought this change] |
| |
| resolve: apply Happy Eyeballs philosophy to parallel c-ares queries |
| |
| Closes #3699 |
| |
| - multi: improved HTTP_1_1_REQUIRED handling |
| |
| Make sure to downgrade to 1.1 even when we get this HTTP/2 stream error |
| on first flight. |
| |
| Reported-by: niner on github |
| Fixes #3696 |
| Closes #3707 |
| |
| - [Leonardo Taccari brought this change] |
| |
| configure: avoid unportable `==' test(1) operator |
| |
| Closes #3709 |
| |
| Version 7.64.1 (27 Mar 2019) |
| |
| Daniel Stenberg (27 Mar 2019) |
| - RELEASE: 7.64.1 |
| |
| - Revert "ntlm: remove USE_WIN32_CRYPTO check to get USE_NTLM2SESSION set" |
| |
| This reverts commit 9130ead9fcabdb6b8fbdb37c0b38be2d326adb00. |
| |
| Fixes #3708 |
| |
| - [Christian Schmitz brought this change] |
| |
| ntlm: remove USE_WIN32_CRYPTO check to get USE_NTLM2SESSION set |
| |
| Closes #3704 |
| |
| Jay Satiro (26 Mar 2019) |
| - tool_cb_wrt: fix writing to Windows null device NUL |
| |
| - Improve console detection. |
| |
| Prior to this change WriteConsole could be called to write to a handle |
| that may not be a console, which would cause an error. This issue is |
| limited to character devices that are not also consoles such as the null |
| device NUL. |
| |
| Bug: https://github.com/curl/curl/issues/3175#issuecomment-439068724 |
| Reported-by: Gisle Vanem |
| |
| - CURLMOPT_PIPELINING.3: fix typo |
| |
| Daniel Stenberg (25 Mar 2019) |
| - TODO: config file parsing |
| |
| Closes #3698 |
| |
| Jay Satiro (24 Mar 2019) |
| - os400: Disable Alt-Svc by default since it's experimental |
| |
| Follow-up to 520f0b4 which added Alt-Svc support and enabled it by |
| default for OS400. Since the feature is experimental, it should be |
| disabled by default. |
| |
| Ref: https://github.com/curl/curl/commit/520f0b4#commitcomment-32792332 |
| Ref: https://curl.haxx.se/mail/lib-2019-02/0008.html |
| |
| Closes https://github.com/curl/curl/pull/3688 |
| |
| Dan Fandrich (24 Mar 2019) |
| - tests: Fixed XML validation errors in some test files. |
| |
| - tests: Fix some incorrect precheck error messages. |
| |
| [ci skip] |
| |
| Daniel Stenberg (22 Mar 2019) |
| - curl_url.3: this is not experimental anymore |
| |
| - travis: bump the used wolfSSL version to 4.0.0 |
| |
| Test 311 is now fine, leaving only 313 (CRL) disabled. |
| |
| Test 313 details can be found here: |
| https://github.com/wolfSSL/wolfssl/issues/1546 |
| |
| Closes #3697 |
| |
| Daniel Gustafsson (22 Mar 2019) |
| - lib: Fix typos in comments |
| |
| David Woodhouse (20 Mar 2019) |
| - openssl: if cert type is ENG and no key specified, key is ENG too |
| |
| Fixes #3692 |
| Closes #3692 |
| |
| Daniel Stenberg (20 Mar 2019) |
| - sectransp: tvOS 11 is required for ALPN support |
| |
| Reported-by: nianxuejie on github |
| Assisted-by: Nick Zitzmann |
| Assisted-by: Jay Satiro |
| Fixes #3689 |
| Closes #3690 |
| |
| - test1541: threaded connection sharing |
| |
| The threaded-shared-conn.c example turned into test case. Only works if |
| pthread was detected. |
| |
| An attempt to detect future regressions such as e3a53e3efb942a5 |
| |
| Closes #3687 |
| |
| Patrick Monnerat (17 Mar 2019) |
| - os400: alt-svc support. |
| |
| Although experimental, enable it in the platform config file. |
| Upgrade ILE/RPG binding. |
| |
| Daniel Stenberg (17 Mar 2019) |
| - conncache: use conn->data to know if a transfer owns it |
| |
| - make sure an already "owned" connection isn't returned unless |
| multiplexed. |
| |
| - clear ->data when returning the connection to the cache again |
| |
| Regression since 7.62.0 (probably in commit 1b76c38904f0) |
| |
| Bug: https://curl.haxx.se/mail/lib-2019-03/0064.html |
| |
| Closes #3686 |
| |
| - RELEASE-NOTES: synced |
| |
| - [Chris Young brought this change] |
| |
| configure: add --with-amissl |
| |
| AmiSSL is an Amiga native library which provides a wrapper over OpenSSL. |
| It also requires all programs using it to use bsdsocket.library |
| directly, rather than accessing socket functions through clib, which |
| libcurl was not necessarily doing previously. Configure will now check |
| for the headers and ensure they are included if found. |
| |
| Closes #3677 |
| |
| - [Chris Young brought this change] |
| |
| vtls: rename some of the SSL functions |
| |
| ... in the SSL structure as AmiSSL is using macros for the socket API |
| functions. |
| |
| - [Chris Young brought this change] |
| |
| tool_getpass: termios.h is present on AmigaOS 3, but no tcgetattr/tcsetattr |
| |
| - [Chris Young brought this change] |
| |
| tool_operate: build on AmigaOS |
| |
| - makefile: make checksrc and hugefile commands "silent" |
| |
| ... to match the style already used for compiling, linking |
| etc. Acknowledges 'make V=1' to enable verbose. |
| |
| Closes #3681 |
| |
| - curl.1: --user and --proxy-user are hidden from ps output |
| |
| Suggested-by: Eric Curtin |
| Improved-by: Dan Fandrich |
| Ref: #3680 |
| |
| Closes #3683 |
| |
| - curl.1: mark the argument to --cookie as <data|filename> |
| |
| From a discussion in #3676 |
| |
| Suggested-by: Tim Rühsen |
| |
| Closes #3682 |
| |
| Dan Fandrich (14 Mar 2019) |
| - fuzzer: Only clone the latest fuzzer code, for speed. |
| |
| Daniel Stenberg (14 Mar 2019) |
| - [Dominik Hölzl brought this change] |
| |
| Negotiate: fix for HTTP POST with Negotiate |
| |
| * Adjusted unit tests 2056, 2057 |
| * do not generally close connections with CURLAUTH_NEGOTIATE after every request |
| * moved negotiatedata from UrlState to connectdata |
| * Added stream rewind logic for CURLAUTH_NEGOTIATE |
| * introduced negotiatedata::GSS_AUTHDONE and negotiatedata::GSS_AUTHSUCC |
| * Consider authproblem state for CURLAUTH_NEGOTIATE |
| * Consider reuse_forbid for CURLAUTH_NEGOTIATE |
| * moved and adjusted negotiate authentication state handling from |
| output_auth_headers into Curl_output_negotiate |
| * Curl_output_negotiate: ensure auth done is always set |
| * Curl_output_negotiate: Set auth done also if result code is |
| GSS_S_CONTINUE_NEEDED/SEC_I_CONTINUE_NEEDED as this result code may |
| also indicate the last challenge request (only works with disabled |
| Expect: 100-continue and CURLOPT_KEEP_SENDING_ON_ERROR -> 1) |
| * Consider "Persistent-Auth" header, detect if not present; |
| Reset/Cleanup negotiate after authentication if no persistent |
| authentication |
| * apply changes introduced with #2546 for negotiate rewind logic |
| |
| Fixes #1261 |
| Closes #1975 |
| |
| - [Marc Schlatter brought this change] |
| |
| http: send payload when (proxy) authentication is done |
| |
| The check that prevents payload from sending in case of authentication |
| doesn't check properly if the authentication is done or not. |
| |
| They're cases where the proxy respond "200 OK" before sending |
| authentication challenge. This change takes care of that. |
| |
| Fixes #2431 |
| Closes #3669 |
| |
| - file: fix "Checking if unsigned variable 'readcount' is less than zero." |
| |
| Pointed out by codacy |
| |
| Closes #3672 |
| |
| - memdebug: log pointer before freeing its data |
| |
| Coverity warned for two potentional "Use after free" cases. Both are false |
| positives because the memory wasn't used, it was only the actual pointer |
| value that was logged. |
| |
| The fix still changes the order of execution to avoid the warnings. |
| |
| Coverity CID 1443033 and 1443034 |
| |
| Closes #3671 |
| |
| - RELEASE-NOTES: synced |
| |
| Marcel Raad (12 Mar 2019) |
| - travis: actually use updated compiler versions |
| |
| For the Linux builds, GCC 8 and 7 and clang 7 were installed, but the |
| new GCC versions were only used for the coverage build and for building |
| nghttp2, while the new clang version was not used at all. |
| |
| BoringSSL needs to use the default GCC as it respects CC, but not CXX, |
| so it would otherwise pass gcc 8 options to g++ 4.8 and fail. |
| |
| Also remove GCC 7, it's not needed anymore. |
| |
| Ref: https://docs.travis-ci.com/user/languages/c/#c11c11-and-beyond-and-toolchain-versioning |
| |
| Closes https://github.com/curl/curl/pull/3670 |
| |
| - travis: update clang to version 7 |
| |
| Closes https://github.com/curl/curl/pull/3670 |
| |
| Jay Satiro (11 Mar 2019) |
| - [Andre Guibert de Bruet brought this change] |
| |
| examples/externalsocket: add missing close socket calls |
| |
| .. and for Windows also call WSACleanup since we call WSAStartup. |
| |
| The example is to demonstrate handling the socket independently of |
| libcurl. In this case libcurl is not responsible for creating, opening |
| or closing the socket, it is handled by the application (our example). |
| |
| Fixes https://github.com/curl/curl/pull/3663 |
| |
| Daniel Stenberg (11 Mar 2019) |
| - multi: removed unused code for request retries |
| |
| This code was once used for the non multi-interface using code path, but |
| ever since easy_perform was turned into a wrapper around the multi |
| interface, this code path never runs. |
| |
| Closes #3666 |
| |
| Jay Satiro (11 Mar 2019) |
| - doh: inherit some SSL options from user's easy handle |
| |
| - Inherit SSL options for the doh handle but not SSL client certs, |
| SSL ALPN/NPN, SSL engine, SSL version, SSL issuer cert, |
| SSL pinned public key, SSL ciphers, SSL id cache setting, |
| SSL kerberos or SSL gss-api settings. |
| |
| - Fix inheritance of verbose setting. |
| |
| - Inherit NOSIGNAL. |
| |
| There is no way for the user to set options for the doh (DNS-over-HTTPS) |
| handles and instead we inherit some options from the user's easy handle. |
| |
| My thinking for the SSL options not inherited is they are most likely |
| not intended by the user for the DOH transfer. I did inherit insecure |
| because I think that should still be in control of the user. |
| |
| Prior to this change doh did not work for me because CAINFO was not |
| inherited. Also verbose was set always which AFAICT was a bug (#3660). |
| |
| Fixes https://github.com/curl/curl/issues/3660 |
| Closes https://github.com/curl/curl/pull/3661 |
| |
| Daniel Stenberg (9 Mar 2019) |
| - test331: verify set-cookie for dotless host name |
| |
| Reproduced bug #3649 |
| Closes #3659 |
| |
| - Revert "cookies: extend domain checks to non psl builds" |
| |
| This reverts commit 3773de378d48b06c09931e44dca4d274d0bfdce0. |
| |
| Regression shipped in 7.64.0 |
| Fixes #3649 |
| |
| - memdebug: make debug-specific functions use curl_dbg_ prefix |
| |
| To not "collide" or use up the regular curl_ name space. Also makes them |
| easier to detect in helper scripts. |
| |
| Closes #3656 |
| |
| - cmdline-opts/proxytunnel.d: the option tunnnels all protocols |
| |
| Clarify the language and simplify. |
| |
| Reported-by: Daniel Lublin |
| Closes #3658 |
| |
| - KNOWN_BUGS: Client cert (MTLS) issues with Schannel |
| |
| Closes #3145 |
| |
| - ROADMAP: updated to some more current things to work on |
| |
| - tests: fix multiple may be used uninitialized warnings |
| |
| - RELEASE-NOTES: synced |
| |
| - source: fix two 'nread' may be used uninitialized warnings |
| |
| Both seem to be false positives but we don't like warnings. |
| |
| Closes #3646 |
| |
| - gopher: remove check for path == NULL |
| |
| Since it can't be NULL and it makes Coverity believe we lack proper NULL |
| checks. Verified by test 659, landed in commit 15401fa886b. |
| |
| Pointed out by Coverity CID 1442746. |
| |
| Assisted-by: Dan Fandrich |
| Fixes #3617 |
| Closes #3642 |
| |
| - examples: only include <curl/curl.h> |
| |
| That's the only public curl header we should encourage use of. |
| |
| Reviewed-by: Marcel Raad |
| Closes #3645 |
| |
| - ssh: loop the state machine if not done and not blocking |
| |
| If the state machine isn't complete, didn't fail and it didn't return |
| due to blocking it can just as well loop again. |
| |
| This addresses the problem with SFTP directory listings where we would |
| otherwise return back to the parent and as the multi state machine |
| doesn't have any code for using CURLM_CALL_MULTI_PERFORM for as long the |
| doing phase isn't complete, it would return out when in reality there |
| was more data to deal with. |
| |
| Fixes #3506 |
| Closes #3644 |
| |
| Jay Satiro (5 Mar 2019) |
| - multi: support verbose conncache closure handle |
| |
| - Change closure handle to receive verbose setting from the easy handle |
| most recently added via curl_multi_add_handle. |
| |
| The closure handle is a special easy handle used for closing cached |
| connections. It receives limited settings from the easy handle most |
| recently added to the multi handle. Prior to this change that did not |
| include verbose which was a problem because on connection shutdown |
| verbose mode was not acknowledged. |
| |
| Ref: https://github.com/curl/curl/pull/3598 |
| |
| Co-authored-by: Daniel Stenberg |
| |
| Closes https://github.com/curl/curl/pull/3618 |
| |
| Daniel Stenberg (4 Mar 2019) |
| - CURLU: fix NULL dereference when used over proxy |
| |
| Test 659 verifies |
| |
| Also fixed the test 658 name |
| |
| Closes #3641 |
| |
| - altsvc_out: check the return code from Curl_gmtime |
| |
| Pointed out by Coverity, CID 1442956. |
| |
| Closes #3640 |
| |
| - docs/ALTSVC.md: docs describing the approach |
| |
| Closes #3498 |
| |
| - alt-svc: add a travis build |
| |
| - alt-svc: add test 355 and 356 to verify with command line curl |
| |
| - alt-svc: the curl command line bits |
| |
| - alt-svc: the libcurl bits |
| |
| - travis: add build using gnutls |
| |
| Closes #3637 |
| |
| - RELEASE-NOTES: synced |
| |
| - [Simon Legner brought this change] |
| |
| scripts/completion.pl: also generate fish completion file |
| |
| This is the renamed script formerly known as zsh.pl |
| |
| Closes #3545 |
| |
| - gnutls: remove call to deprecated gnutls_compression_get_name |
| |
| It has been deprecated by GnuTLS since a year ago and now causes build |
| warnings. |
| |
| Ref: https://gitlab.com/gnutls/gnutls/commit/b0041897d2846737f5fb0f |
| Docs: https://www.gnutls.org/manual/html_node/Compatibility-API.html |
| |
| Closes #3636 |
| |
| Jay Satiro (2 Mar 2019) |
| - system_win32: move win32_init here from easy.c |
| |
| .. since system_win32 is a more appropriate location for the functions |
| and to extern the globals. |
| |
| Ref: https://github.com/curl/curl/commit/ca597ad#r32446578 |
| Reported-by: Gisle Vanem |
| |
| Closes https://github.com/curl/curl/pull/3625 |
| |
| Daniel Stenberg (1 Mar 2019) |
| - curl_easy_duphandle.3: clarify that a duped handle has no shares |
| |
| Reported-by: Sara Golemon |
| |
| Fixes #3592 |
| Closes #3634 |
| |
| - 10-at-a-time.c: fix too long line |
| |
| - [Arnaud Rebillout brought this change] |
| |
| examples: various fixes in ephiperfifo.c |
| |
| The main change here is the timer value that was wrong, it was given in |
| usecs (ms * 1000), while the itimerspec struct wants nsecs (ms * 1000 * |
| 1000). This resulted in the callback being invoked WAY TOO OFTEN. |
| |
| As a quick check you can run this command before and after applying this |
| commit: |
| |
| # shell 1 |
| ./ephiperfifo 2>&1 | tee ephiperfifo.log |
| # shell 2 |
| echo http://hacking.elboulangero.com > hiper.fifo |
| |
| Then just compare the size of the logs files. |
| |
| Closes #3633 |
| Fixes #3632 |
| Signed-off-by: Arnaud Rebillout <arnaud.rebillout@collabora.com> |
| |
| - urldata: simplify bytecounters |
| |
| - no need to have them protocol specific |
| |
| - no need to set pointers to them with the Curl_setup_transfer() call |
| |
| - make Curl_setup_transfer() operate on a transfer pointer, not |
| connection |
| |
| - switch some counters from long to the more proper curl_off_t type |
| |
| Closes #3627 |
| |
| - examples/10-at-a-time.c: improve readability and simplify |
| |
| - use better variable names to explain their purposes |
| - convert logic to curl_multi_wait() |
| |
| - threaded-resolver: shutdown the resolver thread without error message |
| |
| When a transfer is done, the resolver thread will be brought down. That |
| could accidentally generate an error message in the error buffer even |
| though this is not an error situationand the transfer would still return |
| OK. An application that still reads the error buffer could find a |
| "Could not resolve host: [host name]" message there and get confused. |
| |
| Reported-by: Michael Schmid |
| Fixes #3629 |
| Closes #3630 |
| |
| - [Ԝеѕ brought this change] |
| |
| docs: update max-redirs.d phrasing |
| |
| clarify redir - "in absurdum" doesn't seem to make sense in this context |
| |
| Closes #3631 |
| |
| - ssh: fix Condition '!status' is always true |
| |
| in the same sftp_done function in both SSH backends. Simplify them |
| somewhat. |
| |
| Pointed out by Codacy. |
| |
| Closes #3628 |
| |
| - test578: make it read data from the correct test |
| |
| - Curl_easy: remove req.maxfd - never used! |
| |
| Introduced in 8b6314ccfb, but not used anymore in current code. Unclear |
| since when. |
| |
| Closes #3626 |
| |
| - http: set state.infilesize when sending formposts |
| |
| Without it set, we would unwillingly triger the "HTTP error before end |
| of send, stop sending" condition even if the entire POST body had been |
| sent (since it wouldn't know the expected size) which would |
| unnecessarily log that message and close the connection when it didn't |
| have to. |
| |
| Reported-by: Matt McClure |
| Bug: https://curl.haxx.se/mail/archive-2019-02/0023.html |
| Closes #3624 |
| |
| - INSTALL: refer to the current TLS library names and configure options |
| |
| - FAQ: minor updates and spelling fixes |
| |
| - GOVERNANCE.md: minor spelling fixes |
| |
| - Secure Transport: no more "darwinssl" |
| |
| Everyone calls it Secure Transport, now we do too. |
| |
| Reviewed-by: Nick Zitzmann |
| |
| Closes #3619 |
| |
| Marcel Raad (27 Feb 2019) |
| - AppVeyor: add classic MinGW build |
| |
| But use the MSYS2 shell rather than the default MSYS shell because of |
| POSIX path conversion issues. Classic MinGW is only available on the |
| Visual Studio 2015 image. |
| |
| Closes https://github.com/curl/curl/pull/3623 |
| |
| - AppVeyor: add MinGW-w64 build |
| |
| Add a MinGW-w64 build using CMake's MSYS Makefiles generator. |
| Use the Visual Studio 2015 image as it has GCC 8, while the |
| Visual Studio 2017 image only has GCC 7.2. |
| |
| Closes https://github.com/curl/curl/pull/3623 |
| |
| Daniel Stenberg (27 Feb 2019) |
| - cookies: only save the cookie file if the engine is enabled |
| |
| Follow-up to 8eddb8f4259. |
| |
| If the cookieinfo pointer is NULL there really is nothing to save. |
| |
| Without this fix, we got a problem when a handle was using shared object |
| with cookies and is told to "FLUSH" it to file (which worked) and then |
| the share object was removed and when the easy handle was closed just |
| afterwards it has no cookieinfo and no cookies so it decided to save an |
| empty jar (overwriting the file just flushed). |
| |
| Test 1905 now verifies that this works. |
| |
| Assisted-by: Michael Wallner |
| Assisted-by: Marcel Raad |
| |
| Closes #3621 |
| |
| - [DaVieS brought this change] |
| |
| cacertinmem.c: use multiple certificates for loading CA-chain |
| |
| Closes #3421 |
| |
| - urldata: convert bools to bitfields and move to end |
| |
| This allows the compiler to pack and align the structs better in |
| memory. For a rather feature-complete build on x86_64 Linux, gcc 8.1.2 |
| makes the Curl_easy struct 4.9% smaller. From 6312 bytes to 6000. |
| |
| Removed an unused struct field. |
| |
| No functionality changes. |
| |
| Closes #3610 |
| |
| - [Don J Olmstead brought this change] |
| |
| curl.h: use __has_declspec_attribute for shared builds |
| |
| Closes #3616 |
| |
| - curl: display --version features sorted alphabetically |
| |
| Closes #3611 |
| |
| - runtests: detect "schannel" as an alias for "winssl" |
| |
| Follow-up to 180501cb02 |
| |
| Reported-by: Marcel Raad |
| Fixes #3609 |
| Closes #3620 |
| |
| Marcel Raad (26 Feb 2019) |
| - AppVeyor: update to Visual Studio 2017 |
| |
| Switch all Visual Studio 2015 builds to Visual Studio 2017. It's not a |
| moving target anymore as the last update, Update 9, has been released. |
| |
| Closes https://github.com/curl/curl/pull/3606 |
| |
| - AppVeyor: switch VS 2015 builds to VS 2017 image |
| |
| The Visual Studio 2017 image has Visual Studio 2015 and 2017 installed. |
| |
| Closes https://github.com/curl/curl/pull/3606 |
| |
| - AppVeyor: explicitly select worker image |
| |
| Currently, we're using the default Visual Studio 2015 image for |
| everything. |
| |
| Closes https://github.com/curl/curl/pull/3606 |
| |
| Daniel Stenberg (26 Feb 2019) |
| - strerror: make the strerror function use local buffers |
| |
| Instead of using a fixed 256 byte buffer in the connectdata struct. |
| |
| In my build, this reduces the size of the connectdata struct by 11.8%, |
| from 2160 to 1904 bytes with no functionality or performance loss. |
| |
| This also fixes a bug in schannel's Curl_verify_certificate where it |
| called Curl_sspi_strerror when it should have called Curl_strerror for |
| string from GetLastError. the only effect would have been no text or the |
| wrong text being shown for the error. |
| |
| Co-authored-by: Jay Satiro |
| |
| Closes #3612 |
| |
| - [Michael Wallner brought this change] |
| |
| cookies: fix NULL dereference if flushing cookies with no CookieInfo set |
| |
| Regression brought by a52e46f3900fb0 (shipped in 7.63.0) |
| |
| Closes #3613 |
| |
| Marcel Raad (26 Feb 2019) |
| - AppVeyor: re-enable test 500 |
| |
| It's passing now. |
| |
| Closes https://github.com/curl/curl/pull/3615 |
| |
| - AppVeyor: remove redundant builds |
| |
| Remove the Visual Studio 2012 and 2013 builds as they add little value. |
| |
| Ref: https://github.com/curl/curl/pull/3606 |
| Closes https://github.com/curl/curl/pull/3614 |
| |
| Daniel Stenberg (25 Feb 2019) |
| - RELEASE-NOTES: synced |
| |
| - [Bernd Mueller brought this change] |
| |
| OpenSSL: add support for TLS ASYNC state |
| |
| Closes #3591 |
| |
| Jay Satiro (25 Feb 2019) |
| - [Michael Felt brought this change] |
| |
| acinclude: add additional libraries to check for LDAP support |
| |
| - Add an additional check for LDAP that also checks for OpenSSL since |
| on AIX those libraries may be required to link LDAP properly. |
| |
| Fixes https://github.com/curl/curl/issues/3595 |
| Closes https://github.com/curl/curl/pull/3596 |
| |
| - [Giorgos Oikonomou brought this change] |
| |
| schannel: support CALG_ECDH_EPHEM algorithm |
| |
| Add support for Ephemeral elliptic curve Diffie-Hellman key exchange |
| algorithm option when selecting ciphers. This became available on the |
| Win10 SDK. |
| |
| Closes https://github.com/curl/curl/pull/3608 |
| |
| Daniel Stenberg (24 Feb 2019) |
| - multi: call multi_done on connect timeouts |
| |
| Failing to do so would make the CURLINFO_TOTAL_TIME timeout to not get |
| updated correctly and could end up getting reported to the application |
| completely wrong (way too small). |
| |
| Reported-by: accountantM on github |
| Fixes #3602 |
| Closes #3605 |
| |
| - examples: remove recursive calls to curl_multi_socket_action |
| |
| From within the timer callbacks. Recursive is problematic for several |
| reasons. They should still work, but this way the examples and the |
| documentation becomes simpler. I don't think we need to encourage |
| recursive calls. |
| |
| Discussed in #3537 |
| Closes #3601 |
| |
| Marcel Raad (23 Feb 2019) |
| - configure: remove CURL_CHECK_FUNC_FDOPEN call |
| |
| The macro itself has been removed in commit |
| 11974ac859c5d82def59e837e0db56fef7f6794e. |
| |
| Closes https://github.com/curl/curl/pull/3604 |
| |
| Daniel Stenberg (23 Feb 2019) |
| - wolfssl: stop custom-adding curves |
| |
| since wolfSSL PR https://github.com/wolfSSL/wolfssl/pull/717 (shipped in |
| wolfSSL 3.10.2 and later) it sends these curves by default already. |
| |
| Pointed-out-by: David Garske |
| |
| Closes #3599 |
| |
| - configure: remove the unused fdopen macro |
| |
| and the two remaining #ifdefs for it |
| |
| Closes #3600 |
| |
| Jay Satiro (22 Feb 2019) |
| - url: change conn shutdown order to unlink data as last step |
| |
| - Split off connection shutdown procedure from Curl_disconnect into new |
| function conn_shutdown. |
| |
| - Change the shutdown procedure to close the sockets before |
| disassociating the transfer. |
| |
| Prior to this change the sockets were closed after disassociating the |
| transfer so SOCKETFUNCTION wasn't called since the transfer was already |
| disassociated. That likely came about from recent work started in |
| Jan 2019 (#3442) to separate transfers from connections. |
| |
| Bug: https://curl.haxx.se/mail/lib-2019-02/0101.html |
| Reported-by: Pavel Löbl |
| |
| Closes https://github.com/curl/curl/issues/3597 |
| Closes https://github.com/curl/curl/pull/3598 |
| |
| Marcel Raad (22 Feb 2019) |
| - Fix strict-prototypes GCC warning |
| |
| As seen in the MinGW autobuilds. Caused by commit |
| f26bc29cfec0be84c67cf74065cf8e5e78fd68b7. |
| |
| Dan Fandrich (21 Feb 2019) |
| - tests: Fixed XML validation errors in some test files. |
| |
| Daniel Stenberg (20 Feb 2019) |
| - TODO: Allow SAN names in HTTP/2 server push |
| |
| Suggested-by: Nicolas Grekas |
| |
| - RELEASE-NOTES: synced |
| |
| - curl: remove MANUAL from -M output |
| |
| ... and remove it from the dist tarball. It has served its time, it |
| barely gets updated anymore and "everything curl" is now convering all |
| this document once tried to include, and does it more and better. |
| |
| In the compressed scenario, this removes ~15K data from the binary, |
| which is 25% of the -M output. |
| |
| It remains in the git repo for now for as long as the web site builds a |
| page using that as source. It renders poorly on the site (especially for |
| mobile users) so its not even good there. |
| |
| Closes #3587 |
| |
| - http2: verify :athority in push promise requests |
| |
| RFC 7540 says we should verify that the push is for an "authoritative" |
| server. We make sure of this by only allowing push with an :athority |
| header that matches the host that was asked for in the URL. |
| |
| Fixes #3577 |
| Reported-by: Nicolas Grekas |
| Bug: https://curl.haxx.se/mail/lib-2019-02/0057.html |
| Closes #3581 |
| |
| - singlesocket: fix the 'sincebefore' placement |
| |
| The variable wasn't properly reset within the loop and thus could remain |
| set for sockets that hadn't been set before and miss notifying the app. |
| |
| This is a follow-up to 4c35574 (shipped in curl 7.64.0) |
| |
| Reported-by: buzo-ffm on github |
| Detected-by: Jan Alexander Steffens |
| Fixes #3585 |
| Closes #3589 |
| |
| - connection: never reuse CONNECT_ONLY conections |
| |
| and make CONNECT_ONLY conections never reuse any existing ones either. |
| |
| Reported-by: Pavel Löbl |
| Bug: https://curl.haxx.se/mail/lib-2019-02/0064.html |
| Closes #3586 |
| |
| Patrick Monnerat (19 Feb 2019) |
| - cli tool: fix mime post with --disable-libcurl-option configure option |
| |
| Reported-by: Marcel Raad |
| Fixes #3576 |
| Closes #3583 |
| |
| Daniel Stenberg (19 Feb 2019) |
| - x509asn1: cleanup and unify code layout |
| |
| - rename 'n' to buflen in functions, and use size_t for them. Don't pass |
| in negative buffer lengths. |
| |
| - move most function comments to above the function starts like we use |
| to |
| |
| - remove several unnecessary typecasts (especially of NULL) |
| |
| Reviewed-by: Patrick Monnerat |
| Closes #3582 |
| |
| - curl_multi_remove_handle.3: use at any time, just not from within callbacks |
| |
| [ci skip] |
| |
| - http: make adding a blank header thread-safe |
| |
| Previously the function would edit the provided header in-place when a |
| semicolon is used to signify an empty header. This made it impossible to |
| use the same set of custom headers in multiple threads simultaneously. |
| |
| This approach now makes a local copy when it needs to edit the string. |
| |
| Reported-by: d912e3 on github |
| Fixes #3578 |
| Closes #3579 |
| |
| - unit1651: survive curl_easy_init() fails |
| |
| - [Frank Gevaerts brought this change] |
| |
| rand: Fix a mismatch between comments in source and header. |
| |
| Reported-by: Björn Stenberg <bjorn@haxx.se> |
| Closes #3584 |
| |
| Patrick Monnerat (18 Feb 2019) |
| - x509asn1: replace single char with an array |
| |
| Although safe in this context, using a single char as an array may |
| cause invalid accesses to adjacent memory locations. |
| |
| Detected by Coverity. |
| |
| Daniel Stenberg (18 Feb 2019) |
| - examples/http2-serverpush: add some sensible error checks |
| |
| To avoid NULL pointer dereferences etc in the case of problems. |
| |
| Closes #3580 |
| |
| Jay Satiro (18 Feb 2019) |
| - easy: fix win32 init to work without CURL_GLOBAL_WIN32 |
| |
| - Change the behavior of win32_init so that the required initialization |
| procedures are not affected by CURL_GLOBAL_WIN32 flag. |
| |
| libcurl via curl_global_init supports initializing for win32 with an |
| optional flag CURL_GLOBAL_WIN32, which if omitted was meant to stop |
| Winsock initialization. It did so internally by skipping win32_init() |
| when that flag was set. Since then win32_init() has been expanded to |
| include required initialization routines that are separate from |
| Winsock and therefore must be called in all cases. This commit fixes |
| it so that CURL_GLOBAL_WIN32 only controls the optional win32 |
| initialization (which is Winsock initialization, according to our doc). |
| |
| The only users affected by this change are those that don't pass |
| CURL_GLOBAL_WIN32 to curl_global_init. For them this commit removes the |
| risk of a potential crash. |
| |
| Ref: https://github.com/curl/curl/pull/3573 |
| |
| Fixes https://github.com/curl/curl/issues/3313 |
| Closes https://github.com/curl/curl/pull/3575 |
| |
| Daniel Gustafsson (17 Feb 2019) |
| - cookie: Add support for cookie prefixes |
| |
| The draft-ietf-httpbis-rfc6265bis-02 draft, specify a set of prefixes |
| and how they should affect cookie initialization, which has been |
| adopted by the major browsers. This adds support for the two prefixes |
| defined, __Host- and __Secure, and updates the testcase with the |
| supplied examples from the draft. |
| |
| Closes #3554 |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| - mbedtls: release sessionid resources on error |
| |
| If mbedtls_ssl_get_session() fails, it may still have allocated |
| memory that needs to be freed to avoid leaking. Call the library |
| API function to release session resources on this errorpath as |
| well as on Curl_ssl_addsessionid() errors. |
| |
| Closes: #3574 |
| Reported-by: Michał Antoniak <M.Antoniak@posnet.com> |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| Patrick Monnerat (16 Feb 2019) |
| - cli tool: refactor encoding conversion sequence for switch case fallthrough. |
| |
| - version.c: silent scan-build even when librtmp is not enabled |
| |
| Daniel Stenberg (15 Feb 2019) |
| - RELEASE-NOTES: synced |
| |
| - Curl_now: figure out windows version in win32_init |
| |
| ... and avoid use of static variables that aren't thread safe. |
| |
| Fixes regression from e9ababd4f5a (present in the 7.64.0 release) |
| |
| Reported-by: Paul Groke |
| Fixes #3572 |
| Closes #3573 |
| |
| Marcel Raad (15 Feb 2019) |
| - unit1307: just fail without FTP support |
| |
| I missed to check this in with commit |
| 71786c0505926aaf7e9b2477b2fb7ee16a915ec6, which only disabled the test. |
| This fixes the actual linker error. |
| |
| Closes https://github.com/curl/curl/pull/3568 |
| |
| Daniel Stenberg (15 Feb 2019) |
| - travis: enable valgrind for the iconv tests too |
| |
| Closes #3571 |
| |
| - travis: add scan-build |
| |
| Closes #3564 |
| |
| - examples/sftpuploadresume: Value stored to 'result' is never read |
| |
| Detected by scan-build |
| |
| - examples/http2-upload: cleaned up |
| |
| Fix scan-build warnings, no globals, no silly handle scan. Also remove |
| handles from the multi before cleaning up. |
| |
| - examples/http2-download: cleaned up |
| |
| To avoid scan-build warnings and global variables. |
| |
| - examples/postinmemory: Potential leak of memory pointed to by 'chunk.memory' |
| |
| Detected by scan-build |
| |
| - examples/httpcustomheader: Value stored to 'res' is never read |
| |
| Detected by scan-build |
| |
| - examples: remove superfluous null-pointer checks |
| |
| in ftpget, ftpsget and sftpget, so that scan-build stops warning for |
| potential NULL pointer dereference below! |
| |
| Detected by scan-build |
| |
| - strip_trailing_dot: make sure NULL is never used for strlen |
| |
| scan-build warning: Null pointer passed as an argument to a 'nonnull' |
| parameter |
| |
| - [Jay Satiro brought this change] |
| |
| connection_check: restore original conn->data after the check |
| |
| - Save the original conn->data before it's changed to the specified |
| data transfer for the connection check and then restore it afterwards. |
| |
| This is a follow-up to 38d8e1b 2019-02-11. |
| |
| History: |
| |
| It was discovered a month ago that before checking whether to extract a |
| dead connection that that connection should be associated with a "live" |
| transfer for the check (ie original conn->data ignored and set to the |
| passed in data). A fix was landed in 54b201b which did that and also |
| cleared conn->data after the check. The original conn->data was not |
| restored, so presumably it was thought that a valid conn->data was no |
| longer needed. |
| |
| Several days later it was discovered that a valid conn->data was needed |
| after the check and follow-up fix was landed in bbae24c which partially |
| reverted the original fix and attempted to limit the scope of when |
| conn->data was changed to only when pruning dead connections. In that |
| case conn->data was not cleared and the original conn->data not |
| restored. |
| |
| A month later it was discovered that the original fix was somewhat |
| correct; a "live" transfer is needed for the check in all cases |
| because original conn->data could be null which could cause a bad deref |
| at arbitrary points in the check. A fix was landed in 38d8e1b which |
| expanded the scope to all cases. conn->data was not cleared and the |
| original conn->data not restored. |
| |
| A day later it was discovered that not restoring the original conn->data |
| may lead to busy loops in applications that use the event interface, and |
| given this observation it's a pretty safe assumption that there is some |
| code path that still needs the original conn->data. This commit is the |
| follow-up fix for that, it restores the original conn->data after the |
| connection check. |
| |
| Assisted-by: tholin@users.noreply.github.com |
| Reported-by: tholin@users.noreply.github.com |
| |
| Fixes https://github.com/curl/curl/issues/3542 |
| Closes #3559 |
| |
| - memdebug: bring back curl_mark_sclose |
| |
| Used by debug builds with NSS. |
| |
| Reverted from 05b100aee247bb |
| |
| Patrick Monnerat (14 Feb 2019) |
| - transfer.c: do not compute length of undefined hex buffer. |
| |
| On non-ascii platforms, the chunked hex header was measured for char code |
| conversion length, even for chunked trailers that do not have an hex header. |
| In addition, the efective length is already known: use it. |
| Since the hex length can be zero, only convert if needed. |
| |
| Reported by valgrind. |
| |
| Daniel Stenberg (14 Feb 2019) |
| - KNOWN_BUGS: Cannot compile against a static build of OpenLDAP |
| |
| Closes #2367 |
| |
| Patrick Monnerat (14 Feb 2019) |
| - x509asn1: "Dereference of null pointer" |
| |
| Detected by scan-build (false positive). |
| |
| Daniel Stenberg (14 Feb 2019) |
| - configure: show features as well in the final summary |
| |
| Closes #3569 |
| |
| - KNOWN_BUGS: curl compiled on OSX 10.13 failed to run on OSX 10.10 |
| |
| Closes #2905 |
| |
| - KNOWN_BUGS: Deflate error after all content was received |
| |
| Closes #2719 |
| |
| - gssapi: fix deprecated header warnings |
| |
| Heimdal includes on FreeBSD spewed out lots of them. Less so now. |
| |
| Closes #3566 |
| |
| - TODO: Upgrade to websockets |
| |
| Closes #3523 |
| |
| - TODO: cmake test suite improvements |
| |
| Closes #3109 |
| |
| Patrick Monnerat (13 Feb 2019) |
| - curl: "Dereference of null pointer" |
| |
| Rephrase to satisfy scan-build. |
| |
| Marcel Raad (13 Feb 2019) |
| - unit1307: require FTP support |
| |
| This test doesn't link without FTP support after |
| fc7ab4835b5fd09d0a6f57000633bb6bb6edfda1, which made Curl_fnmatch |
| unavailable without FTP support. |
| |
| Closes https://github.com/curl/curl/pull/3565 |
| |
| Daniel Stenberg (13 Feb 2019) |
| - TODO: TFO support on Windows |
| |
| Nobody works on this now. |
| |
| Closes #3378 |
| |
| - multi: Dereference of null pointer |
| |
| Mostly a false positive, but this makes the code easier to read anyway. |
| |
| Detected by scan-build. |
| |
| Closes #3563 |
| |
| - urlglob: Argument with 'nonnull' attribute passed null |
| |
| Detected by scan-build. |
| |
| Jay Satiro (12 Feb 2019) |
| - schannel: restore some debug output but only for debug builds |
| |
| Follow-up to 84c10dc from earlier today which wrapped a lot of the noisy |
| debug output in DEBUGF but omitted a few lines. |
| |
| Ref: https://github.com/curl/curl/commit/84c10dc#r32292900 |
| |
| - examples/crawler: Fix the Accept-Encoding setting |
| |
| - Pass an empty string to CURLOPT_ACCEPT_ENCODING to use the default |
| supported encodings. |
| |
| Prior to this change the specific encodings of gzip and deflate were set |
| but there's no guarantee they'd be supported by the user's libcurl. |
| |
| Daniel Stenberg (12 Feb 2019) |
| - mime: put the boundary buffer into the curl_mime struct |
| |
| ... instead of allocating it separately and point to it. It is |
| fixed-size and always used for each part. |
| |
| Closes #3561 |
| |
| - schannel: be quiet |
| |
| Convert numerous infof() calls into debug-build only messages since they |
| are annoyingly verbose for regular applications. Removed a few. |
| |
| Bug: https://curl.haxx.se/mail/lib-2019-02/0027.html |
| Reported-by: Volker Schmid |
| Closes #3552 |
| |
| - [Romain Geissler brought this change] |
| |
| Curl_resolv: fix a gcc -Werror=maybe-uninitialized warning |
| |
| Closes #3562 |
| |
| - http2: multi_connchanged() moved from multi.c, only used for h2 |
| |
| Closes #3557 |
| |
| - curl: "Function call argument is an uninitialized value" |
| |
| Follow-up to cac0e4a6ad14b42471eb |
| |
| Detected by scan-build |
| Closes #3560 |
| |
| - pretransfer: don't strlen() POSTFIELDS set for GET requests |
| |
| ... since that data won't be used in the request anyway. |
| |
| Fixes #3548 |
| Reported-by: Renaud Allard |
| Close #3549 |
| |
| - multi: remove verbose "Expire in" ... messages |
| |
| Reported-by: James Brown |
| Bug: https://curl.haxx.se/mail/archive-2019-02/0013.html |
| Closes #3558 |
| |
| - mbedtls: make it build even if MBEDTLS_VERSION_C isn't set |
| |
| Reported-by: MAntoniak on github |
| Fixes #3553 |
| Closes #3556 |
| |
| Daniel Gustafsson (12 Feb 2019) |
| - non-ascii.c: fix typos in comments |
| |
| Fix two occurrences of s/convers/converts/ spotted while reading code. |
| |
| Daniel Stenberg (12 Feb 2019) |
| - fnmatch: disable if FTP is disabled |
| |
| Closes #3551 |
| |
| - curl_path: only enabled for SSH builds |
| |
| - [Frank Gevaerts brought this change] |
| |
| tests: add stderr comparison to the test suite |
| |
| The code is more or less copied from the stdout comparison code, maybe |
| some better reuse is possible. |
| |
| test 1457 is adjusted to make the output actually match (by using --silent) |
| test 506 used <stderr> without actually needing it, so that <stderr> block is removed |
| |
| Closes #3536 |
| |
| Patrick Monnerat (11 Feb 2019) |
| - cli tool: do not use mime.h private structures. |
| |
| Option -F generates an intermediate representation of the mime structure |
| that is used later to create the libcurl mime structure and generate |
| the --libcurl statements. |
| |
| Reported-by: Daniel Stenberg |
| Fixes #3532 |
| Closes #3546 |
| |
| Daniel Stenberg (11 Feb 2019) |
| - curlver: bump to 7.64.1-dev |
| |
| - RELEASE-NOTES: synced |
| |
| and bump the version in progress to 7.64.1. If we merge any "change" |
| before the cut-off date, we update again. |
| |
| Daniel Gustafsson (11 Feb 2019) |
| - curl: follow-up to 3f16990ec84 |
| |
| Commit 3f16990ec84cc4b followed-up a bug in b49652ac66cc0 but was |
| inadvertently introducing a new bug in the ternary expression. |
| |
| Close #3555 |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| - dns: release sharelock as soon as possible |
| |
| There is no benefit to holding the data sharelock when freeing the |
| addrinfo in case it fails, so ensure releaseing it as soon as we can |
| rather than holding on to it. This also aligns the code with other |
| consumers of sharelocks. |
| |
| Closes #3516 |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| Daniel Stenberg (11 Feb 2019) |
| - curl: follow-up to b49652ac66cc0 |
| |
| On FreeBSD, return non-zero on error otherwise zero. |
| |
| Reported-by: Marcel Raad |
| |
| - multi: (void)-prefix when ignoring return values |
| |
| ... and added braces to two function calls which fixes warnings if they |
| are replace by empty macros at build-time. |
| |
| - curl: fix FreeBSD compiler warning in the --xattr code |
| |
| Closes #3550 |
| |
| - connection_check: set ->data to the transfer doing the check |
| |
| The http2 code for connection checking needs a transfer to use. Make |
| sure a working one is set before handler->connection_check() is called. |
| |
| Reported-by: jnbr on github |
| Fixes #3541 |
| Closes #3547 |
| |
| - hostip: make create_hostcache_id avoid alloc + free |
| |
| Closes #3544 |
| |
| - scripts/singleuse: script to use to track single-use functions |
| |
| That is functions that are declared global but are not used from outside |
| of the file in which it is declared. Such functions should be made |
| static or even at times be removed. |
| |
| It also verifies that all used curl_ prefixed functions are "blessed" |
| |
| Closes #3538 |
| |
| - cleanup: make local functions static |
| |
| urlapi: turn three local-only functions into statics |
| |
| conncache: make conncache_find_first_connection static |
| |
| multi: make detach_connnection static |
| |
| connect: make getaddressinfo static |
| |
| curl_ntlm_core: make hmac_md5 static |
| |
| http2: make two functions static |
| |
| http: make http_setup_conn static |
| |
| connect: make tcpnodelay static |
| |
| tests: make UNITTEST a thing to mark functions with, so they can be static for |
| normal builds and non-static for unit test builds |
| |
| ... and mark Curl_shuffle_addr accordingly. |
| |
| url: make up_free static |
| |
| setopt: make vsetopt static |
| |
| curl_endian: make write32_le static |
| |
| rtsp: make rtsp_connisdead static |
| |
| warnless: remove unused functions |
| |
| memdebug: remove one unused function, made another static |
| |
| Dan Fandrich (10 Feb 2019) |
| - cirrus: Added FreeBSD builds using Cirrus CI. |
| |
| The build logs will be at https://cirrus-ci.com/github/curl/curl |
| |
| Some tests are currently failing and so disabled for now. The SSH server |
| isn't starting for the SSH tests due to unsupported options used in its |
| config file. The DICT server also is failing on startup. |
| |
| Daniel Stenberg (9 Feb 2019) |
| - url/idnconvert: remove scan for <= 32 ascii values |
| |
| The check was added back in fa939220df before the URL parser would catch |
| these problems and therefore these will never trigger now. |
| |
| Closes #3539 |
| |
| - urlapi: reduce variable scope, remove unreachable 'break' |
| |
| Both nits pointed out by codacy.com |
| |
| Closes #3540 |
| |
| Alessandro Ghedini (7 Feb 2019) |
| - zsh.pl: escape ':' character |
| |
| ':' is interpreted as separator by zsh, so if used as part of the argument |
| or option's description it needs to be escaped. |
| |
| The problem can be reproduced as follows: |
| |
| % curl --reso<TAB> |
| % curl -E <TAB> |
| |
| Bug: https://bugs.debian.org/921452 |
| |
| - zsh.pl: update regex to better match curl -h output |
| |
| The current regex fails to match '<...>' arguments properly (e.g. those |
| with spaces in them), which causes an completion script with wrong |
| descriptions for some options. |
| |
| Here's a diff of the generated completion script, comparing the previous |
| version to the one with this fix: |
| |
| --- /usr/share/zsh/vendor-completions/_curl 2019-01-15 20:47:40.000000000 +0000 |
| +++ _curl 2019-02-05 20:57:29.453349040 +0000 |
| @@ -9,48 +9,48 @@ |
| |
| _arguments -C -S \ |
| --happy-eyeballs-timeout-ms'[How long to wait in milliseconds for IPv6 before trying IPv4]':'<milliseconds>' \ |
| + --resolve'[Resolve the host+port to this address]':'<host:port:address[,address]...>' \ |
| {-c,--cookie-jar}'[Write cookies to <filename> after operation]':'<filename>':_files \ |
| {-D,--dump-header}'[Write the received headers to <filename>]':'<filename>':_files \ |
| {-y,--speed-time}'[Trigger '\''speed-limit'\'' abort after this time]':'<seconds>' \ |
| --proxy-cacert'[CA certificate to verify peer against for proxy]':'<file>':_files \ |
| - --tls13-ciphers'[of TLS 1.3 ciphersuites> TLS 1.3 cipher suites to use]':'<list' \ |
| + --tls13-ciphers'[TLS 1.3 cipher suites to use]':'<list of TLS 1.3 ciphersuites>' \ |
| {-E,--cert}'[Client certificate file and password]':'<certificate[:password]>' \ |
| --libcurl'[Dump libcurl equivalent code of this command line]':'<file>':_files \ |
| --proxy-capath'[CA directory to verify peer against for proxy]':'<dir>':_files \ |
| - --proxy-negotiate'[HTTP Negotiate (SPNEGO) authentication on the proxy]':'Use' \ |
| --proxy-pinnedpubkey'[FILE/HASHES public key to verify proxy with]':'<hashes>' \ |
| --crlfile'[Get a CRL list in PEM format from the given file]':'<file>':_files \ |
| - --proxy-insecure'[HTTPS proxy connections without verifying the proxy]':'Do' \ |
| - --proxy-ssl-allow-beast'[security flaw for interop for HTTPS proxy]':'Allow' \ |
| + --proxy-negotiate'[Use HTTP Negotiate (SPNEGO) authentication on the proxy]' \ |
| --abstract-unix-socket'[Connect via abstract Unix domain socket]':'<path>' \ |
| --pinnedpubkey'[FILE/HASHES Public key to verify peer against]':'<hashes>' \ |
| + --proxy-insecure'[Do HTTPS proxy connections without verifying the proxy]' \ |
| --proxy-pass'[Pass phrase for the private key for HTTPS proxy]':'<phrase>' \ |
| + --proxy-ssl-allow-beast'[Allow security flaw for interop for HTTPS proxy]' \ |
| {-p,--proxytunnel}'[Operate through an HTTP proxy tunnel (using CONNECT)]' \ |
| --socks5-hostname'[SOCKS5 proxy, pass host name to proxy]':'<host[:port]>' \ |
| --proto-default'[Use PROTOCOL for any URL missing a scheme]':'<protocol>' \ |
| - --proxy-tls13-ciphers'[list> TLS 1.3 proxy cipher suites]':'<ciphersuite' \ |
| + --proxy-tls13-ciphers'[TLS 1.3 proxy cipher suites]':'<ciphersuite list>' \ |
| --socks5-gssapi-service'[SOCKS5 proxy service name for GSS-API]':'<name>' \ |
| --ftp-alternative-to-user'[String to replace USER \[name\]]':'<command>' \ |
| - --ftp-ssl-control'[SSL/TLS for FTP login, clear for transfer]':'Require' \ |
| {-T,--upload-file}'[Transfer local FILE to destination]':'<file>':_files \ |
| --local-port'[Force use of RANGE for local port numbers]':'<num/range>' \ |
| --proxy-tlsauthtype'[TLS authentication type for HTTPS proxy]':'<type>' \ |
| {-R,--remote-time}'[Set the remote file'\''s time on the local output]' \ |
| - --retry-connrefused'[on connection refused (use with --retry)]':'Retry' \ |
| - --suppress-connect-headers'[proxy CONNECT response headers]':'Suppress' \ |
| - {-j,--junk-session-cookies}'[session cookies read from file]':'Ignore' \ |
| - --location-trusted'[--location, and send auth to other hosts]':'Like' \ |
| + --ftp-ssl-control'[Require SSL/TLS for FTP login, clear for transfer]' \ |
| --proxy-cert-type'[Client certificate type for HTTPS proxy]':'<type>' \ |
| {-O,--remote-name}'[Write output to a file named as the remote file]' \ |
| + --retry-connrefused'[Retry on connection refused (use with --retry)]' \ |
| + --suppress-connect-headers'[Suppress proxy CONNECT response headers]' \ |
| --trace-ascii'[Like --trace, but without hex output]':'<file>':_files \ |
| --connect-timeout'[Maximum time allowed for connection]':'<seconds>' \ |
| --expect100-timeout'[How long to wait for 100-continue]':'<seconds>' \ |
| {-g,--globoff}'[Disable URL sequences and ranges using {} and \[\]]' \ |
| + {-j,--junk-session-cookies}'[Ignore session cookies read from file]' \ |
| {-m,--max-time}'[Maximum time allowed for the transfer]':'<seconds>' \ |
| --dns-ipv4-addr'[IPv4 address to use for DNS requests]':'<address>' \ |
| --dns-ipv6-addr'[IPv6 address to use for DNS requests]':'<address>' \ |
| - --ignore-content-length'[the size of the remote resource]':'Ignore' \ |
| {-k,--insecure}'[Allow insecure server connections when using SSL]' \ |
| + --location-trusted'[Like --location, and send auth to other hosts]' \ |
| --mail-auth'[Originator address of the original email]':'<address>' \ |
| --noproxy'[List of hosts which do not use proxy]':'<no-proxy-list>' \ |
| --proto-redir'[Enable/disable PROTOCOLS on redirect]':'<protocols>' \ |
| @@ -62,18 +62,19 @@ |
| --socks5-basic'[Enable username/password auth for SOCKS5 proxies]' \ |
| --cacert'[CA certificate to verify peer against]':'<file>':_files \ |
| {-H,--header}'[Pass custom header(s) to server]':'<header/@file>' \ |
| + --ignore-content-length'[Ignore the size of the remote resource]' \ |
| {-i,--include}'[Include protocol response headers in the output]' \ |
| --proxy-header'[Pass custom header(s) to proxy]':'<header/@file>' \ |
| --unix-socket'[Connect through this Unix domain socket]':'<path>' \ |
| {-w,--write-out}'[Use output FORMAT after completion]':'<format>' \ |
| - --http2-prior-knowledge'[HTTP 2 without HTTP/1.1 Upgrade]':'Use' \ |
| {-o,--output}'[Write to file instead of stdout]':'<file>':_files \ |
| - {-J,--remote-header-name}'[the header-provided filename]':'Use' \ |
| + --preproxy'[\[protocol://\]host\[:port\] Use this proxy first]' \ |
| --socks4a'[SOCKS4a proxy on given host + port]':'<host[:port]>' \ |
| {-Y,--speed-limit}'[Stop transfers slower than this]':'<speed>' \ |
| {-z,--time-cond}'[Transfer based on a time condition]':'<time>' \ |
| --capath'[CA directory to verify peer against]':'<dir>':_files \ |
| {-f,--fail}'[Fail silently (no output at all) on HTTP errors]' \ |
| + --http2-prior-knowledge'[Use HTTP 2 without HTTP/1.1 Upgrade]' \ |
| --proxy-tlspassword'[TLS password for HTTPS proxy]':'<string>' \ |
| {-U,--proxy-user}'[Proxy user and password]':'<user:password>' \ |
| --proxy1.0'[Use HTTP/1.0 proxy on given port]':'<host[:port]>' \ |
| @@ -81,52 +82,49 @@ |
| {-A,--user-agent}'[Send User-Agent <name> to server]':'<name>' \ |
| --egd-file'[EGD socket path for random data]':'<file>':_files \ |
| --fail-early'[Fail on first transfer error, do not continue]' \ |
| - --haproxy-protocol'[HAProxy PROXY protocol v1 header]':'Send' \ |
| - --preproxy'[Use this proxy first]':'[protocol://]host[:port]' \ |
| + {-J,--remote-header-name}'[Use the header-provided filename]' \ |
| --retry-max-time'[Retry only within this period]':'<seconds>' \ |
| --socks4'[SOCKS4 proxy on given host + port]':'<host[:port]>' \ |
| --socks5'[SOCKS5 proxy on given host + port]':'<host[:port]>' \ |
| - --socks5-gssapi-nec'[with NEC SOCKS5 server]':'Compatibility' \ |
| - --ssl-allow-beast'[security flaw to improve interop]':'Allow' \ |
| --cert-status'[Verify the status of the server certificate]' \ |
| - --ftp-create-dirs'[the remote dirs if not present]':'Create' \ |
| {-:,--next}'[Make next URL use its separate set of options]' \ |
| --proxy-key-type'[Private key file type for proxy]':'<type>' \ |
| - --remote-name-all'[the remote file name for all URLs]':'Use' \ |
| {-X,--request}'[Specify request command to use]':'<command>' \ |
| --retry'[Retry request if transient problems occur]':'<num>' \ |
| - --ssl-no-revoke'[cert revocation checks (WinSSL)]':'Disable' \ |
| --cert-type'[Certificate file type (DER/PEM/ENG)]':'<type>' \ |
| --connect-to'[Connect to host]':'<HOST1:PORT1:HOST2:PORT2>' \ |
| --create-dirs'[Create necessary local directory hierarchy]' \ |
| + --haproxy-protocol'[Send HAProxy PROXY protocol v1 header]' \ |
| --max-redirs'[Maximum number of redirects allowed]':'<num>' \ |
| {-n,--netrc}'[Must read .netrc for user name and password]' \ |
| + {-x,--proxy}'[\[protocol://\]host\[:port\] Use this proxy]' \ |
| --proxy-crlfile'[Set a CRL list for proxy]':'<file>':_files \ |
| --sasl-ir'[Enable initial response in SASL authentication]' \ |
| - --socks5-gssapi'[GSS-API auth for SOCKS5 proxies]':'Enable' \ |
| + --socks5-gssapi-nec'[Compatibility with NEC SOCKS5 server]' \ |
| + --ssl-allow-beast'[Allow security flaw to improve interop]' \ |
| + --ftp-create-dirs'[Create the remote dirs if not present]' \ |
| --interface'[Use network INTERFACE (or address)]':'<name>' \ |
| --key-type'[Private key file type (DER/PEM/ENG)]':'<type>' \ |
| --netrc-file'[Specify FILE for netrc]':'<filename>':_files \ |
| {-N,--no-buffer}'[Disable buffering of the output stream]' \ |
| --proxy-service-name'[SPNEGO proxy service name]':'<name>' \ |
| - --styled-output'[styled output for HTTP headers]':'Enable' \ |
| + --remote-name-all'[Use the remote file name for all URLs]' \ |
| + --ssl-no-revoke'[Disable cert revocation checks (WinSSL)]' \ |
| --max-filesize'[Maximum file size to download]':'<bytes>' \ |
| --negotiate'[Use HTTP Negotiate (SPNEGO) authentication]' \ |
| --no-keepalive'[Disable TCP keepalive on the connection]' \ |
| {-#,--progress-bar}'[Display transfer progress as a bar]' \ |
| - {-x,--proxy}'[Use this proxy]':'[protocol://]host[:port]' \ |
| - --proxy-anyauth'[any proxy authentication method]':'Pick' \ |
| {-Q,--quote}'[Send command(s) to server before transfer]' \ |
| - --request-target'[the target for this request]':'Specify' \ |
| + --socks5-gssapi'[Enable GSS-API auth for SOCKS5 proxies]' \ |
| {-u,--user}'[Server user and password]':'<user:password>' \ |
| {-K,--config}'[Read config from a file]':'<file>':_files \ |
| {-C,--continue-at}'[Resumed transfer offset]':'<offset>' \ |
| --data-raw'[HTTP POST data, '\''@'\'' allowed]':'<data>' \ |
| - --disallow-username-in-url'[username in url]':'Disallow' \ |
| --krb'[Enable Kerberos with security <level>]':'<level>' \ |
| --proxy-ciphers'[SSL ciphers to use for proxy]':'<list>' \ |
| --proxy-digest'[Use Digest authentication on the proxy]' \ |
| --proxy-tlsuser'[TLS username for HTTPS proxy]':'<name>' \ |
| + --styled-output'[Enable styled output for HTTP headers]' \ |
| {-b,--cookie}'[Send cookies from string/file]':'<data>' \ |
| --data-urlencode'[HTTP POST data url encoded]':'<data>' \ |
| --delegation'[GSS-API delegation permission]':'<LEVEL>' \ |
| @@ -134,7 +132,10 @@ |
| --post301'[Do not switch to GET after following a 301]' \ |
| --post302'[Do not switch to GET after following a 302]' \ |
| --post303'[Do not switch to GET after following a 303]' \ |
| + --proxy-anyauth'[Pick any proxy authentication method]' \ |
| + --request-target'[Specify the target for this request]' \ |
| --trace-time'[Add time stamps to trace/verbose output]' \ |
| + --disallow-username-in-url'[Disallow username in url]' \ |
| --dns-servers'[DNS server addrs to use]':'<addresses>' \ |
| {-G,--get}'[Put the post data in the URL and use GET]' \ |
| --limit-rate'[Limit transfer speed to RATE]':'<speed>' \ |
| @@ -148,21 +149,21 @@ |
| --metalink'[Process given URLs as metalink XML file]' \ |
| --tr-encoding'[Request compressed transfer encoding]' \ |
| --xattr'[Store metadata in extended file attributes]' \ |
| - --ftp-skip-pasv-ip'[the IP address for PASV]':'Skip' \ |
| --pass'[Pass phrase for the private key]':'<phrase>' \ |
| --proxy-ntlm'[Use NTLM authentication on the proxy]' \ |
| {-S,--show-error}'[Show error even when -s is used]' \ |
| - --ciphers'[of ciphers> SSL ciphers to use]':'<list' \ |
| + --ciphers'[SSL ciphers to use]':'<list of ciphers>' \ |
| --form-string'[Specify multipart MIME data]':'<name=string>' \ |
| --login-options'[Server login options]':'<options>' \ |
| --tftp-blksize'[Set TFTP BLKSIZE option]':'<value>' \ |
| - --tftp-no-options'[not send any TFTP options]':'Do' \ |
| {-v,--verbose}'[Make the operation more talkative]' \ |
| + --ftp-skip-pasv-ip'[Skip the IP address for PASV]' \ |
| --proxy-key'[Private key for HTTPS proxy]':'<key>' \ |
| {-F,--form}'[Specify multipart MIME data]':'<name=content>' \ |
| --mail-from'[Mail from this address]':'<address>' \ |
| --oauth2-bearer'[OAuth 2 Bearer Token]':'<token>' \ |
| --proto'[Enable/disable PROTOCOLS]':'<protocols>' \ |
| + --tftp-no-options'[Do not send any TFTP options]' \ |
| --tlsauthtype'[TLS authentication type]':'<type>' \ |
| --doh-url'[Resolve host names over DOH]':'<URL>' \ |
| --no-sessionid'[Disable SSL session-ID reusing]' \ |
| @@ -173,14 +174,13 @@ |
| --ftp-ssl-ccc'[Send CCC after authenticating]' \ |
| {-4,--ipv4}'[Resolve names to IPv4 addresses]' \ |
| {-6,--ipv6}'[Resolve names to IPv6 addresses]' \ |
| - --netrc-optional'[either .netrc or URL]':'Use' \ |
| --service-name'[SPNEGO service name]':'<name>' \ |
| {-V,--version}'[Show version number and quit]' \ |
| --data-ascii'[HTTP POST ASCII data]':'<data>' \ |
| --ftp-account'[Account data string]':'<data>' \ |
| - --compressed-ssh'[SSH compression]':'Enable' \ |
| --disable-eprt'[Inhibit using EPRT or LPRT]' \ |
| --ftp-method'[Control CWD usage]':'<method>' \ |
| + --netrc-optional'[Use either .netrc or URL]' \ |
| --pubkey'[SSH Public key file name]':'<key>' \ |
| --raw'[Do HTTP "raw"; no transfer decoding]' \ |
| --anyauth'[Pick any authentication method]' \ |
| @@ -189,6 +189,7 @@ |
| --no-alpn'[Disable the ALPN TLS extension]' \ |
| --tcp-nodelay'[Use the TCP_NODELAY option]' \ |
| {-B,--use-ascii}'[Use ASCII/text transfer]' \ |
| + --compressed-ssh'[Enable SSH compression]' \ |
| --digest'[Use HTTP Digest Authentication]' \ |
| --proxy-tlsv1'[Use TLSv1 for HTTPS proxy]' \ |
| --engine'[Crypto engine to use]':'<name>' \ |
| |
| Marcel Raad (7 Feb 2019) |
| - tool_operate: fix typecheck warning |
| |
| Use long for CURLOPT_HTTP09_ALLOWED to fix the following warning: |
| tool_operate.c: In function 'operate_do': |
| ../include/curl/typecheck-gcc.h:47:9: error: call to |
| '_curl_easy_setopt_err_long' declared with attribute warning: |
| curl_easy_setopt expects a long argument for this option [-Werror] |
| |
| Closes https://github.com/curl/curl/pull/3534 |
| |
| Jay Satiro (6 Feb 2019) |
| - [Chris Araman brought this change] |
| |
| url: close TLS before removing conn from cache |
| |
| - Fix potential crashes in schannel shutdown. |
| |
| Ensure any TLS shutdown messages are sent before removing the |
| association between the connection and the easy handle. Reverts |
| @bagder's previous partial fix for #3412. |
| |
| Fixes https://github.com/curl/curl/issues/3412 |
| Fixes https://github.com/curl/curl/issues/3505 |
| Closes https://github.com/curl/curl/pull/3531 |
| |
| Daniel Gustafsson (6 Feb 2019) |
| - INTERNALS.md: fix subsection depth and link |
| |
| The Kerberos subsection was mistakenly a subsubsection under FTP, and |
| the curlx subsection was missing an anchor for the TOC link. |
| |
| Closes #3529 |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| Version 7.64.0 (6 Feb 2019) |
| |
| Daniel Stenberg (6 Feb 2019) |
| - RELEASE-NOTES: 7.64.0 |
| |
| - RELEASE-PROCEDURE: update the release calendar |
| |
| - THANKS: 7.64.0 status |
| |
| Daniel Gustafsson (5 Feb 2019) |
| - ROADMAP: remove already performed item |
| |
| Commit 7a09b52c98ac8d840a8a9907b1a1d9a9e684bcf5 introduced support |
| for the draft-ietf-httpbis-cookie-alone-01 cookie draft, and while |
| the entry was removed from the TODO it was mistakenly left here. |
| Fix by removing and rewording the entry slightly. |
| |
| Closes #3530 |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| - [Etienne Simard brought this change] |
| |
| CONTRIBUTE.md: Fix grammatical errors |
| |
| Fix grammatical errors making the document read better. Also fixes |
| a typo. |
| |
| Closes #3525 |
| Reviewed-by: Daniel Gustafsson <daniel@yesql.se> |
| |
| Daniel Stenberg (4 Feb 2019) |
| - [Julian Z brought this change] |
| |
| docs: use $(INSTALL_DATA) to install man page |
| |
| Fixes #3518 |
| Closes #3522 |
| |
| Jay Satiro (4 Feb 2019) |
| - [Ladar Levison brought this change] |
| |
| runtests.pl: Fix perl call to include srcdir |
| |
| - Use explicit include opt for perl calls. |
| |
| Prior to this change some scripts couldn't find their dependencies. |
| |
| At the top, perl is called using with the "-Isrcdir" option, and it |
| works: |
| |
| https://github.com/curl/curl/blob/curl-7_63_0/tests/runtests.pl#L183 |
| |
| But on line 3868, that option is omitted. This caused problems for me, |
| as the symbol-scan.pl script in particular couldn't find its |
| dependencies properly: |
| |
| https://github.com/curl/curl/blob/curl-7_63_0/tests/runtests.pl#L3868 |
| |
| This patch fixes that oversight by making calls to perl sub-shells |
| uniform. |
| |
| Closes https://github.com/curl/curl/pull/3496 |
| |
| Daniel Stenberg (4 Feb 2019) |
| - [Daniel Gustafsson brought this change] |
| |
| smtp: avoid risk of buffer overflow in strtol |
| |
| If the incoming len 5, but the buffer does not have a termination |
| after 5 bytes, the strtol() call may keep reading through the line |
| buffer until is exceeds its boundary. Fix by ensuring that we are |
| using a bounded read with a temporary buffer on the stack. |
| |
| Bug: https://curl.haxx.se/docs/CVE-2019-3823.html |
| Reported-by: Brian Carpenter (Geeknik Labs) |
| CVE-2019-3823 |
| |
| - ntlm: fix *_type3_message size check to avoid buffer overflow |
| |
| Bug: https://curl.haxx.se/docs/CVE-2019-3822.html |
| Reported-by: Wenxiang Qian |
| CVE-2019-3822 |
| |
| - NTLM: fix size check condition for type2 received data |
| |
| Bug: https://curl.haxx.se/docs/CVE-2018-16890.html |
| Reported-by: Wenxiang Qian |
| CVE-2018-16890 |
| |
| Marcel Raad (1 Feb 2019) |
| - [Giorgos Oikonomou brought this change] |
| |
| spnego_sspi: add support for channel binding |
| |
| Attempt to add support for Secure Channel binding when negotiate |
| authentication is used. The problem to solve is that by default IIS |
| accepts channel binding and curl doesn't utilise them. The result was a |
| 401 response. Scope affects only the Schannel(winssl)-SSPI combination. |
| |
| Fixes https://github.com/curl/curl/issues/3503 |
| Closes https://github.com/curl/curl/pull/3509 |
| |
| Daniel Stenberg (1 Feb 2019) |
| - RELEASE-NOTES: synced |
| |
| - schannel: stop calling it "winssl" |
| |
| Stick to "Schannel" everywhere. The configure option --with-winssl is |
| kept to allow existing builds to work but --with-schannel is added as an |
| alias. |
| |
| Closes #3504 |
| |
| - multi: set the EXPIRE_*TIMEOUT timers at TIMER_STARTSINGLE time |
| |
| To make sure Curl_timeleft() also thinks the timeout has been reached |
| when one of the EXPIRE_*TIMEOUTs expires. |
| |
| Bug: https://curl.haxx.se/mail/lib-2019-01/0073.html |
| Reported-by: Zhao Yisha |
| Closes #3501 |
| |
| - [John Marshall brought this change] |
| |
| doc: use meaningless port number in CURLOPT_LOCALPORT example |
| |
| Use an ephemeral port number here; previously the example had 8080 |
| which could be confusing as the common web server port number might |
| be misinterpreted as suggesting this option affects the remote port. |
| |
| URL: https://curl.haxx.se/mail/lib-2019-01/0084.html |
| Closes #3513 |
| |
| GitHub (29 Jan 2019) |
| - [Gisle Vanem brought this change] |
| |
| Escape the '\' |
| |
| A backslash should be escaped in Roff / Troff. |
| |
| Jay Satiro (29 Jan 2019) |
| - TODO: WinSSL: 'Add option to disable client cert auto-send' |
| |
| By default WinSSL selects and send a client certificate automatically, |
| but for privacy and consistency we should offer an option to disable the |
| default auto-send behavior. |
| |
| Reported-by: Jeroen Ooms |
| |
| Closes https://github.com/curl/curl/issues/2262 |
| |
| Daniel Stenberg (28 Jan 2019) |
| - [Jeremie Rapin brought this change] |
| |
| sigpipe: if mbedTLS is used, ignore SIGPIPE |
| |
| mbedTLS doesn't have a sigpipe management. If a write/read occurs when |
| the remote closes the socket, the signal is raised and kills the |
| application. Use the curl mecanisms fix this behavior. |
| |
| Signed-off-by: Jeremie Rapin <j.rapin@overkiz.com> |
| |
| Closes #3502 |
| |
| - unit1653: make it survive torture tests |
| |
| Jay Satiro (28 Jan 2019) |
| - [Michael Kujawa brought this change] |
| |
| timeval: Disable MSVC Analyzer GetTickCount warning |
| |
| Compiling with msvc /analyze and a recent Windows SDK warns against |
| using GetTickCount (Suggests to use GetTickCount64 instead.) |
| |
| Since GetTickCount is only being used when GetTickCount64 isn't |
| available, I am disabling that warning. |
| |
| Fixes https://github.com/curl/curl/issues/3437 |
| Closes https://github.com/curl/curl/pull/3440 |
| |
| Daniel Stenberg (26 Jan 2019) |
| - configure: rewrite --enable-code-coverage |
| |
| The previously used ax_code_coverage.m4 is not license compatible and |
| must not be used. |
| |
| Reported-by: William A. Rowe Jr |
| Fixes #3497 |
| Closes #3499 |
| |
| - [Felix Hädicke brought this change] |
| |
| setopt: enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION for libssh |
| |
| CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION are supported for |
| libssh as well. So accepting these options only when compiling with |
| libssh2 is wrong here. |
| |
| Fixes #3493 |
| Closes #3494 |
| |
| - [Felix Hädicke brought this change] |
| |
| libssh: do not let libssh create socket |
| |
| By default, libssh creates a new socket, instead of using the socket |
| created by curl for SSH connections. |
| |
| Pass the socket created by curl to libssh using ssh_options_set() with |
| SSH_OPTIONS_FD directly after ssh_new(). So libssh uses our socket |
| instead of creating a new one. |
| |
| This approach is very similar to what is done in the libssh2 code, where |
| the socket created by curl is passed to libssh2 when |
| libssh2_session_startup() is called. |
| |
| Fixes #3491 |
| Closes #3495 |
| |
| - RELEASE-NOTES: synced |
| |
| - [Archangel_SDY brought this change] |
| |
| schannel: preserve original certificate path parameter |
| |
| Fixes #3480 |
| Closes #3487 |
| |
| - KNOWN_BUGS: tests not compatible with python3 |
| |
| Closes #3289 |
| [skip ci] |
| |
| Daniel Gustafsson (20 Jan 2019) |
| - memcmp: avoid doing single char memcmp |
| |
| There is no real gain in performing memcmp() comparisons on single |
| characters, so change these to array subscript inspections which |
| saves a call and makes the code clearer. |
| |
| Closes #3486 |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| Reviewed-by: Jay Satiro <raysatiro@yahoo.com> |
| |
| Daniel Stenberg (19 Jan 2019) |
| - COPYING: it's 2019 |
| |
| [skip ci] |
| |
| - [hhb brought this change] |
| |
| configure: fix recv/send/select detection on Android |
| |
| This reverts commit d4f25201fb7da03fc88f90d51101beb3d0026db9. |
| |
| The overloadable attribute is removed again starting from |
| NDK17. Actually they only exist in two NDK versions (15 and 16). With |
| overloadable, the first condition tried will succeed. Results in wrong |
| detection result. |
| |
| Closes #3484 |
| |
| Marcel Raad (19 Jan 2019) |
| - [Giorgos Oikonomou brought this change] |
| |
| ntlm_sspi: add support for channel binding |
| |
| Windows extended potection (aka ssl channel binding) is required |
| to login to ntlm IIS endpoint, otherwise the server returns 401 |
| responses. |
| |
| Fixes #3280 |
| Closes #3321 |
| |
| Daniel Stenberg (18 Jan 2019) |
| - schannel: on connection close there might not be a transfer |
| |
| Reported-by: Marcel Raad |
| Fixes #3412 |
| Closes #3483 |
| |
| - [Joel Depooter brought this change] |
| |
| ssh: log the libssh2 error message when ssh session startup fails |
| |
| When a ssh session startup fails, it is useful to know why it has |
| failed. This commit changes the message from: |
| "Failure establishing ssh session" |
| to something like this, for example: |
| "Failure establishing ssh session: -5, Unable to exchange encryption keys" |
| |
| Closes #3481 |
| |
| Alessandro Ghedini (16 Jan 2019) |
| - Fix typo in manpage |
| |
| Daniel Stenberg (16 Jan 2019) |
| - RELEASE-NOTES: synced |
| |
| Sergei Nikulov (16 Jan 2019) |
| - cmake: updated check for HAVE_POLL_FINE to match autotools |
| |
| Daniel Stenberg (16 Jan 2019) |
| - curl-compilers.m4: check for __ibmxl__ to detect xlclang |
| |
| Follow-up to 2fa0d57e2e3. The __xlc__ symbol is only defined there if a |
| particular flag is used for legacy macros. |
| |
| Fixes #3474 |
| Closes #3479 |
| |
| - openssl: fix the SSL_get_tlsext_status_ocsp_resp call |
| |
| .... to not pass in a const in the second argument as that's not how it |
| is supposed to be used and might cause compiler warnings. |
| |
| Reported-by: Pavel Pavlov |
| Fixes #3477 |
| Closes #3478 |
| |
| - curl-compilers.m4: detect xlclang |
| |
| Since it isn't totally clang compatible, we detect this IBM clang |
| front-end and if detected, avoids some clang specific magic. |
| |
| Reported-by: Kees Dekker |
| Fixes #3474 |
| Closes #3476 |
| |
| - README: add codacy code quality badge |
| |
| [skip ci] |
| |
| - extract_if_dead: follow-up to 54b201b48c90a |
| |
| extract_if_dead() dead is called from two functions, and only one of |
| them should get conn->data updated and now neither call path clears it. |
| |
| scan-build found a case where conn->data would be NULL dereferenced in |
| ConnectionExists() otherwise. |
| |
| Closes #3473 |
| |
| - multi: remove "Dead assignment" |
| |
| Found by scan-build. Follow-up to 4c35574bb785ce. |
| |
| Closes #3471 |
| |
| - tests: move objnames-* from lib into tests |
| |
| Since they're used purely for testing purposes, I think they should |
| rather be stored there. |
| |
| Closes #3470 |
| |
| Sergei Nikulov (15 Jan 2019) |
| - travis: added cmake build for osx |
| |
| Daniel Stenberg (14 Jan 2019) |
| - [Frank Gevaerts brought this change] |
| |
| cookie: fix comment typo (url_path_len -> uri_path_len) |
| |
| Closes #3469 |
| |
| Marcel Raad (14 Jan 2019) |
| - winbuild: conditionally use /DZLIB_WINAPI |
| |
| zlibwapi.lib (dynamic library) and zlibstat.lib (static library) have |
| the ZLIB_WINAPI define set by default. Using them requires that define |
| too. |
| |
| Ref: https://zlib.net/DLL_FAQ.txt |
| |
| Fixes https://github.com/curl/curl/issues/3133 |
| Closes https://github.com/curl/curl/pull/3460 |
| |
| Daniel Stenberg (14 Jan 2019) |
| - src/Makefile: make 'tidy' target work for metalink builds |
| |
| - extract_if_dead: use a known working transfer when checking connections |
| |
| Make sure that this function sets a proper "live" transfer for the |
| connection before calling the protocol-specific connection check |
| function, and then clear it again afterward as a non-used connection has |
| no current transfer. |
| |
| Reported-by: Jeroen Ooms |
| Reviewed-by: Marcel Raad |
| Reviewed-by: Daniel Gustafsson |
| Fixes #3463 |
| Closes #3464 |
| |
| - openssl: adapt to 3.0.0, OpenSSL_version_num() is deprecated |
| |
| OpenSSL_version() replaces OpenSSL_version_num() |
| |
| Closes #3462 |
| |
| Sergei Nikulov (11 Jan 2019) |
| - cmake: added checks for HAVE_VARIADIC_MACROS_C99 and HAVE_VARIADIC_MACROS_GCC |
| |
| Daniel Stenberg (11 Jan 2019) |
| - urldata: rename easy_conn to just conn |
| |
| We use "conn" everywhere to be a pointer to the connection. |
| |
| Introduces two functions that "attaches" and "detaches" the connection |
| to and from the transfer. |
| |
| Going forward, we should favour using "data->conn" (since a transfer |
| always only has a single connection or none at all) to "conn->data" |
| (since a connection can have none, one or many transfers associated with |
| it and updating conn->data to be correct is error prone and a frequent |
| reason for internal issues). |
| |
| Closes #3442 |
| |
| - tool_cb_prg: avoid integer overflow |
| |
| When calculating the progress bar width. |
| |
| Reported-by: Peng Li |
| Fixes #3456 |
| Closes #3458 |
| |
| Daniel Gustafsson (11 Jan 2019) |
| - travis: turn off copyright year checks in checksrc |
| |
| Invoking the maintainer intended COPYRIGHTYEAR check for everyone |
| in the PR pipeline is too invasive, especially at the turn of the |
| year when many files get affected. Remove and leave it as a tool |
| for maintainers to verify patches before commits. |
| |
| This reverts f7bdf4b2e1d81b2652b81b9b3029927589273b41. |
| |
| After discussion with: Daniel Stenberg |
| |
| Daniel Stenberg (10 Jan 2019) |
| - KNOWN_BUGS: cmake makes unusable tool_hugehelp.c with MinGW |
| |
| Closes #3125 |
| |
| - KNOWN_BUGS: Improve --data-urlencode space encoding |
| |
| Closes #3229 |
| |
| Patrick Monnerat (10 Jan 2019) |
| - os400: add a missing closing bracket |
| |
| See https://github.com/curl/curl/issues/3453#issuecomment-453054458 |
| |
| Reported-by: jonrumsey on github |
| |
| - os400: fix extra parameter syntax error. |
| |
| Reported-by: jonrumsey on github |
| Closes #3453 |
| |
| Daniel Stenberg (10 Jan 2019) |
| - test1558: verify CURLINFO_PROTOCOL on file:// transfer |
| |
| Attempt to reproduce issue #3444. |
| |
| Closes #3447 |
| |
| - RELEASE-NOTES: synced |
| |
| - xattr: strip credentials from any URL that is stored |
| |
| Both user and password are cleared uncondtitionally. |
| |
| Added unit test 1621 to verify. |
| |
| Fixes #3423 |
| Closes #3433 |
| |
| - cookies: allow secure override when done over HTTPS |
| |
| Added test 1562 to verify. |
| |
| Reported-by: Jeroen Ooms |
| Fixes #3445 |
| Closes #3450 |
| |
| - multi: multiplexing improvements |
| |
| Fixes #3436 |
| Closes #3448 |
| |
| Problem 1 |
| |
| After LOTS of scratching my head, I eventually realized that even when doing |
| 10 uploads in parallel, sometimes the socket callback to the application that |
| tells it what to wait for on the socket, looked like it would reflect the |
| status of just the single transfer that just changed state. |
| |
| Digging into the code revealed that this was indeed the truth. When multiple |
| transfers are using the same connection, the application did not correctly get |
| the *combined* flags for all transfers which then could make it switch to READ |
| (only) when in fact most transfers wanted to get told when the socket was |
| WRITEABLE. |
| |
| Problem 1b |
| |
| A separate but related regression had also been introduced by me when I |
| cleared connection/transfer association better a while ago, as now the logic |
| couldn't find the connection and see if that was marked as used by more |
| transfers and then it would also prematurely remove the socket from the socket |
| hash table even in times other transfers were still using it! |
| |
| Fix 1 |
| |
| Make sure that each socket stored in the socket hash has a "combined" action |
| field of what to ask the application to wait for, that is potentially the ORed |
| action of multiple parallel transfers. And remove that socket hash entry only |
| if there are no transfers left using it. |
| |
| Problem 2 |
| |
| The socket hash entry stored an association to a single transfer using that |
| socket - and when curl_multi_socket_action() was called to tell libcurl about |
| activities on that specific socket only that transfer was "handled". |
| |
| This was WRONG, as a single socket/connection can be used by numerous parallel |
| transfers and not necessarily a single one. |
| |
| Fix 2 |
| |
| We now store a list of handles in the socket hashtable entry and when libcurl |
| is told there's traffic for a particular socket, it now iterates over all |
| known transfers using that single socket. |
| |
| - test1561: improve test name |
| |
| [skip ci] |
| |
| - [Katsuhiko YOSHIDA brought this change] |
| |
| cookies: skip custom cookies when redirecting cross-site |
| |
| Closes #3417 |
| |
| - THANKS: fixups and a dedupe |
| |
| [skip ci] |
| |
| - timediff: fix math for unsigned time_t |
| |
| Bug: https://curl.haxx.se/mail/lib-2018-12/0088.html |
| |
| Closes #3449 |
| |
| - [Bernhard M. Wiedemann brought this change] |
| |
| tests: allow tests to pass by 2037-02-12 |
| |
| similar to commit f508d29f3902104018 |
| |
| Closes #3443 |
| |
| - RELEASE-NOTES: synced |
| |
| - [Brad Spencer brought this change] |
| |
| curl_multi_remove_handle() don't block terminating c-ares requests |
| |
| Added Curl_resolver_kill() for all three resolver modes, which only |
| blocks when necessary, along with test 1592 to confirm |
| curl_multi_remove_handle() doesn't block unless it must. |
| |
| Closes #3428 |
| Fixes #3371 |
| |
| - Revert "http_negotiate: do not close connection until negotiation is completed" |
| |
| This reverts commit 07ebaf837843124ee670e5b8c218b80b92e06e47. |
| |
| This also reopens PR #3275 which brought the change now reverted. |
| |
| Fixes #3384 |
| Closes #3439 |
| |
| - curl/urlapi.h: include "curl.h" first |
| |
| This allows programs to include curl/urlapi.h directly. |
| |
| Reviewed-by: Daniel Gustafsson |
| Reported-by: Ben Kohler |
| Fixes #3438 |
| Closes #3441 |
| |
| Marcel Raad (6 Jan 2019) |
| - VS projects: fix build warning |
| |
| Starting with Visual Studio 2017 Update 9, Visual Studio doesn't like |
| the MinimalRebuild option anymore and warns: |
| |
| cl : Command line warning D9035: option 'Gm' has been deprecated and |
| will be removed in a future release |
| |
| The option can be safely removed so that the default is used. |
| |
| Closes https://github.com/curl/curl/pull/3425 |
| |
| - schannel: fix compiler warning |
| |
| When building with Unicode on MSVC, the compiler warns about freeing a |
| pointer to const in Curl_unicodefree. Fix this by declaring it as |
| non-const and casting the argument to Curl_convert_UTF8_to_tchar to |
| non-const too, like we do in all other places. |
| |
| Closes https://github.com/curl/curl/pull/3435 |
| |
| Daniel Stenberg (4 Jan 2019) |
| - [Rikard Falkeborn brought this change] |
| |
| printf: introduce CURL_FORMAT_TIMEDIFF_T |
| |
| - [Rikard Falkeborn brought this change] |
| |
| printf: fix format specifiers |
| |
| Closes #3426 |
| |
| - libtest/stub_gssapi: use "real" snprintf |
| |
| ... since it doesn't link with libcurl. |
| |
| Reverts the commit dcd6f81025 changes from this file. |
| |
| Bug: https://curl.haxx.se/mail/lib-2019-01/0000.html |
| Reported-by: Shlomi Fish |
| Reviewed-by: Daniel Gustafsson |
| Reviewed-by: Kamil Dudka |
| |
| Closes #3434 |
| |
| - INTERNALS: correct some outdated function names |
| |
| Closes #3431 |
| |
| - docs/version.d: mention MultiSSL |
| |
| Reviewed-by: Daniel Gustafsson |
| Closes #3432 |
| |
| Daniel Gustafsson (2 Jan 2019) |
| - [Rikard Falkeborn brought this change] |
| |
| examples: Update .gitignore |
| |
| Add a few missing examples to make `make examples` not leave the |
| workspace in a dirty state. |
| |
| Closes #3427 |
| Reviewed-by: Daniel Gustafsson <daniel@yesql.se> |
| |
| - THANKS: add more missing names |
| |
| Add Adrian Burcea who made the artwork for the curl://up 2018 event |
| which was held in Stockholm, Sweden. |
| |
| - docs: mention potential leak in curl_slist_append |
| |
| When a non-empty list is appended to, and used as the returnvalue, |
| the list pointer can leak in case of an allocation failure in the |
| curl_slist_append() call. This is correctly handled in curl code |
| usage but we weren't explicitly pointing it out in the API call |
| documentation. Fix by extending the RETURNVALUE manpage section |
| and example code. |
| |
| Closes #3424 |
| Reported-by: dnivras on github |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| Marcel Raad (1 Jan 2019) |
| - tvnow: silence conversion warnings |
| |
| MinGW-w64 defaults to targeting Windows 7 now, so GetTickCount64 is |
| used and the milliseconds are represented as unsigned long long, |
| leading to a compiler warning when implicitly converting them to long. |
| |
| Daniel Stenberg (1 Jan 2019) |
| - THANKS: dedupe more names |
| |
| Researched-by: Tae Wong |
| |
| Marcel Raad (1 Jan 2019) |
| - [Markus Moeller brought this change] |
| |
| ntlm: update selection of type 3 response |
| |
| NTLM2 did not work i.e. no NTLMv2 response was created. Changing the |
| check seems to work. |
| |
| Ref: https://winprotocoldoc.blob.core.windows.net/productionwindowsarchives/MS-NLMP/[MS-NLMP].pdf |
| |
| Fixes https://github.com/curl/curl/issues/3286 |
| Closes https://github.com/curl/curl/pull/3287 |
| Closes https://github.com/curl/curl/pull/3415 |
| |
| Daniel Stenberg (31 Dec 2018) |
| - THANKS: added missing names from year <= 2000 |
| |
| Due to a report of a missing name in THANKS I manually went through an |
| old CHANGES.0 file and added many previously missing names here. |
| |
| Daniel Gustafsson (30 Dec 2018) |
| - urlapi: fix parsing ipv6 with zone index |
| |
| The previous fix for parsing IPv6 URLs with a zone index was a paddle |
| short for URLs without an explicit port. This patch fixes that case |
| and adds a unit test case. |
| |
| This bug was highlighted by issue #3408, and while it's not the full |
| fix for the problem there it is an isolated bug that should be fixed |
| regardless. |
| |
| Closes #3411 |
| Reported-by: GitYuanQu on github |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| Daniel Stenberg (30 Dec 2018) |
| - THANKS: dedupe Guenter Knauf |
| |
| Reported-by: Tae Wong |
| |
| - THANKS: missing name from the 6.3.1 release! |
| |
| Daniel Gustafsson (27 Dec 2018) |
| - RELEASE-NOTES: synced |
| |
| - [Claes Jakobsson brought this change] |
| |
| hostip: support wildcard hosts |
| |
| This adds support for wildcard hosts in CURLOPT_RESOLVE. These are |
| try-last so any non-wildcard entry is resolved first. If specified, |
| any host not matched by another CURLOPT_RESOLVE config will use this |
| as fallback. |
| |
| Example send a.com to 10.0.0.1 and everything else to 10.0.0.2: |
| curl --resolve *:443:10.0.0.2 --resolve a.com:443:10.0.0.1 \ |
| https://a.com https://b.com |
| |
| This is probably quite similar to using: |
| --connect-to a.com:443:10.0.0.1:443 --connect-to :443:10.0.0.2:443 |
| |
| Closes #3406 |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| - url: fix incorrect indentation |
| |
| Patrick Monnerat (26 Dec 2018) |
| - os400: upgrade ILE/RPG binding. |
| |
| - Trailer function support. |
| - http 0.9 option. |
| - curl_easy_upkeep. |
| |
| Daniel Gustafsson (25 Dec 2018) |
| - FAQ: remove mention of sourceforge for github |
| |
| The project bug tracker is no longer hosted at sourceforge but is now |
| hosted on the curl Github page. Update the FAQ to reflect. |
| |
| Closes #3410 |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| - openvms: fix typos in documentation |
| |
| - openvms: fix OpenSSL discovery on VAX |
| |
| The DCL code had a typo in one of the commands which would make the |
| OpenSSL discovery on VAX fail. The correct syntax is F$ENVIRONMENT. |
| |
| Closes #3407 |
| Reviewed-by: Viktor Szakats <commit@vszakats.net> |
| |
| Daniel Stenberg (24 Dec 2018) |
| - [Ruslan Baratov brought this change] |
| |
| cmake: use lowercase for function name like the rest of the code |
| |
| Reviewed-by: Sergei Nikulov |
| |
| closes #3196 |
| |
| - Revert "libssh: no data pointer == nothing to do" |
| |
| This reverts commit c98ee5f67f497195c9 since commit f3ce38739fa fixed the |
| problem in a more generic way. |
| |
| - disconnect: set conn->data for protocol disconnect |
| |
| Follow-up to fb445a1e18d: Set conn->data explicitly to point out the |
| current transfer when invoking the protocol-specific disconnect function |
| so that it can work correctly. |
| |
| Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12173 |
| |
| Jay Satiro (23 Dec 2018) |
| - [Pavel Pavlov brought this change] |
| |
| timeval: Use high resolution timestamps on Windows |
| |
| - Use QueryPerformanceCounter on Windows Vista+ |
| |
| There is confusing info floating around that QueryPerformanceCounter |
| can leap etc, which might have been true long time ago, but no longer |
| the case nowadays (perhaps starting from WinXP?). Also, boost and |
| std::chrono::steady_clock use QueryPerformanceCounter in a similar way. |
| |
| Prior to this change GetTickCount or GetTickCount64 was used, which has |
| lower resolution. That is still the case for <= XP. |
| |
| Fixes https://github.com/curl/curl/issues/3309 |
| Closes https://github.com/curl/curl/pull/3318 |
| |
| Daniel Stenberg (22 Dec 2018) |
| - libssh: no data pointer == nothing to do |
| |
| - conncache_unlock: avoid indirection by changing input argument type |
| |
| - disconnect: separate connections and easy handles better |
| |
| Do not assume/store assocation between a given easy handle and the |
| connection if it can be avoided. |
| |
| Long-term, the 'conn->data' pointer should probably be removed as it is a |
| little too error-prone. Still used very widely though. |
| |
| Reported-by: masbug on github |
| Fixes #3391 |
| Closes #3400 |
| |
| - libssh: free sftp_canonicalize_path() data correctly |
| |
| Assisted-by: Harry Sintonen |
| |
| Fixes #3402 |
| Closes #3403 |
| |
| - RELEASE-NOTES: synced |
| |
| - http: added options for allowing HTTP/0.9 responses |
| |
| Added CURLOPT_HTTP09_ALLOWED and --http0.9 for this purpose. |
| |
| For now, both the tool and library allow HTTP/0.9 by default. |
| docs/DEPRECATE.md lays out the plan for when to reverse that default: 6 |
| months after the 7.64.0 release. The options are added already now so |
| that applications/scripts can start using them already now. |
| |
| Fixes #2873 |
| Closes #3383 |
| |
| - if2ip: remove unused function Curl_if_is_interface_name |
| |
| Closes #3401 |
| |
| - http2: clear pause stream id if it gets closed |
| |
| Reported-by: Florian Pritz |
| |
| Fixes #3392 |
| Closes #3399 |
| |
| Daniel Gustafsson (20 Dec 2018) |
| - [David Garske brought this change] |
| |
| wolfssl: Perform cleanup |
| |
| This adds a cleanup callback for cyassl. Resolves possible memory leak |
| when using ECC fixed point cache. |
| |
| Closes #3395 |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| Reviewed-by: Daniel Gustafsson <daniel@yesql.se> |
| |
| Daniel Stenberg (20 Dec 2018) |
| - mbedtls: follow-up VERIFYHOST fix from f097669248 |
| |
| Fix-by: Eric Rosenquist |
| |
| Fixes #3376 |
| Closes #3390 |
| |
| - curlver: bump to 7.64.0 for next release |
| |
| Daniel Gustafsson (19 Dec 2018) |
| - cookies: extend domain checks to non psl builds |
| |
| Ensure to perform the checks we have to enforce a sane domain in |
| the cookie request. The check for non-PSL enabled builds is quite |
| basic but it's better than nothing. |
| |
| Closes #2964 |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| Daniel Stenberg (19 Dec 2018) |
| - [Matus Uzak brought this change] |
| |
| smb: fix incorrect path in request if connection reused |
| |
| Follow-up to 09e401e01bf9. If connection gets reused, then data member |
| will be copied, but not the proto member. As a result, in smb_do(), |
| path has been set from the original proto.share data. |
| |
| Closes #3388 |
| |
| - curl -J: do not append to the destination file |
| |
| Reported-by: Kamil Dudka |
| Fixes #3380 |
| Closes #3381 |
| |
| - mbedtls: use VERIFYHOST |
| |
| Previously, VERIFYPEER would enable/disable all checks. |
| |
| Reported-by: Eric Rosenquist |
| Fixes #3376 |
| Closes #3380 |
| |
| - pingpong: change default response timeout to 120 seconds |
| |
| Previously it was 30 minutes |
| |
| - pingpong: ignore regular timeout in disconnect phase |
| |
| The timeout set with CURLOPT_TIMEOUT is no longer used when |
| disconnecting from one of the pingpong protocols (FTP, IMAP, SMTP, |
| POP3). |
| |
| Reported-by: jasal82 on github |
| |
| Fixes #3264 |
| Closes #3374 |
| |
| - TODO: Windows: set attribute 'archive' for completed downloads |
| |
| Closes #3354 |
| |
| - RELEASE-NOTES: synced |
| |
| - http: minor whitespace cleanup from f464535b |
| |
| - [Ayoub Boudhar brought this change] |
| |
| http: Implement trailing headers for chunked transfers |
| |
| This adds the CURLOPT_TRAILERDATA and CURLOPT_TRAILERFUNCTION |
| options that allow a callback based approach to sending trailing headers |
| with chunked transfers. |
| |
| The test server (sws) was updated to take into account the detection of the |
| end of transfer in the case of trailing headers presence. |
| |
| Test 1591 checks that trailing headers can be sent using libcurl. |
| |
| Closes #3350 |
| |
| - darwinssl: accept setting max-tls with default min-tls |
| |
| Reported-by: Andrei Neculau |
| Fixes #3367 |
| Closes #3373 |
| |
| - gopher: fix memory leak from 9026083ddb2a9 |
| |
| - [Leonardo Taccari brought this change] |
| |
| test1201: Add a trailing `?' to the selector |
| |
| This verify that the `?' in the selector is kept as is. |
| |
| Verifies the fix in #3370 |
| |
| - [Leonardo Taccari brought this change] |
| |
| gopher: always include the entire gopher-path in request |
| |
| After the migration to URL API all octets in the selector after the |
| first `?' were interpreted as query and accidentally discarded and not |
| passed to the server. |
| |
| Add a gopherpath to always concatenate possible path and query URL |
| pieces. |
| |
| Fixes #3369 |
| Closes #3370 |
| |
| - [Leonardo Taccari brought this change] |
| |
| urlapi: distinguish possibly empty query |
| |
| If just a `?' to indicate the query is passed always store a zero length |
| query instead of having a NULL query. |
| |
| This permits to distinguish URL with trailing `?'. |
| |
| Fixes #3369 |
| Closes #3370 |
| |
| Daniel Gustafsson (13 Dec 2018) |
| - OS400: handle memory error in list conversion |
| |
| Curl_slist_append_nodup() returns NULL when it fails to create a new |
| item for the specified list, and since the coding here reassigned the |
| new list on top of the old list it would result in a dangling pointer |
| and lost memory. Also, in case we hit an allocation failure at some |
| point during the conversion, with allocation succeeding again on the |
| subsequent call(s) we will return a truncated list around the malloc |
| failure point. Fix by assigning to a temporary list pointer, which can |
| be checked (which is the common pattern for slist appending), and free |
| all the resources on allocation failure. |
| |
| Closes #3372 |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| - cookies: leave secure cookies alone |
| |
| Only allow secure origins to be able to write cookies with the |
| 'secure' flag set. This reduces the risk of non-secure origins |
| to influence the state of secure origins. This implements IETF |
| Internet-Draft draft-ietf-httpbis-cookie-alone-01 which updates |
| RFC6265. |
| |
| Closes #2956 |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| Daniel Stenberg (13 Dec 2018) |
| - docs: fix the --tls-max description |
| |
| Reported-by: Tobias Lindgren |
| Pointed out in #3367 |
| |
| Closes #3368 |
| |
| Daniel Gustafsson (12 Dec 2018) |
| - urlapi: Fix port parsing of eol colon |
| |
| A URL with a single colon without a portnumber should use the default |
| port, discarding the colon. Fix, add a testcase and also do little bit |
| of comment wordsmithing. |
| |
| Closes #3365 |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| Version 7.63.0 (12 Dec 2018) |
| |
| Daniel Stenberg (12 Dec 2018) |
| - RELEASE-NOTES: 7.63.0 |
| |
| - THANKS: from the curl 7.62.0 cycle |
| |
| - test1519: use lib1518 and test CURLINFO_REDIRECT_URL more |
| |
| - Curl_follow: extract the Location: header field unvalidated |
| |
| ... when not actually following the redirect. Otherwise we return error |
| for this and an application can't extract the value. |
| |
| Test 1518 added to verify. |
| |
| Reported-by: Pavel Pavlov |
| Fixes #3340 |
| Closes #3364 |
| |
| - multi: convert two timeout variables to timediff_t |
| |
| The time_t type is unsigned on some systems and these variables are used |
| to hold return values from functions that return timediff_t |
| already. timediff_t is always a signed type. |
| |
| Closes #3363 |
| |
| - delta: use --diff-filter on the git diff-tree invokes |
| |
| Suggested-by: Dave Reisner |
| |
| Patrick Monnerat (11 Dec 2018) |
| - documentation: curl_formadd field and file names are now escaped |
| |
| Prior to 7.56.0, fieldnames and filenames were set in Content-Disposition |
| header without special processing: this may lead to invalid RFC 822 |
| quoted-strings. |
| 7.56.0 introduces escaping of backslashes and double quotes in these names: |
| mention it in the documentation. |
| |
| Reported-by: daboul on github |
| Closes #3361 |
| |
| Daniel Stenberg (11 Dec 2018) |
| - scripts/delta: show repo delta info from last release |
| |
| ... where "last release" should be the git tag in the repo. |
| |
| Daniel Gustafsson (11 Dec 2018) |
| - tests: add urlapi unittest |
| |
| This adds a new unittest intended to cover the internal functions in |
| the urlapi code, starting with parse_port(). In order to avoid name |
| collisions in debug builds, parse_port() is renamed Curl_parse_port() |
| since it will be exported. |
| |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com> |
| |
| - urlapi: fix portnumber parsing for ipv6 zone index |
| |
| An IPv6 URL which contains a zone index includes a '%%25<zode id>' |
| string before the ending ']' bracket. The parsing logic wasn't set |
| up to cope with the zone index however, resulting in a malformed url |
| error being returned. Fix by breaking the parsing into two stages |
| to correctly handle the zone index. |
| |
| Closes #3355 |
| Closes #3319 |
| Reported-by: tonystz on Github |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com> |
| |
| Daniel Stenberg (11 Dec 2018) |
| - [Jay Satiro brought this change] |
| |
| http: fix HTTP auth to include query in URI |
| |
| - Include query in the path passed to generate HTTP auth. |
| |
| Recent changes to use the URL API internally (46e1640, 7.62.0) |
| inadvertently broke authentication URIs by omitting the query. |
| |
| Fixes https://github.com/curl/curl/issues/3353 |
| Closes #3356 |
| |
| - [Michael Kaufmann brought this change] |
| |
| http: don't set CURLINFO_CONDITION_UNMET for http status code 204 |
| |
| The http status code 204 (No Content) should not change the "condition |
| unmet" flag. Only the http status code 304 (Not Modified) should do |
| this. |
| |
| Closes #359 |
| |
| - [Samuel Surtees brought this change] |
| |
| ldap: fix LDAP URL parsing regressions |
| |
| - Match URL scheme with LDAP and LDAPS |
| - Retrieve attributes, scope and filter from URL query instead |
| |
| Regression brought in 46e164069d1a5230 (7.62.0) |
| |
| Closes #3362 |
| |
| - RELEASE-NOTES: synced |
| |
| - [Stefan Kanthak brought this change] |
| |
| (lib)curl.rc: fixup for minor bugs |
| |
| All resources defined in lib/libcurl.rc and curl.rc are language |
| neutral. |
| |
| winbuild/MakefileBuild.vc ALWAYS defines the macro DEBUGBUILD, so the |
| ifdef's in line 33 of lib/libcurl.rc and src/curl.rc are wrong. |
| |
| Replace the hard-coded constants in both *.rc files with #define'd |
| values. |
| |
| Thumbs-uped-by: Rod Widdowson, Johannes Schindelin |
| URL: https://curl.haxx.se/mail/lib-2018-11/0000.html |
| Closes #3348 |
| |
| - test329: verify cookie max-age=0 immediate expiry |
| |
| - cookies: expire "Max-Age=0" immediately |
| |
| Reported-by: Jeroen Ooms |
| Fixes #3351 |
| Closes #3352 |
| |
| - [Johannes Schindelin brought this change] |
| |
| Upon HTTP_1_1_REQUIRED, retry the request with HTTP/1.1 |
| |
| This is a companion patch to cbea2fd2c (NTLM: force the connection to |
| HTTP/1.1, 2018-12-06): with NTLM, we can switch to HTTP/1.1 |
| preemptively. However, with other (Negotiate) authentication it is not |
| clear to this developer whether there is a way to make it work with |
| HTTP/2, so let's try HTTP/2 first and fall back in case we encounter the |
| error HTTP_1_1_REQUIRED. |
| |
| Note: we will still keep the NTLM workaround, as it avoids an extra |
| round trip. |
| |
| Daniel Stenberg helped a lot with this patch, in particular by |
| suggesting to introduce the Curl_h2_http_1_1_error() function. |
| |
| Closes #3349 |
| |
| Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| |
| - [Ben Greear brought this change] |
| |
| openssl: fix unused variable compiler warning with old openssl |
| |
| URL: https://curl.haxx.se/mail/lib-2018-11/0055.html |
| |
| Closes #3347 |
| |
| - [Johannes Schindelin brought this change] |
| |
| NTLM: force the connection to HTTP/1.1 |
| |
| Since v7.62.0, cURL tries to use HTTP/2 whenever the server announces |
| the capability. However, NTLM authentication only works with HTTP/1.1, |
| and will likely remain in that boat (for details, see |
| https://docs.microsoft.com/en-us/iis/get-started/whats-new-in-iis-10/http2-on-iis#when-is-http2-not-supported). |
| |
| When we just found out that we want to use NTLM, and when the current |
| connection runs in HTTP/2 mode, let's force the connection to be closed |
| and to be re-opened using HTTP/1.1. |
| |
| Fixes https://github.com/curl/curl/issues/3341. |
| Closes #3345 |
| |
| Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| |
| - [Johannes Schindelin brought this change] |
| |
| curl_global_sslset(): id == -1 is not necessarily an error |
| |
| It is allowed to call that function with id set to -1, specifying the |
| backend by the name instead. We should imitate what is done further down |
| in that function to allow for that. |
| |
| Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| |
| Closes #3346 |
| |
| Johannes Schindelin (6 Dec 2018) |
| - .gitattributes: make tabs in indentation a visible error |
| |
| Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| |
| Daniel Stenberg (6 Dec 2018) |
| - RELEASE-NOTES: synced |
| |
| - doh: fix memory leak in OOM situation |
| |
| Reviewed-by: Daniel Gustafsson |
| Closes #3342 |
| |
| - doh: make it work for h2-disabled builds too |
| |
| Reported-by: dtmsecurity at github |
| Fixes #3325 |
| Closes #3336 |
| |
| - packages: remove old leftover files and dirs |
| |
| This subdir has mostly become an attic of never-used cruft from the |
| past. |
| |
| Closes #3331 |
| |
| - [Gergely Nagy brought this change] |
| |
| openssl: do not use file BIOs if not requested |
| |
| Moves the file handling BIO calls to the branch of the code where they |
| are actually used. |
| |
| Closes #3339 |
| |
| - [Paul Howarth brought this change] |
| |
| nss: Fix compatibility with nss versions 3.14 to 3.15 |
| |
| - [Paul Howarth brought this change] |
| |
| nss: Improve info message when falling back SSL protocol |
| |
| Use descriptive text strings rather than decimal numbers. |
| |
| - [Paul Howarth brought this change] |
| |
| nss: Fall back to latest supported SSL version |
| |
| NSS may be built without support for the latest SSL/TLS versions, |
| leading to "SSL version range is not valid" errors when the library |
| code supports a recent version (e.g. TLS v1.3) but it has explicitly |
| been disabled. |
| |
| This change adjusts the maximum SSL version requested by libcurl to |
| be the maximum supported version at runtime, as long as that version |
| is at least as high as the minimum version required by libcurl. |
| |
| Fixes #3261 |
| |
| Daniel Gustafsson (3 Dec 2018) |
| - travis: enable COPYRIGHTYEAR extended warning |
| |
| The extended warning for checking incorrect COPYRIGHTYEAR is quite |
| expensive to run, so rather than expecting every developer to do it |
| we ensure it's turned on locally for Travis. |
| |
| - checksrc: add COPYRIGHTYEAR check |
| |
| Forgetting to bump the year in the copyright clause when hacking has |
| been quite common among curl developers, but a traditional checksrc |
| check isn't a good fit as it would penalize anyone hacking on January |
| 1st (among other things). This adds a more selective COPYRIGHTYEAR |
| check which intends to only cover the currently hacked on changeset. |
| |
| The check for updated copyright year is currently not enforced on all |
| files but only on files edited and/or committed locally. This is due to |
| the amount of files which aren't updated with their correct copyright |
| year at the time of their respective commit. |
| |
| To further avoid running this expensive check for every developer, it |
| adds a new local override mode for checksrc where a .checksrc file can |
| be used to turn on extended warnings locally. |
| |
| Closes #3303 |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| Daniel Stenberg (3 Dec 2018) |
| - CHECKSRC.md: document more warnings |
| |
| Closes #3335 |
| [ci skip] |
| |
| - RELEASE-NOTES: synced |
| |
| - SECURITY-PROCESS: bountygraph shuts down |
| |
| This backpedals back the documents to the state before bountygraph. |
| |
| Closes #3311 |
| |
| - curl: fix memory leak reading --writeout from file |
| |
| If another string had been set first, the writout function for reading |
| the syntax from file would leak the previously allocated memory. |
| |
| Reported-by: Brian Carpenter |
| Fixes #3322 |
| Closes #3330 |
| |
| - tool_main: rename function to make it unique and better |
| |
| ... there's already another function in the curl tool named |
| free_config_fields! |
| |
| Daniel Gustafsson (29 Nov 2018) |
| - TODO: remove CURLOPT_DNS_USE_GLOBAL_CACHE entry |
| |
| Commit 7c5837e79280e6abb3ae143dfc49bca5e74cdd11 deprecated the option |
| making it a manual code-edit operation to turn it back on. The removal |
| process has thus started and is now documented in docs/DEPRECATE.md so |
| remove from the TODO to avoid anyone looking for something to pick up |
| spend cycles on an already in-progress entry. |
| |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| Jay Satiro (29 Nov 2018) |
| - [Sevan Janiyan brought this change] |
| |
| connect: fix building for recent versions of Minix |
| |
| EBADIOCTL doesn't exist on more recent Minix. |
| There have also been substantial changes to the network stack. |
| Fixes build on Minix 3.4rc |
| |
| Closes https://github.com/curl/curl/pull/3323 |
| |
| - [Konstantin Kushnir brought this change] |
| |
| CMake: fix MIT/Heimdal Kerberos detection |
| |
| - fix syntax error in FindGSS.cmake |
| - correct krb5 include directory. FindGSS exports |
| "GSS_INCLUDE_DIR" variable. |
| |
| Closes https://github.com/curl/curl/pull/3316 |
| |
| Daniel Stenberg (28 Nov 2018) |
| - test328: verify Content-Encoding: none |
| |
| Because of issue #3315 |
| |
| Closes #3317 |
| |
| - [James Knight brought this change] |
| |
| configure: include all libraries in ssl-libs fetch |
| |
| When compiling a collection of SSL libraries to link against (SSL_LIBS), |
| ensure all libraries are included. The call `--libs-only-l` can produce |
| only a subset of found in a `--libs` call (e.x. pthread may be excluded). |
| Adding `--libs-only-other` ensures other libraries are also included in |
| the list. This corrects select build environments compiling against a |
| static version of OpenSSL. Before the change, the following could be |
| observed: |
| |
| checking for openssl options with pkg-config... found |
| configure: pkg-config: SSL_LIBS: "-lssl -lz -ldl -lcrypto -lz -ldl " |
| configure: pkg-config: SSL_LDFLAGS: "-L/home/jdknight/<workdir>/staging/usr/lib -L/home/jdknight/<workdir>/staging/usr/lib " |
| configure: pkg-config: SSL_CPPFLAGS: "-I/home/jdknight/<workdir>/staging/usr/include " |
| checking for HMAC_Update in -lcrypto... no |
| checking for HMAC_Init_ex in -lcrypto... no |
| checking OpenSSL linking with -ldl... no |
| checking OpenSSL linking with -ldl and -lpthread... no |
| configure: WARNING: SSL disabled, you will not be able to use HTTPS, FTPS, NTLM and more. |
| configure: WARNING: Use --with-ssl, --with-gnutls, --with-polarssl, --with-cyassl, --with-nss, --with-axtls, --with-winssl, or --with-darwinssl to address this. |
| ... |
| SSL support: no (--with-{ssl,gnutls,nss,polarssl,mbedtls,cyassl,axtls,winssl,darwinssl} ) |
| ... |
| |
| And include the other libraries when compiling SSL_LIBS succeeds with: |
| |
| checking for openssl options with pkg-config... found |
| configure: pkg-config: SSL_LIBS: "-lssl -lz -ldl -pthread -lcrypto -lz -ldl -pthread " |
| configure: pkg-config: SSL_LDFLAGS: "-L/home/jdknight/<workdir>/staging/usr/lib -L/home/jdknight/<workdir>/staging/usr/lib " |
| configure: pkg-config: SSL_CPPFLAGS: "-I/home/jdknight/<workdir>/staging/usr/include " |
| checking for HMAC_Update in -lcrypto... yes |
| checking for SSL_connect in -lssl... yes |
| ... |
| SSL support: enabled (OpenSSL) |
| ... |
| |
| Signed-off-by: James Knight <james.d.knight@live.com> |
| Closes #3193 |
| |
| Daniel Gustafsson (26 Nov 2018) |
| - doh: fix typo in infof call |
| |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| - cmdline-opts/gen.pl: define the correct varname |
| |
| The variable definition had a small typo making it declare another |
| variable then the intended. |
| |
| Closes #3304 |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| Daniel Stenberg (25 Nov 2018) |
| - RELEASE-NOTES: synced |
| |
| - curl_easy_perform: fix timeout handling |
| |
| curl_multi_wait() was erroneously used from within |
| curl_easy_perform(). It could lead to it believing there was no socket |
| to wait for and then instead sleep for a while instead of monitoring the |
| socket and then miss acting on that activity as swiftly as it should |
| (causing an up to 1000 ms delay). |
| |
| Reported-by: Antoni Villalonga |
| Fixes #3305 |
| Closes #3306 |
| Closes #3308 |
| |
| - CURLOPT_WRITEFUNCTION.3: spell out that it gets called many times |
| |
| - cookies: create the cookiejar even if no cookies to save |
| |
| Important for when the file is going to be read again and thus must not |
| contain old contents! |
| |
| Adds test 327 to verify. |
| |
| Reported-by: daboul on github |
| Fixes #3299 |
| Closes #3300 |
| |
| - checksrc: ban snprintf use, add command line flag to override warns |
| |
| - snprintf: renamed and we now only use msnprintf() |
| |
| The function does not return the same value as snprintf() normally does, |
| so readers may be mislead into thinking the code works differently than |
| it actually does. A different function name makes this easier to detect. |
| |
| Reported-by: Tomas Hoger |
| Assisted-by: Daniel Gustafsson |
| Fixes #3296 |
| Closes #3297 |
| |
| - [Tobias Hintze brought this change] |
| |
| test: update test20/1322 for eglibc bug workaround |
| |
| The tests 20 and 1322 are using getaddrinfo of libc for resolving. In |
| eglibc-2.19 there is a memory leakage and invalid free bug which |
| surfaces in some special circumstances (PF_UNSPEC hint with invalid or |
| non-existent names). The valgrind runs in testing fail in these |
| situations. |
| |
| As the tests 20/1322 are not specific on either protocol (IPv4/IPv6) |
| this commit changes the hints to IPv4 protocol by passing `--ipv4` flag |
| on the tests' command line. This prevents the valgrind failures. |
| |
| - [Tobias Hintze brought this change] |
| |
| host names: allow trailing dot in name resolve, then strip it |
| |
| Delays stripping of trailing dots to after resolving the hostname. |
| |
| Fixes #3022 |
| Closes #3222 |
| |
| - [UnknownShadow200 brought this change] |
| |
| CURLOPT_HEADERFUNCTION.3: match 'nitems' name in synopsis and description |
| |
| Closes #3295 |
| |
| Daniel Gustafsson (21 Nov 2018) |
| - configure: Fix typo in comment |
| |
| Michael Kaufmann (21 Nov 2018) |
| - openssl: support session resume with TLS 1.3 |
| |
| Session resumption information is not available immediately after a TLS 1.3 |
| handshake. The client must wait until the server has sent a session ticket. |
| |
| Use OpenSSL's "new session" callback to get the session information and put it |
| into curl's session cache. For TLS 1.3 sessions, this callback will be invoked |
| after the server has sent a session ticket. |
| |
| The "new session" callback is invoked only if OpenSSL's session cache is |
| enabled, so enable it and use the "external storage" mode which lets curl manage |
| the contents of the session cache. |
| |
| A pointer to the connection data and the sockindex are now saved as "SSL extra |
| data" to make them available to the callback. |
| |
| This approach also works for old SSL/TLS versions and old OpenSSL versions. |
| |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| Fixes #3202 |
| Closes #3271 |
| |
| - ssl: fix compilation with OpenSSL 0.9.7 |
| |
| - ENGINE_cleanup() was used without including "openssl/engine.h" |
| - enable engine support for OpenSSL 0.9.7 |
| |
| Closes #3266 |
| |
| Daniel Stenberg (21 Nov 2018) |
| - openssl: disable TLS renegotiation with BoringSSL |
| |
| Since we're close to feature freeze, this change disables this feature |
| with an #ifdef. Define ALLOW_RENEG at build-time to enable. |
| |
| This could be converted to a bit for CURLOPT_SSL_OPTIONS to let |
| applications opt-in this. |
| |
| Concern-raised-by: David Benjamin |
| Fixes #3283 |
| Closes #3293 |
| |
| - [Romain Fliedel brought this change] |
| |
| ares: remove fd from multi fd set when ares is about to close the fd |
| |
| When using c-ares for asyn dns, the dns socket fd was silently closed |
| by c-ares without curl being aware. curl would then 'realize' the fd |
| has been removed at next call of Curl_resolver_getsock, and only then |
| notify the CURLMOPT_SOCKETFUNCTION to remove fd from its poll set with |
| CURL_POLL_REMOVE. At this point the fd is already closed. |
| |
| By using ares socket state callback (ARES_OPT_SOCK_STATE_CB), this |
| patch allows curl to be notified that the fd is not longer needed |
| for neither for write nor read. At this point by calling |
| Curl_multi_closed we are able to notify multi with CURL_POLL_REMOVE |
| before the fd is actually closed by ares. |
| |
| In asyn-ares.c Curl_resolver_duphandle we can't use ares_dup anymore |
| since it does not allow passing a different sock_state_cb_data |
| |
| Closes #3238 |
| |
| - [Romain Fliedel brought this change] |
| |
| examples/ephiperfifo: report error when epoll_ctl fails |
| |
| Daniel Gustafsson (20 Nov 2018) |
| - [pkubaj brought this change] |
| |
| ntlm: Remove redundant ifdef USE_OPENSSL |
| |
| lib/curl_ntlm.c had code that read as follows: |
| |
| #ifdef USE_OPENSSL |
| # ifdef USE_OPENSSL |
| # else |
| # .. |
| # endif |
| #endif |
| |
| Remove the redundant USE_OPENSSL along with #else (it's not possible to |
| reach it anyway). The removed construction is a leftover from when the |
| SSLeay support was removed. |
| |
| Closes #3269 |
| Reviewed-by: Daniel Gustafsson <daniel@yesql.se> |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| Daniel Stenberg (20 Nov 2018) |
| - [Han Han brought this change] |
| |
| ssl: replace all internal uses of CURLE_SSL_CACERT |
| |
| Closes #3291 |
| |
| Han Han (19 Nov 2018) |
| - docs: add more description to unified ssl error codes |
| |
| - curle: move deprecated error code to ifndef block |
| |
| Patrick Monnerat (19 Nov 2018) |
| - os400: add CURLOPT_CURLU to ILE/RPG binding. |
| |
| - os400: Add curl_easy_conn_upkeep() to ILE/RPG binding. |
| |
| - os400: fix return type of curl_easy_pause() in ILE/RPG binding. |
| |
| Daniel Stenberg (19 Nov 2018) |
| - RELEASE-NOTES: synced |
| |
| - impacket: add LICENSE |
| |
| The license for the impacket package was not in our tree. |
| |
| Imported now from upstream's |
| https://github.com/SecureAuthCorp/impacket/blob/master/LICENSE |
| |
| Reported-by: infinnovation-dev on github |
| Fixes #3276 |
| Closes #3277 |
| |
| Daniel Gustafsson (18 Nov 2018) |
| - tool_doswin: Fix uninitialized field warning |
| |
| The partial struct initialization in 397664a065abffb7c3445ca9 caused |
| a warning on uninitialized MODULEENTRY32 struct members: |
| |
| /src/tool_doswin.c:681:3: warning: missing initializer for field |
| 'th32ModuleID' of 'MODULEENTRY32 {aka struct tagMODULEENTRY32}' |
| [-Wmissing-field-initializers] |
| |
| This is sort of a bogus warning as the remaining members will be set |
| to zero by the compiler, as all omitted members are. Nevertheless, |
| remove the warning by omitting all members and setting the dwSize |
| members explicitly. |
| |
| Closes #3254 |
| Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com> |
| Reviewed-by: Jay Satiro <raysatiro@yahoo.com> |
| |
| - openssl: Remove SSLEAY leftovers |
| |
| Commit 709cf76f6bb7dbac deprecated USE_SSLEAY, as curl since long isn't |
| compatible with the SSLeay library. This removes the few leftovers that |
| were omitted in the less frequently used platform targets. |
| |
| Closes #3270 |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| Daniel Stenberg (16 Nov 2018) |
| - [Elia Tufarolo brought this change] |
| |
| http_negotiate: do not close connection until negotiation is completed |
| |
| Fix HTTP POST using CURLAUTH_NEGOTIATE. |
| |
| Closes #3275 |
| |
| - pop3: only do APOP with a valid timestamp |
| |
| Brought-by: bobmitchell1956 on github |
| Fixes #3278 |
| Closes #3279 |
| |
| Jay Satiro (16 Nov 2018) |
| - [Peter Wu brought this change] |
| |
| openssl: do not log excess "TLS app data" lines for TLS 1.3 |
| |
| The SSL_CTX_set_msg_callback callback is not just called for the |
| Handshake or Alert protocols, but also for the raw record header |
| (SSL3_RT_HEADER) and the decrypted inner record type |
| (SSL3_RT_INNER_CONTENT_TYPE). Be sure to ignore the latter to avoid |
| excess debug spam when using `curl -v` against a TLSv1.3-enabled server: |
| |
| * TLSv1.3 (IN), TLS app data, [no content] (0): |
| |
| (Following this message, another callback for the decrypted |
| handshake/alert messages will be be present anyway.) |
| |
| Closes https://github.com/curl/curl/pull/3281 |
| |
| Marc Hoersken (15 Nov 2018) |
| - tests: disable SO_EXCLUSIVEADDRUSE for stunnel on Windows |
| |
| SO_EXCLUSIVEADDRUSE is on by default on Vista or newer, |
| but does not work together with SO_REUSEADDR being on. |
| |
| The default changes were made with stunnel 5.34 and 5.35. |
| |
| Daniel Stenberg (13 Nov 2018) |
| - [Kamil Dudka brought this change] |
| |
| nss: remove version selecting dead code |
| |
| Closes #3262 |
| |
| - nss: set default max-tls to 1.3/1.2 |
| |
| Fixes #3261 |
| |
| Daniel Gustafsson (13 Nov 2018) |
| - tool_cb_wrt: Silence function cast compiler warning |
| |
| Commit 5bfaa86ceb3c2a9ac474a928e748c4a86a703b33 introduced a new |
| compiler warning on Windows cross compilation with GCC. See below |
| for an example of the warning from the autobuild logs (whitespace |
| edited to fit): |
| |
| /src/tool_cb_wrt.c:175:9: warning: cast from function call of type |
| 'intptr_t {aka long long int}' to non-matching type 'void *' |
| [-Wbad-function-cast] |
| (HANDLE) _get_osfhandle(fileno(outs->stream)), |
| ^ |
| |
| Store the return value from _get_osfhandle() in an intermediate |
| variable and cast the variable in WriteConsoleW() rather than the |
| function call directly to avoid a compiler warning. |
| |
| In passing, also add inspection of the MultiByteToWideChar() return |
| value and return failure in case an error is reported. |
| |
| Closes #3263 |
| Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com> |
| Reviewed-by: Viktor Szakats <commit@vszakats.net> |
| |
| Daniel Stenberg (12 Nov 2018) |
| - nss: fix fallthrough comment to fix picky compiler warning |
| |
| - docs: expanded on some CURLU details |
| |
| - [Tim Rühsen brought this change] |
| |
| ftp: avoid two unsigned int overflows in FTP listing parser |
| |
| Curl_ftp_parselist: avoid unsigned integer overflows |
| |
| The overflow has no real world impact, just avoid it for "best |
| practice". |
| |
| Closes #3225 |