diff options
author | dartraiden <wowemuh@gmail.com> | 2019-02-10 02:02:38 +0300 |
---|---|---|
committer | dartraiden <wowemuh@gmail.com> | 2019-02-10 02:06:58 +0300 |
commit | eee2c11f79a8958e65cc485af1e7afcbd394db1e (patch) | |
tree | 9ab4418393997629ef9dc7ae78089cbece595d0c /libs/libcurl | |
parent | 33d2c8e71902aa37d3fc978cb91e0a842a600960 (diff) |
libcurl: update to 7.64
Diffstat (limited to 'libs/libcurl')
67 files changed, 8979 insertions, 1196 deletions
diff --git a/libs/libcurl/docs/CHANGES b/libs/libcurl/docs/CHANGES new file mode 100644 index 0000000000..b03c666643 --- /dev/null +++ b/libs/libcurl/docs/CHANGES @@ -0,0 +1,7749 @@ + _ _ ____ _ + ___| | | | _ \| | + / __| | | | |_) | | + | (__| |_| | _ <| |___ + \___|\___/|_| \_\_____| + + Changelog + +Version 7.64.0 (6 Feb 2019) + +Daniel Stenberg (6 Feb 2019) +- RELEASE-NOTES: 7.64.0 + +- RELEASE-PROCEDURE: update the release calendar + +- THANKS: 7.64.0 status + +Daniel Gustafsson (5 Feb 2019) +- ROADMAP: remove already performed item + + Commit 7a09b52c98ac8d840a8a9907b1a1d9a9e684bcf5 introduced support + for the draft-ietf-httpbis-cookie-alone-01 cookie draft, and while + the entry was removed from the TODO it was mistakenly left here. + Fix by removing and rewording the entry slightly. + + Closes #3530 + Reviewed-by: Daniel Stenberg <daniel@haxx.se> + +- [Etienne Simard brought this change] + + CONTRIBUTE.md: Fix grammatical errors + + Fix grammatical errors making the document read better. Also fixes + a typo. + + Closes #3525 + Reviewed-by: Daniel Gustafsson <daniel@yesql.se> + +Daniel Stenberg (4 Feb 2019) +- [Julian Z brought this change] + + docs: use $(INSTALL_DATA) to install man page + + Fixes #3518 + Closes #3522 + +Jay Satiro (4 Feb 2019) +- [Ladar Levison brought this change] + + runtests.pl: Fix perl call to include srcdir + + - Use explicit include opt for perl calls. + + Prior to this change some scripts couldn't find their dependencies. + + At the top, perl is called using with the "-Isrcdir" option, and it + works: + + https://github.com/curl/curl/blob/curl-7_63_0/tests/runtests.pl#L183 + + But on line 3868, that option is omitted. This caused problems for me, + as the symbol-scan.pl script in particular couldn't find its + dependencies properly: + + https://github.com/curl/curl/blob/curl-7_63_0/tests/runtests.pl#L3868 + + This patch fixes that oversight by making calls to perl sub-shells + uniform. + + Closes https://github.com/curl/curl/pull/3496 + +Daniel Stenberg (4 Feb 2019) +- [Daniel Gustafsson brought this change] + + smtp: avoid risk of buffer overflow in strtol + + If the incoming len 5, but the buffer does not have a termination + after 5 bytes, the strtol() call may keep reading through the line + buffer until is exceeds its boundary. Fix by ensuring that we are + using a bounded read with a temporary buffer on the stack. + + Bug: https://curl.haxx.se/docs/CVE-2019-3823.html + Reported-by: Brian Carpenter (Geeknik Labs) + CVE-2019-3823 + +- ntlm: fix *_type3_message size check to avoid buffer overflow + + Bug: https://curl.haxx.se/docs/CVE-2019-3822.html + Reported-by: Wenxiang Qian + CVE-2019-3822 + +- NTLM: fix size check condition for type2 received data + + Bug: https://curl.haxx.se/docs/CVE-2018-16890.html + Reported-by: Wenxiang Qian + CVE-2018-16890 + +Marcel Raad (1 Feb 2019) +- [georgeok brought this change] + + spnego_sspi: add support for channel binding + + Attempt to add support for Secure Channel binding when negotiate + authentication is used. The problem to solve is that by default IIS + accepts channel binding and curl doesn't utilise them. The result was a + 401 response. Scope affects only the Schannel(winssl)-SSPI combination. + + Fixes https://github.com/curl/curl/issues/3503 + Closes https://github.com/curl/curl/pull/3509 + +Daniel Stenberg (1 Feb 2019) +- RELEASE-NOTES: synced + +- schannel: stop calling it "winssl" + + Stick to "Schannel" everywhere. The configure option --with-winssl is + kept to allow existing builds to work but --with-schannel is added as an + alias. + + Closes #3504 + +- multi: set the EXPIRE_*TIMEOUT timers at TIMER_STARTSINGLE time + + To make sure Curl_timeleft() also thinks the timeout has been reached + when one of the EXPIRE_*TIMEOUTs expires. + + Bug: https://curl.haxx.se/mail/lib-2019-01/0073.html + Reported-by: Zhao Yisha + Closes #3501 + +- [John Marshall brought this change] + + doc: use meaningless port number in CURLOPT_LOCALPORT example + + Use an ephemeral port number here; previously the example had 8080 + which could be confusing as the common web server port number might + be misinterpreted as suggesting this option affects the remote port. + + URL: https://curl.haxx.se/mail/lib-2019-01/0084.html + Closes #3513 + +GitHub (29 Jan 2019) +- [Gisle Vanem brought this change] + + Escape the '\' + + A backslash should be escaped in Roff / Troff. + +Jay Satiro (29 Jan 2019) +- TODO: WinSSL: 'Add option to disable client cert auto-send' + + By default WinSSL selects and send a client certificate automatically, + but for privacy and consistency we should offer an option to disable the + default auto-send behavior. + + Reported-by: Jeroen Ooms + + Closes https://github.com/curl/curl/issues/2262 + +Daniel Stenberg (28 Jan 2019) +- [Jeremie Rapin brought this change] + + sigpipe: if mbedTLS is used, ignore SIGPIPE + + mbedTLS doesn't have a sigpipe management. If a write/read occurs when + the remote closes the socket, the signal is raised and kills the + application. Use the curl mecanisms fix this behavior. + + Signed-off-by: Jeremie Rapin <j.rapin@overkiz.com> + + Closes #3502 + +- unit1653: make it survive torture tests + +Jay Satiro (28 Jan 2019) +- [Michael Kujawa brought this change] + + timeval: Disable MSVC Analyzer GetTickCount warning + + Compiling with msvc /analyze and a recent Windows SDK warns against + using GetTickCount (Suggests to use GetTickCount64 instead.) + + Since GetTickCount is only being used when GetTickCount64 isn't + available, I am disabling that warning. + + Fixes https://github.com/curl/curl/issues/3437 + Closes https://github.com/curl/curl/pull/3440 + +Daniel Stenberg (26 Jan 2019) +- configure: rewrite --enable-code-coverage + + The previously used ax_code_coverage.m4 is not license compatible and + must not be used. + + Reported-by: William A. Rowe Jr + Fixes #3497 + Closes #3499 + +- [Felix Hädicke brought this change] + + setopt: enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION for libssh + + CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION are supported for + libssh as well. So accepting these options only when compiling with + libssh2 is wrong here. + + Fixes #3493 + Closes #3494 + +- [Felix Hädicke brought this change] + + libssh: do not let libssh create socket + + By default, libssh creates a new socket, instead of using the socket + created by curl for SSH connections. + + Pass the socket created by curl to libssh using ssh_options_set() with + SSH_OPTIONS_FD directly after ssh_new(). So libssh uses our socket + instead of creating a new one. + + This approach is very similar to what is done in the libssh2 code, where + the socket created by curl is passed to libssh2 when + libssh2_session_startup() is called. + + Fixes #3491 + Closes #3495 + +- RELEASE-NOTES: synced + +- [Archangel_SDY brought this change] + + schannel: preserve original certificate path parameter + + Fixes #3480 + Closes #3487 + +- KNOWN_BUGS: tests not compatible with python3 + + Closes #3289 + [skip ci] + +Daniel Gustafsson (20 Jan 2019) +- memcmp: avoid doing single char memcmp + + There is no real gain in performing memcmp() comparisons on single + characters, so change these to array subscript inspections which + saves a call and makes the code clearer. + + Closes #3486 + Reviewed-by: Daniel Stenberg <daniel@haxx.se> + Reviewed-by: Jay Satiro <raysatiro@yahoo.com> + +Daniel Stenberg (19 Jan 2019) +- COPYING: it's 2019 + + [skip ci] + +- [hhb brought this change] + + configure: fix recv/send/select detection on Android + + This reverts commit d4f25201fb7da03fc88f90d51101beb3d0026db9. + + The overloadable attribute is removed again starting from + NDK17. Actually they only exist in two NDK versions (15 and 16). With + overloadable, the first condition tried will succeed. Results in wrong + detection result. + + Closes #3484 + +Marcel Raad (19 Jan 2019) +- [georgeok brought this change] + + ntlm_sspi: add support for channel binding + + Windows extended potection (aka ssl channel binding) is required + to login to ntlm IIS endpoint, otherwise the server returns 401 + responses. + + Fixes #3280 + Closes #3321 + +Daniel Stenberg (18 Jan 2019) +- schannel: on connection close there might not be a transfer + + Reported-by: Marcel Raad + Fixes #3412 + Closes #3483 + +- [Joel Depooter brought this change] + + ssh: log the libssh2 error message when ssh session startup fails + + When a ssh session startup fails, it is useful to know why it has + failed. This commit changes the message from: + "Failure establishing ssh session" + to something like this, for example: + "Failure establishing ssh session: -5, Unable to exchange encryption keys" + + Closes #3481 + +Alessandro Ghedini (16 Jan 2019) +- Fix typo in manpage + +Daniel Stenberg (16 Jan 2019) +- RELEASE-NOTES: synced + +Sergei Nikulov (16 Jan 2019) +- cmake: updated check for HAVE_POLL_FINE to match autotools + +Daniel Stenberg (16 Jan 2019) +- curl-compilers.m4: check for __ibmxl__ to detect xlclang + + Follow-up to 2fa0d57e2e3. The __xlc__ symbol is only defined there if a + particular flag is used for legacy macros. + + Fixes #3474 + Closes #3479 + +- openssl: fix the SSL_get_tlsext_status_ocsp_resp call + + .... to not pass in a const in the second argument as that's not how it + is supposed to be used and might cause compiler warnings. + + Reported-by: Pavel Pavlov + Fixes #3477 + Closes #3478 + +- curl-compilers.m4: detect xlclang + + Since it isn't totally clang compatible, we detect this IBM clang + front-end and if detected, avoids some clang specific magic. + + Reported-by: Kees Dekker + Fixes #3474 + Closes #3476 + +- README: add codacy code quality badge + + [skip ci] + +- extract_if_dead: follow-up to 54b201b48c90a + + extract_if_dead() dead is called from two functions, and only one of + them should get conn->data updated and now neither call path clears it. + + scan-build found a case where conn->data would be NULL dereferenced in + ConnectionExists() otherwise. + + Closes #3473 + +- multi: remove "Dead assignment" + + Found by scan-build. Follow-up to 4c35574bb785ce. + + Closes #3471 + +- tests: move objnames-* from lib into tests + + Since they're used purely for testing purposes, I think they should + rather be stored there. + + Closes #3470 + +Sergei Nikulov (15 Jan 2019) +- travis: added cmake build for osx + +Daniel Stenberg (14 Jan 2019) +- [Frank Gevaerts brought this change] + + cookie: fix comment typo (url_path_len -> uri_path_len) + + Closes #3469 + +Marcel Raad (14 Jan 2019) +- winbuild: conditionally use /DZLIB_WINAPI + + zlibwapi.lib (dynamic library) and zlibstat.lib (static library) have + the ZLIB_WINAPI define set by default. Using them requires that define + too. + + Ref: https://zlib.net/DLL_FAQ.txt + + Fixes https://github.com/curl/curl/issues/3133 + Closes https://github.com/curl/curl/pull/3460 + +Daniel Stenberg (14 Jan 2019) +- src/Makefile: make 'tidy' target work for metalink builds + +- extract_if_dead: use a known working transfer when checking connections + + Make sure that this function sets a proper "live" transfer for the + connection before calling the protocol-specific connection check + function, and then clear it again afterward as a non-used connection has + no current transfer. + + Reported-by: Jeroen Ooms + Reviewed-by: Marcel Raad + Reviewed-by: Daniel Gustafsson + Fixes #3463 + Closes #3464 + +- openssl: adapt to 3.0.0, OpenSSL_version_num() is deprecated + + OpenSSL_version() replaces OpenSSL_version_num() + + Closes #3462 + +Sergei Nikulov (11 Jan 2019) +- cmake: added checks for HAVE_VARIADIC_MACROS_C99 and HAVE_VARIADIC_MACROS_GCC + +Daniel Stenberg (11 Jan 2019) +- urldata: rename easy_conn to just conn + + We use "conn" everywhere to be a pointer to the connection. + + Introduces two functions that "attaches" and "detaches" the connection + to and from the transfer. + + Going forward, we should favour using "data->conn" (since a transfer + always only has a single connection or none at all) to "conn->data" + (since a connection can have none, one or many transfers associated with + it and updating conn->data to be correct is error prone and a frequent + reason for internal issues). + + Closes #3442 + +- tool_cb_prg: avoid integer overflow + + When calculating the progress bar width. + + Reported-by: Peng Li + Fixes #3456 + Closes #3458 + +Daniel Gustafsson (11 Jan 2019) +- travis: turn off copyright year checks in checksrc + + Invoking the maintainer intended COPYRIGHTYEAR check for everyone + in the PR pipeline is too invasive, especially at the turn of the + year when many files get affected. Remove and leave it as a tool + for maintainers to verify patches before commits. + + This reverts f7bdf4b2e1d81b2652b81b9b3029927589273b41. + + After discussion with: Daniel Stenberg + +Daniel Stenberg (10 Jan 2019) +- KNOWN_BUGS: cmake makes unusable tool_hugehelp.c with MinGW + + Closes #3125 + +- KNOWN_BUGS: Improve --data-urlencode space encoding + + Closes #3229 + +Patrick Monnerat (10 Jan 2019) +- os400: add a missing closing bracket + + See https://github.com/curl/curl/issues/3453#issuecomment-453054458 + + Reported-by: jonrumsey on github + +- os400: fix extra parameter syntax error. + + Reported-by: jonrumsey on github + Closes #3453 + +Daniel Stenberg (10 Jan 2019) +- test1558: verify CURLINFO_PROTOCOL on file:// transfer + + Attempt to reproduce issue #3444. + + Closes #3447 + +- RELEASE-NOTES: synced + +- xattr: strip credentials from any URL that is stored + + Both user and password are cleared uncondtitionally. + + Added unit test 1621 to verify. + + Fixes #3423 + Closes #3433 + +- cookies: allow secure override when done over HTTPS + + Added test 1562 to verify. + + Reported-by: Jeroen Ooms + Fixes #3445 + Closes #3450 + +- multi: multiplexing improvements + + Fixes #3436 + Closes #3448 + + Problem 1 + + After LOTS of scratching my head, I eventually realized that even when doing + 10 uploads in parallel, sometimes the socket callback to the application that + tells it what to wait for on the socket, looked like it would reflect the + status of just the single transfer that just changed state. + + Digging into the code revealed that this was indeed the truth. When multiple + transfers are using the same connection, the application did not correctly get + the *combined* flags for all transfers which then could make it switch to READ + (only) when in fact most transfers wanted to get told when the socket was + WRITEABLE. + + Problem 1b + + A separate but related regression had also been introduced by me when I + cleared connection/transfer association better a while ago, as now the logic + couldn't find the connection and see if that was marked as used by more + transfers and then it would also prematurely remove the socket from the socket + hash table even in times other transfers were still using it! + + Fix 1 + + Make sure that each socket stored in the socket hash has a "combined" action + field of what to ask the application to wait for, that is potentially the ORed + action of multiple parallel transfers. And remove that socket hash entry only + if there are no transfers left using it. + + Problem 2 + + The socket hash entry stored an association to a single transfer using that + socket - and when curl_multi_socket_action() was called to tell libcurl about + activities on that specific socket only that transfer was "handled". + + This was WRONG, as a single socket/connection can be used by numerous parallel + transfers and not necessarily a single one. + + Fix 2 + + We now store a list of handles in the socket hashtable entry and when libcurl + is told there's traffic for a particular socket, it now iterates over all + known transfers using that single socket. + +- test1561: improve test name + + [skip ci] + +- [Katsuhiko YOSHIDA brought this change] + + cookies: skip custom cookies when redirecting cross-site + + Closes #3417 + +- THANKS: fixups and a dedupe + + [skip ci] + +- timediff: fix math for unsigned time_t + + Bug: https://curl.haxx.se/mail/lib-2018-12/0088.html + + Closes #3449 + +- [Bernhard M. Wiedemann brought this change] + + tests: allow tests to pass by 2037-02-12 + + similar to commit f508d29f3902104018 + + Closes #3443 + +- RELEASE-NOTES: synced + +- [Brad Spencer brought this change] + + curl_multi_remove_handle() don't block terminating c-ares requests + + Added Curl_resolver_kill() for all three resolver modes, which only + blocks when necessary, along with test 1592 to confirm + curl_multi_remove_handle() doesn't block unless it must. + + Closes #3428 + Fixes #3371 + +- Revert "http_negotiate: do not close connection until negotiation is completed" + + This reverts commit 07ebaf837843124ee670e5b8c218b80b92e06e47. + + This also reopens PR #3275 which brought the change now reverted. + + Fixes #3384 + Closes #3439 + +- curl/urlapi.h: include "curl.h" first + + This allows programs to include curl/urlapi.h directly. + + Reviewed-by: Daniel Gustafsson + Reported-by: Ben Kohler + Fixes #3438 + Closes #3441 + +Marcel Raad (6 Jan 2019) +- VS projects: fix build warning + + Starting with Visual Studio 2017 Update 9, Visual Studio doesn't like + the MinimalRebuild option anymore and warns: + + cl : Command line warning D9035: option 'Gm' has been deprecated and + will be removed in a future release + + The option can be safely removed so that the default is used. + + Closes https://github.com/curl/curl/pull/3425 + +- schannel: fix compiler warning + + When building with Unicode on MSVC, the compiler warns about freeing a + pointer to const in Curl_unicodefree. Fix this by declaring it as + non-const and casting the argument to Curl_convert_UTF8_to_tchar to + non-const too, like we do in all other places. + + Closes https://github.com/curl/curl/pull/3435 + +Daniel Stenberg (4 Jan 2019) +- [Rikard Falkeborn brought this change] + + printf: introduce CURL_FORMAT_TIMEDIFF_T + +- [Rikard Falkeborn brought this change] + + printf: fix format specifiers + + Closes #3426 + +- libtest/stub_gssapi: use "real" snprintf + + ... since it doesn't link with libcurl. + + Reverts the commit dcd6f81025 changes from this file. + + Bug: https://curl.haxx.se/mail/lib-2019-01/0000.html + Reported-by: Shlomi Fish + Reviewed-by: Daniel Gustafsson + Reviewed-by: Kamil Dudka + + Closes #3434 + +- INTERNALS: correct some outdated function names + + Closes #3431 + +- docs/version.d: mention MultiSSL + + Reviewed-by: Daniel Gustafsson + Closes #3432 + +Daniel Gustafsson (2 Jan 2019) +- [Rikard Falkeborn brought this change] + + examples: Update .gitignore + + Add a few missing examples to make `make examples` not leave the + workspace in a dirty state. + + Closes #3427 + Reviewed-by: Daniel Gustafsson <daniel@yesql.se> + +- THANKS: add more missing names + + Add Adrian Burcea who made the artwork for the curl://up 2018 event + which was held in Stockholm, Sweden. + +- docs: mention potential leak in curl_slist_append + + When a non-empty list is appended to, and used as the returnvalue, + the list pointer can leak in case of an allocation failure in the + curl_slist_append() call. This is correctly handled in curl code + usage but we weren't explicitly pointing it out in the API call + documentation. Fix by extending the RETURNVALUE manpage section + and example code. + + Closes #3424 + Reported-by: dnivras on github + Reviewed-by: Daniel Stenberg <daniel@haxx.se> + +Marcel Raad (1 Jan 2019) +- tvnow: silence conversion warnings + + MinGW-w64 defaults to targeting Windows 7 now, so GetTickCount64 is + used and the milliseconds are represented as unsigned long long, + leading to a compiler warning when implicitly converting them to long. + +Daniel Stenberg (1 Jan 2019) +- THANKS: dedupe more names + + Researched-by: Tae Wong + +Marcel Raad (1 Jan 2019) +- [Markus Moeller brought this change] + + ntlm: update selection of type 3 response + + NTLM2 did not work i.e. no NTLMv2 response was created. Changing the + check seems to work. + + Ref: https://winprotocoldoc.blob.core.windows.net/productionwindowsarchives/MS-NLMP/[MS-NLMP].pdf + + Fixes https://github.com/curl/curl/issues/3286 + Closes https://github.com/curl/curl/pull/3287 + Closes https://github.com/curl/curl/pull/3415 + +Daniel Stenberg (31 Dec 2018) +- THANKS: added missing names from year <= 2000 + + Due to a report of a missing name in THANKS I manually went through an + old CHANGES.0 file and added many previously missing names here. + +Daniel Gustafsson (30 Dec 2018) +- urlapi: fix parsing ipv6 with zone index + + The previous fix for parsing IPv6 URLs with a zone index was a paddle + short for URLs without an explicit port. This patch fixes that case + and adds a unit test case. + + This bug was highlighted by issue #3408, and while it's not the full + fix for the problem there it is an isolated bug that should be fixed + regardless. + + Closes #3411 + Reported-by: GitYuanQu on github + Reviewed-by: Daniel Stenberg <daniel@haxx.se> + +Daniel Stenberg (30 Dec 2018) +- THANKS: dedupe Guenter Knauf + + Reported-by: Tae Wong + +- THANKS: missing name from the 6.3.1 release! + +Daniel Gustafsson (27 Dec 2018) +- RELEASE-NOTES: synced + +- [Claes Jakobsson brought this change] + + hostip: support wildcard hosts + + This adds support for wildcard hosts in CURLOPT_RESOLVE. These are + try-last so any non-wildcard entry is resolved first. If specified, + any host not matched by another CURLOPT_RESOLVE config will use this + as fallback. + + Example send a.com to 10.0.0.1 and everything else to 10.0.0.2: + curl --resolve *:443:10.0.0.2 --resolve a.com:443:10.0.0.1 \ + https://a.com https://b.com + + This is probably quite similar to using: + --connect-to a.com:443:10.0.0.1:443 --connect-to :443:10.0.0.2:443 + + Closes #3406 + Reviewed-by: Daniel Stenberg <daniel@haxx.se> + +- url: fix incorrect indentation + +Patrick Monnerat (26 Dec 2018) +- os400: upgrade ILE/RPG binding. + + - Trailer function support. + - http 0.9 option. + - curl_easy_upkeep. + +Daniel Gustafsson (25 Dec 2018) +- FAQ: remove mention of sourceforge for github + + The project bug tracker is no longer hosted at sourceforge but is now + hosted on the curl Github page. Update the FAQ to reflect. + + Closes #3410 + Reviewed-by: Daniel Stenberg <daniel@haxx.se> + +- openvms: fix typos in documentation + +- openvms: fix OpenSSL discovery on VAX + + The DCL code had a typo in one of the commands which would make the + OpenSSL discovery on VAX fail. The correct syntax is F$ENVIRONMENT. + + Closes #3407 + Reviewed-by: Viktor Szakats <commit@vszakats.net> + +Daniel Stenberg (24 Dec 2018) +- [Ruslan Baratov brought this change] + + cmake: use lowercase for function name like the rest of the code + + Reviewed-by: Sergei Nikulov + + closes #3196 + +- Revert "libssh: no data pointer == nothing to do" + + This reverts commit c98ee5f67f497195c9 since commit f3ce38739fa fixed the + problem in a more generic way. + +- disconnect: set conn->data for protocol disconnect + + Follow-up to fb445a1e18d: Set conn->data explicitly to point out the + current transfer when invoking the protocol-specific disconnect function + so that it can work correctly. + + Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12173 + +Jay Satiro (23 Dec 2018) +- [Pavel Pavlov brought this change] + + timeval: Use high resolution timestamps on Windows + + - Use QueryPerformanceCounter on Windows Vista+ + + There is confusing info floating around that QueryPerformanceCounter + can leap etc, which might have been true long time ago, but no longer + the case nowadays (perhaps starting from WinXP?). Also, boost and + std::chrono::steady_clock use QueryPerformanceCounter in a similar way. + + Prior to this change GetTickCount or GetTickCount64 was used, which has + lower resolution. That is still the case for <= XP. + + Fixes https://github.com/curl/curl/issues/3309 + Closes https://github.com/curl/curl/pull/3318 + +Daniel Stenberg (22 Dec 2018) +- libssh: no data pointer == nothing to do + +- conncache_unlock: avoid indirection by changing input argument type + +- disconnect: separate connections and easy handles better + + Do not assume/store assocation between a given easy handle and the + connection if it can be avoided. + + Long-term, the 'conn->data' pointer should probably be removed as it is a + little too error-prone. Still used very widely though. + + Reported-by: masbug on github + Fixes #3391 + Closes #3400 + +- libssh: free sftp_canonicalize_path() data correctly + + Assisted-by: Harry Sintonen + + Fixes #3402 + Closes #3403 + +- RELEASE-NOTES: synced + +- http: added options for allowing HTTP/0.9 responses + + Added CURLOPT_HTTP09_ALLOWED and --http0.9 for this purpose. + + For now, both the tool and library allow HTTP/0.9 by default. + docs/DEPRECATE.md lays out the plan for when to reverse that default: 6 + months after the 7.64.0 release. The options are added already now so + that applications/scripts can start using them already now. + + Fixes #2873 + Closes #3383 + +- if2ip: remove unused function Curl_if_is_interface_name + + Closes #3401 + +- http2: clear pause stream id if it gets closed + + Reported-by: Florian Pritz + + Fixes #3392 + Closes #3399 + +Daniel Gustafsson (20 Dec 2018) +- [David Garske brought this change] + + wolfssl: Perform cleanup + + This adds a cleanup callback for cyassl. Resolves possible memory leak + when using ECC fixed point cache. + + Closes #3395 + Reviewed-by: Daniel Stenberg <daniel@haxx.se> + Reviewed-by: Daniel Gustafsson <daniel@yesql.se> + +Daniel Stenberg (20 Dec 2018) +- mbedtls: follow-up VERIFYHOST fix from f097669248 + + Fix-by: Eric Rosenquist + + Fixes #3376 + Closes #3390 + +- curlver: bump to 7.64.0 for next release + +Daniel Gustafsson (19 Dec 2018) +- cookies: extend domain checks to non psl builds + + Ensure to perform the checks we have to enforce a sane domain in + the cookie request. The check for non-PSL enabled builds is quite + basic but it's better than nothing. + + Closes #2964 + Reviewed-by: Daniel Stenberg <daniel@haxx.se> + +Daniel Stenberg (19 Dec 2018) +- [Matus Uzak brought this change] + + smb: fix incorrect path in request if connection reused + + Follow-up to 09e401e01bf9. If connection gets reused, then data member + will be copied, but not the proto member. As a result, in smb_do(), + path has been set from the original proto.share data. + + Closes #3388 + +- curl -J: do not append to the destination file + + Reported-by: Kamil Dudka + Fixes #3380 + Closes #3381 + +- mbedtls: use VERIFYHOST + + Previously, VERIFYPEER would enable/disable all checks. + + Reported-by: Eric Rosenquist + Fixes #3376 + Closes #3380 + +- pingpong: change default response timeout to 120 seconds + + Previously it was 30 minutes + +- pingpong: ignore regular timeout in disconnect phase + + The timeout set with CURLOPT_TIMEOUT is no longer used when + disconnecting from one of the pingpong protocols (FTP, IMAP, SMTP, + POP3). + + Reported-by: jasal82 on github + + Fixes #3264 + Closes #3374 + +- TODO: Windows: set attribute 'archive' for completed downloads + + Closes #3354 + +- RELEASE-NOTES: synced + +- http: minor whitespace cleanup from f464535b + +- [Ayoub Boudhar brought this change] + + http: Implement trailing headers for chunked transfers + + This adds the CURLOPT_TRAILERDATA and CURLOPT_TRAILERFUNCTION + options that allow a callback based approach to sending trailing headers + with chunked transfers. + + The test server (sws) was updated to take into account the detection of the + end of transfer in the case of trailing headers presence. + + Test 1591 checks that trailing headers can be sent using libcurl. + + Closes #3350 + +- darwinssl: accept setting max-tls with default min-tls + + Reported-by: Andrei Neculau + Fixes #3367 + Closes #3373 + +- gopher: fix memory leak from 9026083ddb2a9 + +- [Leonardo Taccari brought this change] + + test1201: Add a trailing `?' to the selector + + This verify that the `?' in the selector is kept as is. + + Verifies the fix in #3370 + +- [Leonardo Taccari brought this change] + + gopher: always include the entire gopher-path in request + + After the migration to URL API all octets in the selector after the + first `?' were interpreted as query and accidentally discarded and not + passed to the server. + + Add a gopherpath to always concatenate possible path and query URL + pieces. + + Fixes #3369 + Closes #3370 + +- [Leonardo Taccari brought this change] + + urlapi: distinguish possibly empty query + + If just a `?' to indicate the query is passed always store a zero length + query instead of having a NULL query. + + This permits to distinguish URL with trailing `?'. + + Fixes #3369 + Closes #3370 + +Daniel Gustafsson (13 Dec 2018) +- OS400: handle memory error in list conversion + + Curl_slist_append_nodup() returns NULL when it fails to create a new + item for the specified list, and since the coding here reassigned the + new list on top of the old list it would result in a dangling pointer + and lost memory. Also, in case we hit an allocation failure at some + point during the conversion, with allocation succeeding again on the + subsequent call(s) we will return a truncated list around the malloc + failure point. Fix by assigning to a temporary list pointer, which can + be checked (which is the common pattern for slist appending), and free + all the resources on allocation failure. + + Closes #3372 + Reviewed-by: Daniel Stenberg <daniel@haxx.se> + +- cookies: leave secure cookies alone + + Only allow secure origins to be able to write cookies with the + 'secure' flag set. This reduces the risk of non-secure origins + to influence the state of secure origins. This implements IETF + Internet-Draft draft-ietf-httpbis-cookie-alone-01 which updates + RFC6265. + + Closes #2956 + Reviewed-by: Daniel Stenberg <daniel@haxx.se> + +Daniel Stenberg (13 Dec 2018) +- docs: fix the --tls-max description + + Reported-by: Tobias Lindgren + Pointed out in #3367 + + Closes #3368 + +Daniel Gustafsson (12 Dec 2018) +- urlapi: Fix port parsing of eol colon + + A URL with a single colon without a portnumber should use the default + port, discarding the colon. Fix, add a testcase and also do little bit + of comment wordsmithing. + + Closes #3365 + Reviewed-by: Daniel Stenberg <daniel@haxx.se> + +Version 7.63.0 (12 Dec 2018) + +Daniel Stenberg (12 Dec 2018) +- RELEASE-NOTES: 7.63.0 + +- THANKS: from the curl 7.62.0 cycle + +- test1519: use lib1518 and test CURLINFO_REDIRECT_URL more + +- Curl_follow: extract the Location: header field unvalidated + + ... when not actually following the redirect. Otherwise we return error + for this and an application can't extract the value. + + Test 1518 added to verify. + + Reported-by: Pavel Pavlov + Fixes #3340 + Closes #3364 + +- multi: convert two timeout variables to timediff_t + + The time_t type is unsigned on some systems and these variables are used + to hold return values from functions that return timediff_t + already. timediff_t is always a signed type. + + Closes #3363 + +- delta: use --diff-filter on the git diff-tree invokes + + Suggested-by: Dave Reisner + +Patrick Monnerat (11 Dec 2018) +- documentation: curl_formadd field and file names are now escaped + + Prior to 7.56.0, fieldnames and filenames were set in Content-Disposition + header without special processing: this may lead to invalid RFC 822 + quoted-strings. + 7.56.0 introduces escaping of backslashes and double quotes in these names: + mention it in the documentation. + + Reported-by: daboul on github + Closes #3361 + +Daniel Stenberg (11 Dec 2018) +- scripts/delta: show repo delta info from last release + + ... where "last release" should be the git tag in the repo. + +Daniel Gustafsson (11 Dec 2018) +- tests: add urlapi unittest + + This adds a new unittest intended to cover the internal functions in + the urlapi code, starting with parse_port(). In order to avoid name + collisions in debug builds, parse_port() is renamed Curl_parse_port() + since it will be exported. + + Reviewed-by: Daniel Stenberg <daniel@haxx.se> + Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com> + +- urlapi: fix portnumber parsing for ipv6 zone index + + An IPv6 URL which contains a zone index includes a '%%25<zode id>' + string before the ending ']' bracket. The parsing logic wasn't set + up to cope with the zone index however, resulting in a malformed url + error being returned. Fix by breaking the parsing into two stages + to correctly handle the zone index. + + Closes #3355 + Closes #3319 + Reported-by: tonystz on Github + Reviewed-by: Daniel Stenberg <daniel@haxx.se> + Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com> + +Daniel Stenberg (11 Dec 2018) +- [Jay Satiro brought this change] + + http: fix HTTP auth to include query in URI + + - Include query in the path passed to generate HTTP auth. + + Recent changes to use the URL API internally (46e1640, 7.62.0) + inadvertently broke authentication URIs by omitting the query. + + Fixes https://github.com/curl/curl/issues/3353 + Closes #3356 + +- [Michael Kaufmann brought this change] + + http: don't set CURLINFO_CONDITION_UNMET for http status code 204 + + The http status code 204 (No Content) should not change the "condition + unmet" flag. Only the http status code 304 (Not Modified) should do + this. + + Closes #359 + +- [Samuel Surtees brought this change] + + ldap: fix LDAP URL parsing regressions + + - Match URL scheme with LDAP and LDAPS + - Retrieve attributes, scope and filter from URL query instead + + Regression brought in 46e164069d1a5230 (7.62.0) + + Closes #3362 + +- RELEASE-NOTES: synced + +- [Stefan Kanthak brought this change] + + (lib)curl.rc: fixup for minor bugs + + All resources defined in lib/libcurl.rc and curl.rc are language + neutral. + + winbuild/MakefileBuild.vc ALWAYS defines the macro DEBUGBUILD, so the + ifdef's in line 33 of lib/libcurl.rc and src/curl.rc are wrong. + + Replace the hard-coded constants in both *.rc files with #define'd + values. + + Thumbs-uped-by: Rod Widdowson, Johannes Schindelin + URL: https://curl.haxx.se/mail/lib-2018-11/0000.html + Closes #3348 + +- test329: verify cookie max-age=0 immediate expiry + +- cookies: expire "Max-Age=0" immediately + + Reported-by: Jeroen Ooms + Fixes #3351 + Closes #3352 + +- [Johannes Schindelin brought this change] + + Upon HTTP_1_1_REQUIRED, retry the request with HTTP/1.1 + + This is a companion patch to cbea2fd2c (NTLM: force the connection to + HTTP/1.1, 2018-12-06): with NTLM, we can switch to HTTP/1.1 + preemptively. However, with other (Negotiate) authentication it is not + clear to this developer whether there is a way to make it work with + HTTP/2, so let's try HTTP/2 first and fall back in case we encounter the + error HTTP_1_1_REQUIRED. + + Note: we will still keep the NTLM workaround, as it avoids an extra + round trip. + + Daniel Stenberg helped a lot with this patch, in particular by + suggesting to introduce the Curl_h2_http_1_1_error() function. + + Closes #3349 + + Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> + +- [Ben Greear brought this change] + + openssl: fix unused variable compiler warning with old openssl + + URL: https://curl.haxx.se/mail/lib-2018-11/0055.html + + Closes #3347 + +- [Johannes Schindelin brought this change] + + NTLM: force the connection to HTTP/1.1 + + Since v7.62.0, cURL tries to use HTTP/2 whenever the server announces + the capability. However, NTLM authentication only works with HTTP/1.1, + and will likely remain in that boat (for details, see + https://docs.microsoft.com/en-us/iis/get-started/whats-new-in-iis-10/http2-on-iis#when-is-http2-not-supported). + + When we just found out that we want to use NTLM, and when the current + connection runs in HTTP/2 mode, let's force the connection to be closed + and to be re-opened using HTTP/1.1. + + Fixes https://github.com/curl/curl/issues/3341. + Closes #3345 + + Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> + +- [Johannes Schindelin brought this change] + + curl_global_sslset(): id == -1 is not necessarily an error + + It is allowed to call that function with id set to -1, specifying the + backend by the name instead. We should imitate what is done further down + in that function to allow for that. + + Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> + + Closes #3346 + +Johannes Schindelin (6 Dec 2018) +- .gitattributes: make tabs in indentation a visible error + + Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> + +Daniel Stenberg (6 Dec 2018) +- RELEASE-NOTES: synced + +- doh: fix memory leak in OOM situation + + Reviewed-by: Daniel Gustafsson + Closes #3342 + +- doh: make it work for h2-disabled builds too + + Reported-by: dtmsecurity at github + Fixes #3325 + Closes #3336 + +- packages: remove old leftover files and dirs + + This subdir has mostly become an attic of never-used cruft from the + past. + + Closes #3331 + +- [Gergely Nagy brought this change] + + openssl: do not use file BIOs if not requested + + Moves the file handling BIO calls to the branch of the code where they + are actually used. + + Closes #3339 + +- [Paul Howarth brought this change] + + nss: Fix compatibility with nss versions 3.14 to 3.15 + +- [Paul Howarth brought this change] + + nss: Improve info message when falling back SSL protocol + + Use descriptive text strings rather than decimal numbers. + +- [Paul Howarth brought this change] + + nss: Fall back to latest supported SSL version + + NSS may be built without support for the latest SSL/TLS versions, + leading to "SSL version range is not valid" errors when the library + code supports a recent version (e.g. TLS v1.3) but it has explicitly + been disabled. + + This change adjusts the maximum SSL version requested by libcurl to + be the maximum supported version at runtime, as long as that version + is at least as high as the minimum version required by libcurl. + + Fixes #3261 + +Daniel Gustafsson (3 Dec 2018) +- travis: enable COPYRIGHTYEAR extended warning + + The extended warning for checking incorrect COPYRIGHTYEAR is quite + expensive to run, so rather than expecting every developer to do it + we ensure it's turned on locally for Travis. + +- checksrc: add COPYRIGHTYEAR check + + Forgetting to bump the year in the copyright clause when hacking has + been quite common among curl developers, but a traditional checksrc + check isn't a good fit as it would penalize anyone hacking on January + 1st (among other things). This adds a more selective COPYRIGHTYEAR + check which intends to only cover the currently hacked on changeset. + + The check for updated copyright year is currently not enforced on all + files but only on files edited and/or committed locally. This is due to + the amount of files which aren't updated with their correct copyright + year at the time of their respective commit. + + To further avoid running this expensive check for every developer, it + adds a new local override mode for checksrc where a .checksrc file can + be used to turn on extended warnings locally. + + Closes #3303 + Reviewed-by: Daniel Stenberg <daniel@haxx.se> + +Daniel Stenberg (3 Dec 2018) +- CHECKSRC.md: document more warnings + + Closes #3335 + [ci skip] + +- RELEASE-NOTES: synced + +- SECURITY-PROCESS: bountygraph shuts down + + This backpedals back the documents to the state before bountygraph. + + Closes #3311 + +- curl: fix memory leak reading --writeout from file + + If another string had been set first, the writout function for reading + the syntax from file would leak the previously allocated memory. + + Reported-by: Brian Carpenter + Fixes #3322 + Closes #3330 + +- tool_main: rename function to make it unique and better + + ... there's already another function in the curl tool named + free_config_fields! + +Daniel Gustafsson (29 Nov 2018) +- TODO: remove CURLOPT_DNS_USE_GLOBAL_CACHE entry + + Commit 7c5837e79280e6abb3ae143dfc49bca5e74cdd11 deprecated the option + making it a manual code-edit operation to turn it back on. The removal + process has thus started and is now documented in docs/DEPRECATE.md so + remove from the TODO to avoid anyone looking for something to pick up + spend cycles on an already in-progress entry. + + Reviewed-by: Daniel Stenberg <daniel@haxx.se> + +Jay Satiro (29 Nov 2018) +- [Sevan Janiyan brought this change] + + connect: fix building for recent versions of Minix + + EBADIOCTL doesn't exist on more recent Minix. + There have also been substantial changes to the network stack. + Fixes build on Minix 3.4rc + + Closes https://github.com/curl/curl/pull/3323 + +- [Konstantin Kushnir brought this change] + + CMake: fix MIT/Heimdal Kerberos detection + + - fix syntax error in FindGSS.cmake + - correct krb5 include directory. FindGSS exports + "GSS_INCLUDE_DIR" variable. + + Closes https://github.com/curl/curl/pull/3316 + +Daniel Stenberg (28 Nov 2018) +- test328: verify Content-Encoding: none + + Because of issue #3315 + + Closes #3317 + +- [James Knight brought this change] + + configure: include all libraries in ssl-libs fetch + + When compiling a collection of SSL libraries to link against (SSL_LIBS), + ensure all libraries are included. The call `--libs-only-l` can produce + only a subset of found in a `--libs` call (e.x. pthread may be excluded). + Adding `--libs-only-other` ensures other libraries are also included in + the list. This corrects select build environments compiling against a + static version of OpenSSL. Before the change, the following could be + observed: + + checking for openssl options with pkg-config... found + configure: pkg-config: SSL_LIBS: "-lssl -lz -ldl -lcrypto -lz -ldl " + configure: pkg-config: SSL_LDFLAGS: "-L/home/jdknight/<workdir>/staging/usr/lib -L/home/jdknight/<workdir>/staging/usr/lib " + configure: pkg-config: SSL_CPPFLAGS: "-I/home/jdknight/<workdir>/staging/usr/include " + checking for HMAC_Update in -lcrypto... no + checking for HMAC_Init_ex in -lcrypto... no + checking OpenSSL linking with -ldl... no + checking OpenSSL linking with -ldl and -lpthread... no + configure: WARNING: SSL disabled, you will not be able to use HTTPS, FTPS, NTLM and more. + configure: WARNING: Use --with-ssl, --with-gnutls, --with-polarssl, --with-cyassl, --with-nss, --with-axtls, --with-winssl, or --with-darwinssl to address this. + ... + SSL support: no (--with-{ssl,gnutls,nss,polarssl,mbedtls,cyassl,axtls,winssl,darwinssl} ) + ... + + And include the other libraries when compiling SSL_LIBS succeeds with: + + checking for openssl options with pkg-config... found + configure: pkg-config: SSL_LIBS: "-lssl -lz -ldl -pthread -lcrypto -lz -ldl -pthread " + configure: pkg-config: SSL_LDFLAGS: "-L/home/jdknight/<workdir>/staging/usr/lib -L/home/jdknight/<workdir>/staging/usr/lib " + configure: pkg-config: SSL_CPPFLAGS: "-I/home/jdknight/<workdir>/staging/usr/include " + checking for HMAC_Update in -lcrypto... yes + checking for SSL_connect in -lssl... yes + ... + SSL support: enabled (OpenSSL) + ... + + Signed-off-by: James Knight <james.d.knight@live.com> + Closes #3193 + +Daniel Gustafsson (26 Nov 2018) +- doh: fix typo in infof call + + Reviewed-by: Daniel Stenberg <daniel@haxx.se> + +- cmdline-opts/gen.pl: define the correct varname + + The variable definition had a small typo making it declare another + variable then the intended. + + Closes #3304 + Reviewed-by: Daniel Stenberg <daniel@haxx.se> + +Daniel Stenberg (25 Nov 2018) +- RELEASE-NOTES: synced + +- curl_easy_perform: fix timeout handling + + curl_multi_wait() was erroneously used from within + curl_easy_perform(). It could lead to it believing there was no socket + to wait for and then instead sleep for a while instead of monitoring the + socket and then miss acting on that activity as swiftly as it should + (causing an up to 1000 ms delay). + + Reported-by: Antoni Villalonga + Fixes #3305 + Closes #3306 + Closes #3308 + +- CURLOPT_WRITEFUNCTION.3: spell out that it gets called many times + +- cookies: create the cookiejar even if no cookies to save + + Important for when the file is going to be read again and thus must not + contain old contents! + + Adds test 327 to verify. + + Reported-by: daboul on github + Fixes #3299 + Closes #3300 + +- checksrc: ban snprintf use, add command line flag to override warns + +- snprintf: renamed and we now only use msnprintf() + + The function does not return the same value as snprintf() normally does, + so readers may be mislead into thinking the code works differently than + it actually does. A different function name makes this easier to detect. + + Reported-by: Tomas Hoger + Assisted-by: Daniel Gustafsson + Fixes #3296 + Closes #3297 + +- [Tobias Hintze brought this change] + + test: update test20/1322 for eglibc bug workaround + + The tests 20 and 1322 are using getaddrinfo of libc for resolving. In + eglibc-2.19 there is a memory leakage and invalid free bug which + surfaces in some special circumstances (PF_UNSPEC hint with invalid or + non-existent names). The valgrind runs in testing fail in these + situations. + + As the tests 20/1322 are not specific on either protocol (IPv4/IPv6) + this commit changes the hints to IPv4 protocol by passing `--ipv4` flag + on the tests' command line. This prevents the valgrind failures. + +- [Tobias Hintze brought this change] + + host names: allow trailing dot in name resolve, then strip it + + Delays stripping of trailing dots to after resolving the hostname. + + Fixes #3022 + Closes #3222 + +- [UnknownShadow200 brought this change] + + CURLOPT_HEADERFUNCTION.3: match 'nitems' name in synopsis and description + + Closes #3295 + +Daniel Gustafsson (21 Nov 2018) +- configure: Fix typo in comment + +Michael Kaufmann (21 Nov 2018) +- openssl: support session resume with TLS 1.3 + + Session resumption information is not available immediately after a TLS 1.3 + handshake. The client must wait until the server has sent a session ticket. + + Use OpenSSL's "new session" callback to get the session information and put it + into curl's session cache. For TLS 1.3 sessions, this callback will be invoked + after the server has sent a session ticket. + + The "new session" callback is invoked only if OpenSSL's session cache is + enabled, so enable it and use the "external storage" mode which lets curl manage + the contents of the session cache. + + A pointer to the connection data and the sockindex are now saved as "SSL extra + data" to make them available to the callback. + + This approach also works for old SSL/TLS versions and old OpenSSL versions. + + Reviewed-by: Daniel Stenberg <daniel@haxx.se> + + Fixes #3202 + Closes #3271 + +- ssl: fix compilation with OpenSSL 0.9.7 + + - ENGINE_cleanup() was used without including "openssl/engine.h" + - enable engine support for OpenSSL 0.9.7 + + Closes #3266 + +Daniel Stenberg (21 Nov 2018) +- openssl: disable TLS renegotiation with BoringSSL + + Since we're close to feature freeze, this change disables this feature + with an #ifdef. Define ALLOW_RENEG at build-time to enable. + + This could be converted to a bit for CURLOPT_SSL_OPTIONS to let + applications opt-in this. + + Concern-raised-by: David Benjamin + Fixes #3283 + Closes #3293 + +- [Romain Fliedel brought this change] + + ares: remove fd from multi fd set when ares is about to close the fd + + When using c-ares for asyn dns, the dns socket fd was silently closed + by c-ares without curl being aware. curl would then 'realize' the fd + has been removed at next call of Curl_resolver_getsock, and only then + notify the CURLMOPT_SOCKETFUNCTION to remove fd from its poll set with + CURL_POLL_REMOVE. At this point the fd is already closed. + + By using ares socket state callback (ARES_OPT_SOCK_STATE_CB), this + patch allows curl to be notified that the fd is not longer needed + for neither for write nor read. At this point by calling + Curl_multi_closed we are able to notify multi with CURL_POLL_REMOVE + before the fd is actually closed by ares. + + In asyn-ares.c Curl_resolver_duphandle we can't use ares_dup anymore + since it does not allow passing a different sock_state_cb_data + + Closes #3238 + +- [Romain Fliedel brought this change] + + examples/ephiperfifo: report error when epoll_ctl fails + +Daniel Gustafsson (20 Nov 2018) +- [pkubaj brought this change] + + ntlm: Remove redundant ifdef USE_OPENSSL + + lib/curl_ntlm.c had code that read as follows: + + #ifdef USE_OPENSSL + # ifdef USE_OPENSSL + # else + # .. + # endif + #endif + + Remove the redundant USE_OPENSSL along with #else (it's not possible to + reach it anyway). The removed construction is a leftover from when the + SSLeay support was removed. + + Closes #3269 + Reviewed-by: Daniel Gustafsson <daniel@yesql.se> + Reviewed-by: Daniel Stenberg <daniel@haxx.se> + +Daniel Stenberg (20 Nov 2018) +- [Han Han brought this change] + + ssl: replace all internal uses of CURLE_SSL_CACERT + + Closes #3291 + +Han Han (19 Nov 2018) +- docs: add more description to unified ssl error codes + +- curle: move deprecated error code to ifndef block + +Patrick Monnerat (19 Nov 2018) +- os400: add CURLOPT_CURLU to ILE/RPG binding. + +- os400: Add curl_easy_conn_upkeep() to ILE/RPG binding. + +- os400: fix return type of curl_easy_pause() in ILE/RPG binding. + +Daniel Stenberg (19 Nov 2018) +- RELEASE-NOTES: synced + +- impacket: add LICENSE + + The license for the impacket package was not in our tree. + + Imported now from upstream's + https://github.com/SecureAuthCorp/impacket/blob/master/LICENSE + + Reported-by: infinnovation-dev on github + Fixes #3276 + Closes #3277 + +Daniel Gustafsson (18 Nov 2018) +- tool_doswin: Fix uninitialized field warning + + The partial struct initialization in 397664a065abffb7c3445ca9 caused + a warning on uninitialized MODULEENTRY32 struct members: + + /src/tool_doswin.c:681:3: warning: missing initializer for field + 'th32ModuleID' of 'MODULEENTRY32 {aka struct tagMODULEENTRY32}' + [-Wmissing-field-initializers] + + This is sort of a bogus warning as the remaining members will be set + to zero by the compiler, as all omitted members are. Nevertheless, + remove the warning by omitting all members and setting the dwSize + members explicitly. + + Closes #3254 + Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com> + Reviewed-by: Jay Satiro <raysatiro@yahoo.com> + +- openssl: Remove SSLEAY leftovers + + Commit 709cf76f6bb7dbac deprecated USE_SSLEAY, as curl since long isn't + compatible with the SSLeay library. This removes the few leftovers that + were omitted in the less frequently used platform targets. + + Closes #3270 + Reviewed-by: Daniel Stenberg <daniel@haxx.se> + +Daniel Stenberg (16 Nov 2018) +- [Elia Tufarolo brought this change] + + http_negotiate: do not close connection until negotiation is completed + + Fix HTTP POST using CURLAUTH_NEGOTIATE. + + Closes #3275 + +- pop3: only do APOP with a valid timestamp + + Brought-by: bobmitchell1956 on github + Fixes #3278 + Closes #3279 + +Jay Satiro (16 Nov 2018) +- [Peter Wu brought this change] + + openssl: do not log excess "TLS app data" lines for TLS 1.3 + + The SSL_CTX_set_msg_callback callback is not just called for the + Handshake or Alert protocols, but also for the raw record header + (SSL3_RT_HEADER) and the decrypted inner record type + (SSL3_RT_INNER_CONTENT_TYPE). Be sure to ignore the latter to avoid + excess debug spam when using `curl -v` against a TLSv1.3-enabled server: + + * TLSv1.3 (IN), TLS app data, [no content] (0): + + (Following this message, another callback for the decrypted + handshake/alert messages will be be present anyway.) + + Closes https://github.com/curl/curl/pull/3281 + +Marc Hoersken (15 Nov 2018) +- tests: disable SO_EXCLUSIVEADDRUSE for stunnel on Windows + + SO_EXCLUSIVEADDRUSE is on by default on Vista or newer, + but does not work together with SO_REUSEADDR being on. + + The default changes were made with stunnel 5.34 and 5.35. + +Daniel Stenberg (13 Nov 2018) +- [Kamil Dudka brought this change] + + nss: remove version selecting dead code + + Closes #3262 + +- nss: set default max-tls to 1.3/1.2 + + Fixes #3261 + +Daniel Gustafsson (13 Nov 2018) +- tool_cb_wrt: Silence function cast compiler warning + + Commit 5bfaa86ceb3c2a9ac474a928e748c4a86a703b33 introduced a new + compiler warning on Windows cross compilation with GCC. See below + for an example of the warning from the autobuild logs (whitespace + edited to fit): + + /src/tool_cb_wrt.c:175:9: warning: cast from function call of type + 'intptr_t {aka long long int}' to non-matching type 'void *' + [-Wbad-function-cast] + (HANDLE) _get_osfhandle(fileno(outs->stream)), + ^ + + Store the return value from _get_osfhandle() in an intermediate + variable and cast the variable in WriteConsoleW() rather than the + function call directly to avoid a compiler warning. + + In passing, also add inspection of the MultiByteToWideChar() return + value and return failure in case an error is reported. + + Closes #3263 + Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com> + Reviewed-by: Viktor Szakats <commit@vszakats.net> + +Daniel Stenberg (12 Nov 2018) +- nss: fix fallthrough comment to fix picky compiler warning + +- docs: expanded on some CURLU details + +- [Tim Rühsen brought this change] + + ftp: avoid two unsigned int overflows in FTP listing parser + + Curl_ftp_parselist: avoid unsigned integer overflows + + The overflow has no real world impact, just avoid it for "best + practice". + + Closes #3225 + +- curl: --local-port range was not "including" + + The end port number in a given range was not included in the range used, + as it is documented to be. + + Reported-by: infinnovation-dev on github + Fixes #3251 + Closes #3255 + +- [Jérémy Rocher brought this change] + + openssl: support BoringSSL TLS renegotiation + + As per BoringSSL porting documentation [1], BoringSSL rejects peer + renegotiations by default. + + curl fails when trying to authenticate to server through client + certificate if it is requested by server after the initial TLS + handshake. + + Enable renegotiation by default with BoringSSL to get same behavior as + with OpenSSL. This is done by calling SSL_set_renegotiate_mode [2] + which was introduced in commit 1d5ef3bb1eb9 [3]. + + 1 - https://boringssl.googlesource.com/boringssl/+/HEAD/PORTING.md#tls-renegotiation + 2 - https://boringssl.googlesource.com/boringssl/+/master/include/openssl/ssl.h#3482 + 3 - https://boringssl.googlesource.com/boringssl/+/1d5ef3bb1eb97848617db5e7d633d735a401df86 + + Signed-off-by: Jérémy Rocher <rocher.jeremy@gmail.com> + Fixes #3258 + Closes #3259 + +- HISTORY: add some milestones + + Added a few of the more notable milestones in curl history that were + missing. Primarily more recent ones but I also noted some older that + could be worth mentioning. + + [ci skip] + Closes #3257 + +Daniel Gustafsson (9 Nov 2018) +- KNOWN_BUGS: add --proxy-any connection issue + + Add the identified issue with --proxy-any and proxy servers which + advertise authentication schemes other than the supported one. + + Closes #876 + Closes #3250 + Reported-by: NTMan on Github + Reviewed-by: Daniel Stenberg <daniel@haxx.se> + +Daniel Stenberg (9 Nov 2018) +- [Jim Fuller brought this change] + + setopt: add CURLOPT_CURLU + + Allows an application to pass in a pre-parsed URL via a URL handle. + + Closes #3227 + +- [Gisle Vanem brought this change] + + docs: ESCape "\n" codes + + Groff / Troff will display a: + printaf("Errno: %ld\n", error); + as: + printf("Errno: %ld0, error); + + when a "\n" is not escaped. Use "\\n" instead. + + Closes #3246 + +- curl: --local-port fix followup + + Regression by 52db54869e6. + + Reported-by: infinnovation-dev on github + Fixes #3248 + Closes #3249 + +GitHub (7 Nov 2018) +- [Gisle Vanem brought this change] + + More "\n" ESCaping + +Daniel Stenberg (7 Nov 2018) +- RELEASE-NOTES: synced + +- curl: fix --local-port integer overflow + + The tool's local port command line range parser didn't check for integer + overflows and could pass "weird" data to libcurl for this option. + libcurl however, has a strict range check for the values so it rejects + anything outside of the accepted range. + + Reported-by: Brian Carpenter + Closes #3242 + +- curl: correct the switch() logic in ourWriteOut + + Follow-up to e431daf013, as I did the wrong correction for a compiler + warning. It should be a break and not a fall-through. + + Pointed-out-by: Frank Gevaerts + +- [Frank Gevaerts brought this change] + + curl: add %{stderr} and %{stdout} for --write-out + + Closes #3115 + +Daniel Gustafsson (7 Nov 2018) +- winssl: be consistent in Schannel capitalization + + The productname from Microsoft is "Schannel", but in infof/failf + reporting we use "schannel". This removes different versions. + + Closes #3243 + Reviewed-by: Daniel Stenberg <daniel@haxx.se> + +Daniel Stenberg (7 Nov 2018) +- TODO: Have the URL API offer IDN decoding + + Similar to how URL decoding/encoding is done, we could have URL + functions to convert IDN host names to punycode. + + Suggested-by: Alexey Melnichuk + Closes #3232 + +- urlapi: only skip encoding the first '=' with APPENDQUERY set + + APPENDQUERY + URLENCODE would skip all equals signs but now it only skip + encoding the first to better allow "name=content" for any content. + + Reported-by: Alexey Melnichuk + Fixes #3231 + Closes #3231 + +- url: a short host name + port is not a scheme + + The function identifying a leading "scheme" part of the URL considered a + few letters ending with a colon to be a scheme, making something like + "short:80" to become an unknown scheme instead of a short host name and + a port number. + + Extended test 1560 to verify. + + Also fixed test203 to use file_pwd to make it get the correct path on + windows. Removed test 2070 since it was a duplicate of 203. + + Assisted-by: Marcel Raad + Reported-by: Hagai Auro + Fixes #3220 + Fixes #3233 + Closes #3223 + Closes #3235 + +- [Sangamkar brought this change] + + libcurl: stop reading from paused transfers + + In the transfer loop it would previously not acknwledge the pause bit + and continue until drained or loop ended. + + Closes #3240 + +Jay Satiro (6 Nov 2018) +- tool: add undocumented option --dump-module-paths for win32 + + - Add an undocumented diagnostic option for Windows to show the full + paths of all loaded modules regardless of whether or not libcurl + initialization succeeds. + + This is needed so that in the CI we can get a list of all DLL + dependencies after initialization (when they're most likely to have + finished loading) and then package them as artifacts so that a + functioning build can be downloaded. Also I imagine it may have some use + as a diagnostic for help requests. + + Ref: https://github.com/curl/curl/pull/3103 + + Closes https://github.com/curl/curl/pull/3208 + +- curl_multibyte: fix a malloc overcalculation + + Prior to this change twice as many bytes as necessary were malloc'd when + converting wchar to UTF8. To allay confusion in the future I also + changed the variable name for the amount of bytes from len to bytes. + + Closes https://github.com/curl/curl/pull/3209 + +Michael Kaufmann (5 Nov 2018) +- netrc: don't ignore the login name specified with "--user" + + - for "--netrc", don't ignore the login/password specified with "--user", + only ignore the login/password in the URL. + This restores the netrc behaviour of curl 7.61.1 and earlier. + - fix the documentation of CURL_NETRC_REQUIRED + - improve the detection of login/password changes when reading .netrc + - don't read .netrc if both login and password are already set + + Fixes #3213 + Closes #3224 + +Patrick Monnerat (5 Nov 2018) +- OS400: add URL API ccsid wrappers and sync ILE/RPG bindings + +Daniel Stenberg (5 Nov 2018) +- [Yasuhiro Matsumoto brought this change] + + curl: fixed UTF-8 in current console code page (Windows) + + Fixes #3211 + Fixes #3175 + Closes #3212 + +- TODO: 2.6 multi upkeep + + Closes #3199 + +Daniel Gustafsson (5 Nov 2018) +- unittest: make 1652 stable across collations + + The previous coding used a format string whose output depended on the + current locale of the environment running the test. Since the gist of + the test is to have a format string, with the actual formatting being + less important, switch to a more stable formatstring with decimals. + + Reported-by: Marcel Raad + Closes #3234 + Reviewed-by: Daniel Stenberg <daniel@haxx.se> + Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com> + +Daniel Stenberg (5 Nov 2018) +- Revert "url: a short host name + port is not a scheme" + + This reverts commit 226cfa8264cd979eff3fd52c0f3585ef095e7cf2. + + This commit caused test failures on appveyor/windows. Work on fixing them is + in #3235. + +- symbols-in-versions: add missing CURLU_ symbols + + ...and fix symbol-scan.pl to also scan urlapi.h + + Reported-by: Alexey Melnichuk + Fixes #3226 + Closes #3230 + +Daniel Gustafsson (3 Nov 2018) +- infof: clearly indicate truncation + + The internal buffer in infof() is limited to 2048 bytes of payload plus + an additional byte for NULL termination. Servers with very long error + messages can however cause truncation of the string, which currently + isn't very clear, and leads to badly formatted output. + + This appends a "...\n" (or just "..." in case the format didn't with a + newline char) marker to the end of the string to clearly show + that it has been truncated. + + Also include a unittest covering infof() to try and catch any bugs + introduced in this quite important function. + + Closes #3216 + Reviewed-by: Daniel Stenberg <daniel@haxx.se> + Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com> + +Michael Kaufmann (3 Nov 2018) +- tool_getparam: fix some comments + +Daniel Stenberg (3 Nov 2018) +- url: a short host name + port is not a scheme + + The function identifying a leading "scheme" part of the URL considered a few + letters ending with a colon to be a scheme, making something like "short:80" + to become an unknown scheme instead of a short host name and a port number. + + Extended test 1560 to verify. + + Reported-by: Hagai Auro + Fixes #3220 + Closes #3223 + +- URL: fix IPv6 numeral address parser + + Regression from 46e164069d1a52. Extended test 1560 to verify. + + Reported-by: tpaukrt on github + Fixes #3218 + Closes #3219 + +- travis: remove curl before a normal build + + on Linux. To make sure the test suite runs with its newly build tool and + doesn't require an external one present. + + Bug: #3198 + Closes #3200 + +- [Tim Rühsen brought this change] + + mprintf: avoid unsigned integer overflow warning + + The overflow has no real world impact. + Just avoid it for "best practice". + + Code change suggested by "The Infinnovation Team" and Daniel Stenberg. + Closes #3184 + +- Curl_follow: accept non-supported schemes for "fake" redirects + + When not actually following the redirect and the target URL is only + stored for later retrieval, curl always accepted "non-supported" + schemes. This was a regression from 46e164069d1a5230. + + Reported-by: Brad King + Fixes #3210 + Closes #3215 + +Daniel Gustafsson (2 Nov 2018) +- openvms: fix example name + + Commit efc696a2e09225bfeab4 renamed persistant.c to persistent.c to + fix the typo in the name, but missed to update the OpenVMS package + files which still looked for the old name. + + Closes #3217 + Reviewed-by: Daniel Stenberg <daniel@haxx.se> + Reviewed-by: Viktor Szakats <commit@vszakats.net> + +Daniel Stenberg (1 Nov 2018) +- configure: show CFLAGS, LDFLAGS etc in summary + + To make it easier to understand other people's and remote builds etc. + + Closes #3207 + +- version: bump for next cycle + +- axtls: removed + + As has been outlined in the DEPRECATE.md document, the axTLS code has + been disabled for 6 months and is hereby removed. + + Use a better supported TLS library! + + Assisted-by: Daniel Gustafsson + Closes #3194 + +- [marcosdiazr brought this change] + + schannel: make CURLOPT_CERTINFO support using Issuer chain + + Closes #3197 + +- travis: build with sanitize=address,undefined,signed-integer-overflow + + ... using clang + + Closes #3190 + +- schannel: use Curl_ prefix for global private symbols + + Curl_verify_certificate() must use the Curl_ prefix since it is globally + available in the lib and otherwise steps outside of our namespace! + + Closes #3201 + +Kamil Dudka (1 Nov 2018) +- tests: drop http_pipe.py script no longer used + + It is unused since commit f7208df7d9d5cd5e15e2d89237e828f32b63f135. + + Closes #3204 + +Daniel Stenberg (31 Oct 2018) +- runtests: use the local curl for verifying + + ... revert the mistaken change brought in commit 8440616f53. + + Reported-by: Alessandro Ghedini + Bug: https://curl.haxx.se/mail/lib-2018-10/0118.html + + Closes #3198 + +Version 7.62.0 (30 Oct 2018) + +Daniel Stenberg (30 Oct 2018) +- RELEASE-NOTES: 7.62.0 + +- THANKS: 7.62.0 status + +Daniel Gustafsson (30 Oct 2018) +- vtls: add MesaLink to curl_sslbackend enum + + MesaLink support was added in commit 57348eb97d1b8fc3742e02c but the + backend was never added to the curl_sslbackend enum in curl/curl.h. + This adds the new backend to the enum and updates the relevant docs. + + Closes #3195 + Reviewed-by: Daniel Stenberg <daniel@haxx.se> + +Daniel Stenberg (30 Oct 2018) +- [Ruslan Baratov brought this change] + + cmake: Remove unused CURL_CONFIG_HAS_BEEN_RUN_BEFORE variable + + Closes #3191 + +- test2080: verify the fix for CVE-2018-16842 + +- voutf: fix bad arethmetic when outputting warnings to stderr + + CVE-2018-16842 + Reported-by: Brian Carpenter + Bug: https://curl.haxx.se/docs/CVE-2018-16842.html + +- [Tuomo Rinne brought this change] + + cmake: uniform ZLIB to use USE_ variable and clean curl-config.cmake.in + + Closes #3123 + +- [Tuomo Rinne brought this change] + + cmake: add find_dependency call for ZLIB to CMake config file + +- [Tuomo Rinne brought this change] + + cmake: add support for transitive ZLIB target + +- unit1650: fix "null pointer passed as argument 1 to memcmp" + + Detected by UndefinedBehaviorSanitizer + + Closes #3187 + +- travis: add a "make tidy" build that runs clang-tidy + + Closes #3182 + +- unit1300: fix stack-use-after-scope AddressSanitizer warning + + Closes #3186 + +- Curl_auth_create_plain_message: fix too-large-input-check + + CVE-2018-16839 + Reported-by: Harry Sintonen + Bug: https://curl.haxx.se/docs/CVE-2018-16839.html + +- Curl_close: clear data->multi_easy on free to avoid use-after-free + + Regression from b46cfbc068 (7.59.0) + CVE-2018-16840 + Reported-by: Brian Carpenter (Geeknik Labs) + + Bug: https://curl.haxx.se/docs/CVE-2018-16840.html + +- [randomswdev brought this change] + + system.h: use proper setting with Sun C++ as well + + system.h selects the proper Sun settings when __SUNPRO_C is defined. The + Sun compiler does not define it when compiling C++ files. I'm adding a + check also on __SUNPRO_CC to allow curl to work properly also when used + in a C++ project on Sun Solaris. + + Closes #3181 + +- rand: add comment to skip a clang-tidy false positive + +- test1651: unit test Curl_extract_certinfo() + + The version used for Gskit, NSS, GnuTLS, WolfSSL and schannel. + +- x509asn1: always check return code from getASN1Element() + +- Makefile: add 'tidy' target that runs clang-tidy + + Available in the root, src and lib dirs. + + Closes #3163 + +- RELEASE-PROCEDURE: adjust the release dates + + See: https://curl.haxx.se/mail/lib-2018-10/0107.html + +Patrick Monnerat (27 Oct 2018) +- x509asn1: suppress left shift on signed value + + Use an unsigned variable: as the signed operation behavior is undefined, + this change silents clang-tidy about it. + + Ref: https://github.com/curl/curl/pull/3163 + Reported-By: Daniel Stenberg + +Michael Kaufmann (27 Oct 2018) +- multi: Fix error handling in the SENDPROTOCONNECT state + + If Curl_protocol_connect() returns an error code, + handle the error instead of switching to the next state. + + Closes #3170 + +Daniel Stenberg (27 Oct 2018) +- RELEASE-NOTES: synced + +- openssl: output the correct cipher list on TLS 1.3 error + + When failing to set the 1.3 cipher suite, the wrong string pointer would + be used in the error message. Most often saying "(nil)". + + Reported-by: Ricky-Tigg on github + Fixes #3178 + Closes #3180 + +- docs/CIPHERS: fix the TLS 1.3 cipher names + + ... picked straight from the OpenSSL man page: + https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_ciphersuites.html + + Reported-by: Ricky-Tigg on github + Bug: #3178 + +Marcel Raad (27 Oct 2018) +- travis: install gnutls-bin package + + This is required for gnutls-serv, which enables a few more tests. + + Closes https://github.com/curl/curl/pull/2958 + +Daniel Gustafsson (26 Oct 2018) +- ssh: free the session on init failures + + Ensure to clear the session object in case the libssh2 initialization + fails. + + It could be argued that the libssh2 error function should be called to + get a proper error message in this case. But since the only error path + in libssh2_knownhost_init() is memory a allocation failure it's safest + to avoid since the libssh2 error handling allocates memory. + + Closes #3179 + Reviewed-by: Daniel Stenberg <daniel@haxx.se> + +Daniel Stenberg (26 Oct 2018) +- docs/RELEASE-PROCEDURE: remove old entries, modify the Dec 2018 date + + ... I'm moving it up one week due to travels. The rest stays. + +- [Daniel Gustafsson brought this change] + + openssl: make 'done' a proper boolean + + Closes #3176 + +- gtls: Values stored to but never read + + Detected by clang-tidy + + Closes #3176 + +- [Alexey Eremikhin brought this change] + + curl.1: --ipv6 mutexes ipv4 (fixed typo) + + Fixes #3171 + Closes #3172 + +- tool_main: make TerminalSettings static + + Reported-by: Gisle Vanem + Bug: https://github.com/curl/curl/commit/becfe1233ff2b6b0c3e1b6a10048b55b68c2539f#commitcomment-31008819 + Closes #3161 + +- curl-config.in: remove dependency on bc + + Reported-by: Dima Pasechnik + Fixes #3143 + Closes #3174 + +- [Gisle Vanem brought this change] + + rtmp: fix for compiling with lwIP + + Compiling on _WIN32 and with USE_LWIPSOCK, causes this error: + curl_rtmp.c(223,3): error: use of undeclared identifier 'setsockopt' + setsockopt(r->m_sb.sb_socket, SOL_SOCKET, SO_RCVTIMEO, + ^ + curl_rtmp.c(41,32): note: expanded from macro 'setsockopt' + #define setsockopt(a,b,c,d,e) (setsockopt)(a,b,c,(const char *)d,(int)e) + ^ + Closes #3155 + +- configure: remove CURL_CONFIGURE_CURL_SOCKLEN_T + + Follow-up to #3166 which did the cmake part of this. This type/define is + not used. + + Closes #3168 + +- [Ruslan Baratov brought this change] + + cmake: remove unused variables + + Remove variables: + * HAVE_SOCKLEN_T + * CURL_SIZEOF_CURL_SOCKLEN_T + * CURL_TYPEOF_CURL_SOCKLEN_T + + Closes #3166 + +Michael Kaufmann (25 Oct 2018) +- urldata: Fix comment in header + + The "connecting" function is used by multiple protocols, not only FTP + +- netrc: free temporary strings if memory allocation fails + + - Change the inout parameters after all needed memory has been + allocated. Do not change them if something goes wrong. + - Free the allocated temporary strings if strdup() fails. + + Closes #3122 + +Daniel Stenberg (24 Oct 2018) +- [Ruslan Baratov brought this change] + + config: Remove unused SIZEOF_VOIDP + + Closes #3162 + +- RELEASE-NOTES: synced + +GitHub (23 Oct 2018) +- [Gisle Vanem brought this change] + + Fix for compiling with lwIP (3) + + lwIP on Windows does not have a WSAIoctl() function. + But it do have a SO_SNDBUF option to lwip_setsockopt(). But it currently does nothing. + +Daniel Stenberg (23 Oct 2018) +- Curl_follow: return better errors on URL problems + + ... by making the converter function global and accessible. + + Closes #3153 + +- Curl_follow: remove remaining free(newurl) + + Follow-up to 05564e750e8f0c. This function no longer frees the passed-in + URL. + + Reported-by: Michael Kaufmann + Bug: https://github.com/curl/curl/commit/05564e750e8f0c79016c680f301ce251e6e86155#commitcomm + ent-30985666 + +Daniel Gustafsson (23 Oct 2018) +- headers: end all headers with guard comment + + Most headerfiles end with a /* <headerguard> */ comment, but it was + missing from some. The comment isn't the most important part of our + code documentation but consistency has an intrinsic value in itself. + This adds header guard comments to the files that were lacking it. + + Closes #3158 + Reviewed-by: Jay Satiro <raysatiro@yahoo.com> + Reviewed-by: Daniel Stenberg <daniel@haxx.se> + +Jay Satiro (23 Oct 2018) +- CIPHERS.md: Mention the options used to set TLS 1.3 ciphers + + Closes https://github.com/curl/curl/pull/3159 + +Daniel Stenberg (20 Oct 2018) +- docs/BUG-BOUNTY: the sponsors actually decide the amount + + Retract the previous approach as the sponsors will be the ones to set the + final amounts. + + Closes #3152 + [ci skip] + +- multi: avoid double-free + + Curl_follow() no longer frees the string. Make sure it happens in the + caller function, like we normally handle allocations. + + This bug was introduced with the use of the URL API internally, it has + never been in a release version + + Reported-by: Dario Weißer + Closes #3149 + +- multi: make the closure handle "inherit" CURLOPT_NOSIGNAL + + Otherwise, closing that handle can still cause surprises! + + Reported-by: Martin Ankerl + Fixes #3138 + Closes #3147 + +Marcel Raad (19 Oct 2018) +- VS projects: add USE_IPV6 + + The Visual Studio builds didn't use IPv6. Add it to all projects since + Visual Studio 2008, which is verified to build via AppVeyor. + + Closes https://github.com/curl/curl/pull/3137 + +- config_win32: enable LDAPS + + As done in the autotools and CMake builds by default. + + Closes https://github.com/curl/curl/pull/3137 + +Daniel Stenberg (18 Oct 2018) +- travis: add build for "configure --disable-verbose" + + Closes #3144 + +Kamil Dudka (17 Oct 2018) +- tool_cb_hdr: handle failure of rename() + + Detected by Coverity. + + Closes #3140 + Reviewed-by: Jay Satiro + +Daniel Stenberg (17 Oct 2018) +- RELEASE-NOTES: synced + +- docs/SECURITY-PROCESS: the hackerone IBB program drops curl + + ... now there's only BountyGraph. + +Jay Satiro (16 Oct 2018) +- [Matthew Whitehead brought this change] + + x509asn1: Fix SAN IP address verification + + For IP addresses in the subject alternative name field, the length + of the IP address (and hence the number of bytes to perform a + memcmp on) is incorrectly calculated to be zero. The code previously + subtracted q from name.end. where in a successful case q = name.end + and therefore addrlen equalled 0. The change modifies the code to + subtract name.beg from name.end to calculate the length correctly. + + The issue only affects libcurl with GSKit SSL, not other SSL backends. + The issue is not a security issue as IP verification would always fail. + + Fixes #3102 + Closes #3141 + +Daniel Gustafsson (15 Oct 2018) +- INSTALL: mention mesalink in TLS section + + Commit 57348eb97d1b8fc3742e02c6587d2d02ff592da5 added support for the + MesaLink vtls backend, but missed updating the TLS section containing + supported backends in the docs. + + Closes #3134 + Reviewed-by: Daniel Stenberg <daniel@haxx.se> + +Marcel Raad (14 Oct 2018) +- nonblock: fix unused parameter warning + + If USE_BLOCKING_SOCKETS is defined, curlx_nonblock's arguments are not + used. + +Michael Kaufmann (13 Oct 2018) +- Curl_follow: Always free the passed new URL + + Closes #3124 + +Viktor Szakats (12 Oct 2018) +- replace rawgit links [ci skip] + + Ref: https://rawgit.com/ "RawGit has reached the end of its useful life" + Ref: https://news.ycombinator.com/item?id=18202481 + Closes https://github.com/curl/curl/pull/3131 + +Daniel Stenberg (12 Oct 2018) +- docs/BUG-BOUNTY.md: for vulns published since Aug 1st 2018 + + [ci skip] + +- travis: make distcheck scan for BOM markers + + and remove BOM from projects/wolfssl_override.props + + Closes #3126 + +Marcel Raad (11 Oct 2018) +- CMake: remove BOM + + Accidentally aded in commit 1bb86057ff07083deeb0b00f8ad35879ec4d03ea. + + Reported-by: Viktor Szakats + Ref: https://github.com/curl/curl/pull/3120#issuecomment-428673136 + +Daniel Gustafsson (10 Oct 2018) +- transfer: fix typo in comment + +Michael Kaufmann (10 Oct 2018) +- docs: add "see also" links for SSL options + + - link TLS 1.2 and TLS 1.3 options + - link proxy and non-proxy options + + Closes #3121 + +Marcel Raad (10 Oct 2018) +- AppVeyor: remove BDIR variable that sneaked in again + + Removed in ae762e1abebe3a5fe75658583c85059a0957ef6e, accidentally added + again in 9f3be5672dc4dda30ab43e0152e13d714a84d762. + +- CMake: disable -Wpedantic-ms-format + + As done in the autotools build. This is required for MinGW, which + supports only %I64 for printing 64-bit values, but warns about it. + + Closes https://github.com/curl/curl/pull/3120 + +Viktor Szakats (9 Oct 2018) +- ldap: show precise LDAP call in error message on Windows + + Also add a unique but common text ('bind via') to make it + easy to grep this specific failure regardless of platform. + + Ref: https://github.com/curl/curl/pull/878/files#diff-7a636f08047c4edb53a240f540b4ecf6R468 + Closes https://github.com/curl/curl/pull/3118 + Reviewed-by: Daniel Stenberg <daniel@haxx.se> + Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com> + +Daniel Stenberg (9 Oct 2018) +- docs/DEPRECATE: minor reformat to render nicer on web + +Daniel Gustafsson (9 Oct 2018) +- CURLOPT_SSL_VERIFYSTATUS: Fix typo + + Changes s/OSCP/OCSP/ and bumps the copyright year due to the change. + +Marcel Raad (9 Oct 2018) +- curl_setup: define NOGDI on Windows + + This avoids an ERROR macro clash between <wingdi.h> and <arpa/tftp.h> + on MinGW. + + Closes https://github.com/curl/curl/pull/3113 + +- Windows: fixes for MinGW targeting Windows Vista + + Classic MinGW has neither InitializeCriticalSectionEx nor + GetTickCount64, independent of the target Windows version. + + Closes https://github.com/curl/curl/pull/3113 + +Daniel Stenberg (8 Oct 2018) +- TODO: fixed 'API for URL parsing/splitting' + +Daniel Gustafsson (8 Oct 2018) +- KNOWN_BUGS: Fix various typos + + Closes #3112 + Reviewed-by: Daniel Stenberg <daniel@haxx.se> + +Viktor Szakats (8 Oct 2018) +- spelling fixes [ci skip] + + as detected by codespell 1.14.0 + + Closes https://github.com/curl/curl/pull/3114 + Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com> + +Daniel Stenberg (8 Oct 2018) +- RELEASE-NOTES: synced + +- curl_ntlm_wb: check aprintf() return codes + + ... when they return NULL we're out of memory and MUST return failure. + + closes #3111 + +- docs/BUG-BOUNTY: proposed additional docs + + Bug bounty explainer. See https://bountygraph.com/programs/curl + + Closes #3067 + +- [Rick Deist brought this change] + + hostip: fix check on Curl_shuffle_addr return value + + Closes #3110 + +- FILE: fix CURLOPT_NOBODY and CURLOPT_HEADER output + + Now FILE transfers send headers to the header callback like HTTP and + other protocols. Also made curl_easy_getinfo(...CURLINFO_PROTOCOL...) + work for FILE in the callbacks. + + Makes "curl -i file://.." and "curl -I file://.." work like before + again. Applied the bold header logic to them too. + + Regression from c1c2762 (7.61.0) + + Reported-by: Shaun Jackman + Fixes #3083 + Closes #3101 + +Daniel Gustafsson (7 Oct 2018) +- gskit: make sure to terminate version string + + In case a very small buffer was passed to the version function, it could + result in the buffer not being NULL-terminated since strncpy() doesn't + guarantee a terminator on an overflowed buffer. Rather than adding code + to terminate (and handle zero-sized buffers), move to using snprintf() + instead like all the other vtls backends. + + Closes #3105 + Reviewed-by: Daniel Stenberg <daniel@haxx.se> + Reviewed-by: Viktor Szakats <commit@vszakats.net> + +- TODO: add LD_PRELOAD support on macOS + + Add DYLD_INSERT_LIBRARIES support to the TODO list. Reported in #2394. + +- runtests: skip ld_preload tests on macOS + + The LD_PRELOAD functionality doesn't exist on macOS, so skip any tests + requiring it. + + Fixes #2394 + Closes #3106 + Reported-by: Github user @jakirkham + Reviewed-by: Daniel Stenberg <daniel@haxx.se> + +Marcel Raad (7 Oct 2018) +- AppVeyor: use Debug builds to run tests + + This enables more tests. + + Closes https://github.com/curl/curl/pull/3104 + +- AppVeyor: add HTTP_ONLY build + + Closes https://github.com/curl/curl/pull/3104 + +- AppVeyor: add WinSSL builds + + Use the oldest and latest Windows SDKs for them. + Also, remove all but one OpenSSL build. + + Closes https://github.com/curl/curl/pull/3104 + +- AppVeyor: add remaining Visual Studio versions + + This adds Visual Studio 9 and 10 builds. + There's no 64-bit VC9 compiler on AppVeyor, so use it as the Win32 + build. Also, VC9 cannot be used for running the test suite. + + Closes https://github.com/curl/curl/pull/3104 + +- AppVeyor: break long line + + Closes https://github.com/curl/curl/pull/3104 + +- AppVeyor: remove unused BDIR variable + + Closes https://github.com/curl/curl/pull/3104 + +Daniel Stenberg (6 Oct 2018) +- test2100: test DoH using IPv4-only + + To make it only send one DoH request and avoid the race condition that + could lead to the requests getting sent in reversed order and thus + making it hard to compare in the test case. + + Fixes #3107 + Closes #3108 + +- tests/FILEFORMAT: mention how to use <fileN> and <stripfileN> too + + [ci skip] + +- RELEASE-NOTES: synced + +- [Dmitry Kostjuchenko brought this change] + + timeval: fix use of weak symbol clock_gettime() on Apple platforms + + Closes #3048 + +- doh: keep the IPv4 address in (original) network byte order + + Ideally this will fix the reversed order shown in SPARC tests: + + resp 8: Expected 127.0.0.1 got 1.0.0.127 + + Closes #3091 + +Jay Satiro (5 Oct 2018) +- INTERNALS.md: wrap lines longer than 79 + +Daniel Gustafsson (5 Oct 2018) +- INTERNALS: escape reference to parameter + + The parameter reference <string> was causing rendering issues in the + generated HTML page, as <string> isn't a valid HTML tag. Fix by back- + tick escaping it. + + Closes #3099 + Reviewed-by: Jay Satiro <raysatiro@yahoo.com> + Reviewed-by: Daniel Stenberg <daniel@haxx.se> + +- checksrc: handle zero scoped ignore commands + + If a !checksrc! disable command specified to ignore zero errors, it was + still added to the ignore block even though nothing was ignored. While + there were no blocks ignored that shouldn't be ignored, the processing + ended with with a warning: + + <filename>:<line>:<col>: warning: Unused ignore: LONGLINE (UNUSEDIGNORE) + /* !checksrc! disable LONGLINE 0 */ + ^ + Fix by instead treating a zero ignore as a a badcommand and throw a + warning for that one. + + Closes #3096 + Reviewed-by: Daniel Stenberg <daniel@haxx.se> + +- checksrc: enable strict mode and warnings + + Enable strict and warnings mode for checksrc to ensure we aren't missing + anything due to bugs in the checking code. This uncovered a few things + which are all fixed in this commit: + + * several variables were used uninitialized + * several variables were not defined in the correct scope + * the whitelist filehandle was read even if the file didn't exist + * the enable_warn() call when a disable counter had expired was passing + incorrect variables, but since the checkwarn() call is unlikely to hit + (the counter is only decremented to zero on actual ignores) it didn't + manifest a problem. + + Closes #3090 + Reviewed-by: Daniel Stenberg <daniel@haxx.se> + Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com> + +Marcel Raad (5 Oct 2018) +- CMake: suppress MSVC warning C4127 for libtest + + It's issued by older Windows SDKs (prior to version 8.0). + +Sergei Nikulov (5 Oct 2018) +- Merge branch 'dmitrykos-fix_missing_CMake_defines' + +- [Dmitry Kostjuchenko brought this change] + + cmake: test and set missed defines during configuration + + Added configuration checks for HAVE_BUILTIN_AVAILABLE and HAVE_CLOCK_GETTIME_MONOTONIC. + + Closes #3097 + +Marcel Raad (5 Oct 2018) +- AppVeyor: disable test 500 + + It almost always results in + "starttransfer vs total: 0.000001 0.000000". + I cannot reproduce this locally, so disable it for now. + + Closes https://github.com/curl/curl/pull/3100 + +- AppVeyor: set custom install prefix + + CMake's default has spaces and in 32-bit mode parentheses, which result + in syntax errors in curl-config. + + Closes https://github.com/curl/curl/pull/3100 + +- AppVeyor: Remove non-SSL non-test builds + + They don't add much value. + + Closes https://github.com/curl/curl/pull/3100 + +- AppVeyor: run test suite + + Use the preinstalled MSYS2 bash for that. + Disable test 1139 as the CMake build doesn't generate curl.1. + + Ref: https://github.com/curl/curl/issues/3070#issuecomment-425922224 + Closes https://github.com/curl/curl/pull/3100 + +- AppVeyor: use in-tree build + + Required to run the tests. + + Closes https://github.com/curl/curl/pull/3100 + +Daniel Stenberg (4 Oct 2018) +- doh: make sure TTL isn't re-inited by second (discarded?) response + + Closes #3092 + +- test320: strip out more HTML when comparing + + To make the test case work with different gnutls-serv versions better. + + Reported-by: Kamil Dudka + Fixes #3093 + Closes #3094 + +Marcel Raad (4 Oct 2018) +- runtests: use Windows paths for Windows curl + + curl generated by CMake's Visual Studio generator has "Windows" in the + version number. + +Daniel Stenberg (4 Oct 2018) +- [Colin Hogben brought this change] + + tests/negtelnetserver.py: fix Python2-ism in neg TELNET server + + Fix problems caused by differences in treatment of bytes objects between + python2 and python3. + + Fixes #2929 + Closes #3080 + +Daniel Gustafsson (3 Oct 2018) +- memory: ensure to check allocation results + + The result of a memory allocation should always be checked, as we may + run under memory pressure where even a small allocation can fail. This + adds checking and error handling to a few cases where the allocation + wasn't checked for success. In the ftp case, the freeing of the path + variable is moved ahead of the allocation since there is little point + in keeping it around across the strdup, and the separation makes for + more readable code. In nwlib, the lock is aslo freed in the error path. + + Also bumps the copyright years on affected files. + + Closes #3084 + Reviewed-by: Jay Satiro <raysatiro@yahoo.com> + Reviewed-by: Daniel Stenberg <daniel@haxx.se> + +- comment: Fix multiple typos in function parameters + + Ensure that the parameters in the comment match the actual names in the + prototype. + + Closes #3079 + Reviewed-by: Daniel Stenberg <daniel@haxx.se> + +- CURLOPT_SSLVERSION.3: fix typos and consistent spelling + + Use TLS vX.Y throughout the document, instead of TLS X.Y, as that was + already done in all but a few cases. Also fix a few typos. + + Closes #3076 + Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com> + Reviewed-by: Daniel Stenberg <daniel@haxx.se> + +- SECURITY-PROCESS: make links into hyperlinks + + Use proper Markdown hyperlink format for the Bountygraph links in order + for the generated website page to be more user friendly. Also link to + the sponsors to give them a little extra credit. + + Closes #3082 + Reviewed-by: Daniel Stenberg <daniel@haxx.se> + +Jay Satiro (3 Oct 2018) +- CURLOPT_HEADER.3: fix typo + +- nss: fix nssckbi module loading on Windows + + - Use .DLL extension instead of .so to load modules on Windows. + + Bug: https://curl.haxx.se/mail/lib-2018-09/0077.html + Reported-by: Maxime Legros + + Ref: https://github.com/curl/curl/pull/3016/#issuecomment-423069442 + + Closes https://github.com/curl/curl/pull/3086 + +- data-binary.d: clarify default content-type is x-www-form-urlencoded + + - Advise user that --data-binary sends a default content type of + x-www-form-urlencoded, and to have the data treated as arbitrary + binary data by the server set the content-type header to octet-stream. + + Ref: https://github.com/curl/curl/pull/2852#issuecomment-426465094 + + Closes https://github.com/curl/curl/pull/3085 + +Marcel Raad (2 Oct 2018) +- test1299: use single quotes around asterisk + + Ref: https://github.com/curl/curl/issues/1751#issuecomment-321522580 + +Daniel Stenberg (2 Oct 2018) +- docs/CIPHERS: mention the colon separation for OpenSSL + + Bug: #3077 + +- runtests: ignore disabled even when ranges are given + + runtests.pl support running a range of tests, like "44 to 127". Starting + now, the code makes sure that even such given ranges will ignore tests + that are marked as disabled. + + Disabled tests can still be run by explictly specifying that test + number. + + Closes #3075 + +- urlapi: starting with a drive letter on win32 is not an abs url + + ... and libcurl doesn't support any single-letter URL schemes (if there + even exist any) so it should be fairly risk-free. + + Reported-by: Marcel Raad + + Fixes #3070 + Closes #3071 + +Marcel Raad (2 Oct 2018) +- doh: fix curl_easy_setopt argument type + + CURLOPT_POSTFIELDSIZE is long. Fixes a compiler warning on 64-bit + MinGW. + +Daniel Stenberg (2 Oct 2018) +- RELEASE-NOTES: synced + +Jay Satiro (1 Oct 2018) +- [Ruslan Baratov brought this change] + + CMake: Improve config installation + + Use 'GNUInstallDirs' standard module to set destinations of installed + files. + + Use uppercase "CURL" names instead of lowercase "curl" to match standard + 'FindCURL.cmake' CMake module: + * https://cmake.org/cmake/help/latest/module/FindCURL.html + + Meaning: + * Install 'CURLConfig.cmake' instead of 'curl-config.cmake' + * User should call 'find_package(CURL)' instead of 'find_package(curl)' + + Use 'configure_package_config_file' function to generate + 'CURLConfig.cmake' file. This will make 'curl-config.cmake.in' template + file smaller and handle components better. E.g. current configuration + report no error if user specified unknown components (note: new + configuration expects no components, report error if user will try to + specify any). + + Closes https://github.com/curl/curl/pull/2849 + +Daniel Stenberg (1 Oct 2018) +- test1650: make it depend on http/2 + + Follow-up to 570008c99da0ccbb as it gets link errors. + + Reported-by: Michael Kaufmann + Closes #3068 + +- [Nate Prewitt brought this change] + + MANUAL: minor grammar fix + + Noticed a typo reading through the docs. + + Closes #3069 + +- doh: only build if h2 enabled + + The DoH spec says "HTTP/2 [RFC7540] is the minimum RECOMMENDED version + of HTTP for use with DoH". + + Reported-by: Marcel Raad + Closes #3066 + +- test2100: require http2 to run + + Reported-by: Marcel Raad + Fixes #3064 + Closes #3065 + +- multi: fix memory leak in content encoding related error path + + ... a missing multi_done() call. + + Credit to OSS-Fuzz + Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10728 + Closes #3063 + +- travis: bump the Secure Transport build to use xcode 10 + + Due to an issue with travis + (https://github.com/travis-ci/travis-ci/issues/9956) we've been using + Xcode 9.2 for darwinssl builds for a while. Now xcode 10 is offered as + an alternative and as it builds curl+darwinssl fine that seems like a + better choice. + + Closes #3062 + +- [Rich Turner brought this change] + + curl: enabled Windows VT Support and UTF-8 output + + Enabled Console VT support (if running OS supports VT) in tool_main.c. + + Fixes #3008 + Closes #3011 + +- multi: fix location URL memleak in error path + + Follow-up to #3044 - fix a leak OSS-Fuzz detected + Closes #3057 + +Sergei Nikulov (28 Sep 2018) +- cmake: fixed path used in generation of docs/tests during curl build through add_subdicectory(...) + +- [Brad King brought this change] + + cmake: Backport to work with CMake 3.0 again + + Changes in commit 7867aaa9a0 (cmake: link curl to the OpenSSL targets + instead of lib absolute paths, 2018-07-17) and commit f826b4ce98 (cmake: + bumped minimum version to 3.4, 2018-07-19) required CMake 3.4 to fix + issue #2746. This broke support for users on older versions of CMake + even if they just want to build curl and do not care whether transitive + dependencies work. + + Backport the logic to work with CMake 3.0 again by implementing the + fix only when the version of CMake is at least 3.4. + +Marcel Raad (27 Sep 2018) +- curl_threads: fix classic MinGW compile break + + Classic MinGW still has _beginthreadex's return type as unsigned long + instead of uintptr_t [0]. uintptr_t is not even defined because of [1]. + + [0] https://sourceforge.net/p/mingw/mingw-org-wsl/ci/wsl-5.1-release/tree/mingwrt/include/process.h#l167 + [1] https://sourceforge.net/p/mingw/mingw-org-wsl/ci/wsl-5.1-release/tree/mingwrt/include/process.h#l90 + + Bug: https://github.com/curl/curl/issues/2924#issuecomment-424334807 + Closes https://github.com/curl/curl/pull/3051 + +Daniel Stenberg (26 Sep 2018) +- configure: s/AC_RUN_IFELSE/CURL_RUN_IFELSE + + fix a few leftovers + + Fixes #3006 + Closes #3049 + +- [Doron Behar brought this change] + + example/htmltidy: fix include paths of tidy libraries + + Closes #3050 + +- RELEASE-NOTES: synced + +- Curl_http2_done: fix memleak in error path + + Free 'header_recvbuf' unconditionally even if 'h2' isn't (yet) set, for + early failures. + + Detected by OSS-Fuzz + + Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10669 + Closes #3046 + +- http: fix memleak in rewind error path + + If the rewind would fail, a strdup() would not get freed. + + Detected by OSS-Fuzz + + Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10665 + Closes #3044 + +Viktor Szakats (24 Sep 2018) +- test320: fix regression in [ci skip] + + The value in question is coming directly from `gnutls-serv`, so it cannot + be modified freely. + + Reported-by: Marcel Raad + Ref: https://github.com/curl/curl/commit/6ae6b2a533e8630afbb21f570305bd4ceece6348#commitcomment-30621004 + +Daniel Stenberg (24 Sep 2018) +- Curl_retry_request: fix memory leak + + Detected by OSS-Fuzz + + Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10648 + Closes #3042 + +- openssl: load built-in engines too + + Regression since 38203f1 + + Reported-by: Jean Fabrice + Fixes #3023 + Closes #3040 + +- [Christian Heimes brought this change] + + OpenSSL: enable TLS 1.3 post-handshake auth + + OpenSSL 1.1.1 requires clients to opt-in for post-handshake + authentication. + + Fixes: https://github.com/curl/curl/issues/3026 + Signed-off-by: Christian Heimes <christian@python.org> + + Closes https://github.com/curl/curl/pull/3027 + +- [Even Rouault brought this change] + + Curl_dedotdotify(): always nul terminate returned string. + + This fixes potential out-of-buffer access on "file:./" URL + + $ valgrind curl "file:./" + ==24516== Memcheck, a memory error detector + ==24516== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al. + ==24516== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info + ==24516== Command: /home/even/install-curl-git/bin/curl file:./ + ==24516== + ==24516== Conditional jump or move depends on uninitialised value(s) + ==24516== at 0x4C31F9C: strcmp (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) + ==24516== by 0x4EBB315: seturl (urlapi.c:801) + ==24516== by 0x4EBB568: parseurl (urlapi.c:861) + ==24516== by 0x4EBC509: curl_url_set (urlapi.c:1199) + ==24516== by 0x4E644C6: parseurlandfillconn (url.c:2044) + ==24516== by 0x4E67AEF: create_conn (url.c:3613) + ==24516== by 0x4E68A4F: Curl_connect (url.c:4119) + ==24516== by 0x4E7F0A4: multi_runsingle (multi.c:1440) + ==24516== by 0x4E808E5: curl_multi_perform (multi.c:2173) + ==24516== by 0x4E7558C: easy_transfer (easy.c:686) + ==24516== by 0x4E75801: easy_perform (easy.c:779) + ==24516== by 0x4E75868: curl_easy_perform (easy.c:798) + + Was originally spotted by + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10637 + Credit to OSS-Fuzz + + Closes #3039 + +Viktor Szakats (23 Sep 2018) +- update URLs in tests + + - and one in docs/MANUAL as well + + Closes https://github.com/curl/curl/pull/3038 + +- whitespace fixes + + - replace tabs with spaces where possible + - remove line ending spaces + - remove double/triple newlines at EOF + - fix a non-UTF-8 character + - cleanup a few indentations/line continuations + in manual examples + + Closes https://github.com/curl/curl/pull/3037 + +Daniel Stenberg (23 Sep 2018) +- http: add missing return code check + + Detected by Coverity. CID 1439610. + + Follow-up from 46e164069d1a523 + + Closes #3034 + +- ftp: don't access pointer before NULL check + + Detected by Coverity. CID 1439611. + + Follow-up from 46e164069d1a523 + +- unit1650: fix out of boundary access + + Fixes #2987 + Closes #3035 + +Viktor Szakats (23 Sep 2018) +- docs/examples: URL updates + + - also update two URLs outside of docs/examples + - fix spelling of filename persistant.c + - fix three long lines that started failing checksrc.pl + + Closes https://github.com/curl/curl/pull/3036 + +- examples/Makefile.m32: sync with core [ci skip] + + also: + - fix two warnings in synctime.c (one of them Windows-specific) + - upgrade URLs in synctime.c and remove a broken one + + Closes https://github.com/curl/curl/pull/3033 + +Daniel Stenberg (22 Sep 2018) +- examples/parseurl.c: show off the URL API a bit + + Closes #3030 + +- SECURITY-PROCESS: mention the bountygraph program [ci skip] + + Closes #3032 + +- url: use the URL API internally as well + + ... to make it a truly unified URL parser. + + Closes #3017 + +Viktor Szakats (22 Sep 2018) +- URL and mailmap updates, remove an obsolete directory [ci skip] + + Closes https://github.com/curl/curl/pull/3031 + +Daniel Stenberg (22 Sep 2018) +- RELEASE-NOTES: synced + +- configure: force-use -lpthreads on HPUX + + When trying to detect pthreads use on HPUX the checks will succeed + without the correct -l option but then end up failing at run-time. + + Reported-by: Eason-Yu on github + Fixes #2697 + Closes #3025 + +- [Erik Minekus brought this change] + + Curl_saferealloc: Fixed typo in docblock + + Closes #3029 + +- urlapi: fix support for address scope in IPv6 numerical addresses + + Closes #3024 + +- [Loganaden Velvindron brought this change] + + GnutTLS: TLS 1.3 support + + Closes #2971 + +- TODO: c-ares and CURLOPT_OPENSOCKETFUNCTION + + Removed DoH. + + Closes #2734 + +Jay Satiro (20 Sep 2018) +- vtls: fix ssl version "or later" behavior change for many backends + + - Treat CURL_SSLVERSION_MAX_NONE the same as + CURL_SSLVERSION_MAX_DEFAULT. Prior to this change NONE would mean use + the minimum version also as the maximum. + + This is a follow-up to 6015cef which changed the behavior of setting + the SSL version so that the requested version would only be the minimum + and not the maximum. It appears it was (mostly) implemented in OpenSSL + but not other backends. In other words CURL_SSLVERSION_TLSv1_0 used to + mean use just TLS v1.0 and now it means use TLS v1.0 *or later*. + + - Fix CURL_SSLVERSION_MAX_DEFAULT for OpenSSL. + + Prior to this change CURL_SSLVERSION_MAX_DEFAULT with OpenSSL was + erroneously treated as always TLS 1.3, and would cause an error if + OpenSSL was built without TLS 1.3 support. + + Co-authored-by: Daniel Gustafsson + + Fixes https://github.com/curl/curl/issues/2969 + Closes https://github.com/curl/curl/pull/3012 + +Daniel Stenberg (20 Sep 2018) +- certs: generate tests certs with sha256 digest algorithm + + As OpenSSL 1.1.1 starts to complain and fail on sha1 CAs: + + "SSL certificate problem: CA signature digest algorithm too weak" + + Closes #3014 + +- urlapi: document the error codes, remove two unused ones + + Assisted-by: Daniel Gustafsson + Closes #3019 + +- urlapi: add CURLU_GUESS_SCHEME and fix hostname acceptance + + In order for this API to fully work for libcurl itself, it now offers a + CURLU_GUESS_SCHEME flag that makes it "guess" scheme based on the host + name prefix just like libcurl always did. If there's no known prefix, it + will guess "http://". + + Separately, it relaxes the check of the host name so that IDN host names + can be passed in as well. + + Both these changes are necessary for libcurl itself to use this API. + + Assisted-by: Daniel Gustafsson + Closes #3018 + +Kamil Dudka (19 Sep 2018) +- nss: try to connect even if libnssckbi.so fails to load + + One can still use CA certificates stored in NSS database. + + Reported-by: Maxime Legros + Bug: https://curl.haxx.se/mail/lib-2018-09/0077.html + + Closes #3016 + +Daniel Gustafsson (19 Sep 2018) +- urlapi: don't set value which is never read + + In the CURLUPART_URL case, there is no codepath which invokes url + decoding so remove the assignment of the urldecode variable. This + fixes the deadstore bug-report from clang static analysis. + + Closes #3015 + Reviewed-by: Daniel Stenberg <daniel@haxx.se> + +- todo: Update reference to already done item + + TODO item 1.1 was implemented in commit 946ce5b61f, update reference + to it with instead referencing the implemented option. + + Closes #3013 + Reviewed-by: Daniel Stenberg <daniel@haxx.se> + +Daniel Stenberg (18 Sep 2018) +- RELEASE-NOTES: synced + +- [slodki brought this change] + + cmake: don't require OpenSSL if USE_OPENSSL=OFF + + User must have OpenSSL installed even if not used by libcurl at all + since 7.61.1 release. Broken at + 7867aaa9a01decf93711428462335be8cef70212 + + Reviewed-by: Sergei Nikulov + Closes #3001 + +- curl_multi_wait: call getsock before figuring out timeout + + .... since getsock may update the expiry timer. + + Fixes #2996 + Closes #3000 + +- examples/http2-pushinmemory: receive HTTP/2 pushed files in memory + + Closes #3004 + +Daniel Gustafsson (18 Sep 2018) +- darwinssl: Fix realloc memleak + + The reallocation was using the input pointer for the return value, which + leads to a memory leak on reallication failure. Fix by instead use the + safe internal API call Curl_saferealloc(). + + Closes #3005 + Reviewed-by: Daniel Stenberg <daniel@haxx.se> + Reviewed-by: Nick Zitzmann <nickzman@gmail.com> + +- [Kruzya brought this change] + + examples: Fix memory leaks from realloc errors + + Make sure to not overwrite the reallocated pointer in realloc() calls + to avoid a memleak on memory errors. + +- memory: add missing curl_printf header + + ftp_send_command() was using vsnprintf() without including the libcurl + *rintf() replacement header. Fix by including curl_printf.h and also + add curl_memory.h while at it since memdebug.h depends on it. + + Closes #2999 + Reviewed-by: Daniel Stenberg <daniel@haxx.se> + +Daniel Stenberg (16 Sep 2018) +- [Si brought this change] + + curl: update --tlsv* descriptions in --help output + + Closes #2994 + +- http: made Curl_add_buffer functions take a pointer-pointer + + ... so that they can clear the original pointer on failure, which makes + the error-paths and their cleanups easier. + + Closes #2992 + +- http2: fix memory leaks on error-path + +- [Rikard Falkeborn brought this change] + + libtest: Add chkdecimalpoint to .gitignore + + Closes #2998 + +Viktor Szakats (14 Sep 2018) +- secure Openwall URLs + +Daniel Stenberg (14 Sep 2018) +- openssl: show "proper" version number for libressl builds + + Closes #2989 + +- [Rainer Jung brought this change] + + openssl: assume engine support in 0.9.8 or later + + Fixes #2983 + Closes #2988 + +Daniel Gustafsson (13 Sep 2018) +- sendf: use failf() rather than Curl_failf() + + The failf() macro is the name used for invoking Curl_failf(). While + there isn't a way to turn off failf like there is for infof, but it's + still a good idea to use the macro. + + Reviewed-by: Daniel Stenberg <daniel@haxx.se> + +- sendf: Fix whitespace in infof/failf concatenation + + Strings broken on multiple rows in the .c file need to have appropriate + whitespace padding on either side of the concatenation point to render + a correct amalgamated string. Fix by adding a space at the occurrences + found. + + Closes #2986 + Reviewed-by: Daniel Stenberg <daniel@haxx.se> + +- krb5: fix memory leak in krb_auth + + The FTP command allocated by aprintf() must be freed after usage. + + Reviewed-by: Daniel Stenberg <daniel@haxx.se> + +- ftp: include command in Curl_ftpsend sendbuffer + + Commit 8238ba9c5f10414a88f502bf3f5d5a42d632984c inadvertently removed + the actual command to be sent from the send buffer in a refactoring. + Add back copying the command into the buffer. Also add more guards + against malformed input while at it. + + Closes #2985 + Reviewed-by: Daniel Stenberg <daniel@haxx.se> + +- ntlm_wb: Fix memory leaks in ntlm_wb_response + + When erroring out on a request being too large, the existing buffer was + leaked. Fix by explicitly freeing on the way out. + + Closes #2966 + Reviewed-by: Daniel Stenberg <daniel@haxx.se> + +Daniel Stenberg (13 Sep 2018) +- [Yiming Jing brought this change] + + travis: build the MesaLink vtls backend with MesaLink 0.7.1 + +- [Yiming Jing brought this change] + + runtests.pl: run tests against the MesaLink vtls backend + +- [Yiming Jing brought this change] + + vtls: add a MesaLink vtls backend + + Closes #2984 + +- [Yiming Jing brought this change] + + configure.ac: add a MesaLink vtls backend + +- [Dave Reisner brought this change] + + curl_url_set.3: properly escape \n in example code + + This yields + + "the scheme is %s\n" + + instead of + + "the scheme is %s0 + + Closes #2970 + +- [Dave Reisner brought this change] + + curl_url_set.3: fix typo in reference to CURLU_APPENDQUERY + +- urlglob: improve error message + + to help user understand what the problem is + + Reported-by: Daniel Shahaf + + Fixes #2763 + Closes #2977 + +- [Yiming Jing brought this change] + + tests/certs: rebuild certs with 2048-bit RSA keys + + The previous test certificates contained RSA keys of only 1024 bits. + However, RSA claims that 1024-bit RSA keys are likely to become + crackable some time before 2010. The NIST recommends at least 2048-bit + keys for RSA for now. + + Better use full 2048 also for testing. + + Closes #2973 + +Daniel Gustafsson (12 Sep 2018) +- TODO: fix typo in item + + Closes #2968 + Reviewed-by: Daniel Stenberg <daniel@haxx.se> + +Marcel Raad (12 Sep 2018) +- anyauthput: fix compiler warning on 64-bit Windows + + On Windows, the read function from <io.h> is used, which has its byte + count parameter as unsigned int instead of size_t. + + Closes https://github.com/curl/curl/pull/2972 + +Viktor Szakats (12 Sep 2018) +- lib: fix gcc8 warning on Windows + + Closes https://github.com/curl/curl/pull/2979 + +Jay Satiro (12 Sep 2018) +- openssl: fix gcc8 warning + + - Use memcpy instead of strncpy to copy a string without termination, + since gcc8 warns about using strncpy to copy as many bytes from a + string as its length. + + Suggested-by: Viktor Szakats + + Closes https://github.com/curl/curl/issues/2980 + +Daniel Stenberg (10 Sep 2018) +- libcurl-url.3: overview man page for the URL API + + Closes #2967 + +- example/asiohiper: insert warning comment about its status + + This example is simply not working correctly but there's nobody around + with the skills and energy to fix it. + + Closes #2407 + +Kamil Dudka (10 Sep 2018) +- docs/cmdline-opts: update the documentation of --tlsv1.0 + + ... to reflect the changes in 6015cefb1b2cfde4b4850121c42405275e5e77d9 + + Closes #2955 + +- docs/examples: do not wait when no transfers are running + + Closes #2948 + +Daniel Stenberg (10 Sep 2018) +- [Daniel Gustafsson brought this change] + + cookies: Move failure case label to end of function + + Rather than jumping backwards to where failure cleanup happens + to be performed, move the failure case to end of the function + where it is expected per existing coding convention. + + Closes #2965 + +- [Daniel Gustafsson brought this change] + + misc: fix typos in comments + + Closes #2963 + +- [Daniel Gustafsson brought this change] + + cookies: fix leak when writing cookies to file + + If the formatting fails, we error out on a fatal error and + clean up on the way out. The array was however freed within + the wrong scope and was thus never freed in case the cookies + were written to a file instead of STDOUT. + + Closes #2957 + +- [Daniel Gustafsson brought this change] + + cookies: Remove redundant expired check + + Expired cookies have already been purged at a later expiration time + before this check, so remove the redundant check. + + closes #2962 + +- ntlm_wb: bail out if the response gets overly large + + Exit the realloc() loop if the response turns out ridiculously large to + avoid worse problems. + + Reported-by: Harry Sintonen + Closes #2959 + +- [Daniel Gustafsson brought this change] + + url.c: fix comment typo and indentation + + Closes #2960 + +- urlapi: avoid derefencing a possible NULL pointer + + Coverity CID 1439134 + +- RELEASE-NOTES: synced + +Marcel Raad (8 Sep 2018) +- test324: fix after 3f3b26d6feb0667714902e836af608094235fca2 + + The expected error code is now 60. 51 is dead. + +Daniel Stenberg (8 Sep 2018) +- curl_url_set.3: correct description + +- curl_url-docs: fix AVAILABILITY as Added in curl 7.62.0 + +- URL-API + + See header file and man pages for API. All documented API details work + and are tested in the 1560 test case. + + Closes #2842 + +- curl_easy_upkeep: removed 'conn' from the name + + ... including the associated option. + + Fixes #2951 + Closes #2952 + +- [Max Dymond brought this change] + + upkeep: add a connection upkeep API: curl_easy_conn_upkeep() + + Add functionality so that protocols can do custom keepalive on their + connections, when an external API function is called. + + Add docs for the new options in 7.62.0 + + Closes #1641 + +- [Philipp Waehnert brought this change] + + configure: add option to disable automatic OpenSSL config loading + + Sometimes it may be considered a security risk to load an external + OpenSSL configuration automatically inside curl_global_init(). The + configuration option --disable-ssl-auto-load-config disables this + automatism. The Windows build scripts winbuild/Makefile.vs provide a + corresponding option ENABLE_SSL_AUTO_LOAD_CONFIG accepting a boolean + value. + + Setting neither of these options corresponds to the previous behavior + loading the external OpenSSL configuration automatically. + + Fixes #2724 + Closes #2791 + +- doh: minor edits to please Coverity + + The gcc typecheck macros and coverity combined made it warn on the 2nd + argument for ERROR_CHECK_SETOPT(). Here's minor rearrange to please it. + + Coverity CID 1439115 and CID 1439114. + +- schannel: avoid switch-cases that go to default anyway + + SEC_E_APPLICATION_PROTOCOL_MISMATCH isn't defined in some versions of + mingw and would require an ifdef otherwise. + + Reported-by: Thomas Glanzmann + Approved-by: Marc Hörsken + Bug: https://curl.haxx.se/mail/lib-2018-09/0020.html + Closes #2950 + +- [Nicklas Avén brought this change] + + imap: change from "FETCH" to "UID FETCH" + + ... and add "MAILINDEX". + + As described in #2789, this is a suggested solution. Changing UID=xx to + actually get mail with UID xx and add "MAILINDEX" to get a mail with a + special index in the mail box (old behavior). So MAILINDEX=1 gives the + first non deleted mail in the mail box. + + Fixes #2789 + Closes #2815 + +- CURLOPT_UPLOAD_BUFFERSIZE: set upload buffer size + + This is step 3 of #2888. + + Fixes #2888 + Closes #2896 + +- travis: add the DOH tests to the torture testing + +- DOH: add test case 1650 and 2100 + +- curl: --doh-url added + +- setopt: add CURLOPT_DOH_URL + + Closes #2668 + +- [Han Han brought this change] + + ssl: deprecate CURLE_SSL_CACERT in favour of a unified error code + + Long live CURLE_PEER_FAILED_VERIFICATION + +- [Han Han brought this change] + + x509asn1: return CURLE_PEER_FAILED_VERIFICATION on failure to parse cert + + CURLE_PEER_FAILED_VERIFICATION makes more sense because Curl_parseX509 + does not allocate memory internally as its first argument is a pointer + to the certificate structure. The same error code is also returned by + Curl_verifyhost when its call to Curl_parseX509 fails so the change + makes error handling more consistent. + +- [Han Han brought this change] + + openssl: return CURLE_PEER_FAILED_VERIFICATION on failure to parse issuer + + Failure to extract the issuer name from the server certificate should + return a more specific error code like on other TLS backends. + +- [Han Han brought this change] + + schannel: unified error code handling + + Closes #2901 + +- [Han Han brought this change] + + darwinssl: more specific and unified error codes + + Closes #2901 + +- CURLOPT_DNS_USE_GLOBAL_CACHE: deprecated + + Disable the CURLOPT_DNS_USE_GLOBAL_CACHE option and mark it for + deprecation and complete removal in six months. + + Bug: https://curl.haxx.se/mail/lib-2018-09/0010.html + Closes #2942 + +- url: default to CURL_HTTP_VERSION_2TLS if built h2-enabled + + Closes #2709 + +- multiplex: enable by default + + Starting 7.62.0, multiplexing is enabled by default in multi handles. + +- [Jim Fuller brought this change] + + tests: add unit tests for url.c + + Approved-by: Daniel Gustafsson + Closes #2937 + +- test1452: mark as flaky + + makes it not run in the CI builds + + Closes #2941 + +- pipelining: deprecated + + Transparently. The related curl_multi_setopt() options all still returns + OK when pipelining is selected. + + To re-enable the support, the single line change in lib/multi.c needs to + be reverted. + + See docs/DEPRECATE.md + + Closes #2705 + +- RELEASE-NOTES: start working on 7.62.0 + +Version 7.61.1 (4 Sep 2018) + +Daniel Stenberg (4 Sep 2018) +- THANKS: 7.61.1 status + +- RELEASE-NOTES: 7.61.1 + +- Curl_getoff_all_pipelines: ignore unused return values + + Since scan-build would warn on the dead "Dead store/Dead increment" + +Viktor Szakats (4 Sep 2018) +- sftp: fix indentation + +Daniel Stenberg (4 Sep 2018) +- [Przemysław Tomaszewski brought this change] + + sftp: don't send post-qoute sequence when retrying a connection + + Fixes #2939 + Closes #2940 + +Kamil Dudka (3 Sep 2018) +- url, vtls: make CURLOPT{,_PROXY}_TLS13_CIPHERS work + + This is a follow-up to PR #2607 and PR #2926. + + Closes #2936 + +Daniel Stenberg (3 Sep 2018) +- [Jay Satiro brought this change] + + tool_operate: Add http code 408 to transient list for --retry + + - Treat 408 request timeout as transient so that curl will retry the + request if --retry was used. + + Closes #2925 + +- [Jay Satiro brought this change] + + openssl: Fix setting TLS 1.3 cipher suites + + The flag indicating TLS 1.3 cipher support in the OpenSSL backend was + missing. + + Bug: https://github.com/curl/curl/pull/2607#issuecomment-417283187 + Reported-by: Kamil Dudka + + Closes #2926 + +- Curl_ntlm_core_mk_nt_hash: return error on too long password + + ... since it would cause an integer overflow if longer than (max size_t + / 2). + + This is CVE-2018-14618 + + Bug: https://curl.haxx.se/docs/CVE-2018-14618.html + Closes #2756 + Reported-by: Zhaoyang Wu + +- [Rikard Falkeborn brought this change] + + http2: Use correct format identifier for stream_id + + Closes #2928 + +Marcel Raad (2 Sep 2018) +- test1148: fix precheck output + + "precheck command error" is not very helpful. + +Daniel Stenberg (1 Sep 2018) +- all: s/int/size_t cleanup + + Assisted-by: Rikard Falkeborn + + Closes #2922 + +- ssh-libssh: use FALLTHROUGH to silence gcc8 + +Jay Satiro (31 Aug 2018) +- tool_operate: Fix setting proxy TLS 1.3 ciphers + +Daniel Stenberg (31 Aug 2018) +- [Daniel Gustafsson brought this change] + + cookies: support creation-time attribute for cookies + + According to RFC6265 section 5.4, cookies with equal path lengths + SHOULD be sorted by creation-time (earlier first). This adds a + creation-time record to the cookie struct in order to make cookie + sorting more deterministic. The creation-time is defined as the + order of the cookies in the jar, the first cookie read fro the + jar being the oldest. The creation-time is thus not serialized + into the jar. Also remove the strcmp() matching in the sorting as + there is no lexicographic ordering in RFC6265. Existing tests are + updated to match. + + Closes #2524 + +Marcel Raad (31 Aug 2018) +- Don't use Windows path %PWD for SSH tests + + All these tests failed on Windows because something like + sftp://%HOSTIP:%SSHPORT%PWD/ + expanded to + sftp://127.0.0.1:1234c:/msys64/home/bla/curl + and then curl complained about the port number ending with a letter. + + Use the original POSIX path instead of the Windows path created in + checksystem to fix this. + + Closes https://github.com/curl/curl/pull/2920 + +Jay Satiro (29 Aug 2018) +- CURLOPT_SSL_CTX_FUNCTION.3: clarify connection reuse warning + + Reported-by: Daniel Stenberg + + Closes https://github.com/curl/curl/issues/2916 + +Daniel Stenberg (28 Aug 2018) +- THANKS-filter: dedup Daniel Jeliński + +- RELEASE-NOTES: synced + +- CURLOPT_ACCEPT_ENCODING.3: list them comma-separated [ci skip] + +- CURLOPT_SSL_CTX_FUNCTION.3: might cause unintended connection reuse [ci skip] + + Added a warning! + + Closes #2915 + +- curl: fix time-of-check, time-of-use race in dir creation + + Patch-by: Jay Satiro + Detected by Coverity + Fixes #2739 + Closes #2912 + +- cmdline-opts/page-footer: fix edit mistake + + There was a missing newline. + + follow-up to a7ba60bb7250 + +- docs: clarify NO_PROXY env variable functionality + + Reported-by: Kirill Marchuk + Fixes #2773 + Closes #2911 + +Marcel Raad (24 Aug 2018) +- lib1522: fix curl_easy_setopt argument type + + CURLOPT_POSTFIELDSIZE is a long option. + +- curl_threads: silence bad-function-cast warning + + As uintptr_t and HANDLE are always the same size, this warning is + harmless. Just silence it using an intermediate uintptr_t variable. + + Closes https://github.com/curl/curl/pull/2908 + +Daniel Stenberg (24 Aug 2018) +- README: add appveyor build badge [ci skip] + + Closes #2913 + +- [Ihor Karpenko brought this change] + + schannel: client certificate store opening fix + + 1) Using CERT_STORE_OPEN_EXISTING_FLAG ( or CERT_STORE_READONLY_FLAG ) + while opening certificate store would be sufficient in this scenario and + less-demanding in sense of required user credentials ( for example, + IIS_IUSRS will get "Access Denied" 0x05 error for existing CertOpenStore + call without any of flags mentioned above ), + + 2) as 'cert_store_name' is a DWORD, attempt to format its value like a + string ( in "Failed to open cert store" error message ) will throw null + pointer exception + + 3) adding GetLastError(), in my opinion, will make error message more + useful. + + Bug: https://curl.haxx.se/mail/lib-2018-08/0198.html + + Closes #2909 + +- [Leonardo Taccari brought this change] + + gopher: Do not translate `?' to `%09' + + Since GOPHER support was added in curl `?' character was automatically + translated to `%09' (`\t'). + + However, this behaviour does not seems documented in RFC 4266 and for + search selectors it is documented to directly use `%09' in the URL. + Apart that several gopher servers in the current gopherspace have CGI + support where `?' is used as part of the selector and translating it to + `%09' often leads to surprising results. + + Closes #2910 + +Marcel Raad (23 Aug 2018) +- cookie tests: treat files as text + + Fixes test failures because of wrong line endings on Windows. + +Daniel Stenberg (23 Aug 2018) +- libcurl-thread.3: expand somewhat on the NO_SIGNAL motivation + + Multi-threaded applictions basically MUST set CURLOPT_NO_SIGNAL to 1L to + avoid the risk of getting a SIGPIPE. + + Either way, a multi-threaded application that uses libcurl/openssl needs + to have a signhandler for or ignore SIGPIPE on its own. + + Based on discussions in #2800 + Closes #2904 + +- RELEASE-NOTES: synced + +Marcel Raad (22 Aug 2018) +- Tests: fixes for Windows + + - test 1268 requires unix sockets + - test 2072 must be disabled also for MSYS/MinGW + +Daniel Stenberg (22 Aug 2018) +- http2: abort the send_callback if not setup yet + + When Curl_http2_done() gets called before the http2 data is setup all + the way, we cannot send anything and this should just return an error. + + Detected by OSS-Fuzz + Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10012 + +- http2: remove four unused nghttp2 callbacks + + Closes #2903 + +- x509asn1: use FALLTHROUGH + + ... as no other comments are accepted since 014ed7c22f51463 + +Marcel Raad (21 Aug 2018) +- test1148: disable if decimal separator is not point + + Modifying the locale with environment variables doesn't work for native + Windows applications. Just disable the test in this case if the decimal + separator is something different than a point. Use a precheck with a + small C program to achieve that. + + Closes https://github.com/curl/curl/pull/2786 + +- Enable more GCC warnings + + This enables the following additional warnings: + -Wold-style-definition + -Warray-bounds=2 instead of the default 1 + -Wformat=2, but only for GCC 4.8+ as Wno-format-nonliteral is not + respected for older versions + -Wunused-const-variable, which enables level 2 instead of the default 1 + -Warray-bounds also in debug mode through -ftree-vrp + -Wnull-dereference also in debug mode through + -fdelete-null-pointer-checks + + Closes https://github.com/curl/curl/pull/2747 + +- curl-compilers: enable -Wimplicit-fallthrough=4 for GCC + + This enables level 4 instead of the default level 3, which of the + currently used comments only allows /* FALLTHROUGH */ to silence the + warning. + + Closes https://github.com/curl/curl/pull/2747 + +- curl-compilers: enable -Wbad-function-cast on GCC + + This warning used to be enabled only for clang as it's a bit stricter + on GCC. Silence the remaining occurrences and enable it on GCC too. + + Closes https://github.com/curl/curl/pull/2747 + +- configure: conditionally enable pedantic-errors + + Enable pedantic-errors for GCC >= 5 with --enable-werror. Before GCC 5, + pedantic-errors was synonymous to -Werror=pedantic [0], which is still + the case for clang [1]. With GCC 5, it became complementary [2]. + + Also fix a resulting error in acinclude.m4 as main's return type was + missing, which is illegal in C99. + + [0] https://gcc.gnu.org/onlinedocs/gcc-4.9.0/gcc/Warning-Options.html + [1] https://clang.llvm.org/docs/UsersManual.html#options-to-control-error-and-warning-messages + [2] https://gcc.gnu.org/onlinedocs/gcc-5.1.0/gcc/Warning-Options.html + + Closes https://github.com/curl/curl/pull/2747 + +- Remove unused definitions + + Closes https://github.com/curl/curl/pull/2747 + +Daniel Stenberg (21 Aug 2018) +- x509asn1: make several functions static + + and remove the private SIZE_T_MAX define and use the generic one. + + Closes #2902 + +- INTERNALS: require GnuTLS >= 2.11.3 + + Since the public pinning support was brought in e644866caf4. GnuTLS + 2.11.3 was released in October 2010. + + Figured out in #2890 + +- http2: avoid set_stream_user_data() before stream is assigned + + ... before the stream is started, we have it set to -1. + + Fixes #2894 + Closes #2898 + +- SSLCERTS: improve the openssl command line + + ... for extracting certs from a live HTTPS server to make a cacerts.pem + from them. + +- docs/SECURITY-PROCESS: now we name the files after the CVE id + +- RELEASE-NOTES: synced + +- upload: change default UPLOAD_BUFSIZE to 64KB + + To make uploads significantly faster in some circumstances. + + Part 2 of #2888 + Closes #2892 + +- upload: allocate upload buffer on-demand + + Saves 16KB on the easy handle for operations that don't need that + buffer. + + Part 1 of #2888 + +- [Laurent Bonnans brought this change] + + vtls: reinstantiate engine on duplicated handles + + Handles created with curl_easy_duphandle do not use the SSL engine set + up in the original handle. This fixes the issue by storing the engine + name in the internal url state and setting the engine from its name + inside curl_easy_duphandle. + + Reported-by: Anton Gerasimov + Signed-of-by: Laurent Bonnans + Fixes #2829 + Closes #2833 + +- http2: make sure to send after RST_STREAM + + If this is the last stream on this connection, the RST_STREAM might not + get pushed to the wire otherwise. + + Fixes #2882 + Closes #2887 + Researched-by: Michael Kaufmann + +- test1268: check the stderr output as "text" + + Follow-up to 099f37e9c57 + + Pointed-out-by: Marcel Raad + +- urldata: remove unused pipe_broke struct field + + This struct field is never set TRUE in any existing code path. This + change removes the field completely. + + Closes #2871 + +- curl: warn the user if a given file name looks like an option + + ... simply because this is usually a sign of the user having omitted the + file name and the next option is instead "eaten" by the parser as a file + name. + + Add test1268 to verify + + Closes #2885 + +- http2: check nghttp2_session_set_stream_user_data return code + + Might help bug #2688 debugging + + Closes #2880 + +- travis: revert back to gcc-7 for coverage builds + + ... since the gcc-8 ones seem to fail frequently. + + Follow-up from b85207199544ca + + Closes #2886 + +- RELEASE-NOTES: synced + + ... and now listed in alphabetical order! + +- [Adrien brought this change] + + CMake: CMake config files are defining CURL_STATICLIB for static builds + + This change allows to use the CMake config files generated by Curl's + CMake scripts for static builds of the library. + The symbol CURL_STATIC lib must be defined to compile downstream, + thus the config package is the perfect place to do so. + + Fixes #2817 + Closes #2823 + Reported-by: adnn on github + Reviewed-by: Sergei Nikulov + +- TODO: host name sections in config files + +Kamil Dudka (14 Aug 2018) +- ssh-libssh: fix infinite connect loop on invalid private key + + Added test 656 (based on test 604) to verify the fix. + + Bug: https://bugzilla.redhat.com/1595135 + + Closes #2879 + +- ssh-libssh: reduce excessive verbose output about pubkey auth + + The verbose message "Authentication using SSH public key file" was + printed each time the ssh_userauth_publickey_auto() was called, which + meant each time a packet was transferred over network because the API + operates in non-blocking mode. + + This patch makes sure that the verbose message is printed just once + (when the authentication state is entered by the SSH state machine). + +Daniel Stenberg (14 Aug 2018) +- travis: disable h2 torture tests for "coverage" + + Since they started to fail almost 100% since a few days. + + Closes #2876 + +Marcel Raad (14 Aug 2018) +- travis: update to GCC 8 + + Closes https://github.com/curl/curl/pull/2869 + +Daniel Stenberg (13 Aug 2018) +- http: fix for tiny "HTTP/0.9" response + + Deal with tiny "HTTP/0.9" (header-less) responses by checking the + status-line early, even before a full "HTTP/" is received to allow + detecting 0.9 properly. + + Test 1266 and 1267 added to verify. + + Fixes #2420 + Closes #2872 + +Kamil Dudka (13 Aug 2018) +- docs: add disallow-username-in-url.d and haproxy-protocol.d on the list + + ... to make make the files appear in distribution tarballs + + Closes #2856 + +- .travis.yml: verify that man pages can be regenerated + + ... when curl is built from distribution tarball + + Closes #2856 + +Marcel Raad (11 Aug 2018) +- Split non-portable part off test 1133 + + Split off testing file names with double quotes into new test 1158. + Disable it for MSYS using a precheck as it doesn't support file names + with double quotes (but Cygwin does, for example). + + Fixes https://github.com/curl/curl/issues/2796 + Closes https://github.com/curl/curl/pull/2854 + +Jay Satiro (11 Aug 2018) +- projects: Improve Windows perl detection in batch scripts + + - Determine if perl is in the user's PATH by running perl.exe. + + Prior to this change detection was done by checking the PATH for perl/ + but that did not work in all cases (eg git install includes perl but + not in perl/ path). + + Bug: https://github.com/curl/curl/pull/2865 + Reported-by: Daniel Jeliński + +- [Michael Kaufmann brought this change] + + docs: Improve the manual pages of some callbacks + + - CURLOPT_HEADERFUNCTION: add newlines + - CURLOPT_INTERLEAVEFUNCTION: fix the description of 'userdata' + - CURLOPT_READDATA: mention crashes, same as in CURLOPT_WRITEDATA + - CURLOPT_READFUNCTION: rename 'instream' to 'userdata' and explain + how to set it + + Closes https://github.com/curl/curl/pull/2868 + +Marcel Raad (11 Aug 2018) +- GCC: silence -Wcast-function-type uniformly + + Pointed-out-by: Rikard Falkeborn + Closes https://github.com/curl/curl/pull/2860 + +- Silence GCC 8 cast-function-type warnings + + On Windows, casting between unrelated function types is fine and + sometimes even necessary, so just use an intermediate cast to + (void (*) (void)) to silence the warning as described in [0]. + + [0] https://gcc.gnu.org/onlinedocs/gcc-8.1.0/gcc/Warning-Options.html + + Closes https://github.com/curl/curl/pull/2860 + +Daniel Stenberg (11 Aug 2018) +- CURLINFO_SIZE_UPLOAD: fix missing counter update + + Adds test 1522 for verification. + + Reported-by: cjmsoregan + Fixes #2847 + Closes #2864 + +- [Daniel Jelinski brought this change] + + Documentation: fix CURLOPT_SSH_COMPRESSION copy/paste bug + + Closes #2867 + +- RELEASE-NOTES: synced + +- openssl: fix potential NULL pointer deref in is_pkcs11_uri + + Follow-up to 298d2565e + Coverity CID 1438387 + +Marcel Raad (10 Aug 2018) +- travis: execute "set -eo pipefail" for coverage build + + Follow-up to 2de63ab179eb78630ee039ad94fb2a5423df522d and + 0b87c963252d3504552ee0c8cf4402bd65a80af5. + + Closes https://github.com/curl/curl/pull/2862 + +Daniel Stenberg (10 Aug 2018) +- lib1502: fix memory leak in torture test + + Reported-by: Marcel Raad + Fixes #2861 + Closes #2863 + +- docs: mention NULL is fine input to several functions + + Fixes #2837 + Closes #2858 + Reported-by: Markus Elfring + +- [Bas van Schaik brought this change] + + README.md: add LGTM.com code quality grade for C/C++ + + Closes #2857 + +- [Rikard Falkeborn brought this change] + + test1531: Add timeout + + Previously, the macro TEST_HANG_TIMEOUT was unused, but since there is + looping going on, we might as well add timing instead of removing it. + + Closes #2853 + +- [Rikard Falkeborn brought this change] + + test1540: Remove unused macro TEST_HANG_TIMEOUT + + The macro has never been used, and it there is not really any place + where it would make sense to add timing checks. + + Closes #2852 + +- [Rikard Falkeborn brought this change] + + asyn-thread: Remove unused macro + + The macro seems to never have been used. + + Closes #2852 + +- [Rikard Falkeborn brought this change] + + http_proxy: Remove unused macro SELECT_TIMEOUT + + Usage was removed in 5113ad0424044458ac497fa1458ebe0101356b22. + + Closes #2852 + +- [Rikard Falkeborn brought this change] + + formdata: Remove unused macro HTTPPOST_CONTENTTYPE_DEFAULT + + Its usage was removed in + 84ad1fd3047815f9c6e78728bb351b828eac10b1. + + Closes #2852 + +- [Rikard Falkeborn brought this change] + + telnet: Remove unused macros TELOPTS and TELCMDS + + Their usage was removed in 3a145180cc754a5959ca971ef3cd243c5c83fc51. + + Closes #2852 + +- [Daniel Jelinski brought this change] + + openssl: fix debug messages + + Fixes #2806 + Closes #2843 + +- configure: fix for -lpthread detection with OpenSSL and pkg-config + + ... by making sure it uses the -I provided by pkg-config! + + Reported-by: pszemus on github + Fixes #2848 + Closes #2850 + +- RELEASE-NOTES: synced + +- windows: follow up to the buffer-tuning 1ba1dba7 + + Somehow I didn't include the amended version of the previous fix. This + is the missing piece. + + Pointed-out-by: Viktor Szakats + +- [Daniel Jelinski brought this change] + + windows: implement send buffer tuning + + Significantly enhances upload performance on modern Windows versions. + + Bug: https://curl.haxx.se/mail/lib-2018-07/0080.html + Closes #2762 + Fixes #2224 + +- [Anderson Toshiyuki Sasaki brought this change] + + ssl: set engine implicitly when a PKCS#11 URI is provided + + This allows the use of PKCS#11 URI for certificates and keys without + setting the corresponding type as "ENG" and the engine as "pkcs11" + explicitly. If a PKCS#11 URI is provided for certificate, key, + proxy_certificate or proxy_key, the corresponding type is set as "ENG" + if not provided and the engine is set to "pkcs11" if not provided. + + Acked-by: Nikos Mavrogiannopoulos + Closes #2333 + +- [Ruslan Baratov brought this change] + + CMake: Respect BUILD_SHARED_LIBS + + Use standard CMake variable BUILD_SHARED_LIBS instead of introducing + custom option CURL_STATICLIB. + + Use '-DBUILD_SHARED_LIBS=%SHARED%' in appveyor.yml. + + Reviewed-by: Sergei Nikulov + Closes #2755 + +- [John Butterfield brought this change] + + cmake: bumped minimum version to 3.4 + + Closes #2753 + +- [John Butterfield brought this change] + + cmake: link curl to the OpenSSL targets instead of lib absolute paths + + Reviewed-by: Jakub Zakrzewski + Reviewed-by: Sergei Nikulov + Closes #2753 + +- travis: build darwinssl on macos 10.12 + + ... as building on 10.13.x before 10.13.4 leads to link errors. + + Assisted-by: Nick Zitzmann + Fixes #2835 + Closes #2845 + +- DEPRECATE: remove release date from 7.62.0 + + Since it will slip and the version is the important part there, not the + date. + +- lib/Makefile: only do symbol hiding if told to + + This restores the ability to build a static lib with + --disable-symbol-hiding to keep non-curl_ symbols. + + Researched-by: Dan Fandrich + Reported-by: Ran Mozes + Fixes #2830 + Closes #2831 + +Marcel Raad (2 Aug 2018) +- hostip: fix unused variable warning + + addresses is only used in an infof call, which is a macro expanding to + nothing if CURL_DISABLE_VERBOSE_STRINGS is set. + +Daniel Stenberg (2 Aug 2018) +- test1307: disabled + + Turns out that since we're using the native fnmatch function now when + available, and they simply disagree on a huge number of test patterns + that make it hard to test this function like this... + + Fixes #2825 + +- smb: don't mark it done in smb_do + + Follow-up to 09e401e01bf9. The SMB protocol handler needs to use its + doing function too, which requires smb_do() to not mark itself as + done... + + Closes #2822 + +- [Rikard Falkeborn brought this change] + + general: fix printf specifiers + + Closes #2818 + +- RELEASE-NOTES: synced + +- mailmap: Daniel Jelinski + +- [Harry Sintonen brought this change] + + HTTP: Don't attempt to needlessly decompress redirect body + + This change fixes a regression where redirect body would needlessly be + decompressed even though it was to be ignored anyway. As it happens this + causes secondary issues since there appears to be a bug in apache2 that + it in certain conditions generates a corrupt zlib response. The + regression was created by commit: + dbcced8e32b50c068ac297106f0502ee200a1ebd + + Discovered-by: Harry Sintonen + Closes #2798 + +- curl: use Content-Disposition before the "URL end" for -OJ + + Regression introduced in 7.61.0 + + Reported-by: Thomas Klausner + Fixes #2783 + Closes #2813 + +- [Daniel Jelinski brought this change] + + retry: return error if rewind was necessary but didn't happen + + Fixes #2801 + Closes #2812 + +- http2: clear the drain counter in Curl_http2_done + + Reported-by: Andrei Virtosu + Fixes #2800 + Closes #2809 + +- smb: fix memory leak on early failure + + ... by making sure connection related data (->share) is stored in the + connection and not in the easy handle. + + Detected by OSS-fuzz + Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9369 + Fixes #2769 + Closes #2810 + +- travis: run a 'make checksrc' too + + ... to make sure the examples are all checked. + + Closes #2811 + +Jay Satiro (29 Jul 2018) +- examples/ephiperfifo: checksrc compliance + +- [Michael Kaufmann brought this change] + + sws: handle EINTR when calling select() + + Closes https://github.com/curl/curl/pull/2808 + +Daniel Stenberg (29 Jul 2018) +- test1157: follow-up to 35ecffb9 + + Ignore the user-agent line. + Pointed-out-by: Marcel Raad + +Michael Kaufmann (29 Jul 2018) +- tests/http_pipe.py: Use /usr/bin/env to find python + +Daniel Stenberg (28 Jul 2018) +- TODO: Support Authority Information Access certificate extension (AIA) + + Closes #2793 + +- conn_free: updated comment to clarify + + Let's call it disassociate instead of disconnect since the latter term + is used so much for (TCP) connections already. + +- test1157: test -H from empty file + + Verifies bugfix #2797 + +- [Tobias Blomberg brought this change] + + curl: Fix segfault when -H @headerfile is empty + + The curl binary would crash if the -H command line option was given a + filename to read using the @filename syntax but that file was empty. + + Closes #2797 + +- mime: check Curl_rand_hex's return code + + Bug: https://curl.haxx.se/mail/archive-2018-07/0015.html + Reported-by: Jeffrey Walton + Closes #2795 + +- [Josh Bialkowski brought this change] + + docs/examples: add hiperfifo example using linux epoll/timerfd + + Closes #2804 + +- [Darío Hereñú brought this change] + + docs/INSTALL.md: minor formatting fixes + + Closes #2794 + +- [Christopher Head brought this change] + + docs/CURLOPT_URL: fix indentation + + The statement, “The application does not have to keep the string around + after setting this option,” appears to be indented under the RTMP + paragraph. It actually applies to all protocols, not just RTMP. + Eliminate the extra indentation. + + Closes #2788 + +- [Christopher Head brought this change] + + docs/CURLOPT_WRITEFUNCTION: size is always 1 + + For compatibility with `fwrite`, the `CURLOPT_WRITEFUNCTION` callback is + passed two `size_t` parameters which, when multiplied, designate the + number of bytes of data passed in. In practice, CURL always sets the + first parameter (`size`) to 1. + + This practice is also enshrined in documentation and cannot be changed + in future. The documentation states that the default callback is + `fwrite`, which means `fwrite` must be a suitable function for this + purpose. However, the documentation also states that the callback must + return the number of *bytes* it successfully handled, whereas ISO C + `fwrite` returns the number of items (each of size `size`) which it + wrote. The only way these numbers can be equal is if `size` is 1. + + Since `size` is 1 and can never be changed in future anyway, document + that fact explicitly and let users rely on it. + + Closes #2787 + +- [Carie Pointer brought this change] + + wolfSSL/CyaSSL: Fix memory leak in Curl_cyassl_random + + RNG structure must be freed by call to FreeRng after its use in + Curl_cyassl_random. This call fixes Valgrind failures when running the + test suite with wolfSSL. + + Closes #2784 + +- [Even Rouault brought this change] + + reuse_conn(): free old_conn->options + + This fixes a memory leak when CURLOPT_LOGIN_OPTIONS is used, together with + connection reuse. + + I found this with oss-fuzz on GDAL and curl master: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9582 + I couldn't reproduce with the oss-fuzz original test case, but looking + at curl source code pointed to this well reproducable leak. + + Closes #2790 + +Marcel Raad (25 Jul 2018) +- [Daniel Jelinski brought this change] + + system_win32: fix version checking + + In the current version, VERSION_GREATER_THAN_EQUAL 6.3 will return false + when run on windows 10.0. This patch addresses that error. + + Closes https://github.com/curl/curl/pull/2792 + +Daniel Stenberg (24 Jul 2018) +- [Johannes Schindelin brought this change] + + auth: pick Bearer authentication whenever a token is available + + So far, the code tries to pick an authentication method only if + user/password credentials are available, which is not the case for + Bearer authentictation... + + Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> + Closes #2754 + +- [Johannes Schindelin brought this change] + + auth: only ever pick CURLAUTH_BEARER if we *have* a Bearer token + + The Bearer authentication was added to cURL 7.61.0, but there is a + problem: if CURLAUTH_ANY is selected, and the server supports multiple + authentication methods including the Bearer method, we strongly prefer + that latter method (only CURLAUTH_NEGOTIATE beats it), and if the Bearer + authentication fails, we will never even try to attempt any other + method. + + This is particularly unfortunate when we already know that we do not + have any Bearer token to work with. + + Such a scenario happens e.g. when using Git to push to Visual Studio + Team Services (which supports Basic and Bearer authentication among + other methods) and specifying the Personal Access Token directly in the + URL (this aproach is frequently taken by automated builds). + + Let's make sure that we have a Bearer token to work with before we + select the Bearer authentication among the available authentication + methods. + + Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> + Closes #2754 + +Marcel Raad (22 Jul 2018) +- test320: treat curl320.out file as binary + + Otherwise, LF line endings are converted to CRLF on Windows, + but no conversion is done for the reply, so the test case fails. + + Closes https://github.com/curl/curl/pull/2776 + +Daniel Stenberg (22 Jul 2018) +- vtls: set conn->data when closing TLS + + Follow-up to 1b76c38904f0. The VTLS backends that close down the TLS + layer for a connection still needs a Curl_easy handle for the session_id + cache etc. + + Fixes #2764 + Closes #2771 + +Marcel Raad (21 Jul 2018) +- tests: fixes for Windows line endlings + + Set mode="text" when line endings depend on the system representation. + + Closes https://github.com/curl/curl/pull/2772 + +- test214: disable MSYS2's POSIX path conversion for URL + + By default, the MSYS2 bash converts all backslashes to forward slashes + in URLs. Disable this with MSYS2_ARG_CONV_EXCL for the test to pass. + + Ref https://github.com/msys2/msys2/wiki/Porting#filesystem-namespaces + +Daniel Stenberg (20 Jul 2018) +- http2: several cleanups + + - separate easy handle from connections better + - added asserts on a number of places + - added sanity check of pipelines for debug builds + + Closes #2751 + +- smb_getsock: always wait for write socket too + + ... the protocol is doing read/write a lot, so it needs to write often + even when downloading. A more proper fix could check for eactly when it + wants to write and only ask for it then. + + Without this fix, an SMB download could easily get stuck when the event-driven + API was used. + + Closes #2768 + +Marcel Raad (20 Jul 2018) +- test1143: disable MSYS2's POSIX path conversion + + By default, the MSYS2 bash interprets http:/%HOSTIP:%HTTPPORT/want/1143 + as a POSIX file list and converts it to a Windows file list. + Disable this with MSYS2_ARG_CONV_EXCL for the test to pass. + + Ref https://github.com/msys2/msys2/wiki/Porting#filesystem-namespaces + Closes https://github.com/curl/curl/pull/2765 + +Daniel Stenberg (18 Jul 2018) +- RELEASE-NOTES: sync + + ... and work toward 7.61.1 + +- [Ruslan Baratov brought this change] + + CMake: Update scripts to use consistent style + + Closes #2727 + Reviewed-by: Sergei Nikulov + +- header output: switch off all styles, not just unbold + + ... the "unbold" sequence doesn't work on the mac Terminal. + + Reported-by: Zero King + Fixes #2736 + Closes #2738 + +Nick Zitzmann (14 Jul 2018) +- [Rodger Combs brought this change] + + darwinssl: add support for ALPN negotiation + +Marcel Raad (14 Jul 2018) +- test1422: add required file feature + + curl configured with --enable-debug --disable-file currently complains + on test1422: + Info: Protocol "file" not supported or disabled in libcurl + + Make test1422 dependend on enabled FILE protocol to fix this. + + Fixes https://github.com/curl/curl/issues/2741 + Closes https://github.com/curl/curl/pull/2742 + +Patrick Monnerat (12 Jul 2018) +- content_encoding: accept up to 4 unknown trailer bytes after raw deflate data + + Some servers issue raw deflate data that may be followed by an undocumented + trailer. This commit makes curl tolerate such a trailer of up to 4 bytes + before considering the data is in error. + + Reported-by: clbr on github + Fixes #2719 + +Daniel Stenberg (12 Jul 2018) +- smb: fix memory-leak in URL parse error path + + Detected by OSS-Fuzz + Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9369 + Closes #2740 + +Marcel Raad (12 Jul 2018) +- schannel: enable CALG_TLS1PRF for w32api >= 5.1 + + The definition of CALG_TLS1PRF has been fixed in the 5.1 branch: + https://osdn.net/projects/mingw/scm/git/mingw-org-wsl/commits/73aedcc0f2e6ba370de0d86ab878ad76a0dda7b5 + +Daniel Stenberg (12 Jul 2018) +- docs/SECURITY-PROCESS: mention bounty, drop pre-notify + + + The hackerone bounty and its process + + - We don't and can't handle pre-notification + +- multi: always do the COMPLETED procedure/state + + It was previously erroneously skipped in some situations. + + libtest/libntlmconnect.c wrongly depended on wrong behavior (that it + would get a zero timeout) when no handles are "running" in a multi + handle. That behavior is no longer present with this fix. Now libcurl + will always return a -1 timeout when all handles are completed. + + Closes #2733 + +- Curl_getoff_all_pipelines: improved for multiplexed + + On multiplexed connections, transfers can be removed from anywhere not + just at the head as for pipelines. + +- ares: check for NULL in completed-callback + +- conn: remove the boolean 'inuse' field + + ... as the usage needs to be counted. + +- [Paul Howarth brought this change] + + openssl: assume engine support in 1.0.0 or later + + Commit 38203f1585da changed engine detection to be version-based, + with a baseline of openssl 1.0.1. This does in fact break builds + with openssl 1.0.0, which has engine support - the configure script + detects that ENGINE_cleanup() is available - but <openssl/engine.h> + doesn't get included to declare it. + + According to upstream documentation, engine support was added to + mainstream openssl builds as of version 0.9.7: + https://github.com/openssl/openssl/blob/master/README.ENGINE + + This commit drops the version test down to 1.0.0 as version 1.0.0d + is the oldest version I have to test with. + + Closes #2732 + +Marcel Raad (11 Jul 2018) +- schannel: fix MinGW compile break + + Original MinGW's w32api has a sytax error in its definition of + CALG_TLS1PRF [0]. Don't use original MinGW w32api's CALG_TLS1PRF + until this bug [1] is fixed. + + [0] https://osdn.net/projects/mingw/scm/git/mingw-org-wsl/blobs/d1d4a17e51a2b78e252ef0147d483267d56c90cc/w32api/include/wincrypt.h + [1] https://osdn.net/projects/mingw/ticket/38391 + + Fixes https://github.com/curl/curl/pull/2721#issuecomment-403636043 + Closes https://github.com/curl/curl/pull/2728 + +Daniel Stenberg (11 Jul 2018) +- examples/crawler.c: move #ifdef to column 0 + + Apparently the C => HTML converter on the web site doesn't quite like it + otherwise. + + Reported-by: Jeroen Ooms + +Version 7.61.0 (11 Jul 2018) + +Daniel Stenberg (11 Jul 2018) +- release: 7.61.0 + +- TODO: Configurable loading of OpenSSL configuration file + + Closes #2724 + +- post303.d: clarify that this is an RFC violation + + ... and not the other way around, which this previously said. + + Reported-by: Vasiliy Faronov + Fixes #2723 + Closes #2726 + +- [Ruslan Baratov brought this change] + + CMake: remove redundant and old end-of-block syntax + + Reviewed-by: Jakub Zakrzewski + Closes #2715 + +Jay Satiro (9 Jul 2018) +- lib/curl_setup.h: remove unicode character + + Follow-up to 82ce416. + + Ref: https://github.com/curl/curl/commit/8272ec5#commitcomment-29646818 + +Daniel Stenberg (9 Jul 2018) +- lib/curl_setup.h: remove unicode bom from 8272ec50f02 + +Marcel Raad (9 Jul 2018) +- schannel: fix -Wsign-compare warning + + MinGW warns: + /lib/vtls/schannel.c:219:64: warning: signed and unsigned type in + conditional expression [-Wsign-compare] + + Fix this by casting the ptrdiff_t to size_t as we know it's positive. + + Closes https://github.com/curl/curl/pull/2721 + +- schannel: workaround for wrong function signature in w32api + + Original MinGW's w32api has CryptHashData's second parameter as BYTE * + instead of const BYTE *. + + Closes https://github.com/curl/curl/pull/2721 + +- schannel: make more cipher options conditional + + They are not defined in the original MinGW's <wincrypt.h>. + + Closes https://github.com/curl/curl/pull/2721 + +- curl_setup: include <winerror.h> before <windows.h> + + Otherwise, only part of it gets pulled in through <windows.h> on + original MinGW. + + Fixes https://github.com/curl/curl/issues/2361 + Closes https://github.com/curl/curl/pull/2721 + +- examples: fix -Wformat warnings + + When size_t is not a typedef for unsigned long (as usually the case on + Windows), GCC emits -Wformat warnings when using lu and lx format + specifiers with size_t. Silence them with explicit casts to + unsigned long. + + Closes https://github.com/curl/curl/pull/2721 + +Daniel Stenberg (9 Jul 2018) +- smtp: use the upload buffer size for scratch buffer malloc + + ... not the read buffer size, as that can be set smaller and thus cause + a buffer overflow! CVE-2018-0500 + + Reported-by: Peter Wu + Bug: https://curl.haxx.se/docs/adv_2018-70a2.html + +- [Dave Reisner brought this change] + + scripts: include _curl as part of CLEANFILES + + Closes #2718 + +- [Nick Zitzmann brought this change] + + darwinssl: allow High Sierra users to build the code using GCC + + ...but GCC users lose out on TLS 1.3 support, since we can't weak-link + enumeration constants. + + Fixes #2656 + Closes #2703 + +- [Ruslan Baratov brought this change] + + CMake: Remove unused 'output_var' from 'collect_true' + + Variable 'output_var' is not used and can be removed. + Function 'collect_true' renamed to 'count_true'. + +- [Ruslan Baratov brought this change] + + CMake: Remove unused functions + + Closes #2711 + +- KNOWN_BUGS: Stick to same family over SOCKS proxy + +- libssh: goto DISCONNECT state on error, not SSH_SESSION_FREE + + ... because otherwise not everything get closed down correctly. + + Fixes #2708 + Closes #2712 + +- libssh: include line number in state change debug messages + + Closes #2713 + +- KNOWN_BUGS: Borland support is dropped, AIX problem is too old + +- [Jeroen Ooms brought this change] + + example/crawler.c: simple crawler based on libxml2 + + Closes #2706 + +- RELEASE-NOTES: synced + +- DEPRECATE: include year when specifying date + +- DEPRECATE: linkified + +- DEPRECATE: mention the PR that disabled axTLS + +- docs/DEPRECATE.md: spelling and minor formatting + +- DEPRECATE: new doc describing planned item removals + + Closes #2704 + +- [Gisle Vanem brought this change] + + telnet: fix clang warnings + + telnet.c(1401,28): warning: cast from function call of type 'int' to + non-matching type 'HANDLE' (aka 'void *') [-Wbad-function-cast] + + Fixes #2696 + Closes #2700 + +- docs: fix missed option name markups + +- [Gaurav Malhotra brought this change] + + openssl: Remove some dead code + + Closes #2698 + +- openssl: make the requested TLS version the *minimum* wanted + + The code treated the set version as the *exact* version to require in + the TLS handshake, which is not what other TLS backends do and probably + not what most people expect either. + + Reported-by: Andreas Olsson + Assisted-by: Gaurav Malhotra + Fixes #2691 + Closes #2694 + +- RELEASE-NOTES: synced + +- openssl: allow TLS 1.3 by default + + Reported-by: Andreas Olsson + Fixes #2692 + Closes #2693 + +- [Adrian Peniak brought this change] + + CURLINFO_TLS_SSL_PTR.3: improve the example + + The previous example was a little bit confusing, because SSL* structure + (or other "in use" SSL connection pointer) is not accessible after the + transfer is completed, therefore working with the raw TLS library + specific pointer needs to be done during transfer. + + Closes #2690 + +- travis: add a build using the synchronous name resolver + + ... since default uses the threaded one and we test the c-ares build + already. + + Closes #2689 + +- configure: remove CURL_CHECK_NI_WITHSCOPEID too + + Since it isn't used either and requires the getnameinfo check + + Follow-up to 0aeca41702d2 + +- getnameinfo: not used + + Closes #2687 + +- easy_perform: use *multi_timeout() to get wait times + + ... and trim the threaded Curl_resolver_getsock() to return zero + millisecond wait times during the first three milliseconds so that + localhost or names in the OS resolver cache gets detected and used + faster. + + Closes #2685 + +Max Dymond (27 Jun 2018) +- configure: Add dependent libraries after crypto + + The linker is pretty dumb and processes things left to right, keeping a + tally of symbols it hasn't resolved yet. So, we need -ldl to appear + after -lcrypto otherwise the linker won't find the dl functions. + + Closes #2684 + +Daniel Stenberg (27 Jun 2018) +- GOVERNANCE: linkify, changed some titles + +- GOVERNANCE: add maintainer details/duties + +- url: check Curl_conncache_add_conn return code + + ... it was previously unchecked in two places and thus errors could + remain undetected and cause trouble. + + Closes #2681 + +- include/README: remove "hacking" advice, not the right place + +- RELEASE-NOTES: synced + +- CURLOPT_SSL_VERIFYPEER.3: fix syntax mistake + + Follow-up to b6a16afa0aa5 + +- netrc: use a larger buffer + + ... to work with longer passwords etc. Grow it from a 256 to a 4096 + bytes buffer. + + Reported-by: Dario Nieuwenhuis + Fixes #2676 + Closes #2680 + +- [Patrick Schlangen brought this change] + + CURLOPT_SSL_VERIFYPEER.3: Add performance note + + Closes #2673 + +- [Javier Blazquez brought this change] + + multi: fix crash due to dangling entry in connect-pending list + + Fixes #2677 + Closes #2679 + +- ConnectionExists: make sure conn->data is set when "taking" a connection + + Follow-up to 2c15693. + + Bug #2674 + Closes #2675 + +- [Kevin R. Bulgrien brought this change] + + system.h: fix for gcc on 32 bit OpenServer + + Bug: https://curl.haxx.se/mail/lib-2018-06/0100.html + +- [Raphael Gozzo brought this change] + + cmake: allow multiple SSL backends + + This will make possible to select the SSL backend (using + curl_global_sslset()) even when the libcurl is built using CMake + + Closes #2665 + +- url: fix dangling conn->data pointer + + By masking sure to use the *current* easy handle with extracted + connections from the cache, and make sure to NULLify the ->data pointer + when the connection is put into the cache to make this mistake easier to + detect in the future. + + Reported-by: Will Dietz + Fixes #2669 + Closes #2672 + +- CURLOPT_INTERFACE.3: interface names not supported on Windows + +- travis: run more tests for coverage check + + ... run a few more tortured based and run all tests event-based. + + Closes #2664 + +- multi: fix memory leak when stopped during name resolve + + When the application just started the transfer and then stops it while + the name resolve in the background thread hasn't completed, we need to + wait for the resolve to complete and then cleanup data accordingly. + + Enabled test 1553 again and added test 1590 to also check when the host + name resolves successfully. + + Detected by OSS-fuzz. + Closes #1968 + +Viktor Szakats (15 Jun 2018) +- maketgz: delete .bak files, fix indentation + + Ref: https://github.com/curl/curl/pull/2660 + + Closes https://github.com/curl/curl/pull/2662 + +Daniel Stenberg (15 Jun 2018) +- runtests.pl: remove debug leftover from bb9a340c73f3 + +- curl-confopts.m4: fix typo from ed224f23d5beb + + Fixes my local configure to detect a custom installed c-ares without + pkgconfig. + +- docs/RELEASE-PROCEDURE.md: renamed to use .md extension + + Closes #2663 + +- RELEASE-PROCEDURE: gpg sign the tags + +- RELEASE-NOTES: synced + +- CURLOPT_HTTPAUTH.3: CURLAUTH_BEARER was added in 7.61.0 + +- [Mamta Upadhyay brought this change] + + maketgz: fix sed issues on OSX + + maketgz creates release tarballs and removes the -DEV string in curl + version (e.g. 7.58.0-DEV), else -DEV shows up on command line when curl + is run. maketgz works fine on linux but fails on OSX. Problem is with + the sed commands that use option -i without an extension. Maketgz + expects GNU sed instead of BSD and this simply won't work on OSX. Adding + a backup extension .bak after -i fixes this issue + + Running the script as if on OSX gives this error: + + sed: -e: No such file or directory + + Adding a .bak extension resolves it + + Closes #2660 + +- configure: enhance ability to detect/build with static openssl + + Fix the -ldl and -ldl + -lpthread checks for OpenSSL, necessary for + building with static libs without pkg-config. + + Reported-by: Marcel Raad + Fixes #2199 + Closes #2659 + +- configure: use pkg-config for c-ares detection + + First check if there's c-ares information given as pkg-config info and use + that as first preference. + + Reported-by: pszemus on github + Fixes #2203 + Closes #2658 + +- GOVERNANCE.md: explains how this project is run + + Closes #2657 + +- KNOWN_BUGS: NTLM doen't support password with § character + + Closes #2120 + +- KNOWN_BUGS: slow connect to localhost on Windows + + Closes #2281 + +- [Matteo Bignotti brought this change] + + mk-ca-bundle.pl: make -u delete certdata.txt if found not changed + + certdata.txt should be deleted also when the process is interrupted by + "same certificate downloaded, exiting" + + The certdata.txt is currently kept on disk even if you give the -u + option + + Closes #2655 + +- progress: remove a set of unused defines + + Reported-by: Peter Wu + Closes #2654 + +- TODO: "Option to refuse usernames in URLs" done + + Implemented by Björn in 946ce5b61f + +- [Lyman Epp brought this change] + + Curl_init_do: handle NULL connection pointer passed in + + Closes #2653 + +- runtests: support variables in <strippart> + + ... and make use of that to make 1455 work better without using a fixed + local port number. + + Fixes #2649 + Closes #2650 + +- Curl_debug: remove dead printhost code + + The struct field is never set (since 5e0d9aea3) so remove the use of it + and remove the connectdata pointer from the prototype. + + Reported-by: Tejas + Bug: https://curl.haxx.se/mail/lib-2018-06/0054.html + Closes #2647 + +Viktor Szakats (12 Jun 2018) +- schannel: avoid incompatible pointer warning + + with clang-6.0: + ``` + vtls/schannel_verify.c: In function 'add_certs_to_store': + vtls/schannel_verify.c:212:30: warning: passing argument 11 of 'CryptQueryObject' from incompatible pointer type [-Wincompatible-pointer-types] + &cert_context)) { + ^ + In file included from /usr/share/mingw-w64/include/schannel.h:10:0, + from /usr/share/mingw-w64/include/schnlsp.h:9, + from vtls/schannel.h:29, + from vtls/schannel_verify.c:40: + /usr/share/mingw-w64/include/wincrypt.h:4437:26: note: expected 'const void **' but argument is of type 'CERT_CONTEXT ** {aka struct _CERT_CONTEXT **}' + WINIMPM WINBOOL WINAPI CryptQueryObject (DWORD dwObjectType, const void *pvObject, DWORD dwExpectedContentTypeFlags, DWORD dwExpectedFormatTypeFlags, DWORD dwFlags, + ^~~~~~~~~~~~~~~~ + ``` + Ref: https://msdn.microsoft.com/library/windows/desktop/aa380264 + + Closes https://github.com/curl/curl/pull/2648 + +Daniel Stenberg (12 Jun 2018) +- [Robert Prag brought this change] + + schannel: support selecting ciphers + + Given the contstraints of SChannel, I'm exposing these as the algorithms + themselves instead; while replicating the ciphersuite as specified by + OpenSSL would have been preferable, I found no way in the SChannel API + to do so. + + To use this from the commandline, you need to pass the names of contants + defining the desired algorithms. For example, curl --ciphers + "CALG_SHA1:CALG_RSA_SIGN:CALG_RSA_KEYX:CALG_AES_128:CALG_DH_EPHEM" + https://github.com The specific names come from wincrypt.h + + Closes #2630 + +- [Bernhard M. Wiedemann brought this change] + + test 46: make test pass after 2025 + + shifting the expiry date to 2037 for now + to be before the possibly problematic year 2038 + + similar in spirit to commit e6293cf8764e9eecb + + Closes #2646 + +- [Marian Klymov brought this change] + + cppcheck: fix warnings + + - Get rid of variable that was generating false positive warning + (unitialized) + + - Fix issues in tests + + - Reduce scope of several variables all over + + etc + + Closes #2631 + +- openssl: assume engine support in 1.0.1 or later + + Previously it was checked for in configure/cmake, but that would then + leave other build systems built without engine support. + + While engine support probably existed prior to 1.0.1, I decided to play + safe. If someone experience a problem with this, we can widen the + version check. + + Fixes #2641 + Closes #2644 + +- RELEASE-NOTES: synced + +- RELEASE-PROCEDURE: update the release calendar for 2019 + +- [Gisle Vanem brought this change] + + boringssl + schannel: undef X509_NAME in lib/schannel.h + + Fixes the build problem when both boringssl and schannel are enabled. + + Fixes #2634 + Closes #2643 + +- [Vladimir Kotal brought this change] + + mk-ca-bundle.pl: leave certificate name untouched in decode() + + Closes #2640 + +- [Rikard Falkeborn brought this change] + + tests/libtests/Makefile.am: Add lib1521.c to CLEANFILES + + This removes the generated lib1521.c when running make clean. + + Closes #2633 + +- [Rikard Falkeborn brought this change] + + tests/libtest: Add lib1521 to nodist_SOURCES + + Since 467da3af0, lib1521.c is generated instead of checked in. According + to the commit message, the intention was to remove it from the tarball + as well. However, it is still present when running make dist. To remove + it, add it to nodist_lib1521_SOURCES. This also means there is no need + for the manually added dist-rule in the Makefile. + + Also update CMakelists.txt to handle the fact that we now may have + nodist_SOURCES. + +- [Stephan Mühlstrasser brought this change] + + system.h: add support for IBM xlc C compiler + + Added a section to system.h guarded with __xlc__ for the IBM xml C + compiler. Before this change the section titled 'generic "safe guess" on + old 32 bit style' was used, which resulted in a wrong definition of + CURL_TYPEOF_CURL_SOCKLEN_T, and for 64-bit also CURL_TYPEOF_CURL_OFF_T + was wrong. + + Compilation warnings fixed with this change: + + CC libcurl_la-ftp.lo + "ftp.c", line 290.55: 1506-280 (W) Function argument assignment between types "unsigned long* restrict" and "int*" is not allowed. + "ftp.c", line 293.48: 1506-280 (W) Function argument assignment between types "unsigned long* restrict" and "int*" is not allowed. + "ftp.c", line 1070.49: 1506-280 (W) Function argument assignment between types "unsigned long* restrict" and "int*" is not allowed. + "ftp.c", line 1154.53: 1506-280 (W) Function argument assignment between types "unsigned long* restrict" and "int*" is not allowed. + "ftp.c", line 1187.51: 1506-280 (W) Function argument assignment between types "unsigned long* restrict" and "int*" is not allowed. + CC libcurl_la-connect.lo + "connect.c", line 448.56: 1506-280 (W) Function argument assignment between types "unsigned long* restrict" and "int*" is not allowed. + "connect.c", line 516.66: 1506-280 (W) Function argument assignment between types "unsigned long* restrict" and "int*" is not allowed. + "connect.c", line 687.55: 1506-280 (W) Function argument assignment between types "unsigned long* restrict" and "int*" is not allowed. + "connect.c", line 696.55: 1506-280 (W) Function argument assignment between types "unsigned long* restrict" and "int*" is not allowed. + CC libcurl_la-tftp.lo + "tftp.c", line 1115.33: 1506-280 (W) Function argument assignment between types "unsigned long* restrict" and "int*" is not allowed. + + Closes #2637 + +- cmdline-opts/cert-type.d: mention "p12" as a recognized type as well + +Viktor Szakats (3 Jun 2018) +- spelling fixes + + Detected using the `codespell` tool (version 1.13.0). + + Also secure and fix an URL. + +Daniel Stenberg (2 Jun 2018) +- axtls: follow-up spell fix of comment + +- axTLS: not considered fit for use + + URL: https://curl.haxx.se/mail/lib-2018-06/0000.html + + This is step one. It adds #error statements that require source edits to + make curl build again if asked to use axTLS. At a later stage we might + remove the axTLS specific code completely. + + Closes #2628 + +- build: remove the Borland specific makefiles + + According to the user survey 2018, not even one out of 670 users use + them. Nobody on the mailing list spoke up for them either. + + Closes #2629 + +- curl_addrinfo: use same #ifdef conditions in source as header + + ... for curl_dofreeaddrinfo + +- multi: remove a DEBUGF() + + ... it might call infof() with a NULL first argument that isn't harmful + but makes it not do anything. The infof() line is not very useful + anymore, it has served it purpose. Good riddance! + + Fixes #2627 + +- [Alibek.Jorajev brought this change] + + CURLOPT_RESOLVE: always purge old entry first + + If there's an existing entry using the selected name. + + Closes #2622 + +- fnmatch: use the system one if available + + If configure detects fnmatch to be available, use that instead of our + custom one for FTP wildcard pattern matching. For standard compliance, + to reduce our footprint and to use already well tested and well + exercised code. + + A POSIX fnmatch behaves slightly different than the internal function + for a few test patterns currently and the macOS one yet slightly + different. Test case 1307 is adjusted for these differences. + + Closes #2626 + +Patrick Monnerat (31 May 2018) +- os400: add new option in ILE/RPG binding + + Follow-up to commit 946ce5b + +Daniel Stenberg (31 May 2018) +- tests/libtest/.gitignore: follow-up fix to ignore lib5* too + +- KNOWN_BUGS: CURL_GLOBAL_SSL + + Closes #2276 + +- [Bernhard Walle brought this change] + + configure: check for declaration of getpwuid_r + + On our x86 Android toolchain, getpwuid_r is implemented but the header + is missing: + + netrc.c:81:7: error: implicit declaration of function 'getpwuid_r' [-Werror=implicit-function-declaration] + + Unfortunately, the function is used in curl_ntlm_wb.c, too, so I moved + the prototype to curl_setup.h. + + Signed-off-by: Bernhard Walle <bernhard@bwalle.de> + Closes #2609 + +- [Rikard Falkeborn brought this change] + + tests: update .gitignore for libtests + + Closes #2624 + +- [Rikard Falkeborn brought this change] + + strictness: correct {infof, failf} format specifiers + + Closes #2623 + +- [Björn Stenberg brought this change] + + option: disallow username in URL + + Adds CURLOPT_DISALLOW_USERNAME_IN_URL and --disallow-username-in-url. Makes + libcurl reject URLs with a username in them. + + Closes #2340 + +- libcurl-security.3: improved layout for two rememdy lists + +- libcurl-security.3: refer to URL instead of in-source markdown file + +Viktor Szakats (30 May 2018) +- curl.rc: embed manifest for correct Windows version detection + + * enable it in `src/Makefile.m32` + * enable it in `winbuild/MakefileBuild.vc` if a custom manifest is + _not_ enabled via the existing `EMBED_MANIFEST` option + * enable it for all Windows CMake builds (also disable the built-in + minimal manifest, added by CMake by default.) + + For other build systems, add the `-DCURL_EMBED_MANIFEST` option to + the list of RC (Resource Compiler) flags to enable the manifest + included in `src/curl.rc`. This may require to disable whatever + automatic or other means in which way another manifest is added to + `curl.exe`. + + Notice that Borland C doesn't support this method due to a + long-pending resource compiler bug. Watcom C may also not handle + it correctly when the `-zm` `wrc` option is used (this option may + be unnecessary though) and regardless of options in certain earlier + revisions of the 2.0 beta version. + + Closes https://github.com/curl/curl/pull/1221 + Fixes https://github.com/curl/curl/issues/2591 + +Patrick Monnerat (30 May 2018) +- os400: sync EBCDIC wrappers and ILE/RPG binding with latest options + +- os400: implement mime api EBCDIC wrappers + + Also sync ILE/RPG binding to define the new functions. + +Daniel Stenberg (29 May 2018) +- setopt: add TLS 1.3 ciphersuites + + Adds CURLOPT_TLS13_CIPHERS and CURLOPT_PROXY_TLS13_CIPHERS. + + curl: added --tls13-ciphers and --proxy-tls13-ciphers + + Fixes #2435 + Reported-by: zzq1015 on github + Closes #2607 + +- configure: override AR_FLAGS to silence warning + + The automake default ar flags are 'cru', but the 'u' flag in there + causes warnings on many modern Linux distros. Removing 'u' may have a + minor performance impact on older distros but should not cause harm. + + Explained on the automake mailing list already back in April 2015: + + https://www.mail-archive.com/automake-patches@gnu.org/msg07705.html + + Reported-by: elephoenix on github + Fixes #2617 + Closes #2619 + +Sergei Nikulov (29 May 2018) +- cmake: fixed comments in compile checks code + +Daniel Stenberg (29 May 2018) +- INSTALL: LDFLAGS=-Wl,-R/usr/local/ssl/lib + + ... the older description doesn't work + + Reported-by: Peter Varga + Fixes #2615 + Closes #2616 + +- [Will Dietz brought this change] + + KNOWN_BUGS: restore text regarding #2101. + + This was added earlier but appears to have been removed accidentally. + + AFAICT this is very much still an issue. + + ----- + + I say "accidentally" because the text seems to have harmlessly snuck + into [1] (which makes no mention of it). [1] was later reverted for + unspecified reasons in [2], presumably because the mentioned issue was + fixed or invalid. + + [1] de9fac00c40db321d44fa6fbab6eb62ec4c83998 + [2] 16d1f369403cbb04bd7b085eabbeebf159473fc2 + + Closes #2618 + +- fnmatch: insist on escaped bracket to match + + A non-escaped bracket ([) is for a character group - as documented. It + will *not* match an individual bracket anymore. Test case 1307 updated + accordingly to match. + + Problem detected by OSS-Fuzz, although this fix is probably not a final + fix for the notorious timeout issues. + + Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8525 + Closes #2614 + +Patrick Monnerat (28 May 2018) +- psl: use latest psl and refresh it periodically + + The latest psl is cached in the multi or share handle. It is refreshed + before use after 72 hours. + New share lock CURL_LOCK_DATA_PSL controls the psl cache sharing. + If the latest psl is not available, the builtin psl is used. + + Reported-by: Yaakov Selkowitz + Fixes #2553 + Closes #2601 + +Daniel Stenberg (28 May 2018) +- [Fabrice Fontaine brought this change] + + configure: fix ssh2 linking when built with a static mbedtls + + The ssh2 pkg-config file could contain the following lines when build + with a static version of mbedtls: + Libs: -L${libdir} -lssh2 /xxx/libmbedcrypto.a + Libs.private: /xxx/libmbedcrypto.a + + This static mbedtls library must be used to correctly detect ssh2 + support and this library must be copied in libcurl.pc otherwise + compilation of any application (such as upmpdcli) with libcurl will fail + when trying to found mbedtls functions included in libssh2. So, replace + pkg-config --libs-only-l by pkg-config --libs. + + Fixes: + - http://autobuild.buildroot.net/results/43e24b22a77f616d6198c10435dcc23cc3b9088a + + Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> + Closes #2613 + +- RELEASE-NOTES: synced + +- [Bernhard Walle brought this change] + + cmake: check for getpwuid_r + + The autotools-based build system does it, so we do it also in CMake. + + Bug: #2609 + Signed-off-by: Bernhard Walle <bernhard@bwalle.de> + +- cmdline-opts/gen.pl: warn if mutexes: or see-also: list non-existing options + +- [Frank Gevaerts brought this change] + + curl.1: Fix cmdline-opts reference errors. + + --data, --form, and --ntlm were declared to be mutually exclusive with + non-existing options. --data and --form referred to --upload (which is + short for --upload-file and therefore did work, so this one was merely + a bit confusing), --ntlm referred to --negotiated instead of --negotiate. + + Closes #2612 + +- [Frank Gevaerts brought this change] + + docs: fix cmdline-opts metadata headers case consistency. + + Almost all headers start with an uppercase letter, but some didn't. + +- mailmap: Max Savenkov + +Sergei Nikulov (28 May 2018) +- [Max Savenkov brought this change] + + Fix the test for fsetxattr and strerror_r tests in CMake to work without compiling + +Daniel Stenberg (27 May 2018) +- mailmap: a Richard Alcock fixup + +- [Richard Alcock brought this change] + + schannel: add failf calls for client certificate failures + + Closes #2604 + +- [Richard Alcock brought this change] + + winbuild: In MakefileBuild.vc fix typo DISTDIR->DIRDIST + + Change requirement from $(DISTDIR) to $(DIRDIST) + + closes #2603 + +- [Richard Alcock brought this change] + + winbuild: only delete OUTFILE if it exists + + This removes the slightly annoying "Could not file LIBCURL_OBJS.inc" and + "Could not find CURL_OBJS.inc.inc" message when building into a clean + folder. + + closes #2602 + +- [Alejandro R. Sedeño brought this change] + + content_encoding: handle zlib versions too old for Z_BLOCK + + Fallback on Z_SYNC_FLUSH when Z_BLOCK is not available. + + Fixes #2606 + Closes #2608 + +- multi: provide a socket to wait for in Curl_protocol_getsock + + ... even when there's no protocol specific handler setup. + + Bug: https://curl.haxx.se/mail/lib-2018-05/0062.html + Reported-by: Sean Miller + Closes #2600 + +- [Linus Lewandowski brought this change] + + httpauth: add support for Bearer tokens + + Closes #2102 + +- TODO: CURLINFO_PAUSE_STATE + + Closes #2588 + +Sergei Nikulov (24 May 2018) +- cmake: set -d postfix for debug builds if not specified + using -DCMAKE_DEBUG_POSTFIX explicitly + + fixes #2121, obsoletes #2384 + +Daniel Stenberg (23 May 2018) +- configure: add basic test of --with-ssl prefix + + When given a prefix, the $PREFIX_OPENSSL/lib/openssl.pc or + $PREFIX_OPENSSL/include/openssl/ssl.h files must be present or cause an + error. Helps users detect when giving configure the wrong path. + + Reported-by: Oleg Pudeyev + Assisted-by: Per Malmberg + Fixes #2580 + +Patrick Monnerat (22 May 2018) +- http resume: skip body if http code 416 (range error) is ignored. + + This avoids appending error data to already existing good data. + + Test 92 is updated to match this change. + New test 1156 checks all combinations of --range/--resume, --fail, + Content-Range header and http status code 200/416. + + Fixes #1163 + Reported-By: Ithubg on github + Closes #2578 + +Daniel Stenberg (22 May 2018) +- tftp: make sure error is zero terminated before printfing it + +- configure: add missing m4/ax_compile_check_sizeof.m4 + + follow-up to mistake in 6876ccf90b4 + +Jay Satiro (22 May 2018) +- [Johannes Schindelin brought this change] + + schannel: make CAinfo parsing resilient to CR/LF + + OpenSSL has supported --cacert for ages, always accepting LF-only line + endings ("Unix line endings") as well as CR/LF line endings ("Windows + line endings"). + + When we introduced support for --cacert also with Secure Channel (or in + cURL speak: "WinSSL"), we did not take care to support CR/LF line + endings, too, even if we are much more likely to receive input in that + form when using Windows. + + Let's fix that. + + Happily, CryptQueryObject(), the function we use to parse the ca-bundle, + accepts CR/LF input already, and the trailing LF before the END + CERTIFICATE marker catches naturally any CR/LF line ending, too. So all + we need to care about is the BEGIN CERTIFICATE marker. We do not + actually need to verify here that the line ending is CR/LF. Just + checking for a CR or an LF is really plenty enough. + + Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> + + Closes https://github.com/curl/curl/pull/2592 + +Daniel Stenberg (22 May 2018) +- CURLOPT_ACCEPT_ENCODING.3: add brotli and clarify a bit + +- RELEASE-NOTES: synced + +- KNOWN_BUGS: mention the -O with %-encoded file names + + Closes #2573 + +- checksrc: make sure sizeof() is used *with* parentheses + + ... and unify the source code to adhere. + + Closes #2563 + +- curl: added --styled-output + + It is enabled by default, so --no-styled-output will switch off the + detection/use of bold headers. + + Closes #2538 + +- curl: show headers in bold + + The feature is only enabled if the output is believed to be a tty. + + -J: There's some minor differences and improvements in -J handling, as + now J should work with -i and it actually creates a file first using the + initial name and then *renames* that to the one found in + Content-Disposition (if any). + + -i: only shows headers for HTTP transfers now (as documented). + Previously it would also show for pieces of the transfer that were HTTP + (for example when doing FTP over a HTTP proxy). + + -i: now shows trailers as well. Previously they were not shown at all. + + --libcurl: the CURLOPT_HEADER is no longer set, as the header output is + now done in the header callback. + +- configure: compile-time SIZEOF checks + + ... instead of exeucting code to get the size. Removes the use of + LD_LIBRARY_PATH for this. + + Fixes #2586 + Closes #2589 + Reported-by: Bernhard Walle + +- configure: replace AC_TRY_RUN with CURL_RUN_IFELSE + + ... and export LD_LIBRARY_PATH properly. This is a follow-up from + 2d4c215. + + Fixes #2586 + Reported-by: Bernhard Walle + +- docs: clarify CURLOPT_HTTPGET somewhat + + Reported-by: bsammon on github + Fixes #2590 + +- curl_fnmatch: only allow two asterisks for matching + + The previous limit of 5 can still end up in situation that takes a very + long time and consumes a lot of CPU. + + If there is still a rare use case for this, a user can provide their own + fnmatch callback for a version that allows a larger set of wildcards. + + This commit was triggered by yet another OSS-Fuzz timeout due to this. + Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8369 + + Closes #2587 + +- checksrc: fix too long line + + follow-up to e05ad5d + +- [Aleks brought this change] + + docs: mention HAproxy protocol "version 1" + + ...as there's also a version 2. + + Closes #2579 + +- examples/progressfunc: make it build on older libcurls + + This example was changed in ce2140a8c1 to use the new microsecond based + getinfo option. This change makes it conditionally keep using the older + option so that the example still builds with older libcurl versions. + + Closes #2584 + +- stub_gssapi: fix numerous 'unused parameter' warnings + + follow-up to d9e92fd9fd1d + +- [Philip Prindeville brought this change] + + getinfo: add microsecond precise timers for various intervals + + Provide a set of new timers that return the time intervals using integer + number of microseconds instead of floats. + + The new info names are as following: + + CURLINFO_APPCONNECT_TIME_T + CURLINFO_CONNECT_TIME_T + CURLINFO_NAMELOOKUP_TIME_T + CURLINFO_PRETRANSFER_TIME_T + CURLINFO_REDIRECT_TIME_T + CURLINFO_STARTTRANSFER_TIME_T + CURLINFO_TOTAL_TIME_T + + Closes #2495 + +- openssl: acknowledge --tls-max for default version too + + ... previously it only used the max setting if a TLS version was also + explicitly asked for. + + Reported-by: byte_bucket + Fixes #2571 + Closes #2572 + +- bump: start working on the pending 7.61.0 + +- [Dagobert Michelsen brought this change] + + tests/libtest/Makefile: Do not unconditionally add gcc-specific flags + + The warning flag leads e.g. Sun Studio compiler to bail out. + + Closes #2576 + +- schannel_verify: fix build for non-schannel + +Jay Satiro (16 May 2018) +- rand: fix typo + +- schannel: disable manual verify if APIs not available + + .. because original MinGW and old compilers do not have the Windows API + definitions needed to support manual verification. + +- [Archangel_SDY brought this change] + + schannel: disable client cert option if APIs not available + + Original MinGW targets Windows 2000 by default, which lacks some APIs and + definitions for this feature. Disable it if these APIs are not available. + + Closes https://github.com/curl/curl/pull/2522 + +Version 7.60.0 (15 May 2018) + +Daniel Stenberg (15 May 2018) +- RELEASE-NOTES: 7.60.0 release + +- THANKS: added people from the curl 7.60.0 release + +- docs/libcurl/index.html: removed + + The HTML files are long gone from the dist, now remove the last HTML + file pointing to those missing files. + + d + +- [steini2000 brought this change] + + http2: remove unused variable + + Closes #2570 + +- [steini2000 brought this change] + + http2: use easy handle of stream for logging + +- gcc: disable picky gcc-8 function pointer warnings in two places + + Reported-by: Rikard Falkeborn + Bug: #2560 + Closes #2569 + +- http2: use the correct function pointer typedef + + Fixes gcc-8 picky compiler warnings + Reported-by: Rikard Falkeborn + Bug: #2560 + Closes #2568 + +- CODE_STYLE: mention return w/o parens, but sizeof with + + ... and remove the github markdown syntax so that it renders better on + the web site. Also, don't use back-ticks inlined to allow the CSS to + highlight source code better. + +- [Rikard Falkeborn brought this change] + + examples: Fix format specifiers + + Closes #2561 + +- [Rikard Falkeborn brought this change] + + tool: Fix format specifiers + +- [Rikard Falkeborn brought this change] + + ntlm: Fix format specifiers + +- [Rikard Falkeborn brought this change] + + tests: Fix format specifiers + +- [Rikard Falkeborn brought this change] + + lib: Fix format specifiers + +- contributors.sh: use "on github", not at + +- http2: getsock fix for uploads + + When there's an upload in progress, make sure to wait for the socket to + become writable. + + Detected-by: steini2000 on github + Bug: #2520 + Closes #2567 + +- pingpong: fix response cache memcpy overflow + + Response data for a handle with a large buffer might be cached and then + used with the "closure" handle when it has a smaller buffer and then the + larger cache will be copied and overflow the new smaller heap based + buffer. + + Reported-by: Dario Weisser + CVE: CVE-2018-1000300 + Bug: https://curl.haxx.se/docs/adv_2018-82c2.html + +- http: restore buffer pointer when bad response-line is parsed + + ... leaving the k->str could lead to buffer over-reads later on. + + CVE: CVE-2018-1000301 + Assisted-by: Max Dymond + + Detected by OSS-Fuzz. + Bug: https://curl.haxx.se/docs/adv_2018-b138.html + Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7105 + +Patrick Monnerat (13 May 2018) +- cookies: do not take cookie name as a parameter + + RFC 6265 section 4.2.1 does not set restrictions on cookie names. + This is a follow-up to commit 7f7fcd0. + Also explicitly check proper syntax of cookie name/value pair. + + New test 1155 checks that cookie names are not reserved words. + + Reported-By: anshnd at github + Fixes #2564 + Closes #2566 + +Daniel Stenberg (12 May 2018) +- smb: reject negative file sizes + + Assisted-by: Max Dymond + + Detected by OSS-Fuzz + Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8245 + +- setup_transfer: deal with both sockets being -1 + + Detected by Coverity; CID 1435559. Follow-up to f8d608f38d00. It would + index the array with -1 if neither index was a socket. + +- travis: add build using NSS + + Closes #2558 + +- [Sunny Purushe brought this change] + + openssl: change FILE ops to BIO ops + + To make builds with VS2015 work. Recent changes in VS2015 _IOB_ENTRIES + handling is causing problems. This fix changes the OpenSSL backend code + to use BIO functions instead of FILE I/O functions to circumvent those + problems. + + Closes #2512 + +- travis: add a build using WolfSSL + + Assisted-by: Dan Fandrich + + Closes #2528 + +- RELEASE-NOTES: typo + +- RELEASE-NOTES: synced + +- [Daniel Gustafsson brought this change] + + URLs: fix one more http url + + This file wasn't included in commit 4af40b3646d3b09 which updated all + haxx.se http urls to https. The file was committed prior to that update, + but may have been merged after it and hence didn't get updated. + + Closes #2550 + +- github/lock: auto-lock closed issues after 90 days of inactivity + +- vtls: fix missing commas + + follow-up to e66cca046cef + +- vtls: use unified "supports" bitfield member in backends + + ... instead of previous separate struct fields, to make it easier to + extend and change individual backends without having to modify them all. + + closes #2547 + +- transfer: don't unset writesockfd on setup of multiplexed conns + + Curl_setup_transfer() can be called to setup a new individual transfer + over a multiplexed connection so it shouldn't unset writesockfd. + + Bug: #2520 + Closes #2549 + +- [Frank Gevaerts brought this change] + + configure: put CURLDEBUG and DEBUGBUILD in lib/curl_config.h + + They are removed from the compiler flags. + + This ensures that make dependency tracking will force a rebuild whenever + configure --enable-debug or --enable-curldebug changes. + + Closes #2548 + +- http: don't set the "rewind" flag when not uploading anything + + It triggers an assert. + + Detected by OSS-Fuzz + Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8144 + Closes #2546 + +- travis: add an mbedtls build + + Closes #2531 + +- configure: only check for CA bundle for file-using SSL backends + + When only building with SSL backends that don't use the CA bundle file + (by default), skip the check. + + Fixes #2543 + Fixes #2180 + Closes #2545 + +- ssh-libssh.c: fix left shift compiler warning + + ssh-libssh.c:2429:21: warning: result of '1 << 31' requires 33 bits to + represent, but 'int' only has 32 bits [-Wshift-overflow=] + + 'len' will never be that big anyway so I converted the run-time check to + a regular assert. + +- [Stephan Mühlstrasser brought this change] + + URL: fix ASCII dependency in strcpy_url and strlen_url + + Commit 3c630f9b0af097663a64e5c875c580aa9808a92b partially reverted the + changes from commit dd7521bcc1b7a6fcb53c31f9bd1192fcc884bd56 because of + the problem that strcpy_url() was modified unilaterally without also + modifying strlen_url(). As a consequence strcpy_url() was again + depending on ASCII encoding. + + This change fixes strlen_url() and strcpy_url() in parallel to use a + common host-encoding independent criterion for deciding whether an URL + character must be %-escaped. + + Closes #2535 + +- [Denis Ollier brought this change] + + docs: remove extraneous commas in man pages + + Closes #2544 + +- RELEASE-NOTES: synced + +- Revert "TODO: remove configure --disable-pthreads" + + This reverts commit d5d683a97f9765bddfd964fe32e137aa6e703ed3. + + --disable-pthreads can be used to disable pthreads and get the threaded + resolver to use the windows threading when building with mingw. + +- vtls: don't define MD5_DIGEST_LENGTH for wolfssl + + ... as it defines it (too) + +- TODO: remove configure --disable-pthreads + +Jay Satiro (2 May 2018) +- [David Garske brought this change] + + wolfssl: Fix non-blocking connect + + Closes https://github.com/curl/curl/pull/2542 + +Daniel Stenberg (30 Apr 2018) +- CURLOPT_URL.3: add ENCODING section [ci skip] + + Feedback-by: Michael Kilburn + +- KNOWN_BUGS: Client cert with Issuer DN differs between backends + + Closes #1411 + +- KNOWN_BUGS: Passive transfer tries only one IP address + + Closes #1508 + +- KNOWN_BUGS: --upload-file . hang if delay in STDIN + + Closes #2051 + +- KNOWN_BUGS: Connection information when using TCP Fast Open + + Closes #1332 + +- travis: enable libssh2 on both macos and Linux + + It seems to not be detected by default anymore (which is a bug I + believe) + + Closes #2541 + +- TODO: Support the clienthello extension + + Closes #2299 + +- TODO: CLOEXEC + + Closes #2252 + +- tests: provide 'manual' as a feature to optionally require + + ... and make test 1026 rely on that feature so that --disable-manual + builds don't cause test failures. + + Reported-by: Max Dymond and Anders Roxell + Fixes #2533 + Closes #2540 + +- CURLINFO_PROTOCOL.3: mention the existing defined names + +Jay Satiro (27 Apr 2018) +- [Daniel Gustafsson brought this change] + + cookies: remove unused macro + + Commit 2bc230de63 made the macro MAX_COOKIE_LINE_TXT become unused, + so remove as it's not part of the published API. + + Closes https://github.com/curl/curl/pull/2537 + +Daniel Stenberg (27 Apr 2018) +- [Daniel Gustafsson brought this change] + + checksrc: force indentation of lines after an else + + This extends the INDENTATION case to also handle 'else' statements + and require proper indentation on the following line. Also fixes the + offending cases found in the codebase. + + Closes #2532 + +- http2: fix null pointer dereference in http2_connisdead + + This function can get called on a connection that isn't setup enough to + have the 'recv_underlying' function pointer initialized so it would try + to call the NULL pointer. + + Reported-by: Dario Weisser + + Follow-up to db1b2c7fe9b093f8 (never shipped in a release) + Closes #2536 + +- http2: get rid of another strstr() + + Follow-up to 1514c44655e12e: replace another strstr() call done on a + buffer that might not be zero terminated - with a memchr() call, even if + we know the substring will be found. + + Assisted-by: Max Dymond + + Detected by OSS-Fuzz + Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8021 + + Closes #2534 + +- cyassl: adapt to libraries without TLS 1.0 support built-in + + WolfSSL doesn't enable it by default anymore + +- configure: provide --with-wolfssl as an alias for --with-cyassl + +- RELEASE-NOTES: synced + +- [Daniel Gustafsson brought this change] + + os400.c: fix ASSIGNWITHINCONDITION checksrc warnings + + All occurrences of assignment within conditional expression in + os400sys.c rewritten into two steps: first assignment and then the check + on the success of the assignment. Also adjust related incorrect brace + positions to match project indentation style. + + This was spurred by seeing "if((inp = input_token))", but while in there + all warnings were fixed. + + There should be no functional change from these changes. + + Closes #2525 + +- [Daniel Gustafsson brought this change] + + cookies: ensure that we have cookies before writing jar + + The jar should be written iff there are cookies, so ensure that we still + have cookies after expiration to avoid creating an empty file. + + Closes #2529 + +- strcpy_url: only %-encode values >= 0x80 + + OSS-Fuzz detected + + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8000 + + Broke in dd7521bcc1b7 + +- mime: avoid NULL pointer dereference risk + + Coverity detected, CID 1435120 + + Closes #2527 + +- [Stephan Mühlstrasser brought this change] + + ctype: restore character classification for non-ASCII platforms + + With commit 4272a0b0fc49a1ac0ceab5c4a365c9f6ab8bf8e2 curl-speficic + character classification macros and functions were introduced in + curl_ctype.[ch] to avoid dependencies on the locale. This broke curl on + non-ASCII, e.g. EBCDIC platforms. This change restores the previous set + of character classification macros when CURL_DOES_CONVERSIONS is + defined. + + Closes #2494 + +- ftplistparser: keep state between invokes + + Fixes FTP wildcard parsing when done over a number of read buffers. + + Regression from f786d1f14 + + Reported-by: wncboy on github + Fixes #2445 + Closes #2526 + +- examples/http2-upload: expand buffer to avoid silly warning + + http2-upload.c:135:44: error: ‘%02d’ directive output may be truncated + writing between 2 and 11 bytes into a region of size between 8 and 17 + +- examples/sftpuploadresume: typecast fseek argument to long + + /docs/examples/sftpuploadresume.c:102:12: warning: conversion to 'long + int' from 'curl_off_t {aka long long int}' may alter its value + +- Revert "ftplistparser: keep state between invokes" + + This reverts commit abbc8457d85aca74b7cfda1d394b0844932b2934. + + Caused fuzzer problems on travis not seen when this was a PR! + +- Curl_memchr: zero length input can't match + + Avoids undefined behavior. + + Reported-by: Geeknik Labs + +- ftplistparser: keep state between invokes + + Fixes FTP wildcard parsing when doing over a number of read buffers. + + Regression from f786d1f14 + + Reported-by: wncboy on github + Fixes #2445 + Closes #2519 + +- ftplistparser: renamed some members and variables + + ... to make them better spell out what they're for. + +- RELEASE-NOTES: synced + +- [Christian Schmitz brought this change] + + curl_global_sslset: always provide available backends + + Closes #2499 + +- http2: convert an assert to run-time check + + Fuzzing has proven we can reach code in on_frame_recv with status_code + not having been set, so let's detect that in run-time (instead of with + assert) and error error accordingly. + + (This should no longer happen with the latest nghttp2) + + Detected by OSS-Fuzz + Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7903 + Closes #2514 + +- curl.1: clarify that options and URLs can be mixed + + Fixes #2515 + Closes #2517 + +Jay Satiro (23 Apr 2018) +- [Archangel_SDY brought this change] + + CURLOPT_SSLCERT.3: improve WinSSL-specific usage info + + Ref: https://github.com/curl/curl/pull/2376#issuecomment-381858780 + + Closes https://github.com/curl/curl/pull/2504 + +- [Archangel_SDY brought this change] + + schannel: fix build error on targets <= XP + + - Use CRYPT_STRING_HEX instead of CRYPT_STRING_HEXRAW since XP doesn't + support the latter. + + Ref: https://github.com/curl/curl/pull/2376#issuecomment-382153668 + + Closes https://github.com/curl/curl/pull/2504 + +Daniel Stenberg (23 Apr 2018) +- Revert "ftplistparser: keep state between invokes" + + This reverts commit 8fb78f9ddc6d858d630600059b8ad84a80892fd9. + + Unfortunately this fix introduces memory leaks I've not been able to fix + in several days. Reverting this for now to get the leaks fixed. + +Jay Satiro (21 Apr 2018) +- tool_help: clarify --max-time unit of time is seconds + + Before: + -m, --max-time <time> Maximum time allowed for the transfer + + After: + -m, --max-time <seconds> Maximum time allowed for the transfer + +Daniel Stenberg (20 Apr 2018) +- http2: handle GOAWAY properly + + When receiving REFUSED_STREAM, mark the connection for close and retry + streams accordingly on another/fresh connection. + + Reported-by: Terry Wu + Fixes #2416 + Fixes #1618 + Closes #2510 + +- http2: clear the "drain counter" when a stream is closed + + This fixes the notorious "httpc->drain_total >= data->state.drain" + assert. + + Reported-by: Anders Bakken + + Fixes #1680 + Closes #2509 + +- http2: avoid strstr() on data not zero terminated + + It's not strictly clear if the API contract allows us to call strstr() + on a string that isn't zero terminated even when we know it will find + the substring, and clang's ASAN check dislikes us for it. + + Also added a check of the return code in case it fails, even if I can't + think of a situation how that can trigger. + + Detected by OSS-Fuzz + Closes #2513 + Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7760 + +- [Stephan Mühlstrasser brought this change] + + openssl: fix subjectAltName check on non-ASCII platforms + + Curl_cert_hostcheck operates with the host character set, therefore the + ASCII subjectAltName string retrieved with OpenSSL must be converted to + the host encoding before comparison. + + Closes #2493 + +Jay Satiro (20 Apr 2018) +- openssl: Add support for OpenSSL 1.1.1 verbose-mode trace messages + + - Support handling verbose-mode trace messages of type + SSL3_RT_INNER_CONTENT_TYPE, SSL3_MT_ENCRYPTED_EXTENSIONS, + SSL3_MT_END_OF_EARLY_DATA, SSL3_MT_KEY_UPDATE, SSL3_MT_NEXT_PROTO, + SSL3_MT_MESSAGE_HASH + + Reported-by: iz8mbw@users.noreply.github.com + + Fixes https://github.com/curl/curl/issues/2403 + +Daniel Stenberg (19 Apr 2018) +- ftplistparser: keep state between invokes + + Regression from f786d1f14 + + Reported-by: wncboy on github + Fixes #2445 + Closes #2508 + +- detect_proxy: only show proxy use if it had contents + +- http2: handle on_begin_headers() called more than once + + This triggered an assert if called more than once in debug mode (and a + memory leak if not debug build). With the right sequence of HTTP/2 + headers incoming it can happen. + + Detected by OSS-Fuzz + + Closes #2507 + Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7764 + +Jay Satiro (18 Apr 2018) +- [Dan McNulty brought this change] + + schannel: add support for CURLOPT_CAINFO + + - Move verify_certificate functionality in schannel.c into a new + file called schannel_verify.c. Additionally, some structure defintions + from schannel.c have been moved to schannel.h to allow them to be + used in schannel_verify.c. + + - Make verify_certificate functionality for Schannel available on + all versions of Windows instead of just Windows CE. verify_certificate + will be invoked on Windows CE or when the user specifies + CURLOPT_CAINFO and CURLOPT_SSL_VERIFYPEER. + + - In verify_certificate, create a custom certificate chain engine that + exclusively trusts the certificate store backed by the CURLOPT_CAINFO + file. + + - doc updates of --cacert/CAINFO support for schannel + + - Use CERT_NAME_SEARCH_ALL_NAMES_FLAG when invoking CertGetNameString + when available. This implements a TODO in schannel.c to improve + handling of multiple SANs in a certificate. In particular, all SANs + will now be searched instead of just the first name. + + - Update tool_operate.c to not search for the curl-ca-bundle.crt file + when using Schannel to maintain backward compatibility. Previously, + any curl-ca-bundle.crt file found in that search would have been + ignored by Schannel. But, with CAINFO support, the file found by + that search would have been used as the certificate store and + could cause issues for any users that have curl-ca-bundle.crt in + the search path. + + - Update url.c to not set the build time CURL_CA_BUNDLE if the selected + SSL backend is Schannel. We allow setting CA location for schannel + only when explicitly specified by the user via CURLOPT_CAINFO / + --cacert. + + - Add new test cases 3000 and 3001. These test cases check that the first + and last SAN, respectively, matches the connection hostname. New test + certificates have been added for these cases. For 3000, the certificate + prefix is Server-localhost-firstSAN and for 3001, the certificate + prefix is Server-localhost-secondSAN. + + - Remove TODO 15.2 (Add support for custom server certificate + validation), this commit addresses it. + + Closes https://github.com/curl/curl/pull/1325 + +- schannel: fix warning + + - Fix warning 'integer from pointer without a cast' on 3rd arg in + CertOpenStore. The arg type HCRYPTPROV may be a pointer or integer + type of the same size. + + Follow-up to e35b025. + + Caught by Marc's CI builds. + +- [Jakub Wilk brought this change] + + docs: fix typos + + Closes https://github.com/curl/curl/pull/2503 + +Daniel Stenberg (17 Apr 2018) +- RELEASE-NOTES: synced + +Jay Satiro (17 Apr 2018) +- [Kees Dekker brought this change] + + winbuild: Support custom devel paths for each dependency + + - Support custom devel paths for c-ares, mbedTLS, nghttp2, libSSH2, + OpenSSL and zlib. Respectively: CARES_PATH, MBEDTLS_PATH, + NGHTTP2_PATH, SSH2_PATH, SSL_PATH and ZLIB_PATH. + + - Use lib.exe for making the static library instead of link.exe /lib. + The latter is undocumented and could cause problems as noted in the + comments. + + - Remove a dangling URL that no longer worked. (I was not able to find + the IDN download at MSDN/microsoft.com, so it seems to be removed.) + + - Remove custom override for release-ssh2-ssl-dll-zlib configuration. + Nobody knows why it was there and as far as we can see is unnecessary. + + Closes https://github.com/curl/curl/pull/2474 + +Daniel Stenberg (17 Apr 2018) +- [Jess brought this change] + + README.md: add backers and sponsors + + Closes #2484 + +- [Archangel_SDY brought this change] + + schannel: add client certificate authentication + + Users can now specify a client certificate in system certificates store + explicitly using expression like `--cert "CurrentUser\MY\<thumbprint>"` + + Closes #2376 + +Marcel Raad (16 Apr 2018) +- [toughengineer brought this change] + + ntlm_sspi: fix authentication using Credential Manager + + If you pass empty user/pass asking curl to use Windows Credential + Storage (as stated in the docs) and it has valid credentials for the + domain, e.g. + curl -v -u : --ntlm example.com + currently authentication fails. + This change fixes it by providing proper SPN string to the SSPI API + calls. + + Fixes https://github.com/curl/curl/issues/1622 + Closes https://github.com/curl/curl/pull/1660 + +Daniel Stenberg (16 Apr 2018) +- configure: keep LD_LIBRARY_PATH changes local + + ... only set it when we actually have to run tests to reduce its impact + on for example build commands etc. + + Fixes #2490 + Closes #2492 + + Reported-by: Dmitry Mikhirev + +Marcel Raad (16 Apr 2018) +- urldata: make service names unconditional + + The ifdefs have become quite long. Also, the condition for the + definition of CURLOPT_SERVICE_NAME and for setting it from + CURLOPT_SERVICE_NAME have diverged. We will soon also need the two + options for NTLM, at least when using SSPI, for + https://github.com/curl/curl/pull/1660. + Just make the definitions unconditional to make that easier. + + Closes https://github.com/curl/curl/pull/2479 + +Daniel Stenberg (16 Apr 2018) +- test1148: tolerate progress updates better + + Fixes #2446 + Closes #2488 + +- [Christian Schmitz brought this change] + + ssh: show libSSH2 error code when closing fails + + Closes #2500 + +Jay Satiro (15 Apr 2018) +- [Daniel Gustafsson brought this change] + + vauth: Fix typo + + Address various spellings of "credentials". + + Closes https://github.com/curl/curl/pull/2496 + +- [Dagobert Michelsen brought this change] + + system.h: Add sparcv8plus to oracle/sunpro 32-bit detection + + With specific compiler options selecting the arch like -xarch=sparc on + newer compilers like Oracle Studio 12.4 there is no definition of + __sparcv8 but __sparcv8plus which means the V9 ISA, but limited to the + 32ÎíÎñbit subset defined by the V8plus ISA specification, without the + Visual Instruction Set (VIS), and without other implementation-specific + ISA extensions. So it should be the same as __sparcv8. + + Closes https://github.com/curl/curl/pull/2491 + +- [Daniel Gustafsson brought this change] + + checksrc: Fix typo + + Fix typo in "semicolon" spelling and remove stray tab character. + + Closes https://github.com/curl/curl/pull/2498 + +- [Daniel Gustafsson brought this change] + + all: Refactor malloc+memset to use calloc + + When a zeroed out allocation is required, use calloc() rather than + malloc() followed by an explicit memset(). The result will be the + same, but using calloc() everywhere increases consistency in the + codebase and avoids the risk of subtle bugs when code is injected + between malloc and memset by accident. + + Closes https://github.com/curl/curl/pull/2497 + +Daniel Stenberg (12 Apr 2018) +- duphandle: make sure CURLOPT_RESOLVE is duplicated fine too + + Verified in test 1502 now + + Fixes #2485 + Closes #2486 + Reported-by: Ernst Sjöstrand + +- mailmap: add a monnerat fixup [ci skip] + +- proxy: show getenv proxy use in verbose output + + ... to aid debugging etc as it sometimes isn't immediately obvious why + curl uses or doesn't use a proxy. + + Inspired by #2477 + + Closes #2480 + +- travis: build libpsl and make builds use it + + closes #2471 + +- travis: bump to clang 6 and gcc 7 + + Extra-eye-on-this-by: Marcel Raad + + Closes #2478 + +Marcel Raad (10 Apr 2018) +- travis: use trusty for coverage build + + This works now and precise is in the process of being decommissioned. + + Closes https://github.com/curl/curl/pull/2476 + +- lib: silence null-dereference warnings + + In debug mode, MingGW-w64's GCC 7.3 issues null-dereference warnings + when dereferencing pointers after DEBUGASSERT-ing that they are not + NULL. + Fix this by removing the DEBUGASSERTs. + + Suggested-by: Daniel Stenberg + Ref: https://github.com/curl/curl/pull/2463 + +- [Kees Dekker brought this change] + + winbuild: fix URL + + Follow up on https://github.com/curl/curl/pull/2472. + Now using en-us instead of nl-nl as language code in the URL. + + Closes https://github.com/curl/curl/pull/2475 + +Daniel Stenberg (9 Apr 2018) +- [Kees Dekker brought this change] + + winbuild: updated the documentation + + The setenv command no longer exists and visual studio build prompts got + changed. Used Visual Studio 2015/2017 as reference. + + Closes #2472 + +- test1136: fix cookie order after commit c990eadd1277 + +- build: cleanup to fix clang warnings/errors + + unit1309 and vtls/gtls: error: arithmetic on a null pointer treated as a + cast from integer to pointer is a GNU extension + + Reported-by: Rikard Falkeborn + + Fixes #2466 + Closes #2468 + +Jay Satiro (7 Apr 2018) +- examples/sftpuploadresmue: Fix Windows large file seek + + - Use _fseeki64 instead of fseek (long) to seek curl_off_t in Windows. + + - Use CURL_FORMAT_CURL_OFF_T specifier instead of %ld to print + curl_off_t. + + Caught by Marc's CI builds. + +Daniel Stenberg (7 Apr 2018) +- curl_setup: provide a CURL_SA_FAMILY_T type if none exists + + ... and use this type instead of 'sa_family_t' in the code since several + platforms don't have it. + + Closes #2463 + +- [Eric Gallager brought this change] + + build: add picky compiler warning flags for gcc 6 and 7 + +- configure: detect sa_family_t + +Jay Satiro (7 Apr 2018) +- [Stefan Agner brought this change] + + tool_operate: Fix retry on FTP 4xx to ignore other protocols + + Only treat response code as FTP response codes in case the + protocol type is FTP. + + This fixes an issue where an HTTP download was treated as FTP + in case libcurl returned with 33. This happens when the + download has already finished and the server responses 416: + HTTP/1.1 416 Requested Range Not Satisfiable + + This should not be treated as an FTP error. + + Fixes #2464 + Closes #2465 + +Daniel Stenberg (6 Apr 2018) +- hash: calculate sizes with size_t instead of longs + + ... since they return size_t anyway! + + closes #2462 + +- RELEASE-NOTES: synced + +- [Jay Satiro brought this change] + + build-openssl.bat: Refer to VS2017 as VC14.1 instead of VC15 + + .. and do the same for build-wolfssl.bat. + + Because MS calls it VC14.1. + + Closes https://github.com/curl/curl/pull/2189 + +- [Kees Dekker brought this change] + + winbuild: make the clean target work without build-type + + Due to the check in Makefile.vc and MakefileBuild.vc, no make call can + be invoked unless a build-type was specified. However, a clean target + only existed when a build type was specified. As a result, the clean + target was unreachable. Made clean target unconditional. + + Closes #2455 + +- [patelvivekv1993 brought this change] + + build-openssl.bat: allow custom paths for VS and perl + + Fixes #2430 + Closes #2457 + +- [Laurie Clark-Michalek brought this change] + + FTP: allow PASV on IPv6 connections when a proxy is being used + + In the situation of a client connecting to an FTP server using an IPv6 + tunnel proxy, the connection info will indicate that the connection is + IPv6. However, because the server behing the proxy is IPv4, it is + permissable to attempt PSV mode. In the case of the FTP server being + IPv4 only, EPSV will always fail, and with the current logic curl will + be unable to connect to the server, as the IPv6 fwdproxy causes curl to + think that EPSV is impossible. + + Closes #2432 + +- [Jon DeVree brought this change] + + file: restore old behavior for file:////foo/bar URLs + + curl 7.57.0 and up interpret this according to Appendix E.3.2 of RFC + 8089 but then returns an error saying this is unimplemented. This is + actually a regression in behavior on both Windows and Unix. + + Before curl 7.57.0 this URL was treated as a path of "//foo/bar" and + then passed to the relevant OS API. This means that the behavior of this + case is actually OS dependent. + + The Unix path resolution rules say that the OS must handle swallowing + the extra "/" and so this path is the same as "/foo/bar" + + The Windows path resolution rules say that this is a UNC path and + automatically handles the SMB access for the program. So curl on Windows + was already doing Appendix E.3.2 without any special code in curl. + + Regression + + Closes #2438 + +- [Gaurav Malhotra brought this change] + + Revert "openssl: Don't add verify locations when verifypeer==0" + + This reverts commit dc85437736e1fc90e689bb1f6c51c8f1aa9430eb. + + libcurl (with the OpenSSL backend) performs server certificate verification + even if verifypeer == 0 and the verification result is available using + CURLINFO_SSL_VERIFYRESULT. The commit that is being reverted caused the + CURLINFO_SSL_VERIFYRESULT to not have useful information for the + verifypeer == 0 use case (it would always have + X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY). + + Closes #2451 + +- [Wyatt O'Day brought this change] + + tls: fix mbedTLS 2.7.0 build + handle sha256 failures + + (mbedtls 2.70 compiled with MBEDTLS_DEPRECATED_REMOVED) + + Closes #2453 + +- [Lauri Kasanen brought this change] + + cookie: case-insensitive hashing for the domains + + closes #2458 + +Patrick Monnerat (4 Apr 2018) +- cookie: fix and optimize 2nd top level domain name extraction + + This fixes a segfault occurring when a name of the (invalid) form "domain..tld" + is processed. + + test46 updated to cover this case. + + Follow-up to commit c990ead. + + Ref: https://github.com/curl/curl/pull/2440 + +Daniel Stenberg (4 Apr 2018) +- openssl: provide defines for argument typecasts to build warning-free + + ... as OpenSSL >= 1.1.0 and libressl >= 2.7.0 use different argument types. + +- [Bernard Spil brought this change] + + openssl: fix build with LibreSSL 2.7 + + - LibreSSL 2.7 implements (most of) OpenSSL 1.1 API + + Fixes #2319 + Closes #2447 + Closes #2448 + + Signed-off-by: Bernard Spil <brnrd@FreeBSD.org> + +- [Lauri Kasanen brought this change] + + cookie: store cookies per top-level-domain-specific hash table + + This makes libcurl handle thousands of cookies much better and speedier. + + Closes #2440 + +- [Lauri Kasanen brought this change] + + cookies: when reading from a file, only remove_expired once + + This drops the cookie load time for 8k cookies from 178ms to 15ms. + + Closes #2441 + +- test1148: set a fixed locale for the test + + ...as otherwise it might use a different decimal sign. + + Bug: #2436 + Reported-by: Oumph on github + +Jay Satiro (31 Mar 2018) +- docs: fix CURLINFO_*_T examples use of CURL_FORMAT_CURL_OFF_T + + - Put a percent sign before each CURL_FORMAT_CURL_OFF_T in printf. + + For example "%" CURL_FORMAT_CURL_OFF_T becomes %lld or similar. + + Bug: https://curl.haxx.se/mail/lib-2018-03/0140.html + Reported-by: David L. + +Sergei Nikulov (27 Mar 2018) +- [Michał Janiszewski brought this change] + + cmake: Add advapi32 as explicit link library for win32 + + ARM targets need advapi32 explicitly. + + Closes #2363 + +Daniel Stenberg (27 Mar 2018) +- TODO: connection cache sharing is now supporte + +Jay Satiro (26 Mar 2018) +- travis: enable apt retry on fail + + This is a workaround for an unsolved travis issue that is causing CI + instances to sporadically fail due to 'unable to connect' issues during + apt stage. + + Ref: https://github.com/travis-ci/travis-ci/issues/8507 + Ref: https://github.com/travis-ci/travis-ci/issues/9112#issuecomment-376305909 + +Michael Kaufmann (26 Mar 2018) +- runtests.pl: fix warning 'use of uninitialized value' + + follow-up to a9a7b60 + + Closes #2428 + +Daniel Stenberg (24 Mar 2018) +- gitignore: ignore more generated files + +- threaded resolver: track resolver time and set suitable timeout values + + In order to make curl_multi_timeout() return suitable "sleep" times even + when there's no socket to wait for while the name is being resolved in a + helper thread. + + It will increases the timeouts as time passes. + + Closes #2419 + +- [Howard Chu brought this change] + + openldap: fix for NULL return from ldap_get_attribute_ber() + + Closes #2399 + +GitHub (22 Mar 2018) +- [Sergei Nikulov brought this change] + + travis-ci: enable -Werror for CMake builds (#2418) + +- [Sergei Nikulov brought this change] + + cmake: avoid warn-as-error during config checks (#2411) + + - Move the CURL_WERROR option processing after the configuration checks + to avoid failures in case of warnings during the configuration checks. + + This is a partial fix for #2358 + +- [Sergei Nikulov brought this change] + + timeval: remove compilation warning by casting (#2417) + + This is fixes #2358 + +Daniel Stenberg (22 Mar 2018) +- http2: read pending frames (including GOAWAY) in connection-check + + If a connection has received a GOAWAY frame while not being used, the + function now reads frames off the connection before trying to reuse it + to avoid reusing connections the server has told us not to use. + + Reported-by: Alex Baines + Fixes #1967 + Closes #2402 + +- [Bas van Schaik brought this change] + + CI: add lgtm.yml for tweaking lgtm.com analysis + + Closes #2414 + +- CURLINFO_SSL_VERIFYRESULT.3: fix the example, add some text + + Reported-by: Michal Trybus + + Fixes #2400 + +- TODO: expand ~/ in config files + + Closes #2317 + +- cookie.d: mention that "-" as filename means stdin + + Reported-by: Dongliang Mu + Fixes #2410 + +- CURLINFO_COOKIELIST.3: made the example not leak memory + + Reported-by: Muz Dima + +- vauth/cleartext: fix integer overflow check + + Make the integer overflow check not rely on the undefined behavior that + a size_t wraps around on overflow. + + Detected by lgtm.com + Closes #2408 + +- lib/curl_path.h: add #ifdef header guard + + Detected by lgtm.com + +- vauth/ntlm.h: fix the #ifdef header guard + + Detected by lgtm.com + +Jay Satiro (20 Mar 2018) +- examples/hiperfifo: checksrc compliance + +Daniel Stenberg (19 Mar 2018) +- [Nikos Tsipinakis brought this change] + + parsedate: support UT timezone + + RFC822 section 5.2 mentions Universal Time, 'UT', to be synonymous with + GMT. + + Closes #2401 + +- RELEASE-NOTES: synced + +- [Don brought this change] + + cmake: add support for brotli + + Currently CMake cannot detect Brotli support. This adds detection of the + libraries and associated header files. It also adds this to the + generated config. + + Closes #2392 + +- [Chris Araman brought this change] + + darwinssl: fix iOS build + +Patrick Monnerat (18 Mar 2018) +- ILE/RPG binding: Add CURLOPT_HAPROXYPROTOCOL/Fix CURLOPT_DNS_SHUFFLE_ADDRESSES + +Daniel Stenberg (17 Mar 2018) +- [Rick Deist brought this change] + + resolve: add CURLOPT_DNS_SHUFFLE_ADDRESSES + + This patch adds CURLOPT_DNS_SHUFFLE_ADDRESSES to explicitly request + shuffling of IP addresses returned for a hostname when there is more + than one. This is useful when the application knows that a round robin + approach is appropriate and is willing to accept the consequences of + potentially discarding some preference order returned by the system's + implementation. + + Closes #1694 + +- add_handle/easy_perform: clear errorbuffer on start if set + + To offer applications a more defined behavior, we clear the buffer as + early as possible. + + Assisted-by: Jay Satiro + + Fixes #2190 + Closes #2377 + +- [Lawrence Matthews brought this change] + + CURLOPT_HAPROXYPROTOCOL: support the HAProxy PROXY protocol + + Add --haproxy-protocol for the command line tool + + Closes #2162 + +- curl_version_info.3: fix ssl_version description + + Reported-by: Vincas Razma + Fixes #2364 + +- multi: improved pending transfers handling => improved performance + + When a transfer is requested to get done and it is put in the pending + queue when limited by number of connections, total or per-host, libcurl + would previously very aggressively retry *ALL* pending transfers to get + them transferring. That was very time consuming. + + By reducing the aggressiveness in how pending are being retried, we + waste MUCH less time on putting transfers back into pending again. + + Some test cases got a factor 30(!) speed improvement with this change. + + Reported-by: Cyril B + Fixes #2369 + Closes #2383 + +- pause: when changing pause state, update socket state + + Especially unpausing a transfer might have to move the socket back to the + "currently used sockets" hash to get monitored. Otherwise it would never get + any more data and get stuck. Easily triggered with pausing using the + multi_socket API. + + Reported-by: Philip Prindeville + Bug: https://curl.haxx.se/mail/lib-2018-03/0048.html + Fixes #2393 + Closes #2391 + +- [Philip Prindeville brought this change] + + examples/hiperfifo.c: improved + + * use member struct event’s instead of pointers to alloc’d struct + events + + * simplify the cases for the mcode_or_die() function via macros; + + * make multi_timer_cb() actually do what the block comment says it + should; + + * accept a “stop” command on the FIFO to shut down the service; + + * use cleaner notation for unused variables than the (void) hack; + + * allow following redirections (304’s); + +- rate-limit: use three second window to better handle high speeds + + Due to very frequent updates of the rate limit "window", it could + attempt to rate limit within the same milliseconds and that then made + the calculations wrong, leading to it not behaving correctly on very + fast transfers. + + This new logic updates the rate limit "window" to be no shorter than the + last three seconds and only updating the timestamps for this when + switching between the states TOOFAST/PERFORM. + + Reported-by: 刘佩东 + Fixes #2386 + Closes #2388 + +- [luz.paz brought this change] + + cleanup: misc typos in strings and comments + + Found via `codespell` + + Closes #2389 + +- RELEASE-NOTES: toward 7.60.0 + +- [Kobi Gurkan brought this change] + + http2: fixes typo + + Closes #2387 + +- user-agent.d:: mention --proxy-header as well + + Bug: https://github.com/curl/curl/issues/2381 + +- transfer: make HTTP without headers count correct body size + + This is what "HTTP/0.9" basically looks like. + + Reported on IRC + + Closes #2382 + +- test1208: marked flaky + + It fails somewhere between every 3rd to 10th travis-CI run + +- SECURITY-PROCESS: mention how we write/add advisories + +- [dasimx brought this change] + + FTP: fix typo in recursive callback detection for seeking + + Fixes #2380 + +Version 7.59.0 (13 Mar 2018) + +Daniel Stenberg (13 Mar 2018) +- release: 7.59.0 + +Kamil Dudka (13 Mar 2018) +- tests/.../spnego.py: fix identifier typo + + Detected by Coverity Analysis: + + Error: IDENTIFIER_TYPO: + curl-7.58.0/tests/python_dependencies/impacket/spnego.py:229: identifier_typo: Using "SuportedMech" appears to be a typo: + * Identifier "SuportedMech" is only known to be referenced here, or in copies of this code. + * Identifier "SupportedMech" is referenced elsewhere at least 4 times. + curl-7.58.0/tests/python_dependencies/impacket/smbserver.py:2651: identifier_use: Example 1: Using identifier "SupportedMech". + curl-7.58.0/tests/python_dependencies/impacket/smbserver.py:2308: identifier_use: Example 2: Using identifier "SupportedMech". + curl-7.58.0/tests/python_dependencies/impacket/spnego.py:252: identifier_use: Example 3: Using identifier "SupportedMech" (2 total uses in this function). + curl-7.58.0/tests/python_dependencies/impacket/spnego.py:229: remediation: Should identifier "SuportedMech" be replaced by "SupportedMech"? + + Closes #2379 + +Daniel Stenberg (13 Mar 2018) +- CURLOPT_COOKIEFILE.3: "-" as file name means stdin + + Reported-by: Aron Bergman + Bug: https://curl.haxx.se/mail/lib-2018-03/0049.html + + [ci skip] + +- Revert "hostip: fix compiler warning: 'variable set but not used'" + + This reverts commit a577059f92fc65bd6b81717f0737f897a5b34248. + + The assignment really needs to be there or we risk working with an + uninitialized pointer. + +Michael Kaufmann (12 Mar 2018) +- limit-rate: fix compiler warning + + follow-up to 72a0f62 + +Viktor Szakats (12 Mar 2018) +- checksrc.pl: add -i and -m options + + To sync it with changes made for the libssh2 project. + Also cleanup some whitespace. + +- curl-openssl.m4: fix spelling [ci skip] + +- FAQ: fix a broken URL [ci skip] + +Daniel Stenberg (12 Mar 2018) +- http2: mark the connection for close on GOAWAY + + ... don't consider it an error! + + Assisted-by: Jay Satiro + Reported-by: Łukasz Domeradzki + Fixes #2365 + Closes #2375 + +- credits: Viktor prefers without accent + +- openldap: white space changes, fixed up the copyright years + +- openldap: check ldap_get_attribute_ber() results for NULL before using + + CVE-2018-1000121 + Reported-by: Dario Weisser + Bug: https://curl.haxx.se/docs/adv_2018-97a2.html + +- FTP: reject path components with control codes + + Refuse to operate when given path components featuring byte values lower + than 32. + + Previously, inserting a %00 sequence early in the directory part when + using the 'singlecwd' ftp method could make curl write a zero byte + outside of the allocated buffer. + + Test case 340 verifies. + + CVE-2018-1000120 + Reported-by: Duy Phan Thanh + Bug: https://curl.haxx.se/docs/adv_2018-9cd6.html + +- readwrite: make sure excess reads don't go beyond buffer end + + CVE-2018-1000122 + Bug: https://curl.haxx.se/docs/adv_2018-b047.html + + Detected by OSS-fuzz + +- BUGS: updated link to security process + +- limit-rate: kick in even before "limit" data has been received + + ... and make sure to avoid integer overflows with really large values. + + Reported-by: 刘佩东 + Fixes #2371 + Closes #2373 + +- docs/SECURITY.md -> docs/SECURITY-PROCESS.md + +- SECURITY.md: call it the security process + +Michael Kaufmann (11 Mar 2018) +- Curl_range: fix FTP-only and FILE-only builds + + follow-up to e04417d + +- hostip: fix compiler warning: 'variable set but not used' + +Daniel Stenberg (11 Mar 2018) +- HTTP: allow "header;" to replace an internal header with a blank one + + Reported-by: Michael Kaufmann + Fixes #2357 + Closes #2362 + +- http2: verbose output new MAX_CONCURRENT_STREAMS values + + ... as it is interesting for many users. + +- SECURITY: distros' max embargo time is 14 days now + +Patrick Monnerat (8 Mar 2018) +- curl tool: accept --compressed also if Brotli is enabled and zlib is not. + +Daniel Stenberg (5 Mar 2018) +- THANKS + mailmap: remove duplicates, fixup full names + +- [sergii.kavunenko brought this change] + + WolfSSL: adding TLSv1.3 + + Closes #2349 diff --git a/libs/libcurl/docs/COPYING b/libs/libcurl/docs/COPYING index 560a49dcee..3528bd7566 100644 --- a/libs/libcurl/docs/COPYING +++ b/libs/libcurl/docs/COPYING @@ -1,6 +1,6 @@ COPYRIGHT AND PERMISSION NOTICE -Copyright (c) 1996 - 2018, Daniel Stenberg, <daniel@haxx.se>, and many +Copyright (c) 1996 - 2019, Daniel Stenberg, <daniel@haxx.se>, and many contributors, see the THANKS file. All rights reserved. diff --git a/libs/libcurl/docs/THANKS b/libs/libcurl/docs/THANKS index 646794b387..58a8322ba5 100644 --- a/libs/libcurl/docs/THANKS +++ b/libs/libcurl/docs/THANKS @@ -9,8 +9,11 @@ Aaro Koskinen Aaron Oneal Aaron Orenstein +Aaron Scarisbrick Abram Pousada +Adam Barclay Adam Brown +Adam Coyne Adam D. Moss Adam Langley Adam Light @@ -18,6 +21,7 @@ Adam Marcionek Adam Piggott Adam Sampson Adam Tkac +Adrian Burcea Adrian Peniak Adrian Schuur Adriano Meirelles @@ -31,7 +35,6 @@ Alan Jenkins Alan Pinstein Albert Chin-A-Young Albert Choy -Ale Vesely Alejandro Alvarez Ayllon Alejandro R. Sedeño Aleksandar Milivojevic @@ -91,8 +94,8 @@ Andi Jahja Andre Guibert de Bruet Andre Heinecke Andreas Damm -Andreas Faerber Andreas Farber +Andreas Kostyrka Andreas Malzahn Andreas Ntaflos Andreas Olsson @@ -106,6 +109,7 @@ Andrei Benea Andrei Cipu Andrei Karas Andrei Kurushin +Andrei Neculau Andrei Sedoi Andrei Virtosu Andrej E Baranov @@ -160,7 +164,9 @@ Ates Goral Augustus Saunders Avery Fay Axel Tillequin +Ayoub Boudhar Balaji Parasuram +Balaji S Rao Balaji Salunke Balint Szilakszi Barry Abrahamson @@ -171,6 +177,7 @@ Basuke Suzuki Ben Boeckel Ben Darnell Ben Greear +Ben Kohler Ben Madsen Ben Noordhuis Ben Van Hof @@ -180,11 +187,13 @@ Benjamin Gerard Benjamin Gilbert Benjamin Johnson Benjamin Kircher +Benjamin Ritcey Benjamin Sergeant Benoit Neil Benoit Sigoure Bernard Leak Bernard Spil +Bernhard Iselborn Bernhard M. Wiedemann Bernhard Reutner-Fischer Bernhard Walle @@ -219,9 +228,11 @@ Brendan Jurd Brent Beardsley Brian Akins Brian Carpenter +Brian Chaplin Brian Childs Brian Chrisman Brian Dessent +Brian E. Gallew Brian J. Murrell Brian Prodoehl Brian R Duffy @@ -289,6 +300,7 @@ Chungtsun Li Ciprian Badescu Claes Jakobsson Clarence Gardner +Claudio Neves Clemens Gruber Clifford Wolf Clint Clayton @@ -302,6 +314,7 @@ Colm Buckley Constantine Sapuntzakis Cory Benfield Cory Nelson +Costya Shulyupin Craig A West Craig Davison Craig Markwardt @@ -323,7 +336,6 @@ Damian Dixon Damien Adant Damien Vielpeau Dan Becker -Dan C Dan Cristian Dan Donahue Dan Fandrich @@ -391,11 +403,11 @@ David Lang David LeBlanc David Lord David McCreedy -David Meyer David Odin David Phillips David Rosenstrauch David Ryskalczyk +David Sanderson David Schweikert David Shaw David Strauss @@ -506,12 +518,14 @@ Eric Mertens Eric Rautman Eric Rescorla Eric Ridge +Eric Rosenquist Eric S. Raymond Eric Thelin Eric Vergnaud Eric Wong Eric Young Erick Nuwendam +Erik Jacobsen Erik Janssen Erik Johansson Erik Minekus @@ -520,6 +534,7 @@ Ernst Sjöstrand Erwan Legrand Erwin Authried Ethan Glasser Camp +Etienne Simard Eugene Kotlyarov Evan Jordan Even Rouault @@ -534,14 +549,17 @@ Fabian Ruff Fabrice Fontaine Fabrizio Ammollo Fahim Chandurwala +Federico Bianchi Fedor Karpelevitch Feist Josselin +Felix Hädicke Felix Kaiser Felix Yan Felix von Leitner Feng Tu Fernando Muñoz Flavio Medeiros +Florian Pritz Florian Schoppmann Florian Weimer Florin Petriuc @@ -593,7 +611,9 @@ Gil Weber Gilad Gilbert Ramirez Jr. Gilles Blanc +Giorgos Oikonomou Gisle Vanem +GitYuanQu on github Giuseppe Attardi Giuseppe D'Ambrosio Giuseppe Persico @@ -613,10 +633,10 @@ Greg Onufer Greg Pratt Greg Rowe Greg Zavertnik +Gregory Nicholls Gregory Szorc Grigory Entin Guenole Bescon -Guenter Knauf Guido Berhoerster Guillaume Arluison Gunter Knauf @@ -627,6 +647,7 @@ Gwenole Beauchesne Gökhan Şengün Götz Babin-Ebell Hagai Auro +Haibo Huang Hamish Mackenzie Han Han Han Qiao @@ -647,9 +668,11 @@ He Qin Heikki Korpela Heinrich Ko Heinrich Schaefer +Helge Klein Helmut K. C. Tessarek Helwing Lutz Hendrik Visage +Henri Gomez Henrik Gaßmann Henrik Storner Henry Ludemann @@ -659,8 +682,10 @@ Hidemoto Nakada Ho-chi Chen Hoi-Ho Chan Hongli Lai +Howard Blaise Howard Chu Hubert Kario +Huzaifa Sidhpurwala Hzhijun Ian D Allen Ian Fette @@ -671,6 +696,7 @@ Ian Turner Ian Wilkes Ignacio Vazquez-Abrams Igor Franchuk +Igor Khristophorov Igor Novoseltsev Igor Polyakov Ihor Karpenko @@ -683,6 +709,7 @@ Ingmar Runge Ingo Ralf Blum Ingo Wilken Irfan Adilovic +Irving Wolfe Isaac Boukris Ishan SinghLevett Ithubg on github @@ -720,10 +747,12 @@ Jan Kunder Jan Schaumann Jan Schmidt Jan Van Boghout +Janne Johansson Jared Jennings Jared Lundell Jari Aalto Jari Sundell +Jason Baietto Jason Glasgow Jason Juang Jason Liu @@ -756,6 +785,8 @@ Jeff Pohlmeyer Jeff Weber Jeffrey Walton Jens Rantil +Jens Schleusener +Jeremie Rapin Jeremy Friesner Jeremy Huddleston Jeremy Lin @@ -796,7 +827,9 @@ Johan Nilsson Johan van Selst Johannes Bauer Johannes Ernst +Johannes G. Kristinsson Johannes Schindelin +John A. Bristor John Bradshaw John Butterfield John Coffey @@ -821,7 +854,9 @@ John McGowan John P. McCaskey John Starks John Suprock +John V. Chow John Wanghui +John Weismiller John Wilkinson John-Mark Bell Johnny Luong @@ -840,7 +875,6 @@ Jonas Schnelli Jonatan Lander Jonatan Vela Jonathan Cardoso Machado -Jonathan Cardoso Machado Machado Jonathan Hseu Jonathan Nieder Jongki Suwandi @@ -851,6 +885,7 @@ Josef Wolf Josh Bialkowski Josh Kapell Joshua Kwan +Joshua Swink Josue Andrade Gomes Jozef Kralik Juan Barreto @@ -862,7 +897,9 @@ Juergen Wilke Jukka Pihl Julian Noble Julian Ospald +Julian Romero Nieto Julian Taylor +Julian Z Julien Chaffraix Julien Nabet Julien Royer @@ -892,6 +929,7 @@ Karol Pietrzak Kartik Mahajan Kaspar Brand Katie Wang +Katsuhiko YOSHIDA Kazuho Oku Kees Cook Kees Dekker @@ -935,6 +973,7 @@ Kyle L. Huff Kyle Sallee Kyselgov E.N Lachlan O'Dea +Ladar Levison Larry Campbell Larry Fahnoe Larry Lin @@ -946,7 +985,6 @@ Lars J. Aas Lars Johannesen Lars Nilsson Lars Torben Wilson -Lau Hang Kin Laurent Bonnans Laurent Rabret Lauri Kasanen @@ -956,10 +994,13 @@ Lawrence Wagerfield Legoff Vincent Lehel Bernadt Leif W +Leigh Purdie Leith Bade Len Krause +Len Marinaccio Lenaic Lefever Lenny Rachitsky +Leon Breedt Leon Winter Leonardo Rosati Leonardo Taccari @@ -1032,6 +1073,7 @@ Marco G. Salvagno Marco Maggi Marcos Diazr Marcus Hoffmann +Marcus Klein Marcus Sundberg Marcus Webster Marian Klymov @@ -1039,7 +1081,6 @@ Mario Schroeder Mark Brand Mark Butler Mark Davies -Mark Eichin Mark Hamilton Mark Incley Mark Karpeles @@ -1048,6 +1089,8 @@ Mark Nottingham Mark Salisbury Mark Snelling Mark Tully +Mark W. Eichin +Mark Wotton Markus Duft Markus Elfring Markus Koetter @@ -1065,9 +1108,11 @@ Martin Galvan Martin Hager Martin Hedenfalk Martin Jansen +Martin Kammerhofer Martin Kepplinger Martin Lemke Martin Skinner +Martin Staael Martin Storsjö Martin Vejnár Marty Kuhrt @@ -1076,6 +1121,7 @@ Massimiliano Ziccardi Massimo Callegari Mateusz Loskot Mathias Axelsson +Mathieu Legare Mats Lidell Matt Arsenault Matt Ford @@ -1083,8 +1129,8 @@ Matt Kraai Matt Veenstra Matt Witherspoon Matt Wixson -Matteo B. Matteo Bignotti +Matteo Bignottignotti Matteo Rocco Matthew Blain Matthew Clarke @@ -1093,6 +1139,7 @@ Matthew Kerwin Matthew Whitehead Matthias Bolte Mattias Fornander +Matus Uzak Maurice Barnum Mauro Iorio Mauro Rappa @@ -1109,6 +1156,7 @@ Mehmet Bozkurt Mekonikum Melissa Mears Mettgut Jamalla +Michael Anti Michael Benedict Michael Calmer Michael Cronenworth @@ -1122,6 +1170,7 @@ Michael Jerris Michael Kalinin Michael Kaufmann Michael Kilburn +Michael Kujawa Michael König Michael Maltese Michael Mealling @@ -1129,6 +1178,7 @@ Michael Mueller Michael Osipov Michael Smith Michael Stapelberg +Michael Steuer Michael Stillwell Michael Wallner Michal Bonino @@ -1150,6 +1200,7 @@ Mikalai Ananenka Mike Bytnar Mike Crowe Mike Dobbs +Mike Dowell Mike Giancola Mike Hasselberg Mike Henshaw @@ -1236,6 +1287,7 @@ Orgad Shaneh Ori Avtalion Oscar Koeroo Oscar Norlander +Oskar Liljeblad Oumph on github P R Schaffner Palo Markovic @@ -1282,6 +1334,7 @@ Pawel A. Gajda Pawel Kierski Pedro Larroy Pedro Neves +Peng Li Per Lundberg Per Malmberg Pete Lomax @@ -1357,7 +1410,6 @@ Rajkumar Mandal Ralf S. Engelschall Ralph Beckmann Ralph Mitchell -Ramana Mokkapati Ran Mozes Randall S. Becker Randy Armstrong @@ -1370,6 +1422,7 @@ Ray Satiro Razvan Cojocaru Reinhard Max Reinout van Schouwen +Remco van Hooff Remi Gacogne Remo E Renato Botelho @@ -1386,6 +1439,7 @@ Rich Burridge Rich Gray Rich Rauenzahn Rich Turner +Richard Adams Richard Alcock Richard Archer Richard Atterer @@ -1405,6 +1459,7 @@ Richy Kim Rick Deist Rick Jones Rick Richardson +Rick Welykochy Ricki Hirner Ricky-Tigg on github Rider Linden @@ -1422,6 +1477,7 @@ Robert D. Young Robert Foreman Robert Iakobashvili Robert Kolcun +Robert Linden Robert Olson Robert Prag Robert Schumann @@ -1497,6 +1553,7 @@ Sean Boudreau Sean Burford Sean MacLennan Sean Miller +Sebastiaan van Erk Sebastian Mundry Sebastian Pohlschmidt Sebastian Rasmussen @@ -1507,6 +1564,7 @@ Sergey Tatarincev Sergii Kavunenko Sergii Pylypenko Sergio Ballestrero +Sergio Barresi Sergio Borghese Serj Kalichev Seshubabu Pasam @@ -1521,6 +1579,8 @@ Shaun Jackman Shawn Landden Shawn Poulson Shine Fan +Shiraz Kanga +Shlomi Fish Shmulik Regev Siddhartha Prakash Jain Sidney San Martín @@ -1544,6 +1604,7 @@ Stefan Agner Stefan Bühler Stefan Eissing Stefan Esser +Stefan Grether Stefan Kanthak Stefan Krause Stefan Neis @@ -1553,6 +1614,7 @@ Stefan Ulrich Steinar H. Gunderson Stepan Broz Stephan Bergmann +Stephan Lagerholm Stephan Mühlstrasser Stephen Brokenshire Stephen Collyer @@ -1570,6 +1632,7 @@ Steve Little Steve Marx Steve Oliphant Steve Roskowski +Steve Walch Steven Bazyl Steven G. Johnson Steven Gu @@ -1591,9 +1654,11 @@ T. Bharath T. Yamada TJ Saunders Tae Hyoung Ahn +Tae Wong Taneli Vähäkangas Tanguy Fautre Tatsuhiro Tsujikawa +Teemu Yli-Elsila Temprimus Terri Oda Terry Wu @@ -1626,6 +1691,8 @@ Tim Rühsen Tim Sneddon Tim Stack Tim Starling +Tim Tassonis +Tim Verhoeven Timo Sirainen Timotej Lazar Timothe Litt @@ -1633,11 +1700,13 @@ Timothy Polich Tinus van den Berg Tobias Blomberg Tobias Hintze +Tobias Lindgren Tobias Markus Tobias Rundström Tobias Stoeckmann Toby Peterson Todd A Ouska +Todd Kaufmann Todd Kulesza Todd Short Todd Vierling @@ -1653,6 +1722,7 @@ Tom Seddon Tom Sparrow Tom Wright Tom Zerucha +Tom van der Woerdt Tomas Hoger Tomas Jakobsson Tomas Mlcoch @@ -1692,6 +1762,7 @@ Vasiliy Faronov Vasy Okhin Venkat Akella Venkataramana Mokkapati +Vicente Garcia Victor Snezhko Vijay Panghal Vikram Saxena @@ -1717,9 +1788,9 @@ W. Mark Kubacki Waldek Kozba Walter J. Mack Ward Willats -Warp Kawada Warren Menzer Wayne Haigh +Wenxiang Qian Werner Koch Wesley Laxton Wesley Miaw @@ -1728,6 +1799,7 @@ Wham Bang Wilfredo Sanchez Will Dietz Willem Sparreboom +William A. Rowe Jr William Ahern Wojciech Zwiefka Wouter Van Rooy @@ -1737,7 +1809,6 @@ Xavier Bouchoux XhstormR on github Xiangbin Li Yaakov Selkowitz -Yamada Yasuharu Yang Tse Yarram Sunil Yasuharu Yamada @@ -1749,6 +1820,7 @@ Yiming Jing Yingwei Liu Yonggang Luo Yousuke Kimoto +Yu Xin Yukihiro Kawada Yun SangHo Yuriy Sosov @@ -1759,7 +1831,9 @@ Zdenek Pavlas Zekun Ni Zenju on github Zero King +Zhao Yisha Zhaoyang Wu +Zhibiao Wu Zhouyihai Ding Zmey Petroff Zvi Har'El @@ -1779,6 +1853,7 @@ daboul on github dasimx on github destman on github dkjjr89 on github +dnivras on github dpull on github dtmsecurity on github eXeC64 on github @@ -1790,6 +1865,7 @@ imilli on github infinnovation-dev on github iz8mbw on github jakirkham on github +jasal82 on github jonrumsey on github joshhe on github jungle-boogie on github @@ -1800,6 +1876,7 @@ lijian996 on github lukaszgn on github madblobfish on github marc-groundctl on github +masbug on github mccormickt12 on github mkzero on github moohoorama on github @@ -1811,7 +1888,6 @@ olesteban on github omau on github ovidiu-benea on github patelvivekv1993 on github -paulharris on github pszemus on github silveja1 on github steelman on github @@ -1825,7 +1901,6 @@ tpaukrt on github vanillajonathan on github wmsch on github wncboy on github -wyattoday on github youngchopin on github zelinchen on github zzq1015 on github diff --git a/libs/libcurl/include/curl/curl.h b/libs/libcurl/include/curl/curl.h index 3c5ce709a5..88e1f39e87 100644 --- a/libs/libcurl/include/curl/curl.h +++ b/libs/libcurl/include/curl/curl.h @@ -355,11 +355,21 @@ typedef int (*curl_seek_callback)(void *instream, signal libcurl to pause sending data on the current transfer. */ #define CURL_READFUNC_PAUSE 0x10000001 +/* Return code for when the trailing headers' callback has terminated + without any errors*/ +#define CURL_TRAILERFUNC_OK 0 +/* Return code for when was an error in the trailing header's list and we + want to abort the request */ +#define CURL_TRAILERFUNC_ABORT 1 + typedef size_t (*curl_read_callback)(char *buffer, size_t size, size_t nitems, void *instream); +typedef int (*curl_trailer_callback)(struct curl_slist **list, + void *userdata); + typedef enum { CURLSOCKTYPE_IPCXN, /* socket created for a specific IP connection */ CURLSOCKTYPE_ACCEPT, /* socket created by accept() call */ @@ -1875,6 +1885,15 @@ typedef enum { /* Specify URL using CURL URL API. */ CINIT(CURLU, OBJECTPOINT, 282), + /* add trailing data just after no more data is available */ + CINIT(TRAILERFUNCTION, FUNCTIONPOINT, 283), + + /* pointer to be passed to HTTP_TRAILER_FUNCTION */ + CINIT(TRAILERDATA, OBJECTPOINT, 284), + + /* set this to 1L to allow HTTP/0.9 responses or 0L to disallow */ + CINIT(HTTP09_ALLOWED, LONG, 285), + CURLOPT_LASTENTRY /* the last unused */ } CURLoption; diff --git a/libs/libcurl/include/curl/curlver.h b/libs/libcurl/include/curl/curlver.h index 43cec1abb8..3b043345d7 100644 --- a/libs/libcurl/include/curl/curlver.h +++ b/libs/libcurl/include/curl/curlver.h @@ -30,12 +30,12 @@ /* This is the version number of the libcurl package from which this header file origins: */ -#define LIBCURL_VERSION "7.63.0" +#define LIBCURL_VERSION "7.64.0" /* The numeric version number is also available "in parts" by using these defines: */ #define LIBCURL_VERSION_MAJOR 7 -#define LIBCURL_VERSION_MINOR 63 +#define LIBCURL_VERSION_MINOR 64 #define LIBCURL_VERSION_PATCH 0 /* This is the numeric version of the libcurl version number, meant for easier @@ -57,7 +57,7 @@ CURL_VERSION_BITS() macro since curl's own configure script greps for it and needs it to contain the full number. */ -#define LIBCURL_VERSION_NUM 0x073f00 +#define LIBCURL_VERSION_NUM 0x074000 /* * This is the date and time when the full source package was created. The @@ -68,7 +68,7 @@ * * "2007-11-23" */ -#define LIBCURL_TIMESTAMP "2018-12-12" +#define LIBCURL_TIMESTAMP "2019-02-06" #define CURL_VERSION_BITS(x,y,z) ((x)<<16|(y)<<8|z) #define CURL_AT_LEAST_VERSION(x,y,z) \ diff --git a/libs/libcurl/include/curl/urlapi.h b/libs/libcurl/include/curl/urlapi.h index 90dd56c000..850faa97a5 100644 --- a/libs/libcurl/include/curl/urlapi.h +++ b/libs/libcurl/include/curl/urlapi.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2018, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2018 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -22,6 +22,8 @@ * ***************************************************************************/ +#include "curl.h" + #ifdef __cplusplus extern "C" { #endif diff --git a/libs/libcurl/src/Makefile.am b/libs/libcurl/src/Makefile.am index a7b5262b91..f2034a2f24 100644 --- a/libs/libcurl/src/Makefile.am +++ b/libs/libcurl/src/Makefile.am @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. +# Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -29,8 +29,7 @@ EXTRA_DIST = Makefile.m32 config-win32.h \ makefile.amiga Makefile.netware nwlib.c nwos.c config-win32ce.h \ config-os400.h setup-os400.h config-symbian.h Makefile.Watcom \ config-tpf.h mk-ca-bundle.pl mk-ca-bundle.vbs $(CMAKE_DIST) \ - firefox-db2pem.sh config-vxworks.h Makefile.vxworks checksrc.pl \ - objnames-test08.sh objnames-test10.sh objnames.inc + firefox-db2pem.sh config-vxworks.h Makefile.vxworks checksrc.pl lib_LTLIBRARIES = libcurl.la @@ -88,10 +87,6 @@ libcurl_la_CPPFLAGS_EXTRA = libcurl_la_LDFLAGS_EXTRA = libcurl_la_CFLAGS_EXTRA = -@CODE_COVERAGE_RULES@ -libcurl_la_LDFLAGS_EXTRA += $(CODE_COVERAGE_LDFLAGS) -libcurl_la_CFLAGS_EXTRA += $(CODE_COVERAGE_CFLAGS) - if CURL_LT_SHLIB_USE_VERSION_INFO libcurl_la_LDFLAGS_EXTRA += $(VERSIONINFO) endif diff --git a/libs/libcurl/src/Makefile.in b/libs/libcurl/src/Makefile.in index 43c5d442b4..14c1c73afa 100644 --- a/libs/libcurl/src/Makefile.in +++ b/libs/libcurl/src/Makefile.in @@ -124,8 +124,7 @@ host_triplet = @host@ @DOING_CURL_SYMBOL_HIDING_TRUE@am__append_9 = $(CFLAG_CURL_SYMBOL_HIDING) subdir = lib ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/m4/ax_code_coverage.m4 \ - $(top_srcdir)/m4/ax_compile_check_sizeof.m4 \ +am__aclocal_m4_deps = $(top_srcdir)/m4/ax_compile_check_sizeof.m4 \ $(top_srcdir)/m4/curl-compilers.m4 \ $(top_srcdir)/m4/curl-confopts.m4 \ $(top_srcdir)/m4/curl-functions.m4 \ @@ -686,12 +685,6 @@ CCDEPMODE = @CCDEPMODE@ # This might hold -Werror CFLAGS = @CFLAGS@ @CURL_CFLAG_EXTRAS@ CFLAG_CURL_SYMBOL_HIDING = @CFLAG_CURL_SYMBOL_HIDING@ -CODE_COVERAGE_CFLAGS = @CODE_COVERAGE_CFLAGS@ -CODE_COVERAGE_CPPFLAGS = @CODE_COVERAGE_CPPFLAGS@ -CODE_COVERAGE_CXXFLAGS = @CODE_COVERAGE_CXXFLAGS@ -CODE_COVERAGE_ENABLED = @CODE_COVERAGE_ENABLED@ -CODE_COVERAGE_LDFLAGS = @CODE_COVERAGE_LDFLAGS@ -CODE_COVERAGE_LIBS = @CODE_COVERAGE_LIBS@ CONFIGURE_OPTIONS = @CONFIGURE_OPTIONS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ @@ -734,7 +727,6 @@ ENABLE_STATIC = @ENABLE_STATIC@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GCOV = @GCOV@ -GENHTML = @GENHTML@ GREP = @GREP@ HAVE_BROTLI = @HAVE_BROTLI@ HAVE_GNUTLS_SRP = @HAVE_GNUTLS_SRP@ @@ -886,7 +878,7 @@ top_srcdir = @top_srcdir@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. +# Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -908,8 +900,7 @@ EXTRA_DIST = Makefile.m32 config-win32.h \ makefile.amiga Makefile.netware nwlib.c nwos.c config-win32ce.h \ config-os400.h setup-os400.h config-symbian.h Makefile.Watcom \ config-tpf.h mk-ca-bundle.pl mk-ca-bundle.vbs $(CMAKE_DIST) \ - firefox-db2pem.sh config-vxworks.h Makefile.vxworks checksrc.pl \ - objnames-test08.sh objnames-test10.sh objnames.inc + firefox-db2pem.sh config-vxworks.h Makefile.vxworks checksrc.pl lib_LTLIBRARIES = libcurl.la @BUILD_UNITTESTS_FALSE@noinst_LTLIBRARIES = @@ -943,10 +934,9 @@ VERSIONINFO = -version-info 9:0:5 AM_LDFLAGS = AM_CFLAGS = libcurl_la_CPPFLAGS_EXTRA = $(am__append_7) $(am__append_8) -libcurl_la_LDFLAGS_EXTRA = $(CODE_COVERAGE_LDFLAGS) $(am__append_2) \ - $(am__append_3) $(am__append_4) $(am__append_5) \ - $(am__append_6) -libcurl_la_CFLAGS_EXTRA = $(CODE_COVERAGE_CFLAGS) $(am__append_9) +libcurl_la_LDFLAGS_EXTRA = $(am__append_2) $(am__append_3) \ + $(am__append_4) $(am__append_5) $(am__append_6) +libcurl_la_CFLAGS_EXTRA = $(am__append_9) libcurl_la_CPPFLAGS = $(AM_CPPFLAGS) $(libcurl_la_CPPFLAGS_EXTRA) libcurl_la_LDFLAGS = $(AM_LDFLAGS) $(libcurl_la_LDFLAGS_EXTRA) $(LDFLAGS) $(LIBCURL_LIBS) libcurl_la_CFLAGS = $(AM_CFLAGS) $(libcurl_la_CFLAGS_EXTRA) @@ -4223,8 +4213,6 @@ uninstall-am: uninstall-libLTLIBRARIES .PRECIOUS: Makefile -@CODE_COVERAGE_RULES@ - checksrc: @PERL@ $(srcdir)/checksrc.pl -D$(srcdir) -W$(srcdir)/curl_config.h \ $(srcdir)/*.[ch] $(srcdir)/vauth/*.[ch] $(srcdir)/vtls/*.[ch] diff --git a/libs/libcurl/src/asyn-ares.c b/libs/libcurl/src/asyn-ares.c index 6a49566c86..04a25b3213 100644 --- a/libs/libcurl/src/asyn-ares.c +++ b/libs/libcurl/src/asyn-ares.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -199,6 +199,17 @@ void Curl_resolver_cancel(struct connectdata *conn) } /* + * We're equivalent to Curl_resolver_cancel() for the c-ares resolver. We + * never block. + */ +void Curl_resolver_kill(struct connectdata *conn) +{ + /* We don't need to check the resolver state because we can be called safely + at any time and we always do the same thing. */ + Curl_resolver_cancel(conn); +} + +/* * destroy_async_data() cleans up async resolver data. */ static void destroy_async_data(struct Curl_async *async) @@ -361,13 +372,13 @@ CURLcode Curl_resolver_is_resolved(struct connectdata *conn, /* * Curl_resolver_wait_resolv() * - * waits for a resolve to finish. This function should be avoided since using + * Waits for a resolve to finish. This function should be avoided since using * this risk getting the multi interface to "hang". * * If 'entry' is non-NULL, make it point to the resolved dns entry * - * Returns CURLE_COULDNT_RESOLVE_HOST if the host was not resolved, and - * CURLE_OPERATION_TIMEDOUT if a time-out occurred. + * Returns CURLE_COULDNT_RESOLVE_HOST if the host was not resolved, + * CURLE_OPERATION_TIMEDOUT if a time-out occurred, or other errors. */ CURLcode Curl_resolver_wait_resolv(struct connectdata *conn, struct Curl_dns_entry **entry) diff --git a/libs/libcurl/src/asyn-thread.c b/libs/libcurl/src/asyn-thread.c index 74208d7ec5..a9679d062e 100644 --- a/libs/libcurl/src/asyn-thread.c +++ b/libs/libcurl/src/asyn-thread.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -462,13 +462,33 @@ static CURLcode resolver_error(struct connectdata *conn) } /* + * Until we gain a way to signal the resolver threads to stop early, we must + * simply wait for them and ignore their results. + */ +void Curl_resolver_kill(struct connectdata *conn) +{ + struct thread_data *td = (struct thread_data*) conn->async.os_specific; + + /* If we're still resolving, we must wait for the threads to fully clean up, + unfortunately. Otherwise, we can simply cancel to clean up any resolver + data. */ + if(td && td->thread_hnd != curl_thread_t_null) + (void)Curl_resolver_wait_resolv(conn, NULL); + else + Curl_resolver_cancel(conn); +} + +/* * Curl_resolver_wait_resolv() * - * waits for a resolve to finish. This function should be avoided since using + * Waits for a resolve to finish. This function should be avoided since using * this risk getting the multi interface to "hang". * * If 'entry' is non-NULL, make it point to the resolved dns entry * + * Returns CURLE_COULDNT_RESOLVE_HOST if the host was not resolved, + * CURLE_OPERATION_TIMEDOUT if a time-out occurred, or other errors. + * * This is the version for resolves-in-a-thread. */ CURLcode Curl_resolver_wait_resolv(struct connectdata *conn, @@ -478,6 +498,7 @@ CURLcode Curl_resolver_wait_resolv(struct connectdata *conn, CURLcode result = CURLE_OK; DEBUGASSERT(conn && td); + DEBUGASSERT(td->thread_hnd != curl_thread_t_null); /* wait for the thread to resolve the name */ if(Curl_thread_join(&td->thread_hnd)) { diff --git a/libs/libcurl/src/asyn.h b/libs/libcurl/src/asyn.h index 43625bc3be..ccd4b1f7e2 100644 --- a/libs/libcurl/src/asyn.h +++ b/libs/libcurl/src/asyn.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -87,10 +87,25 @@ CURLcode Curl_resolver_duphandle(struct Curl_easy *easy, void **to, * * It is called from inside other functions to cancel currently performing * resolver request. Should also free any temporary resources allocated to - * perform a request. + * perform a request. This never waits for resolver threads to complete. + * + * It is safe to call this when conn is in any state. */ void Curl_resolver_cancel(struct connectdata *conn); +/* + * Curl_resolver_kill(). + * + * This acts like Curl_resolver_cancel() except it will block until any threads + * associated with the resolver are complete. This never blocks for resolvers + * that do not use threads. This is intended to be the "last chance" function + * that cleans up an in-progress resolver completely (before its owner is about + * to die). + * + * It is safe to call this when conn is in any state. + */ +void Curl_resolver_kill(struct connectdata *conn); + /* Curl_resolver_getsock() * * This function is called from the multi_getsock() function. 'sock' is a @@ -117,14 +132,13 @@ CURLcode Curl_resolver_is_resolved(struct connectdata *conn, /* * Curl_resolver_wait_resolv() * - * waits for a resolve to finish. This function should be avoided since using + * Waits for a resolve to finish. This function should be avoided since using * this risk getting the multi interface to "hang". * * If 'entry' is non-NULL, make it point to the resolved dns entry * - * Returns CURLE_COULDNT_RESOLVE_HOST if the host was not resolved, and - * CURLE_OPERATION_TIMEDOUT if a time-out occurred. - + * Returns CURLE_COULDNT_RESOLVE_HOST if the host was not resolved, + * CURLE_OPERATION_TIMEDOUT if a time-out occurred, or other errors. */ CURLcode Curl_resolver_wait_resolv(struct connectdata *conn, struct Curl_dns_entry **dnsentry); @@ -148,6 +162,7 @@ Curl_addrinfo *Curl_resolver_getaddrinfo(struct connectdata *conn, #ifndef CURLRES_ASYNCH /* convert these functions if an asynch resolver isn't used */ #define Curl_resolver_cancel(x) Curl_nop_stmt +#define Curl_resolver_kill(x) Curl_nop_stmt #define Curl_resolver_is_resolved(x,y) CURLE_COULDNT_RESOLVE_HOST #define Curl_resolver_wait_resolv(x,y) CURLE_COULDNT_RESOLVE_HOST #define Curl_resolver_getsock(x,y,z) 0 diff --git a/libs/libcurl/src/config-win32.h b/libs/libcurl/src/config-win32.h index c7e05eca7a..76b00b9bbf 100644 --- a/libs/libcurl/src/config-win32.h +++ b/libs/libcurl/src/config-win32.h @@ -240,10 +240,6 @@ /* Define if you have the socket function. */ #define HAVE_SOCKET 1 -/* if libSSH2 is in use */ -#define USE_LIBSSH2 1 -#define HAVE_LIBSSH2_H 1 - /* Define if you have the strcasecmp function. */ /* #define HAVE_STRCASECMP 1 */ diff --git a/libs/libcurl/src/conncache.c b/libs/libcurl/src/conncache.c index 08e9042a6f..78ad386c35 100644 --- a/libs/libcurl/src/conncache.c +++ b/libs/libcurl/src/conncache.c @@ -6,7 +6,7 @@ * \___|\___/|_| \_\_____| * * Copyright (C) 2012 - 2016, Linus Nielsen Feltzing, <linus@haxx.se> - * Copyright (C) 2012 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2012 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -178,9 +178,9 @@ static void hashkey(struct connectdata *conn, char *buf, msnprintf(buf, len, "%ld%s", conn->port, hostname); } -void Curl_conncache_unlock(struct connectdata *conn) +void Curl_conncache_unlock(struct Curl_easy *data) { - CONN_UNLOCK(conn->data); + CONN_UNLOCK(data); } /* Returns number of connections currently held in the connection cache. @@ -302,9 +302,14 @@ CURLcode Curl_conncache_add_conn(struct conncache *connc, return result; } -void Curl_conncache_remove_conn(struct connectdata *conn, bool lock) +/* + * Removes the connectdata object from the connection cache *and* clears the + * ->data pointer association. Pass TRUE/FALSE in the 'lock' argument + * depending on if the parent function already holds the lock or not. + */ +void Curl_conncache_remove_conn(struct Curl_easy *data, + struct connectdata *conn, bool lock) { - struct Curl_easy *data = conn->data; struct connectbundle *bundle = conn->bundle; struct conncache *connc = data->state.conn_cache; @@ -323,6 +328,7 @@ void Curl_conncache_remove_conn(struct connectdata *conn, bool lock) DEBUGF(infof(data, "The cache now contains %zu members\n", connc->num_conn)); } + conn->data = NULL; /* clear the association */ if(lock) { CONN_UNLOCK(data); } @@ -566,8 +572,6 @@ void Curl_conncache_close_all_connections(struct conncache *connc) conn->data = connc->closure_handle; sigpipe_ignore(conn->data, &pipe_st); - conn->data->easy_conn = NULL; /* clear the easy handle's connection - pointer */ /* This will remove the connection from the cache */ connclose(conn, "kill all"); (void)Curl_disconnect(connc->closure_handle, conn, FALSE); diff --git a/libs/libcurl/src/conncache.h b/libs/libcurl/src/conncache.h index eedd7a800e..0df6d47154 100644 --- a/libs/libcurl/src/conncache.h +++ b/libs/libcurl/src/conncache.h @@ -56,7 +56,7 @@ void Curl_conncache_destroy(struct conncache *connc); /* return the correct bundle, to a host or a proxy */ struct connectbundle *Curl_conncache_find_bundle(struct connectdata *conn, struct conncache *connc); -void Curl_conncache_unlock(struct connectdata *conn); +void Curl_conncache_unlock(struct Curl_easy *data); /* returns number of connections currently held in the connection cache */ size_t Curl_conncache_size(struct Curl_easy *data); size_t Curl_conncache_bundle_size(struct connectdata *conn); @@ -64,7 +64,8 @@ size_t Curl_conncache_bundle_size(struct connectdata *conn); bool Curl_conncache_return_conn(struct connectdata *conn); CURLcode Curl_conncache_add_conn(struct conncache *connc, struct connectdata *conn) WARN_UNUSED_RESULT; -void Curl_conncache_remove_conn(struct connectdata *conn, +void Curl_conncache_remove_conn(struct Curl_easy *data, + struct connectdata *conn, bool lock); bool Curl_conncache_foreach(struct Curl_easy *data, struct conncache *connc, diff --git a/libs/libcurl/src/cookie.c b/libs/libcurl/src/cookie.c index 3dc85ee5ca..4fb992ac9d 100644 --- a/libs/libcurl/src/cookie.c +++ b/libs/libcurl/src/cookie.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -223,7 +223,7 @@ static bool pathmatch(const char *cookie_path, const char *request_uri) goto pathmatched; } - /* here, cookie_path_len < url_path_len */ + /* here, cookie_path_len < uri_path_len */ if(uri_path[cookie_path_len] == '/') { ret = TRUE; goto pathmatched; @@ -433,9 +433,10 @@ Curl_cookie_add(struct Curl_easy *data, bool noexpire, /* if TRUE, skip remove_expired() */ char *lineptr, /* first character of the line */ const char *domain, /* default domain */ - const char *path) /* full path used when this cookie is set, + const char *path, /* full path used when this cookie is set, used to get default path for the cookie unless set */ + bool secure) /* TRUE if connection is over secure origin */ { struct Cookie *clist; struct Cookie *co; @@ -546,8 +547,20 @@ Curl_cookie_add(struct Curl_easy *data, /* this was a "<name>=" with no content, and we must allow 'secure' and 'httponly' specified this weirdly */ done = TRUE; - if(strcasecompare("secure", name)) - co->secure = TRUE; + /* + * secure cookies are only allowed to be set when the connection is + * using a secure protocol, or when the cookie is being set by + * reading from file + */ + if(strcasecompare("secure", name)) { + if(secure || !c->running) { + co->secure = TRUE; + } + else { + badcookie = TRUE; + break; + } + } else if(strcasecompare("httponly", name)) co->httponly = TRUE; else if(sep) @@ -790,6 +803,8 @@ Curl_cookie_add(struct Curl_easy *data, co->domain = strdup(ptr); if(!co->domain) badcookie = TRUE; + else if(bad_domain(co->domain)) + badcookie = TRUE; break; case 1: /* This field got its explanation on the 23rd of May 2001 by @@ -831,7 +846,13 @@ Curl_cookie_add(struct Curl_easy *data, fields++; /* add a field and fall down to secure */ /* FALLTHROUGH */ case 3: - co->secure = strcasecompare(ptr, "TRUE")?TRUE:FALSE; + co->secure = FALSE; + if(strcasecompare(ptr, "TRUE")) { + if(secure || c->running) + co->secure = TRUE; + else + badcookie = TRUE; + } break; case 4: if(curlx_strtoofft(ptr, NULL, 10, &co->expires)) @@ -887,18 +908,20 @@ Curl_cookie_add(struct Curl_easy *data, if(!noexpire) remove_expired(c); -#ifdef USE_LIBPSL - /* Check if the domain is a Public Suffix and if yes, ignore the cookie. */ if(domain && co->domain && !isip(co->domain)) { - const psl_ctx_t *psl = Curl_psl_use(data); int acceptable; +#ifdef USE_LIBPSL + const psl_ctx_t *psl = Curl_psl_use(data); + /* Check if the domain is a Public Suffix and if yes, ignore the cookie. */ if(psl) { acceptable = psl_is_cookie_domain_acceptable(psl, domain, co->domain); Curl_psl_release(data); } else - acceptable = !bad_domain(domain); +#endif + /* Without libpsl, do the best we can. */ + acceptable = !bad_domain(co->domain); if(!acceptable) { infof(data, "cookie '%s' dropped, domain '%s' must not " @@ -907,7 +930,6 @@ Curl_cookie_add(struct Curl_easy *data, return NULL; } } -#endif myhash = cookiehash(co->domain); clist = c->cookies[myhash]; @@ -929,9 +951,31 @@ Curl_cookie_add(struct Curl_easy *data, /* the domains were identical */ if(clist->spath && co->spath) { - if(strcasecompare(clist->spath, co->spath)) { - replace_old = TRUE; + if(clist->secure && !co->secure && !secure) { + size_t cllen; + const char *sep; + + /* + * A non-secure cookie may not overlay an existing secure cookie. + * For an existing cookie "a" with path "/login", refuse a new + * cookie "a" with for example path "/login/en", while the path + * "/loginhelper" is ok. + */ + + sep = strchr(clist->spath + 1, '/'); + + if(sep) + cllen = sep - clist->spath; + else + cllen = strlen(clist->spath); + + if(strncasecompare(clist->spath, co->spath, cllen)) { + freecookie(co); + return NULL; + } } + else if(strcasecompare(clist->spath, co->spath)) + replace_old = TRUE; else replace_old = FALSE; } @@ -1103,7 +1147,7 @@ struct CookieInfo *Curl_cookie_init(struct Curl_easy *data, while(*lineptr && ISBLANK(*lineptr)) lineptr++; - Curl_cookie_add(data, c, headerline, TRUE, lineptr, NULL, NULL); + Curl_cookie_add(data, c, headerline, TRUE, lineptr, NULL, NULL, TRUE); } free(line); /* free the line buffer */ remove_expired(c); /* run this once, not on every cookie */ diff --git a/libs/libcurl/src/cookie.h b/libs/libcurl/src/cookie.h index a9f90ca715..3ee457c622 100644 --- a/libs/libcurl/src/cookie.h +++ b/libs/libcurl/src/cookie.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -85,7 +85,8 @@ struct Curl_easy; struct Cookie *Curl_cookie_add(struct Curl_easy *data, struct CookieInfo *, bool header, bool noexpiry, char *lineptr, - const char *domain, const char *path); + const char *domain, const char *path, + bool secure); struct Cookie *Curl_cookie_getlist(struct CookieInfo *, const char *, const char *, bool); diff --git a/libs/libcurl/src/curl_config.h.in b/libs/libcurl/src/curl_config.h.in index 781006f20f..7ab164b7b0 100644 --- a/libs/libcurl/src/curl_config.h.in +++ b/libs/libcurl/src/curl_config.h.in @@ -499,6 +499,9 @@ /* Define to 1 if you have the <openssl/ssl.h> header file. */ #undef HAVE_OPENSSL_SSL_H +/* Define to 1 if you have the `OpenSSL_version' function. */ +#undef HAVE_OPENSSL_VERSION + /* Define to 1 if you have the <openssl/x509.h> header file. */ #undef HAVE_OPENSSL_X509_H diff --git a/libs/libcurl/src/curl_sasl.c b/libs/libcurl/src/curl_sasl.c index 354bc54487..9e1a72e5e4 100644 --- a/libs/libcurl/src/curl_sasl.c +++ b/libs/libcurl/src/curl_sasl.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2012 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2012 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -300,8 +300,7 @@ CURLcode Curl_sasl_start(struct SASL *sasl, struct connectdata *conn, result = Curl_auth_create_gssapi_user_message(data, conn->user, conn->passwd, service, - data->easy_conn-> - host.name, + data->conn->host.name, sasl->mutual_auth, NULL, &conn->krb5, &resp, &len); @@ -517,7 +516,7 @@ CURLcode Curl_sasl_continue(struct SASL *sasl, struct connectdata *conn, result = Curl_auth_create_gssapi_user_message(data, conn->user, conn->passwd, service, - data->easy_conn->host.name, + data->conn->host.name, sasl->mutual_auth, NULL, &conn->krb5, &resp, &len); diff --git a/libs/libcurl/src/doh.c b/libs/libcurl/src/doh.c index 1e76c96f91..f06ed3311b 100644 --- a/libs/libcurl/src/doh.c +++ b/libs/libcurl/src/doh.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2018, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2018 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -160,7 +160,7 @@ static int Curl_doh_done(struct Curl_easy *doh, CURLcode result) struct Curl_easy *data = doh->set.dohfor; /* so one of the DOH request done for the 'data' transfer is now complete! */ data->req.doh.pending--; - infof(data, "a DOH request is completed, %d to go\n", data->req.doh.pending); + infof(data, "a DOH request is completed, %u to go\n", data->req.doh.pending); if(result) infof(data, "DOH request %s\n", curl_easy_strerror(result)); diff --git a/libs/libcurl/src/easy.c b/libs/libcurl/src/easy.c index e592d7a71e..6fcad3decd 100644 --- a/libs/libcurl/src/easy.c +++ b/libs/libcurl/src/easy.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -1060,7 +1060,7 @@ CURLcode curl_easy_pause(struct Curl_easy *data, int action) unsigned int i; unsigned int count = data->state.tempcount; struct tempbuf writebuf[3]; /* there can only be three */ - struct connectdata *conn = data->easy_conn; + struct connectdata *conn = data->conn; struct Curl_easy *saved_data = NULL; /* copy the structs to allow for immediate re-pausing */ diff --git a/libs/libcurl/src/ftp.c b/libs/libcurl/src/ftp.c index 581df09d77..c5f9540002 100644 --- a/libs/libcurl/src/ftp.c +++ b/libs/libcurl/src/ftp.c @@ -655,7 +655,7 @@ CURLcode Curl_GetFTPResponse(ssize_t *nreadp, /* return number of bytes read */ while(!*ftpcode && !result) { /* check and reset timeout value every lap */ - time_t timeout = Curl_pp_state_timeout(pp); /* timeout in milliseconds */ + time_t timeout = Curl_pp_state_timeout(pp, FALSE); time_t interval_ms; if(timeout <= 0) { @@ -3054,7 +3054,7 @@ static CURLcode ftp_multi_statemach(struct connectdata *conn, bool *done) { struct ftp_conn *ftpc = &conn->proto.ftpc; - CURLcode result = Curl_pp_statemach(&ftpc->pp, FALSE); + CURLcode result = Curl_pp_statemach(&ftpc->pp, FALSE, FALSE); /* Check for the state outside of the Curl_socket_check() return code checks since at times we are in fact already in this state when this function @@ -3071,7 +3071,7 @@ static CURLcode ftp_block_statemach(struct connectdata *conn) CURLcode result = CURLE_OK; while(ftpc->state != FTP_STOP) { - result = Curl_pp_statemach(pp, TRUE); + result = Curl_pp_statemach(pp, TRUE, TRUE /* disconnecting */); if(result) break; } diff --git a/libs/libcurl/src/getinfo.c b/libs/libcurl/src/getinfo.c index 54c2c2f1cb..19de657d8b 100644 --- a/libs/libcurl/src/getinfo.c +++ b/libs/libcurl/src/getinfo.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -390,7 +390,7 @@ static CURLcode getinfo_slist(struct Curl_easy *data, CURLINFO info, param_slistp; struct curl_tlssessioninfo *tsi = &data->tsi; #ifdef USE_SSL - struct connectdata *conn = data->easy_conn; + struct connectdata *conn = data->conn; #endif *tsip = tsi; diff --git a/libs/libcurl/src/gopher.c b/libs/libcurl/src/gopher.c index b441a641d9..485b4b79a0 100644 --- a/libs/libcurl/src/gopher.c +++ b/libs/libcurl/src/gopher.c @@ -31,9 +31,11 @@ #include "progress.h" #include "gopher.h" #include "select.h" +#include "strdup.h" #include "url.h" #include "escape.h" #include "warnless.h" +#include "curl_printf.h" #include "curl_memory.h" /* The last #include file should be: */ #include "memdebug.h" @@ -78,7 +80,9 @@ static CURLcode gopher_do(struct connectdata *conn, bool *done) curl_socket_t sockfd = conn->sock[FIRSTSOCKET]; curl_off_t *bytecount = &data->req.bytecount; + char *gopherpath; char *path = data->state.up.path; + char *query = data->state.up.query; char *sel = NULL; char *sel_org = NULL; ssize_t amount, k; @@ -86,20 +90,30 @@ static CURLcode gopher_do(struct connectdata *conn, bool *done) *done = TRUE; /* unconditionally */ + if(path && query) + gopherpath = aprintf("%s?%s", path, query); + else + gopherpath = strdup(path); + + if(!gopherpath) + return CURLE_OUT_OF_MEMORY; + /* Create selector. Degenerate cases: / and /1 => convert to "" */ - if(strlen(path) <= 2) { + if(strlen(gopherpath) <= 2) { sel = (char *)""; len = strlen(sel); + free(gopherpath); } else { char *newp; /* Otherwise, drop / and the first character (i.e., item type) ... */ - newp = path; + newp = gopherpath; newp += 2; /* ... and finally unescape */ result = Curl_urldecode(data, newp, 0, &sel, &len, FALSE); + free(gopherpath); if(result) return result; sel_org = sel; diff --git a/libs/libcurl/src/hostip.c b/libs/libcurl/src/hostip.c index f589a0b2c0..89b88e9323 100644 --- a/libs/libcurl/src/hostip.c +++ b/libs/libcurl/src/hostip.c @@ -312,6 +312,26 @@ fetch_addr(struct connectdata *conn, /* See if its already in our dns cache */ dns = Curl_hash_pick(data->dns.hostcache, entry_id, entry_len + 1); + /* No entry found in cache, check if we might have a wildcard entry */ + if(!dns && data->change.wildcard_resolve) { + /* + * Free the previous entry_id before requesting a new one to avoid leaking + * memory + */ + free(entry_id); + + entry_id = create_hostcache_id("*", port); + + /* If we can't create the entry id, fail */ + if(!entry_id) + return dns; + + entry_len = strlen(entry_id); + + /* See if it's already in our dns cache */ + dns = Curl_hash_pick(data->dns.hostcache, entry_id, entry_len + 1); + } + if(dns && (data->set.dns_cache_timeout != -1)) { /* See whether the returned entry is stale. Done before we release lock */ struct hostcache_prune_data user; @@ -872,6 +892,9 @@ CURLcode Curl_loadhostpairs(struct Curl_easy *data) char hostname[256]; int port = 0; + /* Default is no wildcard found */ + data->change.wildcard_resolve = false; + for(hostp = data->change.resolve; hostp; hostp = hostp->next) { if(!hostp->data) continue; @@ -1052,6 +1075,13 @@ CURLcode Curl_loadhostpairs(struct Curl_easy *data) } infof(data, "Added %s:%d:%s to DNS cache\n", hostname, port, addresses); + + /* Wildcard hostname */ + if(hostname[0] == '*' && hostname[1] == '\0') { + infof(data, "RESOLVE %s:%d is wildcard, enabling wildcard checks\n", + hostname, port); + data->change.wildcard_resolve = true; + } } } data->change.resolve = NULL; /* dealt with now */ diff --git a/libs/libcurl/src/http.c b/libs/libcurl/src/http.c index 345100f6c8..dd98e4a126 100644 --- a/libs/libcurl/src/http.c +++ b/libs/libcurl/src/http.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -616,6 +616,7 @@ output_auth_headers(struct connectdata *conn, result = Curl_output_negotiate(conn, proxy); if(result) return result; + authstatus->done = TRUE; negdata->state = GSS_AUTHSENT; } else @@ -1681,6 +1682,52 @@ enum proxy_use { HEADER_CONNECT /* sending CONNECT to a proxy */ }; +/* used to compile the provided trailers into one buffer + will return an error code if one of the headers is + not formatted correctly */ +CURLcode Curl_http_compile_trailers(struct curl_slist *trailers, + Curl_send_buffer *buffer, + struct Curl_easy *handle) +{ + char *ptr = NULL; + CURLcode result = CURLE_OK; + const char *endofline_native = NULL; + const char *endofline_network = NULL; + + /* TODO: Maybe split Curl_add_custom_headers to make it reusable here */ + + if( +#ifdef CURL_DO_LINEEND_CONV + (handle->set.prefer_ascii) || +#endif + (handle->set.crlf)) { + /* \n will become \r\n later on */ + endofline_native = "\n"; + endofline_network = "\x0a"; + } + else { + endofline_native = "\r\n"; + endofline_network = "\x0d\x0a"; + } + + while(trailers) { + /* only add correctly formatted trailers */ + ptr = strchr(trailers->data, ':'); + if(ptr && *(ptr + 1) == ' ') { + result = Curl_add_bufferf(&buffer, "%s%s", trailers->data, + endofline_native); + if(result) + return result; + } + else + infof(handle, "Malformatted trailing header ! Skipping trailer."); + trailers = trailers->next; + } + result = Curl_add_buffer(&buffer, endofline_network, + strlen(endofline_network)); + return result; +} + CURLcode Curl_add_custom_headers(struct connectdata *conn, bool is_connect, Curl_send_buffer *req_buffer) @@ -1788,7 +1835,8 @@ CURLcode Curl_add_custom_headers(struct connectdata *conn, checkprefix("Transfer-Encoding:", headers->data)) /* HTTP/2 doesn't support chunked requests */ ; - else if(checkprefix("Authorization:", headers->data) && + else if((checkprefix("Authorization:", headers->data) || + checkprefix("Cookie:", headers->data)) && /* be careful of sending this potentially sensitive header to other hosts */ (data->state.this_is_a_follow && @@ -3175,6 +3223,10 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data, k->header = FALSE; k->badheader = HEADER_ALLBAD; streamclose(conn, "bad HTTP: No end-of-message indicator"); + if(!data->set.http09_allowed) { + failf(data, "Received HTTP/0.9 when not allowed\n"); + return CURLE_UNSUPPORTED_PROTOCOL; + } break; } } @@ -3208,6 +3260,10 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data, if(st == STATUS_BAD) { streamclose(conn, "bad HTTP: No end-of-message indicator"); /* this is not the beginning of a protocol first header line */ + if(!data->set.http09_allowed) { + failf(data, "Received HTTP/0.9 when not allowed\n"); + return CURLE_UNSUPPORTED_PROTOCOL; + } k->header = FALSE; if(*nread) /* since there's more, this is a partial bad header */ @@ -3873,7 +3929,9 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data, here, or else use real peer host name. */ conn->allocptr.cookiehost? conn->allocptr.cookiehost:conn->host.name, - data->state.up.path); + data->state.up.path, + (conn->handler->protocol&CURLPROTO_HTTPS)? + TRUE:FALSE); Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE); } #endif diff --git a/libs/libcurl/src/http.h b/libs/libcurl/src/http.h index 21fa701abf..7fa0471ad0 100644 --- a/libs/libcurl/src/http.h +++ b/libs/libcurl/src/http.h @@ -74,6 +74,9 @@ CURLcode Curl_add_timecondition(struct Curl_easy *data, CURLcode Curl_add_custom_headers(struct connectdata *conn, bool is_connect, Curl_send_buffer *req_buffer); +CURLcode Curl_http_compile_trailers(struct curl_slist *trailers, + Curl_send_buffer *buffer, + struct Curl_easy *handle); /* protocol-specific functions set up to be called by the main engine */ CURLcode Curl_http(struct connectdata *conn, bool *done); diff --git a/libs/libcurl/src/http2.c b/libs/libcurl/src/http2.c index a61d8c2403..3b8088dffc 100644 --- a/libs/libcurl/src/http2.c +++ b/libs/libcurl/src/http2.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -800,7 +800,7 @@ static int on_data_chunk_recv(nghttp2_session *session, uint8_t flags, H2BUGF(infof(data_s, "NGHTTP2_ERR_PAUSE - %zu bytes out of buffer" ", stream %u\n", len - nread, stream_id)); - data_s->easy_conn->proto.httpc.pause_stream_id = stream_id; + data_s->conn->proto.httpc.pause_stream_id = stream_id; return NGHTTP2_ERR_PAUSE; } @@ -808,7 +808,7 @@ static int on_data_chunk_recv(nghttp2_session *session, uint8_t flags, /* pause execution of nghttp2 if we received data for another handle in order to process them first. */ if(conn->data != data_s) { - data_s->easy_conn->proto.httpc.pause_stream_id = stream_id; + data_s->conn->proto.httpc.pause_stream_id = stream_id; return NGHTTP2_ERR_PAUSE; } @@ -854,6 +854,10 @@ static int on_stream_close(nghttp2_session *session, int32_t stream_id, stream_id); DEBUGASSERT(0); } + if(stream_id == httpc->pause_stream_id) { + H2BUGF(infof(data_s, "Stopped the pause stream!\n")); + httpc->pause_stream_id = 0; + } H2BUGF(infof(data_s, "Removed stream %u hash!\n", stream_id)); stream->stream_id = 0; /* cleared */ } diff --git a/libs/libcurl/src/http_negotiate.c b/libs/libcurl/src/http_negotiate.c index 444265d11f..2a97707eba 100644 --- a/libs/libcurl/src/http_negotiate.c +++ b/libs/libcurl/src/http_negotiate.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -49,7 +49,6 @@ CURLcode Curl_input_negotiate(struct connectdata *conn, bool proxy, /* Point to the correct struct with this */ struct negotiatedata *neg_ctx; - struct auth *authp; if(proxy) { userp = conn->http_proxy.user; @@ -58,7 +57,6 @@ CURLcode Curl_input_negotiate(struct connectdata *conn, bool proxy, data->set.str[STRING_PROXY_SERVICE_NAME] : "HTTP"; host = conn->http_proxy.host.name; neg_ctx = &data->state.proxyneg; - authp = &conn->data->state.authproxy; } else { userp = conn->user; @@ -67,7 +65,6 @@ CURLcode Curl_input_negotiate(struct connectdata *conn, bool proxy, data->set.str[STRING_SERVICE_NAME] : "HTTP"; host = conn->host.name; neg_ctx = &data->state.negotiate; - authp = &conn->data->state.authhost; } /* Not set means empty */ @@ -92,17 +89,17 @@ CURLcode Curl_input_negotiate(struct connectdata *conn, bool proxy, } } + /* Supports SSL channel binding for Windows ISS extended protection */ +#if defined(USE_WINDOWS_SSPI) && defined(SECPKG_ATTR_ENDPOINT_BINDINGS) + neg_ctx->sslContext = conn->sslContext; +#endif + /* Initialize the security context and decode our challenge */ result = Curl_auth_decode_spnego_message(data, userp, passwdp, service, host, header, neg_ctx); if(result) Curl_auth_spnego_cleanup(neg_ctx); - else - /* If the status is different than 0 and we encountered no errors - it means we have to continue. 0 is the OK value for both GSSAPI - (GSS_S_COMPLETE) and SSPI (SEC_E_OK) */ - authp->done = !neg_ctx->status; return result; } diff --git a/libs/libcurl/src/http_ntlm.c b/libs/libcurl/src/http_ntlm.c index a9b33f98e4..aaf8a3deb1 100644 --- a/libs/libcurl/src/http_ntlm.c +++ b/libs/libcurl/src/http_ntlm.c @@ -175,6 +175,9 @@ CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy) if(s_hSecDll == NULL) return err; } +#ifdef SECPKG_ATTR_ENDPOINT_BINDINGS + ntlm->sslContext = conn->sslContext; +#endif #endif switch(ntlm->state) { diff --git a/libs/libcurl/src/http_proxy.c b/libs/libcurl/src/http_proxy.c index 2e0d92edd5..d7ed11761f 100644 --- a/libs/libcurl/src/http_proxy.c +++ b/libs/libcurl/src/http_proxy.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -643,7 +643,7 @@ static CURLcode CONNECT(struct connectdata *conn, void Curl_connect_free(struct Curl_easy *data) { - struct connectdata *conn = data->easy_conn; + struct connectdata *conn = data->conn; struct http_connect_state *s = conn->connect_state; if(s) { free(s); diff --git a/libs/libcurl/src/if2ip.c b/libs/libcurl/src/if2ip.c index 566061a564..acbcff71e5 100644 --- a/libs/libcurl/src/if2ip.c +++ b/libs/libcurl/src/if2ip.c @@ -96,24 +96,6 @@ unsigned int Curl_ipv6_scope(const struct sockaddr *sa) #if defined(HAVE_GETIFADDRS) -bool Curl_if_is_interface_name(const char *interf) -{ - bool result = FALSE; - - struct ifaddrs *iface, *head; - - if(getifaddrs(&head) >= 0) { - for(iface = head; iface != NULL; iface = iface->ifa_next) { - if(strcasecompare(iface->ifa_name, interf)) { - result = TRUE; - break; - } - } - freeifaddrs(head); - } - return result; -} - if2ip_result_t Curl_if2ip(int af, unsigned int remote_scope, unsigned int remote_scope_id, const char *interf, char *buf, int buf_size) @@ -196,15 +178,6 @@ if2ip_result_t Curl_if2ip(int af, unsigned int remote_scope, #elif defined(HAVE_IOCTL_SIOCGIFADDR) -bool Curl_if_is_interface_name(const char *interf) -{ - /* This is here just to support the old interfaces */ - char buf[256]; - - return (Curl_if2ip(AF_INET, 0 /* unused */, 0, interf, buf, sizeof(buf)) == - IF2IP_NOT_FOUND) ? FALSE : TRUE; -} - if2ip_result_t Curl_if2ip(int af, unsigned int remote_scope, unsigned int remote_scope_id, const char *interf, char *buf, int buf_size) @@ -251,13 +224,6 @@ if2ip_result_t Curl_if2ip(int af, unsigned int remote_scope, #else -bool Curl_if_is_interface_name(const char *interf) -{ - (void) interf; - - return FALSE; -} - if2ip_result_t Curl_if2ip(int af, unsigned int remote_scope, unsigned int remote_scope_id, const char *interf, char *buf, int buf_size) diff --git a/libs/libcurl/src/if2ip.h b/libs/libcurl/src/if2ip.h index a90e662164..a11b1c222f 100644 --- a/libs/libcurl/src/if2ip.h +++ b/libs/libcurl/src/if2ip.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -32,8 +32,6 @@ unsigned int Curl_ipv6_scope(const struct sockaddr *sa); -bool Curl_if_is_interface_name(const char *interf); - typedef enum { IF2IP_NOT_FOUND = 0, /* Interface not found */ IF2IP_AF_NOT_SUPPORTED = 1, /* Int. exists but has no address for this af */ diff --git a/libs/libcurl/src/imap.c b/libs/libcurl/src/imap.c index a8320e3f18..5d96900f89 100644 --- a/libs/libcurl/src/imap.c +++ b/libs/libcurl/src/imap.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -316,7 +316,7 @@ static bool imap_endofresp(struct connectdata *conn, char *line, size_t len, a space and optionally some text as per RFC-3501 for the AUTHENTICATE and APPEND commands and as outlined in Section 4. Examples of RFC-4959 but some e-mail servers ignore this and only send a single + instead. */ - if(imap && !imap->custom && ((len == 3 && !memcmp("+", line, 1)) || + if(imap && !imap->custom && ((len == 3 && line[0] == '+') || (len >= 2 && !memcmp("+ ", line, 2)))) { switch(imapc->state) { /* States which are interested in continuation responses */ @@ -1362,19 +1362,20 @@ static CURLcode imap_multi_statemach(struct connectdata *conn, bool *done) return result; } - result = Curl_pp_statemach(&imapc->pp, FALSE); + result = Curl_pp_statemach(&imapc->pp, FALSE, FALSE); *done = (imapc->state == IMAP_STOP) ? TRUE : FALSE; return result; } -static CURLcode imap_block_statemach(struct connectdata *conn) +static CURLcode imap_block_statemach(struct connectdata *conn, + bool disconnecting) { CURLcode result = CURLE_OK; struct imap_conn *imapc = &conn->proto.imapc; while(imapc->state != IMAP_STOP && !result) - result = Curl_pp_statemach(&imapc->pp, TRUE); + result = Curl_pp_statemach(&imapc->pp, TRUE, disconnecting); return result; } @@ -1497,7 +1498,7 @@ static CURLcode imap_done(struct connectdata *conn, CURLcode status, non-blocking DONE operations! */ if(!result) - result = imap_block_statemach(conn); + result = imap_block_statemach(conn, FALSE); } /* Cleanup our per-request based variables */ @@ -1635,7 +1636,7 @@ static CURLcode imap_disconnect(struct connectdata *conn, bool dead_connection) point! */ if(!dead_connection && imapc->pp.conn && imapc->pp.conn->bits.protoconnstart) if(!imap_perform_logout(conn)) - (void)imap_block_statemach(conn); /* ignore errors on LOGOUT */ + (void)imap_block_statemach(conn, TRUE); /* ignore errors on LOGOUT */ /* Disconnect from the server */ Curl_pp_disconnect(&imapc->pp); diff --git a/libs/libcurl/src/libcurl.plist b/libs/libcurl/src/libcurl.plist index ca8d642076..13f2cf742a 100644 --- a/libs/libcurl/src/libcurl.plist +++ b/libs/libcurl/src/libcurl.plist @@ -15,7 +15,7 @@ <string>se.haxx.curl.libcurl</string> <key>CFBundleVersion</key> - <string>7.63.0</string> + <string>7.64.0</string> <key>CFBundleName</key> <string>libcurl</string> @@ -27,9 +27,9 @@ <string>????</string> <key>CFBundleShortVersionString</key> - <string>libcurl 7.63.0</string> + <string>libcurl 7.64.0</string> <key>CFBundleGetInfoString</key> - <string>libcurl.plist 7.63.0</string> + <string>libcurl.plist 7.64.0</string> </dict> </plist> diff --git a/libs/libcurl/src/multi.c b/libs/libcurl/src/multi.c index 56b3faf2fa..130226f561 100644 --- a/libs/libcurl/src/multi.c +++ b/libs/libcurl/src/multi.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -114,7 +114,7 @@ static void Curl_init_completed(struct Curl_easy *data) /* Important: reset the conn pointer so that we don't point to memory that could be freed anytime */ - data->easy_conn = NULL; + Curl_detach_connnection(data); Curl_expire_clear(data); /* stop all timers */ } @@ -163,8 +163,8 @@ static void mstate(struct Curl_easy *data, CURLMstate state data->mstate < CURLM_STATE_COMPLETED) { long connection_id = -5000; - if(data->easy_conn) - connection_id = data->easy_conn->connection_id; + if(data->conn) + connection_id = data->conn->connection_id; infof(data, "STATE: %s => %s handle %p; line %d (connection #%ld)\n", @@ -189,14 +189,17 @@ static void mstate(struct Curl_easy *data, CURLMstate state #endif /* - * We add one of these structs to the sockhash for a particular socket + * We add one of these structs to the sockhash for each socket */ struct Curl_sh_entry { - struct Curl_easy *easy; - int action; /* what action READ/WRITE this socket waits for */ - curl_socket_t socket; /* mainly to ease debugging */ + struct curl_llist list; /* list of easy handles using this socket */ + unsigned int action; /* what combined action READ/WRITE this socket waits + for */ void *socketp; /* settable by users with curl_multi_assign() */ + unsigned int users; /* number of transfers using this */ + unsigned int readers; /* this many transfers want to read */ + unsigned int writers; /* this many transfers want to write */ }; /* bits for 'action' having no bits means this socket is not expecting any action */ @@ -215,8 +218,7 @@ static struct Curl_sh_entry *sh_getentry(struct curl_hash *sh, /* make sure this socket is present in the hash for this handle */ static struct Curl_sh_entry *sh_addentry(struct curl_hash *sh, - curl_socket_t s, - struct Curl_easy *data) + curl_socket_t s) { struct Curl_sh_entry *there = sh_getentry(sh, s); struct Curl_sh_entry *check; @@ -230,8 +232,7 @@ static struct Curl_sh_entry *sh_addentry(struct curl_hash *sh, if(!check) return NULL; /* major failure */ - check->easy = data; - check->socket = s; + Curl_llist_init(&check->list, NULL); /* make/add new hash entry */ if(!Curl_hash_add(sh, (char *)&s, sizeof(curl_socket_t), check)) { @@ -516,31 +517,23 @@ static void debug_print_sock_hash(void *p) } #endif -static CURLcode multi_done(struct connectdata **connp, - CURLcode status, /* an error if this is called - after an error was detected */ - bool premature) +static CURLcode multi_done(struct Curl_easy *data, + CURLcode status, /* an error if this is called + after an error was detected */ + bool premature) { CURLcode result; - struct connectdata *conn; - struct Curl_easy *data; + struct connectdata *conn = data->conn; unsigned int i; - DEBUGASSERT(*connp); - - conn = *connp; - data = conn->data; - DEBUGF(infof(data, "multi_done\n")); if(data->state.done) /* Stop if multi_done() has already been called */ return CURLE_OK; - if(data->mstate == CURLM_STATE_WAITRESOLVE) { - /* still waiting for the resolve to complete */ - (void)Curl_resolver_wait_resolv(conn, NULL); - } + /* Stop the resolver and free its own resources (but not dns_entry yet). */ + Curl_resolver_kill(conn); Curl_getoff_all_pipelines(data, conn); @@ -579,7 +572,7 @@ static CURLcode multi_done(struct connectdata **connp, if(conn->send_pipe.size || conn->recv_pipe.size) { /* Stop if pipeline is not empty . */ - data->easy_conn = NULL; + Curl_detach_connnection(data); DEBUGF(infof(data, "Connection still in use %zu/%zu, " "no more multi_done now!\n", conn->send_pipe.size, conn->recv_pipe.size)); @@ -587,7 +580,6 @@ static CURLcode multi_done(struct connectdata **connp, } data->state.done = TRUE; /* called just now! */ - Curl_resolver_cancel(conn); if(conn->dns_entry) { Curl_resolv_unlock(data, conn->dns_entry); /* done with this */ @@ -653,10 +645,7 @@ static CURLcode multi_done(struct connectdata **connp, data->state.lastconnect = NULL; } - *connp = NULL; /* to make the caller of this function better detect that - this was either closed or handed over to the connection - cache here, and therefore cannot be used from this point on - */ + Curl_detach_connnection(data); Curl_free_request_state(data); return result; } @@ -685,7 +674,7 @@ CURLMcode curl_multi_remove_handle(struct Curl_multi *multi, return CURLM_RECURSIVE_API_CALL; premature = (data->mstate < CURLM_STATE_COMPLETED) ? TRUE : FALSE; - easy_owns_conn = (data->easy_conn && (data->easy_conn->data == easy)) ? + easy_owns_conn = (data->conn && (data->conn->data == easy)) ? TRUE : FALSE; /* If the 'state' is not INIT or COMPLETED, we might need to do something @@ -696,16 +685,16 @@ CURLMcode curl_multi_remove_handle(struct Curl_multi *multi, multi->num_alive--; } - if(data->easy_conn && + if(data->conn && data->mstate > CURLM_STATE_DO && data->mstate < CURLM_STATE_COMPLETED) { /* Set connection owner so that the DONE function closes it. We can safely do this here since connection is killed. */ - data->easy_conn->data = easy; + data->conn->data = easy; /* If the handle is in a pipeline and has started sending off its request but not received its response yet, we need to close connection. */ - streamclose(data->easy_conn, "Removed with partial response"); + streamclose(data->conn, "Removed with partial response"); easy_owns_conn = TRUE; } @@ -714,7 +703,7 @@ CURLMcode curl_multi_remove_handle(struct Curl_multi *multi, curl_easy_cleanup is called. */ Curl_expire_clear(data); - if(data->easy_conn) { + if(data->conn) { /* we must call multi_done() here (if we still own the connection) so that we don't leave a half-baked one around */ @@ -725,11 +714,11 @@ CURLMcode curl_multi_remove_handle(struct Curl_multi *multi, Note that this ignores the return code simply because there's nothing really useful to do with it anyway! */ - (void)multi_done(&data->easy_conn, data->result, premature); + (void)multi_done(data, data->result, premature); } else /* Clear connection pipelines, if multi_done above was not called */ - Curl_getoff_all_pipelines(data, data->easy_conn); + Curl_getoff_all_pipelines(data, data->conn); } if(data->connect_queue.ptr) @@ -761,9 +750,9 @@ CURLMcode curl_multi_remove_handle(struct Curl_multi *multi, vanish with this handle */ /* Remove the association between the connection and the handle */ - if(data->easy_conn) { - data->easy_conn->data = NULL; - data->easy_conn = NULL; + if(data->conn) { + data->conn->data = NULL; + Curl_detach_connnection(data); } #ifdef USE_LIBPSL @@ -813,9 +802,19 @@ bool Curl_pipeline_wanted(const struct Curl_multi *multi, int bits) return (multi && (multi->pipelining & bits)) ? TRUE : FALSE; } -void Curl_multi_handlePipeBreak(struct Curl_easy *data) +/* This is the only function that should clear data->conn. This will + occasionally be called with the pointer already cleared. */ +void Curl_detach_connnection(struct Curl_easy *data) +{ + data->conn = NULL; +} + +/* This is the only function that should assign data->conn */ +void Curl_attach_connnection(struct Curl_easy *data, + struct connectdata *conn) { - data->easy_conn = NULL; + DEBUGASSERT(!data->conn); + data->conn = conn; } static int waitconnect_getsock(struct connectdata *conn, @@ -879,13 +878,13 @@ static int multi_getsock(struct Curl_easy *data, /* The no connection case can happen when this is called from curl_multi_remove_handle() => singlesocket() => multi_getsock(). */ - if(!data->easy_conn) + if(!data->conn) return 0; if(data->mstate > CURLM_STATE_CONNECT && data->mstate < CURLM_STATE_COMPLETED) { /* Set up ownership correctly */ - data->easy_conn->data = data; + data->conn->data = data; } switch(data->mstate) { @@ -906,31 +905,31 @@ static int multi_getsock(struct Curl_easy *data, return 0; case CURLM_STATE_WAITRESOLVE: - return Curl_resolv_getsock(data->easy_conn, socks, numsocks); + return Curl_resolv_getsock(data->conn, socks, numsocks); case CURLM_STATE_PROTOCONNECT: case CURLM_STATE_SENDPROTOCONNECT: - return Curl_protocol_getsock(data->easy_conn, socks, numsocks); + return Curl_protocol_getsock(data->conn, socks, numsocks); case CURLM_STATE_DO: case CURLM_STATE_DOING: - return Curl_doing_getsock(data->easy_conn, socks, numsocks); + return Curl_doing_getsock(data->conn, socks, numsocks); case CURLM_STATE_WAITPROXYCONNECT: - return waitproxyconnect_getsock(data->easy_conn, socks, numsocks); + return waitproxyconnect_getsock(data->conn, socks, numsocks); case CURLM_STATE_WAITCONNECT: - return waitconnect_getsock(data->easy_conn, socks, numsocks); + return waitconnect_getsock(data->conn, socks, numsocks); case CURLM_STATE_DO_MORE: - return domore_getsock(data->easy_conn, socks, numsocks); + return domore_getsock(data->conn, socks, numsocks); case CURLM_STATE_DO_DONE: /* since is set after DO is completed, we switch to waiting for the same as the *PERFORM states */ case CURLM_STATE_PERFORM: case CURLM_STATE_WAITPERFORM: - return Curl_single_getsock(data->easy_conn, socks, numsocks); + return Curl_single_getsock(data->conn, socks, numsocks); } } @@ -1202,17 +1201,16 @@ CURLMcode Curl_multi_add_perform(struct Curl_multi *multi, /* take this handle to the perform state right away */ multistate(data, CURLM_STATE_PERFORM); - data->easy_conn = conn; + Curl_attach_connnection(data, conn); k->keepon |= KEEP_RECV; /* setup to receive! */ } return rc; } -static CURLcode multi_reconnect_request(struct connectdata **connp) +static CURLcode multi_reconnect_request(struct Curl_easy *data) { CURLcode result = CURLE_OK; - struct connectdata *conn = *connp; - struct Curl_easy *data = conn->data; + struct connectdata *conn = data->conn; /* This was a re-use of a connection and we got a write error in the * DO-phase. Then we DISCONNECT this connection and have another attempt to @@ -1223,11 +1221,9 @@ static CURLcode multi_reconnect_request(struct connectdata **connp) infof(data, "Re-used connection seems dead, get a new one\n"); connclose(conn, "Reconnect dead connection"); /* enforce close */ - result = multi_done(&conn, result, FALSE); /* we are so done with this */ + result = multi_done(data, result, FALSE); /* we are so done with this */ - /* conn may no longer be a good pointer, clear it to avoid mistakes by - parent functions */ - *connp = NULL; + /* data->conn was detached in multi_done() */ /* * We need to check for CURLE_SEND_ERROR here as well. This could happen @@ -1239,11 +1235,11 @@ static CURLcode multi_reconnect_request(struct connectdata **connp) bool protocol_done = TRUE; /* Now, redo the connect and get a new connection */ - result = Curl_connect(data, connp, &async, &protocol_done); + result = Curl_connect(data, &async, &protocol_done); if(!result) { /* We have connected or sent away a name resolve query fine */ - conn = *connp; /* setup conn to again point to something nice */ + conn = data->conn; /* in case it was updated */ if(async) { /* Now, if async is TRUE here, we need to wait for the name to resolve */ @@ -1276,11 +1272,10 @@ static void do_complete(struct connectdata *conn) Curl_pgrsTime(conn->data, TIMER_PRETRANSFER); } -static CURLcode multi_do(struct connectdata **connp, bool *done) +static CURLcode multi_do(struct Curl_easy *data, bool *done) { CURLcode result = CURLE_OK; - struct connectdata *conn = *connp; - struct Curl_easy *data = conn->data; + struct connectdata *conn = data->conn; if(conn->handler->do_it) { /* generic protocol-specific function pointer set in curl_connect() */ @@ -1294,12 +1289,12 @@ static CURLcode multi_do(struct connectdata **connp, bool *done) * figure out how to re-establish the connection. */ if(!data->multi) { - result = multi_reconnect_request(connp); + result = multi_reconnect_request(data); if(!result) { /* ... finally back to actually retry the DO phase */ - conn = *connp; /* re-assign conn since multi_reconnect_request - creates a new connection */ + conn = data->conn; /* re-assign conn since multi_reconnect_request + creates a new connection */ result = conn->handler->do_it(conn, done); } } @@ -1368,13 +1363,13 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, bool stream_error = FALSE; rc = CURLM_OK; - if(!data->easy_conn && + if(!data->conn && data->mstate > CURLM_STATE_CONNECT && data->mstate < CURLM_STATE_DONE) { - /* In all these states, the code will blindly access 'data->easy_conn' + /* In all these states, the code will blindly access 'data->conn' so this is precaution that it isn't NULL. And it silences static analyzers. */ - failf(data, "In state %d with no easy_conn, bail out!\n", data->mstate); + failf(data, "In state %d with no conn, bail out!\n", data->mstate); return CURLM_INTERNAL_ERROR; } @@ -1383,13 +1378,13 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, process_pending_handles(multi); /* pipelined/multiplexed */ } - if(data->easy_conn && data->mstate > CURLM_STATE_CONNECT && + if(data->conn && data->mstate > CURLM_STATE_CONNECT && data->mstate < CURLM_STATE_COMPLETED) { /* Make sure we set the connection's current owner */ - data->easy_conn->data = data; + data->conn->data = data; } - if(data->easy_conn && + if(data->conn && (data->mstate >= CURLM_STATE_CONNECT) && (data->mstate < CURLM_STATE_COMPLETED)) { /* we need to wait for the connect state as only then is the start time @@ -1401,23 +1396,26 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, if(timeout_ms < 0) { /* Handle timed out */ if(data->mstate == CURLM_STATE_WAITRESOLVE) - failf(data, "Resolving timed out after %ld milliseconds", + failf(data, "Resolving timed out after %" CURL_FORMAT_TIMEDIFF_T + " milliseconds", Curl_timediff(now, data->progress.t_startsingle)); else if(data->mstate == CURLM_STATE_WAITCONNECT) - failf(data, "Connection timed out after %ld milliseconds", + failf(data, "Connection timed out after %" CURL_FORMAT_TIMEDIFF_T + " milliseconds", Curl_timediff(now, data->progress.t_startsingle)); else { k = &data->req; if(k->size != -1) { - failf(data, "Operation timed out after %ld milliseconds with %" - CURL_FORMAT_CURL_OFF_T " out of %" + failf(data, "Operation timed out after %" CURL_FORMAT_TIMEDIFF_T + " milliseconds with %" CURL_FORMAT_CURL_OFF_T " out of %" CURL_FORMAT_CURL_OFF_T " bytes received", Curl_timediff(now, data->progress.t_startsingle), k->bytecount, k->size); } else { - failf(data, "Operation timed out after %ld milliseconds with %" - CURL_FORMAT_CURL_OFF_T " bytes received", + failf(data, "Operation timed out after %" CURL_FORMAT_TIMEDIFF_T + " milliseconds with %" CURL_FORMAT_CURL_OFF_T + " bytes received", Curl_timediff(now, data->progress.t_startsingle), k->bytecount); } @@ -1425,11 +1423,11 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, /* Force connection closed if the connection has indeed been used */ if(data->mstate > CURLM_STATE_DO) { - streamclose(data->easy_conn, "Disconnected with pending data"); + streamclose(data->conn, "Disconnected with pending data"); stream_error = TRUE; } result = CURLE_OPERATION_TIMEDOUT; - (void)multi_done(&data->easy_conn, result, TRUE); + (void)multi_done(data, result, TRUE); /* Skip the statemachine and go directly to error handling section. */ goto statemachine_end; } @@ -1456,8 +1454,13 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, case CURLM_STATE_CONNECT: /* Connect. We want to get a connection identifier filled in. */ Curl_pgrsTime(data, TIMER_STARTSINGLE); - result = Curl_connect(data, &data->easy_conn, - &async, &protocol_connect); + if(data->set.timeout) + Curl_expire(data, data->set.timeout, EXPIRE_TIMEOUT); + + if(data->set.connecttimeout) + Curl_expire(data, data->set.connecttimeout, EXPIRE_CONNECTTIMEOUT); + + result = Curl_connect(data, &async, &protocol_connect); if(CURLE_NO_CONNECTION_AVAILABLE == result) { /* There was no connection available. We will go to the pending state and wait for an available connection. */ @@ -1472,7 +1475,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, if(!result) { /* Add this handle to the send or pend pipeline */ - result = Curl_add_handle_to_pipeline(data, data->easy_conn); + result = Curl_add_handle_to_pipeline(data, data->conn); if(result) stream_error = TRUE; else { @@ -1490,7 +1493,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, CURLM_STATE_WAITDO:CURLM_STATE_DO); else { #ifndef CURL_DISABLE_HTTP - if(Curl_connect_ongoing(data->easy_conn)) + if(Curl_connect_ongoing(data->conn)) multistate(data, CURLM_STATE_WAITPROXYCONNECT); else #endif @@ -1505,7 +1508,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, /* awaiting an asynch name resolve to complete */ { struct Curl_dns_entry *dns = NULL; - struct connectdata *conn = data->easy_conn; + struct connectdata *conn = data->conn; const char *hostname; if(conn->bits.httpproxy) @@ -1528,7 +1531,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, } if(!dns) - result = Curl_resolv_check(data->easy_conn, &dns); + result = Curl_resolv_check(data->conn, &dns); /* Update sockets here, because the socket(s) may have been closed and the application thus needs to be told, even if it @@ -1541,12 +1544,12 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, if(dns) { /* Perform the next step in the connection phase, and then move on to the WAITCONNECT state */ - result = Curl_once_resolved(data->easy_conn, &protocol_connect); + result = Curl_once_resolved(data->conn, &protocol_connect); if(result) /* if Curl_once_resolved() returns failure, the connection struct is already freed and gone */ - data->easy_conn = NULL; /* no more connection */ + Curl_detach_connnection(data); /* no more connection */ else { /* call again please so that we get the next socket setup */ rc = CURLM_CALL_MULTI_PERFORM; @@ -1555,7 +1558,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, CURLM_STATE_WAITDO:CURLM_STATE_DO); else { #ifndef CURL_DISABLE_HTTP - if(Curl_connect_ongoing(data->easy_conn)) + if(Curl_connect_ongoing(data->conn)) multistate(data, CURLM_STATE_WAITPROXYCONNECT); else #endif @@ -1575,19 +1578,19 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, #ifndef CURL_DISABLE_HTTP case CURLM_STATE_WAITPROXYCONNECT: /* this is HTTP-specific, but sending CONNECT to a proxy is HTTP... */ - result = Curl_http_connect(data->easy_conn, &protocol_connect); + result = Curl_http_connect(data->conn, &protocol_connect); - if(data->easy_conn->bits.proxy_connect_closed) { + if(data->conn->bits.proxy_connect_closed) { rc = CURLM_CALL_MULTI_PERFORM; /* connect back to proxy again */ result = CURLE_OK; - multi_done(&data->easy_conn, CURLE_OK, FALSE); + multi_done(data, CURLE_OK, FALSE); multistate(data, CURLM_STATE_CONNECT); } else if(!result) { - if((data->easy_conn->http_proxy.proxytype != CURLPROXY_HTTPS || - data->easy_conn->bits.proxy_ssl_connected[FIRSTSOCKET]) && - Curl_connect_complete(data->easy_conn)) { + if((data->conn->http_proxy.proxytype != CURLPROXY_HTTPS || + data->conn->bits.proxy_ssl_connected[FIRSTSOCKET]) && + Curl_connect_complete(data->conn)) { rc = CURLM_CALL_MULTI_PERFORM; /* initiate protocol connect phase */ multistate(data, CURLM_STATE_SENDPROTOCONNECT); @@ -1600,18 +1603,18 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, case CURLM_STATE_WAITCONNECT: /* awaiting a completion of an asynch TCP connect */ - result = Curl_is_connected(data->easy_conn, FIRSTSOCKET, &connected); + result = Curl_is_connected(data->conn, FIRSTSOCKET, &connected); if(connected && !result) { #ifndef CURL_DISABLE_HTTP - if((data->easy_conn->http_proxy.proxytype == CURLPROXY_HTTPS && - !data->easy_conn->bits.proxy_ssl_connected[FIRSTSOCKET]) || - Curl_connect_ongoing(data->easy_conn)) { + if((data->conn->http_proxy.proxytype == CURLPROXY_HTTPS && + !data->conn->bits.proxy_ssl_connected[FIRSTSOCKET]) || + Curl_connect_ongoing(data->conn)) { multistate(data, CURLM_STATE_WAITPROXYCONNECT); break; } #endif rc = CURLM_CALL_MULTI_PERFORM; - multistate(data, data->easy_conn->bits.tunnel_proxy? + multistate(data, data->conn->bits.tunnel_proxy? CURLM_STATE_WAITPROXYCONNECT: CURLM_STATE_SENDPROTOCONNECT); } @@ -1624,7 +1627,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, break; case CURLM_STATE_SENDPROTOCONNECT: - result = Curl_protocol_connect(data->easy_conn, &protocol_connect); + result = Curl_protocol_connect(data->conn, &protocol_connect); if(!result && !protocol_connect) /* switch to waiting state */ multistate(data, CURLM_STATE_PROTOCONNECT); @@ -1637,14 +1640,14 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, else if(result) { /* failure detected */ Curl_posttransfer(data); - multi_done(&data->easy_conn, result, TRUE); + multi_done(data, result, TRUE); stream_error = TRUE; } break; case CURLM_STATE_PROTOCONNECT: /* protocol-specific connect phase */ - result = Curl_protocol_connecting(data->easy_conn, &protocol_connect); + result = Curl_protocol_connecting(data->conn, &protocol_connect); if(!result && protocol_connect) { /* after the connect has completed, go WAITDO or DO */ multistate(data, Curl_pipeline_wanted(multi, CURLPIPE_HTTP1)? @@ -1654,14 +1657,14 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, else if(result) { /* failure detected */ Curl_posttransfer(data); - multi_done(&data->easy_conn, result, TRUE); + multi_done(data, result, TRUE); stream_error = TRUE; } break; case CURLM_STATE_WAITDO: /* Wait for our turn to DO when we're pipelining requests */ - if(Curl_pipeline_checkget_write(data, data->easy_conn)) { + if(Curl_pipeline_checkget_write(data, data->conn)) { /* Grabbed the channel */ multistate(data, CURLM_STATE_DO); rc = CURLM_CALL_MULTI_PERFORM; @@ -1671,16 +1674,16 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, case CURLM_STATE_DO: if(data->set.connect_only) { /* keep connection open for application to use the socket */ - connkeep(data->easy_conn, "CONNECT_ONLY"); + connkeep(data->conn, "CONNECT_ONLY"); multistate(data, CURLM_STATE_DONE); result = CURLE_OK; rc = CURLM_CALL_MULTI_PERFORM; } else { /* Perform the protocol's DO action */ - result = multi_do(&data->easy_conn, &dophase_done); + result = multi_do(data, &dophase_done); - /* When multi_do() returns failure, data->easy_conn might be NULL! */ + /* When multi_do() returns failure, data->conn might be NULL! */ if(!result) { if(!dophase_done) { @@ -1689,7 +1692,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, struct WildcardData *wc = &data->wildcard; if(wc->state == CURLWC_DONE || wc->state == CURLWC_SKIP) { /* skip some states if it is important */ - multi_done(&data->easy_conn, CURLE_OK, FALSE); + multi_done(data, CURLE_OK, FALSE); multistate(data, CURLM_STATE_DONE); rc = CURLM_CALL_MULTI_PERFORM; break; @@ -1702,7 +1705,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, } /* after DO, go DO_DONE... or DO_MORE */ - else if(data->easy_conn->bits.do_more) { + else if(data->conn->bits.do_more) { /* we're supposed to do more, but we need to sit down, relax and wait a little while first */ multistate(data, CURLM_STATE_DO_MORE); @@ -1715,7 +1718,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, } } else if((CURLE_SEND_ERROR == result) && - data->easy_conn->bits.reuse) { + data->conn->bits.reuse) { /* * In this situation, a connection that we were trying to use * may have unexpectedly died. If possible, send the connection @@ -1725,7 +1728,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, followtype follow = FOLLOW_NONE; CURLcode drc; - drc = Curl_retry_request(data->easy_conn, &newurl); + drc = Curl_retry_request(data->conn, &newurl); if(drc) { /* a failure here pretty much implies an out of memory */ result = drc; @@ -1733,7 +1736,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, } Curl_posttransfer(data); - drc = multi_done(&data->easy_conn, result, FALSE); + drc = multi_done(data, result, FALSE); /* When set to retry the connection, we must to go back to * the CONNECT state */ @@ -1765,8 +1768,8 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, else { /* failure detected */ Curl_posttransfer(data); - if(data->easy_conn) - multi_done(&data->easy_conn, result, FALSE); + if(data->conn) + multi_done(data, result, FALSE); stream_error = TRUE; } } @@ -1774,12 +1777,12 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, case CURLM_STATE_DOING: /* we continue DOING until the DO phase is complete */ - result = Curl_protocol_doing(data->easy_conn, + result = Curl_protocol_doing(data->conn, &dophase_done); if(!result) { if(dophase_done) { /* after DO, go DO_DONE or DO_MORE */ - multistate(data, data->easy_conn->bits.do_more? + multistate(data, data->conn->bits.do_more? CURLM_STATE_DO_MORE: CURLM_STATE_DO_DONE); rc = CURLM_CALL_MULTI_PERFORM; @@ -1788,7 +1791,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, else { /* failure detected */ Curl_posttransfer(data); - multi_done(&data->easy_conn, result, FALSE); + multi_done(data, result, FALSE); stream_error = TRUE; } break; @@ -1797,7 +1800,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, /* * When we are connected, DO MORE and then go DO_DONE */ - result = multi_do_more(data->easy_conn, &control); + result = multi_do_more(data->conn, &control); /* No need to remove this handle from the send pipeline here since that is done in multi_done() */ @@ -1817,27 +1820,27 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, else { /* failure detected */ Curl_posttransfer(data); - multi_done(&data->easy_conn, result, FALSE); + multi_done(data, result, FALSE); stream_error = TRUE; } break; case CURLM_STATE_DO_DONE: /* Move ourselves from the send to recv pipeline */ - Curl_move_handle_from_send_to_recv_pipe(data, data->easy_conn); + Curl_move_handle_from_send_to_recv_pipe(data, data->conn); - if(data->easy_conn->bits.multiplex || data->easy_conn->send_pipe.size) + if(data->conn->bits.multiplex || data->conn->send_pipe.size) /* Check if we can move pending requests to send pipe */ process_pending_handles(multi); /* pipelined/multiplexed */ /* Only perform the transfer if there's a good socket to work with. Having both BAD is a signal to skip immediately to DONE */ - if((data->easy_conn->sockfd != CURL_SOCKET_BAD) || - (data->easy_conn->writesockfd != CURL_SOCKET_BAD)) + if((data->conn->sockfd != CURL_SOCKET_BAD) || + (data->conn->writesockfd != CURL_SOCKET_BAD)) multistate(data, CURLM_STATE_WAITPERFORM); else { if(data->state.wildcardmatch && - ((data->easy_conn->handler->flags & PROTOPT_WILDCARD) == 0)) { + ((data->conn->handler->flags & PROTOPT_WILDCARD) == 0)) { data->wildcard.state = CURLWC_DONE; } multistate(data, CURLM_STATE_DONE); @@ -1847,7 +1850,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, case CURLM_STATE_WAITPERFORM: /* Wait for our turn to PERFORM */ - if(Curl_pipeline_checkget_read(data, data->easy_conn)) { + if(Curl_pipeline_checkget_read(data, data->conn)) { /* Grabbed the channel */ multistate(data, CURLM_STATE_PERFORM); rc = CURLM_CALL_MULTI_PERFORM; @@ -1856,7 +1859,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, case CURLM_STATE_TOOFAST: /* limit-rate exceeded in either direction */ /* if both rates are within spec, resume transfer */ - if(Curl_pgrsUpdate(data->easy_conn)) + if(Curl_pgrsUpdate(data->conn)) result = CURLE_ABORTED_BY_CALLBACK; else result = Curl_speedcheck(data, now); @@ -1926,24 +1929,24 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, } /* read/write data if it is ready to do so */ - result = Curl_readwrite(data->easy_conn, data, &done, &comeback); + result = Curl_readwrite(data->conn, data, &done, &comeback); k = &data->req; if(!(k->keepon & KEEP_RECV)) /* We're done receiving */ - Curl_pipeline_leave_read(data->easy_conn); + Curl_pipeline_leave_read(data->conn); if(!(k->keepon & KEEP_SEND)) /* We're done sending */ - Curl_pipeline_leave_write(data->easy_conn); + Curl_pipeline_leave_write(data->conn); if(done || (result == CURLE_RECV_ERROR)) { /* If CURLE_RECV_ERROR happens early enough, we assume it was a race * condition and the server closed the re-used connection exactly when * we wanted to use it, so figure out if that is indeed the case. */ - CURLcode ret = Curl_retry_request(data->easy_conn, &newurl); + CURLcode ret = Curl_retry_request(data->conn, &newurl); if(!ret) retry = (newurl)?TRUE:FALSE; else if(!result) @@ -1957,8 +1960,8 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, } } else if((CURLE_HTTP2_STREAM == result) && - Curl_h2_http_1_1_error(data->easy_conn)) { - CURLcode ret = Curl_retry_request(data->easy_conn, &newurl); + Curl_h2_http_1_1_error(data->conn)) { + CURLcode ret = Curl_retry_request(data->conn, &newurl); infof(data, "Forcing HTTP/1.1 for NTLM"); data->set.httpversion = CURL_HTTP_VERSION_1_1; @@ -1985,12 +1988,12 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, * happened in the data connection. */ - if(!(data->easy_conn->handler->flags & PROTOPT_DUAL) && + if(!(data->conn->handler->flags & PROTOPT_DUAL) && result != CURLE_HTTP2_STREAM) - streamclose(data->easy_conn, "Transfer returned error"); + streamclose(data->conn, "Transfer returned error"); Curl_posttransfer(data); - multi_done(&data->easy_conn, result, TRUE); + multi_done(data, result, TRUE); } else if(done) { followtype follow = FOLLOW_NONE; @@ -1999,11 +2002,11 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, Curl_posttransfer(data); /* we're no longer receiving */ - Curl_removeHandleFromPipeline(data, &data->easy_conn->recv_pipe); + Curl_removeHandleFromPipeline(data, &data->conn->recv_pipe); /* expire the new receiving pipeline head */ - if(data->easy_conn->recv_pipe.head) - Curl_expire(data->easy_conn->recv_pipe.head->ptr, 0, EXPIRE_RUN_NOW); + if(data->conn->recv_pipe.head) + Curl_expire(data->conn->recv_pipe.head->ptr, 0, EXPIRE_RUN_NOW); /* When we follow redirects or is set to retry the connection, we must to go back to the CONNECT state */ @@ -2018,7 +2021,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, } else follow = FOLLOW_RETRY; - result = multi_done(&data->easy_conn, CURLE_OK, FALSE); + result = multi_done(data, CURLE_OK, FALSE); if(!result) { result = Curl_follow(data, newurl, follow); if(!result) { @@ -2041,7 +2044,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, free(newurl); if(result) { stream_error = TRUE; - result = multi_done(&data->easy_conn, result, TRUE); + result = multi_done(data, result, TRUE); } } @@ -2060,18 +2063,18 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, /* this state is highly transient, so run another loop after this */ rc = CURLM_CALL_MULTI_PERFORM; - if(data->easy_conn) { + if(data->conn) { CURLcode res; /* Remove ourselves from the receive pipeline, if we are there. */ - Curl_removeHandleFromPipeline(data, &data->easy_conn->recv_pipe); + Curl_removeHandleFromPipeline(data, &data->conn->recv_pipe); - if(data->easy_conn->bits.multiplex || data->easy_conn->send_pipe.size) + if(data->conn->bits.multiplex || data->conn->send_pipe.size) /* Check if we can move pending requests to connection */ process_pending_handles(multi); /* pipelined/multiplexing */ /* post-transfer command */ - res = multi_done(&data->easy_conn, result, FALSE); + res = multi_done(data, result, FALSE); /* allow a previously set error code take precedence */ if(!result) @@ -2079,12 +2082,12 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, /* * If there are other handles on the pipeline, multi_done won't set - * easy_conn to NULL. In such a case, curl_multi_remove_handle() can + * conn to NULL. In such a case, curl_multi_remove_handle() can * access free'd data, if the connection is free'd and the handle * removed before we perform the processing in CURLM_STATE_COMPLETED */ - if(data->easy_conn) - data->easy_conn = NULL; + if(data->conn) + Curl_detach_connnection(data); } if(data->state.wildcardmatch) { @@ -2126,23 +2129,23 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, /* Check if we can move pending requests to send pipe */ process_pending_handles(multi); /* connection */ - if(data->easy_conn) { + if(data->conn) { /* if this has a connection, unsubscribe from the pipelines */ - Curl_pipeline_leave_write(data->easy_conn); - Curl_pipeline_leave_read(data->easy_conn); - Curl_removeHandleFromPipeline(data, &data->easy_conn->send_pipe); - Curl_removeHandleFromPipeline(data, &data->easy_conn->recv_pipe); + Curl_pipeline_leave_write(data->conn); + Curl_pipeline_leave_read(data->conn); + Curl_removeHandleFromPipeline(data, &data->conn->send_pipe); + Curl_removeHandleFromPipeline(data, &data->conn->recv_pipe); if(stream_error) { /* Don't attempt to send data over a connection that timed out */ bool dead_connection = result == CURLE_OPERATION_TIMEDOUT; /* disconnect properly */ - Curl_disconnect(data, data->easy_conn, dead_connection); + Curl_disconnect(data, data->conn, dead_connection); - /* This is where we make sure that the easy_conn pointer is reset. + /* This is where we make sure that the conn pointer is reset. We don't have to do this in every case block above where a failure is detected */ - data->easy_conn = NULL; + Curl_detach_connnection(data); } } else if(data->mstate == CURLM_STATE_CONNECT) { @@ -2154,11 +2157,11 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, rc = CURLM_CALL_MULTI_PERFORM; } /* if there's still a connection to use, call the progress function */ - else if(data->easy_conn && Curl_pgrsUpdate(data->easy_conn)) { + else if(data->conn && Curl_pgrsUpdate(data->conn)) { /* aborted due to progress callback return code must close the connection */ result = CURLE_ABORTED_BY_CALLBACK; - streamclose(data->easy_conn, "Aborted by callback"); + streamclose(data->conn, "Aborted by callback"); /* if not yet in DONE state, go there, otherwise COMPLETED */ multistate(data, (data->mstate < CURLM_STATE_DONE)? @@ -2181,7 +2184,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, msg->extmsg.data.result = result; rc = multi_addmsg(multi, msg); - DEBUGASSERT(!data->easy_conn); + DEBUGASSERT(!data->conn); } multistate(data, CURLM_STATE_MSGSENT); } @@ -2261,9 +2264,9 @@ CURLMcode curl_multi_cleanup(struct Curl_multi *multi) data = multi->easyp; while(data) { nextdata = data->next; - if(!data->state.done && data->easy_conn) + if(!data->state.done && data->conn) /* if DONE was never called for this handle */ - (void)multi_done(&data->easy_conn, CURLE_OK, TRUE); + (void)multi_done(data, CURLE_OK, TRUE); if(data->dns.hostcachetype == HCACHE_MULTI) { /* clear out the usage of the shared DNS cache */ Curl_hostcache_clean(data, data->dns.hostcache); @@ -2356,6 +2359,9 @@ static CURLMcode singlesocket(struct Curl_multi *multi, curl_socket_t s; int num; unsigned int curraction; + int actions[MAX_SOCKSPEREASYHANDLE]; + unsigned int comboaction; + bool sincebefore = FALSE; for(i = 0; i< MAX_SOCKSPEREASYHANDLE; i++) socks[i] = CURL_SOCKET_BAD; @@ -2372,7 +2378,8 @@ static CURLMcode singlesocket(struct Curl_multi *multi, for(i = 0; (i< MAX_SOCKSPEREASYHANDLE) && (curraction & (GETSOCK_READSOCK(i) | GETSOCK_WRITESOCK(i))); i++) { - int action = CURL_POLL_NONE; + unsigned int action = CURL_POLL_NONE; + unsigned int prevaction = 0; s = socks[i]; @@ -2384,29 +2391,70 @@ static CURLMcode singlesocket(struct Curl_multi *multi, if(curraction & GETSOCK_WRITESOCK(i)) action |= CURL_POLL_OUT; + actions[i] = action; if(entry) { - /* yeps, already present so check if it has the same action set */ - if(entry->action == action) - /* same, continue */ - continue; + /* check if new for this transfer */ + for(i = 0; i< data->numsocks; i++) { + if(s == data->sockets[i]) { + prevaction = data->actions[i]; + sincebefore = TRUE; + break; + } + } + } else { - /* this is a socket we didn't have before, add it! */ - entry = sh_addentry(&multi->sockhash, s, data); + /* this is a socket we didn't have before, add it to the hash! */ + entry = sh_addentry(&multi->sockhash, s); if(!entry) /* fatal */ return CURLM_OUT_OF_MEMORY; } + if(sincebefore && (prevaction != action)) { + /* Socket was used already, but different action now */ + if(prevaction & CURL_POLL_IN) + entry->readers--; + if(prevaction & CURL_POLL_OUT) + entry->writers--; + if(action & CURL_POLL_IN) + entry->readers++; + if(action & CURL_POLL_OUT) + entry->writers++; + } + else if(!sincebefore) { + /* a new user */ + entry->users++; + if(action & CURL_POLL_IN) + entry->readers++; + if(action & CURL_POLL_OUT) + entry->writers++; + + /* add 'data' to the list of handles using this socket! */ + Curl_llist_insert_next(&entry->list, entry->list.tail, + data, &data->sh_queue); + } + + comboaction = (entry->writers? CURL_POLL_OUT : 0) | + (entry->readers ? CURL_POLL_IN : 0); + +#if 0 + infof(data, "--- Comboaction: %u readers %u writers\n", + entry->readers, entry->writers); +#endif + /* check if it has the same action set */ + if(entry->action == comboaction) + /* same, continue */ + continue; /* we know (entry != NULL) at this point, see the logic above */ if(multi->socket_cb) multi->socket_cb(data, s, - action, + comboaction, multi->socket_userp, entry->socketp); - entry->action = action; /* store the current action state */ + entry->action = comboaction; /* store the current action state */ } num = i; /* number of sockets */ @@ -2415,73 +2463,45 @@ static CURLMcode singlesocket(struct Curl_multi *multi, make sure to detect sockets that are removed */ for(i = 0; i< data->numsocks; i++) { int j; + bool stillused = FALSE; s = data->sockets[i]; - for(j = 0; j<num; j++) { + for(j = 0; j < num; j++) { if(s == socks[j]) { /* this is still supervised */ - s = CURL_SOCKET_BAD; + stillused = TRUE; break; } } + if(stillused) + continue; entry = sh_getentry(&multi->sockhash, s); + /* if this is NULL here, the socket has been closed and notified so + already by Curl_multi_closed() */ if(entry) { - /* this socket has been removed. Tell the app to remove it */ - bool remove_sock_from_hash = TRUE; - - /* check if the socket to be removed serves a connection which has - other easy-s in a pipeline. In this case the socket should not be - removed. */ - struct connectdata *easy_conn = data->easy_conn; - if(easy_conn) { - if(easy_conn->recv_pipe.size > 1) { - /* the handle should not be removed from the pipe yet */ - remove_sock_from_hash = FALSE; - - /* Update the sockhash entry to instead point to the next in line - for the recv_pipe, or the first (in case this particular easy - isn't already) */ - if(entry->easy == data) { - if(Curl_recvpipe_head(data, easy_conn)) - entry->easy = easy_conn->recv_pipe.head->next->ptr; - else - entry->easy = easy_conn->recv_pipe.head->ptr; - } - } - if(easy_conn->send_pipe.size > 1) { - /* the handle should not be removed from the pipe yet */ - remove_sock_from_hash = FALSE; - - /* Update the sockhash entry to instead point to the next in line - for the send_pipe, or the first (in case this particular easy - isn't already) */ - if(entry->easy == data) { - if(Curl_sendpipe_head(data, easy_conn)) - entry->easy = easy_conn->send_pipe.head->next->ptr; - else - entry->easy = easy_conn->send_pipe.head->ptr; - } - } - /* Don't worry about overwriting recv_pipe head with send_pipe_head, - when action will be asked on the socket (see multi_socket()), the - head of the correct pipe will be taken according to the - action. */ - } - - if(remove_sock_from_hash) { - /* in this case 'entry' is always non-NULL */ + int oldactions = data->actions[i]; + /* this socket has been removed. Decrease user count */ + entry->users--; + if(oldactions & CURL_POLL_OUT) + entry->writers--; + if(oldactions & CURL_POLL_IN) + entry->readers--; + if(!entry->users) { if(multi->socket_cb) - multi->socket_cb(data, - s, - CURL_POLL_REMOVE, + multi->socket_cb(data, s, CURL_POLL_REMOVE, multi->socket_userp, entry->socketp); sh_delentry(&multi->sockhash, s); } - } /* if sockhash entry existed */ + else { + /* remove this transfer as a user of this socket */ + Curl_llist_remove(&entry->list, &data->sh_queue, NULL); + } + } } /* for loop over numsocks */ memcpy(data->sockets, socks, num*sizeof(curl_socket_t)); + memcpy(data->actions, actions, num*sizeof(int)); data->numsocks = num; return CURLM_OK; } @@ -2621,46 +2641,50 @@ static CURLMcode multi_socket(struct Curl_multi *multi, and just move on. */ ; else { + struct curl_llist *list = &entry->list; + struct curl_llist_element *e; SIGPIPE_VARIABLE(pipe_st); - data = entry->easy; - - if(data->magic != CURLEASY_MAGIC_NUMBER) - /* bad bad bad bad bad bad bad */ - return CURLM_INTERNAL_ERROR; - - /* If the pipeline is enabled, take the handle which is in the head of - the pipeline. If we should write into the socket, take the send_pipe - head. If we should read from the socket, take the recv_pipe head. */ - if(data->easy_conn) { - if((ev_bitmask & CURL_POLL_OUT) && - data->easy_conn->send_pipe.head) - data = data->easy_conn->send_pipe.head->ptr; - else if((ev_bitmask & CURL_POLL_IN) && - data->easy_conn->recv_pipe.head) - data = data->easy_conn->recv_pipe.head->ptr; - } + /* the socket can be shared by many transfers, iterate */ + for(e = list->head; e; e = e->next) { + data = (struct Curl_easy *)e->ptr; + + if(data->magic != CURLEASY_MAGIC_NUMBER) + /* bad bad bad bad bad bad bad */ + return CURLM_INTERNAL_ERROR; + + /* If the pipeline is enabled, take the handle which is in the head of + the pipeline. If we should write into the socket, take the + send_pipe head. If we should read from the socket, take the + recv_pipe head. */ + if(data->conn) { + if((ev_bitmask & CURL_POLL_OUT) && + data->conn->send_pipe.head) + data = data->conn->send_pipe.head->ptr; + else if((ev_bitmask & CURL_POLL_IN) && + data->conn->recv_pipe.head) + data = data->conn->recv_pipe.head->ptr; + } - if(data->easy_conn && - !(data->easy_conn->handler->flags & PROTOPT_DIRLOCK)) - /* set socket event bitmask if they're not locked */ - data->easy_conn->cselect_bits = ev_bitmask; + if(data->conn && !(data->conn->handler->flags & PROTOPT_DIRLOCK)) + /* set socket event bitmask if they're not locked */ + data->conn->cselect_bits = ev_bitmask; - sigpipe_ignore(data, &pipe_st); - result = multi_runsingle(multi, now, data); - sigpipe_restore(&pipe_st); + sigpipe_ignore(data, &pipe_st); + result = multi_runsingle(multi, now, data); + sigpipe_restore(&pipe_st); - if(data->easy_conn && - !(data->easy_conn->handler->flags & PROTOPT_DIRLOCK)) - /* clear the bitmask only if not locked */ - data->easy_conn->cselect_bits = 0; + if(data->conn && !(data->conn->handler->flags & PROTOPT_DIRLOCK)) + /* clear the bitmask only if not locked */ + data->conn->cselect_bits = 0; - if(CURLM_OK >= result) { - /* get the socket(s) and check if the state has been changed since - last */ - result = singlesocket(multi, data); - if(result) - return result; + if(CURLM_OK >= result) { + /* get the socket(s) and check if the state has been changed since + last */ + result = singlesocket(multi, data); + if(result) + return result; + } } /* Now we fall-through and do the timer-based stuff, since we don't want @@ -3004,6 +3028,9 @@ void Curl_expire(struct Curl_easy *data, time_t milli, expire_id id) DEBUGASSERT(id < EXPIRE_LAST); + infof(data, "Expire in %ld ms for %x (transfer %p)\n", + (long)milli, id, data); + set = Curl_now(); set.tv_sec += milli/1000; set.tv_usec += (unsigned int)(milli%1000)*1000; @@ -3095,7 +3122,7 @@ void Curl_expire_clear(struct Curl_easy *data) } #ifdef DEBUGBUILD - infof(data, "Expire cleared\n"); + infof(data, "Expire cleared (transfer %p)\n", data); #endif nowp->tv_sec = 0; nowp->tv_usec = 0; diff --git a/libs/libcurl/src/multiif.h b/libs/libcurl/src/multiif.h index e44646bf9d..ed35ef4275 100644 --- a/libs/libcurl/src/multiif.h +++ b/libs/libcurl/src/multiif.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -31,7 +31,9 @@ void Curl_expire(struct Curl_easy *data, time_t milli, expire_id); void Curl_expire_clear(struct Curl_easy *data); void Curl_expire_done(struct Curl_easy *data, expire_id id); bool Curl_pipeline_wanted(const struct Curl_multi* multi, int bits); -void Curl_multi_handlePipeBreak(struct Curl_easy *data); +void Curl_detach_connnection(struct Curl_easy *data); +void Curl_attach_connnection(struct Curl_easy *data, + struct connectdata *conn); void Curl_set_in_callback(struct Curl_easy *data, bool value); bool Curl_is_in_callback(struct Curl_easy *easy); diff --git a/libs/libcurl/src/objnames-test08.sh b/libs/libcurl/src/objnames-test08.sh deleted file mode 100644 index 485975765c..0000000000 --- a/libs/libcurl/src/objnames-test08.sh +++ /dev/null @@ -1,217 +0,0 @@ -#!/bin/sh -# *************************************************************************** -# * _ _ ____ _ -# * Project ___| | | | _ \| | -# * / __| | | | |_) | | -# * | (__| |_| | _ <| |___ -# * \___|\___/|_| \_\_____| -# * -# * Copyright (C) 2013, Daniel Stenberg, <daniel@haxx.se>, et al. -# * -# * This software is licensed as described in the file COPYING, which -# * you should have received as part of this distribution. The terms -# * are also available at https://curl.haxx.se/docs/copyright.html. -# * -# * You may opt to use, copy, modify, merge, publish, distribute and/or sell -# * copies of the Software, and permit persons to whom the Software is -# * furnished to do so, under the terms of the COPYING file. -# * -# * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY -# * KIND, either express or implied. -# * -# *************************************************************************** - -# -# This Bourne shell script file is used by test case 1222 to do -# unit testing of curl_8char_object_name() shell function which -# is defined in file objnames.inc and sourced by this file and -# any other shell script that may use it. -# - -# -# argument validation -# - -if test $# -eq 1; then - : -else - echo "Usage: ${0} srcdir" - exit 1 -fi - -if test -f "${1}/runtests.pl"; then - : -else - echo "${0}: Wrong srcdir" - exit 1 -fi - -srcdir=${1} - -if test -f "$srcdir/../lib/objnames.inc"; then - : -else - echo "$0: Missing objnames.inc" - exit 1 -fi - -# -# Some variables -# - -logdir=log -tstnum=1222 - -list_c=$logdir/${tstnum}_list_c -list_obj=$logdir/${tstnum}_list_obj -list_obj_c=$logdir/${tstnum}_list_obj_c -list_obj_uniq=$logdir/${tstnum}_list_obj_uniq - - -# -# Source curl_8char_object_name() function definition -# - -. $srcdir/../lib/objnames.inc - -# -# Some curl_8char_object_name() unit tests -# - -echo 'Testing curl_8char_object_name...' -echo "" - -argstr=123__678__ABC__FGH__KLM__PQRSTUV -expect=16AFKPQR -outstr=`curl_8char_object_name $argstr` -echo "result: $outstr expected: $expect input: $argstr" - -argstr=123__678__ABC__FGH__KLM__PQ.S.UV -expect=16AFKPQ -outstr=`curl_8char_object_name $argstr` -echo "result: $outstr expected: $expect input: $argstr" - -argstr=123__678__ABC..FGH..KLM..PQRSTUV -expect=16ABC -outstr=`curl_8char_object_name $argstr` -echo "result: $outstr expected: $expect input: $argstr" - -argstr=123__678_.ABC._FGH__KLM__PQRSTUV -expect=16 -outstr=`curl_8char_object_name $argstr` -echo "result: $outstr expected: $expect input: $argstr" - -argstr=123.567.90ABCDEFGHIJKLMNOPQRSTUV -expect=123 -outstr=`curl_8char_object_name $argstr` -echo "result: $outstr expected: $expect input: $argstr" - -argstr=1234567.90A.CDEFGHIJKLMNOPQRSTUV -expect=1234567 -outstr=`curl_8char_object_name $argstr` -echo "result: $outstr expected: $expect input: $argstr" - -argstr=1234567890.BCD.FGHIJKLMNOPQRSTUV -expect=12345678 -outstr=`curl_8char_object_name $argstr` -echo "result: $outstr expected: $expect input: $argstr" - -argstr=12=45-78+0AB.DE.GHIJKLMNOPQRSTUV -expect=1470AB -outstr=`curl_8char_object_name $argstr` -echo "result: $outstr expected: $expect input: $argstr" - -argstr=1234567890ABCDEFGHIJKLMNOPQRSTUV -expect=12345678 -outstr=`curl_8char_object_name $argstr` -echo "result: $outstr expected: $expect input: $argstr" - -argstr=123_567_90A_CDE_GHIJKLMNOPQRSTUV -expect=159CGHIJ -outstr=`curl_8char_object_name $argstr` -echo "result: $outstr expected: $expect input: $argstr" - -argstr=123_567_90A_CDEFGHIJKLMNOPQRSTUV -expect=159CDEFG -outstr=`curl_8char_object_name $argstr` -echo "result: $outstr expected: $expect input: $argstr" - -argstr=123_567_90ABCDEFGHIJKLMNOPQRSTUV -expect=1590ABCD -outstr=`curl_8char_object_name $argstr` -echo "result: $outstr expected: $expect input: $argstr" - -argstr=123_567890ABCDEFGHIJKLMNOPQRSTUV -expect=1567890A -outstr=`curl_8char_object_name $argstr` -echo "result: $outstr expected: $expect input: $argstr" - -argstr=1234567890ABCDEFGHIJKLMNOPQRSTUV -expect=12345678 -outstr=`curl_8char_object_name $argstr` -echo "result: $outstr expected: $expect input: $argstr" - -# -# Verify that generated object name is distinct for -# all *.c source files in lib and src subdirectories. -# - -ls $srcdir/../lib/*.c > $list_c -ls $srcdir/../src/*.c >> $list_c - -rm -f $list_obj - -for c_fname in `cat $list_c`; do - obj_name=`curl_8char_object_name $c_fname` - echo "$obj_name" >> $list_obj -done - -sort -u $list_obj > $list_obj_uniq - -cnt_c=`cat $list_c | wc -l` -cnt_u=`cat $list_obj_uniq | wc -l` - -echo "" -echo "" -echo "" -if test $cnt_c -eq $cnt_u; then - echo "8-characters-or-less generated object names are unique." - obj_name_clash="no" -else - echo "8-characters-or-less generated object names are clashing..." - obj_name_clash="yes" -fi - -if test $obj_name_clash = "yes"; then - # - # Show clashing object names and respective source file names - # - echo "" - paste $list_obj $list_c | sort > $list_obj_c - prev_match="no" - prev_line="unknown" - prev_obj_name="unknown" - while read this_line; do - obj_name=`echo "$this_line" | cut -f1` - if test "x$obj_name" = "x$prev_obj_name"; then - if test "x$prev_match" != "xyes"; then - echo "$prev_line" - echo "$this_line" - prev_match="yes" - else - echo "$this_line" - fi - else - prev_match="no" - fi - prev_line=$this_line - prev_obj_name=$obj_name - done < $list_obj_c -fi - -rm -f $list_c -rm -f $list_obj -rm -f $list_obj_c -rm -f $list_obj_uniq - -# end of objnames-test.sh diff --git a/libs/libcurl/src/objnames-test10.sh b/libs/libcurl/src/objnames-test10.sh deleted file mode 100644 index 62184b8640..0000000000 --- a/libs/libcurl/src/objnames-test10.sh +++ /dev/null @@ -1,217 +0,0 @@ -#!/bin/sh -# *************************************************************************** -# * _ _ ____ _ -# * Project ___| | | | _ \| | -# * / __| | | | |_) | | -# * | (__| |_| | _ <| |___ -# * \___|\___/|_| \_\_____| -# * -# * Copyright (C) 2013, Daniel Stenberg, <daniel@haxx.se>, et al. -# * -# * This software is licensed as described in the file COPYING, which -# * you should have received as part of this distribution. The terms -# * are also available at https://curl.haxx.se/docs/copyright.html. -# * -# * You may opt to use, copy, modify, merge, publish, distribute and/or sell -# * copies of the Software, and permit persons to whom the Software is -# * furnished to do so, under the terms of the COPYING file. -# * -# * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY -# * KIND, either express or implied. -# * -# *************************************************************************** - -# -# This Bourne shell script file is used by test case 1221 to do -# unit testing of curl_10char_object_name() shell function which -# is defined in file objnames.inc and sourced by this file and -# any other shell script that may use it. -# - -# -# argument validation -# - -if test $# -eq 1; then - : -else - echo "Usage: ${0} srcdir" - exit 1 -fi - -if test -f "${1}/runtests.pl"; then - : -else - echo "${0}: Wrong srcdir" - exit 1 -fi - -srcdir=${1} - -if test -f "$srcdir/../lib/objnames.inc"; then - : -else - echo "$0: Missing objnames.inc" - exit 1 -fi - -# -# Some variables -# - -logdir=log -tstnum=1221 - -list_c=$logdir/${tstnum}_list_c -list_obj=$logdir/${tstnum}_list_obj -list_obj_c=$logdir/${tstnum}_list_obj_c -list_obj_uniq=$logdir/${tstnum}_list_obj_uniq - - -# -# Source curl_10char_object_name() function definition -# - -. $srcdir/../lib/objnames.inc - -# -# Some curl_10char_object_name() unit tests -# - -echo 'Testing curl_10char_object_name...' -echo "" - -argstr=123__678__ABC__FGH__KLM__PQRSTUV -expect=16AFKPQRST -outstr=`curl_10char_object_name $argstr` -echo "result: $outstr expected: $expect input: $argstr" - -argstr=123__678__ABC__FGH__KLM__PQ.S.UV -expect=16AFKPQ -outstr=`curl_10char_object_name $argstr` -echo "result: $outstr expected: $expect input: $argstr" - -argstr=123__678__ABC..FGH..KLM..PQRSTUV -expect=16ABC -outstr=`curl_10char_object_name $argstr` -echo "result: $outstr expected: $expect input: $argstr" - -argstr=123__678_.ABC._FGH__KLM__PQRSTUV -expect=16 -outstr=`curl_10char_object_name $argstr` -echo "result: $outstr expected: $expect input: $argstr" - -argstr=123.567.90ABCDEFGHIJKLMNOPQRSTUV -expect=123 -outstr=`curl_10char_object_name $argstr` -echo "result: $outstr expected: $expect input: $argstr" - -argstr=1234567.90A.CDEFGHIJKLMNOPQRSTUV -expect=1234567 -outstr=`curl_10char_object_name $argstr` -echo "result: $outstr expected: $expect input: $argstr" - -argstr=1234567890.BCD.FGHIJKLMNOPQRSTUV -expect=1234567890 -outstr=`curl_10char_object_name $argstr` -echo "result: $outstr expected: $expect input: $argstr" - -argstr=12=45-78+0AB.DE.GHIJKLMNOPQRSTUV -expect=1470AB -outstr=`curl_10char_object_name $argstr` -echo "result: $outstr expected: $expect input: $argstr" - -argstr=1234567890ABCDEFGHIJKLMNOPQRSTUV -expect=1234567890 -outstr=`curl_10char_object_name $argstr` -echo "result: $outstr expected: $expect input: $argstr" - -argstr=123_567_90A_CDE_GHIJKLMNOPQRSTUV -expect=159CGHIJKL -outstr=`curl_10char_object_name $argstr` -echo "result: $outstr expected: $expect input: $argstr" - -argstr=123_567_90A_CDEFGHIJKLMNOPQRSTUV -expect=159CDEFGHI -outstr=`curl_10char_object_name $argstr` -echo "result: $outstr expected: $expect input: $argstr" - -argstr=123_567_90ABCDEFGHIJKLMNOPQRSTUV -expect=1590ABCDEF -outstr=`curl_10char_object_name $argstr` -echo "result: $outstr expected: $expect input: $argstr" - -argstr=123_567890ABCDEFGHIJKLMNOPQRSTUV -expect=1567890ABC -outstr=`curl_10char_object_name $argstr` -echo "result: $outstr expected: $expect input: $argstr" - -argstr=1234567890ABCDEFGHIJKLMNOPQRSTUV -expect=1234567890 -outstr=`curl_10char_object_name $argstr` -echo "result: $outstr expected: $expect input: $argstr" - -# -# Verify that generated object name is distinct for -# all *.c source files in lib and src subdirectories. -# - -ls $srcdir/../lib/*.c > $list_c -ls $srcdir/../src/*.c >> $list_c - -rm -f $list_obj - -for c_fname in `cat $list_c`; do - obj_name=`curl_10char_object_name $c_fname` - echo "$obj_name" >> $list_obj -done - -sort -u $list_obj > $list_obj_uniq - -cnt_c=`cat $list_c | wc -l` -cnt_u=`cat $list_obj_uniq | wc -l` - -echo "" -echo "" -echo "" -if test $cnt_c -eq $cnt_u; then - echo "10-characters-or-less generated object names are unique." - obj_name_clash="no" -else - echo "10-characters-or-less generated object names are clashing..." - obj_name_clash="yes" -fi - -if test $obj_name_clash = "yes"; then - # - # Show clashing object names and respective source file names - # - echo "" - paste $list_obj $list_c | sort > $list_obj_c - prev_match="no" - prev_line="unknown" - prev_obj_name="unknown" - while read this_line; do - obj_name=`echo "$this_line" | cut -f1` - if test "x$obj_name" = "x$prev_obj_name"; then - if test "x$prev_match" != "xyes"; then - echo "$prev_line" - echo "$this_line" - prev_match="yes" - else - echo "$this_line" - fi - else - prev_match="no" - fi - prev_line=$this_line - prev_obj_name=$obj_name - done < $list_obj_c -fi - -rm -f $list_c -rm -f $list_obj -rm -f $list_obj_c -rm -f $list_obj_uniq - -# end of objnames-test10.sh diff --git a/libs/libcurl/src/objnames.inc b/libs/libcurl/src/objnames.inc deleted file mode 100644 index e362f6e8e1..0000000000 --- a/libs/libcurl/src/objnames.inc +++ /dev/null @@ -1,107 +0,0 @@ -# *************************************************************************** -# * _ _ ____ _ -# * Project ___| | | | _ \| | -# * / __| | | | |_) | | -# * | (__| |_| | _ <| |___ -# * \___|\___/|_| \_\_____| -# * -# * Copyright (C) 2012 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al. -# * -# * This software is licensed as described in the file COPYING, which -# * you should have received as part of this distribution. The terms -# * are also available at https://curl.haxx.se/docs/copyright.html. -# * -# * You may opt to use, copy, modify, merge, publish, distribute and/or sell -# * copies of the Software, and permit persons to whom the Software is -# * furnished to do so, under the terms of the COPYING file. -# * -# * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY -# * KIND, either express or implied. -# * -# *************************************************************************** - -# -# This file is sourced from curl/packages/OS400/initscript.sh and -# other Bourne shell scripts. Keep it as portable as possible. -# - -# -# curl_10char_object_name -# -# This shell function accepts a single string argument with unspecified -# length representing a (*.c) source file name and returns a string which -# is a transformation of given argument. -# -# The intended purpose of this function is to transliterate a (*.c) source -# file name that may be longer than 10 characters, or not, into a string -# with at most 10 characters which may be used as an OS/400 object name. -# -# This function might not be universally useful, nor we care about it. -# -# It is intended to be used with libcurl's (*.c) source file names, so -# dependency on libcurl's source file naming scheme is acceptable and -# good enough for its intended use. Specifically it makes use of the fact -# that libcurl's (*.c) source file names which may be longer than 10 chars -# are conformed with underscore '_' separated substrings, or separated by -# other character which does not belong to the [0-9], [a-z] or [A-Z] sets. -# -# This allows repeatable and automatic short object name generation with -# no need for a hardcoded mapping table. -# -# Transformation is done in the following way: -# -# 1) Leading directory components are removed. -# 2) Leftmost dot character and any other char following it are removed. -# 3) Lowercase characters are transliterated to uppercase. -# 4) Characters not in [A-Z] or [0-9] are transliterated to underscore '_'. -# 5) Every sequence of one or more underscores is replaced with a single one. -# 6) Five leftmost substrings which end in an underscore character are -# replaced by the first character of each substring, while retaining -# the rest of the string. -# 7) Finally the result is truncated to 10 characters. -# -# Resulting object name may be shorter than 10 characters. -# -# Test case 1221 does unit testng of this function and also verifies -# that it is possible to generate distinct short object names for all -# curl and libcurl *.c source file names. -# - -curl_10char_object_name() { - echo "${1}" | \ - sed -e 's:.*/::' \ - -e 's:[.].*::' \ - -e 'y:abcdefghijklmnopqrstuvwxyz:ABCDEFGHIJKLMNOPQRSTUVWXYZ:' \ - -e 's:[^ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890_]:_:g' \ - -e 's:__*:_:g' \ - -e 's:\([^_]\)[^_]*_\(.*\):\1\2:' \ - -e 's:\([^_]\)\([^_]\)[^_]*_\(.*\):\1\2\3:' \ - -e 's:\([^_]\)\([^_]\)\([^_]\)[^_]*_\(.*\):\1\2\3\4:' \ - -e 's:\([^_]\)\([^_]\)\([^_]\)\([^_]\)[^_]*_\(.*\):\1\2\3\4\5:' \ - -e 's:\([^_]\)\([^_]\)\([^_]\)\([^_]\)\([^_]\)[^_]*_\(.*\):\1\2\3\4\5\6:' \ - -e 's:^\(..........\).*:\1:' -} - -# -# curl_8char_object_name -# -# Same as curl_10char_object_name() description and details above, except -# that object name is limited to 8 characters maximum. -# - -curl_8char_object_name() { - echo "${1}" | \ - sed -e 's:.*/::' \ - -e 's:[.].*::' \ - -e 'y:abcdefghijklmnopqrstuvwxyz:ABCDEFGHIJKLMNOPQRSTUVWXYZ:' \ - -e 's:[^ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890_]:_:g' \ - -e 's:__*:_:g' \ - -e 's:\([^_]\)[^_]*_\(.*\):\1\2:' \ - -e 's:\([^_]\)\([^_]\)[^_]*_\(.*\):\1\2\3:' \ - -e 's:\([^_]\)\([^_]\)\([^_]\)[^_]*_\(.*\):\1\2\3\4:' \ - -e 's:\([^_]\)\([^_]\)\([^_]\)\([^_]\)[^_]*_\(.*\):\1\2\3\4\5:' \ - -e 's:\([^_]\)\([^_]\)\([^_]\)\([^_]\)\([^_]\)[^_]*_\(.*\):\1\2\3\4\5\6:' \ - -e 's:^\(........\).*:\1:' -} - -# end of objectname.inc diff --git a/libs/libcurl/src/pingpong.c b/libs/libcurl/src/pingpong.c index 2e93d201f1..e9568ee3de 100644 --- a/libs/libcurl/src/pingpong.c +++ b/libs/libcurl/src/pingpong.c @@ -44,7 +44,7 @@ /* Returns timeout in ms. 0 or negative number means the timeout has already triggered */ -time_t Curl_pp_state_timeout(struct pingpong *pp) +time_t Curl_pp_state_timeout(struct pingpong *pp, bool disconnecting) { struct connectdata *conn = pp->conn; struct Curl_easy *data = conn->data; @@ -62,7 +62,7 @@ time_t Curl_pp_state_timeout(struct pingpong *pp) timeout_ms = response_time - Curl_timediff(Curl_now(), pp->response); /* spent time */ - if(data->set.timeout) { + if(data->set.timeout && !disconnecting) { /* if timeout is requested, find out how much remaining time we have */ time_t timeout2_ms = data->set.timeout - /* timeout time */ Curl_timediff(Curl_now(), conn->now); /* spent time */ @@ -77,13 +77,14 @@ time_t Curl_pp_state_timeout(struct pingpong *pp) /* * Curl_pp_statemach() */ -CURLcode Curl_pp_statemach(struct pingpong *pp, bool block) +CURLcode Curl_pp_statemach(struct pingpong *pp, bool block, + bool disconnecting) { struct connectdata *conn = pp->conn; curl_socket_t sock = conn->sock[FIRSTSOCKET]; int rc; time_t interval_ms; - time_t timeout_ms = Curl_pp_state_timeout(pp); + time_t timeout_ms = Curl_pp_state_timeout(pp, disconnecting); struct Curl_easy *data = conn->data; CURLcode result = CURLE_OK; diff --git a/libs/libcurl/src/pingpong.h b/libs/libcurl/src/pingpong.h index 5ac8df876e..dbe1f8d3d7 100644 --- a/libs/libcurl/src/pingpong.h +++ b/libs/libcurl/src/pingpong.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -81,14 +81,15 @@ struct pingpong { * called repeatedly until done. Set 'wait' to make it wait a while on the * socket if there's no traffic. */ -CURLcode Curl_pp_statemach(struct pingpong *pp, bool block); +CURLcode Curl_pp_statemach(struct pingpong *pp, bool block, + bool disconnecting); /* initialize stuff to prepare for reading a fresh new response */ void Curl_pp_init(struct pingpong *pp); /* Returns timeout in ms. 0 or negative number means the timeout has already triggered */ -time_t Curl_pp_state_timeout(struct pingpong *pp); +time_t Curl_pp_state_timeout(struct pingpong *pp, bool disconnecting); /*********************************************************************** diff --git a/libs/libcurl/src/pop3.c b/libs/libcurl/src/pop3.c index 05853f001d..4f65f289b4 100644 --- a/libs/libcurl/src/pop3.c +++ b/libs/libcurl/src/pop3.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -208,7 +208,7 @@ static bool pop3_endofresp(struct connectdata *conn, char *line, size_t len, /* Are we processing CAPA command responses? */ if(pop3c->state == POP3_CAPA) { /* Do we have the terminating line? */ - if(len >= 1 && !memcmp(line, ".", 1)) + if(len >= 1 && line[0] == '.') /* Treat the response as a success */ *resp = '+'; else @@ -226,7 +226,7 @@ static bool pop3_endofresp(struct connectdata *conn, char *line, size_t len, } /* Do we have a continuation response? */ - if(len >= 1 && !memcmp("+", line, 1)) { + if(len >= 1 && line[0] == '+') { *resp = '*'; return TRUE; @@ -1025,19 +1025,20 @@ static CURLcode pop3_multi_statemach(struct connectdata *conn, bool *done) return result; } - result = Curl_pp_statemach(&pop3c->pp, FALSE); + result = Curl_pp_statemach(&pop3c->pp, FALSE, FALSE); *done = (pop3c->state == POP3_STOP) ? TRUE : FALSE; return result; } -static CURLcode pop3_block_statemach(struct connectdata *conn) +static CURLcode pop3_block_statemach(struct connectdata *conn, + bool disconnecting) { CURLcode result = CURLE_OK; struct pop3_conn *pop3c = &conn->proto.pop3c; while(pop3c->state != POP3_STOP && !result) - result = Curl_pp_statemach(&pop3c->pp, TRUE); + result = Curl_pp_statemach(&pop3c->pp, TRUE, disconnecting); return result; } @@ -1235,7 +1236,7 @@ static CURLcode pop3_disconnect(struct connectdata *conn, bool dead_connection) point! */ if(!dead_connection && pop3c->pp.conn && pop3c->pp.conn->bits.protoconnstart) if(!pop3_perform_quit(conn)) - (void)pop3_block_statemach(conn); /* ignore errors on QUIT */ + (void)pop3_block_statemach(conn, TRUE); /* ignore errors on QUIT */ /* Disconnect from the server */ Curl_pp_disconnect(&pop3c->pp); diff --git a/libs/libcurl/src/setopt.c b/libs/libcurl/src/setopt.c index 1627aba6df..d98ca66c91 100644 --- a/libs/libcurl/src/setopt.c +++ b/libs/libcurl/src/setopt.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -803,12 +803,12 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, if(checkprefix("Set-Cookie:", argptr)) /* HTTP Header format line */ Curl_cookie_add(data, data->cookies, TRUE, FALSE, argptr + 11, NULL, - NULL); + NULL, TRUE); else /* Netscape format line */ Curl_cookie_add(data, data->cookies, FALSE, FALSE, argptr, NULL, - NULL); + NULL, TRUE); Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE); free(argptr); @@ -860,6 +860,12 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, data->set.expect_100_timeout = arg; break; + case CURLOPT_HTTP09_ALLOWED: + arg = va_arg(param, unsigned long); + if(arg > 1L) + return CURLE_BAD_FUNCTION_ARGUMENT; + data->set.http09_allowed = arg ? TRUE : FALSE; + break; #endif /* CURL_DISABLE_HTTP */ case CURLOPT_HTTPAUTH: @@ -1693,8 +1699,8 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, TRUE : FALSE; /* Update the current connection ssl_config. */ - if(data->easy_conn) { - data->easy_conn->ssl_config.verifypeer = + if(data->conn) { + data->conn->ssl_config.verifypeer = data->set.ssl.primary.verifypeer; } break; @@ -1706,8 +1712,8 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, (0 != va_arg(param, long))?TRUE:FALSE; /* Update the current connection proxy_ssl_config. */ - if(data->easy_conn) { - data->easy_conn->proxy_ssl_config.verifypeer = + if(data->conn) { + data->conn->proxy_ssl_config.verifypeer = data->set.proxy_ssl.primary.verifypeer; } break; @@ -1730,8 +1736,8 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, data->set.ssl.primary.verifyhost = (0 != arg) ? TRUE : FALSE; /* Update the current connection ssl_config. */ - if(data->easy_conn) { - data->easy_conn->ssl_config.verifyhost = + if(data->conn) { + data->conn->ssl_config.verifyhost = data->set.ssl.primary.verifyhost; } break; @@ -1754,8 +1760,8 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, data->set.proxy_ssl.primary.verifyhost = (0 != arg)?TRUE:FALSE; /* Update the current connection proxy_ssl_config. */ - if(data->easy_conn) { - data->easy_conn->proxy_ssl_config.verifyhost = + if(data->conn) { + data->conn->proxy_ssl_config.verifyhost = data->set.proxy_ssl.primary.verifyhost; } break; @@ -1772,8 +1778,8 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, TRUE : FALSE; /* Update the current connection ssl_config. */ - if(data->easy_conn) { - data->easy_conn->ssl_config.verifystatus = + if(data->conn) { + data->conn->ssl_config.verifystatus = data->set.ssl.primary.verifystatus; } break; @@ -2231,7 +2237,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, result = Curl_setstropt(&data->set.str[STRING_SSH_HOST_PUBLIC_KEY_MD5], va_arg(param, char *)); break; -#ifdef HAVE_LIBSSH2_KNOWNHOST_API + case CURLOPT_SSH_KNOWNHOSTS: /* * Store the file name to read known hosts from. @@ -2252,7 +2258,6 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, */ data->set.ssh_keyfunc_userp = va_arg(param, void *); break; -#endif /* HAVE_LIBSSH2_KNOWNHOST_API */ #endif /* USE_LIBSSH2 */ case CURLOPT_HTTP_TRANSFER_DECODING: @@ -2636,6 +2641,16 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, return CURLE_BAD_FUNCTION_ARGUMENT; data->set.upkeep_interval_ms = arg; break; + case CURLOPT_TRAILERFUNCTION: +#ifndef CURL_DISABLE_HTTP + data->set.trailer_callback = va_arg(param, curl_trailer_callback); +#endif + break; + case CURLOPT_TRAILERDATA: +#ifndef CURL_DISABLE_HTTP + data->set.trailer_data = va_arg(param, void *); +#endif + break; default: /* unknown tag and its companion, just ignore: */ result = CURLE_UNKNOWN_OPTION; diff --git a/libs/libcurl/src/sigpipe.h b/libs/libcurl/src/sigpipe.h index 800f9d3b4d..3960a139db 100644 --- a/libs/libcurl/src/sigpipe.h +++ b/libs/libcurl/src/sigpipe.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -23,7 +23,8 @@ ***************************************************************************/ #include "curl_setup.h" -#if defined(HAVE_SIGNAL_H) && defined(HAVE_SIGACTION) && defined(USE_OPENSSL) +#if defined(HAVE_SIGNAL_H) && defined(HAVE_SIGACTION) && \ + (defined(USE_OPENSSL) || defined(USE_MBEDTLS)) #include <signal.h> struct sigpipe_ignore { diff --git a/libs/libcurl/src/smb.c b/libs/libcurl/src/smb.c index e4f266e192..76c99a2301 100644 --- a/libs/libcurl/src/smb.c +++ b/libs/libcurl/src/smb.c @@ -947,15 +947,10 @@ static int smb_getsock(struct connectdata *conn, curl_socket_t *socks, static CURLcode smb_do(struct connectdata *conn, bool *done) { struct smb_conn *smbc = &conn->proto.smbc; - struct smb_request *req = conn->data->req.protop; *done = FALSE; if(smbc->share) { - req->path = strchr(smbc->share, '\0'); - if(req->path) { - req->path++; - return CURLE_OK; - } + return CURLE_OK; } return CURLE_URL_MALFORMAT; } @@ -964,6 +959,7 @@ static CURLcode smb_parse_url_path(struct connectdata *conn) { CURLcode result = CURLE_OK; struct Curl_easy *data = conn->data; + struct smb_request *req = data->req.protop; struct smb_conn *smbc = &conn->proto.smbc; char *path; char *slash; @@ -992,6 +988,7 @@ static CURLcode smb_parse_url_path(struct connectdata *conn) /* Parse the path for the file path converting any forward slashes into backslashes */ *slash++ = 0; + req->path = slash; for(; *slash; slash++) { if(*slash == '/') diff --git a/libs/libcurl/src/smtp.c b/libs/libcurl/src/smtp.c index 587562306a..d55647b12e 100644 --- a/libs/libcurl/src/smtp.c +++ b/libs/libcurl/src/smtp.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -207,8 +207,12 @@ static bool smtp_endofresp(struct connectdata *conn, char *line, size_t len, Section 4. Examples of RFC-4954 but some e-mail servers ignore this and only send the response code instead as per Section 4.2. */ if(line[3] == ' ' || len == 5) { + char tmpline[6]; + result = TRUE; - *resp = curlx_sltosi(strtol(line, NULL, 10)); + memset(tmpline, '\0', sizeof(tmpline)); + memcpy(tmpline, line, (len == 5 ? 5 : 3)); + *resp = curlx_sltosi(strtol(tmpline, NULL, 10)); /* Make sure real server never sends internal value */ if(*resp == 1) @@ -1080,19 +1084,20 @@ static CURLcode smtp_multi_statemach(struct connectdata *conn, bool *done) return result; } - result = Curl_pp_statemach(&smtpc->pp, FALSE); + result = Curl_pp_statemach(&smtpc->pp, FALSE, FALSE); *done = (smtpc->state == SMTP_STOP) ? TRUE : FALSE; return result; } -static CURLcode smtp_block_statemach(struct connectdata *conn) +static CURLcode smtp_block_statemach(struct connectdata *conn, + bool disconnecting) { CURLcode result = CURLE_OK; struct smtp_conn *smtpc = &conn->proto.smtpc; while(smtpc->state != SMTP_STOP && !result) - result = Curl_pp_statemach(&smtpc->pp, TRUE); + result = Curl_pp_statemach(&smtpc->pp, TRUE, disconnecting); return result; } @@ -1253,7 +1258,7 @@ static CURLcode smtp_done(struct connectdata *conn, CURLcode status, the smtp_multi_statemach function but we have no general support for non-blocking DONE operations! */ - result = smtp_block_statemach(conn); + result = smtp_block_statemach(conn, FALSE); } /* Clear the transfer mode for the next request */ @@ -1360,7 +1365,7 @@ static CURLcode smtp_disconnect(struct connectdata *conn, bool dead_connection) point! */ if(!dead_connection && smtpc->pp.conn && smtpc->pp.conn->bits.protoconnstart) if(!smtp_perform_quit(conn)) - (void)smtp_block_statemach(conn); /* ignore errors on QUIT */ + (void)smtp_block_statemach(conn, TRUE); /* ignore errors on QUIT */ /* Disconnect from the server */ Curl_pp_disconnect(&smtpc->pp); diff --git a/libs/libcurl/src/ssh-libssh.c b/libs/libcurl/src/ssh-libssh.c index e38c01ac74..333df03ef2 100644 --- a/libs/libcurl/src/ssh-libssh.c +++ b/libs/libcurl/src/ssh-libssh.c @@ -95,6 +95,13 @@ #include "memdebug.h" #include "curl_path.h" +/* A recent macro provided by libssh. Or make our own. */ +#ifndef SSH_STRING_FREE_CHAR +/* !checksrc! disable ASSIGNWITHINCONDITION 1 */ +#define SSH_STRING_FREE_CHAR(x) \ + do { if((x) != NULL) { ssh_string_free_char(x); x = NULL; } } while(0) +#endif + /* Local functions: */ static CURLcode myssh_connect(struct connectdata *conn, bool *done); static CURLcode myssh_multi_statemach(struct connectdata *conn, @@ -549,6 +556,7 @@ static CURLcode myssh_statemach_act(struct connectdata *conn, bool *block) struct Curl_easy *data = conn->data; struct SSHPROTO *protop = data->req.protop; struct ssh_conn *sshc = &conn->proto.sshc; + curl_socket_t sock = conn->sock[FIRSTSOCKET]; int rc = SSH_NO_ERROR, err; char *new_readdir_line; int seekerr = CURL_SEEKFUNC_OK; @@ -792,7 +800,7 @@ static CURLcode myssh_statemach_act(struct connectdata *conn, bool *block) Curl_pgrsTime(conn->data, TIMER_APPCONNECT); /* SSH is connected */ - conn->sockfd = ssh_get_fd(sshc->ssh_session); + conn->sockfd = sock; conn->writesockfd = CURL_SOCKET_BAD; if(conn->handler->protocol == CURLPROTO_SFTP) { @@ -1661,7 +1669,7 @@ static CURLcode myssh_statemach_act(struct connectdata *conn, bool *block) sshc->sftp_session = NULL; } - Curl_safefree(sshc->homedir); + SSH_STRING_FREE_CHAR(sshc->homedir); conn->data->state.most_recent_ftp_entrypath = NULL; state(conn, SSH_SESSION_DISCONNECT); @@ -1829,7 +1837,7 @@ static CURLcode myssh_statemach_act(struct connectdata *conn, bool *block) ssh_disconnect(sshc->ssh_session); - Curl_safefree(sshc->homedir); + SSH_STRING_FREE_CHAR(sshc->homedir); conn->data->state.most_recent_ftp_entrypath = NULL; state(conn, SSH_SESSION_FREE); @@ -1866,14 +1874,11 @@ static CURLcode myssh_statemach_act(struct connectdata *conn, bool *block) Curl_safefree(sshc->rsa_pub); Curl_safefree(sshc->rsa); - Curl_safefree(sshc->quote_path1); Curl_safefree(sshc->quote_path2); - - Curl_safefree(sshc->homedir); - Curl_safefree(sshc->readdir_line); Curl_safefree(sshc->readdir_linkPath); + SSH_STRING_FREE_CHAR(sshc->homedir); /* the code we are about to return */ result = sshc->actualcode; @@ -2048,6 +2053,7 @@ static CURLcode myssh_connect(struct connectdata *conn, bool *done) { struct ssh_conn *ssh; CURLcode result; + curl_socket_t sock = conn->sock[FIRSTSOCKET]; struct Curl_easy *data = conn->data; int rc; @@ -2076,6 +2082,8 @@ static CURLcode myssh_connect(struct connectdata *conn, bool *done) return CURLE_FAILED_INIT; } + ssh_options_set(ssh->ssh_session, SSH_OPTIONS_FD, &sock); + if(conn->user) { infof(data, "User: %s\n", conn->user); ssh_options_set(ssh->ssh_session, SSH_OPTIONS_USER, conn->user); diff --git a/libs/libcurl/src/ssh.c b/libs/libcurl/src/ssh.c index f3b0a58be6..8c68adcc17 100644 --- a/libs/libcurl/src/ssh.c +++ b/libs/libcurl/src/ssh.c @@ -667,7 +667,10 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block) break; } if(rc) { - failf(data, "Failure establishing ssh session"); + char *err_msg = NULL; + (void)libssh2_session_last_error(sshc->ssh_session, &err_msg, NULL, 0); + failf(data, "Failure establishing ssh session: %d, %s", rc, err_msg); + state(conn, SSH_SESSION_FREE); sshc->actualcode = CURLE_FAILED_INIT; break; diff --git a/libs/libcurl/src/stdafx.cxx b/libs/libcurl/src/stdafx.cxx deleted file mode 100644 index 0fb604da7c..0000000000 --- a/libs/libcurl/src/stdafx.cxx +++ /dev/null @@ -1,2 +0,0 @@ -
-#include "stdafx.h"
\ No newline at end of file diff --git a/libs/libcurl/src/stdafx.h b/libs/libcurl/src/stdafx.h deleted file mode 100644 index 97cc6cf63c..0000000000 --- a/libs/libcurl/src/stdafx.h +++ /dev/null @@ -1,3 +0,0 @@ -#pragma once
-
-// just a stub
\ No newline at end of file diff --git a/libs/libcurl/src/timeval.c b/libs/libcurl/src/timeval.c index dce1a761e8..2569f175c3 100644 --- a/libs/libcurl/src/timeval.c +++ b/libs/libcurl/src/timeval.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -21,29 +21,45 @@ ***************************************************************************/ #include "timeval.h" +#include "system_win32.h" #if defined(WIN32) && !defined(MSDOS) struct curltime Curl_now(void) { - /* - ** GetTickCount() is available on _all_ Windows versions from W95 up - ** to nowadays. Returns milliseconds elapsed since last system boot, - ** increases monotonically and wraps once 49.7 days have elapsed. - */ struct curltime now; -#if !defined(_WIN32_WINNT) || !defined(_WIN32_WINNT_VISTA) || \ - (_WIN32_WINNT < _WIN32_WINNT_VISTA) || \ - (defined(__MINGW32__) && !defined(__MINGW64_VERSION_MAJOR)) - DWORD milliseconds = GetTickCount(); - now.tv_sec = milliseconds / 1000; - now.tv_usec = (milliseconds % 1000) * 1000; -#else - ULONGLONG milliseconds = GetTickCount64(); - now.tv_sec = (time_t) (milliseconds / 1000); - now.tv_usec = (unsigned int) (milliseconds % 1000) * 1000; + static LARGE_INTEGER freq; + static int isVistaOrGreater = -1; + if(isVistaOrGreater == -1) { + if(Curl_verify_windows_version(6, 0, PLATFORM_WINNT, + VERSION_GREATER_THAN_EQUAL)) { + isVistaOrGreater = 1; + QueryPerformanceFrequency(&freq); + } + else + isVistaOrGreater = 0; + } + if(isVistaOrGreater == 1) { /* QPC timer might have issues pre-Vista */ + LARGE_INTEGER count; + QueryPerformanceCounter(&count); + now.tv_sec = (time_t)(count.QuadPart / freq.QuadPart); + now.tv_usec = + (int)((count.QuadPart % freq.QuadPart) * 1000000 / freq.QuadPart); + } + else { + /* Disable /analyze warning that GetTickCount64 is preferred */ +#if defined(_MSC_VER) +#pragma warning(push) +#pragma warning(disable:28159) +#endif + DWORD milliseconds = GetTickCount(); +#if defined(_MSC_VER) +#pragma warning(pop) #endif + now.tv_sec = milliseconds / 1000; + now.tv_usec = (milliseconds % 1000) * 1000; + } return now; } @@ -180,7 +196,7 @@ struct curltime Curl_now(void) */ timediff_t Curl_timediff(struct curltime newer, struct curltime older) { - timediff_t diff = newer.tv_sec-older.tv_sec; + timediff_t diff = (timediff_t)newer.tv_sec-older.tv_sec; if(diff >= (TIME_MAX/1000)) return TIME_MAX; else if(diff <= (TIME_MIN/1000)) @@ -194,7 +210,7 @@ timediff_t Curl_timediff(struct curltime newer, struct curltime older) */ timediff_t Curl_timediff_us(struct curltime newer, struct curltime older) { - timediff_t diff = newer.tv_sec-older.tv_sec; + timediff_t diff = (timediff_t)newer.tv_sec-older.tv_sec; if(diff >= (TIME_MAX/1000000)) return TIME_MAX; else if(diff <= (TIME_MIN/1000000)) diff --git a/libs/libcurl/src/timeval.h b/libs/libcurl/src/timeval.h index fb3f680c40..96867d7139 100644 --- a/libs/libcurl/src/timeval.h +++ b/libs/libcurl/src/timeval.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -26,8 +26,10 @@ #if SIZEOF_TIME_T < 8 typedef int timediff_t; +#define CURL_FORMAT_TIMEDIFF_T "d" #else typedef curl_off_t timediff_t; +#define CURL_FORMAT_TIMEDIFF_T CURL_FORMAT_CURL_OFF_T #endif struct curltime { diff --git a/libs/libcurl/src/transfer.c b/libs/libcurl/src/transfer.c index 6390821bba..3a18c7bdd0 100644 --- a/libs/libcurl/src/transfer.c +++ b/libs/libcurl/src/transfer.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -117,6 +117,35 @@ CURLcode Curl_get_upload_buffer(struct Curl_easy *data) return CURLE_OK; } +#ifndef CURL_DISABLE_HTTP +/* + * This function will be called to loop through the trailers buffer + * until no more data is available for sending. + */ +static size_t Curl_trailers_read(char *buffer, size_t size, size_t nitems, + void *raw) +{ + struct Curl_easy *data = (struct Curl_easy *)raw; + Curl_send_buffer *trailers_buf = data->state.trailers_buf; + size_t bytes_left = trailers_buf->size_used-data->state.trailers_bytes_sent; + size_t to_copy = (size*nitems < bytes_left) ? size*nitems : bytes_left; + if(to_copy) { + memcpy(buffer, + &trailers_buf->buffer[data->state.trailers_bytes_sent], + to_copy); + data->state.trailers_bytes_sent += to_copy; + } + return to_copy; +} + +static size_t Curl_trailers_left(void *raw) +{ + struct Curl_easy *data = (struct Curl_easy *)raw; + Curl_send_buffer *trailers_buf = data->state.trailers_buf; + return trailers_buf->size_used - data->state.trailers_bytes_sent; +} +#endif + /* * This function will call the read callback to fill our buffer with data * to upload. @@ -127,6 +156,17 @@ CURLcode Curl_fillreadbuffer(struct connectdata *conn, size_t bytes, struct Curl_easy *data = conn->data; size_t buffersize = bytes; size_t nread; + +#ifndef CURL_DISABLE_HTTP + struct curl_slist *trailers = NULL; + CURLcode c; + int trailers_ret_code; +#endif + + curl_read_callback readfunc = NULL; + void *extra_data = NULL; + bool added_crlf = FALSE; + #ifdef CURL_DOES_CONVERSIONS bool sending_http_headers = FALSE; @@ -140,15 +180,71 @@ CURLcode Curl_fillreadbuffer(struct connectdata *conn, size_t bytes, } #endif - if(data->req.upload_chunky) { +#ifndef CURL_DISABLE_HTTP + if(data->state.trailers_state == TRAILERS_INITIALIZED) { + /* at this point we already verified that the callback exists + so we compile and store the trailers buffer, then proceed */ + infof(data, + "Moving trailers state machine from initialized to sending.\n"); + data->state.trailers_state = TRAILERS_SENDING; + data->state.trailers_buf = Curl_add_buffer_init(); + if(!data->state.trailers_buf) { + failf(data, "Unable to allocate trailing headers buffer !"); + return CURLE_OUT_OF_MEMORY; + } + data->state.trailers_bytes_sent = 0; + Curl_set_in_callback(data, true); + trailers_ret_code = data->set.trailer_callback(&trailers, + data->set.trailer_data); + Curl_set_in_callback(data, false); + if(trailers_ret_code == CURL_TRAILERFUNC_OK) { + c = Curl_http_compile_trailers(trailers, data->state.trailers_buf, data); + } + else { + failf(data, "operation aborted by trailing headers callback"); + *nreadp = 0; + c = CURLE_ABORTED_BY_CALLBACK; + } + if(c != CURLE_OK) { + Curl_add_buffer_free(&data->state.trailers_buf); + curl_slist_free_all(trailers); + return c; + } + infof(data, "Successfully compiled trailers.\r\n"); + curl_slist_free_all(trailers); + } +#endif + + /* if we are transmitting trailing data, we don't need to write + a chunk size so we skip this */ + if(data->req.upload_chunky && + data->state.trailers_state == TRAILERS_NONE) { /* if chunked Transfer-Encoding */ buffersize -= (8 + 2 + 2); /* 32bit hex + CRLF + CRLF */ data->req.upload_fromhere += (8 + 2); /* 32bit hex + CRLF */ } +#ifndef CURL_DISABLE_HTTP + if(data->state.trailers_state == TRAILERS_SENDING) { + /* if we're here then that means that we already sent the last empty chunk + but we didn't send a final CR LF, so we sent 0 CR LF. We then start + pulling trailing data until we ²have no more at which point we + simply return to the previous point in the state machine as if + nothing happened. + */ + readfunc = Curl_trailers_read; + extra_data = (void *)data; + } + else +#endif + { + readfunc = data->state.fread_func; + extra_data = data->state.in; + } + Curl_set_in_callback(data, true); - nread = data->state.fread_func(data->req.upload_fromhere, 1, - buffersize, data->state.in); + nread = readfunc(data->req.upload_fromhere, 1, + buffersize, extra_data); Curl_set_in_callback(data, false); if(nread == CURL_READFUNC_ABORT) { @@ -203,7 +299,7 @@ CURLcode Curl_fillreadbuffer(struct connectdata *conn, size_t bytes, char hexbuffer[11]; const char *endofline_native; const char *endofline_network; - int hexlen; + int hexlen = 0; if( #ifdef CURL_DO_LINEEND_CONV @@ -218,20 +314,36 @@ CURLcode Curl_fillreadbuffer(struct connectdata *conn, size_t bytes, endofline_native = "\r\n"; endofline_network = "\x0d\x0a"; } - hexlen = msnprintf(hexbuffer, sizeof(hexbuffer), - "%x%s", nread, endofline_native); - /* move buffer pointer */ - data->req.upload_fromhere -= hexlen; - nread += hexlen; + /* if we're not handling trailing data, proceed as usual */ + if(data->state.trailers_state != TRAILERS_SENDING) { + hexlen = msnprintf(hexbuffer, sizeof(hexbuffer), + "%zx%s", nread, endofline_native); - /* copy the prefix to the buffer, leaving out the NUL */ - memcpy(data->req.upload_fromhere, hexbuffer, hexlen); + /* move buffer pointer */ + data->req.upload_fromhere -= hexlen; + nread += hexlen; - /* always append ASCII CRLF to the data */ - memcpy(data->req.upload_fromhere + nread, - endofline_network, - strlen(endofline_network)); + /* copy the prefix to the buffer, leaving out the NUL */ + memcpy(data->req.upload_fromhere, hexbuffer, hexlen); + + /* always append ASCII CRLF to the data unless + we have a valid trailer callback */ +#ifndef CURL_DISABLE_HTTP + if((nread-hexlen) == 0 && + data->set.trailer_callback != NULL && + data->state.trailers_state == TRAILERS_NONE) { + data->state.trailers_state = TRAILERS_INITIALIZED; + } + else +#endif + { + memcpy(data->req.upload_fromhere + nread, + endofline_network, + strlen(endofline_network)); + added_crlf = TRUE; + } + } #ifdef CURL_DOES_CONVERSIONS { @@ -251,13 +363,29 @@ CURLcode Curl_fillreadbuffer(struct connectdata *conn, size_t bytes, } #endif /* CURL_DOES_CONVERSIONS */ - if((nread - hexlen) == 0) { - /* mark this as done once this chunk is transferred */ +#ifndef CURL_DISABLE_HTTP + if(data->state.trailers_state == TRAILERS_SENDING && + !Curl_trailers_left(data)) { + Curl_add_buffer_free(&data->state.trailers_buf); + data->state.trailers_state = TRAILERS_DONE; + data->set.trailer_data = NULL; + data->set.trailer_callback = NULL; + /* mark the transfer as done */ data->req.upload_done = TRUE; - infof(data, "Signaling end of chunked upload via terminating chunk.\n"); + infof(data, "Signaling end of chunked upload after trailers.\n"); } + else +#endif + if((nread - hexlen) == 0 && + data->state.trailers_state != TRAILERS_INITIALIZED) { + /* mark this as done once this chunk is transferred */ + data->req.upload_done = TRUE; + infof(data, + "Signaling end of chunked upload via terminating chunk.\n"); + } - nread += strlen(endofline_native); /* for the added end of line */ + if(added_crlf) + nread += strlen(endofline_network); /* for the added end of line */ } #ifdef CURL_DOES_CONVERSIONS else if((data->set.prefer_ascii) && (!sending_http_headers)) { @@ -925,7 +1053,6 @@ static CURLcode readwrite_upload(struct Curl_easy *data, *didwhat |= KEEP_SEND; do { - /* only read more data if there's no upload data already present in the upload buffer */ if(0 == k->upload_present) { @@ -950,7 +1077,6 @@ static CURLcode readwrite_upload(struct Curl_easy *data, k->keepon &= ~KEEP_SEND; /* disable writing */ k->start100 = Curl_now(); /* timeout count starts now */ *didwhat &= ~KEEP_SEND; /* we didn't write anything actually */ - /* set a timeout for the multi interface */ Curl_expire(data, data->set.expect_100_timeout, EXPIRE_100_TIMEOUT); break; @@ -1224,15 +1350,15 @@ CURLcode Curl_readwrite(struct connectdata *conn, if(k->keepon) { if(0 > Curl_timeleft(data, &k->now, FALSE)) { if(k->size != -1) { - failf(data, "Operation timed out after %ld milliseconds with %" - CURL_FORMAT_CURL_OFF_T " out of %" + failf(data, "Operation timed out after %" CURL_FORMAT_TIMEDIFF_T + " milliseconds with %" CURL_FORMAT_CURL_OFF_T " out of %" CURL_FORMAT_CURL_OFF_T " bytes received", Curl_timediff(k->now, data->progress.t_startsingle), k->bytecount, k->size); } else { - failf(data, "Operation timed out after %ld milliseconds with %" - CURL_FORMAT_CURL_OFF_T " bytes received", + failf(data, "Operation timed out after %" CURL_FORMAT_TIMEDIFF_T + " milliseconds with %" CURL_FORMAT_CURL_OFF_T " bytes received", Curl_timediff(k->now, data->progress.t_startsingle), k->bytecount); } @@ -1432,12 +1558,6 @@ CURLcode Curl_pretransfer(struct Curl_easy *data) Curl_pgrsResetTransferSizes(data); Curl_pgrsStartNow(data); - if(data->set.timeout) - Curl_expire(data, data->set.timeout, EXPIRE_TIMEOUT); - - if(data->set.connecttimeout) - Curl_expire(data, data->set.connecttimeout, EXPIRE_CONNECTTIMEOUT); - /* In case the handle is re-used and an authentication method was picked in the session we need to make sure we only use the one(s) we now consider to be fine */ diff --git a/libs/libcurl/src/url.c b/libs/libcurl/src/url.c index 7839dfa7ce..d5a982008e 100644 --- a/libs/libcurl/src/url.c +++ b/libs/libcurl/src/url.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -492,9 +492,9 @@ CURLcode Curl_init_userdefined(struct Curl_easy *data) /* Set the default CA cert bundle/path detected/specified at build time. * - * If Schannel (WinSSL) is the selected SSL backend then these locations - * are ignored. We allow setting CA location for schannel only when - * explicitly specified by the user via CURLOPT_CAINFO / --cacert. + * If Schannel is the selected SSL backend then these locations are + * ignored. We allow setting CA location for schannel only when explicitly + * specified by the user via CURLOPT_CAINFO / --cacert. */ if(Curl_ssl_backend() != CURLSSLBACKEND_SCHANNEL) { #if defined(CURL_CA_BUNDLE) @@ -536,6 +536,7 @@ CURLcode Curl_init_userdefined(struct Curl_easy *data) set->fnmatch = ZERO_NULL; set->upkeep_interval_ms = CURL_UPKEEP_INTERVAL_DEFAULT; set->maxconnects = DEFAULT_CONNCACHE_SIZE; /* for easy handles */ + set->http09_allowed = TRUE; set->httpversion = #ifdef USE_NGHTTP2 CURL_HTTP_VERSION_2TLS @@ -768,7 +769,6 @@ CURLcode Curl_disconnect(struct Curl_easy *data, return CURLE_OK; } - conn->data = data; if(conn->dns_entry != NULL) { Curl_resolv_unlock(data, conn->dns_entry); conn->dns_entry = NULL; @@ -781,20 +781,22 @@ CURLcode Curl_disconnect(struct Curl_easy *data, Curl_http_ntlm_cleanup(conn); #endif + /* the protocol specific disconnect handler needs a transfer for its + connection! */ + conn->data = data; if(conn->handler->disconnect) /* This is set if protocol-specific cleanups should be made */ conn->handler->disconnect(conn, dead_connection); /* unlink ourselves! */ infof(data, "Closing connection %ld\n", conn->connection_id); - Curl_conncache_remove_conn(conn, TRUE); + Curl_conncache_remove_conn(data, conn, TRUE); free_idnconverted_hostname(&conn->host); free_idnconverted_hostname(&conn->conn_to_host); free_idnconverted_hostname(&conn->http_proxy.host); free_idnconverted_hostname(&conn->socks_proxy.host); - DEBUGASSERT(conn->data == data); /* this assumes that the pointer is still there after the connection was detected from the cache */ Curl_ssl_close(conn, FIRSTSOCKET); @@ -959,13 +961,10 @@ static bool extract_if_dead(struct connectdata *conn, handles in pipeline and the connection isn't already marked in use */ bool dead; - - conn->data = data; if(conn->handler->connection_check) { /* The protocol has a special method for checking the state of the connection. Use it to check if the connection is dead. */ unsigned int state; - state = conn->handler->connection_check(conn, CONNCHECK_ISDEAD); dead = (state & CONNRESULT_DEAD); } @@ -976,8 +975,7 @@ static bool extract_if_dead(struct connectdata *conn, if(dead) { infof(data, "Connection %ld seems to be dead!\n", conn->connection_id); - Curl_conncache_remove_conn(conn, FALSE); - conn->data = NULL; /* detach */ + Curl_conncache_remove_conn(data, conn, FALSE); return TRUE; } } @@ -996,6 +994,7 @@ struct prunedead { static int call_extract_if_dead(struct connectdata *conn, void *param) { struct prunedead *p = (struct prunedead *)param; + conn->data = p->data; /* transfer to use for this check */ if(extract_if_dead(conn, p->data)) { /* stop the iteration here, pass back the connection that was extracted */ p->extracted = conn; @@ -1101,7 +1100,7 @@ ConnectionExists(struct Curl_easy *data, if((bundle->multiuse == BUNDLE_UNKNOWN) && data->set.pipewait) { infof(data, "Server doesn't support multi-use yet, wait\n"); *waitpipe = TRUE; - Curl_conncache_unlock(needle); + Curl_conncache_unlock(data); return FALSE; /* no re-use */ } @@ -1461,11 +1460,11 @@ ConnectionExists(struct Curl_easy *data, if(chosen) { /* mark it as used before releasing the lock */ chosen->data = data; /* own it! */ - Curl_conncache_unlock(needle); + Curl_conncache_unlock(data); *usethis = chosen; return TRUE; /* yes, we found one to use! */ } - Curl_conncache_unlock(needle); + Curl_conncache_unlock(data); if(foundPendingCandidate && data->set.pipewait) { infof(data, @@ -2066,7 +2065,7 @@ static CURLcode parseurlandfillconn(struct Curl_easy *data, if(uc) { DEBUGF(infof(data, "curl_url_set rejected %s\n", data->change.url)); return Curl_uc_to_curlcode(uc); - } + } } uc = curl_url_get(uh, CURLUPART_SCHEME, &data->state.up.scheme, 0); @@ -2997,7 +2996,7 @@ static CURLcode parse_remote_port(struct Curl_easy *data, char portbuf[16]; CURLUcode uc; conn->remote_port = (unsigned short)data->set.use_port; - msnprintf(portbuf, sizeof(portbuf), "%u", conn->remote_port); + msnprintf(portbuf, sizeof(portbuf), "%d", conn->remote_port); uc = curl_url_set(data->state.uh, CURLUPART_PORT, portbuf, 0); if(uc) return CURLE_OUT_OF_MEMORY; @@ -3608,6 +3607,7 @@ static CURLcode create_conn(struct Curl_easy *data, size_t max_total_connections = Curl_multi_max_total_connections(data->multi); *async = FALSE; + *in_connect = NULL; /************************************************************* * Check input data @@ -3773,7 +3773,6 @@ static CURLcode create_conn(struct Curl_easy *data, /* Setup a "faked" transfer that'll do nothing */ if(!result) { - conn->data = data; conn->bits.tcpconnect[FIRSTSOCKET] = TRUE; /* we are "connected */ result = Curl_conncache_add_conn(data->state.conn_cache, conn); @@ -3954,7 +3953,7 @@ static CURLcode create_conn(struct Curl_easy *data, /* The bundle is full. Extract the oldest connection. */ conn_candidate = Curl_conncache_extract_bundle(data, bundle); - Curl_conncache_unlock(conn); + Curl_conncache_unlock(data); if(conn_candidate) (void)Curl_disconnect(data, conn_candidate, @@ -3966,7 +3965,7 @@ static CURLcode create_conn(struct Curl_easy *data, } } else - Curl_conncache_unlock(conn); + Curl_conncache_unlock(data); } @@ -4135,11 +4134,11 @@ CURLcode Curl_setup_conn(struct connectdata *conn, } CURLcode Curl_connect(struct Curl_easy *data, - struct connectdata **in_connect, bool *asyncp, bool *protocol_done) { CURLcode result; + struct connectdata *conn; *asyncp = FALSE; /* assume synchronous resolves by default */ @@ -4149,30 +4148,30 @@ CURLcode Curl_connect(struct Curl_easy *data, data->req.maxdownload = -1; /* call the stuff that needs to be called */ - result = create_conn(data, in_connect, asyncp); + result = create_conn(data, &conn, asyncp); if(!result) { - if(CONN_INUSE(*in_connect)) + if(CONN_INUSE(conn)) /* pipelining */ *protocol_done = TRUE; else if(!*asyncp) { /* DNS resolution is done: that's either because this is a reused connection, in which case DNS was unnecessary, or because DNS really did finish already (synch resolver/fast async resolve) */ - result = Curl_setup_conn(*in_connect, protocol_done); + result = Curl_setup_conn(conn, protocol_done); } } if(result == CURLE_NO_CONNECTION_AVAILABLE) { - *in_connect = NULL; return result; } - else if(result && *in_connect) { + else if(result && conn) { /* We're not allowed to return failure with memory left allocated in the connectdata struct, free those here */ - Curl_disconnect(data, *in_connect, TRUE); - *in_connect = NULL; /* return a NULL */ + Curl_disconnect(data, conn, TRUE); } + else + Curl_attach_connnection(data, conn); return result; } diff --git a/libs/libcurl/src/url.h b/libs/libcurl/src/url.h index 095d638331..fbd8ef9250 100644 --- a/libs/libcurl/src/url.h +++ b/libs/libcurl/src/url.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -52,8 +52,7 @@ void Curl_freeset(struct Curl_easy * data); void Curl_up_free(struct Curl_easy *data); CURLcode Curl_uc_to_curlcode(CURLUcode uc); CURLcode Curl_close(struct Curl_easy *data); /* opposite of curl_open() */ -CURLcode Curl_connect(struct Curl_easy *, struct connectdata **, - bool *async, bool *protocol_connect); +CURLcode Curl_connect(struct Curl_easy *, bool *async, bool *protocol_connect); CURLcode Curl_disconnect(struct Curl_easy *data, struct connectdata *, bool dead_connection); CURLcode Curl_protocol_connect(struct connectdata *conn, bool *done); diff --git a/libs/libcurl/src/urlapi.c b/libs/libcurl/src/urlapi.c index 5cbda6a98c..3af8e9399f 100644 --- a/libs/libcurl/src/urlapi.c +++ b/libs/libcurl/src/urlapi.c @@ -510,8 +510,11 @@ UNITTEST CURLUcode Curl_parse_port(struct Curl_URL *u, char *hostname) portptr = &hostname[len]; else if('%' == endbracket) { int zonelen = len; - if(1 == sscanf(hostname + zonelen, "25%*[^]]]%c%n", &endbracket, &len)) - portptr = &hostname[--zonelen + len]; + if(1 == sscanf(hostname + zonelen, "25%*[^]]%c%n", &endbracket, &len)) { + if(']' != endbracket) + return CURLUE_MALFORMED_INPUT; + portptr = &hostname[--zonelen + len + 1]; + } else return CURLUE_MALFORMED_INPUT; } @@ -534,6 +537,14 @@ UNITTEST CURLUcode Curl_parse_port(struct Curl_URL *u, char *hostname) long port; char portbuf[7]; + /* Browser behavior adaptation. If there's a colon with no digits after, + just cut off the name there which makes us ignore the colon and just + use the default port. Firefox, Chrome and Safari all do that. */ + if(!portptr[1]) { + *portptr = '\0'; + return CURLUE_OK; + } + if(!ISDIGIT(portptr[1])) return CURLUE_BAD_PORT_NUMBER; @@ -547,22 +558,14 @@ UNITTEST CURLUcode Curl_parse_port(struct Curl_URL *u, char *hostname) if(rest[0]) return CURLUE_BAD_PORT_NUMBER; - if(rest != &portptr[1]) { - *portptr++ = '\0'; /* cut off the name there */ - *rest = 0; - /* generate a new to get rid of leading zeroes etc */ - msnprintf(portbuf, sizeof(portbuf), "%ld", port); - u->portnum = port; - u->port = strdup(portbuf); - if(!u->port) - return CURLUE_OUT_OF_MEMORY; - } - else { - /* Browser behavior adaptation. If there's a colon with no digits after, - just cut off the name there which makes us ignore the colon and just - use the default port. Firefox and Chrome both do that. */ - *portptr = '\0'; - } + *portptr++ = '\0'; /* cut off the name there */ + *rest = 0; + /* generate a new port number string to get rid of leading zeroes etc */ + msnprintf(portbuf, sizeof(portbuf), "%ld", port); + u->portnum = port; + u->port = strdup(portbuf); + if(!u->port) + return CURLUE_OUT_OF_MEMORY; } return CURLUE_OK; @@ -864,7 +867,7 @@ static CURLUcode seturl(const char *url, CURLU *u, unsigned int flags) return CURLUE_OUT_OF_MEMORY; } - if(query && query[0]) { + if(query) { u->query = strdup(query); if(!u->query) return CURLUE_OUT_OF_MEMORY; @@ -1071,8 +1074,8 @@ CURLUcode curl_url_get(CURLU *u, CURLUPart what, port ? port : "", (u->path && (u->path[0] != '/')) ? "/": "", u->path ? u->path : "/", - u->query? "?": "", - u->query? u->query : "", + (u->query && u->query[0]) ? "?": "", + (u->query && u->query[0]) ? u->query : "", u->fragment? "#": "", u->fragment? u->fragment : ""); } diff --git a/libs/libcurl/src/urldata.h b/libs/libcurl/src/urldata.h index 448437d2ad..ff3cc9a655 100644 --- a/libs/libcurl/src/urldata.h +++ b/libs/libcurl/src/urldata.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -77,7 +77,7 @@ /* Default FTP/IMAP etc response timeout in milliseconds. Symbian OS panics when given a timeout much greater than 1/2 hour. */ -#define RESP_TIMEOUT (1800*1000) +#define RESP_TIMEOUT (120*1000) #include "cookie.h" #include "psl.h" @@ -328,6 +328,12 @@ struct kerberos5data { struct ntlmdata { curlntlm state; #ifdef USE_WINDOWS_SSPI +/* The sslContext is used for the Schannel bindings. The + * api is available on the Windows 7 SDK and later. + */ +#ifdef SECPKG_ATTR_ENDPOINT_BINDINGS + CtxtHandle *sslContext; +#endif CredHandle *credentials; CtxtHandle *context; SEC_WINNT_AUTH_IDENTITY identity; @@ -358,6 +364,9 @@ struct negotiatedata { gss_buffer_desc output_token; #else #ifdef USE_WINDOWS_SSPI +#ifdef SECPKG_ATTR_ENDPOINT_BINDINGS + CtxtHandle *sslContext; +#endif DWORD status; CredHandle *credentials; CtxtHandle *context; @@ -974,6 +983,9 @@ struct connectdata { void *seek_client; /* pointer to pass to the seek() above */ /*************** Request - specific items ************/ +#if defined(USE_WINDOWS_SSPI) && defined(SECPKG_ATTR_ENDPOINT_BINDINGS) + CtxtHandle *sslContext; +#endif #if defined(USE_NTLM) struct ntlmdata ntlm; /* NTLM differs from other authentication schemes @@ -1216,6 +1228,15 @@ typedef enum { EXPIRE_LAST /* not an actual timer, used as a marker only */ } expire_id; + +typedef enum { + TRAILERS_NONE, + TRAILERS_INITIALIZED, + TRAILERS_SENDING, + TRAILERS_DONE +} trailers_state; + + /* * One instance for each timeout an easy handle can set. */ @@ -1362,6 +1383,13 @@ struct UrlState { #endif CURLU *uh; /* URL handle for the current parsed URL */ struct urlpieces up; +#ifndef CURL_DISABLE_HTTP + size_t trailers_bytes_sent; + Curl_send_buffer *trailers_buf; /* a buffer containing the compiled trailing + headers */ +#endif + trailers_state trailers_state; /* whether we are sending trailers + and what stage are we at */ }; @@ -1381,6 +1409,7 @@ struct DynamicStatic { curl_easy_setopt(COOKIEFILE) calls */ struct curl_slist *resolve; /* set to point to the set.resolve list when this should be dealt with in pretransfer */ + bool wildcard_resolve; /* Set to true if any resolve change is a wildcard */ }; /* @@ -1727,9 +1756,12 @@ struct UserDefined { long upkeep_interval_ms; /* Time between calls for connection upkeep. */ bool doh; /* DNS-over-HTTPS enabled */ bool doh_get; /* use GET for DoH requests, instead of POST */ + bool http09_allowed; /* allow HTTP/0.9 responses */ multidone_func fmultidone; struct Curl_easy *dohfor; /* this is a DoH request for that transfer */ CURLU *uh; /* URL handle for the current parsed URL */ + void *trailer_data; /* pointer to pass to trailer data callback */ + curl_trailer_callback trailer_callback; /* trailing data callback */ }; struct Names { @@ -1757,9 +1789,10 @@ struct Curl_easy { struct Curl_easy *next; struct Curl_easy *prev; - struct connectdata *easy_conn; /* the "unit's" connection */ + struct connectdata *conn; struct curl_llist_element connect_queue; struct curl_llist_element pipeline_queue; + struct curl_llist_element sh_queue; /* list per Curl_sh_entry */ CURLMstate mstate; /* the handle's state */ CURLcode result; /* previous result */ @@ -1771,6 +1804,8 @@ struct Curl_easy { the state etc are also kept. This array is mostly used to detect when a socket is to be removed from the hash. See singlesocket(). */ curl_socket_t sockets[MAX_SOCKSPEREASYHANDLE]; + int actions[MAX_SOCKSPEREASYHANDLE]; /* action for each socket in + sockets[] */ int numsocks; struct Names dns; diff --git a/libs/libcurl/src/vauth/digest_sspi.c b/libs/libcurl/src/vauth/digest_sspi.c index 9287557351..fe8093e8b3 100644 --- a/libs/libcurl/src/vauth/digest_sspi.c +++ b/libs/libcurl/src/vauth/digest_sspi.c @@ -6,7 +6,7 @@ * \___|\___/|_| \_\_____| * * Copyright (C) 2014 - 2016, Steve Holme, <steve_holme@hotmail.com>. - * Copyright (C) 2015 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2015 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -146,7 +146,7 @@ CURLcode Curl_auth_create_digest_md5_message(struct Curl_easy *data, } /* Generate our SPN */ - spn = Curl_auth_build_spn(service, data->easy_conn->host.name, NULL); + spn = Curl_auth_build_spn(service, data->conn->host.name, NULL); if(!spn) { free(output_token); free(input_token); diff --git a/libs/libcurl/src/vauth/ntlm.c b/libs/libcurl/src/vauth/ntlm.c index 458b272539..6a8fc5ab3d 100644 --- a/libs/libcurl/src/vauth/ntlm.c +++ b/libs/libcurl/src/vauth/ntlm.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -182,10 +182,11 @@ static CURLcode ntlm_decode_type2_target(struct Curl_easy *data, target_info_len = Curl_read16_le(&buffer[40]); target_info_offset = Curl_read32_le(&buffer[44]); if(target_info_len > 0) { - if(((target_info_offset + target_info_len) > size) || + if((target_info_offset >= size) || + ((target_info_offset + target_info_len) > size) || (target_info_offset < 48)) { infof(data, "NTLM handshake failure (bad type-2 message). " - "Target Info Offset Len is set incorrect by the peer\n"); + "Target Info Offset Len is set incorrect by the peer\n"); return CURLE_BAD_CONTENT_ENCODING; } @@ -562,7 +563,7 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data, } #if defined(USE_NTRESPONSES) && defined(USE_NTLM_V2) - if(ntlm->target_info_len) { + if(ntlm->flags & NTLMFLAG_NEGOTIATE_NTLM2_KEY) { unsigned char ntbuffer[0x18]; unsigned char entropy[8]; unsigned char ntlmv2hash[0x18]; @@ -599,7 +600,7 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data, #if defined(USE_NTRESPONSES) && defined(USE_NTLM2SESSION) /* We don't support NTLM2 if we don't have USE_NTRESPONSES */ - if(ntlm->flags & NTLMFLAG_NEGOTIATE_NTLM2_KEY) { + if(ntlm->flags & NTLMFLAG_NEGOTIATE_NTLM_KEY) { unsigned char ntbuffer[0x18]; unsigned char tmp[0x18]; unsigned char md5sum[MD5_DIGEST_LENGTH]; @@ -631,7 +632,9 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data, Curl_ntlm_core_lm_resp(ntbuffer, md5sum, ntresp); /* End of NTLM2 Session code */ - + /* NTLM v2 session security is a misnomer because it is not NTLM v2. + It is NTLM v1 using the extended session security that is also + in NTLM v2 */ } else #endif @@ -776,11 +779,14 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data, }); #ifdef USE_NTRESPONSES - if(size < (NTLM_BUFSIZE - ntresplen)) { - DEBUGASSERT(size == (size_t)ntrespoff); - memcpy(&ntlmbuf[size], ptr_ntresp, ntresplen); - size += ntresplen; + /* ntresplen + size should not be risking an integer overflow here */ + if(ntresplen + size > sizeof(ntlmbuf)) { + failf(data, "incoming NTLM message too big"); + return CURLE_OUT_OF_MEMORY; } + DEBUGASSERT(size == (size_t)ntrespoff); + memcpy(&ntlmbuf[size], ptr_ntresp, ntresplen); + size += ntresplen; DEBUG_OUT({ fprintf(stderr, "\n ntresp="); diff --git a/libs/libcurl/src/vauth/ntlm_sspi.c b/libs/libcurl/src/vauth/ntlm_sspi.c index b66cfe7370..67112820e0 100644 --- a/libs/libcurl/src/vauth/ntlm_sspi.c +++ b/libs/libcurl/src/vauth/ntlm_sspi.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -249,7 +249,7 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data, char **outptr, size_t *outlen) { CURLcode result = CURLE_OK; - SecBuffer type_2_buf; + SecBuffer type_2_bufs[2]; SecBuffer type_3_buf; SecBufferDesc type_2_desc; SecBufferDesc type_3_desc; @@ -261,12 +261,39 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data, (void) userp; /* Setup the type-2 "input" security buffer */ - type_2_desc.ulVersion = SECBUFFER_VERSION; - type_2_desc.cBuffers = 1; - type_2_desc.pBuffers = &type_2_buf; - type_2_buf.BufferType = SECBUFFER_TOKEN; - type_2_buf.pvBuffer = ntlm->input_token; - type_2_buf.cbBuffer = curlx_uztoul(ntlm->input_token_len); + type_2_desc.ulVersion = SECBUFFER_VERSION; + type_2_desc.cBuffers = 1; + type_2_desc.pBuffers = &type_2_bufs[0]; + type_2_bufs[0].BufferType = SECBUFFER_TOKEN; + type_2_bufs[0].pvBuffer = ntlm->input_token; + type_2_bufs[0].cbBuffer = curlx_uztoul(ntlm->input_token_len); + +#ifdef SECPKG_ATTR_ENDPOINT_BINDINGS + /* ssl context comes from schannel. + * When extended protection is used in IIS server, + * we have to pass a second SecBuffer to the SecBufferDesc + * otherwise IIS will not pass the authentication (401 response). + * Minimum supported version is Windows 7. + * https://docs.microsoft.com/en-us/security-updates + * /SecurityAdvisories/2009/973811 + */ + if(ntlm->sslContext) { + SEC_CHANNEL_BINDINGS channelBindings; + SecPkgContext_Bindings pkgBindings; + pkgBindings.Bindings = &channelBindings; + status = s_pSecFn->QueryContextAttributes( + ntlm->sslContext, + SECPKG_ATTR_ENDPOINT_BINDINGS, + &pkgBindings + ); + if(status == SEC_E_OK) { + type_2_desc.cBuffers++; + type_2_bufs[1].BufferType = SECBUFFER_CHANNEL_BINDINGS; + type_2_bufs[1].cbBuffer = pkgBindings.BindingsLength; + type_2_bufs[1].pvBuffer = pkgBindings.Bindings; + } + } +#endif /* Setup the type-3 "output" security buffer */ type_3_desc.ulVersion = SECBUFFER_VERSION; diff --git a/libs/libcurl/src/vauth/spnego_sspi.c b/libs/libcurl/src/vauth/spnego_sspi.c index 77d1895a5d..00d8404652 100644 --- a/libs/libcurl/src/vauth/spnego_sspi.c +++ b/libs/libcurl/src/vauth/spnego_sspi.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -92,7 +92,7 @@ CURLcode Curl_auth_decode_spnego_message(struct Curl_easy *data, size_t chlglen = 0; unsigned char *chlg = NULL; PSecPkgInfo SecurityPackage; - SecBuffer chlg_buf; + SecBuffer chlg_buf[2]; SecBuffer resp_buf; SecBufferDesc chlg_desc; SecBufferDesc resp_desc; @@ -189,12 +189,39 @@ CURLcode Curl_auth_decode_spnego_message(struct Curl_easy *data, } /* Setup the challenge "input" security buffer */ - chlg_desc.ulVersion = SECBUFFER_VERSION; - chlg_desc.cBuffers = 1; - chlg_desc.pBuffers = &chlg_buf; - chlg_buf.BufferType = SECBUFFER_TOKEN; - chlg_buf.pvBuffer = chlg; - chlg_buf.cbBuffer = curlx_uztoul(chlglen); + chlg_desc.ulVersion = SECBUFFER_VERSION; + chlg_desc.cBuffers = 1; + chlg_desc.pBuffers = &chlg_buf[0]; + chlg_buf[0].BufferType = SECBUFFER_TOKEN; + chlg_buf[0].pvBuffer = chlg; + chlg_buf[0].cbBuffer = curlx_uztoul(chlglen); + +#ifdef SECPKG_ATTR_ENDPOINT_BINDINGS + /* ssl context comes from Schannel. + * When extended protection is used in IIS server, + * we have to pass a second SecBuffer to the SecBufferDesc + * otherwise IIS will not pass the authentication (401 response). + * Minimum supported version is Windows 7. + * https://docs.microsoft.com/en-us/security-updates + * /SecurityAdvisories/2009/973811 + */ + if(nego->sslContext) { + SEC_CHANNEL_BINDINGS channelBindings; + SecPkgContext_Bindings pkgBindings; + pkgBindings.Bindings = &channelBindings; + nego->status = s_pSecFn->QueryContextAttributes( + nego->sslContext, + SECPKG_ATTR_ENDPOINT_BINDINGS, + &pkgBindings + ); + if(nego->status == SEC_E_OK) { + chlg_desc.cBuffers++; + chlg_buf[1].BufferType = SECBUFFER_CHANNEL_BINDINGS; + chlg_buf[1].cbBuffer = pkgBindings.BindingsLength; + chlg_buf[1].pvBuffer = pkgBindings.Bindings; + } + } +#endif } /* Setup the response "output" security buffer */ @@ -222,7 +249,7 @@ CURLcode Curl_auth_decode_spnego_message(struct Curl_easy *data, if(GSS_ERROR(nego->status)) { failf(data, "InitializeSecurityContext failed: %s", - Curl_sspi_strerror(data->easy_conn, nego->status)); + Curl_sspi_strerror(data->conn, nego->status)); return CURLE_OUT_OF_MEMORY; } diff --git a/libs/libcurl/src/vtls/cyassl.c b/libs/libcurl/src/vtls/cyassl.c index 0d45afbf0c..ea96cf65e5 100644 --- a/libs/libcurl/src/vtls/cyassl.c +++ b/libs/libcurl/src/vtls/cyassl.c @@ -794,6 +794,12 @@ static int Curl_cyassl_init(void) } +static void Curl_cyassl_cleanup(void) +{ + CyaSSL_Cleanup(); +} + + static bool Curl_cyassl_data_pending(const struct connectdata* conn, int connindex) { @@ -1004,7 +1010,7 @@ const struct Curl_ssl Curl_ssl_cyassl = { sizeof(struct ssl_backend_data), Curl_cyassl_init, /* init */ - Curl_none_cleanup, /* cleanup */ + Curl_cyassl_cleanup, /* cleanup */ Curl_cyassl_version, /* version */ Curl_none_check_cxn, /* check_cxn */ Curl_cyassl_shutdown, /* shutdown */ diff --git a/libs/libcurl/src/vtls/darwinssl.c b/libs/libcurl/src/vtls/darwinssl.c index 25b101282c..bb251cdb30 100644 --- a/libs/libcurl/src/vtls/darwinssl.c +++ b/libs/libcurl/src/vtls/darwinssl.c @@ -1298,7 +1298,6 @@ set_ssl_version_min_max(struct connectdata *conn, int sockindex) case CURL_SSLVERSION_DEFAULT: case CURL_SSLVERSION_TLSv1: ssl_version = CURL_SSLVERSION_TLSv1_0; - ssl_version_max = max_supported_version_by_os; break; } @@ -1430,7 +1429,6 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn, #if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS if(SSLSetProtocolVersionMax != NULL) { switch(conn->ssl_config.version) { - case CURL_SSLVERSION_DEFAULT: case CURL_SSLVERSION_TLSv1: (void)SSLSetProtocolVersionMin(BACKEND->ssl_ctx, kTLSProtocol1); #if (CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11) && HAVE_BUILTIN_AVAILABLE == 1 @@ -1445,6 +1443,7 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn, #endif /* (CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11) && HAVE_BUILTIN_AVAILABLE == 1 */ break; + case CURL_SSLVERSION_DEFAULT: case CURL_SSLVERSION_TLSv1_0: case CURL_SSLVERSION_TLSv1_1: case CURL_SSLVERSION_TLSv1_2: diff --git a/libs/libcurl/src/vtls/mbedtls.c b/libs/libcurl/src/vtls/mbedtls.c index 6a20e276e3..bb6a757bf2 100644 --- a/libs/libcurl/src/vtls/mbedtls.c +++ b/libs/libcurl/src/vtls/mbedtls.c @@ -6,7 +6,7 @@ * \___|\___/|_| \_\_____| * * Copyright (C) 2010 - 2011, Hoi-Ho Chan, <hoiho.chan@gmail.com> - * Copyright (C) 2012 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2012 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -373,7 +373,7 @@ mbed_connect_step1(struct connectdata *conn, } } - infof(data, "mbedTLS: Connecting to %s:%d\n", hostname, port); + infof(data, "mbedTLS: Connecting to %s:%ld\n", hostname, port); mbedtls_ssl_config_init(&BACKEND->config); @@ -574,19 +574,21 @@ mbed_connect_step2(struct connectdata *conn, ret = mbedtls_ssl_get_verify_result(&BACKEND->ssl); + if(!SSL_CONN_CONFIG(verifyhost)) + /* Ignore hostname errors if verifyhost is disabled */ + ret &= ~MBEDTLS_X509_BADCERT_CN_MISMATCH; + if(ret && SSL_CONN_CONFIG(verifypeer)) { if(ret & MBEDTLS_X509_BADCERT_EXPIRED) failf(data, "Cert verify failed: BADCERT_EXPIRED"); - if(ret & MBEDTLS_X509_BADCERT_REVOKED) { + else if(ret & MBEDTLS_X509_BADCERT_REVOKED) failf(data, "Cert verify failed: BADCERT_REVOKED"); - return CURLE_PEER_FAILED_VERIFICATION; - } - if(ret & MBEDTLS_X509_BADCERT_CN_MISMATCH) + else if(ret & MBEDTLS_X509_BADCERT_CN_MISMATCH) failf(data, "Cert verify failed: BADCERT_CN_MISMATCH"); - if(ret & MBEDTLS_X509_BADCERT_NOT_TRUSTED) + else if(ret & MBEDTLS_X509_BADCERT_NOT_TRUSTED) failf(data, "Cert verify failed: BADCERT_NOT_TRUSTED"); return CURLE_PEER_FAILED_VERIFICATION; diff --git a/libs/libcurl/src/vtls/openssl.c b/libs/libcurl/src/vtls/openssl.c index 8bddb9a8c6..9d11b89e59 100644 --- a/libs/libcurl/src/vtls/openssl.c +++ b/libs/libcurl/src/vtls/openssl.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -1692,6 +1692,7 @@ static CURLcode verifystatus(struct connectdata *conn, struct ssl_connect_data *connssl) { int i, ocsp_status; + unsigned char *status; const unsigned char *p; CURLcode result = CURLE_OK; struct Curl_easy *data = conn->data; @@ -1701,14 +1702,14 @@ static CURLcode verifystatus(struct connectdata *conn, X509_STORE *st = NULL; STACK_OF(X509) *ch = NULL; - long len = SSL_get_tlsext_status_ocsp_resp(BACKEND->handle, &p); + long len = SSL_get_tlsext_status_ocsp_resp(BACKEND->handle, &status); - if(!p) { + if(!status) { failf(data, "No OCSP response received"); result = CURLE_SSL_INVALIDCERTSTATUS; goto end; } - + p = status; rsp = d2i_OCSP_RESPONSE(NULL, &p, len); if(!rsp) { failf(data, "Invalid OCSP response"); @@ -3774,7 +3775,12 @@ static size_t Curl_ossl_version(char *buffer, size_t size) { #ifdef OPENSSL_IS_BORINGSSL return msnprintf(buffer, size, OSSL_PACKAGE); -#else /* OPENSSL_IS_BORINGSSL */ +#elif defined(HAVE_OPENSSL_VERSION) && defined(OPENSSL_VERSION_STRING) + return msnprintf(buffer, size, "%s/%s", + OSSL_PACKAGE, OpenSSL_version(OPENSSL_VERSION_STRING)); +#else + /* not BoringSSL and not using OpenSSL_version */ + char sub[3]; unsigned long ssleay_value; sub[2]='\0'; diff --git a/libs/libcurl/src/vtls/schannel.c b/libs/libcurl/src/vtls/schannel.c index 56fd93e1e5..c8574f56c1 100644 --- a/libs/libcurl/src/vtls/schannel.c +++ b/libs/libcurl/src/vtls/schannel.c @@ -7,7 +7,7 @@ * * Copyright (C) 2012 - 2016, Marc Hoersken, <info@marc-hoersken.de> * Copyright (C) 2012, Mark Salisbury, <mark.salisbury@hp.com> - * Copyright (C) 2012 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2012 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -356,6 +356,7 @@ get_cert_location(TCHAR *path, DWORD *store_name, TCHAR **store_path, TCHAR **thumbprint) { TCHAR *sep; + TCHAR *store_path_start; size_t store_name_len; sep = _tcschr(path, TEXT('\\')); @@ -386,13 +387,17 @@ get_cert_location(TCHAR *path, DWORD *store_name, TCHAR **store_path, else return CURLE_SSL_CERTPROBLEM; - *store_path = sep + 1; + store_path_start = sep + 1; - sep = _tcschr(*store_path, TEXT('\\')); + sep = _tcschr(store_path_start, TEXT('\\')); if(sep == NULL) return CURLE_SSL_CERTPROBLEM; - *sep = 0; + *sep = TEXT('\0'); + *store_path = _tcsdup(store_path_start); + *sep = TEXT('\\'); + if(*store_path == NULL) + return CURLE_OUT_OF_MEMORY; *thumbprint = sep + 1; if(_tcslen(*thumbprint) != CERT_THUMBPRINT_STR_LEN) @@ -435,7 +440,7 @@ schannel_connect_step1(struct connectdata *conn, int sockindex) VERSION_LESS_THAN_EQUAL)) { /* Schannel in Windows XP (OS version 5.1) uses legacy handshakes and algorithms that may not be supported by all servers. */ - infof(data, "schannel: WinSSL version is old and may not be able to " + infof(data, "schannel: Windows version is old and may not be able to " "connect to some servers due to lack of SNI, algorithms, etc.\n"); } @@ -608,9 +613,11 @@ schannel_connect_step1(struct connectdata *conn, int sockindex) failf(data, "schannel: Failed to open cert store %x %s, " "last error is %x", cert_store_name, cert_store_path, GetLastError()); + free(cert_store_path); Curl_unicodefree(cert_path); return CURLE_SSL_CERTPROBLEM; } + free(cert_store_path); cert_thumbprint.pbData = cert_thumbprint_data; cert_thumbprint.cbData = CERT_THUMBPRINT_DATA_LEN; @@ -1414,6 +1421,16 @@ schannel_connect_common(struct connectdata *conn, int sockindex, connssl->state = ssl_connection_complete; conn->recv[sockindex] = schannel_recv; conn->send[sockindex] = schannel_send; + +#ifdef SECPKG_ATTR_ENDPOINT_BINDINGS + /* When SSPI is used in combination with Schannel + * we need the Schannel context to create the Schannel + * binding to pass the IIS extended protection checks. + * Available on Windows 7 or later. + */ + conn->sslContext = &BACKEND->ctxt->ctxt_handle; +#endif + *done = TRUE; } else @@ -2013,9 +2030,16 @@ static int Curl_schannel_shutdown(struct connectdata *conn, int sockindex) /* free SSPI Schannel API credential handle */ if(BACKEND->cred) { - Curl_ssl_sessionid_lock(conn); + /* + * When this function is called from Curl_schannel_close() the connection + * might not have an associated transfer so the check for conn->data is + * necessary. + */ + if(conn->data) + Curl_ssl_sessionid_lock(conn); Curl_schannel_session_free(BACKEND->cred); - Curl_ssl_sessionid_unlock(conn); + if(conn->data) + Curl_ssl_sessionid_unlock(conn); BACKEND->cred = NULL; } @@ -2049,7 +2073,7 @@ static void Curl_schannel_cleanup(void) static size_t Curl_schannel_version(char *buffer, size_t size) { - size = msnprintf(buffer, size, "WinSSL"); + size = msnprintf(buffer, size, "Schannel"); return size; } @@ -2137,11 +2161,11 @@ static CURLcode pkp_pin_peer_pubkey(struct connectdata *conn, int sockindex, } static void Curl_schannel_checksum(const unsigned char *input, - size_t inputlen, - unsigned char *checksum, - size_t checksumlen, - DWORD provType, - const unsigned int algId) + size_t inputlen, + unsigned char *checksum, + size_t checksumlen, + DWORD provType, + const unsigned int algId) { HCRYPTPROV hProv = 0; HCRYPTHASH hHash = 0; @@ -2191,9 +2215,9 @@ static CURLcode Curl_schannel_md5sum(unsigned char *input, unsigned char *md5sum, size_t md5len) { - Curl_schannel_checksum(input, inputlen, md5sum, md5len, - PROV_RSA_FULL, CALG_MD5); - return CURLE_OK; + Curl_schannel_checksum(input, inputlen, md5sum, md5len, + PROV_RSA_FULL, CALG_MD5); + return CURLE_OK; } static CURLcode Curl_schannel_sha256sum(const unsigned char *input, @@ -2201,9 +2225,9 @@ static CURLcode Curl_schannel_sha256sum(const unsigned char *input, unsigned char *sha256sum, size_t sha256len) { - Curl_schannel_checksum(input, inputlen, sha256sum, sha256len, - PROV_RSA_AES, CALG_SHA_256); - return CURLE_OK; + Curl_schannel_checksum(input, inputlen, sha256sum, sha256len, + PROV_RSA_AES, CALG_SHA_256); + return CURLE_OK; } static void *Curl_schannel_get_internals(struct ssl_connect_data *connssl, diff --git a/libs/libcurl/src/vtls/schannel_verify.c b/libs/libcurl/src/vtls/schannel_verify.c index 8b21624ba4..680f6ec5d6 100644 --- a/libs/libcurl/src/vtls/schannel_verify.c +++ b/libs/libcurl/src/vtls/schannel_verify.c @@ -7,7 +7,7 @@ * * Copyright (C) 2012 - 2016, Marc Hoersken, <info@marc-hoersken.de> * Copyright (C) 2012, Mark Salisbury, <mark.salisbury@hp.com> - * Copyright (C) 2012 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2012 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -87,14 +87,14 @@ static CURLcode add_certs_to_store(HCERTSTORE trust_store, LARGE_INTEGER file_size; char *ca_file_buffer = NULL; char *current_ca_file_ptr = NULL; - const TCHAR *ca_file_tstr = NULL; + TCHAR *ca_file_tstr = NULL; size_t ca_file_bufsize = 0; DWORD total_bytes_read = 0; bool more_certs = 0; int num_certs = 0; size_t END_CERT_LEN; - ca_file_tstr = Curl_convert_UTF8_to_tchar(ca_file); + ca_file_tstr = Curl_convert_UTF8_to_tchar((char *)ca_file); if(!ca_file_tstr) { failf(data, "schannel: invalid path name for CA file '%s': %s", |