diff options
| author | dartraiden <wowemuh@gmail.com> | 2018-07-12 17:33:14 +0300 |
|---|---|---|
| committer | dartraiden <wowemuh@gmail.com> | 2018-07-12 17:33:33 +0300 |
| commit | 999189ba4ced57191426de757f7153ec69f24154 (patch) | |
| tree | e7b4e3bb4daab32c0a84a0519eee9d068f9b3422 /libs | |
| parent | 7be9f6e39f0adafa7a70c7521f31e14f60eaac2c (diff) | |
libcurl: update to 7.61
Diffstat (limited to 'libs')
94 files changed, 1240 insertions, 7829 deletions
diff --git a/libs/libcurl/docs/CHANGES b/libs/libcurl/docs/CHANGES deleted file mode 100644 index cbb1072dc5..0000000000 --- a/libs/libcurl/docs/CHANGES +++ /dev/null @@ -1,7171 +0,0 @@ - _ _ ____ _ - ___| | | | _ \| | - / __| | | | |_) | | - | (__| |_| | _ <| |___ - \___|\___/|_| \_\_____| - - Changelog - -Version 7.60.0 (15 May 2018) - -Daniel Stenberg (15 May 2018) -- RELEASE-NOTES: 7.60.0 release - -- THANKS: added people from the curl 7.60.0 release - -- docs/libcurl/index.html: removed - - The HTML files are long gone from the dist, now remove the last HTML - file pointing to those missing files. - - d - -- [steini2000 brought this change] - - http2: remove unused variable - - Closes #2570 - -- [steini2000 brought this change] - - http2: use easy handle of stream for logging - -- gcc: disable picky gcc-8 function pointer warnings in two places - - Reported-by: Rikard Falkeborn - Bug: #2560 - Closes #2569 - -- http2: use the correct function pointer typedef - - Fixes gcc-8 picky compiler warnings - Reported-by: Rikard Falkeborn - Bug: #2560 - Closes #2568 - -- CODE_STYLE: mention return w/o parens, but sizeof with - - ... and remove the github markdown syntax so that it renders better on - the web site. Also, don't use back-ticks inlined to allow the CSS to - highlight source code better. - -- [Rikard Falkeborn brought this change] - - examples: Fix format specifiers - - Closes #2561 - -- [Rikard Falkeborn brought this change] - - tool: Fix format specifiers - -- [Rikard Falkeborn brought this change] - - ntlm: Fix format specifiers - -- [Rikard Falkeborn brought this change] - - tests: Fix format specifiers - -- [Rikard Falkeborn brought this change] - - lib: Fix format specifiers - -- contributors.sh: use "on github", not at - -- http2: getsock fix for uploads - - When there's an upload in progress, make sure to wait for the socket to - become writable. - - Detected-by: steini2000 on github - Bug: #2520 - Closes #2567 - -- pingpong: fix response cache memcpy overflow - - Response data for a handle with a large buffer might be cached and then - used with the "closure" handle when it has a smaller buffer and then the - larger cache will be copied and overflow the new smaller heap based - buffer. - - Reported-by: Dario Weisser - CVE: CVE-2018-1000300 - Bug: https://curl.haxx.se/docs/adv_2018-82c2.html - -- http: restore buffer pointer when bad response-line is parsed - - ... leaving the k->str could lead to buffer over-reads later on. - - CVE: CVE-2018-1000301 - Assisted-by: Max Dymond - - Detected by OSS-Fuzz. - Bug: https://curl.haxx.se/docs/adv_2018-b138.html - Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7105 - -Patrick Monnerat (13 May 2018) -- cookies: do not take cookie name as a parameter - - RFC 6265 section 4.2.1 does not set restrictions on cookie names. - This is a follow-up to commit 7f7fcd0. - Also explicitly check proper syntax of cookie name/value pair. - - New test 1155 checks that cookie names are not reserved words. - - Reported-By: anshnd at github - Fixes #2564 - Closes #2566 - -Daniel Stenberg (12 May 2018) -- smb: reject negative file sizes - - Assisted-by: Max Dymond - - Detected by OSS-Fuzz - Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8245 - -- setup_transfer: deal with both sockets being -1 - - Detected by Coverity; CID 1435559. Follow-up to f8d608f38d00. It would - index the array with -1 if neither index was a socket. - -- travis: add build using NSS - - Closes #2558 - -- [Sunny Purushe brought this change] - - openssl: change FILE ops to BIO ops - - To make builds with VS2015 work. Recent changes in VS2015 _IOB_ENTRIES - handling is causing problems. This fix changes the OpenSSL backend code - to use BIO functions instead of FILE I/O functions to circumvent those - problems. - - Closes #2512 - -- travis: add a build using WolfSSL - - Assisted-by: Dan Fandrich - - Closes #2528 - -- RELEASE-NOTES: typo - -- RELEASE-NOTES: synced - -- [Daniel Gustafsson brought this change] - - URLs: fix one more http url - - This file wasn't included in commit 4af40b3646d3b09 which updated all - haxx.se http urls to https. The file was committed prior to that update, - but may have been merged after it and hence didn't get updated. - - Closes #2550 - -- github/lock: auto-lock closed issues after 90 days of inactivity - -- vtls: fix missing commas - - follow-up to e66cca046cef - -- vtls: use unified "supports" bitfield member in backends - - ... instead of previous separate struct fields, to make it easier to - extend and change individual backends without having to modify them all. - - closes #2547 - -- transfer: don't unset writesockfd on setup of multiplexed conns - - Curl_setup_transfer() can be called to setup a new individual transfer - over a multiplexed connection so it shouldn't unset writesockfd. - - Bug: #2520 - Closes #2549 - -- [Frank Gevaerts brought this change] - - configure: put CURLDEBUG and DEBUGBUILD in lib/curl_config.h - - They are removed from the compiler flags. - - This ensures that make dependency tracking will force a rebuild whenever - configure --enable-debug or --enable-curldebug changes. - - Closes #2548 - -- http: don't set the "rewind" flag when not uploading anything - - It triggers an assert. - - Detected by OSS-Fuzz - Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8144 - Closes #2546 - -- travis: add an mbedtls build - - Closes #2531 - -- configure: only check for CA bundle for file-using SSL backends - - When only building with SSL backends that don't use the CA bundle file - (by default), skip the check. - - Fixes #2543 - Fixes #2180 - Closes #2545 - -- ssh-libssh.c: fix left shift compiler warning - - ssh-libssh.c:2429:21: warning: result of '1 << 31' requires 33 bits to - represent, but 'int' only has 32 bits [-Wshift-overflow=] - - 'len' will never be that big anyway so I converted the run-time check to - a regular assert. - -- [Stephan Mühlstrasser brought this change] - - URL: fix ASCII dependency in strcpy_url and strlen_url - - Commit 3c630f9b0af097663a64e5c875c580aa9808a92b partially reverted the - changes from commit dd7521bcc1b7a6fcb53c31f9bd1192fcc884bd56 because of - the problem that strcpy_url() was modified unilaterally without also - modifying strlen_url(). As a consequence strcpy_url() was again - depending on ASCII encoding. - - This change fixes strlen_url() and strcpy_url() in parallel to use a - common host-encoding independent criterion for deciding whether an URL - character must be %-escaped. - - Closes #2535 - -- [Denis Ollier brought this change] - - docs: remove extraneous commas in man pages - - Closes #2544 - -- RELEASE-NOTES: synced - -- Revert "TODO: remove configure --disable-pthreads" - - This reverts commit d5d683a97f9765bddfd964fe32e137aa6e703ed3. - - --disable-pthreads can be used to disable pthreads and get the threaded - resolver to use the windows threading when building with mingw. - -- vtls: don't define MD5_DIGEST_LENGTH for wolfssl - - ... as it defines it (too) - -- TODO: remove configure --disable-pthreads - -Jay Satiro (2 May 2018) -- [David Garske brought this change] - - wolfssl: Fix non-blocking connect - - Closes https://github.com/curl/curl/pull/2542 - -Daniel Stenberg (30 Apr 2018) -- CURLOPT_URL.3: add ENCODING section [ci skip] - - Feedback-by: Michael Kilburn - -- KNOWN_BUGS: Client cert with Issuer DN differs between backends - - Closes #1411 - -- KNOWN_BUGS: Passive transfer tries only one IP address - - Closes #1508 - -- KNOWN_BUGS: --upload-file . hang if delay in STDIN - - Closes #2051 - -- KNOWN_BUGS: Connection information when using TCP Fast Open - - Closes #1332 - -- travis: enable libssh2 on both macos and Linux - - It seems to not be detected by default anymore (which is a bug I - believe) - - Closes #2541 - -- TODO: Support the clienthello extension - - Closes #2299 - -- TODO: CLOEXEC - - Closes #2252 - -- tests: provide 'manual' as a feature to optionally require - - ... and make test 1026 rely on that feature so that --disable-manual - builds don't cause test failures. - - Reported-by: Max Dymond and Anders Roxell - Fixes #2533 - Closes #2540 - -- CURLINFO_PROTOCOL.3: mention the existing defined names - -Jay Satiro (27 Apr 2018) -- [Daniel Gustafsson brought this change] - - cookies: remove unused macro - - Commit 2bc230de63 made the macro MAX_COOKIE_LINE_TXT become unused, - so remove as it's not part of the published API. - - Closes https://github.com/curl/curl/pull/2537 - -Daniel Stenberg (27 Apr 2018) -- [Daniel Gustafsson brought this change] - - checksrc: force indentation of lines after an else - - This extends the INDENTATION case to also handle 'else' statements - and require proper indentation on the following line. Also fixes the - offending cases found in the codebase. - - Closes #2532 - -- http2: fix null pointer dereference in http2_connisdead - - This function can get called on a connection that isn't setup enough to - have the 'recv_underlying' function pointer initialized so it would try - to call the NULL pointer. - - Reported-by: Dario Weisser - - Follow-up to db1b2c7fe9b093f8 (never shipped in a release) - Closes #2536 - -- http2: get rid of another strstr() - - Follow-up to 1514c44655e12e: replace another strstr() call done on a - buffer that might not be zero terminated - with a memchr() call, even if - we know the substring will be found. - - Assisted-by: Max Dymond - - Detected by OSS-Fuzz - Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8021 - - Closes #2534 - -- cyassl: adapt to libraries without TLS 1.0 support built-in - - WolfSSL doesn't enable it by default anymore - -- configure: provide --with-wolfssl as an alias for --with-cyassl - -- RELEASE-NOTES: synced - -- [Daniel Gustafsson brought this change] - - os400.c: fix ASSIGNWITHINCONDITION checksrc warnings - - All occurrences of assignment within conditional expression in - os400sys.c rewritten into two steps: first assignment and then the check - on the success of the assignment. Also adjust related incorrect brace - positions to match project indentation style. - - This was spurred by seeing "if((inp = input_token))", but while in there - all warnings were fixed. - - There should be no functional change from these changes. - - Closes #2525 - -- [Daniel Gustafsson brought this change] - - cookies: ensure that we have cookies before writing jar - - The jar should be written iff there are cookies, so ensure that we still - have cookies after expiration to avoid creating an empty file. - - Closes #2529 - -- strcpy_url: only %-encode values >= 0x80 - - OSS-Fuzz detected - - https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8000 - - Broke in dd7521bcc1b7 - -- mime: avoid NULL pointer dereference risk - - Coverity detected, CID 1435120 - - Closes #2527 - -- [Stephan Mühlstrasser brought this change] - - ctype: restore character classification for non-ASCII platforms - - With commit 4272a0b0fc49a1ac0ceab5c4a365c9f6ab8bf8e2 curl-speficic - character classification macros and functions were introduced in - curl_ctype.[ch] to avoid dependencies on the locale. This broke curl on - non-ASCII, e.g. EBCDIC platforms. This change restores the previous set - of character classification macros when CURL_DOES_CONVERSIONS is - defined. - - Closes #2494 - -- ftplistparser: keep state between invokes - - Fixes FTP wildcard parsing when done over a number of read buffers. - - Regression from f786d1f14 - - Reported-by: wncboy on github - Fixes #2445 - Closes #2526 - -- examples/http2-upload: expand buffer to avoid silly warning - - http2-upload.c:135:44: error: ‘%02d’ directive output may be truncated - writing between 2 and 11 bytes into a region of size between 8 and 17 - -- examples/sftpuploadresume: typecast fseek argument to long - - /docs/examples/sftpuploadresume.c:102:12: warning: conversion to 'long - int' from 'curl_off_t {aka long long int}' may alter its value - -- Revert "ftplistparser: keep state between invokes" - - This reverts commit abbc8457d85aca74b7cfda1d394b0844932b2934. - - Caused fuzzer problems on travis not seen when this was a PR! - -- Curl_memchr: zero length input can't match - - Avoids undefined behavior. - - Reported-by: Geeknik Labs - -- ftplistparser: keep state between invokes - - Fixes FTP wildcard parsing when doing over a number of read buffers. - - Regression from f786d1f14 - - Reported-by: wncboy on github - Fixes #2445 - Closes #2519 - -- ftplistparser: renamed some members and variables - - ... to make them better spell out what they're for. - -- RELEASE-NOTES: synced - -- [Christian Schmitz brought this change] - - curl_global_sslset: always provide available backends - - Closes #2499 - -- http2: convert an assert to run-time check - - Fuzzing has proven we can reach code in on_frame_recv with status_code - not having been set, so let's detect that in run-time (instead of with - assert) and error error accordingly. - - (This should no longer happen with the latest nghttp2) - - Detected by OSS-Fuzz - Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7903 - Closes #2514 - -- curl.1: clarify that options and URLs can be mixed - - Fixes #2515 - Closes #2517 - -Jay Satiro (23 Apr 2018) -- [Archangel_SDY brought this change] - - CURLOPT_SSLCERT.3: improve WinSSL-specific usage info - - Ref: https://github.com/curl/curl/pull/2376#issuecomment-381858780 - - Closes https://github.com/curl/curl/pull/2504 - -- [Archangel_SDY brought this change] - - schannel: fix build error on targets <= XP - - - Use CRYPT_STRING_HEX instead of CRYPT_STRING_HEXRAW since XP doesn't - support the latter. - - Ref: https://github.com/curl/curl/pull/2376#issuecomment-382153668 - - Closes https://github.com/curl/curl/pull/2504 - -Daniel Stenberg (23 Apr 2018) -- Revert "ftplistparser: keep state between invokes" - - This reverts commit 8fb78f9ddc6d858d630600059b8ad84a80892fd9. - - Unfortunately this fix introduces memory leaks I've not been able to fix - in several days. Reverting this for now to get the leaks fixed. - -Jay Satiro (21 Apr 2018) -- tool_help: clarify --max-time unit of time is seconds - - Before: - -m, --max-time <time> Maximum time allowed for the transfer - - After: - -m, --max-time <seconds> Maximum time allowed for the transfer - -Daniel Stenberg (20 Apr 2018) -- http2: handle GOAWAY properly - - When receiving REFUSED_STREAM, mark the connection for close and retry - streams accordingly on another/fresh connection. - - Reported-by: Terry Wu - Fixes #2416 - Fixes #1618 - Closes #2510 - -- http2: clear the "drain counter" when a stream is closed - - This fixes the notorious "httpc->drain_total >= data->state.drain" - assert. - - Reported-by: Anders Bakken - - Fixes #1680 - Closes #2509 - -- http2: avoid strstr() on data not zero terminated - - It's not strictly clear if the API contract allows us to call strstr() - on a string that isn't zero terminated even when we know it will find - the substring, and clang's ASAN check dislikes us for it. - - Also added a check of the return code in case it fails, even if I can't - think of a situation how that can trigger. - - Detected by OSS-Fuzz - Closes #2513 - Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7760 - -- [Stephan Mühlstrasser brought this change] - - openssl: fix subjectAltName check on non-ASCII platforms - - Curl_cert_hostcheck operates with the host character set, therefore the - ASCII subjectAltName string retrieved with OpenSSL must be converted to - the host encoding before comparison. - - Closes #2493 - -Jay Satiro (20 Apr 2018) -- openssl: Add support for OpenSSL 1.1.1 verbose-mode trace messages - - - Support handling verbose-mode trace messages of type - SSL3_RT_INNER_CONTENT_TYPE, SSL3_MT_ENCRYPTED_EXTENSIONS, - SSL3_MT_END_OF_EARLY_DATA, SSL3_MT_KEY_UPDATE, SSL3_MT_NEXT_PROTO, - SSL3_MT_MESSAGE_HASH - - Reported-by: iz8mbw@users.noreply.github.com - - Fixes https://github.com/curl/curl/issues/2403 - -Daniel Stenberg (19 Apr 2018) -- ftplistparser: keep state between invokes - - Regression from f786d1f14 - - Reported-by: wncboy on github - Fixes #2445 - Closes #2508 - -- detect_proxy: only show proxy use if it had contents - -- http2: handle on_begin_headers() called more than once - - This triggered an assert if called more than once in debug mode (and a - memory leak if not debug build). With the right sequence of HTTP/2 - headers incoming it can happen. - - Detected by OSS-Fuzz - - Closes #2507 - Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7764 - -Jay Satiro (18 Apr 2018) -- [Dan McNulty brought this change] - - schannel: add support for CURLOPT_CAINFO - - - Move verify_certificate functionality in schannel.c into a new - file called schannel_verify.c. Additionally, some structure defintions - from schannel.c have been moved to schannel.h to allow them to be - used in schannel_verify.c. - - - Make verify_certificate functionality for Schannel available on - all versions of Windows instead of just Windows CE. verify_certificate - will be invoked on Windows CE or when the user specifies - CURLOPT_CAINFO and CURLOPT_SSL_VERIFYPEER. - - - In verify_certificate, create a custom certificate chain engine that - exclusively trusts the certificate store backed by the CURLOPT_CAINFO - file. - - - doc updates of --cacert/CAINFO support for schannel - - - Use CERT_NAME_SEARCH_ALL_NAMES_FLAG when invoking CertGetNameString - when available. This implements a TODO in schannel.c to improve - handling of multiple SANs in a certificate. In particular, all SANs - will now be searched instead of just the first name. - - - Update tool_operate.c to not search for the curl-ca-bundle.crt file - when using Schannel to maintain backward compatibility. Previously, - any curl-ca-bundle.crt file found in that search would have been - ignored by Schannel. But, with CAINFO support, the file found by - that search would have been used as the certificate store and - could cause issues for any users that have curl-ca-bundle.crt in - the search path. - - - Update url.c to not set the build time CURL_CA_BUNDLE if the selected - SSL backend is Schannel. We allow setting CA location for schannel - only when explicitly specified by the user via CURLOPT_CAINFO / - --cacert. - - - Add new test cases 3000 and 3001. These test cases check that the first - and last SAN, respectively, matches the connection hostname. New test - certificates have been added for these cases. For 3000, the certificate - prefix is Server-localhost-firstSAN and for 3001, the certificate - prefix is Server-localhost-secondSAN. - - - Remove TODO 15.2 (Add support for custom server certificate - validation), this commit addresses it. - - Closes https://github.com/curl/curl/pull/1325 - -- schannel: fix warning - - - Fix warning 'integer from pointer without a cast' on 3rd arg in - CertOpenStore. The arg type HCRYPTPROV may be a pointer or integer - type of the same size. - - Follow-up to e35b025. - - Caught by Marc's CI builds. - -- [Jakub Wilk brought this change] - - docs: fix typos - - Closes https://github.com/curl/curl/pull/2503 - -Daniel Stenberg (17 Apr 2018) -- RELEASE-NOTES: synced - -Jay Satiro (17 Apr 2018) -- [Kees Dekker brought this change] - - winbuild: Support custom devel paths for each dependency - - - Support custom devel paths for c-ares, mbedTLS, nghttp2, libSSH2, - OpenSSL and zlib. Respectively: CARES_PATH, MBEDTLS_PATH, - NGHTTP2_PATH, SSH2_PATH, SSL_PATH and ZLIB_PATH. - - - Use lib.exe for making the static library instead of link.exe /lib. - The latter is undocumented and could cause problems as noted in the - comments. - - - Remove a dangling URL that no longer worked. (I was not able to find - the IDN download at MSDN/microsoft.com, so it seems to be removed.) - - - Remove custom override for release-ssh2-ssl-dll-zlib configuration. - Nobody knows why it was there and as far as we can see is unnecessary. - - Closes https://github.com/curl/curl/pull/2474 - -Daniel Stenberg (17 Apr 2018) -- [Jess brought this change] - - README.md: add backers and sponsors - - Closes #2484 - -- [Archangel_SDY brought this change] - - schannel: add client certificate authentication - - Users can now specify a client certificate in system certificates store - explicitly using expression like `--cert "CurrentUser\MY\<thumbprint>"` - - Closes #2376 - -Marcel Raad (16 Apr 2018) -- [toughengineer brought this change] - - ntlm_sspi: fix authentication using Credential Manager - - If you pass empty user/pass asking curl to use Windows Credential - Storage (as stated in the docs) and it has valid credentials for the - domain, e.g. - curl -v -u : --ntlm example.com - currently authentication fails. - This change fixes it by providing proper SPN string to the SSPI API - calls. - - Fixes https://github.com/curl/curl/issues/1622 - Closes https://github.com/curl/curl/pull/1660 - -Daniel Stenberg (16 Apr 2018) -- configure: keep LD_LIBRARY_PATH changes local - - ... only set it when we actually have to run tests to reduce its impact - on for example build commands etc. - - Fixes #2490 - Closes #2492 - - Reported-by: Dmitry Mikhirev - -Marcel Raad (16 Apr 2018) -- urldata: make service names unconditional - - The ifdefs have become quite long. Also, the condition for the - definition of CURLOPT_SERVICE_NAME and for setting it from - CURLOPT_SERVICE_NAME have diverged. We will soon also need the two - options for NTLM, at least when using SSPI, for - https://github.com/curl/curl/pull/1660. - Just make the definitions unconditional to make that easier. - - Closes https://github.com/curl/curl/pull/2479 - -Daniel Stenberg (16 Apr 2018) -- test1148: tolerate progress updates better - - Fixes #2446 - Closes #2488 - -- [Christian Schmitz brought this change] - - ssh: show libSSH2 error code when closing fails - - Closes #2500 - -Jay Satiro (15 Apr 2018) -- [Daniel Gustafsson brought this change] - - vauth: Fix typo - - Address various spellings of "credentials". - - Closes https://github.com/curl/curl/pull/2496 - -- [Dagobert Michelsen brought this change] - - system.h: Add sparcv8plus to oracle/sunpro 32-bit detection - - With specific compiler options selecting the arch like -xarch=sparc on - newer compilers like Oracle Studio 12.4 there is no definition of - __sparcv8 but __sparcv8plus which means the V9 ISA, but limited to the - 32ÎíÎñbit subset defined by the V8plus ISA specification, without the - Visual Instruction Set (VIS), and without other implementation-specific - ISA extensions. So it should be the same as __sparcv8. - - Closes https://github.com/curl/curl/pull/2491 - -- [Daniel Gustafsson brought this change] - - checksrc: Fix typo - - Fix typo in "semicolon" spelling and remove stray tab character. - - Closes https://github.com/curl/curl/pull/2498 - -- [Daniel Gustafsson brought this change] - - all: Refactor malloc+memset to use calloc - - When a zeroed out allocation is required, use calloc() rather than - malloc() followed by an explicit memset(). The result will be the - same, but using calloc() everywhere increases consistency in the - codebase and avoids the risk of subtle bugs when code is injected - between malloc and memset by accident. - - Closes https://github.com/curl/curl/pull/2497 - -Daniel Stenberg (12 Apr 2018) -- duphandle: make sure CURLOPT_RESOLVE is duplicated fine too - - Verified in test 1502 now - - Fixes #2485 - Closes #2486 - Reported-by: Ernst Sjöstrand - -- mailmap: add a monnerat fixup [ci skip] - -- proxy: show getenv proxy use in verbose output - - ... to aid debugging etc as it sometimes isn't immediately obvious why - curl uses or doesn't use a proxy. - - Inspired by #2477 - - Closes #2480 - -- travis: build libpsl and make builds use it - - closes #2471 - -- travis: bump to clang 6 and gcc 7 - - Extra-eye-on-this-by: Marcel Raad - - Closes #2478 - -Marcel Raad (10 Apr 2018) -- travis: use trusty for coverage build - - This works now and precise is in the process of being decommissioned. - - Closes https://github.com/curl/curl/pull/2476 - -- lib: silence null-dereference warnings - - In debug mode, MingGW-w64's GCC 7.3 issues null-dereference warnings - when dereferencing pointers after DEBUGASSERT-ing that they are not - NULL. - Fix this by removing the DEBUGASSERTs. - - Suggested-by: Daniel Stenberg - Ref: https://github.com/curl/curl/pull/2463 - -- [Kees Dekker brought this change] - - winbuild: fix URL - - Follow up on https://github.com/curl/curl/pull/2472. - Now using en-us instead of nl-nl as language code in the URL. - - Closes https://github.com/curl/curl/pull/2475 - -Daniel Stenberg (9 Apr 2018) -- [Kees Dekker brought this change] - - winbuild: updated the documentation - - The setenv command no longer exists and visual studio build prompts got - changed. Used Visual Studio 2015/2017 as reference. - - Closes #2472 - -- test1136: fix cookie order after commit c990eadd1277 - -- build: cleanup to fix clang warnings/errors - - unit1309 and vtls/gtls: error: arithmetic on a null pointer treated as a - cast from integer to pointer is a GNU extension - - Reported-by: Rikard Falkeborn - - Fixes #2466 - Closes #2468 - -Jay Satiro (7 Apr 2018) -- examples/sftpuploadresmue: Fix Windows large file seek - - - Use _fseeki64 instead of fseek (long) to seek curl_off_t in Windows. - - - Use CURL_FORMAT_CURL_OFF_T specifier instead of %ld to print - curl_off_t. - - Caught by Marc's CI builds. - -Daniel Stenberg (7 Apr 2018) -- curl_setup: provide a CURL_SA_FAMILY_T type if none exists - - ... and use this type instead of 'sa_family_t' in the code since several - platforms don't have it. - - Closes #2463 - -- [Eric Gallager brought this change] - - build: add picky compiler warning flags for gcc 6 and 7 - -- configure: detect sa_family_t - -Jay Satiro (7 Apr 2018) -- [Stefan Agner brought this change] - - tool_operate: Fix retry on FTP 4xx to ignore other protocols - - Only treat response code as FTP response codes in case the - protocol type is FTP. - - This fixes an issue where an HTTP download was treated as FTP - in case libcurl returned with 33. This happens when the - download has already finished and the server responses 416: - HTTP/1.1 416 Requested Range Not Satisfiable - - This should not be treated as an FTP error. - - Fixes #2464 - Closes #2465 - -Daniel Stenberg (6 Apr 2018) -- hash: calculate sizes with size_t instead of longs - - ... since they return size_t anyway! - - closes #2462 - -- RELEASE-NOTES: synced - -- [Jay Satiro brought this change] - - build-openssl.bat: Refer to VS2017 as VC14.1 instead of VC15 - - .. and do the same for build-wolfssl.bat. - - Because MS calls it VC14.1. - - Closes https://github.com/curl/curl/pull/2189 - -- [Kees Dekker brought this change] - - winbuild: make the clean target work without build-type - - Due to the check in Makefile.vc and MakefileBuild.vc, no make call can - be invoked unless a build-type was specified. However, a clean target - only existed when a build type was specified. As a result, the clean - target was unreachable. Made clean target unconditional. - - Closes #2455 - -- [patelvivekv1993 brought this change] - - build-openssl.bat: allow custom paths for VS and perl - - Fixes #2430 - Closes #2457 - -- [Laurie Clark-Michalek brought this change] - - FTP: allow PASV on IPv6 connections when a proxy is being used - - In the situation of a client connecting to an FTP server using an IPv6 - tunnel proxy, the connection info will indicate that the connection is - IPv6. However, because the server behing the proxy is IPv4, it is - permissable to attempt PSV mode. In the case of the FTP server being - IPv4 only, EPSV will always fail, and with the current logic curl will - be unable to connect to the server, as the IPv6 fwdproxy causes curl to - think that EPSV is impossible. - - Closes #2432 - -- [Jon DeVree brought this change] - - file: restore old behavior for file:////foo/bar URLs - - curl 7.57.0 and up interpret this according to Appendix E.3.2 of RFC - 8089 but then returns an error saying this is unimplemented. This is - actually a regression in behavior on both Windows and Unix. - - Before curl 7.57.0 this URL was treated as a path of "//foo/bar" and - then passed to the relevant OS API. This means that the behavior of this - case is actually OS dependent. - - The Unix path resolution rules say that the OS must handle swallowing - the extra "/" and so this path is the same as "/foo/bar" - - The Windows path resolution rules say that this is a UNC path and - automatically handles the SMB access for the program. So curl on Windows - was already doing Appendix E.3.2 without any special code in curl. - - Regression - - Closes #2438 - -- [Gaurav Malhotra brought this change] - - Revert "openssl: Don't add verify locations when verifypeer==0" - - This reverts commit dc85437736e1fc90e689bb1f6c51c8f1aa9430eb. - - libcurl (with the OpenSSL backend) performs server certificate verification - even if verifypeer == 0 and the verification result is available using - CURLINFO_SSL_VERIFYRESULT. The commit that is being reverted caused the - CURLINFO_SSL_VERIFYRESULT to not have useful information for the - verifypeer == 0 use case (it would always have - X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY). - - Closes #2451 - -- [Wyatt O'Day brought this change] - - tls: fix mbedTLS 2.7.0 build + handle sha256 failures - - (mbedtls 2.70 compiled with MBEDTLS_DEPRECATED_REMOVED) - - Closes #2453 - -- [Lauri Kasanen brought this change] - - cookie: case-insensitive hashing for the domains - - closes #2458 - -Patrick Monnerat (4 Apr 2018) -- cookie: fix and optimize 2nd top level domain name extraction - - This fixes a segfault occurring when a name of the (invalid) form "domain..tld" - is processed. - - test46 updated to cover this case. - - Follow-up to commit c990ead. - - Ref: https://github.com/curl/curl/pull/2440 - -Daniel Stenberg (4 Apr 2018) -- openssl: provide defines for argument typecasts to build warning-free - - ... as OpenSSL >= 1.1.0 and libressl >= 2.7.0 use different argument types. - -- [Bernard Spil brought this change] - - openssl: fix build with LibreSSL 2.7 - - - LibreSSL 2.7 implements (most of) OpenSSL 1.1 API - - Fixes #2319 - Closes #2447 - Closes #2448 - - Signed-off-by: Bernard Spil <brnrd@FreeBSD.org> - -- [Lauri Kasanen brought this change] - - cookie: store cookies per top-level-domain-specific hash table - - This makes libcurl handle thousands of cookies much better and speedier. - - Closes #2440 - -- [Lauri Kasanen brought this change] - - cookies: when reading from a file, only remove_expired once - - This drops the cookie load time for 8k cookies from 178ms to 15ms. - - Closes #2441 - -- test1148: set a fixed locale for the test - - ...as otherwise it might use a different decimal sign. - - Bug: #2436 - Reported-by: Oumph on github - -Jay Satiro (31 Mar 2018) -- docs: fix CURLINFO_*_T examples use of CURL_FORMAT_CURL_OFF_T - - - Put a percent sign before each CURL_FORMAT_CURL_OFF_T in printf. - - For example "%" CURL_FORMAT_CURL_OFF_T becomes %lld or similar. - - Bug: https://curl.haxx.se/mail/lib-2018-03/0140.html - Reported-by: David L. - -Sergei Nikulov (27 Mar 2018) -- [Michał Janiszewski brought this change] - - cmake: Add advapi32 as explicit link library for win32 - - ARM targets need advapi32 explicitly. - - Closes #2363 - -Daniel Stenberg (27 Mar 2018) -- TODO: connection cache sharing is now supporte - -Jay Satiro (26 Mar 2018) -- travis: enable apt retry on fail - - This is a workaround for an unsolved travis issue that is causing CI - instances to sporadically fail due to 'unable to connect' issues during - apt stage. - - Ref: https://github.com/travis-ci/travis-ci/issues/8507 - Ref: https://github.com/travis-ci/travis-ci/issues/9112#issuecomment-376305909 - -Michael Kaufmann (26 Mar 2018) -- runtests.pl: fix warning 'use of uninitialized value' - - follow-up to a9a7b60 - - Closes #2428 - -Daniel Stenberg (24 Mar 2018) -- gitignore: ignore more generated files - -- threaded resolver: track resolver time and set suitable timeout values - - In order to make curl_multi_timeout() return suitable "sleep" times even - when there's no socket to wait for while the name is being resolved in a - helper thread. - - It will increases the timeouts as time passes. - - Closes #2419 - -- [Howard Chu brought this change] - - openldap: fix for NULL return from ldap_get_attribute_ber() - - Closes #2399 - -GitHub (22 Mar 2018) -- [Sergei Nikulov brought this change] - - travis-ci: enable -Werror for CMake builds (#2418) - -- [Sergei Nikulov brought this change] - - cmake: avoid warn-as-error during config checks (#2411) - - - Move the CURL_WERROR option processing after the configuration checks - to avoid failures in case of warnings during the configuration checks. - - This is a partial fix for #2358 - -- [Sergei Nikulov brought this change] - - timeval: remove compilation warning by casting (#2417) - - This is fixes #2358 - -Daniel Stenberg (22 Mar 2018) -- http2: read pending frames (including GOAWAY) in connection-check - - If a connection has received a GOAWAY frame while not being used, the - function now reads frames off the connection before trying to reuse it - to avoid reusing connections the server has told us not to use. - - Reported-by: Alex Baines - Fixes #1967 - Closes #2402 - -- [Bas van Schaik brought this change] - - CI: add lgtm.yml for tweaking lgtm.com analysis - - Closes #2414 - -- CURLINFO_SSL_VERIFYRESULT.3: fix the example, add some text - - Reported-by: Michal Trybus - - Fixes #2400 - -- TODO: expand ~/ in config files - - Closes #2317 - -- cookie.d: mention that "-" as filename means stdin - - Reported-by: Dongliang Mu - Fixes #2410 - -- CURLINFO_COOKIELIST.3: made the example not leak memory - - Reported-by: Muz Dima - -- vauth/cleartext: fix integer overflow check - - Make the integer overflow check not rely on the undefined behavior that - a size_t wraps around on overflow. - - Detected by lgtm.com - Closes #2408 - -- lib/curl_path.h: add #ifdef header guard - - Detected by lgtm.com - -- vauth/ntlm.h: fix the #ifdef header guard - - Detected by lgtm.com - -Jay Satiro (20 Mar 2018) -- examples/hiperfifo: checksrc compliance - -Daniel Stenberg (19 Mar 2018) -- [Nikos Tsipinakis brought this change] - - parsedate: support UT timezone - - RFC822 section 5.2 mentions Universal Time, 'UT', to be synonymous with - GMT. - - Closes #2401 - -- RELEASE-NOTES: synced - -- [Don brought this change] - - cmake: add support for brotli - - Currently CMake cannot detect Brotli support. This adds detection of the - libraries and associated header files. It also adds this to the - generated config. - - Closes #2392 - -- [Chris Araman brought this change] - - darwinssl: fix iOS build - -Patrick Monnerat (18 Mar 2018) -- ILE/RPG binding: Add CURLOPT_HAPROXYPROTOCOL/Fix CURLOPT_DNS_SHUFFLE_ADDRESSES - -Daniel Stenberg (17 Mar 2018) -- [Rick Deist brought this change] - - resolve: add CURLOPT_DNS_SHUFFLE_ADDRESSES - - This patch adds CURLOPT_DNS_SHUFFLE_ADDRESSES to explicitly request - shuffling of IP addresses returned for a hostname when there is more - than one. This is useful when the application knows that a round robin - approach is appropriate and is willing to accept the consequences of - potentially discarding some preference order returned by the system's - implementation. - - Closes #1694 - -- add_handle/easy_perform: clear errorbuffer on start if set - - To offer applications a more defined behavior, we clear the buffer as - early as possible. - - Assisted-by: Jay Satiro - - Fixes #2190 - Closes #2377 - -- [Lawrence Matthews brought this change] - - CURLOPT_HAPROXYPROTOCOL: support the HAProxy PROXY protocol - - Add --haproxy-protocol for the command line tool - - Closes #2162 - -- curl_version_info.3: fix ssl_version description - - Reported-by: Vincas Razma - Fixes #2364 - -- multi: improved pending transfers handling => improved performance - - When a transfer is requested to get done and it is put in the pending - queue when limited by number of connections, total or per-host, libcurl - would previously very aggressively retry *ALL* pending transfers to get - them transferring. That was very time consuming. - - By reducing the aggressiveness in how pending are being retried, we - waste MUCH less time on putting transfers back into pending again. - - Some test cases got a factor 30(!) speed improvement with this change. - - Reported-by: Cyril B - Fixes #2369 - Closes #2383 - -- pause: when changing pause state, update socket state - - Especially unpausing a transfer might have to move the socket back to the - "currently used sockets" hash to get monitored. Otherwise it would never get - any more data and get stuck. Easily triggered with pausing using the - multi_socket API. - - Reported-by: Philip Prindeville - Bug: https://curl.haxx.se/mail/lib-2018-03/0048.html - Fixes #2393 - Closes #2391 - -- [Philip Prindeville brought this change] - - examples/hiperfifo.c: improved - - * use member struct event’s instead of pointers to alloc’d struct - events - - * simplify the cases for the mcode_or_die() function via macros; - - * make multi_timer_cb() actually do what the block comment says it - should; - - * accept a “stop” command on the FIFO to shut down the service; - - * use cleaner notation for unused variables than the (void) hack; - - * allow following redirections (304’s); - -- rate-limit: use three second window to better handle high speeds - - Due to very frequent updates of the rate limit "window", it could - attempt to rate limit within the same milliseconds and that then made - the calculations wrong, leading to it not behaving correctly on very - fast transfers. - - This new logic updates the rate limit "window" to be no shorter than the - last three seconds and only updating the timestamps for this when - switching between the states TOOFAST/PERFORM. - - Reported-by: 刘佩东 - Fixes #2386 - Closes #2388 - -- [luz.paz brought this change] - - cleanup: misc typos in strings and comments - - Found via `codespell` - - Closes #2389 - -- RELEASE-NOTES: toward 7.60.0 - -- [Kobi Gurkan brought this change] - - http2: fixes typo - - Closes #2387 - -- user-agent.d:: mention --proxy-header as well - - Bug: https://github.com/curl/curl/issues/2381 - -- transfer: make HTTP without headers count correct body size - - This is what "HTTP/0.9" basically looks like. - - Reported on IRC - - Closes #2382 - -- test1208: marked flaky - - It fails somewhere between every 3rd to 10th travis-CI run - -- SECURITY-PROCESS: mention how we write/add advisories - -- [dasimx brought this change] - - FTP: fix typo in recursive callback detection for seeking - - Fixes #2380 - -Version 7.59.0 (13 Mar 2018) - -Daniel Stenberg (13 Mar 2018) -- release: 7.59.0 - -Kamil Dudka (13 Mar 2018) -- tests/.../spnego.py: fix identifier typo - - Detected by Coverity Analysis: - - Error: IDENTIFIER_TYPO: - curl-7.58.0/tests/python_dependencies/impacket/spnego.py:229: identifier_typo: Using "SuportedMech" appears to be a typo: - * Identifier "SuportedMech" is only known to be referenced here, or in copies of this code. - * Identifier "SupportedMech" is referenced elsewhere at least 4 times. - curl-7.58.0/tests/python_dependencies/impacket/smbserver.py:2651: identifier_use: Example 1: Using identifier "SupportedMech". - curl-7.58.0/tests/python_dependencies/impacket/smbserver.py:2308: identifier_use: Example 2: Using identifier "SupportedMech". - curl-7.58.0/tests/python_dependencies/impacket/spnego.py:252: identifier_use: Example 3: Using identifier "SupportedMech" (2 total uses in this function). - curl-7.58.0/tests/python_dependencies/impacket/spnego.py:229: remediation: Should identifier "SuportedMech" be replaced by "SupportedMech"? - - Closes #2379 - -Daniel Stenberg (13 Mar 2018) -- CURLOPT_COOKIEFILE.3: "-" as file name means stdin - - Reported-by: Aron Bergman - Bug: https://curl.haxx.se/mail/lib-2018-03/0049.html - - [ci skip] - -- Revert "hostip: fix compiler warning: 'variable set but not used'" - - This reverts commit a577059f92fc65bd6b81717f0737f897a5b34248. - - The assignment really needs to be there or we risk working with an - uninitialized pointer. - -Michael Kaufmann (12 Mar 2018) -- limit-rate: fix compiler warning - - follow-up to 72a0f62 - -Viktor Szakats (12 Mar 2018) -- checksrc.pl: add -i and -m options - - To sync it with changes made for the libssh2 project. - Also cleanup some whitespace. - -- curl-openssl.m4: fix spelling [ci skip] - -- FAQ: fix a broken URL [ci skip] - -Daniel Stenberg (12 Mar 2018) -- http2: mark the connection for close on GOAWAY - - ... don't consider it an error! - - Assisted-by: Jay Satiro - Reported-by: Łukasz Domeradzki - Fixes #2365 - Closes #2375 - -- credits: Viktor prefers without accent - -- openldap: white space changes, fixed up the copyright years - -- openldap: check ldap_get_attribute_ber() results for NULL before using - - CVE-2018-1000121 - Reported-by: Dario Weisser - Bug: https://curl.haxx.se/docs/adv_2018-97a2.html - -- FTP: reject path components with control codes - - Refuse to operate when given path components featuring byte values lower - than 32. - - Previously, inserting a %00 sequence early in the directory part when - using the 'singlecwd' ftp method could make curl write a zero byte - outside of the allocated buffer. - - Test case 340 verifies. - - CVE-2018-1000120 - Reported-by: Duy Phan Thanh - Bug: https://curl.haxx.se/docs/adv_2018-9cd6.html - -- readwrite: make sure excess reads don't go beyond buffer end - - CVE-2018-1000122 - Bug: https://curl.haxx.se/docs/adv_2018-b047.html - - Detected by OSS-fuzz - -- BUGS: updated link to security process - -- limit-rate: kick in even before "limit" data has been received - - ... and make sure to avoid integer overflows with really large values. - - Reported-by: 刘佩东 - Fixes #2371 - Closes #2373 - -- docs/SECURITY.md -> docs/SECURITY-PROCESS.md - -- SECURITY.md: call it the security process - -Michael Kaufmann (11 Mar 2018) -- Curl_range: fix FTP-only and FILE-only builds - - follow-up to e04417d - -- hostip: fix compiler warning: 'variable set but not used' - -Daniel Stenberg (11 Mar 2018) -- HTTP: allow "header;" to replace an internal header with a blank one - - Reported-by: Michael Kaufmann - Fixes #2357 - Closes #2362 - -- http2: verbose output new MAX_CONCURRENT_STREAMS values - - ... as it is interesting for many users. - -- SECURITY: distros' max embargo time is 14 days now - -Patrick Monnerat (8 Mar 2018) -- curl tool: accept --compressed also if Brotli is enabled and zlib is not. - -Daniel Stenberg (5 Mar 2018) -- THANKS + mailmap: remove duplicates, fixup full names - -- [sergii.kavunenko brought this change] - - WolfSSL: adding TLSv1.3 - - Closes #2349 - -- RELEASE-NOTES/THANKS: synced with cc1d4c505 - -- [Richard Alcock brought this change] - - winbuild: prefer documented zlib library names - - Check for existence of import and static libraries with documented names - and use them if they do. Fallback to previous names. - - According to - https://github.com/madler/zlib/blob/master/win32/README-WIN32.txt on - Windows, the names of the import library is "zdll.lib" and static - library is "zlib.lib". - - closes #2354 - -Marcel Raad (4 Mar 2018) -- krb5: use nondeprecated functions - - gss_seal/gss_unseal have been deprecated in favor of - gss_wrap/gss_unwrap with GSS-API v2 from January 1997 [1]. The first - version of "The Kerberos Version 5 GSS-API Mechanism" [2] from June - 1996 already says "GSS_Wrap() (formerly GSS_Seal())" and - "GSS_Unwrap() (formerly GSS_Unseal())". - - Use the nondeprecated functions to avoid deprecation warnings. - - [1] https://tools.ietf.org/html/rfc2078 - [2] https://tools.ietf.org/html/rfc1964 - - Closes https://github.com/curl/curl/pull/2356 - -Daniel Stenberg (4 Mar 2018) -- curl.1: mention how to add numerical IP addresses in NO_PROXY - -- CURLOPT_NOPROXY.3: mention how to list numerical IPv6 addresses - -- NO_PROXY: fix for IPv6 numericals in the URL - - Added test 1265 that verifies. - - Reported-by: steelman on github - Fixes #2353 - Closes #2355 - -- build: get CFLAGS (including -werror) used for examples and tests - - ... so that the CI and more detects compiler warnings/errors properly! - - Closes #2337 - -Marcel Raad (3 Mar 2018) -- curl_ctype: fix macro redefinition warnings - - On MinGW and Cygwin, GCC and clang have been complaining about macro - redefinitions since 4272a0b0fc49a1ac0ceab5c4a365c9f6ab8bf8e2. Fix this - by undefining the macros before redefining them as suggested in - https://github.com/curl/curl/pull/2269. - - Suggested-by: Daniel Stenberg - -Dan Fandrich (2 Mar 2018) -- unit1307: proper cleanup on OOM to fix torture tests - -Marcel Raad (28 Feb 2018) -- unit1309: fix warning on Windows x64 - - When targeting x64, MinGW-w64 complains about conversions between - 32-bit long and 64-bit pointers. Fix this by reusing the - GNUTLS_POINTER_TO_SOCKET_CAST / GNUTLS_SOCKET_TO_POINTER_CAST logic - from gtls.c, moving it to warnless.h as CURLX_POINTER_TO_INTEGER_CAST / - CURLX_INTEGER_TO_POINTER_CAST. - - Closes https://github.com/curl/curl/pull/2341 - -- travis: update compiler versions - - Update clang to version 3.9 and GCC to version 6. - - Closes https://github.com/curl/curl/pull/2345 - -Daniel Stenberg (26 Feb 2018) -- docs/MANUAL: formfind.pl is not accessible on the site anymore - - Fixes #2342 - -Jay Satiro (24 Feb 2018) -- curl-openssl.m4: Fix version check for OpenSSL 1.1.1 - - - Add OpenSSL 1.1.1 to the header/library version lists. - - - Detect OpenSSL 1.1.1 library using its function ERR_clear_last_mark, - which was added in that version. - - Prior to this change an erroneous header/library mismatch was caused by - lack of OpenSSL 1.1.1 detection. I tested using openssl-1.1.1-pre1. - -Viktor Szakats (23 Feb 2018) -- lib655: silence compiler warning - - Closes https://github.com/curl/curl/pull/2335 - -- spelling fixes - - Detected using the `codespell` tool. - - Also contains one URL protocol upgrade. - - Closes https://github.com/curl/curl/pull/2334 - -Daniel Stenberg (24 Feb 2018) -- projects/README: remove reference to dead IDN link/package - - Reported-by: Stefan Kanthak and Rod Widdowson - - Fixes #2325 - -Jay Satiro (23 Feb 2018) -- [Rod Widdowson brought this change] - - winbuild: Use macros for the names of some build utilities - - - Add macros to the top of the makefile for rc and mt utilities so that - it is easier to change their locations. - - Bug: https://curl.haxx.se/mail/lib-2018-02/0075.html - Reported-by: Stefan Kanthak - - Closes https://github.com/curl/curl/issues/2329 - -Daniel Stenberg (23 Feb 2018) -- TODO: remove "sha-256 digest", added in 2b5b37cb9109e7c2 - -- curl_share_setopt.3: connection cache is shared within multi handles - -Jay Satiro (22 Feb 2018) -- [Rod Widdowson brought this change] - - winbuild: Use CALL to run batch scripts - - Co-authored-by: Stefan Kanthak - - Closes https://github.com/curl/curl/issues/2330 - Closes https://github.com/curl/curl/pull/2331 - -Patrick Monnerat (22 Feb 2018) -- os400: add curl_resolver_start_callback type to ILE/RPG binding - -Daniel Stenberg (22 Feb 2018) -- form.d: rephrased somewhat, added two example command lines - -Jay Satiro (21 Feb 2018) -- [Francisco Sedano brought this change] - - url: Add option CURLOPT_RESOLVER_START_FUNCTION - - - Add new option CURLOPT_RESOLVER_START_FUNCTION to set a callback that - will be called every time before a new resolve request is started - (ie before a host is resolved) with a pointer to backend-specific - resolver data. Currently this is only useful for ares. - - - Add new option CURLOPT_RESOLVER_START_DATA to set a user pointer to - pass to the resolver start callback. - - Closes https://github.com/curl/curl/pull/2311 - -- lib: CURLOPT_HAPPY_EYEBALLS_TIMEOUT => CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS - - - In keeping with the naming of our other connect timeout options rename - CURLOPT_HAPPY_EYEBALLS_TIMEOUT to CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS. - - This change adds the _MS suffix since the option expects milliseconds. - This is more intuitive for our users since other connect timeout options - that expect milliseconds use _MS such as CURLOPT_TIMEOUT_MS, - CURLOPT_CONNECTTIMEOUT_MS, CURLOPT_ACCEPTTIMEOUT_MS. - - The tool option already uses an -ms suffix, --happy-eyeballs-timeout-ms. - - Follow-up to 2427d94 which added the lib and tool option yesterday. - - Ref: https://github.com/curl/curl/pull/2260 - -Patrick Monnerat (21 Feb 2018) -- sasl: prefer PLAIN mechanism over LOGIN - - SASL PLAIN is a standard, LOGIN only a draft. The LOGIN draft says - PLAIN should be used instead if available. - -Daniel Stenberg (21 Feb 2018) -- RELEASE-NOTES: synced with 2427d94c6 - -Jay Satiro (20 Feb 2018) -- [Anders Bakken brought this change] - - url: Add option CURLOPT_HAPPY_EYEBALLS_TIMEOUT - - - Add new option CURLOPT_HAPPY_EYEBALLS_TIMEOUT to set libcurl's happy - eyeball timeout value. - - - Add new optval macro CURL_HET_DEFAULT to represent the default happy - eyeballs timeout value (currently 200 ms). - - - Add new tool option --happy-eyeballs-timeout-ms to expose - CURLOPT_HAPPY_EYEBALLS_TIMEOUT. The -ms suffix is used because the - other -timeout options in the tool expect seconds not milliseconds. - - Closes https://github.com/curl/curl/pull/2260 - -- hostip: fix 'potentially uninitialized variable' warning - - Follow-up to 50d1b33. - - Caught by AppVeyor. - -Daniel Stenberg (20 Feb 2018) -- TODO: warning if curl version is not in sync with libcurl version - -Jay Satiro (20 Feb 2018) -- [Anders Bakken brought this change] - - CURLOPT_RESOLVE: Add support for multiple IP addresses per entry - - This enables users to preresolve but still take advantage of happy - eyeballs and trying multiple addresses if some are not connecting. - - Ref: https://github.com/curl/curl/pull/2260 - -Daniel Stenberg (20 Feb 2018) -- [Sergio Borghese brought this change] - - examples/sftpuploadresume: resume upload via CURLOPT_APPEND - - URL: https://curl.haxx.se/mail/lib-2018-02/0072.html - -- curl --version: show PSL if the run-time lib has it enabled - - ... not of the #define was set at build-time! - -- TODO: "Support in-memory certs/ca certs/keys" - - removed SSLKEYLOGFILE support (fixed) - - removed "consider SSL patches" (outdated) - - Closes #2310 - -- CURLOPT_HEADER.3: clarify problems with different data sizes - -- test1556: verify >16KB headers to the header callback - -- header callback: don't chop headers into smaller pieces - - Reported-by: Guido Berhoerster - Fixes #2314 - Closes #2316 - -- test1154: verify that long HTTP headers get rejected - -- http: fix the max header length detection logic - - Previously, it would only check for max length if the existing alloc - buffer was to small to fit it, which often would make the header still - get used. - - Reported-by: Guido Berhoerster - Bug: https://curl.haxx.se/mail/lib-2018-02/0056.html - - Closes #2315 - -- CURLOPT_HEADERFUNCTION.3: fix typo from d939226813 - - Reported-by: Erik Johansson - Bug: https://github.com/curl/curl/commit/d9392268131c1b8d18dec3fa30e0bded833a5db7#commitcomment-27607495 - -- CURLOPT_HEADERFUNCTION.3: mention folded headers - -- TODO: 1.1 Option to refuse usernames in URLs - - Also expanded the CURL_REFUSE_CLEARTEXT section with more ideas. - -- TODO: 1.7 Support HTTP/2 for HTTP(S) proxies - -- ssh: add two missing state names - - The list of state names (used in debug builds) was out of sync in - relation to the list of states (used in all builds). - - I now added an assert to make sure the sizes of the two lists match, to - aid in detecting this mistake better in the future. - - Regression since c92d2e14cf, shipped in 7.58.0. - - Reported-by: Somnath Kundu - - Fixes #2312 - Closes #2313 - -- Revert "KNOWN_BUGS: 2.5 curl should not offer "ALPN: h2" when using https-proxy" - - This reverts commit de9fac00c40db321d44fa6fbab6eb62ec4c83998. - - Reported-by: Jay Satiro - -Jay Satiro (15 Feb 2018) -- non-ascii: fix implicit declaration warning - - Follow-up to b46cfbc. - - Caught by Travis CI. - -Daniel Stenberg (15 Feb 2018) -- travis: add build with iconv enabled - - ... to verify it builds and works fine. - - Ref: https://curl.haxx.se/mail/lib-2017-09/0031.html - - Closes #1872 - -- TODO: 18.18 retry on network is unreachable - - Closes #1603 - -- KNOWN_BUGS: 2.5 curl should not offer "ALPN: h2" when using https-proxy - - Closes #1254 - -Kamil Dudka (15 Feb 2018) -- nss: use PK11_CreateManagedGenericObject() if available - - ... so that the memory allocated by applications using libcurl does not - grow per each TLS connection. - - Bug: https://bugzilla.redhat.com/1510247 - - Closes #2297 - -Daniel Stenberg (15 Feb 2018) -- [Björn Stenberg brought this change] - - TODO fixed: Detect when called from within callbacks - - Closes #2302 - -- BINDINGS: fix curb link (and remove ruby-curl-multi) - - Reported-by: Klaus Stein - -- curl_gssapi: make sure this file too uses our *printf() - -- libcurl-security.3: separate file:// section - - ... just to make it more apparent. Even if it repeats - some pieces of information. - -- libcurl-security.3: the http://192.168.0.1/my_router_config case - - Mentioned-By: Rich Moore - -- libcurl-security.3: mention the URL standards problems too - -- libcurl-security.3: split out from libcurl-tutorial.3 - - To make more accessible. - - Merged in some new language from "URLs are dangerous things" as discussed on - the mailing list a few days ago: - - Bug: https://curl.haxx.se/mail/lib-2018-02/0013.html - -- RELEASE-NOTES: synced with e551910f8 - -Patrick Monnerat (13 Feb 2018) -- tests: new tests for http raw mode - - Test 319 checks proper raw mode data with non-chunked gzip - transfer-encoded server data. - Test 326 checks raw mode with chunked server data. - - Bug: #2303 - Closes #2308 - -Kamil Dudka (12 Feb 2018) -- tlsauthtype.d: works only if libcurl is built with TLS-SRP support - - Bug: https://bugzilla.redhat.com/1542256 - - Closes #2306 - -Patrick Monnerat (12 Feb 2018) -- smtp: fix processing of initial dot in data - - RFC 5321 4.1.1.4 specifies the CRLF terminating the DATA command - should be taken into account when chasing the <CRLF>.<CRLF> end marker. - Thus a leading dot character in data is also subject to escaping. - - Tests 911 and test server are adapted to this situation. - New tests 951 and 952 check proper handling of initial dot in data. - - Closes #2304 - -Daniel Stenberg (12 Feb 2018) -- sha256: avoid redefine - -- [Douglas Mencken brought this change] - - sha256: build with OpenSSL < 0.9.8 too - - support for SHA-2 was introduced in OpenSSL 0.9.8 - - Closes #2305 - -- [Bruno Grasselli brought this change] - - README: language fix - - s/off/from - - Closes #2300 - -Patrick Monnerat (12 Feb 2018) -- http_chunks: don't write chunks twice with CURLOPT_HTTP_TRANSFER_DECODING on - - Bug: #2303 - Reported-By: Henry Roeland - -Daniel Stenberg (9 Feb 2018) -- get_posix_time: only check for overflows if they can happen! - -Michael Kaufmann (9 Feb 2018) -- schannel: fix "no previous prototype" compiler warning - -Jay Satiro (9 Feb 2018) -- [Mohammad AlSaleh brought this change] - - content_encoding: Add "none" alias to "identity" - - Some servers return a "content-encoding" header with a non-standard - "none" value. - - Add "none" as an alias to "identity" as a work-around, to avoid - unrecognised content encoding type errors. - - Signed-off-by: Mohammad AlSaleh <CE.Mohammad.AlSaleh@gmail.com> - - Closes https://github.com/curl/curl/pull/2298 - -Steve Holme (8 Feb 2018) -- build-openssl.bat: Follow up to 648679ab8e to suppress copy/move output - -- build-openssl.bat: Fixed incorrect move if destination build folder exists - -Michael Kaufmann (8 Feb 2018) -- schannel: fix compiler warnings - - Closes #2296 - -Steve Holme (7 Feb 2018) -- curl_addrinfo.c: Allow Unix Domain Sockets to compile under Windows - - Windows 10.0.17061 SDK introduces support for Unix Domain Sockets. - Added the necessary include file to curl_addrinfo.c. - - Note: The SDK (which is considered beta) has to be installed, VS 2017 - project file has to be re-targeted for Windows 10.0.17061 and #define - enabled in config-win32.h. - -Patrick Monnerat (7 Feb 2018) -- fnmatch: optimize processing of consecutive *s and ?s pattern characters - - Reported-By: Daniel Stenberg - Fixes #2291 - Closes #2293 - -Steve Holme (6 Feb 2018) -- build-openssl.bat/build-wolfssl.bat: Build platform is optional - - Whilst the compiler parameter is mandatory, platform is optional as it - is automatically calculated by the :configure section. - - This partially reverts commit 6d62d2c55d. - -Daniel Stenberg (6 Feb 2018) -- [Patrick Schlangen brought this change] - - openssl: Don't add verify locations when verifypeer==0 - - When peer verification is disabled, calling - SSL_CTX_load_verify_locations is not necessary. Only call it when - verification is enabled to save resources and increase performance. - - Closes #2290 - -Steve Holme (5 Feb 2018) -- build-wolfssl.bat: Extend VC15 support to include Enterprise and Professional - - ...and not just the Community Edition. - -- build-openssl.bat: Extend VC15 support to include Enterprise and Professional - - ...and not just the Community Edition. - -Michael Kaufmann (5 Feb 2018) -- time-cond: fix reading the file modification time on Windows - - On Windows, stat() may adjust the unix file time by a daylight saving time - offset. Avoid this by calling GetFileTime() instead. - - Fixes #2164 - Closes #2204 - -Daniel Stenberg (5 Feb 2018) -- formdata: use the mime-content type function - - Reduce code duplication by making Curl_mime_contenttype available and - used by the formdata function. This also makes the formdata function - recognize a set of more file extensions by default. - - PR #2280 brought this to my attention. - - Closes #2282 - -- getdate: return -1 for out of range - - ...as that's how the function is documented to work. - - Reported-by: Michael Kaufmann - Bug found in an autobuild with 32 bit time_t - - Closes #2278 - -- [Ben Greear brought this change] - - build: fix termios issue on android cross-compile - - Bug: https://curl.haxx.se/mail/lib-2018-01/0122.html - Signed-off-by: Ben Greear <greearb@candelatech.com> - -- time_t-fixes: remove typecasts to 'long' for info.filetime - - They're now wrong. - - Reported-by: Michael Kaufmann - - Closes #2277 - -- curl_setup: move the precautionary define of SIZEOF_TIME_T - - ... up to before it may be used for the TIME_T_MAX/MIN logic. - - Reported-by: Michael Kaufmann - -- parsedate: s/#if/#ifdef - - Reported-by: Michael Kaufmann - Bug: https://github.com/curl/curl/commit/1c39128d974666107fc6d9ea15f294036851f224#commitcomment-27246479 - -Patrick Monnerat (31 Jan 2018) -- fnmatch: pattern syntax can no longer fail - - Whenever an expected pattern syntax rule cannot be matched, the - character starting the rule loses its special meaning and the parsing - is resumed: - - backslash at the end of pattern string matches itself. - - Error in [:keyword:] results in set containing :\[dekorwy. - - Unit test 1307 updated for this new situation. - - Closes #2273 - -- fnmatch: accept an alphanum to be followed by a non-alphanum in char set - - Also be more tolerant about set pattern syntax. - Update unit test 1307 accordingly. - - Bug: https://curl.haxx.se/mail/lib-2018-01/0114.html - -- fnmatch: do not match the empty string with a character set - -Jay Satiro (30 Jan 2018) -- build: fix windows build methods for curl_ctype.c - - - Fix winbuild and the VS project generator to treat curl_ctype.{c,h} as - curlx files since they are required by both src and lib. - - Follow-up to 4272a0b which added curl_ctype. - -Daniel Stenberg (30 Jan 2018) -- progress-bar.d: update to match implementation - - ... since commit 993dd5651a6 - - Reported-by: Martin Dreher - Bug: https://github.com/curl/curl/pull/2242#issuecomment-361059228 - - Closes #2271 - -- http2: set DEBUG_HTTP2 to enable more HTTP/2 logging - - ... instead of doing it unconditionally in debug builds. It cluttered up - the output a little too much. - -- [Max Dymond brought this change] - - file: Check the return code from Curl_range and bail out on error - -- [Max Dymond brought this change] - - Curl_range: add check to ensure "from <= to" - -- [Max Dymond brought this change] - - Curl_range: commonize FTP and FILE range handling - - Closes #2205 - -- RELEASE-NOTES: synced with 811beab9f - -- curlver: next release will be 7.59.0 - -- [Michał Janiszewski brought this change] - - curl/curl.h: fix comment typo for CURLOPT_DNS_LOCAL_IP6 - - Closes #2275 - -- time: support > year 2038 time stamps for system with 32bit long - - ... with the introduction of CURLOPT_TIMEVALUE_LARGE and - CURLINFO_FILETIME_T. - - Fixes #2238 - Closes #2264 - -- curl_easy_reset: clear digest auth state - - Bug: https://curl.haxx.se/mail/lib-2018-01/0074.html - Reported-by: Ruurd Beerstra - Fixes #2255 - Closes #2272 - -- [Adam Marcionek brought this change] - - winbuild: make linker generate proper PDB - - Link.exe requires /DEBUG to properly generate a full pdb file on release - builds. - - Closes #2274 - -- curl: add --proxy-pinnedpubkey - - To verify a proxy's public key. For when using HTTPS proxies. - - Fixes #2192 - Closes #2268 - -- configure: set PATH_SEPARATOR to colon for PATH w/o separator - - The logic tries to figure out what the path separator in the $PATH - variable is, but if there's only one directory in the $PATH it - fails. This change make configure *guess* on colon instead of erroring - out, simply because that is probably the more common character. - - PATH_SEPARATOR can always be set by the user to override the guessing. - - (tricky bug to reproduce, as in my case for example the configure script - requires binaries in more than one directory so passing in a PATH with a - single dir fails.) - - Reported-by: Earnestly on github - Fixes #2202 - Closes #2265 - -- curl_ctype: private is*() type macros and functions - - ... since the libc provided one are locale dependent in a way we don't - want. Also, the "native" isalnum() (for example) works differently on - different platforms which caused test 1307 failures on macos only. - - Closes #2269 - -Marcel Raad (29 Jan 2018) -- build: open VC15 projects with VS 2017 - - Previously, they were opened with Visual Studio 2015 by default, which - cannot build them. - -Daniel Stenberg (29 Jan 2018) -- RELEASE-NOTES: synced with 094647fca - -- TODO: UTF-8 filenames in Content-Disposition - - Closes #1888 - -- KNOWN_BUGS: DICT responses show the underlying protocol - - Closes #1809 - -Jay Satiro (27 Jan 2018) -- [Alessandro Ghedini brought this change] - - docs: fix typos in man pages - - Closes https://github.com/curl/curl/pull/2266 - -Patrick Monnerat (26 Jan 2018) -- lib555: drop text conversion and encode data as ascii codes - - If CURL_DOES_CONVERSION is enabled, uploaded LFs are mapped to CRLFs, - giving a result that is different from what is expected. - This commit avoids using CURLOPT_TRANSFERTEXT and directly encodes data - to upload in ascii. - - Bug: https://github.com/curl/curl/pull/1872 - -Daniel Stenberg (26 Jan 2018) -- lib517: make variable static to avoid compiler warning - - ... with clang on macos - -Patrick Monnerat (26 Jan 2018) -- lib544: sync ascii code data with textual data - - Data mismatch caused test 545 to fail when character encoding - conversion is enabled. - - Bug: https://github.com/curl/curl/pull/1872 - -Daniel Stenberg (25 Jan 2018) -- [Travis Burtrum brought this change] - - GSKit: restore pinnedpubkey functionality - - inadvertently removed in 283babfaf8d8f3bab9d3c63cea94eb0b84e79c37 - - Closes #2263 - -- [Dair Grant brought this change] - - darwinssl: Don't import client certificates into Keychain on macOS - - Closes #2085 - -- configure: fix the check for unsigned time_t - - Assign the time_t variable negative value and then check if it is - greater than zero, which will evaluate true for unsigned time_t but - false for signed time_t. - -- parsedate: fix date parsing for systems with 32 bit long - - Make curl_getdate() handle dates before 1970 as well (returning negative - values). - - Make test 517 test dates for 64 bit time_t. - - This fixes bug (3) mentioned in #2238 - - Closes #2250 - -- [McDonough, Tim brought this change] - - openssl: fix pinned public key build error in FIPS mode - - Here is a version that should work with all versions of openssl 0.9.7 - through 1.1.0. - - Links to the docs: - https://www.openssl.org/docs/man1.0.2/crypto/EVP_DigestInit.html - https://www.openssl.org/docs/man1.1.0/crypto/EVP_DigestInit.html - - At the very bottom of the 1.1.0 documentation there is a history section - that states, " stack allocated EVP_MD_CTXs are no longer supported." - - If EVP_MD_CTX_create and EVP_MD_CTX_destroy are not defined, then a - simple mapping can be used as described here: - https://wiki.openssl.org/index.php/Talk:OpenSSL_1.1.0_Changes - - Closes #2258 - -- [Travis Burtrum brought this change] - - SChannel/WinSSL: Replace Curl_none_md5sum with Curl_schannel_md5sum - -- [Travis Burtrum brought this change] - - SChannel/WinSSL: Implement public key pinning - - Closes #1429 - -- bump: towards 7.58.1 - -- cookies: remove verbose "cookie size:" output - - It was once used for some debugging/verifying logic but should never have - ended up in git! - -- TODO: hardcode the "localhost" addresses - -- TODO: CURL_REFUSE_CLEARTEXT - - An idea that popped up in discussions on twitter. - -- progress-bar: don't use stderr explicitly, use bar->out - - Reported-By: Gisle Vanem - Bug: https://github.com/curl/curl/commit/993dd5651a6c853bfe3870f6a69c7b329fa4e8ce#commitcomment-27070080 - -GitHub (24 Jan 2018) -- [Gisle Vanem brought this change] - - Fixes for MSDOS etc. - - djgpp do have 'mkdir(dir, mode)'. Other DOS-compilers does not - But djgpp seems the only choice for MSDOS anyway. - - PellesC do have a 'F_OK' defined in it's <unistd.h>. - - Update year in Copyright. - -- [Gisle Vanem brought this change] - - Fix small typo. - -Version 7.58.0 (23 Jan 2018) - -Daniel Stenberg (23 Jan 2018) -- RELEASE: 7.58.0 - -- [Gisle Vanem brought this change] - - progress-bar: get screen width on windows - -- test1454: --connect-to with IPv6 address w/o IPv6 support! - -- CONNECT_TO: fail attempt to set an IPv6 numerical without IPv6 support - - Bug: https://curl.haxx.se/mail/lib-2018-01/0087.html - Reported-by: John Hascall - - Closes #2257 - -- docs: fix man page syntax to make test 1140 OK again - -- http: prevent custom Authorization headers in redirects - - ... unless CURLOPT_UNRESTRICTED_AUTH is set to allow them. This matches how - curl already handles Authorization headers created internally. - - Note: this changes behavior slightly, for the sake of reducing mistakes. - - Added test 317 and 318 to verify. - - Reported-by: Craig de Stigter - Bug: https://curl.haxx.se/docs/adv_2018-b3bf.html - -- curl: progress bar refresh, get width using ioctl() - - Get screen width from the environment variable COLUMNS first, if set. If - not, use ioctl(). If nether works, assume 79. - - Closes #2242 - - The "refresh" is for the -# output when no total transfer size is - known. It will now only use a single updated line even for this case: - - The "-=O=-" ship moves when data is transferred. The four flying - "hashes" move (on a sine wave) on each refresh, independent of data. - -- RELEASE-NOTES: synced with bb0ffcc36 - -- libcurl-env.3: first take - -- TODO: two possible name resolver improvements - -- [Kartik Mahajan brought this change] - - http2: don't close connection when single transfer is stopped - - Fixes #2237 - Closes #2249 - -- test558: fix for multissl builds - - vtls.c:multissl_init() might do a curl_free() call so strip that out to - make this work with more builds. We just want to verify that - memorytracking works so skipping one line is no harm. - -- examples/url2file.c: add missing curl_global_cleanup() call - - Reported-by: XhstormR on github - Fixes #2245 - -- [Michael Gmelin brought this change] - - SSH: Fix state machine for ssh-agent authentication - - In case an identity didn't match[0], the state machine would fail in - state SSH_AUTH_AGENT instead of progressing to the next identity in - ssh-agent. As a result, ssh-agent authentication only worked if the - identity required happened to be the first added to ssh-agent. - - This was introduced as part of commit c4eb10e2f06fbd6cc904f1d78e4, which - stated that the "else" statement was required to prevent getting stuck - in state SSH_AUTH_AGENT. Given the state machine's logic and libssh2's - interface I couldn't see how this could happen or reproduce it and I - also couldn't find a more detailed description of the problem which - would explain a test case to reproduce the problem this was supposed to - fix. - - [0] libssh2_agent_userauth returning LIBSSH2_ERROR_AUTHENTICATION_FAILED - - Closes #2248 - -- openssl: fix potential memory leak in SSLKEYLOGFILE logic - - Coverity CID 1427646. - -- openssl: fix the libressl build again - - Follow-up to 84fcaa2e7. libressl does not have the API even if it says it is - late OpenSSL version... - - Fixes #2246 - Closes #2247 - - Reported-by: jungle-boogie on github - -- unit1307: test many wildcards too - -- curl_fnmatch: only allow 5 '*' sections in a single pattern - - ... to avoid excessive recursive calls. The number 5 is totally - arbitrary and could be modified if someone has a good motivation. - -- ftp-wildcard: fix matching an empty string with "*[^a]" - - .... and avoid advancing the pointer to trigger an out of buffer read. - - Detected by OSS-fuzz - Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5251 - Assisted-by: Max Dymond - -- SMB: fix numeric constant suffix and variable types - - 1. don't use "ULL" suffix since unsupported in older MSVC - 2. use curl_off_t instead of custom long long ifdefs - 3. make get_posix_time() not do unaligned data access - - Fixes #2211 - Closes #2240 - Reported-by: Chester Liu - -- [rouzier brought this change] - - CURLOPT_TCP_NODELAY.3: fix typo - - Closes #2239 - -- smtp/pop3/imap_get_message: decrease the data length too... - - Follow-up commit to 615edc1f73 which was incomplete. - - Assisted-by: Max Dymond - Detected by OSS-fuzz - Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5206 - -- openssl: enable SSLKEYLOGFILE support by default - - Fixes #2210 - Closes #2236 - -Patrick Monnerat (14 Jan 2018) -- mime: clone mime tree upon easy handle duplication. - - A mime tree attached to an easy handle using CURLOPT_MIMEPOST is - strongly bound to the handle: there is a pointer to the easy handle in - each item of the mime tree and following the parent pointer list - of mime items ends in a dummy part stored within the handle. - - Because of this binding, a mime tree cannot be shared between different - easy handles, thus it needs to be cloned upon easy handle duplication. - - There is no way for the caller to get the duplicated mime tree - handle: it is then set to be automatically destroyed upon freeing the - new easy handle. - - New test 654 checks proper mime structure duplication/release. - - Add a warning note in curl_mime_data_cb() documentation about sharing - user data between duplicated handles. - - Closes #2235 - -- docs: comment about CURLE_READ_ERROR returned by curl_mime_filedata - -Daniel Stenberg (13 Jan 2018) -- test395: HTTP with overflow Content-Length value - -- test394: verify abort of rubbish in Content-Length: value - -- test393: verify --max-filesize with excessive Content-Length - -- HTTP: bail out on negative Content-Length: values - - ... and make the max filesize check trigger if the value is too big. - - Updates test 178. - - Reported-by: Brad Spencer - Fixes #2212 - Closes #2223 - -Marcel Raad (13 Jan 2018) -- [Dan Johnson brought this change] - - configure.ac: append extra linker flags instead of prepending them. - - Link order should list libraries after the libraries that use them, - so when we're guessing that we might also need to add -ldl in order - to use -lssl, we should add -ldl after -lssl. - - Closes https://github.com/curl/curl/pull/2234 - -Daniel Stenberg (13 Jan 2018) -- RELEASE-NOTES: synced with 6fa10c8fa - -Jay Satiro (13 Jan 2018) -- setopt: fix SSLVERSION to allow CURL_SSLVERSION_MAX_ values - - Broken since f121575 (precedes 7.56.1). - - Bug: https://github.com/curl/curl/issues/2225 - Reported-by: cmfrolick@users.noreply.github.com - - Closes https://github.com/curl/curl/pull/2227 - -Patrick Monnerat (13 Jan 2018) -- setopt: reintroduce non-static Curl_vsetopt() for OS400 support - - This also upgrades ILE/RPG bindings with latest setopt options. - - Reported-By: jonrumsey on github - Fixes #2230 - Closes #2233 - -Jay Satiro (11 Jan 2018) -- [Zhouyihai Ding brought this change] - - http2: fix incorrect trailer buffer size - - Prior to this change the stored byte count of each trailer was - miscalculated and 1 less than required. It appears any trailer - after the first that was passed to Curl_client_write would be truncated - or corrupted as well as the size. Potentially the size of some - subsequent trailer could be erroneously extracted from the contents of - that trailer, and since that size is used by client write an - out-of-bounds read could occur and cause a crash or be otherwise - processed by client write. - - The bug appears to have been born in 0761a51 (precedes 7.49.0). - - Closes https://github.com/curl/curl/pull/2231 - -- [Basuke Suzuki brought this change] - - easy: fix connection ownership in curl_easy_pause - - Before calling Curl_client_chop_write(), change the owner of connection - to the current Curl_easy handle. This will fix the issue #2217. - - Fixes https://github.com/curl/curl/issues/2217 - Closes https://github.com/curl/curl/pull/2221 - -Daniel Stenberg (9 Jan 2018) -- [Dimitrios Apostolou brought this change] - - system.h: Additionally check __LONG_MAX__ for defining curl_off_t - - __SIZEOF_LONG__ was introduced in GCC 4.4, __LONG_MAX__ was introduced - in GCC 3.3. - - Closes #2216 - -- COPYING: it's 2018! - -- progress: calculate transfer speed on milliseconds if possible - - to increase accuracy for quick transfers - - Fixes #2200 - Closes #2206 - -Jay Satiro (7 Jan 2018) -- scripts: allow all perl scripts to be run directly - - - Enable execute permission (chmod +x) - - - Change interpreter to /usr/bin/env perl - - Closes https://github.com/curl/curl/pull/2222 - -- mail-rcpt.d: fix short-text description - -- build: remove HAVE_LIMITS_H check - - .. because limits.h presence isn't optional, it's required by C89. - - Ref: http://port70.net/~nsz/c/c89/c89-draft.html#2.2.4.2 - - Closes https://github.com/curl/curl/pull/2215 - -- openssl: fix memory leak of SSLKEYLOGFILE filename - - - Free the copy of SSLKEYLOGFILE env returned by curl_getenv during ossl - initialization. - - Caught by ASAN. - -- Revert "curl/system.h: fix compilation with gcc on AIX PPC and IA64 HP-UX" - - This reverts commit c97648b55080343bb371522bf4233e94a2a13a99. - - SIZEOF_LONG should not be checked in system.h since that macro is only - defined when building libcurl. - - Ref: https://github.com/curl/curl/pull/2186#issuecomment-354767080 - Ref: https://gcc.gnu.org/onlinedocs/cpp/Common-Predefined-Macros.html - -Michael Kaufmann (30 Dec 2017) -- test1554: improve the error handling - -- test1554: add global initialization and cleanup - -Daniel Stenberg (29 Dec 2017) -- curl_version_info.3: call the argument 'age' - - Reported-by: Pete Lomax - Bug: https://curl.haxx.se/mail/lib-2017-12/0074.html - -Patrick Monnerat (27 Dec 2017) -- [Mikalai Ananenka brought this change] - - brotli: data at the end of content can be lost - - Decoding loop implementation did not concern the case when all - received data is consumed by Brotli decoder and the size of decoded - data internally hold by Brotli decoder is greater than CURL_MAX_WRITE_SIZE. - For content with unencoded length greater than CURL_MAX_WRITE_SIZE this - can result in the loss of data at the end of content. - - Closes #2194 - -Jay Satiro (26 Dec 2017) -- examples/cacertinmem: ignore cert-already-exists error - - - Ignore X509_R_CERT_ALREADY_IN_HASH_TABLE errors in the CTX callback - since it's possible the cert may have already been loaded by libcurl. - - - Remove the EXAMPLE code in the CURLOPT_SSL_CTX_FUNCTION.3 doc. - Instead have it direct the reader to this cacertinmem.c example. - - - Fix the CA certificate to use the right CA for example.com, Digicert. - - Bug: https://curl.haxx.se/mail/lib-2017-12/0057.html - Reported-by: Thomas van Hesteren - - Closes https://github.com/curl/curl/pull/2182 - -- [Gisle Vanem brought this change] - - tool_getparam: Support size modifiers for --max-filesize - - - Move the size modifier detection code from limit-rate to its own - function so that it can also be used with max-filesize. - - Size modifiers are the suffixes such as G (gigabyte), M (megabyte) etc. - - For example --max-filesize 1G - - Ref: https://curl.haxx.se/mail/archive-2017-12/0000.html - - Closes https://github.com/curl/curl/pull/2179 - -Steve Holme (22 Dec 2017) -- build: Fixed incorrect script termination from commit ad1dc10e61 - -- Makefile.vc: Added our standard copyright header - -- winbuild: Added support for VC15 - -- build: Added Visual Studio 2017 project files - -- build-wolfssl.bat: Added support for VC15 - -- build-openssl.bat: Added support for VC15 - -Jay Satiro (22 Dec 2017) -- [Dimitrios Apostolou brought this change] - - curl/system.h: fix compilation with gcc on AIX PPC and IA64 HP-UX - - Closes https://github.com/curl/curl/pull/2186 - -- [Mattias Fornander brought this change] - - examples/rtsp: fix error handling macros - - Closes https://github.com/curl/curl/pull/2185 - -Patrick Monnerat (20 Dec 2017) -- curl_easy_reset: release mime-related data. - - Move curl_mime_initpart() and curl_mime_cleanpart() calls to lower-level - functions dealing with UserDefined structure contents. - This avoids memory leakages on curl-generated part mime headers. - New test 2073 checks this using the cli tool --next option: it - triggers a valgrind error if bug is present. - - Bug: https://curl.haxx.se/mail/lib-2017-12/0060.html - Reported-by: Martin Galvan - -- content_encoding: rework zlib_inflate - - - When zlib version is < 1.2.0.4, process gzip trailer before considering - extra data as an error. - - Inflate with Z_BLOCK instead of Z_SYNC_FLUSH to maximize correct data - and minimize corrupt data output. - - Do not try to restart deflate decompression in raw mode if output has - started or if the leading data is not available anymore. - - New test 232 checks inflating raw-deflated content. - - Closes #2068 - -- brotli: allow compiling with version 0.6.0. - - Some error codes were not yet defined in brotli 0.6.0: do not issue code - for them in this case. - -Daniel Stenberg (13 Dec 2017) -- CURLOPT_READFUNCTION.3: refer to argument with correct name - - Bug: #2175 - - [ci skip] - -- rand: add a clang-analyzer work-around - - scan-build would warn on a potential access of an uninitialized - buffer. I deem it a false positive and had to add this somewhat ugly - work-around to silence it. - -- krb5: fix a potential access of uninitialized memory - - A scan-build warning. - -- conncache: fix a return code [regression] - - This broke in 07cb27c98e. Make sure to return 'result' properly. Pointed - out by scan-build! - -- curl: support >256 bytes warning messsages - - Bug: #2174 - -Michael Kaufmann (12 Dec 2017) -- libssh: fix a syntax error in configure.ac - - Follow-up to c92d2e1 - - Closes #2172 - -Daniel Stenberg (12 Dec 2017) -- examples/smtp-mail.c: use separate defines for options and mail - - ... to make it clearer that the options want address-only, while the - headers in an email can also have the real name. - - Assisted-by: Sean MacLennan - -- THANKS: added missing names - - ... as I reran the contrithanks script after the mailmap name fixups. - -- mailmap: added/clarified several names - -- setopt: less *or equal* than INT_MAX/1000 should be fine - - ... for the CURLOPT_TIMEOUT, CURLOPT_CONNECTTIMEOUT and - CURLOPT_SERVER_RESPONSE_TIMEOUT range checks. - - Reported-by: Dominik Hölzl - Bug: https://curl.haxx.se/mail/lib-2017-12/0037.html - - Closes #2173 - -- [Dmitry Kostjuchenko brought this change] - - vtls: replaced getenv() with curl_getenv() - - Fixed undefined symbol of getenv() which does not exist when compiling - for Windows 10 App (CURL_WINDOWS_APP). Replaced getenv() with - curl_getenv() which is aware of getenv() absence when CURL_WINDOWS_APP - is defined. - - Closes #2171 - -- RELEASE-NOTES: synced with 3b9ea70ee - -- TODO: Expose tried IP addresses that failed - - Suggested-by: Rainer Canavan - - Closes #2126 - -- curl.1: mention http:// and https:// as valid proxy prefixes - -- curl.1: documented two missing valid exit codes - -- CURLOPT_DNS_LOCAL_IP4.3: fixed the seel also to not self-reference - -- Revert "curl: don't set CURLOPT_INTERLEAVEDATA" - - This reverts commit 9ffad8eb1329bb35c8988115ac7ed85cf91ef955. - - It was actually added rather recently in 8e8afa82cbb629 due to a crash - that would otherwise happen in the RTSP code. As I don't think we've - fixed that behavior yet, we better keep this work-around until we have - fixed it better. - -Michael Kaufmann (10 Dec 2017) -- tests: mark data files as non-executable in git - -- tests: update .gitignore for libtests - -Daniel Stenberg (10 Dec 2017) -- multi_done: prune DNS cache - - Prune the DNS cache immediately after the dns entry is unlocked in - multi_done. Timed out entries will then get discarded in a more orderly - fashion. - - Test506 is updated - - Reported-by: Oleg Pudeyev - - Fixes #2169 - Closes #2170 - -- mailmap: fixup two old git Author "aliases" - -Jay Satiro (10 Dec 2017) -- openssl: Disable file buffering for Win32 SSLKEYLOGFILE - - Prior to this change SSLKEYLOGFILE used line buffering on WIN32 just - like it does for other platforms. However, the Windows CRT does not - actually support line buffering (_IOLBF) and will use full buffering - (_IOFBF) instead. We can't use full buffering because multiple processes - may be writing to the file and that could lead to corruption, and since - full buffering is the only buffering available this commit disables - buffering for Windows SSLKEYLOGFILE entirely (_IONBF). - - Ref: https://github.com/curl/curl/pull/1346#issuecomment-350530901 - -Daniel Stenberg (10 Dec 2017) -- RESOLVE: output verbose text when trying to set a duplicate name - - ... to help users understand what is or isn't done! - -- CURLOPT_DNS_CACHE_TIMEOUT.3: see also CURLOPT_RESOLVE - -- [John DeHelian brought this change] - - sftp: allow quoted commands to use relative paths - - Closes #1900 - -Jay Satiro (8 Dec 2017) -- [Richard Alcock brought this change] - - CURLOPT_PRIVATE.3: fix grammar - - - Change "never does nothing" double-negative to "never does anything". - - Closes https://github.com/curl/curl/pull/2168 - -Daniel Stenberg (8 Dec 2017) -- curl: remove __EMX__ #ifdefs - - These are OS/2-specific things added to the code in the year 2000. They - were always ugly. If there's any user left, they still don't need it - done this way. - - Closes #2166 - -Jay Satiro (8 Dec 2017) -- openssl: improve data-pending check for https proxy - - - Allow proxy_ssl to be checked for pending data even when connssl does - not yet have an SSL handle. - - This change is for posterity. Currently there doesn't seem to be a code - path that will cause a pending data check when proxyssl could have - pending data and the connssl handle doesn't yet exist [1]. - - [1]: Recall that an https proxy connection starts out in connssl but if - the destination is also https then the proxy SSL backend data is moved - from connssl to proxyssl, which means connssl handle is temporarily - empty until an SSL handle for the destination can be created. - - Ref: https://github.com/curl/curl/commit/f4a6238#commitcomment-24396542 - - Closes https://github.com/curl/curl/pull/1916 - -Daniel Stenberg (8 Dec 2017) -- curl: don't set CURLOPT_INTERLEAVEDATA - - That data is only ever used by the CURLOPT_INTERLEAVEFUNCTION callback - and that option isn't set or used by the curl tool! - - Updates the 9 tests that verify --libcurl - - Closes #2167 - -- curl.h: remove incorrect comment about ERRORBUFFER - - ... error messages are _not_ sent to stderr if this is not set. - -- [Michael Felt brought this change] - - configure: add AX_CODE_COVERAGE only if using gcc - - Fixes #2076 - Closes #2125 - -- curl: limit -# update frequency for unknown total size - - Make it use a max 10Hz update frequency for this case as well. Return - early if the "point" hasn't moved since last invoke. - - Reported-by: Elliot Saba - - Fixes #2158 - Closes #2163 - -- BINDINGS: another PostgreSQL client - - ...the former link is dead. - - Reported-by: Frank Gevaerts - -- [Zachary Seguin brought this change] - - CONNECT: keep close connection flag in http_connect_state struct - - Fixes #2088 - Closes #2157 - -- [Per Malmberg brought this change] - - include: get netinet/in.h before linux/tcp.h - - ... to allow build on older Linux dists (specifically CentOS 4.8 on gcc - 4.8.5) - - Closes #2160 - -- openldap: fix checksrc nits - -- [Stepan Broz brought this change] - - openldap: add commented out debug possibilities - - ... to aid debugging openldap library using its built-in debug messages. - - Closes #2159 - -- examples: move threaded-shared-conn.c to the "complicated" ones - - ... due it relying on pthreads to link. - -- RELEASE-NOTES: synced with b261c44e8 - - ... and bump next release version to 7.58.0 - -- [Jan Ehrhardt brought this change] - - URL: tolerate backslash after drive letter for FILE: - - ... as in "file://c:\some\path\curl.out" - - Reviewed-by: Matthew Kerwin - Closes #2154 - -- [Randall S. Becker brought this change] - - tests: added netinet/in6.h includes in test servers - -- [Randall S. Becker brought this change] - - configure: check for netinet/in6.h - - Needed by HPE NonStop NSE and NSX systems - - Fixes #2146 - Closes #2155 - -- curl-config: add --ssl-backends - - Lists all SSL backends that were enabled at build-time. - - Suggested-by: Oleg Pudeyev - Fixes #2128 - -- conncache: only allow multiplexing within same multi handle - - Connections that are used for HTTP/1.1 Pipelining or HTTP/2 multiplexing - only get additional transfers added to them if the existing connection - is held by the same multi or easy handle. libcurl does not support doing - HTTP/2 streams in different threads using a shared connection. - - Closes #2152 - -- threaded-shared-conn.c: fixed typo in commenta - -- threaded-shared-conn.c: new example - -- conncache: fix several lock issues - - If the lock is released before the dealings with the bundle is over, it may - have changed by another thread in the mean time. - - Fixes #2132 - Fixes #2151 - Closes #2139 - -- libssh: remove dead code in sftp_qoute - - ... by removing a superfluous NULL pointer check that also confuses - Coverity. - - Fixes #2143 - Closes #2153 - -- sasl_getmesssage: make sure we have a long enough string to pass - - For pop3/imap/smtp, added test 891 to somewhat verify the pop3 - case. - - For this, I enhanced the pingpong test server to be able to send back - responses with LF-only instead of always using CRLF. - - Closes #2150 - -- libssh2: remove dead code from SSH_SFTP_QUOTE - - Figured out while reviewing code in the libssh backend. The pointer was - checked for NULL after having been dereferenced, so we know it would - always equal true or it would've crashed. - - Pointed-out-by: Nikos Mavrogiannopoulos - - Bug #2143 - Closes #2148 - -- ssh-libssh.c: please checksrc - -Nikos Mavrogiannopoulos (4 Dec 2017) -- libssh: fixed dereference in statvfs access - - The behavior is now equivalent to ssh.c when SSH_SFTP_QUOTE_STATVFS - handling fails. - - Fixes #2142 - -Daniel Stenberg (4 Dec 2017) -- [Guitared brought this change] - - RESOURCES: update spec names - - Closes #2145 - -Nikos Mavrogiannopoulos (3 Dec 2017) -- libssh: corrected use of sftp_statvfs() in SSH_SFTP_QUOTE_STATVFS - - The previous code was incorrectly following the libssh2 error detection - for libssh2_sftp_statvfs, which is not correct for libssh's sftp_statvfs. - - Fixes #2142 - - Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> - -- libssh: no need to call sftp_get_error as ssh_get_error is sufficient - - Fixes #2141 - - Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> - -Daniel Stenberg (2 Dec 2017) -- libssh: fix minor static code analyzer nits - - - remove superfluous NULL check which otherwise tricks the static code - analyzers to assume NULL pointer dereferences. - - - fix fallthrough in switch() - - - indent mistake - -- openssl: pkcs12 is supported by boringssl - - Removes another #ifdef for BoringSSL - - Pointed-out-by: David Benjamin - - Closes #2134 - -- [Jay Satiro brought this change] - - travis: use pip2 instead of pip - - .. since now mac osx image expects pip2 or pip3, and doesn't know pip: - - 0.01s$ pip install --user cpp-coveralls - /Users/travis/.travis/job_stages: line 57: pip: command not found - - Ref: https://github.com/travis-ci/travis-ci/issues/8829 - - Closes https://github.com/curl/curl/pull/2133 - -- [Nikos Mavrogiannopoulos brought this change] - - lib582: do not verify host for SFTP - - This SFTP test fails with libssh back-end due to failure to verify - the peer. Disable peer verification in the test as there seems to - be the intention of the test. - - Note that the libssh back-end automatically verifies the peer's - host using the default known_hosts file. - - Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> - -- [Nikos Mavrogiannopoulos brought this change] - - libssh: added SFTP support - - The SFTP back-end supports asynchronous reading only, limited - to 32-bit file length. Writing is synchronous with no other - limitations. - - This also brings keyboard-interactive authentication. - - Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> - -- [Nikos Mavrogiannopoulos brought this change] - - symbols-in-versions: added new symbols with 7.56.3 version - - Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> - -- [Nikos Mavrogiannopoulos brought this change] - - .travis.yml: added build --with-libssh - - Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> - -- [Nikos Mavrogiannopoulos brought this change] - - libssh2: return CURLE_UPLOAD_FAILED on failure to upload - - This brings its in sync with the error code returned by the - libssh backend. - - Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> - -- [Nikos Mavrogiannopoulos brought this change] - - libssh2: send the correct CURLE error code on scp file not found - - That also updates tests to expect the right error code - - libssh2 back-end returns CURLE_SSH error if the remote file - is not found. Expect instead CURLE_REMOTE_FILE_NOT_FOUND - which is sent by the libssh backend. - - Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> - -- [Nikos Mavrogiannopoulos brought this change] - - Added support for libssh SSH SCP back-end - - libssh is an alternative library to libssh2. - https://www.libssh.org/ - - That patch set also introduces support for ECDSA - ed25519 keys, as well as gssapi authentication. - - Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> - -- RELEASE-NOTES: synced with af8cc7a69 - -- curlver: towards 7.57.1 - -- [W. Mark Kubacki brought this change] - - lib: don't export all symbols, just everything curl_* - - Absent any 'symbol map' or script to limit what gets exported, static - linking of libraries previously resulted in a libcurl with curl's and - those other symbols being (re-)exported. - - This did not happen if 'versioned symbols' were enabled (which is not - the default) because then a version script is employed. - - This limits exports to everything starting in 'curl_*'., which is - what "libcurl.vers" exports. - - This avoids strange side-effects such as with mixing methods - from system libraries and those erroneously offered by libcurl. - - Closes #2127 - -- [Johannes Schindelin brought this change] - - SSL: Avoid magic allocation of SSL backend specific data - - Originally, my idea was to allocate the two structures (or more - precisely, the connectdata structure and the four SSL backend-specific - strucutres required for ssl[0..1] and proxy_ssl[0..1]) in one go, so - that they all could be free()d together. - - However, getting the alignment right is tricky. Too tricky. - - So let's just bite the bullet and allocate the SSL backend-specific - data separately. - - As a consequence, we now have to be very careful to release the memory - allocated for the SSL backend-specific data whenever we release any - connectdata. - - Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> - - Closes #2119 - -- examples/xmlstream.c: don't switch off CURL_GLOBAL_SSL - - Reported-by: Dima Tisnek - -- travis: add boringssl build - - Uses a separate build without --enable-debug and no valgrind. - - The debug option causes far too many warnings in boringssl's headers - (C++ comments, trailing commas etc). Valgrind triggers some false - positive errors in thread-local data used by boringssl. - - Closes #2118 - -Version 7.57.0 (29 Nov 2017) - -Daniel Stenberg (29 Nov 2017) -- RELEASE-NOTES: curl 7.57.0 - -- THANKS: added contributors from 7.57.0 release - -- openssl: fix boringssl build again - - commit d3ab7c5a21e broke the boringssl build since it doesn't have - RSA_flags(), so we disable that code block for boringssl builds. - - Reported-by: W. Mark Kubacki - Fixes #2117 - -- curl_ntlm_core.c: use the limits.h's SIZE_T_MAX if provided - -- libcurl-share.3: the connection cache is shareable now - -- global_init: ignore CURL_GLOBAL_SSL's absense - - This bit is no longer used. It is not clear what it meant for users to - "init the TLS" in a world with different TLS backends and since the - introduction of multissl, libcurl didn't properly work if inited without - this bit set. - - Not a single user responded to the call for users of it: - https://curl.haxx.se/mail/lib-2017-11/0072.html - - Reported-by: Evgeny Grin - Assisted-by: Jay Satiro - - Fixes #2089 - Fixes #2083 - Closes #2107 - -- ntlm: avoid integer overflow for malloc size - - Reported-by: Alex Nichols - Assisted-by: Kamil Dudka and Max Dymond - - CVE-2017-8816 - - Bug: https://curl.haxx.se/docs/adv_2017-11e7.html - -- wildcardmatch: fix heap buffer overflow in setcharset - - The code would previous read beyond the end of the pattern string if the - match pattern ends with an open bracket when the default pattern - matching function is used. - - Detected by OSS-Fuzz: - https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4161 - - CVE-2017-8817 - - Bug: https://curl.haxx.se/docs/adv_2017-ae72.html - -- [Jay Satiro brought this change] - - url: fix alignment of ssl_backend_data struct - - - Align the array of ssl_backend_data on a max 32 byte boundary. - - 8 is likely to be ok but I went with 32 for posterity should one of - the ssl_backend_data structs change to contain a larger sized variable - in the future. - - Prior to this change (since dev 70f1db3, release 7.56) the connectdata - structure was undersized by 4 bytes in 32-bit builds with ssl enabled - because long long * was mistakenly used for alignment instead of - long long, with the intention being an 8 byte boundary. Also long long - may not be an available type. - - The undersized connectdata could lead to oob read/write past the end in - what was expected to be the last 4 bytes of the connection's secondary - socket https proxy ssl_backend_data struct (the secondary socket in a - connection is used by ftp, others?). - - Closes https://github.com/curl/curl/issues/2093 - - CVE-2017-8818 - - Bug: https://curl.haxx.se/docs/adv_2017-af0a.html - -- ssh: remove check for a NULL pointer (!) - - With this check present, scan-build warns that we might dereference this - point in other places where it isn't first checked for NULL. Thus, if it - *can* be NULL we have a problem on a few places. However, this pointer - should not be possible to be NULL here so I remove the check and thus - also three different scan-build warnings. - - Closes #2111 - -- [Matthew Kerwin brought this change] - - test: add test for bad UNC/SMB path in file: URL - -- [Matthew Kerwin brought this change] - - test: add tests to ensure basic file: URLs - -- [Matthew Kerwin brought this change] - - URL: update "file:" URL handling - - * LOTS of comment updates - * explicit error for SMB shares (e.g. "file:////share/path/file") - * more strict handling of authority (i.e. "//localhost/") - * now accepts dodgy old "C:|" drive letters - * more precise handling of drive letters in and out of Windows - (especially recognising both "file:c:/" and "file:/c:/") - - Closes #2110 - -- metalink: fix memory-leak and NULL pointer dereference - - Reported by scan-build - - Closes #2109 - -- [Alessandro Ghedini brought this change] - - connect: add support for new TCP Fast Open API on Linux - - The new API added in Linux 4.11 only requires setting a socket option - before connecting, without the whole sento() machinery. - - Notably, this makes it possible to use TFO with SSL connections on Linux - as well, without the need to mess around with OpenSSL (or whatever other - SSL library) internals. - - Closes #2056 - -- make: fix "make distclean" - - Fixes #2097 - Closes #2108 - -- RELEASE-NOTES: synced with 31f18d272 - -Jay Satiro (23 Nov 2017) -- connect: improve the bind error message - - eg consider a non-existent interface eth8, curl --interface eth8 - - Before: curl: (45) Could not resolve host: eth8 - After: curl: (45) Couldn't bind to 'eth8' - - Bug: https://github.com/curl/curl/issues/2104 - Reported-by: Alfonso Martone - -Daniel Stenberg (23 Nov 2017) -- examples/rtsp: clear RANGE again after use - - Fixes #2106 - Reported-by: youngchopin on github - -- [Michael Kaufmann brought this change] - - test1264: verify URL with space in host name being rejected - -- url: reject ASCII control characters and space in host names - - Host names like "127.0.0.1 moo" would otherwise be accepted by some - getaddrinfo() implementations. - - Updated test 1034 and 1035 accordingly. - - Fixes #2073 - Closes #2092 - -- Curl_open: fix OOM return error correctly - - Closes #2098 - -- http2: fix "Value stored to 'end' is never read" scan-build error - -- http2: fix "Value stored to 'hdbuf' is never read" scan-build error - -- openssl: fix "Value stored to 'rc' is never read" scan-build error - -- mime: fix "Value stored to 'sz' is never read" scan-build error - -- Curl_llist_remove: fix potential NULL pointer deref - - Fixes a scan-build warning. - -- ntlm: remove unnecessary NULL-check to please scan-build - -- BUGS: spellchecked - -Jay Satiro (18 Nov 2017) -- [fmmedeiros brought this change] - - examples/curlx: Fix code style - - - Add braces around multi-line if statement. - - Closes https://github.com/curl/curl/pull/2096 - -Daniel Stenberg (17 Nov 2017) -- resolve: allow IP address within [] brackets - - ... so that IPv6 addresses can be passed like they can for connect-to - and how they're used in URLs. - - Added test 1324 to verify - Reported-by: Alex Malinovich - - Fixes #2087 - Closes #2091 - -- [Pavol Markovic brought this change] - - macOS: Fix missing connectx function with Xcode version older than 9.0 - - The previous fix https://github.com/curl/curl/pull/1788 worked just for - Xcode 9. This commit extends the fix to older Xcode versions effectively - by not using connectx function. - - Fixes https://github.com/curl/curl/issues/1330 - Fixes https://github.com/curl/curl/issues/2080 - Closes https://github.com/curl/curl/pull/1336 - Closes #2082 - -- [Dirk Feytons brought this change] - - openssl: fix too broad use of HAVE_OPAQUE_EVP_PKEY - - Fixes #2079 - Closes #2081 - -- TODO: ignore private IP addresses in PASV response - - Closes #1455 - -- RELEASE-NOTES: synced with ae7369b6d - -Michael Kaufmann (14 Nov 2017) -- URL: return error on malformed URLs with junk after IPv6 bracket - - Follow-up to aadb7c7. Verified by new test 1263. - - Closes #2072 - -Daniel Stenberg (14 Nov 2017) -- INTERNALS: we may use libidn2 now, not libidn - -Patrick Monnerat (13 Nov 2017) -- zlib/brotli: only include header files in modules needing them - - There is a conflict on symbol 'free_func' between openssl/crypto.h and - zlib.h on AIX. This is an attempt to resolve it. - - Bug: https://curl.haxx.se/mail/lib-2017-11/0032.html - Reported-By: Michael Felt - -Daniel Stenberg (13 Nov 2017) -- SMB: fix uninitialized local variable - - Reported-by: Brian Carpenter - -- [Orgad Shaneh brought this change] - - connect.c: remove executable bit on file - - Closes #2071 - -- [hsiao yi brought this change] - - README.md: fixed layout - - Closes #2069 - -- setopt: split out curl_easy_setopt() to its own file - - ... to make url.c smaller. - - Closes #1944 - -Jay Satiro (10 Nov 2017) -- [John Starks brought this change] - - cmake: Add missing setmode check - - Ensure HAVE_SETMODE is set to 1 on OSes that have setmode. Without this, - curl will corrupt binary files when writing them to stdout on Windows. - - Closes https://github.com/curl/curl/pull/2067 - -Daniel Stenberg (10 Nov 2017) -- curl_share_setopt: va_end was not called if conncache errors - - CID 984459, detected by Coverity - -Sergei Nikulov (10 Nov 2017) -- [John Starks brought this change] - - cmake: Correctly include curl.rc in Windows builds (#2064) - - Update CMakeLists.txt to add curl.rc to the correct list. - -Daniel Stenberg (9 Nov 2017) -- RELEASE-NOTES: synced with 32828cc4f - -- [Luca Boccassi brought this change] - - --interface: add support for Linux VRF - - The --interface command (CURLOPT_INTERFACE option) already uses - SO_BINDTODEVICE on Linux, but it tries to parse it as an interface or IP - address first, which fails in case the user passes a VRF. - - Try to use the socket option immediately and parse it as a fallback - instead. Update the documentation to mention this feature, and that it - requires the binary to be ran by root or with CAP_NET_RAW capabilities - for this to work. - - Closes #2024 - -- curl_share_setopt.3: document CURL_LOCK_DATA_CONNECT - - Closes #2043 - -- examples: add shared-connection-cache - -- test1554: verify connection cache sharing - -- share: add support for sharing the connection cache - -- imap: deal with commands case insensitively - - As documented in RFC 3501 section 9: - https://tools.ietf.org/html/rfc3501#section-9 - - Closes #2061 - -- connect: store IPv6 connection status after valid connection - - ... previously it would store it already in the happy eyeballs stage - which could lead to the IPv6 bit being set for an IPv4 connection, - leading to curl not wanting to do EPSV=>PASV for FTP transfers. - - Closes #2053 - -- curl_multi_fdset.3: emphasize curl_multi_timeout - - ... even when there's no socket to wait for, the timeout can still be - very short. - -Jay Satiro (9 Nov 2017) -- content_encoding: fix inflate_stream for no bytes available - - - Don't call zlib's inflate() when avail_in stream bytes is 0. - - This is a follow up to the parent commit 19e66e5. Prior to that change - libcurl's inflate_stream could call zlib's inflate even when no bytes - were available, causing inflate to return Z_BUF_ERROR, and then - inflate_stream would treat that as a hard error and return - CURLE_BAD_CONTENT_ENCODING. - - According to the zlib FAQ, Z_BUF_ERROR is not fatal. - - This bug would happen randomly since packet sizes are arbitrary. A test - of 10,000 transfers had 55 fail (ie 0.55%). - - Ref: https://zlib.net/zlib_faq.html#faq05 - - Closes https://github.com/curl/curl/pull/2060 - -Patrick Monnerat (7 Nov 2017) -- content_encoding: do not write 0 length data - -Daniel Stenberg (6 Nov 2017) -- fnmatch: remove dead code - - There was a duplicate check for backslashes in the setcharset() - function. - - Coverity CID 1420611 - -- url: remove unncessary NULL-check - - Since 'conn' won't be NULL in there and we also access the pointer in - there without the check. - - Coverity CID 1420610 - -Viktor Szakats (6 Nov 2017) -- src/Makefile.m32: fix typo in brotli lib customization - - Ref cc1f4436099decb9d1a7034b2bb773a9f8379d31 - -- Makefile.m32: allow to customize brotli libs - - It adds the ability to link against static brotli libs. - - Also fix brotli include path. - -Patrick Monnerat (5 Nov 2017) -- travis: add a job with brotli enabled - -- [Viktor Szakats brought this change] - - Makefile.m32: add brotli support - -- HTTP: implement Brotli content encoding - - This uses the brotli external library (https://github.com/google/brotli). - Brotli becomes a feature: additional curl_version_info() bit and - structure fields are provided for it and CURLVERSION_NOW bumped. - - Tests 314 and 315 check Brotli content unencoding with correct and - erroneous data. - - Some tests are updated to accomodate with the now configuration dependent - parameters of the Accept-Encoding header. - -- HTTP: support multiple Content-Encodings - - This is implemented as an output streaming stack of unencoders, the last - calling the client write procedure. - - New test 230 checks this feature. - - Bug: https://github.com/curl/curl/pull/2002 - Reported-By: Daniel Bankhead - -Jay Satiro (4 Nov 2017) -- url: remove arg value check from CURLOPT_SSH_AUTH_TYPES - - Since CURLSSH_AUTH_ANY (aka CURLSSH_AUTH_DEFAULT) is ~0 an arg value - check on this option is incorrect; we have to accept any value. - - Prior to this change since f121575 (7.56.1+) CURLOPT_SSH_AUTH_TYPES - erroneously rejected CURLSSH_AUTH_ANY with CURLE_BAD_FUNCTION_ARGUMENT. - - Bug: https://github.com/curl/curl/commit/f121575#commitcomment-25347120 - -Daniel Stenberg (4 Nov 2017) -- ntlm: avoid malloc(0) for zero length passwords - - It triggers an assert() when built with memdebug since malloc(0) may - return NULL *or* a valid pointer. - - Detected by OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4054 - - Assisted-by: Max Dymond - Closes #2054 - -- RELEASE-NOTES: synced with ee8016b3d - -- curl: speed up handling of many URLs - - By properly keeping track of the last entry in the list of URLs/uploads - to handle, curl now avoids many meaningless traverses of the list which - speeds up many-URL handling *MASSIVELY* (several magnitudes on 100K - URLs). - - Added test 1291, to verify that it doesn't take ages - but we don't have - any detection of "too slow" command in the test suite. - - Reported-by: arainchik on github - Fixes #1959 - Closes #2052 - -- curl: pass through [] in URLs instead of calling globbing error - - Assisted-by: Per Lundberg - Fixes #2044 - Closes #2046 - Closes #2048 - -- CURLOPT_INFILESIZE: accept -1 - - Regression since f121575 - - Reported-by: Petr Voytsik - Fixes #2047 - -Jay Satiro (2 Nov 2017) -- url: fix CURLOPT_DNS_CACHE_TIMEOUT arg value check to allow -1 - - Prior to this change since f121575 (7.56.1+) CURLOPT_DNS_CACHE_TIMEOUT - erroneously rejected -1 with CURLE_BAD_FUNCTION_ARGUMENT. - -Dan Fandrich (1 Nov 2017) -- http2: Fixed OOM handling in upgrade request - - This caused the torture tests on test 1800 to fail. - -- tests: Fixed torture tests on tests 556 and 650 - - Test cleanup after OOM wasn't being consistently performed. - -Daniel Stenberg (1 Nov 2017) -- CURLOPT_MAXREDIRS: allow -1 as a value - - ... which is valid according to documentation. Regression since - f121575c0b5f. - - Verified now in test 501. - - Reported-by: cbartl on github - Fixes #2038 - Closes #2039 - -- include: remove conncache.h inclusion from where its not needed - -Jay Satiro (1 Nov 2017) -- url: fix CURLOPT_POSTFIELDSIZE arg value check to allow -1 - - .. also add same arg value check to CURLOPT_POSTFIELDSIZE_LARGE. - - Prior to this change since f121575 (7.56.1+) CURLOPT_POSTFIELDSIZE - erroneously rejected -1 value with CURLE_BAD_FUNCTION_ARGUMENT. - - Bug: https://curl.haxx.se/mail/lib-2017-11/0000.html - Reported-by: Andrew Lambert - -Daniel Stenberg (31 Oct 2017) -- cookie: avoid NULL dereference - - ... when expiring old cookies. - - Reported-by: Pavel Gushchin - Fixes #2032 - Closes #2035 - -Marcel Raad (30 Oct 2017) -- memdebug: use send/recv signature for curl_dosend/curl_dorecv - - This avoids build errors and warnings caused by implicit casts. - - Closes https://github.com/curl/curl/pull/2031 - -Daniel Stenberg (30 Oct 2017) -- [Juro Bystricky brought this change] - - mkhelp.pl: support reproducible build - - Do not generate line with the current date, such as: - - * Generation time: Tue Oct-24 18:01:41 2017 - - This will improve reproducibility. The generated string is only - part of a comment, so there should be no adverse consequences. - - Signed-off-by: Juro Bystricky <juro.bystricky@intel.com> - - closes #2026 - -Dan Fandrich (30 Oct 2017) -- runtests.pl: Fixed typo in message - -Daniel Stenberg (30 Oct 2017) -- curlx: the timeval functions are no longer provided as curlx_* - - Pointed-out-by: Dmitri Tikhonov - Bug: #2034 - -- select: update comments - - s/curlx_tvnow/Curl_now - -- INTERNALS: remove curlx_tv* functions no longer provided - -- [Dmitri Tikhonov brought this change] - - timeval: use mach time on MacOS - - If clock_gettime() is not supported, use mach_absolute_time() on MacOS. - - closes #2033 - -Patrick Monnerat (29 Oct 2017) -- cli tool: improve ";type=" handling in -F option arguments - -- cli tool: in -F option arg, comma is a delimiter for files only - - Also upgrade test 1133 to cover this case and clarify man page about - form data quoting. - - Bug: https://github.com/curl/curl/issues/2022 - Reported-By: omau on github - -Daniel Stenberg (29 Oct 2017) -- timeleft: made two more users of Curl_timeleft use timediff_t - -Jakub Zakrzewski (28 Oct 2017) -- cmake: Export libcurl and curl targets to use by other cmake projects - - The config files define curl and libcurl targets as imported targets - CURL::curl and CURL::libcurl. For backward compatibility with CMake- - provided find-module the CURL_INCLUDE_DIRS and CURL_LIBRARIES are - also set. - - Closes #1879 - -Daniel Stenberg (28 Oct 2017) -- RELEASE-NOTES: synced with f20cbac97 - -- [Florin Petriuc brought this change] - - auth: Added test cases for RFC7616 - - Updated docs to include support for RFC7616 - - Signed-off-by: Florin <petriuc.florin@gmail.com> - - Closes #1934 - -- [Florin Petriuc brought this change] - - auth: add support for RFC7616 - HTTP Digest access authentication - - Signed-off-by: Florin <petriuc.florin@gmail.com> - -- [Daniel Bankhead brought this change] - - TODO: support multiple Content-Encodings - - Closes #2002 - -- ROADMAP: cleanup - - Removed done stuff. Removed entries no longer considered for the near - term. - -- [Magicansk brought this change] - - ROADMAP.md: spelling fixes - - Closes #2028 - -- Curl_timeleft: change return type to timediff_t - - returning 'time_t' is problematic when that type is unsigned and we - return values less than zero to signal "already expired", used in - several places in the code. - - Closes #2021 - -- appveyor: add a win32 build - -- setopt: fix CURLOPT_SSH_AUTH_TYPES option read - - Regression since f121575c0b5f - - Reported-by: Rob Cotrone - -Marcel Raad (27 Oct 2017) -- resolvers: only include anything if needed - - This avoids warnings about unused stuff. - - Closes https://github.com/curl/curl/pull/2023 - -Daniel Stenberg (27 Oct 2017) -- HELP-US: rename the subtitle too since the label is changed - - "PR-welcome" was the former name. - -- curl_setup.h: oops, shorten the too long line - -- [Martin Storsjo brought this change] - - curl_setup: Improve detection of CURL_WINDOWS_APP - - If WINAPI_FAMILY is defined, it should be safe to try to include - winapifamily.h to check what the define evaluates to. - - This should fix detection of CURL_WINDOWS_APP if building with - _WIN32_WINNT set to 0x0600. - - Closes #2025 - -Jay Satiro (26 Oct 2017) -- transfer: Fix chunked-encoding upload bug - - - When uploading via chunked-encoding don't compare file size to bytes - sent to determine whether the upload has finished. - - Chunked-encoding adds its own overhead which why the bytes sent is not - equal to the file size. Prior to this change if a file was uploaded in - chunked-encoding and its size was known it was possible that the upload - could end prematurely without sending the final few chunks. That would - result in a server hang waiting for the remaining data, likely followed - by a disconnect. - - The scope of this bug is limited to some arbitrary file sizes which have - not been determined. One size that triggers the bug is 475020. - - Bug: https://github.com/curl/curl/issues/2001 - Reported-by: moohoorama@users.noreply.github.com - - Closes https://github.com/curl/curl/pull/2010 - -Daniel Stenberg (26 Oct 2017) -- timeval: make timediff_t also work on 32bit windows - - ... by using curl_off_t for the typedef if time_t is larger than 4 - bytes. - - Reported-by: Gisle Vanem - Bug: https://github.com/curl/curl/commit/b9d25f9a6b3ca791385b80a6a3c3fa5ae113e1e0#co - mmitcomment-25205058 - Closes #2019 - -- curl_fnmatch: return error on illegal wildcard pattern - - ... instead of doing an infinite loop! - - Added test 1162 to verify. - - Reported-by: Max Dymond - Fixes #2015 - Closes #2017 - -- [Max Dymond brought this change] - - wildcards: don't use with non-supported protocols - - Fixes timeouts in the fuzzing tests for non-FTP protocols. - - Closes #2016 - -- [Max Dymond brought this change] - - multi: allow table handle sizes to be overridden - - Allow users to specify their own hash define for - CURL_CONNECTION_HASH_SIZE so that both values can be overridden. - - Closes #1982 - -- time: rename Curl_tvnow to Curl_now - - ... since the 'tv' stood for timeval and this function does not return a - timeval struct anymore. - - Also, cleaned up the Curl_timediff*() functions to avoid typecasts and - clean up the descriptive comments. - - Closes #2011 - -- ftplistparser: follow-up cleanup to remove PL_ERROR() - -- [Max Dymond brought this change] - - ftplistparser: free off temporary memory always - - When using the FTP list parser, ensure that the memory that's - allocated is always freed. - - Detected by OSS-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3682 - Closes #2013 - -- timediff: return timediff_t from the time diff functions - - ... to cater for systems with unsigned time_t variables. - - - Renamed the functions to curlx_timediff and Curl_timediff_us. - - - Added overflow protection for both of them in either direction for - both 32 bit and 64 bit time_ts - - - Reprefixed the curlx_time functions to use Curl_* - - Reported-by: Peter Piekarski - Fixes #2004 - Closes #2005 - -- [Paul Howarth brought this change] - - libtest: Add required test libraries for lib1552 and lib1553 - - They use $(TESTUTIL) and thus should use $(TESTUTIL_LIBS) too. - - This fixes build failures on Fedora 13. - - Closes #2006 - -- [Alessandro Ghedini brought this change] - - libcurl-tutorial.3: fix typo - - closes #2008 - -Alessandro Ghedini (23 Oct 2017) -- curl_mime_filedata.3: fix typos - -Daniel Stenberg (23 Oct 2017) -- RELEASE-NOTES: clean slate towards 7.57.0 - -- [Max Dymond brought this change] - - travis: exit if any steps fail - - We don't expect any steps to fail in travis. Exit the script if they do. - - Closes #1966 - -Version 7.56.1 (23 Oct 2017) - -Daniel Stenberg (23 Oct 2017) -- RELEASE-NOTES: 7.56.1 - -- THANKS: update at 7.56.1 release time - -- [Jon DeVree brought this change] - - mk-ca-bundle: Remove URL for aurora - - Aurora is no longer used by Mozilla - https://hacks.mozilla.org/2017/04/simplifying-firefox-release-channels/ - -- [Jon DeVree brought this change] - - mk-ca-bundle: Fix URL for NSS - - The 'tip' is the most recent branch committed to, this should be - 'default' like the URLs for the browser are. - - Closes #1998 - -- imap: if a FETCH response has no size, don't call write callback - - CVE-2017-1000257 - - Reported-by: Brian Carpenter and 0xd34db347 - Also detected by OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3586 - -- ftp: reject illegal IP/port in PASV 227 response - - ... by using range checks. Among other things, this avoids an undefined - behavior for a left shift that could happen on negative or very large - values. - - Closes #1997 - - Detected by OSS-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3694 - -Patrick Monnerat (20 Oct 2017) -- test653: check reuse of easy handle after mime data change - - See issue #1999 - -- mime: do not reuse previously computed multipart size - - The contents might have changed: size must be recomputed. - - Reported-by: moteus on github - Fixes #1999 - -- test308: disable if MultiSSL feature enabled - - Even if OpenSSL is enabled, it might not be the default backend when - multi-ssl is enabled, causing the test to fail. - -- runtests: support MultiSSL client feature - -- vtls: change struct Curl_ssl `close' field name to `close_one'. - - On OS/400, `close' is an ASCII system macro that corrupts the code if - not used in a context not targetting the close() system API. - -- os400: add missing symbols in config file. - - Also adjust makefile to renamed files and warn about installation dirs mix-up. - -- test652: curl_mime_data + base64 encoder with large contents - -- mime: limit bas64-encoded lines length to 76 characters - -Daniel Stenberg (16 Oct 2017) -- RELEASE-NOTES: synced with f121575c0 - -- setopt: range check most long options - - ... filter early instead of risking "funny values" having to be dealt - with elsewhere. - -- setopt: avoid integer overflows when setting millsecond values - - ... that are multiplied by 1000 when stored. - - For 32 bit long systems, the max value accepted (2147483 seconds) is > - 596 hours which is unlikely to ever be set by a legitimate application - - and previously it didn't work either, it just caused undefined behavior. - - Also updated the man pages for these timeout options to mention the - return code. - - Closes #1938 - -Viktor Szakats (15 Oct 2017) -- makefile.m32: allow to override gcc, ar and ranlib - - Allow to ovverride certain build tools, making it possible to - use LLVM/Clang to build curl. The default behavior is unchanged. - To build with clang (as offered by MSYS2), these settings can - be used: - - CURL_CC=clang - CURL_AR=llvm-ar - CURL_RANLIB=llvm-ranlib - - Closes https://github.com/curl/curl/pull/1993 - -- ldap: silence clang warning - - Use memset() to initialize a structure to avoid LLVM/Clang warning: - ldap.c:193:39: warning: missing field 'UserLength' initializer [-Wmissing-field-initializers] - - Closes https://github.com/curl/curl/pull/1992 - -Daniel Stenberg (14 Oct 2017) -- runtests: use valgrind for torture as well - - NOTE: it makes them terribly slow. I recommend only using valgrind for - specific torture tests or using lots of patience. - -- memdebug: trace send, recv and socket - - ... to allow them to be included in torture tests too. - - closes #1980 - -- configure: remove the C++ compiler check - - ... we used it only for the fuzzer, which we now have in a separate git - repo. - - Closes #1990 - -Patrick Monnerat (13 Oct 2017) -- mime: do not call failf() if easy handle is NULL. - -Daniel Stenberg (13 Oct 2017) -- test651: curl_formadd with huge COPYCONTENTS - -- mime: fix the content reader to handle >16K data properly - - Reported-by: Jeroen Ooms - Closes #1988 - -Patrick Monnerat (12 Oct 2017) -- mime: keep "text/plain" content type if user-specified. - - Include test cases in 554, 587, 650. - - Fixes https://github.com/curl/curl/issues/1986 - -- cli tool: use file2memory() to buffer stdin in -F option. - - Closes PR https://github.com/curl/curl/pull/1985 - -- cli tool: reimplement stdin buffering in -F option. - - If stdin is not a regular file, its content is memory-buffered to enable - a possible data "rewind". - In all cases, stdin data size is determined before real use to avoid - having an unknown part's size. - - --libcurl generated code is left as an unbuffered stdin fread/fseek callback - part with unknown data size. - - Buffering is not supported in deprecated curl_formadd() API. - -Daniel Stenberg (12 Oct 2017) -- winbuild/BUILD.WINDOWS.txt: mention WITH_NGHTTP2 - -- HELP-US: the label "PR-welcome" is now renamed to "help wanted" - - following the new github "standard" - -- RELEASE-NOTES: synced with 5505df7d2 - -Jay Satiro (11 Oct 2017) -- [Artak Galoyan brought this change] - - url: Update current connection SSL verify params in setopt - - Now VERIFYHOST, VERIFYPEER and VERIFYSTATUS options change during active - connection updates the current connection's (i.e.'connectdata' - structure) appropriate ssl_config (and ssl_proxy_config) structures - variables, making these options effective for ongoing connection. - - This functionality was available before and was broken by the - following change: - "proxy: Support HTTPS proxy and SOCKS+HTTP(s)" - CommitId: cb4e2be7c6d42ca0780f8e0a747cecf9ba45f151. - - Bug: https://github.com/curl/curl/issues/1941 - - Closes https://github.com/curl/curl/pull/1951 - -Daniel Stenberg (11 Oct 2017) -- [David Benjamin brought this change] - - openssl: don't use old BORINGSSL_YYYYMM macros - - Those were temporary things we'd add and remove for our own convenience - long ago. The last few stayed around for too long as an oversight but - have since been removed. These days we have a running - BORINGSSL_API_VERSION counter which is bumped when we find it - convenient, but 2015-11-19 was quite some time ago, so just check - OPENSSL_IS_BORINGSSL. - - Closes #1979 - -- test950; verify SMTP with custom request - -- ftpserver: support case insensitive commands - -- smtp_done: free data before returning (on send failure) - - ... as otherwise it could leak that memory. - - Detected by OSS-fuzz: - https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3600 - - Assisted-by: Max Dymond - Closes #1977 - -- FTP: URL decode path for dir listing in nocwd mode - - Reported-by: Zenju on github - - Test 244 added to verify - Fixes #1974 - Closes #1976 - -- test298: verify --ftp-method nowcwd with URL encoded path - - Ref: #1974 - -- CURLOPT_XFERINFODATA.3: fix duplicate see also - -- CURLOPT_NOPROGRESS.3: also refer to xferinfofunction - -- FAQ: s/CURLOPT_PROGRESSFUNCTION/CURLOPT_XFERINFOFUNCTION - -- openssl: enable PKCS12 support for !BoringSSL - - Enable PKCS12 for all non-boringssl builds without relying on configure - or cmake checks. - - Bug: https://curl.haxx.se/mail/lib-2017-10/0007.html - Reported-by: Christian Schmitz - Closes #1948 - -- [Kristiyan Tsaklev brought this change] - - curl: don't pass semicolons when parsing Content-Disposition - - Test 1422 updated to verify. - - Closes #1964 - -Patrick Monnerat (9 Oct 2017) -- mime: properly unbind mime structure in curl_mime_free(). - - This allows freeing a mime structure bound to the easy handle before - curl_easy_cleanup(). - - Fixes #1970. - -Daniel Stenberg (9 Oct 2017) -- RTSP: avoid integer overflow on funny RTSP response - - ... like a very large non-existing RTSP version number. - - Added test 577 to verify. - - Detected by OSS-fuzz. - Closes #1969 - -Patrick Monnerat (8 Oct 2017) -- ftpserver: properly reset $ftptargetdir. - -- test643: verify curl_mime_subparts() rejects cyclic additions. - -- mime: refuse to add subparts to one of their own descendants. - - Reported-by: Alexey Melnichuk - Fixes #1962 - -- mime: avoid resetting a part's encoder when part's contents change. - -- mime: improve unbinding top multipart from easy handle. - - Also avoid dangling pointers in referencing parts. - -Daniel Stenberg (8 Oct 2017) -- RELEASE-NOTES: synced with a4c1c75da30af1 - -- curlver.h: next expected release is 7.57.0 - -Patrick Monnerat (8 Oct 2017) -- mime: be tolerant about setting twice the same header list in a part. - -- docs: clarify form/mime usage of non-regular data files. - -Daniel Stenberg (8 Oct 2017) -- Revert "multi_done: wait for name resolve to finish if still ongoing" - - This reverts commit f3e03f6c0ac52a1bf396e03f7d7e9b5b3b7165fe. - - Caused memory leaks in the fuzzer, needs to be done differently. - - Disable test 1553 for now too, as it causes memory leaks without this - commit! - -- remove_handle: call multi_done() first, then clear dns cache pointer - - Closes #1960 - -- multi_done: wait for name resolve to finish if still ongoing - - ... as we must clean up memory. - -- pingpong: return error when trying to send without connection - - When imap_done() got called before a connection is setup, it would try - to "finish up" and dereffed a NULL pointer. - - Test case 1553 managed to reproduce. I had to actually use a host name - to try to resolve to slow it down, as using the normal local server IP - will make libcurl get a connection in the first curl_multi_perform() - loop and then the bug doesn't trigger. - - Fixes #1953 - Assisted-by: Max Dymond - -Dan Fandrich (6 Oct 2017) -- tests: added flaky keyword to tests 587 and 644 - - These are around 5% flaky in my Linux x86 autobuilds. - -Marcel Raad (6 Oct 2017) -- vtls: fix warnings with --disable-crypto-auth - - When CURL_DISABLE_CRYPTO_AUTH is defined, Curl_none_md5sum's parameters - are not used. - -Daniel Stenberg (6 Oct 2017) -- multi_cleanup: call DONE on handles that never got that - - ... fixes a memory leak with at least IMAP when remove_handle is never - called and the transfer is abruptly just abandoned early. - - Test 1552 added to verify - - Detected by OSS-fuzz - Assisted-by: Max Dymond - Closes #1954 - -- [Benbuck Nason brought this change] - - strtoofft: Remove extraneous null check - - Fixes #1950: curlx_strtoofft() doesn't fully protect against null 'str' - argument. - - Closes #1952 - -- openssl: fix build without HAVE_OPAQUE_EVP_PKEY - - Reported-by: Javier Sixto - Fixes #1955 - Closes #1956 - -Viktor Szakats (6 Oct 2017) -- lib/config-win32.h: let SMB/SMBS be enabled with OpenSSL/NSS - - The source code is now prepared to handle the case when both - Win32 Crypto and OpenSSL/NSS crypto backends are enabled - at the same time, making it now possible to enable `USE_WIN32_CRYPTO` - whenever the targeted Windows version supports it. Since this - matches the minimum Windows version supported by curl - (Windows 2000), enable it unconditionally for the Win32 platform. - - This in turn enables SMB (and SMBS) protocol support whenever - Win32 Crypto is available, regardless of what other crypto backends - are enabled. - - Ref: https://github.com/curl/curl/pull/1840#issuecomment-325682052 - - Closes https://github.com/curl/curl/pull/1943 - -Daniel Stenberg (5 Oct 2017) -- build: fix --disable-crypto-auth - - Reported-by: Wyatt O'Day - Fixes #1945 - Closes #1947 - -Jay Satiro (5 Oct 2017) -- [Nick Zitzmann brought this change] - - darwinssl: add support for TLSv1.3 - - Closes https://github.com/curl/curl/pull/1794 - -Daniel Stenberg (4 Oct 2017) -- [Felix Kaiser brought this change] - - docs: fix typo in curl_mime_data_cb man page - - Closes #1946 - -Viktor Szakats (4 Oct 2017) -- lib/Makefile.m32: allow customizing dll suffixes - - - New `CURL_DLL_SUFFIX` envvar will add a suffix to the generated - libcurl dll name. Useful to add `-x64` to 64-bit builds so that - it can live in the same directory as the 32-bit one. By default - this is empty. - - - New `CURL_DLL_A_SUFFIX` envvar to customize the suffix of the - generated import library (implib) for libcurl .dll. It defaults - to `dll`, and it's useful to modify that to `.dll` to have the - standard naming scheme for mingw-built .dlls, i.e. `libcurl.dll.a`. - - Closes https://github.com/curl/curl/pull/1942 - -Daniel Stenberg (4 Oct 2017) -- [Max Dymond brought this change] - - fuzzer: move to using external curl-fuzzer - - Use the external curl-fuzzer repository for fuzzing. - - Closes #1923 - -- failf: skip the sprintf() if there are no consumers - - Closes #1936 - -- ftp: UBsan fixup 'pointer index expression overflowed' - - Closes #1939 - -- RELEASE-PROCEDURE: update the release schedule - -Version 7.56.0 (4 Oct 2017) - -Daniel Stenberg (4 Oct 2017) -- RELEASE-NOTES: curl 7.56.0 - -- THANKS: added new 7.56.0 contributors - -Jay Satiro (4 Oct 2017) -- build-openssl.bat: Warn OpenSSL 1.1.0 not yet supported - - Ref: https://github.com/curl/curl/issues/1002 - -Michael Kaufmann (3 Oct 2017) -- idn: fix source code comment - -- vtls: compare and clone ssl configs properly - - Compare these settings in Curl_ssl_config_matches(): - - verifystatus (CURLOPT_SSL_VERIFYSTATUS) - - random_file (CURLOPT_RANDOM_FILE) - - egdsocket (CURLOPT_EGDSOCKET) - - Also copy the setting "verifystatus" in Curl_clone_primary_ssl_config(), - and copy the setting "sessionid" unconditionally. - - This means that reusing connections that are secured with a client - certificate is now possible, and the statement "TLS session resumption - is disabled when a client certificate is used" in the old advisory at - https://curl.haxx.se/docs/adv_20170419.html is obsolete. - - Reviewed-by: Daniel Stenberg - - Closes #1917 - -- proxy: read the "no_proxy" variable only if necessary - - Reviewed-by: Daniel Stenberg - - Closes #1919 - -Patrick Monnerat (3 Oct 2017) -- libcurl-tutorial: add casts in example to avoid compilation warnings. - -Daniel Stenberg (3 Oct 2017) -- examples: bring back curl_formadd-using examples - - ... now with a -formadd suffix. While the new mime API is introduced in - 7.56.0 we must acknowledge that lots of users can't upgrade their curl - versions immediately. - -- test1153: verify quoted double-qoutes in PWD response - -- FTP: zero terminate the entry path even on bad input - - ... a single double quote could leave the entry path buffer without a zero - terminating byte. CVE-2017-1000254 - - Test 1152 added to verify. - - Reported-by: Max Dymond - Bug: https://curl.haxx.se/docs/adv_20171004.html - -Jay Satiro (2 Oct 2017) -- [Sergei Nikulov brought this change] - - cmake: disable tests and man generation if perl/nroff not found - - Fixes https://github.com/curl/curl/issues/1500 - Reported-by: Jay Satiro - - Fixes https://github.com/curl/curl/pull/1662 - Assisted-by: Tom Seddon - Assisted-by: dpull@users.noreply.github.com - Assisted-by: elelel@users.noreply.github.com - - Closes https://github.com/curl/curl/pull/1924 - -Patrick Monnerat (2 Oct 2017) -- libcurl-tutorial: fix two typos. - -- TODO: remove deprecated form API items. - -- libcurl-tutorial: describe MIME API and deprecate form API. - - Include a guide to form/mime API conversion. - -Daniel Stenberg (30 Sep 2017) -- cookie: fix memory leak if path was set twice in header - - ... this will let the second occurance override the first. - - Added test 1161 to verify. - - Reported-by: Max Dymond - Fixes #1932 - Closes #1933 - -Dan Fandrich (30 Sep 2017) -- test650: Use variable replacement to set the host address and port - - Otherwise, the test fails when the -b test option is used to set a - different test port range. - -- Set and use more necessary options when some protocols are disabled - - When curl and libcurl are built with some protocols disabled, they stop - setting and receiving some options that don't make sense with those - protocols. In particular, when HTTP is disabled many options aren't set - that are used only by HTTP. However, some options that appear to be - HTTP-only are actually used by other protocols as well (some despite - having HTTP in the name) and should be set, but weren't. This change now - causes some of these options to be set and used for more (or for all) - protocols. In particular, this fixes tests 646 through 649 in an - HTTP-disabled build, which use the MIME API in the mail protocols. - -Daniel Stenberg (29 Sep 2017) -- test1160: verifies cookie leak for large cookies - - The fix done in 20ea22ff735 - -- cookie: fix memory leak on oversized rejection - - Regression brought by 2bc230de63b - - Detected by OSS-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3513 - Assisted-by: Max Dymond - - Closes #1930 - -- [Anders Bakken brought this change] - - connect: fix race condition with happy eyeballs timeout - - The timer should be started after conn->connecttime is set. Otherwise - the timer could expire without this condition being true: - - /* should we try another protocol family? */ - if(i == 0 && conn->tempaddr[1] == NULL && - curlx_tvdiff(now, conn->connecttime) >= HAPPY_EYEBALLS_TIMEOUT) { - - Ref: #1928 - -Michael Kaufmann (28 Sep 2017) -- docs: link CURLOPT_CONNECTTIMEOUT and CURLOPT_CONNECTTIMEOUT_MS - - Closes #1922 - -- docs: clarify the use of environment variables for proxy - - Closes #1921 - -- http: add custom empty headers to repeated requests - - Closes #1920 - -- reuse_conn: don't copy flags that are known to be equal - - A connection can only be reused if the flags "conn_to_host" and - "conn_to_port" match. Therefore it is not necessary to copy these flags - in reuse_conn(). - - Closes #1918 - -Daniel Stenberg (27 Sep 2017) -- curl.h: include <sys/select.h> on cygwin too - - When building with -std=c++14 on cygwin, this header won't be - automatically included as it otherwise is. - - The <sys/select.h> include decision should ideally be reversed and be - avoided where that header file doesn't exist. - - Reported-by: Ian Fette - Fixes #1925 - -- RELEASE-NOTES: synced with d8ab5dc50 - -Michael Kaufmann (24 Sep 2017) -- tests: adjust .gitignore for new tests - -Jay Satiro (23 Sep 2017) -- ntlm: move NTLM_NEEDS_NSS_INIT define into core NTLM header - - .. and include the core NTLM header in all NTLM-related source files. - - Follow up to 6f86022. Since then http_ntlm checks NTLM_NEEDS_NSS_INIT - but did not include vtls.h where it was defined. - - Closes https://github.com/curl/curl/pull/1911 - -Daniel Stenberg (23 Sep 2017) -- file_range: avoid integer overflow when figuring out byte range - - When trying to bump the value with one and the value is already at max, - it causes an integer overflow. - - Closes #1908 - Detected by oss-fuzz: - https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3465 - - Assisted-by: Max Dymond - -Michael Kaufmann (23 Sep 2017) -- tests: fix a compiler warning in test 643 - -Jay Satiro (23 Sep 2017) -- symbols-in-versions: fix CURLSSLSET_NO_BACKENDS entry - - - Use spaces instead of tabs as the delimiter. - - Follow up to 7c52b12 which added the entry. The entry had used tabs but - the symbol-scan parser doesn't recognize tabs and would fail the symbol. - -Viktor Szakats (22 Sep 2017) -- metalink: fix NSS issue in MultiSSL builds - - In MultiSSL mode (i.e. when more than one SSL backend is compiled - in), we cannot use the compile time flag `USE_NSS` as indicator that - the NSS backend is in use. As far as Metalink is concerned, the SSL - backend is only used for MD5, SHA-1 and SHA-256 calculations, - therefore one of the available SSL backends is selected at compile - time, in a strict order of preference. - - Let's introduce a new `HAVE_NSS_CONTEXT` constant that can be used - to determine whether the SSL backend used for Metalink is the NSS - backend, and use that to guard the code that wants to de-initialize - the NSS-specific data structure. - - Ref: https://github.com/curl/curl/pull/1848 - -- ntlm: use strict order for SSL backend #if branches - - With the recently introduced MultiSSL support multiple SSL backends - can be compiled into cURL That means that now the order of the SSL - - One option would be to use the same SSL backend as was configured - via `curl_global_sslset()`, however, NTLMv2 support would appear - to be available only with some SSL backends. For example, when - eb88d778e (ntlm: Use Windows Crypt API, 2014-12-02) introduced - support for NTLMv1 using Windows' Crypt API, it specifically did - *not* introduce NTLMv2 support using Crypt API at the same time. - - So let's select one specific SSL backend for NTLM support when - compiled with multiple SSL backends, using a priority order such - that we support NTLMv2 even if only one compiled-in SSL backend can - be used for that. - - Ref: https://github.com/curl/curl/pull/1848 - -Daniel Stenberg (22 Sep 2017) -- symbols-in-versions: add CURLSSLSET_NO_BACKENDS - - ...fixup from b8e0fe19ec - -- imap: quote atoms properly when escaping characters - - Updates test 800 to verify - - Fixes #1902 - Closes #1903 - -- tests: make the imap server not verify user+password - - ... as the test cases themselves do that and it makes it easier to add - crazy test cases. - - Test 800 updated to use user name + password that need quoting. - - Test 856 updated to trigger an auth fail differently. - - Ref: #1902 - -- vtls: provide curl_global_sslset() even in non-SSL builds - - ... it just returns error: - - Bug: https://github.com/curl/curl/commit/1328f69d53f2f2e937696ea954c480412b018451#commitcomment-24470367 - Reported-by: Marcel Raad - - Closes #1906 - -Patrick Monnerat (22 Sep 2017) -- form/mime: field names are not allowed to contain zero-valued bytes. - - Also suppress length argument of curl_mime_name() (names are always - zero-terminated). - -Daniel Stenberg (21 Sep 2017) -- [Dirk Feytons brought this change] - - openssl: only verify RSA private key if supported - - In some cases the RSA key does not support verifying it because it's - located on a smart card, an engine wants to hide it, ... - Check the flags on the key before trying to verify it. - OpenSSL does the same thing internally; see ssl/ssl_rsa.c - - Closes #1904 - -Marcel Raad (21 Sep 2017) -- examples/post-callback: use long for CURLOPT_POSTFIELDSIZE - - Otherwise, typecheck-gcc.h warns on MinGW-w64. - -Patrick Monnerat (20 Sep 2017) -- mime: rephrase the multipart output state machine (#1898) ... - - ... in hope coverity will like it much. - -- mime: fix an explicit null dereference (#1899) - -Daniel Stenberg (20 Sep 2017) -- curl: check fseek() return code and bail on error - - Detected by coverity. CID 1418137. - -- smtp: fix memory leak in OOM - - Regression since ce0881edee - - Coverity CID 1418139 and CID 1418136 found it, but it was also seen in - torture testing. - -- RELEASE-NOTES: synced with 5fe85587c - -- [Pavel Pavlov brought this change] - - cookies: use lock when using CURLINFO_COOKIELIST - - Closes #1896 - -- [Max Dymond brought this change] - - ossfuzz: changes before merging the generated corpora - - Before merging in the oss-fuzz corpora from Google, there are some changes - to the fuzzer. - - Add a read corpus script, to display corpus files nicely. - - Change the behaviour of the fuzzer so that TLV parse failures all now - go down the same execution paths, which should reduce the size of the - corpora. - - Make unknown TLVs a failure to parse, which should decrease the size - of the corpora as well. - - Closes #1881 - -- mime:escape_string minor clarification change - - ... as it also removes a warning with old gcc versions. - - Bug: https://curl.haxx.se/mail/lib-2017-09/0049.html - Reported-by: Ben Greear - -- [Max Dymond brought this change] - - ossfuzz: don't write out to stdout - - Don't make the fuzzer write out to stdout - instead write some of the - contents to a memory block so we exercise the data output code but - quietly. - - Closes #1885 - -- cookies: reject oversized cookies - - ... instead of truncating them. - - There's no fixed limit for acceptable cookie names in RFC 6265, but the - entire cookie is said to be less than 4096 bytes (section 6.1). This is - also what browsers seem to implement. - - We now allow max 5000 bytes cookie header. Max 4095 bytes length per - cookie name and value. Name + value together may not exceed 4096 bytes. - - Added test 1151 to verify - - Bug: https://curl.haxx.se/mail/lib-2017-09/0062.html - Reported-by: Kevin Smith - - Closes #1894 - -- travis: on mac, don't install openssl or libidn - - - openssl is already installed and causes warnings when trying to - install again - - - libidn isn't used these days, and homebrew doesn't seem to have a - libidn2 package to replace with easily - - Closes #1895 - -- curl: make str2udouble not return values on error - - ... previously it would store a return value even when it returned - error, which could make the value get used anyway! - - Reported-by: Brian Carpenter - Closes #1893 - -Jay Satiro (18 Sep 2017) -- socks: fix incorrect port number in SOCKS4 error message - - Prior to this change it appears the SOCKS5 port parsing was erroneously - used for the SOCKS4 error message, and as a result an incorrect port - would be shown in the error message. - - Bug: https://github.com/curl/curl/issues/1892 - Reported-by: Jackarain@users.noreply.github.com - -- [Marc Aldorasi brought this change] - - schannel: Support partial send for when data is too large - - Schannel can only encrypt a certain amount of data at once. Instead of - failing when too much data is to be sent at once, send as much data as - we can and let the caller send the remaining data by calling send again. - - Bug: https://curl.haxx.se/mail/lib-2014-07/0033.html - - Closes https://github.com/curl/curl/pull/1890 - -- [David Benjamin brought this change] - - openssl: add missing includes - - lib/vtls/openssl.c uses OpenSSL APIs from BUF_MEM and BIO APIs. Include - their headers directly rather than relying on other OpenSSL headers - including things. - - Closes https://github.com/curl/curl/pull/1891 - -Daniel Stenberg (15 Sep 2017) -- conversions: fix several compiler warnings - -- server/getpart: provide dummy function to build conversion enabled - -- non-ascii: use iconv() with 'char **' argument - - Bug: https://curl.haxx.se/mail/lib-2017-09/0031.html - -- escape.c: error: pointer targets differ in signedness - -- docs: clarify the CURLOPT_INTERLEAVE* options behavior - -- [Max Dymond brought this change] - - rtsp: Segfault in rtsp.c when using WRITEDATA - - If the INTERLEAVEFUNCTION is defined, then use that plus the - INTERLEAVEDATA information when writing RTP. Otherwise, use - WRITEFUNCTION and WRITEDATA. - - Fixes #1880 - Closes #1884 - -Marcel Raad (15 Sep 2017) -- [Isaac Boukris brought this change] - - tests: enable gssapi in travis-ci linux build - - Closes https://github.com/curl/curl/pull/1687 - -- [Isaac Boukris brought this change] - - tests: add initial gssapi test using stub implementation - - The stub implementation is pre-loaded using LD_PRELOAD - and emulates common gssapi uses (only builds if curl is - initially built with gssapi support). - - The initial tests are currently disabled for debug builds - as LD_PRELOAD is not used then. - - Ref: https://github.com/curl/curl/pull/1687 - -Daniel Stenberg (15 Sep 2017) -- test1150: verify same host fetch using different ports over proxy - - Closes #1889 - -- URL: on connection re-use, still pick the new remote port - - ... as when a proxy connection is being re-used, it can still get a - different remote port. - - Fixes #1887 - Reported-by: Oli Kingshott - -- RELEASE-NOTES: synced with 87501e57f - -- code style: remove wrong uses of multiple spaces - - Closes #1878 - -- checksrc: detect and warn for multiple spaces - -- code style: use space after semicolon - -- checksrc: verify space after semicolons - -- code style: use spaces around pluses - -- checksrc: detect and warn for lack of spaces next to plus signs - -- code style: use spaces around equals signs - -- checksrc: verify spaces around equals signs - - ... as the code style mandates. - -- Curl_checkheaders: make it available for IMAP and SMTP too - - ... not only HTTP uses this now. - - Closes #1875 - -- travis: add build without HTTP/SMTP/IMAP - -Jay Satiro (10 Sep 2017) -- mbedtls: enable CA path processing - - CA path processing was implemented when mbedtls.c was added to libcurl - in fe7590f, but it was never enabled. - - Bug: https://github.com/curl/curl/issues/1877 - Reported-by: SBKarr@users.noreply.github.com - -Daniel Stenberg (8 Sep 2017) -- rtsp: do not call fwrite() with NULL pointer FILE * - - If the default write callback is used and no destination has been set, a - NULL pointer would be passed to fwrite()'s 4th argument. - - OSS-fuzz bug https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3327 - (not publicly open yet) - - Detected by OSS-fuzz - Closes #1874 - -- configure: use -Wno-varargs on clang 3.9[.X] debug builds - - ... to avoid a clang bug - -- [Max Dymond brought this change] - - ossfuzz: add some more handled CURL options - - Add support for HEADER, COOKIE, RANGE, CUSTOMREQUEST, MAIL_RECIPIENT, - MAIL_FROM and uploading data. - -- configure: check for C++ compiler after C, to make it non-fatal - - The tests for object file/executable file extensions are presumably only - done for the first of these macros in the configure file. - - Bug: https://github.com/curl/curl/pull/1851#issuecomment-327597515 - Reported-by: Marcel Raad - Closes #1873 - -Patrick Monnerat (7 Sep 2017) -- form API: add new test 650. - - Now that the form API is deprecated and not used anymore in curl tool, - a lot of its features left untested. Test 650 attempts to check all these - features not tested elsewhere. - -Jay Satiro (7 Sep 2017) -- configure: fix curl_off_t check's include order - - - Prepend srcdir include path instead of append. - - Prior to this change it was possible that during the check for the size - of curl_off_t the include path of a user's already installed curl could - come before the include path of the to-be-built curl, resulting in the - system.h of the former being incorrectly included for that check. - - Closes https://github.com/curl/curl/pull/1870 - -Daniel Stenberg (7 Sep 2017) -- [Jakub Zakrzewski brought this change] - - KNOWN_BUGS: Remove CMake symbol hiding issue - - It has already been fixed in 6140dfc - -- http-proxy: when not doing CONNECT, that phase is done immediately - - `conn->connect_state` is NULL when doing a regular non-CONNECT request - over the proxy and should therefor be considered complete at once. - - Fixes #1853 - Closes #1862 - Reported-by: Lawrence Wagerfield - -- [Johannes Schindelin brought this change] - - OpenSSL: fix yet another mistake while encapsulating SSL backend data - - Another mistake in my manual fixups of the largely mechanical - search-and-replace ("connssl->" -> "BACKEND->"), just like the previous - commit concerning HTTPS proxies (and hence not caught during my - earlier testing). - - Fixes #1855 - Closes #1871 - - Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> - -- [Johannes Schindelin brought this change] - - OpenSSL: fix erroneous SSL backend encapsulation - - In d65e6cc4f (vtls: prepare the SSL backends for encapsulated private - data, 2017-06-21), this developer prepared for a separation of the - private data of the SSL backends from the general connection data. - - This conversion was partially automated (search-and-replace) and - partially manual (e.g. proxy_ssl's backend data). - - Sadly, there was a crucial error in the manual part, where the wrong - handle was used: rather than connecting ssl[sockindex]' BIO to the - proxy_ssl[sockindex]', we reconnected proxy_ssl[sockindex]. The reason - was an incorrect location to paste "BACKEND->"... d'oh. - - Reported by Jay Satiro in https://github.com/curl/curl/issues/1855. - - Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> - -- [Jay Satiro brought this change] - - vtls: fix memory corruption - - Ever since 70f1db321 (vtls: encapsulate SSL backend-specific data, - 2017-07-28), the code handling HTTPS proxies was broken because the - pointer to the SSL backend data was not swapped between - conn->ssl[sockindex] and conn->proxy_ssl[sockindex] as intended, but - instead set to NULL (causing segmentation faults). - - [jes: provided the commit message, tested and verified the patch] - - Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> - -- vtls: switch to CURL_SHA256_DIGEST_LENGTH define - - ... instead of the prefix-less version since WolfSSL 3.12 now uses an - enum with that name that causes build failures for us. - - Fixes #1865 - Closes #1867 - Reported-by: Gisle Vanem - -- travis: add c-ares enabled builds linux + osx - - Closes #1868 - -- HISTORY: added some recent items - -Jay Satiro (6 Sep 2017) -- SSL: fix unused parameter warnings - -Patrick Monnerat (6 Sep 2017) -- mime: drop internal FILE * support. - - - The part kind MIMEKIND_FILE and associated code are suppressed. - - Seek data origin offset not used anymore: suppressed. - - MIMEKIND_NAMEDFILE renamed MIMEKIND_FILE; associated fields/functions - renamed accordingly. - - Curl_getformdata() processes stdin via a callback. - -Daniel Stenberg (6 Sep 2017) -- configure: remove --enable-soname-bump and SONAME_BUMP - - Back in 2008, (and commit 3f3d6ebe665f3) we changed the logic in how we - determine the native type for `curl_off_t`. To really make sure we - didn't break ABI without bumping SONAME, we introduced logic that - attempted to detect that it would use a different size and thus not be - compatible. We also provided a manual switch that allowed users to tell - configure to bump SONAME by force. - - Today, we know of no one who ever got a SONAME bump auto-detected and we - don't know of anyone who's using the manual bump feature. The auto- - detection is also no longer working since we introduced defining - curl_off_t in system.h (7.55.0). - - Finally, this bumping logic is not present in the cmake build. - - Closes #1861 - -Jay Satiro (6 Sep 2017) -- [Gisle Vanem brought this change] - - vtls: select ssl backend case-insensitive (follow-up) - - - Do a case-insensitive comparison of CURL_SSL_BACKEND env as well. - - - Change Curl_strcasecompare calls to strcasecompare - (maps to the former but shorter). - - Follow-up to c290b8f. - - Bug: https://github.com/curl/curl/commit/c290b8f#commitcomment-24094313 - - Co-authored-by: Jay Satiro - -- openssl: Integrate Peter Wu's SSLKEYLOGFILE implementation - - This is an adaptation of 2 of Peter Wu's SSLKEYLOGFILE implementations. - - The first one, written for old OpenSSL versions: - https://git.lekensteyn.nl/peter/wireshark-notes/tree/src/sslkeylog.c - - The second one, written for BoringSSL and new OpenSSL versions: - https://github.com/curl/curl/pull/1346 - - Note the first one is GPL licensed but the author gave permission to - waive that license for libcurl. - - As of right now this feature is disabled by default, and does not have - a configure option to enable it. To enable this feature define - ENABLE_SSLKEYLOGFILE when building libcurl and set environment - variable SSLKEYLOGFILE to a pathname that will receive the keys. - - And in Wireshark change your preferences to point to that key file: - Edit > Preferences > Protocols > SSL > Master-Secret - - Co-authored-by: Peter Wu - - Ref: https://github.com/curl/curl/pull/1030 - Ref: https://github.com/curl/curl/pull/1346 - - Closes https://github.com/curl/curl/pull/1866 - -Patrick Monnerat (5 Sep 2017) -- mime: fix a trivial warning. - -- mime: replace 'struct Curl_mimepart' by 'curl_mimepart' in encoder code. - - mime_state is now a typedef. - -- mime: implement encoders. - - curl_mime_encoder() is operational and documented. - curl tool -F option is extended with ";encoder=". - curl tool --libcurl option generates calls to curl_mime_encoder(). - New encoder tests 648 & 649. - Test 1404 extended with an encoder specification. - -- runtests.pl: support attribute "nonewline" in part verify/upload. - -- [Daniel Stenberg brought this change] - - fixup data/test1135 - -- [Daniel Stenberg brought this change] - - mime: unified to use the typedef'd mime structs everywhere - - ... and slightly edited to follow our code style better. - -- [Daniel Stenberg brought this change] - - curl.h: use lower case curl_mime* as for all public symbols - -- [Daniel Stenberg brought this change] - - docs/curl_mime_*.3: use correct variable types in examples - -Kamil Dudka (5 Sep 2017) -- openssl: use OpenSSL's default ciphers by default - - Up2date versions of OpenSSL maintain the default reasonably secure - without breaking compatibility, so it is better not to override the - default by curl. Suggested at https://bugzilla.redhat.com/1483972 - - Closes #1846 - -Viktor Szakats (5 Sep 2017) -- examples/mime: minor example code fixes - -Daniel Stenberg (5 Sep 2017) -- docs/curl_mime_*.3: added examples - -- configure: add MultiSSL to FEATURES when enabled - - ...for curl-config and its corresponding test 1014 - -- http-proxy: treat all 2xx as CONNECT success - - Added test 1904 to verify. - - Reported-by: Lawrence Wagerfield - Fixes #1859 - Closes #1860 - -- MAIL-ETIQUETTE: added "1.9 Your emails are public" - -- curl.h: fix "unused checksrc ignore", remove dangling reference - - ... to a README file that doesn't exist anymore - -Viktor Szakats (4 Sep 2017) -- docs: Update to secure URL versions - -- mime: use CURL_ZERO_TERMINATED in examples - - and some minor whitespace fixes - -Daniel Stenberg (4 Sep 2017) -- schannel: return CURLE_SSL_CACERT on failed verification - - ... not *CACERT_BADFILE as it isn't really because of a bad file. - - Bug: https://curl.haxx.se/mail/lib-2017-09/0002.html - Closes #1858 - -- test1135: fixed after bd8070085f9 - -- examples/post-callback: stop returning one byte at a time - - ... since people copy and paste code from this example and thus they get - an inefficient POST operation without a good reason and sometimes - without understanding why. - - Instead this now returns as much data as possible. - -- RELEASE-NOTES: fixed the function counter script - -- curl.h: make the curl_strequal() protos use the same style - - ... as the other functions. Makes it easier to machine-parse! - -- docs: curl_mime_*.3 man page formatting edits - -- RELEASE-NOTES: synced with 1ab9e9b50 - -Patrick Monnerat (4 Sep 2017) -- lib: bump version info (soname). Adapt and reenable test 1135. - -Daniel Stenberg (3 Sep 2017) -- headers: move the global_sslset() proto from multi.h to curl.h - - As it was added to multi.h simply to not break test 1135, which now has - been disabled due to the mime API addition anyway and su we can now move - the sslset stuff to where the other curl_global_* prototypes are. - -Patrick Monnerat (3 Sep 2017) -- mime: fix signed/unsigned conversions. - - Use and generate CURL_ZERO_TERMINATED in curl tool and tests. - -Jay Satiro (3 Sep 2017) -- tool_formparse: fix some trivial warnings - -Patrick Monnerat (3 Sep 2017) -- mime: use size_t instead of ssize_t in public API interface. - - To support telling a string is nul-terminated, symbol CURL_ZERO_TERMINATED - has been introduced. - - Documentation updated accordingly. - - symbols in versions updated. Added form API symbols deprecation info. - -- mime: remove support "-" stdin pseudo-file name in curl_mime_filedata(). - - This feature is badly supported in Windows: as a replacement, a caller has - to use curl_mime_data_cb() with fread, fseek and possibly fclose - callbacks to process opened files. - - The cli tool and documentation are updated accordingly. - - The feature is however kept internally for form API compatibility, with - the known caveats it always had. - - As a side effect, stdin size is not determined by the cli tool even if - possible and this results in a chunked transfer encoding. Test 173 is - updated accordingly. - -- mime: fix some implicit curl_off_t --> size_t conversion warnings. - -- mime: tests and examples. - - Additional mime-specific tests. - Existing tests updated to reflect small differences (Expect: 100-continue, - data size change due to empty lines, etc). - Option -F headers= keyword added to tests. - test1135 disabled until the entry point order change is resolved. - New example smtp-mime. - Examples postit2 and multi-post converted from form API to mime API. - -- mime: use in curl cli tool instead of form API. - - Extended -F option syntax to support multipart mail messages. - -F keyword headers= added to include custom headers in parts. - Documentation upgraded. - -- mime: new MIME API. - - Available in HTTP, SMTP and IMAP. - Deprecates the FORM API. - See CURLOPT_MIMEPOST. - Lib code and associated documentation. - -- test564: Add a warning comment about shell profile output. - - Shell profile output makes the SSH server failing and this problem reason - is not easy to find when no hint is given. - -- checksrc: disable SPACEBEFOREPAREN for case statement. - - The case keyword may be followed by a constant expression and thus should - allow it to start with an open parenthesis. - -- runtests.pl: allow <file[1-4]> tags in client section. - - This enables tests to create more than one file on the client side. - -- runtests.pl: Apply strippart to upload too. - - This will allow substitution of boundaries in mail messages. - -- Curl_base64_encode: always call with a real data handle. - - Some calls in different modules were setting the data handle to NULL, causing - segmentation faults when using builds that enable character code conversions. - -- non-ascii: allow conversion functions to be called with a NULL data handle. - -- http: fix a memory leakage in checkrtspprefix(). - -Daniel Stenberg (2 Sep 2017) -- [Max Dymond brought this change] - - ossfuzz: Move to C++ for curl_fuzzer. - - Automake gets confused if you want to use C++ static libraries with C - code - basically we need to involve the clang++ linker. The easiest way - of achieving this is to rename the C code as C++ code. This gets us a - bit further along the path and ought to be compatible with Google's - version of clang. - -- curl_global_sslset: select backend by name case insensitively - - Closes #1849 - -- [Max Dymond brought this change] - - ossfuzz: additional seed corpora - - Create simple seed corpora for: - - FTP - - telnet - - dict - - tftp - - imap - - pop3 - - based off the tests of the same number. - - Closes #1842 - -- [Max Dymond brought this change] - - ossfuzz: moving towards the ideal integration - - - Start with the basic code from the ossfuzz project. - - Rewrite fuzz corpora to be binary files full of Type-Length-Value - data, and write a glue layer in the fuzzing function to convert - corpora into CURL options. - - Have supporting functions to generate corpora from existing tests - - Integrate with Makefile.am - -- strcase: corrected comment header for Curl_strcasecompare() - -- unit1301: fix error message on first test - -- curl_global_sslset.3: show the struct and enum too - - ... so that users can actually write code based on the man page alone, - not having to read the header file. - -Jay Satiro (31 Aug 2017) -- darwinssl: handle long strings in TLS certs (follow-up) - - - Fix handling certificate subjects that are already UTF-8 encoded. - - Follow-up to b3b75d1 from two days ago. Since then a copy would be - skipped if the subject was already UTF-8, possibly resulting in a NULL - deref later on. - - Ref: https://github.com/curl/curl/issues/1823 - Ref: https://github.com/curl/curl/pull/1831 - - Closes https://github.com/curl/curl/pull/1836 - -Daniel Stenberg (31 Aug 2017) -- cyassl: call it the "WolfSSL" backend - - ... instead of cyassl, as this is the current name for it. - - Closes #1844 - -- polarssl: fix multissl breakage - - Reported-by: Dan Fandrich - Bug: https://curl.haxx.se/mail/lib-2017-08/0121.html - Closes #1843 - -- configure: remove the leading comma from the backends list - - ... when darwinssl is used. - - Reported-by: Viktor Szakats - Bug: https://github.com/curl/curl/commit/b0989cd3abaff4f9a0717b4875022fa79e33b481#commitcomment-23943493 - - Closes #1845 - -Kamil Dudka (30 Aug 2017) -- examples/sslbackend.c: fix failure of 'make checksrc' - - ./sslbackend.c:58:3: warning: else after closing brace on same line (BRACEELSE) - } else if(isdigit(*name)) { - ^ - ./sslbackend.c:62:3: warning: else after closing brace on same line (BRACEELSE) - } else - ^ - -Viktor Szakats (30 Aug 2017) -- makefile.m32: add multissl support - - Closes https://github.com/curl/curl/pull/1840 - -Daniel Stenberg (30 Aug 2017) -- curl.h: CURLSSLBACKEND_WOLFSSL used wrong value - - The CURLSSLBACKEND_WOLFSSL is supposed to be an alias for - CURLSSLBACKEND_CYASSL, but used an erronous value. To reduce the risk - for a similar mistake, define the backend aliases to use the enum values - instead. - - Reported-by: Gisle Vanem - Bug: https://curl.haxx.se/mail/lib-2017-08/0120.html - -- curl_global_sslset.3: clarify - - it is a one time *set*, not necessarily a one time use... it can be - called again if the first call failed or just listed the alternatives. - - clarify that the available backends are the ones this build supports - - plus add some formatting - - Reported-by: Rich Gray - Bug: https://curl.haxx.se/mail/lib-2017-08/0119.html - -- curl/multi.h: remove duplicated closing c++ brace - - Regression since 1328f69d53f2f2e93 - - Fixes #1841 - Reported-by: Andrei Karas - -- RELEASE-NOTES: synced with 8c33c963a - -- HELP-US.md: spelling - -- HELP-US.md: "How to get started helping out in the curl project" - - Closes #1837 - -Dan Fandrich (29 Aug 2017) -- asyn-thread: Fixed cleanup after OOM - - destroy_async_data() assumes that if the flag "done" is not set yet, the - thread itself will clean up once the request is complete. But if an - error (generally OOM) occurs before the thread even has a chance to - start, it will never get a chance to clean up and memory will be leaked. - By clearing "done" only just before starting the thread, the correct - cleanup sequence will happen in all cases. - -Daniel Stenberg (28 Aug 2017) -- curl_global_init.3: mention curl_global_sslset(3) - -Dan Fandrich (28 Aug 2017) -- unit1606: Fixed shadowed variable warning - -- asyn-thread: Improved cleanup after OOM situations - -- asyn-thread: Set errno to the proper value ENOMEM in OOM situation - - This used to be set in some configurations to EAI_MEMORY which is not a - valid value for errno and caused Curl_strerror to fail an assertion. - -Daniel Stenberg (28 Aug 2017) -- [Johannes Schindelin brought this change] - - configure: Handle "MultiSSL" specially When versioning symbols - - There is a mode in which libcurl is compiled with versioned symbols, - depending on the active SSL backend. - - When multiple SSL backends are active, it does not make sense to favor - one over the others, so let's not: introduce a new prefix for the case - where multiple SSL backends are compiled into cURL. - - Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> - -- [Johannes Schindelin brought this change] - - configure: allow setting the default SSL backend - - Previously, we used as default SSL backend whatever was first in the - `available_backends` array. - - However, some users may want to override that default without patching - the source code. - - Now they can: with the --with-default-ssl-backend=<backend> option of - the ./configure script. - - Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> - -- [Johannes Schindelin brought this change] - - vtls: use Curl_ssl_multi pseudo backend only when needed - - When only one SSL backend is configured, it is totally unnecessary to - let multissl_init() configure the backend at runtime, we can select the - correct backend at build time already. - - Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> - -- [Johannes Schindelin brought this change] - - version: if built with more than one SSL backend, report all of them - - To discern the active one from the inactive ones, put the latter into - parentheses. - - Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> - -- [Johannes Schindelin brought this change] - - version: add the CURL_VERSION_MULTI_SSL feature flag - - This new feature flag reports When cURL was built with multiple SSL - backends. - - Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> - -- [Johannes Schindelin brought this change] - - metalink: allow compiling with multiple SSL backends - - Previously, the code assumed that at most one of the SSL backends would - be compiled in, emulating OpenSSL's functions if the configured backend - was not OpenSSL itself. - - However, now we allow building with multiple SSL backends and choosing - one at runtime. Therefore, metalink needs to be adjusted to handle this - scenario, too. - - Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> - -- [Johannes Schindelin brought this change] - - docs/examples: demonstrate how to select SSL backends - - The newly-introduced curl_global_sslset() function deserves to be - show-cased. - - Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> - -- [Johannes Schindelin brought this change] - - Add a man page for curl_global_sslset() - - Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> - -- [Johannes Schindelin brought this change] - - vtls: introduce curl_global_sslset() - - Let's add a compile time safe API to select an SSL backend. This - function needs to be called *before* curl_global_init(), and can be - called only once. - - Side note: we do not explicitly test that it is called before - curl_global_init(), but we do verify that it is not called multiple times - (even implicitly). - - If SSL is used before the function was called, it will use whatever the - CURL_SSL_BACKEND environment variable says (or default to the first - available SSL backend), and if a subsequent call to - curl_global_sslset() disagrees with the previous choice, it will fail - with CURLSSLSET_TOO_LATE. - - The function also accepts an "avail" parameter to point to a (read-only) - NULL-terminated list of available backends. This comes in real handy if - an application wants to let the user choose between whatever SSL backends - the currently available libcurl has to offer: simply call - - curl_global_sslset(-1, NULL, &avail); - - which will return CURLSSLSET_UNKNOWN_BACKEND and populate the avail - variable to point to the relevant information to present to the user. - - Just like with the HTTP/2 push functions, we have to add the function - declaration of curl_global_sslset() function to the header file - *multi.h* because VMS and OS/400 require a stable order of functions - declared in include/curl/*.h (where the header files are sorted - alphabetically). This looks a bit funny, but it cannot be helped. - - Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> - -- [Johannes Schindelin brought this change] - - vtls: refactor out essential information about the SSL backends - - There is information about the compiled-in SSL backends that is really - no concern of any code other than the SSL backend itself, such as which - function (if any) implements SHA-256 summing. - - And there is information that is really interesting to the user, such as - the name, or the curl_sslbackend value. - - Let's factor out the latter into a publicly visible struct. This - information will be used in the upcoming API to set the SSL backend - globally. - - Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> - -- [Johannes Schindelin brought this change] - - vtls: allow selecting which SSL backend to use at runtime - - When building software for the masses, it is sometimes not possible to - decide for all users which SSL backend is appropriate. - - Git for Windows, for example, uses cURL to perform clones, fetches and - pushes via HTTPS, and some users strongly prefer OpenSSL, while other - users really need to use Secure Channel because it offers - enterprise-ready tools to manage credentials via Windows' Credential - Store. - - The current Git for Windows versions use the ugly work-around of - building libcurl once with OpenSSL support and once with Secure Channel - support, and switching out the binaries in the installer depending on - the user's choice. - - Needless to say, this is a super ugly workaround that actually only - works in some cases: Git for Windows also comes in a portable form, and - in a form intended for third-party applications requiring Git - functionality, in which cases this "swap out libcurl-4.dll" simply is - not an option. - - Therefore, the Git for Windows project has a vested interest in teaching - cURL to make the SSL backend a *runtime* option. - - This patch makes that possible. - - By running ./configure with multiple --with-<backend> options, cURL will - be built with multiple backends. - - For the moment, the backend can be configured using the environment - variable CURL_SSL_BACKEND (valid values are e.g. "openssl" and - "schannel"). - - Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> - -- [Johannes Schindelin brought this change] - - vtls: fold the backend ID into the Curl_ssl structure - - Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> - -- [Johannes Schindelin brought this change] - - curl_ntlm_core: don't complain but #include OpenSSL header if needed - - Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> - -- [Johannes Schindelin brought this change] - - vtls: encapsulate SSL backend-specific data - - So far, all of the SSL backends' private data has been declared as - part of the ssl_connect_data struct, in one big #if .. #elif .. #endif - block. - - This can only work as long as the SSL backend is a compile-time option, - something we want to change in the next commits. - - Therefore, let's encapsulate the exact data needed by each SSL backend - into a private struct, and let's avoid bleeding any SSL backend-specific - information into urldata.h. This is also necessary to allow multiple SSL - backends to be compiled in at the same time, as e.g. OpenSSL's and - CyaSSL's headers cannot be included in the same .c file. - - To avoid too many malloc() calls, we simply append the private structs - to the connectdata struct in allocate_conn(). - - This requires us to take extra care of alignment issues: struct fields - often need to be aligned on certain boundaries e.g. 32-bit values need to - be stored at addresses that divide evenly by 4 (= 32 bit / 8 - bit-per-byte). - - We do that by assuming that no SSL backend's private data contains any - fields that need to be aligned on boundaries larger than `long long` - (typically 64-bit) would need. Under this assumption, we simply add a - dummy field of type `long long` to the `struct connectdata` struct. This - field will never be accessed but acts as a placeholder for the four - instances of ssl_backend_data instead. the size of each ssl_backend_data - struct is stored in the SSL backend-specific metadata, to allow - allocate_conn() to know how much extra space to allocate, and how to - initialize the ssl[sockindex]->backend and proxy_ssl[sockindex]->backend - pointers. - - This would appear to be a little complicated at first, but is really - necessary to encapsulate the private data of each SSL backend correctly. - And we need to encapsulate thusly if we ever want to allow selecting - CyaSSL and OpenSSL at runtime, as their headers cannot be included within - the same .c file (there are just too many conflicting definitions and - declarations for that). - - Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> - -- [Johannes Schindelin brought this change] - - vtls: prepare the SSL backends for encapsulated private data - - At the moment, cURL's SSL backend needs to be configured at build time. - As such, it is totally okay for them to hard-code their backend-specific - data in the ssl_connect_data struct. - - In preparation for making the SSL backend a runtime option, let's make - the access of said private data a bit more abstract so that it can be - adjusted later in an easy manner. - - Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> - -- [Johannes Schindelin brought this change] - - urldata.h: move SSPI-specific #include to correct location - - In 86b889485 (sasl_gssapi: Added GSS-API based Kerberos V5 variables, - 2014-12-03), an SSPI-specific field was added to the kerberos5data - struct without moving the #include "curl_sspi.h" later in the same file. - - This broke the build when SSPI was enabled, unless Secure Channel was - used as SSL backend, because it just so happens that Secure Channel also - requires "curl_sspi.h" to be #included. - - In f4739f639 (urldata: include curl_sspi.h when Windows SSPI is enabled, - 2017-02-21), this bug was fixed incorrectly: Instead of moving the - appropriate conditional #include, the Secure Channel-conditional part - was now also SSPI-conditional. - - Fix this problem by moving the correct #include instead. - - This is also required for an upcoming patch that moves all the Secure - Channel-specific stuff out of urldata.h and encapsulates it properly in - vtls/schannel.c instead. - - Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> - -- [Johannes Schindelin brought this change] - - urldata.h: remove support for obsolete PolarSSL version - - Since 5017d5ada (polarssl: now require 1.3.0+, 2014-03-17), we require - a newer PolarSSL version. No need to keep code trying to support any - older version. - - Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> - -- [Johannes Schindelin brought this change] - - getinfo: access SSL internals via Curl_ssl - - In the ongoing endeavor to abstract out all SSL backend-specific - functionality, this is the next step: Instead of hard-coding how the - different SSL backends access their internal data in getinfo.c, let's - implement backend-specific functions to do that task. - - This will also allow for switching SSL backends as a runtime option. - - Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> - -- [Johannes Schindelin brought this change] - - vtls: move SSL backends' private constants out of their header files - - Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> - -- [Johannes Schindelin brought this change] - - axtls: use Curl_none_* versions of init() and cleanup() - - There are convenient no-op versions of the init/cleanup functions now, - no need to define private ones for axTLS. - - Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> - -- [Johannes Schindelin brought this change] - - vtls: remove obsolete declarations of SSL backend functionality - - These functions are all available via the Curl_ssl struct now, no need - to declare them separately anymore. - - As the global declarations are removed, the corresponding function - definitions are marked as file-local. The only two exceptions here are - Curl_mbedtls_shutdown() and Curl_polarssl_shutdown(): only the - declarations were removed, there are no function definitions to mark - file-local. - - Please note that Curl_nss_force_init() is *still* declared globally, as - the only SSL backend-specific function, because it was introduced - specifically for the use case where cURL was compiled with - `--without-ssl --with-nss`. For details, see f3b77e561 (http_ntlm: add - support for NSS, 2010-06-27). - - Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> - -- [Johannes Schindelin brought this change] - - schannel: reorder functions topologically - - The _shutdown() function calls the _session_free() function; While this - is not a problem now (because schannel.h declares both functions), a - patch looming in the immediate future with make all of these functions - file-local. - - So let's just move the _session_free() function's definition before it - is called. - - Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> - -- [Johannes Schindelin brought this change] - - axtls: reorder functions topologically - - The connect_finish() function (like many other functions after it) calls - the Curl_axtls_close() function; While this is not a problem now - (because axtls.h declares the latter function), a patch looming in the - immediate future with make all of these functions file-local. - - So let's just move the Curl_axtls_close() function's definition before - it is called. - - Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> - -- [Johannes Schindelin brought this change] - - vtls: move the SUPPORT_HTTPS_PROXY flag into the Curl_ssl struct - - That will allow us to choose the SSL backend at runtime. - - Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> - -- [Johannes Schindelin brought this change] - - vtls: convert the have_curlssl_* constants to runtime flags - - The entire idea of introducing the Curl_ssl struct to describe SSL - backends is to prepare for choosing the SSL backend at runtime. - - To that end, convert all the #ifdef have_curlssl_* style conditionals - to use bit flags instead. - - Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> - -- [Johannes Schindelin brought this change] - - vtls: move sha256sum into the Curl_ssl struct - - The SHA-256 checksumming is also an SSL backend-specific function. - Let's include it in the struct declaring the functionality of SSL - backends. - - In contrast to MD5, there is no fall-back code. To indicate this, the - respective entries are NULL for those backends that offer no support for - SHA-256 checksumming. - - Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> - -- [Johannes Schindelin brought this change] - - vtls: move md5sum into the Curl_ssl struct - - The MD5 summing is also an SSL backend-specific function. So let's - include it, offering the previous fall-back code as a separate function - now: Curl_none_md5sum(). To allow for that, the signature had to be - changed so that an error could be returned from the implementation - (Curl_none_md5sum() can run out of memory). - - Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> - -- [Johannes Schindelin brought this change] - - vtls: use the Curl_ssl struct to access all SSL backends' functionality - - This is the first step to unify the SSL backend handling. Now all the - SSL backend-specific functionality is accessed via a global instance of - the Curl_ssl struct. - - Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> - -- [Johannes Schindelin brought this change] - - vtls: declare Curl_ssl structs for every SSL backend - - The idea of introducing the Curl_ssl struct was to unify how the SSL - backends are declared and called. To this end, we now provide an - instance of the Curl_ssl struct for each and every SSL backend. - - Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> - -- [Johannes Schindelin brought this change] - - vtls: introduce a new struct for SSL backends - - This new struct is similar in nature to Curl_handler: it will define the - functions and capabilities of all the SSL backends (where Curl_handler - defines the functions and capabilities of protocol handlers). - - Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> - -- [Johannes Schindelin brought this change] - - vtls: make sure every _sha256sum()'s first arg is const - - This patch makes the signature of the _sha256sum() functions consistent - among the SSL backends, in preparation for unifying the way all SSL - backends are accessed. - - Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> - -- [Johannes Schindelin brought this change] - - vtls: make sure all _data_pending() functions return bool - - This patch makes the signature of the _data_pending() functions - consistent among the SSL backends, in preparation for unifying the way - all SSL backends are accessed. - - Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> - -- [Johannes Schindelin brought this change] - - vtls: make sure all _cleanup() functions return void - - This patch makes the signature of the _cleanup() functions consistent - among the SSL backends, in preparation for unifying the way all SSL - backends are accessed. - - Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> - -- [Johannes Schindelin brought this change] - - vtls: use consistent signature for _random() implementations - - This will make the upcoming multissl backend much easier to implement. - - Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> - -- strtooff: fix build for systems with long long but no strtoll option - - Closes #1829 - - Reported-by: Dan Fandrich - Bug: https://github.com/curl/curl/pull/1758#issuecomment-324861615 - -- darwinssl: handle long strings in TLS certs - - ... as the previous fixed length 128 bytes buffer was sometimes too - small. - - Fixes #1823 - Closes #1831 - - Reported-by: Benjamin Sergeant - Assisted-by: Bill Pyne, Ray Satiro, Nick Zitzmann - -- system.h: include sys/poll.h for AIX - - ... to get the event/revent defines that might be used for the poll - struct. - - Reported-by: Michael Smith - Fixes #1828 - Closes #1833 - -Dan Fandrich (26 Aug 2017) -- tests: Make sure libtests & unittests call curl_global_cleanup() - - These were missed in commit c468c27b. - -Jay Satiro (26 Aug 2017) -- [theantigod brought this change] - - winbuild: fix embedded manifest option - - Embedded manifest option didn't work due to incorrect path. - - Fixes https://github.com/curl/curl/issues/1832 - -Daniel Stenberg (25 Aug 2017) -- fuzz/Makefile.am: remove curlbuild.h leftovers - -- examples/threaded-ssl: mention that this is for openssl before 1.1 - -- imap: use defined names for response codes - - When working on this code I found the previous setup a bit weird while - using proper defines increases readability. - - Closes #1824 - -- CURLOPT_USERPWD.3: see also CURLOPT_PROXYUSERPWD - -- imap: support PREAUTH - - It is a defined possible greeting at server startup that means the - connection is already authenticated. See - https://tools.ietf.org/html/rfc3501#section-7.1.4 - - Test 846 added to verify. - - Fixes #1818 - Closes #1820 - -Jay Satiro (23 Aug 2017) -- config-tpf: define SIZEOF_LONG - - Recent changes that replaced CURL_SIZEOF_LONG in the source with - SIZEOF_LONG broke builds that use the premade configuration files and - don't have SIZEOF_LONG defined. - - Bug: https://github.com/curl/curl/issues/1816 - -Dan Fandrich (23 Aug 2017) -- test1453: Fixed <features> - -Daniel Stenberg (22 Aug 2017) -- [Gisle Vanem brought this change] - - config-dos: add missing defines, SIZEOF_* and two others - - Bug: #1816 - -- curl: shorten and clean up CA cert verification error message - - The previous message was just too long for ordinary people and it was - encouraging users to use `--insecure` a little too easy. - - Based-on-work-by: Frank Denis - - Closes #1810 - Closes #1817 - -- request-target.d: mention added in 7.55.0 - -Marcel Raad (22 Aug 2017) -- tool_main: turn off MinGW CRT's globbing - - By default, the MinGW CRT globs command-line arguments. This prevents - getting a single asterisk into an argument as test 1299 does. Turn off - globbing by setting the global variable _CRT_glob to 0 for MinGW. - - Fixes https://github.com/curl/curl/issues/1751 - Closes https://github.com/curl/curl/pull/1813 - -Viktor Szakats (22 Aug 2017) -- makefile.m32: add support for libidn2 - - libidn was replaced with libidn2 last year in configure. - Caveat: libidn2 may depend on a list of further libs. - These can be manually specified via CURL_LDFLAG_EXTRAS. - - Closes https://github.com/curl/curl/pull/1815 - -Jay Satiro (22 Aug 2017) -- [Viktor Szakats brought this change] - - config-win32: define SIZEOF_LONG - - Recent changes that replaced CURL_SIZEOF_LONG in the source with - SIZEOF_LONG broke builds that use the premade configuration files and - don't have SIZEOF_LONG defined. - - Closes https://github.com/curl/curl/pull/1814 - -Daniel Stenberg (20 Aug 2017) -- cmake: enable picky compiler options with clang and gcc - - closes #1799 - -- curl/system.h: fix build for hppa - - Reported-by: John David Anglin - Bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872502#10 - -- [Even Rouault brought this change] - - tftp: fix memory leak on too long filename - - Fixes - - $ valgrind --leak-check=full ~/install-curl-git/bin/curl tftp://localhost/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaz - - ==9752== Memcheck, a memory error detector - ==9752== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al. - ==9752== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info - ==9752== Command: /home/even/install-curl-git/bin/curl tftp://localhost/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaz - ==9752== - curl: (71) TFTP file name too long - - ==9752== - ==9752== HEAP SUMMARY: - ==9752== 505 bytes in 1 blocks are definitely lost in loss record 11 of 11 - ==9752== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) - ==9752== by 0x4E61CED: Curl_urldecode (in /home/even/install-curl-git/lib/libcurl.so.4.4.0) - ==9752== by 0x4E75868: tftp_state_machine (in /home/even/install-curl-git/lib/libcurl.so.4.4.0) - ==9752== by 0x4E761B6: tftp_do (in /home/even/install-curl-git/lib/libcurl.so.4.4.0) - ==9752== by 0x4E711B6: multi_runsingle (in /home/even/install-curl-git/lib/libcurl.so.4.4.0) - ==9752== by 0x4E71D00: curl_multi_perform (in /home/even/install-curl-git/lib/libcurl.so.4.4.0) - ==9752== by 0x4E6950D: curl_easy_perform (in /home/even/install-curl-git/lib/libcurl.so.4.4.0) - ==9752== by 0x40E0B7: operate_do (in /home/even/install-curl-git/bin/curl) - ==9752== by 0x40E849: operate (in /home/even/install-curl-git/bin/curl) - ==9752== by 0x402693: main (in /home/even/install-curl-git/bin/curl) - - Fixes https://oss-fuzz.com/v2/testcase-detail/5232311106797568 - Credit to OSS Fuzz - - Closes #1808 - -Dan Fandrich (19 Aug 2017) -- runtests: fixed case insensitive matching of keywords - - Commit 5c2aac71 didn't work in the case of mixed-case keywords given on - the command-line. - -- tests: Make sure libtests call curl_global_cleanup() - - This ensures that global data allocations are freed so Valgrind stays - happy. This was a problem with at least PolarSSL and mbedTLS. - -Daniel Stenberg (18 Aug 2017) -- RELEASE-NOTES: synced with 8baead425 - -- scripts/contri*sh: use "git log --use-mailmap" - -- mailmap: de-duplify some git authors - -- http2_recv: return error better on fatal h2 errors - - Ref #1012 - Figured-out-by: Tatsuhiro Tsujikawa - -- KNOWN_BUGS: HTTP test server 'connection-monitor' problems - - Closes #868 - -- curl/system.h: check for __ppc__ as well - - ... regression since issue #1774 (commit 10b3df10596a) since obviously - some older gcc doesn't know __powerpc__ while some newer doesn't know - __ppc__ ... - - Fixes #1797 - Closes #1798 - Reported-by: Ryan Schmidt - -- [Jan Alexander Steffens (heftig) brought this change] - - http: Don't wait on CONNECT when there is no proxy - - Since curl 7.55.0, NetworkManager almost always failed its connectivity - check by timeout. I bisected this to 5113ad04 (http-proxy: do the HTTP - CONNECT process entirely non-blocking). - - This patch replaces !Curl_connect_complete with Curl_connect_ongoing, - which returns false if the CONNECT state was left uninitialized and lets - the connection continue. - - Closes #1803 - Fixes #1804 - - Also-fixed-by: Gergely Nagy - -- [Johannes Schindelin brought this change] - - metalink: adjust source code style - - Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> - -- CURL_SIZEOF_LONG: removed, use only SIZEOF_LONG - -- lib557: no longer use CURL_SIZEOF_* defines - -- config-win32: define SIZEOF_CURL_OFF_T - -- cmake: sizeof curl_off_t, remove unused detections - -- system.h: remove all CURL_SIZEOF_* defines - - ... as they're not used externally and internally we check for the sizes - already in configure etc. - - Closes #1767 - -- ftp: fix CWD when doing multicwd then nocwd on same connection - - Fixes #1782 - Closes #1787 - Reported-by: Peter Lamare - -- CURLOPT_SSH_COMPRESSION.3: enable with 1L - - (leaves other values reserved for the future) - -- compressed-ssh.d: "Added: 7.56.0" - -- curl/system.h: checksrc compliance - -Jay Satiro (17 Aug 2017) -- [Viktor Szakats brought this change] - - ssh: add the ability to enable compression (for SCP/SFTP) - - The required low-level logic was already available as part of - `libssh2` (via `LIBSSH2_FLAG_COMPRESS` `libssh2_session_flag()`[1] - option.) - - This patch adds the new `libcurl` option `CURLOPT_SSH_COMPRESSION` - (boolean) and the new `curl` command-line option `--compressed-ssh` - to request this `libssh2` feature. To have compression enabled, it - is required that the SSH server supports a (zlib) compatible - compression method and that `libssh2` was built with `zlib` support - enabled. - - [1] https://www.libssh2.org/libssh2_session_flag.html - - Ref: https://github.com/curl/curl/issues/1732 - Closes https://github.com/curl/curl/pull/1735 - -- examples/ftpuploadresume: checksrc compliance - -- [Maksim Stsepanenka brought this change] - - http_proxy: fix build error for CURL_DOES_CONVERSIONS - - Closes https://github.com/curl/curl/pull/1793 - -GitHub (16 Aug 2017) -- [Nick Zitzmann brought this change] - - configure: check for __builtin_available() availability (#1788) - - This change does two things: - 1. It un-breaks the build in Xcode 9.0. (Xcode 9.0 is currently - failing trying to compile connectx() in lib/connect.c.) - 2. It finally weak-links the connectx() function, and falls back on - connect() when run on older operating systems. - -Daniel Stenberg (16 Aug 2017) -- travis: add metalink to some osx builds - - Closes #1790 - -- [Max Dymond brought this change] - - coverage: Use two coveralls commands to get lib/vtls results - - closes #1747 - -- darwinssi: fix error: variable length array used - -- m4/curl-compilers.m4: use proper quotes around string, not backticks - - ... when setting clang version to assume 3.7 - - Caused a lot of "integer expression expected" warnings by configure. - -- [Benbuck Nason brought this change] - - cmake: remove dead code for DISABLED_THREADSAFE - - Closes #1786 - -Jay Satiro (15 Aug 2017) -- [Jakub Zakrzewski brought this change] - - curl-confopts.m4: fix --disable-threaded-resolver - - Closes https://github.com/curl/curl/issues/1784 - -Daniel Stenberg (15 Aug 2017) -- [Ryan Winograd brought this change] - - progress: Track total times following redirects - - Update the progress timers `t_nslookup`, `t_connect`, `t_appconnect`, - `t_pretransfer`, and `t_starttransfer` to track the total times for - these activities when a redirect is followed. Previously, only the times - for the most recent request would be tracked. - - Related changes: - - - Rename `Curl_pgrsResetTimesSizes` to `Curl_pgrsResetTransferSizes` - now that the function only resets transfer sizes and no longer - modifies any of the progress timers. - - - Add a bool to the `Progress` struct that is used to prevent - double-counting `t_starttransfer` times. - - Added test case 1399. - - Fixes #522 and Known Bug 1.8 - Closes #1602 - Reported-by: joshhe on github - -- [Benbuck Nason brought this change] - - cmake: remove dead code for CURL_DISABLE_RTMP - - Closes #1785 - -Kamil Dudka (15 Aug 2017) -- zsh.pl: produce a working completion script again - - Commit curl-7_54_0-118-g8b2f22e changed the output format of curl --help - to use <file> and <dir> instead of FILE and DIR, which caused zsh.pl to - produce a broken completion script: - - % curl --<TAB> - _curl:10: no such file or directory: seconds - - Closes #1779 - -Daniel Stenberg (15 Aug 2017) -- curlver: toward 7.56.0? - -- RELEASE-NOTES: synced with 91c46dc44 - -- test1449: FTP download range with an too large size - -- strtoofft: reduce integer overflow risks globally - - ... make sure we bail out on overflows. - - Reported-by: Brian Carpenter - Closes #1758 - -- travis: build the examples too - - to make sure they keep building warning-free - - Closes #1777 - -- runtests: match keywords case insensitively - -- examples/ftpuploadresume.c: use portable code - - ... converted from the MS specific _snscanf() - -Version 7.55.1 (13 Aug 2017) - -Daniel Stenberg (13 Aug 2017) -- RELEASE-NOTES/THANKS: curl 7.55.1 release time - -- gitignore: ignore .xz now instead of .lzma - -- [Sergei Nikulov brought this change] - - cmake: Threads detection update. ref: #1702 - - Closes #1719 - -- ipv6_scope: support unique local addresses - - Fixes #1764 - Closes #1773 - Reported-by: James Slaughter - -- [Alex Potapenko brought this change] - - curl/system.h: GCC doesn't define __ppc__ on PowerPC, uses __powerpc__ - - Closes #1774 - -- test1448: verify redirect to IDN using URL - - Closes #1772 - -- [Salah-Eddin Shaban brought this change] - - redirect: skip URL encoding for host names - - This fixes redirects to IDN URLs - - Fixes #1441 - Closes #1762 - Reported by: David Lord - -- test2032: mark as flaky (again) - -- travis: test cmake build on tarball too - - Could've prevented #1755 - -- [Simon Warta brought this change] - - cmake: allow user to override CMAKE_DEBUG_POSTFIX - - Closes #1763 - -- connect-to.d: better language - -- connect-to.d: clarified - -- bagder/Curl_tvdiff_us: fix the math - - Regression since adef394ac5 (released in 7.55.0) - - Reported-by: Han Qiao - Fixes #1769 - Closes #1771 - -- curl/system.h: add Oracle Solaris Studio - - Fixes #1752 - -- [Alessandro Ghedini brought this change] - - docs: fix typo funtion -> function - - Closes #1770 - -Alessandro Ghedini (12 Aug 2017) -- docs: fix grammar in CURL_SSLVERSION_MAX_DEFAULT description - -- docs: fix typo stuct -> struct - -Dan Fandrich (12 Aug 2017) -- test1447: require a curl with http support - -Daniel Stenberg (11 Aug 2017) -- [Thomas Petazzoni brought this change] - - curl/system.h: support more architectures - - The long list of architectures in include/curl/system.h is annoying to - maintain, and needs to be extended for each and every architecture to - support. - - Instead, let's rely on the __SIZEOF_LONG__ define of the gcc compiler - (we are in the GNUC condition anyway), which tells us if long is 4 - bytes or 8 bytes. - - This fixes the build of libcurl 7.55.0 on architectures such as - OpenRISC or ARC. - - Closes #1766 - - Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> - -- test2033: this went flaky again - - Suspicion: when we enabled the threaded resolver by default. - -- test1447: verifies the parse proxy fix in 6e0e152ce5c - -- [Even Rouault brought this change] - - parse_proxy(): fix memory leak in case of invalid proxy server name - - Fixes the below leak: - - $ valgrind --leak-check=full ~/install-curl-git/bin/curl --proxy "http://a:b@/x" http://127.0.0.1 - curl: (5) Couldn't resolve proxy name - ==5048== - ==5048== HEAP SUMMARY: - ==5048== in use at exit: 532 bytes in 12 blocks - ==5048== total heap usage: 5,288 allocs, 5,276 frees, 445,271 bytes allocated - ==5048== - ==5048== 2 bytes in 1 blocks are definitely lost in loss record 1 of 12 - ==5048== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) - ==5048== by 0x4E6CB79: parse_login_details (url.c:5614) - ==5048== by 0x4E6BA82: parse_proxy (url.c:5091) - ==5048== by 0x4E6C46D: create_conn_helper_init_proxy (url.c:5346) - ==5048== by 0x4E6EA18: create_conn (url.c:6498) - ==5048== by 0x4E6F9B4: Curl_connect (url.c:6967) - ==5048== by 0x4E86D05: multi_runsingle (multi.c:1436) - ==5048== by 0x4E88432: curl_multi_perform (multi.c:2160) - ==5048== by 0x4E7C515: easy_transfer (easy.c:708) - ==5048== by 0x4E7C74A: easy_perform (easy.c:794) - ==5048== by 0x4E7C7B1: curl_easy_perform (easy.c:813) - ==5048== by 0x414025: operate_do (tool_operate.c:1563) - ==5048== - ==5048== 2 bytes in 1 blocks are definitely lost in loss record 2 of 12 - ==5048== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) - ==5048== by 0x4E6CBB6: parse_login_details (url.c:5621) - ==5048== by 0x4E6BA82: parse_proxy (url.c:5091) - ==5048== by 0x4E6C46D: create_conn_helper_init_proxy (url.c:5346) - ==5048== by 0x4E6EA18: create_conn (url.c:6498) - ==5048== by 0x4E6F9B4: Curl_connect (url.c:6967) - ==5048== by 0x4E86D05: multi_runsingle (multi.c:1436) - ==5048== by 0x4E88432: curl_multi_perform (multi.c:2160) - ==5048== by 0x4E7C515: easy_transfer (easy.c:708) - ==5048== by 0x4E7C74A: easy_perform (easy.c:794) - ==5048== by 0x4E7C7B1: curl_easy_perform (easy.c:813) - ==5048== by 0x414025: operate_do (tool_operate.c:1563) - - Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2984 - Credit to OSS Fuzz for discovery - - Closes #1761 - -- RELEASE-NOTES: synced with 37f2195a9 - -- curlver: bump to 7.55.1 - -- openssl: fix "error: this statement may fall through" - - A gcc7 warning. - -- [David Benjamin brought this change] - - openssl: remove CONST_ASN1_BIT_STRING. - - Just making the pointer as const works for the pre-1.1.0 path too. - - Closes #1759 - -- maketgz: remove old *.dist files before making the tarball - - To avoid "old crap" unintentionally getting shipped. - - Bug: https://curl.haxx.se/mail/lib-2017-08/0050.html - Reported-by: Christian Weisgerber - -Jay Satiro (10 Aug 2017) -- mkhelp.pl: allow executing this script directly - - - Enable execute permission (chmod +x) - - - Change interpreter to /usr/bin/env perl - - Ref: https://github.com/curl/curl/issues/1743 - -Daniel Stenberg (10 Aug 2017) -- configure: use the threaded resolver backend by default if possible - - Closes #1647 - -- cmake: move cmake_uninstall.cmake to CMake/ - - Closes #1756 - -- metalink: fix error: ‘*’ in boolean context, suggest ‘&&’ instead - -- dist: fix the cmake build by shipping cmake_uninstall.cmake.in too - - Fixes #1755 - -- travis: verify "make install" - - Help-by: Jay Satiro - Closes #1753 - -Marcel Raad (10 Aug 2017) -- build: check out *.sln files with Windows line endings - - Visual Studio doesn't like LF line endings in solution files and always - converts them to CRLF when doing changes to the solution. Notably, this - affects the solutions in the release archive. - - Closes https://github.com/curl/curl/pull/1746 - -- gitignore: ignore top-level .vs folder - - This folder is generated when using the CMake build system from within - Visual Studio. - - Closes https://github.com/curl/curl/pull/1746 - -Jay Satiro (10 Aug 2017) -- digest_sspi: Don't reuse context if the user/passwd has changed - - Bug: https://github.com/curl/curl/issues/1685 - Reported-by: paulharris@users.noreply.github.com - - Assisted-by: Isaac Boukris - - Closes https://github.com/curl/curl/pull/1742 - -Daniel Stenberg (9 Aug 2017) -- [Adam Sampson brought this change] - - dist: Add dictserver.py/negtelnetserver.py to EXTRA_DIST - - These weren't included in the 7.55.0 release, but are required in order - to run the full test suite. - - Closes #1744 - -- [Adam Sampson brought this change] - - curl: do bounds check using a double comparison - - The fix for this in 8661a0aacc01492e0436275ff36a21734f2541bb wasn't - complete: if the parsed number in num is larger than will fit in a long, - the conversion is undefined behaviour (causing test1427 to fail for me - on IA32 with GCC 7.1, although it passes on AMD64 and ARMv7). Getting - rid of the cast means the comparison will be done using doubles. - - It might make more sense for the max argument to also be a double... - - Fixes #1750 - Closes #1749 - -- make install: add 8 missing man pages to the installation - -- build: fix 'make install' with configure, install docs/libcurl/* too - - Broken since d24838d4da9faa - - Reported-by: Bernard Spil - -Version 7.55.0 (9 Aug 2017) - -Daniel Stenberg (9 Aug 2017) -- RELEASE-NOTES: curl 7.55.0 - -- THANKS: 20 new contributors in 7.55.0 - -- [Viktor Szakats brought this change] - - docs/comments: Update to secure URL versions - - Closes #1741 - -- configure: fix recv/send/select detection on Android - - ... since they now provide several functions as - __attribute__((overloadable)), the argument detection logic need - updates. - - Patched-by: destman at github - - Fixes #1738 - Closes #1739 - -Marcel Raad (8 Aug 2017) -- ax_code_coverage.m4: update to latest version - - This updates the script to aad5ad5fedb306b39f901a899b7bd305b66c418d - from August 01, 2017. Notably, this removes the lconv version whitelist. - - Closes https://github.com/curl/curl/pull/1716 - -Daniel Stenberg (7 Aug 2017) -- test1427: verify command line parser integer overflow detection - -- curl: detect and bail out early on parameter integer overflows - - Make the number parser aware of the maximum limit curl accepts for a - value and return an error immediately if larger, instead of running an - integer overflow later. - - Fixes #1730 - Closes #1736 - -- glob: do not continue parsing after a strtoul() overflow range - - Added test 1289 to verify. - - CVE-2017-1000101 - - Bug: https://curl.haxx.se/docs/adv_20170809A.html - Reported-by: Brian Carpenter - -- tftp: reject file name lengths that don't fit - - ... and thereby avoid telling send() to send off more bytes than the - size of the buffer! - - CVE-2017-1000100 - - Bug: https://curl.haxx.se/docs/adv_20170809B.html - Reported-by: Even Rouault - - Credit to OSS-Fuzz for the discovery - -- [Even Rouault brought this change] - - file: output the correct buffer to the user - - Regression brought by 7c312f84ea930d8 (April 2017) - - CVE-2017-1000099 - - Bug: https://curl.haxx.se/docs/adv_20170809C.html - - Credit to OSS-Fuzz for the discovery - -- easy_events: make event data static - - First: this function is only used in debug-builds and not in - release/real builds. It is used to drive tests using the event-based - API. - - A pointer to the local struct is passed to CURLMOPT_TIMERDATA, but the - CURLMOPT_TIMERFUNCTION calback can in fact be called even after this - funtion returns, namely when curl_multi_remove_handle() is called. - - Reported-by: Brian Carpenter - -- getparameter: avoid returning uninitialized 'usedarg' - - Fixes #1728 - -Marcel Raad (5 Aug 2017) -- [Isaac Boukris brought this change] - - gssapi: fix memory leak of output token in multi round context - - When multiple rounds are needed to establish a security context - (usually ntlm), we overwrite old token with a new one without free. - Found by proposed gss tests using stub a gss implementation (by - valgrind error), though I have confirmed the leak with a real - gssapi implementation as well. - - Closes https://github.com/curl/curl/pull/1733 - -- darwinssl: fix compiler warning - - clang complains: - vtls/darwinssl.c:40:8: error: extra tokens at end of #endif directive - [-Werror,-Wextra-tokens] - - This breaks the darwinssl build on Travis. Fix it by making this token - a comment. - - Closes https://github.com/curl/curl/pull/1734 - -- CMake: fix CURL_WERROR for MSVC - - When using CURL_WERROR in MSVC builds, the debug flags were overridden - by the release flags and /WX got added twice in debug mode. - - Closes https://github.com/curl/curl/pull/1715 - -Daniel Stenberg (4 Aug 2017) -- RELEASE-NOTES: synced with 561e9217c - -- test1010: verify that #1718 is fixed - - ... by doing two transfers in nocwd mode and check that there's no - superfluous CWD command. - -- FTP: skip unnecessary CWD when in nocwd mode - - ... when reusing a connection. If it didn't do any CWD previously. - - Fixes #1718 - -Marcel Raad (4 Aug 2017) -- travis: explicitly specify dist - - This makes the builds more reproducible as travis is currently rolling - out trusty as default dist [1]. Specifically, this avoids coverage - check failures when trusty is used as seen in [2] until we figure out - what's wrong. - - [1] https://blog.travis-ci.com/2017-07-11-trusty-as-default-linux-is-coming - [2] https://github.com/curl/curl/pull/1692 - - Closes https://github.com/curl/curl/pull/1725 - -Daniel Stenberg (4 Aug 2017) -- travis: BUILD_TYPE => T - - (to make the full line appear nicer on travis web UI) - -- travis: add osx build with darwinssl - - Closes #1706 - -- darwin: silence compiler warnings - - With a clang pragma and three type fixes - - Fixes #1722 - -- BUILD.WINDOWS: mention buildconf.bat for builds off git - -- darwinssl: fix curlssl_sha256sum() compiler warnings on first argument - -- test130: verify comments in .netrc - -- [Gisle Vanem brought this change] - - netrc: skip lines starting with '#' - - Bug: https://curl.haxx.se/mail/lib-2017-08/0008.html - -Marcel Raad (3 Aug 2017) -- CMake: set MSVC warning level to 4 - - The MSVC warning level defaults to 3 in CMake. Change it to 4, which is - consistent with the Visual Studio and NMake builds. Disable level 4 - warning C4127 for the library and additionally C4306 for the test - servers to get a clean CURL_WERROR build as that warning is raised in - some macros in older Visual Studio versions. - - Ref: https://github.com/curl/curl/pull/1667#issuecomment-314082794 - Closes https://github.com/curl/curl/pull/1711 - -Daniel Stenberg (2 Aug 2017) -- CURLOPT_NETRC.3: fix typo in 7e48aa386156f9c2 - - Reported-by: Viktor Szakats - -- CURLOPT_NETRC.3: mention the file name on windows - - ... and CURLOPT_NETRC_FILE(3). - -- travis: build osx with libressl too - -- travis: build osx with openssl too - -- tests/server/util: fix curltime mistake from 4dee50b9c80f9 - -Marcel Raad (1 Aug 2017) -- curl_threads: fix MSVC compiler warning - - Use LongToHandle to convert from long to HANDLE in the Win32 - implementation. - This should fix the following warning when compiling with - MSVC 11 (2012) in 64-bit mode: - lib\curl_threads.c(113): warning C4306: - 'type cast' : conversion from 'long' to 'HANDLE' of greater size - - Closes https://github.com/curl/curl/pull/1717 - -Daniel Stenberg (1 Aug 2017) -- BUGS: improved phrasing about security bugs - - Reported-by: Max Dymond - -- BUGS: clarify how to report security related bugs - -- [Brad Spencer brought this change] - - multi: fix request timer management - - There are some bugs in how timers are managed for a single easy handle - that causes the wrong "next timeout" value to be reported to the - application when a new minimum needs to be recomputed and that new - minimum should be an existing timer that isn't currently set for the - easy handle. When the application drives a set of easy handles via the - `curl_multi_socket_action()` API (for example), it gets told to wait the - wrong amount of time before the next call, which causes requests to - linger for a long time (or, it is my guess, possibly forever). - - Bug: https://curl.haxx.se/mail/lib-2017-07/0033.html - -Jay Satiro (1 Aug 2017) -- curl_setup: Define CURL_NO_OLDIES for building libcurl - - .. to catch accidental use of deprecated error codes. - - Ref: https://github.com/curl/curl/issues/1688#issuecomment-316764237 - -Daniel Stenberg (1 Aug 2017) -- [Jeremy Tan brought this change] - - configure: fix the check for IdnToUnicode - - Fixes #1669 - Closes #1713 - -- http: fix response code parser to avoid integer overflow - - test 1429 and 1433 were updated to work with the stricter HTTP status line - parser. - - Closes #1714 - Reported-by: Brian Carpenter - -Jay Satiro (31 Jul 2017) -- [Dwarakanath Yadavalli brought this change] - - libcurl: Stop using error codes defined under CURL_NO_OLDIES - - Fixes https://github.com/curl/curl/issues/1688 - Closes https://github.com/curl/curl/pull/1712 - -- include.d: clarify --include is only for response headers - - Follow-up to 171f8de and de6de94. - - Bug: https://github.com/curl/curl/commit/de6de94#commitcomment-23370851 - Reported-by: Daniel Stenberg - -Daniel Stenberg (30 Jul 2017) -- [Jason Juang brought this change] - - cmake: support make uninstall - - Closes #1674 - -- RELEASE-NOTES: synced with 001701c47 - -Marcel Raad (29 Jul 2017) -- AppVeyor: now really use CURL_WERROR - - It was misspelled as CURL_ERROR in commit - 2d86e8d1286e0fbe3d811e2e87fa0b5e53722db4. - - Closes https://github.com/curl/curl/pull/1686 - -Jay Satiro (29 Jul 2017) -- tool_help: clarify --include is only for response headers - - Follow-up to 171f8de. - - Ref: https://github.com/curl/curl/issues/1704 - -- splay: fix signed/unsigned mismatch warning - - Follow-up to 4dee50b. - - Ref: https://github.com/curl/curl/pull/1693 - -Daniel Stenberg (28 Jul 2017) -- include.d: clarify that it concerns the response headers - - Reported-by: olesteban at github - Fixes #1704 - -- [Johannes Schindelin brought this change] - - curl_rtmp: fix a compiler warning - - The headers of librtmp declare the socket as `int`, and on Windows, that - disagrees with curl_socket_t. - - Bug: #1652 - - Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> - -- test1323: verify curlx_tvdiff - -- timeval: struct curltime is a struct timeval replacement - - ... to make all libcurl internals able to use the same data types for - the struct members. The timeval struct differs subtly on several - platforms so it makes it cumbersome to use everywhere. - - Ref: #1652 - Closes #1693 - -- darwinssl: fix variable type mistake (regression) - - ... which made --tlsv1.2 not work because it would blank the max tls - version variable. - - Reported-by: Nick Miyake - Bug: #1703 - -- multi: mention integer overflow risk if using > 500 million sockets - - Reported-by: ovidiu-benea@users.noreply.github.com - - Closes #1675 - Closes #1683 - -- checksrc: escape open brace in regex - - ... to silence warning. - -Kamil Dudka (20 Jul 2017) -- nss: fix a possible use-after-free in SelectClientCert() - - ... causing a SIGSEGV in showit() in case the handle used to initiate - the connection has already been freed. - - This commit fixes a bug introduced in curl-7_19_5-204-g5f0cae803. - - Reported-by: Rob Sanders - Bug: https://bugzilla.redhat.com/1436158 - -- nss: unify the coding style of nss_send() and nss_recv() - - No changes in behavior intended by this commit. - -Marcel Raad (18 Jul 2017) -- tests/server/resolve.c: fix deprecation warning - - MSVC warns that gethostbyname is deprecated. Always use getaddrinfo - instead to fix this when IPv6 is enabled, also for IPv4 resolves. This - is also consistent with what libcurl does. - - Closes https://github.com/curl/curl/pull/1682 - -Jay Satiro (17 Jul 2017) -- darwinssl: fix pinnedpubkey build error - - - s/SessionHandle/Curl_easy/ - - Bug: https://github.com/curl/curl/commit/eb16305#commitcomment-23035670 - Reported-by: Gisle Vanem - -Marcel Raad (16 Jul 2017) -- rtspd: fix GCC warning after MSVC warning fix - - Older GCC warns: - /tests/server/rtspd.c:1194:10: warning: missing braces around - initializer [-Wmissing-braces] - - Fix this by using memset instead of an initializer. - -- libtest: fix MSVC warning C4706 - - With warning level 4, MSVC warns about assignments within conditional - expressions. Change the while loop to a do-while loop to fix this. This - change is also consistent with CODE_STYLE.md. - -- sockfilt: suppress conversion warning with explicit cast - - MSVC warns when implicitly casting -1 to unsigned long. - -- rtspd: fix MSVC level 4 warning - - warning C4701: potentially uninitialized local variable 'req' used diff --git a/libs/libcurl/docs/THANKS b/libs/libcurl/docs/THANKS index 540a59fc49..661fae0843 100644 --- a/libs/libcurl/docs/THANKS +++ b/libs/libcurl/docs/THANKS @@ -18,6 +18,7 @@ Adam Marcionek Adam Piggott Adam Sampson Adam Tkac +Adrian Peniak Adrian Schuur Adriano Meirelles Ajit Dhumale @@ -32,6 +33,7 @@ Albert Chin-A-Young Albert Choy Ale Vesely Alejandro Alvarez Ayllon +Alejandro R. Sedeño Aleksandar Milivojevic Aleksey Tulinov Ales Mlakar @@ -136,6 +138,7 @@ Anton Yabchinskiy Antonio Larrosa Antony74 on github Antti Hätälä +Archangel_SDY on github Arkadiusz Miskiewicz Armel Asselin Arnaud Compan @@ -179,6 +182,7 @@ Bernard Leak Bernard Spil Bernhard M. Wiedemann Bernhard Reutner-Fischer +Bernhard Walle Bert Huijben Bertrand Demiddelaer Bertrand Simonnet @@ -345,6 +349,7 @@ Daniel Stenberg Daniel Theron Daniel at touchtunes Daphne Luong +Dario Nieuwenhuis Dario Weisser Darryl House Darshan Mody @@ -512,6 +517,7 @@ Fabian Frank Fabian Hiernaux Fabian Keil Fabian Ruff +Fabrice Fontaine Fabrizio Ammollo Fahim Chandurwala Fedor Karpelevitch @@ -661,6 +667,7 @@ Ingo Wilken Irfan Adilovic Isaac Boukris Ishan SinghLevett +Ithubg on github Ivan Avdeev Ivo Bellin Salarin Jack Zhang @@ -704,6 +711,7 @@ Jason Liu Jason McDonald Jason S. Priebe Javier Barroso +Javier Blazquez Javier G. Sogo Javier Sixto Jay Austin @@ -875,6 +883,7 @@ Kevin Baughman Kevin Fisk Kevin Ji Kevin Lussier +Kevin R. Bulgrien Kevin Reed Kevin Roth Kevin Smith @@ -931,6 +940,7 @@ Lijo Antony Linas Vepstas Lindley French Ling Thio +Linus Lewandowski Linus Nielsen Feltzing Linus Nordberg Lior Kaplan @@ -958,6 +968,7 @@ Luo Jinghua Luong Dinh Dung Luz Paz Luật Nguyễn +Lyman Epp Lyndon Hill Maciej Karpiuk Maciej Puzio @@ -967,6 +978,7 @@ Maks Naumov Maksim Kuzevanov Maksim Stsepanenka Mamoru Tasaka +Mamta Upadhyay Mandy Wu Manfred Schwarb Manuel Massing @@ -992,6 +1004,7 @@ Marco Maggi Marcus Hoffmann Marcus Sundberg Marcus Webster +Marian Klymov Mario Schroeder Mark Brand Mark Butler @@ -1040,6 +1053,7 @@ Matt Veenstra Matt Witherspoon Matt Wixson Matteo B. +Matteo Bignotti Matteo Rocco Matthew Blain Matthew Clarke @@ -1053,6 +1067,7 @@ Mauro Rappa Max Dymond Max Katsev Max Khon +Max Savenkov Maxim Ivanov Maxim Perenesenko Maxim Prohorov @@ -1251,6 +1266,7 @@ Peter Silva Peter Su Peter Sylvester Peter Todd +Peter Varga Peter Verhas Peter Wang Peter Wu @@ -1307,6 +1323,7 @@ Ramana Mokkapati Randall S. Becker Randy Armstrong Randy McMurchy +Raphael Gozzo Ravi Pratap Ray Dassen Ray Pekowski @@ -1365,6 +1382,7 @@ Robert Foreman Robert Iakobashvili Robert Kolcun Robert Olson +Robert Prag Robert Schumann Robert Weaver Robert Wruck @@ -1392,6 +1410,7 @@ Ronnie Mose Rosimildo da Silva Roy Shan Rune Kleveland +Ruslan Baratov Ruslan Gazizov Rutger Hofman Ruurd Beerstra @@ -1433,6 +1452,7 @@ Scott McCreary Sean Boudreau Sean Burford Sean MacLennan +Sean Miller Sebastian Mundry Sebastian Pohlschmidt Sebastian Rasmussen @@ -1618,6 +1638,7 @@ Ulrich Doehner Ulrich Telle Ulrich Zadow Valentin David +Vasiliy Faronov Vasy Okhin Venkat Akella Venkataramana Mokkapati @@ -1636,6 +1657,7 @@ Vincent Torri Vlad Grachov Vlad Ureche Vladimir Grishchenko +Vladimir Kotal Vladimir Lazarenko Vojtech Janota Vojtech Minarik @@ -1702,6 +1724,7 @@ dkjjr89 on github dpull on github eXeC64 on github elelel on github +elephoenix on github guitared on github hsiao yi imilli on github @@ -1728,6 +1751,7 @@ omau on github ovidiu-benea on github patelvivekv1993 on github paulharris on github +pszemus on github silveja1 on github steelman on github steini2000 on github @@ -1741,6 +1765,7 @@ wncboy on github wyattoday on github youngchopin on github zelinchen on github +zzq1015 on github İsmail Dönmez Łukasz Domeradzki Štefan Kremeň diff --git a/libs/libcurl/include/README b/libs/libcurl/include/README index c2589ec8c4..091ef76d10 100644 --- a/libs/libcurl/include/README +++ b/libs/libcurl/include/README @@ -14,20 +14,5 @@ of environment. You must include files from here using... ... style and point the compiler's include path to the directory holding the curl subdirectory. It makes it more likely to survive future modifications. -NOTE FOR LIBCURL HACKERS - -* If you check out from git on a non-configure platform, you must run the - appropriate buildconf* script to set up files before being able of compiling - the library. - -* We cannot assume anything else but very basic compiler features being - present. While libcurl requires an ANSI C compiler to build, some of the - earlier ANSI compilers clearly can't deal with some preprocessor operators. - -* Newlines must remain unix-style for older compilers' sake. - -* Comments must be written in the old-style /* unnested C-fashion */ - -To figure out how to do good and portable checks for features, operating -systems or specific hardwarare, a very good resource is Bjorn Reese's -collection at https://sourceforge.net/p/predef/wiki/ +The public curl include files can be shared freely between different platforms +and different architectures. diff --git a/libs/libcurl/include/curl/curl.h b/libs/libcurl/include/curl/curl.h index 3fd4ca87d3..067b34ded5 100644 --- a/libs/libcurl/include/curl/curl.h +++ b/libs/libcurl/include/curl/curl.h @@ -691,6 +691,7 @@ typedef enum { * CURLAUTH_NTLM - HTTP NTLM authentication * CURLAUTH_DIGEST_IE - HTTP Digest authentication with IE flavour * CURLAUTH_NTLM_WB - HTTP NTLM authentication delegated to winbind helper + * CURLAUTH_BEARER - HTTP Bearer token authentication * CURLAUTH_ONLY - Use together with a single other type to force no * authentication or just that single type * CURLAUTH_ANY - All fine types set @@ -708,6 +709,7 @@ typedef enum { #define CURLAUTH_NTLM (((unsigned long)1)<<3) #define CURLAUTH_DIGEST_IE (((unsigned long)1)<<4) #define CURLAUTH_NTLM_WB (((unsigned long)1)<<5) +#define CURLAUTH_BEARER (((unsigned long)1)<<6) #define CURLAUTH_ONLY (((unsigned long)1)<<31) #define CURLAUTH_ANY (~CURLAUTH_DIGEST_IE) #define CURLAUTH_ANYSAFE (~(CURLAUTH_BASIC|CURLAUTH_DIGEST_IE)) @@ -1847,6 +1849,13 @@ typedef enum { /* shuffle addresses before use when DNS returns multiple */ CINIT(DNS_SHUFFLE_ADDRESSES, LONG, 275), + /* Specify which TLS 1.3 ciphers suites to use */ + CINIT(TLS13_CIPHERS, STRINGPOINT, 276), + CINIT(PROXY_TLS13_CIPHERS, STRINGPOINT, 277), + + /* Disallow specifying username/login in URL. */ + CINIT(DISALLOW_USERNAME_IN_URL, LONG, 278), + CURLOPT_LASTENTRY /* the last unused */ } CURLoption; @@ -2527,7 +2536,17 @@ typedef enum { CURLINFO_SCHEME = CURLINFO_STRING + 49, /* Fill in new entries below here! */ - CURLINFO_LASTONE = 49 + /* Preferably these would be defined conditionally based on the + sizeof curl_off_t being 64-bits */ + CURLINFO_TOTAL_TIME_T = CURLINFO_OFF_T + 50, + CURLINFO_NAMELOOKUP_TIME_T = CURLINFO_OFF_T + 51, + CURLINFO_CONNECT_TIME_T = CURLINFO_OFF_T + 52, + CURLINFO_PRETRANSFER_TIME_T = CURLINFO_OFF_T + 53, + CURLINFO_STARTTRANSFER_TIME_T = CURLINFO_OFF_T + 54, + CURLINFO_REDIRECT_TIME_T = CURLINFO_OFF_T + 55, + CURLINFO_APPCONNECT_TIME_T = CURLINFO_OFF_T + 56, + + CURLINFO_LASTONE = 56 } CURLINFO; /* CURLINFO_RESPONSE_CODE is the new name for the option previously known as @@ -2570,6 +2589,7 @@ typedef enum { CURL_LOCK_DATA_DNS, CURL_LOCK_DATA_SSL_SESSION, CURL_LOCK_DATA_CONNECT, + CURL_LOCK_DATA_PSL, CURL_LOCK_DATA_LAST } curl_lock_data; diff --git a/libs/libcurl/include/curl/curlver.h b/libs/libcurl/include/curl/curlver.h index 17831025c8..d28c1fe9ca 100644 --- a/libs/libcurl/include/curl/curlver.h +++ b/libs/libcurl/include/curl/curlver.h @@ -30,12 +30,12 @@ /* This is the version number of the libcurl package from which this header file origins: */ -#define LIBCURL_VERSION "7.60.0" +#define LIBCURL_VERSION "7.61.0-DEV" /* The numeric version number is also available "in parts" by using these defines: */ #define LIBCURL_VERSION_MAJOR 7 -#define LIBCURL_VERSION_MINOR 60 +#define LIBCURL_VERSION_MINOR 61 #define LIBCURL_VERSION_PATCH 0 /* This is the numeric version of the libcurl version number, meant for easier @@ -57,7 +57,7 @@ CURL_VERSION_BITS() macro since curl's own configure script greps for it and needs it to contain the full number. */ -#define LIBCURL_VERSION_NUM 0x073c00 +#define LIBCURL_VERSION_NUM 0x073D00 /* * This is the date and time when the full source package was created. The @@ -68,7 +68,7 @@ * * "2007-11-23" */ -#define LIBCURL_TIMESTAMP "2018-05-16" +#define LIBCURL_TIMESTAMP "[unreleased]" #define CURL_VERSION_BITS(x,y,z) ((x)<<16|(y)<<8|z) #define CURL_AT_LEAST_VERSION(x,y,z) \ diff --git a/libs/libcurl/include/curl/system.h b/libs/libcurl/include/curl/system.h index eac4cfeb66..a54fd584ff 100644 --- a/libs/libcurl/include/curl/system.h +++ b/libs/libcurl/include/curl/system.h @@ -320,6 +320,24 @@ # define CURL_PULL_SYS_TYPES_H 1 # define CURL_PULL_SYS_SOCKET_H 1 +#elif defined(__xlc__) /* IBM xlc compiler */ +# if !defined(_LP64) +# define CURL_TYPEOF_CURL_OFF_T long long +# define CURL_FORMAT_CURL_OFF_T "lld" +# define CURL_FORMAT_CURL_OFF_TU "llu" +# define CURL_SUFFIX_CURL_OFF_T LL +# define CURL_SUFFIX_CURL_OFF_TU ULL +# else +# define CURL_TYPEOF_CURL_OFF_T long +# define CURL_FORMAT_CURL_OFF_T "ld" +# define CURL_FORMAT_CURL_OFF_TU "lu" +# define CURL_SUFFIX_CURL_OFF_T L +# define CURL_SUFFIX_CURL_OFF_TU UL +# endif +# define CURL_TYPEOF_CURL_SOCKLEN_T socklen_t +# define CURL_PULL_SYS_TYPES_H 1 +# define CURL_PULL_SYS_SOCKET_H 1 + /* ===================================== */ /* KEEP MSVC THE PENULTIMATE ENTRY */ /* ===================================== */ @@ -344,7 +362,7 @@ /* KEEP GENERIC GCC THE LAST ENTRY */ /* ===================================== */ -#elif defined(__GNUC__) +#elif defined(__GNUC__) && !defined(_SCO_DS) # if !defined(__LP64__) && \ (defined(__ILP32__) || defined(__i386__) || defined(__hppa__) || \ defined(__ppc__) || defined(__powerpc__) || defined(__arm__) || \ diff --git a/libs/libcurl/include/curl/typecheck-gcc.h b/libs/libcurl/include/curl/typecheck-gcc.h index 3a0f253f61..a6f6386140 100644 --- a/libs/libcurl/include/curl/typecheck-gcc.h +++ b/libs/libcurl/include/curl/typecheck-gcc.h @@ -428,7 +428,7 @@ _CURL_WARNING(_curl_easy_getinfo_err_curl_off_t, * == or whatsoever. */ -/* XXX: should evaluate to true iff expr is a pointer */ +/* XXX: should evaluate to true if expr is a pointer */ #define _curl_is_any_ptr(expr) \ (sizeof(expr) == sizeof(void *)) diff --git a/libs/libcurl/src/CMakeLists.txt b/libs/libcurl/src/CMakeLists.txt index 1fabdba908..6653d555f8 100644 --- a/libs/libcurl/src/CMakeLists.txt +++ b/libs/libcurl/src/CMakeLists.txt @@ -98,13 +98,6 @@ if(WIN32) if(NOT CURL_STATICLIB) # Add "_imp" as a suffix before the extension to avoid conflicting with the statically linked "libcurl.lib" set_target_properties(${LIB_NAME} PROPERTIES IMPORT_SUFFIX "_imp.lib") - - set_target_properties (${LIB_NAME} PROPERTIES - DEBUG_POSTFIX "-d" - # Note: no postfix for release variants, let user choose what style of release he wants - # MINSIZEREL_POSTFIX "-z" - # RELWITHDEBINFO_POSTFIX "-g" - ) endif() endif() diff --git a/libs/libcurl/src/Makefile.am b/libs/libcurl/src/Makefile.am index 87c64f3a8e..277839824d 100644 --- a/libs/libcurl/src/Makefile.am +++ b/libs/libcurl/src/Makefile.am @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al. +# Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -23,7 +23,7 @@ AUTOMAKE_OPTIONS = foreign nostdinc CMAKE_DIST = CMakeLists.txt curl_config.h.cmake -EXTRA_DIST = Makefile.b32 Makefile.m32 config-win32.h \ +EXTRA_DIST = Makefile.m32 config-win32.h \ config-win32ce.h config-riscos.h config-mac.h curl_config.h.in \ makefile.dj config-dos.h libcurl.plist libcurl.rc config-amigaos.h \ makefile.amiga Makefile.netware nwlib.c nwos.c config-win32ce.h \ diff --git a/libs/libcurl/src/Makefile.in b/libs/libcurl/src/Makefile.in index 93a55307b7..f3981e298f 100644 --- a/libs/libcurl/src/Makefile.in +++ b/libs/libcurl/src/Makefile.in @@ -124,6 +124,7 @@ host_triplet = @host@ subdir = lib ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/ax_code_coverage.m4 \ + $(top_srcdir)/m4/ax_compile_check_sizeof.m4 \ $(top_srcdir)/m4/curl-compilers.m4 \ $(top_srcdir)/m4/curl-confopts.m4 \ $(top_srcdir)/m4/curl-functions.m4 \ @@ -227,7 +228,7 @@ am__objects_1 = libcurl_la-file.lo libcurl_la-timeval.lo \ libcurl_la-system_win32.lo libcurl_la-mime.lo \ libcurl_la-sha256.lo libcurl_la-setopt.lo \ libcurl_la-curl_path.lo libcurl_la-curl_ctype.lo \ - libcurl_la-curl_range.lo + libcurl_la-curl_range.lo libcurl_la-psl.lo am__dirstamp = $(am__leading_dot)dirstamp am__objects_2 = vauth/libcurl_la-vauth.lo \ vauth/libcurl_la-cleartext.lo vauth/libcurl_la-cram.lo \ @@ -308,7 +309,7 @@ am__objects_7 = libcurlu_la-file.lo libcurlu_la-timeval.lo \ libcurlu_la-system_win32.lo libcurlu_la-mime.lo \ libcurlu_la-sha256.lo libcurlu_la-setopt.lo \ libcurlu_la-curl_path.lo libcurlu_la-curl_ctype.lo \ - libcurlu_la-curl_range.lo + libcurlu_la-curl_range.lo libcurlu_la-psl.lo am__objects_8 = vauth/libcurlu_la-vauth.lo \ vauth/libcurlu_la-cleartext.lo vauth/libcurlu_la-cram.lo \ vauth/libcurlu_la-digest.lo vauth/libcurlu_la-digest_sspi.lo \ @@ -402,6 +403,7 @@ ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +AR_FLAGS = @AR_FLAGS@ AS = @AS@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ @@ -614,7 +616,7 @@ top_srcdir = @top_srcdir@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al. +# Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -630,7 +632,7 @@ top_srcdir = @top_srcdir@ ########################################################################### AUTOMAKE_OPTIONS = foreign nostdinc CMAKE_DIST = CMakeLists.txt curl_config.h.cmake -EXTRA_DIST = Makefile.b32 Makefile.m32 config-win32.h \ +EXTRA_DIST = Makefile.m32 config-win32.h \ config-win32ce.h config-riscos.h config-mac.h curl_config.h.in \ makefile.dj config-dos.h libcurl.plist libcurl.rc config-amigaos.h \ makefile.amiga Makefile.netware nwlib.c nwos.c config-win32ce.h \ @@ -714,7 +716,7 @@ LIB_CFILES = file.c timeval.c base64.c hostip.c progress.c formdata.c \ http_ntlm.c curl_ntlm_wb.c curl_ntlm_core.c curl_sasl.c rand.c \ curl_multibyte.c hostcheck.c conncache.c pipeline.c dotdot.c \ x509asn1.c http2.c smb.c curl_endian.c curl_des.c system_win32.c \ - mime.c sha256.c setopt.c curl_path.c curl_ctype.c curl_range.c + mime.c sha256.c setopt.c curl_path.c curl_ctype.c curl_range.c psl.c LIB_HFILES = arpa_telnet.h netrc.h file.h timeval.h hostip.h progress.h \ formdata.h cookie.h http.h sendf.h ftp.h url.h dict.h if2ip.h \ @@ -734,7 +736,7 @@ LIB_HFILES = arpa_telnet.h netrc.h file.h timeval.h hostip.h progress.h \ curl_setup_once.h multihandle.h setup-vms.h pipeline.h dotdot.h \ x509asn1.h http2.h sigpipe.h smb.h curl_endian.h curl_des.h \ curl_printf.h system_win32.h rand.h mime.h curl_sha256.h setopt.h \ - curl_path.h curl_ctype.h curl_range.h + curl_path.h curl_ctype.h curl_range.h psl.h LIB_RCFILES = libcurl.rc CSOURCES = $(LIB_CFILES) $(LIB_VAUTH_CFILES) $(LIB_VTLS_CFILES) @@ -1045,6 +1047,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-pipeline.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-pop3.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-progress.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-psl.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-rand.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-rtsp.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-security.Plo@am__quote@ @@ -1153,6 +1156,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-pipeline.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-pop3.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-progress.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-psl.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-rand.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-rtsp.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-security.Plo@am__quote@ @@ -2017,6 +2021,13 @@ libcurl_la-curl_range.lo: curl_range.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-curl_range.lo `test -f 'curl_range.c' || echo '$(srcdir)/'`curl_range.c +libcurl_la-psl.lo: psl.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-psl.lo -MD -MP -MF $(DEPDIR)/libcurl_la-psl.Tpo -c -o libcurl_la-psl.lo `test -f 'psl.c' || echo '$(srcdir)/'`psl.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-psl.Tpo $(DEPDIR)/libcurl_la-psl.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='psl.c' object='libcurl_la-psl.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-psl.lo `test -f 'psl.c' || echo '$(srcdir)/'`psl.c + vauth/libcurl_la-vauth.lo: vauth/vauth.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT vauth/libcurl_la-vauth.lo -MD -MP -MF vauth/$(DEPDIR)/libcurl_la-vauth.Tpo -c -o vauth/libcurl_la-vauth.lo `test -f 'vauth/vauth.c' || echo '$(srcdir)/'`vauth/vauth.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vauth/$(DEPDIR)/libcurl_la-vauth.Tpo vauth/$(DEPDIR)/libcurl_la-vauth.Plo @@ -2948,6 +2959,13 @@ libcurlu_la-curl_range.lo: curl_range.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-curl_range.lo `test -f 'curl_range.c' || echo '$(srcdir)/'`curl_range.c +libcurlu_la-psl.lo: psl.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-psl.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-psl.Tpo -c -o libcurlu_la-psl.lo `test -f 'psl.c' || echo '$(srcdir)/'`psl.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-psl.Tpo $(DEPDIR)/libcurlu_la-psl.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='psl.c' object='libcurlu_la-psl.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-psl.lo `test -f 'psl.c' || echo '$(srcdir)/'`psl.c + vauth/libcurlu_la-vauth.lo: vauth/vauth.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT vauth/libcurlu_la-vauth.lo -MD -MP -MF vauth/$(DEPDIR)/libcurlu_la-vauth.Tpo -c -o vauth/libcurlu_la-vauth.lo `test -f 'vauth/vauth.c' || echo '$(srcdir)/'`vauth/vauth.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vauth/$(DEPDIR)/libcurlu_la-vauth.Tpo vauth/$(DEPDIR)/libcurlu_la-vauth.Plo diff --git a/libs/libcurl/src/Makefile.inc b/libs/libcurl/src/Makefile.inc index 61c23411df..76ca6d0414 100644 --- a/libs/libcurl/src/Makefile.inc +++ b/libs/libcurl/src/Makefile.inc @@ -54,7 +54,7 @@ LIB_CFILES = file.c timeval.c base64.c hostip.c progress.c formdata.c \ http_ntlm.c curl_ntlm_wb.c curl_ntlm_core.c curl_sasl.c rand.c \ curl_multibyte.c hostcheck.c conncache.c pipeline.c dotdot.c \ x509asn1.c http2.c smb.c curl_endian.c curl_des.c system_win32.c \ - mime.c sha256.c setopt.c curl_path.c curl_ctype.c curl_range.c + mime.c sha256.c setopt.c curl_path.c curl_ctype.c curl_range.c psl.c LIB_HFILES = arpa_telnet.h netrc.h file.h timeval.h hostip.h progress.h \ formdata.h cookie.h http.h sendf.h ftp.h url.h dict.h if2ip.h \ @@ -74,7 +74,7 @@ LIB_HFILES = arpa_telnet.h netrc.h file.h timeval.h hostip.h progress.h \ curl_setup_once.h multihandle.h setup-vms.h pipeline.h dotdot.h \ x509asn1.h http2.h sigpipe.h smb.h curl_endian.h curl_des.h \ curl_printf.h system_win32.h rand.h mime.h curl_sha256.h setopt.h \ - curl_path.h curl_ctype.h curl_range.h + curl_path.h curl_ctype.h curl_range.h psl.h LIB_RCFILES = libcurl.rc diff --git a/libs/libcurl/src/Makefile.netware b/libs/libcurl/src/Makefile.netware index f4b6528eb9..2b392f3f4e 100644 --- a/libs/libcurl/src/Makefile.netware +++ b/libs/libcurl/src/Makefile.netware @@ -166,7 +166,7 @@ endif CFLAGS += -align 4 else # PRELUDE = $(NDK_CLIB)/imports/clibpre.o - # to avoid the __init_* / __deinit_* whoes don't use prelude from NDK + # to avoid the __init_* / __deinit_* woes don't use prelude from NDK PRELUDE = "$(MWCW_PATH)/libraries/runtime/prelude.obj" # CFLAGS += -include "$(MWCW_PATH)/headers/nlm_clib_prefix.h" CFLAGS += -align 1 @@ -192,7 +192,7 @@ else endif else PRELUDE = $(NDK_CLIB)/imports/clibpre.gcc.o - # to avoid the __init_* / __deinit_* whoes don't use prelude from NDK + # to avoid the __init_* / __deinit_* woes don't use prelude from NDK # http://www.gknw.net/development/mk_nlm/gcc_pre.zip # PRELUDE = $(NDK_ROOT)/pre/prelude.o CFLAGS += -include $(NDKBASE)/nlmconv/genlm.h diff --git a/libs/libcurl/src/asyn-ares.c b/libs/libcurl/src/asyn-ares.c index aa581a49a0..00fe1adb58 100644 --- a/libs/libcurl/src/asyn-ares.c +++ b/libs/libcurl/src/asyn-ares.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -312,22 +312,25 @@ CURLcode Curl_resolver_is_resolved(struct connectdata *conn, conn->async.os_specific; CURLcode result = CURLE_OK; - *dns = NULL; + if(dns) + *dns = NULL; waitperform(conn, 0); if(res && !res->num_pending) { - (void)Curl_addrinfo_callback(conn, res->last_status, res->temp_ai); - /* temp_ai ownership is moved to the connection, so we need not free-up - them */ - res->temp_ai = NULL; + if(dns) { + (void)Curl_addrinfo_callback(conn, res->last_status, res->temp_ai); + /* temp_ai ownership is moved to the connection, so we need not free-up + them */ + res->temp_ai = NULL; + } if(!conn->async.dns) { failf(data, "Could not resolve: %s (%s)", conn->async.hostname, ares_strerror(conn->async.status)); result = conn->bits.proxy?CURLE_COULDNT_RESOLVE_PROXY: CURLE_COULDNT_RESOLVE_HOST; } - else + else if(dns) *dns = conn->async.dns; destroy_async_data(&conn->async); @@ -390,7 +393,7 @@ CURLcode Curl_resolver_wait_resolv(struct connectdata *conn, timeout_ms = 1000; waitperform(conn, timeout_ms); - result = Curl_resolver_is_resolved(conn, &temp_entry); + result = Curl_resolver_is_resolved(conn, entry?&temp_entry:NULL); if(result || conn->async.done) break; diff --git a/libs/libcurl/src/asyn-thread.c b/libs/libcurl/src/asyn-thread.c index b11fab2468..c7c1a00865 100644 --- a/libs/libcurl/src/asyn-thread.c +++ b/libs/libcurl/src/asyn-thread.c @@ -481,8 +481,10 @@ CURLcode Curl_resolver_wait_resolv(struct connectdata *conn, DEBUGASSERT(conn && td); /* wait for the thread to resolve the name */ - if(Curl_thread_join(&td->thread_hnd)) - result = getaddrinfo_complete(conn); + if(Curl_thread_join(&td->thread_hnd)) { + if(entry) + result = getaddrinfo_complete(conn); + } else DEBUGASSERT(0); @@ -572,10 +574,10 @@ int Curl_resolver_getsock(struct connectdata *conn, (void)socks; (void)numsocks; ms = Curl_timediff(Curl_now(), reslv->start); - if(ms < 10) - milli = ms/3; + if(ms < 3) + milli = 0; else if(ms <= 50) - milli = 10; + milli = ms/3; else if(ms <= 250) milli = 50; else diff --git a/libs/libcurl/src/base64.c b/libs/libcurl/src/base64.c index 204a2273d1..6370e4cdfb 100644 --- a/libs/libcurl/src/base64.c +++ b/libs/libcurl/src/base64.c @@ -49,13 +49,12 @@ static size_t decodeQuantum(unsigned char *dest, const char *src) unsigned long i, x = 0; for(i = 0, s = src; i < 4; i++, s++) { - unsigned long v = 0; - if(*s == '=') { x = (x << 6); padding++; } else { + unsigned long v = 0; p = base64; while(*p && (*p != *s)) { diff --git a/libs/libcurl/src/checksrc.pl b/libs/libcurl/src/checksrc.pl index c90e245eee..daff07bf58 100644 --- a/libs/libcurl/src/checksrc.pl +++ b/libs/libcurl/src/checksrc.pl @@ -63,6 +63,7 @@ my %warnings = ( 'NOSPACEEQUALS' => 'equals sign without preceding space', 'SEMINOSPACE' => 'semicolon without following space', 'MULTISPACE' => 'multiple spaces used when not suitable', + 'SIZEOFNOPAREN' => 'use of sizeof without parentheses', ); sub readwhitelist { @@ -417,6 +418,17 @@ sub scanfile { } } + # check for "sizeof" without parenthesis + if(($l =~ /^(.*)sizeof *([ (])/) && ($2 ne "(")) { + if($1 =~ / *\#/) { + # this is a #if, treat it differently + } + else { + checkwarn("SIZEOFNOPAREN", $line, length($1)+6, $file, $l, + "sizeof without parenthesis"); + } + } + # check for comma without space if($l =~ /^(.*),[^ \n]/) { my $pref=$1; diff --git a/libs/libcurl/src/conncache.c b/libs/libcurl/src/conncache.c index b8f5444856..76428eb860 100644 --- a/libs/libcurl/src/conncache.c +++ b/libs/libcurl/src/conncache.c @@ -6,7 +6,7 @@ * \___|\___/|_| \_\_____| * * Copyright (C) 2012 - 2016, Linus Nielsen Feltzing, <linus@haxx.se> - * Copyright (C) 2012 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2012 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -96,14 +96,13 @@ static void bundle_destroy(struct connectbundle *cb_ptr) } /* Add a connection to a bundle */ -static CURLcode bundle_add_conn(struct connectbundle *cb_ptr, - struct connectdata *conn) +static void bundle_add_conn(struct connectbundle *cb_ptr, + struct connectdata *conn) { Curl_llist_insert_next(&cb_ptr->conn_list, cb_ptr->conn_list.tail, conn, &conn->bundle_node); conn->bundle = cb_ptr; cb_ptr->num_connections++; - return CURLE_OK; } /* Remove a connection from a bundle */ @@ -263,7 +262,7 @@ static void conncache_remove_bundle(struct conncache *connc, CURLcode Curl_conncache_add_conn(struct conncache *connc, struct connectdata *conn) { - CURLcode result; + CURLcode result = CURLE_OK; struct connectbundle *bundle; struct connectbundle *new_bundle = NULL; struct Curl_easy *data = conn->data; @@ -290,19 +289,13 @@ CURLcode Curl_conncache_add_conn(struct conncache *connc, bundle = new_bundle; } - result = bundle_add_conn(bundle, conn); - if(result) { - if(new_bundle) - conncache_remove_bundle(data->state.conn_cache, new_bundle); - goto unlock; - } - + bundle_add_conn(bundle, conn); conn->connection_id = connc->next_connection_id++; connc->num_conn++; DEBUGF(infof(conn->data, "Added connection %ld. " - "The cache now contains %" CURL_FORMAT_CURL_OFF_TU " members\n", - conn->connection_id, (curl_off_t) connc->num_conn)); + "The cache now contains %zu members\n", + conn->connection_id, connc->num_conn)); unlock: CONN_UNLOCK(data); @@ -328,9 +321,8 @@ void Curl_conncache_remove_conn(struct connectdata *conn, bool lock) conn->bundle = NULL; /* removed from it */ if(connc) { connc->num_conn--; - DEBUGF(infof(conn->data, "The cache now contains %" - CURL_FORMAT_CURL_OFF_TU " members\n", - (curl_off_t) connc->num_conn)); + DEBUGF(infof(conn->data, "The cache now contains %zu members\n", + connc->num_conn)); } if(lock) { CONN_UNLOCK(conn->data); @@ -452,6 +444,7 @@ bool Curl_conncache_return_conn(struct connectdata *conn) } CONN_LOCK(data); conn->inuse = FALSE; /* Mark the connection unused */ + conn->data = NULL; /* no owner */ CONN_UNLOCK(data); return (conn_candidate == conn) ? FALSE : TRUE; @@ -501,9 +494,8 @@ Curl_conncache_extract_bundle(struct Curl_easy *data, /* remove it to prevent another thread from nicking it */ bundle_remove_conn(bundle, conn_candidate); data->state.conn_cache->num_conn--; - DEBUGF(infof(data, "The cache now contains %" - CURL_FORMAT_CURL_OFF_TU " members\n", - (curl_off_t) data->state.conn_cache->num_conn)); + DEBUGF(infof(data, "The cache now contains %zu members\n", + data->state.conn_cache->num_conn)); } return conn_candidate; @@ -563,9 +555,8 @@ Curl_conncache_extract_oldest(struct Curl_easy *data) /* remove it to prevent another thread from nicking it */ bundle_remove_conn(bundle_candidate, conn_candidate); connc->num_conn--; - DEBUGF(infof(data, "The cache now contains %" - CURL_FORMAT_CURL_OFF_TU " members\n", - (curl_off_t) connc->num_conn)); + DEBUGF(infof(data, "The cache now contains %zu members\n", + connc->num_conn)); } CONN_UNLOCK(data); diff --git a/libs/libcurl/src/conncache.h b/libs/libcurl/src/conncache.h index d8ad80f963..eedd7a800e 100644 --- a/libs/libcurl/src/conncache.h +++ b/libs/libcurl/src/conncache.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2015 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2015 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 2012 - 2014, Linus Nielsen Feltzing, <linus@haxx.se> * * This software is licensed as described in the file COPYING, which @@ -63,7 +63,7 @@ size_t Curl_conncache_bundle_size(struct connectdata *conn); bool Curl_conncache_return_conn(struct connectdata *conn); CURLcode Curl_conncache_add_conn(struct conncache *connc, - struct connectdata *conn); + struct connectdata *conn) WARN_UNUSED_RESULT; void Curl_conncache_remove_conn(struct connectdata *conn, bool lock); bool Curl_conncache_foreach(struct Curl_easy *data, diff --git a/libs/libcurl/src/connect.c b/libs/libcurl/src/connect.c index 1a27ae1353..41f2202681 100644 --- a/libs/libcurl/src/connect.c +++ b/libs/libcurl/src/connect.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -1237,8 +1237,6 @@ static int conn_is_conn(struct connectdata *conn, void *param) curl_socket_t Curl_getconnectinfo(struct Curl_easy *data, struct connectdata **connp) { - curl_socket_t sockfd; - DEBUGASSERT(data); /* this works for an easy handle: @@ -1261,15 +1259,15 @@ curl_socket_t Curl_getconnectinfo(struct Curl_easy *data, return CURL_SOCKET_BAD; } - if(connp) + if(connp) { /* only store this if the caller cares for it */ *connp = c; - sockfd = c->sock[FIRSTSOCKET]; + c->data = data; + } + return c->sock[FIRSTSOCKET]; } else return CURL_SOCKET_BAD; - - return sockfd; } /* diff --git a/libs/libcurl/src/content_encoding.c b/libs/libcurl/src/content_encoding.c index 7c979efcc3..d69ad5c5ad 100644 --- a/libs/libcurl/src/content_encoding.c +++ b/libs/libcurl/src/content_encoding.c @@ -163,7 +163,6 @@ static CURLcode inflate_stream(struct connectdata *conn, z_stream *z = &zp->z; /* zlib state structure */ uInt nread = z->avail_in; Bytef *orig_in = z->next_in; - int status; /* zlib status */ bool done = FALSE; CURLcode result = CURLE_OK; /* Curl_client_write status */ char *decomp; /* Put the decompressed data here. */ @@ -184,13 +183,20 @@ static CURLcode inflate_stream(struct connectdata *conn, /* because the buffer size is fixed, iteratively decompress and transfer to the client via downstream_write function. */ while(!done) { + int status; /* zlib status */ done = TRUE; /* (re)set buffer for decompressed output for every iteration */ z->next_out = (Bytef *) decomp; z->avail_out = DSIZ; +#ifdef Z_BLOCK + /* Z_BLOCK is only available in zlib ver. >= 1.2.0.5 */ status = inflate(z, Z_BLOCK); +#else + /* fallback for zlib ver. < 1.2.0.5 */ + status = inflate(z, Z_SYNC_FLUSH); +#endif /* Flush output data if some. */ if(z->avail_out != DSIZ) { @@ -755,7 +761,6 @@ char *Curl_all_content_encodings(void) const content_encoding * const *cep; const content_encoding *ce; char *ace; - char *p; for(cep = encodings; *cep; cep++) { ce = *cep; @@ -768,7 +773,7 @@ char *Curl_all_content_encodings(void) ace = malloc(len); if(ace) { - p = ace; + char *p = ace; for(cep = encodings; *cep; cep++) { ce = *cep; if(!strcasecompare(ce->name, CONTENT_ENCODING_DEFAULT)) { @@ -915,10 +920,9 @@ void Curl_unencode_cleanup(struct connectdata *conn) static const content_encoding *find_encoding(const char *name, size_t len) { const content_encoding * const *cep; - const content_encoding *ce; for(cep = encodings; *cep; cep++) { - ce = *cep; + const content_encoding *ce = *cep; if((strncasecompare(name, ce->name, len) && !ce->name[len]) || (ce->alias && strncasecompare(name, ce->alias, len) && !ce->alias[len])) return ce; diff --git a/libs/libcurl/src/cookie.c b/libs/libcurl/src/cookie.c index 4310994d41..72aaa76368 100644 --- a/libs/libcurl/src/cookie.c +++ b/libs/libcurl/src/cookie.c @@ -84,12 +84,9 @@ Example set of cookies: #if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_COOKIES) -#ifdef USE_LIBPSL -# include <libpsl.h> -#endif - #include "urldata.h" #include "cookie.h" +#include "psl.h" #include "strtok.h" #include "sendf.h" #include "slist.h" @@ -379,13 +376,13 @@ static void strstore(char **str, const char *newstr) */ static void remove_expired(struct CookieInfo *cookies) { - struct Cookie *co, *nx, *pv; + struct Cookie *co, *nx; curl_off_t now = (curl_off_t)time(NULL); unsigned int i; for(i = 0; i < COOKIE_HASH_SIZE; i++) { + struct Cookie *pv = NULL; co = cookies->cookies[i]; - pv = NULL; while(co) { nx = co->next; if(co->expires && co->expires < now) { @@ -406,6 +403,12 @@ static void remove_expired(struct CookieInfo *cookies) } } +/* Make sure domain contains a dot or is localhost. */ +static bool bad_domain(const char *domain) +{ + return !strchr(domain, '.') && !strcasecompare(domain, "localhost"); +} + /**************************************************************************** * * Curl_cookie_add() @@ -442,10 +445,6 @@ Curl_cookie_add(struct Curl_easy *data, bool badcookie = FALSE; /* cookies are good by default. mmmmm yummy */ size_t myhash; -#ifdef USE_LIBPSL - const psl_ctx_t *psl; -#endif - #ifdef CURL_DISABLE_VERBOSE_STRINGS (void)data; #endif @@ -497,7 +496,7 @@ Curl_cookie_add(struct Curl_easy *data, name + contents. Chrome and Firefox support 4095 or 4096 bytes combo. */ freecookie(co); - infof(data, "oversized cookie dropped, name/val %d + %d bytes\n", + infof(data, "oversized cookie dropped, name/val %zu + %zu bytes\n", nlen, len); return NULL; } @@ -585,13 +584,8 @@ Curl_cookie_add(struct Curl_easy *data, * TLD or otherwise "protected" suffix. To reduce risk, we require a * dot OR the exact host name being "localhost". */ - { - const char *dotp; - /* check for more dots */ - dotp = strchr(whatptr, '.'); - if(!dotp && !strcasecompare("localhost", whatptr)) - domain = ":"; - } + if(bad_domain(whatptr)) + domain = ":"; #endif is_ip = isip(domain ? domain : whatptr); @@ -796,7 +790,7 @@ Curl_cookie_add(struct Curl_easy *data, break; case 1: /* This field got its explanation on the 23rd of May 2001 by - Andrйs Garcнa: + Andrs Garca: flag: A TRUE/FALSE value indicating if all machines within a given domain can access the variable. This value is set automatically by @@ -810,7 +804,7 @@ Curl_cookie_add(struct Curl_easy *data, case 2: /* It turns out, that sometimes the file format allows the path field to remain not filled in, we try to detect this and work - around it! Andrйs Garcнa made us aware of this... */ + around it! Andrs Garca made us aware of this... */ if(strcmp("TRUE", ptr) && strcmp("FALSE", ptr)) { /* only if the path doesn't look like a boolean option! */ co->path = strdup(ptr); @@ -890,14 +884,21 @@ Curl_cookie_add(struct Curl_easy *data, remove_expired(c); #ifdef USE_LIBPSL - /* Check if the domain is a Public Suffix and if yes, ignore the cookie. - This needs a libpsl compiled with builtin data. */ + /* Check if the domain is a Public Suffix and if yes, ignore the cookie. */ if(domain && co->domain && !isip(co->domain)) { - psl = psl_builtin(); - if(psl && !psl_is_cookie_domain_acceptable(psl, domain, co->domain)) { - infof(data, - "cookie '%s' dropped, domain '%s' must not set cookies for '%s'\n", - co->name, domain, co->domain); + const psl_ctx_t *psl = Curl_psl_use(data); + int acceptable; + + if(psl) { + acceptable = psl_is_cookie_domain_acceptable(psl, domain, co->domain); + Curl_psl_release(data); + } + else + acceptable = !bad_domain(domain); + + if(!acceptable) { + infof(data, "cookie '%s' dropped, domain '%s' must not " + "set cookies for '%s'\n", co->name, domain, co->domain); freecookie(co); return NULL; } @@ -1384,9 +1385,8 @@ void Curl_cookie_clearsess(struct CookieInfo *cookies) ****************************************************************************/ void Curl_cookie_cleanup(struct CookieInfo *c) { - unsigned int i; - if(c) { + unsigned int i; free(c->filename); for(i = 0; i < COOKIE_HASH_SIZE; i++) Curl_cookie_freelist(c->cookies[i]); diff --git a/libs/libcurl/src/curl_addrinfo.c b/libs/libcurl/src/curl_addrinfo.c index 55d5a3942d..fd49679c93 100644 --- a/libs/libcurl/src/curl_addrinfo.c +++ b/libs/libcurl/src/curl_addrinfo.c @@ -536,7 +536,8 @@ Curl_addrinfo *Curl_unix2addr(const char *path, bool *longpath, bool abstract) } #endif -#if defined(CURLDEBUG) && defined(HAVE_FREEADDRINFO) +#if defined(CURLDEBUG) && defined(HAVE_GETADDRINFO) && \ + defined(HAVE_FREEADDRINFO) /* * curl_dofreeaddrinfo() * diff --git a/libs/libcurl/src/curl_config.h.cmake b/libs/libcurl/src/curl_config.h.cmake index 4b12083f29..ab0094be5d 100644 --- a/libs/libcurl/src/curl_config.h.cmake +++ b/libs/libcurl/src/curl_config.h.cmake @@ -235,6 +235,9 @@ /* Define to 1 if you have the `getpwuid' function. */ #cmakedefine HAVE_GETPWUID 1 +/* Define to 1 if you have the `getpwuid_r' function. */ +#cmakedefine HAVE_GETPWUID_R 1 + /* Define to 1 if you have the `getrlimit' function. */ #cmakedefine HAVE_GETRLIMIT 1 @@ -963,6 +966,9 @@ /* to enable Windows SSL */ #cmakedefine USE_SCHANNEL 1 +/* enable multiple SSL backends */ +#cmakedefine CURL_WITH_MULTI_SSL 1 + /* Define to 1 if using yaSSL in OpenSSL compatibility mode. */ #cmakedefine USE_YASSLEMUL 1 diff --git a/libs/libcurl/src/curl_config.h.in b/libs/libcurl/src/curl_config.h.in index f60321521a..9c9e2d9add 100644 --- a/libs/libcurl/src/curl_config.h.in +++ b/libs/libcurl/src/curl_config.h.in @@ -96,21 +96,6 @@ /* Define to the type of arg 2 for gethostname. */ #undef GETHOSTNAME_TYPE_ARG2 -/* Define to the type qualifier of arg 1 for getnameinfo. */ -#undef GETNAMEINFO_QUAL_ARG1 - -/* Define to the type of arg 1 for getnameinfo. */ -#undef GETNAMEINFO_TYPE_ARG1 - -/* Define to the type of arg 2 for getnameinfo. */ -#undef GETNAMEINFO_TYPE_ARG2 - -/* Define to the type of args 4 and 6 for getnameinfo. */ -#undef GETNAMEINFO_TYPE_ARG46 - -/* Define to the type of arg 7 for getnameinfo. */ -#undef GETNAMEINFO_TYPE_ARG7 - /* Specifies the number of arguments to getservbyport_r */ #undef GETSERVBYPORT_R_ARGS @@ -177,15 +162,19 @@ /* Define to 1 if you have the <cyassl/options.h> header file. */ #undef HAVE_CYASSL_OPTIONS_H +/* Define to 1 if you have the declaration of `getpwuid_r', and to 0 if you + don't. */ +#undef HAVE_DECL_GETPWUID_R + +/* "Set if getpwuid_r() declaration is missing" */ +#undef HAVE_DECL_GETPWUID_R_MISSING + /* Define to 1 if you have the <dlfcn.h> header file. */ #undef HAVE_DLFCN_H /* Define to 1 if you have the `ENGINE_cleanup' function. */ #undef HAVE_ENGINE_CLEANUP -/* Define to 1 if you have the `ENGINE_load_builtin_engines' function. */ -#undef HAVE_ENGINE_LOAD_BUILTIN_ENGINES - /* Define to 1 if you have the <errno.h> header file. */ #undef HAVE_ERRNO_H @@ -204,6 +193,9 @@ /* Define to 1 if you have the fdopen function. */ #undef HAVE_FDOPEN +/* Define to 1 if you have the `fnmatch' function. */ +#undef HAVE_FNMATCH + /* Define to 1 if you have the freeaddrinfo function. */ #undef HAVE_FREEADDRINFO @@ -270,9 +262,6 @@ /* Define to 1 if you have a working getifaddrs function. */ #undef HAVE_GETIFADDRS -/* Define to 1 if you have the getnameinfo function. */ -#undef HAVE_GETNAMEINFO - /* Define to 1 if you have the `getpass_r' function. */ #undef HAVE_GETPASS_R @@ -488,9 +477,6 @@ /* Define to 1 if you have the <nghttp2/nghttp2.h> header file. */ #undef HAVE_NGHTTP2_NGHTTP2_H -/* Define to 1 if NI_WITHSCOPEID exists and works. */ -#undef HAVE_NI_WITHSCOPEID - /* if you have an old MIT Kerberos version, lacking GSS_C_NT_HOSTBASED_SERVICE */ #undef HAVE_OLD_GSSMIT @@ -498,9 +484,6 @@ /* Define to 1 if you have the <openssl/crypto.h> header file. */ #undef HAVE_OPENSSL_CRYPTO_H -/* Define to 1 if you have the <openssl/engine.h> header file. */ -#undef HAVE_OPENSSL_ENGINE_H - /* Define to 1 if you have the <openssl/err.h> header file. */ #undef HAVE_OPENSSL_ERR_H @@ -906,28 +889,28 @@ /* Define to the function return type for send. */ #undef SEND_TYPE_RETV -/* The size of `curl_off_t', as computed by sizeof. */ +/* The number of bytes in type curl_off_t */ #undef SIZEOF_CURL_OFF_T -/* The size of `int', as computed by sizeof. */ +/* The number of bytes in type int */ #undef SIZEOF_INT -/* The size of `long', as computed by sizeof. */ +/* The number of bytes in type long */ #undef SIZEOF_LONG -/* The size of `long long', as computed by sizeof. */ +/* The number of bytes in type long long */ #undef SIZEOF_LONG_LONG -/* The size of `off_t', as computed by sizeof. */ +/* The number of bytes in type off_t */ #undef SIZEOF_OFF_T -/* The size of `short', as computed by sizeof. */ +/* The number of bytes in type short */ #undef SIZEOF_SHORT -/* The size of `size_t', as computed by sizeof. */ +/* The number of bytes in type size_t */ #undef SIZEOF_SIZE_T -/* The size of `time_t', as computed by sizeof. */ +/* The number of bytes in type time_t */ #undef SIZEOF_TIME_T /* Define to 1 if you have the ANSI C header files. */ diff --git a/libs/libcurl/src/curl_fnmatch.c b/libs/libcurl/src/curl_fnmatch.c index 0179a4f717..fbfd85c438 100644 --- a/libs/libcurl/src/curl_fnmatch.c +++ b/libs/libcurl/src/curl_fnmatch.c @@ -30,6 +30,17 @@ /* The last #include file should be: */ #include "memdebug.h" +#ifndef HAVE_FNMATCH + +/* + * TODO: + * + * Make this function match POSIX. Test 1307 includes a set of test patterns + * that returns different results with a POSIX fnmatch() than with this + * implementation and this is considered a bug where POSIX is the guiding + * light. + */ + #define CURLFNM_CHARSET_LEN (sizeof(char) * 256) #define CURLFNM_CHSET_SIZE (CURLFNM_CHARSET_LEN + 15) @@ -334,9 +345,9 @@ static int loop(const unsigned char *pattern, const unsigned char *string, s++; break; } + /* Syntax error in set; mismatch! */ + return CURL_FNMATCH_NOMATCH; - /* Syntax error in set: this must be taken as a regular character. */ - /* FALLTHROUGH */ default: if(*p++ != *s++) return CURL_FNMATCH_NOMATCH; @@ -355,5 +366,31 @@ int Curl_fnmatch(void *ptr, const char *pattern, const char *string) if(!pattern || !string) { return CURL_FNMATCH_FAIL; } - return loop((unsigned char *)pattern, (unsigned char *)string, 5); + return loop((unsigned char *)pattern, (unsigned char *)string, 2); +} +#else +#include <fnmatch.h> +/* + * @unittest: 1307 + */ +int Curl_fnmatch(void *ptr, const char *pattern, const char *string) +{ + int rc; + (void)ptr; /* the argument is specified by the curl_fnmatch_callback + prototype, but not used by Curl_fnmatch() */ + if(!pattern || !string) { + return CURL_FNMATCH_FAIL; + } + rc = fnmatch(pattern, string, 0); + switch(rc) { + case 0: + return CURL_FNMATCH_MATCH; + case FNM_NOMATCH: + return CURL_FNMATCH_NOMATCH; + default: + return CURL_FNMATCH_FAIL; + } + /* not reached */ } + +#endif diff --git a/libs/libcurl/src/curl_sasl.c b/libs/libcurl/src/curl_sasl.c index e54e4875e2..354bc54487 100644 --- a/libs/libcurl/src/curl_sasl.c +++ b/libs/libcurl/src/curl_sasl.c @@ -146,7 +146,6 @@ CURLcode Curl_sasl_parse_url_auth_option(struct SASL *sasl, const char *value, size_t len) { CURLcode result = CURLE_OK; - unsigned int mechbit; size_t mechlen; if(!len) @@ -160,7 +159,7 @@ CURLcode Curl_sasl_parse_url_auth_option(struct SASL *sasl, if(!strncmp(value, "*", len)) sasl->prefmech = SASL_AUTH_DEFAULT; else { - mechbit = Curl_sasl_decode_mech(value, len, &mechlen); + unsigned int mechbit = Curl_sasl_decode_mech(value, len, &mechlen); if(mechbit && mechlen == len) sasl->prefmech |= mechbit; else diff --git a/libs/libcurl/src/curl_setup.h b/libs/libcurl/src/curl_setup.h index 5593a3b5c2..799d5fab93 100644 --- a/libs/libcurl/src/curl_setup.h +++ b/libs/libcurl/src/curl_setup.h @@ -217,7 +217,7 @@ /* * Use getaddrinfo to resolve the IPv4 address literal. If the current network - * interface doesn’t support IPv4, but supports IPv6, NAT64, and DNS64, + * interface doesn't support IPv4, but supports IPv6, NAT64, and DNS64, * performing this task will result in a synthesized IPv6 address. */ #ifdef __APPLE__ @@ -242,6 +242,7 @@ # if defined(_UNICODE) && !defined(UNICODE) # define UNICODE # endif +# include <winerror.h> # include <windows.h> # ifdef HAVE_WINSOCK2_H # include <winsock2.h> @@ -800,4 +801,11 @@ endings either CRLF or LF so 't' is appropriate. #define CURL_SA_FAMILY_T unsigned short #endif +/* Some versions of the Android SDK is missing the declaration */ +#if defined(HAVE_GETPWUID_R) && defined(HAVE_DECL_GETPWUID_R_MISSING) +struct passwd; +int getpwuid_r(uid_t uid, struct passwd *pwd, char *buf, + size_t buflen, struct passwd **result); +#endif + #endif /* HEADER_CURL_SETUP_H */ diff --git a/libs/libcurl/src/dict.c b/libs/libcurl/src/dict.c index 4fc85521d7..c26d6d34c3 100644 --- a/libs/libcurl/src/dict.c +++ b/libs/libcurl/src/dict.c @@ -95,10 +95,7 @@ static char *unescape_word(struct Curl_easy *data, const char *inputbuff) { char *newp = NULL; char *dictp; - char *ptr; size_t len; - char ch; - int olen = 0; CURLcode result = Curl_urldecode(data, inputbuff, 0, &newp, &len, FALSE); if(!newp || result) @@ -106,6 +103,9 @@ static char *unescape_word(struct Curl_easy *data, const char *inputbuff) dictp = malloc(((size_t)len)*2 + 1); /* add one for terminating zero */ if(dictp) { + char *ptr; + char ch; + int olen = 0; /* According to RFC2229 section 2.2, these letters need to be escaped with \[letter] */ for(ptr = newp; diff --git a/libs/libcurl/src/easy.c b/libs/libcurl/src/easy.c index 6b914353de..5af90e3261 100644 --- a/libs/libcurl/src/easy.c +++ b/libs/libcurl/src/easy.c @@ -113,7 +113,7 @@ static CURLcode win32_init(void) res = WSAStartup(wVersionRequested, &wsaData); if(res != 0) - /* Tell the user that we couldn't find a useable */ + /* Tell the user that we couldn't find a usable */ /* winsock.dll. */ return CURLE_FAILED_INIT; @@ -125,7 +125,7 @@ static CURLcode win32_init(void) if(LOBYTE(wsaData.wVersion) != LOBYTE(wVersionRequested) || HIBYTE(wsaData.wVersion) != HIBYTE(wVersionRequested) ) { - /* Tell the user that we couldn't find a useable */ + /* Tell the user that we couldn't find a usable */ /* winsock.dll. */ WSACleanup(); @@ -661,38 +661,27 @@ static CURLcode easy_transfer(struct Curl_multi *multi) bool done = FALSE; CURLMcode mcode = CURLM_OK; CURLcode result = CURLE_OK; - struct curltime before; - int without_fds = 0; /* count number of consecutive returns from - curl_multi_wait() without any filedescriptors */ while(!done && !mcode) { int still_running = 0; int rc; - before = Curl_now(); mcode = curl_multi_wait(multi, NULL, 0, 1000, &rc); if(!mcode) { if(!rc) { - struct curltime after = Curl_now(); + long sleep_ms; /* If it returns without any filedescriptor instantly, we need to avoid busy-looping during periods where it has nothing particular to wait for */ - if(Curl_timediff(after, before) <= 10) { - without_fds++; - if(without_fds > 2) { - int sleep_ms = without_fds < 10 ? (1 << (without_fds - 1)) : 1000; - Curl_wait_ms(sleep_ms); - } + curl_multi_timeout(multi, &sleep_ms); + if(sleep_ms) { + if(sleep_ms > 1000) + sleep_ms = 1000; + Curl_wait_ms((int)sleep_ms); } - else - /* it wasn't "instant", restart counter */ - without_fds = 0; } - else - /* got file descriptor, restart counter */ - without_fds = 0; mcode = curl_multi_perform(multi, &still_running); } diff --git a/libs/libcurl/src/escape.c b/libs/libcurl/src/escape.c index b7e2d32a6c..10774f0586 100644 --- a/libs/libcurl/src/escape.c +++ b/libs/libcurl/src/escape.c @@ -82,7 +82,6 @@ char *curl_easy_escape(struct Curl_easy *data, const char *string, size_t alloc; char *ns; char *testing_ptr = NULL; - unsigned char in; /* we need to treat the characters unsigned */ size_t newlen; size_t strindex = 0; size_t length; @@ -100,7 +99,7 @@ char *curl_easy_escape(struct Curl_easy *data, const char *string, length = alloc-1; while(length--) { - in = *string; + unsigned char in = *string; /* we need to treat the characters unsigned */ if(Curl_isunreserved(in)) /* just copy this */ @@ -150,7 +149,6 @@ CURLcode Curl_urldecode(struct Curl_easy *data, { size_t alloc = (length?length:strlen(string)) + 1; char *ns = malloc(alloc); - unsigned char in; size_t strindex = 0; unsigned long hex; CURLcode result; @@ -159,7 +157,7 @@ CURLcode Curl_urldecode(struct Curl_easy *data, return CURLE_OUT_OF_MEMORY; while(--alloc > 0) { - in = *string; + unsigned char in = *string; if(('%' == in) && (alloc > 2) && ISXDIGIT(string[1]) && ISXDIGIT(string[2])) { /* this is two hexadecimal digits following a '%' */ diff --git a/libs/libcurl/src/file.c b/libs/libcurl/src/file.c index db04cc2daf..77fcf25361 100644 --- a/libs/libcurl/src/file.c +++ b/libs/libcurl/src/file.c @@ -256,8 +256,6 @@ static CURLcode file_upload(struct connectdata *conn) CURLcode result = CURLE_OK; struct Curl_easy *data = conn->data; char *buf = data->state.buffer; - size_t nread; - size_t nwrite; curl_off_t bytecount = 0; struct_stat file_stat; const char *buf2; @@ -306,6 +304,8 @@ static CURLcode file_upload(struct connectdata *conn) } while(!result) { + size_t nread; + size_t nwrite; int readcount; result = Curl_fillreadbuffer(conn, (int)data->set.buffer_size, &readcount); if(result) @@ -378,7 +378,6 @@ static CURLcode file_do(struct connectdata *conn, bool *done) curl_off_t expected_size = 0; bool size_known; bool fstated = FALSE; - ssize_t nread; struct Curl_easy *data = conn->data; char *buf = data->state.buffer; curl_off_t bytecount = 0; @@ -461,7 +460,7 @@ static CURLcode file_do(struct connectdata *conn, bool *done) return result; /* Adjust the start offset in case we want to get the N last bytes - * of the stream iff the filesize could be determined */ + * of the stream if the filesize could be determined */ if(data->state.resume_from < 0) { if(!fstated) { failf(data, "Can't get the size of file."); @@ -502,6 +501,7 @@ static CURLcode file_do(struct connectdata *conn, bool *done) Curl_pgrsTime(data, TIMER_STARTTRANSFER); while(!result) { + ssize_t nread; /* Don't fill a whole buffer if we want less than all data */ size_t bytestoread; diff --git a/libs/libcurl/src/formdata.c b/libs/libcurl/src/formdata.c index f912410526..8f6c6e318f 100644 --- a/libs/libcurl/src/formdata.c +++ b/libs/libcurl/src/formdata.c @@ -725,7 +725,7 @@ int curl_formget(struct curl_httppost *form, void *arg, while(!result) { char buffer[8192]; - size_t nread = Curl_mime_read(buffer, 1, sizeof buffer, &toppart); + size_t nread = Curl_mime_read(buffer, 1, sizeof(buffer), &toppart); if(!nread) break; @@ -812,7 +812,6 @@ CURLcode Curl_getformdata(struct Curl_easy *data, { CURLcode result = CURLE_OK; curl_mime *form = NULL; - curl_mime *multipart; curl_mimepart *part; struct curl_httppost *file; @@ -831,7 +830,7 @@ CURLcode Curl_getformdata(struct Curl_easy *data, /* Process each top part. */ for(; !result && post; post = post->next) { /* If we have more than a file here, create a mime subpart and fill it. */ - multipart = form; + curl_mime *multipart = form; if(post->more) { part = curl_mime_addpart(form); if(!part) diff --git a/libs/libcurl/src/ftp.c b/libs/libcurl/src/ftp.c index 4e074a111a..7dbf080045 100644 --- a/libs/libcurl/src/ftp.c +++ b/libs/libcurl/src/ftp.c @@ -239,8 +239,8 @@ static void close_secondarysocket(struct connectdata *conn) static void freedirs(struct ftp_conn *ftpc) { - int i; if(ftpc->dirs) { + int i; for(i = 0; i < ftpc->dirdepth; i++) { free(ftpc->dirs[i]); ftpc->dirs[i] = NULL; @@ -637,8 +637,6 @@ CURLcode Curl_GetFTPResponse(ssize_t *nreadp, /* return number of bytes read */ * line in a response or continue reading. */ curl_socket_t sockfd = conn->sock[FIRSTSOCKET]; - time_t timeout; /* timeout in milliseconds */ - time_t interval_ms; struct Curl_easy *data = conn->data; CURLcode result = CURLE_OK; struct ftp_conn *ftpc = &conn->proto.ftpc; @@ -657,7 +655,8 @@ CURLcode Curl_GetFTPResponse(ssize_t *nreadp, /* return number of bytes read */ while(!*ftpcode && !result) { /* check and reset timeout value every lap */ - timeout = Curl_pp_state_timeout(pp); + time_t timeout = Curl_pp_state_timeout(pp); /* timeout in milliseconds */ + time_t interval_ms; if(timeout <= 0) { failf(data, "FTP response timeout"); @@ -1589,7 +1588,6 @@ static CURLcode ftp_state_ul_setup(struct connectdata *conn, struct FTP *ftp = conn->data->req.protop; struct Curl_easy *data = conn->data; struct ftp_conn *ftpc = &conn->proto.ftpc; - int seekerr = CURL_SEEKFUNC_OK; if((data->state.resume_from && !sizechecked) || ((data->state.resume_from > 0) && sizechecked)) { @@ -1605,6 +1603,7 @@ static CURLcode ftp_state_ul_setup(struct connectdata *conn, /* 3. pass file-size number of bytes in the source file */ /* 4. lower the infilesize counter */ /* => transfer as usual */ + int seekerr = CURL_SEEKFUNC_OK; if(data->state.resume_from < 0) { /* Got no given size to start from, figure it out */ @@ -2782,7 +2781,6 @@ static CURLcode ftp_statemach_act(struct connectdata *conn) char *ptr = &data->state.buffer[4]; /* start on the first letter */ const size_t buf_size = data->set.buffer_size; char *dir; - char *store; bool entry_extracted = FALSE; dir = malloc(nread + 1); @@ -2805,6 +2803,7 @@ static CURLcode ftp_statemach_act(struct connectdata *conn) if('\"' == *ptr) { /* it started good */ + char *store; ptr++; for(store = dir; *ptr;) { if('\"' == *ptr) { @@ -3992,8 +3991,7 @@ CURLcode Curl_ftpsend(struct connectdata *conn, const char *cmd) break; if(conn->data->set.verbose) - Curl_debug(conn->data, CURLINFO_HEADER_OUT, - sptr, (size_t)bytes_written, conn); + Curl_debug(conn->data, CURLINFO_HEADER_OUT, sptr, (size_t)bytes_written); if(bytes_written != (ssize_t)write_len) { write_len -= bytes_written; @@ -4384,7 +4382,6 @@ static CURLcode ftp_setup_connection(struct connectdata *conn) { struct Curl_easy *data = conn->data; char *type; - char command; struct FTP *ftp; conn->data->req.protop = ftp = malloc(sizeof(struct FTP)); @@ -4402,6 +4399,7 @@ static CURLcode ftp_setup_connection(struct connectdata *conn) type = strstr(conn->host.rawalloc, ";type="); if(type) { + char command; *type = 0; /* it was in the middle of the hostname */ command = Curl_raw_toupper(type[6]); conn->bits.type_set = TRUE; diff --git a/libs/libcurl/src/getinfo.c b/libs/libcurl/src/getinfo.c index d280eebfaf..14b456274a 100644 --- a/libs/libcurl/src/getinfo.c +++ b/libs/libcurl/src/getinfo.c @@ -281,6 +281,28 @@ static CURLcode getinfo_offt(struct Curl_easy *data, CURLINFO info, *param_offt = (data->progress.flags & PGRS_UL_SIZE_KNOWN)? data->progress.size_ul:-1; break; + case CURLINFO_TOTAL_TIME_T: + *param_offt = data->progress.timespent; + break; + case CURLINFO_NAMELOOKUP_TIME_T: + *param_offt = data->progress.t_nslookup; + break; + case CURLINFO_CONNECT_TIME_T: + *param_offt = data->progress.t_connect; + break; + case CURLINFO_APPCONNECT_TIME_T: + *param_offt = data->progress.t_appconnect; + break; + case CURLINFO_PRETRANSFER_TIME_T: + *param_offt = data->progress.t_pretransfer; + break; + case CURLINFO_STARTTRANSFER_TIME_T: + *param_offt = data->progress.t_starttransfer; + break; + case CURLINFO_REDIRECT_TIME_T: + *param_offt = data->progress.t_redirect; + break; + default: return CURLE_UNKNOWN_OPTION; } diff --git a/libs/libcurl/src/hash.c b/libs/libcurl/src/hash.c index 15a128fecc..421d68f769 100644 --- a/libs/libcurl/src/hash.c +++ b/libs/libcurl/src/hash.c @@ -60,8 +60,6 @@ Curl_hash_init(struct curl_hash *h, comp_function comparator, curl_hash_dtor dtor) { - int i; - if(!slots || !hfunc || !comparator ||!dtor) { return 1; /* failure */ } @@ -74,6 +72,7 @@ Curl_hash_init(struct curl_hash *h, h->table = malloc(slots * sizeof(struct curl_llist)); if(h->table) { + int i; for(i = 0; i < slots; ++i) Curl_llist_init(&h->table[i], (curl_llist_dtor) hash_element_dtor); return 0; /* fine */ @@ -140,11 +139,10 @@ Curl_hash_add(struct curl_hash *h, void *key, size_t key_len, void *p) int Curl_hash_delete(struct curl_hash *h, void *key, size_t key_len) { struct curl_llist_element *le; - struct curl_hash_element *he; struct curl_llist *l = FETCH_LIST(h, key, key_len); for(le = l->head; le; le = le->next) { - he = le->ptr; + struct curl_hash_element *he = le->ptr; if(h->comp_func(he->key, he->key_len, key, key_len)) { Curl_llist_remove(l, le, (void *) h); --h->size; @@ -162,13 +160,12 @@ void * Curl_hash_pick(struct curl_hash *h, void *key, size_t key_len) { struct curl_llist_element *le; - struct curl_hash_element *he; struct curl_llist *l; if(h) { l = FETCH_LIST(h, key, key_len); for(le = l->head; le; le = le->next) { - he = le->ptr; + struct curl_hash_element *he = le->ptr; if(h->comp_func(he->key, he->key_len, key, key_len)) { return he->ptr; } @@ -291,7 +288,6 @@ void Curl_hash_start_iterate(struct curl_hash *hash, struct curl_hash_element * Curl_hash_next_element(struct curl_hash_iterator *iter) { - int i; struct curl_hash *h = iter->hash; /* Get the next element in the current list, if any */ @@ -300,6 +296,7 @@ Curl_hash_next_element(struct curl_hash_iterator *iter) /* If we have reached the end of the list, find the next one */ if(!iter->current_element) { + int i; for(i = iter->slot_index; i < h->slots; i++) { if(h->table[i].head) { iter->current_element = h->table[i].head; diff --git a/libs/libcurl/src/hmac.c b/libs/libcurl/src/hmac.c index dae95054b0..bf49ebec54 100644 --- a/libs/libcurl/src/hmac.c +++ b/libs/libcurl/src/hmac.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -58,7 +58,7 @@ Curl_HMAC_init(const HMAC_params * hashparams, unsigned char b; /* Create HMAC context. */ - i = sizeof *ctxt + 2 * hashparams->hmac_ctxtsize + + i = sizeof(*ctxt) + 2 * hashparams->hmac_ctxtsize + hashparams->hmac_resultlen; ctxt = malloc(i); diff --git a/libs/libcurl/src/hostip.c b/libs/libcurl/src/hostip.c index c2f9defd94..d809578e11 100644 --- a/libs/libcurl/src/hostip.c +++ b/libs/libcurl/src/hostip.c @@ -1010,24 +1010,28 @@ CURLcode Curl_loadhostpairs(struct Curl_easy *data) /* See if its already in our dns cache */ dns = Curl_hash_pick(data->dns.hostcache, entry_id, entry_len + 1); + if(dns) { + infof(data, "RESOLVE %s:%d is - old addresses discarded!\n", + hostname, port); + /* delete old entry entry, there are two reasons for this + 1. old entry may have different addresses. + 2. even if entry with correct addresses is already in the cache, + but if it is close to expire, then by the time next http + request is made, it can get expired and pruned because old + entry is not necessarily marked as added by CURLOPT_RESOLVE. */ + + Curl_hash_delete(data->dns.hostcache, entry_id, entry_len + 1); + } /* free the allocated entry_id again */ free(entry_id); - if(!dns) { - /* if not in the cache already, put this host in the cache */ - dns = Curl_cache_addr(data, head, hostname, port); - if(dns) { - dns->timestamp = 0; /* mark as added by CURLOPT_RESOLVE */ - /* release the returned reference; the cache itself will keep the - * entry alive: */ - dns->inuse--; - } - } - else { - /* this is a duplicate, free it again */ - infof(data, "RESOLVE %s:%d is already cached, %s not stored!\n", - hostname, port, addresses); - Curl_freeaddrinfo(head); + /* put this new host in the cache */ + dns = Curl_cache_addr(data, head, hostname, port); + if(dns) { + dns->timestamp = 0; /* mark as added by CURLOPT_RESOLVE */ + /* release the returned reference; the cache itself will keep the + * entry alive: */ + dns->inuse--; } if(data->share) diff --git a/libs/libcurl/src/hostip6.c b/libs/libcurl/src/hostip6.c index 7c9988f41b..3bf47b467d 100644 --- a/libs/libcurl/src/hostip6.c +++ b/libs/libcurl/src/hostip6.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -59,39 +59,6 @@ #include "curl_memory.h" #include "memdebug.h" -#if defined(CURLDEBUG) && defined(HAVE_GETNAMEINFO) -/* These are strictly for memory tracing and are using the same style as the - * family otherwise present in memdebug.c. I put these ones here since they - * require a bunch of structs I didn't want to include in memdebug.c - */ - -/* - * For CURLRES_ARS, this should be written using ares_gethostbyaddr() - * (ignoring the fact c-ares doesn't return 'serv'). - */ - -int curl_dogetnameinfo(GETNAMEINFO_QUAL_ARG1 GETNAMEINFO_TYPE_ARG1 sa, - GETNAMEINFO_TYPE_ARG2 salen, - char *host, GETNAMEINFO_TYPE_ARG46 hostlen, - char *serv, GETNAMEINFO_TYPE_ARG46 servlen, - GETNAMEINFO_TYPE_ARG7 flags, - int line, const char *source) -{ - int res = (getnameinfo)(sa, salen, - host, hostlen, - serv, servlen, - flags); - if(0 == res) - /* success */ - curl_memlog("GETNAME %s:%d getnameinfo()\n", - source, line); - else - curl_memlog("GETNAME %s:%d getnameinfo() failed = %d\n", - source, line, res); - return res; -} -#endif /* defined(CURLDEBUG) && defined(HAVE_GETNAMEINFO) */ - /* * Curl_ipv6works() returns TRUE if IPv6 seems to work. */ diff --git a/libs/libcurl/src/http.c b/libs/libcurl/src/http.c index ff1d6813a0..4ec5f2be69 100644 --- a/libs/libcurl/src/http.c +++ b/libs/libcurl/src/http.c @@ -310,6 +310,31 @@ static CURLcode http_output_basic(struct connectdata *conn, bool proxy) return result; } +/* + * http_output_bearer() sets up an Authorization: header + * for HTTP Bearer authentication. + * + * Returns CURLcode. + */ +static CURLcode http_output_bearer(struct connectdata *conn) +{ + char **userp; + CURLcode result = CURLE_OK; + + userp = &conn->allocptr.userpwd; + free(*userp); + *userp = aprintf("Authorization: Bearer %s\r\n", + conn->oauth_bearer); + + if(!*userp) { + result = CURLE_OUT_OF_MEMORY; + goto fail; + } + + fail: + return result; +} + /* pickoneauth() selects the most favourable authentication method from the * ones available and the ones we want. * @@ -326,6 +351,8 @@ static bool pickoneauth(struct auth *pick) of preference in case of the existence of multiple accepted types. */ if(avail & CURLAUTH_NEGOTIATE) pick->picked = CURLAUTH_NEGOTIATE; + else if(avail & CURLAUTH_BEARER) + pick->picked = CURLAUTH_BEARER; else if(avail & CURLAUTH_DIGEST) pick->picked = CURLAUTH_DIGEST; else if(avail & CURLAUTH_NTLM) @@ -628,6 +655,20 @@ output_auth_headers(struct connectdata *conn, functions work that way */ authstatus->done = TRUE; } + if(authstatus->picked == CURLAUTH_BEARER) { + /* Bearer */ + if((!proxy && conn->oauth_bearer && + !Curl_checkheaders(conn, "Authorization:"))) { + auth = "Bearer"; + result = http_output_bearer(conn); + if(result) + return result; + } + + /* NOTE: this function should set 'done' TRUE, as the other auth + functions work that way */ + authstatus->done = TRUE; + } if(auth) { infof(data, "%s auth using %s with user '%s'\n", @@ -674,7 +715,7 @@ Curl_http_output_auth(struct connectdata *conn, authproxy = &data->state.authproxy; if((conn->bits.httpproxy && conn->bits.proxy_user_passwd) || - conn->bits.user_passwd) + conn->bits.user_passwd || conn->oauth_bearer) /* continue please */; else { authhost->done = TRUE; @@ -883,6 +924,18 @@ CURLcode Curl_http_input_auth(struct connectdata *conn, bool proxy, data->state.authproblem = TRUE; } } + else + if(checkprefix("Bearer", auth)) { + *availp |= CURLAUTH_BEARER; + authp->avail |= CURLAUTH_BEARER; + if(authp->picked == CURLAUTH_BEARER) { + /* We asked for Bearer authentication but got a 40X back + anyway, which basically means our token isn't valid. */ + authp->avail = CURLAUTH_NONE; + infof(data, "Authentication problem. Ignoring this.\n"); + data->state.authproblem = TRUE; + } + } /* there may be multiple methods on one line, so keep reading */ while(*auth && *auth != ',') /* read up to the next comma */ @@ -1128,12 +1181,12 @@ CURLcode Curl_add_buffer_send(Curl_send_buffer *in, if(conn->data->set.verbose) { /* this data _may_ contain binary stuff */ - Curl_debug(conn->data, CURLINFO_HEADER_OUT, ptr, headlen, conn); + Curl_debug(conn->data, CURLINFO_HEADER_OUT, ptr, headlen); if(bodylen) { /* there was body data sent beyond the initial header part, pass that on to the debug callback too */ Curl_debug(conn->data, CURLINFO_DATA_OUT, - ptr + headlen, bodylen, conn); + ptr + headlen, bodylen); } } @@ -1223,7 +1276,6 @@ CURLcode Curl_add_bufferf(Curl_send_buffer *in, const char *fmt, ...) CURLcode Curl_add_buffer(Curl_send_buffer *in, const void *inptr, size_t size) { char *new_rb; - size_t new_size; if(~size < in->size_used) { /* If resulting used size of send buffer would wrap size_t, cleanup @@ -1236,10 +1288,10 @@ CURLcode Curl_add_buffer(Curl_send_buffer *in, const void *inptr, size_t size) if(!in->buffer || ((in->size_used + size) > (in->size_max - 1))) { - /* If current buffer size isn't enough to hold the result, use a buffer size that doubles the required size. If this new size would wrap size_t, then just use the largest possible one */ + size_t new_size; if((size > (size_t)-1 / 2) || (in->size_used > (size_t)-1 / 2) || (~(size * 2) < (in->size_used * 2))) @@ -1406,7 +1458,7 @@ static CURLcode add_haproxy_protocol_header(struct connectdata *conn) } snprintf(proxy_header, - sizeof proxy_header, + sizeof(proxy_header), "PROXY %s %s %s %li %li\r\n", tcp_version, conn->data->info.conn_local_ip, @@ -1574,7 +1626,6 @@ static CURLcode expect100(struct Curl_easy *data, Curl_send_buffer *req_buffer) { CURLcode result = CURLE_OK; - const char *ptr; data->state.expect100header = FALSE; /* default to false unless it is set to TRUE below */ if(use_http_1_1plus(data, conn) && @@ -1582,7 +1633,7 @@ static CURLcode expect100(struct Curl_easy *data, /* if not doing HTTP 1.0 or version 2, or disabled explicitly, we add an Expect: 100-continue to the headers which actually speeds up post operations (as there is one packet coming back from the web server) */ - ptr = Curl_checkheaders(conn, "Expect"); + const char *ptr = Curl_checkheaders(conn, "Expect"); if(ptr) { data->state.expect100header = Curl_compareheader(ptr, "Expect:", "100-continue"); @@ -1819,7 +1870,6 @@ CURLcode Curl_http(struct connectdata *conn, bool *done) const char *httpstring; Curl_send_buffer *req_buffer; curl_off_t postsize = 0; /* curl_off_t to handle large file sizes */ - int seekerr = CURL_SEEKFUNC_CANTSEEK; /* Always consider the DO phase done after this function call, even if there may be parts of the request that is not yet sent, since we can deal with @@ -2088,7 +2138,6 @@ CURLcode Curl_http(struct connectdata *conn, bool *done) else { /* If the host begins with '[', we start searching for the port after the bracket has been closed */ - int startsearch = 0; if(*cookiehost == '[') { char *closingbracket; /* since the 'cookiehost' is an allocated memory area that will be @@ -2099,6 +2148,7 @@ CURLcode Curl_http(struct connectdata *conn, bool *done) *closingbracket = 0; } else { + int startsearch = 0; char *colon = strchr(cookiehost + startsearch, ':'); if(colon) *colon = 0; /* The host must not include an embedded port number */ @@ -2244,6 +2294,7 @@ CURLcode Curl_http(struct connectdata *conn, bool *done) /* Now, let's read off the proper amount of bytes from the input. */ + int seekerr = CURL_SEEKFUNC_CANTSEEK; if(conn->seek_func) { Curl_set_in_callback(data, true); seekerr = conn->seek_func(conn->seek_client, data->state.resume_from, @@ -2939,7 +2990,7 @@ static CURLcode header_append(struct Curl_easy *data, /* The reason to have a max limit for this is to avoid the risk of a bad server feeding libcurl with a never-ending header that will cause reallocs infinitely */ - failf(data, "Rejected %zd bytes header (max is %d)!", newsize, + failf(data, "Rejected %zu bytes header (max is %d)!", newsize, CURL_MAX_HTTP_HEADER); return CURLE_OUT_OF_MEMORY; } @@ -3354,7 +3405,7 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data, if(data->set.verbose) Curl_debug(data, CURLINFO_HEADER_IN, - k->str_start, headerlen, conn); + k->str_start, headerlen); break; /* exit header line loop */ } @@ -3487,21 +3538,18 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data, * depending on how authentication is working. Other codes * are definitely errors, so give up here. */ - if(data->set.http_fail_on_error && (k->httpcode >= 400) && + if(data->state.resume_from && data->set.httpreq == HTTPREQ_GET && + k->httpcode == 416) { + /* "Requested Range Not Satisfiable", just proceed and + pretend this is no error */ + k->ignorebody = TRUE; /* Avoid appending error msg to good data. */ + } + else if(data->set.http_fail_on_error && (k->httpcode >= 400) && ((k->httpcode != 401) || !conn->bits.user_passwd) && ((k->httpcode != 407) || !conn->bits.proxy_user_passwd) ) { - - if(data->state.resume_from && - (data->set.httpreq == HTTPREQ_GET) && - (k->httpcode == 416)) { - /* "Requested Range Not Satisfiable", just proceed and - pretend this is no error */ - } - else { - /* serious error, go home! */ - print_http_error(data); - return CURLE_HTTP_RETURNED_ERROR; - } + /* serious error, go home! */ + print_http_error(data); + return CURLE_HTTP_RETURNED_ERROR; } if(conn->httpversion == 10) { @@ -3812,8 +3860,7 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data, writetype |= CLIENTWRITE_BODY; if(data->set.verbose) - Curl_debug(data, CURLINFO_HEADER_IN, - k->p, (size_t)k->hbuflen, conn); + Curl_debug(data, CURLINFO_HEADER_IN, k->p, (size_t)k->hbuflen); result = Curl_client_write(conn, writetype, k->p, k->hbuflen); if(result) diff --git a/libs/libcurl/src/http2.c b/libs/libcurl/src/http2.c index da001dfd09..8251d96df3 100644 --- a/libs/libcurl/src/http2.c +++ b/libs/libcurl/src/http2.c @@ -345,7 +345,7 @@ const char *Curl_http2_strerror(uint32_t err) "INADEQUATE_SECURITY", /* 0xC */ "HTTP_1_1_REQUIRED" /* 0xD */ }; - return (err < sizeof str / sizeof str[0]) ? str[err] : "unknown"; + return (err < sizeof(str) / sizeof(str[0])) ? str[err] : "unknown"; #else return nghttp2_http2_strerror(err); #endif @@ -581,7 +581,7 @@ static int on_frame_recv(nghttp2_session *session, const nghttp2_frame *frame, if(max_conn != httpc->settings.max_concurrent_streams) { /* only signal change if the value actually changed */ infof(conn->data, - "Connection state changed (MAX_CONCURRENT_STREAMS == %d)!\n", + "Connection state changed (MAX_CONCURRENT_STREAMS == %u)!\n", httpc->settings.max_concurrent_streams); Curl_multi_connchanged(conn->data->multi); } @@ -1280,7 +1280,7 @@ static int h2_process_pending_input(struct connectdata *conn, if(rv < 0) { failf(data, "h2_process_pending_input: nghttp2_session_mem_recv() returned " - "%d:%s\n", rv, nghttp2_strerror((int)rv)); + "%zd:%s\n", rv, nghttp2_strerror((int)rv)); *err = CURLE_RECV_ERROR; return -1; } @@ -1388,7 +1388,7 @@ static ssize_t http2_handle_stream_close(struct connectdata *conn, return -1; } else if(httpc->error_code != NGHTTP2_NO_ERROR) { - failf(data, "HTTP/2 stream %u was not closed cleanly: %s (err %d)", + failf(data, "HTTP/2 stream %d was not closed cleanly: %s (err %u)", stream->stream_id, Curl_http2_strerror(httpc->error_code), httpc->error_code); *err = CURLE_HTTP2_STREAM; @@ -1396,7 +1396,7 @@ static ssize_t http2_handle_stream_close(struct connectdata *conn, } if(!stream->bodystarted) { - failf(data, "HTTP/2 stream %u was closed cleanly, but before getting " + failf(data, "HTTP/2 stream %d was closed cleanly, but before getting " " all response header fields, treated as error", stream->stream_id); *err = CURLE_HTTP2_STREAM; @@ -1552,7 +1552,7 @@ static ssize_t http2_recv(struct connectdata *conn, int sockindex, stream->pausedata += nread; stream->pauselen -= nread; - infof(data, "%zu data bytes written\n", nread); + infof(data, "%zd data bytes written\n", nread); if(stream->pauselen == 0) { H2BUGF(infof(data, "Unpaused by stream %u\n", stream->stream_id)); DEBUGASSERT(httpc->pause_stream_id == stream->stream_id); @@ -1635,7 +1635,7 @@ static ssize_t http2_recv(struct connectdata *conn, int sockindex, rv = nghttp2_session_mem_recv(httpc->h2, (const uint8_t *)inbuf, nread); if(nghttp2_is_fatal((int)rv)) { - failf(data, "nghttp2_session_mem_recv() returned %d:%s\n", + failf(data, "nghttp2_session_mem_recv() returned %zd:%s\n", rv, nghttp2_strerror((int)rv)); *err = CURLE_RECV_ERROR; return -1; @@ -2040,7 +2040,7 @@ static ssize_t http2_send(struct connectdata *conn, int sockindex, } infof(conn->data, "Using Stream ID: %x (easy handle %p)\n", - stream_id, conn->data); + stream_id, (void *)conn->data); stream->stream_id = stream_id; /* this does not call h2_session_send() since there can not have been any diff --git a/libs/libcurl/src/http_proxy.c b/libs/libcurl/src/http_proxy.c index e10a488294..ecc8227045 100644 --- a/libs/libcurl/src/http_proxy.c +++ b/libs/libcurl/src/http_proxy.c @@ -188,7 +188,6 @@ static CURLcode CONNECT(struct connectdata *conn, struct SingleRequest *k = &data->req; CURLcode result; curl_socket_t tunnelsocket = conn->sock[sockindex]; - timediff_t check; struct http_connect_state *s = conn->connect_state; #define SELECT_OK 0 @@ -201,12 +200,13 @@ static CURLcode CONNECT(struct connectdata *conn, conn->bits.proxy_connect_closed = FALSE; do { + timediff_t check; if(TUNNEL_INIT == s->tunnel_state) { /* BEGIN CONNECT PHASE */ char *host_port; Curl_send_buffer *req_buffer; - infof(data, "Establish HTTP proxy tunnel to %s:%hu\n", + infof(data, "Establish HTTP proxy tunnel to %s:%d\n", hostname, remote_port); /* This only happens if we've looped here due to authentication @@ -419,7 +419,7 @@ static CURLcode CONNECT(struct connectdata *conn, /* output debug if that is requested */ if(data->set.verbose) Curl_debug(data, CURLINFO_HEADER_IN, - s->line_start, (size_t)s->perline, conn); + s->line_start, (size_t)s->perline); if(!data->set.suppress_connect_headers) { /* send the header to the callback */ diff --git a/libs/libcurl/src/imap.c b/libs/libcurl/src/imap.c index cf278a22ba..942fe7d1ef 100644 --- a/libs/libcurl/src/imap.c +++ b/libs/libcurl/src/imap.c @@ -609,7 +609,6 @@ static CURLcode imap_perform_list(struct connectdata *conn) CURLcode result = CURLE_OK; struct Curl_easy *data = conn->data; struct IMAP *imap = data->req.protop; - char *mailbox; if(imap->custom) /* Send the custom request */ @@ -617,7 +616,8 @@ static CURLcode imap_perform_list(struct connectdata *conn) imap->custom_params ? imap->custom_params : ""); else { /* Make sure the mailbox is in the correct atom format if necessary */ - mailbox = imap->mailbox ? imap_atom(imap->mailbox, true) : strdup(""); + char *mailbox = imap->mailbox ? imap_atom(imap->mailbox, true) + : strdup(""); if(!mailbox) return CURLE_OUT_OF_MEMORY; @@ -854,7 +854,6 @@ static CURLcode imap_state_capability_resp(struct connectdata *conn, struct Curl_easy *data = conn->data; struct imap_conn *imapc = &conn->proto.imapc; const char *line = data->state.buffer; - size_t wordlen; (void)instate; /* no use for this yet */ @@ -864,6 +863,7 @@ static CURLcode imap_state_capability_resp(struct connectdata *conn, /* Loop through the data line */ for(;;) { + size_t wordlen; while(*line && (*line == ' ' || *line == '\t' || *line == '\r' || *line == '\n')) { @@ -1046,12 +1046,12 @@ static CURLcode imap_state_select_resp(struct connectdata *conn, int imapcode, struct IMAP *imap = conn->data->req.protop; struct imap_conn *imapc = &conn->proto.imapc; const char *line = data->state.buffer; - char tmp[20]; (void)instate; /* no use for this yet */ if(imapcode == '*') { /* See if this is an UIDVALIDITY response */ + char tmp[20]; if(sscanf(line + 2, "OK [UIDVALIDITY %19[0123456789]]", tmp) == 1) { Curl_safefree(imapc->mailbox_uidvalidity); imapc->mailbox_uidvalidity = strdup(tmp); @@ -1119,7 +1119,7 @@ static CURLcode imap_state_fetch_resp(struct connectdata *conn, int imapcode, } if(parsed) { - infof(data, "Found %" CURL_FORMAT_CURL_OFF_TU " bytes to download\n", + infof(data, "Found %" CURL_FORMAT_CURL_OFF_T " bytes to download\n", size); Curl_pgrsSetDownloadSize(data, size); @@ -1144,10 +1144,8 @@ static CURLcode imap_state_fetch_resp(struct connectdata *conn, int imapcode, data->req.bytecount += chunk; - infof(data, "Written %" CURL_FORMAT_CURL_OFF_TU - " bytes, %" CURL_FORMAT_CURL_OFF_TU - " bytes are left for transfer\n", (curl_off_t)chunk, - size - chunk); + infof(data, "Written %zu bytes, %" CURL_FORMAT_CURL_OFF_TU + " bytes are left for transfer\n", chunk, size - chunk); /* Have we used the entire cache or just part of it?*/ if(pp->cache_size > chunk) { diff --git a/libs/libcurl/src/inet_ntop.c b/libs/libcurl/src/inet_ntop.c index fb91a505db..ac5d2d4d6f 100644 --- a/libs/libcurl/src/inet_ntop.c +++ b/libs/libcurl/src/inet_ntop.c @@ -49,7 +49,7 @@ */ static char *inet_ntop4 (const unsigned char *src, char *dst, size_t size) { - char tmp[sizeof "255.255.255.255"]; + char tmp[sizeof("255.255.255.255")]; size_t len; DEBUGASSERT(size >= 16); diff --git a/libs/libcurl/src/krb5.c b/libs/libcurl/src/krb5.c index 55b96e4e58..8b5a24720d 100644 --- a/libs/libcurl/src/krb5.c +++ b/libs/libcurl/src/krb5.c @@ -1,6 +1,6 @@ /* GSSAPI/krb5 support for FTP - loosely based on old krb4.c * - * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Hцgskolan + * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Hgskolan * (Royal Institute of Technology, Stockholm, Sweden). * Copyright (c) 2004 - 2017 Daniel Stenberg * All rights reserved. diff --git a/libs/libcurl/src/ldap.c b/libs/libcurl/src/ldap.c index 89047bcbda..4d8f4fa288 100644 --- a/libs/libcurl/src/ldap.c +++ b/libs/libcurl/src/ldap.c @@ -54,15 +54,6 @@ # endif /* HAVE_LDAP_SSL && HAVE_LDAP_SSL_H */ #endif -/* These are macros in both <wincrypt.h> (in above <winldap.h>) and typedefs - * in BoringSSL's <openssl/x509.h> - */ -#ifdef HAVE_BORINGSSL -# undef X509_NAME -# undef X509_CERT_PAIR -# undef X509_EXTENSIONS -#endif - #include "urldata.h" #include <curl/curl.h> #include "sendf.h" diff --git a/libs/libcurl/src/libcurl.plist b/libs/libcurl/src/libcurl.plist index 0410ad19fe..a5eee7144f 100644 --- a/libs/libcurl/src/libcurl.plist +++ b/libs/libcurl/src/libcurl.plist @@ -15,7 +15,7 @@ <string>se.haxx.curl.libcurl</string> <key>CFBundleVersion</key> - <string>7.60.0</string> + <string>7.61.0</string> <key>CFBundleName</key> <string>libcurl</string> @@ -27,9 +27,9 @@ <string>????</string> <key>CFBundleShortVersionString</key> - <string>libcurl 7.60.0</string> + <string>libcurl 7.61.0</string> <key>CFBundleGetInfoString</key> - <string>libcurl.plist 7.60.0</string> + <string>libcurl.plist 7.61.0</string> </dict> </plist> diff --git a/libs/libcurl/src/md5.c b/libs/libcurl/src/md5.c index 3096602b7e..d372c6da9f 100644 --- a/libs/libcurl/src/md5.c +++ b/libs/libcurl/src/md5.c @@ -527,7 +527,7 @@ MD5_context *Curl_MD5_init(const MD5_params *md5params) MD5_context *ctxt; /* Create MD5 context */ - ctxt = malloc(sizeof *ctxt); + ctxt = malloc(sizeof(*ctxt)); if(!ctxt) return ctxt; diff --git a/libs/libcurl/src/memdebug.h b/libs/libcurl/src/memdebug.h index 6fb8b68511..233de65a47 100644 --- a/libs/libcurl/src/memdebug.h +++ b/libs/libcurl/src/memdebug.h @@ -8,7 +8,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -137,13 +137,6 @@ CURL_EXTERN int curl_fclose(FILE *file, int line, const char *source); #endif #endif /* HAVE_GETADDRINFO */ -#ifdef HAVE_GETNAMEINFO -#undef getnameinfo -#define getnameinfo(sa,salen,host,hostlen,serv,servlen,flags) \ - curl_dogetnameinfo(sa, salen, host, hostlen, serv, servlen, flags, \ - __LINE__, __FILE__) -#endif /* HAVE_GETNAMEINFO */ - #ifdef HAVE_FREEADDRINFO #undef freeaddrinfo #define freeaddrinfo(data) \ diff --git a/libs/libcurl/src/mime.c b/libs/libcurl/src/mime.c index 4c0d2eebab..fd7beb9a4e 100644 --- a/libs/libcurl/src/mime.c +++ b/libs/libcurl/src/mime.c @@ -505,9 +505,6 @@ static size_t encoder_qp_read(char *buffer, size_t size, bool ateof, mime_encoder_state *st = &part->encstate; char *ptr = buffer; size_t cursize = 0; - int i; - size_t len; - size_t consumed; int softlinebreak; char buf[4]; @@ -516,9 +513,9 @@ static size_t encoder_qp_read(char *buffer, size_t size, bool ateof, character constants that can be interpreted as non-ascii on some platforms. Preserve ASCII encoding on output too. */ while(st->bufbeg < st->bufend) { - len = 1; - consumed = 1; - i = st->buf[st->bufbeg]; + size_t len = 1; + size_t consumed = 1; + int i = st->buf[st->bufbeg]; buf[0] = (char) i; buf[1] = aschex[(i >> 4) & 0xF]; buf[2] = aschex[i & 0xF]; @@ -787,10 +784,10 @@ static size_t read_encoded_part_content(curl_mimepart *part, st->bufbeg = 0; st->bufend = len; } - if(st->bufend >= sizeof st->buf) + if(st->bufend >= sizeof(st->buf)) return cursize? cursize: READ_ERROR; /* Buffer full. */ sz = read_part_content(part, st->buf + st->bufend, - sizeof st->buf - st->bufend); + sizeof(st->buf) - st->bufend); switch(sz) { case 0: ateof = TRUE; @@ -813,8 +810,6 @@ static size_t readback_part(curl_mimepart *part, char *buffer, size_t bufsize) { size_t cursize = 0; - size_t sz; - struct curl_slist *hdr; #ifdef CURL_DOES_CONVERSIONS char *convbuf = buffer; #endif @@ -822,8 +817,8 @@ static size_t readback_part(curl_mimepart *part, /* Readback from part. */ while(bufsize) { - sz = 0; - hdr = (struct curl_slist *) part->state.ptr; + size_t sz = 0; + struct curl_slist *hdr = (struct curl_slist *) part->state.ptr; switch(part->state.state) { case MIMESTATE_BEGIN: mimesetstate(&part->state, part->flags & MIME_BODY_ONLY? MIMESTATE_BODY: @@ -918,8 +913,6 @@ static size_t mime_subparts_read(char *buffer, size_t size, size_t nitems, { curl_mime *mime = (curl_mime *) instream; size_t cursize = 0; - size_t sz; - curl_mimepart *part; #ifdef CURL_DOES_CONVERSIONS char *convbuf = buffer; #endif @@ -927,8 +920,8 @@ static size_t mime_subparts_read(char *buffer, size_t size, size_t nitems, (void) size; /* Always 1. */ while(nitems) { - sz = 0; - part = mime->state.ptr; + size_t sz = 0; + curl_mimepart *part = mime->state.ptr; switch(mime->state.state) { case MIMESTATE_BEGIN: case MIMESTATE_BODY: @@ -1044,7 +1037,6 @@ static int mime_subparts_seek(void *instream, curl_off_t offset, int whence) curl_mime *mime = (curl_mime *) instream; curl_mimepart *part; int result = CURL_SEEKFUNC_OK; - int res; if(whence != SEEK_SET || offset) return CURL_SEEKFUNC_CANTSEEK; /* Only support full rewind. */ @@ -1053,7 +1045,7 @@ static int mime_subparts_seek(void *instream, curl_off_t offset, int whence) return CURL_SEEKFUNC_OK; /* Already rewound. */ for(part = mime->firstpart; part; part = part->nextpart) { - res = mime_part_rewind(part); + int res = mime_part_rewind(part); if(res != CURL_SEEKFUNC_OK) result = res; } @@ -1220,7 +1212,7 @@ curl_mime *curl_mime_init(struct Curl_easy *easy) { curl_mime *mime; - mime = (curl_mime *) malloc(sizeof *mime); + mime = (curl_mime *) malloc(sizeof(*mime)); if(mime) { mime->easy = easy; @@ -1247,7 +1239,7 @@ curl_mime *curl_mime_init(struct Curl_easy *easy) /* Initialize a mime part. */ void Curl_mime_initpart(curl_mimepart *part, struct Curl_easy *easy) { - memset((char *) part, 0, sizeof *part); + memset((char *) part, 0, sizeof(*part)); part->easy = easy; mimesetstate(&part->state, MIMESTATE_BEGIN, NULL); } @@ -1260,7 +1252,7 @@ curl_mimepart *curl_mime_addpart(curl_mime *mime) if(!mime) return NULL; - part = (curl_mimepart *) malloc(sizeof *part); + part = (curl_mimepart *) malloc(sizeof(*part)); if(part) { Curl_mime_initpart(part, mime->easy); @@ -1349,7 +1341,6 @@ CURLcode curl_mime_data(curl_mimepart *part, CURLcode curl_mime_filedata(curl_mimepart *part, const char *filename) { CURLcode result = CURLE_OK; - char *base; if(!part) return CURLE_BAD_FUNCTION_ARGUMENT; @@ -1357,6 +1348,7 @@ CURLcode curl_mime_filedata(curl_mimepart *part, const char *filename) cleanup_part_content(part); if(filename) { + char *base; struct_stat sbuf; if(stat(filename, &sbuf) || access(filename, R_OK)) @@ -1564,7 +1556,6 @@ static size_t slist_size(struct curl_slist *s, static curl_off_t multipart_size(curl_mime *mime) { curl_off_t size; - curl_off_t sz; size_t boundarysize; curl_mimepart *part; @@ -1575,7 +1566,7 @@ static curl_off_t multipart_size(curl_mime *mime) size = boundarysize; /* Final boundary - CRLF after headers. */ for(part = mime->firstpart; part; part = part->nextpart) { - sz = Curl_mime_size(part); + curl_off_t sz = Curl_mime_size(part); if(sz < 0) size = sz; @@ -1643,8 +1634,6 @@ static CURLcode add_content_type(struct curl_slist **slp, const char *Curl_mime_contenttype(const char *filename) { - unsigned int i; - /* * If no content type was specified, we scan through a few well-known * extensions and pick the first we match! @@ -1669,8 +1658,9 @@ const char *Curl_mime_contenttype(const char *filename) if(filename) { size_t len1 = strlen(filename); const char *nameend = filename + len1; + unsigned int i; - for(i = 0; i < sizeof ctts / sizeof ctts[0]; i++) { + for(i = 0; i < sizeof(ctts) / sizeof(ctts[0]); i++) { size_t len2 = strlen(ctts[i].extension); if(len1 >= len2 && strcasecompare(nameend - len2, ctts[i].extension)) diff --git a/libs/libcurl/src/mk-ca-bundle.pl b/libs/libcurl/src/mk-ca-bundle.pl index 5a84f6b0b1..33977f3226 100644 --- a/libs/libcurl/src/mk-ca-bundle.pl +++ b/libs/libcurl/src/mk-ca-bundle.pl @@ -136,6 +136,7 @@ if ($opt_i) { print "Perl Version : $]\n"; print "Operating System Name : $^O\n"; print "Getopt::Std.pm Version : ${Getopt::Std::VERSION}\n"; + print "Encode::Encoding.pm Version : ${Encode::Encoding::VERSION}\n"; print "MIME::Base64.pm Version : ${MIME::Base64::VERSION}\n"; print "LWP::UserAgent.pm Version : ${LWP::UserAgent::VERSION}\n" if($LWP::UserAgent::VERSION); print "LWP.pm Version : ${LWP::VERSION}\n" if($LWP::VERSION); @@ -376,6 +377,9 @@ my $newhash= sha256($txt); if(!$opt_f && $oldhash eq $newhash) { report "Downloaded file identical to previous run\'s source file. Exiting"; + if($opt_u && -e $txt && !unlink($txt)) { + report "Failed to remove $txt: $!\n"; + } exit; } @@ -479,6 +483,7 @@ while (<TXT>) { if ( !should_output_cert(%trust_purposes_by_level) ) { $skipnum ++; + report "Skipping: $caname" if ($opt_v); } else { my $encoded = MIME::Base64::encode_base64($data, ''); $encoded =~ s/(.{1,${opt_w}})/$1\n/g; @@ -487,7 +492,7 @@ while (<TXT>) { . "-----END CERTIFICATE-----\n"; print CRT "\n$caname\n"; print CRT @precert if($opt_m); - my $maxStringLength = length(decode('UTF-8', $caname, Encode::FB_CROAK)); + my $maxStringLength = length(decode('UTF-8', $caname, Encode::FB_CROAK | Encode::LEAVE_SRC)); if ($opt_t) { foreach my $key (keys %trust_purposes_by_level) { my $string = $key . ": " . join(", ", @{$trust_purposes_by_level{$key}}); diff --git a/libs/libcurl/src/multi.c b/libs/libcurl/src/multi.c index f852846952..c1d48a3ed9 100644 --- a/libs/libcurl/src/multi.c +++ b/libs/libcurl/src/multi.c @@ -31,6 +31,7 @@ #include "progress.h" #include "easyif.h" #include "share.h" +#include "psl.h" #include "multiif.h" #include "sendf.h" #include "timeval.h" @@ -68,8 +69,8 @@ #define GOOD_MULTI_HANDLE(x) \ ((x) && (x)->type == CURL_MULTI_HANDLE) -static void singlesocket(struct Curl_multi *multi, - struct Curl_easy *data); +static CURLMcode singlesocket(struct Curl_multi *multi, + struct Curl_easy *data); static int update_timer(struct Curl_multi *multi); static CURLMcode add_next_timeout(struct curltime now, @@ -409,6 +410,14 @@ CURLMcode curl_multi_add_handle(struct Curl_multi *multi, else data->state.conn_cache = &multi->conn_cache; +#ifdef USE_LIBPSL + /* Do the same for PSL. */ + if(data->share && (data->share->specifier & (1 << CURL_LOCK_DATA_PSL))) + data->psl = &data->share->psl; + else + data->psl = &multi->psl; +#endif + /* This adds the new entry at the 'end' of the doubly-linked circular list of Curl_easy structs to try and maintain a FIFO queue so the pipelined requests are in order. */ @@ -449,7 +458,7 @@ CURLMcode curl_multi_add_handle(struct Curl_multi *multi, happens if the lastcall time is set to the same time when the handle is removed as when the next handle is added, as then the check in update_timer() that prevents calling the application multiple times with - the same timer infor will not trigger and then the new handle's timeout + the same timer info will not trigger and then the new handle's timeout will not be notified to the app. The work-around is thus simply to clear the 'lastcall' variable to force @@ -506,6 +515,11 @@ static CURLcode multi_done(struct connectdata **connp, /* Stop if multi_done() has already been called */ return CURLE_OK; + if(data->mstate == CURLM_STATE_WAITRESOLVE) { + /* still waiting for the resolve to complete */ + (void)Curl_resolver_wait_resolv(conn, NULL); + } + Curl_getoff_all_pipelines(data, conn); /* Cleanup possible redirect junk */ @@ -546,7 +560,7 @@ static CURLcode multi_done(struct connectdata **connp, if(conn->send_pipe.size || conn->recv_pipe.size) { /* Stop if pipeline is not empty . */ data->easy_conn = NULL; - DEBUGF(infof(data, "Connection still in use %d/%d, " + DEBUGF(infof(data, "Connection still in use %zu/%zu, " "no more multi_done now!\n", conn->send_pipe.size, conn->recv_pipe.size)); return CURLE_OK; @@ -698,6 +712,11 @@ CURLMcode curl_multi_remove_handle(struct Curl_multi *multi, Curl_getoff_all_pipelines(data, data->easy_conn); } + if(data->connect_queue.ptr) + /* the handle was in the pending list waiting for an available connection, + so go ahead and remove it */ + Curl_llist_remove(&multi->pending, &data->connect_queue, NULL); + if(data->dns.hostcachetype == HCACHE_MULTI) { /* stop using the multi handle's DNS cache, *after* the possible multi_done() call above */ @@ -727,6 +746,12 @@ CURLMcode curl_multi_remove_handle(struct Curl_multi *multi, data->easy_conn = NULL; } +#ifdef USE_LIBPSL + /* Remove the PSL association. */ + if(data->psl == &multi->psl) + data->psl = NULL; +#endif + data->multi = NULL; /* clear the association to this multi handle */ /* make sure there's no pending message in the queue sent from this easy @@ -902,7 +927,6 @@ CURLMcode curl_multi_fdset(struct Curl_multi *multi, struct Curl_easy *data; int this_max_fd = -1; curl_socket_t sockbunch[MAX_SOCKSPEREASYHANDLE]; - int bitmap; int i; (void)exc_fd_set; /* not used */ @@ -914,7 +938,7 @@ CURLMcode curl_multi_fdset(struct Curl_multi *multi, data = multi->easyp; while(data) { - bitmap = multi_getsock(data, sockbunch, MAX_SOCKSPEREASYHANDLE); + int bitmap = multi_getsock(data, sockbunch, MAX_SOCKSPEREASYHANDLE); for(i = 0; i< MAX_SOCKSPEREASYHANDLE; i++) { curl_socket_t s = CURL_SOCKET_BAD; @@ -1068,8 +1092,6 @@ CURLMcode curl_multi_wait(struct Curl_multi *multi, int pollrc; /* wait... */ pollrc = Curl_poll(ufds, nfds, timeout_ms); - DEBUGF(infof(data, "Curl_poll(%d ds, %d ms) == %d\n", - nfds, timeout_ms, pollrc)); if(pollrc > 0) { retcode = pollrc; @@ -2220,6 +2242,11 @@ CURLMcode curl_multi_cleanup(struct Curl_multi *multi) data->state.conn_cache = NULL; data->multi = NULL; /* clear the association */ +#ifdef USE_LIBPSL + if(data->psl == &multi->psl) + data->psl = NULL; +#endif + data = nextdata; } @@ -2232,6 +2259,7 @@ CURLMcode curl_multi_cleanup(struct Curl_multi *multi) Curl_llist_destroy(&multi->pending, NULL); Curl_hash_destroy(&multi->hostcache); + Curl_psl_destroy(&multi->psl); /* Free the blacklists by setting them to NULL */ Curl_pipeline_set_site_blacklist(NULL, &multi->pipelining_site_bl); @@ -2286,8 +2314,8 @@ CURLMsg *curl_multi_info_read(struct Curl_multi *multi, int *msgs_in_queue) * and if we have a different state in any of those sockets from last time we * call the callback accordingly. */ -static void singlesocket(struct Curl_multi *multi, - struct Curl_easy *data) +static CURLMcode singlesocket(struct Curl_multi *multi, + struct Curl_easy *data) { curl_socket_t socks[MAX_SOCKSPEREASYHANDLE]; int i; @@ -2334,7 +2362,7 @@ static void singlesocket(struct Curl_multi *multi, entry = sh_addentry(&multi->sockhash, s, data); if(!entry) /* fatal */ - return; + return CURLM_OUT_OF_MEMORY; } /* we know (entry != NULL) at this point, see the logic above */ @@ -2422,6 +2450,7 @@ static void singlesocket(struct Curl_multi *multi, memcpy(data->sockets, socks, num*sizeof(curl_socket_t)); data->numsocks = num; + return CURLM_OK; } void Curl_updatesocket(struct Curl_easy *data) @@ -2535,8 +2564,8 @@ static CURLMcode multi_socket(struct Curl_multi *multi, and callbacks */ if(result != CURLM_BAD_HANDLE) { data = multi->easyp; - while(data) { - singlesocket(multi, data); + while(data && !result) { + result = singlesocket(multi, data); data = data->next; } } @@ -2590,10 +2619,13 @@ static CURLMcode multi_socket(struct Curl_multi *multi, /* clear the bitmask only if not locked */ data->easy_conn->cselect_bits = 0; - if(CURLM_OK >= result) + if(CURLM_OK >= result) { /* get the socket(s) and check if the state has been changed since last */ - singlesocket(multi, data); + result = singlesocket(multi, data); + if(result) + return result; + } /* Now we fall-through and do the timer-based stuff, since we don't want to force the user to have to deal with timeouts as long as at least @@ -2627,10 +2659,13 @@ static CURLMcode multi_socket(struct Curl_multi *multi, result = multi_runsingle(multi, now, data); sigpipe_restore(&pipe_st); - if(CURLM_OK >= result) + if(CURLM_OK >= result) { /* get the socket(s) and check if the state has been changed since last */ - singlesocket(multi, data); + result = singlesocket(multi, data); + if(result) + return result; + } } /* Check if there's one (more) expired timer to deal with! This function @@ -2924,7 +2959,6 @@ void Curl_expire(struct Curl_easy *data, time_t milli, expire_id id) { struct Curl_multi *multi = data->multi; struct curltime *nowp = &data->state.expiretime; - int rc; struct curltime set; /* this is only interesting while there is still an associated multi struct @@ -2955,6 +2989,7 @@ void Curl_expire(struct Curl_easy *data, time_t milli, expire_id id) Compare if the new time is earlier, and only remove-old/add-new if it is. */ timediff_t diff = Curl_timediff(set, *nowp); + int rc; if(diff > 0) { /* The current splay tree entry is sooner than this new expiry time. @@ -3000,7 +3035,6 @@ void Curl_expire_clear(struct Curl_easy *data) { struct Curl_multi *multi = data->multi; struct curltime *nowp = &data->state.expiretime; - int rc; /* this is only interesting while there is still an associated multi struct remaining! */ @@ -3011,6 +3045,7 @@ void Curl_expire_clear(struct Curl_easy *data) /* Since this is an cleared time, we must remove the previous entry from the splay tree */ struct curl_llist *list = &data->state.timeoutlist; + int rc; rc = Curl_splayremovebyaddr(multi->timetree, &data->state.timenode, diff --git a/libs/libcurl/src/multihandle.h b/libs/libcurl/src/multihandle.h index 1a5017f4a0..ea2bf352df 100644 --- a/libs/libcurl/src/multihandle.h +++ b/libs/libcurl/src/multihandle.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -23,6 +23,7 @@ ***************************************************************************/ #include "conncache.h" +#include "psl.h" struct Curl_message { struct curl_llist_element list; @@ -97,6 +98,11 @@ struct Curl_multi { /* Hostname cache */ struct curl_hash hostcache; +#ifdef USE_LIBPSL + /* PSL cache. */ + struct PslCache psl; +#endif + /* timetree points to the splay-tree of time nodes to figure out expire times of all currently set timers */ struct Curl_tree *timetree; diff --git a/libs/libcurl/src/netrc.c b/libs/libcurl/src/netrc.c index dbcc59ac93..a407bdaacc 100644 --- a/libs/libcurl/src/netrc.c +++ b/libs/libcurl/src/netrc.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -115,7 +115,7 @@ int Curl_parsenetrc(const char *host, char *tok; char *tok_buf; bool done = FALSE; - char netrcbuffer[256]; + char netrcbuffer[4096]; int netrcbuffsize = (int)sizeof(netrcbuffer); while(!done && fgets(netrcbuffer, netrcbuffsize, file)) { diff --git a/libs/libcurl/src/pingpong.c b/libs/libcurl/src/pingpong.c index ad370ee829..2e93d201f1 100644 --- a/libs/libcurl/src/pingpong.c +++ b/libs/libcurl/src/pingpong.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -49,7 +49,6 @@ time_t Curl_pp_state_timeout(struct pingpong *pp) struct connectdata *conn = pp->conn; struct Curl_easy *data = conn->data; time_t timeout_ms; /* in milliseconds */ - time_t timeout2_ms; /* in milliseconds */ long response_time = (data->set.server_response_timeout)? data->set.server_response_timeout: pp->response_time; @@ -65,7 +64,7 @@ time_t Curl_pp_state_timeout(struct pingpong *pp) if(data->set.timeout) { /* if timeout is requested, find out how much remaining time we have */ - timeout2_ms = data->set.timeout - /* timeout time */ + time_t timeout2_ms = data->set.timeout - /* timeout time */ Curl_timediff(Curl_now(), conn->now); /* spent time */ /* pick the lowest number */ @@ -222,8 +221,7 @@ CURLcode Curl_pp_vsendf(struct pingpong *pp, } if(conn->data->set.verbose) - Curl_debug(conn->data, CURLINFO_HEADER_OUT, - s, (size_t)bytes_written, conn); + Curl_debug(conn->data, CURLINFO_HEADER_OUT, s, (size_t)bytes_written); if(bytes_written != (ssize_t)write_len) { /* the whole chunk was not sent, keep it around and adjust sizes */ @@ -371,7 +369,7 @@ CURLcode Curl_pp_readresp(curl_socket_t sockfd, #endif if(data->set.verbose) Curl_debug(data, CURLINFO_HEADER_IN, - pp->linestart_resp, (size_t)perline, conn); + pp->linestart_resp, (size_t)perline); /* * We pass all response-lines to the callback function registered diff --git a/libs/libcurl/src/pipeline.c b/libs/libcurl/src/pipeline.c index 4d41b04139..0689409205 100644 --- a/libs/libcurl/src/pipeline.c +++ b/libs/libcurl/src/pipeline.c @@ -82,7 +82,8 @@ bool Curl_pipeline_penalized(struct Curl_easy *data, penalized = TRUE; infof(data, "Conn: %ld (%p) Receive pipe weight: (%" - CURL_FORMAT_CURL_OFF_T "/%zu), penalized: %s\n", + CURL_FORMAT_CURL_OFF_T "/%" CURL_FORMAT_CURL_OFF_T + "), penalized: %s\n", conn->connection_id, (void *)conn, recv_size, conn->chunk.datasize, penalized?"TRUE":"FALSE"); return penalized; diff --git a/libs/libcurl/src/pop3.c b/libs/libcurl/src/pop3.c index 78f6afef1f..cd994f63d1 100644 --- a/libs/libcurl/src/pop3.c +++ b/libs/libcurl/src/pop3.c @@ -613,7 +613,6 @@ static CURLcode pop3_state_servergreet_resp(struct connectdata *conn, struct pop3_conn *pop3c = &conn->proto.pop3c; const char *line = data->state.buffer; size_t len = strlen(line); - size_t i; (void)instate; /* no use for this yet */ @@ -625,6 +624,7 @@ static CURLcode pop3_state_servergreet_resp(struct connectdata *conn, /* Does the server support APOP authentication? */ if(len >= 4 && line[len - 2] == '>') { /* Look for the APOP timestamp */ + size_t i; for(i = 3; i < len - 2; ++i) { if(line[i] == '<') { /* Calculate the length of the timestamp */ @@ -664,7 +664,6 @@ static CURLcode pop3_state_capa_resp(struct connectdata *conn, int pop3code, struct pop3_conn *pop3c = &conn->proto.pop3c; const char *line = data->state.buffer; size_t len = strlen(line); - size_t wordlen; (void)instate; /* no use for this yet */ @@ -689,6 +688,7 @@ static CURLcode pop3_state_capa_resp(struct connectdata *conn, int pop3code, /* Loop through the data line */ for(;;) { size_t llen; + size_t wordlen; unsigned int mechbit; while(len && diff --git a/libs/libcurl/src/progress.c b/libs/libcurl/src/progress.c index f59faa3d3f..a94668dc2a 100644 --- a/libs/libcurl/src/progress.c +++ b/libs/libcurl/src/progress.c @@ -35,22 +35,22 @@ byte) */ static void time2str(char *r, curl_off_t seconds) { - curl_off_t d, h, m, s; + curl_off_t h; if(seconds <= 0) { strcpy(r, "--:--:--"); return; } h = seconds / CURL_OFF_T_C(3600); if(h <= CURL_OFF_T_C(99)) { - m = (seconds - (h*CURL_OFF_T_C(3600))) / CURL_OFF_T_C(60); - s = (seconds - (h*CURL_OFF_T_C(3600))) - (m*CURL_OFF_T_C(60)); + curl_off_t m = (seconds - (h*CURL_OFF_T_C(3600))) / CURL_OFF_T_C(60); + curl_off_t s = (seconds - (h*CURL_OFF_T_C(3600))) - (m*CURL_OFF_T_C(60)); snprintf(r, 9, "%2" CURL_FORMAT_CURL_OFF_T ":%02" CURL_FORMAT_CURL_OFF_T ":%02" CURL_FORMAT_CURL_OFF_T, h, m, s); } else { /* this equals to more than 99 hours, switch to a more suitable output format to fit within the limits. */ - d = seconds / CURL_OFF_T_C(86400); + curl_off_t d = seconds / CURL_OFF_T_C(86400); h = (seconds - (d*CURL_OFF_T_C(86400))) / CURL_OFF_T_C(3600); if(d <= CURL_OFF_T_C(999)) snprintf(r, 9, "%3" CURL_FORMAT_CURL_OFF_T @@ -369,25 +369,10 @@ void Curl_pgrsSetUploadSize(struct Curl_easy *data, curl_off_t size) int Curl_pgrsUpdate(struct connectdata *conn) { struct curltime now; - int result; - char max5[6][10]; - curl_off_t dlpercen = 0; - curl_off_t ulpercen = 0; - curl_off_t total_percen = 0; - curl_off_t total_transfer; - curl_off_t total_expected_transfer; curl_off_t timespent; curl_off_t timespent_ms; /* milliseconds */ struct Curl_easy *data = conn->data; int nowindex = data->progress.speeder_c% CURR_TIME; - int checkindex; - int countindex; /* amount of seconds stored in the speeder array */ - char time_left[10]; - char time_total[10]; - char time_spent[10]; - curl_off_t ulestimate = 0; - curl_off_t dlestimate = 0; - curl_off_t total_estimate; bool shownow = FALSE; curl_off_t dl = data->progress.downloaded; curl_off_t ul = data->progress.uploaded; @@ -413,6 +398,7 @@ int Curl_pgrsUpdate(struct connectdata *conn) /* Calculations done at most once a second, unless end is reached */ if(data->progress.lastshow != now.tv_sec) { + int countindex; /* amount of seconds stored in the speeder array */ shownow = TRUE; data->progress.lastshow = now.tv_sec; @@ -438,6 +424,7 @@ int Curl_pgrsUpdate(struct connectdata *conn) /* first of all, we don't do this if there's no counted seconds yet */ if(countindex) { + int checkindex; timediff_t span_ms; /* Get the index position to compare with the 'nowindex' position. @@ -477,8 +464,21 @@ int Curl_pgrsUpdate(struct connectdata *conn) if(!(data->progress.flags & PGRS_HIDE)) { /* progress meter has not been shut off */ + char max5[6][10]; + curl_off_t dlpercen = 0; + curl_off_t ulpercen = 0; + curl_off_t total_percen = 0; + curl_off_t total_transfer; + curl_off_t total_expected_transfer; + char time_left[10]; + char time_total[10]; + char time_spent[10]; + curl_off_t ulestimate = 0; + curl_off_t dlestimate = 0; + curl_off_t total_estimate; if(data->set.fxferinfo) { + int result; /* There's a callback set, call that */ Curl_set_in_callback(data, true); result = data->set.fxferinfo(data->set.progress_client, @@ -492,6 +492,7 @@ int Curl_pgrsUpdate(struct connectdata *conn) return result; } if(data->set.fprogress) { + int result; /* The older deprecated callback is set, call that */ Curl_set_in_callback(data, true); result = data->set.fprogress(data->set.progress_client, diff --git a/libs/libcurl/src/progress.h b/libs/libcurl/src/progress.h index 2baa925db2..92dbcbd9a6 100644 --- a/libs/libcurl/src/progress.h +++ b/libs/libcurl/src/progress.h @@ -56,23 +56,10 @@ timediff_t Curl_pgrsLimitWaitTime(curl_off_t cursize, struct curltime start, struct curltime now); -/* Don't show progress for sizes smaller than: */ -#define LEAST_SIZE_PROGRESS BUFSIZE - -#define PROGRESS_DOWNLOAD (1<<0) -#define PROGRESS_UPLOAD (1<<1) -#define PROGRESS_DOWN_AND_UP (PROGRESS_UPLOAD | PROGRESS_DOWNLOAD) - -#define PGRS_SHOW_DL (1<<0) -#define PGRS_SHOW_UL (1<<1) -#define PGRS_DONE_DL (1<<2) -#define PGRS_DONE_UL (1<<3) #define PGRS_HIDE (1<<4) #define PGRS_UL_SIZE_KNOWN (1<<5) #define PGRS_DL_SIZE_KNOWN (1<<6) - #define PGRS_HEADERS_OUT (1<<7) /* set when the headers have been written */ - #endif /* HEADER_CURL_PROGRESS_H */ diff --git a/libs/libcurl/src/psl.c b/libs/libcurl/src/psl.c new file mode 100644 index 0000000000..568baff03f --- /dev/null +++ b/libs/libcurl/src/psl.c @@ -0,0 +1,111 @@ +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.haxx.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ + +#include "curl_setup.h" + +#include <curl/curl.h> + +#ifdef USE_LIBPSL + +#include "psl.h" +#include "share.h" + +/* The last 3 #include files should be in this order */ +#include "curl_printf.h" +#include "curl_memory.h" +#include "memdebug.h" + +void Curl_psl_destroy(struct PslCache *pslcache) +{ + if(pslcache->psl) { + if(pslcache->dynamic) + psl_free((psl_ctx_t *) pslcache->psl); + pslcache->psl = NULL; + pslcache->dynamic = FALSE; + } +} + +static time_t now_seconds(void) +{ + struct curltime now = Curl_now(); + + return now.tv_sec; +} + +const psl_ctx_t *Curl_psl_use(struct Curl_easy *easy) +{ + struct PslCache *pslcache = easy->psl; + const psl_ctx_t *psl; + time_t now; + + if(!pslcache) + return NULL; + + Curl_share_lock(easy, CURL_LOCK_DATA_PSL, CURL_LOCK_ACCESS_SHARED); + now = now_seconds(); + if(!pslcache->psl || pslcache->expires <= now) { + /* Let a chance to other threads to do the job: avoids deadlock. */ + Curl_share_unlock(easy, CURL_LOCK_DATA_PSL); + + /* Update cache: this needs an exclusive lock. */ + Curl_share_lock(easy, CURL_LOCK_DATA_PSL, CURL_LOCK_ACCESS_SINGLE); + + /* Recheck in case another thread did the job. */ + now = now_seconds(); + if(!pslcache->psl || pslcache->expires <= now) { + bool dynamic = FALSE; + time_t expires = TIME_T_MAX; + +#if defined(PSL_VERSION_NUMBER) && PSL_VERSION_NUMBER >= 0x001000 + psl = psl_latest(NULL); + dynamic = psl != NULL; + /* Take care of possible time computation overflow. */ + expires = now < TIME_T_MAX - PSL_TTL? now + PSL_TTL: TIME_T_MAX; + + /* Only get the built-in PSL if we do not already have the "latest". */ + if(!psl && !pslcache->dynamic) +#endif + + psl = psl_builtin(); + + if(psl) { + Curl_psl_destroy(pslcache); + pslcache->psl = psl; + pslcache->dynamic = dynamic; + pslcache->expires = expires; + } + } + Curl_share_unlock(easy, CURL_LOCK_DATA_PSL); /* Release exclusive lock. */ + Curl_share_lock(easy, CURL_LOCK_DATA_PSL, CURL_LOCK_ACCESS_SHARED); + } + psl = pslcache->psl; + if(!psl) + Curl_share_unlock(easy, CURL_LOCK_DATA_PSL); + return psl; +} + +void Curl_psl_release(struct Curl_easy *easy) +{ + Curl_share_unlock(easy, CURL_LOCK_DATA_PSL); +} + +#endif /* USE_LIBPSL */ diff --git a/libs/libcurl/src/psl.h b/libs/libcurl/src/psl.h new file mode 100644 index 0000000000..e9f99d03ec --- /dev/null +++ b/libs/libcurl/src/psl.h @@ -0,0 +1,47 @@ +#ifndef HEADER_PSL_H +#define HEADER_PSL_H +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.haxx.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ + +#ifdef USE_LIBPSL +#include <libpsl.h> + +#define PSL_TTL (72 * 3600) /* PSL time to live before a refresh. */ + +struct PslCache { + const psl_ctx_t *psl; /* The PSL. */ + time_t expires; /* Time this PSL life expires. */ + bool dynamic; /* PSL should be released when no longer needed. */ +}; + +const psl_ctx_t *Curl_psl_use(struct Curl_easy *easy); +void Curl_psl_release(struct Curl_easy *easy); +void Curl_psl_destroy(struct PslCache *pslcache); + +#else + +#define Curl_psl_use(easy) NULL +#define Curl_psl_release(easy) +#define Curl_psl_destroy(pslcache) + +#endif /* USE_LIBPSL */ +#endif /* HEADER_PSL_H */ diff --git a/libs/libcurl/src/rand.c b/libs/libcurl/src/rand.c index 0769ed1512..1dc2504acc 100644 --- a/libs/libcurl/src/rand.c +++ b/libs/libcurl/src/rand.c @@ -158,7 +158,7 @@ CURLcode Curl_rand_hex(struct Curl_easy *data, unsigned char *rnd, DEBUGASSERT(num > 1); #ifdef __clang_analyzer__ - /* This silences a scan-build warning about accesssing this buffer with + /* This silences a scan-build warning about accessing this buffer with uninitialized memory. */ memset(buffer, 0, sizeof(buffer)); #endif diff --git a/libs/libcurl/src/rtsp.c b/libs/libcurl/src/rtsp.c index 41f3000139..182ee29588 100644 --- a/libs/libcurl/src/rtsp.c +++ b/libs/libcurl/src/rtsp.c @@ -218,8 +218,6 @@ static CURLcode rtsp_done(struct connectdata *conn, struct Curl_easy *data = conn->data; struct RTSP *rtsp = data->req.protop; CURLcode httpStatus; - long CSeq_sent; - long CSeq_recv; /* Bypass HTTP empty-reply checks on receive */ if(data->set.rtspreq == RTSPREQ_RECEIVE) @@ -229,8 +227,8 @@ static CURLcode rtsp_done(struct connectdata *conn, if(rtsp) { /* Check the sequence numbers */ - CSeq_sent = rtsp->CSeq_sent; - CSeq_recv = rtsp->CSeq_recv; + long CSeq_sent = rtsp->CSeq_sent; + long CSeq_recv = rtsp->CSeq_recv; if((data->set.rtspreq != RTSPREQ_RECEIVE) && (CSeq_sent != CSeq_recv)) { failf(data, "The CSeq of this request %ld did not match the response %ld", diff --git a/libs/libcurl/src/security.c b/libs/libcurl/src/security.c index ac39dae091..abf242c38d 100644 --- a/libs/libcurl/src/security.c +++ b/libs/libcurl/src/security.c @@ -390,7 +390,7 @@ int Curl_sec_read_msg(struct connectdata *conn, char *buffer, if(conn->data->set.verbose) { buf[decoded_len] = '\n'; - Curl_debug(conn->data, CURLINFO_HEADER_IN, buf, decoded_len + 1, conn); + Curl_debug(conn->data, CURLINFO_HEADER_IN, buf, decoded_len + 1); } buf[decoded_len] = '\0'; @@ -488,7 +488,7 @@ static CURLcode choose_mech(struct connectdata *conn) tmp_allocation = realloc(conn->app_data, mech->size); if(tmp_allocation == NULL) { - failf(data, "Failed realloc of size %u", mech->size); + failf(data, "Failed realloc of size %zu", mech->size); mech = NULL; return CURLE_OUT_OF_MEMORY; } diff --git a/libs/libcurl/src/select.c b/libs/libcurl/src/select.c index 28390a4a6a..8cd9eb2add 100644 --- a/libs/libcurl/src/select.c +++ b/libs/libcurl/src/select.c @@ -80,7 +80,6 @@ int Curl_wait_ms(int timeout_ms) #endif struct curltime initial_tv; int pending_ms; - int error; #endif int r = 0; @@ -98,6 +97,7 @@ int Curl_wait_ms(int timeout_ms) pending_ms = timeout_ms; initial_tv = Curl_now(); do { + int error; #if defined(HAVE_POLL_FINE) r = poll(NULL, 0, pending_ms); #else @@ -160,7 +160,6 @@ int Curl_socket_check(curl_socket_t readfd0, /* two sockets to read from */ #endif struct curltime initial_tv = {0, 0}; int pending_ms = 0; - int error; int r; int ret; @@ -210,6 +209,7 @@ int Curl_socket_check(curl_socket_t readfd0, /* two sockets to read from */ } do { + int error; if(timeout_ms < 0) pending_ms = -1; else if(!timeout_ms) @@ -291,6 +291,7 @@ int Curl_socket_check(curl_socket_t readfd0, /* two sockets to read from */ ptimeout = (timeout_ms < 0) ? NULL : &pending_tv; do { + int error; if(timeout_ms > 0) { pending_tv.tv_sec = pending_ms / 1000; pending_tv.tv_usec = (pending_ms % 1000) * 1000; @@ -402,7 +403,6 @@ int Curl_poll(struct pollfd ufds[], unsigned int nfds, int timeout_ms) bool fds_none = TRUE; unsigned int i; int pending_ms = 0; - int error; int r; if(ufds) { @@ -431,6 +431,7 @@ int Curl_poll(struct pollfd ufds[], unsigned int nfds, int timeout_ms) #ifdef HAVE_POLL_FINE do { + int error; if(timeout_ms < 0) pending_ms = -1; else if(!timeout_ms) @@ -502,6 +503,7 @@ int Curl_poll(struct pollfd ufds[], unsigned int nfds, int timeout_ms) ptimeout = (timeout_ms < 0) ? NULL : &pending_tv; do { + int error; if(timeout_ms > 0) { pending_tv.tv_sec = pending_ms / 1000; pending_tv.tv_usec = (pending_ms % 1000) * 1000; diff --git a/libs/libcurl/src/sendf.c b/libs/libcurl/src/sendf.c index 27c0ccc730..d3c10b3690 100644 --- a/libs/libcurl/src/sendf.c +++ b/libs/libcurl/src/sendf.c @@ -240,7 +240,7 @@ void Curl_infof(struct Curl_easy *data, const char *fmt, ...) vsnprintf(print_buffer, sizeof(print_buffer), fmt, ap); va_end(ap); len = strlen(print_buffer); - Curl_debug(data, CURLINFO_TEXT, print_buffer, len, NULL); + Curl_debug(data, CURLINFO_TEXT, print_buffer, len); } } @@ -265,7 +265,7 @@ void Curl_failf(struct Curl_easy *data, const char *fmt, ...) if(data->set.verbose) { error[len] = '\n'; error[++len] = '\0'; - Curl_debug(data, CURLINFO_TEXT, error, len, NULL); + Curl_debug(data, CURLINFO_TEXT, error, len); } va_end(ap); } @@ -300,7 +300,7 @@ CURLcode Curl_sendf(curl_socket_t sockfd, struct connectdata *conn, break; if(data->set.verbose) - Curl_debug(data, CURLINFO_DATA_OUT, sptr, (size_t)bytes_written, conn); + Curl_debug(data, CURLINFO_DATA_OUT, sptr, (size_t)bytes_written); if((size_t)bytes_written != write_len) { /* if not all was written at once, we must advance the pointer, decrease @@ -762,8 +762,8 @@ CURLcode Curl_read(struct connectdata *conn, /* connection data */ } /* return 0 on success */ -static int showit(struct Curl_easy *data, curl_infotype type, - char *ptr, size_t size) +int Curl_debug(struct Curl_easy *data, curl_infotype type, + char *ptr, size_t size) { static const char s_infotype[CURLINFO_END][3] = { "* ", "< ", "> ", "{ ", "} ", "{ ", "} " }; @@ -834,41 +834,3 @@ static int showit(struct Curl_easy *data, curl_infotype type, #endif return rc; } - -int Curl_debug(struct Curl_easy *data, curl_infotype type, - char *ptr, size_t size, - struct connectdata *conn) -{ - int rc; - if(data->set.printhost && conn && conn->host.dispname) { - char buffer[160]; - const char *t = NULL; - const char *w = "Data"; - switch(type) { - case CURLINFO_HEADER_IN: - w = "Header"; - /* FALLTHROUGH */ - case CURLINFO_DATA_IN: - t = "from"; - break; - case CURLINFO_HEADER_OUT: - w = "Header"; - /* FALLTHROUGH */ - case CURLINFO_DATA_OUT: - t = "to"; - break; - default: - break; - } - - if(t) { - snprintf(buffer, sizeof(buffer), "[%s %s %s]", w, t, - conn->host.dispname); - rc = showit(data, CURLINFO_TEXT, buffer, strlen(buffer)); - if(rc) - return rc; - } - } - rc = showit(data, type, ptr, size); - return rc; -} diff --git a/libs/libcurl/src/sendf.h b/libs/libcurl/src/sendf.h index 7c9134decc..7627fe6c5f 100644 --- a/libs/libcurl/src/sendf.h +++ b/libs/libcurl/src/sendf.h @@ -84,9 +84,8 @@ CURLcode Curl_write_plain(struct connectdata *conn, ssize_t *written); /* the function used to output verbose information */ -int Curl_debug(struct Curl_easy *handle, curl_infotype type, - char *data, size_t size, - struct connectdata *conn); +int Curl_debug(struct Curl_easy *data, curl_infotype type, + char *ptr, size_t size); #endif /* HEADER_CURL_SENDF_H */ diff --git a/libs/libcurl/src/setopt.c b/libs/libcurl/src/setopt.c index af53ee3efa..5ecf5b97f3 100644 --- a/libs/libcurl/src/setopt.c +++ b/libs/libcurl/src/setopt.c @@ -142,6 +142,25 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_arg(param, char *)); break; + case CURLOPT_TLS13_CIPHERS: + if(Curl_ssl_tls13_ciphersuites()) { + /* set preferred list of TLS 1.3 cipher suites */ + result = Curl_setstropt(&data->set.str[STRING_SSL_CIPHER13_LIST_ORIG], + va_arg(param, char *)); + } + else + return CURLE_NOT_BUILT_IN; + break; + case CURLOPT_PROXY_TLS13_CIPHERS: + if(Curl_ssl_tls13_ciphersuites()) { + /* set preferred list of TLS 1.3 cipher suites for proxy */ + result = Curl_setstropt(&data->set.str[STRING_SSL_CIPHER13_LIST_PROXY], + va_arg(param, char *)); + } + else + return CURLE_NOT_BUILT_IN; + break; + case CURLOPT_RANDOM_FILE: /* * This is the path name to a file that contains random data to seed @@ -1942,6 +1961,11 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, if(data->share->sslsession == data->state.session) data->state.session = NULL; +#ifdef USE_LIBPSL + if(data->psl == &data->share->psl) + data->psl = data->multi? &data->multi->psl: NULL; +#endif + data->share->dirty--; Curl_share_unlock(data, CURL_LOCK_DATA_SHARE); @@ -1973,8 +1997,12 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, data->set.general_ssl.max_ssl_sessions = data->share->max_ssl_sessions; data->state.session = data->share->sslsession; } - Curl_share_unlock(data, CURL_LOCK_DATA_SHARE); +#ifdef USE_LIBPSL + if(data->share->specifier & (1 << CURL_LOCK_DATA_PSL)) + data->psl = &data->share->psl; +#endif + Curl_share_unlock(data, CURL_LOCK_DATA_SHARE); } /* check for host cache not needed, * it will be done by curl_easy_perform */ @@ -2562,6 +2590,10 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, case CURLOPT_DNS_SHUFFLE_ADDRESSES: data->set.dns_shuffle_addresses = (0 != va_arg(param, long)) ? TRUE:FALSE; break; + case CURLOPT_DISALLOW_USERNAME_IN_URL: + data->set.disallow_username_in_url = + (0 != va_arg(param, long)) ? TRUE : FALSE; + break; default: /* unknown tag and its companion, just ignore: */ result = CURLE_UNKNOWN_OPTION; diff --git a/libs/libcurl/src/sha256.c b/libs/libcurl/src/sha256.c index 55716c63b0..3ac1296121 100644 --- a/libs/libcurl/src/sha256.c +++ b/libs/libcurl/src/sha256.c @@ -130,8 +130,7 @@ static const unsigned long K[64] = { static int sha256_compress(struct sha256_state *md, unsigned char *buf) { - unsigned long S[8], W[64], t0, t1; - unsigned long t; + unsigned long S[8], W[64]; int i; /* copy state into S */ for(i = 0; i < 8; i++) { @@ -146,12 +145,13 @@ static int sha256_compress(struct sha256_state *md, W[i - 16]; } /* Compress */ -#define RND(a,b,c,d,e,f,g,h,i) \ - t0 = h + Sigma1(e) + Ch(e, f, g) + K[i] + W[i]; \ - t1 = Sigma0(a) + Maj(a, b, c); \ - d += t0; \ +#define RND(a,b,c,d,e,f,g,h,i) \ + unsigned long t0 = h + Sigma1(e) + Ch(e, f, g) + K[i] + W[i]; \ + unsigned long t1 = Sigma0(a) + Maj(a, b, c); \ + d += t0; \ h = t0 + t1; for(i = 0; i < 64; ++i) { + unsigned long t; RND(S[0], S[1], S[2], S[3], S[4], S[5], S[6], S[7], i); t = S[7]; S[7] = S[6]; S[6] = S[5]; S[5] = S[4]; S[4] = S[3]; S[3] = S[2]; S[2] = S[1]; S[1] = S[0]; S[0] = t; diff --git a/libs/libcurl/src/share.c b/libs/libcurl/src/share.c index 870b191fc2..3d5108610f 100644 --- a/libs/libcurl/src/share.c +++ b/libs/libcurl/src/share.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -25,6 +25,7 @@ #include <curl/curl.h> #include "urldata.h" #include "share.h" +#include "psl.h" #include "vtls/vtls.h" #include "curl_memory.h" @@ -106,6 +107,12 @@ curl_share_setopt(struct Curl_share *share, CURLSHoption option, ...) res = CURLSHE_NOMEM; break; + case CURL_LOCK_DATA_PSL: +#ifndef USE_LIBPSL + res = CURLSHE_NOT_BUILT_IN; +#endif + break; + default: res = CURLSHE_BAD_OPTION; } @@ -205,6 +212,8 @@ curl_share_cleanup(struct Curl_share *share) } #endif + Curl_psl_destroy(&share->psl); + if(share->unlockfunc) share->unlockfunc(NULL, CURL_LOCK_DATA_SHARE, share->clientdata); free(share); diff --git a/libs/libcurl/src/share.h b/libs/libcurl/src/share.h index 4b13406d9f..a7dea41adb 100644 --- a/libs/libcurl/src/share.h +++ b/libs/libcurl/src/share.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -25,6 +25,7 @@ #include "curl_setup.h" #include <curl/curl.h> #include "cookie.h" +#include "psl.h" #include "urldata.h" #include "conncache.h" @@ -49,6 +50,9 @@ struct Curl_share { #if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_COOKIES) struct CookieInfo *cookies; #endif +#ifdef USE_LIBPSL + struct PslCache psl; +#endif struct curl_ssl_session *sslsession; size_t max_ssl_sessions; diff --git a/libs/libcurl/src/smtp.c b/libs/libcurl/src/smtp.c index 3f3b45a954..ecf10a41ac 100644 --- a/libs/libcurl/src/smtp.c +++ b/libs/libcurl/src/smtp.c @@ -704,7 +704,6 @@ static CURLcode smtp_state_ehlo_resp(struct connectdata *conn, int smtpcode, struct smtp_conn *smtpc = &conn->proto.smtpc; const char *line = data->state.buffer; size_t len = strlen(line); - size_t wordlen; (void)instate; /* no use for this yet */ @@ -739,6 +738,7 @@ static CURLcode smtp_state_ehlo_resp(struct connectdata *conn, int smtpcode, /* Loop through the data line */ for(;;) { size_t llen; + size_t wordlen; unsigned int mechbit; while(len && @@ -1563,13 +1563,14 @@ CURLcode Curl_smtp_escape_eob(struct connectdata *conn, const ssize_t nread) if(!scratch || data->set.crlf) { oldscratch = scratch; - scratch = newscratch = malloc(2 * data->set.buffer_size); + scratch = newscratch = malloc(2 * UPLOAD_BUFSIZE); if(!newscratch) { failf(data, "Failed to alloc scratch buffer!"); return CURLE_OUT_OF_MEMORY; } } + DEBUGASSERT(UPLOAD_BUFSIZE >= nread); /* Have we already sent part of the EOB? */ eob_sent = smtp->eob; diff --git a/libs/libcurl/src/socks.c b/libs/libcurl/src/socks.c index ac4270eacf..73326e5c20 100644 --- a/libs/libcurl/src/socks.c +++ b/libs/libcurl/src/socks.c @@ -57,10 +57,9 @@ int Curl_blockread_all(struct connectdata *conn, /* connection data */ ssize_t nread; ssize_t allread = 0; int result; - timediff_t timeleft; *n = 0; for(;;) { - timeleft = Curl_timeleft(conn->data, NULL, TRUE); + timediff_t timeleft = Curl_timeleft(conn->data, NULL, TRUE); if(timeleft < 0) { /* we already got the timeout */ result = CURLE_OPERATION_TIMEDOUT; @@ -116,7 +115,6 @@ CURLcode Curl_SOCKS4(const char *proxy_user, #define SOCKS4REQLEN 262 unsigned char socksreq[SOCKS4REQLEN]; /* room for SOCKS4 request incl. user id */ - int result; CURLcode code; curl_socket_t sock = conn->sock[sockindex]; struct Curl_easy *data = conn->data; @@ -220,6 +218,7 @@ CURLcode Curl_SOCKS4(const char *proxy_user, * Make connection */ { + int result; ssize_t actualread; ssize_t written; ssize_t hostnamelen = 0; @@ -617,11 +616,11 @@ CURLcode Curl_SOCKS5(const char *proxy_user, if(dns) hp = dns->addr; if(hp) { - int i; char buf[64]; Curl_printable_address(hp, buf, sizeof(buf)); if(hp->ai_family == AF_INET) { + int i; struct sockaddr_in *saddr_in; socksreq[len++] = 1; /* ATYP: IPv4 = 1 */ @@ -634,6 +633,7 @@ CURLcode Curl_SOCKS5(const char *proxy_user, } #ifdef ENABLE_IPV6 else if(hp->ai_family == AF_INET6) { + int i; struct sockaddr_in6 *saddr_in6; socksreq[len++] = 4; /* ATYP: IPv6 = 4 */ diff --git a/libs/libcurl/src/splay.c b/libs/libcurl/src/splay.c index 69af446eb5..c54a63bbaf 100644 --- a/libs/libcurl/src/splay.c +++ b/libs/libcurl/src/splay.c @@ -41,7 +41,6 @@ struct Curl_tree *Curl_splay(struct curltime i, struct Curl_tree *t) { struct Curl_tree N, *l, *r, *y; - long comp; if(t == NULL) return t; @@ -49,7 +48,7 @@ struct Curl_tree *Curl_splay(struct curltime i, l = r = &N; for(;;) { - comp = compare(i, t->key); + long comp = compare(i, t->key); if(comp < 0) { if(t->smaller == NULL) break; diff --git a/libs/libcurl/src/ssh-libssh.c b/libs/libcurl/src/ssh-libssh.c index 34ef490c4e..cecf477ac3 100644 --- a/libs/libcurl/src/ssh-libssh.c +++ b/libs/libcurl/src/ssh-libssh.c @@ -204,11 +204,21 @@ static CURLcode sftp_error_to_CURLE(int err) return CURLE_SSH; } +#ifndef DEBUGBUILD +#define state(x,y) mystate(x,y) +#else +#define state(x,y) mystate(x,y, __LINE__) +#endif + /* * SSH State machine related code */ /* This is the ONLY way to change SSH state! */ -static void state(struct connectdata *conn, sshstate nowstate) +static void mystate(struct connectdata *conn, sshstate nowstate +#ifdef DEBUGBUILD + , int lineno +#endif + ) { struct ssh_conn *sshc = &conn->proto.sshc; #if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS) @@ -278,8 +288,9 @@ static void state(struct connectdata *conn, sshstate nowstate) if(sshc->state != nowstate) { - infof(conn->data, "SSH %p state change from %s to %s\n", - (void *) sshc, names[sshc->state], names[nowstate]); + infof(conn->data, "SSH %p state change from %s to %s (line %d)\n", + (void *) sshc, names[sshc->state], names[nowstate], + lineno); } #endif @@ -418,7 +429,7 @@ cleanup: } #define MOVE_TO_ERROR_STATE(_r) { \ - state(conn, SSH_SESSION_FREE); \ + state(conn, SSH_SESSION_DISCONNECT); \ sshc->actualcode = _r; \ rc = SSH_ERROR; \ break; \ @@ -1306,7 +1317,7 @@ static CURLcode myssh_statemach_act(struct connectdata *conn, bool *block) if(data->set.verbose) { Curl_debug(data, CURLINFO_DATA_OUT, (char *)sshc->readdir_filename, - sshc->readdir_len, conn); + sshc->readdir_len); } } else { @@ -1423,7 +1434,7 @@ static CURLcode myssh_statemach_act(struct connectdata *conn, bool *block) /* output debug output if that is requested */ if(data->set.verbose) { Curl_debug(data, CURLINFO_DATA_OUT, sshc->readdir_line, - sshc->readdir_currLen, conn); + sshc->readdir_currLen); } data->req.bytecount += sshc->readdir_currLen; } @@ -2500,8 +2511,8 @@ static void sftp_quote(struct connectdata *conn) return; } if(data->set.verbose) { - Curl_debug(data, CURLINFO_HEADER_OUT, (char *) "PWD\n", 4, conn); - Curl_debug(data, CURLINFO_HEADER_IN, tmp, strlen(tmp), conn); + Curl_debug(data, CURLINFO_HEADER_OUT, (char *) "PWD\n", 4); + Curl_debug(data, CURLINFO_HEADER_IN, tmp, strlen(tmp)); } /* this sends an FTP-like "header" to the header callback so that the current directory can be read very similar to how it is read when diff --git a/libs/libcurl/src/ssh.c b/libs/libcurl/src/ssh.c index bf7bd54f90..98153040b7 100644 --- a/libs/libcurl/src/ssh.c +++ b/libs/libcurl/src/ssh.c @@ -1175,8 +1175,8 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block) break; } if(data->set.verbose) { - Curl_debug(data, CURLINFO_HEADER_OUT, (char *)"PWD\n", 4, conn); - Curl_debug(data, CURLINFO_HEADER_IN, tmp, strlen(tmp), conn); + Curl_debug(data, CURLINFO_HEADER_OUT, (char *)"PWD\n", 4); + Curl_debug(data, CURLINFO_HEADER_IN, tmp, strlen(tmp)); } /* this sends an FTP-like "header" to the header callback so that the current directory can be read very similar to how it is read when @@ -1970,7 +1970,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block) /* output debug output if that is requested */ if(data->set.verbose) { Curl_debug(data, CURLINFO_DATA_OUT, sshc->readdir_filename, - sshc->readdir_len, conn); + sshc->readdir_len); } } else { @@ -2079,7 +2079,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block) /* output debug output if that is requested */ if(data->set.verbose) { Curl_debug(data, CURLINFO_DATA_OUT, sshc->readdir_line, - sshc->readdir_currLen, conn); + sshc->readdir_currLen); } data->req.bytecount += sshc->readdir_currLen; } diff --git a/libs/libcurl/src/telnet.c b/libs/libcurl/src/telnet.c index d71c8e067a..fff3f3378d 100644 --- a/libs/libcurl/src/telnet.c +++ b/libs/libcurl/src/telnet.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -74,10 +74,10 @@ x->subend = x->subpointer; \ CURL_SB_CLEAR(x); \ } WHILE_FALSE -#define CURL_SB_ACCUM(x,c) \ - do { \ - if(x->subpointer < (x->subbuffer + sizeof x->subbuffer)) \ - *x->subpointer++ = (c); \ +#define CURL_SB_ACCUM(x,c) \ + do { \ + if(x->subpointer < (x->subbuffer + sizeof(x->subbuffer))) \ + *x->subpointer++ = (c); \ } WHILE_FALSE #define CURL_SB_GET(x) ((*x->subpointer++)&0xff) @@ -92,6 +92,7 @@ #endif #ifdef USE_WINSOCK +typedef WSAEVENT (WINAPI *WSOCK2_EVENT)(void); typedef FARPROC WSOCK2_FUNC; static CURLcode check_wsock2(struct Curl_easy *data); #endif @@ -109,8 +110,10 @@ static void printoption(struct Curl_easy *data, static void negotiate(struct connectdata *); static void send_negotiation(struct connectdata *, int cmd, int option); -static void set_local_option(struct connectdata *, int cmd, int option); -static void set_remote_option(struct connectdata *, int cmd, int option); +static void set_local_option(struct connectdata *conn, + int option, int newstate); +static void set_remote_option(struct connectdata *conn, + int option, int newstate); static void printsub(struct Curl_easy *data, int direction, unsigned char *pointer, @@ -311,9 +314,6 @@ static void negotiate(struct connectdata *conn) static void printoption(struct Curl_easy *data, const char *direction, int cmd, int option) { - const char *fmt; - const char *opt; - if(data->set.verbose) { if(cmd == CURL_IAC) { if(CURL_TELCMD_OK(option)) @@ -322,9 +322,12 @@ static void printoption(struct Curl_easy *data, infof(data, "%s IAC %d\n", direction, option); } else { - fmt = (cmd == CURL_WILL) ? "WILL" : (cmd == CURL_WONT) ? "WONT" : - (cmd == CURL_DO) ? "DO" : (cmd == CURL_DONT) ? "DONT" : 0; + const char *fmt = (cmd == CURL_WILL) ? "WILL" : + (cmd == CURL_WONT) ? "WONT" : + (cmd == CURL_DO) ? "DO" : + (cmd == CURL_DONT) ? "DONT" : 0; if(fmt) { + const char *opt; if(CURL_TELOPT_OK(option)) opt = CURL_TELOPT(option); else if(option == CURL_TELOPT_EXOPL) @@ -348,7 +351,6 @@ static void send_negotiation(struct connectdata *conn, int cmd, int option) { unsigned char buf[3]; ssize_t bytes_written; - int err; struct Curl_easy *data = conn->data; buf[0] = CURL_IAC; @@ -357,7 +359,7 @@ static void send_negotiation(struct connectdata *conn, int cmd, int option) bytes_written = swrite(conn->sock[FIRSTSOCKET], buf, 3); if(bytes_written < 0) { - err = SOCKERRNO; + int err = SOCKERRNO; failf(data,"Sending data failed (%d)",err); } @@ -710,9 +712,8 @@ static void printsub(struct Curl_easy *data, unsigned char *pointer, /* where suboption data is */ size_t length) /* length of suboption data */ { - unsigned int i = 0; - if(data->set.verbose) { + unsigned int i = 0; if(direction) { infof(data, "%s IAC SB ", (direction == '<')? "RCVD":"SENT"); if(length >= 3) { @@ -764,7 +765,7 @@ static void printsub(struct Curl_easy *data, switch(pointer[0]) { case CURL_TELOPT_NAWS: if(length > 4) - infof(data, "Width: %hu ; Height: %hu", (pointer[1]<<8) | pointer[2], + infof(data, "Width: %d ; Height: %d", (pointer[1]<<8) | pointer[2], (pointer[3]<<8) | pointer[4]); break; default: @@ -928,7 +929,6 @@ static void suboption(struct connectdata *conn) unsigned char temp[2048]; ssize_t bytes_written; size_t len; - size_t tmplen; int err; char varname[128] = ""; char varval[128] = ""; @@ -968,7 +968,7 @@ static void suboption(struct connectdata *conn) len = 4; for(v = tn->telnet_vars; v; v = v->next) { - tmplen = (strlen(v->data) + 1); + size_t tmplen = (strlen(v->data) + 1); /* Add the variable only if it fits */ if(len + tmplen < (int)sizeof(temp)-6) { if(sscanf(v->data, "%127[^,],%127s", varname, varval)) { @@ -1017,7 +1017,7 @@ static void sendsuboption(struct connectdata *conn, int option) CURL_SB_ACCUM(tn, CURL_IAC); CURL_SB_ACCUM(tn, CURL_SB); CURL_SB_ACCUM(tn, CURL_TELOPT_NAWS); - /* We must deal either with litte or big endian processors */ + /* We must deal either with little or big endian processors */ /* Window size must be sent according to the 'network order' */ x = htons(tn->subopt_wsx); y = htons(tn->subopt_wsy); @@ -1223,7 +1223,7 @@ CURLcode telrcv(struct connectdata *conn, static CURLcode send_telnet_data(struct connectdata *conn, char *buffer, ssize_t nread) { - ssize_t escapes, i, j, outlen; + ssize_t escapes, i, outlen; unsigned char *outbuf = NULL; CURLcode result = CURLE_OK; ssize_t bytes_written, total_written; @@ -1238,6 +1238,7 @@ static CURLcode send_telnet_data(struct connectdata *conn, if(outlen == nread) outbuf = (unsigned char *)buffer; else { + ssize_t j; outbuf = malloc(nread + escapes + 1); if(!outbuf) return CURLE_OUT_OF_MEMORY; @@ -1306,7 +1307,7 @@ static CURLcode telnet_do(struct connectdata *conn, bool *done) #ifdef USE_WINSOCK HMODULE wsock2; WSOCK2_FUNC close_event_func; - WSOCK2_FUNC create_event_func; + WSOCK2_EVENT create_event_func; WSOCK2_FUNC event_select_func; WSOCK2_FUNC enum_netevents_func; WSAEVENT event_handle; @@ -1315,7 +1316,6 @@ static CURLcode telnet_do(struct connectdata *conn, bool *done) HANDLE objs[2]; DWORD obj_count; DWORD wait_timeout; - DWORD waitret; DWORD readfile_read; int err; #else @@ -1361,7 +1361,7 @@ static CURLcode telnet_do(struct connectdata *conn, bool *done) } /* Grab a pointer to WSACreateEvent */ - create_event_func = GetProcAddress(wsock2, "WSACreateEvent"); + create_event_func = (WSOCK2_EVENT) GetProcAddress(wsock2, "WSACreateEvent"); if(create_event_func == NULL) { failf(data, "failed to find WSACreateEvent function (%u)", GetLastError()); FreeLibrary(wsock2); @@ -1438,7 +1438,8 @@ static CURLcode telnet_do(struct connectdata *conn, bool *done) /* Keep on listening and act on events */ while(keepon) { const DWORD buf_size = (DWORD)data->set.buffer_size; - waitret = WaitForMultipleObjects(obj_count, objs, FALSE, wait_timeout); + DWORD waitret = WaitForMultipleObjects(obj_count, objs, + FALSE, wait_timeout); switch(waitret) { case WAIT_TIMEOUT: { diff --git a/libs/libcurl/src/tftp.c b/libs/libcurl/src/tftp.c index b32960f82b..61a3fef066 100644 --- a/libs/libcurl/src/tftp.c +++ b/libs/libcurl/src/tftp.c @@ -451,7 +451,6 @@ static CURLcode tftp_send_first(tftp_state_data_t *state, tftp_event_t event) ssize_t senddata; const char *mode = "octet"; char *filename; - char buf[64]; struct Curl_easy *data = state->conn->data; CURLcode result = CURLE_OK; @@ -504,6 +503,7 @@ static CURLcode tftp_send_first(tftp_state_data_t *state, tftp_event_t event) /* optional addition of TFTP options */ if(!data->set.tftp_no_options) { + char buf[64]; /* add tsize option */ if(data->set.upload && (data->state.infilesize != -1)) snprintf(buf, sizeof(buf), "%" CURL_FORMAT_CURL_OFF_T, @@ -710,7 +710,6 @@ static CURLcode tftp_tx(tftp_state_data_t *state, tftp_event_t event) { struct Curl_easy *data = state->conn->data; ssize_t sbytes; - int rblock; CURLcode result = CURLE_OK; struct SingleRequest *k = &data->req; int cb; /* Bytes currently read */ @@ -721,7 +720,7 @@ static CURLcode tftp_tx(tftp_state_data_t *state, tftp_event_t event) case TFTP_EVENT_OACK: if(event == TFTP_EVENT_ACK) { /* Ack the packet */ - rblock = getrpacketblock(&state->rpacket); + int rblock = getrpacketblock(&state->rpacket); if(rblock != state->block && /* There's a bug in tftpd-hpa that causes it to send us an ack for @@ -969,7 +968,7 @@ static CURLcode tftp_disconnect(struct connectdata *conn, bool dead_connection) static CURLcode tftp_connect(struct connectdata *conn, bool *done) { tftp_state_data_t *state; - int blksize, rc; + int blksize; blksize = TFTP_BLKSIZE_DEFAULT; @@ -1028,8 +1027,8 @@ static CURLcode tftp_connect(struct connectdata *conn, bool *done) * assume uses the same IP version and thus hopefully this works for both * IPv4 and IPv6... */ - rc = bind(state->sockfd, (struct sockaddr *)&state->local_addr, - conn->ip_addr->ai_addrlen); + int rc = bind(state->sockfd, (struct sockaddr *)&state->local_addr, + conn->ip_addr->ai_addrlen); if(rc) { failf(conn->data, "bind() failed; %s", Curl_strerror(conn, SOCKERRNO)); @@ -1148,8 +1147,11 @@ static CURLcode tftp_receive_packet(struct connectdata *conn) case TFTP_EVENT_ERROR: { unsigned short error = getrpacketblock(&state->rpacket); + char *str = (char *)state->rpacket.data + 4; + size_t strn = state->rbytes - 4; state->error = (tftp_error_t)error; - infof(data, "%s\n", (const char *)state->rpacket.data + 4); + if(Curl_strnlen(str, strn) < strn) + infof(data, "TFTP error: %s\n", str); break; } case TFTP_EVENT_ACK: @@ -1221,7 +1223,6 @@ static long tftp_state_timeout(struct connectdata *conn, tftp_event_t *event) **********************************************************/ static CURLcode tftp_multi_statemach(struct connectdata *conn, bool *done) { - int rc; tftp_event_t event; CURLcode result = CURLE_OK; struct Curl_easy *data = conn->data; @@ -1245,7 +1246,7 @@ static CURLcode tftp_multi_statemach(struct connectdata *conn, bool *done) } else { /* no timeouts to handle, check our socket */ - rc = SOCKET_READABLE(state->sockfd, 0); + int rc = SOCKET_READABLE(state->sockfd, 0); if(rc == -1) { /* bail out */ @@ -1368,7 +1369,6 @@ static CURLcode tftp_setup_connection(struct connectdata * conn) { struct Curl_easy *data = conn->data; char *type; - char command; conn->socktype = SOCK_DGRAM; /* UDP datagram based */ @@ -1380,6 +1380,7 @@ static CURLcode tftp_setup_connection(struct connectdata * conn) type = strstr(conn->host.rawalloc, ";mode="); if(type) { + char command; *type = 0; /* it was in the middle of the hostname */ command = Curl_raw_toupper(type[6]); diff --git a/libs/libcurl/src/transfer.c b/libs/libcurl/src/transfer.c index 131f2dc7c0..435d3e1ec0 100644 --- a/libs/libcurl/src/transfer.c +++ b/libs/libcurl/src/transfer.c @@ -444,7 +444,6 @@ static CURLcode readwrite_data(struct Curl_easy *data, CURLcode result = CURLE_OK; ssize_t nread; /* number of bytes read */ size_t excess = 0; /* excess bytes read */ - bool is_empty_data = FALSE; bool readmore = FALSE; /* used by RTP to signal for more data */ int maxloops = 100; @@ -454,6 +453,7 @@ static CURLcode readwrite_data(struct Curl_easy *data, /* This is where we loop until we have read everything there is to read or we get a CURLE_AGAIN */ do { + bool is_empty_data = FALSE; size_t buffersize = data->set.buffer_size; size_t bytestoread = buffersize; @@ -660,14 +660,14 @@ static CURLcode readwrite_data(struct Curl_easy *data, if(data->set.verbose) { if(k->badheader) { Curl_debug(data, CURLINFO_DATA_IN, data->state.headerbuff, - (size_t)k->hbuflen, conn); + (size_t)k->hbuflen); if(k->badheader == HEADER_PARTHEADER) Curl_debug(data, CURLINFO_DATA_IN, - k->str, (size_t)nread, conn); + k->str, (size_t)nread); } else Curl_debug(data, CURLINFO_DATA_IN, - k->str, (size_t)nread, conn); + k->str, (size_t)nread); } #ifndef CURL_DISABLE_HTTP @@ -1027,7 +1027,7 @@ static CURLcode readwrite_upload(struct Curl_easy *data, if(data->set.verbose) /* show the data before we change the pointer upload_fromhere */ Curl_debug(data, CURLINFO_DATA_OUT, k->upload_fromhere, - (size_t)bytes_written, conn); + (size_t)bytes_written); k->writebytecount += bytes_written; diff --git a/libs/libcurl/src/url.c b/libs/libcurl/src/url.c index 701f83ab3b..27b2c1e145 100644 --- a/libs/libcurl/src/url.c +++ b/libs/libcurl/src/url.c @@ -757,7 +757,7 @@ CURLcode Curl_disconnect(struct connectdata *conn, bool dead_connection) */ if(!conn->bits.close && (conn->send_pipe.size + conn->recv_pipe.size)) { - DEBUGF(infof(data, "Curl_disconnect, usecounter: %d\n", + DEBUGF(infof(data, "Curl_disconnect, usecounter: %zu\n", conn->send_pipe.size + conn->recv_pipe.size)); return CURLE_OK; } @@ -965,6 +965,7 @@ static bool extract_if_dead(struct connectdata *conn, use */ bool dead; + conn->data = data; if(conn->handler->connection_check) { /* The protocol has a special method for checking the state of the connection. Use it to check if the connection is dead. */ @@ -979,7 +980,6 @@ static bool extract_if_dead(struct connectdata *conn, } if(dead) { - conn->data = data; infof(data, "Connection %ld seems to be dead!\n", conn->connection_id); Curl_conncache_remove_conn(conn, FALSE); return TRUE; @@ -1465,6 +1465,7 @@ ConnectionExists(struct Curl_easy *data, if(chosen) { /* mark it as used before releasing the lock */ chosen->inuse = TRUE; + chosen->data = data; /* own it! */ Curl_conncache_unlock(needle); *usethis = chosen; return TRUE; /* yes, we found one to use! */ @@ -1554,7 +1555,11 @@ int Curl_protocol_getsock(struct connectdata *conn, { if(conn->handler->proto_getsock) return conn->handler->proto_getsock(conn, socks, numsocks); - return GETSOCK_BLANK; + /* Backup getsock logic. Since there is a live socket in use, we must wait + for it or it will be removed from watching when the multi_socket API is + used. */ + socks[0] = conn->sock[FIRSTSOCKET]; + return GETSOCK_READSOCK(0) | GETSOCK_WRITESOCK(0); } int Curl_doing_getsock(struct connectdata *conn, @@ -1999,7 +2004,6 @@ static CURLcode parseurlandfillconn(struct Curl_easy *data, char *fragment; char *path = data->state.path; char *query; - int i; int rc; const char *protop = ""; CURLcode result; @@ -2051,6 +2055,7 @@ static CURLcode parseurlandfillconn(struct Curl_easy *data, ; /* do nothing */ } else { /* check for a scheme */ + int i; for(i = 0; i < 16 && data->change.url[i]; ++i) { if(data->change.url[i] == '/') break; @@ -2203,7 +2208,7 @@ static CURLcode parseurlandfillconn(struct Curl_easy *data, size_t s = strlen(slashbuf); protop = protobuf; if(s != 2) { - infof(data, "Unwillingly accepted illegal URL using %d slash%s!\n", + infof(data, "Unwillingly accepted illegal URL using %zu slash%s!\n", s, s>1?"es":""); if(data->change.url_alloc) @@ -2449,7 +2454,7 @@ static CURLcode setup_range(struct Curl_easy *data) free(s->range); if(s->resume_from) - s->range = aprintf("%" CURL_FORMAT_CURL_OFF_TU "-", s->resume_from); + s->range = aprintf("%" CURL_FORMAT_CURL_OFF_T "-", s->resume_from); else s->range = strdup(data->set.str[STRING_SET_RANGE]); @@ -2539,14 +2544,13 @@ static bool check_noproxy(const char *name, const char *no_proxy) * not be proxied, or an asterisk to override * all proxy variables) */ - size_t tok_start; - size_t tok_end; - const char *separator = ", "; - size_t no_proxy_len; - size_t namelen; - char *endptr; - if(no_proxy && no_proxy[0]) { + size_t tok_start; + size_t tok_end; + const char *separator = ", "; + size_t no_proxy_len; + size_t namelen; + char *endptr; if(strcasecompare("*", no_proxy)) { return TRUE; } @@ -3166,6 +3170,13 @@ static CURLcode parse_url_login(struct Curl_easy *data, if(userp) { char *newname; + if(data->set.disallow_username_in_url) { + failf(data, "Option DISALLOW_USERNAME_IN_URL is set " + "and url contains username."); + result = CURLE_LOGIN_DENIED; + goto out; + } + /* We have a user in the URL */ conn->bits.userpwd_in_url = TRUE; conn->bits.user_passwd = TRUE; /* enable user+password */ @@ -4297,7 +4308,9 @@ static CURLcode create_conn(struct Curl_easy *data, conn->data = data; conn->bits.tcpconnect[FIRSTSOCKET] = TRUE; /* we are "connected */ - Curl_conncache_add_conn(data->state.conn_cache, conn); + result = Curl_conncache_add_conn(data->state.conn_cache, conn); + if(result) + goto out; /* * Setup whatever necessary for a resumed transfer @@ -4474,7 +4487,7 @@ static CURLcode create_conn(struct Curl_easy *data, (void)Curl_disconnect(conn_candidate, /* dead_connection */ FALSE); } else { - infof(data, "No more connections allowed to host: %d\n", + infof(data, "No more connections allowed to host: %zu\n", max_host_connections); connections_available = FALSE; } @@ -4520,7 +4533,9 @@ static CURLcode create_conn(struct Curl_easy *data, * This is a brand new connection, so let's store it in the connection * cache of ours! */ - Curl_conncache_add_conn(data->state.conn_cache, conn); + result = Curl_conncache_add_conn(data->state.conn_cache, conn); + if(result) + goto out; } #if defined(USE_NTLM) @@ -4701,16 +4716,18 @@ CURLcode Curl_init_do(struct Curl_easy *data, struct connectdata *conn) { struct SingleRequest *k = &data->req; - conn->bits.do_more = FALSE; /* by default there's no curl_do_more() to - use */ + if(conn) { + conn->bits.do_more = FALSE; /* by default there's no curl_do_more() to + use */ + /* if the protocol used doesn't support wildcards, switch it off */ + if(data->state.wildcardmatch && + !(conn->handler->flags & PROTOPT_WILDCARD)) + data->state.wildcardmatch = FALSE; + } data->state.done = FALSE; /* *_done() is not called yet */ data->state.expect100header = FALSE; - /* if the protocol used doesn't support wildcards, switch it off */ - if(data->state.wildcardmatch && - !(conn->handler->flags & PROTOPT_WILDCARD)) - data->state.wildcardmatch = FALSE; if(data->set.opt_no_body) /* in HTTP lingo, no body means using the HEAD request... */ diff --git a/libs/libcurl/src/urldata.h b/libs/libcurl/src/urldata.h index 7fae00fd96..666981c38f 100644 --- a/libs/libcurl/src/urldata.h +++ b/libs/libcurl/src/urldata.h @@ -80,6 +80,7 @@ #define RESP_TIMEOUT (1800*1000) #include "cookie.h" +#include "psl.h" #include "formdata.h" #ifdef HAVE_NETINET_IN_H @@ -226,6 +227,7 @@ struct ssl_primary_config { char *random_file; /* path to file containing "random" data */ char *egdsocket; /* path to file containing the EGD daemon socket */ char *cipher_list; /* list of ciphers to use */ + char *cipher_list13; /* list of TLS 1.3 cipher suites to use */ }; struct ssl_config_data { @@ -1265,7 +1267,7 @@ struct UrlState { void *resolver; /* resolver state, if it is used in the URL state - ares_channel f.e. */ -#if defined(USE_OPENSSL) && defined(HAVE_OPENSSL_ENGINE_H) +#if defined(USE_OPENSSL) /* void instead of ENGINE to avoid bleeding OpenSSL into this header */ void *engine; #endif /* USE_OPENSSL */ @@ -1346,7 +1348,7 @@ struct DynamicStatic { char *url; /* work URL, copied from UserDefined */ bool url_alloc; /* URL string is malloc()'ed */ char *referer; /* referer string */ - bool referer_alloc; /* referer sting is malloc()ed */ + bool referer_alloc; /* referer string is malloc()ed */ struct curl_slist *cookielist; /* list of cookie files set by curl_easy_setopt(COOKIEFILE) calls */ struct curl_slist *resolve; /* set to point to the set.resolve list when @@ -1400,6 +1402,8 @@ enum dupstring { STRING_SSL_PINNEDPUBLICKEY_PROXY, /* public key file to verify proxy */ STRING_SSL_CIPHER_LIST_ORIG, /* list of ciphers to use */ STRING_SSL_CIPHER_LIST_PROXY, /* list of ciphers to use */ + STRING_SSL_CIPHER13_LIST_ORIG, /* list of TLS 1.3 ciphers to use */ + STRING_SSL_CIPHER13_LIST_PROXY, /* list of TLS 1.3 ciphers to use */ STRING_SSL_EGDSOCKET, /* path to file containing the EGD daemon socket */ STRING_SSL_RANDOM_FILE, /* path to file containing "random" data */ STRING_USERAGENT, /* User-Agent string */ @@ -1581,8 +1585,6 @@ struct UserDefined { /* Here follows boolean settings that define how to behave during this session. They are STATIC, set by libcurl users or at least initially and they don't change during operations. */ - - bool printhost; /* printing host name in debug info */ bool get_filetime; /* get the time and get of the remote file */ bool tunnel_thru_httpproxy; /* use CONNECT through a HTTP proxy */ bool prefer_ascii; /* ASCII rather than binary */ @@ -1676,7 +1678,7 @@ struct UserDefined { bool stream_depends_e; /* set or don't set the Exclusive bit */ int stream_weight; - bool haproxyprotocol; /* whether to send HAProxy PROXY protocol header */ + bool haproxyprotocol; /* whether to send HAProxy PROXY protocol v1 header */ struct Curl_http2_dep *stream_dependents; @@ -1685,6 +1687,7 @@ struct UserDefined { curl_resolver_start_callback resolver_start; /* optional callback called before resolver start */ void *resolver_start_client; /* pointer to pass to resolver start callback */ + bool disallow_username_in_url; /* disallow username in url */ }; struct Names { @@ -1736,6 +1739,9 @@ struct Curl_easy { struct to which this "belongs" when used by the easy interface */ struct Curl_share *share; /* Share, handles global variable mutexing */ +#ifdef USE_LIBPSL + struct PslCache *psl; /* The associated PSL cache. */ +#endif struct SingleRequest req; /* Request-specific data */ struct UserDefined set; /* values set by the libcurl user */ struct DynamicStatic change; /* possibly modified userdefined data */ diff --git a/libs/libcurl/src/vauth/digest.c b/libs/libcurl/src/vauth/digest.c index 131d9da8c4..cc6f16972a 100644 --- a/libs/libcurl/src/vauth/digest.c +++ b/libs/libcurl/src/vauth/digest.c @@ -158,7 +158,7 @@ static void auth_digest_sha256_to_ascii(unsigned char *source, /* 32 bytes */ /* Perform quoted-string escaping as described in RFC2616 and its errata */ static char *auth_digest_string_quoted(const char *source) { - char *dest, *d; + char *dest; const char *s = source; size_t n = 1; /* null terminator */ @@ -173,8 +173,8 @@ static char *auth_digest_string_quoted(const char *source) dest = malloc(n); if(dest) { + char *d = dest; s = source; - d = dest; while(*s) { if(*s == '"' || *s == '\\') { *d++ = '\\'; @@ -696,7 +696,6 @@ static CURLcode _Curl_auth_create_digest_http_message( unsigned char ha1[65]; /* 64 digits and 1 zero byte */ unsigned char ha2[65]; /* 64 digits and 1 zero byte */ char userh[65]; - char cnoncebuf[33]; char *cnonce = NULL; size_t cnonce_sz = 0; char *userp_quoted; @@ -707,6 +706,7 @@ static CURLcode _Curl_auth_create_digest_http_message( digest->nc = 1; if(!digest->cnonce) { + char cnoncebuf[33]; result = Curl_rand_hex(data, (unsigned char *)cnoncebuf, sizeof(cnoncebuf)); if(result) diff --git a/libs/libcurl/src/version.c b/libs/libcurl/src/version.c index 5b0d05a150..05c2cd8b06 100644 --- a/libs/libcurl/src/version.c +++ b/libs/libcurl/src/version.c @@ -445,7 +445,7 @@ curl_version_info_data *curl_version_info(CURLversion stamp) #ifdef HAVE_BROTLI version_info.brotli_ver_num = BrotliDecoderVersion(); - brotli_version(brotli_buffer, sizeof brotli_buffer); + brotli_version(brotli_buffer, sizeof(brotli_buffer)); version_info.brotli_version = brotli_buffer; #endif diff --git a/libs/libcurl/src/vtls/axtls.c b/libs/libcurl/src/vtls/axtls.c index 5ed898b4f4..b262392a00 100644 --- a/libs/libcurl/src/vtls/axtls.c +++ b/libs/libcurl/src/vtls/axtls.c @@ -29,6 +29,11 @@ #include "curl_setup.h" #ifdef USE_AXTLS + +#error axTLS support has been disabled in curl due to doubts about quality, +#error user dedication and a lack of use/testing. We urge users to consider +#error using a more established TLS backend instead. + #include <axTLS/config.h> #include <axTLS/ssl.h> #include "axtls.h" diff --git a/libs/libcurl/src/vtls/cyassl.c b/libs/libcurl/src/vtls/cyassl.c index 20ce460e83..0e940487a0 100644 --- a/libs/libcurl/src/vtls/cyassl.c +++ b/libs/libcurl/src/vtls/cyassl.c @@ -569,7 +569,7 @@ cyassl_connect_step2(struct connectdata *conn, return CURLE_SSL_PINNEDPUBKEYNOTMATCH; } - memset(&x509_parsed, 0, sizeof x509_parsed); + memset(&x509_parsed, 0, sizeof(x509_parsed)); if(Curl_parseX509(&x509_parsed, x509_der, x509_der + x509_der_len)) return CURLE_SSL_PINNEDPUBKEYNOTMATCH; diff --git a/libs/libcurl/src/vtls/darwinssl.c b/libs/libcurl/src/vtls/darwinssl.c index 45fe49d82b..f29b5acad8 100644 --- a/libs/libcurl/src/vtls/darwinssl.c +++ b/libs/libcurl/src/vtls/darwinssl.c @@ -1252,14 +1252,13 @@ static CURLcode darwinssl_version_from_curl(SSLProtocol *darwinver, return CURLE_OK; case CURL_SSLVERSION_TLSv1_3: /* TLS 1.3 support first appeared in iOS 11 and macOS 10.13 */ -#if CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11 - /* We can assume __builtin_available() will always work in the - 10.13/11.0 SDK: */ +#if (CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11) && HAVE_BUILTIN_AVAILABLE == 1 if(__builtin_available(macOS 10.13, iOS 11.0, *)) { *darwinver = kTLSProtocol13; return CURLE_OK; } -#endif /* CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11 */ +#endif /* (CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11) && + HAVE_BUILTIN_AVAILABLE == 1 */ break; } return CURLE_SSL_CONNECT_ERROR; @@ -1278,7 +1277,7 @@ set_ssl_version_min_max(struct connectdata *conn, int sockindex) /* macOS 10.5-10.7 supported TLS 1.0 only. macOS 10.8 and later, and iOS 5 and later, added TLS 1.1 and 1.2. macOS 10.13 and later, and iOS 11 and later, added TLS 1.3. */ -#if CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11 +#if (CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11) && HAVE_BUILTIN_AVAILABLE == 1 if(__builtin_available(macOS 10.13, iOS 11.0, *)) { max_supported_version_by_os = CURL_SSLVERSION_MAX_TLSv1_3; } @@ -1287,7 +1286,8 @@ set_ssl_version_min_max(struct connectdata *conn, int sockindex) } #else max_supported_version_by_os = CURL_SSLVERSION_MAX_TLSv1_2; -#endif /* CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11 */ +#endif /* (CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11) && + HAVE_BUILTIN_AVAILABLE == 1 */ switch(ssl_version) { case CURL_SSLVERSION_DEFAULT: @@ -1430,7 +1430,7 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn, case CURL_SSLVERSION_DEFAULT: case CURL_SSLVERSION_TLSv1: (void)SSLSetProtocolVersionMin(BACKEND->ssl_ctx, kTLSProtocol1); -#if CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11 +#if (CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11) && HAVE_BUILTIN_AVAILABLE == 1 if(__builtin_available(macOS 10.13, iOS 11.0, *)) { (void)SSLSetProtocolVersionMax(BACKEND->ssl_ctx, kTLSProtocol13); } @@ -1439,7 +1439,8 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn, } #else (void)SSLSetProtocolVersionMax(BACKEND->ssl_ctx, kTLSProtocol12); -#endif /* CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11 */ +#endif /* (CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11) && + HAVE_BUILTIN_AVAILABLE == 1 */ break; case CURL_SSLVERSION_TLSv1_0: case CURL_SSLVERSION_TLSv1_1: diff --git a/libs/libcurl/src/vtls/gskit.c b/libs/libcurl/src/vtls/gskit.c index b0856cdf44..a0b49601f7 100644 --- a/libs/libcurl/src/vtls/gskit.c +++ b/libs/libcurl/src/vtls/gskit.c @@ -328,7 +328,7 @@ static CURLcode set_ciphers(struct connectdata *conn, GSKit tokens are always shorter than their cipher names, allocated buffers will always be large enough to accommodate the result. */ l = strlen(cipherlist) + 1; - memset((char *) ciphers, 0, sizeof ciphers); + memset((char *) ciphers, 0, sizeof(ciphers)); for(i = 0; i < CURL_GSKPROTO_LAST; i++) { ciphers[i].buf = malloc(l); if(!ciphers[i].buf) { @@ -536,18 +536,18 @@ inetsocketpair(int sv[2]) lfd = socket(AF_INET, SOCK_STREAM, 0); if(lfd < 0) return -1; - memset((char *) &addr1, 0, sizeof addr1); + memset((char *) &addr1, 0, sizeof(addr1)); addr1.sin_family = AF_INET; addr1.sin_addr.s_addr = htonl(INADDR_LOOPBACK); addr1.sin_port = 0; - if(bind(lfd, (struct sockaddr *) &addr1, sizeof addr1) || + if(bind(lfd, (struct sockaddr *) &addr1, sizeof(addr1)) || listen(lfd, 2) < 0) { close(lfd); return -1; } /* Get the allocated port. */ - len = sizeof addr1; + len = sizeof(addr1); if(getsockname(lfd, (struct sockaddr *) &addr1, &len) < 0) { close(lfd); return -1; @@ -562,7 +562,7 @@ inetsocketpair(int sv[2]) /* Request unblocking connection to the listening socket. */ curlx_nonblock(cfd, TRUE); - if(connect(cfd, (struct sockaddr *) &addr1, sizeof addr1) < 0 && + if(connect(cfd, (struct sockaddr *) &addr1, sizeof(addr1)) < 0 && errno != EINPROGRESS) { close(lfd); close(cfd); @@ -570,7 +570,7 @@ inetsocketpair(int sv[2]) } /* Get the client dynamic port for intrusion check below. */ - len = sizeof addr2; + len = sizeof(addr2); if(getsockname(cfd, (struct sockaddr *) &addr2, &len) < 0) { close(lfd); close(cfd); @@ -580,7 +580,7 @@ inetsocketpair(int sv[2]) /* Accept the incoming connection and get the server socket. */ curlx_nonblock(lfd, TRUE); for(;;) { - len = sizeof addr1; + len = sizeof(addr1); sfd = accept(lfd, (struct sockaddr *) &addr1, &len); if(sfd < 0) { close(lfd); @@ -644,7 +644,7 @@ static int pipe_ssloverssl(struct connectdata *conn, int sockindex, /* Try getting data from HTTPS proxy and pipe it upstream. */ n = 0; i = gsk_secure_soc_read(connproxyssl->backend->handle, - buf, sizeof buf, &n); + buf, sizeof(buf), &n); switch(i) { case GSK_OK: if(n) { @@ -665,7 +665,7 @@ static int pipe_ssloverssl(struct connectdata *conn, int sockindex, if(FD_ISSET(BACKEND->remotefd, &fds_read) && FD_ISSET(conn->sock[sockindex], &fds_write)) { /* Pipe data to HTTPS proxy. */ - n = read(BACKEND->remotefd, buf, sizeof buf); + n = read(BACKEND->remotefd, buf, sizeof(buf)); if(n < 0) return -1; if(n) { @@ -864,13 +864,13 @@ static CURLcode gskit_connect_step1(struct connectdata *conn, int sockindex) BACKEND->localfd = sockpair[0]; BACKEND->remotefd = sockpair[1]; setsockopt(BACKEND->localfd, SOL_SOCKET, SO_RCVBUF, - (void *) sobufsize, sizeof sobufsize); + (void *) sobufsize, sizeof(sobufsize)); setsockopt(BACKEND->remotefd, SOL_SOCKET, SO_RCVBUF, - (void *) sobufsize, sizeof sobufsize); + (void *) sobufsize, sizeof(sobufsize)); setsockopt(BACKEND->localfd, SOL_SOCKET, SO_SNDBUF, - (void *) sobufsize, sizeof sobufsize); + (void *) sobufsize, sizeof(sobufsize)); setsockopt(BACKEND->remotefd, SOL_SOCKET, SO_SNDBUF, - (void *) sobufsize, sizeof sobufsize); + (void *) sobufsize, sizeof(sobufsize)); curlx_nonblock(BACKEND->localfd, TRUE); curlx_nonblock(BACKEND->remotefd, TRUE); } @@ -977,7 +977,7 @@ static CURLcode gskit_connect_step1(struct connectdata *conn, int sockindex) if(!result) { /* Start handshake. Try asynchronous first. */ - memset(&commarea, 0, sizeof commarea); + memset(&commarea, 0, sizeof(commarea)); BACKEND->iocport = QsoCreateIOCompletionPort(); if(BACKEND->iocport != -1) { result = gskit_status(data, @@ -1333,11 +1333,11 @@ static int Curl_gskit_check_cxn(struct connectdata *cxn) return 0; /* connection has been closed */ err = 0; - errlen = sizeof err; + errlen = sizeof(err); if(getsockopt(cxn->sock[FIRSTSOCKET], SOL_SOCKET, SO_ERROR, (unsigned char *) &err, &errlen) || - errlen != sizeof err || err) + errlen != sizeof(err) || err) return 0; /* connection has been closed */ return -1; /* connection status unknown */ diff --git a/libs/libcurl/src/vtls/nss.c b/libs/libcurl/src/vtls/nss.c index 7cd450cda9..89f8183970 100644 --- a/libs/libcurl/src/vtls/nss.c +++ b/libs/libcurl/src/vtls/nss.c @@ -394,7 +394,7 @@ static PK11SlotInfo* nss_find_slot_by_name(const char *slot_name) /* wrap 'ptr' as list node and tail-insert into 'list' */ static CURLcode insert_wrapped_ptr(struct curl_llist *list, void *ptr) { - struct ptr_list_wrap *wrap = malloc(sizeof *wrap); + struct ptr_list_wrap *wrap = malloc(sizeof(*wrap)); if(!wrap) return CURLE_OUT_OF_MEMORY; @@ -914,11 +914,11 @@ static CURLcode display_conn_info(struct connectdata *conn, PRFileDesc *sock) PRTime now; int i; - if(SSL_GetChannelInfo(sock, &channel, sizeof channel) == - SECSuccess && channel.length == sizeof channel && + if(SSL_GetChannelInfo(sock, &channel, sizeof(channel)) == + SECSuccess && channel.length == sizeof(channel) && channel.cipherSuite) { if(SSL_GetCipherSuiteInfo(channel.cipherSuite, - &suite, sizeof suite) == SECSuccess) { + &suite, sizeof(suite)) == SECSuccess) { infof(conn->data, "SSL connection using %s\n", suite.cipherSuiteName); } } @@ -1345,7 +1345,8 @@ static CURLcode nss_init(struct Curl_easy *data) return CURLE_OUT_OF_MEMORY; /* the default methods just call down to the lower I/O layer */ - memcpy(&nspr_io_methods, PR_GetDefaultIOMethods(), sizeof nspr_io_methods); + memcpy(&nspr_io_methods, PR_GetDefaultIOMethods(), + sizeof(nspr_io_methods)); /* override certain methods in the table by our wrappers */ nspr_io_methods.recv = nspr_io_recv; diff --git a/libs/libcurl/src/vtls/openssl.c b/libs/libcurl/src/vtls/openssl.c index f6a4bd3fbf..0b1929bd7e 100644 --- a/libs/libcurl/src/vtls/openssl.c +++ b/libs/libcurl/src/vtls/openssl.c @@ -50,9 +50,6 @@ #include "hostcheck.h" #include "curl_printf.h" #include <openssl/ssl.h> -#ifdef HAVE_OPENSSL_ENGINE_H -#include <openssl/engine.h> -#endif #include <openssl/rand.h> #include <openssl/x509v3.h> #ifndef OPENSSL_NO_DSA @@ -72,6 +69,12 @@ #include <openssl/ocsp.h> #endif +#if (OPENSSL_VERSION_NUMBER >= 0x10001000L) && /* 1.0.1 or later */ \ + !defined(OPENSSL_NO_ENGINE) +#define USE_OPENSSL_ENGINE +#include <openssl/engine.h> +#endif + #include "warnless.h" #include "non-ascii.h" /* for Curl_convert_from_utf8 prototype */ @@ -83,7 +86,7 @@ #error "OPENSSL_VERSION_NUMBER not defined" #endif -#if defined(HAVE_OPENSSL_ENGINE_H) +#ifdef USE_OPENSSL_ENGINE #include <openssl/ui.h> #endif @@ -166,6 +169,17 @@ static unsigned long OpenSSL_version_num(void) #define HAVE_KEYLOG_CALLBACK #endif +/* Whether SSL_CTX_set_ciphersuites is available. + * OpenSSL: supported since 1.1.1 (commit a53b5be6a05) + * BoringSSL: no + * LibreSSL: no + */ +#if ((OPENSSL_VERSION_NUMBER >= 0x10101000L) && \ + !defined(LIBRESSL_VERSION_NUMBER) && \ + !defined(OPENSSL_IS_BORINGSSL)) +#define HAVE_SSL_CTX_SET_CIPHERSUITES +#endif + #if defined(LIBRESSL_VERSION_NUMBER) #define OSSL_PACKAGE "LibreSSL" #elif defined(OPENSSL_IS_BORINGSSL) @@ -504,7 +518,7 @@ static int do_file_type(const char *type) return -1; } -#if defined(HAVE_OPENSSL_ENGINE_H) +#ifdef USE_OPENSSL_ENGINE /* * Supply default password to the engine user interface conversation. * The password is passed by OpenSSL engine from ENGINE_load_private_key() @@ -606,7 +620,7 @@ int cert_stuff(struct connectdata *conn, } break; case SSL_FILETYPE_ENGINE: -#if defined(HAVE_OPENSSL_ENGINE_H) && defined(ENGINE_CTRL_GET_CMD_FROM_NAME) +#if defined(USE_OPENSSL_ENGINE) && defined(ENGINE_CTRL_GET_CMD_FROM_NAME) { if(data->state.engine) { const char *cmd_name = "LOAD_CERT_CTRL"; @@ -781,7 +795,7 @@ int cert_stuff(struct connectdata *conn, } break; case SSL_FILETYPE_ENGINE: -#ifdef HAVE_OPENSSL_ENGINE_H +#ifdef USE_OPENSSL_ENGINE { /* XXXX still needs some work */ EVP_PKEY *priv_key = NULL; if(data->state.engine) { @@ -1088,7 +1102,7 @@ static int Curl_ossl_check_cxn(struct connectdata *conn) static CURLcode Curl_ossl_set_engine(struct Curl_easy *data, const char *engine) { -#if defined(USE_OPENSSL) && defined(HAVE_OPENSSL_ENGINE_H) +#ifdef USE_OPENSSL_ENGINE ENGINE *e; #if OPENSSL_VERSION_NUMBER >= 0x00909000L @@ -1133,7 +1147,7 @@ static CURLcode Curl_ossl_set_engine(struct Curl_easy *data, */ static CURLcode Curl_ossl_set_engine_default(struct Curl_easy *data) { -#ifdef HAVE_OPENSSL_ENGINE_H +#ifdef USE_OPENSSL_ENGINE if(data->state.engine) { if(ENGINE_set_default(data->state.engine, ENGINE_METHOD_ALL) > 0) { infof(data, "set default crypto engine '%s'\n", @@ -1156,7 +1170,7 @@ static CURLcode Curl_ossl_set_engine_default(struct Curl_easy *data) static struct curl_slist *Curl_ossl_engines_list(struct Curl_easy *data) { struct curl_slist *list = NULL; -#if defined(USE_OPENSSL) && defined(HAVE_OPENSSL_ENGINE_H) +#ifdef USE_OPENSSL_ENGINE struct curl_slist *beg; ENGINE *e; @@ -1312,7 +1326,7 @@ static void Curl_ossl_session_free(void *ptr) */ static void Curl_ossl_close_all(struct Curl_easy *data) { -#ifdef HAVE_OPENSSL_ENGINE_H +#ifdef USE_OPENSSL_ENGINE if(data->state.engine) { ENGINE_finish(data->state.engine); ENGINE_free(data->state.engine); @@ -1931,12 +1945,12 @@ static void ssl_tls_trace(int direction, int ssl_ver, int content_type, verstr, direction?"OUT":"IN", tls_rt_name, msg_name, msg_type); if(0 <= txt_len && (unsigned)txt_len < sizeof(ssl_buf)) { - Curl_debug(data, CURLINFO_TEXT, ssl_buf, (size_t)txt_len, NULL); + Curl_debug(data, CURLINFO_TEXT, ssl_buf, (size_t)txt_len); } } Curl_debug(data, (direction == 1) ? CURLINFO_SSL_DATA_OUT : - CURLINFO_SSL_DATA_IN, (char *)buf, len, NULL); + CURLINFO_SSL_DATA_IN, (char *)buf, len); (void) ssl; } #endif @@ -2064,10 +2078,6 @@ set_ssl_version_min_max(long *ctx_options, struct connectdata *conn, long ssl_version = SSL_CONN_CONFIG(version); long ssl_version_max = SSL_CONN_CONFIG(version_max); - if(ssl_version_max == CURL_SSLVERSION_MAX_NONE) { - ssl_version_max = ssl_version << 16; - } - switch(ssl_version) { case CURL_SSLVERSION_TLSv1_3: #ifdef TLS1_3_VERSION @@ -2099,8 +2109,7 @@ set_ssl_version_min_max(long *ctx_options, struct connectdata *conn, #endif /* FALLTHROUGH */ case CURL_SSLVERSION_TLSv1_0: - *ctx_options |= SSL_OP_NO_SSLv2; - *ctx_options |= SSL_OP_NO_SSLv3; + case CURL_SSLVERSION_TLSv1: break; } @@ -2116,12 +2125,12 @@ set_ssl_version_min_max(long *ctx_options, struct connectdata *conn, #endif /* FALLTHROUGH */ case CURL_SSLVERSION_MAX_TLSv1_2: - case CURL_SSLVERSION_MAX_DEFAULT: #ifdef TLS1_3_VERSION *ctx_options |= SSL_OP_NO_TLSv1_3; #endif break; case CURL_SSLVERSION_MAX_TLSv1_3: + case CURL_SSLVERSION_MAX_DEFAULT: #ifdef TLS1_3_VERSION break; #else @@ -2305,11 +2314,6 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex) switch(ssl_version) { case CURL_SSLVERSION_SSLv3: -#ifdef USE_TLS_SRP - if(ssl_authtype == CURL_TLSAUTH_SRP) { - infof(data, "Set version TLSv1.x for SRP authorisation\n"); - } -#endif ctx_options |= SSL_OP_NO_SSLv2; ctx_options |= SSL_OP_NO_TLSv1; #if OPENSSL_VERSION_NUMBER >= 0x1000100FL @@ -2323,21 +2327,20 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex) case CURL_SSLVERSION_DEFAULT: case CURL_SSLVERSION_TLSv1: - ctx_options |= SSL_OP_NO_SSLv2; - ctx_options |= SSL_OP_NO_SSLv3; - break; - case CURL_SSLVERSION_TLSv1_0: case CURL_SSLVERSION_TLSv1_1: case CURL_SSLVERSION_TLSv1_2: case CURL_SSLVERSION_TLSv1_3: + /* asking for any TLS version as the minimum, means no SSL versions + allowed */ + ctx_options |= SSL_OP_NO_SSLv2; + ctx_options |= SSL_OP_NO_SSLv3; result = set_ssl_version_min_max(&ctx_options, conn, sockindex); if(result != CURLE_OK) return result; break; case CURL_SSLVERSION_SSLv2: -#ifndef OPENSSL_NO_SSL2 ctx_options |= SSL_OP_NO_SSLv3; ctx_options |= SSL_OP_NO_TLSv1; #if OPENSSL_VERSION_NUMBER >= 0x1000100FL @@ -2348,10 +2351,6 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex) #endif #endif break; -#else - failf(data, OSSL_PACKAGE " was built without SSLv2 support"); - return CURLE_NOT_BUILT_IN; -#endif default: failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION"); @@ -2414,6 +2413,19 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex) infof(data, "Cipher selection: %s\n", ciphers); } +#ifdef HAVE_SSL_CTX_SET_CIPHERSUITES + { + char *ciphers13 = SSL_CONN_CONFIG(cipher_list13); + if(ciphers13) { + if(!SSL_CTX_set_ciphersuites(BACKEND->ctx, ciphers13)) { + failf(data, "failed setting TLS 1.3 cipher suite: %s", ciphers); + return CURLE_SSL_CIPHER; + } + infof(data, "TLS 1.3 cipher selection: %s\n", ciphers13); + } + } +#endif + #ifdef USE_TLS_SRP if(ssl_authtype == CURL_TLSAUTH_SRP) { char * const ssl_username = SSL_SET_OPTION(username); diff --git a/libs/libcurl/src/vtls/schannel.c b/libs/libcurl/src/vtls/schannel.c index 2cfd5c19f5..382efb5250 100644 --- a/libs/libcurl/src/vtls/schannel.c +++ b/libs/libcurl/src/vtls/schannel.c @@ -90,11 +90,17 @@ #endif #endif +#if defined(CryptStringToBinary) && defined(CRYPT_STRING_HEX) +#define HAS_CLIENT_CERT_PATH +#endif + +#ifdef HAS_CLIENT_CERT_PATH #ifdef UNICODE #define CURL_CERT_STORE_PROV_SYSTEM CERT_STORE_PROV_SYSTEM_W #else #define CURL_CERT_STORE_PROV_SYSTEM CERT_STORE_PROV_SYSTEM_A #endif +#endif #ifndef SP_PROT_SSL2_CLIENT #define SP_PROT_SSL2_CLIENT 0x00000008 @@ -199,6 +205,147 @@ set_ssl_version_min_max(SCHANNEL_CRED *schannel_cred, struct connectdata *conn) return CURLE_OK; } +/*longest is 26, buffer is slightly bigger*/ +#define LONGEST_ALG_ID 32 +#define CIPHEROPTION(X) \ +if(strcmp(#X, tmp) == 0) \ + return X + +static int +get_alg_id_by_name(char *name) +{ + char tmp[LONGEST_ALG_ID] = { 0 }; + char *nameEnd = strchr(name, ':'); + size_t n = nameEnd ? min((size_t)(nameEnd - name), LONGEST_ALG_ID - 1) : \ + min(strlen(name), LONGEST_ALG_ID - 1); + strncpy(tmp, name, n); + tmp[n] = 0; + CIPHEROPTION(CALG_MD2); + CIPHEROPTION(CALG_MD4); + CIPHEROPTION(CALG_MD5); + CIPHEROPTION(CALG_SHA); + CIPHEROPTION(CALG_SHA1); + CIPHEROPTION(CALG_MAC); + CIPHEROPTION(CALG_RSA_SIGN); + CIPHEROPTION(CALG_DSS_SIGN); +/*ifdefs for the options that are defined conditionally in wincrypt.h*/ +#ifdef CALG_NO_SIGN + CIPHEROPTION(CALG_NO_SIGN); +#endif + CIPHEROPTION(CALG_RSA_KEYX); + CIPHEROPTION(CALG_DES); +#ifdef CALG_3DES_112 + CIPHEROPTION(CALG_3DES_112); +#endif + CIPHEROPTION(CALG_3DES); + CIPHEROPTION(CALG_DESX); + CIPHEROPTION(CALG_RC2); + CIPHEROPTION(CALG_RC4); + CIPHEROPTION(CALG_SEAL); +#ifdef CALG_DH_SF + CIPHEROPTION(CALG_DH_SF); +#endif + CIPHEROPTION(CALG_DH_EPHEM); +#ifdef CALG_AGREEDKEY_ANY + CIPHEROPTION(CALG_AGREEDKEY_ANY); +#endif +#ifdef CALG_HUGHES_MD5 + CIPHEROPTION(CALG_HUGHES_MD5); +#endif + CIPHEROPTION(CALG_SKIPJACK); +#ifdef CALG_TEK + CIPHEROPTION(CALG_TEK); +#endif + CIPHEROPTION(CALG_CYLINK_MEK); + CIPHEROPTION(CALG_SSL3_SHAMD5); +#ifdef CALG_SSL3_MASTER + CIPHEROPTION(CALG_SSL3_MASTER); +#endif +#ifdef CALG_SCHANNEL_MASTER_HASH + CIPHEROPTION(CALG_SCHANNEL_MASTER_HASH); +#endif +#ifdef CALG_SCHANNEL_MAC_KEY + CIPHEROPTION(CALG_SCHANNEL_MAC_KEY); +#endif +#ifdef CALG_SCHANNEL_ENC_KEY + CIPHEROPTION(CALG_SCHANNEL_ENC_KEY); +#endif +#ifdef CALG_PCT1_MASTER + CIPHEROPTION(CALG_PCT1_MASTER); +#endif +#ifdef CALG_SSL2_MASTER + CIPHEROPTION(CALG_SSL2_MASTER); +#endif +#ifdef CALG_TLS1_MASTER + CIPHEROPTION(CALG_TLS1_MASTER); +#endif +#ifdef CALG_RC5 + CIPHEROPTION(CALG_RC5); +#endif +#ifdef CALG_HMAC + CIPHEROPTION(CALG_HMAC); +#endif + CIPHEROPTION(CALG_TLS1PRF); +#ifdef CALG_HASH_REPLACE_OWF + CIPHEROPTION(CALG_HASH_REPLACE_OWF); +#endif +#ifdef CALG_AES_128 + CIPHEROPTION(CALG_AES_128); +#endif +#ifdef CALG_AES_192 + CIPHEROPTION(CALG_AES_192); +#endif +#ifdef CALG_AES_256 + CIPHEROPTION(CALG_AES_256); +#endif +#ifdef CALG_AES + CIPHEROPTION(CALG_AES); +#endif +#ifdef CALG_SHA_256 + CIPHEROPTION(CALG_SHA_256); +#endif +#ifdef CALG_SHA_384 + CIPHEROPTION(CALG_SHA_384); +#endif +#ifdef CALG_SHA_512 + CIPHEROPTION(CALG_SHA_512); +#endif +#ifdef CALG_ECDH + CIPHEROPTION(CALG_ECDH); +#endif +#ifdef CALG_ECMQV + CIPHEROPTION(CALG_ECMQV); +#endif +#ifdef CALG_ECDSA + CIPHEROPTION(CALG_ECDSA); +#endif + return 0; +} + +static CURLcode +set_ssl_ciphers(SCHANNEL_CRED *schannel_cred, char *ciphers) +{ + char *startCur = ciphers; + int algCount = 0; + static ALG_ID algIds[45]; /*There are 45 listed in the MS headers*/ + while(startCur && (0 != *startCur) && (algCount < 45)) { + long alg = strtol(startCur, 0, 0); + if(!alg) + alg = get_alg_id_by_name(startCur); + if(alg) + algIds[algCount++] = alg; + else + return CURLE_SSL_CIPHER; + startCur = strchr(startCur, ':'); + if(startCur) + startCur++; + } + schannel_cred->palgSupportedAlgs = algIds; + schannel_cred->cSupportedAlgs = algCount; + return CURLE_OK; +} + +#ifdef HAS_CLIENT_CERT_PATH static CURLcode get_cert_location(TCHAR *path, DWORD *store_name, TCHAR **store_path, TCHAR **thumbprint) @@ -248,6 +395,7 @@ get_cert_location(TCHAR *path, DWORD *store_name, TCHAR **store_path, return CURLE_OK; } +#endif static CURLcode schannel_connect_step1(struct connectdata *conn, int sockindex) @@ -299,10 +447,15 @@ schannel_connect_step1(struct connectdata *conn, int sockindex) #endif #ifdef _WIN32_WCE +#ifdef HAS_MANUAL_VERIFY_API /* certificate validation on CE doesn't seem to work right; we'll * do it following a more manual process. */ BACKEND->use_manual_cred_validation = true; #else +#error "compiler too old to support requisite manual cert verify for Win CE" +#endif +#else +#ifdef HAS_MANUAL_VERIFY_API if(SSL_CONN_CONFIG(CAfile)) { if(Curl_verify_windows_version(6, 1, PLATFORM_WINNT, VERSION_GREATER_THAN_EQUAL)) { @@ -316,6 +469,12 @@ schannel_connect_step1(struct connectdata *conn, int sockindex) } else BACKEND->use_manual_cred_validation = false; +#else + if(SSL_CONN_CONFIG(CAfile)) { + failf(data, "schannel: CA cert support not built in"); + return CURLE_NOT_BUILT_IN; + } +#endif #endif BACKEND->cred = NULL; @@ -341,9 +500,11 @@ schannel_connect_step1(struct connectdata *conn, int sockindex) schannel_cred.dwVersion = SCHANNEL_CRED_VERSION; if(conn->ssl_config.verifypeer) { +#ifdef HAS_MANUAL_VERIFY_API if(BACKEND->use_manual_cred_validation) schannel_cred.dwFlags = SCH_CRED_MANUAL_CRED_VALIDATION; else +#endif schannel_cred.dwFlags = SCH_CRED_AUTO_CRED_VALIDATION; /* TODO s/data->set.ssl.no_revoke/SSL_SET_OPTION(no_revoke)/g */ @@ -401,6 +562,16 @@ schannel_connect_step1(struct connectdata *conn, int sockindex) return CURLE_SSL_CONNECT_ERROR; } + if(SSL_CONN_CONFIG(cipher_list)) { + result = set_ssl_ciphers(&schannel_cred, SSL_CONN_CONFIG(cipher_list)); + if(CURLE_OK != result) { + failf(data, "Unable to set ciphers to passed via SSL_CONN_CONFIG"); + return result; + } + } + + +#ifdef HAS_CLIENT_CERT_PATH /* client certificate */ if(data->set.ssl.cert) { DWORD cert_store_name; @@ -417,6 +588,8 @@ schannel_connect_step1(struct connectdata *conn, int sockindex) result = get_cert_location(cert_path, &cert_store_name, &cert_store_path, &cert_thumbprint_str); if(result != CURLE_OK) { + failf(data, "schannel: Failed to get certificate location for %s", + cert_path); Curl_unicodefree(cert_path); return result; } @@ -425,6 +598,8 @@ schannel_connect_step1(struct connectdata *conn, int sockindex) (HCRYPTPROV)NULL, cert_store_name, cert_store_path); if(!cert_store) { + failf(data, "schannel: Failed to open cert store %s %s", + cert_store_name, cert_store_path); Curl_unicodefree(cert_path); return CURLE_SSL_CONNECT_ERROR; } @@ -453,6 +628,12 @@ schannel_connect_step1(struct connectdata *conn, int sockindex) CertCloseStore(cert_store, 0); } +#else + if(data->set.ssl.cert) { + failf(data, "schannel: client cert support not built in"); + return CURLE_NOT_BUILT_IN; + } +#endif /* allocate memory for the re-usable credential handle */ BACKEND->cred = (struct curl_schannel_cred *) @@ -877,9 +1058,11 @@ schannel_connect_step2(struct connectdata *conn, int sockindex) } } +#ifdef HAS_MANUAL_VERIFY_API if(conn->ssl_config.verifypeer && BACKEND->use_manual_cred_validation) { return verify_certificate(conn, sockindex); } +#endif return CURLE_OK; } @@ -1819,7 +2002,7 @@ static CURLcode pkp_pin_peer_pubkey(struct connectdata *conn, int sockindex, x509_der = (const char *)pCertContextServer->pbCertEncoded; x509_der_len = pCertContextServer->cbCertEncoded; - memset(&x509_parsed, 0, sizeof x509_parsed); + memset(&x509_parsed, 0, sizeof(x509_parsed)); if(Curl_parseX509(&x509_parsed, x509_der, x509_der + x509_der_len)) break; @@ -1870,7 +2053,8 @@ static void Curl_schannel_checksum(const unsigned char *input, if(!CryptCreateHash(hProv, algId, 0, 0, &hHash)) break; /* failed */ - if(!CryptHashData(hHash, (const BYTE*)input, (DWORD)inputlen, 0)) + /* workaround for original MinGW, should be (const BYTE*) */ + if(!CryptHashData(hHash, (BYTE*)input, (DWORD)inputlen, 0)) break; /* failed */ /* get hash size */ diff --git a/libs/libcurl/src/vtls/schannel.h b/libs/libcurl/src/vtls/schannel.h index 4476900270..51417affe1 100644 --- a/libs/libcurl/src/vtls/schannel.h +++ b/libs/libcurl/src/vtls/schannel.h @@ -32,12 +32,44 @@ #include "urldata.h" +/* <wincrypt.h> has been included via the above <schnlsp.h>. + * Or in case of ldap.c, it was included via <winldap.h>. + * And since <wincrypt.h> has this: + * #define X509_NAME ((LPCSTR) 7) + * + * And in BoringSSL's <openssl/base.h> there is: + * typedef struct X509_name_st X509_NAME; + * etc. + * + * this wil cause all kinds of C-preprocessing paste errors in + * BoringSSL's <openssl/x509.h>: So just undefine those defines here + * (and only here). + */ +#if defined(HAVE_BORINGSSL) || defined(OPENSSL_IS_BORINGSSL) +# undef X509_NAME +# undef X509_CERT_PAIR +# undef X509_EXTENSIONS +#endif + extern const struct Curl_ssl Curl_ssl_schannel; CURLcode verify_certificate(struct connectdata *conn, int sockindex); /* structs to expose only in schannel.c and schannel_verify.c */ #ifdef EXPOSE_SCHANNEL_INTERNAL_STRUCTS + +#ifdef __MINGW32__ +#include <_mingw.h> +#ifdef __MINGW64_VERSION_MAJOR +#define HAS_MANUAL_VERIFY_API +#endif +#else +#include <wincrypt.h> +#ifdef CERT_CHAIN_REVOCATION_CHECK_CHAIN +#define HAS_MANUAL_VERIFY_API +#endif +#endif + struct curl_schannel_cred { CredHandle cred_handle; TimeStamp time_stamp; @@ -66,7 +98,9 @@ struct ssl_backend_data { bool recv_sspi_close_notify; /* true if connection closed by close_notify */ bool recv_connection_closed; /* true if connection closed, regardless how */ bool use_alpn; /* true if ALPN is used for this connection */ +#ifdef HAS_MANUAL_VERIFY_API bool use_manual_cred_validation; /* true if manual cred validation is used */ +#endif }; #endif /* EXPOSE_SCHANNEL_INTERNAL_STRUCTS */ diff --git a/libs/libcurl/src/vtls/schannel_verify.c b/libs/libcurl/src/vtls/schannel_verify.c index db187dd6bf..5a7092a21a 100644 --- a/libs/libcurl/src/vtls/schannel_verify.c +++ b/libs/libcurl/src/vtls/schannel_verify.c @@ -30,14 +30,15 @@ #include "curl_setup.h" #ifdef USE_SCHANNEL - -#define EXPOSE_SCHANNEL_INTERNAL_STRUCTS - #ifndef USE_WINDOWS_SSPI # error "Can't compile SCHANNEL support without SSPI." #endif +#define EXPOSE_SCHANNEL_INTERNAL_STRUCTS #include "schannel.h" + +#ifdef HAS_MANUAL_VERIFY_API + #include "vtls.h" #include "sendf.h" #include "strerror.h" @@ -53,7 +54,7 @@ #define BACKEND connssl->backend #define MAX_CAFILE_SIZE 1048576 /* 1 MiB */ -#define BEGIN_CERT "-----BEGIN CERTIFICATE-----\n" +#define BEGIN_CERT "-----BEGIN CERTIFICATE-----" #define END_CERT "\n-----END CERTIFICATE-----" typedef struct { @@ -71,6 +72,10 @@ typedef struct { HCERTSTORE hExclusiveTrustedPeople; } CERT_CHAIN_ENGINE_CONFIG_WIN7, *PCERT_CHAIN_ENGINE_CONFIG_WIN7; +static int is_cr_or_lf(char c) +{ + return c == '\r' || c == '\n'; +} static CURLcode add_certs_to_store(HCERTSTORE trust_store, const char *ca_file, @@ -177,7 +182,7 @@ static CURLcode add_certs_to_store(HCERTSTORE trust_store, current_ca_file_ptr = ca_file_buffer; while(more_certs && *current_ca_file_ptr != '\0') { char *begin_cert_ptr = strstr(current_ca_file_ptr, BEGIN_CERT); - if(!begin_cert_ptr) { + if(!begin_cert_ptr || !is_cr_or_lf(begin_cert_ptr[strlen(BEGIN_CERT)])) { more_certs = 0; } else { @@ -209,7 +214,7 @@ static CURLcode add_certs_to_store(HCERTSTORE trust_store, NULL, NULL, NULL, - &cert_context)) { + (const void **)&cert_context)) { failf(data, "schannel: failed to extract certificate from CA file " @@ -548,4 +553,5 @@ CURLcode verify_certificate(struct connectdata *conn, int sockindex) return result; } +#endif /* HAS_MANUAL_VERIFY_API */ #endif /* USE_SCHANNEL */ diff --git a/libs/libcurl/src/vtls/vtls.c b/libs/libcurl/src/vtls/vtls.c index ee5bc7a0a6..bf96518bcb 100644 --- a/libs/libcurl/src/vtls/vtls.c +++ b/libs/libcurl/src/vtls/vtls.c @@ -980,6 +980,14 @@ bool Curl_ssl_false_start(void) } /* + * Check whether the SSL backend supports setting TLS 1.3 cipher suites + */ +bool Curl_ssl_tls13_ciphersuites(void) +{ + return Curl_ssl->supports & SSLSUPP_TLS13_CIPHERSUITES; +} + +/* * Default implementations for unsupported functions. */ diff --git a/libs/libcurl/src/vtls/vtls.h b/libs/libcurl/src/vtls/vtls.h index e7b87c4d3f..40f9d74793 100644 --- a/libs/libcurl/src/vtls/vtls.h +++ b/libs/libcurl/src/vtls/vtls.h @@ -31,6 +31,7 @@ struct ssl_connect_data; #define SSLSUPP_PINNEDPUBKEY (1<<2) /* supports CURLOPT_PINNEDPUBLICKEY */ #define SSLSUPP_SSL_CTX (1<<3) /* supports CURLOPT_SSL_CTX */ #define SSLSUPP_HTTPS_PROXY (1<<4) /* supports access via HTTPS proxies */ +#define SSLSUPP_TLS13_CIPHERSUITES (1<<5) /* supports TLS 1.3 ciphersuites */ struct Curl_ssl { /* @@ -93,6 +94,7 @@ CURLcode Curl_none_set_engine(struct Curl_easy *data, const char *engine); CURLcode Curl_none_set_engine_default(struct Curl_easy *data); struct curl_slist *Curl_none_engines_list(struct Curl_easy *data); bool Curl_none_false_start(void); +bool Curl_ssl_tls13_ciphersuites(void); CURLcode Curl_none_md5sum(unsigned char *input, size_t inputlen, unsigned char *md5sum, size_t md5len); @@ -246,7 +248,7 @@ bool Curl_ssl_false_start(void); #define SSL_SHUTDOWN_TIMEOUT 10000 /* ms */ -#else +#else /* if not USE_SSL */ /* When SSL support is not present, just define away these function calls */ #define Curl_ssl_init() 1 @@ -270,6 +272,7 @@ bool Curl_ssl_false_start(void); #define Curl_ssl_random(x,y,z) ((void)x, CURLE_NOT_BUILT_IN) #define Curl_ssl_cert_status_request() FALSE #define Curl_ssl_false_start() FALSE +#define Curl_ssl_tls13_ciphersuites() FALSE #endif #endif /* HEADER_CURL_VTLS_H */ diff --git a/libs/libcurl/src/x509asn1.c b/libs/libcurl/src/x509asn1.c index bba20233f2..052bcad7e3 100644 --- a/libs/libcurl/src/x509asn1.c +++ b/libs/libcurl/src/x509asn1.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -712,7 +712,7 @@ int Curl_parseX509(curl_X509certificate *cert, /* Get optional version, get serialNumber. */ cert->version.header = NULL; cert->version.beg = &defaultVersion; - cert->version.end = &defaultVersion + sizeof defaultVersion;; + cert->version.end = &defaultVersion + sizeof(defaultVersion); beg = Curl_getASN1Element(&elem, beg, end); if(elem.tag == 0) { Curl_getASN1Element(&cert->version, elem.beg, elem.end); |