summaryrefslogtreecommitdiff
path: root/libs
diff options
context:
space:
mode:
Diffstat (limited to 'libs')
-rw-r--r--libs/libcurl/docs/CHANGES7749
-rw-r--r--libs/libcurl/docs/COPYING2
-rw-r--r--libs/libcurl/docs/THANKS103
-rw-r--r--libs/libcurl/include/curl/curl.h19
-rw-r--r--libs/libcurl/include/curl/curlver.h8
-rw-r--r--libs/libcurl/include/curl/urlapi.h4
-rw-r--r--libs/libcurl/src/Makefile.am9
-rw-r--r--libs/libcurl/src/Makefile.in24
-rw-r--r--libs/libcurl/src/asyn-ares.c19
-rw-r--r--libs/libcurl/src/asyn-thread.c25
-rw-r--r--libs/libcurl/src/asyn.h27
-rw-r--r--libs/libcurl/src/config-win32.h4
-rw-r--r--libs/libcurl/src/conncache.c18
-rw-r--r--libs/libcurl/src/conncache.h5
-rw-r--r--libs/libcurl/src/cookie.c72
-rw-r--r--libs/libcurl/src/cookie.h5
-rw-r--r--libs/libcurl/src/curl_config.h.in3
-rw-r--r--libs/libcurl/src/curl_sasl.c7
-rw-r--r--libs/libcurl/src/doh.c4
-rw-r--r--libs/libcurl/src/easy.c4
-rw-r--r--libs/libcurl/src/ftp.c6
-rw-r--r--libs/libcurl/src/getinfo.c4
-rw-r--r--libs/libcurl/src/gopher.c18
-rw-r--r--libs/libcurl/src/hostip.c30
-rw-r--r--libs/libcurl/src/http.c64
-rw-r--r--libs/libcurl/src/http.h3
-rw-r--r--libs/libcurl/src/http2.c10
-rw-r--r--libs/libcurl/src/http_negotiate.c15
-rw-r--r--libs/libcurl/src/http_ntlm.c3
-rw-r--r--libs/libcurl/src/http_proxy.c4
-rw-r--r--libs/libcurl/src/if2ip.c34
-rw-r--r--libs/libcurl/src/if2ip.h4
-rw-r--r--libs/libcurl/src/imap.c15
-rw-r--r--libs/libcurl/src/libcurl.plist6
-rw-r--r--libs/libcurl/src/multi.c545
-rw-r--r--libs/libcurl/src/multiif.h6
-rw-r--r--libs/libcurl/src/objnames-test08.sh217
-rw-r--r--libs/libcurl/src/objnames-test10.sh217
-rw-r--r--libs/libcurl/src/objnames.inc107
-rw-r--r--libs/libcurl/src/pingpong.c9
-rw-r--r--libs/libcurl/src/pingpong.h7
-rw-r--r--libs/libcurl/src/pop3.c15
-rw-r--r--libs/libcurl/src/setopt.c45
-rw-r--r--libs/libcurl/src/sigpipe.h5
-rw-r--r--libs/libcurl/src/smb.c9
-rw-r--r--libs/libcurl/src/smtp.c19
-rw-r--r--libs/libcurl/src/ssh-libssh.c22
-rw-r--r--libs/libcurl/src/ssh.c5
-rw-r--r--libs/libcurl/src/stdafx.cxx2
-rw-r--r--libs/libcurl/src/stdafx.h3
-rw-r--r--libs/libcurl/src/timeval.c52
-rw-r--r--libs/libcurl/src/timeval.h4
-rw-r--r--libs/libcurl/src/transfer.c184
-rw-r--r--libs/libcurl/src/url.c55
-rw-r--r--libs/libcurl/src/url.h5
-rw-r--r--libs/libcurl/src/urlapi.c45
-rw-r--r--libs/libcurl/src/urldata.h41
-rw-r--r--libs/libcurl/src/vauth/digest_sspi.c4
-rw-r--r--libs/libcurl/src/vauth/ntlm.c26
-rw-r--r--libs/libcurl/src/vauth/ntlm_sspi.c43
-rw-r--r--libs/libcurl/src/vauth/spnego_sspi.c45
-rw-r--r--libs/libcurl/src/vtls/cyassl.c8
-rw-r--r--libs/libcurl/src/vtls/darwinssl.c3
-rw-r--r--libs/libcurl/src/vtls/mbedtls.c16
-rw-r--r--libs/libcurl/src/vtls/openssl.c16
-rw-r--r--libs/libcurl/src/vtls/schannel.c62
-rw-r--r--libs/libcurl/src/vtls/schannel_verify.c6
67 files changed, 8979 insertions, 1196 deletions
diff --git a/libs/libcurl/docs/CHANGES b/libs/libcurl/docs/CHANGES
new file mode 100644
index 0000000000..b03c666643
--- /dev/null
+++ b/libs/libcurl/docs/CHANGES
@@ -0,0 +1,7749 @@
+ _ _ ____ _
+ ___| | | | _ \| |
+ / __| | | | |_) | |
+ | (__| |_| | _ <| |___
+ \___|\___/|_| \_\_____|
+
+ Changelog
+
+Version 7.64.0 (6 Feb 2019)
+
+Daniel Stenberg (6 Feb 2019)
+- RELEASE-NOTES: 7.64.0
+
+- RELEASE-PROCEDURE: update the release calendar
+
+- THANKS: 7.64.0 status
+
+Daniel Gustafsson (5 Feb 2019)
+- ROADMAP: remove already performed item
+
+ Commit 7a09b52c98ac8d840a8a9907b1a1d9a9e684bcf5 introduced support
+ for the draft-ietf-httpbis-cookie-alone-01 cookie draft, and while
+ the entry was removed from the TODO it was mistakenly left here.
+ Fix by removing and rewording the entry slightly.
+
+ Closes #3530
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+
+- [Etienne Simard brought this change]
+
+ CONTRIBUTE.md: Fix grammatical errors
+
+ Fix grammatical errors making the document read better. Also fixes
+ a typo.
+
+ Closes #3525
+ Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
+
+Daniel Stenberg (4 Feb 2019)
+- [Julian Z brought this change]
+
+ docs: use $(INSTALL_DATA) to install man page
+
+ Fixes #3518
+ Closes #3522
+
+Jay Satiro (4 Feb 2019)
+- [Ladar Levison brought this change]
+
+ runtests.pl: Fix perl call to include srcdir
+
+ - Use explicit include opt for perl calls.
+
+ Prior to this change some scripts couldn't find their dependencies.
+
+ At the top, perl is called using with the "-Isrcdir" option, and it
+ works:
+
+ https://github.com/curl/curl/blob/curl-7_63_0/tests/runtests.pl#L183
+
+ But on line 3868, that option is omitted. This caused problems for me,
+ as the symbol-scan.pl script in particular couldn't find its
+ dependencies properly:
+
+ https://github.com/curl/curl/blob/curl-7_63_0/tests/runtests.pl#L3868
+
+ This patch fixes that oversight by making calls to perl sub-shells
+ uniform.
+
+ Closes https://github.com/curl/curl/pull/3496
+
+Daniel Stenberg (4 Feb 2019)
+- [Daniel Gustafsson brought this change]
+
+ smtp: avoid risk of buffer overflow in strtol
+
+ If the incoming len 5, but the buffer does not have a termination
+ after 5 bytes, the strtol() call may keep reading through the line
+ buffer until is exceeds its boundary. Fix by ensuring that we are
+ using a bounded read with a temporary buffer on the stack.
+
+ Bug: https://curl.haxx.se/docs/CVE-2019-3823.html
+ Reported-by: Brian Carpenter (Geeknik Labs)
+ CVE-2019-3823
+
+- ntlm: fix *_type3_message size check to avoid buffer overflow
+
+ Bug: https://curl.haxx.se/docs/CVE-2019-3822.html
+ Reported-by: Wenxiang Qian
+ CVE-2019-3822
+
+- NTLM: fix size check condition for type2 received data
+
+ Bug: https://curl.haxx.se/docs/CVE-2018-16890.html
+ Reported-by: Wenxiang Qian
+ CVE-2018-16890
+
+Marcel Raad (1 Feb 2019)
+- [georgeok brought this change]
+
+ spnego_sspi: add support for channel binding
+
+ Attempt to add support for Secure Channel binding when negotiate
+ authentication is used. The problem to solve is that by default IIS
+ accepts channel binding and curl doesn't utilise them. The result was a
+ 401 response. Scope affects only the Schannel(winssl)-SSPI combination.
+
+ Fixes https://github.com/curl/curl/issues/3503
+ Closes https://github.com/curl/curl/pull/3509
+
+Daniel Stenberg (1 Feb 2019)
+- RELEASE-NOTES: synced
+
+- schannel: stop calling it "winssl"
+
+ Stick to "Schannel" everywhere. The configure option --with-winssl is
+ kept to allow existing builds to work but --with-schannel is added as an
+ alias.
+
+ Closes #3504
+
+- multi: set the EXPIRE_*TIMEOUT timers at TIMER_STARTSINGLE time
+
+ To make sure Curl_timeleft() also thinks the timeout has been reached
+ when one of the EXPIRE_*TIMEOUTs expires.
+
+ Bug: https://curl.haxx.se/mail/lib-2019-01/0073.html
+ Reported-by: Zhao Yisha
+ Closes #3501
+
+- [John Marshall brought this change]
+
+ doc: use meaningless port number in CURLOPT_LOCALPORT example
+
+ Use an ephemeral port number here; previously the example had 8080
+ which could be confusing as the common web server port number might
+ be misinterpreted as suggesting this option affects the remote port.
+
+ URL: https://curl.haxx.se/mail/lib-2019-01/0084.html
+ Closes #3513
+
+GitHub (29 Jan 2019)
+- [Gisle Vanem brought this change]
+
+ Escape the '\'
+
+ A backslash should be escaped in Roff / Troff.
+
+Jay Satiro (29 Jan 2019)
+- TODO: WinSSL: 'Add option to disable client cert auto-send'
+
+ By default WinSSL selects and send a client certificate automatically,
+ but for privacy and consistency we should offer an option to disable the
+ default auto-send behavior.
+
+ Reported-by: Jeroen Ooms
+
+ Closes https://github.com/curl/curl/issues/2262
+
+Daniel Stenberg (28 Jan 2019)
+- [Jeremie Rapin brought this change]
+
+ sigpipe: if mbedTLS is used, ignore SIGPIPE
+
+ mbedTLS doesn't have a sigpipe management. If a write/read occurs when
+ the remote closes the socket, the signal is raised and kills the
+ application. Use the curl mecanisms fix this behavior.
+
+ Signed-off-by: Jeremie Rapin <j.rapin@overkiz.com>
+
+ Closes #3502
+
+- unit1653: make it survive torture tests
+
+Jay Satiro (28 Jan 2019)
+- [Michael Kujawa brought this change]
+
+ timeval: Disable MSVC Analyzer GetTickCount warning
+
+ Compiling with msvc /analyze and a recent Windows SDK warns against
+ using GetTickCount (Suggests to use GetTickCount64 instead.)
+
+ Since GetTickCount is only being used when GetTickCount64 isn't
+ available, I am disabling that warning.
+
+ Fixes https://github.com/curl/curl/issues/3437
+ Closes https://github.com/curl/curl/pull/3440
+
+Daniel Stenberg (26 Jan 2019)
+- configure: rewrite --enable-code-coverage
+
+ The previously used ax_code_coverage.m4 is not license compatible and
+ must not be used.
+
+ Reported-by: William A. Rowe Jr
+ Fixes #3497
+ Closes #3499
+
+- [Felix Hädicke brought this change]
+
+ setopt: enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION for libssh
+
+ CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION are supported for
+ libssh as well. So accepting these options only when compiling with
+ libssh2 is wrong here.
+
+ Fixes #3493
+ Closes #3494
+
+- [Felix Hädicke brought this change]
+
+ libssh: do not let libssh create socket
+
+ By default, libssh creates a new socket, instead of using the socket
+ created by curl for SSH connections.
+
+ Pass the socket created by curl to libssh using ssh_options_set() with
+ SSH_OPTIONS_FD directly after ssh_new(). So libssh uses our socket
+ instead of creating a new one.
+
+ This approach is very similar to what is done in the libssh2 code, where
+ the socket created by curl is passed to libssh2 when
+ libssh2_session_startup() is called.
+
+ Fixes #3491
+ Closes #3495
+
+- RELEASE-NOTES: synced
+
+- [Archangel_SDY brought this change]
+
+ schannel: preserve original certificate path parameter
+
+ Fixes #3480
+ Closes #3487
+
+- KNOWN_BUGS: tests not compatible with python3
+
+ Closes #3289
+ [skip ci]
+
+Daniel Gustafsson (20 Jan 2019)
+- memcmp: avoid doing single char memcmp
+
+ There is no real gain in performing memcmp() comparisons on single
+ characters, so change these to array subscript inspections which
+ saves a call and makes the code clearer.
+
+ Closes #3486
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+ Reviewed-by: Jay Satiro <raysatiro@yahoo.com>
+
+Daniel Stenberg (19 Jan 2019)
+- COPYING: it's 2019
+
+ [skip ci]
+
+- [hhb brought this change]
+
+ configure: fix recv/send/select detection on Android
+
+ This reverts commit d4f25201fb7da03fc88f90d51101beb3d0026db9.
+
+ The overloadable attribute is removed again starting from
+ NDK17. Actually they only exist in two NDK versions (15 and 16). With
+ overloadable, the first condition tried will succeed. Results in wrong
+ detection result.
+
+ Closes #3484
+
+Marcel Raad (19 Jan 2019)
+- [georgeok brought this change]
+
+ ntlm_sspi: add support for channel binding
+
+ Windows extended potection (aka ssl channel binding) is required
+ to login to ntlm IIS endpoint, otherwise the server returns 401
+ responses.
+
+ Fixes #3280
+ Closes #3321
+
+Daniel Stenberg (18 Jan 2019)
+- schannel: on connection close there might not be a transfer
+
+ Reported-by: Marcel Raad
+ Fixes #3412
+ Closes #3483
+
+- [Joel Depooter brought this change]
+
+ ssh: log the libssh2 error message when ssh session startup fails
+
+ When a ssh session startup fails, it is useful to know why it has
+ failed. This commit changes the message from:
+ "Failure establishing ssh session"
+ to something like this, for example:
+ "Failure establishing ssh session: -5, Unable to exchange encryption keys"
+
+ Closes #3481
+
+Alessandro Ghedini (16 Jan 2019)
+- Fix typo in manpage
+
+Daniel Stenberg (16 Jan 2019)
+- RELEASE-NOTES: synced
+
+Sergei Nikulov (16 Jan 2019)
+- cmake: updated check for HAVE_POLL_FINE to match autotools
+
+Daniel Stenberg (16 Jan 2019)
+- curl-compilers.m4: check for __ibmxl__ to detect xlclang
+
+ Follow-up to 2fa0d57e2e3. The __xlc__ symbol is only defined there if a
+ particular flag is used for legacy macros.
+
+ Fixes #3474
+ Closes #3479
+
+- openssl: fix the SSL_get_tlsext_status_ocsp_resp call
+
+ .... to not pass in a const in the second argument as that's not how it
+ is supposed to be used and might cause compiler warnings.
+
+ Reported-by: Pavel Pavlov
+ Fixes #3477
+ Closes #3478
+
+- curl-compilers.m4: detect xlclang
+
+ Since it isn't totally clang compatible, we detect this IBM clang
+ front-end and if detected, avoids some clang specific magic.
+
+ Reported-by: Kees Dekker
+ Fixes #3474
+ Closes #3476
+
+- README: add codacy code quality badge
+
+ [skip ci]
+
+- extract_if_dead: follow-up to 54b201b48c90a
+
+ extract_if_dead() dead is called from two functions, and only one of
+ them should get conn->data updated and now neither call path clears it.
+
+ scan-build found a case where conn->data would be NULL dereferenced in
+ ConnectionExists() otherwise.
+
+ Closes #3473
+
+- multi: remove "Dead assignment"
+
+ Found by scan-build. Follow-up to 4c35574bb785ce.
+
+ Closes #3471
+
+- tests: move objnames-* from lib into tests
+
+ Since they're used purely for testing purposes, I think they should
+ rather be stored there.
+
+ Closes #3470
+
+Sergei Nikulov (15 Jan 2019)
+- travis: added cmake build for osx
+
+Daniel Stenberg (14 Jan 2019)
+- [Frank Gevaerts brought this change]
+
+ cookie: fix comment typo (url_path_len -> uri_path_len)
+
+ Closes #3469
+
+Marcel Raad (14 Jan 2019)
+- winbuild: conditionally use /DZLIB_WINAPI
+
+ zlibwapi.lib (dynamic library) and zlibstat.lib (static library) have
+ the ZLIB_WINAPI define set by default. Using them requires that define
+ too.
+
+ Ref: https://zlib.net/DLL_FAQ.txt
+
+ Fixes https://github.com/curl/curl/issues/3133
+ Closes https://github.com/curl/curl/pull/3460
+
+Daniel Stenberg (14 Jan 2019)
+- src/Makefile: make 'tidy' target work for metalink builds
+
+- extract_if_dead: use a known working transfer when checking connections
+
+ Make sure that this function sets a proper "live" transfer for the
+ connection before calling the protocol-specific connection check
+ function, and then clear it again afterward as a non-used connection has
+ no current transfer.
+
+ Reported-by: Jeroen Ooms
+ Reviewed-by: Marcel Raad
+ Reviewed-by: Daniel Gustafsson
+ Fixes #3463
+ Closes #3464
+
+- openssl: adapt to 3.0.0, OpenSSL_version_num() is deprecated
+
+ OpenSSL_version() replaces OpenSSL_version_num()
+
+ Closes #3462
+
+Sergei Nikulov (11 Jan 2019)
+- cmake: added checks for HAVE_VARIADIC_MACROS_C99 and HAVE_VARIADIC_MACROS_GCC
+
+Daniel Stenberg (11 Jan 2019)
+- urldata: rename easy_conn to just conn
+
+ We use "conn" everywhere to be a pointer to the connection.
+
+ Introduces two functions that "attaches" and "detaches" the connection
+ to and from the transfer.
+
+ Going forward, we should favour using "data->conn" (since a transfer
+ always only has a single connection or none at all) to "conn->data"
+ (since a connection can have none, one or many transfers associated with
+ it and updating conn->data to be correct is error prone and a frequent
+ reason for internal issues).
+
+ Closes #3442
+
+- tool_cb_prg: avoid integer overflow
+
+ When calculating the progress bar width.
+
+ Reported-by: Peng Li
+ Fixes #3456
+ Closes #3458
+
+Daniel Gustafsson (11 Jan 2019)
+- travis: turn off copyright year checks in checksrc
+
+ Invoking the maintainer intended COPYRIGHTYEAR check for everyone
+ in the PR pipeline is too invasive, especially at the turn of the
+ year when many files get affected. Remove and leave it as a tool
+ for maintainers to verify patches before commits.
+
+ This reverts f7bdf4b2e1d81b2652b81b9b3029927589273b41.
+
+ After discussion with: Daniel Stenberg
+
+Daniel Stenberg (10 Jan 2019)
+- KNOWN_BUGS: cmake makes unusable tool_hugehelp.c with MinGW
+
+ Closes #3125
+
+- KNOWN_BUGS: Improve --data-urlencode space encoding
+
+ Closes #3229
+
+Patrick Monnerat (10 Jan 2019)
+- os400: add a missing closing bracket
+
+ See https://github.com/curl/curl/issues/3453#issuecomment-453054458
+
+ Reported-by: jonrumsey on github
+
+- os400: fix extra parameter syntax error.
+
+ Reported-by: jonrumsey on github
+ Closes #3453
+
+Daniel Stenberg (10 Jan 2019)
+- test1558: verify CURLINFO_PROTOCOL on file:// transfer
+
+ Attempt to reproduce issue #3444.
+
+ Closes #3447
+
+- RELEASE-NOTES: synced
+
+- xattr: strip credentials from any URL that is stored
+
+ Both user and password are cleared uncondtitionally.
+
+ Added unit test 1621 to verify.
+
+ Fixes #3423
+ Closes #3433
+
+- cookies: allow secure override when done over HTTPS
+
+ Added test 1562 to verify.
+
+ Reported-by: Jeroen Ooms
+ Fixes #3445
+ Closes #3450
+
+- multi: multiplexing improvements
+
+ Fixes #3436
+ Closes #3448
+
+ Problem 1
+
+ After LOTS of scratching my head, I eventually realized that even when doing
+ 10 uploads in parallel, sometimes the socket callback to the application that
+ tells it what to wait for on the socket, looked like it would reflect the
+ status of just the single transfer that just changed state.
+
+ Digging into the code revealed that this was indeed the truth. When multiple
+ transfers are using the same connection, the application did not correctly get
+ the *combined* flags for all transfers which then could make it switch to READ
+ (only) when in fact most transfers wanted to get told when the socket was
+ WRITEABLE.
+
+ Problem 1b
+
+ A separate but related regression had also been introduced by me when I
+ cleared connection/transfer association better a while ago, as now the logic
+ couldn't find the connection and see if that was marked as used by more
+ transfers and then it would also prematurely remove the socket from the socket
+ hash table even in times other transfers were still using it!
+
+ Fix 1
+
+ Make sure that each socket stored in the socket hash has a "combined" action
+ field of what to ask the application to wait for, that is potentially the ORed
+ action of multiple parallel transfers. And remove that socket hash entry only
+ if there are no transfers left using it.
+
+ Problem 2
+
+ The socket hash entry stored an association to a single transfer using that
+ socket - and when curl_multi_socket_action() was called to tell libcurl about
+ activities on that specific socket only that transfer was "handled".
+
+ This was WRONG, as a single socket/connection can be used by numerous parallel
+ transfers and not necessarily a single one.
+
+ Fix 2
+
+ We now store a list of handles in the socket hashtable entry and when libcurl
+ is told there's traffic for a particular socket, it now iterates over all
+ known transfers using that single socket.
+
+- test1561: improve test name
+
+ [skip ci]
+
+- [Katsuhiko YOSHIDA brought this change]
+
+ cookies: skip custom cookies when redirecting cross-site
+
+ Closes #3417
+
+- THANKS: fixups and a dedupe
+
+ [skip ci]
+
+- timediff: fix math for unsigned time_t
+
+ Bug: https://curl.haxx.se/mail/lib-2018-12/0088.html
+
+ Closes #3449
+
+- [Bernhard M. Wiedemann brought this change]
+
+ tests: allow tests to pass by 2037-02-12
+
+ similar to commit f508d29f3902104018
+
+ Closes #3443
+
+- RELEASE-NOTES: synced
+
+- [Brad Spencer brought this change]
+
+ curl_multi_remove_handle() don't block terminating c-ares requests
+
+ Added Curl_resolver_kill() for all three resolver modes, which only
+ blocks when necessary, along with test 1592 to confirm
+ curl_multi_remove_handle() doesn't block unless it must.
+
+ Closes #3428
+ Fixes #3371
+
+- Revert "http_negotiate: do not close connection until negotiation is completed"
+
+ This reverts commit 07ebaf837843124ee670e5b8c218b80b92e06e47.
+
+ This also reopens PR #3275 which brought the change now reverted.
+
+ Fixes #3384
+ Closes #3439
+
+- curl/urlapi.h: include "curl.h" first
+
+ This allows programs to include curl/urlapi.h directly.
+
+ Reviewed-by: Daniel Gustafsson
+ Reported-by: Ben Kohler
+ Fixes #3438
+ Closes #3441
+
+Marcel Raad (6 Jan 2019)
+- VS projects: fix build warning
+
+ Starting with Visual Studio 2017 Update 9, Visual Studio doesn't like
+ the MinimalRebuild option anymore and warns:
+
+ cl : Command line warning D9035: option 'Gm' has been deprecated and
+ will be removed in a future release
+
+ The option can be safely removed so that the default is used.
+
+ Closes https://github.com/curl/curl/pull/3425
+
+- schannel: fix compiler warning
+
+ When building with Unicode on MSVC, the compiler warns about freeing a
+ pointer to const in Curl_unicodefree. Fix this by declaring it as
+ non-const and casting the argument to Curl_convert_UTF8_to_tchar to
+ non-const too, like we do in all other places.
+
+ Closes https://github.com/curl/curl/pull/3435
+
+Daniel Stenberg (4 Jan 2019)
+- [Rikard Falkeborn brought this change]
+
+ printf: introduce CURL_FORMAT_TIMEDIFF_T
+
+- [Rikard Falkeborn brought this change]
+
+ printf: fix format specifiers
+
+ Closes #3426
+
+- libtest/stub_gssapi: use "real" snprintf
+
+ ... since it doesn't link with libcurl.
+
+ Reverts the commit dcd6f81025 changes from this file.
+
+ Bug: https://curl.haxx.se/mail/lib-2019-01/0000.html
+ Reported-by: Shlomi Fish
+ Reviewed-by: Daniel Gustafsson
+ Reviewed-by: Kamil Dudka
+
+ Closes #3434
+
+- INTERNALS: correct some outdated function names
+
+ Closes #3431
+
+- docs/version.d: mention MultiSSL
+
+ Reviewed-by: Daniel Gustafsson
+ Closes #3432
+
+Daniel Gustafsson (2 Jan 2019)
+- [Rikard Falkeborn brought this change]
+
+ examples: Update .gitignore
+
+ Add a few missing examples to make `make examples` not leave the
+ workspace in a dirty state.
+
+ Closes #3427
+ Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
+
+- THANKS: add more missing names
+
+ Add Adrian Burcea who made the artwork for the curl://up 2018 event
+ which was held in Stockholm, Sweden.
+
+- docs: mention potential leak in curl_slist_append
+
+ When a non-empty list is appended to, and used as the returnvalue,
+ the list pointer can leak in case of an allocation failure in the
+ curl_slist_append() call. This is correctly handled in curl code
+ usage but we weren't explicitly pointing it out in the API call
+ documentation. Fix by extending the RETURNVALUE manpage section
+ and example code.
+
+ Closes #3424
+ Reported-by: dnivras on github
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+
+Marcel Raad (1 Jan 2019)
+- tvnow: silence conversion warnings
+
+ MinGW-w64 defaults to targeting Windows 7 now, so GetTickCount64 is
+ used and the milliseconds are represented as unsigned long long,
+ leading to a compiler warning when implicitly converting them to long.
+
+Daniel Stenberg (1 Jan 2019)
+- THANKS: dedupe more names
+
+ Researched-by: Tae Wong
+
+Marcel Raad (1 Jan 2019)
+- [Markus Moeller brought this change]
+
+ ntlm: update selection of type 3 response
+
+ NTLM2 did not work i.e. no NTLMv2 response was created. Changing the
+ check seems to work.
+
+ Ref: https://winprotocoldoc.blob.core.windows.net/productionwindowsarchives/MS-NLMP/[MS-NLMP].pdf
+
+ Fixes https://github.com/curl/curl/issues/3286
+ Closes https://github.com/curl/curl/pull/3287
+ Closes https://github.com/curl/curl/pull/3415
+
+Daniel Stenberg (31 Dec 2018)
+- THANKS: added missing names from year <= 2000
+
+ Due to a report of a missing name in THANKS I manually went through an
+ old CHANGES.0 file and added many previously missing names here.
+
+Daniel Gustafsson (30 Dec 2018)
+- urlapi: fix parsing ipv6 with zone index
+
+ The previous fix for parsing IPv6 URLs with a zone index was a paddle
+ short for URLs without an explicit port. This patch fixes that case
+ and adds a unit test case.
+
+ This bug was highlighted by issue #3408, and while it's not the full
+ fix for the problem there it is an isolated bug that should be fixed
+ regardless.
+
+ Closes #3411
+ Reported-by: GitYuanQu on github
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+
+Daniel Stenberg (30 Dec 2018)
+- THANKS: dedupe Guenter Knauf
+
+ Reported-by: Tae Wong
+
+- THANKS: missing name from the 6.3.1 release!
+
+Daniel Gustafsson (27 Dec 2018)
+- RELEASE-NOTES: synced
+
+- [Claes Jakobsson brought this change]
+
+ hostip: support wildcard hosts
+
+ This adds support for wildcard hosts in CURLOPT_RESOLVE. These are
+ try-last so any non-wildcard entry is resolved first. If specified,
+ any host not matched by another CURLOPT_RESOLVE config will use this
+ as fallback.
+
+ Example send a.com to 10.0.0.1 and everything else to 10.0.0.2:
+ curl --resolve *:443:10.0.0.2 --resolve a.com:443:10.0.0.1 \
+ https://a.com https://b.com
+
+ This is probably quite similar to using:
+ --connect-to a.com:443:10.0.0.1:443 --connect-to :443:10.0.0.2:443
+
+ Closes #3406
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+
+- url: fix incorrect indentation
+
+Patrick Monnerat (26 Dec 2018)
+- os400: upgrade ILE/RPG binding.
+
+ - Trailer function support.
+ - http 0.9 option.
+ - curl_easy_upkeep.
+
+Daniel Gustafsson (25 Dec 2018)
+- FAQ: remove mention of sourceforge for github
+
+ The project bug tracker is no longer hosted at sourceforge but is now
+ hosted on the curl Github page. Update the FAQ to reflect.
+
+ Closes #3410
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+
+- openvms: fix typos in documentation
+
+- openvms: fix OpenSSL discovery on VAX
+
+ The DCL code had a typo in one of the commands which would make the
+ OpenSSL discovery on VAX fail. The correct syntax is F$ENVIRONMENT.
+
+ Closes #3407
+ Reviewed-by: Viktor Szakats <commit@vszakats.net>
+
+Daniel Stenberg (24 Dec 2018)
+- [Ruslan Baratov brought this change]
+
+ cmake: use lowercase for function name like the rest of the code
+
+ Reviewed-by: Sergei Nikulov
+
+ closes #3196
+
+- Revert "libssh: no data pointer == nothing to do"
+
+ This reverts commit c98ee5f67f497195c9 since commit f3ce38739fa fixed the
+ problem in a more generic way.
+
+- disconnect: set conn->data for protocol disconnect
+
+ Follow-up to fb445a1e18d: Set conn->data explicitly to point out the
+ current transfer when invoking the protocol-specific disconnect function
+ so that it can work correctly.
+
+ Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12173
+
+Jay Satiro (23 Dec 2018)
+- [Pavel Pavlov brought this change]
+
+ timeval: Use high resolution timestamps on Windows
+
+ - Use QueryPerformanceCounter on Windows Vista+
+
+ There is confusing info floating around that QueryPerformanceCounter
+ can leap etc, which might have been true long time ago, but no longer
+ the case nowadays (perhaps starting from WinXP?). Also, boost and
+ std::chrono::steady_clock use QueryPerformanceCounter in a similar way.
+
+ Prior to this change GetTickCount or GetTickCount64 was used, which has
+ lower resolution. That is still the case for <= XP.
+
+ Fixes https://github.com/curl/curl/issues/3309
+ Closes https://github.com/curl/curl/pull/3318
+
+Daniel Stenberg (22 Dec 2018)
+- libssh: no data pointer == nothing to do
+
+- conncache_unlock: avoid indirection by changing input argument type
+
+- disconnect: separate connections and easy handles better
+
+ Do not assume/store assocation between a given easy handle and the
+ connection if it can be avoided.
+
+ Long-term, the 'conn->data' pointer should probably be removed as it is a
+ little too error-prone. Still used very widely though.
+
+ Reported-by: masbug on github
+ Fixes #3391
+ Closes #3400
+
+- libssh: free sftp_canonicalize_path() data correctly
+
+ Assisted-by: Harry Sintonen
+
+ Fixes #3402
+ Closes #3403
+
+- RELEASE-NOTES: synced
+
+- http: added options for allowing HTTP/0.9 responses
+
+ Added CURLOPT_HTTP09_ALLOWED and --http0.9 for this purpose.
+
+ For now, both the tool and library allow HTTP/0.9 by default.
+ docs/DEPRECATE.md lays out the plan for when to reverse that default: 6
+ months after the 7.64.0 release. The options are added already now so
+ that applications/scripts can start using them already now.
+
+ Fixes #2873
+ Closes #3383
+
+- if2ip: remove unused function Curl_if_is_interface_name
+
+ Closes #3401
+
+- http2: clear pause stream id if it gets closed
+
+ Reported-by: Florian Pritz
+
+ Fixes #3392
+ Closes #3399
+
+Daniel Gustafsson (20 Dec 2018)
+- [David Garske brought this change]
+
+ wolfssl: Perform cleanup
+
+ This adds a cleanup callback for cyassl. Resolves possible memory leak
+ when using ECC fixed point cache.
+
+ Closes #3395
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+ Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
+
+Daniel Stenberg (20 Dec 2018)
+- mbedtls: follow-up VERIFYHOST fix from f097669248
+
+ Fix-by: Eric Rosenquist
+
+ Fixes #3376
+ Closes #3390
+
+- curlver: bump to 7.64.0 for next release
+
+Daniel Gustafsson (19 Dec 2018)
+- cookies: extend domain checks to non psl builds
+
+ Ensure to perform the checks we have to enforce a sane domain in
+ the cookie request. The check for non-PSL enabled builds is quite
+ basic but it's better than nothing.
+
+ Closes #2964
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+
+Daniel Stenberg (19 Dec 2018)
+- [Matus Uzak brought this change]
+
+ smb: fix incorrect path in request if connection reused
+
+ Follow-up to 09e401e01bf9. If connection gets reused, then data member
+ will be copied, but not the proto member. As a result, in smb_do(),
+ path has been set from the original proto.share data.
+
+ Closes #3388
+
+- curl -J: do not append to the destination file
+
+ Reported-by: Kamil Dudka
+ Fixes #3380
+ Closes #3381
+
+- mbedtls: use VERIFYHOST
+
+ Previously, VERIFYPEER would enable/disable all checks.
+
+ Reported-by: Eric Rosenquist
+ Fixes #3376
+ Closes #3380
+
+- pingpong: change default response timeout to 120 seconds
+
+ Previously it was 30 minutes
+
+- pingpong: ignore regular timeout in disconnect phase
+
+ The timeout set with CURLOPT_TIMEOUT is no longer used when
+ disconnecting from one of the pingpong protocols (FTP, IMAP, SMTP,
+ POP3).
+
+ Reported-by: jasal82 on github
+
+ Fixes #3264
+ Closes #3374
+
+- TODO: Windows: set attribute 'archive' for completed downloads
+
+ Closes #3354
+
+- RELEASE-NOTES: synced
+
+- http: minor whitespace cleanup from f464535b
+
+- [Ayoub Boudhar brought this change]
+
+ http: Implement trailing headers for chunked transfers
+
+ This adds the CURLOPT_TRAILERDATA and CURLOPT_TRAILERFUNCTION
+ options that allow a callback based approach to sending trailing headers
+ with chunked transfers.
+
+ The test server (sws) was updated to take into account the detection of the
+ end of transfer in the case of trailing headers presence.
+
+ Test 1591 checks that trailing headers can be sent using libcurl.
+
+ Closes #3350
+
+- darwinssl: accept setting max-tls with default min-tls
+
+ Reported-by: Andrei Neculau
+ Fixes #3367
+ Closes #3373
+
+- gopher: fix memory leak from 9026083ddb2a9
+
+- [Leonardo Taccari brought this change]
+
+ test1201: Add a trailing `?' to the selector
+
+ This verify that the `?' in the selector is kept as is.
+
+ Verifies the fix in #3370
+
+- [Leonardo Taccari brought this change]
+
+ gopher: always include the entire gopher-path in request
+
+ After the migration to URL API all octets in the selector after the
+ first `?' were interpreted as query and accidentally discarded and not
+ passed to the server.
+
+ Add a gopherpath to always concatenate possible path and query URL
+ pieces.
+
+ Fixes #3369
+ Closes #3370
+
+- [Leonardo Taccari brought this change]
+
+ urlapi: distinguish possibly empty query
+
+ If just a `?' to indicate the query is passed always store a zero length
+ query instead of having a NULL query.
+
+ This permits to distinguish URL with trailing `?'.
+
+ Fixes #3369
+ Closes #3370
+
+Daniel Gustafsson (13 Dec 2018)
+- OS400: handle memory error in list conversion
+
+ Curl_slist_append_nodup() returns NULL when it fails to create a new
+ item for the specified list, and since the coding here reassigned the
+ new list on top of the old list it would result in a dangling pointer
+ and lost memory. Also, in case we hit an allocation failure at some
+ point during the conversion, with allocation succeeding again on the
+ subsequent call(s) we will return a truncated list around the malloc
+ failure point. Fix by assigning to a temporary list pointer, which can
+ be checked (which is the common pattern for slist appending), and free
+ all the resources on allocation failure.
+
+ Closes #3372
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+
+- cookies: leave secure cookies alone
+
+ Only allow secure origins to be able to write cookies with the
+ 'secure' flag set. This reduces the risk of non-secure origins
+ to influence the state of secure origins. This implements IETF
+ Internet-Draft draft-ietf-httpbis-cookie-alone-01 which updates
+ RFC6265.
+
+ Closes #2956
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+
+Daniel Stenberg (13 Dec 2018)
+- docs: fix the --tls-max description
+
+ Reported-by: Tobias Lindgren
+ Pointed out in #3367
+
+ Closes #3368
+
+Daniel Gustafsson (12 Dec 2018)
+- urlapi: Fix port parsing of eol colon
+
+ A URL with a single colon without a portnumber should use the default
+ port, discarding the colon. Fix, add a testcase and also do little bit
+ of comment wordsmithing.
+
+ Closes #3365
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+
+Version 7.63.0 (12 Dec 2018)
+
+Daniel Stenberg (12 Dec 2018)
+- RELEASE-NOTES: 7.63.0
+
+- THANKS: from the curl 7.62.0 cycle
+
+- test1519: use lib1518 and test CURLINFO_REDIRECT_URL more
+
+- Curl_follow: extract the Location: header field unvalidated
+
+ ... when not actually following the redirect. Otherwise we return error
+ for this and an application can't extract the value.
+
+ Test 1518 added to verify.
+
+ Reported-by: Pavel Pavlov
+ Fixes #3340
+ Closes #3364
+
+- multi: convert two timeout variables to timediff_t
+
+ The time_t type is unsigned on some systems and these variables are used
+ to hold return values from functions that return timediff_t
+ already. timediff_t is always a signed type.
+
+ Closes #3363
+
+- delta: use --diff-filter on the git diff-tree invokes
+
+ Suggested-by: Dave Reisner
+
+Patrick Monnerat (11 Dec 2018)
+- documentation: curl_formadd field and file names are now escaped
+
+ Prior to 7.56.0, fieldnames and filenames were set in Content-Disposition
+ header without special processing: this may lead to invalid RFC 822
+ quoted-strings.
+ 7.56.0 introduces escaping of backslashes and double quotes in these names:
+ mention it in the documentation.
+
+ Reported-by: daboul on github
+ Closes #3361
+
+Daniel Stenberg (11 Dec 2018)
+- scripts/delta: show repo delta info from last release
+
+ ... where "last release" should be the git tag in the repo.
+
+Daniel Gustafsson (11 Dec 2018)
+- tests: add urlapi unittest
+
+ This adds a new unittest intended to cover the internal functions in
+ the urlapi code, starting with parse_port(). In order to avoid name
+ collisions in debug builds, parse_port() is renamed Curl_parse_port()
+ since it will be exported.
+
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+ Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
+
+- urlapi: fix portnumber parsing for ipv6 zone index
+
+ An IPv6 URL which contains a zone index includes a '%%25<zode id>'
+ string before the ending ']' bracket. The parsing logic wasn't set
+ up to cope with the zone index however, resulting in a malformed url
+ error being returned. Fix by breaking the parsing into two stages
+ to correctly handle the zone index.
+
+ Closes #3355
+ Closes #3319
+ Reported-by: tonystz on Github
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+ Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
+
+Daniel Stenberg (11 Dec 2018)
+- [Jay Satiro brought this change]
+
+ http: fix HTTP auth to include query in URI
+
+ - Include query in the path passed to generate HTTP auth.
+
+ Recent changes to use the URL API internally (46e1640, 7.62.0)
+ inadvertently broke authentication URIs by omitting the query.
+
+ Fixes https://github.com/curl/curl/issues/3353
+ Closes #3356
+
+- [Michael Kaufmann brought this change]
+
+ http: don't set CURLINFO_CONDITION_UNMET for http status code 204
+
+ The http status code 204 (No Content) should not change the "condition
+ unmet" flag. Only the http status code 304 (Not Modified) should do
+ this.
+
+ Closes #359
+
+- [Samuel Surtees brought this change]
+
+ ldap: fix LDAP URL parsing regressions
+
+ - Match URL scheme with LDAP and LDAPS
+ - Retrieve attributes, scope and filter from URL query instead
+
+ Regression brought in 46e164069d1a5230 (7.62.0)
+
+ Closes #3362
+
+- RELEASE-NOTES: synced
+
+- [Stefan Kanthak brought this change]
+
+ (lib)curl.rc: fixup for minor bugs
+
+ All resources defined in lib/libcurl.rc and curl.rc are language
+ neutral.
+
+ winbuild/MakefileBuild.vc ALWAYS defines the macro DEBUGBUILD, so the
+ ifdef's in line 33 of lib/libcurl.rc and src/curl.rc are wrong.
+
+ Replace the hard-coded constants in both *.rc files with #define'd
+ values.
+
+ Thumbs-uped-by: Rod Widdowson, Johannes Schindelin
+ URL: https://curl.haxx.se/mail/lib-2018-11/0000.html
+ Closes #3348
+
+- test329: verify cookie max-age=0 immediate expiry
+
+- cookies: expire "Max-Age=0" immediately
+
+ Reported-by: Jeroen Ooms
+ Fixes #3351
+ Closes #3352
+
+- [Johannes Schindelin brought this change]
+
+ Upon HTTP_1_1_REQUIRED, retry the request with HTTP/1.1
+
+ This is a companion patch to cbea2fd2c (NTLM: force the connection to
+ HTTP/1.1, 2018-12-06): with NTLM, we can switch to HTTP/1.1
+ preemptively. However, with other (Negotiate) authentication it is not
+ clear to this developer whether there is a way to make it work with
+ HTTP/2, so let's try HTTP/2 first and fall back in case we encounter the
+ error HTTP_1_1_REQUIRED.
+
+ Note: we will still keep the NTLM workaround, as it avoids an extra
+ round trip.
+
+ Daniel Stenberg helped a lot with this patch, in particular by
+ suggesting to introduce the Curl_h2_http_1_1_error() function.
+
+ Closes #3349
+
+ Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
+
+- [Ben Greear brought this change]
+
+ openssl: fix unused variable compiler warning with old openssl
+
+ URL: https://curl.haxx.se/mail/lib-2018-11/0055.html
+
+ Closes #3347
+
+- [Johannes Schindelin brought this change]
+
+ NTLM: force the connection to HTTP/1.1
+
+ Since v7.62.0, cURL tries to use HTTP/2 whenever the server announces
+ the capability. However, NTLM authentication only works with HTTP/1.1,
+ and will likely remain in that boat (for details, see
+ https://docs.microsoft.com/en-us/iis/get-started/whats-new-in-iis-10/http2-on-iis#when-is-http2-not-supported).
+
+ When we just found out that we want to use NTLM, and when the current
+ connection runs in HTTP/2 mode, let's force the connection to be closed
+ and to be re-opened using HTTP/1.1.
+
+ Fixes https://github.com/curl/curl/issues/3341.
+ Closes #3345
+
+ Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
+
+- [Johannes Schindelin brought this change]
+
+ curl_global_sslset(): id == -1 is not necessarily an error
+
+ It is allowed to call that function with id set to -1, specifying the
+ backend by the name instead. We should imitate what is done further down
+ in that function to allow for that.
+
+ Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
+
+ Closes #3346
+
+Johannes Schindelin (6 Dec 2018)
+- .gitattributes: make tabs in indentation a visible error
+
+ Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
+
+Daniel Stenberg (6 Dec 2018)
+- RELEASE-NOTES: synced
+
+- doh: fix memory leak in OOM situation
+
+ Reviewed-by: Daniel Gustafsson
+ Closes #3342
+
+- doh: make it work for h2-disabled builds too
+
+ Reported-by: dtmsecurity at github
+ Fixes #3325
+ Closes #3336
+
+- packages: remove old leftover files and dirs
+
+ This subdir has mostly become an attic of never-used cruft from the
+ past.
+
+ Closes #3331
+
+- [Gergely Nagy brought this change]
+
+ openssl: do not use file BIOs if not requested
+
+ Moves the file handling BIO calls to the branch of the code where they
+ are actually used.
+
+ Closes #3339
+
+- [Paul Howarth brought this change]
+
+ nss: Fix compatibility with nss versions 3.14 to 3.15
+
+- [Paul Howarth brought this change]
+
+ nss: Improve info message when falling back SSL protocol
+
+ Use descriptive text strings rather than decimal numbers.
+
+- [Paul Howarth brought this change]
+
+ nss: Fall back to latest supported SSL version
+
+ NSS may be built without support for the latest SSL/TLS versions,
+ leading to "SSL version range is not valid" errors when the library
+ code supports a recent version (e.g. TLS v1.3) but it has explicitly
+ been disabled.
+
+ This change adjusts the maximum SSL version requested by libcurl to
+ be the maximum supported version at runtime, as long as that version
+ is at least as high as the minimum version required by libcurl.
+
+ Fixes #3261
+
+Daniel Gustafsson (3 Dec 2018)
+- travis: enable COPYRIGHTYEAR extended warning
+
+ The extended warning for checking incorrect COPYRIGHTYEAR is quite
+ expensive to run, so rather than expecting every developer to do it
+ we ensure it's turned on locally for Travis.
+
+- checksrc: add COPYRIGHTYEAR check
+
+ Forgetting to bump the year in the copyright clause when hacking has
+ been quite common among curl developers, but a traditional checksrc
+ check isn't a good fit as it would penalize anyone hacking on January
+ 1st (among other things). This adds a more selective COPYRIGHTYEAR
+ check which intends to only cover the currently hacked on changeset.
+
+ The check for updated copyright year is currently not enforced on all
+ files but only on files edited and/or committed locally. This is due to
+ the amount of files which aren't updated with their correct copyright
+ year at the time of their respective commit.
+
+ To further avoid running this expensive check for every developer, it
+ adds a new local override mode for checksrc where a .checksrc file can
+ be used to turn on extended warnings locally.
+
+ Closes #3303
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+
+Daniel Stenberg (3 Dec 2018)
+- CHECKSRC.md: document more warnings
+
+ Closes #3335
+ [ci skip]
+
+- RELEASE-NOTES: synced
+
+- SECURITY-PROCESS: bountygraph shuts down
+
+ This backpedals back the documents to the state before bountygraph.
+
+ Closes #3311
+
+- curl: fix memory leak reading --writeout from file
+
+ If another string had been set first, the writout function for reading
+ the syntax from file would leak the previously allocated memory.
+
+ Reported-by: Brian Carpenter
+ Fixes #3322
+ Closes #3330
+
+- tool_main: rename function to make it unique and better
+
+ ... there's already another function in the curl tool named
+ free_config_fields!
+
+Daniel Gustafsson (29 Nov 2018)
+- TODO: remove CURLOPT_DNS_USE_GLOBAL_CACHE entry
+
+ Commit 7c5837e79280e6abb3ae143dfc49bca5e74cdd11 deprecated the option
+ making it a manual code-edit operation to turn it back on. The removal
+ process has thus started and is now documented in docs/DEPRECATE.md so
+ remove from the TODO to avoid anyone looking for something to pick up
+ spend cycles on an already in-progress entry.
+
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+
+Jay Satiro (29 Nov 2018)
+- [Sevan Janiyan brought this change]
+
+ connect: fix building for recent versions of Minix
+
+ EBADIOCTL doesn't exist on more recent Minix.
+ There have also been substantial changes to the network stack.
+ Fixes build on Minix 3.4rc
+
+ Closes https://github.com/curl/curl/pull/3323
+
+- [Konstantin Kushnir brought this change]
+
+ CMake: fix MIT/Heimdal Kerberos detection
+
+ - fix syntax error in FindGSS.cmake
+ - correct krb5 include directory. FindGSS exports
+ "GSS_INCLUDE_DIR" variable.
+
+ Closes https://github.com/curl/curl/pull/3316
+
+Daniel Stenberg (28 Nov 2018)
+- test328: verify Content-Encoding: none
+
+ Because of issue #3315
+
+ Closes #3317
+
+- [James Knight brought this change]
+
+ configure: include all libraries in ssl-libs fetch
+
+ When compiling a collection of SSL libraries to link against (SSL_LIBS),
+ ensure all libraries are included. The call `--libs-only-l` can produce
+ only a subset of found in a `--libs` call (e.x. pthread may be excluded).
+ Adding `--libs-only-other` ensures other libraries are also included in
+ the list. This corrects select build environments compiling against a
+ static version of OpenSSL. Before the change, the following could be
+ observed:
+
+ checking for openssl options with pkg-config... found
+ configure: pkg-config: SSL_LIBS: "-lssl -lz -ldl -lcrypto -lz -ldl "
+ configure: pkg-config: SSL_LDFLAGS: "-L/home/jdknight/<workdir>/staging/usr/lib -L/home/jdknight/<workdir>/staging/usr/lib "
+ configure: pkg-config: SSL_CPPFLAGS: "-I/home/jdknight/<workdir>/staging/usr/include "
+ checking for HMAC_Update in -lcrypto... no
+ checking for HMAC_Init_ex in -lcrypto... no
+ checking OpenSSL linking with -ldl... no
+ checking OpenSSL linking with -ldl and -lpthread... no
+ configure: WARNING: SSL disabled, you will not be able to use HTTPS, FTPS, NTLM and more.
+ configure: WARNING: Use --with-ssl, --with-gnutls, --with-polarssl, --with-cyassl, --with-nss, --with-axtls, --with-winssl, or --with-darwinssl to address this.
+ ...
+ SSL support: no (--with-{ssl,gnutls,nss,polarssl,mbedtls,cyassl,axtls,winssl,darwinssl} )
+ ...
+
+ And include the other libraries when compiling SSL_LIBS succeeds with:
+
+ checking for openssl options with pkg-config... found
+ configure: pkg-config: SSL_LIBS: "-lssl -lz -ldl -pthread -lcrypto -lz -ldl -pthread "
+ configure: pkg-config: SSL_LDFLAGS: "-L/home/jdknight/<workdir>/staging/usr/lib -L/home/jdknight/<workdir>/staging/usr/lib "
+ configure: pkg-config: SSL_CPPFLAGS: "-I/home/jdknight/<workdir>/staging/usr/include "
+ checking for HMAC_Update in -lcrypto... yes
+ checking for SSL_connect in -lssl... yes
+ ...
+ SSL support: enabled (OpenSSL)
+ ...
+
+ Signed-off-by: James Knight <james.d.knight@live.com>
+ Closes #3193
+
+Daniel Gustafsson (26 Nov 2018)
+- doh: fix typo in infof call
+
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+
+- cmdline-opts/gen.pl: define the correct varname
+
+ The variable definition had a small typo making it declare another
+ variable then the intended.
+
+ Closes #3304
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+
+Daniel Stenberg (25 Nov 2018)
+- RELEASE-NOTES: synced
+
+- curl_easy_perform: fix timeout handling
+
+ curl_multi_wait() was erroneously used from within
+ curl_easy_perform(). It could lead to it believing there was no socket
+ to wait for and then instead sleep for a while instead of monitoring the
+ socket and then miss acting on that activity as swiftly as it should
+ (causing an up to 1000 ms delay).
+
+ Reported-by: Antoni Villalonga
+ Fixes #3305
+ Closes #3306
+ Closes #3308
+
+- CURLOPT_WRITEFUNCTION.3: spell out that it gets called many times
+
+- cookies: create the cookiejar even if no cookies to save
+
+ Important for when the file is going to be read again and thus must not
+ contain old contents!
+
+ Adds test 327 to verify.
+
+ Reported-by: daboul on github
+ Fixes #3299
+ Closes #3300
+
+- checksrc: ban snprintf use, add command line flag to override warns
+
+- snprintf: renamed and we now only use msnprintf()
+
+ The function does not return the same value as snprintf() normally does,
+ so readers may be mislead into thinking the code works differently than
+ it actually does. A different function name makes this easier to detect.
+
+ Reported-by: Tomas Hoger
+ Assisted-by: Daniel Gustafsson
+ Fixes #3296
+ Closes #3297
+
+- [Tobias Hintze brought this change]
+
+ test: update test20/1322 for eglibc bug workaround
+
+ The tests 20 and 1322 are using getaddrinfo of libc for resolving. In
+ eglibc-2.19 there is a memory leakage and invalid free bug which
+ surfaces in some special circumstances (PF_UNSPEC hint with invalid or
+ non-existent names). The valgrind runs in testing fail in these
+ situations.
+
+ As the tests 20/1322 are not specific on either protocol (IPv4/IPv6)
+ this commit changes the hints to IPv4 protocol by passing `--ipv4` flag
+ on the tests' command line. This prevents the valgrind failures.
+
+- [Tobias Hintze brought this change]
+
+ host names: allow trailing dot in name resolve, then strip it
+
+ Delays stripping of trailing dots to after resolving the hostname.
+
+ Fixes #3022
+ Closes #3222
+
+- [UnknownShadow200 brought this change]
+
+ CURLOPT_HEADERFUNCTION.3: match 'nitems' name in synopsis and description
+
+ Closes #3295
+
+Daniel Gustafsson (21 Nov 2018)
+- configure: Fix typo in comment
+
+Michael Kaufmann (21 Nov 2018)
+- openssl: support session resume with TLS 1.3
+
+ Session resumption information is not available immediately after a TLS 1.3
+ handshake. The client must wait until the server has sent a session ticket.
+
+ Use OpenSSL's "new session" callback to get the session information and put it
+ into curl's session cache. For TLS 1.3 sessions, this callback will be invoked
+ after the server has sent a session ticket.
+
+ The "new session" callback is invoked only if OpenSSL's session cache is
+ enabled, so enable it and use the "external storage" mode which lets curl manage
+ the contents of the session cache.
+
+ A pointer to the connection data and the sockindex are now saved as "SSL extra
+ data" to make them available to the callback.
+
+ This approach also works for old SSL/TLS versions and old OpenSSL versions.
+
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+
+ Fixes #3202
+ Closes #3271
+
+- ssl: fix compilation with OpenSSL 0.9.7
+
+ - ENGINE_cleanup() was used without including "openssl/engine.h"
+ - enable engine support for OpenSSL 0.9.7
+
+ Closes #3266
+
+Daniel Stenberg (21 Nov 2018)
+- openssl: disable TLS renegotiation with BoringSSL
+
+ Since we're close to feature freeze, this change disables this feature
+ with an #ifdef. Define ALLOW_RENEG at build-time to enable.
+
+ This could be converted to a bit for CURLOPT_SSL_OPTIONS to let
+ applications opt-in this.
+
+ Concern-raised-by: David Benjamin
+ Fixes #3283
+ Closes #3293
+
+- [Romain Fliedel brought this change]
+
+ ares: remove fd from multi fd set when ares is about to close the fd
+
+ When using c-ares for asyn dns, the dns socket fd was silently closed
+ by c-ares without curl being aware. curl would then 'realize' the fd
+ has been removed at next call of Curl_resolver_getsock, and only then
+ notify the CURLMOPT_SOCKETFUNCTION to remove fd from its poll set with
+ CURL_POLL_REMOVE. At this point the fd is already closed.
+
+ By using ares socket state callback (ARES_OPT_SOCK_STATE_CB), this
+ patch allows curl to be notified that the fd is not longer needed
+ for neither for write nor read. At this point by calling
+ Curl_multi_closed we are able to notify multi with CURL_POLL_REMOVE
+ before the fd is actually closed by ares.
+
+ In asyn-ares.c Curl_resolver_duphandle we can't use ares_dup anymore
+ since it does not allow passing a different sock_state_cb_data
+
+ Closes #3238
+
+- [Romain Fliedel brought this change]
+
+ examples/ephiperfifo: report error when epoll_ctl fails
+
+Daniel Gustafsson (20 Nov 2018)
+- [pkubaj brought this change]
+
+ ntlm: Remove redundant ifdef USE_OPENSSL
+
+ lib/curl_ntlm.c had code that read as follows:
+
+ #ifdef USE_OPENSSL
+ # ifdef USE_OPENSSL
+ # else
+ # ..
+ # endif
+ #endif
+
+ Remove the redundant USE_OPENSSL along with #else (it's not possible to
+ reach it anyway). The removed construction is a leftover from when the
+ SSLeay support was removed.
+
+ Closes #3269
+ Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+
+Daniel Stenberg (20 Nov 2018)
+- [Han Han brought this change]
+
+ ssl: replace all internal uses of CURLE_SSL_CACERT
+
+ Closes #3291
+
+Han Han (19 Nov 2018)
+- docs: add more description to unified ssl error codes
+
+- curle: move deprecated error code to ifndef block
+
+Patrick Monnerat (19 Nov 2018)
+- os400: add CURLOPT_CURLU to ILE/RPG binding.
+
+- os400: Add curl_easy_conn_upkeep() to ILE/RPG binding.
+
+- os400: fix return type of curl_easy_pause() in ILE/RPG binding.
+
+Daniel Stenberg (19 Nov 2018)
+- RELEASE-NOTES: synced
+
+- impacket: add LICENSE
+
+ The license for the impacket package was not in our tree.
+
+ Imported now from upstream's
+ https://github.com/SecureAuthCorp/impacket/blob/master/LICENSE
+
+ Reported-by: infinnovation-dev on github
+ Fixes #3276
+ Closes #3277
+
+Daniel Gustafsson (18 Nov 2018)
+- tool_doswin: Fix uninitialized field warning
+
+ The partial struct initialization in 397664a065abffb7c3445ca9 caused
+ a warning on uninitialized MODULEENTRY32 struct members:
+
+ /src/tool_doswin.c:681:3: warning: missing initializer for field
+ 'th32ModuleID' of 'MODULEENTRY32 {aka struct tagMODULEENTRY32}'
+ [-Wmissing-field-initializers]
+
+ This is sort of a bogus warning as the remaining members will be set
+ to zero by the compiler, as all omitted members are. Nevertheless,
+ remove the warning by omitting all members and setting the dwSize
+ members explicitly.
+
+ Closes #3254
+ Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
+ Reviewed-by: Jay Satiro <raysatiro@yahoo.com>
+
+- openssl: Remove SSLEAY leftovers
+
+ Commit 709cf76f6bb7dbac deprecated USE_SSLEAY, as curl since long isn't
+ compatible with the SSLeay library. This removes the few leftovers that
+ were omitted in the less frequently used platform targets.
+
+ Closes #3270
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+
+Daniel Stenberg (16 Nov 2018)
+- [Elia Tufarolo brought this change]
+
+ http_negotiate: do not close connection until negotiation is completed
+
+ Fix HTTP POST using CURLAUTH_NEGOTIATE.
+
+ Closes #3275
+
+- pop3: only do APOP with a valid timestamp
+
+ Brought-by: bobmitchell1956 on github
+ Fixes #3278
+ Closes #3279
+
+Jay Satiro (16 Nov 2018)
+- [Peter Wu brought this change]
+
+ openssl: do not log excess "TLS app data" lines for TLS 1.3
+
+ The SSL_CTX_set_msg_callback callback is not just called for the
+ Handshake or Alert protocols, but also for the raw record header
+ (SSL3_RT_HEADER) and the decrypted inner record type
+ (SSL3_RT_INNER_CONTENT_TYPE). Be sure to ignore the latter to avoid
+ excess debug spam when using `curl -v` against a TLSv1.3-enabled server:
+
+ * TLSv1.3 (IN), TLS app data, [no content] (0):
+
+ (Following this message, another callback for the decrypted
+ handshake/alert messages will be be present anyway.)
+
+ Closes https://github.com/curl/curl/pull/3281
+
+Marc Hoersken (15 Nov 2018)
+- tests: disable SO_EXCLUSIVEADDRUSE for stunnel on Windows
+
+ SO_EXCLUSIVEADDRUSE is on by default on Vista or newer,
+ but does not work together with SO_REUSEADDR being on.
+
+ The default changes were made with stunnel 5.34 and 5.35.
+
+Daniel Stenberg (13 Nov 2018)
+- [Kamil Dudka brought this change]
+
+ nss: remove version selecting dead code
+
+ Closes #3262
+
+- nss: set default max-tls to 1.3/1.2
+
+ Fixes #3261
+
+Daniel Gustafsson (13 Nov 2018)
+- tool_cb_wrt: Silence function cast compiler warning
+
+ Commit 5bfaa86ceb3c2a9ac474a928e748c4a86a703b33 introduced a new
+ compiler warning on Windows cross compilation with GCC. See below
+ for an example of the warning from the autobuild logs (whitespace
+ edited to fit):
+
+ /src/tool_cb_wrt.c:175:9: warning: cast from function call of type
+ 'intptr_t {aka long long int}' to non-matching type 'void *'
+ [-Wbad-function-cast]
+ (HANDLE) _get_osfhandle(fileno(outs->stream)),
+ ^
+
+ Store the return value from _get_osfhandle() in an intermediate
+ variable and cast the variable in WriteConsoleW() rather than the
+ function call directly to avoid a compiler warning.
+
+ In passing, also add inspection of the MultiByteToWideChar() return
+ value and return failure in case an error is reported.
+
+ Closes #3263
+ Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
+ Reviewed-by: Viktor Szakats <commit@vszakats.net>
+
+Daniel Stenberg (12 Nov 2018)
+- nss: fix fallthrough comment to fix picky compiler warning
+
+- docs: expanded on some CURLU details
+
+- [Tim Rühsen brought this change]
+
+ ftp: avoid two unsigned int overflows in FTP listing parser
+
+ Curl_ftp_parselist: avoid unsigned integer overflows
+
+ The overflow has no real world impact, just avoid it for "best
+ practice".
+
+ Closes #3225
+
+- curl: --local-port range was not "including"
+
+ The end port number in a given range was not included in the range used,
+ as it is documented to be.
+
+ Reported-by: infinnovation-dev on github
+ Fixes #3251
+ Closes #3255
+
+- [Jérémy Rocher brought this change]
+
+ openssl: support BoringSSL TLS renegotiation
+
+ As per BoringSSL porting documentation [1], BoringSSL rejects peer
+ renegotiations by default.
+
+ curl fails when trying to authenticate to server through client
+ certificate if it is requested by server after the initial TLS
+ handshake.
+
+ Enable renegotiation by default with BoringSSL to get same behavior as
+ with OpenSSL. This is done by calling SSL_set_renegotiate_mode [2]
+ which was introduced in commit 1d5ef3bb1eb9 [3].
+
+ 1 - https://boringssl.googlesource.com/boringssl/+/HEAD/PORTING.md#tls-renegotiation
+ 2 - https://boringssl.googlesource.com/boringssl/+/master/include/openssl/ssl.h#3482
+ 3 - https://boringssl.googlesource.com/boringssl/+/1d5ef3bb1eb97848617db5e7d633d735a401df86
+
+ Signed-off-by: Jérémy Rocher <rocher.jeremy@gmail.com>
+ Fixes #3258
+ Closes #3259
+
+- HISTORY: add some milestones
+
+ Added a few of the more notable milestones in curl history that were
+ missing. Primarily more recent ones but I also noted some older that
+ could be worth mentioning.
+
+ [ci skip]
+ Closes #3257
+
+Daniel Gustafsson (9 Nov 2018)
+- KNOWN_BUGS: add --proxy-any connection issue
+
+ Add the identified issue with --proxy-any and proxy servers which
+ advertise authentication schemes other than the supported one.
+
+ Closes #876
+ Closes #3250
+ Reported-by: NTMan on Github
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+
+Daniel Stenberg (9 Nov 2018)
+- [Jim Fuller brought this change]
+
+ setopt: add CURLOPT_CURLU
+
+ Allows an application to pass in a pre-parsed URL via a URL handle.
+
+ Closes #3227
+
+- [Gisle Vanem brought this change]
+
+ docs: ESCape "\n" codes
+
+ Groff / Troff will display a:
+ printaf("Errno: %ld\n", error);
+ as:
+ printf("Errno: %ld0, error);
+
+ when a "\n" is not escaped. Use "\\n" instead.
+
+ Closes #3246
+
+- curl: --local-port fix followup
+
+ Regression by 52db54869e6.
+
+ Reported-by: infinnovation-dev on github
+ Fixes #3248
+ Closes #3249
+
+GitHub (7 Nov 2018)
+- [Gisle Vanem brought this change]
+
+ More "\n" ESCaping
+
+Daniel Stenberg (7 Nov 2018)
+- RELEASE-NOTES: synced
+
+- curl: fix --local-port integer overflow
+
+ The tool's local port command line range parser didn't check for integer
+ overflows and could pass "weird" data to libcurl for this option.
+ libcurl however, has a strict range check for the values so it rejects
+ anything outside of the accepted range.
+
+ Reported-by: Brian Carpenter
+ Closes #3242
+
+- curl: correct the switch() logic in ourWriteOut
+
+ Follow-up to e431daf013, as I did the wrong correction for a compiler
+ warning. It should be a break and not a fall-through.
+
+ Pointed-out-by: Frank Gevaerts
+
+- [Frank Gevaerts brought this change]
+
+ curl: add %{stderr} and %{stdout} for --write-out
+
+ Closes #3115
+
+Daniel Gustafsson (7 Nov 2018)
+- winssl: be consistent in Schannel capitalization
+
+ The productname from Microsoft is "Schannel", but in infof/failf
+ reporting we use "schannel". This removes different versions.
+
+ Closes #3243
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+
+Daniel Stenberg (7 Nov 2018)
+- TODO: Have the URL API offer IDN decoding
+
+ Similar to how URL decoding/encoding is done, we could have URL
+ functions to convert IDN host names to punycode.
+
+ Suggested-by: Alexey Melnichuk
+ Closes #3232
+
+- urlapi: only skip encoding the first '=' with APPENDQUERY set
+
+ APPENDQUERY + URLENCODE would skip all equals signs but now it only skip
+ encoding the first to better allow "name=content" for any content.
+
+ Reported-by: Alexey Melnichuk
+ Fixes #3231
+ Closes #3231
+
+- url: a short host name + port is not a scheme
+
+ The function identifying a leading "scheme" part of the URL considered a
+ few letters ending with a colon to be a scheme, making something like
+ "short:80" to become an unknown scheme instead of a short host name and
+ a port number.
+
+ Extended test 1560 to verify.
+
+ Also fixed test203 to use file_pwd to make it get the correct path on
+ windows. Removed test 2070 since it was a duplicate of 203.
+
+ Assisted-by: Marcel Raad
+ Reported-by: Hagai Auro
+ Fixes #3220
+ Fixes #3233
+ Closes #3223
+ Closes #3235
+
+- [Sangamkar brought this change]
+
+ libcurl: stop reading from paused transfers
+
+ In the transfer loop it would previously not acknwledge the pause bit
+ and continue until drained or loop ended.
+
+ Closes #3240
+
+Jay Satiro (6 Nov 2018)
+- tool: add undocumented option --dump-module-paths for win32
+
+ - Add an undocumented diagnostic option for Windows to show the full
+ paths of all loaded modules regardless of whether or not libcurl
+ initialization succeeds.
+
+ This is needed so that in the CI we can get a list of all DLL
+ dependencies after initialization (when they're most likely to have
+ finished loading) and then package them as artifacts so that a
+ functioning build can be downloaded. Also I imagine it may have some use
+ as a diagnostic for help requests.
+
+ Ref: https://github.com/curl/curl/pull/3103
+
+ Closes https://github.com/curl/curl/pull/3208
+
+- curl_multibyte: fix a malloc overcalculation
+
+ Prior to this change twice as many bytes as necessary were malloc'd when
+ converting wchar to UTF8. To allay confusion in the future I also
+ changed the variable name for the amount of bytes from len to bytes.
+
+ Closes https://github.com/curl/curl/pull/3209
+
+Michael Kaufmann (5 Nov 2018)
+- netrc: don't ignore the login name specified with "--user"
+
+ - for "--netrc", don't ignore the login/password specified with "--user",
+ only ignore the login/password in the URL.
+ This restores the netrc behaviour of curl 7.61.1 and earlier.
+ - fix the documentation of CURL_NETRC_REQUIRED
+ - improve the detection of login/password changes when reading .netrc
+ - don't read .netrc if both login and password are already set
+
+ Fixes #3213
+ Closes #3224
+
+Patrick Monnerat (5 Nov 2018)
+- OS400: add URL API ccsid wrappers and sync ILE/RPG bindings
+
+Daniel Stenberg (5 Nov 2018)
+- [Yasuhiro Matsumoto brought this change]
+
+ curl: fixed UTF-8 in current console code page (Windows)
+
+ Fixes #3211
+ Fixes #3175
+ Closes #3212
+
+- TODO: 2.6 multi upkeep
+
+ Closes #3199
+
+Daniel Gustafsson (5 Nov 2018)
+- unittest: make 1652 stable across collations
+
+ The previous coding used a format string whose output depended on the
+ current locale of the environment running the test. Since the gist of
+ the test is to have a format string, with the actual formatting being
+ less important, switch to a more stable formatstring with decimals.
+
+ Reported-by: Marcel Raad
+ Closes #3234
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+ Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
+
+Daniel Stenberg (5 Nov 2018)
+- Revert "url: a short host name + port is not a scheme"
+
+ This reverts commit 226cfa8264cd979eff3fd52c0f3585ef095e7cf2.
+
+ This commit caused test failures on appveyor/windows. Work on fixing them is
+ in #3235.
+
+- symbols-in-versions: add missing CURLU_ symbols
+
+ ...and fix symbol-scan.pl to also scan urlapi.h
+
+ Reported-by: Alexey Melnichuk
+ Fixes #3226
+ Closes #3230
+
+Daniel Gustafsson (3 Nov 2018)
+- infof: clearly indicate truncation
+
+ The internal buffer in infof() is limited to 2048 bytes of payload plus
+ an additional byte for NULL termination. Servers with very long error
+ messages can however cause truncation of the string, which currently
+ isn't very clear, and leads to badly formatted output.
+
+ This appends a "...\n" (or just "..." in case the format didn't with a
+ newline char) marker to the end of the string to clearly show
+ that it has been truncated.
+
+ Also include a unittest covering infof() to try and catch any bugs
+ introduced in this quite important function.
+
+ Closes #3216
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+ Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
+
+Michael Kaufmann (3 Nov 2018)
+- tool_getparam: fix some comments
+
+Daniel Stenberg (3 Nov 2018)
+- url: a short host name + port is not a scheme
+
+ The function identifying a leading "scheme" part of the URL considered a few
+ letters ending with a colon to be a scheme, making something like "short:80"
+ to become an unknown scheme instead of a short host name and a port number.
+
+ Extended test 1560 to verify.
+
+ Reported-by: Hagai Auro
+ Fixes #3220
+ Closes #3223
+
+- URL: fix IPv6 numeral address parser
+
+ Regression from 46e164069d1a52. Extended test 1560 to verify.
+
+ Reported-by: tpaukrt on github
+ Fixes #3218
+ Closes #3219
+
+- travis: remove curl before a normal build
+
+ on Linux. To make sure the test suite runs with its newly build tool and
+ doesn't require an external one present.
+
+ Bug: #3198
+ Closes #3200
+
+- [Tim Rühsen brought this change]
+
+ mprintf: avoid unsigned integer overflow warning
+
+ The overflow has no real world impact.
+ Just avoid it for "best practice".
+
+ Code change suggested by "The Infinnovation Team" and Daniel Stenberg.
+ Closes #3184
+
+- Curl_follow: accept non-supported schemes for "fake" redirects
+
+ When not actually following the redirect and the target URL is only
+ stored for later retrieval, curl always accepted "non-supported"
+ schemes. This was a regression from 46e164069d1a5230.
+
+ Reported-by: Brad King
+ Fixes #3210
+ Closes #3215
+
+Daniel Gustafsson (2 Nov 2018)
+- openvms: fix example name
+
+ Commit efc696a2e09225bfeab4 renamed persistant.c to persistent.c to
+ fix the typo in the name, but missed to update the OpenVMS package
+ files which still looked for the old name.
+
+ Closes #3217
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+ Reviewed-by: Viktor Szakats <commit@vszakats.net>
+
+Daniel Stenberg (1 Nov 2018)
+- configure: show CFLAGS, LDFLAGS etc in summary
+
+ To make it easier to understand other people's and remote builds etc.
+
+ Closes #3207
+
+- version: bump for next cycle
+
+- axtls: removed
+
+ As has been outlined in the DEPRECATE.md document, the axTLS code has
+ been disabled for 6 months and is hereby removed.
+
+ Use a better supported TLS library!
+
+ Assisted-by: Daniel Gustafsson
+ Closes #3194
+
+- [marcosdiazr brought this change]
+
+ schannel: make CURLOPT_CERTINFO support using Issuer chain
+
+ Closes #3197
+
+- travis: build with sanitize=address,undefined,signed-integer-overflow
+
+ ... using clang
+
+ Closes #3190
+
+- schannel: use Curl_ prefix for global private symbols
+
+ Curl_verify_certificate() must use the Curl_ prefix since it is globally
+ available in the lib and otherwise steps outside of our namespace!
+
+ Closes #3201
+
+Kamil Dudka (1 Nov 2018)
+- tests: drop http_pipe.py script no longer used
+
+ It is unused since commit f7208df7d9d5cd5e15e2d89237e828f32b63f135.
+
+ Closes #3204
+
+Daniel Stenberg (31 Oct 2018)
+- runtests: use the local curl for verifying
+
+ ... revert the mistaken change brought in commit 8440616f53.
+
+ Reported-by: Alessandro Ghedini
+ Bug: https://curl.haxx.se/mail/lib-2018-10/0118.html
+
+ Closes #3198
+
+Version 7.62.0 (30 Oct 2018)
+
+Daniel Stenberg (30 Oct 2018)
+- RELEASE-NOTES: 7.62.0
+
+- THANKS: 7.62.0 status
+
+Daniel Gustafsson (30 Oct 2018)
+- vtls: add MesaLink to curl_sslbackend enum
+
+ MesaLink support was added in commit 57348eb97d1b8fc3742e02c but the
+ backend was never added to the curl_sslbackend enum in curl/curl.h.
+ This adds the new backend to the enum and updates the relevant docs.
+
+ Closes #3195
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+
+Daniel Stenberg (30 Oct 2018)
+- [Ruslan Baratov brought this change]
+
+ cmake: Remove unused CURL_CONFIG_HAS_BEEN_RUN_BEFORE variable
+
+ Closes #3191
+
+- test2080: verify the fix for CVE-2018-16842
+
+- voutf: fix bad arethmetic when outputting warnings to stderr
+
+ CVE-2018-16842
+ Reported-by: Brian Carpenter
+ Bug: https://curl.haxx.se/docs/CVE-2018-16842.html
+
+- [Tuomo Rinne brought this change]
+
+ cmake: uniform ZLIB to use USE_ variable and clean curl-config.cmake.in
+
+ Closes #3123
+
+- [Tuomo Rinne brought this change]
+
+ cmake: add find_dependency call for ZLIB to CMake config file
+
+- [Tuomo Rinne brought this change]
+
+ cmake: add support for transitive ZLIB target
+
+- unit1650: fix "null pointer passed as argument 1 to memcmp"
+
+ Detected by UndefinedBehaviorSanitizer
+
+ Closes #3187
+
+- travis: add a "make tidy" build that runs clang-tidy
+
+ Closes #3182
+
+- unit1300: fix stack-use-after-scope AddressSanitizer warning
+
+ Closes #3186
+
+- Curl_auth_create_plain_message: fix too-large-input-check
+
+ CVE-2018-16839
+ Reported-by: Harry Sintonen
+ Bug: https://curl.haxx.se/docs/CVE-2018-16839.html
+
+- Curl_close: clear data->multi_easy on free to avoid use-after-free
+
+ Regression from b46cfbc068 (7.59.0)
+ CVE-2018-16840
+ Reported-by: Brian Carpenter (Geeknik Labs)
+
+ Bug: https://curl.haxx.se/docs/CVE-2018-16840.html
+
+- [randomswdev brought this change]
+
+ system.h: use proper setting with Sun C++ as well
+
+ system.h selects the proper Sun settings when __SUNPRO_C is defined. The
+ Sun compiler does not define it when compiling C++ files. I'm adding a
+ check also on __SUNPRO_CC to allow curl to work properly also when used
+ in a C++ project on Sun Solaris.
+
+ Closes #3181
+
+- rand: add comment to skip a clang-tidy false positive
+
+- test1651: unit test Curl_extract_certinfo()
+
+ The version used for Gskit, NSS, GnuTLS, WolfSSL and schannel.
+
+- x509asn1: always check return code from getASN1Element()
+
+- Makefile: add 'tidy' target that runs clang-tidy
+
+ Available in the root, src and lib dirs.
+
+ Closes #3163
+
+- RELEASE-PROCEDURE: adjust the release dates
+
+ See: https://curl.haxx.se/mail/lib-2018-10/0107.html
+
+Patrick Monnerat (27 Oct 2018)
+- x509asn1: suppress left shift on signed value
+
+ Use an unsigned variable: as the signed operation behavior is undefined,
+ this change silents clang-tidy about it.
+
+ Ref: https://github.com/curl/curl/pull/3163
+ Reported-By: Daniel Stenberg
+
+Michael Kaufmann (27 Oct 2018)
+- multi: Fix error handling in the SENDPROTOCONNECT state
+
+ If Curl_protocol_connect() returns an error code,
+ handle the error instead of switching to the next state.
+
+ Closes #3170
+
+Daniel Stenberg (27 Oct 2018)
+- RELEASE-NOTES: synced
+
+- openssl: output the correct cipher list on TLS 1.3 error
+
+ When failing to set the 1.3 cipher suite, the wrong string pointer would
+ be used in the error message. Most often saying "(nil)".
+
+ Reported-by: Ricky-Tigg on github
+ Fixes #3178
+ Closes #3180
+
+- docs/CIPHERS: fix the TLS 1.3 cipher names
+
+ ... picked straight from the OpenSSL man page:
+ https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_ciphersuites.html
+
+ Reported-by: Ricky-Tigg on github
+ Bug: #3178
+
+Marcel Raad (27 Oct 2018)
+- travis: install gnutls-bin package
+
+ This is required for gnutls-serv, which enables a few more tests.
+
+ Closes https://github.com/curl/curl/pull/2958
+
+Daniel Gustafsson (26 Oct 2018)
+- ssh: free the session on init failures
+
+ Ensure to clear the session object in case the libssh2 initialization
+ fails.
+
+ It could be argued that the libssh2 error function should be called to
+ get a proper error message in this case. But since the only error path
+ in libssh2_knownhost_init() is memory a allocation failure it's safest
+ to avoid since the libssh2 error handling allocates memory.
+
+ Closes #3179
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+
+Daniel Stenberg (26 Oct 2018)
+- docs/RELEASE-PROCEDURE: remove old entries, modify the Dec 2018 date
+
+ ... I'm moving it up one week due to travels. The rest stays.
+
+- [Daniel Gustafsson brought this change]
+
+ openssl: make 'done' a proper boolean
+
+ Closes #3176
+
+- gtls: Values stored to but never read
+
+ Detected by clang-tidy
+
+ Closes #3176
+
+- [Alexey Eremikhin brought this change]
+
+ curl.1: --ipv6 mutexes ipv4 (fixed typo)
+
+ Fixes #3171
+ Closes #3172
+
+- tool_main: make TerminalSettings static
+
+ Reported-by: Gisle Vanem
+ Bug: https://github.com/curl/curl/commit/becfe1233ff2b6b0c3e1b6a10048b55b68c2539f#commitcomment-31008819
+ Closes #3161
+
+- curl-config.in: remove dependency on bc
+
+ Reported-by: Dima Pasechnik
+ Fixes #3143
+ Closes #3174
+
+- [Gisle Vanem brought this change]
+
+ rtmp: fix for compiling with lwIP
+
+ Compiling on _WIN32 and with USE_LWIPSOCK, causes this error:
+ curl_rtmp.c(223,3): error: use of undeclared identifier 'setsockopt'
+ setsockopt(r->m_sb.sb_socket, SOL_SOCKET, SO_RCVTIMEO,
+ ^
+ curl_rtmp.c(41,32): note: expanded from macro 'setsockopt'
+ #define setsockopt(a,b,c,d,e) (setsockopt)(a,b,c,(const char *)d,(int)e)
+ ^
+ Closes #3155
+
+- configure: remove CURL_CONFIGURE_CURL_SOCKLEN_T
+
+ Follow-up to #3166 which did the cmake part of this. This type/define is
+ not used.
+
+ Closes #3168
+
+- [Ruslan Baratov brought this change]
+
+ cmake: remove unused variables
+
+ Remove variables:
+ * HAVE_SOCKLEN_T
+ * CURL_SIZEOF_CURL_SOCKLEN_T
+ * CURL_TYPEOF_CURL_SOCKLEN_T
+
+ Closes #3166
+
+Michael Kaufmann (25 Oct 2018)
+- urldata: Fix comment in header
+
+ The "connecting" function is used by multiple protocols, not only FTP
+
+- netrc: free temporary strings if memory allocation fails
+
+ - Change the inout parameters after all needed memory has been
+ allocated. Do not change them if something goes wrong.
+ - Free the allocated temporary strings if strdup() fails.
+
+ Closes #3122
+
+Daniel Stenberg (24 Oct 2018)
+- [Ruslan Baratov brought this change]
+
+ config: Remove unused SIZEOF_VOIDP
+
+ Closes #3162
+
+- RELEASE-NOTES: synced
+
+GitHub (23 Oct 2018)
+- [Gisle Vanem brought this change]
+
+ Fix for compiling with lwIP (3)
+
+ lwIP on Windows does not have a WSAIoctl() function.
+ But it do have a SO_SNDBUF option to lwip_setsockopt(). But it currently does nothing.
+
+Daniel Stenberg (23 Oct 2018)
+- Curl_follow: return better errors on URL problems
+
+ ... by making the converter function global and accessible.
+
+ Closes #3153
+
+- Curl_follow: remove remaining free(newurl)
+
+ Follow-up to 05564e750e8f0c. This function no longer frees the passed-in
+ URL.
+
+ Reported-by: Michael Kaufmann
+ Bug: https://github.com/curl/curl/commit/05564e750e8f0c79016c680f301ce251e6e86155#commitcomm
+ ent-30985666
+
+Daniel Gustafsson (23 Oct 2018)
+- headers: end all headers with guard comment
+
+ Most headerfiles end with a /* <headerguard> */ comment, but it was
+ missing from some. The comment isn't the most important part of our
+ code documentation but consistency has an intrinsic value in itself.
+ This adds header guard comments to the files that were lacking it.
+
+ Closes #3158
+ Reviewed-by: Jay Satiro <raysatiro@yahoo.com>
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+
+Jay Satiro (23 Oct 2018)
+- CIPHERS.md: Mention the options used to set TLS 1.3 ciphers
+
+ Closes https://github.com/curl/curl/pull/3159
+
+Daniel Stenberg (20 Oct 2018)
+- docs/BUG-BOUNTY: the sponsors actually decide the amount
+
+ Retract the previous approach as the sponsors will be the ones to set the
+ final amounts.
+
+ Closes #3152
+ [ci skip]
+
+- multi: avoid double-free
+
+ Curl_follow() no longer frees the string. Make sure it happens in the
+ caller function, like we normally handle allocations.
+
+ This bug was introduced with the use of the URL API internally, it has
+ never been in a release version
+
+ Reported-by: Dario Weißer
+ Closes #3149
+
+- multi: make the closure handle "inherit" CURLOPT_NOSIGNAL
+
+ Otherwise, closing that handle can still cause surprises!
+
+ Reported-by: Martin Ankerl
+ Fixes #3138
+ Closes #3147
+
+Marcel Raad (19 Oct 2018)
+- VS projects: add USE_IPV6
+
+ The Visual Studio builds didn't use IPv6. Add it to all projects since
+ Visual Studio 2008, which is verified to build via AppVeyor.
+
+ Closes https://github.com/curl/curl/pull/3137
+
+- config_win32: enable LDAPS
+
+ As done in the autotools and CMake builds by default.
+
+ Closes https://github.com/curl/curl/pull/3137
+
+Daniel Stenberg (18 Oct 2018)
+- travis: add build for "configure --disable-verbose"
+
+ Closes #3144
+
+Kamil Dudka (17 Oct 2018)
+- tool_cb_hdr: handle failure of rename()
+
+ Detected by Coverity.
+
+ Closes #3140
+ Reviewed-by: Jay Satiro
+
+Daniel Stenberg (17 Oct 2018)
+- RELEASE-NOTES: synced
+
+- docs/SECURITY-PROCESS: the hackerone IBB program drops curl
+
+ ... now there's only BountyGraph.
+
+Jay Satiro (16 Oct 2018)
+- [Matthew Whitehead brought this change]
+
+ x509asn1: Fix SAN IP address verification
+
+ For IP addresses in the subject alternative name field, the length
+ of the IP address (and hence the number of bytes to perform a
+ memcmp on) is incorrectly calculated to be zero. The code previously
+ subtracted q from name.end. where in a successful case q = name.end
+ and therefore addrlen equalled 0. The change modifies the code to
+ subtract name.beg from name.end to calculate the length correctly.
+
+ The issue only affects libcurl with GSKit SSL, not other SSL backends.
+ The issue is not a security issue as IP verification would always fail.
+
+ Fixes #3102
+ Closes #3141
+
+Daniel Gustafsson (15 Oct 2018)
+- INSTALL: mention mesalink in TLS section
+
+ Commit 57348eb97d1b8fc3742e02c6587d2d02ff592da5 added support for the
+ MesaLink vtls backend, but missed updating the TLS section containing
+ supported backends in the docs.
+
+ Closes #3134
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+
+Marcel Raad (14 Oct 2018)
+- nonblock: fix unused parameter warning
+
+ If USE_BLOCKING_SOCKETS is defined, curlx_nonblock's arguments are not
+ used.
+
+Michael Kaufmann (13 Oct 2018)
+- Curl_follow: Always free the passed new URL
+
+ Closes #3124
+
+Viktor Szakats (12 Oct 2018)
+- replace rawgit links [ci skip]
+
+ Ref: https://rawgit.com/ "RawGit has reached the end of its useful life"
+ Ref: https://news.ycombinator.com/item?id=18202481
+ Closes https://github.com/curl/curl/pull/3131
+
+Daniel Stenberg (12 Oct 2018)
+- docs/BUG-BOUNTY.md: for vulns published since Aug 1st 2018
+
+ [ci skip]
+
+- travis: make distcheck scan for BOM markers
+
+ and remove BOM from projects/wolfssl_override.props
+
+ Closes #3126
+
+Marcel Raad (11 Oct 2018)
+- CMake: remove BOM
+
+ Accidentally aded in commit 1bb86057ff07083deeb0b00f8ad35879ec4d03ea.
+
+ Reported-by: Viktor Szakats
+ Ref: https://github.com/curl/curl/pull/3120#issuecomment-428673136
+
+Daniel Gustafsson (10 Oct 2018)
+- transfer: fix typo in comment
+
+Michael Kaufmann (10 Oct 2018)
+- docs: add "see also" links for SSL options
+
+ - link TLS 1.2 and TLS 1.3 options
+ - link proxy and non-proxy options
+
+ Closes #3121
+
+Marcel Raad (10 Oct 2018)
+- AppVeyor: remove BDIR variable that sneaked in again
+
+ Removed in ae762e1abebe3a5fe75658583c85059a0957ef6e, accidentally added
+ again in 9f3be5672dc4dda30ab43e0152e13d714a84d762.
+
+- CMake: disable -Wpedantic-ms-format
+
+ As done in the autotools build. This is required for MinGW, which
+ supports only %I64 for printing 64-bit values, but warns about it.
+
+ Closes https://github.com/curl/curl/pull/3120
+
+Viktor Szakats (9 Oct 2018)
+- ldap: show precise LDAP call in error message on Windows
+
+ Also add a unique but common text ('bind via') to make it
+ easy to grep this specific failure regardless of platform.
+
+ Ref: https://github.com/curl/curl/pull/878/files#diff-7a636f08047c4edb53a240f540b4ecf6R468
+ Closes https://github.com/curl/curl/pull/3118
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+ Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
+
+Daniel Stenberg (9 Oct 2018)
+- docs/DEPRECATE: minor reformat to render nicer on web
+
+Daniel Gustafsson (9 Oct 2018)
+- CURLOPT_SSL_VERIFYSTATUS: Fix typo
+
+ Changes s/OSCP/OCSP/ and bumps the copyright year due to the change.
+
+Marcel Raad (9 Oct 2018)
+- curl_setup: define NOGDI on Windows
+
+ This avoids an ERROR macro clash between <wingdi.h> and <arpa/tftp.h>
+ on MinGW.
+
+ Closes https://github.com/curl/curl/pull/3113
+
+- Windows: fixes for MinGW targeting Windows Vista
+
+ Classic MinGW has neither InitializeCriticalSectionEx nor
+ GetTickCount64, independent of the target Windows version.
+
+ Closes https://github.com/curl/curl/pull/3113
+
+Daniel Stenberg (8 Oct 2018)
+- TODO: fixed 'API for URL parsing/splitting'
+
+Daniel Gustafsson (8 Oct 2018)
+- KNOWN_BUGS: Fix various typos
+
+ Closes #3112
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+
+Viktor Szakats (8 Oct 2018)
+- spelling fixes [ci skip]
+
+ as detected by codespell 1.14.0
+
+ Closes https://github.com/curl/curl/pull/3114
+ Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
+
+Daniel Stenberg (8 Oct 2018)
+- RELEASE-NOTES: synced
+
+- curl_ntlm_wb: check aprintf() return codes
+
+ ... when they return NULL we're out of memory and MUST return failure.
+
+ closes #3111
+
+- docs/BUG-BOUNTY: proposed additional docs
+
+ Bug bounty explainer. See https://bountygraph.com/programs/curl
+
+ Closes #3067
+
+- [Rick Deist brought this change]
+
+ hostip: fix check on Curl_shuffle_addr return value
+
+ Closes #3110
+
+- FILE: fix CURLOPT_NOBODY and CURLOPT_HEADER output
+
+ Now FILE transfers send headers to the header callback like HTTP and
+ other protocols. Also made curl_easy_getinfo(...CURLINFO_PROTOCOL...)
+ work for FILE in the callbacks.
+
+ Makes "curl -i file://.." and "curl -I file://.." work like before
+ again. Applied the bold header logic to them too.
+
+ Regression from c1c2762 (7.61.0)
+
+ Reported-by: Shaun Jackman
+ Fixes #3083
+ Closes #3101
+
+Daniel Gustafsson (7 Oct 2018)
+- gskit: make sure to terminate version string
+
+ In case a very small buffer was passed to the version function, it could
+ result in the buffer not being NULL-terminated since strncpy() doesn't
+ guarantee a terminator on an overflowed buffer. Rather than adding code
+ to terminate (and handle zero-sized buffers), move to using snprintf()
+ instead like all the other vtls backends.
+
+ Closes #3105
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+ Reviewed-by: Viktor Szakats <commit@vszakats.net>
+
+- TODO: add LD_PRELOAD support on macOS
+
+ Add DYLD_INSERT_LIBRARIES support to the TODO list. Reported in #2394.
+
+- runtests: skip ld_preload tests on macOS
+
+ The LD_PRELOAD functionality doesn't exist on macOS, so skip any tests
+ requiring it.
+
+ Fixes #2394
+ Closes #3106
+ Reported-by: Github user @jakirkham
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+
+Marcel Raad (7 Oct 2018)
+- AppVeyor: use Debug builds to run tests
+
+ This enables more tests.
+
+ Closes https://github.com/curl/curl/pull/3104
+
+- AppVeyor: add HTTP_ONLY build
+
+ Closes https://github.com/curl/curl/pull/3104
+
+- AppVeyor: add WinSSL builds
+
+ Use the oldest and latest Windows SDKs for them.
+ Also, remove all but one OpenSSL build.
+
+ Closes https://github.com/curl/curl/pull/3104
+
+- AppVeyor: add remaining Visual Studio versions
+
+ This adds Visual Studio 9 and 10 builds.
+ There's no 64-bit VC9 compiler on AppVeyor, so use it as the Win32
+ build. Also, VC9 cannot be used for running the test suite.
+
+ Closes https://github.com/curl/curl/pull/3104
+
+- AppVeyor: break long line
+
+ Closes https://github.com/curl/curl/pull/3104
+
+- AppVeyor: remove unused BDIR variable
+
+ Closes https://github.com/curl/curl/pull/3104
+
+Daniel Stenberg (6 Oct 2018)
+- test2100: test DoH using IPv4-only
+
+ To make it only send one DoH request and avoid the race condition that
+ could lead to the requests getting sent in reversed order and thus
+ making it hard to compare in the test case.
+
+ Fixes #3107
+ Closes #3108
+
+- tests/FILEFORMAT: mention how to use <fileN> and <stripfileN> too
+
+ [ci skip]
+
+- RELEASE-NOTES: synced
+
+- [Dmitry Kostjuchenko brought this change]
+
+ timeval: fix use of weak symbol clock_gettime() on Apple platforms
+
+ Closes #3048
+
+- doh: keep the IPv4 address in (original) network byte order
+
+ Ideally this will fix the reversed order shown in SPARC tests:
+
+ resp 8: Expected 127.0.0.1 got 1.0.0.127
+
+ Closes #3091
+
+Jay Satiro (5 Oct 2018)
+- INTERNALS.md: wrap lines longer than 79
+
+Daniel Gustafsson (5 Oct 2018)
+- INTERNALS: escape reference to parameter
+
+ The parameter reference <string> was causing rendering issues in the
+ generated HTML page, as <string> isn't a valid HTML tag. Fix by back-
+ tick escaping it.
+
+ Closes #3099
+ Reviewed-by: Jay Satiro <raysatiro@yahoo.com>
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+
+- checksrc: handle zero scoped ignore commands
+
+ If a !checksrc! disable command specified to ignore zero errors, it was
+ still added to the ignore block even though nothing was ignored. While
+ there were no blocks ignored that shouldn't be ignored, the processing
+ ended with with a warning:
+
+ <filename>:<line>:<col>: warning: Unused ignore: LONGLINE (UNUSEDIGNORE)
+ /* !checksrc! disable LONGLINE 0 */
+ ^
+ Fix by instead treating a zero ignore as a a badcommand and throw a
+ warning for that one.
+
+ Closes #3096
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+
+- checksrc: enable strict mode and warnings
+
+ Enable strict and warnings mode for checksrc to ensure we aren't missing
+ anything due to bugs in the checking code. This uncovered a few things
+ which are all fixed in this commit:
+
+ * several variables were used uninitialized
+ * several variables were not defined in the correct scope
+ * the whitelist filehandle was read even if the file didn't exist
+ * the enable_warn() call when a disable counter had expired was passing
+ incorrect variables, but since the checkwarn() call is unlikely to hit
+ (the counter is only decremented to zero on actual ignores) it didn't
+ manifest a problem.
+
+ Closes #3090
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+ Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
+
+Marcel Raad (5 Oct 2018)
+- CMake: suppress MSVC warning C4127 for libtest
+
+ It's issued by older Windows SDKs (prior to version 8.0).
+
+Sergei Nikulov (5 Oct 2018)
+- Merge branch 'dmitrykos-fix_missing_CMake_defines'
+
+- [Dmitry Kostjuchenko brought this change]
+
+ cmake: test and set missed defines during configuration
+
+ Added configuration checks for HAVE_BUILTIN_AVAILABLE and HAVE_CLOCK_GETTIME_MONOTONIC.
+
+ Closes #3097
+
+Marcel Raad (5 Oct 2018)
+- AppVeyor: disable test 500
+
+ It almost always results in
+ "starttransfer vs total: 0.000001 0.000000".
+ I cannot reproduce this locally, so disable it for now.
+
+ Closes https://github.com/curl/curl/pull/3100
+
+- AppVeyor: set custom install prefix
+
+ CMake's default has spaces and in 32-bit mode parentheses, which result
+ in syntax errors in curl-config.
+
+ Closes https://github.com/curl/curl/pull/3100
+
+- AppVeyor: Remove non-SSL non-test builds
+
+ They don't add much value.
+
+ Closes https://github.com/curl/curl/pull/3100
+
+- AppVeyor: run test suite
+
+ Use the preinstalled MSYS2 bash for that.
+ Disable test 1139 as the CMake build doesn't generate curl.1.
+
+ Ref: https://github.com/curl/curl/issues/3070#issuecomment-425922224
+ Closes https://github.com/curl/curl/pull/3100
+
+- AppVeyor: use in-tree build
+
+ Required to run the tests.
+
+ Closes https://github.com/curl/curl/pull/3100
+
+Daniel Stenberg (4 Oct 2018)
+- doh: make sure TTL isn't re-inited by second (discarded?) response
+
+ Closes #3092
+
+- test320: strip out more HTML when comparing
+
+ To make the test case work with different gnutls-serv versions better.
+
+ Reported-by: Kamil Dudka
+ Fixes #3093
+ Closes #3094
+
+Marcel Raad (4 Oct 2018)
+- runtests: use Windows paths for Windows curl
+
+ curl generated by CMake's Visual Studio generator has "Windows" in the
+ version number.
+
+Daniel Stenberg (4 Oct 2018)
+- [Colin Hogben brought this change]
+
+ tests/negtelnetserver.py: fix Python2-ism in neg TELNET server
+
+ Fix problems caused by differences in treatment of bytes objects between
+ python2 and python3.
+
+ Fixes #2929
+ Closes #3080
+
+Daniel Gustafsson (3 Oct 2018)
+- memory: ensure to check allocation results
+
+ The result of a memory allocation should always be checked, as we may
+ run under memory pressure where even a small allocation can fail. This
+ adds checking and error handling to a few cases where the allocation
+ wasn't checked for success. In the ftp case, the freeing of the path
+ variable is moved ahead of the allocation since there is little point
+ in keeping it around across the strdup, and the separation makes for
+ more readable code. In nwlib, the lock is aslo freed in the error path.
+
+ Also bumps the copyright years on affected files.
+
+ Closes #3084
+ Reviewed-by: Jay Satiro <raysatiro@yahoo.com>
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+
+- comment: Fix multiple typos in function parameters
+
+ Ensure that the parameters in the comment match the actual names in the
+ prototype.
+
+ Closes #3079
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+
+- CURLOPT_SSLVERSION.3: fix typos and consistent spelling
+
+ Use TLS vX.Y throughout the document, instead of TLS X.Y, as that was
+ already done in all but a few cases. Also fix a few typos.
+
+ Closes #3076
+ Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+
+- SECURITY-PROCESS: make links into hyperlinks
+
+ Use proper Markdown hyperlink format for the Bountygraph links in order
+ for the generated website page to be more user friendly. Also link to
+ the sponsors to give them a little extra credit.
+
+ Closes #3082
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+
+Jay Satiro (3 Oct 2018)
+- CURLOPT_HEADER.3: fix typo
+
+- nss: fix nssckbi module loading on Windows
+
+ - Use .DLL extension instead of .so to load modules on Windows.
+
+ Bug: https://curl.haxx.se/mail/lib-2018-09/0077.html
+ Reported-by: Maxime Legros
+
+ Ref: https://github.com/curl/curl/pull/3016/#issuecomment-423069442
+
+ Closes https://github.com/curl/curl/pull/3086
+
+- data-binary.d: clarify default content-type is x-www-form-urlencoded
+
+ - Advise user that --data-binary sends a default content type of
+ x-www-form-urlencoded, and to have the data treated as arbitrary
+ binary data by the server set the content-type header to octet-stream.
+
+ Ref: https://github.com/curl/curl/pull/2852#issuecomment-426465094
+
+ Closes https://github.com/curl/curl/pull/3085
+
+Marcel Raad (2 Oct 2018)
+- test1299: use single quotes around asterisk
+
+ Ref: https://github.com/curl/curl/issues/1751#issuecomment-321522580
+
+Daniel Stenberg (2 Oct 2018)
+- docs/CIPHERS: mention the colon separation for OpenSSL
+
+ Bug: #3077
+
+- runtests: ignore disabled even when ranges are given
+
+ runtests.pl support running a range of tests, like "44 to 127". Starting
+ now, the code makes sure that even such given ranges will ignore tests
+ that are marked as disabled.
+
+ Disabled tests can still be run by explictly specifying that test
+ number.
+
+ Closes #3075
+
+- urlapi: starting with a drive letter on win32 is not an abs url
+
+ ... and libcurl doesn't support any single-letter URL schemes (if there
+ even exist any) so it should be fairly risk-free.
+
+ Reported-by: Marcel Raad
+
+ Fixes #3070
+ Closes #3071
+
+Marcel Raad (2 Oct 2018)
+- doh: fix curl_easy_setopt argument type
+
+ CURLOPT_POSTFIELDSIZE is long. Fixes a compiler warning on 64-bit
+ MinGW.
+
+Daniel Stenberg (2 Oct 2018)
+- RELEASE-NOTES: synced
+
+Jay Satiro (1 Oct 2018)
+- [Ruslan Baratov brought this change]
+
+ CMake: Improve config installation
+
+ Use 'GNUInstallDirs' standard module to set destinations of installed
+ files.
+
+ Use uppercase "CURL" names instead of lowercase "curl" to match standard
+ 'FindCURL.cmake' CMake module:
+ * https://cmake.org/cmake/help/latest/module/FindCURL.html
+
+ Meaning:
+ * Install 'CURLConfig.cmake' instead of 'curl-config.cmake'
+ * User should call 'find_package(CURL)' instead of 'find_package(curl)'
+
+ Use 'configure_package_config_file' function to generate
+ 'CURLConfig.cmake' file. This will make 'curl-config.cmake.in' template
+ file smaller and handle components better. E.g. current configuration
+ report no error if user specified unknown components (note: new
+ configuration expects no components, report error if user will try to
+ specify any).
+
+ Closes https://github.com/curl/curl/pull/2849
+
+Daniel Stenberg (1 Oct 2018)
+- test1650: make it depend on http/2
+
+ Follow-up to 570008c99da0ccbb as it gets link errors.
+
+ Reported-by: Michael Kaufmann
+ Closes #3068
+
+- [Nate Prewitt brought this change]
+
+ MANUAL: minor grammar fix
+
+ Noticed a typo reading through the docs.
+
+ Closes #3069
+
+- doh: only build if h2 enabled
+
+ The DoH spec says "HTTP/2 [RFC7540] is the minimum RECOMMENDED version
+ of HTTP for use with DoH".
+
+ Reported-by: Marcel Raad
+ Closes #3066
+
+- test2100: require http2 to run
+
+ Reported-by: Marcel Raad
+ Fixes #3064
+ Closes #3065
+
+- multi: fix memory leak in content encoding related error path
+
+ ... a missing multi_done() call.
+
+ Credit to OSS-Fuzz
+ Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10728
+ Closes #3063
+
+- travis: bump the Secure Transport build to use xcode 10
+
+ Due to an issue with travis
+ (https://github.com/travis-ci/travis-ci/issues/9956) we've been using
+ Xcode 9.2 for darwinssl builds for a while. Now xcode 10 is offered as
+ an alternative and as it builds curl+darwinssl fine that seems like a
+ better choice.
+
+ Closes #3062
+
+- [Rich Turner brought this change]
+
+ curl: enabled Windows VT Support and UTF-8 output
+
+ Enabled Console VT support (if running OS supports VT) in tool_main.c.
+
+ Fixes #3008
+ Closes #3011
+
+- multi: fix location URL memleak in error path
+
+ Follow-up to #3044 - fix a leak OSS-Fuzz detected
+ Closes #3057
+
+Sergei Nikulov (28 Sep 2018)
+- cmake: fixed path used in generation of docs/tests during curl build through add_subdicectory(...)
+
+- [Brad King brought this change]
+
+ cmake: Backport to work with CMake 3.0 again
+
+ Changes in commit 7867aaa9a0 (cmake: link curl to the OpenSSL targets
+ instead of lib absolute paths, 2018-07-17) and commit f826b4ce98 (cmake:
+ bumped minimum version to 3.4, 2018-07-19) required CMake 3.4 to fix
+ issue #2746. This broke support for users on older versions of CMake
+ even if they just want to build curl and do not care whether transitive
+ dependencies work.
+
+ Backport the logic to work with CMake 3.0 again by implementing the
+ fix only when the version of CMake is at least 3.4.
+
+Marcel Raad (27 Sep 2018)
+- curl_threads: fix classic MinGW compile break
+
+ Classic MinGW still has _beginthreadex's return type as unsigned long
+ instead of uintptr_t [0]. uintptr_t is not even defined because of [1].
+
+ [0] https://sourceforge.net/p/mingw/mingw-org-wsl/ci/wsl-5.1-release/tree/mingwrt/include/process.h#l167
+ [1] https://sourceforge.net/p/mingw/mingw-org-wsl/ci/wsl-5.1-release/tree/mingwrt/include/process.h#l90
+
+ Bug: https://github.com/curl/curl/issues/2924#issuecomment-424334807
+ Closes https://github.com/curl/curl/pull/3051
+
+Daniel Stenberg (26 Sep 2018)
+- configure: s/AC_RUN_IFELSE/CURL_RUN_IFELSE
+
+ fix a few leftovers
+
+ Fixes #3006
+ Closes #3049
+
+- [Doron Behar brought this change]
+
+ example/htmltidy: fix include paths of tidy libraries
+
+ Closes #3050
+
+- RELEASE-NOTES: synced
+
+- Curl_http2_done: fix memleak in error path
+
+ Free 'header_recvbuf' unconditionally even if 'h2' isn't (yet) set, for
+ early failures.
+
+ Detected by OSS-Fuzz
+
+ Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10669
+ Closes #3046
+
+- http: fix memleak in rewind error path
+
+ If the rewind would fail, a strdup() would not get freed.
+
+ Detected by OSS-Fuzz
+
+ Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10665
+ Closes #3044
+
+Viktor Szakats (24 Sep 2018)
+- test320: fix regression in [ci skip]
+
+ The value in question is coming directly from `gnutls-serv`, so it cannot
+ be modified freely.
+
+ Reported-by: Marcel Raad
+ Ref: https://github.com/curl/curl/commit/6ae6b2a533e8630afbb21f570305bd4ceece6348#commitcomment-30621004
+
+Daniel Stenberg (24 Sep 2018)
+- Curl_retry_request: fix memory leak
+
+ Detected by OSS-Fuzz
+
+ Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10648
+ Closes #3042
+
+- openssl: load built-in engines too
+
+ Regression since 38203f1
+
+ Reported-by: Jean Fabrice
+ Fixes #3023
+ Closes #3040
+
+- [Christian Heimes brought this change]
+
+ OpenSSL: enable TLS 1.3 post-handshake auth
+
+ OpenSSL 1.1.1 requires clients to opt-in for post-handshake
+ authentication.
+
+ Fixes: https://github.com/curl/curl/issues/3026
+ Signed-off-by: Christian Heimes <christian@python.org>
+
+ Closes https://github.com/curl/curl/pull/3027
+
+- [Even Rouault brought this change]
+
+ Curl_dedotdotify(): always nul terminate returned string.
+
+ This fixes potential out-of-buffer access on "file:./" URL
+
+ $ valgrind curl "file:./"
+ ==24516== Memcheck, a memory error detector
+ ==24516== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
+ ==24516== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
+ ==24516== Command: /home/even/install-curl-git/bin/curl file:./
+ ==24516==
+ ==24516== Conditional jump or move depends on uninitialised value(s)
+ ==24516== at 0x4C31F9C: strcmp (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
+ ==24516== by 0x4EBB315: seturl (urlapi.c:801)
+ ==24516== by 0x4EBB568: parseurl (urlapi.c:861)
+ ==24516== by 0x4EBC509: curl_url_set (urlapi.c:1199)
+ ==24516== by 0x4E644C6: parseurlandfillconn (url.c:2044)
+ ==24516== by 0x4E67AEF: create_conn (url.c:3613)
+ ==24516== by 0x4E68A4F: Curl_connect (url.c:4119)
+ ==24516== by 0x4E7F0A4: multi_runsingle (multi.c:1440)
+ ==24516== by 0x4E808E5: curl_multi_perform (multi.c:2173)
+ ==24516== by 0x4E7558C: easy_transfer (easy.c:686)
+ ==24516== by 0x4E75801: easy_perform (easy.c:779)
+ ==24516== by 0x4E75868: curl_easy_perform (easy.c:798)
+
+ Was originally spotted by
+ https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10637
+ Credit to OSS-Fuzz
+
+ Closes #3039
+
+Viktor Szakats (23 Sep 2018)
+- update URLs in tests
+
+ - and one in docs/MANUAL as well
+
+ Closes https://github.com/curl/curl/pull/3038
+
+- whitespace fixes
+
+ - replace tabs with spaces where possible
+ - remove line ending spaces
+ - remove double/triple newlines at EOF
+ - fix a non-UTF-8 character
+ - cleanup a few indentations/line continuations
+ in manual examples
+
+ Closes https://github.com/curl/curl/pull/3037
+
+Daniel Stenberg (23 Sep 2018)
+- http: add missing return code check
+
+ Detected by Coverity. CID 1439610.
+
+ Follow-up from 46e164069d1a523
+
+ Closes #3034
+
+- ftp: don't access pointer before NULL check
+
+ Detected by Coverity. CID 1439611.
+
+ Follow-up from 46e164069d1a523
+
+- unit1650: fix out of boundary access
+
+ Fixes #2987
+ Closes #3035
+
+Viktor Szakats (23 Sep 2018)
+- docs/examples: URL updates
+
+ - also update two URLs outside of docs/examples
+ - fix spelling of filename persistant.c
+ - fix three long lines that started failing checksrc.pl
+
+ Closes https://github.com/curl/curl/pull/3036
+
+- examples/Makefile.m32: sync with core [ci skip]
+
+ also:
+ - fix two warnings in synctime.c (one of them Windows-specific)
+ - upgrade URLs in synctime.c and remove a broken one
+
+ Closes https://github.com/curl/curl/pull/3033
+
+Daniel Stenberg (22 Sep 2018)
+- examples/parseurl.c: show off the URL API a bit
+
+ Closes #3030
+
+- SECURITY-PROCESS: mention the bountygraph program [ci skip]
+
+ Closes #3032
+
+- url: use the URL API internally as well
+
+ ... to make it a truly unified URL parser.
+
+ Closes #3017
+
+Viktor Szakats (22 Sep 2018)
+- URL and mailmap updates, remove an obsolete directory [ci skip]
+
+ Closes https://github.com/curl/curl/pull/3031
+
+Daniel Stenberg (22 Sep 2018)
+- RELEASE-NOTES: synced
+
+- configure: force-use -lpthreads on HPUX
+
+ When trying to detect pthreads use on HPUX the checks will succeed
+ without the correct -l option but then end up failing at run-time.
+
+ Reported-by: Eason-Yu on github
+ Fixes #2697
+ Closes #3025
+
+- [Erik Minekus brought this change]
+
+ Curl_saferealloc: Fixed typo in docblock
+
+ Closes #3029
+
+- urlapi: fix support for address scope in IPv6 numerical addresses
+
+ Closes #3024
+
+- [Loganaden Velvindron brought this change]
+
+ GnutTLS: TLS 1.3 support
+
+ Closes #2971
+
+- TODO: c-ares and CURLOPT_OPENSOCKETFUNCTION
+
+ Removed DoH.
+
+ Closes #2734
+
+Jay Satiro (20 Sep 2018)
+- vtls: fix ssl version "or later" behavior change for many backends
+
+ - Treat CURL_SSLVERSION_MAX_NONE the same as
+ CURL_SSLVERSION_MAX_DEFAULT. Prior to this change NONE would mean use
+ the minimum version also as the maximum.
+
+ This is a follow-up to 6015cef which changed the behavior of setting
+ the SSL version so that the requested version would only be the minimum
+ and not the maximum. It appears it was (mostly) implemented in OpenSSL
+ but not other backends. In other words CURL_SSLVERSION_TLSv1_0 used to
+ mean use just TLS v1.0 and now it means use TLS v1.0 *or later*.
+
+ - Fix CURL_SSLVERSION_MAX_DEFAULT for OpenSSL.
+
+ Prior to this change CURL_SSLVERSION_MAX_DEFAULT with OpenSSL was
+ erroneously treated as always TLS 1.3, and would cause an error if
+ OpenSSL was built without TLS 1.3 support.
+
+ Co-authored-by: Daniel Gustafsson
+
+ Fixes https://github.com/curl/curl/issues/2969
+ Closes https://github.com/curl/curl/pull/3012
+
+Daniel Stenberg (20 Sep 2018)
+- certs: generate tests certs with sha256 digest algorithm
+
+ As OpenSSL 1.1.1 starts to complain and fail on sha1 CAs:
+
+ "SSL certificate problem: CA signature digest algorithm too weak"
+
+ Closes #3014
+
+- urlapi: document the error codes, remove two unused ones
+
+ Assisted-by: Daniel Gustafsson
+ Closes #3019
+
+- urlapi: add CURLU_GUESS_SCHEME and fix hostname acceptance
+
+ In order for this API to fully work for libcurl itself, it now offers a
+ CURLU_GUESS_SCHEME flag that makes it "guess" scheme based on the host
+ name prefix just like libcurl always did. If there's no known prefix, it
+ will guess "http://".
+
+ Separately, it relaxes the check of the host name so that IDN host names
+ can be passed in as well.
+
+ Both these changes are necessary for libcurl itself to use this API.
+
+ Assisted-by: Daniel Gustafsson
+ Closes #3018
+
+Kamil Dudka (19 Sep 2018)
+- nss: try to connect even if libnssckbi.so fails to load
+
+ One can still use CA certificates stored in NSS database.
+
+ Reported-by: Maxime Legros
+ Bug: https://curl.haxx.se/mail/lib-2018-09/0077.html
+
+ Closes #3016
+
+Daniel Gustafsson (19 Sep 2018)
+- urlapi: don't set value which is never read
+
+ In the CURLUPART_URL case, there is no codepath which invokes url
+ decoding so remove the assignment of the urldecode variable. This
+ fixes the deadstore bug-report from clang static analysis.
+
+ Closes #3015
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+
+- todo: Update reference to already done item
+
+ TODO item 1.1 was implemented in commit 946ce5b61f, update reference
+ to it with instead referencing the implemented option.
+
+ Closes #3013
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+
+Daniel Stenberg (18 Sep 2018)
+- RELEASE-NOTES: synced
+
+- [slodki brought this change]
+
+ cmake: don't require OpenSSL if USE_OPENSSL=OFF
+
+ User must have OpenSSL installed even if not used by libcurl at all
+ since 7.61.1 release. Broken at
+ 7867aaa9a01decf93711428462335be8cef70212
+
+ Reviewed-by: Sergei Nikulov
+ Closes #3001
+
+- curl_multi_wait: call getsock before figuring out timeout
+
+ .... since getsock may update the expiry timer.
+
+ Fixes #2996
+ Closes #3000
+
+- examples/http2-pushinmemory: receive HTTP/2 pushed files in memory
+
+ Closes #3004
+
+Daniel Gustafsson (18 Sep 2018)
+- darwinssl: Fix realloc memleak
+
+ The reallocation was using the input pointer for the return value, which
+ leads to a memory leak on reallication failure. Fix by instead use the
+ safe internal API call Curl_saferealloc().
+
+ Closes #3005
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+ Reviewed-by: Nick Zitzmann <nickzman@gmail.com>
+
+- [Kruzya brought this change]
+
+ examples: Fix memory leaks from realloc errors
+
+ Make sure to not overwrite the reallocated pointer in realloc() calls
+ to avoid a memleak on memory errors.
+
+- memory: add missing curl_printf header
+
+ ftp_send_command() was using vsnprintf() without including the libcurl
+ *rintf() replacement header. Fix by including curl_printf.h and also
+ add curl_memory.h while at it since memdebug.h depends on it.
+
+ Closes #2999
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+
+Daniel Stenberg (16 Sep 2018)
+- [Si brought this change]
+
+ curl: update --tlsv* descriptions in --help output
+
+ Closes #2994
+
+- http: made Curl_add_buffer functions take a pointer-pointer
+
+ ... so that they can clear the original pointer on failure, which makes
+ the error-paths and their cleanups easier.
+
+ Closes #2992
+
+- http2: fix memory leaks on error-path
+
+- [Rikard Falkeborn brought this change]
+
+ libtest: Add chkdecimalpoint to .gitignore
+
+ Closes #2998
+
+Viktor Szakats (14 Sep 2018)
+- secure Openwall URLs
+
+Daniel Stenberg (14 Sep 2018)
+- openssl: show "proper" version number for libressl builds
+
+ Closes #2989
+
+- [Rainer Jung brought this change]
+
+ openssl: assume engine support in 0.9.8 or later
+
+ Fixes #2983
+ Closes #2988
+
+Daniel Gustafsson (13 Sep 2018)
+- sendf: use failf() rather than Curl_failf()
+
+ The failf() macro is the name used for invoking Curl_failf(). While
+ there isn't a way to turn off failf like there is for infof, but it's
+ still a good idea to use the macro.
+
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+
+- sendf: Fix whitespace in infof/failf concatenation
+
+ Strings broken on multiple rows in the .c file need to have appropriate
+ whitespace padding on either side of the concatenation point to render
+ a correct amalgamated string. Fix by adding a space at the occurrences
+ found.
+
+ Closes #2986
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+
+- krb5: fix memory leak in krb_auth
+
+ The FTP command allocated by aprintf() must be freed after usage.
+
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+
+- ftp: include command in Curl_ftpsend sendbuffer
+
+ Commit 8238ba9c5f10414a88f502bf3f5d5a42d632984c inadvertently removed
+ the actual command to be sent from the send buffer in a refactoring.
+ Add back copying the command into the buffer. Also add more guards
+ against malformed input while at it.
+
+ Closes #2985
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+
+- ntlm_wb: Fix memory leaks in ntlm_wb_response
+
+ When erroring out on a request being too large, the existing buffer was
+ leaked. Fix by explicitly freeing on the way out.
+
+ Closes #2966
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+
+Daniel Stenberg (13 Sep 2018)
+- [Yiming Jing brought this change]
+
+ travis: build the MesaLink vtls backend with MesaLink 0.7.1
+
+- [Yiming Jing brought this change]
+
+ runtests.pl: run tests against the MesaLink vtls backend
+
+- [Yiming Jing brought this change]
+
+ vtls: add a MesaLink vtls backend
+
+ Closes #2984
+
+- [Yiming Jing brought this change]
+
+ configure.ac: add a MesaLink vtls backend
+
+- [Dave Reisner brought this change]
+
+ curl_url_set.3: properly escape \n in example code
+
+ This yields
+
+ "the scheme is %s\n"
+
+ instead of
+
+ "the scheme is %s0
+
+ Closes #2970
+
+- [Dave Reisner brought this change]
+
+ curl_url_set.3: fix typo in reference to CURLU_APPENDQUERY
+
+- urlglob: improve error message
+
+ to help user understand what the problem is
+
+ Reported-by: Daniel Shahaf
+
+ Fixes #2763
+ Closes #2977
+
+- [Yiming Jing brought this change]
+
+ tests/certs: rebuild certs with 2048-bit RSA keys
+
+ The previous test certificates contained RSA keys of only 1024 bits.
+ However, RSA claims that 1024-bit RSA keys are likely to become
+ crackable some time before 2010. The NIST recommends at least 2048-bit
+ keys for RSA for now.
+
+ Better use full 2048 also for testing.
+
+ Closes #2973
+
+Daniel Gustafsson (12 Sep 2018)
+- TODO: fix typo in item
+
+ Closes #2968
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+
+Marcel Raad (12 Sep 2018)
+- anyauthput: fix compiler warning on 64-bit Windows
+
+ On Windows, the read function from <io.h> is used, which has its byte
+ count parameter as unsigned int instead of size_t.
+
+ Closes https://github.com/curl/curl/pull/2972
+
+Viktor Szakats (12 Sep 2018)
+- lib: fix gcc8 warning on Windows
+
+ Closes https://github.com/curl/curl/pull/2979
+
+Jay Satiro (12 Sep 2018)
+- openssl: fix gcc8 warning
+
+ - Use memcpy instead of strncpy to copy a string without termination,
+ since gcc8 warns about using strncpy to copy as many bytes from a
+ string as its length.
+
+ Suggested-by: Viktor Szakats
+
+ Closes https://github.com/curl/curl/issues/2980
+
+Daniel Stenberg (10 Sep 2018)
+- libcurl-url.3: overview man page for the URL API
+
+ Closes #2967
+
+- example/asiohiper: insert warning comment about its status
+
+ This example is simply not working correctly but there's nobody around
+ with the skills and energy to fix it.
+
+ Closes #2407
+
+Kamil Dudka (10 Sep 2018)
+- docs/cmdline-opts: update the documentation of --tlsv1.0
+
+ ... to reflect the changes in 6015cefb1b2cfde4b4850121c42405275e5e77d9
+
+ Closes #2955
+
+- docs/examples: do not wait when no transfers are running
+
+ Closes #2948
+
+Daniel Stenberg (10 Sep 2018)
+- [Daniel Gustafsson brought this change]
+
+ cookies: Move failure case label to end of function
+
+ Rather than jumping backwards to where failure cleanup happens
+ to be performed, move the failure case to end of the function
+ where it is expected per existing coding convention.
+
+ Closes #2965
+
+- [Daniel Gustafsson brought this change]
+
+ misc: fix typos in comments
+
+ Closes #2963
+
+- [Daniel Gustafsson brought this change]
+
+ cookies: fix leak when writing cookies to file
+
+ If the formatting fails, we error out on a fatal error and
+ clean up on the way out. The array was however freed within
+ the wrong scope and was thus never freed in case the cookies
+ were written to a file instead of STDOUT.
+
+ Closes #2957
+
+- [Daniel Gustafsson brought this change]
+
+ cookies: Remove redundant expired check
+
+ Expired cookies have already been purged at a later expiration time
+ before this check, so remove the redundant check.
+
+ closes #2962
+
+- ntlm_wb: bail out if the response gets overly large
+
+ Exit the realloc() loop if the response turns out ridiculously large to
+ avoid worse problems.
+
+ Reported-by: Harry Sintonen
+ Closes #2959
+
+- [Daniel Gustafsson brought this change]
+
+ url.c: fix comment typo and indentation
+
+ Closes #2960
+
+- urlapi: avoid derefencing a possible NULL pointer
+
+ Coverity CID 1439134
+
+- RELEASE-NOTES: synced
+
+Marcel Raad (8 Sep 2018)
+- test324: fix after 3f3b26d6feb0667714902e836af608094235fca2
+
+ The expected error code is now 60. 51 is dead.
+
+Daniel Stenberg (8 Sep 2018)
+- curl_url_set.3: correct description
+
+- curl_url-docs: fix AVAILABILITY as Added in curl 7.62.0
+
+- URL-API
+
+ See header file and man pages for API. All documented API details work
+ and are tested in the 1560 test case.
+
+ Closes #2842
+
+- curl_easy_upkeep: removed 'conn' from the name
+
+ ... including the associated option.
+
+ Fixes #2951
+ Closes #2952
+
+- [Max Dymond brought this change]
+
+ upkeep: add a connection upkeep API: curl_easy_conn_upkeep()
+
+ Add functionality so that protocols can do custom keepalive on their
+ connections, when an external API function is called.
+
+ Add docs for the new options in 7.62.0
+
+ Closes #1641
+
+- [Philipp Waehnert brought this change]
+
+ configure: add option to disable automatic OpenSSL config loading
+
+ Sometimes it may be considered a security risk to load an external
+ OpenSSL configuration automatically inside curl_global_init(). The
+ configuration option --disable-ssl-auto-load-config disables this
+ automatism. The Windows build scripts winbuild/Makefile.vs provide a
+ corresponding option ENABLE_SSL_AUTO_LOAD_CONFIG accepting a boolean
+ value.
+
+ Setting neither of these options corresponds to the previous behavior
+ loading the external OpenSSL configuration automatically.
+
+ Fixes #2724
+ Closes #2791
+
+- doh: minor edits to please Coverity
+
+ The gcc typecheck macros and coverity combined made it warn on the 2nd
+ argument for ERROR_CHECK_SETOPT(). Here's minor rearrange to please it.
+
+ Coverity CID 1439115 and CID 1439114.
+
+- schannel: avoid switch-cases that go to default anyway
+
+ SEC_E_APPLICATION_PROTOCOL_MISMATCH isn't defined in some versions of
+ mingw and would require an ifdef otherwise.
+
+ Reported-by: Thomas Glanzmann
+ Approved-by: Marc Hörsken
+ Bug: https://curl.haxx.se/mail/lib-2018-09/0020.html
+ Closes #2950
+
+- [Nicklas Avén brought this change]
+
+ imap: change from "FETCH" to "UID FETCH"
+
+ ... and add "MAILINDEX".
+
+ As described in #2789, this is a suggested solution. Changing UID=xx to
+ actually get mail with UID xx and add "MAILINDEX" to get a mail with a
+ special index in the mail box (old behavior). So MAILINDEX=1 gives the
+ first non deleted mail in the mail box.
+
+ Fixes #2789
+ Closes #2815
+
+- CURLOPT_UPLOAD_BUFFERSIZE: set upload buffer size
+
+ This is step 3 of #2888.
+
+ Fixes #2888
+ Closes #2896
+
+- travis: add the DOH tests to the torture testing
+
+- DOH: add test case 1650 and 2100
+
+- curl: --doh-url added
+
+- setopt: add CURLOPT_DOH_URL
+
+ Closes #2668
+
+- [Han Han brought this change]
+
+ ssl: deprecate CURLE_SSL_CACERT in favour of a unified error code
+
+ Long live CURLE_PEER_FAILED_VERIFICATION
+
+- [Han Han brought this change]
+
+ x509asn1: return CURLE_PEER_FAILED_VERIFICATION on failure to parse cert
+
+ CURLE_PEER_FAILED_VERIFICATION makes more sense because Curl_parseX509
+ does not allocate memory internally as its first argument is a pointer
+ to the certificate structure. The same error code is also returned by
+ Curl_verifyhost when its call to Curl_parseX509 fails so the change
+ makes error handling more consistent.
+
+- [Han Han brought this change]
+
+ openssl: return CURLE_PEER_FAILED_VERIFICATION on failure to parse issuer
+
+ Failure to extract the issuer name from the server certificate should
+ return a more specific error code like on other TLS backends.
+
+- [Han Han brought this change]
+
+ schannel: unified error code handling
+
+ Closes #2901
+
+- [Han Han brought this change]
+
+ darwinssl: more specific and unified error codes
+
+ Closes #2901
+
+- CURLOPT_DNS_USE_GLOBAL_CACHE: deprecated
+
+ Disable the CURLOPT_DNS_USE_GLOBAL_CACHE option and mark it for
+ deprecation and complete removal in six months.
+
+ Bug: https://curl.haxx.se/mail/lib-2018-09/0010.html
+ Closes #2942
+
+- url: default to CURL_HTTP_VERSION_2TLS if built h2-enabled
+
+ Closes #2709
+
+- multiplex: enable by default
+
+ Starting 7.62.0, multiplexing is enabled by default in multi handles.
+
+- [Jim Fuller brought this change]
+
+ tests: add unit tests for url.c
+
+ Approved-by: Daniel Gustafsson
+ Closes #2937
+
+- test1452: mark as flaky
+
+ makes it not run in the CI builds
+
+ Closes #2941
+
+- pipelining: deprecated
+
+ Transparently. The related curl_multi_setopt() options all still returns
+ OK when pipelining is selected.
+
+ To re-enable the support, the single line change in lib/multi.c needs to
+ be reverted.
+
+ See docs/DEPRECATE.md
+
+ Closes #2705
+
+- RELEASE-NOTES: start working on 7.62.0
+
+Version 7.61.1 (4 Sep 2018)
+
+Daniel Stenberg (4 Sep 2018)
+- THANKS: 7.61.1 status
+
+- RELEASE-NOTES: 7.61.1
+
+- Curl_getoff_all_pipelines: ignore unused return values
+
+ Since scan-build would warn on the dead "Dead store/Dead increment"
+
+Viktor Szakats (4 Sep 2018)
+- sftp: fix indentation
+
+Daniel Stenberg (4 Sep 2018)
+- [Przemysław Tomaszewski brought this change]
+
+ sftp: don't send post-qoute sequence when retrying a connection
+
+ Fixes #2939
+ Closes #2940
+
+Kamil Dudka (3 Sep 2018)
+- url, vtls: make CURLOPT{,_PROXY}_TLS13_CIPHERS work
+
+ This is a follow-up to PR #2607 and PR #2926.
+
+ Closes #2936
+
+Daniel Stenberg (3 Sep 2018)
+- [Jay Satiro brought this change]
+
+ tool_operate: Add http code 408 to transient list for --retry
+
+ - Treat 408 request timeout as transient so that curl will retry the
+ request if --retry was used.
+
+ Closes #2925
+
+- [Jay Satiro brought this change]
+
+ openssl: Fix setting TLS 1.3 cipher suites
+
+ The flag indicating TLS 1.3 cipher support in the OpenSSL backend was
+ missing.
+
+ Bug: https://github.com/curl/curl/pull/2607#issuecomment-417283187
+ Reported-by: Kamil Dudka
+
+ Closes #2926
+
+- Curl_ntlm_core_mk_nt_hash: return error on too long password
+
+ ... since it would cause an integer overflow if longer than (max size_t
+ / 2).
+
+ This is CVE-2018-14618
+
+ Bug: https://curl.haxx.se/docs/CVE-2018-14618.html
+ Closes #2756
+ Reported-by: Zhaoyang Wu
+
+- [Rikard Falkeborn brought this change]
+
+ http2: Use correct format identifier for stream_id
+
+ Closes #2928
+
+Marcel Raad (2 Sep 2018)
+- test1148: fix precheck output
+
+ "precheck command error" is not very helpful.
+
+Daniel Stenberg (1 Sep 2018)
+- all: s/int/size_t cleanup
+
+ Assisted-by: Rikard Falkeborn
+
+ Closes #2922
+
+- ssh-libssh: use FALLTHROUGH to silence gcc8
+
+Jay Satiro (31 Aug 2018)
+- tool_operate: Fix setting proxy TLS 1.3 ciphers
+
+Daniel Stenberg (31 Aug 2018)
+- [Daniel Gustafsson brought this change]
+
+ cookies: support creation-time attribute for cookies
+
+ According to RFC6265 section 5.4, cookies with equal path lengths
+ SHOULD be sorted by creation-time (earlier first). This adds a
+ creation-time record to the cookie struct in order to make cookie
+ sorting more deterministic. The creation-time is defined as the
+ order of the cookies in the jar, the first cookie read fro the
+ jar being the oldest. The creation-time is thus not serialized
+ into the jar. Also remove the strcmp() matching in the sorting as
+ there is no lexicographic ordering in RFC6265. Existing tests are
+ updated to match.
+
+ Closes #2524
+
+Marcel Raad (31 Aug 2018)
+- Don't use Windows path %PWD for SSH tests
+
+ All these tests failed on Windows because something like
+ sftp://%HOSTIP:%SSHPORT%PWD/
+ expanded to
+ sftp://127.0.0.1:1234c:/msys64/home/bla/curl
+ and then curl complained about the port number ending with a letter.
+
+ Use the original POSIX path instead of the Windows path created in
+ checksystem to fix this.
+
+ Closes https://github.com/curl/curl/pull/2920
+
+Jay Satiro (29 Aug 2018)
+- CURLOPT_SSL_CTX_FUNCTION.3: clarify connection reuse warning
+
+ Reported-by: Daniel Stenberg
+
+ Closes https://github.com/curl/curl/issues/2916
+
+Daniel Stenberg (28 Aug 2018)
+- THANKS-filter: dedup Daniel Jeliński
+
+- RELEASE-NOTES: synced
+
+- CURLOPT_ACCEPT_ENCODING.3: list them comma-separated [ci skip]
+
+- CURLOPT_SSL_CTX_FUNCTION.3: might cause unintended connection reuse [ci skip]
+
+ Added a warning!
+
+ Closes #2915
+
+- curl: fix time-of-check, time-of-use race in dir creation
+
+ Patch-by: Jay Satiro
+ Detected by Coverity
+ Fixes #2739
+ Closes #2912
+
+- cmdline-opts/page-footer: fix edit mistake
+
+ There was a missing newline.
+
+ follow-up to a7ba60bb7250
+
+- docs: clarify NO_PROXY env variable functionality
+
+ Reported-by: Kirill Marchuk
+ Fixes #2773
+ Closes #2911
+
+Marcel Raad (24 Aug 2018)
+- lib1522: fix curl_easy_setopt argument type
+
+ CURLOPT_POSTFIELDSIZE is a long option.
+
+- curl_threads: silence bad-function-cast warning
+
+ As uintptr_t and HANDLE are always the same size, this warning is
+ harmless. Just silence it using an intermediate uintptr_t variable.
+
+ Closes https://github.com/curl/curl/pull/2908
+
+Daniel Stenberg (24 Aug 2018)
+- README: add appveyor build badge [ci skip]
+
+ Closes #2913
+
+- [Ihor Karpenko brought this change]
+
+ schannel: client certificate store opening fix
+
+ 1) Using CERT_STORE_OPEN_EXISTING_FLAG ( or CERT_STORE_READONLY_FLAG )
+ while opening certificate store would be sufficient in this scenario and
+ less-demanding in sense of required user credentials ( for example,
+ IIS_IUSRS will get "Access Denied" 0x05 error for existing CertOpenStore
+ call without any of flags mentioned above ),
+
+ 2) as 'cert_store_name' is a DWORD, attempt to format its value like a
+ string ( in "Failed to open cert store" error message ) will throw null
+ pointer exception
+
+ 3) adding GetLastError(), in my opinion, will make error message more
+ useful.
+
+ Bug: https://curl.haxx.se/mail/lib-2018-08/0198.html
+
+ Closes #2909
+
+- [Leonardo Taccari brought this change]
+
+ gopher: Do not translate `?' to `%09'
+
+ Since GOPHER support was added in curl `?' character was automatically
+ translated to `%09' (`\t').
+
+ However, this behaviour does not seems documented in RFC 4266 and for
+ search selectors it is documented to directly use `%09' in the URL.
+ Apart that several gopher servers in the current gopherspace have CGI
+ support where `?' is used as part of the selector and translating it to
+ `%09' often leads to surprising results.
+
+ Closes #2910
+
+Marcel Raad (23 Aug 2018)
+- cookie tests: treat files as text
+
+ Fixes test failures because of wrong line endings on Windows.
+
+Daniel Stenberg (23 Aug 2018)
+- libcurl-thread.3: expand somewhat on the NO_SIGNAL motivation
+
+ Multi-threaded applictions basically MUST set CURLOPT_NO_SIGNAL to 1L to
+ avoid the risk of getting a SIGPIPE.
+
+ Either way, a multi-threaded application that uses libcurl/openssl needs
+ to have a signhandler for or ignore SIGPIPE on its own.
+
+ Based on discussions in #2800
+ Closes #2904
+
+- RELEASE-NOTES: synced
+
+Marcel Raad (22 Aug 2018)
+- Tests: fixes for Windows
+
+ - test 1268 requires unix sockets
+ - test 2072 must be disabled also for MSYS/MinGW
+
+Daniel Stenberg (22 Aug 2018)
+- http2: abort the send_callback if not setup yet
+
+ When Curl_http2_done() gets called before the http2 data is setup all
+ the way, we cannot send anything and this should just return an error.
+
+ Detected by OSS-Fuzz
+ Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10012
+
+- http2: remove four unused nghttp2 callbacks
+
+ Closes #2903
+
+- x509asn1: use FALLTHROUGH
+
+ ... as no other comments are accepted since 014ed7c22f51463
+
+Marcel Raad (21 Aug 2018)
+- test1148: disable if decimal separator is not point
+
+ Modifying the locale with environment variables doesn't work for native
+ Windows applications. Just disable the test in this case if the decimal
+ separator is something different than a point. Use a precheck with a
+ small C program to achieve that.
+
+ Closes https://github.com/curl/curl/pull/2786
+
+- Enable more GCC warnings
+
+ This enables the following additional warnings:
+ -Wold-style-definition
+ -Warray-bounds=2 instead of the default 1
+ -Wformat=2, but only for GCC 4.8+ as Wno-format-nonliteral is not
+ respected for older versions
+ -Wunused-const-variable, which enables level 2 instead of the default 1
+ -Warray-bounds also in debug mode through -ftree-vrp
+ -Wnull-dereference also in debug mode through
+ -fdelete-null-pointer-checks
+
+ Closes https://github.com/curl/curl/pull/2747
+
+- curl-compilers: enable -Wimplicit-fallthrough=4 for GCC
+
+ This enables level 4 instead of the default level 3, which of the
+ currently used comments only allows /* FALLTHROUGH */ to silence the
+ warning.
+
+ Closes https://github.com/curl/curl/pull/2747
+
+- curl-compilers: enable -Wbad-function-cast on GCC
+
+ This warning used to be enabled only for clang as it's a bit stricter
+ on GCC. Silence the remaining occurrences and enable it on GCC too.
+
+ Closes https://github.com/curl/curl/pull/2747
+
+- configure: conditionally enable pedantic-errors
+
+ Enable pedantic-errors for GCC >= 5 with --enable-werror. Before GCC 5,
+ pedantic-errors was synonymous to -Werror=pedantic [0], which is still
+ the case for clang [1]. With GCC 5, it became complementary [2].
+
+ Also fix a resulting error in acinclude.m4 as main's return type was
+ missing, which is illegal in C99.
+
+ [0] https://gcc.gnu.org/onlinedocs/gcc-4.9.0/gcc/Warning-Options.html
+ [1] https://clang.llvm.org/docs/UsersManual.html#options-to-control-error-and-warning-messages
+ [2] https://gcc.gnu.org/onlinedocs/gcc-5.1.0/gcc/Warning-Options.html
+
+ Closes https://github.com/curl/curl/pull/2747
+
+- Remove unused definitions
+
+ Closes https://github.com/curl/curl/pull/2747
+
+Daniel Stenberg (21 Aug 2018)
+- x509asn1: make several functions static
+
+ and remove the private SIZE_T_MAX define and use the generic one.
+
+ Closes #2902
+
+- INTERNALS: require GnuTLS >= 2.11.3
+
+ Since the public pinning support was brought in e644866caf4. GnuTLS
+ 2.11.3 was released in October 2010.
+
+ Figured out in #2890
+
+- http2: avoid set_stream_user_data() before stream is assigned
+
+ ... before the stream is started, we have it set to -1.
+
+ Fixes #2894
+ Closes #2898
+
+- SSLCERTS: improve the openssl command line
+
+ ... for extracting certs from a live HTTPS server to make a cacerts.pem
+ from them.
+
+- docs/SECURITY-PROCESS: now we name the files after the CVE id
+
+- RELEASE-NOTES: synced
+
+- upload: change default UPLOAD_BUFSIZE to 64KB
+
+ To make uploads significantly faster in some circumstances.
+
+ Part 2 of #2888
+ Closes #2892
+
+- upload: allocate upload buffer on-demand
+
+ Saves 16KB on the easy handle for operations that don't need that
+ buffer.
+
+ Part 1 of #2888
+
+- [Laurent Bonnans brought this change]
+
+ vtls: reinstantiate engine on duplicated handles
+
+ Handles created with curl_easy_duphandle do not use the SSL engine set
+ up in the original handle. This fixes the issue by storing the engine
+ name in the internal url state and setting the engine from its name
+ inside curl_easy_duphandle.
+
+ Reported-by: Anton Gerasimov
+ Signed-of-by: Laurent Bonnans
+ Fixes #2829
+ Closes #2833
+
+- http2: make sure to send after RST_STREAM
+
+ If this is the last stream on this connection, the RST_STREAM might not
+ get pushed to the wire otherwise.
+
+ Fixes #2882
+ Closes #2887
+ Researched-by: Michael Kaufmann
+
+- test1268: check the stderr output as "text"
+
+ Follow-up to 099f37e9c57
+
+ Pointed-out-by: Marcel Raad
+
+- urldata: remove unused pipe_broke struct field
+
+ This struct field is never set TRUE in any existing code path. This
+ change removes the field completely.
+
+ Closes #2871
+
+- curl: warn the user if a given file name looks like an option
+
+ ... simply because this is usually a sign of the user having omitted the
+ file name and the next option is instead "eaten" by the parser as a file
+ name.
+
+ Add test1268 to verify
+
+ Closes #2885
+
+- http2: check nghttp2_session_set_stream_user_data return code
+
+ Might help bug #2688 debugging
+
+ Closes #2880
+
+- travis: revert back to gcc-7 for coverage builds
+
+ ... since the gcc-8 ones seem to fail frequently.
+
+ Follow-up from b85207199544ca
+
+ Closes #2886
+
+- RELEASE-NOTES: synced
+
+ ... and now listed in alphabetical order!
+
+- [Adrien brought this change]
+
+ CMake: CMake config files are defining CURL_STATICLIB for static builds
+
+ This change allows to use the CMake config files generated by Curl's
+ CMake scripts for static builds of the library.
+ The symbol CURL_STATIC lib must be defined to compile downstream,
+ thus the config package is the perfect place to do so.
+
+ Fixes #2817
+ Closes #2823
+ Reported-by: adnn on github
+ Reviewed-by: Sergei Nikulov
+
+- TODO: host name sections in config files
+
+Kamil Dudka (14 Aug 2018)
+- ssh-libssh: fix infinite connect loop on invalid private key
+
+ Added test 656 (based on test 604) to verify the fix.
+
+ Bug: https://bugzilla.redhat.com/1595135
+
+ Closes #2879
+
+- ssh-libssh: reduce excessive verbose output about pubkey auth
+
+ The verbose message "Authentication using SSH public key file" was
+ printed each time the ssh_userauth_publickey_auto() was called, which
+ meant each time a packet was transferred over network because the API
+ operates in non-blocking mode.
+
+ This patch makes sure that the verbose message is printed just once
+ (when the authentication state is entered by the SSH state machine).
+
+Daniel Stenberg (14 Aug 2018)
+- travis: disable h2 torture tests for "coverage"
+
+ Since they started to fail almost 100% since a few days.
+
+ Closes #2876
+
+Marcel Raad (14 Aug 2018)
+- travis: update to GCC 8
+
+ Closes https://github.com/curl/curl/pull/2869
+
+Daniel Stenberg (13 Aug 2018)
+- http: fix for tiny "HTTP/0.9" response
+
+ Deal with tiny "HTTP/0.9" (header-less) responses by checking the
+ status-line early, even before a full "HTTP/" is received to allow
+ detecting 0.9 properly.
+
+ Test 1266 and 1267 added to verify.
+
+ Fixes #2420
+ Closes #2872
+
+Kamil Dudka (13 Aug 2018)
+- docs: add disallow-username-in-url.d and haproxy-protocol.d on the list
+
+ ... to make make the files appear in distribution tarballs
+
+ Closes #2856
+
+- .travis.yml: verify that man pages can be regenerated
+
+ ... when curl is built from distribution tarball
+
+ Closes #2856
+
+Marcel Raad (11 Aug 2018)
+- Split non-portable part off test 1133
+
+ Split off testing file names with double quotes into new test 1158.
+ Disable it for MSYS using a precheck as it doesn't support file names
+ with double quotes (but Cygwin does, for example).
+
+ Fixes https://github.com/curl/curl/issues/2796
+ Closes https://github.com/curl/curl/pull/2854
+
+Jay Satiro (11 Aug 2018)
+- projects: Improve Windows perl detection in batch scripts
+
+ - Determine if perl is in the user's PATH by running perl.exe.
+
+ Prior to this change detection was done by checking the PATH for perl/
+ but that did not work in all cases (eg git install includes perl but
+ not in perl/ path).
+
+ Bug: https://github.com/curl/curl/pull/2865
+ Reported-by: Daniel Jeliński
+
+- [Michael Kaufmann brought this change]
+
+ docs: Improve the manual pages of some callbacks
+
+ - CURLOPT_HEADERFUNCTION: add newlines
+ - CURLOPT_INTERLEAVEFUNCTION: fix the description of 'userdata'
+ - CURLOPT_READDATA: mention crashes, same as in CURLOPT_WRITEDATA
+ - CURLOPT_READFUNCTION: rename 'instream' to 'userdata' and explain
+ how to set it
+
+ Closes https://github.com/curl/curl/pull/2868
+
+Marcel Raad (11 Aug 2018)
+- GCC: silence -Wcast-function-type uniformly
+
+ Pointed-out-by: Rikard Falkeborn
+ Closes https://github.com/curl/curl/pull/2860
+
+- Silence GCC 8 cast-function-type warnings
+
+ On Windows, casting between unrelated function types is fine and
+ sometimes even necessary, so just use an intermediate cast to
+ (void (*) (void)) to silence the warning as described in [0].
+
+ [0] https://gcc.gnu.org/onlinedocs/gcc-8.1.0/gcc/Warning-Options.html
+
+ Closes https://github.com/curl/curl/pull/2860
+
+Daniel Stenberg (11 Aug 2018)
+- CURLINFO_SIZE_UPLOAD: fix missing counter update
+
+ Adds test 1522 for verification.
+
+ Reported-by: cjmsoregan
+ Fixes #2847
+ Closes #2864
+
+- [Daniel Jelinski brought this change]
+
+ Documentation: fix CURLOPT_SSH_COMPRESSION copy/paste bug
+
+ Closes #2867
+
+- RELEASE-NOTES: synced
+
+- openssl: fix potential NULL pointer deref in is_pkcs11_uri
+
+ Follow-up to 298d2565e
+ Coverity CID 1438387
+
+Marcel Raad (10 Aug 2018)
+- travis: execute "set -eo pipefail" for coverage build
+
+ Follow-up to 2de63ab179eb78630ee039ad94fb2a5423df522d and
+ 0b87c963252d3504552ee0c8cf4402bd65a80af5.
+
+ Closes https://github.com/curl/curl/pull/2862
+
+Daniel Stenberg (10 Aug 2018)
+- lib1502: fix memory leak in torture test
+
+ Reported-by: Marcel Raad
+ Fixes #2861
+ Closes #2863
+
+- docs: mention NULL is fine input to several functions
+
+ Fixes #2837
+ Closes #2858
+ Reported-by: Markus Elfring
+
+- [Bas van Schaik brought this change]
+
+ README.md: add LGTM.com code quality grade for C/C++
+
+ Closes #2857
+
+- [Rikard Falkeborn brought this change]
+
+ test1531: Add timeout
+
+ Previously, the macro TEST_HANG_TIMEOUT was unused, but since there is
+ looping going on, we might as well add timing instead of removing it.
+
+ Closes #2853
+
+- [Rikard Falkeborn brought this change]
+
+ test1540: Remove unused macro TEST_HANG_TIMEOUT
+
+ The macro has never been used, and it there is not really any place
+ where it would make sense to add timing checks.
+
+ Closes #2852
+
+- [Rikard Falkeborn brought this change]
+
+ asyn-thread: Remove unused macro
+
+ The macro seems to never have been used.
+
+ Closes #2852
+
+- [Rikard Falkeborn brought this change]
+
+ http_proxy: Remove unused macro SELECT_TIMEOUT
+
+ Usage was removed in 5113ad0424044458ac497fa1458ebe0101356b22.
+
+ Closes #2852
+
+- [Rikard Falkeborn brought this change]
+
+ formdata: Remove unused macro HTTPPOST_CONTENTTYPE_DEFAULT
+
+ Its usage was removed in
+ 84ad1fd3047815f9c6e78728bb351b828eac10b1.
+
+ Closes #2852
+
+- [Rikard Falkeborn brought this change]
+
+ telnet: Remove unused macros TELOPTS and TELCMDS
+
+ Their usage was removed in 3a145180cc754a5959ca971ef3cd243c5c83fc51.
+
+ Closes #2852
+
+- [Daniel Jelinski brought this change]
+
+ openssl: fix debug messages
+
+ Fixes #2806
+ Closes #2843
+
+- configure: fix for -lpthread detection with OpenSSL and pkg-config
+
+ ... by making sure it uses the -I provided by pkg-config!
+
+ Reported-by: pszemus on github
+ Fixes #2848
+ Closes #2850
+
+- RELEASE-NOTES: synced
+
+- windows: follow up to the buffer-tuning 1ba1dba7
+
+ Somehow I didn't include the amended version of the previous fix. This
+ is the missing piece.
+
+ Pointed-out-by: Viktor Szakats
+
+- [Daniel Jelinski brought this change]
+
+ windows: implement send buffer tuning
+
+ Significantly enhances upload performance on modern Windows versions.
+
+ Bug: https://curl.haxx.se/mail/lib-2018-07/0080.html
+ Closes #2762
+ Fixes #2224
+
+- [Anderson Toshiyuki Sasaki brought this change]
+
+ ssl: set engine implicitly when a PKCS#11 URI is provided
+
+ This allows the use of PKCS#11 URI for certificates and keys without
+ setting the corresponding type as "ENG" and the engine as "pkcs11"
+ explicitly. If a PKCS#11 URI is provided for certificate, key,
+ proxy_certificate or proxy_key, the corresponding type is set as "ENG"
+ if not provided and the engine is set to "pkcs11" if not provided.
+
+ Acked-by: Nikos Mavrogiannopoulos
+ Closes #2333
+
+- [Ruslan Baratov brought this change]
+
+ CMake: Respect BUILD_SHARED_LIBS
+
+ Use standard CMake variable BUILD_SHARED_LIBS instead of introducing
+ custom option CURL_STATICLIB.
+
+ Use '-DBUILD_SHARED_LIBS=%SHARED%' in appveyor.yml.
+
+ Reviewed-by: Sergei Nikulov
+ Closes #2755
+
+- [John Butterfield brought this change]
+
+ cmake: bumped minimum version to 3.4
+
+ Closes #2753
+
+- [John Butterfield brought this change]
+
+ cmake: link curl to the OpenSSL targets instead of lib absolute paths
+
+ Reviewed-by: Jakub Zakrzewski
+ Reviewed-by: Sergei Nikulov
+ Closes #2753
+
+- travis: build darwinssl on macos 10.12
+
+ ... as building on 10.13.x before 10.13.4 leads to link errors.
+
+ Assisted-by: Nick Zitzmann
+ Fixes #2835
+ Closes #2845
+
+- DEPRECATE: remove release date from 7.62.0
+
+ Since it will slip and the version is the important part there, not the
+ date.
+
+- lib/Makefile: only do symbol hiding if told to
+
+ This restores the ability to build a static lib with
+ --disable-symbol-hiding to keep non-curl_ symbols.
+
+ Researched-by: Dan Fandrich
+ Reported-by: Ran Mozes
+ Fixes #2830
+ Closes #2831
+
+Marcel Raad (2 Aug 2018)
+- hostip: fix unused variable warning
+
+ addresses is only used in an infof call, which is a macro expanding to
+ nothing if CURL_DISABLE_VERBOSE_STRINGS is set.
+
+Daniel Stenberg (2 Aug 2018)
+- test1307: disabled
+
+ Turns out that since we're using the native fnmatch function now when
+ available, and they simply disagree on a huge number of test patterns
+ that make it hard to test this function like this...
+
+ Fixes #2825
+
+- smb: don't mark it done in smb_do
+
+ Follow-up to 09e401e01bf9. The SMB protocol handler needs to use its
+ doing function too, which requires smb_do() to not mark itself as
+ done...
+
+ Closes #2822
+
+- [Rikard Falkeborn brought this change]
+
+ general: fix printf specifiers
+
+ Closes #2818
+
+- RELEASE-NOTES: synced
+
+- mailmap: Daniel Jelinski
+
+- [Harry Sintonen brought this change]
+
+ HTTP: Don't attempt to needlessly decompress redirect body
+
+ This change fixes a regression where redirect body would needlessly be
+ decompressed even though it was to be ignored anyway. As it happens this
+ causes secondary issues since there appears to be a bug in apache2 that
+ it in certain conditions generates a corrupt zlib response. The
+ regression was created by commit:
+ dbcced8e32b50c068ac297106f0502ee200a1ebd
+
+ Discovered-by: Harry Sintonen
+ Closes #2798
+
+- curl: use Content-Disposition before the "URL end" for -OJ
+
+ Regression introduced in 7.61.0
+
+ Reported-by: Thomas Klausner
+ Fixes #2783
+ Closes #2813
+
+- [Daniel Jelinski brought this change]
+
+ retry: return error if rewind was necessary but didn't happen
+
+ Fixes #2801
+ Closes #2812
+
+- http2: clear the drain counter in Curl_http2_done
+
+ Reported-by: Andrei Virtosu
+ Fixes #2800
+ Closes #2809
+
+- smb: fix memory leak on early failure
+
+ ... by making sure connection related data (->share) is stored in the
+ connection and not in the easy handle.
+
+ Detected by OSS-fuzz
+ Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9369
+ Fixes #2769
+ Closes #2810
+
+- travis: run a 'make checksrc' too
+
+ ... to make sure the examples are all checked.
+
+ Closes #2811
+
+Jay Satiro (29 Jul 2018)
+- examples/ephiperfifo: checksrc compliance
+
+- [Michael Kaufmann brought this change]
+
+ sws: handle EINTR when calling select()
+
+ Closes https://github.com/curl/curl/pull/2808
+
+Daniel Stenberg (29 Jul 2018)
+- test1157: follow-up to 35ecffb9
+
+ Ignore the user-agent line.
+ Pointed-out-by: Marcel Raad
+
+Michael Kaufmann (29 Jul 2018)
+- tests/http_pipe.py: Use /usr/bin/env to find python
+
+Daniel Stenberg (28 Jul 2018)
+- TODO: Support Authority Information Access certificate extension (AIA)
+
+ Closes #2793
+
+- conn_free: updated comment to clarify
+
+ Let's call it disassociate instead of disconnect since the latter term
+ is used so much for (TCP) connections already.
+
+- test1157: test -H from empty file
+
+ Verifies bugfix #2797
+
+- [Tobias Blomberg brought this change]
+
+ curl: Fix segfault when -H @headerfile is empty
+
+ The curl binary would crash if the -H command line option was given a
+ filename to read using the @filename syntax but that file was empty.
+
+ Closes #2797
+
+- mime: check Curl_rand_hex's return code
+
+ Bug: https://curl.haxx.se/mail/archive-2018-07/0015.html
+ Reported-by: Jeffrey Walton
+ Closes #2795
+
+- [Josh Bialkowski brought this change]
+
+ docs/examples: add hiperfifo example using linux epoll/timerfd
+
+ Closes #2804
+
+- [Darío Hereñú brought this change]
+
+ docs/INSTALL.md: minor formatting fixes
+
+ Closes #2794
+
+- [Christopher Head brought this change]
+
+ docs/CURLOPT_URL: fix indentation
+
+ The statement, “The application does not have to keep the string around
+ after setting this option,” appears to be indented under the RTMP
+ paragraph. It actually applies to all protocols, not just RTMP.
+ Eliminate the extra indentation.
+
+ Closes #2788
+
+- [Christopher Head brought this change]
+
+ docs/CURLOPT_WRITEFUNCTION: size is always 1
+
+ For compatibility with `fwrite`, the `CURLOPT_WRITEFUNCTION` callback is
+ passed two `size_t` parameters which, when multiplied, designate the
+ number of bytes of data passed in. In practice, CURL always sets the
+ first parameter (`size`) to 1.
+
+ This practice is also enshrined in documentation and cannot be changed
+ in future. The documentation states that the default callback is
+ `fwrite`, which means `fwrite` must be a suitable function for this
+ purpose. However, the documentation also states that the callback must
+ return the number of *bytes* it successfully handled, whereas ISO C
+ `fwrite` returns the number of items (each of size `size`) which it
+ wrote. The only way these numbers can be equal is if `size` is 1.
+
+ Since `size` is 1 and can never be changed in future anyway, document
+ that fact explicitly and let users rely on it.
+
+ Closes #2787
+
+- [Carie Pointer brought this change]
+
+ wolfSSL/CyaSSL: Fix memory leak in Curl_cyassl_random
+
+ RNG structure must be freed by call to FreeRng after its use in
+ Curl_cyassl_random. This call fixes Valgrind failures when running the
+ test suite with wolfSSL.
+
+ Closes #2784
+
+- [Even Rouault brought this change]
+
+ reuse_conn(): free old_conn->options
+
+ This fixes a memory leak when CURLOPT_LOGIN_OPTIONS is used, together with
+ connection reuse.
+
+ I found this with oss-fuzz on GDAL and curl master:
+ https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9582
+ I couldn't reproduce with the oss-fuzz original test case, but looking
+ at curl source code pointed to this well reproducable leak.
+
+ Closes #2790
+
+Marcel Raad (25 Jul 2018)
+- [Daniel Jelinski brought this change]
+
+ system_win32: fix version checking
+
+ In the current version, VERSION_GREATER_THAN_EQUAL 6.3 will return false
+ when run on windows 10.0. This patch addresses that error.
+
+ Closes https://github.com/curl/curl/pull/2792
+
+Daniel Stenberg (24 Jul 2018)
+- [Johannes Schindelin brought this change]
+
+ auth: pick Bearer authentication whenever a token is available
+
+ So far, the code tries to pick an authentication method only if
+ user/password credentials are available, which is not the case for
+ Bearer authentictation...
+
+ Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
+ Closes #2754
+
+- [Johannes Schindelin brought this change]
+
+ auth: only ever pick CURLAUTH_BEARER if we *have* a Bearer token
+
+ The Bearer authentication was added to cURL 7.61.0, but there is a
+ problem: if CURLAUTH_ANY is selected, and the server supports multiple
+ authentication methods including the Bearer method, we strongly prefer
+ that latter method (only CURLAUTH_NEGOTIATE beats it), and if the Bearer
+ authentication fails, we will never even try to attempt any other
+ method.
+
+ This is particularly unfortunate when we already know that we do not
+ have any Bearer token to work with.
+
+ Such a scenario happens e.g. when using Git to push to Visual Studio
+ Team Services (which supports Basic and Bearer authentication among
+ other methods) and specifying the Personal Access Token directly in the
+ URL (this aproach is frequently taken by automated builds).
+
+ Let's make sure that we have a Bearer token to work with before we
+ select the Bearer authentication among the available authentication
+ methods.
+
+ Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
+ Closes #2754
+
+Marcel Raad (22 Jul 2018)
+- test320: treat curl320.out file as binary
+
+ Otherwise, LF line endings are converted to CRLF on Windows,
+ but no conversion is done for the reply, so the test case fails.
+
+ Closes https://github.com/curl/curl/pull/2776
+
+Daniel Stenberg (22 Jul 2018)
+- vtls: set conn->data when closing TLS
+
+ Follow-up to 1b76c38904f0. The VTLS backends that close down the TLS
+ layer for a connection still needs a Curl_easy handle for the session_id
+ cache etc.
+
+ Fixes #2764
+ Closes #2771
+
+Marcel Raad (21 Jul 2018)
+- tests: fixes for Windows line endlings
+
+ Set mode="text" when line endings depend on the system representation.
+
+ Closes https://github.com/curl/curl/pull/2772
+
+- test214: disable MSYS2's POSIX path conversion for URL
+
+ By default, the MSYS2 bash converts all backslashes to forward slashes
+ in URLs. Disable this with MSYS2_ARG_CONV_EXCL for the test to pass.
+
+ Ref https://github.com/msys2/msys2/wiki/Porting#filesystem-namespaces
+
+Daniel Stenberg (20 Jul 2018)
+- http2: several cleanups
+
+ - separate easy handle from connections better
+ - added asserts on a number of places
+ - added sanity check of pipelines for debug builds
+
+ Closes #2751
+
+- smb_getsock: always wait for write socket too
+
+ ... the protocol is doing read/write a lot, so it needs to write often
+ even when downloading. A more proper fix could check for eactly when it
+ wants to write and only ask for it then.
+
+ Without this fix, an SMB download could easily get stuck when the event-driven
+ API was used.
+
+ Closes #2768
+
+Marcel Raad (20 Jul 2018)
+- test1143: disable MSYS2's POSIX path conversion
+
+ By default, the MSYS2 bash interprets http:/%HOSTIP:%HTTPPORT/want/1143
+ as a POSIX file list and converts it to a Windows file list.
+ Disable this with MSYS2_ARG_CONV_EXCL for the test to pass.
+
+ Ref https://github.com/msys2/msys2/wiki/Porting#filesystem-namespaces
+ Closes https://github.com/curl/curl/pull/2765
+
+Daniel Stenberg (18 Jul 2018)
+- RELEASE-NOTES: sync
+
+ ... and work toward 7.61.1
+
+- [Ruslan Baratov brought this change]
+
+ CMake: Update scripts to use consistent style
+
+ Closes #2727
+ Reviewed-by: Sergei Nikulov
+
+- header output: switch off all styles, not just unbold
+
+ ... the "unbold" sequence doesn't work on the mac Terminal.
+
+ Reported-by: Zero King
+ Fixes #2736
+ Closes #2738
+
+Nick Zitzmann (14 Jul 2018)
+- [Rodger Combs brought this change]
+
+ darwinssl: add support for ALPN negotiation
+
+Marcel Raad (14 Jul 2018)
+- test1422: add required file feature
+
+ curl configured with --enable-debug --disable-file currently complains
+ on test1422:
+ Info: Protocol "file" not supported or disabled in libcurl
+
+ Make test1422 dependend on enabled FILE protocol to fix this.
+
+ Fixes https://github.com/curl/curl/issues/2741
+ Closes https://github.com/curl/curl/pull/2742
+
+Patrick Monnerat (12 Jul 2018)
+- content_encoding: accept up to 4 unknown trailer bytes after raw deflate data
+
+ Some servers issue raw deflate data that may be followed by an undocumented
+ trailer. This commit makes curl tolerate such a trailer of up to 4 bytes
+ before considering the data is in error.
+
+ Reported-by: clbr on github
+ Fixes #2719
+
+Daniel Stenberg (12 Jul 2018)
+- smb: fix memory-leak in URL parse error path
+
+ Detected by OSS-Fuzz
+ Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9369
+ Closes #2740
+
+Marcel Raad (12 Jul 2018)
+- schannel: enable CALG_TLS1PRF for w32api >= 5.1
+
+ The definition of CALG_TLS1PRF has been fixed in the 5.1 branch:
+ https://osdn.net/projects/mingw/scm/git/mingw-org-wsl/commits/73aedcc0f2e6ba370de0d86ab878ad76a0dda7b5
+
+Daniel Stenberg (12 Jul 2018)
+- docs/SECURITY-PROCESS: mention bounty, drop pre-notify
+
+ + The hackerone bounty and its process
+
+ - We don't and can't handle pre-notification
+
+- multi: always do the COMPLETED procedure/state
+
+ It was previously erroneously skipped in some situations.
+
+ libtest/libntlmconnect.c wrongly depended on wrong behavior (that it
+ would get a zero timeout) when no handles are "running" in a multi
+ handle. That behavior is no longer present with this fix. Now libcurl
+ will always return a -1 timeout when all handles are completed.
+
+ Closes #2733
+
+- Curl_getoff_all_pipelines: improved for multiplexed
+
+ On multiplexed connections, transfers can be removed from anywhere not
+ just at the head as for pipelines.
+
+- ares: check for NULL in completed-callback
+
+- conn: remove the boolean 'inuse' field
+
+ ... as the usage needs to be counted.
+
+- [Paul Howarth brought this change]
+
+ openssl: assume engine support in 1.0.0 or later
+
+ Commit 38203f1585da changed engine detection to be version-based,
+ with a baseline of openssl 1.0.1. This does in fact break builds
+ with openssl 1.0.0, which has engine support - the configure script
+ detects that ENGINE_cleanup() is available - but <openssl/engine.h>
+ doesn't get included to declare it.
+
+ According to upstream documentation, engine support was added to
+ mainstream openssl builds as of version 0.9.7:
+ https://github.com/openssl/openssl/blob/master/README.ENGINE
+
+ This commit drops the version test down to 1.0.0 as version 1.0.0d
+ is the oldest version I have to test with.
+
+ Closes #2732
+
+Marcel Raad (11 Jul 2018)
+- schannel: fix MinGW compile break
+
+ Original MinGW's w32api has a sytax error in its definition of
+ CALG_TLS1PRF [0]. Don't use original MinGW w32api's CALG_TLS1PRF
+ until this bug [1] is fixed.
+
+ [0] https://osdn.net/projects/mingw/scm/git/mingw-org-wsl/blobs/d1d4a17e51a2b78e252ef0147d483267d56c90cc/w32api/include/wincrypt.h
+ [1] https://osdn.net/projects/mingw/ticket/38391
+
+ Fixes https://github.com/curl/curl/pull/2721#issuecomment-403636043
+ Closes https://github.com/curl/curl/pull/2728
+
+Daniel Stenberg (11 Jul 2018)
+- examples/crawler.c: move #ifdef to column 0
+
+ Apparently the C => HTML converter on the web site doesn't quite like it
+ otherwise.
+
+ Reported-by: Jeroen Ooms
+
+Version 7.61.0 (11 Jul 2018)
+
+Daniel Stenberg (11 Jul 2018)
+- release: 7.61.0
+
+- TODO: Configurable loading of OpenSSL configuration file
+
+ Closes #2724
+
+- post303.d: clarify that this is an RFC violation
+
+ ... and not the other way around, which this previously said.
+
+ Reported-by: Vasiliy Faronov
+ Fixes #2723
+ Closes #2726
+
+- [Ruslan Baratov brought this change]
+
+ CMake: remove redundant and old end-of-block syntax
+
+ Reviewed-by: Jakub Zakrzewski
+ Closes #2715
+
+Jay Satiro (9 Jul 2018)
+- lib/curl_setup.h: remove unicode character
+
+ Follow-up to 82ce416.
+
+ Ref: https://github.com/curl/curl/commit/8272ec5#commitcomment-29646818
+
+Daniel Stenberg (9 Jul 2018)
+- lib/curl_setup.h: remove unicode bom from 8272ec50f02
+
+Marcel Raad (9 Jul 2018)
+- schannel: fix -Wsign-compare warning
+
+ MinGW warns:
+ /lib/vtls/schannel.c:219:64: warning: signed and unsigned type in
+ conditional expression [-Wsign-compare]
+
+ Fix this by casting the ptrdiff_t to size_t as we know it's positive.
+
+ Closes https://github.com/curl/curl/pull/2721
+
+- schannel: workaround for wrong function signature in w32api
+
+ Original MinGW's w32api has CryptHashData's second parameter as BYTE *
+ instead of const BYTE *.
+
+ Closes https://github.com/curl/curl/pull/2721
+
+- schannel: make more cipher options conditional
+
+ They are not defined in the original MinGW's <wincrypt.h>.
+
+ Closes https://github.com/curl/curl/pull/2721
+
+- curl_setup: include <winerror.h> before <windows.h>
+
+ Otherwise, only part of it gets pulled in through <windows.h> on
+ original MinGW.
+
+ Fixes https://github.com/curl/curl/issues/2361
+ Closes https://github.com/curl/curl/pull/2721
+
+- examples: fix -Wformat warnings
+
+ When size_t is not a typedef for unsigned long (as usually the case on
+ Windows), GCC emits -Wformat warnings when using lu and lx format
+ specifiers with size_t. Silence them with explicit casts to
+ unsigned long.
+
+ Closes https://github.com/curl/curl/pull/2721
+
+Daniel Stenberg (9 Jul 2018)
+- smtp: use the upload buffer size for scratch buffer malloc
+
+ ... not the read buffer size, as that can be set smaller and thus cause
+ a buffer overflow! CVE-2018-0500
+
+ Reported-by: Peter Wu
+ Bug: https://curl.haxx.se/docs/adv_2018-70a2.html
+
+- [Dave Reisner brought this change]
+
+ scripts: include _curl as part of CLEANFILES
+
+ Closes #2718
+
+- [Nick Zitzmann brought this change]
+
+ darwinssl: allow High Sierra users to build the code using GCC
+
+ ...but GCC users lose out on TLS 1.3 support, since we can't weak-link
+ enumeration constants.
+
+ Fixes #2656
+ Closes #2703
+
+- [Ruslan Baratov brought this change]
+
+ CMake: Remove unused 'output_var' from 'collect_true'
+
+ Variable 'output_var' is not used and can be removed.
+ Function 'collect_true' renamed to 'count_true'.
+
+- [Ruslan Baratov brought this change]
+
+ CMake: Remove unused functions
+
+ Closes #2711
+
+- KNOWN_BUGS: Stick to same family over SOCKS proxy
+
+- libssh: goto DISCONNECT state on error, not SSH_SESSION_FREE
+
+ ... because otherwise not everything get closed down correctly.
+
+ Fixes #2708
+ Closes #2712
+
+- libssh: include line number in state change debug messages
+
+ Closes #2713
+
+- KNOWN_BUGS: Borland support is dropped, AIX problem is too old
+
+- [Jeroen Ooms brought this change]
+
+ example/crawler.c: simple crawler based on libxml2
+
+ Closes #2706
+
+- RELEASE-NOTES: synced
+
+- DEPRECATE: include year when specifying date
+
+- DEPRECATE: linkified
+
+- DEPRECATE: mention the PR that disabled axTLS
+
+- docs/DEPRECATE.md: spelling and minor formatting
+
+- DEPRECATE: new doc describing planned item removals
+
+ Closes #2704
+
+- [Gisle Vanem brought this change]
+
+ telnet: fix clang warnings
+
+ telnet.c(1401,28): warning: cast from function call of type 'int' to
+ non-matching type 'HANDLE' (aka 'void *') [-Wbad-function-cast]
+
+ Fixes #2696
+ Closes #2700
+
+- docs: fix missed option name markups
+
+- [Gaurav Malhotra brought this change]
+
+ openssl: Remove some dead code
+
+ Closes #2698
+
+- openssl: make the requested TLS version the *minimum* wanted
+
+ The code treated the set version as the *exact* version to require in
+ the TLS handshake, which is not what other TLS backends do and probably
+ not what most people expect either.
+
+ Reported-by: Andreas Olsson
+ Assisted-by: Gaurav Malhotra
+ Fixes #2691
+ Closes #2694
+
+- RELEASE-NOTES: synced
+
+- openssl: allow TLS 1.3 by default
+
+ Reported-by: Andreas Olsson
+ Fixes #2692
+ Closes #2693
+
+- [Adrian Peniak brought this change]
+
+ CURLINFO_TLS_SSL_PTR.3: improve the example
+
+ The previous example was a little bit confusing, because SSL* structure
+ (or other "in use" SSL connection pointer) is not accessible after the
+ transfer is completed, therefore working with the raw TLS library
+ specific pointer needs to be done during transfer.
+
+ Closes #2690
+
+- travis: add a build using the synchronous name resolver
+
+ ... since default uses the threaded one and we test the c-ares build
+ already.
+
+ Closes #2689
+
+- configure: remove CURL_CHECK_NI_WITHSCOPEID too
+
+ Since it isn't used either and requires the getnameinfo check
+
+ Follow-up to 0aeca41702d2
+
+- getnameinfo: not used
+
+ Closes #2687
+
+- easy_perform: use *multi_timeout() to get wait times
+
+ ... and trim the threaded Curl_resolver_getsock() to return zero
+ millisecond wait times during the first three milliseconds so that
+ localhost or names in the OS resolver cache gets detected and used
+ faster.
+
+ Closes #2685
+
+Max Dymond (27 Jun 2018)
+- configure: Add dependent libraries after crypto
+
+ The linker is pretty dumb and processes things left to right, keeping a
+ tally of symbols it hasn't resolved yet. So, we need -ldl to appear
+ after -lcrypto otherwise the linker won't find the dl functions.
+
+ Closes #2684
+
+Daniel Stenberg (27 Jun 2018)
+- GOVERNANCE: linkify, changed some titles
+
+- GOVERNANCE: add maintainer details/duties
+
+- url: check Curl_conncache_add_conn return code
+
+ ... it was previously unchecked in two places and thus errors could
+ remain undetected and cause trouble.
+
+ Closes #2681
+
+- include/README: remove "hacking" advice, not the right place
+
+- RELEASE-NOTES: synced
+
+- CURLOPT_SSL_VERIFYPEER.3: fix syntax mistake
+
+ Follow-up to b6a16afa0aa5
+
+- netrc: use a larger buffer
+
+ ... to work with longer passwords etc. Grow it from a 256 to a 4096
+ bytes buffer.
+
+ Reported-by: Dario Nieuwenhuis
+ Fixes #2676
+ Closes #2680
+
+- [Patrick Schlangen brought this change]
+
+ CURLOPT_SSL_VERIFYPEER.3: Add performance note
+
+ Closes #2673
+
+- [Javier Blazquez brought this change]
+
+ multi: fix crash due to dangling entry in connect-pending list
+
+ Fixes #2677
+ Closes #2679
+
+- ConnectionExists: make sure conn->data is set when "taking" a connection
+
+ Follow-up to 2c15693.
+
+ Bug #2674
+ Closes #2675
+
+- [Kevin R. Bulgrien brought this change]
+
+ system.h: fix for gcc on 32 bit OpenServer
+
+ Bug: https://curl.haxx.se/mail/lib-2018-06/0100.html
+
+- [Raphael Gozzo brought this change]
+
+ cmake: allow multiple SSL backends
+
+ This will make possible to select the SSL backend (using
+ curl_global_sslset()) even when the libcurl is built using CMake
+
+ Closes #2665
+
+- url: fix dangling conn->data pointer
+
+ By masking sure to use the *current* easy handle with extracted
+ connections from the cache, and make sure to NULLify the ->data pointer
+ when the connection is put into the cache to make this mistake easier to
+ detect in the future.
+
+ Reported-by: Will Dietz
+ Fixes #2669
+ Closes #2672
+
+- CURLOPT_INTERFACE.3: interface names not supported on Windows
+
+- travis: run more tests for coverage check
+
+ ... run a few more tortured based and run all tests event-based.
+
+ Closes #2664
+
+- multi: fix memory leak when stopped during name resolve
+
+ When the application just started the transfer and then stops it while
+ the name resolve in the background thread hasn't completed, we need to
+ wait for the resolve to complete and then cleanup data accordingly.
+
+ Enabled test 1553 again and added test 1590 to also check when the host
+ name resolves successfully.
+
+ Detected by OSS-fuzz.
+ Closes #1968
+
+Viktor Szakats (15 Jun 2018)
+- maketgz: delete .bak files, fix indentation
+
+ Ref: https://github.com/curl/curl/pull/2660
+
+ Closes https://github.com/curl/curl/pull/2662
+
+Daniel Stenberg (15 Jun 2018)
+- runtests.pl: remove debug leftover from bb9a340c73f3
+
+- curl-confopts.m4: fix typo from ed224f23d5beb
+
+ Fixes my local configure to detect a custom installed c-ares without
+ pkgconfig.
+
+- docs/RELEASE-PROCEDURE.md: renamed to use .md extension
+
+ Closes #2663
+
+- RELEASE-PROCEDURE: gpg sign the tags
+
+- RELEASE-NOTES: synced
+
+- CURLOPT_HTTPAUTH.3: CURLAUTH_BEARER was added in 7.61.0
+
+- [Mamta Upadhyay brought this change]
+
+ maketgz: fix sed issues on OSX
+
+ maketgz creates release tarballs and removes the -DEV string in curl
+ version (e.g. 7.58.0-DEV), else -DEV shows up on command line when curl
+ is run. maketgz works fine on linux but fails on OSX. Problem is with
+ the sed commands that use option -i without an extension. Maketgz
+ expects GNU sed instead of BSD and this simply won't work on OSX. Adding
+ a backup extension .bak after -i fixes this issue
+
+ Running the script as if on OSX gives this error:
+
+ sed: -e: No such file or directory
+
+ Adding a .bak extension resolves it
+
+ Closes #2660
+
+- configure: enhance ability to detect/build with static openssl
+
+ Fix the -ldl and -ldl + -lpthread checks for OpenSSL, necessary for
+ building with static libs without pkg-config.
+
+ Reported-by: Marcel Raad
+ Fixes #2199
+ Closes #2659
+
+- configure: use pkg-config for c-ares detection
+
+ First check if there's c-ares information given as pkg-config info and use
+ that as first preference.
+
+ Reported-by: pszemus on github
+ Fixes #2203
+ Closes #2658
+
+- GOVERNANCE.md: explains how this project is run
+
+ Closes #2657
+
+- KNOWN_BUGS: NTLM doen't support password with § character
+
+ Closes #2120
+
+- KNOWN_BUGS: slow connect to localhost on Windows
+
+ Closes #2281
+
+- [Matteo Bignotti brought this change]
+
+ mk-ca-bundle.pl: make -u delete certdata.txt if found not changed
+
+ certdata.txt should be deleted also when the process is interrupted by
+ "same certificate downloaded, exiting"
+
+ The certdata.txt is currently kept on disk even if you give the -u
+ option
+
+ Closes #2655
+
+- progress: remove a set of unused defines
+
+ Reported-by: Peter Wu
+ Closes #2654
+
+- TODO: "Option to refuse usernames in URLs" done
+
+ Implemented by Björn in 946ce5b61f
+
+- [Lyman Epp brought this change]
+
+ Curl_init_do: handle NULL connection pointer passed in
+
+ Closes #2653
+
+- runtests: support variables in <strippart>
+
+ ... and make use of that to make 1455 work better without using a fixed
+ local port number.
+
+ Fixes #2649
+ Closes #2650
+
+- Curl_debug: remove dead printhost code
+
+ The struct field is never set (since 5e0d9aea3) so remove the use of it
+ and remove the connectdata pointer from the prototype.
+
+ Reported-by: Tejas
+ Bug: https://curl.haxx.se/mail/lib-2018-06/0054.html
+ Closes #2647
+
+Viktor Szakats (12 Jun 2018)
+- schannel: avoid incompatible pointer warning
+
+ with clang-6.0:
+ ```
+ vtls/schannel_verify.c: In function 'add_certs_to_store':
+ vtls/schannel_verify.c:212:30: warning: passing argument 11 of 'CryptQueryObject' from incompatible pointer type [-Wincompatible-pointer-types]
+ &cert_context)) {
+ ^
+ In file included from /usr/share/mingw-w64/include/schannel.h:10:0,
+ from /usr/share/mingw-w64/include/schnlsp.h:9,
+ from vtls/schannel.h:29,
+ from vtls/schannel_verify.c:40:
+ /usr/share/mingw-w64/include/wincrypt.h:4437:26: note: expected 'const void **' but argument is of type 'CERT_CONTEXT ** {aka struct _CERT_CONTEXT **}'
+ WINIMPM WINBOOL WINAPI CryptQueryObject (DWORD dwObjectType, const void *pvObject, DWORD dwExpectedContentTypeFlags, DWORD dwExpectedFormatTypeFlags, DWORD dwFlags,
+ ^~~~~~~~~~~~~~~~
+ ```
+ Ref: https://msdn.microsoft.com/library/windows/desktop/aa380264
+
+ Closes https://github.com/curl/curl/pull/2648
+
+Daniel Stenberg (12 Jun 2018)
+- [Robert Prag brought this change]
+
+ schannel: support selecting ciphers
+
+ Given the contstraints of SChannel, I'm exposing these as the algorithms
+ themselves instead; while replicating the ciphersuite as specified by
+ OpenSSL would have been preferable, I found no way in the SChannel API
+ to do so.
+
+ To use this from the commandline, you need to pass the names of contants
+ defining the desired algorithms. For example, curl --ciphers
+ "CALG_SHA1:CALG_RSA_SIGN:CALG_RSA_KEYX:CALG_AES_128:CALG_DH_EPHEM"
+ https://github.com The specific names come from wincrypt.h
+
+ Closes #2630
+
+- [Bernhard M. Wiedemann brought this change]
+
+ test 46: make test pass after 2025
+
+ shifting the expiry date to 2037 for now
+ to be before the possibly problematic year 2038
+
+ similar in spirit to commit e6293cf8764e9eecb
+
+ Closes #2646
+
+- [Marian Klymov brought this change]
+
+ cppcheck: fix warnings
+
+ - Get rid of variable that was generating false positive warning
+ (unitialized)
+
+ - Fix issues in tests
+
+ - Reduce scope of several variables all over
+
+ etc
+
+ Closes #2631
+
+- openssl: assume engine support in 1.0.1 or later
+
+ Previously it was checked for in configure/cmake, but that would then
+ leave other build systems built without engine support.
+
+ While engine support probably existed prior to 1.0.1, I decided to play
+ safe. If someone experience a problem with this, we can widen the
+ version check.
+
+ Fixes #2641
+ Closes #2644
+
+- RELEASE-NOTES: synced
+
+- RELEASE-PROCEDURE: update the release calendar for 2019
+
+- [Gisle Vanem brought this change]
+
+ boringssl + schannel: undef X509_NAME in lib/schannel.h
+
+ Fixes the build problem when both boringssl and schannel are enabled.
+
+ Fixes #2634
+ Closes #2643
+
+- [Vladimir Kotal brought this change]
+
+ mk-ca-bundle.pl: leave certificate name untouched in decode()
+
+ Closes #2640
+
+- [Rikard Falkeborn brought this change]
+
+ tests/libtests/Makefile.am: Add lib1521.c to CLEANFILES
+
+ This removes the generated lib1521.c when running make clean.
+
+ Closes #2633
+
+- [Rikard Falkeborn brought this change]
+
+ tests/libtest: Add lib1521 to nodist_SOURCES
+
+ Since 467da3af0, lib1521.c is generated instead of checked in. According
+ to the commit message, the intention was to remove it from the tarball
+ as well. However, it is still present when running make dist. To remove
+ it, add it to nodist_lib1521_SOURCES. This also means there is no need
+ for the manually added dist-rule in the Makefile.
+
+ Also update CMakelists.txt to handle the fact that we now may have
+ nodist_SOURCES.
+
+- [Stephan Mühlstrasser brought this change]
+
+ system.h: add support for IBM xlc C compiler
+
+ Added a section to system.h guarded with __xlc__ for the IBM xml C
+ compiler. Before this change the section titled 'generic "safe guess" on
+ old 32 bit style' was used, which resulted in a wrong definition of
+ CURL_TYPEOF_CURL_SOCKLEN_T, and for 64-bit also CURL_TYPEOF_CURL_OFF_T
+ was wrong.
+
+ Compilation warnings fixed with this change:
+
+ CC libcurl_la-ftp.lo
+ "ftp.c", line 290.55: 1506-280 (W) Function argument assignment between types "unsigned long* restrict" and "int*" is not allowed.
+ "ftp.c", line 293.48: 1506-280 (W) Function argument assignment between types "unsigned long* restrict" and "int*" is not allowed.
+ "ftp.c", line 1070.49: 1506-280 (W) Function argument assignment between types "unsigned long* restrict" and "int*" is not allowed.
+ "ftp.c", line 1154.53: 1506-280 (W) Function argument assignment between types "unsigned long* restrict" and "int*" is not allowed.
+ "ftp.c", line 1187.51: 1506-280 (W) Function argument assignment between types "unsigned long* restrict" and "int*" is not allowed.
+ CC libcurl_la-connect.lo
+ "connect.c", line 448.56: 1506-280 (W) Function argument assignment between types "unsigned long* restrict" and "int*" is not allowed.
+ "connect.c", line 516.66: 1506-280 (W) Function argument assignment between types "unsigned long* restrict" and "int*" is not allowed.
+ "connect.c", line 687.55: 1506-280 (W) Function argument assignment between types "unsigned long* restrict" and "int*" is not allowed.
+ "connect.c", line 696.55: 1506-280 (W) Function argument assignment between types "unsigned long* restrict" and "int*" is not allowed.
+ CC libcurl_la-tftp.lo
+ "tftp.c", line 1115.33: 1506-280 (W) Function argument assignment between types "unsigned long* restrict" and "int*" is not allowed.
+
+ Closes #2637
+
+- cmdline-opts/cert-type.d: mention "p12" as a recognized type as well
+
+Viktor Szakats (3 Jun 2018)
+- spelling fixes
+
+ Detected using the `codespell` tool (version 1.13.0).
+
+ Also secure and fix an URL.
+
+Daniel Stenberg (2 Jun 2018)
+- axtls: follow-up spell fix of comment
+
+- axTLS: not considered fit for use
+
+ URL: https://curl.haxx.se/mail/lib-2018-06/0000.html
+
+ This is step one. It adds #error statements that require source edits to
+ make curl build again if asked to use axTLS. At a later stage we might
+ remove the axTLS specific code completely.
+
+ Closes #2628
+
+- build: remove the Borland specific makefiles
+
+ According to the user survey 2018, not even one out of 670 users use
+ them. Nobody on the mailing list spoke up for them either.
+
+ Closes #2629
+
+- curl_addrinfo: use same #ifdef conditions in source as header
+
+ ... for curl_dofreeaddrinfo
+
+- multi: remove a DEBUGF()
+
+ ... it might call infof() with a NULL first argument that isn't harmful
+ but makes it not do anything. The infof() line is not very useful
+ anymore, it has served it purpose. Good riddance!
+
+ Fixes #2627
+
+- [Alibek.Jorajev brought this change]
+
+ CURLOPT_RESOLVE: always purge old entry first
+
+ If there's an existing entry using the selected name.
+
+ Closes #2622
+
+- fnmatch: use the system one if available
+
+ If configure detects fnmatch to be available, use that instead of our
+ custom one for FTP wildcard pattern matching. For standard compliance,
+ to reduce our footprint and to use already well tested and well
+ exercised code.
+
+ A POSIX fnmatch behaves slightly different than the internal function
+ for a few test patterns currently and the macOS one yet slightly
+ different. Test case 1307 is adjusted for these differences.
+
+ Closes #2626
+
+Patrick Monnerat (31 May 2018)
+- os400: add new option in ILE/RPG binding
+
+ Follow-up to commit 946ce5b
+
+Daniel Stenberg (31 May 2018)
+- tests/libtest/.gitignore: follow-up fix to ignore lib5* too
+
+- KNOWN_BUGS: CURL_GLOBAL_SSL
+
+ Closes #2276
+
+- [Bernhard Walle brought this change]
+
+ configure: check for declaration of getpwuid_r
+
+ On our x86 Android toolchain, getpwuid_r is implemented but the header
+ is missing:
+
+ netrc.c:81:7: error: implicit declaration of function 'getpwuid_r' [-Werror=implicit-function-declaration]
+
+ Unfortunately, the function is used in curl_ntlm_wb.c, too, so I moved
+ the prototype to curl_setup.h.
+
+ Signed-off-by: Bernhard Walle <bernhard@bwalle.de>
+ Closes #2609
+
+- [Rikard Falkeborn brought this change]
+
+ tests: update .gitignore for libtests
+
+ Closes #2624
+
+- [Rikard Falkeborn brought this change]
+
+ strictness: correct {infof, failf} format specifiers
+
+ Closes #2623
+
+- [Björn Stenberg brought this change]
+
+ option: disallow username in URL
+
+ Adds CURLOPT_DISALLOW_USERNAME_IN_URL and --disallow-username-in-url. Makes
+ libcurl reject URLs with a username in them.
+
+ Closes #2340
+
+- libcurl-security.3: improved layout for two rememdy lists
+
+- libcurl-security.3: refer to URL instead of in-source markdown file
+
+Viktor Szakats (30 May 2018)
+- curl.rc: embed manifest for correct Windows version detection
+
+ * enable it in `src/Makefile.m32`
+ * enable it in `winbuild/MakefileBuild.vc` if a custom manifest is
+ _not_ enabled via the existing `EMBED_MANIFEST` option
+ * enable it for all Windows CMake builds (also disable the built-in
+ minimal manifest, added by CMake by default.)
+
+ For other build systems, add the `-DCURL_EMBED_MANIFEST` option to
+ the list of RC (Resource Compiler) flags to enable the manifest
+ included in `src/curl.rc`. This may require to disable whatever
+ automatic or other means in which way another manifest is added to
+ `curl.exe`.
+
+ Notice that Borland C doesn't support this method due to a
+ long-pending resource compiler bug. Watcom C may also not handle
+ it correctly when the `-zm` `wrc` option is used (this option may
+ be unnecessary though) and regardless of options in certain earlier
+ revisions of the 2.0 beta version.
+
+ Closes https://github.com/curl/curl/pull/1221
+ Fixes https://github.com/curl/curl/issues/2591
+
+Patrick Monnerat (30 May 2018)
+- os400: sync EBCDIC wrappers and ILE/RPG binding with latest options
+
+- os400: implement mime api EBCDIC wrappers
+
+ Also sync ILE/RPG binding to define the new functions.
+
+Daniel Stenberg (29 May 2018)
+- setopt: add TLS 1.3 ciphersuites
+
+ Adds CURLOPT_TLS13_CIPHERS and CURLOPT_PROXY_TLS13_CIPHERS.
+
+ curl: added --tls13-ciphers and --proxy-tls13-ciphers
+
+ Fixes #2435
+ Reported-by: zzq1015 on github
+ Closes #2607
+
+- configure: override AR_FLAGS to silence warning
+
+ The automake default ar flags are 'cru', but the 'u' flag in there
+ causes warnings on many modern Linux distros. Removing 'u' may have a
+ minor performance impact on older distros but should not cause harm.
+
+ Explained on the automake mailing list already back in April 2015:
+
+ https://www.mail-archive.com/automake-patches@gnu.org/msg07705.html
+
+ Reported-by: elephoenix on github
+ Fixes #2617
+ Closes #2619
+
+Sergei Nikulov (29 May 2018)
+- cmake: fixed comments in compile checks code
+
+Daniel Stenberg (29 May 2018)
+- INSTALL: LDFLAGS=-Wl,-R/usr/local/ssl/lib
+
+ ... the older description doesn't work
+
+ Reported-by: Peter Varga
+ Fixes #2615
+ Closes #2616
+
+- [Will Dietz brought this change]
+
+ KNOWN_BUGS: restore text regarding #2101.
+
+ This was added earlier but appears to have been removed accidentally.
+
+ AFAICT this is very much still an issue.
+
+ -----
+
+ I say "accidentally" because the text seems to have harmlessly snuck
+ into [1] (which makes no mention of it). [1] was later reverted for
+ unspecified reasons in [2], presumably because the mentioned issue was
+ fixed or invalid.
+
+ [1] de9fac00c40db321d44fa6fbab6eb62ec4c83998
+ [2] 16d1f369403cbb04bd7b085eabbeebf159473fc2
+
+ Closes #2618
+
+- fnmatch: insist on escaped bracket to match
+
+ A non-escaped bracket ([) is for a character group - as documented. It
+ will *not* match an individual bracket anymore. Test case 1307 updated
+ accordingly to match.
+
+ Problem detected by OSS-Fuzz, although this fix is probably not a final
+ fix for the notorious timeout issues.
+
+ Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8525
+ Closes #2614
+
+Patrick Monnerat (28 May 2018)
+- psl: use latest psl and refresh it periodically
+
+ The latest psl is cached in the multi or share handle. It is refreshed
+ before use after 72 hours.
+ New share lock CURL_LOCK_DATA_PSL controls the psl cache sharing.
+ If the latest psl is not available, the builtin psl is used.
+
+ Reported-by: Yaakov Selkowitz
+ Fixes #2553
+ Closes #2601
+
+Daniel Stenberg (28 May 2018)
+- [Fabrice Fontaine brought this change]
+
+ configure: fix ssh2 linking when built with a static mbedtls
+
+ The ssh2 pkg-config file could contain the following lines when build
+ with a static version of mbedtls:
+ Libs: -L${libdir} -lssh2 /xxx/libmbedcrypto.a
+ Libs.private: /xxx/libmbedcrypto.a
+
+ This static mbedtls library must be used to correctly detect ssh2
+ support and this library must be copied in libcurl.pc otherwise
+ compilation of any application (such as upmpdcli) with libcurl will fail
+ when trying to found mbedtls functions included in libssh2. So, replace
+ pkg-config --libs-only-l by pkg-config --libs.
+
+ Fixes:
+ - http://autobuild.buildroot.net/results/43e24b22a77f616d6198c10435dcc23cc3b9088a
+
+ Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+ Closes #2613
+
+- RELEASE-NOTES: synced
+
+- [Bernhard Walle brought this change]
+
+ cmake: check for getpwuid_r
+
+ The autotools-based build system does it, so we do it also in CMake.
+
+ Bug: #2609
+ Signed-off-by: Bernhard Walle <bernhard@bwalle.de>
+
+- cmdline-opts/gen.pl: warn if mutexes: or see-also: list non-existing options
+
+- [Frank Gevaerts brought this change]
+
+ curl.1: Fix cmdline-opts reference errors.
+
+ --data, --form, and --ntlm were declared to be mutually exclusive with
+ non-existing options. --data and --form referred to --upload (which is
+ short for --upload-file and therefore did work, so this one was merely
+ a bit confusing), --ntlm referred to --negotiated instead of --negotiate.
+
+ Closes #2612
+
+- [Frank Gevaerts brought this change]
+
+ docs: fix cmdline-opts metadata headers case consistency.
+
+ Almost all headers start with an uppercase letter, but some didn't.
+
+- mailmap: Max Savenkov
+
+Sergei Nikulov (28 May 2018)
+- [Max Savenkov brought this change]
+
+ Fix the test for fsetxattr and strerror_r tests in CMake to work without compiling
+
+Daniel Stenberg (27 May 2018)
+- mailmap: a Richard Alcock fixup
+
+- [Richard Alcock brought this change]
+
+ schannel: add failf calls for client certificate failures
+
+ Closes #2604
+
+- [Richard Alcock brought this change]
+
+ winbuild: In MakefileBuild.vc fix typo DISTDIR->DIRDIST
+
+ Change requirement from $(DISTDIR) to $(DIRDIST)
+
+ closes #2603
+
+- [Richard Alcock brought this change]
+
+ winbuild: only delete OUTFILE if it exists
+
+ This removes the slightly annoying "Could not file LIBCURL_OBJS.inc" and
+ "Could not find CURL_OBJS.inc.inc" message when building into a clean
+ folder.
+
+ closes #2602
+
+- [Alejandro R. Sedeño brought this change]
+
+ content_encoding: handle zlib versions too old for Z_BLOCK
+
+ Fallback on Z_SYNC_FLUSH when Z_BLOCK is not available.
+
+ Fixes #2606
+ Closes #2608
+
+- multi: provide a socket to wait for in Curl_protocol_getsock
+
+ ... even when there's no protocol specific handler setup.
+
+ Bug: https://curl.haxx.se/mail/lib-2018-05/0062.html
+ Reported-by: Sean Miller
+ Closes #2600
+
+- [Linus Lewandowski brought this change]
+
+ httpauth: add support for Bearer tokens
+
+ Closes #2102
+
+- TODO: CURLINFO_PAUSE_STATE
+
+ Closes #2588
+
+Sergei Nikulov (24 May 2018)
+- cmake: set -d postfix for debug builds if not specified
+ using -DCMAKE_DEBUG_POSTFIX explicitly
+
+ fixes #2121, obsoletes #2384
+
+Daniel Stenberg (23 May 2018)
+- configure: add basic test of --with-ssl prefix
+
+ When given a prefix, the $PREFIX_OPENSSL/lib/openssl.pc or
+ $PREFIX_OPENSSL/include/openssl/ssl.h files must be present or cause an
+ error. Helps users detect when giving configure the wrong path.
+
+ Reported-by: Oleg Pudeyev
+ Assisted-by: Per Malmberg
+ Fixes #2580
+
+Patrick Monnerat (22 May 2018)
+- http resume: skip body if http code 416 (range error) is ignored.
+
+ This avoids appending error data to already existing good data.
+
+ Test 92 is updated to match this change.
+ New test 1156 checks all combinations of --range/--resume, --fail,
+ Content-Range header and http status code 200/416.
+
+ Fixes #1163
+ Reported-By: Ithubg on github
+ Closes #2578
+
+Daniel Stenberg (22 May 2018)
+- tftp: make sure error is zero terminated before printfing it
+
+- configure: add missing m4/ax_compile_check_sizeof.m4
+
+ follow-up to mistake in 6876ccf90b4
+
+Jay Satiro (22 May 2018)
+- [Johannes Schindelin brought this change]
+
+ schannel: make CAinfo parsing resilient to CR/LF
+
+ OpenSSL has supported --cacert for ages, always accepting LF-only line
+ endings ("Unix line endings") as well as CR/LF line endings ("Windows
+ line endings").
+
+ When we introduced support for --cacert also with Secure Channel (or in
+ cURL speak: "WinSSL"), we did not take care to support CR/LF line
+ endings, too, even if we are much more likely to receive input in that
+ form when using Windows.
+
+ Let's fix that.
+
+ Happily, CryptQueryObject(), the function we use to parse the ca-bundle,
+ accepts CR/LF input already, and the trailing LF before the END
+ CERTIFICATE marker catches naturally any CR/LF line ending, too. So all
+ we need to care about is the BEGIN CERTIFICATE marker. We do not
+ actually need to verify here that the line ending is CR/LF. Just
+ checking for a CR or an LF is really plenty enough.
+
+ Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
+
+ Closes https://github.com/curl/curl/pull/2592
+
+Daniel Stenberg (22 May 2018)
+- CURLOPT_ACCEPT_ENCODING.3: add brotli and clarify a bit
+
+- RELEASE-NOTES: synced
+
+- KNOWN_BUGS: mention the -O with %-encoded file names
+
+ Closes #2573
+
+- checksrc: make sure sizeof() is used *with* parentheses
+
+ ... and unify the source code to adhere.
+
+ Closes #2563
+
+- curl: added --styled-output
+
+ It is enabled by default, so --no-styled-output will switch off the
+ detection/use of bold headers.
+
+ Closes #2538
+
+- curl: show headers in bold
+
+ The feature is only enabled if the output is believed to be a tty.
+
+ -J: There's some minor differences and improvements in -J handling, as
+ now J should work with -i and it actually creates a file first using the
+ initial name and then *renames* that to the one found in
+ Content-Disposition (if any).
+
+ -i: only shows headers for HTTP transfers now (as documented).
+ Previously it would also show for pieces of the transfer that were HTTP
+ (for example when doing FTP over a HTTP proxy).
+
+ -i: now shows trailers as well. Previously they were not shown at all.
+
+ --libcurl: the CURLOPT_HEADER is no longer set, as the header output is
+ now done in the header callback.
+
+- configure: compile-time SIZEOF checks
+
+ ... instead of exeucting code to get the size. Removes the use of
+ LD_LIBRARY_PATH for this.
+
+ Fixes #2586
+ Closes #2589
+ Reported-by: Bernhard Walle
+
+- configure: replace AC_TRY_RUN with CURL_RUN_IFELSE
+
+ ... and export LD_LIBRARY_PATH properly. This is a follow-up from
+ 2d4c215.
+
+ Fixes #2586
+ Reported-by: Bernhard Walle
+
+- docs: clarify CURLOPT_HTTPGET somewhat
+
+ Reported-by: bsammon on github
+ Fixes #2590
+
+- curl_fnmatch: only allow two asterisks for matching
+
+ The previous limit of 5 can still end up in situation that takes a very
+ long time and consumes a lot of CPU.
+
+ If there is still a rare use case for this, a user can provide their own
+ fnmatch callback for a version that allows a larger set of wildcards.
+
+ This commit was triggered by yet another OSS-Fuzz timeout due to this.
+ Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8369
+
+ Closes #2587
+
+- checksrc: fix too long line
+
+ follow-up to e05ad5d
+
+- [Aleks brought this change]
+
+ docs: mention HAproxy protocol "version 1"
+
+ ...as there's also a version 2.
+
+ Closes #2579
+
+- examples/progressfunc: make it build on older libcurls
+
+ This example was changed in ce2140a8c1 to use the new microsecond based
+ getinfo option. This change makes it conditionally keep using the older
+ option so that the example still builds with older libcurl versions.
+
+ Closes #2584
+
+- stub_gssapi: fix numerous 'unused parameter' warnings
+
+ follow-up to d9e92fd9fd1d
+
+- [Philip Prindeville brought this change]
+
+ getinfo: add microsecond precise timers for various intervals
+
+ Provide a set of new timers that return the time intervals using integer
+ number of microseconds instead of floats.
+
+ The new info names are as following:
+
+ CURLINFO_APPCONNECT_TIME_T
+ CURLINFO_CONNECT_TIME_T
+ CURLINFO_NAMELOOKUP_TIME_T
+ CURLINFO_PRETRANSFER_TIME_T
+ CURLINFO_REDIRECT_TIME_T
+ CURLINFO_STARTTRANSFER_TIME_T
+ CURLINFO_TOTAL_TIME_T
+
+ Closes #2495
+
+- openssl: acknowledge --tls-max for default version too
+
+ ... previously it only used the max setting if a TLS version was also
+ explicitly asked for.
+
+ Reported-by: byte_bucket
+ Fixes #2571
+ Closes #2572
+
+- bump: start working on the pending 7.61.0
+
+- [Dagobert Michelsen brought this change]
+
+ tests/libtest/Makefile: Do not unconditionally add gcc-specific flags
+
+ The warning flag leads e.g. Sun Studio compiler to bail out.
+
+ Closes #2576
+
+- schannel_verify: fix build for non-schannel
+
+Jay Satiro (16 May 2018)
+- rand: fix typo
+
+- schannel: disable manual verify if APIs not available
+
+ .. because original MinGW and old compilers do not have the Windows API
+ definitions needed to support manual verification.
+
+- [Archangel_SDY brought this change]
+
+ schannel: disable client cert option if APIs not available
+
+ Original MinGW targets Windows 2000 by default, which lacks some APIs and
+ definitions for this feature. Disable it if these APIs are not available.
+
+ Closes https://github.com/curl/curl/pull/2522
+
+Version 7.60.0 (15 May 2018)
+
+Daniel Stenberg (15 May 2018)
+- RELEASE-NOTES: 7.60.0 release
+
+- THANKS: added people from the curl 7.60.0 release
+
+- docs/libcurl/index.html: removed
+
+ The HTML files are long gone from the dist, now remove the last HTML
+ file pointing to those missing files.
+
+ d
+
+- [steini2000 brought this change]
+
+ http2: remove unused variable
+
+ Closes #2570
+
+- [steini2000 brought this change]
+
+ http2: use easy handle of stream for logging
+
+- gcc: disable picky gcc-8 function pointer warnings in two places
+
+ Reported-by: Rikard Falkeborn
+ Bug: #2560
+ Closes #2569
+
+- http2: use the correct function pointer typedef
+
+ Fixes gcc-8 picky compiler warnings
+ Reported-by: Rikard Falkeborn
+ Bug: #2560
+ Closes #2568
+
+- CODE_STYLE: mention return w/o parens, but sizeof with
+
+ ... and remove the github markdown syntax so that it renders better on
+ the web site. Also, don't use back-ticks inlined to allow the CSS to
+ highlight source code better.
+
+- [Rikard Falkeborn brought this change]
+
+ examples: Fix format specifiers
+
+ Closes #2561
+
+- [Rikard Falkeborn brought this change]
+
+ tool: Fix format specifiers
+
+- [Rikard Falkeborn brought this change]
+
+ ntlm: Fix format specifiers
+
+- [Rikard Falkeborn brought this change]
+
+ tests: Fix format specifiers
+
+- [Rikard Falkeborn brought this change]
+
+ lib: Fix format specifiers
+
+- contributors.sh: use "on github", not at
+
+- http2: getsock fix for uploads
+
+ When there's an upload in progress, make sure to wait for the socket to
+ become writable.
+
+ Detected-by: steini2000 on github
+ Bug: #2520
+ Closes #2567
+
+- pingpong: fix response cache memcpy overflow
+
+ Response data for a handle with a large buffer might be cached and then
+ used with the "closure" handle when it has a smaller buffer and then the
+ larger cache will be copied and overflow the new smaller heap based
+ buffer.
+
+ Reported-by: Dario Weisser
+ CVE: CVE-2018-1000300
+ Bug: https://curl.haxx.se/docs/adv_2018-82c2.html
+
+- http: restore buffer pointer when bad response-line is parsed
+
+ ... leaving the k->str could lead to buffer over-reads later on.
+
+ CVE: CVE-2018-1000301
+ Assisted-by: Max Dymond
+
+ Detected by OSS-Fuzz.
+ Bug: https://curl.haxx.se/docs/adv_2018-b138.html
+ Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7105
+
+Patrick Monnerat (13 May 2018)
+- cookies: do not take cookie name as a parameter
+
+ RFC 6265 section 4.2.1 does not set restrictions on cookie names.
+ This is a follow-up to commit 7f7fcd0.
+ Also explicitly check proper syntax of cookie name/value pair.
+
+ New test 1155 checks that cookie names are not reserved words.
+
+ Reported-By: anshnd at github
+ Fixes #2564
+ Closes #2566
+
+Daniel Stenberg (12 May 2018)
+- smb: reject negative file sizes
+
+ Assisted-by: Max Dymond
+
+ Detected by OSS-Fuzz
+ Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8245
+
+- setup_transfer: deal with both sockets being -1
+
+ Detected by Coverity; CID 1435559. Follow-up to f8d608f38d00. It would
+ index the array with -1 if neither index was a socket.
+
+- travis: add build using NSS
+
+ Closes #2558
+
+- [Sunny Purushe brought this change]
+
+ openssl: change FILE ops to BIO ops
+
+ To make builds with VS2015 work. Recent changes in VS2015 _IOB_ENTRIES
+ handling is causing problems. This fix changes the OpenSSL backend code
+ to use BIO functions instead of FILE I/O functions to circumvent those
+ problems.
+
+ Closes #2512
+
+- travis: add a build using WolfSSL
+
+ Assisted-by: Dan Fandrich
+
+ Closes #2528
+
+- RELEASE-NOTES: typo
+
+- RELEASE-NOTES: synced
+
+- [Daniel Gustafsson brought this change]
+
+ URLs: fix one more http url
+
+ This file wasn't included in commit 4af40b3646d3b09 which updated all
+ haxx.se http urls to https. The file was committed prior to that update,
+ but may have been merged after it and hence didn't get updated.
+
+ Closes #2550
+
+- github/lock: auto-lock closed issues after 90 days of inactivity
+
+- vtls: fix missing commas
+
+ follow-up to e66cca046cef
+
+- vtls: use unified "supports" bitfield member in backends
+
+ ... instead of previous separate struct fields, to make it easier to
+ extend and change individual backends without having to modify them all.
+
+ closes #2547
+
+- transfer: don't unset writesockfd on setup of multiplexed conns
+
+ Curl_setup_transfer() can be called to setup a new individual transfer
+ over a multiplexed connection so it shouldn't unset writesockfd.
+
+ Bug: #2520
+ Closes #2549
+
+- [Frank Gevaerts brought this change]
+
+ configure: put CURLDEBUG and DEBUGBUILD in lib/curl_config.h
+
+ They are removed from the compiler flags.
+
+ This ensures that make dependency tracking will force a rebuild whenever
+ configure --enable-debug or --enable-curldebug changes.
+
+ Closes #2548
+
+- http: don't set the "rewind" flag when not uploading anything
+
+ It triggers an assert.
+
+ Detected by OSS-Fuzz
+ Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8144
+ Closes #2546
+
+- travis: add an mbedtls build
+
+ Closes #2531
+
+- configure: only check for CA bundle for file-using SSL backends
+
+ When only building with SSL backends that don't use the CA bundle file
+ (by default), skip the check.
+
+ Fixes #2543
+ Fixes #2180
+ Closes #2545
+
+- ssh-libssh.c: fix left shift compiler warning
+
+ ssh-libssh.c:2429:21: warning: result of '1 << 31' requires 33 bits to
+ represent, but 'int' only has 32 bits [-Wshift-overflow=]
+
+ 'len' will never be that big anyway so I converted the run-time check to
+ a regular assert.
+
+- [Stephan Mühlstrasser brought this change]
+
+ URL: fix ASCII dependency in strcpy_url and strlen_url
+
+ Commit 3c630f9b0af097663a64e5c875c580aa9808a92b partially reverted the
+ changes from commit dd7521bcc1b7a6fcb53c31f9bd1192fcc884bd56 because of
+ the problem that strcpy_url() was modified unilaterally without also
+ modifying strlen_url(). As a consequence strcpy_url() was again
+ depending on ASCII encoding.
+
+ This change fixes strlen_url() and strcpy_url() in parallel to use a
+ common host-encoding independent criterion for deciding whether an URL
+ character must be %-escaped.
+
+ Closes #2535
+
+- [Denis Ollier brought this change]
+
+ docs: remove extraneous commas in man pages
+
+ Closes #2544
+
+- RELEASE-NOTES: synced
+
+- Revert "TODO: remove configure --disable-pthreads"
+
+ This reverts commit d5d683a97f9765bddfd964fe32e137aa6e703ed3.
+
+ --disable-pthreads can be used to disable pthreads and get the threaded
+ resolver to use the windows threading when building with mingw.
+
+- vtls: don't define MD5_DIGEST_LENGTH for wolfssl
+
+ ... as it defines it (too)
+
+- TODO: remove configure --disable-pthreads
+
+Jay Satiro (2 May 2018)
+- [David Garske brought this change]
+
+ wolfssl: Fix non-blocking connect
+
+ Closes https://github.com/curl/curl/pull/2542
+
+Daniel Stenberg (30 Apr 2018)
+- CURLOPT_URL.3: add ENCODING section [ci skip]
+
+ Feedback-by: Michael Kilburn
+
+- KNOWN_BUGS: Client cert with Issuer DN differs between backends
+
+ Closes #1411
+
+- KNOWN_BUGS: Passive transfer tries only one IP address
+
+ Closes #1508
+
+- KNOWN_BUGS: --upload-file . hang if delay in STDIN
+
+ Closes #2051
+
+- KNOWN_BUGS: Connection information when using TCP Fast Open
+
+ Closes #1332
+
+- travis: enable libssh2 on both macos and Linux
+
+ It seems to not be detected by default anymore (which is a bug I
+ believe)
+
+ Closes #2541
+
+- TODO: Support the clienthello extension
+
+ Closes #2299
+
+- TODO: CLOEXEC
+
+ Closes #2252
+
+- tests: provide 'manual' as a feature to optionally require
+
+ ... and make test 1026 rely on that feature so that --disable-manual
+ builds don't cause test failures.
+
+ Reported-by: Max Dymond and Anders Roxell
+ Fixes #2533
+ Closes #2540
+
+- CURLINFO_PROTOCOL.3: mention the existing defined names
+
+Jay Satiro (27 Apr 2018)
+- [Daniel Gustafsson brought this change]
+
+ cookies: remove unused macro
+
+ Commit 2bc230de63 made the macro MAX_COOKIE_LINE_TXT become unused,
+ so remove as it's not part of the published API.
+
+ Closes https://github.com/curl/curl/pull/2537
+
+Daniel Stenberg (27 Apr 2018)
+- [Daniel Gustafsson brought this change]
+
+ checksrc: force indentation of lines after an else
+
+ This extends the INDENTATION case to also handle 'else' statements
+ and require proper indentation on the following line. Also fixes the
+ offending cases found in the codebase.
+
+ Closes #2532
+
+- http2: fix null pointer dereference in http2_connisdead
+
+ This function can get called on a connection that isn't setup enough to
+ have the 'recv_underlying' function pointer initialized so it would try
+ to call the NULL pointer.
+
+ Reported-by: Dario Weisser
+
+ Follow-up to db1b2c7fe9b093f8 (never shipped in a release)
+ Closes #2536
+
+- http2: get rid of another strstr()
+
+ Follow-up to 1514c44655e12e: replace another strstr() call done on a
+ buffer that might not be zero terminated - with a memchr() call, even if
+ we know the substring will be found.
+
+ Assisted-by: Max Dymond
+
+ Detected by OSS-Fuzz
+ Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8021
+
+ Closes #2534
+
+- cyassl: adapt to libraries without TLS 1.0 support built-in
+
+ WolfSSL doesn't enable it by default anymore
+
+- configure: provide --with-wolfssl as an alias for --with-cyassl
+
+- RELEASE-NOTES: synced
+
+- [Daniel Gustafsson brought this change]
+
+ os400.c: fix ASSIGNWITHINCONDITION checksrc warnings
+
+ All occurrences of assignment within conditional expression in
+ os400sys.c rewritten into two steps: first assignment and then the check
+ on the success of the assignment. Also adjust related incorrect brace
+ positions to match project indentation style.
+
+ This was spurred by seeing "if((inp = input_token))", but while in there
+ all warnings were fixed.
+
+ There should be no functional change from these changes.
+
+ Closes #2525
+
+- [Daniel Gustafsson brought this change]
+
+ cookies: ensure that we have cookies before writing jar
+
+ The jar should be written iff there are cookies, so ensure that we still
+ have cookies after expiration to avoid creating an empty file.
+
+ Closes #2529
+
+- strcpy_url: only %-encode values >= 0x80
+
+ OSS-Fuzz detected
+
+ https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8000
+
+ Broke in dd7521bcc1b7
+
+- mime: avoid NULL pointer dereference risk
+
+ Coverity detected, CID 1435120
+
+ Closes #2527
+
+- [Stephan Mühlstrasser brought this change]
+
+ ctype: restore character classification for non-ASCII platforms
+
+ With commit 4272a0b0fc49a1ac0ceab5c4a365c9f6ab8bf8e2 curl-speficic
+ character classification macros and functions were introduced in
+ curl_ctype.[ch] to avoid dependencies on the locale. This broke curl on
+ non-ASCII, e.g. EBCDIC platforms. This change restores the previous set
+ of character classification macros when CURL_DOES_CONVERSIONS is
+ defined.
+
+ Closes #2494
+
+- ftplistparser: keep state between invokes
+
+ Fixes FTP wildcard parsing when done over a number of read buffers.
+
+ Regression from f786d1f14
+
+ Reported-by: wncboy on github
+ Fixes #2445
+ Closes #2526
+
+- examples/http2-upload: expand buffer to avoid silly warning
+
+ http2-upload.c:135:44: error: ‘%02d’ directive output may be truncated
+ writing between 2 and 11 bytes into a region of size between 8 and 17
+
+- examples/sftpuploadresume: typecast fseek argument to long
+
+ /docs/examples/sftpuploadresume.c:102:12: warning: conversion to 'long
+ int' from 'curl_off_t {aka long long int}' may alter its value
+
+- Revert "ftplistparser: keep state between invokes"
+
+ This reverts commit abbc8457d85aca74b7cfda1d394b0844932b2934.
+
+ Caused fuzzer problems on travis not seen when this was a PR!
+
+- Curl_memchr: zero length input can't match
+
+ Avoids undefined behavior.
+
+ Reported-by: Geeknik Labs
+
+- ftplistparser: keep state between invokes
+
+ Fixes FTP wildcard parsing when doing over a number of read buffers.
+
+ Regression from f786d1f14
+
+ Reported-by: wncboy on github
+ Fixes #2445
+ Closes #2519
+
+- ftplistparser: renamed some members and variables
+
+ ... to make them better spell out what they're for.
+
+- RELEASE-NOTES: synced
+
+- [Christian Schmitz brought this change]
+
+ curl_global_sslset: always provide available backends
+
+ Closes #2499
+
+- http2: convert an assert to run-time check
+
+ Fuzzing has proven we can reach code in on_frame_recv with status_code
+ not having been set, so let's detect that in run-time (instead of with
+ assert) and error error accordingly.
+
+ (This should no longer happen with the latest nghttp2)
+
+ Detected by OSS-Fuzz
+ Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7903
+ Closes #2514
+
+- curl.1: clarify that options and URLs can be mixed
+
+ Fixes #2515
+ Closes #2517
+
+Jay Satiro (23 Apr 2018)
+- [Archangel_SDY brought this change]
+
+ CURLOPT_SSLCERT.3: improve WinSSL-specific usage info
+
+ Ref: https://github.com/curl/curl/pull/2376#issuecomment-381858780
+
+ Closes https://github.com/curl/curl/pull/2504
+
+- [Archangel_SDY brought this change]
+
+ schannel: fix build error on targets <= XP
+
+ - Use CRYPT_STRING_HEX instead of CRYPT_STRING_HEXRAW since XP doesn't
+ support the latter.
+
+ Ref: https://github.com/curl/curl/pull/2376#issuecomment-382153668
+
+ Closes https://github.com/curl/curl/pull/2504
+
+Daniel Stenberg (23 Apr 2018)
+- Revert "ftplistparser: keep state between invokes"
+
+ This reverts commit 8fb78f9ddc6d858d630600059b8ad84a80892fd9.
+
+ Unfortunately this fix introduces memory leaks I've not been able to fix
+ in several days. Reverting this for now to get the leaks fixed.
+
+Jay Satiro (21 Apr 2018)
+- tool_help: clarify --max-time unit of time is seconds
+
+ Before:
+ -m, --max-time <time> Maximum time allowed for the transfer
+
+ After:
+ -m, --max-time <seconds> Maximum time allowed for the transfer
+
+Daniel Stenberg (20 Apr 2018)
+- http2: handle GOAWAY properly
+
+ When receiving REFUSED_STREAM, mark the connection for close and retry
+ streams accordingly on another/fresh connection.
+
+ Reported-by: Terry Wu
+ Fixes #2416
+ Fixes #1618
+ Closes #2510
+
+- http2: clear the "drain counter" when a stream is closed
+
+ This fixes the notorious "httpc->drain_total >= data->state.drain"
+ assert.
+
+ Reported-by: Anders Bakken
+
+ Fixes #1680
+ Closes #2509
+
+- http2: avoid strstr() on data not zero terminated
+
+ It's not strictly clear if the API contract allows us to call strstr()
+ on a string that isn't zero terminated even when we know it will find
+ the substring, and clang's ASAN check dislikes us for it.
+
+ Also added a check of the return code in case it fails, even if I can't
+ think of a situation how that can trigger.
+
+ Detected by OSS-Fuzz
+ Closes #2513
+ Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7760
+
+- [Stephan Mühlstrasser brought this change]
+
+ openssl: fix subjectAltName check on non-ASCII platforms
+
+ Curl_cert_hostcheck operates with the host character set, therefore the
+ ASCII subjectAltName string retrieved with OpenSSL must be converted to
+ the host encoding before comparison.
+
+ Closes #2493
+
+Jay Satiro (20 Apr 2018)
+- openssl: Add support for OpenSSL 1.1.1 verbose-mode trace messages
+
+ - Support handling verbose-mode trace messages of type
+ SSL3_RT_INNER_CONTENT_TYPE, SSL3_MT_ENCRYPTED_EXTENSIONS,
+ SSL3_MT_END_OF_EARLY_DATA, SSL3_MT_KEY_UPDATE, SSL3_MT_NEXT_PROTO,
+ SSL3_MT_MESSAGE_HASH
+
+ Reported-by: iz8mbw@users.noreply.github.com
+
+ Fixes https://github.com/curl/curl/issues/2403
+
+Daniel Stenberg (19 Apr 2018)
+- ftplistparser: keep state between invokes
+
+ Regression from f786d1f14
+
+ Reported-by: wncboy on github
+ Fixes #2445
+ Closes #2508
+
+- detect_proxy: only show proxy use if it had contents
+
+- http2: handle on_begin_headers() called more than once
+
+ This triggered an assert if called more than once in debug mode (and a
+ memory leak if not debug build). With the right sequence of HTTP/2
+ headers incoming it can happen.
+
+ Detected by OSS-Fuzz
+
+ Closes #2507
+ Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7764
+
+Jay Satiro (18 Apr 2018)
+- [Dan McNulty brought this change]
+
+ schannel: add support for CURLOPT_CAINFO
+
+ - Move verify_certificate functionality in schannel.c into a new
+ file called schannel_verify.c. Additionally, some structure defintions
+ from schannel.c have been moved to schannel.h to allow them to be
+ used in schannel_verify.c.
+
+ - Make verify_certificate functionality for Schannel available on
+ all versions of Windows instead of just Windows CE. verify_certificate
+ will be invoked on Windows CE or when the user specifies
+ CURLOPT_CAINFO and CURLOPT_SSL_VERIFYPEER.
+
+ - In verify_certificate, create a custom certificate chain engine that
+ exclusively trusts the certificate store backed by the CURLOPT_CAINFO
+ file.
+
+ - doc updates of --cacert/CAINFO support for schannel
+
+ - Use CERT_NAME_SEARCH_ALL_NAMES_FLAG when invoking CertGetNameString
+ when available. This implements a TODO in schannel.c to improve
+ handling of multiple SANs in a certificate. In particular, all SANs
+ will now be searched instead of just the first name.
+
+ - Update tool_operate.c to not search for the curl-ca-bundle.crt file
+ when using Schannel to maintain backward compatibility. Previously,
+ any curl-ca-bundle.crt file found in that search would have been
+ ignored by Schannel. But, with CAINFO support, the file found by
+ that search would have been used as the certificate store and
+ could cause issues for any users that have curl-ca-bundle.crt in
+ the search path.
+
+ - Update url.c to not set the build time CURL_CA_BUNDLE if the selected
+ SSL backend is Schannel. We allow setting CA location for schannel
+ only when explicitly specified by the user via CURLOPT_CAINFO /
+ --cacert.
+
+ - Add new test cases 3000 and 3001. These test cases check that the first
+ and last SAN, respectively, matches the connection hostname. New test
+ certificates have been added for these cases. For 3000, the certificate
+ prefix is Server-localhost-firstSAN and for 3001, the certificate
+ prefix is Server-localhost-secondSAN.
+
+ - Remove TODO 15.2 (Add support for custom server certificate
+ validation), this commit addresses it.
+
+ Closes https://github.com/curl/curl/pull/1325
+
+- schannel: fix warning
+
+ - Fix warning 'integer from pointer without a cast' on 3rd arg in
+ CertOpenStore. The arg type HCRYPTPROV may be a pointer or integer
+ type of the same size.
+
+ Follow-up to e35b025.
+
+ Caught by Marc's CI builds.
+
+- [Jakub Wilk brought this change]
+
+ docs: fix typos
+
+ Closes https://github.com/curl/curl/pull/2503
+
+Daniel Stenberg (17 Apr 2018)
+- RELEASE-NOTES: synced
+
+Jay Satiro (17 Apr 2018)
+- [Kees Dekker brought this change]
+
+ winbuild: Support custom devel paths for each dependency
+
+ - Support custom devel paths for c-ares, mbedTLS, nghttp2, libSSH2,
+ OpenSSL and zlib. Respectively: CARES_PATH, MBEDTLS_PATH,
+ NGHTTP2_PATH, SSH2_PATH, SSL_PATH and ZLIB_PATH.
+
+ - Use lib.exe for making the static library instead of link.exe /lib.
+ The latter is undocumented and could cause problems as noted in the
+ comments.
+
+ - Remove a dangling URL that no longer worked. (I was not able to find
+ the IDN download at MSDN/microsoft.com, so it seems to be removed.)
+
+ - Remove custom override for release-ssh2-ssl-dll-zlib configuration.
+ Nobody knows why it was there and as far as we can see is unnecessary.
+
+ Closes https://github.com/curl/curl/pull/2474
+
+Daniel Stenberg (17 Apr 2018)
+- [Jess brought this change]
+
+ README.md: add backers and sponsors
+
+ Closes #2484
+
+- [Archangel_SDY brought this change]
+
+ schannel: add client certificate authentication
+
+ Users can now specify a client certificate in system certificates store
+ explicitly using expression like `--cert "CurrentUser\MY\<thumbprint>"`
+
+ Closes #2376
+
+Marcel Raad (16 Apr 2018)
+- [toughengineer brought this change]
+
+ ntlm_sspi: fix authentication using Credential Manager
+
+ If you pass empty user/pass asking curl to use Windows Credential
+ Storage (as stated in the docs) and it has valid credentials for the
+ domain, e.g.
+ curl -v -u : --ntlm example.com
+ currently authentication fails.
+ This change fixes it by providing proper SPN string to the SSPI API
+ calls.
+
+ Fixes https://github.com/curl/curl/issues/1622
+ Closes https://github.com/curl/curl/pull/1660
+
+Daniel Stenberg (16 Apr 2018)
+- configure: keep LD_LIBRARY_PATH changes local
+
+ ... only set it when we actually have to run tests to reduce its impact
+ on for example build commands etc.
+
+ Fixes #2490
+ Closes #2492
+
+ Reported-by: Dmitry Mikhirev
+
+Marcel Raad (16 Apr 2018)
+- urldata: make service names unconditional
+
+ The ifdefs have become quite long. Also, the condition for the
+ definition of CURLOPT_SERVICE_NAME and for setting it from
+ CURLOPT_SERVICE_NAME have diverged. We will soon also need the two
+ options for NTLM, at least when using SSPI, for
+ https://github.com/curl/curl/pull/1660.
+ Just make the definitions unconditional to make that easier.
+
+ Closes https://github.com/curl/curl/pull/2479
+
+Daniel Stenberg (16 Apr 2018)
+- test1148: tolerate progress updates better
+
+ Fixes #2446
+ Closes #2488
+
+- [Christian Schmitz brought this change]
+
+ ssh: show libSSH2 error code when closing fails
+
+ Closes #2500
+
+Jay Satiro (15 Apr 2018)
+- [Daniel Gustafsson brought this change]
+
+ vauth: Fix typo
+
+ Address various spellings of "credentials".
+
+ Closes https://github.com/curl/curl/pull/2496
+
+- [Dagobert Michelsen brought this change]
+
+ system.h: Add sparcv8plus to oracle/sunpro 32-bit detection
+
+ With specific compiler options selecting the arch like -xarch=sparc on
+ newer compilers like Oracle Studio 12.4 there is no definition of
+ __sparcv8 but __sparcv8plus which means the V9 ISA, but limited to the
+ 32ÎíÎñbit subset defined by the V8plus ISA specification, without the
+ Visual Instruction Set (VIS), and without other implementation-specific
+ ISA extensions. So it should be the same as __sparcv8.
+
+ Closes https://github.com/curl/curl/pull/2491
+
+- [Daniel Gustafsson brought this change]
+
+ checksrc: Fix typo
+
+ Fix typo in "semicolon" spelling and remove stray tab character.
+
+ Closes https://github.com/curl/curl/pull/2498
+
+- [Daniel Gustafsson brought this change]
+
+ all: Refactor malloc+memset to use calloc
+
+ When a zeroed out allocation is required, use calloc() rather than
+ malloc() followed by an explicit memset(). The result will be the
+ same, but using calloc() everywhere increases consistency in the
+ codebase and avoids the risk of subtle bugs when code is injected
+ between malloc and memset by accident.
+
+ Closes https://github.com/curl/curl/pull/2497
+
+Daniel Stenberg (12 Apr 2018)
+- duphandle: make sure CURLOPT_RESOLVE is duplicated fine too
+
+ Verified in test 1502 now
+
+ Fixes #2485
+ Closes #2486
+ Reported-by: Ernst Sjöstrand
+
+- mailmap: add a monnerat fixup [ci skip]
+
+- proxy: show getenv proxy use in verbose output
+
+ ... to aid debugging etc as it sometimes isn't immediately obvious why
+ curl uses or doesn't use a proxy.
+
+ Inspired by #2477
+
+ Closes #2480
+
+- travis: build libpsl and make builds use it
+
+ closes #2471
+
+- travis: bump to clang 6 and gcc 7
+
+ Extra-eye-on-this-by: Marcel Raad
+
+ Closes #2478
+
+Marcel Raad (10 Apr 2018)
+- travis: use trusty for coverage build
+
+ This works now and precise is in the process of being decommissioned.
+
+ Closes https://github.com/curl/curl/pull/2476
+
+- lib: silence null-dereference warnings
+
+ In debug mode, MingGW-w64's GCC 7.3 issues null-dereference warnings
+ when dereferencing pointers after DEBUGASSERT-ing that they are not
+ NULL.
+ Fix this by removing the DEBUGASSERTs.
+
+ Suggested-by: Daniel Stenberg
+ Ref: https://github.com/curl/curl/pull/2463
+
+- [Kees Dekker brought this change]
+
+ winbuild: fix URL
+
+ Follow up on https://github.com/curl/curl/pull/2472.
+ Now using en-us instead of nl-nl as language code in the URL.
+
+ Closes https://github.com/curl/curl/pull/2475
+
+Daniel Stenberg (9 Apr 2018)
+- [Kees Dekker brought this change]
+
+ winbuild: updated the documentation
+
+ The setenv command no longer exists and visual studio build prompts got
+ changed. Used Visual Studio 2015/2017 as reference.
+
+ Closes #2472
+
+- test1136: fix cookie order after commit c990eadd1277
+
+- build: cleanup to fix clang warnings/errors
+
+ unit1309 and vtls/gtls: error: arithmetic on a null pointer treated as a
+ cast from integer to pointer is a GNU extension
+
+ Reported-by: Rikard Falkeborn
+
+ Fixes #2466
+ Closes #2468
+
+Jay Satiro (7 Apr 2018)
+- examples/sftpuploadresmue: Fix Windows large file seek
+
+ - Use _fseeki64 instead of fseek (long) to seek curl_off_t in Windows.
+
+ - Use CURL_FORMAT_CURL_OFF_T specifier instead of %ld to print
+ curl_off_t.
+
+ Caught by Marc's CI builds.
+
+Daniel Stenberg (7 Apr 2018)
+- curl_setup: provide a CURL_SA_FAMILY_T type if none exists
+
+ ... and use this type instead of 'sa_family_t' in the code since several
+ platforms don't have it.
+
+ Closes #2463
+
+- [Eric Gallager brought this change]
+
+ build: add picky compiler warning flags for gcc 6 and 7
+
+- configure: detect sa_family_t
+
+Jay Satiro (7 Apr 2018)
+- [Stefan Agner brought this change]
+
+ tool_operate: Fix retry on FTP 4xx to ignore other protocols
+
+ Only treat response code as FTP response codes in case the
+ protocol type is FTP.
+
+ This fixes an issue where an HTTP download was treated as FTP
+ in case libcurl returned with 33. This happens when the
+ download has already finished and the server responses 416:
+ HTTP/1.1 416 Requested Range Not Satisfiable
+
+ This should not be treated as an FTP error.
+
+ Fixes #2464
+ Closes #2465
+
+Daniel Stenberg (6 Apr 2018)
+- hash: calculate sizes with size_t instead of longs
+
+ ... since they return size_t anyway!
+
+ closes #2462
+
+- RELEASE-NOTES: synced
+
+- [Jay Satiro brought this change]
+
+ build-openssl.bat: Refer to VS2017 as VC14.1 instead of VC15
+
+ .. and do the same for build-wolfssl.bat.
+
+ Because MS calls it VC14.1.
+
+ Closes https://github.com/curl/curl/pull/2189
+
+- [Kees Dekker brought this change]
+
+ winbuild: make the clean target work without build-type
+
+ Due to the check in Makefile.vc and MakefileBuild.vc, no make call can
+ be invoked unless a build-type was specified. However, a clean target
+ only existed when a build type was specified. As a result, the clean
+ target was unreachable. Made clean target unconditional.
+
+ Closes #2455
+
+- [patelvivekv1993 brought this change]
+
+ build-openssl.bat: allow custom paths for VS and perl
+
+ Fixes #2430
+ Closes #2457
+
+- [Laurie Clark-Michalek brought this change]
+
+ FTP: allow PASV on IPv6 connections when a proxy is being used
+
+ In the situation of a client connecting to an FTP server using an IPv6
+ tunnel proxy, the connection info will indicate that the connection is
+ IPv6. However, because the server behing the proxy is IPv4, it is
+ permissable to attempt PSV mode. In the case of the FTP server being
+ IPv4 only, EPSV will always fail, and with the current logic curl will
+ be unable to connect to the server, as the IPv6 fwdproxy causes curl to
+ think that EPSV is impossible.
+
+ Closes #2432
+
+- [Jon DeVree brought this change]
+
+ file: restore old behavior for file:////foo/bar URLs
+
+ curl 7.57.0 and up interpret this according to Appendix E.3.2 of RFC
+ 8089 but then returns an error saying this is unimplemented. This is
+ actually a regression in behavior on both Windows and Unix.
+
+ Before curl 7.57.0 this URL was treated as a path of "//foo/bar" and
+ then passed to the relevant OS API. This means that the behavior of this
+ case is actually OS dependent.
+
+ The Unix path resolution rules say that the OS must handle swallowing
+ the extra "/" and so this path is the same as "/foo/bar"
+
+ The Windows path resolution rules say that this is a UNC path and
+ automatically handles the SMB access for the program. So curl on Windows
+ was already doing Appendix E.3.2 without any special code in curl.
+
+ Regression
+
+ Closes #2438
+
+- [Gaurav Malhotra brought this change]
+
+ Revert "openssl: Don't add verify locations when verifypeer==0"
+
+ This reverts commit dc85437736e1fc90e689bb1f6c51c8f1aa9430eb.
+
+ libcurl (with the OpenSSL backend) performs server certificate verification
+ even if verifypeer == 0 and the verification result is available using
+ CURLINFO_SSL_VERIFYRESULT. The commit that is being reverted caused the
+ CURLINFO_SSL_VERIFYRESULT to not have useful information for the
+ verifypeer == 0 use case (it would always have
+ X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY).
+
+ Closes #2451
+
+- [Wyatt O'Day brought this change]
+
+ tls: fix mbedTLS 2.7.0 build + handle sha256 failures
+
+ (mbedtls 2.70 compiled with MBEDTLS_DEPRECATED_REMOVED)
+
+ Closes #2453
+
+- [Lauri Kasanen brought this change]
+
+ cookie: case-insensitive hashing for the domains
+
+ closes #2458
+
+Patrick Monnerat (4 Apr 2018)
+- cookie: fix and optimize 2nd top level domain name extraction
+
+ This fixes a segfault occurring when a name of the (invalid) form "domain..tld"
+ is processed.
+
+ test46 updated to cover this case.
+
+ Follow-up to commit c990ead.
+
+ Ref: https://github.com/curl/curl/pull/2440
+
+Daniel Stenberg (4 Apr 2018)
+- openssl: provide defines for argument typecasts to build warning-free
+
+ ... as OpenSSL >= 1.1.0 and libressl >= 2.7.0 use different argument types.
+
+- [Bernard Spil brought this change]
+
+ openssl: fix build with LibreSSL 2.7
+
+ - LibreSSL 2.7 implements (most of) OpenSSL 1.1 API
+
+ Fixes #2319
+ Closes #2447
+ Closes #2448
+
+ Signed-off-by: Bernard Spil <brnrd@FreeBSD.org>
+
+- [Lauri Kasanen brought this change]
+
+ cookie: store cookies per top-level-domain-specific hash table
+
+ This makes libcurl handle thousands of cookies much better and speedier.
+
+ Closes #2440
+
+- [Lauri Kasanen brought this change]
+
+ cookies: when reading from a file, only remove_expired once
+
+ This drops the cookie load time for 8k cookies from 178ms to 15ms.
+
+ Closes #2441
+
+- test1148: set a fixed locale for the test
+
+ ...as otherwise it might use a different decimal sign.
+
+ Bug: #2436
+ Reported-by: Oumph on github
+
+Jay Satiro (31 Mar 2018)
+- docs: fix CURLINFO_*_T examples use of CURL_FORMAT_CURL_OFF_T
+
+ - Put a percent sign before each CURL_FORMAT_CURL_OFF_T in printf.
+
+ For example "%" CURL_FORMAT_CURL_OFF_T becomes %lld or similar.
+
+ Bug: https://curl.haxx.se/mail/lib-2018-03/0140.html
+ Reported-by: David L.
+
+Sergei Nikulov (27 Mar 2018)
+- [Michał Janiszewski brought this change]
+
+ cmake: Add advapi32 as explicit link library for win32
+
+ ARM targets need advapi32 explicitly.
+
+ Closes #2363
+
+Daniel Stenberg (27 Mar 2018)
+- TODO: connection cache sharing is now supporte
+
+Jay Satiro (26 Mar 2018)
+- travis: enable apt retry on fail
+
+ This is a workaround for an unsolved travis issue that is causing CI
+ instances to sporadically fail due to 'unable to connect' issues during
+ apt stage.
+
+ Ref: https://github.com/travis-ci/travis-ci/issues/8507
+ Ref: https://github.com/travis-ci/travis-ci/issues/9112#issuecomment-376305909
+
+Michael Kaufmann (26 Mar 2018)
+- runtests.pl: fix warning 'use of uninitialized value'
+
+ follow-up to a9a7b60
+
+ Closes #2428
+
+Daniel Stenberg (24 Mar 2018)
+- gitignore: ignore more generated files
+
+- threaded resolver: track resolver time and set suitable timeout values
+
+ In order to make curl_multi_timeout() return suitable "sleep" times even
+ when there's no socket to wait for while the name is being resolved in a
+ helper thread.
+
+ It will increases the timeouts as time passes.
+
+ Closes #2419
+
+- [Howard Chu brought this change]
+
+ openldap: fix for NULL return from ldap_get_attribute_ber()
+
+ Closes #2399
+
+GitHub (22 Mar 2018)
+- [Sergei Nikulov brought this change]
+
+ travis-ci: enable -Werror for CMake builds (#2418)
+
+- [Sergei Nikulov brought this change]
+
+ cmake: avoid warn-as-error during config checks (#2411)
+
+ - Move the CURL_WERROR option processing after the configuration checks
+ to avoid failures in case of warnings during the configuration checks.
+
+ This is a partial fix for #2358
+
+- [Sergei Nikulov brought this change]
+
+ timeval: remove compilation warning by casting (#2417)
+
+ This is fixes #2358
+
+Daniel Stenberg (22 Mar 2018)
+- http2: read pending frames (including GOAWAY) in connection-check
+
+ If a connection has received a GOAWAY frame while not being used, the
+ function now reads frames off the connection before trying to reuse it
+ to avoid reusing connections the server has told us not to use.
+
+ Reported-by: Alex Baines
+ Fixes #1967
+ Closes #2402
+
+- [Bas van Schaik brought this change]
+
+ CI: add lgtm.yml for tweaking lgtm.com analysis
+
+ Closes #2414
+
+- CURLINFO_SSL_VERIFYRESULT.3: fix the example, add some text
+
+ Reported-by: Michal Trybus
+
+ Fixes #2400
+
+- TODO: expand ~/ in config files
+
+ Closes #2317
+
+- cookie.d: mention that "-" as filename means stdin
+
+ Reported-by: Dongliang Mu
+ Fixes #2410
+
+- CURLINFO_COOKIELIST.3: made the example not leak memory
+
+ Reported-by: Muz Dima
+
+- vauth/cleartext: fix integer overflow check
+
+ Make the integer overflow check not rely on the undefined behavior that
+ a size_t wraps around on overflow.
+
+ Detected by lgtm.com
+ Closes #2408
+
+- lib/curl_path.h: add #ifdef header guard
+
+ Detected by lgtm.com
+
+- vauth/ntlm.h: fix the #ifdef header guard
+
+ Detected by lgtm.com
+
+Jay Satiro (20 Mar 2018)
+- examples/hiperfifo: checksrc compliance
+
+Daniel Stenberg (19 Mar 2018)
+- [Nikos Tsipinakis brought this change]
+
+ parsedate: support UT timezone
+
+ RFC822 section 5.2 mentions Universal Time, 'UT', to be synonymous with
+ GMT.
+
+ Closes #2401
+
+- RELEASE-NOTES: synced
+
+- [Don brought this change]
+
+ cmake: add support for brotli
+
+ Currently CMake cannot detect Brotli support. This adds detection of the
+ libraries and associated header files. It also adds this to the
+ generated config.
+
+ Closes #2392
+
+- [Chris Araman brought this change]
+
+ darwinssl: fix iOS build
+
+Patrick Monnerat (18 Mar 2018)
+- ILE/RPG binding: Add CURLOPT_HAPROXYPROTOCOL/Fix CURLOPT_DNS_SHUFFLE_ADDRESSES
+
+Daniel Stenberg (17 Mar 2018)
+- [Rick Deist brought this change]
+
+ resolve: add CURLOPT_DNS_SHUFFLE_ADDRESSES
+
+ This patch adds CURLOPT_DNS_SHUFFLE_ADDRESSES to explicitly request
+ shuffling of IP addresses returned for a hostname when there is more
+ than one. This is useful when the application knows that a round robin
+ approach is appropriate and is willing to accept the consequences of
+ potentially discarding some preference order returned by the system's
+ implementation.
+
+ Closes #1694
+
+- add_handle/easy_perform: clear errorbuffer on start if set
+
+ To offer applications a more defined behavior, we clear the buffer as
+ early as possible.
+
+ Assisted-by: Jay Satiro
+
+ Fixes #2190
+ Closes #2377
+
+- [Lawrence Matthews brought this change]
+
+ CURLOPT_HAPROXYPROTOCOL: support the HAProxy PROXY protocol
+
+ Add --haproxy-protocol for the command line tool
+
+ Closes #2162
+
+- curl_version_info.3: fix ssl_version description
+
+ Reported-by: Vincas Razma
+ Fixes #2364
+
+- multi: improved pending transfers handling => improved performance
+
+ When a transfer is requested to get done and it is put in the pending
+ queue when limited by number of connections, total or per-host, libcurl
+ would previously very aggressively retry *ALL* pending transfers to get
+ them transferring. That was very time consuming.
+
+ By reducing the aggressiveness in how pending are being retried, we
+ waste MUCH less time on putting transfers back into pending again.
+
+ Some test cases got a factor 30(!) speed improvement with this change.
+
+ Reported-by: Cyril B
+ Fixes #2369
+ Closes #2383
+
+- pause: when changing pause state, update socket state
+
+ Especially unpausing a transfer might have to move the socket back to the
+ "currently used sockets" hash to get monitored. Otherwise it would never get
+ any more data and get stuck. Easily triggered with pausing using the
+ multi_socket API.
+
+ Reported-by: Philip Prindeville
+ Bug: https://curl.haxx.se/mail/lib-2018-03/0048.html
+ Fixes #2393
+ Closes #2391
+
+- [Philip Prindeville brought this change]
+
+ examples/hiperfifo.c: improved
+
+ * use member struct event’s instead of pointers to alloc’d struct
+ events
+
+ * simplify the cases for the mcode_or_die() function via macros;
+
+ * make multi_timer_cb() actually do what the block comment says it
+ should;
+
+ * accept a “stop” command on the FIFO to shut down the service;
+
+ * use cleaner notation for unused variables than the (void) hack;
+
+ * allow following redirections (304’s);
+
+- rate-limit: use three second window to better handle high speeds
+
+ Due to very frequent updates of the rate limit "window", it could
+ attempt to rate limit within the same milliseconds and that then made
+ the calculations wrong, leading to it not behaving correctly on very
+ fast transfers.
+
+ This new logic updates the rate limit "window" to be no shorter than the
+ last three seconds and only updating the timestamps for this when
+ switching between the states TOOFAST/PERFORM.
+
+ Reported-by: 刘佩东
+ Fixes #2386
+ Closes #2388
+
+- [luz.paz brought this change]
+
+ cleanup: misc typos in strings and comments
+
+ Found via `codespell`
+
+ Closes #2389
+
+- RELEASE-NOTES: toward 7.60.0
+
+- [Kobi Gurkan brought this change]
+
+ http2: fixes typo
+
+ Closes #2387
+
+- user-agent.d:: mention --proxy-header as well
+
+ Bug: https://github.com/curl/curl/issues/2381
+
+- transfer: make HTTP without headers count correct body size
+
+ This is what "HTTP/0.9" basically looks like.
+
+ Reported on IRC
+
+ Closes #2382
+
+- test1208: marked flaky
+
+ It fails somewhere between every 3rd to 10th travis-CI run
+
+- SECURITY-PROCESS: mention how we write/add advisories
+
+- [dasimx brought this change]
+
+ FTP: fix typo in recursive callback detection for seeking
+
+ Fixes #2380
+
+Version 7.59.0 (13 Mar 2018)
+
+Daniel Stenberg (13 Mar 2018)
+- release: 7.59.0
+
+Kamil Dudka (13 Mar 2018)
+- tests/.../spnego.py: fix identifier typo
+
+ Detected by Coverity Analysis:
+
+ Error: IDENTIFIER_TYPO:
+ curl-7.58.0/tests/python_dependencies/impacket/spnego.py:229: identifier_typo: Using "SuportedMech" appears to be a typo:
+ * Identifier "SuportedMech" is only known to be referenced here, or in copies of this code.
+ * Identifier "SupportedMech" is referenced elsewhere at least 4 times.
+ curl-7.58.0/tests/python_dependencies/impacket/smbserver.py:2651: identifier_use: Example 1: Using identifier "SupportedMech".
+ curl-7.58.0/tests/python_dependencies/impacket/smbserver.py:2308: identifier_use: Example 2: Using identifier "SupportedMech".
+ curl-7.58.0/tests/python_dependencies/impacket/spnego.py:252: identifier_use: Example 3: Using identifier "SupportedMech" (2 total uses in this function).
+ curl-7.58.0/tests/python_dependencies/impacket/spnego.py:229: remediation: Should identifier "SuportedMech" be replaced by "SupportedMech"?
+
+ Closes #2379
+
+Daniel Stenberg (13 Mar 2018)
+- CURLOPT_COOKIEFILE.3: "-" as file name means stdin
+
+ Reported-by: Aron Bergman
+ Bug: https://curl.haxx.se/mail/lib-2018-03/0049.html
+
+ [ci skip]
+
+- Revert "hostip: fix compiler warning: 'variable set but not used'"
+
+ This reverts commit a577059f92fc65bd6b81717f0737f897a5b34248.
+
+ The assignment really needs to be there or we risk working with an
+ uninitialized pointer.
+
+Michael Kaufmann (12 Mar 2018)
+- limit-rate: fix compiler warning
+
+ follow-up to 72a0f62
+
+Viktor Szakats (12 Mar 2018)
+- checksrc.pl: add -i and -m options
+
+ To sync it with changes made for the libssh2 project.
+ Also cleanup some whitespace.
+
+- curl-openssl.m4: fix spelling [ci skip]
+
+- FAQ: fix a broken URL [ci skip]
+
+Daniel Stenberg (12 Mar 2018)
+- http2: mark the connection for close on GOAWAY
+
+ ... don't consider it an error!
+
+ Assisted-by: Jay Satiro
+ Reported-by: Łukasz Domeradzki
+ Fixes #2365
+ Closes #2375
+
+- credits: Viktor prefers without accent
+
+- openldap: white space changes, fixed up the copyright years
+
+- openldap: check ldap_get_attribute_ber() results for NULL before using
+
+ CVE-2018-1000121
+ Reported-by: Dario Weisser
+ Bug: https://curl.haxx.se/docs/adv_2018-97a2.html
+
+- FTP: reject path components with control codes
+
+ Refuse to operate when given path components featuring byte values lower
+ than 32.
+
+ Previously, inserting a %00 sequence early in the directory part when
+ using the 'singlecwd' ftp method could make curl write a zero byte
+ outside of the allocated buffer.
+
+ Test case 340 verifies.
+
+ CVE-2018-1000120
+ Reported-by: Duy Phan Thanh
+ Bug: https://curl.haxx.se/docs/adv_2018-9cd6.html
+
+- readwrite: make sure excess reads don't go beyond buffer end
+
+ CVE-2018-1000122
+ Bug: https://curl.haxx.se/docs/adv_2018-b047.html
+
+ Detected by OSS-fuzz
+
+- BUGS: updated link to security process
+
+- limit-rate: kick in even before "limit" data has been received
+
+ ... and make sure to avoid integer overflows with really large values.
+
+ Reported-by: 刘佩东
+ Fixes #2371
+ Closes #2373
+
+- docs/SECURITY.md -> docs/SECURITY-PROCESS.md
+
+- SECURITY.md: call it the security process
+
+Michael Kaufmann (11 Mar 2018)
+- Curl_range: fix FTP-only and FILE-only builds
+
+ follow-up to e04417d
+
+- hostip: fix compiler warning: 'variable set but not used'
+
+Daniel Stenberg (11 Mar 2018)
+- HTTP: allow "header;" to replace an internal header with a blank one
+
+ Reported-by: Michael Kaufmann
+ Fixes #2357
+ Closes #2362
+
+- http2: verbose output new MAX_CONCURRENT_STREAMS values
+
+ ... as it is interesting for many users.
+
+- SECURITY: distros' max embargo time is 14 days now
+
+Patrick Monnerat (8 Mar 2018)
+- curl tool: accept --compressed also if Brotli is enabled and zlib is not.
+
+Daniel Stenberg (5 Mar 2018)
+- THANKS + mailmap: remove duplicates, fixup full names
+
+- [sergii.kavunenko brought this change]
+
+ WolfSSL: adding TLSv1.3
+
+ Closes #2349
diff --git a/libs/libcurl/docs/COPYING b/libs/libcurl/docs/COPYING
index 560a49dcee..3528bd7566 100644
--- a/libs/libcurl/docs/COPYING
+++ b/libs/libcurl/docs/COPYING
@@ -1,6 +1,6 @@
COPYRIGHT AND PERMISSION NOTICE
-Copyright (c) 1996 - 2018, Daniel Stenberg, <daniel@haxx.se>, and many
+Copyright (c) 1996 - 2019, Daniel Stenberg, <daniel@haxx.se>, and many
contributors, see the THANKS file.
All rights reserved.
diff --git a/libs/libcurl/docs/THANKS b/libs/libcurl/docs/THANKS
index 646794b387..58a8322ba5 100644
--- a/libs/libcurl/docs/THANKS
+++ b/libs/libcurl/docs/THANKS
@@ -9,8 +9,11 @@
Aaro Koskinen
Aaron Oneal
Aaron Orenstein
+Aaron Scarisbrick
Abram Pousada
+Adam Barclay
Adam Brown
+Adam Coyne
Adam D. Moss
Adam Langley
Adam Light
@@ -18,6 +21,7 @@ Adam Marcionek
Adam Piggott
Adam Sampson
Adam Tkac
+Adrian Burcea
Adrian Peniak
Adrian Schuur
Adriano Meirelles
@@ -31,7 +35,6 @@ Alan Jenkins
Alan Pinstein
Albert Chin-A-Young
Albert Choy
-Ale Vesely
Alejandro Alvarez Ayllon
Alejandro R. Sedeño
Aleksandar Milivojevic
@@ -91,8 +94,8 @@ Andi Jahja
Andre Guibert de Bruet
Andre Heinecke
Andreas Damm
-Andreas Faerber
Andreas Farber
+Andreas Kostyrka
Andreas Malzahn
Andreas Ntaflos
Andreas Olsson
@@ -106,6 +109,7 @@ Andrei Benea
Andrei Cipu
Andrei Karas
Andrei Kurushin
+Andrei Neculau
Andrei Sedoi
Andrei Virtosu
Andrej E Baranov
@@ -160,7 +164,9 @@ Ates Goral
Augustus Saunders
Avery Fay
Axel Tillequin
+Ayoub Boudhar
Balaji Parasuram
+Balaji S Rao
Balaji Salunke
Balint Szilakszi
Barry Abrahamson
@@ -171,6 +177,7 @@ Basuke Suzuki
Ben Boeckel
Ben Darnell
Ben Greear
+Ben Kohler
Ben Madsen
Ben Noordhuis
Ben Van Hof
@@ -180,11 +187,13 @@ Benjamin Gerard
Benjamin Gilbert
Benjamin Johnson
Benjamin Kircher
+Benjamin Ritcey
Benjamin Sergeant
Benoit Neil
Benoit Sigoure
Bernard Leak
Bernard Spil
+Bernhard Iselborn
Bernhard M. Wiedemann
Bernhard Reutner-Fischer
Bernhard Walle
@@ -219,9 +228,11 @@ Brendan Jurd
Brent Beardsley
Brian Akins
Brian Carpenter
+Brian Chaplin
Brian Childs
Brian Chrisman
Brian Dessent
+Brian E. Gallew
Brian J. Murrell
Brian Prodoehl
Brian R Duffy
@@ -289,6 +300,7 @@ Chungtsun Li
Ciprian Badescu
Claes Jakobsson
Clarence Gardner
+Claudio Neves
Clemens Gruber
Clifford Wolf
Clint Clayton
@@ -302,6 +314,7 @@ Colm Buckley
Constantine Sapuntzakis
Cory Benfield
Cory Nelson
+Costya Shulyupin
Craig A West
Craig Davison
Craig Markwardt
@@ -323,7 +336,6 @@ Damian Dixon
Damien Adant
Damien Vielpeau
Dan Becker
-Dan C
Dan Cristian
Dan Donahue
Dan Fandrich
@@ -391,11 +403,11 @@ David Lang
David LeBlanc
David Lord
David McCreedy
-David Meyer
David Odin
David Phillips
David Rosenstrauch
David Ryskalczyk
+David Sanderson
David Schweikert
David Shaw
David Strauss
@@ -506,12 +518,14 @@ Eric Mertens
Eric Rautman
Eric Rescorla
Eric Ridge
+Eric Rosenquist
Eric S. Raymond
Eric Thelin
Eric Vergnaud
Eric Wong
Eric Young
Erick Nuwendam
+Erik Jacobsen
Erik Janssen
Erik Johansson
Erik Minekus
@@ -520,6 +534,7 @@ Ernst Sjöstrand
Erwan Legrand
Erwin Authried
Ethan Glasser Camp
+Etienne Simard
Eugene Kotlyarov
Evan Jordan
Even Rouault
@@ -534,14 +549,17 @@ Fabian Ruff
Fabrice Fontaine
Fabrizio Ammollo
Fahim Chandurwala
+Federico Bianchi
Fedor Karpelevitch
Feist Josselin
+Felix Hädicke
Felix Kaiser
Felix Yan
Felix von Leitner
Feng Tu
Fernando Muñoz
Flavio Medeiros
+Florian Pritz
Florian Schoppmann
Florian Weimer
Florin Petriuc
@@ -593,7 +611,9 @@ Gil Weber
Gilad
Gilbert Ramirez Jr.
Gilles Blanc
+Giorgos Oikonomou
Gisle Vanem
+GitYuanQu on github
Giuseppe Attardi
Giuseppe D'Ambrosio
Giuseppe Persico
@@ -613,10 +633,10 @@ Greg Onufer
Greg Pratt
Greg Rowe
Greg Zavertnik
+Gregory Nicholls
Gregory Szorc
Grigory Entin
Guenole Bescon
-Guenter Knauf
Guido Berhoerster
Guillaume Arluison
Gunter Knauf
@@ -627,6 +647,7 @@ Gwenole Beauchesne
Gökhan Şengün
Götz Babin-Ebell
Hagai Auro
+Haibo Huang
Hamish Mackenzie
Han Han
Han Qiao
@@ -647,9 +668,11 @@ He Qin
Heikki Korpela
Heinrich Ko
Heinrich Schaefer
+Helge Klein
Helmut K. C. Tessarek
Helwing Lutz
Hendrik Visage
+Henri Gomez
Henrik Gaßmann
Henrik Storner
Henry Ludemann
@@ -659,8 +682,10 @@ Hidemoto Nakada
Ho-chi Chen
Hoi-Ho Chan
Hongli Lai
+Howard Blaise
Howard Chu
Hubert Kario
+Huzaifa Sidhpurwala
Hzhijun
Ian D Allen
Ian Fette
@@ -671,6 +696,7 @@ Ian Turner
Ian Wilkes
Ignacio Vazquez-Abrams
Igor Franchuk
+Igor Khristophorov
Igor Novoseltsev
Igor Polyakov
Ihor Karpenko
@@ -683,6 +709,7 @@ Ingmar Runge
Ingo Ralf Blum
Ingo Wilken
Irfan Adilovic
+Irving Wolfe
Isaac Boukris
Ishan SinghLevett
Ithubg on github
@@ -720,10 +747,12 @@ Jan Kunder
Jan Schaumann
Jan Schmidt
Jan Van Boghout
+Janne Johansson
Jared Jennings
Jared Lundell
Jari Aalto
Jari Sundell
+Jason Baietto
Jason Glasgow
Jason Juang
Jason Liu
@@ -756,6 +785,8 @@ Jeff Pohlmeyer
Jeff Weber
Jeffrey Walton
Jens Rantil
+Jens Schleusener
+Jeremie Rapin
Jeremy Friesner
Jeremy Huddleston
Jeremy Lin
@@ -796,7 +827,9 @@ Johan Nilsson
Johan van Selst
Johannes Bauer
Johannes Ernst
+Johannes G. Kristinsson
Johannes Schindelin
+John A. Bristor
John Bradshaw
John Butterfield
John Coffey
@@ -821,7 +854,9 @@ John McGowan
John P. McCaskey
John Starks
John Suprock
+John V. Chow
John Wanghui
+John Weismiller
John Wilkinson
John-Mark Bell
Johnny Luong
@@ -840,7 +875,6 @@ Jonas Schnelli
Jonatan Lander
Jonatan Vela
Jonathan Cardoso Machado
-Jonathan Cardoso Machado Machado
Jonathan Hseu
Jonathan Nieder
Jongki Suwandi
@@ -851,6 +885,7 @@ Josef Wolf
Josh Bialkowski
Josh Kapell
Joshua Kwan
+Joshua Swink
Josue Andrade Gomes
Jozef Kralik
Juan Barreto
@@ -862,7 +897,9 @@ Juergen Wilke
Jukka Pihl
Julian Noble
Julian Ospald
+Julian Romero Nieto
Julian Taylor
+Julian Z
Julien Chaffraix
Julien Nabet
Julien Royer
@@ -892,6 +929,7 @@ Karol Pietrzak
Kartik Mahajan
Kaspar Brand
Katie Wang
+Katsuhiko YOSHIDA
Kazuho Oku
Kees Cook
Kees Dekker
@@ -935,6 +973,7 @@ Kyle L. Huff
Kyle Sallee
Kyselgov E.N
Lachlan O'Dea
+Ladar Levison
Larry Campbell
Larry Fahnoe
Larry Lin
@@ -946,7 +985,6 @@ Lars J. Aas
Lars Johannesen
Lars Nilsson
Lars Torben Wilson
-Lau Hang Kin
Laurent Bonnans
Laurent Rabret
Lauri Kasanen
@@ -956,10 +994,13 @@ Lawrence Wagerfield
Legoff Vincent
Lehel Bernadt
Leif W
+Leigh Purdie
Leith Bade
Len Krause
+Len Marinaccio
Lenaic Lefever
Lenny Rachitsky
+Leon Breedt
Leon Winter
Leonardo Rosati
Leonardo Taccari
@@ -1032,6 +1073,7 @@ Marco G. Salvagno
Marco Maggi
Marcos Diazr
Marcus Hoffmann
+Marcus Klein
Marcus Sundberg
Marcus Webster
Marian Klymov
@@ -1039,7 +1081,6 @@ Mario Schroeder
Mark Brand
Mark Butler
Mark Davies
-Mark Eichin
Mark Hamilton
Mark Incley
Mark Karpeles
@@ -1048,6 +1089,8 @@ Mark Nottingham
Mark Salisbury
Mark Snelling
Mark Tully
+Mark W. Eichin
+Mark Wotton
Markus Duft
Markus Elfring
Markus Koetter
@@ -1065,9 +1108,11 @@ Martin Galvan
Martin Hager
Martin Hedenfalk
Martin Jansen
+Martin Kammerhofer
Martin Kepplinger
Martin Lemke
Martin Skinner
+Martin Staael
Martin Storsjö
Martin Vejnár
Marty Kuhrt
@@ -1076,6 +1121,7 @@ Massimiliano Ziccardi
Massimo Callegari
Mateusz Loskot
Mathias Axelsson
+Mathieu Legare
Mats Lidell
Matt Arsenault
Matt Ford
@@ -1083,8 +1129,8 @@ Matt Kraai
Matt Veenstra
Matt Witherspoon
Matt Wixson
-Matteo B.
Matteo Bignotti
+Matteo Bignottignotti
Matteo Rocco
Matthew Blain
Matthew Clarke
@@ -1093,6 +1139,7 @@ Matthew Kerwin
Matthew Whitehead
Matthias Bolte
Mattias Fornander
+Matus Uzak
Maurice Barnum
Mauro Iorio
Mauro Rappa
@@ -1109,6 +1156,7 @@ Mehmet Bozkurt
Mekonikum
Melissa Mears
Mettgut Jamalla
+Michael Anti
Michael Benedict
Michael Calmer
Michael Cronenworth
@@ -1122,6 +1170,7 @@ Michael Jerris
Michael Kalinin
Michael Kaufmann
Michael Kilburn
+Michael Kujawa
Michael König
Michael Maltese
Michael Mealling
@@ -1129,6 +1178,7 @@ Michael Mueller
Michael Osipov
Michael Smith
Michael Stapelberg
+Michael Steuer
Michael Stillwell
Michael Wallner
Michal Bonino
@@ -1150,6 +1200,7 @@ Mikalai Ananenka
Mike Bytnar
Mike Crowe
Mike Dobbs
+Mike Dowell
Mike Giancola
Mike Hasselberg
Mike Henshaw
@@ -1236,6 +1287,7 @@ Orgad Shaneh
Ori Avtalion
Oscar Koeroo
Oscar Norlander
+Oskar Liljeblad
Oumph on github
P R Schaffner
Palo Markovic
@@ -1282,6 +1334,7 @@ Pawel A. Gajda
Pawel Kierski
Pedro Larroy
Pedro Neves
+Peng Li
Per Lundberg
Per Malmberg
Pete Lomax
@@ -1357,7 +1410,6 @@ Rajkumar Mandal
Ralf S. Engelschall
Ralph Beckmann
Ralph Mitchell
-Ramana Mokkapati
Ran Mozes
Randall S. Becker
Randy Armstrong
@@ -1370,6 +1422,7 @@ Ray Satiro
Razvan Cojocaru
Reinhard Max
Reinout van Schouwen
+Remco van Hooff
Remi Gacogne
Remo E
Renato Botelho
@@ -1386,6 +1439,7 @@ Rich Burridge
Rich Gray
Rich Rauenzahn
Rich Turner
+Richard Adams
Richard Alcock
Richard Archer
Richard Atterer
@@ -1405,6 +1459,7 @@ Richy Kim
Rick Deist
Rick Jones
Rick Richardson
+Rick Welykochy
Ricki Hirner
Ricky-Tigg on github
Rider Linden
@@ -1422,6 +1477,7 @@ Robert D. Young
Robert Foreman
Robert Iakobashvili
Robert Kolcun
+Robert Linden
Robert Olson
Robert Prag
Robert Schumann
@@ -1497,6 +1553,7 @@ Sean Boudreau
Sean Burford
Sean MacLennan
Sean Miller
+Sebastiaan van Erk
Sebastian Mundry
Sebastian Pohlschmidt
Sebastian Rasmussen
@@ -1507,6 +1564,7 @@ Sergey Tatarincev
Sergii Kavunenko
Sergii Pylypenko
Sergio Ballestrero
+Sergio Barresi
Sergio Borghese
Serj Kalichev
Seshubabu Pasam
@@ -1521,6 +1579,8 @@ Shaun Jackman
Shawn Landden
Shawn Poulson
Shine Fan
+Shiraz Kanga
+Shlomi Fish
Shmulik Regev
Siddhartha Prakash Jain
Sidney San Martín
@@ -1544,6 +1604,7 @@ Stefan Agner
Stefan Bühler
Stefan Eissing
Stefan Esser
+Stefan Grether
Stefan Kanthak
Stefan Krause
Stefan Neis
@@ -1553,6 +1614,7 @@ Stefan Ulrich
Steinar H. Gunderson
Stepan Broz
Stephan Bergmann
+Stephan Lagerholm
Stephan Mühlstrasser
Stephen Brokenshire
Stephen Collyer
@@ -1570,6 +1632,7 @@ Steve Little
Steve Marx
Steve Oliphant
Steve Roskowski
+Steve Walch
Steven Bazyl
Steven G. Johnson
Steven Gu
@@ -1591,9 +1654,11 @@ T. Bharath
T. Yamada
TJ Saunders
Tae Hyoung Ahn
+Tae Wong
Taneli Vähäkangas
Tanguy Fautre
Tatsuhiro Tsujikawa
+Teemu Yli-Elsila
Temprimus
Terri Oda
Terry Wu
@@ -1626,6 +1691,8 @@ Tim Rühsen
Tim Sneddon
Tim Stack
Tim Starling
+Tim Tassonis
+Tim Verhoeven
Timo Sirainen
Timotej Lazar
Timothe Litt
@@ -1633,11 +1700,13 @@ Timothy Polich
Tinus van den Berg
Tobias Blomberg
Tobias Hintze
+Tobias Lindgren
Tobias Markus
Tobias Rundström
Tobias Stoeckmann
Toby Peterson
Todd A Ouska
+Todd Kaufmann
Todd Kulesza
Todd Short
Todd Vierling
@@ -1653,6 +1722,7 @@ Tom Seddon
Tom Sparrow
Tom Wright
Tom Zerucha
+Tom van der Woerdt
Tomas Hoger
Tomas Jakobsson
Tomas Mlcoch
@@ -1692,6 +1762,7 @@ Vasiliy Faronov
Vasy Okhin
Venkat Akella
Venkataramana Mokkapati
+Vicente Garcia
Victor Snezhko
Vijay Panghal
Vikram Saxena
@@ -1717,9 +1788,9 @@ W. Mark Kubacki
Waldek Kozba
Walter J. Mack
Ward Willats
-Warp Kawada
Warren Menzer
Wayne Haigh
+Wenxiang Qian
Werner Koch
Wesley Laxton
Wesley Miaw
@@ -1728,6 +1799,7 @@ Wham Bang
Wilfredo Sanchez
Will Dietz
Willem Sparreboom
+William A. Rowe Jr
William Ahern
Wojciech Zwiefka
Wouter Van Rooy
@@ -1737,7 +1809,6 @@ Xavier Bouchoux
XhstormR on github
Xiangbin Li
Yaakov Selkowitz
-Yamada Yasuharu
Yang Tse
Yarram Sunil
Yasuharu Yamada
@@ -1749,6 +1820,7 @@ Yiming Jing
Yingwei Liu
Yonggang Luo
Yousuke Kimoto
+Yu Xin
Yukihiro Kawada
Yun SangHo
Yuriy Sosov
@@ -1759,7 +1831,9 @@ Zdenek Pavlas
Zekun Ni
Zenju on github
Zero King
+Zhao Yisha
Zhaoyang Wu
+Zhibiao Wu
Zhouyihai Ding
Zmey Petroff
Zvi Har'El
@@ -1779,6 +1853,7 @@ daboul on github
dasimx on github
destman on github
dkjjr89 on github
+dnivras on github
dpull on github
dtmsecurity on github
eXeC64 on github
@@ -1790,6 +1865,7 @@ imilli on github
infinnovation-dev on github
iz8mbw on github
jakirkham on github
+jasal82 on github
jonrumsey on github
joshhe on github
jungle-boogie on github
@@ -1800,6 +1876,7 @@ lijian996 on github
lukaszgn on github
madblobfish on github
marc-groundctl on github
+masbug on github
mccormickt12 on github
mkzero on github
moohoorama on github
@@ -1811,7 +1888,6 @@ olesteban on github
omau on github
ovidiu-benea on github
patelvivekv1993 on github
-paulharris on github
pszemus on github
silveja1 on github
steelman on github
@@ -1825,7 +1901,6 @@ tpaukrt on github
vanillajonathan on github
wmsch on github
wncboy on github
-wyattoday on github
youngchopin on github
zelinchen on github
zzq1015 on github
diff --git a/libs/libcurl/include/curl/curl.h b/libs/libcurl/include/curl/curl.h
index 3c5ce709a5..88e1f39e87 100644
--- a/libs/libcurl/include/curl/curl.h
+++ b/libs/libcurl/include/curl/curl.h
@@ -355,11 +355,21 @@ typedef int (*curl_seek_callback)(void *instream,
signal libcurl to pause sending data on the current transfer. */
#define CURL_READFUNC_PAUSE 0x10000001
+/* Return code for when the trailing headers' callback has terminated
+ without any errors*/
+#define CURL_TRAILERFUNC_OK 0
+/* Return code for when was an error in the trailing header's list and we
+ want to abort the request */
+#define CURL_TRAILERFUNC_ABORT 1
+
typedef size_t (*curl_read_callback)(char *buffer,
size_t size,
size_t nitems,
void *instream);
+typedef int (*curl_trailer_callback)(struct curl_slist **list,
+ void *userdata);
+
typedef enum {
CURLSOCKTYPE_IPCXN, /* socket created for a specific IP connection */
CURLSOCKTYPE_ACCEPT, /* socket created by accept() call */
@@ -1875,6 +1885,15 @@ typedef enum {
/* Specify URL using CURL URL API. */
CINIT(CURLU, OBJECTPOINT, 282),
+ /* add trailing data just after no more data is available */
+ CINIT(TRAILERFUNCTION, FUNCTIONPOINT, 283),
+
+ /* pointer to be passed to HTTP_TRAILER_FUNCTION */
+ CINIT(TRAILERDATA, OBJECTPOINT, 284),
+
+ /* set this to 1L to allow HTTP/0.9 responses or 0L to disallow */
+ CINIT(HTTP09_ALLOWED, LONG, 285),
+
CURLOPT_LASTENTRY /* the last unused */
} CURLoption;
diff --git a/libs/libcurl/include/curl/curlver.h b/libs/libcurl/include/curl/curlver.h
index 43cec1abb8..3b043345d7 100644
--- a/libs/libcurl/include/curl/curlver.h
+++ b/libs/libcurl/include/curl/curlver.h
@@ -30,12 +30,12 @@
/* This is the version number of the libcurl package from which this header
file origins: */
-#define LIBCURL_VERSION "7.63.0"
+#define LIBCURL_VERSION "7.64.0"
/* The numeric version number is also available "in parts" by using these
defines: */
#define LIBCURL_VERSION_MAJOR 7
-#define LIBCURL_VERSION_MINOR 63
+#define LIBCURL_VERSION_MINOR 64
#define LIBCURL_VERSION_PATCH 0
/* This is the numeric version of the libcurl version number, meant for easier
@@ -57,7 +57,7 @@
CURL_VERSION_BITS() macro since curl's own configure script greps for it
and needs it to contain the full number.
*/
-#define LIBCURL_VERSION_NUM 0x073f00
+#define LIBCURL_VERSION_NUM 0x074000
/*
* This is the date and time when the full source package was created. The
@@ -68,7 +68,7 @@
*
* "2007-11-23"
*/
-#define LIBCURL_TIMESTAMP "2018-12-12"
+#define LIBCURL_TIMESTAMP "2019-02-06"
#define CURL_VERSION_BITS(x,y,z) ((x)<<16|(y)<<8|z)
#define CURL_AT_LEAST_VERSION(x,y,z) \
diff --git a/libs/libcurl/include/curl/urlapi.h b/libs/libcurl/include/curl/urlapi.h
index 90dd56c000..850faa97a5 100644
--- a/libs/libcurl/include/curl/urlapi.h
+++ b/libs/libcurl/include/curl/urlapi.h
@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2018 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -22,6 +22,8 @@
*
***************************************************************************/
+#include "curl.h"
+
#ifdef __cplusplus
extern "C" {
#endif
diff --git a/libs/libcurl/src/Makefile.am b/libs/libcurl/src/Makefile.am
index a7b5262b91..f2034a2f24 100644
--- a/libs/libcurl/src/Makefile.am
+++ b/libs/libcurl/src/Makefile.am
@@ -5,7 +5,7 @@
# | (__| |_| | _ <| |___
# \___|\___/|_| \_\_____|
#
-# Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
#
# This software is licensed as described in the file COPYING, which
# you should have received as part of this distribution. The terms
@@ -29,8 +29,7 @@ EXTRA_DIST = Makefile.m32 config-win32.h \
makefile.amiga Makefile.netware nwlib.c nwos.c config-win32ce.h \
config-os400.h setup-os400.h config-symbian.h Makefile.Watcom \
config-tpf.h mk-ca-bundle.pl mk-ca-bundle.vbs $(CMAKE_DIST) \
- firefox-db2pem.sh config-vxworks.h Makefile.vxworks checksrc.pl \
- objnames-test08.sh objnames-test10.sh objnames.inc
+ firefox-db2pem.sh config-vxworks.h Makefile.vxworks checksrc.pl
lib_LTLIBRARIES = libcurl.la
@@ -88,10 +87,6 @@ libcurl_la_CPPFLAGS_EXTRA =
libcurl_la_LDFLAGS_EXTRA =
libcurl_la_CFLAGS_EXTRA =
-@CODE_COVERAGE_RULES@
-libcurl_la_LDFLAGS_EXTRA += $(CODE_COVERAGE_LDFLAGS)
-libcurl_la_CFLAGS_EXTRA += $(CODE_COVERAGE_CFLAGS)
-
if CURL_LT_SHLIB_USE_VERSION_INFO
libcurl_la_LDFLAGS_EXTRA += $(VERSIONINFO)
endif
diff --git a/libs/libcurl/src/Makefile.in b/libs/libcurl/src/Makefile.in
index 43c5d442b4..14c1c73afa 100644
--- a/libs/libcurl/src/Makefile.in
+++ b/libs/libcurl/src/Makefile.in
@@ -124,8 +124,7 @@ host_triplet = @host@
@DOING_CURL_SYMBOL_HIDING_TRUE@am__append_9 = $(CFLAG_CURL_SYMBOL_HIDING)
subdir = lib
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/ax_code_coverage.m4 \
- $(top_srcdir)/m4/ax_compile_check_sizeof.m4 \
+am__aclocal_m4_deps = $(top_srcdir)/m4/ax_compile_check_sizeof.m4 \
$(top_srcdir)/m4/curl-compilers.m4 \
$(top_srcdir)/m4/curl-confopts.m4 \
$(top_srcdir)/m4/curl-functions.m4 \
@@ -686,12 +685,6 @@ CCDEPMODE = @CCDEPMODE@
# This might hold -Werror
CFLAGS = @CFLAGS@ @CURL_CFLAG_EXTRAS@
CFLAG_CURL_SYMBOL_HIDING = @CFLAG_CURL_SYMBOL_HIDING@
-CODE_COVERAGE_CFLAGS = @CODE_COVERAGE_CFLAGS@
-CODE_COVERAGE_CPPFLAGS = @CODE_COVERAGE_CPPFLAGS@
-CODE_COVERAGE_CXXFLAGS = @CODE_COVERAGE_CXXFLAGS@
-CODE_COVERAGE_ENABLED = @CODE_COVERAGE_ENABLED@
-CODE_COVERAGE_LDFLAGS = @CODE_COVERAGE_LDFLAGS@
-CODE_COVERAGE_LIBS = @CODE_COVERAGE_LIBS@
CONFIGURE_OPTIONS = @CONFIGURE_OPTIONS@
CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
@@ -734,7 +727,6 @@ ENABLE_STATIC = @ENABLE_STATIC@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
GCOV = @GCOV@
-GENHTML = @GENHTML@
GREP = @GREP@
HAVE_BROTLI = @HAVE_BROTLI@
HAVE_GNUTLS_SRP = @HAVE_GNUTLS_SRP@
@@ -886,7 +878,7 @@ top_srcdir = @top_srcdir@
# | (__| |_| | _ <| |___
# \___|\___/|_| \_\_____|
#
-# Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
#
# This software is licensed as described in the file COPYING, which
# you should have received as part of this distribution. The terms
@@ -908,8 +900,7 @@ EXTRA_DIST = Makefile.m32 config-win32.h \
makefile.amiga Makefile.netware nwlib.c nwos.c config-win32ce.h \
config-os400.h setup-os400.h config-symbian.h Makefile.Watcom \
config-tpf.h mk-ca-bundle.pl mk-ca-bundle.vbs $(CMAKE_DIST) \
- firefox-db2pem.sh config-vxworks.h Makefile.vxworks checksrc.pl \
- objnames-test08.sh objnames-test10.sh objnames.inc
+ firefox-db2pem.sh config-vxworks.h Makefile.vxworks checksrc.pl
lib_LTLIBRARIES = libcurl.la
@BUILD_UNITTESTS_FALSE@noinst_LTLIBRARIES =
@@ -943,10 +934,9 @@ VERSIONINFO = -version-info 9:0:5
AM_LDFLAGS =
AM_CFLAGS =
libcurl_la_CPPFLAGS_EXTRA = $(am__append_7) $(am__append_8)
-libcurl_la_LDFLAGS_EXTRA = $(CODE_COVERAGE_LDFLAGS) $(am__append_2) \
- $(am__append_3) $(am__append_4) $(am__append_5) \
- $(am__append_6)
-libcurl_la_CFLAGS_EXTRA = $(CODE_COVERAGE_CFLAGS) $(am__append_9)
+libcurl_la_LDFLAGS_EXTRA = $(am__append_2) $(am__append_3) \
+ $(am__append_4) $(am__append_5) $(am__append_6)
+libcurl_la_CFLAGS_EXTRA = $(am__append_9)
libcurl_la_CPPFLAGS = $(AM_CPPFLAGS) $(libcurl_la_CPPFLAGS_EXTRA)
libcurl_la_LDFLAGS = $(AM_LDFLAGS) $(libcurl_la_LDFLAGS_EXTRA) $(LDFLAGS) $(LIBCURL_LIBS)
libcurl_la_CFLAGS = $(AM_CFLAGS) $(libcurl_la_CFLAGS_EXTRA)
@@ -4223,8 +4213,6 @@ uninstall-am: uninstall-libLTLIBRARIES
.PRECIOUS: Makefile
-@CODE_COVERAGE_RULES@
-
checksrc:
@PERL@ $(srcdir)/checksrc.pl -D$(srcdir) -W$(srcdir)/curl_config.h \
$(srcdir)/*.[ch] $(srcdir)/vauth/*.[ch] $(srcdir)/vtls/*.[ch]
diff --git a/libs/libcurl/src/asyn-ares.c b/libs/libcurl/src/asyn-ares.c
index 6a49566c86..04a25b3213 100644
--- a/libs/libcurl/src/asyn-ares.c
+++ b/libs/libcurl/src/asyn-ares.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -199,6 +199,17 @@ void Curl_resolver_cancel(struct connectdata *conn)
}
/*
+ * We're equivalent to Curl_resolver_cancel() for the c-ares resolver. We
+ * never block.
+ */
+void Curl_resolver_kill(struct connectdata *conn)
+{
+ /* We don't need to check the resolver state because we can be called safely
+ at any time and we always do the same thing. */
+ Curl_resolver_cancel(conn);
+}
+
+/*
* destroy_async_data() cleans up async resolver data.
*/
static void destroy_async_data(struct Curl_async *async)
@@ -361,13 +372,13 @@ CURLcode Curl_resolver_is_resolved(struct connectdata *conn,
/*
* Curl_resolver_wait_resolv()
*
- * waits for a resolve to finish. This function should be avoided since using
+ * Waits for a resolve to finish. This function should be avoided since using
* this risk getting the multi interface to "hang".
*
* If 'entry' is non-NULL, make it point to the resolved dns entry
*
- * Returns CURLE_COULDNT_RESOLVE_HOST if the host was not resolved, and
- * CURLE_OPERATION_TIMEDOUT if a time-out occurred.
+ * Returns CURLE_COULDNT_RESOLVE_HOST if the host was not resolved,
+ * CURLE_OPERATION_TIMEDOUT if a time-out occurred, or other errors.
*/
CURLcode Curl_resolver_wait_resolv(struct connectdata *conn,
struct Curl_dns_entry **entry)
diff --git a/libs/libcurl/src/asyn-thread.c b/libs/libcurl/src/asyn-thread.c
index 74208d7ec5..a9679d062e 100644
--- a/libs/libcurl/src/asyn-thread.c
+++ b/libs/libcurl/src/asyn-thread.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -462,13 +462,33 @@ static CURLcode resolver_error(struct connectdata *conn)
}
/*
+ * Until we gain a way to signal the resolver threads to stop early, we must
+ * simply wait for them and ignore their results.
+ */
+void Curl_resolver_kill(struct connectdata *conn)
+{
+ struct thread_data *td = (struct thread_data*) conn->async.os_specific;
+
+ /* If we're still resolving, we must wait for the threads to fully clean up,
+ unfortunately. Otherwise, we can simply cancel to clean up any resolver
+ data. */
+ if(td && td->thread_hnd != curl_thread_t_null)
+ (void)Curl_resolver_wait_resolv(conn, NULL);
+ else
+ Curl_resolver_cancel(conn);
+}
+
+/*
* Curl_resolver_wait_resolv()
*
- * waits for a resolve to finish. This function should be avoided since using
+ * Waits for a resolve to finish. This function should be avoided since using
* this risk getting the multi interface to "hang".
*
* If 'entry' is non-NULL, make it point to the resolved dns entry
*
+ * Returns CURLE_COULDNT_RESOLVE_HOST if the host was not resolved,
+ * CURLE_OPERATION_TIMEDOUT if a time-out occurred, or other errors.
+ *
* This is the version for resolves-in-a-thread.
*/
CURLcode Curl_resolver_wait_resolv(struct connectdata *conn,
@@ -478,6 +498,7 @@ CURLcode Curl_resolver_wait_resolv(struct connectdata *conn,
CURLcode result = CURLE_OK;
DEBUGASSERT(conn && td);
+ DEBUGASSERT(td->thread_hnd != curl_thread_t_null);
/* wait for the thread to resolve the name */
if(Curl_thread_join(&td->thread_hnd)) {
diff --git a/libs/libcurl/src/asyn.h b/libs/libcurl/src/asyn.h
index 43625bc3be..ccd4b1f7e2 100644
--- a/libs/libcurl/src/asyn.h
+++ b/libs/libcurl/src/asyn.h
@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -87,10 +87,25 @@ CURLcode Curl_resolver_duphandle(struct Curl_easy *easy, void **to,
*
* It is called from inside other functions to cancel currently performing
* resolver request. Should also free any temporary resources allocated to
- * perform a request.
+ * perform a request. This never waits for resolver threads to complete.
+ *
+ * It is safe to call this when conn is in any state.
*/
void Curl_resolver_cancel(struct connectdata *conn);
+/*
+ * Curl_resolver_kill().
+ *
+ * This acts like Curl_resolver_cancel() except it will block until any threads
+ * associated with the resolver are complete. This never blocks for resolvers
+ * that do not use threads. This is intended to be the "last chance" function
+ * that cleans up an in-progress resolver completely (before its owner is about
+ * to die).
+ *
+ * It is safe to call this when conn is in any state.
+ */
+void Curl_resolver_kill(struct connectdata *conn);
+
/* Curl_resolver_getsock()
*
* This function is called from the multi_getsock() function. 'sock' is a
@@ -117,14 +132,13 @@ CURLcode Curl_resolver_is_resolved(struct connectdata *conn,
/*
* Curl_resolver_wait_resolv()
*
- * waits for a resolve to finish. This function should be avoided since using
+ * Waits for a resolve to finish. This function should be avoided since using
* this risk getting the multi interface to "hang".
*
* If 'entry' is non-NULL, make it point to the resolved dns entry
*
- * Returns CURLE_COULDNT_RESOLVE_HOST if the host was not resolved, and
- * CURLE_OPERATION_TIMEDOUT if a time-out occurred.
-
+ * Returns CURLE_COULDNT_RESOLVE_HOST if the host was not resolved,
+ * CURLE_OPERATION_TIMEDOUT if a time-out occurred, or other errors.
*/
CURLcode Curl_resolver_wait_resolv(struct connectdata *conn,
struct Curl_dns_entry **dnsentry);
@@ -148,6 +162,7 @@ Curl_addrinfo *Curl_resolver_getaddrinfo(struct connectdata *conn,
#ifndef CURLRES_ASYNCH
/* convert these functions if an asynch resolver isn't used */
#define Curl_resolver_cancel(x) Curl_nop_stmt
+#define Curl_resolver_kill(x) Curl_nop_stmt
#define Curl_resolver_is_resolved(x,y) CURLE_COULDNT_RESOLVE_HOST
#define Curl_resolver_wait_resolv(x,y) CURLE_COULDNT_RESOLVE_HOST
#define Curl_resolver_getsock(x,y,z) 0
diff --git a/libs/libcurl/src/config-win32.h b/libs/libcurl/src/config-win32.h
index c7e05eca7a..76b00b9bbf 100644
--- a/libs/libcurl/src/config-win32.h
+++ b/libs/libcurl/src/config-win32.h
@@ -240,10 +240,6 @@
/* Define if you have the socket function. */
#define HAVE_SOCKET 1
-/* if libSSH2 is in use */
-#define USE_LIBSSH2 1
-#define HAVE_LIBSSH2_H 1
-
/* Define if you have the strcasecmp function. */
/* #define HAVE_STRCASECMP 1 */
diff --git a/libs/libcurl/src/conncache.c b/libs/libcurl/src/conncache.c
index 08e9042a6f..78ad386c35 100644
--- a/libs/libcurl/src/conncache.c
+++ b/libs/libcurl/src/conncache.c
@@ -6,7 +6,7 @@
* \___|\___/|_| \_\_____|
*
* Copyright (C) 2012 - 2016, Linus Nielsen Feltzing, <linus@haxx.se>
- * Copyright (C) 2012 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2012 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -178,9 +178,9 @@ static void hashkey(struct connectdata *conn, char *buf,
msnprintf(buf, len, "%ld%s", conn->port, hostname);
}
-void Curl_conncache_unlock(struct connectdata *conn)
+void Curl_conncache_unlock(struct Curl_easy *data)
{
- CONN_UNLOCK(conn->data);
+ CONN_UNLOCK(data);
}
/* Returns number of connections currently held in the connection cache.
@@ -302,9 +302,14 @@ CURLcode Curl_conncache_add_conn(struct conncache *connc,
return result;
}
-void Curl_conncache_remove_conn(struct connectdata *conn, bool lock)
+/*
+ * Removes the connectdata object from the connection cache *and* clears the
+ * ->data pointer association. Pass TRUE/FALSE in the 'lock' argument
+ * depending on if the parent function already holds the lock or not.
+ */
+void Curl_conncache_remove_conn(struct Curl_easy *data,
+ struct connectdata *conn, bool lock)
{
- struct Curl_easy *data = conn->data;
struct connectbundle *bundle = conn->bundle;
struct conncache *connc = data->state.conn_cache;
@@ -323,6 +328,7 @@ void Curl_conncache_remove_conn(struct connectdata *conn, bool lock)
DEBUGF(infof(data, "The cache now contains %zu members\n",
connc->num_conn));
}
+ conn->data = NULL; /* clear the association */
if(lock) {
CONN_UNLOCK(data);
}
@@ -566,8 +572,6 @@ void Curl_conncache_close_all_connections(struct conncache *connc)
conn->data = connc->closure_handle;
sigpipe_ignore(conn->data, &pipe_st);
- conn->data->easy_conn = NULL; /* clear the easy handle's connection
- pointer */
/* This will remove the connection from the cache */
connclose(conn, "kill all");
(void)Curl_disconnect(connc->closure_handle, conn, FALSE);
diff --git a/libs/libcurl/src/conncache.h b/libs/libcurl/src/conncache.h
index eedd7a800e..0df6d47154 100644
--- a/libs/libcurl/src/conncache.h
+++ b/libs/libcurl/src/conncache.h
@@ -56,7 +56,7 @@ void Curl_conncache_destroy(struct conncache *connc);
/* return the correct bundle, to a host or a proxy */
struct connectbundle *Curl_conncache_find_bundle(struct connectdata *conn,
struct conncache *connc);
-void Curl_conncache_unlock(struct connectdata *conn);
+void Curl_conncache_unlock(struct Curl_easy *data);
/* returns number of connections currently held in the connection cache */
size_t Curl_conncache_size(struct Curl_easy *data);
size_t Curl_conncache_bundle_size(struct connectdata *conn);
@@ -64,7 +64,8 @@ size_t Curl_conncache_bundle_size(struct connectdata *conn);
bool Curl_conncache_return_conn(struct connectdata *conn);
CURLcode Curl_conncache_add_conn(struct conncache *connc,
struct connectdata *conn) WARN_UNUSED_RESULT;
-void Curl_conncache_remove_conn(struct connectdata *conn,
+void Curl_conncache_remove_conn(struct Curl_easy *data,
+ struct connectdata *conn,
bool lock);
bool Curl_conncache_foreach(struct Curl_easy *data,
struct conncache *connc,
diff --git a/libs/libcurl/src/cookie.c b/libs/libcurl/src/cookie.c
index 3dc85ee5ca..4fb992ac9d 100644
--- a/libs/libcurl/src/cookie.c
+++ b/libs/libcurl/src/cookie.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -223,7 +223,7 @@ static bool pathmatch(const char *cookie_path, const char *request_uri)
goto pathmatched;
}
- /* here, cookie_path_len < url_path_len */
+ /* here, cookie_path_len < uri_path_len */
if(uri_path[cookie_path_len] == '/') {
ret = TRUE;
goto pathmatched;
@@ -433,9 +433,10 @@ Curl_cookie_add(struct Curl_easy *data,
bool noexpire, /* if TRUE, skip remove_expired() */
char *lineptr, /* first character of the line */
const char *domain, /* default domain */
- const char *path) /* full path used when this cookie is set,
+ const char *path, /* full path used when this cookie is set,
used to get default path for the cookie
unless set */
+ bool secure) /* TRUE if connection is over secure origin */
{
struct Cookie *clist;
struct Cookie *co;
@@ -546,8 +547,20 @@ Curl_cookie_add(struct Curl_easy *data,
/* this was a "<name>=" with no content, and we must allow
'secure' and 'httponly' specified this weirdly */
done = TRUE;
- if(strcasecompare("secure", name))
- co->secure = TRUE;
+ /*
+ * secure cookies are only allowed to be set when the connection is
+ * using a secure protocol, or when the cookie is being set by
+ * reading from file
+ */
+ if(strcasecompare("secure", name)) {
+ if(secure || !c->running) {
+ co->secure = TRUE;
+ }
+ else {
+ badcookie = TRUE;
+ break;
+ }
+ }
else if(strcasecompare("httponly", name))
co->httponly = TRUE;
else if(sep)
@@ -790,6 +803,8 @@ Curl_cookie_add(struct Curl_easy *data,
co->domain = strdup(ptr);
if(!co->domain)
badcookie = TRUE;
+ else if(bad_domain(co->domain))
+ badcookie = TRUE;
break;
case 1:
/* This field got its explanation on the 23rd of May 2001 by
@@ -831,7 +846,13 @@ Curl_cookie_add(struct Curl_easy *data,
fields++; /* add a field and fall down to secure */
/* FALLTHROUGH */
case 3:
- co->secure = strcasecompare(ptr, "TRUE")?TRUE:FALSE;
+ co->secure = FALSE;
+ if(strcasecompare(ptr, "TRUE")) {
+ if(secure || c->running)
+ co->secure = TRUE;
+ else
+ badcookie = TRUE;
+ }
break;
case 4:
if(curlx_strtoofft(ptr, NULL, 10, &co->expires))
@@ -887,18 +908,20 @@ Curl_cookie_add(struct Curl_easy *data,
if(!noexpire)
remove_expired(c);
-#ifdef USE_LIBPSL
- /* Check if the domain is a Public Suffix and if yes, ignore the cookie. */
if(domain && co->domain && !isip(co->domain)) {
- const psl_ctx_t *psl = Curl_psl_use(data);
int acceptable;
+#ifdef USE_LIBPSL
+ const psl_ctx_t *psl = Curl_psl_use(data);
+ /* Check if the domain is a Public Suffix and if yes, ignore the cookie. */
if(psl) {
acceptable = psl_is_cookie_domain_acceptable(psl, domain, co->domain);
Curl_psl_release(data);
}
else
- acceptable = !bad_domain(domain);
+#endif
+ /* Without libpsl, do the best we can. */
+ acceptable = !bad_domain(co->domain);
if(!acceptable) {
infof(data, "cookie '%s' dropped, domain '%s' must not "
@@ -907,7 +930,6 @@ Curl_cookie_add(struct Curl_easy *data,
return NULL;
}
}
-#endif
myhash = cookiehash(co->domain);
clist = c->cookies[myhash];
@@ -929,9 +951,31 @@ Curl_cookie_add(struct Curl_easy *data,
/* the domains were identical */
if(clist->spath && co->spath) {
- if(strcasecompare(clist->spath, co->spath)) {
- replace_old = TRUE;
+ if(clist->secure && !co->secure && !secure) {
+ size_t cllen;
+ const char *sep;
+
+ /*
+ * A non-secure cookie may not overlay an existing secure cookie.
+ * For an existing cookie "a" with path "/login", refuse a new
+ * cookie "a" with for example path "/login/en", while the path
+ * "/loginhelper" is ok.
+ */
+
+ sep = strchr(clist->spath + 1, '/');
+
+ if(sep)
+ cllen = sep - clist->spath;
+ else
+ cllen = strlen(clist->spath);
+
+ if(strncasecompare(clist->spath, co->spath, cllen)) {
+ freecookie(co);
+ return NULL;
+ }
}
+ else if(strcasecompare(clist->spath, co->spath))
+ replace_old = TRUE;
else
replace_old = FALSE;
}
@@ -1103,7 +1147,7 @@ struct CookieInfo *Curl_cookie_init(struct Curl_easy *data,
while(*lineptr && ISBLANK(*lineptr))
lineptr++;
- Curl_cookie_add(data, c, headerline, TRUE, lineptr, NULL, NULL);
+ Curl_cookie_add(data, c, headerline, TRUE, lineptr, NULL, NULL, TRUE);
}
free(line); /* free the line buffer */
remove_expired(c); /* run this once, not on every cookie */
diff --git a/libs/libcurl/src/cookie.h b/libs/libcurl/src/cookie.h
index a9f90ca715..3ee457c622 100644
--- a/libs/libcurl/src/cookie.h
+++ b/libs/libcurl/src/cookie.h
@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -85,7 +85,8 @@ struct Curl_easy;
struct Cookie *Curl_cookie_add(struct Curl_easy *data,
struct CookieInfo *, bool header, bool noexpiry,
char *lineptr,
- const char *domain, const char *path);
+ const char *domain, const char *path,
+ bool secure);
struct Cookie *Curl_cookie_getlist(struct CookieInfo *, const char *,
const char *, bool);
diff --git a/libs/libcurl/src/curl_config.h.in b/libs/libcurl/src/curl_config.h.in
index 781006f20f..7ab164b7b0 100644
--- a/libs/libcurl/src/curl_config.h.in
+++ b/libs/libcurl/src/curl_config.h.in
@@ -499,6 +499,9 @@
/* Define to 1 if you have the <openssl/ssl.h> header file. */
#undef HAVE_OPENSSL_SSL_H
+/* Define to 1 if you have the `OpenSSL_version' function. */
+#undef HAVE_OPENSSL_VERSION
+
/* Define to 1 if you have the <openssl/x509.h> header file. */
#undef HAVE_OPENSSL_X509_H
diff --git a/libs/libcurl/src/curl_sasl.c b/libs/libcurl/src/curl_sasl.c
index 354bc54487..9e1a72e5e4 100644
--- a/libs/libcurl/src/curl_sasl.c
+++ b/libs/libcurl/src/curl_sasl.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 2012 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2012 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -300,8 +300,7 @@ CURLcode Curl_sasl_start(struct SASL *sasl, struct connectdata *conn,
result = Curl_auth_create_gssapi_user_message(data, conn->user,
conn->passwd,
service,
- data->easy_conn->
- host.name,
+ data->conn->host.name,
sasl->mutual_auth,
NULL, &conn->krb5,
&resp, &len);
@@ -517,7 +516,7 @@ CURLcode Curl_sasl_continue(struct SASL *sasl, struct connectdata *conn,
result = Curl_auth_create_gssapi_user_message(data, conn->user,
conn->passwd,
service,
- data->easy_conn->host.name,
+ data->conn->host.name,
sasl->mutual_auth, NULL,
&conn->krb5,
&resp, &len);
diff --git a/libs/libcurl/src/doh.c b/libs/libcurl/src/doh.c
index 1e76c96f91..f06ed3311b 100644
--- a/libs/libcurl/src/doh.c
+++ b/libs/libcurl/src/doh.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2018 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -160,7 +160,7 @@ static int Curl_doh_done(struct Curl_easy *doh, CURLcode result)
struct Curl_easy *data = doh->set.dohfor;
/* so one of the DOH request done for the 'data' transfer is now complete! */
data->req.doh.pending--;
- infof(data, "a DOH request is completed, %d to go\n", data->req.doh.pending);
+ infof(data, "a DOH request is completed, %u to go\n", data->req.doh.pending);
if(result)
infof(data, "DOH request %s\n", curl_easy_strerror(result));
diff --git a/libs/libcurl/src/easy.c b/libs/libcurl/src/easy.c
index e592d7a71e..6fcad3decd 100644
--- a/libs/libcurl/src/easy.c
+++ b/libs/libcurl/src/easy.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -1060,7 +1060,7 @@ CURLcode curl_easy_pause(struct Curl_easy *data, int action)
unsigned int i;
unsigned int count = data->state.tempcount;
struct tempbuf writebuf[3]; /* there can only be three */
- struct connectdata *conn = data->easy_conn;
+ struct connectdata *conn = data->conn;
struct Curl_easy *saved_data = NULL;
/* copy the structs to allow for immediate re-pausing */
diff --git a/libs/libcurl/src/ftp.c b/libs/libcurl/src/ftp.c
index 581df09d77..c5f9540002 100644
--- a/libs/libcurl/src/ftp.c
+++ b/libs/libcurl/src/ftp.c
@@ -655,7 +655,7 @@ CURLcode Curl_GetFTPResponse(ssize_t *nreadp, /* return number of bytes read */
while(!*ftpcode && !result) {
/* check and reset timeout value every lap */
- time_t timeout = Curl_pp_state_timeout(pp); /* timeout in milliseconds */
+ time_t timeout = Curl_pp_state_timeout(pp, FALSE);
time_t interval_ms;
if(timeout <= 0) {
@@ -3054,7 +3054,7 @@ static CURLcode ftp_multi_statemach(struct connectdata *conn,
bool *done)
{
struct ftp_conn *ftpc = &conn->proto.ftpc;
- CURLcode result = Curl_pp_statemach(&ftpc->pp, FALSE);
+ CURLcode result = Curl_pp_statemach(&ftpc->pp, FALSE, FALSE);
/* Check for the state outside of the Curl_socket_check() return code checks
since at times we are in fact already in this state when this function
@@ -3071,7 +3071,7 @@ static CURLcode ftp_block_statemach(struct connectdata *conn)
CURLcode result = CURLE_OK;
while(ftpc->state != FTP_STOP) {
- result = Curl_pp_statemach(pp, TRUE);
+ result = Curl_pp_statemach(pp, TRUE, TRUE /* disconnecting */);
if(result)
break;
}
diff --git a/libs/libcurl/src/getinfo.c b/libs/libcurl/src/getinfo.c
index 54c2c2f1cb..19de657d8b 100644
--- a/libs/libcurl/src/getinfo.c
+++ b/libs/libcurl/src/getinfo.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -390,7 +390,7 @@ static CURLcode getinfo_slist(struct Curl_easy *data, CURLINFO info,
param_slistp;
struct curl_tlssessioninfo *tsi = &data->tsi;
#ifdef USE_SSL
- struct connectdata *conn = data->easy_conn;
+ struct connectdata *conn = data->conn;
#endif
*tsip = tsi;
diff --git a/libs/libcurl/src/gopher.c b/libs/libcurl/src/gopher.c
index b441a641d9..485b4b79a0 100644
--- a/libs/libcurl/src/gopher.c
+++ b/libs/libcurl/src/gopher.c
@@ -31,9 +31,11 @@
#include "progress.h"
#include "gopher.h"
#include "select.h"
+#include "strdup.h"
#include "url.h"
#include "escape.h"
#include "warnless.h"
+#include "curl_printf.h"
#include "curl_memory.h"
/* The last #include file should be: */
#include "memdebug.h"
@@ -78,7 +80,9 @@ static CURLcode gopher_do(struct connectdata *conn, bool *done)
curl_socket_t sockfd = conn->sock[FIRSTSOCKET];
curl_off_t *bytecount = &data->req.bytecount;
+ char *gopherpath;
char *path = data->state.up.path;
+ char *query = data->state.up.query;
char *sel = NULL;
char *sel_org = NULL;
ssize_t amount, k;
@@ -86,20 +90,30 @@ static CURLcode gopher_do(struct connectdata *conn, bool *done)
*done = TRUE; /* unconditionally */
+ if(path && query)
+ gopherpath = aprintf("%s?%s", path, query);
+ else
+ gopherpath = strdup(path);
+
+ if(!gopherpath)
+ return CURLE_OUT_OF_MEMORY;
+
/* Create selector. Degenerate cases: / and /1 => convert to "" */
- if(strlen(path) <= 2) {
+ if(strlen(gopherpath) <= 2) {
sel = (char *)"";
len = strlen(sel);
+ free(gopherpath);
}
else {
char *newp;
/* Otherwise, drop / and the first character (i.e., item type) ... */
- newp = path;
+ newp = gopherpath;
newp += 2;
/* ... and finally unescape */
result = Curl_urldecode(data, newp, 0, &sel, &len, FALSE);
+ free(gopherpath);
if(result)
return result;
sel_org = sel;
diff --git a/libs/libcurl/src/hostip.c b/libs/libcurl/src/hostip.c
index f589a0b2c0..89b88e9323 100644
--- a/libs/libcurl/src/hostip.c
+++ b/libs/libcurl/src/hostip.c
@@ -312,6 +312,26 @@ fetch_addr(struct connectdata *conn,
/* See if its already in our dns cache */
dns = Curl_hash_pick(data->dns.hostcache, entry_id, entry_len + 1);
+ /* No entry found in cache, check if we might have a wildcard entry */
+ if(!dns && data->change.wildcard_resolve) {
+ /*
+ * Free the previous entry_id before requesting a new one to avoid leaking
+ * memory
+ */
+ free(entry_id);
+
+ entry_id = create_hostcache_id("*", port);
+
+ /* If we can't create the entry id, fail */
+ if(!entry_id)
+ return dns;
+
+ entry_len = strlen(entry_id);
+
+ /* See if it's already in our dns cache */
+ dns = Curl_hash_pick(data->dns.hostcache, entry_id, entry_len + 1);
+ }
+
if(dns && (data->set.dns_cache_timeout != -1)) {
/* See whether the returned entry is stale. Done before we release lock */
struct hostcache_prune_data user;
@@ -872,6 +892,9 @@ CURLcode Curl_loadhostpairs(struct Curl_easy *data)
char hostname[256];
int port = 0;
+ /* Default is no wildcard found */
+ data->change.wildcard_resolve = false;
+
for(hostp = data->change.resolve; hostp; hostp = hostp->next) {
if(!hostp->data)
continue;
@@ -1052,6 +1075,13 @@ CURLcode Curl_loadhostpairs(struct Curl_easy *data)
}
infof(data, "Added %s:%d:%s to DNS cache\n",
hostname, port, addresses);
+
+ /* Wildcard hostname */
+ if(hostname[0] == '*' && hostname[1] == '\0') {
+ infof(data, "RESOLVE %s:%d is wildcard, enabling wildcard checks\n",
+ hostname, port);
+ data->change.wildcard_resolve = true;
+ }
}
}
data->change.resolve = NULL; /* dealt with now */
diff --git a/libs/libcurl/src/http.c b/libs/libcurl/src/http.c
index 345100f6c8..dd98e4a126 100644
--- a/libs/libcurl/src/http.c
+++ b/libs/libcurl/src/http.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -616,6 +616,7 @@ output_auth_headers(struct connectdata *conn,
result = Curl_output_negotiate(conn, proxy);
if(result)
return result;
+ authstatus->done = TRUE;
negdata->state = GSS_AUTHSENT;
}
else
@@ -1681,6 +1682,52 @@ enum proxy_use {
HEADER_CONNECT /* sending CONNECT to a proxy */
};
+/* used to compile the provided trailers into one buffer
+ will return an error code if one of the headers is
+ not formatted correctly */
+CURLcode Curl_http_compile_trailers(struct curl_slist *trailers,
+ Curl_send_buffer *buffer,
+ struct Curl_easy *handle)
+{
+ char *ptr = NULL;
+ CURLcode result = CURLE_OK;
+ const char *endofline_native = NULL;
+ const char *endofline_network = NULL;
+
+ /* TODO: Maybe split Curl_add_custom_headers to make it reusable here */
+
+ if(
+#ifdef CURL_DO_LINEEND_CONV
+ (handle->set.prefer_ascii) ||
+#endif
+ (handle->set.crlf)) {
+ /* \n will become \r\n later on */
+ endofline_native = "\n";
+ endofline_network = "\x0a";
+ }
+ else {
+ endofline_native = "\r\n";
+ endofline_network = "\x0d\x0a";
+ }
+
+ while(trailers) {
+ /* only add correctly formatted trailers */
+ ptr = strchr(trailers->data, ':');
+ if(ptr && *(ptr + 1) == ' ') {
+ result = Curl_add_bufferf(&buffer, "%s%s", trailers->data,
+ endofline_native);
+ if(result)
+ return result;
+ }
+ else
+ infof(handle, "Malformatted trailing header ! Skipping trailer.");
+ trailers = trailers->next;
+ }
+ result = Curl_add_buffer(&buffer, endofline_network,
+ strlen(endofline_network));
+ return result;
+}
+
CURLcode Curl_add_custom_headers(struct connectdata *conn,
bool is_connect,
Curl_send_buffer *req_buffer)
@@ -1788,7 +1835,8 @@ CURLcode Curl_add_custom_headers(struct connectdata *conn,
checkprefix("Transfer-Encoding:", headers->data))
/* HTTP/2 doesn't support chunked requests */
;
- else if(checkprefix("Authorization:", headers->data) &&
+ else if((checkprefix("Authorization:", headers->data) ||
+ checkprefix("Cookie:", headers->data)) &&
/* be careful of sending this potentially sensitive header to
other hosts */
(data->state.this_is_a_follow &&
@@ -3175,6 +3223,10 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data,
k->header = FALSE;
k->badheader = HEADER_ALLBAD;
streamclose(conn, "bad HTTP: No end-of-message indicator");
+ if(!data->set.http09_allowed) {
+ failf(data, "Received HTTP/0.9 when not allowed\n");
+ return CURLE_UNSUPPORTED_PROTOCOL;
+ }
break;
}
}
@@ -3208,6 +3260,10 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data,
if(st == STATUS_BAD) {
streamclose(conn, "bad HTTP: No end-of-message indicator");
/* this is not the beginning of a protocol first header line */
+ if(!data->set.http09_allowed) {
+ failf(data, "Received HTTP/0.9 when not allowed\n");
+ return CURLE_UNSUPPORTED_PROTOCOL;
+ }
k->header = FALSE;
if(*nread)
/* since there's more, this is a partial bad header */
@@ -3873,7 +3929,9 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data,
here, or else use real peer host name. */
conn->allocptr.cookiehost?
conn->allocptr.cookiehost:conn->host.name,
- data->state.up.path);
+ data->state.up.path,
+ (conn->handler->protocol&CURLPROTO_HTTPS)?
+ TRUE:FALSE);
Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE);
}
#endif
diff --git a/libs/libcurl/src/http.h b/libs/libcurl/src/http.h
index 21fa701abf..7fa0471ad0 100644
--- a/libs/libcurl/src/http.h
+++ b/libs/libcurl/src/http.h
@@ -74,6 +74,9 @@ CURLcode Curl_add_timecondition(struct Curl_easy *data,
CURLcode Curl_add_custom_headers(struct connectdata *conn,
bool is_connect,
Curl_send_buffer *req_buffer);
+CURLcode Curl_http_compile_trailers(struct curl_slist *trailers,
+ Curl_send_buffer *buffer,
+ struct Curl_easy *handle);
/* protocol-specific functions set up to be called by the main engine */
CURLcode Curl_http(struct connectdata *conn, bool *done);
diff --git a/libs/libcurl/src/http2.c b/libs/libcurl/src/http2.c
index a61d8c2403..3b8088dffc 100644
--- a/libs/libcurl/src/http2.c
+++ b/libs/libcurl/src/http2.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -800,7 +800,7 @@ static int on_data_chunk_recv(nghttp2_session *session, uint8_t flags,
H2BUGF(infof(data_s, "NGHTTP2_ERR_PAUSE - %zu bytes out of buffer"
", stream %u\n",
len - nread, stream_id));
- data_s->easy_conn->proto.httpc.pause_stream_id = stream_id;
+ data_s->conn->proto.httpc.pause_stream_id = stream_id;
return NGHTTP2_ERR_PAUSE;
}
@@ -808,7 +808,7 @@ static int on_data_chunk_recv(nghttp2_session *session, uint8_t flags,
/* pause execution of nghttp2 if we received data for another handle
in order to process them first. */
if(conn->data != data_s) {
- data_s->easy_conn->proto.httpc.pause_stream_id = stream_id;
+ data_s->conn->proto.httpc.pause_stream_id = stream_id;
return NGHTTP2_ERR_PAUSE;
}
@@ -854,6 +854,10 @@ static int on_stream_close(nghttp2_session *session, int32_t stream_id,
stream_id);
DEBUGASSERT(0);
}
+ if(stream_id == httpc->pause_stream_id) {
+ H2BUGF(infof(data_s, "Stopped the pause stream!\n"));
+ httpc->pause_stream_id = 0;
+ }
H2BUGF(infof(data_s, "Removed stream %u hash!\n", stream_id));
stream->stream_id = 0; /* cleared */
}
diff --git a/libs/libcurl/src/http_negotiate.c b/libs/libcurl/src/http_negotiate.c
index 444265d11f..2a97707eba 100644
--- a/libs/libcurl/src/http_negotiate.c
+++ b/libs/libcurl/src/http_negotiate.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -49,7 +49,6 @@ CURLcode Curl_input_negotiate(struct connectdata *conn, bool proxy,
/* Point to the correct struct with this */
struct negotiatedata *neg_ctx;
- struct auth *authp;
if(proxy) {
userp = conn->http_proxy.user;
@@ -58,7 +57,6 @@ CURLcode Curl_input_negotiate(struct connectdata *conn, bool proxy,
data->set.str[STRING_PROXY_SERVICE_NAME] : "HTTP";
host = conn->http_proxy.host.name;
neg_ctx = &data->state.proxyneg;
- authp = &conn->data->state.authproxy;
}
else {
userp = conn->user;
@@ -67,7 +65,6 @@ CURLcode Curl_input_negotiate(struct connectdata *conn, bool proxy,
data->set.str[STRING_SERVICE_NAME] : "HTTP";
host = conn->host.name;
neg_ctx = &data->state.negotiate;
- authp = &conn->data->state.authhost;
}
/* Not set means empty */
@@ -92,17 +89,17 @@ CURLcode Curl_input_negotiate(struct connectdata *conn, bool proxy,
}
}
+ /* Supports SSL channel binding for Windows ISS extended protection */
+#if defined(USE_WINDOWS_SSPI) && defined(SECPKG_ATTR_ENDPOINT_BINDINGS)
+ neg_ctx->sslContext = conn->sslContext;
+#endif
+
/* Initialize the security context and decode our challenge */
result = Curl_auth_decode_spnego_message(data, userp, passwdp, service,
host, header, neg_ctx);
if(result)
Curl_auth_spnego_cleanup(neg_ctx);
- else
- /* If the status is different than 0 and we encountered no errors
- it means we have to continue. 0 is the OK value for both GSSAPI
- (GSS_S_COMPLETE) and SSPI (SEC_E_OK) */
- authp->done = !neg_ctx->status;
return result;
}
diff --git a/libs/libcurl/src/http_ntlm.c b/libs/libcurl/src/http_ntlm.c
index a9b33f98e4..aaf8a3deb1 100644
--- a/libs/libcurl/src/http_ntlm.c
+++ b/libs/libcurl/src/http_ntlm.c
@@ -175,6 +175,9 @@ CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy)
if(s_hSecDll == NULL)
return err;
}
+#ifdef SECPKG_ATTR_ENDPOINT_BINDINGS
+ ntlm->sslContext = conn->sslContext;
+#endif
#endif
switch(ntlm->state) {
diff --git a/libs/libcurl/src/http_proxy.c b/libs/libcurl/src/http_proxy.c
index 2e0d92edd5..d7ed11761f 100644
--- a/libs/libcurl/src/http_proxy.c
+++ b/libs/libcurl/src/http_proxy.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -643,7 +643,7 @@ static CURLcode CONNECT(struct connectdata *conn,
void Curl_connect_free(struct Curl_easy *data)
{
- struct connectdata *conn = data->easy_conn;
+ struct connectdata *conn = data->conn;
struct http_connect_state *s = conn->connect_state;
if(s) {
free(s);
diff --git a/libs/libcurl/src/if2ip.c b/libs/libcurl/src/if2ip.c
index 566061a564..acbcff71e5 100644
--- a/libs/libcurl/src/if2ip.c
+++ b/libs/libcurl/src/if2ip.c
@@ -96,24 +96,6 @@ unsigned int Curl_ipv6_scope(const struct sockaddr *sa)
#if defined(HAVE_GETIFADDRS)
-bool Curl_if_is_interface_name(const char *interf)
-{
- bool result = FALSE;
-
- struct ifaddrs *iface, *head;
-
- if(getifaddrs(&head) >= 0) {
- for(iface = head; iface != NULL; iface = iface->ifa_next) {
- if(strcasecompare(iface->ifa_name, interf)) {
- result = TRUE;
- break;
- }
- }
- freeifaddrs(head);
- }
- return result;
-}
-
if2ip_result_t Curl_if2ip(int af, unsigned int remote_scope,
unsigned int remote_scope_id, const char *interf,
char *buf, int buf_size)
@@ -196,15 +178,6 @@ if2ip_result_t Curl_if2ip(int af, unsigned int remote_scope,
#elif defined(HAVE_IOCTL_SIOCGIFADDR)
-bool Curl_if_is_interface_name(const char *interf)
-{
- /* This is here just to support the old interfaces */
- char buf[256];
-
- return (Curl_if2ip(AF_INET, 0 /* unused */, 0, interf, buf, sizeof(buf)) ==
- IF2IP_NOT_FOUND) ? FALSE : TRUE;
-}
-
if2ip_result_t Curl_if2ip(int af, unsigned int remote_scope,
unsigned int remote_scope_id, const char *interf,
char *buf, int buf_size)
@@ -251,13 +224,6 @@ if2ip_result_t Curl_if2ip(int af, unsigned int remote_scope,
#else
-bool Curl_if_is_interface_name(const char *interf)
-{
- (void) interf;
-
- return FALSE;
-}
-
if2ip_result_t Curl_if2ip(int af, unsigned int remote_scope,
unsigned int remote_scope_id, const char *interf,
char *buf, int buf_size)
diff --git a/libs/libcurl/src/if2ip.h b/libs/libcurl/src/if2ip.h
index a90e662164..a11b1c222f 100644
--- a/libs/libcurl/src/if2ip.h
+++ b/libs/libcurl/src/if2ip.h
@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -32,8 +32,6 @@
unsigned int Curl_ipv6_scope(const struct sockaddr *sa);
-bool Curl_if_is_interface_name(const char *interf);
-
typedef enum {
IF2IP_NOT_FOUND = 0, /* Interface not found */
IF2IP_AF_NOT_SUPPORTED = 1, /* Int. exists but has no address for this af */
diff --git a/libs/libcurl/src/imap.c b/libs/libcurl/src/imap.c
index a8320e3f18..5d96900f89 100644
--- a/libs/libcurl/src/imap.c
+++ b/libs/libcurl/src/imap.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -316,7 +316,7 @@ static bool imap_endofresp(struct connectdata *conn, char *line, size_t len,
a space and optionally some text as per RFC-3501 for the AUTHENTICATE and
APPEND commands and as outlined in Section 4. Examples of RFC-4959 but
some e-mail servers ignore this and only send a single + instead. */
- if(imap && !imap->custom && ((len == 3 && !memcmp("+", line, 1)) ||
+ if(imap && !imap->custom && ((len == 3 && line[0] == '+') ||
(len >= 2 && !memcmp("+ ", line, 2)))) {
switch(imapc->state) {
/* States which are interested in continuation responses */
@@ -1362,19 +1362,20 @@ static CURLcode imap_multi_statemach(struct connectdata *conn, bool *done)
return result;
}
- result = Curl_pp_statemach(&imapc->pp, FALSE);
+ result = Curl_pp_statemach(&imapc->pp, FALSE, FALSE);
*done = (imapc->state == IMAP_STOP) ? TRUE : FALSE;
return result;
}
-static CURLcode imap_block_statemach(struct connectdata *conn)
+static CURLcode imap_block_statemach(struct connectdata *conn,
+ bool disconnecting)
{
CURLcode result = CURLE_OK;
struct imap_conn *imapc = &conn->proto.imapc;
while(imapc->state != IMAP_STOP && !result)
- result = Curl_pp_statemach(&imapc->pp, TRUE);
+ result = Curl_pp_statemach(&imapc->pp, TRUE, disconnecting);
return result;
}
@@ -1497,7 +1498,7 @@ static CURLcode imap_done(struct connectdata *conn, CURLcode status,
non-blocking DONE operations!
*/
if(!result)
- result = imap_block_statemach(conn);
+ result = imap_block_statemach(conn, FALSE);
}
/* Cleanup our per-request based variables */
@@ -1635,7 +1636,7 @@ static CURLcode imap_disconnect(struct connectdata *conn, bool dead_connection)
point! */
if(!dead_connection && imapc->pp.conn && imapc->pp.conn->bits.protoconnstart)
if(!imap_perform_logout(conn))
- (void)imap_block_statemach(conn); /* ignore errors on LOGOUT */
+ (void)imap_block_statemach(conn, TRUE); /* ignore errors on LOGOUT */
/* Disconnect from the server */
Curl_pp_disconnect(&imapc->pp);
diff --git a/libs/libcurl/src/libcurl.plist b/libs/libcurl/src/libcurl.plist
index ca8d642076..13f2cf742a 100644
--- a/libs/libcurl/src/libcurl.plist
+++ b/libs/libcurl/src/libcurl.plist
@@ -15,7 +15,7 @@
<string>se.haxx.curl.libcurl</string>
<key>CFBundleVersion</key>
- <string>7.63.0</string>
+ <string>7.64.0</string>
<key>CFBundleName</key>
<string>libcurl</string>
@@ -27,9 +27,9 @@
<string>????</string>
<key>CFBundleShortVersionString</key>
- <string>libcurl 7.63.0</string>
+ <string>libcurl 7.64.0</string>
<key>CFBundleGetInfoString</key>
- <string>libcurl.plist 7.63.0</string>
+ <string>libcurl.plist 7.64.0</string>
</dict>
</plist>
diff --git a/libs/libcurl/src/multi.c b/libs/libcurl/src/multi.c
index 56b3faf2fa..130226f561 100644
--- a/libs/libcurl/src/multi.c
+++ b/libs/libcurl/src/multi.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -114,7 +114,7 @@ static void Curl_init_completed(struct Curl_easy *data)
/* Important: reset the conn pointer so that we don't point to memory
that could be freed anytime */
- data->easy_conn = NULL;
+ Curl_detach_connnection(data);
Curl_expire_clear(data); /* stop all timers */
}
@@ -163,8 +163,8 @@ static void mstate(struct Curl_easy *data, CURLMstate state
data->mstate < CURLM_STATE_COMPLETED) {
long connection_id = -5000;
- if(data->easy_conn)
- connection_id = data->easy_conn->connection_id;
+ if(data->conn)
+ connection_id = data->conn->connection_id;
infof(data,
"STATE: %s => %s handle %p; line %d (connection #%ld)\n",
@@ -189,14 +189,17 @@ static void mstate(struct Curl_easy *data, CURLMstate state
#endif
/*
- * We add one of these structs to the sockhash for a particular socket
+ * We add one of these structs to the sockhash for each socket
*/
struct Curl_sh_entry {
- struct Curl_easy *easy;
- int action; /* what action READ/WRITE this socket waits for */
- curl_socket_t socket; /* mainly to ease debugging */
+ struct curl_llist list; /* list of easy handles using this socket */
+ unsigned int action; /* what combined action READ/WRITE this socket waits
+ for */
void *socketp; /* settable by users with curl_multi_assign() */
+ unsigned int users; /* number of transfers using this */
+ unsigned int readers; /* this many transfers want to read */
+ unsigned int writers; /* this many transfers want to write */
};
/* bits for 'action' having no bits means this socket is not expecting any
action */
@@ -215,8 +218,7 @@ static struct Curl_sh_entry *sh_getentry(struct curl_hash *sh,
/* make sure this socket is present in the hash for this handle */
static struct Curl_sh_entry *sh_addentry(struct curl_hash *sh,
- curl_socket_t s,
- struct Curl_easy *data)
+ curl_socket_t s)
{
struct Curl_sh_entry *there = sh_getentry(sh, s);
struct Curl_sh_entry *check;
@@ -230,8 +232,7 @@ static struct Curl_sh_entry *sh_addentry(struct curl_hash *sh,
if(!check)
return NULL; /* major failure */
- check->easy = data;
- check->socket = s;
+ Curl_llist_init(&check->list, NULL);
/* make/add new hash entry */
if(!Curl_hash_add(sh, (char *)&s, sizeof(curl_socket_t), check)) {
@@ -516,31 +517,23 @@ static void debug_print_sock_hash(void *p)
}
#endif
-static CURLcode multi_done(struct connectdata **connp,
- CURLcode status, /* an error if this is called
- after an error was detected */
- bool premature)
+static CURLcode multi_done(struct Curl_easy *data,
+ CURLcode status, /* an error if this is called
+ after an error was detected */
+ bool premature)
{
CURLcode result;
- struct connectdata *conn;
- struct Curl_easy *data;
+ struct connectdata *conn = data->conn;
unsigned int i;
- DEBUGASSERT(*connp);
-
- conn = *connp;
- data = conn->data;
-
DEBUGF(infof(data, "multi_done\n"));
if(data->state.done)
/* Stop if multi_done() has already been called */
return CURLE_OK;
- if(data->mstate == CURLM_STATE_WAITRESOLVE) {
- /* still waiting for the resolve to complete */
- (void)Curl_resolver_wait_resolv(conn, NULL);
- }
+ /* Stop the resolver and free its own resources (but not dns_entry yet). */
+ Curl_resolver_kill(conn);
Curl_getoff_all_pipelines(data, conn);
@@ -579,7 +572,7 @@ static CURLcode multi_done(struct connectdata **connp,
if(conn->send_pipe.size || conn->recv_pipe.size) {
/* Stop if pipeline is not empty . */
- data->easy_conn = NULL;
+ Curl_detach_connnection(data);
DEBUGF(infof(data, "Connection still in use %zu/%zu, "
"no more multi_done now!\n",
conn->send_pipe.size, conn->recv_pipe.size));
@@ -587,7 +580,6 @@ static CURLcode multi_done(struct connectdata **connp,
}
data->state.done = TRUE; /* called just now! */
- Curl_resolver_cancel(conn);
if(conn->dns_entry) {
Curl_resolv_unlock(data, conn->dns_entry); /* done with this */
@@ -653,10 +645,7 @@ static CURLcode multi_done(struct connectdata **connp,
data->state.lastconnect = NULL;
}
- *connp = NULL; /* to make the caller of this function better detect that
- this was either closed or handed over to the connection
- cache here, and therefore cannot be used from this point on
- */
+ Curl_detach_connnection(data);
Curl_free_request_state(data);
return result;
}
@@ -685,7 +674,7 @@ CURLMcode curl_multi_remove_handle(struct Curl_multi *multi,
return CURLM_RECURSIVE_API_CALL;
premature = (data->mstate < CURLM_STATE_COMPLETED) ? TRUE : FALSE;
- easy_owns_conn = (data->easy_conn && (data->easy_conn->data == easy)) ?
+ easy_owns_conn = (data->conn && (data->conn->data == easy)) ?
TRUE : FALSE;
/* If the 'state' is not INIT or COMPLETED, we might need to do something
@@ -696,16 +685,16 @@ CURLMcode curl_multi_remove_handle(struct Curl_multi *multi,
multi->num_alive--;
}
- if(data->easy_conn &&
+ if(data->conn &&
data->mstate > CURLM_STATE_DO &&
data->mstate < CURLM_STATE_COMPLETED) {
/* Set connection owner so that the DONE function closes it. We can
safely do this here since connection is killed. */
- data->easy_conn->data = easy;
+ data->conn->data = easy;
/* If the handle is in a pipeline and has started sending off its
request but not received its response yet, we need to close
connection. */
- streamclose(data->easy_conn, "Removed with partial response");
+ streamclose(data->conn, "Removed with partial response");
easy_owns_conn = TRUE;
}
@@ -714,7 +703,7 @@ CURLMcode curl_multi_remove_handle(struct Curl_multi *multi,
curl_easy_cleanup is called. */
Curl_expire_clear(data);
- if(data->easy_conn) {
+ if(data->conn) {
/* we must call multi_done() here (if we still own the connection) so that
we don't leave a half-baked one around */
@@ -725,11 +714,11 @@ CURLMcode curl_multi_remove_handle(struct Curl_multi *multi,
Note that this ignores the return code simply because there's
nothing really useful to do with it anyway! */
- (void)multi_done(&data->easy_conn, data->result, premature);
+ (void)multi_done(data, data->result, premature);
}
else
/* Clear connection pipelines, if multi_done above was not called */
- Curl_getoff_all_pipelines(data, data->easy_conn);
+ Curl_getoff_all_pipelines(data, data->conn);
}
if(data->connect_queue.ptr)
@@ -761,9 +750,9 @@ CURLMcode curl_multi_remove_handle(struct Curl_multi *multi,
vanish with this handle */
/* Remove the association between the connection and the handle */
- if(data->easy_conn) {
- data->easy_conn->data = NULL;
- data->easy_conn = NULL;
+ if(data->conn) {
+ data->conn->data = NULL;
+ Curl_detach_connnection(data);
}
#ifdef USE_LIBPSL
@@ -813,9 +802,19 @@ bool Curl_pipeline_wanted(const struct Curl_multi *multi, int bits)
return (multi && (multi->pipelining & bits)) ? TRUE : FALSE;
}
-void Curl_multi_handlePipeBreak(struct Curl_easy *data)
+/* This is the only function that should clear data->conn. This will
+ occasionally be called with the pointer already cleared. */
+void Curl_detach_connnection(struct Curl_easy *data)
+{
+ data->conn = NULL;
+}
+
+/* This is the only function that should assign data->conn */
+void Curl_attach_connnection(struct Curl_easy *data,
+ struct connectdata *conn)
{
- data->easy_conn = NULL;
+ DEBUGASSERT(!data->conn);
+ data->conn = conn;
}
static int waitconnect_getsock(struct connectdata *conn,
@@ -879,13 +878,13 @@ static int multi_getsock(struct Curl_easy *data,
/* The no connection case can happen when this is called from
curl_multi_remove_handle() => singlesocket() => multi_getsock().
*/
- if(!data->easy_conn)
+ if(!data->conn)
return 0;
if(data->mstate > CURLM_STATE_CONNECT &&
data->mstate < CURLM_STATE_COMPLETED) {
/* Set up ownership correctly */
- data->easy_conn->data = data;
+ data->conn->data = data;
}
switch(data->mstate) {
@@ -906,31 +905,31 @@ static int multi_getsock(struct Curl_easy *data,
return 0;
case CURLM_STATE_WAITRESOLVE:
- return Curl_resolv_getsock(data->easy_conn, socks, numsocks);
+ return Curl_resolv_getsock(data->conn, socks, numsocks);
case CURLM_STATE_PROTOCONNECT:
case CURLM_STATE_SENDPROTOCONNECT:
- return Curl_protocol_getsock(data->easy_conn, socks, numsocks);
+ return Curl_protocol_getsock(data->conn, socks, numsocks);
case CURLM_STATE_DO:
case CURLM_STATE_DOING:
- return Curl_doing_getsock(data->easy_conn, socks, numsocks);
+ return Curl_doing_getsock(data->conn, socks, numsocks);
case CURLM_STATE_WAITPROXYCONNECT:
- return waitproxyconnect_getsock(data->easy_conn, socks, numsocks);
+ return waitproxyconnect_getsock(data->conn, socks, numsocks);
case CURLM_STATE_WAITCONNECT:
- return waitconnect_getsock(data->easy_conn, socks, numsocks);
+ return waitconnect_getsock(data->conn, socks, numsocks);
case CURLM_STATE_DO_MORE:
- return domore_getsock(data->easy_conn, socks, numsocks);
+ return domore_getsock(data->conn, socks, numsocks);
case CURLM_STATE_DO_DONE: /* since is set after DO is completed, we switch
to waiting for the same as the *PERFORM
states */
case CURLM_STATE_PERFORM:
case CURLM_STATE_WAITPERFORM:
- return Curl_single_getsock(data->easy_conn, socks, numsocks);
+ return Curl_single_getsock(data->conn, socks, numsocks);
}
}
@@ -1202,17 +1201,16 @@ CURLMcode Curl_multi_add_perform(struct Curl_multi *multi,
/* take this handle to the perform state right away */
multistate(data, CURLM_STATE_PERFORM);
- data->easy_conn = conn;
+ Curl_attach_connnection(data, conn);
k->keepon |= KEEP_RECV; /* setup to receive! */
}
return rc;
}
-static CURLcode multi_reconnect_request(struct connectdata **connp)
+static CURLcode multi_reconnect_request(struct Curl_easy *data)
{
CURLcode result = CURLE_OK;
- struct connectdata *conn = *connp;
- struct Curl_easy *data = conn->data;
+ struct connectdata *conn = data->conn;
/* This was a re-use of a connection and we got a write error in the
* DO-phase. Then we DISCONNECT this connection and have another attempt to
@@ -1223,11 +1221,9 @@ static CURLcode multi_reconnect_request(struct connectdata **connp)
infof(data, "Re-used connection seems dead, get a new one\n");
connclose(conn, "Reconnect dead connection"); /* enforce close */
- result = multi_done(&conn, result, FALSE); /* we are so done with this */
+ result = multi_done(data, result, FALSE); /* we are so done with this */
- /* conn may no longer be a good pointer, clear it to avoid mistakes by
- parent functions */
- *connp = NULL;
+ /* data->conn was detached in multi_done() */
/*
* We need to check for CURLE_SEND_ERROR here as well. This could happen
@@ -1239,11 +1235,11 @@ static CURLcode multi_reconnect_request(struct connectdata **connp)
bool protocol_done = TRUE;
/* Now, redo the connect and get a new connection */
- result = Curl_connect(data, connp, &async, &protocol_done);
+ result = Curl_connect(data, &async, &protocol_done);
if(!result) {
/* We have connected or sent away a name resolve query fine */
- conn = *connp; /* setup conn to again point to something nice */
+ conn = data->conn; /* in case it was updated */
if(async) {
/* Now, if async is TRUE here, we need to wait for the name
to resolve */
@@ -1276,11 +1272,10 @@ static void do_complete(struct connectdata *conn)
Curl_pgrsTime(conn->data, TIMER_PRETRANSFER);
}
-static CURLcode multi_do(struct connectdata **connp, bool *done)
+static CURLcode multi_do(struct Curl_easy *data, bool *done)
{
CURLcode result = CURLE_OK;
- struct connectdata *conn = *connp;
- struct Curl_easy *data = conn->data;
+ struct connectdata *conn = data->conn;
if(conn->handler->do_it) {
/* generic protocol-specific function pointer set in curl_connect() */
@@ -1294,12 +1289,12 @@ static CURLcode multi_do(struct connectdata **connp, bool *done)
* figure out how to re-establish the connection.
*/
if(!data->multi) {
- result = multi_reconnect_request(connp);
+ result = multi_reconnect_request(data);
if(!result) {
/* ... finally back to actually retry the DO phase */
- conn = *connp; /* re-assign conn since multi_reconnect_request
- creates a new connection */
+ conn = data->conn; /* re-assign conn since multi_reconnect_request
+ creates a new connection */
result = conn->handler->do_it(conn, done);
}
}
@@ -1368,13 +1363,13 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
bool stream_error = FALSE;
rc = CURLM_OK;
- if(!data->easy_conn &&
+ if(!data->conn &&
data->mstate > CURLM_STATE_CONNECT &&
data->mstate < CURLM_STATE_DONE) {
- /* In all these states, the code will blindly access 'data->easy_conn'
+ /* In all these states, the code will blindly access 'data->conn'
so this is precaution that it isn't NULL. And it silences static
analyzers. */
- failf(data, "In state %d with no easy_conn, bail out!\n", data->mstate);
+ failf(data, "In state %d with no conn, bail out!\n", data->mstate);
return CURLM_INTERNAL_ERROR;
}
@@ -1383,13 +1378,13 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
process_pending_handles(multi); /* pipelined/multiplexed */
}
- if(data->easy_conn && data->mstate > CURLM_STATE_CONNECT &&
+ if(data->conn && data->mstate > CURLM_STATE_CONNECT &&
data->mstate < CURLM_STATE_COMPLETED) {
/* Make sure we set the connection's current owner */
- data->easy_conn->data = data;
+ data->conn->data = data;
}
- if(data->easy_conn &&
+ if(data->conn &&
(data->mstate >= CURLM_STATE_CONNECT) &&
(data->mstate < CURLM_STATE_COMPLETED)) {
/* we need to wait for the connect state as only then is the start time
@@ -1401,23 +1396,26 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
if(timeout_ms < 0) {
/* Handle timed out */
if(data->mstate == CURLM_STATE_WAITRESOLVE)
- failf(data, "Resolving timed out after %ld milliseconds",
+ failf(data, "Resolving timed out after %" CURL_FORMAT_TIMEDIFF_T
+ " milliseconds",
Curl_timediff(now, data->progress.t_startsingle));
else if(data->mstate == CURLM_STATE_WAITCONNECT)
- failf(data, "Connection timed out after %ld milliseconds",
+ failf(data, "Connection timed out after %" CURL_FORMAT_TIMEDIFF_T
+ " milliseconds",
Curl_timediff(now, data->progress.t_startsingle));
else {
k = &data->req;
if(k->size != -1) {
- failf(data, "Operation timed out after %ld milliseconds with %"
- CURL_FORMAT_CURL_OFF_T " out of %"
+ failf(data, "Operation timed out after %" CURL_FORMAT_TIMEDIFF_T
+ " milliseconds with %" CURL_FORMAT_CURL_OFF_T " out of %"
CURL_FORMAT_CURL_OFF_T " bytes received",
Curl_timediff(now, data->progress.t_startsingle),
k->bytecount, k->size);
}
else {
- failf(data, "Operation timed out after %ld milliseconds with %"
- CURL_FORMAT_CURL_OFF_T " bytes received",
+ failf(data, "Operation timed out after %" CURL_FORMAT_TIMEDIFF_T
+ " milliseconds with %" CURL_FORMAT_CURL_OFF_T
+ " bytes received",
Curl_timediff(now, data->progress.t_startsingle),
k->bytecount);
}
@@ -1425,11 +1423,11 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
/* Force connection closed if the connection has indeed been used */
if(data->mstate > CURLM_STATE_DO) {
- streamclose(data->easy_conn, "Disconnected with pending data");
+ streamclose(data->conn, "Disconnected with pending data");
stream_error = TRUE;
}
result = CURLE_OPERATION_TIMEDOUT;
- (void)multi_done(&data->easy_conn, result, TRUE);
+ (void)multi_done(data, result, TRUE);
/* Skip the statemachine and go directly to error handling section. */
goto statemachine_end;
}
@@ -1456,8 +1454,13 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
case CURLM_STATE_CONNECT:
/* Connect. We want to get a connection identifier filled in. */
Curl_pgrsTime(data, TIMER_STARTSINGLE);
- result = Curl_connect(data, &data->easy_conn,
- &async, &protocol_connect);
+ if(data->set.timeout)
+ Curl_expire(data, data->set.timeout, EXPIRE_TIMEOUT);
+
+ if(data->set.connecttimeout)
+ Curl_expire(data, data->set.connecttimeout, EXPIRE_CONNECTTIMEOUT);
+
+ result = Curl_connect(data, &async, &protocol_connect);
if(CURLE_NO_CONNECTION_AVAILABLE == result) {
/* There was no connection available. We will go to the pending
state and wait for an available connection. */
@@ -1472,7 +1475,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
if(!result) {
/* Add this handle to the send or pend pipeline */
- result = Curl_add_handle_to_pipeline(data, data->easy_conn);
+ result = Curl_add_handle_to_pipeline(data, data->conn);
if(result)
stream_error = TRUE;
else {
@@ -1490,7 +1493,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
CURLM_STATE_WAITDO:CURLM_STATE_DO);
else {
#ifndef CURL_DISABLE_HTTP
- if(Curl_connect_ongoing(data->easy_conn))
+ if(Curl_connect_ongoing(data->conn))
multistate(data, CURLM_STATE_WAITPROXYCONNECT);
else
#endif
@@ -1505,7 +1508,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
/* awaiting an asynch name resolve to complete */
{
struct Curl_dns_entry *dns = NULL;
- struct connectdata *conn = data->easy_conn;
+ struct connectdata *conn = data->conn;
const char *hostname;
if(conn->bits.httpproxy)
@@ -1528,7 +1531,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
}
if(!dns)
- result = Curl_resolv_check(data->easy_conn, &dns);
+ result = Curl_resolv_check(data->conn, &dns);
/* Update sockets here, because the socket(s) may have been
closed and the application thus needs to be told, even if it
@@ -1541,12 +1544,12 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
if(dns) {
/* Perform the next step in the connection phase, and then move on
to the WAITCONNECT state */
- result = Curl_once_resolved(data->easy_conn, &protocol_connect);
+ result = Curl_once_resolved(data->conn, &protocol_connect);
if(result)
/* if Curl_once_resolved() returns failure, the connection struct
is already freed and gone */
- data->easy_conn = NULL; /* no more connection */
+ Curl_detach_connnection(data); /* no more connection */
else {
/* call again please so that we get the next socket setup */
rc = CURLM_CALL_MULTI_PERFORM;
@@ -1555,7 +1558,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
CURLM_STATE_WAITDO:CURLM_STATE_DO);
else {
#ifndef CURL_DISABLE_HTTP
- if(Curl_connect_ongoing(data->easy_conn))
+ if(Curl_connect_ongoing(data->conn))
multistate(data, CURLM_STATE_WAITPROXYCONNECT);
else
#endif
@@ -1575,19 +1578,19 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
#ifndef CURL_DISABLE_HTTP
case CURLM_STATE_WAITPROXYCONNECT:
/* this is HTTP-specific, but sending CONNECT to a proxy is HTTP... */
- result = Curl_http_connect(data->easy_conn, &protocol_connect);
+ result = Curl_http_connect(data->conn, &protocol_connect);
- if(data->easy_conn->bits.proxy_connect_closed) {
+ if(data->conn->bits.proxy_connect_closed) {
rc = CURLM_CALL_MULTI_PERFORM;
/* connect back to proxy again */
result = CURLE_OK;
- multi_done(&data->easy_conn, CURLE_OK, FALSE);
+ multi_done(data, CURLE_OK, FALSE);
multistate(data, CURLM_STATE_CONNECT);
}
else if(!result) {
- if((data->easy_conn->http_proxy.proxytype != CURLPROXY_HTTPS ||
- data->easy_conn->bits.proxy_ssl_connected[FIRSTSOCKET]) &&
- Curl_connect_complete(data->easy_conn)) {
+ if((data->conn->http_proxy.proxytype != CURLPROXY_HTTPS ||
+ data->conn->bits.proxy_ssl_connected[FIRSTSOCKET]) &&
+ Curl_connect_complete(data->conn)) {
rc = CURLM_CALL_MULTI_PERFORM;
/* initiate protocol connect phase */
multistate(data, CURLM_STATE_SENDPROTOCONNECT);
@@ -1600,18 +1603,18 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
case CURLM_STATE_WAITCONNECT:
/* awaiting a completion of an asynch TCP connect */
- result = Curl_is_connected(data->easy_conn, FIRSTSOCKET, &connected);
+ result = Curl_is_connected(data->conn, FIRSTSOCKET, &connected);
if(connected && !result) {
#ifndef CURL_DISABLE_HTTP
- if((data->easy_conn->http_proxy.proxytype == CURLPROXY_HTTPS &&
- !data->easy_conn->bits.proxy_ssl_connected[FIRSTSOCKET]) ||
- Curl_connect_ongoing(data->easy_conn)) {
+ if((data->conn->http_proxy.proxytype == CURLPROXY_HTTPS &&
+ !data->conn->bits.proxy_ssl_connected[FIRSTSOCKET]) ||
+ Curl_connect_ongoing(data->conn)) {
multistate(data, CURLM_STATE_WAITPROXYCONNECT);
break;
}
#endif
rc = CURLM_CALL_MULTI_PERFORM;
- multistate(data, data->easy_conn->bits.tunnel_proxy?
+ multistate(data, data->conn->bits.tunnel_proxy?
CURLM_STATE_WAITPROXYCONNECT:
CURLM_STATE_SENDPROTOCONNECT);
}
@@ -1624,7 +1627,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
break;
case CURLM_STATE_SENDPROTOCONNECT:
- result = Curl_protocol_connect(data->easy_conn, &protocol_connect);
+ result = Curl_protocol_connect(data->conn, &protocol_connect);
if(!result && !protocol_connect)
/* switch to waiting state */
multistate(data, CURLM_STATE_PROTOCONNECT);
@@ -1637,14 +1640,14 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
else if(result) {
/* failure detected */
Curl_posttransfer(data);
- multi_done(&data->easy_conn, result, TRUE);
+ multi_done(data, result, TRUE);
stream_error = TRUE;
}
break;
case CURLM_STATE_PROTOCONNECT:
/* protocol-specific connect phase */
- result = Curl_protocol_connecting(data->easy_conn, &protocol_connect);
+ result = Curl_protocol_connecting(data->conn, &protocol_connect);
if(!result && protocol_connect) {
/* after the connect has completed, go WAITDO or DO */
multistate(data, Curl_pipeline_wanted(multi, CURLPIPE_HTTP1)?
@@ -1654,14 +1657,14 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
else if(result) {
/* failure detected */
Curl_posttransfer(data);
- multi_done(&data->easy_conn, result, TRUE);
+ multi_done(data, result, TRUE);
stream_error = TRUE;
}
break;
case CURLM_STATE_WAITDO:
/* Wait for our turn to DO when we're pipelining requests */
- if(Curl_pipeline_checkget_write(data, data->easy_conn)) {
+ if(Curl_pipeline_checkget_write(data, data->conn)) {
/* Grabbed the channel */
multistate(data, CURLM_STATE_DO);
rc = CURLM_CALL_MULTI_PERFORM;
@@ -1671,16 +1674,16 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
case CURLM_STATE_DO:
if(data->set.connect_only) {
/* keep connection open for application to use the socket */
- connkeep(data->easy_conn, "CONNECT_ONLY");
+ connkeep(data->conn, "CONNECT_ONLY");
multistate(data, CURLM_STATE_DONE);
result = CURLE_OK;
rc = CURLM_CALL_MULTI_PERFORM;
}
else {
/* Perform the protocol's DO action */
- result = multi_do(&data->easy_conn, &dophase_done);
+ result = multi_do(data, &dophase_done);
- /* When multi_do() returns failure, data->easy_conn might be NULL! */
+ /* When multi_do() returns failure, data->conn might be NULL! */
if(!result) {
if(!dophase_done) {
@@ -1689,7 +1692,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
struct WildcardData *wc = &data->wildcard;
if(wc->state == CURLWC_DONE || wc->state == CURLWC_SKIP) {
/* skip some states if it is important */
- multi_done(&data->easy_conn, CURLE_OK, FALSE);
+ multi_done(data, CURLE_OK, FALSE);
multistate(data, CURLM_STATE_DONE);
rc = CURLM_CALL_MULTI_PERFORM;
break;
@@ -1702,7 +1705,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
}
/* after DO, go DO_DONE... or DO_MORE */
- else if(data->easy_conn->bits.do_more) {
+ else if(data->conn->bits.do_more) {
/* we're supposed to do more, but we need to sit down, relax
and wait a little while first */
multistate(data, CURLM_STATE_DO_MORE);
@@ -1715,7 +1718,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
}
}
else if((CURLE_SEND_ERROR == result) &&
- data->easy_conn->bits.reuse) {
+ data->conn->bits.reuse) {
/*
* In this situation, a connection that we were trying to use
* may have unexpectedly died. If possible, send the connection
@@ -1725,7 +1728,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
followtype follow = FOLLOW_NONE;
CURLcode drc;
- drc = Curl_retry_request(data->easy_conn, &newurl);
+ drc = Curl_retry_request(data->conn, &newurl);
if(drc) {
/* a failure here pretty much implies an out of memory */
result = drc;
@@ -1733,7 +1736,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
}
Curl_posttransfer(data);
- drc = multi_done(&data->easy_conn, result, FALSE);
+ drc = multi_done(data, result, FALSE);
/* When set to retry the connection, we must to go back to
* the CONNECT state */
@@ -1765,8 +1768,8 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
else {
/* failure detected */
Curl_posttransfer(data);
- if(data->easy_conn)
- multi_done(&data->easy_conn, result, FALSE);
+ if(data->conn)
+ multi_done(data, result, FALSE);
stream_error = TRUE;
}
}
@@ -1774,12 +1777,12 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
case CURLM_STATE_DOING:
/* we continue DOING until the DO phase is complete */
- result = Curl_protocol_doing(data->easy_conn,
+ result = Curl_protocol_doing(data->conn,
&dophase_done);
if(!result) {
if(dophase_done) {
/* after DO, go DO_DONE or DO_MORE */
- multistate(data, data->easy_conn->bits.do_more?
+ multistate(data, data->conn->bits.do_more?
CURLM_STATE_DO_MORE:
CURLM_STATE_DO_DONE);
rc = CURLM_CALL_MULTI_PERFORM;
@@ -1788,7 +1791,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
else {
/* failure detected */
Curl_posttransfer(data);
- multi_done(&data->easy_conn, result, FALSE);
+ multi_done(data, result, FALSE);
stream_error = TRUE;
}
break;
@@ -1797,7 +1800,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
/*
* When we are connected, DO MORE and then go DO_DONE
*/
- result = multi_do_more(data->easy_conn, &control);
+ result = multi_do_more(data->conn, &control);
/* No need to remove this handle from the send pipeline here since that
is done in multi_done() */
@@ -1817,27 +1820,27 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
else {
/* failure detected */
Curl_posttransfer(data);
- multi_done(&data->easy_conn, result, FALSE);
+ multi_done(data, result, FALSE);
stream_error = TRUE;
}
break;
case CURLM_STATE_DO_DONE:
/* Move ourselves from the send to recv pipeline */
- Curl_move_handle_from_send_to_recv_pipe(data, data->easy_conn);
+ Curl_move_handle_from_send_to_recv_pipe(data, data->conn);
- if(data->easy_conn->bits.multiplex || data->easy_conn->send_pipe.size)
+ if(data->conn->bits.multiplex || data->conn->send_pipe.size)
/* Check if we can move pending requests to send pipe */
process_pending_handles(multi); /* pipelined/multiplexed */
/* Only perform the transfer if there's a good socket to work with.
Having both BAD is a signal to skip immediately to DONE */
- if((data->easy_conn->sockfd != CURL_SOCKET_BAD) ||
- (data->easy_conn->writesockfd != CURL_SOCKET_BAD))
+ if((data->conn->sockfd != CURL_SOCKET_BAD) ||
+ (data->conn->writesockfd != CURL_SOCKET_BAD))
multistate(data, CURLM_STATE_WAITPERFORM);
else {
if(data->state.wildcardmatch &&
- ((data->easy_conn->handler->flags & PROTOPT_WILDCARD) == 0)) {
+ ((data->conn->handler->flags & PROTOPT_WILDCARD) == 0)) {
data->wildcard.state = CURLWC_DONE;
}
multistate(data, CURLM_STATE_DONE);
@@ -1847,7 +1850,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
case CURLM_STATE_WAITPERFORM:
/* Wait for our turn to PERFORM */
- if(Curl_pipeline_checkget_read(data, data->easy_conn)) {
+ if(Curl_pipeline_checkget_read(data, data->conn)) {
/* Grabbed the channel */
multistate(data, CURLM_STATE_PERFORM);
rc = CURLM_CALL_MULTI_PERFORM;
@@ -1856,7 +1859,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
case CURLM_STATE_TOOFAST: /* limit-rate exceeded in either direction */
/* if both rates are within spec, resume transfer */
- if(Curl_pgrsUpdate(data->easy_conn))
+ if(Curl_pgrsUpdate(data->conn))
result = CURLE_ABORTED_BY_CALLBACK;
else
result = Curl_speedcheck(data, now);
@@ -1926,24 +1929,24 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
}
/* read/write data if it is ready to do so */
- result = Curl_readwrite(data->easy_conn, data, &done, &comeback);
+ result = Curl_readwrite(data->conn, data, &done, &comeback);
k = &data->req;
if(!(k->keepon & KEEP_RECV))
/* We're done receiving */
- Curl_pipeline_leave_read(data->easy_conn);
+ Curl_pipeline_leave_read(data->conn);
if(!(k->keepon & KEEP_SEND))
/* We're done sending */
- Curl_pipeline_leave_write(data->easy_conn);
+ Curl_pipeline_leave_write(data->conn);
if(done || (result == CURLE_RECV_ERROR)) {
/* If CURLE_RECV_ERROR happens early enough, we assume it was a race
* condition and the server closed the re-used connection exactly when
* we wanted to use it, so figure out if that is indeed the case.
*/
- CURLcode ret = Curl_retry_request(data->easy_conn, &newurl);
+ CURLcode ret = Curl_retry_request(data->conn, &newurl);
if(!ret)
retry = (newurl)?TRUE:FALSE;
else if(!result)
@@ -1957,8 +1960,8 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
}
}
else if((CURLE_HTTP2_STREAM == result) &&
- Curl_h2_http_1_1_error(data->easy_conn)) {
- CURLcode ret = Curl_retry_request(data->easy_conn, &newurl);
+ Curl_h2_http_1_1_error(data->conn)) {
+ CURLcode ret = Curl_retry_request(data->conn, &newurl);
infof(data, "Forcing HTTP/1.1 for NTLM");
data->set.httpversion = CURL_HTTP_VERSION_1_1;
@@ -1985,12 +1988,12 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
* happened in the data connection.
*/
- if(!(data->easy_conn->handler->flags & PROTOPT_DUAL) &&
+ if(!(data->conn->handler->flags & PROTOPT_DUAL) &&
result != CURLE_HTTP2_STREAM)
- streamclose(data->easy_conn, "Transfer returned error");
+ streamclose(data->conn, "Transfer returned error");
Curl_posttransfer(data);
- multi_done(&data->easy_conn, result, TRUE);
+ multi_done(data, result, TRUE);
}
else if(done) {
followtype follow = FOLLOW_NONE;
@@ -1999,11 +2002,11 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
Curl_posttransfer(data);
/* we're no longer receiving */
- Curl_removeHandleFromPipeline(data, &data->easy_conn->recv_pipe);
+ Curl_removeHandleFromPipeline(data, &data->conn->recv_pipe);
/* expire the new receiving pipeline head */
- if(data->easy_conn->recv_pipe.head)
- Curl_expire(data->easy_conn->recv_pipe.head->ptr, 0, EXPIRE_RUN_NOW);
+ if(data->conn->recv_pipe.head)
+ Curl_expire(data->conn->recv_pipe.head->ptr, 0, EXPIRE_RUN_NOW);
/* When we follow redirects or is set to retry the connection, we must
to go back to the CONNECT state */
@@ -2018,7 +2021,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
}
else
follow = FOLLOW_RETRY;
- result = multi_done(&data->easy_conn, CURLE_OK, FALSE);
+ result = multi_done(data, CURLE_OK, FALSE);
if(!result) {
result = Curl_follow(data, newurl, follow);
if(!result) {
@@ -2041,7 +2044,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
free(newurl);
if(result) {
stream_error = TRUE;
- result = multi_done(&data->easy_conn, result, TRUE);
+ result = multi_done(data, result, TRUE);
}
}
@@ -2060,18 +2063,18 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
/* this state is highly transient, so run another loop after this */
rc = CURLM_CALL_MULTI_PERFORM;
- if(data->easy_conn) {
+ if(data->conn) {
CURLcode res;
/* Remove ourselves from the receive pipeline, if we are there. */
- Curl_removeHandleFromPipeline(data, &data->easy_conn->recv_pipe);
+ Curl_removeHandleFromPipeline(data, &data->conn->recv_pipe);
- if(data->easy_conn->bits.multiplex || data->easy_conn->send_pipe.size)
+ if(data->conn->bits.multiplex || data->conn->send_pipe.size)
/* Check if we can move pending requests to connection */
process_pending_handles(multi); /* pipelined/multiplexing */
/* post-transfer command */
- res = multi_done(&data->easy_conn, result, FALSE);
+ res = multi_done(data, result, FALSE);
/* allow a previously set error code take precedence */
if(!result)
@@ -2079,12 +2082,12 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
/*
* If there are other handles on the pipeline, multi_done won't set
- * easy_conn to NULL. In such a case, curl_multi_remove_handle() can
+ * conn to NULL. In such a case, curl_multi_remove_handle() can
* access free'd data, if the connection is free'd and the handle
* removed before we perform the processing in CURLM_STATE_COMPLETED
*/
- if(data->easy_conn)
- data->easy_conn = NULL;
+ if(data->conn)
+ Curl_detach_connnection(data);
}
if(data->state.wildcardmatch) {
@@ -2126,23 +2129,23 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
/* Check if we can move pending requests to send pipe */
process_pending_handles(multi); /* connection */
- if(data->easy_conn) {
+ if(data->conn) {
/* if this has a connection, unsubscribe from the pipelines */
- Curl_pipeline_leave_write(data->easy_conn);
- Curl_pipeline_leave_read(data->easy_conn);
- Curl_removeHandleFromPipeline(data, &data->easy_conn->send_pipe);
- Curl_removeHandleFromPipeline(data, &data->easy_conn->recv_pipe);
+ Curl_pipeline_leave_write(data->conn);
+ Curl_pipeline_leave_read(data->conn);
+ Curl_removeHandleFromPipeline(data, &data->conn->send_pipe);
+ Curl_removeHandleFromPipeline(data, &data->conn->recv_pipe);
if(stream_error) {
/* Don't attempt to send data over a connection that timed out */
bool dead_connection = result == CURLE_OPERATION_TIMEDOUT;
/* disconnect properly */
- Curl_disconnect(data, data->easy_conn, dead_connection);
+ Curl_disconnect(data, data->conn, dead_connection);
- /* This is where we make sure that the easy_conn pointer is reset.
+ /* This is where we make sure that the conn pointer is reset.
We don't have to do this in every case block above where a
failure is detected */
- data->easy_conn = NULL;
+ Curl_detach_connnection(data);
}
}
else if(data->mstate == CURLM_STATE_CONNECT) {
@@ -2154,11 +2157,11 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
rc = CURLM_CALL_MULTI_PERFORM;
}
/* if there's still a connection to use, call the progress function */
- else if(data->easy_conn && Curl_pgrsUpdate(data->easy_conn)) {
+ else if(data->conn && Curl_pgrsUpdate(data->conn)) {
/* aborted due to progress callback return code must close the
connection */
result = CURLE_ABORTED_BY_CALLBACK;
- streamclose(data->easy_conn, "Aborted by callback");
+ streamclose(data->conn, "Aborted by callback");
/* if not yet in DONE state, go there, otherwise COMPLETED */
multistate(data, (data->mstate < CURLM_STATE_DONE)?
@@ -2181,7 +2184,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
msg->extmsg.data.result = result;
rc = multi_addmsg(multi, msg);
- DEBUGASSERT(!data->easy_conn);
+ DEBUGASSERT(!data->conn);
}
multistate(data, CURLM_STATE_MSGSENT);
}
@@ -2261,9 +2264,9 @@ CURLMcode curl_multi_cleanup(struct Curl_multi *multi)
data = multi->easyp;
while(data) {
nextdata = data->next;
- if(!data->state.done && data->easy_conn)
+ if(!data->state.done && data->conn)
/* if DONE was never called for this handle */
- (void)multi_done(&data->easy_conn, CURLE_OK, TRUE);
+ (void)multi_done(data, CURLE_OK, TRUE);
if(data->dns.hostcachetype == HCACHE_MULTI) {
/* clear out the usage of the shared DNS cache */
Curl_hostcache_clean(data, data->dns.hostcache);
@@ -2356,6 +2359,9 @@ static CURLMcode singlesocket(struct Curl_multi *multi,
curl_socket_t s;
int num;
unsigned int curraction;
+ int actions[MAX_SOCKSPEREASYHANDLE];
+ unsigned int comboaction;
+ bool sincebefore = FALSE;
for(i = 0; i< MAX_SOCKSPEREASYHANDLE; i++)
socks[i] = CURL_SOCKET_BAD;
@@ -2372,7 +2378,8 @@ static CURLMcode singlesocket(struct Curl_multi *multi,
for(i = 0; (i< MAX_SOCKSPEREASYHANDLE) &&
(curraction & (GETSOCK_READSOCK(i) | GETSOCK_WRITESOCK(i)));
i++) {
- int action = CURL_POLL_NONE;
+ unsigned int action = CURL_POLL_NONE;
+ unsigned int prevaction = 0;
s = socks[i];
@@ -2384,29 +2391,70 @@ static CURLMcode singlesocket(struct Curl_multi *multi,
if(curraction & GETSOCK_WRITESOCK(i))
action |= CURL_POLL_OUT;
+ actions[i] = action;
if(entry) {
- /* yeps, already present so check if it has the same action set */
- if(entry->action == action)
- /* same, continue */
- continue;
+ /* check if new for this transfer */
+ for(i = 0; i< data->numsocks; i++) {
+ if(s == data->sockets[i]) {
+ prevaction = data->actions[i];
+ sincebefore = TRUE;
+ break;
+ }
+ }
+
}
else {
- /* this is a socket we didn't have before, add it! */
- entry = sh_addentry(&multi->sockhash, s, data);
+ /* this is a socket we didn't have before, add it to the hash! */
+ entry = sh_addentry(&multi->sockhash, s);
if(!entry)
/* fatal */
return CURLM_OUT_OF_MEMORY;
}
+ if(sincebefore && (prevaction != action)) {
+ /* Socket was used already, but different action now */
+ if(prevaction & CURL_POLL_IN)
+ entry->readers--;
+ if(prevaction & CURL_POLL_OUT)
+ entry->writers--;
+ if(action & CURL_POLL_IN)
+ entry->readers++;
+ if(action & CURL_POLL_OUT)
+ entry->writers++;
+ }
+ else if(!sincebefore) {
+ /* a new user */
+ entry->users++;
+ if(action & CURL_POLL_IN)
+ entry->readers++;
+ if(action & CURL_POLL_OUT)
+ entry->writers++;
+
+ /* add 'data' to the list of handles using this socket! */
+ Curl_llist_insert_next(&entry->list, entry->list.tail,
+ data, &data->sh_queue);
+ }
+
+ comboaction = (entry->writers? CURL_POLL_OUT : 0) |
+ (entry->readers ? CURL_POLL_IN : 0);
+
+#if 0
+ infof(data, "--- Comboaction: %u readers %u writers\n",
+ entry->readers, entry->writers);
+#endif
+ /* check if it has the same action set */
+ if(entry->action == comboaction)
+ /* same, continue */
+ continue;
/* we know (entry != NULL) at this point, see the logic above */
if(multi->socket_cb)
multi->socket_cb(data,
s,
- action,
+ comboaction,
multi->socket_userp,
entry->socketp);
- entry->action = action; /* store the current action state */
+ entry->action = comboaction; /* store the current action state */
}
num = i; /* number of sockets */
@@ -2415,73 +2463,45 @@ static CURLMcode singlesocket(struct Curl_multi *multi,
make sure to detect sockets that are removed */
for(i = 0; i< data->numsocks; i++) {
int j;
+ bool stillused = FALSE;
s = data->sockets[i];
- for(j = 0; j<num; j++) {
+ for(j = 0; j < num; j++) {
if(s == socks[j]) {
/* this is still supervised */
- s = CURL_SOCKET_BAD;
+ stillused = TRUE;
break;
}
}
+ if(stillused)
+ continue;
entry = sh_getentry(&multi->sockhash, s);
+ /* if this is NULL here, the socket has been closed and notified so
+ already by Curl_multi_closed() */
if(entry) {
- /* this socket has been removed. Tell the app to remove it */
- bool remove_sock_from_hash = TRUE;
-
- /* check if the socket to be removed serves a connection which has
- other easy-s in a pipeline. In this case the socket should not be
- removed. */
- struct connectdata *easy_conn = data->easy_conn;
- if(easy_conn) {
- if(easy_conn->recv_pipe.size > 1) {
- /* the handle should not be removed from the pipe yet */
- remove_sock_from_hash = FALSE;
-
- /* Update the sockhash entry to instead point to the next in line
- for the recv_pipe, or the first (in case this particular easy
- isn't already) */
- if(entry->easy == data) {
- if(Curl_recvpipe_head(data, easy_conn))
- entry->easy = easy_conn->recv_pipe.head->next->ptr;
- else
- entry->easy = easy_conn->recv_pipe.head->ptr;
- }
- }
- if(easy_conn->send_pipe.size > 1) {
- /* the handle should not be removed from the pipe yet */
- remove_sock_from_hash = FALSE;
-
- /* Update the sockhash entry to instead point to the next in line
- for the send_pipe, or the first (in case this particular easy
- isn't already) */
- if(entry->easy == data) {
- if(Curl_sendpipe_head(data, easy_conn))
- entry->easy = easy_conn->send_pipe.head->next->ptr;
- else
- entry->easy = easy_conn->send_pipe.head->ptr;
- }
- }
- /* Don't worry about overwriting recv_pipe head with send_pipe_head,
- when action will be asked on the socket (see multi_socket()), the
- head of the correct pipe will be taken according to the
- action. */
- }
-
- if(remove_sock_from_hash) {
- /* in this case 'entry' is always non-NULL */
+ int oldactions = data->actions[i];
+ /* this socket has been removed. Decrease user count */
+ entry->users--;
+ if(oldactions & CURL_POLL_OUT)
+ entry->writers--;
+ if(oldactions & CURL_POLL_IN)
+ entry->readers--;
+ if(!entry->users) {
if(multi->socket_cb)
- multi->socket_cb(data,
- s,
- CURL_POLL_REMOVE,
+ multi->socket_cb(data, s, CURL_POLL_REMOVE,
multi->socket_userp,
entry->socketp);
sh_delentry(&multi->sockhash, s);
}
- } /* if sockhash entry existed */
+ else {
+ /* remove this transfer as a user of this socket */
+ Curl_llist_remove(&entry->list, &data->sh_queue, NULL);
+ }
+ }
} /* for loop over numsocks */
memcpy(data->sockets, socks, num*sizeof(curl_socket_t));
+ memcpy(data->actions, actions, num*sizeof(int));
data->numsocks = num;
return CURLM_OK;
}
@@ -2621,46 +2641,50 @@ static CURLMcode multi_socket(struct Curl_multi *multi,
and just move on. */
;
else {
+ struct curl_llist *list = &entry->list;
+ struct curl_llist_element *e;
SIGPIPE_VARIABLE(pipe_st);
- data = entry->easy;
-
- if(data->magic != CURLEASY_MAGIC_NUMBER)
- /* bad bad bad bad bad bad bad */
- return CURLM_INTERNAL_ERROR;
-
- /* If the pipeline is enabled, take the handle which is in the head of
- the pipeline. If we should write into the socket, take the send_pipe
- head. If we should read from the socket, take the recv_pipe head. */
- if(data->easy_conn) {
- if((ev_bitmask & CURL_POLL_OUT) &&
- data->easy_conn->send_pipe.head)
- data = data->easy_conn->send_pipe.head->ptr;
- else if((ev_bitmask & CURL_POLL_IN) &&
- data->easy_conn->recv_pipe.head)
- data = data->easy_conn->recv_pipe.head->ptr;
- }
+ /* the socket can be shared by many transfers, iterate */
+ for(e = list->head; e; e = e->next) {
+ data = (struct Curl_easy *)e->ptr;
+
+ if(data->magic != CURLEASY_MAGIC_NUMBER)
+ /* bad bad bad bad bad bad bad */
+ return CURLM_INTERNAL_ERROR;
+
+ /* If the pipeline is enabled, take the handle which is in the head of
+ the pipeline. If we should write into the socket, take the
+ send_pipe head. If we should read from the socket, take the
+ recv_pipe head. */
+ if(data->conn) {
+ if((ev_bitmask & CURL_POLL_OUT) &&
+ data->conn->send_pipe.head)
+ data = data->conn->send_pipe.head->ptr;
+ else if((ev_bitmask & CURL_POLL_IN) &&
+ data->conn->recv_pipe.head)
+ data = data->conn->recv_pipe.head->ptr;
+ }
- if(data->easy_conn &&
- !(data->easy_conn->handler->flags & PROTOPT_DIRLOCK))
- /* set socket event bitmask if they're not locked */
- data->easy_conn->cselect_bits = ev_bitmask;
+ if(data->conn && !(data->conn->handler->flags & PROTOPT_DIRLOCK))
+ /* set socket event bitmask if they're not locked */
+ data->conn->cselect_bits = ev_bitmask;
- sigpipe_ignore(data, &pipe_st);
- result = multi_runsingle(multi, now, data);
- sigpipe_restore(&pipe_st);
+ sigpipe_ignore(data, &pipe_st);
+ result = multi_runsingle(multi, now, data);
+ sigpipe_restore(&pipe_st);
- if(data->easy_conn &&
- !(data->easy_conn->handler->flags & PROTOPT_DIRLOCK))
- /* clear the bitmask only if not locked */
- data->easy_conn->cselect_bits = 0;
+ if(data->conn && !(data->conn->handler->flags & PROTOPT_DIRLOCK))
+ /* clear the bitmask only if not locked */
+ data->conn->cselect_bits = 0;
- if(CURLM_OK >= result) {
- /* get the socket(s) and check if the state has been changed since
- last */
- result = singlesocket(multi, data);
- if(result)
- return result;
+ if(CURLM_OK >= result) {
+ /* get the socket(s) and check if the state has been changed since
+ last */
+ result = singlesocket(multi, data);
+ if(result)
+ return result;
+ }
}
/* Now we fall-through and do the timer-based stuff, since we don't want
@@ -3004,6 +3028,9 @@ void Curl_expire(struct Curl_easy *data, time_t milli, expire_id id)
DEBUGASSERT(id < EXPIRE_LAST);
+ infof(data, "Expire in %ld ms for %x (transfer %p)\n",
+ (long)milli, id, data);
+
set = Curl_now();
set.tv_sec += milli/1000;
set.tv_usec += (unsigned int)(milli%1000)*1000;
@@ -3095,7 +3122,7 @@ void Curl_expire_clear(struct Curl_easy *data)
}
#ifdef DEBUGBUILD
- infof(data, "Expire cleared\n");
+ infof(data, "Expire cleared (transfer %p)\n", data);
#endif
nowp->tv_sec = 0;
nowp->tv_usec = 0;
diff --git a/libs/libcurl/src/multiif.h b/libs/libcurl/src/multiif.h
index e44646bf9d..ed35ef4275 100644
--- a/libs/libcurl/src/multiif.h
+++ b/libs/libcurl/src/multiif.h
@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -31,7 +31,9 @@ void Curl_expire(struct Curl_easy *data, time_t milli, expire_id);
void Curl_expire_clear(struct Curl_easy *data);
void Curl_expire_done(struct Curl_easy *data, expire_id id);
bool Curl_pipeline_wanted(const struct Curl_multi* multi, int bits);
-void Curl_multi_handlePipeBreak(struct Curl_easy *data);
+void Curl_detach_connnection(struct Curl_easy *data);
+void Curl_attach_connnection(struct Curl_easy *data,
+ struct connectdata *conn);
void Curl_set_in_callback(struct Curl_easy *data, bool value);
bool Curl_is_in_callback(struct Curl_easy *easy);
diff --git a/libs/libcurl/src/objnames-test08.sh b/libs/libcurl/src/objnames-test08.sh
deleted file mode 100644
index 485975765c..0000000000
--- a/libs/libcurl/src/objnames-test08.sh
+++ /dev/null
@@ -1,217 +0,0 @@
-#!/bin/sh
-# ***************************************************************************
-# * _ _ ____ _
-# * Project ___| | | | _ \| |
-# * / __| | | | |_) | |
-# * | (__| |_| | _ <| |___
-# * \___|\___/|_| \_\_____|
-# *
-# * Copyright (C) 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
-# *
-# * This software is licensed as described in the file COPYING, which
-# * you should have received as part of this distribution. The terms
-# * are also available at https://curl.haxx.se/docs/copyright.html.
-# *
-# * You may opt to use, copy, modify, merge, publish, distribute and/or sell
-# * copies of the Software, and permit persons to whom the Software is
-# * furnished to do so, under the terms of the COPYING file.
-# *
-# * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
-# * KIND, either express or implied.
-# *
-# ***************************************************************************
-
-#
-# This Bourne shell script file is used by test case 1222 to do
-# unit testing of curl_8char_object_name() shell function which
-# is defined in file objnames.inc and sourced by this file and
-# any other shell script that may use it.
-#
-
-#
-# argument validation
-#
-
-if test $# -eq 1; then
- :
-else
- echo "Usage: ${0} srcdir"
- exit 1
-fi
-
-if test -f "${1}/runtests.pl"; then
- :
-else
- echo "${0}: Wrong srcdir"
- exit 1
-fi
-
-srcdir=${1}
-
-if test -f "$srcdir/../lib/objnames.inc"; then
- :
-else
- echo "$0: Missing objnames.inc"
- exit 1
-fi
-
-#
-# Some variables
-#
-
-logdir=log
-tstnum=1222
-
-list_c=$logdir/${tstnum}_list_c
-list_obj=$logdir/${tstnum}_list_obj
-list_obj_c=$logdir/${tstnum}_list_obj_c
-list_obj_uniq=$logdir/${tstnum}_list_obj_uniq
-
-
-#
-# Source curl_8char_object_name() function definition
-#
-
-. $srcdir/../lib/objnames.inc
-
-#
-# Some curl_8char_object_name() unit tests
-#
-
-echo 'Testing curl_8char_object_name...'
-echo ""
-
-argstr=123__678__ABC__FGH__KLM__PQRSTUV
-expect=16AFKPQR
-outstr=`curl_8char_object_name $argstr`
-echo "result: $outstr expected: $expect input: $argstr"
-
-argstr=123__678__ABC__FGH__KLM__PQ.S.UV
-expect=16AFKPQ
-outstr=`curl_8char_object_name $argstr`
-echo "result: $outstr expected: $expect input: $argstr"
-
-argstr=123__678__ABC..FGH..KLM..PQRSTUV
-expect=16ABC
-outstr=`curl_8char_object_name $argstr`
-echo "result: $outstr expected: $expect input: $argstr"
-
-argstr=123__678_.ABC._FGH__KLM__PQRSTUV
-expect=16
-outstr=`curl_8char_object_name $argstr`
-echo "result: $outstr expected: $expect input: $argstr"
-
-argstr=123.567.90ABCDEFGHIJKLMNOPQRSTUV
-expect=123
-outstr=`curl_8char_object_name $argstr`
-echo "result: $outstr expected: $expect input: $argstr"
-
-argstr=1234567.90A.CDEFGHIJKLMNOPQRSTUV
-expect=1234567
-outstr=`curl_8char_object_name $argstr`
-echo "result: $outstr expected: $expect input: $argstr"
-
-argstr=1234567890.BCD.FGHIJKLMNOPQRSTUV
-expect=12345678
-outstr=`curl_8char_object_name $argstr`
-echo "result: $outstr expected: $expect input: $argstr"
-
-argstr=12=45-78+0AB.DE.GHIJKLMNOPQRSTUV
-expect=1470AB
-outstr=`curl_8char_object_name $argstr`
-echo "result: $outstr expected: $expect input: $argstr"
-
-argstr=1234567890ABCDEFGHIJKLMNOPQRSTUV
-expect=12345678
-outstr=`curl_8char_object_name $argstr`
-echo "result: $outstr expected: $expect input: $argstr"
-
-argstr=123_567_90A_CDE_GHIJKLMNOPQRSTUV
-expect=159CGHIJ
-outstr=`curl_8char_object_name $argstr`
-echo "result: $outstr expected: $expect input: $argstr"
-
-argstr=123_567_90A_CDEFGHIJKLMNOPQRSTUV
-expect=159CDEFG
-outstr=`curl_8char_object_name $argstr`
-echo "result: $outstr expected: $expect input: $argstr"
-
-argstr=123_567_90ABCDEFGHIJKLMNOPQRSTUV
-expect=1590ABCD
-outstr=`curl_8char_object_name $argstr`
-echo "result: $outstr expected: $expect input: $argstr"
-
-argstr=123_567890ABCDEFGHIJKLMNOPQRSTUV
-expect=1567890A
-outstr=`curl_8char_object_name $argstr`
-echo "result: $outstr expected: $expect input: $argstr"
-
-argstr=1234567890ABCDEFGHIJKLMNOPQRSTUV
-expect=12345678
-outstr=`curl_8char_object_name $argstr`
-echo "result: $outstr expected: $expect input: $argstr"
-
-#
-# Verify that generated object name is distinct for
-# all *.c source files in lib and src subdirectories.
-#
-
-ls $srcdir/../lib/*.c > $list_c
-ls $srcdir/../src/*.c >> $list_c
-
-rm -f $list_obj
-
-for c_fname in `cat $list_c`; do
- obj_name=`curl_8char_object_name $c_fname`
- echo "$obj_name" >> $list_obj
-done
-
-sort -u $list_obj > $list_obj_uniq
-
-cnt_c=`cat $list_c | wc -l`
-cnt_u=`cat $list_obj_uniq | wc -l`
-
-echo ""
-echo ""
-echo ""
-if test $cnt_c -eq $cnt_u; then
- echo "8-characters-or-less generated object names are unique."
- obj_name_clash="no"
-else
- echo "8-characters-or-less generated object names are clashing..."
- obj_name_clash="yes"
-fi
-
-if test $obj_name_clash = "yes"; then
- #
- # Show clashing object names and respective source file names
- #
- echo ""
- paste $list_obj $list_c | sort > $list_obj_c
- prev_match="no"
- prev_line="unknown"
- prev_obj_name="unknown"
- while read this_line; do
- obj_name=`echo "$this_line" | cut -f1`
- if test "x$obj_name" = "x$prev_obj_name"; then
- if test "x$prev_match" != "xyes"; then
- echo "$prev_line"
- echo "$this_line"
- prev_match="yes"
- else
- echo "$this_line"
- fi
- else
- prev_match="no"
- fi
- prev_line=$this_line
- prev_obj_name=$obj_name
- done < $list_obj_c
-fi
-
-rm -f $list_c
-rm -f $list_obj
-rm -f $list_obj_c
-rm -f $list_obj_uniq
-
-# end of objnames-test.sh
diff --git a/libs/libcurl/src/objnames-test10.sh b/libs/libcurl/src/objnames-test10.sh
deleted file mode 100644
index 62184b8640..0000000000
--- a/libs/libcurl/src/objnames-test10.sh
+++ /dev/null
@@ -1,217 +0,0 @@
-#!/bin/sh
-# ***************************************************************************
-# * _ _ ____ _
-# * Project ___| | | | _ \| |
-# * / __| | | | |_) | |
-# * | (__| |_| | _ <| |___
-# * \___|\___/|_| \_\_____|
-# *
-# * Copyright (C) 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
-# *
-# * This software is licensed as described in the file COPYING, which
-# * you should have received as part of this distribution. The terms
-# * are also available at https://curl.haxx.se/docs/copyright.html.
-# *
-# * You may opt to use, copy, modify, merge, publish, distribute and/or sell
-# * copies of the Software, and permit persons to whom the Software is
-# * furnished to do so, under the terms of the COPYING file.
-# *
-# * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
-# * KIND, either express or implied.
-# *
-# ***************************************************************************
-
-#
-# This Bourne shell script file is used by test case 1221 to do
-# unit testing of curl_10char_object_name() shell function which
-# is defined in file objnames.inc and sourced by this file and
-# any other shell script that may use it.
-#
-
-#
-# argument validation
-#
-
-if test $# -eq 1; then
- :
-else
- echo "Usage: ${0} srcdir"
- exit 1
-fi
-
-if test -f "${1}/runtests.pl"; then
- :
-else
- echo "${0}: Wrong srcdir"
- exit 1
-fi
-
-srcdir=${1}
-
-if test -f "$srcdir/../lib/objnames.inc"; then
- :
-else
- echo "$0: Missing objnames.inc"
- exit 1
-fi
-
-#
-# Some variables
-#
-
-logdir=log
-tstnum=1221
-
-list_c=$logdir/${tstnum}_list_c
-list_obj=$logdir/${tstnum}_list_obj
-list_obj_c=$logdir/${tstnum}_list_obj_c
-list_obj_uniq=$logdir/${tstnum}_list_obj_uniq
-
-
-#
-# Source curl_10char_object_name() function definition
-#
-
-. $srcdir/../lib/objnames.inc
-
-#
-# Some curl_10char_object_name() unit tests
-#
-
-echo 'Testing curl_10char_object_name...'
-echo ""
-
-argstr=123__678__ABC__FGH__KLM__PQRSTUV
-expect=16AFKPQRST
-outstr=`curl_10char_object_name $argstr`
-echo "result: $outstr expected: $expect input: $argstr"
-
-argstr=123__678__ABC__FGH__KLM__PQ.S.UV
-expect=16AFKPQ
-outstr=`curl_10char_object_name $argstr`
-echo "result: $outstr expected: $expect input: $argstr"
-
-argstr=123__678__ABC..FGH..KLM..PQRSTUV
-expect=16ABC
-outstr=`curl_10char_object_name $argstr`
-echo "result: $outstr expected: $expect input: $argstr"
-
-argstr=123__678_.ABC._FGH__KLM__PQRSTUV
-expect=16
-outstr=`curl_10char_object_name $argstr`
-echo "result: $outstr expected: $expect input: $argstr"
-
-argstr=123.567.90ABCDEFGHIJKLMNOPQRSTUV
-expect=123
-outstr=`curl_10char_object_name $argstr`
-echo "result: $outstr expected: $expect input: $argstr"
-
-argstr=1234567.90A.CDEFGHIJKLMNOPQRSTUV
-expect=1234567
-outstr=`curl_10char_object_name $argstr`
-echo "result: $outstr expected: $expect input: $argstr"
-
-argstr=1234567890.BCD.FGHIJKLMNOPQRSTUV
-expect=1234567890
-outstr=`curl_10char_object_name $argstr`
-echo "result: $outstr expected: $expect input: $argstr"
-
-argstr=12=45-78+0AB.DE.GHIJKLMNOPQRSTUV
-expect=1470AB
-outstr=`curl_10char_object_name $argstr`
-echo "result: $outstr expected: $expect input: $argstr"
-
-argstr=1234567890ABCDEFGHIJKLMNOPQRSTUV
-expect=1234567890
-outstr=`curl_10char_object_name $argstr`
-echo "result: $outstr expected: $expect input: $argstr"
-
-argstr=123_567_90A_CDE_GHIJKLMNOPQRSTUV
-expect=159CGHIJKL
-outstr=`curl_10char_object_name $argstr`
-echo "result: $outstr expected: $expect input: $argstr"
-
-argstr=123_567_90A_CDEFGHIJKLMNOPQRSTUV
-expect=159CDEFGHI
-outstr=`curl_10char_object_name $argstr`
-echo "result: $outstr expected: $expect input: $argstr"
-
-argstr=123_567_90ABCDEFGHIJKLMNOPQRSTUV
-expect=1590ABCDEF
-outstr=`curl_10char_object_name $argstr`
-echo "result: $outstr expected: $expect input: $argstr"
-
-argstr=123_567890ABCDEFGHIJKLMNOPQRSTUV
-expect=1567890ABC
-outstr=`curl_10char_object_name $argstr`
-echo "result: $outstr expected: $expect input: $argstr"
-
-argstr=1234567890ABCDEFGHIJKLMNOPQRSTUV
-expect=1234567890
-outstr=`curl_10char_object_name $argstr`
-echo "result: $outstr expected: $expect input: $argstr"
-
-#
-# Verify that generated object name is distinct for
-# all *.c source files in lib and src subdirectories.
-#
-
-ls $srcdir/../lib/*.c > $list_c
-ls $srcdir/../src/*.c >> $list_c
-
-rm -f $list_obj
-
-for c_fname in `cat $list_c`; do
- obj_name=`curl_10char_object_name $c_fname`
- echo "$obj_name" >> $list_obj
-done
-
-sort -u $list_obj > $list_obj_uniq
-
-cnt_c=`cat $list_c | wc -l`
-cnt_u=`cat $list_obj_uniq | wc -l`
-
-echo ""
-echo ""
-echo ""
-if test $cnt_c -eq $cnt_u; then
- echo "10-characters-or-less generated object names are unique."
- obj_name_clash="no"
-else
- echo "10-characters-or-less generated object names are clashing..."
- obj_name_clash="yes"
-fi
-
-if test $obj_name_clash = "yes"; then
- #
- # Show clashing object names and respective source file names
- #
- echo ""
- paste $list_obj $list_c | sort > $list_obj_c
- prev_match="no"
- prev_line="unknown"
- prev_obj_name="unknown"
- while read this_line; do
- obj_name=`echo "$this_line" | cut -f1`
- if test "x$obj_name" = "x$prev_obj_name"; then
- if test "x$prev_match" != "xyes"; then
- echo "$prev_line"
- echo "$this_line"
- prev_match="yes"
- else
- echo "$this_line"
- fi
- else
- prev_match="no"
- fi
- prev_line=$this_line
- prev_obj_name=$obj_name
- done < $list_obj_c
-fi
-
-rm -f $list_c
-rm -f $list_obj
-rm -f $list_obj_c
-rm -f $list_obj_uniq
-
-# end of objnames-test10.sh
diff --git a/libs/libcurl/src/objnames.inc b/libs/libcurl/src/objnames.inc
deleted file mode 100644
index e362f6e8e1..0000000000
--- a/libs/libcurl/src/objnames.inc
+++ /dev/null
@@ -1,107 +0,0 @@
-# ***************************************************************************
-# * _ _ ____ _
-# * Project ___| | | | _ \| |
-# * / __| | | | |_) | |
-# * | (__| |_| | _ <| |___
-# * \___|\___/|_| \_\_____|
-# *
-# * Copyright (C) 2012 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
-# *
-# * This software is licensed as described in the file COPYING, which
-# * you should have received as part of this distribution. The terms
-# * are also available at https://curl.haxx.se/docs/copyright.html.
-# *
-# * You may opt to use, copy, modify, merge, publish, distribute and/or sell
-# * copies of the Software, and permit persons to whom the Software is
-# * furnished to do so, under the terms of the COPYING file.
-# *
-# * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
-# * KIND, either express or implied.
-# *
-# ***************************************************************************
-
-#
-# This file is sourced from curl/packages/OS400/initscript.sh and
-# other Bourne shell scripts. Keep it as portable as possible.
-#
-
-#
-# curl_10char_object_name
-#
-# This shell function accepts a single string argument with unspecified
-# length representing a (*.c) source file name and returns a string which
-# is a transformation of given argument.
-#
-# The intended purpose of this function is to transliterate a (*.c) source
-# file name that may be longer than 10 characters, or not, into a string
-# with at most 10 characters which may be used as an OS/400 object name.
-#
-# This function might not be universally useful, nor we care about it.
-#
-# It is intended to be used with libcurl's (*.c) source file names, so
-# dependency on libcurl's source file naming scheme is acceptable and
-# good enough for its intended use. Specifically it makes use of the fact
-# that libcurl's (*.c) source file names which may be longer than 10 chars
-# are conformed with underscore '_' separated substrings, or separated by
-# other character which does not belong to the [0-9], [a-z] or [A-Z] sets.
-#
-# This allows repeatable and automatic short object name generation with
-# no need for a hardcoded mapping table.
-#
-# Transformation is done in the following way:
-#
-# 1) Leading directory components are removed.
-# 2) Leftmost dot character and any other char following it are removed.
-# 3) Lowercase characters are transliterated to uppercase.
-# 4) Characters not in [A-Z] or [0-9] are transliterated to underscore '_'.
-# 5) Every sequence of one or more underscores is replaced with a single one.
-# 6) Five leftmost substrings which end in an underscore character are
-# replaced by the first character of each substring, while retaining
-# the rest of the string.
-# 7) Finally the result is truncated to 10 characters.
-#
-# Resulting object name may be shorter than 10 characters.
-#
-# Test case 1221 does unit testng of this function and also verifies
-# that it is possible to generate distinct short object names for all
-# curl and libcurl *.c source file names.
-#
-
-curl_10char_object_name() {
- echo "${1}" | \
- sed -e 's:.*/::' \
- -e 's:[.].*::' \
- -e 'y:abcdefghijklmnopqrstuvwxyz:ABCDEFGHIJKLMNOPQRSTUVWXYZ:' \
- -e 's:[^ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890_]:_:g' \
- -e 's:__*:_:g' \
- -e 's:\([^_]\)[^_]*_\(.*\):\1\2:' \
- -e 's:\([^_]\)\([^_]\)[^_]*_\(.*\):\1\2\3:' \
- -e 's:\([^_]\)\([^_]\)\([^_]\)[^_]*_\(.*\):\1\2\3\4:' \
- -e 's:\([^_]\)\([^_]\)\([^_]\)\([^_]\)[^_]*_\(.*\):\1\2\3\4\5:' \
- -e 's:\([^_]\)\([^_]\)\([^_]\)\([^_]\)\([^_]\)[^_]*_\(.*\):\1\2\3\4\5\6:' \
- -e 's:^\(..........\).*:\1:'
-}
-
-#
-# curl_8char_object_name
-#
-# Same as curl_10char_object_name() description and details above, except
-# that object name is limited to 8 characters maximum.
-#
-
-curl_8char_object_name() {
- echo "${1}" | \
- sed -e 's:.*/::' \
- -e 's:[.].*::' \
- -e 'y:abcdefghijklmnopqrstuvwxyz:ABCDEFGHIJKLMNOPQRSTUVWXYZ:' \
- -e 's:[^ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890_]:_:g' \
- -e 's:__*:_:g' \
- -e 's:\([^_]\)[^_]*_\(.*\):\1\2:' \
- -e 's:\([^_]\)\([^_]\)[^_]*_\(.*\):\1\2\3:' \
- -e 's:\([^_]\)\([^_]\)\([^_]\)[^_]*_\(.*\):\1\2\3\4:' \
- -e 's:\([^_]\)\([^_]\)\([^_]\)\([^_]\)[^_]*_\(.*\):\1\2\3\4\5:' \
- -e 's:\([^_]\)\([^_]\)\([^_]\)\([^_]\)\([^_]\)[^_]*_\(.*\):\1\2\3\4\5\6:' \
- -e 's:^\(........\).*:\1:'
-}
-
-# end of objectname.inc
diff --git a/libs/libcurl/src/pingpong.c b/libs/libcurl/src/pingpong.c
index 2e93d201f1..e9568ee3de 100644
--- a/libs/libcurl/src/pingpong.c
+++ b/libs/libcurl/src/pingpong.c
@@ -44,7 +44,7 @@
/* Returns timeout in ms. 0 or negative number means the timeout has already
triggered */
-time_t Curl_pp_state_timeout(struct pingpong *pp)
+time_t Curl_pp_state_timeout(struct pingpong *pp, bool disconnecting)
{
struct connectdata *conn = pp->conn;
struct Curl_easy *data = conn->data;
@@ -62,7 +62,7 @@ time_t Curl_pp_state_timeout(struct pingpong *pp)
timeout_ms = response_time -
Curl_timediff(Curl_now(), pp->response); /* spent time */
- if(data->set.timeout) {
+ if(data->set.timeout && !disconnecting) {
/* if timeout is requested, find out how much remaining time we have */
time_t timeout2_ms = data->set.timeout - /* timeout time */
Curl_timediff(Curl_now(), conn->now); /* spent time */
@@ -77,13 +77,14 @@ time_t Curl_pp_state_timeout(struct pingpong *pp)
/*
* Curl_pp_statemach()
*/
-CURLcode Curl_pp_statemach(struct pingpong *pp, bool block)
+CURLcode Curl_pp_statemach(struct pingpong *pp, bool block,
+ bool disconnecting)
{
struct connectdata *conn = pp->conn;
curl_socket_t sock = conn->sock[FIRSTSOCKET];
int rc;
time_t interval_ms;
- time_t timeout_ms = Curl_pp_state_timeout(pp);
+ time_t timeout_ms = Curl_pp_state_timeout(pp, disconnecting);
struct Curl_easy *data = conn->data;
CURLcode result = CURLE_OK;
diff --git a/libs/libcurl/src/pingpong.h b/libs/libcurl/src/pingpong.h
index 5ac8df876e..dbe1f8d3d7 100644
--- a/libs/libcurl/src/pingpong.h
+++ b/libs/libcurl/src/pingpong.h
@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -81,14 +81,15 @@ struct pingpong {
* called repeatedly until done. Set 'wait' to make it wait a while on the
* socket if there's no traffic.
*/
-CURLcode Curl_pp_statemach(struct pingpong *pp, bool block);
+CURLcode Curl_pp_statemach(struct pingpong *pp, bool block,
+ bool disconnecting);
/* initialize stuff to prepare for reading a fresh new response */
void Curl_pp_init(struct pingpong *pp);
/* Returns timeout in ms. 0 or negative number means the timeout has already
triggered */
-time_t Curl_pp_state_timeout(struct pingpong *pp);
+time_t Curl_pp_state_timeout(struct pingpong *pp, bool disconnecting);
/***********************************************************************
diff --git a/libs/libcurl/src/pop3.c b/libs/libcurl/src/pop3.c
index 05853f001d..4f65f289b4 100644
--- a/libs/libcurl/src/pop3.c
+++ b/libs/libcurl/src/pop3.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -208,7 +208,7 @@ static bool pop3_endofresp(struct connectdata *conn, char *line, size_t len,
/* Are we processing CAPA command responses? */
if(pop3c->state == POP3_CAPA) {
/* Do we have the terminating line? */
- if(len >= 1 && !memcmp(line, ".", 1))
+ if(len >= 1 && line[0] == '.')
/* Treat the response as a success */
*resp = '+';
else
@@ -226,7 +226,7 @@ static bool pop3_endofresp(struct connectdata *conn, char *line, size_t len,
}
/* Do we have a continuation response? */
- if(len >= 1 && !memcmp("+", line, 1)) {
+ if(len >= 1 && line[0] == '+') {
*resp = '*';
return TRUE;
@@ -1025,19 +1025,20 @@ static CURLcode pop3_multi_statemach(struct connectdata *conn, bool *done)
return result;
}
- result = Curl_pp_statemach(&pop3c->pp, FALSE);
+ result = Curl_pp_statemach(&pop3c->pp, FALSE, FALSE);
*done = (pop3c->state == POP3_STOP) ? TRUE : FALSE;
return result;
}
-static CURLcode pop3_block_statemach(struct connectdata *conn)
+static CURLcode pop3_block_statemach(struct connectdata *conn,
+ bool disconnecting)
{
CURLcode result = CURLE_OK;
struct pop3_conn *pop3c = &conn->proto.pop3c;
while(pop3c->state != POP3_STOP && !result)
- result = Curl_pp_statemach(&pop3c->pp, TRUE);
+ result = Curl_pp_statemach(&pop3c->pp, TRUE, disconnecting);
return result;
}
@@ -1235,7 +1236,7 @@ static CURLcode pop3_disconnect(struct connectdata *conn, bool dead_connection)
point! */
if(!dead_connection && pop3c->pp.conn && pop3c->pp.conn->bits.protoconnstart)
if(!pop3_perform_quit(conn))
- (void)pop3_block_statemach(conn); /* ignore errors on QUIT */
+ (void)pop3_block_statemach(conn, TRUE); /* ignore errors on QUIT */
/* Disconnect from the server */
Curl_pp_disconnect(&pop3c->pp);
diff --git a/libs/libcurl/src/setopt.c b/libs/libcurl/src/setopt.c
index 1627aba6df..d98ca66c91 100644
--- a/libs/libcurl/src/setopt.c
+++ b/libs/libcurl/src/setopt.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -803,12 +803,12 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option,
if(checkprefix("Set-Cookie:", argptr))
/* HTTP Header format line */
Curl_cookie_add(data, data->cookies, TRUE, FALSE, argptr + 11, NULL,
- NULL);
+ NULL, TRUE);
else
/* Netscape format line */
Curl_cookie_add(data, data->cookies, FALSE, FALSE, argptr, NULL,
- NULL);
+ NULL, TRUE);
Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE);
free(argptr);
@@ -860,6 +860,12 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option,
data->set.expect_100_timeout = arg;
break;
+ case CURLOPT_HTTP09_ALLOWED:
+ arg = va_arg(param, unsigned long);
+ if(arg > 1L)
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+ data->set.http09_allowed = arg ? TRUE : FALSE;
+ break;
#endif /* CURL_DISABLE_HTTP */
case CURLOPT_HTTPAUTH:
@@ -1693,8 +1699,8 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option,
TRUE : FALSE;
/* Update the current connection ssl_config. */
- if(data->easy_conn) {
- data->easy_conn->ssl_config.verifypeer =
+ if(data->conn) {
+ data->conn->ssl_config.verifypeer =
data->set.ssl.primary.verifypeer;
}
break;
@@ -1706,8 +1712,8 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option,
(0 != va_arg(param, long))?TRUE:FALSE;
/* Update the current connection proxy_ssl_config. */
- if(data->easy_conn) {
- data->easy_conn->proxy_ssl_config.verifypeer =
+ if(data->conn) {
+ data->conn->proxy_ssl_config.verifypeer =
data->set.proxy_ssl.primary.verifypeer;
}
break;
@@ -1730,8 +1736,8 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option,
data->set.ssl.primary.verifyhost = (0 != arg) ? TRUE : FALSE;
/* Update the current connection ssl_config. */
- if(data->easy_conn) {
- data->easy_conn->ssl_config.verifyhost =
+ if(data->conn) {
+ data->conn->ssl_config.verifyhost =
data->set.ssl.primary.verifyhost;
}
break;
@@ -1754,8 +1760,8 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option,
data->set.proxy_ssl.primary.verifyhost = (0 != arg)?TRUE:FALSE;
/* Update the current connection proxy_ssl_config. */
- if(data->easy_conn) {
- data->easy_conn->proxy_ssl_config.verifyhost =
+ if(data->conn) {
+ data->conn->proxy_ssl_config.verifyhost =
data->set.proxy_ssl.primary.verifyhost;
}
break;
@@ -1772,8 +1778,8 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option,
TRUE : FALSE;
/* Update the current connection ssl_config. */
- if(data->easy_conn) {
- data->easy_conn->ssl_config.verifystatus =
+ if(data->conn) {
+ data->conn->ssl_config.verifystatus =
data->set.ssl.primary.verifystatus;
}
break;
@@ -2231,7 +2237,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option,
result = Curl_setstropt(&data->set.str[STRING_SSH_HOST_PUBLIC_KEY_MD5],
va_arg(param, char *));
break;
-#ifdef HAVE_LIBSSH2_KNOWNHOST_API
+
case CURLOPT_SSH_KNOWNHOSTS:
/*
* Store the file name to read known hosts from.
@@ -2252,7 +2258,6 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option,
*/
data->set.ssh_keyfunc_userp = va_arg(param, void *);
break;
-#endif /* HAVE_LIBSSH2_KNOWNHOST_API */
#endif /* USE_LIBSSH2 */
case CURLOPT_HTTP_TRANSFER_DECODING:
@@ -2636,6 +2641,16 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option,
return CURLE_BAD_FUNCTION_ARGUMENT;
data->set.upkeep_interval_ms = arg;
break;
+ case CURLOPT_TRAILERFUNCTION:
+#ifndef CURL_DISABLE_HTTP
+ data->set.trailer_callback = va_arg(param, curl_trailer_callback);
+#endif
+ break;
+ case CURLOPT_TRAILERDATA:
+#ifndef CURL_DISABLE_HTTP
+ data->set.trailer_data = va_arg(param, void *);
+#endif
+ break;
default:
/* unknown tag and its companion, just ignore: */
result = CURLE_UNKNOWN_OPTION;
diff --git a/libs/libcurl/src/sigpipe.h b/libs/libcurl/src/sigpipe.h
index 800f9d3b4d..3960a139db 100644
--- a/libs/libcurl/src/sigpipe.h
+++ b/libs/libcurl/src/sigpipe.h
@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -23,7 +23,8 @@
***************************************************************************/
#include "curl_setup.h"
-#if defined(HAVE_SIGNAL_H) && defined(HAVE_SIGACTION) && defined(USE_OPENSSL)
+#if defined(HAVE_SIGNAL_H) && defined(HAVE_SIGACTION) && \
+ (defined(USE_OPENSSL) || defined(USE_MBEDTLS))
#include <signal.h>
struct sigpipe_ignore {
diff --git a/libs/libcurl/src/smb.c b/libs/libcurl/src/smb.c
index e4f266e192..76c99a2301 100644
--- a/libs/libcurl/src/smb.c
+++ b/libs/libcurl/src/smb.c
@@ -947,15 +947,10 @@ static int smb_getsock(struct connectdata *conn, curl_socket_t *socks,
static CURLcode smb_do(struct connectdata *conn, bool *done)
{
struct smb_conn *smbc = &conn->proto.smbc;
- struct smb_request *req = conn->data->req.protop;
*done = FALSE;
if(smbc->share) {
- req->path = strchr(smbc->share, '\0');
- if(req->path) {
- req->path++;
- return CURLE_OK;
- }
+ return CURLE_OK;
}
return CURLE_URL_MALFORMAT;
}
@@ -964,6 +959,7 @@ static CURLcode smb_parse_url_path(struct connectdata *conn)
{
CURLcode result = CURLE_OK;
struct Curl_easy *data = conn->data;
+ struct smb_request *req = data->req.protop;
struct smb_conn *smbc = &conn->proto.smbc;
char *path;
char *slash;
@@ -992,6 +988,7 @@ static CURLcode smb_parse_url_path(struct connectdata *conn)
/* Parse the path for the file path converting any forward slashes into
backslashes */
*slash++ = 0;
+ req->path = slash;
for(; *slash; slash++) {
if(*slash == '/')
diff --git a/libs/libcurl/src/smtp.c b/libs/libcurl/src/smtp.c
index 587562306a..d55647b12e 100644
--- a/libs/libcurl/src/smtp.c
+++ b/libs/libcurl/src/smtp.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -207,8 +207,12 @@ static bool smtp_endofresp(struct connectdata *conn, char *line, size_t len,
Section 4. Examples of RFC-4954 but some e-mail servers ignore this and
only send the response code instead as per Section 4.2. */
if(line[3] == ' ' || len == 5) {
+ char tmpline[6];
+
result = TRUE;
- *resp = curlx_sltosi(strtol(line, NULL, 10));
+ memset(tmpline, '\0', sizeof(tmpline));
+ memcpy(tmpline, line, (len == 5 ? 5 : 3));
+ *resp = curlx_sltosi(strtol(tmpline, NULL, 10));
/* Make sure real server never sends internal value */
if(*resp == 1)
@@ -1080,19 +1084,20 @@ static CURLcode smtp_multi_statemach(struct connectdata *conn, bool *done)
return result;
}
- result = Curl_pp_statemach(&smtpc->pp, FALSE);
+ result = Curl_pp_statemach(&smtpc->pp, FALSE, FALSE);
*done = (smtpc->state == SMTP_STOP) ? TRUE : FALSE;
return result;
}
-static CURLcode smtp_block_statemach(struct connectdata *conn)
+static CURLcode smtp_block_statemach(struct connectdata *conn,
+ bool disconnecting)
{
CURLcode result = CURLE_OK;
struct smtp_conn *smtpc = &conn->proto.smtpc;
while(smtpc->state != SMTP_STOP && !result)
- result = Curl_pp_statemach(&smtpc->pp, TRUE);
+ result = Curl_pp_statemach(&smtpc->pp, TRUE, disconnecting);
return result;
}
@@ -1253,7 +1258,7 @@ static CURLcode smtp_done(struct connectdata *conn, CURLcode status,
the smtp_multi_statemach function but we have no general support for
non-blocking DONE operations!
*/
- result = smtp_block_statemach(conn);
+ result = smtp_block_statemach(conn, FALSE);
}
/* Clear the transfer mode for the next request */
@@ -1360,7 +1365,7 @@ static CURLcode smtp_disconnect(struct connectdata *conn, bool dead_connection)
point! */
if(!dead_connection && smtpc->pp.conn && smtpc->pp.conn->bits.protoconnstart)
if(!smtp_perform_quit(conn))
- (void)smtp_block_statemach(conn); /* ignore errors on QUIT */
+ (void)smtp_block_statemach(conn, TRUE); /* ignore errors on QUIT */
/* Disconnect from the server */
Curl_pp_disconnect(&smtpc->pp);
diff --git a/libs/libcurl/src/ssh-libssh.c b/libs/libcurl/src/ssh-libssh.c
index e38c01ac74..333df03ef2 100644
--- a/libs/libcurl/src/ssh-libssh.c
+++ b/libs/libcurl/src/ssh-libssh.c
@@ -95,6 +95,13 @@
#include "memdebug.h"
#include "curl_path.h"
+/* A recent macro provided by libssh. Or make our own. */
+#ifndef SSH_STRING_FREE_CHAR
+/* !checksrc! disable ASSIGNWITHINCONDITION 1 */
+#define SSH_STRING_FREE_CHAR(x) \
+ do { if((x) != NULL) { ssh_string_free_char(x); x = NULL; } } while(0)
+#endif
+
/* Local functions: */
static CURLcode myssh_connect(struct connectdata *conn, bool *done);
static CURLcode myssh_multi_statemach(struct connectdata *conn,
@@ -549,6 +556,7 @@ static CURLcode myssh_statemach_act(struct connectdata *conn, bool *block)
struct Curl_easy *data = conn->data;
struct SSHPROTO *protop = data->req.protop;
struct ssh_conn *sshc = &conn->proto.sshc;
+ curl_socket_t sock = conn->sock[FIRSTSOCKET];
int rc = SSH_NO_ERROR, err;
char *new_readdir_line;
int seekerr = CURL_SEEKFUNC_OK;
@@ -792,7 +800,7 @@ static CURLcode myssh_statemach_act(struct connectdata *conn, bool *block)
Curl_pgrsTime(conn->data, TIMER_APPCONNECT); /* SSH is connected */
- conn->sockfd = ssh_get_fd(sshc->ssh_session);
+ conn->sockfd = sock;
conn->writesockfd = CURL_SOCKET_BAD;
if(conn->handler->protocol == CURLPROTO_SFTP) {
@@ -1661,7 +1669,7 @@ static CURLcode myssh_statemach_act(struct connectdata *conn, bool *block)
sshc->sftp_session = NULL;
}
- Curl_safefree(sshc->homedir);
+ SSH_STRING_FREE_CHAR(sshc->homedir);
conn->data->state.most_recent_ftp_entrypath = NULL;
state(conn, SSH_SESSION_DISCONNECT);
@@ -1829,7 +1837,7 @@ static CURLcode myssh_statemach_act(struct connectdata *conn, bool *block)
ssh_disconnect(sshc->ssh_session);
- Curl_safefree(sshc->homedir);
+ SSH_STRING_FREE_CHAR(sshc->homedir);
conn->data->state.most_recent_ftp_entrypath = NULL;
state(conn, SSH_SESSION_FREE);
@@ -1866,14 +1874,11 @@ static CURLcode myssh_statemach_act(struct connectdata *conn, bool *block)
Curl_safefree(sshc->rsa_pub);
Curl_safefree(sshc->rsa);
-
Curl_safefree(sshc->quote_path1);
Curl_safefree(sshc->quote_path2);
-
- Curl_safefree(sshc->homedir);
-
Curl_safefree(sshc->readdir_line);
Curl_safefree(sshc->readdir_linkPath);
+ SSH_STRING_FREE_CHAR(sshc->homedir);
/* the code we are about to return */
result = sshc->actualcode;
@@ -2048,6 +2053,7 @@ static CURLcode myssh_connect(struct connectdata *conn, bool *done)
{
struct ssh_conn *ssh;
CURLcode result;
+ curl_socket_t sock = conn->sock[FIRSTSOCKET];
struct Curl_easy *data = conn->data;
int rc;
@@ -2076,6 +2082,8 @@ static CURLcode myssh_connect(struct connectdata *conn, bool *done)
return CURLE_FAILED_INIT;
}
+ ssh_options_set(ssh->ssh_session, SSH_OPTIONS_FD, &sock);
+
if(conn->user) {
infof(data, "User: %s\n", conn->user);
ssh_options_set(ssh->ssh_session, SSH_OPTIONS_USER, conn->user);
diff --git a/libs/libcurl/src/ssh.c b/libs/libcurl/src/ssh.c
index f3b0a58be6..8c68adcc17 100644
--- a/libs/libcurl/src/ssh.c
+++ b/libs/libcurl/src/ssh.c
@@ -667,7 +667,10 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
break;
}
if(rc) {
- failf(data, "Failure establishing ssh session");
+ char *err_msg = NULL;
+ (void)libssh2_session_last_error(sshc->ssh_session, &err_msg, NULL, 0);
+ failf(data, "Failure establishing ssh session: %d, %s", rc, err_msg);
+
state(conn, SSH_SESSION_FREE);
sshc->actualcode = CURLE_FAILED_INIT;
break;
diff --git a/libs/libcurl/src/stdafx.cxx b/libs/libcurl/src/stdafx.cxx
deleted file mode 100644
index 0fb604da7c..0000000000
--- a/libs/libcurl/src/stdafx.cxx
+++ /dev/null
@@ -1,2 +0,0 @@
-
-#include "stdafx.h" \ No newline at end of file
diff --git a/libs/libcurl/src/stdafx.h b/libs/libcurl/src/stdafx.h
deleted file mode 100644
index 97cc6cf63c..0000000000
--- a/libs/libcurl/src/stdafx.h
+++ /dev/null
@@ -1,3 +0,0 @@
-#pragma once
-
-// just a stub \ No newline at end of file
diff --git a/libs/libcurl/src/timeval.c b/libs/libcurl/src/timeval.c
index dce1a761e8..2569f175c3 100644
--- a/libs/libcurl/src/timeval.c
+++ b/libs/libcurl/src/timeval.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -21,29 +21,45 @@
***************************************************************************/
#include "timeval.h"
+#include "system_win32.h"
#if defined(WIN32) && !defined(MSDOS)
struct curltime Curl_now(void)
{
- /*
- ** GetTickCount() is available on _all_ Windows versions from W95 up
- ** to nowadays. Returns milliseconds elapsed since last system boot,
- ** increases monotonically and wraps once 49.7 days have elapsed.
- */
struct curltime now;
-#if !defined(_WIN32_WINNT) || !defined(_WIN32_WINNT_VISTA) || \
- (_WIN32_WINNT < _WIN32_WINNT_VISTA) || \
- (defined(__MINGW32__) && !defined(__MINGW64_VERSION_MAJOR))
- DWORD milliseconds = GetTickCount();
- now.tv_sec = milliseconds / 1000;
- now.tv_usec = (milliseconds % 1000) * 1000;
-#else
- ULONGLONG milliseconds = GetTickCount64();
- now.tv_sec = (time_t) (milliseconds / 1000);
- now.tv_usec = (unsigned int) (milliseconds % 1000) * 1000;
+ static LARGE_INTEGER freq;
+ static int isVistaOrGreater = -1;
+ if(isVistaOrGreater == -1) {
+ if(Curl_verify_windows_version(6, 0, PLATFORM_WINNT,
+ VERSION_GREATER_THAN_EQUAL)) {
+ isVistaOrGreater = 1;
+ QueryPerformanceFrequency(&freq);
+ }
+ else
+ isVistaOrGreater = 0;
+ }
+ if(isVistaOrGreater == 1) { /* QPC timer might have issues pre-Vista */
+ LARGE_INTEGER count;
+ QueryPerformanceCounter(&count);
+ now.tv_sec = (time_t)(count.QuadPart / freq.QuadPart);
+ now.tv_usec =
+ (int)((count.QuadPart % freq.QuadPart) * 1000000 / freq.QuadPart);
+ }
+ else {
+ /* Disable /analyze warning that GetTickCount64 is preferred */
+#if defined(_MSC_VER)
+#pragma warning(push)
+#pragma warning(disable:28159)
+#endif
+ DWORD milliseconds = GetTickCount();
+#if defined(_MSC_VER)
+#pragma warning(pop)
#endif
+ now.tv_sec = milliseconds / 1000;
+ now.tv_usec = (milliseconds % 1000) * 1000;
+ }
return now;
}
@@ -180,7 +196,7 @@ struct curltime Curl_now(void)
*/
timediff_t Curl_timediff(struct curltime newer, struct curltime older)
{
- timediff_t diff = newer.tv_sec-older.tv_sec;
+ timediff_t diff = (timediff_t)newer.tv_sec-older.tv_sec;
if(diff >= (TIME_MAX/1000))
return TIME_MAX;
else if(diff <= (TIME_MIN/1000))
@@ -194,7 +210,7 @@ timediff_t Curl_timediff(struct curltime newer, struct curltime older)
*/
timediff_t Curl_timediff_us(struct curltime newer, struct curltime older)
{
- timediff_t diff = newer.tv_sec-older.tv_sec;
+ timediff_t diff = (timediff_t)newer.tv_sec-older.tv_sec;
if(diff >= (TIME_MAX/1000000))
return TIME_MAX;
else if(diff <= (TIME_MIN/1000000))
diff --git a/libs/libcurl/src/timeval.h b/libs/libcurl/src/timeval.h
index fb3f680c40..96867d7139 100644
--- a/libs/libcurl/src/timeval.h
+++ b/libs/libcurl/src/timeval.h
@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -26,8 +26,10 @@
#if SIZEOF_TIME_T < 8
typedef int timediff_t;
+#define CURL_FORMAT_TIMEDIFF_T "d"
#else
typedef curl_off_t timediff_t;
+#define CURL_FORMAT_TIMEDIFF_T CURL_FORMAT_CURL_OFF_T
#endif
struct curltime {
diff --git a/libs/libcurl/src/transfer.c b/libs/libcurl/src/transfer.c
index 6390821bba..3a18c7bdd0 100644
--- a/libs/libcurl/src/transfer.c
+++ b/libs/libcurl/src/transfer.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -117,6 +117,35 @@ CURLcode Curl_get_upload_buffer(struct Curl_easy *data)
return CURLE_OK;
}
+#ifndef CURL_DISABLE_HTTP
+/*
+ * This function will be called to loop through the trailers buffer
+ * until no more data is available for sending.
+ */
+static size_t Curl_trailers_read(char *buffer, size_t size, size_t nitems,
+ void *raw)
+{
+ struct Curl_easy *data = (struct Curl_easy *)raw;
+ Curl_send_buffer *trailers_buf = data->state.trailers_buf;
+ size_t bytes_left = trailers_buf->size_used-data->state.trailers_bytes_sent;
+ size_t to_copy = (size*nitems < bytes_left) ? size*nitems : bytes_left;
+ if(to_copy) {
+ memcpy(buffer,
+ &trailers_buf->buffer[data->state.trailers_bytes_sent],
+ to_copy);
+ data->state.trailers_bytes_sent += to_copy;
+ }
+ return to_copy;
+}
+
+static size_t Curl_trailers_left(void *raw)
+{
+ struct Curl_easy *data = (struct Curl_easy *)raw;
+ Curl_send_buffer *trailers_buf = data->state.trailers_buf;
+ return trailers_buf->size_used - data->state.trailers_bytes_sent;
+}
+#endif
+
/*
* This function will call the read callback to fill our buffer with data
* to upload.
@@ -127,6 +156,17 @@ CURLcode Curl_fillreadbuffer(struct connectdata *conn, size_t bytes,
struct Curl_easy *data = conn->data;
size_t buffersize = bytes;
size_t nread;
+
+#ifndef CURL_DISABLE_HTTP
+ struct curl_slist *trailers = NULL;
+ CURLcode c;
+ int trailers_ret_code;
+#endif
+
+ curl_read_callback readfunc = NULL;
+ void *extra_data = NULL;
+ bool added_crlf = FALSE;
+
#ifdef CURL_DOES_CONVERSIONS
bool sending_http_headers = FALSE;
@@ -140,15 +180,71 @@ CURLcode Curl_fillreadbuffer(struct connectdata *conn, size_t bytes,
}
#endif
- if(data->req.upload_chunky) {
+#ifndef CURL_DISABLE_HTTP
+ if(data->state.trailers_state == TRAILERS_INITIALIZED) {
+ /* at this point we already verified that the callback exists
+ so we compile and store the trailers buffer, then proceed */
+ infof(data,
+ "Moving trailers state machine from initialized to sending.\n");
+ data->state.trailers_state = TRAILERS_SENDING;
+ data->state.trailers_buf = Curl_add_buffer_init();
+ if(!data->state.trailers_buf) {
+ failf(data, "Unable to allocate trailing headers buffer !");
+ return CURLE_OUT_OF_MEMORY;
+ }
+ data->state.trailers_bytes_sent = 0;
+ Curl_set_in_callback(data, true);
+ trailers_ret_code = data->set.trailer_callback(&trailers,
+ data->set.trailer_data);
+ Curl_set_in_callback(data, false);
+ if(trailers_ret_code == CURL_TRAILERFUNC_OK) {
+ c = Curl_http_compile_trailers(trailers, data->state.trailers_buf, data);
+ }
+ else {
+ failf(data, "operation aborted by trailing headers callback");
+ *nreadp = 0;
+ c = CURLE_ABORTED_BY_CALLBACK;
+ }
+ if(c != CURLE_OK) {
+ Curl_add_buffer_free(&data->state.trailers_buf);
+ curl_slist_free_all(trailers);
+ return c;
+ }
+ infof(data, "Successfully compiled trailers.\r\n");
+ curl_slist_free_all(trailers);
+ }
+#endif
+
+ /* if we are transmitting trailing data, we don't need to write
+ a chunk size so we skip this */
+ if(data->req.upload_chunky &&
+ data->state.trailers_state == TRAILERS_NONE) {
/* if chunked Transfer-Encoding */
buffersize -= (8 + 2 + 2); /* 32bit hex + CRLF + CRLF */
data->req.upload_fromhere += (8 + 2); /* 32bit hex + CRLF */
}
+#ifndef CURL_DISABLE_HTTP
+ if(data->state.trailers_state == TRAILERS_SENDING) {
+ /* if we're here then that means that we already sent the last empty chunk
+ but we didn't send a final CR LF, so we sent 0 CR LF. We then start
+ pulling trailing data until we ²have no more at which point we
+ simply return to the previous point in the state machine as if
+ nothing happened.
+ */
+ readfunc = Curl_trailers_read;
+ extra_data = (void *)data;
+ }
+ else
+#endif
+ {
+ readfunc = data->state.fread_func;
+ extra_data = data->state.in;
+ }
+
Curl_set_in_callback(data, true);
- nread = data->state.fread_func(data->req.upload_fromhere, 1,
- buffersize, data->state.in);
+ nread = readfunc(data->req.upload_fromhere, 1,
+ buffersize, extra_data);
Curl_set_in_callback(data, false);
if(nread == CURL_READFUNC_ABORT) {
@@ -203,7 +299,7 @@ CURLcode Curl_fillreadbuffer(struct connectdata *conn, size_t bytes,
char hexbuffer[11];
const char *endofline_native;
const char *endofline_network;
- int hexlen;
+ int hexlen = 0;
if(
#ifdef CURL_DO_LINEEND_CONV
@@ -218,20 +314,36 @@ CURLcode Curl_fillreadbuffer(struct connectdata *conn, size_t bytes,
endofline_native = "\r\n";
endofline_network = "\x0d\x0a";
}
- hexlen = msnprintf(hexbuffer, sizeof(hexbuffer),
- "%x%s", nread, endofline_native);
- /* move buffer pointer */
- data->req.upload_fromhere -= hexlen;
- nread += hexlen;
+ /* if we're not handling trailing data, proceed as usual */
+ if(data->state.trailers_state != TRAILERS_SENDING) {
+ hexlen = msnprintf(hexbuffer, sizeof(hexbuffer),
+ "%zx%s", nread, endofline_native);
- /* copy the prefix to the buffer, leaving out the NUL */
- memcpy(data->req.upload_fromhere, hexbuffer, hexlen);
+ /* move buffer pointer */
+ data->req.upload_fromhere -= hexlen;
+ nread += hexlen;
- /* always append ASCII CRLF to the data */
- memcpy(data->req.upload_fromhere + nread,
- endofline_network,
- strlen(endofline_network));
+ /* copy the prefix to the buffer, leaving out the NUL */
+ memcpy(data->req.upload_fromhere, hexbuffer, hexlen);
+
+ /* always append ASCII CRLF to the data unless
+ we have a valid trailer callback */
+#ifndef CURL_DISABLE_HTTP
+ if((nread-hexlen) == 0 &&
+ data->set.trailer_callback != NULL &&
+ data->state.trailers_state == TRAILERS_NONE) {
+ data->state.trailers_state = TRAILERS_INITIALIZED;
+ }
+ else
+#endif
+ {
+ memcpy(data->req.upload_fromhere + nread,
+ endofline_network,
+ strlen(endofline_network));
+ added_crlf = TRUE;
+ }
+ }
#ifdef CURL_DOES_CONVERSIONS
{
@@ -251,13 +363,29 @@ CURLcode Curl_fillreadbuffer(struct connectdata *conn, size_t bytes,
}
#endif /* CURL_DOES_CONVERSIONS */
- if((nread - hexlen) == 0) {
- /* mark this as done once this chunk is transferred */
+#ifndef CURL_DISABLE_HTTP
+ if(data->state.trailers_state == TRAILERS_SENDING &&
+ !Curl_trailers_left(data)) {
+ Curl_add_buffer_free(&data->state.trailers_buf);
+ data->state.trailers_state = TRAILERS_DONE;
+ data->set.trailer_data = NULL;
+ data->set.trailer_callback = NULL;
+ /* mark the transfer as done */
data->req.upload_done = TRUE;
- infof(data, "Signaling end of chunked upload via terminating chunk.\n");
+ infof(data, "Signaling end of chunked upload after trailers.\n");
}
+ else
+#endif
+ if((nread - hexlen) == 0 &&
+ data->state.trailers_state != TRAILERS_INITIALIZED) {
+ /* mark this as done once this chunk is transferred */
+ data->req.upload_done = TRUE;
+ infof(data,
+ "Signaling end of chunked upload via terminating chunk.\n");
+ }
- nread += strlen(endofline_native); /* for the added end of line */
+ if(added_crlf)
+ nread += strlen(endofline_network); /* for the added end of line */
}
#ifdef CURL_DOES_CONVERSIONS
else if((data->set.prefer_ascii) && (!sending_http_headers)) {
@@ -925,7 +1053,6 @@ static CURLcode readwrite_upload(struct Curl_easy *data,
*didwhat |= KEEP_SEND;
do {
-
/* only read more data if there's no upload data already
present in the upload buffer */
if(0 == k->upload_present) {
@@ -950,7 +1077,6 @@ static CURLcode readwrite_upload(struct Curl_easy *data,
k->keepon &= ~KEEP_SEND; /* disable writing */
k->start100 = Curl_now(); /* timeout count starts now */
*didwhat &= ~KEEP_SEND; /* we didn't write anything actually */
-
/* set a timeout for the multi interface */
Curl_expire(data, data->set.expect_100_timeout, EXPIRE_100_TIMEOUT);
break;
@@ -1224,15 +1350,15 @@ CURLcode Curl_readwrite(struct connectdata *conn,
if(k->keepon) {
if(0 > Curl_timeleft(data, &k->now, FALSE)) {
if(k->size != -1) {
- failf(data, "Operation timed out after %ld milliseconds with %"
- CURL_FORMAT_CURL_OFF_T " out of %"
+ failf(data, "Operation timed out after %" CURL_FORMAT_TIMEDIFF_T
+ " milliseconds with %" CURL_FORMAT_CURL_OFF_T " out of %"
CURL_FORMAT_CURL_OFF_T " bytes received",
Curl_timediff(k->now, data->progress.t_startsingle),
k->bytecount, k->size);
}
else {
- failf(data, "Operation timed out after %ld milliseconds with %"
- CURL_FORMAT_CURL_OFF_T " bytes received",
+ failf(data, "Operation timed out after %" CURL_FORMAT_TIMEDIFF_T
+ " milliseconds with %" CURL_FORMAT_CURL_OFF_T " bytes received",
Curl_timediff(k->now, data->progress.t_startsingle),
k->bytecount);
}
@@ -1432,12 +1558,6 @@ CURLcode Curl_pretransfer(struct Curl_easy *data)
Curl_pgrsResetTransferSizes(data);
Curl_pgrsStartNow(data);
- if(data->set.timeout)
- Curl_expire(data, data->set.timeout, EXPIRE_TIMEOUT);
-
- if(data->set.connecttimeout)
- Curl_expire(data, data->set.connecttimeout, EXPIRE_CONNECTTIMEOUT);
-
/* In case the handle is re-used and an authentication method was picked
in the session we need to make sure we only use the one(s) we now
consider to be fine */
diff --git a/libs/libcurl/src/url.c b/libs/libcurl/src/url.c
index 7839dfa7ce..d5a982008e 100644
--- a/libs/libcurl/src/url.c
+++ b/libs/libcurl/src/url.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -492,9 +492,9 @@ CURLcode Curl_init_userdefined(struct Curl_easy *data)
/* Set the default CA cert bundle/path detected/specified at build time.
*
- * If Schannel (WinSSL) is the selected SSL backend then these locations
- * are ignored. We allow setting CA location for schannel only when
- * explicitly specified by the user via CURLOPT_CAINFO / --cacert.
+ * If Schannel is the selected SSL backend then these locations are
+ * ignored. We allow setting CA location for schannel only when explicitly
+ * specified by the user via CURLOPT_CAINFO / --cacert.
*/
if(Curl_ssl_backend() != CURLSSLBACKEND_SCHANNEL) {
#if defined(CURL_CA_BUNDLE)
@@ -536,6 +536,7 @@ CURLcode Curl_init_userdefined(struct Curl_easy *data)
set->fnmatch = ZERO_NULL;
set->upkeep_interval_ms = CURL_UPKEEP_INTERVAL_DEFAULT;
set->maxconnects = DEFAULT_CONNCACHE_SIZE; /* for easy handles */
+ set->http09_allowed = TRUE;
set->httpversion =
#ifdef USE_NGHTTP2
CURL_HTTP_VERSION_2TLS
@@ -768,7 +769,6 @@ CURLcode Curl_disconnect(struct Curl_easy *data,
return CURLE_OK;
}
- conn->data = data;
if(conn->dns_entry != NULL) {
Curl_resolv_unlock(data, conn->dns_entry);
conn->dns_entry = NULL;
@@ -781,20 +781,22 @@ CURLcode Curl_disconnect(struct Curl_easy *data,
Curl_http_ntlm_cleanup(conn);
#endif
+ /* the protocol specific disconnect handler needs a transfer for its
+ connection! */
+ conn->data = data;
if(conn->handler->disconnect)
/* This is set if protocol-specific cleanups should be made */
conn->handler->disconnect(conn, dead_connection);
/* unlink ourselves! */
infof(data, "Closing connection %ld\n", conn->connection_id);
- Curl_conncache_remove_conn(conn, TRUE);
+ Curl_conncache_remove_conn(data, conn, TRUE);
free_idnconverted_hostname(&conn->host);
free_idnconverted_hostname(&conn->conn_to_host);
free_idnconverted_hostname(&conn->http_proxy.host);
free_idnconverted_hostname(&conn->socks_proxy.host);
- DEBUGASSERT(conn->data == data);
/* this assumes that the pointer is still there after the connection was
detected from the cache */
Curl_ssl_close(conn, FIRSTSOCKET);
@@ -959,13 +961,10 @@ static bool extract_if_dead(struct connectdata *conn,
handles in pipeline and the connection isn't already marked in
use */
bool dead;
-
- conn->data = data;
if(conn->handler->connection_check) {
/* The protocol has a special method for checking the state of the
connection. Use it to check if the connection is dead. */
unsigned int state;
-
state = conn->handler->connection_check(conn, CONNCHECK_ISDEAD);
dead = (state & CONNRESULT_DEAD);
}
@@ -976,8 +975,7 @@ static bool extract_if_dead(struct connectdata *conn,
if(dead) {
infof(data, "Connection %ld seems to be dead!\n", conn->connection_id);
- Curl_conncache_remove_conn(conn, FALSE);
- conn->data = NULL; /* detach */
+ Curl_conncache_remove_conn(data, conn, FALSE);
return TRUE;
}
}
@@ -996,6 +994,7 @@ struct prunedead {
static int call_extract_if_dead(struct connectdata *conn, void *param)
{
struct prunedead *p = (struct prunedead *)param;
+ conn->data = p->data; /* transfer to use for this check */
if(extract_if_dead(conn, p->data)) {
/* stop the iteration here, pass back the connection that was extracted */
p->extracted = conn;
@@ -1101,7 +1100,7 @@ ConnectionExists(struct Curl_easy *data,
if((bundle->multiuse == BUNDLE_UNKNOWN) && data->set.pipewait) {
infof(data, "Server doesn't support multi-use yet, wait\n");
*waitpipe = TRUE;
- Curl_conncache_unlock(needle);
+ Curl_conncache_unlock(data);
return FALSE; /* no re-use */
}
@@ -1461,11 +1460,11 @@ ConnectionExists(struct Curl_easy *data,
if(chosen) {
/* mark it as used before releasing the lock */
chosen->data = data; /* own it! */
- Curl_conncache_unlock(needle);
+ Curl_conncache_unlock(data);
*usethis = chosen;
return TRUE; /* yes, we found one to use! */
}
- Curl_conncache_unlock(needle);
+ Curl_conncache_unlock(data);
if(foundPendingCandidate && data->set.pipewait) {
infof(data,
@@ -2066,7 +2065,7 @@ static CURLcode parseurlandfillconn(struct Curl_easy *data,
if(uc) {
DEBUGF(infof(data, "curl_url_set rejected %s\n", data->change.url));
return Curl_uc_to_curlcode(uc);
- }
+ }
}
uc = curl_url_get(uh, CURLUPART_SCHEME, &data->state.up.scheme, 0);
@@ -2997,7 +2996,7 @@ static CURLcode parse_remote_port(struct Curl_easy *data,
char portbuf[16];
CURLUcode uc;
conn->remote_port = (unsigned short)data->set.use_port;
- msnprintf(portbuf, sizeof(portbuf), "%u", conn->remote_port);
+ msnprintf(portbuf, sizeof(portbuf), "%d", conn->remote_port);
uc = curl_url_set(data->state.uh, CURLUPART_PORT, portbuf, 0);
if(uc)
return CURLE_OUT_OF_MEMORY;
@@ -3608,6 +3607,7 @@ static CURLcode create_conn(struct Curl_easy *data,
size_t max_total_connections = Curl_multi_max_total_connections(data->multi);
*async = FALSE;
+ *in_connect = NULL;
/*************************************************************
* Check input data
@@ -3773,7 +3773,6 @@ static CURLcode create_conn(struct Curl_easy *data,
/* Setup a "faked" transfer that'll do nothing */
if(!result) {
- conn->data = data;
conn->bits.tcpconnect[FIRSTSOCKET] = TRUE; /* we are "connected */
result = Curl_conncache_add_conn(data->state.conn_cache, conn);
@@ -3954,7 +3953,7 @@ static CURLcode create_conn(struct Curl_easy *data,
/* The bundle is full. Extract the oldest connection. */
conn_candidate = Curl_conncache_extract_bundle(data, bundle);
- Curl_conncache_unlock(conn);
+ Curl_conncache_unlock(data);
if(conn_candidate)
(void)Curl_disconnect(data, conn_candidate,
@@ -3966,7 +3965,7 @@ static CURLcode create_conn(struct Curl_easy *data,
}
}
else
- Curl_conncache_unlock(conn);
+ Curl_conncache_unlock(data);
}
@@ -4135,11 +4134,11 @@ CURLcode Curl_setup_conn(struct connectdata *conn,
}
CURLcode Curl_connect(struct Curl_easy *data,
- struct connectdata **in_connect,
bool *asyncp,
bool *protocol_done)
{
CURLcode result;
+ struct connectdata *conn;
*asyncp = FALSE; /* assume synchronous resolves by default */
@@ -4149,30 +4148,30 @@ CURLcode Curl_connect(struct Curl_easy *data,
data->req.maxdownload = -1;
/* call the stuff that needs to be called */
- result = create_conn(data, in_connect, asyncp);
+ result = create_conn(data, &conn, asyncp);
if(!result) {
- if(CONN_INUSE(*in_connect))
+ if(CONN_INUSE(conn))
/* pipelining */
*protocol_done = TRUE;
else if(!*asyncp) {
/* DNS resolution is done: that's either because this is a reused
connection, in which case DNS was unnecessary, or because DNS
really did finish already (synch resolver/fast async resolve) */
- result = Curl_setup_conn(*in_connect, protocol_done);
+ result = Curl_setup_conn(conn, protocol_done);
}
}
if(result == CURLE_NO_CONNECTION_AVAILABLE) {
- *in_connect = NULL;
return result;
}
- else if(result && *in_connect) {
+ else if(result && conn) {
/* We're not allowed to return failure with memory left allocated in the
connectdata struct, free those here */
- Curl_disconnect(data, *in_connect, TRUE);
- *in_connect = NULL; /* return a NULL */
+ Curl_disconnect(data, conn, TRUE);
}
+ else
+ Curl_attach_connnection(data, conn);
return result;
}
diff --git a/libs/libcurl/src/url.h b/libs/libcurl/src/url.h
index 095d638331..fbd8ef9250 100644
--- a/libs/libcurl/src/url.h
+++ b/libs/libcurl/src/url.h
@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -52,8 +52,7 @@ void Curl_freeset(struct Curl_easy * data);
void Curl_up_free(struct Curl_easy *data);
CURLcode Curl_uc_to_curlcode(CURLUcode uc);
CURLcode Curl_close(struct Curl_easy *data); /* opposite of curl_open() */
-CURLcode Curl_connect(struct Curl_easy *, struct connectdata **,
- bool *async, bool *protocol_connect);
+CURLcode Curl_connect(struct Curl_easy *, bool *async, bool *protocol_connect);
CURLcode Curl_disconnect(struct Curl_easy *data,
struct connectdata *, bool dead_connection);
CURLcode Curl_protocol_connect(struct connectdata *conn, bool *done);
diff --git a/libs/libcurl/src/urlapi.c b/libs/libcurl/src/urlapi.c
index 5cbda6a98c..3af8e9399f 100644
--- a/libs/libcurl/src/urlapi.c
+++ b/libs/libcurl/src/urlapi.c
@@ -510,8 +510,11 @@ UNITTEST CURLUcode Curl_parse_port(struct Curl_URL *u, char *hostname)
portptr = &hostname[len];
else if('%' == endbracket) {
int zonelen = len;
- if(1 == sscanf(hostname + zonelen, "25%*[^]]]%c%n", &endbracket, &len))
- portptr = &hostname[--zonelen + len];
+ if(1 == sscanf(hostname + zonelen, "25%*[^]]%c%n", &endbracket, &len)) {
+ if(']' != endbracket)
+ return CURLUE_MALFORMED_INPUT;
+ portptr = &hostname[--zonelen + len + 1];
+ }
else
return CURLUE_MALFORMED_INPUT;
}
@@ -534,6 +537,14 @@ UNITTEST CURLUcode Curl_parse_port(struct Curl_URL *u, char *hostname)
long port;
char portbuf[7];
+ /* Browser behavior adaptation. If there's a colon with no digits after,
+ just cut off the name there which makes us ignore the colon and just
+ use the default port. Firefox, Chrome and Safari all do that. */
+ if(!portptr[1]) {
+ *portptr = '\0';
+ return CURLUE_OK;
+ }
+
if(!ISDIGIT(portptr[1]))
return CURLUE_BAD_PORT_NUMBER;
@@ -547,22 +558,14 @@ UNITTEST CURLUcode Curl_parse_port(struct Curl_URL *u, char *hostname)
if(rest[0])
return CURLUE_BAD_PORT_NUMBER;
- if(rest != &portptr[1]) {
- *portptr++ = '\0'; /* cut off the name there */
- *rest = 0;
- /* generate a new to get rid of leading zeroes etc */
- msnprintf(portbuf, sizeof(portbuf), "%ld", port);
- u->portnum = port;
- u->port = strdup(portbuf);
- if(!u->port)
- return CURLUE_OUT_OF_MEMORY;
- }
- else {
- /* Browser behavior adaptation. If there's a colon with no digits after,
- just cut off the name there which makes us ignore the colon and just
- use the default port. Firefox and Chrome both do that. */
- *portptr = '\0';
- }
+ *portptr++ = '\0'; /* cut off the name there */
+ *rest = 0;
+ /* generate a new port number string to get rid of leading zeroes etc */
+ msnprintf(portbuf, sizeof(portbuf), "%ld", port);
+ u->portnum = port;
+ u->port = strdup(portbuf);
+ if(!u->port)
+ return CURLUE_OUT_OF_MEMORY;
}
return CURLUE_OK;
@@ -864,7 +867,7 @@ static CURLUcode seturl(const char *url, CURLU *u, unsigned int flags)
return CURLUE_OUT_OF_MEMORY;
}
- if(query && query[0]) {
+ if(query) {
u->query = strdup(query);
if(!u->query)
return CURLUE_OUT_OF_MEMORY;
@@ -1071,8 +1074,8 @@ CURLUcode curl_url_get(CURLU *u, CURLUPart what,
port ? port : "",
(u->path && (u->path[0] != '/')) ? "/": "",
u->path ? u->path : "/",
- u->query? "?": "",
- u->query? u->query : "",
+ (u->query && u->query[0]) ? "?": "",
+ (u->query && u->query[0]) ? u->query : "",
u->fragment? "#": "",
u->fragment? u->fragment : "");
}
diff --git a/libs/libcurl/src/urldata.h b/libs/libcurl/src/urldata.h
index 448437d2ad..ff3cc9a655 100644
--- a/libs/libcurl/src/urldata.h
+++ b/libs/libcurl/src/urldata.h
@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -77,7 +77,7 @@
/* Default FTP/IMAP etc response timeout in milliseconds.
Symbian OS panics when given a timeout much greater than 1/2 hour.
*/
-#define RESP_TIMEOUT (1800*1000)
+#define RESP_TIMEOUT (120*1000)
#include "cookie.h"
#include "psl.h"
@@ -328,6 +328,12 @@ struct kerberos5data {
struct ntlmdata {
curlntlm state;
#ifdef USE_WINDOWS_SSPI
+/* The sslContext is used for the Schannel bindings. The
+ * api is available on the Windows 7 SDK and later.
+ */
+#ifdef SECPKG_ATTR_ENDPOINT_BINDINGS
+ CtxtHandle *sslContext;
+#endif
CredHandle *credentials;
CtxtHandle *context;
SEC_WINNT_AUTH_IDENTITY identity;
@@ -358,6 +364,9 @@ struct negotiatedata {
gss_buffer_desc output_token;
#else
#ifdef USE_WINDOWS_SSPI
+#ifdef SECPKG_ATTR_ENDPOINT_BINDINGS
+ CtxtHandle *sslContext;
+#endif
DWORD status;
CredHandle *credentials;
CtxtHandle *context;
@@ -974,6 +983,9 @@ struct connectdata {
void *seek_client; /* pointer to pass to the seek() above */
/*************** Request - specific items ************/
+#if defined(USE_WINDOWS_SSPI) && defined(SECPKG_ATTR_ENDPOINT_BINDINGS)
+ CtxtHandle *sslContext;
+#endif
#if defined(USE_NTLM)
struct ntlmdata ntlm; /* NTLM differs from other authentication schemes
@@ -1216,6 +1228,15 @@ typedef enum {
EXPIRE_LAST /* not an actual timer, used as a marker only */
} expire_id;
+
+typedef enum {
+ TRAILERS_NONE,
+ TRAILERS_INITIALIZED,
+ TRAILERS_SENDING,
+ TRAILERS_DONE
+} trailers_state;
+
+
/*
* One instance for each timeout an easy handle can set.
*/
@@ -1362,6 +1383,13 @@ struct UrlState {
#endif
CURLU *uh; /* URL handle for the current parsed URL */
struct urlpieces up;
+#ifndef CURL_DISABLE_HTTP
+ size_t trailers_bytes_sent;
+ Curl_send_buffer *trailers_buf; /* a buffer containing the compiled trailing
+ headers */
+#endif
+ trailers_state trailers_state; /* whether we are sending trailers
+ and what stage are we at */
};
@@ -1381,6 +1409,7 @@ struct DynamicStatic {
curl_easy_setopt(COOKIEFILE) calls */
struct curl_slist *resolve; /* set to point to the set.resolve list when
this should be dealt with in pretransfer */
+ bool wildcard_resolve; /* Set to true if any resolve change is a wildcard */
};
/*
@@ -1727,9 +1756,12 @@ struct UserDefined {
long upkeep_interval_ms; /* Time between calls for connection upkeep. */
bool doh; /* DNS-over-HTTPS enabled */
bool doh_get; /* use GET for DoH requests, instead of POST */
+ bool http09_allowed; /* allow HTTP/0.9 responses */
multidone_func fmultidone;
struct Curl_easy *dohfor; /* this is a DoH request for that transfer */
CURLU *uh; /* URL handle for the current parsed URL */
+ void *trailer_data; /* pointer to pass to trailer data callback */
+ curl_trailer_callback trailer_callback; /* trailing data callback */
};
struct Names {
@@ -1757,9 +1789,10 @@ struct Curl_easy {
struct Curl_easy *next;
struct Curl_easy *prev;
- struct connectdata *easy_conn; /* the "unit's" connection */
+ struct connectdata *conn;
struct curl_llist_element connect_queue;
struct curl_llist_element pipeline_queue;
+ struct curl_llist_element sh_queue; /* list per Curl_sh_entry */
CURLMstate mstate; /* the handle's state */
CURLcode result; /* previous result */
@@ -1771,6 +1804,8 @@ struct Curl_easy {
the state etc are also kept. This array is mostly used to detect when a
socket is to be removed from the hash. See singlesocket(). */
curl_socket_t sockets[MAX_SOCKSPEREASYHANDLE];
+ int actions[MAX_SOCKSPEREASYHANDLE]; /* action for each socket in
+ sockets[] */
int numsocks;
struct Names dns;
diff --git a/libs/libcurl/src/vauth/digest_sspi.c b/libs/libcurl/src/vauth/digest_sspi.c
index 9287557351..fe8093e8b3 100644
--- a/libs/libcurl/src/vauth/digest_sspi.c
+++ b/libs/libcurl/src/vauth/digest_sspi.c
@@ -6,7 +6,7 @@
* \___|\___/|_| \_\_____|
*
* Copyright (C) 2014 - 2016, Steve Holme, <steve_holme@hotmail.com>.
- * Copyright (C) 2015 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2015 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -146,7 +146,7 @@ CURLcode Curl_auth_create_digest_md5_message(struct Curl_easy *data,
}
/* Generate our SPN */
- spn = Curl_auth_build_spn(service, data->easy_conn->host.name, NULL);
+ spn = Curl_auth_build_spn(service, data->conn->host.name, NULL);
if(!spn) {
free(output_token);
free(input_token);
diff --git a/libs/libcurl/src/vauth/ntlm.c b/libs/libcurl/src/vauth/ntlm.c
index 458b272539..6a8fc5ab3d 100644
--- a/libs/libcurl/src/vauth/ntlm.c
+++ b/libs/libcurl/src/vauth/ntlm.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -182,10 +182,11 @@ static CURLcode ntlm_decode_type2_target(struct Curl_easy *data,
target_info_len = Curl_read16_le(&buffer[40]);
target_info_offset = Curl_read32_le(&buffer[44]);
if(target_info_len > 0) {
- if(((target_info_offset + target_info_len) > size) ||
+ if((target_info_offset >= size) ||
+ ((target_info_offset + target_info_len) > size) ||
(target_info_offset < 48)) {
infof(data, "NTLM handshake failure (bad type-2 message). "
- "Target Info Offset Len is set incorrect by the peer\n");
+ "Target Info Offset Len is set incorrect by the peer\n");
return CURLE_BAD_CONTENT_ENCODING;
}
@@ -562,7 +563,7 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data,
}
#if defined(USE_NTRESPONSES) && defined(USE_NTLM_V2)
- if(ntlm->target_info_len) {
+ if(ntlm->flags & NTLMFLAG_NEGOTIATE_NTLM2_KEY) {
unsigned char ntbuffer[0x18];
unsigned char entropy[8];
unsigned char ntlmv2hash[0x18];
@@ -599,7 +600,7 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data,
#if defined(USE_NTRESPONSES) && defined(USE_NTLM2SESSION)
/* We don't support NTLM2 if we don't have USE_NTRESPONSES */
- if(ntlm->flags & NTLMFLAG_NEGOTIATE_NTLM2_KEY) {
+ if(ntlm->flags & NTLMFLAG_NEGOTIATE_NTLM_KEY) {
unsigned char ntbuffer[0x18];
unsigned char tmp[0x18];
unsigned char md5sum[MD5_DIGEST_LENGTH];
@@ -631,7 +632,9 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data,
Curl_ntlm_core_lm_resp(ntbuffer, md5sum, ntresp);
/* End of NTLM2 Session code */
-
+ /* NTLM v2 session security is a misnomer because it is not NTLM v2.
+ It is NTLM v1 using the extended session security that is also
+ in NTLM v2 */
}
else
#endif
@@ -776,11 +779,14 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data,
});
#ifdef USE_NTRESPONSES
- if(size < (NTLM_BUFSIZE - ntresplen)) {
- DEBUGASSERT(size == (size_t)ntrespoff);
- memcpy(&ntlmbuf[size], ptr_ntresp, ntresplen);
- size += ntresplen;
+ /* ntresplen + size should not be risking an integer overflow here */
+ if(ntresplen + size > sizeof(ntlmbuf)) {
+ failf(data, "incoming NTLM message too big");
+ return CURLE_OUT_OF_MEMORY;
}
+ DEBUGASSERT(size == (size_t)ntrespoff);
+ memcpy(&ntlmbuf[size], ptr_ntresp, ntresplen);
+ size += ntresplen;
DEBUG_OUT({
fprintf(stderr, "\n ntresp=");
diff --git a/libs/libcurl/src/vauth/ntlm_sspi.c b/libs/libcurl/src/vauth/ntlm_sspi.c
index b66cfe7370..67112820e0 100644
--- a/libs/libcurl/src/vauth/ntlm_sspi.c
+++ b/libs/libcurl/src/vauth/ntlm_sspi.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -249,7 +249,7 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data,
char **outptr, size_t *outlen)
{
CURLcode result = CURLE_OK;
- SecBuffer type_2_buf;
+ SecBuffer type_2_bufs[2];
SecBuffer type_3_buf;
SecBufferDesc type_2_desc;
SecBufferDesc type_3_desc;
@@ -261,12 +261,39 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data,
(void) userp;
/* Setup the type-2 "input" security buffer */
- type_2_desc.ulVersion = SECBUFFER_VERSION;
- type_2_desc.cBuffers = 1;
- type_2_desc.pBuffers = &type_2_buf;
- type_2_buf.BufferType = SECBUFFER_TOKEN;
- type_2_buf.pvBuffer = ntlm->input_token;
- type_2_buf.cbBuffer = curlx_uztoul(ntlm->input_token_len);
+ type_2_desc.ulVersion = SECBUFFER_VERSION;
+ type_2_desc.cBuffers = 1;
+ type_2_desc.pBuffers = &type_2_bufs[0];
+ type_2_bufs[0].BufferType = SECBUFFER_TOKEN;
+ type_2_bufs[0].pvBuffer = ntlm->input_token;
+ type_2_bufs[0].cbBuffer = curlx_uztoul(ntlm->input_token_len);
+
+#ifdef SECPKG_ATTR_ENDPOINT_BINDINGS
+ /* ssl context comes from schannel.
+ * When extended protection is used in IIS server,
+ * we have to pass a second SecBuffer to the SecBufferDesc
+ * otherwise IIS will not pass the authentication (401 response).
+ * Minimum supported version is Windows 7.
+ * https://docs.microsoft.com/en-us/security-updates
+ * /SecurityAdvisories/2009/973811
+ */
+ if(ntlm->sslContext) {
+ SEC_CHANNEL_BINDINGS channelBindings;
+ SecPkgContext_Bindings pkgBindings;
+ pkgBindings.Bindings = &channelBindings;
+ status = s_pSecFn->QueryContextAttributes(
+ ntlm->sslContext,
+ SECPKG_ATTR_ENDPOINT_BINDINGS,
+ &pkgBindings
+ );
+ if(status == SEC_E_OK) {
+ type_2_desc.cBuffers++;
+ type_2_bufs[1].BufferType = SECBUFFER_CHANNEL_BINDINGS;
+ type_2_bufs[1].cbBuffer = pkgBindings.BindingsLength;
+ type_2_bufs[1].pvBuffer = pkgBindings.Bindings;
+ }
+ }
+#endif
/* Setup the type-3 "output" security buffer */
type_3_desc.ulVersion = SECBUFFER_VERSION;
diff --git a/libs/libcurl/src/vauth/spnego_sspi.c b/libs/libcurl/src/vauth/spnego_sspi.c
index 77d1895a5d..00d8404652 100644
--- a/libs/libcurl/src/vauth/spnego_sspi.c
+++ b/libs/libcurl/src/vauth/spnego_sspi.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -92,7 +92,7 @@ CURLcode Curl_auth_decode_spnego_message(struct Curl_easy *data,
size_t chlglen = 0;
unsigned char *chlg = NULL;
PSecPkgInfo SecurityPackage;
- SecBuffer chlg_buf;
+ SecBuffer chlg_buf[2];
SecBuffer resp_buf;
SecBufferDesc chlg_desc;
SecBufferDesc resp_desc;
@@ -189,12 +189,39 @@ CURLcode Curl_auth_decode_spnego_message(struct Curl_easy *data,
}
/* Setup the challenge "input" security buffer */
- chlg_desc.ulVersion = SECBUFFER_VERSION;
- chlg_desc.cBuffers = 1;
- chlg_desc.pBuffers = &chlg_buf;
- chlg_buf.BufferType = SECBUFFER_TOKEN;
- chlg_buf.pvBuffer = chlg;
- chlg_buf.cbBuffer = curlx_uztoul(chlglen);
+ chlg_desc.ulVersion = SECBUFFER_VERSION;
+ chlg_desc.cBuffers = 1;
+ chlg_desc.pBuffers = &chlg_buf[0];
+ chlg_buf[0].BufferType = SECBUFFER_TOKEN;
+ chlg_buf[0].pvBuffer = chlg;
+ chlg_buf[0].cbBuffer = curlx_uztoul(chlglen);
+
+#ifdef SECPKG_ATTR_ENDPOINT_BINDINGS
+ /* ssl context comes from Schannel.
+ * When extended protection is used in IIS server,
+ * we have to pass a second SecBuffer to the SecBufferDesc
+ * otherwise IIS will not pass the authentication (401 response).
+ * Minimum supported version is Windows 7.
+ * https://docs.microsoft.com/en-us/security-updates
+ * /SecurityAdvisories/2009/973811
+ */
+ if(nego->sslContext) {
+ SEC_CHANNEL_BINDINGS channelBindings;
+ SecPkgContext_Bindings pkgBindings;
+ pkgBindings.Bindings = &channelBindings;
+ nego->status = s_pSecFn->QueryContextAttributes(
+ nego->sslContext,
+ SECPKG_ATTR_ENDPOINT_BINDINGS,
+ &pkgBindings
+ );
+ if(nego->status == SEC_E_OK) {
+ chlg_desc.cBuffers++;
+ chlg_buf[1].BufferType = SECBUFFER_CHANNEL_BINDINGS;
+ chlg_buf[1].cbBuffer = pkgBindings.BindingsLength;
+ chlg_buf[1].pvBuffer = pkgBindings.Bindings;
+ }
+ }
+#endif
}
/* Setup the response "output" security buffer */
@@ -222,7 +249,7 @@ CURLcode Curl_auth_decode_spnego_message(struct Curl_easy *data,
if(GSS_ERROR(nego->status)) {
failf(data, "InitializeSecurityContext failed: %s",
- Curl_sspi_strerror(data->easy_conn, nego->status));
+ Curl_sspi_strerror(data->conn, nego->status));
return CURLE_OUT_OF_MEMORY;
}
diff --git a/libs/libcurl/src/vtls/cyassl.c b/libs/libcurl/src/vtls/cyassl.c
index 0d45afbf0c..ea96cf65e5 100644
--- a/libs/libcurl/src/vtls/cyassl.c
+++ b/libs/libcurl/src/vtls/cyassl.c
@@ -794,6 +794,12 @@ static int Curl_cyassl_init(void)
}
+static void Curl_cyassl_cleanup(void)
+{
+ CyaSSL_Cleanup();
+}
+
+
static bool Curl_cyassl_data_pending(const struct connectdata* conn,
int connindex)
{
@@ -1004,7 +1010,7 @@ const struct Curl_ssl Curl_ssl_cyassl = {
sizeof(struct ssl_backend_data),
Curl_cyassl_init, /* init */
- Curl_none_cleanup, /* cleanup */
+ Curl_cyassl_cleanup, /* cleanup */
Curl_cyassl_version, /* version */
Curl_none_check_cxn, /* check_cxn */
Curl_cyassl_shutdown, /* shutdown */
diff --git a/libs/libcurl/src/vtls/darwinssl.c b/libs/libcurl/src/vtls/darwinssl.c
index 25b101282c..bb251cdb30 100644
--- a/libs/libcurl/src/vtls/darwinssl.c
+++ b/libs/libcurl/src/vtls/darwinssl.c
@@ -1298,7 +1298,6 @@ set_ssl_version_min_max(struct connectdata *conn, int sockindex)
case CURL_SSLVERSION_DEFAULT:
case CURL_SSLVERSION_TLSv1:
ssl_version = CURL_SSLVERSION_TLSv1_0;
- ssl_version_max = max_supported_version_by_os;
break;
}
@@ -1430,7 +1429,6 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn,
#if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS
if(SSLSetProtocolVersionMax != NULL) {
switch(conn->ssl_config.version) {
- case CURL_SSLVERSION_DEFAULT:
case CURL_SSLVERSION_TLSv1:
(void)SSLSetProtocolVersionMin(BACKEND->ssl_ctx, kTLSProtocol1);
#if (CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11) && HAVE_BUILTIN_AVAILABLE == 1
@@ -1445,6 +1443,7 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn,
#endif /* (CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11) &&
HAVE_BUILTIN_AVAILABLE == 1 */
break;
+ case CURL_SSLVERSION_DEFAULT:
case CURL_SSLVERSION_TLSv1_0:
case CURL_SSLVERSION_TLSv1_1:
case CURL_SSLVERSION_TLSv1_2:
diff --git a/libs/libcurl/src/vtls/mbedtls.c b/libs/libcurl/src/vtls/mbedtls.c
index 6a20e276e3..bb6a757bf2 100644
--- a/libs/libcurl/src/vtls/mbedtls.c
+++ b/libs/libcurl/src/vtls/mbedtls.c
@@ -6,7 +6,7 @@
* \___|\___/|_| \_\_____|
*
* Copyright (C) 2010 - 2011, Hoi-Ho Chan, <hoiho.chan@gmail.com>
- * Copyright (C) 2012 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2012 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -373,7 +373,7 @@ mbed_connect_step1(struct connectdata *conn,
}
}
- infof(data, "mbedTLS: Connecting to %s:%d\n", hostname, port);
+ infof(data, "mbedTLS: Connecting to %s:%ld\n", hostname, port);
mbedtls_ssl_config_init(&BACKEND->config);
@@ -574,19 +574,21 @@ mbed_connect_step2(struct connectdata *conn,
ret = mbedtls_ssl_get_verify_result(&BACKEND->ssl);
+ if(!SSL_CONN_CONFIG(verifyhost))
+ /* Ignore hostname errors if verifyhost is disabled */
+ ret &= ~MBEDTLS_X509_BADCERT_CN_MISMATCH;
+
if(ret && SSL_CONN_CONFIG(verifypeer)) {
if(ret & MBEDTLS_X509_BADCERT_EXPIRED)
failf(data, "Cert verify failed: BADCERT_EXPIRED");
- if(ret & MBEDTLS_X509_BADCERT_REVOKED) {
+ else if(ret & MBEDTLS_X509_BADCERT_REVOKED)
failf(data, "Cert verify failed: BADCERT_REVOKED");
- return CURLE_PEER_FAILED_VERIFICATION;
- }
- if(ret & MBEDTLS_X509_BADCERT_CN_MISMATCH)
+ else if(ret & MBEDTLS_X509_BADCERT_CN_MISMATCH)
failf(data, "Cert verify failed: BADCERT_CN_MISMATCH");
- if(ret & MBEDTLS_X509_BADCERT_NOT_TRUSTED)
+ else if(ret & MBEDTLS_X509_BADCERT_NOT_TRUSTED)
failf(data, "Cert verify failed: BADCERT_NOT_TRUSTED");
return CURLE_PEER_FAILED_VERIFICATION;
diff --git a/libs/libcurl/src/vtls/openssl.c b/libs/libcurl/src/vtls/openssl.c
index 8bddb9a8c6..9d11b89e59 100644
--- a/libs/libcurl/src/vtls/openssl.c
+++ b/libs/libcurl/src/vtls/openssl.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -1692,6 +1692,7 @@ static CURLcode verifystatus(struct connectdata *conn,
struct ssl_connect_data *connssl)
{
int i, ocsp_status;
+ unsigned char *status;
const unsigned char *p;
CURLcode result = CURLE_OK;
struct Curl_easy *data = conn->data;
@@ -1701,14 +1702,14 @@ static CURLcode verifystatus(struct connectdata *conn,
X509_STORE *st = NULL;
STACK_OF(X509) *ch = NULL;
- long len = SSL_get_tlsext_status_ocsp_resp(BACKEND->handle, &p);
+ long len = SSL_get_tlsext_status_ocsp_resp(BACKEND->handle, &status);
- if(!p) {
+ if(!status) {
failf(data, "No OCSP response received");
result = CURLE_SSL_INVALIDCERTSTATUS;
goto end;
}
-
+ p = status;
rsp = d2i_OCSP_RESPONSE(NULL, &p, len);
if(!rsp) {
failf(data, "Invalid OCSP response");
@@ -3774,7 +3775,12 @@ static size_t Curl_ossl_version(char *buffer, size_t size)
{
#ifdef OPENSSL_IS_BORINGSSL
return msnprintf(buffer, size, OSSL_PACKAGE);
-#else /* OPENSSL_IS_BORINGSSL */
+#elif defined(HAVE_OPENSSL_VERSION) && defined(OPENSSL_VERSION_STRING)
+ return msnprintf(buffer, size, "%s/%s",
+ OSSL_PACKAGE, OpenSSL_version(OPENSSL_VERSION_STRING));
+#else
+ /* not BoringSSL and not using OpenSSL_version */
+
char sub[3];
unsigned long ssleay_value;
sub[2]='\0';
diff --git a/libs/libcurl/src/vtls/schannel.c b/libs/libcurl/src/vtls/schannel.c
index 56fd93e1e5..c8574f56c1 100644
--- a/libs/libcurl/src/vtls/schannel.c
+++ b/libs/libcurl/src/vtls/schannel.c
@@ -7,7 +7,7 @@
*
* Copyright (C) 2012 - 2016, Marc Hoersken, <info@marc-hoersken.de>
* Copyright (C) 2012, Mark Salisbury, <mark.salisbury@hp.com>
- * Copyright (C) 2012 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2012 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -356,6 +356,7 @@ get_cert_location(TCHAR *path, DWORD *store_name, TCHAR **store_path,
TCHAR **thumbprint)
{
TCHAR *sep;
+ TCHAR *store_path_start;
size_t store_name_len;
sep = _tcschr(path, TEXT('\\'));
@@ -386,13 +387,17 @@ get_cert_location(TCHAR *path, DWORD *store_name, TCHAR **store_path,
else
return CURLE_SSL_CERTPROBLEM;
- *store_path = sep + 1;
+ store_path_start = sep + 1;
- sep = _tcschr(*store_path, TEXT('\\'));
+ sep = _tcschr(store_path_start, TEXT('\\'));
if(sep == NULL)
return CURLE_SSL_CERTPROBLEM;
- *sep = 0;
+ *sep = TEXT('\0');
+ *store_path = _tcsdup(store_path_start);
+ *sep = TEXT('\\');
+ if(*store_path == NULL)
+ return CURLE_OUT_OF_MEMORY;
*thumbprint = sep + 1;
if(_tcslen(*thumbprint) != CERT_THUMBPRINT_STR_LEN)
@@ -435,7 +440,7 @@ schannel_connect_step1(struct connectdata *conn, int sockindex)
VERSION_LESS_THAN_EQUAL)) {
/* Schannel in Windows XP (OS version 5.1) uses legacy handshakes and
algorithms that may not be supported by all servers. */
- infof(data, "schannel: WinSSL version is old and may not be able to "
+ infof(data, "schannel: Windows version is old and may not be able to "
"connect to some servers due to lack of SNI, algorithms, etc.\n");
}
@@ -608,9 +613,11 @@ schannel_connect_step1(struct connectdata *conn, int sockindex)
failf(data, "schannel: Failed to open cert store %x %s, "
"last error is %x",
cert_store_name, cert_store_path, GetLastError());
+ free(cert_store_path);
Curl_unicodefree(cert_path);
return CURLE_SSL_CERTPROBLEM;
}
+ free(cert_store_path);
cert_thumbprint.pbData = cert_thumbprint_data;
cert_thumbprint.cbData = CERT_THUMBPRINT_DATA_LEN;
@@ -1414,6 +1421,16 @@ schannel_connect_common(struct connectdata *conn, int sockindex,
connssl->state = ssl_connection_complete;
conn->recv[sockindex] = schannel_recv;
conn->send[sockindex] = schannel_send;
+
+#ifdef SECPKG_ATTR_ENDPOINT_BINDINGS
+ /* When SSPI is used in combination with Schannel
+ * we need the Schannel context to create the Schannel
+ * binding to pass the IIS extended protection checks.
+ * Available on Windows 7 or later.
+ */
+ conn->sslContext = &BACKEND->ctxt->ctxt_handle;
+#endif
+
*done = TRUE;
}
else
@@ -2013,9 +2030,16 @@ static int Curl_schannel_shutdown(struct connectdata *conn, int sockindex)
/* free SSPI Schannel API credential handle */
if(BACKEND->cred) {
- Curl_ssl_sessionid_lock(conn);
+ /*
+ * When this function is called from Curl_schannel_close() the connection
+ * might not have an associated transfer so the check for conn->data is
+ * necessary.
+ */
+ if(conn->data)
+ Curl_ssl_sessionid_lock(conn);
Curl_schannel_session_free(BACKEND->cred);
- Curl_ssl_sessionid_unlock(conn);
+ if(conn->data)
+ Curl_ssl_sessionid_unlock(conn);
BACKEND->cred = NULL;
}
@@ -2049,7 +2073,7 @@ static void Curl_schannel_cleanup(void)
static size_t Curl_schannel_version(char *buffer, size_t size)
{
- size = msnprintf(buffer, size, "WinSSL");
+ size = msnprintf(buffer, size, "Schannel");
return size;
}
@@ -2137,11 +2161,11 @@ static CURLcode pkp_pin_peer_pubkey(struct connectdata *conn, int sockindex,
}
static void Curl_schannel_checksum(const unsigned char *input,
- size_t inputlen,
- unsigned char *checksum,
- size_t checksumlen,
- DWORD provType,
- const unsigned int algId)
+ size_t inputlen,
+ unsigned char *checksum,
+ size_t checksumlen,
+ DWORD provType,
+ const unsigned int algId)
{
HCRYPTPROV hProv = 0;
HCRYPTHASH hHash = 0;
@@ -2191,9 +2215,9 @@ static CURLcode Curl_schannel_md5sum(unsigned char *input,
unsigned char *md5sum,
size_t md5len)
{
- Curl_schannel_checksum(input, inputlen, md5sum, md5len,
- PROV_RSA_FULL, CALG_MD5);
- return CURLE_OK;
+ Curl_schannel_checksum(input, inputlen, md5sum, md5len,
+ PROV_RSA_FULL, CALG_MD5);
+ return CURLE_OK;
}
static CURLcode Curl_schannel_sha256sum(const unsigned char *input,
@@ -2201,9 +2225,9 @@ static CURLcode Curl_schannel_sha256sum(const unsigned char *input,
unsigned char *sha256sum,
size_t sha256len)
{
- Curl_schannel_checksum(input, inputlen, sha256sum, sha256len,
- PROV_RSA_AES, CALG_SHA_256);
- return CURLE_OK;
+ Curl_schannel_checksum(input, inputlen, sha256sum, sha256len,
+ PROV_RSA_AES, CALG_SHA_256);
+ return CURLE_OK;
}
static void *Curl_schannel_get_internals(struct ssl_connect_data *connssl,
diff --git a/libs/libcurl/src/vtls/schannel_verify.c b/libs/libcurl/src/vtls/schannel_verify.c
index 8b21624ba4..680f6ec5d6 100644
--- a/libs/libcurl/src/vtls/schannel_verify.c
+++ b/libs/libcurl/src/vtls/schannel_verify.c
@@ -7,7 +7,7 @@
*
* Copyright (C) 2012 - 2016, Marc Hoersken, <info@marc-hoersken.de>
* Copyright (C) 2012, Mark Salisbury, <mark.salisbury@hp.com>
- * Copyright (C) 2012 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2012 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -87,14 +87,14 @@ static CURLcode add_certs_to_store(HCERTSTORE trust_store,
LARGE_INTEGER file_size;
char *ca_file_buffer = NULL;
char *current_ca_file_ptr = NULL;
- const TCHAR *ca_file_tstr = NULL;
+ TCHAR *ca_file_tstr = NULL;
size_t ca_file_bufsize = 0;
DWORD total_bytes_read = 0;
bool more_certs = 0;
int num_certs = 0;
size_t END_CERT_LEN;
- ca_file_tstr = Curl_convert_UTF8_to_tchar(ca_file);
+ ca_file_tstr = Curl_convert_UTF8_to_tchar((char *)ca_file);
if(!ca_file_tstr) {
failf(data,
"schannel: invalid path name for CA file '%s': %s",