From 36bce64b00dcad9f6bffd1d64f946afa1c94d851 Mon Sep 17 00:00:00 2001 From: dartraiden Date: Sat, 7 Mar 2020 17:44:38 +0300 Subject: libcurl: update to 7.69 --- libs/libcurl/docs/CHANGES | 9911 ++++++++++++++-------------- libs/libcurl/docs/THANKS | 263 +- libs/libcurl/include/curl/curl.h | 682 +- libs/libcurl/include/curl/curlver.h | 12 +- libs/libcurl/include/curl/multi.h | 48 +- libs/libcurl/src/CMakeLists.txt | 6 + libs/libcurl/src/Makefile.in | 154 +- libs/libcurl/src/Makefile.inc | 23 +- libs/libcurl/src/Makefile.m32 | 4 +- libs/libcurl/src/Makefile.netware | 3 +- libs/libcurl/src/altsvc.c | 254 +- libs/libcurl/src/altsvc.h | 9 +- libs/libcurl/src/asyn-ares.c | 19 +- libs/libcurl/src/asyn-thread.c | 42 +- libs/libcurl/src/config-dos.h | 3 +- libs/libcurl/src/config-plan9.h | 3 +- libs/libcurl/src/config-symbian.h | 5 +- libs/libcurl/src/config-tpf.h | 6 +- libs/libcurl/src/config-vxworks.h | 5 +- libs/libcurl/src/config-win32.h | 11 +- libs/libcurl/src/conncache.c | 14 +- libs/libcurl/src/conncache.h | 3 +- libs/libcurl/src/connect.c | 87 +- libs/libcurl/src/cookie.c | 63 +- libs/libcurl/src/curl_config.h.cmake | 9 +- libs/libcurl/src/curl_config.h.in | 9 + libs/libcurl/src/curl_hmac.h | 9 +- libs/libcurl/src/curl_md4.h | 5 +- libs/libcurl/src/curl_md5.h | 6 +- libs/libcurl/src/curl_ntlm_core.c | 39 +- libs/libcurl/src/curl_ntlm_core.h | 10 +- libs/libcurl/src/curl_ntlm_wb.c | 103 +- libs/libcurl/src/curl_sasl.c | 16 +- libs/libcurl/src/curl_sha256.h | 9 +- libs/libcurl/src/doh.c | 4 +- libs/libcurl/src/easy.c | 92 +- libs/libcurl/src/formdata.c | 2 +- libs/libcurl/src/ftp.c | 52 +- libs/libcurl/src/ftp.h | 4 +- libs/libcurl/src/getenv.c | 47 +- libs/libcurl/src/hmac.c | 39 +- libs/libcurl/src/hostip.c | 82 +- libs/libcurl/src/hostip.h | 33 +- libs/libcurl/src/hostip4.c | 294 +- libs/libcurl/src/hostip6.c | 26 +- libs/libcurl/src/http.c | 29 +- libs/libcurl/src/http.h | 4 +- libs/libcurl/src/http2.c | 113 +- libs/libcurl/src/http2.h | 4 +- libs/libcurl/src/libcurl.plist | 6 +- libs/libcurl/src/llist.c | 53 +- libs/libcurl/src/llist.h | 5 +- libs/libcurl/src/md4.c | 60 +- libs/libcurl/src/md5.c | 69 +- libs/libcurl/src/mime.c | 2 +- libs/libcurl/src/mime.h | 2 +- libs/libcurl/src/mk-ca-bundle.pl | 62 +- libs/libcurl/src/multi.c | 39 +- libs/libcurl/src/multihandle.h | 13 +- libs/libcurl/src/multiif.h | 8 +- libs/libcurl/src/rename.c | 62 + libs/libcurl/src/rename.h | 27 + libs/libcurl/src/select.c | 215 +- libs/libcurl/src/select.h | 10 +- libs/libcurl/src/sendf.c | 19 +- libs/libcurl/src/setopt.c | 8 +- libs/libcurl/src/sha256.c | 193 +- libs/libcurl/src/smtp.c | 324 +- libs/libcurl/src/smtp.h | 7 +- libs/libcurl/src/socks.c | 1132 ++-- libs/libcurl/src/socks.h | 15 +- libs/libcurl/src/socks_gssapi.c | 6 +- libs/libcurl/src/socks_sspi.c | 5 +- libs/libcurl/src/strcase.c | 8 +- libs/libcurl/src/strcase.h | 3 +- libs/libcurl/src/strerror.c | 6 + libs/libcurl/src/strerror.h | 4 +- libs/libcurl/src/system_win32.c | 4 +- libs/libcurl/src/timeval.c | 3 +- libs/libcurl/src/transfer.c | 5 +- libs/libcurl/src/url.c | 111 +- libs/libcurl/src/url.h | 7 +- libs/libcurl/src/urlapi.c | 68 +- libs/libcurl/src/urldata.h | 92 +- libs/libcurl/src/vauth/digest.c | 74 +- libs/libcurl/src/vauth/ntlm.c | 13 +- libs/libcurl/src/version.c | 6 +- libs/libcurl/src/vquic/ngtcp2.c | 34 +- libs/libcurl/src/vquic/quiche.c | 4 +- libs/libcurl/src/vssh/libssh.c | 101 +- libs/libcurl/src/vssh/libssh2.c | 133 +- libs/libcurl/src/vssh/ssh.h | 22 +- libs/libcurl/src/vssh/wolfssh.c | 1156 ++++ libs/libcurl/src/vtls/gtls.c | 6 +- libs/libcurl/src/vtls/mbedtls.c | 16 +- libs/libcurl/src/vtls/mbedtls_threadlock.c | 144 + libs/libcurl/src/vtls/mbedtls_threadlock.h | 48 + libs/libcurl/src/vtls/openssl.c | 32 +- libs/libcurl/src/vtls/schannel.c | 2 +- libs/libcurl/src/vtls/schannel_verify.c | 152 +- libs/libcurl/src/vtls/sectransp.c | 4 +- libs/libcurl/src/vtls/vtls.c | 46 +- libs/libcurl/src/vtls/vtls.h | 3 +- libs/libcurl/src/vtls/wolfssl.c | 12 +- 104 files changed, 10017 insertions(+), 7314 deletions(-) create mode 100644 libs/libcurl/src/rename.c create mode 100644 libs/libcurl/src/rename.h create mode 100644 libs/libcurl/src/vssh/wolfssh.c create mode 100644 libs/libcurl/src/vtls/mbedtls_threadlock.c create mode 100644 libs/libcurl/src/vtls/mbedtls_threadlock.h diff --git a/libs/libcurl/docs/CHANGES b/libs/libcurl/docs/CHANGES index b1f1e20ee3..68ebc8265b 100644 --- a/libs/libcurl/docs/CHANGES +++ b/libs/libcurl/docs/CHANGES @@ -6,7125 +6,7234 @@ Changelog -Version 7.68.0 (8 Jan 2020) - -Daniel Stenberg (8 Jan 2020) -- RELEASE-NOTES: 7.68.0 +Version 7.69.0 (4 Mar 2020) -- THANKS: updated with names from the 7.68.0 release +Daniel Stenberg (4 Mar 2020) +- RELEASE-NOTES: 7.69.0 -- RELEASE-PROCEDURE: add four future release dates +- THANKS: from 7.69.0 - and remove four past release dates + Now sorted case insensitive + +Marc Hoersken (3 Mar 2020) +- ci/tests: fix escaping of testnames and disable proxy for CI APIs - [skip ci] + Follow up to ada581f and c0d8b96 + Closes #5031 -Marcel Raad (6 Jan 2020) -- TrackMemory tests: always remove CR before LF +Jay Satiro (3 Mar 2020) +- cmake: Show HTTPS-proxy in the features output - It was removed for output containing ' =' via `s/ =.*//`. With classic - MinGW, this made lines with `free()` end with CRLF, but lines with e.g. - `malloc()` end with only LF. The tests expect LF only. + - Show HTTPS-proxy in the features output for those backends that + support it: OpenSSL, GnuTLS and NSS. - Closes https://github.com/curl/curl/pull/4788 - -Daniel Stenberg (6 Jan 2020) -- multi.h: move INITIAL_MAX_CONCURRENT_STREAMS from public header + Prior to this change HTTPS-proxy was missing from the cmake features + output even if curl was built with it. Only cmake output was affected. + Both the library and tool correctly reported the feature. - ... to the private multihhandle.h. It is not for public use and it - wasn't prefixed correctly anyway! + Bug: https://curl.haxx.se/mail/lib-2020-03/0008.html + Reported-by: David Lopes - Closes #4790 + Closes https://github.com/curl/curl/pull/5025 -- file: fix copyright year range +Marc Hoersken (3 Mar 2020) +- ci/tests: Make it possible to still run but ignore failing tests - Follow-up to 1b71bc532bd + This enables the development of a solution for the failing tests by + running them on CI while ignoring their result for the overall status. + + Closes #4994 -- curl -w: handle a blank input file correctly +- README.md: add Azure DevOps Pipelines build status badge + +- ci/tests: Move CI test result creation above environment setup - Previously it would end up with an uninitialized memory buffer that - would lead to a crash or junk getting output. + This avoids using our test servers as proxy to the AppVeyor API. - Added test 1271 to verify. + Closes #5022 + +- ci/tests: Send test results to AppVeyor for status overview - Reported-by: Brian Carpenter - Closes #4786 + Closes #5021 -- file: on Windows, refuse paths that start with \\ +Daniel Stenberg (3 Mar 2020) +- Revert "sha256: Added SecureTransport implementation" - ... as that might cause an unexpected SMB connection to a given host - name. + This reverts commit 4feb38deed33fed14ff7c370a6a9153c661dbb9c (from #4956) - Reported-by: Fernando Muñoz - CVE-2019-15601 - Bug: https://curl.haxx.se/docs/CVE-2019-15601.html + That commit broke test 1610 on macos builds without TLS. + + Closes #5027 -Jay Satiro (6 Jan 2020) -- CURLOPT_READFUNCTION.3: fix fopen params in example +- dist: include tests/azure.pm in the tarball + + Bug: https://github.com/curl/curl/commit/ada581f2cc32f48c1629b729707ac19208435b27#commitcomment-37601589 + Reported-by: Marcel Raad -- CURLOPT_READFUNCTION.3: fix variable name in example +Steve Holme (3 Mar 2020) +- configure.ac: Disable metalink if mbedTLS is specified - Reported-by: Paul Joyce + Follow up to cdcc9df1 and #5006. Even though I mentioned mbedTLS as + being one of the backends that metalink needs to be disabled for, I + seem to have included it in the list of allowed SSL/TLS backends in + comnfigure.ac :( - Fixes https://github.com/curl/curl/issues/4787 + Closes #5013 -Daniel Stenberg (5 Jan 2020) -- curl:getparameter return error for --http3 if libcurl doesn't support +- sha256: Tidy up following recent changes - Closes #4785 + Reviewed-by: Daniel Stenberg + Closes #4956 -- docs: mention CURL_MAX_INPUT_LENGTH restrictions +- sha256: Added WinCrypt implementation + +- sha256: Added SecureTransport implementation + +- sha256: Added mbedtls implementation + +- sha256: Added GNU TLS gcrypt implementation + +- sha256: Added GNU TLS Nettle implementation + +Jay Satiro (2 Mar 2020) +- curl_escape.3: Add a link to curl_free - ... for curl_easy_setopt() and curl_url_set(). + Ref: https://github.com/curl/curl/pull/5016#issuecomment-593628582 + +- curl_getenv.3: Fix the memory handling description - [skip ci] + - Tell the user to call curl_free() to free the pointer returned by + curl_getenv(). - Closes #4783 + Prior to this change the user was directed to call free(), but that + would not work in cases where the library and application use separate C + runtimes and therefore have separate heap memory management. + + Closes https://github.com/curl/curl/pull/5016 -- curl: properly free mimepost data +Daniel Stenberg (2 Mar 2020) +- [Nick Zitzmann brought this change] + + md4: use init/update/final functions in Secure Transport - ... as it could otherwise leak memory when a transfer failed. + We can use CC_MD4_Init/Update/Final without having to allocate memory + directly. - Added test 1293 to verify. + Closes #4979 + +Marc Hoersken (2 Mar 2020) +- ci/tests: some MacOS builds randomly take longer than 20min + +Daniel Stenberg (2 Mar 2020) +- multi_wait: stop loop when sread() returns zero - Reported-by: Brian Carpenter - Fixes #4781 - Closes #4782 + It's unclear why it would ever return zero here, but this change fixes + Robert's problem and it shouldn't loop forever... + + Reported-by: Robert Dunaj + Bug: https://curl.haxx.se/mail/archive-2020-02/0011.html + Closes #5019 -- curl: cleanup multi handle on failure +- http: mark POSTs with no body as "upload done" from the start - ... to fix memory leak in error path. + As we have logic that checks if we get a >= 400 reponse code back before + the upload is done, which then got confused since it wasn't "done" but + yet there was no data to send! - Fixes #4772 - Closes #4780 - Reported-by: Brian Carpenter + Reported-by: IvanoG on github + Fixes #4996 + Closes #5002 -Marcel Raad (3 Jan 2020) -- lib: fix compiler warnings with `CURL_DISABLE_VERBOSE_STRINGS` +- tests: disable 962, 963 and 964 on Windows - Closes https://github.com/curl/curl/pull/4775 + These tests are also doing UTF-8 SMTP. + + Follow-up to df207d2dd93b9e73 -Daniel Stenberg (3 Jan 2020) -- COPYING: it's 2020! +Marc Hoersken (2 Mar 2020) +- ci/tests: fine-tune Azure Pipeline timeouts with a small puffer + +Daniel Stenberg (2 Mar 2020) +- configure: bump the AC_COPYRIGHT year range + +- [Steve Holme brought this change] + + tests: disable SMTP UTF-8 tests on Windows - [skip ci] + Fixes #4988 + Closes #4992 -Jay Satiro (3 Jan 2020) -- [Marc Aldorasi brought this change] +- formdata/mime: copyright year range update + + Due to the merge/revert cycle - tests: Fix bounce requests with truncated writes +- Revert "mime: latch last read callback status." - Prior to this change the swsbounce check in service_connection could - fail because prevtestno and prevpartno were not set, which would cause - the wrong response data to be sent to some tests and cause them to fail. + This reverts commit 87869e38d7afdec3ef1bb4965711458b088e254f. - Ref: https://github.com/curl/curl/pull/4717#issuecomment-570240785 + Fixes #5014 + Closes #5015 + Reopens #4833 -Marcel Raad (31 Dec 2019) -- tool: make a few char pointers point to const char instead +- Revert "mime: do not perform more than one read in a row" - These are read-only. + This reverts commit ed0f357f7d25566110d4302f33759f4ffb5a6f83. + +- Revert "mime: fix the binary encoder to handle large data properly" - Closes https://github.com/curl/curl/pull/4771 + This reverts commit b2caaa0681f329eed317ffb6ae6927f4a539f0c1. -Jay Satiro (31 Dec 2019) -- tests: Change NTLM tests to require SSL +- altsvc: both h3 backends now speak h3-27 - Prior to this change tests that required NTLM feature did not require - SSL feature. + ... also updated the HTTP3 build description for ngtcp2 accordingly. + +- [Patrick Monnerat brought this change] + + mime: fix the binary encoder to handle large data properly - There are pending changes to cmake builds that will allow enabling NTLM - in non-SSL builds in Windows. In that case the NTLM auth strings created - are different from what is expected by the NTLM tests and they fail: + New test 666 checks this is effective. + As upload buffer size is significant in this kind of tests, shorten it + in similar test 652. - "The issue with NTLM is that previous non-SSL builds would not enable - NTLM and so the NTLM tests would be skipped." + Fixes #4860 + Reported-by: RuurdBeerstra on github + +- [Patrick Monnerat brought this change] + + mime: do not perform more than one read in a row - Assisted-by: marc-groundctl@users.noreply.github.com + Input buffer filling may delay the data sending if data reads are slow. + To overcome this problem, file and callback data reads do not accumulate + in buffer anymore. All other data (memory data and mime framing) are + considered as fast and still concatenated in buffer. + As this may highly impact performance in terms of data overhead, an early + end of part data check is added to spare a read call. + When encoding a part's data, an encoder may require more bytes than made + available by a single read. In this case, the above rule does not apply + and reads are performed until the encoder is able to deliver some data. - Ref: https://github.com/curl/curl/pull/4717#issuecomment-566218729 + Tests 643, 644, 645, 650 and 654 have been adapted to the output data + changes, with test data size reduced to avoid the boredom of long lists of + 1-byte chunks in verification data. + New test 664 checks mimepost using single-byte read callback with encoder. + New test 665 checks the end of part data early detection. - Closes https://github.com/curl/curl/pull/4768 + Fixes #4826 + Reported-by: MrdUkk on github -- [Michael Forney brought this change] +- [Patrick Monnerat brought this change] - bearssl: Improve I/O handling + mime: latch last read callback status. - Factor out common I/O loop as bearssl_run_until, which reads/writes TLS - records until the desired engine state is reached. This is now used for - the handshake, read, write, and close. + In case a read callback returns a status (pause, abort, eof, + error) instead of a byte count, drain the bytes read so far but + remember this status for further processing. + Takes care of not losing data when pausing, and properly resume a + paused mime structure when requested. + New tests 670-673 check unpausing cases, with easy or multi + interface and mime or form api. - Match OpenSSL SSL_write behavior, and don't return the number of bytes - written until the corresponding records have been completely flushed - across the socket. This involves keeping track of the length of data - buffered into the TLS engine, and assumes that when CURLE_AGAIN is - returned, the write function will be called again with the same data - and length arguments. This is the same requirement of SSL_write. + Fixes #4813 + Reported-by: MrdUkk on github + Closes #4833 + +Steve Holme (1 Mar 2020) +- unit1651: Fixed conversion compilation warning - Handle TLS close notify as EOF when reading by returning 0. + 371:17: warning: conversion to 'unsigned char' from 'int' may alter its + value [-Wconversion] - Closes https://github.com/curl/curl/pull/4748 + Closes #5008 -- travis: Fix error detection +- configure.ac: Disable metalink support if an incompatible SSL/TLS specified - - Stop using inline shell scripts for before_script and script sections. + tool_metalink only supports cryptography from OpenSSL, GnuTLS, NSS, + The Win32 Crypto library and Apple's Common Crypto library. - Prior to this change Travis could ignore errors from commands in inline - scripts. I don't understand how or why it happens. This is a workaround. + If an TLS backend such as mbedTLS or WolfSSL is specified then the + following error is given during compilation along, with a load of + unresolved extern errors: - Assisted-by: Simon Warta + Can't compile METALINK support without a crypto library. - Ref: https://github.com/travis-ci/travis-ci/issues/1066 + Reviewed-by: Daniel Stenberg + Closes #5006 + +Marc Hoersken (1 Mar 2020) +- ci/tests: Update Azure DevOps pipeline job display names - Fixes https://github.com/curl/curl/issues/3730 - Closes https://github.com/curl/curl/pull/3755 + Make the configure step more descriptive and align others. -- tool_operate: fix mem leak when failed config parse +- ci/tests: Fix typo in previous commit 597cf2 + +- ci/tests: Make sure that the AZURE_ACCESS_TOKEN is available - Found by fuzzing the config file. + For security reasons the access token is not available to PR builds. + Therefore we should not try to use the DevOps API with an empty token. + +Daniel Stenberg (1 Mar 2020) +- build: remove all HAVE_OPENSSL_ENGINE_H defines - Reported-by: Geeknik Labs + ... as there's nothing in the code that actually uses the define! The + last reference was removed in 38203f158. - Fixes https://github.com/curl/curl/issues/4767 + Closes #5007 -- [Xiang Xiao brought this change] +Jay Satiro (29 Feb 2020) +- [Rolf Eike Beer brought this change] - lib: remove erroneous +x file permission on some c files + CMake: clean up and improve build procedures - Modified by commit eb9a604 accidentally. + - remove check for unsupported old CMake versions - Closes https://github.com/curl/curl/pull/4756 - -- [Xiang Xiao brought this change] - - lib: fix warnings found when porting to NuttX + - do not link to c-ares library twice - - Undefine DEBUGASSERT in curl_setup_once.h in case it was already - defined as a system macro. + - modernize custom Find modules - - Don't compile write32_le in curl_endian unless - CURL_SIZEOF_CURL_OFF_T > 4, since it's only used by Curl_write64_le. + - FindLibSSH2: + - pass version to FPHSA to show it in the output + - use LIBSSH2_VERSION define to extract the version number in + one shot. This variable exists in the header for 10 years. + - remove unneeded code - - Include in socketpair.c. + - FindNGHTTP2.cmake: + - drop needless FPHSA argument + - mark found variables as advanced - Closes https://github.com/curl/curl/pull/4756 - -- os400: Add missing CURLE error constants + - FindNSS.cmake: + - show version number - Bug: https://github.com/curl/curl/pull/4754#issuecomment-569126922 - Reported-by: Emil Engler - -- CURLOPT_HEADERFUNCTION.3: Document that size is always 1 + - FindCARES.cmake: + - drop default paths + - use FPHSA instead of checking things by hand - For compatibility with `fwrite`, the `CURLOPT_HEADERFUNCTION` callback - is passed two `size_t` parameters which, when multiplied, designate the - number of bytes of data passed in. In practice, CURL always sets the - first parameter (`size`) to 1. + - remove needless explict variable dereference - This practice is also enshrined in documentation and cannot be changed - in future. The documentation states that the default callback is - `fwrite`, which means `fwrite` must be a suitable function for this - purpose. However, the documentation also states that the callback must - return the number of *bytes* it successfully handled, whereas ISO C - `fwrite` returns the number of items (each of size `size`) which it - wrote. The only way these numbers can be equal is if `size` is 1. + - simplify count_true() - Since `size` is 1 and can never be changed in future anyway, document - that fact explicitly and let users rely on it. + - allow all policies up to version 3.16 to be set to NEW - Reported-by: Frank Gevaerts - Commit-message-by: Christopher Head + - do not rerun check for -Wstrict-aliasing=3 every time - Ref: https://github.com/curl/curl/pull/2787 + In contrast to every other compiler flag this has a = in it, which CMake + can't have in a variable name. - Fixes https://github.com/curl/curl/issues/4758 + - only read the interesting strings from curlver.h + + Reviewed-by: Peter Wu + + Closes https://github.com/curl/curl/pull/4975 -- examples/postinmemory.c: Call curl_global_cleanup always +- runtests: fix output to command log - Prior to this change curl_global_cleanup was not called if - curl_easy_init failed. + - Record only the command of the most recently ran test in the command + log. - Reported-by: kouzhudong@users.noreply.github.com + This is a follow-up to 02988b7 from several weeks ago which fixed + writing to the command log, however it saved all commands for all tests + instead of just the most recently ran test as we would now expect. - Fixes https://github.com/curl/curl/issues/4751 + Fixes https://github.com/curl/curl/commit/02988b7#commitcomment-37546876 + Closes https://github.com/curl/curl/pull/5001 -Daniel Stenberg (21 Dec 2019) -- url2file.c: fix copyright year +Steve Holme (1 Mar 2020) +- polarssl: Additional removal - Follow-up to 525787269599b5 + Follow up to 6357a19f. + + Reviewed-by: Daniel Stenberg + Closes #5004 -- [Rickard Hallerbäck brought this change] +- [Jonathan Cardoso Machado brought this change] - examples/url2file.c: corrected a comment - - The comment was confusing and suggested that setting CURLOPT_NOPROGRESS - to 0L would both enable and disable debug output at the same time, like - a Schrödinger's cat of CURLOPTs. + docs: fix typo on CURLINFO_RETRY_AFTER - alwaus -> always - Closes #4745 + Reviewed-by: Steve Holme + Closes #5005 -- HISTORY: OSS-Fuzz started fuzzing libcurl in 2017 +- md5: Added implementation for mbedTLS + + Reviewed-by: Jay Satiro + Closes #4980 -- RELEASE-NOTES: synced +- md5: Use pointer notation for array parameters in GnuTLS implementation -Jay Satiro (20 Dec 2019) -- ngtcp2: Support the latest update key callback type +- md4: Use non-deprecated functions in mbedTLS >= 2.7.0 - - Remove our cb_update_key in favor of ngtcp2's new - ngtcp2_crypto_update_key_cb which does the same thing. + Closes #4983 + +Marc Hoersken (29 Feb 2020) +- ci/tests: Send test results to Azure DevOps for reporting + +Daniel Stenberg (29 Feb 2020) +- pause: force-drain the transfer on unpause - Several days ago the ngtcp2_update_key callback function prototype was - changed in ngtcp2/ngtcp2@42ce09c. Though it would be possible to - fix up our cb_update_key for that change they also added - ngtcp2_crypto_update_key_cb which does the same thing so we'll use that - instead. + ... since the socket might not actually be readable anymore when for + example the data is already buffered in the TLS layer. - Ref: https://github.com/ngtcp2/ngtcp2/commit/42ce09c + Fixes #4966 + Reported-by: Anders Berg + Closes #5000 + +- TODO: curl --proxycommand - Closes https://github.com/curl/curl/pull/4735 + Suggested-by: Kristian Mide + Closes #4941 -Daniel Stenberg (19 Dec 2019) -- sws: search for "Testno:" header uncondtionally if no testno +- smtp: overwriting 'from' leaks memory - Even if the initial request line wasn't found. With the fix to 1455, the - test number is now detected correctly. + Detected by Coverity. CID 1418139. - (Problem found when running tests in random order.) + Also, make sure to return error if the new 'from' allocation fails. - Closes #4744 + Closes #4997 -- tests: set LC_ALL in more tests +- CIfuzz: switch off 'dry_run' mode - Follow-up to 23208e330ac0c21 + Follow-up from #4960: now make it fail if it detects problems. - Closes #4743 + Closes #4998 -- test165: set LC_ALL=en_US.UTF-8 too +Marc Hoersken (28 Feb 2020) +- ci/tests: Increase timeouts of Windows builds due to new tests - On my current Debian Unstable with libidn2 2.2.0, I get an error if - LC_ALL is set to blank. Then curl errors out with: + Recently added tests increased their runtime above the limit of 60min. + +- ci/tests: align Azure Pipeline job names with each other + +- ci/tests: Add Windows builds via Azure Pipelines using Docker + +- tests: fix Python 3 compatibility of smbserver.py + +Daniel Stenberg (27 Feb 2020) +- runtests: restore the command log - curl: (3) Failed to convert www.åäö.se to ACE; could not convert string to UTF-8 + The log file with all command lines for the invoked command lines is now + called logs/commands.log - Closes #4738 + Fixes #4911 + Closes #4989 -- curl.h: add two defines for the "pre ISO C" case +- smtp: fix memory leak on exit path - Without this fix, this caused a compilation failure on AIX with IBM xlc - 13.1.3 compiler. + Detected by Coverity. CID 1418139. "leaked_storage: Variable 'from' + going out of scope leaks the storage it points to" - Reported-by: Ram Krushna Mishra - Fixes #4739 - Closes #4740 + Closes #4990 -- create_conn: prefer multiplexing to using new connections +Steve Holme (27 Feb 2020) +- gtls: Fixed compilation when using GnuTLS < 3.5.0 - ... as it would previously prefer new connections rather than - multiplexing in most conditions! The (now removed) code was a leftover - from the Pipelining code that was translated wrongly into a - multiplex-only world. + Reverts the functionality from 41fcb4f when compiling with GnuTLS older + than 3.5.0. - Reported-by: Kunal Ekawde - Bug: https://curl.haxx.se/mail/lib-2019-12/0060.html - Closes #4732 + Reviewed-by: Daniel Stenberg + Closes #4984 -- test1456: remove the use of a fixed local port - - Fixup the test to instead not compare the port number. It sometimes - caused problems like this: +- RELEASE-NOTES: Corrected the link to issue #4892 + +Daniel Stenberg (27 Feb 2020) +- Curl_is_ASCII_name: handle a NULL argument - "curl: (45) bind failed with errno 98: Address already in use" + Make the function tolerate a NULL pointer input to avoid dereferencing + that pointer. - Closes #4733 + Follow-up to efce3ea5a85126d + Detected by OSS-Fuzz + Reviewed-By: Steve Holme + Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20907 + Fixes #4985 + Closes #4986 -Jay Satiro (18 Dec 2019) -- CURLOPT_QUOTE.3: fix typos +- RELEASE-NOTES: synced + +- http2: make pausing/unpausing set/clear local stream window - Prior to this change the EXAMPLE in the QUOTE/PREQUOTE/POSTQUOTE man - pages would not compile because a variable name was incorrect. + This reduces the HTTP/2 window size to 32 MB since libcurl might have to + buffer up to this amount of data in memory and yet we don't want it set + lower to potentially impact tranfer performance on high speed networks. - Reported-by: Bylon2@users.noreply.github.com + Requires nghttp2 commit b3f85e2daa629 + (https://github.com/nghttp2/nghttp2/pull/1444) to work properly, to end + up in the next release after 1.40.0. - Fixes https://github.com/curl/curl/issues/4736 + Fixes #4939 + Closes #4940 -- [Gisle Vanem brought this change] +- [Anderson Toshiyuki Sasaki brought this change] - strerror: Fix compiler warning "empty expression" + libssh: improve known hosts handling - - Remove the final semi-colon in the SEC2TXT() macro definition. + Previously, it was not possible to get a known hosts file entry due to + the lack of an API. ssh_session_get_known_hosts_entry(), introduced in + libssh-0.9.0, allows libcurl to obtain such information and behave the + same as when compiled with libssh2. - Before: #define SEC2TXT(sec) case sec: txt = #sec; break; + This also tries to avoid the usage of deprecated functions when the + replacements are available. The behaviour will not change if versions + older than libssh-0.8.0 are used. - After: #define SEC2TXT(sec) case sec: txt = #sec; break + Signed-off-by: Anderson Toshiyuki Sasaki - Prior to this change SEC2TXT(foo); would generate break;; which caused - the empty expression warning. + Fixes #4953 + Closes #4962 + +Steve Holme (27 Feb 2020) +- tests: Automatically deduce the tool name from the test case for unit tests - Ref: https://github.com/curl/curl/commit/5b22e1a#r36458547 + It is still possible to override the executable to run during the test, + using the tag, but this patch removes the requirement that the + tag must be present for unit tests. + + It also removes the possibility of human error when existing test cases + are used as the basis for new tests, as recently witnessed in 81c37124. + + Reviewed-by: Daniel Stenberg + Closes #4976 -Daniel Stenberg (18 Dec 2019) -- curl/parseconfig: use curl_free() to free memory allocated by libcurl +- test1323: Added the missing 'unit test' feature requirement in the test case + +Daniel Stenberg (26 Feb 2020) +- cookie: remove unnecessary check for 'out != 0' - Reported-by: bxac on github - Fixes #4730 - Closes #4731 + ... as it will always be non-NULL at this point. + + Detected by Coverity: CID 1459009 -- curl/parseconfig: fix mem-leak +- http: added 417 response treatment - When looping, first trying '.curlrc' and then '_curlrc', the function - would not free the first string. + When doing a request with a body + Expect: 100-continue and the server + responds with a 417, the same request will be retried immediately + without the Expect: header. - Closes #4731 + Added test 357 to verify. + + Also added a control instruction to tell the sws test server to not read + the request body if Expect: is present, which the new test 357 uses. + + Reported-by: bramus on github + Fixes #4949 + Closes #4964 -- CURLOPT_URL.3: "curl supports SMB version 1 (only)" +Steve Holme (26 Feb 2020) +- smtp: Tidy up, following recent changes, to maintain the coding style - [skip ci] + Closes #4892 -- test1270: a basic -w redirect_url test +- smtp: Support the SMTPUTF8 extension for the EXPN command - Closes #4728 + Simply notify the server we support the SMTPUTF8 extension if it does. -- HISTORY: the SMB(S) support landed in 2014 +- smtp: Support the SMTPUTF8 extension in the VRFY command -- define: remove HAVE_ENGINE_LOAD_BUILTIN_ENGINES, not used anymore +- smtp: Support the SMTPUTF8 extension in the RCPT TO command - It is covered by USE_OPENSSL_ENGINE now. + Note: The RCPT TO command isn't required to advertise to the server that + it contains UTF-8 characters, instead the server is told that a mail may + contain UTF-8 in any envelope command via the MAIL command. + +- smtp: Support the SMTPUTF8 extension in the MAIL command - Reported-by: Gisle Vanem - Bug: https://github.com/curl/curl/commit/87b9337c8f76c21c57b204e88b68c6ecf3bd1ac0#commitcomment-36447951 + Support the SMTPUTF8 extension when sending mailbox information in the + MAIL command (FROM and AUTH parameters). Non-ASCII domain names will + be ACE encoded, if IDN is supported, whilst non-ASCII characters in + the local address part are passed to the server. - Closes #4725 + Reported-by: ygthien on github + Fixes #4828 -- lib: remove ASSIGNWITHINCONDITION exceptions, use our code style - - ... even for macros +- smtp: Detect server support for the UTF-8 extension as defined in RFC-6531 + +- smtp: Support UTF-8 based host names in the VRFY command + +- smtp: Support UTF-8 based host names in the RCPT TO command + +- smtp: Support UTF-8 based host names in the MAIL command - Reviewed-by: Daniel Gustafsson - Reviewed-by: Jay Satiro - Reported-by: Jay Satiro - Fixes #4683 - Closes #4722 + Non-ASCII host names will be ACE encoded if IDN is supported. -- tests: make sure checksrc runs on header files too +- url: Make the IDN conversion functions available to others -- Revert "checksrc: fix regexp for ASSIGNWITHINCONDITION" +- smtp: Added UTF-8 mailbox tests to verify existing behaviour + +- ftpserver: Updated VRFY_smtp() so the response isn't necessary in the test case + +- ftpserver: Corrected the e-mail address regex in MAIL_smtp() and RCTP_smtp() - This reverts commit ba82673dac3e8d00a76aa5e3779a0cb80e7442af. + The dot character between the host and the tld was not being escaped, + which meant it specified a match of 'any' character rather than an + explicit dot separator. - Bug: #4683 - -- KNOWN_BUGS: TLS session cache doesn't work with TFO + Additionally removed the dot character from the host name as it allowed + the following to be specified as a valid address in our test cases: - [skip ci] - Closes #4301 + + + Both are typos from 98f7ca7 and 8880f84 :( + + I can't remember whether my intention was to allow sub-domains to be + specified in the host or not with these additional dots, but by placing + it outside of the host means it can only be specified once per domain + and by placing a + after the new grouping support for sub-domains is + kept. + + Closes #4912 -- KNOWN_BUGS: Connection information when using TCP Fast Open +- hmac: Added a unit test for the HMAC hash generation - Also point to #4296 for more details - Closes #4296 + Closes #4973 -- KNOWN_BUGS: LDAP on Windows doesn't work +- ntlm: Moved the HMAC MD5 function into the HMAC module as a generic function + +- tests: Added a unit test for MD4 digest generation - Closes #4261 + Closes #4970 -- docs: TLS SRP doesn't work with TLS 1.3 +- md4: Use const for the length input parameter - Reported-by: sayrer on github - Closes #4262 - [skip ci] + This keeps the interface the same as md5 and sha256. -Dan Fandrich (16 Dec 2019) -- cirrus: Switch to the FreeBSD 12.1 point release & enable more tests. +- test1610: Fixed the link to the unit test - A few tests are now passing on FreeBSD, so no longer skip them. - [skip ci] + Typo from 81c37124. -Daniel Stenberg (16 Dec 2019) -- azure: the macos cmake doesn't need to install cmake +- ntlm: Removed the dependency on the TLS libaries when using MD5 - Error: cmake 3.15.5 is already installed - To upgrade to 3.16.1, run `brew upgrade cmake`. + As we have our own MD5 implementation use the MD5 wrapper to remove the + TLS dependency. - Closes #4723 + Closes #4967 -Jay Satiro (15 Dec 2019) -- winbuild: Document CURL_STATICLIB requirement for static libcurl +- md5/sha256: Updated the functions to allow non-string data to be hashed + +- digest: Corrected the name of the local HTTP digest function - A static libcurl (ie winbuild mode=static) requires that the user define - CURL_STATICLIB when using it in their application. This is already - covered in the FAQ and INSTALL.md, but is a pretty important point so - now it's noted in the BUILD.WINDOWS.txt as well. + Follow up to 2b5b37cb. Local static functions do not require the Curl + prefix. + +- tests: Added a unit test for SHA256 digest generation - Assisted-by: Michael Vittiglio + Follow up to 2b5b37c. - Closes https://github.com/curl/curl/pull/4721 - -Daniel Stenberg (15 Dec 2019) -- [Santino Keupp brought this change] + Closes #4968 - libssh2: add support for ECDSA and ed25519 knownhost keys +- md4: Fixed compilation issues when using GNU TLS gcrypt - ... if a new enough libssh2 version is present. + * Don't include 'struct' in the gcrypt MD4_CTX typedef + * The call to gcry_md_read() should use a dereferenced ctx + * The call to gcry_md_close() should use a dereferenced ctx - Source: https://curl.haxx.se/mail/archive-2019-12/0023.html - Co-Authored-by: Daniel Stenberg - Closes #4714 + Additional minor whitespace issue in the USE_WIN32_CRYPTO code. + + Closes #4959 -- lib1591: free memory properly on OOM, in the trailers callback +Daniel Stenberg (21 Feb 2020) +- RELEASE-NOTES: synced + +- http2: now require nghttp2 >= 1.12.0 - Detected by torture tests. + To simplify our code and since earlier versions lack important function + calls libcurl needs to function correctly. - Closes #4720 + nghttp2 1.12.0 was relased on June 26, 2016. + + Closes #4961 -- runtests: --repeat=[num] to repeat tests +- gtls: fix the copyright year - Closes #4715 + Follow-up from 41fcb4f609 -- RELEASE-NOTES: synced +- [jethrogb brought this change] -- azure: add a torture test on mac + GnuTLS: Always send client cert - Uses --shallow=25 to keep it small enough to get through in time. + TLS servers may request a certificate from the client. This request + includes a list of 0 or more acceptable issuer DNs. The client may use + this list to determine which certificate to send. GnuTLS's default + behavior is to not send a client certificate if there is no + match. However, OpenSSL's default behavior is to send the configured + certificate. The `GNUTLS_FORCE_CLIENT_CERT` flag mimics OpenSSL + behavior. - Closes #4712 + Authored-by: jethrogb on github + Fixes #1411 + Closes #4958 -- multi: free sockhash on OOM +- [Leo Neat brought this change] + + github action: add CIFuzz - This would otherwise leak memory in the error path. + Closes #4960 + +- cleanup: comment typos - Detected by torture test 1540. + Spotted by 'codespell' - Closes #4713 + Closes #4957 -Marcel Raad (13 Dec 2019) -- tests: use DoH feature for DoH tests +Steve Holme (20 Feb 2020) +- win32: USE_WIN32_CRYPTO to enable Win32 based MD4, MD5 and SHA256 functions - Previously, http/2 was used instead. + Whilst lib\md4.c used this pre-processor, lib\md5.c and + src\tool_metalink.c did not and simply relied on the WIN32 + pre-processor directive. - Assisted-by: Jay Satiro - Closes https://github.com/curl/curl/pull/4692 + Reviewed-by: Marcel Raad + Closes #4955 -- hostip: suppress compiler warning +Daniel Stenberg (19 Feb 2020) +- connect: remove some spurious infof() calls - With `--disable-doh --disable-threaded-resolver`, the `dns` parameter - is not used. + As they were added primarily for debugging, they provide little use for + users. - Closes https://github.com/curl/curl/pull/4692 + Closes #4951 -- tests: fix build with `CURL_DISABLE_DOH` +- HTTP-COOKIES: mention that a trailing newline is required - Closes https://github.com/curl/curl/pull/4692 - -Daniel Stenberg (13 Dec 2019) -- azure: add a torture test + ... so that we know we got the whole and not a partial line. - Skipping all FTP tests for speed reasons. + Also, changed the formatting of the fields away from a table again since + the table format requires a github-markdown tool version that we don't + run on the web server atm. - Closes #4697 + Reported-by: Sunny Bean + Fixes #4946 + Closes #4947 -- azure: make the default build use --enable-debug --enable-werror +- nit: Copyright year out of date + + Follow-up to 1fc0617dcc -- ntlm_wb: fix double-free in OOM +Jay Satiro (18 Feb 2020) +- tool_util: Improve Windows version of tvnow() - Detected by torture testing test 1310 + - Change tool_util.c tvnow() for Windows to match more closely to + timeval.c Curl_now(). - Closes #4710 + - Create a win32 init function for the tool, since some initialization + is required for the tvnow() changes. + + Prior to this change the monotonic time function used by curl in Windows + was determined at build-time and not runtime. That was a problem because + when curl was built targeted for compatibility with old versions of + Windows (eg _WIN32_WINNT < 0x0600) it would use GetTickCount which wraps + every 49.7 days that Windows has been running. + + This change makes curl behave similar to libcurl's tvnow function, which + determines at runtime whether the OS is Vista+ and if so calls + QueryPerformanceCounter instead. (Note QueryPerformanceCounter is used + because it has higher resolution than the more obvious candidate + GetTickCount64). The changes to tvnow are basically a copy and paste but + the types in some cases are different. + + Ref: https://github.com/curl/curl/issues/3309 + + Closes https://github.com/curl/curl/pull/4847 -Dan Fandrich (13 Dec 2019) -- cirrus: Drop the FreeBSD 10.4 build +Daniel Stenberg (18 Feb 2020) +- SOCKS: fix typo in printf formatting - Upstream support for 10.4 ended a year ago, and it looks like the image - is now gone, too. - [skip ci] + Follow-up to 4a4b63daa + + Reported-by: Peter Piekarski + Bug: https://github.com/curl/curl/commit/4a4b63daaa01ef59b131d91e8e6e6dfe275c0f08#r37351330 -Daniel Stenberg (13 Dec 2019) -- unit1620: fix bad free in OOM +- CURLOPT_REDIR_PROTOCOLS.3: update the DEFAULT section - Closes #4709 + to be in sync with the description above + + Reported-by: Joonas Kuorilehto + Fixes #4943 + Closes #4945 -- unit1609: fix mem-leak in OOM +- docs/GOVERNANCE: refreshed + added "donations" and "commercial support" + +- altsvc: make saving the cache an atomic operation - Closes #4709 + ... by writing the file to temp name then rename to the final when done. + + Assisted-by: Jay Satiro + Fixes #4936 + Closes #4942 -- unit1607: fix mem-leak in OOM +- rename: a new file for Curl_rename() - Closes #4709 + And make the cookie save function use it. -- lib1559: fix mem-leak in OOM +- cookies: make saving atomic with a rename - Closes #4709 + Saves the file as "[filename].[8 random hex digits].tmp" and renames + away the extension when done. + + Co-authored-by: Jay Satiro + Reported-by: Mike Frysinger + Fixes #4914 + Closes #4926 -- lib1557: fix mem-leak in OOM +- RELEASE-NOTES: synced + +- socks: make the connect phase non-blocking - Closes #4709 + Removes two entries from KNOWN_BUGS. + + Closes #4907 -- altsvc: make the save function ignore NULL filenames +- multi: if Curl_readwrite sets 'comeback' use expire, not loop - It might happen in OOM situations. Detected bv torture tests. + Otherwise, a very fast single transfer ricks starving out other + concurrent transfers. - Closes #4707 + Closes #4927 -- curl: fix memory leak in OOM in etags logic +- ftp: convert 'sock_accepted' to a plain boolean - Detected by torture tests + This was an array indexed with sockindex but it was only ever used for + the secondary socket. - Closes #4706 + Closes #4929 -- doh: make it behave when built without proxy support +Jay Satiro (15 Feb 2020) +- CURLINFO_COOKIELIST.3: Fix example - Reported-by: Marcel Raad - Bug: https://github.com/curl/curl/pull/4692#issuecomment-564115734 + Prior to this change the example would try to import cookies from stdin, + which wasn't what was intended. - Closes #4704 + Reported-by: 3dyd@users.noreply.github.com + + Fixes https://github.com/curl/curl/issues/4930 -- curl: improved cleanup in upload error path +Daniel Stenberg (14 Feb 2020) +- TODO: Paged searches on LDAP server - Memory leak found by torture test 58 + Closes #4452 + +- TODO: CURLOPT_SSL_CTX_FUNCTION for LDAPS - Closes #4705 + Closes #4108 -- mailmap: fix Andrew Ishchuk +- azure: disable brotli on the macos debug-builds + + Because of: + + brotli/decode.h:204:33: error: variable length array used [-Werror,-Wvla] + const uint8_t encoded_buffer[BROTLI_ARRAY_PARAM(encoded_size)], + + Closes #4925 -- travis: make torture use --shallow=40 +Steve Holme (13 Feb 2020) +- tool_home: Fix the copyright year being out of date - As a first step to enable it to run over a more diverse set of tests in - a reasonable time. + Follow up to 9dc350b6. -- runtests: introduce --shallow to reduce huge torture tests +Jay Satiro (12 Feb 2020) +- tool_homedir: Change GetEnv() to use libcurl's curl_getenv() - When set, shallow mode limits runtests -t to make no more than NUM fails - per test case. If more are found, it will randomly discard entries until - the number is right. The random seed can also be set. + - Deduplicate GetEnv() code. - This is particularly useful when running MANY tests as then most torture - failures will already fail the same functions over and over and make the - total operation painfully tedious. + - On Windows change ultimate call to use Windows API + GetEnvironmentVariable() instead of C runtime getenv(). - Closes #4699 + Prior to this change both libcurl and the tool had their own GetEnv + which over time diverged. Now the tool's GetEnv is a wrapper around + curl_getenv (libcurl API function which is itself a wrapper around + libcurl's GetEnv). + + Furthermore this change fixes a bug in that Windows API + GetEnvironmentVariable() is called instead of C runtime getenv() to get + the environment variable since some changes aren't always visible to the + latter. + + Reported-by: Christoph M. Becker + + Fixes https://github.com/curl/curl/issues/4774 + Closes https://github.com/curl/curl/pull/4863 -- conncache: CONNECT_ONLY connections assumed always in-use +Daniel Stenberg (12 Feb 2020) +- strerror.h: Copyright year out of date - This makes them never to be considered "the oldest" to be discarded when - reaching the connection cache limit. The reasoning here is that - CONNECT_ONLY is primarily used in combination with using the - connection's socket post connect and since that is used outside of - curl's knowledge we must assume that it is in use until explicitly - closed. + Follow-up to 1c4fa67e8a8fcf6 + +Jay Satiro (12 Feb 2020) +- strerror: Increase STRERROR_LEN 128 -> 256 - Reported-by: Pavel Pavlov - Reported-by: Pavel Löbl - Fixes #4426 - Fixes #4369 - Closes #4696 + STRERROR_LEN is the constant used throughout the library to set the size + of the buffer on the stack that the curl strerror functions write to. + + Prior to this change some extended length Windows error messages could + be truncated. + + Closes https://github.com/curl/curl/pull/4920 -- [Gisle Vanem brought this change] +- multi: fix outdated comment + + - Do not say that conn->data is "cleared" by multi_done(). + + If the connection is in use then multi_done assigns another easy handle + still using the connection to conn->data, therefore in that case it is + not cleared. + + Closes https://github.com/curl/curl/pull/4901 - vtls: make BearSSL possible to set with CURL_SSL_BACKEND +- easy: remove dead code - Ref: https://github.com/curl/curl/commit/9b879160df01e7ddbb4770904391d3b74114302b#commitcomment-36355622 + multi is already assigned to data->multi by curl_multi_add_handle. - Closes #4698 + Closes https://github.com/curl/curl/pull/4900 + +Daniel Stenberg (12 Feb 2020) +- create-dirs.d: mention the mode + + Reported-by: Dan Jacobson + Fixes #4766 + Closes #4916 + +- CURLOPT_ALTSVC_CTRL.3: fix the DEFAULT wording + + Assisted-by: Jay Satiro + Reported-by: Craig Andrews + Fixes #4909 + Closes #4910 - RELEASE-NOTES: synced -- travis: remove "coverage", make it "torture" +Steve Holme (9 Feb 2020) +- smtp: Simplify the MAIL command and avoid a duplication of send strings - The coveralls service and test coverage numbers are just too unreliable. - Removed badge from README.md as well. + This avoids the duplication of strings when the optional AUTH and SIZE + parameters are required. It also assists with the modifications that + are part of #4892. - Fixes #4694 - Closes #4695 + Closes #4903 -- azure: add libssh2 and cmake macos builds +Daniel Stenberg (9 Feb 2020) +- altsvc: keep a copy of the file name to survive handle reset - Removed the macos libssh2 build from travis + The alt-svc cache survives a call to curl_easy_reset fine, but the file + name to use for saving the cache was cleared. Now the alt-svc cache has + a copy of the file name to survive handle resets. - Closes #4686 + Added test 1908 to verify. + + Reported-by: Craig Andrews + Fixes #4898 + Closes #4902 -- curl: use errorf() better +Steve Holme (9 Feb 2020) +- url: Include the failure reason when curl_win32_idn_to_ascii() fails - Change series of error outputs to use errorf(). + Provide the failure reason in the failf() info just as we do for the + libidn2 version of code. - Only errors that are due to mistakes in command line option usage should - use helpf(), other types of errors in the tool should rather use - errorf(). + Closes #4899 + +Jay Satiro (9 Feb 2020) +- asyn-thread: remove dead code + +Daniel Stenberg (8 Feb 2020) +- [Emil Engler brought this change] + + github: Instructions to post "uname -a" on Unix systems in issues - Closes #4691 + Closes #4896 -Jay Satiro (9 Dec 2019) -- [Marc Hoersken brought this change] +- [Cristian Greco brought this change] - tests: make it possible to set executable extensions + configure.ac: fix comments about --with-quiche - This enables the use of Windows Subsystem for Linux (WSL) to run the - testsuite against Windows binaries while using Linux servers. + A simple s/nghttp3/quiche in some comments of --with-quiche. + Looks like a copy-paste error from --with-nghttp3. - This commit introduces the following environment variables: - - CURL_TEST_EXE_EXT: set the executable extension for all components - - CURL_TEST_EXE_EXT_TOOL: set it for the curl tool only - - CURL_TEST_EXE_EXT_SSH: set it for the SSH tools only + Closes #4897 + +Steve Holme (7 Feb 2020) +- checksrc.bat: Fix not being able to run script from the main curl directory - Later testcurl.pl could be adjusted to make use of those variables. - - CURL_TEST_EXE_EXT_SRV: set it for the test servers only + If the script was ran from the main curl directory rather then the + projects directory then the script would simply exit without error: - (This is one of several commits to support use of WSL for the tests.) + C:\url> projects\checksrc.bat - Closes https://github.com/curl/curl/pull/3899 + The user would either need to change to the projects directory, + explicitly specify the current working directory, or perform a + oneline hacky workaround: + + C:\url> cd projects + C:\url\projects> checksrc.bat + + C:\url> checksrc.bat %cd% + + C:\url> pushd projects & checksrc.bat & popd + + Closes #4894 -- [Marc Hoersken brought this change] +Daniel Stenberg (7 Feb 2020) +- [Pierre-Yves Bigourdan brought this change] - tests: fix permissions of ssh keys in WSL + digest: Do not quote algorithm in HTTP authorisation - Keys created on Windows Subsystem for Linux (WSL) require it for some - reason. + RFC 7616 section 3.4 (The Authorization Header Field) states that "For + historical reasons, a sender MUST NOT generate the quoted string syntax + for the following parameters: algorithm, qop, and nc". This removes the + quoting for the algorithm parameter. - (This is one of several commits to support use of WSL for the tests.) + Reviewed-by: Steve Holme + Closes #4890 + +- ftp: remove the duplicated user/password struct fields - Ref: https://github.com/curl/curl/pull/3899 + Closes #4887 -- [Marc Hoersken brought this change] +- ftp: remove superfluous checking for crlf in user or pwd + + ... as this is already done much earlier in the URL parser. + + Also add test case 894 that verifies that pop3 with an encodedd CR in + the user name is rejected. + + Closes #4887 - tests: use \r\n for log messages in WSL +Steve Holme (6 Feb 2020) +- ntlm_wb: Use Curl_socketpair() for greater portability - Bash in Windows Subsystem for Linux (WSL) requires it for some reason. + Reported-by: Daniel Stenberg + Closes #4886 + +Daniel Stenberg (5 Feb 2020) +- [Frank Gevaerts brought this change] + + contributors: Also include people who contributed to curl-www - (This is one of several commits to support use of WSL for the tests.) + Closes #4884 + +- [Frank Gevaerts brought this change] + + contrithanks: Use the most recent tag by default - Ref: https://github.com/curl/curl/pull/3899 + (similar to 5296abe) + + Closes #4883 -- [Andrew Ishchuk brought this change] +- scripts: use last set tag if none given + + Makes 'delta' and 'contributors.sh' easier to use. + + Make the delta script invoke contrithanks to get current number of + contributors instead of counting THANKS, for accuracy. + + Closes #4881 - winbuild: Define CARES_STATICLIB when WITH_CARES=static +- ftp: shrink temp buffers used for PORT - When libcurl is built with MODE=static, c-ares is forced into static - linkage too. That doesn't happen when MODE=dll so linker would break - over undefined symbols. + These two stack based buffers only need to be 46 + 66 bytes instead of + 256 + 1024. - closes https://github.com/curl/curl/pull/4688 + Closes #4880 -Daniel Stenberg (9 Dec 2019) -- conn: always set bits.close with connclose() +- curl: error on --alt-svc use w/o support - Closes #4690 + Make the tool check for alt-svc support at run-time and return error + accordingly if not present when the option is used. + + Reported-by: Harry Sintonen + Closes #4878 -- cirrus: enable clang sanitizers on freebsd 13 +- docs/HTTP3: add --enable-alt-svc to curl's configure -- conncache: fix multi-thread use of shared connection cache +- RELEASE-PROCEDURE: feature win is closed post-release a few days - It could accidentally let the connection get used by more than one - thread, leading to double-free and more. + We've tried to uphold this already but let's make it official by + publicly stating this is the way we do it. - Reported-by: Christopher Reid - Fixes #4544 - Closes #4557 + Closes #4877 -- azure: add a vanilla macos build +- altsvc: set h3 version at a common single spot - Closes #4685 + ... and move the #ifdefs out of the functions. Addresses the fact they + were different before this change. + + Reported-by: Harry Sintonen + Closes #4876 -- curl: make the etag load logic work without fseek +- [Harry Sintonen brought this change] + + altsvc: improved header parser - The fseek()s were unnecessary and caused Coverity warning CID 1456554 + - Fixed the flag parsing to apply to specific alternative entry only, as + per RFC. The earlier code would also get totally confused by + multiprotocol header, parsing flags from the wrong part of the header. - Closes #4681 + - Fixed the parser terminating on unknown protocols, instead of skipping + them. + + - Fixed a busyloop when protocol-id was present without an equal sign. + + Closes #4875 -- mailmap: Mohammad Hasbini +- [Harry Sintonen brought this change] -- [Mohammad Hasbini brought this change] + ngtcp2: fixed to only use AF_INET6 when ENABLE_IPV6 - docs: fix some typos +- docs/HTTP3: update the OpenSSL branch to use for ngtcp2 - Closes #4680 + Reported-by: James Fuller +Steve Holme (4 Feb 2020) +- ntlm: Pass the Curl_easy structure to the private winbind functions + + ...rather than the full conndata structure. + +Daniel Stenberg (4 Feb 2020) - RELEASE-NOTES: synced -Jay Satiro (5 Dec 2019) -- lib: fix some loose ends for recently added CURLSSLOPT_NO_PARTIALCHAIN +- tool_operhlp: Copyright year out of date, should be 2020 - Add support for CURLSSLOPT_NO_PARTIALCHAIN in CURLOPT_PROXY_SSL_OPTIONS - and OS400 package spec. + Follow-up from 2bc373740a3 + +- [Orgad Shaneh brought this change] + + curl: avoid using strlen for testing if a string is empty - Also I added the option to the NameValue list in the tool even though it - isn't exposed as a command-line option (...yet?). (NameValue stringizes - the option name for the curl cmd -> libcurl source generator) + Closes #4873 + +Steve Holme (3 Feb 2020) +- ntlm: Ensure the HTTP header data is not stored in the challenge/response + +Marcel Raad (3 Feb 2020) +- openssl: remove redundant assignment - Follow-up to 564d88a which added CURLSSLOPT_NO_PARTIALCHAIN. + Fixes a scan-build failure on Bionic. - Ref: https://github.com/curl/curl/pull/4655 + Closes https://github.com/curl/curl/pull/4872 -- setopt: Fix ALPN / NPN user option when built without HTTP2 +- travis: update non-OpenSSL Linux jobs to Bionic - - Stop treating lack of HTTP2 as an unknown option error result for - CURLOPT_SSL_ENABLE_ALPN and CURLOPT_SSL_ENABLE_NPN. + For the OpenSSL builds, test 323 [TLS-SRP to non-TLS-SRP server] is + failing with "curl returned 52, when expecting 35". - Prior to this change it was impossible to disable ALPN / NPN if libcurl - was built without HTTP2. Setting either option would result in - CURLE_UNKNOWN_OPTION and the respective internal option would not be - set. That was incorrect since ALPN and NPN are used independent of - HTTP2. + Closes https://github.com/curl/curl/pull/4872 + +Dan Fandrich (3 Feb 2020) +- cirrus: Add some missing semicolons - Reported-by: Shailesh Kapse + Newlines aren't preserved in this section so they're needed to separate + commands. The exports luckily worked anyway as a single long line, but + erroneously exported a variable called "export" + [skip ci] + +Daniel Gustafsson (2 Feb 2020) +- [Pedro Monreal brought this change] + + cleanup: fix typos and wording in docs and comments - Fixes https://github.com/curl/curl/issues/4668 - Closes https://github.com/curl/curl/pull/4672 + Closes #4869 + Reviewed-by: Emil Engler and Daniel Gustafsson -Daniel Stenberg (5 Dec 2019) -- etag: allow both --etag-compare and --etag-save in same cmdline +Steve Holme (2 Feb 2020) +- ntlm: Move the winbind data into the NTLM data structure - Fixes #4669 - Closes #4678 + To assist with adding winbind support to the SASL NTLM authentication, + move the winbind specific data out of conndata into ntlmdata. -Marcel Raad (5 Dec 2019) -- curl_setup: fix `CURLRES_IPV6` condition +Daniel Stenberg (30 Jan 2020) +- quiche: Copyright year out of date - Move the definition of `CURLRES_IPV6` to before undefining - `HAVE_GETADDRINFO`. Regression from commit 67a08dca27a which caused - some tests to fail and others to be skipped with c-ares. + Follow-up to 7fc63d72333a + +- altsvc: use h3-25 - Fixes https://github.com/curl/curl/issues/4673 - Closes https://github.com/curl/curl/pull/4677 + Closes #4868 -Daniel Stenberg (5 Dec 2019) -- test342: make it return a 304 as the tag matches +- [Alessandro Ghedini brought this change] -Peter Wu (4 Dec 2019) -- CMake: add support for building with the NSS vtls backend + quiche: update to draft-25 - Options are cross-checked with configure.ac and acinclude.m4. - Tested on Arch Linux, untested on other platforms like Windows or macOS. + Closes #4867 + +- ngtcp2: update to git master and its draft-25 support - Closes #4663 - Reviewed-by: Kamil Dudka + Closes #4865 -Daniel Stenberg (4 Dec 2019) -- azure: add more builds +- cookie: check __Secure- and __Host- case sensitively - ... removed two from travis (that now runs on azure instead) + While most keywords in cookies are case insensitive, these prefixes are + specified explicitly to get checked "with a case-sensitive match". - Closes #4671 + (From the 6265bis document in progress) + + Ref: https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-04 + Closes #4864 -- CURLOPT_VERBOSE.3: see also ERRORBUFFER +- KNOWN_BUGS: Multiple methods in a single WWW-Authenticate: header -- hostip4.c: bump copyright year range +- oauth2-bearer.d: works for HTTP too + + Reported-by: Mischa Salle + Bug: https://curl.haxx.se/mail/lib-2020-01/0070.html + Closes #4862 -Marcel Raad (3 Dec 2019) -- configure: enable IPv6 support without `getaddrinfo` +- multi_done: if multiplexed, make conn->data point to another transfer - This makes it possible to recognize and connect to literal IPv6 - addresses when `getaddrinfo` is not available, which is already the - case for the CMake build. This affects e.g. classic MinGW because it - still targets Windows 2000 by default, where `getaddrinfo` is not - available, but general IPv6 support is. + ... since the current transfer is being killed. Setting to NULL is + wrong, leaving it pointing to 'data' is wrong since that handle might be + about to get freed. - Instead of checking for `getaddrinfo`, check for `sockaddr_in6` as the - CMake build does. + Fixes #4845 + Closes #4858 + Reported-by: dmitrmax on github + +- location.d: the method change is from POST to GET only - Closes https://github.com/curl/curl/pull/4662 + Not from generic non-GET to GET. + + Reported-by: Andrius Merkys + Ref: #4859 + Closes #4861 -- curl_setup: disable IPv6 resolver without `getaddrinfo` +- urlapi: guess scheme correct even with credentials given - Also, use `CURLRES_IPV6` only for actual DNS resolution, not for IPv6 - address support. This makes it possible to connect to IPv6 literals by - setting `ENABLE_IPV6` even without `getaddrinfo` support. It also fixes - the CMake build when using the synchronous resolver without - `getaddrinfo` support. + In the "scheme-less" parsing case, we need to strip off credentials + first before we guess scheme based on the host name! - Closes https://github.com/curl/curl/pull/4662 + Assisted-by: Jay Satiro + Fixes #4856 + Closes #4857 -Daniel Stenberg (3 Dec 2019) -- github action/azure pipeline: run 'make test-nonflaky' for tests +- global_init: move the IPv6 works status bool to multi handle - To match travis and give more info on failures. + Previously it was stored in a global state which contributed to + curl_global_init's thread unsafety. This boolean is now instead figured + out in curl_multi_init() and stored in the multi handle. Less effective, + but thread safe. + + Closes #4851 -- openssl: CURLSSLOPT_NO_PARTIALCHAIN can disable partial cert chains +- [Jay Satiro brought this change] + + README: mention that the docs is in docs/ - Closes #4655 + Reported-by: Austin Green + Fixes #4830 + Closes #4853 -- openssl: set X509_V_FLAG_PARTIAL_CHAIN +- curl.h: define CURL_WIN32 on windows - Have intermediate certificates in the trust store be treated as - trust-anchors, in the same way as self-signed root CA certificates - are. This allows users to verify servers using the intermediate cert - only, instead of needing the whole chain. + ... so that the subsequent logic below can use a single known define to know + when built on Windows (as we don't define WIN32 anymore). - Other TLS backends already accept partial chains. + Follow-up to 1adebe7886ddf20b - Reported-by: Jeffrey Walton - Bug: https://curl.haxx.se/mail/lib-2019-11/0094.html + Reported-by: crazydef on github + Assisted-by: Marcel Raad + Fixes #4854 + Closes #4855 -- curl: show better error message when no homedir is found +- RELEASE-NOTES: synced + +- [Jon Rumsey brought this change] + + urldata: do string enums without #ifdefs for build scripts - Reported-by: Vlastimil Ovčáčík - Fixes #4644 - Closes #4665 + ... and check for inconsistencies for OS400 at build time with the new + chkstrings tool. + + Closes #4822 -- OPENSOCKETFUNCTION.3: correct the purpose description +- curl: make the -# spaceship bar not wrap the line - Reported-by: Jeff Mears - Bug: https://curl.haxx.se/mail/lib-2019-12/0007.html + The fixed-point math made us lose precision and thus a too high index + value could be used for outputting the hashtags which could overwrite + the newline. - Closes #4667 + The fix increases the precision in the sine table (*100) and the + associated position math. + + Reported-by: Andrew Potter + Fixes #4849 + Closes #4850 -- [Peter Wu brought this change] +- global_init: assume the EINTR bit by default + + - Removed from global_init since it isn't thread-safe. The symbol will + still remain to not break compiles, it just won't have any effect going + forward. + + - make the internals NOT loop on EINTR (the opposite from previously). + It only risks returning from the select/poll/wait functions early, and that + should be risk-free. + + Closes #4840 - travis: do not use OVERRIDE_CC or OVERRIDE_CXX if empty +- [Peter Piekarski brought this change] + + conn: do not reuse connection if SOCKS proxy credentials differ - Fixes the macOS builds where OVERRIDE_CC and OVERRIDE_CXX are not set. + Closes #4835 + +- llist: removed unused Curl_llist_move() - Reported-by: Jay Satiro - Fixes #4659 - Closes #4661 - Closes #4664 + (and the corresponding unit test) + + Closes #4842 -- azure-pipelines: fix the test script +- conncache: removed unused Curl_conncache_bundle_size() -- Azure Pipelines: initial CI setup +- strcase: turn Curl_raw_tolower into static - [skip ci] + Only ever used from within this file. -- docs: add "added: 7.68.0" to the --etag-* docs +- singleuse.pl: support new API functions, fix curl_dbg_ handling -- copyright: fix the year ranges for two files +- wolfssh: make it init properly via Curl_ssh_init() - Follow-up to 9c1806ae + Closes #4846 -Jay Satiro (1 Dec 2019) -- build: Disable Visual Studio warning "conditional expression is constant" +- [Aron Rotteveel brought this change] + + form.d: fix two minor typos - - Disable warning C4127 "conditional expression is constant" globally - in curl_setup.h for when building with Microsoft's compiler. + Closes #4843 + +- openssl: make CURLINFO_CERTINFO not truncate x509v3 fields - This mainly affects building with the Visual Studio project files found - in the projects dir. + Avoid "reparsing" the content and instead deliver more exactly what is + provided in the certificate and avoid truncating the data after 512 + bytes as done previously. This no longer removes embedded newlines. - Prior to this change the cmake and winbuild build systems already - disabled 4127 globally for when building with Microsoft's compiler. - Also, 4127 was already disabled for all build systems in the limited - circumstance of the WHILE_FALSE macro which disabled the warning - specifically for while(0). This commit removes the WHILE_FALSE macro and - all other cruft in favor of disabling globally in curl_setup. + Fixes #4837 + Reported-by: bnfp on github + Closes #4841 + +Jay Satiro (23 Jan 2020) +- CURLOPT_PROXY_SSL_OPTIONS.3: Sync with CURLOPT_SSL_OPTIONS.3 - Background: + - Copy CURLOPT_SSL_OPTIONS.3 description to CURLOPT_PROXY_SSL_OPTIONS.3. - We have various macros that cause 0 or 1 to be evaluated, which would - cause warning C4127 in Visual Studio. For example this causes it: + Prior to this change CURLSSLOPT_NO_PARTIALCHAIN was missing from the + CURLOPT_PROXY_SSL_OPTIONS description. + +Daniel Stenberg (22 Jan 2020) +- mk-ca-bundle: add support for CKA_NSS_SERVER_DISTRUST_AFTER - #define Curl_resolver_asynch() 1 + For now, no cert in the bundle actually sets a date there... - Full behavior is not clearly defined and inconsistent across versions. - However it is documented that since VS 2015 Update 3 Microsoft has - addressed this somewhat but not entirely, not warning on while(true) for - example. + Co-Authored-by: Jay Satiro + Reported-by: Christian Heimes + Fixes #4834 + Closes #4836 + +- RELEASE-NOTES: synced + +- [Pavel Volgarev brought this change] + + smtp: Allow RCPT TO command to fail for some recipients - Prior to this change some C4127 warnings occurred when I built with - Visual Studio using the generated projects in the projects dir. + Introduces CURLOPT_MAIL_RCPT_ALLLOWFAILS. - Closes https://github.com/curl/curl/pull/4658 + Verified with the new tests 3002-3007 + + Closes #4816 -- openssl: retrieve reported LibreSSL version at runtime +- copyright: fix year ranges - - Retrieve LibreSSL runtime version when supported (>= 2.7.1). + follow-up from dea17b519d (one of these days I'll learn to check before + I push) + +- [nao brought this change] + + http: move "oauth_bearer" from connectdata to Curl_easy - For earlier versions we continue to use the compile-time version. + Fixes the bug where oauth_bearer gets deallocated when we re-use a + connection. - Ref: https://man.openbsd.org/OPENSSL_VERSION_NUMBER.3 + Closes #4824 + +- [Emil Engler brought this change] + + curl: Let -D merge headers in one file again - Closes https://github.com/curl/curl/pull/2425 + Closes #4762 + Fixes #4753 -- strerror: Add Curl_winapi_strerror for Win API specific errors +- data.d: remove "Multiple files can also be specified" - - In all code call Curl_winapi_strerror instead of Curl_strerror when - the error code is known to be from Windows GetLastError. - - Curl_strerror prefers CRT error codes (errno) over Windows API error - codes (GetLastError) when the two overlap. When we know the error code - is from GetLastError it is more accurate to prefer the Windows API error - messages. - - Reported-by: Richard Alcock + It is superfluous and could even be misleading. - Fixes https://github.com/curl/curl/issues/4550 - Closes https://github.com/curl/curl/pull/4581 + Bug: https://curl.haxx.se/mail/archive-2020-01/0016.html + Reported-by: Mike Norton + Closes #4832 -Daniel Stenberg (2 Dec 2019) -- global_init: undo the "intialized" bump in case of failure +Marcel Raad (20 Jan 2020) +- CMake: support specifying the target Windows version - ... so that failures in the global init function don't count as a - working init and it can then be called again. + Previously, it was only possible to set it to Windows Vista or XP by + setting the option `ENABLE_INET_PTON` to `ON` resp. `OFF`. + Use a new cache variable `CURL_TARGET_WINDOWS_VERSION` to be able to + explicitly set the target Windows version. `ENABLE_INET_PTON` is + ignored in this case. - Reported-by: Paul Groke - Fixes #4636 - Closes #4653 + Ref: https://github.com/curl/curl/pull/1639#issuecomment-313039352 + Ref: https://github.com/curl/curl/pull/4607#issuecomment-557541456 + Closes https://github.com/curl/curl/pull/4815 -- parsedate: offer a getdate_capped() alternative - - ... and use internally. This function will return TIME_T_MAX instead of - failure if the parsed data is found to be larger than what can be - represented. TIME_T_MAX being the largest value curl can represent. +Daniel Stenberg (20 Jan 2020) +- http.h: Copyright year out of date, should be 2020 - Reviewed-by: Daniel Gustafsson - Reported-by: JanB on github - Fixes #4152 - Closes #4651 + Follow-up to 7ff9222ced8c -- docs: add more references to curl_multi_poll - - Fixes #4643 - Closes #4652 +- [加藤郁之 brought this change] -- sha256: bump the copyright year range + HTTP: increase EXPECT_100_THRESHOLD to 1Mb - Follow-up from 66e21520f - -Daniel Gustafsson (28 Nov 2019) -- curl_setup_once: consistently use WHILE_FALSE in macros + Mentioned: https://curl.haxx.se/mail/lib-2020-01/0050.html - The WHILE_FALSE construction is used to avoid compiler warnings in - macro constructions. This fixes a few instances where it was not - used in order to keep the code consistent. + Closes #4814 + +- ROADMAP: thread-safe `curl_global_init()` - Closes #4649 - Reviewed-by: Daniel Stenberg + I'd like to see this happen. -Daniel Stenberg (28 Nov 2019) -- [Steve Holme brought this change] +- RELEASE-NOTES: synced - http_ntlm: Remove duplicate NSS initialisation +- wolfssl: use the wc-prefixed symbol alternatives - Given that this is performed by the NTLM code there is no need to - perform the initialisation in the HTTP layer. This also keeps the - initialisation the same as the SASL based protocols and also fixes a - possible compilation issue if both NSS and SSPI were to be used as - multiple SSL backends. + The symbols without wc_ prefix are not always provided. - Reviewed-by: Kamil Dudka - Closes #3935 + Ref: https://github.com/wolfSSL/wolfssl/issues/2744 + + Closes #4827 -Daniel Gustafsson (28 Nov 2019) -- checksrc: fix regexp for ASSIGNWITHINCONDITION +- polarssl: removed - The regexp looking for assignments within conditions was too greedy - and matched a too long string in the case of multiple conditionals - on the same line. This is basically only a problem in single line - macros, and the code which exemplified this was essentially: + As detailed in DEPRECATE.md, the polarssl support is now removed after + having been disabled for 6 months and nobody has missed it. - do { if((x) != NULL) { x = NULL; } } while(0) + The threadlock files used by mbedtls are renamed to an 'mbedtls' prefix + instead of the former 'polarssl' and the common functions that + previously were shared between mbedtls and polarssl and contained the + name 'polarssl' have now all been renamed to instead say 'mbedtls'. - ..where the final parenthesis of while(0) matched the regexp, and - the legal assignment in the block triggered the warning. Fix by - making the regexp less greedy by matching for the tell-tale signs - of the if statement ending. + Closes #4825 + +Marcel Raad (16 Jan 2020) +- libssh2: fix variable type - Also remove the one occurrence where the warning was disabled due - to a construction like the above, where the warning didn't apply - when fixed. + This led to a conversion warning on 64-bit MinGW, which has 32-bit + `long` but 64-bit `size_t`. - Closes #4647 - Reviewed-by: Daniel Stenberg - -Daniel Stenberg (28 Nov 2019) -- RELEASE-NOTES: synced - -- [Maros Priputen brought this change] + Closes https://github.com/curl/curl/pull/4823 - curl: two new command line options for etags +Daniel Stenberg (16 Jan 2020) +- curl:progressbarinit: ignore column width from terminals < 20 - --etag-compare and --etag-save + To avoid division by zero - or other issues. - Suggested-by: Paul Hoffman - Fixes #4277 - Closes #4543 - -Daniel Gustafsson (28 Nov 2019) -- docs: fix typos + Reported-by: Daniel Marjamäki + Closes #4818 -Daniel Stenberg (28 Nov 2019) -- mailmap: Niall O'Reilly's name +- wolfssh: set the password correctly for PASSWORD auth -- [Niall O'Reilly brought this change] +- wolfssh: remove fprintf() calls (and uses of __func__) - doh: use dedicated probe slots +Marcel Raad (14 Jan 2020) +- CMake: use check_symbol_exists also for inet_pton - ... to easier allow additional DNS transactions. + It doesn't make much sense to only check if the function can be linked + when it's not declared in any header and that is treated as an error. + With the correct target Windows version set, the function is declared + in ws2tcpip.h and the comment above the modified block is invalid. - Closes #4629 - -- travis: build ngtcp2 with --enable-lib-only + Also, move the definition of `_WIN32_WINNT` up to before all symbol + availability checks so that we don't have to care which ones must be + done after it. - ... makes it skip the examples and other stuff we don't neeed. + Tested with Visual Studio 2019 and current MinGW-w64. - Closes #4646 - -- [David Benjamin brought this change] + Closes https://github.com/curl/curl/pull/4808 - ngtcp2: fix thread-safety bug in error-handling +Jay Satiro (13 Jan 2020) +- schannel_verify: Fix alt names manual verify for UNICODE builds - ERR_error_string(NULL) should never be called. It places the error in a - global buffer, which is not thread-safe. Use ERR_error_string_n with a - local buffer instead. + Follow-up to 29e40a6 from two days ago, which added that feature for + Windows 7 and earlier. The bug only occurred in same. - Closes #4645 + Ref: https://github.com/curl/curl/pull/4761 -- travis: export the CC/CXX variables when set +Daniel Stenberg (13 Jan 2020) +- HTTP-COOKIES.md: describe the cookie file format - Suggested-by: Peter Wu - Fixes #4637 - Closes #4640 + ... and refer to that file from from CURLOPT_COOKIEFILE.3 and + CURLOPT_COOKIELIST.3 + + Assisted-by: Jay Satiro + Reported-by: bsammon on github + Fixes #4805 + Closes #4806 -Marcel Raad (26 Nov 2019) -- dist: add error-codes.pl +- [Tobias Hieta brought this change] + + CMake: Add support for CMAKE_LTO option. - Follow-up to commit 74f441c6d31. - This should fix test 1175 when run via the daily source tarballs. + This enables Link Time Optimization. LTO is a proven technique for + optimizing across compilation units. - Closes https://github.com/curl/curl/pull/4638 + Closes #4799 -Daniel Stenberg (26 Nov 2019) -- [John Schroeder brought this change] +- RELEASE-NOTES: synced - curl: fix --upload-file . hangs if delay in STDIN +- ConnectionExists: respect the max_concurrent_streams limits - Attempt to unpause a busy read in the CURLOPT_XFERINFOFUNCTION. + A regression made the code use 'multiplexed' as a boolean instead of the + counter it is intended to be. This made curl try to "over-populate" + connections with new streams. - When uploading from stdin in non-blocking mode, a delay in reading - the stream (EAGAIN) causes curl to pause sending data - (CURL_READFUNC_PAUSE). Prior to this change, a busy read was - detected and unpaused only in the CURLOPT_WRITEFUNCTION handler. - This change performs the same busy read handling in a - CURLOPT_XFERINFOFUNCTION handler. + This regression came with 41fcdf71a1, shipped in curl 7.65.0. - Fixes #2051 - Closes #4599 - Reported-by: bdry on github - -- [John Schroeder brought this change] + Also, respect the CURLMOPT_MAX_CONCURRENT_STREAMS value in the same + check. + + Reported-by: Kunal Ekawde + Fixes #4779 + Closes #4784 - XFERINFOFUNCTION: support CURL_PROGRESSFUNC_CONTINUE +- curl: make #0 not output the full URL - (also for PROGRESSFUNCTION) + It was not intended nor documented! - By returning this value from the callback, the internal progress - function call is still called afterward. + Added test 1176 to verify. - Closes #4599 + Reported-by: vshmuk on hackerone + + Closes #4812 -- [Michael Forney brought this change] +- wolfSSH: new SSH backend + + Adds support for SFTP (not SCP) using WolfSSH. + + Closes #4231 - TLS: add BearSSL vtls implementation +- curl: remove 'config' field from OutStruct - Closes #4597 + As it was just unnecessary duplicated information already stored in the + 'per_transfer' struct and that's around mostly anyway. + + The duplicated pointer caused problems when the code flow was aborted + before the dupe was filled in and could cause a NULL pointer access. + + Reported-by: Brian Carpenter + Fixes #4807 + Closes #4810 -- curl_multi_wakeup.3: add example and AVAILABILITY +- misc: Copyright year out of date, should be 2020 - Reviewed-by: Gergely Nagy - Closes #4635 + Follow-up to recent commits + + [skip ci] -- [Gergely Nagy brought this change] +Jay Satiro (11 Jan 2020) +- [Santino Keupp brought this change] - multi: add curl_multi_wakeup() + libssh2: add support for forcing a hostkey type - This commit adds curl_multi_wakeup() which was previously in the TODO - list under the curl_multi_unblock name. + - Allow forcing the host's key type found in the known_hosts file. - On some platforms and with some configurations this feature might not be - available or can fail, in these cases a new error code - (CURLM_WAKEUP_FAILURE) is returned from curl_multi_wakeup(). + Currently, curl (with libssh2) does not take keys from your known_hosts + file into account when talking to a server. With this patch the + known_hosts file will be searched for an entry matching the hostname + and, if found, libssh2 will be told to claim this key type from the + server. - Fixes #4418 - Closes #4608 + Closes https://github.com/curl/curl/pull/4747 -Jay Satiro (24 Nov 2019) -- [Xiaoyin Liu brought this change] +- [Nicolas Guillier brought this change] - schannel: fix --tls-max for when min is --tlsv1 or default + cmake: Improve libssh2 check on Windows - Prior to this change schannel ignored --tls-max (CURL_SSLVERSION_MAX_ - macros) when --tlsv1 (CURL_SSLVERSION_TLSv1) or default TLS - (CURL_SSLVERSION_DEFAULT), using a max of TLS 1.2 always. + - Add "libssh2" name to FindLibSSH2 library search. - Closes https://github.com/curl/curl/pull/4633 - -- checksrc.bat: Add a check for vquic and vssh directories + On Windows systems, libSSH2 CMake installation may name the library + "LibSSH2". - Ref: https://github.com/curl/curl/pull/4607 + Prior to this change cmake only checked for name "ssh2". On Linux that + works fine because it will prepend the "lib", but it doesn't do that on + Windows. + + Closes https://github.com/curl/curl/pull/4804 -- projects: Fix Visual Studio projects SSH builds +- [Faizur Rahman brought this change] + + schannel: Make CURLOPT_CAINFO work better on Windows 7 - - Generate VQUIC and VSSH filenames in Visual Studio project files. + - Support hostname verification via alternative names (SAN) in the + peer certificate when CURLOPT_CAINFO is used in Windows 7 and earlier. - Prior to this change generated Visual Studio project configurations that - enabled SSH did not build properly. Broken since SSH files were moved to - lib/vssh 3 months ago in 5b2d703. + CERT_NAME_SEARCH_ALL_NAMES_FLAG doesn't exist before Windows 8. As a + result CertGetNameString doesn't quite work on those versions of + Windows. This change provides an alternative solution for + CertGetNameString by iterating through CERT_ALT_NAME_INFO for earlier + versions of Windows. - Fixes https://github.com/curl/curl/issues/4492 - Fixes https://github.com/curl/curl/issues/4630 - Closes https://github.com/curl/curl/pull/4607 + Prior to this change many certificates failed the hostname validation + when CURLOPT_CAINFO was used in Windows 7 and earlier. Most certificates + now represent multiple hostnames and rely on the alternative names field + exclusively to represent their hostnames. + + Reported-by: Jeroen Ooms + + Fixes https://github.com/curl/curl/issues/3711 + Closes https://github.com/curl/curl/pull/4761 -Daniel Stenberg (23 Nov 2019) -- RELEASE-NOTES: synced +- [Emil Engler brought this change] -Jay Satiro (22 Nov 2019) -- openssl: Revert to less sensitivity for SYSCALL errors + ngtcp2: Add an error code for QUIC connection errors - - Disable the extra sensitivity except in debug builds (--enable-debug). + - Add new error code CURLE_QUIC_CONNECT_ERROR for QUIC connection + errors. - - Improve SYSCALL error message logic in ossl_send and ossl_recv so that - "No error" / "Success" socket error text isn't shown on SYSCALL error. + Prior to this change CURLE_FAILED_INIT was used, but that was not + correct. - Prior to this change 0ab38f5 (precedes 7.67.0) increased the sensitivity - of OpenSSL's SSL_ERROR_SYSCALL error so that abrupt server closures were - also considered errors. For example, a server that does not send a known - protocol termination point (eg HTTP content length or chunked encoding) - _and_ does not send a TLS termination point (close_notify alert) would - cause an error if it closed the connection. + Closes https://github.com/curl/curl/pull/4754 + +- multi: Change curl_multi_wait/poll to error on negative timeout - To be clear that behavior made it into release build 7.67.0 - unintentionally. Several users have reported it as an issue. + - Add new error CURLM_BAD_FUNCTION_ARGUMENT and return that error when + curl_multi_wait/poll is passed timeout param < 0. - Ultimately the idea is a good one, since it can help prevent against a - truncation attack. Other SSL backends may already behave similarly (such - as Windows native OS SSL Schannel). However much more of our user base - is using OpenSSL and there is a mass of legacy users in that space, so I - think that behavior should be partially reverted and then rolled out - slowly. + Prior to this change passing a negative value to curl_multi_wait/poll + such as -1 could cause the function to wait forever. - This commit changes the behavior so that the increased sensitivity is - disabled in all curl builds except curl debug builds (DEBUGBUILD). If - after a period of time there are no major issues then it can be enabled - in dev and release builds with the newest OpenSSL (1.1.1+), since users - using the newest OpenSSL are the least likely to have legacy problems. + Reported-by: hamstergene@users.noreply.github.com - Bug: https://github.com/curl/curl/issues/4409#issuecomment-555955794 - Reported-by: Bjoern Franke + Fixes https://github.com/curl/curl/issues/4763 - Fixes https://github.com/curl/curl/issues/4624 - Closes https://github.com/curl/curl/pull/4623 + Closes https://github.com/curl/curl/pull/4765 -- [Daniel Stenberg brought this change] +- [Marc Aldorasi brought this change] - openssl: improve error message for SYSCALL during connect + cmake: Enable SMB for Windows builds - Reported-by: Paulo Roberto Tomasi - Bug: https://curl.haxx.se/mail/archive-2019-11/0005.html + - Define USE_WIN32_CRYPTO by default. This enables SMB. - Closes https://github.com/curl/curl/pull/4593 - -Daniel Stenberg (22 Nov 2019) -- test1175: verify symbols-in-versions and libcurl-errors.3 in sync + - Show whether SMB is enabled in the "Enabled features" output. - Closes #4628 + - Fix mingw compiler warning for call to CryptHashData by casting away + const param. mingw CryptHashData prototype is wrong. + + Closes https://github.com/curl/curl/pull/4717 -- include: make CURLE_HTTP3 use a new error code +- vtls: Refactor Curl_multissl_version to make the code clearer - To avoid potential issues with error code reuse. + Reported-by: Johannes Schindelin - Reported-by: Christoph M. Becker - Assisted-by: Dan Fandrich - Fixes #4601 - Closes #4627 + Ref: https://github.com/curl/curl/pull/3863#pullrequestreview-241395121 + + Closes https://github.com/curl/curl/pull/4803 -- bump: next release will be 7.68.0 +Daniel Stenberg (10 Jan 2020) +- fix: Copyright year out of date, should be 2020 + + Follow-up to 875314ed0bf3b -- curl: add --parallel-immediate +Marcel Raad (10 Jan 2020) +- hostip: move code to resolve IP address literals to `Curl_resolv` - Starting with this change when doing parallel transfers, without this - option set, curl will prefer to create new transfers multiplexed on an - existing connection rather than creating a brand new one. + The code was duplicated in the various resolver backends. - --parallel-immediate can be set to tell curl to prefer to use new - connections rather than to wait and try to multiplex. + Also, it was called after the call to `Curl_ipvalid`, which matters in + case of `CURLRES_IPV4` when called from `connect.c:bindlocal`. This + caused test 1048 to fail on classic MinGW. - libcurl-wise, this means that curl will set CURLOPT_PIPEWAIT by default - on parallel transfers. + The code ignores `conn->ip_version` as done previously in the + individual resolver backends. - Suggested-by: Tom van der Woerdt - Closes #4500 + Move the call to the `resolver_start` callback up to appease test 655, + which wants it to be called also for literal addresses. + + Closes https://github.com/curl/curl/pull/4798 -Daniel Gustafsson (20 Nov 2019) -- [Victor Magierski brought this change] +Daniel Stenberg (9 Jan 2020) +- scripts/delta: adapt to new public header layout - docs: fix typos +- test1167: verify global symbols in public headers are curl prefixed - Change 'experiemental' to 'experimental'. + ... using the new badsymbols.pl perl script - Closes #4618 - Reviewed-by: Daniel Gustafsson + Fixes #4793 + Closes #4794 -Jay Satiro (18 Nov 2019) -- projects: Fix Visual Studio wolfSSL configurations +- libtest/mk-lib1521: adapt to new public header layout + +- include: remove non-curl prefixed defines - - s/USE_CYASSL/USE_WOLFSSL/ - - - Remove old compatibility macros. + ...requires some rearranging of the setup of CURLOPT_ and CURLMOPT_ + enums. + +- curl.h: remove WIN32 define - Follow-up to 1c6c59a from several months ago when CyaSSL named symbols - were renamed to wolfSSL. The wolfSSL library was formerly named CyaSSL - and we kept using their old name for compatibility reasons, until - earlier this year. + It isn't our job to define this in a public header - and it defines a + name outside of our naming scope. -Daniel Stenberg (18 Nov 2019) -- RELEASE-NOTES: synced +- tool_dirhie.c: fix the copyright year range + + Follow-up to: 4027bd72d9 -- [Javier Blazquez brought this change] +- bump: work towards 7.69.0 is started - ngtcp2: use overflow buffer for extra HTTP/3 data +Jay Satiro (9 Jan 2020) +- tool_dirhie: Allow directory traversal during creation - Fixes #4525 - Closes #4603 - -- altsvc: bump to h3-24 + - When creating a directory hierarchy do not error when mkdir fails due + to error EACCESS (13) "access denied". - ... as both ngtcp2 and quiche now support that in their master branches + Some file systems allow for directory traversal; in this case that it + should be possible to create child directories when permission to the + parent directory is restricted. - Closes #4604 - -- ngtcp2: free used resources on disconnect + This is a regression caused by me in f16bed0 (precedes curl-7_61_1). + Basically I had assumed that if a directory already existed it would + fail only with error EEXIST, and not error EACCES. The latter may + happen if the directory exists but has certain restricted permissions. - Fixes #4614 - Closes #4615 - -- ngtcp2: handle key updates as ngtcp2 master branch tells us + Reported-by: mbeifuss@users.noreply.github.com - Reviewed-by: Tatsuhiro Tsujikawa + Fixes https://github.com/curl/curl/issues/4796 + Closes https://github.com/curl/curl/pull/4797 + +Daniel Stenberg (9 Jan 2020) +- KNOWN_BUGS: AUTH PLAIN for SMTP is not working on all servers - Fixes #4612 - Closes #4613 + Closes #4080 -Jay Satiro (17 Nov 2019) -- [Gergely Nagy brought this change] +- docs/RELEASE-PROCEDURE.md: pushed some release dates + + Ref: https://curl.haxx.se/mail/lib-2020-01/0031.html - multi: Fix curl_multi_poll wait when extra_fds && !extra_nfds +- runtests: make random seed fixed for a month - Prior to this change: + When using randomized features of runtests (-R and --shallow) it is + useful to have a fixed random seed to make sure for example extra + commits in a branch or a rebase won't change the seed that would make + repeated runs work differently. - The check if an extra wait is necessary was based not on the - number of extra fds but on the pointer. + As it is also useful to change seed sometimes, the default seed is now + determined based on the current month (and first line curl -V + output). When the month changes, so will the random seed. - If a non-null pointer was given in extra_fds, but extra_nfds - was zero, then the wait was skipped even though poll was not - called. + The specific seed is also shown in the standard test suite top header + and it can be set explictly with the new --seed=[num] option so that the + exact order of a previous run can be achieved. - Closes https://github.com/curl/curl/pull/4610 + Closes #4734 -- lib: Move lib/ssh.h -> lib/vssh/ssh.h +- RELEASE-PROCEDURE.md: fix next release date (Feb 26) - Follow-up to 5b2d703 which moved ssh source files to vssh. - - Closes https://github.com/curl/curl/pull/4609 + [skip ci] -Daniel Stenberg (16 Nov 2019) -- [Andreas Falkenhahn brought this change] +Version 7.68.0 (8 Jan 2020) - INSTALL.md: provide Android build instructions - - Closes #4606 +Daniel Stenberg (8 Jan 2020) +- RELEASE-NOTES: 7.68.0 -- [Niall O'Reilly brought this change] +- THANKS: updated with names from the 7.68.0 release - doh: improced both encoding and decoding +- RELEASE-PROCEDURE: add four future release dates - Improved estimation of expected_len and updated related comments; - increased strictness of QNAME-encoding, adding error detection for empty - labels and names longer than the overall limit; avoided treating DNAME - as unexpected; + and remove four past release dates - updated unit test 1655 with more thorough set of proofs and tests + [skip ci] + +Marcel Raad (6 Jan 2020) +- TrackMemory tests: always remove CR before LF - Closes #4598 + It was removed for output containing ' =' via `s/ =.*//`. With classic + MinGW, this made lines with `free()` end with CRLF, but lines with e.g. + `malloc()` end with only LF. The tests expect LF only. + + Closes https://github.com/curl/curl/pull/4788 -- ngtcp2: increase QUIC window size when data is consumed +Daniel Stenberg (6 Jan 2020) +- multi.h: move INITIAL_MAX_CONCURRENT_STREAMS from public header - Assisted-by: Javier Blazquez - Ref #4525 (partial fix) - Closes #4600 + ... to the private multihhandle.h. It is not for public use and it + wasn't prefixed correctly anyway! + + Closes #4790 -- [Melissa Mears brought this change] +- file: fix copyright year range + + Follow-up to 1b71bc532bd - config-win32: cpu-machine-OS for Windows on ARM +- curl -w: handle a blank input file correctly - Define the OS macro properly for Windows on ARM builds. Also, we might - as well add the GCC-style IA-64 macro. + Previously it would end up with an uninitialized memory buffer that + would lead to a crash or junk getting output. - Closes #4590 + Added test 1271 to verify. + + Reported-by: Brian Carpenter + Closes #4786 -- examples: add multi-poll.c +- file: on Windows, refuse paths that start with \\ - Show how curl_multi_poll() makes it even easier to use the multi - interface. + ... as that might cause an unexpected SMB connection to a given host + name. - Closes #4596 + Reported-by: Fernando Muñoz + CVE-2019-15601 + Bug: https://curl.haxx.se/docs/CVE-2019-15601.html -- multi_poll: avoid busy-loop when called without easy handles attached +Jay Satiro (6 Jan 2020) +- CURLOPT_READFUNCTION.3: fix fopen params in example + +- CURLOPT_READFUNCTION.3: fix variable name in example - Fixes #4594 - Closes #4595 - Reported-by: 3dyd on github + Reported-by: Paul Joyce + + Fixes https://github.com/curl/curl/issues/4787 -- curl: fix -T globbing +Daniel Stenberg (5 Jan 2020) +- curl:getparameter return error for --http3 if libcurl doesn't support - Regression from e59371a4936f8 (7.67.0) + Closes #4785 + +- docs: mention CURL_MAX_INPUT_LENGTH restrictions - Added test 490, 491 and 492 to verify the functionality. + ... for curl_easy_setopt() and curl_url_set(). - Reported-by: Kamil Dudka - Reported-by: Anderson Sasaki + [skip ci] - Fixes #4588 - Closes #4591 - -- HISTORY: added cmake, HTTP/3 and parallel downloads with curl + Closes #4783 -- quiche: reject headers in the wrong order +- curl: properly free mimepost data - Pseudo header MUST come before regular headers or cause an error. + ... as it could otherwise leak memory when a transfer failed. - Reported-by: Cynthia Coan - Fixes #4571 - Closes #4584 + Added test 1293 to verify. + + Reported-by: Brian Carpenter + Fixes #4781 + Closes #4782 -- openssl: prevent recursive function calls from ctx callbacks +- curl: cleanup multi handle on failure - Follow the pattern of many other callbacks. + ... to fix memory leak in error path. - Ref: #4546 - Closes #4585 + Fixes #4772 + Closes #4780 + Reported-by: Brian Carpenter -- CURL-DISABLE: initial docs for the CURL_DISABLE_* defines +Marcel Raad (3 Jan 2020) +- lib: fix compiler warnings with `CURL_DISABLE_VERBOSE_STRINGS` - The disable-scan script used in test 1165 is extended to also verify - that the docs cover all used defines and all defines offered by - configure. + Closes https://github.com/curl/curl/pull/4775 + +Daniel Stenberg (3 Jan 2020) +- COPYING: it's 2020! - Reported-by: SLDiggie on github - Fixes #4545 - Closes #4587 + [skip ci] -- remove_handle: clear expire timers after multi_done() +Jay Satiro (3 Jan 2020) +- [Marc Aldorasi brought this change] + + tests: Fix bounce requests with truncated writes - Since 59041f0, a new timer might be set in multi_done() so the clearing - of the timers need to happen afterwards! + Prior to this change the swsbounce check in service_connection could + fail because prevtestno and prevpartno were not set, which would cause + the wrong response data to be sent to some tests and cause them to fail. - Reported-by: Max Kellermann - Fixes #4575 - Closes #4583 + Ref: https://github.com/curl/curl/pull/4717#issuecomment-570240785 -Marcel Raad (10 Nov 2019) -- test1558: use double slash after file: +Marcel Raad (31 Dec 2019) +- tool: make a few char pointers point to const char instead - Classic MinGW / MSYS 1 doesn't support `MSYS2_ARG_CONV_EXCL`, so this - test unnecessarily failed when using `file:/` instead of `file:///`. + These are read-only. - Closes https://github.com/curl/curl/pull/4554 + Closes https://github.com/curl/curl/pull/4771 -Daniel Stenberg (10 Nov 2019) -- pause: avoid updating socket if done was already called +Jay Satiro (31 Dec 2019) +- tests: Change NTLM tests to require SSL - ... avoids unnecesary recursive risk when the transfer is already done. + Prior to this change tests that required NTLM feature did not require + SSL feature. - Reported-by: Richard Bowker - Fixes #4563 - Closes #4574 - -Jay Satiro (9 Nov 2019) -- strerror: Fix an error looking up some Windows error strings + There are pending changes to cmake builds that will allow enabling NTLM + in non-SSL builds in Windows. In that case the NTLM auth strings created + are different from what is expected by the NTLM tests and they fail: - - Use FORMAT_MESSAGE_IGNORE_INSERTS to ignore format specifiers in - Windows error strings. + "The issue with NTLM is that previous non-SSL builds would not enable + NTLM and so the NTLM tests would be skipped." - Since we are not in control of the error code we don't know what - information may be needed by the error string's format specifiers. + Assisted-by: marc-groundctl@users.noreply.github.com - Prior to this change Windows API error strings which contain specifiers - (think specifiers like similar to printf specifiers) would not be shown. - The FormatMessage Windows API call which turns a Windows error code into - a string could fail and set error ERROR_INVALID_PARAMETER if that error - string contained a format specifier. FormatMessage expects a va_list for - the specifiers, unless inserts are ignored in which case no substitution - is attempted. + Ref: https://github.com/curl/curl/pull/4717#issuecomment-566218729 - Ref: https://devblogs.microsoft.com/oldnewthing/20071128-00/?p=24353 + Closes https://github.com/curl/curl/pull/4768 -- [r-a-sattarov brought this change] +- [Michael Forney brought this change] - system.h: fix for MCST lcc compiler + bearssl: Improve I/O handling - Fixed build by MCST lcc compiler on MCST Elbrus 2000 architecture and do - some code cleanup. + Factor out common I/O loop as bearssl_run_until, which reads/writes TLS + records until the desired engine state is reached. This is now used for + the handshake, read, write, and close. - e2k (Elbrus 2000) - this is VLIW/EPIC architecture, like Intel Itanium - architecture. + Match OpenSSL SSL_write behavior, and don't return the number of bytes + written until the corresponding records have been completely flushed + across the socket. This involves keeping track of the length of data + buffered into the TLS engine, and assumes that when CURLE_AGAIN is + returned, the write function will be called again with the same data + and length arguments. This is the same requirement of SSL_write. - Ref: https://en.wikipedia.org/wiki/Elbrus_2000 + Handle TLS close notify as EOF when reading by returning 0. - Closes https://github.com/curl/curl/pull/4576 + Closes https://github.com/curl/curl/pull/4748 -Daniel Stenberg (8 Nov 2019) -- TODO: curl_multi_unblock +- travis: Fix error detection - Closes #4418 - -- TODO: Run web-platform-tests url tests + - Stop using inline shell scripts for before_script and script sections. - Closes #4477 - -- TODO: 1.4 alt-svc sharing + Prior to this change Travis could ignore errors from commands in inline + scripts. I don't understand how or why it happens. This is a workaround. - Closes #4476 + Assisted-by: Simon Warta + + Ref: https://github.com/travis-ci/travis-ci/issues/1066 + + Fixes https://github.com/curl/curl/issues/3730 + Closes https://github.com/curl/curl/pull/3755 -- test1560: require IPv6 for IPv6 aware URL parsing +- tool_operate: fix mem leak when failed config parse - The URL parser function can't reject a bad IPv6 address properly when - curl was built without IPv6 support. + Found by fuzzing the config file. - Reported-by: Marcel Raad - Fixes #4556 - Closes #4572 + Reported-by: Geeknik Labs + + Fixes https://github.com/curl/curl/issues/4767 -- checksrc: repair the copyrightyear check +- [Xiang Xiao brought this change] + + lib: remove erroneous +x file permission on some c files - - Consider a modified file to be committed this year. + Modified by commit eb9a604 accidentally. - - Make the travis CHECKSRC also do COPYRIGHTYEAR scan in examples and - includes + Closes https://github.com/curl/curl/pull/4756 + +- [Xiang Xiao brought this change] + + lib: fix warnings found when porting to NuttX - - Ignore 0 parents when getting latest commit date of file. + - Undefine DEBUGASSERT in curl_setup_once.h in case it was already + defined as a system macro. - since in the CI we're dealing with a truncated repo of last 50 commits, - the file's most recent commit may not be available. when this happens - git log and rev-list show the initial commit (ie first commit not to be - truncated) but that's incorrect so ignore it. + - Don't compile write32_le in curl_endian unless + CURL_SIZEOF_CURL_OFF_T > 4, since it's only used by Curl_write64_le. - Ref: https://github.com/curl/curl/pull/4547 + - Include in socketpair.c. - Closes https://github.com/curl/curl/pull/4549 + Closes https://github.com/curl/curl/pull/4756 + +- os400: Add missing CURLE error constants - Co-authored-by: Jay Satiro + Bug: https://github.com/curl/curl/pull/4754#issuecomment-569126922 + Reported-by: Emil Engler -- copyrights: fix copyright year range +- CURLOPT_HEADERFUNCTION.3: Document that size is always 1 - .. because checksrc's copyright year check stopped working. + For compatibility with `fwrite`, the `CURLOPT_HEADERFUNCTION` callback + is passed two `size_t` parameters which, when multiplied, designate the + number of bytes of data passed in. In practice, CURL always sets the + first parameter (`size`) to 1. - Ref: https://github.com/curl/curl/pull/4547 + This practice is also enshrined in documentation and cannot be changed + in future. The documentation states that the default callback is + `fwrite`, which means `fwrite` must be a suitable function for this + purpose. However, the documentation also states that the callback must + return the number of *bytes* it successfully handled, whereas ISO C + `fwrite` returns the number of items (each of size `size`) which it + wrote. The only way these numbers can be equal is if `size` is 1. - Closes https://github.com/curl/curl/pull/4549 - -- RELEASE-NOTES: synced - -- curlver: bump to 7.67.1 - -- mailmap: fixup Massimiliano Fantuzzi - -- scripts/contributors: make committers get included too + Since `size` is 1 and can never be changed in future anyway, document + that fact explicitly and let users rely on it. - in addition to authors - -Jay Satiro (8 Nov 2019) -- [Massimiliano Fantuzzi brought this change] - - configure: fix typo in help text + Reported-by: Frank Gevaerts + Commit-message-by: Christopher Head - Closes https://github.com/curl/curl/pull/4570 - -Daniel Stenberg (7 Nov 2019) -- [Christian Schmitz brought this change] - - ntlm: USE_WIN32_CRYPTO check removed to get USE_NTLM2SESSION set + Ref: https://github.com/curl/curl/pull/2787 - Closes #3704 + Fixes https://github.com/curl/curl/issues/4758 -Jay Satiro (6 Nov 2019) -- [Wyatt O'Day brought this change] +- examples/postinmemory.c: Call curl_global_cleanup always + + Prior to this change curl_global_cleanup was not called if + curl_easy_init failed. + + Reported-by: kouzhudong@users.noreply.github.com + + Fixes https://github.com/curl/curl/issues/4751 - build: fix for CURL_DISABLE_DOH +Daniel Stenberg (21 Dec 2019) +- url2file.c: fix copyright year - Fixes https://github.com/curl/curl/issues/4565 - Closes https://github.com/curl/curl/pull/4566 + Follow-up to 525787269599b5 -- [Leonardo Taccari brought this change] +- [Rickard Hallerbäck brought this change] - configure: avoid unportable `==' test(1) operator + examples/url2file.c: corrected a comment - Closes https://github.com/curl/curl/pull/4567 + The comment was confusing and suggested that setting CURLOPT_NOPROGRESS + to 0L would both enable and disable debug output at the same time, like + a Schrödinger's cat of CURLOPTs. + + Closes #4745 -Version 7.67.0 (5 Nov 2019) +- HISTORY: OSS-Fuzz started fuzzing libcurl in 2017 -Daniel Stenberg (5 Nov 2019) - RELEASE-NOTES: synced - - The 7.67.0 release - -- THANKS: add new names from 7.67.0 -- configure: only say ipv6 enabled when the variable is set +Jay Satiro (20 Dec 2019) +- ngtcp2: Support the latest update key callback type - Previously it could say "IPv6: enabled" at the end of the configure run - but the define wasn't set because of a missing getaddrinfo(). + - Remove our cb_update_key in favor of ngtcp2's new + ngtcp2_crypto_update_key_cb which does the same thing. - Reported-by: Marcel Raad - Fixes #4555 - Closes #4560 - -Marcel Raad (2 Nov 2019) -- certs/Server-localhost-lastSAN-sv: regenerate with sha256 + Several days ago the ngtcp2_update_key callback function prototype was + changed in ngtcp2/ngtcp2@42ce09c. Though it would be possible to + fix up our cb_update_key for that change they also added + ngtcp2_crypto_update_key_cb which does the same thing so we'll use that + instead. - All other certificates were regenerated in commit ba782baac30, but - this one was missed. - Fixes test3001 on modern systems. + Ref: https://github.com/ngtcp2/ngtcp2/commit/42ce09c - Closes https://github.com/curl/curl/pull/4551 - -Daniel Stenberg (2 Nov 2019) -- [Vilhelm Prytz brought this change] + Closes https://github.com/curl/curl/pull/4735 - copyrights: update all copyright notices to 2019 on files changed this year +Daniel Stenberg (19 Dec 2019) +- sws: search for "Testno:" header uncondtionally if no testno - Closes #4547 - -- [Bastien Bouclet brought this change] - - mbedtls: add error message for cert validity starting in the future + Even if the initial request line wasn't found. With the fix to 1455, the + test number is now detected correctly. - Closes #4552 - -Jay Satiro (1 Nov 2019) -- schannel_verify: Fix concurrent openings of CA file + (Problem found when running tests in random order.) - - Open the CA file using FILE_SHARE_READ mode so that others can read - from it as well. + Closes #4744 + +- tests: set LC_ALL in more tests - Prior to this change our schannel code opened the CA file without - sharing which meant concurrent openings (eg an attempt from another - thread or process) would fail during the time it was open without - sharing, which in curl's case would cause error: - "schannel: failed to open CA file". + Follow-up to 23208e330ac0c21 - Bug: https://curl.haxx.se/mail/lib-2019-10/0104.html - Reported-by: Richard Alcock + Closes #4743 -Daniel Stenberg (31 Oct 2019) -- gtls: make gnutls_bye() not wait for response on shutdown +- test165: set LC_ALL=en_US.UTF-8 too - ... as it can make it wait there for a long time for no good purpose. + On my current Debian Unstable with libidn2 2.2.0, I get an error if + LC_ALL is set to blank. Then curl errors out with: - Patched-by: Jay Satiro - Reported-by: Bylon2 on github - Adviced-by: Nikos Mavrogiannopoulos + curl: (3) Failed to convert www.åäö.se to ACE; could not convert string to UTF-8 - Fixes #4487 - Closes #4541 - -- [Michał Janiszewski brought this change] + Closes #4738 - appveyor: publish artifacts on appveyor +- curl.h: add two defines for the "pre ISO C" case - This allows obtaining upstream builds of curl directly from appveyor for - all the available configurations + Without this fix, this caused a compilation failure on AIX with IBM xlc + 13.1.3 compiler. - Closes #4509 + Reported-by: Ram Krushna Mishra + Fixes #4739 + Closes #4740 -- url: make Curl_close() NULLify the pointer too +- create_conn: prefer multiplexing to using new connections - This is the common pattern used in the code and by a unified approach we - avoid mistakes. + ... as it would previously prefer new connections rather than + multiplexing in most conditions! The (now removed) code was a leftover + from the Pipelining code that was translated wrongly into a + multiplex-only world. - Closes #4534 - -- [Trivikram Kamat brought this change] + Reported-by: Kunal Ekawde + Bug: https://curl.haxx.se/mail/lib-2019-12/0060.html + Closes #4732 - INSTALL: add missing space for configure commands +- test1456: remove the use of a fixed local port - Closes #4539 - -- url: Curl_free_request_state() should also free doh handles + Fixup the test to instead not compare the port number. It sometimes + caused problems like this: - ... or risk DoH memory leaks. + "curl: (45) bind failed with errno 98: Address already in use" - Reported-by: Paul Dreik - Fixes #4463 - Closes #4527 + Closes #4733 -- examples: remove the "this exact code has not been verified" +Jay Satiro (18 Dec 2019) +- CURLOPT_QUOTE.3: fix typos - ... as really confuses the reader to not know what to believe! - -- [Trivikram Kamat brought this change] - - HTTP3: fix typo somehere1 > somewhere1 + Prior to this change the EXAMPLE in the QUOTE/PREQUOTE/POSTQUOTE man + pages would not compile because a variable name was incorrect. - Closes #4535 + Reported-by: Bylon2@users.noreply.github.com + + Fixes https://github.com/curl/curl/issues/4736 -Jay Satiro (28 Oct 2019) -- [Javier Blazquez brought this change] +- [Gisle Vanem brought this change] - HTTP3: fix invalid use of sendto for connected UDP socket + strerror: Fix compiler warning "empty expression" - On macOS/BSD, trying to call sendto on a connected UDP socket fails - with a EISCONN error. Because the singleipconnect has already called - connect on the socket when we're trying to use it for QUIC transfers - we need to use plain send instead. + - Remove the final semi-colon in the SEC2TXT() macro definition. - Fixes #4529 - Closes https://github.com/curl/curl/pull/4533 - -Daniel Stenberg (28 Oct 2019) -- RELEASE-NOTES: synced - -- [Javier Blazquez brought this change] - - HTTP3: fix Windows build + Before: #define SEC2TXT(sec) case sec: txt = #sec; break; - The ngtcp2 QUIC backend was using the MSG_DONTWAIT flag for send/recv - in order to perform nonblocking operations. On Windows this flag does - not exist. Instead, the socket must be set to nonblocking mode via - ioctlsocket. + After: #define SEC2TXT(sec) case sec: txt = #sec; break - This change sets the nonblocking flag on UDP sockets used for QUIC on - all platforms so the use of MSG_DONTWAIT is not needed. + Prior to this change SEC2TXT(foo); would generate break;; which caused + the empty expression warning. - Fixes #4531 - Closes #4532 + Ref: https://github.com/curl/curl/commit/5b22e1a#r36458547 -Marcel Raad (27 Oct 2019) -- appveyor: add --disable-proxy autotools build - - This would have caught issue #3926. - - Also make formatting more consistent. +Daniel Stenberg (18 Dec 2019) +- curl/parseconfig: use curl_free() to free memory allocated by libcurl - Closes https://github.com/curl/curl/pull/4526 + Reported-by: bxac on github + Fixes #4730 + Closes #4731 -Daniel Stenberg (25 Oct 2019) -- appveyor: make winbuilds with DEBUG=no/yes and VS 2015/2017 - - ... and invoke "curl -V" once done +- curl/parseconfig: fix mem-leak - Co-Authored-By: Jay Satiro + When looping, first trying '.curlrc' and then '_curlrc', the function + would not free the first string. - Closes #4523 - -- [Francois Rivard brought this change] + Closes #4731 - schannel: reverse the order of certinfo insertions +- CURLOPT_URL.3: "curl supports SMB version 1 (only)" - Fixes #4518 - Closes #4519 + [skip ci] -Marcel Raad (24 Oct 2019) -- test1591: fix spelling of http feature - - The test never got run because the feature name is `http` in lowercase. +- test1270: a basic -w redirect_url test - Closes https://github.com/curl/curl/pull/4520 + Closes #4728 -Daniel Stenberg (23 Oct 2019) -- [Michał Janiszewski brought this change] +- HISTORY: the SMB(S) support landed in 2014 - appveyor: Use two parallel compilation on appveyor with CMake - - Appveyor provides 2 CPUs for each builder[1], make sure to use parallel - compilation, when running with CMake. CMake learned this new option in - version 3.12[2] and the version provided by appveyor is fresh enough. +- define: remove HAVE_ENGINE_LOAD_BUILTIN_ENGINES, not used anymore - Curl doesn't really take that long to build and it is using the slowest - builder available, msbuild, so expect only a moderate improvement in - build times. + It is covered by USE_OPENSSL_ENGINE now. - [1] https://www.appveyor.com/docs/build-environment/ - [2] https://cmake.org/cmake/help/v3.12/release/3.12.html + Reported-by: Gisle Vanem + Bug: https://github.com/curl/curl/commit/87b9337c8f76c21c57b204e88b68c6ecf3bd1ac0#commitcomment-36447951 - Closes #4508 + Closes #4725 -- conn-reuse: requests wanting NTLM can reuse non-NTLM connections +- lib: remove ASSIGNWITHINCONDITION exceptions, use our code style - Added test case 338 to verify. + ... even for macros - Reported-by: Daniel Silverstone - Fixes #4499 - Closes #4514 - -Marcel Raad (23 Oct 2019) -- tests: add missing proxy features + Reviewed-by: Daniel Gustafsson + Reviewed-by: Jay Satiro + Reported-by: Jay Satiro + Fixes #4683 + Closes #4722 -Daniel Stenberg (22 Oct 2019) -- RELEASE-NOTES: synced +- tests: make sure checksrc runs on header files too -Marcel Raad (21 Oct 2019) -- tests: use %FILE_PWD for file:// URLs +- Revert "checksrc: fix regexp for ASSIGNWITHINCONDITION" - This way, we always have exactly one slash after the host name, making - the tests pass when curl is compiled with the MSYS GCC. + This reverts commit ba82673dac3e8d00a76aa5e3779a0cb80e7442af. - Closes https://github.com/curl/curl/pull/4512 + Bug: #4683 -- tests: add `connect to non-listen` keywords - - These tests try to connect to ports nothing is listening on. +- KNOWN_BUGS: TLS session cache doesn't work with TFO - Closes https://github.com/curl/curl/pull/4511 + [skip ci] + Closes #4301 -- runtests: get textaware info from curl instead of perl +- KNOWN_BUGS: Connection information when using TCP Fast Open - The MSYS system on Windows can run the test suite for curl built with - any toolset. When built with the MSYS GCC, curl uses Unix line endings, - while it uses Windows line endings when built with the MinGW GCC, and - `^O` reports 'msys' in both cases. Use the curl executable itself to - determine the line endings instead, which reports 'x86_64-pc-msys' when - built with the MSYS GCC. + Also point to #4296 for more details + Closes #4296 + +- KNOWN_BUGS: LDAP on Windows doesn't work - Closes https://github.com/curl/curl/pull/4506 + Closes #4261 -Daniel Stenberg (20 Oct 2019) -- [Michał Janiszewski brought this change] +- docs: TLS SRP doesn't work with TLS 1.3 + + Reported-by: sayrer on github + Closes #4262 + [skip ci] - appveyor: Add MSVC ARM64 build +Dan Fandrich (16 Dec 2019) +- cirrus: Switch to the FreeBSD 12.1 point release & enable more tests. - Closes #4507 + A few tests are now passing on FreeBSD, so no longer skip them. + [skip ci] -- http2_recv: a closed stream trumps pause state +Daniel Stenberg (16 Dec 2019) +- azure: the macos cmake doesn't need to install cmake - ... and thus should return 0, not EAGAIN. + Error: cmake 3.15.5 is already installed + To upgrade to 3.16.1, run `brew upgrade cmake`. - Reported-by: Tom van der Woerdt - Fixes #4496 - Closes #4505 + Closes #4723 -- http2: expire a timeout at end of stream +Jay Satiro (15 Dec 2019) +- winbuild: Document CURL_STATICLIB requirement for static libcurl - To make sure that transfer is being dealt with. Streams without - Content-Length need a final read to notice the end-of-stream state. + A static libcurl (ie winbuild mode=static) requires that the user define + CURL_STATICLIB when using it in their application. This is already + covered in the FAQ and INSTALL.md, but is a pretty important point so + now it's noted in the BUILD.WINDOWS.txt as well. - Reported-by: Tom van der Woerdt - Fixes #4496 - -Dan Fandrich (18 Oct 2019) -- travis: Add an ARM64 build + Assisted-by: Michael Vittiglio - Test 323 is failing for some reason, so disable it there for now. + Closes https://github.com/curl/curl/pull/4721 -Marcel Raad (18 Oct 2019) -- examples/sslbackend: fix -Wchar-subscripts warning - - With the `isdigit` implementation that comes with MSYS2, the argument - is used as an array subscript, resulting in a -Wchar-subscripts - warning. `isdigit`'s behavior is undefined if the argument is negative - and not EOF [0]. As done in lib/curl_ctype.h, cast the `char` variable - to `unsigned char` to avoid that. +Daniel Stenberg (15 Dec 2019) +- [Santino Keupp brought this change] + + libssh2: add support for ECDSA and ed25519 knownhost keys - [0] https://en.cppreference.com/w/c/string/byte/isdigit + ... if a new enough libssh2 version is present. - Closes https://github.com/curl/curl/pull/4503 + Source: https://curl.haxx.se/mail/archive-2019-12/0023.html + Co-Authored-by: Daniel Stenberg + Closes #4714 -Daniel Stenberg (18 Oct 2019) -- configure: remove all cyassl references +- lib1591: free memory properly on OOM, in the trailers callback - In particular, this removes the case where configure would find an old - cyall installation rather than a wolfssl one if present. The library is - named wolfssl in modern days so there's no real need to keep support for - the former. + Detected by torture tests. - Reported-by: Jacob Barthelmeh - Closes #4502 + Closes #4720 -Marcel Raad (17 Oct 2019) -- test1162: disable MSYS2's POSIX path conversion +- runtests: --repeat=[num] to repeat tests - This avoids MSYS2 converting the backslasb in the URL to a slash, - causing the test to fail. + Closes #4715 -Daniel Stenberg (17 Oct 2019) - RELEASE-NOTES: synced -Jay Satiro (16 Oct 2019) -- CURLOPT_TIMEOUT.3: Clarify transfer timeout time includes queue time - - Prior to this change some users did not understand that the "request" - starts when the handle is added to the multi handle, or probably they - did not understand that some of those transfers may be queued and that - time is included in timeout. +- azure: add a torture test on mac - Reported-by: Jeroen Ooms + Uses --shallow=25 to keep it small enough to get through in time. - Fixes https://github.com/curl/curl/issues/4486 - Closes https://github.com/curl/curl/pull/4489 - -- [Stian Soiland-Reyes brought this change] + Closes #4712 - tool_operate: Fix retry sleep time shown to user when Retry-After +- multi: free sockhash on OOM - - If server header Retry-After is being used for retry sleep time then - show that value to the user instead of the normal retry sleep time. + This would otherwise leak memory in the error path. - This is a follow-up to 640b973 (7.66.0) which changed curl tool so that - the value from Retry-After header overrides other retry timing options. + Detected by torture test 1540. - Closes https://github.com/curl/curl/pull/4498 + Closes #4713 -Daniel Stenberg (16 Oct 2019) -- url: normalize CURLINFO_EFFECTIVE_URL - - The URL extracted with CURLINFO_EFFECTIVE_URL was returned as given as - input in most cases, which made it not get a scheme prefixed like before - if the URL was given without one, and it didn't remove dotdot sequences - etc. - - Added test case 1907 to verify that this now works as intended and as - before 7.62.0. +Marcel Raad (13 Dec 2019) +- tests: use DoH feature for DoH tests - Regression introduced in 7.62.0 + Previously, http/2 was used instead. - Reported-by: Christophe Dervieux - Fixes #4491 - Closes #4493 + Assisted-by: Jay Satiro + Closes https://github.com/curl/curl/pull/4692 -Marcel Raad (16 Oct 2019) -- tests: line ending fixes for Windows +- hostip: suppress compiler warning - Mark some files as text. + With `--disable-doh --disable-threaded-resolver`, the `dns` parameter + is not used. - Closes https://github.com/curl/curl/pull/4490 + Closes https://github.com/curl/curl/pull/4692 -- tests: use proxy feature - - This makes the tests succeed when using --disable-proxy. +- tests: fix build with `CURL_DISABLE_DOH` - Closes https://github.com/curl/curl/pull/4488 + Closes https://github.com/curl/curl/pull/4692 -- smbserver: fix Python 3 compatibility +Daniel Stenberg (13 Dec 2019) +- azure: add a torture test - Python 2's `ConfigParser` module is spelled `configparser` in Python 3. + Skipping all FTP tests for speed reasons. - Closes https://github.com/curl/curl/pull/4484 + Closes #4697 -- security: silence conversion warning +- azure: make the default build use --enable-debug --enable-werror + +- ntlm_wb: fix double-free in OOM - With MinGW-w64, `curl_socket_t` is is a 32 or 64 bit unsigned integer, - while `read` expects a 32 bit signed integer. - Use `sread` instead of `read` to use the correct parameter type. + Detected by torture testing test 1310 - Closes https://github.com/curl/curl/pull/4483 + Closes #4710 -- connect: silence sign-compare warning - - With MinGW-w64 using WinSock, `curl_socklen_t` is signed, while the - result of `sizeof` is unsigned. +Dan Fandrich (13 Dec 2019) +- cirrus: Drop the FreeBSD 10.4 build - Closes https://github.com/curl/curl/pull/4483 + Upstream support for 10.4 ended a year ago, and it looks like the image + is now gone, too. + [skip ci] -Daniel Stenberg (13 Oct 2019) -- TODO: Handle growing SFTP files +Daniel Stenberg (13 Dec 2019) +- unit1620: fix bad free in OOM - Closes #4344 + Closes #4709 -- KNOWN_BUGS: remove "CURLFORM_CONTENTLEN in an array" +- unit1609: fix mem-leak in OOM - The curl_formadd() function is deprecated and shouldn't be used so the - real fix for applications is to switch to the curl_mime_* API. + Closes #4709 -- KNOWN_BUGS: "LDAP on Windows does authentication wrong" +- unit1607: fix mem-leak in OOM - Closes #3116 + Closes #4709 -- appveyor: add a winbuild that uses VS2017 +- lib1559: fix mem-leak in OOM - Closes #4482 + Closes #4709 -- [Harry Sintonen brought this change] +- lib1557: fix mem-leak in OOM + + Closes #4709 - socketpair: fix include and define for older TCP header systems +- altsvc: make the save function ignore NULL filenames - fixed build for systems that need netinet/in.h for IPPROTO_TCP and are - missing INADDR_LOOPBACK + It might happen in OOM situations. Detected bv torture tests. - Closes #4480 + Closes #4707 -- socketpair: fix double-close in error case +- curl: fix memory leak in OOM in etags logic - Follow-up to bc2dbef0afc08 - -- gskit: use the generic Curl_socketpair - -- asyn-thread: make use of Curl_socketpair() where available + Detected by torture tests + + Closes #4706 -- socketpair: an implemention for Windows and more +- doh: make it behave when built without proxy support - Curl_socketpair() is designed to be used and work everywhere if there's - no native version or the native version isn't good enough. + Reported-by: Marcel Raad + Bug: https://github.com/curl/curl/pull/4692#issuecomment-564115734 - Closes #4466 - -- RELEASE-NOTES: synced + Closes #4704 -- connect: return CURLE_OPERATION_TIMEDOUT for errno == ETIMEDOUT - - Previosly all connect() failures would return CURLE_COULDNT_CONNECT, no - matter what errno said. +- curl: improved cleanup in upload error path - This makes for example --retry work on these transfer failures. + Memory leak found by torture test 58 - Reported-by: Nathaniel J. Smith - Fixes #4461 - Clsoes #4462 + Closes #4705 -- cirrus: switch off blackhole status on the freebsd CI machines +- mailmap: fix Andrew Ishchuk -- tests: use port 2 instead of 60000 for a safer non-listening port +- travis: make torture use --shallow=40 - ... when the tests want "connection refused". + As a first step to enable it to run over a more diverse set of tests in + a reasonable time. -- KNOWN_BUGS: IDN tests failing on Windows +- runtests: introduce --shallow to reduce huge torture tests - Closes #3747 - -Dan Fandrich (9 Oct 2019) -- cirrus: Increase the git clone depth. + When set, shallow mode limits runtests -t to make no more than NUM fails + per test case. If more are found, it will randomly discard entries until + the number is right. The random seed can also be set. - If more commits are submitted to master between the time of triggering - the first Cirrus build and the time the final build gets started, the - desired commit is no longer at HEAD and the build will error out. - [skip ci] - -Daniel Stenberg (9 Oct 2019) -- docs: make sure the --no-progress-meter docs file is in dist too + This is particularly useful when running MANY tests as then most torture + failures will already fail the same functions over and over and make the + total operation painfully tedious. + + Closes #4699 -- docs: document it as --no-progress-meter instead of the reverse +- conncache: CONNECT_ONLY connections assumed always in-use - Follow-up to 93373a960c3bb4 + This makes them never to be considered "the oldest" to be discarded when + reaching the connection cache limit. The reasoning here is that + CONNECT_ONLY is primarily used in combination with using the + connection's socket post connect and since that is used outside of + curl's knowledge we must assume that it is in use until explicitly + closed. - Reported-by: infinnovation-dev on github - Fixes #4474 - Closes #4475 + Reported-by: Pavel Pavlov + Reported-by: Pavel Löbl + Fixes #4426 + Fixes #4369 + Closes #4696 -Dan Fandrich (9 Oct 2019) -- cirrus: Switch the FreeBSD 11.x build to 11.3 and add a 13.0 build. - - Also, select the images using image_family to get the latest snapshots - automatically. - [skip ci] +- [Gisle Vanem brought this change] -Daniel Stenberg (8 Oct 2019) -- curl: --no-progress-meter + vtls: make BearSSL possible to set with CURL_SSL_BACKEND - New option that allows a user to ONLY switch off curl's progress meter - and leave everything else in "talkative" mode. + Ref: https://github.com/curl/curl/commit/9b879160df01e7ddbb4770904391d3b74114302b#commitcomment-36355622 - Reported-by: Piotr Komborski - Fixes #4422 - Closes #4470 + Closes #4698 -- TODO: Consult %APPDATA% also for .netrc - - Closes #4016 +- RELEASE-NOTES: synced -- CURLOPT_TIMEOUT.3: remove the mention of "minutes" +- travis: remove "coverage", make it "torture" - ... just say that limiting operations risk aborting otherwise fine - working transfers. If that means seconds, minutes or hours, we leave to - the user. + The coveralls service and test coverage numbers are just too unreliable. + Removed badge from README.md as well. - Reported-by: Martin Gartner - Closes #4469 - -- [Andrei Valeriu BICA brought this change] + Fixes #4694 + Closes #4695 - docs: added multi-event.c example +- azure: add libssh2 and cmake macos builds - Similar to multi-uv.c but using libevent 2. This is a simpler libevent - integration example then hiperfifo.c. + Removed the macos libssh2 build from travis - Closes #4471 - -Jay Satiro (5 Oct 2019) -- [Nicolas brought this change] + Closes #4686 - ldap: fix OOM error on missing query string +- curl: use errorf() better - - Allow missing queries, don't return NO_MEMORY error in such a case. + Change series of error outputs to use errorf(). - It is acceptable for there to be no specified query string, for example: + Only errors that are due to mistakes in command line option usage should + use helpf(), other types of errors in the tool should rather use + errorf(). - curl ldap://ldap.forumsys.com + Closes #4691 + +Jay Satiro (9 Dec 2019) +- [Marc Hoersken brought this change] + + tests: make it possible to set executable extensions - A regression bug in 1b443a7 caused this issue. + This enables the use of Windows Subsystem for Linux (WSL) to run the + testsuite against Windows binaries while using Linux servers. - This is a partial fix for #4261. + This commit introduces the following environment variables: + - CURL_TEST_EXE_EXT: set the executable extension for all components + - CURL_TEST_EXE_EXT_TOOL: set it for the curl tool only + - CURL_TEST_EXE_EXT_SSH: set it for the SSH tools only - Bug: https://github.com/curl/curl/issues/4261#issuecomment-525543077 - Reported-by: Jojojov@users.noreply.github.com - Analyzed-by: Samuel Surtees + Later testcurl.pl could be adjusted to make use of those variables. + - CURL_TEST_EXE_EXT_SRV: set it for the test servers only - Closes https://github.com/curl/curl/pull/4467 + (This is one of several commits to support use of WSL for the tests.) + + Closes https://github.com/curl/curl/pull/3899 -- [Paul B. Omta brought this change] +- [Marc Hoersken brought this change] - build: Remove unused HAVE_LIBSSL and HAVE_LIBCRYPTO defines + tests: fix permissions of ssh keys in WSL - Closes https://github.com/curl/curl/pull/4460 - -Daniel Stenberg (5 Oct 2019) -- RELEASE-NOTES: synced + Keys created on Windows Subsystem for Linux (WSL) require it for some + reason. + + (This is one of several commits to support use of WSL for the tests.) + + Ref: https://github.com/curl/curl/pull/3899 -- [Stian Soiland-Reyes brought this change] +- [Marc Hoersken brought this change] - curl: ensure HTTP 429 triggers --retry + tests: use \r\n for log messages in WSL - This completes #3794. + Bash in Windows Subsystem for Linux (WSL) requires it for some reason. - Also make sure the new tests from #4195 are enabled + (This is one of several commits to support use of WSL for the tests.) - Closes #4465 + Ref: https://github.com/curl/curl/pull/3899 -Marcel Raad (4 Oct 2019) -- [apique brought this change] +- [Andrew Ishchuk brought this change] - winbuild: add ENABLE_UNICODE option + winbuild: Define CARES_STATICLIB when WITH_CARES=static - Fixes https://github.com/curl/curl/issues/4308 - Closes https://github.com/curl/curl/pull/4309 - -Daniel Stenberg (4 Oct 2019) -- ngtcp2: adapt to API change + When libcurl is built with MODE=static, c-ares is forced into static + linkage too. That doesn't happen when MODE=dll so linker would break + over undefined symbols. - Closes #4457 + closes https://github.com/curl/curl/pull/4688 -- cookies: change argument type for Curl_flush_cookies - - The second argument is really a 'bool' so use that and pass in TRUE/FALSE - to make it clear. +Daniel Stenberg (9 Dec 2019) +- conn: always set bits.close with connclose() - Closes #4455 + Closes #4690 -- http2: move state-init from creation to pre-transfer - - To make sure that the HTTP/2 state is initialized correctly for - duplicated handles. It would otherwise easily generate "spurious" - PRIORITY frames to get sent over HTTP/2 connections when duplicated easy - handles were used. - - Reported-by: Daniel Silverstone - Fixes #4303 - Closes #4442 +- cirrus: enable clang sanitizers on freebsd 13 -- urlapi: fix use-after-free bug - - Follow-up from 2c20109a9b5d04 - - Added test 663 to verify. +- conncache: fix multi-thread use of shared connection cache - Reported by OSS-Fuzz - Bug: https://crbug.com/oss-fuzz/17954 + It could accidentally let the connection get used by more than one + thread, leading to double-free and more. - Closes #4453 - -- [Paul Dreik brought this change] + Reported-by: Christopher Reid + Fixes #4544 + Closes #4557 - cookie: avoid harmless use after free - - This fix removes a use after free which can be triggered by - the internal cookie fuzzer, but otherwise is probably - impossible to trigger from an ordinary application. - - The following program reproduces it: - - curl_global_init(CURL_GLOBAL_DEFAULT); - CURL* handle=curl_easy_init(); - CookieInfo* info=Curl_cookie_init(handle,NULL,NULL,false); - curl_easy_setopt(handle, CURLOPT_COOKIEJAR, "/dev/null"); - Curl_flush_cookies(handle, true); - Curl_cookie_cleanup(info); - curl_easy_cleanup(handle); - curl_global_cleanup(); - - This was found through fuzzing. +- azure: add a vanilla macos build - Closes #4454 - -- [Denis Chaplygin brought this change] + Closes #4685 - docs: add note on failed handles not being counted by curl_multi_perform +- curl: make the etag load logic work without fseek - Closes #4446 + The fseek()s were unnecessary and caused Coverity warning CID 1456554 + + Closes #4681 -- CURLMOPT_MAX_CONCURRENT_STREAMS.3: fix SEE ALSO typo +- mailmap: Mohammad Hasbini -- [Niall O'Reilly brought this change] +- [Mohammad Hasbini brought this change] - ESNI: initial build/setup + docs: fix some typos - Closes #4011 + Closes #4680 - RELEASE-NOTES: synced -- redirect: when following redirects to an absolute URL, URL encode it +Jay Satiro (5 Dec 2019) +- lib: fix some loose ends for recently added CURLSSLOPT_NO_PARTIALCHAIN - ... to make it handle for example (RFC violating) embeded spaces. + Add support for CURLSSLOPT_NO_PARTIALCHAIN in CURLOPT_PROXY_SSL_OPTIONS + and OS400 package spec. - Reported-by: momala454 on github - Fixes #4445 - Closes #4447 - -- urlapi: fix URL encoding when setting a full URL - -- tool_operate: rename functions to make more sense - -- curl: create easy handles on-demand and not ahead of time + Also I added the option to the NameValue list in the tool even though it + isn't exposed as a command-line option (...yet?). (NameValue stringizes + the option name for the curl cmd -> libcurl source generator) - This should again enable crazy-large download ranges of the style - [1-10000000] that otherwise easily ran out of memory starting in 7.66.0 - when this new handle allocating scheme was introduced. + Follow-up to 564d88a which added CURLSSLOPT_NO_PARTIALCHAIN. - Reported-by: Peter Sumatra - Fixes #4393 - Closes #4438 + Ref: https://github.com/curl/curl/pull/4655 -- [Kunal Ekawde brought this change] +- setopt: Fix ALPN / NPN user option when built without HTTP2 + + - Stop treating lack of HTTP2 as an unknown option error result for + CURLOPT_SSL_ENABLE_ALPN and CURLOPT_SSL_ENABLE_NPN. + + Prior to this change it was impossible to disable ALPN / NPN if libcurl + was built without HTTP2. Setting either option would result in + CURLE_UNKNOWN_OPTION and the respective internal option would not be + set. That was incorrect since ALPN and NPN are used independent of + HTTP2. + + Reported-by: Shailesh Kapse + + Fixes https://github.com/curl/curl/issues/4668 + Closes https://github.com/curl/curl/pull/4672 - CURLMOPT_MAX_CONCURRENT_STREAMS: new setopt +Daniel Stenberg (5 Dec 2019) +- etag: allow both --etag-compare and --etag-save in same cmdline - Closes #4410 + Fixes #4669 + Closes #4678 -- chunked-encoding: stop hiding the CURLE_BAD_CONTENT_ENCODING error +Marcel Raad (5 Dec 2019) +- curl_setup: fix `CURLRES_IPV6` condition - Unknown content-encoding would get returned as CURLE_WRITE_ERROR if the - response is chunked-encoded. + Move the definition of `CURLRES_IPV6` to before undefining + `HAVE_GETADDRINFO`. Regression from commit 67a08dca27a which caused + some tests to fail and others to be skipped with c-ares. - Reported-by: Ilya Kosarev - Fixes #4310 - Closes #4449 + Fixes https://github.com/curl/curl/issues/4673 + Closes https://github.com/curl/curl/pull/4677 -Marcel Raad (1 Oct 2019) -- checksrc: fix uninitialized variable warning +Daniel Stenberg (5 Dec 2019) +- test342: make it return a 304 as the tag matches + +Peter Wu (4 Dec 2019) +- CMake: add support for building with the NSS vtls backend - The loop doesn't need to be executed without a file argument. + Options are cross-checked with configure.ac and acinclude.m4. + Tested on Arch Linux, untested on other platforms like Windows or macOS. - Closes https://github.com/curl/curl/pull/4444 + Closes #4663 + Reviewed-by: Kamil Dudka -- urlapi: fix unused variable warning +Daniel Stenberg (4 Dec 2019) +- azure: add more builds - `dest` is only used with `ENABLE_IPV6`. + ... removed two from travis (that now runs on azure instead) - Closes https://github.com/curl/curl/pull/4444 + Closes #4671 -- lib: silence conversion warnings - - Closes https://github.com/curl/curl/pull/4444 +- CURLOPT_VERBOSE.3: see also ERRORBUFFER -- AppVeyor: add 32-bit MinGW-w64 build +- hostip4.c: bump copyright year range + +Marcel Raad (3 Dec 2019) +- configure: enable IPv6 support without `getaddrinfo` - With WinSSL and testing enabled so that it would have detected most of - the warnings fixed in [0] and [1]. + This makes it possible to recognize and connect to literal IPv6 + addresses when `getaddrinfo` is not available, which is already the + case for the CMake build. This affects e.g. classic MinGW because it + still targets Windows 2000 by default, where `getaddrinfo` is not + available, but general IPv6 support is. - [0] https://github.com/curl/curl/pull/4398 - [1] https://github.com/curl/curl/pull/4415 + Instead of checking for `getaddrinfo`, check for `sockaddr_in6` as the + CMake build does. - Closes https://github.com/curl/curl/pull/4433 + Closes https://github.com/curl/curl/pull/4662 -- AppVeyor: remove MSYS2_ARG_CONV_EXCL for winbuild +- curl_setup: disable IPv6 resolver without `getaddrinfo` - It's only used for MSYS2 with MinGW. + Also, use `CURLRES_IPV6` only for actual DNS resolution, not for IPv6 + address support. This makes it possible to connect to IPv6 literals by + setting `ENABLE_IPV6` even without `getaddrinfo` support. It also fixes + the CMake build when using the synchronous resolver without + `getaddrinfo` support. - Closes + Closes https://github.com/curl/curl/pull/4662 -Daniel Stenberg (30 Sep 2019) -- [Emil Engler brought this change] +Daniel Stenberg (3 Dec 2019) +- github action/azure pipeline: run 'make test-nonflaky' for tests + + To match travis and give more info on failures. - git: add tests/server/disabled to .gitignore +- openssl: CURLSSLOPT_NO_PARTIALCHAIN can disable partial cert chains - Closes #4441 + Closes #4655 -- altsvc: accept quoted ma and persist values +- openssl: set X509_V_FLAG_PARTIAL_CHAIN - As mandated by the spec. Test 1654 is extended to verify. + Have intermediate certificates in the trust store be treated as + trust-anchors, in the same way as self-signed root CA certificates + are. This allows users to verify servers using the intermediate cert + only, instead of needing the whole chain. - Closes #4443 + Other TLS backends already accept partial chains. + + Reported-by: Jeffrey Walton + Bug: https://curl.haxx.se/mail/lib-2019-11/0094.html -- mailmap: a Lucas fix +- curl: show better error message when no homedir is found + + Reported-by: Vlastimil Ovčáčík + Fixes #4644 + Closes #4665 -Alessandro Ghedini (29 Sep 2019) -- [Lucas Pardue brought this change] +- OPENSOCKETFUNCTION.3: correct the purpose description + + Reported-by: Jeff Mears + Bug: https://curl.haxx.se/mail/lib-2019-12/0007.html + + Closes #4667 - quiche: update HTTP/3 config creation to new API +- [Peter Wu brought this change] -Daniel Stenberg (29 Sep 2019) -- BINDINGS: PureBasic, Net::Curl for perl and Nim + travis: do not use OVERRIDE_CC or OVERRIDE_CXX if empty + + Fixes the macOS builds where OVERRIDE_CC and OVERRIDE_CXX are not set. + + Reported-by: Jay Satiro + Fixes #4659 + Closes #4661 + Closes #4664 -- BINDINGS: Kapito is an Erlang library, basically a binding +- azure-pipelines: fix the test script -- BINDINGS: added clj-curl +- Azure Pipelines: initial CI setup - Reported-by: Lucas Severo + [skip ci] -- [Jay Satiro brought this change] +- docs: add "added: 7.68.0" to the --etag-* docs - docs: disambiguate CURLUPART_HOST is for host name (ie no port) +- copyright: fix the year ranges for two files - Closes #4424 + Follow-up to 9c1806ae -- cookies: using a share with cookies shouldn't enable the cookie engine +Jay Satiro (1 Dec 2019) +- build: Disable Visual Studio warning "conditional expression is constant" - The 'share object' only sets the storage area for cookies. The "cookie - engine" still needs to be enabled or activated using the normal cookie - options. + - Disable warning C4127 "conditional expression is constant" globally + in curl_setup.h for when building with Microsoft's compiler. - This caused the curl command line tool to accidentally use cookies - without having been told to, since curl switched to using shared cookies - in 7.66.0. + This mainly affects building with the Visual Studio project files found + in the projects dir. - Test 1166 verifies + Prior to this change the cmake and winbuild build systems already + disabled 4127 globally for when building with Microsoft's compiler. + Also, 4127 was already disabled for all build systems in the limited + circumstance of the WHILE_FALSE macro which disabled the warning + specifically for while(0). This commit removes the WHILE_FALSE macro and + all other cruft in favor of disabling globally in curl_setup. - Updated test 506 + Background: - Fixes #4429 - Closes #4434 - -- setopt: handle ALTSVC set to NULL - -- RELEASE-NOTES: synced - -- [grdowns brought this change] - - INSTALL: add vcpkg installation instructions + We have various macros that cause 0 or 1 to be evaluated, which would + cause warning C4127 in Visual Studio. For example this causes it: - Closes #4435 - -- [Zenju brought this change] - - FTP: add test for FTPFILE_NOCWD: Avoid redundant CWDs + #define Curl_resolver_asynch() 1 - Add libtest 661 + Full behavior is not clearly defined and inconsistent across versions. + However it is documented that since VS 2015 Update 3 Microsoft has + addressed this somewhat but not entirely, not warning on while(true) for + example. - Closes #4417 - -- [Zenju brought this change] - - FTP: url-decode path before evaluation + Prior to this change some C4127 warnings occurred when I built with + Visual Studio using the generated projects in the projects dir. - Closes #4428 + Closes https://github.com/curl/curl/pull/4658 -Marcel Raad (27 Sep 2019) -- tests: fix narrowing conversion warnings +- openssl: retrieve reported LibreSSL version at runtime - `timediff_t` is 64 bits wide also on 32-bit systems since - commit b1616dad8f0. + - Retrieve LibreSSL runtime version when supported (>= 2.7.1). - Closes https://github.com/curl/curl/pull/4415 - -Jay Satiro (27 Sep 2019) -- [julian brought this change] - - vtls: Fix comment typo about macosx-version-min compiler flag + For earlier versions we continue to use the compile-time version. - Closes https://github.com/curl/curl/pull/4425 - -Daniel Stenberg (26 Sep 2019) -- [Yechiel Kalmenson brought this change] - - README: minor grammar fix + Ref: https://man.openbsd.org/OPENSSL_VERSION_NUMBER.3 - Closes #4431 - -- [Spezifant brought this change] + Closes https://github.com/curl/curl/pull/2425 - HTTP3: fix prefix parameter for ngtcp2 build +- strerror: Add Curl_winapi_strerror for Win API specific errors - Closes #4430 - -- quiche: don't close connection at end of stream! - -- quiche: set 'drain' when returning without having drained the queues - -- Revert "FTP: url-decode path before evaluation" + - In all code call Curl_winapi_strerror instead of Curl_strerror when + the error code is known to be from Windows GetLastError. - This reverts commit 2f036a72d543e96128bd75cb0fedd88815fd42e2. + Curl_strerror prefers CRT error codes (errno) over Windows API error + codes (GetLastError) when the two overlap. When we know the error code + is from GetLastError it is more accurate to prefer the Windows API error + messages. + + Reported-by: Richard Alcock + + Fixes https://github.com/curl/curl/issues/4550 + Closes https://github.com/curl/curl/pull/4581 -- HTTP3: merged and simplified the two 'running' sections +Daniel Stenberg (2 Dec 2019) +- global_init: undo the "intialized" bump in case of failure + + ... so that failures in the global init function don't count as a + working init and it can then be called again. + + Reported-by: Paul Groke + Fixes #4636 + Closes #4653 -- HTTP3: show an --alt-svc using example too +- parsedate: offer a getdate_capped() alternative + + ... and use internally. This function will return TIME_T_MAX instead of + failure if the parsed data is found to be larger than what can be + represented. TIME_T_MAX being the largest value curl can represent. + + Reviewed-by: Daniel Gustafsson + Reported-by: JanB on github + Fixes #4152 + Closes #4651 -- [Zenju brought this change] +- docs: add more references to curl_multi_poll + + Fixes #4643 + Closes #4652 - FTP: url-decode path before evaluation +- sha256: bump the copyright year range - Closes #4423 + Follow-up from 66e21520f -- openssl: use strerror on SSL_ERROR_SYSCALL +Daniel Gustafsson (28 Nov 2019) +- curl_setup_once: consistently use WHILE_FALSE in macros - Instead of showing the somewhat nonsensical errno number, use strerror() - to provide a more relatable error message. + The WHILE_FALSE construction is used to avoid compiler warnings in + macro constructions. This fixes a few instances where it was not + used in order to keep the code consistent. - Closes #4411 + Closes #4649 + Reviewed-by: Daniel Stenberg -- HTTP3: update quic.aiortc.org + add link to server list - - Reported-by: Jeremy Lainé +Daniel Stenberg (28 Nov 2019) +- [Steve Holme brought this change] -Jay Satiro (26 Sep 2019) -- url: don't set appconnect time for non-ssl/non-ssh connections + http_ntlm: Remove duplicate NSS initialisation - Prior to this change non-ssl/non-ssh connections that were reused set - TIMER_APPCONNECT [1]. Arguably that was incorrect since no SSL/SSH - handshake took place. + Given that this is performed by the NTLM code there is no need to + perform the initialisation in the HTTP layer. This also keeps the + initialisation the same as the SASL based protocols and also fixes a + possible compilation issue if both NSS and SSPI were to be used as + multiple SSL backends. - [1]: TIMER_APPCONNECT is publicly known as CURLINFO_APPCONNECT_TIME in - libcurl and %{time_appconnect} in the curl tool. It is documented as - "the time until the SSL/SSH handshake is completed". + Reviewed-by: Kamil Dudka + Closes #3935 + +Daniel Gustafsson (28 Nov 2019) +- checksrc: fix regexp for ASSIGNWITHINCONDITION - Reported-by: Marcel Hernandez + The regexp looking for assignments within conditions was too greedy + and matched a too long string in the case of multiple conditionals + on the same line. This is basically only a problem in single line + macros, and the code which exemplified this was essentially: - Ref: https://github.com/curl/curl/issues/3760 + do { if((x) != NULL) { x = NULL; } } while(0) - Closes https://github.com/curl/curl/pull/3773 - -Daniel Stenberg (25 Sep 2019) -- ngtcp2: remove fprintf() calls + ..where the final parenthesis of while(0) matched the regexp, and + the legal assignment in the block triggered the warning. Fix by + making the regexp less greedy by matching for the tell-tale signs + of the if statement ending. - - convert some of them to H3BUF() calls to infof() - - remove some of them completely - - made DEBUG_HTTP3 defined only if CURLDEBUG is set for now + Also remove the one occurrence where the warning was disabled due + to a construction like the above, where the warning didn't apply + when fixed. - Closes #4421 + Closes #4647 + Reviewed-by: Daniel Stenberg -- [Jay Satiro brought this change] +Daniel Stenberg (28 Nov 2019) +- RELEASE-NOTES: synced - url: fix the NULL hostname compiler warning case +- [Maros Priputen brought this change] + + curl: two new command line options for etags - Closes #4403 + --etag-compare and --etag-save + + Suggested-by: Paul Hoffman + Fixes #4277 + Closes #4543 -- [Jay Satiro brought this change] +Daniel Gustafsson (28 Nov 2019) +- docs: fix typos - travis: move the go install to linux-only - - ... to repair the build again - Closes #4403 +Daniel Stenberg (28 Nov 2019) +- mailmap: Niall O'Reilly's name -- altsvc: correct the #ifdef for the ngtcp2 backend +- [Niall O'Reilly brought this change] -- altsvc: save h3 as h3-23 + doh: use dedicated probe slots - Follow-up to d176a2c7e5 - -- urlapi: question mark within fragment is still fragment + ... to easier allow additional DNS transactions. - The parser would check for a query part before fragment, which caused it - to do wrong when the fragment contains a question mark. + Closes #4629 + +- travis: build ngtcp2 with --enable-lib-only - Extended test 1560 to verify. + ... makes it skip the examples and other stuff we don't neeed. - Reported-by: Alex Konev - Fixes #4412 - Closes #4413 + Closes #4646 -- [Alex Samorukov brought this change] +- [David Benjamin brought this change] - HTTP3.md: move -p for mkdir, remove -j for make + ngtcp2: fix thread-safety bug in error-handling - - mkdir on OSX/Darwin requires `-p` argument before dir + ERR_error_string(NULL) should never be called. It places the error in a + global buffer, which is not thread-safe. Use ERR_error_string_n with a + local buffer instead. - - portabbly figuring out number of cores is an exercise for somewhere - else + Closes #4645 + +- travis: export the CC/CXX variables when set - Closes #4407 + Suggested-by: Peter Wu + Fixes #4637 + Closes #4640 -Patrick Monnerat (24 Sep 2019) -- os400: getpeername() and getsockname() return ebcdic AF_UNIX sockaddr, +Marcel Raad (26 Nov 2019) +- dist: add error-codes.pl - As libcurl now uses these 2 system functions, wrappers are needed on os400 - to convert returned AF_UNIX sockaddrs to ascii. + Follow-up to commit 74f441c6d31. + This should fix test 1175 when run via the daily source tarballs. - This is a follow-up to commit 7fb54ef. - See also #4037. - Closes #4214 + Closes https://github.com/curl/curl/pull/4638 -Jay Satiro (24 Sep 2019) -- [Lucas Pardue brought this change] +Daniel Stenberg (26 Nov 2019) +- [John Schroeder brought this change] - strcase: fix raw lowercasing the letter X - - Casing mistake in Curl_raw_tolower 'X' wasn't lowercased as 'x' prior to - this change. + curl: fix --upload-file . hangs if delay in STDIN - Follow-up to 0023fce which added the function several days ago. + Attempt to unpause a busy read in the CURLOPT_XFERINFOFUNCTION. - Ref: https://github.com/curl/curl/pull/4401#discussion_r327396546 + When uploading from stdin in non-blocking mode, a delay in reading + the stream (EAGAIN) causes curl to pause sending data + (CURL_READFUNC_PAUSE). Prior to this change, a busy read was + detected and unpaused only in the CURLOPT_WRITEFUNCTION handler. + This change performs the same busy read handling in a + CURLOPT_XFERINFOFUNCTION handler. - Closes https://github.com/curl/curl/pull/4408 + Fixes #2051 + Closes #4599 + Reported-by: bdry on github -Daniel Stenberg (23 Sep 2019) -- http2: Expression 'stream->stream_id != - 1' is always true - - PVS-Studio warning - Fixes #4402 +- [John Schroeder brought this change] -- http2: A value is being subtracted from the unsigned variable + XFERINFOFUNCTION: support CURL_PROGRESSFUNC_CONTINUE - PVS-Studio warning - Fixes #4402 - -- libssh: part of conditional expression is always true: !result + (also for PROGRESSFUNCTION) - PVS-Studio warning - Fixed #4402 - -- libssh: part of conditional expression is always true + By returning this value from the callback, the internal progress + function call is still called afterward. - PVS-Studio warning - Fixes #4402 + Closes #4599 -- libssh: The expression is excessive or contains a misprint - - PVS-Studio warning - Fixes #4402 +- [Michael Forney brought this change] -- quiche: The expression must be surrounded by parentheses + TLS: add BearSSL vtls implementation - PVS-Studio warning - Fixes #4402 + Closes #4597 -- vauth: The parameter 'status' must be surrounded by parentheses +- curl_multi_wakeup.3: add example and AVAILABILITY - PVS-Studio warning - Fixes #4402 + Reviewed-by: Gergely Nagy + Closes #4635 -- [Paul Dreik brought this change] +- [Gergely Nagy brought this change] - doh: allow only http and https in debug mode + multi: add curl_multi_wakeup() - Otherwise curl may be told to use for instance pop3 to - communicate with the doh server, which most likely - is not what you want. + This commit adds curl_multi_wakeup() which was previously in the TODO + list under the curl_multi_unblock name. - Found through fuzzing. + On some platforms and with some configurations this feature might not be + available or can fail, in these cases a new error code + (CURLM_WAKEUP_FAILURE) is returned from curl_multi_wakeup(). - Closes #4406 + Fixes #4418 + Closes #4608 -- [Paul Dreik brought this change] +Jay Satiro (24 Nov 2019) +- [Xiaoyin Liu brought this change] - doh: return early if there is no time left + schannel: fix --tls-max for when min is --tlsv1 or default - Closes #4406 - -- [Barry Pollard brought this change] - - http: lowercase headernames for HTTP/2 and HTTP/3 + Prior to this change schannel ignored --tls-max (CURL_SSLVERSION_MAX_ + macros) when --tlsv1 (CURL_SSLVERSION_TLSv1) or default TLS + (CURL_SSLVERSION_DEFAULT), using a max of TLS 1.2 always. - Closes #4401 - Fixes #4400 + Closes https://github.com/curl/curl/pull/4633 -Marcel Raad (23 Sep 2019) -- vtls: fix narrowing conversion warnings - - Curl_timeleft returns `timediff_t`, which is 64 bits wide also on - 32-bit systems since commit b1616dad8f0. +- checksrc.bat: Add a check for vquic and vssh directories - Closes https://github.com/curl/curl/pull/4398 - -Daniel Stenberg (23 Sep 2019) -- [Joel Depooter brought this change] + Ref: https://github.com/curl/curl/pull/4607 - winbuild: Add manifest to curl.exe for proper OS version detection +- projects: Fix Visual Studio projects SSH builds - This is a small fix to commit ebd213270a017a6830928ee2e1f4a9cabc799898 - in pull request #1221. That commit added the CURL_EMBED_MANIFEST flag to - CURL_RC_FLAGS. However, later in the file CURL_RC_FLAGS is - overwritten. The fix is to append values to CURL_RC_FLAGS instead of - overwriting + - Generate VQUIC and VSSH filenames in Visual Studio project files. - Closes #4399 + Prior to this change generated Visual Studio project configurations that + enabled SSH did not build properly. Broken since SSH files were moved to + lib/vssh 3 months ago in 5b2d703. + + Fixes https://github.com/curl/curl/issues/4492 + Fixes https://github.com/curl/curl/issues/4630 + Closes https://github.com/curl/curl/pull/4607 +Daniel Stenberg (23 Nov 2019) - RELEASE-NOTES: synced -Marcel Raad (22 Sep 2019) -- openssl: fix compiler warning with LibreSSL - - It was already fixed for BoringSSL in commit a0f8fccb1e0. - LibreSSL has had the second argument to SSL_CTX_set_min_proto_version - as uint16_t ever since the function was added in [0]. - - [0] https://github.com/libressl-portable/openbsd/commit/56f107201baefb5533486d665a58d8f57fd3aeda - - Closes https://github.com/curl/curl/pull/4397 - -Daniel Stenberg (22 Sep 2019) -- curl: exit the create_transfers loop on errors - - When looping around the ranges and given URLs to create transfers, all - errors should exit the loop and return. Previously it would keep - looping. +Jay Satiro (22 Nov 2019) +- openssl: Revert to less sensitivity for SYSCALL errors - Reported-by: SumatraPeter on github - Bug: #4393 - Closes #4396 - -Jay Satiro (21 Sep 2019) -- socks: Fix destination host shown on SOCKS5 error + - Disable the extra sensitivity except in debug builds (--enable-debug). - Prior to this change when a server returned a socks5 connect error then - curl would parse the destination address:port from that data and show it - to the user as the destination: + - Improve SYSCALL error message logic in ossl_send and ossl_recv so that + "No error" / "Success" socket error text isn't shown on SYSCALL error. - curld -v --socks5 10.0.3.1:1080 http://google.com:99 - * SOCKS5 communication to google.com:99 - * SOCKS5 connect to IPv4 172.217.12.206 (locally resolved) - * Can't complete SOCKS5 connection to 253.127.0.0:26673. (1) - curl: (7) Can't complete SOCKS5 connection to 253.127.0.0:26673. (1) + Prior to this change 0ab38f5 (precedes 7.67.0) increased the sensitivity + of OpenSSL's SSL_ERROR_SYSCALL error so that abrupt server closures were + also considered errors. For example, a server that does not send a known + protocol termination point (eg HTTP content length or chunked encoding) + _and_ does not send a TLS termination point (close_notify alert) would + cause an error if it closed the connection. - That's incorrect because the address:port included in the connect error - is actually a bind address:port (typically unused) and not the - destination address:port. This fix changes curl to show the destination - information that curl sent to the server instead: + To be clear that behavior made it into release build 7.67.0 + unintentionally. Several users have reported it as an issue. - curld -v --socks5 10.0.3.1:1080 http://google.com:99 - * SOCKS5 communication to google.com:99 - * SOCKS5 connect to IPv4 172.217.7.14:99 (locally resolved) - * Can't complete SOCKS5 connection to 172.217.7.14:99. (1) - curl: (7) Can't complete SOCKS5 connection to 172.217.7.14:99. (1) + Ultimately the idea is a good one, since it can help prevent against a + truncation attack. Other SSL backends may already behave similarly (such + as Windows native OS SSL Schannel). However much more of our user base + is using OpenSSL and there is a mass of legacy users in that space, so I + think that behavior should be partially reverted and then rolled out + slowly. - curld -v --socks5-hostname 10.0.3.1:1080 http://google.com:99 - * SOCKS5 communication to google.com:99 - * SOCKS5 connect to google.com:99 (remotely resolved) - * Can't complete SOCKS5 connection to google.com:99. (1) - curl: (7) Can't complete SOCKS5 connection to google.com:99. (1) + This commit changes the behavior so that the increased sensitivity is + disabled in all curl builds except curl debug builds (DEBUGBUILD). If + after a period of time there are no major issues then it can be enabled + in dev and release builds with the newest OpenSSL (1.1.1+), since users + using the newest OpenSSL are the least likely to have legacy problems. - Ref: https://tools.ietf.org/html/rfc1928#section-6 + Bug: https://github.com/curl/curl/issues/4409#issuecomment-555955794 + Reported-by: Bjoern Franke - Closes https://github.com/curl/curl/pull/4394 + Fixes https://github.com/curl/curl/issues/4624 + Closes https://github.com/curl/curl/pull/4623 -Daniel Stenberg (21 Sep 2019) -- travis: enable ngtcp2 h3-23 builds +- [Daniel Stenberg brought this change] -- altsvc: both backends run h3-23 now + openssl: improve error message for SYSCALL during connect - Closes #4395 - -- http: fix warning on conversion from int to bit + Reported-by: Paulo Roberto Tomasi + Bug: https://curl.haxx.se/mail/archive-2019-11/0005.html - Follow-up from 03ebe66d70 + Closes https://github.com/curl/curl/pull/4593 -- urldata: use 'bool' for the bit type on MSVC compilers +Daniel Stenberg (22 Nov 2019) +- test1175: verify symbols-in-versions and libcurl-errors.3 in sync - Closes #4387 - Fixes #4379 + Closes #4628 -- appveyor: upgrade VS2017 to VS2019 +- include: make CURLE_HTTP3 use a new error code - Closes #4383 + To avoid potential issues with error code reuse. + + Reported-by: Christoph M. Becker + Assisted-by: Dan Fandrich + Fixes #4601 + Closes #4627 -- [Zenju brought this change] +- bump: next release will be 7.68.0 - FTP: FTPFILE_NOCWD: avoid redundant CWDs +- curl: add --parallel-immediate - Closes #4382 - -- cookie: pass in the correct cookie amount to qsort() + Starting with this change when doing parallel transfers, without this + option set, curl will prefer to create new transfers multiplexed on an + existing connection rather than creating a brand new one. - As the loop discards cookies without domain set. This bug would lead to - qsort() trying to sort uninitialized pointers. We have however not found - it a security problem. + --parallel-immediate can be set to tell curl to prefer to use new + connections rather than to wait and try to multiplex. - Reported-by: Paul Dreik - Closes #4386 + libcurl-wise, this means that curl will set CURLOPT_PIPEWAIT by default + on parallel transfers. + + Suggested-by: Tom van der Woerdt + Closes #4500 -- [Paul Dreik brought this change] +Daniel Gustafsson (20 Nov 2019) +- [Victor Magierski brought this change] - urlapi: avoid index underflow for short ipv6 hostnames - - If the input hostname is "[", hlen will underflow to max of size_t when - it is subtracted with 2. + docs: fix typos - hostname[hlen] will then cause a warning by ubsanitizer: + Change 'experiemental' to 'experimental'. - runtime error: addition of unsigned offset to 0x overflowed to - 0x + Closes #4618 + Reviewed-by: Daniel Gustafsson + +Jay Satiro (18 Nov 2019) +- projects: Fix Visual Studio wolfSSL configurations - I think that in practice, the generated code will work, and the output - of hostname[hlen] will be the first character "[". + - s/USE_CYASSL/USE_WOLFSSL/ - This can be demonstrated by the following program (tested in both clang - and gcc, with -O3) + - Remove old compatibility macros. - int main() { - char* hostname=strdup("["); - size_t hlen = strlen(hostname); - - hlen-=2; - hostname++; - printf("character is %d\n",+hostname[hlen]); - free(hostname-1); - } - - I found this through fuzzing, and even if it seems harmless, the proper - thing is to return early with an error. - - Closes #4389 + Follow-up to 1c6c59a from several months ago when CyaSSL named symbols + were renamed to wolfSSL. The wolfSSL library was formerly named CyaSSL + and we kept using their old name for compatibility reasons, until + earlier this year. -- [Tatsuhiro Tsujikawa brought this change] +Daniel Stenberg (18 Nov 2019) +- RELEASE-NOTES: synced - ngtcp2: compile with latest ngtcp2 + nghttp3 draft-23 - - Closes #4392 +- [Javier Blazquez brought this change] -- THANKS-filter: deal with my typos 'Jat' => 'Jay' + ngtcp2: use overflow buffer for extra HTTP/3 data + + Fixes #4525 + Closes #4603 -- travis: use go master +- altsvc: bump to h3-24 - ... as the boringssl builds needs a very recent version + ... as both ngtcp2 and quiche now support that in their master branches - Co-authored-by: Jat Satiro - Closes #4361 + Closes #4604 -- tool_operate: removed unused variable 'done' +- ngtcp2: free used resources on disconnect - Fixes warning detected by PVS-Studio - Fixes #4374 + Fixes #4614 + Closes #4615 -- tool_operate: Expression 'config->resume_from' is always true +- ngtcp2: handle key updates as ngtcp2 master branch tells us - Fixes warning detected by PVS-Studio - Fixes #4374 - -- tool_getparam: remove duplicate switch case + Reviewed-by: Tatsuhiro Tsujikawa - Fixes warning detected by PVS-Studio - Fixes #4374 + Fixes #4612 + Closes #4613 -- libssh2: part of conditional expression is always true: !result - - Fixes warning detected by PVS-Studio - Fixes #4374 +Jay Satiro (17 Nov 2019) +- [Gergely Nagy brought this change] -- urlapi: Expression 'storep' is always true + multi: Fix curl_multi_poll wait when extra_fds && !extra_nfds - Fixes warning detected by PVS-Studio - Fixes #4374 - -- urlapi: 'scheme' is always true + Prior to this change: - Fixes warning detected by PVS-Studio - Fixes #4374 - -- urlapi: part of conditional expression is always true: (relurl[0] == '/') + The check if an extra wait is necessary was based not on the + number of extra fds but on the pointer. - Fixes warning detected by PVS-Studio - Fixes #4374 - -- setopt: store CURLOPT_RTSP_SERVER_CSEQ correctly + If a non-null pointer was given in extra_fds, but extra_nfds + was zero, then the wait was skipped even though poll was not + called. - Fixes bug detected by PVS-Studio - Fixes #4374 + Closes https://github.com/curl/curl/pull/4610 -- mime: make Curl_mime_duppart() assert if called without valid dst +- lib: Move lib/ssh.h -> lib/vssh/ssh.h - Fixes warning detected by PVS-Studio - Fixes #4374 - -- http_proxy: part of conditional expression is always true: !error + Follow-up to 5b2d703 which moved ssh source files to vssh. - Fixes warning detected by PVS-Studio - Fixes #4374 + Closes https://github.com/curl/curl/pull/4609 -- imap: merged two case-branches performing the same action - - Fixes warning detected by PVS-Studio - Fixes #4374 +Daniel Stenberg (16 Nov 2019) +- [Andreas Falkenhahn brought this change] -- multi: value '2L' is assigned to a boolean + INSTALL.md: provide Android build instructions - Fixes warning detected by PVS-Studio - Fixes #4374 + Closes #4606 -- easy: part of conditional expression is always true: !result - - Fixes warning detected by PVS-Studio - Fixes #4374 +- [Niall O'Reilly brought this change] -- netrc: part of conditional expression is always true: !done + doh: improced both encoding and decoding - Fixes warning detected by PVS-Studio - Fixes #4374 - -- version: Expression 'left > 1' is always true + Improved estimation of expected_len and updated related comments; + increased strictness of QNAME-encoding, adding error detection for empty + labels and names longer than the overall limit; avoided treating DNAME + as unexpected; - Fixes warning detected by PVS-Studio - Fixes #4374 - -- url: remove dead code + updated unit test 1655 with more thorough set of proofs and tests - Fixes warning detected by PVS-Studio - Fixes #4374 + Closes #4598 -- url: part of expression is always true: (bundle->multiuse == 0) +- ngtcp2: increase QUIC window size when data is consumed - Fixes warning detected by PVS-Studio - Fixes #4374 + Assisted-by: Javier Blazquez + Ref #4525 (partial fix) + Closes #4600 -- ftp: the conditional expression is always true +- [Melissa Mears brought this change] + + config-win32: cpu-machine-OS for Windows on ARM - ... both !result and (ftp->transfer != FTPTRANSFER_BODY)! + Define the OS macro properly for Windows on ARM builds. Also, we might + as well add the GCC-style IA-64 macro. - Fixes warning detected by PVS-Studio - Fixes #4374 + Closes #4590 -- ftp: Expression 'ftpc->wait_data_conn' is always false +- examples: add multi-poll.c - Fixes warning detected by PVS-Studio - Fixes #4374 - -- ftp: Expression 'ftpc->wait_data_conn' is always true + Show how curl_multi_poll() makes it even easier to use the multi + interface. - Fixes warning detected by PVS-Studio - Fixes #4374 + Closes #4596 -- ftp: part of conditional expression is always true: !result +- multi_poll: avoid busy-loop when called without easy handles attached - Fixes warning detected by PVS-Studio - Fixes #4374 + Fixes #4594 + Closes #4595 + Reported-by: 3dyd on github -- http: fix Expression 'http->postdata' is always false +- curl: fix -T globbing - Fixes warning detected by PVS-Studio - Fixes #4374 - Reported-by: Valerii Zapodovnikov - -- [Niall O'Reilly brought this change] - - doh: avoid truncating DNS QTYPE to lower octet + Regression from e59371a4936f8 (7.67.0) - Closes #4381 - -- [Jens Finkhaeuser brought this change] - - urlapi: CURLU_NO_AUTHORITY allows empty authority/host part + Added test 490, 491 and 492 to verify the functionality. - CURLU_NO_AUTHORITY is intended for use with unknown schemes (i.e. not - "file:///") to override cURL's default demand that an authority exists. + Reported-by: Kamil Dudka + Reported-by: Anderson Sasaki - Closes #4349 - -- version: next release will be 7.67.0 + Fixes #4588 + Closes #4591 -- RELEASE-NOTES: synced +- HISTORY: added cmake, HTTP/3 and parallel downloads with curl -- url: only reuse TLS connections with matching pinning - - If the requests have different CURLOPT_PINNEDPUBLICKEY strings set, the - connection should not be reused. +- quiche: reject headers in the wrong order - Bug: https://curl.haxx.se/mail/lib-2019-09/0061.html - Reported-by: Sebastian Haglund + Pseudo header MUST come before regular headers or cause an error. - Closes #4347 + Reported-by: Cynthia Coan + Fixes #4571 + Closes #4584 -- README: add OSS-Fuzz badge [skip ci] +- openssl: prevent recursive function calls from ctx callbacks - Closes #4380 - -Michael Kaufmann (18 Sep 2019) -- http: merge two "case" statements - -Daniel Stenberg (18 Sep 2019) -- [Zenju brought this change] - - FTP: remove trailing slash from path for LIST/MLSD + Follow the pattern of many other callbacks. - Closes #4348 + Ref: #4546 + Closes #4585 -- mime: when disabled, avoid C99 macro +- CURL-DISABLE: initial docs for the CURL_DISABLE_* defines - Closes #4368 - -- url: cleanup dangling DOH request headers too + The disable-scan script used in test 1165 is extended to also verify + that the docs cover all used defines and all defines offered by + configure. - Follow-up to 9bc44ff64d9081 + Reported-by: SLDiggie on github + Fixes #4545 + Closes #4587 + +- remove_handle: clear expire timers after multi_done() - Credit to OSS-Fuzz - Bug: https://crbug.com/oss-fuzz/17269 + Since 59041f0, a new timer might be set in multi_done() so the clearing + of the timers need to happen afterwards! - Closes #4372 - -- [Christoph M. Becker brought this change] + Reported-by: Max Kellermann + Fixes #4575 + Closes #4583 - http2: relax verification of :authority in push promise requests - - If the :authority pseudo header field doesn't contain an explicit port, - we assume it is valid for the default port, instead of rejecting the - request for all ports. +Marcel Raad (10 Nov 2019) +- test1558: use double slash after file: - Ref: https://curl.haxx.se/mail/lib-2019-09/0041.html + Classic MinGW / MSYS 1 doesn't support `MSYS2_ARG_CONV_EXCL`, so this + test unnecessarily failed when using `file:/` instead of `file:///`. - Closes #4365 + Closes https://github.com/curl/curl/pull/4554 -- doh: clean up dangling DOH handles and memory on easy close +Daniel Stenberg (10 Nov 2019) +- pause: avoid updating socket if done was already called - If you set the same URL for target as for DoH (and it isn't a DoH - server), like "https://example.com" in both, the easy handles used for - the DoH requests could be left "dangling" and end up not getting freed. + ... avoids unnecesary recursive risk when the transfer is already done. - Reported-by: Paul Dreik - Closes #4366 + Reported-by: Richard Bowker + Fixes #4563 + Closes #4574 -- unit1655: make it C90 compliant +Jay Satiro (9 Nov 2019) +- strerror: Fix an error looking up some Windows error strings - Unclear why this was not detected in the CI. + - Use FORMAT_MESSAGE_IGNORE_INSERTS to ignore format specifiers in + Windows error strings. - Follow-up to b7666027296a - -- smb: check for full size message before reading message details + Since we are not in control of the error code we don't know what + information may be needed by the error string's format specifiers. - To avoid reading of uninitialized data. + Prior to this change Windows API error strings which contain specifiers + (think specifiers like similar to printf specifiers) would not be shown. + The FormatMessage Windows API call which turns a Windows error code into + a string could fail and set error ERROR_INVALID_PARAMETER if that error + string contained a format specifier. FormatMessage expects a va_list for + the specifiers, unless inserts are ignored in which case no substitution + is attempted. - Assisted-by: Max Dymond - Bug: https://crbug.com/oss-fuzz/16907 - Closes #4363 + Ref: https://devblogs.microsoft.com/oldnewthing/20071128-00/?p=24353 -- quiche: persist connection details - - ... like we do for other protocols at connect time. This makes "curl -I" - and other things work. - - Reported-by: George Liu - Fixes #4358 - Closes #4360 +- [r-a-sattarov brought this change] -- openssl: fix warning with boringssl and SSL_CTX_set_min_proto_version + system.h: fix for MCST lcc compiler - Follow-up to ffe34b7b59 - Closes #4359 - -- [Paul Dreik brought this change] - - doh: fix undefined behaviour and open up for gcc and clang optimization + Fixed build by MCST lcc compiler on MCST Elbrus 2000 architecture and do + some code cleanup. - The undefined behaviour is annoying when running fuzzing with - sanitizers. The codegen is the same, but the meaning is now not up for - dispute. See https://cppinsights.io/s/516a2ff4 + e2k (Elbrus 2000) - this is VLIW/EPIC architecture, like Intel Itanium + architecture. - By incrementing the pointer first, both gcc and clang recognize this as - a bswap and optimizes it to a single instruction. See - https://godbolt.org/z/994Zpx + Ref: https://en.wikipedia.org/wiki/Elbrus_2000 - Closes #4350 - -- [Paul Dreik brought this change] + Closes https://github.com/curl/curl/pull/4576 - doh: fix (harmless) buffer overrun - - Added unit test case 1655 to verify. - Close #4352 +Daniel Stenberg (8 Nov 2019) +- TODO: curl_multi_unblock - the code correctly finds the flaws in the old code, - if one temporarily restores doh.c to the old version. - -Alessandro Ghedini (15 Sep 2019) -- docs: remove trailing ':' from section names in CURLOPT_TRAILER* man - -- docs: fix typo in CURLOPT_HTTP_VERSION man - -GitHub (14 Sep 2019) -- [Daniel Stenberg brought this change] + Closes #4418 - CI: inintial github action job +- TODO: Run web-platform-tests url tests - First shot at a CI build on github actions + Closes #4477 -Daniel Stenberg (13 Sep 2019) -- appveyor: add a winbuild - - Assisted-by: Marcel Raad - Assisted-by: Jay Satiro +- TODO: 1.4 alt-svc sharing - Closes #4324 + Closes #4476 -- FTP: allow "rubbish" prepended to the SIZE response - - This is a protocol violation but apparently there are legacy proprietary - servers doing this. +- test1560: require IPv6 for IPv6 aware URL parsing - Added test 336 and 337 to verify. + The URL parser function can't reject a bad IPv6 address properly when + curl was built without IPv6 support. - Reported-by: Philippe Marguinaud - Closes #4339 - -- [Zenju brought this change] + Reported-by: Marcel Raad + Fixes #4556 + Closes #4572 - FTP: skip CWD to entry dir when target is absolute +- checksrc: repair the copyrightyear check - Closes #4332 - -Kamil Dudka (13 Sep 2019) -- curl: fix memory leaked by parse_metalink() + - Consider a modified file to be committed this year. - This commit fixes a regression introduced by curl-7_65_3-5-gb88940850. - Detected by tests 2005, 2008, 2009, 2010, 2011, and 2012 with valgrind - and libmetalink enabled. + - Make the travis CHECKSRC also do COPYRIGHTYEAR scan in examples and + includes - Closes #4326 - -Daniel Stenberg (13 Sep 2019) -- parsedate: still provide the name arrays when disabled + - Ignore 0 parents when getting latest commit date of file. - If FILE or FTP are enabled, since they also use them! + since in the CI we're dealing with a truncated repo of last 50 commits, + the file's most recent commit may not be available. when this happens + git log and rev-list show the initial commit (ie first commit not to be + truncated) but that's incorrect so ignore it. - Reported-by: Roland Hieber - Fixes #4325 - Closes #4343 - -- [Gilles Vollant brought this change] - - curl:file2string: load large files much faster + Ref: https://github.com/curl/curl/pull/4547 - ... by using a more efficient realloc scheme. + Closes https://github.com/curl/curl/pull/4549 - Bug: https://curl.haxx.se/mail/lib-2019-09/0045.html - Closes #4336 + Co-authored-by: Jay Satiro -- openssl: close_notify on the FTP data connection doesn't mean closure - - For FTPS transfers, curl gets close_notify on the data connection - without that being a signal to close the control connection! +- copyrights: fix copyright year range - Regression since 3f5da4e59a556fc (7.65.0) + .. because checksrc's copyright year check stopped working. - Reported-by: Zenju on github - Reviewed-by: Jay Satiro - Fixes #4329 - Closes #4340 - -- [Jimmy Gaussen brought this change] - - docs/HTTP3: fix `--with-ssl` ngtcp2 configure flag + Ref: https://github.com/curl/curl/pull/4547 - Closes #4338 + Closes https://github.com/curl/curl/pull/4549 - RELEASE-NOTES: synced -- curlver: bump to 7.66.1 +- curlver: bump to 7.67.1 -- [Zenju brought this change] +- mailmap: fixup Massimiliano Fantuzzi - setopt: make it easier to add new enum values - - ... by using the *_LAST define names better. +- scripts/contributors: make committers get included too - Closes #4321 + in addition to authors -- asyn-thread: s/AF_LOCAL/AF_UNIX for Solaris +Jay Satiro (8 Nov 2019) +- [Massimiliano Fantuzzi brought this change] + + configure: fix typo in help text - Reported-by: Dagobert Michelsen - Fixes #4328 - Closes #4333 + Closes https://github.com/curl/curl/pull/4570 -- [Bernhard Walle brought this change] +Daniel Stenberg (7 Nov 2019) +- [Christian Schmitz brought this change] - winbuild/MakefileBuild.vc: Add vssh - - Without that modification, the Windows build using the makefiles doesn't - work. + ntlm: USE_WIN32_CRYPTO check removed to get USE_NTLM2SESSION set - Signed-off-by: Bernhard Walle + Closes #3704 + +Jay Satiro (6 Nov 2019) +- [Wyatt O'Day brought this change] + + build: fix for CURL_DISABLE_DOH - Fixes #4322 - Closes #4323 + Fixes https://github.com/curl/curl/issues/4565 + Closes https://github.com/curl/curl/pull/4566 -Bernhard Walle (11 Sep 2019) -- winbuild/MakefileBuild.vc: Fix line endings +- [Leonardo Taccari brought this change] + + configure: avoid unportable `==' test(1) operator - The file had mixed line endings. + Closes https://github.com/curl/curl/pull/4567 + +Version 7.67.0 (5 Nov 2019) + +Daniel Stenberg (5 Nov 2019) +- RELEASE-NOTES: synced - Signed-off-by: Bernhard Walle + The 7.67.0 release -Jay Satiro (11 Sep 2019) -- ldap: Stop using wide char version of ldapp_err2string +- THANKS: add new names from 7.67.0 + +- configure: only say ipv6 enabled when the variable is set - Despite ldapp_err2string being documented by MS as returning a - PCHAR (char *), when UNICODE it is mapped to ldap_err2stringW and - returns PWCHAR (wchar_t *). + Previously it could say "IPv6: enabled" at the end of the configure run + but the define wasn't set because of a missing getaddrinfo(). - We have lots of code that expects ldap_err2string to return char *, - most of it failf used like this: + Reported-by: Marcel Raad + Fixes #4555 + Closes #4560 + +Marcel Raad (2 Nov 2019) +- certs/Server-localhost-lastSAN-sv: regenerate with sha256 - failf(data, "LDAP local: Some error: %s", ldap_err2string(rc)); + All other certificates were regenerated in commit ba782baac30, but + this one was missed. + Fixes test3001 on modern systems. - Closes https://github.com/curl/curl/pull/4272 + Closes https://github.com/curl/curl/pull/4551 -Version 7.66.0 (10 Sep 2019) +Daniel Stenberg (2 Nov 2019) +- [Vilhelm Prytz brought this change] -Daniel Stenberg (10 Sep 2019) -- RELEASE-NOTES: curl 7.66.0 + copyrights: update all copyright notices to 2019 on files changed this year + + Closes #4547 -- THANKS: from the 7.66.0 release +- [Bastien Bouclet brought this change] -- curl: make sure the parallel transfers do them all - - The logic could erroneously break the loop too early before all - transfers had been transferred. + mbedtls: add error message for cert validity starting in the future - Reported-by: Tom van der Woerdt - Fixes #4316 - Closes #4317 + Closes #4552 -- urlapi: one colon is enough for the strspn() input (typo) +Jay Satiro (1 Nov 2019) +- schannel_verify: Fix concurrent openings of CA file + + - Open the CA file using FILE_SHARE_READ mode so that others can read + from it as well. + + Prior to this change our schannel code opened the CA file without + sharing which meant concurrent openings (eg an attempt from another + thread or process) would fail during the time it was open without + sharing, which in curl's case would cause error: + "schannel: failed to open CA file". + + Bug: https://curl.haxx.se/mail/lib-2019-10/0104.html + Reported-by: Richard Alcock -- urlapi: verify the IPv6 numerical address +Daniel Stenberg (31 Oct 2019) +- gtls: make gnutls_bye() not wait for response on shutdown - It needs to parse correctly. Otherwise it could be tricked into letting - through a-f using host names that libcurl would then resolve. Like - '[ab.be]'. + ... as it can make it wait there for a long time for no good purpose. - Reported-by: Thomas Vegas - Closes #4315 + Patched-by: Jay Satiro + Reported-by: Bylon2 on github + Adviced-by: Nikos Mavrogiannopoulos + + Fixes #4487 + Closes #4541 -- [Clément Notin brought this change] +- [Michał Janiszewski brought this change] - openssl: use SSL_CTX_set__proto_version() when available + appveyor: publish artifacts on appveyor - OpenSSL 1.1.0 adds SSL_CTX_set__proto_version() that we now use - when available. Existing code is preserved for older versions of - OpenSSL. + This allows obtaining upstream builds of curl directly from appveyor for + all the available configurations - Closes #4304 - -- [Clément Notin brought this change] + Closes #4509 - openssl: indent, re-organize and add comments +- url: make Curl_close() NULLify the pointer too + + This is the common pattern used in the code and by a unified approach we + avoid mistakes. + + Closes #4534 -- [migueljcrum brought this change] +- [Trivikram Kamat brought this change] - sspi: fix memory leaks + INSTALL: add missing space for configure commands - Closes #4299 - -- travis: disable ngtcp2 builds (again) + Closes #4539 -- Curl_fillreadbuffer: avoid double-free trailer buf on error +- url: Curl_free_request_state() should also free doh handles - Reviewed-by: Jay Satiro - Reported-by: Thomas Vegas + ... or risk DoH memory leaks. - Closes #4307 + Reported-by: Paul Dreik + Fixes #4463 + Closes #4527 -- tool_setopt: handle a libcurl build without netrc support +- examples: remove the "this exact code has not been verified" - Reported-by: codesniffer13 on github - Fixes #4302 - Closes #4305 + ... as really confuses the reader to not know what to believe! -- security:read_data fix bad realloc() - - ... that could end up a double-free +- [Trivikram Kamat brought this change] + + HTTP3: fix typo somehere1 > somewhere1 - CVE-2019-5481 - Bug: https://curl.haxx.se/docs/CVE-2019-5481.html + Closes #4535 -- [Thomas Vegas brought this change] +Jay Satiro (28 Oct 2019) +- [Javier Blazquez brought this change] - tftp: Alloc maximum blksize, and use default unless OACK is received + HTTP3: fix invalid use of sendto for connected UDP socket - Fixes potential buffer overflow from 'recvfrom()', should the server - return an OACK without blksize. + On macOS/BSD, trying to call sendto on a connected UDP socket fails + with a EISCONN error. Because the singleipconnect has already called + connect on the socket when we're trying to use it for QUIC transfers + we need to use plain send instead. - Bug: https://curl.haxx.se/docs/CVE-2019-5482.html - CVE-2019-5482 - -- [Thomas Vegas brought this change] - - tftp: return error when packet is too small for options - -- KNOWN_BUGS/TODO: cleanup and remove outdated issues + Fixes #4529 + Closes https://github.com/curl/curl/pull/4533 +Daniel Stenberg (28 Oct 2019) - RELEASE-NOTES: synced -- netrc: free 'home' on error +- [Javier Blazquez brought this change] + + HTTP3: fix Windows build - Follow-up to f9c7ba9096ec2 + The ngtcp2 QUIC backend was using the MSG_DONTWAIT flag for send/recv + in order to perform nonblocking operations. On Windows this flag does + not exist. Instead, the socket must be set to nonblocking mode via + ioctlsocket. - Coverity CID 1453474 + This change sets the nonblocking flag on UDP sockets used for QUIC on + all platforms so the use of MSG_DONTWAIT is not needed. - Closes #4291 + Fixes #4531 + Closes #4532 -- urldata: avoid 'generic', use dedicated pointers +Marcel Raad (27 Oct 2019) +- appveyor: add --disable-proxy autotools build - For the 'proto' union within the connectdata struct. + This would have caught issue #3926. - Closes #4290 - -- cleanup: move functions out of url.c and make them static + Also make formatting more consistent. - Closes #4289 + Closes https://github.com/curl/curl/pull/4526 -- smtp: check for and bail out on too short EHLO response - - Otherwise, a three byte response would make the smtp_state_ehlo_resp() - function misbehave. +Daniel Stenberg (25 Oct 2019) +- appveyor: make winbuilds with DEBUG=no/yes and VS 2015/2017 - Credit to OSS-Fuzz - Bug: https://crbug.com/oss-fuzz/16918 + ... and invoke "curl -V" once done - Assisted-by: Max Dymond + Co-Authored-By: Jay Satiro - Closes #4287 + Closes #4523 -- smb: init *msg to NULL in smb_send_and_recv() - - ... it might otherwise return OK from this function leaving that pointer - uninitialized. - - Bug: https://crbug.com/oss-fuzz/16907 +- [Francois Rivard brought this change] + + schannel: reverse the order of certinfo insertions - Closes #4286 + Fixes #4518 + Closes #4519 -- ROADMAP: updated after recent user poll +Marcel Raad (24 Oct 2019) +- test1591: fix spelling of http feature - In rough prio order + The test never got run because the feature name is `http` in lowercase. + + Closes https://github.com/curl/curl/pull/4520 -- THANKS: remove duplicate +Daniel Stenberg (23 Oct 2019) +- [Michał Janiszewski brought this change] -- Curl_addr2string: take an addrlen argument too + appveyor: Use two parallel compilation on appveyor with CMake - This allows the function to figure out if a unix domain socket has a - file name or not associated with it! When a socket is created with - socketpair(), as done in the fuzzer testing, the path struct member is - uninitialized and must not be accessed. + Appveyor provides 2 CPUs for each builder[1], make sure to use parallel + compilation, when running with CMake. CMake learned this new option in + version 3.12[2] and the version provided by appveyor is fresh enough. - Bug: https://crbug.com/oss-fuzz/16699 + Curl doesn't really take that long to build and it is using the slowest + builder available, msbuild, so expect only a moderate improvement in + build times. - Closes #4283 - -- [Rolf Eike Beer brought this change] - - CMake: remove needless newlines at end of gss variables - -- [Rolf Eike Beer brought this change] - - CI: remove duplicate configure flag for LGTM.com - -- [Rolf Eike Beer brought this change] - - CMake: use platform dependent name for dlopen() library + [1] https://www.appveyor.com/docs/build-environment/ + [2] https://cmake.org/cmake/help/v3.12/release/3.12.html - Closes #4279 + Closes #4508 -- quiche: expire when poll returned data +- conn-reuse: requests wanting NTLM can reuse non-NTLM connections - ... to make sure we continue draining the queue until empty + Added test case 338 to verify. - Closes #4281 + Reported-by: Daniel Silverstone + Fixes #4499 + Closes #4514 -- quiche: decrease available buffer size, don't assign it! - - Found-by: Jeremy Lainé +Marcel Raad (23 Oct 2019) +- tests: add missing proxy features +Daniel Stenberg (22 Oct 2019) - RELEASE-NOTES: synced -- [Kyohei Kadota brought this change] - - curl: fix include conditions - -- [Kyohei Kadota brought this change] - - plan9: fix installation instructions +Marcel Raad (21 Oct 2019) +- tests: use %FILE_PWD for file:// URLs - Closes #4276 + This way, we always have exactly one slash after the host name, making + the tests pass when curl is compiled with the MSYS GCC. + + Closes https://github.com/curl/curl/pull/4512 -- ngtcp2: on h3 stream close, call expire +- tests: add `connect to non-listen` keywords - ... to trigger a new read to detect the stream close! + These tests try to connect to ports nothing is listening on. - Closes #4275 - -- [Tatsuhiro Tsujikawa brought this change] + Closes https://github.com/curl/curl/pull/4511 - ngtcp2: build latest ngtcp2 and ngtcp2_crypto_openssl +- runtests: get textaware info from curl instead of perl - Closes #4278 - -- ngtcp2: set flow control window to stream buffer size + The MSYS system on Windows can run the test suite for curl built with + any toolset. When built with the MSYS GCC, curl uses Unix line endings, + while it uses Windows line endings when built with the MinGW GCC, and + `^O` reports 'msys' in both cases. Use the curl executable itself to + determine the line endings instead, which reports 'x86_64-pc-msys' when + built with the MSYS GCC. - Closes #4274 + Closes https://github.com/curl/curl/pull/4506 -- [Christopher Head brought this change] +Daniel Stenberg (20 Oct 2019) +- [Michał Janiszewski brought this change] - CURLOPT_HEADERFUNCTION.3: clarify + appveyor: Add MSVC ARM64 build - Closes #4273 + Closes #4507 -- CURLINFO docs: mention that in redirects times are added +- http2_recv: a closed stream trumps pause state - Suggested-by: Brandon Dong - Fixes #4250 - Closes #4269 - -- travis: enable ngtcp2 builds again - - Switched to the openssl-quic-draft-22 openssl branch. - - Closes #4271 - -- HTTP3: switched openssl branch to use - -- [Tatsuhiro Tsujikawa brought this change] - - ngtcp2: Build with latest ngtcp2 and ngtcp2_crypto_openssl + ... and thus should return 0, not EAGAIN. - Closes #4270 + Reported-by: Tom van der Woerdt + Fixes #4496 + Closes #4505 -- http2: when marked for closure and wanted to close == OK +- http2: expire a timeout at end of stream - It could otherwise return an error even when closed correctly if GOAWAY - had been received previously. + To make sure that transfer is being dealt with. Streams without + Content-Length need a final read to notice the end-of-stream state. Reported-by: Tom van der Woerdt - Fixes #4267 - Closes #4268 - -- RELEASE-NOTES: synced + Fixes #4496 -- build-openssl: fix build with Visual Studio 2019 +Dan Fandrich (18 Oct 2019) +- travis: Add an ARM64 build - Reviewed-by: Marcel Raad - Contributed-by: osabc on github - Fixes #4188 - Closes #4266 + Test 323 is failing for some reason, so disable it there for now. -Kamil Dudka (26 Aug 2019) -- vauth: return CURLE_AUTH_ERROR on gss_init_sec_context() failure - - This is a follow-up to https://github.com/curl/curl/pull/3864 . +Marcel Raad (18 Oct 2019) +- examples/sslbackend: fix -Wchar-subscripts warning - Closes #4224 - -Daniel Stenberg (26 Aug 2019) -- KNOWN_BUGS: USE_UNIX_SOCKETS on Windows + With the `isdigit` implementation that comes with MSYS2, the argument + is used as an array subscript, resulting in a -Wchar-subscripts + warning. `isdigit`'s behavior is undefined if the argument is negative + and not EOF [0]. As done in lib/curl_ctype.h, cast the `char` variable + to `unsigned char` to avoid that. - Closes #4040 - -- quiche: send the HTTP body correctly on callback uploads + [0] https://en.cppreference.com/w/c/string/byte/isdigit - Closes #4265 + Closes https://github.com/curl/curl/pull/4503 -- travis: disable ngtcp2 builds (temporarily) - - Just too many API changes right now +Daniel Stenberg (18 Oct 2019) +- configure: remove all cyassl references - Closes #4264 - -- ngtcp2: add support for SSLKEYLOGFILE + In particular, this removes the case where configure would find an old + cyall installation rather than a wolfssl one if present. The library is + named wolfssl in modern days so there's no real need to keep support for + the former. - Closes #4260 + Reported-by: Jacob Barthelmeh + Closes #4502 -- ngtcp2: improve h3 response receiving +Marcel Raad (17 Oct 2019) +- test1162: disable MSYS2's POSIX path conversion - Closes #4259 + This avoids MSYS2 converting the backslasb in the URL to a slash, + causing the test to fail. -- ngtcp2: use nghttp3_version() +Daniel Stenberg (17 Oct 2019) +- RELEASE-NOTES: synced -- ngtcp2: sync with upstream API changes +Jay Satiro (16 Oct 2019) +- CURLOPT_TIMEOUT.3: Clarify transfer timeout time includes queue time - Assisted-by: Tatsuhiro Tsujikawa - -- [Kyle Abramowitz brought this change] - - scp: fix directory name length used in memcpy + Prior to this change some users did not understand that the "request" + starts when the handle is added to the multi handle, or probably they + did not understand that some of those transfers may be queued and that + time is included in timeout. - Fix read off end of array due to bad pointer math in getworkingpath for - SCP home directory case. + Reported-by: Jeroen Ooms - Closes #4258 + Fixes https://github.com/curl/curl/issues/4486 + Closes https://github.com/curl/curl/pull/4489 -- http: the 'closed' struct field is used by both ngh2 and ngh3 - - and remove 'header_recvbuf', not used for anything +- [Stian Soiland-Reyes brought this change] + + tool_operate: Fix retry sleep time shown to user when Retry-After - Reported-by: Jeremy Lainé + - If server header Retry-After is being used for retry sleep time then + show that value to the user instead of the normal retry sleep time. - Closes #4257 - -- ngtcp2: accept upload via callback + This is a follow-up to 640b973 (7.66.0) which changed curl tool so that + the value from Retry-After header overrides other retry timing options. - Closes #4256 + Closes https://github.com/curl/curl/pull/4498 -- defines: avoid underscore-prefixed defines +Daniel Stenberg (16 Oct 2019) +- url: normalize CURLINFO_EFFECTIVE_URL - Double-underscored or underscore plus uppercase letter at least. + The URL extracted with CURLINFO_EFFECTIVE_URL was returned as given as + input in most cases, which made it not get a scheme prefixed like before + if the URL was given without one, and it didn't remove dotdot sequences + etc. - ... as they're claimed to be reserved. + Added test case 1907 to verify that this now works as intended and as + before 7.62.0. - Reported-by: patnyb on github + Regression introduced in 7.62.0 - Fixes #4254 - Closes #4255 + Reported-by: Christophe Dervieux + Fixes #4491 + Closes #4493 -- travis: add a build using ngtcp2 + nghttp3 (and a patched OpenSSL) - - Runs no tests +Marcel Raad (16 Oct 2019) +- tests: line ending fixes for Windows - Closes #4253 - -- travis: bump to using nghttp2 version 1.39.2 + Mark some files as text. - Closes #4252 - -- [Gisle Vanem brought this change] + Closes https://github.com/curl/curl/pull/4490 - docs/examples/curlx: fix errors +- tests: use proxy feature - Initialise 'mimetype' and require the -p12 arg. + This makes the tests succeed when using --disable-proxy. - Closes #4248 + Closes https://github.com/curl/curl/pull/4488 -- cleanup: remove DOT_CHAR completely +- smbserver: fix Python 3 compatibility - Follow-up to f9c7ba9096ec + Python 2's `ConfigParser` module is spelled `configparser` in Python 3. - The use of DOT_CHAR for ".ssh" was probably a mistake and is removed - now. + Closes https://github.com/curl/curl/pull/4484 + +- security: silence conversion warning - Pointed-out-by: Gisle Vanem - Bug: https://github.com/curl/curl/pull/4230#issuecomment-522960638 + With MinGW-w64, `curl_socket_t` is is a 32 or 64 bit unsigned integer, + while `read` expects a 32 bit signed integer. + Use `sread` instead of `read` to use the correct parameter type. - Closes #4247 + Closes https://github.com/curl/curl/pull/4483 -- spnego_sspi: add typecast to fix build warning +- connect: silence sign-compare warning - Reported in build "Win32 target on Debian Stretch (64-bit) - - i686-w64-mingw32 - gcc-20170516" + With MinGW-w64 using WinSock, `curl_socklen_t` is signed, while the + result of `sizeof` is unsigned. - Closes #4245 + Closes https://github.com/curl/curl/pull/4483 -- openssl: build warning free with boringssl +Daniel Stenberg (13 Oct 2019) +- TODO: Handle growing SFTP files - Closes #4244 + Closes #4344 -- curl: make --libcurl use CURL_HTTP_VERSION_3 +- KNOWN_BUGS: remove "CURLFORM_CONTENTLEN in an array" - Closes #4243 + The curl_formadd() function is deprecated and shouldn't be used so the + real fix for applications is to switch to the curl_mime_* API. -- ngtcp2: make postfields-set posts work +- KNOWN_BUGS: "LDAP on Windows does authentication wrong" - Closes #4242 + Closes #3116 -- http: remove chunked-encoding and expect header use for HTTP/3 +- appveyor: add a winbuild that uses VS2017 + + Closes #4482 -- [Alessandro Ghedini brought this change] +- [Harry Sintonen brought this change] - configure: use pkg-config to detect quiche + socketpair: fix include and define for older TCP header systems - This removes the need to hard-code the quiche target path in - configure.ac. + fixed build for systems that need netinet/in.h for IPPROTO_TCP and are + missing INADDR_LOOPBACK - This depends on https://github.com/cloudflare/quiche/pull/128 + Closes #4480 + +- socketpair: fix double-close in error case - Closes #4237 + Follow-up to bc2dbef0afc08 -- CURLOPT_SSL_VERIFYHOST: treat the value 1 as 2 +- gskit: use the generic Curl_socketpair + +- asyn-thread: make use of Curl_socketpair() where available + +- socketpair: an implemention for Windows and more - For a long time (since 7.28.1) we've returned error when setting the - value to 1 to make applications notice that we stopped supported the old - behavior for 1. Starting now, we treat 1 and 2 exactly the same. + Curl_socketpair() is designed to be used and work everywhere if there's + no native version or the native version isn't good enough. - Closes #4241 + Closes #4466 -- curl: use .curlrc (with a dot) on Windows as well +- RELEASE-NOTES: synced + +- connect: return CURLE_OPERATION_TIMEDOUT for errno == ETIMEDOUT - Fall-back to _curlrc if the dot-version is missing. + Previosly all connect() failures would return CURLE_COULDNT_CONNECT, no + matter what errno said. - Co-Authored-By: Steve Holme + This makes for example --retry work on these transfer failures. - Closes #4230 + Reported-by: Nathaniel J. Smith + Fixes #4461 + Clsoes #4462 -- netrc: make the code try ".netrc" on Windows as well - - ... but fall back and try "_netrc" too if the dot version didn't work. - - Co-Authored-By: Steve Holme +- cirrus: switch off blackhole status on the freebsd CI machines -- ngtcp2: use ngtcp2_version() to get the run-time version - - ... which of course doesn't have to be the same used at build-time. +- tests: use port 2 instead of 60000 for a safer non-listening port - Function just recently merged in ngtcp2. + ... when the tests want "connection refused". -- ngtcp2: move the h3 initing to immediately after the rx key - - To fix a segfault and to better deal with 0-RTT +- KNOWN_BUGS: IDN tests failing on Windows - Assisted-by: Tatsuhiro Tsujikawa - -- [Alessandro Ghedini brought this change] + Closes #3747 - quiche: register debug callback once and earlier +Dan Fandrich (9 Oct 2019) +- cirrus: Increase the git clone depth. - The quiche debug callback is global and can only be initialized once, so - make sure we don't do it multiple times (e.g. if multiple requests are - executed). + If more commits are submitted to master between the time of triggering + the first Cirrus build and the time the final build gets started, the + desired commit is no longer at HEAD and the build will error out. + [skip ci] + +Daniel Stenberg (9 Oct 2019) +- docs: make sure the --no-progress-meter docs file is in dist too + +- docs: document it as --no-progress-meter instead of the reverse - In addition this initializes the callback before the connection is - created, so we get logs for the handshake as well. + Follow-up to 93373a960c3bb4 - Closes #4236 + Reported-by: infinnovation-dev on github + Fixes #4474 + Closes #4475 -- ssh: add a generic Curl_ssh_version function for SSH backends +Dan Fandrich (9 Oct 2019) +- cirrus: Switch the FreeBSD 11.x build to 11.3 and add a 13.0 build. - Closes #4235 - -- base64: check for SSH, not specific SSH backends - -- vssh: move ssh init/cleanup functions into backend code - -- vssh: create directory for SSH backend code + Also, select the images using image_family to get the latest snapshots + automatically. + [skip ci] -- TODO/ROADMAP: remove "refuse downgrade redirects" and HTTP/3 +Daniel Stenberg (8 Oct 2019) +- curl: --no-progress-meter - HTTP3 is now already in full progress + New option that allows a user to ONLY switch off curl's progress meter + and leave everything else in "talkative" mode. - Downgrade redirects can be achived almost exactly like that by setting - CURLOPT_REDIR_PROTOCOLS. - -- RELEASE-NOTES: synced + Reported-by: Piotr Komborski + Fixes #4422 + Closes #4470 -- travis: add a quiche build +- TODO: Consult %APPDATA% also for .netrc - Closes #4207 + Closes #4016 -- http: fix use of credentials from URL when using HTTP proxy - - When a username and password are provided in the URL, they were wrongly - removed from the stored URL so that subsequent uses of the same URL - wouldn't find the crendentials. This made doing HTTP auth with multiple - connections (like Digest) mishave. +- CURLOPT_TIMEOUT.3: remove the mention of "minutes" - Regression from 46e164069d1a5230 (7.62.0) + ... just say that limiting operations risk aborting otherwise fine + working transfers. If that means seconds, minutes or hours, we leave to + the user. - Test case 335 added to verify. + Reported-by: Martin Gartner + Closes #4469 + +- [Andrei Valeriu BICA brought this change] + + docs: added multi-event.c example - Reported-by: Mike Crowe + Similar to multi-uv.c but using libevent 2. This is a simpler libevent + integration example then hiperfifo.c. - Fixes #4228 - Closes #4229 + Closes #4471 -- [Mike Crowe brought this change] +Jay Satiro (5 Oct 2019) +- [Nicolas brought this change] - tests: Replace outdated test case numbering documentation + ldap: fix OOM error on missing query string - Tests are no longer grouped by numeric range[1]. Let's stop saying that - and provide some alternative advice for numbering tests. + - Allow missing queries, don't return NO_MEMORY error in such a case. - [1] https://curl.haxx.se/mail/lib-2019-08/0043.html + It is acceptable for there to be no specified query string, for example: - Closes #4227 - -- travis: reduce number of torture tests in 'coverage' + curl ldap://ldap.forumsys.com - ... to make it complete in time. This cut seems not almost not affect - the coverage percentage and yet completes within 35 minutes on travis - where the previous runs recently always timed out after 50. + A regression bug in 1b443a7 caused this issue. - Closes #4223 - -- [Igor Makarov brought this change] - - configure: use -lquiche to link to quiche + This is a partial fix for #4261. - Closes #4226 - -- ngtcp2: provide the callbacks as a static struct + Bug: https://github.com/curl/curl/issues/4261#issuecomment-525543077 + Reported-by: Jojojov@users.noreply.github.com + Analyzed-by: Samuel Surtees - ... instead of having them in quicsocket + Closes https://github.com/curl/curl/pull/4467 -- [Tatsuhiro Tsujikawa brought this change] +- [Paul B. Omta brought this change] - ngtcp2: add missing nghttp3_conn_add_write_offset call + build: Remove unused HAVE_LIBSSL and HAVE_LIBCRYPTO defines - Closes #4225 - -- [Tatsuhiro Tsujikawa brought this change] - - ngtcp2: deal with stream close - -- [Tatsuhiro Tsujikawa brought this change] - - ngtcp2: Consume QUIC STREAM data properly + Closes https://github.com/curl/curl/pull/4460 -- [Tatsuhiro Tsujikawa brought this change] +Daniel Stenberg (5 Oct 2019) +- RELEASE-NOTES: synced - ngtcp2: don't reinitialize SSL on Retry +- [Stian Soiland-Reyes brought this change] -- multi: getsock improvements for QUIC connecting + curl: ensure HTTP 429 triggers --retry + + This completes #3794. + + Also make sure the new tests from #4195 are enabled + + Closes #4465 -- connect: connections are persistent by default for HTTP/3 +Marcel Raad (4 Oct 2019) +- [apique brought this change] -- quiche: happy eyeballs + winbuild: add ENABLE_UNICODE option - Closes #4220 - -- ngtcp2: do QUIC connections happy-eyeballs friendly + Fixes https://github.com/curl/curl/issues/4308 + Closes https://github.com/curl/curl/pull/4309 -- curl_version: bump string buffer size to 250 +Daniel Stenberg (4 Oct 2019) +- ngtcp2: adapt to API change - With HTTP/3 libs and plenty TLS libs, I manged to hit the limit (which - causes a truncated output). + Closes #4457 -- CURLOPT_ALTSVC.3: use a "" file name to not load from a file +- cookies: change argument type for Curl_flush_cookies + + The second argument is really a 'bool' so use that and pass in TRUE/FALSE + to make it clear. + + Closes #4455 -Jay Satiro (14 Aug 2019) -- vauth: Use CURLE_AUTH_ERROR for auth function errors +- http2: move state-init from creation to pre-transfer - - Add new error code CURLE_AUTH_ERROR. + To make sure that the HTTP/2 state is initialized correctly for + duplicated handles. It would otherwise easily generate "spurious" + PRIORITY frames to get sent over HTTP/2 connections when duplicated easy + handles were used. - Prior to this change auth function errors were signaled by - CURLE_OUT_OF_MEMORY and CURLE_RECV_ERROR, and neither one was - technically correct. + Reported-by: Daniel Silverstone + Fixes #4303 + Closes #4442 + +- urlapi: fix use-after-free bug - Ref: https://github.com/curl/curl/pull/3848 + Follow-up from 2c20109a9b5d04 - Co-authored-by: Dominik Hölzl + Added test 663 to verify. - Closes https://github.com/curl/curl/pull/3864 + Reported by OSS-Fuzz + Bug: https://crbug.com/oss-fuzz/17954 + + Closes #4453 -Daniel Stenberg (13 Aug 2019) -- curl_version_info: make the quic_version a const +- [Paul Dreik brought this change] + + cookie: avoid harmless use after free - Follow-up from 1a2df1518ad8653f + This fix removes a use after free which can be triggered by + the internal cookie fuzzer, but otherwise is probably + impossible to trigger from an ordinary application. - Closes #4222 - -- examples: add http3.c, altsvc.c and http3-present.c + The following program reproduces it: - Closes #4221 - -Peter Wu (13 Aug 2019) -- nss: use TLSv1.3 as default if supported + curl_global_init(CURL_GLOBAL_DEFAULT); + CURL* handle=curl_easy_init(); + CookieInfo* info=Curl_cookie_init(handle,NULL,NULL,false); + curl_easy_setopt(handle, CURLOPT_COOKIEJAR, "/dev/null"); + Curl_flush_cookies(handle, true); + Curl_cookie_cleanup(info); + curl_easy_cleanup(handle); + curl_global_cleanup(); - SSL_VersionRangeGetDefault returns (TLSv1.0, TLSv1.2) as supported - range in NSS 3.45. It looks like the intention is to raise the minimum - version rather than lowering the maximum, so adjust accordingly. Note - that the caller (nss_setup_connect) initializes the version range to - (TLSv1.0, TLSv1.3), so there is no need to check for >= TLSv1.0 again. + This was found through fuzzing. - Closes #4187 - Reviewed-by: Daniel Stenberg - Reviewed-by: Kamil Dudka + Closes #4454 -Daniel Stenberg (13 Aug 2019) -- quic.h: remove unused proto +- [Denis Chaplygin brought this change] -- curl_version_info.3: mentioned ALTSVC and HTTP3 + docs: add note on failed handles not being counted by curl_multi_perform - ... and sorted the list alphabetically - -- lib/quic.c: unused - removed + Closes #4446 -- CURLOPT_ALTSVC_CTRL.3: remove CURLALTSVC_ALTUSED - - Follow-up to 98c3f148 that removed it from the header file +- CURLMOPT_MAX_CONCURRENT_STREAMS.3: fix SEE ALSO typo -- [Junho Choi brought this change] +- [Niall O'Reilly brought this change] - docs/HTTP3: simplify quiche build instruction - - Use --recursive to get boringssl in one line + ESNI: initial build/setup - Closes #4219 + Closes #4011 -- altsvc: make it use h3-22 with ngtcp2 as well +- RELEASE-NOTES: synced -- ngtcp2: initial h3 request work +- redirect: when following redirects to an absolute URL, URL encode it - Closes #4217 - -- curl_version_info: offer quic (and h3) library info + ... to make it handle for example (RFC violating) embeded spaces. - Closes #4216 + Reported-by: momala454 on github + Fixes #4445 + Closes #4447 -- HTTP3: use ngtcp2's draft-22 branch +- urlapi: fix URL encoding when setting a full URL -- RELEASE-NOTES: synced +- tool_operate: rename functions to make more sense -- CURLOPT_READFUNCTION.3: provide inline example +- curl: create easy handles on-demand and not ahead of time - ... instead of mentioning one in another place - -- [Tatsuhiro Tsujikawa brought this change] + This should again enable crazy-large download ranges of the style + [1-10000000] that otherwise easily ran out of memory starting in 7.66.0 + when this new handle allocating scheme was introduced. + + Reported-by: Peter Sumatra + Fixes #4393 + Closes #4438 - ngtcp2: send HTTP/3 request with nghttp3 +- [Kunal Ekawde brought this change] + + CURLMOPT_MAX_CONCURRENT_STREAMS: new setopt - This commit makes sending HTTP/3 request with nghttp3 work. It - minimally receives HTTP response and calls nghttp3 callbacks, but no - processing is made at the moment. + Closes #4410 + +- chunked-encoding: stop hiding the CURLE_BAD_CONTENT_ENCODING error - Closes #4215 + Unknown content-encoding would get returned as CURLE_WRITE_ERROR if the + response is chunked-encoded. + + Reported-by: Ilya Kosarev + Fixes #4310 + Closes #4449 -- nghttp3: initial h3 template code added +Marcel Raad (1 Oct 2019) +- checksrc: fix uninitialized variable warning + + The loop doesn't need to be executed without a file argument. + + Closes https://github.com/curl/curl/pull/4444 -- nghttp3: required when ngtcp2 is used for QUIC +- urlapi: fix unused variable warning - - checked for by configure - - updated docs/HTTP3.md - - shown in the version string + `dest` is only used with `ENABLE_IPV6`. - Closes #4210 + Closes https://github.com/curl/curl/pull/4444 -- [Eric Wong brought this change] +- lib: silence conversion warnings + + Closes https://github.com/curl/curl/pull/4444 - asyn-thread: issue CURL_POLL_REMOVE before closing socket +- AppVeyor: add 32-bit MinGW-w64 build - This avoids EBADF errors from EPOLL_CTL_DEL operations in the - ephiperfifo.c example. EBADF is dangerous in multi-threaded - applications where I rely on epoll_ctl to operate on the same - epoll description from different threads. + With WinSSL and testing enabled so that it would have detected most of + the warnings fixed in [0] and [1]. - Follow-up to eb9a604f8d7db8 + [0] https://github.com/curl/curl/pull/4398 + [1] https://github.com/curl/curl/pull/4415 - Bug: https://curl.haxx.se/mail/lib-2019-08/0026.html - Closes #4211 - -- [Carlo Marcelo Arenas Belón brought this change] + Closes https://github.com/curl/curl/pull/4433 - configure: avoid undefined check_for_ca_bundle +- AppVeyor: remove MSYS2_ARG_CONV_EXCL for winbuild - instead of using a "greater than 0" test, check for variable being - set, as it is always set to 1, and could be left unset if non of - OPENSSL MBEDTLS GNUTLS WOLFSSL is being configured for. + It's only used for MSYS2 with MinGW. - Closes #4213 + Closes -- [Tatsuhiro Tsujikawa brought this change] +Daniel Stenberg (30 Sep 2019) +- [Emil Engler brought this change] - ngtcp2: Send ALPN h3-22 + git: add tests/server/disabled to .gitignore - Closes #4212 + Closes #4441 -- [Tatsuhiro Tsujikawa brought this change] +- altsvc: accept quoted ma and persist values + + As mandated by the spec. Test 1654 is extended to verify. + + Closes #4443 - ngtcp2: use ngtcp2_settings_default and specify initial_ts +- mailmap: a Lucas fix -- curl_global_init_mem.3: mention it was added in 7.12.0 +Alessandro Ghedini (29 Sep 2019) +- [Lucas Pardue brought this change] -- [Tatsuhiro Tsujikawa brought this change] + quiche: update HTTP/3 config creation to new API - ngtcp2: make the QUIC handshake work - - Closes #4209 +Daniel Stenberg (29 Sep 2019) +- BINDINGS: PureBasic, Net::Curl for perl and Nim -- [Alex Mayorga brought this change] +- BINDINGS: Kapito is an Erlang library, basically a binding - HTTP3.md: Update quiche build instructions - - Added cloning for quiche and BoringSSL and modified the build - instructions so they work on a clean folder. +- BINDINGS: added clj-curl - Closes #4208 + Reported-by: Lucas Severo -- CURLOPT_H3: removed - - There's no use for this anymore and it was never in a release. - - Closes #4206 +- [Jay Satiro brought this change] -- http3: make connection reuse work + docs: disambiguate CURLUPART_HOST is for host name (ie no port) - Closes #4204 - -- quiche: add SSLKEYLOGFILE support + Closes #4424 -- cleanup: s/curl_debug/curl_dbg_debug in comments and docs +- cookies: using a share with cookies shouldn't enable the cookie engine - Leftovers from the function rename back in 76b63489495 + The 'share object' only sets the storage area for cookies. The "cookie + engine" still needs to be enabled or activated using the normal cookie + options. - Reported-by: Gisle Vanem - Bug: https://github.com/curl/curl/commit/f3e0f071b14fcb46a453f69bdf4e062bcaacf362#com - mitcomment-34601751 + This caused the curl command line tool to accidentally use cookies + without having been told to, since curl switched to using shared cookies + in 7.66.0. - Closes #4203 + Test 1166 verifies + + Updated test 506 + + Fixes #4429 + Closes #4434 + +- setopt: handle ALTSVC set to NULL - RELEASE-NOTES: synced -- alt-svc: add protocol version selection masking - - So that users can mask in/out specific HTTP versions when Alt-Svc is - used. - - - Removed "h2c" and updated test case accordingly - - Changed how the altsvc struct is laid out - - Added ifdefs to make the unittest run even in a quiche-tree - - Closes #4201 +- [grdowns brought this change] -- http3: fix the HTTP/3 in the request, make alt-svc set right versions + INSTALL: add vcpkg installation instructions - Closes #4200 + Closes #4435 -- alt-svc: send Alt-Used: in redirected requests - - RFC 7838 section 5: - - When using an alternative service, clients SHOULD include an Alt-Used - header field in all requests. - - Removed CURLALTSVC_ALTUSED again (feature is still EXPERIMENTAL thus - this is deemed ok). - - You can disable sending this header just like you disable any other HTTP - header in libcurl. - - Closes #4199 +- [Zenju brought this change] -- CURLOPT_HTTP_VERSION: seting this to 3 forces HTTP/3 use directly - - Even though it cannot fall-back to a lower HTTP version automatically. The - safer way to upgrade remains via CURLOPT_ALTSVC. - - CURLOPT_H3 no longer has any bits that do anything and might be removed - before we remove the experimental label. + FTP: add test for FTPFILE_NOCWD: Avoid redundant CWDs - Updated the curl tool accordingly to use "--http3". + Add libtest 661 - Closes #4197 + Closes #4417 -- docs/ALTSVC: remove what works and the experimental explanation - - Also, put the TODO items at the bottom. - - Closes #4198 +- [Zenju brought this change] -- docs/EXPERIMENTAL: explain what it means and what's experimental now + FTP: url-decode path before evaluation + + Closes #4428 -- curl: make use of CURLINFO_RETRY_AFTER when retrying +Marcel Raad (27 Sep 2019) +- tests: fix narrowing conversion warnings - If a Retry-After: header was used in the response, that value overrides - other retry timing options. + `timediff_t` is 64 bits wide also on 32-bit systems since + commit b1616dad8f0. - Fixes #3794 - Closes #4195 + Closes https://github.com/curl/curl/pull/4415 -- curl: use CURLINFO_PROTOCOL to check for HTTP(s) - - ... instead of CURLINFO_EFFECTIVE_URL to avoid string operations. +Jay Satiro (27 Sep 2019) +- [julian brought this change] -- CURLINFO_RETRY_AFTER: parse the Retry-After header value - - This is only the libcurl part that provides the information. There's no - user of the parsed value. This change includes three new tests for the - parser. + vtls: Fix comment typo about macosx-version-min compiler flag - Ref: #3794 + Closes https://github.com/curl/curl/pull/4425 -- docs/ALTSVC.md: first basic file format description +Daniel Stenberg (26 Sep 2019) +- [Yechiel Kalmenson brought this change] -- curl: have -w's 'http_version' show '3' for HTTP/3 + README: minor grammar fix - Closes #4196 + Closes #4431 -- curl.h: add CURL_HTTP_VERSION_3 to the version enum +- [Spezifant brought this change] + + HTTP3: fix prefix parameter for ngtcp2 build - It can't be set for CURLOPT_HTTP_VERSION, but it can be extracted with - CURLINFO_HTTP_VERSION. + Closes #4430 -- quiche: make use of the connection timeout API properly +- quiche: don't close connection at end of stream! -- quiche: make POSTFIELDS posts work +- quiche: set 'drain' when returning without having drained the queues -- quiche: improved error handling and memory cleanups +- Revert "FTP: url-decode path before evaluation" + + This reverts commit 2f036a72d543e96128bd75cb0fedd88815fd42e2. -- quiche: flush egress in h3_stream_recv() too +- HTTP3: merged and simplified the two 'running' sections -- RELEASE-NOTES: synced +- HTTP3: show an --alt-svc using example too -Jay Satiro (6 Aug 2019) -- [Patrick Monnerat brought this change] +- [Zenju brought this change] - os400: take care of CURLOPT_SASL_AUTHZID in curl_easy_setopt_ccsid(). + FTP: url-decode path before evaluation - Ref: https://github.com/curl/curl/issues/3653 - Ref: https://github.com/curl/curl/pull/3790 + Closes #4423 + +- openssl: use strerror on SSL_ERROR_SYSCALL - NOTE: This commit was cherry-picked and is part of a series of commits - that added the authzid feature for upcoming 7.66.0. The series was - temporarily reverted in db8ec1f so that it would not ship in a 7.65.x - patch release. + Instead of showing the somewhat nonsensical errno number, use strerror() + to provide a more relatable error message. - Closes https://github.com/curl/curl/pull/4186 + Closes #4411 -- tests: Fix the line endings for the SASL alt-auth tests +- HTTP3: update quic.aiortc.org + add link to server list - - Change data and protocol sections to CRLF line endings. + Reported-by: Jeremy Lainé + +Jay Satiro (26 Sep 2019) +- url: don't set appconnect time for non-ssl/non-ssh connections - Prior to this change the tests would fail or hang, which is because - certain sections such as protocol require CRLF line endings. + Prior to this change non-ssl/non-ssh connections that were reused set + TIMER_APPCONNECT [1]. Arguably that was incorrect since no SSL/SSH + handshake took place. - Follow-up to grandparent commit which added the tests. + [1]: TIMER_APPCONNECT is publicly known as CURLINFO_APPCONNECT_TIME in + libcurl and %{time_appconnect} in the curl tool. It is documented as + "the time until the SSL/SSH handshake is completed". - Ref: https://github.com/curl/curl/issues/3653 - Ref: https://github.com/curl/curl/pull/3790 + Reported-by: Marcel Hernandez - NOTE: This commit was cherry-picked and is part of a series of commits - that added the authzid feature for upcoming 7.66.0. The series was - temporarily reverted in db8ec1f so that it would not ship in a 7.65.x - patch release. + Ref: https://github.com/curl/curl/issues/3760 - Closes https://github.com/curl/curl/pull/4186 - -- [Steve Holme brought this change] + Closes https://github.com/curl/curl/pull/3773 - examples: Added SASL PLAIN authorisation identity (authzid) examples - - Ref: https://github.com/curl/curl/issues/3653 - Ref: https://github.com/curl/curl/pull/3790 +Daniel Stenberg (25 Sep 2019) +- ngtcp2: remove fprintf() calls - NOTE: This commit was cherry-picked and is part of a series of commits - that added the authzid feature for upcoming 7.66.0. The series was - temporarily reverted in db8ec1f so that it would not ship in a 7.65.x - patch release. + - convert some of them to H3BUF() calls to infof() + - remove some of them completely + - made DEBUG_HTTP3 defined only if CURLDEBUG is set for now - Closes https://github.com/curl/curl/pull/4186 + Closes #4421 -- [Steve Holme brought this change] +- [Jay Satiro brought this change] - curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the tool - - Ref: https://github.com/curl/curl/issues/3653 - Ref: https://github.com/curl/curl/pull/3790 - - NOTE: This commit was cherry-picked and is part of a series of commits - that added the authzid feature for upcoming 7.66.0. The series was - temporarily reverted in db8ec1f so that it would not ship in a 7.65.x - patch release. + url: fix the NULL hostname compiler warning case - Closes https://github.com/curl/curl/pull/4186 + Closes #4403 -- [Steve Holme brought this change] +- [Jay Satiro brought this change] - sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID - - Added the ability for the calling program to specify the authorisation - identity (authzid), the identity to act as, in addition to the - authentication identity (authcid) and password when using SASL PLAIN - authentication. - - Fixes #3653 - Closes #3790 - - NOTE: This commit was cherry-picked and is part of a series of commits - that added the authzid feature for upcoming 7.66.0. The series was - temporarily reverted in db8ec1f so that it would not ship in a 7.65.x - patch release. + travis: move the go install to linux-only - Closes https://github.com/curl/curl/pull/4186 - -Daniel Stenberg (6 Aug 2019) -- docs/HTTP3: refreshed as it is now in master and HTTP/3 can be tested + ... to repair the build again + Closes #4403 -- [Yiming Jing brought this change] +- altsvc: correct the #ifdef for the ngtcp2 backend - mesalink: implement client authentication +- altsvc: save h3 as h3-23 - Closes #4184 + Follow-up to d176a2c7e5 -- curl_multi_poll: a sister to curl_multi_wait() that waits more +- urlapi: question mark within fragment is still fragment - Repeatedly we see problems where using curl_multi_wait() is difficult or - just awkward because if it has no file descriptor to wait for - internally, it returns immediately and leaves it to the caller to wait - for a small amount of time in order to avoid occasional busy-looping. + The parser would check for a query part before fragment, which caused it + to do wrong when the fragment contains a question mark. - This is often missed or misunderstood, leading to underperforming - applications. + Extended test 1560 to verify. - This change introduces curl_multi_poll() as a replacement drop-in - function that accepts the exact same set of arguments. This function - works identically to curl_multi_wait() - EXCEPT - for the case when - there's nothing to wait for internally, as then this function will by - itself wait for a "suitable" short time before it returns. This - effectiely avoids all risks of busy-looping and should also make it less - likely that apps "over-wait". + Reported-by: Alex Konev + Fixes #4412 + Closes #4413 + +- [Alex Samorukov brought this change] + + HTTP3.md: move -p for mkdir, remove -j for make - This also changes the curl tool to use this funtion internally when - doing parallel transfers and changes curl_easy_perform() to use it - internally. + - mkdir on OSX/Darwin requires `-p` argument before dir - Closes #4163 - -- quiche:h3_stream_recv return 0 at end of stream + - portabbly figuring out number of cores is an exercise for somewhere + else - ... and remove some verbose messages we don't need. Made transfers from - facebook.com work better. + Closes #4407 -- altsvc: make quiche use h3-22 now +Patrick Monnerat (24 Sep 2019) +- os400: getpeername() and getsockname() return ebcdic AF_UNIX sockaddr, + + As libcurl now uses these 2 system functions, wrappers are needed on os400 + to convert returned AF_UNIX sockaddrs to ascii. + + This is a follow-up to commit 7fb54ef. + See also #4037. + Closes #4214 -- quiche: show the actual version number +Jay Satiro (24 Sep 2019) +- [Lucas Pardue brought this change] -- quiche: first working HTTP/3 request + strcase: fix raw lowercasing the letter X - - enable debug log - - fix use of quiche API - - use download buffer - - separate header/body + Casing mistake in Curl_raw_tolower 'X' wasn't lowercased as 'x' prior to + this change. - Closes #4193 - -- http09: disable HTTP/0.9 by default in both tool and library + Follow-up to 0023fce which added the function several days ago. - As the plan has been laid out in DEPRECATED. Update docs accordingly and - verify in test 1174. Now requires the option to be set to allow HTTP/0.9 - responses. + Ref: https://github.com/curl/curl/pull/4401#discussion_r327396546 - Closes #4191 - -- quiche: initial h3 request send/receive - -- lib/Makefile.am: make checksrc run in vquic too + Closes https://github.com/curl/curl/pull/4408 -- altsvc: fix removal of expired cache entry +Daniel Stenberg (23 Sep 2019) +- http2: Expression 'stream->stream_id != - 1' is always true - Closes #4192 - -- RELEASE-NOTES: synced + PVS-Studio warning + Fixes #4402 -Steve Holme (4 Aug 2019) -- md4: Use our own MD4 implementation when no crypto libraries are available +- http2: A value is being subtracted from the unsigned variable - Closes #3780 - -- md4: No need to include Curl_md4.h for each TLS library + PVS-Studio warning + Fixes #4402 -- md4: No need for the NTLM code to call Curl_md4it() for each TLS library +- libssh: part of conditional expression is always true: !result - As the NTLM code no longer calls any of TLS libraries' specific MD4 - functions, there is no need to call this function for each #ifdef. - -- md4: Move the mbed TLS MD4 implementation out of the NTLM code + PVS-Studio warning + Fixed #4402 -- md4: Move the WinCrypt implementation out of the NTLM code +- libssh: part of conditional expression is always true + + PVS-Studio warning + Fixes #4402 -- md4: Move the SecureTransport implementation out of the NTLM code +- libssh: The expression is excessive or contains a misprint + + PVS-Studio warning + Fixes #4402 -- md4: Use the Curl_md4it() function for OpenSSL based NTLM +- quiche: The expression must be surrounded by parentheses + + PVS-Studio warning + Fixes #4402 -- md4: Move the GNU TLS gcrypt MD4 implementation out of the NTLM code +- vauth: The parameter 'status' must be surrounded by parentheses + + PVS-Studio warning + Fixes #4402 -- md4: Move the GNU TLS Nettle MD4 implementation out of the NTLM code +- [Paul Dreik brought this change] -Jay Satiro (4 Aug 2019) -- OS400: Add CURLOPT_H3 symbols + doh: allow only http and https in debug mode - Follow-up to 3af0e76 which added experimental H3 support. + Otherwise curl may be told to use for instance pop3 to + communicate with the doh server, which most likely + is not what you want. - Closes https://github.com/curl/curl/pull/4185 + Found through fuzzing. + + Closes #4406 -Daniel Stenberg (3 Aug 2019) -- url: make use of new HTTP version if alt-svc has one +- [Paul Dreik brought this change] -- url: set conn->transport to default TCP at init time + doh: return early if there is no time left + + Closes #4406 -- altsvc: with quiche, use the quiche h3 alpn string +- [Barry Pollard brought this change] + + http: lowercase headernames for HTTP/2 and HTTP/3 - Closes #4183 + Closes #4401 + Fixes #4400 -- alt-svc: more liberal ALPN name parsing +Marcel Raad (23 Sep 2019) +- vtls: fix narrowing conversion warnings - Allow pretty much anything to be part of the ALPN identifier. In - particular minus, which is used for "h3-20" (in-progress HTTP/3 - versions) etc. + Curl_timeleft returns `timediff_t`, which is 64 bits wide also on + 32-bit systems since commit b1616dad8f0. - Updated test 356. - Closes #4182 + Closes https://github.com/curl/curl/pull/4398 -- quiche: use the proper HTTP/3 ALPN +Daniel Stenberg (23 Sep 2019) +- [Joel Depooter brought this change] -- quiche: add failf() calls for two error cases + winbuild: Add manifest to curl.exe for proper OS version detection - To aid debugging + This is a small fix to commit ebd213270a017a6830928ee2e1f4a9cabc799898 + in pull request #1221. That commit added the CURL_EMBED_MANIFEST flag to + CURL_RC_FLAGS. However, later in the file CURL_RC_FLAGS is + overwritten. The fix is to append values to CURL_RC_FLAGS instead of + overwriting - Closes #4181 + Closes #4399 -- mailmap: added Kyohei Kadota +- RELEASE-NOTES: synced -Kamil Dudka (1 Aug 2019) -- http_negotiate: improve handling of gss_init_sec_context() failures - - If HTTPAUTH_GSSNEGOTIATE was used for a POST request and - gss_init_sec_context() failed, the POST request was sent - with empty body. This commit also restores the original - behavior of `curl --fail --negotiate`, which was changed - by commit 6c6035532383e300c712e4c1cd9fdd749ed5cf59. +Marcel Raad (22 Sep 2019) +- openssl: fix compiler warning with LibreSSL - Add regression tests 2077 and 2078 to cover this. + It was already fixed for BoringSSL in commit a0f8fccb1e0. + LibreSSL has had the second argument to SSL_CTX_set_min_proto_version + as uint16_t ever since the function was added in [0]. - Fixes #3992 - Closes #4171 - -Daniel Stenberg (1 Aug 2019) -- mailmap: added 4 more names + [0] https://github.com/libressl-portable/openbsd/commit/56f107201baefb5533486d665a58d8f57fd3aeda - Evgeny Grin, Peter Pih, Anton Malov and Marquis de Muesli - -- mailmap: add Giorgos Oikonomou + Closes https://github.com/curl/curl/pull/4397 -- src/makefile: fix uncompressed hugehelp.c generation +Daniel Stenberg (22 Sep 2019) +- curl: exit the create_transfers loop on errors - Regression from 5cf5d57ab9 (7.64.1) + When looping around the ranges and given URLs to create transfers, all + errors should exit the loop and return. Previously it would keep + looping. - Fixed-by: Lance Ware - Fixes #4176 - Closes #4177 - -- appveyor: pass on -k to make + Reported-by: SumatraPeter on github + Bug: #4393 + Closes #4396 -- timediff: make it 64 bit (if possible) even with 32 bit time_t +Jay Satiro (21 Sep 2019) +- socks: Fix destination host shown on SOCKS5 error - ... to make it hold microseconds too. + Prior to this change when a server returned a socks5 connect error then + curl would parse the destination address:port from that data and show it + to the user as the destination: - Fixes #4165 - Closes #4168 + curld -v --socks5 10.0.3.1:1080 http://google.com:99 + * SOCKS5 communication to google.com:99 + * SOCKS5 connect to IPv4 172.217.12.206 (locally resolved) + * Can't complete SOCKS5 connection to 253.127.0.0:26673. (1) + curl: (7) Can't complete SOCKS5 connection to 253.127.0.0:26673. (1) + + That's incorrect because the address:port included in the connect error + is actually a bind address:port (typically unused) and not the + destination address:port. This fix changes curl to show the destination + information that curl sent to the server instead: + + curld -v --socks5 10.0.3.1:1080 http://google.com:99 + * SOCKS5 communication to google.com:99 + * SOCKS5 connect to IPv4 172.217.7.14:99 (locally resolved) + * Can't complete SOCKS5 connection to 172.217.7.14:99. (1) + curl: (7) Can't complete SOCKS5 connection to 172.217.7.14:99. (1) + + curld -v --socks5-hostname 10.0.3.1:1080 http://google.com:99 + * SOCKS5 communication to google.com:99 + * SOCKS5 connect to google.com:99 (remotely resolved) + * Can't complete SOCKS5 connection to google.com:99. (1) + curl: (7) Can't complete SOCKS5 connection to google.com:99. (1) + + Ref: https://tools.ietf.org/html/rfc1928#section-6 + + Closes https://github.com/curl/curl/pull/4394 -- ROADMAP: parallel transfers are merged now +Daniel Stenberg (21 Sep 2019) +- travis: enable ngtcp2 h3-23 builds -- getenv: support up to 4K environment variable contents on windows +- altsvc: both backends run h3-23 now - Reported-by: Michal Čaplygin - Fixes #4174 - Closes #4175 - -- [Kyohei Kadota brought this change] + Closes #4395 - plan9: add support for running on Plan 9 +- http: fix warning on conversion from int to bit - Closes #3701 + Follow-up from 03ebe66d70 -- [Kyohei Kadota brought this change] +- urldata: use 'bool' for the bit type on MSVC compilers + + Closes #4387 + Fixes #4379 - ntlm: explicit type casting +- appveyor: upgrade VS2017 to VS2019 + + Closes #4383 -- [Justin brought this change] +- [Zenju brought this change] - curl.h: fix outdated comment + FTP: FTPFILE_NOCWD: avoid redundant CWDs - Closes #4167 + Closes #4382 -- curl: remove outdated comment +- cookie: pass in the correct cookie amount to qsort() - Turned bad with commit b8894085000 + As the loop discards cookies without domain set. This bug would lead to + qsort() trying to sort uninitialized pointers. We have however not found + it a security problem. - Reported-by: niallor on github - Fixes #4172 - Closes #4173 + Reported-by: Paul Dreik + Closes #4386 -- cleanup: remove the 'numsocks' argument used in many places +- [Paul Dreik brought this change] + + urlapi: avoid index underflow for short ipv6 hostnames - It was used (intended) to pass in the size of the 'socks' array that is - also passed to these functions, but was rarely actually checked/used and - the array is defined to a fixed size of MAX_SOCKSPEREASYHANDLE entries - that should be used instead. + If the input hostname is "[", hlen will underflow to max of size_t when + it is subtracted with 2. - Closes #4169 - -- readwrite_data: repair setting the TIMER_STARTTRANSFER stamp + hostname[hlen] will then cause a warning by ubsanitizer: - Regression, broken in commit 65eb65fde64bd5f (curl 7.64.1) + runtime error: addition of unsigned offset to 0x overflowed to + 0x - Reported-by: Jonathan Cardoso Machado - Assisted-by: Jay Satiro + I think that in practice, the generated code will work, and the output + of hostname[hlen] will be the first character "[". - Fixes #4136 - Closes #4162 + This can be demonstrated by the following program (tested in both clang + and gcc, with -O3) + + int main() { + char* hostname=strdup("["); + size_t hlen = strlen(hostname); + + hlen-=2; + hostname++; + printf("character is %d\n",+hostname[hlen]); + free(hostname-1); + } + + I found this through fuzzing, and even if it seems harmless, the proper + thing is to return early with an error. + + Closes #4389 -- mailmap: Amit Katyal +- [Tatsuhiro Tsujikawa brought this change] -- asyn-thread: removed unused variable + ngtcp2: compile with latest ngtcp2 + nghttp3 draft-23 - Follow-up to eb9a604f. Mistake caused by me when I edited the commit - before push... - -- RELEASE-NOTES: synced + Closes #4392 -- [Amit Katyal brought this change] +- THANKS-filter: deal with my typos 'Jat' => 'Jay' - asyn-thread: create a socketpair to wait on +- travis: use go master - Closes #4157 + ... as the boringssl builds needs a very recent version + + Co-authored-by: Jat Satiro + Closes #4361 -- curl: cap the maximum allowed values for retry time arguments +- tool_operate: removed unused variable 'done' - ... to avoid integer overflows later when multiplying with 1000 to - convert seconds to milliseconds. + Fixes warning detected by PVS-Studio + Fixes #4374 + +- tool_operate: Expression 'config->resume_from' is always true - Added test 1269 to verify. + Fixes warning detected by PVS-Studio + Fixes #4374 + +- tool_getparam: remove duplicate switch case - Reported-by: Jason Lee - Closes #4166 + Fixes warning detected by PVS-Studio + Fixes #4374 -- progress: reset download/uploaded counter +- libssh2: part of conditional expression is always true: !result - ... to make CURLOPT_MAX_RECV_SPEED_LARGE and - CURLOPT_MAX_SEND_SPEED_LARGE work correctly on subsequent transfers that - reuse the same handle. + Fixes warning detected by PVS-Studio + Fixes #4374 + +- urlapi: Expression 'storep' is always true - Fixed-by: Ironbars13 on github - Fixes #4084 - Closes #4161 + Fixes warning detected by PVS-Studio + Fixes #4374 -- http2_recv: trigger another read when the last data is returned +- urlapi: 'scheme' is always true - ... so that end-of-stream is detected properly. + Fixes warning detected by PVS-Studio + Fixes #4374 + +- urlapi: part of conditional expression is always true: (relurl[0] == '/') - Reported-by: Tom van der Woerdt - Fixes #4043 - Closes #4160 + Fixes warning detected by PVS-Studio + Fixes #4374 -- curl: avoid uncessary libcurl timeouts (in parallel mode) +- setopt: store CURLOPT_RTSP_SERVER_CSEQ correctly - When curl_multi_wait() returns OK without file descriptors to wait for, - it might already have done a long timeout. + Fixes bug detected by PVS-Studio + Fixes #4374 + +- mime: make Curl_mime_duppart() assert if called without valid dst - Closes #4159 + Fixes warning detected by PVS-Studio + Fixes #4374 -- [Balazs Kovacsics brought this change] +- http_proxy: part of conditional expression is always true: !error + + Fixes warning detected by PVS-Studio + Fixes #4374 - HTTP: use chunked Transfer-Encoding for HTTP_POST if size unknown +- imap: merged two case-branches performing the same action - If using the read callback for HTTP_POST, and POSTFIELDSIZE is not set, - automatically add a Transfer-Encoding: chunked header, same as it is - already done for HTTP_PUT, HTTP_POST_FORM and HTTP_POST_MIME. Update - test 1514 according to the new behaviour. + Fixes warning detected by PVS-Studio + Fixes #4374 + +- multi: value '2L' is assigned to a boolean - Closes #4138 + Fixes warning detected by PVS-Studio + Fixes #4374 -Jay Satiro (29 Jul 2019) -- [Daniel Stenberg brought this change] +- easy: part of conditional expression is always true: !result + + Fixes warning detected by PVS-Studio + Fixes #4374 - winbuild: add vquic to list of build directories +- netrc: part of conditional expression is always true: !done - This fixes the winbuild build method which broke several days ago - when experimental quic support was added in 3af0e76. + Fixes warning detected by PVS-Studio + Fixes #4374 + +- version: Expression 'left > 1' is always true - Reported-by: Michael Lee + Fixes warning detected by PVS-Studio + Fixes #4374 + +- url: remove dead code - Fixes https://github.com/curl/curl/issues/4158 + Fixes warning detected by PVS-Studio + Fixes #4374 -- easy: resize receive buffer on easy handle reset +- url: part of expression is always true: (bundle->multiuse == 0) - - In curl_easy_reset attempt to resize the receive buffer to its default - size. If realloc fails then continue using the previous size. + Fixes warning detected by PVS-Studio + Fixes #4374 + +- ftp: the conditional expression is always true - Prior to this change curl_easy_reset did not properly handle resetting - the receive buffer (data->state.buffer). It reset the variable holding - its size (data->set.buffer_size) to the default size (READBUFFER_SIZE) - but then did not actually resize the buffer. If a user resized the - buffer by using CURLOPT_BUFFERSIZE to set the size smaller than the - default, later called curl_easy_reset and attempted to reuse the handle - then a heap overflow would very likely occur during that handle's next - transfer. + ... both !result and (ftp->transfer != FTPTRANSFER_BODY)! - Reported-by: Felix Hädicke + Fixes warning detected by PVS-Studio + Fixes #4374 + +- ftp: Expression 'ftpc->wait_data_conn' is always false - Fixes https://github.com/curl/curl/issues/4143 - Closes https://github.com/curl/curl/pull/4145 + Fixes warning detected by PVS-Studio + Fixes #4374 -- [Brad Spencer brought this change] +- ftp: Expression 'ftpc->wait_data_conn' is always true + + Fixes warning detected by PVS-Studio + Fixes #4374 - examples: Avoid reserved names in hiperfifo examples +- ftp: part of conditional expression is always true: !result - - Trade in __attribute__((unused)) for the classic (void)x to silence - unused symbols. + Fixes warning detected by PVS-Studio + Fixes #4374 + +- http: fix Expression 'http->postdata' is always false - Because the classic way is not gcc specific. Also because the prior - method mapped to symbol _Unused, which starts with _ and a capital - letter which is reserved. + Fixes warning detected by PVS-Studio + Fixes #4374 + Reported-by: Valerii Zapodovnikov + +- [Niall O'Reilly brought this change] + + doh: avoid truncating DNS QTYPE to lower octet - Assisted-by: The Infinnovation team + Closes #4381 + +- [Jens Finkhaeuser brought this change] + + urlapi: CURLU_NO_AUTHORITY allows empty authority/host part - Bug: https://github.com/curl/curl/issues/4120#issuecomment-512542108 + CURLU_NO_AUTHORITY is intended for use with unknown schemes (i.e. not + "file:///") to override cURL's default demand that an authority exists. - Closes https://github.com/curl/curl/pull/4153 + Closes #4349 -Daniel Stenberg (25 Jul 2019) -- RELEASE-NOTES: synced +- version: next release will be 7.67.0 -- [Felix Hädicke brought this change] +- RELEASE-NOTES: synced - ssh-libssh: do not specify O_APPEND when not in append mode +- url: only reuse TLS connections with matching pinning - Specifying O_APPEND in conjunction with O_TRUNC and O_CREAT does not - make much sense. And this combination of flags is not accepted by all - SFTP servers (at least not Apache SSHD). + If the requests have different CURLOPT_PINNEDPUBLICKEY strings set, the + connection should not be reused. - Fixes #4147 - Closes #4148 + Bug: https://curl.haxx.se/mail/lib-2019-09/0061.html + Reported-by: Sebastian Haglund + + Closes #4347 -- [Gergely Nagy brought this change] +- README: add OSS-Fuzz badge [skip ci] + + Closes #4380 - multi: call detach_connection before Curl_disconnect +Michael Kaufmann (18 Sep 2019) +- http: merge two "case" statements + +Daniel Stenberg (18 Sep 2019) +- [Zenju brought this change] + + FTP: remove trailing slash from path for LIST/MLSD - Curl_disconnect bails out if conn->easyq is not empty, detach_connection - needs to be called first to remove the current easy from the queue. + Closes #4348 + +- mime: when disabled, avoid C99 macro - Fixes #4144 - Closes #4151 + Closes #4368 -Jay Satiro (23 Jul 2019) -- tool_operate: fix implicit call to easysrc_cleanup +- url: cleanup dangling DOH request headers too - easysrc_cleanup is only defined when CURL_DISABLE_LIBCURL_OPTION is not - defined, and prior to this change would be called regardless. + Follow-up to 9bc44ff64d9081 - Bug: https://github.com/curl/curl/pull/3804#issuecomment-513922637 - Reported-by: Marcel Raad + Credit to OSS-Fuzz + Bug: https://crbug.com/oss-fuzz/17269 - Closes https://github.com/curl/curl/pull/4142 + Closes #4372 -Daniel Stenberg (22 Jul 2019) -- curl:create_transfers check return code from curl_easy_setopt +- [Christoph M. Becker brought this change] + + http2: relax verification of :authority in push promise requests - From commit b8894085 + If the :authority pseudo header field doesn't contain an explicit port, + we assume it is valid for the default port, instead of rejecting the + request for all ports. - Pointed out by Coverity CID 1451703 + Ref: https://curl.haxx.se/mail/lib-2019-09/0041.html - Closes #4134 + Closes #4365 -- HTTP3: initial (experimental) support - - USe configure --with-ngtcp2 or --with-quiche +- doh: clean up dangling DOH handles and memory on easy close - Using either option will enable a HTTP3 build. - Co-authored-by: Alessandro Ghedini + If you set the same URL for target as for DoH (and it isn't a DoH + server), like "https://example.com" in both, the easy handles used for + the DoH requests could be left "dangling" and end up not getting freed. - Closes #3500 + Reported-by: Paul Dreik + Closes #4366 -- curl: remove dead code +- unit1655: make it C90 compliant - The loop never loops (since b889408500), pointed out by Coverity (CID - 1451702) + Unclear why this was not detected in the CI. - Closes #4133 - -- docs/PARALLEL-TRANSFERS: correct the version number - -- docs/PARALLEL-TRANSFERS: added + Follow-up to b7666027296a -- curl: support parallel transfers +- smb: check for full size message before reading message details - This is done by making sure each individual transfer is first added to a - linked list as then they can be performed serially, or at will, in - parallel. + To avoid reading of uninitialized data. - Closes #3804 + Assisted-by: Max Dymond + Bug: https://crbug.com/oss-fuzz/16907 + Closes #4363 -- docs/MANUAL.md: converted to markdown from plain text +- quiche: persist connection details - ... will make it render as a nicer web page. + ... like we do for other protocols at connect time. This makes "curl -I" + and other things work. - Closes #4131 + Reported-by: George Liu + Fixes #4358 + Closes #4360 -- curl_version_info: provide nghttp2 details - - Introducing CURLVERSION_SIXTH with nghttp2 info. +- openssl: fix warning with boringssl and SSL_CTX_set_min_proto_version - Closes #4121 + Follow-up to ffe34b7b59 + Closes #4359 -- bump: start working on 7.66.0 +- [Paul Dreik brought this change] -- source: remove names from source comments + doh: fix undefined behaviour and open up for gcc and clang optimization - Several reasons: + The undefined behaviour is annoying when running fuzzing with + sanitizers. The codegen is the same, but the meaning is now not up for + dispute. See https://cppinsights.io/s/516a2ff4 - - we can't add everyone who's helping out so its unfair to just a few - selected ones. - - we already list all helpers in THANKS and in RELEASE-NOTES for each - release - - we don't want to give the impression that some parts of the code is - "owned" or "controlled" by specific persons + By incrementing the pointer first, both gcc and clang recognize this as + a bswap and optimizes it to a single instruction. See + https://godbolt.org/z/994Zpx - Assisted-by: Daniel Gustafsson - Closes #4129 - -Version 7.65.3 (19 Jul 2019) - -Daniel Stenberg (19 Jul 2019) -- RELEASE-NOTES: 7.65.3 + Closes #4350 -- THANKS: 7.65.3 status +- [Paul Dreik brought this change] -- progress: make the progress meter appear again + doh: fix (harmless) buffer overrun - Fix regression caused by 21080e1 + Added unit test case 1655 to verify. + Close #4352 - Reported-by: Chih-Hsuan Yen - Fixes #4122 - Closes #4124 - -- version: bump to 7.65.3 - -- RELEASE-NOTES: Contributors or now 1990 + the code correctly finds the flaws in the old code, + if one temporarily restores doh.c to the old version. -Version 7.65.2 (17 Jul 2019) +Alessandro Ghedini (15 Sep 2019) +- docs: remove trailing ':' from section names in CURLOPT_TRAILER* man -Daniel Stenberg (17 Jul 2019) -- RELEASE-NOTES: 7.65.2 +- docs: fix typo in CURLOPT_HTTP_VERSION man -- THANKS: add contributors from 7.65.2 +GitHub (14 Sep 2019) +- [Daniel Stenberg brought this change] -Jay Satiro (17 Jul 2019) -- [aasivov brought this change] + CI: inintial github action job + + First shot at a CI build on github actions - cmake: Fix finding Brotli on case-sensitive file systems +Daniel Stenberg (13 Sep 2019) +- appveyor: add a winbuild - - Find package "Brotli" instead of "BROTLI" since the former is the - casing used for CMake/FindBrotli.cmake, and otherwise find_package - may fail on a case-sensitive file system. + Assisted-by: Marcel Raad + Assisted-by: Jay Satiro - Fixes https://github.com/curl/curl/issues/4117 + Closes #4324 -- CURLOPT_RANGE.3: Caution against using it for HTTP PUT +- FTP: allow "rubbish" prepended to the SIZE response - AFAICT CURLOPT_RANGE does not support ranged HTTP PUT uploads so I've - cautioned against using it for that purpose and included a workaround. + This is a protocol violation but apparently there are legacy proprietary + servers doing this. - Bug: https://curl.haxx.se/mail/lib-2019-04/0075.html - Reported-by: Christopher Head + Added test 336 and 337 to verify. - Closes https://github.com/curl/curl/issues/3814 - -- [Stefano Simonelli brought this change] - - CURLOPT_SEEKDATA.3: fix variable name - - Closes https://github.com/curl/curl/pull/4118 + Reported-by: Philippe Marguinaud + Closes #4339 -- [Giorgos Oikonomou brought this change] +- [Zenju brought this change] - CIPHERS.md: Explain Schannel error SEC_E_ALGORITHM_MISMATCH - - If the SSL backend is Schannel and the user specifies an Schannel CALG_ - that is not supported by the protocol or the server then curl returns - CURLE_SSL_CONNECT_ERROR (35) SEC_E_ALGORITHM_MISMATCH. + FTP: skip CWD to entry dir when target is absolute - Fixes https://github.com/curl/curl/issues/3389 - Closes https://github.com/curl/curl/pull/4106 - -- [Daniel Gustafsson brought this change] + Closes #4332 - nss: inspect returnvalue of token check +Kamil Dudka (13 Sep 2019) +- curl: fix memory leaked by parse_metalink() - PK11_IsPresent() checks for the token for the given slot is available, - and sets needlogin flags for the PK11_Authenticate() call. Should it - return false, we should however treat it as an error and bail out. + This commit fixes a regression introduced by curl-7_65_3-5-gb88940850. + Detected by tests 2005, 2008, 2009, 2010, 2011, and 2012 with valgrind + and libmetalink enabled. - Closes https://github.com/curl/curl/pull/4110 + Closes #4326 -- docs: Explain behavior change in --tlsv1. options since 7.54 +Daniel Stenberg (13 Sep 2019) +- parsedate: still provide the name arrays when disabled - Since 7.54 --tlsv1. options use the specified version or later, however - older versions of curl documented it as using just the specified version - which may or may not have happened depending on the TLS library. - Document this discrepancy to allay confusion for users familiar with the - old documentation that expect just the specified version. + If FILE or FTP are enabled, since they also use them! - Fixes https://github.com/curl/curl/issues/4097 - Closes https://github.com/curl/curl/pull/4119 + Reported-by: Roland Hieber + Fixes #4325 + Closes #4343 -- libcurl: Restrict redirect schemes (follow-up) +- [Gilles Vollant brought this change] + + curl:file2string: load large files much faster - - Allow FTPS on redirect. + ... by using a more efficient realloc scheme. - - Update default allowed redirect protocols in documentation. + Bug: https://curl.haxx.se/mail/lib-2019-09/0045.html + Closes #4336 + +- openssl: close_notify on the FTP data connection doesn't mean closure - Follow-up to 6080ea0. + For FTPS transfers, curl gets close_notify on the data connection + without that being a signal to close the control connection! - Ref: https://github.com/curl/curl/pull/4094 + Regression since 3f5da4e59a556fc (7.65.0) - Closes https://github.com/curl/curl/pull/4115 + Reported-by: Zenju on github + Reviewed-by: Jay Satiro + Fixes #4329 + Closes #4340 -Daniel Stenberg (16 Jul 2019) -- test1173: make it also check all libcurl option man pages - - ... and adjust those that cause errors +- [Jimmy Gaussen brought this change] + + docs/HTTP3: fix `--with-ssl` ngtcp2 configure flag - Closes #4116 + Closes #4338 -- curl: only accept COLUMNS less than 10000 +- RELEASE-NOTES: synced + +- curlver: bump to 7.66.1 + +- [Zenju brought this change] + + setopt: make it easier to add new enum values - ... as larger values would rather indicate something silly (and could - potentially cause buffer problems). + ... by using the *_LAST define names better. - Reported-by: pendrek at hackerone - Closes #4114 + Closes #4321 -- dist: add manpage-syntax.pl +- asyn-thread: s/AF_LOCAL/AF_UNIX for Solaris - follow-up to 7fb66c403 + Reported-by: Dagobert Michelsen + Fixes #4328 + Closes #4333 -- test1173: detect some basic man page format mistakes +- [Bernhard Walle brought this change] + + winbuild/MakefileBuild.vc: Add vssh - Triggered by PR #4111 + Without that modification, the Windows build using the makefiles doesn't + work. - Closes #4113 - -Jay Satiro (15 Jul 2019) -- [Bjarni Ingi Gislason brought this change] + Signed-off-by: Bernhard Walle + + Fixes #4322 + Closes #4323 - docs: Fix missing lines caused by undefined macros +Bernhard Walle (11 Sep 2019) +- winbuild/MakefileBuild.vc: Fix line endings - - Escape apostrophes at line start. + The file had mixed line endings. - Some lines begin with a "'" (apostrophe, single quote), which is then - interpreted as a control character in *roff. + Signed-off-by: Bernhard Walle + +Jay Satiro (11 Sep 2019) +- ldap: Stop using wide char version of ldapp_err2string - Such lines are interpreted as being a call to a macro, and if - undefined, the lines are removed from the output. + Despite ldapp_err2string being documented by MS as returning a + PCHAR (char *), when UNICODE it is mapped to ldap_err2stringW and + returns PWCHAR (wchar_t *). - Bug: https://bugs.debian.org/926352 - Signed-off-by: Bjarni Ingi Gislason + We have lots of code that expects ldap_err2string to return char *, + most of it failf used like this: - Submitted-by: Alessandro Ghedini + failf(data, "LDAP local: Some error: %s", ldap_err2string(rc)); - Closes https://github.com/curl/curl/pull/4111 + Closes https://github.com/curl/curl/pull/4272 -Daniel Stenberg (14 Jul 2019) -- libcurl-security.3: update to new CURLOPT_REDIR_PROTOCOLS defaults - - follow-up to 6080ea098 +Version 7.66.0 (10 Sep 2019) -- [Linos Giannopoulos brought this change] +Daniel Stenberg (10 Sep 2019) +- RELEASE-NOTES: curl 7.66.0 - libcurl: Add testcase for gopher redirects - - The testcase ensures that redirects to CURLPROTO_GOPHER won't be - allowed, by default, in the future. Also, curl is being used - for convenience while keeping the testcases DRY. +- THANKS: from the 7.66.0 release + +- curl: make sure the parallel transfers do them all - The expected error code is CURLE_UNSUPPORTED_PROTOCOL when the client is - redirected to CURLPROTO_GOPHER + The logic could erroneously break the loop too early before all + transfers had been transferred. - Signed-off-by: Linos Giannopoulos + Reported-by: Tom van der Woerdt + Fixes #4316 + Closes #4317 -- [Linos Giannopoulos brought this change] +- urlapi: one colon is enough for the strspn() input (typo) - libcurl: Restrict redirect schemes - - All protocols except for CURLPROTO_FILE/CURLPROTO_SMB and their TLS - counterpart were allowed for redirect. This vastly broadens the - exploitation surface in case of a vulnerability such as SSRF [1], where - libcurl-based clients are forced to make requests to arbitrary hosts. - - For instance, CURLPROTO_GOPHER can be used to smuggle any TCP-based - protocol by URL-encoding a payload in the URI. Gopher will open a TCP - connection and send the payload. +- urlapi: verify the IPv6 numerical address - Only HTTP/HTTPS and FTP are allowed. All other protocols have to be - explicitly enabled for redirects through CURLOPT_REDIR_PROTOCOLS. + It needs to parse correctly. Otherwise it could be tricked into letting + through a-f using host names that libcurl would then resolve. Like + '[ab.be]'. - [1]: https://www.acunetix.com/blog/articles/server-side-request-forgery-vulnerability/ + Reported-by: Thomas Vegas + Closes #4315 + +- [Clément Notin brought this change] + + openssl: use SSL_CTX_set__proto_version() when available - Signed-off-by: Linos Giannopoulos + OpenSSL 1.1.0 adds SSL_CTX_set__proto_version() that we now use + when available. Existing code is preserved for older versions of + OpenSSL. - Closes #4094 + Closes #4304 -- [Zenju brought this change] +- [Clément Notin brought this change] - openssl: define HAVE_SSL_GET_SHUTDOWN based on version number + openssl: indent, re-organize and add comments + +- [migueljcrum brought this change] + + sspi: fix memory leaks - Closes #4100 + Closes #4299 -- [Peter Simonyi brought this change] +- travis: disable ngtcp2 builds (again) - http: allow overriding timecond with custom header +- Curl_fillreadbuffer: avoid double-free trailer buf on error - With CURLOPT_TIMECONDITION set, a header is automatically added (e.g. - If-Modified-Since). Allow this to be replaced or suppressed with - CURLOPT_HTTPHEADER. + Reviewed-by: Jay Satiro + Reported-by: Thomas Vegas - Fixes #4103 - Closes #4109 - -Jay Satiro (11 Jul 2019) -- [Juergen Hoetzel brought this change] + Closes #4307 - smb: Use the correct error code for access denied on file open +- tool_setopt: handle a libcurl build without netrc support - - Return CURLE_REMOTE_ACCESS_DENIED for SMB access denied on file open. + Reported-by: codesniffer13 on github + Fixes #4302 + Closes #4305 + +- security:read_data fix bad realloc() - Prior to this change CURLE_REMOTE_FILE_NOT_FOUND was returned instead. + ... that could end up a double-free - Closes https://github.com/curl/curl/pull/4095 + CVE-2019-5481 + Bug: https://curl.haxx.se/docs/CVE-2019-5481.html -- [Daniel Gustafsson brought this change] +- [Thomas Vegas brought this change] - DEPRECATE: fixup versions and spelling + tftp: Alloc maximum blksize, and use default unless OACK is received - Correctly set the July 17 version to 7.65.2, and update spelling to - be consistent. Also fix a typo. + Fixes potential buffer overflow from 'recvfrom()', should the server + return an OACK without blksize. - Closes https://github.com/curl/curl/pull/4107 + Bug: https://curl.haxx.se/docs/CVE-2019-5482.html + CVE-2019-5482 -- [Gisle Vanem brought this change] +- [Thomas Vegas brought this change] - system_win32: fix clang warning + tftp: return error when packet is too small for options + +- KNOWN_BUGS/TODO: cleanup and remove outdated issues + +- RELEASE-NOTES: synced + +- netrc: free 'home' on error - - Declare variable in header as extern. + Follow-up to f9c7ba9096ec2 - Bug: https://github.com/curl/curl/commit/48b9ea4#commitcomment-34084597 - -Daniel Gustafsson (10 Jul 2019) -- headers: Remove no longer exported functions + Coverity CID 1453474 - There were a leftover few prototypes of Curl_ functions that we used to - export but no longer do, this removes those prototypes and cleans up any - comments still referring to them. - - Curl_write32_le(), Curl_strcpy_url(), Curl_strlen_url(), Curl_up_free() - Curl_concat_url(), Curl_detach_connnection(), Curl_http_setup_conn() - were made static in 05b100aee247bb9bec8e9a1b0166496aa4248d1c. - Curl_http_perhapsrewind() made static in 574aecee208f79d391f10d57520b3. + Closes #4291 + +- urldata: avoid 'generic', use dedicated pointers - For the remainder, I didn't trawl the Git logs hard enough to capture - their exact time of deletion, but they were all gone: Curl_splayprint(), - Curl_http2_send_request(), Curl_global_host_cache_dtor(), - Curl_scan_cache_used(), Curl_hostcache_destroy(), Curl_second_connect(), - Curl_http_auth_stage() and Curl_close_connections(). + For the 'proto' union within the connectdata struct. - Closes #4096 - Reviewed-by: Daniel Stenberg - -- CMake: fix typos and spelling + Closes #4290 -- [Kyle Edwards brought this change] +- cleanup: move functions out of url.c and make them static + + Closes #4289 - CMake: Convert errant elseif() to else() +- smtp: check for and bail out on too short EHLO response - CMake interprets an elseif() with no arguments as elseif(FALSE), - resulting in the elseif() block not being executed. That is not what - was intended here. Change the empty elseif() to an else() as it was - intended. + Otherwise, a three byte response would make the smtp_state_ehlo_resp() + function misbehave. - Closes #4101 - Reported-by: Artalus - Reviewed-by: Daniel Gustafsson + Credit to OSS-Fuzz + Bug: https://crbug.com/oss-fuzz/16918 + + Assisted-by: Max Dymond + + Closes #4287 -- buildconf: fix header filename +- smb: init *msg to NULL in smb_send_and_recv() - The header file inclusion had a typo, it should be .h and not .hd. - Fix by renaming. + ... it might otherwise return OK from this function leaving that pointer + uninitialized. - Fixes #4102 - Reported-by: AceCrow on Github + Bug: https://crbug.com/oss-fuzz/16907 + + Closes #4286 -- [Jan Chren brought this change] +- ROADMAP: updated after recent user poll + + In rough prio order - configure: fix --disable-code-coverage +- THANKS: remove duplicate + +- Curl_addr2string: take an addrlen argument too - This fixes the case when --disable-code-coverage supplied to ./configure - would result in coverage="yes" being set. + This allows the function to figure out if a unix domain socket has a + file name or not associated with it! When a socket is created with + socketpair(), as done in the fuzzer testing, the path struct member is + uninitialized and must not be accessed. - Closes #4099 - Reviewed-by: Daniel Gustafsson + Bug: https://crbug.com/oss-fuzz/16699 + + Closes #4283 -- cleanup: fix typo in comment +- [Rolf Eike Beer brought this change] -- RELEASE-NOTES: synced + CMake: remove needless newlines at end of gss variables -Jay Satiro (6 Jul 2019) -- [Daniel Gustafsson brought this change] +- [Rolf Eike Beer brought this change] - nss: support using libnss on macOS - - The file suffix for dynamically loadable objects on macOS is .dylib, - which need to be added for the module definitions in order to get the - NSS TLS backend to work properly on macOS. - - Closes https://github.com/curl/curl/pull/4046 + CI: remove duplicate configure flag for LGTM.com -- [Daniel Gustafsson brought this change] +- [Rolf Eike Beer brought this change] - nss: don't set unused parameter - - The value of the maxPTDs parameter to PR_Init() has since at least - NSPR 2.1, which was released sometime in 1998, been marked ignored - as is accordingly not used in the initialization code. Setting it - to a value when calling PR_Init() is thus benign, but indicates an - intent which may be misleading. Reset the value to zero to improve - clarity. + CMake: use platform dependent name for dlopen() library - Closes https://github.com/curl/curl/pull/4054 - -- [Daniel Gustafsson brought this change] + Closes #4279 - nss: only cache valid CRL entries +- quiche: expire when poll returned data - Change the logic around such that we only keep CRLs that NSS actually - ended up caching around for later deletion. If CERT_CacheCRL() fails - then there is little point in delaying the freeing of the CRL as it - is not used. + ... to make sure we continue draining the queue until empty - Closes https://github.com/curl/curl/pull/4053 - -- [Gergely Nagy brought this change] + Closes #4281 - lib: Use UTF-8 encoding in comments - - Some editors and IDEs assume that source files use UTF-8 file encodings. - It also fixes the build with MSVC when /utf-8 command line option is - used (this option is mandatory for some other open-source projects, this - is useful when using the same options is desired for building all - libraries of a project). +- quiche: decrease available buffer size, don't assign it! - Closes https://github.com/curl/curl/pull/4087 + Found-by: Jeremy Lainé -- [Caleb Raitto brought this change] +- RELEASE-NOTES: synced - CURLOPT_HEADEROPT.3: Fix example - - Fix an issue where example builds a curl_slist, but fails to actually - use it, or free it. - - Closes https://github.com/curl/curl/pull/4090 +- [Kyohei Kadota brought this change] -- [Shankar Jadhavar brought this change] + curl: fix include conditions - winbuild: Change Makefile to honor ENABLE_OPENSSL_AUTO_LOAD_CONFIG - - - Made changes so that ENABLE_OPENSSL_AUTO_LOAD_CONFIG will be honored. +- [Kyohei Kadota brought this change] + + plan9: fix installation instructions - - Also removed some ^M chars from file. + Closes #4276 + +- ngtcp2: on h3 stream close, call expire - Prior to this change while building on Windows platform even if we pass - the ENABLE_OPENSSL_AUTO_LOAD_CONFIG option with value as "no" it does - not set the CURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG flag. + ... to trigger a new read to detect the stream close! - Closes https://github.com/curl/curl/pull/4086 + Closes #4275 -Daniel Stenberg (4 Jul 2019) -- doh-url.d: added in 7.62.0 +- [Tatsuhiro Tsujikawa brought this change] -Jay Satiro (30 Jun 2019) -- docs: Fix links to OpenSSL docs + ngtcp2: build latest ngtcp2 and ngtcp2_crypto_openssl - OpenSSL changed their manual locations and does not redirect to the new - locations. + Closes #4278 + +- ngtcp2: set flow control window to stream buffer size - Bug: https://curl.haxx.se/mail/lib-2019-06/0056.html - Reported-by: Daniel Stenberg + Closes #4274 -Daniel Stenberg (26 Jun 2019) -- [Gaël PORTAY brought this change] +- [Christopher Head brought this change] - curl_multi_wait.3: escape backslash in example - - The backslash in the character Line Feed must be escaped. + CURLOPT_HEADERFUNCTION.3: clarify - The current man-page outputs the code as following: + Closes #4273 + +- CURLINFO docs: mention that in redirects times are added - fprintf(stderr, "curl_multi failed, code %d.0, mc); + Suggested-by: Brandon Dong + Fixes #4250 + Closes #4269 + +- travis: enable ngtcp2 builds again - The commit fixes it as follow: + Switched to the openssl-quic-draft-22 openssl branch. - fprintf(stderr, "curl_multi failed, code %d\n", mc); + Closes #4271 + +- HTTP3: switched openssl branch to use + +- [Tatsuhiro Tsujikawa brought this change] + + ngtcp2: Build with latest ngtcp2 and ngtcp2_crypto_openssl - Closes #4079 + Closes #4270 -- openssl: disable engine if OPENSSL_NO_UI_CONSOLE is defined +- http2: when marked for closure and wanted to close == OK - ... since that needs UI_OpenSSL() which isn't provided when OpenSSL is - built with OPENSSL_NO_UI_CONSOLE which happens when OpenSSL is built for - UWP (with "VC-WIN32-UWP"). + It could otherwise return an error even when closed correctly if GOAWAY + had been received previously. - Reported-by: Vasily Lobaskin - Fixes #4073 - Closes #4077 + Reported-by: Tom van der Woerdt + Fixes #4267 + Closes #4268 -- test1521: adapt to SLISTPOINT +- RELEASE-NOTES: synced + +- build-openssl: fix build with Visual Studio 2019 - The header now has the slist-using options marked as SLISTPOINT so this - makes sure test 1521 understands that. + Reviewed-by: Marcel Raad + Contributed-by: osabc on github + Fixes #4188 + Closes #4266 + +Kamil Dudka (26 Aug 2019) +- vauth: return CURLE_AUTH_ERROR on gss_init_sec_context() failure - Follow-up to ae99b4de1c443ae989 + This is a follow-up to https://github.com/curl/curl/pull/3864 . - Closes #4074 + Closes #4224 -- win32: make DLL loading a no-op for UWP +Daniel Stenberg (26 Aug 2019) +- KNOWN_BUGS: USE_UNIX_SOCKETS on Windows - Reported-by: Michael Brehm - Fixes #4060 - Closes #4072 - -- [1ocalhost brought this change] + Closes #4040 - configure: fix typo '--disable-http-uath' +- quiche: send the HTTP body correctly on callback uploads - Closes #4076 - -- [Niklas Hambüchen brought this change] + Closes #4265 - docs: fix string suggesting HTTP/2 is not the default +- travis: disable ngtcp2 builds (temporarily) - Commit 25fd1057c9c86e3 made HTTP2 the default, and further down in the - man page that new default is mentioned, but the section at the top - contradicted it until now. + Just too many API changes right now - Also remove claim that setting the HTTP version is not sensible. + Closes #4264 + +- ngtcp2: add support for SSLKEYLOGFILE - Closes #4075 + Closes #4260 -- RELEASE-NOTES: synced +- ngtcp2: improve h3 response receiving + + Closes #4259 -- [Stephan Szabo brought this change] +- ngtcp2: use nghttp3_version() - tests: update fixed IP for hostip/clientip split - - These tests give differences for me on linux when using a hostip - pointing to the external ip address for the local machine. +- ngtcp2: sync with upstream API changes - Closes #4070 + Assisted-by: Tatsuhiro Tsujikawa -Daniel Gustafsson (24 Jun 2019) -- http: clarify header buffer size calculation - - The header buffer size calculation can from static analysis seem to - overlow as it performs an addition between two size_t variables and - stores the result in a size_t variable. Overflow is however guarded - against elsewhere since the input to the addition is regulated by - the maximum read buffer size. Clarify this with a comment since the - question was asked. - - Reviewed-by: Daniel Stenberg +- [Kyle Abramowitz brought this change] -Daniel Stenberg (24 Jun 2019) -- KNOWN_BUGS: Don't clear digest for single realm + scp: fix directory name length used in memcpy - Closes #3267 - -- KNOWN_BUGS: Schannel disable CURLOPT_SSL_VERIFYPEER and verify hostname + Fix read off end of array due to bad pointer math in getworkingpath for + SCP home directory case. - Closes #3284 + Closes #4258 -- http2: call done_sending on end of upload +- http: the 'closed' struct field is used by both ngh2 and ngh3 - To make sure a HTTP/2 stream registers the end of stream. + and remove 'header_recvbuf', not used for anything - Bug #4043 made me find this problem but this fix doesn't correct the - reported issue. + Reported-by: Jeremy Lainé - Closes #4068 + Closes #4257 -- [James Brown brought this change] +- ngtcp2: accept upload via callback + + Closes #4256 - c-ares: honor port numbers in CURLOPT_DNS_SERVERS +- defines: avoid underscore-prefixed defines - By using ares_set_servers_ports_csv on new enough c-ares. + Double-underscored or underscore plus uppercase letter at least. - Fixes #4066 - Closes #4067 - -Daniel Gustafsson (24 Jun 2019) -- CURLMOPT_SOCKETFUNCTION.3: fix typo - -Daniel Stenberg (24 Jun 2019) -- [Koen Dergent brought this change] - - curl: skip CURLOPT_PROXY_CAPATH for disabled-proxy builds + ... as they're claimed to be reserved. - Closes #4061 - -- test153: fix content-length to avoid occasional hang + Reported-by: patnyb on github - Closes #4065 - -- RELEASE-NOTES: synced + Fixes #4254 + Closes #4255 -- multi: enable multiplexing by default (again) +- travis: add a build using ngtcp2 + nghttp3 (and a patched OpenSSL) - It was originally made default in d7c4213bd0c (7.62.0) but mistakenly - reverted in commit 2f44e94efb3d (7.65.0). Now enabled again. + Runs no tests - Closes #4051 + Closes #4253 -- typecheck: add 3 missing strings and a callback data pointer +- travis: bump to using nghttp2 version 1.39.2 - Closes #4050 + Closes #4252 -- tests: add disable-scan.pl to dist - - follow-up from 29177f422a5 - - Closes #4059 +- [Gisle Vanem brought this change] -- http2: don't call stream-close on already closed streams + docs/examples/curlx: fix errors - Closes #4055 - -Marcel Raad (20 Jun 2019) -- travis: enable alt-svc for coverage build + Initialise 'mimetype' and require the -p12 arg. - Closes + Closes #4248 -- travis: enable libssh2 for coverage build +- cleanup: remove DOT_CHAR completely - It was enabled by default before commit c92d2e14cfb. + Follow-up to f9c7ba9096ec - Disable torture tests 600 and 601 because of - https://github.com/curl/curl/issues/1678. + The use of DOT_CHAR for ".ssh" was probably a mistake and is removed + now. - Closes + Pointed-out-by: Gisle Vanem + Bug: https://github.com/curl/curl/pull/4230#issuecomment-522960638 + + Closes #4247 -- travis: disable threaded resolver for coverage build +- spnego_sspi: add typecast to fix build warning - This enables more tests. + Reported in build "Win32 target on Debian Stretch (64-bit) - + i686-w64-mingw32 - gcc-20170516" - Closes + Closes #4245 -- travis: enable brotli for all xenial jobs +- openssl: build warning free with boringssl - There's no need for a separate job, and no need to build it from source - with Xenial. + Closes #4244 + +- curl: make --libcurl use CURL_HTTP_VERSION_3 - Closes + Closes #4243 -- travis: enable warnings-as-errors for coverage build +- ngtcp2: make postfields-set posts work - Closes + Closes #4242 -GitHub (20 Jun 2019) -- [Gisle Vanem brought this change] +- http: remove chunked-encoding and expect header use for HTTP/3 - system_win32: fix typo +- [Alessandro Ghedini brought this change] -Daniel Stenberg (20 Jun 2019) -- typecheck: CURLOPT_CONNECT_TO takes an slist too + configure: use pkg-config to detect quiche - Additionally, add an alias in curl.h for slist-using options so that - we can grep/parse those out at will. + This removes the need to hard-code the quiche target path in + configure.ac. - Closes #4042 + This depends on https://github.com/cloudflare/quiche/pull/128 + + Closes #4237 -- [Stephan Szabo brought this change] +- CURLOPT_SSL_VERIFYHOST: treat the value 1 as 2 + + For a long time (since 7.28.1) we've returned error when setting the + value to 1 to make applications notice that we stopped supported the old + behavior for 1. Starting now, we treat 1 and 2 exactly the same. + + Closes #4241 - tests: support non-localhost HOSTIP for dict/smb servers +- curl: use .curlrc (with a dot) on Windows as well - smbserver.py/dictserver.py were explicitly using localhost/127.0.0.1 for - binding the server which when we were running the tests with a separate - HOSTIP and CLIENTIP had failures verifying the server from the device we - were testing. + Fall-back to _curlrc if the dot-version is missing. - This changes them to take the address from runtests.py and default to - localhost/127.0.0.1 if none is given. + Co-Authored-By: Steve Holme - Closes #4048 - -- test1523: basic test of CURLOPT_LOW_SPEED_LIMIT + Closes #4230 -- configure: --disable-progress-meter +- netrc: make the code try ".netrc" on Windows as well - Builds libcurl without support for the built-in progress meter. + ... but fall back and try "_netrc" too if the dot version didn't work. - Closes #4023 + Co-Authored-By: Steve Holme -- curl: improved skip-setopt-options when built with disabled features +- ngtcp2: use ngtcp2_version() to get the run-time version - Reduces #ifdefs in src/tool_operate.c + ... which of course doesn't have to be the same used at build-time. - Follow-up from 4e86f2fc4e6 - Closes #3936 + Function just recently merged in ngtcp2. -Steve Holme (18 Jun 2019) -- netrc: Return the correct error code when out of memory +- ngtcp2: move the h3 initing to immediately after the rx key - Introduced in 763c5178. + To fix a segfault and to better deal with 0-RTT - Closes #4036 + Assisted-by: Tatsuhiro Tsujikawa -Daniel Stenberg (18 Jun 2019) -- config-os400: add getpeername and getsockname defines - - Reported-by: jonrumsey on github - Fixes #4037 - Closes #4039 +- [Alessandro Ghedini brought this change] -- runtests: keep logfiles around by default + quiche: register debug callback once and earlier - Make '-k' a no-op. The singletest function now clears the log directory - BEFORE each individual test and not after, which makes it possible to - always keep the logfiles around after a test has been run. No need to - specify -k anymore. Keeping the option parsing around to work with users - of old habits. + The quiche debug callback is global and can only be initialized once, so + make sure we don't do it multiple times (e.g. if multiple requests are + executed). - Some tests also didn't work properly when -k was used (since the old - logs would be kep when a new test starts) which this change also fixes. + In addition this initializes the callback before the connection is + created, so we get logs for the handshake as well. - Closes #4035 - -- [Gergely Nagy brought this change] + Closes #4236 - openssl: fix pubkey/signature algorithm detection in certinfo - - Certinfo gives the same result for all OpenSSL versions. - Also made printing RSA pubkeys consistent with older versions. +- ssh: add a generic Curl_ssh_version function for SSH backends - Reported-by: Michael Wallner - Fixes #3706 - Closes #4030 + Closes #4235 -- conn_maxage: move the check to prune_dead_connections() - - ... and avoid the locking issue. - - Reported-by: Kunal Ekawde - Fixes #4029 - Closes #4032 +- base64: check for SSH, not specific SSH backends -- tests: have runtests figure out disabled features - - ... so that runtests can skip individual test cases that test features - that are explicitly disabled in this build. This new logic is intended - for disabled features that aren't otherwise easily visible through the - curl_version_info() or other API calls. - - tests/server/disabled is a newly built executable that will output a - list of disabled features. Outputs nothing for a default build. - - Closes #3950 +- vssh: move ssh init/cleanup functions into backend code -- test188/189: fix Content-Length +- vssh: create directory for SSH backend code + +- TODO/ROADMAP: remove "refuse downgrade redirects" and HTTP/3 - This cures the flaky test results + HTTP3 is now already in full progress - Closes #4034 + Downgrade redirects can be achived almost exactly like that by setting + CURLOPT_REDIR_PROTOCOLS. -- [Thomas Gamper brought this change] +- RELEASE-NOTES: synced - winbuild: use WITH_PREFIX if given +- travis: add a quiche build - Closes #4031 + Closes #4207 -Daniel Gustafsson (17 Jun 2019) -- openssl: remove outdated comment +- http: fix use of credentials from URL when using HTTP proxy - OpenSSL used to call exit(1) on syntax errors in OPENSSL_config(), - which is why we switched to CONF_modules_load_file() and introduced - a comment stating why. This behavior was however changed in OpenSSL - commit abdd677125f3a9e3082f8c5692203590fdb9b860, so remove the now - outdated and incorrect comment. The mentioned commit also declares - OPENSSL_config() deprecated so keep the current coding. + When a username and password are provided in the URL, they were wrongly + removed from the stored URL so that subsequent uses of the same URL + wouldn't find the crendentials. This made doing HTTP auth with multiple + connections (like Digest) mishave. - Closes #4033 - Reviewed-by: Daniel Stenberg + Regression from 46e164069d1a5230 (7.62.0) + + Test case 335 added to verify. + + Reported-by: Mike Crowe + + Fixes #4228 + Closes #4229 + +- [Mike Crowe brought this change] + + tests: Replace outdated test case numbering documentation + + Tests are no longer grouped by numeric range[1]. Let's stop saying that + and provide some alternative advice for numbering tests. + + [1] https://curl.haxx.se/mail/lib-2019-08/0043.html + + Closes #4227 + +- travis: reduce number of torture tests in 'coverage' + + ... to make it complete in time. This cut seems not almost not affect + the coverage percentage and yet completes within 35 minutes on travis + where the previous runs recently always timed out after 50. + + Closes #4223 + +- [Igor Makarov brought this change] + + configure: use -lquiche to link to quiche + + Closes #4226 + +- ngtcp2: provide the callbacks as a static struct + + ... instead of having them in quicsocket + +- [Tatsuhiro Tsujikawa brought this change] + + ngtcp2: add missing nghttp3_conn_add_write_offset call + + Closes #4225 + +- [Tatsuhiro Tsujikawa brought this change] + + ngtcp2: deal with stream close + +- [Tatsuhiro Tsujikawa brought this change] + + ngtcp2: Consume QUIC STREAM data properly + +- [Tatsuhiro Tsujikawa brought this change] + + ngtcp2: don't reinitialize SSL on Retry + +- multi: getsock improvements for QUIC connecting + +- connect: connections are persistent by default for HTTP/3 + +- quiche: happy eyeballs + + Closes #4220 + +- ngtcp2: do QUIC connections happy-eyeballs friendly + +- curl_version: bump string buffer size to 250 + + With HTTP/3 libs and plenty TLS libs, I manged to hit the limit (which + causes a truncated output). + +- CURLOPT_ALTSVC.3: use a "" file name to not load from a file + +Jay Satiro (14 Aug 2019) +- vauth: Use CURLE_AUTH_ERROR for auth function errors + + - Add new error code CURLE_AUTH_ERROR. + + Prior to this change auth function errors were signaled by + CURLE_OUT_OF_MEMORY and CURLE_RECV_ERROR, and neither one was + technically correct. + + Ref: https://github.com/curl/curl/pull/3848 + + Co-authored-by: Dominik Hölzl + + Closes https://github.com/curl/curl/pull/3864 + +Daniel Stenberg (13 Aug 2019) +- curl_version_info: make the quic_version a const + + Follow-up from 1a2df1518ad8653f + + Closes #4222 + +- examples: add http3.c, altsvc.c and http3-present.c + + Closes #4221 + +Peter Wu (13 Aug 2019) +- nss: use TLSv1.3 as default if supported + + SSL_VersionRangeGetDefault returns (TLSv1.0, TLSv1.2) as supported + range in NSS 3.45. It looks like the intention is to raise the minimum + version rather than lowering the maximum, so adjust accordingly. Note + that the caller (nss_setup_connect) initializes the version range to + (TLSv1.0, TLSv1.3), so there is no need to check for >= TLSv1.0 again. + + Closes #4187 + Reviewed-by: Daniel Stenberg + Reviewed-by: Kamil Dudka + +Daniel Stenberg (13 Aug 2019) +- quic.h: remove unused proto + +- curl_version_info.3: mentioned ALTSVC and HTTP3 + + ... and sorted the list alphabetically + +- lib/quic.c: unused - removed + +- CURLOPT_ALTSVC_CTRL.3: remove CURLALTSVC_ALTUSED + + Follow-up to 98c3f148 that removed it from the header file + +- [Junho Choi brought this change] + + docs/HTTP3: simplify quiche build instruction + + Use --recursive to get boringssl in one line + + Closes #4219 + +- altsvc: make it use h3-22 with ngtcp2 as well + +- ngtcp2: initial h3 request work + + Closes #4217 + +- curl_version_info: offer quic (and h3) library info + + Closes #4216 + +- HTTP3: use ngtcp2's draft-22 branch -Daniel Stenberg (16 Jun 2019) - RELEASE-NOTES: synced -Patrick Monnerat (16 Jun 2019) -- os400: make vsetopt() non-static as Curl_vsetopt() for os400 support. +- CURLOPT_READFUNCTION.3: provide inline example - Use it in curl_easy_setopt_ccsid(). + ... instead of mentioning one in another place + +- [Tatsuhiro Tsujikawa brought this change] + + ngtcp2: send HTTP/3 request with nghttp3 - Reported-by: jonrumsey on github - Fixes #3833 - Closes #4028 + This commit makes sending HTTP/3 request with nghttp3 work. It + minimally receives HTTP response and calls nghttp3 callbacks, but no + processing is made at the moment. + + Closes #4215 -Daniel Stenberg (15 Jun 2019) -- runtests: report single test time + total duration +- nghttp3: initial h3 template code added + +- nghttp3: required when ngtcp2 is used for QUIC - ... after each successful test. + - checked for by configure + - updated docs/HTTP3.md + - shown in the version string - Closes #4027 + Closes #4210 -- multi: fix the transfer hash function +- [Eric Wong brought this change] + + asyn-thread: issue CURL_POLL_REMOVE before closing socket - Follow-up from 8b987cc7eb + This avoids EBADF errors from EPOLL_CTL_DEL operations in the + ephiperfifo.c example. EBADF is dangerous in multi-threaded + applications where I rely on epoll_ctl to operate on the same + epoll description from different threads. - Reported-by: Tom van der Woerdt - Fixes #4018 - Closes #4024 + Follow-up to eb9a604f8d7db8 + + Bug: https://curl.haxx.se/mail/lib-2019-08/0026.html + Closes #4211 -- unit1654: cleanup on memory failure +- [Carlo Marcelo Arenas Belón brought this change] + + configure: avoid undefined check_for_ca_bundle - ... to make it handle torture tests properly. + instead of using a "greater than 0" test, check for variable being + set, as it is always set to 1, and could be left unset if non of + OPENSSL MBEDTLS GNUTLS WOLFSSL is being configured for. - Reported-by: Marcel Raad - Fixes #4021 - Closes #4022 + Closes #4213 -Marcel Raad (13 Jun 2019) -- krb5: fix compiler warning +- [Tatsuhiro Tsujikawa brought this change] + + ngtcp2: Send ALPN h3-22 - Even though the variable was used in a DEBUGASSERT, GCC 8 warned in - debug mode: - krb5.c:324:17: error: unused variable 'maj' [-Werror=unused-variable] + Closes #4212 + +- [Tatsuhiro Tsujikawa brought this change] + + ngtcp2: use ngtcp2_settings_default and specify initial_ts + +- curl_global_init_mem.3: mention it was added in 7.12.0 + +- [Tatsuhiro Tsujikawa brought this change] + + ngtcp2: make the QUIC handshake work - Just suppress the warning and declare the variable unconditionally - instead of only for DEBUGBUILD (which also missed the check for - HAVE_ASSERT_H). + Closes #4209 + +- [Alex Mayorga brought this change] + + HTTP3.md: Update quiche build instructions - Closes https://github.com/curl/curl/pull/4020 + Added cloning for quiche and BoringSSL and modified the build + instructions so they work on a clean folder. + + Closes #4208 -Daniel Stenberg (13 Jun 2019) -- quote.d: asterisk prefix works for SFTP as well +- CURLOPT_H3: removed - Reported-by: Ben Voris - Fixes #4017 - Closes #4019 + There's no use for this anymore and it was never in a release. + + Closes #4206 -- multi: fix the transfer hashes in the socket hash entries +- http3: make connection reuse work - - The transfer hashes weren't using the correct keys so removing entries - failed. + Closes #4204 + +- quiche: add SSLKEYLOGFILE support + +- cleanup: s/curl_debug/curl_dbg_debug in comments and docs - - Simplified the iteration logic over transfers sharing the same socket and - they now simply are set to expire and thus get handled in the "regular" - timer loop instead. + Leftovers from the function rename back in 76b63489495 - Reported-by: Tom van der Woerdt - Fixes #4012 - Closes #4014 + Reported-by: Gisle Vanem + Bug: https://github.com/curl/curl/commit/f3e0f071b14fcb46a453f69bdf4e062bcaacf362#com + mitcomment-34601751 + + Closes #4203 -Jay Satiro (12 Jun 2019) -- [Cliff Crosland brought this change] +- RELEASE-NOTES: synced - url: Fix CURLOPT_MAXAGE_CONN time comparison +- alt-svc: add protocol version selection masking - Old connections are meant to expire from the connection cache after - CURLOPT_MAXAGE_CONN seconds. However, they actually expire after 1000x - that value. This occurs because a time value measured in milliseconds is - accidentally divided by 1M instead of by 1,000. + So that users can mask in/out specific HTTP versions when Alt-Svc is + used. - Closes https://github.com/curl/curl/pull/4013 + - Removed "h2c" and updated test case accordingly + - Changed how the altsvc struct is laid out + - Added ifdefs to make the unittest run even in a quiche-tree + + Closes #4201 -Daniel Stenberg (11 Jun 2019) -- test1165: verify that CURL_DISABLE_ symbols are in sync +- http3: fix the HTTP/3 in the request, make alt-svc set right versions - between configure.ac and source code. They should be possible to switch - on/off in configure AND be used in source code. + Closes #4200 -- configure: remove CURL_DISABLE_TLS_SRP +- alt-svc: send Alt-Used: in redirected requests - It isn't used by code so stop providing the define. + RFC 7838 section 5: - Closes #4010 + When using an alternative service, clients SHOULD include an Alt-Used + header field in all requests. + + Removed CURLALTSVC_ALTUSED again (feature is still EXPERIMENTAL thus + this is deemed ok). + + You can disable sending this header just like you disable any other HTTP + header in libcurl. + + Closes #4199 -- Revert "cmake: add SMB to list of disabled protocols if HTTP_ONLY is specified" +- CURLOPT_HTTP_VERSION: seting this to 3 forces HTTP/3 use directly + + Even though it cannot fall-back to a lower HTTP version automatically. The + safer way to upgrade remains via CURLOPT_ALTSVC. + + CURLOPT_H3 no longer has any bits that do anything and might be removed + before we remove the experimental label. + + Updated the curl tool accordingly to use "--http3". + + Closes #4197 + +- docs/ALTSVC: remove what works and the experimental explanation + + Also, put the TODO items at the bottom. + + Closes #4198 + +- docs/EXPERIMENTAL: explain what it means and what's experimental now + +- curl: make use of CURLINFO_RETRY_AFTER when retrying + + If a Retry-After: header was used in the response, that value overrides + other retry timing options. + + Fixes #3794 + Closes #4195 + +- curl: use CURLINFO_PROTOCOL to check for HTTP(s) + + ... instead of CURLINFO_EFFECTIVE_URL to avoid string operations. + +- CURLINFO_RETRY_AFTER: parse the Retry-After header value + + This is only the libcurl part that provides the information. There's no + user of the parsed value. This change includes three new tests for the + parser. + + Ref: #3794 + +- docs/ALTSVC.md: first basic file format description + +- curl: have -w's 'http_version' show '3' for HTTP/3 + + Closes #4196 + +- curl.h: add CURL_HTTP_VERSION_3 to the version enum + + It can't be set for CURLOPT_HTTP_VERSION, but it can be extracted with + CURLINFO_HTTP_VERSION. + +- quiche: make use of the connection timeout API properly + +- quiche: make POSTFIELDS posts work + +- quiche: improved error handling and memory cleanups + +- quiche: flush egress in h3_stream_recv() too + +- RELEASE-NOTES: synced + +Jay Satiro (6 Aug 2019) +- [Patrick Monnerat brought this change] + + os400: take care of CURLOPT_SASL_AUTHZID in curl_easy_setopt_ccsid(). + + Ref: https://github.com/curl/curl/issues/3653 + Ref: https://github.com/curl/curl/pull/3790 + + NOTE: This commit was cherry-picked and is part of a series of commits + that added the authzid feature for upcoming 7.66.0. The series was + temporarily reverted in db8ec1f so that it would not ship in a 7.65.x + patch release. + + Closes https://github.com/curl/curl/pull/4186 + +- tests: Fix the line endings for the SASL alt-auth tests + + - Change data and protocol sections to CRLF line endings. + + Prior to this change the tests would fail or hang, which is because + certain sections such as protocol require CRLF line endings. + + Follow-up to grandparent commit which added the tests. + + Ref: https://github.com/curl/curl/issues/3653 + Ref: https://github.com/curl/curl/pull/3790 + + NOTE: This commit was cherry-picked and is part of a series of commits + that added the authzid feature for upcoming 7.66.0. The series was + temporarily reverted in db8ec1f so that it would not ship in a 7.65.x + patch release. + + Closes https://github.com/curl/curl/pull/4186 + +- [Steve Holme brought this change] + + examples: Added SASL PLAIN authorisation identity (authzid) examples + + Ref: https://github.com/curl/curl/issues/3653 + Ref: https://github.com/curl/curl/pull/3790 + + NOTE: This commit was cherry-picked and is part of a series of commits + that added the authzid feature for upcoming 7.66.0. The series was + temporarily reverted in db8ec1f so that it would not ship in a 7.65.x + patch release. + + Closes https://github.com/curl/curl/pull/4186 + +- [Steve Holme brought this change] + + curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the tool + + Ref: https://github.com/curl/curl/issues/3653 + Ref: https://github.com/curl/curl/pull/3790 + + NOTE: This commit was cherry-picked and is part of a series of commits + that added the authzid feature for upcoming 7.66.0. The series was + temporarily reverted in db8ec1f so that it would not ship in a 7.65.x + patch release. + + Closes https://github.com/curl/curl/pull/4186 + +- [Steve Holme brought this change] + + sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID + + Added the ability for the calling program to specify the authorisation + identity (authzid), the identity to act as, in addition to the + authentication identity (authcid) and password when using SASL PLAIN + authentication. + + Fixes #3653 + Closes #3790 + + NOTE: This commit was cherry-picked and is part of a series of commits + that added the authzid feature for upcoming 7.66.0. The series was + temporarily reverted in db8ec1f so that it would not ship in a 7.65.x + patch release. + + Closes https://github.com/curl/curl/pull/4186 + +Daniel Stenberg (6 Aug 2019) +- docs/HTTP3: refreshed as it is now in master and HTTP/3 can be tested + +- [Yiming Jing brought this change] + + mesalink: implement client authentication + + Closes #4184 + +- curl_multi_poll: a sister to curl_multi_wait() that waits more + + Repeatedly we see problems where using curl_multi_wait() is difficult or + just awkward because if it has no file descriptor to wait for + internally, it returns immediately and leaves it to the caller to wait + for a small amount of time in order to avoid occasional busy-looping. + + This is often missed or misunderstood, leading to underperforming + applications. + + This change introduces curl_multi_poll() as a replacement drop-in + function that accepts the exact same set of arguments. This function + works identically to curl_multi_wait() - EXCEPT - for the case when + there's nothing to wait for internally, as then this function will by + itself wait for a "suitable" short time before it returns. This + effectiely avoids all risks of busy-looping and should also make it less + likely that apps "over-wait". + + This also changes the curl tool to use this funtion internally when + doing parallel transfers and changes curl_easy_perform() to use it + internally. + + Closes #4163 + +- quiche:h3_stream_recv return 0 at end of stream + + ... and remove some verbose messages we don't need. Made transfers from + facebook.com work better. + +- altsvc: make quiche use h3-22 now + +- quiche: show the actual version number + +- quiche: first working HTTP/3 request + + - enable debug log + - fix use of quiche API + - use download buffer + - separate header/body + + Closes #4193 + +- http09: disable HTTP/0.9 by default in both tool and library - This reverts commit 36738caeb78603ce24e3ea089a167b8c216fb938. + As the plan has been laid out in DEPRECATED. Update docs accordingly and + verify in test 1174. Now requires the option to be set to allow HTTP/0.9 + responses. - Apparently several of the appveyor windows builds broke. + Closes #4191 -- [sergey-raevskiy brought this change] +- quiche: initial h3 request send/receive - cmake: add SMB to list of disabled protocols if HTTP_ONLY is specified +- lib/Makefile.am: make checksrc run in vquic too + +- altsvc: fix removal of expired cache entry - Reviewed-by: Jakub Zakrzewski - Closes #3770 + Closes #4192 - RELEASE-NOTES: synced -- http2: remove CURL_DISABLE_TYPECHECK define +Steve Holme (4 Aug 2019) +- md4: Use our own MD4 implementation when no crypto libraries are available - ... in http2-less builds as it served no use. + Closes #3780 -- configure: more --disable switches to toggle off individual features - - ... actual support in the code for disabling these has already landed. - - Closes #4009 +- md4: No need to include Curl_md4.h for each TLS library -- wolfssl: fix key pinning build error +- md4: No need for the NTLM code to call Curl_md4it() for each TLS library - follow-up from deb9462ff2de8 + As the NTLM code no longer calls any of TLS libraries' specific MD4 + functions, there is no need to call this function for each #ifdef. -- CURLMOPT_SOCKETFUNCTION.3: clarified - - Moved away the callback explanation from curl_multi_socket_action.3 and - expanded it somewhat. - - Closes #4006 +- md4: Move the mbed TLS MD4 implementation out of the NTLM code -- wolfssl: fixup for SNI use - - follow-up from deb9462ff2de8 - - Closes #4007 +- md4: Move the WinCrypt implementation out of the NTLM code -- CURLOPT_CAINFO.3: polished wording - - Clarify the functionality when built to use Schannel and Secure - Transport and stop calling it the "recommended" or "preferred" way and - instead rather call it the default. - - Removed the reference to the ssl comparison table as it isn't necessary. - - Reported-by: Richard Alcock - Bug: https://curl.haxx.se/mail/lib-2019-06/0019.html - Closes #4005 +- md4: Move the SecureTransport implementation out of the NTLM code -GitHub (10 Jun 2019) -- [Daniel Stenberg brought this change] +- md4: Use the Curl_md4it() function for OpenSSL based NTLM - SECURITY.md: created - - Brief security policy description for use/display on github. +- md4: Move the GNU TLS gcrypt MD4 implementation out of the NTLM code -Daniel Gustafsson (10 Jun 2019) -- tool_cb_prg: Fix integer overflow in progress bar - - Commit 61faa0b420c236480bc9ef6fd52b4ecc1e0f8d17 fixed the progress bar - width calculation to avoid integer overflow, but failed to account for - the fact that initial_size is initialized to -1 when the file size is - retrieved from the remote on an upload, causing another signed integer - overflow. Fix by separately checking for this case before the width - calculation. - - Closes #3984 - Reported-by: Brian Carpenter (Geeknik Labs) - Reviewed-by: Daniel Stenberg +- md4: Move the GNU TLS Nettle MD4 implementation out of the NTLM code -Daniel Stenberg (10 Jun 2019) -- wolfssl: refer to it as wolfSSL only - - Remove support for, references to and use of "cyaSSL" from the source - and docs. wolfSSL is the current name and there's no point in keeping - references to ancient history. +Jay Satiro (4 Aug 2019) +- OS400: Add CURLOPT_H3 symbols - Assisted-by: Daniel Gustafsson + Follow-up to 3af0e76 which added experimental H3 support. - Closes #3903 + Closes https://github.com/curl/curl/pull/4185 -- RELEASE-NOTES: synced +Daniel Stenberg (3 Aug 2019) +- url: make use of new HTTP version if alt-svc has one -- bindlocal: detect and avoid IP version mismatches in bind() - - Reported-by: Alex Grebenschikov - Fixes #3993 - Closes #4002 +- url: set conn->transport to default TCP at init time -- multi: make sure 'data' can present in several sockhash entries +- altsvc: with quiche, use the quiche h3 alpn string - Since more than one socket can be used by each transfer at a given time, - each sockhash entry how has its own hash table with transfers using that - socket. + Closes #4183 + +- alt-svc: more liberal ALPN name parsing - In addition, the sockhash entry can now be marked 'blocked = TRUE'" - which then makes the delete function just set 'removed = TRUE' instead - of removing it "for real", as a way to not rip out the carpet under the - feet of a parent function that iterates over the transfers of that same - sockhash entry. + Allow pretty much anything to be part of the ALPN identifier. In + particular minus, which is used for "h3-20" (in-progress HTTP/3 + versions) etc. - Reported-by: Tom van der Woerdt - Fixes #3961 - Fixes #3986 - Fixes #3995 - Fixes #4004 - Closes #3997 + Updated test 356. + Closes #4182 -- [Sorcus brought this change] +- quiche: use the proper HTTP/3 ALPN - libcurl-tutorial.3: Fix small typo (mutipart -> multipart) +- quiche: add failf() calls for two error cases - Fixed-by: MrSorcus on github - Closes #4000 + To aid debugging + + Closes #4181 -- unpause: trigger a timeout for event-based transfers +- mailmap: added Kyohei Kadota + +Kamil Dudka (1 Aug 2019) +- http_negotiate: improve handling of gss_init_sec_context() failures - ... so that timeouts or other state machine actions get going again - after a changing pause state. For example, if the last delivery was - paused there's no pending socket activity. + If HTTPAUTH_GSSNEGOTIATE was used for a POST request and + gss_init_sec_context() failed, the POST request was sent + with empty body. This commit also restores the original + behavior of `curl --fail --negotiate`, which was changed + by commit 6c6035532383e300c712e4c1cd9fdd749ed5cf59. - Reported-by: sstruchtrup on github - Fixes #3994 - Closes #4001 - -Marcel Raad (9 Jun 2019) -- travis: use xenial LLVM package for scan-build + Add regression tests 2077 and 2078 to cover this. - I missed that in commit 99a49d6. + Fixes #3992 + Closes #4171 -- travis: update scan-build job to xenial +Daniel Stenberg (1 Aug 2019) +- mailmap: added 4 more names - Closes https://github.com/curl/curl/pull/3999 + Evgeny Grin, Peter Pih, Anton Malov and Marquis de Muesli -Daniel Stenberg (8 Jun 2019) -- bump: start working on 7.65.2 +- mailmap: add Giorgos Oikonomou -Marcel Raad (5 Jun 2019) -- examples/htmltitle: use C++ casts between pointer types +- src/makefile: fix uncompressed hugehelp.c generation - Compilers and static analyzers warn about using C-style casts here. + Regression from 5cf5d57ab9 (7.64.1) - Closes https://github.com/curl/curl/pull/3975 + Fixed-by: Lance Ware + Fixes #4176 + Closes #4177 -- examples/fopen: fix comparison - - As want is size_t, (file->buffer_pos - want) is unsigned, so checking - if it's less than zero makes no sense. - Check if file->buffer_pos is less than want instead to avoid the - unsigned integer wraparound. - - Closes https://github.com/curl/curl/pull/3975 +- appveyor: pass on -k to make -- build: fix Codacy warnings +- timediff: make it 64 bit (if possible) even with 32 bit time_t - Reduce variable scopes and remove redundant variable stores. + ... to make it hold microseconds too. - Closes https://github.com/curl/curl/pull/3975 + Fixes #4165 + Closes #4168 -- sws: remove unused variables - - Unused since commit 2f44e94. +- ROADMAP: parallel transfers are merged now + +- getenv: support up to 4K environment variable contents on windows - Closes https://github.com/curl/curl/pull/3975 + Reported-by: Michal Čaplygin + Fixes #4174 + Closes #4175 -Version 7.65.1 (4 Jun 2019) +- [Kyohei Kadota brought this change] -Daniel Stenberg (4 Jun 2019) -- RELEASE-NOTES: 7.65.1 + plan9: add support for running on Plan 9 + + Closes #3701 -- THANKS: new contributors from 7.65.1 +- [Kyohei Kadota brought this change] -Steve Holme (4 Jun 2019) -- [Frank Gevaerts brought this change] + ntlm: explicit type casting - ssl: Update outdated "openssl-only" comments for supported backends - - These are for features that used to be openssl-only but were expanded - over time to support other SSL backends. - - Closes #3985 +- [Justin brought this change] -Daniel Stenberg (4 Jun 2019) -- curl_share_setopt.3: improve wording [ci ship] + curl.h: fix outdated comment - Reported-by: Carlos ORyan + Closes #4167 -Steve Holme (4 Jun 2019) -- tool_parsecfg: Use correct return type for GetModuleFileName() - - GetModuleFileName() returns a DWORD which is a typedef of an unsigned - long and not an int. +- curl: remove outdated comment - Closes #3980 - -Daniel Stenberg (3 Jun 2019) -- TODO: "at least N milliseconds between requests" [ci skip] + Turned bad with commit b8894085000 - Suggested-by: dkwolfe4 on github - Closes #3920 + Reported-by: niallor on github + Fixes #4172 + Closes #4173 -Steve Holme (2 Jun 2019) -- tests/server/.gitignore: Add socksd to the ignore list +- cleanup: remove the 'numsocks' argument used in many places - Missed in 04fd6755. + It was used (intended) to pass in the size of the 'socks' array that is + also passed to these functions, but was rarely actually checked/used and + the array is defined to a fixed size of MAX_SOCKSPEREASYHANDLE entries + that should be used instead. - Closes #3978 + Closes #4169 -- tool_parsecfg: Fix control flow issue (DEADCODE) +- readwrite_data: repair setting the TIMER_STARTTRANSFER stamp - Follow-up to 8144ba38. + Regression, broken in commit 65eb65fde64bd5f (curl 7.64.1) - Detected by Coverity CID 1445663 - Closes #3976 + Reported-by: Jonathan Cardoso Machado + Assisted-by: Jay Satiro + + Fixes #4136 + Closes #4162 -Daniel Stenberg (2 Jun 2019) -- [Sergey Ogryzkov brought this change] +- mailmap: Amit Katyal - NTLM: reset proxy "multipass" state when CONNECT request is done +- asyn-thread: removed unused variable - Closes #3972 + Follow-up to eb9a604f. Mistake caused by me when I edited the commit + before push... -- test334: verify HTTP 204 response with chunked coding header - - Verifies that a bodyless response don't parse this content-related - header. +- RELEASE-NOTES: synced -- [Michael Kaufmann brought this change] +- [Amit Katyal brought this change] - http: don't parse body-related headers bodyless responses + asyn-thread: create a socketpair to wait on - Responses with status codes 1xx, 204 or 304 don't have a response body. For - these, don't parse these headers: + Closes #4157 + +- curl: cap the maximum allowed values for retry time arguments - - Content-Encoding - - Content-Length - - Content-Range - - Last-Modified - - Transfer-Encoding + ... to avoid integer overflows later when multiplying with 1000 to + convert seconds to milliseconds. - This change ensures that HTTP/2 upgrades work even if a - "Content-Length: 0" or a "Transfer-Encoding: chunked" header is present. + Added test 1269 to verify. - Co-authored-by: Daniel Stenberg - Closes #3702 - Fixes #3968 - Closes #3977 + Reported-by: Jason Lee + Closes #4166 -- tls13-docs: mention it is only for OpenSSL >= 1.1.1 +- progress: reset download/uploaded counter - Reported-by: Jay Satiro - Co-authored-by: Jay Satiro - Fixes #3938 - Closes #3946 - -- dump-header.d: spell out that no headers == empty file [ci skip] + ... to make CURLOPT_MAX_RECV_SPEED_LARGE and + CURLOPT_MAX_SEND_SPEED_LARGE work correctly on subsequent transfers that + reuse the same handle. - Reported-by: wesinator at github - Fixes #3964 - Closes #3974 + Fixed-by: Ironbars13 on github + Fixes #4084 + Closes #4161 -- singlesocket: use separate variable for inner loop +- http2_recv: trigger another read when the last data is returned - An inner loop within the singlesocket() function wrongly re-used the - variable for the outer loop which then could cause an infinite - loop. Change to using a separate variable! + ... so that end-of-stream is detected properly. - Reported-by: Eric Wu - Fixes #3970 - Closes #3973 - -- RELEASE-NOTES: synced - -- [Josie Huddleston brought this change] + Reported-by: Tom van der Woerdt + Fixes #4043 + Closes #4160 - http2: Stop drain from being permanently set on - - Various functions called within Curl_http2_done() can have the - side-effect of setting the Easy connection into drain mode (by calling - drain_this()). However, the last time we unset this for a transfer (by - calling drained_transfer()) is at the beginning of Curl_http2_done(). - If the Curl_easy is reused for another transfer, it is then stuck in - drain mode permanently, which in practice makes it unable to write any - data in the new transfer. +- curl: avoid uncessary libcurl timeouts (in parallel mode) - This fix moves the last call to drained_transfer() to later in - Curl_http2_done(), after the functions that could potentially call for a - drain. + When curl_multi_wait() returns OK without file descriptors to wait for, + it might already have done a long timeout. - Fixes #3966 - Closes #3967 - Reported-by: Josie-H + Closes #4159 -Steve Holme (29 May 2019) -- conncache: Remove the DEBUGASSERT on length check +- [Balazs Kovacsics brought this change] + + HTTP: use chunked Transfer-Encoding for HTTP_POST if size unknown - We trust the calling code as this is an internal function. + If using the read callback for HTTP_POST, and POSTFIELDSIZE is not set, + automatically add a Transfer-Encoding: chunked header, same as it is + already done for HTTP_PUT, HTTP_POST_FORM and HTTP_POST_MIME. Update + test 1514 according to the new behaviour. - Closes #3962 + Closes #4138 -Jay Satiro (29 May 2019) -- [Gisle Vanem brought this change] +Jay Satiro (29 Jul 2019) +- [Daniel Stenberg brought this change] - system_win32: fix function prototype - - - Change if_nametoindex parameter type from char * to const char *. + winbuild: add vquic to list of build directories - Follow-up to 09eef8af from this morning. + This fixes the winbuild build method which broke several days ago + when experimental quic support was added in 3af0e76. - Bug: https://github.com/curl/curl/commit/09eef8af#r33716067 - -Marcel Raad (29 May 2019) -- appveyor: add Visual Studio solution build + Reported-by: Michael Lee - Closes https://github.com/curl/curl/pull/3941 + Fixes https://github.com/curl/curl/issues/4158 -- appveyor: add support for other build systems - - Introduce BUILD_SYSTEM variable, which is currently always CMake. +- easy: resize receive buffer on easy handle reset - Closes https://github.com/curl/curl/pull/3941 - -Steve Holme (29 May 2019) -- url: Load if_nametoindex() dynamically from iphlpapi.dll on Windows + - In curl_easy_reset attempt to resize the receive buffer to its default + size. If realloc fails then continue using the previous size. - This fixes the static dependency on iphlpapi.lib and allows curl to - build for targets prior to Windows Vista. + Prior to this change curl_easy_reset did not properly handle resetting + the receive buffer (data->state.buffer). It reset the variable holding + its size (data->set.buffer_size) to the default size (READBUFFER_SIZE) + but then did not actually resize the buffer. If a user resized the + buffer by using CURLOPT_BUFFERSIZE to set the size smaller than the + default, later called curl_easy_reset and attempted to reuse the handle + then a heap overflow would very likely occur during that handle's next + transfer. - This partially reverts 170bd047. + Reported-by: Felix Hädicke - Fixes #3960 - Closes #3958 + Fixes https://github.com/curl/curl/issues/4143 + Closes https://github.com/curl/curl/pull/4145 -Daniel Stenberg (29 May 2019) -- http: fix "error: equality comparison with extraneous parentheses" +- [Brad Spencer brought this change] -- parse_proxy: make sure portptr is initialized - - Reported-by: Benbuck Nason + examples: Avoid reserved names in hiperfifo examples - fixes #3959 - -- url: default conn->port to the same as conn->remote_port + - Trade in __attribute__((unused)) for the classic (void)x to silence + unused symbols. - ... so that it has a sensible value when ConnectionExists() is called which - needs it set to differentiate host "bundles" correctly on port number! + Because the classic way is not gcc specific. Also because the prior + method mapped to symbol _Unused, which starts with _ and a capital + letter which is reserved. - Also, make conncache:hashkey() use correct port for bundles that are proxy vs - host connections. + Assisted-by: The Infinnovation team - Probably a regression from 7.62.0 + Bug: https://github.com/curl/curl/issues/4120#issuecomment-512542108 - Reported-by: Tom van der Woerdt - Fixes #3956 - Closes #3957 + Closes https://github.com/curl/curl/pull/4153 -- conncache: make "bundles" per host name when doing proxy tunnels +Daniel Stenberg (25 Jul 2019) +- RELEASE-NOTES: synced + +- [Felix Hädicke brought this change] + + ssh-libssh: do not specify O_APPEND when not in append mode - Only HTTP proxy use where multiple host names can be used over the same - connection should use the proxy host name for bundles. + Specifying O_APPEND in conjunction with O_TRUNC and O_CREAT does not + make much sense. And this combination of flags is not accepted by all + SFTP servers (at least not Apache SSHD). - Reported-by: Tom van der Woerdt - Fixes #3951 - Closes #3955 + Fixes #4147 + Closes #4148 -- multi: track users of a socket better +- [Gergely Nagy brought this change] + + multi: call detach_connection before Curl_disconnect - They need to be removed from the socket hash linked list with more care. + Curl_disconnect bails out if conn->easyq is not empty, detach_connection + needs to be called first to remove the current easy from the queue. - When sh_delentry() is called to remove a sockethash entry, remove all - individual transfers from the list first. To enable this, each Curl_easy struct - now stores a pointer to the sockethash entry to know how to remove itself. + Fixes #4144 + Closes #4151 + +Jay Satiro (23 Jul 2019) +- tool_operate: fix implicit call to easysrc_cleanup - Reported-by: Tom van der Woerdt and Kunal Ekawde + easysrc_cleanup is only defined when CURL_DISABLE_LIBCURL_OPTION is not + defined, and prior to this change would be called regardless. - Fixes #3952 - Fixes #3904 - Closes #3953 + Bug: https://github.com/curl/curl/pull/3804#issuecomment-513922637 + Reported-by: Marcel Raad + + Closes https://github.com/curl/curl/pull/4142 -Steve Holme (28 May 2019) -- curl-win32.h: Enable Unix Domain Sockets based on the Windows SDK version +Daniel Stenberg (22 Jul 2019) +- curl:create_transfers check return code from curl_easy_setopt - Microsoft added support for Unix Domain Sockets in Windows 10 1803 - (RS4). Rather than expect the user to enable Unix Domain Sockets by - uncommenting the #define that was added in 0fd6221f we use the RS4 - pre-processor variable that is present in newer versions of the - Windows SDK. + From commit b8894085 - Closes #3939 - -Daniel Stenberg (28 May 2019) -- [Jonas Vautherin brought this change] - - cmake: support CMAKE_OSX_ARCHITECTURES when detecting SIZEOF variables + Pointed out by Coverity CID 1451703 - Closes #3945 + Closes #4134 -Marcel Raad (27 May 2019) -- HAProxy tests: add keywords +- HTTP3: initial (experimental) support - Add the proxy and haproxy keywords in order to be able to exclude or - run these specific tests. + USe configure --with-ngtcp2 or --with-quiche - Closes https://github.com/curl/curl/pull/3949 - -Daniel Stenberg (27 May 2019) -- [Maksim Stsepanenka brought this change] - - tests: make test 1420 and 1406 work with rtsp-disabled libcurl + Using either option will enable a HTTP3 build. + Co-authored-by: Alessandro Ghedini - Closes #3948 - -Kamil Dudka (27 May 2019) -- [Hubert Kario brought this change] + Closes #3500 - nss: allow to specify TLS 1.3 ciphers if supported by NSS +- curl: remove dead code + + The loop never loops (since b889408500), pointed out by Coverity (CID + 1451702) - Closes #3916 + Closes #4133 -Daniel Stenberg (26 May 2019) -- RELEASE-NOTES: synced +- docs/PARALLEL-TRANSFERS: correct the version number -- [Jay Satiro brought this change] +- docs/PARALLEL-TRANSFERS: added - Revert all SASL authzid (new feature) commits - - - Revert all commits related to the SASL authzid feature since the next - release will be a patch release, 7.65.1. - - Prior to this change CURLOPT_SASL_AUTHZID / --sasl-authzid was destined - for the next release, assuming it would be a feature release 7.66.0. - However instead the next release will be a patch release, 7.65.1 and - will not contain any new features. - - After the patch release after the reverted commits can be restored by - using cherry-pick: - - git cherry-pick a14d72c a9499ff 8c1cc36 c2a8d52 0edf690 +- curl: support parallel transfers - Details for all reverted commits: + This is done by making sure each individual transfer is first added to a + linked list as then they can be performed serially, or at will, in + parallel. - Revert "os400: take care of CURLOPT_SASL_AUTHZID in curl_easy_setopt_ccsid()." + Closes #3804 + +- docs/MANUAL.md: converted to markdown from plain text - This reverts commit 0edf6907ae37e2020722e6f61229d8ec64095b0a. + ... will make it render as a nicer web page. - Revert "tests: Fix the line endings for the SASL alt-auth tests" + Closes #4131 + +- curl_version_info: provide nghttp2 details - This reverts commit c2a8d52a1356a722ff9f4aeb983cd4eaf80ef221. + Introducing CURLVERSION_SIXTH with nghttp2 info. - Revert "examples: Added SASL PLAIN authorisation identity (authzid) examples" + Closes #4121 + +- bump: start working on 7.66.0 + +- source: remove names from source comments - This reverts commit 8c1cc369d0c7163c6dcc91fd38edfea1f509ae75. + Several reasons: - Revert "curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the tool" + - we can't add everyone who's helping out so its unfair to just a few + selected ones. + - we already list all helpers in THANKS and in RELEASE-NOTES for each + release + - we don't want to give the impression that some parts of the code is + "owned" or "controlled" by specific persons - This reverts commit a9499ff136d89987af885e2d7dff0a066a3e5817. + Assisted-by: Daniel Gustafsson + Closes #4129 + +Version 7.65.3 (19 Jul 2019) + +Daniel Stenberg (19 Jul 2019) +- RELEASE-NOTES: 7.65.3 + +- THANKS: 7.65.3 status + +- progress: make the progress meter appear again - Revert "sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID" + Fix regression caused by 21080e1 - This reverts commit a14d72ca2fec5d4eb5a043936e4f7ce08015c177. + Reported-by: Chih-Hsuan Yen + Fixes #4122 + Closes #4124 -- [dbrowndan brought this change] +- version: bump to 7.65.3 - FAQ: more minor updates and spelling fixes - - Closes #3937 +- RELEASE-NOTES: Contributors or now 1990 -- RELEASE-NOTES: synced +Version 7.65.2 (17 Jul 2019) -- sectransp: handle errSSLPeerAuthCompleted from SSLRead() - - Reported-by: smuellerDD on github - Fixes #3932 - Closes #3933 +Daniel Stenberg (17 Jul 2019) +- RELEASE-NOTES: 7.65.2 -GitHub (24 May 2019) -- [Gisle Vanem brought this change] +- THANKS: add contributors from 7.65.2 - Fix typo. +Jay Satiro (17 Jul 2019) +- [aasivov brought this change] -Daniel Stenberg (23 May 2019) -- tool_setopt: for builds with disabled-proxy, skip all proxy setopts() + cmake: Fix finding Brotli on case-sensitive file systems - Reported-by: Marcel Raad - Fixes #3926 - Closes #3929 - -Steve Holme (23 May 2019) -- winbuild: Use two space indentation + - Find package "Brotli" instead of "BROTLI" since the former is the + casing used for CMake/FindBrotli.cmake, and otherwise find_package + may fail on a case-sensitive file system. - Closes #3930 - -GitHub (23 May 2019) -- [Gisle Vanem brought this change] + Fixes https://github.com/curl/curl/issues/4117 - tool_parse_cfg: Avoid 2 fopen() for WIN32 +- CURLOPT_RANGE.3: Caution against using it for HTTP PUT + + AFAICT CURLOPT_RANGE does not support ranged HTTP PUT uploads so I've + cautioned against using it for that purpose and included a workaround. - Using the memdebug.h mem-leak feature, I noticed 2 calls like: - FILE tool_parsecfg.c:70 fopen("c:\Users\Gisle\AppData\Roaming\_curlrc","rt") - FILE tool_parsecfg.c:114 fopen("c:\Users\Gisle\AppData\Roaming\_curlrc","rt") + Bug: https://curl.haxx.se/mail/lib-2019-04/0075.html + Reported-by: Christopher Head - No need for 'fopen(), 'fclose()' and a 'fopen()' yet again. + Closes https://github.com/curl/curl/issues/3814 -Daniel Stenberg (23 May 2019) -- md4: include the mbedtls config.h to get the MD4 info +- [Stefano Simonelli brought this change] -- md4: build correctly with openssl without MD4 + CURLOPT_SEEKDATA.3: fix variable name - Reported-by: elsamuko at github - Fixes #3921 - Closes #3922 + Closes https://github.com/curl/curl/pull/4118 -Patrick Monnerat (23 May 2019) -- os400: take care of CURLOPT_SASL_AUTHZID in curl_easy_setopt_ccsid(). +- [Giorgos Oikonomou brought this change] -Daniel Stenberg (23 May 2019) -- .github/FUNDING: mention our opencollective "home" [ci skip] + CIPHERS.md: Explain Schannel error SEC_E_ALGORITHM_MISMATCH + + If the SSL backend is Schannel and the user specifies an Schannel CALG_ + that is not supported by the protocol or the server then curl returns + CURLE_SSL_CONNECT_ERROR (35) SEC_E_ALGORITHM_MISMATCH. + + Fixes https://github.com/curl/curl/issues/3389 + Closes https://github.com/curl/curl/pull/4106 -Marcel Raad (23 May 2019) -- [Zenju brought this change] +- [Daniel Gustafsson brought this change] - config-win32: add support for if_nametoindex and getsockname + nss: inspect returnvalue of token check + + PK11_IsPresent() checks for the token for the given slot is available, + and sets needlogin flags for the PK11_Authenticate() call. Should it + return false, we should however treat it as an error and bail out. - Closes https://github.com/curl/curl/pull/3923 + Closes https://github.com/curl/curl/pull/4110 -Jay Satiro (23 May 2019) -- tests: Fix the line endings for the SASL alt-auth tests +- docs: Explain behavior change in --tlsv1. options since 7.54 - - Change data and protocol sections to CRLF line endings. + Since 7.54 --tlsv1. options use the specified version or later, however + older versions of curl documented it as using just the specified version + which may or may not have happened depending on the TLS library. + Document this discrepancy to allay confusion for users familiar with the + old documentation that expect just the specified version. - Prior to this change the tests would fail or hang, which is because - certain sections such as protocol require CRLF line endings. + Fixes https://github.com/curl/curl/issues/4097 + Closes https://github.com/curl/curl/pull/4119 + +- libcurl: Restrict redirect schemes (follow-up) - Follow-up to a9499ff from today which added the tests. + - Allow FTPS on redirect. - Ref: https://github.com/curl/curl/pull/3790 - -Daniel Stenberg (23 May 2019) -- url: fix bad #ifdef + - Update default allowed redirect protocols in documentation. + + Follow-up to 6080ea0. - Regression since e91e48161235272ff485. + Ref: https://github.com/curl/curl/pull/4094 - Reported-by: Tom Greenslade - Fixes #3924 - Closes #3925 + Closes https://github.com/curl/curl/pull/4115 -- Revert "progress: CURL_DISABLE_PROGRESS_METER" +Daniel Stenberg (16 Jul 2019) +- test1173: make it also check all libcurl option man pages - This reverts commit 3b06e68b7734cb10a555f9d7e804dd5d808236a4. + ... and adjust those that cause errors - Clearly this change wasn't good enough as it broke CURLOPT_LOW_SPEED_LIMIT + - CURLOPT_LOW_SPEED_TIME + Closes #4116 + +- curl: only accept COLUMNS less than 10000 - Reported-by: Dave Reisner + ... as larger values would rather indicate something silly (and could + potentially cause buffer problems). - Fixes #3927 - Closes #3928 - -Steve Holme (22 May 2019) -- examples: Added SASL PLAIN authorisation identity (authzid) examples - -- curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the tool + Reported-by: pendrek at hackerone + Closes #4114 -- sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID - - Added the ability for the calling program to specify the authorisation - identity (authzid), the identity to act as, in addition to the - authentication identity (authcid) and password when using SASL PLAIN - authentication. +- dist: add manpage-syntax.pl - Fixed #3653 - Closes #3790 + follow-up to 7fb66c403 -Marc Hoersken (22 May 2019) -- tests: add support to test against OpenSSH for Windows +- test1173: detect some basic man page format mistakes + + Triggered by PR #4111 - Testing against OpenSSH for Windows requires v7.7.0.0 or newer - due to the use of AllowUsers and DenyUsers. For more info see: - https://github.com/PowerShell/Win32-OpenSSH/wiki/sshd_config + Closes #4113 -Daniel Stenberg (22 May 2019) -- bump: start on the next release +Jay Satiro (15 Jul 2019) +- [Bjarni Ingi Gislason brought this change] -Marcel Raad (22 May 2019) -- examples: fix "clarify calculation precedence" warnings + docs: Fix missing lines caused by undefined macros - Closes https://github.com/curl/curl/pull/3919 - -- hiperfifo: remove unused variable + - Escape apostrophes at line start. - Closes https://github.com/curl/curl/pull/3919 - -- examples: remove dead variable stores + Some lines begin with a "'" (apostrophe, single quote), which is then + interpreted as a control character in *roff. - Closes https://github.com/curl/curl/pull/3919 - -- examples: reduce variable scopes + Such lines are interpreted as being a call to a macro, and if + undefined, the lines are removed from the output. + + Bug: https://bugs.debian.org/926352 + Signed-off-by: Bjarni Ingi Gislason - Closes https://github.com/curl/curl/pull/3919 + Submitted-by: Alessandro Ghedini + + Closes https://github.com/curl/curl/pull/4111 -- http2-download: fix format specifier +Daniel Stenberg (14 Jul 2019) +- libcurl-security.3: update to new CURLOPT_REDIR_PROTOCOLS defaults - Closes https://github.com/curl/curl/pull/3919 + follow-up to 6080ea098 + +- [Linos Giannopoulos brought this change] -Daniel Stenberg (22 May 2019) -- PolarSSL: deprecate support step 1. Removed from configure. + libcurl: Add testcase for gopher redirects - Also removed mentions from most docs. + The testcase ensures that redirects to CURLPROTO_GOPHER won't be + allowed, by default, in the future. Also, curl is being used + for convenience while keeping the testcases DRY. - Discussed: https://curl.haxx.se/mail/lib-2019-05/0045.html + The expected error code is CURLE_UNSUPPORTED_PROTOCOL when the client is + redirected to CURLPROTO_GOPHER - Closes #3888 + Signed-off-by: Linos Giannopoulos + +- [Linos Giannopoulos brought this change] -- configure/cmake: check for if_nametoindex() + libcurl: Restrict redirect schemes - - adds the check to cmake + All protocols except for CURLPROTO_FILE/CURLPROTO_SMB and their TLS + counterpart were allowed for redirect. This vastly broadens the + exploitation surface in case of a vulnerability such as SSRF [1], where + libcurl-based clients are forced to make requests to arbitrary hosts. - - fixes the configure check to work for cross-compiled windows builds + For instance, CURLPROTO_GOPHER can be used to smuggle any TCP-based + protocol by URL-encoding a payload in the URI. Gopher will open a TCP + connection and send the payload. - Closes #3917 - -- parse_proxy: use the IPv6 zone id if given + Only HTTP/HTTPS and FTP are allowed. All other protocols have to be + explicitly enabled for redirects through CURLOPT_REDIR_PROTOCOLS. - If the proxy string is given as an IPv6 numerical address with a zone - id, make sure to use that for the connect to the proxy. + [1]: https://www.acunetix.com/blog/articles/server-side-request-forgery-vulnerability/ - Reported-by: Edmond Yu + Signed-off-by: Linos Giannopoulos - Fixes #3482 - Closes #3918 + Closes #4094 -Version 7.65.0 (22 May 2019) +- [Zenju brought this change] -Daniel Stenberg (22 May 2019) -- RELEASE-NOTES: 7.65.0 release + openssl: define HAVE_SSL_GET_SHUTDOWN based on version number + + Closes #4100 -- THANKS: from the 7.65.0 release-notes +- [Peter Simonyi brought this change] -- url: convert the zone id from a IPv6 URL to correct scope id + http: allow overriding timecond with custom header + + With CURLOPT_TIMECONDITION set, a header is automatically added (e.g. + If-Modified-Since). Allow this to be replaced or suppressed with + CURLOPT_HTTPHEADER. - Reported-by: GitYuanQu on github - Fixes #3902 - Closes #3914 + Fixes #4103 + Closes #4109 + +Jay Satiro (11 Jul 2019) +- [Juergen Hoetzel brought this change] -- configure: detect getsockname and getpeername on windows too + smb: Use the correct error code for access denied on file open - Made detection macros for these two functions in the same style as other - functions possibly in winsock in the hope this will work better to - detect these functions when cross-compiling for Windows. + - Return CURLE_REMOTE_ACCESS_DENIED for SMB access denied on file open. - Follow-up to e91e4816123 + Prior to this change CURLE_REMOTE_FILE_NOT_FOUND was returned instead. - Fixes #3913 - Closes #3915 + Closes https://github.com/curl/curl/pull/4095 + +- [Daniel Gustafsson brought this change] -Marcel Raad (21 May 2019) -- examples: remove unused variables + DEPRECATE: fixup versions and spelling - Fixes Codacy/CppCheck warnings. + Correctly set the July 17 version to 7.65.2, and update spelling to + be consistent. Also fix a typo. - Closes + Closes https://github.com/curl/curl/pull/4107 + +- [Gisle Vanem brought this change] -Daniel Gustafsson (21 May 2019) -- udpateconninfo: mark variable unused + system_win32: fix clang warning - When compiling without getpeername() or getsockname(), the sockfd - paramter to Curl_udpateconninfo() became unused after commit e91e481612 - added ifdef guards. + - Declare variable in header as extern. - Closes #3910 - Fixes https://curl.haxx.se/dev/log.cgi?id=20190520172441-32196 - Reviewed-by: Marcel Raad, Daniel Stenberg + Bug: https://github.com/curl/curl/commit/48b9ea4#commitcomment-34084597 -- ftp: move ftp_ccc in under featureflag +Daniel Gustafsson (10 Jul 2019) +- headers: Remove no longer exported functions - Commit e91e48161235272ff485ff32bd048c53af731f43 moved ftp_ccc in under - the FTP featureflag in the UserDefined struct, but vtls callsites were - still using it unprotected. + There were a leftover few prototypes of Curl_ functions that we used to + export but no longer do, this removes those prototypes and cleans up any + comments still referring to them. - Closes #3912 - Fixes: https://curl.haxx.se/dev/log.cgi?id=20190520044705-29865 - Reviewed-by: Daniel Stenberg, Marcel Raad - -Daniel Stenberg (20 May 2019) -- curl: report error for "--no-" on non-boolean options + Curl_write32_le(), Curl_strcpy_url(), Curl_strlen_url(), Curl_up_free() + Curl_concat_url(), Curl_detach_connnection(), Curl_http_setup_conn() + were made static in 05b100aee247bb9bec8e9a1b0166496aa4248d1c. + Curl_http_perhapsrewind() made static in 574aecee208f79d391f10d57520b3. - Reported-by: Olen Andoni - Fixes #3906 - Closes #3907 - -- [Guy Poizat brought this change] - - mbedtls: enable use of EC keys + For the remainder, I didn't trawl the Git logs hard enough to capture + their exact time of deletion, but they were all gone: Curl_splayprint(), + Curl_http2_send_request(), Curl_global_host_cache_dtor(), + Curl_scan_cache_used(), Curl_hostcache_destroy(), Curl_second_connect(), + Curl_http_auth_stage() and Curl_close_connections(). - Closes #3892 + Closes #4096 + Reviewed-by: Daniel Stenberg -- lib1560: add tests for parsing URL with too long scheme - - Ref: #3905 +- CMake: fix typos and spelling -- [Omar Ramadan brought this change] +- [Kyle Edwards brought this change] - urlapi: increase supported scheme length to 40 bytes + CMake: Convert errant elseif() to else() - The longest currently registered URI scheme at IANA is 36 bytes long. + CMake interprets an elseif() with no arguments as elseif(FALSE), + resulting in the elseif() block not being executed. That is not what + was intended here. Change the empty elseif() to an else() as it was + intended. - Closes #3905 - Closes #3900 + Closes #4101 + Reported-by: Artalus + Reviewed-by: Daniel Gustafsson -Marcel Raad (20 May 2019) -- lib: reduce variable scopes +- buildconf: fix header filename - Fixes Codacy/CppCheck warnings. + The header file inclusion had a typo, it should be .h and not .hd. + Fix by renaming. - Closes https://github.com/curl/curl/pull/3872 + Fixes #4102 + Reported-by: AceCrow on Github -- tool_formparse: remove redundant assignment - - Just initialize word_begin with the correct value. - - Closes https://github.com/curl/curl/pull/3873 +- [Jan Chren brought this change] -- ssh: move variable declaration to where it's used + configure: fix --disable-code-coverage - This way, we need only one call to free. + This fixes the case when --disable-code-coverage supplied to ./configure + would result in coverage="yes" being set. - Closes https://github.com/curl/curl/pull/3873 + Closes #4099 + Reviewed-by: Daniel Gustafsson -- ssh-libssh: remove unused variable - - sock was only used to be assigned to fd_read. - - Closes https://github.com/curl/curl/pull/3873 +- cleanup: fix typo in comment -Daniel Stenberg (20 May 2019) -- test332: verify the blksize fix +- RELEASE-NOTES: synced -- tftp: use the current blksize for recvfrom() - - bug: https://curl.haxx.se/docs/CVE-2019-5436.html - Reported-by: l00p3r on hackerone - CVE-2019-5436 +Jay Satiro (6 Jul 2019) +- [Daniel Gustafsson brought this change] -Daniel Gustafsson (19 May 2019) -- version: make ssl_version buffer match for multi_ssl + nss: support using libnss on macOS - When running a multi TLS backend build the version string needs more - buffer space. Make the internal ssl_buffer stack buffer match the one - in Curl_multissl_version() to allow for the longer string. For single - TLS backend builds there is no use in extended to buffer. This is a - fallout from #3863 which fixes up the multi_ssl string generation to - avoid a buffer overflow when the buffer is too small. + The file suffix for dynamically loadable objects on macOS is .dylib, + which need to be added for the module definitions in order to get the + NSS TLS backend to work properly on macOS. - Closes #3875 - Reviewed-by: Daniel Stenberg + Closes https://github.com/curl/curl/pull/4046 -Steve Holme (18 May 2019) -- http_ntlm_wb: Handle auth for only a single request - - Currently when the server responds with 401 on NTLM authenticated - connection (re-used) we consider it to have failed. However this is - legitimate and may happen when for example IIS is set configured to - 'authPersistSingleRequest' or when the request goes thru a proxy (with - 'via' header). +- [Daniel Gustafsson brought this change] + + nss: don't set unused parameter - Implemented by imploying an additional state once a connection is - re-used to indicate that if we receive 401 we need to restart - authentication. + The value of the maxPTDs parameter to PR_Init() has since at least + NSPR 2.1, which was released sometime in 1998, been marked ignored + as is accordingly not used in the initialization code. Setting it + to a value when calling PR_Init() is thus benign, but indicates an + intent which may be misleading. Reset the value to zero to improve + clarity. - Missed in fe6049f0. + Closes https://github.com/curl/curl/pull/4054 -- http_ntlm_wb: Cleanup handshake after clean NTLM failure - - Missed in 50b87c4e. +- [Daniel Gustafsson brought this change] -- http_ntlm_wb: Return the correct error on receiving an empty auth message - - Missed in fe20826b as it wasn't implemented in http.c in b4d6db83. + nss: only cache valid CRL entries - Closes #3894 - -Daniel Stenberg (18 May 2019) -- curl: make code work with protocol-disabled libcurl + Change the logic around such that we only keep CRLs that NSS actually + ended up caching around for later deletion. If CERT_CacheCRL() fails + then there is little point in delaying the freeing of the CRL as it + is not used. - Closes #3844 - -- libcurl: #ifdef away more code for disabled features/protocols - -- progress: CURL_DISABLE_PROGRESS_METER - -- hostip: CURL_DISABLE_SHUFFLE_DNS + Closes https://github.com/curl/curl/pull/4053 -- netrc: CURL_DISABLE_NETRC +- [Gergely Nagy brought this change] -Viktor Szakats (16 May 2019) -- docs: Markdown and misc improvements [ci skip] + lib: Use UTF-8 encoding in comments - Approved-by: Daniel Stenberg - Closes #3896 - -- docs/RELEASE-PROCEDURE: link to live iCalendar [ci skip] + Some editors and IDEs assume that source files use UTF-8 file encodings. + It also fixes the build with MSVC when /utf-8 command line option is + used (this option is mandatory for some other open-source projects, this + is useful when using the same options is desired for building all + libraries of a project). - Ref: https://github.com/curl/curl/commit/0af41b40b2c7bd379b2251cbe7cd618e21fa0ea1#commitcomment-33563135 - Approved-by: Daniel Stenberg - Closes #3895 + Closes https://github.com/curl/curl/pull/4087 -Daniel Stenberg (16 May 2019) -- travis: add an osx http-only build - - Closes #3887 +- [Caleb Raitto brought this change] -- cleanup: remove FIXME and TODO comments + CURLOPT_HEADEROPT.3: Fix example - They serve very little purpose and mostly just add noise. Most of them - have been around for a very long time. I read them all before removing - or rephrasing them. + Fix an issue where example builds a curl_slist, but fails to actually + use it, or free it. - Ref: #3876 - Closes #3883 + Closes https://github.com/curl/curl/pull/4090 + +- [Shankar Jadhavar brought this change] -- curl: don't set FTP options for FTP-disabled builds + winbuild: Change Makefile to honor ENABLE_OPENSSL_AUTO_LOAD_CONFIG - ... since libcurl has started to be totally unaware of options for - disabled protocols they now return error. + - Made changes so that ENABLE_OPENSSL_AUTO_LOAD_CONFIG will be honored. - Bug: https://github.com/curl/curl/commit/c9c5304dd4747cbe75d2f24be85920d572fcb5b8#commitcomment-33533937 + - Also removed some ^M chars from file. - Reported-by: Marcel Raad - Closes #3886 + Prior to this change while building on Windows platform even if we pass + the ENABLE_OPENSSL_AUTO_LOAD_CONFIG option with value as "no" it does + not set the CURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG flag. + + Closes https://github.com/curl/curl/pull/4086 + +Daniel Stenberg (4 Jul 2019) +- doh-url.d: added in 7.62.0 -Steve Holme (16 May 2019) -- http_ntlm_wb: Move the type-2 message processing into a dedicated function +Jay Satiro (30 Jun 2019) +- docs: Fix links to OpenSSL docs - This brings the code inline with the other HTTP authentication mechanisms. + OpenSSL changed their manual locations and does not redirect to the new + locations. - Closes #3890 - -Daniel Stenberg (15 May 2019) -- RELEASE-NOTES: synced + Bug: https://curl.haxx.se/mail/lib-2019-06/0056.html + Reported-by: Daniel Stenberg -- docs/RELEASE-PROCEDURE: updated coming releases dates [ci skip] +Daniel Stenberg (26 Jun 2019) +- [Gaël PORTAY brought this change] -- CURLOPT_READFUNCTION.3: see also CURLOPT_UPLOAD_BUFFERSIZE [ci skip] + curl_multi_wait.3: escape backslash in example - Reported-by: Roy Bellingan - Bug: #3885 - -- parse_proxy: use the URL parser API + The backslash in the character Line Feed must be escaped. - As we treat a given proxy as a URL we should use the unified URL parser - to extract the parts out of it. + The current man-page outputs the code as following: - Closes #3878 - -Steve Holme (15 May 2019) -- http_negotiate: Move the Negotiate state out of the negotiatedata structure + fprintf(stderr, "curl_multi failed, code %d.0, mc); - Given that this member variable is not used by the SASL based protocols - there is no need to have it here. + The commit fixes it as follow: - Closes #3882 - -- http_ntlm: Move the NTLM state out of the ntlmdata structure + fprintf(stderr, "curl_multi failed, code %d\n", mc); - Given that this member variable is not used by the SASL based protocols - there is no need to have it here. - -- url: Move the negotiate state type into a dedicated enum + Closes #4079 -- url: Remove duplicate clean up of the winbind variables in conn_shutdown() +- openssl: disable engine if OPENSSL_NO_UI_CONSOLE is defined - Given that Curl_disconnect() calls Curl_http_auth_cleanup_ntlm() prior - to calling conn_shutdown() and it in turn performs this, there is no - need to perform the same action in conn_shutdown(). + ... since that needs UI_OpenSSL() which isn't provided when OpenSSL is + built with OPENSSL_NO_UI_CONSOLE which happens when OpenSSL is built for + UWP (with "VC-WIN32-UWP"). - Closes #3881 + Reported-by: Vasily Lobaskin + Fixes #4073 + Closes #4077 -Daniel Stenberg (14 May 2019) -- urlapi: require a non-zero host name length when parsing URL +- test1521: adapt to SLISTPOINT - Updated test 1560 to verify. + The header now has the slist-using options marked as SLISTPOINT so this + makes sure test 1521 understands that. - Closes #3880 - -- configure: error out if OpenSSL wasn't detected when asked for + Follow-up to ae99b4de1c443ae989 - If --with-ssl is used and configure still couldn't enable SSL this - creates an error instead of just silently ignoring the fact. + Closes #4074 + +- win32: make DLL loading a no-op for UWP - Suggested-by: Isaiah Norton - Fixes #3824 - Closes #3830 + Reported-by: Michael Brehm + Fixes #4060 + Closes #4072 -Daniel Gustafsson (14 May 2019) -- imap: Fix typo in comment +- [1ocalhost brought this change] -Steve Holme (14 May 2019) -- url: Remove unnecessary initialisation from allocate_conn() - - No need to set variables to zero as calloc() does this for us. + configure: fix typo '--disable-http-uath' - Closes #3879 + Closes #4076 -Daniel Stenberg (14 May 2019) -- CURLOPT_CAINFO.3: with Schannel, you want Windows 8 or later [ci skip] - - Clues-provided-by: Jay Satiro - Clues-provided-by: Jeroen Ooms - Fixes #3711 - Closes #3874 +- [Niklas Hambüchen brought this change] -Daniel Gustafsson (13 May 2019) -- vtls: fix potential ssl_buffer stack overflow + docs: fix string suggesting HTTP/2 is not the default + + Commit 25fd1057c9c86e3 made HTTP2 the default, and further down in the + man page that new default is mentioned, but the section at the top + contradicted it until now. - In Curl_multissl_version() it was possible to overflow the passed in - buffer if the generated version string exceeded the size of the buffer. - Fix by inverting the logic, and also make sure to not exceed the local - buffer during the string generation. + Also remove claim that setting the HTTP version is not sensible. - Closes #3863 - Reported-by: nevv on HackerOne/curl - Reviewed-by: Jay Satiro - Reviewed-by: Daniel Stenberg + Closes #4075 -Daniel Stenberg (13 May 2019) - RELEASE-NOTES: synced -- appveyor: also build "/ci" branches like travis - -- pingpong: disable more when no pingpong enabled - -- proxy: acknowledge DISABLE_PROXY more - -- parsedate: CURL_DISABLE_PARSEDATE - -- sasl: only enable if there's a protocol enabled using it - -- mime: acknowledge CURL_DISABLE_MIME - -- wildcard: disable from build when FTP isn't present - -- http: CURL_DISABLE_HTTP_AUTH - -- base64: build conditionally if there are users - -- doh: CURL_DISABLE_DOH +- [Stephan Szabo brought this change] -Steve Holme (12 May 2019) -- auth: Rename the various authentication clean up functions + tests: update fixed IP for hostip/clientip split - For consistency and to a avoid confusion. + These tests give differences for me on linux when using a hostip + pointing to the external ip address for the local machine. - Closes #3869 - -Daniel Stenberg (12 May 2019) -- [Jay Satiro brought this change] + Closes #4070 - docs/INSTALL: fix broken link [ci skip] +Daniel Gustafsson (24 Jun 2019) +- http: clarify header buffer size calculation - Reported-by: Joombalaya on github - Fixes #3818 - -Marcel Raad (12 May 2019) -- easy: fix another "clarify calculation precedence" warning + The header buffer size calculation can from static analysis seem to + overlow as it performs an addition between two size_t variables and + stores the result in a size_t variable. Overflow is however guarded + against elsewhere since the input to the addition is regulated by + the maximum read buffer size. Clarify this with a comment since the + question was asked. - I missed this one in commit 6b3dde7fe62ea5a557fd1fd323fac2bcd0c2e9be. + Reviewed-by: Daniel Stenberg -- build: fix "clarify calculation precedence" warnings - - Codacy/CppCheck warns about this. Consistently use parentheses as we - already do in some places to silence the warning. +Daniel Stenberg (24 Jun 2019) +- KNOWN_BUGS: Don't clear digest for single realm - Closes https://github.com/curl/curl/pull/3866 + Closes #3267 -- cmake: restore C89 compatibility of CurlTests.c - - I broke it in d1b5cf830bfe169745721b21245d2217d2c2453e and - 97de97daefc2ed084c91eff34af2426f2e55e134. +- KNOWN_BUGS: Schannel disable CURLOPT_SSL_VERIFYPEER and verify hostname - Reported-by: Viktor Szakats - Ref: https://github.com/curl/curl/commit/97de97daefc2ed084c91eff34af2426f2e55e134#commitcomment-33499044 - Closes https://github.com/curl/curl/pull/3868 + Closes #3284 -Steve Holme (11 May 2019) -- http_ntlm: Corrected the name of the include guard +- http2: call done_sending on end of upload - Missed in f0bdd72c. + To make sure a HTTP/2 stream registers the end of stream. - Closes #3867 - -- http_digest: Don't expose functions when HTTP and Crypto Auth are disabled + Bug #4043 made me find this problem but this fix doesn't correct the + reported issue. - Closes #3861 - -- http_negotiate: Don't expose functions when HTTP is disabled - -Daniel Stenberg (11 May 2019) -- SECURITY-PROCESS: fix links [ci skip] + Closes #4068 -Marcel Raad (11 May 2019) -- CMake: suppress unused variable warnings - - I missed these in commit d1b5cf830bfe169745721b21245d2217d2c2453e. +- [James Brown brought this change] -Daniel Stenberg (11 May 2019) -- doh: disable DOH for the cases it doesn't work - - Due to limitations in Curl_resolver_wait_resolv(), it doesn't work for - DOH resolves. This fix disables DOH for those. + c-ares: honor port numbers in CURLOPT_DNS_SERVERS - Limitation added to KNOWN_BUGS. + By using ares_set_servers_ports_csv on new enough c-ares. - Fixes #3850 - Closes #3857 + Fixes #4066 + Closes #4067 -Jay Satiro (11 May 2019) -- checksrc.bat: Ignore snprintf warnings in docs/examples - - .. because we allow snprintf use in docs/examples. - - Closes https://github.com/curl/curl/pull/3862 +Daniel Gustafsson (24 Jun 2019) +- CURLMOPT_SOCKETFUNCTION.3: fix typo -Steve Holme (10 May 2019) -- vauth: Fix incorrect function description for Curl_auth_user_contains_domain() - - ...and misalignment of these comments. From a78c61a4. - - Closes #3860 +Daniel Stenberg (24 Jun 2019) +- [Koen Dergent brought this change] -Jay Satiro (10 May 2019) -- Revert "multi: support verbose conncache closure handle" - - This reverts commit b0972bc. - - - No longer show verbose output for the conncache closure handle. - - The offending commit was added so that the conncache closure handle - would inherit verbose mode from the user's easy handle. (Note there is - no way for the user to set options for the closure handle which is why - that was necessary.) Other debug settings such as the debug function - were not also inherited since we determined that could lead to crashes - if the user's per-handle private data was used on an unexpected handle. - - The reporter here says he has a debug function to capture the verbose - output, and does not expect or want any output to stderr; however - because the conncache closure handle does not inherit the debug function - the verbose output for that handle does go to stderr. - - There are other plausible scenarios as well such as the user redirects - stderr on their handle, which is also not inherited since it could lead - to crashes when used on an unexpected handle. - - Short of allowing the user to set options for the conncache closure - handle I don't think there's much we can safely do except no longer - inherit the verbose setting. - - Bug: https://curl.haxx.se/mail/lib-2019-05/0021.html - Reported-by: Kristoffer Gleditsch - - Ref: https://github.com/curl/curl/pull/3598 - Ref: https://github.com/curl/curl/pull/3618 + curl: skip CURLOPT_PROXY_CAPATH for disabled-proxy builds - Closes https://github.com/curl/curl/pull/3856 + Closes #4061 -Steve Holme (10 May 2019) -- ntlm: Fix misaligned function comments for Curl_auth_ntlm_cleanup() - - From 6012fa5a. +- test153: fix content-length to avoid occasional hang - Closes #3858 - -Daniel Stenberg (9 May 2019) -- BUG-BOUNTY: minor formatting fixes [ci skip] + Closes #4065 - RELEASE-NOTES: synced -- BUG-BOUNTY.md: add the Dropbox "bonus" extra payout ability [ci skip] +- multi: enable multiplexing by default (again) - Closes #3839 - -Kamil Dudka (9 May 2019) -- http_negotiate: do not treat failure of gss_init_sec_context() as fatal + It was originally made default in d7c4213bd0c (7.62.0) but mistakenly + reverted in commit 2f44e94efb3d (7.65.0). Now enabled again. - Fixes #3726 - Closes #3849 + Closes #4051 -- spnego_gssapi: fix return code on gss_init_sec_context() failure +- typecheck: add 3 missing strings and a callback data pointer - Fixes #3726 - Closes #3849 + Closes #4050 -Steve Holme (9 May 2019) -- gen_resp_file.bat: Removed unnecessary @ from all but the first command +- tests: add disable-scan.pl to dist - There is need to use @ on every command once echo has been turned off. + follow-up from 29177f422a5 - Closes #3854 + Closes #4059 -Jay Satiro (8 May 2019) -- http: Ignore HTTP/2 prior knowledge setting for HTTP proxies - - - Do not switch to HTTP/2 for an HTTP proxy that is not tunnelling to - the destination host. - - We already do something similar for HTTPS proxies by not sending h2. [1] +- http2: don't call stream-close on already closed streams - Prior to this change setting CURL_HTTP_VERSION_2_PRIOR_KNOWLEDGE would - incorrectly use HTTP/2 to talk to the proxy, which is not something we - support (yet?). Also it's debatable whether or not that setting should - apply to HTTP/2 proxies. + Closes #4055 + +Marcel Raad (20 Jun 2019) +- travis: enable alt-svc for coverage build - [1]: https://github.com/curl/curl/commit/17c5d05 + Closes + +- travis: enable libssh2 for coverage build - Bug: https://github.com/curl/curl/issues/3570 - Bug: https://github.com/curl/curl/issues/3832 + It was enabled by default before commit c92d2e14cfb. - Closes https://github.com/curl/curl/pull/3853 - -Marcel Raad (8 May 2019) -- travis: update mesalink build to xenial + Disable torture tests 600 and 601 because of + https://github.com/curl/curl/issues/1678. - Closes https://github.com/curl/curl/pull/3842 - -Daniel Stenberg (8 May 2019) -- [Ricky Leverence brought this change] + Closes - OpenSSL: Report -fips in version if OpenSSL is built with FIPS +- travis: disable threaded resolver for coverage build - Older versions of OpenSSL report FIPS availabilty via an OPENSSL_FIPS - define. It uses this define to determine whether to publish -fips at - the end of the version displayed. Applications that utilize the version - reported by OpenSSL will see a mismatch if they compare it to what curl - reports, as curl is not modifying the version in the same way. This - change simply adds a check to see if OPENSSL_FIPS is defined, and will - alter the reported version to match what OpenSSL itself provides. This - only appears to be applicable in versions of OpenSSL <1.1.1 + This enables more tests. - Closes #3771 - -Kamil Dudka (7 May 2019) -- [Frank Gevaerts brought this change] + Closes - nss: allow fifos and character devices for certificates. - - Currently you can do things like --cert <(cat ./cert.crt) with (at least) the - openssl backend, but that doesn't work for nss because is_file rejects fifos. +- travis: enable brotli for all xenial jobs - I don't actually know if this is sufficient, nss might do things internally - (like seeking back) that make this not work, so actual testing is needed. + There's no need for a separate job, and no need to build it from source + with Xenial. - Closes #3807 - -Daniel Gustafsson (6 May 2019) -- test2100: Fix typos in test description + Closes -Daniel Stenberg (6 May 2019) -- ssh: define USE_SSH if SSH is enabled (any backend) +- travis: enable warnings-as-errors for coverage build - Closes #3846 + Closes -Steve Holme (5 May 2019) -- winbuild: Add our standard copyright header to the winbuild batch files +GitHub (20 Jun 2019) +- [Gisle Vanem brought this change] -- makedebug: Fix ERRORLEVEL detection after running where.exe - - Closes #3838 + system_win32: fix typo -Daniel Stenberg (5 May 2019) -- urlapi: add CURLUPART_ZONEID to set and get - - The zoneid can be used with IPv6 numerical addresses. +Daniel Stenberg (20 Jun 2019) +- typecheck: CURLOPT_CONNECT_TO takes an slist too - Updated test 1560 to verify. + Additionally, add an alias in curl.h for slist-using options so that + we can grep/parse those out at will. - Closes #3834 + Closes #4042 -- [Taiyu Len brought this change] +- [Stephan Szabo brought this change] - WRITEFUNCTION: add missing set_in_callback around callback + tests: support non-localhost HOSTIP for dict/smb servers + + smbserver.py/dictserver.py were explicitly using localhost/127.0.0.1 for + binding the server which when we were running the tests with a separate + HOSTIP and CLIENTIP had failures verifying the server from the device we + were testing. - Closes #3837 + This changes them to take the address from runtests.py and default to + localhost/127.0.0.1 if none is given. + + Closes #4048 -- RELEASE-NOTES: synced +- test1523: basic test of CURLOPT_LOW_SPEED_LIMIT -- CURLMOPT_TIMERFUNCTION.3: warn about the recursive risk [ci skip] +- configure: --disable-progress-meter - Reported-by: Ricardo Gomes + Builds libcurl without support for the built-in progress meter. - Bug: #3537 - Closes #3836 + Closes #4023 -- CURLOPT_CHUNK_BGN_FUNCTION.3: document the struct and time value +- curl: improved skip-setopt-options when built with disabled features - The time field in the curl_fileinfo struct will always be zero. No code - was ever implemented to actually convert the date string to a time_t. + Reduces #ifdefs in src/tool_operate.c - Fixes #3829 - Closes #3835 - -- OS400/ccsidcurl.c: code style fixes + Follow-up from 4e86f2fc4e6 + Closes #3936 -- OS400/ccsidcurl: replace use of Curl_vsetopt +Steve Holme (18 Jun 2019) +- netrc: Return the correct error code when out of memory - (and make the code style comply) + Introduced in 763c5178. - Fixes #3833 + Closes #4036 + +Daniel Stenberg (18 Jun 2019) +- config-os400: add getpeername and getsockname defines + + Reported-by: jonrumsey on github + Fixes #4037 + Closes #4039 -- urlapi: strip off scope id from numerical IPv6 addresses +- runtests: keep logfiles around by default - ... to make the host name "usable". Store the scope id and put it back - when extracting a URL out of it. + Make '-k' a no-op. The singletest function now clears the log directory + BEFORE each individual test and not after, which makes it possible to + always keep the logfiles around after a test has been run. No need to + specify -k anymore. Keeping the option parsing around to work with users + of old habits. - Also makes curl_url_set() syntax check CURLUPART_HOST. + Some tests also didn't work properly when -k was used (since the old + logs would be kep when a new test starts) which this change also fixes. - Fixes #3817 - Closes #3822 + Closes #4035 -- RELEASE-NOTES: synced +- [Gergely Nagy brought this change] -- multiif.h: remove unused protos + openssl: fix pubkey/signature algorithm detection in certinfo - ... for functions related to pipelining. Those functions were removed in - 2f44e94efb3df. + Certinfo gives the same result for all OpenSSL versions. + Also made printing RSA pubkeys consistent with older versions. - Closes #3828 - -- [Yiming Jing brought this change] + Reported-by: Michael Wallner + Fixes #3706 + Closes #4030 - travis: mesalink: temporarily disable test 3001 +- conn_maxage: move the check to prune_dead_connections() - ... due to SHA-1 signatures in test certs - -- [Yiming Jing brought this change] - - travis: upgrade the MesaLink TLS backend to v1.0.0 + ... and avoid the locking issue. - Closes #3823 - Closes #3776 + Reported-by: Kunal Ekawde + Fixes #4029 + Closes #4032 -- ConnectionExists: improve non-multiplexing use case +- tests: have runtests figure out disabled features - - better log output + ... so that runtests can skip individual test cases that test features + that are explicitly disabled in this build. This new logic is intended + for disabled features that aren't otherwise easily visible through the + curl_version_info() or other API calls. - - make sure multiplex is enabled for it to be used - -- multi: provide Curl_multiuse_state to update information + tests/server/disabled is a newly built executable that will output a + list of disabled features. Outputs nothing for a default build. - As soon as a TLS backend gets ALPN conformation about the specific HTTP - version it can now set the multiplex situation for the "bundle" and - trigger moving potentially queued up transfers to the CONNECT state. + Closes #3950 -- process_pending_handles: mark queued transfers as previously pending +- test188/189: fix Content-Length + + This cures the flaky test results - With transfers being queued up, we only move one at a a time back to the - CONNECT state but now we mark moved transfers so that when a moved - transfer is confirmed "successful" (it connected) it will trigger the - move of another pending transfer. Previously, it would otherwise wait - until the transfer was done before doing this. This makes queued up - pending transfers get processed (much) faster. + Closes #4034 + +- [Thomas Gamper brought this change] -- http: mark bundle as not for multiuse on < HTTP/2 response + winbuild: use WITH_PREFIX if given - Fixes #3813 - Closes #3815 + Closes #4031 -Daniel Gustafsson (1 May 2019) -- cookie: Guard against possible NULL ptr deref +Daniel Gustafsson (17 Jun 2019) +- openssl: remove outdated comment - In case the name pointer isn't set (due to memory pressure most likely) - we need to skip the prefix matching and reject with a badcookie to avoid - a possible NULL pointer dereference. + OpenSSL used to call exit(1) on syntax errors in OPENSSL_config(), + which is why we switched to CONF_modules_load_file() and introduced + a comment stating why. This behavior was however changed in OpenSSL + commit abdd677125f3a9e3082f8c5692203590fdb9b860, so remove the now + outdated and incorrect comment. The mentioned commit also declares + OPENSSL_config() deprecated so keep the current coding. - Closes #3820 #3821 - Reported-by: Jonathan Moerman + Closes #4033 Reviewed-by: Daniel Stenberg -Patrick Monnerat (30 Apr 2019) -- os400: Add CURLOPT_MAXAGE_CONN to ILE/RPG bindings +Daniel Stenberg (16 Jun 2019) +- RELEASE-NOTES: synced -Kamil Dudka (29 Apr 2019) -- nss: provide more specific error messages on failed init +Patrick Monnerat (16 Jun 2019) +- os400: make vsetopt() non-static as Curl_vsetopt() for os400 support. - Closes #3808 - -Daniel Stenberg (29 Apr 2019) -- [Reed Loden brought this change] - - docs: minor polish to the bug bounty / security docs + Use it in curl_easy_setopt_ccsid(). - Closes #3811 + Reported-by: jonrumsey on github + Fixes #3833 + Closes #4028 -- CURL_MAX_INPUT_LENGTH: largest acceptable string input size - - This limits all accepted input strings passed to libcurl to be less than - CURL_MAX_INPUT_LENGTH (8000000) bytes, for these API calls: - curl_easy_setopt() and curl_url_set(). +Daniel Stenberg (15 Jun 2019) +- runtests: report single test time + total duration - The 8000000 number is arbitrary picked and is meant to detect mistakes - or abuse, not to limit actual practical use cases. By limiting the - acceptable string lengths we also reduce the risk of integer overflows - all over. + ... after each successful test. - NOTE: This does not apply to `CURLOPT_POSTFIELDS`. + Closes #4027 + +- multi: fix the transfer hash function - Test 1559 verifies. + Follow-up from 8b987cc7eb - Closes #3805 - -- [Tseng Jun brought this change] + Reported-by: Tom van der Woerdt + Fixes #4018 + Closes #4024 - curlver.h: use parenthesis in CURL_VERSION_BITS macro +- unit1654: cleanup on memory failure - Closes #3809 - -Marcel Raad (27 Apr 2019) -- [Simon Warta brought this change] - - cmake: rename CMAKE_USE_DARWINSSL to CMAKE_USE_SECTRANSP + ... to make it handle torture tests properly. - Closes https://github.com/curl/curl/pull/3769 - -Steve Holme (23 Apr 2019) -- ntlm: Missed pre-processor || (or) during rebase for cd15acd0 + Reported-by: Marcel Raad + Fixes #4021 + Closes #4022 -- ntlm: Support the NT response in the type-3 when OpenSSL doesn't include MD4 +Marcel Raad (13 Jun 2019) +- krb5: fix compiler warning - Just like we do for mbed TLS, use our local implementation of MD4 when - OpenSSL doesn't support it. This allows a type-3 message to include the - NT response. - -Daniel Gustafsson (23 Apr 2019) -- INTERNALS: fix misindentation of ToC item + Even though the variable was used in a DEBUGASSERT, GCC 8 warned in + debug mode: + krb5.c:324:17: error: unused variable 'maj' [-Werror=unused-variable] + + Just suppress the warning and declare the variable unconditionally + instead of only for DEBUGBUILD (which also missed the check for + HAVE_ASSERT_H). - Kerberos was incorrectly indented as a subsection under FTP, which is - incorrect as they are both top level sections. A fix for this was first - attempted in commit fef38a0898322f285401c5ff2f5e7c90dbf3be63 but that - was a few paddles short of being complete. + Closes https://github.com/curl/curl/pull/4020 -- [Aron Bergman brought this change] +Daniel Stenberg (13 Jun 2019) +- quote.d: asterisk prefix works for SFTP as well + + Reported-by: Ben Voris + Fixes #4017 + Closes #4019 - INTERNALS: Add structs to ToC +- multi: fix the transfer hashes in the socket hash entries - Add the subsections under "Structs in libcurl" to the table of contents. + - The transfer hashes weren't using the correct keys so removing entries + failed. - Reviewed-by: Daniel Stenberg - Reviewed-by: Daniel Gustafsson + - Simplified the iteration logic over transfers sharing the same socket and + they now simply are set to expire and thus get handled in the "regular" + timer loop instead. + + Reported-by: Tom van der Woerdt + Fixes #4012 + Closes #4014 -- [Aron Bergman brought this change] +Jay Satiro (12 Jun 2019) +- [Cliff Crosland brought this change] - INTERNALS: Add code highlighting + url: Fix CURLOPT_MAXAGE_CONN time comparison - Make all struct members under the Curl_handler section - print in monospace font. + Old connections are meant to expire from the connection cache after + CURLOPT_MAXAGE_CONN seconds. However, they actually expire after 1000x + that value. This occurs because a time value measured in milliseconds is + accidentally divided by 1M instead of by 1,000. - Closes #3801 - Reviewed-by: Daniel Stenberg - Reviewed-by: Daniel Gustafsson + Closes https://github.com/curl/curl/pull/4013 -Daniel Stenberg (22 Apr 2019) -- docs/BUG-BOUNTY: bug bounty time [skip ci] - - Introducing the curl bug bounty program on hackerone. We now recommend - filing security issues directly in the hackerone ticket system which - only is readable to curl security team members. - - Assisted-by: Daniel Gustafsson +Daniel Stenberg (11 Jun 2019) +- test1165: verify that CURL_DISABLE_ symbols are in sync - Closes #3488 + between configure.ac and source code. They should be possible to switch + on/off in configure AND be used in source code. -Steve Holme (22 Apr 2019) -- sasl: Don't send authcid as authzid for the PLAIN mechanism as per RFC 4616 +- configure: remove CURL_DISABLE_TLS_SRP - RFC 4616 specifies the authzid is optional in the client authentication - message and that the server will derive the authorisation identity - (authzid) from the authentication identity (authcid) when not specified - by the client. - -Jay Satiro (22 Apr 2019) -- [Gisle Vanem brought this change] + It isn't used by code so stop providing the define. + + Closes #4010 - memdebug: fix variable name +- Revert "cmake: add SMB to list of disabled protocols if HTTP_ONLY is specified" - Follow-up to 76b6348 which renamed logfile as curl_dbg_logfile. + This reverts commit 36738caeb78603ce24e3ea089a167b8c216fb938. - Ref: https://github.com/curl/curl/commit/76b6348#r33259088 + Apparently several of the appveyor windows builds broke. -Steve Holme (21 Apr 2019) -- vauth/cleartext: Don't send the authzid if it is empty - - Follow up to 762a292f. +- [sergey-raevskiy brought this change] -Daniel Stenberg (21 Apr 2019) -- test 196,197,198: add 'retry' keyword [skip ci] + cmake: add SMB to list of disabled protocols if HTTP_ONLY is specified + + Reviewed-by: Jakub Zakrzewski + Closes #3770 - RELEASE-NOTES: synced -- CURLOPT_MAXAGE_CONN: set the maximum allowed age for conn reuse - - ... and disconnect too old ones instead of trying to reuse. - - Default max age is set to 118 seconds. +- http2: remove CURL_DISABLE_TYPECHECK define - Ref: #3722 - Closes #3782 - -Daniel Gustafsson (20 Apr 2019) -- [Po-Chuan Hsieh brought this change] + ... in http2-less builds as it served no use. - altsvc: Fix building with cookies disables +- configure: more --disable switches to toggle off individual features - ALTSVC requires Curl_get_line which is defined in lib/cookie.c inside a #if - check of HTTP and COOKIES. That makes Curl_get_line undefined if COOKIES is - disabled. Fix by splitting out the function into a separate file which can - be included where needed. + ... actual support in the code for disabling these has already landed. - Closes #3717 - Reviewed-by: Daniel Gustafsson - Reviewed-by: Marcel Raad - -Daniel Stenberg (20 Apr 2019) -- test1002: correct the name [skip ci] + Closes #4009 -- test660: verify CONNECT_ONLY with IMAP +- wolfssl: fix key pinning build error - which basically just makes sure LOGOUT is *not* issued on disconnect + follow-up from deb9462ff2de8 -- Curl_disconnect: treat all CONNECT_ONLY connections as "dead" - - Since the connection has been used by the "outside" we don't know the - state of it anymore and curl should not use it anymore. +- CURLMOPT_SOCKETFUNCTION.3: clarified - Bug: https://curl.haxx.se/mail/lib-2019-04/0052.html + Moved away the callback explanation from curl_multi_socket_action.3 and + expanded it somewhat. - Closes #3795 + Closes #4006 -- multi: fix the statenames (follow-up fix from 2f44e94efb3df8e) +- wolfssl: fixup for SNI use - The list of names must be in sync with the defined states in the header - file! - -Steve Holme (16 Apr 2019) -- openvms: Remove pre-processors for Windows as VMS cannot support them - -- openvms: Remove pre-processor for SecureTransport as VMS cannot support it + follow-up from deb9462ff2de8 - Fixes #3768 - Closes #3785 - -Jay Satiro (16 Apr 2019) -- TODO: Add issue link to an existing entry - -Daniel Stenberg (16 Apr 2019) -- RELEASE-NOTES: synced + Closes #4007 -Jay Satiro (16 Apr 2019) -- tool_help: Warn if curl and libcurl versions do not match - - .. because functionality may be affected if the versions differ. +- CURLOPT_CAINFO.3: polished wording - This commit implements TODO 18.7 "warning if curl version is not in sync - with libcurl version". + Clarify the functionality when built to use Schannel and Secure + Transport and stop calling it the "recommended" or "preferred" way and + instead rather call it the default. - Ref: https://github.com/curl/curl/blob/curl-7_64_1/docs/TODO#L1028-L1033 + Removed the reference to the ssl comparison table as it isn't necessary. - Closes https://github.com/curl/curl/pull/3774 - -Steve Holme (16 Apr 2019) -- md5: Update the function signature following d84da52d + Reported-by: Richard Alcock + Bug: https://curl.haxx.se/mail/lib-2019-06/0019.html + Closes #4005 -- md5: Forgot to update the code alignment in d84da52d +GitHub (10 Jun 2019) +- [Daniel Stenberg brought this change] -- md5: Return CURLcode from the internally accessible functions + SECURITY.md: created - Following 28f826b3 to return CURLE_OK instead of numeric 0. + Brief security policy description for use/display on github. -Daniel Gustafsson (15 Apr 2019) -- tests: Run global cleanup at end of tests - - Make sure to run curl_global_cleanup() when shutting down the test - suite to release any resources allocated in the SSL setup. This is - clearly visible when running tests with PolarSSL where the thread - lock calloc() memory which isn't released when not running cleanup. - Below is an excerpt from the autobuild logs: +Daniel Gustafsson (10 Jun 2019) +- tool_cb_prg: Fix integer overflow in progress bar - ==12368== 96 bytes in 1 blocks are possibly lost in loss record 1 of 2 - ==12368== at 0x4837B65: calloc (vg_replace_malloc.c:752) - ==12368== by 0x11A76E: curl_dbg_calloc (memdebug.c:205) - ==12368== by 0x145CDF: Curl_polarsslthreadlock_thread_setup - (polarssl_threadlock.c:54) - ==12368== by 0x145B37: Curl_polarssl_init (polarssl.c:865) - ==12368== by 0x14129D: Curl_ssl_init (vtls.c:171) - ==12368== by 0x118B4C: global_init (easy.c:158) - ==12368== by 0x118BF5: curl_global_init (easy.c:221) - ==12368== by 0x118D0B: curl_easy_init (easy.c:299) - ==12368== by 0x114E96: test (lib1906.c:32) - ==12368== by 0x115495: main (first.c:174) + Commit 61faa0b420c236480bc9ef6fd52b4ecc1e0f8d17 fixed the progress bar + width calculation to avoid integer overflow, but failed to account for + the fact that initial_size is initialized to -1 when the file size is + retrieved from the remote on an upload, causing another signed integer + overflow. Fix by separately checking for this case before the width + calculation. - Closes #3783 - Reviewed-by: Marcel Raad + Closes #3984 + Reported-by: Brian Carpenter (Geeknik Labs) Reviewed-by: Daniel Stenberg -Marcel Raad (15 Apr 2019) -- travis: use mbedtls from Xenial - - No need to build it from source anymore. +Daniel Stenberg (10 Jun 2019) +- wolfssl: refer to it as wolfSSL only - Closes https://github.com/curl/curl/pull/3779 - -- travis: use libpsl from Xenial + Remove support for, references to and use of "cyaSSL" from the source + and docs. wolfSSL is the current name and there's no point in keeping + references to ancient history. - This makes building libpsl and libidn2 from source unnecessary and - removes the need for the autopoint and libunistring-dev packages. + Assisted-by: Daniel Gustafsson - Closes https://github.com/curl/curl/pull/3779 + Closes #3903 -Daniel Stenberg (15 Apr 2019) -- runtests: start socksd like other servers - - ... without a $srcdir prefix. Triggered by the failures in several - autobuilds. - - Closes #3781 +- RELEASE-NOTES: synced -Daniel Gustafsson (14 Apr 2019) -- socksd: Fix typos +- bindlocal: detect and avoid IP version mismatches in bind() - Reviewed-by: Daniel Stenberg + Reported-by: Alex Grebenschikov + Fixes #3993 + Closes #4002 -- socksd: Properly decorate static variables +- multi: make sure 'data' can present in several sockhash entries - Mark global variables static to avoid compiler warning in Clang when - using -Wmissing-variable-declarations. + Since more than one socket can be used by each transfer at a given time, + each sockhash entry how has its own hash table with transfers using that + socket. - Closes #3778 - Reviewed-by: Daniel Stenberg - -Steve Holme (14 Apr 2019) -- md(4|5): Fixed indentation oddities with the importation of replacement code + In addition, the sockhash entry can now be marked 'blocked = TRUE'" + which then makes the delete function just set 'removed = TRUE' instead + of removing it "for real", as a way to not rip out the carpet under the + feet of a parent function that iterates over the transfers of that same + sockhash entry. - The indentation from 211d5329 and 57d6d253 was a little strange as - parts didn't align correctly, uses 4 spaces rather than 2. Checked - the indentation of the original source so it aligns, albeit, using - curl style. - -- md5: Code style to return CURLE_OK rather than numeric 0 + Reported-by: Tom van der Woerdt + Fixes #3961 + Fixes #3986 + Fixes #3995 + Fixes #4004 + Closes #3997 -- md5: Corrected code style for some pointer arguments +- [Sorcus brought this change] -Marcel Raad (13 Apr 2019) -- travis: update some builds to xenial - - Xenial comes with more up-to-date software versions and more available - packages, some of which we currently build from source. Unfortunately, - some builds would fail with Xenial because of assertion failures in - Valgrind when using OpenSSL, so leave these at Trusty. + libcurl-tutorial.3: Fix small typo (mutipart -> multipart) - Closes https://github.com/curl/curl/pull/3777 + Fixed-by: MrSorcus on github + Closes #4000 -Daniel Stenberg (13 Apr 2019) -- test: make tests and test scripts use socksd for SOCKS +- unpause: trigger a timeout for event-based transfers + + ... so that timeouts or other state machine actions get going again + after a changing pause state. For example, if the last delivery was + paused there's no pending socket activity. - Make all SOCKS tests use socksd instead of ssh. + Reported-by: sstruchtrup on github + Fixes #3994 + Closes #4001 -- socksd: new SOCKS 4+5 server for tests +Marcel Raad (9 Jun 2019) +- travis: use xenial LLVM package for scan-build - Closes #3752 + I missed that in commit 99a49d6. -- singleipconnect: show port in the verbose "Trying ..." message +- travis: update scan-build job to xenial - To aid debugging better. + Closes https://github.com/curl/curl/pull/3999 -- [tmilburn brought this change] +Daniel Stenberg (8 Jun 2019) +- bump: start working on 7.65.2 - CURLOPT_ADDRESS_SCOPE: fix range check and more - - Commit 9081014 fixed most of the confusing issues between scope id and - scope however 844896d added bad limits checking assuming that the scope - is being set and not the scope id. - - I have fixed the documentation so it all refers to scope ids. - - In addition Curl_if2ip refered to the scope id as remote_scope_id which - is incorrect, so I renamed it to local_scope_id. +Marcel Raad (5 Jun 2019) +- examples/htmltitle: use C++ casts between pointer types - Adjusted-by: Daniel Stenberg + Compilers and static analyzers warn about using C-style casts here. - Closes #3655 - Closes #3765 - Fixes #3713 + Closes https://github.com/curl/curl/pull/3975 -- urlapi: stricter CURLUPART_PORT parsing - - Only allow well formed decimal numbers in the input. - - Document that the number MUST be between 1 and 65535. +- examples/fopen: fix comparison - Add tests to test 1560 to verify the above. + As want is size_t, (file->buffer_pos - want) is unsigned, so checking + if it's less than zero makes no sense. + Check if file->buffer_pos is less than want instead to avoid the + unsigned integer wraparound. - Ref: https://github.com/curl/curl/issues/3753 - Closes #3762 - -Jay Satiro (13 Apr 2019) -- [Jan Ehrhardt brought this change] + Closes https://github.com/curl/curl/pull/3975 - winbuild: Support MultiSSL builds - - - Remove the lines in winbuild/Makefile.vc that generate an error with - multiple SSL backends. +- build: fix Codacy warnings - - Add /DCURL_WITH_MULTI_SSL in winbuild/MakefileBuild.vc if multiple SSL - backends are set. + Reduce variable scopes and remove redundant variable stores. - Closes https://github.com/curl/curl/pull/3772 + Closes https://github.com/curl/curl/pull/3975 -Daniel Stenberg (12 Apr 2019) -- travis: remove mesalink builds (temporarily?) +- sws: remove unused variables - Since the mesalink build started to fail on travis, even though we build - a fixed release version, we disable it to prevent it from blocking - progress. + Unused since commit 2f44e94. - Closes #3767 + Closes https://github.com/curl/curl/pull/3975 -- openssl: mark connection for close on TLS close_notify - - Without this, detecting and avoid reusing a closed TLS connection - (without a previous GOAWAY) when doing HTTP/2 is tricky. - - Reported-by: Tom van der Woerdt - Fixes #3750 - Closes #3763 +Version 7.65.1 (4 Jun 2019) -- RELEASE-NOTES: synced +Daniel Stenberg (4 Jun 2019) +- RELEASE-NOTES: 7.65.1 -Steve Holme (11 Apr 2019) -- vauth/cleartext: Update the PLAIN login function signature to match RFC 4616 - - Functionally this doesn't change anything as we still use the username - for both the authorisation identity and the authentication identity. - - Closes #3757 +- THANKS: new contributors from 7.65.1 -Daniel Stenberg (11 Apr 2019) -- test1906: verify CURLOPT_CURLU + CURLOPT_PORT usage - - Based-on-code-by: Poul T Lomholt +Steve Holme (4 Jun 2019) +- [Frank Gevaerts brought this change] -- url: always clone the CUROPT_CURLU handle - - Since a few code paths actually update that data. + ssl: Update outdated "openssl-only" comments for supported backends - Fixes #3753 - Closes #3761 + These are for features that used to be openssl-only but were expanded + over time to support other SSL backends. - Reported-by: Poul T Lomholt + Closes #3985 -- CURLOPT_DNS_USE_GLOBAL_CACHE: remove - - Remove the code too. The functionality has been disabled in code since - 7.62.0. Setting this option will from now on simply be ignored and have - no function. +Daniel Stenberg (4 Jun 2019) +- curl_share_setopt.3: improve wording [ci ship] - Closes #3654 + Reported-by: Carlos ORyan -Marcel Raad (11 Apr 2019) -- travis: install libgnutls28-dev only for --with-gnutls build +Steve Holme (4 Jun 2019) +- tool_parsecfg: Use correct return type for GetModuleFileName() - Reduces the time needed for the other jobs a little. + GetModuleFileName() returns a DWORD which is a typedef of an unsigned + long and not an int. - Closes https://github.com/curl/curl/pull/3721 + Closes #3980 -- travis: install libnss3-dev only for --with-nss build - - Reduces the time needed for the other jobs a little. +Daniel Stenberg (3 Jun 2019) +- TODO: "at least N milliseconds between requests" [ci skip] - Closes https://github.com/curl/curl/pull/3721 + Suggested-by: dkwolfe4 on github + Closes #3920 -- travis: install libssh2-dev only for --with-libssh2 build +Steve Holme (2 Jun 2019) +- tests/server/.gitignore: Add socksd to the ignore list - Reduces the time needed for the other jobs a little. + Missed in 04fd6755. - Closes https://github.com/curl/curl/pull/3721 + Closes #3978 -- travis: install libssh-dev only for --with-libssh build +- tool_parsecfg: Fix control flow issue (DEADCODE) - Reduces the time needed for the other jobs a little. + Follow-up to 8144ba38. - Closes https://github.com/curl/curl/pull/3721 + Detected by Coverity CID 1445663 + Closes #3976 -- travis: install krb5-user only for --with-gssapi build - - Reduces the time needed for the other jobs a little. - - Closes https://github.com/curl/curl/pull/3721 +Daniel Stenberg (2 Jun 2019) +- [Sergey Ogryzkov brought this change] -- travis: install lcov only for the coverage job - - Reduces the time needed for the other jobs a little. + NTLM: reset proxy "multipass" state when CONNECT request is done - Closes https://github.com/curl/curl/pull/3721 + Closes #3972 -- travis: install clang only when needed - - This reduces the GCC job runtimes a little and it's needed to - selectively update clang builds to xenial. +- test334: verify HTTP 204 response with chunked coding header - Closes https://github.com/curl/curl/pull/3721 + Verifies that a bodyless response don't parse this content-related + header. -- AppVeyor: enable testing for WinSSL build - - Closes https://github.com/curl/curl/pull/3725 +- [Michael Kaufmann brought this change] -- build: fix Codacy/CppCheck warnings - - - remove unused variables - - declare conditionally used variables conditionally - - suppress unused variable warnings in the CMake tests - - remove dead variable stores - - consistently use WIN32 macro to detect Windows + http: don't parse body-related headers bodyless responses - Closes https://github.com/curl/curl/pull/3739 - -- polarssl_threadlock: remove conditionally unused code + Responses with status codes 1xx, 204 or 304 don't have a response body. For + these, don't parse these headers: - Make functions no-ops if neither both USE_THREADS_POSIX and - HAVE_PTHREAD_H nor both USE_THREADS_WIN32 and HAVE_PROCESS_H are - defined. Previously, if only one of them was defined, there was either - code compiled that did nothing useful or the wrong header included for - the functions used. + - Content-Encoding + - Content-Length + - Content-Range + - Last-Modified + - Transfer-Encoding - Also, move POLARSSL_MUTEX_T define to implementation file as it's not - used externally. + This change ensures that HTTP/2 upgrades work even if a + "Content-Length: 0" or a "Transfer-Encoding: chunked" header is present. - Closes https://github.com/curl/curl/pull/3739 + Co-authored-by: Daniel Stenberg + Closes #3702 + Fixes #3968 + Closes #3977 -- lib557: initialize variables - - These variables are only conditionally initialized. +- tls13-docs: mention it is only for OpenSSL >= 1.1.1 - Closes https://github.com/curl/curl/pull/3739 + Reported-by: Jay Satiro + Co-authored-by: Jay Satiro + Fixes #3938 + Closes #3946 -- lib509: add missing include for strdup +- dump-header.d: spell out that no headers == empty file [ci skip] - Closes https://github.com/curl/curl/pull/3739 + Reported-by: wesinator at github + Fixes #3964 + Closes #3974 -- README.md: fix no-consecutive-blank-lines Codacy warning +- singlesocket: use separate variable for inner loop - Consistently use one blank line between blocks. + An inner loop within the singlesocket() function wrongly re-used the + variable for the outer loop which then could cause an infinite + loop. Change to using a separate variable! - Closes https://github.com/curl/curl/pull/3739 + Reported-by: Eric Wu + Fixes #3970 + Closes #3973 -- tests/server/util: fix Windows Unicode build - - Always use the ANSI version of FormatMessage as we don't have the - curl_multibyte gear available here. - - Closes https://github.com/curl/curl/pull/3758 +- RELEASE-NOTES: synced -Daniel Stenberg (11 Apr 2019) -- curl_easy_getinfo.3: fix minor formatting mistake +- [Josie Huddleston brought this change] -Daniel Gustafsson (11 Apr 2019) -- xattr: skip unittest on unsupported platforms - - The stripcredentials unittest fails to compile on platforms without - xattr support, for example the Solaris member in the buildfarm which - fails with the following: - - CC unit1621-unit1621.o - CC ../libtest/unit1621-first.o - CCLD unit1621 - Undefined first referenced - symbol in file - stripcredentials unit1621-unit1621.o - goto problem 2 - ld: fatal: symbol referencing errors. No output written to .libs/unit1621 - collect2: error: ld returned 1 exit status - gmake[2]: *** [Makefile:996: unit1621] Error 1 + http2: Stop drain from being permanently set on - Fix by excluding the test on such platforms by using the reverse - logic from where stripcredentials() is defined. + Various functions called within Curl_http2_done() can have the + side-effect of setting the Easy connection into drain mode (by calling + drain_this()). However, the last time we unset this for a transfer (by + calling drained_transfer()) is at the beginning of Curl_http2_done(). + If the Curl_easy is reused for another transfer, it is then stuck in + drain mode permanently, which in practice makes it unable to write any + data in the new transfer. - Closes #3759 - Reviewed-by: Daniel Stenberg - -Steve Holme (11 Apr 2019) -- emailL Added reference to RFC8314 for implicit TLS - -- README: Schannel, stop calling it "winssl" + This fix moves the last call to drained_transfer() to later in + Curl_http2_done(), after the functions that could potentially call for a + drain. - Stick to "Schannel" everywhere - follow up to 180501cb. + Fixes #3966 + Closes #3967 + Reported-by: Josie-H -Jakub Zakrzewski (10 Apr 2019) -- cmake: clear CMAKE_REQUIRED_LIBRARIES after each use +Steve Holme (29 May 2019) +- conncache: Remove the DEBUGASSERT on length check - This fixes GSSAPI builds with the libraries in a non-standard location. - The testing for recv() were failing because it failed to link - the Kerberos libraries, which are not needed for this or subsequent - tests. + We trust the calling code as this is an internal function. - fixes #3743 - closes #3744 + Closes #3962 -- cmake: avoid linking executable for some tests with cmake 3.6+ - - With CMAKE_TRY_COMPILE_TARGET_TYPE set to STATIC_LIBRARY, the try_compile() - (which is used by check_c_source_compiles()) will build static library - instead of executable. This avoids linking additional libraries in and thus - speeds up those checks a little. - - This commit also avoids #3743 (GSSAPI build errors) on itself with cmake - 3.6 or above. That issue was fixed separately for all versions. - - Ref: #3744 +Jay Satiro (29 May 2019) +- [Gisle Vanem brought this change] -- cmake: minor cleanup - - - Remove nneeded include_regular_expression. - It was setting what is already a default. + system_win32: fix function prototype - - Remove duplicated include. + - Change if_nametoindex parameter type from char * to const char *. - - Don't check for pre-3.0.0 CMake version. - We already require at least 3.0.0, so it's just clutter. + Follow-up to 09eef8af from this morning. - Ref: #3744 - -Steve Holme (8 Apr 2019) -- build-openssl.bat: Fixed support for OpenSSL v1.1.0+ - -- build-openssl.bat: Perfer the use of if statements rather than goto (where possible) - -- build-openssl.bat: Perform the install for each build type directly after the build - -- build-openssl.bat: Split the install of static and shared build types - -- build-openssl.bat: Split the building of static and shared build types - -- build-openssl.bat: Move the installation into a separate function - -- build-openssl.bat: Move the build step into a separate function - -- build-openssl.bat: Move the OpenSSL configuration into a separate function + Bug: https://github.com/curl/curl/commit/09eef8af#r33716067 -- build-openssl.bat: Fixed the BUILD_CONFIG variable not being initialised +Marcel Raad (29 May 2019) +- appveyor: add Visual Studio solution build - Should the parent environment set this variable then the build might - not be performed as the user intended. - -Daniel Stenberg (8 Apr 2019) -- socks: fix error message + Closes https://github.com/curl/curl/pull/3941 -- config.d: clarify that initial : and = might need quoting [skip ci] +- appveyor: add support for other build systems - Fixes #3738 - Closes #3749 - -- RELEASE-NOTES: synced + Introduce BUILD_SYSTEM variable, which is currently always CMake. - bumped to 7.65.0 for next release + Closes https://github.com/curl/curl/pull/3941 -- socks5: user name and passwords must be shorter than 256 +Steve Holme (29 May 2019) +- url: Load if_nametoindex() dynamically from iphlpapi.dll on Windows - bytes... since the protocol needs to store the length in a single byte field. + This fixes the static dependency on iphlpapi.lib and allows curl to + build for targets prior to Windows Vista. - Reported-by: XmiliaH on github - Fixes #3737 - Closes #3740 - -- [Jakub Zakrzewski brought this change] - - test: urlapi: urlencode characters above 0x7f correctly - -- [Jakub Zakrzewski brought this change] - - urlapi: urlencode characters above 0x7f correctly + This partially reverts 170bd047. - fixes #3741 - Closes #3742 + Fixes #3960 + Closes #3958 -- [Even Rouault brought this change] +Daniel Stenberg (29 May 2019) +- http: fix "error: equality comparison with extraneous parentheses" - multi_runsingle(): fix use-after-free +- parse_proxy: make sure portptr is initialized - Fixes #3745 - Closes #3746 + Reported-by: Benbuck Nason - The following snippet - ``` + fixes #3959 + +- url: default conn->port to the same as conn->remote_port - int main() - { - CURL* hCurlHandle = curl_easy_init(); - curl_easy_setopt(hCurlHandle, CURLOPT_URL, "http://example.com"); - curl_easy_setopt(hCurlHandle, CURLOPT_PROXY, "1"); - curl_easy_perform(hCurlHandle); - curl_easy_cleanup(hCurlHandle); - return 0; - } - ``` - triggers the following Valgrind warning + ... so that it has a sensible value when ConnectionExists() is called which + needs it set to differentiate host "bundles" correctly on port number! - ``` - ==4125== Invalid read of size 8 - ==4125== at 0x4E7D1EE: Curl_llist_remove (llist.c:97) - ==4125== by 0x4E7EF5C: detach_connnection (multi.c:798) - ==4125== by 0x4E80545: multi_runsingle (multi.c:1451) - ==4125== by 0x4E8197C: curl_multi_perform (multi.c:2072) - ==4125== by 0x4E766A0: easy_transfer (easy.c:625) - ==4125== by 0x4E76915: easy_perform (easy.c:719) - ==4125== by 0x4E7697C: curl_easy_perform (easy.c:738) - ==4125== by 0x4008BE: main (in /home/even/curl/test) - ==4125== Address 0x9b3d1d0 is 1,120 bytes inside a block of size 1,600 free'd - ==4125== at 0x4C2ECF0: free (vg_replace_malloc.c:530) - ==4125== by 0x4E62C36: conn_free (url.c:756) - ==4125== by 0x4E62D34: Curl_disconnect (url.c:818) - ==4125== by 0x4E48DF9: Curl_once_resolved (hostip.c:1097) - ==4125== by 0x4E8052D: multi_runsingle (multi.c:1446) - ==4125== by 0x4E8197C: curl_multi_perform (multi.c:2072) - ==4125== by 0x4E766A0: easy_transfer (easy.c:625) - ==4125== by 0x4E76915: easy_perform (easy.c:719) - ==4125== by 0x4E7697C: curl_easy_perform (easy.c:738) - ==4125== by 0x4008BE: main (in /home/even/curl/test) - ==4125== Block was alloc'd at - ==4125== at 0x4C2F988: calloc (vg_replace_malloc.c:711) - ==4125== by 0x4E6438E: allocate_conn (url.c:1654) - ==4125== by 0x4E685B4: create_conn (url.c:3496) - ==4125== by 0x4E6968F: Curl_connect (url.c:4023) - ==4125== by 0x4E802E7: multi_runsingle (multi.c:1368) - ==4125== by 0x4E8197C: curl_multi_perform (multi.c:2072) - ==4125== by 0x4E766A0: easy_transfer (easy.c:625) - ==4125== by 0x4E76915: easy_perform (easy.c:719) - ==4125== by 0x4E7697C: curl_easy_perform (easy.c:738) - ==4125== by 0x4008BE: main (in /home/even/curl/test) - ``` + Also, make conncache:hashkey() use correct port for bundles that are proxy vs + host connections. - This has been bisected to commit 2f44e94 + Probably a regression from 7.62.0 - Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14109 - Credit to OSS Fuzz + Reported-by: Tom van der Woerdt + Fixes #3956 + Closes #3957 -- pipelining: removed - - As previously planned and documented in DEPRECATE.md, all pipelining - code is removed. +- conncache: make "bundles" per host name when doing proxy tunnels - Closes #3651 - -- [cclauss brought this change] - - tests: make Impacket (SMB server) Python 3 compatible + Only HTTP proxy use where multiple host names can be used over the same + connection should use the proxy host name for bundles. - Closes #3731 - Fixes #3289 - -Marcel Raad (6 Apr 2019) -- [Simon Warta brought this change] + Reported-by: Tom van der Woerdt + Fixes #3951 + Closes #3955 - cmake: set SSL_BACKENDS +- multi: track users of a socket better - This groups all SSL backends into the feature "SSL" and sets the - SSL_BACKENDS analogue to configure.ac + They need to be removed from the socket hash linked list with more care. - Closes https://github.com/curl/curl/pull/3736 - -- [Simon Warta brought this change] - - cmake: don't run SORT on empty list + When sh_delentry() is called to remove a sockethash entry, remove all + individual transfers from the list first. To enable this, each Curl_easy struct + now stores a pointer to the sockethash entry to know how to remove itself. - In case of an empty list, SORTing leads to the cmake error "list - sub-command SORT requires list to be present." + Reported-by: Tom van der Woerdt and Kunal Ekawde - Closes https://github.com/curl/curl/pull/3736 - -Daniel Gustafsson (5 Apr 2019) -- [Eli Schwartz brought this change] + Fixes #3952 + Fixes #3904 + Closes #3953 - configure: fix default location for fish completions - - Fish defines a vendor completions directory for completions that are not - installed as part of the fish project itself, and the vendor completions - are preferred if they exist. This prevents trying to overwrite the - builtin curl.fish completion (or creating file conflicts in distro - packaging). +Steve Holme (28 May 2019) +- curl-win32.h: Enable Unix Domain Sockets based on the Windows SDK version - Prefer the pkg-config defined location exported by fish, if it can be - found, and fall back to the correct directory defined by most systems. + Microsoft added support for Unix Domain Sockets in Windows 10 1803 + (RS4). Rather than expect the user to enable Unix Domain Sockets by + uncommenting the #define that was added in 0fd6221f we use the RS4 + pre-processor variable that is present in newer versions of the + Windows SDK. - Closes #3723 - Reviewed-by: Daniel Gustafsson + Closes #3939 -Marcel Raad (5 Apr 2019) -- ftplistparser: fix LGTM alert "Empty block without comment" - - Removing the block is consistent with line 954/957. +Daniel Stenberg (28 May 2019) +- [Jonas Vautherin brought this change] + + cmake: support CMAKE_OSX_ARCHITECTURES when detecting SIZEOF variables - Closes https://github.com/curl/curl/pull/3732 + Closes #3945 -- transfer: fix LGTM alert "Comparison is always true" +Marcel Raad (27 May 2019) +- HAProxy tests: add keywords - Just remove the redundant condition, which also makes it clear that - k->buf is always 0-terminated if this break is not hit. + Add the proxy and haproxy keywords in order to be able to exclude or + run these specific tests. - Closes https://github.com/curl/curl/pull/3732 + Closes https://github.com/curl/curl/pull/3949 -Jay Satiro (4 Apr 2019) -- [Rikard Falkeborn brought this change] +Daniel Stenberg (27 May 2019) +- [Maksim Stsepanenka brought this change] - smtp: fix compiler warning - - - Fix clang string-plus-int warning. - - Clang 8 warns about adding a string to an int does not append to the - string. Indeed it doesn't, but that was not the intention either. Use - array indexing as suggested to silence the warning. There should be no - functional changes. - - (In other words clang warns about "foo"+2 but not &"foo"[2] so use the - latter.) - - smtp.c:1221:29: warning: adding 'int' to a string does not append to the - string [-Wstring-plus-int] - eob = strdup(SMTP_EOB + 2); - ~~~~~~~~~~~~~~~~^~~~ + tests: make test 1420 and 1406 work with rtsp-disabled libcurl - Closes https://github.com/curl/curl/pull/3729 + Closes #3948 diff --git a/libs/libcurl/docs/THANKS b/libs/libcurl/docs/THANKS index af74c0bd6a..82d7d8f1dc 100644 --- a/libs/libcurl/docs/THANKS +++ b/libs/libcurl/docs/THANKS @@ -4,15 +4,15 @@ If you have contributed but are missing here, please let us know! -"Captain Basil" -"Spoon Man" 1ocalhost on github 3dyd on github Aaro Koskinen Aaron Oneal Aaron Orenstein Aaron Scarisbrick +aasivov on github Abram Pousada +accountantM on github AceCrow on Github Adam Barclay Adam Brown @@ -24,10 +24,13 @@ Adam Marcionek Adam Piggott Adam Sampson Adam Tkac +adnn on github Adrian Burcea Adrian Peniak Adrian Schuur Adriano Meirelles +afrind on github +ahodesuka on github Ajit Dhumale Akhil Kedia Aki Koskinen @@ -46,6 +49,7 @@ Ales Mlakar Ales Novak Alessandro Ghedini Alessandro Vesely +Alex aka WindEagle Alex Baines Alex Bligh Alex Chan @@ -63,7 +67,6 @@ Alex Rousskov Alex Samorukov Alex Suykov Alex Vinnik -Alex aka WindEagle Alexander Beedie Alexander Dyagilev Alexander Elgert @@ -94,6 +97,7 @@ Amr Shahin Anatol Belski Anatoli Tubman Anders Bakken +Anders Berg Anders Gustafsson Anders Havn Anders Roxell @@ -127,6 +131,7 @@ Andrej E Baranov Andrew Benham Andrew Biggs Andrew Bushnell +Andrew de los Reyes Andrew Francis Andrew Fuller Andrew Ishchuk @@ -134,16 +139,18 @@ Andrew Krieger Andrew Kurushin Andrew Lambert Andrew Moise +Andrew Potter Andrew Robbins Andrew Wansink -Andrew de los Reyes Andrey Labunets Andrii Moiseiev +Andrius Merkys Andrés García Andy Cedilnik Andy Serpa Andy Tsouladze Angus Mackay +anshnd on github Anthon Pang Anthony Avina Anthony Bryan @@ -159,6 +166,7 @@ Antoni Villalonga Antonio Larrosa Antony74 on github Antti Hätälä +arainchik on github Archangel_SDY on github Arkadiusz Miskiewicz Armel Asselin @@ -166,15 +174,18 @@ Arnaud Compan Arnaud Ebalard Arnaud Rebillout Aron Bergman +Aron Rotteveel Artak Galoyan Arthur Murray Arve Knudsen Arvid Norberg +asavah on github Ashish Shukla Ask Bjørn Hansen Askar Safin Ates Goral Augustus Saunders +Austin Green Avery Fay Axel Tillequin Ayoub Boudhar @@ -190,6 +201,8 @@ Bas Mevissen Bas van Schaik Bastien Bouclet Basuke Suzuki +baumanj on github +bdry on github Ben Boeckel Ben Darnell Ben Greear @@ -231,9 +244,11 @@ Bjorn Augustsson Bjorn Reese Björn Stenberg Blaise Potard +bnfp on github Bob Relyea Bob Richmond Bob Schader +bobmitchell1956 on github Bogdan Nicula Brad Burdick Brad Fitzpatrick @@ -242,6 +257,7 @@ Brad Hards Brad King Brad Spencer Bradford Bruce +bramus on github Brandon Casey Brandon Dong Brandon Wang @@ -262,11 +278,14 @@ Brock Noland Bru Rom Bruce Mitchener Bruce Stephens +Bruno de Carvalho Bruno Grasselli Bruno Thomsen -Bruno de Carvalho Bryan Henderson Bryan Kemp +bsammon on github +buzo-ffm on github +bxac on github Bylon2 on github Byrial Jensen Caleb Raitto @@ -274,6 +293,7 @@ Cameron Kaiser Cameron MacMinn Camille Moncelier Caolan McNamara +Captain Basil Carie Pointer Carlo Cannas Carlo Marcelo Arenas Belón @@ -283,6 +303,8 @@ Carlos ORyan Carsten Lange Casey O'Donnell Catalin Patulea +cbartl on github +cclauss on github Chad Monroe Chandrakant Bagul Charles Kerr @@ -330,11 +352,14 @@ Ciprian Badescu Claes Jakobsson Clarence Gardner Claudio Neves +clbr on github Clemens Gruber Cliff Crosland Clifford Wolf Clint Clayton Clément Notin +cmfrolick on github +codesniffer13 on github Cody Jones Cody Mack Colby Ranger @@ -347,10 +372,13 @@ Cory Benfield Cory Nelson Costya Shulyupin Craig A West +Craig Andrews Craig Davison -Craig Markwardt Craig de Stigter +Craig Markwardt +crazydef on github Cris Bailiff +Cristian Greco Cristian Rodríguez Curt Bogmine Cynthia Coan @@ -359,7 +387,9 @@ Cyrill Osterwalder Cédric Connes Cédric Deltheil D. Flinkmann +d912e3 on github Da-Yoon Chung +daboul on github Dag Ekengren Dagobert Michelsen Dair Grant @@ -379,6 +409,7 @@ Dan Nelson Dan Petitt Dan Torop Dan Zitter +Daniel at touchtunes Daniel Bankhead Daniel Black Daniel Cater @@ -391,6 +422,7 @@ Daniel Kahn Gillmor Daniel Krügler Daniel Lee Hwang Daniel Lublin +Daniel Marjamäki Daniel Melani Daniel Mentz Daniel Romero @@ -401,13 +433,13 @@ Daniel Silverstone Daniel Steinberg Daniel Stenberg Daniel Theron -Daniel at touchtunes Daphne Luong Dario Nieuwenhuis Dario Weißer Darryl House Darshan Mody Darío Hereñú +dasimx on github Dave Dribin Dave Halbakken Dave Hamilton @@ -435,6 +467,7 @@ David Kimdon David L. David Lang David LeBlanc +David Lopes David Lord David McCreedy David Odin @@ -451,6 +484,7 @@ David Walser David Woodhouse David Wright David Yan +dbrowndan on github Dengminwen Denis Chaplygin Denis Feklushkin @@ -458,6 +492,7 @@ Denis Ollier Dennis Clarke Derek Higgins Desmond O. Chang +destman on github Detlef Schmier Dheeraj Sangamkar Didier Brisebourg @@ -476,9 +511,12 @@ Dinar Dirk Eddelbuettel Dirk Feytons Dirk Manske +dkjjr89 on github +dkwolfe4 on github Dmitri Shubin Dmitri Tikhonov Dmitriy Sergeyev +dmitrmax on github Dmitry Bartsevich Dmitry Eremin-Solenikov Dmitry Falko @@ -488,6 +526,7 @@ Dmitry Mikhirev Dmitry Popov Dmitry Rechkin Dmitry S. Baikov +dnivras on github Dolbneff A.V Domenico Andreoli Dominick Meglio @@ -505,7 +544,9 @@ Douglas Mencken Douglas R. Horner Douglas Steinwand Dov Murik +dpull on github Drake Arconis +dtmsecurity on github Duane Cathey Duncan Mac-Vicar Prett Dustin Boswell @@ -520,6 +561,7 @@ Earnestly on github Eason-Yu on github Ebenezer Ikonne Ed Morley +Edgaras Janušauskas Edin Kadribasic Edmond Yu Eduard Bloch @@ -531,11 +573,14 @@ Eelco Dolstra Eetu Ojanen Egon Eckert Eldar Zaitov +elelel on github +elephoenix on github Eli Schwartz Elia Tufarolo Elliot Saba Ellis Pritchard Elmira A Semenova +elsamuko on github Emanuele Bovisio Emil Engler Emil Lerner @@ -581,6 +626,7 @@ Even Rouault Evert Pot Evgeny Grin Evgeny Turnaev +eXeC64 on github Eygene Ryabinkin Fabian Frank Fabian Hiernaux @@ -589,13 +635,14 @@ Fabian Ruff Fabrice Fontaine Fabrizio Ammollo Fahim Chandurwala +Faizur Rahman Federico Bianchi Fedor Karpelevitch Feist Josselin Felix Hädicke Felix Kaiser -Felix Yan Felix von Leitner +Felix Yan Feng Tu Fernando Muñoz Flavio Medeiros @@ -683,6 +730,7 @@ Grigory Entin Guenole Bescon Guido Berhoerster Guillaume Arluison +guitared on github Gunter Knauf Gustaf Hui Gustavo Grieco @@ -694,6 +742,7 @@ Götz Babin-Ebell Hagai Auro Haibo Huang Hamish Mackenzie +hamstergene on github Han Han Han Qiao Hang Kin Lau @@ -729,6 +778,7 @@ Hoi-Ho Chan Hongli Lai Howard Blaise Howard Chu +hsiao yi Hubert Kario Huzaifa Sidhpurwala Hzhijun @@ -750,8 +800,10 @@ Iida Yosiaki Ilguiz Latypov Ilja van Sprundel Ilya Kosarev +imilli on github Immanuel Gregoire Inca R +infinnovation-dev on github Ingmar Runge Ingo Ralf Blum Ingo Wilken @@ -763,7 +815,9 @@ Isaiah Norton Ishan SinghLevett Ithubg on github Ivan Avdeev +IvanoG on github Ivo Bellin Salarin +iz8mbw on github Jack Zhang Jackarain on github Jacky Lam @@ -773,6 +827,7 @@ Jacob Moshenko Jactry Zeng Jad Chamcham Jaime Fullaondo +jakirkham on github Jakub Wilk Jakub Zakrzewski James Atwill @@ -782,6 +837,7 @@ James Cheng James Clancy James Cone James Dury +James Fuller James Gallagher James Griffiths James Housley @@ -805,6 +861,7 @@ Jared Jennings Jared Lundell Jari Aalto Jari Sundell +jasal82 on github Jason Baietto Jason Glasgow Jason Juang @@ -861,6 +918,7 @@ Jesper Jensen Jesse Chisholm Jesse Noller Jesse Tan +jethrogb on github Jie He Jim Drash Jim Freeman @@ -872,6 +930,7 @@ Jiri Dvorak Jiri Hruska Jiri Jaburek Jiří Malák +jnbr on github Jocelyn Jaubert Joe Halpin Joe Malicki @@ -923,6 +982,7 @@ Jojojov on github Jon DeVree Jon Grubbs Jon Nelson +Jon Rumsey Jon Sargeant Jon Seymour Jon Spencer @@ -940,6 +1000,7 @@ Jonathan Hseu Jonathan Moerman Jonathan Nieder Jongki Suwandi +jonrumsey on github Joombalaya on github Joonas Kuorilehto Jose Alf @@ -947,6 +1008,7 @@ Jose Kahan Josef Wolf Josh Bialkowski Josh Kapell +joshhe on github Joshua Kwan Joshua Swink Josie Huddleston @@ -969,6 +1031,7 @@ Julien Chaffraix Julien Nabet Julien Royer Jun-ichiro itojun Hagino +jungle-boogie on github Junho Choi Jurij Smakov Juro Bystricky @@ -977,11 +1040,14 @@ Justin Ehlert Justin Fletcher Justin Karneges Justin Maggard +jveazey on github +jzinn on github János Fekete Jérémy Rocher Jörg Mueller-Tolk Jörn Hartroth K. R. Walker +ka7 on github Kai Engert Kai Noda Kai Sommerfeld @@ -1028,11 +1094,14 @@ Kobi Gurkan Koen Dergent Konstantin Isakov Konstantin Kushnir +kouzhudong on github +kreshano on github Kris Kennaway Krishnendu Majumdar Krister Johansen Kristian Gunstone Kristian Köhntopp +Kristian Mide Kristiyan Tsaklev Kristoffer Gleditsch Kunal Ekawde @@ -1044,6 +1113,7 @@ Kyle L. Huff Kyle Sallee Kyohei Kadota Kyselgov E.N +l00p3r on Hackerone Lachlan O'Dea Ladar Levison Lance Ware @@ -1073,11 +1143,13 @@ Len Krause Len Marinaccio Lenaic Lefever Lenny Rachitsky +Leo Neat Leon Breedt Leon Winter Leonardo Rosati Leonardo Taccari Liam Healy +lijian996 on github Lijo Antony Linas Vepstas Lindley French @@ -1106,6 +1178,7 @@ Ludovico Cavedon Ludwig Nussel Lukas Ruzicka Lukasz Czekierda +lukaszgn on github Luke Amery Luke Call Luke Dashjr @@ -1115,10 +1188,10 @@ Luz Paz Luật Nguyễn Lyman Epp Lyndon Hill -MAntoniak on github Maciej Karpiuk Maciej Puzio Maciej W. Rozycki +madblobfish on github Mahmoud Samir Fayed Maks Naumov Maksim Kuzevanov @@ -1127,6 +1200,7 @@ Mamoru Tasaka Mamta Upadhyay Mandy Wu Manfred Schwarb +MAntoniak on github Manuel Massing Marc Aldorasi Marc Boucher @@ -1138,6 +1212,7 @@ Marc Kleine-Budde Marc Renault Marc Schlatter Marc-Antoine Perennou +marc-groundctl on github Marcel Hernandez Marcel Raad Marcel Roelofs @@ -1197,6 +1272,7 @@ Martin Storsjö Martin Vejnár Marty Kuhrt Maruko +masbug on github Massimiliano Fantuzzi Massimiliano Ziccardi Massimo Callegari @@ -1235,6 +1311,8 @@ Maxim Perenesenko Maxim Prohorov Maxime Larocque Maxime Legros +mbeifuss on github +mccormickt12 on github Mehmet Bozkurt Mekonikum Melissa Mears @@ -1284,6 +1362,7 @@ Michel Promonet Michele Bini Miguel Angel Miguel Diaz +migueljcrum on github Mihai Ionescu Mikael Johansson Mikael Sennerholm @@ -1292,11 +1371,13 @@ Mike Bytnar Mike Crowe Mike Dobbs Mike Dowell +Mike Frysinger Mike Giancola Mike Hasselberg Mike Henshaw Mike Hommey Mike Mio +Mike Norton Mike Power Mike Protts Mike Revi @@ -1305,19 +1386,24 @@ Miloš Ljumović Mingliang Zhu Miroslav Franc Miroslav Spousta +Mischa Salle Mitz Wark +mkzero on github Mohamed Lrhazi Mohammad AlSaleh Mohammad Hasbini Mohun Biswas +momala454 on github +moohoorama on github Mostyn Bramley-Moore Moti Avrahami +MrdUkk on github MrSorcus on github Muz Dima Myk Taylor -NTMan on Github Nach M. S. Nagai H +naost3rn on github Nate Prewitt Nathan Coulter Nathan O'Sullivan @@ -1327,12 +1413,18 @@ Nathaniel Waisbrot Naveen Chandran Naveen Noel Neal Poole +nedres on github +neex on github Nehal J Wani +neheb on github Neil Bowers Neil Dunbar Neil Kolban Neil Spring +nevv on HackerOne/curl Niall O'Reilly +niallor on github +nianxuejie on github Nic Roets Nicholas Maniscalco Nick Draffen @@ -1342,10 +1434,12 @@ Nick Miyake Nick Zitzmann Nicklas Avén Nico Baggus +nico-abram on github Nicolas Berloquin Nicolas Croiset Nicolas François Nicolas Grekas +Nicolas Guillier Nicolas Morey-Chaisemartin Niels van Tongeren Nikita Schmidt @@ -1355,14 +1449,18 @@ Niklas Hambüchen Nikolai Kondrashov Nikos Mavrogiannopoulos Nikos Tsipinakis +niner on github Ning Dong Nir Soffer Nis Jorgensen +nk Nobuhiro Ban Nodak Sodak +nopjmp on github Norbert Frese Norbert Kett Norbert Novotny +NTMan on Github Octavio Schroeder Ofer Okhin Vasilij @@ -1371,6 +1469,7 @@ Olaf Flebbe Olaf Stüben Oleg Pudeyev Olen Andoni +olesteban on github Oli Kingshott Oliver Gondža Oliver Graute @@ -1379,15 +1478,18 @@ Oliver Schindler Olivier Berger Olivier Brunel Omar Ramadan +omau on github Orange Tsai Oren Souroujon Oren Tirosh Orgad Shaneh Ori Avtalion +osabc on github Oscar Koeroo Oscar Norlander Oskar Liljeblad Oumph on github +ovidiu-benea on github P R Schaffner Palo Markovic Paolo Mossino @@ -1398,6 +1500,8 @@ Pascal Terjan Pasha Kuznetsov Pasi Karkkainen Pat Ray +patelvivekv1993 on github +patnyb on github Patrice Guerin Patricia Muscalu Patrick Bihan-Faou @@ -1435,11 +1539,14 @@ Pavel Orehov Pavel Pavlov Pavel Raiskup Pavel Rochnyak +Pavel Volgarev Pavol Markovic Pawel A. Gajda Pawel Kierski Pedro Larroy +Pedro Monreal Pedro Neves +pendrek at hackerone Peng Li Per Lundberg Per Malmberg @@ -1492,6 +1599,7 @@ Pierre Brico Pierre Chapuis Pierre Joye Pierre Ynard +Pierre-Yves Bigourdan Piotr Dobrogost Piotr Komborski Po-Chuan Hsieh @@ -1502,6 +1610,7 @@ Prash Dush Praveen Pvs Priyanka Shah Przemysław Tomaszewski +pszemus on github Puneet Pawaia Quagmire Quanah Gibson-Mount @@ -1594,6 +1703,7 @@ Rob Ward Robert A. Monat Robert B. Harris Robert D. Young +Robert Dunaj Robert Foreman Robert Iakobashvili Robert Kolcun @@ -1637,6 +1747,7 @@ Ruslan Baratov Ruslan Gazizov Rutger Hofman Ruurd Beerstra +RuurdBeerstra on github Ryan Braud Ryan Chan Ryan Nelson @@ -1646,8 +1757,6 @@ Ryan Winograd Ryuichi KAWAMATA Rémy Léone S. Moonesamy -SBKarr on github -SLDiggie on github Salah-Eddin Shaban Salvador Dávila Salvatore Sorrentino @@ -1670,6 +1779,8 @@ Saran Neti Sascha Swiercy Saul good Saurav Babu +sayrer on github +SBKarr on github Scott Bailey Scott Barrett Scott Cantor @@ -1715,23 +1826,29 @@ Shmulik Regev Siddhartha Prakash Jain Sidney San Martín Siegfried Gyuricsko +silveja1 on github Simon Dick Simon H. Simon Josefsson Simon Legner Simon Liu Simon Warta +SLDiggie on github +smuellerDD on github Somnath Kundu Song Ma Sonia Subramanian Spacen Jasset Spezifant on github Spiridonoff A.V +Spoon Man Spork Schivago +sstruchtrup on github Stadler Stephan Stan van de Burgt Stanislav Ivochkin Stanislav Zidek +steelman on github Stefan Agner Stefan Bühler Stefan Eissing @@ -1745,6 +1862,7 @@ Stefan Tomanek Stefan Ulrich Stefano Simonelli Steinar H. Gunderson +steini2000 on github Stepan Broz Stephan Bergmann Stephan Lagerholm @@ -1773,26 +1891,29 @@ Steven M. Schweda Steven Parkes Stian Soiland-Reyes Stoned Elipot +stootill on github Stuart Henderson SumatraPeter on github Sune Ahlgren +Sunny Bean Sunny Purushe Sven Anders Sven Blumenstein Sven Neuhaus Sven Wegener Svyatoslav Mishyn +swalkaus at yahoo.com Sylvestre Ledru Symeon Paraschoudis Sébastien Willemijns T. Bharath T. Yamada -TJ Saunders Tae Hyoung Ahn Tae Wong Taiyu Len Taneli Vähäkangas Tanguy Fautre +tarek112 on github Tatsuhiro Tsujikawa Teemu Yli-Elsila Temprimus @@ -1801,6 +1922,7 @@ Terry Wu The Infinnovation team TheAssassin on github Theodore Dubois +tholin on github Thomas Braun Thomas Gamper Thomas Glanzmann @@ -1812,8 +1934,8 @@ Thomas Petazzoni Thomas Ruecker Thomas Schwinge Thomas Tonino -Thomas Vegas Thomas van Hesteren +Thomas Vegas Thorsten Schöning Tiit Pikma Till Maas @@ -1837,7 +1959,9 @@ Timotej Lazar Timothe Litt Timothy Polich Tinus van den Berg +TJ Saunders Tobias Blomberg +Tobias Hieta Tobias Hintze Tobias Lindgren Tobias Markus @@ -1860,9 +1984,9 @@ Tom Mueller Tom Regner Tom Seddon Tom Sparrow +Tom van der Woerdt Tom Wright Tom Zerucha -Tom van der Woerdt Tomas Hoger Tomas Jakobsson Tomas Mlcoch @@ -1873,16 +1997,19 @@ Tomas Tomecek Tomasz Kojm Tomasz Lacki Tommie Gannert +tommink[at]post.pl Tommy Tam Ton Voon Toni Moreno Tony Kelman +tonystz on Github Toon Verwaest Tor Arntsen Torben Dannhauer Torsten Foertsch Toshio Kuratomi Toshiyuki Maezawa +tpaukrt on github Traian Nicolescu Travis Burtrum Travis Obenhaus @@ -1901,6 +2028,7 @@ Ulrich Telle Ulrich Zadow Valentin David Valerii Zapodovnikov +vanillajonathan on github Vasiliy Faronov Vasily Lobaskin Vasy Okhin @@ -1932,6 +2060,7 @@ Vojtech Minarik Vojtěch Král Volker Schmid Vsevolod Novikov +vshmuk on hackerone W. Mark Kubacki Waldek Kozba Walter J. Mack @@ -1941,6 +2070,7 @@ Wayne Haigh Wenchao Li Wenxiang Qian Werner Koch +wesinator on github Wesley Laxton Wesley Miaw Wez Furlong @@ -1950,6 +2080,8 @@ Will Dietz Willem Sparreboom William A. Rowe Jr William Ahern +wmsch on github +wncboy on github Wojciech Zwiefka Wouter Van Rooy Wu Yongzheng @@ -1968,10 +2100,12 @@ Yasuhiro Matsumoto Yechiel Kalmenson Yehezkel Horowitz Yehoshua Hershberg +ygthien on github Yi Huang Yiming Jing Yingwei Liu Yonggang Luo +youngchopin on github Yousuke Kimoto Yu Xin Yukihiro Kawada @@ -1982,6 +2116,7 @@ Yves Lejeune Zachary Seguin Zdenek Pavlas Zekun Ni +zelinchen on github Zenju on github Zero King Zhao Yisha @@ -1990,105 +2125,9 @@ Zhibiao Wu Zhouyihai Ding Zmey Petroff Zvi Har'El -aasivov on github -accountantM on github -adnn on github -afrind on github -ahodesuka on github -anshnd on github -arainchik on github -asavah on github -baumanj on github -bdry on github -bobmitchell1956 on github -bsammon on github -buzo-ffm on github -bxac on github -cbartl on github -cclauss on github -clbr on github -cmfrolick on github -codesniffer13 on github -d912e3 on github -daboul on github -dasimx on github -dbrowndan on github -destman on github -dkjjr89 on github -dkwolfe4 on github -dnivras on github -dpull on github -dtmsecurity on github -eXeC64 on github -elelel on github -elephoenix on github -elsamuko on github -guitared on github -hsiao yi -imilli on github -infinnovation-dev on github -iz8mbw on github -jakirkham on github -jasal82 on github -jnbr on github -jonrumsey on github -joshhe on github -jungle-boogie on github -jveazey on github -jzinn on github -ka7 on github -kouzhudong on github -kreshano on github -l00p3r on Hackerone -lijian996 on github -lukaszgn on github -madblobfish on github -marc-groundctl on github -masbug on github -mccormickt12 on github -migueljcrum on github -mkzero on github -momala454 on github -moohoorama on github -nedres on github -neex on github -neheb on github -nevv on HackerOne/curl -niallor on github -nianxuejie on github -nico-abram on github -niner on github -nk -nopjmp on github -olesteban on github -omau on github -osabc on github -ovidiu-benea on github -patelvivekv1993 on github -patnyb on github -pendrek at hackerone -pszemus on github -sayrer on github -silveja1 on github -smuellerDD on github -sstruchtrup on github -steelman on github -steini2000 on github -stootill on github -swalkaus at yahoo.com -tarek112 on github -tholin on github -tommink[at]post.pl -tonystz on Github -tpaukrt on github -vanillajonathan on github -wesinator on github -wmsch on github -wncboy on github -youngchopin on github -zelinchen on github zzq1015 on github İsmail Dönmez Łukasz Domeradzki Štefan Kremeň Никита Дорохин +加藤郁之 diff --git a/libs/libcurl/include/curl/curl.h b/libs/libcurl/include/curl/curl.h index a9754fd648..b7cb30a581 100644 --- a/libs/libcurl/include/curl/curl.h +++ b/libs/libcurl/include/curl/curl.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -38,12 +38,12 @@ #include "system.h" /* determine things run-time */ /* - * Define WIN32 when build target is Win32 API + * Define CURL_WIN32 when build target is Win32 API */ -#if (defined(_WIN32) || defined(__WIN32__)) && \ - !defined(WIN32) && !defined(__SYMBIAN32__) -#define WIN32 +#if (defined(_WIN32) || defined(__WIN32__) || defined(WIN32)) && \ + !defined(__SYMBIAN32__) +#define CURL_WIN32 #endif #include @@ -58,7 +58,7 @@ #include #include -#if defined(WIN32) && !defined(_WIN32_WCE) && !defined(__CYGWIN__) +#if defined(CURL_WIN32) && !defined(_WIN32_WCE) && !defined(__CYGWIN__) #if !(defined(_WINSOCKAPI_) || defined(_WINSOCK_H) || \ defined(__LWIP_OPT_H__) || defined(LWIP_HDR_OPT_H)) /* The check above prevents the winsock2 inclusion if winsock.h already was @@ -79,11 +79,11 @@ #include #endif -#if !defined(WIN32) && !defined(_WIN32_WCE) +#if !defined(CURL_WIN32) && !defined(_WIN32_WCE) #include #endif -#if !defined(WIN32) && !defined(__WATCOMC__) && !defined(__VXWORKS__) +#if !defined(CURL_WIN32) && !defined(__WATCOMC__) && !defined(__VXWORKS__) #include #endif @@ -114,7 +114,7 @@ typedef void CURLSH; #ifdef CURL_STATICLIB # define CURL_EXTERN -#elif defined(WIN32) || defined(__SYMBIAN32__) || \ +#elif defined(CURL_WIN32) || defined(__SYMBIAN32__) || \ (__has_declspec_attribute(dllexport) && \ __has_declspec_attribute(dllimport)) # if defined(BUILDING_LIBCURL) @@ -130,7 +130,7 @@ typedef void CURLSH; #ifndef curl_socket_typedef /* socket typedef */ -#if defined(WIN32) && !defined(__LWIP_OPT_H__) && !defined(LWIP_HDR_OPT_H) +#if defined(CURL_WIN32) && !defined(__LWIP_OPT_H__) && !defined(LWIP_HDR_OPT_H) typedef SOCKET curl_socket_t; #define CURL_SOCKET_BAD INVALID_SOCKET #else @@ -609,6 +609,7 @@ typedef enum { CURLE_AUTH_ERROR, /* 94 - an authentication function returned an error */ CURLE_HTTP3, /* 95 - An HTTP/3 layer problem */ + CURLE_QUIC_CONNECT_ERROR, /* 96 - QUIC connection error */ CURL_LAST /* never use! */ } CURLcode; @@ -943,77 +944,58 @@ typedef enum { /* *STRINGPOINT is an alias for OBJECTPOINT to allow tools to extract the string options from the header file */ -/* name is uppercase CURLOPT_, - type is one of the defined CURLOPTTYPE_ - number is unique identifier */ -#ifdef CINIT -#undef CINIT -#endif -#ifdef CURL_ISOCPP -#define CINIT(na,t,nu) CURLOPT_ ## na = CURLOPTTYPE_ ## t + nu -#else -/* The macro "##" is ISO C, we assume pre-ISO C doesn't support it. */ -#define LONG CURLOPTTYPE_LONG -#define OBJECTPOINT CURLOPTTYPE_OBJECTPOINT -#define STRINGPOINT CURLOPTTYPE_OBJECTPOINT -#define SLISTPOINT CURLOPTTYPE_OBJECTPOINT -#define FUNCTIONPOINT CURLOPTTYPE_FUNCTIONPOINT -#define OFF_T CURLOPTTYPE_OFF_T -#define CINIT(name,type,number) CURLOPT_/**/name = type + number -#endif +#define CURLOPT(na,t,nu) na = t + nu /* handy aliases that make no run-time difference */ #define CURLOPTTYPE_STRINGPOINT CURLOPTTYPE_OBJECTPOINT #define CURLOPTTYPE_SLISTPOINT CURLOPTTYPE_OBJECTPOINT /* - * This macro-mania below setups the CURLOPT_[what] enum, to be used with - * curl_easy_setopt(). The first argument in the CINIT() macro is the [what] - * word. + * All CURLOPT_* values. */ typedef enum { /* This is the FILE * or void * the regular output should be written to. */ - CINIT(WRITEDATA, OBJECTPOINT, 1), + CURLOPT(CURLOPT_WRITEDATA, CURLOPTTYPE_OBJECTPOINT, 1), /* The full URL to get/put */ - CINIT(URL, STRINGPOINT, 2), + CURLOPT(CURLOPT_URL, CURLOPTTYPE_STRINGPOINT, 2), /* Port number to connect to, if other than default. */ - CINIT(PORT, LONG, 3), + CURLOPT(CURLOPT_PORT, CURLOPTTYPE_LONG, 3), /* Name of proxy to use. */ - CINIT(PROXY, STRINGPOINT, 4), + CURLOPT(CURLOPT_PROXY, CURLOPTTYPE_STRINGPOINT, 4), /* "user:password;options" to use when fetching. */ - CINIT(USERPWD, STRINGPOINT, 5), + CURLOPT(CURLOPT_USERPWD, CURLOPTTYPE_STRINGPOINT, 5), /* "user:password" to use with proxy. */ - CINIT(PROXYUSERPWD, STRINGPOINT, 6), + CURLOPT(CURLOPT_PROXYUSERPWD, CURLOPTTYPE_STRINGPOINT, 6), /* Range to get, specified as an ASCII string. */ - CINIT(RANGE, STRINGPOINT, 7), + CURLOPT(CURLOPT_RANGE, CURLOPTTYPE_STRINGPOINT, 7), /* not used */ /* Specified file stream to upload from (use as input): */ - CINIT(READDATA, OBJECTPOINT, 9), + CURLOPT(CURLOPT_READDATA, CURLOPTTYPE_OBJECTPOINT, 9), /* Buffer to receive error messages in, must be at least CURL_ERROR_SIZE * bytes big. */ - CINIT(ERRORBUFFER, OBJECTPOINT, 10), + CURLOPT(CURLOPT_ERRORBUFFER, CURLOPTTYPE_OBJECTPOINT, 10), /* Function that will be called to store the output (instead of fwrite). The * parameters will use fwrite() syntax, make sure to follow them. */ - CINIT(WRITEFUNCTION, FUNCTIONPOINT, 11), + CURLOPT(CURLOPT_WRITEFUNCTION, CURLOPTTYPE_FUNCTIONPOINT, 11), /* Function that will be called to read the input (instead of fread). The * parameters will use fread() syntax, make sure to follow them. */ - CINIT(READFUNCTION, FUNCTIONPOINT, 12), + CURLOPT(CURLOPT_READFUNCTION, CURLOPTTYPE_FUNCTIONPOINT, 12), /* Time-out the read operation after this amount of seconds */ - CINIT(TIMEOUT, LONG, 13), + CURLOPT(CURLOPT_TIMEOUT, CURLOPTTYPE_LONG, 13), /* If the CURLOPT_INFILE is used, this can be used to inform libcurl about * how large the file being sent really is. That allows better error @@ -1024,20 +1006,20 @@ typedef enum { * which takes an off_t type, allowing platforms with larger off_t * sizes to handle larger files. See below for INFILESIZE_LARGE. */ - CINIT(INFILESIZE, LONG, 14), + CURLOPT(CURLOPT_INFILESIZE, CURLOPTTYPE_LONG, 14), /* POST static input fields. */ - CINIT(POSTFIELDS, OBJECTPOINT, 15), + CURLOPT(CURLOPT_POSTFIELDS, CURLOPTTYPE_OBJECTPOINT, 15), /* Set the referrer page (needed by some CGIs) */ - CINIT(REFERER, STRINGPOINT, 16), + CURLOPT(CURLOPT_REFERER, CURLOPTTYPE_STRINGPOINT, 16), /* Set the FTP PORT string (interface name, named or numerical IP address) Use i.e '-' to use default address. */ - CINIT(FTPPORT, STRINGPOINT, 17), + CURLOPT(CURLOPT_FTPPORT, CURLOPTTYPE_STRINGPOINT, 17), /* Set the User-Agent string (examined by some CGIs) */ - CINIT(USERAGENT, STRINGPOINT, 18), + CURLOPT(CURLOPT_USERAGENT, CURLOPTTYPE_STRINGPOINT, 18), /* If the download receives less than "low speed limit" bytes/second * during "low speed time" seconds, the operations is aborted. @@ -1046,10 +1028,10 @@ typedef enum { */ /* Set the "low speed limit" */ - CINIT(LOW_SPEED_LIMIT, LONG, 19), + CURLOPT(CURLOPT_LOW_SPEED_LIMIT, CURLOPTTYPE_LONG, 19), /* Set the "low speed time" */ - CINIT(LOW_SPEED_TIME, LONG, 20), + CURLOPT(CURLOPT_LOW_SPEED_TIME, CURLOPTTYPE_LONG, 20), /* Set the continuation offset. * @@ -1057,48 +1039,48 @@ typedef enum { * off_t types, allowing for large file offsets on platforms which * use larger-than-32-bit off_t's. Look below for RESUME_FROM_LARGE. */ - CINIT(RESUME_FROM, LONG, 21), + CURLOPT(CURLOPT_RESUME_FROM, CURLOPTTYPE_LONG, 21), /* Set cookie in request: */ - CINIT(COOKIE, STRINGPOINT, 22), + CURLOPT(CURLOPT_COOKIE, CURLOPTTYPE_STRINGPOINT, 22), /* This points to a linked list of headers, struct curl_slist kind. This list is also used for RTSP (in spite of its name) */ - CINIT(HTTPHEADER, SLISTPOINT, 23), + CURLOPT(CURLOPT_HTTPHEADER, CURLOPTTYPE_SLISTPOINT, 23), /* This points to a linked list of post entries, struct curl_httppost */ - CINIT(HTTPPOST, OBJECTPOINT, 24), + CURLOPT(CURLOPT_HTTPPOST, CURLOPTTYPE_OBJECTPOINT, 24), /* name of the file keeping your private SSL-certificate */ - CINIT(SSLCERT, STRINGPOINT, 25), + CURLOPT(CURLOPT_SSLCERT, CURLOPTTYPE_STRINGPOINT, 25), /* password for the SSL or SSH private key */ - CINIT(KEYPASSWD, STRINGPOINT, 26), + CURLOPT(CURLOPT_KEYPASSWD, CURLOPTTYPE_STRINGPOINT, 26), /* send TYPE parameter? */ - CINIT(CRLF, LONG, 27), + CURLOPT(CURLOPT_CRLF, CURLOPTTYPE_LONG, 27), /* send linked-list of QUOTE commands */ - CINIT(QUOTE, SLISTPOINT, 28), + CURLOPT(CURLOPT_QUOTE, CURLOPTTYPE_SLISTPOINT, 28), /* send FILE * or void * to store headers to, if you use a callback it is simply passed to the callback unmodified */ - CINIT(HEADERDATA, OBJECTPOINT, 29), + CURLOPT(CURLOPT_HEADERDATA, CURLOPTTYPE_OBJECTPOINT, 29), /* point to a file to read the initial cookies from, also enables "cookie awareness" */ - CINIT(COOKIEFILE, STRINGPOINT, 31), + CURLOPT(CURLOPT_COOKIEFILE, CURLOPTTYPE_STRINGPOINT, 31), /* What version to specifically try to use. See CURL_SSLVERSION defines below. */ - CINIT(SSLVERSION, LONG, 32), + CURLOPT(CURLOPT_SSLVERSION, CURLOPTTYPE_LONG, 32), /* What kind of HTTP time condition to use, see defines */ - CINIT(TIMECONDITION, LONG, 33), + CURLOPT(CURLOPT_TIMECONDITION, CURLOPTTYPE_LONG, 33), /* Time to use with the above condition. Specified in number of seconds since 1 Jan 1970 */ - CINIT(TIMEVALUE, LONG, 34), + CURLOPT(CURLOPT_TIMEVALUE, CURLOPTTYPE_LONG, 34), /* 35 = OBSOLETE */ @@ -1106,37 +1088,58 @@ typedef enum { HTTP: DELETE, TRACE and others FTP: to use a different list command */ - CINIT(CUSTOMREQUEST, STRINGPOINT, 36), + CURLOPT(CURLOPT_CUSTOMREQUEST, CURLOPTTYPE_STRINGPOINT, 36), /* FILE handle to use instead of stderr */ - CINIT(STDERR, OBJECTPOINT, 37), + CURLOPT(CURLOPT_STDERR, CURLOPTTYPE_OBJECTPOINT, 37), /* 38 is not used */ /* send linked-list of post-transfer QUOTE commands */ - CINIT(POSTQUOTE, SLISTPOINT, 39), + CURLOPT(CURLOPT_POSTQUOTE, CURLOPTTYPE_SLISTPOINT, 39), + + /* OBSOLETE, do not use! */ + CURLOPT(CURLOPT_OBSOLETE40, CURLOPTTYPE_OBJECTPOINT, 40), + + /* talk a lot */ + CURLOPT(CURLOPT_VERBOSE, CURLOPTTYPE_LONG, 41), + + /* throw the header out too */ + CURLOPT(CURLOPT_HEADER, CURLOPTTYPE_LONG, 42), + + /* shut off the progress meter */ + CURLOPT(CURLOPT_NOPROGRESS, CURLOPTTYPE_LONG, 43), + + /* use HEAD to get http document */ + CURLOPT(CURLOPT_NOBODY, CURLOPTTYPE_LONG, 44), + + /* no output on http error codes >= 400 */ + CURLOPT(CURLOPT_FAILONERROR, CURLOPTTYPE_LONG, 45), - CINIT(OBSOLETE40, OBJECTPOINT, 40), /* OBSOLETE, do not use! */ + /* this is an upload */ + CURLOPT(CURLOPT_UPLOAD, CURLOPTTYPE_LONG, 46), - CINIT(VERBOSE, LONG, 41), /* talk a lot */ - CINIT(HEADER, LONG, 42), /* throw the header out too */ - CINIT(NOPROGRESS, LONG, 43), /* shut off the progress meter */ - CINIT(NOBODY, LONG, 44), /* use HEAD to get http document */ - CINIT(FAILONERROR, LONG, 45), /* no output on http error codes >= 400 */ - CINIT(UPLOAD, LONG, 46), /* this is an upload */ - CINIT(POST, LONG, 47), /* HTTP POST method */ - CINIT(DIRLISTONLY, LONG, 48), /* bare names when listing directories */ + /* HTTP POST method */ + CURLOPT(CURLOPT_POST, CURLOPTTYPE_LONG, 47), - CINIT(APPEND, LONG, 50), /* Append instead of overwrite on upload! */ + /* bare names when listing directories */ + CURLOPT(CURLOPT_DIRLISTONLY, CURLOPTTYPE_LONG, 48), + + /* Append instead of overwrite on upload! */ + CURLOPT(CURLOPT_APPEND, CURLOPTTYPE_LONG, 50), /* Specify whether to read the user+password from the .netrc or the URL. * This must be one of the CURL_NETRC_* enums below. */ - CINIT(NETRC, LONG, 51), + CURLOPT(CURLOPT_NETRC, CURLOPTTYPE_LONG, 51), + + /* use Location: Luke! */ + CURLOPT(CURLOPT_FOLLOWLOCATION, CURLOPTTYPE_LONG, 52), - CINIT(FOLLOWLOCATION, LONG, 52), /* use Location: Luke! */ + /* transfer data in text/ASCII format */ + CURLOPT(CURLOPT_TRANSFERTEXT, CURLOPTTYPE_LONG, 53), - CINIT(TRANSFERTEXT, LONG, 53), /* transfer data in text/ASCII format */ - CINIT(PUT, LONG, 54), /* HTTP PUT */ + /* HTTP PUT */ + CURLOPT(CURLOPT_PUT, CURLOPTTYPE_LONG, 54), /* 55 = OBSOLETE */ @@ -1144,265 +1147,267 @@ typedef enum { * Function that will be called instead of the internal progress display * function. This function should be defined as the curl_progress_callback * prototype defines. */ - CINIT(PROGRESSFUNCTION, FUNCTIONPOINT, 56), + CURLOPT(CURLOPT_PROGRESSFUNCTION, CURLOPTTYPE_FUNCTIONPOINT, 56), /* Data passed to the CURLOPT_PROGRESSFUNCTION and CURLOPT_XFERINFOFUNCTION callbacks */ - CINIT(PROGRESSDATA, OBJECTPOINT, 57), + CURLOPT(CURLOPT_PROGRESSDATA, CURLOPTTYPE_OBJECTPOINT, 57), #define CURLOPT_XFERINFODATA CURLOPT_PROGRESSDATA /* We want the referrer field set automatically when following locations */ - CINIT(AUTOREFERER, LONG, 58), + CURLOPT(CURLOPT_AUTOREFERER, CURLOPTTYPE_LONG, 58), /* Port of the proxy, can be set in the proxy string as well with: "[host]:[port]" */ - CINIT(PROXYPORT, LONG, 59), + CURLOPT(CURLOPT_PROXYPORT, CURLOPTTYPE_LONG, 59), /* size of the POST input data, if strlen() is not good to use */ - CINIT(POSTFIELDSIZE, LONG, 60), + CURLOPT(CURLOPT_POSTFIELDSIZE, CURLOPTTYPE_LONG, 60), /* tunnel non-http operations through a HTTP proxy */ - CINIT(HTTPPROXYTUNNEL, LONG, 61), + CURLOPT(CURLOPT_HTTPPROXYTUNNEL, CURLOPTTYPE_LONG, 61), /* Set the interface string to use as outgoing network interface */ - CINIT(INTERFACE, STRINGPOINT, 62), + CURLOPT(CURLOPT_INTERFACE, CURLOPTTYPE_STRINGPOINT, 62), /* Set the krb4/5 security level, this also enables krb4/5 awareness. This * is a string, 'clear', 'safe', 'confidential' or 'private'. If the string * is set but doesn't match one of these, 'private' will be used. */ - CINIT(KRBLEVEL, STRINGPOINT, 63), + CURLOPT(CURLOPT_KRBLEVEL, CURLOPTTYPE_STRINGPOINT, 63), /* Set if we should verify the peer in ssl handshake, set 1 to verify. */ - CINIT(SSL_VERIFYPEER, LONG, 64), + CURLOPT(CURLOPT_SSL_VERIFYPEER, CURLOPTTYPE_LONG, 64), /* The CApath or CAfile used to validate the peer certificate this option is used only if SSL_VERIFYPEER is true */ - CINIT(CAINFO, STRINGPOINT, 65), + CURLOPT(CURLOPT_CAINFO, CURLOPTTYPE_STRINGPOINT, 65), /* 66 = OBSOLETE */ /* 67 = OBSOLETE */ /* Maximum number of http redirects to follow */ - CINIT(MAXREDIRS, LONG, 68), + CURLOPT(CURLOPT_MAXREDIRS, CURLOPTTYPE_LONG, 68), /* Pass a long set to 1 to get the date of the requested document (if possible)! Pass a zero to shut it off. */ - CINIT(FILETIME, LONG, 69), + CURLOPT(CURLOPT_FILETIME, CURLOPTTYPE_LONG, 69), /* This points to a linked list of telnet options */ - CINIT(TELNETOPTIONS, SLISTPOINT, 70), + CURLOPT(CURLOPT_TELNETOPTIONS, CURLOPTTYPE_SLISTPOINT, 70), /* Max amount of cached alive connections */ - CINIT(MAXCONNECTS, LONG, 71), + CURLOPT(CURLOPT_MAXCONNECTS, CURLOPTTYPE_LONG, 71), - CINIT(OBSOLETE72, LONG, 72), /* OBSOLETE, do not use! */ + /* OBSOLETE, do not use! */ + CURLOPT(CURLOPT_OBSOLETE72, CURLOPTTYPE_LONG, 72), /* 73 = OBSOLETE */ /* Set to explicitly use a new connection for the upcoming transfer. Do not use this unless you're absolutely sure of this, as it makes the operation slower and is less friendly for the network. */ - CINIT(FRESH_CONNECT, LONG, 74), + CURLOPT(CURLOPT_FRESH_CONNECT, CURLOPTTYPE_LONG, 74), /* Set to explicitly forbid the upcoming transfer's connection to be re-used when done. Do not use this unless you're absolutely sure of this, as it makes the operation slower and is less friendly for the network. */ - CINIT(FORBID_REUSE, LONG, 75), + CURLOPT(CURLOPT_FORBID_REUSE, CURLOPTTYPE_LONG, 75), /* Set to a file name that contains random data for libcurl to use to seed the random engine when doing SSL connects. */ - CINIT(RANDOM_FILE, STRINGPOINT, 76), + CURLOPT(CURLOPT_RANDOM_FILE, CURLOPTTYPE_STRINGPOINT, 76), /* Set to the Entropy Gathering Daemon socket pathname */ - CINIT(EGDSOCKET, STRINGPOINT, 77), + CURLOPT(CURLOPT_EGDSOCKET, CURLOPTTYPE_STRINGPOINT, 77), /* Time-out connect operations after this amount of seconds, if connects are OK within this time, then fine... This only aborts the connect phase. */ - CINIT(CONNECTTIMEOUT, LONG, 78), + CURLOPT(CURLOPT_CONNECTTIMEOUT, CURLOPTTYPE_LONG, 78), /* Function that will be called to store headers (instead of fwrite). The * parameters will use fwrite() syntax, make sure to follow them. */ - CINIT(HEADERFUNCTION, FUNCTIONPOINT, 79), + CURLOPT(CURLOPT_HEADERFUNCTION, CURLOPTTYPE_FUNCTIONPOINT, 79), /* Set this to force the HTTP request to get back to GET. Only really usable if POST, PUT or a custom request have been used first. */ - CINIT(HTTPGET, LONG, 80), + CURLOPT(CURLOPT_HTTPGET, CURLOPTTYPE_LONG, 80), /* Set if we should verify the Common name from the peer certificate in ssl * handshake, set 1 to check existence, 2 to ensure that it matches the * provided hostname. */ - CINIT(SSL_VERIFYHOST, LONG, 81), + CURLOPT(CURLOPT_SSL_VERIFYHOST, CURLOPTTYPE_LONG, 81), /* Specify which file name to write all known cookies in after completed operation. Set file name to "-" (dash) to make it go to stdout. */ - CINIT(COOKIEJAR, STRINGPOINT, 82), + CURLOPT(CURLOPT_COOKIEJAR, CURLOPTTYPE_STRINGPOINT, 82), /* Specify which SSL ciphers to use */ - CINIT(SSL_CIPHER_LIST, STRINGPOINT, 83), + CURLOPT(CURLOPT_SSL_CIPHER_LIST, CURLOPTTYPE_STRINGPOINT, 83), /* Specify which HTTP version to use! This must be set to one of the CURL_HTTP_VERSION* enums set below. */ - CINIT(HTTP_VERSION, LONG, 84), + CURLOPT(CURLOPT_HTTP_VERSION, CURLOPTTYPE_LONG, 84), /* Specifically switch on or off the FTP engine's use of the EPSV command. By default, that one will always be attempted before the more traditional PASV command. */ - CINIT(FTP_USE_EPSV, LONG, 85), + CURLOPT(CURLOPT_FTP_USE_EPSV, CURLOPTTYPE_LONG, 85), /* type of the file keeping your SSL-certificate ("DER", "PEM", "ENG") */ - CINIT(SSLCERTTYPE, STRINGPOINT, 86), + CURLOPT(CURLOPT_SSLCERTTYPE, CURLOPTTYPE_STRINGPOINT, 86), /* name of the file keeping your private SSL-key */ - CINIT(SSLKEY, STRINGPOINT, 87), + CURLOPT(CURLOPT_SSLKEY, CURLOPTTYPE_STRINGPOINT, 87), /* type of the file keeping your private SSL-key ("DER", "PEM", "ENG") */ - CINIT(SSLKEYTYPE, STRINGPOINT, 88), + CURLOPT(CURLOPT_SSLKEYTYPE, CURLOPTTYPE_STRINGPOINT, 88), /* crypto engine for the SSL-sub system */ - CINIT(SSLENGINE, STRINGPOINT, 89), + CURLOPT(CURLOPT_SSLENGINE, CURLOPTTYPE_STRINGPOINT, 89), /* set the crypto engine for the SSL-sub system as default the param has no meaning... */ - CINIT(SSLENGINE_DEFAULT, LONG, 90), + CURLOPT(CURLOPT_SSLENGINE_DEFAULT, CURLOPTTYPE_LONG, 90), /* Non-zero value means to use the global dns cache */ - CINIT(DNS_USE_GLOBAL_CACHE, LONG, 91), /* DEPRECATED, do not use! */ + /* DEPRECATED, do not use! */ + CURLOPT(CURLOPT_DNS_USE_GLOBAL_CACHE, CURLOPTTYPE_LONG, 91), /* DNS cache timeout */ - CINIT(DNS_CACHE_TIMEOUT, LONG, 92), + CURLOPT(CURLOPT_DNS_CACHE_TIMEOUT, CURLOPTTYPE_LONG, 92), /* send linked-list of pre-transfer QUOTE commands */ - CINIT(PREQUOTE, SLISTPOINT, 93), + CURLOPT(CURLOPT_PREQUOTE, CURLOPTTYPE_SLISTPOINT, 93), /* set the debug function */ - CINIT(DEBUGFUNCTION, FUNCTIONPOINT, 94), + CURLOPT(CURLOPT_DEBUGFUNCTION, CURLOPTTYPE_FUNCTIONPOINT, 94), /* set the data for the debug function */ - CINIT(DEBUGDATA, OBJECTPOINT, 95), + CURLOPT(CURLOPT_DEBUGDATA, CURLOPTTYPE_OBJECTPOINT, 95), /* mark this as start of a cookie session */ - CINIT(COOKIESESSION, LONG, 96), + CURLOPT(CURLOPT_COOKIESESSION, CURLOPTTYPE_LONG, 96), /* The CApath directory used to validate the peer certificate this option is used only if SSL_VERIFYPEER is true */ - CINIT(CAPATH, STRINGPOINT, 97), + CURLOPT(CURLOPT_CAPATH, CURLOPTTYPE_STRINGPOINT, 97), /* Instruct libcurl to use a smaller receive buffer */ - CINIT(BUFFERSIZE, LONG, 98), + CURLOPT(CURLOPT_BUFFERSIZE, CURLOPTTYPE_LONG, 98), /* Instruct libcurl to not use any signal/alarm handlers, even when using timeouts. This option is useful for multi-threaded applications. See libcurl-the-guide for more background information. */ - CINIT(NOSIGNAL, LONG, 99), + CURLOPT(CURLOPT_NOSIGNAL, CURLOPTTYPE_LONG, 99), /* Provide a CURLShare for mutexing non-ts data */ - CINIT(SHARE, OBJECTPOINT, 100), + CURLOPT(CURLOPT_SHARE, CURLOPTTYPE_OBJECTPOINT, 100), /* indicates type of proxy. accepted values are CURLPROXY_HTTP (default), CURLPROXY_HTTPS, CURLPROXY_SOCKS4, CURLPROXY_SOCKS4A and CURLPROXY_SOCKS5. */ - CINIT(PROXYTYPE, LONG, 101), + CURLOPT(CURLOPT_PROXYTYPE, CURLOPTTYPE_LONG, 101), /* Set the Accept-Encoding string. Use this to tell a server you would like the response to be compressed. Before 7.21.6, this was known as CURLOPT_ENCODING */ - CINIT(ACCEPT_ENCODING, STRINGPOINT, 102), + CURLOPT(CURLOPT_ACCEPT_ENCODING, CURLOPTTYPE_STRINGPOINT, 102), /* Set pointer to private data */ - CINIT(PRIVATE, OBJECTPOINT, 103), + CURLOPT(CURLOPT_PRIVATE, CURLOPTTYPE_OBJECTPOINT, 103), /* Set aliases for HTTP 200 in the HTTP Response header */ - CINIT(HTTP200ALIASES, SLISTPOINT, 104), + CURLOPT(CURLOPT_HTTP200ALIASES, CURLOPTTYPE_SLISTPOINT, 104), /* Continue to send authentication (user+password) when following locations, even when hostname changed. This can potentially send off the name and password to whatever host the server decides. */ - CINIT(UNRESTRICTED_AUTH, LONG, 105), + CURLOPT(CURLOPT_UNRESTRICTED_AUTH, CURLOPTTYPE_LONG, 105), /* Specifically switch on or off the FTP engine's use of the EPRT command ( it also disables the LPRT attempt). By default, those ones will always be attempted before the good old traditional PORT command. */ - CINIT(FTP_USE_EPRT, LONG, 106), + CURLOPT(CURLOPT_FTP_USE_EPRT, CURLOPTTYPE_LONG, 106), /* Set this to a bitmask value to enable the particular authentications methods you like. Use this in combination with CURLOPT_USERPWD. Note that setting multiple bits may cause extra network round-trips. */ - CINIT(HTTPAUTH, LONG, 107), + CURLOPT(CURLOPT_HTTPAUTH, CURLOPTTYPE_LONG, 107), /* Set the ssl context callback function, currently only for OpenSSL or WolfSSL ssl_ctx, or mbedTLS mbedtls_ssl_config in the second argument. The function must match the curl_ssl_ctx_callback prototype. */ - CINIT(SSL_CTX_FUNCTION, FUNCTIONPOINT, 108), + CURLOPT(CURLOPT_SSL_CTX_FUNCTION, CURLOPTTYPE_FUNCTIONPOINT, 108), /* Set the userdata for the ssl context callback function's third argument */ - CINIT(SSL_CTX_DATA, OBJECTPOINT, 109), + CURLOPT(CURLOPT_SSL_CTX_DATA, CURLOPTTYPE_OBJECTPOINT, 109), /* FTP Option that causes missing dirs to be created on the remote server. In 7.19.4 we introduced the convenience enums for this option using the CURLFTP_CREATE_DIR prefix. */ - CINIT(FTP_CREATE_MISSING_DIRS, LONG, 110), + CURLOPT(CURLOPT_FTP_CREATE_MISSING_DIRS, CURLOPTTYPE_LONG, 110), /* Set this to a bitmask value to enable the particular authentications methods you like. Use this in combination with CURLOPT_PROXYUSERPWD. Note that setting multiple bits may cause extra network round-trips. */ - CINIT(PROXYAUTH, LONG, 111), + CURLOPT(CURLOPT_PROXYAUTH, CURLOPTTYPE_LONG, 111), /* FTP option that changes the timeout, in seconds, associated with getting a response. This is different from transfer timeout time and essentially places a demand on the FTP server to acknowledge commands in a timely manner. */ - CINIT(FTP_RESPONSE_TIMEOUT, LONG, 112), + CURLOPT(CURLOPT_FTP_RESPONSE_TIMEOUT, CURLOPTTYPE_LONG, 112), #define CURLOPT_SERVER_RESPONSE_TIMEOUT CURLOPT_FTP_RESPONSE_TIMEOUT /* Set this option to one of the CURL_IPRESOLVE_* defines (see below) to tell libcurl to resolve names to those IP versions only. This only has affect on systems with support for more than one, i.e IPv4 _and_ IPv6. */ - CINIT(IPRESOLVE, LONG, 113), + CURLOPT(CURLOPT_IPRESOLVE, CURLOPTTYPE_LONG, 113), /* Set this option to limit the size of a file that will be downloaded from an HTTP or FTP server. Note there is also _LARGE version which adds large file support for platforms which have larger off_t sizes. See MAXFILESIZE_LARGE below. */ - CINIT(MAXFILESIZE, LONG, 114), + CURLOPT(CURLOPT_MAXFILESIZE, CURLOPTTYPE_LONG, 114), /* See the comment for INFILESIZE above, but in short, specifies * the size of the file being uploaded. -1 means unknown. */ - CINIT(INFILESIZE_LARGE, OFF_T, 115), + CURLOPT(CURLOPT_INFILESIZE_LARGE, CURLOPTTYPE_OFF_T, 115), - /* Sets the continuation offset. There is also a LONG version of this; - * look above for RESUME_FROM. + /* Sets the continuation offset. There is also a CURLOPTTYPE_LONG version + * of this; look above for RESUME_FROM. */ - CINIT(RESUME_FROM_LARGE, OFF_T, 116), + CURLOPT(CURLOPT_RESUME_FROM_LARGE, CURLOPTTYPE_OFF_T, 116), /* Sets the maximum size of data that will be downloaded from * an HTTP or FTP server. See MAXFILESIZE above for the LONG version. */ - CINIT(MAXFILESIZE_LARGE, OFF_T, 117), + CURLOPT(CURLOPT_MAXFILESIZE_LARGE, CURLOPTTYPE_OFF_T, 117), /* Set this option to the file name of your .netrc file you want libcurl to parse (using the CURLOPT_NETRC option). If not set, libcurl will do a poor attempt to find the user's home directory and check for a .netrc file in there. */ - CINIT(NETRC_FILE, STRINGPOINT, 118), + CURLOPT(CURLOPT_NETRC_FILE, CURLOPTTYPE_STRINGPOINT, 118), /* Enable SSL/TLS for FTP, pick one of: CURLUSESSL_TRY - try using SSL, proceed anyway otherwise CURLUSESSL_CONTROL - SSL for the control connection or fail CURLUSESSL_ALL - SSL for all communication or fail */ - CINIT(USE_SSL, LONG, 119), + CURLOPT(CURLOPT_USE_SSL, CURLOPTTYPE_LONG, 119), /* The _LARGE version of the standard POSTFIELDSIZE option */ - CINIT(POSTFIELDSIZE_LARGE, OFF_T, 120), + CURLOPT(CURLOPT_POSTFIELDSIZE_LARGE, CURLOPTTYPE_OFF_T, 120), /* Enable/disable the TCP Nagle algorithm */ - CINIT(TCP_NODELAY, LONG, 121), + CURLOPT(CURLOPT_TCP_NODELAY, CURLOPTTYPE_LONG, 121), /* 122 OBSOLETE, used in 7.12.3. Gone in 7.13.0 */ /* 123 OBSOLETE. Gone in 7.16.0 */ @@ -1422,143 +1427,143 @@ typedef enum { CURLFTPAUTH_SSL - try "AUTH SSL" first, then TLS CURLFTPAUTH_TLS - try "AUTH TLS" first, then SSL */ - CINIT(FTPSSLAUTH, LONG, 129), + CURLOPT(CURLOPT_FTPSSLAUTH, CURLOPTTYPE_LONG, 129), - CINIT(IOCTLFUNCTION, FUNCTIONPOINT, 130), - CINIT(IOCTLDATA, OBJECTPOINT, 131), + CURLOPT(CURLOPT_IOCTLFUNCTION, CURLOPTTYPE_FUNCTIONPOINT, 130), + CURLOPT(CURLOPT_IOCTLDATA, CURLOPTTYPE_OBJECTPOINT, 131), /* 132 OBSOLETE. Gone in 7.16.0 */ /* 133 OBSOLETE. Gone in 7.16.0 */ /* zero terminated string for pass on to the FTP server when asked for "account" info */ - CINIT(FTP_ACCOUNT, STRINGPOINT, 134), + CURLOPT(CURLOPT_FTP_ACCOUNT, CURLOPTTYPE_STRINGPOINT, 134), /* feed cookie into cookie engine */ - CINIT(COOKIELIST, STRINGPOINT, 135), + CURLOPT(CURLOPT_COOKIELIST, CURLOPTTYPE_STRINGPOINT, 135), /* ignore Content-Length */ - CINIT(IGNORE_CONTENT_LENGTH, LONG, 136), + CURLOPT(CURLOPT_IGNORE_CONTENT_LENGTH, CURLOPTTYPE_LONG, 136), /* Set to non-zero to skip the IP address received in a 227 PASV FTP server response. Typically used for FTP-SSL purposes but is not restricted to that. libcurl will then instead use the same IP address it used for the control connection. */ - CINIT(FTP_SKIP_PASV_IP, LONG, 137), + CURLOPT(CURLOPT_FTP_SKIP_PASV_IP, CURLOPTTYPE_LONG, 137), /* Select "file method" to use when doing FTP, see the curl_ftpmethod above. */ - CINIT(FTP_FILEMETHOD, LONG, 138), + CURLOPT(CURLOPT_FTP_FILEMETHOD, CURLOPTTYPE_LONG, 138), /* Local port number to bind the socket to */ - CINIT(LOCALPORT, LONG, 139), + CURLOPT(CURLOPT_LOCALPORT, CURLOPTTYPE_LONG, 139), /* Number of ports to try, including the first one set with LOCALPORT. Thus, setting it to 1 will make no additional attempts but the first. */ - CINIT(LOCALPORTRANGE, LONG, 140), + CURLOPT(CURLOPT_LOCALPORTRANGE, CURLOPTTYPE_LONG, 140), /* no transfer, set up connection and let application use the socket by extracting it with CURLINFO_LASTSOCKET */ - CINIT(CONNECT_ONLY, LONG, 141), + CURLOPT(CURLOPT_CONNECT_ONLY, CURLOPTTYPE_LONG, 141), /* Function that will be called to convert from the network encoding (instead of using the iconv calls in libcurl) */ - CINIT(CONV_FROM_NETWORK_FUNCTION, FUNCTIONPOINT, 142), + CURLOPT(CURLOPT_CONV_FROM_NETWORK_FUNCTION, CURLOPTTYPE_FUNCTIONPOINT, 142), /* Function that will be called to convert to the network encoding (instead of using the iconv calls in libcurl) */ - CINIT(CONV_TO_NETWORK_FUNCTION, FUNCTIONPOINT, 143), + CURLOPT(CURLOPT_CONV_TO_NETWORK_FUNCTION, CURLOPTTYPE_FUNCTIONPOINT, 143), /* Function that will be called to convert from UTF8 (instead of using the iconv calls in libcurl) Note that this is used only for SSL certificate processing */ - CINIT(CONV_FROM_UTF8_FUNCTION, FUNCTIONPOINT, 144), + CURLOPT(CURLOPT_CONV_FROM_UTF8_FUNCTION, CURLOPTTYPE_FUNCTIONPOINT, 144), /* if the connection proceeds too quickly then need to slow it down */ /* limit-rate: maximum number of bytes per second to send or receive */ - CINIT(MAX_SEND_SPEED_LARGE, OFF_T, 145), - CINIT(MAX_RECV_SPEED_LARGE, OFF_T, 146), + CURLOPT(CURLOPT_MAX_SEND_SPEED_LARGE, CURLOPTTYPE_OFF_T, 145), + CURLOPT(CURLOPT_MAX_RECV_SPEED_LARGE, CURLOPTTYPE_OFF_T, 146), /* Pointer to command string to send if USER/PASS fails. */ - CINIT(FTP_ALTERNATIVE_TO_USER, STRINGPOINT, 147), + CURLOPT(CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPTTYPE_STRINGPOINT, 147), /* callback function for setting socket options */ - CINIT(SOCKOPTFUNCTION, FUNCTIONPOINT, 148), - CINIT(SOCKOPTDATA, OBJECTPOINT, 149), + CURLOPT(CURLOPT_SOCKOPTFUNCTION, CURLOPTTYPE_FUNCTIONPOINT, 148), + CURLOPT(CURLOPT_SOCKOPTDATA, CURLOPTTYPE_OBJECTPOINT, 149), /* set to 0 to disable session ID re-use for this transfer, default is enabled (== 1) */ - CINIT(SSL_SESSIONID_CACHE, LONG, 150), + CURLOPT(CURLOPT_SSL_SESSIONID_CACHE, CURLOPTTYPE_LONG, 150), /* allowed SSH authentication methods */ - CINIT(SSH_AUTH_TYPES, LONG, 151), + CURLOPT(CURLOPT_SSH_AUTH_TYPES, CURLOPTTYPE_LONG, 151), /* Used by scp/sftp to do public/private key authentication */ - CINIT(SSH_PUBLIC_KEYFILE, STRINGPOINT, 152), - CINIT(SSH_PRIVATE_KEYFILE, STRINGPOINT, 153), + CURLOPT(CURLOPT_SSH_PUBLIC_KEYFILE, CURLOPTTYPE_STRINGPOINT, 152), + CURLOPT(CURLOPT_SSH_PRIVATE_KEYFILE, CURLOPTTYPE_STRINGPOINT, 153), /* Send CCC (Clear Command Channel) after authentication */ - CINIT(FTP_SSL_CCC, LONG, 154), + CURLOPT(CURLOPT_FTP_SSL_CCC, CURLOPTTYPE_LONG, 154), /* Same as TIMEOUT and CONNECTTIMEOUT, but with ms resolution */ - CINIT(TIMEOUT_MS, LONG, 155), - CINIT(CONNECTTIMEOUT_MS, LONG, 156), + CURLOPT(CURLOPT_TIMEOUT_MS, CURLOPTTYPE_LONG, 155), + CURLOPT(CURLOPT_CONNECTTIMEOUT_MS, CURLOPTTYPE_LONG, 156), /* set to zero to disable the libcurl's decoding and thus pass the raw body data to the application even when it is encoded/compressed */ - CINIT(HTTP_TRANSFER_DECODING, LONG, 157), - CINIT(HTTP_CONTENT_DECODING, LONG, 158), + CURLOPT(CURLOPT_HTTP_TRANSFER_DECODING, CURLOPTTYPE_LONG, 157), + CURLOPT(CURLOPT_HTTP_CONTENT_DECODING, CURLOPTTYPE_LONG, 158), /* Permission used when creating new files and directories on the remote server for protocols that support it, SFTP/SCP/FILE */ - CINIT(NEW_FILE_PERMS, LONG, 159), - CINIT(NEW_DIRECTORY_PERMS, LONG, 160), + CURLOPT(CURLOPT_NEW_FILE_PERMS, CURLOPTTYPE_LONG, 159), + CURLOPT(CURLOPT_NEW_DIRECTORY_PERMS, CURLOPTTYPE_LONG, 160), /* Set the behaviour of POST when redirecting. Values must be set to one of CURL_REDIR* defines below. This used to be called CURLOPT_POST301 */ - CINIT(POSTREDIR, LONG, 161), + CURLOPT(CURLOPT_POSTREDIR, CURLOPTTYPE_LONG, 161), /* used by scp/sftp to verify the host's public key */ - CINIT(SSH_HOST_PUBLIC_KEY_MD5, STRINGPOINT, 162), + CURLOPT(CURLOPT_SSH_HOST_PUBLIC_KEY_MD5, CURLOPTTYPE_STRINGPOINT, 162), /* Callback function for opening socket (instead of socket(2)). Optionally, callback is able change the address or refuse to connect returning CURL_SOCKET_BAD. The callback should have type curl_opensocket_callback */ - CINIT(OPENSOCKETFUNCTION, FUNCTIONPOINT, 163), - CINIT(OPENSOCKETDATA, OBJECTPOINT, 164), + CURLOPT(CURLOPT_OPENSOCKETFUNCTION, CURLOPTTYPE_FUNCTIONPOINT, 163), + CURLOPT(CURLOPT_OPENSOCKETDATA, CURLOPTTYPE_OBJECTPOINT, 164), /* POST volatile input fields. */ - CINIT(COPYPOSTFIELDS, OBJECTPOINT, 165), + CURLOPT(CURLOPT_COPYPOSTFIELDS, CURLOPTTYPE_OBJECTPOINT, 165), /* set transfer mode (;type=) when doing FTP via an HTTP proxy */ - CINIT(PROXY_TRANSFER_MODE, LONG, 166), + CURLOPT(CURLOPT_PROXY_TRANSFER_MODE, CURLOPTTYPE_LONG, 166), /* Callback function for seeking in the input stream */ - CINIT(SEEKFUNCTION, FUNCTIONPOINT, 167), - CINIT(SEEKDATA, OBJECTPOINT, 168), + CURLOPT(CURLOPT_SEEKFUNCTION, CURLOPTTYPE_FUNCTIONPOINT, 167), + CURLOPT(CURLOPT_SEEKDATA, CURLOPTTYPE_OBJECTPOINT, 168), /* CRL file */ - CINIT(CRLFILE, STRINGPOINT, 169), + CURLOPT(CURLOPT_CRLFILE, CURLOPTTYPE_STRINGPOINT, 169), /* Issuer certificate */ - CINIT(ISSUERCERT, STRINGPOINT, 170), + CURLOPT(CURLOPT_ISSUERCERT, CURLOPTTYPE_STRINGPOINT, 170), /* (IPv6) Address scope */ - CINIT(ADDRESS_SCOPE, LONG, 171), + CURLOPT(CURLOPT_ADDRESS_SCOPE, CURLOPTTYPE_LONG, 171), /* Collect certificate chain info and allow it to get retrievable with CURLINFO_CERTINFO after the transfer is complete. */ - CINIT(CERTINFO, LONG, 172), + CURLOPT(CURLOPT_CERTINFO, CURLOPTTYPE_LONG, 172), /* "name" and "pwd" to use when fetching. */ - CINIT(USERNAME, STRINGPOINT, 173), - CINIT(PASSWORD, STRINGPOINT, 174), + CURLOPT(CURLOPT_USERNAME, CURLOPTTYPE_STRINGPOINT, 173), + CURLOPT(CURLOPT_PASSWORD, CURLOPTTYPE_STRINGPOINT, 174), /* "name" and "pwd" to use with Proxy when fetching. */ - CINIT(PROXYUSERNAME, STRINGPOINT, 175), - CINIT(PROXYPASSWORD, STRINGPOINT, 176), + CURLOPT(CURLOPT_PROXYUSERNAME, CURLOPTTYPE_STRINGPOINT, 175), + CURLOPT(CURLOPT_PROXYPASSWORD, CURLOPTTYPE_STRINGPOINT, 176), /* Comma separated list of hostnames defining no-proxy zones. These should match both hostnames directly, and hostnames within a domain. For @@ -1567,102 +1572,103 @@ typedef enum { implementations of this, .local.com will be considered to be the same as local.com. A single * is the only valid wildcard, and effectively disables the use of proxy. */ - CINIT(NOPROXY, STRINGPOINT, 177), + CURLOPT(CURLOPT_NOPROXY, CURLOPTTYPE_STRINGPOINT, 177), /* block size for TFTP transfers */ - CINIT(TFTP_BLKSIZE, LONG, 178), + CURLOPT(CURLOPT_TFTP_BLKSIZE, CURLOPTTYPE_LONG, 178), /* Socks Service */ - CINIT(SOCKS5_GSSAPI_SERVICE, STRINGPOINT, 179), /* DEPRECATED, do not use! */ + /* DEPRECATED, do not use! */ + CURLOPT(CURLOPT_SOCKS5_GSSAPI_SERVICE, CURLOPTTYPE_STRINGPOINT, 179), /* Socks Service */ - CINIT(SOCKS5_GSSAPI_NEC, LONG, 180), + CURLOPT(CURLOPT_SOCKS5_GSSAPI_NEC, CURLOPTTYPE_LONG, 180), /* set the bitmask for the protocols that are allowed to be used for the transfer, which thus helps the app which takes URLs from users or other external inputs and want to restrict what protocol(s) to deal with. Defaults to CURLPROTO_ALL. */ - CINIT(PROTOCOLS, LONG, 181), + CURLOPT(CURLOPT_PROTOCOLS, CURLOPTTYPE_LONG, 181), /* set the bitmask for the protocols that libcurl is allowed to follow to, as a subset of the CURLOPT_PROTOCOLS ones. That means the protocol needs to be set in both bitmasks to be allowed to get redirected to. */ - CINIT(REDIR_PROTOCOLS, LONG, 182), + CURLOPT(CURLOPT_REDIR_PROTOCOLS, CURLOPTTYPE_LONG, 182), /* set the SSH knownhost file name to use */ - CINIT(SSH_KNOWNHOSTS, STRINGPOINT, 183), + CURLOPT(CURLOPT_SSH_KNOWNHOSTS, CURLOPTTYPE_STRINGPOINT, 183), /* set the SSH host key callback, must point to a curl_sshkeycallback function */ - CINIT(SSH_KEYFUNCTION, FUNCTIONPOINT, 184), + CURLOPT(CURLOPT_SSH_KEYFUNCTION, CURLOPTTYPE_FUNCTIONPOINT, 184), /* set the SSH host key callback custom pointer */ - CINIT(SSH_KEYDATA, OBJECTPOINT, 185), + CURLOPT(CURLOPT_SSH_KEYDATA, CURLOPTTYPE_OBJECTPOINT, 185), /* set the SMTP mail originator */ - CINIT(MAIL_FROM, STRINGPOINT, 186), + CURLOPT(CURLOPT_MAIL_FROM, CURLOPTTYPE_STRINGPOINT, 186), /* set the list of SMTP mail receiver(s) */ - CINIT(MAIL_RCPT, SLISTPOINT, 187), + CURLOPT(CURLOPT_MAIL_RCPT, CURLOPTTYPE_SLISTPOINT, 187), /* FTP: send PRET before PASV */ - CINIT(FTP_USE_PRET, LONG, 188), + CURLOPT(CURLOPT_FTP_USE_PRET, CURLOPTTYPE_LONG, 188), /* RTSP request method (OPTIONS, SETUP, PLAY, etc...) */ - CINIT(RTSP_REQUEST, LONG, 189), + CURLOPT(CURLOPT_RTSP_REQUEST, CURLOPTTYPE_LONG, 189), /* The RTSP session identifier */ - CINIT(RTSP_SESSION_ID, STRINGPOINT, 190), + CURLOPT(CURLOPT_RTSP_SESSION_ID, CURLOPTTYPE_STRINGPOINT, 190), /* The RTSP stream URI */ - CINIT(RTSP_STREAM_URI, STRINGPOINT, 191), + CURLOPT(CURLOPT_RTSP_STREAM_URI, CURLOPTTYPE_STRINGPOINT, 191), /* The Transport: header to use in RTSP requests */ - CINIT(RTSP_TRANSPORT, STRINGPOINT, 192), + CURLOPT(CURLOPT_RTSP_TRANSPORT, CURLOPTTYPE_STRINGPOINT, 192), /* Manually initialize the client RTSP CSeq for this handle */ - CINIT(RTSP_CLIENT_CSEQ, LONG, 193), + CURLOPT(CURLOPT_RTSP_CLIENT_CSEQ, CURLOPTTYPE_LONG, 193), /* Manually initialize the server RTSP CSeq for this handle */ - CINIT(RTSP_SERVER_CSEQ, LONG, 194), + CURLOPT(CURLOPT_RTSP_SERVER_CSEQ, CURLOPTTYPE_LONG, 194), /* The stream to pass to INTERLEAVEFUNCTION. */ - CINIT(INTERLEAVEDATA, OBJECTPOINT, 195), + CURLOPT(CURLOPT_INTERLEAVEDATA, CURLOPTTYPE_OBJECTPOINT, 195), /* Let the application define a custom write method for RTP data */ - CINIT(INTERLEAVEFUNCTION, FUNCTIONPOINT, 196), + CURLOPT(CURLOPT_INTERLEAVEFUNCTION, CURLOPTTYPE_FUNCTIONPOINT, 196), /* Turn on wildcard matching */ - CINIT(WILDCARDMATCH, LONG, 197), + CURLOPT(CURLOPT_WILDCARDMATCH, CURLOPTTYPE_LONG, 197), /* Directory matching callback called before downloading of an individual file (chunk) started */ - CINIT(CHUNK_BGN_FUNCTION, FUNCTIONPOINT, 198), + CURLOPT(CURLOPT_CHUNK_BGN_FUNCTION, CURLOPTTYPE_FUNCTIONPOINT, 198), /* Directory matching callback called after the file (chunk) was downloaded, or skipped */ - CINIT(CHUNK_END_FUNCTION, FUNCTIONPOINT, 199), + CURLOPT(CURLOPT_CHUNK_END_FUNCTION, CURLOPTTYPE_FUNCTIONPOINT, 199), /* Change match (fnmatch-like) callback for wildcard matching */ - CINIT(FNMATCH_FUNCTION, FUNCTIONPOINT, 200), + CURLOPT(CURLOPT_FNMATCH_FUNCTION, CURLOPTTYPE_FUNCTIONPOINT, 200), /* Let the application define custom chunk data pointer */ - CINIT(CHUNK_DATA, OBJECTPOINT, 201), + CURLOPT(CURLOPT_CHUNK_DATA, CURLOPTTYPE_OBJECTPOINT, 201), /* FNMATCH_FUNCTION user pointer */ - CINIT(FNMATCH_DATA, OBJECTPOINT, 202), + CURLOPT(CURLOPT_FNMATCH_DATA, CURLOPTTYPE_OBJECTPOINT, 202), /* send linked-list of name:port:address sets */ - CINIT(RESOLVE, SLISTPOINT, 203), + CURLOPT(CURLOPT_RESOLVE, CURLOPTTYPE_SLISTPOINT, 203), /* Set a username for authenticated TLS */ - CINIT(TLSAUTH_USERNAME, STRINGPOINT, 204), + CURLOPT(CURLOPT_TLSAUTH_USERNAME, CURLOPTTYPE_STRINGPOINT, 204), /* Set a password for authenticated TLS */ - CINIT(TLSAUTH_PASSWORD, STRINGPOINT, 205), + CURLOPT(CURLOPT_TLSAUTH_PASSWORD, CURLOPTTYPE_STRINGPOINT, 205), /* Set authentication type for authenticated TLS */ - CINIT(TLSAUTH_TYPE, STRINGPOINT, 206), + CURLOPT(CURLOPT_TLSAUTH_TYPE, CURLOPTTYPE_STRINGPOINT, 206), /* Set to 1 to enable the "TE:" header in HTTP requests to ask for compressed transfer-encoded responses. Set to 0 to disable the use of TE: @@ -1674,271 +1680,274 @@ typedef enum { option is set to 1. */ - CINIT(TRANSFER_ENCODING, LONG, 207), + CURLOPT(CURLOPT_TRANSFER_ENCODING, CURLOPTTYPE_LONG, 207), /* Callback function for closing socket (instead of close(2)). The callback should have type curl_closesocket_callback */ - CINIT(CLOSESOCKETFUNCTION, FUNCTIONPOINT, 208), - CINIT(CLOSESOCKETDATA, OBJECTPOINT, 209), + CURLOPT(CURLOPT_CLOSESOCKETFUNCTION, CURLOPTTYPE_FUNCTIONPOINT, 208), + CURLOPT(CURLOPT_CLOSESOCKETDATA, CURLOPTTYPE_OBJECTPOINT, 209), /* allow GSSAPI credential delegation */ - CINIT(GSSAPI_DELEGATION, LONG, 210), + CURLOPT(CURLOPT_GSSAPI_DELEGATION, CURLOPTTYPE_LONG, 210), /* Set the name servers to use for DNS resolution */ - CINIT(DNS_SERVERS, STRINGPOINT, 211), + CURLOPT(CURLOPT_DNS_SERVERS, CURLOPTTYPE_STRINGPOINT, 211), /* Time-out accept operations (currently for FTP only) after this amount of milliseconds. */ - CINIT(ACCEPTTIMEOUT_MS, LONG, 212), + CURLOPT(CURLOPT_ACCEPTTIMEOUT_MS, CURLOPTTYPE_LONG, 212), /* Set TCP keepalive */ - CINIT(TCP_KEEPALIVE, LONG, 213), + CURLOPT(CURLOPT_TCP_KEEPALIVE, CURLOPTTYPE_LONG, 213), /* non-universal keepalive knobs (Linux, AIX, HP-UX, more) */ - CINIT(TCP_KEEPIDLE, LONG, 214), - CINIT(TCP_KEEPINTVL, LONG, 215), + CURLOPT(CURLOPT_TCP_KEEPIDLE, CURLOPTTYPE_LONG, 214), + CURLOPT(CURLOPT_TCP_KEEPINTVL, CURLOPTTYPE_LONG, 215), /* Enable/disable specific SSL features with a bitmask, see CURLSSLOPT_* */ - CINIT(SSL_OPTIONS, LONG, 216), + CURLOPT(CURLOPT_SSL_OPTIONS, CURLOPTTYPE_LONG, 216), /* Set the SMTP auth originator */ - CINIT(MAIL_AUTH, STRINGPOINT, 217), + CURLOPT(CURLOPT_MAIL_AUTH, CURLOPTTYPE_STRINGPOINT, 217), /* Enable/disable SASL initial response */ - CINIT(SASL_IR, LONG, 218), + CURLOPT(CURLOPT_SASL_IR, CURLOPTTYPE_LONG, 218), /* Function that will be called instead of the internal progress display * function. This function should be defined as the curl_xferinfo_callback * prototype defines. (Deprecates CURLOPT_PROGRESSFUNCTION) */ - CINIT(XFERINFOFUNCTION, FUNCTIONPOINT, 219), + CURLOPT(CURLOPT_XFERINFOFUNCTION, CURLOPTTYPE_FUNCTIONPOINT, 219), /* The XOAUTH2 bearer token */ - CINIT(XOAUTH2_BEARER, STRINGPOINT, 220), + CURLOPT(CURLOPT_XOAUTH2_BEARER, CURLOPTTYPE_STRINGPOINT, 220), /* Set the interface string to use as outgoing network * interface for DNS requests. * Only supported by the c-ares DNS backend */ - CINIT(DNS_INTERFACE, STRINGPOINT, 221), + CURLOPT(CURLOPT_DNS_INTERFACE, CURLOPTTYPE_STRINGPOINT, 221), /* Set the local IPv4 address to use for outgoing DNS requests. * Only supported by the c-ares DNS backend */ - CINIT(DNS_LOCAL_IP4, STRINGPOINT, 222), + CURLOPT(CURLOPT_DNS_LOCAL_IP4, CURLOPTTYPE_STRINGPOINT, 222), /* Set the local IPv6 address to use for outgoing DNS requests. * Only supported by the c-ares DNS backend */ - CINIT(DNS_LOCAL_IP6, STRINGPOINT, 223), + CURLOPT(CURLOPT_DNS_LOCAL_IP6, CURLOPTTYPE_STRINGPOINT, 223), /* Set authentication options directly */ - CINIT(LOGIN_OPTIONS, STRINGPOINT, 224), + CURLOPT(CURLOPT_LOGIN_OPTIONS, CURLOPTTYPE_STRINGPOINT, 224), /* Enable/disable TLS NPN extension (http2 over ssl might fail without) */ - CINIT(SSL_ENABLE_NPN, LONG, 225), + CURLOPT(CURLOPT_SSL_ENABLE_NPN, CURLOPTTYPE_LONG, 225), /* Enable/disable TLS ALPN extension (http2 over ssl might fail without) */ - CINIT(SSL_ENABLE_ALPN, LONG, 226), + CURLOPT(CURLOPT_SSL_ENABLE_ALPN, CURLOPTTYPE_LONG, 226), /* Time to wait for a response to a HTTP request containing an * Expect: 100-continue header before sending the data anyway. */ - CINIT(EXPECT_100_TIMEOUT_MS, LONG, 227), + CURLOPT(CURLOPT_EXPECT_100_TIMEOUT_MS, CURLOPTTYPE_LONG, 227), /* This points to a linked list of headers used for proxy requests only, struct curl_slist kind */ - CINIT(PROXYHEADER, SLISTPOINT, 228), + CURLOPT(CURLOPT_PROXYHEADER, CURLOPTTYPE_SLISTPOINT, 228), /* Pass in a bitmask of "header options" */ - CINIT(HEADEROPT, LONG, 229), + CURLOPT(CURLOPT_HEADEROPT, CURLOPTTYPE_LONG, 229), /* The public key in DER form used to validate the peer public key this option is used only if SSL_VERIFYPEER is true */ - CINIT(PINNEDPUBLICKEY, STRINGPOINT, 230), + CURLOPT(CURLOPT_PINNEDPUBLICKEY, CURLOPTTYPE_STRINGPOINT, 230), /* Path to Unix domain socket */ - CINIT(UNIX_SOCKET_PATH, STRINGPOINT, 231), + CURLOPT(CURLOPT_UNIX_SOCKET_PATH, CURLOPTTYPE_STRINGPOINT, 231), /* Set if we should verify the certificate status. */ - CINIT(SSL_VERIFYSTATUS, LONG, 232), + CURLOPT(CURLOPT_SSL_VERIFYSTATUS, CURLOPTTYPE_LONG, 232), /* Set if we should enable TLS false start. */ - CINIT(SSL_FALSESTART, LONG, 233), + CURLOPT(CURLOPT_SSL_FALSESTART, CURLOPTTYPE_LONG, 233), /* Do not squash dot-dot sequences */ - CINIT(PATH_AS_IS, LONG, 234), + CURLOPT(CURLOPT_PATH_AS_IS, CURLOPTTYPE_LONG, 234), /* Proxy Service Name */ - CINIT(PROXY_SERVICE_NAME, STRINGPOINT, 235), + CURLOPT(CURLOPT_PROXY_SERVICE_NAME, CURLOPTTYPE_STRINGPOINT, 235), /* Service Name */ - CINIT(SERVICE_NAME, STRINGPOINT, 236), + CURLOPT(CURLOPT_SERVICE_NAME, CURLOPTTYPE_STRINGPOINT, 236), /* Wait/don't wait for pipe/mutex to clarify */ - CINIT(PIPEWAIT, LONG, 237), + CURLOPT(CURLOPT_PIPEWAIT, CURLOPTTYPE_LONG, 237), /* Set the protocol used when curl is given a URL without a protocol */ - CINIT(DEFAULT_PROTOCOL, STRINGPOINT, 238), + CURLOPT(CURLOPT_DEFAULT_PROTOCOL, CURLOPTTYPE_STRINGPOINT, 238), /* Set stream weight, 1 - 256 (default is 16) */ - CINIT(STREAM_WEIGHT, LONG, 239), + CURLOPT(CURLOPT_STREAM_WEIGHT, CURLOPTTYPE_LONG, 239), /* Set stream dependency on another CURL handle */ - CINIT(STREAM_DEPENDS, OBJECTPOINT, 240), + CURLOPT(CURLOPT_STREAM_DEPENDS, CURLOPTTYPE_OBJECTPOINT, 240), /* Set E-xclusive stream dependency on another CURL handle */ - CINIT(STREAM_DEPENDS_E, OBJECTPOINT, 241), + CURLOPT(CURLOPT_STREAM_DEPENDS_E, CURLOPTTYPE_OBJECTPOINT, 241), /* Do not send any tftp option requests to the server */ - CINIT(TFTP_NO_OPTIONS, LONG, 242), + CURLOPT(CURLOPT_TFTP_NO_OPTIONS, CURLOPTTYPE_LONG, 242), /* Linked-list of host:port:connect-to-host:connect-to-port, overrides the URL's host:port (only for the network layer) */ - CINIT(CONNECT_TO, SLISTPOINT, 243), + CURLOPT(CURLOPT_CONNECT_TO, CURLOPTTYPE_SLISTPOINT, 243), /* Set TCP Fast Open */ - CINIT(TCP_FASTOPEN, LONG, 244), + CURLOPT(CURLOPT_TCP_FASTOPEN, CURLOPTTYPE_LONG, 244), /* Continue to send data if the server responds early with an * HTTP status code >= 300 */ - CINIT(KEEP_SENDING_ON_ERROR, LONG, 245), + CURLOPT(CURLOPT_KEEP_SENDING_ON_ERROR, CURLOPTTYPE_LONG, 245), /* The CApath or CAfile used to validate the proxy certificate this option is used only if PROXY_SSL_VERIFYPEER is true */ - CINIT(PROXY_CAINFO, STRINGPOINT, 246), + CURLOPT(CURLOPT_PROXY_CAINFO, CURLOPTTYPE_STRINGPOINT, 246), /* The CApath directory used to validate the proxy certificate this option is used only if PROXY_SSL_VERIFYPEER is true */ - CINIT(PROXY_CAPATH, STRINGPOINT, 247), + CURLOPT(CURLOPT_PROXY_CAPATH, CURLOPTTYPE_STRINGPOINT, 247), /* Set if we should verify the proxy in ssl handshake, set 1 to verify. */ - CINIT(PROXY_SSL_VERIFYPEER, LONG, 248), + CURLOPT(CURLOPT_PROXY_SSL_VERIFYPEER, CURLOPTTYPE_LONG, 248), /* Set if we should verify the Common name from the proxy certificate in ssl * handshake, set 1 to check existence, 2 to ensure that it matches * the provided hostname. */ - CINIT(PROXY_SSL_VERIFYHOST, LONG, 249), + CURLOPT(CURLOPT_PROXY_SSL_VERIFYHOST, CURLOPTTYPE_LONG, 249), /* What version to specifically try to use for proxy. See CURL_SSLVERSION defines below. */ - CINIT(PROXY_SSLVERSION, LONG, 250), + CURLOPT(CURLOPT_PROXY_SSLVERSION, CURLOPTTYPE_LONG, 250), /* Set a username for authenticated TLS for proxy */ - CINIT(PROXY_TLSAUTH_USERNAME, STRINGPOINT, 251), + CURLOPT(CURLOPT_PROXY_TLSAUTH_USERNAME, CURLOPTTYPE_STRINGPOINT, 251), /* Set a password for authenticated TLS for proxy */ - CINIT(PROXY_TLSAUTH_PASSWORD, STRINGPOINT, 252), + CURLOPT(CURLOPT_PROXY_TLSAUTH_PASSWORD, CURLOPTTYPE_STRINGPOINT, 252), /* Set authentication type for authenticated TLS for proxy */ - CINIT(PROXY_TLSAUTH_TYPE, STRINGPOINT, 253), + CURLOPT(CURLOPT_PROXY_TLSAUTH_TYPE, CURLOPTTYPE_STRINGPOINT, 253), /* name of the file keeping your private SSL-certificate for proxy */ - CINIT(PROXY_SSLCERT, STRINGPOINT, 254), + CURLOPT(CURLOPT_PROXY_SSLCERT, CURLOPTTYPE_STRINGPOINT, 254), /* type of the file keeping your SSL-certificate ("DER", "PEM", "ENG") for proxy */ - CINIT(PROXY_SSLCERTTYPE, STRINGPOINT, 255), + CURLOPT(CURLOPT_PROXY_SSLCERTTYPE, CURLOPTTYPE_STRINGPOINT, 255), /* name of the file keeping your private SSL-key for proxy */ - CINIT(PROXY_SSLKEY, STRINGPOINT, 256), + CURLOPT(CURLOPT_PROXY_SSLKEY, CURLOPTTYPE_STRINGPOINT, 256), /* type of the file keeping your private SSL-key ("DER", "PEM", "ENG") for proxy */ - CINIT(PROXY_SSLKEYTYPE, STRINGPOINT, 257), + CURLOPT(CURLOPT_PROXY_SSLKEYTYPE, CURLOPTTYPE_STRINGPOINT, 257), /* password for the SSL private key for proxy */ - CINIT(PROXY_KEYPASSWD, STRINGPOINT, 258), + CURLOPT(CURLOPT_PROXY_KEYPASSWD, CURLOPTTYPE_STRINGPOINT, 258), /* Specify which SSL ciphers to use for proxy */ - CINIT(PROXY_SSL_CIPHER_LIST, STRINGPOINT, 259), + CURLOPT(CURLOPT_PROXY_SSL_CIPHER_LIST, CURLOPTTYPE_STRINGPOINT, 259), /* CRL file for proxy */ - CINIT(PROXY_CRLFILE, STRINGPOINT, 260), + CURLOPT(CURLOPT_PROXY_CRLFILE, CURLOPTTYPE_STRINGPOINT, 260), /* Enable/disable specific SSL features with a bitmask for proxy, see CURLSSLOPT_* */ - CINIT(PROXY_SSL_OPTIONS, LONG, 261), + CURLOPT(CURLOPT_PROXY_SSL_OPTIONS, CURLOPTTYPE_LONG, 261), /* Name of pre proxy to use. */ - CINIT(PRE_PROXY, STRINGPOINT, 262), + CURLOPT(CURLOPT_PRE_PROXY, CURLOPTTYPE_STRINGPOINT, 262), /* The public key in DER form used to validate the proxy public key this option is used only if PROXY_SSL_VERIFYPEER is true */ - CINIT(PROXY_PINNEDPUBLICKEY, STRINGPOINT, 263), + CURLOPT(CURLOPT_PROXY_PINNEDPUBLICKEY, CURLOPTTYPE_STRINGPOINT, 263), /* Path to an abstract Unix domain socket */ - CINIT(ABSTRACT_UNIX_SOCKET, STRINGPOINT, 264), + CURLOPT(CURLOPT_ABSTRACT_UNIX_SOCKET, CURLOPTTYPE_STRINGPOINT, 264), /* Suppress proxy CONNECT response headers from user callbacks */ - CINIT(SUPPRESS_CONNECT_HEADERS, LONG, 265), + CURLOPT(CURLOPT_SUPPRESS_CONNECT_HEADERS, CURLOPTTYPE_LONG, 265), /* The request target, instead of extracted from the URL */ - CINIT(REQUEST_TARGET, STRINGPOINT, 266), + CURLOPT(CURLOPT_REQUEST_TARGET, CURLOPTTYPE_STRINGPOINT, 266), /* bitmask of allowed auth methods for connections to SOCKS5 proxies */ - CINIT(SOCKS5_AUTH, LONG, 267), + CURLOPT(CURLOPT_SOCKS5_AUTH, CURLOPTTYPE_LONG, 267), /* Enable/disable SSH compression */ - CINIT(SSH_COMPRESSION, LONG, 268), + CURLOPT(CURLOPT_SSH_COMPRESSION, CURLOPTTYPE_LONG, 268), /* Post MIME data. */ - CINIT(MIMEPOST, OBJECTPOINT, 269), + CURLOPT(CURLOPT_MIMEPOST, CURLOPTTYPE_OBJECTPOINT, 269), /* Time to use with the CURLOPT_TIMECONDITION. Specified in number of seconds since 1 Jan 1970. */ - CINIT(TIMEVALUE_LARGE, OFF_T, 270), + CURLOPT(CURLOPT_TIMEVALUE_LARGE, CURLOPTTYPE_OFF_T, 270), /* Head start in milliseconds to give happy eyeballs. */ - CINIT(HAPPY_EYEBALLS_TIMEOUT_MS, LONG, 271), + CURLOPT(CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS, CURLOPTTYPE_LONG, 271), /* Function that will be called before a resolver request is made */ - CINIT(RESOLVER_START_FUNCTION, FUNCTIONPOINT, 272), + CURLOPT(CURLOPT_RESOLVER_START_FUNCTION, CURLOPTTYPE_FUNCTIONPOINT, 272), /* User data to pass to the resolver start callback. */ - CINIT(RESOLVER_START_DATA, OBJECTPOINT, 273), + CURLOPT(CURLOPT_RESOLVER_START_DATA, CURLOPTTYPE_OBJECTPOINT, 273), /* send HAProxy PROXY protocol header? */ - CINIT(HAPROXYPROTOCOL, LONG, 274), + CURLOPT(CURLOPT_HAPROXYPROTOCOL, CURLOPTTYPE_LONG, 274), /* shuffle addresses before use when DNS returns multiple */ - CINIT(DNS_SHUFFLE_ADDRESSES, LONG, 275), + CURLOPT(CURLOPT_DNS_SHUFFLE_ADDRESSES, CURLOPTTYPE_LONG, 275), /* Specify which TLS 1.3 ciphers suites to use */ - CINIT(TLS13_CIPHERS, STRINGPOINT, 276), - CINIT(PROXY_TLS13_CIPHERS, STRINGPOINT, 277), + CURLOPT(CURLOPT_TLS13_CIPHERS, CURLOPTTYPE_STRINGPOINT, 276), + CURLOPT(CURLOPT_PROXY_TLS13_CIPHERS, CURLOPTTYPE_STRINGPOINT, 277), /* Disallow specifying username/login in URL. */ - CINIT(DISALLOW_USERNAME_IN_URL, LONG, 278), + CURLOPT(CURLOPT_DISALLOW_USERNAME_IN_URL, CURLOPTTYPE_LONG, 278), /* DNS-over-HTTPS URL */ - CINIT(DOH_URL, STRINGPOINT, 279), + CURLOPT(CURLOPT_DOH_URL, CURLOPTTYPE_STRINGPOINT, 279), /* Preferred buffer size to use for uploads */ - CINIT(UPLOAD_BUFFERSIZE, LONG, 280), + CURLOPT(CURLOPT_UPLOAD_BUFFERSIZE, CURLOPTTYPE_LONG, 280), /* Time in ms between connection upkeep calls for long-lived connections. */ - CINIT(UPKEEP_INTERVAL_MS, LONG, 281), + CURLOPT(CURLOPT_UPKEEP_INTERVAL_MS, CURLOPTTYPE_LONG, 281), /* Specify URL using CURL URL API. */ - CINIT(CURLU, OBJECTPOINT, 282), + CURLOPT(CURLOPT_CURLU, CURLOPTTYPE_OBJECTPOINT, 282), /* add trailing data just after no more data is available */ - CINIT(TRAILERFUNCTION, FUNCTIONPOINT, 283), + CURLOPT(CURLOPT_TRAILERFUNCTION, CURLOPTTYPE_FUNCTIONPOINT, 283), /* pointer to be passed to HTTP_TRAILER_FUNCTION */ - CINIT(TRAILERDATA, OBJECTPOINT, 284), + CURLOPT(CURLOPT_TRAILERDATA, CURLOPTTYPE_OBJECTPOINT, 284), /* set this to 1L to allow HTTP/0.9 responses or 0L to disallow */ - CINIT(HTTP09_ALLOWED, LONG, 285), + CURLOPT(CURLOPT_HTTP09_ALLOWED, CURLOPTTYPE_LONG, 285), /* alt-svc control bitmask */ - CINIT(ALTSVC_CTRL, LONG, 286), + CURLOPT(CURLOPT_ALTSVC_CTRL, CURLOPTTYPE_LONG, 286), /* alt-svc cache file name to possibly read from/write to */ - CINIT(ALTSVC, STRINGPOINT, 287), + CURLOPT(CURLOPT_ALTSVC, CURLOPTTYPE_STRINGPOINT, 287), /* maximum age of a connection to consider it for reuse (in seconds) */ - CINIT(MAXAGE_CONN, LONG, 288), + CURLOPT(CURLOPT_MAXAGE_CONN, CURLOPTTYPE_LONG, 288), /* SASL authorisation identity */ - CINIT(SASL_AUTHZID, STRINGPOINT, 289), + CURLOPT(CURLOPT_SASL_AUTHZID, CURLOPTTYPE_STRINGPOINT, 289), + + /* allow RCPT TO command to fail for some recipients */ + CURLOPT(CURLOPT_MAIL_RCPT_ALLLOWFAILS, CURLOPTTYPE_LONG, 290), CURLOPT_LASTENTRY /* the last unused */ } CURLoption; @@ -2220,52 +2229,35 @@ CURL_EXTERN CURLcode curl_mime_headers(curl_mimepart *part, struct curl_slist *headers, int take_ownership); -/* Old form API. */ -/* name is uppercase CURLFORM_ */ -#ifdef CFINIT -#undef CFINIT -#endif - -#ifdef CURL_ISOCPP -#define CFINIT(name) CURLFORM_ ## name -#else -/* The macro "##" is ISO C, we assume pre-ISO C doesn't support it. */ -#define CFINIT(name) CURLFORM_/**/name -#endif - typedef enum { - CFINIT(NOTHING), /********* the first one is unused ************/ - - /* */ - CFINIT(COPYNAME), - CFINIT(PTRNAME), - CFINIT(NAMELENGTH), - CFINIT(COPYCONTENTS), - CFINIT(PTRCONTENTS), - CFINIT(CONTENTSLENGTH), - CFINIT(FILECONTENT), - CFINIT(ARRAY), - CFINIT(OBSOLETE), - CFINIT(FILE), - - CFINIT(BUFFER), - CFINIT(BUFFERPTR), - CFINIT(BUFFERLENGTH), - - CFINIT(CONTENTTYPE), - CFINIT(CONTENTHEADER), - CFINIT(FILENAME), - CFINIT(END), - CFINIT(OBSOLETE2), - - CFINIT(STREAM), - CFINIT(CONTENTLEN), /* added in 7.46.0, provide a curl_off_t length */ + CURLFORM_NOTHING, /********* the first one is unused ************/ + CURLFORM_COPYNAME, + CURLFORM_PTRNAME, + CURLFORM_NAMELENGTH, + CURLFORM_COPYCONTENTS, + CURLFORM_PTRCONTENTS, + CURLFORM_CONTENTSLENGTH, + CURLFORM_FILECONTENT, + CURLFORM_ARRAY, + CURLFORM_OBSOLETE, + CURLFORM_FILE, + + CURLFORM_BUFFER, + CURLFORM_BUFFERPTR, + CURLFORM_BUFFERLENGTH, + + CURLFORM_CONTENTTYPE, + CURLFORM_CONTENTHEADER, + CURLFORM_FILENAME, + CURLFORM_END, + CURLFORM_OBSOLETE2, + + CURLFORM_STREAM, + CURLFORM_CONTENTLEN, /* added in 7.46.0, provide a curl_off_t length */ CURLFORM_LASTENTRY /* the last unused */ } CURLformoption; -#undef CFINIT /* done */ - /* structure to be used as parameter for CURLFORM_ARRAY */ struct curl_forms { CURLformoption option; diff --git a/libs/libcurl/include/curl/curlver.h b/libs/libcurl/include/curl/curlver.h index 85b93553ca..5264f19865 100644 --- a/libs/libcurl/include/curl/curlver.h +++ b/libs/libcurl/include/curl/curlver.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -26,16 +26,16 @@ a script at release-time. This was made its own header file in 7.11.2 */ /* This is the global package copyright */ -#define LIBCURL_COPYRIGHT "1996 - 2019 Daniel Stenberg, ." +#define LIBCURL_COPYRIGHT "1996 - 2020 Daniel Stenberg, ." /* This is the version number of the libcurl package from which this header file origins: */ -#define LIBCURL_VERSION "7.68.0" +#define LIBCURL_VERSION "7.69.0" /* The numeric version number is also available "in parts" by using these defines: */ #define LIBCURL_VERSION_MAJOR 7 -#define LIBCURL_VERSION_MINOR 68 +#define LIBCURL_VERSION_MINOR 69 #define LIBCURL_VERSION_PATCH 0 /* This is the numeric version of the libcurl version number, meant for easier @@ -57,7 +57,7 @@ CURL_VERSION_BITS() macro since curl's own configure script greps for it and needs it to contain the full number. */ -#define LIBCURL_VERSION_NUM 0x074400 +#define LIBCURL_VERSION_NUM 0x074500 /* * This is the date and time when the full source package was created. The @@ -68,7 +68,7 @@ * * "2007-11-23" */ -#define LIBCURL_TIMESTAMP "2020-01-08" +#define LIBCURL_TIMESTAMP "2020-03-04" #define CURL_VERSION_BITS(x,y,z) ((x)<<16|(y)<<8|(z)) #define CURL_AT_LEAST_VERSION(x,y,z) \ diff --git a/libs/libcurl/include/curl/multi.h b/libs/libcurl/include/curl/multi.h index 04996ffcaf..bda9bb7b81 100644 --- a/libs/libcurl/include/curl/multi.h +++ b/libs/libcurl/include/curl/multi.h @@ -72,7 +72,8 @@ typedef enum { attempted to get added - again */ CURLM_RECURSIVE_API_CALL, /* an api function was called from inside a callback */ - CURLM_WAKEUP_FAILURE, /* wakeup is unavailable or failed */ + CURLM_WAKEUP_FAILURE, /* wakeup is unavailable or failed */ + CURLM_BAD_FUNCTION_ARGUMENT, /* function called with a bad parameter */ CURLM_LAST } CURLMcode; @@ -343,71 +344,58 @@ CURL_EXTERN CURLMcode curl_multi_socket_all(CURLM *multi_handle, CURL_EXTERN CURLMcode curl_multi_timeout(CURLM *multi_handle, long *milliseconds); -#undef CINIT /* re-using the same name as in curl.h */ - -#ifdef CURL_ISOCPP -#define CINIT(name,type,num) CURLMOPT_ ## name = CURLOPTTYPE_ ## type + num -#else -/* The macro "##" is ISO C, we assume pre-ISO C doesn't support it. */ -#define LONG CURLOPTTYPE_LONG -#define OBJECTPOINT CURLOPTTYPE_OBJECTPOINT -#define FUNCTIONPOINT CURLOPTTYPE_FUNCTIONPOINT -#define OFF_T CURLOPTTYPE_OFF_T -#define CINIT(name,type,number) CURLMOPT_/**/name = type + number -#endif - typedef enum { /* This is the socket callback function pointer */ - CINIT(SOCKETFUNCTION, FUNCTIONPOINT, 1), + CURLOPT(CURLMOPT_SOCKETFUNCTION, CURLOPTTYPE_FUNCTIONPOINT, 1), /* This is the argument passed to the socket callback */ - CINIT(SOCKETDATA, OBJECTPOINT, 2), + CURLOPT(CURLMOPT_SOCKETDATA, CURLOPTTYPE_OBJECTPOINT, 2), /* set to 1 to enable pipelining for this multi handle */ - CINIT(PIPELINING, LONG, 3), + CURLOPT(CURLMOPT_PIPELINING, CURLOPTTYPE_LONG, 3), /* This is the timer callback function pointer */ - CINIT(TIMERFUNCTION, FUNCTIONPOINT, 4), + CURLOPT(CURLMOPT_TIMERFUNCTION, CURLOPTTYPE_FUNCTIONPOINT, 4), /* This is the argument passed to the timer callback */ - CINIT(TIMERDATA, OBJECTPOINT, 5), + CURLOPT(CURLMOPT_TIMERDATA, CURLOPTTYPE_OBJECTPOINT, 5), /* maximum number of entries in the connection cache */ - CINIT(MAXCONNECTS, LONG, 6), + CURLOPT(CURLMOPT_MAXCONNECTS, CURLOPTTYPE_LONG, 6), /* maximum number of (pipelining) connections to one host */ - CINIT(MAX_HOST_CONNECTIONS, LONG, 7), + CURLOPT(CURLMOPT_MAX_HOST_CONNECTIONS, CURLOPTTYPE_LONG, 7), /* maximum number of requests in a pipeline */ - CINIT(MAX_PIPELINE_LENGTH, LONG, 8), + CURLOPT(CURLMOPT_MAX_PIPELINE_LENGTH, CURLOPTTYPE_LONG, 8), /* a connection with a content-length longer than this will not be considered for pipelining */ - CINIT(CONTENT_LENGTH_PENALTY_SIZE, OFF_T, 9), + CURLOPT(CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE, CURLOPTTYPE_OFF_T, 9), /* a connection with a chunk length longer than this will not be considered for pipelining */ - CINIT(CHUNK_LENGTH_PENALTY_SIZE, OFF_T, 10), + CURLOPT(CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE, CURLOPTTYPE_OFF_T, 10), /* a list of site names(+port) that are blacklisted from pipelining */ - CINIT(PIPELINING_SITE_BL, OBJECTPOINT, 11), + CURLOPT(CURLMOPT_PIPELINING_SITE_BL, CURLOPTTYPE_OBJECTPOINT, 11), /* a list of server types that are blacklisted from pipelining */ - CINIT(PIPELINING_SERVER_BL, OBJECTPOINT, 12), + CURLOPT(CURLMOPT_PIPELINING_SERVER_BL, CURLOPTTYPE_OBJECTPOINT, 12), /* maximum number of open connections in total */ - CINIT(MAX_TOTAL_CONNECTIONS, LONG, 13), + CURLOPT(CURLMOPT_MAX_TOTAL_CONNECTIONS, CURLOPTTYPE_LONG, 13), /* This is the server push callback function pointer */ - CINIT(PUSHFUNCTION, FUNCTIONPOINT, 14), + CURLOPT(CURLMOPT_PUSHFUNCTION, CURLOPTTYPE_FUNCTIONPOINT, 14), /* This is the argument passed to the server push callback */ - CINIT(PUSHDATA, OBJECTPOINT, 15), + CURLOPT(CURLMOPT_PUSHDATA, CURLOPTTYPE_OBJECTPOINT, 15), /* maximum number of concurrent streams to support on a connection */ - CINIT(MAX_CONCURRENT_STREAMS, LONG, 16), + CURLOPT(CURLMOPT_MAX_CONCURRENT_STREAMS, CURLOPTTYPE_LONG, 16), CURLMOPT_LASTENTRY /* the last unused */ } CURLMoption; diff --git a/libs/libcurl/src/CMakeLists.txt b/libs/libcurl/src/CMakeLists.txt index a9c90b6650..e73efb90af 100644 --- a/libs/libcurl/src/CMakeLists.txt +++ b/libs/libcurl/src/CMakeLists.txt @@ -96,6 +96,12 @@ endif() set_target_properties(${LIB_NAME} PROPERTIES PREFIX "") set_target_properties(${LIB_NAME} PROPERTIES IMPORT_PREFIX "") +if(CURL_HAS_LTO) + set_target_properties(${LIB_NAME} PROPERTIES + INTERPROCEDURAL_OPTIMIZATION_RELEASE TRUE + INTERPROCEDURAL_OPTIMIZATION_RELWITHDEBINFO TRUE) +endif() + if(WIN32) if(BUILD_SHARED_LIBS) # Add "_imp" as a suffix before the extension to avoid conflicting with the statically linked "libcurl.lib" diff --git a/libs/libcurl/src/Makefile.in b/libs/libcurl/src/Makefile.in index 9259841744..3fc95847d4 100644 --- a/libs/libcurl/src/Makefile.in +++ b/libs/libcurl/src/Makefile.in @@ -21,7 +21,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. +# Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -229,7 +229,8 @@ am__objects_1 = libcurl_la-file.lo libcurl_la-timeval.lo \ libcurl_la-curl_path.lo libcurl_la-curl_ctype.lo \ libcurl_la-curl_range.lo libcurl_la-psl.lo libcurl_la-doh.lo \ libcurl_la-urlapi.lo libcurl_la-curl_get_line.lo \ - libcurl_la-altsvc.lo libcurl_la-socketpair.lo + libcurl_la-altsvc.lo libcurl_la-socketpair.lo \ + libcurl_la-rename.lo am__dirstamp = $(am__leading_dot)dirstamp am__objects_2 = vauth/libcurl_la-vauth.lo \ vauth/libcurl_la-cleartext.lo vauth/libcurl_la-cram.lo \ @@ -240,15 +241,15 @@ am__objects_2 = vauth/libcurl_la-vauth.lo \ vauth/libcurl_la-spnego_sspi.lo am__objects_3 = vtls/libcurl_la-openssl.lo vtls/libcurl_la-gtls.lo \ vtls/libcurl_la-vtls.lo vtls/libcurl_la-nss.lo \ - vtls/libcurl_la-polarssl.lo \ - vtls/libcurl_la-polarssl_threadlock.lo \ + vtls/libcurl_la-mbedtls_threadlock.lo \ vtls/libcurl_la-wolfssl.lo vtls/libcurl_la-schannel.lo \ vtls/libcurl_la-schannel_verify.lo \ vtls/libcurl_la-sectransp.lo vtls/libcurl_la-gskit.lo \ vtls/libcurl_la-mbedtls.lo vtls/libcurl_la-mesalink.lo \ vtls/libcurl_la-bearssl.lo am__objects_4 = vquic/libcurl_la-ngtcp2.lo vquic/libcurl_la-quiche.lo -am__objects_5 = vssh/libcurl_la-libssh2.lo vssh/libcurl_la-libssh.lo +am__objects_5 = vssh/libcurl_la-libssh2.lo vssh/libcurl_la-libssh.lo \ + vssh/libcurl_la-wolfssh.lo am__objects_6 = $(am__objects_1) $(am__objects_2) $(am__objects_3) \ $(am__objects_4) $(am__objects_5) am__objects_7 = @@ -317,7 +318,7 @@ am__objects_9 = libcurlu_la-file.lo libcurlu_la-timeval.lo \ libcurlu_la-curl_ctype.lo libcurlu_la-curl_range.lo \ libcurlu_la-psl.lo libcurlu_la-doh.lo libcurlu_la-urlapi.lo \ libcurlu_la-curl_get_line.lo libcurlu_la-altsvc.lo \ - libcurlu_la-socketpair.lo + libcurlu_la-socketpair.lo libcurlu_la-rename.lo am__objects_10 = vauth/libcurlu_la-vauth.lo \ vauth/libcurlu_la-cleartext.lo vauth/libcurlu_la-cram.lo \ vauth/libcurlu_la-digest.lo vauth/libcurlu_la-digest_sspi.lo \ @@ -328,8 +329,7 @@ am__objects_10 = vauth/libcurlu_la-vauth.lo \ vauth/libcurlu_la-spnego_sspi.lo am__objects_11 = vtls/libcurlu_la-openssl.lo vtls/libcurlu_la-gtls.lo \ vtls/libcurlu_la-vtls.lo vtls/libcurlu_la-nss.lo \ - vtls/libcurlu_la-polarssl.lo \ - vtls/libcurlu_la-polarssl_threadlock.lo \ + vtls/libcurlu_la-mbedtls_threadlock.lo \ vtls/libcurlu_la-wolfssl.lo vtls/libcurlu_la-schannel.lo \ vtls/libcurlu_la-schannel_verify.lo \ vtls/libcurlu_la-sectransp.lo vtls/libcurlu_la-gskit.lo \ @@ -338,7 +338,7 @@ am__objects_11 = vtls/libcurlu_la-openssl.lo vtls/libcurlu_la-gtls.lo \ am__objects_12 = vquic/libcurlu_la-ngtcp2.lo \ vquic/libcurlu_la-quiche.lo am__objects_13 = vssh/libcurlu_la-libssh2.lo \ - vssh/libcurlu_la-libssh.lo + vssh/libcurlu_la-libssh.lo vssh/libcurlu_la-wolfssh.lo am__objects_14 = $(am__objects_9) $(am__objects_10) $(am__objects_11) \ $(am__objects_12) $(am__objects_13) am_libcurlu_la_OBJECTS = $(am__objects_14) $(am__objects_8) @@ -438,6 +438,7 @@ am__depfiles_remade = ./$(DEPDIR)/libcurl_la-altsvc.Plo \ ./$(DEPDIR)/libcurl_la-pop3.Plo \ ./$(DEPDIR)/libcurl_la-progress.Plo \ ./$(DEPDIR)/libcurl_la-psl.Plo ./$(DEPDIR)/libcurl_la-rand.Plo \ + ./$(DEPDIR)/libcurl_la-rename.Plo \ ./$(DEPDIR)/libcurl_la-rtsp.Plo \ ./$(DEPDIR)/libcurl_la-security.Plo \ ./$(DEPDIR)/libcurl_la-select.Plo \ @@ -548,6 +549,7 @@ am__depfiles_remade = ./$(DEPDIR)/libcurl_la-altsvc.Plo \ ./$(DEPDIR)/libcurlu_la-progress.Plo \ ./$(DEPDIR)/libcurlu_la-psl.Plo \ ./$(DEPDIR)/libcurlu_la-rand.Plo \ + ./$(DEPDIR)/libcurlu_la-rename.Plo \ ./$(DEPDIR)/libcurlu_la-rtsp.Plo \ ./$(DEPDIR)/libcurlu_la-security.Plo \ ./$(DEPDIR)/libcurlu_la-select.Plo \ @@ -610,17 +612,18 @@ am__depfiles_remade = ./$(DEPDIR)/libcurl_la-altsvc.Plo \ vquic/$(DEPDIR)/libcurlu_la-quiche.Plo \ vssh/$(DEPDIR)/libcurl_la-libssh.Plo \ vssh/$(DEPDIR)/libcurl_la-libssh2.Plo \ + vssh/$(DEPDIR)/libcurl_la-wolfssh.Plo \ vssh/$(DEPDIR)/libcurlu_la-libssh.Plo \ vssh/$(DEPDIR)/libcurlu_la-libssh2.Plo \ + vssh/$(DEPDIR)/libcurlu_la-wolfssh.Plo \ vtls/$(DEPDIR)/libcurl_la-bearssl.Plo \ vtls/$(DEPDIR)/libcurl_la-gskit.Plo \ vtls/$(DEPDIR)/libcurl_la-gtls.Plo \ vtls/$(DEPDIR)/libcurl_la-mbedtls.Plo \ + vtls/$(DEPDIR)/libcurl_la-mbedtls_threadlock.Plo \ vtls/$(DEPDIR)/libcurl_la-mesalink.Plo \ vtls/$(DEPDIR)/libcurl_la-nss.Plo \ vtls/$(DEPDIR)/libcurl_la-openssl.Plo \ - vtls/$(DEPDIR)/libcurl_la-polarssl.Plo \ - vtls/$(DEPDIR)/libcurl_la-polarssl_threadlock.Plo \ vtls/$(DEPDIR)/libcurl_la-schannel.Plo \ vtls/$(DEPDIR)/libcurl_la-schannel_verify.Plo \ vtls/$(DEPDIR)/libcurl_la-sectransp.Plo \ @@ -630,11 +633,10 @@ am__depfiles_remade = ./$(DEPDIR)/libcurl_la-altsvc.Plo \ vtls/$(DEPDIR)/libcurlu_la-gskit.Plo \ vtls/$(DEPDIR)/libcurlu_la-gtls.Plo \ vtls/$(DEPDIR)/libcurlu_la-mbedtls.Plo \ + vtls/$(DEPDIR)/libcurlu_la-mbedtls_threadlock.Plo \ vtls/$(DEPDIR)/libcurlu_la-mesalink.Plo \ vtls/$(DEPDIR)/libcurlu_la-nss.Plo \ vtls/$(DEPDIR)/libcurlu_la-openssl.Plo \ - vtls/$(DEPDIR)/libcurlu_la-polarssl.Plo \ - vtls/$(DEPDIR)/libcurlu_la-polarssl_threadlock.Plo \ vtls/$(DEPDIR)/libcurlu_la-schannel.Plo \ vtls/$(DEPDIR)/libcurlu_la-schannel_verify.Plo \ vtls/$(DEPDIR)/libcurlu_la-sectransp.Plo \ @@ -838,6 +840,7 @@ USE_SCHANNEL = @USE_SCHANNEL@ USE_SECTRANSP = @USE_SECTRANSP@ USE_UNIX_SOCKETS = @USE_UNIX_SOCKETS@ USE_WINDOWS_SSPI = @USE_WINDOWS_SSPI@ +USE_WOLFSSH = @USE_WOLFSSH@ USE_WOLFSSL = @USE_WOLFSSL@ VERSION = @VERSION@ VERSIONNUM = @VERSIONNUM@ @@ -978,19 +981,18 @@ LIB_VAUTH_CFILES = vauth/vauth.c vauth/cleartext.c vauth/cram.c \ LIB_VAUTH_HFILES = vauth/vauth.h vauth/digest.h vauth/ntlm.h LIB_VTLS_CFILES = vtls/openssl.c vtls/gtls.c vtls/vtls.c vtls/nss.c \ - vtls/polarssl.c vtls/polarssl_threadlock.c \ - vtls/wolfssl.c vtls/schannel.c vtls/schannel_verify.c \ - vtls/sectransp.c vtls/gskit.c vtls/mbedtls.c vtls/mesalink.c \ - vtls/bearssl.c + vtls/mbedtls_threadlock.c vtls/wolfssl.c vtls/schannel.c \ + vtls/schannel_verify.c vtls/sectransp.c vtls/gskit.c vtls/mbedtls.c \ + vtls/mesalink.c vtls/bearssl.c -LIB_VTLS_HFILES = vtls/openssl.h vtls/vtls.h vtls/gtls.h \ - vtls/nssg.h vtls/polarssl.h vtls/polarssl_threadlock.h \ - vtls/wolfssl.h vtls/schannel.h vtls/sectransp.h vtls/gskit.h \ - vtls/mbedtls.h vtls/mesalink.h vtls/bearssl.h +LIB_VTLS_HFILES = vtls/openssl.h vtls/vtls.h vtls/gtls.h vtls/nssg.h \ + vtls/mbedtls_threadlock.h vtls/wolfssl.h vtls/schannel.h \ + vtls/sectransp.h vtls/gskit.h vtls/mbedtls.h vtls/mesalink.h \ + vtls/bearssl.h LIB_VQUIC_CFILES = vquic/ngtcp2.c vquic/quiche.c LIB_VQUIC_HFILES = vquic/ngtcp2.h vquic/quiche.h -LIB_VSSH_CFILES = vssh/libssh2.c vssh/libssh.c +LIB_VSSH_CFILES = vssh/libssh2.c vssh/libssh.c vssh/wolfssh.c LIB_VSSH_HFILES = vssh/ssh.h LIB_CFILES = file.c timeval.c base64.c hostip.c progress.c formdata.c \ cookie.c http.c sendf.c ftp.c url.c dict.c if2ip.c speedcheck.c \ @@ -1010,7 +1012,7 @@ LIB_CFILES = file.c timeval.c base64.c hostip.c progress.c formdata.c \ curl_multibyte.c hostcheck.c conncache.c dotdot.c \ x509asn1.c http2.c smb.c curl_endian.c curl_des.c system_win32.c \ mime.c sha256.c setopt.c curl_path.c curl_ctype.c curl_range.c psl.c \ - doh.c urlapi.c curl_get_line.c altsvc.c socketpair.c + doh.c urlapi.c curl_get_line.c altsvc.c socketpair.c rename.c LIB_HFILES = arpa_telnet.h netrc.h file.h timeval.h hostip.h progress.h \ formdata.h cookie.h http.h sendf.h ftp.h url.h dict.h if2ip.h \ @@ -1031,7 +1033,7 @@ LIB_HFILES = arpa_telnet.h netrc.h file.h timeval.h hostip.h progress.h \ x509asn1.h http2.h sigpipe.h smb.h curl_endian.h curl_des.h \ curl_printf.h system_win32.h rand.h mime.h curl_sha256.h setopt.h \ curl_path.h curl_ctype.h curl_range.h psl.h doh.h urlapi-int.h \ - curl_get_line.h altsvc.h quic.h socketpair.h + curl_get_line.h altsvc.h quic.h socketpair.h rename.h LIB_RCFILES = libcurl.rc CSOURCES = $(LIB_CFILES) $(LIB_VAUTH_CFILES) $(LIB_VTLS_CFILES) \ @@ -1194,9 +1196,7 @@ vtls/libcurl_la-vtls.lo: vtls/$(am__dirstamp) \ vtls/$(DEPDIR)/$(am__dirstamp) vtls/libcurl_la-nss.lo: vtls/$(am__dirstamp) \ vtls/$(DEPDIR)/$(am__dirstamp) -vtls/libcurl_la-polarssl.lo: vtls/$(am__dirstamp) \ - vtls/$(DEPDIR)/$(am__dirstamp) -vtls/libcurl_la-polarssl_threadlock.lo: vtls/$(am__dirstamp) \ +vtls/libcurl_la-mbedtls_threadlock.lo: vtls/$(am__dirstamp) \ vtls/$(DEPDIR)/$(am__dirstamp) vtls/libcurl_la-wolfssl.lo: vtls/$(am__dirstamp) \ vtls/$(DEPDIR)/$(am__dirstamp) @@ -1234,6 +1234,8 @@ vssh/libcurl_la-libssh2.lo: vssh/$(am__dirstamp) \ vssh/$(DEPDIR)/$(am__dirstamp) vssh/libcurl_la-libssh.lo: vssh/$(am__dirstamp) \ vssh/$(DEPDIR)/$(am__dirstamp) +vssh/libcurl_la-wolfssh.lo: vssh/$(am__dirstamp) \ + vssh/$(DEPDIR)/$(am__dirstamp) libcurl.la: $(libcurl_la_OBJECTS) $(libcurl_la_DEPENDENCIES) $(EXTRA_libcurl_la_DEPENDENCIES) $(AM_V_CCLD)$(libcurl_la_LINK) -rpath $(libdir) $(libcurl_la_OBJECTS) $(libcurl_la_LIBADD) $(LIBS) @@ -1269,9 +1271,7 @@ vtls/libcurlu_la-vtls.lo: vtls/$(am__dirstamp) \ vtls/$(DEPDIR)/$(am__dirstamp) vtls/libcurlu_la-nss.lo: vtls/$(am__dirstamp) \ vtls/$(DEPDIR)/$(am__dirstamp) -vtls/libcurlu_la-polarssl.lo: vtls/$(am__dirstamp) \ - vtls/$(DEPDIR)/$(am__dirstamp) -vtls/libcurlu_la-polarssl_threadlock.lo: vtls/$(am__dirstamp) \ +vtls/libcurlu_la-mbedtls_threadlock.lo: vtls/$(am__dirstamp) \ vtls/$(DEPDIR)/$(am__dirstamp) vtls/libcurlu_la-wolfssl.lo: vtls/$(am__dirstamp) \ vtls/$(DEPDIR)/$(am__dirstamp) @@ -1297,6 +1297,8 @@ vssh/libcurlu_la-libssh2.lo: vssh/$(am__dirstamp) \ vssh/$(DEPDIR)/$(am__dirstamp) vssh/libcurlu_la-libssh.lo: vssh/$(am__dirstamp) \ vssh/$(DEPDIR)/$(am__dirstamp) +vssh/libcurlu_la-wolfssh.lo: vssh/$(am__dirstamp) \ + vssh/$(DEPDIR)/$(am__dirstamp) libcurlu.la: $(libcurlu_la_OBJECTS) $(libcurlu_la_DEPENDENCIES) $(EXTRA_libcurlu_la_DEPENDENCIES) $(AM_V_CCLD)$(libcurlu_la_LINK) $(am_libcurlu_la_rpath) $(libcurlu_la_OBJECTS) $(libcurlu_la_LIBADD) $(LIBS) @@ -1394,6 +1396,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-progress.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-psl.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-rand.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-rename.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-rtsp.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-security.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-select.Plo@am__quote@ # am--include-marker @@ -1505,6 +1508,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-progress.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-psl.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-rand.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-rename.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-rtsp.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-security.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-select.Plo@am__quote@ # am--include-marker @@ -1567,17 +1571,18 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@vquic/$(DEPDIR)/libcurlu_la-quiche.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vssh/$(DEPDIR)/libcurl_la-libssh.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vssh/$(DEPDIR)/libcurl_la-libssh2.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@vssh/$(DEPDIR)/libcurl_la-wolfssh.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vssh/$(DEPDIR)/libcurlu_la-libssh.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vssh/$(DEPDIR)/libcurlu_la-libssh2.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@vssh/$(DEPDIR)/libcurlu_la-wolfssh.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurl_la-bearssl.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurl_la-gskit.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurl_la-gtls.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurl_la-mbedtls.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurl_la-mbedtls_threadlock.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurl_la-mesalink.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurl_la-nss.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurl_la-openssl.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurl_la-polarssl.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurl_la-polarssl_threadlock.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurl_la-schannel.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurl_la-schannel_verify.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurl_la-sectransp.Plo@am__quote@ # am--include-marker @@ -1587,11 +1592,10 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurlu_la-gskit.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurlu_la-gtls.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurlu_la-mbedtls.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurlu_la-mbedtls_threadlock.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurlu_la-mesalink.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurlu_la-nss.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurlu_la-openssl.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurlu_la-polarssl.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurlu_la-polarssl_threadlock.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurlu_la-schannel.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurlu_la-schannel_verify.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurlu_la-sectransp.Plo@am__quote@ # am--include-marker @@ -2405,6 +2409,13 @@ libcurl_la-socketpair.lo: socketpair.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-socketpair.lo `test -f 'socketpair.c' || echo '$(srcdir)/'`socketpair.c +libcurl_la-rename.lo: rename.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-rename.lo -MD -MP -MF $(DEPDIR)/libcurl_la-rename.Tpo -c -o libcurl_la-rename.lo `test -f 'rename.c' || echo '$(srcdir)/'`rename.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-rename.Tpo $(DEPDIR)/libcurl_la-rename.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='rename.c' object='libcurl_la-rename.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-rename.lo `test -f 'rename.c' || echo '$(srcdir)/'`rename.c + vauth/libcurl_la-vauth.lo: vauth/vauth.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT vauth/libcurl_la-vauth.lo -MD -MP -MF vauth/$(DEPDIR)/libcurl_la-vauth.Tpo -c -o vauth/libcurl_la-vauth.lo `test -f 'vauth/vauth.c' || echo '$(srcdir)/'`vauth/vauth.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vauth/$(DEPDIR)/libcurl_la-vauth.Tpo vauth/$(DEPDIR)/libcurl_la-vauth.Plo @@ -2517,19 +2528,12 @@ vtls/libcurl_la-nss.lo: vtls/nss.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o vtls/libcurl_la-nss.lo `test -f 'vtls/nss.c' || echo '$(srcdir)/'`vtls/nss.c -vtls/libcurl_la-polarssl.lo: vtls/polarssl.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT vtls/libcurl_la-polarssl.lo -MD -MP -MF vtls/$(DEPDIR)/libcurl_la-polarssl.Tpo -c -o vtls/libcurl_la-polarssl.lo `test -f 'vtls/polarssl.c' || echo '$(srcdir)/'`vtls/polarssl.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vtls/$(DEPDIR)/libcurl_la-polarssl.Tpo vtls/$(DEPDIR)/libcurl_la-polarssl.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vtls/polarssl.c' object='vtls/libcurl_la-polarssl.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o vtls/libcurl_la-polarssl.lo `test -f 'vtls/polarssl.c' || echo '$(srcdir)/'`vtls/polarssl.c - -vtls/libcurl_la-polarssl_threadlock.lo: vtls/polarssl_threadlock.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT vtls/libcurl_la-polarssl_threadlock.lo -MD -MP -MF vtls/$(DEPDIR)/libcurl_la-polarssl_threadlock.Tpo -c -o vtls/libcurl_la-polarssl_threadlock.lo `test -f 'vtls/polarssl_threadlock.c' || echo '$(srcdir)/'`vtls/polarssl_threadlock.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vtls/$(DEPDIR)/libcurl_la-polarssl_threadlock.Tpo vtls/$(DEPDIR)/libcurl_la-polarssl_threadlock.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vtls/polarssl_threadlock.c' object='vtls/libcurl_la-polarssl_threadlock.lo' libtool=yes @AMDEPBACKSLASH@ +vtls/libcurl_la-mbedtls_threadlock.lo: vtls/mbedtls_threadlock.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT vtls/libcurl_la-mbedtls_threadlock.lo -MD -MP -MF vtls/$(DEPDIR)/libcurl_la-mbedtls_threadlock.Tpo -c -o vtls/libcurl_la-mbedtls_threadlock.lo `test -f 'vtls/mbedtls_threadlock.c' || echo '$(srcdir)/'`vtls/mbedtls_threadlock.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vtls/$(DEPDIR)/libcurl_la-mbedtls_threadlock.Tpo vtls/$(DEPDIR)/libcurl_la-mbedtls_threadlock.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vtls/mbedtls_threadlock.c' object='vtls/libcurl_la-mbedtls_threadlock.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o vtls/libcurl_la-polarssl_threadlock.lo `test -f 'vtls/polarssl_threadlock.c' || echo '$(srcdir)/'`vtls/polarssl_threadlock.c +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o vtls/libcurl_la-mbedtls_threadlock.lo `test -f 'vtls/mbedtls_threadlock.c' || echo '$(srcdir)/'`vtls/mbedtls_threadlock.c vtls/libcurl_la-wolfssl.lo: vtls/wolfssl.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT vtls/libcurl_la-wolfssl.lo -MD -MP -MF vtls/$(DEPDIR)/libcurl_la-wolfssl.Tpo -c -o vtls/libcurl_la-wolfssl.lo `test -f 'vtls/wolfssl.c' || echo '$(srcdir)/'`vtls/wolfssl.c @@ -2615,6 +2619,13 @@ vssh/libcurl_la-libssh.lo: vssh/libssh.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o vssh/libcurl_la-libssh.lo `test -f 'vssh/libssh.c' || echo '$(srcdir)/'`vssh/libssh.c +vssh/libcurl_la-wolfssh.lo: vssh/wolfssh.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT vssh/libcurl_la-wolfssh.lo -MD -MP -MF vssh/$(DEPDIR)/libcurl_la-wolfssh.Tpo -c -o vssh/libcurl_la-wolfssh.lo `test -f 'vssh/wolfssh.c' || echo '$(srcdir)/'`vssh/wolfssh.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vssh/$(DEPDIR)/libcurl_la-wolfssh.Tpo vssh/$(DEPDIR)/libcurl_la-wolfssh.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vssh/wolfssh.c' object='vssh/libcurl_la-wolfssh.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o vssh/libcurl_la-wolfssh.lo `test -f 'vssh/wolfssh.c' || echo '$(srcdir)/'`vssh/wolfssh.c + libcurlu_la-file.lo: file.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-file.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-file.Tpo -c -o libcurlu_la-file.lo `test -f 'file.c' || echo '$(srcdir)/'`file.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-file.Tpo $(DEPDIR)/libcurlu_la-file.Plo @@ -3392,6 +3403,13 @@ libcurlu_la-socketpair.lo: socketpair.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-socketpair.lo `test -f 'socketpair.c' || echo '$(srcdir)/'`socketpair.c +libcurlu_la-rename.lo: rename.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-rename.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-rename.Tpo -c -o libcurlu_la-rename.lo `test -f 'rename.c' || echo '$(srcdir)/'`rename.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-rename.Tpo $(DEPDIR)/libcurlu_la-rename.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='rename.c' object='libcurlu_la-rename.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-rename.lo `test -f 'rename.c' || echo '$(srcdir)/'`rename.c + vauth/libcurlu_la-vauth.lo: vauth/vauth.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT vauth/libcurlu_la-vauth.lo -MD -MP -MF vauth/$(DEPDIR)/libcurlu_la-vauth.Tpo -c -o vauth/libcurlu_la-vauth.lo `test -f 'vauth/vauth.c' || echo '$(srcdir)/'`vauth/vauth.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vauth/$(DEPDIR)/libcurlu_la-vauth.Tpo vauth/$(DEPDIR)/libcurlu_la-vauth.Plo @@ -3504,19 +3522,12 @@ vtls/libcurlu_la-nss.lo: vtls/nss.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o vtls/libcurlu_la-nss.lo `test -f 'vtls/nss.c' || echo '$(srcdir)/'`vtls/nss.c -vtls/libcurlu_la-polarssl.lo: vtls/polarssl.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT vtls/libcurlu_la-polarssl.lo -MD -MP -MF vtls/$(DEPDIR)/libcurlu_la-polarssl.Tpo -c -o vtls/libcurlu_la-polarssl.lo `test -f 'vtls/polarssl.c' || echo '$(srcdir)/'`vtls/polarssl.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vtls/$(DEPDIR)/libcurlu_la-polarssl.Tpo vtls/$(DEPDIR)/libcurlu_la-polarssl.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vtls/polarssl.c' object='vtls/libcurlu_la-polarssl.lo' libtool=yes @AMDEPBACKSLASH@ +vtls/libcurlu_la-mbedtls_threadlock.lo: vtls/mbedtls_threadlock.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT vtls/libcurlu_la-mbedtls_threadlock.lo -MD -MP -MF vtls/$(DEPDIR)/libcurlu_la-mbedtls_threadlock.Tpo -c -o vtls/libcurlu_la-mbedtls_threadlock.lo `test -f 'vtls/mbedtls_threadlock.c' || echo '$(srcdir)/'`vtls/mbedtls_threadlock.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vtls/$(DEPDIR)/libcurlu_la-mbedtls_threadlock.Tpo vtls/$(DEPDIR)/libcurlu_la-mbedtls_threadlock.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vtls/mbedtls_threadlock.c' object='vtls/libcurlu_la-mbedtls_threadlock.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o vtls/libcurlu_la-polarssl.lo `test -f 'vtls/polarssl.c' || echo '$(srcdir)/'`vtls/polarssl.c - -vtls/libcurlu_la-polarssl_threadlock.lo: vtls/polarssl_threadlock.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT vtls/libcurlu_la-polarssl_threadlock.lo -MD -MP -MF vtls/$(DEPDIR)/libcurlu_la-polarssl_threadlock.Tpo -c -o vtls/libcurlu_la-polarssl_threadlock.lo `test -f 'vtls/polarssl_threadlock.c' || echo '$(srcdir)/'`vtls/polarssl_threadlock.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vtls/$(DEPDIR)/libcurlu_la-polarssl_threadlock.Tpo vtls/$(DEPDIR)/libcurlu_la-polarssl_threadlock.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vtls/polarssl_threadlock.c' object='vtls/libcurlu_la-polarssl_threadlock.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o vtls/libcurlu_la-polarssl_threadlock.lo `test -f 'vtls/polarssl_threadlock.c' || echo '$(srcdir)/'`vtls/polarssl_threadlock.c +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o vtls/libcurlu_la-mbedtls_threadlock.lo `test -f 'vtls/mbedtls_threadlock.c' || echo '$(srcdir)/'`vtls/mbedtls_threadlock.c vtls/libcurlu_la-wolfssl.lo: vtls/wolfssl.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT vtls/libcurlu_la-wolfssl.lo -MD -MP -MF vtls/$(DEPDIR)/libcurlu_la-wolfssl.Tpo -c -o vtls/libcurlu_la-wolfssl.lo `test -f 'vtls/wolfssl.c' || echo '$(srcdir)/'`vtls/wolfssl.c @@ -3602,6 +3613,13 @@ vssh/libcurlu_la-libssh.lo: vssh/libssh.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o vssh/libcurlu_la-libssh.lo `test -f 'vssh/libssh.c' || echo '$(srcdir)/'`vssh/libssh.c +vssh/libcurlu_la-wolfssh.lo: vssh/wolfssh.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT vssh/libcurlu_la-wolfssh.lo -MD -MP -MF vssh/$(DEPDIR)/libcurlu_la-wolfssh.Tpo -c -o vssh/libcurlu_la-wolfssh.lo `test -f 'vssh/wolfssh.c' || echo '$(srcdir)/'`vssh/wolfssh.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vssh/$(DEPDIR)/libcurlu_la-wolfssh.Tpo vssh/$(DEPDIR)/libcurlu_la-wolfssh.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vssh/wolfssh.c' object='vssh/libcurlu_la-wolfssh.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o vssh/libcurlu_la-wolfssh.lo `test -f 'vssh/wolfssh.c' || echo '$(srcdir)/'`vssh/wolfssh.c + mostlyclean-libtool: -rm -f *.lo @@ -3828,6 +3846,7 @@ distclean: distclean-am -rm -f ./$(DEPDIR)/libcurl_la-progress.Plo -rm -f ./$(DEPDIR)/libcurl_la-psl.Plo -rm -f ./$(DEPDIR)/libcurl_la-rand.Plo + -rm -f ./$(DEPDIR)/libcurl_la-rename.Plo -rm -f ./$(DEPDIR)/libcurl_la-rtsp.Plo -rm -f ./$(DEPDIR)/libcurl_la-security.Plo -rm -f ./$(DEPDIR)/libcurl_la-select.Plo @@ -3939,6 +3958,7 @@ distclean: distclean-am -rm -f ./$(DEPDIR)/libcurlu_la-progress.Plo -rm -f ./$(DEPDIR)/libcurlu_la-psl.Plo -rm -f ./$(DEPDIR)/libcurlu_la-rand.Plo + -rm -f ./$(DEPDIR)/libcurlu_la-rename.Plo -rm -f ./$(DEPDIR)/libcurlu_la-rtsp.Plo -rm -f ./$(DEPDIR)/libcurlu_la-security.Plo -rm -f ./$(DEPDIR)/libcurlu_la-select.Plo @@ -4001,17 +4021,18 @@ distclean: distclean-am -rm -f vquic/$(DEPDIR)/libcurlu_la-quiche.Plo -rm -f vssh/$(DEPDIR)/libcurl_la-libssh.Plo -rm -f vssh/$(DEPDIR)/libcurl_la-libssh2.Plo + -rm -f vssh/$(DEPDIR)/libcurl_la-wolfssh.Plo -rm -f vssh/$(DEPDIR)/libcurlu_la-libssh.Plo -rm -f vssh/$(DEPDIR)/libcurlu_la-libssh2.Plo + -rm -f vssh/$(DEPDIR)/libcurlu_la-wolfssh.Plo -rm -f vtls/$(DEPDIR)/libcurl_la-bearssl.Plo -rm -f vtls/$(DEPDIR)/libcurl_la-gskit.Plo -rm -f vtls/$(DEPDIR)/libcurl_la-gtls.Plo -rm -f vtls/$(DEPDIR)/libcurl_la-mbedtls.Plo + -rm -f vtls/$(DEPDIR)/libcurl_la-mbedtls_threadlock.Plo -rm -f vtls/$(DEPDIR)/libcurl_la-mesalink.Plo -rm -f vtls/$(DEPDIR)/libcurl_la-nss.Plo -rm -f vtls/$(DEPDIR)/libcurl_la-openssl.Plo - -rm -f vtls/$(DEPDIR)/libcurl_la-polarssl.Plo - -rm -f vtls/$(DEPDIR)/libcurl_la-polarssl_threadlock.Plo -rm -f vtls/$(DEPDIR)/libcurl_la-schannel.Plo -rm -f vtls/$(DEPDIR)/libcurl_la-schannel_verify.Plo -rm -f vtls/$(DEPDIR)/libcurl_la-sectransp.Plo @@ -4021,11 +4042,10 @@ distclean: distclean-am -rm -f vtls/$(DEPDIR)/libcurlu_la-gskit.Plo -rm -f vtls/$(DEPDIR)/libcurlu_la-gtls.Plo -rm -f vtls/$(DEPDIR)/libcurlu_la-mbedtls.Plo + -rm -f vtls/$(DEPDIR)/libcurlu_la-mbedtls_threadlock.Plo -rm -f vtls/$(DEPDIR)/libcurlu_la-mesalink.Plo -rm -f vtls/$(DEPDIR)/libcurlu_la-nss.Plo -rm -f vtls/$(DEPDIR)/libcurlu_la-openssl.Plo - -rm -f vtls/$(DEPDIR)/libcurlu_la-polarssl.Plo - -rm -f vtls/$(DEPDIR)/libcurlu_la-polarssl_threadlock.Plo -rm -f vtls/$(DEPDIR)/libcurlu_la-schannel.Plo -rm -f vtls/$(DEPDIR)/libcurlu_la-schannel_verify.Plo -rm -f vtls/$(DEPDIR)/libcurlu_la-sectransp.Plo @@ -4155,6 +4175,7 @@ maintainer-clean: maintainer-clean-am -rm -f ./$(DEPDIR)/libcurl_la-progress.Plo -rm -f ./$(DEPDIR)/libcurl_la-psl.Plo -rm -f ./$(DEPDIR)/libcurl_la-rand.Plo + -rm -f ./$(DEPDIR)/libcurl_la-rename.Plo -rm -f ./$(DEPDIR)/libcurl_la-rtsp.Plo -rm -f ./$(DEPDIR)/libcurl_la-security.Plo -rm -f ./$(DEPDIR)/libcurl_la-select.Plo @@ -4266,6 +4287,7 @@ maintainer-clean: maintainer-clean-am -rm -f ./$(DEPDIR)/libcurlu_la-progress.Plo -rm -f ./$(DEPDIR)/libcurlu_la-psl.Plo -rm -f ./$(DEPDIR)/libcurlu_la-rand.Plo + -rm -f ./$(DEPDIR)/libcurlu_la-rename.Plo -rm -f ./$(DEPDIR)/libcurlu_la-rtsp.Plo -rm -f ./$(DEPDIR)/libcurlu_la-security.Plo -rm -f ./$(DEPDIR)/libcurlu_la-select.Plo @@ -4328,17 +4350,18 @@ maintainer-clean: maintainer-clean-am -rm -f vquic/$(DEPDIR)/libcurlu_la-quiche.Plo -rm -f vssh/$(DEPDIR)/libcurl_la-libssh.Plo -rm -f vssh/$(DEPDIR)/libcurl_la-libssh2.Plo + -rm -f vssh/$(DEPDIR)/libcurl_la-wolfssh.Plo -rm -f vssh/$(DEPDIR)/libcurlu_la-libssh.Plo -rm -f vssh/$(DEPDIR)/libcurlu_la-libssh2.Plo + -rm -f vssh/$(DEPDIR)/libcurlu_la-wolfssh.Plo -rm -f vtls/$(DEPDIR)/libcurl_la-bearssl.Plo -rm -f vtls/$(DEPDIR)/libcurl_la-gskit.Plo -rm -f vtls/$(DEPDIR)/libcurl_la-gtls.Plo -rm -f vtls/$(DEPDIR)/libcurl_la-mbedtls.Plo + -rm -f vtls/$(DEPDIR)/libcurl_la-mbedtls_threadlock.Plo -rm -f vtls/$(DEPDIR)/libcurl_la-mesalink.Plo -rm -f vtls/$(DEPDIR)/libcurl_la-nss.Plo -rm -f vtls/$(DEPDIR)/libcurl_la-openssl.Plo - -rm -f vtls/$(DEPDIR)/libcurl_la-polarssl.Plo - -rm -f vtls/$(DEPDIR)/libcurl_la-polarssl_threadlock.Plo -rm -f vtls/$(DEPDIR)/libcurl_la-schannel.Plo -rm -f vtls/$(DEPDIR)/libcurl_la-schannel_verify.Plo -rm -f vtls/$(DEPDIR)/libcurl_la-sectransp.Plo @@ -4348,11 +4371,10 @@ maintainer-clean: maintainer-clean-am -rm -f vtls/$(DEPDIR)/libcurlu_la-gskit.Plo -rm -f vtls/$(DEPDIR)/libcurlu_la-gtls.Plo -rm -f vtls/$(DEPDIR)/libcurlu_la-mbedtls.Plo + -rm -f vtls/$(DEPDIR)/libcurlu_la-mbedtls_threadlock.Plo -rm -f vtls/$(DEPDIR)/libcurlu_la-mesalink.Plo -rm -f vtls/$(DEPDIR)/libcurlu_la-nss.Plo -rm -f vtls/$(DEPDIR)/libcurlu_la-openssl.Plo - -rm -f vtls/$(DEPDIR)/libcurlu_la-polarssl.Plo - -rm -f vtls/$(DEPDIR)/libcurlu_la-polarssl_threadlock.Plo -rm -f vtls/$(DEPDIR)/libcurlu_la-schannel.Plo -rm -f vtls/$(DEPDIR)/libcurlu_la-schannel_verify.Plo -rm -f vtls/$(DEPDIR)/libcurlu_la-sectransp.Plo diff --git a/libs/libcurl/src/Makefile.inc b/libs/libcurl/src/Makefile.inc index 6c90c26752..46ded90bb6 100644 --- a/libs/libcurl/src/Makefile.inc +++ b/libs/libcurl/src/Makefile.inc @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. +# Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -28,21 +28,20 @@ LIB_VAUTH_CFILES = vauth/vauth.c vauth/cleartext.c vauth/cram.c \ LIB_VAUTH_HFILES = vauth/vauth.h vauth/digest.h vauth/ntlm.h LIB_VTLS_CFILES = vtls/openssl.c vtls/gtls.c vtls/vtls.c vtls/nss.c \ - vtls/polarssl.c vtls/polarssl_threadlock.c \ - vtls/wolfssl.c vtls/schannel.c vtls/schannel_verify.c \ - vtls/sectransp.c vtls/gskit.c vtls/mbedtls.c vtls/mesalink.c \ - vtls/bearssl.c + vtls/mbedtls_threadlock.c vtls/wolfssl.c vtls/schannel.c \ + vtls/schannel_verify.c vtls/sectransp.c vtls/gskit.c vtls/mbedtls.c \ + vtls/mesalink.c vtls/bearssl.c -LIB_VTLS_HFILES = vtls/openssl.h vtls/vtls.h vtls/gtls.h \ - vtls/nssg.h vtls/polarssl.h vtls/polarssl_threadlock.h \ - vtls/wolfssl.h vtls/schannel.h vtls/sectransp.h vtls/gskit.h \ - vtls/mbedtls.h vtls/mesalink.h vtls/bearssl.h +LIB_VTLS_HFILES = vtls/openssl.h vtls/vtls.h vtls/gtls.h vtls/nssg.h \ + vtls/mbedtls_threadlock.h vtls/wolfssl.h vtls/schannel.h \ + vtls/sectransp.h vtls/gskit.h vtls/mbedtls.h vtls/mesalink.h \ + vtls/bearssl.h LIB_VQUIC_CFILES = vquic/ngtcp2.c vquic/quiche.c LIB_VQUIC_HFILES = vquic/ngtcp2.h vquic/quiche.h -LIB_VSSH_CFILES = vssh/libssh2.c vssh/libssh.c +LIB_VSSH_CFILES = vssh/libssh2.c vssh/libssh.c vssh/wolfssh.c LIB_VSSH_HFILES = vssh/ssh.h @@ -64,7 +63,7 @@ LIB_CFILES = file.c timeval.c base64.c hostip.c progress.c formdata.c \ curl_multibyte.c hostcheck.c conncache.c dotdot.c \ x509asn1.c http2.c smb.c curl_endian.c curl_des.c system_win32.c \ mime.c sha256.c setopt.c curl_path.c curl_ctype.c curl_range.c psl.c \ - doh.c urlapi.c curl_get_line.c altsvc.c socketpair.c + doh.c urlapi.c curl_get_line.c altsvc.c socketpair.c rename.c LIB_HFILES = arpa_telnet.h netrc.h file.h timeval.h hostip.h progress.h \ formdata.h cookie.h http.h sendf.h ftp.h url.h dict.h if2ip.h \ @@ -85,7 +84,7 @@ LIB_HFILES = arpa_telnet.h netrc.h file.h timeval.h hostip.h progress.h \ x509asn1.h http2.h sigpipe.h smb.h curl_endian.h curl_des.h \ curl_printf.h system_win32.h rand.h mime.h curl_sha256.h setopt.h \ curl_path.h curl_ctype.h curl_range.h psl.h doh.h urlapi-int.h \ - curl_get_line.h altsvc.h quic.h socketpair.h + curl_get_line.h altsvc.h quic.h socketpair.h rename.h LIB_RCFILES = libcurl.rc diff --git a/libs/libcurl/src/Makefile.m32 b/libs/libcurl/src/Makefile.m32 index b6ef0a5cbd..ac6b3de631 100644 --- a/libs/libcurl/src/Makefile.m32 +++ b/libs/libcurl/src/Makefile.m32 @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1999 - 2019, Daniel Stenberg, , et al. +# Copyright (C) 1999 - 2020, Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -270,7 +270,7 @@ ifdef SSL OPENSSL_LIBS += -lgdi32 -lcrypt32 endif INCLUDES += -I"$(OPENSSL_INCLUDE)" - CFLAGS += -DUSE_OPENSSL -DHAVE_OPENSSL_ENGINE_H -DHAVE_OPENSSL_PKCS12_H \ + CFLAGS += -DUSE_OPENSSL -DHAVE_OPENSSL_PKCS12_H \ -DOPENSSL_NO_KRB5 DLL_LIBS += -L"$(OPENSSL_LIBPATH)" $(OPENSSL_LIBS) ifdef SRP diff --git a/libs/libcurl/src/Makefile.netware b/libs/libcurl/src/Makefile.netware index a40534684d..752d3d6fba 100644 --- a/libs/libcurl/src/Makefile.netware +++ b/libs/libcurl/src/Makefile.netware @@ -6,7 +6,7 @@ # \___|\___/|_| \_\_____| # # Copyright (C) 2004 - 2015, Guenter Knauf -# Copyright (C) 2001 - 2018, Daniel Stenberg, , et al. +# Copyright (C) 2001 - 2020, Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -639,7 +639,6 @@ ifdef WITH_SSL @echo $(DL)#define HAVE_OPENSSL_PEM_H 1$(DL) >> $@ @echo $(DL)#define HAVE_OPENSSL_ERR_H 1$(DL) >> $@ @echo $(DL)#define HAVE_OPENSSL_CRYPTO_H 1$(DL) >> $@ - @echo $(DL)#define HAVE_OPENSSL_ENGINE_H 1$(DL) >> $@ @echo $(DL)#define OPENSSL_NO_KRB5 1$(DL) >> $@ ifdef WITH_SRP @echo $(DL)#define USE_TLS_SRP 1$(DL) >> $@ diff --git a/libs/libcurl/src/altsvc.c b/libs/libcurl/src/altsvc.c index bf869c37a5..c39d86eaff 100644 --- a/libs/libcurl/src/altsvc.c +++ b/libs/libcurl/src/altsvc.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2019, Daniel Stenberg, , et al. + * Copyright (C) 2019 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -34,6 +34,8 @@ #include "parsedate.h" #include "sendf.h" #include "warnless.h" +#include "rand.h" +#include "rename.h" /* The last 3 #include files should be in this order */ #include "curl_printf.h" @@ -48,19 +50,20 @@ #define MAX_ALTSVC_ALPNLENSTR "10" #define MAX_ALTSVC_ALPNLEN 10 +#if (defined(USE_QUICHE) || defined(USE_NGTCP2)) && !defined(UNITTESTS) +#define H3VERSION "h3-27" +#else +#define H3VERSION "h3" +#endif + static enum alpnid alpn2alpnid(char *name) { if(strcasecompare(name, "h1")) return ALPN_h1; if(strcasecompare(name, "h2")) return ALPN_h2; -#if (defined(USE_QUICHE) || defined(USE_NGTCP2)) && !defined(UNITTESTS) - if(strcasecompare(name, "h3-24")) - return ALPN_h3; -#else - if(strcasecompare(name, "h3")) + if(strcasecompare(name, H3VERSION)) return ALPN_h3; -#endif return ALPN_none; /* unknown, probably rubbish input */ } @@ -73,11 +76,7 @@ const char *Curl_alpnid2str(enum alpnid id) case ALPN_h2: return "h2"; case ALPN_h3: -#if (defined(USE_QUICHE) || defined(USE_NGTCP2)) && !defined(UNITTESTS) - return "h3-24"; -#else - return "h3"; -#endif + return H3VERSION; default: return ""; /* bad */ } @@ -188,7 +187,16 @@ static CURLcode altsvc_load(struct altsvcinfo *asi, const char *file) { CURLcode result = CURLE_OK; char *line = NULL; - FILE *fp = fopen(file, FOPEN_READTEXT); + FILE *fp; + + /* we need a private copy of the file name so that the altsvc cache file + name survives an easy handle reset */ + free(asi->filename); + asi->filename = strdup(file); + if(!asi->filename) + return CURLE_OUT_OF_MEMORY; + + fp = fopen(file, FOPEN_READTEXT); if(fp) { line = malloc(MAX_ALTSVC_LINE); if(!line) @@ -209,6 +217,7 @@ static CURLcode altsvc_load(struct altsvcinfo *asi, const char *file) return result; fail: + Curl_safefree(asi->filename); free(line); fclose(fp); return CURLE_OUT_OF_MEMORY; @@ -302,6 +311,7 @@ void Curl_altsvc_cleanup(struct altsvcinfo *altsvc) n = e->next; altsvc_free(as); } + free(altsvc->filename); free(altsvc); } } @@ -309,34 +319,57 @@ void Curl_altsvc_cleanup(struct altsvcinfo *altsvc) /* * Curl_altsvc_save() writes the altsvc cache to a file. */ -CURLcode Curl_altsvc_save(struct altsvcinfo *altsvc, const char *file) +CURLcode Curl_altsvc_save(struct Curl_easy *data, + struct altsvcinfo *altsvc, const char *file) { struct curl_llist_element *e; struct curl_llist_element *n; CURLcode result = CURLE_OK; FILE *out; + char *tempstore; + unsigned char randsuffix[9]; if(!altsvc) /* no cache activated */ return CURLE_OK; + /* if not new name is given, use the one we stored from the load */ + if(!file && altsvc->filename) + file = altsvc->filename; + if((altsvc->flags & CURLALTSVC_READONLYFILE) || !file || !file[0]) /* marked as read-only, no file or zero length file name */ return CURLE_OK; - out = fopen(file, FOPEN_WRITETEXT); + + if(Curl_rand_hex(data, randsuffix, sizeof(randsuffix))) + return CURLE_FAILED_INIT; + + tempstore = aprintf("%s.%s.tmp", file, randsuffix); + if(!tempstore) + return CURLE_OUT_OF_MEMORY; + + out = fopen(tempstore, FOPEN_WRITETEXT); if(!out) - return CURLE_WRITE_ERROR; - fputs("# Your alt-svc cache. https://curl.haxx.se/docs/alt-svc.html\n" - "# This file was generated by libcurl! Edit at your own risk.\n", - out); - for(e = altsvc->list.head; e; e = n) { - struct altsvc *as = e->ptr; - n = e->next; - result = altsvc_out(as, out); + result = CURLE_WRITE_ERROR; + else { + fputs("# Your alt-svc cache. https://curl.haxx.se/docs/alt-svc.html\n" + "# This file was generated by libcurl! Edit at your own risk.\n", + out); + for(e = altsvc->list.head; e; e = n) { + struct altsvc *as = e->ptr; + n = e->next; + result = altsvc_out(as, out); + if(result) + break; + } + fclose(out); + if(!result && Curl_rename(tempstore, file)) + result = CURLE_WRITE_ERROR; + if(result) - break; + unlink(tempstore); } - fclose(out); + free(tempstore); return result; } @@ -351,12 +384,12 @@ static CURLcode getalnum(const char **ptr, char *alpnbuf, size_t buflen) while(*p && !ISBLANK(*p) && (*p != ';') && (*p != '=')) p++; len = p - protop; + *ptr = p; if(!len || (len >= buflen)) return CURLE_BAD_FUNCTION_ARGUMENT; memcpy(alpnbuf, protop, len); alpnbuf[len] = 0; - *ptr = p; return CURLE_OK; } @@ -402,6 +435,10 @@ static time_t debugtime(void *unused) * * 'value' points to the header *value*. That's contents to the right of the * header name. + * + * Currently this function rejects invalid data without returning an error. + * Invalid host name, port number will result in the specific alternative + * being rejected. Unknown protocols are skipped. */ CURLcode Curl_altsvc_parse(struct Curl_easy *data, struct altsvcinfo *asi, const char *value, @@ -415,12 +452,11 @@ CURLcode Curl_altsvc_parse(struct Curl_easy *data, char alpnbuf[MAX_ALTSVC_ALPNLEN] = ""; struct altsvc *as; unsigned short dstport = srcport; /* the same by default */ - const char *semip; - time_t maxage = 24 * 3600; /* default is 24 hours */ - bool persist = FALSE; CURLcode result = getalnum(&p, alpnbuf, sizeof(alpnbuf)); - if(result) - return result; + if(result) { + infof(data, "Excessive alt-svc header, ignoring...\n"); + return CURLE_OK; + } DEBUGASSERT(asi); @@ -432,57 +468,20 @@ CURLcode Curl_altsvc_parse(struct Curl_easy *data, return CURLE_OK; } - /* The 'ma' and 'persist' flags are annoyingly meant for all alternatives - but are set after the list on the line. Scan for the semicolons and get - those fields first! */ - semip = p; - do { - semip = strchr(semip, ';'); - if(semip) { - char option[32]; - unsigned long num; - char *end_ptr; - bool quoted = FALSE; - semip++; /* pass the semicolon */ - result = getalnum(&semip, option, sizeof(option)); - if(result) - break; - while(*semip && ISBLANK(*semip)) - semip++; - if(*semip != '=') - continue; - semip++; - while(*semip && ISBLANK(*semip)) - semip++; - if(*semip == '\"') { - /* quoted value */ - semip++; - quoted = TRUE; - } - num = strtoul(semip, &end_ptr, 10); - if((end_ptr != semip) && num && (num < ULONG_MAX)) { - if(strcasecompare("ma", option)) - maxage = num; - else if(strcasecompare("persist", option) && (num == 1)) - persist = TRUE; - if(quoted && (*end_ptr == '\"')) - end_ptr++; - } - semip = end_ptr; - } - } while(semip); - do { if(*p == '=') { /* [protocol]="[host][:port]" */ dstalpnid = alpn2alpnid(alpnbuf); - if(!dstalpnid) { - infof(data, "Unknown alt-svc protocol \"%s\", ignoring...\n", alpnbuf); - return CURLE_OK; - } p++; if(*p == '\"') { const char *dsthost; + const char *value_ptr; + char option[32]; + unsigned long num; + char *end_ptr; + bool quoted = FALSE; + time_t maxage = 24 * 3600; /* default is 24 hours */ + bool persist = FALSE; p++; if(*p != ':') { /* host name starts here */ @@ -490,11 +489,15 @@ CURLcode Curl_altsvc_parse(struct Curl_easy *data, while(*p && (ISALNUM(*p) || (*p == '.') || (*p == '-'))) p++; len = p - hostp; - if(!len || (len >= MAX_ALTSVC_HOSTLEN)) - return CURLE_BAD_FUNCTION_ARGUMENT; - memcpy(namebuf, hostp, len); - namebuf[len] = 0; - dsthost = namebuf; + if(!len || (len >= MAX_ALTSVC_HOSTLEN)) { + infof(data, "Excessive alt-svc host name, ignoring...\n"); + dstalpnid = ALPN_none; + } + else { + memcpy(namebuf, hostp, len); + namebuf[len] = 0; + dsthost = namebuf; + } } else { /* no destination name, use source host */ @@ -502,31 +505,86 @@ CURLcode Curl_altsvc_parse(struct Curl_easy *data, } if(*p == ':') { /* a port number */ - char *end_ptr; unsigned long port = strtoul(++p, &end_ptr, 10); if(port > USHRT_MAX || end_ptr == p || *end_ptr != '\"') { infof(data, "Unknown alt-svc port number, ignoring...\n"); - return CURLE_OK; + dstalpnid = ALPN_none; } p = end_ptr; dstport = curlx_ultous(port); } if(*p++ != '\"') - return CURLE_BAD_FUNCTION_ARGUMENT; - as = altsvc_createid(srchost, dsthost, - srcalpnid, dstalpnid, - srcport, dstport); - if(as) { - /* The expires time also needs to take the Age: value (if any) into - account. [See RFC 7838 section 3.1] */ - as->expires = maxage + time(NULL); - as->persist = persist; - Curl_llist_insert_next(&asi->list, asi->list.tail, as, &as->node); - asi->num++; /* one more entry */ - infof(data, "Added alt-svc: %s:%d over %s\n", dsthost, dstport, - Curl_alpnid2str(dstalpnid)); + break; + /* Handle the optional 'ma' and 'persist' flags. Unknown flags + are skipped. */ + for(;;) { + while(*p && ISBLANK(*p) && *p != ';' && *p != ',') + p++; + if(!*p || *p == ',') + break; + p++; /* pass the semicolon */ + if(!*p) + break; + result = getalnum(&p, option, sizeof(option)); + if(result) { + /* skip option if name is too long */ + option[0] = '\0'; + } + while(*p && ISBLANK(*p)) + p++; + if(*p != '=') + return CURLE_OK; + p++; + while(*p && ISBLANK(*p)) + p++; + if(!*p) + return CURLE_OK; + if(*p == '\"') { + /* quoted value */ + p++; + quoted = TRUE; + } + value_ptr = p; + if(quoted) { + while(*p && *p != '\"') + p++; + if(!*p++) + return CURLE_OK; + } + else { + while(*p && !ISBLANK(*p) && *p!= ';' && *p != ',') + p++; + } + num = strtoul(value_ptr, &end_ptr, 10); + if((end_ptr != value_ptr) && (num < ULONG_MAX)) { + if(strcasecompare("ma", option)) + maxage = num; + else if(strcasecompare("persist", option) && (num == 1)) + persist = TRUE; + } + } + if(dstalpnid) { + as = altsvc_createid(srchost, dsthost, + srcalpnid, dstalpnid, + srcport, dstport); + if(as) { + /* The expires time also needs to take the Age: value (if any) into + account. [See RFC 7838 section 3.1] */ + as->expires = maxage + time(NULL); + as->persist = persist; + Curl_llist_insert_next(&asi->list, asi->list.tail, as, &as->node); + asi->num++; /* one more entry */ + infof(data, "Added alt-svc: %s:%d over %s\n", dsthost, dstport, + Curl_alpnid2str(dstalpnid)); + } + } + else { + infof(data, "Unknown alt-svc protocol \"%s\", skipping...\n", + alpnbuf); } } + else + break; /* after the double quote there can be a comma if there's another string or a semicolon if no more */ if(*p == ',') { @@ -534,11 +592,11 @@ CURLcode Curl_altsvc_parse(struct Curl_easy *data, p++; result = getalnum(&p, alpnbuf, sizeof(alpnbuf)); if(result) - /* failed to parse, but since we already did at least one host we - return OK */ - return CURLE_OK; + break; } } + else + break; } while(*p && (*p != ';') && (*p != '\n') && (*p != '\r')); return CURLE_OK; diff --git a/libs/libcurl/src/altsvc.h b/libs/libcurl/src/altsvc.h index 99d0499af7..248e71eef8 100644 --- a/libs/libcurl/src/altsvc.h +++ b/libs/libcurl/src/altsvc.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2019, Daniel Stenberg, , et al. + * Copyright (C) 2019 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -59,7 +59,8 @@ struct altsvcinfo { const char *Curl_alpnid2str(enum alpnid id); struct altsvcinfo *Curl_altsvc_init(void); CURLcode Curl_altsvc_load(struct altsvcinfo *asi, const char *file); -CURLcode Curl_altsvc_save(struct altsvcinfo *asi, const char *file); +CURLcode Curl_altsvc_save(struct Curl_easy *data, + struct altsvcinfo *asi, const char *file); CURLcode Curl_altsvc_ctrl(struct altsvcinfo *asi, const long ctrl); void Curl_altsvc_cleanup(struct altsvcinfo *altsvc); CURLcode Curl_altsvc_parse(struct Curl_easy *data, @@ -70,9 +71,9 @@ bool Curl_altsvc_lookup(struct altsvcinfo *asi, enum alpnid srcalpnid, const char *srchost, int srcport, struct altsvc **dstentry, - int versions); /* one or more CURLALTSVC_H* bits */ + const int versions); /* CURLALTSVC_H* bits */ #else /* disabled */ -#define Curl_altsvc_save(a,b) +#define Curl_altsvc_save(a,b,c) #endif /* CURL_DISABLE_HTTP || USE_ALTSVC */ #endif /* HEADER_CURL_ALTSVC_H */ diff --git a/libs/libcurl/src/asyn-ares.c b/libs/libcurl/src/asyn-ares.c index 835cfa48fa..b76e66548e 100644 --- a/libs/libcurl/src/asyn-ares.c +++ b/libs/libcurl/src/asyn-ares.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -626,26 +626,11 @@ Curl_addrinfo *Curl_resolver_getaddrinfo(struct connectdata *conn, { char *bufp; struct Curl_easy *data = conn->data; - struct in_addr in; int family = PF_INET; -#ifdef ENABLE_IPV6 /* CURLRES_IPV6 */ - struct in6_addr in6; -#endif /* CURLRES_IPV6 */ *waitp = 0; /* default to synchronous response */ - /* First check if this is an IPv4 address string */ - if(Curl_inet_pton(AF_INET, hostname, &in) > 0) { - /* This is a dotted IP address 123.123.123.123-style */ - return Curl_ip2addr(AF_INET, &in, hostname, port); - } - #ifdef ENABLE_IPV6 /* CURLRES_IPV6 */ - /* Otherwise, check if this is an IPv6 address string */ - if(Curl_inet_pton (AF_INET6, hostname, &in6) > 0) - /* This must be an IPv6 address literal. */ - return Curl_ip2addr(AF_INET6, &in6, hostname, port); - switch(conn->ip_version) { default: #if ARES_VERSION >= 0x010601 @@ -684,7 +669,7 @@ Curl_addrinfo *Curl_resolver_getaddrinfo(struct connectdata *conn, res->last_status = ARES_ENOTFOUND; #ifdef ENABLE_IPV6 /* CURLRES_IPV6 */ if(family == PF_UNSPEC) { - if(Curl_ipv6works()) { + if(Curl_ipv6works(conn)) { res->num_pending = 2; /* areschannel is already setup in the Curl_open() function */ diff --git a/libs/libcurl/src/asyn-thread.c b/libs/libcurl/src/asyn-thread.c index b08497aaa0..68dcbb3ecd 100644 --- a/libs/libcurl/src/asyn-thread.c +++ b/libs/libcurl/src/asyn-thread.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -71,7 +71,6 @@ #include "strerror.h" #include "url.h" #include "multiif.h" -#include "inet_pton.h" #include "inet_ntop.h" #include "curl_threads.h" #include "connect.h" @@ -692,26 +691,11 @@ Curl_addrinfo *Curl_resolver_getaddrinfo(struct connectdata *conn, int port, int *waitp) { - struct in_addr in; struct Curl_easy *data = conn->data; struct resdata *reslv = (struct resdata *)data->state.resolver; *waitp = 0; /* default to synchronous response */ -#ifdef ENABLE_IPV6 - { - struct in6_addr in6; - /* check if this is an IPv6 address string */ - if(Curl_inet_pton(AF_INET6, hostname, &in6) > 0) - /* This is an IPv6 address literal */ - return Curl_ip2addr(AF_INET6, &in6, hostname, port); - } -#endif /* ENABLE_IPV6 */ - - if(Curl_inet_pton(AF_INET, hostname, &in) > 0) - /* This is a dotted IP address 123.123.123.123-style */ - return Curl_ip2addr(AF_INET, &in, hostname, port); - reslv->start = Curl_now(); /* fire up a new resolver thread! */ @@ -736,32 +720,12 @@ Curl_addrinfo *Curl_resolver_getaddrinfo(struct connectdata *conn, int *waitp) { struct addrinfo hints; - char sbuf[12]; int pf = PF_INET; struct Curl_easy *data = conn->data; struct resdata *reslv = (struct resdata *)data->state.resolver; *waitp = 0; /* default to synchronous response */ -#ifndef USE_RESOLVE_ON_IPS - { - struct in_addr in; - /* First check if this is an IPv4 address string */ - if(Curl_inet_pton(AF_INET, hostname, &in) > 0) - /* This is a dotted IP address 123.123.123.123-style */ - return Curl_ip2addr(AF_INET, &in, hostname, port); - } -#ifdef ENABLE_IPV6 - { - struct in6_addr in6; - /* check if this is an IPv6 address string */ - if(Curl_inet_pton(AF_INET6, hostname, &in6) > 0) - /* This is an IPv6 address literal */ - return Curl_ip2addr(AF_INET6, &in6, hostname, port); - } -#endif /* ENABLE_IPV6 */ -#endif /* !USE_RESOLVE_ON_IPS */ - #ifdef CURLRES_IPV6 /* * Check if a limited name resolve has been requested. @@ -778,7 +742,7 @@ Curl_addrinfo *Curl_resolver_getaddrinfo(struct connectdata *conn, break; } - if((pf != PF_INET) && !Curl_ipv6works()) + if((pf != PF_INET) && !Curl_ipv6works(conn)) /* The stack seems to be a non-IPv6 one */ pf = PF_INET; #endif /* CURLRES_IPV6 */ @@ -788,8 +752,6 @@ Curl_addrinfo *Curl_resolver_getaddrinfo(struct connectdata *conn, hints.ai_socktype = (conn->transport == TRNSPRT_TCP)? SOCK_STREAM : SOCK_DGRAM; - msnprintf(sbuf, sizeof(sbuf), "%d", port); - reslv->start = Curl_now(); /* fire up a new resolver thread! */ if(init_resolve_thread(conn, hostname, port, &hints)) { diff --git a/libs/libcurl/src/config-dos.h b/libs/libcurl/src/config-dos.h index 25f751eb56..aa83c4be55 100644 --- a/libs/libcurl/src/config-dos.h +++ b/libs/libcurl/src/config-dos.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -138,7 +138,6 @@ /* USE_OPENSSL on cmd-line */ #ifdef USE_OPENSSL #define HAVE_CRYPTO_CLEANUP_ALL_EX_DATA 1 - #define HAVE_OPENSSL_ENGINE_H 1 #define OPENSSL_NO_KRB5 1 #endif diff --git a/libs/libcurl/src/config-plan9.h b/libs/libcurl/src/config-plan9.h index 4063d4bbd6..41440a14ec 100644 --- a/libs/libcurl/src/config-plan9.h +++ b/libs/libcurl/src/config-plan9.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -138,7 +138,6 @@ #define USE_OPENSSL 1 #define HAVE_OPENSSL_CRYPTO_H 1 -#define HAVE_OPENSSL_ENGINE_H 1 #define HAVE_OPENSSL_ERR_H 1 #define HAVE_OPENSSL_PEM_H 1 #define HAVE_OPENSSL_PKCS12_H 1 diff --git a/libs/libcurl/src/config-symbian.h b/libs/libcurl/src/config-symbian.h index c01e1bfab8..82a27bfefa 100644 --- a/libs/libcurl/src/config-symbian.h +++ b/libs/libcurl/src/config-symbian.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -358,9 +358,6 @@ /* Define to 1 if you have the header file. */ /*#define HAVE_OPENSSL_CRYPTO_H 1*/ -/* Define to 1 if you have the header file. */ -/*#define HAVE_OPENSSL_ENGINE_H 1*/ - /* Define to 1 if you have the header file. */ /*#define HAVE_OPENSSL_ERR_H 1*/ diff --git a/libs/libcurl/src/config-tpf.h b/libs/libcurl/src/config-tpf.h index 85b634f9d4..a79afae6d3 100644 --- a/libs/libcurl/src/config-tpf.h +++ b/libs/libcurl/src/config-tpf.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -316,10 +316,6 @@ /* #undef HAVE_OPENSSL_CRYPTO_H */ #define HAVE_OPENSSL_CRYPTO_H 1 -/* Define to 1 if you have the header file. */ -/* #undef HAVE_OPENSSL_ENGINE_H */ -#define HAVE_OPENSSL_ENGINE_H 1 - /* Define to 1 if you have the header file. */ /* #undef HAVE_OPENSSL_ERR_H */ #define HAVE_OPENSSL_ERR_H 1 diff --git a/libs/libcurl/src/config-vxworks.h b/libs/libcurl/src/config-vxworks.h index 004fd4e800..2769cdfd94 100644 --- a/libs/libcurl/src/config-vxworks.h +++ b/libs/libcurl/src/config-vxworks.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -418,9 +418,6 @@ /* Define to 1 if you have the header file. */ #define HAVE_OPENSSL_CRYPTO_H 1 -/* Define to 1 if you have the header file. */ -#define HAVE_OPENSSL_ENGINE_H 1 - /* Define to 1 if you have the header file. */ #define HAVE_OPENSSL_ERR_H 1 diff --git a/libs/libcurl/src/config-win32.h b/libs/libcurl/src/config-win32.h index 9abdb9fe6c..8b488c1c1c 100644 --- a/libs/libcurl/src/config-win32.h +++ b/libs/libcurl/src/config-win32.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -246,10 +246,6 @@ /* Define if you have the socket function. */ #define HAVE_SOCKET 1 -/* Define if libSSH2 is in use */ -#define USE_LIBSSH2 1 -#define HAVE_LIBSSH2_H 1 - /* Define if you have the strcasecmp function. */ /* #define HAVE_STRCASECMP 1 */ @@ -717,11 +713,10 @@ Vista # define CURL_DISABLE_LDAP 1 #endif -/* if SSL is enabled */ -#define USE_OPENSSL 1 - /* Define to use the Windows crypto library. */ +#if !defined(CURL_WINDOWS_APP) #define USE_WIN32_CRYPTO +#endif /* Define to use Unix sockets. */ #if defined(_MSC_VER) && (_MSC_VER >= 1500) diff --git a/libs/libcurl/src/conncache.c b/libs/libcurl/src/conncache.c index 28044644bf..cbd3bb1bb3 100644 --- a/libs/libcurl/src/conncache.c +++ b/libs/libcurl/src/conncache.c @@ -6,7 +6,7 @@ * \___|\___/|_| \_\_____| * * Copyright (C) 2012 - 2016, Linus Nielsen Feltzing, - * Copyright (C) 2012 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 2012 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -179,18 +179,6 @@ size_t Curl_conncache_size(struct Curl_easy *data) return num; } -/* Returns number of connections currently held in the connections's bundle - Locks/unlocks the cache itself! -*/ -size_t Curl_conncache_bundle_size(struct connectdata *conn) -{ - size_t num; - CONN_LOCK(conn->data); - num = conn->bundle->num_connections; - CONN_UNLOCK(conn->data); - return num; -} - /* Look up the bundle with all the connections to the same host this connectdata struct is setup to use. diff --git a/libs/libcurl/src/conncache.h b/libs/libcurl/src/conncache.h index 5fe80b4c8d..e3e4c9c282 100644 --- a/libs/libcurl/src/conncache.h +++ b/libs/libcurl/src/conncache.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2015 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 2015 - 2020, Daniel Stenberg, , et al. * Copyright (C) 2012 - 2014, Linus Nielsen Feltzing, * * This software is licensed as described in the file COPYING, which @@ -80,7 +80,6 @@ struct connectbundle *Curl_conncache_find_bundle(struct connectdata *conn, void Curl_conncache_unlock(struct Curl_easy *data); /* returns number of connections currently held in the connection cache */ size_t Curl_conncache_size(struct Curl_easy *data); -size_t Curl_conncache_bundle_size(struct connectdata *conn); bool Curl_conncache_return_conn(struct Curl_easy *data, struct connectdata *conn); diff --git a/libs/libcurl/src/connect.c b/libs/libcurl/src/connect.c index 611d6d2f02..0a7475cb6a 100644 --- a/libs/libcurl/src/connect.c +++ b/libs/libcurl/src/connect.c @@ -745,13 +745,15 @@ void Curl_updateconninfo(struct connectdata *conn, curl_socket_t sockfd) Curl_persistconninfo(conn); } -/* after a TCP connection to the proxy has been verified, this function does - the next magic step. +/* After a TCP connection to the proxy has been verified, this function does + the next magic steps. If 'done' isn't set TRUE, it is not done yet and + must be called again. Note: this function's sub-functions call failf() */ -static CURLcode connected_proxy(struct connectdata *conn, int sockindex) +static CURLcode connect_SOCKS(struct connectdata *conn, int sockindex, + bool *done) { CURLcode result = CURLE_OK; @@ -760,43 +762,62 @@ static CURLcode connected_proxy(struct connectdata *conn, int sockindex) /* for the secondary socket (FTP), use the "connect to host" * but ignore the "connect to port" (use the secondary port) */ - const char * const host = conn->bits.httpproxy ? - conn->http_proxy.host.name : - conn->bits.conn_to_host ? - conn->conn_to_host.name : - sockindex == SECONDARYSOCKET ? - conn->secondaryhostname : conn->host.name; - const int port = conn->bits.httpproxy ? (int)conn->http_proxy.port : - sockindex == SECONDARYSOCKET ? conn->secondary_port : - conn->bits.conn_to_port ? conn->conn_to_port : - conn->remote_port; - conn->bits.socksproxy_connecting = TRUE; + const char * const host = + conn->bits.httpproxy ? + conn->http_proxy.host.name : + conn->bits.conn_to_host ? + conn->conn_to_host.name : + sockindex == SECONDARYSOCKET ? + conn->secondaryhostname : conn->host.name; + const int port = + conn->bits.httpproxy ? (int)conn->http_proxy.port : + sockindex == SECONDARYSOCKET ? conn->secondary_port : + conn->bits.conn_to_port ? conn->conn_to_port : + conn->remote_port; switch(conn->socks_proxy.proxytype) { case CURLPROXY_SOCKS5: case CURLPROXY_SOCKS5_HOSTNAME: result = Curl_SOCKS5(conn->socks_proxy.user, conn->socks_proxy.passwd, - host, port, sockindex, conn); + host, port, sockindex, conn, done); break; case CURLPROXY_SOCKS4: case CURLPROXY_SOCKS4A: result = Curl_SOCKS4(conn->socks_proxy.user, host, port, sockindex, - conn); + conn, done); break; default: failf(conn->data, "unknown proxytype option given"); result = CURLE_COULDNT_CONNECT; } /* switch proxytype */ - conn->bits.socksproxy_connecting = FALSE; #else (void)sockindex; #endif /* CURL_DISABLE_PROXY */ } + else + *done = TRUE; /* no SOCKS proxy, so consider us connected */ return result; } +/* + * post_SOCKS() is called after a successful connect to the peer, which + * *could* be a SOCKS proxy + */ +static void post_SOCKS(struct connectdata *conn, + int sockindex, + bool *connected) +{ + conn->bits.tcpconnect[sockindex] = TRUE; + + *connected = TRUE; + if(sockindex == FIRSTSOCKET) + Curl_pgrsTime(conn->data, TIMER_CONNECT); /* connect done */ + Curl_updateconninfo(conn, conn->sock[sockindex]); + Curl_verboseconnect(conn); +} + /* * Curl_is_connected() checks if the socket has connected. */ @@ -834,6 +855,14 @@ CURLcode Curl_is_connected(struct connectdata *conn, return CURLE_OPERATION_TIMEDOUT; } + if(SOCKS_STATE(conn->cnnct.state)) { + /* still doing SOCKS */ + result = connect_SOCKS(conn, sockindex, connected); + if(!result && *connected) + post_SOCKS(conn, sockindex, connected); + return result; + } + for(i = 0; i<2; i++) { const int other = i ^ 1; if(conn->tempsock[i] == CURL_SOCKET_BAD) @@ -900,18 +929,13 @@ CURLcode Curl_is_connected(struct connectdata *conn, conn->tempsock[other] = CURL_SOCKET_BAD; } - /* see if we need to do any proxy magic first once we connected */ - result = connected_proxy(conn, sockindex); - if(result) + /* see if we need to kick off any SOCKS proxy magic once we + connected */ + result = connect_SOCKS(conn, sockindex, connected); + if(result || !*connected) return result; - conn->bits.tcpconnect[sockindex] = TRUE; - - *connected = TRUE; - if(sockindex == FIRSTSOCKET) - Curl_pgrsTime(data, TIMER_CONNECT); /* connect done */ - Curl_updateconninfo(conn, conn->sock[sockindex]); - Curl_verboseconnect(conn); + post_SOCKS(conn, sockindex, connected); return CURLE_OK; } @@ -1007,8 +1031,6 @@ static void tcpnodelay(struct connectdata *conn, curl_socket_t sockfd) sizeof(onoff)) < 0) infof(data, "Could not set TCP_NODELAY: %s\n", Curl_strerror(SOCKERRNO, buffer, sizeof(buffer))); - else - infof(data, "TCP_NODELAY set\n"); #else (void)conn; (void)sockfd; @@ -1216,8 +1238,6 @@ static CURLcode singleipconnect(struct connectdata *conn, if(setsockopt(sockfd, IPPROTO_TCP, TCP_FASTOPEN_CONNECT, (void *)&optval, sizeof(optval)) < 0) infof(data, "Failed to enable TCP Fast Open on fd %d\n", sockfd); - else - infof(data, "TCP_FASTOPEN_CONNECT set\n"); rc = connect(sockfd, &addr.sa_addr, addr.addrlen); #elif defined(MSG_FASTOPEN) /* old Linux */ @@ -1428,12 +1448,11 @@ int Curl_closesocket(struct connectdata *conn, curl_socket_t sock) { if(conn && conn->fclosesocket) { - if((sock == conn->sock[SECONDARYSOCKET]) && - conn->sock_accepted[SECONDARYSOCKET]) + if((sock == conn->sock[SECONDARYSOCKET]) && conn->sock_accepted) /* if this socket matches the second socket, and that was created with accept, then we MUST NOT call the callback but clear the accepted status */ - conn->sock_accepted[SECONDARYSOCKET] = FALSE; + conn->sock_accepted = FALSE; else { int rc; Curl_multi_closed(conn->data, sock); diff --git a/libs/libcurl/src/cookie.c b/libs/libcurl/src/cookie.c index 0091132aa3..69bc04260a 100644 --- a/libs/libcurl/src/cookie.c +++ b/libs/libcurl/src/cookie.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -97,6 +97,8 @@ Example set of cookies: #include "curl_memrchr.h" #include "inet_pton.h" #include "parsedate.h" +#include "rand.h" +#include "rename.h" /* The last 3 #include files should be in this order */ #include "curl_printf.h" @@ -537,9 +539,9 @@ Curl_cookie_add(struct Curl_easy *data, * only test for names where that can possibly be true. */ if(nlen > 3 && name[0] == '_' && name[1] == '_') { - if(strncasecompare("__Secure-", name, 9)) + if(!strncmp("__Secure-", name, 9)) co->prefix |= COOKIE_PREFIX__SECURE; - else if(strncasecompare("__Host-", name, 7)) + else if(!strncmp("__Host-", name, 7)) co->prefix |= COOKIE_PREFIX__HOST; } @@ -1046,7 +1048,7 @@ Curl_cookie_add(struct Curl_easy *data, *clist = *co; /* then store all the new data */ - free(co); /* free the newly alloced memory */ + free(co); /* free the newly allocated memory */ co = clist; /* point to the previous struct instead */ /* We have replaced a cookie, now skip the rest of the list but @@ -1501,11 +1503,14 @@ static char *get_netscape_format(const struct Cookie *co) * * The function returns non-zero on write failure. */ -static int cookie_output(struct CookieInfo *c, const char *dumphere) +static int cookie_output(struct Curl_easy *data, + struct CookieInfo *c, const char *filename) { struct Cookie *co; - FILE *out; + FILE *out = NULL; bool use_stdout = FALSE; + char *tempstore = NULL; + bool error = false; if(!c) /* no cookie engine alive */ @@ -1514,16 +1519,24 @@ static int cookie_output(struct CookieInfo *c, const char *dumphere) /* at first, remove expired cookies */ remove_expired(c); - if(!strcmp("-", dumphere)) { + if(!strcmp("-", filename)) { /* use stdout */ out = stdout; use_stdout = TRUE; } else { - out = fopen(dumphere, FOPEN_WRITETEXT); - if(!out) { - return 1; /* failure */ - } + unsigned char randsuffix[9]; + + if(Curl_rand_hex(data, randsuffix, sizeof(randsuffix))) + return 2; + + tempstore = aprintf("%s.%s.tmp", filename, randsuffix); + if(!tempstore) + return 1; + + out = fopen(tempstore, FOPEN_WRITETEXT); + if(!out) + goto error; } fputs("# Netscape HTTP Cookie File\n" @@ -1538,9 +1551,7 @@ static int cookie_output(struct CookieInfo *c, const char *dumphere) array = calloc(1, sizeof(struct Cookie *) * c->numcookies); if(!array) { - if(!use_stdout) - fclose(out); - return 1; + goto error; } /* only sort the cookies with a domain property */ @@ -1559,9 +1570,7 @@ static int cookie_output(struct CookieInfo *c, const char *dumphere) if(format_ptr == NULL) { fprintf(out, "#\n# Fatal libcurl error\n"); free(array); - if(!use_stdout) - fclose(out); - return 1; + goto error; } fprintf(out, "%s\n", format_ptr); free(format_ptr); @@ -1569,10 +1578,24 @@ static int cookie_output(struct CookieInfo *c, const char *dumphere) free(array); } - if(!use_stdout) + + if(!use_stdout) { fclose(out); + out = NULL; + if(Curl_rename(tempstore, filename)) { + unlink(tempstore); + goto error; + } + } - return 0; + goto cleanup; +error: + error = true; +cleanup: + if(out && !use_stdout) + fclose(out); + free(tempstore); + return error ? 1 : 0; } static struct curl_slist *cookie_list(struct Curl_easy *data) @@ -1631,7 +1654,7 @@ void Curl_flush_cookies(struct Curl_easy *data, bool cleanup) Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE); /* if we have a destination file for all the cookies to get dumped to */ - if(cookie_output(data->cookies, data->set.str[STRING_COOKIEJAR])) + if(cookie_output(data, data->cookies, data->set.str[STRING_COOKIEJAR])) infof(data, "WARNING: failed to save cookies in %s\n", data->set.str[STRING_COOKIEJAR]); } diff --git a/libs/libcurl/src/curl_config.h.cmake b/libs/libcurl/src/curl_config.h.cmake index 2c3b6562d4..98cdf51454 100644 --- a/libs/libcurl/src/curl_config.h.cmake +++ b/libs/libcurl/src/curl_config.h.cmake @@ -73,6 +73,9 @@ #define CURL_EXTERN_SYMBOL #endif +/* Allow SMB to work on Windows */ +#cmakedefine USE_WIN32_CRYPTO + /* Use Windows LDAP implementation */ #cmakedefine USE_WIN32_LDAP 1 @@ -452,9 +455,6 @@ /* Define to 1 if you have the header file. */ #cmakedefine HAVE_OPENSSL_CRYPTO_H 1 -/* Define to 1 if you have the header file. */ -#cmakedefine HAVE_OPENSSL_ENGINE_H 1 - /* Define to 1 if you have the header file. */ #cmakedefine HAVE_OPENSSL_ERR_H 1 @@ -936,9 +936,6 @@ ${SIZEOF_TIME_T_CODE} /* if GnuTLS is enabled */ #cmakedefine USE_GNUTLS 1 -/* if PolarSSL is enabled */ -#cmakedefine USE_POLARSSL 1 - /* if Secure Transport is enabled */ #cmakedefine USE_SECTRANSP 1 diff --git a/libs/libcurl/src/curl_config.h.in b/libs/libcurl/src/curl_config.h.in index bb7f4e3402..8f29f51c11 100644 --- a/libs/libcurl/src/curl_config.h.in +++ b/libs/libcurl/src/curl_config.h.in @@ -435,6 +435,9 @@ /* Define to 1 if you have the `ssl' library (-lssl). */ #undef HAVE_LIBSSL +/* Define to 1 if you have the `wolfssh' library (-lwolfssh). */ +#undef HAVE_LIBWOLFSSH + /* if zlib is available */ #undef HAVE_LIBZ @@ -787,6 +790,9 @@ /* Define to 1 if you have the winsock.h header file. */ #undef HAVE_WINSOCK_H +/* Define to 1 if you have the header file. */ +#undef HAVE_WOLFSSH_SSH_H + /* Define to 1 if you have the `wolfSSLv3_client_method' function. */ #undef HAVE_WOLFSSLV3_CLIENT_METHOD @@ -1050,6 +1056,9 @@ /* to enable SSPI support */ #undef USE_WINDOWS_SSPI +/* if wolfSSH is in use */ +#undef USE_WOLFSSH + /* if wolfSSL is enabled */ #undef USE_WOLFSSL diff --git a/libs/libcurl/src/curl_hmac.h b/libs/libcurl/src/curl_hmac.h index 756dc9e4cd..3ff799bbda 100644 --- a/libs/libcurl/src/curl_hmac.h +++ b/libs/libcurl/src/curl_hmac.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -24,6 +24,8 @@ #ifndef CURL_DISABLE_CRYPTO_AUTH +#define HMAC_MD5_LENGTH 16 + typedef void (* HMAC_hinit_func)(void *context); typedef void (* HMAC_hupdate_func)(void *context, const unsigned char *data, @@ -62,6 +64,11 @@ int Curl_HMAC_update(HMAC_context *context, unsigned int len); int Curl_HMAC_final(HMAC_context *context, unsigned char *result); +CURLcode Curl_hmacit(const HMAC_params *hashparams, + const unsigned char *key, const size_t keylen, + const unsigned char *data, const size_t datalen, + unsigned char *output); + #endif #endif /* HEADER_CURL_HMAC_H */ diff --git a/libs/libcurl/src/curl_md4.h b/libs/libcurl/src/curl_md4.h index 82df708cee..c7bb209815 100644 --- a/libs/libcurl/src/curl_md4.h +++ b/libs/libcurl/src/curl_md4.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -28,7 +28,8 @@ #define MD4_DIGEST_LENGTH 16 -void Curl_md4it(unsigned char *output, const unsigned char *input, size_t len); +void Curl_md4it(unsigned char *output, const unsigned char *input, + const size_t len); #endif /* !defined(CURL_DISABLE_CRYPTO_AUTH) */ diff --git a/libs/libcurl/src/curl_md5.h b/libs/libcurl/src/curl_md5.h index aaf25f61bb..dd464416a2 100644 --- a/libs/libcurl/src/curl_md5.h +++ b/libs/libcurl/src/curl_md5.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -49,8 +49,8 @@ typedef struct { extern const MD5_params Curl_DIGEST_MD5[1]; extern const HMAC_params Curl_HMAC_MD5[1]; -void Curl_md5it(unsigned char *output, - const unsigned char *input); +void Curl_md5it(unsigned char *output, const unsigned char *input, + const size_t len); MD5_context * Curl_MD5_init(const MD5_params *md5params); CURLcode Curl_MD5_update(MD5_context *context, diff --git a/libs/libcurl/src/curl_ntlm_core.c b/libs/libcurl/src/curl_ntlm_core.c index 19f9b61d87..f9b823b4f6 100644 --- a/libs/libcurl/src/curl_ntlm_core.c +++ b/libs/libcurl/src/curl_ntlm_core.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -120,7 +120,6 @@ #include "curl_memory.h" #include "memdebug.h" -#define NTLM_HMAC_MD5_LEN (16) #define NTLMv2_BLOB_SIGNATURE "\x01\x01\x00\x00" #define NTLMv2_BLOB_LEN (44 -16 + ntlm->target_info_len + 4) @@ -567,25 +566,6 @@ CURLcode Curl_ntlm_core_mk_nt_hash(struct Curl_easy *data, #if defined(USE_NTLM_V2) && !defined(USE_WINDOWS_SSPI) -/* This returns the HMAC MD5 digest */ -static CURLcode hmac_md5(const unsigned char *key, unsigned int keylen, - const unsigned char *data, unsigned int datalen, - unsigned char *output) -{ - HMAC_context *ctxt = Curl_HMAC_init(Curl_HMAC_MD5, key, keylen); - - if(!ctxt) - return CURLE_OUT_OF_MEMORY; - - /* Update the digest with the given challenge */ - Curl_HMAC_update(ctxt, data, datalen); - - /* Finalise the digest */ - Curl_HMAC_final(ctxt, output); - - return CURLE_OK; -} - /* This creates the NTLMv2 hash by using NTLM hash as the key and Unicode * (uppercase UserName + Domain) as the data */ @@ -615,8 +595,8 @@ CURLcode Curl_ntlm_core_mk_ntlmv2_hash(const char *user, size_t userlen, ascii_uppercase_to_unicode_le(identity, user, userlen); ascii_to_unicode_le(identity + (userlen << 1), domain, domlen); - result = hmac_md5(ntlmhash, 16, identity, curlx_uztoui(identity_len), - ntlmv2hash); + result = Curl_hmacit(Curl_HMAC_MD5, ntlmhash, 16, identity, identity_len, + ntlmv2hash); free(identity); return result; @@ -662,7 +642,7 @@ CURLcode Curl_ntlm_core_mk_ntlmv2_resp(unsigned char *ntlmv2hash, unsigned int len = 0; unsigned char *ptr = NULL; - unsigned char hmac_output[NTLM_HMAC_MD5_LEN]; + unsigned char hmac_output[HMAC_MD5_LENGTH]; curl_off_t tw; CURLcode result = CURLE_OK; @@ -681,7 +661,7 @@ CURLcode Curl_ntlm_core_mk_ntlmv2_resp(unsigned char *ntlmv2hash, tw = ((curl_off_t)time(NULL) + CURL_OFF_T_C(11644473600)) * 10000000; /* Calculate the response len */ - len = NTLM_HMAC_MD5_LEN + NTLMv2_BLOB_LEN; + len = HMAC_MD5_LENGTH + NTLMv2_BLOB_LEN; /* Allocate the response */ ptr = calloc(1, len); @@ -689,7 +669,7 @@ CURLcode Curl_ntlm_core_mk_ntlmv2_resp(unsigned char *ntlmv2hash, return CURLE_OUT_OF_MEMORY; /* Create the BLOB structure */ - msnprintf((char *)ptr + NTLM_HMAC_MD5_LEN, NTLMv2_BLOB_LEN, + msnprintf((char *)ptr + HMAC_MD5_LENGTH, NTLMv2_BLOB_LEN, "%c%c%c%c" /* NTLMv2_BLOB_SIGNATURE */ "%c%c%c%c", /* Reserved = 0 */ NTLMv2_BLOB_SIGNATURE[0], NTLMv2_BLOB_SIGNATURE[1], @@ -702,7 +682,7 @@ CURLcode Curl_ntlm_core_mk_ntlmv2_resp(unsigned char *ntlmv2hash, /* Concatenate the Type 2 challenge with the BLOB and do HMAC MD5 */ memcpy(ptr + 8, &ntlm->nonce[0], 8); - result = hmac_md5(ntlmv2hash, NTLM_HMAC_MD5_LEN, ptr + 8, + result = Curl_hmacit(Curl_HMAC_MD5, ntlmv2hash, HMAC_MD5_LENGTH, ptr + 8, NTLMv2_BLOB_LEN + 8, hmac_output); if(result) { free(ptr); @@ -710,7 +690,7 @@ CURLcode Curl_ntlm_core_mk_ntlmv2_resp(unsigned char *ntlmv2hash, } /* Concatenate the HMAC MD5 output with the BLOB */ - memcpy(ptr, hmac_output, NTLM_HMAC_MD5_LEN); + memcpy(ptr, hmac_output, HMAC_MD5_LENGTH); /* Return the response */ *ntresp = ptr; @@ -745,7 +725,8 @@ CURLcode Curl_ntlm_core_mk_lmv2_resp(unsigned char *ntlmv2hash, memcpy(&data[0], challenge_server, 8); memcpy(&data[8], challenge_client, 8); - result = hmac_md5(ntlmv2hash, 16, &data[0], 16, hmac_output); + result = Curl_hmacit(Curl_HMAC_MD5, ntlmv2hash, 16, &data[0], 16, + hmac_output); if(result) return result; diff --git a/libs/libcurl/src/curl_ntlm_core.h b/libs/libcurl/src/curl_ntlm_core.h index 392a1b81de..e1643d6277 100644 --- a/libs/libcurl/src/curl_ntlm_core.h +++ b/libs/libcurl/src/curl_ntlm_core.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -46,11 +46,9 @@ #define USE_NTRESPONSES /* Define USE_NTLM2SESSION in order to make the type-3 message include the - NTLM2Session response message, requires USE_NTRESPONSES defined to 1 and a - Crypto engine that we have curl_ssl_md5sum() for. */ -#if defined(USE_NTRESPONSES) && \ - (!defined(USE_WIN32_CRYPTO) || \ - (defined(USE_SSL) && !defined(CURL_DISABLE_CRYPTO_AUTH))) + NTLM2Session response message, requires USE_NTRESPONSES defined to 1 and + MD5 support */ +#if defined(USE_NTRESPONSES) && !defined(CURL_DISABLE_CRYPTO_AUTH) #define USE_NTLM2SESSION #endif diff --git a/libs/libcurl/src/curl_ntlm_wb.c b/libs/libcurl/src/curl_ntlm_wb.c index 30b54de444..f820b842e8 100644 --- a/libs/libcurl/src/curl_ntlm_wb.c +++ b/libs/libcurl/src/curl_ntlm_wb.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -76,22 +76,22 @@ # define sclose_nolog(x) close((x)) #endif -void Curl_http_auth_cleanup_ntlm_wb(struct connectdata *conn) +static void ntlm_wb_cleanup(struct ntlmdata *ntlm) { - if(conn->ntlm_auth_hlpr_socket != CURL_SOCKET_BAD) { - sclose(conn->ntlm_auth_hlpr_socket); - conn->ntlm_auth_hlpr_socket = CURL_SOCKET_BAD; + if(ntlm->ntlm_auth_hlpr_socket != CURL_SOCKET_BAD) { + sclose(ntlm->ntlm_auth_hlpr_socket); + ntlm->ntlm_auth_hlpr_socket = CURL_SOCKET_BAD; } - if(conn->ntlm_auth_hlpr_pid) { + if(ntlm->ntlm_auth_hlpr_pid) { int i; for(i = 0; i < 4; i++) { - pid_t ret = waitpid(conn->ntlm_auth_hlpr_pid, NULL, WNOHANG); - if(ret == conn->ntlm_auth_hlpr_pid || errno == ECHILD) + pid_t ret = waitpid(ntlm->ntlm_auth_hlpr_pid, NULL, WNOHANG); + if(ret == ntlm->ntlm_auth_hlpr_pid || errno == ECHILD) break; switch(i) { case 0: - kill(conn->ntlm_auth_hlpr_pid, SIGTERM); + kill(ntlm->ntlm_auth_hlpr_pid, SIGTERM); break; case 1: /* Give the process another moment to shut down cleanly before @@ -99,20 +99,21 @@ void Curl_http_auth_cleanup_ntlm_wb(struct connectdata *conn) Curl_wait_ms(1); break; case 2: - kill(conn->ntlm_auth_hlpr_pid, SIGKILL); + kill(ntlm->ntlm_auth_hlpr_pid, SIGKILL); break; case 3: break; } } - conn->ntlm_auth_hlpr_pid = 0; + ntlm->ntlm_auth_hlpr_pid = 0; } - Curl_safefree(conn->challenge_header); - Curl_safefree(conn->response_header); + Curl_safefree(ntlm->challenge); + Curl_safefree(ntlm->response); } -static CURLcode ntlm_wb_init(struct connectdata *conn, const char *userp) +static CURLcode ntlm_wb_init(struct Curl_easy *data, struct ntlmdata *ntlm, + const char *userp) { curl_socket_t sockfds[2]; pid_t child_pid; @@ -126,9 +127,13 @@ static CURLcode ntlm_wb_init(struct connectdata *conn, const char *userp) #endif char buffer[STRERROR_LEN]; +#if defined(CURL_DISABLE_VERBOSE_STRINGS) + (void) data; +#endif + /* Return if communication with ntlm_auth already set up */ - if(conn->ntlm_auth_hlpr_socket != CURL_SOCKET_BAD || - conn->ntlm_auth_hlpr_pid) + if(ntlm->ntlm_auth_hlpr_socket != CURL_SOCKET_BAD || + ntlm->ntlm_auth_hlpr_pid) return CURLE_OK; username = userp; @@ -179,13 +184,13 @@ static CURLcode ntlm_wb_init(struct connectdata *conn, const char *userp) ntlm_auth = NTLM_WB_FILE; if(access(ntlm_auth, X_OK) != 0) { - failf(conn->data, "Could not access ntlm_auth: %s errno %d: %s", + failf(data, "Could not access ntlm_auth: %s errno %d: %s", ntlm_auth, errno, Curl_strerror(errno, buffer, sizeof(buffer))); goto done; } - if(socketpair(AF_UNIX, SOCK_STREAM, 0, sockfds)) { - failf(conn->data, "Could not open socket pair. errno %d: %s", + if(Curl_socketpair(AF_UNIX, SOCK_STREAM, 0, sockfds)) { + failf(data, "Could not open socket pair. errno %d: %s", errno, Curl_strerror(errno, buffer, sizeof(buffer))); goto done; } @@ -194,7 +199,7 @@ static CURLcode ntlm_wb_init(struct connectdata *conn, const char *userp) if(child_pid == -1) { sclose(sockfds[0]); sclose(sockfds[1]); - failf(conn->data, "Could not fork. errno %d: %s", + failf(data, "Could not fork. errno %d: %s", errno, Curl_strerror(errno, buffer, sizeof(buffer))); goto done; } @@ -206,13 +211,13 @@ static CURLcode ntlm_wb_init(struct connectdata *conn, const char *userp) /* Don't use sclose in the child since it fools the socket leak detector */ sclose_nolog(sockfds[0]); if(dup2(sockfds[1], STDIN_FILENO) == -1) { - failf(conn->data, "Could not redirect child stdin. errno %d: %s", + failf(data, "Could not redirect child stdin. errno %d: %s", errno, Curl_strerror(errno, buffer, sizeof(buffer))); exit(1); } if(dup2(sockfds[1], STDOUT_FILENO) == -1) { - failf(conn->data, "Could not redirect child stdout. errno %d: %s", + failf(data, "Could not redirect child stdout. errno %d: %s", errno, Curl_strerror(errno, buffer, sizeof(buffer))); exit(1); } @@ -232,14 +237,14 @@ static CURLcode ntlm_wb_init(struct connectdata *conn, const char *userp) NULL); sclose_nolog(sockfds[1]); - failf(conn->data, "Could not execl(). errno %d: %s", + failf(data, "Could not execl(). errno %d: %s", errno, Curl_strerror(errno, buffer, sizeof(buffer))); exit(1); } sclose(sockfds[1]); - conn->ntlm_auth_hlpr_socket = sockfds[0]; - conn->ntlm_auth_hlpr_pid = child_pid; + ntlm->ntlm_auth_hlpr_socket = sockfds[0]; + ntlm->ntlm_auth_hlpr_pid = child_pid; free(domain); free(ntlm_auth_alloc); return CURLE_OK; @@ -253,17 +258,21 @@ done: /* if larger than this, something is seriously wrong */ #define MAX_NTLM_WB_RESPONSE 100000 -static CURLcode ntlm_wb_response(struct connectdata *conn, +static CURLcode ntlm_wb_response(struct Curl_easy *data, struct ntlmdata *ntlm, const char *input, curlntlm state) { char *buf = malloc(NTLM_BUFSIZE); size_t len_in = strlen(input), len_out = 0; +#if defined(CURL_DISABLE_VERBOSE_STRINGS) + (void) data; +#endif + if(!buf) return CURLE_OUT_OF_MEMORY; while(len_in > 0) { - ssize_t written = swrite(conn->ntlm_auth_hlpr_socket, input, len_in); + ssize_t written = swrite(ntlm->ntlm_auth_hlpr_socket, input, len_in); if(written == -1) { /* Interrupted by a signal, retry it */ if(errno == EINTR) @@ -279,7 +288,7 @@ static CURLcode ntlm_wb_response(struct connectdata *conn, ssize_t size; char *newbuf; - size = sread(conn->ntlm_auth_hlpr_socket, buf + len_out, NTLM_BUFSIZE); + size = sread(ntlm->ntlm_auth_hlpr_socket, buf + len_out, NTLM_BUFSIZE); if(size == -1) { if(errno == EINTR) continue; @@ -295,7 +304,7 @@ static CURLcode ntlm_wb_response(struct connectdata *conn, } if(len_out > MAX_NTLM_WB_RESPONSE) { - failf(conn->data, "too large ntlm_wb response!"); + failf(data, "too large ntlm_wb response!"); free(buf); return CURLE_OUT_OF_MEMORY; } @@ -323,9 +332,9 @@ static CURLcode ntlm_wb_response(struct connectdata *conn, (buf[0]!='A' || buf[1]!='F' || buf[2]!=' ')) goto done; - conn->response_header = aprintf("NTLM %.*s", len_out - 4, buf + 3); + ntlm->response = aprintf("%.*s", len_out - 4, buf + 3); free(buf); - if(!conn->response_header) + if(!ntlm->response) return CURLE_OUT_OF_MEMORY; return CURLE_OK; done: @@ -337,6 +346,7 @@ CURLcode Curl_input_ntlm_wb(struct connectdata *conn, bool proxy, const char *header) { + struct ntlmdata *ntlm = proxy ? &conn->proxyntlm : &conn->ntlm; curlntlm *state = proxy ? &conn->proxy_ntlm_state : &conn->http_ntlm_state; if(!checkprefix("NTLM", header)) @@ -347,8 +357,8 @@ CURLcode Curl_input_ntlm_wb(struct connectdata *conn, header++; if(*header) { - conn->challenge_header = strdup(header); - if(!conn->challenge_header) + ntlm->challenge = strdup(header); + if(!ntlm->challenge) return CURLE_OUT_OF_MEMORY; *state = NTLMSTATE_TYPE2; /* We got a type-2 message */ @@ -387,6 +397,7 @@ CURLcode Curl_output_ntlm_wb(struct connectdata *conn, char **allocuserpwd; /* point to the name and password for this */ const char *userp; + struct ntlmdata *ntlm; curlntlm *state; struct auth *authp; @@ -398,12 +409,14 @@ CURLcode Curl_output_ntlm_wb(struct connectdata *conn, if(proxy) { allocuserpwd = &conn->allocptr.proxyuserpwd; userp = conn->http_proxy.user; + ntlm = &conn->proxyntlm; state = &conn->proxy_ntlm_state; authp = &conn->data->state.authproxy; } else { allocuserpwd = &conn->allocptr.userpwd; userp = conn->user; + ntlm = &conn->ntlm; state = &conn->http_ntlm_state; authp = &conn->data->state.authhost; } @@ -429,36 +442,36 @@ CURLcode Curl_output_ntlm_wb(struct connectdata *conn, * request handling process. */ /* Create communication with ntlm_auth */ - res = ntlm_wb_init(conn, userp); + res = ntlm_wb_init(conn->data, ntlm, userp); if(res) return res; - res = ntlm_wb_response(conn, "YR\n", *state); + res = ntlm_wb_response(conn->data, ntlm, "YR\n", *state); if(res) return res; free(*allocuserpwd); - *allocuserpwd = aprintf("%sAuthorization: %s\r\n", + *allocuserpwd = aprintf("%sAuthorization: NTLM %s\r\n", proxy ? "Proxy-" : "", - conn->response_header); + ntlm->response); DEBUG_OUT(fprintf(stderr, "**** Header %s\n ", *allocuserpwd)); - Curl_safefree(conn->response_header); + Curl_safefree(ntlm->response); if(!*allocuserpwd) return CURLE_OUT_OF_MEMORY; break; case NTLMSTATE_TYPE2: { - char *input = aprintf("TT %s\n", conn->challenge_header); + char *input = aprintf("TT %s\n", ntlm->challenge); if(!input) return CURLE_OUT_OF_MEMORY; - res = ntlm_wb_response(conn, input, *state); + res = ntlm_wb_response(conn->data, ntlm, input, *state); free(input); if(res) return res; free(*allocuserpwd); - *allocuserpwd = aprintf("%sAuthorization: %s\r\n", + *allocuserpwd = aprintf("%sAuthorization: NTLM %s\r\n", proxy ? "Proxy-" : "", - conn->response_header); + ntlm->response); DEBUG_OUT(fprintf(stderr, "**** %s\n ", *allocuserpwd)); *state = NTLMSTATE_TYPE3; /* we sent a type-3 */ authp->done = TRUE; @@ -481,4 +494,10 @@ CURLcode Curl_output_ntlm_wb(struct connectdata *conn, return CURLE_OK; } +void Curl_http_auth_cleanup_ntlm_wb(struct connectdata *conn) +{ + ntlm_wb_cleanup(&conn->ntlm); + ntlm_wb_cleanup(&conn->proxyntlm); +} + #endif /* !CURL_DISABLE_HTTP && USE_NTLM && NTLM_WB_ENABLED */ diff --git a/libs/libcurl/src/curl_sasl.c b/libs/libcurl/src/curl_sasl.c index 0aa1f5bb7a..8c1c86623d 100644 --- a/libs/libcurl/src/curl_sasl.c +++ b/libs/libcurl/src/curl_sasl.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2012 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 2012 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -272,6 +272,7 @@ CURLcode Curl_sasl_start(struct SASL *sasl, struct connectdata *conn, data->set.str[STRING_SERVICE_NAME] : sasl->params->service; #endif + const char *oauth_bearer = data->set.str[STRING_BEARER]; sasl->force_ir = force_ir; /* Latch for future use */ sasl->authused = 0; /* No mechanism used yet */ @@ -341,7 +342,7 @@ CURLcode Curl_sasl_start(struct SASL *sasl, struct connectdata *conn, } else #endif - if((enabledmechs & SASL_MECH_OAUTHBEARER) && conn->oauth_bearer) { + if((enabledmechs & SASL_MECH_OAUTHBEARER) && oauth_bearer) { mech = SASL_MECH_STRING_OAUTHBEARER; state1 = SASL_OAUTH2; state2 = SASL_OAUTH2_RESP; @@ -351,17 +352,17 @@ CURLcode Curl_sasl_start(struct SASL *sasl, struct connectdata *conn, result = Curl_auth_create_oauth_bearer_message(data, conn->user, hostname, port, - conn->oauth_bearer, + oauth_bearer, &resp, &len); } - else if((enabledmechs & SASL_MECH_XOAUTH2) && conn->oauth_bearer) { + else if((enabledmechs & SASL_MECH_XOAUTH2) && oauth_bearer) { mech = SASL_MECH_STRING_XOAUTH2; state1 = SASL_OAUTH2; sasl->authused = SASL_MECH_XOAUTH2; if(force_ir || data->set.sasl_ir) result = Curl_auth_create_xoauth_bearer_message(data, conn->user, - conn->oauth_bearer, + oauth_bearer, &resp, &len); } else if(enabledmechs & SASL_MECH_PLAIN) { @@ -431,6 +432,7 @@ CURLcode Curl_sasl_continue(struct SASL *sasl, struct connectdata *conn, char *serverdata; #endif size_t len = 0; + const char *oauth_bearer = data->set.str[STRING_BEARER]; *progress = SASL_INPROGRESS; @@ -558,7 +560,7 @@ CURLcode Curl_sasl_continue(struct SASL *sasl, struct connectdata *conn, result = Curl_auth_create_oauth_bearer_message(data, conn->user, hostname, port, - conn->oauth_bearer, + oauth_bearer, &resp, &len); /* Failures maybe sent by the server as continuations for OAUTHBEARER */ @@ -566,7 +568,7 @@ CURLcode Curl_sasl_continue(struct SASL *sasl, struct connectdata *conn, } else result = Curl_auth_create_xoauth_bearer_message(data, conn->user, - conn->oauth_bearer, + oauth_bearer, &resp, &len); break; diff --git a/libs/libcurl/src/curl_sha256.h b/libs/libcurl/src/curl_sha256.h index 14b6414ea0..35d286cebd 100644 --- a/libs/libcurl/src/curl_sha256.h +++ b/libs/libcurl/src/curl_sha256.h @@ -7,7 +7,8 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2019, Florin Petriuc, + * Copyright (C) 2017, Florin Petriuc, + * Copyright (C) 2018 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -24,8 +25,10 @@ #ifndef CURL_DISABLE_CRYPTO_AUTH -void Curl_sha256it(unsigned char *outbuffer, - const unsigned char *input); +#define SHA256_DIGEST_LENGTH 32 + +void Curl_sha256it(unsigned char *outbuffer, const unsigned char *input, + const size_t len); #endif diff --git a/libs/libcurl/src/doh.c b/libs/libcurl/src/doh.c index 7f4eee5d81..aaa8f15ca6 100644 --- a/libs/libcurl/src/doh.c +++ b/libs/libcurl/src/doh.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2018 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 2018 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -548,7 +548,7 @@ static DOHcode store_cname(unsigned char *doh, if((index + 1) >= dohlen) return DOH_DNS_OUT_OF_RANGE; - /* move to the the new index */ + /* move to the new index */ newpos = (length & 0x3f) << 8 | doh[index + 1]; index = newpos; continue; diff --git a/libs/libcurl/src/easy.c b/libs/libcurl/src/easy.c index 6382cee3d5..1a6912748e 100644 --- a/libs/libcurl/src/easy.c +++ b/libs/libcurl/src/easy.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -76,6 +76,7 @@ #include "setopt.h" #include "http_digest.h" #include "system_win32.h" +#include "http2.h" /* The last 3 #include files should be in this order */ #include "curl_printf.h" @@ -185,16 +186,18 @@ static CURLcode global_init(long flags, bool memoryfuncs) goto fail; } - (void)Curl_ipv6works(); - #if defined(USE_SSH) if(Curl_ssh_init()) { goto fail; } #endif - if(flags & CURL_GLOBAL_ACK_EINTR) - Curl_ack_eintr = 1; +#ifdef USE_WOLFSSH + if(WS_SUCCESS != wolfSSH_Init()) { + DEBUGF(fprintf(stderr, "Error: wolfSSH_Init failed\n")); + return CURLE_FAILED_INIT; + } +#endif init_flags = flags; @@ -272,6 +275,10 @@ void curl_global_cleanup(void) Curl_ssh_cleanup(); +#ifdef USE_WOLFSSH + (void)wolfSSH_Cleanup(); +#endif + init_flags = 0; } @@ -684,10 +691,6 @@ static CURLcode easy_perform(struct Curl_easy *data, bool events) sigpipe_ignore(data, &pipe_st); - /* assign this after curl_multi_add_handle() since that function checks for - it and rejects this handle otherwise */ - data->multi = multi; - /* run the transfer */ result = events ? easy_events(multi) : easy_transfer(multi); @@ -983,49 +986,54 @@ CURLcode curl_easy_pause(struct Curl_easy *data, int action) /* put it back in the keepon */ k->keepon = newstate; - if(!(newstate & KEEP_RECV_PAUSE) && data->state.tempcount) { - /* there are buffers for sending that can be delivered as the receive - pausing is lifted! */ - unsigned int i; - unsigned int count = data->state.tempcount; - struct tempbuf writebuf[3]; /* there can only be three */ - struct connectdata *conn = data->conn; - struct Curl_easy *saved_data = NULL; - - /* copy the structs to allow for immediate re-pausing */ - for(i = 0; i < data->state.tempcount; i++) { - writebuf[i] = data->state.tempwrite[i]; - data->state.tempwrite[i].buf = NULL; - } - data->state.tempcount = 0; + if(!(newstate & KEEP_RECV_PAUSE)) { + Curl_http2_stream_pause(data, FALSE); + + if(data->state.tempcount) { + /* there are buffers for sending that can be delivered as the receive + pausing is lifted! */ + unsigned int i; + unsigned int count = data->state.tempcount; + struct tempbuf writebuf[3]; /* there can only be three */ + struct connectdata *conn = data->conn; + struct Curl_easy *saved_data = NULL; + + /* copy the structs to allow for immediate re-pausing */ + for(i = 0; i < data->state.tempcount; i++) { + writebuf[i] = data->state.tempwrite[i]; + data->state.tempwrite[i].buf = NULL; + } + data->state.tempcount = 0; - /* set the connection's current owner */ - if(conn->data != data) { - saved_data = conn->data; - conn->data = data; - } + /* set the connection's current owner */ + if(conn->data != data) { + saved_data = conn->data; + conn->data = data; + } - for(i = 0; i < count; i++) { - /* even if one function returns error, this loops through and frees all - buffers */ - if(!result) - result = Curl_client_write(conn, writebuf[i].type, writebuf[i].buf, - writebuf[i].len); - free(writebuf[i].buf); - } + for(i = 0; i < count; i++) { + /* even if one function returns error, this loops through and frees + all buffers */ + if(!result) + result = Curl_client_write(conn, writebuf[i].type, writebuf[i].buf, + writebuf[i].len); + free(writebuf[i].buf); + } - /* recover previous owner of the connection */ - if(saved_data) - conn->data = saved_data; + /* recover previous owner of the connection */ + if(saved_data) + conn->data = saved_data; - if(result) - return result; + if(result) + return result; + } } /* if there's no error and we're not pausing both directions, we want to have this handle checked soon */ if((newstate & (KEEP_RECV_PAUSE|KEEP_SEND_PAUSE)) != (KEEP_RECV_PAUSE|KEEP_SEND_PAUSE)) { + data->state.drain++; Curl_expire(data, 0, EXPIRE_RUN_NOW); /* get this handle going again */ if(data->multi) Curl_update_timer(data->multi); diff --git a/libs/libcurl/src/formdata.c b/libs/libcurl/src/formdata.c index 429d479da5..50a37e0e74 100644 --- a/libs/libcurl/src/formdata.c +++ b/libs/libcurl/src/formdata.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms diff --git a/libs/libcurl/src/ftp.c b/libs/libcurl/src/ftp.c index 469096f0f6..57b22ade97 100644 --- a/libs/libcurl/src/ftp.c +++ b/libs/libcurl/src/ftp.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -55,7 +55,6 @@ #include "transfer.h" #include "escape.h" #include "http.h" /* for HTTP proxy tunnel stuff */ -#include "socks.h" #include "ftp.h" #include "fileinfo.h" #include "ftplistparser.h" @@ -78,6 +77,7 @@ #include "warnless.h" #include "http_proxy.h" #include "non-ascii.h" +#include "socks.h" /* The last 3 #include files should be in this order */ #include "curl_printf.h" #include "curl_memory.h" @@ -253,18 +253,6 @@ static void freedirs(struct ftp_conn *ftpc) Curl_safefree(ftpc->newhost); } -/* Returns non-zero if the given string contains CR (\r) or LF (\n), - which are not allowed within RFC 959 . - Note: The input string is in the client's encoding which might - not be ASCII, so escape sequences \r & \n must be used instead - of hex values 0x0d & 0x0a. -*/ -static bool isBadFtpString(const char *string) -{ - return ((NULL != strchr(string, '\r')) || - (NULL != strchr(string, '\n'))) ? TRUE : FALSE; -} - /*********************************************************************** * * AcceptServerConnect() @@ -303,7 +291,7 @@ static CURLcode AcceptServerConnect(struct connectdata *conn) conn->sock[SECONDARYSOCKET] = s; (void)curlx_nonblock(s, TRUE); /* enable non-blocking */ - conn->sock_accepted[SECONDARYSOCKET] = TRUE; + conn->sock_accepted = TRUE; if(data->set.fsockopt) { int error = 0; @@ -785,9 +773,8 @@ static void _state(struct connectdata *conn, static CURLcode ftp_state_user(struct connectdata *conn) { CURLcode result; - struct FTP *ftp = conn->data->req.protop; /* send USER */ - PPSENDF(&conn->proto.ftpc.pp, "USER %s", ftp->user?ftp->user:""); + PPSENDF(&conn->proto.ftpc.pp, "USER %s", conn->user?conn->user:""); state(conn, FTP_USER); conn->data->state.ftp_trying_alternative = FALSE; @@ -823,6 +810,9 @@ static int ftp_domore_getsock(struct connectdata *conn, curl_socket_t *socks) * handle ordinary commands. */ + if(SOCKS_STATE(conn->cnnct.state)) + return Curl_SOCKS_getsock(conn, socks, SECONDARYSOCKET); + if(FTP_STOP == ftpc->state) { int bits = GETSOCK_READSOCK(0); @@ -920,7 +910,7 @@ static CURLcode ftp_state_use_port(struct connectdata *conn, struct ftp_conn *ftpc = &conn->proto.ftpc; struct Curl_easy *data = conn->data; curl_socket_t portsock = CURL_SOCKET_BAD; - char myhost[256] = ""; + char myhost[MAX_IPADR_LEN + 1] = ""; struct Curl_sockaddr_storage ss; Curl_addrinfo *res, *ai; @@ -931,9 +921,8 @@ static CURLcode ftp_state_use_port(struct connectdata *conn, #ifdef ENABLE_IPV6 struct sockaddr_in6 * const sa6 = (void *)sa; #endif - char tmp[1024]; static const char mode[][5] = { "EPRT", "PORT" }; - int rc; + enum resolve_t rc; int error; char *host = NULL; char *string_ftpport = data->set.str[STRING_FTPPORT]; @@ -1246,8 +1235,10 @@ static CURLcode ftp_state_use_port(struct connectdata *conn, break; } if(PORT == fcmd) { + /* large enough for [IP address],[num],[num] */ + char target[sizeof(myhost) + 20]; char *source = myhost; - char *dest = tmp; + char *dest = target; /* translate x.x.x.x to x,x,x,x */ while(source && *source) { @@ -1261,7 +1252,7 @@ static CURLcode ftp_state_use_port(struct connectdata *conn, *dest = 0; msnprintf(dest, 20, ",%d,%d", (int)(port>>8), (int)(port&0xff)); - result = Curl_pp_sendf(&ftpc->pp, "%s %s", mode[fcmd], tmp); + result = Curl_pp_sendf(&ftpc->pp, "%s %s", mode[fcmd], target); if(result) { failf(data, "Failure sending PORT command: %s", curl_easy_strerror(result)); @@ -1806,7 +1797,7 @@ static CURLcode ftp_state_pasv_resp(struct connectdata *conn, CURLcode result; struct Curl_easy *data = conn->data; struct Curl_dns_entry *addr = NULL; - int rc; + enum resolve_t rc; unsigned short connectport; /* the local port connect() should use! */ char *str = &data->state.buffer[4]; /* start on the first letter */ @@ -2528,7 +2519,6 @@ static CURLcode ftp_state_user_resp(struct connectdata *conn, { CURLcode result = CURLE_OK; struct Curl_easy *data = conn->data; - struct FTP *ftp = data->req.protop; struct ftp_conn *ftpc = &conn->proto.ftpc; (void)instate; /* no use for this yet */ @@ -2536,7 +2526,7 @@ static CURLcode ftp_state_user_resp(struct connectdata *conn, if((ftpcode == 331) && (ftpc->state == FTP_USER)) { /* 331 Password required for ... (the server requires to send the user's password too) */ - PPSENDF(&ftpc->pp, "PASS %s", ftp->passwd?ftp->passwd:""); + PPSENDF(&ftpc->pp, "PASS %s", conn->passwd?conn->passwd:""); state(conn, FTP_PASS); } else if(ftpcode/100 == 2) { @@ -4369,18 +4359,6 @@ static CURLcode ftp_setup_connection(struct connectdata *conn) /* get some initial data into the ftp struct */ ftp->transfer = FTPTRANSFER_BODY; ftp->downloadsize = 0; - - /* No need to duplicate user+password, the connectdata struct won't change - during a session, but we re-init them here since on subsequent inits - since the conn struct may have changed or been replaced. - */ - ftp->user = conn->user; - ftp->passwd = conn->passwd; - if(isBadFtpString(ftp->user)) - return CURLE_URL_MALFORMAT; - if(isBadFtpString(ftp->passwd)) - return CURLE_URL_MALFORMAT; - conn->proto.ftpc.known_filesize = -1; /* unknown size for now */ return CURLE_OK; diff --git a/libs/libcurl/src/ftp.h b/libs/libcurl/src/ftp.h index 2c88d568c1..984347f2a3 100644 --- a/libs/libcurl/src/ftp.h +++ b/libs/libcurl/src/ftp.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -102,8 +102,6 @@ typedef enum { perhaps the Curl_easy is changed between the times the connection is used. */ struct FTP { - char *user; /* user name string */ - char *passwd; /* password string */ char *path; /* points to the urlpieces struct field */ char *pathalloc; /* if non-NULL a pointer to an allocated path */ diff --git a/libs/libcurl/src/getenv.c b/libs/libcurl/src/getenv.c index e444a6a3ad..9385b8f677 100644 --- a/libs/libcurl/src/getenv.c +++ b/libs/libcurl/src/getenv.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -27,25 +27,48 @@ #include "memdebug.h" -static -char *GetEnv(const char *variable) +static char *GetEnv(const char *variable) { #if defined(_WIN32_WCE) || defined(CURL_WINDOWS_APP) (void)variable; return NULL; -#else -#ifdef WIN32 - char env[4096]; - char *temp = getenv(variable); - env[0] = '\0'; - if(temp != NULL) - ExpandEnvironmentStringsA(temp, env, sizeof(env)); - return (env[0] != '\0')?strdup(env):NULL; +#elif defined(WIN32) + /* This uses Windows API instead of C runtime getenv() to get the environment + variable since some changes aren't always visible to the latter. #4774 */ + char *buf = NULL; + char *tmp; + DWORD bufsize; + DWORD rc = 1; + const DWORD max = 32768; /* max env var size from MSCRT source */ + + for(;;) { + tmp = realloc(buf, rc); + if(!tmp) { + free(buf); + return NULL; + } + + buf = tmp; + bufsize = rc; + + /* It's possible for rc to be 0 if the variable was found but empty. + Since getenv doesn't make that distinction we ignore it as well. */ + rc = GetEnvironmentVariableA(variable, buf, bufsize); + if(!rc || rc == bufsize || rc > max) { + free(buf); + return NULL; + } + + /* if rc < bufsize then rc is bytes written not including null */ + if(rc < bufsize) + return buf; + + /* else rc is bytes needed, try again */ + } #else char *env = getenv(variable); return (env && env[0])?strdup(env):NULL; #endif -#endif } char *curl_getenv(const char *v) diff --git a/libs/libcurl/src/hmac.c b/libs/libcurl/src/hmac.c index bf49ebec54..ae68827bea 100644 --- a/libs/libcurl/src/hmac.c +++ b/libs/libcurl/src/hmac.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2018, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -30,6 +30,7 @@ #include "curl_hmac.h" #include "curl_memory.h" +#include "warnless.h" /* The last #include file should be: */ #include "memdebug.h" @@ -129,4 +130,40 @@ int Curl_HMAC_final(HMAC_context *ctxt, unsigned char *result) return 0; } +/* + * Curl_hmacit() + * + * This is used to generate a HMAC hash, for the specified input data, given + * the specified hash function and key. + * + * Parameters: + * + * hashparams [in] - The hash function (Curl_HMAC_MD5). + * key [in] - The key to use. + * keylen [in] - The length of the key. + * data [in] - The data to encrypt. + * datalen [in] - The length of the data. + * output [in/out] - The output buffer. + * + * Returns CURLE_OK on success. + */ +CURLcode Curl_hmacit(const HMAC_params *hashparams, + const unsigned char *key, const size_t keylen, + const unsigned char *data, const size_t datalen, + unsigned char *output) +{ + HMAC_context *ctxt = Curl_HMAC_init(hashparams, key, curlx_uztoui(keylen)); + + if(!ctxt) + return CURLE_OUT_OF_MEMORY; + + /* Update the digest with the given challenge */ + Curl_HMAC_update(ctxt, data, curlx_uztoui(datalen)); + + /* Finalise the digest */ + Curl_HMAC_final(ctxt, output); + + return CURLE_OK; +} + #endif /* CURL_DISABLE_CRYPTO_AUTH */ diff --git a/libs/libcurl/src/hostip.c b/libs/libcurl/src/hostip.c index b434b390a2..c0feb79fb3 100644 --- a/libs/libcurl/src/hostip.c +++ b/libs/libcurl/src/hostip.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -59,6 +59,7 @@ #include "strerror.h" #include "url.h" #include "inet_ntop.h" +#include "inet_pton.h" #include "multiif.h" #include "doh.h" #include "warnless.h" @@ -482,16 +483,16 @@ Curl_cache_addr(struct Curl_easy *data, * CURLRESOLV_PENDING (1) = waiting for response, no pointer */ -int Curl_resolv(struct connectdata *conn, - const char *hostname, - int port, - bool allowDOH, - struct Curl_dns_entry **entry) +enum resolve_t Curl_resolv(struct connectdata *conn, + const char *hostname, + int port, + bool allowDOH, + struct Curl_dns_entry **entry) { struct Curl_dns_entry *dns = NULL; struct Curl_easy *data = conn->data; CURLcode result; - int rc = CURLRESOLV_ERROR; /* default to failure */ + enum resolve_t rc = CURLRESOLV_ERROR; /* default to failure */ *entry = NULL; @@ -512,13 +513,11 @@ int Curl_resolv(struct connectdata *conn, if(!dns) { /* The entry was not in the cache. Resolve it to IP address */ - Curl_addrinfo *addr; + Curl_addrinfo *addr = NULL; int respwait = 0; - - /* Check what IP specifics the app has requested and if we can provide it. - * If not, bail out. */ - if(!Curl_ipvalid(conn)) - return CURLRESOLV_ERROR; +#ifndef USE_RESOLVE_ON_IPS + struct in_addr in; +#endif /* notify the resolver start callback */ if(data->set.resolver_start) { @@ -531,20 +530,43 @@ int Curl_resolv(struct connectdata *conn, return CURLRESOLV_ERROR; } - if(allowDOH && data->set.doh) { - addr = Curl_doh(conn, hostname, port, &respwait); +#ifndef USE_RESOLVE_ON_IPS + /* First check if this is an IPv4 address string */ + if(Curl_inet_pton(AF_INET, hostname, &in) > 0) + /* This is a dotted IP address 123.123.123.123-style */ + addr = Curl_ip2addr(AF_INET, &in, hostname, port); +#ifdef ENABLE_IPV6 + if(!addr) { + struct in6_addr in6; + /* check if this is an IPv6 address string */ + if(Curl_inet_pton(AF_INET6, hostname, &in6) > 0) + /* This is an IPv6 address literal */ + addr = Curl_ip2addr(AF_INET6, &in6, hostname, port); } - else { - /* If Curl_getaddrinfo() returns NULL, 'respwait' might be set to a - non-zero value indicating that we need to wait for the response to the - resolve call */ - addr = Curl_getaddrinfo(conn, +#endif /* ENABLE_IPV6 */ +#endif /* !USE_RESOLVE_ON_IPS */ + + if(!addr) { + /* Check what IP specifics the app has requested and if we can provide + * it. If not, bail out. */ + if(!Curl_ipvalid(conn)) + return CURLRESOLV_ERROR; + + if(allowDOH && data->set.doh) { + addr = Curl_doh(conn, hostname, port, &respwait); + } + else { + /* If Curl_getaddrinfo() returns NULL, 'respwait' might be set to a + non-zero value indicating that we need to wait for the response to + the resolve call */ + addr = Curl_getaddrinfo(conn, #ifdef DEBUGBUILD - (data->set.str[STRING_DEVICE] - && !strcmp(data->set.str[STRING_DEVICE], - "LocalHost"))?"localhost": + (data->set.str[STRING_DEVICE] + && !strcmp(data->set.str[STRING_DEVICE], + "LocalHost"))?"localhost": #endif - hostname, port, &respwait); + hostname, port, &respwait); + } } if(!addr) { if(respwait) { @@ -620,11 +642,11 @@ RETSIGTYPE alarmfunc(int sig) * CURLRESOLV_PENDING (1) = waiting for response, no pointer */ -int Curl_resolv_timeout(struct connectdata *conn, - const char *hostname, - int port, - struct Curl_dns_entry **entry, - timediff_t timeoutms) +enum resolve_t Curl_resolv_timeout(struct connectdata *conn, + const char *hostname, + int port, + struct Curl_dns_entry **entry, + timediff_t timeoutms) { #ifdef USE_ALARM_TIMEOUT #ifdef HAVE_SIGACTION @@ -640,7 +662,7 @@ int Curl_resolv_timeout(struct connectdata *conn, volatile unsigned int prev_alarm = 0; struct Curl_easy *data = conn->data; #endif /* USE_ALARM_TIMEOUT */ - int rc; + enum resolve_t rc; *entry = NULL; diff --git a/libs/libcurl/src/hostip.h b/libs/libcurl/src/hostip.h index e0597ea96a..baf1e5860a 100644 --- a/libs/libcurl/src/hostip.h +++ b/libs/libcurl/src/hostip.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -79,26 +79,29 @@ struct Curl_dns_entry { * use, or we'll leak memory! */ /* return codes */ -#define CURLRESOLV_TIMEDOUT -2 -#define CURLRESOLV_ERROR -1 -#define CURLRESOLV_RESOLVED 0 -#define CURLRESOLV_PENDING 1 -int Curl_resolv(struct connectdata *conn, - const char *hostname, - int port, - bool allowDOH, - struct Curl_dns_entry **dnsentry); -int Curl_resolv_timeout(struct connectdata *conn, const char *hostname, - int port, struct Curl_dns_entry **dnsentry, - timediff_t timeoutms); +enum resolve_t { + CURLRESOLV_TIMEDOUT = -2, + CURLRESOLV_ERROR = -1, + CURLRESOLV_RESOLVED = 0, + CURLRESOLV_PENDING = 1 +}; +enum resolve_t Curl_resolv(struct connectdata *conn, + const char *hostname, + int port, + bool allowDOH, + struct Curl_dns_entry **dnsentry); +enum resolve_t Curl_resolv_timeout(struct connectdata *conn, + const char *hostname, int port, + struct Curl_dns_entry **dnsentry, + timediff_t timeoutms); #ifdef CURLRES_IPV6 /* * Curl_ipv6works() returns TRUE if IPv6 seems to work. */ -bool Curl_ipv6works(void); +bool Curl_ipv6works(struct connectdata *conn); #else -#define Curl_ipv6works() FALSE +#define Curl_ipv6works(x) FALSE #endif /* diff --git a/libs/libcurl/src/hostip4.c b/libs/libcurl/src/hostip4.c index 2636851e68..d5009a3efb 100644 --- a/libs/libcurl/src/hostip4.c +++ b/libs/libcurl/src/hostip4.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -52,7 +52,6 @@ #include "share.h" #include "strerror.h" #include "url.h" -#include "inet_pton.h" /* The last 3 #include files should be in this order */ #include "curl_printf.h" #include "curl_memory.h" @@ -128,38 +127,22 @@ Curl_addrinfo *Curl_ipv4_resolve_r(const char *hostname, #endif Curl_addrinfo *ai = NULL; struct hostent *h = NULL; - struct in_addr in; struct hostent *buf = NULL; -#ifdef ENABLE_IPV6 - { - struct in6_addr in6; - /* check if this is an IPv6 address string */ - if(Curl_inet_pton(AF_INET6, hostname, &in6) > 0) - /* This is an IPv6 address literal */ - return Curl_ip2addr(AF_INET6, &in6, hostname, port); - } -#endif /* ENABLE_IPV6 */ - - if(Curl_inet_pton(AF_INET, hostname, &in) > 0) - /* This is a dotted IP address 123.123.123.123-style */ - return Curl_ip2addr(AF_INET, &in, hostname, port); - #if defined(HAVE_GETADDRINFO_THREADSAFE) - else { - struct addrinfo hints; - char sbuf[12]; - char *sbufptr = NULL; - - memset(&hints, 0, sizeof(hints)); - hints.ai_family = PF_INET; - hints.ai_socktype = SOCK_STREAM; - if(port) { - msnprintf(sbuf, sizeof(sbuf), "%d", port); - sbufptr = sbuf; - } + struct addrinfo hints; + char sbuf[12]; + char *sbufptr = NULL; + + memset(&hints, 0, sizeof(hints)); + hints.ai_family = PF_INET; + hints.ai_socktype = SOCK_STREAM; + if(port) { + msnprintf(sbuf, sizeof(sbuf), "%d", port); + sbufptr = sbuf; + } - (void)Curl_getaddrinfo_ex(hostname, sbufptr, &hints, &ai); + (void)Curl_getaddrinfo_ex(hostname, sbufptr, &hints, &ai); #elif defined(HAVE_GETHOSTBYNAME_R) /* @@ -167,144 +150,141 @@ Curl_addrinfo *Curl_ipv4_resolve_r(const char *hostname, * Since there are three different versions of it, the following code is * somewhat #ifdef-ridden. */ - else { - int h_errnop; - - buf = calloc(1, CURL_HOSTENT_SIZE); - if(!buf) - return NULL; /* major failure */ - /* - * The clearing of the buffer is a workaround for a gethostbyname_r bug in - * qnx nto and it is also _required_ for some of these functions on some - * platforms. - */ + int h_errnop; + + buf = calloc(1, CURL_HOSTENT_SIZE); + if(!buf) + return NULL; /* major failure */ + /* + * The clearing of the buffer is a workaround for a gethostbyname_r bug in + * qnx nto and it is also _required_ for some of these functions on some + * platforms. + */ #if defined(HAVE_GETHOSTBYNAME_R_5) - /* Solaris, IRIX and more */ - h = gethostbyname_r(hostname, - (struct hostent *)buf, - (char *)buf + sizeof(struct hostent), - CURL_HOSTENT_SIZE - sizeof(struct hostent), - &h_errnop); - - /* If the buffer is too small, it returns NULL and sets errno to - * ERANGE. The errno is thread safe if this is compiled with - * -D_REENTRANT as then the 'errno' variable is a macro defined to get - * used properly for threads. - */ + /* Solaris, IRIX and more */ + h = gethostbyname_r(hostname, + (struct hostent *)buf, + (char *)buf + sizeof(struct hostent), + CURL_HOSTENT_SIZE - sizeof(struct hostent), + &h_errnop); + + /* If the buffer is too small, it returns NULL and sets errno to + * ERANGE. The errno is thread safe if this is compiled with + * -D_REENTRANT as then the 'errno' variable is a macro defined to get + * used properly for threads. + */ - if(h) { - ; - } - else + if(h) { + ; + } + else #elif defined(HAVE_GETHOSTBYNAME_R_6) - /* Linux */ - - (void)gethostbyname_r(hostname, - (struct hostent *)buf, - (char *)buf + sizeof(struct hostent), - CURL_HOSTENT_SIZE - sizeof(struct hostent), - &h, /* DIFFERENCE */ - &h_errnop); - /* Redhat 8, using glibc 2.2.93 changed the behavior. Now all of a - * sudden this function returns EAGAIN if the given buffer size is too - * small. Previous versions are known to return ERANGE for the same - * problem. - * - * This wouldn't be such a big problem if older versions wouldn't - * sometimes return EAGAIN on a common failure case. Alas, we can't - * assume that EAGAIN *or* ERANGE means ERANGE for any given version of - * glibc. - * - * For now, we do that and thus we may call the function repeatedly and - * fail for older glibc versions that return EAGAIN, until we run out of - * buffer size (step_size grows beyond CURL_HOSTENT_SIZE). - * - * If anyone has a better fix, please tell us! - * - * ------------------------------------------------------------------- - * - * On October 23rd 2003, Dan C dug up more details on the mysteries of - * gethostbyname_r() in glibc: - * - * In glibc 2.2.5 the interface is different (this has also been - * discovered in glibc 2.1.1-6 as shipped by Redhat 6). What I can't - * explain, is that tests performed on glibc 2.2.4-34 and 2.2.4-32 - * (shipped/upgraded by Redhat 7.2) don't show this behavior! - * - * In this "buggy" version, the return code is -1 on error and 'errno' - * is set to the ERANGE or EAGAIN code. Note that 'errno' is not a - * thread-safe variable. - */ + /* Linux */ + + (void)gethostbyname_r(hostname, + (struct hostent *)buf, + (char *)buf + sizeof(struct hostent), + CURL_HOSTENT_SIZE - sizeof(struct hostent), + &h, /* DIFFERENCE */ + &h_errnop); + /* Redhat 8, using glibc 2.2.93 changed the behavior. Now all of a + * sudden this function returns EAGAIN if the given buffer size is too + * small. Previous versions are known to return ERANGE for the same + * problem. + * + * This wouldn't be such a big problem if older versions wouldn't + * sometimes return EAGAIN on a common failure case. Alas, we can't + * assume that EAGAIN *or* ERANGE means ERANGE for any given version of + * glibc. + * + * For now, we do that and thus we may call the function repeatedly and + * fail for older glibc versions that return EAGAIN, until we run out of + * buffer size (step_size grows beyond CURL_HOSTENT_SIZE). + * + * If anyone has a better fix, please tell us! + * + * ------------------------------------------------------------------- + * + * On October 23rd 2003, Dan C dug up more details on the mysteries of + * gethostbyname_r() in glibc: + * + * In glibc 2.2.5 the interface is different (this has also been + * discovered in glibc 2.1.1-6 as shipped by Redhat 6). What I can't + * explain, is that tests performed on glibc 2.2.4-34 and 2.2.4-32 + * (shipped/upgraded by Redhat 7.2) don't show this behavior! + * + * In this "buggy" version, the return code is -1 on error and 'errno' + * is set to the ERANGE or EAGAIN code. Note that 'errno' is not a + * thread-safe variable. + */ - if(!h) /* failure */ + if(!h) /* failure */ #elif defined(HAVE_GETHOSTBYNAME_R_3) - /* AIX, Digital Unix/Tru64, HPUX 10, more? */ - - /* For AIX 4.3 or later, we don't use gethostbyname_r() at all, because of - * the plain fact that it does not return unique full buffers on each - * call, but instead several of the pointers in the hostent structs will - * point to the same actual data! This have the unfortunate down-side that - * our caching system breaks down horribly. Luckily for us though, AIX 4.3 - * and more recent versions have a "completely thread-safe"[*] libc where - * all the data is stored in thread-specific memory areas making calls to - * the plain old gethostbyname() work fine even for multi-threaded - * programs. - * - * This AIX 4.3 or later detection is all made in the configure script. - * - * Troels Walsted Hansen helped us work this out on March 3rd, 2003. - * - * [*] = much later we've found out that it isn't at all "completely - * thread-safe", but at least the gethostbyname() function is. + /* AIX, Digital Unix/Tru64, HPUX 10, more? */ + + /* For AIX 4.3 or later, we don't use gethostbyname_r() at all, because of + * the plain fact that it does not return unique full buffers on each + * call, but instead several of the pointers in the hostent structs will + * point to the same actual data! This have the unfortunate down-side that + * our caching system breaks down horribly. Luckily for us though, AIX 4.3 + * and more recent versions have a "completely thread-safe"[*] libc where + * all the data is stored in thread-specific memory areas making calls to + * the plain old gethostbyname() work fine even for multi-threaded + * programs. + * + * This AIX 4.3 or later detection is all made in the configure script. + * + * Troels Walsted Hansen helped us work this out on March 3rd, 2003. + * + * [*] = much later we've found out that it isn't at all "completely + * thread-safe", but at least the gethostbyname() function is. + */ + + if(CURL_HOSTENT_SIZE >= + (sizeof(struct hostent) + sizeof(struct hostent_data))) { + + /* August 22nd, 2000: Albert Chin-A-Young brought an updated version + * that should work! September 20: Richard Prescott worked on the buffer + * size dilemma. */ - if(CURL_HOSTENT_SIZE >= - (sizeof(struct hostent) + sizeof(struct hostent_data))) { - - /* August 22nd, 2000: Albert Chin-A-Young brought an updated version - * that should work! September 20: Richard Prescott worked on the buffer - * size dilemma. - */ - - res = gethostbyname_r(hostname, - (struct hostent *)buf, - (struct hostent_data *)((char *)buf + - sizeof(struct hostent))); - h_errnop = SOCKERRNO; /* we don't deal with this, but set it anyway */ - } - else - res = -1; /* failure, too smallish buffer size */ - - if(!res) { /* success */ - - h = buf; /* result expected in h */ - - /* This is the worst kind of the different gethostbyname_r() interfaces. - * Since we don't know how big buffer this particular lookup required, - * we can't realloc down the huge alloc without doing closer analysis of - * the returned data. Thus, we always use CURL_HOSTENT_SIZE for every - * name lookup. Fixing this would require an extra malloc() and then - * calling Curl_addrinfo_copy() that subsequent realloc()s down the new - * memory area to the actually used amount. - */ - } - else + res = gethostbyname_r(hostname, + (struct hostent *)buf, + (struct hostent_data *)((char *)buf + + sizeof(struct hostent))); + h_errnop = SOCKERRNO; /* we don't deal with this, but set it anyway */ + } + else + res = -1; /* failure, too smallish buffer size */ + + if(!res) { /* success */ + + h = buf; /* result expected in h */ + + /* This is the worst kind of the different gethostbyname_r() interfaces. + * Since we don't know how big buffer this particular lookup required, + * we can't realloc down the huge alloc without doing closer analysis of + * the returned data. Thus, we always use CURL_HOSTENT_SIZE for every + * name lookup. Fixing this would require an extra malloc() and then + * calling Curl_addrinfo_copy() that subsequent realloc()s down the new + * memory area to the actually used amount. + */ + } + else #endif /* HAVE_...BYNAME_R_5 || HAVE_...BYNAME_R_6 || HAVE_...BYNAME_R_3 */ - { - h = NULL; /* set return code to NULL */ - free(buf); - } + { + h = NULL; /* set return code to NULL */ + free(buf); + } #else /* HAVE_GETADDRINFO_THREADSAFE || HAVE_GETHOSTBYNAME_R */ - /* - * Here is code for platforms that don't have a thread safe - * getaddrinfo() nor gethostbyname_r() function or for which - * gethostbyname() is the preferred one. - */ - else { - h = gethostbyname((void *)hostname); + /* + * Here is code for platforms that don't have a thread safe + * getaddrinfo() nor gethostbyname_r() function or for which + * gethostbyname() is the preferred one. + */ + h = gethostbyname((void *)hostname); #endif /* HAVE_GETADDRINFO_THREADSAFE || HAVE_GETHOSTBYNAME_R */ - } if(h) { ai = Curl_he2ai(h, port); diff --git a/libs/libcurl/src/hostip6.c b/libs/libcurl/src/hostip6.c index e0e0c58dfa..41ff986964 100644 --- a/libs/libcurl/src/hostip6.c +++ b/libs/libcurl/src/hostip6.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -62,13 +62,19 @@ /* * Curl_ipv6works() returns TRUE if IPv6 seems to work. */ -bool Curl_ipv6works(void) +bool Curl_ipv6works(struct connectdata *conn) { - /* the nature of most system is that IPv6 status doesn't come and go - during a program's lifetime so we only probe the first time and then we - have the info kept for fast re-use */ - static int ipv6_works = -1; - if(-1 == ipv6_works) { + if(conn) { + /* the nature of most system is that IPv6 status doesn't come and go + during a program's lifetime so we only probe the first time and then we + have the info kept for fast re-use */ + DEBUGASSERT(conn); + DEBUGASSERT(conn->data); + DEBUGASSERT(conn->data->multi); + return conn->data->multi->ipv6_works; + } + else { + int ipv6_works = -1; /* probe to see if we have a working IPv6 stack */ curl_socket_t s = socket(PF_INET6, SOCK_DGRAM, 0); if(s == CURL_SOCKET_BAD) @@ -78,8 +84,8 @@ bool Curl_ipv6works(void) ipv6_works = 1; Curl_closesocket(NULL, s); } + return (ipv6_works>0)?TRUE:FALSE; } - return (ipv6_works>0)?TRUE:FALSE; } /* @@ -89,7 +95,7 @@ bool Curl_ipv6works(void) bool Curl_ipvalid(struct connectdata *conn) { if(conn->ip_version == CURL_IPRESOLVE_V6) - return Curl_ipv6works(); + return Curl_ipv6works(conn); return TRUE; } @@ -159,7 +165,7 @@ Curl_addrinfo *Curl_getaddrinfo(struct connectdata *conn, break; } - if((pf != PF_INET) && !Curl_ipv6works()) + if((pf != PF_INET) && !Curl_ipv6works(conn)) /* The stack seems to be a non-IPv6 one */ pf = PF_INET; diff --git a/libs/libcurl/src/http.c b/libs/libcurl/src/http.c index 837f53c415..bff3adc170 100644 --- a/libs/libcurl/src/http.c +++ b/libs/libcurl/src/http.c @@ -344,7 +344,7 @@ static CURLcode http_output_bearer(struct connectdata *conn) userp = &conn->allocptr.userpwd; free(*userp); *userp = aprintf("Authorization: Bearer %s\r\n", - conn->oauth_bearer); + conn->data->set.str[STRING_BEARER]); if(!*userp) { result = CURLE_OUT_OF_MEMORY; @@ -555,7 +555,7 @@ CURLcode Curl_http_auth_act(struct connectdata *conn) CURLcode result = CURLE_OK; unsigned long authmask = ~0ul; - if(!conn->oauth_bearer) + if(!data->set.str[STRING_BEARER]) authmask &= (unsigned long)~CURLAUTH_BEARER; if(100 <= data->req.httpcode && 199 >= data->req.httpcode) @@ -565,7 +565,7 @@ CURLcode Curl_http_auth_act(struct connectdata *conn) if(data->state.authproblem) return data->set.http_fail_on_error?CURLE_HTTP_RETURNED_ERROR:CURLE_OK; - if((conn->bits.user_passwd || conn->oauth_bearer) && + if((conn->bits.user_passwd || data->set.str[STRING_BEARER]) && ((data->req.httpcode == 401) || (conn->bits.authneg && data->req.httpcode < 300))) { pickhost = pickoneauth(&data->state.authhost, authmask); @@ -641,9 +641,7 @@ output_auth_headers(struct connectdata *conn, { const char *auth = NULL; CURLcode result = CURLE_OK; -#if !defined(CURL_DISABLE_VERBOSE_STRINGS) struct Curl_easy *data = conn->data; -#endif #ifdef CURL_DISABLE_CRYPTO_AUTH (void)request; @@ -707,7 +705,7 @@ output_auth_headers(struct connectdata *conn, } if(authstatus->picked == CURLAUTH_BEARER) { /* Bearer */ - if((!proxy && conn->oauth_bearer && + if((!proxy && data->set.str[STRING_BEARER] && !Curl_checkheaders(conn, "Authorization:"))) { auth = "Bearer"; result = http_output_bearer(conn); @@ -765,7 +763,7 @@ Curl_http_output_auth(struct connectdata *conn, authproxy = &data->state.authproxy; if((conn->bits.httpproxy && conn->bits.proxy_user_passwd) || - conn->bits.user_passwd || conn->oauth_bearer) + conn->bits.user_passwd || data->set.str[STRING_BEARER]) /* continue please */; else { authhost->done = TRUE; @@ -1691,7 +1689,7 @@ static CURLcode expect100(struct Curl_easy *data, CURLcode result = CURLE_OK; data->state.expect100header = FALSE; /* default to false unless it is set to TRUE below */ - if(use_http_1_1plus(data, conn) && + if(!data->state.disableexpect && use_http_1_1plus(data, conn) && (conn->httpversion < 20)) { /* if not doing HTTP 1.0 or version 2, or disabled explicitly, we add an Expect: 100-continue to the headers which actually speeds up post @@ -2390,7 +2388,7 @@ CURLcode Curl_http(struct connectdata *conn, bool *done) return CURLE_OUT_OF_MEMORY; } } - /* Extract the the URL to use in the request. Store in STRING_TEMP_URL for + /* Extract the URL to use in the request. Store in STRING_TEMP_URL for clean-up reasons if the function returns before the free() further down. */ uc = curl_url_get(h, CURLUPART_URL, &data->set.str[STRING_TEMP_URL], 0); @@ -3046,6 +3044,8 @@ CURLcode Curl_http(struct connectdata *conn, bool *done) } if(result) return result; + if(!postsize) + data->req.upload_done = TRUE; if(data->req.writebytecount) { /* if a request-body has been sent off, we make sure this progress is noted @@ -3545,7 +3545,16 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data, */ Curl_expire_done(data, EXPIRE_100_TIMEOUT); if(!k->upload_done) { - if(data->set.http_keep_sending_on_error) { + if((k->httpcode == 417) && data->state.expect100header) { + /* 417 Expectation Failed - try again without the Expect + header */ + infof(data, "Got 417 while waiting for a 100\n"); + data->state.disableexpect = TRUE; + DEBUGASSERT(!data->req.newurl); + data->req.newurl = strdup(conn->data->change.url); + Curl_done_sending(conn, k); + } + else if(data->set.http_keep_sending_on_error) { infof(data, "HTTP error before end of send, keep sending\n"); if(k->exp100 > EXP100_SEND_DATA) { k->exp100 = EXP100_SEND_DATA; diff --git a/libs/libcurl/src/http.h b/libs/libcurl/src/http.h index 70d5dccec6..4c1825f60f 100644 --- a/libs/libcurl/src/http.h +++ b/libs/libcurl/src/http.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -116,7 +116,7 @@ CURLcode Curl_http_auth_act(struct connectdata *conn); * */ #ifndef EXPECT_100_THRESHOLD -#define EXPECT_100_THRESHOLD 1024 +#define EXPECT_100_THRESHOLD (1024*1024) #endif #endif /* CURL_DISABLE_HTTP */ diff --git a/libs/libcurl/src/http2.c b/libs/libcurl/src/http2.c index 65f3513ee5..72b38a3f66 100644 --- a/libs/libcurl/src/http2.c +++ b/libs/libcurl/src/http2.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -43,19 +43,11 @@ #define H2_BUFSIZE 32768 -#if (NGHTTP2_VERSION_NUM < 0x010000) +#if (NGHTTP2_VERSION_NUM < 0x010c00) #error too old nghttp2 version, upgrade! #endif -#if (NGHTTP2_VERSION_NUM > 0x010800) -#define NGHTTP2_HAS_HTTP2_STRERROR 1 -#endif - -#if (NGHTTP2_VERSION_NUM >= 0x010900) -/* nghttp2_session_callbacks_set_error_callback is present in nghttp2 1.9.0 or - later */ -#define NGHTTP2_HAS_ERROR_CALLBACK 1 -#else +#ifdef CURL_DISABLE_VERBOSE_STRINGS #define nghttp2_session_callbacks_set_error_callback(x,y) #endif @@ -63,7 +55,7 @@ #define NGHTTP2_HAS_SET_LOCAL_WINDOW_SIZE 1 #endif -#define HTTP2_HUGE_WINDOW_SIZE (1 << 30) +#define HTTP2_HUGE_WINDOW_SIZE (32 * 1024 * 1024) /* 32 MB */ #ifdef DEBUG_HTTP2 #define H2BUGF(x) x @@ -344,35 +336,6 @@ int Curl_http2_ver(char *p, size_t len) return msnprintf(p, len, " nghttp2/%s", h2->version_str); } -/* HTTP/2 error code to name based on the Error Code Registry. -https://tools.ietf.org/html/rfc7540#page-77 -nghttp2_error_code enums are identical. -*/ -static const char *http2_strerror(uint32_t err) -{ -#ifndef NGHTTP2_HAS_HTTP2_STRERROR - const char *str[] = { - "NO_ERROR", /* 0x0 */ - "PROTOCOL_ERROR", /* 0x1 */ - "INTERNAL_ERROR", /* 0x2 */ - "FLOW_CONTROL_ERROR", /* 0x3 */ - "SETTINGS_TIMEOUT", /* 0x4 */ - "STREAM_CLOSED", /* 0x5 */ - "FRAME_SIZE_ERROR", /* 0x6 */ - "REFUSED_STREAM", /* 0x7 */ - "CANCEL", /* 0x8 */ - "COMPRESSION_ERROR", /* 0x9 */ - "CONNECT_ERROR", /* 0xA */ - "ENHANCE_YOUR_CALM", /* 0xB */ - "INADEQUATE_SECURITY", /* 0xC */ - "HTTP_1_1_REQUIRED" /* 0xD */ - }; - return (err < sizeof(str) / sizeof(str[0])) ? str[err] : "unknown"; -#else - return nghttp2_http2_strerror(err); -#endif -} - /* * The implementation of nghttp2_send_callback type. Here we write |data| with * size |length| to the network and return the number of bytes actually @@ -838,7 +801,7 @@ static int on_stream_close(nghttp2_session *session, int32_t stream_id, return 0; } H2BUGF(infof(data_s, "on_stream_close(), %s (err %d), stream %u\n", - http2_strerror(error_code), error_code, stream_id)); + nghttp2_strerror(error_code), error_code, stream_id)); stream = data_s->req.protop; if(!stream) return NGHTTP2_ERR_CALLBACK_FAILURE; @@ -1138,8 +1101,7 @@ static ssize_t data_source_read_callback(nghttp2_session *session, return nread; } -#if defined(NGHTTP2_HAS_ERROR_CALLBACK) && \ - !defined(CURL_DISABLE_VERBOSE_STRINGS) +#if !defined(CURL_DISABLE_VERBOSE_STRINGS) static int error_callback(nghttp2_session *session, const char *msg, size_t len, @@ -1156,9 +1118,10 @@ static void populate_settings(struct connectdata *conn, struct http_conn *httpc) { nghttp2_settings_entry *iv = httpc->local_settings; + DEBUGASSERT(conn->data); iv[0].settings_id = NGHTTP2_SETTINGS_MAX_CONCURRENT_STREAMS; - iv[0].value = (uint32_t)Curl_multi_max_concurrent_streams(conn->data->multi); + iv[0].value = Curl_multi_max_concurrent_streams(conn->data->multi); iv[1].settings_id = NGHTTP2_SETTINGS_INITIAL_WINDOW_SIZE; iv[1].value = HTTP2_HUGE_WINDOW_SIZE; @@ -1257,9 +1220,7 @@ static CURLcode http2_init(struct connectdata *conn) /* nghttp2_on_header_callback */ nghttp2_session_callbacks_set_on_header_callback(callbacks, on_header); -#ifndef CURL_DISABLE_VERBOSE_STRINGS nghttp2_session_callbacks_set_error_callback(callbacks, error_callback); -#endif /* The nghttp2 session is not yet setup, do it */ rc = nghttp2_session_client_new(&conn->proto.httpc.h2, callbacks, conn); @@ -1457,7 +1418,7 @@ static ssize_t http2_handle_stream_close(struct connectdata *conn, } else if(httpc->error_code != NGHTTP2_NO_ERROR) { failf(data, "HTTP/2 stream %d was not closed cleanly: %s (err %u)", - stream->stream_id, http2_strerror(httpc->error_code), + stream->stream_id, nghttp2_strerror(httpc->error_code), httpc->error_code); *err = CURLE_HTTP2_STREAM; return -1; @@ -1594,8 +1555,12 @@ static ssize_t http2_recv(struct connectdata *conn, int sockindex, return ncopy; } - H2BUGF(infof(data, "http2_recv: easy %p (stream %u)\n", - data, stream->stream_id)); + H2BUGF(infof(data, "http2_recv: easy %p (stream %u) win %u/%u\n", + data, stream->stream_id, + nghttp2_session_get_local_window_size(httpc->h2), + nghttp2_session_get_stream_local_window_size(httpc->h2, + stream->stream_id) + )); if((data->state.drain) && stream->memlen) { H2BUGF(infof(data, "http2_recv: DRAIN %zu bytes stream %u!! (%p => %p)\n", @@ -1626,7 +1591,6 @@ static ssize_t http2_recv(struct connectdata *conn, int sockindex, stream->pausedata += nread; stream->pauselen -= nread; - infof(data, "%zd data bytes written\n", nread); if(stream->pauselen == 0) { H2BUGF(infof(data, "Unpaused by stream %u\n", stream->stream_id)); DEBUGASSERT(httpc->pause_stream_id == stream->stream_id); @@ -2264,7 +2228,6 @@ CURLcode Curl_http2_switched(struct connectdata *conn, } } -#ifdef NGHTTP2_HAS_SET_LOCAL_WINDOW_SIZE rv = nghttp2_session_set_local_window_size(httpc->h2, NGHTTP2_FLAG_NONE, 0, HTTP2_HUGE_WINDOW_SIZE); if(rv != 0) { @@ -2272,7 +2235,6 @@ CURLcode Curl_http2_switched(struct connectdata *conn, nghttp2_strerror(rv), rv); return CURLE_HTTP2; } -#endif /* we are going to copy mem to httpc->inbuf. This is required since mem is part of buffer pointed by stream->mem, and callbacks @@ -2330,6 +2292,51 @@ CURLcode Curl_http2_switched(struct connectdata *conn, return CURLE_OK; } +CURLcode Curl_http2_stream_pause(struct Curl_easy *data, bool pause) +{ + DEBUGASSERT(data); + DEBUGASSERT(data->conn); + /* if it isn't HTTP/2, we're done */ + if(!data->conn->proto.httpc.h2) + return CURLE_OK; +#ifdef NGHTTP2_HAS_SET_LOCAL_WINDOW_SIZE + else { + struct HTTP *stream = data->req.protop; + struct http_conn *httpc = &data->conn->proto.httpc; + uint32_t window = !pause * HTTP2_HUGE_WINDOW_SIZE; + int rv = nghttp2_session_set_local_window_size(httpc->h2, + NGHTTP2_FLAG_NONE, + stream->stream_id, + window); + if(rv) { + failf(data, "nghttp2_session_set_local_window_size() failed: %s(%d)", + nghttp2_strerror(rv), rv); + return CURLE_HTTP2; + } + + /* make sure the window update gets sent */ + rv = h2_session_send(data, httpc->h2); + if(rv) + return CURLE_SEND_ERROR; + + DEBUGF(infof(data, "Set HTTP/2 window size to %u for stream %u\n", + window, stream->stream_id)); + +#ifdef DEBUGBUILD + { + /* read out the stream local window again */ + uint32_t window2 = + nghttp2_session_get_stream_local_window_size(httpc->h2, + stream->stream_id); + DEBUGF(infof(data, "HTTP/2 window size is now %u for stream %u\n", + window2, stream->stream_id)); + } +#endif + } +#endif + return CURLE_OK; +} + CURLcode Curl_http2_add_child(struct Curl_easy *parent, struct Curl_easy *child, bool exclusive) diff --git a/libs/libcurl/src/http2.h b/libs/libcurl/src/http2.h index 12d36eef9b..1989aff826 100644 --- a/libs/libcurl/src/http2.h +++ b/libs/libcurl/src/http2.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -58,6 +58,7 @@ CURLcode Curl_http2_add_child(struct Curl_easy *parent, void Curl_http2_remove_child(struct Curl_easy *parent, struct Curl_easy *child); void Curl_http2_cleanup_dependencies(struct Curl_easy *data); +CURLcode Curl_http2_stream_pause(struct Curl_easy *data, bool pause); /* returns true if the HTTP/2 stream error was HTTP_1_1_REQUIRED */ bool Curl_h2_http_1_1_error(struct connectdata *conn); @@ -74,6 +75,7 @@ bool Curl_h2_http_1_1_error(struct connectdata *conn); #define Curl_http2_add_child(x, y, z) #define Curl_http2_remove_child(x, y) #define Curl_http2_cleanup_dependencies(x) +#define Curl_http2_stream_pause(x, y) #define Curl_h2_http_1_1_error(x) 0 #endif diff --git a/libs/libcurl/src/libcurl.plist b/libs/libcurl/src/libcurl.plist index 236ec4279b..f0001fee06 100644 --- a/libs/libcurl/src/libcurl.plist +++ b/libs/libcurl/src/libcurl.plist @@ -15,7 +15,7 @@ se.haxx.curl.libcurl CFBundleVersion - 7.68.0 + 7.69.0 CFBundleName libcurl @@ -27,9 +27,9 @@ ???? CFBundleShortVersionString - libcurl 7.68.0 + libcurl 7.69.0 CFBundleGetInfoString - libcurl.plist 7.68.0 + libcurl.plist 7.69.0 diff --git a/libs/libcurl/src/llist.c b/libs/libcurl/src/llist.c index f8769c2af8..e7c6f51dc7 100644 --- a/libs/libcurl/src/llist.c +++ b/libs/libcurl/src/llist.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -144,54 +144,3 @@ Curl_llist_count(struct curl_llist *list) { return list->size; } - -/* - * @unittest: 1300 - */ -void Curl_llist_move(struct curl_llist *list, struct curl_llist_element *e, - struct curl_llist *to_list, - struct curl_llist_element *to_e) -{ - /* Remove element from list */ - if(e == NULL || list->size == 0) - return; - - if(e == list->head) { - list->head = e->next; - - if(list->head == NULL) - list->tail = NULL; - else - e->next->prev = NULL; - } - else { - e->prev->next = e->next; - if(!e->next) - list->tail = e->prev; - else - e->next->prev = e->prev; - } - - --list->size; - - /* Add element to to_list after to_e */ - if(to_list->size == 0) { - to_list->head = e; - to_list->head->prev = NULL; - to_list->head->next = NULL; - to_list->tail = e; - } - else { - e->next = to_e->next; - e->prev = to_e; - if(to_e->next) { - to_e->next->prev = e; - } - else { - to_list->tail = e; - } - to_e->next = e; - } - - ++to_list->size; -} diff --git a/libs/libcurl/src/llist.h b/libs/libcurl/src/llist.h index a5e2ecbfb4..0178c42598 100644 --- a/libs/libcurl/src/llist.h +++ b/libs/libcurl/src/llist.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -47,7 +47,4 @@ void Curl_llist_remove(struct curl_llist *, struct curl_llist_element *, void *); size_t Curl_llist_count(struct curl_llist *); void Curl_llist_destroy(struct curl_llist *, void *); -void Curl_llist_move(struct curl_llist *, struct curl_llist_element *, - struct curl_llist *, struct curl_llist_element *); - #endif /* HEADER_CURL_LLIST_H */ diff --git a/libs/libcurl/src/md4.c b/libs/libcurl/src/md4.c index bbf8975081..38f1b2bc96 100644 --- a/libs/libcurl/src/md4.c +++ b/libs/libcurl/src/md4.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -29,10 +29,16 @@ #ifdef USE_OPENSSL #include -#endif +#endif /* USE_OPENSSL */ + #ifdef USE_MBEDTLS #include +#include + +#if(MBEDTLS_VERSION_NUMBER >= 0x02070000) + #define HAS_MBEDTLS_RESULT_CODE_BASED_FUNCTIONS #endif +#endif /* USE_MBEDTLS */ #if defined(USE_GNUTLS_NETTLE) @@ -65,10 +71,11 @@ static void MD4_Final(unsigned char *result, MD4_CTX *ctx) #include #include "curl_memory.h" + /* The last #include file should be: */ #include "memdebug.h" -typedef struct gcry_md_hd_t MD4_CTX; +typedef gcry_md_hd_t MD4_CTX; static void MD4_Init(MD4_CTX *ctx) { @@ -82,52 +89,41 @@ static void MD4_Update(MD4_CTX *ctx, const void *data, unsigned long size) static void MD4_Final(unsigned char *result, MD4_CTX *ctx) { - memcpy(result, gcry_md_read(ctx, 0), MD4_DIGEST_LENGTH); - gcry_md_close(ctx); + memcpy(result, gcry_md_read(*ctx, 0), MD4_DIGEST_LENGTH); + gcry_md_close(*ctx); } #elif defined(USE_OPENSSL) && !defined(OPENSSL_NO_MD4) /* When OpenSSL is available we use the MD4-functions from OpenSSL */ #include -#elif defined(USE_SECTRANSP) +#elif (defined(__MAC_OS_X_VERSION_MAX_ALLOWED) && \ + (__MAC_OS_X_VERSION_MAX_ALLOWED >= 1040)) || \ + (defined(__IPHONE_OS_VERSION_MAX_ALLOWED) && \ + (__IPHONE_OS_VERSION_MAX_ALLOWED >= 20000)) #include #include "curl_memory.h" + /* The last #include file should be: */ #include "memdebug.h" -typedef struct { - void *data; - unsigned long size; -} MD4_CTX; +typedef CC_MD4_CTX MD4_CTX; static void MD4_Init(MD4_CTX *ctx) { - ctx->data = NULL; - ctx->size = 0; + (void)CC_MD4_Init(ctx); } static void MD4_Update(MD4_CTX *ctx, const void *data, unsigned long size) { - if(ctx->data == NULL) { - ctx->data = malloc(size); - if(ctx->data != NULL) { - memcpy(ctx->data, data, size); - ctx->size = size; - } - } + (void)CC_MD4_Update(ctx, data, (CC_LONG)size); } static void MD4_Final(unsigned char *result, MD4_CTX *ctx) { - if(ctx->data != NULL) { - (void)CC_MD4(ctx->data, (CC_LONG) ctx->size, result); - - Curl_safefree(ctx->data); - ctx->size = 0; - } + (void)CC_MD4_Final(result, ctx); } #elif defined(USE_WIN32_CRYPTO) @@ -135,7 +131,8 @@ static void MD4_Final(unsigned char *result, MD4_CTX *ctx) #include #include "curl_memory.h" - /* The last #include file should be: */ + +/* The last #include file should be: */ #include "memdebug.h" typedef struct { @@ -156,7 +153,7 @@ static void MD4_Init(MD4_CTX *ctx) static void MD4_Update(MD4_CTX *ctx, const void *data, unsigned long size) { - CryptHashData(ctx->hHash, data, (unsigned int) size, 0); + CryptHashData(ctx->hHash, (BYTE *)data, (unsigned int) size, 0); } static void MD4_Final(unsigned char *result, MD4_CTX *ctx) @@ -179,6 +176,7 @@ static void MD4_Final(unsigned char *result, MD4_CTX *ctx) #include #include "curl_memory.h" + /* The last #include file should be: */ #include "memdebug.h" @@ -207,7 +205,11 @@ static void MD4_Update(MD4_CTX *ctx, const void *data, unsigned long size) static void MD4_Final(unsigned char *result, MD4_CTX *ctx) { if(ctx->data != NULL) { +#if !defined(HAS_MBEDTLS_RESULT_CODE_BASED_FUNCTIONS) mbedtls_md4(ctx->data, ctx->size, result); +#else + (void) mbedtls_md4_ret(ctx->data, ctx->size, result); +#endif Curl_safefree(ctx->data); ctx->size = 0; @@ -505,9 +507,11 @@ static void MD4_Final(unsigned char *result, MD4_CTX *ctx) #endif /* CRYPTO LIBS */ -void Curl_md4it(unsigned char *output, const unsigned char *input, size_t len) +void Curl_md4it(unsigned char *output, const unsigned char *input, + const size_t len) { MD4_CTX ctx; + MD4_Init(&ctx); MD4_Update(&ctx, input, curlx_uztoui(len)); MD4_Final(output, &ctx); diff --git a/libs/libcurl/src/md5.c b/libs/libcurl/src/md5.c index 2b81ca455a..3f601b3a42 100644 --- a/libs/libcurl/src/md5.c +++ b/libs/libcurl/src/md5.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -30,6 +30,14 @@ #include "curl_hmac.h" #include "warnless.h" +#ifdef USE_MBEDTLS +#include + +#if(MBEDTLS_VERSION_NUMBER >= 0x02070000) + #define HAS_MBEDTLS_RESULT_CODE_BASED_FUNCTIONS +#endif +#endif /* USE_MBEDTLS */ + #if defined(USE_GNUTLS_NETTLE) #include @@ -51,7 +59,7 @@ static void MD5_Update(MD5_CTX *ctx, md5_update(ctx, inputLen, input); } -static void MD5_Final(unsigned char digest[16], MD5_CTX *ctx) +static void MD5_Final(unsigned char *digest, MD5_CTX *ctx) { md5_digest(ctx, 16, digest); } @@ -77,7 +85,7 @@ static void MD5_Update(MD5_CTX *ctx, gcry_md_write(*ctx, input, inputLen); } -static void MD5_Final(unsigned char digest[16], MD5_CTX *ctx) +static void MD5_Final(unsigned char *digest, MD5_CTX *ctx) { memcpy(digest, gcry_md_read(*ctx, 0), 16); gcry_md_close(*ctx); @@ -90,6 +98,46 @@ static void MD5_Final(unsigned char digest[16], MD5_CTX *ctx) /* The last #include file should be: */ #include "memdebug.h" +#elif defined(USE_MBEDTLS) + +#include + +#include "curl_memory.h" + +/* The last #include file should be: */ +#include "memdebug.h" + +typedef mbedtls_md5_context MD5_CTX; + +static void MD5_Init(MD5_CTX *ctx) +{ +#if !defined(HAS_MBEDTLS_RESULT_CODE_BASED_FUNCTIONS) + mbedtls_md5_starts(ctx); +#else + (void) mbedtls_md5_starts_ret(ctx); +#endif +} + +static void MD5_Update(MD5_CTX *ctx, + const unsigned char *data, + unsigned int length) +{ +#if !defined(HAS_MBEDTLS_RESULT_CODE_BASED_FUNCTIONS) + mbedtls_md5_update(ctx, data, length); +#else + (void) mbedtls_md5_update_ret(ctx, data, length); +#endif +} + +static void MD5_Final(unsigned char *digest, MD5_CTX *ctx) +{ +#if !defined(HAS_MBEDTLS_RESULT_CODE_BASED_FUNCTIONS) + mbedtls_md5_finish(ctx, digest); +#else + (void) mbedtls_md5_finish_ret(ctx, digest); +#endif +} + #elif (defined(__MAC_OS_X_VERSION_MAX_ALLOWED) && \ (__MAC_OS_X_VERSION_MAX_ALLOWED >= 1040)) || \ (defined(__IPHONE_OS_VERSION_MAX_ALLOWED) && \ @@ -119,12 +167,12 @@ static void MD5_Update(MD5_CTX *ctx, CC_MD5_Update(ctx, input, inputLen); } -static void MD5_Final(unsigned char digest[16], MD5_CTX *ctx) +static void MD5_Final(unsigned char *digest, MD5_CTX *ctx) { CC_MD5_Final(digest, ctx); } -#elif defined(WIN32) && !defined(CURL_WINDOWS_APP) +#elif defined(USE_WIN32_CRYPTO) #include #include "curl_memory.h" @@ -151,7 +199,7 @@ static void MD5_Update(MD5_CTX *ctx, CryptHashData(ctx->hHash, (unsigned char *)input, inputLen, 0); } -static void MD5_Final(unsigned char digest[16], MD5_CTX *ctx) +static void MD5_Final(unsigned char *digest, MD5_CTX *ctx) { unsigned long length = 0; CryptGetHashParam(ctx->hHash, HP_HASHVAL, NULL, &length, 0); @@ -164,7 +212,9 @@ static void MD5_Final(unsigned char digest[16], MD5_CTX *ctx) } #else + /* When no other crypto library is available we use this code segment */ + /* * This is an OpenSSL-compatible implementation of the RSA Data Security, Inc. * MD5 Message-Digest Algorithm (RFC 1321). @@ -513,12 +563,13 @@ const MD5_params Curl_DIGEST_MD5[] = { /* * @unittest: 1601 */ -void Curl_md5it(unsigned char *outbuffer, /* 16 bytes */ - const unsigned char *input) +void Curl_md5it(unsigned char *outbuffer, const unsigned char *input, + const size_t len) { MD5_CTX ctx; + MD5_Init(&ctx); - MD5_Update(&ctx, input, curlx_uztoui(strlen((char *)input))); + MD5_Update(&ctx, input, curlx_uztoui(len)); MD5_Final(outbuffer, &ctx); } diff --git a/libs/libcurl/src/mime.c b/libs/libcurl/src/mime.c index 081e51e508..2571287c6a 100644 --- a/libs/libcurl/src/mime.c +++ b/libs/libcurl/src/mime.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms diff --git a/libs/libcurl/src/mime.h b/libs/libcurl/src/mime.h index 3241fdc1f7..4312125796 100644 --- a/libs/libcurl/src/mime.h +++ b/libs/libcurl/src/mime.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms diff --git a/libs/libcurl/src/mk-ca-bundle.pl b/libs/libcurl/src/mk-ca-bundle.pl index 33977f3226..09e8e5b9bb 100644 --- a/libs/libcurl/src/mk-ca-bundle.pl +++ b/libs/libcurl/src/mk-ca-bundle.pl @@ -6,7 +6,7 @@ # * | (__| |_| | _ <| |___ # * \___|\___/|_| \_\_____| # * -# * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. +# * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. # * # * This software is licensed as described in the file COPYING, which # * you should have received as part of this distribution. The terms @@ -38,6 +38,7 @@ use warnings; use vars qw($opt_b $opt_d $opt_f $opt_h $opt_i $opt_k $opt_l $opt_m $opt_n $opt_p $opt_q $opt_s $opt_t $opt_u $opt_v $opt_w); use List::Util; use Text::Wrap; +use Time::Local; my $MOD_SHA = "Digest::SHA"; eval "require $MOD_SHA"; if ($@) { @@ -421,6 +422,8 @@ my $certnum = 0; my $skipnum = 0; my $start_of_cert = 0; my @precert; +my $cka_value; +my $valid = 1; open(TXT,"$txt") or die "Couldn't open $txt: $!\n"; while () { @@ -435,6 +438,7 @@ while () { } elsif(/^# (Issuer|Serial Number|Subject|Not Valid Before|Not Valid After |Fingerprint \(MD5\)|Fingerprint \(SHA1\)):/) { push @precert, $_; + $valid = 1; next; } elsif(/^#|^\s*$/) { @@ -443,6 +447,49 @@ while () { } chomp; + # Example: + # CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL + # \062\060\060\066\061\067\060\060\060\060\060\060\132 + # END + + if (/^CKA_NSS_SERVER_DISTRUST_AFTER (CK_BBOOL CK_FALSE|MULTILINE_OCTAL)/) { + if($1 eq "MULTILINE_OCTAL") { + my @timestamp; + while () { + last if (/^END/); + chomp; + my @octets = split(/\\/); + shift @octets; + for (@octets) { + push @timestamp, chr(oct); + } + } + # A trailing Z in the timestamp signifies UTC + if($timestamp[12] ne "Z") { + report "distrust date stamp is not using UTC"; + } + # Example date: 200617000000Z + # Means 2020-06-17 00:00:00 UTC + my $distrustat = + timegm($timestamp[10] . $timestamp[11], # second + $timestamp[8] . $timestamp[9], # minute + $timestamp[6] . $timestamp[7], # hour + $timestamp[4] . $timestamp[5], # day + ($timestamp[2] . $timestamp[3]) - 1, # month + "20" . $timestamp[0] . $timestamp[1]); # year + if(time >= $distrustat) { + # not trusted anymore + $skipnum++; + report "Skipping: $caname is not trusted anymore" if ($opt_v); + $valid = 0; + } + else { + # still trusted + } + } + next; + } + # this is a match for the start of a certificate if (/^CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE/) { $start_of_cert = 1 @@ -452,21 +499,18 @@ while () { } my %trust_purposes_by_level; if ($start_of_cert && /^CKA_VALUE MULTILINE_OCTAL/) { - my $data; + $cka_value=""; while () { last if (/^END/); chomp; my @octets = split(/\\/); shift @octets; for (@octets) { - $data .= chr(oct); + $cka_value .= chr(oct); } } - # scan forwards until the trust part - while () { - last if (/^CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST/); - chomp; - } + } + if(/^CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST/ && $valid) { # now scan the trust part to determine how we should trust this cert while () { last if (/^#/); @@ -485,6 +529,8 @@ while () { $skipnum ++; report "Skipping: $caname" if ($opt_v); } else { + my $data = $cka_value; + $cka_value = ""; my $encoded = MIME::Base64::encode_base64($data, ''); $encoded =~ s/(.{1,${opt_w}})/$1\n/g; my $pem = "-----BEGIN CERTIFICATE-----\n" diff --git a/libs/libcurl/src/multi.c b/libs/libcurl/src/multi.c index 6d819b4aaa..cef2805c8e 100644 --- a/libs/libcurl/src/multi.c +++ b/libs/libcurl/src/multi.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -47,6 +47,7 @@ #include "http_proxy.h" #include "http2.h" #include "socketpair.h" +#include "socks.h" /* The last 3 #include files should be in this order */ #include "curl_printf.h" #include "curl_memory.h" @@ -369,6 +370,8 @@ struct Curl_multi *Curl_multi_handle(int hashsize, /* socket hash */ /* -1 means it not set by user, use the default value */ multi->maxconnects = -1; + multi->max_concurrent_streams = 100; + multi->ipv6_works = Curl_ipv6works(NULL); #ifdef ENABLE_WAKEUP if(Curl_socketpair(AF_UNIX, SOCK_STREAM, 0, multi->wakeup_pair) < 0) { @@ -590,6 +593,9 @@ static CURLcode multi_done(struct Curl_easy *data, detach_connnection(data); if(CONN_INUSE(conn)) { /* Stop if still used. */ + /* conn->data must not remain pointing to this transfer since it is going + away! Find another to own it! */ + conn->data = conn->easyq.head->ptr; CONN_UNLOCK(data); DEBUGF(infof(data, "Connection still in use %zu, " "no more multi_done now!\n", @@ -725,8 +731,8 @@ CURLMcode curl_multi_remove_handle(struct Curl_multi *multi, we don't leave a half-baked one around */ if(easy_owns_conn) { - /* multi_done() clears the conn->data field to lose the association - between the easy handle and the connection + /* multi_done() clears the association between the easy handle and the + connection. Note that this ignores the return code simply because there's nothing really useful to do with it anyway! */ @@ -851,6 +857,9 @@ static int waitconnect_getsock(struct connectdata *conn, return Curl_ssl_getsock(conn, sock); #endif + if(SOCKS_STATE(conn->cnnct.state)) + return Curl_SOCKS_getsock(conn, sock, FIRSTSOCKET); + for(i = 0; i<2; i++) { if(conn->tempsock[i] != CURL_SOCKET_BAD) { sock[s] = conn->tempsock[i]; @@ -1048,6 +1057,9 @@ static CURLMcode Curl_multi_wait(struct Curl_multi *multi, if(multi->in_callback) return CURLM_RECURSIVE_API_CALL; + if(timeout_ms < 0) + return CURLM_BAD_FUNCTION_ARGUMENT; + /* Count up how many fds we have from the multi handle */ data = multi->easyp; while(data) { @@ -1187,7 +1199,7 @@ static CURLMcode Curl_multi_wait(struct Curl_multi *multi, data from it until it receives an error (except EINTR). In normal cases it will get EAGAIN or EWOULDBLOCK when there is no more data, breaking the loop. */ - if(sread(multi->wakeup_pair[0], buf, sizeof(buf)) < 0) { + if(sread(multi->wakeup_pair[0], buf, sizeof(buf)) <= 0) { #ifndef USE_WINSOCK if(EINTR == SOCKERRNO) continue; @@ -2183,8 +2195,13 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, } } } - else if(comeback) - rc = CURLM_CALL_MULTI_PERFORM; + else if(comeback) { + /* This avoids CURLM_CALL_MULTI_PERFORM so that a very fast transfer + won't get stuck on this transfer at the expense of other concurrent + transfers */ + Curl_expire(data, 0, EXPIRE_RUN_NOW); + rc = CURLM_OK; + } break; } @@ -2897,8 +2914,8 @@ CURLMcode curl_multi_setopt(struct Curl_multi *multi, if(streams < 1) streams = 100; multi->max_concurrent_streams = - (streams > (long)INITIAL_MAX_CONCURRENT_STREAMS)? - (long)INITIAL_MAX_CONCURRENT_STREAMS : streams; + (streams > (long)INITIAL_MAX_CONCURRENT_STREAMS)? + INITIAL_MAX_CONCURRENT_STREAMS : (unsigned int)streams; } break; default: @@ -3340,8 +3357,8 @@ void Curl_multi_dump(struct Curl_multi *multi) } #endif -size_t Curl_multi_max_concurrent_streams(struct Curl_multi *multi) +unsigned int Curl_multi_max_concurrent_streams(struct Curl_multi *multi) { - return multi ? ((size_t)multi->max_concurrent_streams ? - (size_t)multi->max_concurrent_streams : 100) : 0; + DEBUGASSERT(multi); + return multi->max_concurrent_streams; } diff --git a/libs/libcurl/src/multihandle.h b/libs/libcurl/src/multihandle.h index 0bf09e6bb5..91eca16c4a 100644 --- a/libs/libcurl/src/multihandle.h +++ b/libs/libcurl/src/multihandle.h @@ -119,11 +119,6 @@ struct Curl_multi { same actual socket) */ struct curl_hash sockhash; - /* multiplexing wanted */ - bool multiplexing; - - bool recheckstate; /* see Curl_multi_connchanged */ - /* Shared connection cache (bundles)*/ struct conncache conn_cache; @@ -141,13 +136,17 @@ struct Curl_multi { void *timer_userp; struct curltime timer_lastcall; /* the fixed time for the timeout for the previous callback */ - bool in_callback; /* true while executing a callback */ - long max_concurrent_streams; /* max concurrent streams client to support */ + unsigned int max_concurrent_streams; #ifdef ENABLE_WAKEUP curl_socket_t wakeup_pair[2]; /* socketpair() used for wakeup 0 is used for read, 1 is used for write */ #endif + /* multiplexing wanted */ + bool multiplexing; + bool recheckstate; /* see Curl_multi_connchanged */ + bool in_callback; /* true while executing a callback */ + bool ipv6_works; }; #endif /* HEADER_CURL_MULTIHANDLE_H */ diff --git a/libs/libcurl/src/multiif.h b/libs/libcurl/src/multiif.h index 75025232c4..bde755ee0f 100644 --- a/libs/libcurl/src/multiif.h +++ b/libs/libcurl/src/multiif.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -90,9 +90,7 @@ CURLMcode Curl_multi_add_perform(struct Curl_multi *multi, struct connectdata *conn); -/* Return the value of the CURLMOPT_MAX_CONCURRENT_STREAMS option - * If not specified or 0, default would be 100 - */ -size_t Curl_multi_max_concurrent_streams(struct Curl_multi *multi); +/* Return the value of the CURLMOPT_MAX_CONCURRENT_STREAMS option */ +unsigned int Curl_multi_max_concurrent_streams(struct Curl_multi *multi); #endif /* HEADER_CURL_MULTIIF_H */ diff --git a/libs/libcurl/src/rename.c b/libs/libcurl/src/rename.c new file mode 100644 index 0000000000..bb170d3cc7 --- /dev/null +++ b/libs/libcurl/src/rename.c @@ -0,0 +1,62 @@ +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 2020, Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.haxx.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ + +#include "rename.h" + +#include "curl_setup.h" + +#if (!defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_COOKIES)) || \ + defined(USE_ALTSVC) + +#include "timeval.h" + +/* The last 3 #include files should be in this order */ +#include "curl_printf.h" +#include "curl_memory.h" +#include "memdebug.h" + +/* return 0 on success, 1 on error */ +int Curl_rename(const char *oldpath, const char *newpath) +{ +#ifdef WIN32 + /* rename() on Windows doesn't overwrite, so we can't use it here. + MoveFileExA() will overwrite and is usually atomic, however it fails + when there are open handles to the file. */ + const int max_wait_ms = 1000; + struct curltime start = Curl_now(); + for(;;) { + timediff_t diff; + if(MoveFileExA(oldpath, newpath, MOVEFILE_REPLACE_EXISTING)) + break; + diff = Curl_timediff(Curl_now(), start); + if(diff < 0 || diff > max_wait_ms) + return 1; + Sleep(1); + } +#else + if(rename(oldpath, newpath)) + return 1; +#endif + return 0; +} + +#endif diff --git a/libs/libcurl/src/rename.h b/libs/libcurl/src/rename.h new file mode 100644 index 0000000000..d7442c8447 --- /dev/null +++ b/libs/libcurl/src/rename.h @@ -0,0 +1,27 @@ +#ifndef HEADER_CURL_RENAME_H +#define HEADER_CURL_RENAME_H +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 2020, Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.haxx.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ + +int Curl_rename(const char *oldpath, const char *newpath); + +#endif /* HEADER_CURL_RENAME_H */ diff --git a/libs/libcurl/src/select.c b/libs/libcurl/src/select.c index 2de503d370..b372efff10 100644 --- a/libs/libcurl/src/select.c +++ b/libs/libcurl/src/select.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -53,9 +53,6 @@ /* Convenience local macros */ #define ELAPSED_MS() (int)Curl_timediff(Curl_now(), initial_tv) -int Curl_ack_eintr = 0; -#define ERROR_NOT_EINTR(error) (Curl_ack_eintr || error != EINTR) - /* * Internal function used for waiting a specific amount of ms * in Curl_socket_check() and Curl_poll() when no file descriptor @@ -74,13 +71,6 @@ int Curl_ack_eintr = 0; */ int Curl_wait_ms(int timeout_ms) { -#if !defined(MSDOS) && !defined(USE_WINSOCK) -#ifndef HAVE_POLL_FINE - struct timeval pending_tv; -#endif - struct curltime initial_tv; - int pending_ms; -#endif int r = 0; if(!timeout_ms) @@ -94,28 +84,16 @@ int Curl_wait_ms(int timeout_ms) #elif defined(USE_WINSOCK) Sleep(timeout_ms); #else - pending_ms = timeout_ms; - initial_tv = Curl_now(); - do { - int error; #if defined(HAVE_POLL_FINE) - r = poll(NULL, 0, pending_ms); + r = poll(NULL, 0, timeout_ms); #else - pending_tv.tv_sec = pending_ms / 1000; - pending_tv.tv_usec = (pending_ms % 1000) * 1000; + { + struct timeval pending_tv; + pending_tv.tv_sec = timeout_ms / 1000; + pending_tv.tv_usec = (timeout_ms % 1000) * 1000; r = select(0, NULL, NULL, NULL, &pending_tv); + } #endif /* HAVE_POLL_FINE */ - if(r != -1) - break; - error = SOCKERRNO; - if(error && ERROR_NOT_EINTR(error)) - break; - pending_ms = timeout_ms - ELAPSED_MS(); - if(pending_ms <= 0) { - r = 0; /* Simulate a "call timed out" case */ - break; - } - } while(r == -1); #endif /* USE_WINSOCK */ if(r) r = -1; @@ -158,7 +136,6 @@ int Curl_socket_check(curl_socket_t readfd0, /* two sockets to read from */ fd_set fds_err; curl_socket_t maxfd; #endif - struct curltime initial_tv = {0, 0}; int pending_ms = 0; int r; int ret; @@ -183,7 +160,6 @@ int Curl_socket_check(curl_socket_t readfd0, /* two sockets to read from */ if(timeout_ms > 0) { pending_ms = (int)timeout_ms; - initial_tv = Curl_now(); } #ifdef HAVE_POLL_FINE @@ -208,26 +184,11 @@ int Curl_socket_check(curl_socket_t readfd0, /* two sockets to read from */ num++; } - do { - int error; - if(timeout_ms < 0) - pending_ms = -1; - else if(!timeout_ms) - pending_ms = 0; - r = poll(pfd, num, pending_ms); - if(r != -1) - break; - error = SOCKERRNO; - if(error && ERROR_NOT_EINTR(error)) - break; - if(timeout_ms > 0) { - pending_ms = (int)(timeout_ms - ELAPSED_MS()); - if(pending_ms <= 0) { - r = 0; /* Simulate a "call timed out" case */ - break; - } - } - } while(r == -1); + if(timeout_ms < 0) + pending_ms = -1; + else if(!timeout_ms) + pending_ms = 0; + r = poll(pfd, num, pending_ms); if(r < 0) return -1; @@ -290,61 +251,45 @@ int Curl_socket_check(curl_socket_t readfd0, /* two sockets to read from */ ptimeout = (timeout_ms < 0) ? NULL : &pending_tv; - do { - int error; - if(timeout_ms > 0) { - pending_tv.tv_sec = pending_ms / 1000; - pending_tv.tv_usec = (pending_ms % 1000) * 1000; - } - else if(!timeout_ms) { - pending_tv.tv_sec = 0; - pending_tv.tv_usec = 0; - } + if(timeout_ms > 0) { + pending_tv.tv_sec = pending_ms / 1000; + pending_tv.tv_usec = (pending_ms % 1000) * 1000; + } + else if(!timeout_ms) { + pending_tv.tv_sec = 0; + pending_tv.tv_usec = 0; + } - /* WinSock select() must not be called with an fd_set that contains zero - fd flags, or it will return WSAEINVAL. But, it also can't be called - with no fd_sets at all! From the documentation: + /* WinSock select() must not be called with an fd_set that contains zero + fd flags, or it will return WSAEINVAL. But, it also can't be called + with no fd_sets at all! From the documentation: - Any two of the parameters, readfds, writefds, or exceptfds, can be - given as null. At least one must be non-null, and any non-null - descriptor set must contain at least one handle to a socket. + Any two of the parameters, readfds, writefds, or exceptfds, can be + given as null. At least one must be non-null, and any non-null + descriptor set must contain at least one handle to a socket. - We know that we have at least one bit set in at least two fd_sets in - this case, but we may have no bits set in either fds_read or fd_write, - so check for that and handle it. Luckily, with WinSock, we can _also_ - ask how many bits are set on an fd_set. + We know that we have at least one bit set in at least two fd_sets in + this case, but we may have no bits set in either fds_read or fd_write, + so check for that and handle it. Luckily, with WinSock, we can _also_ + ask how many bits are set on an fd_set. - It is unclear why WinSock doesn't just handle this for us instead of - calling this an error. + It is unclear why WinSock doesn't just handle this for us instead of + calling this an error. - Note also that WinSock ignores the first argument, so we don't worry - about the fact that maxfd is computed incorrectly with WinSock (since - curl_socket_t is unsigned in such cases and thus -1 is the largest - value). - */ + Note also that WinSock ignores the first argument, so we don't worry + about the fact that maxfd is computed incorrectly with WinSock (since + curl_socket_t is unsigned in such cases and thus -1 is the largest + value). + */ #ifdef USE_WINSOCK - r = select((int)maxfd + 1, - fds_read.fd_count ? &fds_read : NULL, - fds_write.fd_count ? &fds_write : NULL, - &fds_err, ptimeout); + r = select((int)maxfd + 1, + fds_read.fd_count ? &fds_read : NULL, + fds_write.fd_count ? &fds_write : NULL, + &fds_err, ptimeout); #else - r = select((int)maxfd + 1, &fds_read, &fds_write, &fds_err, ptimeout); + r = select((int)maxfd + 1, &fds_read, &fds_write, &fds_err, ptimeout); #endif - if(r != -1) - break; - error = SOCKERRNO; - if(error && ERROR_NOT_EINTR(error)) - break; - if(timeout_ms > 0) { - pending_ms = (int)(timeout_ms - ELAPSED_MS()); - if(pending_ms <= 0) { - r = 0; /* Simulate a "call timed out" case */ - break; - } - } - } while(r == -1); - if(r < 0) return -1; if(r == 0) @@ -399,7 +344,6 @@ int Curl_poll(struct pollfd ufds[], unsigned int nfds, int timeout_ms) fd_set fds_err; curl_socket_t maxfd; #endif - struct curltime initial_tv = {0, 0}; bool fds_none = TRUE; unsigned int i; int pending_ms = 0; @@ -425,31 +369,15 @@ int Curl_poll(struct pollfd ufds[], unsigned int nfds, int timeout_ms) if(timeout_ms > 0) { pending_ms = timeout_ms; - initial_tv = Curl_now(); } #ifdef HAVE_POLL_FINE - do { - int error; - if(timeout_ms < 0) - pending_ms = -1; - else if(!timeout_ms) - pending_ms = 0; - r = poll(ufds, nfds, pending_ms); - if(r != -1) - break; - error = SOCKERRNO; - if(error && ERROR_NOT_EINTR(error)) - break; - if(timeout_ms > 0) { - pending_ms = (int)(timeout_ms - ELAPSED_MS()); - if(pending_ms <= 0) { - r = 0; /* Simulate a "call timed out" case */ - break; - } - } - } while(r == -1); + if(timeout_ms < 0) + pending_ms = -1; + else if(!timeout_ms) + pending_ms = 0; + r = poll(ufds, nfds, pending_ms); if(r < 0) return -1; @@ -502,42 +430,27 @@ int Curl_poll(struct pollfd ufds[], unsigned int nfds, int timeout_ms) ptimeout = (timeout_ms < 0) ? NULL : &pending_tv; - do { - int error; - if(timeout_ms > 0) { - pending_tv.tv_sec = pending_ms / 1000; - pending_tv.tv_usec = (pending_ms % 1000) * 1000; - } - else if(!timeout_ms) { - pending_tv.tv_sec = 0; - pending_tv.tv_usec = 0; - } + if(timeout_ms > 0) { + pending_tv.tv_sec = pending_ms / 1000; + pending_tv.tv_usec = (pending_ms % 1000) * 1000; + } + else if(!timeout_ms) { + pending_tv.tv_sec = 0; + pending_tv.tv_usec = 0; + } #ifdef USE_WINSOCK - r = select((int)maxfd + 1, - /* WinSock select() can't handle fd_sets with zero bits set, so - don't give it such arguments. See the comment about this in - Curl_check_socket(). - */ - fds_read.fd_count ? &fds_read : NULL, - fds_write.fd_count ? &fds_write : NULL, - fds_err.fd_count ? &fds_err : NULL, ptimeout); + r = select((int)maxfd + 1, + /* WinSock select() can't handle fd_sets with zero bits set, so + don't give it such arguments. See the comment about this in + Curl_check_socket(). + */ + fds_read.fd_count ? &fds_read : NULL, + fds_write.fd_count ? &fds_write : NULL, + fds_err.fd_count ? &fds_err : NULL, ptimeout); #else - r = select((int)maxfd + 1, &fds_read, &fds_write, &fds_err, ptimeout); + r = select((int)maxfd + 1, &fds_read, &fds_write, &fds_err, ptimeout); #endif - if(r != -1) - break; - error = SOCKERRNO; - if(error && ERROR_NOT_EINTR(error)) - break; - if(timeout_ms > 0) { - pending_ms = timeout_ms - ELAPSED_MS(); - if(pending_ms <= 0) { - r = 0; /* Simulate a "call timed out" case */ - break; - } - } - } while(r == -1); if(r < 0) return -1; diff --git a/libs/libcurl/src/select.h b/libs/libcurl/src/select.h index 687ab164c4..ec3021aac2 100644 --- a/libs/libcurl/src/select.h +++ b/libs/libcurl/src/select.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -75,20 +75,12 @@ struct pollfd int Curl_socket_check(curl_socket_t readfd, curl_socket_t readfd2, curl_socket_t writefd, time_t timeout_ms); - #define SOCKET_READABLE(x,z) \ Curl_socket_check(x, CURL_SOCKET_BAD, CURL_SOCKET_BAD, (time_t)z) #define SOCKET_WRITABLE(x,z) \ Curl_socket_check(CURL_SOCKET_BAD, CURL_SOCKET_BAD, x, (time_t)z) int Curl_poll(struct pollfd ufds[], unsigned int nfds, int timeout_ms); - -/* On non-DOS and non-Winsock platforms, when Curl_ack_eintr is set, - * EINTR condition is honored and function might exit early without - * awaiting full timeout. Otherwise EINTR will be ignored and full - * timeout will elapse. */ -extern int Curl_ack_eintr; - int Curl_wait_ms(int timeout_ms); #ifdef TPF diff --git a/libs/libcurl/src/sendf.c b/libs/libcurl/src/sendf.c index 6c38b04b23..6ef47aa801 100644 --- a/libs/libcurl/src/sendf.c +++ b/libs/libcurl/src/sendf.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -43,6 +43,7 @@ #include "strerror.h" #include "select.h" #include "strdup.h" +#include "http2.h" /* The last 3 #include files should be in this order */ #include "curl_printf.h" @@ -501,6 +502,9 @@ static CURLcode pausewrite(struct Curl_easy *data, unsigned int i; bool newtype = TRUE; + /* If this transfers over HTTP/2, pause the stream! */ + Curl_http2_stream_pause(data, TRUE); + if(s->tempcount) { for(i = 0; i< s->tempcount; i++) { if(s->tempwrite[i].type == type) { @@ -529,6 +533,8 @@ static CURLcode pausewrite(struct Curl_easy *data, /* update the pointer and the size */ s->tempwrite[i].buf = newptr; s->tempwrite[i].len = newlen; + + len = newlen; /* for the debug output below */ } else { dupl = Curl_memdup(ptr, len); @@ -692,19 +698,20 @@ CURLcode Curl_read_plain(curl_socket_t sockfd, ssize_t nread = sread(sockfd, buf, bytesfromsocket); if(-1 == nread) { - int err = SOCKERRNO; - int return_error; + const int err = SOCKERRNO; + const bool return_error = #ifdef USE_WINSOCK - return_error = WSAEWOULDBLOCK == err; + WSAEWOULDBLOCK == err #else - return_error = EWOULDBLOCK == err || EAGAIN == err || EINTR == err; + EWOULDBLOCK == err || EAGAIN == err || EINTR == err #endif + ; + *n = 0; /* no data returned */ if(return_error) return CURLE_AGAIN; return CURLE_RECV_ERROR; } - /* we only return number of bytes read when we return OK */ *n = nread; return CURLE_OK; } diff --git a/libs/libcurl/src/setopt.c b/libs/libcurl/src/setopt.c index 5f88ad3afd..2e494a6df9 100644 --- a/libs/libcurl/src/setopt.c +++ b/libs/libcurl/src/setopt.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -2288,7 +2288,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) case CURLOPT_SSH_KEYFUNCTION: /* setting to NULL is fine since the ssh.c functions themselves will - then rever to use the internal default */ + then revert to use the internal default */ data->set.ssh_keyfunc = va_arg(param, curl_sshkeycallback); break; @@ -2391,6 +2391,10 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) /* Set the list of mail recipients */ data->set.mail_rcpt = va_arg(param, struct curl_slist *); break; + case CURLOPT_MAIL_RCPT_ALLLOWFAILS: + /* allow RCPT TO command to fail for some recipients */ + data->set.mail_rcpt_allowfails = (0 != va_arg(param, long)) ? TRUE : FALSE; + break; #endif case CURLOPT_SASL_AUTHZID: diff --git a/libs/libcurl/src/sha256.c b/libs/libcurl/src/sha256.c index bcaaeae308..97214182be 100644 --- a/libs/libcurl/src/sha256.c +++ b/libs/libcurl/src/sha256.c @@ -5,7 +5,8 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2019, Florin Petriuc, + * Copyright (C) 2017, Florin Petriuc, + * Copyright (C) 2018 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -35,16 +36,135 @@ #define USE_OPENSSL_SHA256 #endif +#endif /* USE_OPENSSL */ + +#ifdef USE_MBEDTLS +#include + +#if(MBEDTLS_VERSION_NUMBER >= 0x02070000) + #define HAS_RESULT_CODE_BASED_FUNCTIONS #endif +#endif /* USE_MBEDTLS */ + +/* Please keep the SSL backend-specific #if branches in this order: + * + * 1. USE_OPENSSL + * 2. USE_GNUTLS_NETTLE + * 3. USE_GNUTLS + * 4. USE_MBEDTLS + * 5. USE_COMMON_CRYPTO + * 6. USE_WIN32_CRYPTO + * + * This ensures that the same SSL branch gets activated throughout this source + * file even if multiple backends are enabled at the same time. + */ + +#if defined(USE_OPENSSL_SHA256) -#ifdef USE_OPENSSL_SHA256 /* When OpenSSL is available we use the SHA256-function from OpenSSL */ #include + +#elif defined(USE_GNUTLS_NETTLE) + +#include + +#include "curl_memory.h" + +/* The last #include file should be: */ +#include "memdebug.h" + +typedef struct sha256_ctx SHA256_CTX; + +static void SHA256_Init(SHA256_CTX *ctx) +{ + sha256_init(ctx); +} + +static void SHA256_Update(SHA256_CTX *ctx, + const unsigned char *data, + unsigned int length) +{ + sha256_update(ctx, length, data); +} + +static void SHA256_Final(unsigned char *digest, SHA256_CTX *ctx) +{ + sha256_digest(ctx, SHA256_DIGEST_SIZE, digest); +} + +#elif defined(USE_GNUTLS) + +#include + +#include "curl_memory.h" + +/* The last #include file should be: */ +#include "memdebug.h" + +typedef gcry_md_hd_t SHA256_CTX; + +static void SHA256_Init(SHA256_CTX *ctx) +{ + gcry_md_open(ctx, GCRY_MD_SHA256, 0); +} + +static void SHA256_Update(SHA256_CTX *ctx, + const unsigned char *data, + unsigned int length) +{ + gcry_md_write(*ctx, data, length); +} + +static void SHA256_Final(unsigned char *digest, SHA256_CTX *ctx) +{ + memcpy(digest, gcry_md_read(*ctx, 0), SHA256_DIGEST_LENGTH); + gcry_md_close(*ctx); +} + +#elif defined(USE_MBEDTLS) + +#include + +#include "curl_memory.h" + +/* The last #include file should be: */ +#include "memdebug.h" + +typedef mbedtls_sha256_context SHA256_CTX; + +static void SHA256_Init(SHA256_CTX *ctx) +{ +#if !defined(HAS_RESULT_CODE_BASED_FUNCTIONS) + mbedtls_sha256_starts(ctx, 0); +#else + (void) mbedtls_sha256_starts_ret(ctx, 0); +#endif +} + +static void SHA256_Update(SHA256_CTX *ctx, + const unsigned char *data, + unsigned int length) +{ +#if !defined(HAS_RESULT_CODE_BASED_FUNCTIONS) + mbedtls_sha256_update(ctx, data, length); +#else + (void) mbedtls_sha256_update_ret(ctx, data, length); +#endif +} + +static void SHA256_Final(unsigned char *digest, SHA256_CTX *ctx) +{ +#if !defined(HAS_RESULT_CODE_BASED_FUNCTIONS) + mbedtls_sha256_finish(ctx, digest); +#else + (void) mbedtls_sha256_finish_ret(ctx, digest); +#endif +} + #else /* When no other crypto library is available we use this code segment */ -/* ===== start - public domain SHA256 implementation ===== */ /* This is based on SHA256 implementation in LibTomCrypt that was released into * public domain by Tom St Denis. */ @@ -95,7 +215,8 @@ typedef struct sha256_state { unsigned long state[8], curlen; unsigned char buf[64]; } SHA256_CTX; -/* the K array */ + +/* The K array */ static const unsigned long K[64] = { 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, 0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, 0xd807aa98UL, 0x12835b01UL, @@ -111,6 +232,7 @@ static const unsigned long K[64] = { 0x682e6ff3UL, 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL, 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL }; + /* Various logical functions */ #define RORc(x, y) \ (((((unsigned long)(x) & 0xFFFFFFFFUL) >> (unsigned long)((y) & 31)) | \ @@ -123,13 +245,15 @@ static const unsigned long K[64] = { #define Sigma1(x) (S(x, 6) ^ S(x, 11) ^ S(x, 25)) #define Gamma0(x) (S(x, 7) ^ S(x, 18) ^ R(x, 3)) #define Gamma1(x) (S(x, 17) ^ S(x, 19) ^ R(x, 10)) -/* compress 512-bits */ + +/* Compress 512-bits */ static int sha256_compress(struct sha256_state *md, unsigned char *buf) { unsigned long S[8], W[64]; int i; - /* copy state into S */ + + /* Copy state into S */ for(i = 0; i < 8; i++) { S[i] = md->state[i]; } @@ -141,6 +265,7 @@ static int sha256_compress(struct sha256_state *md, W[i] = Gamma1(W[i - 2]) + W[i - 7] + Gamma0(W[i - 15]) + W[i - 16]; } + /* Compress */ #define RND(a,b,c,d,e,f,g,h,i) \ unsigned long t0 = h + Sigma1(e) + Ch(e, f, g) + K[i] + W[i]; \ @@ -153,12 +278,15 @@ static int sha256_compress(struct sha256_state *md, t = S[7]; S[7] = S[6]; S[6] = S[5]; S[5] = S[4]; S[4] = S[3]; S[3] = S[2]; S[2] = S[1]; S[1] = S[0]; S[0] = t; } - /* feedback */ + + /* Feedback */ for(i = 0; i < 8; i++) { md->state[i] = md->state[i] + S[i]; } + return 0; } + /* Initialize the hash state */ static void SHA256_Init(struct sha256_state *md) { @@ -173,7 +301,8 @@ static void SHA256_Init(struct sha256_state *md) md->state[6] = 0x1F83D9ABUL; md->state[7] = 0x5BE0CD19UL; } -/** + +/* Process a block of memory though the hash @param md The hash state @param in The data to hash @@ -185,6 +314,7 @@ static int SHA256_Update(struct sha256_state *md, unsigned long inlen) { unsigned long n; + #define block_size 64 if(md->curlen > sizeof(md->buf)) return -1; @@ -210,9 +340,11 @@ static int SHA256_Update(struct sha256_state *md, } } } + return 0; } -/** + +/* Terminate the hash to get the digest @param md The hash state @param out [out] The destination of the hash (32 bytes) @@ -222,13 +354,17 @@ static int SHA256_Final(unsigned char *out, struct sha256_state *md) { int i; + if(md->curlen >= sizeof(md->buf)) return -1; - /* increase the length of the message */ + + /* Increase the length of the message */ md->length += md->curlen * 8; - /* append the '1' bit */ + + /* Append the '1' bit */ md->buf[md->curlen++] = (unsigned char)0x80; - /* if the length is currently above 56 bytes we append zeros + + /* If the length is currently above 56 bytes we append zeros * then compress. Then we can fall back to padding zeros and length * encoding like normal. */ @@ -239,29 +375,44 @@ static int SHA256_Final(unsigned char *out, sha256_compress(md, md->buf); md->curlen = 0; } - /* pad up to 56 bytes of zeroes */ + + /* Pad up to 56 bytes of zeroes */ while(md->curlen < 56) { md->buf[md->curlen++] = (unsigned char)0; } - /* store length */ + + /* Store length */ WPA_PUT_BE64(md->buf + 56, md->length); sha256_compress(md, md->buf); - /* copy output */ + + /* Copy output */ for(i = 0; i < 8; i++) WPA_PUT_BE32(out + (4 * i), md->state[i]); + return 0; } -/* ===== end - public domain SHA256 implementation ===== */ -#endif +#endif /* CRYPTO LIBS */ -void Curl_sha256it(unsigned char *outbuffer, /* 32 unsigned chars */ - const unsigned char *input) +/* + * Curl_sha256it() + * + * Generates a SHA256 hash for the given input data. + * + * Parameters: + * + * output [in/out] - The output buffer. + * input [in] - The input data. + * length [in] - The input length. + */ +void Curl_sha256it(unsigned char *output, const unsigned char *input, + const size_t length) { SHA256_CTX ctx; + SHA256_Init(&ctx); - SHA256_Update(&ctx, input, curlx_uztoui(strlen((char *)input))); - SHA256_Final(outbuffer, &ctx); + SHA256_Update(&ctx, input, curlx_uztoui(length)); + SHA256_Final(output, &ctx); } #endif /* CURL_DISABLE_CRYPTO_AUTH */ diff --git a/libs/libcurl/src/smtp.c b/libs/libcurl/src/smtp.c index 65220b0f68..e1872871dc 100644 --- a/libs/libcurl/src/smtp.c +++ b/libs/libcurl/src/smtp.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -27,6 +27,9 @@ * RFC4752 The Kerberos V5 ("GSSAPI") SASL Mechanism * RFC4954 SMTP Authentication * RFC5321 SMTP protocol + * RFC5890 Internationalized Domain Names for Applications (IDNA) + * RFC6531 SMTP Extension for Internationalized Email + * RFC6532 Internationalized Email Headers * RFC6749 OAuth 2.0 Authorization Framework * RFC8314 Use of TLS for Email Submission and Access * Draft SMTP URL Interface @@ -101,6 +104,8 @@ static CURLcode smtp_setup_connection(struct connectdata *conn); static CURLcode smtp_parse_url_options(struct connectdata *conn); static CURLcode smtp_parse_url_path(struct connectdata *conn); static CURLcode smtp_parse_custom_request(struct connectdata *conn); +static CURLcode smtp_parse_address(struct connectdata *conn, const char *fqma, + char **address, struct hostname *host); static CURLcode smtp_perform_auth(struct connectdata *conn, const char *mech, const char *initresp); static CURLcode smtp_continue_auth(struct connectdata *conn, const char *resp); @@ -481,13 +486,55 @@ static CURLcode smtp_perform_command(struct connectdata *conn) struct Curl_easy *data = conn->data; struct SMTP *smtp = data->req.protop; - /* Send the command */ - if(smtp->rcpt) - result = Curl_pp_sendf(&conn->proto.smtpc.pp, "%s %s", - smtp->custom && smtp->custom[0] != '\0' ? - smtp->custom : "VRFY", - smtp->rcpt->data); + if(smtp->rcpt) { + /* We notify the server we are sending UTF-8 data if a) it supports the + SMTPUTF8 extension and b) The mailbox contains UTF-8 charaacters, in + either the local address or host name parts. This is regardless of + whether the host name is encoded using IDN ACE */ + bool utf8 = FALSE; + + if((!smtp->custom) || (!smtp->custom[0])) { + char *address = NULL; + struct hostname host = { NULL, NULL, NULL, NULL }; + + /* Parse the mailbox to verify into the local address and host name + parts, converting the host name to an IDN A-label if necessary */ + result = smtp_parse_address(conn, smtp->rcpt->data, + &address, &host); + if(result) + return result; + + /* Establish whether we should report SMTPUTF8 to the server for this + mailbox as per RFC-6531 sect. 3.1 point 6 */ + utf8 = (conn->proto.smtpc.utf8_supported) && + ((host.encalloc) || (!Curl_is_ASCII_name(address)) || + (!Curl_is_ASCII_name(host.name))); + + /* Send the VRFY command (Note: The host name part may be absent when the + host is a local system) */ + result = Curl_pp_sendf(&conn->proto.smtpc.pp, "VRFY %s%s%s%s", + address, + host.name ? "@" : "", + host.name ? host.name : "", + utf8 ? " SMTPUTF8" : ""); + + Curl_free_idnconverted_hostname(&host); + free(address); + } + else { + /* Establish whether we should report that we support SMTPUTF8 for EXPN + commands to the server as per RFC-6531 sect. 3.1 point 6 */ + utf8 = (conn->proto.smtpc.utf8_supported) && + (!strcmp(smtp->custom, "EXPN")); + + /* Send the custom recipient based command such as the EXPN command */ + result = Curl_pp_sendf(&conn->proto.smtpc.pp, "%s %s%s", smtp->custom, + smtp->rcpt->data, + utf8 ? " SMTPUTF8" : ""); + } + } else + /* Send the non-recipient based command such as HELP */ result = Curl_pp_sendf(&conn->proto.smtpc.pp, "%s", smtp->custom && smtp->custom[0] != '\0' ? smtp->custom : "HELP"); @@ -512,22 +559,86 @@ static CURLcode smtp_perform_mail(struct connectdata *conn) CURLcode result = CURLE_OK; struct Curl_easy *data = conn->data; + /* We notify the server we are sending UTF-8 data if a) it supports the + SMTPUTF8 extension and b) The mailbox contains UTF-8 charaacters, in + either the local address or host name parts. This is regardless of + whether the host name is encoded using IDN ACE */ + bool utf8 = FALSE; + /* Calculate the FROM parameter */ - if(!data->set.str[STRING_MAIL_FROM]) + if(data->set.str[STRING_MAIL_FROM]) { + char *address = NULL; + struct hostname host = { NULL, NULL, NULL, NULL }; + + /* Parse the FROM mailbox into the local address and host name parts, + converting the host name to an IDN A-label if necessary */ + result = smtp_parse_address(conn, data->set.str[STRING_MAIL_FROM], + &address, &host); + if(result) + return result; + + /* Establish whether we should report SMTPUTF8 to the server for this + mailbox as per RFC-6531 sect. 3.1 point 4 and sect. 3.4 */ + utf8 = (conn->proto.smtpc.utf8_supported) && + ((host.encalloc) || (!Curl_is_ASCII_name(address)) || + (!Curl_is_ASCII_name(host.name))); + + if(host.name) { + from = aprintf("<%s@%s>", address, host.name); + + Curl_free_idnconverted_hostname(&host); + } + else + /* An invalid mailbox was provided but we'll simply let the server worry + about that and reply with a 501 error */ + from = aprintf("<%s>", address); + + free(address); + } + else /* Null reverse-path, RFC-5321, sect. 3.6.3 */ from = strdup("<>"); - else if(data->set.str[STRING_MAIL_FROM][0] == '<') - from = aprintf("%s", data->set.str[STRING_MAIL_FROM]); - else - from = aprintf("<%s>", data->set.str[STRING_MAIL_FROM]); if(!from) return CURLE_OUT_OF_MEMORY; /* Calculate the optional AUTH parameter */ if(data->set.str[STRING_MAIL_AUTH] && conn->proto.smtpc.sasl.authused) { - if(data->set.str[STRING_MAIL_AUTH][0] != '\0') - auth = aprintf("%s", data->set.str[STRING_MAIL_AUTH]); + if(data->set.str[STRING_MAIL_AUTH][0] != '\0') { + char *address = NULL; + struct hostname host = { NULL, NULL, NULL, NULL }; + + /* Parse the AUTH mailbox into the local address and host name parts, + converting the host name to an IDN A-label if necessary */ + result = smtp_parse_address(conn, data->set.str[STRING_MAIL_AUTH], + &address, &host); + if(result) { + free(from); + return result; + } + + /* Establish whether we should report SMTPUTF8 to the server for this + mailbox as per RFC-6531 sect. 3.1 point 4 and sect. 3.4 */ + if((!utf8) && (conn->proto.smtpc.utf8_supported) && + ((host.encalloc) || (!Curl_is_ASCII_name(address)) || + (!Curl_is_ASCII_name(host.name)))) + utf8 = TRUE; + + if(host.name) { + free(from); + from = aprintf("<%s@%s>", address, host.name); + + Curl_free_idnconverted_hostname(&host); + } + else + /* An invalid mailbox was provided but we'll simply let the server + worry about it */ + auth = aprintf("<%s>", address); + + free(address); + if(!from) + return CURLE_OUT_OF_MEMORY; + } else /* Empty AUTH, RFC-2554, sect. 5 */ auth = strdup("<>"); @@ -561,6 +672,7 @@ static CURLcode smtp_perform_mail(struct connectdata *conn) if(result) { free(from); free(auth); + return result; } @@ -583,19 +695,33 @@ static CURLcode smtp_perform_mail(struct connectdata *conn) } } + /* If the mailboxes in the FROM and AUTH parameters don't include a UTF-8 + based address then quickly scan through the recipient list and check if + any there do, as we need to correctly identify our support for SMTPUTF8 + in the envelope, as per RFC-6531 sect. 3.4 */ + if(conn->proto.smtpc.utf8_supported && !utf8) { + struct SMTP *smtp = data->req.protop; + struct curl_slist *rcpt = smtp->rcpt; + + while(rcpt && !utf8) { + /* Does the host name contain non-ASCII characters? */ + if(!Curl_is_ASCII_name(rcpt->data)) + utf8 = TRUE; + + rcpt = rcpt->next; + } + } + /* Send the MAIL command */ - if(!auth && !size) - result = Curl_pp_sendf(&conn->proto.smtpc.pp, - "MAIL FROM:%s", from); - else if(auth && !size) - result = Curl_pp_sendf(&conn->proto.smtpc.pp, - "MAIL FROM:%s AUTH=%s", from, auth); - else if(auth && size) - result = Curl_pp_sendf(&conn->proto.smtpc.pp, - "MAIL FROM:%s AUTH=%s SIZE=%s", from, auth, size); - else - result = Curl_pp_sendf(&conn->proto.smtpc.pp, - "MAIL FROM:%s SIZE=%s", from, size); + result = Curl_pp_sendf(&conn->proto.smtpc.pp, + "MAIL FROM:%s%s%s%s%s%s", + from, /* Mandatory */ + auth ? " AUTH=" : "", /* Optional on AUTH support */ + auth ? auth : "", /* */ + size ? " SIZE=" : "", /* Optional on SIZE support */ + size ? size : "", /* */ + utf8 ? " SMTPUTF8" /* Internationalised mailbox */ + : ""); /* included in our envelope */ free(from); free(auth); @@ -619,14 +745,28 @@ static CURLcode smtp_perform_rcpt_to(struct connectdata *conn) CURLcode result = CURLE_OK; struct Curl_easy *data = conn->data; struct SMTP *smtp = data->req.protop; + char *address = NULL; + struct hostname host = { NULL, NULL, NULL, NULL }; + + /* Parse the recipient mailbox into the local address and host name parts, + converting the host name to an IDN A-label if necessary */ + result = smtp_parse_address(conn, smtp->rcpt->data, + &address, &host); + if(result) + return result; /* Send the RCPT TO command */ - if(smtp->rcpt->data[0] == '<') - result = Curl_pp_sendf(&conn->proto.smtpc.pp, "RCPT TO:%s", - smtp->rcpt->data); + if(host.name) + result = Curl_pp_sendf(&conn->proto.smtpc.pp, "RCPT TO:<%s@%s>", address, + host.name); else - result = Curl_pp_sendf(&conn->proto.smtpc.pp, "RCPT TO:<%s>", - smtp->rcpt->data); + /* An invalid mailbox was provided but we'll simply let the server worry + about that and reply with a 501 error */ + result = Curl_pp_sendf(&conn->proto.smtpc.pp, "RCPT TO:<%s>", address); + + Curl_free_idnconverted_hostname(&host); + free(address); + if(!result) state(conn, SMTP_RCPT); @@ -726,6 +866,10 @@ static CURLcode smtp_state_ehlo_resp(struct connectdata *conn, int smtpcode, else if(len >= 4 && !memcmp(line, "SIZE", 4)) smtpc->size_supported = TRUE; + /* Does the server support the UTF-8 capability? */ + else if(len >= 8 && !memcmp(line, "SMTPUTF8", 8)) + smtpc->utf8_supported = TRUE; + /* Does the server support authentication? */ else if(len >= 5 && !memcmp(line, "AUTH ", 5)) { smtpc->auth_supported = TRUE; @@ -915,25 +1059,53 @@ static CURLcode smtp_state_rcpt_resp(struct connectdata *conn, int smtpcode, CURLcode result = CURLE_OK; struct Curl_easy *data = conn->data; struct SMTP *smtp = data->req.protop; + bool is_smtp_err = FALSE; + bool is_smtp_blocking_err = FALSE; (void)instate; /* no use for this yet */ - if(smtpcode/100 != 2) { - failf(data, "RCPT failed: %d", smtpcode); - result = CURLE_SEND_ERROR; + is_smtp_err = (smtpcode/100 != 2) ? TRUE : FALSE; + + /* If there's multiple RCPT TO to be issued, it's possible to ignore errors + and proceed with only the valid addresses. */ + is_smtp_blocking_err = + (is_smtp_err && !data->set.mail_rcpt_allowfails) ? TRUE : FALSE; + + if(is_smtp_err) { + /* Remembering the last failure which we can report if all "RCPT TO" have + failed and we cannot proceed. */ + smtp->rcpt_last_error = smtpcode; + + if(is_smtp_blocking_err) { + failf(data, "RCPT failed: %d", smtpcode); + result = CURLE_SEND_ERROR; + } } else { + /* Some RCPT TO commands have succeeded. */ + smtp->rcpt_had_ok = TRUE; + } + + if(!is_smtp_blocking_err) { smtp->rcpt = smtp->rcpt->next; if(smtp->rcpt) /* Send the next RCPT TO command */ result = smtp_perform_rcpt_to(conn); else { - /* Send the DATA command */ - result = Curl_pp_sendf(&conn->proto.smtpc.pp, "%s", "DATA"); + /* We weren't able to issue a successful RCPT TO command while going + over recipients (potentially multiple). Sending back last error. */ + if(!smtp->rcpt_had_ok) { + failf(data, "RCPT failed: %d (last error)", smtp->rcpt_last_error); + result = CURLE_SEND_ERROR; + } + else { + /* Send the DATA command */ + result = Curl_pp_sendf(&conn->proto.smtpc.pp, "%s", "DATA"); - if(!result) - state(conn, SMTP_DATA); + if(!result) + state(conn, SMTP_DATA); + } } } @@ -1287,6 +1459,12 @@ static CURLcode smtp_perform(struct connectdata *conn, bool *connected, /* Store the first recipient (or NULL if not specified) */ smtp->rcpt = data->set.mail_rcpt; + /* Track of whether we've successfully sent at least one RCPT TO command */ + smtp->rcpt_had_ok = FALSE; + + /* Track of the last error we've received by sending RCPT TO command */ + smtp->rcpt_last_error = 0; + /* Initial data character is the first character in line: it is implicitly preceded by a virtual CRLF. */ smtp->trailing_crlf = TRUE; @@ -1537,6 +1715,76 @@ static CURLcode smtp_parse_custom_request(struct connectdata *conn) return result; } +/*********************************************************************** + * + * smtp_parse_address() + * + * Parse the fully qualified mailbox address into a local address part and the + * host name, converting the host name to an IDN A-label, as per RFC-5890, if + * necessary. + * + * Parameters: + * + * conn [in] - The connection handle. + * fqma [in] - The fully qualified mailbox address (which may or + * may not contain UTF-8 characters). + * address [in/out] - A new allocated buffer which holds the local + * address part of the mailbox. This buffer must be + * free'ed by the caller. + * host [in/out] - The host name structure that holds the original, + * and optionally encoded, host name. + * Curl_free_idnconverted_hostname() must be called + * once the caller has finished with the structure. + * + * Returns CURLE_OK on success. + * + * Notes: + * + * Should a UTF-8 host name require conversion to IDN ACE and we cannot honor + * that convertion then we shall return success. This allow the caller to send + * the data to the server as a U-label (as per RFC-6531 sect. 3.2). + * + * If an mailbox '@' seperator cannot be located then the mailbox is considered + * to be either a local mailbox or an invalid mailbox (depending on what the + * calling function deems it to be) then the input will simply be returned in + * the address part with the host name being NULL. + */ +static CURLcode smtp_parse_address(struct connectdata *conn, const char *fqma, + char **address, struct hostname *host) +{ + CURLcode result = CURLE_OK; + size_t length; + + /* Duplicate the fully qualified email address so we can manipulate it, + ensuring it doesn't contain the delimiters if specified */ + char *dup = strdup(fqma[0] == '<' ? fqma + 1 : fqma); + if(!dup) + return CURLE_OUT_OF_MEMORY; + + length = strlen(dup); + if(dup[length - 1] == '>') + dup[length - 1] = '\0'; + + /* Extract the host name from the addresss (if we can) */ + host->name = strpbrk(dup, "@"); + if(host->name) { + *host->name = '\0'; + host->name = host->name + 1; + + /* Attempt to convert the host name to IDN ACE */ + (void) Curl_idnconvert_hostname(conn, host); + + /* If Curl_idnconvert_hostname() fails then we shall attempt to continue + and send the host name using UTF-8 rather than as 7-bit ACE (which is + our preference) */ + } + + /* Extract the local address from the mailbox */ + *address = dup; + + return result; +} + CURLcode Curl_smtp_escape_eob(struct connectdata *conn, const ssize_t nread) { /* When sending a SMTP payload we must detect CRLF. sequences making sure diff --git a/libs/libcurl/src/smtp.h b/libs/libcurl/src/smtp.h index 20fc081190..164a175d75 100644 --- a/libs/libcurl/src/smtp.h +++ b/libs/libcurl/src/smtp.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2009 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 2009 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -55,6 +55,9 @@ struct SMTP { curl_pp_transfer transfer; char *custom; /* Custom Request */ struct curl_slist *rcpt; /* Recipient list */ + bool rcpt_had_ok; /* Whether any of RCPT TO commands (depends on + total number of recipients) succeeded so far */ + int rcpt_last_error; /* The last error received for RCPT TO command */ size_t eob; /* Number of bytes of the EOB (End Of Body) that have been received so far */ bool trailing_crlf; /* Specifies if the tailing CRLF is present */ @@ -71,6 +74,8 @@ struct smtp_conn { bool tls_supported; /* StartTLS capability supported by server */ bool size_supported; /* If server supports SIZE extension according to RFC 1870 */ + bool utf8_supported; /* If server supports SMTPUTF8 extension according + to RFC 6531 */ bool auth_supported; /* AUTH capability supported by server */ }; diff --git a/libs/libcurl/src/socks.c b/libs/libcurl/src/socks.c index 6ae98184d1..0fb97e1e5d 100644 --- a/libs/libcurl/src/socks.c +++ b/libs/libcurl/src/socks.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -37,18 +37,19 @@ #include "connect.h" #include "timeval.h" #include "socks.h" +#include "multiif.h" /* for getsock macros */ /* The last 3 #include files should be in this order */ #include "curl_printf.h" #include "curl_memory.h" #include "memdebug.h" +#if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI) /* * Helper read-from-socket functions. Does the same as Curl_read() but it * blocks until all bytes amount of buffersize will be read. No more, no less. * - * This is STUPID BLOCKING behaviour which we frown upon, but right now this - * is what we have... + * This is STUPID BLOCKING behavior. Only used by the SOCKS GSSAPI functions. */ int Curl_blockread_all(struct connectdata *conn, /* connection data */ curl_socket_t sockfd, /* read from this socket */ @@ -94,6 +95,81 @@ int Curl_blockread_all(struct connectdata *conn, /* connection data */ } return result; } +#endif + +#ifndef DEBUGBUILD +#define sxstate(x,y) socksstate(x,y) +#else +#define sxstate(x,y) socksstate(x,y, __LINE__) +#endif + + +/* always use this function to change state, to make debugging easier */ +static void socksstate(struct connectdata *conn, + enum connect_t state +#ifdef DEBUGBUILD + , int lineno +#endif +) +{ + enum connect_t oldstate = conn->cnnct.state; +#if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS) + /* synced with the state list in urldata.h */ + static const char * const statename[] = { + "INIT", + "SOCKS_INIT", + "SOCKS_SEND", + "SOCKS_READ_INIT", + "SOCKS_READ", + "GSSAPI_INIT", + "AUTH_INIT", + "AUTH_SEND", + "AUTH_READ", + "REQ_INIT", + "RESOLVING", + "RESOLVED", + "RESOLVE_REMOTE", + "REQ_SEND", + "REQ_SENDING", + "REQ_READ", + "REQ_READ_MORE", + "DONE" + }; +#endif + + if(oldstate == state) + /* don't bother when the new state is the same as the old state */ + return; + + conn->cnnct.state = state; + +#if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS) + infof(conn->data, + "SXSTATE: %s => %s conn %p; line %d\n", + statename[oldstate], statename[conn->cnnct.state], conn, + lineno); +#endif +} + +int Curl_SOCKS_getsock(struct connectdata *conn, curl_socket_t *sock, + int sockindex) +{ + int rc = 0; + sock[0] = conn->sock[sockindex]; + switch(conn->cnnct.state) { + case CONNECT_RESOLVING: + case CONNECT_SOCKS_READ: + case CONNECT_AUTH_READ: + case CONNECT_REQ_READ: + case CONNECT_REQ_READ_MORE: + rc = GETSOCK_READSOCK(0); + break; + default: + rc = GETSOCK_WRITESOCK(0); + break; + } + return rc; +} /* * This function logs in to a SOCKS4 proxy and sends the specifics to the final @@ -110,62 +186,89 @@ CURLcode Curl_SOCKS4(const char *proxy_user, const char *hostname, int remote_port, int sockindex, - struct connectdata *conn) + struct connectdata *conn, + bool *done) { const bool protocol4a = (conn->socks_proxy.proxytype == CURLPROXY_SOCKS4A) ? TRUE : FALSE; -#define SOCKS4REQLEN 262 - unsigned char socksreq[SOCKS4REQLEN]; /* room for SOCKS4 request incl. user - id */ - CURLcode code; - curl_socket_t sock = conn->sock[sockindex]; + unsigned char *socksreq = &conn->cnnct.socksreq[0]; + CURLcode result; + curl_socket_t sockfd = conn->sock[sockindex]; struct Curl_easy *data = conn->data; + struct connstate *sx = &conn->cnnct; + struct Curl_dns_entry *dns = NULL; + ssize_t actualread; + ssize_t written; - if(Curl_timeleft(data, NULL, TRUE) < 0) { - /* time-out, bail out, go home */ - failf(data, "Connection time-out"); - return CURLE_OPERATION_TIMEDOUT; - } - - if(conn->bits.httpproxy) - infof(conn->data, "SOCKS4%s: connecting to HTTP proxy %s port %d\n", - protocol4a ? "a" : "", hostname, remote_port); - - (void)curlx_nonblock(sock, FALSE); + if(!SOCKS_STATE(sx->state) && !*done) + sxstate(conn, CONNECT_SOCKS_INIT); - infof(data, "SOCKS4 communication to %s:%d\n", hostname, remote_port); + switch(sx->state) { + case CONNECT_SOCKS_INIT: + if(conn->bits.httpproxy) + infof(conn->data, "SOCKS4%s: connecting to HTTP proxy %s port %d\n", + protocol4a ? "a" : "", hostname, remote_port); - /* - * Compose socks4 request - * - * Request format - * - * +----+----+----+----+----+----+----+----+----+----+....+----+ - * | VN | CD | DSTPORT | DSTIP | USERID |NULL| - * +----+----+----+----+----+----+----+----+----+----+....+----+ - * # of bytes: 1 1 2 4 variable 1 - */ + infof(data, "SOCKS4 communication to %s:%d\n", hostname, remote_port); - socksreq[0] = 4; /* version (SOCKS4) */ - socksreq[1] = 1; /* connect */ - socksreq[2] = (unsigned char)((remote_port >> 8) & 0xff); /* PORT MSB */ - socksreq[3] = (unsigned char)(remote_port & 0xff); /* PORT LSB */ - - /* DNS resolve only for SOCKS4, not SOCKS4a */ - if(!protocol4a) { - struct Curl_dns_entry *dns; - Curl_addrinfo *hp = NULL; - int rc; + /* + * Compose socks4 request + * + * Request format + * + * +----+----+----+----+----+----+----+----+----+----+....+----+ + * | VN | CD | DSTPORT | DSTIP | USERID |NULL| + * +----+----+----+----+----+----+----+----+----+----+....+----+ + * # of bytes: 1 1 2 4 variable 1 + */ - rc = Curl_resolv(conn, hostname, remote_port, FALSE, &dns); + socksreq[0] = 4; /* version (SOCKS4) */ + socksreq[1] = 1; /* connect */ + socksreq[2] = (unsigned char)((remote_port >> 8) & 0xff); /* PORT MSB */ + socksreq[3] = (unsigned char)(remote_port & 0xff); /* PORT LSB */ + + /* DNS resolve only for SOCKS4, not SOCKS4a */ + if(!protocol4a) { + enum resolve_t rc = + Curl_resolv(conn, hostname, remote_port, FALSE, &dns); + + if(rc == CURLRESOLV_ERROR) + return CURLE_COULDNT_RESOLVE_PROXY; + else if(rc == CURLRESOLV_PENDING) { + sxstate(conn, CONNECT_RESOLVING); + infof(data, "SOCKS4 non-blocking resolve of %s\n", hostname); + return CURLE_OK; + } + sxstate(conn, CONNECT_RESOLVED); + goto CONNECT_RESOLVED; + } - if(rc == CURLRESOLV_ERROR) - return CURLE_COULDNT_RESOLVE_PROXY; + /* socks4a doesn't resolve anything locally */ + sxstate(conn, CONNECT_REQ_INIT); + goto CONNECT_REQ_INIT; - if(rc == CURLRESOLV_PENDING) - /* ignores the return code, but 'dns' remains NULL on failure */ - (void)Curl_resolver_wait_resolv(conn, &dns); + case CONNECT_RESOLVING: + /* check if we have the name resolved by now */ + dns = Curl_fetch_addr(conn, hostname, (int)conn->port); + if(dns) { +#ifdef CURLRES_ASYNCH + conn->async.dns = dns; + conn->async.done = TRUE; +#endif + infof(data, "Hostname '%s' was found\n", hostname); + sxstate(conn, CONNECT_RESOLVED); + } + else { + result = Curl_resolv_check(data->conn, &dns); + /* stay in the state or error out */ + return result; + } + /* FALLTHROUGH */ + CONNECT_RESOLVED: + case CONNECT_RESOLVED: { + Curl_addrinfo *hp = NULL; + char buf[64]; /* * We cannot use 'hostent' as a struct that Curl_resolv() returns. It * returns a Curl_addrinfo pointer that may not always look the same. @@ -173,7 +276,6 @@ CURLcode Curl_SOCKS4(const char *proxy_user, if(dns) hp = dns->addr; if(hp) { - char buf[64]; Curl_printable_address(hp, buf, sizeof(buf)); if(hp->ai_family == AF_INET) { @@ -189,7 +291,6 @@ CURLcode Curl_SOCKS4(const char *proxy_user, } else { hp = NULL; /* fail! */ - failf(data, "SOCKS4 connection to %s not supported\n", buf); } @@ -201,149 +302,166 @@ CURLcode Curl_SOCKS4(const char *proxy_user, return CURLE_COULDNT_RESOLVE_HOST; } } - - /* - * This is currently not supporting "Identification Protocol (RFC1413)". - */ - socksreq[8] = 0; /* ensure empty userid is NUL-terminated */ - if(proxy_user) { - size_t plen = strlen(proxy_user); - if(plen >= sizeof(socksreq) - 8) { - failf(data, "Too long SOCKS proxy name, can't use!\n"); - return CURLE_COULDNT_CONNECT; + /* FALLTHROUGH */ + CONNECT_REQ_INIT: + case CONNECT_REQ_INIT: + /* + * This is currently not supporting "Identification Protocol (RFC1413)". + */ + socksreq[8] = 0; /* ensure empty userid is NUL-terminated */ + if(proxy_user) { + size_t plen = strlen(proxy_user); + if(plen >= sizeof(sx->socksreq) - 8) { + failf(data, "Too long SOCKS proxy name, can't use!\n"); + return CURLE_COULDNT_CONNECT; + } + /* copy the proxy name WITH trailing zero */ + memcpy(socksreq + 8, proxy_user, plen + 1); } - /* copy the proxy name WITH trailing zero */ - memcpy(socksreq + 8, proxy_user, plen + 1); - } - /* - * Make connection - */ - { - int result; - ssize_t actualread; - ssize_t written; - ssize_t hostnamelen = 0; - ssize_t packetsize = 9 + - strlen((char *)socksreq + 8); /* size including NUL */ - - /* If SOCKS4a, set special invalid IP address 0.0.0.x */ - if(protocol4a) { - socksreq[4] = 0; - socksreq[5] = 0; - socksreq[6] = 0; - socksreq[7] = 1; - /* If still enough room in buffer, also append hostname */ - hostnamelen = (ssize_t)strlen(hostname) + 1; /* length including NUL */ - if(packetsize + hostnamelen <= SOCKS4REQLEN) - strcpy((char *)socksreq + packetsize, hostname); - else - hostnamelen = 0; /* Flag: hostname did not fit in buffer */ + /* + * Make connection + */ + { + ssize_t packetsize = 9 + + strlen((char *)socksreq + 8); /* size including NUL */ + + /* If SOCKS4a, set special invalid IP address 0.0.0.x */ + if(protocol4a) { + ssize_t hostnamelen = 0; + socksreq[4] = 0; + socksreq[5] = 0; + socksreq[6] = 0; + socksreq[7] = 1; + /* append hostname */ + hostnamelen = (ssize_t)strlen(hostname) + 1; /* length including NUL */ + if(hostnamelen <= 255) + strcpy((char *)socksreq + packetsize, hostname); + else { + failf(data, "SOCKS4: too long host name"); + return CURLE_COULDNT_CONNECT; + } + packetsize += hostnamelen; + } + sx->outp = socksreq; + sx->outstanding = packetsize; + sxstate(conn, CONNECT_REQ_SENDING); } - + /* FALLTHROUGH */ + case CONNECT_REQ_SENDING: /* Send request */ - code = Curl_write_plain(conn, sock, (char *)socksreq, - packetsize + hostnamelen, - &written); - if(code || (written != packetsize + hostnamelen)) { + result = Curl_write_plain(conn, sockfd, (char *)sx->outp, + sx->outstanding, &written); + if(result && (CURLE_AGAIN != result)) { failf(data, "Failed to send SOCKS4 connect request."); return CURLE_COULDNT_CONNECT; } - if(protocol4a && hostnamelen == 0) { - /* SOCKS4a with very long hostname - send that name separately */ - hostnamelen = (ssize_t)strlen(hostname) + 1; - code = Curl_write_plain(conn, sock, (char *)hostname, hostnamelen, - &written); - if(code || (written != hostnamelen)) { - failf(data, "Failed to send SOCKS4 connect request."); - return CURLE_COULDNT_CONNECT; - } + if(written != sx->outstanding) { + /* not done, remain in state */ + sx->outstanding -= written; + sx->outp += written; + return CURLE_OK; } - packetsize = 8; /* receive data size */ + /* done sending! */ + sx->outstanding = 8; /* receive data size */ + sx->outp = socksreq; + sxstate(conn, CONNECT_SOCKS_READ); + /* FALLTHROUGH */ + case CONNECT_SOCKS_READ: /* Receive response */ - result = Curl_blockread_all(conn, sock, (char *)socksreq, packetsize, - &actualread); - if(result || (actualread != packetsize)) { - failf(data, "Failed to receive SOCKS4 connect request ack."); + result = Curl_read_plain(sockfd, (char *)sx->outp, + sx->outstanding, &actualread); + if(result && (CURLE_AGAIN != result)) { + failf(data, "SOCKS4: Failed receiving connect request ack: %s", + curl_easy_strerror(result)); return CURLE_COULDNT_CONNECT; } - - /* - * Response format - * - * +----+----+----+----+----+----+----+----+ - * | VN | CD | DSTPORT | DSTIP | - * +----+----+----+----+----+----+----+----+ - * # of bytes: 1 1 2 4 - * - * VN is the version of the reply code and should be 0. CD is the result - * code with one of the following values: - * - * 90: request granted - * 91: request rejected or failed - * 92: request rejected because SOCKS server cannot connect to - * identd on the client - * 93: request rejected because the client program and identd - * report different user-ids - */ - - /* wrong version ? */ - if(socksreq[0] != 0) { - failf(data, - "SOCKS4 reply has wrong version, version should be 0."); - return CURLE_COULDNT_CONNECT; + else if(actualread != sx->outstanding) { + /* remain in reading state */ + sx->outstanding -= actualread; + sx->outp += actualread; + return CURLE_OK; } + sxstate(conn, CONNECT_DONE); + break; + default: /* lots of unused states in SOCKS4 */ + break; + } - /* Result */ - switch(socksreq[1]) { - case 90: - infof(data, "SOCKS4%s request granted.\n", protocol4a?"a":""); - break; - case 91: - failf(data, - "Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d)" - ", request rejected or failed.", - (unsigned char)socksreq[4], (unsigned char)socksreq[5], - (unsigned char)socksreq[6], (unsigned char)socksreq[7], - (((unsigned char)socksreq[2] << 8) | (unsigned char)socksreq[3]), - (unsigned char)socksreq[1]); - return CURLE_COULDNT_CONNECT; - case 92: - failf(data, - "Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d)" - ", request rejected because SOCKS server cannot connect to " - "identd on the client.", - (unsigned char)socksreq[4], (unsigned char)socksreq[5], - (unsigned char)socksreq[6], (unsigned char)socksreq[7], - (((unsigned char)socksreq[2] << 8) | (unsigned char)socksreq[3]), - (unsigned char)socksreq[1]); - return CURLE_COULDNT_CONNECT; - case 93: - failf(data, - "Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d)" - ", request rejected because the client program and identd " - "report different user-ids.", - (unsigned char)socksreq[4], (unsigned char)socksreq[5], - (unsigned char)socksreq[6], (unsigned char)socksreq[7], - (((unsigned char)socksreq[2] << 8) | (unsigned char)socksreq[3]), - (unsigned char)socksreq[1]); - return CURLE_COULDNT_CONNECT; - default: - failf(data, - "Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d)" - ", Unknown.", - (unsigned char)socksreq[4], (unsigned char)socksreq[5], - (unsigned char)socksreq[6], (unsigned char)socksreq[7], - (((unsigned char)socksreq[2] << 8) | (unsigned char)socksreq[3]), - (unsigned char)socksreq[1]); - return CURLE_COULDNT_CONNECT; - } + /* + * Response format + * + * +----+----+----+----+----+----+----+----+ + * | VN | CD | DSTPORT | DSTIP | + * +----+----+----+----+----+----+----+----+ + * # of bytes: 1 1 2 4 + * + * VN is the version of the reply code and should be 0. CD is the result + * code with one of the following values: + * + * 90: request granted + * 91: request rejected or failed + * 92: request rejected because SOCKS server cannot connect to + * identd on the client + * 93: request rejected because the client program and identd + * report different user-ids + */ + + /* wrong version ? */ + if(socksreq[0] != 0) { + failf(data, + "SOCKS4 reply has wrong version, version should be 0."); + return CURLE_COULDNT_CONNECT; } - (void)curlx_nonblock(sock, TRUE); + /* Result */ + switch(socksreq[1]) { + case 90: + infof(data, "SOCKS4%s request granted.\n", protocol4a?"a":""); + break; + case 91: + failf(data, + "Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d)" + ", request rejected or failed.", + (unsigned char)socksreq[4], (unsigned char)socksreq[5], + (unsigned char)socksreq[6], (unsigned char)socksreq[7], + (((unsigned char)socksreq[2] << 8) | (unsigned char)socksreq[3]), + (unsigned char)socksreq[1]); + return CURLE_COULDNT_CONNECT; + case 92: + failf(data, + "Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d)" + ", request rejected because SOCKS server cannot connect to " + "identd on the client.", + (unsigned char)socksreq[4], (unsigned char)socksreq[5], + (unsigned char)socksreq[6], (unsigned char)socksreq[7], + (((unsigned char)socksreq[2] << 8) | (unsigned char)socksreq[3]), + (unsigned char)socksreq[1]); + return CURLE_COULDNT_CONNECT; + case 93: + failf(data, + "Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d)" + ", request rejected because the client program and identd " + "report different user-ids.", + (unsigned char)socksreq[4], (unsigned char)socksreq[5], + (unsigned char)socksreq[6], (unsigned char)socksreq[7], + (((unsigned char)socksreq[2] << 8) | (unsigned char)socksreq[3]), + (unsigned char)socksreq[1]); + return CURLE_COULDNT_CONNECT; + default: + failf(data, + "Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d)" + ", Unknown.", + (unsigned char)socksreq[4], (unsigned char)socksreq[5], + (unsigned char)socksreq[6], (unsigned char)socksreq[7], + (((unsigned char)socksreq[2] << 8) | (unsigned char)socksreq[3]), + (unsigned char)socksreq[1]); + return CURLE_COULDNT_CONNECT; + } + *done = TRUE; return CURLE_OK; /* Proxy was successful! */ } @@ -356,7 +474,8 @@ CURLcode Curl_SOCKS5(const char *proxy_user, const char *hostname, int remote_port, int sockindex, - struct connectdata *conn) + struct connectdata *conn, + bool *done) { /* According to the RFC1928, section "6. Replies". This is what a SOCK5 @@ -374,141 +493,158 @@ CURLcode Curl_SOCKS5(const char *proxy_user, o REP Reply field: o X'00' succeeded */ -#define REQUEST_BUFSIZE 600 /* room for large user/pw (255 max each) */ - unsigned char socksreq[REQUEST_BUFSIZE]; - char dest[REQUEST_BUFSIZE] = "unknown"; /* printable hostname:port */ + unsigned char *socksreq = &conn->cnnct.socksreq[0]; + char dest[256] = "unknown"; /* printable hostname:port */ int idx; ssize_t actualread; ssize_t written; - int result; - CURLcode code; - curl_socket_t sock = conn->sock[sockindex]; + CURLcode result; + curl_socket_t sockfd = conn->sock[sockindex]; struct Curl_easy *data = conn->data; - timediff_t timeout; bool socks5_resolve_local = (conn->socks_proxy.proxytype == CURLPROXY_SOCKS5) ? TRUE : FALSE; const size_t hostname_len = strlen(hostname); ssize_t len = 0; const unsigned long auth = data->set.socks5auth; bool allow_gssapi = FALSE; + struct connstate *sx = &conn->cnnct; + struct Curl_dns_entry *dns = NULL; + + if(!SOCKS_STATE(sx->state) && !*done) + sxstate(conn, CONNECT_SOCKS_INIT); + + switch(sx->state) { + case CONNECT_SOCKS_INIT: + if(conn->bits.httpproxy) + infof(conn->data, "SOCKS5: connecting to HTTP proxy %s port %d\n", + hostname, remote_port); + + /* RFC1928 chapter 5 specifies max 255 chars for domain name in packet */ + if(!socks5_resolve_local && hostname_len > 255) { + infof(conn->data, "SOCKS5: server resolving disabled for hostnames of " + "length > 255 [actual len=%zu]\n", hostname_len); + socks5_resolve_local = TRUE; + } - if(conn->bits.httpproxy) - infof(conn->data, "SOCKS5: connecting to HTTP proxy %s port %d\n", - hostname, remote_port); - - /* RFC1928 chapter 5 specifies max 255 chars for domain name in packet */ - if(!socks5_resolve_local && hostname_len > 255) { - infof(conn->data, "SOCKS5: server resolving disabled for hostnames of " - "length > 255 [actual len=%zu]\n", hostname_len); - socks5_resolve_local = TRUE; - } - - /* get timeout */ - timeout = Curl_timeleft(data, NULL, TRUE); - - if(timeout < 0) { - /* time-out, bail out, go home */ - failf(data, "Connection time-out"); - return CURLE_OPERATION_TIMEDOUT; - } - - (void)curlx_nonblock(sock, TRUE); - - /* wait until socket gets connected */ - result = SOCKET_WRITABLE(sock, timeout); - - if(-1 == result) { - failf(conn->data, "SOCKS5: no connection here"); - return CURLE_COULDNT_CONNECT; - } - if(0 == result) { - failf(conn->data, "SOCKS5: connection timeout"); - return CURLE_OPERATION_TIMEDOUT; - } - - if(result & CURL_CSELECT_ERR) { - failf(conn->data, "SOCKS5: error occurred during connection"); - return CURLE_COULDNT_CONNECT; - } - - if(auth & ~(CURLAUTH_BASIC | CURLAUTH_GSSAPI)) - infof(conn->data, - "warning: unsupported value passed to CURLOPT_SOCKS5_AUTH: %lu\n", - auth); - if(!(auth & CURLAUTH_BASIC)) - /* disable username/password auth */ - proxy_user = NULL; + if(auth & ~(CURLAUTH_BASIC | CURLAUTH_GSSAPI)) + infof(conn->data, + "warning: unsupported value passed to CURLOPT_SOCKS5_AUTH: %lu\n", + auth); + if(!(auth & CURLAUTH_BASIC)) + /* disable username/password auth */ + proxy_user = NULL; #if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI) - if(auth & CURLAUTH_GSSAPI) - allow_gssapi = TRUE; + if(auth & CURLAUTH_GSSAPI) + allow_gssapi = TRUE; #endif - idx = 0; - socksreq[idx++] = 5; /* version */ - idx++; /* reserve for the number of authentication methods */ - socksreq[idx++] = 0; /* no authentication */ - if(allow_gssapi) - socksreq[idx++] = 1; /* GSS-API */ - if(proxy_user) - socksreq[idx++] = 2; /* username/password */ - /* write the number of authentication methods */ - socksreq[1] = (unsigned char) (idx - 2); - - (void)curlx_nonblock(sock, FALSE); - - infof(data, "SOCKS5 communication to %s:%d\n", hostname, remote_port); - - code = Curl_write_plain(conn, sock, (char *)socksreq, (2 + (int)socksreq[1]), - &written); - if(code || (written != (2 + (int)socksreq[1]))) { - failf(data, "Unable to send initial SOCKS5 request."); - return CURLE_COULDNT_CONNECT; - } - - (void)curlx_nonblock(sock, TRUE); - - result = SOCKET_READABLE(sock, timeout); - - if(-1 == result) { - failf(conn->data, "SOCKS5 nothing to read"); - return CURLE_COULDNT_CONNECT; - } - if(0 == result) { - failf(conn->data, "SOCKS5 read timeout"); - return CURLE_OPERATION_TIMEDOUT; - } - - if(result & CURL_CSELECT_ERR) { - failf(conn->data, "SOCKS5 read error occurred"); - return CURLE_RECV_ERROR; - } - - (void)curlx_nonblock(sock, FALSE); - - result = Curl_blockread_all(conn, sock, (char *)socksreq, 2, &actualread); - if(result || (actualread != 2)) { - failf(data, "Unable to receive initial SOCKS5 response."); - return CURLE_COULDNT_CONNECT; - } - - if(socksreq[0] != 5) { - failf(data, "Received invalid version in initial SOCKS5 response."); - return CURLE_COULDNT_CONNECT; - } - if(socksreq[1] == 0) { - /* Nothing to do, no authentication needed */ - ; - } + idx = 0; + socksreq[idx++] = 5; /* version */ + idx++; /* number of authentication methods */ + socksreq[idx++] = 0; /* no authentication */ + if(allow_gssapi) + socksreq[idx++] = 1; /* GSS-API */ + if(proxy_user) + socksreq[idx++] = 2; /* username/password */ + /* write the number of authentication methods */ + socksreq[1] = (unsigned char) (idx - 2); + + result = Curl_write_plain(conn, sockfd, (char *)socksreq, idx, &written); + if(result && (CURLE_AGAIN != result)) { + failf(data, "Unable to send initial SOCKS5 request."); + return CURLE_COULDNT_CONNECT; + } + if(written != idx) { + sxstate(conn, CONNECT_SOCKS_SEND); + sx->outstanding = idx - written; + sx->outp = &socksreq[written]; + return CURLE_OK; + } + sxstate(conn, CONNECT_SOCKS_READ); + goto CONNECT_SOCKS_READ_INIT; + case CONNECT_SOCKS_SEND: + result = Curl_write_plain(conn, sockfd, (char *)sx->outp, + sx->outstanding, &written); + if(result && (CURLE_AGAIN != result)) { + failf(data, "Unable to send initial SOCKS5 request."); + return CURLE_COULDNT_CONNECT; + } + if(written != sx->outstanding) { + /* not done, remain in state */ + sx->outstanding -= written; + sx->outp += written; + return CURLE_OK; + } + /* FALLTHROUGH */ + CONNECT_SOCKS_READ_INIT: + case CONNECT_SOCKS_READ_INIT: + sx->outstanding = 2; /* expect two bytes */ + sx->outp = socksreq; /* store it here */ + /* FALLTHROUGH */ + case CONNECT_SOCKS_READ: + result = Curl_read_plain(sockfd, (char *)sx->outp, + sx->outstanding, &actualread); + if(result && (CURLE_AGAIN != result)) { + failf(data, "Unable to receive initial SOCKS5 response."); + return CURLE_COULDNT_CONNECT; + } + else if(actualread != sx->outstanding) { + /* remain in reading state */ + sx->outstanding -= actualread; + sx->outp += actualread; + return CURLE_OK; + } + else if(socksreq[0] != 5) { + failf(data, "Received invalid version in initial SOCKS5 response."); + return CURLE_COULDNT_CONNECT; + } + else if(socksreq[1] == 0) { + /* DONE! No authentication needed. Send request. */ + sxstate(conn, CONNECT_REQ_INIT); + goto CONNECT_REQ_INIT; + } + else if(socksreq[1] == 2) { + /* regular name + password authentication */ + sxstate(conn, CONNECT_AUTH_INIT); + goto CONNECT_AUTH_INIT; + } #if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI) - else if(allow_gssapi && (socksreq[1] == 1)) { - code = Curl_SOCKS5_gssapi_negotiate(sockindex, conn); - if(code) { - failf(data, "Unable to negotiate SOCKS5 GSS-API context."); + else if(allow_gssapi && (socksreq[1] == 1)) { + sxstate(conn, CONNECT_GSSAPI_INIT); + result = Curl_SOCKS5_gssapi_negotiate(sockindex, conn); + if(result) { + failf(data, "Unable to negotiate SOCKS5 GSS-API context."); + return CURLE_COULDNT_CONNECT; + } + } +#endif + else { + /* error */ + if(!allow_gssapi && (socksreq[1] == 1)) { + failf(data, + "SOCKS5 GSSAPI per-message authentication is not supported."); + return CURLE_COULDNT_CONNECT; + } + else if(socksreq[1] == 255) { + failf(data, "No authentication method was acceptable."); + return CURLE_COULDNT_CONNECT; + } + failf(data, + "Undocumented SOCKS5 mode attempted to be used by server."); return CURLE_COULDNT_CONNECT; } - } + break; +#if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI) + case CONNECT_GSSAPI_INIT: + /* GSSAPI stuff done non-blocking */ + break; #endif - else if(socksreq[1] == 2) { + + default: /* do nothing! */ + break; + + CONNECT_AUTH_INIT: + case CONNECT_AUTH_INIT: { /* Needs user name and password */ size_t proxy_user_len, proxy_password_len; if(proxy_user && proxy_password) { @@ -549,18 +685,41 @@ CURLcode Curl_SOCKS5(const char *proxy_user, memcpy(socksreq + len, proxy_password, proxy_password_len); } len += proxy_password_len; - - code = Curl_write_plain(conn, sock, (char *)socksreq, len, &written); - if(code || (len != written)) { + sxstate(conn, CONNECT_AUTH_SEND); + sx->outstanding = len; + sx->outp = socksreq; + } + /* FALLTHROUGH */ + case CONNECT_AUTH_SEND: + result = Curl_write_plain(conn, sockfd, (char *)sx->outp, + sx->outstanding, &written); + if(result && (CURLE_AGAIN != result)) { failf(data, "Failed to send SOCKS5 sub-negotiation request."); return CURLE_COULDNT_CONNECT; } - - result = Curl_blockread_all(conn, sock, (char *)socksreq, 2, &actualread); - if(result || (actualread != 2)) { + if(sx->outstanding != written) { + /* remain in state */ + sx->outstanding -= written; + sx->outp += written; + return CURLE_OK; + } + sx->outp = socksreq; + sx->outstanding = 2; + sxstate(conn, CONNECT_AUTH_READ); + /* FALLTHROUGH */ + case CONNECT_AUTH_READ: + result = Curl_read_plain(sockfd, (char *)sx->outp, + sx->outstanding, &actualread); + if(result && (CURLE_AGAIN != result)) { failf(data, "Unable to receive SOCKS5 sub-negotiation response."); return CURLE_COULDNT_CONNECT; } + if(actualread != sx->outstanding) { + /* remain in state */ + sx->outstanding -= actualread; + sx->outp += actualread; + return CURLE_OK; + } /* ignore the first (VER) byte */ if(socksreq[1] != 0) { /* status */ @@ -570,209 +729,248 @@ CURLcode Curl_SOCKS5(const char *proxy_user, } /* Everything is good so far, user was authenticated! */ - } - else { - /* error */ - if(!allow_gssapi && (socksreq[1] == 1)) { - failf(data, - "SOCKS5 GSSAPI per-message authentication is not supported."); - return CURLE_COULDNT_CONNECT; - } - if(socksreq[1] == 255) { - if(!proxy_user || !*proxy_user) { - failf(data, - "No authentication method was acceptable. (It is quite likely" - " that the SOCKS5 server wanted a username/password, since none" - " was supplied to the server on this connection.)"); + sxstate(conn, CONNECT_REQ_INIT); + /* FALLTHROUGH */ + CONNECT_REQ_INIT: + case CONNECT_REQ_INIT: + if(socks5_resolve_local) { + enum resolve_t rc = Curl_resolv(conn, hostname, remote_port, + FALSE, &dns); + + if(rc == CURLRESOLV_ERROR) + return CURLE_COULDNT_RESOLVE_HOST; + + if(rc == CURLRESOLV_PENDING) { + sxstate(conn, CONNECT_RESOLVING); + return CURLE_OK; } - else { - failf(data, "No authentication method was acceptable."); - } - return CURLE_COULDNT_CONNECT; + sxstate(conn, CONNECT_RESOLVED); + goto CONNECT_RESOLVED; } - else { - failf(data, - "Undocumented SOCKS5 mode attempted to be used by server."); - return CURLE_COULDNT_CONNECT; - } - } + goto CONNECT_RESOLVE_REMOTE; - /* Authentication is complete, now specify destination to the proxy */ - len = 0; - socksreq[len++] = 5; /* version (SOCKS5) */ - socksreq[len++] = 1; /* connect */ - socksreq[len++] = 0; /* must be zero */ - - if(!socks5_resolve_local) { - socksreq[len++] = 3; /* ATYP: domain name = 3 */ - socksreq[len++] = (char) hostname_len; /* address length */ - memcpy(&socksreq[len], hostname, hostname_len); /* address str w/o NULL */ - len += hostname_len; - msnprintf(dest, sizeof(dest), "%s:%d", hostname, remote_port); - infof(data, "SOCKS5 connect to %s (remotely resolved)\n", dest); - } - else { - struct Curl_dns_entry *dns; - Curl_addrinfo *hp = NULL; - int rc = Curl_resolv(conn, hostname, remote_port, FALSE, &dns); - - if(rc == CURLRESOLV_ERROR) - return CURLE_COULDNT_RESOLVE_HOST; + case CONNECT_RESOLVING: + /* check if we have the name resolved by now */ + dns = Curl_fetch_addr(conn, hostname, (int)conn->port); - if(rc == CURLRESOLV_PENDING) { - /* this requires that we're in "wait for resolve" state */ - code = Curl_resolver_wait_resolv(conn, &dns); - if(code) - return code; + if(dns) { +#ifdef CURLRES_ASYNCH + conn->async.dns = dns; + conn->async.done = TRUE; +#endif + infof(data, "SOCKS5: hostname '%s' found\n", hostname); } - /* - * We cannot use 'hostent' as a struct that Curl_resolv() returns. It - * returns a Curl_addrinfo pointer that may not always look the same. - */ + if(!dns) { + result = Curl_resolv_check(data->conn, &dns); + /* stay in the state or error out */ + return result; + } + /* FALLTHROUGH */ + CONNECT_RESOLVED: + case CONNECT_RESOLVED: { + Curl_addrinfo *hp = NULL; if(dns) hp = dns->addr; - if(hp) { - if(Curl_printable_address(hp, dest, sizeof(dest))) { - size_t destlen = strlen(dest); - msnprintf(dest + destlen, sizeof(dest) - destlen, ":%d", remote_port); - } - else { - strcpy(dest, "unknown"); - } - - if(hp->ai_family == AF_INET) { - int i; - struct sockaddr_in *saddr_in; - socksreq[len++] = 1; /* ATYP: IPv4 = 1 */ - - saddr_in = (struct sockaddr_in *)(void *)hp->ai_addr; - for(i = 0; i < 4; i++) { - socksreq[len++] = ((unsigned char *)&saddr_in->sin_addr.s_addr)[i]; - } + if(!hp) { + failf(data, "Failed to resolve \"%s\" for SOCKS5 connect.", + hostname); + return CURLE_COULDNT_RESOLVE_HOST; + } - infof(data, "SOCKS5 connect to IPv4 %s (locally resolved)\n", dest); - } -#ifdef ENABLE_IPV6 - else if(hp->ai_family == AF_INET6) { - int i; - struct sockaddr_in6 *saddr_in6; - socksreq[len++] = 4; /* ATYP: IPv6 = 4 */ - - saddr_in6 = (struct sockaddr_in6 *)(void *)hp->ai_addr; - for(i = 0; i < 16; i++) { - socksreq[len++] = - ((unsigned char *)&saddr_in6->sin6_addr.s6_addr)[i]; - } + if(Curl_printable_address(hp, dest, sizeof(dest))) { + size_t destlen = strlen(dest); + msnprintf(dest + destlen, sizeof(dest) - destlen, ":%d", remote_port); + } + else { + strcpy(dest, "unknown"); + } - infof(data, "SOCKS5 connect to IPv6 %s (locally resolved)\n", dest); + len = 0; + socksreq[len++] = 5; /* version (SOCKS5) */ + socksreq[len++] = 1; /* connect */ + socksreq[len++] = 0; /* must be zero */ + if(hp->ai_family == AF_INET) { + int i; + struct sockaddr_in *saddr_in; + socksreq[len++] = 1; /* ATYP: IPv4 = 1 */ + + saddr_in = (struct sockaddr_in *)(void *)hp->ai_addr; + for(i = 0; i < 4; i++) { + socksreq[len++] = ((unsigned char *)&saddr_in->sin_addr.s_addr)[i]; } -#endif - else { - hp = NULL; /* fail! */ - failf(data, "SOCKS5 connection to %s not supported\n", dest); + infof(data, "SOCKS5 connect to IPv4 %s (locally resolved)\n", dest); + } +#ifdef ENABLE_IPV6 + else if(hp->ai_family == AF_INET6) { + int i; + struct sockaddr_in6 *saddr_in6; + socksreq[len++] = 4; /* ATYP: IPv6 = 4 */ + + saddr_in6 = (struct sockaddr_in6 *)(void *)hp->ai_addr; + for(i = 0; i < 16; i++) { + socksreq[len++] = + ((unsigned char *)&saddr_in6->sin6_addr.s6_addr)[i]; } - Curl_resolv_unlock(data, dns); /* not used anymore from now on */ + infof(data, "SOCKS5 connect to IPv6 %s (locally resolved)\n", dest); } - if(!hp) { - failf(data, "Failed to resolve \"%s\" for SOCKS5 connect.", - hostname); - return CURLE_COULDNT_RESOLVE_HOST; +#endif + else { + hp = NULL; /* fail! */ + failf(data, "SOCKS5 connection to %s not supported\n", dest); } + + Curl_resolv_unlock(data, dns); /* not used anymore from now on */ + goto CONNECT_REQ_SEND; } + CONNECT_RESOLVE_REMOTE: + case CONNECT_RESOLVE_REMOTE: + /* Authentication is complete, now specify destination to the proxy */ + len = 0; + socksreq[len++] = 5; /* version (SOCKS5) */ + socksreq[len++] = 1; /* connect */ + socksreq[len++] = 0; /* must be zero */ + + if(!socks5_resolve_local) { + socksreq[len++] = 3; /* ATYP: domain name = 3 */ + socksreq[len++] = (char) hostname_len; /* one byte address length */ + memcpy(&socksreq[len], hostname, hostname_len); /* address w/o NULL */ + len += hostname_len; + infof(data, "SOCKS5 connect to %s:%d (remotely resolved)\n", + hostname, remote_port); + } + /* FALLTHROUGH */ - socksreq[len++] = (unsigned char)((remote_port >> 8) & 0xff); /* PORT MSB */ - socksreq[len++] = (unsigned char)(remote_port & 0xff); /* PORT LSB */ + CONNECT_REQ_SEND: + case CONNECT_REQ_SEND: + /* PORT MSB */ + socksreq[len++] = (unsigned char)((remote_port >> 8) & 0xff); + /* PORT LSB */ + socksreq[len++] = (unsigned char)(remote_port & 0xff); #if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI) - if(conn->socks5_gssapi_enctype) { - failf(data, "SOCKS5 GSS-API protection not yet implemented."); - } - else + if(conn->socks5_gssapi_enctype) { + failf(data, "SOCKS5 GSS-API protection not yet implemented."); + return CURLE_COULDNT_CONNECT; + } #endif - code = Curl_write_plain(conn, sock, (char *)socksreq, len, &written); - - if(code || (len != written)) { - failf(data, "Failed to send SOCKS5 connect request."); - return CURLE_COULDNT_CONNECT; - } - - len = 10; /* minimum packet size is 10 */ - + sx->outp = socksreq; + sx->outstanding = len; + sxstate(conn, CONNECT_REQ_SENDING); + /* FALLTHROUGH */ + case CONNECT_REQ_SENDING: + result = Curl_write_plain(conn, sockfd, (char *)sx->outp, + sx->outstanding, &written); + if(result && (CURLE_AGAIN != result)) { + failf(data, "Failed to send SOCKS5 connect request."); + return CURLE_COULDNT_CONNECT; + } + if(sx->outstanding != written) { + /* remain in state */ + sx->outstanding -= written; + sx->outp += written; + return CURLE_OK; + } #if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI) - if(conn->socks5_gssapi_enctype) { - failf(data, "SOCKS5 GSS-API protection not yet implemented."); - } - else + if(conn->socks5_gssapi_enctype) { + failf(data, "SOCKS5 GSS-API protection not yet implemented."); + return CURLE_COULDNT_CONNECT; + } #endif - result = Curl_blockread_all(conn, sock, (char *)socksreq, - len, &actualread); - - if(result || (len != actualread)) { - failf(data, "Failed to receive SOCKS5 connect request ack."); - return CURLE_COULDNT_CONNECT; - } - - if(socksreq[0] != 5) { /* version */ - failf(data, - "SOCKS5 reply has wrong version, version should be 5."); - return CURLE_COULDNT_CONNECT; - } - - /* Fix: in general, returned BND.ADDR is variable length parameter by RFC - 1928, so the reply packet should be read until the end to avoid errors at - subsequent protocol level. - - +----+-----+-------+------+----------+----------+ - |VER | REP | RSV | ATYP | BND.ADDR | BND.PORT | - +----+-----+-------+------+----------+----------+ - | 1 | 1 | X'00' | 1 | Variable | 2 | - +----+-----+-------+------+----------+----------+ + sx->outstanding = 10; /* minimum packet size is 10 */ + sx->outp = socksreq; + sxstate(conn, CONNECT_REQ_READ); + /* FALLTHROUGH */ + case CONNECT_REQ_READ: + result = Curl_read_plain(sockfd, (char *)sx->outp, + sx->outstanding, &actualread); + if(result && (CURLE_AGAIN != result)) { + failf(data, "Failed to receive SOCKS5 connect request ack."); + return CURLE_COULDNT_CONNECT; + } + else if(actualread != sx->outstanding) { + /* remain in state */ + sx->outstanding -= actualread; + sx->outp += actualread; + return CURLE_OK; + } - ATYP: - o IP v4 address: X'01', BND.ADDR = 4 byte - o domain name: X'03', BND.ADDR = [ 1 byte length, string ] - o IP v6 address: X'04', BND.ADDR = 16 byte - */ + if(socksreq[0] != 5) { /* version */ + failf(data, + "SOCKS5 reply has wrong version, version should be 5."); + return CURLE_COULDNT_CONNECT; + } + else if(socksreq[1] != 0) { /* Anything besides 0 is an error */ + failf(data, "Can't complete SOCKS5 connection to %s. (%d)", + hostname, (unsigned char)socksreq[1]); + return CURLE_COULDNT_CONNECT; + } - /* Calculate real packet size */ - if(socksreq[3] == 3) { - /* domain name */ - int addrlen = (int) socksreq[4]; - len = 5 + addrlen + 2; - } - else if(socksreq[3] == 4) { - /* IPv6 */ - len = 4 + 16 + 2; - } + /* Fix: in general, returned BND.ADDR is variable length parameter by RFC + 1928, so the reply packet should be read until the end to avoid errors + at subsequent protocol level. + + +----+-----+-------+------+----------+----------+ + |VER | REP | RSV | ATYP | BND.ADDR | BND.PORT | + +----+-----+-------+------+----------+----------+ + | 1 | 1 | X'00' | 1 | Variable | 2 | + +----+-----+-------+------+----------+----------+ + + ATYP: + o IP v4 address: X'01', BND.ADDR = 4 byte + o domain name: X'03', BND.ADDR = [ 1 byte length, string ] + o IP v6 address: X'04', BND.ADDR = 16 byte + */ + + /* Calculate real packet size */ + if(socksreq[3] == 3) { + /* domain name */ + int addrlen = (int) socksreq[4]; + len = 5 + addrlen + 2; + } + else if(socksreq[3] == 4) { + /* IPv6 */ + len = 4 + 16 + 2; + } - /* At this point we already read first 10 bytes */ + /* At this point we already read first 10 bytes */ #if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI) - if(!conn->socks5_gssapi_enctype) { - /* decrypt_gssapi_blockread already read the whole packet */ + if(!conn->socks5_gssapi_enctype) { + /* decrypt_gssapi_blockread already read the whole packet */ #endif - if(len > 10) { - result = Curl_blockread_all(conn, sock, (char *)&socksreq[10], - len - 10, &actualread); - if(result || ((len - 10) != actualread)) { - failf(data, "Failed to receive SOCKS5 connect request ack."); - return CURLE_COULDNT_CONNECT; + if(len > 10) { + sx->outstanding = len - 10; /* get the rest */ + sx->outp = &socksreq[10]; + sxstate(conn, CONNECT_REQ_READ_MORE); + } + else { + sxstate(conn, CONNECT_DONE); + break; } - } #if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI) - } + } #endif - - if(socksreq[1] != 0) { /* Anything besides 0 is an error */ - failf(data, "Can't complete SOCKS5 connection to %s. (%d)", - dest, (unsigned char)socksreq[1]); - return CURLE_COULDNT_CONNECT; + /* FALLTHROUGH */ + case CONNECT_REQ_READ_MORE: + result = Curl_read_plain(sockfd, (char *)sx->outp, + sx->outstanding, &actualread); + if(result && (CURLE_AGAIN != result)) { + failf(data, "Failed to receive SOCKS5 connect request ack."); + return CURLE_COULDNT_CONNECT; + } + if(actualread != sx->outstanding) { + /* remain in state */ + sx->outstanding -= actualread; + sx->outp += actualread; + return CURLE_OK; + } + sxstate(conn, CONNECT_DONE); } infof(data, "SOCKS5 request granted.\n"); - (void)curlx_nonblock(sock, TRUE); + *done = TRUE; return CURLE_OK; /* Proxy was successful! */ } diff --git a/libs/libcurl/src/socks.h b/libs/libcurl/src/socks.h index 3b319a6ef1..64a7563373 100644 --- a/libs/libcurl/src/socks.h +++ b/libs/libcurl/src/socks.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -27,13 +27,13 @@ #ifdef CURL_DISABLE_PROXY #define Curl_SOCKS4(a,b,c,d,e) CURLE_NOT_BUILT_IN #define Curl_SOCKS5(a,b,c,d,e,f) CURLE_NOT_BUILT_IN +#define Curl_SOCKS_getsock(x,y,z) 0 #else /* * Helper read-from-socket functions. Does the same as Curl_read() but it * blocks until all bytes amount of buffersize will be read. No more, no less. * - * This is STUPID BLOCKING behaviour which we frown upon, but right now this - * is what we have... + * This is STUPID BLOCKING behavior */ int Curl_blockread_all(struct connectdata *conn, curl_socket_t sockfd, @@ -41,6 +41,9 @@ int Curl_blockread_all(struct connectdata *conn, ssize_t buffersize, ssize_t *n); +int Curl_SOCKS_getsock(struct connectdata *conn, + curl_socket_t *sock, + int sockindex); /* * This function logs in to a SOCKS4(a) proxy and sends the specifics to the * final destination server. @@ -49,7 +52,8 @@ CURLcode Curl_SOCKS4(const char *proxy_name, const char *hostname, int remote_port, int sockindex, - struct connectdata *conn); + struct connectdata *conn, + bool *done); /* * This function logs in to a SOCKS5 proxy and sends the specifics to the @@ -60,7 +64,8 @@ CURLcode Curl_SOCKS5(const char *proxy_name, const char *hostname, int remote_port, int sockindex, - struct connectdata *conn); + struct connectdata *conn, + bool *done); #if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI) /* diff --git a/libs/libcurl/src/socks_gssapi.c b/libs/libcurl/src/socks_gssapi.c index 65294bbebd..97ee7183e0 100644 --- a/libs/libcurl/src/socks_gssapi.c +++ b/libs/libcurl/src/socks_gssapi.c @@ -5,8 +5,8 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * + * Copyright (C) 2012 - 2020, Daniel Stenberg, , et al. * Copyright (C) 2009, Markus Moeller, - * Copyright (C) 2012 - 2018, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -167,6 +167,8 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex, return CURLE_COULDNT_CONNECT; } + (void)curlx_nonblock(sock, FALSE); + /* As long as we need to keep sending some context info, and there's no */ /* errors, keep sending it... */ for(;;) { @@ -513,6 +515,8 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex, gss_release_buffer(&gss_status, &gss_recv_token); } + (void)curlx_nonblock(sock, TRUE); + infof(data, "SOCKS5 access with%s protection granted.\n", (socksreq[0] == 0)?"out GSS-API data": ((socksreq[0] == 1)?" GSS-API integrity":" GSS-API confidentiality")); diff --git a/libs/libcurl/src/socks_sspi.c b/libs/libcurl/src/socks_sspi.c index 57027ef686..d5be64a3c0 100644 --- a/libs/libcurl/src/socks_sspi.c +++ b/libs/libcurl/src/socks_sspi.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2012 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 2012 - 2020, Daniel Stenberg, , et al. * Copyright (C) 2009, 2011, Markus Moeller, * * This software is licensed as described in the file COPYING, which @@ -153,6 +153,8 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex, return CURLE_COULDNT_CONNECT; } + (void)curlx_nonblock(sock, FALSE); + /* As long as we need to keep sending some context info, and there's no */ /* errors, keep sending it... */ for(;;) { @@ -587,6 +589,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex, memcpy(socksreq, sspi_w_token[0].pvBuffer, sspi_w_token[0].cbBuffer); s_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer); } + (void)curlx_nonblock(sock, TRUE); infof(data, "SOCKS5 access with%s protection granted.\n", (socksreq[0] == 0)?"out GSS-API data": diff --git a/libs/libcurl/src/strcase.c b/libs/libcurl/src/strcase.c index a894712254..a309e35291 100644 --- a/libs/libcurl/src/strcase.c +++ b/libs/libcurl/src/strcase.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -26,6 +26,8 @@ #include "strcase.h" +static char raw_tolower(char in); + /* Portable, consistent toupper (remember EBCDIC). Do not use toupper() because its behavior is altered by the current locale. */ char Curl_raw_toupper(char in) @@ -96,7 +98,7 @@ char Curl_raw_toupper(char in) /* Portable, consistent tolower (remember EBCDIC). Do not use tolower() because its behavior is altered by the current locale. */ -char Curl_raw_tolower(char in) +static char raw_tolower(char in) { #if !defined(CURL_DOES_CONVERSIONS) if(in >= 'A' && in <= 'Z') @@ -245,7 +247,7 @@ void Curl_strntolower(char *dest, const char *src, size_t n) return; do { - *dest++ = Curl_raw_tolower(*src); + *dest++ = raw_tolower(*src); } while(*src++ && --n); } diff --git a/libs/libcurl/src/strcase.h b/libs/libcurl/src/strcase.h index baa768b2b2..cd4c4191a9 100644 --- a/libs/libcurl/src/strcase.h +++ b/libs/libcurl/src/strcase.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -40,7 +40,6 @@ int Curl_safe_strcasecompare(const char *first, const char *second); int Curl_strncasecompare(const char *first, const char *second, size_t max); char Curl_raw_toupper(char in); -char Curl_raw_tolower(char in); /* checkprefix() is a shorter version of the above, used when the first argument is zero-byte terminated */ diff --git a/libs/libcurl/src/strerror.c b/libs/libcurl/src/strerror.c index 29df5aa55a..1a166bf019 100644 --- a/libs/libcurl/src/strerror.c +++ b/libs/libcurl/src/strerror.c @@ -317,6 +317,9 @@ curl_easy_strerror(CURLcode error) case CURLE_HTTP3: return "HTTP/3 error"; + case CURLE_QUIC_CONNECT_ERROR: + return "QUIC connection error"; + /* error codes not used by current libcurl */ case CURLE_OBSOLETE20: case CURLE_OBSOLETE24: @@ -392,6 +395,9 @@ curl_multi_strerror(CURLMcode error) case CURLM_WAKEUP_FAILURE: return "Wakeup is unavailable or failed"; + case CURLM_BAD_FUNCTION_ARGUMENT: + return "A libcurl function was given a bad argument"; + case CURLM_LAST: break; } diff --git a/libs/libcurl/src/strerror.h b/libs/libcurl/src/strerror.h index 278c1082f0..bae8f89745 100644 --- a/libs/libcurl/src/strerror.h +++ b/libs/libcurl/src/strerror.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -24,7 +24,7 @@ #include "urldata.h" -#define STRERROR_LEN 128 /* a suitable length */ +#define STRERROR_LEN 256 /* a suitable length */ const char *Curl_strerror(int err, char *buf, size_t buflen); #if defined(WIN32) || defined(_WIN32_WCE) diff --git a/libs/libcurl/src/system_win32.c b/libs/libcurl/src/system_win32.c index 52a5fd9519..b9587b5f3a 100644 --- a/libs/libcurl/src/system_win32.c +++ b/libs/libcurl/src/system_win32.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2016 - 2019, Steve Holme, . + * Copyright (C) 2016 - 2020, Steve Holme, . * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -109,11 +109,11 @@ CURLcode Curl_win32_init(long flags) if(Curl_verify_windows_version(6, 0, PLATFORM_WINNT, VERSION_GREATER_THAN_EQUAL)) { Curl_isVistaOrGreater = TRUE; - QueryPerformanceFrequency(&Curl_freq); } else Curl_isVistaOrGreater = FALSE; + QueryPerformanceFrequency(&Curl_freq); return CURLE_OK; } diff --git a/libs/libcurl/src/timeval.c b/libs/libcurl/src/timeval.c index 9b05cf0512..e761966a1b 100644 --- a/libs/libcurl/src/timeval.c +++ b/libs/libcurl/src/timeval.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -28,6 +28,7 @@ extern LARGE_INTEGER Curl_freq; extern bool Curl_isVistaOrGreater; +/* In case of bug fix this function has a counterpart in tool_util.c */ struct curltime Curl_now(void) { struct curltime now; diff --git a/libs/libcurl/src/transfer.c b/libs/libcurl/src/transfer.c index ead8b36db9..827076183f 100644 --- a/libs/libcurl/src/transfer.c +++ b/libs/libcurl/src/transfer.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -1217,7 +1217,8 @@ CURLcode Curl_readwrite(struct connectdata *conn, else fd_write = CURL_SOCKET_BAD; - if(conn->data->state.drain) { + if(data->state.drain) { + data->state.drain--; select_res |= CURL_CSELECT_IN; DEBUGF(infof(data, "Curl_readwrite: forcibly told to drain data\n")); } diff --git a/libs/libcurl/src/url.c b/libs/libcurl/src/url.c index 56fb736368..47fc66aedd 100644 --- a/libs/libcurl/src/url.c +++ b/libs/libcurl/src/url.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -128,7 +128,6 @@ bool curl_win32_idn_to_ascii(const char *in, char **out); #include "memdebug.h" static void conn_free(struct connectdata *conn); -static void free_idnconverted_hostname(struct hostname *host); static unsigned int get_protocol_family(unsigned int protocol); /* Some parts of the code (e.g. chunked encoding) assume this buffer has at @@ -187,7 +186,7 @@ static const struct Curl_handler * const protocols[] = { &Curl_handler_tftp, #endif -#if defined(USE_SSH) +#if defined(USE_SSH) && !defined(USE_WOLFSSH) &Curl_handler_scp, #endif @@ -380,7 +379,7 @@ CURLcode Curl_close(struct Curl_easy **datap) Curl_safefree(data->state.ulbuf); Curl_flush_cookies(data, TRUE); #ifdef USE_ALTSVC - Curl_altsvc_save(data->asi, data->set.str[STRING_ALTSVC]); + Curl_altsvc_save(data, data->asi, data->set.str[STRING_ALTSVC]); Curl_altsvc_cleanup(data->asi); data->asi = NULL; #endif @@ -714,14 +713,13 @@ static void conn_free(struct connectdata *conn) if(!conn) return; - free_idnconverted_hostname(&conn->host); - free_idnconverted_hostname(&conn->conn_to_host); - free_idnconverted_hostname(&conn->http_proxy.host); - free_idnconverted_hostname(&conn->socks_proxy.host); + Curl_free_idnconverted_hostname(&conn->host); + Curl_free_idnconverted_hostname(&conn->conn_to_host); + Curl_free_idnconverted_hostname(&conn->http_proxy.host); + Curl_free_idnconverted_hostname(&conn->socks_proxy.host); Curl_safefree(conn->user); Curl_safefree(conn->passwd); - Curl_safefree(conn->oauth_bearer); Curl_safefree(conn->sasl_authzid); Curl_safefree(conn->options); Curl_safefree(conn->http_proxy.user); @@ -883,9 +881,37 @@ proxy_info_matches(const struct proxy_info* data, return FALSE; } + +static bool +socks_proxy_info_matches(const struct proxy_info* data, + const struct proxy_info* needle) +{ + if(!proxy_info_matches(data, needle)) + return FALSE; + + /* the user information is case-sensitive + or at least it is not defined as case-insensitive + see https://tools.ietf.org/html/rfc3986#section-3.2.1 */ + if((data->user == NULL) != (needle->user == NULL)) + return FALSE; + /* curl_strequal does a case insentive comparison, so do not use it here! */ + if(data->user && + needle->user && + strcmp(data->user, needle->user) != 0) + return FALSE; + if((data->passwd == NULL) != (needle->passwd == NULL)) + return FALSE; + /* curl_strequal does a case insentive comparison, so do not use it here! */ + if(data->passwd && + needle->passwd && + strcmp(data->passwd, needle->passwd) != 0) + return FALSE; + return TRUE; +} #else /* disabled, won't get called */ #define proxy_info_matches(x,y) FALSE +#define socks_proxy_info_matches(x,y) FALSE #endif /* A connection has to have been idle for a shorter time than 'maxage_conn' to @@ -1073,7 +1099,7 @@ ConnectionExists(struct Curl_easy *data, curr = bundle->conn_list.head; while(curr) { bool match = FALSE; - size_t multiplexed; + size_t multiplexed = 0; /* * Note that if we use a HTTP proxy in normal mode (no tunneling), we @@ -1086,8 +1112,8 @@ ConnectionExists(struct Curl_easy *data, /* connect-only or to-be-closed connections will not be reused */ continue; - multiplexed = CONN_INUSE(check) && - (bundle->multiuse == BUNDLE_MULTIPLEX); + if(bundle->multiuse == BUNDLE_MULTIPLEX) + multiplexed = CONN_INUSE(check); if(canmultiplex) { ; @@ -1144,8 +1170,9 @@ ConnectionExists(struct Curl_easy *data, needle->bits.socksproxy != check->bits.socksproxy) continue; - if(needle->bits.socksproxy && !proxy_info_matches(&needle->socks_proxy, - &check->socks_proxy)) + if(needle->bits.socksproxy && + !socks_proxy_info_matches(&needle->socks_proxy, + &check->socks_proxy)) continue; if(needle->bits.conn_to_host != check->bits.conn_to_host) @@ -1185,6 +1212,8 @@ ConnectionExists(struct Curl_easy *data, } } + DEBUGASSERT(!check->data || GOOD_EASY_HANDLE(check->data)); + if(!canmultiplex && check->data) /* this request can't be multiplexed but the checked connection is already in use so we skip it */ @@ -1239,7 +1268,7 @@ ConnectionExists(struct Curl_easy *data, needle->conn_to_port == check->conn_to_port) && strcasecompare(needle->host.name, check->host.name) && needle->remote_port == check->remote_port) { - /* The schemes match or the the protocol family is the same and the + /* The schemes match or the protocol family is the same and the previous connection was TLS upgraded, and the hostname and host port match */ if(needle->handler->flags & PROTOPT_SSL) { @@ -1347,6 +1376,13 @@ ConnectionExists(struct Curl_easy *data, multiplexed); continue; } + else if(multiplexed >= + Curl_multi_max_concurrent_streams(needle->data->multi)) { + infof(data, "client side MAX_CONCURRENT_STREAMS reached" + ", skip (%zu)\n", + multiplexed); + continue; + } } #endif /* When not multiplexed, we have a match here! */ @@ -1400,10 +1436,14 @@ void Curl_verboseconnect(struct connectdata *conn) /* * Helpers for IDNA conversions. */ -static bool is_ASCII_name(const char *hostname) +bool Curl_is_ASCII_name(const char *hostname) { + /* get an UNSIGNED local version of the pointer */ const unsigned char *ch = (const unsigned char *)hostname; + if(!hostname) /* bad input, consider it ASCII! */ + return TRUE; + while(*ch) { if(*ch++ & 0x80) return FALSE; @@ -1428,8 +1468,8 @@ static void strip_trailing_dot(struct hostname *host) /* * Perform any necessary IDN conversion of hostname */ -static CURLcode idnconvert_hostname(struct connectdata *conn, - struct hostname *host) +CURLcode Curl_idnconvert_hostname(struct connectdata *conn, + struct hostname *host) { struct Curl_easy *data = conn->data; @@ -1444,7 +1484,7 @@ static CURLcode idnconvert_hostname(struct connectdata *conn, host->dispname = host->name; /* Check name for non-ASCII and convert hostname to ACE form if we can */ - if(!is_ASCII_name(host->name)) { + if(!Curl_is_ASCII_name(host->name)) { #ifdef USE_LIBIDN2 if(idn2_check_version(IDN2_VERSION)) { char *ace_hostname = NULL; @@ -1477,7 +1517,9 @@ static CURLcode idnconvert_hostname(struct connectdata *conn, host->name = host->encalloc; } else { - failf(data, "Failed to convert %s to ACE;\n", host->name); + char buffer[STRERROR_LEN]; + failf(data, "Failed to convert %s to ACE; %s\n", host->name, + Curl_winapi_strerror(GetLastError(), buffer, sizeof(buffer))); return CURLE_URL_MALFORMAT; } #else @@ -1490,7 +1532,7 @@ static CURLcode idnconvert_hostname(struct connectdata *conn, /* * Frees data allocated by idnconvert_hostname() */ -static void free_idnconverted_hostname(struct hostname *host) +void Curl_free_idnconverted_hostname(struct hostname *host) { #if defined(USE_LIBIDN2) if(host->encalloc) { @@ -1615,7 +1657,8 @@ static struct connectdata *allocate_conn(struct Curl_easy *data) #if !defined(CURL_DISABLE_HTTP) && defined(USE_NTLM) && \ defined(NTLM_WB_ENABLED) - conn->ntlm_auth_hlpr_socket = CURL_SOCKET_BAD; + conn->ntlm.ntlm_auth_hlpr_socket = CURL_SOCKET_BAD; + conn->proxyntlm.ntlm_auth_hlpr_socket = CURL_SOCKET_BAD; #endif /* Initialize the easy handle list */ @@ -3194,8 +3237,8 @@ static CURLcode resolve_server(struct Curl_easy *data, static void reuse_conn(struct connectdata *old_conn, struct connectdata *conn) { - free_idnconverted_hostname(&old_conn->http_proxy.host); - free_idnconverted_hostname(&old_conn->socks_proxy.host); + Curl_free_idnconverted_hostname(&old_conn->http_proxy.host); + Curl_free_idnconverted_hostname(&old_conn->socks_proxy.host); free(old_conn->http_proxy.host.rawalloc); free(old_conn->socks_proxy.host.rawalloc); @@ -3239,8 +3282,8 @@ static void reuse_conn(struct connectdata *old_conn, /* host can change, when doing keepalive with a proxy or if the case is different this time etc */ - free_idnconverted_hostname(&conn->host); - free_idnconverted_hostname(&conn->conn_to_host); + Curl_free_idnconverted_hostname(&conn->host); + Curl_free_idnconverted_hostname(&conn->conn_to_host); Curl_safefree(conn->host.rawalloc); Curl_safefree(conn->conn_to_host.rawalloc); conn->host = old_conn->host; @@ -3336,14 +3379,6 @@ static CURLcode create_conn(struct Curl_easy *data, if(result) goto out; - if(data->set.str[STRING_BEARER]) { - conn->oauth_bearer = strdup(data->set.str[STRING_BEARER]); - if(!conn->oauth_bearer) { - result = CURLE_OUT_OF_MEMORY; - goto out; - } - } - if(data->set.str[STRING_SASL_AUTHZID]) { conn->sasl_authzid = strdup(data->set.str[STRING_SASL_AUTHZID]); if(!conn->sasl_authzid) { @@ -3407,21 +3442,21 @@ static CURLcode create_conn(struct Curl_easy *data, /************************************************************* * IDN-convert the hostnames *************************************************************/ - result = idnconvert_hostname(conn, &conn->host); + result = Curl_idnconvert_hostname(conn, &conn->host); if(result) goto out; if(conn->bits.conn_to_host) { - result = idnconvert_hostname(conn, &conn->conn_to_host); + result = Curl_idnconvert_hostname(conn, &conn->conn_to_host); if(result) goto out; } if(conn->bits.httpproxy) { - result = idnconvert_hostname(conn, &conn->http_proxy.host); + result = Curl_idnconvert_hostname(conn, &conn->http_proxy.host); if(result) goto out; } if(conn->bits.socksproxy) { - result = idnconvert_hostname(conn, &conn->socks_proxy.host); + result = Curl_idnconvert_hostname(conn, &conn->socks_proxy.host); if(result) goto out; } diff --git a/libs/libcurl/src/url.h b/libs/libcurl/src/url.h index 053fbdffc2..5000c512a8 100644 --- a/libs/libcurl/src/url.h +++ b/libs/libcurl/src/url.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -62,6 +62,11 @@ CURLcode Curl_parse_login_details(const char *login, const size_t len, const struct Curl_handler *Curl_builtin_scheme(const char *scheme); +bool Curl_is_ASCII_name(const char *hostname); +CURLcode Curl_idnconvert_hostname(struct connectdata *conn, + struct hostname *host); +void Curl_free_idnconverted_hostname(struct hostname *host); + #define CURL_DEFAULT_PROXY_PORT 1080 /* default proxy port unless specified */ #define CURL_DEFAULT_HTTPS_PROXY_PORT 443 /* default https proxy port unless specified */ diff --git a/libs/libcurl/src/urlapi.c b/libs/libcurl/src/urlapi.c index fa514bce53..506e244dc4 100644 --- a/libs/libcurl/src/urlapi.c +++ b/libs/libcurl/src/urlapi.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -428,7 +428,6 @@ static char *concat_url(const char *base, const char *relurl) * */ static CURLUcode parse_hostname_login(struct Curl_URL *u, - const struct Curl_handler *h, char **hostname, unsigned int flags) { @@ -437,6 +436,7 @@ static CURLUcode parse_hostname_login(struct Curl_URL *u, char *userp = NULL; char *passwdp = NULL; char *optionsp = NULL; + const struct Curl_handler *h = NULL; /* At this point, we're hoping all the other special cases have * been taken care of, so conn->host.name is at most @@ -456,6 +456,10 @@ static CURLUcode parse_hostname_login(struct Curl_URL *u, * ftp://user:password@ftp.my.site:8021/README */ *hostname = ++ptr; + /* if this is a known scheme, get some details */ + if(u->scheme) + h = Curl_builtin_scheme(u->scheme); + /* We could use the login information in the URL so extract it. Only parse options if the handler says we should. Note that 'h' might be NULL! */ ccode = Curl_parse_login_details(login, ptr - login - 1, @@ -571,7 +575,7 @@ UNITTEST CURLUcode Curl_parse_port(struct Curl_URL *u, char *hostname) } /* scan for byte values < 31 or 127 */ -static CURLUcode junkscan(char *part) +static CURLUcode junkscan(const char *part) { if(part) { static const char badbytes[]={ @@ -668,10 +672,9 @@ static CURLUcode seturl(const char *url, CURLU *u, unsigned int flags) CURLUcode result; bool url_has_scheme = FALSE; char schemebuf[MAX_SCHEME_LEN + 1]; - char *schemep = NULL; + const char *schemep = NULL; size_t schemelen = 0; size_t urllen; - const struct Curl_handler *h = NULL; if(!url) return CURLUE_MALFORMED_INPUT; @@ -798,7 +801,7 @@ static CURLUcode seturl(const char *url, CURLU *u, unsigned int flags) if(!(flags & (CURLU_DEFAULT_SCHEME|CURLU_GUESS_SCHEME))) return CURLUE_MALFORMED_INPUT; if(flags & CURLU_DEFAULT_SCHEME) - schemep = (char *) DEFAULT_SCHEME; + schemep = DEFAULT_SCHEME; /* * The URL was badly formatted, let's try without scheme specified. @@ -820,36 +823,17 @@ static CURLUcode seturl(const char *url, CURLU *u, unsigned int flags) return CURLUE_MALFORMED_INPUT; } - if((flags & CURLU_GUESS_SCHEME) && !schemep) { - /* legacy curl-style guess based on host name */ - if(checkprefix("ftp.", hostname)) - schemep = (char *)"ftp"; - else if(checkprefix("dict.", hostname)) - schemep = (char *)"dict"; - else if(checkprefix("ldap.", hostname)) - schemep = (char *)"ldap"; - else if(checkprefix("imap.", hostname)) - schemep = (char *)"imap"; - else if(checkprefix("smtp.", hostname)) - schemep = (char *)"smtp"; - else if(checkprefix("pop3.", hostname)) - schemep = (char *)"pop3"; - else - schemep = (char *)"http"; - } - len = strlen(p); memcpy(path, p, len); path[len] = 0; - u->scheme = strdup(schemep); - if(!u->scheme) - return CURLUE_OUT_OF_MEMORY; + if(schemep) { + u->scheme = strdup(schemep); + if(!u->scheme) + return CURLUE_OUT_OF_MEMORY; + } } - /* if this is a known scheme, get some details */ - h = Curl_builtin_scheme(u->scheme); - if(junkscan(path)) return CURLUE_MALFORMED_INPUT; @@ -916,7 +900,7 @@ static CURLUcode seturl(const char *url, CURLU *u, unsigned int flags) if(junkscan(hostname)) return CURLUE_MALFORMED_INPUT; - result = parse_hostname_login(u, h, &hostname, flags); + result = parse_hostname_login(u, &hostname, flags); if(result) return result; @@ -936,6 +920,28 @@ static CURLUcode seturl(const char *url, CURLU *u, unsigned int flags) u->host = strdup(hostname); if(!u->host) return CURLUE_OUT_OF_MEMORY; + + if((flags & CURLU_GUESS_SCHEME) && !schemep) { + /* legacy curl-style guess based on host name */ + if(checkprefix("ftp.", hostname)) + schemep = "ftp"; + else if(checkprefix("dict.", hostname)) + schemep = "dict"; + else if(checkprefix("ldap.", hostname)) + schemep = "ldap"; + else if(checkprefix("imap.", hostname)) + schemep = "imap"; + else if(checkprefix("smtp.", hostname)) + schemep = "smtp"; + else if(checkprefix("pop3.", hostname)) + schemep = "pop3"; + else + schemep = "http"; + + u->scheme = strdup(schemep); + if(!u->scheme) + return CURLUE_OUT_OF_MEMORY; + } } Curl_safefree(u->scratch); diff --git a/libs/libcurl/src/urldata.h b/libs/libcurl/src/urldata.h index 3effb1626f..e1348cf29b 100644 --- a/libs/libcurl/src/urldata.h +++ b/libs/libcurl/src/urldata.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -367,6 +367,14 @@ struct ntlmdata { unsigned char nonce[8]; void *target_info; /* TargetInfo received in the ntlm type-2 message */ unsigned int target_info_len; + +#if defined(NTLM_WB_ENABLED) + /* used for communication with Samba's winbind daemon helper ntlm_auth */ + curl_socket_t ntlm_auth_hlpr_socket; + pid_t ntlm_auth_hlpr_pid; + char *challenge; /* The received base64 encoded ntlm type-2 message */ + char *response; /* The generated base64 ntlm type-1/type-3 message */ +#endif #endif }; #endif @@ -468,7 +476,6 @@ struct ConnectBits { BIT(tcp_fastopen); /* use TCP Fast Open */ BIT(tls_enable_npn); /* TLS NPN extension? */ BIT(tls_enable_alpn); /* TLS ALPN extension? */ - BIT(socksproxy_connecting); /* connecting through a socks proxy */ BIT(connect_only); }; @@ -809,6 +816,41 @@ struct http_connect_state { struct ldapconninfo; +/* for the (SOCKS) connect state machine */ +enum connect_t { + CONNECT_INIT, + CONNECT_SOCKS_INIT, /* 1 */ + CONNECT_SOCKS_SEND, /* 2 waiting to send more first data */ + CONNECT_SOCKS_READ_INIT, /* 3 set up read */ + CONNECT_SOCKS_READ, /* 4 read server response */ + CONNECT_GSSAPI_INIT, /* 5 */ + CONNECT_AUTH_INIT, /* 6 setup outgoing auth buffer */ + CONNECT_AUTH_SEND, /* 7 send auth */ + CONNECT_AUTH_READ, /* 8 read auth response */ + CONNECT_REQ_INIT, /* 9 init SOCKS "request" */ + CONNECT_RESOLVING, /* 10 */ + CONNECT_RESOLVED, /* 11 */ + CONNECT_RESOLVE_REMOTE, /* 12 */ + CONNECT_REQ_SEND, /* 13 */ + CONNECT_REQ_SENDING, /* 14 */ + CONNECT_REQ_READ, /* 15 */ + CONNECT_REQ_READ_MORE, /* 16 */ + CONNECT_DONE /* 17 connected fine to the remote or the SOCKS proxy */ +}; + +#define SOCKS_STATE(x) (((x) >= CONNECT_SOCKS_INIT) && \ + ((x) < CONNECT_DONE)) +#define SOCKS_REQUEST_BUFSIZE 600 /* room for large user/pw (255 max each) */ + +struct connstate { + enum connect_t state; + unsigned char socksreq[SOCKS_REQUEST_BUFSIZE]; + + /* CONNECT_SOCKS_SEND */ + ssize_t outstanding; /* send this many bytes more */ + unsigned char *outp; /* send from this pointer */ +}; + /* * The connectdata struct contains all fields and variables that should be * unique for an entire connection. @@ -818,7 +860,7 @@ struct connectdata { caution that this might very well vary between different times this connection is used! */ struct Curl_easy *data; - + struct connstate cnnct; struct curl_llist_element bundle_node; /* conncache */ /* chunk is for HTTP chunked encoding, but is in the general connectdata @@ -906,7 +948,6 @@ struct connectdata { char *passwd; /* password string, allocated */ char *options; /* options string, allocated */ - char *oauth_bearer; /* bearer token for OAuth 2.0, allocated */ char *sasl_authzid; /* authorisation identity string, allocated */ int httpversion; /* the HTTP version*10 reported by the server */ @@ -918,8 +959,6 @@ struct connectdata { curl_socket_t sock[2]; /* two sockets, the second is used for the data transfer when doing FTP */ curl_socket_t tempsock[2]; /* temporary sockets for happy eyeballs */ - bool sock_accepted[2]; /* TRUE if the socket on this index was created with - accept() */ Curl_recv *recv[2]; Curl_send *send[2]; @@ -1011,14 +1050,6 @@ struct connectdata { because it authenticates connections, not single requests! */ struct ntlmdata proxyntlm; /* NTLM data for proxy */ - -#if defined(NTLM_WB_ENABLED) - /* used for communication with Samba's winbind daemon helper ntlm_auth */ - curl_socket_t ntlm_auth_hlpr_socket; - pid_t ntlm_auth_hlpr_pid; - char *challenge_header; - char *response_header; -#endif #endif #ifdef USE_SPNEGO @@ -1082,6 +1113,8 @@ struct connectdata { handle */ BIT(writechannel_inuse); /* whether the write channel is in use by an easy handle */ + BIT(sock_accepted); /* TRUE if the SECONDARYSOCKET was created with + accept() */ }; /* The end of connectdata. */ @@ -1409,6 +1442,8 @@ struct UrlState { BIT(ftp_trying_alternative); BIT(wildcardmatch); /* enable wildcard matching */ BIT(expect100header); /* TRUE if we added Expect: 100-continue */ + BIT(disableexpect); /* TRUE if Expect: is disabled due to a previous + 417 response */ BIT(use_range); BIT(rangestringalloc); /* the range string is malloc()'ed */ BIT(done); /* set to FALSE when Curl_init_do() is called and set to TRUE @@ -1451,6 +1486,14 @@ struct DynamicStatic { struct Curl_multi; /* declared and used only in multi.c */ +/* + * This enumeration MUST not use conditional directives (#ifdefs), new + * null terminated strings MUST be added to the enumeration immediately + * before STRING_LASTZEROTERMINATED, binary fields immediately before + * STRING_LAST. When doing so, ensure that the packages/OS400/chkstring.c + * test is updated and applicable changes for EBCDIC to ASCII conversion + * are catered for in curl_easy_setopt_ccsid() + */ enum dupstring { STRING_CERT_ORIG, /* client certificate file name */ STRING_CERT_PROXY, /* client certificate file name */ @@ -1507,36 +1550,35 @@ enum dupstring { STRING_RTSP_SESSION_ID, /* Session ID to use */ STRING_RTSP_STREAM_URI, /* Stream URI for this request */ STRING_RTSP_TRANSPORT, /* Transport for this session */ -#ifdef USE_SSH + STRING_SSH_PRIVATE_KEY, /* path to the private key file for auth */ STRING_SSH_PUBLIC_KEY, /* path to the public key file for auth */ STRING_SSH_HOST_PUBLIC_KEY_MD5, /* md5 of host public key in ascii hex */ STRING_SSH_KNOWNHOSTS, /* file name of knownhosts file */ -#endif + STRING_PROXY_SERVICE_NAME, /* Proxy service name */ STRING_SERVICE_NAME, /* Service name */ STRING_MAIL_FROM, STRING_MAIL_AUTH, -#ifdef USE_TLS_SRP STRING_TLSAUTH_USERNAME_ORIG, /* TLS auth */ STRING_TLSAUTH_USERNAME_PROXY, /* TLS auth */ STRING_TLSAUTH_PASSWORD_ORIG, /* TLS auth */ STRING_TLSAUTH_PASSWORD_PROXY, /* TLS auth */ -#endif + STRING_BEARER, /* , if used */ -#ifdef USE_UNIX_SOCKETS + STRING_UNIX_SOCKET_PATH, /* path to Unix socket, if used */ -#endif + STRING_TARGET, /* CURLOPT_REQUEST_TARGET */ STRING_DOH, /* CURLOPT_DOH_URL */ -#ifdef USE_ALTSVC + STRING_ALTSVC, /* CURLOPT_ALTSVC */ -#endif + STRING_SASL_AUTHZID, /* CURLOPT_SASL_AUTHZID */ -#ifndef CURL_DISABLE_PROXY + STRING_TEMP_URL, /* temp URL storage for proxy use */ -#endif + /* -- end of zero-terminated strings -- */ STRING_LASTZEROTERMINATED, @@ -1792,6 +1834,8 @@ struct UserDefined { BIT(doh); /* DNS-over-HTTPS enabled */ BIT(doh_get); /* use GET for DoH requests, instead of POST */ BIT(http09_allowed); /* allow HTTP/0.9 responses */ + BIT(mail_rcpt_allowfails); /* allow RCPT TO command to fail for some + recipients */ }; struct Names { diff --git a/libs/libcurl/src/vauth/digest.c b/libs/libcurl/src/vauth/digest.c index 8cd4d83ed3..a8835705f3 100644 --- a/libs/libcurl/src/vauth/digest.c +++ b/libs/libcurl/src/vauth/digest.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -62,7 +62,7 @@ what ultimately goes over the network. */ #define CURL_OUTPUT_DIGEST_CONV(a, b) \ - result = Curl_convert_to_network(a, (char *)b, strlen((const char *)b)); \ + result = Curl_convert_to_network(a, b, strlen(b)); \ if(result) { \ free(b); \ return result; \ @@ -660,7 +660,7 @@ CURLcode Curl_auth_decode_digest_http_message(const char *chlg, } /* - * _Curl_auth_create_digest_http_message() + * auth_create_digest_http_message() * * This is used to generate a HTTP DIGEST response message ready for sending * to the recipient. @@ -679,7 +679,7 @@ CURLcode Curl_auth_decode_digest_http_message(const char *chlg, * * Returns CURLE_OK on success. */ -static CURLcode _Curl_auth_create_digest_http_message( +static CURLcode auth_create_digest_http_message( struct Curl_easy *data, const char *userp, const char *passwdp, @@ -688,12 +688,12 @@ static CURLcode _Curl_auth_create_digest_http_message( struct digestdata *digest, char **outptr, size_t *outlen, void (*convert_to_ascii)(unsigned char *, unsigned char *), - void (*hash)(unsigned char *, const unsigned char *)) + void (*hash)(unsigned char *, const unsigned char *, + const size_t)) { CURLcode result; unsigned char hashbuf[32]; /* 32 bytes/256 bits */ unsigned char request_digest[65]; - unsigned char *hashthis; unsigned char ha1[65]; /* 64 digits and 1 zero byte */ unsigned char ha2[65]; /* 64 digits and 1 zero byte */ char userh[65]; @@ -701,6 +701,7 @@ static CURLcode _Curl_auth_create_digest_http_message( size_t cnonce_sz = 0; char *userp_quoted; char *response = NULL; + char *hashthis = NULL; char *tmp = NULL; if(!digest->nc) @@ -722,12 +723,12 @@ static CURLcode _Curl_auth_create_digest_http_message( } if(digest->userhash) { - hashthis = (unsigned char *) aprintf("%s:%s", userp, digest->realm); + hashthis = aprintf("%s:%s", userp, digest->realm); if(!hashthis) return CURLE_OUT_OF_MEMORY; CURL_OUTPUT_DIGEST_CONV(data, hashthis); - hash(hashbuf, hashthis); + hash(hashbuf, (unsigned char *) hashthis, strlen(hashthis)); free(hashthis); convert_to_ascii(hashbuf, (unsigned char *)userh); } @@ -743,14 +744,13 @@ static CURLcode _Curl_auth_create_digest_http_message( unq(nonce-value) ":" unq(cnonce-value) */ - hashthis = (unsigned char *) - aprintf("%s:%s:%s", digest->userhash ? userh : userp, - digest->realm, passwdp); + hashthis = aprintf("%s:%s:%s", digest->userhash ? userh : userp, + digest->realm, passwdp); if(!hashthis) return CURLE_OUT_OF_MEMORY; CURL_OUTPUT_DIGEST_CONV(data, hashthis); /* convert on non-ASCII machines */ - hash(hashbuf, hashthis); + hash(hashbuf, (unsigned char *) hashthis, strlen(hashthis)); free(hashthis); convert_to_ascii(hashbuf, ha1); @@ -763,7 +763,7 @@ static CURLcode _Curl_auth_create_digest_http_message( return CURLE_OUT_OF_MEMORY; CURL_OUTPUT_DIGEST_CONV(data, tmp); /* Convert on non-ASCII machines */ - hash(hashbuf, (unsigned char *) tmp); + hash(hashbuf, (unsigned char *) tmp, strlen(tmp)); free(tmp); convert_to_ascii(hashbuf, ha1); } @@ -781,19 +781,19 @@ static CURLcode _Curl_auth_create_digest_http_message( 5.1.1 of RFC 2616) */ - hashthis = (unsigned char *) aprintf("%s:%s", request, uripath); + hashthis = aprintf("%s:%s", request, uripath); if(!hashthis) return CURLE_OUT_OF_MEMORY; if(digest->qop && strcasecompare(digest->qop, "auth-int")) { /* We don't support auth-int for PUT or POST */ char hashed[65]; - unsigned char *hashthis2; + char *hashthis2; - hash(hashbuf, (const unsigned char *)""); + hash(hashbuf, (const unsigned char *)"", 0); convert_to_ascii(hashbuf, (unsigned char *)hashed); - hashthis2 = (unsigned char *)aprintf("%s:%s", hashthis, hashed); + hashthis2 = aprintf("%s:%s", hashthis, hashed); free(hashthis); hashthis = hashthis2; } @@ -802,31 +802,23 @@ static CURLcode _Curl_auth_create_digest_http_message( return CURLE_OUT_OF_MEMORY; CURL_OUTPUT_DIGEST_CONV(data, hashthis); /* convert on non-ASCII machines */ - hash(hashbuf, hashthis); + hash(hashbuf, (unsigned char *) hashthis, strlen(hashthis)); free(hashthis); convert_to_ascii(hashbuf, ha2); if(digest->qop) { - hashthis = (unsigned char *) aprintf("%s:%s:%08x:%s:%s:%s", - ha1, - digest->nonce, - digest->nc, - digest->cnonce, - digest->qop, - ha2); + hashthis = aprintf("%s:%s:%08x:%s:%s:%s", ha1, digest->nonce, digest->nc, + digest->cnonce, digest->qop, ha2); } else { - hashthis = (unsigned char *) aprintf("%s:%s:%s", - ha1, - digest->nonce, - ha2); + hashthis = aprintf("%s:%s:%s", ha1, digest->nonce, ha2); } if(!hashthis) return CURLE_OUT_OF_MEMORY; CURL_OUTPUT_DIGEST_CONV(data, hashthis); /* convert on non-ASCII machines */ - hash(hashbuf, hashthis); + hash(hashbuf, (unsigned char *) hashthis, strlen(hashthis)); free(hashthis); convert_to_ascii(hashbuf, request_digest); @@ -899,7 +891,7 @@ static CURLcode _Curl_auth_create_digest_http_message( if(digest->algorithm) { /* Append the algorithm */ - tmp = aprintf("%s, algorithm=\"%s\"", response, digest->algorithm); + tmp = aprintf("%s, algorithm=%s", response, digest->algorithm); free(response); if(!tmp) return CURLE_OUT_OF_MEMORY; @@ -955,21 +947,21 @@ CURLcode Curl_auth_create_digest_http_message(struct Curl_easy *data, switch(digest->algo) { case CURLDIGESTALGO_MD5: case CURLDIGESTALGO_MD5SESS: - return _Curl_auth_create_digest_http_message(data, userp, passwdp, - request, uripath, digest, - outptr, outlen, - auth_digest_md5_to_ascii, - Curl_md5it); + return auth_create_digest_http_message(data, userp, passwdp, + request, uripath, digest, + outptr, outlen, + auth_digest_md5_to_ascii, + Curl_md5it); case CURLDIGESTALGO_SHA256: case CURLDIGESTALGO_SHA256SESS: case CURLDIGESTALGO_SHA512_256: case CURLDIGESTALGO_SHA512_256SESS: - return _Curl_auth_create_digest_http_message(data, userp, passwdp, - request, uripath, digest, - outptr, outlen, - auth_digest_sha256_to_ascii, - Curl_sha256it); + return auth_create_digest_http_message(data, userp, passwdp, + request, uripath, digest, + outptr, outlen, + auth_digest_sha256_to_ascii, + Curl_sha256it); default: return CURLE_UNSUPPORTED_PROTOCOL; diff --git a/libs/libcurl/src/vauth/ntlm.c b/libs/libcurl/src/vauth/ntlm.c index 047c2b5a3f..8f91038064 100644 --- a/libs/libcurl/src/vauth/ntlm.c +++ b/libs/libcurl/src/vauth/ntlm.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -40,6 +40,7 @@ #include "curl_ntlm_core.h" #include "curl_gethostname.h" #include "curl_multibyte.h" +#include "curl_md5.h" #include "warnless.h" #include "rand.h" #include "vtls/vtls.h" @@ -621,11 +622,11 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data, memcpy(tmp, &ntlm->nonce[0], 8); memcpy(tmp + 8, entropy, 8); - result = Curl_ssl_md5sum(tmp, 16, md5sum, MD5_DIGEST_LENGTH); - if(!result) - /* We shall only use the first 8 bytes of md5sum, but the des code in - Curl_ntlm_core_lm_resp only encrypt the first 8 bytes */ - result = Curl_ntlm_core_mk_nt_hash(data, passwdp, ntbuffer); + Curl_md5it(md5sum, tmp, 16); + + /* We shall only use the first 8 bytes of md5sum, but the des code in + Curl_ntlm_core_lm_resp only encrypt the first 8 bytes */ + result = Curl_ntlm_core_mk_nt_hash(data, passwdp, ntbuffer); if(result) return result; diff --git a/libs/libcurl/src/version.c b/libs/libcurl/src/version.c index 6405d369d7..77aca7cbe8 100644 --- a/libs/libcurl/src/version.c +++ b/libs/libcurl/src/version.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -265,8 +265,10 @@ static const char * const protocols[] = { #ifndef CURL_DISABLE_RTSP "rtsp", #endif -#if defined(USE_SSH) +#if defined(USE_SSH) && !defined(USE_WOLFSSH) "scp", +#endif +#ifdef USE_SSH "sftp", #endif #if !defined(CURL_DISABLE_SMB) && defined(USE_NTLM) && \ diff --git a/libs/libcurl/src/vquic/ngtcp2.c b/libs/libcurl/src/vquic/ngtcp2.c index e97e9e871b..0788404c02 100644 --- a/libs/libcurl/src/vquic/ngtcp2.c +++ b/libs/libcurl/src/vquic/ngtcp2.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -146,7 +146,7 @@ static void quic_settings(ngtcp2_settings *s, s->transport_params.initial_max_data = QUIC_MAX_DATA; s->transport_params.initial_max_streams_bidi = 1; s->transport_params.initial_max_streams_uni = 3; - s->transport_params.idle_timeout = QUIC_IDLE_TIMEOUT; + s->transport_params.max_idle_timeout = QUIC_IDLE_TIMEOUT; } static FILE *keylog_file; /* not thread-safe */ @@ -535,6 +535,8 @@ static ngtcp2_conn_callbacks ng_callbacks = { NULL, /* extend_max_remote_streams_bidi */ NULL, /* extend_max_remote_streams_uni */ cb_extend_max_stream_data, + NULL, /* dcid_status */ + NULL /* handshake_confirmed */ }; /* @@ -574,10 +576,10 @@ CURLcode Curl_quic_connect(struct connectdata *conn, qs->version = NGTCP2_PROTO_VER; qs->sslctx = quic_ssl_ctx(data); if(!qs->sslctx) - return CURLE_FAILED_INIT; /* TODO: better return code */ + return CURLE_QUIC_CONNECT_ERROR; if(quic_init_ssl(qs)) - return CURLE_FAILED_INIT; /* TODO: better return code */ + return CURLE_QUIC_CONNECT_ERROR; qs->dcid.datalen = NGTCP2_MAX_CIDLEN; result = Curl_rand(data, qs->dcid.data, NGTCP2_MAX_CIDLEN); @@ -595,7 +597,7 @@ CURLcode Curl_quic_connect(struct connectdata *conn, rv = getsockname(sockfd, (struct sockaddr *)&qs->local_addr, &qs->local_addrlen); if(rv == -1) - return CURLE_FAILED_INIT; + return CURLE_QUIC_CONNECT_ERROR; ngtcp2_addr_init(&path.local, (uint8_t *)&qs->local_addr, qs->local_addrlen, NULL); @@ -609,7 +611,7 @@ CURLcode Curl_quic_connect(struct connectdata *conn, rc = ngtcp2_conn_client_new(&qs->qconn, &qs->dcid, &qs->scid, &path, QUICVER, &ng_callbacks, &qs->settings, NULL, qs); if(rc) - return CURLE_FAILED_INIT; /* TODO: create a QUIC error code */ + return CURLE_QUIC_CONNECT_ERROR; ngtcp2_conn_get_local_transport_params(qs->qconn, ¶ms); nwrite = ngtcp2_encode_transport_params( @@ -618,15 +620,15 @@ CURLcode Curl_quic_connect(struct connectdata *conn, if(nwrite < 0) { failf(data, "ngtcp2_encode_transport_params: %s\n", ngtcp2_strerror((int)nwrite)); - return CURLE_FAILED_INIT; + return CURLE_QUIC_CONNECT_ERROR; } if(!SSL_set_quic_transport_params(qs->ssl, paramsbuf, nwrite)) - return CURLE_FAILED_INIT; + return CURLE_QUIC_CONNECT_ERROR; rc = setup_initial_crypto_context(qs); if(rc) - return CURLE_FAILED_INIT; /* TODO: better return code */ + return CURLE_QUIC_CONNECT_ERROR; return CURLE_OK; } @@ -998,7 +1000,7 @@ static int init_ngh3_conn(struct quicsocket *qs) if(ngtcp2_conn_get_max_local_streams_uni(qs->qconn) < 3) { failf(qs->conn->data, "too few available QUIC streams"); - return CURLE_FAILED_INIT; + return CURLE_QUIC_CONNECT_ERROR; } nghttp3_conn_settings_default(&qs->h3settings); @@ -1015,32 +1017,32 @@ static int init_ngh3_conn(struct quicsocket *qs) rc = ngtcp2_conn_open_uni_stream(qs->qconn, &ctrl_stream_id, NULL); if(rc) { - result = CURLE_FAILED_INIT; + result = CURLE_QUIC_CONNECT_ERROR; goto fail; } rc = nghttp3_conn_bind_control_stream(qs->h3conn, ctrl_stream_id); if(rc) { - result = CURLE_FAILED_INIT; + result = CURLE_QUIC_CONNECT_ERROR; goto fail; } rc = ngtcp2_conn_open_uni_stream(qs->qconn, &qpack_enc_stream_id, NULL); if(rc) { - result = CURLE_FAILED_INIT; + result = CURLE_QUIC_CONNECT_ERROR; goto fail; } rc = ngtcp2_conn_open_uni_stream(qs->qconn, &qpack_dec_stream_id, NULL); if(rc) { - result = CURLE_FAILED_INIT; + result = CURLE_QUIC_CONNECT_ERROR; goto fail; } rc = nghttp3_conn_bind_qpack_streams(qs->h3conn, qpack_enc_stream_id, qpack_dec_stream_id); if(rc) { - result = CURLE_FAILED_INIT; + result = CURLE_QUIC_CONNECT_ERROR; goto fail; } @@ -1599,9 +1601,11 @@ static CURLcode ng_flush_egress(struct connectdata *conn, int sockfd, case AF_INET: pktlen = NGTCP2_MAX_PKTLEN_IPV4; break; +#ifdef ENABLE_IPV6 case AF_INET6: pktlen = NGTCP2_MAX_PKTLEN_IPV6; break; +#endif default: assert(0); } diff --git a/libs/libcurl/src/vquic/quiche.c b/libs/libcurl/src/vquic/quiche.c index e2f43237fa..d09ba7038a 100644 --- a/libs/libcurl/src/vquic/quiche.c +++ b/libs/libcurl/src/vquic/quiche.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -171,7 +171,7 @@ CURLcode Curl_quic_connect(struct connectdata *conn, curl_socket_t sockfd, return CURLE_FAILED_INIT; } - quiche_config_set_idle_timeout(qs->cfg, QUIC_IDLE_TIMEOUT); + quiche_config_set_max_idle_timeout(qs->cfg, QUIC_IDLE_TIMEOUT); quiche_config_set_initial_max_data(qs->cfg, QUIC_MAX_DATA); quiche_config_set_initial_max_stream_data_bidi_local(qs->cfg, QUIC_MAX_DATA); quiche_config_set_initial_max_stream_data_bidi_remote(qs->cfg, diff --git a/libs/libcurl/src/vssh/libssh.c b/libs/libcurl/src/vssh/libssh.c index 62a7f1960c..647b4d4913 100644 --- a/libs/libcurl/src/vssh/libssh.c +++ b/libs/libcurl/src/vssh/libssh.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2017 - 2019 Red Hat, Inc. + * Copyright (C) 2017 - 2020 Red Hat, Inc. * * Authors: Nikos Mavrogiannopoulos, Tomas Mraz, Stanislav Zidek, * Robert Kolcun, Andreas Schneider @@ -322,14 +322,25 @@ static int myssh_is_known(struct connectdata *conn) ssh_key pubkey; size_t hlen; unsigned char *hash = NULL; - char *base64 = NULL; + char *found_base64 = NULL; + char *known_base64 = NULL; int vstate; enum curl_khmatch keymatch; struct curl_khkey foundkey; + struct curl_khkey *knownkeyp = NULL; curl_sshkeycallback func = data->set.ssh_keyfunc; +#if LIBSSH_VERSION_INT >= SSH_VERSION_INT(0,9,0) + struct ssh_knownhosts_entry *knownhostsentry = NULL; + struct curl_khkey knownkey; +#endif + +#if LIBSSH_VERSION_INT >= SSH_VERSION_INT(0,8,0) + rc = ssh_get_server_publickey(sshc->ssh_session, &pubkey); +#else rc = ssh_get_publickey(sshc->ssh_session, &pubkey); +#endif if(rc != SSH_OK) return rc; @@ -354,6 +365,65 @@ static int myssh_is_known(struct connectdata *conn) goto cleanup; } +#if LIBSSH_VERSION_INT >= SSH_VERSION_INT(0,9,0) + /* Get the known_key from the known hosts file */ + vstate = ssh_session_get_known_hosts_entry(sshc->ssh_session, + &knownhostsentry); + + /* Case an entry was found in a known hosts file */ + if(knownhostsentry) { + if(knownhostsentry->publickey) { + rc = ssh_pki_export_pubkey_base64(knownhostsentry->publickey, + &known_base64); + if(rc != SSH_OK) { + goto cleanup; + } + knownkey.key = known_base64; + knownkey.len = strlen(known_base64); + + switch(ssh_key_type(knownhostsentry->publickey)) { + case SSH_KEYTYPE_RSA: + knownkey.keytype = CURLKHTYPE_RSA; + break; + case SSH_KEYTYPE_RSA1: + knownkey.keytype = CURLKHTYPE_RSA1; + break; + case SSH_KEYTYPE_ECDSA: + knownkey.keytype = CURLKHTYPE_ECDSA; + break; + case SSH_KEYTYPE_ED25519: + knownkey.keytype = CURLKHTYPE_ED25519; + break; + case SSH_KEYTYPE_DSS: + knownkey.keytype = CURLKHTYPE_DSS; + break; + default: + rc = SSH_ERROR; + goto cleanup; + } + knownkeyp = &knownkey; + } + } + + switch(vstate) { + case SSH_KNOWN_HOSTS_OK: + keymatch = CURLKHMATCH_OK; + break; + case SSH_KNOWN_HOSTS_OTHER: + /* fallthrough */ + case SSH_KNOWN_HOSTS_NOT_FOUND: + /* fallthrough */ + case SSH_KNOWN_HOSTS_UNKNOWN: + /* fallthrough */ + case SSH_KNOWN_HOSTS_ERROR: + keymatch = CURLKHMATCH_MISSING; + break; + default: + keymatch = CURLKHMATCH_MISMATCH; + break; + } + +#else vstate = ssh_is_server_known(sshc->ssh_session); switch(vstate) { case SSH_SERVER_KNOWN_OK: @@ -368,14 +438,15 @@ static int myssh_is_known(struct connectdata *conn) keymatch = CURLKHMATCH_MISMATCH; break; } +#endif if(func) { /* use callback to determine action */ - rc = ssh_pki_export_pubkey_base64(pubkey, &base64); + rc = ssh_pki_export_pubkey_base64(pubkey, &found_base64); if(rc != SSH_OK) goto cleanup; - foundkey.key = base64; - foundkey.len = strlen(base64); + foundkey.key = found_base64; + foundkey.len = strlen(found_base64); switch(ssh_key_type(pubkey)) { case SSH_KEYTYPE_RSA: @@ -400,15 +471,19 @@ static int myssh_is_known(struct connectdata *conn) goto cleanup; } - /* we don't have anything equivalent to knownkey. Always NULL */ Curl_set_in_callback(data, true); - rc = func(data, NULL, &foundkey, /* from the remote host */ + rc = func(data, knownkeyp, /* from the knownhosts file */ + &foundkey, /* from the remote host */ keymatch, data->set.ssh_keyfunc_userp); Curl_set_in_callback(data, false); switch(rc) { case CURLKHSTAT_FINE_ADD_TO_FILE: +#if LIBSSH_VERSION_INT >= SSH_VERSION_INT(0,8,0) + rc = ssh_session_update_known_hosts(sshc->ssh_session); +#else rc = ssh_write_knownhost(sshc->ssh_session); +#endif if(rc != SSH_OK) { goto cleanup; } @@ -429,9 +504,20 @@ static int myssh_is_known(struct connectdata *conn) rc = SSH_OK; cleanup: + if(found_base64) { + free(found_base64); + } + if(known_base64) { + free(known_base64); + } if(hash) ssh_clean_pubkey_hash(&hash); ssh_key_free(pubkey); +#if LIBSSH_VERSION_INT >= SSH_VERSION_INT(0,9,0) + if(knownhostsentry) { + ssh_knownhosts_entry_free(knownhostsentry); + } +#endif return rc; } @@ -1586,7 +1672,6 @@ static CURLcode myssh_statemach_act(struct connectdata *conn, bool *block) return CURLE_BAD_DOWNLOAD_RESUME; } } - /* Does a completed file need to be seeked and started or closed ? */ /* Now store the number of bytes we are expected to download */ data->req.size = size - data->state.resume_from; data->req.maxdownload = size - data->state.resume_from; diff --git a/libs/libcurl/src/vssh/libssh2.c b/libs/libcurl/src/vssh/libssh2.c index 063f3d2ae6..8e043747e7 100644 --- a/libs/libcurl/src/vssh/libssh2.c +++ b/libs/libcurl/src/vssh/libssh2.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -106,6 +106,7 @@ static LIBSSH2_ALLOC_FUNC(my_libssh2_malloc); static LIBSSH2_REALLOC_FUNC(my_libssh2_realloc); static LIBSSH2_FREE_FUNC(my_libssh2_free); +static CURLcode ssh_force_knownhost_key_type(struct connectdata *conn); static CURLcode ssh_connect(struct connectdata *conn, bool *done); static CURLcode ssh_multi_statemach(struct connectdata *conn, bool *done); static CURLcode ssh_do(struct connectdata *conn, bool *done); @@ -648,6 +649,129 @@ static CURLcode ssh_check_fingerprint(struct connectdata *conn) return ssh_knownhost(conn); } +/* + * ssh_force_knownhost_key_type() will check the known hosts file and try to + * force a specific public key type from the server if an entry is found. + */ +static CURLcode ssh_force_knownhost_key_type(struct connectdata *conn) +{ + CURLcode result = CURLE_OK; + +#ifdef HAVE_LIBSSH2_KNOWNHOST_API + +#ifdef LIBSSH2_KNOWNHOST_KEY_ED25519 + static const char * const hostkey_method_ssh_ed25519 + = "ssh-ed25519"; +#endif +#ifdef LIBSSH2_KNOWNHOST_KEY_ECDSA_521 + static const char * const hostkey_method_ssh_ecdsa_521 + = "ecdsa-sha2-nistp521"; +#endif +#ifdef LIBSSH2_KNOWNHOST_KEY_ECDSA_384 + static const char * const hostkey_method_ssh_ecdsa_384 + = "ecdsa-sha2-nistp384"; +#endif +#ifdef LIBSSH2_KNOWNHOST_KEY_ECDSA_256 + static const char * const hostkey_method_ssh_ecdsa_256 + = "ecdsa-sha2-nistp256"; +#endif + static const char * const hostkey_method_ssh_rsa + = "ssh-rsa"; + static const char * const hostkey_method_ssh_dss + = "ssh-dss"; + + const char *hostkey_method = NULL; + struct ssh_conn *sshc = &conn->proto.sshc; + struct Curl_easy *data = conn->data; + struct libssh2_knownhost* store = NULL; + const char *kh_name_end = NULL; + size_t kh_name_size = 0; + int port = 0; + bool found = false; + + if(sshc->kh && !data->set.str[STRING_SSH_HOST_PUBLIC_KEY_MD5]) { + /* lets try to find our host in the known hosts file */ + while(!libssh2_knownhost_get(sshc->kh, &store, store)) { + /* For non-standard ports, the name will be enclosed in */ + /* square brackets, followed by a colon and the port */ + if(store->name[0] == '[') { + kh_name_end = strstr(store->name, "]:"); + if(!kh_name_end) { + infof(data, "Invalid host pattern %s in %s\n", + store->name, data->set.str[STRING_SSH_KNOWNHOSTS]); + continue; + } + port = atoi(kh_name_end + 2); + if(kh_name_end && (port == conn->remote_port)) { + kh_name_size = strlen(store->name) - 1 - strlen(kh_name_end); + if(strncmp(store->name + 1, conn->host.name, kh_name_size) == 0) { + found = true; + break; + } + } + } + else if(strcmp(store->name, conn->host.name) == 0) { + found = true; + break; + } + } + + if(found) { + infof(data, "Found host %s in %s\n", + store->name, data->set.str[STRING_SSH_KNOWNHOSTS]); + + switch(store->typemask & LIBSSH2_KNOWNHOST_KEY_MASK) { +#ifdef LIBSSH2_KNOWNHOST_KEY_ED25519 + case LIBSSH2_KNOWNHOST_KEY_ED25519: + hostkey_method = hostkey_method_ssh_ed25519; + break; +#endif +#ifdef LIBSSH2_KNOWNHOST_KEY_ECDSA_521 + case LIBSSH2_KNOWNHOST_KEY_ECDSA_521: + hostkey_method = hostkey_method_ssh_ecdsa_521; + break; +#endif +#ifdef LIBSSH2_KNOWNHOST_KEY_ECDSA_384 + case LIBSSH2_KNOWNHOST_KEY_ECDSA_384: + hostkey_method = hostkey_method_ssh_ecdsa_384; + break; +#endif +#ifdef LIBSSH2_KNOWNHOST_KEY_ECDSA_256 + case LIBSSH2_KNOWNHOST_KEY_ECDSA_256: + hostkey_method = hostkey_method_ssh_ecdsa_256; + break; +#endif + case LIBSSH2_KNOWNHOST_KEY_SSHRSA: + hostkey_method = hostkey_method_ssh_rsa; + break; + case LIBSSH2_KNOWNHOST_KEY_SSHDSS: + hostkey_method = hostkey_method_ssh_dss; + break; + case LIBSSH2_KNOWNHOST_KEY_RSA1: + failf(data, "Found host key type RSA1 which is not supported\n"); + return CURLE_SSH; + default: + failf(data, "Unknown host key type: %i\n", + (store->typemask & LIBSSH2_KNOWNHOST_KEY_MASK)); + return CURLE_SSH; + } + + infof(data, "Set \"%s\" as SSH hostkey type\n", hostkey_method); + result = libssh2_session_error_to_CURLE( + libssh2_session_method_pref( + sshc->ssh_session, LIBSSH2_METHOD_HOSTKEY, hostkey_method)); + } + else { + infof(data, "Did not find host %s in %s\n", + conn->host.name, data->set.str[STRING_SSH_KNOWNHOSTS]); + } + } + +#endif /* HAVE_LIBSSH2_KNOWNHOST_API */ + + return result; +} + /* * ssh_statemach_act() runs the SSH state machine as far as it can without * blocking and without reaching the end. The data the pointer 'block' points @@ -680,6 +804,12 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block) non-blocking */ libssh2_session_set_blocking(sshc->ssh_session, 0); + result = ssh_force_knownhost_key_type(conn); + if(result) { + state(conn, SSH_SESSION_FREE); + break; + } + state(conn, SSH_S_STARTUP); /* FALLTHROUGH */ @@ -2251,7 +2381,6 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block) return CURLE_BAD_DOWNLOAD_RESUME; } } - /* Does a completed file need to be seeked and started or closed ? */ /* Now store the number of bytes we are expected to download */ data->req.size = attrs.filesize - data->state.resume_from; data->req.maxdownload = attrs.filesize - data->state.resume_from; diff --git a/libs/libcurl/src/vssh/ssh.h b/libs/libcurl/src/vssh/ssh.h index 3213c5a52e..0d4ee521d1 100644 --- a/libs/libcurl/src/vssh/ssh.h +++ b/libs/libcurl/src/vssh/ssh.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -30,7 +30,10 @@ #elif defined(HAVE_LIBSSH_LIBSSH_H) #include #include -#endif /* HAVE_LIBSSH2_H */ +#elif defined(USE_WOLFSSH) +#include +#include +#endif /**************************************************************************** * SSH unique setup @@ -188,6 +191,12 @@ struct ssh_conn { #ifdef HAVE_LIBSSH2_KNOWNHOST_API LIBSSH2_KNOWNHOSTS *kh; #endif +#elif defined(USE_WOLFSSH) + WOLFSSH *ssh_session; + WOLFSSH_CTX *ctx; + word32 handleSz; + byte handle[WOLFSSH_MAX_HANDLE]; + curl_off_t offset; #endif /* USE_LIBSSH */ }; @@ -195,9 +204,6 @@ struct ssh_conn { #define CURL_LIBSSH_VERSION ssh_version(0) -extern const struct Curl_handler Curl_handler_scp; -extern const struct Curl_handler Curl_handler_sftp; - #elif defined(USE_LIBSSH2) /* Feature detection based on version numbers to better work with @@ -237,11 +243,13 @@ extern const struct Curl_handler Curl_handler_sftp; #define CURL_LIBSSH2_VERSION LIBSSH2_VERSION #endif -extern const struct Curl_handler Curl_handler_scp; -extern const struct Curl_handler Curl_handler_sftp; #endif /* USE_LIBSSH2 */ #ifdef USE_SSH + +extern const struct Curl_handler Curl_handler_scp; +extern const struct Curl_handler Curl_handler_sftp; + /* generic SSH backend functions */ CURLcode Curl_ssh_init(void); void Curl_ssh_cleanup(void); diff --git a/libs/libcurl/src/vssh/wolfssh.c b/libs/libcurl/src/vssh/wolfssh.c new file mode 100644 index 0000000000..363a52c772 --- /dev/null +++ b/libs/libcurl/src/vssh/wolfssh.c @@ -0,0 +1,1156 @@ +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 2019 - 2020, Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.haxx.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ + +#include "curl_setup.h" + +#ifdef USE_WOLFSSH + +#include + +#include +#include +#include "urldata.h" +#include "connect.h" +#include "sendf.h" +#include "progress.h" +#include "curl_path.h" +#include "strtoofft.h" +#include "transfer.h" +#include "speedcheck.h" +#include "select.h" +#include "multiif.h" +#include "warnless.h" + +/* The last 3 #include files should be in this order */ +#include "curl_printf.h" +#include "curl_memory.h" +#include "memdebug.h" + +static CURLcode wssh_connect(struct connectdata *conn, bool *done); +static CURLcode wssh_multi_statemach(struct connectdata *conn, bool *done); +static CURLcode wssh_do(struct connectdata *conn, bool *done); +#if 0 +static CURLcode wscp_done(struct connectdata *conn, + CURLcode, bool premature); +static CURLcode wscp_doing(struct connectdata *conn, + bool *dophase_done); +static CURLcode wscp_disconnect(struct connectdata *conn, + bool dead_connection); +#endif +static CURLcode wsftp_done(struct connectdata *conn, + CURLcode, bool premature); +static CURLcode wsftp_doing(struct connectdata *conn, + bool *dophase_done); +static CURLcode wsftp_disconnect(struct connectdata *conn, bool dead); +static int wssh_getsock(struct connectdata *conn, + curl_socket_t *sock); +static int wssh_perform_getsock(const struct connectdata *conn, + curl_socket_t *sock); +static CURLcode wssh_setup_connection(struct connectdata *conn); + +#if 0 +/* + * SCP protocol handler. + */ + +const struct Curl_handler Curl_handler_scp = { + "SCP", /* scheme */ + wssh_setup_connection, /* setup_connection */ + wssh_do, /* do_it */ + wscp_done, /* done */ + ZERO_NULL, /* do_more */ + wssh_connect, /* connect_it */ + wssh_multi_statemach, /* connecting */ + wscp_doing, /* doing */ + wssh_getsock, /* proto_getsock */ + wssh_getsock, /* doing_getsock */ + ZERO_NULL, /* domore_getsock */ + wssh_perform_getsock, /* perform_getsock */ + wscp_disconnect, /* disconnect */ + ZERO_NULL, /* readwrite */ + ZERO_NULL, /* connection_check */ + PORT_SSH, /* defport */ + CURLPROTO_SCP, /* protocol */ + PROTOPT_DIRLOCK | PROTOPT_CLOSEACTION + | PROTOPT_NOURLQUERY /* flags */ +}; + +#endif + +/* + * SFTP protocol handler. + */ + +const struct Curl_handler Curl_handler_sftp = { + "SFTP", /* scheme */ + wssh_setup_connection, /* setup_connection */ + wssh_do, /* do_it */ + wsftp_done, /* done */ + ZERO_NULL, /* do_more */ + wssh_connect, /* connect_it */ + wssh_multi_statemach, /* connecting */ + wsftp_doing, /* doing */ + wssh_getsock, /* proto_getsock */ + wssh_getsock, /* doing_getsock */ + ZERO_NULL, /* domore_getsock */ + wssh_perform_getsock, /* perform_getsock */ + wsftp_disconnect, /* disconnect */ + ZERO_NULL, /* readwrite */ + ZERO_NULL, /* connection_check */ + PORT_SSH, /* defport */ + CURLPROTO_SFTP, /* protocol */ + PROTOPT_DIRLOCK | PROTOPT_CLOSEACTION + | PROTOPT_NOURLQUERY /* flags */ +}; + +/* + * SSH State machine related code + */ +/* This is the ONLY way to change SSH state! */ +static void state(struct connectdata *conn, sshstate nowstate) +{ + struct ssh_conn *sshc = &conn->proto.sshc; +#if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS) + /* for debug purposes */ + static const char * const names[] = { + "SSH_STOP", + "SSH_INIT", + "SSH_S_STARTUP", + "SSH_HOSTKEY", + "SSH_AUTHLIST", + "SSH_AUTH_PKEY_INIT", + "SSH_AUTH_PKEY", + "SSH_AUTH_PASS_INIT", + "SSH_AUTH_PASS", + "SSH_AUTH_AGENT_INIT", + "SSH_AUTH_AGENT_LIST", + "SSH_AUTH_AGENT", + "SSH_AUTH_HOST_INIT", + "SSH_AUTH_HOST", + "SSH_AUTH_KEY_INIT", + "SSH_AUTH_KEY", + "SSH_AUTH_GSSAPI", + "SSH_AUTH_DONE", + "SSH_SFTP_INIT", + "SSH_SFTP_REALPATH", + "SSH_SFTP_QUOTE_INIT", + "SSH_SFTP_POSTQUOTE_INIT", + "SSH_SFTP_QUOTE", + "SSH_SFTP_NEXT_QUOTE", + "SSH_SFTP_QUOTE_STAT", + "SSH_SFTP_QUOTE_SETSTAT", + "SSH_SFTP_QUOTE_SYMLINK", + "SSH_SFTP_QUOTE_MKDIR", + "SSH_SFTP_QUOTE_RENAME", + "SSH_SFTP_QUOTE_RMDIR", + "SSH_SFTP_QUOTE_UNLINK", + "SSH_SFTP_QUOTE_STATVFS", + "SSH_SFTP_GETINFO", + "SSH_SFTP_FILETIME", + "SSH_SFTP_TRANS_INIT", + "SSH_SFTP_UPLOAD_INIT", + "SSH_SFTP_CREATE_DIRS_INIT", + "SSH_SFTP_CREATE_DIRS", + "SSH_SFTP_CREATE_DIRS_MKDIR", + "SSH_SFTP_READDIR_INIT", + "SSH_SFTP_READDIR", + "SSH_SFTP_READDIR_LINK", + "SSH_SFTP_READDIR_BOTTOM", + "SSH_SFTP_READDIR_DONE", + "SSH_SFTP_DOWNLOAD_INIT", + "SSH_SFTP_DOWNLOAD_STAT", + "SSH_SFTP_CLOSE", + "SSH_SFTP_SHUTDOWN", + "SSH_SCP_TRANS_INIT", + "SSH_SCP_UPLOAD_INIT", + "SSH_SCP_DOWNLOAD_INIT", + "SSH_SCP_DOWNLOAD", + "SSH_SCP_DONE", + "SSH_SCP_SEND_EOF", + "SSH_SCP_WAIT_EOF", + "SSH_SCP_WAIT_CLOSE", + "SSH_SCP_CHANNEL_FREE", + "SSH_SESSION_DISCONNECT", + "SSH_SESSION_FREE", + "QUIT" + }; + + /* a precaution to make sure the lists are in sync */ + DEBUGASSERT(sizeof(names)/sizeof(names[0]) == SSH_LAST); + + if(sshc->state != nowstate) { + infof(conn->data, "wolfssh %p state change from %s to %s\n", + (void *)sshc, names[sshc->state], names[nowstate]); + } +#endif + + sshc->state = nowstate; +} + +static ssize_t wscp_send(struct connectdata *conn, int sockindex, + const void *mem, size_t len, CURLcode *err) +{ + ssize_t nwrite = 0; + (void)conn; + (void)sockindex; /* we only support SCP on the fixed known primary socket */ + (void)mem; + (void)len; + (void)err; + + return nwrite; +} + +static ssize_t wscp_recv(struct connectdata *conn, int sockindex, + char *mem, size_t len, CURLcode *err) +{ + ssize_t nread = 0; + (void)conn; + (void)sockindex; /* we only support SCP on the fixed known primary socket */ + (void)mem; + (void)len; + (void)err; + + return nread; +} + +/* return number of sent bytes */ +static ssize_t wsftp_send(struct connectdata *conn, int sockindex, + const void *mem, size_t len, CURLcode *err) +{ + struct ssh_conn *sshc = &conn->proto.sshc; + word32 offset[2]; + int rc; + (void)sockindex; + + offset[0] = (word32)sshc->offset&0xFFFFFFFF; + offset[1] = (word32)(sshc->offset>>32)&0xFFFFFFFF; + + rc = wolfSSH_SFTP_SendWritePacket(sshc->ssh_session, sshc->handle, + sshc->handleSz, + &offset[0], + (byte *)mem, (word32)len); + + if(rc == WS_FATAL_ERROR) + rc = wolfSSH_get_error(sshc->ssh_session); + if(rc == WS_WANT_READ) { + conn->waitfor = KEEP_RECV; + *err = CURLE_AGAIN; + return -1; + } + else if(rc == WS_WANT_WRITE) { + conn->waitfor = KEEP_SEND; + *err = CURLE_AGAIN; + return -1; + } + if(rc < 0) { + failf(conn->data, "wolfSSH_SFTP_SendWritePacket returned %d\n", rc); + return -1; + } + DEBUGASSERT(rc == (int)len); + infof(conn->data, "sent %zd bytes SFTP from offset %zd\n", + len, sshc->offset); + sshc->offset += len; + return (ssize_t)rc; +} + +/* + * Return number of received (decrypted) bytes + * or <0 on error + */ +static ssize_t wsftp_recv(struct connectdata *conn, int sockindex, + char *mem, size_t len, CURLcode *err) +{ + int rc; + struct ssh_conn *sshc = &conn->proto.sshc; + word32 offset[2]; + (void)sockindex; + + offset[0] = (word32)sshc->offset&0xFFFFFFFF; + offset[1] = (word32)(sshc->offset>>32)&0xFFFFFFFF; + + rc = wolfSSH_SFTP_SendReadPacket(sshc->ssh_session, sshc->handle, + sshc->handleSz, + &offset[0], + (byte *)mem, (word32)len); + if(rc == WS_FATAL_ERROR) + rc = wolfSSH_get_error(sshc->ssh_session); + if(rc == WS_WANT_READ) { + conn->waitfor = KEEP_RECV; + *err = CURLE_AGAIN; + return -1; + } + else if(rc == WS_WANT_WRITE) { + conn->waitfor = KEEP_SEND; + *err = CURLE_AGAIN; + return -1; + } + + DEBUGASSERT(rc <= (int)len); + + if(rc < 0) { + failf(conn->data, "wolfSSH_SFTP_SendReadPacket returned %d\n", rc); + return -1; + } + sshc->offset += len; + + return (ssize_t)rc; +} + +/* + * SSH setup and connection + */ +static CURLcode wssh_setup_connection(struct connectdata *conn) +{ + struct SSHPROTO *ssh; + + conn->data->req.protop = ssh = calloc(1, sizeof(struct SSHPROTO)); + if(!ssh) + return CURLE_OUT_OF_MEMORY; + + return CURLE_OK; +} + +static Curl_recv wscp_recv, wsftp_recv; +static Curl_send wscp_send, wsftp_send; + +static int userauth(byte authtype, + WS_UserAuthData* authdata, + void *ctx) +{ + struct connectdata *conn = ctx; + DEBUGF(infof(conn->data, "wolfssh callback: type %s\n", + authtype == WOLFSSH_USERAUTH_PASSWORD ? "PASSWORD" : + "PUBLICCKEY")); + if(authtype == WOLFSSH_USERAUTH_PASSWORD) { + authdata->sf.password.password = (byte *)conn->passwd; + authdata->sf.password.passwordSz = (word32) strlen(conn->passwd); + } + + return 0; +} + +static CURLcode wssh_connect(struct connectdata *conn, bool *done) +{ + struct Curl_easy *data = conn->data; + struct ssh_conn *sshc; + curl_socket_t sock = conn->sock[FIRSTSOCKET]; + int rc; + + /* initialize per-handle data if not already */ + if(!data->req.protop) + wssh_setup_connection(conn); + + /* We default to persistent connections. We set this already in this connect + function to make the re-use checks properly be able to check this bit. */ + connkeep(conn, "SSH default"); + + if(conn->handler->protocol & CURLPROTO_SCP) { + conn->recv[FIRSTSOCKET] = wscp_recv; + conn->send[FIRSTSOCKET] = wscp_send; + } + else { + conn->recv[FIRSTSOCKET] = wsftp_recv; + conn->send[FIRSTSOCKET] = wsftp_send; + } + sshc = &conn->proto.sshc; + sshc->ctx = wolfSSH_CTX_new(WOLFSSH_ENDPOINT_CLIENT, NULL); + if(!sshc->ctx) { + failf(data, "No wolfSSH context"); + goto error; + } + + sshc->ssh_session = wolfSSH_new(sshc->ctx); + if(sshc->ssh_session == NULL) { + failf(data, "No wolfSSH session"); + goto error; + } + + rc = wolfSSH_SetUsername(sshc->ssh_session, conn->user); + if(rc != WS_SUCCESS) { + failf(data, "wolfSSH failed to set user name"); + goto error; + } + + /* set callback for authentication */ + wolfSSH_SetUserAuth(sshc->ctx, userauth); + wolfSSH_SetUserAuthCtx(sshc->ssh_session, conn); + + rc = wolfSSH_set_fd(sshc->ssh_session, (int)sock); + if(rc) { + failf(data, "wolfSSH failed to set socket"); + goto error; + } + +#if 0 + wolfSSH_Debugging_ON(); +#endif + + *done = TRUE; + if(conn->handler->protocol & CURLPROTO_SCP) + state(conn, SSH_INIT); + else + state(conn, SSH_SFTP_INIT); + + return wssh_multi_statemach(conn, done); + error: + wolfSSH_free(sshc->ssh_session); + wolfSSH_CTX_free(sshc->ctx); + return CURLE_FAILED_INIT; +} + +/* + * wssh_statemach_act() runs the SSH state machine as far as it can without + * blocking and without reaching the end. The data the pointer 'block' points + * to will be set to TRUE if the wolfssh function returns EAGAIN meaning it + * wants to be called again when the socket is ready + */ + +static CURLcode wssh_statemach_act(struct connectdata *conn, bool *block) +{ + CURLcode result = CURLE_OK; + struct ssh_conn *sshc = &conn->proto.sshc; + struct Curl_easy *data = conn->data; + struct SSHPROTO *sftp_scp = data->req.protop; + WS_SFTPNAME *name; + int rc = 0; + *block = FALSE; /* we're not blocking by default */ + + do { + switch(sshc->state) { + case SSH_INIT: + state(conn, SSH_S_STARTUP); + /* FALLTHROUGH */ + case SSH_S_STARTUP: + rc = wolfSSH_connect(sshc->ssh_session); + if(rc != WS_SUCCESS) + rc = wolfSSH_get_error(sshc->ssh_session); + if(rc == WS_WANT_READ) { + *block = TRUE; + conn->waitfor = KEEP_RECV; + return CURLE_OK; + } + else if(rc == WS_WANT_WRITE) { + *block = TRUE; + conn->waitfor = KEEP_SEND; + return CURLE_OK; + } + else if(rc != WS_SUCCESS) { + state(conn, SSH_STOP); + return CURLE_SSH; + } + infof(data, "wolfssh connected!\n"); + state(conn, SSH_STOP); + break; + case SSH_STOP: + break; + + case SSH_SFTP_INIT: + rc = wolfSSH_SFTP_connect(sshc->ssh_session); + if(rc != WS_SUCCESS) + rc = wolfSSH_get_error(sshc->ssh_session); + if(rc == WS_WANT_READ) { + *block = TRUE; + conn->waitfor = KEEP_RECV; + return CURLE_OK; + } + else if(rc == WS_WANT_WRITE) { + *block = TRUE; + conn->waitfor = KEEP_SEND; + return CURLE_OK; + } + else if(rc == WS_SUCCESS) { + infof(data, "wolfssh SFTP connected!\n"); + state(conn, SSH_SFTP_REALPATH); + } + else { + failf(data, "wolfssh SFTP connect error %d", rc); + return CURLE_SSH; + } + break; + case SSH_SFTP_REALPATH: + name = wolfSSH_SFTP_RealPath(sshc->ssh_session, (char *)"."); + rc = wolfSSH_get_error(sshc->ssh_session); + if(rc == WS_WANT_READ) { + *block = TRUE; + conn->waitfor = KEEP_RECV; + return CURLE_OK; + } + else if(rc == WS_WANT_WRITE) { + *block = TRUE; + conn->waitfor = KEEP_SEND; + return CURLE_OK; + } + else if(name && (rc == WS_SUCCESS)) { + sshc->homedir = malloc(name->fSz + 1); + if(!sshc->homedir) { + sshc->actualcode = CURLE_OUT_OF_MEMORY; + } + else { + memcpy(sshc->homedir, name->fName, name->fSz); + sshc->homedir[name->fSz] = 0; + infof(data, "wolfssh SFTP realpath succeeded!\n"); + } + wolfSSH_SFTPNAME_list_free(name); + state(conn, SSH_STOP); + return CURLE_OK; + } + failf(data, "wolfssh SFTP realpath %d", rc); + return CURLE_SSH; + + case SSH_SFTP_QUOTE_INIT: + result = Curl_getworkingpath(conn, sshc->homedir, &sftp_scp->path); + if(result) { + sshc->actualcode = result; + state(conn, SSH_STOP); + break; + } + + if(data->set.quote) { + infof(data, "Sending quote commands\n"); + sshc->quote_item = data->set.quote; + state(conn, SSH_SFTP_QUOTE); + } + else { + state(conn, SSH_SFTP_GETINFO); + } + break; + case SSH_SFTP_GETINFO: + if(data->set.get_filetime) { + state(conn, SSH_SFTP_FILETIME); + } + else { + state(conn, SSH_SFTP_TRANS_INIT); + } + break; + case SSH_SFTP_TRANS_INIT: + if(data->set.upload) + state(conn, SSH_SFTP_UPLOAD_INIT); + else { + if(sftp_scp->path[strlen(sftp_scp->path)-1] == '/') + state(conn, SSH_SFTP_READDIR_INIT); + else + state(conn, SSH_SFTP_DOWNLOAD_INIT); + } + break; + case SSH_SFTP_UPLOAD_INIT: { + word32 flags; + WS_SFTP_FILEATRB createattrs; + if(data->state.resume_from) { + WS_SFTP_FILEATRB attrs; + if(data->state.resume_from < 0) { + rc = wolfSSH_SFTP_STAT(sshc->ssh_session, sftp_scp->path, + &attrs); + if(rc != WS_SUCCESS) + break; + + if(rc) { + data->state.resume_from = 0; + } + else { + curl_off_t size = ((curl_off_t)attrs.sz[1] << 32) | attrs.sz[0]; + if(size < 0) { + failf(data, "Bad file size (%" CURL_FORMAT_CURL_OFF_T ")", size); + return CURLE_BAD_DOWNLOAD_RESUME; + } + data->state.resume_from = size; + } + } + } + + if(data->set.ftp_append) + /* Try to open for append, but create if nonexisting */ + flags = WOLFSSH_FXF_WRITE|WOLFSSH_FXF_CREAT|WOLFSSH_FXF_APPEND; + else if(data->state.resume_from > 0) + /* If we have restart position then open for append */ + flags = WOLFSSH_FXF_WRITE|WOLFSSH_FXF_APPEND; + else + /* Clear file before writing (normal behaviour) */ + flags = WOLFSSH_FXF_WRITE|WOLFSSH_FXF_CREAT|WOLFSSH_FXF_TRUNC; + + memset(&createattrs, 0, sizeof(createattrs)); + createattrs.per = (word32)data->set.new_file_perms; + sshc->handleSz = sizeof(sshc->handle); + rc = wolfSSH_SFTP_Open(sshc->ssh_session, sftp_scp->path, + flags, &createattrs, + sshc->handle, &sshc->handleSz); + if(rc == WS_FATAL_ERROR) + rc = wolfSSH_get_error(sshc->ssh_session); + if(rc == WS_WANT_READ) { + *block = TRUE; + conn->waitfor = KEEP_RECV; + return CURLE_OK; + } + else if(rc == WS_WANT_WRITE) { + *block = TRUE; + conn->waitfor = KEEP_SEND; + return CURLE_OK; + } + else if(rc == WS_SUCCESS) { + infof(data, "wolfssh SFTP open succeeded!\n"); + } + else { + failf(data, "wolfssh SFTP upload open failed: %d", rc); + return CURLE_SSH; + } + state(conn, SSH_SFTP_DOWNLOAD_STAT); + + /* If we have a restart point then we need to seek to the correct + position. */ + if(data->state.resume_from > 0) { + /* Let's read off the proper amount of bytes from the input. */ + int seekerr = CURL_SEEKFUNC_OK; + if(conn->seek_func) { + Curl_set_in_callback(data, true); + seekerr = conn->seek_func(conn->seek_client, data->state.resume_from, + SEEK_SET); + Curl_set_in_callback(data, false); + } + + if(seekerr != CURL_SEEKFUNC_OK) { + curl_off_t passed = 0; + + if(seekerr != CURL_SEEKFUNC_CANTSEEK) { + failf(data, "Could not seek stream"); + return CURLE_FTP_COULDNT_USE_REST; + } + /* seekerr == CURL_SEEKFUNC_CANTSEEK (can't seek to offset) */ + do { + size_t readthisamountnow = + (data->state.resume_from - passed > data->set.buffer_size) ? + (size_t)data->set.buffer_size : + curlx_sotouz(data->state.resume_from - passed); + + size_t actuallyread; + Curl_set_in_callback(data, true); + actuallyread = data->state.fread_func(data->state.buffer, 1, + readthisamountnow, + data->state.in); + Curl_set_in_callback(data, false); + + passed += actuallyread; + if((actuallyread == 0) || (actuallyread > readthisamountnow)) { + /* this checks for greater-than only to make sure that the + CURL_READFUNC_ABORT return code still aborts */ + failf(data, "Failed to read data"); + return CURLE_FTP_COULDNT_USE_REST; + } + } while(passed < data->state.resume_from); + } + + /* now, decrease the size of the read */ + if(data->state.infilesize > 0) { + data->state.infilesize -= data->state.resume_from; + data->req.size = data->state.infilesize; + Curl_pgrsSetUploadSize(data, data->state.infilesize); + } + + sshc->offset += data->state.resume_from; + } + if(data->state.infilesize > 0) { + data->req.size = data->state.infilesize; + Curl_pgrsSetUploadSize(data, data->state.infilesize); + } + /* upload data */ + Curl_setup_transfer(data, -1, -1, FALSE, FIRSTSOCKET); + + /* not set by Curl_setup_transfer to preserve keepon bits */ + conn->sockfd = conn->writesockfd; + + if(result) { + state(conn, SSH_SFTP_CLOSE); + sshc->actualcode = result; + } + else { + /* store this original bitmask setup to use later on if we can't + figure out a "real" bitmask */ + sshc->orig_waitfor = data->req.keepon; + + /* we want to use the _sending_ function even when the socket turns + out readable as the underlying libssh2 sftp send function will deal + with both accordingly */ + conn->cselect_bits = CURL_CSELECT_OUT; + + /* since we don't really wait for anything at this point, we want the + state machine to move on as soon as possible so we set a very short + timeout here */ + Curl_expire(data, 0, EXPIRE_RUN_NOW); + + state(conn, SSH_STOP); + } + break; + } + case SSH_SFTP_DOWNLOAD_INIT: + sshc->handleSz = sizeof(sshc->handle); + rc = wolfSSH_SFTP_Open(sshc->ssh_session, sftp_scp->path, + WOLFSSH_FXF_READ, NULL, + sshc->handle, &sshc->handleSz); + if(rc == WS_FATAL_ERROR) + rc = wolfSSH_get_error(sshc->ssh_session); + if(rc == WS_WANT_READ) { + *block = TRUE; + conn->waitfor = KEEP_RECV; + return CURLE_OK; + } + else if(rc == WS_WANT_WRITE) { + *block = TRUE; + conn->waitfor = KEEP_SEND; + return CURLE_OK; + } + else if(rc == WS_SUCCESS) { + infof(data, "wolfssh SFTP open succeeded!\n"); + state(conn, SSH_SFTP_DOWNLOAD_STAT); + return CURLE_OK; + } + + failf(data, "wolfssh SFTP open failed: %d", rc); + return CURLE_SSH; + + case SSH_SFTP_DOWNLOAD_STAT: { + WS_SFTP_FILEATRB attrs; + curl_off_t size; + + rc = wolfSSH_SFTP_STAT(sshc->ssh_session, sftp_scp->path, &attrs); + if(rc == WS_FATAL_ERROR) + rc = wolfSSH_get_error(sshc->ssh_session); + if(rc == WS_WANT_READ) { + *block = TRUE; + conn->waitfor = KEEP_RECV; + return CURLE_OK; + } + else if(rc == WS_WANT_WRITE) { + *block = TRUE; + conn->waitfor = KEEP_SEND; + return CURLE_OK; + } + else if(rc == WS_SUCCESS) { + infof(data, "wolfssh STAT succeeded!\n"); + } + else { + failf(data, "wolfssh SFTP open failed: %d", rc); + data->req.size = -1; + data->req.maxdownload = -1; + Curl_pgrsSetDownloadSize(data, -1); + return CURLE_SSH; + } + + size = ((curl_off_t)attrs.sz[1] <<32) | attrs.sz[0]; + + data->req.size = size; + data->req.maxdownload = size; + Curl_pgrsSetDownloadSize(data, size); + + infof(data, "SFTP download %" CURL_FORMAT_CURL_OFF_T " bytes\n", size); + + /* We cannot seek with wolfSSH so resuming and range requests are not + possible */ + if(conn->data->state.use_range || data->state.resume_from) { + infof(data, "wolfSSH cannot do range/seek on SFTP\n"); + return CURLE_BAD_DOWNLOAD_RESUME; + } + + /* Setup the actual download */ + if(data->req.size == 0) { + /* no data to transfer */ + Curl_setup_transfer(data, -1, -1, FALSE, -1); + infof(data, "File already completely downloaded\n"); + state(conn, SSH_STOP); + break; + } + Curl_setup_transfer(data, FIRSTSOCKET, data->req.size, FALSE, -1); + + /* not set by Curl_setup_transfer to preserve keepon bits */ + conn->writesockfd = conn->sockfd; + + /* we want to use the _receiving_ function even when the socket turns + out writableable as the underlying libssh2 recv function will deal + with both accordingly */ + conn->cselect_bits = CURL_CSELECT_IN; + + if(result) { + /* this should never occur; the close state should be entered + at the time the error occurs */ + state(conn, SSH_SFTP_CLOSE); + sshc->actualcode = result; + } + else { + state(conn, SSH_STOP); + } + break; + } + case SSH_SFTP_CLOSE: + if(sshc->handleSz) + rc = wolfSSH_SFTP_Close(sshc->ssh_session, sshc->handle, + sshc->handleSz); + else + rc = WS_SUCCESS; /* directory listing */ + if(rc == WS_WANT_READ) { + *block = TRUE; + conn->waitfor = KEEP_RECV; + return CURLE_OK; + } + else if(rc == WS_WANT_WRITE) { + *block = TRUE; + conn->waitfor = KEEP_SEND; + return CURLE_OK; + } + else if(rc == WS_SUCCESS) { + state(conn, SSH_STOP); + return CURLE_OK; + } + + failf(data, "wolfssh SFTP CLOSE failed: %d", rc); + return CURLE_SSH; + + case SSH_SFTP_READDIR_INIT: + Curl_pgrsSetDownloadSize(data, -1); + if(data->set.opt_no_body) { + state(conn, SSH_STOP); + break; + } + state(conn, SSH_SFTP_READDIR); + /* FALLTHROUGH */ + case SSH_SFTP_READDIR: + name = wolfSSH_SFTP_LS(sshc->ssh_session, sftp_scp->path); + if(!name) + rc = wolfSSH_get_error(sshc->ssh_session); + else + rc = WS_SUCCESS; + + if(rc == WS_WANT_READ) { + *block = TRUE; + conn->waitfor = KEEP_RECV; + return CURLE_OK; + } + else if(rc == WS_WANT_WRITE) { + *block = TRUE; + conn->waitfor = KEEP_SEND; + return CURLE_OK; + } + else if(name && (rc == WS_SUCCESS)) { + WS_SFTPNAME *origname = name; + result = CURLE_OK; + while(name) { + char *line = aprintf("%s\n", + data->set.ftp_list_only ? + name->fName : name->lName); + if(line == NULL) { + state(conn, SSH_SFTP_CLOSE); + sshc->actualcode = CURLE_OUT_OF_MEMORY; + break; + } + result = Curl_client_write(conn, CLIENTWRITE_BODY, + line, strlen(line)); + free(line); + if(result) { + sshc->actualcode = result; + break; + } + name = name->next; + } + wolfSSH_SFTPNAME_list_free(origname); + state(conn, SSH_STOP); + return result; + } + failf(data, "wolfssh SFTP ls failed: %d", rc); + return CURLE_SSH; + + case SSH_SFTP_SHUTDOWN: + Curl_safefree(sshc->homedir); + wolfSSH_free(sshc->ssh_session); + wolfSSH_CTX_free(sshc->ctx); + state(conn, SSH_STOP); + return CURLE_OK; + default: + break; + } + } while(!rc && (sshc->state != SSH_STOP)); + return result; +} + +/* called repeatedly until done from multi.c */ +static CURLcode wssh_multi_statemach(struct connectdata *conn, bool *done) +{ + struct ssh_conn *sshc = &conn->proto.sshc; + CURLcode result = CURLE_OK; + bool block; /* we store the status and use that to provide a ssh_getsock() + implementation */ + do { + result = wssh_statemach_act(conn, &block); + *done = (sshc->state == SSH_STOP) ? TRUE : FALSE; + /* if there's no error, it isn't done and it didn't EWOULDBLOCK, then + try again */ + if(*done) { + DEBUGF(infof(conn->data, "wssh_statemach_act says DONE\n")); + } + } while(!result && !*done && !block); + + return result; +} + +static +CURLcode wscp_perform(struct connectdata *conn, + bool *connected, + bool *dophase_done) +{ + (void)conn; + (void)connected; + (void)dophase_done; + return CURLE_OK; +} + +static +CURLcode wsftp_perform(struct connectdata *conn, + bool *connected, + bool *dophase_done) +{ + CURLcode result = CURLE_OK; + + DEBUGF(infof(conn->data, "DO phase starts\n")); + + *dophase_done = FALSE; /* not done yet */ + + /* start the first command in the DO phase */ + state(conn, SSH_SFTP_QUOTE_INIT); + + /* run the state-machine */ + result = wssh_multi_statemach(conn, dophase_done); + + *connected = conn->bits.tcpconnect[FIRSTSOCKET]; + + if(*dophase_done) { + DEBUGF(infof(conn->data, "DO phase is complete\n")); + } + + return result; +} + +/* + * The DO function is generic for both protocols. + */ +static CURLcode wssh_do(struct connectdata *conn, bool *done) +{ + CURLcode result; + bool connected = 0; + struct Curl_easy *data = conn->data; + struct ssh_conn *sshc = &conn->proto.sshc; + + *done = FALSE; /* default to false */ + data->req.size = -1; /* make sure this is unknown at this point */ + sshc->actualcode = CURLE_OK; /* reset error code */ + sshc->secondCreateDirs = 0; /* reset the create dir attempt state + variable */ + + Curl_pgrsSetUploadCounter(data, 0); + Curl_pgrsSetDownloadCounter(data, 0); + Curl_pgrsSetUploadSize(data, -1); + Curl_pgrsSetDownloadSize(data, -1); + + if(conn->handler->protocol & CURLPROTO_SCP) + result = wscp_perform(conn, &connected, done); + else + result = wsftp_perform(conn, &connected, done); + + return result; +} + +static CURLcode wssh_block_statemach(struct connectdata *conn, + bool disconnect) +{ + struct ssh_conn *sshc = &conn->proto.sshc; + CURLcode result = CURLE_OK; + struct Curl_easy *data = conn->data; + + while((sshc->state != SSH_STOP) && !result) { + bool block; + timediff_t left = 1000; + struct curltime now = Curl_now(); + + result = wssh_statemach_act(conn, &block); + if(result) + break; + + if(!disconnect) { + if(Curl_pgrsUpdate(conn)) + return CURLE_ABORTED_BY_CALLBACK; + + result = Curl_speedcheck(data, now); + if(result) + break; + + left = Curl_timeleft(data, NULL, FALSE); + if(left < 0) { + failf(data, "Operation timed out"); + return CURLE_OPERATION_TIMEDOUT; + } + } + + if(!result) { + int dir = conn->waitfor; + curl_socket_t sock = conn->sock[FIRSTSOCKET]; + curl_socket_t fd_read = CURL_SOCKET_BAD; + curl_socket_t fd_write = CURL_SOCKET_BAD; + if(dir == KEEP_RECV) + fd_read = sock; + else if(dir == KEEP_SEND) + fd_write = sock; + + /* wait for the socket to become ready */ + (void)Curl_socket_check(fd_read, CURL_SOCKET_BAD, fd_write, + left>1000?1000:left); /* ignore result */ + } + } + + return result; +} + +/* generic done function for both SCP and SFTP called from their specific + done functions */ +static CURLcode wssh_done(struct connectdata *conn, CURLcode status) +{ + CURLcode result = CURLE_OK; + struct SSHPROTO *sftp_scp = conn->data->req.protop; + + if(!status) { + /* run the state-machine */ + result = wssh_block_statemach(conn, FALSE); + } + else + result = status; + + if(sftp_scp) + Curl_safefree(sftp_scp->path); + if(Curl_pgrsDone(conn)) + return CURLE_ABORTED_BY_CALLBACK; + + conn->data->req.keepon = 0; /* clear all bits */ + return result; +} + +#if 0 +static CURLcode wscp_done(struct connectdata *conn, + CURLcode code, bool premature) +{ + CURLcode result = CURLE_OK; + (void)conn; + (void)code; + (void)premature; + + return result; +} + +static CURLcode wscp_doing(struct connectdata *conn, + bool *dophase_done) +{ + CURLcode result = CURLE_OK; + (void)conn; + (void)dophase_done; + + return result; +} + +static CURLcode wscp_disconnect(struct connectdata *conn, bool dead_connection) +{ + CURLcode result = CURLE_OK; + (void)conn; + (void)dead_connection; + + return result; +} +#endif + +static CURLcode wsftp_done(struct connectdata *conn, + CURLcode code, bool premature) +{ + (void)premature; + state(conn, SSH_SFTP_CLOSE); + + return wssh_done(conn, code); +} + +static CURLcode wsftp_doing(struct connectdata *conn, + bool *dophase_done) +{ + CURLcode result = wssh_multi_statemach(conn, dophase_done); + + if(*dophase_done) { + DEBUGF(infof(conn->data, "DO phase is complete\n")); + } + return result; +} + +static CURLcode wsftp_disconnect(struct connectdata *conn, bool dead) +{ + CURLcode result = CURLE_OK; + (void)dead; + + DEBUGF(infof(conn->data, "SSH DISCONNECT starts now\n")); + + if(conn->proto.sshc.ssh_session) { + /* only if there's a session still around to use! */ + state(conn, SSH_SFTP_SHUTDOWN); + result = wssh_block_statemach(conn, TRUE); + } + + DEBUGF(infof(conn->data, "SSH DISCONNECT is done\n")); + return result; +} + +static int wssh_getsock(struct connectdata *conn, + curl_socket_t *sock) +{ + return wssh_perform_getsock(conn, sock); +} + +static int wssh_perform_getsock(const struct connectdata *conn, + curl_socket_t *sock) +{ + int bitmap = GETSOCK_BLANK; + int dir = conn->waitfor; + sock[0] = conn->sock[FIRSTSOCKET]; + + if(dir == KEEP_RECV) + bitmap |= GETSOCK_READSOCK(FIRSTSOCKET); + else if(dir == KEEP_SEND) + bitmap |= GETSOCK_WRITESOCK(FIRSTSOCKET); + + return bitmap; +} + +size_t Curl_ssh_version(char *buffer, size_t buflen) +{ + return msnprintf(buffer, buflen, "wolfssh/%s", LIBWOLFSSH_VERSION_STRING); +} + +CURLcode Curl_ssh_init(void) +{ + if(WS_SUCCESS != wolfSSH_Init()) { + DEBUGF(fprintf(stderr, "Error: wolfSSH_Init failed\n")); + return CURLE_FAILED_INIT; + } + + return CURLE_OK; +} +void Curl_ssh_cleanup(void) +{ +} + +#endif /* USE_WOLFSSH */ diff --git a/libs/libcurl/src/vtls/gtls.c b/libs/libcurl/src/vtls/gtls.c index 3737d7c685..5f740eeba1 100644 --- a/libs/libcurl/src/vtls/gtls.c +++ b/libs/libcurl/src/vtls/gtls.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -666,6 +666,10 @@ gtls_connect_step1(struct connectdata *conn, /* Initialize TLS session as a client */ init_flags = GNUTLS_CLIENT; +#if defined(GNUTLS_FORCE_CLIENT_CERT) + init_flags |= GNUTLS_FORCE_CLIENT_CERT; +#endif + #if defined(GNUTLS_NO_TICKETS) /* Disable TLS session tickets */ init_flags |= GNUTLS_NO_TICKETS; diff --git a/libs/libcurl/src/vtls/mbedtls.c b/libs/libcurl/src/vtls/mbedtls.c index e34ec9d13f..f057315f30 100644 --- a/libs/libcurl/src/vtls/mbedtls.c +++ b/libs/libcurl/src/vtls/mbedtls.c @@ -6,7 +6,7 @@ * \___|\___/|_| \_\_____| * * Copyright (C) 2010 - 2011, Hoi-Ho Chan, - * Copyright (C) 2012 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 2012 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -55,7 +55,7 @@ #include "connect.h" /* for the connect timeout */ #include "select.h" #include "multiif.h" -#include "polarssl_threadlock.h" +#include "mbedtls_threadlock.h" /* The last 3 #include files should be in this order */ #include "curl_printf.h" @@ -91,12 +91,12 @@ static int entropy_init_initialized = 0; static void entropy_init_mutex(mbedtls_entropy_context *ctx) { /* lock 0 = entropy_init_mutex() */ - Curl_polarsslthreadlock_lock_function(0); + Curl_mbedtlsthreadlock_lock_function(0); if(entropy_init_initialized == 0) { mbedtls_entropy_init(ctx); entropy_init_initialized = 1; } - Curl_polarsslthreadlock_unlock_function(0); + Curl_mbedtlsthreadlock_unlock_function(0); } /* end of entropy_init_mutex() */ @@ -105,9 +105,9 @@ static int entropy_func_mutex(void *data, unsigned char *output, size_t len) { int ret; /* lock 1 = entropy_func_mutex() */ - Curl_polarsslthreadlock_lock_function(1); + Curl_mbedtlsthreadlock_lock_function(1); ret = mbedtls_entropy_func(data, output, len); - Curl_polarsslthreadlock_unlock_function(1); + Curl_mbedtlsthreadlock_unlock_function(1); return ret; } @@ -1017,12 +1017,12 @@ static CURLcode Curl_mbedtls_connect(struct connectdata *conn, int sockindex) */ static int Curl_mbedtls_init(void) { - return Curl_polarsslthreadlock_thread_setup(); + return Curl_mbedtlsthreadlock_thread_setup(); } static void Curl_mbedtls_cleanup(void) { - (void)Curl_polarsslthreadlock_thread_cleanup(); + (void)Curl_mbedtlsthreadlock_thread_cleanup(); } static bool Curl_mbedtls_data_pending(const struct connectdata *conn, diff --git a/libs/libcurl/src/vtls/mbedtls_threadlock.c b/libs/libcurl/src/vtls/mbedtls_threadlock.c new file mode 100644 index 0000000000..4d672f106e --- /dev/null +++ b/libs/libcurl/src/vtls/mbedtls_threadlock.c @@ -0,0 +1,144 @@ +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 2013 - 2020, Daniel Stenberg, , et al. + * Copyright (C) 2010, 2011, Hoi-Ho Chan, + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.haxx.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ +#include "curl_setup.h" + +#if defined(USE_MBEDTLS) && \ + ((defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H)) || \ + (defined(USE_THREADS_WIN32) && defined(HAVE_PROCESS_H))) + +#if defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H) +# include +# define MBEDTLS_MUTEX_T pthread_mutex_t +#elif defined(USE_THREADS_WIN32) && defined(HAVE_PROCESS_H) +# include +# define MBEDTLS_MUTEX_T HANDLE +#endif + +#include "mbedtls_threadlock.h" +#include "curl_printf.h" +#include "curl_memory.h" +/* The last #include file should be: */ +#include "memdebug.h" + +/* number of thread locks */ +#define NUMT 2 + +/* This array will store all of the mutexes available to Mbedtls. */ +static MBEDTLS_MUTEX_T *mutex_buf = NULL; + +int Curl_mbedtlsthreadlock_thread_setup(void) +{ + int i; + + mutex_buf = calloc(NUMT * sizeof(MBEDTLS_MUTEX_T), 1); + if(!mutex_buf) + return 0; /* error, no number of threads defined */ + + for(i = 0; i < NUMT; i++) { + int ret; +#if defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H) + ret = pthread_mutex_init(&mutex_buf[i], NULL); + if(ret) + return 0; /* pthread_mutex_init failed */ +#elif defined(USE_THREADS_WIN32) && defined(HAVE_PROCESS_H) + mutex_buf[i] = CreateMutex(0, FALSE, 0); + if(mutex_buf[i] == 0) + return 0; /* CreateMutex failed */ +#endif /* USE_THREADS_POSIX && HAVE_PTHREAD_H */ + } + + return 1; /* OK */ +} + +int Curl_mbedtlsthreadlock_thread_cleanup(void) +{ + int i; + + if(!mutex_buf) + return 0; /* error, no threads locks defined */ + + for(i = 0; i < NUMT; i++) { + int ret; +#if defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H) + ret = pthread_mutex_destroy(&mutex_buf[i]); + if(ret) + return 0; /* pthread_mutex_destroy failed */ +#elif defined(USE_THREADS_WIN32) && defined(HAVE_PROCESS_H) + ret = CloseHandle(mutex_buf[i]); + if(!ret) + return 0; /* CloseHandle failed */ +#endif /* USE_THREADS_POSIX && HAVE_PTHREAD_H */ + } + free(mutex_buf); + mutex_buf = NULL; + + return 1; /* OK */ +} + +int Curl_mbedtlsthreadlock_lock_function(int n) +{ + if(n < NUMT) { + int ret; +#if defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H) + ret = pthread_mutex_lock(&mutex_buf[n]); + if(ret) { + DEBUGF(fprintf(stderr, + "Error: mbedtlsthreadlock_lock_function failed\n")); + return 0; /* pthread_mutex_lock failed */ + } +#elif defined(USE_THREADS_WIN32) && defined(HAVE_PROCESS_H) + ret = (WaitForSingleObject(mutex_buf[n], INFINITE) == WAIT_FAILED?1:0); + if(ret) { + DEBUGF(fprintf(stderr, + "Error: mbedtlsthreadlock_lock_function failed\n")); + return 0; /* pthread_mutex_lock failed */ + } +#endif /* USE_THREADS_POSIX && HAVE_PTHREAD_H */ + } + return 1; /* OK */ +} + +int Curl_mbedtlsthreadlock_unlock_function(int n) +{ + if(n < NUMT) { + int ret; +#if defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H) + ret = pthread_mutex_unlock(&mutex_buf[n]); + if(ret) { + DEBUGF(fprintf(stderr, + "Error: mbedtlsthreadlock_unlock_function failed\n")); + return 0; /* pthread_mutex_unlock failed */ + } +#elif defined(USE_THREADS_WIN32) && defined(HAVE_PROCESS_H) + ret = ReleaseMutex(mutex_buf[n]); + if(!ret) { + DEBUGF(fprintf(stderr, + "Error: mbedtlsthreadlock_unlock_function failed\n")); + return 0; /* pthread_mutex_lock failed */ + } +#endif /* USE_THREADS_POSIX && HAVE_PTHREAD_H */ + } + return 1; /* OK */ +} + +#endif /* USE_MBEDTLS */ diff --git a/libs/libcurl/src/vtls/mbedtls_threadlock.h b/libs/libcurl/src/vtls/mbedtls_threadlock.h new file mode 100644 index 0000000000..96a787d1a2 --- /dev/null +++ b/libs/libcurl/src/vtls/mbedtls_threadlock.h @@ -0,0 +1,48 @@ +#ifndef HEADER_CURL_MBEDTLS_THREADLOCK_H +#define HEADER_CURL_MBEDTLS_THREADLOCK_H +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 2013 - 2020, Daniel Stenberg, , et al. + * Copyright (C) 2010, Hoi-Ho Chan, + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.haxx.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ +#include "curl_setup.h" + +#ifdef USE_MBEDTLS + +#if (defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H)) || \ + (defined(USE_THREADS_WIN32) && defined(HAVE_PROCESS_H)) + +int Curl_mbedtlsthreadlock_thread_setup(void); +int Curl_mbedtlsthreadlock_thread_cleanup(void); +int Curl_mbedtlsthreadlock_lock_function(int n); +int Curl_mbedtlsthreadlock_unlock_function(int n); + +#else + +#define Curl_mbedtlsthreadlock_thread_setup() 1 +#define Curl_mbedtlsthreadlock_thread_cleanup() 1 +#define Curl_mbedtlsthreadlock_lock_function(x) 1 +#define Curl_mbedtlsthreadlock_unlock_function(x) 1 + +#endif /* USE_THREADS_POSIX || USE_THREADS_WIN32 */ + +#endif /* USE_MBEDTLS */ + +#endif /* HEADER_CURL_MBEDTLS_THREADLOCK_H */ diff --git a/libs/libcurl/src/vtls/openssl.c b/libs/libcurl/src/vtls/openssl.c index 726ff6e7ca..1d09cadca8 100644 --- a/libs/libcurl/src/vtls/openssl.c +++ b/libs/libcurl/src/vtls/openssl.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -2212,7 +2212,6 @@ set_ssl_version_min_max(SSL_CTX *ctx, struct connectdata *conn) curl_ssl_version_max = SSL_CONN_CONFIG(version_max); /* convert cURL max SSL version option to OpenSSL constant */ - ossl_ssl_version_max = 0; switch(curl_ssl_version_max) { case CURL_SSLVERSION_MAX_TLSv1_0: ossl_ssl_version_max = TLS1_VERSION; @@ -3122,28 +3121,25 @@ do { \ } while(0) #endif -static int X509V3_ext(struct Curl_easy *data, +static void X509V3_ext(struct Curl_easy *data, int certnum, CONST_EXTS STACK_OF(X509_EXTENSION) *exts) { int i; - size_t j; if((int)sk_X509_EXTENSION_num(exts) <= 0) /* no extensions, bail out */ - return 1; + return; for(i = 0; i < (int)sk_X509_EXTENSION_num(exts); i++) { ASN1_OBJECT *obj; X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i); BUF_MEM *biomem; - char buf[512]; - char *ptr = buf; char namebuf[128]; BIO *bio_out = BIO_new(BIO_s_mem()); if(!bio_out) - return 1; + return; obj = X509_EXTENSION_get_object(ext); @@ -3153,26 +3149,10 @@ static int X509V3_ext(struct Curl_easy *data, ASN1_STRING_print(bio_out, (ASN1_STRING *)X509_EXTENSION_get_data(ext)); BIO_get_mem_ptr(bio_out, &biomem); - - for(j = 0; j < (size_t)biomem->length; j++) { - const char *sep = ""; - if(biomem->data[j] == '\n') { - sep = ", "; - j++; /* skip the newline */ - }; - while((j<(size_t)biomem->length) && (biomem->data[j] == ' ')) - j++; - if(j<(size_t)biomem->length) - ptr += msnprintf(ptr, sizeof(buf)-(ptr-buf), "%s%c", sep, - biomem->data[j]); - } - - Curl_ssl_push_certinfo(data, certnum, namebuf, buf); - + Curl_ssl_push_certinfo_len(data, certnum, namebuf, biomem->data, + biomem->length); BIO_free(bio_out); - } - return 0; /* all is fine */ } #ifdef OPENSSL_IS_BORINGSSL diff --git a/libs/libcurl/src/vtls/schannel.c b/libs/libcurl/src/vtls/schannel.c index dc58ed0d3b..0818d947a4 100644 --- a/libs/libcurl/src/vtls/schannel.c +++ b/libs/libcurl/src/vtls/schannel.c @@ -718,7 +718,7 @@ schannel_connect_step1(struct connectdata *conn, int sockindex) unsigned short* list_len = NULL; /* The first four bytes will be an unsigned int indicating number - of bytes of data in the rest of the the buffer. */ + of bytes of data in the rest of the buffer. */ extension_len = (unsigned int *)(&alpn_buffer[cur]); cur += sizeof(unsigned int); diff --git a/libs/libcurl/src/vtls/schannel_verify.c b/libs/libcurl/src/vtls/schannel_verify.c index 3a668adc76..e75132cadd 100644 --- a/libs/libcurl/src/vtls/schannel_verify.c +++ b/libs/libcurl/src/vtls/schannel_verify.c @@ -7,7 +7,7 @@ * * Copyright (C) 2012 - 2016, Marc Hoersken, * Copyright (C) 2012, Mark Salisbury, - * Copyright (C) 2012 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 2012 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -293,6 +293,133 @@ cleanup: return result; } +/* + * Returns the number of characters necessary to populate all the host_names. + * If host_names is not NULL, populate it with all the host names. Each string + * in the host_names is null-terminated and the last string is double + * null-terminated. If no DNS names are found, a single null-terminated empty + * string is returned. + */ +static DWORD cert_get_name_string(struct Curl_easy *data, + CERT_CONTEXT *cert_context, + LPTSTR host_names, + DWORD length) +{ + DWORD actual_length = 0; + BOOL compute_content = FALSE; + CERT_INFO *cert_info = NULL; + CERT_EXTENSION *extension = NULL; + CRYPT_DECODE_PARA decode_para = {0, 0, 0}; + CERT_ALT_NAME_INFO *alt_name_info = NULL; + DWORD alt_name_info_size = 0; + BOOL ret_val = FALSE; + LPTSTR current_pos = NULL; + DWORD i; + + /* CERT_NAME_SEARCH_ALL_NAMES_FLAG is available from Windows 8 onwards. */ + if(Curl_verify_windows_version(6, 2, PLATFORM_WINNT, + VERSION_GREATER_THAN_EQUAL)) { +#ifdef CERT_NAME_SEARCH_ALL_NAMES_FLAG + /* CertGetNameString will provide the 8-bit character string without + * any decoding */ + DWORD name_flags = + CERT_NAME_DISABLE_IE4_UTF8_FLAG | CERT_NAME_SEARCH_ALL_NAMES_FLAG; + actual_length = CertGetNameString(cert_context, + CERT_NAME_DNS_TYPE, + name_flags, + NULL, + host_names, + length); + return actual_length; +#endif + } + + compute_content = host_names != NULL && length != 0; + + /* Initialize default return values. */ + actual_length = 1; + if(compute_content) { + *host_names = '\0'; + } + + if(!cert_context) { + failf(data, "schannel: Null certificate context."); + return actual_length; + } + + cert_info = cert_context->pCertInfo; + if(!cert_info) { + failf(data, "schannel: Null certificate info."); + return actual_length; + } + + extension = CertFindExtension(szOID_SUBJECT_ALT_NAME2, + cert_info->cExtension, + cert_info->rgExtension); + if(!extension) { + failf(data, "schannel: CertFindExtension() returned no extension."); + return actual_length; + } + + decode_para.cbSize = sizeof(CRYPT_DECODE_PARA); + + ret_val = + CryptDecodeObjectEx(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, + szOID_SUBJECT_ALT_NAME2, + extension->Value.pbData, + extension->Value.cbData, + CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_NOCOPY_FLAG, + &decode_para, + &alt_name_info, + &alt_name_info_size); + if(!ret_val) { + failf(data, + "schannel: CryptDecodeObjectEx() returned no alternate name " + "information."); + return actual_length; + } + + current_pos = host_names; + + /* Iterate over the alternate names and populate host_names. */ + for(i = 0; i < alt_name_info->cAltEntry; i++) { + const CERT_ALT_NAME_ENTRY *entry = &alt_name_info->rgAltEntry[i]; + wchar_t *dns_w = NULL; + size_t current_length = 0; + + if(entry->dwAltNameChoice != CERT_ALT_NAME_DNS_NAME) { + continue; + } + if(entry->pwszDNSName == NULL) { + infof(data, "schannel: Empty DNS name."); + continue; + } + current_length = wcslen(entry->pwszDNSName) + 1; + if(!compute_content) { + actual_length += (DWORD)current_length; + continue; + } + /* Sanity check to prevent buffer overrun. */ + if((actual_length + current_length) > length) { + failf(data, "schannel: Not enough memory to list all host names."); + break; + } + dns_w = entry->pwszDNSName; + /* pwszDNSName is in ia5 string format and hence doesn't contain any + * non-ascii characters. */ + while(*dns_w != '\0') { + *current_pos++ = (char)(*dns_w++); + } + *current_pos++ = '\0'; + actual_length += (DWORD)current_length; + } + if(compute_content) { + /* Last string has double null-terminator. */ + *current_pos = '\0'; + } + return actual_length; +} + static CURLcode verify_host(struct Curl_easy *data, CERT_CONTEXT *pCertContextServer, const char * const conn_hostname) @@ -303,21 +430,8 @@ static CURLcode verify_host(struct Curl_easy *data, DWORD len = 0; DWORD actual_len = 0; - /* CertGetNameString will provide the 8-bit character string without - * any decoding */ - DWORD name_flags = CERT_NAME_DISABLE_IE4_UTF8_FLAG; - -#ifdef CERT_NAME_SEARCH_ALL_NAMES_FLAG - name_flags |= CERT_NAME_SEARCH_ALL_NAMES_FLAG; -#endif - /* Determine the size of the string needed for the cert hostname */ - len = CertGetNameString(pCertContextServer, - CERT_NAME_DNS_TYPE, - name_flags, - NULL, - NULL, - 0); + len = cert_get_name_string(data, pCertContextServer, NULL, 0); if(len == 0) { failf(data, "schannel: CertGetNameString() returned no " @@ -334,12 +448,8 @@ static CURLcode verify_host(struct Curl_easy *data, result = CURLE_OUT_OF_MEMORY; goto cleanup; } - actual_len = CertGetNameString(pCertContextServer, - CERT_NAME_DNS_TYPE, - name_flags, - NULL, - (LPTSTR) cert_hostname_buff, - len); + actual_len = cert_get_name_string( + data, pCertContextServer, (LPTSTR)cert_hostname_buff, len); /* Sanity check */ if(actual_len != len) { diff --git a/libs/libcurl/src/vtls/sectransp.c b/libs/libcurl/src/vtls/sectransp.c index 4eece89d55..7dd028fb7f 100644 --- a/libs/libcurl/src/vtls/sectransp.c +++ b/libs/libcurl/src/vtls/sectransp.c @@ -6,7 +6,7 @@ * \___|\___/|_| \_\_____| * * Copyright (C) 2012 - 2017, Nick Zitzmann, . - * Copyright (C) 2012 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 2012 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -1164,7 +1164,7 @@ static OSStatus CopyIdentityFromPKCS12File(const char *cPath, * the Keychain. * * As this doesn't match iOS, and apps may not want to see their client - * certificate saved in the the user's keychain, we use SecItemImport + * certificate saved in the user's keychain, we use SecItemImport * with a NULL keychain to avoid importing it. * * This returns a SecCertificateRef from which we can construct a diff --git a/libs/libcurl/src/vtls/vtls.c b/libs/libcurl/src/vtls/vtls.c index c493b15169..dfefa1bd5e 100644 --- a/libs/libcurl/src/vtls/vtls.c +++ b/libs/libcurl/src/vtls/vtls.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -516,7 +516,7 @@ void Curl_ssl_close_all(struct Curl_easy *data) } #if defined(USE_OPENSSL) || defined(USE_GNUTLS) || defined(USE_SCHANNEL) || \ - defined(USE_SECTRANSP) || defined(USE_POLARSSL) || defined(USE_NSS) || \ + defined(USE_SECTRANSP) || defined(USE_NSS) || \ defined(USE_MBEDTLS) || defined(USE_WOLFSSL) || defined(USE_BEARSSL) int Curl_ssl_getsock(struct connectdata *conn, curl_socket_t *socks) { @@ -1183,8 +1183,6 @@ const struct Curl_ssl *Curl_ssl = &Curl_ssl_nss; #elif defined(USE_OPENSSL) &Curl_ssl_openssl; -#elif defined(USE_POLARSSL) - &Curl_ssl_polarssl; #elif defined(USE_SCHANNEL) &Curl_ssl_schannel; #elif defined(USE_MESALINK) @@ -1217,9 +1215,6 @@ static const struct Curl_ssl *available_backends[] = { #if defined(USE_OPENSSL) &Curl_ssl_openssl, #endif -#if defined(USE_POLARSSL) - &Curl_ssl_polarssl, -#endif #if defined(USE_SCHANNEL) &Curl_ssl_schannel, #endif @@ -1236,7 +1231,7 @@ static size_t Curl_multissl_version(char *buffer, size_t size) { static const struct Curl_ssl *selected; static char backends[200]; - static size_t total; + static size_t backends_len; const struct Curl_ssl *current; current = Curl_ssl == &Curl_ssl_multi ? available_backends[0] : Curl_ssl; @@ -1248,27 +1243,32 @@ static size_t Curl_multissl_version(char *buffer, size_t size) selected = current; - for(i = 0; available_backends[i] && p < (end - 4); i++) { - if(i) - *(p++) = ' '; - if(selected != available_backends[i]) - *(p++) = '('; - p += available_backends[i]->version(p, end - p - 2); - if(selected != available_backends[i]) - *(p++) = ')'; + backends[0] = '\0'; + + for(i = 0; available_backends[i]; ++i) { + char vb[200]; + bool paren = (selected != available_backends[i]); + + if(available_backends[i]->version(vb, sizeof(vb))) { + p += msnprintf(p, end - p, "%s%s%s%s", (p != backends ? " " : ""), + (paren ? "(" : ""), vb, (paren ? ")" : "")); + } } - *p = '\0'; - total = p - backends; + + backends_len = p - backends; } - if(size > total) - memcpy(buffer, backends, total + 1); - else { - memcpy(buffer, backends, size - 1); + if(!size) + return 0; + + if(size <= backends_len) { + strncpy(buffer, backends, size - 1); buffer[size - 1] = '\0'; + return size - 1; } - return CURLMIN(size - 1, total); + strcpy(buffer, backends); + return backends_len; } static int multissl_init(const struct Curl_ssl *backend) diff --git a/libs/libcurl/src/vtls/vtls.h b/libs/libcurl/src/vtls/vtls.h index 976cc43601..f58adee6e8 100644 --- a/libs/libcurl/src/vtls/vtls.h +++ b/libs/libcurl/src/vtls/vtls.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -102,7 +102,6 @@ CURLcode Curl_none_md5sum(unsigned char *input, size_t inputlen, #include "gtls.h" /* GnuTLS versions */ #include "nssg.h" /* NSS versions */ #include "gskit.h" /* Global Secure ToolKit versions */ -#include "polarssl.h" /* PolarSSL versions */ #include "wolfssl.h" /* wolfSSL versions */ #include "schannel.h" /* Schannel SSPI version */ #include "sectransp.h" /* SecureTransport (Darwin) version */ diff --git a/libs/libcurl/src/vtls/wolfssl.c b/libs/libcurl/src/vtls/wolfssl.c index 890bcbf797..8c2d3f4a28 100644 --- a/libs/libcurl/src/vtls/wolfssl.c +++ b/libs/libcurl/src/vtls/wolfssl.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -923,7 +923,7 @@ static CURLcode Curl_wolfssl_connect(struct connectdata *conn, int sockindex) static CURLcode Curl_wolfssl_random(struct Curl_easy *data, unsigned char *entropy, size_t length) { - RNG rng; + WC_RNG rng; (void)data; if(wc_InitRng(&rng)) return CURLE_FAILED_INIT; @@ -937,11 +937,11 @@ static CURLcode Curl_wolfssl_random(struct Curl_easy *data, } static CURLcode Curl_wolfssl_sha256sum(const unsigned char *tmp, /* input */ - size_t tmplen, - unsigned char *sha256sum /* output */, - size_t unused) + size_t tmplen, + unsigned char *sha256sum /* output */, + size_t unused) { - Sha256 SHA256pw; + wc_Sha256 SHA256pw; (void)unused; wc_InitSha256(&SHA256pw); wc_Sha256Update(&SHA256pw, tmp, (word32)tmplen); -- cgit v1.2.3